chore(release): publish new version

- @standardnotes/home-server@1.15.6 - @standardnotes/revisions-server@1.27.0 - @standardnotes/syncing-server@1.86.0
feat(revisions): add MongoDB support (#715 )
2026-04-21 05:02:25 -04:00 · 2023-08-29 10:54:17 +00:00 · 2023-08-29 12:19:55 +02:00 · 2023-08-29 08:28:40 +02:00 · 2023-08-28 14:09:12 +00:00 · 2023-08-28 15:34:07 +02:00
510 changed files with 10083 additions and 3486 deletions
@@ -10,7 +10,7 @@ REDIS_HOST=cache
 AUTH_SERVER_ACCESS_TOKEN_AGE=4
 AUTH_SERVER_REFRESH_TOKEN_AGE=10
 AUTH_SERVER_EPHEMERAL_SESSION_AGE=300
-SYNCING_SERVER_REVISIONS_FREQUENCY=5
+SYNCING_SERVER_REVISIONS_FREQUENCY=2
 AUTH_SERVER_LOG_LEVEL=debug
 SYNCING_SERVER_LOG_LEVEL=debug
 FILES_SERVER_LOG_LEVEL=debug
@@ -22,6 +22,12 @@ MYSQL_USER=std_notes_user
 MYSQL_PASSWORD=changeme123
 MYSQL_ROOT_PASSWORD=changeme123

+MONGO_HOST=secondary_db
+MONGO_PORT=27017
+MONGO_USERNAME=standardnotes
+MONGO_PASSWORD=standardnotes
+MONGO_DATABASE=standardnotes
+
 AUTH_JWT_SECRET=f95259c5e441f5a4646d76422cfb3df4c4488842901aa50b6c51b8be2e0040e9
 AUTH_SERVER_ENCRYPTION_SERVER_KEY=1087415dfde3093797f9a7ca93a49e7d7aa1861735eb0d32aae9c303b8c3d060
 VALET_TOKEN_SECRET=4b886819ebe1e908077c6cae96311b48a8416bd60cc91c03060e15bdf6b30d1f
@@ -19,7 +19,12 @@ on:

 jobs:
  e2e:
-    name: (Docker) E2E Test Suite
+    name: (Self Hosting) E2E Test Suite
+    strategy:
+      fail-fast: false
+      matrix:
+        secondary_db_enabled: [true, false]
+        transition_mode_enabled: [true, false]
    runs-on: ubuntu-latest

    services:
@@ -45,19 +50,32 @@ jobs:
      env:
        DB_TYPE: mysql
        CACHE_TYPE: redis
+        SECONDARY_DB_ENABLED: ${{ matrix.secondary_db_enabled }}
+        TRANSITION_MODE_ENABLED: ${{ matrix.transition_mode_enabled }}

    - name: Wait for server to start
      run: docker/is-available.sh http://localhost:3123 $(pwd)/logs

    - name: Run E2E Test Suite
-      run: yarn dlx mocha-headless-chrome --timeout 1200000 -f http://localhost:9001/mocha/test.html
+      run: yarn dlx mocha-headless-chrome --timeout 1800000 -f http://localhost:9001/mocha/test.html
+
+    - name: Show logs on failure
+      if: ${{ failure() }}
+      run: |
+        echo "# Errors:"
+        tail -n 100 logs/*.err
+        echo "# Logs:"
+        tail -n 100 logs/*.log

  e2e-home-server:
    name: (Home Server) E2E Test Suite
    strategy:
+      fail-fast: false
      matrix:
        db_type: [mysql, sqlite]
        cache_type: [redis, memory]
+        secondary_db_enabled: [true, false]
+        transition_mode_enabled: [true, false]

    runs-on: ubuntu-latest

@@ -79,6 +97,14 @@ jobs:
          MYSQL_DATABASE: standardnotes
          MYSQL_USER: standardnotes
          MYSQL_PASSWORD: standardnotes
+      secondary_db:
+        image: mongo:5.0
+        ports:
+          - 27017:27017
+        env:
+          MONGO_INITDB_ROOT_USERNAME: standardnotes
+          MONGO_INITDB_ROOT_PASSWORD: standardnotes
+          MONGO_INITDB_DATABASE: standardnotes

    steps:
    - uses: actions/checkout@v3
@@ -106,20 +132,29 @@ jobs:
        sed -i "s/PSEUDO_KEY_PARAMS_KEY=/PSEUDO_KEY_PARAMS_KEY=$(openssl rand -hex 32)/g" packages/home-server/.env
        sed -i "s/VALET_TOKEN_SECRET=/VALET_TOKEN_SECRET=$(openssl rand -hex 32)/g" packages/home-server/.env
        echo "ACCESS_TOKEN_AGE=4" >> packages/home-server/.env
-        echo "REFRESH_TOKEN_AGE=7" >> packages/home-server/.env
-        echo "REVISIONS_FREQUENCY=5" >> packages/home-server/.env
-        echo "DB_HOST=db" >> packages/home-server/.env
+        echo "REFRESH_TOKEN_AGE=10" >> packages/home-server/.env
+        echo "REVISIONS_FREQUENCY=2" >> packages/home-server/.env
+        echo "DB_HOST=localhost" >> packages/home-server/.env
        echo "DB_PORT=3306" >> packages/home-server/.env
+        echo "DB_DATABASE=standardnotes" >> packages/home-server/.env
+        echo "DB_SQLITE_DATABASE_PATH=homeserver.db" >> packages/home-server/.env
        echo "DB_USERNAME=standardnotes" >> packages/home-server/.env
        echo "DB_PASSWORD=standardnotes" >> packages/home-server/.env
        echo "DB_TYPE=${{ matrix.db_type }}" >> packages/home-server/.env
-        echo "REDIS_URL=redis://cache" >> packages/home-server/.env
+        echo "REDIS_URL=redis://localhost:6379" >> packages/home-server/.env
        echo "CACHE_TYPE=${{ matrix.cache_type }}" >> packages/home-server/.env
+        echo "SECONDARY_DB_ENABLED=${{ matrix.secondary_db_enabled }}" >> packages/home-server/.env
+        echo "TRANSITION_MODE_ENABLED=${{ matrix.transition_mode_enabled }}" >> packages/home-server/.env
+        echo "MONGO_HOST=localhost" >> packages/home-server/.env
+        echo "MONGO_PORT=27017" >> packages/home-server/.env
+        echo "MONGO_DATABASE=standardnotes" >> packages/home-server/.env
+        echo "MONGO_USERNAME=standardnotes" >> packages/home-server/.env
+        echo "MONGO_PASSWORD=standardnotes" >> packages/home-server/.env
        echo "FILES_SERVER_URL=http://localhost:3123" >> packages/home-server/.env
        echo "E2E_TESTING=true" >> packages/home-server/.env

    - name: Run Server
-      run: nohup yarn workspace @standardnotes/home-server start &
+      run: nohup yarn workspace @standardnotes/home-server start > logs/output.log 2>&1 &
      env:
        PORT: 3123

@@ -127,10 +162,8 @@ jobs:
      run: for i in {1..30}; do curl -s http://localhost:3123/healthcheck && break || sleep 1; done

    - name: Run E2E Test Suite
-      run: yarn dlx mocha-headless-chrome --timeout 1200000 -f http://localhost:9001/mocha/test.html
+      run: yarn dlx mocha-headless-chrome --timeout 1800000 -f http://localhost:9001/mocha/test.html

    - name: Show logs on failure
-      if: ${{ failure()}}
-      run: |
-        tail -n 100 logs/*.err
-        tail -n 100 logs/*.log
+      if: ${{ failure() }}
+      run: tail -n 500 logs/output.log
@@ -3602,6 +3602,16 @@ const RAW_RUNTIME_STATE =
        "linkType": "HARD"\
      }]\
    ]],\
+    ["@mongodb-js/saslprep", [\
+      ["npm:1.1.0", {\
+        "packageLocation": "./.yarn/cache/@mongodb-js-saslprep-npm-1.1.0-3906c025b8-2cf6d124d4.zip/node_modules/@mongodb-js/saslprep/",\
+        "packageDependencies": [\
+          ["@mongodb-js/saslprep", "npm:1.1.0"],\
+          ["sparse-bitfield", "npm:3.0.3"]\
+        ],\
+        "linkType": "HARD"\
+      }]\
+    ]],\
    ["@mrleebo/prisma-ast", [\
      ["npm:0.5.2", {\
        "packageLocation": "./.yarn/cache/@mrleebo-prisma-ast-npm-0.5.2-538c9d793e-69a7f3c188.zip/node_modules/@mrleebo/prisma-ast/",\
@@ -4997,6 +5007,7 @@ const RAW_RUNTIME_STATE =
          ["inversify", "npm:6.0.1"],\
          ["inversify-express-utils", "npm:6.4.3"],\
          ["jest", "virtual:fd909b174d079e30b336c4ce72c38a88c1e447767b1a8dd7655e07719a1e31b97807f0931368724fc78897ff15e6a6d00b83316c0f76d11f85111f342e08bb79#npm:29.5.0"],\
+          ["mongodb", "virtual:365b8c88cdf194291829ee28b79556e2328175d26a621363e703848100bea0042e9500db2a1206c9bbc3a4a76a1d169639ef774b2ea3a1a98584a9936b58c6be#npm:6.0.0"],\
          ["mysql2", "npm:3.3.3"],\
          ["newrelic", "npm:10.1.2"],\
          ["npm-check-updates", "npm:16.10.12"],\
@@ -5191,6 +5202,7 @@ const RAW_RUNTIME_STATE =
          ["inversify-express-utils", "npm:6.4.3"],\
          ["jest", "virtual:fd909b174d079e30b336c4ce72c38a88c1e447767b1a8dd7655e07719a1e31b97807f0931368724fc78897ff15e6a6d00b83316c0f76d11f85111f342e08bb79#npm:29.5.0"],\
          ["jsonwebtoken", "npm:9.0.0"],\
+          ["mongodb", "virtual:365b8c88cdf194291829ee28b79556e2328175d26a621363e703848100bea0042e9500db2a1206c9bbc3a4a76a1d169639ef774b2ea3a1a98584a9936b58c6be#npm:6.0.0"],\
          ["mysql2", "npm:3.3.3"],\
          ["newrelic", "npm:10.1.2"],\
          ["nodemon", "npm:2.0.22"],\
@@ -5259,7 +5271,6 @@ const RAW_RUNTIME_STATE =
          ["@standardnotes/domain-events-infra", "workspace:packages/domain-events-infra"],\
          ["@standardnotes/responses", "npm:1.13.27"],\
          ["@standardnotes/security", "workspace:packages/security"],\
-          ["@standardnotes/utils", "npm:1.17.5"],\
          ["@types/cors", "npm:2.8.13"],\
          ["@types/express", "npm:4.17.17"],\
          ["@types/ioredis", "npm:5.0.0"],\
@@ -5870,6 +5881,26 @@ const RAW_RUNTIME_STATE =
        "linkType": "HARD"\
      }]\
    ]],\
+    ["@types/webidl-conversions", [\
+      ["npm:7.0.0", {\
+        "packageLocation": "./.yarn/cache/@types-webidl-conversions-npm-7.0.0-0903313151-86c337dc1e.zip/node_modules/@types/webidl-conversions/",\
+        "packageDependencies": [\
+          ["@types/webidl-conversions", "npm:7.0.0"]\
+        ],\
+        "linkType": "HARD"\
+      }]\
+    ]],\
+    ["@types/whatwg-url", [\
+      ["npm:8.2.2", {\
+        "packageLocation": "./.yarn/cache/@types-whatwg-url-npm-8.2.2-54c5c24e6c-25f20f5649.zip/node_modules/@types/whatwg-url/",\
+        "packageDependencies": [\
+          ["@types/whatwg-url", "npm:8.2.2"],\
+          ["@types/node", "npm:20.2.5"],\
+          ["@types/webidl-conversions", "npm:7.0.0"]\
+        ],\
+        "linkType": "HARD"\
+      }]\
+    ]],\
    ["@types/yargs", [\
      ["npm:17.0.24", {\
        "packageLocation": "./.yarn/cache/@types-yargs-npm-17.0.24-b034cf1d8b-f7811cc0b9.zip/node_modules/@types/yargs/",\
@@ -7075,6 +7106,15 @@ const RAW_RUNTIME_STATE =
        "linkType": "HARD"\
      }]\
    ]],\
+    ["bson", [\
+      ["npm:6.0.0", {\
+        "packageLocation": "./.yarn/cache/bson-npm-6.0.0-7b3cba060e-7290998ee8.zip/node_modules/bson/",\
+        "packageDependencies": [\
+          ["bson", "npm:6.0.0"]\
+        ],\
+        "linkType": "HARD"\
+      }]\
+    ]],\
    ["buffer", [\
      ["npm:5.7.1", {\
        "packageLocation": "./.yarn/cache/buffer-npm-5.7.1-513ef8259e-8e611bed4d.zip/node_modules/buffer/",\
@@ -11933,6 +11973,15 @@ const RAW_RUNTIME_STATE =
        "linkType": "HARD"\
      }]\
    ]],\
+    ["memory-pager", [\
+      ["npm:1.5.0", {\
+        "packageLocation": "./.yarn/cache/memory-pager-npm-1.5.0-46e20e6c81-6b00ff499b.zip/node_modules/memory-pager/",\
+        "packageDependencies": [\
+          ["memory-pager", "npm:1.5.0"]\
+        ],\
+        "linkType": "HARD"\
+      }]\
+    ]],\
    ["meow", [\
      ["npm:8.1.2", {\
        "packageLocation": "./.yarn/cache/meow-npm-8.1.2-bcfe48d4f3-e36c879078.zip/node_modules/meow/",\
@@ -12291,6 +12340,66 @@ const RAW_RUNTIME_STATE =
        "linkType": "HARD"\
      }]\
    ]],\
+    ["mongodb", [\
+      ["npm:6.0.0", {\
+        "packageLocation": "./.yarn/cache/mongodb-npm-6.0.0-7c1e74de91-daec6dc9dc.zip/node_modules/mongodb/",\
+        "packageDependencies": [\
+          ["mongodb", "npm:6.0.0"]\
+        ],\
+        "linkType": "SOFT"\
+      }],\
+      ["virtual:365b8c88cdf194291829ee28b79556e2328175d26a621363e703848100bea0042e9500db2a1206c9bbc3a4a76a1d169639ef774b2ea3a1a98584a9936b58c6be#npm:6.0.0", {\
+        "packageLocation": "./.yarn/__virtual__/mongodb-virtual-789f2eaaac/0/cache/mongodb-npm-6.0.0-7c1e74de91-daec6dc9dc.zip/node_modules/mongodb/",\
+        "packageDependencies": [\
+          ["mongodb", "virtual:365b8c88cdf194291829ee28b79556e2328175d26a621363e703848100bea0042e9500db2a1206c9bbc3a4a76a1d169639ef774b2ea3a1a98584a9936b58c6be#npm:6.0.0"],\
+          ["@aws-sdk/credential-providers", null],\
+          ["@mongodb-js/saslprep", "npm:1.1.0"],\
+          ["@mongodb-js/zstd", null],\
+          ["@types/aws-sdk__credential-providers", null],\
+          ["@types/gcp-metadata", null],\
+          ["@types/kerberos", null],\
+          ["@types/mongodb-client-encryption", null],\
+          ["@types/mongodb-js__zstd", null],\
+          ["@types/snappy", null],\
+          ["@types/socks", null],\
+          ["bson", "npm:6.0.0"],\
+          ["gcp-metadata", null],\
+          ["kerberos", null],\
+          ["mongodb-client-encryption", null],\
+          ["mongodb-connection-string-url", "npm:2.6.0"],\
+          ["snappy", null],\
+          ["socks", null]\
+        ],\
+        "packagePeers": [\
+          "@aws-sdk/credential-providers",\
+          "@mongodb-js/zstd",\
+          "@types/aws-sdk__credential-providers",\
+          "@types/gcp-metadata",\
+          "@types/kerberos",\
+          "@types/mongodb-client-encryption",\
+          "@types/mongodb-js__zstd",\
+          "@types/snappy",\
+          "@types/socks",\
+          "gcp-metadata",\
+          "kerberos",\
+          "mongodb-client-encryption",\
+          "snappy",\
+          "socks"\
+        ],\
+        "linkType": "HARD"\
+      }]\
+    ]],\
+    ["mongodb-connection-string-url", [\
+      ["npm:2.6.0", {\
+        "packageLocation": "./.yarn/cache/mongodb-connection-string-url-npm-2.6.0-af011ba17f-8a9186dd1b.zip/node_modules/mongodb-connection-string-url/",\
+        "packageDependencies": [\
+          ["mongodb-connection-string-url", "npm:2.6.0"],\
+          ["@types/whatwg-url", "npm:8.2.2"],\
+          ["whatwg-url", "npm:11.0.0"]\
+        ],\
+        "linkType": "HARD"\
+      }]\
+    ]],\
    ["ms", [\
      ["npm:2.0.0", {\
        "packageLocation": "./.yarn/cache/ms-npm-2.0.0-9e1101a471-de027828fc.zip/node_modules/ms/",\
@@ -14605,6 +14714,16 @@ const RAW_RUNTIME_STATE =
        "linkType": "HARD"\
      }]\
    ]],\
+    ["sparse-bitfield", [\
+      ["npm:3.0.3", {\
+        "packageLocation": "./.yarn/cache/sparse-bitfield-npm-3.0.3-cb80d0c89f-625ecdf6f4.zip/node_modules/sparse-bitfield/",\
+        "packageDependencies": [\
+          ["sparse-bitfield", "npm:3.0.3"],\
+          ["memory-pager", "npm:1.5.0"]\
+        ],\
+        "linkType": "HARD"\
+      }]\
+    ]],\
    ["spawn-please", [\
      ["npm:2.0.1", {\
        "packageLocation": "./.yarn/cache/spawn-please-npm-2.0.1-265b6b5432-fe19a7ceb5.zip/node_modules/spawn-please/",\
@@ -15247,6 +15366,14 @@ const RAW_RUNTIME_STATE =
          ["tr46", "npm:0.0.3"]\
        ],\
        "linkType": "HARD"\
+      }],\
+      ["npm:3.0.0", {\
+        "packageLocation": "./.yarn/cache/tr46-npm-3.0.0-e1ae1ea7c9-3a481676bf.zip/node_modules/tr46/",\
+        "packageDependencies": [\
+          ["tr46", "npm:3.0.0"],\
+          ["punycode", "npm:2.3.0"]\
+        ],\
+        "linkType": "HARD"\
      }]\
    ]],\
    ["treeverse", [\
@@ -15702,7 +15829,7 @@ const RAW_RUNTIME_STATE =
          ["hdb-pool", null],\
          ["ioredis", null],\
          ["mkdirp", "npm:2.1.6"],\
-          ["mongodb", null],\
+          ["mongodb", "virtual:365b8c88cdf194291829ee28b79556e2328175d26a621363e703848100bea0042e9500db2a1206c9bbc3a4a76a1d169639ef774b2ea3a1a98584a9936b58c6be#npm:6.0.0"],\
          ["mssql", null],\
          ["mysql2", "npm:3.3.3"],\
          ["oracledb", null],\
@@ -16192,6 +16319,13 @@ const RAW_RUNTIME_STATE =
          ["webidl-conversions", "npm:3.0.1"]\
        ],\
        "linkType": "HARD"\
+      }],\
+      ["npm:7.0.0", {\
+        "packageLocation": "./.yarn/cache/webidl-conversions-npm-7.0.0-e8c8e30c68-bdbe11c68c.zip/node_modules/webidl-conversions/",\
+        "packageDependencies": [\
+          ["webidl-conversions", "npm:7.0.0"]\
+        ],\
+        "linkType": "HARD"\
      }]\
    ]],\
    ["webpack", [\
@@ -16250,6 +16384,15 @@ const RAW_RUNTIME_STATE =
      }]\
    ]],\
    ["whatwg-url", [\
+      ["npm:11.0.0", {\
+        "packageLocation": "./.yarn/cache/whatwg-url-npm-11.0.0-073529d93a-ee3a532bfb.zip/node_modules/whatwg-url/",\
+        "packageDependencies": [\
+          ["whatwg-url", "npm:11.0.0"],\
+          ["tr46", "npm:3.0.0"],\
+          ["webidl-conversions", "npm:7.0.0"]\
+        ],\
+        "linkType": "HARD"\
+      }],\
      ["npm:5.0.0", {\
        "packageLocation": "./.yarn/cache/whatwg-url-npm-5.0.0-374fb45e60-bd0cc6b75b.zip/node_modules/whatwg-url/",\
        "packageDependencies": [\
@@ -23,6 +23,8 @@ services:
    environment:
      DB_TYPE: "${DB_TYPE}"
      CACHE_TYPE: "${CACHE_TYPE}"
+      SECONDARY_DB_ENABLED: "${SECONDARY_DB_ENABLED}"
+      TRANSITION_MODE_ENABLED: "${TRANSITION_MODE_ENABLED}"
    container_name: server-ci
    ports:
      - 3123:3000
@@ -61,6 +63,21 @@ services:
    networks:
      - standardnotes_self_hosted

+  secondary_db:
+    image: mongo:5.0
+    container_name: secondary_db-ci
+    expose:
+      - 27017
+    restart: unless-stopped
+    volumes:
+      - ./data/mongo:/data/db
+    environment:
+      MONGO_INITDB_ROOT_USERNAME: standardnotes
+      MONGO_INITDB_ROOT_PASSWORD: standardnotes
+      MONGO_INITDB_DATABASE: standardnotes
+    networks:
+      - standardnotes_self_hosted
+
  cache:
    image: redis:6.0-alpine
    container_name: cache-ci
@@ -2,6 +2,8 @@

 # Setup environment variables

+export MODE="self-hosted"
+
 #########
 # PORTS #
 #########
@@ -63,6 +65,12 @@ fi
 if [ -z "$CACHE_TYPE" ]; then
  export CACHE_TYPE="redis"
 fi
+if [ -z "$SECONDARY_DB_ENABLED" ]; then
+  export SECONDARY_DB_ENABLED=false
+fi
+if [ -z "$TRANSITION_MODE_ENABLED" ]; then
+  export TRANSITION_MODE_ENABLED=false
+fi
 export DB_MIGRATIONS_PATH="dist/migrations/*.js"

 #########
@@ -147,10 +147,16 @@ LINKING_RESULT=$(link_queue_and_topic $SYNCING_SERVER_TOPIC_ARN $SYNCING_SERVER_
 echo "linking done:"
 echo "$LINKING_RESULT"

-echo "linking topic $SYNCING_SERVER_TOPIC_ARN to queue $SYNCING_SERVER_QUEUE_ARN"
-LINKING_RESULT=$(link_queue_and_topic $SYNCING_SERVER_TOPIC_ARN $SYNCING_SERVER_QUEUE_ARN)
+echo "linking topic $FILES_TOPIC_ARN to queue $SYNCING_SERVER_QUEUE_ARN"
+LINKING_RESULT=$(link_queue_and_topic $FILES_TOPIC_ARN $SYNCING_SERVER_QUEUE_ARN)
 echo "linking done:"
 echo "$LINKING_RESULT"
+
+echo "linking topic $SYNCING_SERVER_TOPIC_ARN to queue $AUTH_QUEUE_ARN"
+LINKING_RESULT=$(link_queue_and_topic $SYNCING_SERVER_TOPIC_ARN $AUTH_QUEUE_ARN)
+echo "linking done:"
+echo "$LINKING_RESULT"
+
 echo "linking topic $AUTH_TOPIC_ARN to queue $SYNCING_SERVER_QUEUE_ARN"
 LINKING_RESULT=$(link_queue_and_topic $AUTH_TOPIC_ARN $SYNCING_SERVER_QUEUE_ARN)
 echo "linking done:"
@@ -12,13 +12,15 @@
  },
  "scripts": {
    "lint": "yarn workspaces foreach -p -j 10 --verbose run lint",
+    "lint:fix": "yarn workspaces foreach -p -j 10 --verbose run lint:fix",
    "clean": "yarn workspaces foreach -p --verbose run clean",
    "setup:env": "cp .env.sample .env && yarn workspaces foreach -p --verbose run setup:env",
    "release": "lerna version --conventional-graduate --conventional-commits --yes -m \"chore(release): publish new version\"",
    "publish": "lerna publish from-git --yes --no-verify-access --loglevel verbose",
    "postversion": "./scripts/push-tags-one-by-one.sh",
    "upgrade:snjs": "yarn workspaces foreach --verbose run upgrade:snjs",
-    "e2e": "yarn build packages/home-server && PORT=3123 yarn workspace @standardnotes/home-server start"
+    "e2e": "yarn build packages/home-server && PORT=3123 yarn workspace @standardnotes/home-server start",
+    "start": "yarn build packages/home-server && yarn workspace @standardnotes/home-server start"
  },
  "devDependencies": {
    "@commitlint/cli": "^17.0.2",
@@ -3,6 +3,54 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

+## [2.25.17](https://github.com/standardnotes/server/compare/@standardnotes/analytics@2.25.16...@standardnotes/analytics@2.25.17) (2023-08-24)
+
+**Note:** Version bump only for package @standardnotes/analytics
+
+## [2.25.16](https://github.com/standardnotes/server/compare/@standardnotes/analytics@2.25.15...@standardnotes/analytics@2.25.16) (2023-08-23)
+
+**Note:** Version bump only for package @standardnotes/analytics
+
+## [2.25.15](https://github.com/standardnotes/server/compare/@standardnotes/analytics@2.25.14...@standardnotes/analytics@2.25.15) (2023-08-22)
+
+**Note:** Version bump only for package @standardnotes/analytics
+
+## [2.25.14](https://github.com/standardnotes/server/compare/@standardnotes/analytics@2.25.13...@standardnotes/analytics@2.25.14) (2023-08-18)
+
+**Note:** Version bump only for package @standardnotes/analytics
+
+## [2.25.13](https://github.com/standardnotes/server/compare/@standardnotes/analytics@2.25.12...@standardnotes/analytics@2.25.13) (2023-08-11)
+
+**Note:** Version bump only for package @standardnotes/analytics
+
+## [2.25.12](https://github.com/standardnotes/server/compare/@standardnotes/analytics@2.25.11...@standardnotes/analytics@2.25.12) (2023-08-09)
+
+**Note:** Version bump only for package @standardnotes/analytics
+
+## [2.25.11](https://github.com/standardnotes/server/compare/@standardnotes/analytics@2.25.10...@standardnotes/analytics@2.25.11) (2023-08-09)
+
+**Note:** Version bump only for package @standardnotes/analytics
+
+## [2.25.10](https://github.com/standardnotes/server/compare/@standardnotes/analytics@2.25.9...@standardnotes/analytics@2.25.10) (2023-08-09)
+
+**Note:** Version bump only for package @standardnotes/analytics
+
+## [2.25.9](https://github.com/standardnotes/server/compare/@standardnotes/analytics@2.25.8...@standardnotes/analytics@2.25.9) (2023-08-08)
+
+**Note:** Version bump only for package @standardnotes/analytics
+
+## [2.25.8](https://github.com/standardnotes/server/compare/@standardnotes/analytics@2.25.7...@standardnotes/analytics@2.25.8) (2023-08-03)
+
+**Note:** Version bump only for package @standardnotes/analytics
+
+## [2.25.7](https://github.com/standardnotes/server/compare/@standardnotes/analytics@2.25.6...@standardnotes/analytics@2.25.7) (2023-08-02)
+
+**Note:** Version bump only for package @standardnotes/analytics
+
+## [2.25.6](https://github.com/standardnotes/server/compare/@standardnotes/analytics@2.25.5...@standardnotes/analytics@2.25.6) (2023-07-27)
+
+**Note:** Version bump only for package @standardnotes/analytics
+
 ## [2.25.5](https://github.com/standardnotes/server/compare/@standardnotes/analytics@2.25.4...@standardnotes/analytics@2.25.5) (2023-07-26)

 **Note:** Version bump only for package @standardnotes/analytics
@@ -1,6 +1,6 @@
 {
  "name": "@standardnotes/analytics",
-  "version": "2.25.5",
+  "version": "2.25.17",
  "engines": {
    "node": ">=18.0.0 <21.0.0"
  },
@@ -1,4 +1,4 @@
-MODE=microservice # microservice | home-server
+MODE=microservice # microservice | home-server | self-hosted
 LOG_LEVEL=debug
 NODE_ENV=development
 VERSION=development
@@ -3,6 +3,78 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

+## [1.72.1](https://github.com/standardnotes/api-gateway/compare/@standardnotes/api-gateway@1.72.0...@standardnotes/api-gateway@1.72.1) (2023-08-28)
+
+### Bug Fixes
+
+* allow self hosted to use new model of items ([#714](https://github.com/standardnotes/api-gateway/issues/714)) ([aef9254](https://github.com/standardnotes/api-gateway/commit/aef9254713560c00a90a3e84e3cd94417e8f30d2))
+
+# [1.72.0](https://github.com/standardnotes/api-gateway/compare/@standardnotes/api-gateway@1.71.1...@standardnotes/api-gateway@1.72.0) (2023-08-24)
+
+### Features
+
+* add trigerring items transition and checking status of it ([#707](https://github.com/standardnotes/api-gateway/issues/707)) ([05bb12c](https://github.com/standardnotes/api-gateway/commit/05bb12c97899824f06e6d01d105dec75fc328440))
+
+## [1.71.1](https://github.com/standardnotes/api-gateway/compare/@standardnotes/api-gateway@1.71.0...@standardnotes/api-gateway@1.71.1) (2023-08-23)
+
+**Note:** Version bump only for package @standardnotes/api-gateway
+
+# [1.71.0](https://github.com/standardnotes/api-gateway/compare/@standardnotes/api-gateway@1.70.5...@standardnotes/api-gateway@1.71.0) (2023-08-22)
+
+### Features
+
+* consider shared vault owner quota when uploading files to shared vault ([#704](https://github.com/standardnotes/api-gateway/issues/704)) ([34085ac](https://github.com/standardnotes/api-gateway/commit/34085ac6fb7e61d471bd3b4ae8e72112df25c3ee))
+
+## [1.70.5](https://github.com/standardnotes/api-gateway/compare/@standardnotes/api-gateway@1.70.4...@standardnotes/api-gateway@1.70.5) (2023-08-18)
+
+**Note:** Version bump only for package @standardnotes/api-gateway
+
+## [1.70.4](https://github.com/standardnotes/api-gateway/compare/@standardnotes/api-gateway@1.70.3...@standardnotes/api-gateway@1.70.4) (2023-08-09)
+
+**Note:** Version bump only for package @standardnotes/api-gateway
+
+## [1.70.3](https://github.com/standardnotes/api-gateway/compare/@standardnotes/api-gateway@1.70.2...@standardnotes/api-gateway@1.70.3) (2023-08-09)
+
+**Note:** Version bump only for package @standardnotes/api-gateway
+
+## [1.70.2](https://github.com/standardnotes/api-gateway/compare/@standardnotes/api-gateway@1.70.1...@standardnotes/api-gateway@1.70.2) (2023-08-09)
+
+**Note:** Version bump only for package @standardnotes/api-gateway
+
+## [1.70.1](https://github.com/standardnotes/api-gateway/compare/@standardnotes/api-gateway@1.70.0...@standardnotes/api-gateway@1.70.1) (2023-08-08)
+
+**Note:** Version bump only for package @standardnotes/api-gateway
+
+# [1.70.0](https://github.com/standardnotes/api-gateway/compare/@standardnotes/api-gateway@1.69.3...@standardnotes/api-gateway@1.70.0) (2023-08-07)
+
+### Features
+
+* **syncing-server:** limit shared vaults creation based on role ([#687](https://github.com/standardnotes/api-gateway/issues/687)) ([19b8921](https://github.com/standardnotes/api-gateway/commit/19b8921f286ff8f88c427e8ddd4512a8d61edb4f))
+
+## [1.69.3](https://github.com/standardnotes/api-gateway/compare/@standardnotes/api-gateway@1.69.2...@standardnotes/api-gateway@1.69.3) (2023-08-03)
+
+**Note:** Version bump only for package @standardnotes/api-gateway
+
+## [1.69.2](https://github.com/standardnotes/api-gateway/compare/@standardnotes/api-gateway@1.69.1...@standardnotes/api-gateway@1.69.2) (2023-08-02)
+
+**Note:** Version bump only for package @standardnotes/api-gateway
+
+## [1.69.1](https://github.com/standardnotes/api-gateway/compare/@standardnotes/api-gateway@1.69.0...@standardnotes/api-gateway@1.69.1) (2023-07-31)
+
+### Bug Fixes
+
+* **api-gateway:** remove duplicating req/res objects on return raw response from payments ([79d71ca](https://github.com/standardnotes/api-gateway/commit/79d71ca161cc18135fcd1a83b021662e189b3ddb))
+
+# [1.69.0](https://github.com/standardnotes/api-gateway/compare/@standardnotes/api-gateway@1.68.1...@standardnotes/api-gateway@1.69.0) (2023-07-31)
+
+### Features
+
+* refactor deleting account ([#676](https://github.com/standardnotes/api-gateway/issues/676)) ([0d5dcdd](https://github.com/standardnotes/api-gateway/commit/0d5dcdd8ec2336e41e7604c4157f79a89163ed29))
+
+## [1.68.1](https://github.com/standardnotes/api-gateway/compare/@standardnotes/api-gateway@1.68.0...@standardnotes/api-gateway@1.68.1) (2023-07-27)
+
+**Note:** Version bump only for package @standardnotes/api-gateway
+
 # [1.68.0](https://github.com/standardnotes/api-gateway/compare/@standardnotes/api-gateway@1.67.4...@standardnotes/api-gateway@1.68.0) (2023-07-27)

 ### Features
@@ -46,7 +46,7 @@ void container.load().then((container) => {

  server.setConfig((app) => {
    app.use((_request: Request, response: Response, next: NextFunction) => {
-      response.setHeader('X-API-Gateway-Version', container.get(TYPES.VERSION))
+      response.setHeader('X-API-Gateway-Version', container.get(TYPES.ApiGateway_VERSION))
      next()
    })
    app.use(
@@ -87,7 +87,7 @@ void container.load().then((container) => {
    )
  })

-  const logger: winston.Logger = container.get(TYPES.Logger)
+  const logger: winston.Logger = container.get(TYPES.ApiGateway_Logger)

  server.setErrorConfig((app) => {
    app.use((error: Record<string, unknown>, _request: Request, response: Response, _next: NextFunction) => {
@@ -1,6 +1,6 @@
 {
  "name": "@standardnotes/api-gateway",
-  "version": "1.68.0",
+  "version": "1.72.1",
  "engines": {
    "node": ">=18.0.0 <21.0.0"
  },
@@ -21,6 +21,7 @@
    "clean": "rm -fr dist",
    "build": "tsc --build",
    "lint": "eslint . --ext .ts",
+    "lint:fix": "eslint . --fix --ext .ts",
    "setup:env": "cp .env.sample .env",
    "start": "yarn node dist/bin/server.js",
    "upgrade:snjs": "yarn ncu -u '@standardnotes/*'"
@@ -57,7 +57,7 @@ export class ContainerConfigLoader {
        defaultMeta: { service: 'api-gateway' },
      })
    }
-    container.bind<winston.Logger>(TYPES.Logger).toConstantValue(logger)
+    container.bind<winston.Logger>(TYPES.ApiGateway_Logger).toConstantValue(logger)

    if (!isConfiguredForInMemoryCache) {
      const redisUrl = env.get('REDIS_URL')
@@ -68,36 +68,39 @@ export class ContainerConfigLoader {
      } else {
        redis = new Redis(redisUrl)
      }
-      container.bind(TYPES.Redis).toConstantValue(redis)
+      container.bind(TYPES.ApiGateway_Redis).toConstantValue(redis)
    }

-    container.bind<AxiosInstance>(TYPES.HTTPClient).toConstantValue(axios.create())
+    container.bind<AxiosInstance>(TYPES.ApiGateway_HTTPClient).toConstantValue(axios.create())

    // env vars
-    container.bind(TYPES.SYNCING_SERVER_JS_URL).toConstantValue(env.get('SYNCING_SERVER_JS_URL', true))
-    container.bind(TYPES.AUTH_SERVER_URL).toConstantValue(env.get('AUTH_SERVER_URL', true))
-    container.bind(TYPES.REVISIONS_SERVER_URL).toConstantValue(env.get('REVISIONS_SERVER_URL', true))
-    container.bind(TYPES.EMAIL_SERVER_URL).toConstantValue(env.get('EMAIL_SERVER_URL', true))
-    container.bind(TYPES.PAYMENTS_SERVER_URL).toConstantValue(env.get('PAYMENTS_SERVER_URL', true))
-    container.bind(TYPES.FILES_SERVER_URL).toConstantValue(env.get('FILES_SERVER_URL', true))
-    container.bind(TYPES.WEB_SOCKET_SERVER_URL).toConstantValue(env.get('WEB_SOCKET_SERVER_URL', true))
-    container.bind(TYPES.AUTH_JWT_SECRET).toConstantValue(env.get('AUTH_JWT_SECRET'))
+    container.bind(TYPES.ApiGateway_SYNCING_SERVER_JS_URL).toConstantValue(env.get('SYNCING_SERVER_JS_URL', true))
+    container.bind(TYPES.ApiGateway_AUTH_SERVER_URL).toConstantValue(env.get('AUTH_SERVER_URL', true))
+    container.bind(TYPES.ApiGateway_REVISIONS_SERVER_URL).toConstantValue(env.get('REVISIONS_SERVER_URL', true))
+    container.bind(TYPES.ApiGateway_EMAIL_SERVER_URL).toConstantValue(env.get('EMAIL_SERVER_URL', true))
+    container.bind(TYPES.ApiGateway_PAYMENTS_SERVER_URL).toConstantValue(env.get('PAYMENTS_SERVER_URL', true))
+    container.bind(TYPES.ApiGateway_FILES_SERVER_URL).toConstantValue(env.get('FILES_SERVER_URL', true))
+    container.bind(TYPES.ApiGateway_WEB_SOCKET_SERVER_URL).toConstantValue(env.get('WEB_SOCKET_SERVER_URL', true))
+    container.bind(TYPES.ApiGateway_AUTH_JWT_SECRET).toConstantValue(env.get('AUTH_JWT_SECRET'))
    container
-      .bind(TYPES.HTTP_CALL_TIMEOUT)
+      .bind(TYPES.ApiGateway_HTTP_CALL_TIMEOUT)
      .toConstantValue(env.get('HTTP_CALL_TIMEOUT', true) ? +env.get('HTTP_CALL_TIMEOUT', true) : 60_000)
-    container.bind(TYPES.VERSION).toConstantValue(env.get('VERSION', true) ?? 'development')
-    container.bind(TYPES.CROSS_SERVICE_TOKEN_CACHE_TTL).toConstantValue(+env.get('CROSS_SERVICE_TOKEN_CACHE_TTL', true))
+    container.bind(TYPES.ApiGateway_VERSION).toConstantValue(env.get('VERSION', true) ?? 'development')
+    container
+      .bind(TYPES.ApiGateway_CROSS_SERVICE_TOKEN_CACHE_TTL)
+      .toConstantValue(+env.get('CROSS_SERVICE_TOKEN_CACHE_TTL', true))
+    container.bind(TYPES.ApiGateway_IS_CONFIGURED_FOR_HOME_SERVER).toConstantValue(isConfiguredForHomeServer)

    // Middleware
    container
-      .bind<RequiredCrossServiceTokenMiddleware>(TYPES.RequiredCrossServiceTokenMiddleware)
+      .bind<RequiredCrossServiceTokenMiddleware>(TYPES.ApiGateway_RequiredCrossServiceTokenMiddleware)
      .to(RequiredCrossServiceTokenMiddleware)
    container
-      .bind<OptionalCrossServiceTokenMiddleware>(TYPES.OptionalCrossServiceTokenMiddleware)
+      .bind<OptionalCrossServiceTokenMiddleware>(TYPES.ApiGateway_OptionalCrossServiceTokenMiddleware)
      .to(OptionalCrossServiceTokenMiddleware)
-    container.bind<WebSocketAuthMiddleware>(TYPES.WebSocketAuthMiddleware).to(WebSocketAuthMiddleware)
+    container.bind<WebSocketAuthMiddleware>(TYPES.ApiGateway_WebSocketAuthMiddleware).to(WebSocketAuthMiddleware)
    container
-      .bind<SubscriptionTokenAuthMiddleware>(TYPES.SubscriptionTokenAuthMiddleware)
+      .bind<SubscriptionTokenAuthMiddleware>(TYPES.ApiGateway_SubscriptionTokenAuthMiddleware)
      .to(SubscriptionTokenAuthMiddleware)

    // Services
@@ -106,24 +109,26 @@ export class ContainerConfigLoader {
        throw new Error('Service container is required when configured for home server')
      }
      container
-        .bind<ServiceProxyInterface>(TYPES.ServiceProxy)
+        .bind<ServiceProxyInterface>(TYPES.ApiGateway_ServiceProxy)
        .toConstantValue(
-          new DirectCallServiceProxy(configuration.serviceContainer, container.get(TYPES.FILES_SERVER_URL)),
+          new DirectCallServiceProxy(configuration.serviceContainer, container.get(TYPES.ApiGateway_FILES_SERVER_URL)),
        )
    } else {
-      container.bind<ServiceProxyInterface>(TYPES.ServiceProxy).to(HttpServiceProxy)
+      container.bind<ServiceProxyInterface>(TYPES.ApiGateway_ServiceProxy).to(HttpServiceProxy)
    }
-    container.bind<TimerInterface>(TYPES.Timer).toConstantValue(new Timer())
+    container.bind<TimerInterface>(TYPES.ApiGateway_Timer).toConstantValue(new Timer())

    if (isConfiguredForHomeServer) {
      container
-        .bind<CrossServiceTokenCacheInterface>(TYPES.CrossServiceTokenCache)
-        .toConstantValue(new InMemoryCrossServiceTokenCache(container.get(TYPES.Timer)))
+        .bind<CrossServiceTokenCacheInterface>(TYPES.ApiGateway_CrossServiceTokenCache)
+        .toConstantValue(new InMemoryCrossServiceTokenCache(container.get(TYPES.ApiGateway_Timer)))
    } else {
-      container.bind<CrossServiceTokenCacheInterface>(TYPES.CrossServiceTokenCache).to(RedisCrossServiceTokenCache)
+      container
+        .bind<CrossServiceTokenCacheInterface>(TYPES.ApiGateway_CrossServiceTokenCache)
+        .to(RedisCrossServiceTokenCache)
    }
    container
-      .bind<EndpointResolverInterface>(TYPES.EndpointResolver)
+      .bind<EndpointResolverInterface>(TYPES.ApiGateway_EndpointResolver)
      .toConstantValue(new EndpointResolver(isConfiguredForHomeServer))

    logger.debug('Configuration complete')
@@ -1,29 +1,28 @@
 export const TYPES = {
-  Logger: Symbol.for('Logger'),
-  Redis: Symbol.for('Redis'),
-  HTTPClient: Symbol.for('HTTPClient'),
+  ApiGateway_Logger: Symbol.for('ApiGateway_Logger'),
+  ApiGateway_Redis: Symbol.for('ApiGateway_Redis'),
+  ApiGateway_HTTPClient: Symbol.for('ApiGateway_HTTPClient'),
  // env vars
-  SYNCING_SERVER_JS_URL: Symbol.for('SYNCING_SERVER_JS_URL'),
-  AUTH_SERVER_URL: Symbol.for('AUTH_SERVER_URL'),
-  PAYMENTS_SERVER_URL: Symbol.for('PAYMENTS_SERVER_URL'),
-  FILES_SERVER_URL: Symbol.for('FILES_SERVER_URL'),
-  REVISIONS_SERVER_URL: Symbol.for('REVISIONS_SERVER_URL'),
-  EMAIL_SERVER_URL: Symbol.for('EMAIL_SERVER_URL'),
-  WEB_SOCKET_SERVER_URL: Symbol.for('WEB_SOCKET_SERVER_URL'),
-  AUTH_JWT_SECRET: Symbol.for('AUTH_JWT_SECRET'),
-  HTTP_CALL_TIMEOUT: Symbol.for('HTTP_CALL_TIMEOUT'),
-  VERSION: Symbol.for('VERSION'),
-  CROSS_SERVICE_TOKEN_CACHE_TTL: Symbol.for('CROSS_SERVICE_TOKEN_CACHE_TTL'),
+  ApiGateway_SYNCING_SERVER_JS_URL: Symbol.for('ApiGateway_SYNCING_SERVER_JS_URL'),
+  ApiGateway_AUTH_SERVER_URL: Symbol.for('ApiGateway_AUTH_SERVER_URL'),
+  ApiGateway_PAYMENTS_SERVER_URL: Symbol.for('ApiGateway_PAYMENTS_SERVER_URL'),
+  ApiGateway_FILES_SERVER_URL: Symbol.for('ApiGateway_FILES_SERVER_URL'),
+  ApiGateway_REVISIONS_SERVER_URL: Symbol.for('ApiGateway_REVISIONS_SERVER_URL'),
+  ApiGateway_EMAIL_SERVER_URL: Symbol.for('ApiGateway_EMAIL_SERVER_URL'),
+  ApiGateway_WEB_SOCKET_SERVER_URL: Symbol.for('ApiGateway_WEB_SOCKET_SERVER_URL'),
+  ApiGateway_AUTH_JWT_SECRET: Symbol.for('ApiGateway_AUTH_JWT_SECRET'),
+  ApiGateway_HTTP_CALL_TIMEOUT: Symbol.for('ApiGateway_HTTP_CALL_TIMEOUT'),
+  ApiGateway_VERSION: Symbol.for('ApiGateway_VERSION'),
+  ApiGateway_CROSS_SERVICE_TOKEN_CACHE_TTL: Symbol.for('ApiGateway_CROSS_SERVICE_TOKEN_CACHE_TTL'),
+  ApiGateway_IS_CONFIGURED_FOR_HOME_SERVER: Symbol.for('ApiGateway_IS_CONFIGURED_FOR_HOME_SERVER'),
  // Middleware
-  RequiredCrossServiceTokenMiddleware: Symbol.for('RequiredCrossServiceTokenMiddleware'),
-  OptionalCrossServiceTokenMiddleware: Symbol.for('OptionalCrossServiceTokenMiddleware'),
-  WebSocketAuthMiddleware: Symbol.for('WebSocketAuthMiddleware'),
-  SubscriptionTokenAuthMiddleware: Symbol.for('SubscriptionTokenAuthMiddleware'),
+  ApiGateway_RequiredCrossServiceTokenMiddleware: Symbol.for('ApiGateway_RequiredCrossServiceTokenMiddleware'),
+  ApiGateway_OptionalCrossServiceTokenMiddleware: Symbol.for('ApiGateway_OptionalCrossServiceTokenMiddleware'),
+  ApiGateway_WebSocketAuthMiddleware: Symbol.for('ApiGateway_WebSocketAuthMiddleware'),
+  ApiGateway_SubscriptionTokenAuthMiddleware: Symbol.for('ApiGateway_SubscriptionTokenAuthMiddleware'),
  // Services
-  ServiceProxy: Symbol.for('ServiceProxy'),
-  CrossServiceTokenCache: Symbol.for('CrossServiceTokenCache'),
-  Timer: Symbol.for('Timer'),
-  EndpointResolver: Symbol.for('EndpointResolver'),
+  ApiGateway_ServiceProxy: Symbol.for('ApiGateway_ServiceProxy'),
+  ApiGateway_CrossServiceTokenCache: Symbol.for('ApiGateway_CrossServiceTokenCache'),
+  ApiGateway_Timer: Symbol.for('ApiGateway_Timer'),
+  ApiGateway_EndpointResolver: Symbol.for('ApiGateway_EndpointResolver'),
 }
-
-// export default TYPES
@@ -1,5 +1,4 @@
 import { CrossServiceTokenData } from '@standardnotes/security'
-import { RoleName } from '@standardnotes/domain-core'
 import { TimerInterface } from '@standardnotes/time'
 import { NextFunction, Request, Response } from 'express'
 import { BaseMiddleware } from 'inversify-express-utils'
@@ -28,16 +27,23 @@ export abstract class AuthMiddleware extends BaseMiddleware {
    }

    const authHeaderValue = request.headers.authorization as string
+    const sharedVaultOwnerContextHeaderValue = request.headers['x-shared-vault-owner-context'] as string | undefined
+    const cacheKey = `${authHeaderValue}${
+      sharedVaultOwnerContextHeaderValue ? `:${sharedVaultOwnerContextHeaderValue}` : ''
+    }`

    try {
      let crossServiceTokenFetchedFromCache = true
      let crossServiceToken = null
      if (this.crossServiceTokenCacheTTL) {
-        crossServiceToken = await this.crossServiceTokenCache.get(authHeaderValue)
+        crossServiceToken = await this.crossServiceTokenCache.get(cacheKey)
      }

-      if (crossServiceToken === null) {
-        const authResponse = await this.serviceProxy.validateSession(authHeaderValue)
+      if (this.crossServiceTokenIsEmptyOrRequiresRevalidation(crossServiceToken)) {
+        const authResponse = await this.serviceProxy.validateSession({
+          authorization: authHeaderValue,
+          sharedVaultOwnerContext: sharedVaultOwnerContextHeaderValue,
+        })

        if (!this.handleSessionValidationResponse(authResponse, response, next)) {
          return
@@ -49,16 +55,14 @@ export abstract class AuthMiddleware extends BaseMiddleware {

      response.locals.authToken = crossServiceToken

-      const decodedToken = <CrossServiceTokenData>verify(crossServiceToken, this.jwtSecret, { algorithms: ['HS256'] })
-
-      response.locals.freeUser =
-        decodedToken.roles.length === 1 &&
-        decodedToken.roles.find((role) => role.name === RoleName.NAMES.CoreUser) !== undefined
+      const decodedToken = <CrossServiceTokenData>(
+        verify(response.locals.authToken, this.jwtSecret, { algorithms: ['HS256'] })
+      )

      if (this.crossServiceTokenCacheTTL && !crossServiceTokenFetchedFromCache) {
        await this.crossServiceTokenCache.set({
-          authorizationHeaderValue: authHeaderValue,
-          encodedCrossServiceToken: crossServiceToken,
+          key: cacheKey,
+          encodedCrossServiceToken: response.locals.authToken,
          expiresAtInSeconds: this.getCrossServiceTokenCacheExpireTimestamp(decodedToken),
          userUuid: decodedToken.user.uuid,
        })
@@ -67,6 +71,7 @@ export abstract class AuthMiddleware extends BaseMiddleware {
      response.locals.user = decodedToken.user
      response.locals.session = decodedToken.session
      response.locals.roles = decodedToken.roles
+      response.locals.sharedVaultOwnerContext = decodedToken.shared_vault_owner_context
    } catch (error) {
      const errorMessage = (error as AxiosError).isAxiosError
        ? JSON.stringify((error as AxiosError).response?.data)
@@ -123,4 +128,14 @@ export abstract class AuthMiddleware extends BaseMiddleware {

    return Math.min(crossServiceTokenDefaultCacheExpiration, sessionAccessExpiration, sessionRefreshExpiration)
  }
+
+  private crossServiceTokenIsEmptyOrRequiresRevalidation(crossServiceToken: string | null) {
+    if (crossServiceToken === null) {
+      return true
+    }
+
+    const decodedToken = <CrossServiceTokenData>verify(crossServiceToken, this.jwtSecret, { algorithms: ['HS256'] })
+
+    return decodedToken.ongoing_transition === true
+  }
 }
@@ -9,7 +9,7 @@ export class LegacyController extends BaseHttpController {
  private AUTH_ROUTES: Map<string, string>
  private PARAMETRIZED_AUTH_ROUTES: Map<string, string>

-  constructor(@inject(TYPES.ServiceProxy) private httpService: ServiceProxyInterface) {
+  constructor(@inject(TYPES.ApiGateway_ServiceProxy) private httpService: ServiceProxyInterface) {
    super()

    this.AUTH_ROUTES = new Map([
@@ -29,17 +29,17 @@ export class LegacyController extends BaseHttpController {
    ])
  }

-  @httpPost('/items/sync', TYPES.RequiredCrossServiceTokenMiddleware)
+  @httpPost('/items/sync', TYPES.ApiGateway_RequiredCrossServiceTokenMiddleware)
  async legacyItemsSync(request: Request, response: Response): Promise<void> {
    await this.httpService.callLegacySyncingServer(request, response, request.path.substring(1), request.body)
  }

-  @httpGet('/items/:item_id/revisions', TYPES.RequiredCrossServiceTokenMiddleware)
+  @httpGet('/items/:item_id/revisions', TYPES.ApiGateway_RequiredCrossServiceTokenMiddleware)
  async legacyGetRevisions(request: Request, response: Response): Promise<void> {
    await this.httpService.callLegacySyncingServer(request, response, request.path.substring(1), request.body)
  }

-  @httpGet('/items/:item_id/revisions/:id', TYPES.RequiredCrossServiceTokenMiddleware)
+  @httpGet('/items/:item_id/revisions/:id', TYPES.ApiGateway_RequiredCrossServiceTokenMiddleware)
  async legacyGetRevision(request: Request, response: Response): Promise<void> {
    await this.httpService.callLegacySyncingServer(request, response, request.path.substring(1), request.body)
  }
@@ -11,12 +11,12 @@ import { AuthMiddleware } from './AuthMiddleware'
@injectable()
 export class OptionalCrossServiceTokenMiddleware extends AuthMiddleware {
  constructor(
-    @inject(TYPES.ServiceProxy) serviceProxy: ServiceProxyInterface,
-    @inject(TYPES.AUTH_JWT_SECRET) jwtSecret: string,
-    @inject(TYPES.CROSS_SERVICE_TOKEN_CACHE_TTL) crossServiceTokenCacheTTL: number,
-    @inject(TYPES.CrossServiceTokenCache) crossServiceTokenCache: CrossServiceTokenCacheInterface,
-    @inject(TYPES.Timer) timer: TimerInterface,
-    @inject(TYPES.Logger) logger: Logger,
+    @inject(TYPES.ApiGateway_ServiceProxy) serviceProxy: ServiceProxyInterface,
+    @inject(TYPES.ApiGateway_AUTH_JWT_SECRET) jwtSecret: string,
+    @inject(TYPES.ApiGateway_CROSS_SERVICE_TOKEN_CACHE_TTL) crossServiceTokenCacheTTL: number,
+    @inject(TYPES.ApiGateway_CrossServiceTokenCache) crossServiceTokenCache: CrossServiceTokenCacheInterface,
+    @inject(TYPES.ApiGateway_Timer) timer: TimerInterface,
+    @inject(TYPES.ApiGateway_Logger) logger: Logger,
  ) {
    super(serviceProxy, jwtSecret, crossServiceTokenCacheTTL, crossServiceTokenCache, timer, logger)
  }
@@ -11,12 +11,12 @@ import { AuthMiddleware } from './AuthMiddleware'
@injectable()
 export class RequiredCrossServiceTokenMiddleware extends AuthMiddleware {
  constructor(
-    @inject(TYPES.ServiceProxy) serviceProxy: ServiceProxyInterface,
-    @inject(TYPES.AUTH_JWT_SECRET) jwtSecret: string,
-    @inject(TYPES.CROSS_SERVICE_TOKEN_CACHE_TTL) crossServiceTokenCacheTTL: number,
-    @inject(TYPES.CrossServiceTokenCache) crossServiceTokenCache: CrossServiceTokenCacheInterface,
-    @inject(TYPES.Timer) timer: TimerInterface,
-    @inject(TYPES.Logger) logger: Logger,
+    @inject(TYPES.ApiGateway_ServiceProxy) serviceProxy: ServiceProxyInterface,
+    @inject(TYPES.ApiGateway_AUTH_JWT_SECRET) jwtSecret: string,
+    @inject(TYPES.ApiGateway_CROSS_SERVICE_TOKEN_CACHE_TTL) crossServiceTokenCacheTTL: number,
+    @inject(TYPES.ApiGateway_CrossServiceTokenCache) crossServiceTokenCache: CrossServiceTokenCacheInterface,
+    @inject(TYPES.ApiGateway_Timer) timer: TimerInterface,
+    @inject(TYPES.ApiGateway_Logger) logger: Logger,
  ) {
    super(serviceProxy, jwtSecret, crossServiceTokenCacheTTL, crossServiceTokenCache, timer, logger)
  }
@@ -11,10 +11,10 @@ import { TokenAuthenticationMethod } from './TokenAuthenticationMethod'
@injectable()
 export class SubscriptionTokenAuthMiddleware extends BaseMiddleware {
  constructor(
-    @inject(TYPES.HTTPClient) private httpClient: AxiosInstance,
-    @inject(TYPES.AUTH_SERVER_URL) private authServerUrl: string,
-    @inject(TYPES.AUTH_JWT_SECRET) private jwtSecret: string,
-    @inject(TYPES.Logger) private logger: Logger,
+    @inject(TYPES.ApiGateway_HTTPClient) private httpClient: AxiosInstance,
+    @inject(TYPES.ApiGateway_AUTH_SERVER_URL) private authServerUrl: string,
+    @inject(TYPES.ApiGateway_AUTH_JWT_SECRET) private jwtSecret: string,
+    @inject(TYPES.ApiGateway_Logger) private logger: Logger,
  ) {
    super()
  }
@@ -1,5 +1,4 @@
 import { CrossServiceTokenData } from '@standardnotes/security'
-import { RoleName } from '@standardnotes/domain-core'
 import { NextFunction, Request, Response } from 'express'
 import { inject, injectable } from 'inversify'
 import { BaseMiddleware } from 'inversify-express-utils'
@@ -12,10 +11,10 @@ import { TYPES } from '../Bootstrap/Types'
@injectable()
 export class WebSocketAuthMiddleware extends BaseMiddleware {
  constructor(
-    @inject(TYPES.HTTPClient) private httpClient: AxiosInstance,
-    @inject(TYPES.AUTH_SERVER_URL) private authServerUrl: string,
-    @inject(TYPES.AUTH_JWT_SECRET) private jwtSecret: string,
-    @inject(TYPES.Logger) private logger: Logger,
+    @inject(TYPES.ApiGateway_HTTPClient) private httpClient: AxiosInstance,
+    @inject(TYPES.ApiGateway_AUTH_SERVER_URL) private authServerUrl: string,
+    @inject(TYPES.ApiGateway_AUTH_JWT_SECRET) private jwtSecret: string,
+    @inject(TYPES.ApiGateway_Logger) private logger: Logger,
  ) {
    super()
  }
@@ -60,9 +59,6 @@ export class WebSocketAuthMiddleware extends BaseMiddleware {

      const decodedToken = <CrossServiceTokenData>verify(crossServiceToken, this.jwtSecret, { algorithms: ['HS256'] })

-      response.locals.freeUser =
-        decodedToken.roles.length === 1 &&
-        decodedToken.roles.find((role) => role.name === RoleName.NAMES.CoreUser) !== undefined
      response.locals.user = decodedToken.user
      response.locals.roles = decodedToken.roles
    } catch (error) {
@@ -8,8 +8,8 @@ import { EndpointResolverInterface } from '../../Service/Resolver/EndpointResolv
@controller('/v1')
 export class ActionsController extends BaseHttpController {
  constructor(
-    @inject(TYPES.ServiceProxy) private serviceProxy: ServiceProxyInterface,
-    @inject(TYPES.EndpointResolver) private endpointResolver: EndpointResolverInterface,
+    @inject(TYPES.ApiGateway_ServiceProxy) private serviceProxy: ServiceProxyInterface,
+    @inject(TYPES.ApiGateway_EndpointResolver) private endpointResolver: EndpointResolverInterface,
  ) {
    super()
  }
@@ -24,7 +24,7 @@ export class ActionsController extends BaseHttpController {
    )
  }

-  @httpGet('/login-params', TYPES.OptionalCrossServiceTokenMiddleware)
+  @httpGet('/login-params', TYPES.ApiGateway_OptionalCrossServiceTokenMiddleware)
  async loginParams(request: Request, response: Response): Promise<void> {
    await this.serviceProxy.callAuthServer(
      request,
@@ -34,7 +34,7 @@ export class ActionsController extends BaseHttpController {
    )
  }

-  @httpPost('/logout', TYPES.OptionalCrossServiceTokenMiddleware)
+  @httpPost('/logout', TYPES.ApiGateway_OptionalCrossServiceTokenMiddleware)
  async logout(request: Request, response: Response): Promise<void> {
    await this.serviceProxy.callAuthServer(
      request,
@@ -54,7 +54,7 @@ export class ActionsController extends BaseHttpController {
    )
  }

-  @httpPost('/recovery/codes', TYPES.RequiredCrossServiceTokenMiddleware)
+  @httpPost('/recovery/codes', TYPES.ApiGateway_RequiredCrossServiceTokenMiddleware)
  async recoveryCodes(request: Request, response: Response): Promise<void> {
    await this.serviceProxy.callAuthServer(
      request,
@@ -9,13 +9,13 @@ import { EndpointResolverInterface } from '../../Service/Resolver/EndpointResolv
@controller('/v1/authenticators')
 export class AuthenticatorsController extends BaseHttpController {
  constructor(
-    @inject(TYPES.ServiceProxy) private httpService: ServiceProxyInterface,
-    @inject(TYPES.EndpointResolver) private endpointResolver: EndpointResolverInterface,
+    @inject(TYPES.ApiGateway_ServiceProxy) private httpService: ServiceProxyInterface,
+    @inject(TYPES.ApiGateway_EndpointResolver) private endpointResolver: EndpointResolverInterface,
  ) {
    super()
  }

-  @httpDelete('/:authenticatorId', TYPES.RequiredCrossServiceTokenMiddleware)
+  @httpDelete('/:authenticatorId', TYPES.ApiGateway_RequiredCrossServiceTokenMiddleware)
  async delete(request: Request, response: Response): Promise<void> {
    await this.httpService.callAuthServer(
      request,
@@ -29,7 +29,7 @@ export class AuthenticatorsController extends BaseHttpController {
    )
  }

-  @httpGet('/', TYPES.RequiredCrossServiceTokenMiddleware)
+  @httpGet('/', TYPES.ApiGateway_RequiredCrossServiceTokenMiddleware)
  async list(request: Request, response: Response): Promise<void> {
    await this.httpService.callAuthServer(
      request,
@@ -39,7 +39,7 @@ export class AuthenticatorsController extends BaseHttpController {
    )
  }

-  @httpGet('/generate-registration-options', TYPES.RequiredCrossServiceTokenMiddleware)
+  @httpGet('/generate-registration-options', TYPES.ApiGateway_RequiredCrossServiceTokenMiddleware)
  async generateRegistrationOptions(request: Request, response: Response): Promise<void> {
    await this.httpService.callAuthServer(
      request,
@@ -59,7 +59,7 @@ export class AuthenticatorsController extends BaseHttpController {
    )
  }

-  @httpPost('/verify-registration', TYPES.RequiredCrossServiceTokenMiddleware)
+  @httpPost('/verify-registration', TYPES.ApiGateway_RequiredCrossServiceTokenMiddleware)
  async verifyRegistration(request: Request, response: Response): Promise<void> {
    await this.httpService.callAuthServer(
      request,
@@ -9,13 +9,13 @@ import { EndpointResolverInterface } from '../../Service/Resolver/EndpointResolv
@controller('/v1/files')
 export class FilesController extends BaseHttpController {
  constructor(
-    @inject(TYPES.ServiceProxy) private httpService: ServiceProxyInterface,
-    @inject(TYPES.EndpointResolver) private endpointResolver: EndpointResolverInterface,
+    @inject(TYPES.ApiGateway_ServiceProxy) private httpService: ServiceProxyInterface,
+    @inject(TYPES.ApiGateway_EndpointResolver) private endpointResolver: EndpointResolverInterface,
  ) {
    super()
  }

-  @httpPost('/valet-tokens', TYPES.RequiredCrossServiceTokenMiddleware)
+  @httpPost('/valet-tokens', TYPES.ApiGateway_RequiredCrossServiceTokenMiddleware)
  async createToken(request: Request, response: Response): Promise<void> {
    await this.httpService.callAuthServer(
      request,
@@ -6,11 +6,11 @@ import { ServiceProxyInterface } from '../../Service/Http/ServiceProxyInterface'

@controller('/v1')
 export class InvoicesController extends BaseHttpController {
-  constructor(@inject(TYPES.ServiceProxy) private httpService: ServiceProxyInterface) {
+  constructor(@inject(TYPES.ApiGateway_ServiceProxy) private httpService: ServiceProxyInterface) {
    super()
  }

-  @httpPost('/invoices/send-latest', TYPES.SubscriptionTokenAuthMiddleware)
+  @httpPost('/invoices/send-latest', TYPES.ApiGateway_SubscriptionTokenAuthMiddleware)
  async sendLatestInvoice(request: Request, response: Response): Promise<void> {
    await this.httpService.callPaymentsServer(request, response, 'api/pro_users/send-invoice', request.body)
  }
@@ -5,11 +5,11 @@ import { TYPES } from '../../Bootstrap/Types'
 import { ServiceProxyInterface } from '../../Service/Http/ServiceProxyInterface'
 import { EndpointResolverInterface } from '../../Service/Resolver/EndpointResolverInterface'

-@controller('/v1/items', TYPES.RequiredCrossServiceTokenMiddleware)
+@controller('/v1/items', TYPES.ApiGateway_RequiredCrossServiceTokenMiddleware)
 export class ItemsController extends BaseHttpController {
  constructor(
-    @inject(TYPES.ServiceProxy) private serviceProxy: ServiceProxyInterface,
-    @inject(TYPES.EndpointResolver) private endpointResolver: EndpointResolverInterface,
+    @inject(TYPES.ApiGateway_ServiceProxy) private serviceProxy: ServiceProxyInterface,
+    @inject(TYPES.ApiGateway_EndpointResolver) private endpointResolver: EndpointResolverInterface,
  ) {
    super()
  }
@@ -34,6 +34,16 @@ export class ItemsController extends BaseHttpController {
    )
  }

+  @httpPost('/transition')
+  async transition(request: Request, response: Response): Promise<void> {
+    await this.serviceProxy.callSyncingServer(
+      request,
+      response,
+      this.endpointResolver.resolveEndpointOrMethodIdentifier('POST', 'items/transition'),
+      request.body,
+    )
+  }
+
  @httpGet('/:uuid')
  async getItem(request: Request, response: Response): Promise<void> {
    await this.serviceProxy.callSyncingServer(
@@ -5,11 +5,11 @@ import { TYPES } from '../../Bootstrap/Types'
 import { ServiceProxyInterface } from '../../Service/Http/ServiceProxyInterface'
 import { EndpointResolverInterface } from '../../Service/Resolver/EndpointResolverInterface'

-@controller('/v1/messages', TYPES.RequiredCrossServiceTokenMiddleware)
+@controller('/v1/messages', TYPES.ApiGateway_RequiredCrossServiceTokenMiddleware)
 export class MessagesController extends BaseHttpController {
  constructor(
-    @inject(TYPES.ServiceProxy) private httpService: ServiceProxyInterface,
-    @inject(TYPES.EndpointResolver) private endpointResolver: EndpointResolverInterface,
+    @inject(TYPES.ApiGateway_ServiceProxy) private httpService: ServiceProxyInterface,
+    @inject(TYPES.ApiGateway_EndpointResolver) private endpointResolver: EndpointResolverInterface,
  ) {
    super()
  }
@@ -9,8 +9,8 @@ import { EndpointResolverInterface } from '../../Service/Resolver/EndpointResolv
@controller('/v1/offline')
 export class OfflineController extends BaseHttpController {
  constructor(
-    @inject(TYPES.ServiceProxy) private httpService: ServiceProxyInterface,
-    @inject(TYPES.EndpointResolver) private endpointResolver: EndpointResolverInterface,
+    @inject(TYPES.ApiGateway_ServiceProxy) private httpService: ServiceProxyInterface,
+    @inject(TYPES.ApiGateway_EndpointResolver) private endpointResolver: EndpointResolverInterface,
  ) {
    super()
  }
@@ -6,7 +6,7 @@ import { ServiceProxyInterface } from '../../Service/Http/ServiceProxyInterface'

@controller('/v1')
 export class PaymentsController extends BaseHttpController {
-  constructor(@inject(TYPES.ServiceProxy) private httpService: ServiceProxyInterface) {
+  constructor(@inject(TYPES.ApiGateway_ServiceProxy) private httpService: ServiceProxyInterface) {
    super()
  }

@@ -40,12 +40,12 @@ export class PaymentsController extends BaseHttpController {
    await this.httpService.callPaymentsServer(request, response, 'api/extensions', request.body)
  }

-  @httpPost('/subscriptions/tiered', TYPES.SubscriptionTokenAuthMiddleware)
+  @httpPost('/subscriptions/tiered', TYPES.ApiGateway_SubscriptionTokenAuthMiddleware)
  async createTieredSubscription(request: Request, response: Response): Promise<void> {
    await this.httpService.callPaymentsServer(request, response, 'api/subscriptions/tiered', request.body)
  }

-  @httpPost('/subscriptions/apple_iap_confirm', TYPES.SubscriptionTokenAuthMiddleware)
+  @httpPost('/subscriptions/apple_iap_confirm', TYPES.ApiGateway_SubscriptionTokenAuthMiddleware)
  async appleIAPConfirm(request: Request, response: Response): Promise<void> {
    await this.httpService.callPaymentsServer(request, response, 'api/subscriptions/apple_iap_confirm', request.body)
  }
@@ -140,7 +140,7 @@ export class PaymentsController extends BaseHttpController {
    )
  }

-  @httpPost('/payments/stripe-setup-intent', TYPES.SubscriptionTokenAuthMiddleware)
+  @httpPost('/payments/stripe-setup-intent', TYPES.ApiGateway_SubscriptionTokenAuthMiddleware)
  async createStripeSetupIntent(request: Request, response: Response): Promise<void> {
    await this.httpService.callPaymentsServer(request, response, 'api/pro_users/stripe-setup-intent', request.body)
  }
@@ -1,7 +1,7 @@
 import { BaseHttpController, controller, httpDelete, httpGet, results } from 'inversify-express-utils'
 import { TYPES } from '../../Bootstrap/Types'

-@controller('/v1/items/:item_id/revisions', TYPES.RequiredCrossServiceTokenMiddleware)
+@controller('/v1/items/:item_id/revisions', TYPES.ApiGateway_RequiredCrossServiceTokenMiddleware)
 export class RevisionsController extends BaseHttpController {
  @httpGet('/')
  async getRevisions(): Promise<results.JsonResult> {
@@ -8,13 +8,13 @@ import { EndpointResolverInterface } from '../../Service/Resolver/EndpointResolv
@controller('/v1/sessions')
 export class SessionsController extends BaseHttpController {
  constructor(
-    @inject(TYPES.ServiceProxy) private httpService: ServiceProxyInterface,
-    @inject(TYPES.EndpointResolver) private endpointResolver: EndpointResolverInterface,
+    @inject(TYPES.ApiGateway_ServiceProxy) private httpService: ServiceProxyInterface,
+    @inject(TYPES.ApiGateway_EndpointResolver) private endpointResolver: EndpointResolverInterface,
  ) {
    super()
  }

-  @httpGet('/', TYPES.RequiredCrossServiceTokenMiddleware)
+  @httpGet('/', TYPES.ApiGateway_RequiredCrossServiceTokenMiddleware)
  async getSessions(request: Request, response: Response): Promise<void> {
    await this.httpService.callAuthServer(
      request,
@@ -23,7 +23,7 @@ export class SessionsController extends BaseHttpController {
    )
  }

-  @httpDelete('/:uuid', TYPES.RequiredCrossServiceTokenMiddleware)
+  @httpDelete('/:uuid', TYPES.ApiGateway_RequiredCrossServiceTokenMiddleware)
  async deleteSession(request: Request, response: Response): Promise<void> {
    await this.httpService.callAuthServer(
      request,
@@ -35,7 +35,7 @@ export class SessionsController extends BaseHttpController {
    )
  }

-  @httpDelete('/', TYPES.RequiredCrossServiceTokenMiddleware)
+  @httpDelete('/', TYPES.ApiGateway_RequiredCrossServiceTokenMiddleware)
  async deleteSessions(request: Request, response: Response): Promise<void> {
    await this.httpService.callAuthServer(
      request,
@@ -5,11 +5,11 @@ import { TYPES } from '../../Bootstrap/Types'
 import { ServiceProxyInterface } from '../../Service/Http/ServiceProxyInterface'
 import { EndpointResolverInterface } from '../../Service/Resolver/EndpointResolverInterface'

-@controller('/v1/shared-vaults', TYPES.RequiredCrossServiceTokenMiddleware)
+@controller('/v1/shared-vaults', TYPES.ApiGateway_RequiredCrossServiceTokenMiddleware)
 export class SharedVaultInvitesController extends BaseHttpController {
  constructor(
-    @inject(TYPES.ServiceProxy) private httpService: ServiceProxyInterface,
-    @inject(TYPES.EndpointResolver) private endpointResolver: EndpointResolverInterface,
+    @inject(TYPES.ApiGateway_ServiceProxy) private httpService: ServiceProxyInterface,
+    @inject(TYPES.ApiGateway_EndpointResolver) private endpointResolver: EndpointResolverInterface,
  ) {
    super()
  }
@@ -5,11 +5,11 @@ import { TYPES } from '../../Bootstrap/Types'
 import { ServiceProxyInterface } from '../../Service/Http/ServiceProxyInterface'
 import { EndpointResolverInterface } from '../../Service/Resolver/EndpointResolverInterface'

-@controller('/v1/shared-vaults/:sharedVaultUuid/users', TYPES.RequiredCrossServiceTokenMiddleware)
+@controller('/v1/shared-vaults/:sharedVaultUuid/users', TYPES.ApiGateway_RequiredCrossServiceTokenMiddleware)
 export class SharedVaultUsersController extends BaseHttpController {
  constructor(
-    @inject(TYPES.ServiceProxy) private httpService: ServiceProxyInterface,
-    @inject(TYPES.EndpointResolver) private endpointResolver: EndpointResolverInterface,
+    @inject(TYPES.ApiGateway_ServiceProxy) private httpService: ServiceProxyInterface,
+    @inject(TYPES.ApiGateway_EndpointResolver) private endpointResolver: EndpointResolverInterface,
  ) {
    super()
  }
@@ -5,11 +5,11 @@ import { TYPES } from '../../Bootstrap/Types'
 import { ServiceProxyInterface } from '../../Service/Http/ServiceProxyInterface'
 import { EndpointResolverInterface } from '../../Service/Resolver/EndpointResolverInterface'

-@controller('/v1/shared-vaults', TYPES.RequiredCrossServiceTokenMiddleware)
+@controller('/v1/shared-vaults', TYPES.ApiGateway_RequiredCrossServiceTokenMiddleware)
 export class SharedVaultsController extends BaseHttpController {
  constructor(
-    @inject(TYPES.ServiceProxy) private httpService: ServiceProxyInterface,
-    @inject(TYPES.EndpointResolver) private endpointResolver: EndpointResolverInterface,
+    @inject(TYPES.ApiGateway_ServiceProxy) private httpService: ServiceProxyInterface,
+    @inject(TYPES.ApiGateway_EndpointResolver) private endpointResolver: EndpointResolverInterface,
  ) {
    super()
  }
@@ -9,13 +9,13 @@ import { EndpointResolverInterface } from '../../Service/Resolver/EndpointResolv
@controller('/v1/subscription-invites')
 export class SubscriptionInvitesController extends BaseHttpController {
  constructor(
-    @inject(TYPES.ServiceProxy) private httpService: ServiceProxyInterface,
-    @inject(TYPES.EndpointResolver) private endpointResolver: EndpointResolverInterface,
+    @inject(TYPES.ApiGateway_ServiceProxy) private httpService: ServiceProxyInterface,
+    @inject(TYPES.ApiGateway_EndpointResolver) private endpointResolver: EndpointResolverInterface,
  ) {
    super()
  }

-  @httpPost('/', TYPES.RequiredCrossServiceTokenMiddleware)
+  @httpPost('/', TYPES.ApiGateway_RequiredCrossServiceTokenMiddleware)
  async inviteToSubscriptionSharing(request: Request, response: Response): Promise<void> {
    await this.httpService.callAuthServer(
      request,
@@ -25,7 +25,7 @@ export class SubscriptionInvitesController extends BaseHttpController {
    )
  }

-  @httpGet('/', TYPES.RequiredCrossServiceTokenMiddleware)
+  @httpGet('/', TYPES.ApiGateway_RequiredCrossServiceTokenMiddleware)
  async listInvites(request: Request, response: Response): Promise<void> {
    await this.httpService.callAuthServer(
      request,
@@ -35,7 +35,7 @@ export class SubscriptionInvitesController extends BaseHttpController {
    )
  }

-  @httpDelete('/:inviteUuid', TYPES.RequiredCrossServiceTokenMiddleware)
+  @httpDelete('/:inviteUuid', TYPES.ApiGateway_RequiredCrossServiceTokenMiddleware)
  async cancelSubscriptionSharing(request: Request, response: Response): Promise<void> {
    await this.httpService.callAuthServer(
      request,
@@ -48,7 +48,7 @@ export class SubscriptionInvitesController extends BaseHttpController {
    )
  }

-  @httpPost('/:inviteUuid/accept', TYPES.RequiredCrossServiceTokenMiddleware)
+  @httpPost('/:inviteUuid/accept', TYPES.ApiGateway_RequiredCrossServiceTokenMiddleware)
  async acceptInvite(request: Request, response: Response): Promise<void> {
    await this.httpService.callAuthServer(
      request,
@@ -9,13 +9,13 @@ import { EndpointResolverInterface } from '../../Service/Resolver/EndpointResolv
@controller('/v1/subscription-tokens')
 export class TokensController extends BaseHttpController {
  constructor(
-    @inject(TYPES.ServiceProxy) private httpService: ServiceProxyInterface,
-    @inject(TYPES.EndpointResolver) private endpointResolver: EndpointResolverInterface,
+    @inject(TYPES.ApiGateway_ServiceProxy) private httpService: ServiceProxyInterface,
+    @inject(TYPES.ApiGateway_EndpointResolver) private endpointResolver: EndpointResolverInterface,
  ) {
    super()
  }

-  @httpPost('/', TYPES.RequiredCrossServiceTokenMiddleware)
+  @httpPost('/', TYPES.ApiGateway_RequiredCrossServiceTokenMiddleware)
  async createToken(request: Request, response: Response): Promise<void> {
    await this.httpService.callAuthServer(
      request,
@@ -20,9 +20,10 @@ import { EndpointResolverInterface } from '../../Service/Resolver/EndpointResolv
@controller('/v1/users')
 export class UsersController extends BaseHttpController {
  constructor(
-    @inject(TYPES.ServiceProxy) private httpService: ServiceProxyInterface,
-    @inject(TYPES.EndpointResolver) private endpointResolver: EndpointResolverInterface,
-    @inject(TYPES.Logger) private logger: Logger,
+    @inject(TYPES.ApiGateway_ServiceProxy) private httpService: ServiceProxyInterface,
+    @inject(TYPES.ApiGateway_EndpointResolver) private endpointResolver: EndpointResolverInterface,
+    @inject(TYPES.ApiGateway_Logger) private logger: Logger,
+    @inject(TYPES.ApiGateway_IS_CONFIGURED_FOR_HOME_SERVER) private isConfiguredForHomeServer: boolean,
  ) {
    super()
  }
@@ -32,12 +33,12 @@ export class UsersController extends BaseHttpController {
    await this.httpService.callPaymentsServer(request, response, 'api/pro_users/claim-account', request.body)
  }

-  @httpPost('/send-activation-code', TYPES.SubscriptionTokenAuthMiddleware)
+  @httpPost('/send-activation-code', TYPES.ApiGateway_SubscriptionTokenAuthMiddleware)
  async sendActivationCode(request: Request, response: Response): Promise<void> {
    await this.httpService.callPaymentsServer(request, response, 'api/pro_users/send-activation-code', request.body)
  }

-  @httpPatch('/:userId', TYPES.RequiredCrossServiceTokenMiddleware)
+  @httpPatch('/:userId', TYPES.ApiGateway_RequiredCrossServiceTokenMiddleware)
  async updateUser(request: Request, response: Response): Promise<void> {
    await this.httpService.callAuthServer(
      request,
@@ -47,7 +48,7 @@ export class UsersController extends BaseHttpController {
    )
  }

-  @httpPut('/:userUuid/password', TYPES.RequiredCrossServiceTokenMiddleware)
+  @httpPut('/:userUuid/password', TYPES.ApiGateway_RequiredCrossServiceTokenMiddleware)
  async changePassword(request: Request, response: Response): Promise<void> {
    this.logger.debug(
      '[DEPRECATED] use endpoint /v1/users/:userUuid/attributes/credentials instead of /v1/users/:userUuid/password',
@@ -65,7 +66,7 @@ export class UsersController extends BaseHttpController {
    )
  }

-  @httpPut('/:userUuid/attributes/credentials', TYPES.RequiredCrossServiceTokenMiddleware)
+  @httpPut('/:userUuid/attributes/credentials', TYPES.ApiGateway_RequiredCrossServiceTokenMiddleware)
  async changeCredentials(request: Request, response: Response): Promise<void> {
    await this.httpService.callAuthServer(
      request,
@@ -79,7 +80,16 @@ export class UsersController extends BaseHttpController {
    )
  }

-  @httpGet('/:userId/params', TYPES.RequiredCrossServiceTokenMiddleware)
+  @httpGet('/transition-status', TYPES.ApiGateway_RequiredCrossServiceTokenMiddleware)
+  async getTransitionStatus(request: Request, response: Response): Promise<void> {
+    await this.httpService.callAuthServer(
+      request,
+      response,
+      this.endpointResolver.resolveEndpointOrMethodIdentifier('GET', 'users/transition-status'),
+    )
+  }
+
+  @httpGet('/:userId/params', TYPES.ApiGateway_RequiredCrossServiceTokenMiddleware)
  async getKeyParams(request: Request, response: Response): Promise<void> {
    await this.httpService.callAuthServer(
      request,
@@ -88,12 +98,12 @@ export class UsersController extends BaseHttpController {
    )
  }

-  @all('/:userId/mfa', TYPES.RequiredCrossServiceTokenMiddleware)
+  @all('/:userId/mfa', TYPES.ApiGateway_RequiredCrossServiceTokenMiddleware)
  async blockMFA(): Promise<results.StatusCodeResult> {
    return this.statusCode(401)
  }

-  @httpPost('/:userUuid/integrations/listed', TYPES.RequiredCrossServiceTokenMiddleware)
+  @httpPost('/:userUuid/integrations/listed', TYPES.ApiGateway_RequiredCrossServiceTokenMiddleware)
  async createListedAccount(request: Request, response: Response): Promise<void> {
    await this.httpService.callAuthServer(
      request,
@@ -113,7 +123,7 @@ export class UsersController extends BaseHttpController {
    )
  }

-  @httpGet('/:userUuid/settings', TYPES.RequiredCrossServiceTokenMiddleware)
+  @httpGet('/:userUuid/settings', TYPES.ApiGateway_RequiredCrossServiceTokenMiddleware)
  async listSettings(request: Request, response: Response): Promise<void> {
    await this.httpService.callAuthServer(
      request,
@@ -126,7 +136,7 @@ export class UsersController extends BaseHttpController {
    )
  }

-  @httpPut('/:userUuid/settings', TYPES.RequiredCrossServiceTokenMiddleware)
+  @httpPut('/:userUuid/settings', TYPES.ApiGateway_RequiredCrossServiceTokenMiddleware)
  async putSetting(request: Request, response: Response): Promise<void> {
    await this.httpService.callAuthServer(
      request,
@@ -140,7 +150,7 @@ export class UsersController extends BaseHttpController {
    )
  }

-  @httpGet('/:userUuid/settings/:settingName', TYPES.RequiredCrossServiceTokenMiddleware)
+  @httpGet('/:userUuid/settings/:settingName', TYPES.ApiGateway_RequiredCrossServiceTokenMiddleware)
  async getSetting(request: Request, response: Response): Promise<void> {
    await this.httpService.callAuthServer(
      request,
@@ -154,7 +164,7 @@ export class UsersController extends BaseHttpController {
    )
  }

-  @httpDelete('/:userUuid/settings/:settingName', TYPES.RequiredCrossServiceTokenMiddleware)
+  @httpDelete('/:userUuid/settings/:settingName', TYPES.ApiGateway_RequiredCrossServiceTokenMiddleware)
  async deleteSetting(request: Request, response: Response): Promise<void> {
    await this.httpService.callAuthServer(
      request,
@@ -169,7 +179,10 @@ export class UsersController extends BaseHttpController {
    )
  }

-  @httpGet('/:userUuid/subscription-settings/:subscriptionSettingName', TYPES.RequiredCrossServiceTokenMiddleware)
+  @httpGet(
+    '/:userUuid/subscription-settings/:subscriptionSettingName',
+    TYPES.ApiGateway_RequiredCrossServiceTokenMiddleware,
+  )
  async getSubscriptionSetting(request: Request, response: Response): Promise<void> {
    await this.httpService.callAuthServer(
      request,
@@ -183,7 +196,7 @@ export class UsersController extends BaseHttpController {
    )
  }

-  @httpGet('/:userUuid/features', TYPES.RequiredCrossServiceTokenMiddleware)
+  @httpGet('/:userUuid/features', TYPES.ApiGateway_RequiredCrossServiceTokenMiddleware)
  async getFeatures(request: Request, response: Response): Promise<void> {
    await this.httpService.callAuthServer(
      request,
@@ -196,7 +209,7 @@ export class UsersController extends BaseHttpController {
    )
  }

-  @httpGet('/:userUuid/subscription', TYPES.RequiredCrossServiceTokenMiddleware)
+  @httpGet('/:userUuid/subscription', TYPES.ApiGateway_RequiredCrossServiceTokenMiddleware)
  async getSubscription(request: Request, response: Response): Promise<void> {
    await this.httpService.callAuthServer(
      request,
@@ -209,7 +222,7 @@ export class UsersController extends BaseHttpController {
    )
  }

-  @httpGet('/subscription', TYPES.SubscriptionTokenAuthMiddleware)
+  @httpGet('/subscription', TYPES.ApiGateway_SubscriptionTokenAuthMiddleware)
  async getSubscriptionBySubscriptionToken(request: Request, response: Response): Promise<void> {
    if (response.locals.tokenAuthenticationMethod === TokenAuthenticationMethod.OfflineSubscriptionToken) {
      await this.httpService.callAuthServer(
@@ -232,12 +245,20 @@ export class UsersController extends BaseHttpController {
    )
  }

-  @httpDelete('/:userUuid', TYPES.RequiredCrossServiceTokenMiddleware)
+  @httpDelete('/:userUuid', TYPES.ApiGateway_RequiredCrossServiceTokenMiddleware)
  async deleteUser(request: Request, response: Response): Promise<void> {
-    await this.httpService.callPaymentsServer(request, response, 'api/account', request.body)
+    if (!this.isConfiguredForHomeServer) {
+      await this.httpService.callPaymentsServer(request, response, 'api/account', request.body, true)
+    }
+
+    await this.httpService.callAuthServer(
+      request,
+      response,
+      this.endpointResolver.resolveEndpointOrMethodIdentifier('DELETE', 'users/:userUuid', request.params.userUuid),
+    )
  }

-  @httpPost('/:userUuid/requests', TYPES.RequiredCrossServiceTokenMiddleware)
+  @httpPost('/:userUuid/requests', TYPES.ApiGateway_RequiredCrossServiceTokenMiddleware)
  async submitRequest(request: Request, response: Response): Promise<void> {
    await this.httpService.callAuthServer(
      request,
@@ -10,14 +10,14 @@ import { EndpointResolverInterface } from '../../Service/Resolver/EndpointResolv
@controller('/v1/sockets')
 export class WebSocketsController extends BaseHttpController {
  constructor(
-    @inject(TYPES.ServiceProxy) private httpService: ServiceProxyInterface,
-    @inject(TYPES.EndpointResolver) private endpointResolver: EndpointResolverInterface,
-    @inject(TYPES.Logger) private logger: Logger,
+    @inject(TYPES.ApiGateway_ServiceProxy) private httpService: ServiceProxyInterface,
+    @inject(TYPES.ApiGateway_EndpointResolver) private endpointResolver: EndpointResolverInterface,
+    @inject(TYPES.ApiGateway_Logger) private logger: Logger,
  ) {
    super()
  }

-  @httpPost('/tokens', TYPES.RequiredCrossServiceTokenMiddleware)
+  @httpPost('/tokens', TYPES.ApiGateway_RequiredCrossServiceTokenMiddleware)
  async createWebSocketConnectionToken(request: Request, response: Response): Promise<void> {
    await this.httpService.callWebSocketServer(
      request,
@@ -27,7 +27,7 @@ export class WebSocketsController extends BaseHttpController {
    )
  }

-  @httpPost('/connections', TYPES.WebSocketAuthMiddleware)
+  @httpPost('/connections', TYPES.ApiGateway_WebSocketAuthMiddleware)
  async createWebSocketConnection(request: Request, response: Response): Promise<void> {
    if (!request.headers.connectionid) {
      this.logger.error('Could not create a websocket connection. Missing connection id header.')
@@ -9,8 +9,8 @@ import { EndpointResolverInterface } from '../../Service/Resolver/EndpointResolv
@controller('/v2')
 export class ActionsControllerV2 extends BaseHttpController {
  constructor(
-    @inject(TYPES.ServiceProxy) private serviceProxy: ServiceProxyInterface,
-    @inject(TYPES.EndpointResolver) private endpointResolver: EndpointResolverInterface,
+    @inject(TYPES.ApiGateway_ServiceProxy) private serviceProxy: ServiceProxyInterface,
+    @inject(TYPES.ApiGateway_EndpointResolver) private endpointResolver: EndpointResolverInterface,
  ) {
    super()
  }
@@ -25,7 +25,7 @@ export class ActionsControllerV2 extends BaseHttpController {
    )
  }

-  @httpPost('/login-params', TYPES.OptionalCrossServiceTokenMiddleware)
+  @httpPost('/login-params', TYPES.ApiGateway_OptionalCrossServiceTokenMiddleware)
  async loginParams(request: Request, response: Response): Promise<void> {
    await this.serviceProxy.callAuthServer(
      request,
@@ -6,7 +6,7 @@ import { ServiceProxyInterface } from '../../Service/Http/ServiceProxyInterface'

@controller('/v2')
 export class PaymentsControllerV2 extends BaseHttpController {
-  constructor(@inject(TYPES.ServiceProxy) private httpService: ServiceProxyInterface) {
+  constructor(@inject(TYPES.ApiGateway_ServiceProxy) private httpService: ServiceProxyInterface) {
    super()
  }

@@ -15,22 +15,22 @@ export class PaymentsControllerV2 extends BaseHttpController {
    await this.httpService.callPaymentsServer(request, response, 'api/subscriptions/features', request.body)
  }

-  @httpGet('/subscriptions/tailored', TYPES.SubscriptionTokenAuthMiddleware)
+  @httpGet('/subscriptions/tailored', TYPES.ApiGateway_SubscriptionTokenAuthMiddleware)
  async getTailoredSubscriptionsWithFeatures(request: Request, response: Response): Promise<void> {
    await this.httpService.callPaymentsServer(request, response, 'api/subscriptions/features', request.body)
  }

-  @httpGet('/subscriptions/deltas', TYPES.SubscriptionTokenAuthMiddleware)
+  @httpGet('/subscriptions/deltas', TYPES.ApiGateway_SubscriptionTokenAuthMiddleware)
  async getSubscriptionDeltasForChangingPlan(request: Request, response: Response): Promise<void> {
    await this.httpService.callPaymentsServer(request, response, 'api/subscriptions/deltas', request.body)
  }

-  @httpPost('/subscriptions/deltas/apply', TYPES.SubscriptionTokenAuthMiddleware)
+  @httpPost('/subscriptions/deltas/apply', TYPES.ApiGateway_SubscriptionTokenAuthMiddleware)
  async applySubscriptionDelta(request: Request, response: Response): Promise<void> {
    await this.httpService.callPaymentsServer(request, response, 'api/subscriptions/deltas/apply', request.body)
  }

-  @httpPost('/subscriptions/change-payment-method', TYPES.SubscriptionTokenAuthMiddleware)
+  @httpPost('/subscriptions/change-payment-method', TYPES.ApiGateway_SubscriptionTokenAuthMiddleware)
  async changePaymentMethod(request: Request, response: Response): Promise<void> {
    await this.httpService.callPaymentsServer(
      request,
@@ -40,7 +40,7 @@ export class PaymentsControllerV2 extends BaseHttpController {
    )
  }

-  @httpGet('/subscriptions/:subscriptionId', TYPES.SubscriptionTokenAuthMiddleware)
+  @httpGet('/subscriptions/:subscriptionId', TYPES.ApiGateway_SubscriptionTokenAuthMiddleware)
  async getSubscription(request: Request, response: Response): Promise<void> {
    await this.httpService.callPaymentsServer(
      request,
@@ -50,7 +50,7 @@ export class PaymentsControllerV2 extends BaseHttpController {
    )
  }

-  @httpDelete('/subscriptions/:subscriptionId', TYPES.SubscriptionTokenAuthMiddleware)
+  @httpDelete('/subscriptions/:subscriptionId', TYPES.ApiGateway_SubscriptionTokenAuthMiddleware)
  async cancelSubscription(request: Request, response: Response): Promise<void> {
    await this.httpService.callPaymentsServer(
      request,
@@ -60,7 +60,7 @@ export class PaymentsControllerV2 extends BaseHttpController {
    )
  }

-  @httpPatch('/subscriptions/:subscriptionId', TYPES.SubscriptionTokenAuthMiddleware)
+  @httpPatch('/subscriptions/:subscriptionId', TYPES.ApiGateway_SubscriptionTokenAuthMiddleware)
  async updateSubscription(request: Request, response: Response): Promise<void> {
    await this.httpService.callPaymentsServer(
      request,
@@ -6,11 +6,11 @@ import { TYPES } from '../../Bootstrap/Types'
 import { ServiceProxyInterface } from '../../Service/Http/ServiceProxyInterface'
 import { EndpointResolverInterface } from '../../Service/Resolver/EndpointResolverInterface'

-@controller('/v2/items/:itemUuid/revisions', TYPES.RequiredCrossServiceTokenMiddleware)
+@controller('/v2/items/:itemUuid/revisions', TYPES.ApiGateway_RequiredCrossServiceTokenMiddleware)
 export class RevisionsControllerV2 extends BaseHttpController {
  constructor(
-    @inject(TYPES.ServiceProxy) private httpService: ServiceProxyInterface,
-    @inject(TYPES.EndpointResolver) private endpointResolver: EndpointResolverInterface,
+    @inject(TYPES.ApiGateway_ServiceProxy) private httpService: ServiceProxyInterface,
+    @inject(TYPES.ApiGateway_EndpointResolver) private endpointResolver: EndpointResolverInterface,
  ) {
    super()
  }
@@ -12,29 +12,29 @@ export class InMemoryCrossServiceTokenCache implements CrossServiceTokenCacheInt
  constructor(private timer: TimerInterface) {}

  async set(dto: {
-    authorizationHeaderValue: string
+    key: string
    encodedCrossServiceToken: string
    expiresAtInSeconds: number
    userUuid: string
  }): Promise<void> {
-    let userAuthHeaders = []
-    const userAuthHeadersJSON = this.crossServiceTokenCache.get(`${this.USER_CST_PREFIX}:${dto.userUuid}`)
-    if (userAuthHeadersJSON) {
-      userAuthHeaders = JSON.parse(userAuthHeadersJSON)
+    let userKeys = []
+    const userKeysJSON = this.crossServiceTokenCache.get(`${this.USER_CST_PREFIX}:${dto.userUuid}`)
+    if (userKeysJSON) {
+      userKeys = JSON.parse(userKeysJSON)
    }
-    userAuthHeaders.push(dto.authorizationHeaderValue)
+    userKeys.push(dto.key)

-    this.crossServiceTokenCache.set(`${this.USER_CST_PREFIX}:${dto.userUuid}`, JSON.stringify(userAuthHeaders))
+    this.crossServiceTokenCache.set(`${this.USER_CST_PREFIX}:${dto.userUuid}`, JSON.stringify(userKeys))
    this.crossServiceTokenTTLCache.set(`${this.USER_CST_PREFIX}:${dto.userUuid}`, dto.expiresAtInSeconds)

-    this.crossServiceTokenCache.set(`${this.PREFIX}:${dto.authorizationHeaderValue}`, dto.encodedCrossServiceToken)
-    this.crossServiceTokenTTLCache.set(`${this.PREFIX}:${dto.authorizationHeaderValue}`, dto.expiresAtInSeconds)
+    this.crossServiceTokenCache.set(`${this.PREFIX}:${dto.key}`, dto.encodedCrossServiceToken)
+    this.crossServiceTokenTTLCache.set(`${this.PREFIX}:${dto.key}`, dto.expiresAtInSeconds)
  }

-  async get(authorizationHeaderValue: string): Promise<string | null> {
+  async get(key: string): Promise<string | null> {
    this.invalidateExpiredTokens()

-    const cachedToken = this.crossServiceTokenCache.get(`${this.PREFIX}:${authorizationHeaderValue}`)
+    const cachedToken = this.crossServiceTokenCache.get(`${this.PREFIX}:${key}`)
    if (!cachedToken) {
      return null
    }
@@ -43,15 +43,15 @@ export class InMemoryCrossServiceTokenCache implements CrossServiceTokenCacheInt
  }

  async invalidate(userUuid: string): Promise<void> {
-    let userAuthorizationHeaderValues = []
-    const userAuthHeadersJSON = this.crossServiceTokenCache.get(`${this.USER_CST_PREFIX}:${userUuid}`)
-    if (userAuthHeadersJSON) {
-      userAuthorizationHeaderValues = JSON.parse(userAuthHeadersJSON)
+    let userKeyValues = []
+    const userKeysJSON = this.crossServiceTokenCache.get(`${this.USER_CST_PREFIX}:${userUuid}`)
+    if (userKeysJSON) {
+      userKeyValues = JSON.parse(userKeysJSON)
    }

-    for (const authorizationHeaderValue of userAuthorizationHeaderValues) {
-      this.crossServiceTokenCache.delete(`${this.PREFIX}:${authorizationHeaderValue}`)
-      this.crossServiceTokenTTLCache.delete(`${this.PREFIX}:${authorizationHeaderValue}`)
+    for (const key of userKeyValues) {
+      this.crossServiceTokenCache.delete(`${this.PREFIX}:${key}`)
+      this.crossServiceTokenTTLCache.delete(`${this.PREFIX}:${key}`)
    }
    this.crossServiceTokenCache.delete(`${this.USER_CST_PREFIX}:${userUuid}`)
    this.crossServiceTokenTTLCache.delete(`${this.USER_CST_PREFIX}:${userUuid}`)
@@ -9,35 +9,35 @@ export class RedisCrossServiceTokenCache implements CrossServiceTokenCacheInterf
  private readonly PREFIX = 'cst'
  private readonly USER_CST_PREFIX = 'user-cst'

-  constructor(@inject(TYPES.Redis) private redisClient: IORedis.Redis) {}
+  constructor(@inject(TYPES.ApiGateway_Redis) private redisClient: IORedis.Redis) {}

  async set(dto: {
-    authorizationHeaderValue: string
+    key: string
    encodedCrossServiceToken: string
    expiresAtInSeconds: number
    userUuid: string
  }): Promise<void> {
    const pipeline = this.redisClient.pipeline()

-    pipeline.sadd(`${this.USER_CST_PREFIX}:${dto.userUuid}`, dto.authorizationHeaderValue)
+    pipeline.sadd(`${this.USER_CST_PREFIX}:${dto.userUuid}`, dto.key)
    pipeline.expireat(`${this.USER_CST_PREFIX}:${dto.userUuid}`, dto.expiresAtInSeconds)

-    pipeline.set(`${this.PREFIX}:${dto.authorizationHeaderValue}`, dto.encodedCrossServiceToken)
-    pipeline.expireat(`${this.PREFIX}:${dto.authorizationHeaderValue}`, dto.expiresAtInSeconds)
+    pipeline.set(`${this.PREFIX}:${dto.key}`, dto.encodedCrossServiceToken)
+    pipeline.expireat(`${this.PREFIX}:${dto.key}`, dto.expiresAtInSeconds)

    await pipeline.exec()
  }

-  async get(authorizationHeaderValue: string): Promise<string | null> {
-    return this.redisClient.get(`${this.PREFIX}:${authorizationHeaderValue}`)
+  async get(key: string): Promise<string | null> {
+    return this.redisClient.get(`${this.PREFIX}:${key}`)
  }

  async invalidate(userUuid: string): Promise<void> {
-    const userAuthorizationHeaderValues = await this.redisClient.smembers(`${this.USER_CST_PREFIX}:${userUuid}`)
+    const userKeyValues = await this.redisClient.smembers(`${this.USER_CST_PREFIX}:${userUuid}`)

    const pipeline = this.redisClient.pipeline()
-    for (const authorizationHeaderValue of userAuthorizationHeaderValues) {
-      pipeline.del(`${this.PREFIX}:${authorizationHeaderValue}`)
+    for (const key of userKeyValues) {
+      pipeline.del(`${this.PREFIX}:${key}`)
    }
    pipeline.del(`${this.USER_CST_PREFIX}:${userUuid}`)

@@ -1,10 +1,10 @@
 export interface CrossServiceTokenCacheInterface {
  set(dto: {
-    authorizationHeaderValue: string
+    key: string
    encodedCrossServiceToken: string
    expiresAtInSeconds: number
    userUuid: string
  }): Promise<void>
-  get(authorizationHeaderValue: string): Promise<string | null>
+  get(key: string): Promise<string | null>
  invalidate(userUuid: string): Promise<void>
 }
@@ -11,27 +11,29 @@ import { ServiceProxyInterface } from './ServiceProxyInterface'
@injectable()
 export class HttpServiceProxy implements ServiceProxyInterface {
  constructor(
-    @inject(TYPES.HTTPClient) private httpClient: AxiosInstance,
-    @inject(TYPES.AUTH_SERVER_URL) private authServerUrl: string,
-    @inject(TYPES.SYNCING_SERVER_JS_URL) private syncingServerJsUrl: string,
-    @inject(TYPES.PAYMENTS_SERVER_URL) private paymentsServerUrl: string,
-    @inject(TYPES.FILES_SERVER_URL) private filesServerUrl: string,
-    @inject(TYPES.WEB_SOCKET_SERVER_URL) private webSocketServerUrl: string,
-    @inject(TYPES.REVISIONS_SERVER_URL) private revisionsServerUrl: string,
-    @inject(TYPES.EMAIL_SERVER_URL) private emailServerUrl: string,
-    @inject(TYPES.HTTP_CALL_TIMEOUT) private httpCallTimeout: number,
-    @inject(TYPES.CrossServiceTokenCache) private crossServiceTokenCache: CrossServiceTokenCacheInterface,
-    @inject(TYPES.Logger) private logger: Logger,
+    @inject(TYPES.ApiGateway_HTTPClient) private httpClient: AxiosInstance,
+    @inject(TYPES.ApiGateway_AUTH_SERVER_URL) private authServerUrl: string,
+    @inject(TYPES.ApiGateway_SYNCING_SERVER_JS_URL) private syncingServerJsUrl: string,
+    @inject(TYPES.ApiGateway_PAYMENTS_SERVER_URL) private paymentsServerUrl: string,
+    @inject(TYPES.ApiGateway_FILES_SERVER_URL) private filesServerUrl: string,
+    @inject(TYPES.ApiGateway_WEB_SOCKET_SERVER_URL) private webSocketServerUrl: string,
+    @inject(TYPES.ApiGateway_REVISIONS_SERVER_URL) private revisionsServerUrl: string,
+    @inject(TYPES.ApiGateway_EMAIL_SERVER_URL) private emailServerUrl: string,
+    @inject(TYPES.ApiGateway_HTTP_CALL_TIMEOUT) private httpCallTimeout: number,
+    @inject(TYPES.ApiGateway_CrossServiceTokenCache) private crossServiceTokenCache: CrossServiceTokenCacheInterface,
+    @inject(TYPES.ApiGateway_Logger) private logger: Logger,
  ) {}

-  async validateSession(
-    authorizationHeaderValue: string,
-  ): Promise<{ status: number; data: unknown; headers: { contentType: string } }> {
+  async validateSession(headers: {
+    authorization: string
+    sharedVaultOwnerContext?: string
+  }): Promise<{ status: number; data: unknown; headers: { contentType: string } }> {
    const authResponse = await this.httpClient.request({
      method: 'POST',
      headers: {
-        Authorization: authorizationHeaderValue,
+        Authorization: headers.authorization,
        Accept: 'application/json',
+        'x-shared-vault-owner-context': headers.sharedVaultOwnerContext,
      },
      validateStatus: (status: number) => {
        return status >= 200 && status < 500
@@ -130,19 +132,26 @@ export class HttpServiceProxy implements ServiceProxyInterface {
    response: Response,
    endpointOrMethodIdentifier: string,
    payload?: Record<string, unknown> | string,
-  ): Promise<void> {
+    returnRawResponse?: boolean,
+  ): Promise<void | Response<unknown, Record<string, unknown>>> {
    if (!this.paymentsServerUrl) {
      this.logger.debug('Payments Server URL not defined. Skipped request to Payments API.')

      return
    }
-    await this.callServerWithLegacyFormat(
+
+    const rawResponse = await this.callServerWithLegacyFormat(
      this.paymentsServerUrl,
      request,
      response,
      endpointOrMethodIdentifier,
      payload,
+      returnRawResponse,
    )
+
+    if (returnRawResponse) {
+      return rawResponse
+    }
  }

  async callAuthServerWithLegacyFormat(
@@ -279,7 +288,8 @@ export class HttpServiceProxy implements ServiceProxyInterface {
    response: Response,
    endpointOrMethodIdentifier: string,
    payload?: Record<string, unknown> | string,
-  ): Promise<void> {
+    returnRawResponse?: boolean,
+  ): Promise<void | Response<unknown, Record<string, unknown>>> {
    const serviceResponse = await this.getServerResponse(
      serverUrl,
      request,
@@ -295,9 +305,21 @@ export class HttpServiceProxy implements ServiceProxyInterface {
    this.applyResponseHeaders(serviceResponse, response)

    if (serviceResponse.request._redirectable._redirectCount > 0) {
-      response.status(302).redirect(serviceResponse.request.res.responseUrl)
+      response.status(302)
+
+      if (returnRawResponse) {
+        return response
+      }
+
+      response.redirect(serviceResponse.request.res.responseUrl)
    } else {
-      response.status(serviceResponse.status).send(serviceResponse.data)
+      response.status(serviceResponse.status)
+
+      if (returnRawResponse) {
+        return response
+      }
+
+      response.send(serviceResponse.data)
    }
  }

@@ -42,14 +42,15 @@ export interface ServiceProxyInterface {
    response: Response,
    endpointOrMethodIdentifier: string,
    payload?: Record<string, unknown> | string,
-  ): Promise<void>
+    returnRawResponse?: boolean,
+  ): Promise<void | Response<unknown, Record<string, unknown>>>
  callWebSocketServer(
    request: Request,
    response: Response,
    endpointOrMethodIdentifier: string,
    payload?: Record<string, unknown> | string,
  ): Promise<void>
-  validateSession(authorizationHeaderValue: string): Promise<{
+  validateSession(headers: { authorization: string; sharedVaultOwnerContext?: string }): Promise<{
    status: number
    data: unknown
    headers: {
@@ -6,9 +6,10 @@ import { ServiceProxyInterface } from '../Http/ServiceProxyInterface'
 export class DirectCallServiceProxy implements ServiceProxyInterface {
  constructor(private serviceContainer: ServiceContainerInterface, private filesServerUrl: string) {}

-  async validateSession(
-    authorizationHeaderValue: string,
-  ): Promise<{ status: number; data: unknown; headers: { contentType: string } }> {
+  async validateSession(headers: {
+    authorization: string
+    sharedVaultOwnerContext?: string
+  }): Promise<{ status: number; data: unknown; headers: { contentType: string } }> {
    const authService = this.serviceContainer.get(ServiceIdentifier.create(ServiceIdentifier.NAMES.Auth).getValue())
    if (!authService) {
      throw new Error('Auth service not found')
@@ -17,7 +18,8 @@ export class DirectCallServiceProxy implements ServiceProxyInterface {
    const serviceResponse = (await authService.handleRequest(
      {
        headers: {
-          authorization: authorizationHeaderValue,
+          authorization: headers.authorization,
+          'x-shared-vault-owner-context': headers.sharedVaultOwnerContext,
        },
      } as never,
      {} as never,
@@ -42,7 +42,9 @@ export class EndpointResolver implements EndpointResolverInterface {
    // Users Controller
    ['[PATCH]:users/:userId', 'auth.users.update'],
    ['[PUT]:users/:userUuid/attributes/credentials', 'auth.users.updateCredentials'],
-    ['[PUT]:auth/params', 'auth.users.getKeyParams'],
+    ['[GET]:users/params', 'auth.users.getKeyParams'],
+    ['[GET]:users/transition-status', 'auth.users.transition-status'],
+    ['[DELETE]:users/:userUuid', 'auth.users.delete'],
    ['[POST]:listed', 'auth.users.createListedAccount'],
    ['[POST]:auth', 'auth.users.register'],
    ['[GET]:users/:userUuid/settings', 'auth.users.getSettings'],
@@ -57,6 +59,7 @@ export class EndpointResolver implements EndpointResolverInterface {
    // Syncing Server
    ['[POST]:items/sync', 'sync.items.sync'],
    ['[POST]:items/check-integrity', 'sync.items.check_integrity'],
+    ['[POST]:items/transition', 'sync.items.transition'],
    ['[GET]:items/:uuid', 'sync.items.get_item'],
    // Revisions Controller V2
    ['[GET]:items/:itemUuid/revisions', 'revisions.revisions.getRevisions'],
@@ -1,4 +1,4 @@
-MODE=microservice # microservice | home-server
+MODE=microservice # microservice | home-server | self-hosted
 LOG_LEVEL=debug
 NODE_ENV=development
 VERSION=development
@@ -3,6 +3,120 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

+## [1.135.2](https://github.com/standardnotes/server/compare/@standardnotes/auth-server@1.135.1...@standardnotes/auth-server@1.135.2) (2023-08-28)
+
+### Bug Fixes
+
+* allow self hosted to use new model of items ([#714](https://github.com/standardnotes/server/issues/714)) ([aef9254](https://github.com/standardnotes/server/commit/aef9254713560c00a90a3e84e3cd94417e8f30d2))
+
+## [1.135.1](https://github.com/standardnotes/server/compare/@standardnotes/auth-server@1.135.0...@standardnotes/auth-server@1.135.1) (2023-08-25)
+
+### Bug Fixes
+
+* **auth:** account enumeration with pseudo u2f and mfa ([#709](https://github.com/standardnotes/server/issues/709)) ([bbb35d1](https://github.com/standardnotes/server/commit/bbb35d16fc4f6a57fe774a648fbda13ec64a8865))
+
+# [1.135.0](https://github.com/standardnotes/server/compare/@standardnotes/auth-server@1.134.0...@standardnotes/auth-server@1.135.0) (2023-08-24)
+
+### Features
+
+* add trigerring items transition and checking status of it ([#707](https://github.com/standardnotes/server/issues/707)) ([05bb12c](https://github.com/standardnotes/server/commit/05bb12c97899824f06e6d01d105dec75fc328440))
+
+# [1.134.0](https://github.com/standardnotes/server/compare/@standardnotes/auth-server@1.133.0...@standardnotes/auth-server@1.134.0) (2023-08-23)
+
+### Features
+
+* add handling file moving and updating storage quota ([#705](https://github.com/standardnotes/server/issues/705)) ([205a1ed](https://github.com/standardnotes/server/commit/205a1ed637b626be13fc656276508f3c7791024f))
+
+# [1.133.0](https://github.com/standardnotes/server/compare/@standardnotes/auth-server@1.132.0...@standardnotes/auth-server@1.133.0) (2023-08-22)
+
+### Features
+
+* consider shared vault owner quota when uploading files to shared vault ([#704](https://github.com/standardnotes/server/issues/704)) ([34085ac](https://github.com/standardnotes/server/commit/34085ac6fb7e61d471bd3b4ae8e72112df25c3ee))
+
+# [1.132.0](https://github.com/standardnotes/server/compare/@standardnotes/auth-server@1.131.5...@standardnotes/auth-server@1.132.0) (2023-08-18)
+
+### Features
+
+* add mechanism for determining if a user should use the primary or secondary items database ([#700](https://github.com/standardnotes/server/issues/700)) ([302b624](https://github.com/standardnotes/server/commit/302b624504f4c87fd7c3ddfee77cbdc14a61018b))
+
+## [1.131.5](https://github.com/standardnotes/server/compare/@standardnotes/auth-server@1.131.4...@standardnotes/auth-server@1.131.5) (2023-08-15)
+
+### Bug Fixes
+
+* **auth:** passing the invalidate cache header ([#697](https://github.com/standardnotes/server/issues/697)) ([83ad069](https://github.com/standardnotes/server/commit/83ad069c5dd9afa3a6db881f0d8a55a58d0642aa))
+
+## [1.131.4](https://github.com/standardnotes/server/compare/@standardnotes/auth-server@1.131.3...@standardnotes/auth-server@1.131.4) (2023-08-11)
+
+**Note:** Version bump only for package @standardnotes/auth-server
+
+## [1.131.3](https://github.com/standardnotes/server/compare/@standardnotes/auth-server@1.131.2...@standardnotes/auth-server@1.131.3) (2023-08-09)
+
+**Note:** Version bump only for package @standardnotes/auth-server
+
+## [1.131.2](https://github.com/standardnotes/server/compare/@standardnotes/auth-server@1.131.1...@standardnotes/auth-server@1.131.2) (2023-08-09)
+
+**Note:** Version bump only for package @standardnotes/auth-server
+
+## [1.131.1](https://github.com/standardnotes/server/compare/@standardnotes/auth-server@1.131.0...@standardnotes/auth-server@1.131.1) (2023-08-09)
+
+**Note:** Version bump only for package @standardnotes/auth-server
+
+# [1.131.0](https://github.com/standardnotes/server/compare/@standardnotes/auth-server@1.130.1...@standardnotes/auth-server@1.131.0) (2023-08-08)
+
+### Features
+
+* update storage quota used for user based on shared vault files ([#689](https://github.com/standardnotes/server/issues/689)) ([5311e74](https://github.com/standardnotes/server/commit/5311e7426617da6fc75593dd0fcbff589ca4fc22))
+
+## [1.130.1](https://github.com/standardnotes/server/compare/@standardnotes/auth-server@1.130.0...@standardnotes/auth-server@1.130.1) (2023-08-07)
+
+### Bug Fixes
+
+* **auth:** update user agent upon refreshing session token ([#685](https://github.com/standardnotes/server/issues/685)) ([bd5f492](https://github.com/standardnotes/server/commit/bd5f492a733f783c64fa4bc5840b4a9f5c913d3d))
+
+# [1.130.0](https://github.com/standardnotes/server/compare/@standardnotes/auth-server@1.129.0...@standardnotes/auth-server@1.130.0) (2023-08-07)
+
+### Features
+
+* **auth:** invalidate other sessions for user if the email or password are changed ([#684](https://github.com/standardnotes/server/issues/684)) ([f39d3ac](https://github.com/standardnotes/server/commit/f39d3aca5b7bb9e5f9c1c24cbe2359f30dea835c))
+
+# [1.129.0](https://github.com/standardnotes/server/compare/@standardnotes/auth-server@1.128.1...@standardnotes/auth-server@1.129.0) (2023-08-03)
+
+### Features
+
+* **auth:** add handling payments account deleted events STA-1769 ([#682](https://github.com/standardnotes/server/issues/682)) ([8e35dfa](https://github.com/standardnotes/server/commit/8e35dfa4b77256f4c0a3294b296a5526fd1020ad))
+
+## [1.128.1](https://github.com/standardnotes/server/compare/@standardnotes/auth-server@1.128.0...@standardnotes/auth-server@1.128.1) (2023-08-02)
+
+**Note:** Version bump only for package @standardnotes/auth-server
+
+# [1.128.0](https://github.com/standardnotes/server/compare/@standardnotes/auth-server@1.127.2...@standardnotes/auth-server@1.128.0) (2023-08-02)
+
+### Features
+
+* enable Write Ahead Log mode for SQLite ([#681](https://github.com/standardnotes/server/issues/681)) ([8cd7a13](https://github.com/standardnotes/server/commit/8cd7a138ab56f6a2b0d6c06ef6041ab9b85ae540))
+
+## [1.127.2](https://github.com/standardnotes/server/compare/@standardnotes/auth-server@1.127.1...@standardnotes/auth-server@1.127.2) (2023-08-01)
+
+### Bug Fixes
+
+* controller naming ([#678](https://github.com/standardnotes/server/issues/678)) ([56f0aef](https://github.com/standardnotes/server/commit/56f0aef21d3fcec7ac7e968cb1c1b071becbbe26))
+
+## [1.127.1](https://github.com/standardnotes/server/compare/@standardnotes/auth-server@1.127.0...@standardnotes/auth-server@1.127.1) (2023-07-31)
+
+### Bug Fixes
+
+* **auth:** auth middleware on delete account ([318af57](https://github.com/standardnotes/server/commit/318af5757d6c42f580157647b22112a9936765e7))
+
+# [1.127.0](https://github.com/standardnotes/server/compare/@standardnotes/auth-server@1.126.5...@standardnotes/auth-server@1.127.0) (2023-07-31)
+
+### Features
+
+* refactor deleting account ([#676](https://github.com/standardnotes/server/issues/676)) ([0d5dcdd](https://github.com/standardnotes/server/commit/0d5dcdd8ec2336e41e7604c4157f79a89163ed29))
+
+## [1.126.5](https://github.com/standardnotes/server/compare/@standardnotes/auth-server@1.126.4...@standardnotes/auth-server@1.126.5) (2023-07-27)
+
+**Note:** Version bump only for package @standardnotes/auth-server
+
 ## [1.126.4](https://github.com/standardnotes/server/compare/@standardnotes/auth-server@1.126.3...@standardnotes/auth-server@1.126.4) (2023-07-26)

 **Note:** Version bump only for package @standardnotes/auth-server
@@ -1,23 +1,23 @@
 import 'reflect-metadata'

-import '../src/Infra/InversifyExpressUtils/InversifyExpressAuthController'
-import '../src/Infra/InversifyExpressUtils/InversifyExpressAuthenticatorsController'
-import '../src/Infra/InversifyExpressUtils/InversifyExpressSessionsController'
-import '../src/Infra/InversifyExpressUtils/InversifyExpressSubscriptionInvitesController'
-import '../src/Infra/InversifyExpressUtils/InversifyExpressUserRequestsController'
-import '../src/Infra/InversifyExpressUtils/InversifyExpressWebSocketsController'
-import '../src/Infra/InversifyExpressUtils/InversifyExpressUsersController'
-import '../src/Infra/InversifyExpressUtils/InversifyExpressValetTokenController'
-import '../src/Infra/InversifyExpressUtils/InversifyExpressAdminController'
-import '../src/Infra/InversifyExpressUtils/InversifyExpressSubscriptionTokensController'
-import '../src/Infra/InversifyExpressUtils/InversifyExpressSubscriptionSettingsController'
-import '../src/Infra/InversifyExpressUtils/InversifyExpressSettingsController'
-import '../src/Infra/InversifyExpressUtils/InversifyExpressSessionController'
-import '../src/Infra/InversifyExpressUtils/InversifyExpressOfflineController'
-import '../src/Infra/InversifyExpressUtils/InversifyExpressListedController'
-import '../src/Infra/InversifyExpressUtils/InversifyExpressInternalController'
-import '../src/Infra/InversifyExpressUtils/InversifyExpressHealthCheckController'
-import '../src/Infra/InversifyExpressUtils/InversifyExpressFeaturesController'
+import '../src/Infra/InversifyExpressUtils/AnnotatedAuthController'
+import '../src/Infra/InversifyExpressUtils/AnnotatedAuthenticatorsController'
+import '../src/Infra/InversifyExpressUtils/AnnotatedSessionsController'
+import '../src/Infra/InversifyExpressUtils/AnnotatedSubscriptionInvitesController'
+import '../src/Infra/InversifyExpressUtils/AnnotatedUserRequestsController'
+import '../src/Infra/InversifyExpressUtils/AnnotatedWebSocketsController'
+import '../src/Infra/InversifyExpressUtils/AnnotatedUsersController'
+import '../src/Infra/InversifyExpressUtils/AnnotatedValetTokenController'
+import '../src/Infra/InversifyExpressUtils/AnnotatedAdminController'
+import '../src/Infra/InversifyExpressUtils/AnnotatedSubscriptionTokensController'
+import '../src/Infra/InversifyExpressUtils/AnnotatedSubscriptionSettingsController'
+import '../src/Infra/InversifyExpressUtils/AnnotatedSettingsController'
+import '../src/Infra/InversifyExpressUtils/AnnotatedSessionController'
+import '../src/Infra/InversifyExpressUtils/AnnotatedOfflineController'
+import '../src/Infra/InversifyExpressUtils/AnnotatedListedController'
+import '../src/Infra/InversifyExpressUtils/AnnotatedInternalController'
+import '../src/Infra/InversifyExpressUtils/AnnotatedHealthCheckController'
+import '../src/Infra/InversifyExpressUtils/AnnotatedFeaturesController'

 import * as cors from 'cors'
 import { urlencoded, json, Request, Response, NextFunction } from 'express'
@@ -0,0 +1,13 @@
+import { MigrationInterface, QueryRunner } from 'typeorm'
+
+export class AddTransitionRole1692348191367 implements MigrationInterface {
+  public async up(queryRunner: QueryRunner): Promise<void> {
+    await queryRunner.query(
+      'INSERT INTO `roles` (uuid, name, version) VALUES ("e7381dc5-3d67-49e9-b7bd-f2407b2f726e", "TRANSITION_USER", 1)',
+    )
+  }
+
+  public async down(): Promise<void> {
+    return
+  }
+}
@@ -0,0 +1,13 @@
+import { MigrationInterface, QueryRunner } from 'typeorm'
+
+export class AddTransitionRole1692348280258 implements MigrationInterface {
+  public async up(queryRunner: QueryRunner): Promise<void> {
+    await queryRunner.query(
+      'INSERT INTO `roles` (uuid, name, version) VALUES ("e7381dc5-3d67-49e9-b7bd-f2407b2f726e", "TRANSITION_USER", 1)',
+    )
+  }
+
+  public async down(): Promise<void> {
+    return
+  }
+}
@@ -1,6 +1,6 @@
 {
  "name": "@standardnotes/auth-server",
-  "version": "1.126.4",
+  "version": "1.135.2",
  "engines": {
    "node": ">=18.0.0 <21.0.0"
  },
@@ -38,7 +38,7 @@ import { GetUserKeyParams } from '../Domain/UseCase/GetUserKeyParams/GetUserKeyP
 import { UpdateUser } from '../Domain/UseCase/UpdateUser'
 import { RedisEphemeralSessionRepository } from '../Infra/Redis/RedisEphemeralSessionRepository'
 import { GetActiveSessionsForUser } from '../Domain/UseCase/GetActiveSessionsForUser'
-import { DeletePreviousSessionsForUser } from '../Domain/UseCase/DeletePreviousSessionsForUser'
+import { DeleteOtherSessionsForUser } from '../Domain/UseCase/DeleteOtherSessionsForUser'
 import { DeleteSessionForUser } from '../Domain/UseCase/DeleteSessionForUser'
 import { Register } from '../Domain/UseCase/Register'
 import { LockRepository } from '../Infra/Redis/LockRepository'
@@ -234,24 +234,35 @@ import { OfflineUserAuthMiddleware } from '../Infra/InversifyExpressUtils/Middle
 import { LockMiddleware } from '../Infra/InversifyExpressUtils/Middleware/LockMiddleware'
 import { RequiredCrossServiceTokenMiddleware } from '../Infra/InversifyExpressUtils/Middleware/RequiredCrossServiceTokenMiddleware'
 import { OptionalCrossServiceTokenMiddleware } from '../Infra/InversifyExpressUtils/Middleware/OptionalCrossServiceTokenMiddleware'
-import { HomeServerSettingsController } from '../Infra/InversifyExpressUtils/HomeServer/HomeServerSettingsController'
-import { HomeServerAdminController } from '../Infra/InversifyExpressUtils/HomeServer/HomeServerAdminController'
-import { HomeServerAuthController } from '../Infra/InversifyExpressUtils/HomeServer/HomeServerAuthController'
-import { HomeServerAuthenticatorsController } from '../Infra/InversifyExpressUtils/HomeServer/HomeServerAuthenticatorsController'
-import { HomeServerFeaturesController } from '../Infra/InversifyExpressUtils/HomeServer/HomeServerFeaturesController'
-import { HomeServerListedController } from '../Infra/InversifyExpressUtils/HomeServer/HomeServerListedController'
-import { HomeServerOfflineController } from '../Infra/InversifyExpressUtils/HomeServer/HomeServerOfflineController'
-import { HomeServerSessionController } from '../Infra/InversifyExpressUtils/HomeServer/HomeServerSessionController'
-import { HomeServerSubscriptionInvitesController } from '../Infra/InversifyExpressUtils/HomeServer/HomeServerSubscriptionInvitesController'
-import { HomeServerSubscriptionSettingsController } from '../Infra/InversifyExpressUtils/HomeServer/HomeServerSubscriptionSettingsController'
-import { HomeServerSubscriptionTokensController } from '../Infra/InversifyExpressUtils/HomeServer/HomeServerSubscriptionTokensController'
-import { HomeServerUserRequestsController } from '../Infra/InversifyExpressUtils/HomeServer/HomeServerUserRequestsController'
-import { HomeServerUsersController } from '../Infra/InversifyExpressUtils/HomeServer/HomeServerUsersController'
-import { HomeServerValetTokenController } from '../Infra/InversifyExpressUtils/HomeServer/HomeServerValetTokenController'
-import { HomeServerWebSocketsController } from '../Infra/InversifyExpressUtils/HomeServer/HomeServerWebSocketsController'
-import { HomeServerSessionsController } from '../Infra/InversifyExpressUtils/HomeServer/HomeServerSessionsController'
+import { BaseSettingsController } from '../Infra/InversifyExpressUtils/Base/BaseSettingsController'
+import { BaseAdminController } from '../Infra/InversifyExpressUtils/Base/BaseAdminController'
+import { BaseAuthController } from '../Infra/InversifyExpressUtils/Base/BaseAuthController'
+import { BaseAuthenticatorsController } from '../Infra/InversifyExpressUtils/Base/BaseAuthenticatorsController'
+import { BaseFeaturesController } from '../Infra/InversifyExpressUtils/Base/BaseFeaturesController'
+import { BaseListedController } from '../Infra/InversifyExpressUtils/Base/BaseListedController'
+import { BaseOfflineController } from '../Infra/InversifyExpressUtils/Base/BaseOfflineController'
+import { BaseSessionController } from '../Infra/InversifyExpressUtils/Base/BaseSessionController'
+import { BaseSubscriptionInvitesController } from '../Infra/InversifyExpressUtils/Base/BaseSubscriptionInvitesController'
+import { BaseSubscriptionSettingsController } from '../Infra/InversifyExpressUtils/Base/BaseSubscriptionSettingsController'
+import { BaseSubscriptionTokensController } from '../Infra/InversifyExpressUtils/Base/BaseSubscriptionTokensController'
+import { BaseUserRequestsController } from '../Infra/InversifyExpressUtils/Base/BaseUserRequestsController'
+import { BaseUsersController } from '../Infra/InversifyExpressUtils/Base/BaseUsersController'
+import { BaseValetTokenController } from '../Infra/InversifyExpressUtils/Base/BaseValetTokenController'
+import { BaseWebSocketsController } from '../Infra/InversifyExpressUtils/Base/BaseWebSocketsController'
+import { BaseSessionsController } from '../Infra/InversifyExpressUtils/Base/BaseSessionsController'
 import { Transform } from 'stream'
 import { ActivatePremiumFeatures } from '../Domain/UseCase/ActivatePremiumFeatures/ActivatePremiumFeatures'
+import { PaymentsAccountDeletedEventHandler } from '../Domain/Handler/PaymentsAccountDeletedEventHandler'
+import { UpdateStorageQuotaUsedForUser } from '../Domain/UseCase/UpdateStorageQuotaUsedForUser/UpdateStorageQuotaUsedForUser'
+import { SharedVaultFileUploadedEventHandler } from '../Domain/Handler/SharedVaultFileUploadedEventHandler'
+import { SharedVaultFileRemovedEventHandler } from '../Domain/Handler/SharedVaultFileRemovedEventHandler'
+import { SharedVaultFileMovedEventHandler } from '../Domain/Handler/SharedVaultFileMovedEventHandler'
+import { TransitionStatusRepositoryInterface } from '../Domain/Transition/TransitionStatusRepositoryInterface'
+import { RedisTransitionStatusRepository } from '../Infra/Redis/RedisTransitionStatusRepository'
+import { InMemoryTransitionStatusRepository } from '../Infra/InMemory/InMemoryTransitionStatusRepository'
+import { TransitionStatusUpdatedEventHandler } from '../Domain/Handler/TransitionStatusUpdatedEventHandler'
+import { UpdateTransitionStatus } from '../Domain/UseCase/UpdateTransitionStatus/UpdateTransitionStatus'
+import { GetTransitionStatus } from '../Domain/UseCase/GetTransitionStatus/GetTransitionStatus'

 export class ContainerConfigLoader {
  async load(configuration?: {
@@ -556,6 +567,9 @@ export class ContainerConfigLoader {
    container
      .bind(TYPES.Auth_READONLY_USERS)
      .toConstantValue(env.get('READONLY_USERS', true) ? env.get('READONLY_USERS', true).split(',') : [])
+    container
+      .bind(TYPES.Auth_TRANSITION_MODE_ENABLED)
+      .toConstantValue(env.get('TRANSITION_MODE_ENABLED', true) === 'true')

    if (isConfiguredForInMemoryCache) {
      container
@@ -602,6 +616,9 @@ export class ContainerConfigLoader {
            container.get(TYPES.Auth_Timer),
          ),
        )
+      container
+        .bind<TransitionStatusRepositoryInterface>(TYPES.Auth_TransitionStatusRepository)
+        .toConstantValue(new InMemoryTransitionStatusRepository())
    } else {
      container.bind<PKCERepositoryInterface>(TYPES.Auth_PKCERepository).to(RedisPKCERepository)
      container.bind<LockRepositoryInterface>(TYPES.Auth_LockRepository).to(LockRepository)
@@ -614,6 +631,9 @@ export class ContainerConfigLoader {
      container
        .bind<SubscriptionTokenRepositoryInterface>(TYPES.Auth_SubscriptionTokenRepository)
        .to(RedisSubscriptionTokenRepository)
+      container
+        .bind<TransitionStatusRepositoryInterface>(TYPES.Auth_TransitionStatusRepository)
+        .toConstantValue(new RedisTransitionStatusRepository(container.get<Redis>(TYPES.Auth_Redis)))
    }

    // Services
@@ -826,9 +846,7 @@ export class ContainerConfigLoader {
    container.bind<UpdateUser>(TYPES.Auth_UpdateUser).to(UpdateUser)
    container.bind<Register>(TYPES.Auth_Register).to(Register)
    container.bind<GetActiveSessionsForUser>(TYPES.Auth_GetActiveSessionsForUser).to(GetActiveSessionsForUser)
-    container
-      .bind<DeletePreviousSessionsForUser>(TYPES.Auth_DeletePreviousSessionsForUser)
-      .to(DeletePreviousSessionsForUser)
+    container.bind<DeleteOtherSessionsForUser>(TYPES.Auth_DeleteOtherSessionsForUser).to(DeleteOtherSessionsForUser)
    container.bind<DeleteSessionForUser>(TYPES.Auth_DeleteSessionForUser).to(DeleteSessionForUser)
    container.bind<ChangeCredentials>(TYPES.Auth_ChangeCredentials).to(ChangeCredentials)
    container.bind<GetSettings>(TYPES.Auth_GetSettings).to(GetSettings)
@@ -883,6 +901,31 @@ export class ContainerConfigLoader {
    container.bind<VerifyPredicate>(TYPES.Auth_VerifyPredicate).to(VerifyPredicate)
    container.bind<CreateCrossServiceToken>(TYPES.Auth_CreateCrossServiceToken).to(CreateCrossServiceToken)
    container.bind<ProcessUserRequest>(TYPES.Auth_ProcessUserRequest).to(ProcessUserRequest)
+    container
+      .bind<UpdateStorageQuotaUsedForUser>(TYPES.Auth_UpdateStorageQuotaUsedForUser)
+      .toConstantValue(
+        new UpdateStorageQuotaUsedForUser(
+          container.get(TYPES.Auth_UserRepository),
+          container.get(TYPES.Auth_UserSubscriptionService),
+          container.get(TYPES.Auth_SubscriptionSettingService),
+        ),
+      )
+    container
+      .bind<UpdateTransitionStatus>(TYPES.Auth_UpdateTransitionStatus)
+      .toConstantValue(
+        new UpdateTransitionStatus(
+          container.get<TransitionStatusRepositoryInterface>(TYPES.Auth_TransitionStatusRepository),
+          container.get<RoleServiceInterface>(TYPES.Auth_RoleService),
+        ),
+      )
+    container
+      .bind<GetTransitionStatus>(TYPES.Auth_GetTransitionStatus)
+      .toConstantValue(
+        new GetTransitionStatus(
+          container.get<TransitionStatusRepositoryInterface>(TYPES.Auth_TransitionStatusRepository),
+          container.get<UserRepositoryInterface>(TYPES.Auth_UserRepository),
+        ),
+      )

    // Controller
    container
@@ -952,8 +995,46 @@ export class ContainerConfigLoader {
    container
      .bind<UserEmailChangedEventHandler>(TYPES.Auth_UserEmailChangedEventHandler)
      .to(UserEmailChangedEventHandler)
-    container.bind<FileUploadedEventHandler>(TYPES.Auth_FileUploadedEventHandler).to(FileUploadedEventHandler)
-    container.bind<FileRemovedEventHandler>(TYPES.Auth_FileRemovedEventHandler).to(FileRemovedEventHandler)
+    container
+      .bind<FileUploadedEventHandler>(TYPES.Auth_FileUploadedEventHandler)
+      .toConstantValue(
+        new FileUploadedEventHandler(
+          container.get(TYPES.Auth_UpdateStorageQuotaUsedForUser),
+          container.get(TYPES.Auth_Logger),
+        ),
+      )
+    container
+      .bind<SharedVaultFileUploadedEventHandler>(TYPES.Auth_SharedVaultFileUploadedEventHandler)
+      .toConstantValue(
+        new SharedVaultFileUploadedEventHandler(
+          container.get(TYPES.Auth_UpdateStorageQuotaUsedForUser),
+          container.get(TYPES.Auth_Logger),
+        ),
+      )
+    container
+      .bind<SharedVaultFileMovedEventHandler>(TYPES.Auth_SharedVaultFileMovedEventHandler)
+      .toConstantValue(
+        new SharedVaultFileMovedEventHandler(
+          container.get(TYPES.Auth_UpdateStorageQuotaUsedForUser),
+          container.get(TYPES.Auth_Logger),
+        ),
+      )
+    container
+      .bind<FileRemovedEventHandler>(TYPES.Auth_FileRemovedEventHandler)
+      .toConstantValue(
+        new FileRemovedEventHandler(
+          container.get(TYPES.Auth_UpdateStorageQuotaUsedForUser),
+          container.get(TYPES.Auth_Logger),
+        ),
+      )
+    container
+      .bind<SharedVaultFileRemovedEventHandler>(TYPES.Auth_SharedVaultFileRemovedEventHandler)
+      .toConstantValue(
+        new SharedVaultFileRemovedEventHandler(
+          container.get(TYPES.Auth_UpdateStorageQuotaUsedForUser),
+          container.get(TYPES.Auth_Logger),
+        ),
+      )
    container
      .bind<ListedAccountCreatedEventHandler>(TYPES.Auth_ListedAccountCreatedEventHandler)
      .to(ListedAccountCreatedEventHandler)
@@ -978,6 +1059,22 @@ export class ContainerConfigLoader {
          container.get(TYPES.Auth_SettingService),
        ),
      )
+    container
+      .bind<PaymentsAccountDeletedEventHandler>(TYPES.Auth_PaymentsAccountDeletedEventHandler)
+      .toConstantValue(
+        new PaymentsAccountDeletedEventHandler(
+          container.get(TYPES.Auth_DeleteAccount),
+          container.get(TYPES.Auth_Logger),
+        ),
+      )
+    container
+      .bind<TransitionStatusUpdatedEventHandler>(TYPES.Auth_TransitionStatusUpdatedEventHandler)
+      .toConstantValue(
+        new TransitionStatusUpdatedEventHandler(
+          container.get<UpdateTransitionStatus>(TYPES.Auth_UpdateTransitionStatus),
+          container.get<winston.Logger>(TYPES.Auth_Logger),
+        ),
+      )

    const eventHandlers: Map<string, DomainEventHandlerInterface> = new Map([
      ['USER_REGISTERED', container.get(TYPES.Auth_UserRegisteredEventHandler)],
@@ -992,7 +1089,10 @@ export class ContainerConfigLoader {
      ['SUBSCRIPTION_REASSIGNED', container.get(TYPES.Auth_SubscriptionReassignedEventHandler)],
      ['USER_EMAIL_CHANGED', container.get(TYPES.Auth_UserEmailChangedEventHandler)],
      ['FILE_UPLOADED', container.get(TYPES.Auth_FileUploadedEventHandler)],
+      ['SHARED_VAULT_FILE_UPLOADED', container.get(TYPES.Auth_SharedVaultFileUploadedEventHandler)],
+      ['SHARED_VAULT_FILE_MOVED', container.get(TYPES.Auth_SharedVaultFileMovedEventHandler)],
      ['FILE_REMOVED', container.get(TYPES.Auth_FileRemovedEventHandler)],
+      ['SHARED_VAULT_FILE_REMOVED', container.get(TYPES.Auth_SharedVaultFileRemovedEventHandler)],
      ['LISTED_ACCOUNT_CREATED', container.get(TYPES.Auth_ListedAccountCreatedEventHandler)],
      ['LISTED_ACCOUNT_DELETED', container.get(TYPES.Auth_ListedAccountDeletedEventHandler)],
      [
@@ -1005,6 +1105,8 @@ export class ContainerConfigLoader {
      ],
      ['PREDICATE_VERIFICATION_REQUESTED', container.get(TYPES.Auth_PredicateVerificationRequestedEventHandler)],
      ['EMAIL_SUBSCRIPTION_UNSUBSCRIBED', container.get(TYPES.Auth_EmailSubscriptionUnsubscribedEventHandler)],
+      ['PAYMENTS_ACCOUNT_DELETED', container.get(TYPES.Auth_PaymentsAccountDeletedEventHandler)],
+      ['TRANSITION_STATUS_UPDATED', container.get(TYPES.Auth_TransitionStatusUpdatedEventHandler)],
    ])

    if (isConfiguredForHomeServer) {
@@ -1037,9 +1139,9 @@ export class ContainerConfigLoader {
    }

    container
-      .bind<HomeServerAuthController>(TYPES.Auth_HomeServerAuthController)
+      .bind<BaseAuthController>(TYPES.Auth_BaseAuthController)
      .toConstantValue(
-        new HomeServerAuthController(
+        new BaseAuthController(
          container.get(TYPES.Auth_VerifyMFA),
          container.get(TYPES.Auth_SignIn),
          container.get(TYPES.Auth_GetUserKeyParams),
@@ -1054,42 +1156,42 @@ export class ContainerConfigLoader {
    // Inversify Controllers
    if (isConfiguredForHomeServer) {
      container
-        .bind<HomeServerAuthenticatorsController>(TYPES.Auth_HomeServerAuthenticatorsController)
+        .bind<BaseAuthenticatorsController>(TYPES.Auth_BaseAuthenticatorsController)
        .toConstantValue(
-          new HomeServerAuthenticatorsController(
+          new BaseAuthenticatorsController(
            container.get(TYPES.Auth_AuthenticatorsController),
            container.get(TYPES.Auth_ControllerContainer),
          ),
        )
      container
-        .bind<HomeServerSubscriptionInvitesController>(TYPES.Auth_HomeServerSubscriptionInvitesController)
+        .bind<BaseSubscriptionInvitesController>(TYPES.Auth_BaseSubscriptionInvitesController)
        .toConstantValue(
-          new HomeServerSubscriptionInvitesController(
+          new BaseSubscriptionInvitesController(
            container.get(TYPES.Auth_SubscriptionInvitesController),
            container.get(TYPES.Auth_ControllerContainer),
          ),
        )
      container
-        .bind<HomeServerUserRequestsController>(TYPES.Auth_HomeServerUserRequestsController)
+        .bind<BaseUserRequestsController>(TYPES.Auth_BaseUserRequestsController)
        .toConstantValue(
-          new HomeServerUserRequestsController(
+          new BaseUserRequestsController(
            container.get(TYPES.Auth_UserRequestsController),
            container.get(TYPES.Auth_ControllerContainer),
          ),
        )
      container
-        .bind<HomeServerWebSocketsController>(TYPES.Auth_HomeServerWebSocketsController)
+        .bind<BaseWebSocketsController>(TYPES.Auth_BaseWebSocketsController)
        .toConstantValue(
-          new HomeServerWebSocketsController(
+          new BaseWebSocketsController(
            container.get(TYPES.Auth_CreateCrossServiceToken),
            container.get(TYPES.Auth_WebSocketConnectionTokenDecoder),
            container.get(TYPES.Auth_ControllerContainer),
          ),
        )
      container
-        .bind<HomeServerSessionsController>(TYPES.Auth_HomeServerSessionsController)
+        .bind<BaseSessionsController>(TYPES.Auth_BaseSessionsController)
        .toConstantValue(
-          new HomeServerSessionsController(
+          new BaseSessionsController(
            container.get(TYPES.Auth_GetActiveSessionsForUser),
            container.get(TYPES.Auth_AuthenticateRequest),
            container.get(TYPES.Auth_SessionProjector),
@@ -1098,31 +1200,32 @@ export class ContainerConfigLoader {
          ),
        )
      container
-        .bind<HomeServerValetTokenController>(TYPES.Auth_HomeServerValetTokenController)
+        .bind<BaseValetTokenController>(TYPES.Auth_BaseValetTokenController)
        .toConstantValue(
-          new HomeServerValetTokenController(
+          new BaseValetTokenController(
            container.get(TYPES.Auth_CreateValetToken),
            container.get(TYPES.Auth_ControllerContainer),
          ),
        )
      container
-        .bind<HomeServerUsersController>(TYPES.Auth_HomeServerUsersController)
+        .bind<BaseUsersController>(TYPES.Auth_BaseUsersController)
        .toConstantValue(
-          new HomeServerUsersController(
-            container.get(TYPES.Auth_UpdateUser),
-            container.get(TYPES.Auth_GetUserKeyParams),
-            container.get(TYPES.Auth_DeleteAccount),
-            container.get(TYPES.Auth_GetUserSubscription),
-            container.get(TYPES.Auth_ClearLoginAttempts),
-            container.get(TYPES.Auth_IncreaseLoginAttempts),
-            container.get(TYPES.Auth_ChangeCredentials),
-            container.get(TYPES.Auth_ControllerContainer),
+          new BaseUsersController(
+            container.get<UpdateUser>(TYPES.Auth_UpdateUser),
+            container.get<GetUserKeyParams>(TYPES.Auth_GetUserKeyParams),
+            container.get<DeleteAccount>(TYPES.Auth_DeleteAccount),
+            container.get<GetUserSubscription>(TYPES.Auth_GetUserSubscription),
+            container.get<ClearLoginAttempts>(TYPES.Auth_ClearLoginAttempts),
+            container.get<IncreaseLoginAttempts>(TYPES.Auth_IncreaseLoginAttempts),
+            container.get<ChangeCredentials>(TYPES.Auth_ChangeCredentials),
+            container.get<GetTransitionStatus>(TYPES.Auth_GetTransitionStatus),
+            container.get<ControllerContainerInterface>(TYPES.Auth_ControllerContainer),
          ),
        )
      container
-        .bind<HomeServerAdminController>(TYPES.Auth_HomeServerAdminController)
+        .bind<BaseAdminController>(TYPES.Auth_BaseAdminController)
        .toConstantValue(
-          new HomeServerAdminController(
+          new BaseAdminController(
            container.get(TYPES.Auth_DeleteSetting),
            container.get(TYPES.Auth_UserRepository),
            container.get(TYPES.Auth_CreateSubscriptionToken),
@@ -1131,9 +1234,9 @@ export class ContainerConfigLoader {
          ),
        )
      container
-        .bind<HomeServerSubscriptionTokensController>(TYPES.Auth_HomeServerSubscriptionTokensController)
+        .bind<BaseSubscriptionTokensController>(TYPES.Auth_BaseSubscriptionTokensController)
        .toConstantValue(
-          new HomeServerSubscriptionTokensController(
+          new BaseSubscriptionTokensController(
            container.get(TYPES.Auth_CreateSubscriptionToken),
            container.get(TYPES.Auth_AuthenticateSubscriptionToken),
            container.get(TYPES.Auth_SettingService),
@@ -1145,17 +1248,17 @@ export class ContainerConfigLoader {
          ),
        )
      container
-        .bind<HomeServerSubscriptionSettingsController>(TYPES.Auth_HomeServerSubscriptionSettingsController)
+        .bind<BaseSubscriptionSettingsController>(TYPES.Auth_BaseSubscriptionSettingsController)
        .toConstantValue(
-          new HomeServerSubscriptionSettingsController(
+          new BaseSubscriptionSettingsController(
            container.get(TYPES.Auth_GetSetting),
            container.get(TYPES.Auth_ControllerContainer),
          ),
        )
      container
-        .bind<HomeServerSettingsController>(TYPES.Auth_HomeServerSettingsController)
+        .bind<BaseSettingsController>(TYPES.Auth_BaseSettingsController)
        .toConstantValue(
-          new HomeServerSettingsController(
+          new BaseSettingsController(
            container.get(TYPES.Auth_GetSettings),
            container.get(TYPES.Auth_GetSetting),
            container.get(TYPES.Auth_UpdateSetting),
@@ -1164,19 +1267,19 @@ export class ContainerConfigLoader {
          ),
        )
      container
-        .bind<HomeServerSessionController>(TYPES.Auth_HomeServerSessionController)
+        .bind<BaseSessionController>(TYPES.Auth_BaseSessionController)
        .toConstantValue(
-          new HomeServerSessionController(
+          new BaseSessionController(
            container.get(TYPES.Auth_DeleteSessionForUser),
-            container.get(TYPES.Auth_DeletePreviousSessionsForUser),
+            container.get(TYPES.Auth_DeleteOtherSessionsForUser),
            container.get(TYPES.Auth_RefreshSessionToken),
            container.get(TYPES.Auth_ControllerContainer),
          ),
        )
      container
-        .bind<HomeServerOfflineController>(TYPES.Auth_HomeServerOfflineController)
+        .bind<BaseOfflineController>(TYPES.Auth_BaseOfflineController)
        .toConstantValue(
-          new HomeServerOfflineController(
+          new BaseOfflineController(
            container.get(TYPES.Auth_GetUserFeatures),
            container.get(TYPES.Auth_GetUserOfflineSubscription),
            container.get(TYPES.Auth_CreateOfflineSubscriptionToken),
@@ -1188,17 +1291,17 @@ export class ContainerConfigLoader {
          ),
        )
      container
-        .bind<HomeServerListedController>(TYPES.Auth_HomeServerListedController)
+        .bind<BaseListedController>(TYPES.Auth_BaseListedController)
        .toConstantValue(
-          new HomeServerListedController(
+          new BaseListedController(
            container.get(TYPES.Auth_CreateListedAccount),
            container.get(TYPES.Auth_ControllerContainer),
          ),
        )
      container
-        .bind<HomeServerFeaturesController>(TYPES.Auth_HomeServerFeaturesController)
+        .bind<BaseFeaturesController>(TYPES.Auth_BaseFeaturesController)
        .toConstantValue(
-          new HomeServerFeaturesController(
+          new BaseFeaturesController(
            container.get(TYPES.Auth_GetUserFeatures),
            container.get(TYPES.Auth_ControllerContainer),
          ),
@@ -114,6 +114,8 @@ export class AppDataSource {
        ...commonDataSourceOptions,
        type: 'sqlite',
        database: this.env.get('DB_SQLITE_DATABASE_PATH'),
+        enableWAL: true,
+        busyErrorRetry: 2000,
      }

      this._dataSource = new DataSource(sqliteDataSourceOptions)
@@ -27,6 +27,7 @@ export class Service implements AuthServiceInterface {
  async activatePremiumFeatures(dto: {
    username: string
    subscriptionPlanName?: string
+    uploadBytesLimit?: number
    endsAt?: Date
  }): Promise<Result<string>> {
    if (!this.container) {
@@ -35,6 +35,7 @@ const TYPES = {
  Auth_AuthenticatorRepository: Symbol.for('Auth_AuthenticatorRepository'),
  Auth_AuthenticatorChallengeRepository: Symbol.for('Auth_AuthenticatorChallengeRepository'),
  Auth_CacheEntryRepository: Symbol.for('Auth_CacheEntryRepository'),
+  Auth_TransitionStatusRepository: Symbol.for('Auth_TransitionStatusRepository'),
  // ORM
  Auth_ORMOfflineSettingRepository: Symbol.for('Auth_ORMOfflineSettingRepository'),
  Auth_ORMOfflineUserSubscriptionRepository: Symbol.for('Auth_ORMOfflineUserSubscriptionRepository'),
@@ -101,6 +102,7 @@ const TYPES = {
  Auth_U2F_EXPECTED_ORIGIN: Symbol.for('Auth_U2F_EXPECTED_ORIGIN'),
  Auth_U2F_REQUIRE_USER_VERIFICATION: Symbol.for('Auth_U2F_REQUIRE_USER_VERIFICATION'),
  Auth_READONLY_USERS: Symbol.for('Auth_READONLY_USERS'),
+  Auth_TRANSITION_MODE_ENABLED: Symbol.for('Auth_TRANSITION_MODE_ENABLED'),
  // use cases
  Auth_AuthenticateUser: Symbol.for('Auth_AuthenticateUser'),
  Auth_AuthenticateRequest: Symbol.for('Auth_AuthenticateRequest'),
@@ -113,7 +115,7 @@ const TYPES = {
  Auth_UpdateUser: Symbol.for('Auth_UpdateUser'),
  Auth_Register: Symbol.for('Auth_Register'),
  Auth_GetActiveSessionsForUser: Symbol.for('Auth_GetActiveSessionsForUser'),
-  Auth_DeletePreviousSessionsForUser: Symbol.for('Auth_DeletePreviousSessionsForUser'),
+  Auth_DeleteOtherSessionsForUser: Symbol.for('Auth_DeleteOtherSessionsForUser'),
  Auth_DeleteSessionForUser: Symbol.for('Auth_DeleteSessionForUser'),
  Auth_ChangeCredentials: Symbol.for('Auth_ChangePassword'),
  Auth_GetSettings: Symbol.for('Auth_GetSettings'),
@@ -152,6 +154,9 @@ const TYPES = {
  Auth_ActivatePremiumFeatures: Symbol.for('Auth_ActivatePremiumFeatures'),
  Auth_SignInWithRecoveryCodes: Symbol.for('Auth_SignInWithRecoveryCodes'),
  Auth_GetUserKeyParamsRecovery: Symbol.for('Auth_GetUserKeyParamsRecovery'),
+  Auth_UpdateStorageQuotaUsedForUser: Symbol.for('Auth_UpdateStorageQuotaUsedForUser'),
+  Auth_UpdateTransitionStatus: Symbol.for('Auth_UpdateTransitionStatus'),
+  Auth_GetTransitionStatus: Symbol.for('Auth_GetTransitionStatus'),
  // Handlers
  Auth_UserRegisteredEventHandler: Symbol.for('Auth_UserRegisteredEventHandler'),
  Auth_AccountDeletionRequestedEventHandler: Symbol.for('Auth_AccountDeletionRequestedEventHandler'),
@@ -165,7 +170,10 @@ const TYPES = {
  Auth_ExtensionKeyGrantedEventHandler: Symbol.for('Auth_ExtensionKeyGrantedEventHandler'),
  Auth_UserEmailChangedEventHandler: Symbol.for('Auth_UserEmailChangedEventHandler'),
  Auth_FileUploadedEventHandler: Symbol.for('Auth_FileUploadedEventHandler'),
+  Auth_SharedVaultFileUploadedEventHandler: Symbol.for('Auth_SharedVaultFileUploadedEventHandler'),
+  Auth_SharedVaultFileMovedEventHandler: Symbol.for('Auth_SharedVaultFileMovedEventHandler'),
  Auth_FileRemovedEventHandler: Symbol.for('Auth_FileRemovedEventHandler'),
+  Auth_SharedVaultFileRemovedEventHandler: Symbol.for('Auth_SharedVaultFileRemovedEventHandler'),
  Auth_ListedAccountCreatedEventHandler: Symbol.for('Auth_ListedAccountCreatedEventHandler'),
  Auth_ListedAccountDeletedEventHandler: Symbol.for('Auth_ListedAccountDeletedEventHandler'),
  Auth_UserDisabledSessionUserAgentLoggingEventHandler: Symbol.for(
@@ -176,6 +184,8 @@ const TYPES = {
  ),
  Auth_PredicateVerificationRequestedEventHandler: Symbol.for('Auth_PredicateVerificationRequestedEventHandler'),
  Auth_EmailSubscriptionUnsubscribedEventHandler: Symbol.for('Auth_EmailSubscriptionUnsubscribedEventHandler'),
+  Auth_PaymentsAccountDeletedEventHandler: Symbol.for('Auth_PaymentsAccountDeletedEventHandler'),
+  Auth_TransitionStatusUpdatedEventHandler: Symbol.for('Auth_TransitionStatusUpdatedEventHandler'),
  // Services
  Auth_DeviceDetector: Symbol.for('Auth_DeviceDetector'),
  Auth_SessionService: Symbol.for('Auth_SessionService'),
@@ -217,22 +227,22 @@ const TYPES = {
  Auth_ProtocolVersionSelector: Symbol.for('Auth_ProtocolVersionSelector'),
  Auth_BooleanSelector: Symbol.for('Auth_BooleanSelector'),
  Auth_UserSubscriptionService: Symbol.for('Auth_UserSubscriptionService'),
-  Auth_HomeServerAuthController: Symbol.for('Auth_HomeServerAuthController'),
-  Auth_HomeServerAuthenticatorsController: Symbol.for('Auth_HomeServerAuthenticatorsController'),
-  Auth_HomeServerSubscriptionInvitesController: Symbol.for('Auth_HomeServerSubscriptionInvitesController'),
-  Auth_HomeServerUserRequestsController: Symbol.for('Auth_HomeServerUserRequestsController'),
-  Auth_HomeServerWebSocketsController: Symbol.for('Auth_HomeServerWebSocketsController'),
-  Auth_HomeServerSessionsController: Symbol.for('Auth_HomeServerSessionsController'),
-  Auth_HomeServerValetTokenController: Symbol.for('Auth_HomeServerValetTokenController'),
-  Auth_HomeServerUsersController: Symbol.for('Auth_HomeServerUsersController'),
-  Auth_HomeServerAdminController: Symbol.for('Auth_HomeServerAdminController'),
-  Auth_HomeServerSubscriptionTokensController: Symbol.for('Auth_HomeServerSubscriptionTokensController'),
-  Auth_HomeServerSubscriptionSettingsController: Symbol.for('Auth_HomeServerSubscriptionSettingsController'),
-  Auth_HomeServerSettingsController: Symbol.for('Auth_HomeServerSettingsController'),
-  Auth_HomeServerSessionController: Symbol.for('Auth_HomeServerSessionController'),
-  Auth_HomeServerOfflineController: Symbol.for('Auth_HomeServerOfflineController'),
-  Auth_HomeServerListedController: Symbol.for('Auth_HomeServerListedController'),
-  Auth_HomeServerFeaturesController: Symbol.for('Auth_HomeServerFeaturesController'),
+  Auth_BaseAuthController: Symbol.for('Auth_BaseAuthController'),
+  Auth_BaseAuthenticatorsController: Symbol.for('Auth_BaseAuthenticatorsController'),
+  Auth_BaseSubscriptionInvitesController: Symbol.for('Auth_BaseSubscriptionInvitesController'),
+  Auth_BaseUserRequestsController: Symbol.for('Auth_BaseUserRequestsController'),
+  Auth_BaseWebSocketsController: Symbol.for('Auth_BaseWebSocketsController'),
+  Auth_BaseSessionsController: Symbol.for('Auth_BaseSessionsController'),
+  Auth_BaseValetTokenController: Symbol.for('Auth_BaseValetTokenController'),
+  Auth_BaseUsersController: Symbol.for('Auth_BaseUsersController'),
+  Auth_BaseAdminController: Symbol.for('Auth_BaseAdminController'),
+  Auth_BaseSubscriptionTokensController: Symbol.for('Auth_BaseSubscriptionTokensController'),
+  Auth_BaseSubscriptionSettingsController: Symbol.for('Auth_BaseSubscriptionSettingsController'),
+  Auth_BaseSettingsController: Symbol.for('Auth_BaseSettingsController'),
+  Auth_BaseSessionController: Symbol.for('Auth_BaseSessionController'),
+  Auth_BaseOfflineController: Symbol.for('Auth_BaseOfflineController'),
+  Auth_BaseListedController: Symbol.for('Auth_BaseListedController'),
+  Auth_BaseFeaturesController: Symbol.for('Auth_BaseFeaturesController'),
 }

 export default TYPES
@@ -30,7 +30,7 @@ describe('AuthResponseFactory20161215', () => {
  })

  it('should create a 20161215 auth response', async () => {
-    const response = await createFactory().createResponse({
+    const result = await createFactory().createResponse({
      user,
      apiVersion: '20161215',
      userAgent: 'Google Chrome',
@@ -38,7 +38,7 @@ describe('AuthResponseFactory20161215', () => {
      readonlyAccess: false,
    })

-    expect(response).toEqual({
+    expect(result.response).toEqual({
      user: { foo: 'bar' },
      token: 'foobar',
    })
@@ -11,6 +11,7 @@ import { User } from '../User/User'
 import { AuthResponse20161215 } from './AuthResponse20161215'
 import { AuthResponse20200115 } from './AuthResponse20200115'
 import { AuthResponseFactoryInterface } from './AuthResponseFactoryInterface'
+import { Session } from '../Session/Session'

@injectable()
 export class AuthResponseFactory20161215 implements AuthResponseFactoryInterface {
@@ -26,7 +27,7 @@ export class AuthResponseFactory20161215 implements AuthResponseFactoryInterface
    userAgent: string
    ephemeralSession: boolean
    readonlyAccess: boolean
-  }): Promise<AuthResponse20161215 | AuthResponse20200115> {
+  }): Promise<{ response: AuthResponse20161215 | AuthResponse20200115; session?: Session }> {
    this.logger.debug(`Creating JWT auth response for user ${dto.user.uuid}`)

    const data: SessionTokenData = {
@@ -39,12 +40,14 @@ export class AuthResponseFactory20161215 implements AuthResponseFactoryInterface
    this.logger.debug(`Created JWT token for user ${dto.user.uuid}: ${token}`)

    return {
-      user: this.userProjector.projectSimple(dto.user) as {
-        uuid: string
-        email: string
-        protocolVersion: ProtocolVersion
+      response: {
+        user: this.userProjector.projectSimple(dto.user) as {
+          uuid: string
+          email: string
+          protocolVersion: ProtocolVersion
+        },
+        token,
      },
-      token,
    }
  }
 }
@@ -29,7 +29,7 @@ describe('AuthResponseFactory20190520', () => {
  })

  it('should create a 20161215 auth response', async () => {
-    const response = await createFactory().createResponse({
+    const result = await createFactory().createResponse({
      user,
      apiVersion: '20161215',
      userAgent: 'Google Chrome',
@@ -37,7 +37,7 @@ describe('AuthResponseFactory20190520', () => {
      readonlyAccess: false,
    })

-    expect(response).toEqual({
+    expect(result.response).toEqual({
      user: { foo: 'bar' },
      token: 'foobar',
    })
@@ -11,6 +11,7 @@ import { User } from '../User/User'
 import { AuthResponseFactory20200115 } from './AuthResponseFactory20200115'
 import { DomainEventPublisherInterface } from '@standardnotes/domain-events'
 import { DomainEventFactoryInterface } from '../Event/DomainEventFactoryInterface'
+import { Session } from '../Session/Session'

 describe('AuthResponseFactory20200115', () => {
  let sessionService: SessionServiceInterface
@@ -48,8 +49,12 @@ describe('AuthResponseFactory20200115', () => {
    }

    sessionService = {} as jest.Mocked<SessionServiceInterface>
-    sessionService.createNewSessionForUser = jest.fn().mockReturnValue(sessionPayload)
-    sessionService.createNewEphemeralSessionForUser = jest.fn().mockReturnValue(sessionPayload)
+    sessionService.createNewSessionForUser = jest
+      .fn()
+      .mockReturnValue({ sessionHttpRepresentation: sessionPayload, session: {} as jest.Mocked<Session> })
+    sessionService.createNewEphemeralSessionForUser = jest
+      .fn()
+      .mockReturnValue({ sessionHttpRepresentation: sessionPayload, session: {} as jest.Mocked<Session> })

    keyParamsFactory = {} as jest.Mocked<KeyParamsFactoryInterface>
    keyParamsFactory.create = jest.fn().mockReturnValue({
@@ -76,7 +81,7 @@ describe('AuthResponseFactory20200115', () => {
  it('should create a 20161215 auth response if user does not support sessions', async () => {
    user.supportsSessions = jest.fn().mockReturnValue(false)

-    const response = await createFactory().createResponse({
+    const result = await createFactory().createResponse({
      user,
      apiVersion: '20161215',
      userAgent: 'Google Chrome',
@@ -84,7 +89,7 @@ describe('AuthResponseFactory20200115', () => {
      readonlyAccess: false,
    })

-    expect(response).toEqual({
+    expect(result.response).toEqual({
      user: { foo: 'bar' },
      token: expect.any(String),
    })
@@ -93,7 +98,7 @@ describe('AuthResponseFactory20200115', () => {
  it('should create a 20200115 auth response', async () => {
    user.supportsSessions = jest.fn().mockReturnValue(true)

-    const response = await createFactory().createResponse({
+    const result = await createFactory().createResponse({
      user,
      apiVersion: '20200115',
      userAgent: 'Google Chrome',
@@ -101,7 +106,7 @@ describe('AuthResponseFactory20200115', () => {
      readonlyAccess: false,
    })

-    expect(response).toEqual({
+    expect(result.response).toEqual({
      key_params: {
        key1: 'value1',
        key2: 'value2',
@@ -124,7 +129,7 @@ describe('AuthResponseFactory20200115', () => {
    domainEventPublisher.publish = jest.fn().mockRejectedValue(new Error('test'))
    user.supportsSessions = jest.fn().mockReturnValue(true)

-    const response = await createFactory().createResponse({
+    const result = await createFactory().createResponse({
      user,
      apiVersion: '20200115',
      userAgent: 'Google Chrome',
@@ -132,7 +137,7 @@ describe('AuthResponseFactory20200115', () => {
      readonlyAccess: false,
    })

-    expect(response).toEqual({
+    expect(result.response).toEqual({
      key_params: {
        key1: 'value1',
        key2: 'value2',
@@ -153,7 +158,7 @@ describe('AuthResponseFactory20200115', () => {
  it('should create a 20200115 auth response with an ephemeral session', async () => {
    user.supportsSessions = jest.fn().mockReturnValue(true)

-    const response = await createFactory().createResponse({
+    const result = await createFactory().createResponse({
      user,
      apiVersion: '20200115',
      userAgent: 'Google Chrome',
@@ -161,7 +166,7 @@ describe('AuthResponseFactory20200115', () => {
      readonlyAccess: false,
    })

-    expect(response).toEqual({
+    expect(result.response).toEqual({
      key_params: {
        key1: 'value1',
        key2: 'value2',
@@ -183,11 +188,14 @@ describe('AuthResponseFactory20200115', () => {
    user.supportsSessions = jest.fn().mockReturnValue(true)

    sessionService.createNewSessionForUser = jest.fn().mockReturnValue({
-      ...sessionPayload,
-      readonly_access: true,
+      sessionHttpRepresentation: {
+        ...sessionPayload,
+        readonly_access: true,
+      },
+      session: {} as jest.Mocked<Session>,
    })

-    const response = await createFactory().createResponse({
+    const result = await createFactory().createResponse({
      user,
      apiVersion: '20200115',
      userAgent: 'Google Chrome',
@@ -195,7 +203,7 @@ describe('AuthResponseFactory20200115', () => {
      readonlyAccess: true,
    })

-    expect(response).toEqual({
+    expect(result.response).toEqual({
      key_params: {
        key1: 'value1',
        key2: 'value2',
@@ -19,6 +19,7 @@ import { DomainEventFactoryInterface } from '../Event/DomainEventFactoryInterfac

 import { AuthResponse20161215 } from './AuthResponse20161215'
 import { AuthResponse20200115 } from './AuthResponse20200115'
+import { Session } from '../Session/Session'

@injectable()
 export class AuthResponseFactory20200115 extends AuthResponseFactory20190520 {
@@ -40,21 +41,28 @@ export class AuthResponseFactory20200115 extends AuthResponseFactory20190520 {
    userAgent: string
    ephemeralSession: boolean
    readonlyAccess: boolean
-  }): Promise<AuthResponse20161215 | AuthResponse20200115> {
+  }): Promise<{ response: AuthResponse20161215 | AuthResponse20200115; session?: Session }> {
    if (!dto.user.supportsSessions()) {
      this.logger.debug(`User ${dto.user.uuid} does not support sessions. Falling back to JWT auth response`)

      return super.createResponse(dto)
    }

-    const sessionPayload = await this.createSession(dto)
+    const sessionCreationResult = await this.createSession(dto)

-    this.logger.debug('Created session payload for user %s: %O', dto.user.uuid, sessionPayload)
+    this.logger.debug(
+      'Created session payload for user %s: %O',
+      dto.user.uuid,
+      sessionCreationResult.sessionHttpRepresentation,
+    )

    return {
-      session: sessionPayload,
-      key_params: this.keyParamsFactory.create(dto.user, true),
-      user: this.userProjector.projectSimple(dto.user) as SimpleUserProjection,
+      response: {
+        session: sessionCreationResult.sessionHttpRepresentation,
+        key_params: this.keyParamsFactory.create(dto.user, true),
+        user: this.userProjector.projectSimple(dto.user) as SimpleUserProjection,
+      },
+      session: sessionCreationResult.session,
    }
  }

@@ -64,12 +72,12 @@ export class AuthResponseFactory20200115 extends AuthResponseFactory20190520 {
    userAgent: string
    ephemeralSession: boolean
    readonlyAccess: boolean
-  }): Promise<SessionBody> {
+  }): Promise<{ sessionHttpRepresentation: SessionBody; session: Session }> {
    if (dto.ephemeralSession) {
      return this.sessionService.createNewEphemeralSessionForUser(dto)
    }

-    const session = this.sessionService.createNewSessionForUser(dto)
+    const sessionCreationResult = await this.sessionService.createNewSessionForUser(dto)

    try {
      await this.domainEventPublisher.publish(
@@ -79,6 +87,6 @@ export class AuthResponseFactory20200115 extends AuthResponseFactory20190520 {
      this.logger.error(`Failed to publish session created event: ${(error as Error).message}`)
    }

-    return session
+    return sessionCreationResult
  }
 }
@@ -1,3 +1,4 @@
+import { Session } from '../Session/Session'
 import { User } from '../User/User'
 import { AuthResponse20161215 } from './AuthResponse20161215'
 import { AuthResponse20200115 } from './AuthResponse20200115'
@@ -9,5 +10,5 @@ export interface AuthResponseFactoryInterface {
    userAgent: string
    ephemeralSession: boolean
    readonlyAccess: boolean
-  }): Promise<AuthResponse20161215 | AuthResponse20200115>
+  }): Promise<{ response: AuthResponse20161215 | AuthResponse20200115; session?: Session }>
 }
@@ -30,7 +30,9 @@ describe('AuthenticationMethodResolver', () => {

    user = {} as jest.Mocked<User>

-    session = {} as jest.Mocked<Session>
+    session = {
+      userUuid: '00000000-0000-0000-0000-000000000000',
+    } as jest.Mocked<Session>

    revokedSession = {} as jest.Mocked<RevokedSession>

@@ -38,7 +40,7 @@ describe('AuthenticationMethodResolver', () => {
    userRepository.findOneByUuid = jest.fn().mockReturnValue(user)

    sessionService = {} as jest.Mocked<SessionServiceInterface>
-    sessionService.getSessionFromToken = jest.fn()
+    sessionService.getSessionFromToken = jest.fn().mockReturnValue({ session: undefined, isEphemeral: false })
    sessionService.getRevokedSessionFromToken = jest.fn()
    sessionService.markRevokedSessionAsReceived = jest.fn().mockReturnValue(revokedSession)

@@ -50,19 +52,25 @@ describe('AuthenticationMethodResolver', () => {
  })

  it('should resolve jwt authentication method', async () => {
-    sessionTokenDecoder.decodeToken = jest.fn().mockReturnValue({ user_uuid: '123' })
+    sessionTokenDecoder.decodeToken = jest.fn().mockReturnValue({ user_uuid: '00000000-0000-0000-0000-000000000000' })

    expect(await createResolver().resolve('test')).toEqual({
      claims: {
-        user_uuid: '123',
+        user_uuid: '00000000-0000-0000-0000-000000000000',
      },
      type: 'jwt',
      user,
    })
  })

+  it('should not resolve jwt authentication method with invalid user uuid', async () => {
+    sessionTokenDecoder.decodeToken = jest.fn().mockReturnValue({ user_uuid: 'invalid' })
+
+    expect(await createResolver().resolve('test')).toBeUndefined
+  })
+
  it('should resolve session authentication method', async () => {
-    sessionService.getSessionFromToken = jest.fn().mockReturnValue(session)
+    sessionService.getSessionFromToken = jest.fn().mockReturnValue({ session, isEphemeral: false })

    expect(await createResolver().resolve('test')).toEqual({
      session,
@@ -71,6 +79,14 @@ describe('AuthenticationMethodResolver', () => {
    })
  })

+  it('should not resolve session authentication method with invalid user uuid on session', async () => {
+    sessionService.getSessionFromToken = jest
+      .fn()
+      .mockReturnValue({ session: { userUuid: 'invalid' }, isEphemeral: false })
+
+    expect(await createResolver().resolve('test')).toBeUndefined
+  })
+
  it('should resolve archvied session authentication method', async () => {
    sessionService.getRevokedSessionFromToken = jest.fn().mockReturnValue(revokedSession)

@@ -6,6 +6,7 @@ import { UserRepositoryInterface } from '../User/UserRepositoryInterface'
 import { AuthenticationMethod } from './AuthenticationMethod'
 import { AuthenticationMethodResolverInterface } from './AuthenticationMethodResolverInterface'
 import { Logger } from 'winston'
+import { Uuid } from '@standardnotes/domain-core'

@injectable()
 export class AuthenticationMethodResolver implements AuthenticationMethodResolverInterface {
@@ -29,20 +30,32 @@ export class AuthenticationMethodResolver implements AuthenticationMethodResolve
    if (decodedToken) {
      this.logger.debug('Token decoded successfully. User found.')

+      const userUuidOrError = Uuid.create(decodedToken.user_uuid as string)
+      if (userUuidOrError.isFailed()) {
+        return undefined
+      }
+      const userUuid = userUuidOrError.getValue()
+
      return {
        type: 'jwt',
-        user: await this.userRepository.findOneByUuid(<string>decodedToken.user_uuid),
+        user: await this.userRepository.findOneByUuid(userUuid),
        claims: decodedToken,
      }
    }

-    const session = await this.sessionService.getSessionFromToken(token)
+    const { session } = await this.sessionService.getSessionFromToken(token)
    if (session) {
      this.logger.debug('Token decoded successfully. Session found.')

+      const userUuidOrError = Uuid.create(session.userUuid)
+      if (userUuidOrError.isFailed()) {
+        return undefined
+      }
+      const userUuid = userUuidOrError.getValue()
+
      return {
        type: 'session_token',
-        user: await this.userRepository.findOneByUuid(session.userUuid),
+        user: await this.userRepository.findOneByUuid(userUuid),
        session: session,
      }
    }
@@ -50,7 +50,7 @@ describe('AccountDeletionRequestedEventHandler', () => {

    ephemeralSession = {
      uuid: '2-3-4',
-      userUuid: '1-2-3',
+      userUuid: '00000000-0000-0000-0000-000000000000',
    } as jest.Mocked<EphemeralSession>

    ephemeralSessionRepository = {} as jest.Mocked<EphemeralSessionRepositoryInterface>
@@ -68,7 +68,7 @@ describe('AccountDeletionRequestedEventHandler', () => {
    event = {} as jest.Mocked<AccountDeletionRequestedEvent>
    event.createdAt = new Date(1)
    event.payload = {
-      userUuid: '1-2-3',
+      userUuid: '00000000-0000-0000-0000-000000000000',
      userCreatedAtTimestamp: 1,
      regularSubscriptionUuid: '2-3-4',
    }
@@ -84,6 +84,14 @@ describe('AccountDeletionRequestedEventHandler', () => {
    expect(userRepository.remove).toHaveBeenCalledWith(user)
  })

+  it('should not remove a user with invalid uuid', async () => {
+    event.payload.userUuid = 'invalid'
+
+    await createHandler().handle(event)
+
+    expect(userRepository.remove).not.toHaveBeenCalled()
+  })
+
  it('should not remove a user if one does not exist', async () => {
    userRepository.findOneByUuid = jest.fn().mockReturnValue(null)

@@ -100,6 +108,6 @@ describe('AccountDeletionRequestedEventHandler', () => {

    expect(sessionRepository.remove).toHaveBeenCalledWith(session)
    expect(revokedSessionRepository.remove).toHaveBeenCalledWith(revokedSession)
-    expect(ephemeralSessionRepository.deleteOne).toHaveBeenCalledWith('2-3-4', '1-2-3')
+    expect(ephemeralSessionRepository.deleteOne).toHaveBeenCalledWith('2-3-4', '00000000-0000-0000-0000-000000000000')
  })
 })
@@ -6,6 +6,7 @@ import { EphemeralSessionRepositoryInterface } from '../Session/EphemeralSession
 import { RevokedSessionRepositoryInterface } from '../Session/RevokedSessionRepositoryInterface'
 import { SessionRepositoryInterface } from '../Session/SessionRepositoryInterface'
 import { UserRepositoryInterface } from '../User/UserRepositoryInterface'
+import { Uuid } from '@standardnotes/domain-core'

@injectable()
 export class AccountDeletionRequestedEventHandler implements DomainEventHandlerInterface {
@@ -19,19 +20,27 @@ export class AccountDeletionRequestedEventHandler implements DomainEventHandlerI
  ) {}

  async handle(event: AccountDeletionRequestedEvent): Promise<void> {
-    const user = await this.userRepository.findOneByUuid(event.payload.userUuid)
-
-    if (user === null) {
+    const userUuidOrError = Uuid.create(event.payload.userUuid)
+    if (userUuidOrError.isFailed()) {
      this.logger.warn(`Could not find user with uuid: ${event.payload.userUuid}`)

      return
    }
+    const userUuid = userUuidOrError.getValue()

-    await this.removeSessions(event.payload.userUuid)
+    const user = await this.userRepository.findOneByUuid(userUuid)
+
+    if (user === null) {
+      this.logger.warn(`Could not find user with uuid: ${userUuid.value}`)
+
+      return
+    }
+
+    await this.removeSessions(userUuid.value)

    await this.userRepository.remove(user)

-    this.logger.info(`Finished account cleanup for user: ${event.payload.userUuid}`)
+    this.logger.info(`Finished account cleanup for user: ${userUuid.value}`)
  }

  private async removeSessions(userUuid: string): Promise<void> {
@@ -1,150 +0,0 @@
-import 'reflect-metadata'
-
-import { FileRemovedEvent } from '@standardnotes/domain-events'
-import { Logger } from 'winston'
-
-import { User } from '../User/User'
-import { FileRemovedEventHandler } from './FileRemovedEventHandler'
-import { SubscriptionSettingServiceInterface } from '../Setting/SubscriptionSettingServiceInterface'
-import { UserSubscription } from '../Subscription/UserSubscription'
-import { UserSubscriptionType } from '../Subscription/UserSubscriptionType'
-import { UserSubscriptionServiceInterface } from '../Subscription/UserSubscriptionServiceInterface'
-
-describe('FileRemovedEventHandler', () => {
-  let userSubscriptionService: UserSubscriptionServiceInterface
-  let logger: Logger
-  let regularUser: User
-  let sharedUser: User
-  let event: FileRemovedEvent
-  let subscriptionSettingService: SubscriptionSettingServiceInterface
-  let regularSubscription: UserSubscription
-  let sharedSubscription: UserSubscription
-
-  const createHandler = () => new FileRemovedEventHandler(userSubscriptionService, subscriptionSettingService, logger)
-
-  beforeEach(() => {
-    regularUser = {
-      uuid: '123',
-    } as jest.Mocked<User>
-
-    sharedUser = {
-      uuid: '234',
-    } as jest.Mocked<User>
-
-    regularSubscription = {
-      uuid: '1-2-3',
-      subscriptionType: UserSubscriptionType.Regular,
-      user: Promise.resolve(regularUser),
-    } as jest.Mocked<UserSubscription>
-
-    sharedSubscription = {
-      uuid: '2-3-4',
-      subscriptionType: UserSubscriptionType.Shared,
-      user: Promise.resolve(sharedUser),
-    } as jest.Mocked<UserSubscription>
-
-    userSubscriptionService = {} as jest.Mocked<UserSubscriptionServiceInterface>
-    userSubscriptionService.findRegularSubscriptionForUserUuid = jest
-      .fn()
-      .mockReturnValue({ regularSubscription, sharedSubscription: null })
-
-    subscriptionSettingService = {} as jest.Mocked<SubscriptionSettingServiceInterface>
-    subscriptionSettingService.findSubscriptionSettingWithDecryptedValue = jest.fn().mockReturnValue(null)
-    subscriptionSettingService.createOrReplace = jest.fn()
-
-    event = {} as jest.Mocked<FileRemovedEvent>
-    event.createdAt = new Date(1)
-    event.payload = {
-      userUuid: '1-2-3',
-      fileByteSize: 123,
-      filePath: '1-2-3/2-3-4',
-      fileName: '2-3-4',
-      regularSubscriptionUuid: '4-5-6',
-    }
-
-    logger = {} as jest.Mocked<Logger>
-    logger.warn = jest.fn()
-  })
-
-  it('should do nothing a bytes used setting does not exist', async () => {
-    await createHandler().handle(event)
-
-    expect(subscriptionSettingService.createOrReplace).not.toHaveBeenCalled()
-  })
-
-  it('should not do anything if a user subscription is not found', async () => {
-    subscriptionSettingService.findSubscriptionSettingWithDecryptedValue = jest.fn().mockReturnValue({
-      value: 345,
-    })
-    userSubscriptionService.findRegularSubscriptionForUserUuid = jest
-      .fn()
-      .mockReturnValue({ regularSubscription: null, sharedSubscription: null })
-
-    await createHandler().handle(event)
-
-    expect(subscriptionSettingService.createOrReplace).not.toHaveBeenCalled()
-  })
-
-  it('should update a bytes used setting', async () => {
-    subscriptionSettingService.findSubscriptionSettingWithDecryptedValue = jest.fn().mockReturnValue({
-      value: 345,
-    })
-    await createHandler().handle(event)
-
-    expect(subscriptionSettingService.createOrReplace).toHaveBeenCalledWith({
-      props: {
-        name: 'FILE_UPLOAD_BYTES_USED',
-        sensitive: false,
-        unencryptedValue: '222',
-        serverEncryptionVersion: 0,
-      },
-      user: regularUser,
-      userSubscription: {
-        uuid: '1-2-3',
-        subscriptionType: 'regular',
-        user: Promise.resolve(regularUser),
-      },
-    })
-  })
-
-  it('should update a bytes used setting on both shared and regular subscription', async () => {
-    userSubscriptionService.findRegularSubscriptionForUserUuid = jest
-      .fn()
-      .mockReturnValue({ regularSubscription, sharedSubscription })
-
-    subscriptionSettingService.findSubscriptionSettingWithDecryptedValue = jest.fn().mockReturnValue({
-      value: 345,
-    })
-    await createHandler().handle(event)
-
-    expect(subscriptionSettingService.createOrReplace).toHaveBeenNthCalledWith(1, {
-      props: {
-        name: 'FILE_UPLOAD_BYTES_USED',
-        sensitive: false,
-        unencryptedValue: '222',
-        serverEncryptionVersion: 0,
-      },
-      user: regularUser,
-      userSubscription: {
-        uuid: '1-2-3',
-        subscriptionType: 'regular',
-        user: Promise.resolve(regularUser),
-      },
-    })
-
-    expect(subscriptionSettingService.createOrReplace).toHaveBeenNthCalledWith(2, {
-      props: {
-        name: 'FILE_UPLOAD_BYTES_USED',
-        sensitive: false,
-        unencryptedValue: '222',
-        serverEncryptionVersion: 0,
-      },
-      user: sharedUser,
-      userSubscription: {
-        uuid: '2-3-4',
-        subscriptionType: 'shared',
-        user: Promise.resolve(sharedUser),
-      },
-    })
-  })
-})
@@ -1,63 +1,19 @@
 import { DomainEventHandlerInterface, FileRemovedEvent } from '@standardnotes/domain-events'
-import { SettingName } from '@standardnotes/settings'
-import { inject, injectable } from 'inversify'
 import { Logger } from 'winston'

-import TYPES from '../../Bootstrap/Types'
-import { EncryptionVersion } from '../Encryption/EncryptionVersion'
-import { SubscriptionSettingServiceInterface } from '../Setting/SubscriptionSettingServiceInterface'
-import { UserSubscription } from '../Subscription/UserSubscription'
-import { UserSubscriptionServiceInterface } from '../Subscription/UserSubscriptionServiceInterface'
+import { UpdateStorageQuotaUsedForUser } from '../UseCase/UpdateStorageQuotaUsedForUser/UpdateStorageQuotaUsedForUser'

-@injectable()
 export class FileRemovedEventHandler implements DomainEventHandlerInterface {
-  constructor(
-    @inject(TYPES.Auth_UserSubscriptionService) private userSubscriptionService: UserSubscriptionServiceInterface,
-    @inject(TYPES.Auth_SubscriptionSettingService)
-    private subscriptionSettingService: SubscriptionSettingServiceInterface,
-    @inject(TYPES.Auth_Logger) private logger: Logger,
-  ) {}
+  constructor(private updateStorageQuotaUsedForUserUseCase: UpdateStorageQuotaUsedForUser, private logger: Logger) {}

  async handle(event: FileRemovedEvent): Promise<void> {
-    const { regularSubscription, sharedSubscription } =
-      await this.userSubscriptionService.findRegularSubscriptionForUserUuid(event.payload.userUuid)
-    if (regularSubscription === null) {
-      this.logger.warn(`Could not find regular user subscription for user with uuid: ${event.payload.userUuid}`)
-
-      return
-    }
-
-    await this.updateUploadBytesUsedSetting(regularSubscription, event.payload.fileByteSize)
-
-    if (sharedSubscription !== null) {
-      await this.updateUploadBytesUsedSetting(sharedSubscription, event.payload.fileByteSize)
-    }
-  }
-
-  private async updateUploadBytesUsedSetting(subscription: UserSubscription, byteSize: number): Promise<void> {
-    const user = await subscription.user
-    const bytesUsedSetting = await this.subscriptionSettingService.findSubscriptionSettingWithDecryptedValue({
-      userUuid: user.uuid,
-      userSubscriptionUuid: subscription.uuid,
-      subscriptionSettingName: SettingName.create(SettingName.NAMES.FileUploadBytesUsed).getValue(),
+    const result = await this.updateStorageQuotaUsedForUserUseCase.execute({
+      userUuid: event.payload.userUuid,
+      bytesUsed: -event.payload.fileByteSize,
    })
-    if (bytesUsedSetting === null) {
-      this.logger.warn(`Could not find bytes used setting for user with uuid: ${user.uuid}`)

-      return
+    if (result.isFailed()) {
+      this.logger.error(`Failed to update storage quota used for user: ${result.getError()}`)
    }
-
-    const bytesUsed = bytesUsedSetting.value as string
-
-    await this.subscriptionSettingService.createOrReplace({
-      userSubscription: subscription,
-      user,
-      props: {
-        name: SettingName.NAMES.FileUploadBytesUsed,
-        unencryptedValue: (+bytesUsed - byteSize).toString(),
-        sensitive: false,
-        serverEncryptionVersion: EncryptionVersion.Unencrypted,
-      },
-    })
  }
 }
@@ -1,73 +1,19 @@
 import { DomainEventHandlerInterface, FileUploadedEvent } from '@standardnotes/domain-events'
-import { SettingName } from '@standardnotes/settings'
-import { inject, injectable } from 'inversify'
 import { Logger } from 'winston'

-import TYPES from '../../Bootstrap/Types'
-import { EncryptionVersion } from '../Encryption/EncryptionVersion'
-import { SubscriptionSettingServiceInterface } from '../Setting/SubscriptionSettingServiceInterface'
-import { UserSubscription } from '../Subscription/UserSubscription'
-import { UserSubscriptionServiceInterface } from '../Subscription/UserSubscriptionServiceInterface'
-import { UserRepositoryInterface } from '../User/UserRepositoryInterface'
-import { User } from '../User/User'
+import { UpdateStorageQuotaUsedForUser } from '../UseCase/UpdateStorageQuotaUsedForUser/UpdateStorageQuotaUsedForUser'

-@injectable()
 export class FileUploadedEventHandler implements DomainEventHandlerInterface {
-  constructor(
-    @inject(TYPES.Auth_UserRepository) private userRepository: UserRepositoryInterface,
-    @inject(TYPES.Auth_UserSubscriptionService) private userSubscriptionService: UserSubscriptionServiceInterface,
-    @inject(TYPES.Auth_SubscriptionSettingService)
-    private subscriptionSettingService: SubscriptionSettingServiceInterface,
-    @inject(TYPES.Auth_Logger) private logger: Logger,
-  ) {}
+  constructor(private updateStorageQuotaUsedForUserUseCase: UpdateStorageQuotaUsedForUser, private logger: Logger) {}

  async handle(event: FileUploadedEvent): Promise<void> {
-    const user = await this.userRepository.findOneByUuid(event.payload.userUuid)
-    if (user === null) {
-      this.logger.warn(`Could not find user with uuid: ${event.payload.userUuid}`)
-
-      return
-    }
-
-    const { regularSubscription, sharedSubscription } =
-      await this.userSubscriptionService.findRegularSubscriptionForUserUuid(event.payload.userUuid)
-    if (regularSubscription === null) {
-      this.logger.warn(`Could not find regular user subscription for user with uuid: ${event.payload.userUuid}`)
-
-      return
-    }
-
-    await this.updateUploadBytesUsedSetting(regularSubscription, user, event.payload.fileByteSize)
-
-    if (sharedSubscription !== null) {
-      await this.updateUploadBytesUsedSetting(sharedSubscription, user, event.payload.fileByteSize)
-    }
-  }
-
-  private async updateUploadBytesUsedSetting(
-    subscription: UserSubscription,
-    user: User,
-    byteSize: number,
-  ): Promise<void> {
-    let bytesUsed = '0'
-    const bytesUsedSetting = await this.subscriptionSettingService.findSubscriptionSettingWithDecryptedValue({
-      userUuid: (await subscription.user).uuid,
-      userSubscriptionUuid: subscription.uuid,
-      subscriptionSettingName: SettingName.create(SettingName.NAMES.FileUploadBytesUsed).getValue(),
+    const result = await this.updateStorageQuotaUsedForUserUseCase.execute({
+      userUuid: event.payload.userUuid,
+      bytesUsed: event.payload.fileByteSize,
    })
-    if (bytesUsedSetting !== null) {
-      bytesUsed = bytesUsedSetting.value as string
-    }

-    await this.subscriptionSettingService.createOrReplace({
-      userSubscription: subscription,
-      user,
-      props: {
-        name: SettingName.NAMES.FileUploadBytesUsed,
-        unencryptedValue: (+bytesUsed + byteSize).toString(),
-        sensitive: false,
-        serverEncryptionVersion: EncryptionVersion.Unencrypted,
-      },
-    })
+    if (result.isFailed()) {
+      this.logger.error(`Failed to update storage quota used for user: ${result.getError()}`)
+    }
  }
 }
@@ -0,0 +1,48 @@
+import { Logger } from 'winston'
+import { Result } from '@standardnotes/domain-core'
+import { PaymentsAccountDeletedEvent } from '@standardnotes/domain-events'
+
+import { DeleteAccount } from '../UseCase/DeleteAccount/DeleteAccount'
+import { PaymentsAccountDeletedEventHandler } from './PaymentsAccountDeletedEventHandler'
+
+describe('PaymentsAccountDeletedEventHandler', () => {
+  let deleteAccountUseCase: DeleteAccount
+  let logger: Logger
+  let event: PaymentsAccountDeletedEvent
+
+  const createHandler = () => new PaymentsAccountDeletedEventHandler(deleteAccountUseCase, logger)
+
+  beforeEach(() => {
+    deleteAccountUseCase = {} as jest.Mocked<DeleteAccount>
+    deleteAccountUseCase.execute = jest.fn().mockResolvedValue(Result.ok('success'))
+
+    logger = {} as jest.Mocked<Logger>
+    logger.error = jest.fn()
+
+    event = {
+      payload: {
+        username: 'username',
+      },
+    } as jest.Mocked<PaymentsAccountDeletedEvent>
+  })
+
+  it('should delete account', async () => {
+    const handler = createHandler()
+
+    await handler.handle(event)
+
+    expect(deleteAccountUseCase.execute).toHaveBeenCalledWith({
+      username: 'username',
+    })
+  })
+
+  it('should log error if delete account fails', async () => {
+    const handler = createHandler()
+
+    deleteAccountUseCase.execute = jest.fn().mockResolvedValue(Result.fail('error'))
+
+    await handler.handle(event)
+
+    expect(logger.error).toHaveBeenCalledWith('Failed to delete account for user username: error')
+  })
+})
@@ -0,0 +1,18 @@
+import { DomainEventHandlerInterface, PaymentsAccountDeletedEvent } from '@standardnotes/domain-events'
+import { Logger } from 'winston'
+
+import { DeleteAccount } from '../UseCase/DeleteAccount/DeleteAccount'
+
+export class PaymentsAccountDeletedEventHandler implements DomainEventHandlerInterface {
+  constructor(private deleteAccountUseCase: DeleteAccount, private logger: Logger) {}
+
+  async handle(event: PaymentsAccountDeletedEvent): Promise<void> {
+    const result = await this.deleteAccountUseCase.execute({
+      username: event.payload.username,
+    })
+
+    if (result.isFailed()) {
+      this.logger.error(`Failed to delete account for user ${event.payload.username}: ${result.getError()}`)
+    }
+  }
+}
@@ -0,0 +1,28 @@
+import { DomainEventHandlerInterface, SharedVaultFileMovedEvent } from '@standardnotes/domain-events'
+import { Logger } from 'winston'
+
+import { UpdateStorageQuotaUsedForUser } from '../UseCase/UpdateStorageQuotaUsedForUser/UpdateStorageQuotaUsedForUser'
+
+export class SharedVaultFileMovedEventHandler implements DomainEventHandlerInterface {
+  constructor(private updateStorageQuotaUsedForUserUseCase: UpdateStorageQuotaUsedForUser, private logger: Logger) {}
+
+  async handle(event: SharedVaultFileMovedEvent): Promise<void> {
+    const subtractResult = await this.updateStorageQuotaUsedForUserUseCase.execute({
+      userUuid: event.payload.from.ownerUuid,
+      bytesUsed: -event.payload.fileByteSize,
+    })
+
+    if (subtractResult.isFailed()) {
+      this.logger.error(`Failed to update storage quota used for user: ${subtractResult.getError()}`)
+    }
+
+    const addResult = await this.updateStorageQuotaUsedForUserUseCase.execute({
+      userUuid: event.payload.to.ownerUuid,
+      bytesUsed: event.payload.fileByteSize,
+    })
+
+    if (addResult.isFailed()) {
+      this.logger.error(`Failed to update storage quota used for user: ${addResult.getError()}`)
+    }
+  }
+}
@@ -0,0 +1,19 @@
+import { DomainEventHandlerInterface, SharedVaultFileRemovedEvent } from '@standardnotes/domain-events'
+import { Logger } from 'winston'
+
+import { UpdateStorageQuotaUsedForUser } from '../UseCase/UpdateStorageQuotaUsedForUser/UpdateStorageQuotaUsedForUser'
+
+export class SharedVaultFileRemovedEventHandler implements DomainEventHandlerInterface {
+  constructor(private updateStorageQuotaUsedForUserUseCase: UpdateStorageQuotaUsedForUser, private logger: Logger) {}
+
+  async handle(event: SharedVaultFileRemovedEvent): Promise<void> {
+    const result = await this.updateStorageQuotaUsedForUserUseCase.execute({
+      userUuid: event.payload.vaultOwnerUuid,
+      bytesUsed: -event.payload.fileByteSize,
+    })
+
+    if (result.isFailed()) {
+      this.logger.error(`Failed to update storage quota used for user: ${result.getError()}`)
+    }
+  }
+}
@@ -0,0 +1,19 @@
+import { DomainEventHandlerInterface, SharedVaultFileUploadedEvent } from '@standardnotes/domain-events'
+import { Logger } from 'winston'
+
+import { UpdateStorageQuotaUsedForUser } from '../UseCase/UpdateStorageQuotaUsedForUser/UpdateStorageQuotaUsedForUser'
+
+export class SharedVaultFileUploadedEventHandler implements DomainEventHandlerInterface {
+  constructor(private updateStorageQuotaUsedForUserUseCase: UpdateStorageQuotaUsedForUser, private logger: Logger) {}
+
+  async handle(event: SharedVaultFileUploadedEvent): Promise<void> {
+    const result = await this.updateStorageQuotaUsedForUserUseCase.execute({
+      userUuid: event.payload.vaultOwnerUuid,
+      bytesUsed: event.payload.fileByteSize,
+    })
+
+    if (result.isFailed()) {
+      this.logger.error(`Failed to update storage quota used for user: ${result.getError()}`)
+    }
+  }
+}
@@ -60,7 +60,7 @@ describe('SubscriptionExpiredEventHandler', () => {
    offlineUserSubscriptionRepository.updateEndsAt = jest.fn()

    roleService = {} as jest.Mocked<RoleServiceInterface>
-    roleService.removeUserRole = jest.fn()
+    roleService.removeUserRoleBasedOnSubscription = jest.fn()

    timestamp = dayjs.utc().valueOf()

@@ -86,7 +86,7 @@ describe('SubscriptionExpiredEventHandler', () => {
  it('should update the user role', async () => {
    await createHandler().handle(event)

-    expect(roleService.removeUserRole).toHaveBeenCalledWith(user, SubscriptionName.PlusPlan)
+    expect(roleService.removeUserRoleBasedOnSubscription).toHaveBeenCalledWith(user, SubscriptionName.PlusPlan)
  })

  it('should update subscription ends at', async () => {
@@ -108,7 +108,7 @@ describe('SubscriptionExpiredEventHandler', () => {

    await createHandler().handle(event)

-    expect(roleService.removeUserRole).not.toHaveBeenCalled()
+    expect(roleService.removeUserRoleBasedOnSubscription).not.toHaveBeenCalled()
    expect(userSubscriptionRepository.updateEndsAt).not.toHaveBeenCalled()
  })

@@ -117,7 +117,7 @@ describe('SubscriptionExpiredEventHandler', () => {

    await createHandler().handle(event)

-    expect(roleService.removeUserRole).not.toHaveBeenCalled()
+    expect(roleService.removeUserRoleBasedOnSubscription).not.toHaveBeenCalled()
    expect(userSubscriptionRepository.updateEndsAt).not.toHaveBeenCalled()
  })
 })
@@ -48,7 +48,7 @@ export class SubscriptionExpiredEventHandler implements DomainEventHandlerInterf
  private async removeRoleFromSubscriptionUsers(subscriptionId: number, subscriptionName: string): Promise<void> {
    const userSubscriptions = await this.userSubscriptionRepository.findBySubscriptionId(subscriptionId)
    for (const userSubscription of userSubscriptions) {
-      await this.roleService.removeUserRole(await userSubscription.user, subscriptionName)
+      await this.roleService.removeUserRoleBasedOnSubscription(await userSubscription.user, subscriptionName)
    }
  }

@@ -72,7 +72,7 @@ describe('SubscriptionPurchasedEventHandler', () => {
    offlineUserSubscriptionRepository.save = jest.fn().mockReturnValue(offlineUserSubscription)

    roleService = {} as jest.Mocked<RoleServiceInterface>
-    roleService.addUserRole = jest.fn()
+    roleService.addUserRoleBasedOnSubscription = jest.fn()
    roleService.setOfflineUserRole = jest.fn()

    subscriptionExpiresAt = timestamp + 365 * 1000
@@ -106,7 +106,7 @@ describe('SubscriptionPurchasedEventHandler', () => {
  it('should update the user role', async () => {
    await createHandler().handle(event)

-    expect(roleService.addUserRole).toHaveBeenCalledWith(user, SubscriptionName.ProPlan)
+    expect(roleService.addUserRoleBasedOnSubscription).toHaveBeenCalledWith(user, SubscriptionName.ProPlan)
  })

  it('should update user default settings', async () => {
@@ -162,7 +162,7 @@ describe('SubscriptionPurchasedEventHandler', () => {

    await createHandler().handle(event)

-    expect(roleService.addUserRole).not.toHaveBeenCalled()
+    expect(roleService.addUserRoleBasedOnSubscription).not.toHaveBeenCalled()
    expect(userSubscriptionRepository.save).not.toHaveBeenCalled()
  })

@@ -171,7 +171,7 @@ describe('SubscriptionPurchasedEventHandler', () => {

    await createHandler().handle(event)

-    expect(roleService.addUserRole).not.toHaveBeenCalled()
+    expect(roleService.addUserRoleBasedOnSubscription).not.toHaveBeenCalled()
    expect(userSubscriptionRepository.save).not.toHaveBeenCalled()
  })
 })
@@ -70,7 +70,7 @@ export class SubscriptionPurchasedEventHandler implements DomainEventHandlerInte
  }

  private async addUserRole(user: User, subscriptionName: string): Promise<void> {
-    await this.roleService.addUserRole(user, subscriptionName)
+    await this.roleService.addUserRoleBasedOnSubscription(user, subscriptionName)
  }

  private async createSubscription(
@@ -62,7 +62,7 @@ describe('SubscriptionReassignedEventHandler', () => {
    userSubscriptionRepository.save = jest.fn().mockReturnValue(subscription)

    roleService = {} as jest.Mocked<RoleServiceInterface>
-    roleService.addUserRole = jest.fn()
+    roleService.addUserRoleBasedOnSubscription = jest.fn()

    subscriptionExpiresAt = timestamp + 365 * 1000

@@ -100,7 +100,7 @@ describe('SubscriptionReassignedEventHandler', () => {
  it('should update the user role', async () => {
    await createHandler().handle(event)

-    expect(roleService.addUserRole).toHaveBeenCalledWith(user, SubscriptionName.ProPlan)
+    expect(roleService.addUserRoleBasedOnSubscription).toHaveBeenCalledWith(user, SubscriptionName.ProPlan)
  })

  it('should create subscription', async () => {
@@ -146,7 +146,7 @@ describe('SubscriptionReassignedEventHandler', () => {

    await createHandler().handle(event)

-    expect(roleService.addUserRole).not.toHaveBeenCalled()
+    expect(roleService.addUserRoleBasedOnSubscription).not.toHaveBeenCalled()
    expect(userSubscriptionRepository.save).not.toHaveBeenCalled()
  })

@@ -155,7 +155,7 @@ describe('SubscriptionReassignedEventHandler', () => {

    await createHandler().handle(event)

-    expect(roleService.addUserRole).not.toHaveBeenCalled()
+    expect(roleService.addUserRoleBasedOnSubscription).not.toHaveBeenCalled()
    expect(userSubscriptionRepository.save).not.toHaveBeenCalled()
  })
 })
@@ -67,7 +67,7 @@ export class SubscriptionReassignedEventHandler implements DomainEventHandlerInt
  }

  private async addUserRole(user: User, subscriptionName: string): Promise<void> {
-    await this.roleService.addUserRole(user, subscriptionName)
+    await this.roleService.addUserRoleBasedOnSubscription(user, subscriptionName)
  }

  private async createSubscription(
@@ -61,7 +61,7 @@ describe('SubscriptionRefundedEventHandler', () => {
    offlineUserSubscriptionRepository.updateEndsAt = jest.fn()

    roleService = {} as jest.Mocked<RoleServiceInterface>
-    roleService.removeUserRole = jest.fn()
+    roleService.removeUserRoleBasedOnSubscription = jest.fn()

    timestamp = dayjs.utc().valueOf()

@@ -87,7 +87,7 @@ describe('SubscriptionRefundedEventHandler', () => {
  it('should update the user role', async () => {
    await createHandler().handle(event)

-    expect(roleService.removeUserRole).toHaveBeenCalledWith(user, SubscriptionName.PlusPlan)
+    expect(roleService.removeUserRoleBasedOnSubscription).toHaveBeenCalledWith(user, SubscriptionName.PlusPlan)
  })

  it('should update subscription ends at', async () => {
@@ -109,7 +109,7 @@ describe('SubscriptionRefundedEventHandler', () => {

    await createHandler().handle(event)

-    expect(roleService.removeUserRole).not.toHaveBeenCalled()
+    expect(roleService.removeUserRoleBasedOnSubscription).not.toHaveBeenCalled()
    expect(userSubscriptionRepository.updateEndsAt).not.toHaveBeenCalled()
  })

@@ -118,7 +118,7 @@ describe('SubscriptionRefundedEventHandler', () => {

    await createHandler().handle(event)

-    expect(roleService.removeUserRole).not.toHaveBeenCalled()
+    expect(roleService.removeUserRoleBasedOnSubscription).not.toHaveBeenCalled()
    expect(userSubscriptionRepository.updateEndsAt).not.toHaveBeenCalled()
  })
 })
@@ -48,7 +48,7 @@ export class SubscriptionRefundedEventHandler implements DomainEventHandlerInter
  private async removeRoleFromSubscriptionUsers(subscriptionId: number, subscriptionName: string): Promise<void> {
    const userSubscriptions = await this.userSubscriptionRepository.findBySubscriptionId(subscriptionId)
    for (const userSubscription of userSubscriptions) {
-      await this.roleService.removeUserRole(await userSubscription.user, subscriptionName)
+      await this.roleService.removeUserRoleBasedOnSubscription(await userSubscription.user, subscriptionName)
    }
  }

@@ -67,7 +67,7 @@ describe('SubscriptionRenewedEventHandler', () => {
    offlineUserSubscriptionRepository.save = jest.fn().mockReturnValue(offlineUserSubscription)

    roleService = {} as jest.Mocked<RoleServiceInterface>
-    roleService.addUserRole = jest.fn()
+    roleService.addUserRoleBasedOnSubscription = jest.fn()
    roleService.setOfflineUserRole = jest.fn()

    timestamp = dayjs.utc().valueOf()
@@ -107,7 +107,7 @@ describe('SubscriptionRenewedEventHandler', () => {
  it('should update the user role', async () => {
    await createHandler().handle(event)

-    expect(roleService.addUserRole).toHaveBeenCalledWith(user, SubscriptionName.ProPlan)
+    expect(roleService.addUserRoleBasedOnSubscription).toHaveBeenCalledWith(user, SubscriptionName.ProPlan)
  })

  it('should update the offline user role', async () => {
@@ -123,7 +123,7 @@ describe('SubscriptionRenewedEventHandler', () => {

    await createHandler().handle(event)

-    expect(roleService.addUserRole).not.toHaveBeenCalled()
+    expect(roleService.addUserRoleBasedOnSubscription).not.toHaveBeenCalled()
    expect(userSubscriptionRepository.save).not.toHaveBeenCalled()
  })

@@ -132,7 +132,7 @@ describe('SubscriptionRenewedEventHandler', () => {

    await createHandler().handle(event)

-    expect(roleService.addUserRole).not.toHaveBeenCalled()
+    expect(roleService.addUserRoleBasedOnSubscription).not.toHaveBeenCalled()
    expect(userSubscriptionRepository.save).not.toHaveBeenCalled()
  })

@@ -143,7 +143,7 @@ describe('SubscriptionRenewedEventHandler', () => {

    await createHandler().handle(event)

-    expect(roleService.addUserRole).not.toHaveBeenCalled()
+    expect(roleService.addUserRoleBasedOnSubscription).not.toHaveBeenCalled()
    expect(userSubscriptionRepository.save).not.toHaveBeenCalled()
  })
 })
@@ -73,7 +73,7 @@ export class SubscriptionRenewedEventHandler implements DomainEventHandlerInterf
    for (const userSubscription of userSubscriptions) {
      const user = await userSubscription.user

-      await this.roleService.addUserRole(user, subscriptionName)
+      await this.roleService.addUserRoleBasedOnSubscription(user, subscriptionName)
    }
  }

@@ -88,7 +88,7 @@ describe('SubscriptionSyncRequestedEventHandler', () => {
    })

    roleService = {} as jest.Mocked<RoleServiceInterface>
-    roleService.addUserRole = jest.fn()
+    roleService.addUserRoleBasedOnSubscription = jest.fn()
    roleService.setOfflineUserRole = jest.fn()

    subscriptionExpiresAt = timestamp + 365 * 1000
@@ -121,7 +121,7 @@ describe('SubscriptionSyncRequestedEventHandler', () => {
  it('should update the user role', async () => {
    await createHandler().handle(event)

-    expect(roleService.addUserRole).toHaveBeenCalledWith(user, SubscriptionName.ProPlan)
+    expect(roleService.addUserRoleBasedOnSubscription).toHaveBeenCalledWith(user, SubscriptionName.ProPlan)
  })

  it('should update user default settings', async () => {
@@ -243,7 +243,7 @@ describe('SubscriptionSyncRequestedEventHandler', () => {

    await createHandler().handle(event)

-    expect(roleService.addUserRole).not.toHaveBeenCalled()
+    expect(roleService.addUserRoleBasedOnSubscription).not.toHaveBeenCalled()
    expect(userSubscriptionRepository.save).not.toHaveBeenCalled()
  })

@@ -252,7 +252,7 @@ describe('SubscriptionSyncRequestedEventHandler', () => {

    await createHandler().handle(event)

-    expect(roleService.addUserRole).not.toHaveBeenCalled()
+    expect(roleService.addUserRoleBasedOnSubscription).not.toHaveBeenCalled()
    expect(userSubscriptionRepository.save).not.toHaveBeenCalled()
  })
 })
@@ -93,7 +93,7 @@ export class SubscriptionSyncRequestedEventHandler implements DomainEventHandler
      event.payload.timestamp,
    )

-    await this.roleService.addUserRole(user, event.payload.subscriptionName)
+    await this.roleService.addUserRoleBasedOnSubscription(user, event.payload.subscriptionName)

    await this.subscriptionSettingService.applyDefaultSubscriptionSettingsForSubscription(userSubscription)

@@ -0,0 +1,18 @@
+import { DomainEventHandlerInterface, TransitionStatusUpdatedEvent } from '@standardnotes/domain-events'
+import { UpdateTransitionStatus } from '../UseCase/UpdateTransitionStatus/UpdateTransitionStatus'
+import { Logger } from 'winston'
+
+export class TransitionStatusUpdatedEventHandler implements DomainEventHandlerInterface {
+  constructor(private updateTransitionStatusUseCase: UpdateTransitionStatus, private logger: Logger) {}
+
+  async handle(event: TransitionStatusUpdatedEvent): Promise<void> {
+    const result = await this.updateTransitionStatusUseCase.execute({
+      status: event.payload.status,
+      userUuid: event.payload.userUuid,
+    })
+
+    if (result.isFailed()) {
+      this.logger.error(`Failed to update transition status for user ${event.payload.userUuid}`)
+    }
+  }
+}
--- a/Show More
+++ b/Show More