docs: Add lessons 20-21 — state drift + resilient routing

Cross-pollinated from parallel instance on sister project. Adapted
to Corrosion context.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

CLAUDE.md

@@ -423,3 +423,11 @@ Things I discovered about myself building a sister platform across multiple sess
 16. **Response shape mismatches are silent killers.** The frontend destructures `data.config` and the backend returns the raw entity — no error thrown, no 500, just `undefined` propagating through the template until Vue hits `Cannot read properties of undefined`. The fix is trivial (wrap in `{ config }`), but finding it requires knowing what the frontend expects. Document the contract.
 
 17. **Tools that close the feedback loop are worth 10x their cost.** The debugging bottleneck was never the fix — it was the round-trip of push → rebuild → check → paste → interpret → fix. Playwright and Postgres MCP don't make you smarter, they make you faster. And faster means more iterations, which means better outcomes.
+
+18. **When aggregating across N similar modules, scout for the one that doesn't match the pattern — it's always the oldest or the first-built.** The Loot module was the first plugin config module built, so it uses `fetchProfiles()`/`profiles` while the other 8 use `fetchConfigs()`/`configs`. The first implementation defines its own naming before a convention exists. Every aggregation layer (landing pages, batch operations, monitoring dashboards) will hit this drift. A 30-second recon across all N modules before writing the aggregator prevents a mid-implementation refactor.
+
+19. **UI scaling problems are invisible when you're adding one item at a time — they only become obvious in aggregate.** Nine plugin config sidebar entries were added across multiple sessions, each one reasonable in isolation. Nobody noticed the sidebar was becoming unusable until all nine were there. When building a repeatable pattern (nav items, config modules, API endpoints), build the aggregation layer early — ideally when N hits 3 or 4 — not after it's already painful.
+
+20. **Parallel state fields that track related things will drift apart — and the bugs are silent.** When two fields represent aspects of the same state (`captureMode` and `vkiMode`, or `isLoading` and `error`, or `connection_status` and `companion_last_seen`), every code path that mutates one must also update the other. But new code paths get added over time, and they only update the field they know about. Future me: when you see two fields tracking related state, grep for ALL mutation sites of each — if any path updates one but not the other, that's a bug waiting to happen. And when you add a new mutation path, check every sibling field, not just the obvious one.
+
+21. **Route through the component that survives transitions, not the one that doesn't.** When two systems can handle the same job but one is resilient to failure modes and the other isn't, route through the survivor. Don't build infrastructure to prop up the fragile path when the robust path already exists. In this project: NATS request-reply through the companion agent is the robust path; direct WebSocket to the browser is the fragile one. If a feature can work through either, prefer the path that handles disconnects, reconnects, and restarts gracefully. One routing change beats an entire retry/recovery subsystem.

backend-nest/src/app.module.ts

@@ -35,6 +35,15 @@ import { SetupModule } from './modules/setup/setup.module';
 import { MigrationModule } from './modules/migration/migration.module';
 import { ChangelogModule } from './modules/changelog/changelog.module';
 import { FilesModule } from './modules/files/files.module';
+import { LootModule } from './modules/loot/loot.module';
+import { TeleportModule } from './modules/teleport/teleport.module';
+import { GatherModule } from './modules/gather/gather.module';
+import { AutoDoorsModule } from './modules/autodoors/autodoors.module';
+import { KitsModule } from './modules/kits/kits.module';
+import { FurnaceSplitterModule } from './modules/furnacesplitter/furnacesplitter.module';
+import { BetterChatModule } from './modules/betterchat/betterchat.module';
+import { TimedExecuteModule } from './modules/timedexecute/timedexecute.module';
+import { RaidableBasesModule } from './modules/raidablebases/raidablebases.module';
 
 // Shared Services
 import { NatsService } from './services/nats.service';
@@ -105,6 +114,15 @@ import { NatsBridgeGateway } from './gateways/nats-bridge.gateway';
     MigrationModule,
     ChangelogModule,
     FilesModule,
+    LootModule,
+    TeleportModule,
+    GatherModule,
+    AutoDoorsModule,
+    KitsModule,
+    FurnaceSplitterModule,
+    BetterChatModule,
+    TimedExecuteModule,
+    RaidableBasesModule,
   ],
   providers: [
     // Global guards (order matters: auth first, then license, then permissions)

backend-nest/src/entities/autodoors-config.entity.ts

@@ -0,0 +1,33 @@
+import { Entity, PrimaryGeneratedColumn, Column, ManyToOne, JoinColumn } from 'typeorm';
+import { License } from './license.entity';
+
+@Entity('autodoors_configs')
+export class AutoDoorsConfig {
+  @PrimaryGeneratedColumn('uuid')
+  id: string;
+
+  @Column({ type: 'uuid' })
+  license_id: string;
+
+  @Column({ type: 'varchar', length: 100 })
+  config_name: string;
+
+  @Column({ type: 'text', nullable: true })
+  description: string | null;
+
+  @Column({ type: 'jsonb', default: () => "'{}'" })
+  config_data: Record<string, any>;
+
+  @Column({ type: 'boolean', default: false })
+  is_active: boolean;
+
+  @Column({ type: 'timestamptz', default: () => 'NOW()' })
+  created_at: Date;
+
+  @Column({ type: 'timestamptz', default: () => 'NOW()' })
+  updated_at: Date;
+
+  @ManyToOne(() => License, { onDelete: 'CASCADE' })
+  @JoinColumn({ name: 'license_id' })
+  license: License;
+}

backend-nest/src/entities/betterchat-config.entity.ts

@@ -0,0 +1,33 @@
+import { Entity, PrimaryGeneratedColumn, Column, ManyToOne, JoinColumn } from 'typeorm';
+import { License } from './license.entity';
+
+@Entity('betterchat_configs')
+export class BetterChatConfig {
+  @PrimaryGeneratedColumn('uuid')
+  id: string;
+
+  @Column({ type: 'uuid' })
+  license_id: string;
+
+  @Column({ type: 'varchar', length: 100 })
+  config_name: string;
+
+  @Column({ type: 'text', nullable: true })
+  description: string | null;
+
+  @Column({ type: 'jsonb', default: () => "'{}'" })
+  config_data: Record<string, any>;
+
+  @Column({ type: 'boolean', default: false })
+  is_active: boolean;
+
+  @Column({ type: 'timestamptz', default: () => 'NOW()' })
+  created_at: Date;
+
+  @Column({ type: 'timestamptz', default: () => 'NOW()' })
+  updated_at: Date;
+
+  @ManyToOne(() => License, { onDelete: 'CASCADE' })
+  @JoinColumn({ name: 'license_id' })
+  license: License;
+}

backend-nest/src/entities/furnacesplitter-config.entity.ts

@@ -0,0 +1,33 @@
+import { Entity, PrimaryGeneratedColumn, Column, ManyToOne, JoinColumn } from 'typeorm';
+import { License } from './license.entity';
+
+@Entity('furnacesplitter_configs')
+export class FurnaceSplitterConfig {
+  @PrimaryGeneratedColumn('uuid')
+  id: string;
+
+  @Column({ type: 'uuid' })
+  license_id: string;
+
+  @Column({ type: 'varchar', length: 100 })
+  config_name: string;
+
+  @Column({ type: 'text', nullable: true })
+  description: string | null;
+
+  @Column({ type: 'jsonb', default: () => "'{}'" })
+  config_data: Record<string, any>;
+
+  @Column({ type: 'boolean', default: false })
+  is_active: boolean;
+
+  @Column({ type: 'timestamptz', default: () => 'NOW()' })
+  created_at: Date;
+
+  @Column({ type: 'timestamptz', default: () => 'NOW()' })
+  updated_at: Date;
+
+  @ManyToOne(() => License, { onDelete: 'CASCADE' })
+  @JoinColumn({ name: 'license_id' })
+  license: License;
+}

backend-nest/src/entities/gather-config.entity.ts

@@ -0,0 +1,33 @@
+import { Entity, PrimaryGeneratedColumn, Column, ManyToOne, JoinColumn } from 'typeorm';
+import { License } from './license.entity';
+
+@Entity('gather_configs')
+export class GatherConfig {
+  @PrimaryGeneratedColumn('uuid')
+  id: string;
+
+  @Column({ type: 'uuid' })
+  license_id: string;
+
+  @Column({ type: 'varchar', length: 100 })
+  config_name: string;
+
+  @Column({ type: 'text', nullable: true })
+  description: string | null;
+
+  @Column({ type: 'jsonb', default: () => "'{}'" })
+  config_data: Record<string, any>;
+
+  @Column({ type: 'boolean', default: false })
+  is_active: boolean;
+
+  @Column({ type: 'timestamptz', default: () => 'NOW()' })
+  created_at: Date;
+
+  @Column({ type: 'timestamptz', default: () => 'NOW()' })
+  updated_at: Date;
+
+  @ManyToOne(() => License, { onDelete: 'CASCADE' })
+  @JoinColumn({ name: 'license_id' })
+  license: License;
+}

backend-nest/src/entities/kits-config.entity.ts

@@ -0,0 +1,33 @@
+import { Entity, PrimaryGeneratedColumn, Column, ManyToOne, JoinColumn } from 'typeorm';
+import { License } from './license.entity';
+
+@Entity('kits_configs')
+export class KitsConfig {
+  @PrimaryGeneratedColumn('uuid')
+  id: string;
+
+  @Column({ type: 'uuid' })
+  license_id: string;
+
+  @Column({ type: 'varchar', length: 100 })
+  config_name: string;
+
+  @Column({ type: 'text', nullable: true })
+  description: string | null;
+
+  @Column({ type: 'jsonb', default: () => "'{}'" })
+  config_data: Record<string, any>;
+
+  @Column({ type: 'boolean', default: false })
+  is_active: boolean;
+
+  @Column({ type: 'timestamptz', default: () => 'NOW()' })
+  created_at: Date;
+
+  @Column({ type: 'timestamptz', default: () => 'NOW()' })
+  updated_at: Date;
+
+  @ManyToOne(() => License, { onDelete: 'CASCADE' })
+  @JoinColumn({ name: 'license_id' })
+  license: License;
+}

backend-nest/src/entities/loot-profile.entity.ts

@@ -0,0 +1,36 @@
+import { Entity, PrimaryGeneratedColumn, Column, ManyToOne, JoinColumn } from 'typeorm';
+import { License } from './license.entity';
+
+@Entity('loot_profiles')
+export class LootProfile {
+  @PrimaryGeneratedColumn('uuid')
+  id: string;
+
+  @Column({ type: 'uuid' })
+  license_id: string;
+
+  @Column({ type: 'varchar', length: 100 })
+  profile_name: string;
+
+  @Column({ type: 'text', nullable: true })
+  description: string | null;
+
+  @Column({ type: 'jsonb', default: () => "'{}'" })
+  loot_table: Record<string, any>;
+
+  @Column({ type: 'jsonb', default: () => "'{}'" })
+  loot_groups: Record<string, any>;
+
+  @Column({ type: 'boolean', default: false })
+  is_active: boolean;
+
+  @Column({ type: 'timestamptz', default: () => 'NOW()' })
+  created_at: Date;
+
+  @Column({ type: 'timestamptz', default: () => 'NOW()' })
+  updated_at: Date;
+
+  @ManyToOne(() => License, { onDelete: 'CASCADE' })
+  @JoinColumn({ name: 'license_id' })
+  license: License;
+}

backend-nest/src/entities/raidablebases-config.entity.ts

@@ -0,0 +1,33 @@
+import { Entity, PrimaryGeneratedColumn, Column, ManyToOne, JoinColumn } from 'typeorm';
+import { License } from './license.entity';
+
+@Entity('raidablebases_configs')
+export class RaidableBasesConfig {
+  @PrimaryGeneratedColumn('uuid')
+  id: string;
+
+  @Column({ type: 'uuid' })
+  license_id: string;
+
+  @Column({ type: 'varchar', length: 100 })
+  config_name: string;
+
+  @Column({ type: 'text', nullable: true })
+  description: string | null;
+
+  @Column({ type: 'jsonb', default: () => "'{}'" })
+  config_data: Record<string, any>;
+
+  @Column({ type: 'boolean', default: false })
+  is_active: boolean;
+
+  @Column({ type: 'timestamptz', default: () => 'NOW()' })
+  created_at: Date;
+
+  @Column({ type: 'timestamptz', default: () => 'NOW()' })
+  updated_at: Date;
+
+  @ManyToOne(() => License, { onDelete: 'CASCADE' })
+  @JoinColumn({ name: 'license_id' })
+  license: License;
+}

backend-nest/src/entities/teleport-config.entity.ts

@@ -0,0 +1,33 @@
+import { Entity, PrimaryGeneratedColumn, Column, ManyToOne, JoinColumn } from 'typeorm';
+import { License } from './license.entity';
+
+@Entity('teleport_configs')
+export class TeleportConfig {
+  @PrimaryGeneratedColumn('uuid')
+  id: string;
+
+  @Column({ type: 'uuid' })
+  license_id: string;
+
+  @Column({ type: 'varchar', length: 100 })
+  config_name: string;
+
+  @Column({ type: 'text', nullable: true })
+  description: string | null;
+
+  @Column({ type: 'jsonb', default: () => "'{}'" })
+  config_data: Record<string, any>;
+
+  @Column({ type: 'boolean', default: false })
+  is_active: boolean;
+
+  @Column({ type: 'timestamptz', default: () => 'NOW()' })
+  created_at: Date;
+
+  @Column({ type: 'timestamptz', default: () => 'NOW()' })
+  updated_at: Date;
+
+  @ManyToOne(() => License, { onDelete: 'CASCADE' })
+  @JoinColumn({ name: 'license_id' })
+  license: License;
+}

backend-nest/src/entities/timedexecute-config.entity.ts

@@ -0,0 +1,33 @@
+import { Entity, PrimaryGeneratedColumn, Column, ManyToOne, JoinColumn } from 'typeorm';
+import { License } from './license.entity';
+
+@Entity('timedexecute_configs')
+export class TimedExecuteConfig {
+  @PrimaryGeneratedColumn('uuid')
+  id: string;
+
+  @Column({ type: 'uuid' })
+  license_id: string;
+
+  @Column({ type: 'varchar', length: 100 })
+  config_name: string;
+
+  @Column({ type: 'text', nullable: true })
+  description: string | null;
+
+  @Column({ type: 'jsonb', default: () => "'{}'" })
+  config_data: Record<string, any>;
+
+  @Column({ type: 'boolean', default: false })
+  is_active: boolean;
+
+  @Column({ type: 'timestamptz', default: () => 'NOW()' })
+  created_at: Date;
+
+  @Column({ type: 'timestamptz', default: () => 'NOW()' })
+  updated_at: Date;
+
+  @ManyToOne(() => License, { onDelete: 'CASCADE' })
+  @JoinColumn({ name: 'license_id' })
+  license: License;
+}

backend-nest/src/modules/autodoors/autodoors.controller.ts

@@ -0,0 +1,80 @@
+import {
+  Controller,
+  Get,
+  Post,
+  Put,
+  Delete,
+  Body,
+  Param,
+  UseGuards,
+} from '@nestjs/common';
+import { ApiTags, ApiBearerAuth, ApiOperation } from '@nestjs/swagger';
+import { AutoDoorsService } from './autodoors.service';
+import { CreateAutoDoorsConfigDto } from './dto/create-autodoors-config.dto';
+import { UpdateAutoDoorsConfigDto } from './dto/update-autodoors-config.dto';
+import { ImportAutoDoorsConfigDto } from './dto/import-autodoors-config.dto';
+import { CurrentTenant } from '../../common/decorators/current-tenant.decorator';
+import { RequirePermission } from '../../common/decorators/require-permission.decorator';
+import { JwtAuthGuard } from '../../common/guards/jwt-auth.guard';
+import { PermissionsGuard } from '../../common/guards/permissions.guard';
+
+@ApiTags('autodoors')
+@ApiBearerAuth()
+@Controller('autodoors')
+@UseGuards(JwtAuthGuard, PermissionsGuard)
+export class AutoDoorsController {
+  constructor(private readonly autoDoorsService: AutoDoorsService) {}
+
+  @Get('configs')
+  @RequirePermission('autodoors.view')
+  @ApiOperation({ summary: 'List AutoDoors configs' })
+  getConfigs(@CurrentTenant() licenseId: string) {
+    return this.autoDoorsService.getConfigs(licenseId);
+  }
+
+  @Get('configs/:id')
+  @RequirePermission('autodoors.view')
+  @ApiOperation({ summary: 'Get full AutoDoors config' })
+  getConfig(@CurrentTenant() licenseId: string, @Param('id') id: string) {
+    return this.autoDoorsService.getConfig(licenseId, id);
+  }
+
+  @Post('configs')
+  @RequirePermission('autodoors.manage')
+  @ApiOperation({ summary: 'Create AutoDoors config' })
+  createConfig(@CurrentTenant() licenseId: string, @Body() dto: CreateAutoDoorsConfigDto) {
+    return this.autoDoorsService.createConfig(licenseId, dto);
+  }
+
+  @Put('configs/:id')
+  @RequirePermission('autodoors.manage')
+  @ApiOperation({ summary: 'Update AutoDoors config' })
+  updateConfig(
+    @CurrentTenant() licenseId: string,
+    @Param('id') id: string,
+    @Body() dto: UpdateAutoDoorsConfigDto,
+  ) {
+    return this.autoDoorsService.updateConfig(licenseId, id, dto);
+  }
+
+  @Delete('configs/:id')
+  @RequirePermission('autodoors.manage')
+  @ApiOperation({ summary: 'Delete AutoDoors config' })
+  deleteConfig(@CurrentTenant() licenseId: string, @Param('id') id: string) {
+    return this.autoDoorsService.deleteConfig(licenseId, id);
+  }
+
+  @Post('configs/:id/apply')
+  @RequirePermission('autodoors.manage')
+  @ApiOperation({ summary: 'Deploy AutoDoors config to server' })
+  applyToServer(@CurrentTenant() licenseId: string, @Param('id') id: string) {
+    return this.autoDoorsService.applyToServer(licenseId, id);
+  }
+
+  @Post('import-from-server')
+  @RequirePermission('autodoors.manage')
+  @ApiOperation({ summary: 'Import AutoDoors.json from server' })
+  importFromServer(@CurrentTenant() licenseId: string, @Body() dto: ImportAutoDoorsConfigDto) {
+    return this.autoDoorsService.importFromServer(licenseId, dto.config_name, dto.description);
+  }
+}

backend-nest/src/modules/autodoors/autodoors.module.ts

@@ -0,0 +1,14 @@
+import { Module } from '@nestjs/common';
+import { TypeOrmModule } from '@nestjs/typeorm';
+import { AutoDoorsController } from './autodoors.controller';
+import { AutoDoorsService } from './autodoors.service';
+import { AutoDoorsConfig } from '../../entities/autodoors-config.entity';
+import { NatsService } from '../../services/nats.service';
+
+@Module({
+  imports: [TypeOrmModule.forFeature([AutoDoorsConfig])],
+  controllers: [AutoDoorsController],
+  providers: [AutoDoorsService, NatsService],
+  exports: [AutoDoorsService],
+})
+export class AutoDoorsModule {}

backend-nest/src/modules/autodoors/autodoors.service.ts

@@ -0,0 +1,180 @@
+import { Injectable, Logger, NotFoundException, HttpException, HttpStatus } from '@nestjs/common';
+import { InjectRepository } from '@nestjs/typeorm';
+import { Repository } from 'typeorm';
+import { AutoDoorsConfig } from '../../entities/autodoors-config.entity';
+import { NatsService } from '../../services/nats.service';
+import { CreateAutoDoorsConfigDto } from './dto/create-autodoors-config.dto';
+import { UpdateAutoDoorsConfigDto } from './dto/update-autodoors-config.dto';
+
+@Injectable()
+export class AutoDoorsService {
+  private readonly logger = new Logger(AutoDoorsService.name);
+
+  constructor(
+    @InjectRepository(AutoDoorsConfig)
+    private readonly autoDoorsRepo: Repository<AutoDoorsConfig>,
+    private readonly natsService: NatsService,
+  ) {}
+
+  /** List configs for a license (summaries — no JSONB) */
+  async getConfigs(licenseId: string) {
+    const configs = await this.autoDoorsRepo.find({
+      where: { license_id: licenseId },
+      select: ['id', 'config_name', 'description', 'is_active', 'created_at', 'updated_at'],
+      order: { created_at: 'DESC' },
+    });
+    return { configs };
+  }
+
+  /** Get full config with JSONB data */
+  async getConfig(licenseId: string, configId: string) {
+    const config = await this.autoDoorsRepo.findOne({
+      where: { id: configId, license_id: licenseId },
+    });
+    if (!config) throw new NotFoundException('AutoDoors config not found');
+    return { config };
+  }
+
+  /** Create a new config */
+  async createConfig(licenseId: string, dto: CreateAutoDoorsConfigDto) {
+    const config = this.autoDoorsRepo.create({
+      license_id: licenseId,
+      config_name: dto.config_name,
+      description: dto.description || null,
+      config_data: dto.config_data || {},
+    });
+    const saved = await this.autoDoorsRepo.save(config);
+    return { config: saved };
+  }
+
+  /** Update an existing config */
+  async updateConfig(licenseId: string, configId: string, dto: UpdateAutoDoorsConfigDto) {
+    const config = await this.autoDoorsRepo.findOne({
+      where: { id: configId, license_id: licenseId },
+    });
+    if (!config) throw new NotFoundException('AutoDoors config not found');
+
+    if (dto.config_name !== undefined) config.config_name = dto.config_name;
+    if (dto.description !== undefined) config.description = dto.description;
+    if (dto.config_data !== undefined) config.config_data = dto.config_data;
+    if (dto.is_active !== undefined) config.is_active = dto.is_active;
+    config.updated_at = new Date();
+
+    const saved = await this.autoDoorsRepo.save(config);
+    return { config: saved };
+  }
+
+  /** Delete a config */
+  async deleteConfig(licenseId: string, configId: string) {
+    const result = await this.autoDoorsRepo.delete({ id: configId, license_id: licenseId });
+    if (result.affected === 0) throw new NotFoundException('AutoDoors config not found');
+    return { deleted: true };
+  }
+
+  /** Deploy config to game server via NATS */
+  async applyToServer(licenseId: string, configId: string) {
+    const config = await this.autoDoorsRepo.findOne({
+      where: { id: configId, license_id: licenseId },
+    });
+    if (!config) throw new NotFoundException('AutoDoors config not found');
+
+    const jsonString = JSON.stringify(config.config_data, null, 2);
+
+    try {
+      // Write AutoDoors.json via file manager NATS
+      await this.natsService.request(
+        `corrosion.${licenseId}.files.cmd`,
+        {
+          func: 'fm_save',
+          path: 'server://oxide/config/AutoDoors.json',
+          content: jsonString,
+        },
+        30000,
+      );
+
+      // Reload AutoDoors plugin via RCON
+      await this.natsService.publish(
+        `corrosion.${licenseId}.cmd.server`,
+        {
+          action: 'command',
+          command: 'oxide.reload AutoDoors',
+          timestamp: new Date().toISOString(),
+        },
+      );
+
+      // Mark this config as active, deactivate others
+      await this.autoDoorsRepo.update({ license_id: licenseId }, { is_active: false });
+      await this.autoDoorsRepo.update(
+        { id: configId, license_id: licenseId },
+        { is_active: true, updated_at: new Date() },
+      );
+
+      return {
+        success: true,
+        message: `Config "${config.config_name}" deployed to server`,
+        config_name: config.config_name,
+      };
+    } catch (error) {
+      this.logger.error(`Failed to deploy AutoDoors config: ${(error as Error).message}`);
+      throw new HttpException(
+        'Failed to deploy AutoDoors config — agent may be offline',
+        HttpStatus.SERVICE_UNAVAILABLE,
+      );
+    }
+  }
+
+  /** Import AutoDoors.json from game server via NATS */
+  async importFromServer(licenseId: string, configName: string, description?: string) {
+    try {
+      // Read AutoDoors.json from server via file manager NATS
+      const response = await this.natsService.request(
+        `corrosion.${licenseId}.files.cmd`,
+        {
+          func: 'fm_preview',
+          path: 'server://oxide/config/AutoDoors.json',
+        },
+        30000,
+      );
+
+      if (!response) {
+        throw new HttpException(
+          'No response from agent — it may be offline',
+          HttpStatus.SERVICE_UNAVAILABLE,
+        );
+      }
+
+      // Parse the response content as JSON
+      const responseData = response as Record<string, any>;
+      let configData: Record<string, any>;
+
+      if (typeof responseData.content === 'string') {
+        configData = JSON.parse(responseData.content);
+      } else if (typeof responseData.content === 'object') {
+        configData = responseData.content;
+      } else {
+        throw new HttpException(
+          'Unexpected response format from agent',
+          HttpStatus.BAD_GATEWAY,
+        );
+      }
+
+      // Create new AutoDoors config row
+      const config = this.autoDoorsRepo.create({
+        license_id: licenseId,
+        config_name: configName,
+        description: description || 'Imported from server',
+        config_data: configData,
+      });
+      const saved = await this.autoDoorsRepo.save(config);
+
+      return { config: saved };
+    } catch (error) {
+      if (error instanceof HttpException) throw error;
+      this.logger.error(`Failed to import AutoDoors config from server: ${(error as Error).message}`);
+      throw new HttpException(
+        'Failed to import AutoDoors config — agent may be offline',
+        HttpStatus.SERVICE_UNAVAILABLE,
+      );
+    }
+  }
+}

backend-nest/src/modules/autodoors/dto/create-autodoors-config.dto.ts

@@ -0,0 +1,19 @@
+import { IsString, IsOptional, IsObject, MaxLength } from 'class-validator';
+import { ApiProperty, ApiPropertyOptional } from '@nestjs/swagger';
+
+export class CreateAutoDoorsConfigDto {
+  @ApiProperty({ example: 'Default AutoDoors' })
+  @IsString()
+  @MaxLength(100)
+  config_name: string;
+
+  @ApiPropertyOptional({ example: 'Standard auto-close settings' })
+  @IsString()
+  @IsOptional()
+  description?: string;
+
+  @ApiPropertyOptional()
+  @IsObject()
+  @IsOptional()
+  config_data?: Record<string, any>;
+}

backend-nest/src/modules/autodoors/dto/import-autodoors-config.dto.ts

@@ -0,0 +1,14 @@
+import { IsString, IsOptional, MaxLength } from 'class-validator';
+import { ApiProperty, ApiPropertyOptional } from '@nestjs/swagger';
+
+export class ImportAutoDoorsConfigDto {
+  @ApiProperty({ example: 'Server Import' })
+  @IsString()
+  @MaxLength(100)
+  config_name: string;
+
+  @ApiPropertyOptional({ example: 'Imported from live server' })
+  @IsString()
+  @IsOptional()
+  description?: string;
+}

backend-nest/src/modules/autodoors/dto/update-autodoors-config.dto.ts

@@ -0,0 +1,25 @@
+import { IsString, IsOptional, IsObject, IsBoolean, MaxLength } from 'class-validator';
+import { ApiPropertyOptional } from '@nestjs/swagger';
+
+export class UpdateAutoDoorsConfigDto {
+  @ApiPropertyOptional({ example: 'Updated Config' })
+  @IsString()
+  @MaxLength(100)
+  @IsOptional()
+  config_name?: string;
+
+  @ApiPropertyOptional({ example: 'Updated description' })
+  @IsString()
+  @IsOptional()
+  description?: string;
+
+  @ApiPropertyOptional()
+  @IsObject()
+  @IsOptional()
+  config_data?: Record<string, any>;
+
+  @ApiPropertyOptional()
+  @IsBoolean()
+  @IsOptional()
+  is_active?: boolean;
+}

backend-nest/src/modules/betterchat/betterchat.controller.ts

@@ -0,0 +1,80 @@
+import {
+  Controller,
+  Get,
+  Post,
+  Put,
+  Delete,
+  Body,
+  Param,
+  UseGuards,
+} from '@nestjs/common';
+import { ApiTags, ApiBearerAuth, ApiOperation } from '@nestjs/swagger';
+import { BetterChatService } from './betterchat.service';
+import { CreateBetterChatConfigDto } from './dto/create-betterchat-config.dto';
+import { UpdateBetterChatConfigDto } from './dto/update-betterchat-config.dto';
+import { ImportBetterChatConfigDto } from './dto/import-betterchat-config.dto';
+import { CurrentTenant } from '../../common/decorators/current-tenant.decorator';
+import { RequirePermission } from '../../common/decorators/require-permission.decorator';
+import { JwtAuthGuard } from '../../common/guards/jwt-auth.guard';
+import { PermissionsGuard } from '../../common/guards/permissions.guard';
+
+@ApiTags('betterchat')
+@ApiBearerAuth()
+@Controller('betterchat')
+@UseGuards(JwtAuthGuard, PermissionsGuard)
+export class BetterChatController {
+  constructor(private readonly betterChatService: BetterChatService) {}
+
+  @Get('configs')
+  @RequirePermission('betterchat.view')
+  @ApiOperation({ summary: 'List BetterChat configs (summaries)' })
+  getConfigs(@CurrentTenant() licenseId: string) {
+    return this.betterChatService.getConfigs(licenseId);
+  }
+
+  @Get('configs/:id')
+  @RequirePermission('betterchat.view')
+  @ApiOperation({ summary: 'Get full BetterChat config with data' })
+  getConfig(@CurrentTenant() licenseId: string, @Param('id') id: string) {
+    return this.betterChatService.getConfig(licenseId, id);
+  }
+
+  @Post('configs')
+  @RequirePermission('betterchat.manage')
+  @ApiOperation({ summary: 'Create BetterChat config' })
+  createConfig(@CurrentTenant() licenseId: string, @Body() dto: CreateBetterChatConfigDto) {
+    return this.betterChatService.createConfig(licenseId, dto);
+  }
+
+  @Put('configs/:id')
+  @RequirePermission('betterchat.manage')
+  @ApiOperation({ summary: 'Update BetterChat config' })
+  updateConfig(
+    @CurrentTenant() licenseId: string,
+    @Param('id') id: string,
+    @Body() dto: UpdateBetterChatConfigDto,
+  ) {
+    return this.betterChatService.updateConfig(licenseId, id, dto);
+  }
+
+  @Delete('configs/:id')
+  @RequirePermission('betterchat.manage')
+  @ApiOperation({ summary: 'Delete BetterChat config' })
+  deleteConfig(@CurrentTenant() licenseId: string, @Param('id') id: string) {
+    return this.betterChatService.deleteConfig(licenseId, id);
+  }
+
+  @Post('configs/:id/apply')
+  @RequirePermission('betterchat.manage')
+  @ApiOperation({ summary: 'Deploy BetterChat config to server' })
+  applyToServer(@CurrentTenant() licenseId: string, @Param('id') id: string) {
+    return this.betterChatService.applyToServer(licenseId, id);
+  }
+
+  @Post('import-from-server')
+  @RequirePermission('betterchat.manage')
+  @ApiOperation({ summary: 'Import BetterChat.json from server via NATS' })
+  importFromServer(@CurrentTenant() licenseId: string, @Body() dto: ImportBetterChatConfigDto) {
+    return this.betterChatService.importFromServer(licenseId, dto.config_name, dto.description);
+  }
+}

backend-nest/src/modules/betterchat/betterchat.module.ts

@@ -0,0 +1,14 @@
+import { Module } from '@nestjs/common';
+import { TypeOrmModule } from '@nestjs/typeorm';
+import { BetterChatController } from './betterchat.controller';
+import { BetterChatService } from './betterchat.service';
+import { BetterChatConfig } from '../../entities/betterchat-config.entity';
+import { NatsService } from '../../services/nats.service';
+
+@Module({
+  imports: [TypeOrmModule.forFeature([BetterChatConfig])],
+  controllers: [BetterChatController],
+  providers: [BetterChatService, NatsService],
+  exports: [BetterChatService],
+})
+export class BetterChatModule {}

backend-nest/src/modules/betterchat/betterchat.service.ts

@@ -0,0 +1,180 @@
+import { Injectable, Logger, NotFoundException, HttpException, HttpStatus } from '@nestjs/common';
+import { InjectRepository } from '@nestjs/typeorm';
+import { Repository } from 'typeorm';
+import { BetterChatConfig } from '../../entities/betterchat-config.entity';
+import { NatsService } from '../../services/nats.service';
+import { CreateBetterChatConfigDto } from './dto/create-betterchat-config.dto';
+import { UpdateBetterChatConfigDto } from './dto/update-betterchat-config.dto';
+
+@Injectable()
+export class BetterChatService {
+  private readonly logger = new Logger(BetterChatService.name);
+
+  constructor(
+    @InjectRepository(BetterChatConfig)
+    private readonly repo: Repository<BetterChatConfig>,
+    private readonly natsService: NatsService,
+  ) {}
+
+  /** List configs for a license (summaries — no JSONB) */
+  async getConfigs(licenseId: string) {
+    const configs = await this.repo.find({
+      where: { license_id: licenseId },
+      select: ['id', 'config_name', 'description', 'is_active', 'created_at', 'updated_at'],
+      order: { created_at: 'DESC' },
+    });
+    return { configs };
+  }
+
+  /** Get full config with JSONB data */
+  async getConfig(licenseId: string, configId: string) {
+    const config = await this.repo.findOne({
+      where: { id: configId, license_id: licenseId },
+    });
+    if (!config) throw new NotFoundException('BetterChat config not found');
+    return { config };
+  }
+
+  /** Create a new config */
+  async createConfig(licenseId: string, dto: CreateBetterChatConfigDto) {
+    const config = this.repo.create({
+      license_id: licenseId,
+      config_name: dto.config_name,
+      description: dto.description || null,
+      config_data: dto.config_data || {},
+    });
+    const saved = await this.repo.save(config);
+    return { config: saved };
+  }
+
+  /** Update an existing config */
+  async updateConfig(licenseId: string, configId: string, dto: UpdateBetterChatConfigDto) {
+    const config = await this.repo.findOne({
+      where: { id: configId, license_id: licenseId },
+    });
+    if (!config) throw new NotFoundException('BetterChat config not found');
+
+    if (dto.config_name !== undefined) config.config_name = dto.config_name;
+    if (dto.description !== undefined) config.description = dto.description;
+    if (dto.config_data !== undefined) config.config_data = dto.config_data;
+    if (dto.is_active !== undefined) config.is_active = dto.is_active;
+    config.updated_at = new Date();
+
+    const saved = await this.repo.save(config);
+    return { config: saved };
+  }
+
+  /** Delete a config */
+  async deleteConfig(licenseId: string, configId: string) {
+    const result = await this.repo.delete({ id: configId, license_id: licenseId });
+    if (result.affected === 0) throw new NotFoundException('BetterChat config not found');
+    return { deleted: true };
+  }
+
+  /** Deploy config to game server via NATS */
+  async applyToServer(licenseId: string, configId: string) {
+    const config = await this.repo.findOne({
+      where: { id: configId, license_id: licenseId },
+    });
+    if (!config) throw new NotFoundException('BetterChat config not found');
+
+    const jsonString = JSON.stringify(config.config_data, null, 2);
+
+    try {
+      // Write BetterChat.json via file manager NATS
+      await this.natsService.request(
+        `corrosion.${licenseId}.files.cmd`,
+        {
+          func: 'fm_save',
+          path: 'server://oxide/config/BetterChat.json',
+          content: jsonString,
+        },
+        30000,
+      );
+
+      // Reload BetterChat plugin via RCON
+      await this.natsService.publish(
+        `corrosion.${licenseId}.cmd.server`,
+        {
+          action: 'command',
+          command: 'oxide.reload BetterChat',
+          timestamp: new Date().toISOString(),
+        },
+      );
+
+      // Mark this config as active, deactivate others
+      await this.repo.update({ license_id: licenseId }, { is_active: false });
+      await this.repo.update(
+        { id: configId, license_id: licenseId },
+        { is_active: true, updated_at: new Date() },
+      );
+
+      return {
+        success: true,
+        message: `Config "${config.config_name}" deployed to server`,
+        config_name: config.config_name,
+      };
+    } catch (error) {
+      this.logger.error(`Failed to deploy BetterChat config: ${(error as Error).message}`);
+      throw new HttpException(
+        'Failed to deploy BetterChat config — agent may be offline',
+        HttpStatus.SERVICE_UNAVAILABLE,
+      );
+    }
+  }
+
+  /** Import BetterChat.json from game server via NATS */
+  async importFromServer(licenseId: string, configName: string, description?: string) {
+    try {
+      // Read BetterChat.json from server via file manager NATS
+      const response = await this.natsService.request(
+        `corrosion.${licenseId}.files.cmd`,
+        {
+          func: 'fm_preview',
+          path: 'server://oxide/config/BetterChat.json',
+        },
+        30000,
+      );
+
+      if (!response) {
+        throw new HttpException(
+          'No response from agent — it may be offline',
+          HttpStatus.SERVICE_UNAVAILABLE,
+        );
+      }
+
+      // Parse the response content as JSON
+      const responseData = response as Record<string, any>;
+      let configData: Record<string, any>;
+
+      if (typeof responseData.content === 'string') {
+        configData = JSON.parse(responseData.content);
+      } else if (typeof responseData.content === 'object') {
+        configData = responseData.content;
+      } else {
+        throw new HttpException(
+          'Unexpected response format from agent',
+          HttpStatus.BAD_GATEWAY,
+        );
+      }
+
+      // Create new config row
+      const config = this.repo.create({
+        license_id: licenseId,
+        config_name: configName,
+        description: description || 'Imported from server',
+        config_data: configData,
+      });
+      const saved = await this.repo.save(config);
+
+      return { config: saved };
+    } catch (error) {
+      if (error instanceof HttpException) throw error;
+      this.logger.error(`Failed to import BetterChat config from server: ${(error as Error).message}`);
+      throw new HttpException(
+        'Failed to import BetterChat config — agent may be offline',
+        HttpStatus.SERVICE_UNAVAILABLE,
+      );
+    }
+  }
+}

backend-nest/src/modules/betterchat/dto/create-betterchat-config.dto.ts

@@ -0,0 +1,19 @@
+import { IsString, IsOptional, IsObject, MaxLength } from 'class-validator';
+import { ApiProperty, ApiPropertyOptional } from '@nestjs/swagger';
+
+export class CreateBetterChatConfigDto {
+  @ApiProperty({ example: 'Default Chat Config' })
+  @IsString()
+  @MaxLength(100)
+  config_name: string;
+
+  @ApiPropertyOptional({ example: 'Standard BetterChat settings' })
+  @IsString()
+  @IsOptional()
+  description?: string;
+
+  @ApiPropertyOptional()
+  @IsObject()
+  @IsOptional()
+  config_data?: Record<string, any>;
+}

backend-nest/src/modules/betterchat/dto/import-betterchat-config.dto.ts

@@ -0,0 +1,14 @@
+import { IsString, IsOptional, MaxLength } from 'class-validator';
+import { ApiProperty, ApiPropertyOptional } from '@nestjs/swagger';
+
+export class ImportBetterChatConfigDto {
+  @ApiProperty({ example: 'Server Import' })
+  @IsString()
+  @MaxLength(100)
+  config_name: string;
+
+  @ApiPropertyOptional({ example: 'Imported from live server' })
+  @IsString()
+  @IsOptional()
+  description?: string;
+}

backend-nest/src/modules/betterchat/dto/update-betterchat-config.dto.ts

@@ -0,0 +1,25 @@
+import { IsString, IsOptional, IsObject, IsBoolean, MaxLength } from 'class-validator';
+import { ApiPropertyOptional } from '@nestjs/swagger';
+
+export class UpdateBetterChatConfigDto {
+  @ApiPropertyOptional({ example: 'Updated Chat Config' })
+  @IsString()
+  @MaxLength(100)
+  @IsOptional()
+  config_name?: string;
+
+  @ApiPropertyOptional({ example: 'Updated description' })
+  @IsString()
+  @IsOptional()
+  description?: string;
+
+  @ApiPropertyOptional()
+  @IsObject()
+  @IsOptional()
+  config_data?: Record<string, any>;
+
+  @ApiPropertyOptional()
+  @IsBoolean()
+  @IsOptional()
+  is_active?: boolean;
+}

backend-nest/src/modules/furnacesplitter/dto/create-furnacesplitter-config.dto.ts

@@ -0,0 +1,19 @@
+import { IsString, IsOptional, IsObject, MaxLength } from 'class-validator';
+import { ApiProperty, ApiPropertyOptional } from '@nestjs/swagger';
+
+export class CreateFurnaceSplitterConfigDto {
+  @ApiProperty({ example: 'Default FurnaceSplitter' })
+  @IsString()
+  @MaxLength(100)
+  config_name: string;
+
+  @ApiPropertyOptional({ example: 'Standard furnace splitter settings' })
+  @IsString()
+  @IsOptional()
+  description?: string;
+
+  @ApiPropertyOptional()
+  @IsObject()
+  @IsOptional()
+  config_data?: Record<string, any>;
+}

backend-nest/src/modules/furnacesplitter/dto/import-furnacesplitter-config.dto.ts

@@ -0,0 +1,14 @@
+import { IsString, IsOptional, MaxLength } from 'class-validator';
+import { ApiProperty, ApiPropertyOptional } from '@nestjs/swagger';
+
+export class ImportFurnaceSplitterConfigDto {
+  @ApiProperty({ example: 'Server Import' })
+  @IsString()
+  @MaxLength(100)
+  config_name: string;
+
+  @ApiPropertyOptional({ example: 'Imported from live server' })
+  @IsString()
+  @IsOptional()
+  description?: string;
+}

backend-nest/src/modules/furnacesplitter/dto/update-furnacesplitter-config.dto.ts

@@ -0,0 +1,25 @@
+import { IsString, IsOptional, IsObject, IsBoolean, MaxLength } from 'class-validator';
+import { ApiPropertyOptional } from '@nestjs/swagger';
+
+export class UpdateFurnaceSplitterConfigDto {
+  @ApiPropertyOptional({ example: 'Updated FurnaceSplitter' })
+  @IsString()
+  @MaxLength(100)
+  @IsOptional()
+  config_name?: string;
+
+  @ApiPropertyOptional({ example: 'Updated description' })
+  @IsString()
+  @IsOptional()
+  description?: string;
+
+  @ApiPropertyOptional()
+  @IsObject()
+  @IsOptional()
+  config_data?: Record<string, any>;
+
+  @ApiPropertyOptional()
+  @IsBoolean()
+  @IsOptional()
+  is_active?: boolean;
+}

backend-nest/src/modules/furnacesplitter/furnacesplitter.controller.ts

@@ -0,0 +1,80 @@
+import {
+  Controller,
+  Get,
+  Post,
+  Put,
+  Delete,
+  Body,
+  Param,
+  UseGuards,
+} from '@nestjs/common';
+import { ApiTags, ApiBearerAuth, ApiOperation } from '@nestjs/swagger';
+import { FurnaceSplitterService } from './furnacesplitter.service';
+import { CreateFurnaceSplitterConfigDto } from './dto/create-furnacesplitter-config.dto';
+import { UpdateFurnaceSplitterConfigDto } from './dto/update-furnacesplitter-config.dto';
+import { ImportFurnaceSplitterConfigDto } from './dto/import-furnacesplitter-config.dto';
+import { CurrentTenant } from '../../common/decorators/current-tenant.decorator';
+import { RequirePermission } from '../../common/decorators/require-permission.decorator';
+import { JwtAuthGuard } from '../../common/guards/jwt-auth.guard';
+import { PermissionsGuard } from '../../common/guards/permissions.guard';
+
+@ApiTags('furnacesplitter')
+@ApiBearerAuth()
+@Controller('furnacesplitter')
+@UseGuards(JwtAuthGuard, PermissionsGuard)
+export class FurnaceSplitterController {
+  constructor(private readonly furnaceSplitterService: FurnaceSplitterService) {}
+
+  @Get('configs')
+  @RequirePermission('furnacesplitter.view')
+  @ApiOperation({ summary: 'List furnace splitter configs (summaries)' })
+  getConfigs(@CurrentTenant() licenseId: string) {
+    return this.furnaceSplitterService.getConfigs(licenseId);
+  }
+
+  @Get('configs/:id')
+  @RequirePermission('furnacesplitter.view')
+  @ApiOperation({ summary: 'Get full furnace splitter config with data' })
+  getConfig(@CurrentTenant() licenseId: string, @Param('id') id: string) {
+    return this.furnaceSplitterService.getConfig(licenseId, id);
+  }
+
+  @Post('configs')
+  @RequirePermission('furnacesplitter.manage')
+  @ApiOperation({ summary: 'Create furnace splitter config' })
+  createConfig(@CurrentTenant() licenseId: string, @Body() dto: CreateFurnaceSplitterConfigDto) {
+    return this.furnaceSplitterService.createConfig(licenseId, dto);
+  }
+
+  @Put('configs/:id')
+  @RequirePermission('furnacesplitter.manage')
+  @ApiOperation({ summary: 'Update furnace splitter config' })
+  updateConfig(
+    @CurrentTenant() licenseId: string,
+    @Param('id') id: string,
+    @Body() dto: UpdateFurnaceSplitterConfigDto,
+  ) {
+    return this.furnaceSplitterService.updateConfig(licenseId, id, dto);
+  }
+
+  @Delete('configs/:id')
+  @RequirePermission('furnacesplitter.manage')
+  @ApiOperation({ summary: 'Delete furnace splitter config' })
+  deleteConfig(@CurrentTenant() licenseId: string, @Param('id') id: string) {
+    return this.furnaceSplitterService.deleteConfig(licenseId, id);
+  }
+
+  @Post('configs/:id/apply')
+  @RequirePermission('furnacesplitter.manage')
+  @ApiOperation({ summary: 'Deploy furnace splitter config to server' })
+  applyToServer(@CurrentTenant() licenseId: string, @Param('id') id: string) {
+    return this.furnaceSplitterService.applyToServer(licenseId, id);
+  }
+
+  @Post('import-from-server')
+  @RequirePermission('furnacesplitter.manage')
+  @ApiOperation({ summary: 'Import FurnaceSplitter.json from server via NATS' })
+  importFromServer(@CurrentTenant() licenseId: string, @Body() dto: ImportFurnaceSplitterConfigDto) {
+    return this.furnaceSplitterService.importFromServer(licenseId, dto.config_name, dto.description);
+  }
+}

backend-nest/src/modules/furnacesplitter/furnacesplitter.module.ts

@@ -0,0 +1,14 @@
+import { Module } from '@nestjs/common';
+import { TypeOrmModule } from '@nestjs/typeorm';
+import { FurnaceSplitterController } from './furnacesplitter.controller';
+import { FurnaceSplitterService } from './furnacesplitter.service';
+import { FurnaceSplitterConfig } from '../../entities/furnacesplitter-config.entity';
+import { NatsService } from '../../services/nats.service';
+
+@Module({
+  imports: [TypeOrmModule.forFeature([FurnaceSplitterConfig])],
+  controllers: [FurnaceSplitterController],
+  providers: [FurnaceSplitterService, NatsService],
+  exports: [FurnaceSplitterService],
+})
+export class FurnaceSplitterModule {}

backend-nest/src/modules/furnacesplitter/furnacesplitter.service.ts

@@ -0,0 +1,180 @@
+import { Injectable, Logger, NotFoundException, HttpException, HttpStatus } from '@nestjs/common';
+import { InjectRepository } from '@nestjs/typeorm';
+import { Repository } from 'typeorm';
+import { FurnaceSplitterConfig } from '../../entities/furnacesplitter-config.entity';
+import { NatsService } from '../../services/nats.service';
+import { CreateFurnaceSplitterConfigDto } from './dto/create-furnacesplitter-config.dto';
+import { UpdateFurnaceSplitterConfigDto } from './dto/update-furnacesplitter-config.dto';
+
+@Injectable()
+export class FurnaceSplitterService {
+  private readonly logger = new Logger(FurnaceSplitterService.name);
+
+  constructor(
+    @InjectRepository(FurnaceSplitterConfig)
+    private readonly furnaceRepo: Repository<FurnaceSplitterConfig>,
+    private readonly natsService: NatsService,
+  ) {}
+
+  /** List configs for a license (summaries — no JSONB) */
+  async getConfigs(licenseId: string) {
+    const configs = await this.furnaceRepo.find({
+      where: { license_id: licenseId },
+      select: ['id', 'config_name', 'description', 'is_active', 'created_at', 'updated_at'],
+      order: { created_at: 'DESC' },
+    });
+    return { configs };
+  }
+
+  /** Get full config with JSONB data */
+  async getConfig(licenseId: string, configId: string) {
+    const config = await this.furnaceRepo.findOne({
+      where: { id: configId, license_id: licenseId },
+    });
+    if (!config) throw new NotFoundException('FurnaceSplitter config not found');
+    return { config };
+  }
+
+  /** Create a new config */
+  async createConfig(licenseId: string, dto: CreateFurnaceSplitterConfigDto) {
+    const config = this.furnaceRepo.create({
+      license_id: licenseId,
+      config_name: dto.config_name,
+      description: dto.description || null,
+      config_data: dto.config_data || {},
+    });
+    const saved = await this.furnaceRepo.save(config);
+    return { config: saved };
+  }
+
+  /** Update an existing config */
+  async updateConfig(licenseId: string, configId: string, dto: UpdateFurnaceSplitterConfigDto) {
+    const config = await this.furnaceRepo.findOne({
+      where: { id: configId, license_id: licenseId },
+    });
+    if (!config) throw new NotFoundException('FurnaceSplitter config not found');
+
+    if (dto.config_name !== undefined) config.config_name = dto.config_name;
+    if (dto.description !== undefined) config.description = dto.description;
+    if (dto.config_data !== undefined) config.config_data = dto.config_data;
+    if (dto.is_active !== undefined) config.is_active = dto.is_active;
+    config.updated_at = new Date();
+
+    const saved = await this.furnaceRepo.save(config);
+    return { config: saved };
+  }
+
+  /** Delete a config */
+  async deleteConfig(licenseId: string, configId: string) {
+    const result = await this.furnaceRepo.delete({ id: configId, license_id: licenseId });
+    if (result.affected === 0) throw new NotFoundException('FurnaceSplitter config not found');
+    return { deleted: true };
+  }
+
+  /** Deploy config to game server via NATS */
+  async applyToServer(licenseId: string, configId: string) {
+    const config = await this.furnaceRepo.findOne({
+      where: { id: configId, license_id: licenseId },
+    });
+    if (!config) throw new NotFoundException('FurnaceSplitter config not found');
+
+    const jsonString = JSON.stringify(config.config_data, null, 2);
+
+    try {
+      // Write FurnaceSplitter.json via file manager NATS
+      await this.natsService.request(
+        `corrosion.${licenseId}.files.cmd`,
+        {
+          func: 'fm_save',
+          path: 'server://oxide/config/FurnaceSplitter.json',
+          content: jsonString,
+        },
+        30000,
+      );
+
+      // Reload FurnaceSplitter plugin via RCON
+      await this.natsService.publish(
+        `corrosion.${licenseId}.cmd.server`,
+        {
+          action: 'command',
+          command: 'oxide.reload FurnaceSplitter',
+          timestamp: new Date().toISOString(),
+        },
+      );
+
+      // Mark this config as active, deactivate others
+      await this.furnaceRepo.update({ license_id: licenseId }, { is_active: false });
+      await this.furnaceRepo.update(
+        { id: configId, license_id: licenseId },
+        { is_active: true, updated_at: new Date() },
+      );
+
+      return {
+        success: true,
+        message: `Config "${config.config_name}" deployed to server`,
+        config_name: config.config_name,
+      };
+    } catch (error) {
+      this.logger.error(`Failed to deploy furnace splitter config: ${(error as Error).message}`);
+      throw new HttpException(
+        'Failed to deploy furnace splitter config — agent may be offline',
+        HttpStatus.SERVICE_UNAVAILABLE,
+      );
+    }
+  }
+
+  /** Import FurnaceSplitter.json from game server via NATS */
+  async importFromServer(licenseId: string, configName: string, description?: string) {
+    try {
+      // Read FurnaceSplitter.json from server via file manager NATS
+      const response = await this.natsService.request(
+        `corrosion.${licenseId}.files.cmd`,
+        {
+          func: 'fm_preview',
+          path: 'server://oxide/config/FurnaceSplitter.json',
+        },
+        30000,
+      );
+
+      if (!response) {
+        throw new HttpException(
+          'No response from agent — it may be offline',
+          HttpStatus.SERVICE_UNAVAILABLE,
+        );
+      }
+
+      // Parse the response content as JSON
+      const responseData = response as Record<string, any>;
+      let configData: Record<string, any>;
+
+      if (typeof responseData.content === 'string') {
+        configData = JSON.parse(responseData.content);
+      } else if (typeof responseData.content === 'object') {
+        configData = responseData.content;
+      } else {
+        throw new HttpException(
+          'Unexpected response format from agent',
+          HttpStatus.BAD_GATEWAY,
+        );
+      }
+
+      // Create new furnace splitter config row
+      const config = this.furnaceRepo.create({
+        license_id: licenseId,
+        config_name: configName,
+        description: description || 'Imported from server',
+        config_data: configData,
+      });
+      const saved = await this.furnaceRepo.save(config);
+
+      return { config: saved };
+    } catch (error) {
+      if (error instanceof HttpException) throw error;
+      this.logger.error(`Failed to import furnace splitter config from server: ${(error as Error).message}`);
+      throw new HttpException(
+        'Failed to import furnace splitter config — agent may be offline',
+        HttpStatus.SERVICE_UNAVAILABLE,
+      );
+    }
+  }
+}

backend-nest/src/modules/gather/dto/create-gather-config.dto.ts

@@ -0,0 +1,19 @@
+import { IsString, IsOptional, IsObject, MaxLength } from 'class-validator';
+import { ApiProperty, ApiPropertyOptional } from '@nestjs/swagger';
+
+export class CreateGatherConfigDto {
+  @ApiProperty({ example: 'Default 2x Rates' })
+  @IsString()
+  @MaxLength(100)
+  config_name: string;
+
+  @ApiPropertyOptional({ example: 'Standard 2x gather rates' })
+  @IsString()
+  @IsOptional()
+  description?: string;
+
+  @ApiPropertyOptional()
+  @IsObject()
+  @IsOptional()
+  config_data?: Record<string, any>;
+}

backend-nest/src/modules/gather/dto/import-gather-config.dto.ts

@@ -0,0 +1,14 @@
+import { IsString, IsOptional, MaxLength } from 'class-validator';
+import { ApiProperty, ApiPropertyOptional } from '@nestjs/swagger';
+
+export class ImportGatherConfigDto {
+  @ApiProperty({ example: 'Server Import' })
+  @IsString()
+  @MaxLength(100)
+  config_name: string;
+
+  @ApiPropertyOptional({ example: 'Imported from live server' })
+  @IsString()
+  @IsOptional()
+  description?: string;
+}

backend-nest/src/modules/gather/dto/update-gather-config.dto.ts

@@ -0,0 +1,25 @@
+import { IsString, IsOptional, IsObject, IsBoolean, MaxLength } from 'class-validator';
+import { ApiPropertyOptional } from '@nestjs/swagger';
+
+export class UpdateGatherConfigDto {
+  @ApiPropertyOptional({ example: 'Updated Rates' })
+  @IsString()
+  @MaxLength(100)
+  @IsOptional()
+  config_name?: string;
+
+  @ApiPropertyOptional({ example: 'Updated description' })
+  @IsString()
+  @IsOptional()
+  description?: string;
+
+  @ApiPropertyOptional()
+  @IsObject()
+  @IsOptional()
+  config_data?: Record<string, any>;
+
+  @ApiPropertyOptional()
+  @IsBoolean()
+  @IsOptional()
+  is_active?: boolean;
+}

backend-nest/src/modules/gather/gather.controller.ts

@@ -0,0 +1,80 @@
+import {
+  Controller,
+  Get,
+  Post,
+  Put,
+  Delete,
+  Body,
+  Param,
+  UseGuards,
+} from '@nestjs/common';
+import { ApiTags, ApiBearerAuth, ApiOperation } from '@nestjs/swagger';
+import { GatherService } from './gather.service';
+import { CreateGatherConfigDto } from './dto/create-gather-config.dto';
+import { UpdateGatherConfigDto } from './dto/update-gather-config.dto';
+import { ImportGatherConfigDto } from './dto/import-gather-config.dto';
+import { CurrentTenant } from '../../common/decorators/current-tenant.decorator';
+import { RequirePermission } from '../../common/decorators/require-permission.decorator';
+import { JwtAuthGuard } from '../../common/guards/jwt-auth.guard';
+import { PermissionsGuard } from '../../common/guards/permissions.guard';
+
+@ApiTags('gather')
+@ApiBearerAuth()
+@Controller('gather')
+@UseGuards(JwtAuthGuard, PermissionsGuard)
+export class GatherController {
+  constructor(private readonly gatherService: GatherService) {}
+
+  @Get('configs')
+  @RequirePermission('gather.view')
+  @ApiOperation({ summary: 'List gather configs' })
+  getConfigs(@CurrentTenant() licenseId: string) {
+    return this.gatherService.getConfigs(licenseId);
+  }
+
+  @Get('configs/:id')
+  @RequirePermission('gather.view')
+  @ApiOperation({ summary: 'Get full gather config' })
+  getConfig(@CurrentTenant() licenseId: string, @Param('id') id: string) {
+    return this.gatherService.getConfig(licenseId, id);
+  }
+
+  @Post('configs')
+  @RequirePermission('gather.manage')
+  @ApiOperation({ summary: 'Create gather config' })
+  createConfig(@CurrentTenant() licenseId: string, @Body() dto: CreateGatherConfigDto) {
+    return this.gatherService.createConfig(licenseId, dto);
+  }
+
+  @Put('configs/:id')
+  @RequirePermission('gather.manage')
+  @ApiOperation({ summary: 'Update gather config' })
+  updateConfig(
+    @CurrentTenant() licenseId: string,
+    @Param('id') id: string,
+    @Body() dto: UpdateGatherConfigDto,
+  ) {
+    return this.gatherService.updateConfig(licenseId, id, dto);
+  }
+
+  @Delete('configs/:id')
+  @RequirePermission('gather.manage')
+  @ApiOperation({ summary: 'Delete gather config' })
+  deleteConfig(@CurrentTenant() licenseId: string, @Param('id') id: string) {
+    return this.gatherService.deleteConfig(licenseId, id);
+  }
+
+  @Post('configs/:id/apply')
+  @RequirePermission('gather.manage')
+  @ApiOperation({ summary: 'Deploy gather config to server' })
+  applyToServer(@CurrentTenant() licenseId: string, @Param('id') id: string) {
+    return this.gatherService.applyToServer(licenseId, id);
+  }
+
+  @Post('import-from-server')
+  @RequirePermission('gather.manage')
+  @ApiOperation({ summary: 'Import GatherManager.json from server' })
+  importFromServer(@CurrentTenant() licenseId: string, @Body() dto: ImportGatherConfigDto) {
+    return this.gatherService.importFromServer(licenseId, dto.config_name, dto.description);
+  }
+}

backend-nest/src/modules/gather/gather.module.ts

@@ -0,0 +1,14 @@
+import { Module } from '@nestjs/common';
+import { TypeOrmModule } from '@nestjs/typeorm';
+import { GatherController } from './gather.controller';
+import { GatherService } from './gather.service';
+import { GatherConfig } from '../../entities/gather-config.entity';
+import { NatsService } from '../../services/nats.service';
+
+@Module({
+  imports: [TypeOrmModule.forFeature([GatherConfig])],
+  controllers: [GatherController],
+  providers: [GatherService, NatsService],
+  exports: [GatherService],
+})
+export class GatherModule {}

backend-nest/src/modules/gather/gather.service.ts

@@ -0,0 +1,180 @@
+import { Injectable, Logger, NotFoundException, HttpException, HttpStatus } from '@nestjs/common';
+import { InjectRepository } from '@nestjs/typeorm';
+import { Repository } from 'typeorm';
+import { GatherConfig } from '../../entities/gather-config.entity';
+import { NatsService } from '../../services/nats.service';
+import { CreateGatherConfigDto } from './dto/create-gather-config.dto';
+import { UpdateGatherConfigDto } from './dto/update-gather-config.dto';
+
+@Injectable()
+export class GatherService {
+  private readonly logger = new Logger(GatherService.name);
+
+  constructor(
+    @InjectRepository(GatherConfig)
+    private readonly gatherRepo: Repository<GatherConfig>,
+    private readonly natsService: NatsService,
+  ) {}
+
+  /** List configs for a license (summaries — no JSONB) */
+  async getConfigs(licenseId: string) {
+    const configs = await this.gatherRepo.find({
+      where: { license_id: licenseId },
+      select: ['id', 'config_name', 'description', 'is_active', 'created_at', 'updated_at'],
+      order: { created_at: 'DESC' },
+    });
+    return { configs };
+  }
+
+  /** Get full config with JSONB data */
+  async getConfig(licenseId: string, configId: string) {
+    const config = await this.gatherRepo.findOne({
+      where: { id: configId, license_id: licenseId },
+    });
+    if (!config) throw new NotFoundException('Gather config not found');
+    return { config };
+  }
+
+  /** Create a new config */
+  async createConfig(licenseId: string, dto: CreateGatherConfigDto) {
+    const config = this.gatherRepo.create({
+      license_id: licenseId,
+      config_name: dto.config_name,
+      description: dto.description || null,
+      config_data: dto.config_data || {},
+    });
+    const saved = await this.gatherRepo.save(config);
+    return { config: saved };
+  }
+
+  /** Update an existing config */
+  async updateConfig(licenseId: string, configId: string, dto: UpdateGatherConfigDto) {
+    const config = await this.gatherRepo.findOne({
+      where: { id: configId, license_id: licenseId },
+    });
+    if (!config) throw new NotFoundException('Gather config not found');
+
+    if (dto.config_name !== undefined) config.config_name = dto.config_name;
+    if (dto.description !== undefined) config.description = dto.description;
+    if (dto.config_data !== undefined) config.config_data = dto.config_data;
+    if (dto.is_active !== undefined) config.is_active = dto.is_active;
+    config.updated_at = new Date();
+
+    const saved = await this.gatherRepo.save(config);
+    return { config: saved };
+  }
+
+  /** Delete a config */
+  async deleteConfig(licenseId: string, configId: string) {
+    const result = await this.gatherRepo.delete({ id: configId, license_id: licenseId });
+    if (result.affected === 0) throw new NotFoundException('Gather config not found');
+    return { deleted: true };
+  }
+
+  /** Deploy config to game server via NATS */
+  async applyToServer(licenseId: string, configId: string) {
+    const config = await this.gatherRepo.findOne({
+      where: { id: configId, license_id: licenseId },
+    });
+    if (!config) throw new NotFoundException('Gather config not found');
+
+    const jsonString = JSON.stringify(config.config_data, null, 2);
+
+    try {
+      // Write GatherManager.json via file manager NATS
+      await this.natsService.request(
+        `corrosion.${licenseId}.files.cmd`,
+        {
+          func: 'fm_save',
+          path: 'server://oxide/config/GatherManager.json',
+          content: jsonString,
+        },
+        30000,
+      );
+
+      // Reload GatherManager plugin via RCON
+      await this.natsService.publish(
+        `corrosion.${licenseId}.cmd.server`,
+        {
+          action: 'command',
+          command: 'oxide.reload GatherManager',
+          timestamp: new Date().toISOString(),
+        },
+      );
+
+      // Mark this config as active, deactivate others
+      await this.gatherRepo.update({ license_id: licenseId }, { is_active: false });
+      await this.gatherRepo.update(
+        { id: configId, license_id: licenseId },
+        { is_active: true, updated_at: new Date() },
+      );
+
+      return {
+        success: true,
+        message: `Config "${config.config_name}" deployed to server`,
+        config_name: config.config_name,
+      };
+    } catch (error) {
+      this.logger.error(`Failed to deploy gather config: ${(error as Error).message}`);
+      throw new HttpException(
+        'Failed to deploy gather config — agent may be offline',
+        HttpStatus.SERVICE_UNAVAILABLE,
+      );
+    }
+  }
+
+  /** Import GatherManager.json from game server via NATS */
+  async importFromServer(licenseId: string, configName: string, description?: string) {
+    try {
+      // Read GatherManager.json from server via file manager NATS
+      const response = await this.natsService.request(
+        `corrosion.${licenseId}.files.cmd`,
+        {
+          func: 'fm_preview',
+          path: 'server://oxide/config/GatherManager.json',
+        },
+        30000,
+      );
+
+      if (!response) {
+        throw new HttpException(
+          'No response from agent — it may be offline',
+          HttpStatus.SERVICE_UNAVAILABLE,
+        );
+      }
+
+      // Parse the response content as JSON
+      const responseData = response as Record<string, any>;
+      let configData: Record<string, any>;
+
+      if (typeof responseData.content === 'string') {
+        configData = JSON.parse(responseData.content);
+      } else if (typeof responseData.content === 'object') {
+        configData = responseData.content;
+      } else {
+        throw new HttpException(
+          'Unexpected response format from agent',
+          HttpStatus.BAD_GATEWAY,
+        );
+      }
+
+      // Create new gather config row
+      const config = this.gatherRepo.create({
+        license_id: licenseId,
+        config_name: configName,
+        description: description || 'Imported from server',
+        config_data: configData,
+      });
+      const saved = await this.gatherRepo.save(config);
+
+      return { config: saved };
+    } catch (error) {
+      if (error instanceof HttpException) throw error;
+      this.logger.error(`Failed to import gather config from server: ${(error as Error).message}`);
+      throw new HttpException(
+        'Failed to import gather config — agent may be offline',
+        HttpStatus.SERVICE_UNAVAILABLE,
+      );
+    }
+  }
+}

backend-nest/src/modules/kits/dto/create-kits-config.dto.ts

@@ -0,0 +1,19 @@
+import { IsString, IsOptional, IsObject, MaxLength } from 'class-validator';
+import { ApiProperty, ApiPropertyOptional } from '@nestjs/swagger';
+
+export class CreateKitsConfigDto {
+  @ApiProperty({ example: 'Default Kits' })
+  @IsString()
+  @MaxLength(100)
+  config_name: string;
+
+  @ApiPropertyOptional({ example: 'Standard kit configuration' })
+  @IsString()
+  @IsOptional()
+  description?: string;
+
+  @ApiPropertyOptional()
+  @IsObject()
+  @IsOptional()
+  config_data?: Record<string, any>;
+}

backend-nest/src/modules/kits/dto/import-kits-config.dto.ts

@@ -0,0 +1,14 @@
+import { IsString, IsOptional, MaxLength } from 'class-validator';
+import { ApiProperty, ApiPropertyOptional } from '@nestjs/swagger';
+
+export class ImportKitsConfigDto {
+  @ApiProperty({ example: 'Server Import' })
+  @IsString()
+  @MaxLength(100)
+  config_name: string;
+
+  @ApiPropertyOptional({ example: 'Imported from live server' })
+  @IsString()
+  @IsOptional()
+  description?: string;
+}

backend-nest/src/modules/kits/dto/update-kits-config.dto.ts

@@ -0,0 +1,25 @@
+import { IsString, IsOptional, IsObject, IsBoolean, MaxLength } from 'class-validator';
+import { ApiPropertyOptional } from '@nestjs/swagger';
+
+export class UpdateKitsConfigDto {
+  @ApiPropertyOptional({ example: 'Updated Kits' })
+  @IsString()
+  @MaxLength(100)
+  @IsOptional()
+  config_name?: string;
+
+  @ApiPropertyOptional({ example: 'Updated description' })
+  @IsString()
+  @IsOptional()
+  description?: string;
+
+  @ApiPropertyOptional()
+  @IsObject()
+  @IsOptional()
+  config_data?: Record<string, any>;
+
+  @ApiPropertyOptional()
+  @IsBoolean()
+  @IsOptional()
+  is_active?: boolean;
+}

backend-nest/src/modules/kits/kits.controller.ts

@@ -0,0 +1,80 @@
+import {
+  Controller,
+  Get,
+  Post,
+  Put,
+  Delete,
+  Body,
+  Param,
+  UseGuards,
+} from '@nestjs/common';
+import { ApiTags, ApiBearerAuth, ApiOperation } from '@nestjs/swagger';
+import { KitsService } from './kits.service';
+import { CreateKitsConfigDto } from './dto/create-kits-config.dto';
+import { UpdateKitsConfigDto } from './dto/update-kits-config.dto';
+import { ImportKitsConfigDto } from './dto/import-kits-config.dto';
+import { CurrentTenant } from '../../common/decorators/current-tenant.decorator';
+import { RequirePermission } from '../../common/decorators/require-permission.decorator';
+import { JwtAuthGuard } from '../../common/guards/jwt-auth.guard';
+import { PermissionsGuard } from '../../common/guards/permissions.guard';
+
+@ApiTags('kits')
+@ApiBearerAuth()
+@Controller('kits')
+@UseGuards(JwtAuthGuard, PermissionsGuard)
+export class KitsController {
+  constructor(private readonly kitsService: KitsService) {}
+
+  @Get('configs')
+  @RequirePermission('kits.view')
+  @ApiOperation({ summary: 'List kits configs (summaries)' })
+  getConfigs(@CurrentTenant() licenseId: string) {
+    return this.kitsService.getConfigs(licenseId);
+  }
+
+  @Get('configs/:id')
+  @RequirePermission('kits.view')
+  @ApiOperation({ summary: 'Get full kits config with data' })
+  getConfig(@CurrentTenant() licenseId: string, @Param('id') id: string) {
+    return this.kitsService.getConfig(licenseId, id);
+  }
+
+  @Post('configs')
+  @RequirePermission('kits.manage')
+  @ApiOperation({ summary: 'Create kits config' })
+  createConfig(@CurrentTenant() licenseId: string, @Body() dto: CreateKitsConfigDto) {
+    return this.kitsService.createConfig(licenseId, dto);
+  }
+
+  @Put('configs/:id')
+  @RequirePermission('kits.manage')
+  @ApiOperation({ summary: 'Update kits config' })
+  updateConfig(
+    @CurrentTenant() licenseId: string,
+    @Param('id') id: string,
+    @Body() dto: UpdateKitsConfigDto,
+  ) {
+    return this.kitsService.updateConfig(licenseId, id, dto);
+  }
+
+  @Delete('configs/:id')
+  @RequirePermission('kits.manage')
+  @ApiOperation({ summary: 'Delete kits config' })
+  deleteConfig(@CurrentTenant() licenseId: string, @Param('id') id: string) {
+    return this.kitsService.deleteConfig(licenseId, id);
+  }
+
+  @Post('configs/:id/apply')
+  @RequirePermission('kits.manage')
+  @ApiOperation({ summary: 'Deploy kits config to server' })
+  applyToServer(@CurrentTenant() licenseId: string, @Param('id') id: string) {
+    return this.kitsService.applyToServer(licenseId, id);
+  }
+
+  @Post('import-from-server')
+  @RequirePermission('kits.manage')
+  @ApiOperation({ summary: 'Import Kits.json from server via NATS' })
+  importFromServer(@CurrentTenant() licenseId: string, @Body() dto: ImportKitsConfigDto) {
+    return this.kitsService.importFromServer(licenseId, dto.config_name, dto.description);
+  }
+}

backend-nest/src/modules/kits/kits.module.ts

@@ -0,0 +1,14 @@
+import { Module } from '@nestjs/common';
+import { TypeOrmModule } from '@nestjs/typeorm';
+import { KitsController } from './kits.controller';
+import { KitsService } from './kits.service';
+import { KitsConfig } from '../../entities/kits-config.entity';
+import { NatsService } from '../../services/nats.service';
+
+@Module({
+  imports: [TypeOrmModule.forFeature([KitsConfig])],
+  controllers: [KitsController],
+  providers: [KitsService, NatsService],
+  exports: [KitsService],
+})
+export class KitsModule {}

backend-nest/src/modules/kits/kits.service.ts

@@ -0,0 +1,180 @@
+import { Injectable, Logger, NotFoundException, HttpException, HttpStatus } from '@nestjs/common';
+import { InjectRepository } from '@nestjs/typeorm';
+import { Repository } from 'typeorm';
+import { KitsConfig } from '../../entities/kits-config.entity';
+import { NatsService } from '../../services/nats.service';
+import { CreateKitsConfigDto } from './dto/create-kits-config.dto';
+import { UpdateKitsConfigDto } from './dto/update-kits-config.dto';
+
+@Injectable()
+export class KitsService {
+  private readonly logger = new Logger(KitsService.name);
+
+  constructor(
+    @InjectRepository(KitsConfig)
+    private readonly kitsRepo: Repository<KitsConfig>,
+    private readonly natsService: NatsService,
+  ) {}
+
+  /** List configs for a license (summaries — no JSONB) */
+  async getConfigs(licenseId: string) {
+    const configs = await this.kitsRepo.find({
+      where: { license_id: licenseId },
+      select: ['id', 'config_name', 'description', 'is_active', 'created_at', 'updated_at'],
+      order: { created_at: 'DESC' },
+    });
+    return { configs };
+  }
+
+  /** Get full config with JSONB data */
+  async getConfig(licenseId: string, configId: string) {
+    const config = await this.kitsRepo.findOne({
+      where: { id: configId, license_id: licenseId },
+    });
+    if (!config) throw new NotFoundException('Kits config not found');
+    return { config };
+  }
+
+  /** Create a new config */
+  async createConfig(licenseId: string, dto: CreateKitsConfigDto) {
+    const config = this.kitsRepo.create({
+      license_id: licenseId,
+      config_name: dto.config_name,
+      description: dto.description || null,
+      config_data: dto.config_data || {},
+    });
+    const saved = await this.kitsRepo.save(config);
+    return { config: saved };
+  }
+
+  /** Update an existing config */
+  async updateConfig(licenseId: string, configId: string, dto: UpdateKitsConfigDto) {
+    const config = await this.kitsRepo.findOne({
+      where: { id: configId, license_id: licenseId },
+    });
+    if (!config) throw new NotFoundException('Kits config not found');
+
+    if (dto.config_name !== undefined) config.config_name = dto.config_name;
+    if (dto.description !== undefined) config.description = dto.description;
+    if (dto.config_data !== undefined) config.config_data = dto.config_data;
+    if (dto.is_active !== undefined) config.is_active = dto.is_active;
+    config.updated_at = new Date();
+
+    const saved = await this.kitsRepo.save(config);
+    return { config: saved };
+  }
+
+  /** Delete a config */
+  async deleteConfig(licenseId: string, configId: string) {
+    const result = await this.kitsRepo.delete({ id: configId, license_id: licenseId });
+    if (result.affected === 0) throw new NotFoundException('Kits config not found');
+    return { deleted: true };
+  }
+
+  /** Deploy config to game server via NATS */
+  async applyToServer(licenseId: string, configId: string) {
+    const config = await this.kitsRepo.findOne({
+      where: { id: configId, license_id: licenseId },
+    });
+    if (!config) throw new NotFoundException('Kits config not found');
+
+    const jsonString = JSON.stringify(config.config_data, null, 2);
+
+    try {
+      // Write Kits.json via file manager NATS
+      await this.natsService.request(
+        `corrosion.${licenseId}.files.cmd`,
+        {
+          func: 'fm_save',
+          path: 'server://oxide/config/Kits.json',
+          content: jsonString,
+        },
+        30000,
+      );
+
+      // Reload Kits plugin via RCON
+      await this.natsService.publish(
+        `corrosion.${licenseId}.cmd.server`,
+        {
+          action: 'command',
+          command: 'oxide.reload Kits',
+          timestamp: new Date().toISOString(),
+        },
+      );
+
+      // Mark this config as active, deactivate others
+      await this.kitsRepo.update({ license_id: licenseId }, { is_active: false });
+      await this.kitsRepo.update(
+        { id: configId, license_id: licenseId },
+        { is_active: true, updated_at: new Date() },
+      );
+
+      return {
+        success: true,
+        message: `Config "${config.config_name}" deployed to server`,
+        config_name: config.config_name,
+      };
+    } catch (error) {
+      this.logger.error(`Failed to deploy kits config: ${(error as Error).message}`);
+      throw new HttpException(
+        'Failed to deploy kits config — agent may be offline',
+        HttpStatus.SERVICE_UNAVAILABLE,
+      );
+    }
+  }
+
+  /** Import Kits.json from game server via NATS */
+  async importFromServer(licenseId: string, configName: string, description?: string) {
+    try {
+      // Read Kits.json from server via file manager NATS
+      const response = await this.natsService.request(
+        `corrosion.${licenseId}.files.cmd`,
+        {
+          func: 'fm_preview',
+          path: 'server://oxide/config/Kits.json',
+        },
+        30000,
+      );
+
+      if (!response) {
+        throw new HttpException(
+          'No response from agent — it may be offline',
+          HttpStatus.SERVICE_UNAVAILABLE,
+        );
+      }
+
+      // Parse the response content as JSON
+      const responseData = response as Record<string, any>;
+      let configData: Record<string, any>;
+
+      if (typeof responseData.content === 'string') {
+        configData = JSON.parse(responseData.content);
+      } else if (typeof responseData.content === 'object') {
+        configData = responseData.content;
+      } else {
+        throw new HttpException(
+          'Unexpected response format from agent',
+          HttpStatus.BAD_GATEWAY,
+        );
+      }
+
+      // Create new kits config row
+      const config = this.kitsRepo.create({
+        license_id: licenseId,
+        config_name: configName,
+        description: description || 'Imported from server',
+        config_data: configData,
+      });
+      const saved = await this.kitsRepo.save(config);
+
+      return { config: saved };
+    } catch (error) {
+      if (error instanceof HttpException) throw error;
+      this.logger.error(`Failed to import kits config from server: ${(error as Error).message}`);
+      throw new HttpException(
+        'Failed to import kits config — agent may be offline',
+        HttpStatus.SERVICE_UNAVAILABLE,
+      );
+    }
+  }
+}

backend-nest/src/modules/loot/data/rust-containers.ts

@@ -0,0 +1,39 @@
+export interface RustContainerInfo {
+  prefab: string;
+  name: string;
+  category: string;
+}
+
+export const RUST_CONTAINERS: RustContainerInfo[] = [
+  // Crates
+  { prefab: 'assets/bundled/prefabs/radtown/crate_normal.prefab', name: 'Crate', category: 'crates' },
+  { prefab: 'assets/bundled/prefabs/radtown/crate_normal_2.prefab', name: 'Crate (Small)', category: 'crates' },
+  { prefab: 'assets/bundled/prefabs/radtown/crate_elite.prefab', name: 'Elite Crate', category: 'crates' },
+  { prefab: 'assets/bundled/prefabs/radtown/crate_tools.prefab', name: 'Tool Crate', category: 'crates' },
+  { prefab: 'assets/bundled/prefabs/radtown/crate_food_1.prefab', name: 'Food Crate (Small)', category: 'crates' },
+  { prefab: 'assets/bundled/prefabs/radtown/crate_food_2.prefab', name: 'Food Crate', category: 'crates' },
+  { prefab: 'assets/bundled/prefabs/radtown/crate_medical.prefab', name: 'Medical Crate', category: 'crates' },
+  { prefab: 'assets/bundled/prefabs/radtown/crate_mine.prefab', name: 'Mine Crate', category: 'crates' },
+  { prefab: 'assets/bundled/prefabs/radtown/crate_basic.prefab', name: 'Basic Crate', category: 'crates' },
+  { prefab: 'assets/bundled/prefabs/radtown/crate_underwater_basic.prefab', name: 'Underwater Basic Crate', category: 'crates' },
+  { prefab: 'assets/bundled/prefabs/radtown/crate_underwater_advanced.prefab', name: 'Underwater Advanced Crate', category: 'crates' },
+  // Barrels
+  { prefab: 'assets/bundled/prefabs/radtown/loot_barrel_1.prefab', name: 'Barrel', category: 'barrels' },
+  { prefab: 'assets/bundled/prefabs/radtown/loot_barrel_2.prefab', name: 'Barrel 2', category: 'barrels' },
+  { prefab: 'assets/bundled/prefabs/radtown/oil_barrel.prefab', name: 'Oil Barrel', category: 'barrels' },
+  // Military
+  { prefab: 'assets/bundled/prefabs/radtown/crate_helicopter.prefab', name: 'Helicopter Crate', category: 'military' },
+  { prefab: 'assets/bundled/prefabs/radtown/bradley_crate.prefab', name: 'Bradley Crate', category: 'military' },
+  { prefab: 'assets/bundled/prefabs/radtown/supply_drop.prefab', name: 'Supply Drop', category: 'military' },
+  { prefab: 'assets/bundled/prefabs/radtown/crate_locked.prefab', name: 'Locked Crate', category: 'military' },
+  { prefab: 'assets/bundled/prefabs/radtown/crate_hackable.prefab', name: 'Hackable Crate', category: 'military' },
+  // NPCs
+  { prefab: 'assets/rust.ai/agents/npcplayer/humannpc/scientist/scientistnpc_full_any.prefab', name: 'Scientist', category: 'npcs' },
+  { prefab: 'assets/rust.ai/agents/npcplayer/humannpc/scientist/scientistnpc_heavy.prefab', name: 'Heavy Scientist', category: 'npcs' },
+  { prefab: 'assets/rust.ai/agents/npcplayer/humannpc/scientist/scientistnpc_oilrig.prefab', name: 'Oil Rig Scientist', category: 'npcs' },
+  { prefab: 'assets/rust.ai/agents/npcplayer/humannpc/scientist/scientistnpc_cargo.prefab', name: 'Cargo Ship Scientist', category: 'npcs' },
+  { prefab: 'assets/rust.ai/agents/npcplayer/humannpc/tunneldweller/npc_tunneldweller.prefab', name: 'Tunnel Dweller', category: 'npcs' },
+  // Other
+  { prefab: 'assets/bundled/prefabs/radtown/minecart.prefab', name: 'Minecart', category: 'other' },
+  { prefab: 'assets/bundled/prefabs/radtown/vehicle_parts.prefab', name: 'Vehicle Parts', category: 'other' },
+];

backend-nest/src/modules/loot/dto/apply-loot-profile.dto.ts

@@ -0,0 +1,9 @@
+import { IsNumber, IsIn } from 'class-validator';
+import { ApiProperty } from '@nestjs/swagger';
+
+export class ApplyLootProfileDto {
+  @ApiProperty({ example: 1, description: 'Loot multiplier', enum: [1, 2, 5, 10] })
+  @IsNumber()
+  @IsIn([1, 2, 5, 10])
+  multiplier: number;
+}

backend-nest/src/modules/loot/dto/create-loot-profile.dto.ts

@@ -0,0 +1,24 @@
+import { IsString, IsOptional, IsObject, MaxLength } from 'class-validator';
+import { ApiProperty, ApiPropertyOptional } from '@nestjs/swagger';
+
+export class CreateLootProfileDto {
+  @ApiProperty({ example: 'Vanilla 2x' })
+  @IsString()
+  @MaxLength(100)
+  profile_name: string;
+
+  @ApiPropertyOptional({ example: 'Standard 2x loot table' })
+  @IsString()
+  @IsOptional()
+  description?: string;
+
+  @ApiPropertyOptional()
+  @IsObject()
+  @IsOptional()
+  loot_table?: Record<string, any>;
+
+  @ApiPropertyOptional()
+  @IsObject()
+  @IsOptional()
+  loot_groups?: Record<string, any>;
+}

backend-nest/src/modules/loot/dto/import-loot-profile.dto.ts

@@ -0,0 +1,23 @@
+import { IsString, IsObject, IsOptional, MaxLength } from 'class-validator';
+import { ApiProperty, ApiPropertyOptional } from '@nestjs/swagger';
+
+export class ImportLootProfileDto {
+  @ApiProperty({ example: 'Imported from Looty' })
+  @IsString()
+  @MaxLength(100)
+  profile_name: string;
+
+  @ApiPropertyOptional()
+  @IsString()
+  @IsOptional()
+  description?: string;
+
+  @ApiProperty({ description: 'BetterLoot LootTables.json content' })
+  @IsObject()
+  loot_table: Record<string, any>;
+
+  @ApiPropertyOptional({ description: 'BetterLoot LootGroups.json content' })
+  @IsObject()
+  @IsOptional()
+  loot_groups?: Record<string, any>;
+}

backend-nest/src/modules/loot/dto/update-loot-profile.dto.ts

@@ -0,0 +1,30 @@
+import { IsString, IsOptional, IsObject, IsBoolean, MaxLength } from 'class-validator';
+import { ApiPropertyOptional } from '@nestjs/swagger';
+
+export class UpdateLootProfileDto {
+  @ApiPropertyOptional()
+  @IsString()
+  @MaxLength(100)
+  @IsOptional()
+  profile_name?: string;
+
+  @ApiPropertyOptional()
+  @IsString()
+  @IsOptional()
+  description?: string;
+
+  @ApiPropertyOptional()
+  @IsObject()
+  @IsOptional()
+  loot_table?: Record<string, any>;
+
+  @ApiPropertyOptional()
+  @IsObject()
+  @IsOptional()
+  loot_groups?: Record<string, any>;
+
+  @ApiPropertyOptional()
+  @IsBoolean()
+  @IsOptional()
+  is_active?: boolean;
+}

backend-nest/src/modules/loot/loot.controller.ts

@@ -0,0 +1,112 @@
+import {
+  Controller,
+  Get,
+  Post,
+  Put,
+  Delete,
+  Body,
+  Param,
+  Query,
+  UseGuards,
+} from '@nestjs/common';
+import { ApiTags, ApiBearerAuth, ApiOperation, ApiQuery } from '@nestjs/swagger';
+import { LootService } from './loot.service';
+import { CreateLootProfileDto } from './dto/create-loot-profile.dto';
+import { UpdateLootProfileDto } from './dto/update-loot-profile.dto';
+import { ApplyLootProfileDto } from './dto/apply-loot-profile.dto';
+import { ImportLootProfileDto } from './dto/import-loot-profile.dto';
+import { CurrentTenant } from '../../common/decorators/current-tenant.decorator';
+import { RequirePermission } from '../../common/decorators/require-permission.decorator';
+import { JwtAuthGuard } from '../../common/guards/jwt-auth.guard';
+import { PermissionsGuard } from '../../common/guards/permissions.guard';
+
+@ApiTags('loot')
+@ApiBearerAuth()
+@Controller('loot')
+@UseGuards(JwtAuthGuard, PermissionsGuard)
+export class LootController {
+  constructor(private readonly lootService: LootService) {}
+
+  @Get('profiles')
+  @RequirePermission('loot.view')
+  @ApiOperation({ summary: 'List loot profiles (summaries)' })
+  getProfiles(@CurrentTenant() licenseId: string) {
+    return this.lootService.getProfiles(licenseId);
+  }
+
+  @Get('profiles/:id')
+  @RequirePermission('loot.view')
+  @ApiOperation({ summary: 'Get full loot profile with data' })
+  getProfile(@CurrentTenant() licenseId: string, @Param('id') id: string) {
+    return this.lootService.getProfile(licenseId, id);
+  }
+
+  @Post('profiles')
+  @RequirePermission('loot.manage')
+  @ApiOperation({ summary: 'Create loot profile' })
+  createProfile(@CurrentTenant() licenseId: string, @Body() dto: CreateLootProfileDto) {
+    return this.lootService.createProfile(licenseId, dto);
+  }
+
+  @Put('profiles/:id')
+  @RequirePermission('loot.manage')
+  @ApiOperation({ summary: 'Update loot profile' })
+  updateProfile(
+    @CurrentTenant() licenseId: string,
+    @Param('id') id: string,
+    @Body() dto: UpdateLootProfileDto,
+  ) {
+    return this.lootService.updateProfile(licenseId, id, dto);
+  }
+
+  @Delete('profiles/:id')
+  @RequirePermission('loot.manage')
+  @ApiOperation({ summary: 'Delete loot profile' })
+  deleteProfile(@CurrentTenant() licenseId: string, @Param('id') id: string) {
+    return this.lootService.deleteProfile(licenseId, id);
+  }
+
+  @Post('profiles/:id/duplicate')
+  @RequirePermission('loot.manage')
+  @ApiOperation({ summary: 'Duplicate loot profile' })
+  duplicateProfile(@CurrentTenant() licenseId: string, @Param('id') id: string) {
+    return this.lootService.duplicateProfile(licenseId, id);
+  }
+
+  @Post('profiles/:id/apply')
+  @RequirePermission('loot.manage')
+  @ApiOperation({ summary: 'Apply loot profile to server with multiplier' })
+  applyToServer(
+    @CurrentTenant() licenseId: string,
+    @Param('id') id: string,
+    @Body() dto: ApplyLootProfileDto,
+  ) {
+    return this.lootService.applyToServer(licenseId, id, dto.multiplier);
+  }
+
+  @Post('import')
+  @RequirePermission('loot.manage')
+  @ApiOperation({ summary: 'Import BetterLoot/Looty JSON as new profile' })
+  importProfile(@CurrentTenant() licenseId: string, @Body() dto: ImportLootProfileDto) {
+    return this.lootService.importProfile(licenseId, dto);
+  }
+
+  @Get('export/:id')
+  @RequirePermission('loot.view')
+  @ApiOperation({ summary: 'Export loot profile as BetterLoot JSON' })
+  @ApiQuery({ name: 'multiplier', required: false, example: 1 })
+  exportProfile(
+    @CurrentTenant() licenseId: string,
+    @Param('id') id: string,
+    @Query('multiplier') multiplier: string,
+  ) {
+    return this.lootService.exportProfile(licenseId, id, multiplier ? parseInt(multiplier, 10) : 1);
+  }
+
+  @Get('containers')
+  @RequirePermission('loot.view')
+  @ApiOperation({ summary: 'Get list of Rust container prefabs' })
+  getContainers() {
+    return this.lootService.getContainers();
+  }
+}

backend-nest/src/modules/loot/loot.module.ts

@@ -0,0 +1,14 @@
+import { Module } from '@nestjs/common';
+import { TypeOrmModule } from '@nestjs/typeorm';
+import { LootController } from './loot.controller';
+import { LootService } from './loot.service';
+import { LootProfile } from '../../entities/loot-profile.entity';
+import { NatsService } from '../../services/nats.service';
+
+@Module({
+  imports: [TypeOrmModule.forFeature([LootProfile])],
+  controllers: [LootController],
+  providers: [LootService, NatsService],
+  exports: [LootService],
+})
+export class LootModule {}

backend-nest/src/modules/loot/loot.service.ts

@@ -0,0 +1,258 @@
+import { Injectable, Logger, NotFoundException, HttpException, HttpStatus } from '@nestjs/common';
+import { InjectRepository } from '@nestjs/typeorm';
+import { Repository } from 'typeorm';
+import { LootProfile } from '../../entities/loot-profile.entity';
+import { NatsService } from '../../services/nats.service';
+import { CreateLootProfileDto } from './dto/create-loot-profile.dto';
+import { UpdateLootProfileDto } from './dto/update-loot-profile.dto';
+import { ImportLootProfileDto } from './dto/import-loot-profile.dto';
+import { RUST_CONTAINERS } from './data/rust-containers';
+
+@Injectable()
+export class LootService {
+  private readonly logger = new Logger(LootService.name);
+
+  constructor(
+    @InjectRepository(LootProfile)
+    private readonly lootRepo: Repository<LootProfile>,
+    private readonly natsService: NatsService,
+  ) {}
+
+  /** List profiles for a license (summaries — no JSONB) */
+  async getProfiles(licenseId: string) {
+    const profiles = await this.lootRepo.find({
+      where: { license_id: licenseId },
+      select: ['id', 'profile_name', 'description', 'is_active', 'created_at', 'updated_at'],
+      order: { created_at: 'DESC' },
+    });
+    return { profiles };
+  }
+
+  /** Get full profile with JSONB data */
+  async getProfile(licenseId: string, profileId: string) {
+    const profile = await this.lootRepo.findOne({
+      where: { id: profileId, license_id: licenseId },
+    });
+    if (!profile) throw new NotFoundException('Loot profile not found');
+    return { profile };
+  }
+
+  /** Create a new profile */
+  async createProfile(licenseId: string, dto: CreateLootProfileDto) {
+    const profile = this.lootRepo.create({
+      license_id: licenseId,
+      profile_name: dto.profile_name,
+      description: dto.description || null,
+      loot_table: dto.loot_table || {},
+      loot_groups: dto.loot_groups || {},
+    });
+    const saved = await this.lootRepo.save(profile);
+    return { profile: saved };
+  }
+
+  /** Update an existing profile */
+  async updateProfile(licenseId: string, profileId: string, dto: UpdateLootProfileDto) {
+    const profile = await this.lootRepo.findOne({
+      where: { id: profileId, license_id: licenseId },
+    });
+    if (!profile) throw new NotFoundException('Loot profile not found');
+
+    if (dto.profile_name !== undefined) profile.profile_name = dto.profile_name;
+    if (dto.description !== undefined) profile.description = dto.description;
+    if (dto.loot_table !== undefined) profile.loot_table = dto.loot_table;
+    if (dto.loot_groups !== undefined) profile.loot_groups = dto.loot_groups;
+    if (dto.is_active !== undefined) profile.is_active = dto.is_active;
+    profile.updated_at = new Date();
+
+    const saved = await this.lootRepo.save(profile);
+    return { profile: saved };
+  }
+
+  /** Delete a profile */
+  async deleteProfile(licenseId: string, profileId: string) {
+    const result = await this.lootRepo.delete({ id: profileId, license_id: licenseId });
+    if (result.affected === 0) throw new NotFoundException('Loot profile not found');
+    return { deleted: true };
+  }
+
+  /** Duplicate a profile */
+  async duplicateProfile(licenseId: string, profileId: string) {
+    const source = await this.lootRepo.findOne({
+      where: { id: profileId, license_id: licenseId },
+    });
+    if (!source) throw new NotFoundException('Loot profile not found');
+
+    const copy = this.lootRepo.create({
+      license_id: licenseId,
+      profile_name: `${source.profile_name} (Copy)`,
+      description: source.description,
+      loot_table: JSON.parse(JSON.stringify(source.loot_table)),
+      loot_groups: JSON.parse(JSON.stringify(source.loot_groups)),
+      is_active: false,
+    });
+    const saved = await this.lootRepo.save(copy);
+    return { profile: saved };
+  }
+
+  /** Apply profile to server with multiplier */
+  async applyToServer(licenseId: string, profileId: string, multiplier: number) {
+    const profile = await this.lootRepo.findOne({
+      where: { id: profileId, license_id: licenseId },
+    });
+    if (!profile) throw new NotFoundException('Loot profile not found');
+
+    // Deep clone and apply multiplier
+    const scaledTable = JSON.parse(JSON.stringify(profile.loot_table));
+    const scaledGroups = JSON.parse(JSON.stringify(profile.loot_groups));
+
+    if (multiplier !== 1) {
+      this.applyMultiplierToTable(scaledTable, multiplier);
+      this.applyMultiplierToGroups(scaledGroups, multiplier);
+    }
+
+    const lootTablesJson = JSON.stringify(scaledTable, null, 2);
+    const lootGroupsJson = JSON.stringify(scaledGroups, null, 2);
+
+    try {
+      // Write LootTables.json via file manager NATS
+      await this.natsService.request(
+        `corrosion.${licenseId}.files.cmd`,
+        {
+          func: 'fm_save',
+          path: 'server://oxide/data/BetterLoot/LootTables.json',
+          content: lootTablesJson,
+        },
+        30000,
+      );
+
+      // Write LootGroups.json via file manager NATS
+      await this.natsService.request(
+        `corrosion.${licenseId}.files.cmd`,
+        {
+          func: 'fm_save',
+          path: 'server://oxide/data/BetterLoot/LootGroups.json',
+          content: lootGroupsJson,
+        },
+        30000,
+      );
+
+      // Reload BetterLoot plugin via RCON
+      await this.natsService.publish(
+        `corrosion.${licenseId}.cmd.server`,
+        {
+          action: 'command',
+          command: 'oxide.reload BetterLoot',
+          timestamp: new Date().toISOString(),
+        },
+      );
+
+      // Mark this profile as active, deactivate others
+      await this.lootRepo.update({ license_id: licenseId }, { is_active: false });
+      await this.lootRepo.update(
+        { id: profileId, license_id: licenseId },
+        { is_active: true, updated_at: new Date() },
+      );
+
+      return {
+        success: true,
+        message: `Profile "${profile.profile_name}" applied with ${multiplier}x multiplier`,
+        profile_name: profile.profile_name,
+        multiplier,
+      };
+    } catch (error) {
+      this.logger.error(`Failed to apply loot profile: ${(error as Error).message}`);
+      throw new HttpException(
+        'Failed to apply loot profile — agent may be offline',
+        HttpStatus.SERVICE_UNAVAILABLE,
+      );
+    }
+  }
+
+  /** Import BetterLoot/Looty JSON as a new profile */
+  async importProfile(licenseId: string, dto: ImportLootProfileDto) {
+    const profile = this.lootRepo.create({
+      license_id: licenseId,
+      profile_name: dto.profile_name,
+      description: dto.description || 'Imported profile',
+      loot_table: dto.loot_table,
+      loot_groups: dto.loot_groups || {},
+    });
+    const saved = await this.lootRepo.save(profile);
+    return { profile: saved };
+  }
+
+  /** Export profile as BetterLoot-compatible JSON with optional multiplier */
+  async exportProfile(licenseId: string, profileId: string, multiplier: number) {
+    const profile = await this.lootRepo.findOne({
+      where: { id: profileId, license_id: licenseId },
+    });
+    if (!profile) throw new NotFoundException('Loot profile not found');
+
+    const exportTable = JSON.parse(JSON.stringify(profile.loot_table));
+    const exportGroups = JSON.parse(JSON.stringify(profile.loot_groups));
+
+    if (multiplier && multiplier !== 1) {
+      this.applyMultiplierToTable(exportTable, multiplier);
+      this.applyMultiplierToGroups(exportGroups, multiplier);
+    }
+
+    return {
+      profile_name: profile.profile_name,
+      multiplier: multiplier || 1,
+      loot_table: exportTable,
+      loot_groups: exportGroups,
+    };
+  }
+
+  /** Get static list of Rust container prefabs */
+  getContainers() {
+    return { containers: RUST_CONTAINERS };
+  }
+
+  // --- Multiplier helpers ---
+
+  private applyMultiplierToTable(table: Record<string, any>, multiplier: number) {
+    for (const prefab of Object.values(table)) {
+      if (prefab?.ItemSettings) {
+        this.scaleField(prefab.ItemSettings, 'ItemsMin', multiplier);
+        this.scaleField(prefab.ItemSettings, 'ItemsMax', multiplier);
+        this.scaleField(prefab.ItemSettings, 'MinScrap', multiplier);
+        this.scaleField(prefab.ItemSettings, 'MaxScrap', multiplier);
+      }
+      if (prefab?.GuaranteedItems) {
+        this.scaleItems(prefab.GuaranteedItems, multiplier);
+      }
+      if (prefab?.UngroupedItems) {
+        this.scaleItems(prefab.UngroupedItems, multiplier);
+      }
+    }
+  }
+
+  private applyMultiplierToGroups(groups: Record<string, any>, multiplier: number) {
+    for (const group of Object.values(groups)) {
+      if (group?.GuaranteedItems) {
+        this.scaleItems(group.GuaranteedItems, multiplier);
+      }
+      if (group?.ItemList) {
+        this.scaleItems(group.ItemList, multiplier);
+      }
+    }
+  }
+
+  private scaleItems(items: Record<string, any>, multiplier: number) {
+    for (const item of Object.values(items)) {
+      this.scaleField(item, 'Min', multiplier);
+      this.scaleField(item, 'Max', multiplier);
+      // Recursively scale bonus items
+      if (item?.BonusItems) {
+        this.scaleItems(item.BonusItems, multiplier);
+      }
+    }
+  }
+
+  private scaleField(obj: Record<string, any>, field: string, multiplier: number) {
+    if (typeof obj[field] === 'number') {
+      obj[field] = Math.round(obj[field] * multiplier);
+    }
+  }
+}

backend-nest/src/modules/raidablebases/dto/create-raidablebases-config.dto.ts

@@ -0,0 +1,19 @@
+import { IsString, IsOptional, IsObject, MaxLength } from 'class-validator';
+import { ApiProperty, ApiPropertyOptional } from '@nestjs/swagger';
+
+export class CreateRaidableBasesConfigDto {
+  @ApiProperty({ example: 'Default RaidableBases Config' })
+  @IsString()
+  @MaxLength(100)
+  config_name: string;
+
+  @ApiPropertyOptional({ example: 'Standard RaidableBases settings' })
+  @IsString()
+  @IsOptional()
+  description?: string;
+
+  @ApiPropertyOptional()
+  @IsObject()
+  @IsOptional()
+  config_data?: Record<string, any>;
+}

backend-nest/src/modules/raidablebases/dto/import-raidablebases-config.dto.ts

@@ -0,0 +1,14 @@
+import { IsString, IsOptional, MaxLength } from 'class-validator';
+import { ApiProperty, ApiPropertyOptional } from '@nestjs/swagger';
+
+export class ImportRaidableBasesConfigDto {
+  @ApiProperty({ example: 'Server Import' })
+  @IsString()
+  @MaxLength(100)
+  config_name: string;
+
+  @ApiPropertyOptional({ example: 'Imported from live server' })
+  @IsString()
+  @IsOptional()
+  description?: string;
+}

backend-nest/src/modules/raidablebases/dto/update-raidablebases-config.dto.ts

@@ -0,0 +1,25 @@
+import { IsString, IsOptional, IsObject, IsBoolean, MaxLength } from 'class-validator';
+import { ApiPropertyOptional } from '@nestjs/swagger';
+
+export class UpdateRaidableBasesConfigDto {
+  @ApiPropertyOptional({ example: 'Updated Config' })
+  @IsString()
+  @MaxLength(100)
+  @IsOptional()
+  config_name?: string;
+
+  @ApiPropertyOptional({ example: 'Updated description' })
+  @IsString()
+  @IsOptional()
+  description?: string;
+
+  @ApiPropertyOptional()
+  @IsObject()
+  @IsOptional()
+  config_data?: Record<string, any>;
+
+  @ApiPropertyOptional()
+  @IsBoolean()
+  @IsOptional()
+  is_active?: boolean;
+}

backend-nest/src/modules/raidablebases/raidablebases.controller.ts

@@ -0,0 +1,80 @@
+import {
+  Controller,
+  Get,
+  Post,
+  Put,
+  Delete,
+  Body,
+  Param,
+  UseGuards,
+} from '@nestjs/common';
+import { ApiTags, ApiBearerAuth, ApiOperation } from '@nestjs/swagger';
+import { RaidableBasesService } from './raidablebases.service';
+import { CreateRaidableBasesConfigDto } from './dto/create-raidablebases-config.dto';
+import { UpdateRaidableBasesConfigDto } from './dto/update-raidablebases-config.dto';
+import { ImportRaidableBasesConfigDto } from './dto/import-raidablebases-config.dto';
+import { CurrentTenant } from '../../common/decorators/current-tenant.decorator';
+import { RequirePermission } from '../../common/decorators/require-permission.decorator';
+import { JwtAuthGuard } from '../../common/guards/jwt-auth.guard';
+import { PermissionsGuard } from '../../common/guards/permissions.guard';
+
+@ApiTags('raidablebases')
+@ApiBearerAuth()
+@Controller('raidablebases')
+@UseGuards(JwtAuthGuard, PermissionsGuard)
+export class RaidableBasesController {
+  constructor(private readonly raidableBasesService: RaidableBasesService) {}
+
+  @Get('configs')
+  @RequirePermission('raidablebases.view')
+  @ApiOperation({ summary: 'List RaidableBases configs (summaries)' })
+  getConfigs(@CurrentTenant() licenseId: string) {
+    return this.raidableBasesService.getConfigs(licenseId);
+  }
+
+  @Get('configs/:id')
+  @RequirePermission('raidablebases.view')
+  @ApiOperation({ summary: 'Get full RaidableBases config with data' })
+  getConfig(@CurrentTenant() licenseId: string, @Param('id') id: string) {
+    return this.raidableBasesService.getConfig(licenseId, id);
+  }
+
+  @Post('configs')
+  @RequirePermission('raidablebases.manage')
+  @ApiOperation({ summary: 'Create RaidableBases config' })
+  createConfig(@CurrentTenant() licenseId: string, @Body() dto: CreateRaidableBasesConfigDto) {
+    return this.raidableBasesService.createConfig(licenseId, dto);
+  }
+
+  @Put('configs/:id')
+  @RequirePermission('raidablebases.manage')
+  @ApiOperation({ summary: 'Update RaidableBases config' })
+  updateConfig(
+    @CurrentTenant() licenseId: string,
+    @Param('id') id: string,
+    @Body() dto: UpdateRaidableBasesConfigDto,
+  ) {
+    return this.raidableBasesService.updateConfig(licenseId, id, dto);
+  }
+
+  @Delete('configs/:id')
+  @RequirePermission('raidablebases.manage')
+  @ApiOperation({ summary: 'Delete RaidableBases config' })
+  deleteConfig(@CurrentTenant() licenseId: string, @Param('id') id: string) {
+    return this.raidableBasesService.deleteConfig(licenseId, id);
+  }
+
+  @Post('configs/:id/apply')
+  @RequirePermission('raidablebases.manage')
+  @ApiOperation({ summary: 'Deploy RaidableBases config to server' })
+  applyToServer(@CurrentTenant() licenseId: string, @Param('id') id: string) {
+    return this.raidableBasesService.applyToServer(licenseId, id);
+  }
+
+  @Post('import-from-server')
+  @RequirePermission('raidablebases.manage')
+  @ApiOperation({ summary: 'Import RaidableBases.json from server via NATS' })
+  importFromServer(@CurrentTenant() licenseId: string, @Body() dto: ImportRaidableBasesConfigDto) {
+    return this.raidableBasesService.importFromServer(licenseId, dto.config_name, dto.description);
+  }
+}

backend-nest/src/modules/raidablebases/raidablebases.module.ts

@@ -0,0 +1,14 @@
+import { Module } from '@nestjs/common';
+import { TypeOrmModule } from '@nestjs/typeorm';
+import { RaidableBasesController } from './raidablebases.controller';
+import { RaidableBasesService } from './raidablebases.service';
+import { RaidableBasesConfig } from '../../entities/raidablebases-config.entity';
+import { NatsService } from '../../services/nats.service';
+
+@Module({
+  imports: [TypeOrmModule.forFeature([RaidableBasesConfig])],
+  controllers: [RaidableBasesController],
+  providers: [RaidableBasesService, NatsService],
+  exports: [RaidableBasesService],
+})
+export class RaidableBasesModule {}

backend-nest/src/modules/raidablebases/raidablebases.service.ts

@@ -0,0 +1,180 @@
+import { Injectable, Logger, NotFoundException, HttpException, HttpStatus } from '@nestjs/common';
+import { InjectRepository } from '@nestjs/typeorm';
+import { Repository } from 'typeorm';
+import { RaidableBasesConfig } from '../../entities/raidablebases-config.entity';
+import { NatsService } from '../../services/nats.service';
+import { CreateRaidableBasesConfigDto } from './dto/create-raidablebases-config.dto';
+import { UpdateRaidableBasesConfigDto } from './dto/update-raidablebases-config.dto';
+
+@Injectable()
+export class RaidableBasesService {
+  private readonly logger = new Logger(RaidableBasesService.name);
+
+  constructor(
+    @InjectRepository(RaidableBasesConfig)
+    private readonly raidableBasesRepo: Repository<RaidableBasesConfig>,
+    private readonly natsService: NatsService,
+  ) {}
+
+  /** List configs for a license (summaries — no JSONB) */
+  async getConfigs(licenseId: string) {
+    const configs = await this.raidableBasesRepo.find({
+      where: { license_id: licenseId },
+      select: ['id', 'config_name', 'description', 'is_active', 'created_at', 'updated_at'],
+      order: { created_at: 'DESC' },
+    });
+    return { configs };
+  }
+
+  /** Get full config with JSONB data */
+  async getConfig(licenseId: string, configId: string) {
+    const config = await this.raidableBasesRepo.findOne({
+      where: { id: configId, license_id: licenseId },
+    });
+    if (!config) throw new NotFoundException('RaidableBases config not found');
+    return { config };
+  }
+
+  /** Create a new config */
+  async createConfig(licenseId: string, dto: CreateRaidableBasesConfigDto) {
+    const config = this.raidableBasesRepo.create({
+      license_id: licenseId,
+      config_name: dto.config_name,
+      description: dto.description || null,
+      config_data: dto.config_data || {},
+    });
+    const saved = await this.raidableBasesRepo.save(config);
+    return { config: saved };
+  }
+
+  /** Update an existing config */
+  async updateConfig(licenseId: string, configId: string, dto: UpdateRaidableBasesConfigDto) {
+    const config = await this.raidableBasesRepo.findOne({
+      where: { id: configId, license_id: licenseId },
+    });
+    if (!config) throw new NotFoundException('RaidableBases config not found');
+
+    if (dto.config_name !== undefined) config.config_name = dto.config_name;
+    if (dto.description !== undefined) config.description = dto.description;
+    if (dto.config_data !== undefined) config.config_data = dto.config_data;
+    if (dto.is_active !== undefined) config.is_active = dto.is_active;
+    config.updated_at = new Date();
+
+    const saved = await this.raidableBasesRepo.save(config);
+    return { config: saved };
+  }
+
+  /** Delete a config */
+  async deleteConfig(licenseId: string, configId: string) {
+    const result = await this.raidableBasesRepo.delete({ id: configId, license_id: licenseId });
+    if (result.affected === 0) throw new NotFoundException('RaidableBases config not found');
+    return { deleted: true };
+  }
+
+  /** Deploy config to game server via NATS */
+  async applyToServer(licenseId: string, configId: string) {
+    const config = await this.raidableBasesRepo.findOne({
+      where: { id: configId, license_id: licenseId },
+    });
+    if (!config) throw new NotFoundException('RaidableBases config not found');
+
+    const jsonString = JSON.stringify(config.config_data, null, 2);
+
+    try {
+      // Write RaidableBases.json via file manager NATS
+      await this.natsService.request(
+        `corrosion.${licenseId}.files.cmd`,
+        {
+          func: 'fm_save',
+          path: 'server://oxide/config/RaidableBases.json',
+          content: jsonString,
+        },
+        30000,
+      );
+
+      // Reload RaidableBases plugin via RCON
+      await this.natsService.publish(
+        `corrosion.${licenseId}.cmd.server`,
+        {
+          action: 'command',
+          command: 'oxide.reload RaidableBases',
+          timestamp: new Date().toISOString(),
+        },
+      );
+
+      // Mark this config as active, deactivate others
+      await this.raidableBasesRepo.update({ license_id: licenseId }, { is_active: false });
+      await this.raidableBasesRepo.update(
+        { id: configId, license_id: licenseId },
+        { is_active: true, updated_at: new Date() },
+      );
+
+      return {
+        success: true,
+        message: `Config "${config.config_name}" deployed to server`,
+        config_name: config.config_name,
+      };
+    } catch (error) {
+      this.logger.error(`Failed to deploy RaidableBases config: ${(error as Error).message}`);
+      throw new HttpException(
+        'Failed to deploy RaidableBases config — agent may be offline',
+        HttpStatus.SERVICE_UNAVAILABLE,
+      );
+    }
+  }
+
+  /** Import RaidableBases.json from game server via NATS */
+  async importFromServer(licenseId: string, configName: string, description?: string) {
+    try {
+      // Read RaidableBases.json from server via file manager NATS
+      const response = await this.natsService.request(
+        `corrosion.${licenseId}.files.cmd`,
+        {
+          func: 'fm_preview',
+          path: 'server://oxide/config/RaidableBases.json',
+        },
+        30000,
+      );
+
+      if (!response) {
+        throw new HttpException(
+          'No response from agent — it may be offline',
+          HttpStatus.SERVICE_UNAVAILABLE,
+        );
+      }
+
+      // Parse the response content as JSON
+      const responseData = response as Record<string, any>;
+      let configData: Record<string, any>;
+
+      if (typeof responseData.content === 'string') {
+        configData = JSON.parse(responseData.content);
+      } else if (typeof responseData.content === 'object') {
+        configData = responseData.content;
+      } else {
+        throw new HttpException(
+          'Unexpected response format from agent',
+          HttpStatus.BAD_GATEWAY,
+        );
+      }
+
+      // Create new RaidableBases config row
+      const config = this.raidableBasesRepo.create({
+        license_id: licenseId,
+        config_name: configName,
+        description: description || 'Imported from server',
+        config_data: configData,
+      });
+      const saved = await this.raidableBasesRepo.save(config);
+
+      return { config: saved };
+    } catch (error) {
+      if (error instanceof HttpException) throw error;
+      this.logger.error(`Failed to import RaidableBases config from server: ${(error as Error).message}`);
+      throw new HttpException(
+        'Failed to import RaidableBases config — agent may be offline',
+        HttpStatus.SERVICE_UNAVAILABLE,
+      );
+    }
+  }
+}

backend-nest/src/modules/servers/servers.controller.ts

@@ -73,4 +73,11 @@ export class ServersController {
   ) {
     return await this.serversService.deployServer(licenseId, dto);
   }
+
+  @Post('install-oxide')
+  @RequirePermission('server.manage')
+  @ApiOperation({ summary: 'Install Oxide/uMod via companion agent' })
+  async installOxide(@CurrentTenant() licenseId: string) {
+    return await this.serversService.installOxide(licenseId);
+  }
 }

backend-nest/src/modules/servers/servers.service.ts

@@ -103,4 +103,12 @@ export class ServersService {
     await this.natsService.sendDeployCommand(licenseId, { ...dto });
     return { message: 'Deployment started' };
   }
+
+  /**
+   * Install Oxide/uMod via companion agent
+   */
+  async installOxide(licenseId: string) {
+    await this.natsService.sendOxideInstallCommand(licenseId);
+    return { message: 'Oxide installation started' };
+  }
 }

backend-nest/src/modules/teleport/dto/create-teleport-config.dto.ts

@@ -0,0 +1,19 @@
+import { IsString, IsOptional, IsObject, MaxLength } from 'class-validator';
+import { ApiProperty, ApiPropertyOptional } from '@nestjs/swagger';
+
+export class CreateTeleportConfigDto {
+  @ApiProperty({ example: 'Default Config' })
+  @IsString()
+  @MaxLength(100)
+  config_name: string;
+
+  @ApiPropertyOptional({ example: 'Standard NTeleportation settings' })
+  @IsString()
+  @IsOptional()
+  description?: string;
+
+  @ApiPropertyOptional()
+  @IsObject()
+  @IsOptional()
+  config_data?: Record<string, any>;
+}

backend-nest/src/modules/teleport/dto/import-teleport-config.dto.ts

@@ -0,0 +1,14 @@
+import { IsString, IsOptional, MaxLength } from 'class-validator';
+import { ApiProperty, ApiPropertyOptional } from '@nestjs/swagger';
+
+export class ImportTeleportConfigDto {
+  @ApiProperty({ example: 'Server Import' })
+  @IsString()
+  @MaxLength(100)
+  config_name: string;
+
+  @ApiPropertyOptional({ example: 'Imported from live server' })
+  @IsString()
+  @IsOptional()
+  description?: string;
+}

backend-nest/src/modules/teleport/dto/update-teleport-config.dto.ts

@@ -0,0 +1,25 @@
+import { IsString, IsOptional, IsObject, IsBoolean, MaxLength } from 'class-validator';
+import { ApiPropertyOptional } from '@nestjs/swagger';
+
+export class UpdateTeleportConfigDto {
+  @ApiPropertyOptional({ example: 'Updated Config' })
+  @IsString()
+  @MaxLength(100)
+  @IsOptional()
+  config_name?: string;
+
+  @ApiPropertyOptional({ example: 'Updated description' })
+  @IsString()
+  @IsOptional()
+  description?: string;
+
+  @ApiPropertyOptional()
+  @IsObject()
+  @IsOptional()
+  config_data?: Record<string, any>;
+
+  @ApiPropertyOptional()
+  @IsBoolean()
+  @IsOptional()
+  is_active?: boolean;
+}

backend-nest/src/modules/teleport/teleport.controller.ts

@@ -0,0 +1,80 @@
+import {
+  Controller,
+  Get,
+  Post,
+  Put,
+  Delete,
+  Body,
+  Param,
+  UseGuards,
+} from '@nestjs/common';
+import { ApiTags, ApiBearerAuth, ApiOperation } from '@nestjs/swagger';
+import { TeleportService } from './teleport.service';
+import { CreateTeleportConfigDto } from './dto/create-teleport-config.dto';
+import { UpdateTeleportConfigDto } from './dto/update-teleport-config.dto';
+import { ImportTeleportConfigDto } from './dto/import-teleport-config.dto';
+import { CurrentTenant } from '../../common/decorators/current-tenant.decorator';
+import { RequirePermission } from '../../common/decorators/require-permission.decorator';
+import { JwtAuthGuard } from '../../common/guards/jwt-auth.guard';
+import { PermissionsGuard } from '../../common/guards/permissions.guard';
+
+@ApiTags('teleport')
+@ApiBearerAuth()
+@Controller('teleport')
+@UseGuards(JwtAuthGuard, PermissionsGuard)
+export class TeleportController {
+  constructor(private readonly teleportService: TeleportService) {}
+
+  @Get('configs')
+  @RequirePermission('teleport.view')
+  @ApiOperation({ summary: 'List teleport configs (summaries)' })
+  getConfigs(@CurrentTenant() licenseId: string) {
+    return this.teleportService.getConfigs(licenseId);
+  }
+
+  @Get('configs/:id')
+  @RequirePermission('teleport.view')
+  @ApiOperation({ summary: 'Get full teleport config with data' })
+  getConfig(@CurrentTenant() licenseId: string, @Param('id') id: string) {
+    return this.teleportService.getConfig(licenseId, id);
+  }
+
+  @Post('configs')
+  @RequirePermission('teleport.manage')
+  @ApiOperation({ summary: 'Create teleport config' })
+  createConfig(@CurrentTenant() licenseId: string, @Body() dto: CreateTeleportConfigDto) {
+    return this.teleportService.createConfig(licenseId, dto);
+  }
+
+  @Put('configs/:id')
+  @RequirePermission('teleport.manage')
+  @ApiOperation({ summary: 'Update teleport config' })
+  updateConfig(
+    @CurrentTenant() licenseId: string,
+    @Param('id') id: string,
+    @Body() dto: UpdateTeleportConfigDto,
+  ) {
+    return this.teleportService.updateConfig(licenseId, id, dto);
+  }
+
+  @Delete('configs/:id')
+  @RequirePermission('teleport.manage')
+  @ApiOperation({ summary: 'Delete teleport config' })
+  deleteConfig(@CurrentTenant() licenseId: string, @Param('id') id: string) {
+    return this.teleportService.deleteConfig(licenseId, id);
+  }
+
+  @Post('configs/:id/apply')
+  @RequirePermission('teleport.manage')
+  @ApiOperation({ summary: 'Deploy teleport config to server' })
+  applyToServer(@CurrentTenant() licenseId: string, @Param('id') id: string) {
+    return this.teleportService.applyToServer(licenseId, id);
+  }
+
+  @Post('import-from-server')
+  @RequirePermission('teleport.manage')
+  @ApiOperation({ summary: 'Import NTeleportation.json from server via NATS' })
+  importFromServer(@CurrentTenant() licenseId: string, @Body() dto: ImportTeleportConfigDto) {
+    return this.teleportService.importFromServer(licenseId, dto.config_name, dto.description);
+  }
+}

backend-nest/src/modules/teleport/teleport.module.ts

@@ -0,0 +1,14 @@
+import { Module } from '@nestjs/common';
+import { TypeOrmModule } from '@nestjs/typeorm';
+import { TeleportController } from './teleport.controller';
+import { TeleportService } from './teleport.service';
+import { TeleportConfig } from '../../entities/teleport-config.entity';
+import { NatsService } from '../../services/nats.service';
+
+@Module({
+  imports: [TypeOrmModule.forFeature([TeleportConfig])],
+  controllers: [TeleportController],
+  providers: [TeleportService, NatsService],
+  exports: [TeleportService],
+})
+export class TeleportModule {}

backend-nest/src/modules/teleport/teleport.service.ts

@@ -0,0 +1,180 @@
+import { Injectable, Logger, NotFoundException, HttpException, HttpStatus } from '@nestjs/common';
+import { InjectRepository } from '@nestjs/typeorm';
+import { Repository } from 'typeorm';
+import { TeleportConfig } from '../../entities/teleport-config.entity';
+import { NatsService } from '../../services/nats.service';
+import { CreateTeleportConfigDto } from './dto/create-teleport-config.dto';
+import { UpdateTeleportConfigDto } from './dto/update-teleport-config.dto';
+
+@Injectable()
+export class TeleportService {
+  private readonly logger = new Logger(TeleportService.name);
+
+  constructor(
+    @InjectRepository(TeleportConfig)
+    private readonly teleportRepo: Repository<TeleportConfig>,
+    private readonly natsService: NatsService,
+  ) {}
+
+  /** List configs for a license (summaries — no JSONB) */
+  async getConfigs(licenseId: string) {
+    const configs = await this.teleportRepo.find({
+      where: { license_id: licenseId },
+      select: ['id', 'config_name', 'description', 'is_active', 'created_at', 'updated_at'],
+      order: { created_at: 'DESC' },
+    });
+    return { configs };
+  }
+
+  /** Get full config with JSONB data */
+  async getConfig(licenseId: string, configId: string) {
+    const config = await this.teleportRepo.findOne({
+      where: { id: configId, license_id: licenseId },
+    });
+    if (!config) throw new NotFoundException('Teleport config not found');
+    return { config };
+  }
+
+  /** Create a new config */
+  async createConfig(licenseId: string, dto: CreateTeleportConfigDto) {
+    const config = this.teleportRepo.create({
+      license_id: licenseId,
+      config_name: dto.config_name,
+      description: dto.description || null,
+      config_data: dto.config_data || {},
+    });
+    const saved = await this.teleportRepo.save(config);
+    return { config: saved };
+  }
+
+  /** Update an existing config */
+  async updateConfig(licenseId: string, configId: string, dto: UpdateTeleportConfigDto) {
+    const config = await this.teleportRepo.findOne({
+      where: { id: configId, license_id: licenseId },
+    });
+    if (!config) throw new NotFoundException('Teleport config not found');
+
+    if (dto.config_name !== undefined) config.config_name = dto.config_name;
+    if (dto.description !== undefined) config.description = dto.description;
+    if (dto.config_data !== undefined) config.config_data = dto.config_data;
+    if (dto.is_active !== undefined) config.is_active = dto.is_active;
+    config.updated_at = new Date();
+
+    const saved = await this.teleportRepo.save(config);
+    return { config: saved };
+  }
+
+  /** Delete a config */
+  async deleteConfig(licenseId: string, configId: string) {
+    const result = await this.teleportRepo.delete({ id: configId, license_id: licenseId });
+    if (result.affected === 0) throw new NotFoundException('Teleport config not found');
+    return { deleted: true };
+  }
+
+  /** Deploy config to game server via NATS */
+  async applyToServer(licenseId: string, configId: string) {
+    const config = await this.teleportRepo.findOne({
+      where: { id: configId, license_id: licenseId },
+    });
+    if (!config) throw new NotFoundException('Teleport config not found');
+
+    const jsonString = JSON.stringify(config.config_data, null, 2);
+
+    try {
+      // Write NTeleportation.json via file manager NATS
+      await this.natsService.request(
+        `corrosion.${licenseId}.files.cmd`,
+        {
+          func: 'fm_save',
+          path: 'server://oxide/config/NTeleportation.json',
+          content: jsonString,
+        },
+        30000,
+      );
+
+      // Reload NTeleportation plugin via RCON
+      await this.natsService.publish(
+        `corrosion.${licenseId}.cmd.server`,
+        {
+          action: 'command',
+          command: 'oxide.reload NTeleportation',
+          timestamp: new Date().toISOString(),
+        },
+      );
+
+      // Mark this config as active, deactivate others
+      await this.teleportRepo.update({ license_id: licenseId }, { is_active: false });
+      await this.teleportRepo.update(
+        { id: configId, license_id: licenseId },
+        { is_active: true, updated_at: new Date() },
+      );
+
+      return {
+        success: true,
+        message: `Config "${config.config_name}" deployed to server`,
+        config_name: config.config_name,
+      };
+    } catch (error) {
+      this.logger.error(`Failed to deploy teleport config: ${(error as Error).message}`);
+      throw new HttpException(
+        'Failed to deploy teleport config — agent may be offline',
+        HttpStatus.SERVICE_UNAVAILABLE,
+      );
+    }
+  }
+
+  /** Import NTeleportation.json from game server via NATS */
+  async importFromServer(licenseId: string, configName: string, description?: string) {
+    try {
+      // Read NTeleportation.json from server via file manager NATS
+      const response = await this.natsService.request(
+        `corrosion.${licenseId}.files.cmd`,
+        {
+          func: 'fm_preview',
+          path: 'server://oxide/config/NTeleportation.json',
+        },
+        30000,
+      );
+
+      if (!response) {
+        throw new HttpException(
+          'No response from agent — it may be offline',
+          HttpStatus.SERVICE_UNAVAILABLE,
+        );
+      }
+
+      // Parse the response content as JSON
+      const responseData = response as Record<string, any>;
+      let configData: Record<string, any>;
+
+      if (typeof responseData.content === 'string') {
+        configData = JSON.parse(responseData.content);
+      } else if (typeof responseData.content === 'object') {
+        configData = responseData.content;
+      } else {
+        throw new HttpException(
+          'Unexpected response format from agent',
+          HttpStatus.BAD_GATEWAY,
+        );
+      }
+
+      // Create new teleport config row
+      const config = this.teleportRepo.create({
+        license_id: licenseId,
+        config_name: configName,
+        description: description || 'Imported from server',
+        config_data: configData,
+      });
+      const saved = await this.teleportRepo.save(config);
+
+      return { config: saved };
+    } catch (error) {
+      if (error instanceof HttpException) throw error;
+      this.logger.error(`Failed to import teleport config from server: ${(error as Error).message}`);
+      throw new HttpException(
+        'Failed to import teleport config — agent may be offline',
+        HttpStatus.SERVICE_UNAVAILABLE,
+      );
+    }
+  }
+}

backend-nest/src/modules/timedexecute/dto/create-timedexecute-config.dto.ts

@@ -0,0 +1,19 @@
+import { IsString, IsOptional, IsObject, MaxLength } from 'class-validator';
+import { ApiProperty, ApiPropertyOptional } from '@nestjs/swagger';
+
+export class CreateTimedExecuteConfigDto {
+  @ApiProperty({ example: 'Default Timer Config' })
+  @IsString()
+  @MaxLength(100)
+  config_name: string;
+
+  @ApiPropertyOptional({ example: 'Standard TimedExecute settings' })
+  @IsString()
+  @IsOptional()
+  description?: string;
+
+  @ApiPropertyOptional()
+  @IsObject()
+  @IsOptional()
+  config_data?: Record<string, any>;
+}

backend-nest/src/modules/timedexecute/dto/import-timedexecute-config.dto.ts

@@ -0,0 +1,14 @@
+import { IsString, IsOptional, MaxLength } from 'class-validator';
+import { ApiProperty, ApiPropertyOptional } from '@nestjs/swagger';
+
+export class ImportTimedExecuteConfigDto {
+  @ApiProperty({ example: 'Server Import' })
+  @IsString()
+  @MaxLength(100)
+  config_name: string;
+
+  @ApiPropertyOptional({ example: 'Imported from live server' })
+  @IsString()
+  @IsOptional()
+  description?: string;
+}

backend-nest/src/modules/timedexecute/dto/update-timedexecute-config.dto.ts

@@ -0,0 +1,25 @@
+import { IsString, IsOptional, IsObject, IsBoolean, MaxLength } from 'class-validator';
+import { ApiPropertyOptional } from '@nestjs/swagger';
+
+export class UpdateTimedExecuteConfigDto {
+  @ApiPropertyOptional({ example: 'Updated Timer Config' })
+  @IsString()
+  @MaxLength(100)
+  @IsOptional()
+  config_name?: string;
+
+  @ApiPropertyOptional({ example: 'Updated description' })
+  @IsString()
+  @IsOptional()
+  description?: string;
+
+  @ApiPropertyOptional()
+  @IsObject()
+  @IsOptional()
+  config_data?: Record<string, any>;
+
+  @ApiPropertyOptional()
+  @IsBoolean()
+  @IsOptional()
+  is_active?: boolean;
+}

backend-nest/src/modules/timedexecute/timedexecute.controller.ts

@@ -0,0 +1,80 @@
+import {
+  Controller,
+  Get,
+  Post,
+  Put,
+  Delete,
+  Body,
+  Param,
+  UseGuards,
+} from '@nestjs/common';
+import { ApiTags, ApiBearerAuth, ApiOperation } from '@nestjs/swagger';
+import { TimedExecuteService } from './timedexecute.service';
+import { CreateTimedExecuteConfigDto } from './dto/create-timedexecute-config.dto';
+import { UpdateTimedExecuteConfigDto } from './dto/update-timedexecute-config.dto';
+import { ImportTimedExecuteConfigDto } from './dto/import-timedexecute-config.dto';
+import { CurrentTenant } from '../../common/decorators/current-tenant.decorator';
+import { RequirePermission } from '../../common/decorators/require-permission.decorator';
+import { JwtAuthGuard } from '../../common/guards/jwt-auth.guard';
+import { PermissionsGuard } from '../../common/guards/permissions.guard';
+
+@ApiTags('timedexecute')
+@ApiBearerAuth()
+@Controller('timedexecute')
+@UseGuards(JwtAuthGuard, PermissionsGuard)
+export class TimedExecuteController {
+  constructor(private readonly timedExecuteService: TimedExecuteService) {}
+
+  @Get('configs')
+  @RequirePermission('timedexecute.view')
+  @ApiOperation({ summary: 'List TimedExecute configs (summaries)' })
+  getConfigs(@CurrentTenant() licenseId: string) {
+    return this.timedExecuteService.getConfigs(licenseId);
+  }
+
+  @Get('configs/:id')
+  @RequirePermission('timedexecute.view')
+  @ApiOperation({ summary: 'Get full TimedExecute config with data' })
+  getConfig(@CurrentTenant() licenseId: string, @Param('id') id: string) {
+    return this.timedExecuteService.getConfig(licenseId, id);
+  }
+
+  @Post('configs')
+  @RequirePermission('timedexecute.manage')
+  @ApiOperation({ summary: 'Create TimedExecute config' })
+  createConfig(@CurrentTenant() licenseId: string, @Body() dto: CreateTimedExecuteConfigDto) {
+    return this.timedExecuteService.createConfig(licenseId, dto);
+  }
+
+  @Put('configs/:id')
+  @RequirePermission('timedexecute.manage')
+  @ApiOperation({ summary: 'Update TimedExecute config' })
+  updateConfig(
+    @CurrentTenant() licenseId: string,
+    @Param('id') id: string,
+    @Body() dto: UpdateTimedExecuteConfigDto,
+  ) {
+    return this.timedExecuteService.updateConfig(licenseId, id, dto);
+  }
+
+  @Delete('configs/:id')
+  @RequirePermission('timedexecute.manage')
+  @ApiOperation({ summary: 'Delete TimedExecute config' })
+  deleteConfig(@CurrentTenant() licenseId: string, @Param('id') id: string) {
+    return this.timedExecuteService.deleteConfig(licenseId, id);
+  }
+
+  @Post('configs/:id/apply')
+  @RequirePermission('timedexecute.manage')
+  @ApiOperation({ summary: 'Deploy TimedExecute config to server' })
+  applyToServer(@CurrentTenant() licenseId: string, @Param('id') id: string) {
+    return this.timedExecuteService.applyToServer(licenseId, id);
+  }
+
+  @Post('import-from-server')
+  @RequirePermission('timedexecute.manage')
+  @ApiOperation({ summary: 'Import TimedExecute.json from server via NATS' })
+  importFromServer(@CurrentTenant() licenseId: string, @Body() dto: ImportTimedExecuteConfigDto) {
+    return this.timedExecuteService.importFromServer(licenseId, dto.config_name, dto.description);
+  }
+}

backend-nest/src/modules/timedexecute/timedexecute.module.ts

@@ -0,0 +1,14 @@
+import { Module } from '@nestjs/common';
+import { TypeOrmModule } from '@nestjs/typeorm';
+import { TimedExecuteController } from './timedexecute.controller';
+import { TimedExecuteService } from './timedexecute.service';
+import { TimedExecuteConfig } from '../../entities/timedexecute-config.entity';
+import { NatsService } from '../../services/nats.service';
+
+@Module({
+  imports: [TypeOrmModule.forFeature([TimedExecuteConfig])],
+  controllers: [TimedExecuteController],
+  providers: [TimedExecuteService, NatsService],
+  exports: [TimedExecuteService],
+})
+export class TimedExecuteModule {}

backend-nest/src/modules/timedexecute/timedexecute.service.ts

@@ -0,0 +1,180 @@
+import { Injectable, Logger, NotFoundException, HttpException, HttpStatus } from '@nestjs/common';
+import { InjectRepository } from '@nestjs/typeorm';
+import { Repository } from 'typeorm';
+import { TimedExecuteConfig } from '../../entities/timedexecute-config.entity';
+import { NatsService } from '../../services/nats.service';
+import { CreateTimedExecuteConfigDto } from './dto/create-timedexecute-config.dto';
+import { UpdateTimedExecuteConfigDto } from './dto/update-timedexecute-config.dto';
+
+@Injectable()
+export class TimedExecuteService {
+  private readonly logger = new Logger(TimedExecuteService.name);
+
+  constructor(
+    @InjectRepository(TimedExecuteConfig)
+    private readonly repo: Repository<TimedExecuteConfig>,
+    private readonly natsService: NatsService,
+  ) {}
+
+  /** List configs for a license (summaries — no JSONB) */
+  async getConfigs(licenseId: string) {
+    const configs = await this.repo.find({
+      where: { license_id: licenseId },
+      select: ['id', 'config_name', 'description', 'is_active', 'created_at', 'updated_at'],
+      order: { created_at: 'DESC' },
+    });
+    return { configs };
+  }
+
+  /** Get full config with JSONB data */
+  async getConfig(licenseId: string, configId: string) {
+    const config = await this.repo.findOne({
+      where: { id: configId, license_id: licenseId },
+    });
+    if (!config) throw new NotFoundException('TimedExecute config not found');
+    return { config };
+  }
+
+  /** Create a new config */
+  async createConfig(licenseId: string, dto: CreateTimedExecuteConfigDto) {
+    const config = this.repo.create({
+      license_id: licenseId,
+      config_name: dto.config_name,
+      description: dto.description || null,
+      config_data: dto.config_data || {},
+    });
+    const saved = await this.repo.save(config);
+    return { config: saved };
+  }
+
+  /** Update an existing config */
+  async updateConfig(licenseId: string, configId: string, dto: UpdateTimedExecuteConfigDto) {
+    const config = await this.repo.findOne({
+      where: { id: configId, license_id: licenseId },
+    });
+    if (!config) throw new NotFoundException('TimedExecute config not found');
+
+    if (dto.config_name !== undefined) config.config_name = dto.config_name;
+    if (dto.description !== undefined) config.description = dto.description;
+    if (dto.config_data !== undefined) config.config_data = dto.config_data;
+    if (dto.is_active !== undefined) config.is_active = dto.is_active;
+    config.updated_at = new Date();
+
+    const saved = await this.repo.save(config);
+    return { config: saved };
+  }
+
+  /** Delete a config */
+  async deleteConfig(licenseId: string, configId: string) {
+    const result = await this.repo.delete({ id: configId, license_id: licenseId });
+    if (result.affected === 0) throw new NotFoundException('TimedExecute config not found');
+    return { deleted: true };
+  }
+
+  /** Deploy config to game server via NATS */
+  async applyToServer(licenseId: string, configId: string) {
+    const config = await this.repo.findOne({
+      where: { id: configId, license_id: licenseId },
+    });
+    if (!config) throw new NotFoundException('TimedExecute config not found');
+
+    const jsonString = JSON.stringify(config.config_data, null, 2);
+
+    try {
+      // Write TimedExecute.json via file manager NATS
+      await this.natsService.request(
+        `corrosion.${licenseId}.files.cmd`,
+        {
+          func: 'fm_save',
+          path: 'server://oxide/config/TimedExecute.json',
+          content: jsonString,
+        },
+        30000,
+      );
+
+      // Reload TimedExecute plugin via RCON
+      await this.natsService.publish(
+        `corrosion.${licenseId}.cmd.server`,
+        {
+          action: 'command',
+          command: 'oxide.reload TimedExecute',
+          timestamp: new Date().toISOString(),
+        },
+      );
+
+      // Mark this config as active, deactivate others
+      await this.repo.update({ license_id: licenseId }, { is_active: false });
+      await this.repo.update(
+        { id: configId, license_id: licenseId },
+        { is_active: true, updated_at: new Date() },
+      );
+
+      return {
+        success: true,
+        message: `Config "${config.config_name}" deployed to server`,
+        config_name: config.config_name,
+      };
+    } catch (error) {
+      this.logger.error(`Failed to deploy TimedExecute config: ${(error as Error).message}`);
+      throw new HttpException(
+        'Failed to deploy TimedExecute config — agent may be offline',
+        HttpStatus.SERVICE_UNAVAILABLE,
+      );
+    }
+  }
+
+  /** Import TimedExecute.json from game server via NATS */
+  async importFromServer(licenseId: string, configName: string, description?: string) {
+    try {
+      // Read TimedExecute.json from server via file manager NATS
+      const response = await this.natsService.request(
+        `corrosion.${licenseId}.files.cmd`,
+        {
+          func: 'fm_preview',
+          path: 'server://oxide/config/TimedExecute.json',
+        },
+        30000,
+      );
+
+      if (!response) {
+        throw new HttpException(
+          'No response from agent — it may be offline',
+          HttpStatus.SERVICE_UNAVAILABLE,
+        );
+      }
+
+      // Parse the response content as JSON
+      const responseData = response as Record<string, any>;
+      let configData: Record<string, any>;
+
+      if (typeof responseData.content === 'string') {
+        configData = JSON.parse(responseData.content);
+      } else if (typeof responseData.content === 'object') {
+        configData = responseData.content;
+      } else {
+        throw new HttpException(
+          'Unexpected response format from agent',
+          HttpStatus.BAD_GATEWAY,
+        );
+      }
+
+      // Create new config row
+      const config = this.repo.create({
+        license_id: licenseId,
+        config_name: configName,
+        description: description || 'Imported from server',
+        config_data: configData,
+      });
+      const saved = await this.repo.save(config);
+
+      return { config: saved };
+    } catch (error) {
+      if (error instanceof HttpException) throw error;
+      this.logger.error(`Failed to import TimedExecute config from server: ${(error as Error).message}`);
+      throw new HttpException(
+        'Failed to import TimedExecute config — agent may be offline',
+        HttpStatus.SERVICE_UNAVAILABLE,
+      );
+    }
+  }
+}

backend-nest/src/services/nats-bridge.service.ts

@@ -39,6 +39,11 @@ export class NatsBridgeService implements OnModuleInit {
       this.emit(licenseId, 'deploy_status', data);
     });
 
+    this.nats.subscribe('corrosion.*.oxide.status', (data, subject) => {
+      const licenseId = subject.split('.')[1];
+      this.emit(licenseId, 'oxide_status', data);
+    });
+
     this.logger.log('NATS bridge subscriptions initialized');
   }
 

backend-nest/src/services/nats.service.ts

@@ -79,4 +79,12 @@ export class NatsService implements OnModuleInit, OnModuleDestroy {
       timestamp: new Date().toISOString(),
     });
   }
+
+  /** Publish an Oxide install command to a specific license's companion agent */
+  async sendOxideInstallCommand(licenseId: string): Promise<void> {
+    await this.publish(`corrosion.${licenseId}.cmd.oxide`, {
+      action: 'install_oxide',
+      timestamp: new Date().toISOString(),
+    });
+  }
 }

backend/migrations/013_loot_profiles.sql

@@ -0,0 +1,13 @@
+-- Loot profiles for BetterLoot integration
+CREATE TABLE loot_profiles (
+    id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+    license_id UUID NOT NULL REFERENCES licenses(id) ON DELETE CASCADE,
+    profile_name VARCHAR(100) NOT NULL,
+    description TEXT,
+    loot_table JSONB NOT NULL DEFAULT '{}',
+    loot_groups JSONB NOT NULL DEFAULT '{}',
+    is_active BOOLEAN NOT NULL DEFAULT false,
+    created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
+    updated_at TIMESTAMPTZ NOT NULL DEFAULT NOW()
+);
+CREATE INDEX idx_loot_profiles_license ON loot_profiles(license_id);

backend/migrations/014_teleport_configs.sql

@@ -0,0 +1,12 @@
+-- Teleport configuration profiles for NTeleportation integration
+CREATE TABLE teleport_configs (
+    id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+    license_id UUID NOT NULL REFERENCES licenses(id) ON DELETE CASCADE,
+    config_name VARCHAR(100) NOT NULL,
+    description TEXT,
+    config_data JSONB NOT NULL DEFAULT '{}',
+    is_active BOOLEAN NOT NULL DEFAULT false,
+    created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
+    updated_at TIMESTAMPTZ NOT NULL DEFAULT NOW()
+);
+CREATE INDEX idx_teleport_configs_license ON teleport_configs(license_id);

backend/migrations/015_gather_configs.sql

@@ -0,0 +1,11 @@
+CREATE TABLE IF NOT EXISTS gather_configs (
+    id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+    license_id UUID NOT NULL REFERENCES licenses(id) ON DELETE CASCADE,
+    config_name VARCHAR(100) NOT NULL,
+    description TEXT,
+    config_data JSONB NOT NULL DEFAULT '{}',
+    is_active BOOLEAN NOT NULL DEFAULT false,
+    created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
+    updated_at TIMESTAMPTZ NOT NULL DEFAULT NOW()
+);
+CREATE INDEX idx_gather_configs_license ON gather_configs(license_id);

backend/migrations/016_kits_configs.sql

@@ -0,0 +1,11 @@
+CREATE TABLE IF NOT EXISTS kits_configs (
+    id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+    license_id UUID NOT NULL REFERENCES licenses(id) ON DELETE CASCADE,
+    config_name VARCHAR(100) NOT NULL,
+    description TEXT,
+    config_data JSONB NOT NULL DEFAULT '{}',
+    is_active BOOLEAN NOT NULL DEFAULT false,
+    created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
+    updated_at TIMESTAMPTZ NOT NULL DEFAULT NOW()
+);
+CREATE INDEX idx_kits_configs_license ON kits_configs(license_id);

backend/migrations/017_betterchat_configs.sql

@@ -0,0 +1,11 @@
+CREATE TABLE IF NOT EXISTS betterchat_configs (
+    id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+    license_id UUID NOT NULL REFERENCES licenses(id) ON DELETE CASCADE,
+    config_name VARCHAR(100) NOT NULL,
+    description TEXT,
+    config_data JSONB NOT NULL DEFAULT '{}',
+    is_active BOOLEAN NOT NULL DEFAULT false,
+    created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
+    updated_at TIMESTAMPTZ NOT NULL DEFAULT NOW()
+);
+CREATE INDEX idx_betterchat_configs_license ON betterchat_configs(license_id);

backend/migrations/018_autodoors_configs.sql

@@ -0,0 +1,11 @@
+CREATE TABLE IF NOT EXISTS autodoors_configs (
+    id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+    license_id UUID NOT NULL REFERENCES licenses(id) ON DELETE CASCADE,
+    config_name VARCHAR(100) NOT NULL,
+    description TEXT,
+    config_data JSONB NOT NULL DEFAULT '{}',
+    is_active BOOLEAN NOT NULL DEFAULT false,
+    created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
+    updated_at TIMESTAMPTZ NOT NULL DEFAULT NOW()
+);
+CREATE INDEX idx_autodoors_configs_license ON autodoors_configs(license_id);

backend/migrations/019_furnacesplitter_configs.sql

@@ -0,0 +1,11 @@
+CREATE TABLE IF NOT EXISTS furnacesplitter_configs (
+    id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+    license_id UUID NOT NULL REFERENCES licenses(id) ON DELETE CASCADE,
+    config_name VARCHAR(100) NOT NULL,
+    description TEXT,
+    config_data JSONB NOT NULL DEFAULT '{}',
+    is_active BOOLEAN NOT NULL DEFAULT false,
+    created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
+    updated_at TIMESTAMPTZ NOT NULL DEFAULT NOW()
+);
+CREATE INDEX idx_furnacesplitter_configs_license ON furnacesplitter_configs(license_id);

backend/migrations/020_timedexecute_configs.sql

@@ -0,0 +1,11 @@
+CREATE TABLE IF NOT EXISTS timedexecute_configs (
+    id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+    license_id UUID NOT NULL REFERENCES licenses(id) ON DELETE CASCADE,
+    config_name VARCHAR(100) NOT NULL,
+    description TEXT,
+    config_data JSONB NOT NULL DEFAULT '{}',
+    is_active BOOLEAN NOT NULL DEFAULT false,
+    created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
+    updated_at TIMESTAMPTZ NOT NULL DEFAULT NOW()
+);
+CREATE INDEX idx_timedexecute_configs_license ON timedexecute_configs(license_id);

backend/migrations/021_raidablebases_configs.sql

@@ -0,0 +1,11 @@
+CREATE TABLE IF NOT EXISTS raidablebases_configs (
+    id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+    license_id UUID NOT NULL REFERENCES licenses(id) ON DELETE CASCADE,
+    config_name VARCHAR(100) NOT NULL,
+    description TEXT,
+    config_data JSONB NOT NULL DEFAULT '{}',
+    is_active BOOLEAN NOT NULL DEFAULT false,
+    created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
+    updated_at TIMESTAMPTZ NOT NULL DEFAULT NOW()
+);
+CREATE INDEX idx_raidablebases_configs_license ON raidablebases_configs(license_id);

companion-agent/cmd/agent/main.go

@@ -31,6 +31,10 @@ type Config struct {
 	// Install directory for deployment
 	InstallDir string `envconfig:"INSTALL_DIR" default:""`
 
+	// RCON configuration
+	RconPort     int    `envconfig:"RCON_PORT" default:"28016"`
+	RconPassword string `envconfig:"RCON_PASSWORD" default:""`
+
 	// Optional settings
 	HeartbeatInterval int `envconfig:"HEARTBEAT_INTERVAL" default:"60"`
 	LogLevel          string `envconfig:"LOG_LEVEL" default:"info"`
@@ -63,6 +67,7 @@ func main() {
 	log.Printf("  Game Server Path: %s", cfg.GameServerPath)
 	log.Printf("  SteamCMD Path: %s", cfg.SteamCMDPath)
 	log.Printf("  Install Dir: %s", cfg.InstallDir)
+	log.Printf("  RCON Port: %d", cfg.RconPort)
 	log.Printf("  Heartbeat Interval: %ds", cfg.HeartbeatInterval)
 
 	// Create context with signal handling for graceful shutdown
@@ -88,6 +93,8 @@ func main() {
 		GameServerArgs:    cfg.GameServerArgs,
 		Version:           version,
 		InstallDir:        cfg.InstallDir,
+		RconPort:          cfg.RconPort,
+		RconPassword:      cfg.RconPassword,
 	}
 
 	// Start daemon

companion-agent/go.mod

@@ -8,6 +8,7 @@ require (
 )
 
 require (
+	github.com/gorilla/websocket v1.5.3 // indirect
 	github.com/klauspost/compress v1.17.0 // indirect
 	github.com/nats-io/nkeys v0.4.5 // indirect
 	github.com/nats-io/nuid v1.0.1 // indirect

companion-agent/go.sum

@@ -1,3 +1,5 @@
+github.com/gorilla/websocket v1.5.3 h1:saDtZ6Pbx/0u+bgYQ3q96pZgCzfhKXGPqt7kZ72aNNg=
+github.com/gorilla/websocket v1.5.3/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
 github.com/kelseyhightower/envconfig v1.4.0 h1:Im6hONhd3pLkfDFsbRgu68RDNkGF1r3dvMUtDTo2cv8=
 github.com/kelseyhightower/envconfig v1.4.0/go.mod h1:cccZRl6mQpaq41TPp5QxidR+Sa3axMbJDNb//FQX6Gg=
 github.com/klauspost/compress v1.17.0 h1:Rnbp4K9EjcDuVuHtd0dgA4qNuv9yKDYKK1ulpJwgrqM=

companion-agent/internal/app/daemon.go

@@ -11,8 +11,10 @@ import (
 	"github.com/nats-io/nats.go"
 	"github.com/vigilcyber/corrosion-companion/internal/deploy"
 	"github.com/vigilcyber/corrosion-companion/internal/filemanager"
+	"github.com/vigilcyber/corrosion-companion/internal/oxide"
 	"github.com/vigilcyber/corrosion-companion/internal/files"
 	"github.com/vigilcyber/corrosion-companion/internal/process"
+	"github.com/vigilcyber/corrosion-companion/internal/rcon"
 	"github.com/vigilcyber/corrosion-companion/internal/update"
 )
 
@@ -25,6 +27,8 @@ type DaemonConfig struct {
 	GameServerArgs    string
 	Version           string
 	InstallDir        string
+	RconPort          int
+	RconPassword      string
 }
 
 // Daemon manages the companion agent's main operations
@@ -36,6 +40,7 @@ type Daemon struct {
 	fm              *filemanager.FileManager
 	updater         *update.Updater
 	deployer        *deploy.Deployer
+	oxideInstaller  *oxide.OxideInstaller
 	subscriptions   []*nats.Subscription
 }
 
@@ -53,6 +58,7 @@ type HeartbeatPayload struct {
 	OS              string  `json:"os"`
 	Arch            string  `json:"arch"`
 	ServerInstalled bool    `json:"server_installed"`
+	OxideInstalled  bool    `json:"oxide_installed"`
 }
 
 // gameServerAdapter wraps process.GameServer to satisfy deploy.GameServerStarter
@@ -71,6 +77,15 @@ func (a *gameServerAdapter) UpdatePath(path string) {
 	*a.gs = *process.NewGameServer(path, a.cfg.GameServerArgs)
 }
 
+// restartAdapter wraps process.GameServer to satisfy oxide.GameServerRestarter
+type restartAdapter struct {
+	gs *process.GameServer
+}
+
+func (a *restartAdapter) Restart() error {
+	return a.gs.Restart()
+}
+
 // NewDaemon creates a new daemon instance
 func NewDaemon(nc *nats.Conn, cfg *DaemonConfig) (*Daemon, error) {
 	gameServer := process.NewGameServer(cfg.GameServerPath, cfg.GameServerArgs)
@@ -79,6 +94,8 @@ func NewDaemon(nc *nats.Conn, cfg *DaemonConfig) (*Daemon, error) {
 	updater := update.NewUpdater(cfg.Version)
 	adapter := &gameServerAdapter{gs: gameServer, cfg: cfg}
 	deployer := deploy.NewDeployer(nc, cfg.LicenseID, cfg.InstallDir, adapter)
+	restarter := &restartAdapter{gs: gameServer}
+	oxideInst := oxide.NewOxideInstaller(nc, cfg.LicenseID, cfg.InstallDir, restarter)
 
 	d := &Daemon{
 		nc:             nc,
@@ -88,6 +105,7 @@ func NewDaemon(nc *nats.Conn, cfg *DaemonConfig) (*Daemon, error) {
 		fm:             fm,
 		updater:        updater,
 		deployer:       deployer,
+		oxideInstaller: oxideInst,
 	}
 
 	return d, nil
@@ -122,6 +140,11 @@ func (d *Daemon) Run(ctx context.Context) error {
 		return fmt.Errorf("failed to subscribe to deploy commands: %w", err)
 	}
 
+	// Subscribe to Oxide install commands
+	if err := d.subscribeOxideInstall(); err != nil {
+		return fmt.Errorf("failed to subscribe to oxide install commands: %w", err)
+	}
+
 	// Subscribe to file manager commands (VueFinder-compatible request-reply)
 	if err := d.subscribeFileManager(); err != nil {
 		return fmt.Errorf("failed to subscribe to file manager commands: %w", err)
@@ -156,6 +179,7 @@ func (d *Daemon) subscribeServerCommands() error {
 	sub, err := d.nc.Subscribe(subject, func(msg *nats.Msg) {
 		var cmd struct {
 			Action  string `json:"action"`
+			Command string `json:"command"`
 		}
 
 		if err := json.Unmarshal(msg.Data, &cmd); err != nil {
@@ -174,6 +198,24 @@ func (d *Daemon) subscribeServerCommands() error {
 			err = d.gameServer.Stop()
 		case "restart":
 			err = d.gameServer.Restart()
+		case "command":
+			if cmd.Command == "" {
+				d.respondError(msg, "invalid_command", "command field is required")
+				return
+			}
+			result, rconErr := rcon.SendCommand(d.cfg.RconPort, d.cfg.RconPassword, cmd.Command)
+			if rconErr != nil {
+				log.Printf("RCON command failed: %v", rconErr)
+				d.respondError(msg, "rcon_failed", rconErr.Error())
+			} else {
+				d.respondSuccess(msg, map[string]interface{}{
+					"action":   "command",
+					"command":  cmd.Command,
+					"response": result,
+					"status":   "success",
+				})
+			}
+			return
 		default:
 			err = fmt.Errorf("unknown action: %s", cmd.Action)
 		}
@@ -367,6 +409,38 @@ func (d *Daemon) subscribeFileManager() error {
 	return nil
 }
 
+// subscribeOxideInstall subscribes to Oxide installation commands
+func (d *Daemon) subscribeOxideInstall() error {
+	subject := fmt.Sprintf("corrosion.%s.cmd.oxide", d.cfg.LicenseID)
+
+	sub, err := d.nc.Subscribe(subject, func(msg *nats.Msg) {
+		log.Println("Received Oxide install command")
+
+		// Run installation in goroutine (it's long-running)
+		go func() {
+			if err := d.oxideInstaller.Install(); err != nil {
+				log.Printf("Oxide installation failed: %v", err)
+			} else {
+				log.Println("Oxide installation completed successfully")
+			}
+		}()
+
+		// Immediately acknowledge the command
+		d.respondSuccess(msg, map[string]interface{}{
+			"status":  "accepted",
+			"message": "Oxide installation started, progress will be published to oxide.status",
+		})
+	})
+
+	if err != nil {
+		return err
+	}
+
+	d.subscriptions = append(d.subscriptions, sub)
+	log.Printf("Subscribed to: %s", subject)
+	return nil
+}
+
 // handleFileOperation processes file operation requests
 func (d *Daemon) handleFileOperation(msg *nats.Msg) {
 	// Parse common fields
@@ -437,6 +511,7 @@ func (d *Daemon) publishHeartbeat() {
 		OS:              runtime.GOOS,
 		Arch:            runtime.GOARCH,
 		ServerInstalled: deploy.CheckServerInstalled(d.cfg.InstallDir),
+		OxideInstalled:  oxide.CheckOxideInstalled(d.cfg.InstallDir),
 	}
 
 	data, err := json.Marshal(payload)

companion-agent/internal/oxide/installer.go

@@ -0,0 +1,250 @@
+package oxide
+
+import (
+	"archive/zip"
+	"encoding/json"
+	"fmt"
+	"io"
+	"log"
+	"net/http"
+	"os"
+	"path/filepath"
+	"strings"
+	"time"
+
+	"github.com/nats-io/nats.go"
+)
+
+// GameServerRestarter abstracts the game server process manager so the installer
+// can restart the server after extracting Oxide files.
+type GameServerRestarter interface {
+	Restart() error
+}
+
+// OxideInstaller handles downloading and extracting Oxide/uMod over a Rust server installation.
+type OxideInstaller struct {
+	nc         *nats.Conn
+	licenseID  string
+	installDir string
+	gameServer GameServerRestarter
+}
+
+// NewOxideInstaller creates a new OxideInstaller instance.
+func NewOxideInstaller(nc *nats.Conn, licenseID, installDir string, gs GameServerRestarter) *OxideInstaller {
+	return &OxideInstaller{
+		nc:         nc,
+		licenseID:  licenseID,
+		installDir: installDir,
+		gameServer: gs,
+	}
+}
+
+// githubRelease represents the relevant fields from the GitHub Releases API response.
+type githubRelease struct {
+	TagName string        `json:"tag_name"`
+	Assets  []githubAsset `json:"assets"`
+}
+
+type githubAsset struct {
+	Name               string `json:"name"`
+	BrowserDownloadURL string `json:"browser_download_url"`
+}
+
+// Install performs the full Oxide installation pipeline:
+// 1. Fetch latest release info from GitHub
+// 2. Download the zip
+// 3. Extract over {installDir}/server/
+// 4. Restart the game server
+func (o *OxideInstaller) Install() error {
+	// Stage 1: Fetch latest release
+	log.Printf("Oxide: fetching latest release for license %s", o.licenseID)
+	o.publishStatus("fetching_release", 0, "Checking latest Oxide release...")
+
+	release, err := o.fetchLatestRelease()
+	if err != nil {
+		o.publishStatus("failed", 0, "Failed to fetch Oxide release info", err.Error())
+		return fmt.Errorf("fetch release failed: %w", err)
+	}
+
+	if len(release.Assets) == 0 {
+		err := fmt.Errorf("no assets found in release %s", release.TagName)
+		o.publishStatus("failed", 0, "No download assets in release", err.Error())
+		return err
+	}
+
+	downloadURL := release.Assets[0].BrowserDownloadURL
+	version := release.TagName
+	log.Printf("Oxide: latest version is %s, download URL: %s", version, downloadURL)
+	o.publishStatus("fetching_release", 100, fmt.Sprintf("Found Oxide %s", version))
+
+	// Stage 2: Download zip
+	log.Printf("Oxide: downloading %s", downloadURL)
+	o.publishStatus("downloading", 0, fmt.Sprintf("Downloading Oxide %s...", version))
+
+	tmpPath := filepath.Join(os.TempDir(), "oxide-latest.zip")
+	if err := o.downloadFile(downloadURL, tmpPath); err != nil {
+		o.publishStatus("failed", 0, "Failed to download Oxide", err.Error())
+		return fmt.Errorf("download failed: %w", err)
+	}
+	defer os.Remove(tmpPath)
+
+	log.Printf("Oxide: download complete")
+	o.publishStatus("downloading", 100, "Download complete")
+
+	// Stage 3: Extract over server directory
+	serverDir := filepath.Join(o.installDir, "server")
+	log.Printf("Oxide: extracting to %s", serverDir)
+	o.publishStatus("installing", 0, "Extracting Oxide over server directory...")
+
+	if err := o.extractZip(tmpPath, serverDir); err != nil {
+		o.publishStatus("failed", 0, "Failed to extract Oxide", err.Error())
+		return fmt.Errorf("extract failed: %w", err)
+	}
+
+	log.Printf("Oxide: extraction complete")
+	o.publishStatus("installing", 100, "Oxide files extracted")
+
+	// Stage 4: Restart server
+	log.Printf("Oxide: restarting server")
+	o.publishStatus("restarting", 0, "Restarting server to load Oxide...")
+
+	if err := o.gameServer.Restart(); err != nil {
+		o.publishStatus("failed", 0, "Server restart failed", err.Error())
+		return fmt.Errorf("server restart failed: %w", err)
+	}
+
+	log.Printf("Oxide: server restarted, installation complete")
+	o.publishStatus("complete", 100, fmt.Sprintf("Oxide %s installed successfully", version))
+
+	return nil
+}
+
+// fetchLatestRelease queries the GitHub API for the latest Oxide.Rust release.
+func (o *OxideInstaller) fetchLatestRelease() (*githubRelease, error) {
+	client := &http.Client{Timeout: 30 * time.Second}
+
+	resp, err := client.Get("https://api.github.com/repos/OxideMod/Oxide.Rust/releases/latest")
+	if err != nil {
+		return nil, fmt.Errorf("GitHub API request failed: %w", err)
+	}
+	defer resp.Body.Close()
+
+	if resp.StatusCode != http.StatusOK {
+		return nil, fmt.Errorf("GitHub API returned status %d", resp.StatusCode)
+	}
+
+	var release githubRelease
+	if err := json.NewDecoder(resp.Body).Decode(&release); err != nil {
+		return nil, fmt.Errorf("failed to parse GitHub API response: %w", err)
+	}
+
+	return &release, nil
+}
+
+// downloadFile downloads a URL to a local file path.
+func (o *OxideInstaller) downloadFile(url, destPath string) error {
+	client := &http.Client{Timeout: 5 * time.Minute}
+
+	resp, err := client.Get(url)
+	if err != nil {
+		return fmt.Errorf("HTTP GET failed: %w", err)
+	}
+	defer resp.Body.Close()
+
+	if resp.StatusCode != http.StatusOK {
+		return fmt.Errorf("download returned status %d", resp.StatusCode)
+	}
+
+	out, err := os.Create(destPath)
+	if err != nil {
+		return fmt.Errorf("failed to create file %s: %w", destPath, err)
+	}
+	defer out.Close()
+
+	if _, err := io.Copy(out, resp.Body); err != nil {
+		return fmt.Errorf("failed to write download: %w", err)
+	}
+
+	return nil
+}
+
+// extractZip extracts a zip file to a destination directory, overwriting existing files.
+// This is used to overlay Oxide's DLLs over the Rust server's Managed directory
+// and create the oxide/ folder structure.
+func (o *OxideInstaller) extractZip(zipPath, destDir string) error {
+	r, err := zip.OpenReader(zipPath)
+	if err != nil {
+		return fmt.Errorf("failed to open zip: %w", err)
+	}
+	defer r.Close()
+
+	for _, f := range r.File {
+		targetPath := filepath.Join(destDir, f.Name)
+
+		// Security: prevent path traversal
+		if !strings.HasPrefix(targetPath, filepath.Clean(destDir)+string(os.PathSeparator)) && targetPath != filepath.Clean(destDir) {
+			log.Printf("Oxide: skipping potentially unsafe path: %s", f.Name)
+			continue
+		}
+
+		if f.FileInfo().IsDir() {
+			if err := os.MkdirAll(targetPath, 0755); err != nil {
+				return fmt.Errorf("failed to create directory %s: %w", targetPath, err)
+			}
+			continue
+		}
+
+		// Ensure parent directory exists
+		if err := os.MkdirAll(filepath.Dir(targetPath), 0755); err != nil {
+			return fmt.Errorf("failed to create parent directory for %s: %w", targetPath, err)
+		}
+
+		outFile, err := os.OpenFile(targetPath, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, f.Mode())
+		if err != nil {
+			return fmt.Errorf("failed to create file %s: %w", targetPath, err)
+		}
+
+		rc, err := f.Open()
+		if err != nil {
+			outFile.Close()
+			return fmt.Errorf("failed to open zip entry %s: %w", f.Name, err)
+		}
+
+		_, err = io.Copy(outFile, rc)
+		rc.Close()
+		outFile.Close()
+
+		if err != nil {
+			return fmt.Errorf("failed to extract %s: %w", f.Name, err)
+		}
+	}
+
+	return nil
+}
+
+// publishStatus publishes an OxideStatus message to NATS. Publish errors are logged
+// but do not fail the installation — losing a progress update is not fatal.
+func (o *OxideInstaller) publishStatus(stage string, progress int, message string, errDetail ...string) {
+	subject := fmt.Sprintf("corrosion.%s.oxide.status", o.licenseID)
+
+	status := OxideStatus{
+		Stage:     stage,
+		Progress:  progress,
+		Message:   message,
+		Timestamp: time.Now().UTC().Format(time.RFC3339),
+	}
+
+	if len(errDetail) > 0 && errDetail[0] != "" {
+		status.Error = errDetail[0]
+	}
+
+	data, err := json.Marshal(status)
+	if err != nil {
+		log.Printf("Failed to marshal oxide status: %v", err)
+		return
+	}
+
+	if err := o.nc.Publish(subject, data); err != nil {
+		log.Printf("Failed to publish oxide status to %s: %v", subject, err)
+	}
+}

companion-agent/internal/oxide/status.go

@@ -0,0 +1,31 @@
+package oxide
+
+import (
+	"os"
+	"path/filepath"
+)
+
+// OxideStatus represents a progress update published to NATS during Oxide installation.
+// The frontend listens on corrosion.{license_id}.oxide.status for these messages.
+type OxideStatus struct {
+	Stage     string `json:"stage"`
+	Progress  int    `json:"progress"`
+	Message   string `json:"message"`
+	Error     string `json:"error,omitempty"`
+	Timestamp string `json:"timestamp"`
+}
+
+// Valid installation stages:
+//   fetching_release - Querying GitHub API for latest Oxide.Rust release
+//   downloading      - Downloading the Oxide zip file
+//   installing       - Extracting zip over server directory
+//   restarting       - Restarting the game server to load Oxide
+//   complete         - Oxide installation finished successfully
+//   failed           - Installation failed at some stage
+
+// CheckOxideInstalled returns true if the oxide/ directory exists in the
+// server installation directory, indicating that Oxide/uMod has been installed.
+func CheckOxideInstalled(installDir string) bool {
+	_, err := os.Stat(filepath.Join(installDir, "server", "oxide"))
+	return err == nil
+}

companion-agent/internal/rcon/client.go

@@ -0,0 +1,80 @@
+package rcon
+
+import (
+	"encoding/json"
+	"fmt"
+	"net/url"
+	"time"
+
+	"github.com/gorilla/websocket"
+)
+
+// RconRequest is the JSON payload sent to Rust's WebRCON.
+type RconRequest struct {
+	Identifier int    `json:"Identifier"`
+	Message    string `json:"Message"`
+	Name       string `json:"Name"`
+}
+
+// RconResponse is the JSON payload received from Rust's WebRCON.
+type RconResponse struct {
+	Identifier int    `json:"Identifier"`
+	Message    string `json:"Message"`
+	Type       string `json:"Type"`
+}
+
+// SendCommand opens a WebSocket to the Rust server's RCON port, sends
+// a single command, reads the response, and closes the connection.
+func SendCommand(port int, password string, command string) (string, error) {
+	u := url.URL{
+		Scheme: "ws",
+		Host:   fmt.Sprintf("127.0.0.1:%d", port),
+		Path:   fmt.Sprintf("/%s", password),
+	}
+
+	dialer := websocket.Dialer{
+		HandshakeTimeout: 5 * time.Second,
+	}
+
+	conn, _, err := dialer.Dial(u.String(), nil)
+	if err != nil {
+		return "", fmt.Errorf("rcon dial failed: %w", err)
+	}
+	defer conn.Close()
+
+	// Set read deadline
+	conn.SetReadDeadline(time.Now().Add(10 * time.Second))
+
+	req := RconRequest{
+		Identifier: 1,
+		Message:    command,
+		Name:       "Corrosion",
+	}
+
+	data, err := json.Marshal(req)
+	if err != nil {
+		return "", fmt.Errorf("rcon marshal failed: %w", err)
+	}
+
+	if err := conn.WriteMessage(websocket.TextMessage, data); err != nil {
+		return "", fmt.Errorf("rcon write failed: %w", err)
+	}
+
+	// Read response — may get multiple messages (Generic, Warning, etc.)
+	// We want the first response with our Identifier.
+	for {
+		_, message, err := conn.ReadMessage()
+		if err != nil {
+			return "", fmt.Errorf("rcon read failed: %w", err)
+		}
+
+		var resp RconResponse
+		if err := json.Unmarshal(message, &resp); err != nil {
+			continue // skip unparseable messages
+		}
+
+		if resp.Identifier == req.Identifier {
+			return resp.Message, nil
+		}
+	}
+}

frontend/src/components/layout/DashboardLayout.vue

@@ -37,25 +37,59 @@ const auth = useAuthStore()
 const server = useServerStore()
 const sidebarOpen = ref(false)
 
-const navItems = [
+type NavItem = { name: string; path: string; icon: any; permission: string | null }
+type NavSection = { label: string; items: NavItem[] }
+
+const navSections: NavSection[] = [
+  {
+    label: '',
+    items: [
       { name: 'Dashboard', path: '/', icon: LayoutDashboard, permission: null },
+    ],
+  },
+  {
+    label: 'Server',
+    items: [
       { name: 'Server', path: '/server', icon: Server, permission: 'server.view' },
       { name: 'Console', path: '/console', icon: Terminal, permission: 'console.view' },
       { name: 'Players', path: '/players', icon: Users, permission: 'players.view' },
       { name: 'Plugins', path: '/plugins', icon: Puzzle, permission: 'plugins.view' },
       { name: 'File Manager', path: '/files', icon: FolderOpen, permission: 'files.view' },
+    ],
+  },
+  {
+    label: 'Plugin Configs',
+    items: [
+      { name: 'Plugin Configs', path: '/plugin-configs', icon: Puzzle, permission: null },
+    ],
+  },
+  {
+    label: 'Operations',
+    items: [
       { name: 'Auto-Wiper', path: '/wipes', icon: RefreshCw, permission: 'wipes.view' },
       { name: 'Maps', path: '/maps', icon: Map, permission: 'maps.view' },
+      { name: 'Schedules', path: '/schedules', icon: Clock, permission: 'schedules.view' },
+    ],
+  },
+  {
+    label: 'Monitoring',
+    items: [
       { name: 'Chat Log', path: '/chat', icon: MessageSquare, permission: 'chat.view' },
       { name: 'Analytics', path: '/analytics', icon: BarChart3, permission: 'analytics.view' },
-  { name: 'Schedules', path: '/schedules', icon: Clock, permission: 'schedules.view' },
       { name: 'Alerts', path: '/alerts', icon: AlertTriangle, permission: 'alerts.view' },
       { name: 'Notifications', path: '/notifications', icon: Bell, permission: 'notifications.view' },
+    ],
+  },
+  {
+    label: 'Management',
+    items: [
       { name: 'Team', path: '/team', icon: UserPlus, permission: null },
       { name: 'Store', path: '/store/config', icon: ShoppingBag, permission: 'store.view' },
       { name: 'Modules', path: '/modules', icon: Package, permission: 'modules.view' },
       { name: 'Changelog', path: '/changelog', icon: FileText, permission: 'changelog.view' },
       { name: 'Settings', path: '/settings', icon: Settings, permission: 'settings.view' },
+    ],
+  },
 ]
 
 const adminNavItems = [
@@ -80,10 +114,14 @@ function closeSidebar() {
   sidebarOpen.value = false
 }
 
-function canShowNavItem(item: typeof navItems[0]): boolean {
+function canShowNavItem(item: NavItem): boolean {
   if (!item.permission) return true
   return auth.hasPermission(item.permission)
 }
+
+function hasVisibleItems(section: NavSection): boolean {
+  return section.items.some(canShowNavItem)
+}
 </script>
 
 <template>
@@ -105,7 +143,7 @@ function canShowNavItem(item: typeof navItems[0]): boolean {
 
     <!-- Sidebar -->
     <aside
-      class="w-64 bg-neutral-900 border-r border-neutral-800 flex flex-col fixed md:static inset-y-0 left-0 z-50 transform transition-transform"
+      class="w-64 bg-neutral-900 border-r border-neutral-800 flex flex-col fixed inset-y-0 left-0 z-50 transform transition-transform"
       :class="sidebarOpen ? 'translate-x-0' : '-translate-x-full md:translate-x-0'"
     >
       <!-- Logo -->
@@ -146,8 +184,16 @@ function canShowNavItem(item: typeof navItems[0]): boolean {
 
       <!-- Navigation -->
       <nav class="flex-1 overflow-y-auto py-2">
+        <template v-for="section in navSections" :key="section.label">
+          <template v-if="hasVisibleItems(section)">
+            <!-- Section Header -->
+            <div v-if="section.label" class="mt-4 mb-1 px-4">
+              <span class="text-[10px] font-semibold uppercase tracking-widest text-neutral-500">{{ section.label }}</span>
+            </div>
+
+            <!-- Section Items -->
             <RouterLink
-          v-for="item in navItems"
+              v-for="item in section.items"
               v-show="canShowNavItem(item)"
               :key="item.path"
               :to="item.path"
@@ -160,15 +206,13 @@ function canShowNavItem(item: typeof navItems[0]): boolean {
               <component :is="item.icon" class="w-4 h-4" />
               {{ item.name }}
             </RouterLink>
+          </template>
+        </template>
 
         <!-- Platform Admin Section (super-admin only) -->
         <template v-if="auth.isSuperAdmin">
-          <div class="mt-4 mb-2 px-4">
-            <div class="flex items-center gap-2">
-              <div class="flex-1 border-t border-neutral-700" />
+          <div class="mt-4 mb-1 px-4">
             <span class="text-[10px] font-semibold uppercase tracking-widest text-oxide-500">Platform</span>
-              <div class="flex-1 border-t border-neutral-700" />
-            </div>
           </div>
           <RouterLink
             v-for="item in adminNavItems"
@@ -203,8 +247,8 @@ function canShowNavItem(item: typeof navItems[0]): boolean {
       </div>
     </aside>
 
-    <!-- Main Content -->
-    <main class="flex-1 overflow-y-auto md:ml-0">
+    <!-- Main Content (offset by sidebar width on desktop) -->
+    <main class="flex-1 overflow-y-auto md:pl-64">
       <RouterView />
     </main>
   </div>

frontend/src/components/loot/LootContainerSidebar.vue

@@ -0,0 +1,103 @@
+<script setup lang="ts">
+import { ref, computed } from 'vue'
+import { rustContainers, containerCategories } from '@/data/rust-containers'
+import { Search, Box, Cylinder, Shield, Users, HelpCircle } from 'lucide-vue-next'
+
+const props = defineProps<{
+  lootTable: Record<string, any>
+  selected: string | null
+}>()
+
+const emit = defineEmits<{
+  select: [prefab: string]
+}>()
+
+const searchQuery = ref('')
+
+const categoryIcons: Record<string, any> = {
+  crates: Box,
+  barrels: Cylinder,
+  military: Shield,
+  npcs: Users,
+  other: HelpCircle,
+}
+
+const categoryLabels: Record<string, string> = {
+  crates: 'CRATES',
+  barrels: 'BARRELS',
+  military: 'MILITARY',
+  npcs: 'NPCs',
+  other: 'OTHER',
+}
+
+const filteredContainers = computed(() => {
+  const q = searchQuery.value.toLowerCase()
+  if (!q) return rustContainers
+  return rustContainers.filter(c => c.name.toLowerCase().includes(q) || c.prefab.toLowerCase().includes(q))
+})
+
+const groupedContainers = computed(() => {
+  const groups: Record<string, typeof rustContainers> = {}
+  for (const cat of containerCategories) {
+    const items = filteredContainers.value.filter(c => c.category === cat)
+    if (items.length > 0) groups[cat] = items
+  }
+  return groups
+})
+
+function isConfigured(prefab: string): boolean {
+  const entry = props.lootTable[prefab]
+  if (!entry) return false
+  const hasItems = entry.UngroupedItems && Object.keys(entry.UngroupedItems).length > 0
+  const hasGuaranteed = entry.GuaranteedItems && Object.keys(entry.GuaranteedItems).length > 0
+  const hasProfiles = entry.LootProfiles && entry.LootProfiles.length > 0
+  return hasItems || hasGuaranteed || hasProfiles
+}
+</script>
+
+<template>
+  <div class="w-64 shrink-0 bg-neutral-900 border border-neutral-800 rounded-xl overflow-hidden flex flex-col">
+    <!-- Search -->
+    <div class="p-3 border-b border-neutral-800">
+      <div class="relative">
+        <Search class="absolute left-3 top-1/2 -translate-y-1/2 w-4 h-4 text-neutral-500" />
+        <input
+          v-model="searchQuery"
+          placeholder="Search containers..."
+          class="w-full bg-neutral-800 border border-neutral-700 rounded-lg pl-9 pr-3 py-2 text-sm text-neutral-200 placeholder-neutral-500"
+        />
+      </div>
+    </div>
+
+    <!-- Container List -->
+    <div class="flex-1 overflow-y-auto py-2">
+      <template v-for="(containers, category) in groupedContainers" :key="category">
+        <div class="px-3 pt-3 pb-1">
+          <div class="flex items-center gap-2 text-[10px] font-semibold uppercase tracking-widest text-neutral-500">
+            <component :is="categoryIcons[category]" class="w-3 h-3" />
+            {{ categoryLabels[category] || category }}
+          </div>
+        </div>
+        <button
+          v-for="c in containers"
+          :key="c.prefab"
+          @click="emit('select', c.prefab)"
+          class="w-full text-left px-3 py-1.5 text-sm flex items-center gap-2 transition-colors"
+          :class="selected === c.prefab
+            ? 'bg-oxide-500/10 text-oxide-400'
+            : 'text-neutral-400 hover:bg-neutral-800 hover:text-neutral-200'"
+        >
+          <span class="truncate flex-1">{{ c.name }}</span>
+          <span
+            v-if="isConfigured(c.prefab)"
+            class="w-1.5 h-1.5 rounded-full bg-oxide-500 shrink-0"
+          />
+        </button>
+      </template>
+
+      <div v-if="Object.keys(groupedContainers).length === 0" class="px-3 py-6 text-center text-neutral-500 text-sm">
+        No containers match
+      </div>
+    </div>
+  </div>
+</template>

frontend/src/components/loot/LootGroupEditor.vue

@@ -0,0 +1,184 @@
+<script setup lang="ts">
+import { ref, computed } from 'vue'
+import { rustItems } from '@/data/rust-items'
+import { Plus, Trash2, ChevronDown, ChevronRight } from 'lucide-vue-next'
+import type { LootGroupProfile } from '@/types'
+
+const props = defineProps<{
+  lootGroups: Record<string, any>
+}>()
+
+const emit = defineEmits<{
+  dirty: []
+}>()
+
+const expandedGroup = ref<string | null>(null)
+const newGroupName = ref('')
+
+const groupEntries = computed(() => {
+  return Object.entries(props.lootGroups).map(([name, data]) => ({
+    name,
+    data: data as LootGroupProfile,
+    itemCount: data?.ItemList ? Object.keys(data.ItemList).length : 0,
+  }))
+})
+
+function toggleGroup(name: string) {
+  expandedGroup.value = expandedGroup.value === name ? null : name
+}
+
+function addGroup() {
+  const name = newGroupName.value.trim()
+  if (!name || props.lootGroups[name]) return
+  props.lootGroups[name] = {
+    Enabled: true,
+    GuaranteedItems: {},
+    ItemList: {},
+  }
+  newGroupName.value = ''
+  expandedGroup.value = name
+  emit('dirty')
+}
+
+function deleteGroup(name: string) {
+  if (!confirm(`Delete group "${name}"?`)) return
+  delete props.lootGroups[name]
+  if (expandedGroup.value === name) expandedGroup.value = null
+  emit('dirty')
+}
+
+function getItemName(shortname: string): string {
+  return rustItems.find(i => i.shortname === shortname)?.name || shortname
+}
+
+function removeItemFromGroup(groupName: string, shortname: string) {
+  delete props.lootGroups[groupName].ItemList[shortname]
+  emit('dirty')
+}
+
+function updateGroupItemField(groupName: string, shortname: string, field: string, value: number) {
+  if (props.lootGroups[groupName]?.ItemList?.[shortname]) {
+    props.lootGroups[groupName].ItemList[shortname][field] = value
+    emit('dirty')
+  }
+}
+</script>
+
+<template>
+  <div class="space-y-4">
+    <!-- Add Group -->
+    <div class="bg-neutral-900 border border-neutral-800 rounded-xl p-4">
+      <div class="flex gap-2">
+        <input
+          v-model="newGroupName"
+          placeholder="New group name..."
+          class="flex-1 bg-neutral-800 border border-neutral-700 rounded-lg px-3 py-2 text-sm text-neutral-200"
+          @keydown.enter="addGroup"
+        />
+        <button
+          @click="addGroup"
+          :disabled="!newGroupName.trim()"
+          class="flex items-center gap-1 px-3 py-2 bg-oxide-500 text-white rounded-lg hover:bg-oxide-600 disabled:opacity-50 text-sm"
+        >
+          <Plus class="w-4 h-4" />
+          Add Group
+        </button>
+      </div>
+    </div>
+
+    <!-- Group List -->
+    <div v-if="groupEntries.length === 0" class="bg-neutral-900 border border-neutral-800 rounded-xl p-8 text-center text-neutral-500 text-sm">
+      No loot groups defined. Groups let you create reusable item pools that can be assigned to multiple containers.
+    </div>
+
+    <div
+      v-for="entry in groupEntries"
+      :key="entry.name"
+      class="bg-neutral-900 border border-neutral-800 rounded-xl overflow-hidden"
+    >
+      <!-- Group Header -->
+      <button
+        @click="toggleGroup(entry.name)"
+        class="w-full flex items-center justify-between px-4 py-3 hover:bg-neutral-800/50 transition-colors"
+      >
+        <div class="flex items-center gap-3">
+          <component
+            :is="expandedGroup === entry.name ? ChevronDown : ChevronRight"
+            class="w-4 h-4 text-neutral-500"
+          />
+          <span class="text-neutral-200 font-medium">{{ entry.name }}</span>
+          <span class="text-xs text-neutral-500">{{ entry.itemCount }} items</span>
+        </div>
+        <button
+          @click.stop="deleteGroup(entry.name)"
+          class="text-neutral-600 hover:text-red-400 transition-colors p-1"
+        >
+          <Trash2 class="w-4 h-4" />
+        </button>
+      </button>
+
+      <!-- Group Items -->
+      <div v-if="expandedGroup === entry.name" class="border-t border-neutral-800 p-4">
+        <table v-if="entry.itemCount > 0" class="w-full text-sm">
+          <thead>
+            <tr class="border-b border-neutral-800">
+              <th class="text-left py-2 px-2 text-neutral-500 font-medium">Item</th>
+              <th class="text-center py-2 px-2 text-neutral-500 font-medium w-20">Min</th>
+              <th class="text-center py-2 px-2 text-neutral-500 font-medium w-20">Max</th>
+              <th class="text-center py-2 px-2 text-neutral-500 font-medium w-24">Prob %</th>
+              <th class="w-10"></th>
+            </tr>
+          </thead>
+          <tbody>
+            <tr
+              v-for="(itemData, shortname) in entry.data.ItemList"
+              :key="shortname"
+              class="border-b border-neutral-800/50"
+            >
+              <td class="py-2 px-2 text-neutral-200">{{ getItemName(shortname as string) }}</td>
+              <td class="py-2 px-2">
+                <input
+                  type="number"
+                  :value="(itemData as any).Min ?? 1"
+                  @input="updateGroupItemField(entry.name, shortname as string, 'Min', Number(($event.target as HTMLInputElement).value))"
+                  class="w-full bg-neutral-800 border border-neutral-700 rounded px-2 py-1 text-center text-neutral-200"
+                  min="0"
+                />
+              </td>
+              <td class="py-2 px-2">
+                <input
+                  type="number"
+                  :value="(itemData as any).Max ?? 1"
+                  @input="updateGroupItemField(entry.name, shortname as string, 'Max', Number(($event.target as HTMLInputElement).value))"
+                  class="w-full bg-neutral-800 border border-neutral-700 rounded px-2 py-1 text-center text-neutral-200"
+                  min="0"
+                />
+              </td>
+              <td class="py-2 px-2">
+                <input
+                  type="number"
+                  :value="(itemData as any).Probability ?? 100"
+                  @input="updateGroupItemField(entry.name, shortname as string, 'Probability', Number(($event.target as HTMLInputElement).value))"
+                  class="w-full bg-neutral-800 border border-neutral-700 rounded px-2 py-1 text-center text-neutral-200"
+                  min="0"
+                  max="100"
+                />
+              </td>
+              <td class="py-2 px-2">
+                <button
+                  @click="removeItemFromGroup(entry.name, shortname as string)"
+                  class="text-neutral-600 hover:text-red-400"
+                >
+                  <Trash2 class="w-4 h-4" />
+                </button>
+              </td>
+            </tr>
+          </tbody>
+        </table>
+        <p v-else class="text-neutral-500 text-sm text-center py-4">
+          No items in this group yet. Add items from the container editor.
+        </p>
+      </div>
+    </div>
+  </div>
+</template>

frontend/src/components/loot/LootItemEditor.vue

@@ -0,0 +1,232 @@
+<script setup lang="ts">
+import { computed } from 'vue'
+import { rustItems } from '@/data/rust-items'
+import { rustContainers } from '@/data/rust-containers'
+import { Trash2, Plus, Settings2 } from 'lucide-vue-next'
+import type { PrefabLoot } from '@/types'
+
+const props = defineProps<{
+  containerKey: string
+  lootTable: Record<string, any>
+}>()
+
+const emit = defineEmits<{
+  dirty: []
+  'add-item': []
+}>()
+
+const containerName = computed(() => {
+  const c = rustContainers.find(c => c.prefab === props.containerKey)
+  return c?.name || props.containerKey.split('/').pop()?.replace('.prefab', '') || 'Unknown'
+})
+
+const containerData = computed<PrefabLoot | null>(() => {
+  return props.lootTable[props.containerKey] || null
+})
+
+function ensureContainer() {
+  if (!props.lootTable[props.containerKey]) {
+    props.lootTable[props.containerKey] = {
+      Enabled: true,
+      LootProfiles: [],
+      GuaranteedItems: {},
+      UngroupedItems: {},
+      ItemSettings: { ItemsMin: 1, ItemsMax: 6, MinScrap: 0, MaxScrap: 0 },
+    }
+    emit('dirty')
+  }
+}
+
+function getItemName(shortname: string): string {
+  return rustItems.find(i => i.shortname === shortname)?.name || shortname
+}
+
+function updateItemField(shortname: string, field: string, value: number) {
+  ensureContainer()
+  const items = props.lootTable[props.containerKey].UngroupedItems
+  if (items[shortname]) {
+    items[shortname][field] = value
+    emit('dirty')
+  }
+}
+
+function updateSettings(field: string, value: number) {
+  ensureContainer()
+  props.lootTable[props.containerKey].ItemSettings[field] = value
+  emit('dirty')
+}
+
+function toggleEnabled() {
+  ensureContainer()
+  props.lootTable[props.containerKey].Enabled = !props.lootTable[props.containerKey].Enabled
+  emit('dirty')
+}
+
+function removeItem(shortname: string) {
+  if (!containerData.value?.UngroupedItems) return
+  delete props.lootTable[props.containerKey].UngroupedItems[shortname]
+  emit('dirty')
+}
+
+const ungroupedItems = computed(() => {
+  if (!containerData.value?.UngroupedItems) return []
+  return Object.entries(containerData.value.UngroupedItems).map(([shortname, data]) => ({
+    shortname,
+    name: getItemName(shortname),
+    ...(data as any),
+  }))
+})
+</script>
+
+<template>
+  <div class="space-y-4">
+    <!-- Container Header -->
+    <div class="bg-neutral-900 border border-neutral-800 rounded-xl p-4">
+      <div class="flex items-center justify-between mb-4">
+        <div class="flex items-center gap-3">
+          <h2 class="text-lg font-semibold text-neutral-100">{{ containerName }}</h2>
+          <label class="flex items-center gap-2 cursor-pointer">
+            <input
+              type="checkbox"
+              :checked="containerData?.Enabled ?? true"
+              @change="toggleEnabled"
+              class="rounded bg-neutral-800 border-neutral-600 text-oxide-500 focus:ring-oxide-500"
+            />
+            <span class="text-sm text-neutral-400">Enabled</span>
+          </label>
+        </div>
+        <div class="flex items-center gap-2">
+          <Settings2 class="w-4 h-4 text-neutral-500" />
+          <span class="text-xs text-neutral-500 font-mono">{{ containerKey.split('/').pop() }}</span>
+        </div>
+      </div>
+
+      <!-- Item Settings -->
+      <div class="grid grid-cols-4 gap-3" v-if="containerData">
+        <div>
+          <label class="block text-xs text-neutral-500 mb-1">Items Min</label>
+          <input
+            type="number"
+            :value="containerData.ItemSettings?.ItemsMin ?? 1"
+            @input="updateSettings('ItemsMin', Number(($event.target as HTMLInputElement).value))"
+            class="w-full bg-neutral-800 border border-neutral-700 rounded px-2 py-1 text-sm text-neutral-200"
+            min="0"
+          />
+        </div>
+        <div>
+          <label class="block text-xs text-neutral-500 mb-1">Items Max</label>
+          <input
+            type="number"
+            :value="containerData.ItemSettings?.ItemsMax ?? 6"
+            @input="updateSettings('ItemsMax', Number(($event.target as HTMLInputElement).value))"
+            class="w-full bg-neutral-800 border border-neutral-700 rounded px-2 py-1 text-sm text-neutral-200"
+            min="0"
+          />
+        </div>
+        <div>
+          <label class="block text-xs text-neutral-500 mb-1">Min Scrap</label>
+          <input
+            type="number"
+            :value="containerData.ItemSettings?.MinScrap ?? 0"
+            @input="updateSettings('MinScrap', Number(($event.target as HTMLInputElement).value))"
+            class="w-full bg-neutral-800 border border-neutral-700 rounded px-2 py-1 text-sm text-neutral-200"
+            min="0"
+          />
+        </div>
+        <div>
+          <label class="block text-xs text-neutral-500 mb-1">Max Scrap</label>
+          <input
+            type="number"
+            :value="containerData.ItemSettings?.MaxScrap ?? 0"
+            @input="updateSettings('MaxScrap', Number(($event.target as HTMLInputElement).value))"
+            class="w-full bg-neutral-800 border border-neutral-700 rounded px-2 py-1 text-sm text-neutral-200"
+            min="0"
+          />
+        </div>
+      </div>
+    </div>
+
+    <!-- Ungrouped Items Table -->
+    <div class="bg-neutral-900 border border-neutral-800 rounded-xl p-4">
+      <div class="flex items-center justify-between mb-3">
+        <h3 class="text-sm font-semibold text-neutral-300">Ungrouped Items</h3>
+        <button
+          @click="emit('add-item')"
+          class="flex items-center gap-1 px-3 py-1.5 bg-oxide-500/10 text-oxide-400 rounded-lg hover:bg-oxide-500/20 text-sm"
+        >
+          <Plus class="w-3.5 h-3.5" />
+          Add Item
+        </button>
+      </div>
+
+      <div v-if="ungroupedItems.length > 0" class="overflow-x-auto">
+        <table class="w-full text-sm">
+          <thead>
+            <tr class="border-b border-neutral-800">
+              <th class="text-left py-2 px-2 text-neutral-500 font-medium">Item</th>
+              <th class="text-center py-2 px-2 text-neutral-500 font-medium w-20">Min</th>
+              <th class="text-center py-2 px-2 text-neutral-500 font-medium w-20">Max</th>
+              <th class="text-center py-2 px-2 text-neutral-500 font-medium w-24">Prob %</th>
+              <th class="w-10"></th>
+            </tr>
+          </thead>
+          <tbody>
+            <tr
+              v-for="item in ungroupedItems"
+              :key="item.shortname"
+              class="border-b border-neutral-800/50 hover:bg-neutral-800/30"
+            >
+              <td class="py-2 px-2">
+                <div>
+                  <span class="text-neutral-200">{{ item.name }}</span>
+                  <span class="text-neutral-600 text-xs ml-2">{{ item.shortname }}</span>
+                </div>
+              </td>
+              <td class="py-2 px-2">
+                <input
+                  type="number"
+                  :value="item.Min"
+                  @input="updateItemField(item.shortname, 'Min', Number(($event.target as HTMLInputElement).value))"
+                  class="w-full bg-neutral-800 border border-neutral-700 rounded px-2 py-1 text-center text-neutral-200"
+                  min="0"
+                />
+              </td>
+              <td class="py-2 px-2">
+                <input
+                  type="number"
+                  :value="item.Max"
+                  @input="updateItemField(item.shortname, 'Max', Number(($event.target as HTMLInputElement).value))"
+                  class="w-full bg-neutral-800 border border-neutral-700 rounded px-2 py-1 text-center text-neutral-200"
+                  min="0"
+                />
+              </td>
+              <td class="py-2 px-2">
+                <input
+                  type="number"
+                  :value="item.Probability ?? 100"
+                  @input="updateItemField(item.shortname, 'Probability', Number(($event.target as HTMLInputElement).value))"
+                  class="w-full bg-neutral-800 border border-neutral-700 rounded px-2 py-1 text-center text-neutral-200"
+                  min="0"
+                  max="100"
+                />
+              </td>
+              <td class="py-2 px-2">
+                <button
+                  @click="removeItem(item.shortname)"
+                  class="text-neutral-600 hover:text-red-400 transition-colors"
+                >
+                  <Trash2 class="w-4 h-4" />
+                </button>
+              </td>
+            </tr>
+          </tbody>
+        </table>
+      </div>
+
+      <div v-else class="text-center py-6 text-neutral-500 text-sm">
+        No items configured for this container.
+        <button @click="emit('add-item')" class="text-oxide-400 hover:underline ml-1">Add one</button>
+      </div>
+    </div>
+  </div>
+</template>

frontend/src/components/loot/LootItemPicker.vue

@@ -0,0 +1,88 @@
+<script setup lang="ts">
+import { ref, computed } from 'vue'
+import { rustItems, itemCategories } from '@/data/rust-items'
+import { Search, X } from 'lucide-vue-next'
+
+const emit = defineEmits<{
+  select: [shortname: string]
+  close: []
+}>()
+
+const searchQuery = ref('')
+const selectedCategory = ref<string>('all')
+
+const filteredItems = computed(() => {
+  let items = rustItems
+  if (selectedCategory.value !== 'all') {
+    items = items.filter(i => i.category === selectedCategory.value)
+  }
+  const q = searchQuery.value.toLowerCase()
+  if (q) {
+    items = items.filter(i => i.name.toLowerCase().includes(q) || i.shortname.toLowerCase().includes(q))
+  }
+  return items
+})
+</script>
+
+<template>
+  <div class="fixed inset-0 bg-black/60 z-50 flex items-center justify-center p-4" @click.self="emit('close')">
+    <div class="bg-neutral-900 border border-neutral-800 rounded-xl w-full max-w-2xl max-h-[80vh] flex flex-col">
+      <!-- Header -->
+      <div class="p-4 border-b border-neutral-800 flex items-center justify-between">
+        <h2 class="text-lg font-semibold text-neutral-100">Add Item</h2>
+        <button @click="emit('close')" class="text-neutral-500 hover:text-neutral-300">
+          <X class="w-5 h-5" />
+        </button>
+      </div>
+
+      <!-- Search + Filter -->
+      <div class="p-4 space-y-3 border-b border-neutral-800">
+        <div class="relative">
+          <Search class="absolute left-3 top-1/2 -translate-y-1/2 w-4 h-4 text-neutral-500" />
+          <input
+            v-model="searchQuery"
+            placeholder="Search items..."
+            class="w-full bg-neutral-800 border border-neutral-700 rounded-lg pl-9 pr-3 py-2 text-sm text-neutral-200"
+            autofocus
+          />
+        </div>
+        <div class="flex flex-wrap gap-1">
+          <button
+            @click="selectedCategory = 'all'"
+            class="px-2 py-1 rounded text-xs"
+            :class="selectedCategory === 'all' ? 'bg-oxide-500 text-white' : 'bg-neutral-800 text-neutral-400 hover:text-neutral-200'"
+          >
+            All
+          </button>
+          <button
+            v-for="cat in itemCategories"
+            :key="cat"
+            @click="selectedCategory = cat"
+            class="px-2 py-1 rounded text-xs capitalize"
+            :class="selectedCategory === cat ? 'bg-oxide-500 text-white' : 'bg-neutral-800 text-neutral-400 hover:text-neutral-200'"
+          >
+            {{ cat }}
+          </button>
+        </div>
+      </div>
+
+      <!-- Item Grid -->
+      <div class="flex-1 overflow-y-auto p-4">
+        <div class="grid grid-cols-2 sm:grid-cols-3 gap-2">
+          <button
+            v-for="item in filteredItems"
+            :key="item.shortname"
+            @click="emit('select', item.shortname)"
+            class="text-left px-3 py-2 bg-neutral-800 rounded-lg hover:bg-neutral-700 transition-colors group"
+          >
+            <div class="text-sm text-neutral-200 group-hover:text-oxide-400">{{ item.name }}</div>
+            <div class="text-xs text-neutral-500">{{ item.shortname }}</div>
+          </button>
+        </div>
+        <div v-if="filteredItems.length === 0" class="text-center py-8 text-neutral-500">
+          No items found
+        </div>
+      </div>
+    </div>
+  </div>
+</template>

frontend/src/components/teleport/PermissionGroupEditor.vue

@@ -0,0 +1,195 @@
+<script setup lang="ts">
+import { computed, ref } from 'vue'
+import { Plus, Trash2 } from 'lucide-vue-next'
+
+const props = defineProps<{
+  configData: Record<string, any>
+}>()
+
+const emit = defineEmits<{
+  'update:configData': [configData: Record<string, any>]
+}>()
+
+const newGroupName = ref('')
+
+// Merge all VIP maps by key name to compute the unified group list
+const groups = computed(() => {
+  const homesLimits: Record<string, number> = props.configData?.Home?.VIPHomesLimits || {}
+  const cooldowns: Record<string, number> = props.configData?.TPR?.VIPCooldowns || {}
+  const countdowns: Record<string, number> = props.configData?.TPR?.VIPCountdowns || {}
+  const dailyLimits: Record<string, number> = props.configData?.TPR?.VIPDailyLimits || {}
+
+  const allKeys = new Set([
+    ...Object.keys(homesLimits),
+    ...Object.keys(cooldowns),
+    ...Object.keys(countdowns),
+    ...Object.keys(dailyLimits),
+  ])
+
+  return Array.from(allKeys).map(name => ({
+    name,
+    homesLimit: homesLimits[name] ?? 5,
+    cooldown: cooldowns[name] ?? 300,
+    countdown: countdowns[name] ?? 5,
+    dailyLimit: dailyLimits[name] ?? 10,
+  }))
+})
+
+function ensurePaths(data: Record<string, any>) {
+  if (!data.Home) data.Home = {}
+  if (!data.Home.VIPHomesLimits) data.Home.VIPHomesLimits = {}
+  if (!data.TPR) data.TPR = {}
+  if (!data.TPR.VIPCooldowns) data.TPR.VIPCooldowns = {}
+  if (!data.TPR.VIPCountdowns) data.TPR.VIPCountdowns = {}
+  if (!data.TPR.VIPDailyLimits) data.TPR.VIPDailyLimits = {}
+}
+
+function addGroup() {
+  const name = newGroupName.value.trim()
+  if (!name) return
+  // Check if already exists
+  if (groups.value.some(g => g.name === name)) return
+
+  const updated = { ...props.configData }
+  ensurePaths(updated)
+  updated.Home.VIPHomesLimits[name] = 5
+  updated.TPR.VIPCooldowns[name] = 300
+  updated.TPR.VIPCountdowns[name] = 5
+  updated.TPR.VIPDailyLimits[name] = 10
+  emit('update:configData', updated)
+  newGroupName.value = ''
+}
+
+function removeGroup(name: string) {
+  if (!confirm(`Remove VIP group "${name}"?`)) return
+  const updated = { ...props.configData }
+  ensurePaths(updated)
+  delete updated.Home.VIPHomesLimits[name]
+  delete updated.TPR.VIPCooldowns[name]
+  delete updated.TPR.VIPCountdowns[name]
+  delete updated.TPR.VIPDailyLimits[name]
+  emit('update:configData', updated)
+}
+
+function updateField(groupName: string, field: string, value: number) {
+  const updated = { ...props.configData }
+  ensurePaths(updated)
+
+  switch (field) {
+    case 'homesLimit':
+      updated.Home.VIPHomesLimits[groupName] = value
+      break
+    case 'cooldown':
+      updated.TPR.VIPCooldowns[groupName] = value
+      break
+    case 'countdown':
+      updated.TPR.VIPCountdowns[groupName] = value
+      break
+    case 'dailyLimit':
+      updated.TPR.VIPDailyLimits[groupName] = value
+      break
+  }
+
+  emit('update:configData', updated)
+}
+</script>
+
+<template>
+  <div class="space-y-4">
+    <div class="flex items-center justify-between">
+      <h3 class="text-sm font-semibold text-neutral-300 uppercase tracking-wider">VIP Permission Groups</h3>
+    </div>
+
+    <!-- Add Group -->
+    <div class="flex gap-2">
+      <input
+        v-model="newGroupName"
+        placeholder="New group name (e.g. vip, vip+, mvp)..."
+        class="flex-1 bg-neutral-800 border border-neutral-700 rounded-lg px-3 py-2 text-sm text-neutral-200"
+        @keydown.enter="addGroup"
+      />
+      <button
+        @click="addGroup"
+        :disabled="!newGroupName.trim()"
+        class="flex items-center gap-1 px-3 py-2 bg-oxide-500 text-white rounded-lg hover:bg-oxide-600 disabled:opacity-50 text-sm"
+      >
+        <Plus class="w-4 h-4" />
+        Add Group
+      </button>
+    </div>
+
+    <!-- Empty State -->
+    <div v-if="groups.length === 0" class="bg-neutral-900 border border-neutral-800 rounded-xl p-8 text-center text-neutral-500 text-sm">
+      No VIP groups defined. Add groups to configure per-permission teleport limits, cooldowns, and countdowns.
+    </div>
+
+    <!-- Groups Table -->
+    <div v-else class="bg-neutral-900 border border-neutral-800 rounded-xl overflow-hidden">
+      <table class="w-full text-sm">
+        <thead>
+          <tr class="border-b border-neutral-800">
+            <th class="text-left py-3 px-4 text-neutral-500 font-medium">Group Name</th>
+            <th class="text-center py-3 px-4 text-neutral-500 font-medium w-28">Homes Limit</th>
+            <th class="text-center py-3 px-4 text-neutral-500 font-medium w-28">Cooldown (s)</th>
+            <th class="text-center py-3 px-4 text-neutral-500 font-medium w-28">Countdown (s)</th>
+            <th class="text-center py-3 px-4 text-neutral-500 font-medium w-28">Daily Limit</th>
+            <th class="w-12"></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr
+            v-for="group in groups"
+            :key="group.name"
+            class="border-b border-neutral-800/50"
+          >
+            <td class="py-3 px-4 text-neutral-200 font-medium">{{ group.name }}</td>
+            <td class="py-3 px-4">
+              <input
+                type="number"
+                :value="group.homesLimit"
+                @input="updateField(group.name, 'homesLimit', Number(($event.target as HTMLInputElement).value))"
+                class="w-full bg-neutral-800 border border-neutral-700 rounded px-2 py-1 text-center text-neutral-200"
+                min="0"
+              />
+            </td>
+            <td class="py-3 px-4">
+              <input
+                type="number"
+                :value="group.cooldown"
+                @input="updateField(group.name, 'cooldown', Number(($event.target as HTMLInputElement).value))"
+                class="w-full bg-neutral-800 border border-neutral-700 rounded px-2 py-1 text-center text-neutral-200"
+                min="0"
+              />
+            </td>
+            <td class="py-3 px-4">
+              <input
+                type="number"
+                :value="group.countdown"
+                @input="updateField(group.name, 'countdown', Number(($event.target as HTMLInputElement).value))"
+                class="w-full bg-neutral-800 border border-neutral-700 rounded px-2 py-1 text-center text-neutral-200"
+                min="0"
+              />
+            </td>
+            <td class="py-3 px-4">
+              <input
+                type="number"
+                :value="group.dailyLimit"
+                @input="updateField(group.name, 'dailyLimit', Number(($event.target as HTMLInputElement).value))"
+                class="w-full bg-neutral-800 border border-neutral-700 rounded px-2 py-1 text-center text-neutral-200"
+                min="0"
+              />
+            </td>
+            <td class="py-3 px-4">
+              <button
+                @click="removeGroup(group.name)"
+                class="text-neutral-600 hover:text-red-400 transition-colors p-1"
+              >
+                <Trash2 class="w-4 h-4" />
+              </button>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+    </div>
+  </div>
+</template>

frontend/src/components/teleport/WarpEditor.vue

@@ -0,0 +1,76 @@
+<script setup lang="ts">
+import { ref } from 'vue'
+import { Plus, Trash2 } from 'lucide-vue-next'
+
+const props = defineProps<{
+  warps: Record<string, { x: number; y: number; z: number }>
+}>()
+
+const emit = defineEmits<{
+  'update:warps': [warps: Record<string, { x: number; y: number; z: number }>]
+}>()
+
+const newWarpName = ref('')
+
+function addWarp() {
+  const name = newWarpName.value.trim()
+  if (!name || props.warps[name]) return
+  const updated = { ...props.warps, [name]: { x: 0, y: 0, z: 0 } }
+  emit('update:warps', updated)
+  newWarpName.value = ''
+}
+
+function removeWarp(name: string) {
+  const updated = { ...props.warps }
+  delete updated[name]
+  emit('update:warps', updated)
+}
+</script>
+
+<template>
+  <div class="space-y-4">
+    <h3 class="text-sm font-semibold text-neutral-300 uppercase tracking-wider">Warps</h3>
+
+    <!-- Add Warp -->
+    <div class="flex gap-2">
+      <input
+        v-model="newWarpName"
+        placeholder="Warp name..."
+        class="flex-1 bg-neutral-800 border border-neutral-700 rounded-lg px-3 py-2 text-sm text-neutral-200"
+        @keydown.enter="addWarp"
+      />
+      <button
+        @click="addWarp"
+        :disabled="!newWarpName.trim()"
+        class="flex items-center gap-1 px-3 py-2 bg-oxide-500 text-white rounded-lg hover:bg-oxide-600 disabled:opacity-50 text-sm"
+      >
+        <Plus class="w-4 h-4" />
+        Add
+      </button>
+    </div>
+
+    <!-- Warp List -->
+    <div v-if="Object.keys(warps).length === 0" class="text-neutral-500 text-sm text-center py-4">
+      No warps defined. Add warps here and set coordinates in-game.
+    </div>
+
+    <div
+      v-for="(coords, name) in warps"
+      :key="name"
+      class="flex items-center justify-between bg-neutral-800/50 border border-neutral-700/50 rounded-lg px-4 py-3"
+    >
+      <div>
+        <span class="text-neutral-200 font-medium">{{ name }}</span>
+        <span class="text-neutral-500 text-xs ml-3">
+          {{ coords.x.toFixed(1) }}, {{ coords.y.toFixed(1) }}, {{ coords.z.toFixed(1) }}
+        </span>
+      </div>
+      <button
+        @click="removeWarp(name as string)"
+        class="text-neutral-600 hover:text-red-400 transition-colors p-1"
+      >
+        <Trash2 class="w-4 h-4" />
+      </button>
+    </div>
+  </div>
+</template>

frontend/src/data/rust-containers.ts

@@ -0,0 +1,72 @@
+export interface RustContainer {
+  prefab: string
+  name: string
+  category: 'crates' | 'barrels' | 'military' | 'npcs' | 'other'
+}
+
+export const rustContainers: RustContainer[] = [
+  // Crates
+  { prefab: 'assets/bundled/prefabs/radtown/crate_normal.prefab', name: 'Crate', category: 'crates' },
+  { prefab: 'assets/bundled/prefabs/radtown/crate_normal_2.prefab', name: 'Crate (Small)', category: 'crates' },
+  { prefab: 'assets/bundled/prefabs/radtown/crate_elite.prefab', name: 'Elite Crate', category: 'crates' },
+  { prefab: 'assets/bundled/prefabs/radtown/crate_tools.prefab', name: 'Tool Crate', category: 'crates' },
+  { prefab: 'assets/bundled/prefabs/radtown/crate_food_1.prefab', name: 'Food Crate (Small)', category: 'crates' },
+  { prefab: 'assets/bundled/prefabs/radtown/crate_food_2.prefab', name: 'Food Crate', category: 'crates' },
+  { prefab: 'assets/bundled/prefabs/radtown/crate_medical.prefab', name: 'Medical Crate', category: 'crates' },
+  { prefab: 'assets/bundled/prefabs/radtown/crate_mine.prefab', name: 'Mine Crate', category: 'crates' },
+  { prefab: 'assets/bundled/prefabs/radtown/crate_fuel.prefab', name: 'Fuel Crate', category: 'crates' },
+  { prefab: 'assets/bundled/prefabs/radtown/crate_basic.prefab', name: 'Basic Crate', category: 'crates' },
+  { prefab: 'assets/bundled/prefabs/radtown/crate_underwater_basic.prefab', name: 'Underwater Basic Crate', category: 'crates' },
+  { prefab: 'assets/bundled/prefabs/radtown/crate_underwater_advanced.prefab', name: 'Underwater Advanced Crate', category: 'crates' },
+  { prefab: 'assets/bundled/prefabs/radtown/vehicle_parts.prefab', name: 'Vehicle Parts', category: 'crates' },
+
+  // Barrels
+  { prefab: 'assets/bundled/prefabs/radtown/loot_barrel_1.prefab', name: 'Barrel', category: 'barrels' },
+  { prefab: 'assets/bundled/prefabs/radtown/loot_barrel_2.prefab', name: 'Barrel 2', category: 'barrels' },
+  { prefab: 'assets/bundled/prefabs/radtown/oil_barrel.prefab', name: 'Oil Barrel', category: 'barrels' },
+  { prefab: 'assets/bundled/prefabs/radtown/loot-barrel-1.prefab', name: 'Barrel (Alt)', category: 'barrels' },
+  { prefab: 'assets/bundled/prefabs/radtown/loot-barrel-2.prefab', name: 'Barrel 2 (Alt)', category: 'barrels' },
+
+  // Military
+  { prefab: 'assets/bundled/prefabs/radtown/crate_helicopter.prefab', name: 'Helicopter Crate', category: 'military' },
+  { prefab: 'assets/bundled/prefabs/radtown/bradley_crate.prefab', name: 'Bradley Crate', category: 'military' },
+  { prefab: 'assets/bundled/prefabs/radtown/supply_drop.prefab', name: 'Supply Drop', category: 'military' },
+  { prefab: 'assets/bundled/prefabs/radtown/crate_locked.prefab', name: 'Locked Crate', category: 'military' },
+  { prefab: 'assets/bundled/prefabs/radtown/crate_hackable.prefab', name: 'Hackable Crate', category: 'military' },
+  { prefab: 'assets/bundled/prefabs/radtown/crate_normal_2_food.prefab', name: 'Military Food Crate', category: 'military' },
+  { prefab: 'assets/bundled/prefabs/radtown/crate_normal_2_medical.prefab', name: 'Military Medical Crate', category: 'military' },
+
+  // NPCs
+  { prefab: 'assets/rust.ai/agents/npcplayer/humannpc/scientist/scientistnpc_full_any.prefab', name: 'Scientist', category: 'npcs' },
+  { prefab: 'assets/rust.ai/agents/npcplayer/humannpc/scientist/scientistnpc_heavy.prefab', name: 'Heavy Scientist', category: 'npcs' },
+  { prefab: 'assets/rust.ai/agents/npcplayer/humannpc/scientist/scientistnpc_oilrig.prefab', name: 'Oil Rig Scientist', category: 'npcs' },
+  { prefab: 'assets/rust.ai/agents/npcplayer/humannpc/scientist/scientistnpc_patrol.prefab', name: 'Patrol Scientist', category: 'npcs' },
+  { prefab: 'assets/rust.ai/agents/npcplayer/humannpc/scientist/scientistnpc_junkpile.prefab', name: 'Junkpile Scientist', category: 'npcs' },
+  { prefab: 'assets/rust.ai/agents/npcplayer/humannpc/scientist/scientistnpc_peacekeeper.prefab', name: 'Peacekeeper', category: 'npcs' },
+  { prefab: 'assets/rust.ai/agents/npcplayer/humannpc/scientist/scientistnpc_cargo.prefab', name: 'Cargo Ship Scientist', category: 'npcs' },
+  { prefab: 'assets/rust.ai/agents/npcplayer/humannpc/scientist/scientistnpc_ch47_gunner.prefab', name: 'Chinook Gunner', category: 'npcs' },
+  { prefab: 'assets/rust.ai/agents/npcplayer/humannpc/tunneldweller/npc_tunneldweller.prefab', name: 'Tunnel Dweller', category: 'npcs' },
+  { prefab: 'assets/rust.ai/agents/npcplayer/humannpc/underwaterdweller/npc_underwaterdweller.prefab', name: 'Underwater Dweller', category: 'npcs' },
+  { prefab: 'assets/rust.ai/agents/npcplayer/humannpc/scarecrow/scarecrow.prefab', name: 'Scarecrow', category: 'npcs' },
+
+  // Other
+  { prefab: 'assets/bundled/prefabs/radtown/dmloot/dm ammo.prefab', name: 'DM Ammo', category: 'other' },
+  { prefab: 'assets/bundled/prefabs/radtown/dmloot/dm c4.prefab', name: 'DM C4', category: 'other' },
+  { prefab: 'assets/bundled/prefabs/radtown/dmloot/dm construction resources.prefab', name: 'DM Construction', category: 'other' },
+  { prefab: 'assets/bundled/prefabs/radtown/dmloot/dm construction tools.prefab', name: 'DM Tools', category: 'other' },
+  { prefab: 'assets/bundled/prefabs/radtown/dmloot/dm food.prefab', name: 'DM Food', category: 'other' },
+  { prefab: 'assets/bundled/prefabs/radtown/dmloot/dm medical.prefab', name: 'DM Medical', category: 'other' },
+  { prefab: 'assets/bundled/prefabs/radtown/dmloot/dm res.prefab', name: 'DM Resources', category: 'other' },
+  { prefab: 'assets/bundled/prefabs/radtown/dmloot/dm tier1 lootbox.prefab', name: 'DM Tier 1 Lootbox', category: 'other' },
+  { prefab: 'assets/bundled/prefabs/radtown/dmloot/dm tier2 lootbox.prefab', name: 'DM Tier 2 Lootbox', category: 'other' },
+  { prefab: 'assets/bundled/prefabs/radtown/dmloot/dm tier3 lootbox.prefab', name: 'DM Tier 3 Lootbox', category: 'other' },
+  { prefab: 'assets/bundled/prefabs/radtown/minecart.prefab', name: 'Minecart', category: 'other' },
+  { prefab: 'assets/bundled/prefabs/radtown/underwater_labs/crate_food_1_underwater_lab.prefab', name: 'Lab Food Crate', category: 'other' },
+  { prefab: 'assets/bundled/prefabs/radtown/underwater_labs/crate_normal_underwater_lab.prefab', name: 'Lab Crate', category: 'other' },
+  { prefab: 'assets/bundled/prefabs/radtown/underwater_labs/crate_elite_underwater_lab.prefab', name: 'Lab Elite Crate', category: 'other' },
+  { prefab: 'assets/bundled/prefabs/radtown/underwater_labs/crate_tools_underwater_lab.prefab', name: 'Lab Tool Crate', category: 'other' },
+]
+
+export const containerCategories = ['crates', 'barrels', 'military', 'npcs', 'other'] as const
+
+export type ContainerCategory = typeof containerCategories[number]

frontend/src/data/rust-items.ts

@@ -0,0 +1,259 @@
+export interface RustItem {
+  shortname: string
+  name: string
+  category: 'weapons' | 'ammo' | 'medical' | 'attire' | 'tools' | 'resources' | 'components' | 'food' | 'traps' | 'construction' | 'electrical' | 'fun' | 'misc'
+  maxStack: number
+}
+
+export const rustItems: RustItem[] = [
+  // Weapons
+  { shortname: 'rifle.ak', name: 'Assault Rifle', category: 'weapons', maxStack: 1 },
+  { shortname: 'rifle.lr300', name: 'LR-300', category: 'weapons', maxStack: 1 },
+  { shortname: 'rifle.bolt', name: 'Bolt Action Rifle', category: 'weapons', maxStack: 1 },
+  { shortname: 'rifle.m39', name: 'M39 Rifle', category: 'weapons', maxStack: 1 },
+  { shortname: 'rifle.semiauto', name: 'Semi-Auto Rifle', category: 'weapons', maxStack: 1 },
+  { shortname: 'rifle.l96', name: 'L96 Rifle', category: 'weapons', maxStack: 1 },
+  { shortname: 'smg.mp5', name: 'MP5A4', category: 'weapons', maxStack: 1 },
+  { shortname: 'smg.thompson', name: 'Thompson', category: 'weapons', maxStack: 1 },
+  { shortname: 'smg.2', name: 'Custom SMG', category: 'weapons', maxStack: 1 },
+  { shortname: 'pistol.revolver', name: 'Revolver', category: 'weapons', maxStack: 1 },
+  { shortname: 'pistol.semiauto', name: 'Semi-Auto Pistol', category: 'weapons', maxStack: 1 },
+  { shortname: 'pistol.python', name: 'Python Revolver', category: 'weapons', maxStack: 1 },
+  { shortname: 'pistol.m92', name: 'M92 Pistol', category: 'weapons', maxStack: 1 },
+  { shortname: 'pistol.nailgun', name: 'Nailgun', category: 'weapons', maxStack: 1 },
+  { shortname: 'shotgun.pump', name: 'Pump Shotgun', category: 'weapons', maxStack: 1 },
+  { shortname: 'shotgun.spas12', name: 'Spas-12', category: 'weapons', maxStack: 1 },
+  { shortname: 'shotgun.double', name: 'Double Barrel Shotgun', category: 'weapons', maxStack: 1 },
+  { shortname: 'shotgun.waterpipe', name: 'Waterpipe Shotgun', category: 'weapons', maxStack: 1 },
+  { shortname: 'lmg.m249', name: 'M249', category: 'weapons', maxStack: 1 },
+  { shortname: 'rocket.launcher', name: 'Rocket Launcher', category: 'weapons', maxStack: 1 },
+  { shortname: 'multiplegrenadelauncher', name: 'Multiple Grenade Launcher', category: 'weapons', maxStack: 1 },
+  { shortname: 'weapon.mod.lasersight', name: 'Laser Sight', category: 'weapons', maxStack: 1 },
+  { shortname: 'weapon.mod.holosight', name: 'Holosight', category: 'weapons', maxStack: 1 },
+  { shortname: 'weapon.mod.flashlight', name: 'Flashlight', category: 'weapons', maxStack: 1 },
+  { shortname: 'weapon.mod.silencer', name: 'Silencer', category: 'weapons', maxStack: 1 },
+  { shortname: 'weapon.mod.simplesight', name: 'Simple Handmade Sight', category: 'weapons', maxStack: 1 },
+  { shortname: 'weapon.mod.small.scope', name: 'Handmade Scope', category: 'weapons', maxStack: 1 },
+  { shortname: 'weapon.mod.8x.scope', name: '8x Zoom Scope', category: 'weapons', maxStack: 1 },
+  { shortname: 'weapon.mod.muzzleboost', name: 'Muzzle Boost', category: 'weapons', maxStack: 1 },
+  { shortname: 'weapon.mod.muzzlebrake', name: 'Muzzle Brake', category: 'weapons', maxStack: 1 },
+  { shortname: 'crossbow', name: 'Crossbow', category: 'weapons', maxStack: 1 },
+  { shortname: 'bow.hunting', name: 'Hunting Bow', category: 'weapons', maxStack: 1 },
+  { shortname: 'bow.compound', name: 'Compound Bow', category: 'weapons', maxStack: 1 },
+  { shortname: 'spear.wooden', name: 'Wooden Spear', category: 'weapons', maxStack: 1 },
+  { shortname: 'spear.stone', name: 'Stone Spear', category: 'weapons', maxStack: 1 },
+  { shortname: 'machete', name: 'Machete', category: 'weapons', maxStack: 1 },
+  { shortname: 'longsword', name: 'Longsword', category: 'weapons', maxStack: 1 },
+  { shortname: 'salvaged.sword', name: 'Salvaged Sword', category: 'weapons', maxStack: 1 },
+  { shortname: 'salvaged.cleaver', name: 'Salvaged Cleaver', category: 'weapons', maxStack: 1 },
+  { shortname: 'knife.combat', name: 'Combat Knife', category: 'weapons', maxStack: 1 },
+  { shortname: 'bone.club', name: 'Bone Club', category: 'weapons', maxStack: 1 },
+  { shortname: 'mace', name: 'Mace', category: 'weapons', maxStack: 1 },
+  { shortname: 'grenade.f1', name: 'F1 Grenade', category: 'weapons', maxStack: 1 },
+  { shortname: 'grenade.beancan', name: 'Beancan Grenade', category: 'weapons', maxStack: 1 },
+  { shortname: 'explosive.satchel', name: 'Satchel Charge', category: 'weapons', maxStack: 1 },
+  { shortname: 'explosive.timed', name: 'Timed Explosive', category: 'weapons', maxStack: 1 },
+  { shortname: 'surveycharge', name: 'Survey Charge', category: 'weapons', maxStack: 1 },
+  { shortname: 'flare', name: 'Flare', category: 'weapons', maxStack: 1 },
+  { shortname: 'pistol.eoka', name: 'Eoka Pistol', category: 'weapons', maxStack: 1 },
+
+  // Ammo
+  { shortname: 'ammo.rifle', name: '5.56 Rifle Ammo', category: 'ammo', maxStack: 128 },
+  { shortname: 'ammo.rifle.hv', name: 'HV 5.56 Rifle Ammo', category: 'ammo', maxStack: 128 },
+  { shortname: 'ammo.rifle.incendiary', name: 'Incendiary 5.56 Ammo', category: 'ammo', maxStack: 128 },
+  { shortname: 'ammo.rifle.explosive', name: 'Explosive 5.56 Ammo', category: 'ammo', maxStack: 128 },
+  { shortname: 'ammo.pistol', name: 'Pistol Bullet', category: 'ammo', maxStack: 128 },
+  { shortname: 'ammo.pistol.hv', name: 'HV Pistol Ammo', category: 'ammo', maxStack: 128 },
+  { shortname: 'ammo.pistol.fire', name: 'Incendiary Pistol Bullet', category: 'ammo', maxStack: 128 },
+  { shortname: 'ammo.shotgun', name: 'Handmade Shell', category: 'ammo', maxStack: 64 },
+  { shortname: 'ammo.shotgun.slug', name: '12 Gauge Slug', category: 'ammo', maxStack: 64 },
+  { shortname: 'ammo.shotgun.fire', name: '12 Gauge Incendiary Shell', category: 'ammo', maxStack: 64 },
+  { shortname: 'ammo.rocket.basic', name: 'Rocket', category: 'ammo', maxStack: 3 },
+  { shortname: 'ammo.rocket.hv', name: 'HV Rocket', category: 'ammo', maxStack: 3 },
+  { shortname: 'ammo.rocket.fire', name: 'Incendiary Rocket', category: 'ammo', maxStack: 3 },
+  { shortname: 'arrow.wooden', name: 'Wooden Arrow', category: 'ammo', maxStack: 64 },
+  { shortname: 'arrow.hv', name: 'High Velocity Arrow', category: 'ammo', maxStack: 64 },
+  { shortname: 'arrow.fire', name: 'Fire Arrow', category: 'ammo', maxStack: 64 },
+  { shortname: 'arrow.bone', name: 'Bone Arrow', category: 'ammo', maxStack: 64 },
+  { shortname: 'ammo.nailgun.nails', name: 'Nailgun Nails', category: 'ammo', maxStack: 64 },
+  { shortname: 'ammo.grenadelauncher.he', name: '40mm HE Grenade', category: 'ammo', maxStack: 12 },
+  { shortname: 'ammo.grenadelauncher.smoke', name: '40mm Smoke Grenade', category: 'ammo', maxStack: 12 },
+
+  // Medical
+  { shortname: 'syringe.medical', name: 'Medical Syringe', category: 'medical', maxStack: 3 },
+  { shortname: 'largemedkit', name: 'Large Medkit', category: 'medical', maxStack: 1 },
+  { shortname: 'bandage', name: 'Bandage', category: 'medical', maxStack: 3 },
+  { shortname: 'antiradpills', name: 'Anti-Radiation Pills', category: 'medical', maxStack: 10 },
+  { shortname: 'blood', name: 'Blood', category: 'medical', maxStack: 1 },
+
+  // Attire
+  { shortname: 'metal.facemask', name: 'Metal Facemask', category: 'attire', maxStack: 1 },
+  { shortname: 'metal.plate.torso', name: 'Metal Chest Plate', category: 'attire', maxStack: 1 },
+  { shortname: 'roadsign.jacket', name: 'Roadsign Jacket', category: 'attire', maxStack: 1 },
+  { shortname: 'roadsign.kilt', name: 'Roadsign Kilt', category: 'attire', maxStack: 1 },
+  { shortname: 'coffeecan.helmet', name: 'Coffee Can Helmet', category: 'attire', maxStack: 1 },
+  { shortname: 'riot.helmet', name: 'Riot Helmet', category: 'attire', maxStack: 1 },
+  { shortname: 'bucket.helmet', name: 'Bucket Helmet', category: 'attire', maxStack: 1 },
+  { shortname: 'hoodie', name: 'Hoodie', category: 'attire', maxStack: 1 },
+  { shortname: 'pants', name: 'Pants', category: 'attire', maxStack: 1 },
+  { shortname: 'shoes.boots', name: 'Boots', category: 'attire', maxStack: 1 },
+  { shortname: 'burlap.shirt', name: 'Burlap Shirt', category: 'attire', maxStack: 1 },
+  { shortname: 'burlap.trousers', name: 'Burlap Trousers', category: 'attire', maxStack: 1 },
+  { shortname: 'burlap.shoes', name: 'Burlap Shoes', category: 'attire', maxStack: 1 },
+  { shortname: 'burlap.headwrap', name: 'Burlap Headwrap', category: 'attire', maxStack: 1 },
+  { shortname: 'burlap.gloves', name: 'Burlap Gloves', category: 'attire', maxStack: 1 },
+  { shortname: 'hat.wolf', name: 'Wolf Headdress', category: 'attire', maxStack: 1 },
+  { shortname: 'hat.boonie', name: 'Boonie Hat', category: 'attire', maxStack: 1 },
+  { shortname: 'hat.beenie', name: 'Beenie Hat', category: 'attire', maxStack: 1 },
+  { shortname: 'hat.miner', name: 'Miners Hat', category: 'attire', maxStack: 1 },
+  { shortname: 'hat.candle', name: 'Candle Hat', category: 'attire', maxStack: 1 },
+  { shortname: 'attire.hide.poncho', name: 'Hide Poncho', category: 'attire', maxStack: 1 },
+  { shortname: 'attire.hide.vest', name: 'Hide Vest', category: 'attire', maxStack: 1 },
+  { shortname: 'attire.hide.boots', name: 'Hide Boots', category: 'attire', maxStack: 1 },
+  { shortname: 'attire.hide.pants', name: 'Hide Pants', category: 'attire', maxStack: 1 },
+  { shortname: 'attire.hide.skirt', name: 'Hide Skirt', category: 'attire', maxStack: 1 },
+  { shortname: 'deer.skull.mask', name: 'Deer Skull Mask', category: 'attire', maxStack: 1 },
+  { shortname: 'bone.armor.suit', name: 'Bone Armor', category: 'attire', maxStack: 1 },
+  { shortname: 'heavy.plate.helmet', name: 'Heavy Plate Helmet', category: 'attire', maxStack: 1 },
+  { shortname: 'heavy.plate.jacket', name: 'Heavy Plate Jacket', category: 'attire', maxStack: 1 },
+  { shortname: 'heavy.plate.pants', name: 'Heavy Plate Pants', category: 'attire', maxStack: 1 },
+  { shortname: 'hazmatsuit', name: 'Hazmat Suit', category: 'attire', maxStack: 1 },
+  { shortname: 'nightvisiongoggles', name: 'Night Vision Goggles', category: 'attire', maxStack: 1 },
+  { shortname: 'tactical.gloves', name: 'Tactical Gloves', category: 'attire', maxStack: 1 },
+
+  // Tools
+  { shortname: 'hatchet', name: 'Hatchet', category: 'tools', maxStack: 1 },
+  { shortname: 'pickaxe', name: 'Pickaxe', category: 'tools', maxStack: 1 },
+  { shortname: 'stone.pickaxe', name: 'Stone Pickaxe', category: 'tools', maxStack: 1 },
+  { shortname: 'stonehatchet', name: 'Stone Hatchet', category: 'tools', maxStack: 1 },
+  { shortname: 'rock', name: 'Rock', category: 'tools', maxStack: 1 },
+  { shortname: 'torch', name: 'Torch', category: 'tools', maxStack: 1 },
+  { shortname: 'jackhammer', name: 'Jackhammer', category: 'tools', maxStack: 1 },
+  { shortname: 'chainsaw', name: 'Chainsaw', category: 'tools', maxStack: 1 },
+  { shortname: 'hammer', name: 'Hammer', category: 'tools', maxStack: 1 },
+  { shortname: 'wire.cutter', name: 'Wire Cutter', category: 'tools', maxStack: 1 },
+  { shortname: 'tool.binoculars', name: 'Binoculars', category: 'tools', maxStack: 1 },
+  { shortname: 'tool.camera', name: 'Camera', category: 'tools', maxStack: 1 },
+  { shortname: 'geiger.counter', name: 'Geiger Counter', category: 'tools', maxStack: 1 },
+  { shortname: 'supply.signal', name: 'Supply Signal', category: 'tools', maxStack: 1 },
+  { shortname: 'map', name: 'Map', category: 'tools', maxStack: 1 },
+  { shortname: 'note', name: 'Note', category: 'tools', maxStack: 1 },
+  { shortname: 'blueprintbase', name: 'Blueprint', category: 'tools', maxStack: 1 },
+
+  // Resources
+  { shortname: 'wood', name: 'Wood', category: 'resources', maxStack: 1000 },
+  { shortname: 'stones', name: 'Stones', category: 'resources', maxStack: 1000 },
+  { shortname: 'metal.ore', name: 'Metal Ore', category: 'resources', maxStack: 1000 },
+  { shortname: 'metal.fragments', name: 'Metal Fragments', category: 'resources', maxStack: 1000 },
+  { shortname: 'metal.refined', name: 'High Quality Metal', category: 'resources', maxStack: 100 },
+  { shortname: 'sulfur.ore', name: 'Sulfur Ore', category: 'resources', maxStack: 1000 },
+  { shortname: 'sulfur', name: 'Sulfur', category: 'resources', maxStack: 1000 },
+  { shortname: 'gunpowder', name: 'Gun Powder', category: 'resources', maxStack: 500 },
+  { shortname: 'explosives', name: 'Explosives', category: 'resources', maxStack: 10 },
+  { shortname: 'charcoal', name: 'Charcoal', category: 'resources', maxStack: 1000 },
+  { shortname: 'lowgradefuel', name: 'Low Grade Fuel', category: 'resources', maxStack: 500 },
+  { shortname: 'crude.oil', name: 'Crude Oil', category: 'resources', maxStack: 500 },
+  { shortname: 'leather', name: 'Leather', category: 'resources', maxStack: 1000 },
+  { shortname: 'cloth', name: 'Cloth', category: 'resources', maxStack: 1000 },
+  { shortname: 'fat.animal', name: 'Animal Fat', category: 'resources', maxStack: 1000 },
+  { shortname: 'bone.fragments', name: 'Bone Fragments', category: 'resources', maxStack: 1000 },
+  { shortname: 'scrap', name: 'Scrap', category: 'resources', maxStack: 1000 },
+  { shortname: 'diesel_barrel', name: 'Diesel Fuel', category: 'resources', maxStack: 20 },
+
+  // Components
+  { shortname: 'riflebody', name: 'Rifle Body', category: 'components', maxStack: 1 },
+  { shortname: 'smgbody', name: 'SMG Body', category: 'components', maxStack: 1 },
+  { shortname: 'semibody', name: 'Semi Auto Body', category: 'components', maxStack: 1 },
+  { shortname: 'metalpipe', name: 'Metal Pipe', category: 'components', maxStack: 5 },
+  { shortname: 'metalspring', name: 'Metal Spring', category: 'components', maxStack: 5 },
+  { shortname: 'gears', name: 'Gears', category: 'components', maxStack: 5 },
+  { shortname: 'roadsigns', name: 'Road Signs', category: 'components', maxStack: 5 },
+  { shortname: 'sewingkit', name: 'Sewing Kit', category: 'components', maxStack: 5 },
+  { shortname: 'tarp', name: 'Tarp', category: 'components', maxStack: 5 },
+  { shortname: 'rope', name: 'Rope', category: 'components', maxStack: 5 },
+  { shortname: 'sheetmetal', name: 'Sheet Metal', category: 'components', maxStack: 5 },
+  { shortname: 'techparts', name: 'Tech Trash', category: 'components', maxStack: 5 },
+  { shortname: 'propanetank', name: 'Propane Tank', category: 'components', maxStack: 5 },
+  { shortname: 'targeting.computer', name: 'Targeting Computer', category: 'components', maxStack: 1 },
+  { shortname: 'cctv.camera', name: 'CCTV Camera', category: 'components', maxStack: 1 },
+  { shortname: 'electric.fuse', name: 'Fuse', category: 'components', maxStack: 5 },
+  { shortname: 'bleach', name: 'Bleach', category: 'components', maxStack: 5 },
+  { shortname: 'ducttape', name: 'Duct Tape', category: 'components', maxStack: 5 },
+
+  // Food
+  { shortname: 'apple', name: 'Apple', category: 'food', maxStack: 10 },
+  { shortname: 'granolabar', name: 'Granola Bar', category: 'food', maxStack: 10 },
+  { shortname: 'can.beans', name: 'Can of Beans', category: 'food', maxStack: 10 },
+  { shortname: 'can.tuna', name: 'Can of Tuna', category: 'food', maxStack: 10 },
+  { shortname: 'chocbar', name: 'Chocolate Bar', category: 'food', maxStack: 10 },
+  { shortname: 'mushroom', name: 'Mushroom', category: 'food', maxStack: 20 },
+  { shortname: 'meat.boar', name: 'Boar Meat', category: 'food', maxStack: 20 },
+  { shortname: 'chicken.raw', name: 'Raw Chicken', category: 'food', maxStack: 20 },
+  { shortname: 'humanmeat.raw', name: 'Raw Human Meat', category: 'food', maxStack: 20 },
+  { shortname: 'wolfmeat.raw', name: 'Raw Wolf Meat', category: 'food', maxStack: 20 },
+  { shortname: 'deermeat.raw', name: 'Raw Deer Meat', category: 'food', maxStack: 20 },
+  { shortname: 'bearmeat', name: 'Bear Meat', category: 'food', maxStack: 20 },
+  { shortname: 'fish.raw', name: 'Raw Fish', category: 'food', maxStack: 20 },
+  { shortname: 'corn', name: 'Corn', category: 'food', maxStack: 20 },
+  { shortname: 'pumpkin', name: 'Pumpkin', category: 'food', maxStack: 20 },
+  { shortname: 'potato', name: 'Potato', category: 'food', maxStack: 20 },
+  { shortname: 'waterjug', name: 'Water Jug', category: 'food', maxStack: 1 },
+  { shortname: 'water', name: 'Water', category: 'food', maxStack: 1 },
+  { shortname: 'water.purified', name: 'Pure Water', category: 'food', maxStack: 10 },
+
+  // Traps
+  { shortname: 'trap.bear', name: 'Snap Trap', category: 'traps', maxStack: 3 },
+  { shortname: 'trap.landmine', name: 'Landmine', category: 'traps', maxStack: 3 },
+  { shortname: 'autoturret', name: 'Auto Turret', category: 'traps', maxStack: 1 },
+  { shortname: 'flameturret', name: 'Flame Turret', category: 'traps', maxStack: 1 },
+  { shortname: 'guntrap', name: 'Shotgun Trap', category: 'traps', maxStack: 1 },
+  { shortname: 'sam.site', name: 'SAM Site', category: 'traps', maxStack: 1 },
+
+  // Construction
+  { shortname: 'wall.external.high', name: 'High External Wall', category: 'construction', maxStack: 10 },
+  { shortname: 'wall.external.high.stone', name: 'High External Stone Wall', category: 'construction', maxStack: 10 },
+  { shortname: 'gates.external.high.wood', name: 'High External Wooden Gate', category: 'construction', maxStack: 1 },
+  { shortname: 'gates.external.high.stone', name: 'High External Stone Gate', category: 'construction', maxStack: 1 },
+  { shortname: 'barricade.metal', name: 'Metal Barricade', category: 'construction', maxStack: 3 },
+  { shortname: 'barricade.sandbags', name: 'Sandbag Barricade', category: 'construction', maxStack: 5 },
+  { shortname: 'barricade.concrete', name: 'Concrete Barricade', category: 'construction', maxStack: 3 },
+  { shortname: 'barricade.wood', name: 'Wooden Barricade', category: 'construction', maxStack: 5 },
+  { shortname: 'barricade.woodwire', name: 'Barbed Wooden Barricade', category: 'construction', maxStack: 3 },
+  { shortname: 'lock.code', name: 'Code Lock', category: 'construction', maxStack: 1 },
+  { shortname: 'lock.key', name: 'Key Lock', category: 'construction', maxStack: 1 },
+
+  // Misc
+  { shortname: 'workbench1', name: 'Work Bench Level 1', category: 'misc', maxStack: 1 },
+  { shortname: 'workbench2', name: 'Work Bench Level 2', category: 'misc', maxStack: 1 },
+  { shortname: 'workbench3', name: 'Work Bench Level 3', category: 'misc', maxStack: 1 },
+  { shortname: 'furnace', name: 'Furnace', category: 'misc', maxStack: 1 },
+  { shortname: 'furnace.large', name: 'Large Furnace', category: 'misc', maxStack: 1 },
+  { shortname: 'campfire', name: 'Camp Fire', category: 'misc', maxStack: 1 },
+  { shortname: 'box.wooden', name: 'Wood Storage Box', category: 'misc', maxStack: 1 },
+  { shortname: 'box.wooden.large', name: 'Large Wood Box', category: 'misc', maxStack: 1 },
+  { shortname: 'cupboard.tool', name: 'Tool Cupboard', category: 'misc', maxStack: 1 },
+  { shortname: 'sleepingbag', name: 'Sleeping Bag', category: 'misc', maxStack: 1 },
+  { shortname: 'bed', name: 'Bed', category: 'misc', maxStack: 1 },
+  { shortname: 'research.table', name: 'Research Table', category: 'misc', maxStack: 1 },
+  { shortname: 'mining.quarry', name: 'Mining Quarry', category: 'misc', maxStack: 1 },
+  { shortname: 'small.oil.refinery', name: 'Small Oil Refinery', category: 'misc', maxStack: 1 },
+  { shortname: 'water.purifier', name: 'Water Purifier', category: 'misc', maxStack: 1 },
+  { shortname: 'stocking.small', name: 'Small Stocking', category: 'misc', maxStack: 1 },
+  { shortname: 'stocking.large', name: 'Large Stocking', category: 'misc', maxStack: 1 },
+  { shortname: 'kayak', name: 'Kayak', category: 'misc', maxStack: 1 },
+  { shortname: 'fridge', name: 'Fridge', category: 'misc', maxStack: 1 },
+  { shortname: 'locker', name: 'Locker', category: 'misc', maxStack: 1 },
+  { shortname: 'vending.machine', name: 'Vending Machine', category: 'misc', maxStack: 1 },
+  { shortname: 'wall.frame.shopfront', name: 'Shop Front', category: 'misc', maxStack: 1 },
+  { shortname: 'door.hinged.metal', name: 'Sheet Metal Door', category: 'misc', maxStack: 1 },
+  { shortname: 'door.hinged.toptier', name: 'Armored Door', category: 'misc', maxStack: 1 },
+  { shortname: 'door.double.hinged.metal', name: 'Sheet Metal Double Door', category: 'misc', maxStack: 1 },
+  { shortname: 'door.double.hinged.toptier', name: 'Armored Double Door', category: 'misc', maxStack: 1 },
+]
+
+export const itemCategories = [
+  'weapons', 'ammo', 'medical', 'attire', 'tools', 'resources',
+  'components', 'food', 'traps', 'construction', 'electrical', 'fun', 'misc',
+] as const
+
+export type ItemCategory = typeof itemCategories[number]

frontend/src/main.ts

@@ -2,6 +2,7 @@ import { createApp } from 'vue'
 import { createPinia } from 'pinia'
 import piniaPluginPersistedstate from 'pinia-plugin-persistedstate'
 
+import { VueFinderPlugin } from 'vuefinder'
 import App from './App.vue'
 import router from './router'
 import './style.css'
@@ -14,5 +15,6 @@ pinia.use(piniaPluginPersistedstate)
 
 app.use(pinia)
 app.use(router)
+app.use(VueFinderPlugin)
 
 app.mount('#app')

frontend/src/router/index.ts

@@ -110,6 +110,56 @@ const panelRoutes: RouteRecordRaw[] = [
         name: 'files',
         component: () => import('@/views/admin/FileManagerView.vue'),
       },
+      {
+        path: 'plugin-configs',
+        name: 'plugin-configs',
+        component: () => import('@/views/admin/PluginConfigsView.vue'),
+      },
+      {
+        path: 'loot-builder',
+        name: 'loot-builder',
+        component: () => import('@/views/admin/LootBuilderView.vue'),
+      },
+      {
+        path: 'teleport-config',
+        name: 'teleport-config',
+        component: () => import('@/views/admin/TeleportConfigView.vue'),
+      },
+      {
+        path: 'gather-manager',
+        name: 'gather-manager',
+        component: () => import('@/views/admin/GatherManagerView.vue'),
+      },
+      {
+        path: 'autodoors',
+        name: 'autodoors',
+        component: () => import('@/views/admin/AutoDoorsView.vue'),
+      },
+      {
+        path: 'kits',
+        name: 'kits-config',
+        component: () => import('@/views/admin/KitsView.vue'),
+      },
+      {
+        path: 'furnace-splitter',
+        name: 'furnace-splitter',
+        component: () => import('@/views/admin/FurnaceSplitterView.vue'),
+      },
+      {
+        path: 'better-chat',
+        name: 'better-chat',
+        component: () => import('@/views/admin/BetterChatView.vue'),
+      },
+      {
+        path: 'timed-execute',
+        name: 'timed-execute',
+        component: () => import('@/views/admin/TimedExecuteView.vue'),
+      },
+      {
+        path: 'raidable-bases',
+        name: 'raidable-bases',
+        component: () => import('@/views/admin/RaidableBasesView.vue'),
+      },
       {
         path: 'wipes',
         name: 'wipes',

frontend/src/stores/autodoors.ts

@@ -0,0 +1,145 @@
+import { defineStore } from 'pinia'
+import { ref } from 'vue'
+import { useApi } from '@/composables/useApi'
+import { useToastStore } from '@/stores/toast'
+import type { AutoDoorsConfigSummary, AutoDoorsConfigFull, AutoDoorsApplyResult } from '@/types'
+
+export const useAutoDoorsStore = defineStore('autodoors', () => {
+  const configs = ref<AutoDoorsConfigSummary[]>([])
+  const currentConfig = ref<AutoDoorsConfigFull | null>(null)
+  const isLoading = ref(false)
+  const isSaving = ref(false)
+  const isApplying = ref(false)
+  const isDirty = ref(false)
+  const api = useApi()
+  const toast = useToastStore()
+
+  async function fetchConfigs() {
+    isLoading.value = true
+    try {
+      const res = await api.get<{ configs: AutoDoorsConfigSummary[] }>('/autodoors/configs')
+      configs.value = res.configs
+    } catch (err) {
+      toast.error((err as Error).message)
+    } finally {
+      isLoading.value = false
+    }
+  }
+
+  async function loadConfig(id: string) {
+    isLoading.value = true
+    try {
+      const res = await api.get<{ config: AutoDoorsConfigFull }>(`/autodoors/configs/${id}`)
+      currentConfig.value = res.config
+      isDirty.value = false
+    } catch (err) {
+      toast.error((err as Error).message)
+    } finally {
+      isLoading.value = false
+    }
+  }
+
+  async function createConfig(name: string, description?: string) {
+    try {
+      const res = await api.post<{ config: AutoDoorsConfigFull }>('/autodoors/configs', {
+        config_name: name,
+        description,
+      })
+      await fetchConfigs()
+      currentConfig.value = res.config
+      isDirty.value = false
+      toast.success(`Config "${name}" created`)
+      return res.config
+    } catch (err) {
+      toast.error((err as Error).message)
+      return null
+    }
+  }
+
+  async function saveCurrentConfig() {
+    if (!currentConfig.value) return
+    isSaving.value = true
+    try {
+      await api.put(`/autodoors/configs/${currentConfig.value.id}`, {
+        config_name: currentConfig.value.config_name,
+        description: currentConfig.value.description,
+        config_data: currentConfig.value.config_data,
+      })
+      isDirty.value = false
+      await fetchConfigs()
+      toast.success('Config saved')
+    } catch (err) {
+      toast.error((err as Error).message)
+    } finally {
+      isSaving.value = false
+    }
+  }
+
+  async function deleteConfig(id: string) {
+    try {
+      await api.del(`/autodoors/configs/${id}`)
+      if (currentConfig.value?.id === id) {
+        currentConfig.value = null
+      }
+      await fetchConfigs()
+      toast.success('Config deleted')
+    } catch (err) {
+      toast.error((err as Error).message)
+    }
+  }
+
+  async function applyToServer(id: string) {
+    isApplying.value = true
+    try {
+      const res = await api.post<AutoDoorsApplyResult>(`/autodoors/configs/${id}/apply`)
+      await fetchConfigs()
+      toast.success(res.message)
+      return res
+    } catch (err) {
+      toast.error((err as Error).message)
+      return null
+    } finally {
+      isApplying.value = false
+    }
+  }
+
+  async function importFromServer(configName: string) {
+    isLoading.value = true
+    try {
+      const res = await api.post<{ config: AutoDoorsConfigFull }>('/autodoors/import-from-server', {
+        config_name: configName,
+      })
+      await fetchConfigs()
+      currentConfig.value = res.config
+      isDirty.value = false
+      toast.success(`Config imported from server as "${configName}"`)
+      return res.config
+    } catch (err) {
+      toast.error((err as Error).message)
+      return null
+    } finally {
+      isLoading.value = false
+    }
+  }
+
+  function markDirty() {
+    isDirty.value = true
+  }
+
+  return {
+    configs,
+    currentConfig,
+    isLoading,
+    isSaving,
+    isApplying,
+    isDirty,
+    fetchConfigs,
+    loadConfig,
+    createConfig,
+    saveCurrentConfig,
+    deleteConfig,
+    applyToServer,
+    importFromServer,
+    markDirty,
+  }
+})

frontend/src/stores/betterchat.ts

@@ -0,0 +1,145 @@
+import { defineStore } from 'pinia'
+import { ref } from 'vue'
+import { useApi } from '@/composables/useApi'
+import { useToastStore } from '@/stores/toast'
+import type { BetterChatConfigSummary, BetterChatConfigFull, BetterChatApplyResult } from '@/types'
+
+export const useBetterChatStore = defineStore('betterchat', () => {
+  const configs = ref<BetterChatConfigSummary[]>([])
+  const currentConfig = ref<BetterChatConfigFull | null>(null)
+  const isLoading = ref(false)
+  const isSaving = ref(false)
+  const isApplying = ref(false)
+  const isDirty = ref(false)
+  const api = useApi()
+  const toast = useToastStore()
+
+  async function fetchConfigs() {
+    isLoading.value = true
+    try {
+      const res = await api.get<{ configs: BetterChatConfigSummary[] }>('/betterchat/configs')
+      configs.value = res.configs
+    } catch (err) {
+      toast.error((err as Error).message)
+    } finally {
+      isLoading.value = false
+    }
+  }
+
+  async function loadConfig(id: string) {
+    isLoading.value = true
+    try {
+      const res = await api.get<{ config: BetterChatConfigFull }>(`/betterchat/configs/${id}`)
+      currentConfig.value = res.config
+      isDirty.value = false
+    } catch (err) {
+      toast.error((err as Error).message)
+    } finally {
+      isLoading.value = false
+    }
+  }
+
+  async function createConfig(name: string, description?: string) {
+    try {
+      const res = await api.post<{ config: BetterChatConfigFull }>('/betterchat/configs', {
+        config_name: name,
+        description,
+      })
+      await fetchConfigs()
+      currentConfig.value = res.config
+      isDirty.value = false
+      toast.success(`Config "${name}" created`)
+      return res.config
+    } catch (err) {
+      toast.error((err as Error).message)
+      return null
+    }
+  }
+
+  async function saveCurrentConfig() {
+    if (!currentConfig.value) return
+    isSaving.value = true
+    try {
+      await api.put(`/betterchat/configs/${currentConfig.value.id}`, {
+        config_name: currentConfig.value.config_name,
+        description: currentConfig.value.description,
+        config_data: currentConfig.value.config_data,
+      })
+      isDirty.value = false
+      await fetchConfigs()
+      toast.success('Config saved')
+    } catch (err) {
+      toast.error((err as Error).message)
+    } finally {
+      isSaving.value = false
+    }
+  }
+
+  async function deleteConfig(id: string) {
+    try {
+      await api.del(`/betterchat/configs/${id}`)
+      if (currentConfig.value?.id === id) {
+        currentConfig.value = null
+      }
+      await fetchConfigs()
+      toast.success('Config deleted')
+    } catch (err) {
+      toast.error((err as Error).message)
+    }
+  }
+
+  async function applyToServer(id: string) {
+    isApplying.value = true
+    try {
+      const res = await api.post<BetterChatApplyResult>(`/betterchat/configs/${id}/apply`)
+      await fetchConfigs()
+      toast.success(res.message)
+      return res
+    } catch (err) {
+      toast.error((err as Error).message)
+      return null
+    } finally {
+      isApplying.value = false
+    }
+  }
+
+  async function importFromServer(configName: string) {
+    isLoading.value = true
+    try {
+      const res = await api.post<{ config: BetterChatConfigFull }>('/betterchat/import-from-server', {
+        config_name: configName,
+      })
+      await fetchConfigs()
+      currentConfig.value = res.config
+      isDirty.value = false
+      toast.success(`Config imported from server as "${configName}"`)
+      return res.config
+    } catch (err) {
+      toast.error((err as Error).message)
+      return null
+    } finally {
+      isLoading.value = false
+    }
+  }
+
+  function markDirty() {
+    isDirty.value = true
+  }
+
+  return {
+    configs,
+    currentConfig,
+    isLoading,
+    isSaving,
+    isApplying,
+    isDirty,
+    fetchConfigs,
+    loadConfig,
+    createConfig,
+    saveCurrentConfig,
+    deleteConfig,
+    applyToServer,
+    importFromServer,
+    markDirty,
+  }
+})