update perm syncing docs

* fix: add support for anyuid to Dockerfile

* changelog

---------

Co-authored-by: Cade Schlaefli <cade.schlaefli@mouser.com>
Co-authored-by: Brendan Kellam <bshizzle1234@gmail.com>

.cursor/rules/style.mdc

@@ -0,0 +1,7 @@
+---
+description: 
+globs: 
+alwaysApply: true
+---
+- Always use 4 spaces for indentation
+- Filenames should always be camelCase. Exception: if there are filenames in the same directory with a format other than camelCase, use that format to keep things consistent.

.dockerignore

@@ -1,11 +1,15 @@
 Dockerfile
 .dockerignore
-node_modules
 npm-debug.log
 README.md
-.next
-!.next/static
-!.next/standalone
 .git
 .sourcebot
-.env.local
+packages/web/.next
+!packages/web/.next/static
+!packages/web/.next/standalone
+**/node_modules
+**/.env.local
+**/.sentryclirc
+**/.env.sentry-build-plugin
+.yarn
+!.yarn/releases

.env

@@ -1,6 +0,0 @@
-NEXT_PUBLIC_POSTHOG_HOST=https://us.i.posthog.com
-NEXT_PUBLIC_POSTHOG_ASSET_HOST=https://us-assets.i.posthog.com
-NEXT_PUBLIC_POSTHOG_UI_HOST=https://us.posthog.com
-
-# @note: This is also set in the Dockerfile.
-NEXT_PUBLIC_POSTHOG_KEY=phc_VFn4CkEGHRdlVyOOw8mfkoj1DKVoG6y1007EClvzAnS

.env.development

@@ -0,0 +1,87 @@
+
+# Prisma
+DATABASE_URL="postgresql://postgres:postgres@localhost:5432/postgres"
+
+# Zoekt
+ZOEKT_WEBSERVER_URL="http://localhost:6070"
+# The command to use for generating ctags.
+CTAGS_COMMAND=ctags
+
+# Auth.JS
+# You can generate a new secret with:
+# openssl rand -base64 33
+# @see: https://authjs.dev/getting-started/deployment#auth_secret
+AUTH_SECRET="00000000000000000000000000000000000000000000"
+AUTH_URL="http://localhost:3000"
+# AUTH_CREDENTIALS_LOGIN_ENABLED=true
+# AUTH_EE_GITHUB_CLIENT_ID=""
+# AUTH_EE_GITHUB_CLIENT_SECRET=""
+# AUTH_EE_GOOGLE_CLIENT_ID=""
+# AUTH_EE_GOOGLE_CLIENT_SECRET=""
+
+DATA_CACHE_DIR=${PWD}/.sourcebot  # Path to the sourcebot cache dir (ex. ~/sourcebot/.sourcebot)
+SOURCEBOT_PUBLIC_KEY_PATH=${PWD}/public.pem
+CONFIG_PATH=${PWD}/config.json # Path to the sourcebot config file (if one exists)
+
+# Email
+# EMAIL_FROM_ADDRESS="" # The from address for transactional emails.
+# SMTP_CONNECTION_URL="" # The SMTP connection URL for transactional emails.
+
+# PostHog
+# POSTHOG_PAPIK=""
+
+# Sentry
+# SENTRY_BACKEND_DSN=""
+# NEXT_PUBLIC_SENTRY_WEBAPP_DSN=""
+# SENTRY_ENVIRONMENT="dev"
+# NEXT_PUBLIC_SENTRY_ENVIRONMENT="dev"
+# SENTRY_AUTH_TOKEN=
+
+# Logtail
+# LOGTAIL_TOKEN=""
+# LOGTAIL_HOST=""
+
+# Redis
+REDIS_URL="redis://localhost:6379"
+
+# Stripe
+# STRIPE_SECRET_KEY: z.string().optional(),
+# STRIPE_PRODUCT_ID: z.string().optional(),
+# STRIPE_WEBHOOK_SECRET: z.string().optional(),
+# STRIPE_ENABLE_TEST_CLOCKS=false
+
+# Agents
+
+# GITHUB_APP_ID=
+# GITHUB_APP_PRIVATE_KEY_PATH=
+# GITHUB_APP_WEBHOOK_SECRET=
+# OPENAI_API_KEY=
+REVIEW_AGENT_LOGGING_ENABLED=true
+REVIEW_AGENT_AUTO_REVIEW_ENABLED=false
+REVIEW_AGENT_REVIEW_COMMAND=review
+
+# Misc
+
+# Generated using:
+# openssl rand -base64 24
+SOURCEBOT_ENCRYPTION_KEY="00000000000000000000000000000000"
+
+SOURCEBOT_LOG_LEVEL="debug" # valid values: info, debug, warn, error
+SOURCEBOT_TELEMETRY_DISABLED=true # Disables telemetry collection
+
+# Code-host fallback tokens
+# FALLBACK_GITHUB_CLOUD_TOKEN=""
+# FALLBACK_GITLAB_CLOUD_TOKEN=""
+# FALLBACK_GITEA_CLOUD_TOKEN=""
+
+# Controls the number of concurrent indexing jobs that can run at once
+# INDEX_CONCURRENCY_MULTIPLE=
+
+# Controls the version of the web app
+# NEXT_PUBLIC_SOURCEBOT_VERSION=
+
+# CONFIG_MAX_REPOS_NO_TOKEN=
+NODE_ENV=development
+# SOURCEBOT_TENANCY_MODE=single
+
+# NEXT_PUBLIC_SOURCEBOT_CLOUD_ENVIRONMENT=

.github/DISCUSSION_TEMPLATE/ideas.yml

@@ -0,0 +1,11 @@
+body:
+  - type: textarea
+    attributes:
+      label: Describe the feature or potential improvement
+      description: Please describe the change as clear and concise as possible. Remember to add context as to why you believe this is needed.
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: Additional information
+      description: Add any other information related to the change here. If your idea is related to any issues or discussions, link them here.

.github/ISSUE_TEMPLATE/bug_report.yml

@@ -0,0 +1,29 @@
+name: 🐞 Bug Report
+description: Create a bug report to help us improve
+title: "[bug] "
+labels: ["bug", "triage needed"]
+body:
+  - type: textarea
+    attributes:
+      label: Describe the bug
+      description: A clear and concise description of the bug, as well as what you expected to happen when encountering it.
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: To reproduce
+      description: Describe how to reproduce your bug.
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: Sourcebot deployment information
+      description: 
+      value: |
+        Sourcebot version (e.g. v3.0.1): 
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: Additional information
+      description: Add any other information related to the bug here such as screenshots, logs, etc.

.github/ISSUE_TEMPLATE/config.yml

@@ -0,0 +1,4 @@
+contact_links:
+  - name: 👾 Discord
+    url: https://discord.gg/HDScTs3ptP
+    about: Something else? Join the Discord!

.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,12 @@
+---
+name: "💡 Feature Request"
+about: Suggest an idea for this project
+title: "[FR] "
+labels: enhancement
+assignees: ''
+
+---
+
+<!-- Please search existing issues to avoid creating duplicates. -->
+
+<!-- Describe the feature you'd like. -->

.github/ISSUE_TEMPLATE/get_help.md

@@ -0,0 +1,12 @@
+---
+name: "🛟 Get Help"
+about: Something isn't working the way you expect
+title: ""
+labels: help wanted
+assignees: ''
+
+---
+
+<!-- Please search existing issues to avoid creating duplicates. -->
+
+<!-- Describe the issue you are facing. -->

.github/workflows/_gcp-deploy.yml

@@ -0,0 +1,87 @@
+name: GCP Deploy
+
+on:
+  workflow_call:
+    inputs:
+      environment:
+        required: true
+        description: 'The environment to deploy to'
+        type: string
+
+jobs:
+  gcp-deploy:
+    runs-on: ubuntu-latest
+    environment: ${{ inputs.environment }}
+    env:
+      IMAGE_PATH: us-west1-docker.pkg.dev/${{ secrets.GCP_PROJECT_ID }}/sourcebot/sourcebot-${{ vars.NEXT_PUBLIC_SOURCEBOT_CLOUD_ENVIRONMENT }}
+    steps:
+      - name: 'Checkout'
+        uses: 'actions/checkout@v3'
+        with:
+          submodules: "true"
+
+      # @see: https://github.com/google-github-actions/auth?tab=readme-ov-file#direct-wif
+      - name: 'Google auth'
+        id: 'auth'
+        uses: 'google-github-actions/auth@v2'
+        with:
+          project_id: '${{ secrets.GCP_PROJECT_ID }}'
+          workload_identity_provider: '${{ secrets.GCP_WIF_PROVIDER }}'
+          
+      - name: 'Set up Cloud SDK'
+        uses: 'google-github-actions/setup-gcloud@v1'
+        with:
+          project_id: '${{ secrets.GCP_PROJECT_ID }}'
+          
+      - name: 'Docker auth'
+        run: |-
+          gcloud auth configure-docker us-west1-docker.pkg.dev
+
+      - name: Configure SSH
+        run: |
+          mkdir -p ~/.ssh/
+          echo "${{ secrets.GCP_SSH_PRIVATE_KEY }}" > ~/.ssh/private.key
+          chmod 600 ~/.ssh/private.key
+          echo "${{ secrets.GCP_SSH_KNOWN_HOSTS }}" >> ~/.ssh/known_hosts
+      
+      - name: Build Docker image
+        id: build
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          push: true
+          tags: |
+            ${{ env.IMAGE_PATH }}:${{ github.sha }}
+            ${{ env.IMAGE_PATH }}:latest
+          build-args: |
+            NEXT_PUBLIC_SOURCEBOT_VERSION=${{ github.ref_name }}
+            NEXT_PUBLIC_SOURCEBOT_CLOUD_ENVIRONMENT=${{ vars.NEXT_PUBLIC_SOURCEBOT_CLOUD_ENVIRONMENT }}
+            NEXT_PUBLIC_SENTRY_ENVIRONMENT=${{ vars.NEXT_PUBLIC_SENTRY_ENVIRONMENT }}
+            NEXT_PUBLIC_SENTRY_WEBAPP_DSN=${{ vars.NEXT_PUBLIC_SENTRY_WEBAPP_DSN }}
+            NEXT_PUBLIC_SENTRY_BACKEND_DSN=${{ vars.NEXT_PUBLIC_SENTRY_BACKEND_DSN }}
+            NEXT_PUBLIC_LANGFUSE_PUBLIC_KEY=${{ vars.NEXT_PUBLIC_LANGFUSE_PUBLIC_KEY }}
+            NEXT_PUBLIC_LANGFUSE_BASE_URL=${{ vars.NEXT_PUBLIC_LANGFUSE_BASE_URL }}
+            SENTRY_SMUAT=${{ secrets.SENTRY_SMUAT }}
+            SENTRY_ORG=${{ vars.SENTRY_ORG }}
+            SENTRY_WEBAPP_PROJECT=${{ vars.SENTRY_WEBAPP_PROJECT }}
+            SENTRY_BACKEND_PROJECT=${{ vars.SENTRY_BACKEND_PROJECT }}
+
+      
+      - name: Deploy to GCP
+        run: |
+          ssh -i ~/.ssh/private.key ${{ secrets.GCP_USERNAME }}@${{ secrets.GCP_HOST }} << 'EOF'
+            # First pull the new image
+            docker pull ${{ env.IMAGE_PATH }}:${{ github.sha }}
+
+            # Stop and remove any existing container
+            docker stop -t 60 sourcebot || true
+            docker rm sourcebot || true
+
+            # Run the new container
+            docker run -d \
+              -p 80:3000 \
+              --env-file .env \
+              -v /mnt/data:/data \
+              --name sourcebot \
+              ${{ env.IMAGE_PATH }}:${{ github.sha }}
+          EOF

.github/workflows/changelog-reminder.yml

@@ -0,0 +1,17 @@
+name: Changelog Reminder
+
+on:
+  pull_request:
+    types: [opened, synchronize, reopened, ready_for_review]
+
+jobs:
+  remind:
+    name: Changelog Reminder
+    runs-on: ubuntu-latest
+    if: ${{ !github.event.pull_request.draft }}
+    permissions:
+      contents: read
+      pull-requests: write
+    steps:
+      - uses: actions/checkout@v4
+      - uses: mskelton/changelog-reminder-action@v3

.github/workflows/deploy-demo.yml

@@ -0,0 +1,18 @@
+name: Deploy Demo
+
+on:
+  push:
+    tags: ["v*.*.*"]
+  workflow_dispatch:
+
+jobs:
+  deploy-demo:
+    uses: ./.github/workflows/_gcp-deploy.yml
+    secrets: inherit
+    permissions:
+      contents: 'read'
+      # Requird for OIDC auth with GCP.
+      # @see: https://docs.github.com/en/actions/security-for-github-actions/security-hardening-your-deployments/about-security-hardening-with-openid-connect#adding-permissions-settings
+      id-token: 'write'
+    with:
+      environment: demo

.github/workflows/docs-broken-links.yml

@@ -0,0 +1,26 @@
+name: Check for broken links in docs
+
+on:
+  pull_request:
+    branches: ["main"]
+    paths:
+      - "docs/**"
+
+jobs:
+  check-links:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Use Node.Js
+        uses: actions/setup-node@v4
+        with:
+            node-version: '20.x'
+
+      - name: Install Mintlify CLI
+        run: npm i -g mintlify
+
+      - name: Check for broken links
+        working-directory: docs
+        run: mintlify broken-links

.github/workflows/fly-deploy.yml

@@ -1,27 +0,0 @@
-# See https://fly.io/docs/app-guides/continuous-deployment-with-github-actions/
-
-name: Fly Deploy
-on:
-  push:
-    branches:
-      - main
-
-jobs:
-  deploy:
-    name: Deploy app
-    runs-on: ubuntu-latest
-    environment: production
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v4
-        with:
-          submodules: 'true'
-
-      - name: Use flyctl
-        uses: superfly/flyctl-actions/setup-flyctl@master
-
-      - name: Deploy to fly.io
-        run: flyctl deploy --local-only
-        env:
-          FLY_API_TOKEN: ${{ secrets.FLY_API_TOKEN }}

.github/workflows/ghcr-publish.yml

@@ -14,7 +14,8 @@ env:
 
 jobs:
   build:
-    runs-on: ubuntu-latest
+    runs-on: ${{ matrix.runs-on}}
+    environment: oss
     permissions:
       contents: read
       packages: write
@@ -23,9 +24,12 @@ jobs:
       id-token: write
     strategy:
       matrix:
-        platform:
-          - linux/amd64
-          - linux/arm64
+        platform: [linux/amd64, linux/arm64]
+        include:
+          - platform: linux/amd64
+            runs-on: blacksmith-4vcpu-ubuntu-2404
+          - platform: linux/arm64
+            runs-on: blacksmith-8vcpu-ubuntu-2204-arm
 
     steps:
       - name: Prepare
@@ -53,8 +57,8 @@ jobs:
         with:
           cosign-release: "v2.2.4"
 
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
+      - name: Setup Blacksmith Builder
+        uses: useblacksmith/setup-docker-builder@v1
 
       - name: Login to GitHub Packages Docker Registry
         uses: docker/login-action@v3
@@ -65,15 +69,15 @@ jobs:
 
       - name: Build Docker image
         id: build
-        uses: docker/build-push-action@v6
+        uses: useblacksmith/build-push-action@v2
         with:
           context: .
           labels: ${{ steps.meta.outputs.labels }}
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
           platforms: ${{ matrix.platform }}
-          outputs: type=image,name=${{ env.REGISTRY_IMAGE }},push-by-digest=true,name-canonical=true,push=true
-
+          outputs: type=image,name=${{ env.REGISTRY_IMAGE }},push-by-digest=true,name-canonical=true,push=true,annotation.org.opencontainers.image.description=Blazingly fast code search
+          build-args: |
+            NEXT_PUBLIC_SOURCEBOT_VERSION=${{ github.ref_name }}
+            
       - name: Export digest
         run: |
           mkdir -p /tmp/digests
@@ -103,7 +107,7 @@ jobs:
         run: echo "${TAGS}" | xargs -I {} cosign sign --yes {}@${DIGEST}
   
   merge:
-    runs-on: ubuntu-latest
+    runs-on: blacksmith-4vcpu-ubuntu-2404
     permissions:
       packages: write
     needs:
@@ -116,8 +120,8 @@ jobs:
           pattern: digests-*
           merge-multiple: true
       
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
+      - name: Setup Blacksmith Builder
+        uses: useblacksmith/setup-docker-builder@v1
       
       - name: Extract Docker metadata
         id: meta

.github/workflows/pr-gate.yml

@@ -8,7 +8,7 @@ on:
 
 jobs:
   build:
-    runs-on: ubuntu-latest
+    runs-on: blacksmith-4vcpu-ubuntu-2404
     permissions:
       contents: read
     steps:
@@ -19,6 +19,6 @@ jobs:
 
       - name: Build Docker image
         id: build
-        uses: docker/build-push-action@v6
+        uses: useblacksmith/build-push-action@v2
         with:
           context: .

.github/workflows/test-backend.yml

@@ -0,0 +1,28 @@
+name: Test Backend
+
+on:
+  pull_request:
+    branches: ["main"]
+
+
+jobs:
+  build:
+    runs-on: blacksmith-4vcpu-ubuntu-2404
+    permissions:
+      contents: read
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          submodules: "true"
+      - name: Use Node.Js
+        uses: actions/setup-node@v4
+        with:
+            node-version: '20.x'
+    
+      - name: Install
+        run: yarn install --frozen-lockfile
+    
+      - name: Test
+        run: yarn workspace @sourcebot/backend test
+    

.github/workflows/test-web.yml

@@ -0,0 +1,28 @@
+name: Test Web
+
+on:
+  pull_request:
+    branches: ["main"]
+
+
+jobs:
+  build:
+    runs-on: blacksmith-4vcpu-ubuntu-2404
+    permissions:
+      contents: read
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          submodules: "true"
+      - name: Use Node.Js
+        uses: actions/setup-node@v4
+        with:
+            node-version: '20.x'
+    
+      - name: Install
+        run: yarn install --frozen-lockfile
+    
+      - name: Test
+        run: yarn workspace @sourcebot/web test
+    

.github/workflows/update-roadmap-released.yml

@@ -0,0 +1,77 @@
+name: Update Roadmap Released
+
+on:
+    push:
+        branches:
+            - main
+    workflow_dispatch:
+    schedule:
+        - cron: "0 */6 * * *"
+
+permissions:
+    pull-requests: read
+    contents: read
+    issues: write
+
+jobs:
+    update:
+        runs-on: ubuntu-latest
+        steps:
+          - name: Update "Released" section with last 10 merged PRs
+            uses: actions/github-script@v7
+            env:
+                ROADMAP_ISSUE_NUMBER: "459"
+            with:
+                script: |
+                    const issue_number = parseInt(process.env.ROADMAP_ISSUE_NUMBER, 10);
+                    const {owner, repo} = context.repo;
+
+                    // Fetch more than 10, then sort by closed_at to be precise
+                    const batchSize = 50;
+                    const { data: prBatch } = await github.rest.pulls.list({
+                        owner,
+                        repo,
+                        state: "closed",
+                        per_page: batchSize,
+                        sort: "updated",
+                        direction: "desc"
+                    });
+
+                    const last10 = prBatch
+                        .filter(pr => pr.merged_at) // only merged PRs
+                        .sort((a, b) => new Date(b.merged_at) - new Date(a.merged_at))
+                        .slice(0, 10);
+
+                    const list = last10.map(pr => `- #${pr.number}`).join("\n");
+
+                    const start = "<!-- RELEASED:START -->";
+                    const end = "<!-- RELEASED:END -->";
+
+                    const mergedUrl = `https://github.com/${owner}/${repo}/pulls?q=is%3Apr+is%3Amerged`;
+                    const replacementBlock = [
+                        start,
+                        "",
+                        `10 most recent [merged PRs](${mergedUrl}):`,
+                        "",
+                        list,
+                        "",
+                        end
+                    ].join("\n");
+
+                    const { data: issue } = await github.rest.issues.get({ owner, repo, issue_number });
+                    let body = issue.body || "";
+
+                    if (body.includes(start) && body.includes(end)) {
+                        const pattern = new RegExp(`${start}[\\s\\S]*?${end}`);
+                        body = body.replace(pattern, replacementBlock);
+                    } else {
+                        core.setFailed('Missing RELEASED markers in roadmap issue body. Please add <!-- RELEASED:START --> and <!-- RELEASED:END --> to the issue.');
+                        return;
+                    }
+
+                    await github.rest.issues.update({
+                        owner,
+                        repo,
+                        issue_number,
+                        body
+                    });

.gitignore

@@ -1,44 +1,166 @@
-# Created by https://www.toptal.com/developers/gitignore/api/nextjs
-# Edit at https://www.toptal.com/developers/gitignore?templates=nextjs
+# Created by https://www.toptal.com/developers/gitignore/api/yarn,node
+# Edit at https://www.toptal.com/developers/gitignore?templates=yarn,node
 
-### NextJS ###
-# dependencies
-/node_modules
-/.pnp
-.pnp.js
-
-# testing
-/coverage
-
-# next.js
-/.next/
-/out/
-
-# production
-/build
-
-# misc
-.DS_Store
-*.pem
-
-# debug
+### Node ###
+# Logs
+logs
+*.log
 npm-debug.log*
 yarn-debug.log*
 yarn-error.log*
+lerna-debug.log*
 .pnpm-debug.log*
 
-# local env files
-.env*.local
+# Diagnostic reports (https://nodejs.org/api/report.html)
+report.[0-9]*.[0-9]*.[0-9]*.[0-9]*.json
 
-# vercel
-.vercel
+# Runtime data
+pids
+*.pid
+*.seed
+*.pid.lock
 
-# typescript
+# Directory for instrumented libs generated by jscoverage/JSCover
+lib-cov
+
+# Coverage directory used by tools like istanbul
+coverage
+*.lcov
+
+# nyc test coverage
+.nyc_output
+
+# Grunt intermediate storage (https://gruntjs.com/creating-plugins#storing-task-files)
+.grunt
+
+# Bower dependency directory (https://bower.io/)
+bower_components
+
+# node-waf configuration
+.lock-wscript
+
+# Compiled binary addons (https://nodejs.org/api/addons.html)
+build/Release
+
+# Dependency directories
+node_modules/
+jspm_packages/
+
+# Snowpack dependency directory (https://snowpack.dev/)
+web_modules/
+
+# TypeScript cache
 *.tsbuildinfo
-next-env.d.ts
 
-# End of https://www.toptal.com/developers/gitignore/api/nextjs
+# Optional npm cache directory
+.npm
+
+# Optional eslint cache
+.eslintcache
+
+# Optional stylelint cache
+.stylelintcache
+
+# Microbundle cache
+.rpt2_cache/
+.rts2_cache_cjs/
+.rts2_cache_es/
+.rts2_cache_umd/
+
+# Optional REPL history
+.node_repl_history
+
+# Output of 'npm pack'
+*.tgz
+
+# Yarn Integrity file
+.yarn-integrity
+
+# dotenv environment variable files
+.env
+.env.development.local
+.env.test.local
+.env.production.local
+.env.local
+
+# parcel-bundler cache (https://parceljs.org/)
+.cache
+.parcel-cache
+
+# Next.js build output
+.next
+out
+
+# Nuxt.js build / generate output
+.nuxt
+dist
+
+# Gatsby files
+.cache/
+# Comment in the public line in if your project uses Gatsby and not Next.js
+# https://nextjs.org/blog/next-9-1#public-directory-support
+# public
+
+# vuepress build output
+.vuepress/dist
+
+# vuepress v2.x temp and cache directory
+.temp
+
+# Docusaurus cache and generated files
+.docusaurus
+
+# Serverless directories
+.serverless/
+
+# FuseBox cache
+.fusebox/
+
+# DynamoDB Local files
+.dynamodb/
+
+# TernJS port file
+.tern-port
+
+# Stores VSCode versions used for testing VSCode extensions
+.vscode-test
+
+# yarn v2
+.yarn/cache
+.yarn/unplugged
+.yarn/build-state.yml
+.yarn/install-state.gz
+.pnp.*
+
+### Node Patch ###
+# Serverless Webpack directories
+.webpack/
+
+# Optional stylelint cache
+
+# SvelteKit build / generate output
+.svelte-kit
+
+### yarn ###
+# https://yarnpkg.com/getting-started/qa#which-files-should-be-gitignored
+
+.yarn/*
+!.yarn/releases
+!.yarn/patches
+!.yarn/plugins
+!.yarn/sdks
+!.yarn/versions
+
+# if you are NOT using Zero-installs, then:
+# comment the following lines
+# !.yarn/cache
+
+# and uncomment the following lines
+.pnp.*
+
+# End of https://www.toptal.com/developers/gitignore/api/yarn,node
 
 .sourcebot
 /bin
-/config.json
+/config.json
+.DS_Store

.gitmodules

@@ -1,3 +1,4 @@
 [submodule "vendor/zoekt"]
 	path = vendor/zoekt
 	url = https://github.com/sourcebot-dev/zoekt
+	branch=main

.vscode/extensions.json

@@ -0,0 +1,7 @@
+{
+    "recommendations": [
+        "dbaeumer.vscode-eslint",
+        "bradlc.vscode-tailwindcss",
+        "prisma.prisma"
+    ]
+}

.vscode/settings.json

@@ -0,0 +1,22 @@
+{
+    "files.associations": {
+        "*.json": "jsonc",
+        "index.json": "json"
+    },
+    "eslint.workingDirectories": [
+        {
+            "pattern": "./packages/*/"
+        }
+    ],
+    // @see : https://cva.style/docs/getting-started/installation#intellisense
+    "tailwindCSS.experimental.classRegex": [
+        [
+            "cva\\(([^)]*)\\)",
+            "[\"'`]([^\"'`]*).*?[\"'`]"
+        ],
+        [
+            "cx\\(([^)]*)\\)",
+            "(?:'|\"|`)([^']*)(?:'|\"|`)"
+        ]
+    ]
+}

.vscode/sourcebot.code-workspace

@@ -0,0 +1,19 @@
+{
+	"folders": [
+		{
+			"path": ".."
+		},
+		{
+			"path": "../vendor/zoekt"
+		},
+		{
+			"path": "../../sourcebot-helm-chart"
+		}
+	],
+	"settings": {
+		"files.associations": {
+			"*.json": "jsonc",
+			"index.json": "json"
+		}
+	}
+}

.yarnrc.yml

@@ -0,0 +1,3 @@
+enableGlobalCache: false
+nodeLinker: node-modules
+yarnPath: .yarn/releases/yarn-4.7.0.cjs

CHANGELOG.md

@@ -7,6 +7,730 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+### Fixed
+- Fixed review agent so that it works with GHES instances [#611](https://github.com/sourcebot-dev/sourcebot/pull/611)
+
+### Added
+- Added support for arbitrary user IDs required for OpenShift. [#658](https://github.com/sourcebot-dev/sourcebot/pull/658) 
+
+### Updated
+- Improved error messages in file source api. [#665](https://github.com/sourcebot-dev/sourcebot/pull/665)
+
+## [4.10.2] - 2025-12-04
+
+### Fixed
+- Fixed issue where the disable telemetry flag was not being respected for web server telemetry. [#657](https://github.com/sourcebot-dev/sourcebot/pull/657)
+
+## [4.10.1] - 2025-12-03
+
+### Added
+- Added `ALWAYS_INDEX_FILE_PATTERNS` environment variable to allow specifying a comma seperated list of glob patterns matching file paths that should always be indexed, regardless of size or # of trigrams. [#631](https://github.com/sourcebot-dev/sourcebot/pull/631)
+- Added button to explore menu to toggle cross-repository search. [#647](https://github.com/sourcebot-dev/sourcebot/pull/647)
+- Added server side telemetry for search metrics. [#652](https://github.com/sourcebot-dev/sourcebot/pull/652)
+
+### Fixed
+- Fixed issue where single quotes could not be used in search queries. [#629](https://github.com/sourcebot-dev/sourcebot/pull/629)
+- Fixed issue where files with special characters would fail to load. [#636](https://github.com/sourcebot-dev/sourcebot/issues/636)
+- Fixed Ask performance issues. [#632](https://github.com/sourcebot-dev/sourcebot/pull/632)
+- Fixed regression where creating a new Ask thread when unauthenticated would result in a 404. [#641](https://github.com/sourcebot-dev/sourcebot/pull/641)
+- Updated react and next package versions to fix CVE 2025-55182. [#654](https://github.com/sourcebot-dev/sourcebot/pull/654)
+
+### Changed
+- Changed the default behaviour for code nav to scope references & definitions search to the current repository. [#647](https://github.com/sourcebot-dev/sourcebot/pull/647)
+
+## [4.10.0] - 2025-11-24
+
+### Added
+- Added support for streaming code search results. [#623](https://github.com/sourcebot-dev/sourcebot/pull/623)
+- Added buttons to toggle case sensitivity and regex patterns. [#623](https://github.com/sourcebot-dev/sourcebot/pull/623)
+- Added counts to members, requets, and invites tabs in the members settings. [#621](https://github.com/sourcebot-dev/sourcebot/pull/621)
+- [Sourcebot EE] Add support for Authentik as a identity provider. [#627](https://github.com/sourcebot-dev/sourcebot/pull/627)
+
+### Changed
+- Changed the default search behaviour to match patterns as substrings and **not** regular expressions. Regular expressions can be used by toggling the regex button in search bar. [#623](https://github.com/sourcebot-dev/sourcebot/pull/623)
+- Renamed `public` query prefix to `visibility`. Allowed values for `visibility` are `public`, `private`, and `any`. [#623](https://github.com/sourcebot-dev/sourcebot/pull/623)
+- Changed `archived` query prefix to accept values `yes`, `no`, and `only`. [#623](https://github.com/sourcebot-dev/sourcebot/pull/623)
+
+### Removed
+- Removed `case` query prefix. [#623](https://github.com/sourcebot-dev/sourcebot/pull/623)
+- Removed `branch` and `b` query prefixes. Please use `rev:` instead. [#623](https://github.com/sourcebot-dev/sourcebot/pull/623)
+- Removed `regex` query prefix. [#623](https://github.com/sourcebot-dev/sourcebot/pull/623)
+
+### Fixed
+- Fixed spurious infinite loads with explore panel, file tree, and file search command. [#617](https://github.com/sourcebot-dev/sourcebot/pull/617)
+- Wipe search context on init if entitlement no longer exists [#618](https://github.com/sourcebot-dev/sourcebot/pull/618)
+- Fixed Bitbucket repository exclusions not supporting glob patterns. [#620](https://github.com/sourcebot-dev/sourcebot/pull/620)
+- Fixed issue where the repo driven permission syncer was attempting to sync public repositories. [#624](https://github.com/sourcebot-dev/sourcebot/pull/624)
+- Fixed issue where worker would not shutdown while a permission sync job (repo or user) was in progress. [#624](https://github.com/sourcebot-dev/sourcebot/pull/624)
+
+## [4.9.2] - 2025-11-13
+
+### Changed
+- Bumped the default requested search result count from 5k to 10k after optimization pass. [#615](https://github.com/sourcebot-dev/sourcebot/pull/615)
+
+### Fixed
+- Fixed incorrect shutdown of PostHog SDK in the worker. [#609](https://github.com/sourcebot-dev/sourcebot/pull/609)
+- Fixed race condition in job schedulers. [#607](https://github.com/sourcebot-dev/sourcebot/pull/607)
+- Fixed connection sync jobs getting stuck in pending or in progress after restarting the worker. [#612](https://github.com/sourcebot-dev/sourcebot/pull/612)
+- Fixed issue where connections would always sync on startup, regardless if they changed or not. [#613](https://github.com/sourcebot-dev/sourcebot/pull/613)
+- Fixed performance bottleneck in search api. Result is a order of magnitutde improvement to average search time according to benchmarks. [#615](https://github.com/sourcebot-dev/sourcebot/pull/615) 
+
+### Added
+- Added force resync buttons for connections and repositories. [#610](https://github.com/sourcebot-dev/sourcebot/pull/610)
+- Added environment variable to configure default search result count. [#616](https://github.com/sourcebot-dev/sourcebot/pull/616)
+
+## [4.9.1] - 2025-11-07
+
+### Added
+- Added support for running Sourcebot as non-root user. [#599](https://github.com/sourcebot-dev/sourcebot/pull/599)
+
+## [4.9.0] - 2025-11-04
+
+### Added
+- [Experimental][Sourcebot EE] Added GitLab permission syncing. [#585](https://github.com/sourcebot-dev/sourcebot/pull/585)
+- [Sourcebot EE] Added external identity provider config and support for multiple accounts. [#595](https://github.com/sourcebot-dev/sourcebot/pull/595)
+- Added ability to configure environment variables from the config. [#597](https://github.com/sourcebot-dev/sourcebot/pull/597)
+
+### Fixed
+- [ask sb] Fixed issue where reasoning tokens would appear in `text` content for openai compatible models. [#582](https://github.com/sourcebot-dev/sourcebot/pull/582)
+- Fixed issue with GitHub app token tracking and refreshing. [#583](https://github.com/sourcebot-dev/sourcebot/pull/583)
+- Fixed "The account is already associated with another user" errors with GitLab oauth provider. [#584](https://github.com/sourcebot-dev/sourcebot/pull/584)
+- Fixed error when viewing a generic git connection in `/settings/connections`. [#588](https://github.com/sourcebot-dev/sourcebot/pull/588)
+- Fixed issue with an unbounded `Promise.allSettled(...)` when retrieving details from the GitHub API about a large number of repositories (or orgs or users). [#591](https://github.com/sourcebot-dev/sourcebot/pull/591)
+- Fixed resource exhaustion (EAGAIN errors) when syncing generic-git-host connections with thousands of repositories. [#593](https://github.com/sourcebot-dev/sourcebot/pull/593)
+
+### Removed
+- Removed built-in secret manager. [#592](https://github.com/sourcebot-dev/sourcebot/pull/592)
+
+### Changed
+- Changed internal representation of how repo permissions are represented in the database. [#600](https://github.com/sourcebot-dev/sourcebot/pull/600)
+
+## [4.8.1] - 2025-10-29
+
+### Fixed
+- Fixed commit and branch hyperlinks not rendering for Gerrit repos. [#581](https://github.com/sourcebot-dev/sourcebot/pull/581)
+- Fixed visual bug when a repository does not have a image. [#581](https://github.com/sourcebot-dev/sourcebot/pull/581)
+- Fixed issue where the Ask homepage was not scrollable. [#581](https://github.com/sourcebot-dev/sourcebot/pull/581)
+
+## [4.8.0] - 2025-10-28
+
+### Added
+- Implement dynamic tab titles for files and folders in browse tab. [#560](https://github.com/sourcebot-dev/sourcebot/pull/560)
+- Added support for passing db connection url as seperate `DATABASE_HOST`, `DATABASE_USERNAME`, `DATABASE_PASSWORD`, `DATABASE_NAME`, and `DATABASE_ARGS` env vars. [#545](https://github.com/sourcebot-dev/sourcebot/pull/545)
+- Added support for GitHub Apps for service auth. [#570](https://github.com/sourcebot-dev/sourcebot/pull/570)
+- Added prometheus metrics for repo index manager. [#571](https://github.com/sourcebot-dev/sourcebot/pull/571)
+- Added experimental environment variable to disable API key creation for non-admin users. [#577](https://github.com/sourcebot-dev/sourcebot/pull/577)
+- [Experimental][Sourcebot EE] Added REST API to get users and delete a user. [#578](https://github.com/sourcebot-dev/sourcebot/pull/578)
+
+### Fixed
+- Fixed "dubious ownership" errors when cloning / fetching repos. [#553](https://github.com/sourcebot-dev/sourcebot/pull/553)
+- Fixed issue with Ask Sourcebot tutorial re-appearing after restarting the browser. [#563](https://github.com/sourcebot-dev/sourcebot/pull/563)
+- Fixed `repoIndexTimeoutMs` not being used for index job timeouts. [#567](https://github.com/sourcebot-dev/sourcebot/pull/567)
+
+### Changed
+- Improved search performance for unbounded search queries. [#555](https://github.com/sourcebot-dev/sourcebot/pull/555)
+- Improved homepage performance by removing client side polling. [#563](https://github.com/sourcebot-dev/sourcebot/pull/563)
+- Changed navbar indexing indicator to only report progress for first time indexing jobs. [#563](https://github.com/sourcebot-dev/sourcebot/pull/563)
+- Improved repo indexing job stability and robustness. [#563](https://github.com/sourcebot-dev/sourcebot/pull/563)
+- Improved repositories table. [#572](https://github.com/sourcebot-dev/sourcebot/pull/572)
+- Improved connections table. [#579](https://github.com/sourcebot-dev/sourcebot/pull/579)
+
+### Removed
+- Removed spam "login page loaded" log. [#552](https://github.com/sourcebot-dev/sourcebot/pull/552)
+- Removed connections management page. [#563](https://github.com/sourcebot-dev/sourcebot/pull/563)
+
+## [4.7.3] - 2025-09-29
+
+### Fixed
+- Manually pass auth token for ado server deployments. [#543](https://github.com/sourcebot-dev/sourcebot/pull/543)
+
+## [4.7.2] - 2025-09-22
+
+### Fixed
+- Fix support email. [#529](https://github.com/sourcebot-dev/sourcebot/pull/529)
+
+### Added
+- [Experimental][Sourcebot EE] Added permission syncing repository Access Control Lists (ACLs) between Sourcebot and GitHub. [#508](https://github.com/sourcebot-dev/sourcebot/pull/508)
+
+### Changed
+- Improved repository query performance by adding db indices. [#526](https://github.com/sourcebot-dev/sourcebot/pull/526)
+- Improved repository query performance by removing JOIN on `Connection` table. [#527](https://github.com/sourcebot-dev/sourcebot/pull/527)
+- Changed repo carousel and repo list links to redirect to the file browser. [#528](https://github.com/sourcebot-dev/sourcebot/pull/528)
+- Changed file headers, files/directories in file tree, and reference list buttons into links. [#532](https://github.com/sourcebot-dev/sourcebot/pull/532)
+
+## [4.7.1] - 2025-09-19
+
+### Fixed
+- Fixed sourcebot not pulling github forked repos [#499](https://github.com/sourcebot-dev/sourcebot/pull/499)
+- Fixed azure devop cloud pat issue [#524](https://github.com/sourcebot-dev/sourcebot/pull/524)
+
+## [4.7.0] - 2025-09-17
+
+### Added
+- Added fallback to default the Node.JS AWS SDK's `fromNodeProviderChain` when no credentials are provided for a bedrock config. [#513](https://github.com/sourcebot-dev/sourcebot/pull/513)
+- Added support for Azure Devops support. [#514](https://github.com/sourcebot-dev/sourcebot/pull/514)
+
+### Fixed
+- Fixed "At least one project, user, or group must be specified" for GitLab configs with `all` in web configurator. [#512](https://github.com/sourcebot-dev/sourcebot/pull/512)
+- Fixed zoekt indexing failing with pipe in branch/tag names [#506](https://github.com/sourcebot-dev/sourcebot/pull/506)
+- Removed deprecated connection creation/edit UI [#515](https://github.com/sourcebot-dev/sourcebot/pull/515)
+
+## [4.6.8] - 2025-09-15
+
+### Fixed
+- Fixed Bitbucket Cloud pagination not working beyond first page. [#295](https://github.com/sourcebot-dev/sourcebot/issues/295)
+- Fixed search bar line wrapping. [#501](https://github.com/sourcebot-dev/sourcebot/pull/501)
+- Fixed carousel perf issues. [#507](https://github.com/sourcebot-dev/sourcebot/pull/507)
+
+## [4.6.7] - 2025-09-08
+
+### Added
+- Added `exclude.userOwnedProjects` setting to GitLab configs. [#498](https://github.com/sourcebot-dev/sourcebot/pull/498)
+
+### Fixed
+- Fixed "couldn't find remote ref HEAD" errors when re-indexing certain repositories. [#497](https://github.com/sourcebot-dev/sourcebot/pull/497)
+
+### Changed
+- Disable page scroll when using arrow keys on search suggestions box. [#493](https://github.com/sourcebot-dev/sourcebot/pull/493)
+
+## [4.6.6] - 2025-09-04
+
+### Added
+- Added support for specifying query params for openai compatible language models. [#490](https://github.com/sourcebot-dev/sourcebot/pull/490)
+
+### Fixed
+- Fix issue where zoekt was failing to index repositories due to `HEAD` pointing to a branch that does not exist. [#488](https://github.com/sourcebot-dev/sourcebot/pull/488)
+
+## [4.6.5] - 2025-09-02
+
+### Fixed
+- Remove setting `remote.origin.url` for remote git repositories. [#483](https://github.com/sourcebot-dev/sourcebot/pull/483)
+- Fix error when navigating to paths with percentage symbols. [#485](https://github.com/sourcebot-dev/sourcebot/pull/485)
+
+### Changed
+- Updated NextJS to version 15. [#477](https://github.com/sourcebot-dev/sourcebot/pull/477)
+- Add `sessionToken` as optional Bedrock configuration parameter. [#478](https://github.com/sourcebot-dev/sourcebot/pull/478)
+
+## [4.6.4] - 2025-08-11
+
+### Added
+- Added multi-branch indexing support for Gerrit. [#433](https://github.com/sourcebot-dev/sourcebot/pull/433)
+- [ask sb] Added `reasoningEffort` option to OpenAI provider. [#446](https://github.com/sourcebot-dev/sourcebot/pull/446)
+- [ask db] Added `headers` option to all providers. [#449](https://github.com/sourcebot-dev/sourcebot/pull/449)
+
+### Fixed
+- Removed prefix from structured log output. [#443](https://github.com/sourcebot-dev/sourcebot/pull/443)
+- [ask sb] Fixed long generation times for first message in a chat thread. [#447](https://github.com/sourcebot-dev/sourcebot/pull/447)
+
+### Changed
+- Bumped AI SDK and associated packages version. [#444](https://github.com/sourcebot-dev/sourcebot/pull/444)
+
+## [4.6.3] - 2025-08-04
+
+### Fixed
+- Fixed issue where `users` specified in a GitHub config were not getting picked up when a `token` is also specified. [#428](https://github.com/sourcebot-dev/sourcebot/pull/428)
+
+### Added
+- [ask sb] Added OpenAI Compatible Language Provider. [#424](https://github.com/sourcebot-dev/sourcebot/pull/424)
+
+## [4.6.2] - 2025-07-31
+
+### Changed
+- Bumped AI SDK and associated packages version. [#417](https://github.com/sourcebot-dev/sourcebot/pull/417)
+
+### Fixed
+- [ask sb] Fixed "413 content too large" error when starting a new chat with many repos selected. [#416](https://github.com/sourcebot-dev/sourcebot/pull/416)
+
+### Added
+- [ask sb] PostHog telemetry for chat thread creation. [#418](https://github.com/sourcebot-dev/sourcebot/pull/418)
+
+## [4.6.1] - 2025-07-29
+
+### Added
+- Add search context to ask sourcebot context selector. [#397](https://github.com/sourcebot-dev/sourcebot/pull/397)
+- Add ability to include/exclude connection in search context. [#399](https://github.com/sourcebot-dev/sourcebot/pull/399)
+- Search context refactor to search scope and demo card UI changes. [#405](https://github.com/sourcebot-dev/sourcebot/pull/405)
+- Add GitHub star toast. [#409](https://github.com/sourcebot-dev/sourcebot/pull/409)
+- Added a onboarding modal when first visiting the homepage when `ask` mode is selected. [#408](https://github.com/sourcebot-dev/sourcebot/pull/408)
+- [ask sb] Added `searchReposTool` and `listAllReposTool`. [#400](https://github.com/sourcebot-dev/sourcebot/pull/400)
+
+### Fixed
+- Fixed multiple writes race condition on config file watcher. [#398](https://github.com/sourcebot-dev/sourcebot/pull/398)
+
+### Changed
+- Bumped AI SDK and associated packages version. [#404](https://github.com/sourcebot-dev/sourcebot/pull/404)
+- Bumped form-data package version. [#407](https://github.com/sourcebot-dev/sourcebot/pull/407)
+- Bumped next version. [#406](https://github.com/sourcebot-dev/sourcebot/pull/406)
+- [ask sb] Improved search code tool with filter options. [#400](https://github.com/sourcebot-dev/sourcebot/pull/400)
+- [ask sb] Removed search scope constraint. [#400](https://github.com/sourcebot-dev/sourcebot/pull/400)
+- Update README with new features and videos. [#410](https://github.com/sourcebot-dev/sourcebot/pull/410)
+- [ask sb] Add back search scope requirement and other UI changes. [#411](https://github.com/sourcebot-dev/sourcebot/pull/411)
+
+## [4.6.0] - 2025-07-25
+
+### Added
+- Introducing Ask Sourcebot - ask natural langauge about your codebase. Get back comprehensive Markdown responses with inline citations back to the code. Bring your own LLM api key. [#392](https://github.com/sourcebot-dev/sourcebot/pull/392) 
+
+### Fixed 
+- Fixed onboarding infinite loop when GCP IAP Auth is enabled. [#381](https://github.com/sourcebot-dev/sourcebot/pull/381)
+
+## [4.5.3] - 2025-07-20
+
+### Changed
+- Relicense core to FSL-1.1-ALv2. [#388](https://github.com/sourcebot-dev/sourcebot/pull/388)
+
+### Added
+- Added `GITLAB_CLIENT_QUERY_TIMEOUT_SECONDS` env var to configure the GitLab client's query timeout. [#390](https://github.com/sourcebot-dev/sourcebot/pull/390)
+
+## [4.5.2] - 2025-07-19
+
+### Changed
+- Fixed typos in UI, docs, code [#369](https://github.com/sourcebot-dev/sourcebot/pull/369)
+- Add anonymous access option to core and deprecate the `enablePublicAccess` config setting. [#385](https://github.com/sourcebot-dev/sourcebot/pull/385)
+
+## [4.5.1] - 2025-07-14
+
+### Changed
+- Revamped onboarding experience. [#376](https://github.com/sourcebot-dev/sourcebot/pull/376)
+
+### Fixed
+- Fixed issue with external source code links being broken for paths with spaces. [#364](https://github.com/sourcebot-dev/sourcebot/pull/364)
+- Makes base retry indexing configuration configurable and move from a default of `5s` to `60s`. [#377](https://github.com/sourcebot-dev/sourcebot/pull/377)
+- Fixed issue where files would sometimes never load in the code browser. [#365](https://github.com/sourcebot-dev/sourcebot/pull/365)
+
+## [4.5.0] - 2025-06-21
+
+### Added
+- Added code nav and syntax highlighting for TCL. [#362](https://github.com/sourcebot-dev/sourcebot/pull/362)
+- Added analytics dashboard. [#358](https://github.com/sourcebot-dev/sourcebot/pull/358)
+
+### Fixed
+- Fixed issue where invites appeared to be created successfully, but were not actually being created in the database. [#359](https://github.com/sourcebot-dev/sourcebot/pull/359)
+
+### Changed
+- Audit logging is now enabled by default. [#358](https://github.com/sourcebot-dev/sourcebot/pull/358)
+
+## [4.4.0] - 2025-06-18
+
+### Added
+- Added audit logging. [#355](https://github.com/sourcebot-dev/sourcebot/pull/355)
+<!-- @NOTE: this release includes a API change that affects the MCP package (@sourcebot/mcp). On release, bump the MCP package's version and delete this message. -->
+
+### Fixed
+- Delete account join request when redeeming an invite. [#352](https://github.com/sourcebot-dev/sourcebot/pull/352)
+- Fix issue where a repository would not be included in a search context if the context was created before the repository. [#354](https://github.com/sourcebot-dev/sourcebot/pull/354)
+
+### Changed
+- Changed search api (and all apis that depend on it) to return raw source code instead of base64 encoded string. ([356](https://github.com/sourcebot-dev/sourcebot/pull/356)).
+
+
+## [4.3.0] - 2025-06-11
+
+### Added
+- Changed repository link in search to file tree + move external link to code host logo. [#340](https://github.com/sourcebot-dev/sourcebot/pull/340)
+- Added a basic file search dialog when browsing a repository. [#341](https://github.com/sourcebot-dev/sourcebot/pull/341)
+
+### Fixed
+- Text highlighting clarity. [#342](https://github.com/sourcebot-dev/sourcebot/pull/342)
+- Fixed repo list column header styling. [#344](https://github.com/sourcebot-dev/sourcebot/pull/344)
+- Clean up successful and failed jobs in Redis queues. [#343](https://github.com/sourcebot-dev/sourcebot/pull/343)
+- Fixed issue with files occasionally not loading after moving the cursor rapidly over the file browser. [#346](https://github.com/sourcebot-dev/sourcebot/pull/346)
+
+## [4.2.0] - 2025-06-09
+
+### Added
+- Added seperate page for signup. [#311](https://github.com/sourcebot-dev/sourcebot/pull/331)
+- Fix repo images in authed instance case and add manifest json. [#332](https://github.com/sourcebot-dev/sourcebot/pull/332)
+- Added encryption logic for license keys. [#335](https://github.com/sourcebot-dev/sourcebot/pull/335)
+- Added hover tooltip for long repo names in filter panel. [#338](https://github.com/sourcebot-dev/sourcebot/pull/338)
+- Added repo shard validation on startup. [#339](https://github.com/sourcebot-dev/sourcebot/pull/339)
+- Added support for a file explorer when browsing files. [#336](https://github.com/sourcebot-dev/sourcebot/pull/336)
+
+## [4.1.1] - 2025-06-03
+
+### Added
+- Added copy button for filenames. [#328](https://github.com/sourcebot-dev/sourcebot/pull/328)
+- Added development docker compose file. [#328](https://github.com/sourcebot-dev/sourcebot/pull/328)
+- Added keyboard shortcuts for find all refs / go to def. [#329](https://github.com/sourcebot-dev/sourcebot/pull/329)
+- Added GCP IAP JIT provisioning. [#330](https://github.com/sourcebot-dev/sourcebot/pull/330)
+
+### Fixed
+- Fixed issue with the symbol hover popover clipping at the top of the page. [#326](https://github.com/sourcebot-dev/sourcebot/pull/326)
+- Fixed slow rendering issue with large reference/definition lists. [#327](https://github.com/sourcebot-dev/sourcebot/pull/327)
+
+## [4.1.0] - 2025-06-02
+
+### Added
+- Added structured logging support. [#323](https://github.com/sourcebot-dev/sourcebot/pull/323)
+
+### Fixed
+- Fixed issue where new oauth providers weren't being display in the login page. [commit](https://github.com/sourcebot-dev/sourcebot/commit/a2e06266dbe5e5ad4c2c3f730c73d64edecedcf7)
+- Fixed client side "mark decorations may not be empty" error when viewing certain files. [#325](https://github.com/sourcebot-dev/sourcebot/pull/325)
+- Fixed issue where the symbol hover popover would not appear for large source files. [#325](https://github.com/sourcebot-dev/sourcebot/pull/325)
+
+
+## [4.0.1] - 2025-05-28
+
+### Fixed
+- Fixed issue with how entitlements are resolved for cloud. [#319](https://github.com/sourcebot-dev/sourcebot/pull/319)
+
+## [4.0.0] - 2025-05-28
+
+Sourcebot V4 introduces authentication, performance improvements and code navigation. Checkout the [migration guide](https://docs.sourcebot.dev/docs/upgrade/v3-to-v4-guide) for information on upgrading your instance to v4.
+
+### Changed
+- [**Breaking Change**] Authentication is now required by default. Notes:
+  - When setting up your instance, email / password login will be the default authentication provider.
+  - The first user that logs into the instance is given the `owner` role. ([docs](https://docs.sourcebot.dev/docs/configuration/auth/roles-and-permissions)).
+  - Subsequent users can request to join the instance. The `owner` can approve / deny requests to join the instance via `Settings` > `Members` > `Pending Requests`.
+  - If a user is approved to join the instance, they are given the `member` role.
+  - Additional login providers, including email links and SSO, can be configured with additional environment variables. ([docs](https://docs.sourcebot.dev/docs/configuration/auth/overview)).
+- Clicking on a search result now takes you to the `/browse` view. Files can still be previewed by clicking the "Preview" button or holding `Cmd` / `Ctrl` when clicking on a search result. [#315](https://github.com/sourcebot-dev/sourcebot/pull/315)
+
+### Added
+- [Sourcebot EE] Added search-based code navigation, allowing you to jump between symbol definition and references when viewing source files. [Read the documentation](https://docs.sourcebot.dev/docs/features/code-navigation). [#315](https://github.com/sourcebot-dev/sourcebot/pull/315)
+- Added collapsible filter panel. [#315](https://github.com/sourcebot-dev/sourcebot/pull/315)
+- Added Sourcebot API key management for external clients. [#311](https://github.com/sourcebot-dev/sourcebot/pull/311)
+
+### Fixed
+- Improved scroll performance for large numbers of search results. [#315](https://github.com/sourcebot-dev/sourcebot/pull/315)
+
+## [3.2.1] - 2025-05-15
+
+### Added
+- Added support for indexing generic git hosts given a remote clone url or local path. [#307](https://github.com/sourcebot-dev/sourcebot/pull/307)
+
+## [3.2.0] - 2025-05-12
+
+### Added
+- Added AI code review agent [#298](https://github.com/sourcebot-dev/sourcebot/pull/298). Checkout the [docs](https://docs.sourcebot.dev/docs/features/agents/review-agent) for more information.
+
+### Fixed
+- Fixed issue with repos appearing in the carousel when they fail indexing for the first time. [#305](https://github.com/sourcebot-dev/sourcebot/pull/305)
+- Align gitea clone_url with gitea host url [#303](https://github.com/sourcebot-dev/sourcebot/pull/303)
+
+## [3.1.4] - 2025-05-10
+
+### Fixed
+- Added better error handling to git operations
+
+## [3.1.3] - 2025-05-07
+
+### Fixed
+- Fixes bug with repos not being visible in the homepage carousel when re-indexing. [#294](https://github.com/sourcebot-dev/sourcebot/pull/294)
+
+### Added
+- Added special `*` value for `rev:` to allow searching across all branches. [#281](https://github.com/sourcebot-dev/sourcebot/pull/281)
+- Added the Sourcebot Model Context Protocol (MCP) server in [packages/mcp](./packages/mcp/README.md) to allow LLMs to interface with Sourcebot. Checkout the npm package [here](https://www.npmjs.com/package/@sourcebot/mcp). [#292](https://github.com/sourcebot-dev/sourcebot/pull/292)
+
+## [3.1.2] - 2025-04-30
+
+### Added
+- Added `exclude.readOnly` and `exclude.hidden` options to Gerrit connection config. [#280](https://github.com/sourcebot-dev/sourcebot/pull/280)
+
+### Fixes
+- Fixes regression introduced in v3.1.0 that causes auth errors with GitHub. [#288](https://github.com/sourcebot-dev/sourcebot/pull/288)
+
+## [3.1.1] - 2025-04-28
+
+### Changed
+- Changed the filter panel to embed the filter selection state in the query params. [#276](https://github.com/sourcebot-dev/sourcebot/pull/276)
+
+## [3.1.0] - 2025-04-25
+
+### Added
+- [Sourcebot EE] Added search contexts, user-defined groupings of repositories that help focus searches on specific areas of a codebase. [#273](https://github.com/sourcebot-dev/sourcebot/pull/273)
+- Added support for Bitbucket Cloud and Bitbucket Data Center connections. [#275](https://github.com/sourcebot-dev/sourcebot/pull/275)
+
+
+## [3.0.4] - 2025-04-12
+
+### Fixes
+- Fix issue with gerrit gitiles web urls not being correctly formatted
+
+## [3.0.3] - 2025-04-10
+
+### Fixes
+- Prevent database in container from being initialized and started if we're using an external database [#267](https://github.com/sourcebot-dev/sourcebot/pull/267)
+
+### Added
+- Add additional logging for repo and connection syncing, and display proper names instead of ids
+
+## [3.0.2] - 2025-04-04
+
+### Fixes
+- Change connection manager upsert timeout to 5 minutes
+- Fix issue with repo display names being poorly formatted, especially for gerrit. ([#259](https://github.com/sourcebot-dev/sourcebot/pull/259))
+
+### Added
+- Added config setting `resyncConnectionIntervalMs` to control how often a connection should be re-synced. ([#260](https://github.com/sourcebot-dev/sourcebot/pull/260))
+
+## [3.0.1] - 2025-04-01
+
+### Fixes
+- Fix issue with match highlighting not appearing when first clicking on a search result. ([#255](https://github.com/sourcebot-dev/sourcebot/issues/255))
+
+## [3.0.0] - 2025-04-01
+
+Sourcebot v3 is here and brings a number of structural changes to the tool's foundation, including a SQL database, parallelized indexing, authentication support, multitenancy, and more. Checkout the [migration guide](https://docs.sourcebot.dev/docs/upgrade/v2-to-v3-guide) for information on upgrading your instance to v3.
+
+### Changed
+- [**Breaking Change**] Changed the config schema such that connection objects are specified in the `connection` map, instead of the `repos` array. [See migration guide](https://docs.sourcebot.dev/docs/upgrade/v2-to-v3-guide).
+- Updated the tool's color-palette in dark mode.
+
+### Added
+- Added parallelized repo indexing and connection syncing via Redis & BullMQ. See the [architecture overview](https://docs.sourcebot.dev/docs/overview#architecture).
+- Added repo indexing progress indicators in the navbar.
+- Added authentication support via OAuth or email/password. For instructions on enabling, see [this doc](https://docs.sourcebot.dev/docs/configuration/auth/overview).
+- Added the following UI for managing your deployment when **[auth is enabled](https://docs.sourcebot.dev/docs/configuration/auth/overview)**:
+  - connection management: create and manage your JSON configs via a integrated web-editor.
+  - secrets: import personal access tokens (PAT) into Sourcebot (AES-256 encrypted). Reference secrets in your connection config by name.
+  - team & invite management: invite users to your instance to give them access. Configure team [roles & permissions](https://docs.sourcebot.dev/docs/configuration/auth/roles-and-permissions).
+- Added multi-tenancy support. See [this doc](https://docs.sourcebot.dev/self-hosting/more/tenancy).
+
+### Removed
+- [**Breaking Change**] Removed `db.json` in favour of a Postgres database for transactional workloads. See the [architecture overview](https://docs.sourcebot.dev/self-hosting/overview#architecture).
+- [**Breaking Change**] Removed local folder & arbitrary .git repo support. If your deployment depended on these features, please [open a issue](https://github.com/sourcebot-dev/sourcebot/issues/new?template=get_help.md) and let us know.
+- [**Breaking Chnage**] Removed ability to specify a `token` as a string literal from the schema.
+- [**Breaking Change**] Removed support for `DOMAIN_SUB_PATH` configuration.
+
+
+## [2.8.4] - 2025-03-14
+
+### Fixed
+
+- Fixed bug where Sourcebot Cloud card was shown to self-hosted users
+
+## [2.8.3] - 2025-03-13
+
+### Fixed
+
+- Made syntax reference guide keyboard shortcut hints clickable. ([#229](https://github.com/sourcebot-dev/sourcebot/pull/229))
+
+## [2.8.2] - 2025-02-20
+
+### Fixed
+
+- Remove `repo_synced` telemetry event.
+
+## [2.8.1] - 2025-01-28
+
+### Added
+
+- Added `maxTrigramCount` to the config to control the maximum allowable of trigrams per document.
+
+### Fixed
+
+- Fixed issue with version upgrade toast not appearing without a hard refresh. ([#179](https://github.com/sourcebot-dev/sourcebot/pull/179))
+
+## [2.8.0] - 2025-01-17
+
+### Added
+
+- Added a syntax reference guide. The guide can be opened using the hotkey "Cmd + /" ("Ctrl + /" on Windows). ([#169](https://github.com/sourcebot-dev/sourcebot/pull/169))
+
+## [2.7.1] - 2025-01-15
+
+### Fixed
+
+- Fixed issue where we crash on startup if the install / upgrade PostHog event fails to send. ([#159](https://github.com/sourcebot-dev/sourcebot/pull/159))
+- Fixed issue with broken file links. ([#161](https://github.com/sourcebot-dev/sourcebot/pull/161))
+
+## [2.7.0] - 2025-01-10
+
+### Added
+
+- Added support for creating share links to snippets of code. ([#149](https://github.com/sourcebot-dev/sourcebot/pull/149))
+- Added support for indexing raw remote git repository. ([#152](https://github.com/sourcebot-dev/sourcebot/pull/152))
+
+## [2.6.3] - 2024-12-18
+
+### Added
+
+- Added config option `settings.reindexInterval` and `settings.resyncInterval` to control how often the index should be re-indexed and re-synced. ([#134](https://github.com/sourcebot-dev/sourcebot/pull/134))
+- Added `exclude.size` to the GitHub config to allow excluding repositories by size. ([#137](https://github.com/sourcebot-dev/sourcebot/pull/137))
+
+### Fixed
+
+- Fixed issue where config synchronization was failing entirely when a single api call fails. ([#142](https://github.com/sourcebot-dev/sourcebot/pull/142))
+- Fixed 'directory not found' error in certain scenarios when deleting a repository. ([#136](https://github.com/sourcebot-dev/sourcebot/pull/136))
+
+## [2.6.2] - 2024-12-13
+
+### Added
+
+- Added config support for filtering GitLab & GitHub repositories by topic. ([#121](https://github.com/sourcebot-dev/sourcebot/pull/121))
+- Added additional language syntax support. ([#125](https://github.com/sourcebot-dev/sourcebot/pull/125))
+- Added additional language icon support. ([#129](https://github.com/sourcebot-dev/sourcebot/pull/129))
+
+### Changed
+
+- Made language suggestions case insensitive. ([#124](https://github.com/sourcebot-dev/sourcebot/pull/124))
+- Stale repositories are now automatically deleted from the index. This can be configured via `settings.autoDeleteStaleRepos` in the config. ([#128](https://github.com/sourcebot-dev/sourcebot/pull/128))
+
+## [2.6.1] - 2024-12-09
+
+### Added
+
+- Added config option `settings.maxFileSize` to control the maximum file size zoekt will index. ([#118](https://github.com/sourcebot-dev/sourcebot/pull/118))
+
+### Fixed
+
+- Fixed syntax highlighting for zoekt query language. ([#115](https://github.com/sourcebot-dev/sourcebot/pull/115))
+- Fixed issue with Gerrit repo fetching not paginating. ([#114](https://github.com/sourcebot-dev/sourcebot/pull/114))
+- Fixed visual issues with filter panel. ([#105](https://github.com/sourcebot-dev/sourcebot/pull/105))
+
+## [2.6.0] - 2024-12-02
+
+### Added
+
+- Gerrit support. ([#104](https://github.com/sourcebot-dev/sourcebot/pull/104))
+
+## [2.5.4] - 2024-11-29
+
+### Added
+
+- Added search history to the search bar. ([#99](https://github.com/sourcebot-dev/sourcebot/pull/99))
+
+## [2.5.3] - 2024-11-28
+
+### Added
+
+- Added symbol suggestions as suggestion type. ([#98](https://github.com/sourcebot-dev/sourcebot/pull/98))
+
+## [2.5.2] - 2024-11-27
+
+### Fixed
+
+- Fixed issue where incorrect repository icons were shown occasionally in the filter panel. ([#95](https://github.com/sourcebot-dev/sourcebot/issues/95))
+- Fixed homepage links not resolving correctly when DOMAIN_SUB_PATH is set. ([#96](https://github.com/sourcebot-dev/sourcebot/issues/96))
+
+## [2.5.1] - 2024-11-26
+
+### Added
+
+- Added file suggestions as a suggestion type. ([#88](https://github.com/sourcebot-dev/sourcebot/pull/88))
+- Added icon and link support for self-hosted repositories. ([#93](https://github.com/sourcebot-dev/sourcebot/pull/93))
+
+### Changed
+
+- Changed how PostHog telemetry key is passed into the docker image. ([#92](https://github.com/sourcebot-dev/sourcebot/pull/92))
+
+## [2.5.0] - 2024-11-22
+
+### Added
+
+- Added search suggestions to the search bar. ([#85](https://github.com/sourcebot-dev/sourcebot/pull/85))
+
+## [2.4.4] - 2024-11-20
+
+### Added
+
+- Added `DOMAIN_SUB_PATH` environment variable to allow overriding the default domain subpath. ([#74](https://github.com/sourcebot-dev/sourcebot/pull/74))
+- Added option `all` to the GitLab index schema, allowing for indexing all projects in a self-hosted GitLab instance. ([#84](https://github.com/sourcebot-dev/sourcebot/pull/84))
+
+## [2.4.3] - 2024-11-18
+
+### Changed
+
+- Bumped NodeJS version to v20. ([#78](https://github.com/sourcebot-dev/sourcebot/pull/78))
+
+## [2.4.2] - 2024-11-14
+
+### Added
+
+- Added support for syntax highlighting in the search bar. ([#66](https://github.com/sourcebot-dev/sourcebot/pull/66))
+
+### Changed
+
+- Changed the `exclude.repo` property to support glob patterns. ([#70](https://github.com/sourcebot-dev/sourcebot/pull/70))
+
+### Fixed
+
+- Fixed issue with indexing failing for empty repositories. ([#73](https://github.com/sourcebot-dev/sourcebot/pull/73))
+- Fixed typos in schema. ([#71](https://github.com/sourcebot-dev/sourcebot/pull/71))
+
+## [2.4.1] - 2024-11-11
+
+### Added
+
+- Added additional telemetry events. ([#63](https://github.com/sourcebot-dev/sourcebot/pull/63))
+
+## [2.4.0] - 2024-11-06
+
+### Added
+
+- Added support for indexing and searching repositories across multiple revisions (tag or branch). ([#58](https://github.com/sourcebot-dev/sourcebot/pull/58))
+
+## [2.3.0] - 2024-11-01
+
+### Added
+
+- Local directory indexing support. ([#56](https://github.com/sourcebot-dev/sourcebot/pull/56))
+
+## [2.2.0] - 2024-10-30
+
+### Added
+
+- Added filtering panel for filtering results by repository and by language. ([#48](https://github.com/sourcebot-dev/sourcebot/pull/48))
+
+### Fixed
+
+- Fixed issue with GitLab sub-projects not being included recursively. ([#54](https://github.com/sourcebot-dev/sourcebot/pull/54))
+- Fixed slow rendering performance when rendering a large number of results. ([#52](https://github.com/sourcebot-dev/sourcebot/pull/52))
+- Fixed issue with either `star_count` or `fork_count` not being included in the GitLab api response. ([#55](https://github.com/sourcebot-dev/sourcebot/issues/55))
+
+## [2.1.1] - 2024-10-25
+
+### Fixed
+
+- Fixed issue with GitLab projects that are not owned but still visible by the provided `token` _not_ being synchronized. ([#51](https://github.com/sourcebot-dev/sourcebot/pull/51))
+
+## [2.1.0] - 2024-10-22
+
+### Added
+
+- Gitea support ([#45](https://github.com/sourcebot-dev/sourcebot/pull/45))
+
+## [2.0.2] - 2024-10-18
+
+### Added
+
+- Added a toast notification when a new Sourcebot version is available ([#44](https://github.com/sourcebot-dev/sourcebot/pull/44))
+
+## [2.0.1] - 2024-10-17
+
+### Added
+
+- Added support for specifying urls for the `--configPath` option in the backend.
+
+## [2.0.0] - 2024-10-17
+
+### Added
+
+- [**Breaking Change**] Added index schema v2. This new schema brings many quality of life features like clearer syntax, ability to specify individual `repos`, `projects`, `groups`, and `orgs`, and the ability to easily `exclude` repositories.
+- Added a `SOURCEBOT_VERSION` build argument to the Docker image. ([#41](https://github.com/sourcebot-dev/sourcebot/pull/41))
+- Added the `sourcebot_version` property to all PostHog events for versioned telemetry. ([#41](https://github.com/sourcebot-dev/sourcebot/pull/41)
+
+## [1.0.3] - 2024-10-15
+
+### Fixed
+
+- Fixed issue with unicode characters not being displayed correctly ([#38](https://github.com/sourcebot-dev/sourcebot/pull/38))
+
+## [1.0.2] - 2024-10-09
+
+### Fixed
+
+- Fixed issue with filtering by gitlab groups ([#36](https://github.com/sourcebot-dev/sourcebot/issues/36))
+
+
+## [1.0.1] - 2024-10-03
+
+### Added
+
+- Added `GITLAB_HOSTNAME` and `GITHUB_HOSTNAME` environment variables to allow overriding the default hostnames for GitLab and GitHub.
+
 ## [1.0.0] - 2024-10-01
 
 ### Added

CONTRIBUTING.md

@@ -0,0 +1,55 @@
+## Build from source
+>[!NOTE]
+> Building from source is only required if you'd like to contribute. The recommended way to use Sourcebot is to use the [pre-built docker image](https://github.com/sourcebot-dev/sourcebot/pkgs/container/sourcebot).
+
+1. Install <a href="https://go.dev/doc/install"><img src="https://go.dev/favicon.ico" width="16" height="16"> go</a>, <a href="https://docs.docker.com/get-started/get-docker/"><img src="https://www.docker.com/favicon.ico" width="16" height="16"> docker</a>, and <a href="https://nodejs.org/"><img src="https://nodejs.org/favicon.ico" width="16" height="16"> NodeJS</a>. Note that a NodeJS version of at least `21.1.0` is required.
+
+2. Install [ctags](https://github.com/universal-ctags/ctags) (required by zoekt)
+    ```sh
+    // macOS:
+    brew install universal-ctags
+
+    // Linux:
+    snap install universal-ctags
+    ```
+
+3. Install `yarn`:
+    ```sh
+    npm install --global yarn
+    ```
+
+3. Clone the repository with submodules:
+    ```sh
+    git clone --recurse-submodules https://github.com/sourcebot-dev/sourcebot.git
+    ```
+4. Run `make` to build zoekt and install dependencies:
+    ```sh
+    cd sourcebot
+    make
+    ```
+
+    The zoekt binaries and web dependencies are placed into `bin` and `node_modules` respectively.
+
+5. Start the development Docker containers for PostgreSQL and Redis.
+
+    ```sh
+    docker compose -f docker-compose-dev.yml up -d
+    ```
+
+6. Generate the database schema.
+    ```sh
+    yarn dev:prisma:migrate:dev
+    ```
+
+7. Create a copy of `.env.development` and name it `.env.development.local`. Update the required environment variables.
+
+8. If you're using a declarative configuration file, create a configuration file and update the `CONFIG_PATH` environment variable in your `.env.development.local` file.
+
+9. Start Sourcebot with the command:
+    ```sh
+    yarn dev
+    ```
+
+    A `.sourcebot` directory will be created and zoekt will begin to index the repositories found in the `config.json` file.
+
+10. Start searching at `http://localhost:3000`.

Dockerfile

@@ -1,5 +1,24 @@
-FROM node:18-alpine3.19 AS node-alpine
-FROM golang:1.22.2-alpine3.19 AS go-alpine
+# syntax=docker/dockerfile:1
+# ------ Global scope variables ------
+
+# Set of global build arguments.
+# These are considered "public" and will be baked into the image.
+# The convention is to prefix these with `NEXT_PUBLIC_` so that
+# they can be optionally be passed as client-side environment variables
+# in the webapp.
+# @see: https://docs.docker.com/build/building/variables/#scoping
+
+ARG NEXT_PUBLIC_SOURCEBOT_VERSION
+ARG NEXT_PUBLIC_SENTRY_ENVIRONMENT
+ARG NEXT_PUBLIC_SOURCEBOT_CLOUD_ENVIRONMENT
+ARG NEXT_PUBLIC_SENTRY_WEBAPP_DSN
+ARG NEXT_PUBLIC_SENTRY_BACKEND_DSN
+ARG NEXT_PUBLIC_LANGFUSE_PUBLIC_KEY
+ARG NEXT_PUBLIC_LANGFUSE_BASE_URL
+
+FROM node:20-alpine3.19 AS node-alpine
+FROM golang:1.23.4-alpine3.19 AS go-alpine
+# ----------------------------------
 
 # ------ Build Zoekt ------
 FROM go-alpine AS zoekt-builder
@@ -9,69 +28,242 @@ COPY vendor/zoekt/go.mod vendor/zoekt/go.sum ./
 RUN go mod download
 COPY vendor/zoekt ./
 RUN CGO_ENABLED=0 GOOS=linux go build -o /cmd/ ./cmd/...
+# -------------------------
+
+# ------ Build shared libraries ------
+FROM node-alpine AS shared-libs-builder
+WORKDIR /app
+
+COPY package.json yarn.lock* .yarnrc.yml ./
+COPY .yarn ./.yarn
+COPY ./packages/db ./packages/db
+COPY ./packages/schemas ./packages/schemas
+COPY ./packages/shared ./packages/shared
+COPY ./packages/queryLanguage ./packages/queryLanguage
+
+RUN yarn workspace @sourcebot/db install
+RUN yarn workspace @sourcebot/schemas install
+RUN yarn workspace @sourcebot/shared install
+RUN yarn workspace @sourcebot/query-language install
+# ------------------------------------
 
 # ------ Build Web ------
 FROM node-alpine AS web-builder
+ENV SKIP_ENV_VALIDATION=1
+# -----------
+ARG NEXT_PUBLIC_SOURCEBOT_VERSION
+ENV NEXT_PUBLIC_SOURCEBOT_VERSION=$NEXT_PUBLIC_SOURCEBOT_VERSION
+ARG NEXT_PUBLIC_SENTRY_ENVIRONMENT
+ENV NEXT_PUBLIC_SENTRY_ENVIRONMENT=$NEXT_PUBLIC_SENTRY_ENVIRONMENT
+ARG NEXT_PUBLIC_SOURCEBOT_CLOUD_ENVIRONMENT
+ENV NEXT_PUBLIC_SOURCEBOT_CLOUD_ENVIRONMENT=$NEXT_PUBLIC_SOURCEBOT_CLOUD_ENVIRONMENT
+ARG NEXT_PUBLIC_SENTRY_WEBAPP_DSN
+ENV NEXT_PUBLIC_SENTRY_WEBAPP_DSN=$NEXT_PUBLIC_SENTRY_WEBAPP_DSN
+ARG NEXT_PUBLIC_LANGFUSE_PUBLIC_KEY
+ENV NEXT_PUBLIC_LANGFUSE_PUBLIC_KEY=$NEXT_PUBLIC_LANGFUSE_PUBLIC_KEY
+ARG NEXT_PUBLIC_LANGFUSE_BASE_URL
+ENV NEXT_PUBLIC_LANGFUSE_BASE_URL=$NEXT_PUBLIC_LANGFUSE_BASE_URL
+
+# To upload source maps to Sentry, we need to set the following build-time args.
+# It's important that we don't set these for oss builds, otherwise the Sentry
+# auth token will be exposed.
+# @see : next.config.mjs
+ARG SENTRY_ORG
+ENV SENTRY_ORG=$SENTRY_ORG
+ARG SENTRY_WEBAPP_PROJECT
+ENV SENTRY_WEBAPP_PROJECT=$SENTRY_WEBAPP_PROJECT
+ENV SENTRY_RELEASE=$NEXT_PUBLIC_SOURCEBOT_VERSION
+# SMUAT = Source Map Upload Auth Token
+ARG SENTRY_SMUAT
+ENV SENTRY_SMUAT=$SENTRY_SMUAT
+# -----------
+
 RUN apk add --no-cache libc6-compat
 WORKDIR /app
-COPY package.json yarn.lock* ./
+
+COPY package.json yarn.lock* .yarnrc.yml ./
+COPY .yarn ./.yarn
+COPY ./packages/web ./packages/web
+COPY --from=shared-libs-builder /app/node_modules ./node_modules
+COPY --from=shared-libs-builder /app/packages/db ./packages/db
+COPY --from=shared-libs-builder /app/packages/schemas ./packages/schemas
+COPY --from=shared-libs-builder /app/packages/shared ./packages/shared
+COPY --from=shared-libs-builder /app/packages/queryLanguage ./packages/queryLanguage
 
 # Fixes arm64 timeouts
-RUN yarn config set registry https://registry.npmjs.org/
-RUN yarn config set network-timeout 1200000
-RUN yarn --frozen-lockfile
-COPY . .
+RUN yarn workspace @sourcebot/web install
+
 ENV NEXT_TELEMETRY_DISABLED=1
-# @see: https://phase.dev/blog/nextjs-public-runtime-variables/
-ARG NEXT_PUBLIC_SOURCEBOT_TELEMETRY_DISABLED=BAKED_NEXT_PUBLIC_SOURCEBOT_TELEMETRY_DISABLED
-RUN yarn run build
+RUN yarn workspace @sourcebot/web build
+ENV SKIP_ENV_VALIDATION=0
+# ------------------------------
+
+# ------ Build Backend ------
+FROM node-alpine AS backend-builder
+ENV SKIP_ENV_VALIDATION=1
+# -----------
+ARG NEXT_PUBLIC_SOURCEBOT_VERSION
+ENV NEXT_PUBLIC_SOURCEBOT_VERSION=$NEXT_PUBLIC_SOURCEBOT_VERSION
+
+# To upload source maps to Sentry, we need to set the following build-time args.
+# It's important that we don't set these for oss builds, otherwise the Sentry
+# auth token will be exposed.
+ARG SENTRY_ORG
+ENV SENTRY_ORG=$SENTRY_ORG
+ARG SENTRY_BACKEND_PROJECT
+ENV SENTRY_BACKEND_PROJECT=$SENTRY_BACKEND_PROJECT
+# SMUAT = Source Map Upload Auth Token
+ARG SENTRY_SMUAT
+ENV SENTRY_SMUAT=$SENTRY_SMUAT
+# -----------
+
+WORKDIR /app
+
+COPY package.json yarn.lock* .yarnrc.yml ./
+COPY .yarn ./.yarn
+COPY ./schemas ./schemas
+COPY ./packages/backend ./packages/backend
+COPY --from=shared-libs-builder /app/node_modules ./node_modules
+COPY --from=shared-libs-builder /app/packages/db ./packages/db
+COPY --from=shared-libs-builder /app/packages/schemas ./packages/schemas
+COPY --from=shared-libs-builder /app/packages/shared ./packages/shared
+COPY --from=shared-libs-builder /app/packages/queryLanguage ./packages/queryLanguage
+RUN yarn workspace @sourcebot/backend install
+RUN yarn workspace @sourcebot/backend build
+
+# Upload source maps to Sentry if we have the necessary build-time args.
+RUN if [ -n "$SENTRY_SMUAT" ] && [ -n "$SENTRY_ORG" ] && [ -n "$SENTRY_BACKEND_PROJECT" ] && [ -n "$NEXT_PUBLIC_SOURCEBOT_VERSION" ]; then \
+    apk add --no-cache curl; \
+    curl -sL https://sentry.io/get-cli/ | sh; \
+    sentry-cli login --auth-token $SENTRY_SMUAT; \
+    sentry-cli sourcemaps inject --org $SENTRY_ORG --project $SENTRY_BACKEND_PROJECT --release $NEXT_PUBLIC_SOURCEBOT_VERSION ./packages/backend/dist; \
+    sentry-cli sourcemaps upload --org $SENTRY_ORG --project $SENTRY_BACKEND_PROJECT --release $NEXT_PUBLIC_SOURCEBOT_VERSION ./packages/backend/dist; \
+fi
+
+ENV SKIP_ENV_VALIDATION=0
+# ------------------------------
 
 # ------ Runner ------
 FROM node-alpine AS runner
+# -----------
+ARG NEXT_PUBLIC_SOURCEBOT_VERSION
+ENV NEXT_PUBLIC_SOURCEBOT_VERSION=$NEXT_PUBLIC_SOURCEBOT_VERSION
+ARG NEXT_PUBLIC_SENTRY_ENVIRONMENT
+ENV NEXT_PUBLIC_SENTRY_ENVIRONMENT=$NEXT_PUBLIC_SENTRY_ENVIRONMENT
+ARG NEXT_PUBLIC_SENTRY_WEBAPP_DSN
+ENV NEXT_PUBLIC_SENTRY_WEBAPP_DSN=$NEXT_PUBLIC_SENTRY_WEBAPP_DSN
+ARG NEXT_PUBLIC_SENTRY_BACKEND_DSN
+ENV NEXT_PUBLIC_SENTRY_BACKEND_DSN=$NEXT_PUBLIC_SENTRY_BACKEND_DSN
+ARG NEXT_PUBLIC_LANGFUSE_PUBLIC_KEY
+ENV NEXT_PUBLIC_LANGFUSE_PUBLIC_KEY=$NEXT_PUBLIC_LANGFUSE_PUBLIC_KEY
+ARG NEXT_PUBLIC_LANGFUSE_BASE_URL
+ENV NEXT_PUBLIC_LANGFUSE_BASE_URL=$NEXT_PUBLIC_LANGFUSE_BASE_URL
+# -----------
+
+RUN echo "Sourcebot Version: $NEXT_PUBLIC_SOURCEBOT_VERSION"
+
 WORKDIR /app
 ENV NODE_ENV=production
 ENV NEXT_TELEMETRY_DISABLED=1
 ENV DATA_DIR=/data
-ENV CONFIG_PATH=$DATA_DIR/config.json
 ENV DATA_CACHE_DIR=$DATA_DIR/.sourcebot
+ENV DATABASE_DATA_DIR=$DATA_CACHE_DIR/db
+ENV REDIS_DATA_DIR=$DATA_CACHE_DIR/redis
+ENV SOURCEBOT_PUBLIC_KEY_PATH=/app/public.pem
+# PAPIK = Project API Key
+# Note that this key does not need to be kept secret, so it's not
+# necessary to use Docker build secrets here.
+# @see: https://posthog.com/tutorials/api-capture-events#authenticating-with-the-project-api-key
+# @note: this is also declared in the shared env.server.ts file.
+ENV POSTHOG_PAPIK=phc_lLPuFFi5LH6c94eFJcqvYVFwiJffVcV6HD8U4a1OnRW
 
-# @note: This is also set in .env
-ENV NEXT_PUBLIC_POSTHOG_KEY=phc_VFn4CkEGHRdlVyOOw8mfkoj1DKVoG6y1007EClvzAnS
+# Valid values are: debug, info, warn, error
+ENV SOURCEBOT_LOG_LEVEL=info
 
 # Sourcebot collects anonymous usage data using [PostHog](https://posthog.com/). Uncomment this line to disable.
 # ENV SOURCEBOT_TELEMETRY_DISABLED=1
 
 # Configure dependencies
-RUN apk add --no-cache git ca-certificates bind-tools tini jansson wget supervisor uuidgen curl
+RUN apk add --no-cache git ca-certificates bind-tools tini jansson wget supervisor uuidgen curl perl jq redis postgresql postgresql-contrib openssl util-linux unzip
+
+ARG UID=1500
+ARG GID=1500
+
+# Always create the non-root user to support runtime user switching
+# The container can be run as root (default) or as sourcebot user using docker run --user
+RUN addgroup -g $GID sourcebot && \
+    adduser -D -u $UID -h /app -S sourcebot && \
+    adduser sourcebot postgres && \
+    adduser sourcebot redis && \
+    chown -R sourcebot /app && \
+    adduser sourcebot node && \
+    mkdir /var/log/sourcebot && \
+    chown sourcebot /var/log/sourcebot
+
+COPY package.json yarn.lock* .yarnrc.yml public.pem ./
+COPY .yarn ./.yarn
 
 # Configure zoekt
 COPY vendor/zoekt/install-ctags-alpine.sh .
 RUN ./install-ctags-alpine.sh && rm install-ctags-alpine.sh
 RUN mkdir -p ${DATA_CACHE_DIR}
 COPY --from=zoekt-builder \
-    /cmd/zoekt-git-index \
-    /cmd/zoekt-indexserver \
-    /cmd/zoekt-mirror-github \
-    /cmd/zoekt-mirror-gitiles \
-    /cmd/zoekt-mirror-bitbucket-server \
-    /cmd/zoekt-mirror-gitlab \
-    /cmd/zoekt-mirror-gerrit \
-    /cmd/zoekt-webserver \
-    /usr/local/bin/
+/cmd/zoekt-git-index \
+/cmd/zoekt-indexserver \
+/cmd/zoekt-mirror-github \
+/cmd/zoekt-mirror-gitiles \
+/cmd/zoekt-mirror-bitbucket-server \
+/cmd/zoekt-mirror-gitlab \
+/cmd/zoekt-mirror-gerrit \
+/cmd/zoekt-webserver \
+/cmd/zoekt-index \
+/usr/local/bin/
 
-# Configure the webapp
-COPY --from=web-builder /app/public ./public
-RUN mkdir .next
-COPY --from=web-builder /app/.next/standalone ./
-COPY --from=web-builder /app/.next/static ./.next/static
+RUN chown -R sourcebot:sourcebot /app
+
+# Copy zoekt proto files (needed for gRPC client at runtime)
+COPY --chown=sourcebot:sourcebot vendor/zoekt/grpc/protos /app/vendor/zoekt/grpc/protos
+
+# Copy all of the things
+COPY --chown=sourcebot:sourcebot --from=web-builder /app/packages/web/public ./packages/web/public
+COPY --chown=sourcebot:sourcebot --from=web-builder /app/packages/web/.next/standalone ./
+COPY --chown=sourcebot:sourcebot --from=web-builder /app/packages/web/.next/static ./packages/web/.next/static
+
+COPY --chown=sourcebot:sourcebot --from=backend-builder /app/node_modules ./node_modules
+COPY --chown=sourcebot:sourcebot --from=backend-builder /app/packages/backend ./packages/backend
+
+COPY --chown=sourcebot:sourcebot --from=shared-libs-builder /app/packages/db ./packages/db
+COPY --chown=sourcebot:sourcebot --from=shared-libs-builder /app/packages/schemas ./packages/schemas
+COPY --chown=sourcebot:sourcebot --from=shared-libs-builder /app/packages/shared ./packages/shared
+COPY --chown=sourcebot:sourcebot --from=shared-libs-builder /app/packages/queryLanguage ./packages/queryLanguage
+
+# Fixes git "dubious ownership" issues when the volume is mounted with different permissions to the container.
+RUN git config --global safe.directory "*"
+
+# Configure the database
+RUN mkdir -p /run/postgresql && \
+    chown -R postgres:postgres /run/postgresql && \
+    chmod 775 /run/postgresql
+
+# Make app directory accessible to both root and sourcebot user
+RUN chown -R sourcebot /app \
+	&& chgrp -R 0  /app \
+	&& chmod -R g=u /app
+# Make data directory accessible to both root and sourcebot user
+RUN chown -R sourcebot /data
 
 COPY supervisord.conf /etc/supervisor/conf.d/supervisord.conf
+COPY prefix-output.sh ./prefix-output.sh
+RUN chmod +x ./prefix-output.sh
 COPY entrypoint.sh ./entrypoint.sh
 RUN chmod +x ./entrypoint.sh
 
-COPY default-config.json .
+# Note: for back-compat cases, we do _not_ set the USER directive here.
+# Instead, the user can be overridden at runtime with --user flag.
+# USER sourcebot
 
 EXPOSE 3000
 ENV PORT=3000
 ENV HOSTNAME="0.0.0.0"
-ENTRYPOINT ["/sbin/tini", "--", "./entrypoint.sh"]
+ENTRYPOINT ["/sbin/tini", "--", "./entrypoint.sh"]
+# ------------------------------

LICENSE

@@ -1,21 +0,0 @@
-MIT License
-
-Copyright (c) Taqla, Inc.
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.

LICENSE.md

@@ -0,0 +1,115 @@
+Copyright (c) 2025 Taqla Inc.
+
+Portions of this software are licensed as follows:
+
+- All content located within any folder or subfolder named “ee” in this repository is licensed under the terms specified in “ee/LICENSE”,
+- All third party components incorporated into the Sourcebot Software are licensed under the original license provided by the owner of the applicable component.
+- Content outside of the above mentioned directories or restrictions above is available under the "Functional Source License" as defined below.
+
+---
+
+# Functional Source License, Version 1.1, ALv2 Future License
+
+## Abbreviation
+
+FSL-1.1-ALv2
+
+## Notice
+
+Copyright 2025 Taqla Inc.
+
+## Terms and Conditions
+
+### Licensor ("We")
+
+The party offering the Software under these Terms and Conditions.
+
+### The Software
+
+The "Software" is each version of the software that we make available under
+these Terms and Conditions, as indicated by our inclusion of these Terms and
+Conditions with the Software.
+
+### License Grant
+
+Subject to your compliance with this License Grant and the Patents,
+Redistribution and Trademark clauses below, we hereby grant you the right to
+use, copy, modify, create derivative works, publicly perform, publicly display
+and redistribute the Software for any Permitted Purpose identified below.
+
+### Permitted Purpose
+
+A Permitted Purpose is any purpose other than a Competing Use. A Competing Use
+means making the Software available to others in a commercial product or
+service that:
+
+1. substitutes for the Software;
+
+2. substitutes for any other product or service we offer using the Software
+   that exists as of the date we make the Software available; or
+
+3. offers the same or substantially similar functionality as the Software.
+
+Permitted Purposes specifically include using the Software:
+
+1. for your internal use and access;
+
+2. for non-commercial education;
+
+3. for non-commercial research; and
+
+4. in connection with professional services that you provide to a licensee
+   using the Software in accordance with these Terms and Conditions.
+
+### Patents
+
+To the extent your use for a Permitted Purpose would necessarily infringe our
+patents, the license grant above includes a license under our patents. If you
+make a claim against any party that the Software infringes or contributes to
+the infringement of any patent, then your patent license to the Software ends
+immediately.
+
+### Redistribution
+
+The Terms and Conditions apply to all copies, modifications and derivatives of
+the Software.
+
+If you redistribute any copies, modifications or derivatives of the Software,
+you must include a copy of or a link to these Terms and Conditions and not
+remove any copyright notices provided in or with the Software.
+
+### Disclaimer
+
+THE SOFTWARE IS PROVIDED "AS IS" AND WITHOUT WARRANTIES OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING WITHOUT LIMITATION WARRANTIES OF FITNESS FOR A PARTICULAR
+PURPOSE, MERCHANTABILITY, TITLE OR NON-INFRINGEMENT.
+
+IN NO EVENT WILL WE HAVE ANY LIABILITY TO YOU ARISING OUT OF OR RELATED TO THE
+SOFTWARE, INCLUDING INDIRECT, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES,
+EVEN IF WE HAVE BEEN INFORMED OF THEIR POSSIBILITY IN ADVANCE.
+
+### Trademarks
+
+Except for displaying the License Details and identifying us as the origin of
+the Software, you have no right under these Terms and Conditions to use our
+trademarks, trade names, service marks or product names.
+
+## Grant of Future License
+
+We hereby irrevocably grant you an additional license to use the Software under
+the Apache License, Version 2.0 that is effective on the second anniversary of
+the date we make the Software available. On or after that date, you may use the
+Software under the Apache License, Version 2.0, in which case the following
+will apply:
+
+Licensed under the Apache License, Version 2.0 (the "License"); you may not use
+this file except in compliance with the License.
+
+You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software distributed
+under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+CONDITIONS OF ANY KIND, either express or implied. See the License for the
+specific language governing permissions and limitations under the License.

Makefile

@@ -1,16 +1,43 @@
 
-CMDS := zoekt ui
+CMDS := zoekt yarn
 
 ALL: $(CMDS)
 
-ui:
+yarn:
 	yarn install
+	yarn build:deps
 
 zoekt:
 	mkdir -p bin
 	go build -C vendor/zoekt -o $(PWD)/bin ./cmd/...
+	export PATH="$(PWD)/bin:$(PATH)"
+	export CTAGS_COMMANDS=ctags
 
 clean:
-	rm -rf bin node_modules .next .sourcebot
+	redis-cli FLUSHALL
+	yarn dev:prisma:migrate:reset
+
+	rm -rf \
+		bin \
+		node_modules \
+		packages/web/node_modules \
+		packages/web/.next \
+		packages/backend/dist \
+		packages/backend/node_modules \
+		packages/db/node_modules \
+		packages/db/dist \
+		packages/schemas/node_modules \
+		packages/schemas/dist \
+		packages/mcp/node_modules \
+		packages/mcp/dist \
+		packages/shared/node_modules \
+		packages/shared/dist \
+		.sourcebot
+
+soft-reset:
+	rm -rf .sourcebot
+	redis-cli FLUSHALL
+	yarn dev:prisma:migrate:reset
+
 
 .PHONY: bin

README.md

@@ -5,264 +5,115 @@
   <img height="150" src=".github/images/logo_light.png">
 </picture>
 </div>
+<div align="center">
+   <div>
+      <h3>
+         <a href="https://docs.sourcebot.dev/self-hosting/overview">
+            <strong>Self Host</strong>
+         </a> · 
+         <a href="https://demo.sourcebot.dev">
+            <strong>Public Demo</strong>
+         </a>
+      </h3>
+   </div>
+
+   <div>
+      <a href="https://docs.sourcebot.dev/"><strong>Docs</strong></a> ·
+      <a href="https://github.com/sourcebot-dev/sourcebot/issues/459"><strong>Roadmap</strong></a> ·
+      <a href="https://github.com/sourcebot-dev/sourcebot/issues/new?template=bug_report.yml"><strong>Report Bug</strong></a> ·
+      <a href="https://github.com/sourcebot-dev/sourcebot/issues/new?template=feature_request.md"><strong>Feature Request</strong></a> ·
+      <a href="https://www.sourcebot.dev/changelog"><strong>Changelog</strong></a>
+   </div>
+   <br/>
+   <div>
+   </div>
+</div>
 <p align="center">
-Blazingly fast code search 🏎️
-</p>
-<p align="center">
-  <a href="https://demo.sourcebot.dev"><img src="https://img.shields.io/badge/Try the Demo!-blue?logo=googlechrome&logoColor=orange"/></a>
-  <a href="mailto:brendan@sourcebot.dev"><img src="https://img.shields.io/badge/Email%20Us-brightgreen" /></a>
-  <a href="https://github.com/sourcebot-dev/sourcebot/blob/main/LICENSE"><img src="https://img.shields.io/github/license/sourcebot-dev/sourcebot"/></a>
+  <a href="mailto:team@sourcebot.dev"><img src="https://img.shields.io/badge/Email%20Us-brightgreen" /></a>
   <a href="https://github.com/sourcebot-dev/sourcebot/actions/workflows/ghcr-publish.yml"><img src="https://img.shields.io/github/actions/workflow/status/sourcebot-dev/sourcebot/ghcr-publish.yml"/><a>
   <a href="https://github.com/sourcebot-dev/sourcebot/stargazers"><img src="https://img.shields.io/github/stars/sourcebot-dev/sourcebot" /></a>
 </p>
 <p align="center">
-<p align="center">
-    <a href="https://discord.gg/6Fhp27x7Pb"><img src="https://dcbadge.limes.pink/api/server/https://discord.gg/6Fhp27x7Pb?style=flat"/></a>
-</p>
 </p>
 
-# About
+Sourcebot is a self-hosted tool that helps you understand your codebase. 
 
-Sourcebot is a fast code indexing and search tool for your codebases. It is built ontop of the [zoekt](https://github.com/sourcegraph/zoekt) indexer, originally authored by Han-Wen Nienhuys and now [maintained by Sourcegraph](https://sourcegraph.com/blog/sourcegraph-accepting-zoekt-maintainership).
+- **Ask Sourcebot:** Ask questions about your codebase and have Sourcebot provide detailed answers grounded with inline citations.
+- **Code search:** Search and navigate across all your repos and branches, no matter where they’re hosted.
 
-https://github.com/user-attachments/assets/98d46192-5469-430f-ad9e-5c042adbb10d
+Try it out in our [public demo](https://demo.sourcebot.dev)!
 
+https://github.com/user-attachments/assets/ed66a622-e38f-4947-a531-86df1e1e0218
 
-## Features
-- 💻 **One-command deployment**: Get started instantly using Docker on your own machine.
-- 🔍 **Multi-repo search**: Effortlessly index and search through multiple public and private repositories in GitHub or GitLab.
-- ⚡**Lightning fast performance**: Built on top of the powerful [Zoekt](https://github.com/sourcegraph/zoekt) search engine.
-- 📂 **Full file visualization**: Instantly view the entire file when selecting any search result.
-- 🎨 **Modern web app**: Enjoy a sleek interface with features like syntax highlighting, light/dark mode, and vim-style navigation 
+# Features
+![Sourcebot Features](https://github.com/user-attachments/assets/3aed7348-7aeb-4af3-89da-b617c3db2e02)
 
-You can try out our public hosted demo [here](https://demo.sourcebot.dev/)!
+## Ask Sourcebot
+Ask Sourcebot gives you the ability to ask complex questions about your codebase in natural language.
 
-# Getting Started
+It uses Sourcebot's existing code search and navigation tools to allow reasoning models to search your code, follow code nav references, and provide an answer that's rich with inline citations and navigable code snippets.
 
-Get started with a single docker command:
+https://github.com/user-attachments/assets/8212cd16-683f-468f-8ea5-67455c0931e2
 
-```
-docker run -p 3000:3000 --rm --name sourcebot ghcr.io/sourcebot-dev/sourcebot:main
-```
+## Code Search
+Search across all your repos/branches across any code host platform. Blazingly fast, and supports regular expressions, repo/language search filters, boolean logic, and more.
 
-Navigate to `localhost:3000` to start searching the Sourcebot repo. Want to search your own repos? Checkout how to [configure Sourcebot](#configuring-sourcebot).
+https://github.com/user-attachments/assets/3b381452-d329-4949-b6f2-2fc38952e481
 
-<details>
-<summary>What does this command do?</summary>
+## Code Navigation
+IDE-level code navigation (goto definition and find references) across all your repos.
 
-- Pull and run the Sourcebot docker image from [ghcr.io/sourcebot-dev/sourcebot:main](https://github.com/sourcebot-dev/sourcebot/pkgs/container/sourcebot). Make sure you have [docker installed](https://docs.docker.com/get-started/get-docker/).
-- Read the repos listed in [default config](./default-config.json) and start indexing them.
-- Map port 3000 between your machine and the docker image.
-- Starts the web server on port 3000.
-</details>
+https://github.com/user-attachments/assets/e2da2829-71cc-40af-98b4-7ba52e945530
 
-## Configuring Sourcebot
+## Built-in File Explorer
+Explore every file across all of your repos. Modern UI with syntax highlighting, file tree, code navigation, etc.
 
-Sourcebot supports indexing and searching through public and private repositories hosted on 
-<picture>
-    <source media="(prefers-color-scheme: dark)" srcset=".github/images/github-favicon-inverted.png">
-    <img src="https://github.com/favicon.ico" width="16" height="16" alt="GitHub icon">
-</picture> GitHub and <img src="https://gitlab.com/favicon.ico" width="16" height="16" /> GitLab. This section will guide you through configuring the repositories that Sourcebot indexes. 
+https://github.com/user-attachments/assets/31ec0669-707d-4e03-b511-1bc33d44197a
 
-1. Create a new folder on your machine that stores your configs and `.sourcebot` cache, and navigate into it:
-    ```sh
-    mkdir sourcebot_workspace
-    cd sourcebot_workspace
-    ```
+# Deploy Sourcebot
 
-2. Create a new config following the [configuration schema](./schemas/index.json) to specify which repositories Sourcebot should index. For example, to index [llama.cpp](https://github.com/ggerganov/llama.cpp):
+Sourcebot can be deployed in seconds using Docker Compose. Visit our [docs](https://docs.sourcebot.dev/docs/deployment/docker-compose) for more information.
 
-    ```sh
-    touch my_config.json
-    echo '{
-        "$schema": "https://raw.githubusercontent.com/sourcebot-dev/sourcebot/main/schemas/index.json",
-        "Configs": [
-            {
-                "Type": "github",
-                "GitHubUser": "ggerganov",
-                "Name": "^llama\\.cpp$"
-            }
-        ]
-    }' > my_config.json
-    ```
-
-    (For more examples, see [example-config.json](./example-config.json). For additional usage information, see the [configuration schema](./schemas/index.json)).
-
-3. Run Sourcebot and point it to the new config you created with the `-e CONFIG_PATH` flag:
-
-    ```sh
-    docker run -p 3000:3000 --rm --name sourcebot -v $(pwd):/data -e CONFIG_PATH=/data/my_config.json ghcr.io/sourcebot-dev/sourcebot:main
-    ```
-
-    <details>
-    <summary>What does this command do?</summary>
-
-    - Pull and run the Sourcebot docker image from [ghcr.io/sourcebot-dev/sourcebot:main](https://github.com/sourcebot-dev/sourcebot/pkgs/container/sourcebot).
-    - Mount the current directory (`-v $(pwd):/data`) to allow Sourcebot to persist the `.sourcebot` cache.
-    - Mirrors (clones) llama.cpp at `HEAD` into `.sourcebot/github/ggerganov/llama.cpp`.
-    - Indexes llama.cpp into a .zoekt index file in `.sourcebot/index/`.
-    - Map port 3000 between your machine and the docker image.
-    - Starts the web server on port 3000.
-    </details>
-    <br>
-
-    You should see a `.sourcebot` folder in your current directory. This folder stores a cache of the repositories zoekt has indexed. The `HEAD` commit of a repository is re-indexed [every hour](https://github.com/sourcebot-dev/zoekt/blob/11b7713f1fb511073c502c41cea413d616f7761f/cmd/zoekt-indexserver/main.go#L86). Indexing private repos? See [Providing an access token](#providing-an-access-token).
-
-    >[!WARNING]
-    > Depending on the size of your repo(s), SourceBot could take a couple of minutes to finish indexing. SourceBot doesn't currently support displaying indexing progress in real-time, so please be patient while it finishes. You can track the progress manually by investigating the `.sourcebot` cache in your workspace.
-
-    <details>
-    <summary><img src="https://gitlab.com/favicon.ico" width="16" height="16" /> Using GitLab?</summary>
-
-    _tl;dr: A `GITLAB_TOKEN` is required to index GitLab repositories (both private & public). See [Providing an access token](#providing-an-access-token)._
-
-    Currently, the GitLab indexer is restricted to only indexing repositories that the associated `GITLAB_TOKEN` has access to. For example, if the token has access to `foo`, `bar`, and `baz` repositories, the following config will index all three:
-
-    ```sh
-    {
-        "$schema": "https://raw.githubusercontent.com/sourcebot-dev/sourcebot/main/schemas/index.json",
-        "Configs": [
-            {
-                "Type": "gitlab"
-            }
-        ]
-    }
-    ```
-
-    See [Providing an access token](#providing-an-access-token).
-    </details>
-    </br>
-
-## Providing an access token
-This will depend on the code hosting platform you're using:
-
-<div>
-<details>
-<summary>
-<picture>
-    <source media="(prefers-color-scheme: dark)" srcset=".github/images/github-favicon-inverted.png">
-    <img src="https://github.com/favicon.ico" width="16" height="16" alt="GitHub icon">
-</picture> GitHub
-</summary>
-
-In order to index private repositories, you'll need to generate a GitHub Personal Access Token (PAT) and pass it to Sourcebot. Create a new PAT [here](https://github.com/settings/tokens/new) and make sure you select the `repo` scope:
-
-![GitHub PAT creation](.github/images/github-pat-creation.png)
-
-You'll need to pass this PAT each time you run Sourcebot by setting the `GITHUB_TOKEN` environment variable:
-
-<pre>
-docker run -p 3000:3000 --rm --name sourcebot -e <b>GITHUB_TOKEN=[your-github-token]</b> -e CONFIG_PATH=/data/my_config.json -v $(pwd):/data ghcr.io/sourcebot-dev/sourcebot:main
-</pre>
-</details>
-
-<details>
-<summary><img src="https://gitlab.com/favicon.ico" width="16" height="16" /> GitLab</summary>
-
->[!NOTE]
-> An access token is <b>required</b> to index GitLab repositories (both private & public) since the GitLab indexer needs the token to determine which repositories to index. See [example-config.json](./example-config.json) for example usage.
-
-Generate a GitLab Personal Access Token (PAT) [here](https://gitlab.com/-/user_settings/personal_access_tokens) and make sure you select the `read_api` scope:
-
-![GitLab PAT creation](.github/images/gitlab-pat-creation.png)
-
-You'll need to pass this PAT each time you run Sourcebot by setting the `GITLAB_TOKEN` environment variable:
-
-<pre>
-docker run -p 3000:3000 --rm --name sourcebot -e <b>GITLAB_TOKEN=[your-gitlab-token]</b> -e CONFIG_PATH=/data/my_config.json -v $(pwd):/data ghcr.io/sourcebot-dev/sourcebot:main
-</pre>
-
-</details>
-
-</div>
-
-
-## Build from source
->[!NOTE]
-> Building from source is only required if you'd like to contribute. The recommended way to use Sourcebot is to use the [pre-built docker image](https://github.com/sourcebot-dev/sourcebot/pkgs/container/sourcebot).
-
-1. Install <a href="https://go.dev/doc/install"><img src="https://go.dev/favicon.ico" width="16" height="16"> go</a> and <a href="https://nodejs.org/"><img src="https://nodejs.org/favicon.ico" width="16" height="16"> NodeJS</a>. Note that a NodeJS version of at least `21.1.0` is required.
-
-2. Install [ctags](https://github.com/universal-ctags/ctags) (required by zoekt-indexserver)
-    ```sh
-    // macOS:
-    brew install universal-ctags
-
-    // Linux:
-    snap install universal-ctags
-    ```
-
-3. Clone the repository with submodules:
-    ```sh
-    git clone --recurse-submodules https://github.com/sourcebot-dev/sourcebot.git
-    ```
-
-4. Run `make` to build zoekt and install dependencies:
-    ```sh
-    cd sourcebot
-    make
-    ```
-
-    The zoekt binaries and web dependencies are placed into `bin` and `node_modules` respectively.
-
-5. Create a `config.json` file at the repository root. See [Configuring Sourcebot](#configuring-sourcebot) for more information.
-
-6. (Optional) Depending on your `config.json`, you may need to pass an access token to Sourcebot:
-
-    <div>
-    <details>
-    <summary>
-    <picture>
-        <source media="(prefers-color-scheme: dark)" srcset=".github/images/github-favicon-inverted.png">
-        <img src="https://github.com/favicon.ico" width="16" height="16" alt="GitHub icon">
-    </picture>
-    GitHub
-    </summary>
-
-    First, generate a personal access token (PAT). See [Providing an access token](#providing-an-access-token).
-
-    Next, Create a text file named `.github-token` **in your home directory** and paste the token in it. The file should look like:
-    ```sh
-    ghp_...
-    ```
-    zoekt will [read this file](https://github.com/sourcebot-dev/zoekt/blob/6a5753692b46e669f851ab23211e756a3677185d/cmd/zoekt-mirror-github/main.go#L60) to authenticate with GitHub.
-    </details>
-
-    <details>
-    <summary>
-        <img src="https://gitlab.com/favicon.ico" width="16" height="16" /> GitLab
-    </summary>
-    First, generate a personal access token (PAT). See [Providing an access token](#providing-an-access-token).
-
-    Next, Create a text file named `.gitlab-token` **in your home directory** and paste the token in it. The file should look like:
-    ```sh
-    glpat-...
-    ```
-    zoekt will [read this file](https://github.com/sourcebot-dev/zoekt/blob/11b7713f1fb511073c502c41cea413d616f7761f/cmd/zoekt-mirror-gitlab/main.go#L43) to authenticate with GitLab.
-    </details>
-    </div>
-
-7. Start Sourcebot with the command:
-    ```sh
-    yarn dev
-    ```
-
-    A `.sourcebot` directory will be created and zoekt will begin to index the repositories found given `config.json`.
-
-8. Start searching at `http://localhost:3000`.
-
-## Telemetry
-
-By default, Sourcebot collects anonymized usage data through [PostHog](https://posthog.com/) to help us improve the performance and reliability of our tool. We do not collect or transmit [any information related to your codebase](https://github.com/search?q=repo:sourcebot-dev/sourcebot++captureEvent&type=code). In addition, all events are [sanitized](https://github.com/sourcebot-dev/sourcebot/blob/main/src/app/posthogProvider.tsx) to ensure that no sensitive or identifying details leave your machine. The data we collect includes general usage statistics and metadata such as query performance (e.g., search duration, error rates) to monitor the application's health and functionality. This information helps us better understand how Sourcebot is used and where improvements can be made :)
-
-If you'd like to disable all telemetry, you can do so by setting the environment variable `SOURCEBOT_TELEMETRY_DISABLED` to `1` in the docker run command:
-
-<pre>
-docker run -e <b>SOURCEBOT_TELEMETRY_DISABLED=1</b> /* additional args */ ghcr.io/sourcebot-dev/sourcebot:main
-</pre>
-
-Or if you are [building locally](#build-from-source), create a `.env.local` file at the repository root with the following contents:
+1. Download the docker-compose.yml file
 ```sh
-SOURCEBOT_TELEMETRY_DISABLED=1
-NEXT_PUBLIC_SOURCEBOT_TELEMETRY_DISABLED=1
+curl -o docker-compose.yml https://raw.githubusercontent.com/sourcebot-dev/sourcebot/main/docker-compose.yml
 ```
+
+2. In the same directory as the `docker-compose.yml` file, create a [configuration file](https://docs.sourcebot.dev/docs/configuration/config-file). The configuration file is a JSON file that configures Sourcebot's behaviour, including what repositories to index, language model providers, auth providers, and more.
+```sh
+touch config.json
+echo '{
+    "$schema": "https://raw.githubusercontent.com/sourcebot-dev/sourcebot/main/schemas/v3/index.json",
+    // Comments are supported.
+    // This config creates a single connection to GitHub.com that
+    // indexes the Sourcebot repository
+    "connections": {
+        "starter-connection": {
+            "type": "github",
+            "repos": [
+                "sourcebot-dev/sourcebot"
+            ]
+        }
+    }
+}' > config.json
+```
+
+3.  Update the secrets in the `docker-compose.yml` and then run Sourcebot using:
+```sh
+docker compose up
+```
+
+4. Visit `http://localhost:3000` to start using Sourcebot
+</br>
+
+To configure Sourcebot (index your own repos, connect your LLMs, etc), check out our [docs](https://docs.sourcebot.dev/docs/configuration/config-file).
+
+> [!NOTE]
+> Sourcebot collects <a href="https://demo.sourcebot.dev/~/search?query=captureEvent%5C(%20repo%3Asourcebot">anonymous usage data</a> by default to help us improve the product. No sensitive data is collected, but if you'd like to disable this you can do so by setting the `SOURCEBOT_TELEMETRY_DISABLED` environment
+> variable to `true`. Please refer to our [telemetry docs](https://docs.sourcebot.dev/docs/overview#telemetry) for more information.
+
+# Build from source
+>[!NOTE]
+> Building from source is only required if you'd like to contribute. If you'd just like to use Sourcebot, we recommend checking out our self-hosting [docs](https://docs.sourcebot.dev/self-hosting/overview).
+
+If you'd like to build from source, please checkout the `CONTRIBUTING.md` file for more information.

_typos.toml

@@ -0,0 +1,6 @@
+[default.extend-words]
+# Don't correct the surname "Do Not Exists"
+dne = "dne"
+
+[files]
+extend-exclude = ["vendor/**/*", "CHANGELOG.md", "packages/web/src/lib/languageMetadata.ts"]

configs/auth.json

@@ -0,0 +1,29 @@
+{
+    "$schema": "../schemas/v3/index.json",
+    "connections": {
+        "example-1": {
+            "type": "github",
+            "token": {
+                "env": "GITHUB_TOKEN_ENV_VAR"
+            }
+        },
+        "example-2": {
+            "type": "gitlab",
+            "token": {
+                "env": "GITLAB_TOKEN_ENV_VAR"
+            },
+            "groups": [
+                "my-group"
+            ]
+        },
+        "example-3": {
+            "type": "gitea",
+            "token": {
+                "env": "GITEA_TOKEN_ENV_VAR"
+            },
+            "orgs": [
+                "my-org"
+            ]
+        }
+    }
+}

configs/basic.json

@@ -0,0 +1,56 @@
+{
+    "$schema": "../schemas/v3/index.json",
+    // Note: to include private repositories, you must provide an authentication token.
+    // See: configs/auth.json for a example.
+    "connections": {
+        // From GitHub, include:
+        // - all public repos owned by user `torvalds`
+        // - all public repos owned by organization `commai`
+        // - repo `sourcebot-dev/sourcebot`
+        "example-1": {
+            "type": "github",
+            "users": [
+                "torvalds"
+            ],
+            "orgs": [
+                "commaai"
+            ],
+            "repos": [
+                "sourcebot-dev/sourcebot"
+            ]
+        },
+        // From GitLab, include:
+        // - all public projects owned by user `brendan67`
+        // - all public projects in group `my-group` and sub-group `sub-group`
+        // - project `my-group/project1`
+        "example-2": {
+            "type": "gitlab",
+            "users": [
+                "brendan67"
+            ],
+            "groups": [
+                "my-group",
+                "my-other-group/sub-group"
+            ],
+            "projects": [
+                "my-group/project1"
+            ]
+        },
+        // From Gitea, include:
+        // - all public repos owned by user `my-user`
+        // - all public repos owned by organization `my-org`
+        // - repo `my-org/my-repo`
+        "example-3": {
+            "type": "gitea",
+            "users": [
+                "my-user"
+            ],
+            "orgs": [
+                "my-org"
+            ],
+            "repos": [
+                "my-org/my-repo"
+            ]
+        }
+    }
+}

configs/filter.json

@@ -0,0 +1,98 @@
+{
+    "$schema": "../schemas/v3/index.json",
+    "connections": {
+        // Include all repos in my-org, except:
+        // - repo1 & repo2
+        // - repos that are archived or forks
+        "example-1": {
+            "type": "github",
+            "orgs": [
+                "my-org"
+            ],
+            "exclude": {
+                "archived": true,
+                "forks": true,
+                "repos": [
+                    "my-org/repo1",
+                    "my-org/repo2",
+                    "my-org/sub-org-1/**",
+                    "my-org/sub-org-*/**"
+                ]
+            }
+        },
+
+        // Include all projects in my-group, except:
+        // - project1 & project2
+        // - projects that are archived or forks
+        "example-2": {
+            "type": "gitlab",
+            "groups": [
+                "my-group"
+            ],
+            "exclude": {
+                "archived": true,
+                "forks": true,
+                "projects": [
+                    "my-group/project1",
+                    "my-group/project2",
+                    "my-org/sub-org-1/**",
+                    "my-org/sub-org-*/**"
+                ]
+            }
+        },
+
+        // Include all repos in my-org, except:
+        // - repo1 & repo2
+        // - repos that are archived or forks
+        "example-3": {
+            "type": "gitea",
+            "orgs": [
+                "my-org"
+            ],
+            "exclude": {
+                "archived": true,
+                "forks": true,
+                "repos": [
+                    "my-org/repo1",
+                    "my-org/repo2",
+                    "my-org/sub-org-1/**",
+                    "my-org/sub-org-*/**"
+                ]
+            }
+        },
+        // Include all repos in my-org that have the topic
+        // "TypeScript" and do not have a topic that starts
+        // with "test-"
+        "example-4": {
+            "type": "github",
+            "orgs": [
+                "my-org"
+            ],
+            "topics": [
+                "TypeScript"
+            ],
+            "exclude": {
+                "topics": [
+                    "test-**"
+                ]
+            }
+        },
+        // Include all repos in my-group that have the topic
+        // "TypeScript" and do not have a topic that starts
+        // with "test-"
+        "example-5": {
+            "type": "gitlab",
+            "groups": [
+                "my-group"
+            ],
+            "topics": [
+                "TypeScript"
+            ],
+            "exclude": {
+                "topics": [
+                    "test-**"
+                ]
+            }
+        }
+    }
+}

configs/multi-branch.json

@@ -0,0 +1,26 @@
+{
+    "$schema": "../schemas/v3/index.json",
+    "connections": {
+        "example-1": {
+            "type": "github",
+            "revisions": {
+                 // Specify branches to index...
+                "branches": [
+                    "main",
+                    "release/*"
+                ],
+                // ... or specify tags
+                "tags": [
+                    "v*.*.*"
+                ]
+            },
+            // For each repo (repoa, repob), Sourcebot will index all branches and tags in the repo
+            // matching the `branches` and `tags` patterns above. Any branches or tags that don't
+            // match the patterns will be ignored and not indexed.
+            "repos": [
+                "org/repoa",
+                "org/repob"
+            ]
+        }
+    }
+}

configs/self-hosted.json

@@ -0,0 +1,26 @@
+{
+    "$schema": "../schemas/v3/index.json",
+    "connections": {
+        "example-1": {
+            "type": "github",
+            "url": "https://github.example.com",
+            "orgs": [
+                "my-org-name"
+            ]
+        },
+        "example-2": {
+            "type": "gitlab",
+            "url": "https://gitlab.example.com",
+            "groups": [
+                "my-group"
+            ]
+        },
+        "example-3": {
+            "type": "gitea",
+            "url": "https://gitea.example.com",
+            "orgs": [
+                "my-org-name"
+            ]
+        }
+    }
+}

default-config.json

@@ -1,10 +0,0 @@
-{
-    "$schema": "https://raw.githubusercontent.com/sourcebot-dev/sourcebot/main/schemas/index.json",
-    "Configs": [
-        {
-            "Type": "github",
-            "GitHubOrg": "sourcebot-dev",
-            "Name": "^sourcebot$"
-        }
-    ]
-}

demo-site-config.json

@@ -1,36 +0,0 @@
-{
-    "$schema": "https://raw.githubusercontent.com/sourcebot-dev/sourcebot/main/schemas/index.json",
-    "Configs": [
-        {
-            "Type": "github",
-            "GitHubUser": "torvalds",
-            "Name": "linux"
-        },
-        {
-            "Type": "github",
-            "GitHubOrg": "pytorch",
-            "Name": "pytorch"
-        },
-        {
-            "Type": "github",
-            "GitHubOrg": "commaai",
-            "Name": "^(openpilot|tinygrad)$",
-            "IncludeForks": true
-        },
-        {
-            "Type": "github",
-            "GitHubUser": "ggerganov",
-            "Name": "^(whisper\\.cpp|llama\\.cpp)$"
-        },
-        {
-            "Type": "github",
-            "GitHubOrg": "codemirror",
-            "Name": "^(dev|lang-.*)$"
-        },
-        {
-            "Type": "github",
-            "GitHubOrg": "tailwindlabs",
-            "Name": "^tailwindcss$"
-        }
-    ]
-}

docker-compose-dev.yml

@@ -0,0 +1,30 @@
+# docker-compose-dev.yml
+version: '3.8'
+
+services:
+  redis:
+    image: redis:7-alpine
+    container_name: sourcebot-redis
+    ports:
+      - "6379:6379"
+    volumes:
+      - redis_data:/data
+    restart: unless-stopped
+
+  postgres:
+    image: postgres:16-alpine
+    container_name: sourcebot-postgres
+    ports:
+      - "5432:5432"
+    environment:
+      POSTGRES_DB: postgres
+      POSTGRES_USER: postgres
+      POSTGRES_PASSWORD: postgres
+    volumes:
+      - postgres_data:/var/lib/postgresql/data
+    restart: unless-stopped
+
+volumes:
+  redis_data:
+  postgres_data:
+

docker-compose.yml

@@ -0,0 +1,66 @@
+services:
+  sourcebot:
+    image: ghcr.io/sourcebot-dev/sourcebot:latest
+    user: sourcebot
+    restart: always
+    container_name: sourcebot
+    depends_on:
+      postgres:
+        condition: service_healthy
+      redis:
+        condition: service_healthy
+    ports:
+      - "3000:3000"
+    volumes:
+      - ./config.json:/data/config.json
+      - sourcebot_data:/data
+    environment:
+      - CONFIG_PATH=/data/config.json
+      - AUTH_URL=${AUTH_URL:-http://localhost:3000}
+      - AUTH_SECRET=${AUTH_SECRET:-000000000000000000000000000000000} # CHANGEME: generate via `openssl rand -base64 33`
+      - SOURCEBOT_ENCRYPTION_KEY=${SOURCEBOT_ENCRYPTION_KEY:-000000000000000000000000000000000} # CHANGEME: generate via `openssl rand -base64 24`
+      - DATABASE_URL=${DATABASE_URL:-postgresql://postgres:postgres@postgres:5432/postgres} # CHANGEME
+      - REDIS_URL=${REDIS_URL:-redis://redis:6379} # CHANGEME
+      - SOURCEBOT_EE_LICENSE_KEY=${SOURCEBOT_EE_LICENSE_KEY:-}
+      - SOURCEBOT_TELEMETRY_DISABLED=${SOURCEBOT_TELEMETRY_DISABLED:-false}
+
+      # For the full list of environment variables see:
+      # https://docs.sourcebot.dev/docs/configuration/environment-variables
+
+  postgres:
+    image: docker.io/postgres:${POSTGRES_VERSION:-latest}
+    restart: always
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U postgres"]
+      interval: 3s
+      timeout: 3s
+      retries: 10
+    environment:
+      POSTGRES_USER: postgres
+      POSTGRES_PASSWORD: postgres # CHANGEME
+      POSTGRES_DB: postgres
+    ports:
+      - 127.0.0.1:5432:5432
+    volumes:
+      - sourcebot_postgres_data:/var/lib/postgresql/data
+
+  redis:
+    image: docker.io/redis:${REDIS_VERSION:-latest}
+    restart: always
+    ports:
+      - 127.0.0.1:6379:6379
+    healthcheck:
+      test: ["CMD", "redis-cli", "ping"]
+      interval: 3s
+      timeout: 10s
+      retries: 10
+    volumes:
+      - sourcebot_redis_data:/data
+
+volumes:
+  sourcebot_data:
+    driver: local
+  sourcebot_postgres_data:
+    driver: local
+  sourcebot_redis_data:
+    driver: local

docs/.editorconfig

@@ -0,0 +1,59 @@
+[*]
+cpp_indent_braces=false
+cpp_indent_multi_line_relative_to=innermost_parenthesis
+cpp_indent_within_parentheses=indent
+cpp_indent_preserve_within_parentheses=false
+cpp_indent_case_labels=false
+cpp_indent_case_contents=true
+cpp_indent_case_contents_when_block=false
+cpp_indent_lambda_braces_when_parameter=true
+cpp_indent_goto_labels=one_left
+cpp_indent_preprocessor=leftmost_column
+cpp_indent_access_specifiers=false
+cpp_indent_namespace_contents=true
+cpp_indent_preserve_comments=false
+cpp_new_line_before_open_brace_namespace=ignore
+cpp_new_line_before_open_brace_type=ignore
+cpp_new_line_before_open_brace_function=ignore
+cpp_new_line_before_open_brace_block=ignore
+cpp_new_line_before_open_brace_lambda=ignore
+cpp_new_line_scope_braces_on_separate_lines=false
+cpp_new_line_close_brace_same_line_empty_type=false
+cpp_new_line_close_brace_same_line_empty_function=false
+cpp_new_line_before_catch=true
+cpp_new_line_before_else=true
+cpp_new_line_before_while_in_do_while=false
+cpp_space_before_function_open_parenthesis=remove
+cpp_space_within_parameter_list_parentheses=false
+cpp_space_between_empty_parameter_list_parentheses=false
+cpp_space_after_keywords_in_control_flow_statements=true
+cpp_space_within_control_flow_statement_parentheses=false
+cpp_space_before_lambda_open_parenthesis=false
+cpp_space_within_cast_parentheses=false
+cpp_space_after_cast_close_parenthesis=false
+cpp_space_within_expression_parentheses=false
+cpp_space_before_block_open_brace=true
+cpp_space_between_empty_braces=false
+cpp_space_before_initializer_list_open_brace=false
+cpp_space_within_initializer_list_braces=true
+cpp_space_preserve_in_initializer_list=true
+cpp_space_before_open_square_bracket=false
+cpp_space_within_square_brackets=false
+cpp_space_before_empty_square_brackets=false
+cpp_space_between_empty_square_brackets=false
+cpp_space_group_square_brackets=true
+cpp_space_within_lambda_brackets=false
+cpp_space_between_empty_lambda_brackets=false
+cpp_space_before_comma=false
+cpp_space_after_comma=true
+cpp_space_remove_around_member_operators=true
+cpp_space_before_inheritance_colon=true
+cpp_space_before_constructor_colon=true
+cpp_space_remove_before_semicolon=true
+cpp_space_after_semicolon=false
+cpp_space_remove_around_unary_operator=true
+cpp_space_around_binary_operator=insert
+cpp_space_around_assignment_operator=insert
+cpp_space_pointer_reference_alignment=left
+cpp_space_around_ternary_operator=insert
+cpp_wrap_preserve_blocks=one_liners

docs/README.md

@@ -0,0 +1,32 @@
+# Mintlify Starter Kit
+
+Click on `Use this template` to copy the Mintlify starter kit. The starter kit contains examples including
+
+- Guide pages
+- Navigation
+- Customizations
+- API Reference pages
+- Use of popular components
+
+### Development
+
+Install the [Mintlify CLI](https://www.npmjs.com/package/mintlify) to preview the documentation changes locally. To install, use the following command
+
+```
+npm i -g mintlify
+```
+
+Run the following command at the root of your documentation (where docs.json is)
+
+```
+mintlify dev
+```
+
+### Publishing Changes
+
+Install our Github App to auto propagate changes from your repo to your deployment. Changes will be deployed to production automatically after pushing to the default branch. Find the link to install on your dashboard. 
+
+#### Troubleshooting
+
+- Mintlify dev isn't running - Run `mintlify install` it'll re-install dependencies.
+- Page loads as a 404 - Make sure you are running in a folder with `docs.json`

docs/docs.json

@@ -0,0 +1,160 @@
+{
+    "$schema": "https://mintlify.com/docs.json",
+    "theme": "willow",
+    "name": "Sourcebot",
+    "colors": {
+        "primary": "#851EE7",
+        "light": "#FFFFFF",
+        "dark": "#851EE7"
+    },
+    "favicon": "/fav.svg",
+    "styling": {
+        "eyebrows": "section"
+    },
+    "navigation": {
+        "anchors": [
+            {
+                "anchor": "Docs",
+                "icon": "books",
+                "groups": [
+                    {
+                        "group": "Getting Started",
+                        "pages": [
+                            "docs/overview",
+                            {
+                                "group": "Deployment",
+                                "pages": [
+                                    "docs/deployment/docker-compose",
+                                    "docs/deployment/k8s"
+                                ]
+                            }
+                        ]
+                    },
+                    {
+                        "group": "Features",
+                        "pages": [
+                            {
+                                "group": "Code Search",
+                                "pages": [
+                                    "docs/features/search/overview",
+                                    "docs/features/search/syntax-reference",
+                                    "docs/features/search/multi-branch-indexing",
+                                    "docs/features/search/search-contexts"
+                                ]
+                            },
+                            {
+                                "group": "Ask Sourcebot",
+                                "pages": [
+                                    "docs/features/ask/overview",
+                                    "docs/features/ask/add-model-providers"
+                                ]
+                            },
+                            "docs/features/code-navigation",
+                            "docs/features/analytics",
+                            "docs/features/mcp-server",
+                            "docs/features/permission-syncing",
+                            {
+                                "group": "Agents",
+                                "tag": "experimental",
+                                "pages": [
+                                    "docs/features/agents/overview",
+                                    "docs/features/agents/review-agent"
+                                ]
+                            }
+                        ]
+                    },
+                    {
+                        "group": "Configuration",
+                        "pages": [
+                            "docs/configuration/config-file",
+                            {
+                                "group": "Indexing your code",
+                                "pages": [
+                                    "docs/connections/overview",
+                                    "docs/connections/github",
+                                    "docs/connections/gitlab",
+                                    "docs/connections/bitbucket-cloud",
+                                    "docs/connections/bitbucket-data-center",
+                                    "docs/connections/ado-cloud",
+                                    "docs/connections/ado-server",
+                                    "docs/connections/gitea",
+                                    "docs/connections/gerrit",
+                                    "docs/connections/generic-git-host",
+                                    "docs/connections/local-repos",
+                                    "docs/connections/request-new"
+                                ]
+                            },
+                            "docs/configuration/language-model-providers",
+                            "docs/configuration/idp",
+                            {
+                                "group": "Authentication",
+                                "pages": [
+                                    "docs/configuration/auth/overview",
+                                    "docs/configuration/auth/providers",
+                                    "docs/configuration/auth/access-settings",
+                                    "docs/configuration/auth/roles-and-permissions",
+                                    "docs/configuration/auth/faq"
+                                ]
+                            },
+                            "docs/configuration/environment-variables",
+                            "docs/license-key",
+                            "docs/configuration/transactional-emails",
+                            "docs/configuration/structured-logging",
+                            "docs/configuration/audit-logs"
+                        ]
+                    },
+                    {
+                        "group": "Upgrade",
+                        "pages": [
+                            "docs/upgrade/v3-to-v4-guide",
+                            "docs/upgrade/v2-to-v3-guide"
+                        ]
+                    }
+                ]
+            },
+            {
+                "anchor": "Changelog",
+                "href": "https://sourcebot.dev/changelog",
+                "icon": "list-check"
+            },
+            {
+                "anchor": "Roadmap",
+                "href": "https://github.com/sourcebot-dev/sourcebot/issues/459",
+                "icon": "map"
+            },
+            {
+                "anchor": "Support",
+                "href": "https://github.com/sourcebot-dev/sourcebot/issues/new?template=get_help.md",
+                "icon": "life-ring"
+            }
+        ]
+    },
+    "logo": {
+        "light": "/logo/light.png",
+        "dark": "/logo/dark.png"
+    },
+    "navbar": {
+        "primary": {
+            "type": "button",
+            "label": "GitHub",
+            "href": "https://github.com/sourcebot-dev/sourcebot"
+        }
+    },
+    "footer": {
+        "socials": {
+            "github": "https://github.com/sourcebot-dev/sourcebot",
+            "twitter": "https://x.com/sourcebot_dev",
+            "discord": "https://discord.gg/HDScTs3ptP",
+            "linkedin": "https://www.linkedin.com/company/sourcebot"
+        }
+    },
+    "integrations": {
+        "posthog": {
+            "apiKey": "phc_DBGufjG0rkj3OEhuTcZ04xfeZB6eDhO7dP8ZCnqH7K7"
+        }
+    },
+    "appearance": {
+        "default": "dark",
+        "strict": false
+    }
+}

docs/docs/configuration/audit-logs.mdx

@@ -0,0 +1,211 @@
+---
+title: Audit Logs
+sidebarTitle: Audit logs
+---
+
+import LicenseKeyRequired from '/snippets/license-key-required.mdx'
+
+<LicenseKeyRequired />
+
+Audit logs are a collection of notable events performed by users within a Sourcebot deployment. Each audit log records information on the action taken, the user who performed the 
+action, and when the action took place. 
+
+This feature gives security and compliance teams the necessary information to ensure proper governance and administration of your Sourcebot deployment.
+
+## Enabling/Disabling Audit Logs
+Audit logs are enabled by default and can be controlled with the `SOURCEBOT_EE_AUDIT_LOGGING_ENABLED` [environment variable](/docs/configuration/environment-variables).
+
+## Fetching Audit Logs
+Audit logs are stored in the [postgres database](/docs/overview#architecture) connected to Sourcebot. To fetch all of the audit logs, you can use the following API:
+
+```bash icon="terminal" Fetch audit logs
+curl --request GET '$SOURCEBOT_URL/api/ee/audit' \
+  --header 'X-Org-Domain: ~' \
+  --header 'X-Sourcebot-Api-Key: $SOURCEBOT_OWNER_API_KEY'
+```
+
+```json icon="brackets-curly" wrap expandable Fetch audit logs example response
+[
+  {
+    "id": "cmc146k7m0003xgo2tri5t4br",
+    "timestamp": "2025-06-17T22:48:08.914Z",
+    "action": "api_key.created",
+    "actorId": "cmc12tnje0000xgn58jj8655h",
+    "actorType": "user",
+    "targetId": "205d1da1c6c3772b81d4ad697f5851fa11195176c211055ff0c1509772645d6d",
+    "targetType": "api_key",
+    "sourcebotVersion": "unknown",
+    "orgId": 1
+  },
+  {
+    "id": "cmc146c8r0001xgo2xyu0p463",
+    "timestamp": "2025-06-17T22:47:58.587Z",
+    "action": "user.performed_code_search",
+    "actorId": "cmc12tnje0000xgn58jj8655h",
+    "actorType": "user",
+    "targetId": "1",
+    "targetType": "org",
+    "sourcebotVersion": "unknown",
+    "metadata": {
+      "message": "render branch:HEAD"
+    },
+    "orgId": 1
+  },
+  {
+    "id": "cmc12vqgb0008xgn5nv5hl9y5",
+    "timestamp": "2025-06-17T22:11:44.171Z",
+    "action": "user.performed_code_search",
+    "actorId": "cmc12tnje0000xgn58jj8655h",
+    "actorType": "user",
+    "targetId": "1",
+    "targetType": "org",
+    "sourcebotVersion": "unknown",
+    "metadata": {
+      "message": "render branch:HEAD"
+    },
+    "orgId": 1
+  },
+  {
+    "id": "cmc12txwn0006xgn51ow1odid",
+    "timestamp": "2025-06-17T22:10:20.519Z",
+    "action": "user.performed_code_search",
+    "actorId": "cmc12tnje0000xgn58jj8655h",
+    "actorType": "user",
+    "targetId": "1",
+    "targetType": "org",
+    "sourcebotVersion": "unknown",
+    "metadata": {
+      "message": "render branch:HEAD"
+    },
+    "orgId": 1
+  },
+  {
+    "id": "cmc12tnjx0004xgn5qqeiv1ao",
+    "timestamp": "2025-06-17T22:10:07.101Z",
+    "action": "user.owner_created",
+    "actorId": "cmc12tnje0000xgn58jj8655h",
+    "actorType": "user",
+    "targetId": "1",
+    "targetType": "org",
+    "sourcebotVersion": "unknown",
+    "metadata": null,
+    "orgId": 1
+  },
+  {
+    "id": "cmc12tnjh0002xgn5h6vzu3rl",
+    "timestamp": "2025-06-17T22:10:07.086Z",
+    "action": "user.signed_in",
+    "actorId": "cmc12tnje0000xgn58jj8655h",
+    "actorType": "user",
+    "targetId": "cmc12tnje0000xgn58jj8655h",
+    "targetType": "user",
+    "sourcebotVersion": "unknown",
+    "metadata": null,
+    "orgId": 1
+  }
+]
+```
+
+## Audit action types
+
+| Action  | Actor Type | Target Type |
+| :------- | :------ | :------|
+| `api_key.creation_failed`             | `user` | `org` |
+| `api_key.created`                     | `user` | `api_key` |
+| `api_key.deletion_failed`             | `user` | `org` |
+| `api_key.deleted`                     | `user` | `api_key` |
+| `user.creation_failed`                | `user` | `user` |
+| `user.owner_created`                  | `user` | `org` |
+| `user.performed_code_search`              | `user` | `org` |
+| `user.performed_find_references` | `user` | `org` |
+| `user.performed_goto_definition` | `user` | `org` |
+| `user.jit_provisioning_failed`        | `user` | `org` |
+| `user.jit_provisioned`                | `user` | `org` |
+| `user.join_request_creation_failed`   | `user` | `org` |
+| `user.join_requested`                 | `user` | `org` |
+| `user.join_request_approve_failed`    | `user` | `account_join_request` |
+| `user.join_request_approved`          | `user` | `account_join_request` |
+| `user.invite_failed`                  | `user` | `org` |
+| `user.invites_created`                | `user` | `org` |
+| `user.invite_accept_failed`           | `user` | `invite` |
+| `user.invite_accepted`                | `user` | `invite` |
+| `user.signed_in`                      | `user` | `user` |
+| `user.signed_out`                     | `user` | `user` |
+| `org.ownership_transfer_failed`       | `user` | `org` |
+| `org.ownership_transferred`           | `user` | `org` |
+
+
+## Response schema
+
+```json icon="brackets-curly" expandable wrap Audit log fetch response schema
+{
+  "$schema": "http://json-schema.org/draft-07/schema#",
+  "title": "FetchAuditLogsResponse",
+  "type": "array",
+  "items": {
+    "type": "object",
+    "required": [
+      "id",
+      "timestamp",
+      "action",
+      "actorId",
+      "actorType",
+      "targetId",
+      "targetType",
+      "sourcebotVersion",
+      "metadata",
+      "orgId"
+    ],
+    "properties": {
+      "id": {
+        "type": "string"
+      },
+      "timestamp": {
+        "type": "string",
+        "format": "date-time"
+      },
+      "action": {
+        "type": "string"
+      },
+      "actorId": {
+        "type": "string"
+      },
+      "actorType": {
+        "type": "string",
+        "enum": ["user", "api_key"]
+      },
+      "targetId": {
+        "type": "string"
+      },
+      "targetType": {
+        "type": "string",
+        "enum": ["user", "org", "file", "api_key", "account_join_request", "invite"]
+      },
+      "sourcebotVersion": {
+        "type": "string"
+      },
+      "metadata": {
+        "anyOf": [
+          {
+            "type": "object",
+            "properties": {
+              "message": { "type": "string" },
+              "api_key": { "type": "string" },
+              "emails": { "type": "string" }
+            },
+            "additionalProperties": false
+          },
+          {
+            "type": "null"
+          }
+        ]
+      },
+      "orgId": {
+        "type": "integer"
+      }
+    },
+    "additionalProperties": false
+  }
+}
+
+```

docs/docs/configuration/auth/access-settings.mdx

@@ -0,0 +1,40 @@
+---
+title: Access Settings
+sidebarTitle: Access settings
+---
+
+There are various settings to control how users access your Sourcebot deployment.
+
+# Anonymous access
+
+<Note>Anonymous access cannot be enabled if you have an enterprise license. If you have any questions about this restriction [reach out to us](https://www.sourcebot.dev/contact).</Note>
+
+By default, your Sourcebot deployment is gated with a login page. If you'd like users to access the deployment anonymously, you can enable anonymous access. 
+
+This can be enabled by navigating to **Settings -> Access** or by setting the `FORCE_ENABLE_ANONYMOUS_ACCESS` environment variable.
+
+When accessing Sourcebot anonymously, a user's permissions are limited to that of the  [Guest](/docs/configuration/auth/roles-and-permissions) role.
+
+# Member Approval 
+
+By default, Sourcebot requires new members to be approved by the owner of the deployment. This section explains how approvals work and how
+to configure this behavior.
+
+### Configuration
+Member approval can be configured by the owner of the deployment by navigating to **Settings -> Members**:
+
+![Member Approval Toggle](/images/member_approval_toggle.png)
+
+### Managing Requests
+
+If member approval is enabled, new members will be asked to submit a join request after signing up. They will not have access to the Sourcebot deployment
+until this request is approved by the owner.
+
+The owner can see and manage all pending join requests by navigating to **Settings -> Members**.
+
+## Invite link
+
+If member approval is required, an owner of the deployment can enable an invite link. When enabled, users
+can use this invite link to register and be automatically added to the organization without approval:
+
+![Invite Link Toggle](/images/invite_link_toggle.png)

docs/docs/configuration/auth/faq.mdx

@@ -0,0 +1,44 @@
+---
+title: FAQ
+---
+
+This page covers a range of frequently asked questions about Sourcebot's built-in authentication system.
+
+<AccordionGroup>
+<Accordion title="Can I disable the authentication system?">
+    No, at this time it's not possible to disable the authentication system. If this is preventing you from deploying Sourcebot
+    within your organization please [reach out](https://www.sourcebot.dev/contact)
+</Accordion>
+
+<Accordion title="I don't want to restrict access to my Sourcebot deployment, what should I do?">
+    Every user must register an account within your Sourcebot deployment. However, this dosn't mean their access
+    is restricted.
+
+    Unless member approval is required, anyone can sign up for an account on your deployment and immediately be granted access.
+</Accordion>
+
+<Accordion title="Does any data related to authentication (emails, passwords, etc) leave my deployment?">
+    **No data related to authentication (or your code) leaves your deployment**. Authentication is handled
+    purely by your deployment and the authentication providers you configure. 
+
+    This data does not leave your device and is stored within in the database managed by your deployment. If you're
+    using credential login, passwords are encrypted at rest and in transit.
+</Accordion>
+
+<Accordion title="I'm deploying Sourcebot behind an identity proxy, do I still need to create an account in Sourcebot?">
+    <Note>Please note that IAP bridges are an enterprise feature</Note>
+    Sourcebot supports connecting your identity proxy directly into the built-in auth system using an IAP bridge. This allows Sourcebot to
+    register and authenticate automatically on a successful identity proxy log in.
+
+    Sourcebot currently supports [GCP IAP](/docs/configuration/auth/providers#gcp-iap). If you're using a different IAP
+    and require support, please [reach out](https://www.sourcebot.dev/contact)
+</Accordion>
+
+<Accordion title="How does Sourcebot implement authentication?">
+    Sourcebot uses [Auth.js](https://authjs.dev/) as its underlying authentication framework. Auth.js provides authentication providers
+    (credientials, Google, GitHub, etc) and an interface to enable user registration and log in. Internally, Auth.js uses JWT to provide
+    Sourcebot secure and reliable information about user authentication.
+</Accordion>
+</AccordionGroup>
+
+Have a question that's not answered here? Submit an issue on [GitHub](https://github.com/sourcebot-dev/sourcebot/issues/new/choose) and we'll get back to you as soon as we can.

docs/docs/configuration/auth/overview.mdx

@@ -0,0 +1,28 @@
+---
+title: Overview
+---
+
+<Warning>If you're deploying Sourcebot behind a domain, you must set the [AUTH_URL](/docs/configuration/environment-variables) environment variable.</Warning>
+
+Sourcebot's built-in authentication system gates your deployment, and allows administrators to manage users and their permissions. 
+
+<CardGroup cols={2}>
+    <Card horizontal title="Authentication providers" icon="lock" href="/docs/configuration/auth/providers">
+        Configure additional authentication providers for your deployment.
+    </Card>
+    <Card horizontal title="Access settings" icon="user" href="/docs/configuration/auth/access-settings">
+        Learn how to configure how members join your deployment.
+    </Card>
+    <Card horizontal title="Roles and permissions" icon="shield" href="/docs/configuration/auth/roles-and-permissions">
+        Learn more about the different roles and permissions in Sourcebot.
+    </Card>
+    <Card horizontal title="FAQ" icon="question" href="/docs/configuration/auth/faq">
+        Have a question about Sourcebot's auth system? We might have the answers here.
+    </Card>
+</CardGroup>
+
+
+# Troubleshooting
+
+- If you experience issues logging in, logging out, or accessing an organization you should have access to, try clearing your cookies & performing a full page refresh (`Cmd/Ctrl + Shift + R` on most browsers).
+- Still not working? Reach out to us on our [discord](https://discord.gg/HDScTs3ptP) or [GitHub](https://github.com/sourcebot-dev/sourcebot/issues/new/choose)

docs/docs/configuration/auth/providers.mdx

@@ -0,0 +1,30 @@
+---
+title: Providers
+---
+
+Sourcebot supports a wide range of different authentication providers through it's integration with [Auth.js](https://authjs.dev/). This page
+highlights how to configure the various supported providers.
+
+If theres an authentication provider you'd like us to support, please [reach out](https://www.sourcebot.dev/contact).
+
+# Core Authentication Providers
+
+### Email / Password
+---
+Email / password authentication is enabled by default. It can be **disabled** by setting `AUTH_CREDENTIALS_LOGIN_ENABLED` to `false`.
+
+### Email codes
+---
+Email codes are 6 digit codes sent to a provided email. Email codes are enabled when transactional emails are configured using the following environment variables:
+
+- `AUTH_EMAIL_CODE_LOGIN_ENABLED`
+- `SMTP_CONNECTION_URL`
+- `EMAIL_FROM_ADDRESS`
+
+
+See [transactional emails](/docs/configuration/transactional-emails) for more details.
+
+# Enterprise Authentication Providers
+
+Sourcebot supports authentication using several different [external identity providers](/docs/configuration/idp) as well. These identity providers require an
+[enterprise license](/docs/license-key)

docs/docs/configuration/auth/roles-and-permissions.mdx

@@ -0,0 +1,14 @@
+---
+title: Roles and Permissions
+sidebarTitle: Roles and permissions
+---
+
+<Note>Looking to sync permissions with your identify provider? We're working on it - [reach out](https://www.sourcebot.dev/contact) to us to learn more</Note>
+
+Each member has a role which defines their permissions within an organization:
+
+| Role | Permission |
+| :--- | :--------- |
+| `Owner` | Each organization has a single `Owner`. This user has full access rights, including: connection management, organization management, and inviting new members. |
+| `Member` | Read-only access to the organization. A `Member` can search across the repos indexed by an organization's connections, as well as view the organizations configuration and member list. However, they cannot modify this configuration or invite new members. |
+| `Guest` | When accessing Sourcebot [anonymously](/docs/configuration/auth/access-settings#anonymous-access), a user has the `Guest` role. `Guest`'s can search across repos indexed by an organization's connections, but cannot view any information regarding the organizations configuration or members. |

docs/docs/configuration/config-file.mdx

@@ -0,0 +1,154 @@
+---
+title: Config File
+sidebarTitle: Config file
+---
+
+import ConfigSchema from '/snippets/schemas/v3/index.schema.mdx'
+import EnvironmentOverridesSchema from '/snippets/schemas/v3/environmentOverrides.schema.mdx'
+
+When self-hosting Sourcebot, you **must** provide it a config file. This is done by defining a config file in a volume that's mounted to Sourcebot, and providing the path to this
+file in the `CONFIG_PATH` environment variable. For example:
+
+```bash icon="terminal" Passing in a CONFIG_PATH to Sourcebot
+docker run \
+    -v $(pwd)/config.json:/data/config.json \
+    -e CONFIG_PATH=/data/config.json \
+    ... \ # other options
+    ghcr.io/sourcebot-dev/sourcebot:latest
+```
+
+The config file tells Sourcebot which repos to index, what language models to use, and various other settings as defined in the [schema](#config-file-schema).
+
+# Config File Schema
+
+The config file you provide Sourcebot must follow the [schema](https://github.com/sourcebot-dev/sourcebot/blob/main/schemas/v3/index.json). This schema consists of the following properties:
+
+- [Connections](/docs/connections/overview) (`connections`): Defines a set of connections that tell Sourcebot which repos to index and from where
+- [Language Models](/docs/configuration/language-model-providers) (`models`): Defines a set of language model providers for use with [Ask Sourcebot](/docs/features/ask)
+- [Settings](#settings) (`settings`): Additional settings to tweak your Sourcebot deployment
+- [Search Contexts](/docs/features/search/search-contexts) (`contexts`): Groupings of repos that you can search against
+
+# Config File Syncing
+
+Sourcebot syncs the config file on startup, and automatically whenever a change is detected.
+
+# Settings
+
+The following are settings that can be provided in your config file to modify Sourcebot's behavior
+
+| Setting                                         | Type    | Default    | Minimum | Description / Notes                                                                    |
+|-------------------------------------------------|---------|------------|---------|----------------------------------------------------------------------------------------|
+| `maxFileSize`                                   | number  | 2 MB       | 1       | Maximum size (bytes) of a file to index. Files exceeding this are skipped.             |
+| `maxTrigramCount`                               | number  | 20 000     | 1       | Maximum trigrams per document. Larger files are skipped.                               |
+| `reindexIntervalMs`                             | number  | 1 hour     | 1       | Interval at which all repositories are re‑indexed.                                     |
+| `resyncConnectionIntervalMs`                    | number  | 24 hours   | 1       | Interval for checking connections that need re‑syncing.                                |
+| `resyncConnectionPollingIntervalMs`             | number  | 1 second   | 1       | DB polling rate for connections that need re‑syncing.                                  |
+| `reindexRepoPollingIntervalMs`                  | number  | 1 second   | 1       | DB polling rate for repos that should be re‑indexed.                                   |
+| `maxConnectionSyncJobConcurrency`               | number  | 8          | 1       | Concurrent connection‑sync jobs.                                                       |
+| `maxRepoIndexingJobConcurrency`                 | number  | 8          | 1       | Concurrent repo‑indexing jobs.                                                         |
+| `maxRepoGarbageCollectionJobConcurrency`        | number  | 8          | 1       | Concurrent repo‑garbage‑collection jobs.                                               |
+| `repoGarbageCollectionGracePeriodMs`            | number  | 10 seconds | 1       | Grace period to avoid deleting shards while loading.                                   |
+| `repoIndexTimeoutMs`                            | number  | 2 hours    | 1       | Timeout for a single repo‑indexing run.                                                |
+| `enablePublicAccess` **(deprecated)**           | boolean | false      | —       | Use the `FORCE_ENABLE_ANONYMOUS_ACCESS` environment variable instead.                  |
+| `experiment_repoDrivenPermissionSyncIntervalMs` | number  | 24 hours   | 1       | Interval at which the repo permission syncer should run.                               |
+| `experiment_userDrivenPermissionSyncIntervalMs` | number  | 24 hours   | 1       | Interval at which the user permission syncer should run.                               |
+
+# Tokens
+
+Tokens are used to securely pass secrets to Sourcebot in a config file. They are used in various places, including connections, language model providers, auth providers, etc. Tokens can be passed as either environment variables or Google Cloud secrets:
+
+<AccordionGroup>
+  <Accordion title="Environment Variables">
+    ```json
+    {
+        "token": {
+            "env": "TOKEN_NAME"
+        }
+    }
+    ```
+  </Accordion>
+  <Accordion title="Google Cloud Secrets">
+    ```json
+    {
+        "token": {
+            "googleCloudSecret": "projects/<project-id>/secrets/<secret-name>/versions/<version-id>"
+        }
+    }
+    ```
+  </Accordion>
+</AccordionGroup>
+
+# Overriding environment variables from the config
+
+You can override / set environment variables from the config file by using the `environmentOverrides` property. Overrides can be of type `string`, `number`, `boolean`, or a [token](/docs/configuration/config-file#tokens). Tokens are useful when you want to configure a environment variable using a Google Cloud Secret or other supported secret management service.
+
+<AccordionGroup>
+    <Accordion title="Token">
+    ```jsonc
+    {
+        "environmentOverrides": {
+            "DATABASE_URL": {
+                "type": "token",
+                "value": {
+                    "googleCloudSecret": "projects/<id>/secrets/postgres-connection-string/versions/latest"
+                }
+            },
+            "REDIS_URL": {
+                "type": "token",
+                "value": {
+                    "googleCloudSecret": "projects/<id>/secrets/redis-connection-string/versions/latest"
+                }
+            }
+        },
+    }
+    ```
+    </Accordion>
+
+    <Accordion title="String">
+    ```jsonc
+    {
+        "environmentOverrides": {
+            "EMAIL_FROM_ADDRESS": {
+                "type": "string",
+                "value": "hello@sourcebot.dev"
+            }
+        }
+    }
+    ```
+    </Accordion>
+
+    <Accordion title="Number">
+    ```jsonc
+    {
+        "environmentOverrides": {
+            "SOURCEBOT_CHAT_MODEL_TEMPERATURE": {
+                "type": "number",
+                "value": 0.5
+            }
+        }
+    }
+    ```
+    </Accordion>
+    
+    <Accordion title="Boolean">
+    ```jsonc
+    {
+        "environmentOverrides": {
+            "SOURCEBOT_TELEMETRY_DISABLED": {
+                "type": "boolean",
+                "value": false
+            }
+        }
+    }
+    ```
+    </Accordion>
+</AccordionGroup>
+
+
+**Note:** Overrides are **not** set as system environment variables, and instead are resolved at runtime on startup and stored in memory.
+
+<Accordion title="Schema reference">
+[schemas/v3/environmentOverrides.json](https://github.com/sourcebot-dev/sourcebot/blob/main/schemas/v3/environmentOverrides.json)
+
+<EnvironmentOverridesSchema />
+</Accordion>

docs/docs/configuration/declarative-config.mdx

@@ -0,0 +1,37 @@
+---
+title: Configuring Sourcebot from a file (declarative config)
+sidebarTitle: Declarative config
+---
+
+import ConfigSchema from '/snippets/schemas/v3/index.schema.mdx'
+
+Some teams require Sourcebot to be configured via a file (where it can be stored in version control, run through CI/CD pipelines, etc.) instead of a web UI. For more information on configuring connections, see this [overview](/docs/connections/overview).
+
+
+| Variable | Description |
+| :------- | :---------- |
+| `CONFIG_PATH` | Path to declarative config. |
+
+
+```json
+{
+    "$schema": "https://raw.githubusercontent.com/sourcebot-dev/sourcebot/refs/heads/main/schemas/v3/index.json",
+    "connections": {
+        "connection-1": {
+            "type": "github",
+            "repos": [
+                "sourcebot-dev/sourcebot"
+            ]
+        }
+    }
+}
+```
+
+## Schema reference
+
+<Accordion title="Reference">
+[schemas/v3/index.json](https://github.com/sourcebot-dev/sourcebot/blob/main/schemas/v3/index.json)
+
+<ConfigSchema />
+
+</Accordion>

docs/docs/configuration/environment-variables.mdx

@@ -0,0 +1,77 @@
+---
+title: Environment variables 
+sidebarTitle: Environment variables 
+---
+
+<Note>This page provides a detailed reference of all environment variables supported by Sourcebot. If you're just looking to get up and running, we recommend starting with the [deployment guides](/docs/deployment/docker-compose) instead.</Note>
+
+### Core Environment Variables
+The following environment variables allow you to configure your Sourcebot deployment.
+
+| Variable | Default | Description |
+| :------- | :------ | :---------- |
+| `AUTH_CREDENTIALS_LOGIN_ENABLED` | `true` | <p>Enables/disables authentication with basic credentials. Username and passwords are stored encrypted at rest within the postgres database. Checkout the [auth docs](/docs/configuration/auth/overview) for more info</p> |
+| `AUTH_EMAIL_CODE_LOGIN_ENABLED` | `false` | <p>Enables/disables authentication with a login code that's sent to a users email. `SMTP_CONNECTION_URL` and `EMAIL_FROM_ADDRESS` must also be set. Checkout the [auth docs](/docs/configuration/auth/overview) for more info </p> |
+| `AUTH_SECRET` | Automatically generated at startup if no value is provided. Generated using `openssl rand -base64 33` | <p>Used to validate login session cookies</p> |
+| `AUTH_URL` | - | <p>URL of your Sourcebot deployment, e.g., `https://example.com` or `http://localhost:3000`.</p> |
+| `CONFIG_PATH` | `-` | <p>The container relative path to the declerative configuration file. See [this doc](/docs/configuration/declarative-config) for more info.</p> | 
+| `DATA_CACHE_DIR` | `$DATA_DIR/.sourcebot` | <p>The root data directory in which all data written to disk by Sourcebot will be located.</p> |
+| `DATA_DIR` | `/data` | <p>The directory within the container to store all persistent data. Typically, this directory will be volume mapped such that data is persisted across container restarts (e.g., `docker run -v $(pwd):/data`)</p> |
+| `DATABASE_DATA_DIR` | `$DATA_CACHE_DIR/db` | <p>The data directory for the default Postgres database.</p> |
+| `DATABASE_URL` | `postgresql://postgres@ localhost:5432/sourcebot` | <p>Connection string of your Postgres database. By default, a Postgres database is automatically provisioned at startup within the container.</p><p>If you'd like to use a non-default schema, you can provide it as a parameter in the database url.</p><p>You can also use `DATABASE_HOST`, `DATABASE_USERNAME`, `DATABASE_PASSWORD`, `DATABASE_NAME`, and `DATABASE_ARGS` to construct the database url.</p> |
+| `EMAIL_FROM_ADDRESS` | `-` | <p>The email address that transactional emails will be sent from. See [this doc](/docs/configuration/transactional-emails) for more info.</p> | 
+| `FORCE_ENABLE_ANONYMOUS_ACCESS` | `false` | <p>When enabled, [anonymous access](/docs/configuration/auth/access-settings#anonymous-access) to the organization will always be enabled</p>
+| `REDIS_DATA_DIR` | `$DATA_CACHE_DIR/redis` | <p>The data directory for the default Redis instance.</p> |
+| `REDIS_URL` | `redis://localhost:6379` | <p>Connection string of your Redis instance. By default, a Redis database is automatically provisioned at startup within the container.</p> |
+| `REDIS_REMOVE_ON_COMPLETE` | `0` | <p>Controls how many completed jobs are allowed to remain in Redis queues</p> |
+| `REDIS_REMOVE_ON_FAIL` | `100` | <p>Controls how many failed jobs are allowed to remain in Redis queues</p> |
+| `REPO_SYNC_RETRY_BASE_SLEEP_SECONDS` | `60` | <p>The base sleep duration (in seconds) for exponential backoff when retrying repository sync operations that fail</p> |
+| `GITLAB_CLIENT_QUERY_TIMEOUT_SECONDS` | `600` | <p>The timeout duration (in seconds) for GitLab client queries</p> |
+| `SMTP_CONNECTION_URL` | `-` | <p>The url to the SMTP service used for sending transactional emails. See [this doc](/docs/configuration/transactional-emails) for more info.</p> |
+| `SOURCEBOT_ENCRYPTION_KEY` | Automatically generated at startup if no value is provided. Generated using `openssl rand -base64 24` | <p>Used to encrypt connection secrets and generate API keys.</p> |
+| `SOURCEBOT_PUBLIC_KEY_PATH` | `/app/public.pem` | <p>Sourcebot's public key that's used to verify encrypted license key signatures.</p> |
+| `SOURCEBOT_LOG_LEVEL` | `info` | <p>The Sourcebot logging level. Valid values are `debug`, `info`, `warn`, `error`, in order of severity.</p> |
+| `SOURCEBOT_STRUCTURED_LOGGING_ENABLED` | `false` | <p>Enables/disable structured JSON logging. See [this doc](/docs/configuration/structured-logging) for more info.</p> |
+| `SOURCEBOT_STRUCTURED_LOGGING_FILE` | - | <p>Optional file to log to if structured logging is enabled</p> | 
+| `SOURCEBOT_TELEMETRY_DISABLED` | `false` | <p>Enables/disables telemetry collection in Sourcebot. See [this doc](/docs/overview.mdx#telemetry) for more info.</p> |
+| `DEFAULT_MAX_MATCH_COUNT` | `10000` | <p>The default maximum number of search results to return when using search in the web app.</p> |
+| `ALWAYS_INDEX_FILE_PATTERNS` | - | <p>A comma separated list of glob patterns matching file paths that should always be indexed, regardless of size or number of trigrams.</p> |
+
+### Enterprise Environment Variables
+| Variable | Default | Description |
+| :------- | :------ | :---------- |
+| `SOURCEBOT_EE_AUDIT_LOGGING_ENABLED` | `true` | <p>Enables/disables audit logging</p> |
+| `AUTH_EE_GITHUB_BASE_URL` | `https://github.com` | <p>The base URL for GitHub Enterprise SSO authentication.</p> |
+| `AUTH_EE_GITHUB_CLIENT_ID` | `-` | <p>The client ID for GitHub Enterprise SSO authentication.</p> |
+| `AUTH_EE_GITHUB_CLIENT_SECRET` | `-` | <p>The client secret for GitHub Enterprise SSO authentication.</p> |
+| `AUTH_EE_GITLAB_BASE_URL` | `https://gitlab.com` | <p>The base URL for GitLab Enterprise SSO authentication.</p> |
+| `AUTH_EE_GITLAB_CLIENT_ID` | `-` | <p>The client ID for GitLab Enterprise SSO authentication.</p> |
+| `AUTH_EE_GITLAB_CLIENT_SECRET` | `-` | <p>The client secret for GitLab Enterprise SSO authentication.</p> |
+| `AUTH_EE_GOOGLE_CLIENT_ID` | `-` | <p>The client ID for Google SSO authentication.</p> |
+| `AUTH_EE_GOOGLE_CLIENT_SECRET` | `-` | <p>The client secret for Google SSO authentication.</p> |
+| `AUTH_EE_KEYCLOAK_CLIENT_ID` | `-` | <p>The client ID for Keycloak SSO authentication.</p> |
+| `AUTH_EE_KEYCLOAK_CLIENT_SECRET` | `-` | <p>The client secret for Keycloak SSO authentication.</p> |
+| `AUTH_EE_KEYCLOAK_ISSUER` | `-` | <p>The issuer URL for Keycloak SSO authentication.</p> |
+| `AUTH_EE_OKTA_CLIENT_ID` | `-` | <p>The client ID for Okta SSO authentication.</p> |
+| `AUTH_EE_OKTA_CLIENT_SECRET` | `-` | <p>The client secret for Okta SSO authentication.</p> |
+| `AUTH_EE_OKTA_ISSUER` | `-` | <p>The issuer URL for Okta SSO authentication.</p> |
+| `AUTH_EE_GCP_IAP_ENABLED` | `false` | <p>When enabled, allows Sourcebot to automatically register/login from a successful GCP IAP redirect</p> |
+| `AUTH_EE_GCP_IAP_AUDIENCE` | - | <p>The GCP IAP audience to use when verifying JWT tokens. Must be set to enable GCP IAP JIT provisioning</p> | 
+| `EXPERIMENT_EE_PERMISSION_SYNC_ENABLED` | `false` | <p>Enables [permission syncing](/docs/features/permission-syncing).</p> |
+
+
+### Review Agent Environment Variables
+| Variable | Default | Description |
+| :------- | :------ | :---------- |
+| `GITHUB_REVIEW_AGENT_APP_ID` | `-` | <p>The GitHub App ID used for review agent authentication.</p> |
+| `GITHUB_REVIEW_AGENT_APP_PRIVATE_KEY_PATH` | `-` | <p>The container relative path to the private key file for the GitHub App used by the review agent.</p> |
+| `GITHUB_REVIEW_AGENT_APP_WEBHOOK_SECRET` | `-` | <p>The webhook secret for the GitHub App used by the review agent.</p> |
+| `OPENAI_API_KEY` | `-` | <p>The OpenAI API key used by the review agent.</p> |
+| `REVIEW_AGENT_API_KEY` | `-` | <p>The Sourcebot API key used by the review agent.</p> |
+| `REVIEW_AGENT_AUTO_REVIEW_ENABLED` | `false` | <p>Enables/disables automatic code reviews by the review agent.</p> |
+| `REVIEW_AGENT_LOGGING_ENABLED` | `true` | <p>Enables/disables logging for the review agent. Logs are saved in `DATA_CACHE_DIR/review-agent`</p> |
+| `REVIEW_AGENT_REVIEW_COMMAND` | `review` | <p>The command used to trigger a code review by the review agent.</p> |
+
+### Overriding environment variables from the config
+
+You can override environment variables from the config file by using the `environmentOverrides` property. See [this doc](/docs/configuration/config-file#overriding-environment-variables-from-the-config) for more info.

docs/docs/configuration/idp.mdx

@@ -0,0 +1,418 @@
+---
+title: External Identity Providers
+sidebarTitle: External identity providers
+---
+
+import LicenseKeyRequired from '/snippets/license-key-required.mdx'
+
+<LicenseKeyRequired />
+
+You can connect Sourcebot to various **external identity providers** to associate a Sourcebot user with one or more external service accounts (ex. Google, GitHub, etc).
+
+External identity providers can be used for [authentication](/docs/configuration/auth) and/or [permission syncing](/docs/features/permission-syncing). They're defined in the
+[config file](/docs/configuration/config-file) in the top-level `identityProviders` object:
+
+```json wrap icon="code" Example config with both google and github identity providers defined
+{
+    "$schema": "https://raw.githubusercontent.com/sourcebot-dev/sourcebot/main/schemas/v3/index.json",
+    "identityProviders": [
+        {
+            "provider": "github",
+            "purpose": "account_linking",
+            "accountLinkingRequired": true,
+            "clientId": {
+                "env": "GITHUB_IDENTITY_PROVIDER_CLIENT_ID"
+            },
+            "clientSecret": {
+                "env": "GITHUB_IDENTITY_PROVIDER_CLIENT_SECRET"
+            }
+        },
+        {
+            "provider": "google",
+            "clientId": {
+                "env": "GOOGLE_IDENTITY_PROVIDER_CLIENT_ID"
+            },
+            "clientSecret": {
+                "env": "GOOGLE_IDENTITY_PROVIDER_CLIENT_SECRET"
+            }
+        }
+    ]
+}
+```
+
+Secret values (such as `clientId` and `clientSecret`) can be provided as environment variables or Google Cloud secrets via [tokens](/docs/configuration/config-file#tokens).
+
+# Supported External Identity Providers
+
+Sourcebot uses [Auth.js](https://authjs.dev/) to connect to external identity providers. If there's a provider supported by Auth.js that you don't see below, please submit a
+[feature request](https://github.com/sourcebot-dev/sourcebot/issues) to have it added.
+
+### GitHub
+
+[Auth.js GitHub Provider Docs](https://authjs.dev/getting-started/providers/github)
+
+A GitHub connection can be used for either [authentication](/docs/configuration/auth) or [permission syncing](/docs/features/permission-syncing). This is controlled using the `purpose` field
+in the GitHub identity provider config.
+
+<Accordion title="instructions">
+<Steps>
+    <Step title="Register an Oauth Client">
+        To begin, you must register an Oauth client in GitHub to faciliate the identity provider connection. You can do this by creating a **GitHub App** or a **GitHub OAuth App**. Either
+        one works, but the **GitHub App** is the [recommended mechanism](https://docs.github.com/en/apps/oauth-apps/building-oauth-apps/differences-between-github-apps-and-oauth-apps).
+
+
+        The result of registering an OAuth client is a `CLIENT_ID` and `CLIENT_SECRET` which you'll provide to Sourcebot.
+    <Tabs>
+        <Tab title="GitHub App">
+            <Note>You don't need to install the app to use it as an external identity provider</Note>
+            Follow [this guide](https://docs.github.com/en/apps/creating-github-apps/registering-a-github-app/registering-a-github-app) to register a new GitHub App.
+
+            When asked to provide a callback url, provide `<sourcebot_url>/api/auth/callback/github` (ex. https://sourcebot.coolcorp.com/api/auth/callback/github)
+
+            Set the following fine-grained permissions in the GitHub App:
+                - `“Email addresses” account permissions (read)`
+                - `"Metadata" repository permissions (read)` (only needed if using permission syncing)
+        </Tab>
+        <Tab title="GitHub OAuth App">
+            Follow [this guide](https://docs.github.com/en/apps/oauth-apps/building-oauth-apps/creating-an-oauth-app) by GitHub to create an OAuth App. 
+            
+            When asked to provide a callback url, provide `<sourcebot_url>/api/auth/callback/github` (ex. https://sourcebot.coolcorp.com/api/auth/callback/github)
+        </Tab>
+        </Tabs>
+    </Step>
+    <Step title="Define environemnt variables">
+        To provide Sourcebot the client id and secret for your OAuth client you must set them as environment variables. These can be named whatever you like
+        (ex. `GITHUB_IDENTITY_PROVIDER_CLIENT_ID` and `GITHUB_IDENTITY_PROVIDER_CLIENT_SECRET`) 
+    </Step>
+    <Step title="Define the identity provider config">
+        Finally, pass the client id and secret to Sourcebot by defining a `identityProvider` object in the [config file](/docs/configuration/config-file):
+
+       ```json wrap icon="code"
+        {
+            "$schema": "https://raw.githubusercontent.com/sourcebot-dev/sourcebot/main/schemas/v3/index.json",
+            "identityProviders": [
+                {
+                    "provider": "github",
+                    // "sso" for auth + perm sync, "account_linking" for only perm sync
+                    "purpose": "account_linking",
+                    // if purpose == "account_linking" this controls if a user must connect to the IdP
+                    "accountLinkingRequired": true,
+                    "clientId": {
+                        "env": "YOUR_CLIENT_ID_ENV_VAR"
+                    },
+                    "clientSecret": {
+                        "env": "YOUR_CLIENT_SECRET_ENV_VAR"
+                    }
+                }
+            ]
+        }
+        ```
+    </Step>
+</Steps>
+</Accordion>
+
+### GitLab
+
+[Auth.js GitLab Provider Docs](https://authjs.dev/getting-started/providers/gitlab)
+
+A GitLab connection can be used for either [authentication](/docs/configuration/auth) or [permission syncing](/docs/features/permission-syncing). This is controlled using the `purpose` field
+in the GitLab identity provider config.
+
+<Accordion title="instructions">
+<Steps>
+    <Step title="Register an OAuth Application">
+        To begin, you must register an OAuth application in GitLab to facilitate the identity provider connection.
+
+        Follow [this guide](https://docs.gitlab.com/integration/oauth_provider/) by GitLab to create an OAuth application.
+
+        When configuring your application:
+        - Set the callback URL to `<sourcebot_url>/api/auth/callback/gitlab` (ex. https://sourcebot.coolcorp.com/api/auth/callback/gitlab)
+        - Enable the `read_user` scope
+        - If using for permission syncing, also enable the `read_api` scope
+
+        The result of registering an OAuth application is an `APPLICATION_ID` (`CLIENT_ID`) and `SECRET` (`CLIENT_SECRET`) which you'll provide to Sourcebot.
+    </Step>
+    <Step title="Define environment variables">
+        To provide Sourcebot the client id and secret for your OAuth application you must set them as environment variables. These can be named whatever you like
+        (ex. `GITLAB_IDENTITY_PROVIDER_CLIENT_ID` and `GITLAB_IDENTITY_PROVIDER_CLIENT_SECRET`)
+    </Step>
+    <Step title="Define the identity provider config">
+        Finally, pass the client id and secret to Sourcebot by defining a `identityProvider` object in the [config file](/docs/configuration/config-file):
+
+       ```json wrap icon="code"
+        {
+            "$schema": "https://raw.githubusercontent.com/sourcebot-dev/sourcebot/main/schemas/v3/index.json",
+            "identityProviders": [
+                {
+                    "provider": "gitlab",
+                    // "sso" for auth + perm sync, "account_linking" for only perm sync
+                    "purpose": "account_linking",
+                    // if purpose == "account_linking" this controls if a user must connect to the IdP
+                    "accountLinkingRequired": true,
+                    "clientId": {
+                        "env": "YOUR_CLIENT_ID_ENV_VAR"
+                    },
+                    "clientSecret": {
+                        "env": "YOUR_CLIENT_SECRET_ENV_VAR"
+                    },
+                    // Optional: for self-hosted GitLab instances
+                    "baseUrl": "https://gitlab.example.com"
+                }
+            ]
+        }
+        ```
+    </Step>
+</Steps>
+</Accordion>
+
+### Google
+
+[Auth.js Google Provider Docs](https://authjs.dev/getting-started/providers/google)
+
+A Google connection can be used for [authentication](/docs/configuration/auth).
+
+<Accordion title="instructions">
+<Steps>
+    <Step title="Register an OAuth Client">
+        To begin, you must register an OAuth client in Google Cloud Console to facilitate the identity provider connection.
+
+        Follow [this guide](https://support.google.com/cloud/answer/6158849) by Google to create OAuth 2.0 credentials.
+
+        When configuring your OAuth client:
+        - Set the application type to "Web application"
+        - Add `<sourcebot_url>/api/auth/callback/google` to the authorized redirect URIs (ex. https://sourcebot.coolcorp.com/api/auth/callback/google)
+
+        The result of creating OAuth credentials is a `CLIENT_ID` and `CLIENT_SECRET` which you'll provide to Sourcebot.
+    </Step>
+    <Step title="Define environment variables">
+        To provide Sourcebot the client id and secret for your OAuth client you must set them as environment variables. These can be named whatever you like
+        (ex. `GOOGLE_IDENTITY_PROVIDER_CLIENT_ID` and `GOOGLE_IDENTITY_PROVIDER_CLIENT_SECRET`)
+    </Step>
+    <Step title="Define the identity provider config">
+        Finally, pass the client id and secret to Sourcebot by defining a `identityProvider` object in the [config file](/docs/configuration/config-file):
+
+       ```json wrap icon="code"
+        {
+            "$schema": "https://raw.githubusercontent.com/sourcebot-dev/sourcebot/main/schemas/v3/index.json",
+            "identityProviders": [
+                {
+                    "provider": "google",
+                    "purpose": "sso",
+                    "clientId": {
+                        "env": "YOUR_CLIENT_ID_ENV_VAR"
+                    },
+                    "clientSecret": {
+                        "env": "YOUR_CLIENT_SECRET_ENV_VAR"
+                    }
+                }
+            ]
+        }
+        ```
+    </Step>
+</Steps>
+</Accordion>
+
+### Okta
+
+[Auth.js Okta Provider Docs](https://authjs.dev/getting-started/providers/okta)
+
+An Okta connection can be used for [authentication](/docs/configuration/auth).
+
+<Accordion title="instructions">
+<Steps>
+    <Step title="Register an OAuth Application">
+        To begin, you must register an OAuth application in Okta to facilitate the identity provider connection.
+
+        Follow [this guide](https://developer.okta.com/docs/guides/implement-oauth-for-okta/main/) by Okta to create an OAuth application.
+
+        When configuring your application:
+        - Set the application type to "Web Application"
+        - Add `<sourcebot_url>/api/auth/callback/okta` to the sign-in redirect URIs (ex. https://sourcebot.coolcorp.com/api/auth/callback/okta)
+
+        The result of creating an OAuth application is a `CLIENT_ID`, `CLIENT_SECRET`, and `ISSUER` URL which you'll provide to Sourcebot.
+    </Step>
+    <Step title="Define environment variables">
+        To provide Sourcebot the client id, client secret, and issuer for your OAuth application you must set them as environment variables. These can be named whatever you like
+        (ex. `OKTA_IDENTITY_PROVIDER_CLIENT_ID`, `OKTA_IDENTITY_PROVIDER_CLIENT_SECRET`, and `OKTA_IDENTITY_PROVIDER_ISSUER`)
+    </Step>
+    <Step title="Define the identity provider config">
+        Finally, pass the client id, client secret, and issuer to Sourcebot by defining a `identityProvider` object in the [config file](/docs/configuration/config-file):
+
+       ```json wrap icon="code"
+        {
+            "$schema": "https://raw.githubusercontent.com/sourcebot-dev/sourcebot/main/schemas/v3/index.json",
+            "identityProviders": [
+                {
+                    "provider": "okta",
+                    "purpose": "sso",
+                    "clientId": {
+                        "env": "YOUR_CLIENT_ID_ENV_VAR"
+                    },
+                    "clientSecret": {
+                        "env": "YOUR_CLIENT_SECRET_ENV_VAR"
+                    },
+                    "issuer": {
+                        "env": "YOUR_ISSUER_ENV_VAR"
+                    }
+                }
+            ]
+        }
+        ```
+    </Step>
+</Steps>
+</Accordion>
+
+### Keycloak
+
+[Auth.js Keycloak Provider Docs](https://authjs.dev/getting-started/providers/keycloak)
+
+A Keycloak connection can be used for [authentication](/docs/configuration/auth).
+
+<Accordion title="instructions">
+<Steps>
+    <Step title="Register an OAuth Client">
+        To begin, you must register an OAuth client in Keycloak to facilitate the identity provider connection.
+
+        Follow [this guide](https://www.keycloak.org/docs/latest/server_admin/#_oidc_clients) by Keycloak to create an OpenID Connect client.
+
+        When configuring your client:
+        - Set the client protocol to "openid-connect"
+        - Set the access type to "confidential"
+        - Add `<sourcebot_url>/api/auth/callback/keycloak` to the valid redirect URIs (ex. https://sourcebot.coolcorp.com/api/auth/callback/keycloak)
+
+        The result of creating an OAuth client is a `CLIENT_ID`, `CLIENT_SECRET`, and an `ISSUER` URL (typically in the format `https://<keycloak-domain>/realms/<realm-name>`) which you'll provide to Sourcebot.
+    </Step>
+    <Step title="Define environment variables">
+        To provide Sourcebot the client id, client secret, and issuer for your OAuth client you must set them as environment variables. These can be named whatever you like
+        (ex. `KEYCLOAK_IDENTITY_PROVIDER_CLIENT_ID`, `KEYCLOAK_IDENTITY_PROVIDER_CLIENT_SECRET`, and `KEYCLOAK_IDENTITY_PROVIDER_ISSUER`)
+    </Step>
+    <Step title="Define the identity provider config">
+        Finally, pass the client id, client secret, and issuer to Sourcebot by defining a `identityProvider` object in the [config file](/docs/configuration/config-file):
+
+       ```json wrap icon="code"
+        {
+            "$schema": "https://raw.githubusercontent.com/sourcebot-dev/sourcebot/main/schemas/v3/index.json",
+            "identityProviders": [
+                {
+                    "provider": "keycloak",
+                    "purpose": "sso",
+                    "clientId": {
+                        "env": "YOUR_CLIENT_ID_ENV_VAR"
+                    },
+                    "clientSecret": {
+                        "env": "YOUR_CLIENT_SECRET_ENV_VAR"
+                    },
+                    "issuer": {
+                        "env": "YOUR_ISSUER_ENV_VAR"
+                    }
+                }
+            ]
+        }
+        ```
+    </Step>
+</Steps>
+</Accordion>
+
+### Microsoft Entra ID
+
+[Auth.js Microsoft Entra ID Provider Docs](https://authjs.dev/getting-started/providers/microsoft-entra-id)
+
+A Microsoft Entra ID connection can be used for [authentication](/docs/configuration/auth).
+
+<Accordion title="instructions">
+<Steps>
+    <Step title="Register an OAuth Application">
+        To begin, you must register an OAuth application in Microsoft Entra ID (formerly Azure Active Directory) to facilitate the identity provider connection.
+
+        Follow [this guide](https://learn.microsoft.com/en-us/entra/identity-platform/quickstart-register-app) by Microsoft to register an application.
+
+        When configuring your application:
+        - Under "Authentication", add a platform and select "Web"
+        - Set the redirect URI to `<sourcebot_url>/api/auth/callback/microsoft-entra-id` (ex. https://sourcebot.coolcorp.com/api/auth/callback/microsoft-entra-id)
+        - Under "Certificates & secrets", create a new client secret
+
+        The result of registering an application is a `CLIENT_ID` (Application ID), `CLIENT_SECRET`, and `TENANT_ID` which you'll use to construct the issuer URL.
+    </Step>
+    <Step title="Define environment variables">
+        To provide Sourcebot the client id, client secret, and issuer for your OAuth application you must set them as environment variables. These can be named whatever you like
+        (ex. `MICROSOFT_ENTRA_ID_IDENTITY_PROVIDER_CLIENT_ID`, `MICROSOFT_ENTRA_ID_IDENTITY_PROVIDER_CLIENT_SECRET`, and `MICROSOFT_ENTRA_ID_IDENTITY_PROVIDER_ISSUER`)
+
+        The issuer URL should be in the format: `https://login.microsoftonline.com/<TENANT_ID>/v2.0`
+    </Step>
+    <Step title="Define the identity provider config">
+        Finally, pass the client id, client secret, and issuer to Sourcebot by defining a `identityProvider` object in the [config file](/docs/configuration/config-file):
+
+       ```json wrap icon="code"
+        {
+            "$schema": "https://raw.githubusercontent.com/sourcebot-dev/sourcebot/main/schemas/v3/index.json",
+            "identityProviders": [
+                {
+                    "provider": "microsoft-entra-id",
+                    "purpose": "sso",
+                    "clientId": {
+                        "env": "YOUR_CLIENT_ID_ENV_VAR"
+                    },
+                    "clientSecret": {
+                        "env": "YOUR_CLIENT_SECRET_ENV_VAR"
+                    },
+                    "issuer": {
+                        "env": "YOUR_ISSUER_ENV_VAR"
+                    }
+                }
+            ]
+        }
+        ```
+    </Step>
+</Steps>
+</Accordion>
+
+### Authentik
+
+[Auth.js Authentik Provider Docs](https://authjs.dev/getting-started/providers/authentik)
+
+An Authentik connection can be used for [authentication](/docs/configuration/auth).
+
+<Accordion title="instructions">
+<Steps>
+    <Step title="Create a OAuth2/OpenID Connect application">
+        To begin, you must create a OAuth2/OpenID Connect application in Authentik. For more information, see the [Authentik documentation](https://docs.goauthentik.io/add-secure-apps/applications/manage_apps/#create-an-application-and-provider-pair).
+
+        When configuring your application:
+        - Set the provider type to "OAuth2/OpenID Connect"
+        - Set the client type to "Confidential"
+        - Add `<sourcebot_url>/api/auth/callback/authentik` to the redirect URIs (ex. https://sourcebot.coolcorp.com/api/auth/callback/authentik)
+
+        After creating the application, open the application details to obtain the client id, client secret, and issuer URL (typically in the format `https://<authentik-domain>/application/o/<provider-slug>/`).
+    </Step>
+    <Step title="Define environment variables">
+        The client id, secret, and issuer URL are provided to Sourcebot via environment variables. These can be named whatever you like
+        (ex. `AUTHENTIK_IDENTITY_PROVIDER_CLIENT_ID`, `AUTHENTIK_IDENTITY_PROVIDER_CLIENT_SECRET`, and `AUTHENTIK_IDENTITY_PROVIDER_ISSUER`)
+    </Step>
+    <Step title="Define the identity provider config">
+        Create a `identityProvider` object in the [config file](/docs/configuration/config-file) with the following fields:
+
+       ```json wrap icon="code"
+        {
+            "$schema": "https://raw.githubusercontent.com/sourcebot-dev/sourcebot/main/schemas/v3/index.json",
+            "identityProviders": [
+                {
+                    "provider": "authentik",
+                    "purpose": "sso",
+                    "clientId": {
+                        "env": "AUTHENTIK_IDENTITY_PROVIDER_CLIENT_ID"
+                    },
+                    "clientSecret": {
+                        "env": "AUTHENTIK_IDENTITY_PROVIDER_CLIENT_SECRET"
+                    },
+                    "issuer": {
+                        "env": "AUTHENTIK_IDENTITY_PROVIDER_ISSUER"
+                    }
+                }
+            ]
+        }
+        ```
+    </Step>
+</Steps>
+</Accordion>
+
+

docs/docs/configuration/language-model-providers.mdx

@@ -0,0 +1,374 @@
+---
+title: Language Model Providers
+sidebarTitle: Language model providers
+---
+
+import LanguageModelSchema from '/snippets/schemas/v3/languageModel.schema.mdx'
+
+<Note>
+Looking to self-host your own model? Check out the [OpenAI Compatible](#openai-compatible) provider.
+</Note>
+
+To use [Ask Sourcebot](/docs/features/ask) you must define at least one Language Model Provider. These providers are defined within the [config file](/docs/configuration/config-file) you
+provide Sourcebot.
+
+
+```json wrap icon="code" Example config with language model provider
+{
+    "$schema": "https://raw.githubusercontent.com/sourcebot-dev/sourcebot/main/schemas/v3/index.json",
+    "models": [
+        // 1. Google Vertex config for Gemini 2.5 Pro
+        {
+            "provider": "google-vertex",
+            "model": "gemini-2.5-pro",
+            "displayName": "Gemini 2.5 Pro",
+            "project": "sourcebot",
+            "credentials": {
+                "env": "GOOGLE_APPLICATION_CREDENTIALS"
+            }
+        },
+        // 2. OpenAI config for o3 
+        {
+            "provider": "openai",
+            "model": "o3",
+            "displayName": "o3",
+            "token": {
+                "env": "OPENAI_API_KEY"
+            }
+        }
+    ]
+}
+```
+
+# Supported Providers
+
+Sourcebot uses the [Vercel AI SDK](https://ai-sdk.dev/docs/introduction), so it can integrate with any provider the SDK supports. If you don't see your provider below please submit
+a [feature request](https://github.com/sourcebot-dev/sourcebot/issues/new?template=feature_request.md).
+
+For a detailed description of all the providers, please refer to the [schema](https://github.com/sourcebot-dev/sourcebot/blob/main/schemas/v3/languageModel.json).
+
+<Note>Any parameter defined using `env` will read the value from the corresponding environment variable you provide Sourcebot</Note>
+
+### Amazon Bedrock
+
+[Vercel AI SDK Amazon Bedrock Docs](https://ai-sdk.dev/providers/ai-sdk-providers/amazon-bedrock)
+
+```json wrap icon="code" Example config with Amazon Bedrock provider
+{
+    "$schema": "https://raw.githubusercontent.com/sourcebot-dev/sourcebot/main/schemas/v3/index.json",
+    "models": [
+        {
+            "provider": "amazon-bedrock",
+            "model": "YOUR_MODEL_HERE",
+            "displayName": "OPTIONAL_DISPLAY_NAME",
+            "accessKeyId": {
+                "env": "AWS_ACCESS_KEY_ID"
+            },
+            "accessKeySecret": {
+                "env": "AWS_SECRET_ACCESS_KEY"
+            },
+            "sessionToken": {
+                "env": "AWS_SESSION_TOKEN"
+            },
+            "region": "YOUR_REGION_HERE", // defaults to the AWS_REGION env var if not set
+            "baseUrl": "OPTIONAL_BASE_URL"
+        }
+    ] 
+}
+```
+
+### Anthropic
+
+[Vercel AI SDK Anthropic Docs](https://ai-sdk.dev/providers/ai-sdk-providers/anthropic)
+
+```json wrap icon="code" Example config with Anthropic provider
+{
+    "$schema": "https://raw.githubusercontent.com/sourcebot-dev/sourcebot/main/schemas/v3/index.json",
+    "models": [
+        {
+            "provider": "anthropic",
+            "model": "YOUR_MODEL_HERE",
+            "displayName": "OPTIONAL_DISPLAY_NAME",
+            "token": {
+                "env": "ANTHROPIC_API_KEY"
+            },
+            "baseUrl": "OPTIONAL_BASE_URL"
+        }
+    ] 
+}
+```
+
+### Azure OpenAI
+
+[Vercel AI SDK Azure OpenAI Docs](https://ai-sdk.dev/providers/ai-sdk-providers/azure)
+
+```json wrap icon="code" Example config with Azure AI provider
+{
+    "$schema": "https://raw.githubusercontent.com/sourcebot-dev/sourcebot/main/schemas/v3/index.json",
+    "models": [
+        {
+            "provider": "azure",
+            "model": "YOUR_MODEL_HERE",
+            "displayName": "OPTIONAL_DISPLAY_NAME",
+            "resourceName": "YOUR_RESOURCE_NAME", // defaults to the AZURE_RESOURCE_NAME env var if not set
+            "apiVersion": "OPTIONAL_API_VERSION", // defailts to 'preview' if not set
+            "token": {
+                "env": "AZURE_API_KEY"
+            },
+            "baseUrl": "OPTIONAL_BASE_URL"
+        }
+    ] 
+}
+```
+
+### Deepseek
+
+[Vercel AI SDK Deepseek Docs](https://ai-sdk.dev/providers/ai-sdk-providers/deepseek)
+
+```json wrap icon="code" Example config with Deepseek provider
+{
+    "$schema": "https://raw.githubusercontent.com/sourcebot-dev/sourcebot/main/schemas/v3/index.json",
+    "models": [
+        {
+            "provider": "deepseek",
+            "model": "YOUR_MODEL_HERE",
+            "displayName": "OPTIONAL_DISPLAY_NAME",
+            "token": {
+                "env": "DEEPSEEK_API_KEY"
+            },
+            "baseUrl": "OPTIONAL_BASE_URL"
+        }
+    ] 
+}
+```
+
+### Google Generative AI
+
+[Vercel AI SDK Google Generative AI Docs](https://ai-sdk.dev/providers/ai-sdk-providers/google-generative-ai)
+
+```json wrap icon="code" Example config with Google Generative AI provider
+{
+    "$schema": "https://raw.githubusercontent.com/sourcebot-dev/sourcebot/main/schemas/v3/index.json",
+    "models": [
+        {
+            "provider": "google-generative-ai",
+            "model": "YOUR_MODEL_HERE",
+            "displayName": "OPTIONAL_DISPLAY_NAME",
+            "token": {
+                "env": "GOOGLE_GENERATIVE_AI_API_KEY"
+            },
+            "baseUrl": "OPTIONAL_BASE_URL"
+        }
+    ] 
+}
+```
+
+### Google Vertex
+
+<Note>If you're using an Anthropic model on Google Vertex, you must define a [Google Vertex Anthropic](#google-vertex-anthropic) provider instead</Note>
+<Note>The `credentials` paramater here expects a **path** to a [credentials](https://console.cloud.google.com/apis/credentials) file. This file **must be in a volume mounted by Sourcebot** for it to be readable.</Note>
+
+[Vercel AI SDK Google Vertex AI Docs](https://ai-sdk.dev/providers/ai-sdk-providers/google-vertex)
+
+```json wrap icon="code" Example config with Google Vertex provider
+{
+    "$schema": "https://raw.githubusercontent.com/sourcebot-dev/sourcebot/main/schemas/v3/index.json",
+    "models": [
+        {
+            "provider": "google-vertex",
+            "model": "YOUR_MODEL_HERE",
+            "displayName": "OPTIONAL_DISPLAY_NAME",
+            "project": "YOUR_PROJECT_ID", // defaults to the GOOGLE_VERTEX_PROJECT env var if not set
+            "region": "YOUR_REGION_HERE", // defaults to the GOOGLE_VERTEX_REGION env var if not set
+            "credentials": {
+                "env": "GOOGLE_APPLICATION_CREDENTIALS"
+            },
+            "baseUrl": "OPTIONAL_BASE_URL"
+        }
+    ] 
+}
+```
+
+### Google Vertex Anthropic
+
+<Note>The `credentials` paramater here expects a **path** to a [credentials](https://console.cloud.google.com/apis/credentials) file. This file **must be in a volume mounted by Sourcebot** for it to be readable.</Note>
+
+
+[Vercel AI SDK Google Vertex Anthropic Docs](https://ai-sdk.dev/providers/ai-sdk-providers/google-vertex#google-vertex-anthropic-provider-usage)
+
+```json wrap icon="code" Example config with Google Vertex Anthropic provider
+{
+    "$schema": "https://raw.githubusercontent.com/sourcebot-dev/sourcebot/main/schemas/v3/index.json",
+    "models": [
+        {
+            "provider": "google-vertex-anthropic",
+            "model": "YOUR_MODEL_HERE",
+            "displayName": "OPTIONAL_DISPLAY_NAME",
+            "project": "YOUR_PROJECT_ID", // defaults to the GOOGLE_VERTEX_PROJECT env var if not set
+            "region": "YOUR_REGION_HERE", // defaults to the GOOGLE_VERTEX_REGION env var if not set
+            "credentials": {
+                "env": "GOOGLE_APPLICATION_CREDENTIALS"
+            },
+            "baseUrl": "OPTIONAL_BASE_URL"
+        }
+    ] 
+}
+```
+
+### Mistral
+
+[Vercel AI SDK Mistral Docs](https://ai-sdk.dev/providers/ai-sdk-providers/mistral)
+
+```json wrap icon="code" Example config with Mistral provider
+{
+    "$schema": "https://raw.githubusercontent.com/sourcebot-dev/sourcebot/main/schemas/v3/index.json",
+    "models": [
+        {
+            "provider": "mistral",
+            "model": "YOUR_MODEL_HERE",
+            "displayName": "OPTIONAL_DISPLAY_NAME",
+            "token": {
+                "env": "MISTRAL_API_KEY"
+            },
+            "baseUrl": "OPTIONAL_BASE_URL"
+        }
+    ] 
+}
+```
+
+### OpenAI
+
+[Vercel AI SDK OpenAI Docs](https://ai-sdk.dev/providers/ai-sdk-providers/openai)
+
+```json wrap icon="code" Example config with OpenAI provider
+{
+    "$schema": "https://raw.githubusercontent.com/sourcebot-dev/sourcebot/main/schemas/v3/index.json",
+    "models": [
+        {
+            "provider": "openai",
+            "model": "YOUR_MODEL_HERE",
+            "displayName": "OPTIONAL_DISPLAY_NAME",
+            "token": {
+                "env": "OPENAI_API_KEY"
+            },
+            "baseUrl": "OPTIONAL_BASE_URL",
+            "reasoningEffort": "OPTIONAL_REASONING_EFFORT" // defaults to "medium"
+        }
+    ] 
+}
+```
+
+### OpenAI Compatible
+
+[Vercel AI SDK OpenAI Compatible Docs](https://ai-sdk.dev/providers/openai-compatible-providers)
+
+The OpenAI compatible provider allows you to use any model that is compatible with the OpenAI [Chat Completions API](https://github.com/ollama/ollama/blob/main/docs/openai.md). This includes self-hosted tools like [Ollama](https://ollama.ai/) and [llama.cpp](https://github.com/ggerganov/llama.cpp).
+
+```json wrap icon="code" Example config with OpenAI Compatible provider
+{
+    "$schema": "https://raw.githubusercontent.com/sourcebot-dev/sourcebot/main/schemas/v3/index.json",
+    "models": [
+        {
+            "provider": "openai-compatible",
+            "baseUrl": "BASE_URL_HERE",
+            "model": "YOUR_MODEL_HERE",
+            "displayName": "OPTIONAL_DISPLAY_NAME",
+            "token": {
+                "env": "OPTIONAL_API_KEY"
+            },
+            // Optional query parameters can be passed in the request url as:
+            "queryParams": {
+                // raw string values
+                "optional-query-param": "foo",
+                // or as environment variables
+                "optional-query-param-secret": {
+                    "env": "MY_SECRET_ENV_VAR"
+                }
+            }
+        }
+    ]
+}
+```
+
+<Accordion title="Troubleshooting">
+- When using [llama.cpp](https://github.com/ggml-org/llama.cpp), if you hit "Failed after 3 attempts. Last error: tools param requires --jinja flag", add the `--jinja` flag to your `llama-server` command.
+- If you're seeing the LLM outputing reasoning tokens wrapped in XML tags (e.g., `<reasoning>`, `<thinking>`, etc.), you can configure the `reasoningTag` parameter to the name of the tag (without angle brackets). This parameter defaults to `think`.
+</Accordion>
+
+### OpenRouter
+
+[Vercel AI SDK OpenRouter Docs](https://ai-sdk.dev/providers/community-providers/openrouter)
+
+```json wrap icon="code" Example config with OpenRouter provider
+{
+    "$schema": "https://raw.githubusercontent.com/sourcebot-dev/sourcebot/main/schemas/v3/index.json",
+    "models": [
+        {
+            "provider": "openai",
+            "model": "YOUR_MODEL_HERE",
+            "displayName": "OPTIONAL_DISPLAY_NAME",
+            "token": {
+                "env": "OPENROUTER_API_KEY"
+            },
+            "baseUrl": "OPTIONAL_BASE_URL"
+        }
+    ] 
+}
+```
+
+### xAI
+
+[Vercel AI SDK xAI Docs](https://ai-sdk.dev/providers/ai-sdk-providers/xai)
+
+```json wrap icon="code" Example config with xAI provider
+{
+    "$schema": "https://raw.githubusercontent.com/sourcebot-dev/sourcebot/main/schemas/v3/index.json",
+    "models": [
+        {
+            "provider": "xai",
+            "model": "YOUR_MODEL_HERE",
+            "displayName": "OPTIONAL_DISPLAY_NAME",
+            "token": {
+                "env": "XAI_API_KEY"
+            },
+            "baseUrl": "OPTIONAL_BASE_URL"
+        }
+    ] 
+}
+```
+
+# Custom headers
+
+You can pass custom headers to the language model provider by using the `headers` parameter. Header values can either be a string or a environment variable. Headers are supported for all providers.
+
+```json wrap icon="code" Example config with custom headers
+{
+    "$schema": "https://raw.githubusercontent.com/sourcebot-dev/sourcebot/main/schemas/v3/index.json",
+    "models": [
+        {
+            // ... provider, model, displayName, etc...
+
+            // Key-value pairs of headers
+            "headers": {
+                // Header values can be passed as a environment variable...
+                "my-secret-header": {
+                    "env": "MY_SECRET_HEADER_ENV_VAR"
+                },
+
+                // ... or directly as a string.
+                "my-non-secret-header": "plaintextvalue"
+            }
+        }
+    ]
+}
+```
+
+
+# Schema reference
+
+<Accordion title="Reference">
+[schemas/v3/languageModel.json](https://github.com/sourcebot-dev/sourcebot/blob/main/schemas/v3/languageModel.json)
+
+<LanguageModelSchema />
+
+</Accordion>

docs/docs/configuration/structured-logging.mdx

@@ -0,0 +1,40 @@
+---
+title: Structured Logging
+sidebarTitle: Structured logging
+---
+
+By default, Sourcebot will output logs to the console in a human readable format. If you'd like Sourcebot to output structured JSON logs, set the following env vars:
+
+- `SOURCEBOT_STRUCTURED_LOGGING_ENABLED` (default: `false`): Controls whether logs are in a structured JSON format
+- `SOURCEBOT_STRUCTURED_LOGGING_FILE`: If structured logging is enabled and this env var is set, structured logs will be written to this file (ex. `/data/sourcebot.log`)
+
+### Structured log schema
+```json
+{
+    "$schema": "http://json-schema.org/draft-07/schema#",
+    "type": "object",
+    "title": "SourcebotLog",
+    "properties": {
+        "level": {
+            "type": "string",
+            "description": "The log level (error, warning, info, debug)"
+        },
+        "service": {
+            "type": "string",
+            "description": "The Sourcebot component that generated the log"
+        },
+        "message": {
+            "type": "string",
+            "description": "The log message"
+        },
+        "status": {
+            "type": "string",
+            "description": "The same value as the level field added for datadog support"
+        },
+        "timestamp": {
+            "type": "string",
+            "description": "The timestamp of the log in ISO 8061 format"
+        }
+    }
+}
+```

docs/docs/configuration/tenancy.mdx

@@ -0,0 +1,27 @@
+---
+title: Multi Tenancy Mode
+sidebarTitle: Multi tenancy
+---
+
+<Warning>If you're switching from single-tenant mode, delete the Sourcebot cache (the `.sourcebot` folder) before starting.</Warning>
+<Warning>[Authentication](/docs/configuration/auth/overview) must be enabled to enable multi tenancy mode</Warning>
+Multi tenancy allows your Sourcebot deployment to have **multiple organizations**, each with their own set of members and repos. To enable multi tenancy mode, define an environment variable
+named `SOURCEBOT_TENANCY_MODE` and set its value to `multi`. When multi tenancy mode is enabled:
+
+- Any members or repos that are configured in an organization are isolated to that organization
+- Members must be invited to an organization to gain access 
+- Members may be a part of multiple organizations and switch through them in the UI
+
+
+### Organization creation form
+
+When you sign in for the first time (assuming you didn't go through an invite), you'll be presented with the organization creation form. The member who creates
+the organization will be the Owner.
+
+![Org creation](/images/org_create.png)
+
+### Switching between organizations
+
+To switch between organizations, press the drop down on the top left of the navigation menu. This also provides an option to create a new organization:
+
+![Org switching](/images/org_switch.png)

docs/docs/configuration/transactional-emails.mdx

@@ -0,0 +1,15 @@
+---
+title: Transactional Email
+sidebarTitle: Transactional email
+---
+
+To enable transactional emails in your deployment, set the following environment variables. We recommend using [Resend](https://resend.com/), but you can use any provider. Setting this enables you to:
+
+- Send emails when new members are invited
+- Send emails when organization join requests are created/accepted
+- Log into the Sourcebot deployment using [email codes](/docs/configuration/auth/overview#email-codes)
+
+| Variable | Description |
+| :------- | :---------- |
+| `SMTP_CONNECTION_URL` | SMTP server connection (`smtp://[user[:password]@]host[:port]`)|
+| `EMAIL_FROM_ADDRESS` | The sender's email address |

docs/docs/connections/ado-cloud.mdx

@@ -0,0 +1,125 @@
+---
+title: Linking code from Azure Devops Cloud
+sidebarTitle: Azure Devops Cloud
+icon: https://www.svgrepo.com/show/448307/azure-devops.svg
+---
+
+import AzureDevopsSchema from '/snippets/schemas/v3/azuredevops.schema.mdx'
+
+If you're not familiar with Sourcebot [connections](/docs/connections/overview), please read that overview first.
+
+## Examples
+
+<AccordionGroup>
+    <Accordion title="Sync individual repos">
+        ```json
+        {
+            "type": "azuredevops",
+            "deploymentType": "cloud",
+            "repos": [
+                "organizationName/projectName/repoName",
+                "organizationName/projectName/repoName2
+            ]
+        }
+        ```
+    </Accordion>
+    <Accordion title="Sync all repos in a organization">
+        ```json
+        {
+            "type": "azuredevops",
+            "deploymentType": "cloud",
+            "orgs": [
+                "organizationName",
+                "organizationName2
+            ]
+        }
+        ```
+    </Accordion>
+    <Accordion title="Sync all repos in a project">
+        ```json
+        {
+            "type": "azuredevops",
+            "deploymentType": "cloud",
+            "projects": [
+                "organizationName/projectName",
+                "organizationName/projectName2"
+            ]
+        }
+        ```
+    </Accordion>
+    <Accordion title="Exclude repos from syncing">
+        ```json
+        {
+            "type": "azuredevops",
+            "deploymentType": "cloud",
+            // Include all repos in my-org...
+            "orgs": [
+                "my-org"
+            ],
+            // ...except:
+            "exclude": {
+                // repos that are disabled 
+                "disabled": true,
+                // repos that match these glob patterns
+                "repos": [
+                    "reposToExclude*"
+                ],
+                // projects that match these glob patterns
+                "projects": [
+                    "projectstoExclude*"
+                ]
+                // repos less than the defined min OR larger than the defined max
+                "size": {
+                    // repos that are less than 1MB (in bytes)...
+                    "min": 1048576,
+                    // or repos greater than 100MB (in bytes)
+                    "max": 104857600 
+                }
+            }
+        }
+        ```
+    </Accordion>
+</AccordionGroup>
+
+## Authenticating with Azure Devops Cloud
+
+Azure Devops Cloud requires you to provide a PAT in order to index your repositories. To learn how to create PAT, check out the [Azure Devops docs](https://learn.microsoft.com/en-us/azure/devops/organizations/accounts/use-personal-access-tokens-to-authenticate?view=azure-devops&tabs=Windows).
+Sourcebot needs the `Read` access for the `Code` scope in order to find and clone your repos.
+
+Next, provide the access [token](/docs/configuration/config-file#tokens) via an environment variable which is referenced in the `token` property:
+
+<Tabs>
+    <Tab title="Environment Variable">
+
+        1. Add the `token` property to your connection config:
+        ```json
+        {
+            "type": "azuredevops",
+            "deploymentType": "cloud",
+            "token": {
+                // note: this env var can be named anything. It
+                // doesn't need to be `ADO_TOKEN`.
+                "env": "ADO_TOKEN"
+            }
+            // .. rest of config ..
+        }
+        ```
+
+        2. Pass this environment variable each time you run Sourcebot:
+        ```bash
+        docker run \
+            -e ADO_TOKEN=<PAT> \
+            /* additional args */ \
+            ghcr.io/sourcebot-dev/sourcebot:latest
+        ```
+    </Tab>
+</Tabs>
+
+## Schema reference
+
+<Accordion title="Reference">
+[schemas/v3/azuredevops.json](https://github.com/sourcebot-dev/sourcebot/blob/main/schemas/v3/azuredevops.json)
+
+<AzureDevopsSchema />
+
+</Accordion>

docs/docs/connections/ado-server.mdx

@@ -0,0 +1,139 @@
+---
+title: Linking code from Azure Devops Server
+sidebarTitle: Azure Devops Server
+icon: https://www.svgrepo.com/show/448307/azure-devops.svg
+---
+
+import AzureDevopsSchema from '/snippets/schemas/v3/azuredevops.schema.mdx'
+
+If you're not familiar with Sourcebot [connections](/docs/connections/overview), please read that overview first.
+
+## Examples
+
+<AccordionGroup>
+    <Accordion title="Enable TFS path support">
+        This is required if you're using an older version of ADO Server which has `/tfs` in the repo paths.
+        ```json
+        {
+            "type": "azuredevops",
+            "deploymentType": "server",
+            "useTfsPath": true,
+            "repos": [
+                "organizationName/projectName/repoName",
+                "organizationName/projectName/repoName2
+            ]
+        }   
+        ```
+    </Accordion>
+    <Accordion title="Sync individual repos">
+        ```json
+        {
+            "type": "azuredevops",
+            "deploymentType": "server",
+            "repos": [
+                "organizationName/projectName/repoName",
+                "organizationName/projectName/repoName2
+            ]
+        }
+        ```
+    </Accordion>
+    <Accordion title="Sync all repos in a collection">
+        ```json
+        {
+            "type": "azuredevops",
+            "deploymentType": "server",
+            "orgs": [
+                "collectionName",
+                "collectionName2"
+            ]
+        }
+        ```
+    </Accordion>
+    <Accordion title="Sync all repos in a project">
+        ```json
+        {
+            "type": "azuredevops",
+            "deploymentType": "server",
+            "projects": [
+                "collectionName/projectName",
+                "collectionName/projectName2"
+            ]
+        }
+        ```
+    </Accordion>
+    <Accordion title="Exclude repos from syncing">
+        ```json
+        {
+            "type": "azuredevops",
+            "deploymentType": "server",
+            // Include all repos in my-org...
+            "orgs": [
+                "my-org"
+            ],
+            // ...except:
+            "exclude": {
+                // repos that are disabled 
+                "disabled": true,
+                // repos that match these glob patterns
+                "repos": [
+                    "reposToExclude*"
+                ],
+                // projects that match these glob patterns
+                "projects": [
+                    "projectstoExclude*"
+                ]
+                // repos less than the defined min OR larger than the defined max
+                "size": {
+                    // repos that are less than 1MB (in bytes)...
+                    "min": 1048576,
+                    // or repos greater than 100MB (in bytes)
+                    "max": 104857600 
+                }
+            }
+        }
+        ```
+    </Accordion>
+</AccordionGroup>
+
+## Authenticating with Azure Devops Server
+
+Azure Devops Server requires you to provide a PAT in order to index your repositories. To learn how to create PAT, check out the [Azure Devops docs](https://learn.microsoft.com/en-us/azure/devops/organizations/accounts/use-personal-access-tokens-to-authenticate?view=azure-devops&tabs=Windows).
+Sourcebot needs the `Read` access for the `Code` scope in order to find and clone your repos.
+
+Next, provide the access [token](/docs/configuration/config-file#tokens) via an environment variable which is referenced in the `token` property:
+
+<Tabs>
+    <Tab title="Environment Variable">
+
+        1. Add the `token` property to your connection config:
+        ```json
+        {
+            "type": "azuredevops",
+            "deploymentType": "server",
+            "token": {
+                // note: this env var can be named anything. It
+                // doesn't need to be `ADO_TOKEN`.
+                "env": "ADO_TOKEN"
+            }
+            // .. rest of config ..
+        }
+        ```
+
+        2. Pass this environment variable each time you run Sourcebot:
+        ```bash
+        docker run \
+            -e ADO_TOKEN=<PAT> \
+            /* additional args */ \
+            ghcr.io/sourcebot-dev/sourcebot:latest
+        ```
+    </Tab>
+</Tabs>
+
+## Schema reference
+
+<Accordion title="Reference">
+[schemas/v3/azuredevops.json](https://github.com/sourcebot-dev/sourcebot/blob/main/schemas/v3/azuredevops.json)
+
+<AzureDevopsSchema />
+
+</Accordion>

docs/docs/connections/bitbucket-cloud.mdx

@@ -0,0 +1,111 @@
+---
+title: Linking code from Bitbucket Cloud
+sidebarTitle: Bitbucket Cloud
+icon: Bitbucket
+---
+
+import BitbucketToken from '/snippets/bitbucket-token.mdx';
+import BitbucketAppPassword from '/snippets/bitbucket-app-password.mdx';
+import BitbucketSchema from '/snippets/schemas/v3/bitbucket.schema.mdx'
+
+<Note>
+Looking for docs on Bitbucket Data Center? See [this doc](/docs/connections/bitbucket-data-center).
+</Note>
+
+If you're not familiar with Sourcebot [connections](/docs/connections/overview), please read that overview first.
+
+## Examples
+
+<AccordionGroup>
+    <Accordion title="Sync individual repos">
+        ```json
+        {
+            "type": "bitbucket",
+            "deploymentType": "cloud",
+            "repos": [
+                "myWorkspace/myRepo"
+            ]
+        }
+        ```
+    </Accordion>
+    <Accordion title="Sync all repos in a workspace">
+        ```json
+        {
+            "type": "bitbucket",
+            "deploymentType": "cloud",
+            "workspaces": [
+              "myWorkspace"
+            ]
+        }
+        ```
+    </Accordion>
+    <Accordion title="Sync all repos in a project">
+        ```json
+        {
+            "type": "bitbucket",
+            "deploymentType": "cloud",
+            "projects": [
+                "myProject"
+            ]
+        }
+        ```
+    </Accordion>
+    <Accordion title="Exclude repos from syncing">
+        ```json
+        {
+            "type": "bitbucket",
+            "deploymentType": "cloud",
+            // Include all repos in my-workspace...
+            "workspaces": [
+                "myWorkspace"
+            ],
+            // ...except:
+            "exclude": {
+                // repos that are archived
+                "archived": true,
+                // repos that are forks
+                "forks": true,
+                // repos that match these glob patterns
+                "repos": [
+                    "myWorkspace/repo1",
+                    "myWorkspace2/*"
+                ]
+            }
+        }
+        ```
+    </Accordion>
+</AccordionGroup>
+
+## Authenticating with Bitbucket Cloud
+
+In order to index private repositories, you'll need to provide authentication credentials via a [token](/docs/configuration/config-file#tokens). You can do this using an `App Password` or an `Access Token`
+
+<Tabs>
+    <Tab title="App Password">
+      Navigate to the [app password creation page](https://bitbucket.org/account/settings/app-passwords/) and create an app password. Ensure that it has the proper permissions for the scope
+      of info you want to fetch (i.e. workspace, project, and/or repo level) 
+      ![Bitbucket App Password Permissions](/images/bitbucket_app_password_perms.png)
+
+      Next, provide your username + app password pair to Sourcebot:
+
+      <BitbucketAppPassword />
+    </Tab>
+    <Tab title="Access Token">
+      Create an access token for the desired scope (repo, project, or workspace). Visit the official [Bitbucket Cloud docs](https://support.atlassian.com/bitbucket-cloud/docs/access-tokens/)
+      for more info.
+
+      Next, provide the access token to Sourcebot:
+
+      <BitbucketToken />
+    </Tab>
+</Tabs>
+
+
+## Schema reference
+
+<Accordion title="Reference">
+[schemas/v3/bitbucket.json](https://github.com/sourcebot-dev/sourcebot/blob/main/schemas/v3/bitbucket.json)
+
+<BitbucketSchema />
+
+</Accordion>

docs/docs/connections/bitbucket-data-center.mdx

@@ -0,0 +1,90 @@
+---
+title: Linking code from Bitbucket Data Center
+sidebarTitle: Bitbucket Data Center
+icon: Bitbucket
+---
+
+import BitbucketToken from '/snippets/bitbucket-token.mdx';
+import BitbucketAppPassword from '/snippets/bitbucket-app-password.mdx';
+import BitbucketSchema from '/snippets/schemas/v3/bitbucket.schema.mdx'
+
+<Note>
+Looking for docs on Bitbucket Cloud? See [this doc](/docs/connections/bitbucket-cloud).
+</Note>
+
+If you're not familiar with Sourcebot [connections](/docs/connections/overview), please read that overview first.
+
+## Examples
+
+<AccordionGroup>
+    <Accordion title="Sync individual repos">
+        ```json
+        {
+            "type": "bitbucket",
+            "deploymentType": "server",
+            "url": "https://mybitbucketdeployment.com",
+            "repos": [
+                "myProject/myRepo"
+            ]
+        }
+        ```
+    </Accordion>
+    <Accordion title="Sync all repos in a project">
+        ```json
+        {
+            "type": "bitbucket",
+            "deploymentType": "server",
+            "url": "https://mybitbucketdeployment.com",
+            "projects": [
+                "myProject"
+            ]
+        }
+        ```
+    </Accordion>
+    <Accordion title="Exclude repos from syncing">
+        ```json
+        {
+            "type": "bitbucket",
+            "deploymentType": "server",
+            "url": "https://mybitbucketdeployment.com",
+            // Include all repos in myProject...
+            "projects": [
+                "myProject"
+            ],
+            // ...except:
+            "exclude": {
+                // repos that are archived
+                "archived": true,
+                // repos that are forks
+                "forks": true,
+                // repos that match these glob patterns
+                "repos": [
+                    "myProject/repo1",
+                    "myProject2/*"
+                ]
+            }
+        }
+        ```
+    </Accordion>
+</AccordionGroup>
+
+## Authenticating with Bitbucket Data Center
+
+In order to index private repositories, you'll need to provide an access token to Sourcebot via a [token](/docs/configuration/config-file#tokens).
+
+Create an access token for the desired scope (repo, project, or workspace). Visit the official [Bitbucket Data Center docs](https://confluence.atlassian.com/bitbucketserver/http-access-tokens-939515499.html)
+for more info.
+
+Next, provide the access token to Sourcebot:
+
+<BitbucketToken />
+
+
+## Schema reference
+
+<Accordion title="Reference">
+[schemas/v3/bitbucket.json](https://github.com/sourcebot-dev/sourcebot/blob/main/schemas/v3/bitbucket.json)
+
+<BitbucketSchema />
+
+</Accordion>

docs/docs/connections/generic-git-host.mdx

@@ -0,0 +1,32 @@
+---
+title: Other Git hosts
+icon: git-alt
+---
+
+import GenericGitHost from '/snippets/schemas/v3/genericGitHost.schema.mdx'
+
+Sourcebot can sync code from any Git host (by clone url). This is helpful when you want to search code that not in a [supported code host](/docs/connections/overview#supported-code-hosts).
+
+If you're not familiar with Sourcebot [connections](/docs/connections/overview), please read that overview first.
+
+## Getting Started
+
+To connect to a Git host, create a new [connection](/docs/connections/overview) with type `git` and specify the clone url in the `url` property. For example:
+
+```json
+{
+    "type": "git",
+    "url": "https://github.com/sourcebot-dev/sourcebot"
+}
+```
+
+Note that only `http` & `https` URLs are supported at this time.
+
+## Schema reference
+
+<Accordion title="Reference">
+[schemas/v3/genericGitHost.json](https://github.com/sourcebot-dev/sourcebot/blob/main/schemas/v3/genericGitHost.json)
+
+<GenericGitHost />
+
+</Accordion>

docs/docs/connections/gerrit.mdx

@@ -0,0 +1,79 @@
+---
+title: Linking code from Gerrit
+sidebarTitle: Gerrit
+icon: crow
+---
+
+import GerritSchema from '/snippets/schemas/v3/gerrit.schema.mdx'
+
+<Note>Authenticating with Gerrit is currently not supported. If you need this capability, please raise a [feature request](https://github.com/sourcebot-dev/sourcebot/issues/new?template=feature_request.md).</Note>
+
+Sourcebot can sync code from self-hosted gerrit instances.
+
+If you're not familiar with Sourcebot [connections](/docs/connections/overview), please read that overview first.
+
+## Connecting to a Gerrit instance
+
+To connect to a gerrit instance, provide the `url` property to your config:
+
+```json
+{
+    "type": "gerrit",
+    "url": "https://gerrit.example.com"
+    // .. rest of config ..
+}
+```
+
+## Examples
+
+<AccordionGroup>
+    <Accordion title="Sync projects by glob pattern">
+        ```json
+        {
+            "type": "gerrit",
+            "url": "https://gerrit.example.com",
+            // Sync all repos under project1 and project2/sub-project
+            "projects": [
+                "project1/**",
+                "project2/sub-project/**"
+            ]
+        }
+        ```
+    </Accordion>
+    <Accordion title="Exclude repos from syncing">
+        ```json
+        {
+            "type": "gerrit",
+            "url": "https://gerrit.example.com",
+            // Sync all repos under project1 and project2/sub-project...
+            "projects": [
+                "project1/**",
+                "project2/sub-project/**"
+            ],
+            // ...except:
+            "exclude": {
+                // any project that matches these glob patterns
+                "projects": [
+                    "project1/foo-project",
+                    "project2/sub-project/some-sub-folder/**"
+                ],
+
+                // projects that have state READ_ONLY
+                "readOnly": true,
+
+                // projects that have state HIDDEN
+                "hidden": true
+            }
+        }
+        ```
+    </Accordion>
+</AccordionGroup>
+
+## Schema reference
+
+<Accordion title="Reference">
+[schemas/v3/gerrit.json](https://github.com/sourcebot-dev/sourcebot/blob/main/schemas/v3/gerrit.json)
+
+<GerritSchema />
+
+</Accordion>

docs/docs/connections/gitea.mdx

@@ -0,0 +1,131 @@
+---
+title: Linking code from Gitea
+sidebarTitle: Gitea
+icon: mug-tea
+---
+
+import GiteaSchema from '/snippets/schemas/v3/gitea.schema.mdx'
+
+Sourcebot can sync code from Gitea Cloud, and self-hosted.
+
+If you're not familiar with Sourcebot [connections](/docs/connections/overview), please read that overview first.
+
+## Examples
+
+<AccordionGroup>
+    <Accordion title="Sync individual repos">
+        ```json
+        {
+            "type": "gitea",
+            "repos": [
+                "sourcebot-dev/sourcebot",
+                "getsentry/sentry",
+                "torvalds/linux"
+            ]
+        }
+        ```
+    </Accordion>
+    <Accordion title="Sync all repos in a organization">
+        ```json
+        {
+            "type": "gitea",
+            "orgs": [
+                "sourcebot-dev",
+                "getsentry",
+                "vercel"
+            ]
+        }
+        ```
+    </Accordion>
+    <Accordion title="Sync all repos owned by a user">
+        ```json
+        {
+            "type": "gitea",
+            "users": [
+                "torvalds",
+                "ggerganov"
+            ]
+        }
+        ```
+    </Accordion>
+    <Accordion title="Exclude repos from syncing">
+        ```json
+        {
+            "type": "gitea",
+            // Include all repos in my-org...
+            "orgs": [
+                "my-org"
+            ],
+            // ...except:
+            "exclude": {
+                // repos that are archived
+                "archived": true,
+                // repos that are forks
+                "forks": true,
+                // repos that match these glob patterns
+                "repos": [
+                    "my-org/repo1",
+                    "my-org/repo2",
+                    "my-org/sub-org-1/**",
+                    "my-org/sub-org-*/**"
+                ]
+            }
+        }
+        ```
+    </Accordion>
+</AccordionGroup>
+
+## Authenticating with Gitea
+
+In order to index private repositories, you'll need to generate a Gitea access token. Generate a Gitea access token [here](http://gitea.com/user/settings/applications). At minimum, you'll need to select the `read:repository` scope. `read:user` and `read:organization` are required for the `user` and `org` fields of your config file:
+
+![Gitea Access token creation](/images/gitea_pat_creation.png)
+
+Next, provide the access token via an environment variable [token](/docs/configuration/config-file#tokens) which is referenced in the `token` property:
+
+<Tabs>
+    <Tab title="Environment Variable">
+
+        1. Add the `token` property to your connection config:
+        ```json
+        {
+            "type": "gitea",
+            "token": {
+                // note: this env var can be named anything. It
+                // doesn't need to be `GITEA_TOKEN`.
+                "env": "GITEA_TOKEN"
+            }
+            // .. rest of config ..
+        }
+        ```
+
+        2. Pass this environment variable each time you run Sourcebot:
+        ```bash
+        docker run \
+            -e GITEA_TOKEN=<PAT> \
+            /* additional args */ \
+            ghcr.io/sourcebot-dev/sourcebot:latest
+        ```
+    </Tab>
+</Tabs>
+
+## Connecting to a custom Gitea
+
+To connect to a custom Gitea deployment, provide the `url` property to your config:
+
+```json
+{
+    "type": "gitea",
+    "url": "https://gitea.example.com"
+    // .. rest of config ..
+}
+```
+
+## Schema reference
+
+<Accordion title="Reference">
+[schemas/v3/gitea.json](https://github.com/sourcebot-dev/sourcebot/blob/main/schemas/v3/gitea.json)
+
+<GiteaSchema />
+
+</Accordion>

docs/docs/connections/github.mdx

@@ -0,0 +1,182 @@
+---
+title: Linking code from GitHub
+sidebarTitle: GitHub
+icon: GitHub
+---
+
+import GitHubSchema from '/snippets/schemas/v3/github.schema.mdx'
+
+Sourcebot can sync code from GitHub.com, GitHub Enterprise Server, and GitHub Enterprise Cloud.
+
+If you're not familiar with Sourcebot [connections](/docs/connections/overview), please read that overview first.
+
+## Examples
+
+<AccordionGroup>
+    <Accordion title="Sync individual repos">
+        ```json
+        {
+            "type": "github",
+            "repos": [
+                "sourcebot-dev/sourcebot",
+                "getsentry/sentry",
+                "torvalds/linux"
+            ]
+        }
+        ```
+    </Accordion>
+    <Accordion title="Sync all repos in a organization">
+        ```json
+        {
+            "type": "github",
+            "orgs": [
+                "sourcebot-dev",
+                "getsentry",
+                "vercel"
+            ]
+        }
+        ```
+    </Accordion>
+    <Accordion title="Sync all repos owned by a user">
+        ```json
+        {
+            "type": "github",
+            "users": [
+                "torvalds",
+                "ggerganov"
+            ]
+        }
+        ```
+    </Accordion>
+    <Accordion title="Filter repos by topic">
+        ```json
+        {
+            "type": "github",
+            // Sync all repos in `my-org` that have a topic that...
+            "orgs": [
+                "my-org"
+            ],
+            // ...match one of these glob patterns.
+            "topics": [
+                "test-*",
+                "ci-*",
+                "k8s"
+            ]
+        }
+
+        ```
+    </Accordion>
+    <Accordion title="Exclude repos from syncing">
+        ```json
+        {
+            "type": "github",
+            // Include all repos in my-org...
+            "orgs": [
+                "my-org"
+            ],
+            // ...except:
+            "exclude": {
+                // repos that are archived
+                "archived": true,
+                // repos that are forks
+                "forks": true,
+                // repos that match these glob patterns
+                "repos": [
+                    "my-org/repo1",
+                    "my-org/repo2",
+                    "my-org/sub-org-1/**",
+                    "my-org/sub-org-*/**"
+                ],
+                "size": {
+                    // repos that are less than 1MB (in bytes)...
+                    "min": 1048576,
+                    // or repos greater than 100MB (in bytes)
+                    "max": 104857600 
+                },
+                // repos with topics that match these glob patterns
+                "topics": [
+                    "test-*",
+                    "ci"
+                ]
+            }
+        }
+        ```
+    </Accordion>
+</AccordionGroup>
+
+## Authenticating with GitHub
+
+In order to index private repositories, you'll need to generate a access token and provide it to Sourcebot. GitHub provides [two types](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens#types-of-personal-access-tokens) of access tokens:
+
+
+<AccordionGroup>
+    <Accordion title="Fine-grained personal access tokens" defaultOpen>
+        Create a new fine-grained PAT [here](https://github.com/settings/personal-access-tokens/new). First, select the resource owner and the repositories that you want Sourcebot to have access to.
+
+        Next, under "Repository permissions", select permissions `Contents` and `Metadata` with access `Read-only`. The permissions should look like the following:
+
+        ![GitHub PAT Scope](/images/github_pat_scopes_fine_grained.png)
+
+        [GitHub docs](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens#fine-grained-personal-access-tokens)
+    </Accordion>
+    <Accordion title="Personal access tokens (classic)">
+        Create a new PAT [here](https://github.com/settings/tokens/new) and make sure you select the `repo` scope:
+        
+        ![GitHub PAT Scope](/images/github_pat_scopes.png)
+
+        [GitHub docs](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens#personal-access-tokens-classic)
+    </Accordion>
+</AccordionGroup>
+
+Next, provide the access token via an environment variable [token](/docs/configuration/config-file#tokens) which is referenced in the `token` property:
+
+<Tabs>
+    <Tab title="Environment Variable">
+
+        1. Add the `token` property to your connection config:
+        ```json
+        {
+            "type": "github",
+            "token": {
+                // note: this env var can be named anything. It
+                // doesn't need to be `GITHUB_TOKEN`.
+                "env": "GITHUB_TOKEN"
+            }
+            // .. rest of config ..
+        }
+        ```
+
+        2. Pass this environment variable each time you run Sourcebot:
+        ```bash
+        docker run \
+            -e GITHUB_TOKEN=<PAT> \
+            /* additional args */ \
+            ghcr.io/sourcebot-dev/sourcebot:latest
+        ```
+    </Tab>
+</Tabs>
+
+## Connecting to a custom GitHub host
+
+To connect to a GitHub host other than `github.com`, provide the `url` property to your config:
+
+```json
+{
+    "type": "github",
+    "url": "https://github.example.com"
+    // .. rest of config ..
+}
+```
+
+## Schema reference
+
+<Accordion title="Reference">
+[schemas/v3/github.json](https://github.com/sourcebot-dev/sourcebot/blob/main/schemas/v3/github.json)
+
+<GitHubSchema />
+
+</Accordion>
+
+## See also
+
+- [Syncing GitHub Access permissions to Sourcebot](/docs/features/permission-syncing#github)

docs/docs/connections/gitlab.mdx

@@ -0,0 +1,170 @@
+---
+title: Linking code from GitLab
+sidebarTitle: GitLab
+icon: GitLab
+---
+
+import GitLabSchema from '/snippets/schemas/v3/gitlab.schema.mdx'
+
+Sourcebot can sync code from GitLab.com, Self Managed (CE & EE), and Dedicated.
+
+If you're not familiar with Sourcebot [connections](/docs/connections/overview), please read that overview first.
+
+## Examples
+
+<AccordionGroup>
+    <Accordion title="Sync individual projects">
+        ```json
+        {
+            "type": "gitlab",
+            "projects": [
+                "my-group/foo",
+                "my-group/subgroup/bar"
+            ]
+        }
+        ```
+    </Accordion>
+    <Accordion title="Sync all projects in a group/subgroup">
+        ```json
+        {
+            "type": "gitlab",
+            "groups": [
+                "my-group",
+                "my-other-group/sub-group"
+            ]
+        }
+        ```
+    </Accordion>
+    <Accordion title="Sync all projects in a self managed instance">
+        <Note>This option is ignored if `url` is unset. See [connecting to a custom gitlab host](/docs/connections/gitlab#connecting-to-a-custom-gitlab-host).</Note>
+        ```json
+        {
+            "type": "gitlab",
+            "url": "https://gitlab.example.com",
+            // Index all projects in this self-managed instance
+            "all": true
+        }
+        ```
+    </Accordion>
+    <Accordion title="Sync all projects owned by a user">
+        ```json
+        {
+            "type": "gitlab",
+            "users": [
+                "user-1",
+                "user-2"
+            ]
+        }
+        ```
+    </Accordion>
+    <Accordion title="Filter projects by topic">
+        ```json
+        {
+            "type": "gitlab",
+            // Sync all projects in `my-group` that have a topic that...
+            "groups": [
+                "my-group"
+            ],
+            // ...match one of these glob patterns.
+            "topics": [
+                "test-*",
+                "ci-*",
+                "k8s"
+            ]
+        }
+
+        ```
+    </Accordion>
+    <Accordion title="Exclude projects from syncing">
+        ```json
+        {
+            "type": "gitlab",
+            // Include all projects in these groups...
+            "groups": [
+                "my-group",
+                "my-other-group/sub-group"
+            ]
+            // ...except:
+            "exclude": {
+                // projects that are archived
+                "archived": true,
+                // projects that are forks
+                "forks": true,
+                // projects that are owned by users (not groups)
+                "userOwnedProjects": true,
+                // projects that match these glob patterns
+                "projects": [
+                    "my-group/foo/**",
+                    "my-group/bar/**",
+                    "my-other-group/sub-group/specific-project"
+                ],
+                // repos with topics that match these glob patterns
+                "topics": [
+                    "test-*",
+                    "ci"
+                ]
+            }
+        }
+        ```
+    </Accordion>
+</AccordionGroup>
+
+
+## Authenticating with GitLab
+
+In order to index private projects, you'll need to generate a GitLab Personal Access Token (PAT). Create a new PAT [here](https://gitlab.com/-/user_settings/personal_access_tokens) and make sure you select the `read_api` scope:
+
+![GitLab PAT Scope](/images/gitlab_pat_scopes.png)
+
+Next, provide the PAT via an environment variable [token](/docs/configuration/config-file#tokens) which is referenced in the `token` property:
+
+<Tabs>
+    <Tab title="Environment Variable">
+
+        1. Add the `token` property to your connection config:
+        ```json
+        {
+            "type": "gitlab",
+            "token": {
+                // note: this env var can be named anything. It
+                // doesn't need to be `GITLAB_TOKEN`.
+                "env": "GITLAB_TOKEN"
+            }
+            // .. rest of config ..
+        }
+        ```
+
+        2. Pass this environment variable each time you run Sourcebot:
+        ```bash
+            docker run \
+                -e GITLAB_TOKEN=<PAT> \
+                /* additional args */ \
+                ghcr.io/sourcebot-dev/sourcebot:latest
+        ```
+    </Tab>
+</Tabs>
+
+## Connecting to a custom GitLab host
+
+To connect to a GitLab host other than `gitlab.com`, provide the `url` property to your config:
+
+```json
+{
+    "type": "gitlab",
+    "url": "https://gitlab.example.com"
+    // .. rest of config ..
+}
+```
+
+## Troubleshooting
+
+- If you're seeing errors like `GitbeakerTimeoutError: Query timeout was reached` when syncing a large number of projects, you can increase the client's timeout by setting the `GITLAB_CLIENT_QUERY_TIMEOUT_SECONDS` environment variable. [#162](https://github.com/sourcebot-dev/sourcebot/issues/162)
+
+## Schema reference
+
+<Accordion title="Reference">
+[schemas/v3/gitlab.json](https://github.com/sourcebot-dev/sourcebot/blob/main/schemas/v3/gitlab.json)
+
+<GitLabSchema />
+
+</Accordion>

docs/docs/connections/local-repos.mdx

@@ -0,0 +1,86 @@
+---
+title: Local Git repositories
+icon: folder
+---
+
+import GenericGitHost from '/snippets/schemas/v3/genericGitHost.schema.mdx'
+
+Sourcebot can sync code from generic git repositories stored in a local directory. This can be helpful in scenarios where you already have a large number of repos already checked out. Local repositories are treated as **read-only**, meaning Sourcebot will **not** `git fetch` new revisions.
+
+If you're not familiar with Sourcebot [connections](/docs/connections/overview), please read that overview first.
+
+## Getting Started
+
+<Warning>
+Only folders containing git repositories at their root **and** have a `remote.origin.url` set in their git config are supported at this time. All other folders will be skipped.
+</Warning>
+
+Let's assume we have a `repos` directory located at `$(PWD)` with a collection of git repositories:
+
+```sh
+repos/
+├─ repo_1/
+├─ repo_2/
+├─ repo_3/
+├─ ...
+```
+
+To get Sourcebot to index these repositories:
+
+<Steps>
+    <Step title="Mount a volume">
+        We need to mount a docker volume to the `repos` directory so Sourcebot can read it's contents. Sourcebot will **not** write to local repositories, so we can mount a separate **read-only** volume:
+
+        ``` bash
+        docker run \
+            -v $(pwd)/repos:/repos:ro \
+            /* additional args */ \
+            ghcr.io/sourcebot-dev/sourcebot:latest
+        ```
+    </Step>
+
+    <Step title="Create a connection">
+        We can now create a new git [connection](/docs/connections/overview), specifying local paths with the `file://` prefix. Glob patterns are supported. For example: 
+
+        ```json
+        {
+            "type": "git",
+            "url": "file:///repos/*"
+        }
+        ```
+
+        Sourcebot will expand this glob pattern into paths `/repos/repo_1`, `/repos/repo_2`, etc. and index all valid git repositories.
+    </Step>
+</Steps>
+
+## Examples
+
+
+<AccordionGroup>
+    <Accordion title="Sync individual repo">
+        ```json
+        {
+            "type": "git",
+            "url": "file:///path/to/git_repo"
+        }
+        ```
+    </Accordion>
+    <Accordion title="Sync multiple repos using glob patterns">
+        ```json
+        // Attempt to sync directories contained in `repos/` (non-recursive)
+        {
+            "type": "git",
+            "url": "file:///repos/*"
+        }
+        ```
+    </Accordion>
+</AccordionGroup>
+
+## Schema reference
+
+<Accordion title="Reference">
+[schemas/v3/genericGitHost.json](https://github.com/sourcebot-dev/sourcebot/blob/main/schemas/v3/genericGitHost.json)
+
+<GenericGitHost />
+
+</Accordion>

docs/docs/connections/overview.mdx

@@ -0,0 +1,101 @@
+---
+title: Overview
+sidebarTitle: Overview
+---
+
+import SupportedPlatforms from '/snippets/platform-support.mdx'
+import ConfigSchema from '/snippets/schemas/v3/index.schema.mdx'
+
+A **connection** represents Sourcebot's link to a code host platform (GitHub, GitLab, etc). Connections are defined within the [config file](/docs/configuration/config-file) you provide Sourcebot.
+
+Each connection defines how Sourcebot should authenticate and interact with a particular host, and which repositories to sync and index from that host. Connections are uniquely identified by their name.
+
+```json wrap icon="code" Example config with two connections
+{
+    "$schema": "https://raw.githubusercontent.com/sourcebot-dev/sourcebot/main/schemas/v3/index.json",
+    "connections": {
+        // 1. A connection to GitHub.com
+        "github-connection": {
+            "type": "github",
+            "repos": [
+                "sourcebot-dev/sourcebot"
+            ],
+            "token": {
+                "env": "GITHUB_TOKEN"
+            }
+        },
+        // 2. A self-hosted GitLab instance
+        "gitlab-connection": {
+            "type": "gitlab",
+            "url": "https://gitlab.example.com",
+            "groups": [
+                "my-group",
+                "my-other-group/sub-group"
+            ],
+            "token": {
+                "env": "GITLAB_TOKEN"
+            }
+        }
+    }
+}
+```
+
+Configuration files must conform to the [JSON schema](#schema-reference).
+
+## Connection Syncing
+
+When a connection is first discovered, or the `resyncConnectionIntervalMs` [setting](/docs/configuration/config-file#settings) has exceeded, the connection will be synced. This consists of:
+1. Fetching the latest changes from `HEAD` (and any [additional branches](/docs/features/search/multi-branch-indexing)) from the code host.
+2. Re-indexing the repository.
+
+This is processed in a [job queue](/docs/overview#architecture), and is parallelized across multiple worker processes. Jobs will take longer to complete the first time a repository is synced, or when a diff is large.
+
+On the home page, you can view the sync status of ongoing jobs:
+
+<video
+    autoPlay
+    muted
+    loop
+    playsInline
+    className="w-full aspect-video"
+    src="https://framerusercontent.com/assets/7YyxK8ctPEy9Rf68X2kIdMI.mp4"
+></video>
+
+## Platform Connection Guides
+
+To learn more about how to create a connection for a specific code host, check out the guides below.
+
+<SupportedPlatforms />
+
+<Note>Missing your code host? [Submit a feature request on GitHub](https://github.com/sourcebot-dev/sourcebot/issues/new?template=feature_request.md).</Note>
+
+## Indexing Large Files
+
+By default, Sourcebot will skip indexing files that are larger than 2MB or have more than 20,000 trigrams. You can configure this by setting the `maxFileSize` and `maxTrigramCount` [settings](/docs/configuration/config-file#settings).
+
+These limits can be ignored for specific files by passing in a comma separated list of glob patterns matching file paths to the `ALWAYS_INDEX_FILE_PATTERNS` environment variable. For example:
+
+```bash
+# Always index all .sum and .lock files
+ALWAYS_INDEX_FILE_PATTERNS=**/*.sum,**/*.lock
+```
+
+Files that have been skipped are assigned the `skipped` language. You can view a list of all skipped files by using the following query:
+```
+lang:skipped
+```
+
+## Indexing Binary Files
+
+Binary files cannot be indexed by Sourcebot. See [#575](https://github.com/sourcebot-dev/sourcebot/issues/575) for more information.
+
+
+## Schema reference
+---
+
+<Accordion title="Reference">
+[schemas/v3/index.json](https://github.com/sourcebot-dev/sourcebot/blob/main/schemas/v3/index.json)
+
+<ConfigSchema />
+
+</Accordion>

docs/docs/connections/request-new.mdx

@@ -0,0 +1,8 @@
+---
+sidebarTitle: Request another host
+url: https://github.com/sourcebot-dev/sourcebot/issues/new?template=feature_request.md
+title: Request another code host
+icon: plus
+---
+
+Is your code host not supported? Please open a [feature request](https://github.com/sourcebot-dev/sourcebot/issues/new?template=feature_request.md).

docs/docs/deployment/docker-compose.mdx

@@ -0,0 +1,61 @@
+---
+title: "Docker Compose"
+---
+
+This guide will walk you through deploying Sourcebot locally or on a VM using Docker Compose. We will use the [docker-compose.yml](https://github.com/sourcebot-dev/sourcebot/blob/main/docker-compose.yml) file from the Sourcebot repository. This is the simplest way to get started with Sourcebot.
+
+If you are looking to deploy onto Kubernetes, see the [Kubernetes (Helm)](/docs/deployment/k8s) guide.
+
+## Get started
+
+<Steps>
+    <Step title="Requirements">
+        - docker & docker compose. Use [Docker Desktop](https://www.docker.com/products/docker-desktop/) on Mac or Windows.
+    </Step>
+    <Step title="Obtain the Docker Compose file">
+        Download the [docker-compose.yml](https://github.com/sourcebot-dev/sourcebot/blob/main/docker-compose.yml) file from the Sourcebot repository.
+
+        ```bash wrap icon="terminal"
+        curl -o docker-compose.yml https://raw.githubusercontent.com/sourcebot-dev/sourcebot/main/docker-compose.yml
+        ```
+    </Step>
+
+    <Step title="Create a config.json">
+
+        In the same directory as the `docker-compose.yml` file, create a [configuration file](/docs/configuration/config-file). The configuration file is a JSON file that configures Sourcebot's behaviour, including what repositories to index, language model providers, auth providers, and more.
+
+        ```bash wrap icon="terminal" Create example config
+        touch config.json
+        echo '{
+            "$schema": "https://raw.githubusercontent.com/sourcebot-dev/sourcebot/main/schemas/v3/index.json",
+            // Comments are supported.
+            // This config creates a single connection to GitHub.com that
+            // indexes the Sourcebot repository
+            "connections": {
+                "starter-connection": {
+                    "type": "github",
+                    "repos": [
+                        "sourcebot-dev/sourcebot"
+                    ]
+                }
+            }
+        }' > config.json
+        ```
+    </Step>
+
+    <Step title="Launch your instance">
+        Update the secrets in the `docker-compose.yml` and then run Sourcebot using:
+
+        ```bash wrap icon="terminal"
+        docker compose up
+        ```
+    </Step>
+
+    <Step title="Done">
+        You're all set! Navigate to [http://localhost:3000](http://localhost:3000) to access your Sourcebot instance.
+    </Step>
+</Steps>
+
+## Next steps
+
+

docs/docs/deployment/k8s.mdx

@@ -0,0 +1,4 @@
+---
+title: "Kubernetes (Helm)"
+url: https://github.com/sourcebot-dev/sourcebot-helm-chart
+---

docs/docs/features/agents/overview.mdx

@@ -0,0 +1,17 @@
+---
+title: "Agents Overview"
+sidebarTitle: "Overview"
+---
+
+import ExperimentalFeatureWarning from '/snippets/experimental-feature-warning.mdx'
+
+<ExperimentalFeatureWarning />
+
+Agents are automations that leverage the code indexed on Sourcebot to perform a specific task. Once you've setup Sourcebot, check out the
+guides below to configure additional agents.
+
+<CardGroup cols={2}>
+    <Card horizontal title="Review Agent" icon="gear" href="/docs/features/agents/review-agent">
+        An AI agent that reviews your PRs to identify issues
+    </Card>
+</CardGroup>

docs/docs/features/agents/review-agent.mdx

@@ -0,0 +1,96 @@
+---
+title: AI Code Review Agent
+sidebarTitle: AI code review agent
+---
+
+<Note>
+This agent sends data to OpenAI (through an API key you supply) to perform code reviews. This data includes code from the PR being reviewed, as well as additional relevant context from your
+codebase that the agent may fetch to perform the review.
+</Note>
+
+This agent provides codebase-aware reviews for your PRs. For each diff, this agent fetches relevant context from Sourcebot and feeds it into an LLM for a detailed review of your changes.
+
+The AI Code Review Agent is [fair source](https://github.com/sourcebot-dev/sourcebot/tree/main/packages/web/src/features/agents/review-agent) and packaged in [Sourcebot](https://github.com/sourcebot-dev/sourcebot). To get started using this agent, [deploy Sourcebot](/docs/deployment/docker-compose)
+and then follow the configuration instructions below.
+
+![AI Code Review Agent Example](/images/review_agent_example.png)
+
+# Configure
+
+This agent currently only supports reviewing GitHub PRs. You configure the agent by creating a GitHub app, installing it into your GitHub organization, and then giving your app info to Sourcebot.
+
+Before you get started, make sure you have an OpenAPI account that you can create an OpenAPI key with.
+
+<Steps>
+    <Step title="Register a GitHub app">
+        Follow the official GitHub guide for [registering a GitHub app](https://docs.github.com/en/apps/creating-github-apps/registering-a-github-app/registering-a-github-app)
+
+        - GitHub App name: You can make this whatever you want (ex. Sourcebot Review Agent)
+        - Homepage URL: You can make this whatever you want (ex. https://www.sourcebot.dev/)
+        - Webhook URL (**IMPORTANT**): You must set this to point to your Sourcebot deployment at /api/webhook (ex. https://sourcebot.aperture.com/api/webhook). Your Sourcebot deployment must be able to accept requests from GitHub
+        (either github.com or your self-hosted enterprise server) for this to work. If you're running Sourcebot locally, you can [use smee](https://docs.github.com/en/apps/creating-github-apps/writing-code-for-a-github-app/quickstart#step-2-get-a-webhook-proxy-url) to [forward webhooks](https://docs.github.com/en/apps/creating-github-apps/writing-code-for-a-github-app/quickstart#step-6-start-your-server) to your local deployment.
+        - Webook Secret: This can be any string (ex. generate a random string `python -c "import secrets; print(secrets.token_hex(10))"`). You'll provide this to Sourcebot to be able to read webhook events from your app.
+        - Permissions
+            - Pull requests: Read & Write
+            - Issues: Read & Write
+            - Contents: Read
+        - Events:
+            - Pull request
+            - Issue comment
+    </Step>
+    <Step title="Install the GitHub app in your organization">
+        Navigate to your new [GitHub app's page](https://docs.github.com/en/apps/creating-github-apps/writing-code-for-a-github-app/quickstart#navigate-to-your-app-settings) and press `Install`
+    </Step>
+    <Step title="Configure the environment variables in Sourcebot">
+        Sourcebot requires the following environment variables to begin reviewing PRs through your new GitHub app:
+
+        - `GITHUB_REVIEW_AGENT_APP_ID`: The client ID of your GitHub app. Can be found in your [app settings](https://docs.github.com/en/apps/creating-github-apps/writing-code-for-a-github-app/quickstart#navigate-to-your-app-settings)
+        - `GITHUB_REVIEW_AGENT_APP_WEBHOOK_SECRET`: The webhook secret you defined in your GitHub app. Can be found in your [app settings](https://docs.github.com/en/apps/creating-github-apps/writing-code-for-a-github-app/quickstart#navigate-to-your-app-settings)
+        - `GITHUB_REVIEW_AGENT_APP_PRIVATE_KEY_PATH`: The path to your app's private key. If you're running Sourcebot from a container, this is the path to this file from within your container
+        (ex `/data/review-agent-key.pem`). You must copy the private key file into the directory you mount to Sourcebot (similar to the config file). 
+        
+        You can generate a private key file for your app in the [app settings](https://docs.github.com/en/apps/creating-github-apps/writing-code-for-a-github-app/quickstart#navigate-to-your-app-settings). You must copy this private key file into the
+        directory that you mount to Sourcebot
+        ![GitHub App Private Key](/images/github_app_private_key.png)
+        - `OPENAI_API_KEY`: Your OpenAI API key
+        - `REVIEW_AGENT_API_KEY`: The Sourcebot API key that the review agent uses to hit the Sourcebot API to fetch code context
+        - `REVIEW_AGENT_AUTO_REVIEW_ENABLED` (default: `false`): If enabled, the review agent will automatically review any new or updated PR. If disabled, you must invoke it using the command defined by `REVIEW_AGENT_REVIEW_COMMAND`
+        - `REVIEW_AGENT_REVIEW_COMMAND` (default: `review`): The command that invokes the review agent (ex. `/review`) when a user comments on the PR. Don't include the slash character in this value.
+
+        You can find an example docker compose file below. 
+        - This docker compose file is placed in `~/sourcebot_review_agent_workspace`, and I'm mounting that directory to Sourcebot
+        - The config and the app private key files are placed in this directory
+        - The paths to these files are given to Sourcebot relative to `/data` since that's the directory in Sourcebot that I'm mounting to
+
+        ```yaml
+        services:
+            sourcebot:
+                image: ghcr.io/sourcebot-dev/sourcebot:latest
+                pull_policy: always
+                container_name: sourcebot
+                ports:
+                    - "3000:3000"
+                volumes:
+                    - "/Users/michael/sourcebot_review_agent_workspace:/data"
+                environment:
+                    CONFIG_PATH: "/data/config.json"
+                    GITHUB_REVIEW_AGENT_APP_ID: "my-github-app-id"
+                    GITHUB_REVIEW_AGENT_APP_WEBHOOK_SECRET: "my-github-app-webhook-secret"
+                    GITHUB_REVIEW_AGENT_APP_PRIVATE_KEY_PATH: "/data/review-agent-key.pem"
+                    REVIEW_AGENT_API_KEY: "sourcebot-my-key"
+                    OPENAI_API_KEY: "sk-proj-my-open-api-key"
+        ```
+    </Step>
+    <Step title="Verify configuration">
+        Navigate to the agents page by pressing `Agents` in the Sourcebot nav menu. If you've configured your environment variables correctly you'll see the following:
+
+        ![Review Agent Configured](/images/review_agent_configured.png)
+    </Step>
+</Steps>
+
+# Using the agent
+
+The review agent will not automatically review your PRs by default. To enable this feature, set the `REVIEW_AGENT_AUTO_REVIEW_ENABLED` environment variable to true.
+
+You can invoke the review agent manually by commenting `/review` on the PR you'd like it to review. You can configure the command that triggers the agent by changing
+the `REVIEW_AGENT_REVIEW_COMMAND` environment variable. 

docs/docs/features/analytics.mdx

@@ -0,0 +1,51 @@
+---
+title: Analytics
+sidebarTitle: Analytics
+---
+
+import LicenseKeyRequired from '/snippets/license-key-required.mdx'
+import { Callout } from 'nextra/components'
+
+<LicenseKeyRequired />
+
+
+## Overview
+
+Analytics provides comprehensive insights into your organization's usage of Sourcebot, helping you understand adoption patterns and
+quantify the value of time saved.
+
+This dashboard is backed by [audit log](/docs/configuration/audit-logs) events. Please ensure you have audit logging enabled in order to see these insights.
+
+<video
+  autoPlay
+  muted
+  loop
+  playsInline
+  className="w-full aspect-video"
+  src="/images/analytics_demo.mp4"
+></video>
+
+## Data Metrics
+
+### Active Users
+Tracks the number of unique users who performed any Sourcebot operation within each time period. This metric helps you understand team adoption
+and engagement with Sourcebot.
+
+![DAU Chart](/images/dau_chart.png)
+
+### Code Searches
+Counts the number of code search operations performed by your team.
+
+![Code Search Chart](/images/code_search_chart.png)
+
+### Code Navigation
+Tracks "Go to Definition" and "Find All References" navigation actions. Navigation actions help developers quickly move
+between code locations and understand code relationships.
+
+![Code Nav Chart](/images/code_nav_chart.png)
+
+## Cost Savings Calculator
+
+The analytics dashboard includes a built-in cost savings calculator that helps you quantify the ROI of using Sourcebot.
+
+![Cost Savings Chart](/images/cost_savings_chart.png)

docs/docs/features/ask/add-model-providers.mdx

@@ -0,0 +1,5 @@
+---
+sidebarTitle: Configure language models
+url: /docs/configuration/language-model-providers
+title: Configure Language Models
+---

docs/docs/features/ask/overview.mdx

@@ -0,0 +1,56 @@
+---
+title: Overview
+---
+
+Ask Sourcebot gives you the ability to ask complex questions about your codebase in natural language. 
+
+It uses Sourcebot’s existing [code search](/docs/features/search/overview) and [navigation](/docs/features/code-navigation) tools to allow reasoning models to search your code, 
+follow code nav references, and provide an answer that’s rich with inline citations and navigable code snippets.
+
+<CardGroup>
+<Card title="Configure language models" icon="robot" href="/docs/configuration/language-model-providers" horizontal="true">
+    Learn how to connect your language model to Sourcebot
+</Card>
+<Card title="Index repos" icon="book" href="/docs/connections/overview" horizontal="true">
+    Learn how to index your repos so you can ask questions about them
+</Card>
+<Card title="Deployment guide" icon="server" href="/docs/deployment/docker-compose" horizontal="true">
+  Learn how to self-host Sourcebot in a few simple steps.
+</Card>
+<Card title="Public demo" icon="globe" href="https://demo.sourcebot.dev/" horizontal="true">
+  Try Ask Sourcebot on our public demo instance.
+</Card>
+</CardGroup>
+
+<video
+  autoPlay
+  muted
+  loop
+  playsInline
+  className="w-full aspect-video"
+  src="/images/ask_sourcebot_low_res.mp4"
+></video>
+
+# Why do we need another AI dev tool?
+
+Existing AI dev tools (Cursor, Claude Code, Copilot) are great at generating code. However, we believe one of the hardest parts of being
+a software engineer is **understanding code**. 
+
+In this domain, these tools fall short:
+- You can only ask questions about the code you have checked out locally
+- You get a wall of text that's difficult to parse, requiring you to go back and forth through different code snippets in the response
+- The richness of the explanation is limited by the fact that you're in your IDE
+
+We built Ask Sourcebot to address these problems. With Ask Sourcebot, you can:
+- Ask questions about your teams entire codebase (even on repos you don't have locally) 
+- Easily parse the response with side-by-side citations and code navigation
+- Share answers with your team to spread the knowledge
+
+Being a web app is less convenient than being in your IDE, but it allows Sourcebot to provide responses in a richer UI that isn't constrained by the IDE.
+
+We believe this experience of understanding your codebase is superior, and we hope you find it useful. We'd love to know what you think! Feel free to join the discussion on our
+[GitHub](https://github.com/sourcebot-dev/sourcebot/discussions).
+
+# Troubleshooting
+
+- **Network timeouts**: If you are hitting generic "network error" message while the answer is streaming when Sourcebot is deployed in a production environment, it may be due to your load balancer or proxy not being configured to handle long-lived connections. The timeout should be configured to a sufficiently large value (e.g., 5 minutes).

docs/docs/features/code-navigation.mdx

@@ -0,0 +1,44 @@
+---
+title: Code navigation
+sidebarTitle: Code navigation
+---
+
+import SearchContextSchema from '/snippets/schemas/v3/searchContext.schema.mdx'
+import LicenseKeyRequired from '/snippets/license-key-required.mdx'
+
+<LicenseKeyRequired />
+
+**Code navigation** allows you to jump between symbol definition and references when viewing source files in Sourcebot. This feature is enabled **automatically** when a valid license key is present and works with all popular programming languages.
+
+
+<video src="https://framerusercontent.com/assets/B9ZxrlsUeO9NJyzkKyvVV2KSU4.mp4" className="w-full aspect-video" controls></video>
+
+## Features
+
+| Feature | Description |
+|:--------|:------------|
+| **Hover popover** | Hovering over a symbol reveals the symbol's definition signature as a inline preview. |
+| **Go to definition** | Clicking the "go to definition" button in the popover or clicking the symbol name navigates to the symbol's definition. |
+| **Find references** | Clicking the "find all references" button in the popover lists all references in the explore panel. |
+| **Explore panel** | Lists all references and definitions for the symbol selected in the popover. |
+| **Cross-repository navigation** | You can search across all repositories by clicking the globe icon in the explore panel. By default, references and definitions are scoped to the repository where the symbol is being resolved. |
+
+## How does it work?
+
+Code navigation is **search-based**, meaning it uses the same code search engine and [query language](/docs/features/search/syntax-reference) to estimate a symbol's references and definitions. We refer to these estimations as "search heuristics". We have two search heuristics to enable the following operations:
+
+### Find references
+Given a `symbolName`, along with information about the file the symbol is contained within (`git_revision`, and `language`), runs the following search:
+
+```bash
+\\b{symbolName}\\b rev:{git_revision} lang:{language} case:yes
+```
+
+### Find definitions
+Given a `symbolName`, along with information about the file the symbol is contained within (`git_revision`, and `language`), runs the following search:
+
+```bash
+sym:\\b{symbolName}\\b rev:{git_revision} lang:{language}
+```
+
+Note that the `sym:` prefix is used to filter the search by symbol definitions. These are created at index time by [universal ctags](https://ctags.io/).

docs/docs/features/mcp-server.mdx

@@ -0,0 +1,188 @@
+---
+title: Sourcebot MCP server (@sourcebot/mcp)
+sidebarTitle: Sourcebot MCP server
+---
+
+The [Model Context Protocol](https://modelcontextprotocol.io/introduction) (MCP) is an open standard for providing context to LLMs. The [@sourcebot/mcp](https://www.npmjs.com/package/@sourcebot/mcp) package is a MCP server that enables LLMs to interface with your Sourcebot instance, enabling MCP clients like Cursor, Vscode, and others to have context over your entire codebase.
+
+## Getting Started
+
+<Steps>
+    <Step title="Launch Sourcebot">
+        Follow the [deployment guides](/docs/deployment/docker-compose) to launch Sourcebot and get your code indexed. The host url of your instance (e.g., `http://localhost:3000`) is passed to the MCP server via the `SOURCEBOT_HOST` url.
+
+        If a host is not provided, then the server will fallback to using the demo instance hosted at https://demo.sourcebot.dev. You can see the list of repositories indexed [here](https://demo.sourcebot.dev/~/repos). Add additional repositories by [opening a PR](https://github.com/sourcebot-dev/sourcebot/blob/main/demo-site-config.json).
+    </Step>
+
+    <Step title="Create an API key">
+        Create an API key to allow the MCP server to query your Sourcebot instance. To create an API key, login to your Sourcebot instance and navigate to **Settings -> API Keys**:
+
+        ![API Keys UI](/images/api_key.png)
+
+        Copy the API key and set it as the `SOURCEBOT_API_KEY` environment variable.
+    </Step>
+
+    <Step title="Install the MCP server">
+        <Note>
+            Ensure you have [Node.js](https://nodejs.org/en) >= v18.0.0 installed.
+        </Note>
+        Next, we can install the [@sourcebot/mcp](https://www.npmjs.com/package/@sourcebot/mcp) MCP server into any supported MCP client:
+        
+        <AccordionGroup>
+            <Accordion title="Cursor">
+                [Cursor MCP docs](https://docs.cursor.com/context/model-context-protocol)
+
+                Go to: `Settings` -> `Cursor Settings` -> `MCP` -> `Add new global MCP server`
+
+                Paste the following into your `~/.cursor/mcp.json` file. This will install Sourcebot globally within Cursor:
+
+                ```json
+                {
+                    "mcpServers": {
+                        "sourcebot": {
+                            "command": "npx",
+                            "args": ["-y", "@sourcebot/mcp@latest" ],
+                            "env": {
+                                "SOURCEBOT_HOST": "http://localhost:3000",
+                                "SOURCEBOT_API_KEY": "your-api-key"
+                            }
+                        }
+                    }
+                }
+                ```
+
+                Replace `http://localhost:3000` with wherever your Sourcebot instance is hosted.
+            </Accordion>
+            <Accordion title="Windsurf">
+                [Windsurf MCP docs](https://docs.windsurf.com/windsurf/mcp)
+
+                Go to: `Windsurf Settings` -> `Cascade` -> `Add Server` -> `Add Custom Server`
+
+                Paste the following into your `mcp_config.json` file:
+
+                ```json
+                {
+                    "mcpServers": {
+                        "sourcebot": {
+                            "command": "npx",
+                            "args": ["-y", "@sourcebot/mcp@latest" ],
+                            "env": {
+                                "SOURCEBOT_HOST": "http://localhost:3000",
+                                "SOURCEBOT_API_KEY": "your-api-key"
+                            }
+                        }
+                    }
+                }
+                ```
+
+                Replace `http://localhost:3000` with wherever your Sourcebot instance is hosted.
+
+            </Accordion>
+            <Accordion title="VS Code">
+                [VS Code MCP docs](https://code.visualstudio.com/docs/copilot/chat/mcp-servers)
+
+                Add the following to your [.vscode/mcp.json](https://code.visualstudio.com/docs/copilot/chat/mcp-servers#_add-an-mcp-server-to-your-workspace) file:
+                
+                ```json
+                {
+                    "servers": {
+                        "sourcebot": {
+                            "type": "stdio",
+                            "command": "npx",
+                            "args": ["-y", "@sourcebot/mcp@latest"],
+                            "env": {
+                                "SOURCEBOT_HOST": "http://localhost:3000",
+                                "SOURCEBOT_API_KEY": "your-api-key"
+                            }
+                        }
+                    }
+                }
+                ```
+
+                Replace `http://localhost:3000` with wherever your Sourcebot instance is hosted.
+            </Accordion>
+            <Accordion title="Claude Code">
+                [Claude Code MCP docs](https://docs.anthropic.com/en/docs/claude-code/tutorials#set-up-model-context-protocol-mcp)
+
+                Run the following command:
+
+                ```sh
+                claude mcp add sourcebot -e SOURCEBOT_HOST=http://localhost:3000 -e SOURCEBOT_API_KEY=your-api-key -- npx -y @sourcebot/mcp@latest
+                ```
+
+                Replace `http://localhost:3000` with wherever your Sourcebot instance is hosted.
+            </Accordion>
+            <Accordion title="Claude Desktop">
+                [Claude Desktop MCP docs](https://modelcontextprotocol.io/quickstart/user)
+
+                Add the following to your `claude_desktop_config.json`:
+
+                ```json
+                {
+                    "mcpServers": {
+                        "sourcebot": {
+                            "command": "npx",
+                            "args": ["-y", "@sourcebot/mcp@latest"],
+                            "env": {
+                                "SOURCEBOT_HOST": "http://localhost:3000",
+                                "SOURCEBOT_API_KEY": "your-api-key"
+                            }
+                        }
+                    }
+                }
+                ```
+
+                Replace `http://localhost:3000` with wherever your Sourcebot instance is hosted.
+            </Accordion>
+        </AccordionGroup>
+    </Step>
+
+    <Step title="Prompt the LLM">
+        Tell your LLM to `use sourcebot` when prompting.
+    </Step>
+
+</Steps>
+
+
+## Available Tools
+
+
+### `search_code`
+
+Fetches code that matches the provided regex pattern in `query`.
+
+Parameters:
+| Name                  | Required | Description                                                                                                                       |
+|:----------------------|:---------|:----------------------------------------------------------------------------------------------------------------------------------|
+| `query`               | yes      | Regex pattern to search for. Escape special characters and spaces with a single backslash (e.g., 'console\.log', 'console\ log'). |
+| `filterByRepoIds`     | no       | Restrict search to specific repository IDs (from 'list_repos'). Leave empty to search all.                                        |
+| `filterByLanguages`   | no       | Restrict search to specific languages (GitHub linguist format, e.g., Python, JavaScript).                                         |
+| `caseSensitive`       | no       | Case sensitive search (default: false).                                                                                           |
+| `includeCodeSnippets` | no       | Include code snippets in results (default: false).                                                                                |
+| `maxTokens`           | no       | Max tokens to return (default: env.DEFAULT_MINIMUM_TOKENS).                                                                       |
+
+
+### `list_repos`
+
+Lists all repositories indexed by Sourcebot.
+
+### `get_file_source`
+
+Fetches the source code for a given file.
+
+Parameters:
+| Name         | Required | Description                                                      |
+|:-------------|:---------|:-----------------------------------------------------------------|
+| `fileName`   | yes      | The file to fetch the source code for.                           |
+| `repoId`     | yes      | The Sourcebot repository ID.                                     |
+
+
+## Environment Variables
+
+| Name                     | Default                | Description                                       |
+|:-------------------------|:-----------------------|:--------------------------------------------------|
+| `SOURCEBOT_HOST`         | http://localhost:3000  | URL of your Sourcebot instance.                   |
+| `SOURCEBOT_API_KEY`      | -                      | Sourcebot API key.                                |
+| `DEFAULT_MINIMUM_TOKENS` | 10000                  | Minimum number of tokens to return in responses.  |
+| `DEFAULT_MATCHES`        | 10000                  | Number of code matches to fetch per search.       |
+| `DEFAULT_CONTEXT_LINES`  | 5                      | Lines of context to include above/below matches.  |

docs/docs/features/permission-syncing.mdx

@@ -0,0 +1,83 @@
+---
+title: "Permission syncing"
+sidebarTitle: "Permission syncing"
+---
+
+import LicenseKeyRequired from '/snippets/license-key-required.mdx'
+
+<LicenseKeyRequired />
+
+# Overview
+
+Permission syncing allows you to sync Access Permission Lists (ACLs) from a code host to Sourcebot. When configured, users signed into Sourcebot will only be able to access repositories
+that they have access to on the code host. Practically, this means:
+
+- Code Search results will only include repositories that the user has access to.
+- Code navigation results will only include repositories that the user has access to.
+- MCP results will only include results from repositories the user has access to.
+- Ask Sourcebot (and the underlying LLM) will only have access to repositories that the user has access to.
+- File browsing is scoped to the repositories that the user has access to.
+
+Permission syncing can be enabled by setting the `EXPERIMENT_EE_PERMISSION_SYNC_ENABLED` environment variable to `true`.
+
+```bash
+docker run \
+    -e EXPERIMENT_EE_PERMISSION_SYNC_ENABLED=true \
+    /* additional args */ \
+    ghcr.io/sourcebot-dev/sourcebot:latest
+```
+
+## Platform support
+
+We are actively working on supporting more code hosts. If you'd like to see a specific code host supported, please [reach out](https://www.sourcebot.dev/contact).
+
+| Platform | Permission syncing |
+|:----------|------------------------------|
+| [GitHub (GHEC & GHEC Server)](/docs/features/permission-syncing#github) | ✅ |
+| [GitLab (Self-managed & Cloud)](/docs/features/permission-syncing#gitlab) | ✅ |
+| Bitbucket Cloud | 🛑 |
+| Bitbucket Data Center | 🛑 |
+| Gitea | 🛑 |
+| Gerrit | 🛑 |
+| Generic git host | 🛑 |
+
+# Getting started
+
+## GitHub
+
+Prerequisite: Configure GitHub as an [external identity provider](/docs/configuration/idp).
+
+Permission syncing works with **GitHub.com**, **GitHub Enterprise Cloud**, and **GitHub Enterprise Server**. For organization-owned repositories, users that have **read-only** access (or above) via the following methods will have their access synced to Sourcebot:
+- Outside collaborators
+- Organization members that are direct collaborators
+- Organization members with access through team memberships
+- Organization members with access through default organization permissions
+- Organization owners.
+
+**Notes:**
+- A GitHub [external identity provider](/docs/configuration/idp) must be configured to (1) correlate a Sourcebot user with a GitHub user, and (2) to list repositories that the user has access to for [User driven syncing](/docs/features/permission-syncing#how-it-works).
+- OAuth tokens must assume the `repo` scope in order to use the [List repositories for the authenticated user API](https://docs.github.com/en/rest/repos/repos?apiVersion=2022-11-28#list-repositories-for-the-authenticated-user) during [User driven syncing](/docs/features/permission-syncing#how-it-works). Sourcebot **will only** use this token for **reads**.
+
+## GitLab
+
+Prerequisite: Configure GitLab as an [external identity provider](/docs/configuration/idp).
+
+Permission syncing works with **GitLab Self-managed** and **GitLab Cloud**. Users with **Guest** role or above with membership to a group or project will have their access synced to Sourcebot. Both direct and indirect membership to a group or project will be synced with Sourcebot. For more details, see the [GitLab docs](https://docs.gitlab.com/user/project/members/#membership-types).
+
+
+**Notes:**
+- A GitLab [external identity provider](/docs/configuration/idp) must be configured to (1) correlate a Sourcebot user with a GitLab user, and (2) to list repositories that the user has access to for [User driven syncing](/docs/features/permission-syncing#how-it-works).
+- OAuth tokens require the `read_api` scope in order to use the [List projects for the authenticated user API](https://docs.gitlab.com/ee/api/projects.html#list-all-projects) during [User driven syncing](/docs/features/permission-syncing#how-it-works).
+
+
+# How it works
+
+Permission syncing works by periodically syncing ACLs from the code host(s) to Sourcebot to build an internal mapping between Users and Repositories. This mapping is hydrated in two directions:
+- **User driven** : fetches the list of all repositories that a given user has access to.
+- **Repo driven** : fetches the list of all users that have access to a given repository.
+
+User driven and repo driven syncing occurs every 24 hours by default. These intervals can be configured using the following settings in the [config file](/docs/configuration/config-file):
+| Setting                                         | Type    | Default    | Minimum |
+|-------------------------------------------------|---------|------------|---------|
+| `experiment_repoDrivenPermissionSyncIntervalMs` | number  | 24 hours   | 1       |
+| `experiment_userDrivenPermissionSyncIntervalMs` | number  | 24 hours   | 1       |

docs/docs/features/search/multi-branch-indexing.mdx

@@ -0,0 +1,94 @@
+---
+title: Searching multiple branches and tags
+sidebarTitle: Searching multiple branches
+---
+
+By default, only the default branch of a repository is indexed and can be searched. Sourcebot can be configured to index additional branches (or tags) enabling multi-branch search. This is useful for scenarios such as:
+
+- Searching across different releases
+- Searching through feature branches during development
+- Tracking changes across multiple maintenance branches simultaneously
+
+## Configuration
+
+<Warning>
+Multi-branch indexing is currently limited to 64 branches and tags. Please see [this issue](https://github.com/sourcebot-dev/sourcebot/issues/461) for more details.
+</Warning>
+
+Multi-branch indexing is configured in the [connection](/docs/connections/overview) using the `revisions.branches` and `revisions.tags` arrays. Glob patterns are supported. For example:
+
+```json
+{
+    "$schema": "https://raw.githubusercontent.com/sourcebot-dev/sourcebot/main/schemas/v3/index.json",
+    "connections": {
+        "my-connection": {
+            "type": "github",
+            // For each of the repositories defined in this connection...
+            "repos": [
+                "org/repo1",
+                "org/repo2"
+            ],
+            // ... index the default branch, as well as...
+            "revisions": {
+                // These branches (if they exist):
+                "branches": [
+                    // Exact matches
+                    "dev",
+                    "staging",
+
+                    // Glob patterns
+                    "feature/*" // Matches: feature/auth, feature/ui, etc.
+                ],
+                
+                // These tags (if they exist):
+                "tags": [
+                    // Exact matches
+                    "v4.0.0-dev",
+                    
+                    // Glob patterns
+                    "v3.*.*", // Matches: v3.0.0, v3.0.1, etc.
+                    "rc-*"    // Matches: rc-1, rc-2, etc.
+                ]
+            }
+        }
+    }
+}
+```
+
+For each repo defined in the connection, any branches or tags matching the patterns in `branches` and `tags` array will be indexed.
+
+## Search syntax
+
+To search branches other than the default, the `rev:` prefix can be used followed by the branch (or tag) name:
+
+| Example | Explanation |
+| :--- | :--- |
+| `rev:feature/foo repo:A useEffect` | Search for `/useEffect/` on branch `feature/foo` in repo `A` |
+| `rev:feature/foo useEffect ` | Search for `/useEffect/` on branch `feature/foo` across all repos |
+| `rev:feature/ useEffect` | Search for `/useEffect/` on branches that contain `feature/` across all repos |
+| `rev:feature/a rev:feature/b foo` | Search for `/foo/` on branches `feature/a` and `feature/b` |
+| `rev:feature/ -rev:feature/a foo` | Search for `/foo/` on branches that contain `feature/` _except_ for `feature/a` across all repos |
+
+To search across **all** branches, `rev:*`:
+| Example | Explanation |
+| :--- | :--- |
+| `rev:* repo:A "error message"` | Search for `/error message/` across **all** branches in repo `A` |
+| `rev:* "error message"` | Search for `/error message/` across **all** branches and **all** repos |
+
+Additional info:
+- `refs/heads/` or `refs/tags/` can be included to fully qualify a branch or a tag, respectively. E.g., `rev:refs/heads/foo` will search the branch `foo`, while `rev:refs/tags/foo` will search the tag `foo`.
+- `rev:` does **not** support regular expressions or glob patterns. It uses a simple `contains` call between the branch name and the pattern. See [here](https://github.com/sourcebot-dev/zoekt/blob/7d1896215eea6f97af66c9549c9ec70436356b51/matchtree.go#L1067).
+
+
+## Platform support
+
+| Platform | Multi-branch indexing support |
+|:----------|------------------------------|
+| GitHub | ✅ |
+| GitLab | ✅ |
+| Bitbucket Cloud | ✅ |
+| Bitbucket Data Center | ✅ |
+| Gitea | ✅ |
+| Gerrit | ✅ |
+| Generic git host | ✅ |
+

docs/docs/features/search/overview.mdx

@@ -0,0 +1,40 @@
+---
+title: Overview
+---
+
+Search across all your repos/branches across any code host platform. Blazingly fast, and supports regular expressions, repo/language search filters, boolean logic, and more.
+
+<Accordion title="Key benefits">
+- **Regex support:** Use regular expressions to find code with precision.
+- **Query language:** Scope searches to specific files, repos, languages, symbol definitions and more using a rich [query language](/docs/features/search/syntax-reference).
+- **Branch search:** Specify a list of branches to search across ([docs](/docs/features/search/multi-branch-indexing)).
+- **Fast & scalable:** Sourcebot uses [trigram indexing](https://en.wikipedia.org/wiki/Trigram_search), allowing it to scale to massive codebases.
+- **Syntax highlighting:** Syntax highlighting support for over [100+ languages](https://github.com/sourcebot-dev/sourcebot/blob/57724689303f351c279d37f45b6406f1d5d5d5ab/packages/web/src/lib/codemirrorLanguage.ts#L125).
+- **Multi-repository:** Search across all of your repositories in a single search.
+- **Search suggestions:** Get search suggestions as you craft your query.
+- **Filter panel:** Filter results by repository or by language.
+</Accordion>
+
+<CardGroup>
+<Card title="Index repos" icon="book" href="/docs/connections/overview" horizontal="true">
+    Learn how to index your repos so you can ask questions about them
+</Card>
+<Card title="Branches" icon="split" href="/docs/features/search/multi-branch-indexing" horizontal="true">
+    Learn how to index and search through your branches
+</Card>
+<Card title="Deployment guides" icon="server" href="/docs/deployment/docker-compose" horizontal="true">
+  Learn how to self-host Sourcebot in a few simple steps.
+</Card>
+<Card title="Public demo" icon="globe" href="https://demo.sourcebot.dev/" horizontal="true">
+  Try Sourcebot's code search on our public demo instance.
+</Card>
+</CardGroup>
+
+<video
+  autoPlay
+  muted
+  loop
+  playsInline
+  className="w-full aspect-video"
+  src="https://framerusercontent.com/assets/cEqHNSLiMbNeG3bk5xheQWXmKqc.mp4"
+></video>

docs/docs/features/search/search-contexts.mdx

@@ -0,0 +1,117 @@
+---
+title: Search contexts
+sidebarTitle: Search contexts
+---
+
+import SearchContextSchema from '/snippets/schemas/v3/searchContext.schema.mdx'
+import LicenseKeyRequired from '/snippets/license-key-required.mdx'
+
+<LicenseKeyRequired />
+
+A **search context** is a user-defined grouping of repositories that helps focus searches on specific areas of your codebase, like frontend, backend, or infrastructure code. Some example queries using search contexts:
+
+- `context:data_engineering userId` - search for `userId` across all repos related to Data Engineering. 
+- `context:k8s ingress` - search for anything related to ingresses in your k8's configs.
+- `( context:project1 or context:project2 ) logger\.debug` - search for debug log calls in project1 and project2 
+
+
+Search contexts are defined in the `context` object inside of a [declarative config](/docs/configuration/declarative-config). Repositories can be included / excluded from a search context by specifying the repo's URL in either the `include` array or `exclude` array. Glob patterns are supported.
+
+## Example
+
+Let's assume we have a GitLab instance hosted at `https://gitlab.example.com` with three top-level groups, `web`, `backend`, and `shared`:
+
+```sh
+web/
+├─ admin_panel/
+├─ customer_portal/
+├─ pipelines/
+├─ ...
+backend/
+├─ billing_server/
+├─ auth_server/
+├─ db_migrations/
+├─ pipelines/
+├─ ...
+shared/
+├─ protobufs/
+├─ react/
+├─ pipelines/
+├─ ...
+```
+
+To make searching easier, we can create three search contexts in our [config.json](/docs/configuration/declarative-config):
+- `web`: For all frontend-related code
+- `backend`: For backend services and shared APIs
+- `pipelines`: For all CI/CD configurations
+
+
+```json
+{
+    "$schema": "https://raw.githubusercontent.com/sourcebot-dev/sourcebot/main/schemas/v3/index.json",
+    "contexts": {
+        "web": {
+            // To include repositories in a search context,
+            // you can reference them...
+            "include": [
+                // ... individually by specifying the repo URL.
+                "gitlab.example.com/web/admin_panel/core",
+
+
+                // ... or as groups using glob patterns. This is
+                // particularly useful for including entire "sub-folders"
+                // of repositories in one go.
+                "gitlab.example.com/web/customer_portal/**",
+                "gitlab.example.com/shared/react/**",
+                "gitlab.example.com/shared/protobufs/**"
+            ],
+
+            // Same with excluding repositories.
+            "exclude": [
+                "gitlab.example.com/web/customer_portal/pipelines",
+                "gitlab.example.com/shared/react/hooks/**",
+            ],
+
+            // Optional description of the search context
+            // that surfaces in the UI.
+            "description": "Web related repos."
+        },
+        "backend": { /* ... specifies backend replated repos ... */},
+        "pipelines": { /* ... specifies pipeline related repos ... */ }
+    },
+    "connections": {
+        /* ...connection definitions... */
+    }
+}
+```
+
+<Accordion title="Repository URL details">
+    Repo URLs are expected to be formatted without the leading http(s):// prefix. For example:
+    - `github.com/sourcebot-dev/sourcebot` ([link](https://github.com/sourcebot-dev/sourcebot))
+    - `gitlab.com/gitlab-org/gitlab` ([link](https://gitlab.com/gitlab-org/gitlab))
+    - `chromium.googlesource.com/chromium` ([link](https://chromium-review.googlesource.com/admin/repos/chromium,general))
+</Accordion>
+
+
+Once configured, you can use these contexts in the search bar by prefixing your query with the context name. For example:
+- `context:web login form` searches for login form code in frontend repositories
+- `context:backend auth` searches for authentication code in backend services
+- `context:pipelines deploy` searches for deployment configurations
+
+![Example](/images/search_contexts_example.png)
+
+Like other prefixes, contexts can be negated using `-` or combined using `or`:
+- `-context:web` excludes frontend repositories from results
+- `( context:web or context:backend )` searches across both frontend and backend code
+
+See [this doc](/docs/features/search/syntax-reference) for more details on the search query syntax.
+
+## Schema reference
+
+<Accordion title="Reference">
+
+[schemas/v3/searchContext.json](https://github.com/sourcebot-dev/sourcebot/blob/main/schemas/v3/searchContext.json)
+
+<SearchContextSchema />
+
+</Accordion>

docs/docs/features/search/syntax-reference.mdx

@@ -0,0 +1,54 @@
+---
+title: Writing search queries
+---
+
+Sourcebot uses a powerful regex-based query language that enabled precise code search within large codebases.
+
+## Syntax reference guide
+
+Queries consist of space-separated search patterns that are matched against file contents. A file must have at least one match for each expression to be included. Queries can optionally contain search filters to further refine the search results.
+
+## Keyword search (default)
+
+Keyword search matches search patterns exactly in file contents. Wrapping search patterns in `""` combines them as a single expression.
+
+| Example | Explanation |
+| :--- | :--- |
+| `foo` | Match files containing the keyword `foo` |
+| `foo bar` | Match files containing both `foo` **and** `bar` |
+| `"foo bar"` | Match files containing the phrase `foo bar` |
+| `"foo \"bar\""` | Match files containing `foo "bar"` exactly (escaped quotes) |
+
+## Regex search
+
+Toggle the regex button (`.*`) in the search bar to interpret search patterns as regular expressions.
+
+| Example | Explanation |
+| :--- | :--- |
+| `foo` | Match files with regex `/foo/` |
+| `foo.*bar` | Match files with regex `/foo.*bar/` (foo followed by any characters, then bar) |
+| `^function\s+\w+` | Match files with regex `/^function\s+\w+/` (function at start of line, followed by whitespace and word characters) |
+| `"foo bar"` | Match files with regex `/foo bar/`. Quotes are not matched. |
+
+## Search filters
+
+Search queries (keyword or regex) can include multiple search filters to further refine the search results. Some filters can be negated using the `-` prefix.
+
+| Prefix | Description | Example |
+| :--- | :--- | :--- |
+| `file:` | Filter results from filepaths that match the regex. By default all files are searched. | `file:README` - Filter results to filepaths that match regex `/README/`<br/>`file:"my file"` - Filter results to filepaths that match regex `/my file/`<br/>`-file:test\.ts$` - Ignore results from filepaths match regex `/test\.ts$/` |
+| `repo:` | Filter results from repos that match the regex. By default all repos are searched. | `repo:linux` - Filter results to repos that match regex `/linux/`<br/>`-repo:^web/.*` - Ignore results from repos that match regex `/^web\/.*/` |
+| `rev:` | Filter results from a specific branch or tag. By default **only** the default branch is searched. | `rev:beta` - Filter results to branches that match regex `/beta/` |
+| `lang:` | Filter results by language (as defined by [linguist](https://github.com/github-linguist/linguist/blob/main/lib/linguist/languages.yml)). By default all languages are searched. | `lang:TypeScript` - Filter results to TypeScript files<br/>`-lang:YAML` - Ignore results from YAML files |
+| `sym:` | Match symbol definitions created by [universal ctags](https://ctags.io/) at index time. | `sym:\bmain\b` - Filter results to symbols that match regex `/\bmain\b/` |
+| `context:` | Filter results to a predefined [search context](/docs/features/search/search-contexts). | `context:web` - Filter results to the web context<br/>`-context:pipelines` - Ignore results from the pipelines context |
+
+## Boolean operators & grouping
+
+By default, space-separated expressions are and'd together. Using the `or` keyword as well as parentheses `()` can be used to create more complex boolean logic. Parentheses can be negated using the `-` prefix.
+
+| Example | Explanation |
+| :--- | :--- |
+| `foo or bar` | Match files containing `foo` **or** `bar` |
+| `foo (bar or baz)` | Match files containing `foo` **and** either `bar` **or** `baz`. |
+| `-(foo) bar` | Match files containing `bar` **and not** `foo`. |

docs/docs/license-key.mdx

@@ -0,0 +1,46 @@
+---
+title: License key
+sidebarTitle: License key
+---
+
+<Note>
+If you'd like a trial license, [reach out](https://www.sourcebot.dev/contact) and we'll send one over within 24 hours
+</Note>
+
+All core Sourcebot features are available under the [FSL license](https://github.com/sourcebot-dev/sourcebot/blob/main/LICENSE.md#functional-source-license-version-11-alv2-future-license). Some additional features require a license key. See the [pricing page](https://www.sourcebot.dev/pricing) for more details.
+
+
+## Activating a license key
+---
+
+After purchasing a license key, you can activate it by setting the `SOURCEBOT_EE_LICENSE_KEY` environment variable.
+
+```bash
+docker run \
+    -e SOURCEBOT_EE_LICENSE_KEY=<your-license-key> \
+    /* additional args */ \
+    ghcr.io/sourcebot-dev/sourcebot:latest
+```
+
+## Feature availability
+---
+
+| Feature | [FSL](https://github.com/sourcebot-dev/sourcebot/blob/main/LICENSE.md#functional-source-license-version-11-alv2-future-license) | [Enterprise](https://github.com/sourcebot-dev/sourcebot/blob/main/ee/LICENSE) |
+|:---------|:-----|:----------|
+| [Search](/docs/features/search/syntax-reference) | ✅ | ✅ |
+| [Full code host support](/docs/connections/overview) | ✅ | ✅ |
+| [MCP Server](/docs/features/mcp-server) | ✅ | ✅ | 
+| [Agents](/docs/features/agents/overview) | ✅ | ✅ |
+| [Login with credentials](/docs/configuration/auth/overview) | ✅ | ✅ |
+| [Login with email codes](/docs/configuration/auth/overview) | ✅ | ✅ |
+| [Login with SSO](/docs/configuration/auth/overview#enterprise-authentication-providers) | 🛑 | ✅ |
+| [Permission syncing](/docs/features/permission-syncing) | 🛑 | ✅ |
+| [Code navigation](/docs/features/code-navigation) | 🛑 | ✅ |
+| [Search contexts](/docs/features/search/search-contexts) | 🛑 | ✅ |
+| [Audit logs](/docs/configuration/audit-logs) | 🛑 | ✅ |
+| [Analytics](/docs/features/analytics) | 🛑 | ✅ |
+
+
+## Questions?
+
+If you have any questions regarding licensing, please [contact us](https://www.sourcebot.dev/contact).

docs/docs/overview.mdx

@@ -0,0 +1,227 @@
+---
+title: "Overview"
+---
+
+[Sourcebot](https://github.com/sourcebot-dev/sourcebot) is a platform that helps humans and agents understand your codebase:
+
+- [Code search](/docs/features/search/overview): Search and navigate across all your repos and branches, no matter where they’re hosted
+- [Ask Sourcebot](/docs/features/ask): Ask questions about your codebase and have Sourcebot provide detailed answers grounded with inline citations
+- [MCP](/docs/features/mcp-server): Enrich agent context windows with code across your organization
+
+<CardGroup>
+<Card title="Deployment guides" icon="server" href="/docs/deployment/docker-compose" horizontal="true">
+  Learn how to self-host Sourcebot in a few simple steps.
+</Card>
+<Card title="Public demo" icon="globe" href="https://demo.sourcebot.dev/" horizontal="true">
+  Check out Sourcebot's features on our public demo instance.
+</Card>
+</CardGroup>
+
+<AccordionGroup>
+  <Accordion title="Why Sourcebot?">
+    - **Full-featured search:** Fast indexed-based search with regex support, filters, branch search, boolean logic, and more.
+    - **Self-hosted:** Deploy it in minutes using our official [docker container](https://github.com/sourcebot-dev/sourcebot/pkgs/container/sourcebot). All of your data stays on your machine.
+    - **Modern design:** Light/Dark mode, vim keybindings, keyboard shortcuts, syntax highlighting, etc.
+    - **Scalable:** Scales to millions of lines of code.
+    - **Fair-source:** Core features are [FSL licensed](https://github.com/sourcebot-dev/sourcebot/blob/main/LICENSE.md#functional-source-license-version-11-alv2-future-license).
+  </Accordion>
+</AccordionGroup>
+
+## Features
+---
+
+<Info>
+  Find an overview of all Sourcebot features below. For details, see the individual documentation pages.
+</Info>
+
+### Ask Sourcebot
+
+[Ask Sourcebot](/docs/features/ask) gives you the ability to ask complex questions about your codebase, and have Sourcebot provide detailed answers with inline citations.
+
+<Accordion title="Key benefits">
+- **Bring your own model:** [Configure](/docs/configuration/language-model-providers) to any language model you'd like
+- **Inline citations:** Every answer Sourcebot provides is grounded with inline citations directly into your codebase
+- **Mutli-repo:** Ask questions about any repository you have indexed on Sourcebot
+</Accordion>
+
+<video
+  autoPlay
+  muted
+  loop
+  playsInline
+  className="w-full aspect-video"
+  src="/images/ask_sourcebot_low_res.mp4"
+></video>
+
+### Code Search
+
+Search across all your repos/branches across any code host platform. Blazingly fast, and supports regular expressions, repo/language search filters, boolean logic, and more.
+
+<Accordion title="Key benefits">
+- **Regex support:** Use regular expressions to find code with precision.
+- **Query language:** Scope searches to specific files, repos, languages, symbol definitions and more using a rich [query language](/docs/features/search/syntax-reference).
+- **Branch search:** Specify a list of branches to search across ([docs](/docs/features/search/multi-branch-indexing)).
+- **Fast & scalable:** Sourcebot uses [trigram indexing](https://en.wikipedia.org/wiki/Trigram_search), allowing it to scale to massive codebases.
+- **Syntax highlighting:** Syntax highlighting support for over [100+ languages](https://github.com/sourcebot-dev/sourcebot/blob/57724689303f351c279d37f45b6406f1d5d5d5ab/packages/web/src/lib/codemirrorLanguage.ts#L125).
+- **Multi-repository:** Search across all of your repositories in a single search.
+- **Search suggestions:** Get search suggestions as you craft your query.
+- **Filter panel:** Filter results by repository or by language.
+</Accordion>
+
+<video
+  autoPlay
+  muted
+  loop
+  playsInline
+  className="w-full aspect-video"
+  src="https://framerusercontent.com/assets/cEqHNSLiMbNeG3bk5xheQWXmKqc.mp4"
+></video>
+
+### Code Navigation
+
+[Code navigation](/docs/features/code-navigation) helps you jump between symbol definitions and references quickly when browsing source code in Sourcebot.
+
+<Accordion title="Key benefits">
+- **Hover popover:** Hovering over a symbol reveals the symbol's definition signature in a inline preview.
+- **Go to definition:** Navigate to a symbol's definition(s).
+- **Find references:** Get all references to a symbol.
+- **Cross-repository:** Sourcebot can resolve references and definitions across repositories.
+</Accordion>
+
+<video
+  autoPlay
+  muted
+  loop
+  playsInline
+  className="w-full aspect-video"
+  src="/images/code_nav.mp4"
+></video>
+
+
+### Cross code-host support
+
+Connect your code from multiple code-host platforms and search across all of them from a single interface.
+
+<Accordion title="Key benefits">
+- **Auto re-syncing:** Sourcebot will periodically sync with code hosts to pull the latest changes.
+- **Flexible configuration:** Sourcebot uses an expressive [JSON schema](/docs/connections/overview) config format to specify exactly what repositories to index (and what not to index).
+- **Parallel indexing:** Repositories are indexed in parallel.
+</Accordion>
+
+<Columns cols={4}>
+  <Tooltip tip="GitHub.com | Enterprise Server | Enterprise Cloud">
+    <Card title="GitHub" img="/images/github.png" href="/docs/connections/github" />
+  </Tooltip>
+  <Tooltip tip="GitLab.com | Self Managed (CE & EE) | Dedicated">
+    <Card title="GitLab" img="/images/gitlab.png" href="/docs/connections/gitlab" />
+  </Tooltip>
+  <Tooltip tip="Bitbucket cloud | Bitbucket Data Center">
+    <Card title="BitBucket" img="/images/bitbucket.png" href="/docs/connections/bitbucket-cloud" />
+  </Tooltip>
+  <Tooltip tip="Gitea.com | Gitea Self-hosted">
+    <Card title="Gitea" img="/images/gitea.png" href="/docs/connections/gitea" />
+  </Tooltip>
+  <Card title="Gerrit" img="/images/gerrit.png" href="/docs/connections/gerrit" />
+  <Card title="Other Git Hosts" img="/images/git.png" href="/docs/connections/generic-git-host" />
+  <Card title="Local Git Repos" img="/images/local.png" href="/docs/connections/local-repos" />
+</Columns>
+
+
+### Authentication
+
+Sourcebot comes with built-in support for authentication via [email/password](/docs/configuration/auth/overview#email-%2F-password), [email codes](/docs/configuration/auth/overview#email-codes), and various [SSO providers](/docs/configuration/auth/overview#enterprise-authentication-providers).
+
+<Accordion title="Key benefits">
+- **Configurable auth providers:** Configure the auth providers that are available to your team.
+- **SSO:** Support for various SSO providers.
+- **_(coming soon)_ RBAC:** Role-based access control for managing user permissions.
+- **_(coming soon)_ Code host permission syncing:** Sync permissions from GitHub, Gitlab, etc. to Sourcebot.
+- **_(coming soon)_ Audit logs:** Audit logs for all actions performed on Sourcebot, such as user login, search, etc.
+</Accordion>
+
+<video
+  autoPlay
+  muted
+  loop
+  playsInline
+  className="w-full aspect-video"
+  src="https://framerusercontent.com/assets/t9Ci6NVULrcAG7u8hcBnR0Fnc.mp4"
+></video>
+
+### Self-hosted
+
+Sourcebot is designed to be easily self-hosted, allowing you to deploy it onto your own infrastructure, keeping your code private and secure.
+
+<Accordion title="Key benefits">
+- **Easy deployment:** Sourcebot is shipped as a [single docker container](https://github.com/sourcebot-dev/sourcebot/pkgs/container/sourcebot) that can be deployed to a k8s cluster, a VM, or any other platform that supports docker.
+- **Secure:** Your code **never** leaves your infrastructure.
+- **No-vendor lock-in:** Avoid dependency on a third-party SaaS provider; you can modify, extend, or migrate your deployment as needed.
+</Accordion>
+
+## Get started
+---
+
+<CardGroup cols={2}>
+    <Card horizontal title="Deployment guides ->" href="/docs/deployment/docker-compose" />
+    <Card horizontal title="Connecting your code ->" href="/docs/connections/overview" />
+    <Card horizontal title="Search syntax reference ->" href="/docs/features/search/syntax-reference" />
+    <Card horizontal title="Code navigation overview ->" href="/docs/features/code-navigation" />
+</CardGroup>
+
+## Architecture
+---
+
+Sourcebot is shipped as a single docker container that runs a collection of services using [supervisord](https://supervisord.org/):
+
+![architecture diagram](/images/architecture_diagram.png)
+
+{/*TODO: outline the different services, how Sourcebot communicates with code hosts, and the different*/}
+
+Sourcebot consists of the following components:
+- **Web Server** : main Next.js web application serving the Sourcebot UI.
+- **Backend Worker** : Node.js process that incrementally syncs with code hosts (e.g., GitHub, GitLab etc.) and asynchronously indexes configured repositories.
+- **Zoekt** : the [open-source](https://github.com/sourcegraph/zoekt), trigram indexing code search engine that powers Sourcebot under the hood.
+- **Postgres** : transactional database for storing business-logic data.
+- **Redis Job Queue** : fast in-memory store. Used with [BullMQ](https://docs.bullmq.io/) for queuing asynchronous work.
+- **`.sourcebot/` cache** : file-system cache where persistent data is written.
+
+You can use managed Redis / Postgres services that run outside of the Sourcebot container by providing the `REDIS_URL` and `DATABASE_URL` environment variables, respectively. See the [environment variables](/docs/configuration/environment-variables) doc for more configuration options.
+
+## Scalability
+---
+
+One of our design philosophies for Sourcebot is to keep our infrastructure [radically simple](https://www.radicalsimpli.city/) while balancing scalability concerns. Depending on the number of repositories you have indexed and the instance you are running Sourcebot on, you may experience slow search times or other performance degradations. Our recommendation is to vertically scale your instance by increasing the number of CPU cores and memory.
+
+Sourcebot does not support horizontal scaling at this time, but it is on our roadmap. If this is something your team would be interested in, please contact us at [team@sourcebot.dev](mailto:team@sourcebot.dev).
+
+## License key
+---
+
+Sourcebot's core features are available under an [FSL licensed](https://github.com/sourcebot-dev/sourcebot/blob/main/LICENSE.md#functional-source-license-version-11-alv2-future-license) without any limits. Some [additional features](/docs/license-key#feature-availability) such as SSO and code navigation require a [license key](/docs/license-key).
+
+<CardGroup cols={2}>
+    <Card title="Pricing page" href="https://www.sourcebot.dev/pricing" />
+    <Card title="Request trial key" href="https://www.sourcebot.dev/contact" />
+</CardGroup>
+
+## Telemetry
+---
+
+By default, Sourcebot collects anonymized usage data through [PostHog](https://posthog.com/) to help us improve the performance and reliability of our tool. We don't collect or transmit <a href="https://demo.sourcebot.dev/~/search?query=captureEvent%5C(%20repo%3Asourcebot">any information related to your codebase</a>. In addition, all events are [sanitized](https://github.com/sourcebot-dev/sourcebot/blob/HEAD/packages/web/src/app/posthogProvider.tsx) to ensure that no sensitive details (ex. ip address, query info) leave your machine. 
+
+The data we collect includes general usage statistics and metadata such as query performance (e.g., search duration, error rates) to monitor the application's health and functionality. This information helps us better understand how Sourcebot is used and where improvements can be made.
+
+If you'd like to disable all telemetry, you can do so by setting the environment variable `SOURCEBOT_TELEMETRY_DISABLED` to `true`:
+
+```bash
+docker run \
+  -e SOURCEBOT_TELEMETRY_DISABLED=true \
+  /* additional args */ \
+  ghcr.io/sourcebot-dev/sourcebot:latest
+```
+
+If you disabled telemetry correctly, you'll see the following log when starting Sourcebot:
+
+```sh
+Disabling telemetry since SOURCEBOT_TELEMETRY_DISABLED was set.
+```

docs/docs/upgrade/v2-to-v3-guide.mdx

@@ -0,0 +1,93 @@
+---
+title: V2 to V3 Guide
+sidebarTitle: V2 to V3 guide
+---
+
+This guide will walk you through upgrading your Sourcebot deployment from v2 to v3. 
+
+<Warning>
+Please note that the following features are no longer supported in v3:
+- Local file indexing
+- Raw remote `.git` repo indexing (i.e. not through a supported code host)
+
+If your deployment is dependent on these features, please [reach out](https://github.com/sourcebot-dev/sourcebot/discussions).
+</Warning>
+
+<Warning>This migration will require you to reindex all your repos</Warning>
+
+<Steps>
+    <Step title="Spin down deployment">
+    </Step>
+    <Step title="Delete Sourcebot cache (.sourcebot directory)">
+    </Step>
+    <Step title="Migrate your configuration file to the v3 schema">
+        The main change between the v3 and v2 schemas is how the data is structured. In v2, you defined a `repos` array which contained unnamed config objects:
+
+        ```json
+        {
+            "$schema": "./schemas/v2/index.json",
+            "repos": [
+                {
+                    "type": "github",
+                    "repos": [
+                        "sourcebot-dev/sourcebot"
+                    ]
+                },
+                {
+                    "type": "gitlab":
+                    "groups": [
+                        "wireshark"
+                    ]
+                }
+            ]
+        }
+        ```
+
+        In v3, you define a `connections` map which contains named `connection` objects:
+        ```json
+        {
+            "$schema": "./schemas/v3/index.json",
+            "connections": {
+                "sourcebot-connection": {
+                    "type": "github",
+                    "repos": [
+                        "sourcebot-dev/sourcebot"
+                    ]
+                },
+                "wireshark-connection": {
+                    "type": "gitlab":
+                    "groups": [
+                        "wireshark
+                    ]
+                }
+            }
+        }
+        ```
+
+        The schema of the connections defined here is the same as the "repos" you defined in the v2 schema. Some helpful notes:
+        
+        - The name of the connection (`sourcebot-connection` and `wireshark-connection` above) is only used to identify the connection in Sourcebot. It can be any string that contains letters, digits, hyphens, or underscores
+        - A connection is associated with one and only one code host platform, and this must be specified in the connections `type` field
+        - Make sure you update the `$schema` field to point to the v3 schema
+        - The `settings` object doesn't need to be changed. We've added new settings params (check out the v3 schema for more details)
+    </Step>
+    <Step title="Start your Sourcebot deployment">
+        When you start up your Sourcebot deployment, it will create a fresh cache and begin indexing against your new v3 configuration file. 
+        
+        If there are issues with your configuration file it will provide an error in the console.
+        After updating your configuration file, restart your Sourcebot deployment to pick up the new changes.
+    </Step>
+    <Step title="You're done!">
+        Congrats, you've successfully migrated to v3! Please let us know what you think of the new features by reaching out on our [discord](https://discord.gg/HDScTs3ptP) or on [GitHub](https://github.com/sourcebot-dev/sourcebot/issues/new/choose).
+    </Step>
+</Steps>
+
+## Troubleshooting
+
+Some things to check:
+
+- Make sure you update the `$schema` field in the configuration file to point to the v3 schema
+- Make sure you have a name for each `connection`, and that the name only contains letters, digits, hyphens, or underscores
+- Make sure each `connection` has a `type` field with a valid value (`gitlab`, `github`, `gitea`, `gerrit`)
+
+Having troubles migrating from v2 to v3? Reach out to us on [discord](https://discord.gg/HDScTs3ptP) or [GitHub](https://github.com/sourcebot-dev/sourcebot/issues/new/choose) and we'll try our best to help

docs/docs/upgrade/v3-to-v4-guide.mdx

@@ -0,0 +1,61 @@
+---
+title: V3 to V4 Guide
+sidebarTitle: V3 to V4 guide
+---
+
+This guide will walk you through upgrading your Sourcebot deployment from v3 to v4. 
+
+<Warning>
+Please note that the following features are no longer supported in v4:
+- Multi-tenancy mode
+- Unauthenticated access to a Sourcebot deployment - authentication is now built in by default. Unauthenticated access to a organization can be enabled with an unlimited seat [enterprise license](/docs/license-key) 
+</Warning>
+
+### If your deployment doesn't have authentication enabled
+<Steps>
+    <Step title="Spin down deployment">
+    </Step>
+    <Step title="Set AUTH_URL environment variable if needed">
+        If your Sourcebot instance is deployed behind a domain (ex. `https://sourcebot.yourcompany.com`) you **must** set the `AUTH_URL` environment variable to your deployment domain.
+    </Step>
+    <Step title="Spin up v4 deployment and create owner account">
+        When you visit your new deployment you'll be presented with a sign-in page. Sourcebot now requires authentication, and all users must register and sign-in to the deployment.
+
+        The first account that's registered will be made the owner. By default, you can register using basic credentials which will be stored encrypted within the postgres DB connected to Sourcebot. Check out
+        the [auth docs](/docs/configuration/auth/overview) to setup additional auth providers.
+
+        <img width="600" height="500" style={{ borderRadius: '0.5rem' }} src="/images/login_basic.png" />
+    </Step>
+    <Step title="(Optional) Configure transactional emails">
+        Emails can be sent on organization join request/approval by configuring [transactional emails](/docs/configuration/transactional-emails)
+
+        <img width="500" height="600" style={{ borderRadius: '0.5rem' }} src="/images/join_request_email.png" />
+    </Step>
+    <Step title="Approve additional users onto your deployment">
+        After the first account is created, all new account registrations must be approved by the owner. When new users register onto the deployment they'll be presented with the following request approval page:
+
+        ![Pending Approval Page](/images/pending_approval.png)
+
+        The owner can view and approve join requests by navigating to **Settings -> Members**. Automatic provisioning of accounts is supported when using SSO/Oauth providers, check out the [auth docs](/docs/configuration/auth/overview#enterprise-authentication-providers) for more info
+
+    </Step>
+    <Step title="You're done!">
+        Congrats, you've successfully migrated to v4! Please let us know what you think of the new features by reaching out on our [discord](https://discord.gg/HDScTs3ptP) or [GitHub](https://github.com/sourcebot-dev/sourcebot/issues/new/choose)
+    </Step>
+</Steps>
+
+### If your deployment has authentication enabled
+
+The only change that's required if your deployment has authentication enabled is to unset the `SOURCEBOT_AUTH_ENABLED` environment variable. New user registrations will now submit a request to join the organization which can be approved by the owner by 
+navigating to **Settings -> Members**. Emails can be sent on organization join request/approval by configuring [transactional emails](/docs/configuration/transactional-emails)
+
+### If your deployment uses multi-tenancy mode
+
+Unfortunately, multi-tenancy mode is no longer officially supported in v4. To upgrade to v4, you'll need to unset the `SOURCEBOT_TENANCY_MODE` environment variable and wipe your Sourcebot cache. You can then follow the [instructions above](/docs/upgrade/v3-to-v4-guide#if-your-deployment-doesnt-have-authentication-enabled)
+to finish upgrading to v4 in single-tenant mode.
+
+## Troubleshooting
+- If you're hitting issues with signing into your Sourcebot instance, make sure you're setting `AUTH_URL` correctly to your deployment domain (ex. `https://sourcebot.yourcompany.com`)
+
+
+Having troubles migrating from v3 to v4? Reach out to us on [discord](https://discord.gg/HDScTs3ptP) or [GitHub](https://github.com/sourcebot-dev/sourcebot/issues/new/choose) and we'll try our best to help

docs/fav.svg

@@ -0,0 +1,9 @@
+<svg width="100" height="100" viewBox="0 0 100 100" fill="none" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
+<rect width="100" height="100" fill="url(#pattern0_64_7)"/>
+<defs>
+<pattern id="pattern0_64_7" patternContentUnits="objectBoundingBox" width="1" height="1">
+<use xlink:href="#image0_64_7" transform="scale(0.03125)"/>
+</pattern>
+<image id="image0_64_7" width="32" height="32" preserveAspectRatio="none" xlink:href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAYAAABzenr0AAAAAXNSR0IArs4c6QAAAERlWElmTU0AKgAAAAgAAYdpAAQAAAABAAAAGgAAAAAAA6ABAAMAAAABAAEAAKACAAQAAAABAAAAIKADAAQAAAABAAAAIAAAAACshmLzAAADh0lEQVRYCe2VS0iUURTH7/m+sbI0KVGbsdHJRImwB7WIWkTWopX2JiIIKoSiRUFUotCQD6iIaOciMqIXtSisFgWRRRAtgh6gLSp1ypGyh6VU1sx3+59pzjfXZ0FCmznw45xz7/3u45xz76dUUpIRSEbgP0fAHmH98WgPxEmB7gMajLnQoBnnwj8IVoJUo+8t7PPgEOiR9lp/+CSR2ia+qbVWny1yQo6ybkQi6lgw7Htv9ottiQG9GTwCq4G5OFyVA/aAJ8AP/ijYWIZWVglOeMCToltqZnQWD/eRbKAQnY1AUvId9l3Ap34MRPJgnBbH1FpHv2iHbjPI1n1E4JP0k6YsO0IN4pvaE3c4jGJ/hb0API/3sdoLjsb9UuiZ4GXcjymy7NaqDu8KaQtmvUvzpEaaEIFl3OaQXhoMtE0Its/gw7kiixa6LUq9gG0uzl0nQAGQiHFhjirB7uy+urzwKQyKbYAUkqLUBDDsBj4as82GvQlw+EV+wtgpzt9rPUcpXhdJ0foJTu8WsMwhEbiAhop4I9fBOcC34Ra4B26CL2BE0UpPqfeHV/EATSpNa8LJ9daYr/QHm4jTPERkA83o2Q2OgHGApSjOLuh+cB3sBwNyDz8mKLQiLHzF9UmeDWoi266obMvhqzxEJKfcwXmeBxpANzCFH6a14BlYb3aYNqIQZXByJ9Guy1Q00lKfH16TaEtY5ga4tRXsANPAQrAPPAAi/D7wdfVKg6tJPawO5XqYqlCurW0VQPY5lRCa6jjqYt3016iJgSIb4OoUuGr4BPwo8dVbDMqAxHQS7FiuoUeU6jZfR2HIuwWLh3kQ7kCKIkvqzP2ON5AGvhksd3sTxjWY5k3JTnSNbG1QFNXacdOJm5A/eDQXIf9o2kEAsNQAPr37ksHmZzoTiHSIMZquz+tap5VT4o6xqIvtWn9nuUU0y9aRMxxuFvOlY/8zaAYcmdkgMcnv68gn6TF/Rii+Xly9p2jHa6Vt3IhcPD5+9l0hKkUmvUhmrDYQnVdSA8cx6Ko7UKkM2OVgIzAX5weJo9EDBggWS7dILWGQ8EVDF1d1eKrvRB09Xz4ksgpkA7g6sWu2HZrDLwUnY3thXAZ8Tbke/ixa/cA0bxylL2FDpVUdvmr+aJxHn5UflSZqlBQMnnAyGnxgIuDi6wR8+jGRw8Xd6U5/JLOy3ds+JhMmJ0lGIBmBf4nAL6uu/L35EfLvAAAAAElFTkSuQmCC"/>
+</defs>
+</svg>

docs/images/ado.svg

@@ -0,0 +1,3 @@
+<svg viewBox="0 0 16 16" xmlns="http://www.w3.org/2000/svg" fill="none">
+  <path fill="currentColor" d="M15 3.622v8.512L11.5 15l-5.425-1.975v1.958L3.004 10.97l8.951.7V4.005L15 3.622zm-2.984.428L6.994 1v2.001L2.382 4.356 1 6.13v4.029l1.978.873V5.869l9.038-1.818z"/>
+</svg>