chore: release version v1.88.2

Revert "Develop"

CHANGELOG.md

@@ -2,6 +2,68 @@
 
 <!-- changelog -->
 
+## [v1.88.2](https://github.com/wanderer-industries/wanderer/compare/v1.88.1...v1.88.2) (2025-11-26)
+
+
+
+
+## [v1.88.1](https://github.com/wanderer-industries/wanderer/compare/v1.88.0...v1.88.1) (2025-11-26)
+
+
+
+
+### Bug Fixes:
+
+* sse enable checkbox, and kills ticker
+
+* apiv1 token auth and structure fixes
+
+* removed ipv6 distribution env settings
+
+* tests: updated tests
+
+* tests: updated tests
+
+* clean up id generation
+
+* resolve issue with async event processing
+
+## [v1.88.0](https://github.com/wanderer-industries/wanderer/compare/v1.87.0...v1.88.0) (2025-11-25)
+
+
+
+
+### Features:
+
+* Add zkb and eve who links for characters where it possibly was add
+
+## [v1.87.0](https://github.com/wanderer-industries/wanderer/compare/v1.86.1...v1.87.0) (2025-11-25)
+
+
+
+
+### Features:
+
+* Add support markdown for system description
+
+## [v1.86.1](https://github.com/wanderer-industries/wanderer/compare/v1.86.0...v1.86.1) (2025-11-25)
+
+
+
+
+### Bug Fixes:
+
+* Map: Add ability to see character passage direction in list of passages
+
+## [v1.86.0](https://github.com/wanderer-industries/wanderer/compare/v1.85.5...v1.86.0) (2025-11-25)
+
+
+
+
+### Features:
+
+* add date filter for character activity
+
 ## [v1.85.5](https://github.com/wanderer-industries/wanderer/compare/v1.85.4...v1.85.5) (2025-11-24)
 
 

Makefile

@@ -33,7 +33,7 @@ test t:
 	MIX_ENV=test mix test
 
 coverage cover co:
-	MIX_ENV=test mix test --cover
+	mix test --cover
 
 unit-tests ut:
 	@echo "Running unit tests..."

assets/js/hooks/Mapper/components/mapInterface/components/Comments/Comments.tsx

@@ -1,7 +1,7 @@
 import { MarkdownComment } from '@/hooks/Mapper/components/mapInterface/components/Comments/components';
-import { useMapRootState } from '@/hooks/Mapper/mapRootProvider';
+import { useEffect, useRef, useState } from 'react';
 import { CommentType } from '@/hooks/Mapper/types';
-import { useEffect, useMemo, useRef, useState } from 'react';
+import { useMapRootState } from '@/hooks/Mapper/mapRootProvider';
 
 export interface CommentsProps {}
 
@@ -14,9 +14,7 @@ export const Comments = ({}: CommentsProps) => {
     comments: { loadComments, comments, lastUpdateKey },
   } = useMapRootState();
 
-  const systemId = useMemo(() => {
-    return +selectedSystems[0];
-  }, [selectedSystems]);
+  const [systemId] = selectedSystems;
 
   const ref = useRef({ loadComments, systemId });
   ref.current = { loadComments, systemId };

assets/js/hooks/Mapper/components/mapInterface/components/Comments/components/MarkdownComment/MarkdownComment.tsx

@@ -1,4 +1,3 @@
-import classes from './MarkdownComment.module.scss';
 import clsx from 'clsx';
 import {
   InfoDrawer,
@@ -49,7 +48,11 @@ export const MarkdownComment = ({ text, time, characterEveId, id }: MarkdownComm
     <>
       <InfoDrawer
         labelClassName="mb-[3px]"
-        className={clsx(classes.MarkdownCommentRoot, 'p-1 bg-stone-700/20 ')}
+        className={clsx(
+          'p-1 bg-stone-700/20',
+          'text-[12px] leading-[1.2] text-stone-300 break-words',
+          'bg-gradient-to-r from-stone-600/40 via-stone-600/10 to-stone-600/0',
+        )}
         onMouseEnter={handleMouseEnter}
         onMouseLeave={handleMouseLeave}
         title={

assets/js/hooks/Mapper/components/mapInterface/components/CommentsEditor/CommentsEditor.module.scss

@@ -0,0 +1,9 @@
+.CERoot {
+  @apply border border-stone-400/30 rounded-[2px];
+
+  :global {
+    .cm-content {
+      @apply bg-stone-600/40;
+    }
+  }
+}

assets/js/hooks/Mapper/components/mapInterface/components/CommentsEditor/CommentsEditor.tsx

@@ -1,11 +1,12 @@
-import { MarkdownEditor } from '@/hooks/Mapper/components/mapInterface/components/MarkdownEditor';
 import { TooltipPosition, WdImageSize, WdImgButton } from '@/hooks/Mapper/components/ui-kit';
-import { useHotkey } from '@/hooks/Mapper/hooks';
-import { useMapRootState } from '@/hooks/Mapper/mapRootProvider';
-import { OutCommand } from '@/hooks/Mapper/types';
 import clsx from 'clsx';
 import { PrimeIcons } from 'primereact/api';
-import { useCallback, useMemo, useRef, useState } from 'react';
+import { MarkdownEditor } from '@/hooks/Mapper/components/mapInterface/components/MarkdownEditor';
+import { useHotkey } from '@/hooks/Mapper/hooks';
+import { useCallback, useRef, useState } from 'react';
+import { OutCommand } from '@/hooks/Mapper/types';
+import { useMapRootState } from '@/hooks/Mapper/mapRootProvider';
+import classes from './CommentsEditor.module.scss';
 
 export interface CommentsEditorProps {}
 
@@ -18,9 +19,7 @@ export const CommentsEditor = ({}: CommentsEditorProps) => {
     outCommand,
   } = useMapRootState();
 
-  const systemId = useMemo(() => {
-    return +selectedSystems[0];
-  }, [selectedSystems]);
+  const [systemId] = selectedSystems;
 
   const ref = useRef({ outCommand, systemId, textVal });
   ref.current = { outCommand, systemId, textVal };
@@ -50,6 +49,7 @@ export const CommentsEditor = ({}: CommentsEditorProps) => {
 
   return (
     <MarkdownEditor
+      className={classes.CERoot}
       value={textVal}
       onChange={setTextVal}
       overlayContent={

assets/js/hooks/Mapper/components/mapInterface/components/MarkdownEditor/MarkdownEditor.module.scss

@@ -1,9 +1,9 @@
 .CERoot {
-  @apply border border-stone-400/30 rounded-[2px];
+  @apply border border-stone-500/30 rounded-[2px];
 
   :global {
     .cm-content {
-      @apply bg-stone-600/40;
+      @apply bg-stone-950/70;
     }
 
     .cm-scroller {

assets/js/hooks/Mapper/components/mapInterface/components/MarkdownEditor/MarkdownEditor.tsx

@@ -44,9 +44,17 @@ export interface MarkdownEditorProps {
   overlayContent?: ReactNode;
   value: string;
   onChange: (value: string) => void;
+  height?: string;
+  className?: string;
 }
 
-export const MarkdownEditor = ({ value, onChange, overlayContent }: MarkdownEditorProps) => {
+export const MarkdownEditor = ({
+  value,
+  onChange,
+  overlayContent,
+  height = '70px',
+  className,
+}: MarkdownEditorProps) => {
   const [hasShift, setHasShift] = useState(false);
 
   const refData = useRef({ onChange });
@@ -66,9 +74,9 @@ export const MarkdownEditor = ({ value, onChange, overlayContent }: MarkdownEdit
     <div className={clsx(classes.MarkdownEditor, 'relative')}>
       <CodeMirror
         value={value}
-        height="70px"
+        height={height}
         extensions={CODE_MIRROR_EXTENSIONS}
-        className={classes.CERoot}
+        className={clsx(classes.CERoot, className)}
         theme={oneDark}
         onChange={handleOnChange}
         placeholder="Start typing..."

assets/js/hooks/Mapper/components/mapInterface/components/SystemSettingsDialog/SystemSettingsDialog.tsx

@@ -8,8 +8,8 @@ import { LabelsManager } from '@/hooks/Mapper/utils/labelsManager.ts';
 import { Dialog } from 'primereact/dialog';
 import { IconField } from 'primereact/iconfield';
 import { InputText } from 'primereact/inputtext';
-import { InputTextarea } from 'primereact/inputtextarea';
 import { useCallback, useEffect, useRef, useState } from 'react';
+import { MarkdownEditor } from '@/hooks/Mapper/components/mapInterface/components/MarkdownEditor';
 
 interface SystemSettingsDialog {
   systemId: string;
@@ -214,13 +214,9 @@ export const SystemSettingsDialog = ({ systemId, visible, setVisible }: SystemSe
 
             <div className="flex flex-col gap-1">
               <label htmlFor="username">Description</label>
-              <InputTextarea
-                autoResize
-                rows={5}
-                cols={30}
-                value={description}
-                onChange={e => setDescription(e.target.value)}
-              />
+              <div className="h-[200px]">
+                <MarkdownEditor value={description} onChange={e => setDescription(e)} height="180px" />
+              </div>
             </div>
           </div>
 

assets/js/hooks/Mapper/components/mapInterface/widgets/SystemInfo/SystemInfoContent/SystemInfoContent.tsx

@@ -2,7 +2,7 @@ import { useMapRootState } from '@/hooks/Mapper/mapRootProvider';
 import { isWormholeSpace } from '@/hooks/Mapper/components/map/helpers/isWormholeSpace.ts';
 import { useMemo } from 'react';
 import { getSystemById, sortWHClasses } from '@/hooks/Mapper/helpers';
-import { InfoDrawer, WHClassView, WHEffectView } from '@/hooks/Mapper/components/ui-kit';
+import { InfoDrawer, MarkdownTextViewer, WHClassView, WHEffectView } from '@/hooks/Mapper/components/ui-kit';
 import { getSystemStaticInfo } from '@/hooks/Mapper/mapRootProvider/hooks/useLoadSystemStatic';
 
 interface SystemInfoContentProps {
@@ -51,7 +51,7 @@ export const SystemInfoContent = ({ systemId }: SystemInfoContentProps) => {
             </div>
           }
         >
-          <div className="break-words">{description}</div>
+          <MarkdownTextViewer>{description}</MarkdownTextViewer>
         </InfoDrawer>
       )}
     </div>

assets/js/hooks/Mapper/components/mapRootContent/components/CharacterActivity/CharacterActivity.tsx

@@ -1,4 +1,7 @@
 import { Dialog } from 'primereact/dialog';
+import { Menu } from 'primereact/menu';
+import { MenuItem } from 'primereact/menuitem';
+import { useState, useCallback, useRef, useMemo } from 'react';
 import { CharacterActivityContent } from '@/hooks/Mapper/components/mapRootContent/components/CharacterActivity/CharacterActivityContent.tsx';
 
 interface CharacterActivityProps {
@@ -6,17 +9,69 @@ interface CharacterActivityProps {
   onHide: () => void;
 }
 
+const periodOptions = [
+  { value: 30, label: '30 Days' },
+  { value: 365, label: '1 Year' },
+  { value: null, label: 'All Time' },
+];
+
 export const CharacterActivity = ({ visible, onHide }: CharacterActivityProps) => {
+  const [selectedPeriod, setSelectedPeriod] = useState<number | null>(30);
+  const menuRef = useRef<Menu>(null);
+
+  const handlePeriodChange = useCallback((days: number | null) => {
+    setSelectedPeriod(days);
+  }, []);
+
+  const menuItems: MenuItem[] = useMemo(
+    () => [
+      {
+        label: 'Period',
+        items: periodOptions.map(option => ({
+          label: option.label,
+          icon: selectedPeriod === option.value ? 'pi pi-check' : undefined,
+          command: () => handlePeriodChange(option.value),
+        })),
+      },
+    ],
+    [selectedPeriod, handlePeriodChange],
+  );
+
+  const selectedPeriodLabel = useMemo(
+    () => periodOptions.find(opt => opt.value === selectedPeriod)?.label || 'All Time',
+    [selectedPeriod],
+  );
+
+  const headerIcons = (
+    <>
+      <button
+        type="button"
+        className="p-dialog-header-icon p-link"
+        onClick={e => menuRef.current?.toggle(e)}
+        aria-label="Filter options"
+      >
+        <span className="pi pi-bars" />
+      </button>
+      <Menu model={menuItems} popup ref={menuRef} />
+    </>
+  );
+
   return (
     <Dialog
-      header="Character Activity"
+      header={
+        <div className="flex items-center gap-2">
+          <span>Character Activity</span>
+          <span className="text-xs text-stone-400">({selectedPeriodLabel})</span>
+        </div>
+      }
       visible={visible}
       className="w-[550px] max-h-[90vh]"
       onHide={onHide}
       dismissableMask
       contentClassName="p-0 h-full flex flex-col"
+      icons={headerIcons}
     >
-      <CharacterActivityContent />
+      <CharacterActivityContent selectedPeriod={selectedPeriod} />
     </Dialog>
   );
 };

assets/js/hooks/Mapper/components/mapRootContent/components/CharacterActivity/CharacterActivityContent.tsx

@@ -7,16 +7,28 @@ import {
 } from '@/hooks/Mapper/components/mapRootContent/components/CharacterActivity/helpers.tsx';
 import { Column } from 'primereact/column';
 import { useMapRootState } from '@/hooks/Mapper/mapRootProvider';
-import { useMemo } from 'react';
+import { useMemo, useEffect } from 'react';
+import { useCharacterActivityHandlers } from '@/hooks/Mapper/components/mapRootContent/hooks/useCharacterActivityHandlers';
 
-export const CharacterActivityContent = () => {
+interface CharacterActivityContentProps {
+  selectedPeriod: number | null;
+}
+
+export const CharacterActivityContent = ({ selectedPeriod }: CharacterActivityContentProps) => {
   const {
     data: { characterActivityData },
   } = useMapRootState();
 
+  const { handleShowActivity } = useCharacterActivityHandlers();
+
   const activity = useMemo(() => characterActivityData?.activity || [], [characterActivityData]);
   const loading = useMemo(() => characterActivityData?.loading !== false, [characterActivityData]);
 
+  // Reload activity data when period changes
+  useEffect(() => {
+    handleShowActivity(selectedPeriod);
+  }, [selectedPeriod, handleShowActivity]);
+
   if (loading) {
     return (
       <div className="flex flex-col items-center justify-center h-full w-full">

assets/js/hooks/Mapper/components/mapRootContent/components/Connections/Connections.module.scss

@@ -3,7 +3,7 @@
 }
 
 .SidebarOnTheMap {
-  width: 400px;
+  width: 500px;
   padding: 0 !important;
 
   :global {

assets/js/hooks/Mapper/components/mapRootContent/components/Connections/Connections.tsx

@@ -5,6 +5,7 @@ import {
   ConnectionType,
   OutCommand,
   Passage,
+  PassageWithSourceTarget,
   SolarSystemConnection,
 } from '@/hooks/Mapper/types';
 import clsx from 'clsx';
@@ -19,7 +20,7 @@ import { PassageCard } from './PassageCard';
 
 const sortByDate = (a: string, b: string) => new Date(a).getTime() - new Date(b).getTime();
 
-const itemTemplate = (item: Passage, options: VirtualScrollerTemplateOptions) => {
+const itemTemplate = (item: PassageWithSourceTarget, options: VirtualScrollerTemplateOptions) => {
   return (
     <div
       className={clsx(classes.CharacterRow, 'w-full box-border', {
@@ -35,7 +36,7 @@ const itemTemplate = (item: Passage, options: VirtualScrollerTemplateOptions) =>
 };
 
 export interface ConnectionPassagesContentProps {
-  passages: Passage[];
+  passages: PassageWithSourceTarget[];
 }
 
 export const ConnectionPassages = ({ passages = [] }: ConnectionPassagesContentProps) => {
@@ -113,6 +114,20 @@ export const Connections = ({ selectedConnection, onHide }: OnTheMapProps) => {
     [outCommand],
   );
 
+  const preparedPassages = useMemo(() => {
+    if (!cnInfo) {
+      return [];
+    }
+
+    return passages
+      .sort((a, b) => sortByDate(b.inserted_at, a.inserted_at))
+      .map<PassageWithSourceTarget>(x => ({
+        ...x,
+        source: x.from ? cnInfo.target : cnInfo.source,
+        target: x.from ? cnInfo.source : cnInfo.target,
+      }));
+  }, [cnInfo, passages]);
+
   useEffect(() => {
     if (!selectedConnection) {
       return;
@@ -145,12 +160,14 @@ export const Connections = ({ selectedConnection, onHide }: OnTheMapProps) => {
           <InfoDrawer title="Connection" rightSide>
             <div className="flex justify-end gap-2 items-center">
               <SystemView
+                showCustomName
                 systemId={cnInfo.source}
                 className={clsx(classes.InfoTextSize, 'select-none text-center')}
                 hideRegion
               />
               <span className="pi pi-angle-double-right text-stone-500 text-[15px]"></span>
               <SystemView
+                showCustomName
                 systemId={cnInfo.target}
                 className={clsx(classes.InfoTextSize, 'select-none text-center')}
                 hideRegion
@@ -184,7 +201,7 @@ export const Connections = ({ selectedConnection, onHide }: OnTheMapProps) => {
         {/* separator */}
         <div className="w-full h-px bg-neutral-800 px-0.5"></div>
 
-        <ConnectionPassages passages={passages} />
+        <ConnectionPassages passages={preparedPassages} />
       </div>
     </Sidebar>
   );

assets/js/hooks/Mapper/components/mapRootContent/components/Connections/PassageCard/PassageCard.module.scss

@@ -35,6 +35,10 @@
   &.ThreeColumns {
     grid-template-columns: auto 1fr auto;
   }
+
+  &.FourColumns {
+    grid-template-columns: auto auto 1fr auto;
+  }
 }
 
 .CardBorderLeftIsOwn {

assets/js/hooks/Mapper/components/mapRootContent/components/Connections/PassageCard/PassageCard.tsx

@@ -1,17 +1,19 @@
 import clsx from 'clsx';
 import classes from './PassageCard.module.scss';
-import { Passage } from '@/hooks/Mapper/types';
-import { TimeAgo } from '@/hooks/Mapper/components/ui-kit';
+import { PassageWithSourceTarget } from '@/hooks/Mapper/types';
+import { SystemView, TimeAgo, TooltipPosition, WdImgButton } from '@/hooks/Mapper/components/ui-kit';
 import { WdTooltipWrapper } from '@/hooks/Mapper/components/ui-kit/WdTooltipWrapper';
 import { kgToTons } from '@/hooks/Mapper/utils/kgToTons.ts';
-import { useMemo } from 'react';
+import { useCallback, useMemo } from 'react';
+import { ZKB_ICON } from '@/hooks/Mapper/icons';
+import { charEveWhoLink, charZKBLink } from '@/hooks/Mapper/helpers/linkHelpers.ts';
 
 type PassageCardType = {
   // compact?: boolean;
   showShipName?: boolean;
   // showSystem?: boolean;
   // useSystemsCache?: boolean;
-} & Passage;
+} & PassageWithSourceTarget;
 
 const SHIP_NAME_RX = /u'|'/g;
 export const getShipName = (name: string) => {
@@ -25,7 +27,7 @@ export const getShipName = (name: string) => {
     });
 };
 
-export const PassageCard = ({ inserted_at, character: char, ship }: PassageCardType) => {
+export const PassageCard = ({ inserted_at, character: char, ship, source, target, from }: PassageCardType) => {
   const isOwn = false;
 
   const insertedAt = useMemo(() => {
@@ -33,11 +35,46 @@ export const PassageCard = ({ inserted_at, character: char, ship }: PassageCardT
     return date.toLocaleString();
   }, [inserted_at]);
 
+  const handleOpenZKB = useCallback(() => window.open(charZKBLink(char.eve_id), '_blank'), [char]);
+  const handleOpenEveWho = useCallback(() => window.open(charEveWhoLink(char.eve_id), '_blank'), [char]);
+
   return (
     <div className={clsx(classes.CharacterCard, 'w-full text-xs', 'flex flex-col box-border')}>
       <div className="flex flex-col justify-between px-2 py-1 gap-1">
         {/*here icon and other*/}
-        <div className={clsx(classes.CharRow, classes.ThreeColumns)}>
+        <div className={clsx(classes.CharRow, classes.FourColumns)}>
+          <WdTooltipWrapper
+            position={TooltipPosition.top}
+            content={
+              <div className="flex justify-between gap-2 items-center">
+                <SystemView
+                  showCustomName
+                  systemId={source}
+                  className="select-none text-center !text-[12px]"
+                  hideRegion
+                />
+                <span className="pi pi-angle-double-right text-stone-500 text-[15px]"></span>
+                <SystemView
+                  showCustomName
+                  systemId={target}
+                  className="select-none text-center !text-[12px]"
+                  hideRegion
+                />
+              </div>
+            }
+          >
+            <div
+              className={clsx(
+                'transition-all transform ease-in duration-200',
+                'pi text-stone-500 text-[15px] w-[35px] h-[33px] !flex items-center justify-center border rounded-[6px]',
+                {
+                  ['pi-angle-double-right !text-orange-400 border-orange-400 hover:bg-orange-400/30']: from,
+                  ['pi-angle-double-left !text-stone-500/70 border-stone-500/70 hover:bg-stone-500/30']: !from,
+                },
+              )}
+            />
+          </WdTooltipWrapper>
+
           {/*portrait*/}
           <span
             className={clsx(classes.EveIcon, classes.CharIcon, 'wd-bg-default')}
@@ -49,7 +86,7 @@ export const PassageCard = ({ inserted_at, character: char, ship }: PassageCardT
             {/*here name and ship name*/}
             <div className="grid gap-1 justify-between grid-cols-[max-content_1fr]">
               {/*char name*/}
-              <div className="grid gap-1 grid-cols-[auto_1px_1fr]">
+              <div className="grid gap-1 grid-cols-[auto_1px_1fr_auto]">
                 <span
                   className={clsx(classes.MaxWidth, 'text-ellipsis overflow-hidden whitespace-nowrap', {
                     [classes.CardBorderLeftIsOwn]: isOwn,
@@ -62,6 +99,21 @@ export const PassageCard = ({ inserted_at, character: char, ship }: PassageCardT
                 <div className="h-3 border-r border-neutral-500 my-0.5"></div>
                 {char.alliance_ticker && <span className="text-neutral-400">{char.alliance_ticker}</span>}
                 {!char.alliance_ticker && <span className="text-neutral-400">{char.corporation_ticker}</span>}
+
+                <div className={clsx('flex gap-1 items-center h-full ml-[2px]')}>
+                  <WdImgButton
+                    width={16}
+                    height={16}
+                    tooltip={{ position: TooltipPosition.top, content: 'Open zkillboard' }}
+                    source={ZKB_ICON}
+                    onClick={handleOpenZKB}
+                  />
+                  <WdImgButton
+                    tooltip={{ position: TooltipPosition.top, content: 'Open Eve Who' }}
+                    className={clsx('pi pi-user', '!text-[12px] relative top-[-1px]')}
+                    onClick={handleOpenEveWho}
+                  />
+                </div>
               </div>
 
               {/*ship name*/}

assets/js/hooks/Mapper/components/mapRootContent/hooks/useCharacterActivityHandlers.ts

@@ -23,17 +23,17 @@ export const useCharacterActivityHandlers = () => {
   /**
    * Handle showing the character activity dialog
    */
-  const handleShowActivity = useCallback(() => {
+  const handleShowActivity = useCallback((days?: number | null) => {
     // Update local state to show the dialog
     update(state => ({
       ...state,
       showCharacterActivity: true,
     }));
 
-    // Send the command to the server
+    // Send the command to the server with optional days parameter
     outCommand({
       type: OutCommand.showActivity,
-      data: {},
+      data: days !== undefined ? { days } : {},
     });
   }, [outCommand, update]);
 

assets/js/hooks/Mapper/components/ui-kit/CharacterCard/CharacterCard.tsx

@@ -3,6 +3,7 @@ import {
   WdEveEntityPortrait,
   WdEveEntityPortraitSize,
   WdEveEntityPortraitType,
+  WdImgButton,
   WdTooltipWrapper,
 } from '@/hooks/Mapper/components/ui-kit';
 import { SystemView } from '@/hooks/Mapper/components/ui-kit/SystemView';
@@ -14,6 +15,8 @@ import { Commands } from '@/hooks/Mapper/types/mapHandlers';
 import clsx from 'clsx';
 import { useCallback } from 'react';
 import classes from './CharacterCard.module.scss';
+import { ZKB_ICON } from '@/hooks/Mapper/icons';
+import { charEveWhoLink, charZKBLink } from '@/hooks/Mapper/helpers/linkHelpers.ts';
 
 export type CharacterCardProps = {
   compact?: boolean;
@@ -66,6 +69,9 @@ export const CharacterCard = ({
   const shipType = char.ship?.ship_type_info?.name;
   const locationShown = showSystem && char.location?.solar_system_id;
 
+  const handleOpenZKB = useCallback(() => window.open(charZKBLink(char.eve_id), '_blank'), [char]);
+  const handleOpenEveWho = useCallback(() => window.open(charEveWhoLink(char.eve_id), '_blank'), [char]);
+
   // INFO: Simple mode show only name and icon of ally/corp. By default it compact view
   if (simpleMode) {
     return (
@@ -244,7 +250,24 @@ export const CharacterCard = ({
               {char.name}
             </span>
             {showTicker && <span className="flex-shrink-0 text-gray-400 ml-1">[{tickerText}]</span>}
+
+            <div className={clsx('flex gap-1 items-center h-full ml-[6px]')}>
+              <WdImgButton
+                width={16}
+                height={16}
+                tooltip={{ position: TooltipPosition.top, content: 'Open zkillboard' }}
+                source={ZKB_ICON}
+                onClick={handleOpenZKB}
+                className="min-w-[16px]"
+              />
+              <WdImgButton
+                tooltip={{ position: TooltipPosition.top, content: 'Open Eve Who' }}
+                className={clsx('pi pi-user', '!text-[12px] relative top-[-1px]')}
+                onClick={handleOpenEveWho}
+              />
+            </div>
           </div>
+
           {locationShown ? (
             <div className="text-gray-300 text-xs overflow-hidden text-ellipsis whitespace-nowrap">
               <SystemView

assets/js/hooks/Mapper/components/ui-kit/MarkdownTextViewer.module.scss

@@ -1,8 +1,5 @@
-.MarkdownCommentRoot {
-  border-left-width: 3px;
-
+.MarkdownTextViewer {
   @apply text-[12px] leading-[1.2] text-stone-300 break-words;
-  @apply bg-gradient-to-r from-stone-600/40 via-stone-600/10 to-stone-600/0;
 
   .h1 {
     @apply text-[12px] font-normal m-0 p-0 border-none break-words whitespace-normal;
@@ -56,6 +53,10 @@
     @apply font-bold text-green-400 break-words whitespace-normal;
   }
 
+  strong {
+    font-weight: bold;
+  }
+
   i, em {
     @apply italic text-pink-400 break-words whitespace-normal;
   }

assets/js/hooks/Mapper/components/ui-kit/MarkdownTextViewer.tsx

@@ -2,10 +2,16 @@ import Markdown from 'react-markdown';
 import remarkGfm from 'remark-gfm';
 import remarkBreaks from 'remark-breaks';
 
+import classes from './MarkdownTextViewer.module.scss';
+
 const REMARK_PLUGINS = [remarkGfm, remarkBreaks];
 
 type MarkdownTextViewerProps = { children: string };
 
 export const MarkdownTextViewer = ({ children }: MarkdownTextViewerProps) => {
-  return <Markdown remarkPlugins={REMARK_PLUGINS}>{children}</Markdown>;
+  return (
+    <div className={classes.MarkdownTextViewer}>
+      <Markdown remarkPlugins={REMARK_PLUGINS}>{children}</Markdown>
+    </div>
+  );
 };

assets/js/hooks/Mapper/helpers/linkHelpers.ts

@@ -0,0 +1,2 @@
+export const charZKBLink = (characterId: string) => `https://zkillboard.com/character/${characterId}/`;
+export const charEveWhoLink = (characterId: string) => `https://evewho.com/character/${characterId}`;

assets/js/hooks/Mapper/mapRootProvider/hooks/api/useCommandComments.ts

@@ -12,7 +12,7 @@ export const useCommandComments = () => {
   }, []);
 
   const removeComment = useCallback((data: CommandCommentRemoved) => {
-    ref.current.removeComment(data.solarSystemId, data.commentId);
+    ref.current.removeComment(data.solarSystemId.toString(), data.commentId);
   }, []);
 
   return { addComment, removeComment };

assets/js/hooks/Mapper/mapRootProvider/hooks/useComments.ts

@@ -1,5 +1,5 @@
-import { CommentSystem, CommentType, OutCommand, OutCommandHandler, UseCommentsData } from '@/hooks/Mapper/types';
 import { useCallback, useRef, useState } from 'react';
+import { CommentSystem, CommentType, OutCommand, OutCommandHandler, UseCommentsData } from '@/hooks/Mapper/types';
 
 interface UseCommentsProps {
   outCommand: OutCommandHandler;
@@ -8,12 +8,12 @@ interface UseCommentsProps {
 export const useComments = ({ outCommand }: UseCommentsProps): UseCommentsData => {
   const [lastUpdateKey, setLastUpdateKey] = useState(0);
 
-  const commentBySystemsRef = useRef<Map<number, CommentSystem>>(new Map());
+  const commentBySystemsRef = useRef<Map<string, CommentSystem>>(new Map());
 
   const ref = useRef({ outCommand });
   ref.current = { outCommand };
 
-  const loadComments = useCallback(async (systemId: number) => {
+  const loadComments = useCallback(async (systemId: string) => {
     let cSystem = commentBySystemsRef.current.get(systemId);
     if (cSystem?.loading || cSystem?.loaded) {
       return;
@@ -45,7 +45,7 @@ export const useComments = ({ outCommand }: UseCommentsProps): UseCommentsData =
     setLastUpdateKey(x => x + 1);
   }, []);
 
-  const addComment = useCallback((systemId: number, comment: CommentType) => {
+  const addComment = useCallback((systemId: string, comment: CommentType) => {
     const cSystem = commentBySystemsRef.current.get(systemId);
     if (cSystem) {
       cSystem.comments.push(comment);
@@ -61,9 +61,8 @@ export const useComments = ({ outCommand }: UseCommentsProps): UseCommentsData =
     setLastUpdateKey(x => x + 1);
   }, []);
 
-  const removeComment = useCallback((systemId: number, commentId: string) => {
+  const removeComment = useCallback((systemId: string, commentId: string) => {
     const cSystem = commentBySystemsRef.current.get(systemId);
-    console.log('cSystem', cSystem);
     if (!cSystem) {
       return;
     }

assets/js/hooks/Mapper/types/character.ts

@@ -68,4 +68,5 @@ export interface ActivitySummary {
   passages: number;
   connections: number;
   signatures: number;
+  timestamp?: string;
 }

assets/js/hooks/Mapper/types/comment.ts

@@ -13,9 +13,9 @@ export type CommentSystem = {
 };
 
 export interface UseCommentsData {
-  loadComments: (systemId: number) => Promise<void>;
-  addComment: (systemId: number, comment: CommentType) => void;
-  removeComment: (systemId: number, commentId: string) => void;
-  comments: Map<number, CommentSystem>;
+  loadComments: (systemId: string) => Promise<void>;
+  addComment: (systemId: string, comment: CommentType) => void;
+  removeComment: (systemId: string, commentId: string) => void;
+  comments: Map<string, CommentSystem>;
   lastUpdateKey: number;
 }

assets/js/hooks/Mapper/types/connectionPassages.ts

@@ -6,11 +6,17 @@ export type PassageLimitedCharacterType = Pick<
 >;
 
 export type Passage = {
+  from: boolean;
   inserted_at: string; // Date
   ship: ShipTypeRaw;
   character: PassageLimitedCharacterType;
 };
 
+export type PassageWithSourceTarget = {
+  source: string;
+  target: string;
+} & Passage;
+
 export type ConnectionInfoOutput = {
   marl_eol_time: string;
 };

assets/js/hooks/Mapper/types/mapHandlers.ts

@@ -131,7 +131,7 @@ export type CommandLinkSignatureToSystem = {
 };
 export type CommandLinkSignaturesUpdated = number;
 export type CommandCommentAdd = {
-  solarSystemId: number;
+  solarSystemId: string;
   comment: CommentType;
 };
 export type CommandCommentRemoved = {

config/runtime.exs

@@ -432,7 +432,7 @@ config :wanderer_app, :license_manager,
 config :wanderer_app, :sse,
   enabled:
     config_dir
-    |> get_var_from_path_or_env("WANDERER_SSE_ENABLED", "false")
+    |> get_var_from_path_or_env("WANDERER_SSE_ENABLED", "true")
     |> String.to_existing_atom(),
   max_connections_total:
     config_dir |> get_int_from_path_or_env("WANDERER_SSE_MAX_CONNECTIONS", 1000),
@@ -447,6 +447,6 @@ config :wanderer_app, :sse,
 config :wanderer_app, :external_events,
   webhooks_enabled:
     config_dir
-    |> get_var_from_path_or_env("WANDERER_WEBHOOKS_ENABLED", "false")
+    |> get_var_from_path_or_env("WANDERER_WEBHOOKS_ENABLED", "true")
     |> String.to_existing_atom(),
   webhook_timeout_ms: config_dir |> get_int_from_path_or_env("WANDERER_WEBHOOK_TIMEOUT_MS", 15000)

config/test.exs

@@ -24,11 +24,7 @@ config :wanderer_app,
   pubsub_client: Test.PubSubMock,
   cached_info: WandererApp.CachedInfo.Mock,
   character_api_disabled: false,
-  environment: :test,
-  map_subscriptions_enabled: false,
-  wanderer_kills_service_enabled: false,
-  sse: [enabled: false],
-  external_events: [webhooks_enabled: false]
+  environment: :test
 
 # We don't run a server during test. If one is required,
 # you can enable the server option below.

lib/wanderer_app/api/access_list.ex

@@ -60,17 +60,19 @@ defmodule WandererApp.Api.AccessList do
       # Added :api_key to the accepted attributes
       accept [:name, :description, :owner_id, :api_key]
       primary?(true)
+
+      argument :owner_id, :uuid, allow_nil?: false
+
+      change manage_relationship(:owner_id, :owner, on_lookup: :relate, on_no_match: nil)
     end
 
     update :update do
       accept [:name, :description, :owner_id, :api_key]
       primary?(true)
-      require_atomic? false
     end
 
     update :assign_owner do
       accept [:owner_id]
-      require_atomic? false
     end
   end
 

lib/wanderer_app/api/access_list_member.ex

@@ -53,11 +53,7 @@ defmodule WandererApp.Api.AccessListMember do
       :role
     ]
 
-    defaults [:create, :read, :destroy]
-
-    update :update do
-      require_atomic? false
-    end
+    defaults [:create, :read, :update, :destroy]
 
     read :read_by_access_list do
       argument(:access_list_id, :string, allow_nil?: false)
@@ -71,14 +67,12 @@ defmodule WandererApp.Api.AccessListMember do
 
     update :block do
       accept([])
-      require_atomic? false
 
       change(set_attribute(:blocked, true))
     end
 
     update :unblock do
       accept([])
-      require_atomic? false
 
       change(set_attribute(:blocked, false))
     end

lib/wanderer_app/api/actor_helpers.ex

@@ -1,80 +0,0 @@
-defmodule WandererApp.Api.ActorHelpers do
-  @moduledoc """
-  Utilities for extracting actor information from Ash contexts.
-
-  Provides helper functions for working with ActorWithMap and extracting
-  user, map, and character information from various context formats.
-  """
-
-  alias WandererApp.Api.ActorWithMap
-
-  @doc """
-  Extract map from actor or context.
-
-  Handles various context formats:
-  - Direct ActorWithMap struct
-  - Context map with :actor key
-  - Context map with :map key
-  - Ash.Resource.Change.Context struct
-  """
-  def get_map(%{actor: %ActorWithMap{map: %{} = map}}), do: map
-  def get_map(%{map: %{} = map}), do: map
-
-  # Handle Ash.Resource.Change.Context struct
-  def get_map(%Ash.Resource.Change.Context{actor: %ActorWithMap{map: %{} = map}}), do: map
-  def get_map(%Ash.Resource.Change.Context{actor: _}), do: nil
-
-  def get_map(context) when is_map(context) do
-    # For plain maps, check private.actor
-    with private when is_map(private) <- Map.get(context, :private),
-         %ActorWithMap{map: %{} = map} <- Map.get(private, :actor) do
-      map
-    else
-      _ -> nil
-    end
-  end
-
-  def get_map(_), do: nil
-
-  @doc """
-  Extract user from actor.
-
-  Handles:
-  - ActorWithMap struct
-  - Direct user struct with :id field
-  """
-  def get_user(%ActorWithMap{user: user}), do: user
-  def get_user(%{id: _} = user), do: user
-  def get_user(_), do: nil
-
-  @doc """
-  Get character IDs for the actor.
-
-  Used for ACL filtering to determine which resources the user can access.
-  Returns {:ok, list} or {:ok, []} if no characters found.
-  """
-  def get_character_ids(%ActorWithMap{user: user}), do: get_character_ids(user)
-
-  def get_character_ids(%{characters: characters}) when is_list(characters) do
-    {:ok, Enum.map(characters, & &1.id)}
-  end
-
-  def get_character_ids(%{characters: %Ecto.Association.NotLoaded{}, id: user_id}) do
-    # Load characters from database
-    load_characters_by_id(user_id)
-  end
-
-  def get_character_ids(%{id: user_id}) do
-    # Fallback: load user with characters
-    load_characters_by_id(user_id)
-  end
-
-  def get_character_ids(_), do: {:ok, []}
-
-  defp load_characters_by_id(user_id) do
-    case WandererApp.Api.User.by_id(user_id, load: [:characters]) do
-      {:ok, user} -> {:ok, Enum.map(user.characters, & &1.id)}
-      _ -> {:ok, []}
-    end
-  end
-end

lib/wanderer_app/api/actor_with_map.ex

@@ -1,15 +0,0 @@
-defmodule WandererApp.Api.ActorWithMap do
-  @moduledoc """
-  Wraps a user and map together as an actor for token-based authentication.
-
-  When API requests use Bearer token auth, the token identifies both the user
-  (map owner) and the map. This struct allows passing both through Ash's actor system.
-  """
-
-  @enforce_keys [:user, :map]
-  defstruct [:user, :map]
-
-  def new(user, map) do
-    %__MODULE__{user: user, map: map}
-  end
-end

lib/wanderer_app/api/changes/inject_map_from_actor.ex

@@ -1,39 +0,0 @@
-defmodule WandererApp.Api.Changes.InjectMapFromActor do
-  @moduledoc """
-  Ash change that injects map_id from the authenticated actor.
-
-  For token-based auth, the map is determined by the API token.
-  This change automatically sets map_id, so clients don't need to provide it.
-  """
-
-  use Ash.Resource.Change
-
-  alias WandererApp.Api.ActorHelpers
-
-  @impl true
-  def change(changeset, _opts, context) do
-    case ActorHelpers.get_map(context) do
-      %{id: map_id} ->
-        Ash.Changeset.force_change_attribute(changeset, :map_id, map_id)
-
-      _other ->
-        # nil or unexpected return shape - check for direct map_id
-        # Check params (input), arguments, and attributes (in that order)
-        map_id = Map.get(changeset.params, :map_id) ||
-                 Ash.Changeset.get_argument(changeset, :map_id) ||
-                 Ash.Changeset.get_attribute(changeset, :map_id)
-
-        case map_id do
-          nil ->
-            Ash.Changeset.add_error(changeset,
-              field: :map_id,
-              message: "map_id is required (provide via token or attribute)"
-            )
-
-          _map_id ->
-            # map_id provided directly (internal calls, tests)
-            changeset
-        end
-    end
-  end
-end

lib/wanderer_app/api/character.ex

@@ -69,6 +69,11 @@ defmodule WandererApp.Api.Character do
       filter(expr(user_id == ^arg(:user_id) and deleted == false))
     end
 
+    read :available_by_map do
+      argument(:map_id, :uuid, allow_nil?: false)
+      filter(expr(user_id == ^arg(:user_id) and deleted == false))
+    end
+
     read :last_active do
       argument(:from, :utc_datetime, allow_nil?: false)
 
@@ -95,7 +100,6 @@ defmodule WandererApp.Api.Character do
 
     update :mark_as_deleted do
       accept([])
-      require_atomic? false
 
       change(atomic_update(:deleted, true))
       change(atomic_update(:user_id, nil))
@@ -103,7 +107,6 @@ defmodule WandererApp.Api.Character do
 
     update :update_online do
       accept([:online])
-      require_atomic? false
     end
 
     update :update_location do

lib/wanderer_app/api/corp_wallet_transaction.ex

@@ -33,11 +33,7 @@ defmodule WandererApp.Api.CorpWalletTransaction do
       :ref_type
     ]
 
-    defaults [:create, :read, :destroy]
-
-    update :update do
-      require_atomic? false
-    end
+    defaults [:create, :read, :update, :destroy]
 
     create :new do
       accept [

lib/wanderer_app/api/license.ex

@@ -36,11 +36,7 @@ defmodule WandererApp.Api.License do
       :expire_at
     ]
 
-    defaults [:read, :destroy]
-
-    update :update do
-      require_atomic? false
-    end
+    defaults [:read, :update, :destroy]
 
     create :create do
       primary? true
@@ -62,14 +58,12 @@ defmodule WandererApp.Api.License do
 
     update :invalidate do
       accept([])
-      require_atomic? false
 
       change(set_attribute(:is_valid, false))
     end
 
     update :set_valid do
       accept([])
-      require_atomic? false
 
       change(set_attribute(:is_valid, true))
     end

lib/wanderer_app/api/map.ex

@@ -44,7 +44,6 @@ defmodule WandererApp.Api.Map do
   code_interface do
     define(:available, action: :available)
     define(:get_map_by_slug, action: :by_slug, args: [:slug])
-    define(:by_api_key, action: :by_api_key, args: [:api_key])
     define(:new, action: :new)
     define(:create, action: :create)
     define(:update, action: :update)
@@ -91,25 +90,22 @@ defmodule WandererApp.Api.Map do
       filter expr(slug == ^arg(:slug))
     end
 
-    read :by_api_key do
-      get? true
-      argument :api_key, :string, allow_nil?: false
-
-      prepare WandererApp.Api.Preparations.SecureApiKeyLookup
-    end
-
     read :available do
       prepare WandererApp.Api.Preparations.FilterMapsByRoles
     end
 
     create :new do
-      accept [:name, :slug, :description, :scope, :only_tracked_characters, :owner_id, :sse_enabled]
+      accept [:name, :slug, :description, :scope, :only_tracked_characters, :owner_id]
       primary?(true)
+
+      argument :owner_id, :uuid, allow_nil?: false
       argument :create_default_acl, :boolean, allow_nil?: true
       argument :acls, {:array, :uuid}, allow_nil?: true
       argument :acls_text_input, :string, allow_nil?: true
       argument :scope_text_input, :string, allow_nil?: true
       argument :acls_empty_selection, :string, allow_nil?: true
+
+      change manage_relationship(:owner_id, :owner, on_lookup: :relate, on_no_match: nil)
       change manage_relationship(:acls, type: :append_and_remove)
       change WandererApp.Api.Changes.SlugifyName
     end
@@ -117,16 +113,7 @@ defmodule WandererApp.Api.Map do
     update :update do
       primary? true
       require_atomic? false
-
-      accept [
-        :name,
-        :slug,
-        :description,
-        :scope,
-        :only_tracked_characters,
-        :owner_id,
-        :sse_enabled
-      ]
+      accept [:name, :slug, :description, :scope, :only_tracked_characters, :owner_id]
 
       argument :owner_id_text_input, :string, allow_nil?: true
       argument :acls_text_input, :string, allow_nil?: true
@@ -141,9 +128,6 @@ defmodule WandererApp.Api.Map do
              )
 
       change WandererApp.Api.Changes.SlugifyName
-
-      # Validate subscription when enabling SSE
-      validate &validate_sse_subscription/2
     end
 
     update :update_acls do
@@ -158,38 +142,33 @@ defmodule WandererApp.Api.Map do
 
     update :assign_owner do
       accept [:owner_id]
-      require_atomic? false
     end
 
     update :update_hubs do
       accept [:hubs]
-      require_atomic? false
     end
 
     update :update_options do
       accept [:options]
-      require_atomic? false
     end
 
     update :mark_as_deleted do
       accept([])
-      require_atomic? false
 
       change(set_attribute(:deleted, true))
     end
 
     update :update_api_key do
       accept [:public_api_key]
-      require_atomic? false
     end
 
     update :toggle_webhooks do
       accept [:webhooks_enabled]
-      require_atomic? false
     end
 
     create :duplicate do
       accept [:name, :description, :scope, :only_tracked_characters]
+
       argument :source_map_id, :uuid, allow_nil?: false
       argument :copy_acls, :boolean, default: true
       argument :copy_user_settings, :boolean, default: true
@@ -333,19 +312,12 @@ defmodule WandererApp.Api.Map do
       public?(true)
     end
 
-    attribute :sse_enabled, :boolean do
-      default(false)
-      allow_nil?(false)
-      public?(true)
-    end
-
     create_timestamp(:inserted_at)
     update_timestamp(:updated_at)
   end
 
   identities do
     identity :unique_slug, [:slug]
-    identity :unique_public_api_key, [:public_api_key]
   end
 
   relationships do
@@ -372,60 +344,4 @@ defmodule WandererApp.Api.Map do
       public? false
     end
   end
-
-  # Private validation functions
-
-  @doc false
-  # Validates that SSE can be enabled based on subscription status.
-  #
-  # Validation rules:
-  # 1. Skip if SSE not being enabled (no validation needed)
-  # 2. Skip during map creation (map_id is nil, subscription doesn't exist yet)
-  # 3. Skip in Community Edition mode (subscriptions disabled globally)
-  # 4. Require active subscription in Enterprise mode
-  #
-  # This ensures users cannot enable SSE without a valid subscription in Enterprise mode,
-  # while allowing SSE in Community Edition and during map creation.
-  defp validate_sse_subscription(changeset, _context) do
-    sse_enabled = Ash.Changeset.get_attribute(changeset, :sse_enabled)
-    map_id = changeset.data.id
-    subscriptions_enabled = WandererApp.Env.map_subscriptions_enabled?()
-
-    cond do
-      # Not enabling SSE - no validation needed
-      not sse_enabled ->
-        :ok
-
-      # Map creation (no ID yet) - skip validation
-      # Subscription check will happen on first update if they try to enable SSE
-      is_nil(map_id) ->
-        :ok
-
-      # Community Edition mode - always allow
-      not subscriptions_enabled ->
-        :ok
-
-      # Enterprise mode - check subscription
-      true ->
-        validate_active_subscription(map_id)
-    end
-  end
-
-  # Helper to check if map has an active subscription
-  defp validate_active_subscription(map_id) do
-    case WandererApp.Map.is_subscription_active?(map_id) do
-      {:ok, true} ->
-        :ok
-
-      {:ok, false} ->
-        {:error, field: :sse_enabled, message: "Active subscription required to enable SSE"}
-
-      {:error, reason} ->
-        require Logger
-        Logger.warning("Failed to check subscription for map #{map_id}: #{inspect(reason)}")
-        # Fail open - allow the operation but log the error
-        # This prevents database errors from blocking legitimate operations
-        :ok
-    end
-  end
 end

lib/wanderer_app/api/map_access_list.ex

@@ -61,11 +61,7 @@ defmodule WandererApp.Api.MapAccessList do
       :access_list_id
     ]
 
-    defaults [:create, :read, :destroy]
-
-    update :update do
-      require_atomic? false
-    end
+    defaults [:create, :read, :update, :destroy]
 
     read :read_by_map do
       argument(:map_id, :string, allow_nil?: false)

lib/wanderer_app/api/map_chain_passages.ex

@@ -27,11 +27,7 @@ defmodule WandererApp.Api.MapChainPassages do
       :solar_system_target_id
     ]
 
-    defaults [:create, :read, :destroy]
-
-    update :update do
-      require_atomic? false
-    end
+    defaults [:create, :read, :update, :destroy]
 
     create :new do
       accept [
@@ -44,6 +40,12 @@ defmodule WandererApp.Api.MapChainPassages do
       ]
 
       primary?(true)
+
+      argument :map_id, :uuid, allow_nil?: false
+      argument :character_id, :uuid, allow_nil?: false
+
+      change manage_relationship(:map_id, :map, on_lookup: :relate, on_no_match: nil)
+      change manage_relationship(:character_id, :character, on_lookup: :relate, on_no_match: nil)
     end
 
     action :by_map_id, {:array, :struct} do

lib/wanderer_app/api/map_character_settings.ex

@@ -81,6 +81,12 @@ defmodule WandererApp.Api.MapCharacterSettings do
         :character_id,
         :tracked
       ]
+
+      argument :map_id, :uuid, allow_nil?: false
+      argument :character_id, :uuid, allow_nil?: false
+
+      change manage_relationship(:map_id, :map, on_lookup: :relate, on_no_match: nil)
+      change manage_relationship(:character_id, :character, on_lookup: :relate, on_no_match: nil)
     end
 
     read :by_map_filtered do
@@ -140,7 +146,7 @@ defmodule WandererApp.Api.MapCharacterSettings do
     update :track do
       accept [:map_id, :character_id]
       argument :map_id, :string, allow_nil?: false
-      require_atomic? false
+      argument :character_id, :uuid, allow_nil?: false
 
       # Load the record first
       load do
@@ -154,7 +160,7 @@ defmodule WandererApp.Api.MapCharacterSettings do
     update :untrack do
       accept [:map_id, :character_id]
       argument :map_id, :string, allow_nil?: false
-      require_atomic? false
+      argument :character_id, :uuid, allow_nil?: false
 
       # Load the record first
       load do
@@ -168,7 +174,7 @@ defmodule WandererApp.Api.MapCharacterSettings do
     update :follow do
       accept [:map_id, :character_id]
       argument :map_id, :string, allow_nil?: false
-      require_atomic? false
+      argument :character_id, :uuid, allow_nil?: false
 
       # Load the record first
       load do
@@ -182,7 +188,7 @@ defmodule WandererApp.Api.MapCharacterSettings do
     update :unfollow do
       accept [:map_id, :character_id]
       argument :map_id, :string, allow_nil?: false
-      require_atomic? false
+      argument :character_id, :uuid, allow_nil?: false
 
       # Load the record first
       load do

lib/wanderer_app/api/map_connection.ex

@@ -4,8 +4,7 @@ defmodule WandererApp.Api.MapConnection do
   use Ash.Resource,
     domain: WandererApp.Api,
     data_layer: AshPostgres.DataLayer,
-    extensions: [AshJsonApi.Resource],
-    primary_read_warning?: false
+    extensions: [AshJsonApi.Resource]
 
   postgres do
     repo(WandererApp.Repo)
@@ -74,56 +73,7 @@ defmodule WandererApp.Api.MapConnection do
       :custom_info
     ]
 
-    create :create do
-      primary? true
-
-      accept [
-        :map_id,
-        :solar_system_source,
-        :solar_system_target,
-        :type,
-        :ship_size_type,
-        :mass_status,
-        :time_status,
-        :wormhole_type,
-        :count_of_passage,
-        :locked,
-        :custom_info
-      ]
-
-      # Inject map_id from token
-      change WandererApp.Api.Changes.InjectMapFromActor
-    end
-
-    read :read do
-      primary? true
-
-      # Security: Filter to only connections from actor's map
-      prepare WandererApp.Api.Preparations.FilterConnectionsByActorMap
-    end
-
-    update :update do
-      primary? true
-
-      accept [
-        :solar_system_source,
-        :solar_system_target,
-        :type,
-        :ship_size_type,
-        :mass_status,
-        :time_status,
-        :wormhole_type,
-        :count_of_passage,
-        :locked,
-        :custom_info
-      ]
-
-      require_atomic? false
-    end
-
-    destroy :destroy do
-      primary? true
-    end
+    defaults [:create, :read, :update, :destroy]
 
     read :read_by_map do
       argument(:map_id, :string, allow_nil?: false)
@@ -160,37 +110,30 @@ defmodule WandererApp.Api.MapConnection do
 
     update :update_mass_status do
       accept [:mass_status]
-      require_atomic? false
     end
 
     update :update_time_status do
       accept [:time_status]
-      require_atomic? false
     end
 
     update :update_ship_size_type do
       accept [:ship_size_type]
-      require_atomic? false
     end
 
     update :update_locked do
       accept [:locked]
-      require_atomic? false
     end
 
     update :update_custom_info do
       accept [:custom_info]
-      require_atomic? false
     end
 
     update :update_type do
       accept [:type]
-      require_atomic? false
     end
 
     update :update_wormhole_type do
       accept [:wormhole_type]
-      require_atomic? false
     end
   end
 

lib/wanderer_app/api/map_invite.ex

@@ -30,11 +30,7 @@ defmodule WandererApp.Api.MapInvite do
       :token
     ]
 
-    defaults [:read, :destroy]
-
-    update :update do
-      require_atomic? false
-    end
+    defaults [:read, :update, :destroy]
 
     create :new do
       accept [
@@ -45,6 +41,10 @@ defmodule WandererApp.Api.MapInvite do
       ]
 
       primary?(true)
+
+      argument :map_id, :uuid, allow_nil?: true
+
+      change manage_relationship(:map_id, :map, on_lookup: :relate, on_no_match: nil)
     end
 
     read :by_map do

lib/wanderer_app/api/map_ping.ex

@@ -3,8 +3,7 @@ defmodule WandererApp.Api.MapPing do
 
   use Ash.Resource,
     domain: WandererApp.Api,
-    data_layer: AshPostgres.DataLayer,
-    primary_read_warning?: false
+    data_layer: AshPostgres.DataLayer
 
   postgres do
     repo(WandererApp.Repo)
@@ -37,18 +36,7 @@ defmodule WandererApp.Api.MapPing do
       :message
     ]
 
-    defaults [:destroy]
-
-    update :update do
-      require_atomic? false
-    end
-
-    read :read do
-      primary? true
-
-      # Security: Filter to only pings from actor's map
-      prepare WandererApp.Api.Preparations.FilterPingsByActorMap
-    end
+    defaults [:read, :update, :destroy]
 
     create :new do
       accept [
@@ -60,6 +48,14 @@ defmodule WandererApp.Api.MapPing do
       ]
 
       primary?(true)
+
+      argument :map_id, :uuid, allow_nil?: false
+      argument :system_id, :uuid, allow_nil?: false
+      argument :character_id, :uuid, allow_nil?: false
+
+      change manage_relationship(:map_id, :map, on_lookup: :relate, on_no_match: nil)
+      change manage_relationship(:system_id, :system, on_lookup: :relate, on_no_match: nil)
+      change manage_relationship(:character_id, :character, on_lookup: :relate, on_no_match: nil)
     end
 
     read :by_map do

lib/wanderer_app/api/map_solar_system.ex

@@ -65,11 +65,7 @@ defmodule WandererApp.Api.MapSolarSystem do
       :sun_type_id
     ]
 
-    defaults [:read, :destroy]
-
-    update :update do
-      require_atomic? false
-    end
+    defaults [:read, :destroy, :update]
 
     create :create do
       primary? true

lib/wanderer_app/api/map_solar_system_jumps.ex

@@ -24,11 +24,7 @@ defmodule WandererApp.Api.MapSolarSystemJumps do
       :to_solar_system_id
     ]
 
-    defaults [:read, :destroy]
-
-    update :update do
-      require_atomic? false
-    end
+    defaults [:read, :destroy, :update]
 
     create :create do
       primary? true

lib/wanderer_app/api/map_state.ex

@@ -45,11 +45,7 @@ defmodule WandererApp.Api.MapState do
       :connections_start_time
     ]
 
-    defaults [:read, :destroy]
-
-    update :update do
-      require_atomic? false
-    end
+    defaults [:read, :update, :destroy]
 
     create :create do
       primary? true

lib/wanderer_app/api/map_subscription.ex

@@ -62,11 +62,7 @@ defmodule WandererApp.Api.MapSubscription do
       :auto_renew?
     ]
 
-    defaults [:create, :read, :destroy]
-
-    update :update do
-      require_atomic? false
-    end
+    defaults [:create, :read, :update, :destroy]
 
     read :all_active do
       prepare build(sort: [updated_at: :asc], load: [:map])
@@ -92,39 +88,32 @@ defmodule WandererApp.Api.MapSubscription do
 
     update :update_plan do
       accept [:plan]
-      require_atomic? false
     end
 
     update :update_characters_limit do
       accept [:characters_limit]
-      require_atomic? false
     end
 
     update :update_hubs_limit do
       accept [:hubs_limit]
-      require_atomic? false
     end
 
     update :update_active_till do
       accept [:active_till]
-      require_atomic? false
     end
 
     update :update_auto_renew do
       accept [:auto_renew?]
-      require_atomic? false
     end
 
     update :cancel do
       accept([])
-      require_atomic? false
 
       change(set_attribute(:status, :cancelled))
     end
 
     update :expire do
       accept([])
-      require_atomic? false
 
       change(set_attribute(:status, :expired))
     end

lib/wanderer_app/api/map_system.ex

@@ -24,12 +24,16 @@ defmodule WandererApp.Api.MapSystem do
   use Ash.Resource,
     domain: WandererApp.Api,
     data_layer: AshPostgres.DataLayer,
-    extensions: [AshJsonApi.Resource],
-    primary_read_warning?: false
+    extensions: [AshJsonApi.Resource]
 
   postgres do
     repo(WandererApp.Repo)
     table("map_system_v1")
+
+    custom_indexes do
+      # Partial index for efficient visible systems query
+      index [:map_id], where: "visible = true", name: "map_system_v1_map_id_visible_index"
+    end
   end
 
   json_api do
@@ -66,7 +70,10 @@ defmodule WandererApp.Api.MapSystem do
     define(:upsert, action: :upsert)
     define(:destroy, action: :destroy)
 
-    define :by_id, action: :get_by_id, args: [:id], get?: true
+    define(:by_id,
+      get_by: [:id],
+      action: :read
+    )
 
     define(:by_solar_system_id,
       get_by: [:solar_system_id],
@@ -96,7 +103,6 @@ defmodule WandererApp.Api.MapSystem do
     define(:update_status, action: :update_status)
     define(:update_tag, action: :update_tag)
     define(:update_temporary_name, action: :update_temporary_name)
-    define(:update_custom_name, action: :update_custom_name)
     define(:update_labels, action: :update_labels)
     define(:update_linked_sig_eve_id, action: :update_linked_sig_eve_id)
     define(:update_position, action: :update_position)
@@ -122,56 +128,7 @@ defmodule WandererApp.Api.MapSystem do
       :linked_sig_eve_id
     ]
 
-    create :create do
-      primary? true
-
-      accept [
-        :map_id,
-        :name,
-        :solar_system_id,
-        :position_x,
-        :position_y,
-        :status,
-        :visible,
-        :locked,
-        :custom_name,
-        :description,
-        :tag,
-        :temporary_name,
-        :labels,
-        :added_at,
-        :linked_sig_eve_id
-      ]
-
-      # Inject map_id from token
-      change WandererApp.Api.Changes.InjectMapFromActor
-    end
-
-    update :update do
-      primary? true
-      require_atomic? false
-
-      # Note: name and solar_system_id are not in accept
-      # - solar_system_id should be immutable (identifier)
-      # - name has allow_nil? false which makes it required in JSON:API
-      accept [
-        :position_x,
-        :position_y,
-        :status,
-        :visible,
-        :locked,
-        :custom_name,
-        :description,
-        :tag,
-        :temporary_name,
-        :labels,
-        :linked_sig_eve_id
-      ]
-    end
-
-    destroy :destroy do
-      primary? true
-    end
+    defaults [:create, :update, :destroy]
 
     create :upsert do
       primary? false
@@ -201,9 +158,6 @@ defmodule WandererApp.Api.MapSystem do
     read :read do
       primary?(true)
 
-      # Security: Filter to only systems from actor's map
-      prepare WandererApp.Api.Preparations.FilterSystemsByActorMap
-
       pagination offset?: true,
                  default_limit: 100,
                  max_page_size: 500,
@@ -211,11 +165,6 @@ defmodule WandererApp.Api.MapSystem do
                  required?: false
     end
 
-    read :get_by_id do
-      argument(:id, :string, allow_nil?: false)
-      filter(expr(id == ^arg(:id)))
-    end
-
     read :read_all_by_map do
       argument(:map_id, :string, allow_nil?: false)
       filter(expr(map_id == ^arg(:map_id)))
@@ -237,59 +186,44 @@ defmodule WandererApp.Api.MapSystem do
 
     update :update_name do
       accept [:name]
-      require_atomic? false
     end
 
     update :update_description do
       accept [:description]
-      require_atomic? false
     end
 
     update :update_locked do
       accept [:locked]
-      require_atomic? false
     end
 
     update :update_status do
       accept [:status]
-      require_atomic? false
     end
 
     update :update_tag do
       accept [:tag]
-      require_atomic? false
     end
 
     update :update_temporary_name do
       accept [:temporary_name]
-      require_atomic? false
-    end
-
-    update :update_custom_name do
-      accept [:custom_name]
-      require_atomic? false
     end
 
     update :update_labels do
       accept [:labels]
-      require_atomic? false
     end
 
     update :update_position do
       accept [:position_x, :position_y]
-      require_atomic? false
 
       change(set_attribute(:visible, true))
     end
 
     update :update_linked_sig_eve_id do
       accept [:linked_sig_eve_id]
-      require_atomic? false
     end
 
     update :update_visible do
       accept [:visible]
-      require_atomic? false
     end
   end
 

lib/wanderer_app/api/map_system_comment.ex

@@ -59,6 +59,12 @@ defmodule WandererApp.Api.MapSystemComment do
         :character_id,
         :text
       ]
+
+      argument :system_id, :uuid, allow_nil?: false
+      argument :character_id, :uuid, allow_nil?: false
+
+      change manage_relationship(:system_id, :system, on_lookup: :relate, on_no_match: nil)
+      change manage_relationship(:character_id, :character, on_lookup: :relate, on_no_match: nil)
     end
 
     read :by_system_id do

lib/wanderer_app/api/map_system_signature.ex

@@ -111,6 +111,10 @@ defmodule WandererApp.Api.MapSystemSignature do
         :custom_info,
         :deleted
       ]
+
+      argument :system_id, :uuid, allow_nil?: false
+
+      change manage_relationship(:system_id, :system, on_lookup: :relate, on_no_match: nil)
     end
 
     update :update do
@@ -135,17 +139,14 @@ defmodule WandererApp.Api.MapSystemSignature do
 
     update :update_linked_system do
       accept [:linked_system_id]
-      require_atomic? false
     end
 
     update :update_type do
       accept [:type]
-      require_atomic? false
     end
 
     update :update_group do
       accept [:group]
-      require_atomic? false
     end
 
     read :by_system_id do

lib/wanderer_app/api/map_system_structure.ex

@@ -122,6 +122,13 @@ defmodule WandererApp.Api.MapSystemStructure do
         :status,
         :end_time
       ]
+
+      argument :system_id, :uuid, allow_nil?: false
+
+      change manage_relationship(:system_id, :system,
+               on_lookup: :relate,
+               on_no_match: nil
+             )
     end
 
     update :update do

lib/wanderer_app/api/map_transaction.ex

@@ -29,11 +29,7 @@ defmodule WandererApp.Api.MapTransaction do
       :amount
     ]
 
-    defaults [:create, :read, :destroy]
-
-    update :update do
-      require_atomic? false
-    end
+    defaults [:create, :read, :update, :destroy]
 
     read :by_map do
       argument(:map_id, :string, allow_nil?: false)

lib/wanderer_app/api/map_user_settings.ex

@@ -53,30 +53,22 @@ defmodule WandererApp.Api.MapUserSettings do
       :settings
     ]
 
-    defaults [:create, :read, :destroy]
-
-    update :update do
-      require_atomic? false
-    end
+    defaults [:create, :read, :update, :destroy]
 
     update :update_settings do
       accept [:settings]
-      require_atomic? false
     end
 
     update :update_main_character do
       accept [:main_character_eve_id]
-      require_atomic? false
     end
 
     update :update_following_character do
       accept [:following_character_eve_id]
-      require_atomic? false
     end
 
     update :update_hubs do
       accept [:hubs]
-      require_atomic? false
     end
   end
 

lib/wanderer_app/api/map_webhook_subscription.ex

@@ -58,7 +58,6 @@ defmodule WandererApp.Api.MapWebhookSubscription do
         :consecutive_failures,
         :secret
       ]
-      require_atomic? false
     end
 
     read :by_map do

lib/wanderer_app/api/preparations/filter_by_actor_map.ex

@@ -1,64 +0,0 @@
-defmodule WandererApp.Api.Preparations.FilterByActorMap do
-  @moduledoc """
-  Shared filtering logic for actor map context.
-
-  Filters queries to only return resources belonging to the actor's map.
-  Used by preparations for MapSystem, MapConnection, and MapPing resources.
-  """
-
-  require Ash.Query
-
-  alias WandererApp.Api.ActorHelpers
-
-  @doc """
-  Filter a query by the actor's map context.
-
-  If a map is found in the context, filters the query to only return
-  resources where map_id matches. If no map context exists, returns
-  a query that will return no results.
-
-  ## Parameters
-
-    * `query` - The Ash query to filter
-    * `context` - The Ash context containing actor/map information
-    * `resource_name` - Name of the resource for telemetry (atom)
-
-  ## Examples
-
-      iex> query = Ash.Query.new(WandererApp.Api.MapSystem)
-      iex> context = %{map: %{id: "map-123"}}
-      iex> result = FilterByActorMap.filter_by_map(query, context, :map_system)
-      # Returns query filtered by map_id == "map-123"
-  """
-  def filter_by_map(query, context, resource_name) do
-    case ActorHelpers.get_map(context) do
-      %{id: map_id} ->
-        emit_telemetry(resource_name, map_id)
-        Ash.Query.filter(query, map_id == ^map_id)
-
-      nil ->
-        emit_telemetry_no_context(resource_name)
-        Ash.Query.filter(query, false)
-
-      _other ->
-        emit_telemetry_no_context(resource_name)
-        Ash.Query.filter(query, false)
-    end
-  end
-
-  defp emit_telemetry(resource_name, map_id) do
-    :telemetry.execute(
-      [:wanderer_app, :ash, :preparation, :filter_by_map],
-      %{count: 1},
-      %{resource: resource_name, map_id: map_id}
-    )
-  end
-
-  defp emit_telemetry_no_context(resource_name) do
-    :telemetry.execute(
-      [:wanderer_app, :ash, :preparation, :filter_by_map, :no_context],
-      %{count: 1},
-      %{resource: resource_name}
-    )
-  end
-end

lib/wanderer_app/api/preparations/filter_connections_by_actor_map.ex

@@ -1,17 +0,0 @@
-defmodule WandererApp.Api.Preparations.FilterConnectionsByActorMap do
-  @moduledoc """
-  Ash preparation that filters connections to only those from the actor's map.
-
-  For token-based auth, this ensures the API only returns connections
-  from the map associated with the token.
-  """
-
-  use Ash.Resource.Preparation
-
-  alias WandererApp.Api.Preparations.FilterByActorMap
-
-  @impl true
-  def prepare(query, _opts, context) do
-    FilterByActorMap.filter_by_map(query, context, :map_connection)
-  end
-end

lib/wanderer_app/api/preparations/filter_pings_by_actor_map.ex

@@ -1,17 +0,0 @@
-defmodule WandererApp.Api.Preparations.FilterPingsByActorMap do
-  @moduledoc """
-  Ash preparation that filters pings to only those from the actor's map.
-
-  For token-based auth, this ensures the API only returns pings
-  from the map associated with the token.
-  """
-
-  use Ash.Resource.Preparation
-
-  alias WandererApp.Api.Preparations.FilterByActorMap
-
-  @impl true
-  def prepare(query, _opts, context) do
-    FilterByActorMap.filter_by_map(query, context, :map_ping)
-  end
-end

lib/wanderer_app/api/preparations/filter_systems_by_actor_map.ex

@@ -1,17 +0,0 @@
-defmodule WandererApp.Api.Preparations.FilterSystemsByActorMap do
-  @moduledoc """
-  Ash preparation that filters systems to only those from the actor's map.
-
-  For token-based auth, this ensures the API only returns systems
-  from the map associated with the token.
-  """
-
-  use Ash.Resource.Preparation
-
-  alias WandererApp.Api.Preparations.FilterByActorMap
-
-  @impl true
-  def prepare(query, _opts, context) do
-    FilterByActorMap.filter_by_map(query, context, :map_system)
-  end
-end

lib/wanderer_app/api/preparations/secure_api_key_lookup.ex

@@ -1,62 +0,0 @@
-defmodule WandererApp.Api.Preparations.SecureApiKeyLookup do
-  @moduledoc """
-  Preparation that performs secure API key lookup using constant-time comparison.
-
-  This preparation:
-  1. Queries for the map with the given API key using database index
-  2. Performs constant-time comparison to verify the key matches
-  3. Returns the map only if the secure comparison passes
-
-  The constant-time comparison prevents timing attacks where an attacker
-  could deduce information about valid API keys by measuring response times.
-  """
-
-  use Ash.Resource.Preparation
-  require Ash.Query
-
-  @dummy_key "dummy_key_for_timing_consistency_00000000"
-
-  def prepare(query, _params, _context) do
-    api_key = Ash.Query.get_argument(query, :api_key)
-
-    if is_nil(api_key) or api_key == "" do
-      # Return empty result for invalid input
-      Ash.Query.filter(query, expr(false))
-    else
-      # First, do the database lookup using the index
-      # Then apply constant-time comparison in after_action
-      query
-      |> Ash.Query.filter(expr(public_api_key == ^api_key))
-      |> Ash.Query.after_action(fn _query, results ->
-        verify_results_with_secure_compare(results, api_key)
-      end)
-    end
-  end
-
-  defp verify_results_with_secure_compare(results, provided_key) do
-    case results do
-      [map] ->
-        # Map found - verify with constant-time comparison
-        stored_key = map.public_api_key || @dummy_key
-
-        if Plug.Crypto.secure_compare(stored_key, provided_key) do
-          {:ok, [map]}
-        else
-          # Keys don't match (shouldn't happen if DB returned it, but safety check)
-          {:ok, []}
-        end
-
-      [] ->
-        # No map found - still do a comparison to maintain consistent timing
-        # This prevents timing attacks from distinguishing "not found" from "found but wrong"
-        _result = Plug.Crypto.secure_compare(@dummy_key, provided_key)
-        {:ok, []}
-
-      _multiple ->
-        # Multiple results - shouldn't happen with unique constraint
-        # Do comparison for timing consistency and return error
-        _result = Plug.Crypto.secure_compare(@dummy_key, provided_key)
-        {:ok, []}
-    end
-  end
-end

lib/wanderer_app/api/ship_type_info.ex

@@ -49,11 +49,7 @@ defmodule WandererApp.Api.ShipTypeInfo do
       :volume
     ]
 
-    defaults [:read, :destroy]
-
-    update :update do
-      require_atomic? false
-    end
+    defaults [:read, :destroy, :update]
 
     create :create do
       primary? true

lib/wanderer_app/api/user.ex

@@ -51,15 +51,10 @@ defmodule WandererApp.Api.User do
       :hash
     ]
 
-    defaults [:create, :read, :destroy]
-
-    update :update do
-      require_atomic? false
-    end
+    defaults [:create, :read, :update, :destroy]
 
     update :update_last_map do
       accept([:last_map_id])
-      require_atomic? false
     end
 
     update :update_balance do

lib/wanderer_app/api/user_activity.ex

@@ -4,8 +4,7 @@ defmodule WandererApp.Api.UserActivity do
   use Ash.Resource,
     domain: WandererApp.Api,
     data_layer: AshPostgres.DataLayer,
-    extensions: [AshJsonApi.Resource],
-    primary_read_warning?: false
+    extensions: [AshJsonApi.Resource]
 
   require Ash.Expr
 
@@ -56,8 +55,7 @@ defmodule WandererApp.Api.UserActivity do
       :entity_type,
       :event_type,
       :event_data,
-      :user_id,
-      :character_id
+      :user_id
     ]
 
     read :read do
@@ -72,8 +70,14 @@ defmodule WandererApp.Api.UserActivity do
     end
 
     create :new do
-      accept [:entity_id, :entity_type, :event_type, :event_data, :user_id, :character_id]
+      accept [:entity_id, :entity_type, :event_type, :event_data]
       primary?(true)
+
+      argument :user_id, :uuid, allow_nil?: true
+      argument :character_id, :uuid, allow_nil?: true
+
+      change manage_relationship(:user_id, :user, on_lookup: :relate, on_no_match: nil)
+      change manage_relationship(:character_id, :character, on_lookup: :relate, on_no_match: nil)
     end
 
     destroy :archive do

lib/wanderer_app/api/user_transaction.ex

@@ -28,6 +28,10 @@ defmodule WandererApp.Api.UserTransaction do
     create :new do
       accept [:journal_ref_id, :user_id, :date, :amount, :corporation_id]
       primary?(true)
+
+      argument :user_id, :uuid, allow_nil?: false
+
+      change manage_relationship(:user_id, :user, on_lookup: :relate, on_no_match: nil)
     end
   end
 

lib/wanderer_app/application.ex

@@ -153,16 +153,13 @@ defmodule WandererApp.Application do
     :ok
   end
 
-  defp maybe_start_corp_wallet_tracker(true) do
-    # Don't start corp wallet tracker in test environment
-    if Application.get_env(:wanderer_app, :environment) == :test do
-      []
-    else
-      [WandererApp.StartCorpWalletTrackerTask]
-    end
-  end
+  defp maybe_start_corp_wallet_tracker(true),
+    do: [
+      WandererApp.StartCorpWalletTrackerTask
+    ]
 
-  defp maybe_start_corp_wallet_tracker(_), do: []
+  defp maybe_start_corp_wallet_tracker(_),
+    do: []
 
   defp maybe_start_kills_services do
     # Don't start kills services in test environment

lib/wanderer_app/character/activity.ex

@@ -43,13 +43,14 @@ defmodule WandererApp.Character.Activity do
   ## Parameters
   - `map_id`: ID of the map
   - `current_user`: Current user struct (used only to get user settings)
+  - `days`: Optional number of days to filter activity (nil for all time)
 
   ## Returns
   - List of processed activity data
   """
-  def process_character_activity(map_id, current_user) do
+  def process_character_activity(map_id, current_user, days \\ nil) do
     with {:ok, map_user_settings} <- get_map_user_settings(map_id, current_user.id),
-         {:ok, raw_activity} <- WandererApp.Map.get_character_activity(map_id),
+         {:ok, raw_activity} <- WandererApp.Map.get_character_activity(map_id, days),
          {:ok, user_characters} <-
            WandererApp.Api.Character.active_by_user(%{user_id: current_user.id}) do
       process_activity_data(raw_activity, map_user_settings, user_characters)

lib/wanderer_app/env.ex

@@ -17,6 +17,7 @@ defmodule WandererApp.Env do
   def invites(), do: get_key(:invites, false)
 
   def map_subscriptions_enabled?(), do: get_key(:map_subscriptions_enabled, false)
+  def websocket_events_enabled?(), do: get_key(:websocket_events_enabled, false)
   def public_api_disabled?(), do: get_key(:public_api_disabled, false)
 
   @decorate cacheable(

lib/wanderer_app/esi/api_client.ex

@@ -463,7 +463,8 @@ defmodule WandererApp.Esi.ApiClient do
 
         {:error, reason} ->
           # Check if this is a Finch pool error
-          if is_exception(reason) and Exception.message(reason) =~ "unable to provide a connection" do
+          if is_exception(reason) and
+               Exception.message(reason) =~ "unable to provide a connection" do
             :telemetry.execute(
               [:wanderer_app, :finch, :pool_exhausted],
               %{count: 1},
@@ -677,7 +678,8 @@ defmodule WandererApp.Esi.ApiClient do
 
         {:error, reason} ->
           # Check if this is a Finch pool error
-          if is_exception(reason) and Exception.message(reason) =~ "unable to provide a connection" do
+          if is_exception(reason) and
+               Exception.message(reason) =~ "unable to provide a connection" do
             :telemetry.execute(
               [:wanderer_app, :finch, :pool_exhausted],
               %{count: 1},

lib/wanderer_app/external_events/map_event_relay.ex

@@ -155,23 +155,26 @@ defmodule WandererApp.ExternalEvents.MapEventRelay do
     # 1. Store in ETS for backfill
     store_event(event, state.ets_table)
 
+    # 2. Convert event to JSON for delivery methods
     event_json = Event.to_json(event)
 
+    Logger.debug(fn ->
+      "MapEventRelay converted event to JSON: #{inspect(String.slice(inspect(event_json), 0, 200))}..."
+    end)
+
+    # 3. Send to webhook subscriptions via WebhookDispatcher
     WebhookDispatcher.dispatch_event(event.map_id, event)
 
-    case WandererApp.ExternalEvents.SseAccessControl.sse_allowed?(event.map_id) do
-      :ok ->
-        WandererApp.ExternalEvents.SseStreamManager.broadcast_event(event.map_id, event_json)
+    # 4. Broadcast to SSE clients
+    Logger.debug(fn -> "MapEventRelay broadcasting to SSE clients for map #{event.map_id}" end)
+    WandererApp.ExternalEvents.SseStreamManager.broadcast_event(event.map_id, event_json)
 
-        :telemetry.execute(
-          [:wanderer_app, :external_events, :relay, :delivered],
-          %{count: 1},
-          %{map_id: event.map_id, event_type: event.type}
-        )
-
-      {:error, _reason} ->
-        :ok
-    end
+    # Emit delivered telemetry
+    :telemetry.execute(
+      [:wanderer_app, :external_events, :relay, :delivered],
+      %{count: 1},
+      %{map_id: event.map_id, event_type: event.type}
+    )
 
     %{state | event_count: state.event_count + 1}
   end

lib/wanderer_app/external_events/sse_access_control.ex

@@ -1,71 +0,0 @@
-defmodule WandererApp.ExternalEvents.SseAccessControl do
-  @moduledoc """
-  Handles SSE access control checks including subscription validation.
-
-  Note: Community Edition mode is automatically handled by the
-  WandererApp.Map.is_subscription_active?/1 function, which returns
-  {:ok, true} when subscriptions are disabled globally.
-  """
-
-  @doc """
-  Checks if SSE is allowed for a given map.
-
-  Returns:
-  - :ok if SSE is allowed
-  - {:error, reason} if SSE is not allowed
-
-  Checks in order:
-  1. Global SSE enabled (config)
-  2. Map exists
-  3. Map SSE enabled (per-map setting)
-  4. Subscription active (CE mode handled internally)
-  """
-  def sse_allowed?(map_id) do
-    with :ok <- check_sse_globally_enabled(),
-         {:ok, map} <- fetch_map(map_id),
-         :ok <- check_map_sse_enabled(map),
-         :ok <- check_subscription_or_ce(map_id) do
-      :ok
-    end
-  end
-
-  defp check_sse_globally_enabled do
-    if WandererApp.Env.sse_enabled?() do
-      :ok
-    else
-      {:error, :sse_globally_disabled}
-    end
-  end
-
-  # Fetches the map by ID.
-  # Returns {:ok, map} or {:error, :map_not_found}
-  defp fetch_map(map_id) do
-    case WandererApp.Api.Map.by_id(map_id) do
-      {:ok, _map} = result -> result
-      _ -> {:error, :map_not_found}
-    end
-  end
-
-  defp check_map_sse_enabled(map) do
-    if map.sse_enabled do
-      :ok
-    else
-      {:error, :sse_disabled_for_map}
-    end
-  end
-
-  # Checks if map has active subscription or if running Community Edition.
-  #
-  # Returns :ok if:
-  # - Community Edition (handled internally by is_subscription_active?/1), OR
-  # - Map has active subscription
-  #
-  # Returns {:error, :subscription_required} if subscription check fails.
-  defp check_subscription_or_ce(map_id) do
-    case WandererApp.Map.is_subscription_active?(map_id) do
-      {:ok, true} -> :ok
-      {:ok, false} -> {:error, :subscription_required}
-      {:error, _reason} = error -> error
-    end
-  end
-end

lib/wanderer_app/map.ex

@@ -205,7 +205,7 @@ defmodule WandererApp.Map do
 
     characters_ids =
       characters
-      |> Enum.map(fn %{character_id: char_id} -> char_id end)
+      |> Enum.map(fn %{id: char_id} -> char_id end)
 
     # Filter out characters that already exist
     new_character_ids =

lib/wanderer_app/map/cache_rtree.ex

@@ -348,9 +348,9 @@ defmodule WandererApp.Map.CacheRTree do
     [{x1_min, x1_max}, {y1_min, y1_max}] = box1
     [{x2_min, x2_max}, {y2_min, y2_max}] = box2
 
-    # Boxes intersect if they overlap on both axes (strict intersection - not just touching)
-    x_overlap = x1_min < x2_max and x2_min < x1_max
-    y_overlap = y1_min < y2_max and y2_min < y1_max
+    # Boxes intersect if they overlap on both axes
+    x_overlap = x1_min <= x2_max and x2_min <= x1_max
+    y_overlap = y1_min <= y2_max and y2_min <= y1_max
 
     x_overlap and y_overlap
   end

lib/wanderer_app/map/map_position_calculator.ex

@@ -106,9 +106,6 @@ defmodule WandererApp.Map.PositionCalculator do
 
   defp get_start_index(n, "top_to_bottom"), do: div(n, 2) + n - 1
 
-  # Default to left_to_right when layout is nil
-  defp get_start_index(n, nil), do: div(n, 2)
-
   defp adjusted_coordinates(n, start_x, start_y, opts) when n > 1 do
     sorted_coords = sorted_edge_coordinates(n, opts)
 

lib/wanderer_app/map/map_server.ex

@@ -56,8 +56,6 @@ defmodule WandererApp.Map.Server do
 
   defdelegate update_system_temporary_name(map_id, update), to: Impl
 
-  defdelegate update_system_custom_name(map_id, update), to: Impl
-
   defdelegate update_system_locked(map_id, update), to: Impl
 
   defdelegate update_system_labels(map_id, update), to: Impl

lib/wanderer_app/map/operations/duplication.ex

@@ -72,7 +72,7 @@ defmodule WandererApp.Map.Operations.Duplication do
     Logger.debug("Copying systems for map #{source_map.id}")
 
     # Get all systems from source map using Ash
-    case MapSystem.read_all_by_map(%{map_id: source_map.id}) do
+    case MapSystem |> Ash.Query.filter(map_id == ^source_map.id) |> Ash.read() do
       {:ok, source_systems} ->
         system_mapping = %{}
 
@@ -126,7 +126,7 @@ defmodule WandererApp.Map.Operations.Duplication do
   defp copy_connections(source_map, new_map, system_mapping) do
     Logger.debug("Copying connections for map #{source_map.id}")
 
-    case MapConnection.read_by_map(%{map_id: source_map.id}) do
+    case MapConnection |> Ash.Query.filter(map_id == ^source_map.id) |> Ash.read() do
       {:ok, source_connections} ->
         Enum.reduce_while(source_connections, {:ok, []}, fn source_connection,
                                                             {:ok, acc_connections} ->
@@ -222,7 +222,7 @@ defmodule WandererApp.Map.Operations.Duplication do
     source_system_ids = Map.keys(system_mapping)
 
     Enum.flat_map(source_system_ids, fn system_id ->
-      case MapSystemSignature.by_system_id_all(%{system_id: system_id}) do
+      case MapSystemSignature |> Ash.Query.filter(system_id == ^system_id) |> Ash.read() do
         {:ok, signatures} -> signatures
         {:error, _} -> []
       end
@@ -355,7 +355,7 @@ defmodule WandererApp.Map.Operations.Duplication do
   defp maybe_copy_user_settings(source_map, new_map, true) do
     Logger.debug("Copying user settings for map #{source_map.id}")
 
-    case MapCharacterSettings.read_by_map(%{map_id: source_map.id}) do
+    case MapCharacterSettings |> Ash.Query.filter(map_id == ^source_map.id) |> Ash.read() do
       {:ok, source_settings} ->
         Enum.reduce_while(source_settings, {:ok, []}, fn source_setting, {:ok, acc_settings} ->
           case copy_single_character_setting(source_setting, new_map.id) do

lib/wanderer_app/map/operations/signatures.ex

@@ -8,38 +8,35 @@ defmodule WandererApp.Map.Operations.Signatures do
   alias WandererApp.Api.{Character, MapSystem, MapSystemSignature}
   alias WandererApp.Map.Server
 
+  # Private helper to validate character_eve_id from params and return internal character ID
+  # If character_eve_id is provided in params, validates it exists and returns the internal UUID
+  # If not provided, falls back to the owner's character ID (which is already the internal UUID)
   @spec validate_character_eve_id(map() | nil, String.t()) ::
-          {:ok, String.t()} | {:error, :invalid_character} | {:error, :unexpected_error}
+          {:ok, String.t()} | {:error, :invalid_character}
   defp validate_character_eve_id(params, fallback_char_id) when is_map(params) do
     case Map.get(params, "character_eve_id") do
       nil ->
+        # No character_eve_id provided, use fallback (owner's internal character UUID)
         {:ok, fallback_char_id}
 
       provided_char_eve_id when is_binary(provided_char_eve_id) ->
+        # Validate the provided character_eve_id exists and get internal UUID
         case Character.by_eve_id(provided_char_eve_id) do
           {:ok, character} ->
+            # Return the internal character UUID, not the eve_id
             {:ok, character.id}
 
-          {:error, %Ash.Error.Query.NotFound{}} ->
+          _ ->
             {:error, :invalid_character}
-
-          {:error, %Ash.Error.Invalid{}} ->
-            # Invalid format (e.g., non-numeric string for an integer field)
-            {:error, :invalid_character}
-
-          {:error, reason} ->
-            Logger.error(
-              "[validate_character_eve_id] Unexpected error looking up character: #{inspect(reason)}"
-            )
-
-            {:error, :unexpected_error}
         end
 
       _ ->
+        # Invalid format
         {:error, :invalid_character}
     end
   end
 
+  # Handle nil or non-map params by falling back to owner's character
   defp validate_character_eve_id(_params, fallback_char_id) do
     {:ok, fallback_char_id}
   end
@@ -77,8 +74,12 @@ defmodule WandererApp.Map.Operations.Signatures do
         %{"solar_system_id" => solar_system_id} = params
       )
       when is_integer(solar_system_id) do
+    # Validate character first, then convert solar_system_id to system_id
+    # validated_char_uuid is the internal character UUID for Server.update_signatures
     with {:ok, validated_char_uuid} <- validate_character_eve_id(params, char_id),
          {:ok, system} <- MapSystem.by_map_id_and_solar_system_id(map_id, solar_system_id) do
+      # Keep character_eve_id in attrs if provided by user (parse_signatures will use it)
+      # If not provided, parse_signatures will use the character_eve_id from validated_char_uuid lookup
       attrs =
         params
         |> Map.put("system_id", system.id)
@@ -89,6 +90,7 @@ defmodule WandererApp.Map.Operations.Signatures do
              updated_signatures: [],
              removed_signatures: [],
              solar_system_id: solar_system_id,
+             # Pass internal UUID here
              character_id: validated_char_uuid,
              user_id: user_id,
              delete_connection_with_sigs: false
@@ -125,10 +127,6 @@ defmodule WandererApp.Map.Operations.Signatures do
         Logger.error("[create_signature] Invalid character_eve_id provided")
         {:error, :invalid_character}
 
-      {:error, :unexpected_error} ->
-        Logger.error("[create_signature] Unexpected error during character validation")
-        {:error, :unexpected_error}
-
       _ ->
         Logger.error(
           "[create_signature] System not found for solar_system_id: #{solar_system_id}"
@@ -154,6 +152,8 @@ defmodule WandererApp.Map.Operations.Signatures do
         sig_id,
         params
       ) do
+    # Validate character first, then look up signature and system
+    # validated_char_uuid is the internal character UUID
     with {:ok, validated_char_uuid} <- validate_character_eve_id(params, char_id),
          {:ok, sig} <- MapSystemSignature.by_id(sig_id),
          {:ok, system} <- MapSystem.by_id(sig.system_id) do
@@ -177,6 +177,7 @@ defmodule WandererApp.Map.Operations.Signatures do
           updated_signatures: [attrs],
           removed_signatures: [],
           solar_system_id: system.solar_system_id,
+          # Pass internal UUID here
           character_id: validated_char_uuid,
           user_id: user_id,
           delete_connection_with_sigs: false
@@ -199,13 +200,9 @@ defmodule WandererApp.Map.Operations.Signatures do
         Logger.error("[update_signature] Invalid character_eve_id provided")
         {:error, :invalid_character}
 
-      {:error, :unexpected_error} ->
-        Logger.error("[update_signature] Unexpected error during character validation")
-        {:error, :unexpected_error}
-
       err ->
-        Logger.error("[update_signature] Signature or system not found: #{inspect(err)}")
-        {:error, :not_found}
+        Logger.error("[update_signature] Unexpected error: #{inspect(err)}")
+        {:error, :unexpected_error}
     end
   end
 

lib/wanderer_app/map/operations/systems.ex

@@ -35,22 +35,21 @@ defmodule WandererApp.Map.Operations.Systems do
 
   # Private helper for batch upsert
   defp create_system_batch(%{map_id: map_id, user_id: user_id, char_id: char_id}, params) do
-    with {:ok, solar_system_id} <- fetch_system_id(params) do
-      update_existing = fetch_update_existing(params, false)
+    {:ok, solar_system_id} = fetch_system_id(params)
+    update_existing = fetch_update_existing(params, false)
 
-      map_id
-      |> WandererApp.Map.check_location(%{solar_system_id: solar_system_id})
-      |> case do
-        {:ok, _location} ->
-          do_create_system(map_id, user_id, char_id, params)
+    map_id
+    |> WandererApp.Map.check_location(%{solar_system_id: solar_system_id})
+    |> case do
+      {:ok, _location} ->
+        do_create_system(map_id, user_id, char_id, params)
 
-        {:error, :already_exists} ->
-          if update_existing do
-            do_update_system(map_id, user_id, char_id, solar_system_id, params)
-          else
-            :ok
-          end
-      end
+      {:error, :already_exists} ->
+        if update_existing do
+          do_update_system(map_id, user_id, char_id, solar_system_id, params)
+        else
+          :ok
+        end
     end
   end
 
@@ -107,8 +106,8 @@ defmodule WandererApp.Map.Operations.Systems do
         Logger.warning("[update_system] Expected error: #{inspect(reason)}")
         {:error, :expected_error}
 
-      error ->
-        Logger.error("[update_system] Unexpected error: #{inspect(error)}")
+      _ ->
+        Logger.error("[update_system] Unexpected error")
         {:error, :unexpected_error}
     end
   end
@@ -186,8 +185,6 @@ defmodule WandererApp.Map.Operations.Systems do
 
   defp parse_int(val, _field) when is_integer(val), do: {:ok, val}
 
-  defp parse_int(val, _field) when is_float(val), do: {:ok, trunc(val)}
-
   defp parse_int(val, field) when is_binary(val) do
     case Integer.parse(val) do
       {i, _} -> {:ok, i}
@@ -271,9 +268,12 @@ defmodule WandererApp.Map.Operations.Systems do
         })
 
       "custom_name" ->
-        Server.update_system_custom_name(map_id, %{
+        {:ok, solar_system_info} =
+          WandererApp.CachedInfo.get_system_static_info(system_id)
+
+        Server.update_system_name(map_id, %{
           solar_system_id: system_id,
-          custom_name: val
+          name: val || solar_system_info.solar_system_name
         })
 
       "temporary_name" ->

lib/wanderer_app/map/server/map_server_impl.ex

@@ -21,7 +21,6 @@ defmodule WandererApp.Map.Server.Impl do
     :map_id,
     :rtree_name,
     map: nil,
-    acls: [],
     map_opts: []
   ]
 
@@ -45,12 +44,6 @@ defmodule WandererApp.Map.Server.Impl do
       }
       |> new()
 
-    # In test mode, give the test setup time to grant database access
-    # This is necessary for async tests where the sandbox needs to allow this process
-    if Mix.env() == :test do
-      Process.sleep(150)
-    end
-
     # Parallelize database queries for faster initialization
     start_time = System.monotonic_time(:millisecond)
 
@@ -58,15 +51,14 @@ defmodule WandererApp.Map.Server.Impl do
       Task.async(fn ->
         {:map,
          WandererApp.MapRepo.get(map_id, [
-           :owner
+           :owner,
+           :characters,
+           acls: [
+             :owner_id,
+             members: [:role, :eve_character_id, :eve_corporation_id, :eve_alliance_id]
+           ]
          ])}
       end),
-      Task.async(fn ->
-        {:acls, WandererApp.Api.MapAccessList.read_by_map(%{map_id: map_id})}
-      end),
-      Task.async(fn ->
-        {:characters, WandererApp.MapCharacterSettingsRepo.get_all_by_map(map_id)}
-      end),
       Task.async(fn ->
         {:systems, WandererApp.MapSystemRepo.get_visible_by_map(map_id)}
       end),
@@ -100,18 +92,6 @@ defmodule WandererApp.Map.Server.Impl do
         _ -> nil
       end)
 
-    acls_result =
-      Enum.find_value(results, fn
-        {:acls, result} -> result
-        _ -> nil
-      end)
-
-    characters_result =
-      Enum.find_value(results, fn
-        {:characters, result} -> result
-        _ -> nil
-      end)
-
     systems_result =
       Enum.find_value(results, fn
         {:systems, result} -> result
@@ -132,16 +112,12 @@ defmodule WandererApp.Map.Server.Impl do
 
     # Process results
     with {:ok, map} <- map_result,
-         {:ok, acls} <- acls_result,
-         {:ok, characters} <- characters_result,
          {:ok, systems} <- systems_result,
          {:ok, connections} <- connections_result,
          {:ok, subscription_settings} <- subscription_result do
       initial_state
       |> init_map(
         map,
-        acls,
-        characters,
         subscription_settings,
         systems,
         connections
@@ -153,7 +129,7 @@ defmodule WandererApp.Map.Server.Impl do
     end
   end
 
-  def start_map(%__MODULE__{map: map, acls: acls, map_id: map_id} = _state) do
+  def start_map(%__MODULE__{map: map, map_id: map_id} = _state) do
     WandererApp.Cache.insert("map_#{map_id}:started", false)
 
     # Check if map was loaded successfully
@@ -163,7 +139,7 @@ defmodule WandererApp.Map.Server.Impl do
         {:error, :map_not_loaded}
 
       map ->
-        with :ok <- AclsImpl.track_acls(acls |> Enum.map(& &1.access_list_id)) do
+        with :ok <- AclsImpl.track_acls(map.acls |> Enum.map(& &1.id)) do
           @pubsub_client.subscribe(
             WandererApp.PubSub,
             "maps:#{map_id}"
@@ -243,7 +219,6 @@ defmodule WandererApp.Map.Server.Impl do
   defdelegate update_system_status(map_id, update), to: SystemsImpl
   defdelegate update_system_tag(map_id, update), to: SystemsImpl
   defdelegate update_system_temporary_name(map_id, update), to: SystemsImpl
-  defdelegate update_system_custom_name(map_id, update), to: SystemsImpl
   defdelegate update_system_locked(map_id, update), to: SystemsImpl
   defdelegate update_system_labels(map_id, update), to: SystemsImpl
   defdelegate update_system_linked_sig_eve_id(map_id, update), to: SystemsImpl
@@ -313,57 +288,12 @@ defmodule WandererApp.Map.Server.Impl do
         acc |> Map.put_new(connection_id, connection_start_time)
       end)
 
-    # Create map state with retry logic for test scenarios
-    create_map_state_with_retry(
-      %{
-        map_id: map_id,
-        systems_last_activity: systems_last_activity,
-        connections_eol_time: connections_eol_time,
-        connections_start_time: connections_start_time
-      },
-      3
-    )
-  end
-
-  # Helper to create map state with retry logic for async tests
-  defp create_map_state_with_retry(attrs, retries_left) when retries_left > 0 do
-    case WandererApp.Api.MapState.create(attrs) do
-      {:ok, map_state} = result ->
-        result
-
-      {:error, %Ash.Error.Invalid{errors: errors}} = error ->
-        # Check if it's a foreign key constraint error
-        has_fkey_error =
-          Enum.any?(errors, fn
-            %Ash.Error.Changes.InvalidAttribute{private_vars: private_vars} ->
-              Enum.any?(private_vars, fn
-                {:constraint_type, :foreign_key} -> true
-                _ -> false
-              end)
-
-            _ ->
-              false
-          end)
-
-        if has_fkey_error and retries_left > 1 do
-          # In test environments with async tests, the parent map might not be
-          # visible yet due to sandbox timing. Brief retry with exponential backoff.
-          sleep_time = (4 - retries_left) * 15 + 10
-          Process.sleep(sleep_time)
-          create_map_state_with_retry(attrs, retries_left - 1)
-        else
-          # Return error if not a foreign key issue or out of retries
-          error
-        end
-
-      error ->
-        error
-    end
-  end
-
-  defp create_map_state_with_retry(attrs, 0) do
-    # Final attempt without retry
-    WandererApp.Api.MapState.create(attrs)
+    WandererApp.Api.MapState.create(%{
+      map_id: map_id,
+      systems_last_activity: systems_last_activity,
+      connections_eol_time: connections_eol_time,
+      connections_start_time: connections_start_time
+    })
   end
 
   def handle_event({:update_characters, map_id} = event) do
@@ -550,9 +480,7 @@ defmodule WandererApp.Map.Server.Impl do
 
   defp init_map(
          state,
-         %{id: map_id} = initial_map,
-         acls,
-         characters,
+         %{id: map_id, characters: characters} = initial_map,
          subscription_settings,
          systems,
          connections
@@ -581,7 +509,7 @@ defmodule WandererApp.Map.Server.Impl do
 
     WandererApp.Cache.insert("map_#{map_id}:invalidate_character_ids", character_ids)
 
-    %{state | map: map, acls: acls, map_opts: map_options(options)}
+    %{state | map: map, map_opts: map_options(options)}
   end
 
   def maybe_import_systems(

lib/wanderer_app/map/server/map_server_systems_impl.ex

@@ -106,7 +106,7 @@ defmodule WandererApp.Map.Server.SystemsImpl do
       ) do
     system =
       WandererApp.Map.find_system_by_location(map_id, %{
-        solar_system_id: solar_system_id
+        solar_system_id: solar_system_id |> String.to_integer()
       })
 
     {:ok, comment} =
@@ -118,7 +118,7 @@ defmodule WandererApp.Map.Server.SystemsImpl do
 
     comment =
       comment
-      |> Ash.load!([:character])
+      |> Ash.load!([:character, :system])
 
     Impl.broadcast!(map_id, :system_comment_added, %{
       solar_system_id: solar_system_id,
@@ -132,11 +132,9 @@ defmodule WandererApp.Map.Server.SystemsImpl do
         user_id,
         character_id
       ) do
-    {:ok, %{system_id: system_id} = comment} =
+    {:ok, %{system: system} = comment} =
       WandererApp.MapSystemCommentRepo.get_by_id(comment_id)
 
-    {:ok, system} = WandererApp.Api.MapSystem.by_id(system_id)
-
     :ok = WandererApp.MapSystemCommentRepo.destroy(comment)
 
     Impl.broadcast!(map_id, :system_comment_removed, %{
@@ -215,12 +213,6 @@ defmodule WandererApp.Map.Server.SystemsImpl do
       ),
       do: update_system(map_id, :update_temporary_name, [:temporary_name], update)
 
-  def update_system_custom_name(
-        map_id,
-        update
-      ),
-      do: update_system(map_id, :update_custom_name, [:custom_name], update)
-
   def update_system_locked(
         map_id,
         update
@@ -655,135 +647,104 @@ defmodule WandererApp.Map.Server.SystemsImpl do
          user_id,
          character_id
        ) do
-    # Verify the map exists in the database before attempting to create a system
-    # This prevents foreign key constraint errors when tests roll back transactions
-    with {:ok, _map} <- WandererApp.MapRepo.get(map_id),
-         {:ok, %{map_opts: map_opts}} <- WandererApp.Map.get_map_state(map_id) do
-      extra_info = system_info |> Map.get(:extra_info)
-      rtree_name = "rtree_#{map_id}"
+    extra_info = system_info |> Map.get(:extra_info)
+    rtree_name = "rtree_#{map_id}"
+    {:ok, %{map_opts: map_opts}} = WandererApp.Map.get_map_state(map_id)
 
-      %{"x" => x, "y" => y} =
-        coordinates
-        |> case do
-          %{"x" => x, "y" => y} ->
-            %{"x" => x, "y" => y}
+    %{"x" => x, "y" => y} =
+      coordinates
+      |> case do
+        %{"x" => x, "y" => y} ->
+          %{"x" => x, "y" => y}
 
-          _ ->
-            %{x: x, y: y} =
-              WandererApp.Map.PositionCalculator.get_new_system_position(nil, rtree_name, map_opts)
+        _ ->
+          %{x: x, y: y} =
+            WandererApp.Map.PositionCalculator.get_new_system_position(nil, rtree_name, map_opts)
 
-            %{"x" => x, "y" => y}
-        end
+          %{"x" => x, "y" => y}
+      end
 
-      system_result =
-        case WandererApp.MapSystemRepo.get_by_map_and_solar_system_id(map_id, solar_system_id) do
-          {:ok, existing_system} when not is_nil(existing_system) ->
-            use_old_coordinates = Map.get(system_info, :use_old_coordinates, false)
+    {:ok, system} =
+      case WandererApp.MapSystemRepo.get_by_map_and_solar_system_id(map_id, solar_system_id) do
+        {:ok, existing_system} when not is_nil(existing_system) ->
+          use_old_coordinates = Map.get(system_info, :use_old_coordinates, false)
 
-            if use_old_coordinates do
-              @ddrt.insert(
-                {solar_system_id,
-                 WandererApp.Map.PositionCalculator.get_system_bounding_rect(%{
-                   position_x: existing_system.position_x,
-                   position_y: existing_system.position_y
-                 })},
-                rtree_name
-              )
+          if use_old_coordinates do
+            @ddrt.insert(
+              {solar_system_id,
+               WandererApp.Map.PositionCalculator.get_system_bounding_rect(%{
+                 position_x: existing_system.position_x,
+                 position_y: existing_system.position_y
+               })},
+              rtree_name
+            )
 
-              existing_system
-              |> WandererApp.MapSystemRepo.update_visible(%{visible: true})
-            else
-              @ddrt.insert(
-                {solar_system_id,
-                 WandererApp.Map.PositionCalculator.get_system_bounding_rect(%{
-                   position_x: x,
-                   position_y: y
-                 })},
-                rtree_name
-              )
+            existing_system
+            |> WandererApp.MapSystemRepo.update_visible(%{visible: true})
+          else
+            @ddrt.insert(
+              {solar_system_id,
+               WandererApp.Map.PositionCalculator.get_system_bounding_rect(%{
+                 position_x: x,
+                 position_y: y
+               })},
+              rtree_name
+            )
 
-              existing_system
-              |> WandererApp.MapSystemRepo.update_position!(%{position_x: x, position_y: y})
-              |> WandererApp.MapSystemRepo.cleanup_labels!(map_opts)
-              |> WandererApp.MapSystemRepo.cleanup_tags!()
-              |> WandererApp.MapSystemRepo.cleanup_temporary_name!()
-              |> WandererApp.MapSystemRepo.cleanup_linked_sig_eve_id!()
-              |> maybe_update_extra_info(extra_info)
-              |> WandererApp.MapSystemRepo.update_visible(%{visible: true})
-            end
+            existing_system
+            |> WandererApp.MapSystemRepo.update_position!(%{position_x: x, position_y: y})
+            |> WandererApp.MapSystemRepo.cleanup_labels!(map_opts)
+            |> WandererApp.MapSystemRepo.cleanup_tags!()
+            |> WandererApp.MapSystemRepo.cleanup_temporary_name!()
+            |> WandererApp.MapSystemRepo.cleanup_linked_sig_eve_id!()
+            |> maybe_update_extra_info(extra_info)
+            |> WandererApp.MapSystemRepo.update_visible(%{visible: true})
+          end
 
-          _ ->
-            case WandererApp.CachedInfo.get_system_static_info(solar_system_id) do
-              {:ok, solar_system_info} ->
-                @ddrt.insert(
-                  {solar_system_id,
-                   WandererApp.Map.PositionCalculator.get_system_bounding_rect(%{
-                     position_x: x,
-                     position_y: y
-                   })},
-                  rtree_name
-                )
+        _ ->
+          {:ok, solar_system_info} =
+            WandererApp.CachedInfo.get_system_static_info(solar_system_id)
 
-                WandererApp.MapSystemRepo.create(%{
-                  map_id: map_id,
-                  solar_system_id: solar_system_id,
-                  name: solar_system_info.solar_system_name,
-                  position_x: x,
-                  position_y: y
-                })
-
-              {:error, reason} ->
-                Logger.error("Failed to get system static info for #{solar_system_id}: #{inspect(reason)}")
-                {:error, :system_info_not_found}
-            end
-        end
-
-      case system_result do
-        {:ok, system} ->
-          :ok = WandererApp.Map.add_system(map_id, system)
-
-          WandererApp.Cache.put(
-            "map_#{map_id}:system_#{system.id}:last_activity",
-            DateTime.utc_now(),
-            ttl: @system_inactive_timeout
+          @ddrt.insert(
+            {solar_system_id,
+             WandererApp.Map.PositionCalculator.get_system_bounding_rect(%{
+               position_x: x,
+               position_y: y
+             })},
+            rtree_name
           )
 
-          Impl.broadcast!(map_id, :add_system, system)
-
-          # ADDITIVE: Also broadcast to external event system (webhooks/WebSocket)
-          Logger.debug(fn ->
-            "SystemsImpl.do_add_system calling ExternalEvents.broadcast for map #{map_id}, system: #{solar_system_id}"
-          end)
-
-          WandererApp.ExternalEvents.broadcast(map_id, :add_system, %{
-            solar_system_id: system.solar_system_id,
-            position_x: system.position_x,
-            position_y: system.position_y
+          WandererApp.MapSystemRepo.create(%{
+            map_id: map_id,
+            solar_system_id: solar_system_id,
+            name: solar_system_info.solar_system_name,
+            position_x: x,
+            position_y: y
           })
-
-          track_add_system(map_id, user_id, character_id, system.solar_system_id)
-
-          :ok
-
-        {:error, reason} = error ->
-          Logger.error("Failed to add system #{solar_system_id} to map #{map_id}: #{inspect(reason)}")
-          error
       end
-    else
-      {:error, :not_found} ->
-        Logger.debug(fn ->
-          "Cannot add system #{solar_system_id} to map #{map_id}: map does not exist in database"
-        end)
 
-        {:error, :map_not_found}
+    :ok = WandererApp.Map.add_system(map_id, system)
 
-      error ->
-        Logger.error("Failed to verify map #{map_id} exists: #{inspect(error)}")
-        {:error, :map_verification_failed}
-    end
-  end
+    WandererApp.Cache.put(
+      "map_#{map_id}:system_#{system.id}:last_activity",
+      DateTime.utc_now(),
+      ttl: @system_inactive_timeout
+    )
+
+    Impl.broadcast!(map_id, :add_system, system)
+
+    # ADDITIVE: Also broadcast to external event system (webhooks/WebSocket)
+    Logger.debug(fn ->
+      "SystemsImpl.do_add_system calling ExternalEvents.broadcast for map #{map_id}, system: #{solar_system_id}"
+    end)
+
+    WandererApp.ExternalEvents.broadcast(map_id, :add_system, %{
+      solar_system_id: system.solar_system_id,
+      name: system.name,
+      position_x: system.position_x,
+      position_y: system.position_y
+    })
 
-  defp track_add_system(map_id, user_id, character_id, solar_system_id) do
     WandererApp.User.ActivityTracker.track_map_event(:system_added, %{
       character_id: character_id,
       user_id: user_id,
@@ -969,7 +930,6 @@ defmodule WandererApp.Map.Server.SystemsImpl do
     Impl.broadcast!(map_id, :update_system, updated_system)
 
     # ADDITIVE: Also broadcast to external event system (webhooks/WebSocket)
-    # This may fail if the relay is not available (e.g., in tests), which is fine
     WandererApp.ExternalEvents.broadcast(map_id, :system_metadata_changed, %{
       solar_system_id: updated_system.solar_system_id,
       name: updated_system.name,
@@ -978,7 +938,5 @@ defmodule WandererApp.Map.Server.SystemsImpl do
       description: updated_system.description,
       status: updated_system.status
     })
-
-    :ok
   end
 end

lib/wanderer_app/maps.ex

@@ -132,14 +132,9 @@ defmodule WandererApp.Maps do
     WandererApp.Cache.lookup!("map_characters-#{map_id}")
     |> case do
       nil ->
-        {:ok, acls} =
-          WandererApp.Api.MapAccessList.read_by_map(%{map_id: map_id},
-            load: [access_list: [:owner, :members]]
-          )
-
         map_acls =
-          acls
-          |> Enum.map(fn acl -> acl.access_list end)
+          map.acls
+          |> Enum.map(fn acl -> acl |> Ash.load!(:members) end)
 
         map_acl_owner_ids =
           map_acls
@@ -337,7 +332,9 @@ defmodule WandererApp.Maps do
   end
 
   def check_user_can_delete_map(map_slug, current_user) do
-    WandererApp.MapRepo.get_by_slug_with_permissions(map_slug, current_user)
+    map_slug
+    |> WandererApp.Api.Map.get_map_by_slug()
+    |> Ash.load([:owner, :acls, :user_permissions], actor: current_user)
     |> case do
       {:ok,
        %{

lib/wanderer_app/repositories/map_connection_repo.ex

@@ -97,17 +97,9 @@ defmodule WandererApp.MapConnectionRepo do
       |> WandererApp.Api.MapConnection.update_custom_info(update)
 
   def get_by_id(map_id, id) do
-    # Use read_by_map action which doesn't have the FilterConnectionsByActorMap preparation
-    # that was causing "filter being false" errors in tests
-    import Ash.Query
-
-    WandererApp.Api.MapConnection
-    |> Ash.Query.for_read(:read_by_map, %{map_id: map_id})
-    |> Ash.Query.filter(id == ^id)
-    |> Ash.read_one()
-    |> case do
-      {:ok, nil} -> {:error, :not_found}
-      {:ok, conn} -> {:ok, conn}
+    case WandererApp.Api.MapConnection.by_id(id) do
+      {:ok, conn} when conn.map_id == map_id -> {:ok, conn}
+      {:ok, _} -> {:error, :not_found}
       {:error, _} -> {:error, :not_found}
     end
   end

lib/wanderer_app/repositories/map_context_helper.ex

@@ -1,56 +0,0 @@
-defmodule WandererApp.Repositories.MapContextHelper do
-  @moduledoc """
-  Helper for providing map context to Ash actions from internal callers.
-
-  When InjectMapFromActor is used, internal callers (map duplication, seeds, etc.)
-  need a way to provide map context without going through token auth.
-  This helper creates a minimal map struct for the context.
-  """
-
-  @doc """
-  Build Ash context options from attributes containing map_id.
-
-  Returns a keyword list suitable for passing to Ash actions.
-  If attrs contains :map_id, creates a context with a minimal map struct.
-  If no map_id present, returns an empty list.
-
-  ## Examples
-
-      iex> MapContextHelper.build_context(%{map_id: "123", name: "System"})
-      [context: %{map: %{id: "123"}}]
-
-      iex> MapContextHelper.build_context(%{name: "System"})
-      []
-
-      iex> MapContextHelper.build_context(%{map_id: nil, name: "System"})
-      []
-  """
-  def build_context(attrs) when is_map(attrs) do
-    case Map.get(attrs, :map_id) do
-      nil -> []
-      map_id -> [context: %{map: %{id: map_id}}]
-    end
-  end
-
-  @doc """
-  Wraps an Ash action call with map context.
-
-  Deprecated: Use `build_context/1` instead for a simpler API.
-
-  ## Examples
-
-      # Deprecated callback-based approach
-      MapContextHelper.with_map_context(%{map_id: "123", name: "System"}, fn attrs, context ->
-        WandererApp.Api.MapSystem.create(attrs, context)
-      end)
-
-      # Preferred approach using build_context/1
-      context = MapContextHelper.build_context(attrs)
-      WandererApp.Api.MapSystem.create(attrs, context)
-  """
-  @deprecated "Use build_context/1 instead"
-  def with_map_context(attrs, fun) when is_map(attrs) and is_function(fun, 2) do
-    context = build_context(attrs)
-    fun.(attrs, context)
-  end
-end

lib/wanderer_app/repositories/map_repo.ex

@@ -26,20 +26,11 @@ defmodule WandererApp.MapRepo do
     end
   end
 
-  def get_by_slug_with_permissions(map_slug, current_user) do
-    map_slug
-    |> WandererApp.Api.Map.get_map_by_slug!()
-    |> Ash.load(
-      acls: [
-        :owner_id,
-        members: [:role, :eve_character_id, :eve_corporation_id, :eve_alliance_id]
-      ]
-    )
-    |> case do
-      {:ok, map_with_acls} -> Ash.load(map_with_acls, :user_permissions, actor: current_user)
-      error -> error
-    end
-  end
+  def get_by_slug_with_permissions(map_slug, current_user),
+    do:
+      map_slug
+      |> WandererApp.Api.Map.get_map_by_slug()
+      |> load_user_permissions(current_user)
 
   @doc """
   Safely retrieves a map by slug, handling the case where multiple maps
@@ -69,19 +60,13 @@ defmodule WandererApp.MapRepo do
             handle_multiple_results(slug, multiple_results_error, retry_count)
 
           :error ->
-            # Check if this is a no results error
-            if is_no_results_error?(error) do
-              Logger.debug("Map not found with slug: #{slug}")
-              {:error, :not_found}
-            else
-              # Some other Invalid error
-              Logger.error("Error retrieving map by slug",
-                slug: slug,
-                error: inspect(error)
-              )
+            # Some other Invalid error
+            Logger.error("Error retrieving map by slug",
+              slug: slug,
+              error: inspect(error)
+            )
 
-              {:error, :unknown_error}
-            end
+            {:error, :unknown_error}
         end
 
       error in Ash.Error.Query.NotFound ->
@@ -157,18 +142,17 @@ defmodule WandererApp.MapRepo do
     end)
   end
 
-  # Helper function to check if an error indicates no results were found
-  defp is_no_results_error?(%Ash.Error.Invalid{errors: errors}) do
-    # If errors list is empty, it's likely a no results error
-    Enum.empty?(errors)
-  end
-
-  defp is_no_results_error?(_), do: false
-
   def load_relationships(map, []), do: {:ok, map}
 
   def load_relationships(map, relationships), do: map |> Ash.load(relationships)
 
+  defp load_user_permissions({:ok, map}, current_user),
+    do:
+      map
+      |> Ash.load([:acls, :user_permissions], actor: current_user)
+
+  defp load_user_permissions(error, _current_user), do: error
+
   def update_hubs(map_id, hubs) do
     map_id
     |> WandererApp.Api.Map.by_id()

lib/wanderer_app/repositories/map_system_comment_repo.ex

@@ -4,10 +4,10 @@ defmodule WandererApp.MapSystemCommentRepo do
   require Logger
 
   def get_by_id(comment_id),
-    do: WandererApp.Api.MapSystemComment.by_id(comment_id)
+    do: WandererApp.Api.MapSystemComment.by_id!(comment_id) |> Ash.load([:system])
 
   def get_by_system(system_id),
-    do: WandererApp.Api.MapSystemComment.by_system_id(system_id, load: [:character])
+    do: WandererApp.Api.MapSystemComment.by_system_id(system_id)
 
   def create(comment), do: comment |> WandererApp.Api.MapSystemComment.create()
   def create!(comment), do: comment |> WandererApp.Api.MapSystemComment.create!()

lib/wanderer_app/repositories/map_system_repo.ex

@@ -1,11 +1,8 @@
 defmodule WandererApp.MapSystemRepo do
   use WandererApp, :repository
 
-  alias WandererApp.Repositories.MapContextHelper
-
   def create(system) do
-    context = MapContextHelper.build_context(system)
-    WandererApp.Api.MapSystem.create(system, context)
+    system |> WandererApp.Api.MapSystem.create()
   end
 
   def upsert(system) do
@@ -13,15 +10,12 @@ defmodule WandererApp.MapSystemRepo do
   end
 
   def get_by_map_and_solar_system_id(map_id, solar_system_id) do
-    WandererApp.Api.MapSystem.read_by_map_and_solar_system(%{
-      map_id: map_id,
-      solar_system_id: solar_system_id
-    })
+    WandererApp.Api.MapSystem.by_map_id_and_solar_system_id(map_id, solar_system_id)
     |> case do
       {:ok, system} ->
         {:ok, system}
 
-      _error ->
+      _ ->
         {:error, :not_found}
     end
   end
@@ -129,16 +123,10 @@ defmodule WandererApp.MapSystemRepo do
       system
       |> WandererApp.Api.MapSystem.update_description(update)
 
-  def update_locked(system, update) do
-    case WandererApp.Api.MapSystem.update_locked(system, update) do
-      {:error, %Ash.Error.Invalid{errors: [%Ash.Error.Changes.StaleRecord{}]}} ->
-        WandererApp.Api.MapSystem.by_id!(system.id)
-        |> WandererApp.Api.MapSystem.update_locked(update)
-
-      {:ok, system} ->
-        {:ok, system}
-    end
-  end
+  def update_locked(system, update),
+    do:
+      system
+      |> WandererApp.Api.MapSystem.update_locked(update)
 
   def update_status(system, update),
     do:
@@ -155,11 +143,6 @@ defmodule WandererApp.MapSystemRepo do
     |> WandererApp.Api.MapSystem.update_temporary_name(update)
   end
 
-  def update_custom_name(system, update) do
-    system
-    |> WandererApp.Api.MapSystem.update_custom_name(update)
-  end
-
   def update_labels(system, update),
     do:
       system

lib/wanderer_app/security_audit.ex

@@ -501,16 +501,13 @@ defmodule WandererApp.SecurityAudit do
     # Ensure event_type is properly formatted
     event_type = normalize_event_type(audit_entry.event_type)
 
-    # Generate unique entity_id to avoid constraint violations
-    entity_id = generate_entity_id(audit_entry.session_id)
-
     attrs = %{
-      entity_id: entity_id,
+      user_id: audit_entry.user_id,
+      character_id: nil,
+      entity_id: hash_identifier(audit_entry.session_id),
       entity_type: :security_event,
       event_type: event_type,
-      event_data: encode_event_data(audit_entry),
-      user_id: audit_entry.user_id,
-      character_id: nil
+      event_data: encode_event_data(audit_entry)
     }
 
     case UserActivity.new(attrs) do
@@ -622,13 +619,8 @@ defmodule WandererApp.SecurityAudit do
   defp convert_datetime(%NaiveDateTime{} = dt), do: NaiveDateTime.to_iso8601(dt)
   defp convert_datetime(value), do: value
 
-  defp generate_entity_id(session_id \\ nil) do
-    if session_id do
-      # Include high-resolution timestamp and unique component for guaranteed uniqueness
-      "#{hash_identifier(session_id)}_#{:os.system_time(:microsecond)}_#{System.unique_integer([:positive])}"
-    else
-      "audit_#{:os.system_time(:microsecond)}_#{System.unique_integer([:positive])}"
-    end
+  defp generate_entity_id do
+    "audit_#{DateTime.utc_now() |> DateTime.to_unix(:microsecond)}_#{System.unique_integer([:positive])}"
   end
 
   defp async_enabled? do

lib/wanderer_app/security_audit/async_processor.ex

@@ -88,21 +88,20 @@ defmodule WandererApp.SecurityAudit.AsyncProcessor do
   def handle_cast({:log_event, audit_entry}, state) do
     # Add to buffer
     buffer = [audit_entry | state.buffer]
-    buf_len = length(buffer)
 
     # Update stats
     stats = Map.update!(state.stats, :events_processed, &(&1 + 1))
 
     # Check if we need to flush
     cond do
-      buf_len >= state.batch_size ->
+      length(buffer) >= state.batch_size ->
         # Flush immediately if batch size reached
         {:noreply, do_flush(%{state | buffer: buffer, stats: stats})}
 
-      buf_len >= @max_buffer_size ->
+      length(buffer) >= @max_buffer_size ->
         # Force flush if max buffer size reached
         Logger.warning("Security audit buffer overflow, forcing flush",
-          buffer_size: buf_len,
+          buffer_size: length(buffer),
           max_size: @max_buffer_size
         )
 
@@ -187,66 +186,23 @@ defmodule WandererApp.SecurityAudit.AsyncProcessor do
         # Clear buffer
         %{state | buffer: [], stats: stats}
 
-      {:partial, success_count, failed_events} ->
-        failed_count = length(failed_events)
-
-        Logger.warning(
-          "Partial flush: stored #{success_count}, failed #{failed_count} audit events",
-          success_count: success_count,
-          failed_count: failed_count,
-          buffer_size: length(state.buffer)
-        )
-
-        # Emit telemetry for monitoring
-        :telemetry.execute(
-          [:wanderer_app, :security_audit, :async_flush_partial],
-          %{success_count: success_count, failed_count: failed_count},
-          %{}
-        )
-
-        # Update stats - count partial flush as both success and error
-        stats =
-          state.stats
-          |> Map.update!(:batches_flushed, &(&1 + 1))
-          |> Map.update!(:errors, &(&1 + 1))
-          |> Map.put(:last_flush, DateTime.utc_now())
-
-        # Extract just the events from failed_events tuples
-        failed_only = Enum.map(failed_events, fn {event, _reason} -> event end)
-
-        remaining_buffer = Enum.reject(state.buffer, fn ev -> ev in failed_only end)
-
-        # Re-buffer failed events at the front, preserving newest-first ordering
-        # Reverse failed_only since flush reversed the buffer to oldest-first
-        new_buffer = Enum.reverse(failed_only) ++ remaining_buffer
-        buffer = handle_buffer_overflow(new_buffer, @max_buffer_size)
-
-        %{state | buffer: buffer, stats: stats}
-
-      {:error, failed_events} ->
-        failed_count = length(failed_events)
-
-        Logger.error("Failed to flush all #{failed_count} security audit events",
-          failed_count: failed_count,
-          buffer_size: length(state.buffer)
-        )
-
-        # Emit telemetry for monitoring
-        :telemetry.execute(
-          [:wanderer_app, :security_audit, :async_flush_failure],
-          %{count: 1, event_count: failed_count},
-          %{}
+      {:error, reason} ->
+        Logger.error("Failed to flush security audit events",
+          reason: inspect(reason),
+          event_count: length(events)
         )
 
         # Update error stats
         stats = Map.update!(state.stats, :errors, &(&1 + 1))
 
-        # Extract just the events from failed_events tuples
-        failed_only = Enum.map(failed_events, fn {event, _reason} -> event end)
-
-        # Since ALL events failed, the new buffer should only contain the failed events
-        # Reverse to maintain newest-first ordering (flush reversed to oldest-first)
-        buffer = handle_buffer_overflow(Enum.reverse(failed_only), @max_buffer_size)
+        # Implement backoff - keep events in buffer but don't grow indefinitely
+        buffer =
+          if length(state.buffer) > @max_buffer_size do
+            Logger.warning("Dropping oldest audit events due to repeated flush failures")
+            Enum.take(state.buffer, @max_buffer_size)
+          else
+            state.buffer
+          end
 
         %{state | buffer: buffer, stats: stats}
     end
@@ -257,100 +213,34 @@ defmodule WandererApp.SecurityAudit.AsyncProcessor do
     events
     # Ash bulk operations work better with smaller chunks
     |> Enum.chunk_every(50)
-    |> Enum.reduce({0, []}, fn chunk, {total_success, all_failed} ->
+    |> Enum.reduce_while({:ok, 0}, fn chunk, {:ok, count} ->
       case store_event_chunk(chunk) do
         {:ok, chunk_count} ->
-          {total_success + chunk_count, all_failed}
+          {:cont, {:ok, count + chunk_count}}
 
-        {:partial, chunk_count, failed_events} ->
-          {total_success + chunk_count, all_failed ++ failed_events}
-
-        {:error, failed_events} ->
-          {total_success, all_failed ++ failed_events}
-      end
-    end)
-    |> then(fn {success_count, failed_events_list} ->
-      # Derive the final return shape based on results
-      cond do
-        failed_events_list == [] ->
-          {:ok, success_count}
-
-        success_count == 0 ->
-          {:error, failed_events_list}
-
-        true ->
-          {:partial, success_count, failed_events_list}
+        {:error, _} = error ->
+          {:halt, error}
       end
     end)
   end
 
-  defp handle_buffer_overflow(buffer, max_size) when length(buffer) > max_size do
-    dropped = length(buffer) - max_size
-
-    Logger.warning(
-      "Dropping #{dropped} oldest audit events due to buffer overflow",
-      buffer_size: length(buffer),
-      max_size: max_size
-    )
-
-    # Emit telemetry for dropped events
-    :telemetry.execute(
-      [:wanderer_app, :security_audit, :events_dropped],
-      %{count: dropped},
-      %{}
-    )
-
-    # Keep the newest events (take from the front since buffer is newest-first)
-    Enum.take(buffer, max_size)
-  end
-
-  defp handle_buffer_overflow(buffer, _max_size), do: buffer
-
   defp store_event_chunk(events) do
-    # Process each event and partition results
-    {successes, failures} =
-      events
-      |> Enum.map(fn event ->
-        case SecurityAudit.do_store_audit_entry(event) do
-          :ok ->
-            {:ok, event}
-
-          {:error, reason} ->
-            Logger.error("Failed to store individual audit event",
-              error: inspect(reason),
-              event_type: Map.get(event, :event_type),
-              user_id: Map.get(event, :user_id)
-            )
-
-            {:error, {event, reason}}
-        end
-      end)
-      |> Enum.split_with(fn
-        {:ok, _} -> true
-        {:error, _} -> false
+    # Transform events to Ash attributes
+    records =
+      Enum.map(events, fn event ->
+        SecurityAudit.do_store_audit_entry(event)
       end)
 
-    successful_count = length(successes)
-    failed_count = length(failures)
+    # Count successful stores
+    successful =
+      Enum.count(records, fn
+        :ok -> true
+        _ -> false
+      end)
 
-    # Extract failed events with reasons
-    failed_events = Enum.map(failures, fn {:error, event_reason} -> event_reason end)
-
-    # Log if some events failed (telemetry will be emitted at flush level)
-    if failed_count > 0 do
-      Logger.debug("Chunk processing: #{failed_count} of #{length(events)} events failed")
-    end
-
-    # Return richer result shape
-    cond do
-      successful_count == 0 ->
-        {:error, failed_events}
-
-      failed_count > 0 ->
-        {:partial, successful_count, failed_events}
-
-      true ->
-        {:ok, successful_count}
-    end
+    {:ok, successful}
+  rescue
+    error ->
+      {:error, error}
   end
 end

lib/wanderer_app_web/api_spec_v1.ex

@@ -12,16 +12,11 @@ defmodule WandererAppWeb.ApiSpecV1 do
     # Get the base spec from the original
     base_spec = WandererAppWeb.ApiSpec.spec()
 
-    # Get v1 spec
+    # Get v1 spec 
     v1_spec = WandererAppWeb.OpenApiV1Spec.spec()
 
-    # Tag legacy paths and v1 paths appropriately
-    tagged_legacy_paths = tag_paths(base_spec.paths || %{}, "Legacy API")
-    # v1 paths already have tags from AshJsonApi, keep them as-is
-    v1_paths = v1_spec.paths || %{}
-
     # Merge the specs
-    merged_paths = Map.merge(tagged_legacy_paths, v1_paths)
+    merged_paths = Map.merge(base_spec.paths || %{}, v1_spec.paths || %{})
 
     # Merge components
     merged_components = %Components{
@@ -89,53 +84,11 @@ defmodule WandererAppWeb.ApiSpecV1 do
     # Get tags from v1 spec if available
     spec_tags = Map.get(v1_spec, :tags, [])
 
-    base_tags ++ spec_tags
+    # Add custom v1 tags
+    v1_label_tags = [
+      %{name: "v1 JSON:API", description: "JSON:API compliant endpoints with advanced querying"}
+    ]
+
+    base_tags ++ v1_label_tags ++ spec_tags
   end
-
-  # Tag all operations in paths with the given tag
-  defp tag_paths(paths, tag) when is_map(paths) do
-    Map.new(paths, fn {path, path_item} ->
-      {path, tag_path_item(path_item, tag)}
-    end)
-  end
-
-  # Handle OpenApiSpex.PathItem structs
-  defp tag_path_item(%OpenApiSpex.PathItem{} = path_item, tag) do
-    path_item
-    |> maybe_tag_operation(:get, tag)
-    |> maybe_tag_operation(:put, tag)
-    |> maybe_tag_operation(:post, tag)
-    |> maybe_tag_operation(:delete, tag)
-    |> maybe_tag_operation(:patch, tag)
-    |> maybe_tag_operation(:options, tag)
-    |> maybe_tag_operation(:head, tag)
-  end
-
-  # Handle plain maps (from AshJsonApi)
-  defp tag_path_item(path_item, tag) when is_map(path_item) do
-    Map.new(path_item, fn {method, operation} ->
-      {method, add_tag_to_operation(operation, tag)}
-    end)
-  end
-
-  defp tag_path_item(path_item, _tag), do: path_item
-
-  defp maybe_tag_operation(path_item, method, tag) do
-    case Map.get(path_item, method) do
-      nil -> path_item
-      operation -> Map.put(path_item, method, add_tag_to_operation(operation, tag))
-    end
-  end
-
-  defp add_tag_to_operation(%OpenApiSpex.Operation{} = operation, tag) do
-    %{operation | tags: [tag | List.wrap(operation.tags)]}
-  end
-
-  defp add_tag_to_operation(%{} = operation, tag) do
-    Map.update(operation, :tags, [tag], fn existing_tags ->
-      [tag | List.wrap(existing_tags)]
-    end)
-  end
-
-  defp add_tag_to_operation(operation, _tag), do: operation
 end

lib/wanderer_app_web/api_v1_router.ex

@@ -6,12 +6,5 @@ defmodule WandererAppWeb.ApiV1Router do
     json_schema: "/json_schema",
     open_api_title: "WandererApp v1 JSON:API",
     open_api_version: "1.0.0",
-    modify_open_api: {WandererAppWeb.OpenApi, :spec, []},
-    modify_conn: {__MODULE__, :add_context, []}
-
-  def add_context(conn, _resource) do
-    # Actor is set by CheckJsonApiAuth using Ash.PlugHelpers.set_actor/2
-    # The actor (ActorWithMap) is passed to Ash actions automatically
-    conn
-  end
+    modify_open_api: {WandererAppWeb.OpenApi, :spec, []}
 end

lib/wanderer_app_web/controllers/api/events_controller.ex

@@ -3,37 +3,6 @@ defmodule WandererAppWeb.Api.EventsController do
   Controller for Server-Sent Events (SSE) streaming.
 
   Provides real-time event streaming for map updates to external clients.
-
-  ## Error Handling
-
-  All error responses use structured JSON format for consistency with the API:
-
-      {
-        "error": "Human-readable error message",
-        "code": "MACHINE_READABLE_CODE",
-        "status": 403
-      }
-
-  ## Error Codes
-
-  - `SSE_GLOBALLY_DISABLED` - SSE disabled in server configuration
-  - `SSE_DISABLED_FOR_MAP` - SSE disabled for this specific map
-  - `SUBSCRIPTION_REQUIRED` - Active subscription required (Enterprise mode)
-  - `MAP_NOT_FOUND` - Requested map does not exist
-  - `UNAUTHORIZED` - Invalid or missing API key
-  - `MAP_CONNECTION_LIMIT` - Too many concurrent connections to this map
-  - `API_KEY_CONNECTION_LIMIT` - Too many connections for this API key
-  - `INTERNAL_SERVER_ERROR` - Unexpected server error
-
-  ## Access Control
-
-  SSE connections require:
-  1. Valid API key (Bearer token)
-  2. SSE enabled globally (server config)
-  3. SSE enabled for the specific map
-  4. Active subscription (Enterprise mode only)
-
-  See `WandererApp.ExternalEvents.SseAccessControl` for details.
   """
 
   use WandererAppWeb, :controller
@@ -59,55 +28,25 @@ defmodule WandererAppWeb.Api.EventsController do
   - format: Event format - "legacy" (default) or "jsonapi" for JSON:API compliance
   """
   def stream(conn, %{"map_identifier" => map_identifier} = params) do
-    case validate_api_key(conn, map_identifier) do
-      {:ok, map, api_key} ->
-        case WandererApp.ExternalEvents.SseAccessControl.sse_allowed?(map.id) do
-          :ok ->
-            establish_sse_connection(conn, map.id, api_key, params)
+    Logger.debug(fn -> "SSE stream requested for map #{map_identifier}" end)
 
-          {:error, :sse_globally_disabled} ->
-            send_sse_error(
-              conn,
-              503,
-              "Server-Sent Events are disabled on this server",
-              "SSE_GLOBALLY_DISABLED"
-            )
+    # Check if SSE is enabled
+    unless WandererApp.Env.sse_enabled?() do
+      conn
+      |> put_status(:service_unavailable)
+      |> put_resp_content_type("text/plain")
+      |> send_resp(503, "Server-Sent Events are disabled on this server")
+    else
+      # Validate API key and get map
+      case validate_api_key(conn, map_identifier) do
+        {:ok, map, api_key} ->
+          establish_sse_connection(conn, map.id, api_key, params)
 
-          {:error, :sse_disabled_for_map} ->
-            send_sse_error(
-              conn,
-              403,
-              "Server-Sent Events are disabled for this map",
-              "SSE_DISABLED_FOR_MAP"
-            )
-
-          {:error, :subscription_required} ->
-            send_sse_error(
-              conn,
-              402,
-              "Active subscription required for Server-Sent Events",
-              "SUBSCRIPTION_REQUIRED"
-            )
-
-          {:error, _reason} ->
-            send_sse_error(
-              conn,
-              403,
-              "Server-Sent Events not available",
-              "SSE_NOT_AVAILABLE"
-            )
-        end
-
-      {:error, status, message} ->
-        # Map validation errors to appropriate codes
-        code =
-          case status do
-            401 -> "UNAUTHORIZED"
-            404 -> "MAP_NOT_FOUND"
-            _ -> "SSE_ERROR"
-          end
-
-        send_sse_error(conn, status, message, code)
+        {:error, status, message} ->
+          conn
+          |> put_status(status)
+          |> json(%{error: message})
+      end
     end
   end
 
@@ -166,24 +105,27 @@ defmodule WandererAppWeb.Api.EventsController do
         stream_events(conn, map_id, api_key, event_filter, event_format)
 
       {:error, :map_limit_exceeded} ->
-        send_sse_error(
-          conn,
-          429,
-          "Too many connections to this map",
-          "MAP_CONNECTION_LIMIT"
-        )
+        conn
+        |> put_status(:too_many_requests)
+        |> json(%{
+          error: "Too many connections to this map",
+          code: "MAP_CONNECTION_LIMIT"
+        })
 
       {:error, :api_key_limit_exceeded} ->
-        send_sse_error(
-          conn,
-          429,
-          "Too many connections for this API key",
-          "API_KEY_CONNECTION_LIMIT"
-        )
+        conn
+        |> put_status(:too_many_requests)
+        |> json(%{
+          error: "Too many connections for this API key",
+          code: "API_KEY_CONNECTION_LIMIT"
+        })
 
       {:error, reason} ->
         Logger.error("Failed to add SSE client: #{inspect(reason)}")
-        send_sse_error(conn, 500, "Internal server error", "INTERNAL_SERVER_ERROR")
+
+        conn
+        |> put_status(:internal_server_error)
+        |> send_resp(500, "Internal server error")
     end
   end
 
@@ -347,19 +289,19 @@ defmodule WandererAppWeb.Api.EventsController do
     else
       [] ->
         Logger.warning("Missing or invalid 'Bearer' token")
-        {:error, 401, "Missing or invalid 'Bearer' token"}
+        {:error, :unauthorized, "Missing or invalid 'Bearer' token"}
 
       {:error, :not_found} ->
         Logger.warning("Map not found: #{map_identifier}")
-        {:error, 404, "Map not found"}
+        {:error, :not_found, "Map not found"}
 
       false ->
         Logger.warning("Unauthorized: invalid token for map #{map_identifier}")
-        {:error, 401, "Unauthorized (invalid token for map)"}
+        {:error, :unauthorized, "Unauthorized (invalid token for map)"}
 
       error ->
         Logger.error("Unexpected error validating API key: #{inspect(error)}")
-        {:error, 500, "Unexpected error"}
+        {:error, :internal_server_error, "Unexpected error"}
     end
   end
 
@@ -379,25 +321,6 @@ defmodule WandererAppWeb.Api.EventsController do
     end
   end
 
-  # Sends a structured JSON error response for SSE connection failures.
-  #
-  # Returns consistent JSON format matching the rest of the API:
-  # - error: Human-readable error message
-  # - code: Machine-readable error code for programmatic handling
-  # - status: HTTP status code
-  #
-  # This maintains API consistency and makes it easier for clients to
-  # handle errors programmatically.
-  defp send_sse_error(conn, status, message, code) do
-    conn
-    |> put_status(status)
-    |> json(%{
-      error: message,
-      code: code,
-      status: status
-    })
-  end
-
   # SSE helper functions
 
   defp send_headers(conn) do

lib/wanderer_app_web/controllers/map_api_controller.ex

@@ -1320,9 +1320,9 @@ defmodule WandererAppWeb.MapAPIController do
           errors:
             Enum.map(error.errors, fn err ->
               %{
-                field: Map.get(err, :field) || Map.get(err, :input),
-                message: Map.get(err, :message, "Unknown error"),
-                value: Map.get(err, :value)
+                field: err.field,
+                message: err.message,
+                value: err.value
               }
             end)
         })

lib/wanderer_app_web/controllers/map_audit_api_controller.ex

@@ -115,7 +115,7 @@ defmodule WandererAppWeb.MapAuditAPIController do
          {:ok, period} <- APIUtils.require_param(params, "period"),
          query <- WandererApp.Map.Audit.get_map_activity_query(map_id, period, "all"),
          {:ok, data} <-
-           Ash.read(query, read_opts()) do
+           Ash.read(query) do
       data = Enum.map(data, &map_audit_event_to_json/1)
       json(conn, %{data: data})
     else
@@ -131,18 +131,6 @@ defmodule WandererAppWeb.MapAuditAPIController do
     end
   end
 
-  # In test environment, disable concurrency to avoid Ecto Sandbox ownership issues
-  # In production, allow concurrent loading for better performance
-  defp read_opts do
-    base_opts = [authorize?: false]
-
-    if Application.get_env(:wanderer_app, :sql_sandbox) do
-      Keyword.put(base_opts, :max_concurrency, 0)
-    else
-      base_opts
-    end
-  end
-
   defp map_audit_event_to_json(
          %{event_type: event_type, event_data: event_data, character: character} = event
        ) do

lib/wanderer_app_web/controllers/map_connection_api_controller.ex

@@ -11,7 +11,7 @@ defmodule WandererAppWeb.MapConnectionAPIController do
   require Logger
 
   alias OpenApiSpex.Schema
-  alias WandererApp.MapConnectionRepo
+  alias WandererApp.Map, as: MapData
   alias WandererApp.Map.Operations
   alias WandererAppWeb.Helpers.APIUtils
   alias WandererAppWeb.Schemas.ResponseSchemas
@@ -180,8 +180,9 @@ defmodule WandererAppWeb.MapConnectionAPIController do
 
   def index(%{assigns: %{map_id: map_id}} = conn, params) do
     with {:ok, src_filter} <- parse_optional(params, "solar_system_source"),
-         {:ok, tgt_filter} <- parse_optional(params, "solar_system_target"),
-         {:ok, conns} <- MapConnectionRepo.get_by_map(map_id) do
+         {:ok, tgt_filter} <- parse_optional(params, "solar_system_target") do
+      conns = MapData.list_connections!(map_id)
+
       conns =
         conns
         |> filter_by_source(src_filter)

lib/wanderer_app_web/controllers/map_system_api_controller.ex

@@ -44,11 +44,6 @@ defmodule WandererAppWeb.MapSystemAPIController do
     delete(conn, params)
   end
 
-  def delete_single(conn, params) do
-    # Delegate to existing delete action for compatibility
-    delete(conn, params)
-  end
-
   # -- JSON Schemas --
   @map_system_schema %Schema{
     type: :object,
@@ -536,67 +531,18 @@ defmodule WandererAppWeb.MapSystemAPIController do
   )
 
   def update(conn, %{"id" => id} = params) do
-    # Support both solar_system_id (integer) and system.id (UUID)
-    with {:ok, system_identifier} <- parse_system_identifier(id),
+    with {:ok, solar_system_id} <- APIUtils.parse_int(id),
          {:ok, attrs} <- APIUtils.extract_update_params(params) do
-      case system_identifier do
-        {:solar_system_id, solar_system_id} ->
-          case Operations.update_system(conn, solar_system_id, attrs) do
-            {:ok, result} ->
-              APIUtils.respond_data(conn, result)
+      case Operations.update_system(conn, solar_system_id, attrs) do
+        {:ok, result} ->
+          APIUtils.respond_data(conn, result)
 
-            error ->
-              error
-          end
-
-        {:system_id, system_uuid} ->
-          # Handle update by system UUID
-          map_id = conn.assigns[:map_id]
-
-          case WandererApp.Api.MapSystem.by_id(system_uuid) do
-            {:ok, system} when system.map_id == map_id ->
-              case Operations.update_system(conn, system.solar_system_id, attrs) do
-                {:ok, result} ->
-                  APIUtils.respond_data(conn, result)
-
-                error ->
-                  error
-              end
-
-            {:ok, _system} ->
-              {:error, :not_found}
-
-            {:error, _} ->
-              {:error, :not_found}
-          end
+        error ->
+          error
       end
     end
   end
 
-  defp parse_system_identifier(id) when is_binary(id) do
-    case Ecto.UUID.cast(id) do
-      {:ok, uuid} ->
-        {:ok, {:system_id, uuid}}
-
-      :error ->
-        case APIUtils.parse_int(id) do
-          {:ok, solar_system_id} ->
-            {:ok, {:solar_system_id, solar_system_id}}
-
-          {:error, msg} ->
-            {:error, msg}
-        end
-    end
-  end
-
-  defp parse_system_identifier(id) when is_integer(id) do
-    {:ok, {:solar_system_id, id}}
-  end
-
-  defp parse_system_identifier(_id) do
-    {:error, "Invalid system identifier"}
-  end
-
   operation(:delete_batch,
     summary: "Batch Delete Systems and Connections",
     parameters: [
@@ -670,22 +616,6 @@ defmodule WandererAppWeb.MapSystemAPIController do
     responses: ResponseSchemas.standard_responses(@delete_response_schema)
   )
 
-  # Batch delete - handles both system_ids and connection_ids
-  def delete(conn, %{"system_ids" => _system_ids} = params) do
-    system_ids = Map.get(params, "system_ids", [])
-    connection_ids = Map.get(params, "connection_ids", [])
-
-    # For now, return a simple response
-    # This should be implemented properly to actually delete the systems/connections
-    deleted_count = length(system_ids) + length(connection_ids)
-
-    APIUtils.respond_data(conn, %{
-      deleted_count: deleted_count,
-      deleted_systems: length(system_ids),
-      deleted_connections: length(connection_ids)
-    })
-  end
-
   def delete(conn, %{"id" => id}) do
     with {:ok, sid} <- APIUtils.parse_int(id),
          {:ok, _} <- Operations.delete_system(conn, sid) do
@@ -712,16 +642,6 @@ defmodule WandererAppWeb.MapSystemAPIController do
     end
   end
 
-  # Catch-all clause for delete with missing or invalid parameters
-  def delete(conn, _params) do
-    conn
-    |> put_status(:bad_request)
-    |> APIUtils.respond_data(%{
-      deleted_count: 0,
-      error: "Missing required parameters: system_ids or id"
-    })
-  end
-
   # -- Legacy endpoints --
 
   operation(:list_systems,

lib/wanderer_app_web/controllers/plugs/check_json_api_auth.ex

@@ -13,19 +13,10 @@ defmodule WandererAppWeb.Plugs.CheckJsonApiAuth do
 
   import Plug.Conn
 
+  alias Plug.Crypto
   alias WandererApp.Api.User
-  alias WandererApp.Api.ActorWithMap
   alias WandererApp.SecurityAudit
   alias WandererApp.Audit.RequestContext
-  alias Ash.PlugHelpers
-
-  # Error messages for different failure reasons
-  @error_messages %{
-    map_owner_not_found: "Authentication failed",
-    invalid_token: "Authentication failed",
-    missing_auth_header: "Missing or invalid authorization header",
-    invalid_session: "Invalid session"
-  }
 
   def init(opts), do: opts
 
@@ -48,13 +39,9 @@ defmodule WandererAppWeb.Plugs.CheckJsonApiAuth do
           %{auth_type: get_auth_type(conn), result: "success"}
         )
 
-        # Wrap user and map together as actor for Ash
-        actor = ActorWithMap.new(user, map)
-
         conn
         |> assign(:current_user, user)
         |> assign(:current_user_role, get_user_role(user))
-        |> PlugHelpers.set_actor(actor)
         |> maybe_assign_map(map)
 
       {:ok, user} ->
@@ -73,23 +60,16 @@ defmodule WandererAppWeb.Plugs.CheckJsonApiAuth do
           %{auth_type: get_auth_type(conn), result: "success"}
         )
 
-        # Wrap user with nil map as actor for Ash (session auth has no map context)
-        actor = ActorWithMap.new(user, nil)
-
         conn
         |> assign(:current_user, user)
         |> assign(:current_user_role, get_user_role(user))
-        |> PlugHelpers.set_actor(actor)
 
-      {:error, reason} when is_atom(reason) ->
-        # Error handling with atom reasons
+      {:error, reason} when is_binary(reason) ->
+        # Legacy error handling for simple string errors
         end_time = System.monotonic_time(:millisecond)
         duration = end_time - start_time
 
-        # Get user-facing message from error messages map
-        message = Map.get(@error_messages, reason, "Authentication failed")
-
-        # Log failed authentication with detailed internal reason
+        # Log failed authentication
         request_details = extract_request_details(conn)
 
         SecurityAudit.log_auth_event(
@@ -108,7 +88,37 @@ defmodule WandererAppWeb.Plugs.CheckJsonApiAuth do
         conn
         |> put_status(:unauthorized)
         |> put_resp_content_type("application/json")
-        |> send_resp(401, Jason.encode!(%{error: message}))
+        |> send_resp(401, Jason.encode!(%{error: reason}))
+        |> halt()
+
+      {:error, external_message, internal_reason} ->
+        # New error handling with separate internal and external messages
+        end_time = System.monotonic_time(:millisecond)
+        duration = end_time - start_time
+
+        # Log failed authentication with detailed internal reason
+        request_details = extract_request_details(conn)
+
+        SecurityAudit.log_auth_event(
+          :auth_failure,
+          nil,
+          Map.merge(request_details, %{
+            failure_reason: internal_reason,
+            external_message: external_message
+          })
+        )
+
+        # Emit failed authentication event
+        :telemetry.execute(
+          [:wanderer_app, :json_api, :auth],
+          %{count: 1, duration: duration},
+          %{auth_type: get_auth_type(conn), result: "failure"}
+        )
+
+        conn
+        |> put_status(:unauthorized)
+        |> put_resp_content_type("application/json")
+        |> send_resp(401, Jason.encode!(%{error: external_message}))
         |> halt()
     end
   end
@@ -123,7 +133,7 @@ defmodule WandererAppWeb.Plugs.CheckJsonApiAuth do
       user_id ->
         case User.by_id(user_id, load: :characters) do
           {:ok, user} -> {:ok, user}
-          {:error, _} -> {:error, :invalid_session}
+          {:error, _} -> {:error, "Invalid session"}
         end
     end
   end
@@ -134,25 +144,89 @@ defmodule WandererAppWeb.Plugs.CheckJsonApiAuth do
         validate_api_token(conn, token)
 
       _ ->
-        {:error, :missing_auth_header}
+        {:error, "Missing or invalid authorization header"}
     end
   end
 
-  defp validate_api_token(_conn, token) do
-    # Token determines map - no need to check request params
-    find_map_by_token(token)
+  defp validate_api_token(conn, token) do
+    # Try to get map identifier from multiple sources
+    map_identifier = get_map_identifier(conn)
+
+    case map_identifier do
+      nil ->
+        # No map identifier found - this might be a general API endpoint
+        {:error, "Authentication failed", :no_map_context}
+
+      identifier ->
+        # Resolve the identifier (could be UUID or slug)
+        case resolve_map_identifier(identifier) do
+          {:ok, map} ->
+            # Validate the token matches this specific map's API key
+            if is_binary(map.public_api_key) &&
+                 Crypto.secure_compare(map.public_api_key, token) do
+              # Get the map owner
+              case User.by_id(map.owner.user_id, load: :characters) do
+                {:ok, user} ->
+                  {:ok, user, map}
+
+                {:error, _error} ->
+                  {:error, "Authentication failed", :map_owner_not_found}
+              end
+            else
+              {:error, "Authentication failed", :invalid_token_for_map}
+            end
+
+          {:error, _} ->
+            {:error, "Authentication failed", :map_not_found}
+        end
+    end
   end
 
-  defp find_map_by_token(token) do
-    case WandererApp.Api.Map.by_api_key(token, load: :owner) do
-      {:ok, map} ->
-        case User.by_id(map.owner.user_id, load: :characters) do
-          {:ok, user} -> {:ok, user, map}
-          _ -> {:error, :map_owner_not_found}
-        end
+  # Extract map identifier from multiple sources
+  defp get_map_identifier(conn) do
+    # 1. Check path params (e.g., /api/v1/maps/:map_identifier/systems)
+    case conn.params["map_identifier"] do
+      id when is_binary(id) and id != "" ->
+        id
 
       _ ->
-        {:error, :invalid_token}
+        # 2. Check request body for map_id (JSON:API format)
+        case conn.body_params do
+          %{"data" => %{"attributes" => %{"map_id" => map_id}}}
+          when is_binary(map_id) and map_id != "" ->
+            map_id
+
+          %{"data" => %{"relationships" => %{"map" => %{"data" => %{"id" => map_id}}}}}
+          when is_binary(map_id) and map_id != "" ->
+            map_id
+
+          # 3. Check flat body params (non-JSON:API format)
+          %{"map_id" => map_id} when is_binary(map_id) and map_id != "" ->
+            map_id
+
+          _ ->
+            # 4. Check query params (e.g., ?filter[map_id]=...)
+            case conn.params do
+              %{"filter" => %{"map_id" => map_id}} when is_binary(map_id) and map_id != "" ->
+                map_id
+
+              _ ->
+                nil
+            end
+        end
+    end
+  end
+
+  # Helper to resolve map by ID or slug
+  defp resolve_map_identifier(identifier) do
+    # Try as UUID first
+    case WandererApp.Api.Map.by_id(identifier, load: :owner) do
+      {:ok, map} ->
+        {:ok, map}
+
+      _ ->
+        # Try as slug
+        WandererApp.Api.Map.get_map_by_slug(identifier, load: :owner)
     end
   end
 

lib/wanderer_app_web/controllers/plugs/check_webhooks_disabled.ex

@@ -1,21 +0,0 @@
-defmodule WandererAppWeb.Plugs.CheckWebhooksDisabled do
-  @moduledoc """
-  Plug to check if webhooks are enabled.
-
-  This plug blocks access to webhook management endpoints when webhooks are disabled.
-  Enable webhooks by setting WANDERER_WEBHOOKS_ENABLED=true in your environment.
-  """
-  import Plug.Conn
-
-  def init(opts), do: opts
-
-  def call(conn, _opts) do
-    if not WandererApp.Env.webhooks_enabled?() do
-      conn
-      |> send_resp(403, "Webhooks are disabled. Set WANDERER_WEBHOOKS_ENABLED=true to enable.")
-      |> halt()
-    else
-      conn
-    end
-  end
-end

lib/wanderer_app_web/controllers/plugs/check_websocket_disabled.ex

@@ -0,0 +1,15 @@
+defmodule WandererAppWeb.Plugs.CheckWebsocketDisabled do
+  import Plug.Conn
+
+  def init(opts), do: opts
+
+  def call(conn, _opts) do
+    if not WandererApp.Env.websocket_events_enabled?() do
+      conn
+      |> send_resp(403, "WebSocket events are disabled")
+      |> halt()
+    else
+      conn
+    end
+  end
+end

lib/wanderer_app_web/helpers/api_utils.ex

@@ -74,6 +74,8 @@ defmodule WandererAppWeb.Helpers.APIUtils do
   end
 
   @spec parse_int(binary() | integer()) :: {:ok, integer()} | {:error, String.t()}
+  def parse_int(nil), do: {:ok, nil}
+
   def parse_int(str) when is_binary(str) do
     Logger.debug(fn -> "Parsing integer from: #{inspect(str)}" end)
 

lib/wanderer_app_web/live/admin/admin_live.html.heex

@@ -336,8 +336,8 @@
         label="Valid"
         options={Enum.map(@valid_types, fn valid_type -> {valid_type.label, valid_type.id} end)}
       />
-
-      <!-- Modal action buttons -->
+      
+<!-- API Key Section with grid layout -->
       <div class="modal-action">
         <.button class="mt-2" type="submit" phx-disable-with="Saving...">
           {(@live_action == :add_invite_link && "Add") || "Save"}

lib/wanderer_app_web/live/map/event_handlers/map_activity_event_handler.ex

@@ -30,14 +30,17 @@ defmodule WandererAppWeb.MapActivityEventHandler do
 
   def handle_ui_event(
         "show_activity",
-        _,
+        params,
         %{assigns: %{map_id: map_id, current_user: current_user}} = socket
       ) do
     Task.async(fn ->
       try do
+        # Extract days parameter (nil if not provided)
+        days = Map.get(params, "days")
+
         # Get raw activity data from the domain logic
         result =
-          WandererApp.Character.Activity.process_character_activity(map_id, current_user)
+          WandererApp.Character.Activity.process_character_activity(map_id, current_user, days)
 
         # Group activities by user_id and summarize
         summarized_result =