Bump the major-updates group across 1 directory with 14 updates

Bumps the major-updates group with 13 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [@tanstack/vue-query-devtools](https://github.com/TanStack/query/tree/HEAD/packages/vue-query-devtools) | `5.91.0` | `6.1.33` |
| [lucide-vue-next](https://github.com/lucide-icons/lucide/tree/HEAD/packages/lucide-vue-next) | `0.487.0` | `1.0.0` |
| [tailwind-merge](https://github.com/dcastil/tailwind-merge) | `2.6.1` | `3.6.0` |
| [@eslint/js](https://github.com/eslint/eslint/tree/HEAD/packages/js) | `9.39.4` | `10.0.1` |
| [@inertiajs/vue3](https://github.com/inertiajs/inertia/tree/HEAD/packages/vue3) | `2.3.21` | `3.3.0` |
| [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `22.19.17` | `25.9.1` |
| [laravel-vite-plugin](https://github.com/laravel/vite-plugin) | `2.1.0` | `3.1.0` |
| [postcss-import](https://github.com/postcss/postcss-import) | `15.1.0` | `16.1.1` |
| [postcss-nesting](https://github.com/csstools/postcss-plugins/tree/HEAD/plugins/postcss-nesting) | `12.1.5` | `14.0.0` |
| [tailwindcss](https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/tailwindcss) | `3.4.19` | `4.3.0` |
| [typescript](https://github.com/microsoft/TypeScript) | `5.9.3` | `6.0.3` |
| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `7.3.2` | `8.0.15` |
| [vite-plugin-dts](https://github.com/qmhc/unplugin-dts/tree/HEAD/packages/vite-plugin-dts) | `4.5.4` | `5.0.1` |



Updates `@tanstack/vue-query-devtools` from 5.91.0 to 6.1.33
- [Release notes](https://github.com/TanStack/query/releases)
- [Changelog](https://github.com/TanStack/query/blob/main/packages/vue-query-devtools/CHANGELOG.md)
- [Commits](https://github.com/TanStack/query/commits/@tanstack/vue-query-devtools@6.1.33/packages/vue-query-devtools)

Updates `lucide-vue-next` from 0.487.0 to 1.0.0
- [Release notes](https://github.com/lucide-icons/lucide/releases)
- [Commits](https://github.com/lucide-icons/lucide/commits/1.0.0/packages/lucide-vue-next)

Updates `tailwind-merge` from 2.6.1 to 3.6.0
- [Release notes](https://github.com/dcastil/tailwind-merge/releases)
- [Commits](https://github.com/dcastil/tailwind-merge/compare/v2.6.1...v3.6.0)

Updates `@eslint/js` from 9.39.4 to 10.0.1
- [Release notes](https://github.com/eslint/eslint/releases)
- [Commits](https://github.com/eslint/eslint/commits/v10.0.1/packages/js)

Updates `@inertiajs/vue3` from 2.3.21 to 3.3.0
- [Release notes](https://github.com/inertiajs/inertia/releases)
- [Changelog](https://github.com/inertiajs/inertia/blob/3.x/CHANGELOG.md)
- [Commits](https://github.com/inertiajs/inertia/commits/v3.3.0/packages/vue3)

Updates `@types/node` from 22.19.17 to 25.9.1
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Updates `axios` from 1.15.0 to 1.17.0
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md)
- [Commits](https://github.com/axios/axios/compare/v1.15.0...v1.17.0)

Updates `laravel-vite-plugin` from 2.1.0 to 3.1.0
- [Release notes](https://github.com/laravel/vite-plugin/releases)
- [Changelog](https://github.com/laravel/vite-plugin/blob/3.x/CHANGELOG.md)
- [Upgrade guide](https://github.com/laravel/vite-plugin/blob/3.x/UPGRADE.md)
- [Commits](https://github.com/laravel/vite-plugin/compare/v2.1.0...v3.1.0)

Updates `postcss-import` from 15.1.0 to 16.1.1
- [Release notes](https://github.com/postcss/postcss-import/releases)
- [Changelog](https://github.com/postcss/postcss-import/blob/master/CHANGELOG.md)
- [Commits](https://github.com/postcss/postcss-import/compare/15.1.0...16.1.1)

Updates `postcss-nesting` from 12.1.5 to 14.0.0
- [Changelog](https://github.com/csstools/postcss-plugins/blob/main/plugins/postcss-nesting/CHANGELOG.md)
- [Commits](https://github.com/csstools/postcss-plugins/commits/HEAD/plugins/postcss-nesting)

Updates `tailwindcss` from 3.4.19 to 4.3.0
- [Release notes](https://github.com/tailwindlabs/tailwindcss/releases)
- [Changelog](https://github.com/tailwindlabs/tailwindcss/blob/main/CHANGELOG.md)
- [Commits](https://github.com/tailwindlabs/tailwindcss/commits/v4.3.0/packages/tailwindcss)

Updates `typescript` from 5.9.3 to 6.0.3
- [Release notes](https://github.com/microsoft/TypeScript/releases)
- [Commits](https://github.com/microsoft/TypeScript/compare/v5.9.3...v6.0.3)

Updates `vite` from 7.3.2 to 8.0.15
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v8.0.15/packages/vite)

Updates `vite-plugin-dts` from 4.5.4 to 5.0.1
- [Release notes](https://github.com/qmhc/unplugin-dts/releases)
- [Changelog](https://github.com/qmhc/unplugin-dts/blob/main/packages/vite-plugin-dts/CHANGELOG.md)
- [Commits](https://github.com/qmhc/unplugin-dts/commits/vite-plugin-dts@5.0.1/packages/vite-plugin-dts)

---
updated-dependencies:
- dependency-name: "@eslint/js"
  dependency-version: 10.0.1
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: major-updates
- dependency-name: "@inertiajs/vue3"
  dependency-version: 3.1.1
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: major-updates
- dependency-name: "@tanstack/vue-query-devtools"
  dependency-version: 6.1.28
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: major-updates
- dependency-name: "@types/node"
  dependency-version: 25.6.2
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: major-updates
- dependency-name: axios
  dependency-version: 1.16.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: major-updates
- dependency-name: laravel-vite-plugin
  dependency-version: 3.1.0
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: major-updates
- dependency-name: lucide-vue-next
  dependency-version: 1.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: major-updates
- dependency-name: postcss-import
  dependency-version: 16.1.1
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: major-updates
- dependency-name: postcss-nesting
  dependency-version: 14.0.0
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: major-updates
- dependency-name: tailwind-merge
  dependency-version: 3.6.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: major-updates
- dependency-name: tailwindcss
  dependency-version: 4.3.0
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: major-updates
- dependency-name: typescript
  dependency-version: 6.0.3
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: major-updates
- dependency-name: vite
  dependency-version: 8.0.12
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: major-updates
- dependency-name: vite-plugin-dts
  dependency-version: 5.0.0
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: major-updates
...

Signed-off-by: dependabot[bot] <support@github.com>

.env.ci

@@ -34,7 +34,12 @@ SESSION_DRIVER=database
 SESSION_LIFETIME=120
 
 # Mail
-MAIL_MAILER=log
+MAIL_MAILER=smtp
+MAIL_HOST=localhost
+MAIL_PORT=1025
+MAIL_USERNAME=null
+MAIL_PASSWORD=null
+MAIL_ENCRYPTION=null
 MAIL_FROM_ADDRESS="no-reply@solidtime.test"
 MAIL_FROM_NAME="solidtime"
 MAIL_REPLY_TO_ADDRESS="hello@solidtime.test"
@@ -55,4 +60,7 @@ AUDITING_ENABLED=true
 TELESCOPE_ENABLED=false
 
 # Services
-GOTENBERG_URL=http://0.0.0.0:3000
+GOTENBERG_URL=http://localhost:3000
+
+# Octane
+OCTANE_SERVER=frankenphp

.env.example

@@ -77,11 +77,13 @@ TELESCOPE_ENABLED=false
 # Services
 GOTENBERG_URL=http://gotenberg:3000
 
+# Octane
+OCTANE_SERVER=frankenphp
+
 # Local setup
 NGINX_HOST_NAME=solidtime.test
 NETWORK_NAME=reverse-proxy-docker-traefik_routing
-FORWARD_DB_PORT=5432
-FORWARD_WEB_PORT=8083
+FORWARD_DB_PORT=54329
 VITE_HOST_NAME=vite.solidtime.test
 VITE_APP_NAME="${APP_NAME}"
 #SAIL_XDEBUG_MODE=develop,debug,coverage

.github/PULL_REQUEST_TEMPLATE.md

@@ -1,8 +1,11 @@
-<!--
-This project is early stage. The structure and APIs are still subject to change and not stable.
-Therefore, we do not currently accept any contributions, unless you are a member of the team.
+## What does this PR do?
 
-As soon as we feel comfortable enough that the application structure is stable enough, we will open up the project for contributions.
+<!-- Please include a summary of the change and which issue is fixed. Please also include relevant motivation and context. List any dependencies that are required for this change. -->
 
-We do accept contributions in the [documentation repository](https://github.com/solidtime-io/docs) f.e. to add new self-hosting guides.
--->
+- Fixes #XXXX (GitHub issue number)
+
+## Checklist (DO NOT REMOVE)
+
+- [ ] I read the [contributing guide](https://github.com/solidtime-io/solidtime/blob/main/CONTRIBUTING.md)
+- [ ] I signed the [Contributor License Agreement](https://cla-assistant.io/solidtime-io/solidtime).
+- [ ] I commented my code, particularly in hard-to-understand areas

.github/workflows/build-onpremise.yml

@@ -0,0 +1,216 @@
+on:
+  push:
+    branches:
+      - main
+      - develop
+    tags:
+      - '*'
+  pull_request:
+    paths:
+      - '.github/workflows/build-onpremise.yml'
+      - 'docker/prod/**'
+  workflow_dispatch:
+
+permissions:
+  packages: write
+  contents: read
+  attestations: write
+  id-token: write
+
+env:
+  DOCKER_REPO: registry.on-premise.solidtime.io/solidtime/solidtime
+
+name: Build - On Premise
+jobs:
+  build:
+    strategy:
+      matrix:
+        include:
+          - runs-on: "ubuntu-24.04-arm"
+            platform: "linux/arm64"
+          - runs-on: "ubuntu-24.04"
+            platform: "linux/amd64"
+    runs-on: ${{ matrix.runs-on }}
+    timeout-minutes: 90
+
+    steps:
+      - name: "Check out code"
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0 # Required for WyriHaximus/github-action-get-previous-tag
+
+      - name: "Get build"
+        id: release-build
+        run: echo "build=$(git rev-parse --short=8 HEAD)" >> "$GITHUB_OUTPUT"
+
+      - name: "Get Previous tag (normal push)"
+        id: previoustag
+        if: ${{ !startsWith(github.ref, 'refs/tags/v') }}
+        uses: "WyriHaximus/github-action-get-previous-tag@v1"
+        with:
+          prefix: "v"
+
+      - name: "Get version"
+        id: release-version
+        run: |
+          if ${{ !startsWith(github.ref, 'refs/tags/v') }}; then
+            if ${{ startsWith(steps.previoustag.outputs.tag, 'v') }}; then
+              version=$(echo "${{ steps.previoustag.outputs.tag }}" | cut -c 2-)
+              echo "app_version=${version}" >> "$GITHUB_OUTPUT"
+            else
+              echo "ERROR: No previous tag found";
+              exit 1;
+            fi
+          else
+            version=$(echo "${{ github.ref }}" | cut -c 12-)
+            echo "app_version=${version}" >> "$GITHUB_OUTPUT"
+          fi
+
+      - name: "Copy .env template for production"
+        run: |
+          cp .env.production .env
+          rm .env.production .env.ci .env.example
+
+      - name: "Add version to .env"
+        run: sed -i 's/APP_VERSION=0.0.0/APP_VERSION=${{ steps.release-version.outputs.app_version }}/g' .env
+
+      - name: "Add build to .env"
+        run: sed -i 's/APP_BUILD=0/APP_BUILD=${{ steps.release-build.outputs.build }}/g' .env
+
+      - name: "Output .env"
+        run: cat .env
+
+      - name: "Setup PHP with PECL extension"
+        uses: shivammathur/setup-php@v2
+        with:
+          php-version: '8.3'
+          extensions: mbstring, dom, fileinfo, pgsql
+
+      - name: "Install dependencies"
+        run: composer install --no-dev --no-ansi --no-interaction --prefer-dist --ignore-platform-reqs --classmap-authoritative
+        if: steps.cache-vendor.outputs.cache-hit != 'true' # Skip if cache hit
+
+      - name: "Use Node.js"
+        uses: actions/setup-node@v6
+        with:
+          node-version: '20.x'
+
+      - name: "Checkout invoicing extension"
+        uses: actions/checkout@v4
+        with:
+          repository: solidtime-io/extension-invoicing
+          path: extensions/Invoicing
+          ssh-key: ${{ secrets.SSH_PRIVATE_KEY_INVOICING_EXTENSION }}
+
+      - name: "Install composer dependencies in invoicing extension"
+        run: cd extensions/Invoicing && composer install --no-dev --no-ansi --no-interaction --prefer-dist --ignore-platform-reqs --classmap-authoritative
+
+      - name: "Install npm dependencies in invoicing extension"
+        run: cd extensions/Invoicing && npm ci
+
+      - name: "Activate invoicing extension"
+        run: php artisan module:enable Invoicing
+
+      - name: "Install npm dependencies"
+        run: npm ci
+
+      - name: "Build"
+        run: npm run build
+
+      - name: "Prepare"
+        run: |
+          platform=${{ matrix.platform }}
+          echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV
+
+      - name: "Docker meta"
+        id: "meta"
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            ${{ env.DOCKER_REPO }}
+
+      - name: "Login to solidtime OnPremise Registry"
+        uses: docker/login-action@v3
+        with:
+          registry: registry.on-premise.solidtime.io
+          username: ${{ secrets.ONPREMISE_USERNAME }}
+          password: ${{ secrets.ONPREMISE_TOKEN }}
+
+      - name: "Set up QEMU"
+        uses: docker/setup-qemu-action@v3
+
+      - name: "Set up Docker Buildx"
+        uses: docker/setup-buildx-action@v3
+
+      - name: "Build and push by digest"
+        id: build
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          file: docker/prod/Dockerfile
+          build-args: |
+            DOCKER_FILES_BASE_PATH=docker/prod/
+          platforms: ${{ matrix.platform }}
+          labels: ${{ steps.meta.outputs.labels }}
+          outputs: type=image,"name=${{ env.DOCKER_REPO }}",push-by-digest=true,name-canonical=true,push=true
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+      - name: "Export digest"
+        run: |
+          mkdir -p ${{ runner.temp }}/digests
+          digest="${{ steps.build.outputs.digest }}"
+          touch "${{ runner.temp }}/digests/${digest#sha256:}"
+
+      - name: "Upload digest"
+        uses: actions/upload-artifact@v4
+        with:
+          name: digests-${{ env.PLATFORM_PAIR }}
+          path: ${{ runner.temp }}/digests/*
+          if-no-files-found: error
+          retention-days: 1
+
+  merge:
+    runs-on: ubuntu-latest
+    timeout-minutes: 90
+    needs:
+      - build
+    steps:
+      - name: "Download digests"
+        uses: actions/download-artifact@v6
+        with:
+          path: ${{ runner.temp }}/digests
+          pattern: digests-*
+          merge-multiple: true
+
+      - name: "Login to solidtime OnPremise Registry"
+        uses: docker/login-action@v3
+        with:
+          registry: registry.on-premise.solidtime.io
+          username: ${{ secrets.ONPREMISE_USERNAME }}
+          password: ${{ secrets.ONPREMISE_TOKEN }}
+
+      - name: "Set up Docker Buildx"
+        uses: docker/setup-buildx-action@v3
+
+      - name: "Docker meta"
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            ${{ env.DOCKER_REPO }}
+          tags: |
+            type=ref,event=branch
+            type=ref,event=pr
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+
+      - name: "Create manifest list and push"
+        working-directory: ${{ runner.temp }}/digests
+        run: |
+          docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
+            $(printf '${{ env.DOCKER_REPO }}@sha256:%s ' *)
+
+      - name: "Inspect image"
+        run: |
+          docker buildx imagetools inspect ${{ env.DOCKER_REPO }}:${{ steps.meta.outputs.version }}

.github/workflows/build-private.yml

@@ -22,7 +22,7 @@ jobs:
 
     steps:
       - name: "Check out code"
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           fetch-depth: 0 # Required for WyriHaximus/github-action-get-previous-tag
 
@@ -68,12 +68,12 @@ jobs:
         run: cat .env
 
       - name: "Use Node.js"
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@v6
         with:
           node-version: '20.x'
 
       - name: "Checkout billing extension"
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           repository: solidtime-io/extension-billing
           path: extensions/Billing
@@ -93,7 +93,7 @@ jobs:
         run: cd extensions/Billing && npm ci
 
       - name: "Checkout services extension"
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           repository: solidtime-io/extension-services
           path: extensions/Services
@@ -111,7 +111,7 @@ jobs:
         run: cd extensions/Services && npm ci
 
       - name: "Checkout invoicing extension"
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           repository: solidtime-io/extension-invoicing
           path: extensions/Invoicing

.github/workflows/build-public.yml

@@ -36,7 +36,7 @@ jobs:
 
     steps:
       - name: "Check out code"
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           fetch-depth: 0 # Required for WyriHaximus/github-action-get-previous-tag
 
@@ -92,7 +92,7 @@ jobs:
         if: steps.cache-vendor.outputs.cache-hit != 'true' # Skip if cache hit
 
       - name: "Use Node.js"
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@v6
         with:
           node-version: '20.x'
 
@@ -169,7 +169,7 @@ jobs:
       - build
     steps:
       - name: "Download digests"
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v6
         with:
           path: ${{ runner.temp }}/digests
           pattern: digests-*

.github/workflows/generate-api-docs.yml

@@ -29,7 +29,7 @@ jobs:
 
     steps:
       - name: "Checkout code"
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: "Setup PHP"
         uses: shivammathur/setup-php@v2

.github/workflows/npm-build.yml

@@ -11,7 +11,7 @@ jobs:
 
     steps:
       - name: "Checkout code"
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: "Setup PHP (for Ziggy)"
         uses: shivammathur/setup-php@v2
@@ -24,7 +24,7 @@ jobs:
         run: composer install -n --prefer-dist
 
       - name: "Use Node.js"
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@v6
         with:
           node-version: '20.x'
 

.github/workflows/npm-format-check.yml

@@ -0,0 +1,23 @@
+name: NPM Format Check
+
+on: [push]
+
+jobs:
+  format-check:
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+
+    steps:
+      - name: "Checkout code"
+        uses: actions/checkout@v5
+
+      - name: "Use Node.js"
+        uses: actions/setup-node@v6
+        with:
+          node-version: '20.x'
+
+      - name: "Install npm dependencies"
+        run: npm ci
+
+      - name: "Check code formatting"
+        run: npm run format:check 

.github/workflows/npm-lint.yml

@@ -11,10 +11,10 @@ jobs:
 
     steps:
       - name: "Checkout code"
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: "Use Node.js"
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@v6
         with:
           node-version: '20.x'
 

.github/workflows/npm-publish-api.yml

@@ -11,11 +11,11 @@ jobs:
       id-token: write
     steps:
       - name: "Checkout code"
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       # Setup .npmrc file to publish to npm
       - name: Install root project dependencies
         run: npm ci
-      - uses: actions/setup-node@v4
+      - uses: actions/setup-node@v6
         with:
           node-version: '20.x'
           registry-url: 'https://registry.npmjs.org'

.github/workflows/npm-publish-ui.yml

@@ -11,9 +11,9 @@ jobs:
       id-token: write
     steps:
       - name: "Checkout code"
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       # Setup .npmrc file to publish to npm
-      - uses: actions/setup-node@v4
+      - uses: actions/setup-node@v6
         with:
           node-version: '20.x'
           registry-url: 'https://registry.npmjs.org'

.github/workflows/npm-test-unit.yml

@@ -0,0 +1,27 @@
+name: NPM Test Unit
+
+on: [push]
+permissions:
+  contents: read
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+    env:
+      TZ: UTC
+
+    steps:
+      - name: "Checkout code"
+        uses: actions/checkout@v4
+
+      - name: "Use Node.js"
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20.x'
+
+      - name: "Install npm dependencies"
+        run: npm ci
+
+      - name: "Run vitest"
+        run: npm run test:unit

.github/workflows/npm-typecheck.yml

@@ -10,7 +10,7 @@ jobs:
 
     steps:
       - name: "Checkout code"
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: "Setup PHP (for Ziggy)"
         uses: shivammathur/setup-php@v2
@@ -23,7 +23,7 @@ jobs:
         run: composer install -n --prefer-dist
 
       - name: "Use Node.js"
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@v6
         with:
           node-version: '20.x'
 

.github/workflows/phpstan.yml

@@ -9,7 +9,7 @@ jobs:
 
     steps:
       - name: "Checkout code"
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: "Setup PHP"
         uses: shivammathur/setup-php@v2

.github/workflows/phpunit.yml

@@ -36,7 +36,7 @@ jobs:
           --health-retries 5
     steps:
       - name: "Checkout code"
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: "Setup PHP"
         uses: shivammathur/setup-php@v2
@@ -48,7 +48,7 @@ jobs:
       - name: "Run composer install"
         run: composer install -n --prefer-dist
 
-      - uses: actions/setup-node@v4
+      - uses: actions/setup-node@v6
         with:
           node-version: '20.x'
 
@@ -68,7 +68,7 @@ jobs:
         run: php artisan test --stop-on-failure --coverage-text --coverage-clover=coverage.xml
 
       - name: "Upload coverage reports to Codecov"
-        uses: codecov/codecov-action@v5.4.3
+        uses: codecov/codecov-action@v5.5.1
         with:
           token: ${{ secrets.CODECOV_TOKEN }}
           slug: solidtime-io/solidtime

.github/workflows/pint.yml

@@ -9,9 +9,9 @@ jobs:
 
     steps:
       - name: "Checkout code"
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: "Check code style"
-        uses: aglipanci/laravel-pint-action@2.5
+        uses: aglipanci/laravel-pint-action@2.6
         with:
           configPath: "pint.json"

.github/workflows/playwright.yml

@@ -6,10 +6,18 @@ jobs:
   test:
     runs-on: ubuntu-latest
     timeout-minutes: 60
+    strategy:
+      fail-fast: false
+      matrix:
+        shardIndex: [1, 2, 3, 4, 5, 6, 7, 8]
+        shardTotal: [8]
 
     services:
       mailpit:
         image: 'axllent/mailpit:latest'
+        ports:
+          - 1025:1025
+          - 8025:8025
       pgsql_test:
         image: postgres:15
         env:
@@ -27,10 +35,10 @@ jobs:
 
     steps:
       - name: "Checkout code"
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: "Setup node"
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@v6
         with:
           node-version: '20.x'
 
@@ -57,22 +65,63 @@ jobs:
       - name: "Build Frontend"
         run: npm run build
 
-      - name: "Run Laravel Server"
-        run: php artisan serve > /dev/null 2>&1 &
+      - name: "Install FrankenPHP"
+        run: |
+          ARCH="$(uname -m)"
+          curl -fsSL "https://github.com/dunglas/frankenphp/releases/latest/download/frankenphp-linux-${ARCH}" -o /usr/local/bin/frankenphp
+          chmod +x /usr/local/bin/frankenphp
+
+      - name: "Run Laravel Octane Server"
+        run: php artisan octane:start --server=frankenphp --host=127.0.0.1 --port=8000 --workers=4 --max-requests=500 > /dev/null 2>&1 &
+        env:
+          OCTANE_SERVER: frankenphp
 
       - name: "Install Playwright Browsers"
         run: npx playwright install --with-deps
 
       - name: "Run Playwright tests"
-        run: npx playwright test
+        run: npx playwright test --shard=${{ matrix.shardIndex }}/${{ matrix.shardTotal }}
         env:
           PLAYWRIGHT_BASE_URL: 'http://127.0.0.1:8000'
+          MAILPIT_BASE_URL: 'http://localhost:8025'
 
-      - name: "Upload test results"
+      - name: "Upload blob report"
         uses: actions/upload-artifact@v4
         if: always()
         with:
-          name: test-results
-          path: test-results/
-          retention-days: 30
+          name: blob-report-${{ matrix.shardIndex }}
+          path: blob-report/
+          retention-days: 7
 
+  merge-reports:
+    if: always()
+    needs: [test]
+    runs-on: ubuntu-latest
+    steps:
+      - name: "Checkout code"
+        uses: actions/checkout@v4
+
+      - name: "Setup node"
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20.x'
+
+      - name: "Install dependencies"
+        run: npm ci
+
+      - name: "Download blob reports"
+        uses: actions/download-artifact@v4
+        with:
+          path: all-blob-reports
+          pattern: blob-report-*
+          merge-multiple: true
+
+      - name: "Merge reports"
+        run: npx playwright merge-reports --reporter html ./all-blob-reports
+
+      - name: "Upload merged HTML report"
+        uses: actions/upload-artifact@v4
+        with:
+          name: playwright-report
+          path: playwright-report/
+          retention-days: 30

.npmrc

@@ -0,0 +1 @@
+min-release-age=7

.prettierignore

@@ -0,0 +1,27 @@
+# Ignore build outputs
+node_modules/
+vendor/
+storage/
+bootstrap/cache/
+public/build/
+public/hot/
+
+# Ignore lock files
+package-lock.json
+composer.lock
+
+# Ignore generated files
+*.min.js
+*.min.css
+
+# Ignore test results
+test-results/
+playwright-report/
+
+# Ignore IDE files
+.idea/
+.vscode/
+
+# Ignore OS files
+.DS_Store
+Thumbs.db 

.prettierrc.json

@@ -3,5 +3,6 @@
     "tabWidth": 4,
     "singleQuote": true,
     "bracketSameLine": true,
-    "quoteProps": "preserve"
+    "quoteProps": "preserve",
+    "printWidth": 100
 }

CONTRIBUTING.md

@@ -0,0 +1,81 @@
+# Contributing to solidtime
+
+Contributions are greatly apprecited, please make sure to read the rules and vision for solidtime before contributing. 
+
+## Rules
+
+### Issues for Bugs, Discussions for Feature requests
+
+In order to keep the issues of the repository clean we decided to only use them for bugs. Feature Requests and enhancement are handled in discussions. This also helps us to see which feature requests are popular as they can be upvoted. 
+
+### Only work on approved issues
+
+To respect your time and help us manage contributions effectively, please open an issue or start a discussion and wait for approval before submitting a pull request (PR). This does not apply to tiny fixes or changes however, please keep in mind that we might not merge PRs for various reasons. 
+
+### Contributor License Agreement
+
+You'll also notice that we’ve set up a [Contributor License Agreement (CLA)](https://cla-assistant.io/solidtime-io/solidtime), which must be signed before any PR can be merged. Don’t worry - the process is quick and only takes a few clicks.
+
+We want to be transparent about why we require the CLA and what it means for your contributions and the codebase. That’s why we’ve written a few paragraphs below outlining our plans and vision for solidtime in the **Vision** part of this document. 
+
+### Prevent Duplicate Work
+
+Before you submit a new PR, make sure that none exists already. If you plan to work on an issue, make sure to let us and others know by commenting on the issue/discussion. 
+
+### Give context
+
+Tell us what you thinking was behind the decisions you made while drafting the PR. Treat the PR itself as documentation for everyone who wants to go back and understand why certain decisions were made. 
+
+### Summarize your PR
+
+Please make sure to include a short summary at the top of your PR to make it easy for us to quickly check what the PR is about, without looking at the code changes. 
+
+### Use Github Keywords and Auto-Link Issues
+
+Use phrases like "Closes #123" or "Fixes #123" in the PR description to link the PR with the issue that you are adressing. 
+
+### Mention what you tested and how
+
+Explain how you tested and validated the implementation. 
+
+### Keep Naming consistent
+
+Look at existing code patterns and use naming conventions that already exist in the code base. 
+
+### Testing
+
+We have an exhaustive test-suite of PHPUnit (Backend) and Playwright (Frontend) testing. Whereever applicable please make sure to write add tests to the codebase. 
+
+### Linting & Formatting
+
+Make sure to run linting and formatting commands before you commit the changes. 
+
+For backend changes:
+
+```
+composer fix
+composer analyse
+```
+
+For frontend changes: 
+
+```
+npm run lint:fix
+npm run format
+```
+
+## Vision
+
+We started solidtime to provide an open infrastructure solution for time tracking—one that empowers teams and individuals to fully own their data, instead of depending on proprietary platforms. We believe infrastructure software should be open, accessible, and built to last. However, competing with established market leaders in this space requires long-term financial sustainability.
+
+solidtime is licensed under the AGPL, which we believe is the best available license to strike a balance between openness and financial viability. The AGPL gives us, as the copyright holders, certain exclusive rights that we plan to leverage to fund development. To ensure we retain those rights across the entire codebase, we've put a CLA in place that contributors must sign before submitting code.
+
+One of solidtime’s key advantages is that it's built to be self-hostable. This makes it a great solution for organizations like governments, healthcare providers, and enterprises that are required to keep data on their own infrastructure due to regulations or internal policies. These organizations may need custom licenses, integrations, or modifications that aren't suitable for the open-source version. To support them, we offer relicensed versions of solidtime along with support plans.
+
+We’ll also provide proprietary extensions for solidtime. These will be available to enterprise customers with support plans, but also to individual users or teams who don’t need support, at much more accessible price points. For companies running solidtime on their own infrastructure, this is the easiest way to support the project while gaining additional functionality. While we plan to make it easier to build custom extensions in the future, our current APIs are still highly experimental.
+
+Finally - and perhaps most importantly - we offer a hosted SaaS version called solidtime Cloud, for users who can’t or don’t want to run the software themselves. This version includes proprietary extensions, always runs the latest commit, and includes monitoring and billing features available exclusively on this hosted instance. We expect solidtime Cloud to play a critical role in funding the project long-term.
+
+Having full control over the source code’s licensing also gives us the ability to change the license of the main project in the future. That said, we have no plans to do so and would only consider it in extreme cases - for example, if a malicious actor were to directly compete with our hosted service in a way that threatens the sustainability of the project, the legal interpretation of AGPL changes in a way that would make it unreasonable to use for certain companies, or a new similar license gains wide-spread adoption. Regardless, solidtime will always remain free to self-host for individuals and companies who use it as part of their work, and all previous releases will remain licensed under AGPL.
+
+If you are using the open-source version of solidtime and want to support us, the best way to do so is to spread the word. 

README.md

@@ -1,4 +1,4 @@
-# solidtime - The modern Open-Source Time Tracker
+# solidtime - The modern Open-Source TimeTracker
 
 [![GitHub License](https://img.shields.io/github/license/solidtime-io/solidtime?style=flat-square)](https://github.com/solidtime-io/solidtime/blob/main/LICENSE.md)
 [![Codecov](https://img.shields.io/codecov/c/github/solidtime-io/solidtime?style=flat-square&logo=codecov)](https://codecov.io/gh/solidtime-io/solidtime)
@@ -35,10 +35,11 @@ If you have a **feature request**, please [**create a discussion**](https://gith
 
 ## Contributing
 
-This project is in a very early stage. The structure and APIs are still subject to change and not stable. 
-Therefore, we do not currently accept any contributions, unless you are a member of the team.
+Please open an issue or start a discussion and wait for approval before submitting a pull request. This does not apply to tiny fixes or changes however, please keep in mind that we might not merge PRs for various reasons. 
 
-As soon as we feel comfortable enough that the application structure is stable enough, we will open up the project for contributions.
+**If you submit an AI slop pull request (especially without following the proper procedure), you will be banned from future contributions to solidtime.**
+
+Please read the [CONTRIBUTING.md](./CONTRIBUTING.md) before sumbitting a Pull Request.
 
 We do accept contributions in the [documentation repository](https://github.com/solidtime-io/docs) f.e. to add new self-hosting guides.
 

SECURITY.md

@@ -3,3 +3,18 @@
 ## Reporting a Vulnerability
 
 If you discover a security vulnerability regarding this project, please e-mail me to [security@solidtime.io](mailto:security@solidtime.io)!
+
+## Out of scope
+
+
+Reports we typically won't issue an advisory for:
+
+* Theoretical findings without a working PoC
+* Raw scanner output without manual validation
+* Missing/weak security headers in isolation (CSP, X-Frame-Options, HSTS, etc.)
+* SPF/DKIM/DMARC on non-mail-sending domains; missing DNSSEC/CAA; TLS cipher preferences
+* Self-XSS; CSRF on non-state-changing endpoints (logout, theme)
+* CSV / spreadsheet formula injection in exports — treated as a spreadsheet-application issue
+* Org owners or admins acting destructively within their own organization
+* Anything requiring direct DB, shell, or filesystem access on a self-hosted instance
+* Missing OAuth Scope enforcement (this is not implemented yet, but AI scanners flag it which is why it is included in this list until we actually support it)

app/Console/Kernel.php

@@ -22,13 +22,27 @@ class Kernel extends ConsoleKernel
             ->when(fn (): bool => config('scheduling.tasks.auth_send_mails_expiring_api_tokens'))
             ->everyTenMinutes();
 
-        $schedule->command('self-host:check-for-update')
-            ->when(fn (): bool => config('scheduling.tasks.self_hosting_check_for_update'))
-            ->twiceDaily();
+        if (config('app.key') && (config('scheduling.tasks.self_hosting_check_for_update') || config('scheduling.tasks.self_hosting_telemetry'))) {
+            // Convert string to a stable integer for seeding
+            /** @var int $seed Take the first 8 hex chars → 32-bit int */
+            $seed = hexdec(substr(hash('md5', config('app.key')), 0, 8));
+            $seed = abs($seed); // Ensure it's positive
+            mt_srand($seed);
+            $firstHour = mt_rand(0, 23);
+            $secondHour = ($firstHour + 12) % 24;
+            $minuteOffset = mt_rand(0, 59);
+            mt_srand(null); // Reset the random number generator
 
-        $schedule->command('self-host:telemetry')
-            ->when(fn (): bool => config('scheduling.tasks.self_hosting_telemetry'))
-            ->twiceDaily();
+            if (config('scheduling.tasks.self_hosting_check_for_update')) {
+                $schedule->command('self-host:check-for-update')
+                    ->twiceDailyAt($firstHour, $secondHour, $minuteOffset);
+            }
+
+            if (config('scheduling.tasks.self_hosting_telemetry')) {
+                $schedule->command('self-host:telemetry')
+                    ->twiceDailyAt($firstHour, $secondHour, $minuteOffset);
+            }
+        }
 
         $schedule->command('self-host:database-consistency')
             ->when(fn (): bool => config('scheduling.tasks.self_hosting_database_consistency'))

app/Enums/TimeEntryAggregationType.php

@@ -20,6 +20,7 @@ enum TimeEntryAggregationType: string
     case Client = 'client';
     case Billable = 'billable';
     case Description = 'description';
+    case Tag = 'tag';
 
     public static function fromInterval(TimeEntryAggregationTypeInterval $timeEntryAggregationTypeInterval): TimeEntryAggregationType
     {

app/Exceptions/Api/OverlappingTimeEntryApiException.php

@@ -0,0 +1,10 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Exceptions\Api;
+
+class OverlappingTimeEntryApiException extends ApiException
+{
+    public const string KEY = 'overlapping_time_entry';
+}

app/Filament/Resources/TimeEntryResource.php

@@ -5,6 +5,7 @@ declare(strict_types=1);
 namespace App\Filament\Resources;
 
 use App\Filament\Resources\TimeEntryResource\Pages;
+use App\Models\Member;
 use App\Models\TimeEntry;
 use Filament\Forms\Components\DateTimePicker;
 use Filament\Forms\Components\Select;
@@ -16,6 +17,7 @@ use Filament\Tables;
 use Filament\Tables\Columns\TextColumn;
 use Filament\Tables\Filters\SelectFilter;
 use Filament\Tables\Table;
+use Illuminate\Database\Eloquent\Builder;
 
 class TimeEntryResource extends Resource
 {
@@ -51,15 +53,23 @@ class TimeEntryResource extends Resource
                     ->rules([
                         'after_or_equal:start',
                     ]),
-                Select::make('user_id')
-                    ->relationship(name: 'user', titleAttribute: 'email')
-                    ->searchable(['name', 'email'])
+                Select::make('member_id')
+                    ->relationship(
+                        name: 'member',
+                        titleAttribute: 'id',
+                        modifyQueryUsing: fn (Builder $query) => $query->with(['user', 'organization'])
+                    )
+                    ->getOptionLabelFromRecordUsing(fn (Member $record): string => $record->user->email.' ('.$record->organization->name.')')
+                    ->searchable()
                     ->required(),
                 Select::make('project_id')
                     ->relationship(name: 'project', titleAttribute: 'name')
                     ->searchable(['name'])
                     ->nullable(),
-                // TODO
+                Select::make('task_id')
+                    ->relationship(name: 'task', titleAttribute: 'name')
+                    ->searchable(['name'])
+                    ->nullable(),
             ]);
     }
 

app/Filament/Resources/TimeEntryResource/Pages/CreateTimeEntry.php

@@ -5,9 +5,28 @@ declare(strict_types=1);
 namespace App\Filament\Resources\TimeEntryResource\Pages;
 
 use App\Filament\Resources\TimeEntryResource;
+use App\Models\Member;
 use Filament\Resources\Pages\CreateRecord;
 
 class CreateTimeEntry extends CreateRecord
 {
     protected static string $resource = TimeEntryResource::class;
+
+    /**
+     * @param  array<string, mixed>  $data
+     * @return array<string, mixed>
+     */
+    protected function mutateFormDataBeforeCreate(array $data): array
+    {
+        if (isset($data['member_id'])) {
+            /** @var Member|null $member */
+            $member = Member::query()->find($data['member_id']);
+            if ($member !== null) {
+                $data['user_id'] = $member->user_id;
+                $data['organization_id'] = $member->organization_id;
+            }
+        }
+
+        return $data;
+    }
 }

app/Filament/Resources/TimeEntryResource/Pages/EditTimeEntry.php

@@ -5,6 +5,7 @@ declare(strict_types=1);
 namespace App\Filament\Resources\TimeEntryResource\Pages;
 
 use App\Filament\Resources\TimeEntryResource;
+use App\Models\Member;
 use Filament\Actions;
 use Filament\Resources\Pages\EditRecord;
 
@@ -19,4 +20,22 @@ class EditTimeEntry extends EditRecord
                 ->icon('heroicon-m-trash'),
         ];
     }
+
+    /**
+     * @param  array<string, mixed>  $data
+     * @return array<string, mixed>
+     */
+    protected function mutateFormDataBeforeSave(array $data): array
+    {
+        if (isset($data['member_id'])) {
+            /** @var Member|null $member */
+            $member = Member::query()->find($data['member_id']);
+            if ($member !== null) {
+                $data['user_id'] = $member->user_id;
+                $data['organization_id'] = $member->organization_id;
+            }
+        }
+
+        return $data;
+    }
 }

app/Http/Controllers/Api/V1/ApiTokenController.php

@@ -35,6 +35,7 @@ class ApiTokenController extends Controller
                 /** @var Builder<Client> $query */
                 $query->whereJsonContains('grant_types', 'personal_access');
             })
+            ->orderBy('created_at', 'desc')
             ->get();
 
         return new ApiTokenCollection($tokens);

app/Http/Controllers/Api/V1/ChartController.php

@@ -14,6 +14,8 @@ use Illuminate\Http\JsonResponse;
 class ChartController extends Controller
 {
     /**
+     * Get chart data for the weekly project overview.
+     *
      * @throws AuthorizationException
      *
      * @operationId weeklyProjectOverview
@@ -31,6 +33,8 @@ class ChartController extends Controller
     }
 
     /**
+     * Get chart data for the latest tasks.
+     *
      * @throws AuthorizationException
      *
      * @operationId latestTasks
@@ -48,6 +52,8 @@ class ChartController extends Controller
     }
 
     /**
+     * Get chart data for the last seven days.
+     *
      * @throws AuthorizationException
      *
      * @operationId lastSevenDays
@@ -65,6 +71,8 @@ class ChartController extends Controller
     }
 
     /**
+     * Get chart data for the latest team activity.
+     *
      * @throws AuthorizationException
      *
      * @operationId latestTeamActivity
@@ -81,6 +89,8 @@ class ChartController extends Controller
     }
 
     /**
+     * Get chart data for daily tracked hours.
+     *
      * @throws AuthorizationException
      *
      * @operationId dailyTrackedHours
@@ -92,12 +102,14 @@ class ChartController extends Controller
         $this->checkPermission($organization, 'charts:view:own');
         $user = $this->user();
 
-        $dailyTrackedHours = $dashboardService->getDailyTrackedHours($user, $organization, 60);
+        $dailyTrackedHours = $dashboardService->getDailyTrackedHours($user, $organization, 100);
 
         return response()->json($dailyTrackedHours);
     }
 
     /**
+     * Get chart data for total weekly time.
+     *
      * @throws AuthorizationException
      *
      * @operationId totalWeeklyTime
@@ -115,6 +127,8 @@ class ChartController extends Controller
     }
 
     /**
+     * Get chart data for total weekly billable time.
+     *
      * @throws AuthorizationException
      *
      * @operationId totalWeeklyBillableTime
@@ -132,6 +146,8 @@ class ChartController extends Controller
     }
 
     /**
+     * Get chart data for total weekly billable amount.
+     *
      * @throws AuthorizationException
      *
      * @operationId totalWeeklyBillableAmount
@@ -154,6 +170,8 @@ class ChartController extends Controller
     }
 
     /**
+     * Get chart data for weekly history.
+     *
      * @throws AuthorizationException
      *
      * @operationId weeklyHistory

app/Http/Controllers/Api/V1/ClientController.php

@@ -38,11 +38,17 @@ class ClientController extends Controller
     public function index(Organization $organization, ClientIndexRequest $request): ClientCollection
     {
         $this->checkPermission($organization, 'clients:view');
+        $canViewAllClients = $this->hasPermission($organization, 'clients:view:all');
+        $user = $this->user();
 
         $clientsQuery = Client::query()
             ->whereBelongsTo($organization, 'organization')
             ->orderBy('created_at', 'desc');
 
+        if (! $canViewAllClients) {
+            $clientsQuery->visibleByEmployee($user);
+        }
+
         $filterArchived = $request->getFilterArchived();
         if ($filterArchived === 'true') {
             $clientsQuery->whereNotNull('archived_at');

app/Http/Controllers/Api/V1/InvitationController.php

@@ -41,6 +41,7 @@ class InvitationController extends Controller
         $this->checkPermission($organization, 'invitations:view');
 
         $invitations = $organization->teamInvitations()
+            ->orderBy('created_at', 'desc')
             ->paginate(config('app.pagination_per_page_default'));
 
         return InvitationCollection::make($invitations);

app/Http/Controllers/Api/V1/MemberController.php

@@ -60,6 +60,7 @@ class MemberController extends Controller
         $members = Member::query()
             ->whereBelongsTo($organization, 'organization')
             ->with(['user'])
+            ->orderBy('created_at', 'desc')
             ->paginate(config('app.pagination_per_page_default'));
 
         return MemberCollection::make($members);

app/Http/Controllers/Api/V1/OrganizationController.php

@@ -46,6 +46,9 @@ class OrganizationController extends Controller
         if ($request->getEmployeesCanSeeBillableRates() !== null) {
             $organization->employees_can_see_billable_rates = $request->getEmployeesCanSeeBillableRates();
         }
+        if ($request->getEmployeesCanManageTasks() !== null) {
+            $organization->employees_can_manage_tasks = $request->getEmployeesCanManageTasks();
+        }
         if ($request->getNumberFormat() !== null) {
             $organization->number_format = $request->getNumberFormat();
         }
@@ -61,6 +64,9 @@ class OrganizationController extends Controller
         if ($request->getTimeFormat() !== null) {
             $organization->time_format = $request->getTimeFormat();
         }
+        if ($request->getPreventOverlappingTimeEntries() !== null) {
+            $organization->prevent_overlapping_time_entries = $request->getPreventOverlappingTimeEntries();
+        }
         $hasBillableRate = $request->has('billable_rate');
         if ($hasBillableRate) {
             $oldBillableRate = $organization->billable_rate;

app/Http/Controllers/Api/V1/ProjectController.php

@@ -60,7 +60,9 @@ class ProjectController extends Controller
             $projectsQuery->whereNull('archived_at');
         }
 
-        $projects = $projectsQuery->paginate(config('app.pagination_per_page_default'));
+        $projects = $projectsQuery
+            ->orderBy('created_at', 'desc')
+            ->paginate(config('app.pagination_per_page_default'));
 
         $showBillableRate = $this->member($organization)->role !== Role::Employee->value || $organization->employees_can_see_billable_rates;
 
@@ -76,7 +78,7 @@ class ProjectController extends Controller
      */
     public function show(Organization $organization, Project $project): JsonResource
     {
-        $this->checkPermission($organization, 'projects:view', $project);
+        $this->checkPermission($organization, 'projects:view:all', $project);
 
         // Note: There is currently no need to check if a user is a member of the project,
         // since this is only relevant for users with the role "employee" and they can not access this endpoint.

app/Http/Controllers/Api/V1/ProjectMemberController.php

@@ -6,6 +6,7 @@ namespace App\Http\Controllers\Api\V1;
 
 use App\Exceptions\Api\InactiveUserCanNotBeUsedApiException;
 use App\Exceptions\Api\UserIsAlreadyMemberOfProjectApiException;
+use App\Http\Requests\V1\ProjectMember\ProjectMemberIndexRequest;
 use App\Http\Requests\V1\ProjectMember\ProjectMemberStoreRequest;
 use App\Http\Requests\V1\ProjectMember\ProjectMemberUpdateRequest;
 use App\Http\Resources\V1\ProjectMember\ProjectMemberCollection;
@@ -41,12 +42,13 @@ class ProjectMemberController extends Controller
      *
      * @operationId getProjectMembers
      */
-    public function index(Organization $organization, Project $project): ProjectMemberCollection
+    public function index(Organization $organization, Project $project, ProjectMemberIndexRequest $request): ProjectMemberCollection
     {
         $this->checkPermission($organization, 'project-members:view', $project);
 
         $projectMembers = ProjectMember::query()
             ->whereBelongsTo($project, 'project')
+            ->orderBy('created_at', 'desc')
             ->paginate(config('app.pagination_per_page_default'));
 
         return new ProjectMemberCollection($projectMembers);

app/Http/Controllers/Api/V1/ReportController.php

@@ -5,6 +5,7 @@ declare(strict_types=1);
 namespace App\Http\Controllers\Api\V1;
 
 use App\Enums\Weekday;
+use App\Http\Requests\V1\Report\ReportIndexRequest;
 use App\Http\Requests\V1\Report\ReportStoreRequest;
 use App\Http\Requests\V1\Report\ReportUpdateRequest;
 use App\Http\Resources\V1\Report\DetailedReportResource;
@@ -40,7 +41,7 @@ class ReportController extends Controller
      *
      * @operationId getReports
      */
-    public function index(Organization $organization): ReportCollection
+    public function index(Organization $organization, ReportIndexRequest $request): ReportCollection
     {
         $this->checkPermission($organization, 'reports:view');
 
@@ -150,6 +151,9 @@ class ReportController extends Controller
                 $report->share_secret = null;
                 $report->public_until = null;
             }
+        } elseif ($report->is_public && $request->has('public_until')) {
+            // Allow updating expiration date on already-public reports
+            $report->public_until = $request->getPublicUntil();
         }
         $report->save();
 

app/Http/Controllers/Api/V1/TagController.php

@@ -5,6 +5,7 @@ declare(strict_types=1);
 namespace App\Http\Controllers\Api\V1;
 
 use App\Exceptions\Api\EntityStillInUseApiException;
+use App\Http\Requests\V1\Tag\TagIndexRequest;
 use App\Http\Requests\V1\Tag\TagStoreRequest;
 use App\Http\Requests\V1\Tag\TagUpdateRequest;
 use App\Http\Resources\V1\Tag\TagCollection;
@@ -34,7 +35,7 @@ class TagController extends Controller
      *
      * @throws AuthorizationException
      */
-    public function index(Organization $organization): TagCollection
+    public function index(Organization $organization, TagIndexRequest $request): TagCollection
     {
         $this->checkPermission($organization, 'tags:view');
 

app/Http/Controllers/Api/V1/TaskController.php

@@ -11,6 +11,7 @@ use App\Http\Requests\V1\Task\TaskUpdateRequest;
 use App\Http\Resources\V1\Task\TaskCollection;
 use App\Http\Resources\V1\Task\TaskResource;
 use App\Models\Organization;
+use App\Models\Project;
 use App\Models\Task;
 use Illuminate\Auth\Access\AuthorizationException;
 use Illuminate\Http\JsonResponse;
@@ -27,6 +28,26 @@ class TaskController extends Controller
         }
     }
 
+    /**
+     * Check scoped permission and verify user has access to the project
+     *
+     * @throws AuthorizationException
+     */
+    private function checkScopedPermissionForProject(Organization $organization, Project $project, string $permission): void
+    {
+        $this->checkPermission($organization, $permission);
+
+        $user = $this->user();
+        $hasAccess = Project::query()
+            ->where('id', $project->id)
+            ->visibleByEmployee($user)
+            ->exists();
+
+        if (! $hasAccess) {
+            throw new AuthorizationException('You do not have permission to '.$permission.' in this project.');
+        }
+    }
+
     /**
      * Get tasks
      *
@@ -61,7 +82,9 @@ class TaskController extends Controller
             $query->whereNull('done_at');
         }
 
-        $tasks = $query->paginate(config('app.pagination_per_page_default'));
+        $tasks = $query
+            ->orderBy('created_at', 'desc')
+            ->paginate(config('app.pagination_per_page_default'));
 
         return new TaskCollection($tasks);
     }
@@ -75,7 +98,15 @@ class TaskController extends Controller
      */
     public function store(Organization $organization, TaskStoreRequest $request): JsonResource
     {
-        $this->checkPermission($organization, 'tasks:create');
+        /** @var Project $project */
+        $project = Project::query()->findOrFail($request->input('project_id'));
+
+        if ($this->hasPermission($organization, 'tasks:create:all')) {
+            $this->checkPermission($organization, 'tasks:create:all');
+        } else {
+            $this->checkScopedPermissionForProject($organization, $project, 'tasks:create');
+        }
+
         $task = new Task;
         $task->name = $request->input('name');
         $task->project_id = $request->input('project_id');
@@ -97,7 +128,17 @@ class TaskController extends Controller
      */
     public function update(Organization $organization, Task $task, TaskUpdateRequest $request): JsonResource
     {
-        $this->checkPermission($organization, 'tasks:update', $task);
+        // Check task belongs to organization
+        if ($task->organization_id !== $organization->id) {
+            throw new AuthorizationException('Task does not belong to organization');
+        }
+
+        if ($this->hasPermission($organization, 'tasks:update:all')) {
+            $this->checkPermission($organization, 'tasks:update:all');
+        } else {
+            $this->checkScopedPermissionForProject($organization, $task->project, 'tasks:update');
+        }
+
         $task->name = $request->input('name');
         if ($this->canAccessPremiumFeatures($organization) && $request->has('estimated_time')) {
             $task->estimated_time = $request->getEstimatedTime();
@@ -119,7 +160,16 @@ class TaskController extends Controller
      */
     public function destroy(Organization $organization, Task $task): JsonResponse
     {
-        $this->checkPermission($organization, 'tasks:delete', $task);
+        // Check task belongs to organization
+        if ($task->organization_id !== $organization->id) {
+            throw new AuthorizationException('Task does not belong to organization');
+        }
+
+        if ($this->hasPermission($organization, 'tasks:delete:all')) {
+            $this->checkPermission($organization, 'tasks:delete:all');
+        } else {
+            $this->checkScopedPermissionForProject($organization, $task->project, 'tasks:delete');
+        }
 
         if ($task->timeEntries()->exists()) {
             throw new EntityStillInUseApiException('task', 'time_entry');

app/Http/Controllers/Api/V1/TimeEntryController.php

@@ -7,6 +7,7 @@ namespace App\Http\Controllers\Api\V1;
 use App\Enums\ExportFormat;
 use App\Enums\Role;
 use App\Exceptions\Api\FeatureIsNotAvailableInFreePlanApiException;
+use App\Exceptions\Api\OverlappingTimeEntryApiException;
 use App\Exceptions\Api\PdfRendererIsNotConfiguredException;
 use App\Exceptions\Api\TimeEntryCanNotBeRestartedApiException;
 use App\Exceptions\Api\TimeEntryStillRunningApiException;
@@ -45,17 +46,56 @@ use Illuminate\Database\Eloquent\Builder;
 use Illuminate\Http\File;
 use Illuminate\Http\JsonResponse;
 use Illuminate\Http\Resources\Json\JsonResource;
+use Illuminate\Support\Carbon;
 use Illuminate\Support\Collection;
 use Illuminate\Support\Facades\Auth;
 use Illuminate\Support\Facades\Blade;
 use Illuminate\Support\Facades\DB;
 use Illuminate\Support\Facades\Log;
 use Illuminate\Support\Facades\Storage;
+use Illuminate\Support\Str;
 use Maatwebsite\Excel\Facades\Excel;
 use Spatie\TemporaryDirectory\TemporaryDirectory;
 
 class TimeEntryController extends Controller
 {
+    private function assertNoOverlap(Organization $organization, Member $member, \Illuminate\Support\Carbon $start, ?\Illuminate\Support\Carbon $end, ?TimeEntry $exclude = null): void
+    {
+        if (! $organization->prevent_overlapping_time_entries) {
+            return;
+        }
+
+        $query = TimeEntry::query()
+            ->where('organization_id', $organization->getKey())
+            ->where('user_id', $member->user_id)
+            ->when($exclude !== null, function (Builder $q) use ($exclude): void {
+                $q->where('id', '!=', $exclude->getKey());
+            })
+            ->where(function (Builder $q) use ($start, $end): void {
+                $q->where(function (Builder $q2) use ($start): void {
+                    $q2->where('end', '>', $start)
+                        ->where('start', '<', $start);
+                });
+
+                if ($end !== null) {
+                    $q->orWhere(function (Builder $q4) use ($end): void {
+                        $q4->where('start', '<', $end)
+                            ->where('end', '>', $end);
+                    });
+                    // Check if the new entry completely surrounds an existing entry
+                    $q->orWhere(function (Builder $q6) use ($start, $end): void {
+                        $q6->where('start', '>=', $start)
+                            ->where('end', '<=', $end);
+                    });
+                }
+
+            });
+
+        if ($query->exists()) {
+            throw new OverlappingTimeEntryApiException;
+        }
+    }
+
     protected function checkPermission(Organization $organization, string $permission, ?TimeEntry $timeEntry = null): void
     {
         parent::checkPermission($organization, $permission);
@@ -86,7 +126,8 @@ class TimeEntryController extends Controller
             $this->checkPermission($organization, 'time-entries:view:all');
         }
 
-        $timeEntriesQuery = $this->getTimeEntriesQuery($organization, $request, $member);
+        $canAccessPremiumFeatures = $this->canAccessPremiumFeatures($organization);
+        $timeEntriesQuery = $this->getTimeEntriesQuery($organization, $request, $member, $canAccessPremiumFeatures);
 
         $totalCount = $timeEntriesQuery->count();
 
@@ -140,13 +181,15 @@ class TimeEntryController extends Controller
     /**
      * @return Builder<TimeEntry>
      */
-    private function getTimeEntriesQuery(Organization $organization, TimeEntryIndexRequest|TimeEntryIndexExportRequest $request, ?Member $member): Builder
+    private function getTimeEntriesQuery(Organization $organization, TimeEntryIndexRequest|TimeEntryIndexExportRequest $request, ?Member $member, bool $canAccessPremiumFeatures): Builder
     {
         $select = TimeEntry::SELECT_COLUMNS;
-        if ($request->getRoundingType() !== null && $request->getRoundingMinutes() !== null) {
+        $roundingType = $canAccessPremiumFeatures ? $request->getRoundingType() : null;
+        $roundingMinutes = $canAccessPremiumFeatures ? $request->getRoundingMinutes() : null;
+        if ($roundingType !== null && $roundingMinutes !== null) {
             $select = array_diff($select, ['start', 'end']);
-            $select[] = DB::raw(app(TimeEntryService::class)->getStartSelectRawForRounding($request->getRoundingType(), $request->getRoundingMinutes()).' as start');
-            $select[] = DB::raw(app(TimeEntryService::class)->getEndSelectRawForRounding($request->getRoundingType(), $request->getRoundingMinutes()).' as end');
+            $select[] = DB::raw(app(TimeEntryService::class)->getStartSelectRawForRounding($roundingType, $roundingMinutes).' as start');
+            $select[] = DB::raw(app(TimeEntryService::class)->getEndSelectRawForRounding($roundingType, $roundingMinutes).' as end');
         }
         $timeEntriesQuery = TimeEntry::query()
             ->whereBelongsTo($organization, 'organization')
@@ -184,18 +227,19 @@ class TimeEntryController extends Controller
         } else {
             $this->checkPermission($organization, 'time-entries:view:all');
         }
+        $canAccessPremiumFeatures = $this->canAccessPremiumFeatures($organization);
         $debug = $request->getDebug();
         $format = $request->getFormatValue();
-        if ($format === ExportFormat::PDF && ! $this->canAccessPremiumFeatures($organization)) {
+        if ($format === ExportFormat::PDF && ! $canAccessPremiumFeatures) {
             throw new FeatureIsNotAvailableInFreePlanApiException;
         }
         $user = $this->user();
         $timezone = $user->timezone;
         $showBillableRate = $this->member($organization)->role !== Role::Employee->value || $organization->employees_can_see_billable_rates;
-        $roundingType = $request->getRoundingType();
-        $roundingMinutes = $request->getRoundingMinutes();
+        $roundingType = $canAccessPremiumFeatures ? $request->getRoundingType() : null;
+        $roundingMinutes = $canAccessPremiumFeatures ? $request->getRoundingMinutes() : null;
 
-        $timeEntriesQuery = $this->getTimeEntriesQuery($organization, $request, $member);
+        $timeEntriesQuery = $this->getTimeEntriesQuery($organization, $request, $member, $canAccessPremiumFeatures);
         $timeEntriesQuery->with([
             'task',
             'client',
@@ -203,7 +247,7 @@ class TimeEntryController extends Controller
             'user',
             'tagsRelation',
         ]);
-        $filename = 'time-entries-export-'.now()->format('Y-m-d_H-i-s').'.'.$format->getFileExtension();
+        $filename = 'time-entries-export-'.now()->format('Y-m-d_H-i-s').'-'.Str::uuid().'.'.$format->getFileExtension();
         $folderPath = 'exports';
         $path = $folderPath.'/'.$filename;
         $localizationService = LocalizationService::forOrganization($organization);
@@ -332,14 +376,15 @@ class TimeEntryController extends Controller
         } else {
             $this->checkPermission($organization, 'time-entries:view:all');
         }
+        $canAccessPremiumFeatures = $this->canAccessPremiumFeatures($organization);
         $user = $this->user();
         $showBillableRate = $this->member($organization)->role !== Role::Employee->value || $organization->employees_can_see_billable_rates;
 
         $group1Type = $request->getGroup();
         $group2Type = $request->getSubGroup();
         $timeEntriesAggregateQuery = $this->getTimeEntriesAggregateQuery($organization, $request, $member);
-        $roundingType = $request->getRoundingType();
-        $roundingMinutes = $request->getRoundingMinutes();
+        $roundingType = $canAccessPremiumFeatures ? $request->getRoundingType() : null;
+        $roundingMinutes = $canAccessPremiumFeatures ? $request->getRoundingMinutes() : null;
 
         $aggregatedData = $timeEntryAggregationService->getAggregatedTimeEntries(
             $timeEntriesAggregateQuery,
@@ -380,6 +425,7 @@ class TimeEntryController extends Controller
         } else {
             $this->checkPermission($organization, 'time-entries:view:all');
         }
+        $canAccessPremiumFeatures = $this->canAccessPremiumFeatures($organization);
         $format = $request->getFormatValue();
         if ($format === ExportFormat::PDF && ! $this->canAccessPremiumFeatures($organization)) {
             throw new FeatureIsNotAvailableInFreePlanApiException;
@@ -391,8 +437,8 @@ class TimeEntryController extends Controller
         $group = $request->getGroup();
         $subGroup = $request->getSubGroup();
         $timeEntriesAggregateQuery = $this->getTimeEntriesAggregateQuery($organization, $request, $member);
-        $roundingType = $request->getRoundingType();
-        $roundingMinutes = $request->getRoundingMinutes();
+        $roundingType = $canAccessPremiumFeatures ? $request->getRoundingType() : null;
+        $roundingMinutes = $canAccessPremiumFeatures ? $request->getRoundingMinutes() : null;
 
         $aggregatedData = $timeEntryAggregationService->getAggregatedTimeEntriesWithDescriptions(
             $timeEntriesAggregateQuery->clone(),
@@ -424,7 +470,7 @@ class TimeEntryController extends Controller
         $timezone = app(TimezoneService::class)->getTimezoneFromUser($this->user());
         $localizationService = LocalizationService::forOrganization($organization);
 
-        $filename = 'time-entries-report-'.now()->format('Y-m-d_H-i-s').'.'.$format->getFileExtension();
+        $filename = 'time-entries-report-'.now()->format('Y-m-d_H-i-s').'-'.Str::uuid().'.'.$format->getFileExtension();
         $folderPath = 'exports';
         $path = $folderPath.'/'.$filename;
 
@@ -543,17 +589,15 @@ class TimeEntryController extends Controller
             throw new TimeEntryStillRunningApiException;
         }
 
+        // Overlap check for create
+        $start = Carbon::parse($request->input('start'));
+        $end = $request->input('end') !== null ? Carbon::parse($request->input('end')) : null;
+        $this->assertNoOverlap($organization, $member, $start, $end);
+
         $project = $request->input('project_id') !== null ? Project::findOrFail((string) $request->input('project_id')) : null;
         $client = $project?->client;
         $task = $request->input('task_id') !== null ? $project->tasks()->findOrFail((string) $request->input('task_id')) : null;
 
-        if ($project !== null) {
-            RecalculateSpentTimeForProject::dispatch($project);
-        }
-        if ($task !== null) {
-            RecalculateSpentTimeForTask::dispatch($task);
-        }
-
         $timeEntry = new TimeEntry;
         $timeEntry->fill($request->validated());
         $timeEntry->client()->associate($client);
@@ -563,6 +607,13 @@ class TimeEntryController extends Controller
         $timeEntry->setComputedAttributeValue('billable_rate');
         $timeEntry->save();
 
+        if ($project !== null) {
+            RecalculateSpentTimeForProject::dispatch($project);
+        }
+        if ($task !== null) {
+            RecalculateSpentTimeForTask::dispatch($task);
+        }
+
         return new TimeEntryResource($timeEntry);
     }
 
@@ -578,15 +629,22 @@ class TimeEntryController extends Controller
         /** @var Member|null $member */
         $member = $request->has('member_id') ? Member::query()->findOrFail($request->input('member_id')) : null;
         if ($timeEntry->member->user_id === Auth::id() && ($member === null || $member->user_id === Auth::id())) {
-            $this->checkPermission($organization, 'time-entries:update:own');
+            $this->checkPermission($organization, 'time-entries:update:own', $timeEntry);
         } else {
-            $this->checkPermission($organization, 'time-entries:update:all');
+            $this->checkPermission($organization, 'time-entries:update:all', $timeEntry);
         }
 
         if ($timeEntry->end !== null && $request->has('end') && $request->input('end') === null) {
             throw new TimeEntryCanNotBeRestartedApiException;
         }
 
+        // Overlap check for update (exclude current)
+        /** @var Member $effectiveMember */
+        $effectiveMember = $request->has('member_id') ? Member::query()->findOrFail($request->input('member_id')) : $timeEntry->member;
+        $effectiveStart = $request->has('start') ? Carbon::parse($request->input('start')) : $timeEntry->start;
+        $effectiveEnd = $request->has('end') ? ($request->input('end') !== null ? Carbon::parse($request->input('end')) : null) : $timeEntry->end;
+        $this->assertNoOverlap($organization, $effectiveMember, $effectiveStart, $effectiveEnd, $timeEntry);
+
         $oldProject = $timeEntry->project;
         $oldTask = $timeEntry->task;
 

app/Http/Middleware/HandleInertiaRequests.php

@@ -41,6 +41,7 @@ class HandleInertiaRequests extends Middleware
     {
         $hasBilling = Module::has('Billing') && Module::isEnabled('Billing');
         $hasInvoicing = Module::has('Invoicing') && Module::isEnabled('Invoicing');
+        $hasServices = Module::has('Services') && Module::isEnabled('Services');
 
         /** @var BillingContract $billing */
         $billing = app(BillingContract::class);
@@ -50,6 +51,7 @@ class HandleInertiaRequests extends Middleware
         return array_merge(parent::share($request), [
             'has_billing_extension' => $hasBilling,
             'has_invoicing_extension' => $hasInvoicing,
+            'has_services_extension' => $hasServices,
             'billing' => $currentOrganization !== null ? [
                 'has_subscription' => $billing->hasSubscription($currentOrganization),
                 'has_trial' => $billing->hasTrial($currentOrganization),

app/Http/Requests/V1/Invitation/InvitationIndexRequest.php

@@ -21,6 +21,11 @@ class InvitationIndexRequest extends BaseFormRequest
     public function rules(): array
     {
         return [
+            'page' => [
+                'integer',
+                'min:1',
+                'max:2147483647',
+            ],
         ];
     }
 }

app/Http/Requests/V1/Member/MemberIndexRequest.php

@@ -21,6 +21,11 @@ class MemberIndexRequest extends BaseFormRequest
     public function rules(): array
     {
         return [
+            'page' => [
+                'integer',
+                'min:1',
+                'max:2147483647',
+            ],
         ];
     }
 }

app/Http/Requests/V1/Organization/OrganizationUpdateRequest.php

@@ -39,6 +39,12 @@ class OrganizationUpdateRequest extends BaseFormRequest
             'employees_can_see_billable_rates' => [
                 'boolean',
             ],
+            'employees_can_manage_tasks' => [
+                'boolean',
+            ],
+            'prevent_overlapping_time_entries' => [
+                'boolean',
+            ],
             'number_format' => [
                 Rule::enum(NumberFormat::class),
             ],
@@ -98,4 +104,14 @@ class OrganizationUpdateRequest extends BaseFormRequest
     {
         return $this->has('employees_can_see_billable_rates') ? $this->boolean('employees_can_see_billable_rates') : null;
     }
+
+    public function getEmployeesCanManageTasks(): ?bool
+    {
+        return $this->has('employees_can_manage_tasks') ? $this->boolean('employees_can_manage_tasks') : null;
+    }
+
+    public function getPreventOverlappingTimeEntries(): ?bool
+    {
+        return $this->has('prevent_overlapping_time_entries') ? $this->boolean('prevent_overlapping_time_entries') : null;
+    }
 }

app/Http/Requests/V1/ProjectMember/ProjectMemberIndexRequest.php

@@ -0,0 +1,27 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Http\Requests\V1\ProjectMember;
+
+use App\Http\Requests\V1\BaseFormRequest;
+use Illuminate\Contracts\Validation\ValidationRule;
+
+class ProjectMemberIndexRequest extends BaseFormRequest
+{
+    /**
+     * Get the validation rules that apply to the request.
+     *
+     * @return array<string, array<string|ValidationRule>>
+     */
+    public function rules(): array
+    {
+        return [
+            'page' => [
+                'integer',
+                'min:1',
+                'max:2147483647',
+            ],
+        ];
+    }
+}

app/Http/Requests/V1/Report/ReportIndexRequest.php

@@ -0,0 +1,27 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Http\Requests\V1\Report;
+
+use App\Http\Requests\V1\BaseFormRequest;
+use Illuminate\Contracts\Validation\ValidationRule;
+
+class ReportIndexRequest extends BaseFormRequest
+{
+    /**
+     * Get the validation rules that apply to the request.
+     *
+     * @return array<string, array<string|ValidationRule>>
+     */
+    public function rules(): array
+    {
+        return [
+            'page' => [
+                'integer',
+                'min:1',
+                'max:2147483647',
+            ],
+        ];
+    }
+}

app/Http/Requests/V1/Report/ReportStoreRequest.php

@@ -10,9 +10,11 @@ use App\Enums\TimeEntryRoundingType;
 use App\Enums\Weekday;
 use App\Http\Requests\V1\BaseFormRequest;
 use App\Models\Organization;
+use App\Service\TimeEntryFilter;
 use Illuminate\Contracts\Validation\Rule as LegacyValidationRule;
 use Illuminate\Contracts\Validation\ValidationRule;
 use Illuminate\Support\Carbon;
+use Illuminate\Support\Str;
 use Illuminate\Validation\Rule;
 
 /**
@@ -23,7 +25,7 @@ class ReportStoreRequest extends BaseFormRequest
     /**
      * Get the validation rules that apply to the request.
      *
-     * @return array<string, array<string|ValidationRule|LegacyValidationRule>>
+     * @return array<string, array<string|ValidationRule|LegacyValidationRule|\Closure>>
      */
     public function rules(): array
     {
@@ -81,7 +83,14 @@ class ReportStoreRequest extends BaseFormRequest
             ],
             'properties.client_ids.*' => [
                 'string',
-                'uuid',
+                function (string $attribute, mixed $value, \Closure $fail): void {
+                    if ($value === TimeEntryFilter::NONE_VALUE) {
+                        return;
+                    }
+                    if (! Str::isUuid($value)) {
+                        $fail('The '.$attribute.' must be a valid UUID.');
+                    }
+                },
             ],
             // Filter by project IDs, project IDs are OR combined
             'properties.project_ids' => [
@@ -90,7 +99,14 @@ class ReportStoreRequest extends BaseFormRequest
             ],
             'properties.project_ids.*' => [
                 'string',
-                'uuid',
+                function (string $attribute, mixed $value, \Closure $fail): void {
+                    if ($value === TimeEntryFilter::NONE_VALUE) {
+                        return;
+                    }
+                    if (! Str::isUuid($value)) {
+                        $fail('The '.$attribute.' must be a valid UUID.');
+                    }
+                },
             ],
             // Filter by tag IDs, tag IDs are OR combined
             'properties.tag_ids' => [
@@ -99,7 +115,14 @@ class ReportStoreRequest extends BaseFormRequest
             ],
             'properties.tag_ids.*' => [
                 'string',
-                'uuid',
+                function (string $attribute, mixed $value, \Closure $fail): void {
+                    if ($value === TimeEntryFilter::NONE_VALUE) {
+                        return;
+                    }
+                    if (! Str::isUuid($value)) {
+                        $fail('The '.$attribute.' must be a valid UUID.');
+                    }
+                },
             ],
             'properties.task_ids' => [
                 'nullable',
@@ -107,7 +130,14 @@ class ReportStoreRequest extends BaseFormRequest
             ],
             'properties.task_ids.*' => [
                 'string',
-                'uuid',
+                function (string $attribute, mixed $value, \Closure $fail): void {
+                    if ($value === TimeEntryFilter::NONE_VALUE) {
+                        return;
+                    }
+                    if (! Str::isUuid($value)) {
+                        $fail('The '.$attribute.' must be a valid UUID.');
+                    }
+                },
             ],
             'properties.group' => [
                 'required',

app/Http/Requests/V1/Tag/TagIndexRequest.php

@@ -0,0 +1,27 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Http\Requests\V1\Tag;
+
+use App\Http\Requests\V1\BaseFormRequest;
+use Illuminate\Contracts\Validation\ValidationRule;
+
+class TagIndexRequest extends BaseFormRequest
+{
+    /**
+     * Get the validation rules that apply to the request.
+     *
+     * @return array<string, array<string|ValidationRule>>
+     */
+    public function rules(): array
+    {
+        return [
+            'page' => [
+                'integer',
+                'min:1',
+                'max:2147483647',
+            ],
+        ];
+    }
+}

app/Http/Requests/V1/Task/TaskIndexRequest.php

@@ -26,6 +26,11 @@ class TaskIndexRequest extends BaseFormRequest
     public function rules(): array
     {
         return [
+            'page' => [
+                'integer',
+                'min:1',
+                'max:2147483647',
+            ],
             'project_id' => [
                 ExistsEloquent::make(Project::class, null, function (Builder $builder): Builder {
                     /** @var Builder<Project> $builder */

app/Http/Requests/V1/TimeEntry/TimeEntryAggregateExportRequest.php

@@ -16,6 +16,7 @@ use App\Models\Project;
 use App\Models\Tag;
 use App\Models\Task;
 use App\Models\User;
+use App\Service\TimeEntryFilter;
 use Illuminate\Contracts\Validation\ValidationRule;
 use Illuminate\Database\Eloquent\Builder;
 use Illuminate\Support\Carbon;
@@ -30,7 +31,7 @@ class TimeEntryAggregateExportRequest extends BaseFormRequest
     /**
      * Get the validation rules that apply to the request.
      *
-     * @return array<string, array<string|ValidationRule|\Illuminate\Contracts\Validation\Rule>>
+     * @return array<string, array<string|ValidationRule|\Illuminate\Contracts\Validation\Rule|\Closure>>
      */
     public function rules(): array
     {
@@ -94,10 +95,15 @@ class TimeEntryAggregateExportRequest extends BaseFormRequest
             ],
             'project_ids.*' => [
                 'string',
-                ExistsEloquent::make(Project::class, null, function (Builder $builder): Builder {
-                    /** @var Builder<Project> $builder */
-                    return $builder->whereBelongsTo($this->organization, 'organization');
-                })->uuid(),
+                function (string $attribute, mixed $value, \Closure $fail): void {
+                    if ($value === TimeEntryFilter::NONE_VALUE) {
+                        return;
+                    }
+                    ExistsEloquent::make(Project::class, null, function (Builder $builder): Builder {
+                        /** @var Builder<Project> $builder */
+                        return $builder->whereBelongsTo($this->organization, 'organization');
+                    })->uuid()->validate($attribute, $value, $fail);
+                },
             ],
             // Filter by client IDs, client IDs are OR combined
             'client_ids' => [
@@ -106,10 +112,15 @@ class TimeEntryAggregateExportRequest extends BaseFormRequest
             ],
             'client_ids.*' => [
                 'string',
-                ExistsEloquent::make(Client::class, null, function (Builder $builder): Builder {
-                    /** @var Builder<Client> $builder */
-                    return $builder->whereBelongsTo($this->organization, 'organization');
-                })->uuid(),
+                function (string $attribute, mixed $value, \Closure $fail): void {
+                    if ($value === TimeEntryFilter::NONE_VALUE) {
+                        return;
+                    }
+                    ExistsEloquent::make(Client::class, null, function (Builder $builder): Builder {
+                        /** @var Builder<Client> $builder */
+                        return $builder->whereBelongsTo($this->organization, 'organization');
+                    })->uuid()->validate($attribute, $value, $fail);
+                },
             ],
             // Filter by tag IDs, tag IDs are OR combined
             'tag_ids' => [
@@ -118,10 +129,15 @@ class TimeEntryAggregateExportRequest extends BaseFormRequest
             ],
             'tag_ids.*' => [
                 'string',
-                ExistsEloquent::make(Tag::class, null, function (Builder $builder): Builder {
-                    /** @var Builder<Tag> $builder */
-                    return $builder->whereBelongsTo($this->organization, 'organization');
-                })->uuid(),
+                function (string $attribute, mixed $value, \Closure $fail): void {
+                    if ($value === TimeEntryFilter::NONE_VALUE) {
+                        return;
+                    }
+                    ExistsEloquent::make(Tag::class, null, function (Builder $builder): Builder {
+                        /** @var Builder<Tag> $builder */
+                        return $builder->whereBelongsTo($this->organization, 'organization');
+                    })->uuid()->validate($attribute, $value, $fail);
+                },
             ],
             // Filter by task IDs, task IDs are OR combined
             'task_ids' => [
@@ -130,9 +146,14 @@ class TimeEntryAggregateExportRequest extends BaseFormRequest
             ],
             'task_ids.*' => [
                 'string',
-                ExistsEloquent::make(Task::class, null, function (Builder $builder): Builder {
-                    return $builder->whereBelongsTo($this->organization, 'organization');
-                })->uuid(),
+                function (string $attribute, mixed $value, \Closure $fail): void {
+                    if ($value === TimeEntryFilter::NONE_VALUE) {
+                        return;
+                    }
+                    ExistsEloquent::make(Task::class, null, function (Builder $builder): Builder {
+                        return $builder->whereBelongsTo($this->organization, 'organization');
+                    })->uuid()->validate($attribute, $value, $fail);
+                },
             ],
             // Filter only time entries that have a start date after the given timestamp in UTC (example: 2021-01-01T00:00:00Z)
             'start' => [

app/Http/Requests/V1/TimeEntry/TimeEntryAggregateRequest.php

@@ -14,6 +14,7 @@ use App\Models\Project;
 use App\Models\Tag;
 use App\Models\Task;
 use App\Models\User;
+use App\Service\TimeEntryFilter;
 use Illuminate\Contracts\Validation\ValidationRule;
 use Illuminate\Database\Eloquent\Builder;
 use Illuminate\Support\Carbon;
@@ -28,7 +29,7 @@ class TimeEntryAggregateRequest extends BaseFormRequest
     /**
      * Get the validation rules that apply to the request.
      *
-     * @return array<string, array<string|ValidationRule|\Illuminate\Contracts\Validation\Rule>>
+     * @return array<string, array<string|ValidationRule|\Illuminate\Contracts\Validation\Rule|\Closure>>
      */
     public function rules(): array
     {
@@ -80,10 +81,15 @@ class TimeEntryAggregateRequest extends BaseFormRequest
             ],
             'project_ids.*' => [
                 'string',
-                ExistsEloquent::make(Project::class, null, function (Builder $builder): Builder {
-                    /** @var Builder<Project> $builder */
-                    return $builder->whereBelongsTo($this->organization, 'organization');
-                })->uuid(),
+                function (string $attribute, mixed $value, \Closure $fail): void {
+                    if ($value === TimeEntryFilter::NONE_VALUE) {
+                        return;
+                    }
+                    ExistsEloquent::make(Project::class, null, function (Builder $builder): Builder {
+                        /** @var Builder<Project> $builder */
+                        return $builder->whereBelongsTo($this->organization, 'organization');
+                    })->uuid()->validate($attribute, $value, $fail);
+                },
             ],
             // Filter by client IDs, client IDs are OR combined
             'client_ids' => [
@@ -92,10 +98,15 @@ class TimeEntryAggregateRequest extends BaseFormRequest
             ],
             'client_ids.*' => [
                 'string',
-                ExistsEloquent::make(Client::class, null, function (Builder $builder): Builder {
-                    /** @var Builder<Client> $builder */
-                    return $builder->whereBelongsTo($this->organization, 'organization');
-                })->uuid(),
+                function (string $attribute, mixed $value, \Closure $fail): void {
+                    if ($value === TimeEntryFilter::NONE_VALUE) {
+                        return;
+                    }
+                    ExistsEloquent::make(Client::class, null, function (Builder $builder): Builder {
+                        /** @var Builder<Client> $builder */
+                        return $builder->whereBelongsTo($this->organization, 'organization');
+                    })->uuid()->validate($attribute, $value, $fail);
+                },
             ],
             // Filter by tag IDs, tag IDs are OR combined
             'tag_ids' => [
@@ -104,10 +115,15 @@ class TimeEntryAggregateRequest extends BaseFormRequest
             ],
             'tag_ids.*' => [
                 'string',
-                ExistsEloquent::make(Tag::class, null, function (Builder $builder): Builder {
-                    /** @var Builder<Tag> $builder */
-                    return $builder->whereBelongsTo($this->organization, 'organization');
-                })->uuid(),
+                function (string $attribute, mixed $value, \Closure $fail): void {
+                    if ($value === TimeEntryFilter::NONE_VALUE) {
+                        return;
+                    }
+                    ExistsEloquent::make(Tag::class, null, function (Builder $builder): Builder {
+                        /** @var Builder<Tag> $builder */
+                        return $builder->whereBelongsTo($this->organization, 'organization');
+                    })->uuid()->validate($attribute, $value, $fail);
+                },
             ],
             // Filter by task IDs, task IDs are OR combined
             'task_ids' => [
@@ -116,9 +132,14 @@ class TimeEntryAggregateRequest extends BaseFormRequest
             ],
             'task_ids.*' => [
                 'string',
-                ExistsEloquent::make(Task::class, null, function (Builder $builder): Builder {
-                    return $builder->whereBelongsTo($this->organization, 'organization');
-                })->uuid(),
+                function (string $attribute, mixed $value, \Closure $fail): void {
+                    if ($value === TimeEntryFilter::NONE_VALUE) {
+                        return;
+                    }
+                    ExistsEloquent::make(Task::class, null, function (Builder $builder): Builder {
+                        return $builder->whereBelongsTo($this->organization, 'organization');
+                    })->uuid()->validate($attribute, $value, $fail);
+                },
             ],
             // Filter only time entries that have a start date after the given timestamp in UTC (example: 2021-01-01T00:00:00Z)
             'start' => [

app/Http/Requests/V1/TimeEntry/TimeEntryIndexExportRequest.php

@@ -6,11 +6,13 @@ namespace App\Http\Requests\V1\TimeEntry;
 
 use App\Enums\ExportFormat;
 use App\Enums\TimeEntryRoundingType;
+use App\Models\Client;
 use App\Models\Member;
 use App\Models\Organization;
 use App\Models\Project;
 use App\Models\Tag;
 use App\Models\Task;
+use App\Service\TimeEntryFilter;
 use Illuminate\Contracts\Validation\ValidationRule;
 use Illuminate\Database\Eloquent\Builder;
 use Illuminate\Support\Carbon;
@@ -25,7 +27,7 @@ class TimeEntryIndexExportRequest extends TimeEntryIndexRequest
     /**
      * Get the validation rules that apply to the request.
      *
-     * @return array<string, array<string|ValidationRule|\Illuminate\Contracts\Validation\Rule>>
+     * @return array<string, array<string|ValidationRule|\Illuminate\Contracts\Validation\Rule|\Closure>>
      */
     public function rules(): array
     {
@@ -57,6 +59,23 @@ class TimeEntryIndexExportRequest extends TimeEntryIndexRequest
                     return $builder->whereBelongsTo($this->organization, 'organization');
                 }),
             ],
+            // Filter by client IDs, client IDs are OR combined
+            'client_ids' => [
+                'array',
+                'min:1',
+            ],
+            'client_ids.*' => [
+                'string',
+                function (string $attribute, mixed $value, \Closure $fail): void {
+                    if ($value === TimeEntryFilter::NONE_VALUE) {
+                        return;
+                    }
+                    ExistsEloquent::make(Client::class, null, function (Builder $builder): Builder {
+                        /** @var Builder<Client> $builder */
+                        return $builder->whereBelongsTo($this->organization, 'organization');
+                    })->uuid()->validate($attribute, $value, $fail);
+                },
+            ],
             // Filter by project IDs, project IDs are OR combined
             'project_ids' => [
                 'array',
@@ -64,11 +83,15 @@ class TimeEntryIndexExportRequest extends TimeEntryIndexRequest
             ],
             'project_ids.*' => [
                 'string',
-                'uuid',
-                new ExistsEloquent(Project::class, null, function (Builder $builder): Builder {
-                    /** @var Builder<Project> $builder */
-                    return $builder->whereBelongsTo($this->organization, 'organization');
-                }),
+                function (string $attribute, mixed $value, \Closure $fail): void {
+                    if ($value === TimeEntryFilter::NONE_VALUE) {
+                        return;
+                    }
+                    ExistsEloquent::make(Project::class, null, function (Builder $builder): Builder {
+                        /** @var Builder<Project> $builder */
+                        return $builder->whereBelongsTo($this->organization, 'organization');
+                    })->uuid()->validate($attribute, $value, $fail);
+                },
             ],
             // Filter by tag IDs, tag IDs are OR combined
             'tag_ids' => [
@@ -77,11 +100,15 @@ class TimeEntryIndexExportRequest extends TimeEntryIndexRequest
             ],
             'tag_ids.*' => [
                 'string',
-                'uuid',
-                new ExistsEloquent(Tag::class, null, function (Builder $builder): Builder {
-                    /** @var Builder<Tag> $builder */
-                    return $builder->whereBelongsTo($this->organization, 'organization');
-                }),
+                function (string $attribute, mixed $value, \Closure $fail): void {
+                    if ($value === TimeEntryFilter::NONE_VALUE) {
+                        return;
+                    }
+                    ExistsEloquent::make(Tag::class, null, function (Builder $builder): Builder {
+                        /** @var Builder<Tag> $builder */
+                        return $builder->whereBelongsTo($this->organization, 'organization');
+                    })->uuid()->validate($attribute, $value, $fail);
+                },
             ],
             // Filter by task IDs, task IDs are OR combined
             'task_ids' => [
@@ -90,11 +117,15 @@ class TimeEntryIndexExportRequest extends TimeEntryIndexRequest
             ],
             'task_ids.*' => [
                 'string',
-                'uuid',
-                new ExistsEloquent(Task::class, null, function (Builder $builder): Builder {
-                    /** @var Builder<Task> $builder */
-                    return $builder->whereBelongsTo($this->organization, 'organization');
-                }),
+                function (string $attribute, mixed $value, \Closure $fail): void {
+                    if ($value === TimeEntryFilter::NONE_VALUE) {
+                        return;
+                    }
+                    ExistsEloquent::make(Task::class, null, function (Builder $builder): Builder {
+                        /** @var Builder<Task> $builder */
+                        return $builder->whereBelongsTo($this->organization, 'organization');
+                    })->uuid()->validate($attribute, $value, $fail);
+                },
             ],
             // Filter only time entries that have a start date after the given timestamp in UTC (example: 2021-01-01T00:00:00Z)
             'start' => [

app/Http/Requests/V1/TimeEntry/TimeEntryIndexRequest.php

@@ -12,6 +12,7 @@ use App\Models\Organization;
 use App\Models\Project;
 use App\Models\Tag;
 use App\Models\Task;
+use App\Service\TimeEntryFilter;
 use Illuminate\Contracts\Validation\Rule as RuleContract;
 use Illuminate\Contracts\Validation\ValidationRule;
 use Illuminate\Database\Eloquent\Builder;
@@ -26,7 +27,7 @@ class TimeEntryIndexRequest extends BaseFormRequest
     /**
      * Get the validation rules that apply to the request.
      *
-     * @return array<string, array<string|ValidationRule|RuleContract>>
+     * @return array<string, array<string|ValidationRule|RuleContract|\Closure>>
      */
     public function rules(): array
     {
@@ -58,10 +59,15 @@ class TimeEntryIndexRequest extends BaseFormRequest
             ],
             'client_ids.*' => [
                 'string',
-                ExistsEloquent::make(Client::class, null, function (Builder $builder): Builder {
-                    /** @var Builder<Client> $builder */
-                    return $builder->whereBelongsTo($this->organization, 'organization');
-                })->uuid(),
+                function (string $attribute, mixed $value, \Closure $fail): void {
+                    if ($value === TimeEntryFilter::NONE_VALUE) {
+                        return;
+                    }
+                    ExistsEloquent::make(Client::class, null, function (Builder $builder): Builder {
+                        /** @var Builder<Client> $builder */
+                        return $builder->whereBelongsTo($this->organization, 'organization');
+                    })->uuid()->validate($attribute, $value, $fail);
+                },
             ],
             // Filter by project IDs, project IDs are OR combined
             'project_ids' => [
@@ -70,10 +76,15 @@ class TimeEntryIndexRequest extends BaseFormRequest
             ],
             'project_ids.*' => [
                 'string',
-                ExistsEloquent::make(Project::class, null, function (Builder $builder): Builder {
-                    /** @var Builder<Project> $builder */
-                    return $builder->whereBelongsTo($this->organization, 'organization');
-                })->uuid(),
+                function (string $attribute, mixed $value, \Closure $fail): void {
+                    if ($value === TimeEntryFilter::NONE_VALUE) {
+                        return;
+                    }
+                    ExistsEloquent::make(Project::class, null, function (Builder $builder): Builder {
+                        /** @var Builder<Project> $builder */
+                        return $builder->whereBelongsTo($this->organization, 'organization');
+                    })->uuid()->validate($attribute, $value, $fail);
+                },
             ],
             // Filter by tag IDs, tag IDs are OR combined
             'tag_ids' => [
@@ -82,10 +93,15 @@ class TimeEntryIndexRequest extends BaseFormRequest
             ],
             'tag_ids.*' => [
                 'string',
-                ExistsEloquent::make(Tag::class, null, function (Builder $builder): Builder {
-                    /** @var Builder<Tag> $builder */
-                    return $builder->whereBelongsTo($this->organization, 'organization');
-                })->uuid(),
+                function (string $attribute, mixed $value, \Closure $fail): void {
+                    if ($value === TimeEntryFilter::NONE_VALUE) {
+                        return;
+                    }
+                    ExistsEloquent::make(Tag::class, null, function (Builder $builder): Builder {
+                        /** @var Builder<Tag> $builder */
+                        return $builder->whereBelongsTo($this->organization, 'organization');
+                    })->uuid()->validate($attribute, $value, $fail);
+                },
             ],
             // Filter by task IDs, task IDs are OR combined
             'task_ids' => [
@@ -94,10 +110,15 @@ class TimeEntryIndexRequest extends BaseFormRequest
             ],
             'task_ids.*' => [
                 'string',
-                ExistsEloquent::make(Task::class, null, function (Builder $builder): Builder {
-                    /** @var Builder<Task> $builder */
-                    return $builder->whereBelongsTo($this->organization, 'organization');
-                })->uuid(),
+                function (string $attribute, mixed $value, \Closure $fail): void {
+                    if ($value === TimeEntryFilter::NONE_VALUE) {
+                        return;
+                    }
+                    ExistsEloquent::make(Task::class, null, function (Builder $builder): Builder {
+                        /** @var Builder<Task> $builder */
+                        return $builder->whereBelongsTo($this->organization, 'organization');
+                    })->uuid()->validate($attribute, $value, $fail);
+                },
             ],
             // Filter only time entries that have a start date after the given timestamp in UTC (example: 2021-01-01T00:00:00Z)
             'start' => [

app/Http/Requests/V1/TimeEntry/TimeEntryStoreRequest.php

@@ -10,8 +10,10 @@ use App\Models\Organization;
 use App\Models\Project;
 use App\Models\Tag;
 use App\Models\Task;
+use App\Service\PermissionStore;
 use Illuminate\Contracts\Validation\ValidationRule;
 use Illuminate\Database\Eloquent\Builder;
+use Illuminate\Support\Facades\Auth;
 use Korridor\LaravelModelValidationRules\Rules\ExistsEloquent;
 
 /**
@@ -42,7 +44,16 @@ class TimeEntryStoreRequest extends BaseFormRequest
                 'required_with:task_id',
                 ExistsEloquent::make(Project::class, null, function (Builder $builder): Builder {
                     /** @var Builder<Project> $builder */
-                    return $builder->whereBelongsTo($this->organization, 'organization');
+                    $builder = $builder->whereBelongsTo($this->organization, 'organization');
+
+                    // If user doesn't have 'all' permission for time entries or projects, only allow access to public projects or projects they're a member of
+                    $permissionStore = app(PermissionStore::class);
+                    if (! $permissionStore->has($this->organization, 'time-entries:create:all')
+                        && ! $permissionStore->has($this->organization, 'projects:view:all')) {
+                        $builder = $builder->visibleByEmployee(Auth::user());
+                    }
+
+                    return $builder;
                 })->uuid(),
             ],
             // ID of the task that the time entry should belong to
@@ -79,7 +90,7 @@ class TimeEntryStoreRequest extends BaseFormRequest
             'description' => [
                 'nullable',
                 'string',
-                'max:500',
+                'max:5000',
             ],
             // List of tag IDs
             'tags' => [

app/Http/Requests/V1/TimeEntry/TimeEntryUpdateMultipleRequest.php

@@ -10,8 +10,10 @@ use App\Models\Organization;
 use App\Models\Project;
 use App\Models\Tag;
 use App\Models\Task;
+use App\Service\PermissionStore;
 use Illuminate\Contracts\Validation\ValidationRule;
 use Illuminate\Database\Eloquent\Builder;
+use Illuminate\Support\Facades\Auth;
 use Korridor\LaravelModelValidationRules\Rules\ExistsEloquent;
 
 /**
@@ -54,7 +56,16 @@ class TimeEntryUpdateMultipleRequest extends BaseFormRequest
                 'required_with:task_id',
                 ExistsEloquent::make(Project::class, null, function (Builder $builder): Builder {
                     /** @var Builder<Project> $builder */
-                    return $builder->whereBelongsTo($this->organization, 'organization');
+                    $builder = $builder->whereBelongsTo($this->organization, 'organization');
+
+                    // If user doesn't have 'all' permission for time entries or projects, only allow access to public projects or projects they're a member of
+                    $permissionStore = app(PermissionStore::class);
+                    if (! $permissionStore->has($this->organization, 'time-entries:update:all')
+                        && ! $permissionStore->has($this->organization, 'projects:view:all')) {
+                        $builder = $builder->visibleByEmployee(Auth::user());
+                    }
+
+                    return $builder;
                 })->uuid(),
             ],
             // ID of the task that the time entry should belong to
@@ -79,7 +90,7 @@ class TimeEntryUpdateMultipleRequest extends BaseFormRequest
             'changes.description' => [
                 'nullable',
                 'string',
-                'max:500',
+                'max:5000',
             ],
             // List of tag IDs
             'changes.tags' => [

app/Http/Requests/V1/TimeEntry/TimeEntryUpdateRequest.php

@@ -10,8 +10,10 @@ use App\Models\Organization;
 use App\Models\Project;
 use App\Models\Tag;
 use App\Models\Task;
+use App\Service\PermissionStore;
 use Illuminate\Contracts\Validation\ValidationRule;
 use Illuminate\Database\Eloquent\Builder;
+use Illuminate\Support\Facades\Auth;
 use Korridor\LaravelModelValidationRules\Rules\ExistsEloquent;
 
 /**
@@ -42,7 +44,16 @@ class TimeEntryUpdateRequest extends BaseFormRequest
                 'required_with:task_id',
                 ExistsEloquent::make(Project::class, null, function (Builder $builder): Builder {
                     /** @var Builder<Project> $builder */
-                    return $builder->whereBelongsTo($this->organization, 'organization');
+                    $builder = $builder->whereBelongsTo($this->organization, 'organization');
+
+                    // If user doesn't have 'all' permission for time entries or projects, only allow access to public projects or projects they're a member of
+                    $permissionStore = app(PermissionStore::class);
+                    if (! $permissionStore->has($this->organization, 'time-entries:update:all')
+                        && ! $permissionStore->has($this->organization, 'projects:view:all')) {
+                        $builder = $builder->visibleByEmployee(Auth::user());
+                    }
+
+                    return $builder;
                 })->uuid(),
             ],
             // ID of the task that the time entry should belong to
@@ -77,7 +88,7 @@ class TimeEntryUpdateRequest extends BaseFormRequest
             'description' => [
                 'nullable',
                 'string',
-                'max:500',
+                'max:5000',
             ],
             // List of tag IDs
             'tags' => [

app/Http/Resources/V1/Client/ClientCollection.php

@@ -4,9 +4,10 @@ declare(strict_types=1);
 
 namespace App\Http\Resources\V1\Client;
 
+use App\Http\Resources\PaginatedResourceCollection;
 use Illuminate\Http\Resources\Json\ResourceCollection;
 
-class ClientCollection extends ResourceCollection
+class ClientCollection extends ResourceCollection implements PaginatedResourceCollection
 {
     /**
      * The resource that this resource collects.

app/Http/Resources/V1/Organization/OrganizationResource.php

@@ -53,6 +53,10 @@ class OrganizationResource extends BaseResource
             'billable_rate' => $this->showBillableRate ? $this->resource->billable_rate : null,
             /** @var bool $employees_can_see_billable_rates Can members of the organization with role "employee" see the billable rates */
             'employees_can_see_billable_rates' => $this->resource->employees_can_see_billable_rates,
+            /** @var bool $employees_can_manage_tasks Can members of the organization with role "employee" manage tasks in public projects and projects they are assigned to */
+            'employees_can_manage_tasks' => $this->resource->employees_can_manage_tasks,
+            /** @var bool $prevent_overlapping_time_entries Prevent creating overlapping time entries (only new entries) */
+            'prevent_overlapping_time_entries' => $this->resource->prevent_overlapping_time_entries,
             /** @var string $currency Currency code (ISO 4217) */
             'currency' => $this->resource->currency,
             /** @var string $currency_symbol Currency symbol */

app/Http/Resources/V1/Tag/TagCollection.php

@@ -4,9 +4,10 @@ declare(strict_types=1);
 
 namespace App\Http\Resources\V1\Tag;
 
+use App\Http\Resources\PaginatedResourceCollection;
 use Illuminate\Http\Resources\Json\ResourceCollection;
 
-class TagCollection extends ResourceCollection
+class TagCollection extends ResourceCollection implements PaginatedResourceCollection
 {
     /**
      * The resource that this resource collects.

app/Models/Client.php

@@ -7,6 +7,7 @@ namespace App\Models;
 use App\Models\Concerns\CustomAuditable;
 use App\Models\Concerns\HasUuids;
 use Database\Factories\ClientFactory;
+use Illuminate\Database\Eloquent\Builder;
 use Illuminate\Database\Eloquent\Casts\Attribute;
 use Illuminate\Database\Eloquent\Factories\HasFactory;
 use Illuminate\Database\Eloquent\Model;
@@ -62,6 +63,18 @@ class Client extends Model implements AuditableContract
         return $this->hasMany(Project::class, 'client_id');
     }
 
+    /**
+     * @param  Builder<Client>  $builder
+     * @return Builder<Client>
+     */
+    public function scopeVisibleByEmployee(Builder $builder, User $user): Builder
+    {
+        return $builder->whereHas('projects', function (Builder $builder) use ($user): Builder {
+            /** @var Builder<Project> $builder */
+            return $builder->visibleByEmployee($user);
+        });
+    }
+
     /**
      * @return Attribute<bool, never>
      */

app/Models/Organization.php

@@ -35,6 +35,7 @@ use OwenIt\Auditing\Contracts\Auditable as AuditableContract;
  * @property int|null $billable_rate
  * @property string $user_id
  * @property bool $employees_can_see_billable_rates
+ * @property bool $employees_can_manage_tasks
  * @property User $owner
  * @property Carbon|null $created_at
  * @property Carbon|null $updated_at
@@ -70,6 +71,8 @@ class Organization extends JetstreamTeam implements AuditableContract
         'personal_team' => 'boolean',
         'currency' => 'string',
         'employees_can_see_billable_rates' => 'boolean',
+        'employees_can_manage_tasks' => 'boolean',
+        'prevent_overlapping_time_entries' => 'boolean',
         'number_format' => NumberFormat::class,
         'currency_format' => CurrencyFormat::class,
         'date_format' => DateFormat::class,

app/Policies/OrganizationPolicy.php

@@ -6,6 +6,7 @@ namespace App\Policies;
 
 use App\Models\Organization;
 use App\Models\User;
+use App\Service\PermissionStore;
 use Filament\Facades\Filament;
 use Illuminate\Auth\Access\HandlesAuthorization;
 
@@ -58,7 +59,7 @@ class OrganizationPolicy
             return true;
         }
 
-        return $user->ownsTeam($organization);
+        return app(PermissionStore::class)->userHas($organization, $user, 'organizations:update');
     }
 
     /**

app/Providers/JetstreamServiceProvider.php

@@ -94,8 +94,11 @@ class JetstreamServiceProvider extends ServiceProvider
             'tasks:view',
             'tasks:view:all',
             'tasks:create',
+            'tasks:create:all',
             'tasks:update',
+            'tasks:update:all',
             'tasks:delete',
+            'tasks:delete:all',
             'time-entries:view:all',
             'time-entries:create:all',
             'time-entries:update:all',
@@ -109,6 +112,7 @@ class JetstreamServiceProvider extends ServiceProvider
             'tags:update',
             'tags:delete',
             'clients:view',
+            'clients:view:all',
             'clients:create',
             'clients:update',
             'clients:delete',
@@ -157,8 +161,11 @@ class JetstreamServiceProvider extends ServiceProvider
             'tasks:view',
             'tasks:view:all',
             'tasks:create',
+            'tasks:create:all',
             'tasks:update',
+            'tasks:update:all',
             'tasks:delete',
+            'tasks:delete:all',
             'time-entries:view:all',
             'time-entries:create:all',
             'time-entries:update:all',
@@ -172,6 +179,7 @@ class JetstreamServiceProvider extends ServiceProvider
             'tags:update',
             'tags:delete',
             'clients:view',
+            'clients:view:all',
             'clients:create',
             'clients:update',
             'clients:delete',
@@ -217,8 +225,11 @@ class JetstreamServiceProvider extends ServiceProvider
             'tasks:view',
             'tasks:view:all',
             'tasks:create',
+            'tasks:create:all',
             'tasks:update',
+            'tasks:update:all',
             'tasks:delete',
+            'tasks:delete:all',
             'time-entries:view:all',
             'time-entries:create:all',
             'time-entries:update:all',
@@ -232,6 +243,7 @@ class JetstreamServiceProvider extends ServiceProvider
             'tags:update',
             'tags:delete',
             'clients:view',
+            'clients:view:all',
             'clients:create',
             'clients:update',
             'clients:delete',
@@ -256,12 +268,13 @@ class JetstreamServiceProvider extends ServiceProvider
             'projects:view',
             'tags:view',
             'tasks:view',
+            'clients:view',
             'time-entries:view:own',
             'time-entries:create:own',
             'time-entries:update:own',
             'time-entries:delete:own',
             'organizations:view',
-        ])->description('Employees have the ability to read, create, and update their own time entries and they can see the projects that they are members of.');
+        ])->description('Employees have the ability to read, create, and update their own time entries, they can see the projects that they are members of and the clients they are assigned to.');
 
         Jetstream::role(Role::Placeholder->value, 'Placeholder', [
         ])->description('Placeholders are used for importing data. They cannot log in and have no permissions.');
@@ -291,28 +304,8 @@ class JetstreamServiceProvider extends ServiceProvider
                             'owner' => [
                                 'id' => $owner->getKey(),
                                 'name' => $owner->name,
-                                'email' => $owner->email,
                                 'profile_photo_url' => $owner->profile_photo_url,
                             ],
-                            'users' => $teamModel->users->map(function (User $user): array {
-                                return [
-                                    'id' => $user->getKey(),
-                                    'name' => $user->name,
-                                    'email' => $user->email,
-                                    'profile_photo_url' => $user->profile_photo_url,
-                                    'membership' => [
-                                        'id' => $user->membership->id,
-                                        'role' => $user->membership->role,
-                                    ],
-                                ];
-                            }),
-                            'team_invitations' => $teamModel->teamInvitations->map(function (OrganizationInvitation $invitation): array {
-                                return [
-                                    'id' => $invitation->getKey(),
-                                    'email' => $invitation->email,
-                                    'role' => $invitation->role,
-                                ];
-                            }),
                         ],
                         'currencies' => array_map(function (Currency $currency): string {
                             return $currency->getName();

app/Service/DashboardService.php

@@ -266,7 +266,8 @@ class DashboardService
                ) as aggregate'))
             ->where('billable', '=', true)
             ->whereNotNull('billable_rate')
-            ->where('user_id', '=', $user->id);
+            ->where('user_id', '=', $user->getKey())
+            ->where('organization_id', '=', $organization->getKey());
 
         $query = $this->constrainDateByPossibleDates($query, $possibleDays, $timezone);
         /** @var Collection<int, object{aggregate: int}> $resultDb */

app/Service/Dto/ReportPropertiesDto.php

@@ -8,6 +8,7 @@ use App\Enums\TimeEntryAggregationType;
 use App\Enums\TimeEntryAggregationTypeInterval;
 use App\Enums\TimeEntryRoundingType;
 use App\Enums\Weekday;
+use App\Service\TimeEntryFilter;
 use Illuminate\Contracts\Database\Eloquent\Castable;
 use Illuminate\Contracts\Database\Eloquent\CastsAttributes;
 use Illuminate\Database\Eloquent\Model;
@@ -174,7 +175,7 @@ class ReportPropertiesDto implements Castable
             if (! is_string($id)) {
                 throw new \InvalidArgumentException('The given ID is not a string');
             }
-            if (! Str::isUuid($id)) {
+            if ($id !== TimeEntryFilter::NONE_VALUE && ! Str::isUuid($id)) {
                 throw new \InvalidArgumentException('The given ID is not a valid UUID');
             }
             $collection->push($id);

app/Service/Export/ExportService.php

@@ -167,7 +167,7 @@ class ExportService
                             $client->id,
                             $client->name,
                             $client->organization_id,
-                            $client->archived_at ?? '',
+                            $client->archived_at?->toIso8601ZuluString() ?? '',
                             $client->created_at?->toIso8601ZuluString() ?? '',
                             $client->updated_at?->toIso8601ZuluString() ?? '',
                         ]);

app/Service/Import/Importers/ClockifyTimeEntriesImporter.php

@@ -112,7 +112,7 @@ class ClockifyTimeEntriesImporter extends DefaultImporter
                 $timeEntry->project_id = $projectId;
                 $timeEntry->client_id = $clientId;
                 $timeEntry->organization_id = $this->organization->id;
-                if (strlen($record['Description']) > 500) {
+                if (strlen($record['Description']) > 5000) {
                     throw new ImportException('Time entry description is too long');
                 }
                 $timeEntry->description = $record['Description'];

app/Service/Import/Importers/HarvestTimeEntriesImporter.php

@@ -107,7 +107,7 @@ class HarvestTimeEntriesImporter extends DefaultImporter
                 $timeEntry->project_id = $projectId;
                 $timeEntry->client_id = $clientId;
                 $timeEntry->organization_id = $this->organization->id;
-                if (strlen($record['Notes']) > 500) {
+                if (strlen($record['Notes']) > 5000) {
                     throw new ImportException('Time entry note is too long');
                 }
                 $timeEntry->description = $record['Notes'];

app/Service/Import/Importers/SolidtimeImporter.php

@@ -247,7 +247,7 @@ class SolidtimeImporter extends DefaultImporter
                 $timeEntry->project_id = $projectId;
                 $timeEntry->client_id = $clientId;
                 $timeEntry->organization_id = $this->organization->id;
-                if (strlen($timeEntryRow['description']) > 500) {
+                if (strlen($timeEntryRow['description']) > 5000) {
                     throw new ImportException('Time entry description is too long');
                 }
                 $timeEntry->description = $timeEntryRow['description'];

app/Service/LocalizationService.php

@@ -96,6 +96,30 @@ class LocalizationService
         }
     }
 
+    /**
+     * Format a duration for reporting contexts (PDF reports, places that display duration
+     * directly next to cost). Promotes the verbose `Hh Mm` format to the compact `HH:MM:SS`
+     * so totals stay narrow and reconcile with cost, which is always computed to the second.
+     */
+    public function formatIntervalForReporting(CarbonInterval $interval): string
+    {
+        $promoted = [
+            IntervalFormat::HoursMinutes,
+            IntervalFormat::HoursMinutesColonSeparated,
+        ];
+        if (! in_array($this->intervalFormat, $promoted, true)) {
+            return $this->formatInterval($interval);
+        }
+
+        $previous = $this->intervalFormat;
+        $this->intervalFormat = IntervalFormat::HoursMinutesSecondsColonSeparated;
+        try {
+            return $this->formatInterval($interval);
+        } finally {
+            $this->intervalFormat = $previous;
+        }
+    }
+
     public function formatCurrency(Money $money): string
     {
         $currencyService = app(CurrencyService::class);

app/Service/MemberService.php

@@ -196,6 +196,7 @@ class MemberService
 
         $placeholderUser = $user->replicate();
         $placeholderUser->is_placeholder = true;
+        $placeholderUser->current_team_id = $member->organization_id;
         $placeholderUser->save();
 
         $member->user()->associate($placeholderUser);

app/Service/PermissionStore.php

@@ -71,7 +71,19 @@ class PermissionStore
         /** @var Role|null $roleObj */
         $roleObj = Jetstream::findRole($role);
 
-        return $roleObj->permissions ?? [];
+        $permissions = $roleObj->permissions ?? [];
+
+        // If the organization allows employees to manage tasks and the user is an employee,
+        // add the task management permissions for accessible projects
+        if ($role === \App\Enums\Role::Employee->value && $organization->employees_can_manage_tasks) {
+            $permissions = array_merge($permissions, [
+                'tasks:create',
+                'tasks:update',
+                'tasks:delete',
+            ]);
+        }
+
+        return $permissions;
     }
 
     /**

app/Service/TimeEntryAggregationService.php

@@ -10,6 +10,7 @@ use App\Enums\TimeEntryRoundingType;
 use App\Enums\Weekday;
 use App\Models\Client;
 use App\Models\Project;
+use App\Models\Tag;
 use App\Models\Task;
 use App\Models\TimeEntry;
 use App\Models\User;
@@ -17,6 +18,7 @@ use Carbon\CarbonTimeZone;
 use Illuminate\Database\Eloquent\Builder;
 use Illuminate\Support\Carbon;
 use Illuminate\Support\Collection;
+use Illuminate\Support\Facades\DB;
 use Illuminate\Support\Facades\Log;
 
 class TimeEntryAggregationService
@@ -45,9 +47,21 @@ class TimeEntryAggregationService
     public function getAggregatedTimeEntries(Builder $timeEntriesQuery, ?TimeEntryAggregationType $group1Type, ?TimeEntryAggregationType $group2Type, string $timezone, Weekday $startOfWeek, bool $fillGapsInTimeGroups, ?Carbon $start, ?Carbon $end, bool $showBillableRate, ?TimeEntryRoundingType $roundingType, ?int $roundingMinutes): array
     {
         $fillGapsInTimeGroupsIsPossible = $fillGapsInTimeGroups && $start !== null && $end !== null;
+        /** @var Builder<TimeEntry> $baseTotalsQuery */
+        $baseTotalsQuery = $timeEntriesQuery->clone();
         $group1Select = null;
         $group2Select = null;
         $groupBy = null;
+        // If any grouping is by tag, expand rows per tag and ensure a NULL row for entries without tags
+        if (($group1Type === TimeEntryAggregationType::Tag) || ($group2Type === TimeEntryAggregationType::Tag)) {
+            $timeEntriesQuery->crossJoin(DB::raw(
+                "LATERAL (\n".
+                "  SELECT jsonb_array_elements_text(coalesce(tags, '[]'::jsonb)) AS tag\n".
+                "  UNION ALL\n".
+                "  SELECT ''::text AS tag WHERE coalesce(jsonb_array_length(tags), 0) = 0\n".
+                ') AS tag(tag)'
+            ));
+        }
         if ($group1Type !== null) {
             $group1Select = $this->getGroupByQuery($group1Type, $timezone, $startOfWeek);
             $groupBy = ['group_1'];
@@ -84,6 +98,26 @@ class TimeEntryAggregationService
             $group1Response = [];
             $group1ResponseSum = 0;
             $group1ResponseCost = 0;
+            // If Tag is subgroup, prepare base totals per primary group without tag expansion
+            $baseTotalsPerGroup1Map = [];
+            if ($group2Type === TimeEntryAggregationType::Tag) {
+                $baseTotalsPerGroup1Query = $baseTotalsQuery->clone();
+                $baseTotalsPerGroup1 = $baseTotalsPerGroup1Query
+                    ->selectRaw(
+                        $group1Select.' as group_1,'.
+                        ' round(sum(extract(epoch from ('.$endRawSelect.' - '.$startRawSelect.')))) as aggregate,'.
+                        ' round(sum(extract(epoch from ('.$endRawSelect.' - '.$startRawSelect.')) * (coalesce(billable_rate, 0)::float/60/60))) as cost'
+                    )
+                    ->groupBy('group_1')
+                    ->get();
+                foreach ($baseTotalsPerGroup1 as $row) {
+                    /** @var object{group_1: mixed, aggregate: int|null, cost: int|null} $row */
+                    $baseTotalsPerGroup1Map[(string) ($row->group_1 ?? '')] = [
+                        'aggregate' => (int) ($row->aggregate ?? 0),
+                        'cost' => (int) ($row->cost ?? 0),
+                    ];
+                }
+            }
             foreach ($groupedAggregates as $group1 => $group1Aggregates) {
                 /** @var string|int $group1 */
                 $group2Response = [];
@@ -103,6 +137,14 @@ class TimeEntryAggregationService
                         $group2ResponseSum += (int) $aggregate->get(0)->aggregate;
                         $group2ResponseCost += (int) $aggregate->get(0)->cost;
                     }
+                    // Override primary group totals when Tag is subgroup to avoid double counting
+                    if ($group2Type === TimeEntryAggregationType::Tag) {
+                        $keyForMap = (string) $group1;
+                        if (array_key_exists($keyForMap, $baseTotalsPerGroup1Map)) {
+                            $group2ResponseSum = $baseTotalsPerGroup1Map[$keyForMap]['aggregate'];
+                            $group2ResponseCost = $baseTotalsPerGroup1Map[$keyForMap]['cost'];
+                        }
+                    }
                 } else {
                     /** @var Collection<int, object{aggregate: int, cost: int}> $group1Aggregates */
                     $group2ResponseSum = (int) $group1Aggregates->get(0)->aggregate;
@@ -121,6 +163,23 @@ class TimeEntryAggregationService
                 $group1ResponseCost += $group2ResponseCost;
             }
 
+            // If Tag is selected in any grouping, compute overall totals from base (non-tag-expanded) query to avoid double counting
+            $hasTagGrouping = ($group1Type === TimeEntryAggregationType::Tag) || ($group2Type === TimeEntryAggregationType::Tag);
+            if ($hasTagGrouping) {
+                // Reset selects and ordering on the cloned base query
+                $baseTotals = $baseTotalsQuery
+                    ->selectRaw(
+                        ' round(sum(extract(epoch from ('.$endRawSelect.' - '.$startRawSelect.')))) as aggregate,'.
+                        ' round(sum(extract(epoch from ('.$endRawSelect.' - '.$startRawSelect.')) * (coalesce(billable_rate, 0)::float/60/60))) as cost'
+                    )
+                    ->first();
+                if ($baseTotals !== null) {
+                    /** @var object{aggregate: int|null, cost: int|null} $baseTotals */
+                    $group1ResponseSum = (int) ($baseTotals->aggregate ?? 0);
+                    $group1ResponseCost = (int) ($baseTotals->cost ?? 0);
+                }
+            }
+
             if ($fillGapsInTimeGroupsIsPossible) {
                 $group1Response = $this->fillGapsInTimeGroups($group1Response, $group1Type, $group2Type, $timezone, $startOfWeek, $start, $end);
             }
@@ -294,6 +353,17 @@ class TimeEntryAggregationService
                     'color' => null,
                 ];
             }
+        } elseif ($type === TimeEntryAggregationType::Tag) {
+            $tags = Tag::query()
+                ->whereIn('id', $keys)
+                ->select('id', 'name')
+                ->get();
+            foreach ($tags as $tag) {
+                $descriptorMap[$tag->id] = [
+                    'description' => $tag->name,
+                    'color' => null,
+                ];
+            }
         }
 
         return $descriptorMap;
@@ -436,6 +506,8 @@ class TimeEntryAggregationService
             return 'billable';
         } elseif ($group === TimeEntryAggregationType::Description) {
             return 'description';
+        } elseif ($group === TimeEntryAggregationType::Tag) {
+            return 'tag';
         }
     }
 

app/Service/TimeEntryFilter.php

@@ -12,6 +12,8 @@ use Illuminate\Support\Facades\Log;
 
 class TimeEntryFilter
 {
+    public const string NONE_VALUE = 'none';
+
     /**
      * @var Builder<TimeEntry>
      */
@@ -60,7 +62,7 @@ class TimeEntryFilter
         if ($start === null) {
             return $this;
         }
-        $this->builder->where('start', '>', $start);
+        $this->builder->where('start', '>=', $start);
 
         return $this;
     }
@@ -149,7 +151,17 @@ class TimeEntryFilter
         if ($clientIds === null) {
             return $this;
         }
-        $this->builder->whereIn('client_id', $clientIds);
+        $includeNone = in_array(self::NONE_VALUE, $clientIds, true);
+        $clientIds = array_values(array_filter($clientIds, fn (string $id): bool => $id !== self::NONE_VALUE));
+
+        $this->builder->where(function (Builder $builder) use ($clientIds, $includeNone): void {
+            if (count($clientIds) > 0) {
+                $builder->whereIn('client_id', $clientIds);
+            }
+            if ($includeNone) {
+                $builder->orWhereNull('client_id');
+            }
+        });
 
         return $this;
     }
@@ -162,7 +174,17 @@ class TimeEntryFilter
         if ($projectIds === null) {
             return $this;
         }
-        $this->builder->whereIn('project_id', $projectIds);
+        $includeNone = in_array(self::NONE_VALUE, $projectIds, true);
+        $projectIds = array_values(array_filter($projectIds, fn (string $id): bool => $id !== self::NONE_VALUE));
+
+        $this->builder->where(function (Builder $builder) use ($projectIds, $includeNone): void {
+            if (count($projectIds) > 0) {
+                $builder->whereIn('project_id', $projectIds);
+            }
+            if ($includeNone) {
+                $builder->orWhereNull('project_id');
+            }
+        });
 
         return $this;
     }
@@ -175,10 +197,18 @@ class TimeEntryFilter
         if ($tagIds === null) {
             return $this;
         }
-        $this->builder->where(function (Builder $builder) use ($tagIds): void {
+        $includeNone = in_array(self::NONE_VALUE, $tagIds, true);
+        $tagIds = array_values(array_filter($tagIds, fn (string $id): bool => $id !== self::NONE_VALUE));
+
+        $this->builder->where(function (Builder $builder) use ($tagIds, $includeNone): void {
             foreach ($tagIds as $tagId) {
                 $builder->orWhereJsonContains('tags', $tagId);
             }
+            if ($includeNone) {
+                $builder->orWhere(function (Builder $query): void {
+                    $query->whereJsonLength('tags', 0)->orWhereNull('tags');
+                });
+            }
         });
 
         return $this;
@@ -192,7 +222,17 @@ class TimeEntryFilter
         if ($taskIds === null) {
             return $this;
         }
-        $this->builder->whereIn('task_id', $taskIds);
+        $includeNone = in_array(self::NONE_VALUE, $taskIds, true);
+        $taskIds = array_values(array_filter($taskIds, fn (string $id): bool => $id !== self::NONE_VALUE));
+
+        $this->builder->where(function (Builder $builder) use ($taskIds, $includeNone): void {
+            if (count($taskIds) > 0) {
+                $builder->whereIn('task_id', $taskIds);
+            }
+            if ($includeNone) {
+                $builder->orWhereNull('task_id');
+            }
+        });
 
         return $this;
     }

app/Service/TimeEntryService.php

@@ -31,12 +31,17 @@ class TimeEntryService
             throw new LogicException('Rounding minutes must be greater than 0');
         }
         $end = 'coalesce("end", \''.Carbon::now()->toDateTimeString().'\')';
+        $start = $this->getStartSelectRawForRounding($roundingType, $roundingMinutes);
         if ($roundingType === TimeEntryRoundingType::Down) {
-            return 'date_bin(\''.$roundingMinutes.' minutes\', '.$end.', '.$this->getStartSelectRawForRounding($roundingType, $roundingMinutes).')';
+            return 'date_bin(\''.$roundingMinutes.' minutes\', '.$end.', '.$start.')';
         } elseif ($roundingType === TimeEntryRoundingType::Up) {
-            return 'date_bin(\''.$roundingMinutes.' minutes\', '.$end.' + interval \''.$roundingMinutes.' minutes\', '.$this->getStartSelectRawForRounding($roundingType, $roundingMinutes).')';
+            // If end is already on a boundary, keep it; otherwise round up to next boundary
+            return 'CASE WHEN '.$end.' = date_bin(\''.$roundingMinutes.' minutes\', '.$end.', '.$start.') '.
+                   'THEN '.$end.' '.
+                   'ELSE date_bin(\''.$roundingMinutes.' minutes\', '.$end.' + interval \''.$roundingMinutes.' minutes\', '.$start.') '.
+                   'END';
         } elseif ($roundingType === TimeEntryRoundingType::Nearest) {
-            return 'date_bin(\''.$roundingMinutes.' minutes\', '.$end.' + interval \''.($roundingMinutes / 2).' minutes\', '.$this->getStartSelectRawForRounding($roundingType, $roundingMinutes).')';
+            return 'date_bin(\''.$roundingMinutes.' minutes\', '.$end.' + interval \''.($roundingMinutes / 2).' minutes\', '.$start.')';
         }
     }
 }

composer.json

@@ -118,7 +118,8 @@
     "extra": {
         "laravel": {
             "dont-discover": [
-                "laravel/telescope"
+                "laravel/telescope",
+                "nwidart/laravel-modules"
             ]
         }
     },

config/app.php

@@ -9,6 +9,7 @@ use App\Enums\NumberFormat;
 use App\Enums\TimeFormat;
 use Illuminate\Support\Facades\Facade;
 use Illuminate\Support\ServiceProvider;
+use Nwidart\Modules\LaravelModulesServiceProvider;
 
 return [
 
@@ -197,6 +198,7 @@ return [
         App\Providers\FortifyServiceProvider::class,
         App\Providers\JetstreamServiceProvider::class,
         // Warning: Do not add TelescopeServiceProvider here since it is already conditionally registered in AppServiceProvider
+        LaravelModulesServiceProvider::class,
     ])->toArray(),
 
     /*

database/migrations/2025_10_02_000001_add_prevent_overlapping_time_entries_to_organizations_table.php

@@ -0,0 +1,30 @@
+<?php
+
+declare(strict_types=1);
+
+use Illuminate\Database\Migrations\Migration;
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Support\Facades\Schema;
+
+return new class extends Migration
+{
+    /**
+     * Run the migrations.
+     */
+    public function up(): void
+    {
+        Schema::table('organizations', function (Blueprint $table): void {
+            $table->boolean('prevent_overlapping_time_entries')->default(false)->after('employees_can_see_billable_rates');
+        });
+    }
+
+    /**
+     * Reverse the migrations.
+     */
+    public function down(): void
+    {
+        Schema::table('organizations', function (Blueprint $table): void {
+            $table->dropColumn('prevent_overlapping_time_entries');
+        });
+    }
+};

database/migrations/2025_10_16_000001_extend_time_entry_description.php

@@ -0,0 +1,30 @@
+<?php
+
+declare(strict_types=1);
+
+use Illuminate\Database\Migrations\Migration;
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Support\Facades\Schema;
+
+return new class extends Migration
+{
+    /**
+     * Run the migrations.
+     */
+    public function up(): void
+    {
+        Schema::table('time_entries', function (Blueprint $table): void {
+            $table->string('description', 5000)->change();
+        });
+    }
+
+    /**
+     * Reverse the migrations.
+     */
+    public function down(): void
+    {
+        Schema::table('time_entries', function (Blueprint $table): void {
+            $table->string('description', 500)->change();
+        });
+    }
+};

database/migrations/2025_10_24_120845_add_employees_can_manage_tasks_to_organizations_table.php

@@ -0,0 +1,30 @@
+<?php
+
+declare(strict_types=1);
+
+use Illuminate\Database\Migrations\Migration;
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Support\Facades\Schema;
+
+return new class extends Migration
+{
+    /**
+     * Run the migrations.
+     */
+    public function up(): void
+    {
+        Schema::table('organizations', function (Blueprint $table): void {
+            $table->boolean('employees_can_manage_tasks')->default(false)->after('employees_can_see_billable_rates');
+        });
+    }
+
+    /**
+     * Reverse the migrations.
+     */
+    public function down(): void
+    {
+        Schema::table('organizations', function (Blueprint $table): void {
+            $table->dropColumn('employees_can_manage_tasks');
+        });
+    }
+};

database/schema/pgsql_test-schema.sql

@@ -435,7 +435,7 @@ CREATE TABLE public.tasks (
 
 CREATE TABLE public.time_entries (
     id uuid NOT NULL,
-    description character varying(500) NOT NULL,
+    description character varying(5000) NOT NULL,
     start timestamp(0) without time zone NOT NULL,
     "end" timestamp(0) without time zone,
     billable_rate integer,

docker-compose.yml

@@ -5,8 +5,6 @@ services:
             dockerfile: Dockerfile
             args:
                 WWWGROUP: '${WWWGROUP}'
-        ports:
-            - '${FORWARD_WEB_PORT:-8083}:80'
         image: sail-8.3/app
         labels:
             - "traefik.enable=true"
@@ -109,7 +107,7 @@ services:
             - sail
             - reverse-proxy
     playwright:
-        image: mcr.microsoft.com/playwright:v1.51.1-jammy
+        image: mcr.microsoft.com/playwright:v1.59.1-jammy
         command: ['npx', 'playwright', 'test', '--ui-port=8080', '--ui-host=0.0.0.0']
         working_dir: /src
         extra_hosts:

docker/local/minio/create_bucket.sh

@@ -2,7 +2,7 @@
 
 # Source: https://helgesver.re/articles/laravel-sail-create-minio-bucket-automatically
 
-/usr/bin/mc config host add local ${S3_ENDPOINT} ${S3_ACCESS_KEY_ID} ${S3_SECRET_ACCESS_KEY};
+/usr/bin/mc alias set local ${S3_ENDPOINT} ${S3_ACCESS_KEY_ID} ${S3_SECRET_ACCESS_KEY};
 /usr/bin/mc rm -r --force local/${S3_BUCKET};
 /usr/bin/mc mb --ignore-existing local/${S3_BUCKET};
 /usr/bin/mc anonymous set public local/${S3_BUCKET};

docker/prod/Dockerfile

@@ -16,7 +16,7 @@ RUN CGO_ENABLED=1 \
     XCADDY_GO_BUILD_FLAGS="-ldflags='-w -s' -tags=nobadger,nomysql,nopgx" \
     CGO_CFLAGS=$(php-config --includes) \
     CGO_LDFLAGS="$(php-config --ldflags) $(php-config --libs)" \
-    xcaddy build \
+    xcaddy build v2.10.0 \
         --output /usr/local/bin/frankenphp \
         --with github.com/dunglas/frankenphp=./ \
         --with github.com/dunglas/frankenphp/caddy=./caddy/ \

e2e/auth.spec.ts

@@ -1,5 +1,6 @@
 import { expect, test } from '@playwright/test';
 import { PLAYWRIGHT_BASE_URL } from '../playwright/config';
+import { getPasswordResetUrl } from './utils/mailpit';
 
 async function registerNewUser(page, email, password) {
     await page.goto(PLAYWRIGHT_BASE_URL + '/register');
@@ -35,14 +36,198 @@ test('can register and delete account', async ({ page }) => {
     await registerNewUser(page, email, password);
     await page.goto(PLAYWRIGHT_BASE_URL + '/user/profile');
     await page.getByRole('button', { name: 'Delete Account' }).click();
+    await expect(page.getByRole('dialog')).toBeVisible();
     await page.getByPlaceholder('Password').fill(password);
-    await page.getByRole('button', { name: 'Delete Account' }).click();
+    await page.getByRole('dialog').getByRole('button', { name: 'Delete Account' }).click();
     await page.waitForURL(PLAYWRIGHT_BASE_URL + '/login');
     await page.goto(PLAYWRIGHT_BASE_URL + '/login');
     await page.getByLabel('Email').fill(email);
     await page.getByLabel('Password').fill(password);
     await page.getByRole('button', { name: 'Log in' }).click();
-    await expect(page.getByRole('paragraph')).toContainText(
+    await expect(page.getByRole('alert')).toContainText(
         'These credentials do not match our records.'
     );
 });
+
+test('shows error for invalid email on forgot password', async ({ page }) => {
+    await page.goto(PLAYWRIGHT_BASE_URL + '/forgot-password');
+
+    // Request password reset with non-existent email
+    await page.getByLabel('Email').fill('nonexistent@example.com');
+    await page.getByRole('button', { name: 'Email Password Reset Link' }).click();
+
+    // Should show error message
+    await expect(page.getByText("We can't find a user with that email address.")).toBeVisible();
+});
+
+test('shows browser validation for invalid email format on forgot password', async ({ page }) => {
+    await page.goto(PLAYWRIGHT_BASE_URL + '/forgot-password');
+
+    // Request password reset with invalid email format
+    const emailInput = page.getByLabel('Email');
+    await emailInput.fill('notanemail');
+
+    // Check for browser validation - the input should be invalid
+    const isInvalid = await emailInput.evaluate((el: HTMLInputElement) => !el.validity.valid);
+    expect(isInvalid).toBe(true);
+});
+
+test('shows browser validation for empty email on forgot password', async ({ page }) => {
+    await page.goto(PLAYWRIGHT_BASE_URL + '/forgot-password');
+
+    // The email input is required, so it should be invalid when empty
+    const emailInput = page.getByLabel('Email');
+
+    // Check for browser validation - the input should be invalid because it's required and empty
+    const isInvalid = await emailInput.evaluate((el: HTMLInputElement) => el.validity.valueMissing);
+    expect(isInvalid).toBe(true);
+});
+
+test('can reset password via email link', async ({ page, request }) => {
+    // First register a new user
+    const email = `john+${Math.round(Math.random() * 10000)}@doe.com`;
+    const originalPassword = 'suchagreatpassword123';
+    const newPassword = 'mynewsecurepassword456';
+    await registerNewUser(page, email, originalPassword);
+
+    // Log out
+    await page.getByTestId('current_user_button').click();
+    await page.getByText('Log Out').click();
+    await page.waitForURL(PLAYWRIGHT_BASE_URL + '/login');
+
+    // Request password reset
+    await page.goto(PLAYWRIGHT_BASE_URL + '/forgot-password');
+    await page.getByLabel('Email').fill(email);
+    await page.getByRole('button', { name: 'Email Password Reset Link' }).click();
+    await expect(page.getByText('We have emailed your password reset link.')).toBeVisible();
+
+    // Get password reset URL from email
+    const resetUrl = await getPasswordResetUrl(request, email);
+
+    // Navigate to reset page
+    await page.goto(resetUrl);
+
+    // Fill in new password
+    await page.getByLabel('Password', { exact: true }).fill(newPassword);
+    await page.getByLabel('Confirm Password').fill(newPassword);
+    await page.getByRole('button', { name: 'Reset Password' }).click();
+
+    // Should redirect to login page after successful reset
+    await page.waitForURL(PLAYWRIGHT_BASE_URL + '/login');
+
+    // Try logging in with new password
+    await page.getByLabel('Email').fill(email);
+    await page.getByLabel('Password').fill(newPassword);
+    await page.getByRole('button', { name: 'Log in' }).click();
+    await expect(page.getByTestId('dashboard_view')).toBeVisible();
+});
+
+test('shows validation error for password mismatch on reset', async ({ page, request }) => {
+    // First register a new user
+    const email = `john+${Math.round(Math.random() * 10000)}@doe.com`;
+    const originalPassword = 'suchagreatpassword123';
+    await registerNewUser(page, email, originalPassword);
+
+    // Log out
+    await page.getByTestId('current_user_button').click();
+    await page.getByText('Log Out').click();
+    await page.waitForURL(PLAYWRIGHT_BASE_URL + '/login');
+
+    // Request password reset
+    await page.goto(PLAYWRIGHT_BASE_URL + '/forgot-password');
+    await page.getByLabel('Email').fill(email);
+    await page.getByRole('button', { name: 'Email Password Reset Link' }).click();
+    await expect(page.getByText('We have emailed your password reset link.')).toBeVisible();
+
+    // Get password reset URL from email
+    const resetUrl = await getPasswordResetUrl(request, email);
+
+    // Navigate to reset page
+    await page.goto(resetUrl);
+
+    // Fill in mismatched passwords
+    await page.getByLabel('Password', { exact: true }).fill('newpassword123');
+    await page.getByLabel('Confirm Password').fill('differentpassword456');
+    await page.getByRole('button', { name: 'Reset Password' }).click();
+
+    // Should show validation error
+    await expect(page.getByText('The password field confirmation does not match.')).toBeVisible();
+});
+
+test('shows validation error for short password on reset', async ({ page, request }) => {
+    // First register a new user
+    const email = `john+${Math.round(Math.random() * 10000)}@doe.com`;
+    const originalPassword = 'suchagreatpassword123';
+    await registerNewUser(page, email, originalPassword);
+
+    // Log out
+    await page.getByTestId('current_user_button').click();
+    await page.getByText('Log Out').click();
+    await page.waitForURL(PLAYWRIGHT_BASE_URL + '/login');
+
+    // Request password reset
+    await page.goto(PLAYWRIGHT_BASE_URL + '/forgot-password');
+    await page.getByLabel('Email').fill(email);
+    await page.getByRole('button', { name: 'Email Password Reset Link' }).click();
+    await expect(page.getByText('We have emailed your password reset link.')).toBeVisible();
+
+    // Get password reset URL from email
+    const resetUrl = await getPasswordResetUrl(request, email);
+
+    // Navigate to reset page
+    await page.goto(resetUrl);
+
+    // Fill in short password
+    await page.getByLabel('Password', { exact: true }).fill('short');
+    await page.getByLabel('Confirm Password').fill('short');
+    await page.getByRole('button', { name: 'Reset Password' }).click();
+
+    // Should show validation error about minimum length
+    await expect(page.getByText('must be at least')).toBeVisible();
+});
+
+test('shows error for invalid login credentials', async ({ page }) => {
+    await page.goto(PLAYWRIGHT_BASE_URL + '/login');
+    await page.getByLabel('Email').fill('nonexistent@example.com');
+    await page.getByLabel('Password').fill('wrongpassword123');
+    await page.getByRole('button', { name: 'Log in' }).click();
+
+    await expect(page.getByText('These credentials do not match our records.')).toBeVisible();
+});
+
+test('shows error when registering with existing email', async ({ page }) => {
+    const email = `john+${Math.round(Math.random() * 10000)}@doe.com`;
+    const password = 'suchagreatpassword123';
+
+    // Register first user
+    await registerNewUser(page, email, password);
+
+    // Log out
+    await page.getByTestId('current_user_button').click();
+    await page.getByText('Log Out').click();
+    await page.waitForURL(PLAYWRIGHT_BASE_URL + '/login');
+
+    // Try to register with the same email
+    await page.goto(PLAYWRIGHT_BASE_URL + '/register');
+    await page.getByLabel('Name').fill('Another User');
+    await page.getByLabel('Email').fill(email);
+    await page.getByLabel('Password', { exact: true }).fill(password);
+    await page.getByLabel('Confirm Password').fill(password);
+    await page.getByLabel('I agree to the Terms of').click();
+    await page.getByRole('button', { name: 'Register' }).click();
+
+    // Should show error about email already taken
+    await expect(page.getByText('The resource already exists.')).toBeVisible();
+});
+
+test('shows validation error for weak password on registration', async ({ page }) => {
+    await page.goto(PLAYWRIGHT_BASE_URL + '/register');
+    await page.getByLabel('Name').fill('Weak Password User');
+    await page.getByLabel('Email').fill(`weak+${Math.round(Math.random() * 10000)}@test.com`);
+    await page.getByLabel('Password', { exact: true }).fill('short');
+    await page.getByLabel('Confirm Password').fill('short');
+    await page.getByLabel('I agree to the Terms of').click();
+    await page.getByRole('button', { name: 'Register' }).click();
+
+    await expect(page.getByText('must be at least')).toBeVisible();
+});

e2e/calendar-settings.spec.ts

@@ -0,0 +1,689 @@
+import type { Page } from '@playwright/test';
+import { expect } from '@playwright/test';
+import { PLAYWRIGHT_BASE_URL } from '../playwright/config';
+import { test } from '../playwright/fixtures';
+import { createBareTimeEntryViaApi, createTimeEntryWithTimestampsViaApi } from './utils/api';
+
+async function goToCalendar(page: Page) {
+    await page.goto(PLAYWRIGHT_BASE_URL + '/calendar');
+    await expect(page.locator('.fc')).toBeVisible({ timeout: 10000 });
+}
+
+async function openSettingsPopover(page: Page) {
+    await page.getByRole('button', { name: 'Calendar settings' }).click();
+    await expect(page.getByText('Calendar Settings')).toBeVisible();
+}
+
+async function clearCalendarSettings(page: Page) {
+    await page.evaluate(() => localStorage.removeItem('solidtime:calendar-settings'));
+}
+
+function getCalendarTitle(page: Page) {
+    return page.getByTestId('calendar-title');
+}
+
+async function scrollCalendarToTime(page: Page, time: string) {
+    await page.evaluate((t) => {
+        const slot = document.querySelector(`.fc-timegrid-slot-lane[data-time="${t}"]`);
+        if (slot) slot.scrollIntoView({ block: 'start' });
+    }, time);
+    await page.waitForTimeout(300);
+}
+
+async function getSlotHeight(page: Page): Promise<number> {
+    return await page.evaluate(() => {
+        const slots = Array.from(document.querySelectorAll('.fc-timegrid-slot-lane'));
+        for (let i = 0; i < slots.length; i++) {
+            const h = slots[i].getBoundingClientRect().height;
+            if (h > 0) return h;
+        }
+        return 20;
+    });
+}
+
+test.describe('Calendar Settings', () => {
+    test.beforeEach(async ({ page }) => {
+        await clearCalendarSettings(page);
+    });
+
+    test('settings popover shows all fields with correct defaults', async ({ page }) => {
+        await goToCalendar(page);
+        await openSettingsPopover(page);
+
+        await expect(page.getByLabel('Snap Interval')).toContainText('15 min');
+        await expect(page.getByLabel('Start Time')).toContainText('12:00 AM');
+        await expect(page.getByLabel('End Time')).toContainText('12:00 AM (next)');
+        await expect(page.getByLabel('Grid Scale')).toContainText('15 min');
+    });
+
+    test('snap interval can be changed and persists across reload', async ({ page }) => {
+        await goToCalendar(page);
+        await openSettingsPopover(page);
+
+        // Change snap interval to 30 min
+        await page.getByLabel('Snap Interval').click();
+        await page.getByRole('option', { name: '30 min' }).click();
+
+        // Close the popover by pressing Escape
+        await page.keyboard.press('Escape');
+
+        // Verify localStorage was updated
+        const stored = await page.evaluate(() =>
+            JSON.parse(localStorage.getItem('solidtime:calendar-settings') || '{}')
+        );
+        expect(stored.snapMinutes).toBe(30);
+
+        // Reload and verify persistence
+        await page.reload();
+        await expect(page.locator('.fc')).toBeVisible();
+        await openSettingsPopover(page);
+        await expect(page.getByLabel('Snap Interval')).toContainText('30 min');
+    });
+
+    test('start time change is applied to calendar and rejects invalid values', async ({
+        page,
+    }) => {
+        await goToCalendar(page);
+
+        // Verify 7 AM slot exists with default start (00:00)
+        await expect(page.locator('.fc-timegrid-slot[data-time="07:00:00"]')).not.toHaveCount(0);
+
+        await openSettingsPopover(page);
+
+        // Set end time to 6 PM first
+        await page.getByLabel('End Time').click();
+        await page.getByRole('option', { name: '6:00 PM' }).click();
+
+        // Change start time to 8 AM (valid)
+        await page.getByLabel('Start Time').click();
+        await page.getByRole('option', { name: '8:00 AM' }).click();
+
+        // Try to set start time to 6 PM (invalid: equals end time) — should be rejected
+        await page.getByLabel('Start Time').click();
+        await page.getByRole('option', { name: '6:00 PM' }).click();
+
+        // Should be rejected — start time stays at 8 AM
+        await expect(page.getByLabel('Start Time')).toContainText('8:00 AM');
+
+        // Close the popover
+        await page.keyboard.press('Escape');
+
+        // Calendar should no longer show hours before 8 AM
+        await expect(page.locator('.fc-timegrid-slot[data-time="07:00:00"]')).toHaveCount(0);
+        await expect(page.locator('.fc-timegrid-slot[data-time="08:00:00"]')).not.toHaveCount(0);
+    });
+
+    test('end time change is applied to calendar and rejects invalid values', async ({ page }) => {
+        await goToCalendar(page);
+
+        // Verify 19:00 slot exists with default end (24:00)
+        await expect(page.locator('.fc-timegrid-slot[data-time="19:00:00"]')).not.toHaveCount(0);
+
+        await openSettingsPopover(page);
+
+        // Set start time to 8 AM first
+        await page.getByLabel('Start Time').click();
+        await page.getByRole('option', { name: '8:00 AM' }).click();
+
+        // Change end time to 6 PM (valid)
+        await page.getByLabel('End Time').click();
+        await page.getByRole('option', { name: '6:00 PM' }).click();
+
+        // Try to set end time to 8 AM (invalid: equals start time) — should be rejected
+        await page.getByLabel('End Time').click();
+        await page.getByRole('option', { name: '8:00 AM' }).click();
+
+        // Should be rejected — end time stays at 6 PM
+        await expect(page.getByLabel('End Time')).toContainText('6:00 PM');
+
+        // Close the popover
+        await page.keyboard.press('Escape');
+
+        // Calendar should no longer show hours at or after 6 PM
+        await expect(page.locator('.fc-timegrid-slot[data-time="18:00:00"]')).toHaveCount(0);
+        await expect(page.locator('.fc-timegrid-slot[data-time="17:00:00"]')).not.toHaveCount(0);
+    });
+
+    test('grid scale affects number of calendar slots', async ({ page }) => {
+        await goToCalendar(page);
+
+        // Count slots with default 15-min scale
+        const defaultSlotCount = await page.locator('.fc-timegrid-slot').count();
+
+        // Change to 30 min scale (should halve the slots)
+        await openSettingsPopover(page);
+        await page.getByLabel('Grid Scale').click();
+        await page.getByRole('option', { name: '30 min' }).click();
+        await page.keyboard.press('Escape');
+
+        // Wait for FullCalendar to re-render with new slot count
+        await expect(async () => {
+            const count = await page.locator('.fc-timegrid-slot').count();
+            expect(count).toBeLessThan(defaultSlotCount);
+        }).toPass({ timeout: 5000 });
+
+        const largerSlotCount = await page.locator('.fc-timegrid-slot').count();
+
+        // Navigate away and back to get a clean calendar mount
+        await page.goto(PLAYWRIGHT_BASE_URL + '/time');
+        await goToCalendar(page);
+
+        // Change to 5 min scale (many more slots)
+        await openSettingsPopover(page);
+        await page.getByLabel('Grid Scale').click();
+        await page.getByRole('option', { name: '5 min', exact: true }).click();
+        await page.keyboard.press('Escape');
+
+        // Wait for FullCalendar to re-render with new slot count
+        await expect(async () => {
+            const count = await page.locator('.fc-timegrid-slot').count();
+            expect(count).toBeGreaterThan(largerSlotCount);
+        }).toPass({ timeout: 5000 });
+    });
+
+    test('all settings persist across navigation', async ({ page }) => {
+        await goToCalendar(page);
+        await openSettingsPopover(page);
+
+        // Change every setting
+        await page.getByLabel('Snap Interval').click();
+        await page.getByRole('option', { name: '5 min', exact: true }).click();
+        await page.getByLabel('Start Time').click();
+        await page.getByRole('option', { name: '6:00 AM' }).click();
+        await page.getByLabel('End Time').click();
+        await page.getByRole('option', { name: '10:00 PM' }).click();
+        await page.getByLabel('Grid Scale').click();
+        await page.getByRole('option', { name: '30 min' }).click();
+
+        // Close the popover
+        await page.keyboard.press('Escape');
+
+        // Navigate away and back
+        await page.goto(PLAYWRIGHT_BASE_URL + '/time');
+        await goToCalendar(page);
+
+        // Verify all settings persisted
+        await openSettingsPopover(page);
+        await expect(page.getByLabel('Snap Interval')).toContainText('5 min');
+        await expect(page.getByLabel('Start Time')).toContainText('6:00 AM');
+        await expect(page.getByLabel('End Time')).toContainText('10:00 PM');
+        await expect(page.getByLabel('Grid Scale')).toContainText('30 min');
+    });
+});
+
+test.describe('Calendar Toolbar', () => {
+    test('prev and next buttons navigate the calendar', async ({ page }) => {
+        await goToCalendar(page);
+
+        // Use column headers to detect navigation (title only shows month which may not change)
+        const getHeaderTexts = async () => {
+            const headers = page.locator('.fc-col-header-cell');
+            return headers.allTextContents();
+        };
+
+        const initialHeaders = await getHeaderTexts();
+
+        // Click next
+        await page.getByRole('button', { name: 'Next', exact: true }).click();
+        await expect(page.locator('.fc')).toBeVisible();
+
+        const nextHeaders = await getHeaderTexts();
+        expect(nextHeaders).not.toEqual(initialHeaders);
+
+        // Click prev — should go back to original
+        await page.getByRole('button', { name: 'Previous', exact: true }).click();
+        await expect(page.locator('.fc')).toBeVisible();
+
+        const backHeaders = await getHeaderTexts();
+        expect(backHeaders).toEqual(initialHeaders);
+    });
+
+    test('today button returns to current week', async ({ page }) => {
+        await goToCalendar(page);
+
+        // Use column headers to detect navigation (title only shows month which may not change)
+        const getHeaderTexts = async () => {
+            const headers = page.locator('.fc-col-header-cell');
+            return headers.allTextContents();
+        };
+
+        const initialHeaders = await getHeaderTexts();
+
+        // Navigate away
+        await page.getByRole('button', { name: 'Next', exact: true }).click();
+        await page.getByRole('button', { name: 'Next', exact: true }).click();
+
+        const awayHeaders = await getHeaderTexts();
+        expect(awayHeaders).not.toEqual(initialHeaders);
+
+        // Click today
+        await page.getByRole('button', { name: 'today', exact: true }).click();
+        await expect(page.locator('.fc')).toBeVisible();
+
+        const todayHeaders = await getHeaderTexts();
+        expect(todayHeaders).toEqual(initialHeaders);
+    });
+
+    test('view switcher toggles between week and day views', async ({ page }) => {
+        await goToCalendar(page);
+
+        // Default should be week view — verify multiple day columns exist
+        await expect(page.locator('.fc-col-header-cell')).not.toHaveCount(1);
+
+        // Switch to day view
+        await page.getByRole('tab', { name: 'day', exact: true }).click();
+        await expect(page.locator('.fc')).toBeVisible();
+
+        // Day view should show exactly 1 day column
+        await expect(page.locator('.fc-col-header-cell')).toHaveCount(1);
+
+        // Switch back to week view
+        await page.getByRole('tab', { name: 'week', exact: true }).click();
+        await expect(page.locator('.fc')).toBeVisible();
+
+        // Week view should show multiple day columns again
+        await expect(page.locator('.fc-col-header-cell')).not.toHaveCount(1);
+    });
+});
+
+test.describe('Visual Snapping', () => {
+    test.beforeEach(async ({ page }) => {
+        await clearCalendarSettings(page);
+    });
+
+    test('snap interval of 1 minute allows fine-grained positioning', async ({ page, ctx }) => {
+        await goToCalendar(page);
+        await openSettingsPopover(page);
+
+        // Set snap interval to 1 min
+        await page.getByLabel('Snap Interval').click();
+        await page.getByRole('option', { name: '1 min' }).click();
+        await page.keyboard.press('Escape');
+
+        // Create a 1h time entry
+        await createBareTimeEntryViaApi(ctx, 'Snap 1min test', '1h');
+        await goToCalendar(page);
+
+        // Scroll the calendar so the 14:00 target area is visible
+        await scrollCalendarToTime(page, '13:00:00');
+
+        const event = page.locator('.fc-event').first();
+        await expect(event).toBeVisible();
+
+        // Get target slot at a non-15-min boundary time
+        const targetSlot = page.locator('.fc-timegrid-slot-lane[data-time="14:00:00"]').first();
+        const targetBox = await targetSlot.boundingBox();
+        expect(targetBox).not.toBeNull();
+
+        // Drag event to a position offset from the 15-min boundary
+        const putResponsePromise = page.waitForResponse(
+            (resp) => resp.url().includes('/time-entries/') && resp.request().method() === 'PUT'
+        );
+
+        await event.hover();
+        await page.mouse.down();
+        await page.mouse.move(targetBox!.x + targetBox!.width / 2, targetBox!.y + 5, { steps: 10 });
+        await page.mouse.up();
+
+        const putResponse = await putResponsePromise;
+        expect(putResponse.status()).toBe(200);
+
+        const body = await putResponse.json();
+        const startDate = new Date(body.data.start);
+        const minutes = startDate.getMinutes();
+
+        // With 1-min snap, any minute value is valid (0-59)
+        expect(minutes).toBeGreaterThanOrEqual(0);
+        expect(minutes).toBeLessThanOrEqual(59);
+    });
+
+    test('snap interval of 60 minutes creates hour-aligned entries', async ({ page, ctx }) => {
+        await goToCalendar(page);
+        await openSettingsPopover(page);
+
+        // Set snap interval to 60 min
+        await page.getByLabel('Snap Interval').click();
+        await page.getByRole('option', { name: '1 hour' }).click();
+        await page.keyboard.press('Escape');
+
+        // Create a 1h time entry
+        await createBareTimeEntryViaApi(ctx, 'Snap 60min test', '1h');
+        await goToCalendar(page);
+
+        // Scroll the calendar so the 14:00 target area is visible
+        await scrollCalendarToTime(page, '13:00:00');
+
+        const event = page.locator('.fc-event').first();
+        await expect(event).toBeVisible();
+
+        // Get target slot
+        const targetSlot = page.locator('.fc-timegrid-slot-lane[data-time="14:00:00"]').first();
+        const targetBox = await targetSlot.boundingBox();
+        expect(targetBox).not.toBeNull();
+
+        // Drag event
+        const putResponsePromise = page.waitForResponse(
+            (resp) => resp.url().includes('/time-entries/') && resp.request().method() === 'PUT'
+        );
+
+        await event.hover();
+        await page.mouse.down();
+        await page.mouse.move(targetBox!.x + targetBox!.width / 2, targetBox!.y + 5, { steps: 10 });
+        await page.mouse.up();
+
+        const putResponse = await putResponsePromise;
+        expect(putResponse.status()).toBe(200);
+
+        const body = await putResponse.json();
+        const startDate = new Date(body.data.start);
+        const minutes = startDate.getMinutes();
+
+        // With 60-min snap, minutes should be 0 (on the hour)
+        expect(minutes).toBe(0);
+    });
+
+    test('changing snap interval mid-session affects next drag', async ({ page, ctx }) => {
+        // Create a 1h time entry
+        await createBareTimeEntryViaApi(ctx, 'Snap change test', '1h');
+        await goToCalendar(page);
+
+        // Set snap to 15 min
+        await openSettingsPopover(page);
+        await page.getByLabel('Snap Interval').click();
+        await page.getByRole('option', { name: '15 min' }).click();
+        await page.keyboard.press('Escape');
+
+        // Scroll the calendar so the 14:00 target area is visible
+        await scrollCalendarToTime(page, '13:00:00');
+
+        const event = page.locator('.fc-event').first();
+        await expect(event).toBeVisible();
+
+        // Drag event to 14:00 area
+        const targetSlot14 = page.locator('.fc-timegrid-slot-lane[data-time="14:00:00"]').first();
+        const targetBox14 = await targetSlot14.boundingBox();
+        expect(targetBox14).not.toBeNull();
+
+        const putResponsePromise1 = page.waitForResponse(
+            (resp) => resp.url().includes('/time-entries/') && resp.request().method() === 'PUT'
+        );
+
+        await event.hover();
+        await page.mouse.down();
+        await page.mouse.move(targetBox14!.x + targetBox14!.width / 2, targetBox14!.y + 5, {
+            steps: 10,
+        });
+        await page.mouse.up();
+
+        const putResponse1 = await putResponsePromise1;
+        expect(putResponse1.status()).toBe(200);
+
+        const body1 = await putResponse1.json();
+        const startDate1 = new Date(body1.data.start);
+        expect(startDate1.getMinutes() % 15).toBe(0);
+
+        // Wait for query re-fetch/re-renders to fully settle after drag
+        await page.waitForTimeout(1500);
+
+        // Change snap to 30 min
+        // Use Escape first to ensure no stale popover is open, then re-open
+        await page.keyboard.press('Escape');
+        await page.waitForTimeout(300);
+        await openSettingsPopover(page);
+        await page.waitForTimeout(300);
+        await page.getByLabel('Snap Interval').click({ force: true });
+        await page.getByRole('option', { name: '30 min' }).click();
+        await page.keyboard.press('Escape');
+
+        // Scroll the calendar so the 10:00 target area is visible
+        await scrollCalendarToTime(page, '09:00:00');
+
+        // Drag event to 10:00 area
+        const targetSlot10 = page.locator('.fc-timegrid-slot-lane[data-time="10:00:00"]').first();
+        const targetBox10 = await targetSlot10.boundingBox();
+        expect(targetBox10).not.toBeNull();
+
+        const putResponsePromise2 = page.waitForResponse(
+            (resp) => resp.url().includes('/time-entries/') && resp.request().method() === 'PUT'
+        );
+
+        await event.hover();
+        await page.mouse.down();
+        await page.mouse.move(targetBox10!.x + targetBox10!.width / 2, targetBox10!.y + 5, {
+            steps: 10,
+        });
+        await page.mouse.up();
+
+        const putResponse2 = await putResponsePromise2;
+        expect(putResponse2.status()).toBe(200);
+
+        const body2 = await putResponse2.json();
+        const startDate2 = new Date(body2.data.start);
+        expect(startDate2.getMinutes() % 30).toBe(0);
+    });
+
+    test('snap with different grid scale (slot != snap)', async ({ page, ctx }) => {
+        await goToCalendar(page);
+        await openSettingsPopover(page);
+
+        // Set grid scale to 30 min, snap to 5 min
+        await page.getByLabel('Grid Scale').click();
+        await page.getByRole('option', { name: '30 min' }).click();
+        await page.getByLabel('Snap Interval').click();
+        await page.getByRole('option', { name: '5 min', exact: true }).click();
+        await page.keyboard.press('Escape');
+
+        // Wait for re-render with 30-min grid
+        await expect(async () => {
+            const slotCount = await page.locator('.fc-timegrid-slot-lane').count();
+            // 24 hours * 2 slots/hour = 48 slots for 30-min grid
+            expect(slotCount).toBeLessThanOrEqual(48);
+        }).toPass({ timeout: 5000 });
+
+        // Verify grid is 30-min (fewer slots than default 15-min)
+        const slotCount = await page.locator('.fc-timegrid-slot-lane').count();
+        // Default 15-min grid has 96 slots; 30-min grid should have 48
+        expect(slotCount).toBeLessThanOrEqual(48);
+
+        // Create a 1h time entry and go to calendar
+        await createBareTimeEntryViaApi(ctx, 'Grid snap test', '1h');
+        await goToCalendar(page);
+
+        // Re-apply settings since goToCalendar navigates
+        await openSettingsPopover(page);
+        await page.getByLabel('Grid Scale').click();
+        await page.getByRole('option', { name: '30 min' }).click();
+        await page.getByLabel('Snap Interval').click();
+        await page.getByRole('option', { name: '5 min', exact: true }).click();
+        await page.keyboard.press('Escape');
+
+        // Scroll so both the event (9:00) and target (14:00) are in viewport
+        await scrollCalendarToTime(page, '08:00:00');
+
+        const event = page.locator('.fc-event').first();
+        await expect(event).toBeVisible();
+
+        // Capture target coordinates after scroll is settled
+        const targetSlot = page.locator('.fc-timegrid-slot-lane[data-time="14:00:00"]').first();
+        const targetBox = await targetSlot.boundingBox();
+        expect(targetBox).not.toBeNull();
+
+        const putResponsePromise = page.waitForResponse(
+            (resp) => resp.url().includes('/time-entries/') && resp.request().method() === 'PUT'
+        );
+
+        await event.hover();
+        await page.mouse.down();
+        await page.mouse.move(targetBox!.x + targetBox!.width / 2, targetBox!.y + 5, { steps: 10 });
+        await page.mouse.up();
+
+        const putResponse = await putResponsePromise;
+        expect(putResponse.status()).toBe(200);
+
+        const body = await putResponse.json();
+        const startDate = new Date(body.data.start);
+        // Snap is 5 min, so minutes should be divisible by 5
+        expect(startDate.getMinutes() % 5).toBe(0);
+    });
+});
+
+test.describe('Calendar Settings Effects', () => {
+    test.beforeEach(async ({ page }) => {
+        await clearCalendarSettings(page);
+    });
+
+    test('start/end time hides slots outside visible range', async ({ page, ctx }) => {
+        // Create a time entry at 6 AM today
+        const now = new Date();
+        const start = new Date(now.getFullYear(), now.getMonth(), now.getDate(), 6, 0, 0);
+        const end = new Date(start.getTime() + 3600 * 1000); // 7 AM
+        await createTimeEntryWithTimestampsViaApi(ctx, {
+            description: 'Early morning entry',
+            start: start.toISOString().replace(/\.\d{3}Z$/, 'Z'),
+            end: end.toISOString().replace(/\.\d{3}Z$/, 'Z'),
+        });
+
+        await goToCalendar(page);
+
+        // Verify 6 AM slot is visible with default settings
+        await expect(page.locator('.fc-timegrid-slot[data-time="06:00:00"]')).not.toHaveCount(0);
+
+        // Set start time to 8 AM
+        await openSettingsPopover(page);
+        await page.getByLabel('Start Time').click();
+        await page.getByRole('option', { name: '8:00 AM' }).click();
+        await page.keyboard.press('Escape');
+
+        // 6 AM slot should be hidden
+        await expect(page.locator('.fc-timegrid-slot[data-time="06:00:00"]')).toHaveCount(0);
+
+        // 8 AM slot should be visible
+        await expect(page.locator('.fc-timegrid-slot[data-time="08:00:00"]')).not.toHaveCount(0);
+    });
+
+    test('grid scale affects event visual height proportionally', async ({ page, ctx }) => {
+        // Create a 1h time entry
+        await createBareTimeEntryViaApi(ctx, 'Height test', '1h');
+        await goToCalendar(page);
+
+        const event = page.locator('.fc-event').first();
+        await expect(event).toBeVisible();
+        await event.scrollIntoViewIfNeeded();
+
+        // Get event height with default 15-min grid scale
+        const box15 = await event.boundingBox();
+        expect(box15).not.toBeNull();
+        const height15 = box15!.height;
+
+        // Change grid scale to 60 min
+        await openSettingsPopover(page);
+        await page.getByLabel('Grid Scale').click();
+        await page.getByRole('option', { name: '1 hour' }).click();
+        await page.keyboard.press('Escape');
+
+        // Wait for re-render and scroll event into view
+        await event.scrollIntoViewIfNeeded();
+        await expect(async () => {
+            const box = await event.boundingBox();
+            expect(box).not.toBeNull();
+            expect(box!.height).not.toBe(height15);
+        }).toPass({ timeout: 5000 });
+
+        const box60 = await event.boundingBox();
+        expect(box60).not.toBeNull();
+        const height60 = box60!.height;
+
+        // Event should appear smaller with larger grid scale
+        expect(height15).toBeGreaterThan(height60);
+    });
+
+    test('snap interval affects drag granularity', async ({ page, ctx }) => {
+        await goToCalendar(page);
+        await openSettingsPopover(page);
+
+        // Set snap to 30 min
+        await page.getByLabel('Snap Interval').click();
+        await page.getByRole('option', { name: '30 min' }).click();
+        await page.keyboard.press('Escape');
+
+        // Create a 1h time entry
+        await createBareTimeEntryViaApi(ctx, 'Drag granularity test', '1h');
+        await goToCalendar(page);
+
+        // Scroll the calendar so the 14:00 target area is visible
+        await scrollCalendarToTime(page, '13:00:00');
+
+        const event = page.locator('.fc-event').first();
+        await expect(event).toBeVisible();
+
+        // Get target slot
+        const targetSlot = page.locator('.fc-timegrid-slot-lane[data-time="14:00:00"]').first();
+        const targetBox = await targetSlot.boundingBox();
+        expect(targetBox).not.toBeNull();
+
+        // Drag event
+        const putResponsePromise = page.waitForResponse(
+            (resp) => resp.url().includes('/time-entries/') && resp.request().method() === 'PUT'
+        );
+
+        await event.hover();
+        await page.mouse.down();
+        await page.mouse.move(targetBox!.x + targetBox!.width / 2, targetBox!.y + 5, { steps: 10 });
+        await page.mouse.up();
+
+        const putResponse = await putResponsePromise;
+        expect(putResponse.status()).toBe(200);
+
+        const body = await putResponse.json();
+        const startDate = new Date(body.data.start);
+        const minutes = startDate.getMinutes();
+
+        // With 30-min snap, minutes should be 0 or 30
+        expect(minutes % 30).toBe(0);
+    });
+
+    test('settings apply immediately without page reload', async ({ page }) => {
+        await goToCalendar(page);
+
+        // Count slots with default grid scale (15 min)
+        const defaultSlotCount = await page.locator('.fc-timegrid-slot').count();
+
+        // Change grid scale to 30 min
+        await openSettingsPopover(page);
+        await page.getByLabel('Grid Scale').click();
+        await page.getByRole('option', { name: '30 min' }).click();
+        await page.keyboard.press('Escape');
+
+        // Verify slot count changed without navigation
+        await expect(async () => {
+            const count = await page.locator('.fc-timegrid-slot').count();
+            expect(count).toBeLessThan(defaultSlotCount);
+        }).toPass({ timeout: 5000 });
+
+        // Wait for FullCalendar to fully stabilize after re-render
+        await page.waitForTimeout(2000);
+        await expect(page.locator('.fc')).toBeVisible();
+
+        // Change start time to 8 AM
+        // FullCalendar re-render from grid scale change can make popover elements unstable.
+        // Retry the open+click sequence if it fails.
+        await expect(async () => {
+            await page.keyboard.press('Escape');
+            await page.waitForTimeout(300);
+            await page.getByRole('button', { name: 'Calendar settings' }).click();
+            await expect(page.getByText('Calendar Settings')).toBeVisible();
+            const startTimeBtn = page.getByLabel('Start Time');
+            await expect(startTimeBtn).toBeVisible();
+            await startTimeBtn.click({ timeout: 3000 });
+        }).toPass({ timeout: 10000 });
+
+        await page.getByRole('option', { name: '8:00 AM' }).click();
+        await page.keyboard.press('Escape');
+
+        // Verify 7 AM slot is hidden without reload
+        await expect(async () => {
+            const count = await page.locator('.fc-timegrid-slot[data-time="07:00:00"]').count();
+            expect(count).toBe(0);
+        }).toPass({ timeout: 5000 });
+    });
+});

e2e/clients.spec.ts

@@ -1,18 +1,23 @@
-import { expect, Page } from '@playwright/test';
+import { expect } from '@playwright/test';
+import type { Page } from '@playwright/test';
 import { PLAYWRIGHT_BASE_URL } from '../playwright/config';
 import { test } from '../playwright/fixtures';
+import {
+    createClientViaApi,
+    createProjectMemberViaApi,
+    createProjectViaApi,
+    createPublicProjectViaApi,
+} from './utils/api';
+import { getTableRowNames } from './utils/table';
 
-async function goToProjectsOverview(page: Page) {
+async function goToClientsOverview(page: Page) {
     await page.goto(PLAYWRIGHT_BASE_URL + '/clients');
 }
 
-// Create new project via modal
-test('test that creating and deleting a new client via the modal works', async ({
-    page,
-}) => {
-    const newClientName =
-        'New Project ' + Math.floor(1 + Math.random() * 10000);
-    await goToProjectsOverview(page);
+// Create new client via modal
+test('test that creating and deleting a new client via the modal works', async ({ page }) => {
+    const newClientName = 'New Project ' + Math.floor(1 + Math.random() * 10000);
+    await goToClientsOverview(page);
     await page.getByRole('button', { name: 'Create Client' }).click();
     await page.getByPlaceholder('Client Name').fill(newClientName);
     await Promise.all([
@@ -28,13 +33,9 @@ test('test that creating and deleting a new client via the modal works', async (
     ]);
 
     await expect(page.getByTestId('client_table')).toContainText(newClientName);
-    const moreButton = page.locator(
-        "[aria-label='Actions for Client " + newClientName + "']"
-    );
-    moreButton.click();
-    const deleteButton = page.locator(
-        "[aria-label='Delete Client " + newClientName + "']"
-    );
+    const moreButton = page.locator("[aria-label='Actions for Client " + newClientName + "']");
+    await moreButton.click();
+    const deleteButton = page.locator("[aria-label='Delete Client " + newClientName + "']");
 
     await Promise.all([
         deleteButton.click(),
@@ -45,18 +46,14 @@ test('test that creating and deleting a new client via the modal works', async (
                 response.status() === 204
         ),
     ]);
-    await expect(page.getByTestId('client_table')).not.toContainText(
-        newClientName
-    );
+    await expect(page.getByTestId('client_table')).not.toContainText(newClientName);
 });
 
-test('test that archiving and unarchiving clients works', async ({ page }) => {
+test('test that archiving and unarchiving clients works', async ({ page, ctx }) => {
     const newClientName = 'New Client ' + Math.floor(1 + Math.random() * 10000);
-    await goToProjectsOverview(page);
-    await page.getByRole('button', { name: 'Create Client' }).click();
-    await page.getByLabel('Client Name').fill(newClientName);
+    await createClientViaApi(ctx, { name: newClientName });
 
-    await page.getByRole('button', { name: 'Create Client' }).click();
+    await goToClientsOverview(page);
     await expect(page.getByText(newClientName)).toBeVisible();
 
     await page.getByRole('row').first().getByRole('button').click();
@@ -80,4 +77,300 @@ test('test that archiving and unarchiving clients works', async ({ page }) => {
     ]);
 });
 
-// TODO: Add Name Update Test
+test('test that editing a client name works', async ({ page, ctx }) => {
+    const originalName = 'Original Client ' + Math.floor(1 + Math.random() * 10000);
+    const updatedName = 'Updated Client ' + Math.floor(1 + Math.random() * 10000);
+    await createClientViaApi(ctx, { name: originalName });
+
+    await goToClientsOverview(page);
+    await expect(page.getByText(originalName)).toBeVisible();
+
+    // Open edit modal via actions menu
+    const moreButton = page.locator("[aria-label='Actions for Client " + originalName + "']");
+    await moreButton.click();
+    await page.getByTestId('client_edit').click();
+
+    // Update the client name
+    await page.getByPlaceholder('Client Name').fill(updatedName);
+    await Promise.all([
+        page.getByRole('button', { name: 'Update Client' }).click(),
+        page.waitForResponse(
+            async (response) =>
+                response.url().includes('/clients') &&
+                response.request().method() === 'PUT' &&
+                response.status() === 200
+        ),
+    ]);
+
+    // Verify updated name is shown and old name is gone
+    await expect(page.getByTestId('client_table')).toContainText(updatedName);
+    await expect(page.getByTestId('client_table')).not.toContainText(originalName);
+});
+
+test('test that deleting a client via actions menu works', async ({ page, ctx }) => {
+    const clientName = 'DeleteMe Client ' + Math.floor(1 + Math.random() * 10000);
+
+    await createClientViaApi(ctx, { name: clientName });
+
+    await goToClientsOverview(page);
+    await expect(page.getByTestId('client_table')).toContainText(clientName);
+
+    const moreButton = page.locator("[aria-label='Actions for Client " + clientName + "']");
+    await moreButton.click();
+    const deleteButton = page.locator("[aria-label='Delete Client " + clientName + "']");
+
+    await Promise.all([
+        deleteButton.click(),
+        page.waitForResponse(
+            (response) =>
+                response.url().includes('/clients') &&
+                response.request().method() === 'DELETE' &&
+                response.status() === 204
+        ),
+    ]);
+
+    await expect(page.getByTestId('client_table')).not.toContainText(clientName);
+});
+
+// =============================================
+// Context Menu Tests
+// =============================================
+
+test('test that client context menu edit updates the client', async ({ page, ctx }) => {
+    const clientName = 'CtxEditClient ' + Math.floor(1 + Math.random() * 10000);
+    const updatedName = 'CtxUpdatedClient ' + Math.floor(1 + Math.random() * 10000);
+    await createClientViaApi(ctx, { name: clientName });
+    await goToClientsOverview(page);
+
+    const row = page.getByRole('row').filter({ hasText: clientName }).first();
+    await expect(row).toBeVisible();
+    await row.click({ button: 'right' });
+    await expect(page.getByRole('menu')).toBeVisible();
+    await page.getByRole('menuitem', { name: 'Edit' }).click();
+    await expect(page.getByRole('dialog')).toBeVisible();
+
+    await page.getByPlaceholder('Client Name').fill(updatedName);
+    await Promise.all([
+        page.getByRole('button', { name: 'Update Client' }).click(),
+        page.waitForResponse(
+            (response) =>
+                response.url().includes('/clients') &&
+                response.request().method() === 'PUT' &&
+                response.status() === 200
+        ),
+    ]);
+
+    await expect(page.getByTestId('client_table')).toContainText(updatedName);
+    await expect(page.getByTestId('client_table')).not.toContainText(clientName);
+});
+
+test('test that client context menu archive archives the client', async ({ page, ctx }) => {
+    const clientName = 'CtxArchiveClient ' + Math.floor(1 + Math.random() * 10000);
+    await createClientViaApi(ctx, { name: clientName });
+    await goToClientsOverview(page);
+
+    const row = page.getByRole('row').filter({ hasText: clientName }).first();
+    await expect(row).toBeVisible();
+    await row.click({ button: 'right' });
+    await expect(page.getByRole('menu')).toBeVisible();
+    await Promise.all([
+        page.waitForResponse(
+            (response) =>
+                response.url().includes('/clients') &&
+                response.request().method() === 'PUT' &&
+                response.status() === 200
+        ),
+        page.getByRole('menuitem', { name: 'Archive' }).click(),
+    ]);
+    await expect(page.getByTestId('client_table')).not.toContainText(clientName);
+});
+
+test('test that client context menu delete deletes the client', async ({ page, ctx }) => {
+    const clientName = 'CtxDeleteClient ' + Math.floor(1 + Math.random() * 10000);
+    await createClientViaApi(ctx, { name: clientName });
+    await goToClientsOverview(page);
+
+    const row = page.getByRole('row').filter({ hasText: clientName }).first();
+    await expect(row).toBeVisible();
+    await row.click({ button: 'right' });
+    await expect(page.getByRole('menu')).toBeVisible();
+    await Promise.all([
+        page.waitForResponse(
+            (response) =>
+                response.url().includes('/clients') &&
+                response.request().method() === 'DELETE' &&
+                response.status() === 204
+        ),
+        page.getByRole('menuitem', { name: 'Delete' }).click(),
+    ]);
+    await expect(page.getByTestId('client_table')).not.toContainText(clientName);
+});
+
+// =============================================
+// Sorting Tests
+// =============================================
+
+async function clearClientTableState(page: Page) {
+    await page.evaluate(() => {
+        localStorage.removeItem('client-table-state');
+    });
+}
+
+test('test that sorting clients by name and status works', async ({ page, ctx }) => {
+    await createClientViaApi(ctx, { name: 'AAA SortClient' });
+    await createClientViaApi(ctx, { name: 'ZZZ SortClient' });
+
+    await goToClientsOverview(page);
+    await clearClientTableState(page);
+    await page.reload();
+
+    const table = page.getByTestId('client_table');
+    await expect(table).toBeVisible();
+
+    // -- Name sorting (default is name asc) --
+    let names = await getTableRowNames(table);
+    expect(names.indexOf('AAA SortClient')).toBeLessThan(names.indexOf('ZZZ SortClient'));
+
+    const nameHeader = table.getByText('Name').first();
+    await nameHeader.click(); // toggle to desc
+    names = await getTableRowNames(table);
+    expect(names.indexOf('ZZZ SortClient')).toBeLessThan(names.indexOf('AAA SortClient'));
+
+    // -- Status sorting --
+    const statusHeader = table.getByText('Status').first();
+    await statusHeader.click(); // asc
+    await expect(statusHeader.locator('svg')).toBeVisible();
+    await statusHeader.click(); // desc
+    await expect(statusHeader.locator('svg')).toBeVisible();
+});
+
+test('test that sorting clients by project count works', async ({ page, ctx }) => {
+    const clientWithMany = await createClientViaApi(ctx, { name: 'ManyProjects Client' });
+    const clientWithNone = await createClientViaApi(ctx, { name: 'NoProjects Client' });
+
+    // Create projects for the first client
+    await createProjectViaApi(ctx, { name: 'Proj1', client_id: clientWithMany.id });
+    await createProjectViaApi(ctx, { name: 'Proj2', client_id: clientWithMany.id });
+
+    await goToClientsOverview(page);
+    await clearClientTableState(page);
+    await page.reload();
+
+    const table = page.getByTestId('client_table');
+    await expect(table).toBeVisible();
+
+    // Click Projects header - first click should sort desc (most projects first)
+    const projectsHeader = table.getByText('Projects').first();
+    await projectsHeader.click();
+    await expect(projectsHeader.locator('svg')).toBeVisible();
+    let names = await getTableRowNames(table);
+    expect(names.indexOf('ManyProjects Client')).toBeLessThan(names.indexOf('NoProjects Client'));
+
+    // Second click toggles to asc (least projects first)
+    await projectsHeader.click();
+    names = await getTableRowNames(table);
+    expect(names.indexOf('NoProjects Client')).toBeLessThan(names.indexOf('ManyProjects Client'));
+});
+
+test('test that client sort state persists after page reload', async ({ page }) => {
+    await goToClientsOverview(page);
+    await clearClientTableState(page);
+    await page.reload();
+
+    const table = page.getByTestId('client_table');
+    await expect(table).toBeVisible();
+
+    const nameHeader = table.getByText('Name').first();
+    await nameHeader.click(); // toggle to desc
+    await expect(nameHeader.locator('svg')).toBeVisible();
+
+    await page.reload();
+
+    await expect(page.getByTestId('client_table')).toBeVisible();
+    await expect(
+        page.getByTestId('client_table').getByText('Name').first().locator('svg')
+    ).toBeVisible();
+});
+
+// =============================================
+// Employee Permission Tests
+// =============================================
+
+test.describe('Employee Clients Restrictions', () => {
+    test('employee can view clients but cannot create', async ({ ctx, employee }) => {
+        // Create a client with a public project so the employee can see the client
+        const clientName = 'EmpViewClient ' + Math.floor(Math.random() * 10000);
+        const client = await createClientViaApi(ctx, { name: clientName });
+        await createPublicProjectViaApi(ctx, { name: 'EmpClientProj', client_id: client.id });
+
+        await employee.page.goto(PLAYWRIGHT_BASE_URL + '/clients');
+        await expect(employee.page.getByTestId('clients_view')).toBeVisible({
+            timeout: 10000,
+        });
+
+        // Employee can see the client
+        await expect(employee.page.getByText(clientName)).toBeVisible({ timeout: 10000 });
+
+        // Employee cannot see Create Client button
+        await expect(
+            employee.page.getByRole('button', { name: 'Create Client' })
+        ).not.toBeVisible();
+    });
+
+    test('employee cannot see edit/delete/archive actions on clients', async ({
+        ctx,
+        employee,
+    }) => {
+        const clientName = 'EmpActionsClient ' + Math.floor(Math.random() * 10000);
+        const client = await createClientViaApi(ctx, { name: clientName });
+        await createPublicProjectViaApi(ctx, { name: 'EmpClientActProj', client_id: client.id });
+
+        await employee.page.goto(PLAYWRIGHT_BASE_URL + '/clients');
+        await expect(employee.page.getByText(clientName)).toBeVisible({ timeout: 10000 });
+
+        // Click the actions dropdown trigger to open the menu
+        const actionsButton = employee.page.locator(
+            `[aria-label='Actions for Client ${clientName}']`
+        );
+        await actionsButton.click();
+
+        // The dropdown menu items (Edit, Archive, Delete) should NOT be visible
+        await expect(
+            employee.page.locator(`[aria-label='Edit Client ${clientName}']`)
+        ).not.toBeVisible();
+        await expect(
+            employee.page.locator(`[aria-label='Archive Client ${clientName}']`)
+        ).not.toBeVisible();
+        await expect(
+            employee.page.locator(`[aria-label='Delete Client ${clientName}']`)
+        ).not.toBeVisible();
+    });
+
+    test('employee can see client when they are a member of its private project', async ({
+        ctx,
+        employee,
+    }) => {
+        const clientName = 'EmpPrivateClient ' + Math.floor(Math.random() * 10000);
+        const client = await createClientViaApi(ctx, { name: clientName });
+
+        // Create a private project under this client
+        const project = await createProjectViaApi(ctx, {
+            name: 'PrivateProj',
+            client_id: client.id,
+            is_public: false,
+        });
+
+        // Add the employee as a project member
+        await createProjectMemberViaApi(ctx, project.id, {
+            member_id: employee.memberId,
+        });
+
+        await employee.page.goto(PLAYWRIGHT_BASE_URL + '/clients');
+        await expect(employee.page.getByTestId('clients_view')).toBeVisible({
+            timeout: 10000,
+        });
+
+        // Employee can see the client because they are a member of its private project
+        await expect(employee.page.getByText(clientName)).toBeVisible({ timeout: 10000 });
+    });
+});

e2e/command-palette.spec.ts

@@ -0,0 +1,474 @@
+import { expect, test } from '../playwright/fixtures';
+import { PLAYWRIGHT_BASE_URL } from '../playwright/config';
+import type { Page } from '@playwright/test';
+
+const TIMER_BUTTON_SELECTOR = '[data-testid="dashboard_timer"] [data-testid="timer_button"]';
+
+async function goToDashboard(page: Page) {
+    await page.goto(PLAYWRIGHT_BASE_URL + '/dashboard');
+}
+
+async function openCommandPalette(page: Page) {
+    await page.getByTestId('command_palette_button').click();
+    await expect(page.locator('[role="dialog"]')).toBeVisible({ timeout: 5000 });
+}
+
+async function closeCommandPalette(page: Page) {
+    await page.keyboard.press('Escape');
+    await expect(page.locator('[role="dialog"]')).not.toBeVisible();
+}
+
+async function searchInCommandPalette(page: Page, query: string) {
+    await page.locator('[role="dialog"] input').fill(query);
+    // Wait for search debounce to settle (command palette uses a debounced search)
+    await page.waitForTimeout(300);
+}
+
+async function selectCommand(page: Page, name: string) {
+    const option = page.getByRole('option', { name, exact: true });
+    await option.scrollIntoViewIfNeeded();
+    await option.click();
+}
+
+async function assertTimerIsRunning(page: Page) {
+    await expect(page.locator(TIMER_BUTTON_SELECTOR).and(page.locator(':visible'))).toHaveClass(
+        /bg-red-400\/80/,
+        {
+            timeout: 10000,
+        }
+    );
+}
+
+async function assertTimerIsStopped(page: Page) {
+    await expect(page.locator(TIMER_BUTTON_SELECTOR).and(page.locator(':visible'))).toHaveClass(
+        /bg-accent-300\/70/,
+        {
+            timeout: 10000,
+        }
+    );
+}
+
+test.describe('Command Palette', () => {
+    test.describe('Opening and Closing', () => {
+        test('opens via search button and closes with Escape', async ({ page }) => {
+            await goToDashboard(page);
+            await openCommandPalette(page);
+            await expect(
+                page.locator('[role="dialog"] input[placeholder*="command"]')
+            ).toBeVisible();
+
+            await closeCommandPalette(page);
+            await expect(page.locator('[role="dialog"]')).not.toBeVisible();
+        });
+
+        test('opens with keyboard shortcut', async ({ page }) => {
+            await goToDashboard(page);
+            // Click on body to ensure page has focus
+            await page.locator('body').click();
+            // Use ControlOrMeta which resolves to Ctrl on Linux/Windows and Meta on macOS
+            await page.keyboard.press('ControlOrMeta+k');
+            await expect(page.locator('[role="dialog"]')).toBeVisible({ timeout: 5000 });
+        });
+
+        test('clears search on close', async ({ page }) => {
+            await goToDashboard(page);
+            await openCommandPalette(page);
+            await searchInCommandPalette(page, 'dashboard');
+            await closeCommandPalette(page);
+
+            await openCommandPalette(page);
+            await expect(page.locator('[role="dialog"] input')).toHaveValue('');
+        });
+    });
+
+    test.describe('Command Display', () => {
+        test('displays navigation and timer commands', async ({ page }) => {
+            await goToDashboard(page);
+            await openCommandPalette(page);
+
+            // Navigation commands
+            await expect(page.getByRole('option', { name: 'Go to Dashboard' })).toBeVisible();
+            await expect(page.getByRole('option', { name: 'Go to Time' })).toBeVisible();
+            await expect(page.getByRole('option', { name: 'Go to Calendar' })).toBeVisible();
+
+            // Timer commands
+            await expect(page.getByRole('option', { name: 'Start Timer' })).toBeVisible();
+            await expect(page.getByRole('option', { name: 'Create Time Entry' })).toBeVisible();
+        });
+
+        test('displays create commands', async ({ page }) => {
+            await goToDashboard(page);
+            await openCommandPalette(page);
+
+            await expect(page.getByRole('option', { name: 'Create Project' })).toBeVisible();
+            await expect(page.getByRole('option', { name: 'Create Client' })).toBeVisible();
+            await expect(page.getByRole('option', { name: 'Create Tag' })).toBeVisible();
+        });
+    });
+
+    test.describe('Navigation Commands', () => {
+        // Tests use element visibility assertions for consistency with codebase patterns
+        const navigationTests = [
+            ['Go to Dashboard', 'dashboard_view', '/time'],
+            ['Go to Time', 'time_view', '/dashboard'],
+            ['Go to Calendar', 'calendar_view', '/dashboard'],
+            ['Go to Projects', 'projects_view', '/dashboard'],
+            ['Go to Clients', 'clients_view', '/dashboard'],
+            ['Go to Members', 'members_view', '/dashboard'],
+            ['Go to Tags', 'tags_view', '/dashboard'],
+        ] as const;
+
+        for (const [commandName, expectedTestId, startUrl] of navigationTests) {
+            test(`${commandName}`, async ({ page }) => {
+                await page.goto(PLAYWRIGHT_BASE_URL + startUrl);
+                await openCommandPalette(page);
+                await searchInCommandPalette(page, commandName.replace('Go to ', ''));
+                await selectCommand(page, commandName);
+                await expect(page.getByTestId(expectedTestId)).toBeVisible({ timeout: 10000 });
+            });
+        }
+
+        test('Go to Profile', async ({ page }) => {
+            await goToDashboard(page);
+            await openCommandPalette(page);
+            await searchInCommandPalette(page, 'Profile');
+            await selectCommand(page, 'Go to Profile');
+            // Profile page doesn't have a testId, so check for a unique element
+            await expect(page.getByRole('heading', { name: 'Profile Information' })).toBeVisible({
+                timeout: 10000,
+            });
+        });
+
+        test('Go to Reporting Overview', async ({ page }) => {
+            await goToDashboard(page);
+            await openCommandPalette(page);
+            await searchInCommandPalette(page, 'Reporting Overview');
+            await selectCommand(page, 'Go to Reporting Overview');
+            await expect(page.getByTestId('reporting_view')).toBeVisible({ timeout: 10000 });
+        });
+
+        test('Go to Settings', async ({ page }) => {
+            await goToDashboard(page);
+            await openCommandPalette(page);
+            await searchInCommandPalette(page, 'Settings');
+            await selectCommand(page, 'Go to Settings');
+            // Settings page uses team settings which has an h3 heading
+            await expect(
+                page.getByRole('heading', { name: 'Organization Name', level: 3 })
+            ).toBeVisible({
+                timeout: 10000,
+            });
+        });
+    });
+
+    test.describe('Search and Filtering', () => {
+        test('filters commands when searching', async ({ page }) => {
+            await goToDashboard(page);
+            await openCommandPalette(page);
+
+            await searchInCommandPalette(page, 'dashboard');
+            await expect(page.getByRole('option', { name: 'Go to Dashboard' })).toBeVisible();
+
+            await searchInCommandPalette(page, 'calendar');
+            await expect(page.getByRole('option', { name: 'Go to Calendar' })).toBeVisible();
+        });
+
+        test('search is case insensitive', async ({ page }) => {
+            await goToDashboard(page);
+            await openCommandPalette(page);
+
+            await searchInCommandPalette(page, 'DASHBOARD');
+            await expect(page.getByRole('option', { name: 'Go to Dashboard' })).toBeVisible();
+        });
+
+        test('partial word search works', async ({ page }) => {
+            await goToDashboard(page);
+            await openCommandPalette(page);
+
+            await searchInCommandPalette(page, 'proj');
+            await expect(page.getByRole('option', { name: 'Go to Projects' })).toBeVisible();
+            await expect(page.getByRole('option', { name: 'Create Project' })).toBeVisible();
+        });
+
+        test('keyboard navigation and selection works', async ({ page }) => {
+            await goToDashboard(page);
+            await openCommandPalette(page);
+
+            await page.keyboard.press('ArrowDown');
+            await page.keyboard.press('ArrowDown');
+            await page.keyboard.press('Enter');
+
+            await expect(page.locator('[role="dialog"]')).not.toBeVisible();
+        });
+    });
+
+    test.describe('Theme Commands', () => {
+        test('switches to dark theme', async ({ page }) => {
+            await goToDashboard(page);
+            await openCommandPalette(page);
+            await searchInCommandPalette(page, 'Dark Theme');
+            await selectCommand(page, 'Switch to Dark Theme');
+            await expect(page.locator('html')).toHaveClass(/dark/);
+        });
+
+        test('switches to light theme', async ({ page }) => {
+            await goToDashboard(page);
+            await openCommandPalette(page);
+            await searchInCommandPalette(page, 'Light Theme');
+            await selectCommand(page, 'Switch to Light Theme');
+            await expect(page.locator('html')).toHaveClass(/light/);
+        });
+    });
+
+    test.describe('Timer Commands', () => {
+        test('starts and stops timer', async ({ page }) => {
+            await goToDashboard(page);
+
+            // Start timer
+            await openCommandPalette(page);
+            await searchInCommandPalette(page, 'Start Timer');
+            await selectCommand(page, 'Start Timer');
+            await assertTimerIsRunning(page);
+
+            // Stop timer
+            await openCommandPalette(page);
+            await searchInCommandPalette(page, 'Stop Timer');
+            await selectCommand(page, 'Stop Timer');
+            await assertTimerIsStopped(page);
+        });
+
+        test('shows active timer commands when running', async ({ page }) => {
+            await goToDashboard(page);
+
+            // Start timer
+            await openCommandPalette(page);
+            await searchInCommandPalette(page, 'Start Timer');
+            await selectCommand(page, 'Start Timer');
+            await assertTimerIsRunning(page);
+
+            // Check active timer commands - search for them to ensure visibility
+            await openCommandPalette(page);
+            await searchInCommandPalette(page, 'Set Project');
+            await expect(page.getByRole('option', { name: 'Set Project' })).toBeVisible();
+        });
+    });
+
+    test.describe('Create Commands', () => {
+        test('opens create time entry modal', async ({ page }) => {
+            await goToDashboard(page);
+            await openCommandPalette(page);
+            await searchInCommandPalette(page, 'Create Time Entry');
+            await selectCommand(page, 'Create Time Entry');
+            await expect(
+                page.locator('[role="dialog"]').getByText('Create manual time entry')
+            ).toBeVisible();
+        });
+
+        test('opens create project modal', async ({ page }) => {
+            await goToDashboard(page);
+            await openCommandPalette(page);
+            await searchInCommandPalette(page, 'Create Project');
+            await selectCommand(page, 'Create Project');
+            await expect(
+                page.locator('[role="dialog"]').getByRole('heading', { name: 'Create Project' })
+            ).toBeVisible();
+        });
+
+        test('opens create client modal', async ({ page }) => {
+            await goToDashboard(page);
+            await openCommandPalette(page);
+            await searchInCommandPalette(page, 'Create Client');
+            await selectCommand(page, 'Create Client');
+            await expect(
+                page.locator('[role="dialog"]').getByRole('heading', { name: 'Create Client' })
+            ).toBeVisible();
+        });
+
+        test('opens create tag modal', async ({ page }) => {
+            await goToDashboard(page);
+            await openCommandPalette(page);
+            await searchInCommandPalette(page, 'Create Tag');
+            await selectCommand(page, 'Create Tag');
+            await expect(page.locator('[role="dialog"]').getByText('Create Tags')).toBeVisible();
+        });
+
+        test('opens invite member modal', async ({ page }) => {
+            await goToDashboard(page);
+            await openCommandPalette(page);
+            await searchInCommandPalette(page, 'Invite Member');
+            await selectCommand(page, 'Invite Member');
+            // Modal has title with "Invite Member" text - use first() to get the title span
+            await expect(
+                page.locator('[role="dialog"]').getByText('Invite Member').first()
+            ).toBeVisible();
+        });
+    });
+
+    test.describe('Entity Search', () => {
+        test('searches for projects and navigates on selection', async ({ page }) => {
+            const projectName = 'CmdPalette' + Math.floor(Math.random() * 10000);
+
+            // Create project first
+            await page.goto(PLAYWRIGHT_BASE_URL + '/projects');
+            await page.getByRole('button', { name: 'Create Project' }).click();
+            await page.getByPlaceholder('The next big thing').fill(projectName);
+
+            await page.getByRole('button', { name: 'Create Project' }).click();
+            // Wait for project to be created and page to update
+            await expect(page.getByText(projectName)).toBeVisible({ timeout: 10000 });
+
+            // Search from the projects page where the query cache now has the new project
+            await openCommandPalette(page);
+            await searchInCommandPalette(page, projectName);
+
+            // Wait for entity search to return results
+            const projectOption = page.getByRole('option').filter({ hasText: projectName });
+            await expect(projectOption).toBeVisible({
+                timeout: 5000,
+            });
+
+            // Select the project from search results
+            await projectOption.click();
+        });
+    });
+
+    test.describe('Organization Switching', () => {
+        test('shows switch commands only when multiple organizations exist', async ({ page }) => {
+            await goToDashboard(page);
+            await openCommandPalette(page);
+
+            // With only one org, no switch commands should appear
+            await searchInCommandPalette(page, 'Switch to');
+            // Check that no organization switch commands appear (only theme switch commands)
+            const switchOptions = page.getByRole('option', { name: /^Switch to (?!.*Theme)/ });
+            await expect(switchOptions).toHaveCount(0);
+        });
+
+        test('switches organization via command palette', async ({ page }) => {
+            const newOrgName = 'TestOrg' + Math.floor(Math.random() * 10000);
+
+            // Create a new organization
+            await page.goto(PLAYWRIGHT_BASE_URL + '/teams/create');
+            await page.getByLabel('Organization Name').fill(newOrgName);
+            await page.getByRole('button', { name: 'Create' }).click();
+
+            // Wait for navigation to new org's dashboard
+            await expect(page.getByTestId('dashboard_view')).toBeVisible({ timeout: 10000 });
+
+            // Use visible switcher (desktop sidebar has one, mobile header has another)
+            const orgSwitcher = page.locator('[data-testid="organization_switcher"]:visible');
+
+            // Verify we're in the new org by checking the switcher
+            await expect(orgSwitcher).toContainText(newOrgName);
+
+            // Get the original org name from switcher dropdown
+            await orgSwitcher.click();
+            await expect(page.getByText('Switch Organizations')).toBeVisible();
+
+            // Find the other organization button (has ArrowRightIcon, not CheckCircleIcon)
+            // The button contains an SVG and a div with the org name
+            const otherOrgItem = page.locator('form button').filter({ hasText: /.+/ }).first();
+            await expect(otherOrgItem).toBeVisible();
+            const originalOrgName = (await otherOrgItem.innerText()).trim();
+            await page.keyboard.press('Escape'); // Close dropdown
+
+            // Now use command palette to switch back to original org
+            await openCommandPalette(page);
+            await searchInCommandPalette(page, 'Switch to');
+
+            // Should see the switch command for the original org
+            const switchCommand = page.getByRole('option', {
+                name: new RegExp(`Switch to ${originalOrgName}`),
+            });
+            await expect(switchCommand).toBeVisible();
+            await switchCommand.click();
+
+            // Wait for organization switch to complete
+            await expect(orgSwitcher).toContainText(originalOrgName, {
+                timeout: 10000,
+            });
+        });
+
+        test('organization switch commands appear in Organization group', async ({ page }) => {
+            const newOrgName = 'GroupTestOrg' + Math.floor(Math.random() * 10000);
+
+            // Create a new organization to ensure we have multiple
+            await page.goto(PLAYWRIGHT_BASE_URL + '/teams/create');
+            await page.getByLabel('Organization Name').fill(newOrgName);
+            await page.getByRole('button', { name: 'Create' }).click();
+            await expect(page.getByTestId('dashboard_view')).toBeVisible({ timeout: 10000 });
+
+            // Open command palette and check for Organization group heading
+            await openCommandPalette(page);
+
+            // The Organization group should be visible when there are switch commands
+            await expect(page.getByText('Organization', { exact: true })).toBeVisible();
+        });
+    });
+});
+
+// =============================================
+// Employee Permission Tests
+// =============================================
+
+test.describe('Employee Command Palette Restrictions', () => {
+    test('employee command palette does not show restricted navigation commands', async ({
+        employee,
+    }) => {
+        await employee.page.goto(PLAYWRIGHT_BASE_URL + '/dashboard');
+        await expect(employee.page.getByTestId('dashboard_view')).toBeVisible({
+            timeout: 10000,
+        });
+
+        // Open command palette
+        await employee.page.getByTestId('command_palette_button').click();
+        await expect(employee.page.locator('[role="dialog"]')).toBeVisible({ timeout: 5000 });
+
+        // Available navigation commands
+        await expect(employee.page.getByRole('option', { name: 'Go to Dashboard' })).toBeVisible();
+        await expect(employee.page.getByRole('option', { name: 'Go to Time' })).toBeVisible();
+        await expect(employee.page.getByRole('option', { name: 'Go to Calendar' })).toBeVisible();
+
+        // Restricted commands should NOT be visible
+        await expect(
+            employee.page.getByRole('option', { name: 'Go to Members' })
+        ).not.toBeVisible();
+        await expect(
+            employee.page.getByRole('option', { name: 'Go to Settings' })
+        ).not.toBeVisible();
+    });
+
+    test('employee command palette does not show create commands for restricted entities', async ({
+        employee,
+    }) => {
+        await employee.page.goto(PLAYWRIGHT_BASE_URL + '/dashboard');
+        await expect(employee.page.getByTestId('dashboard_view')).toBeVisible({
+            timeout: 10000,
+        });
+
+        // Open command palette
+        await employee.page.getByTestId('command_palette_button').click();
+        await expect(employee.page.locator('[role="dialog"]')).toBeVisible({ timeout: 5000 });
+
+        // Search for "Create" to filter
+        await employee.page.locator('[role="dialog"] input').fill('Create');
+        await employee.page.waitForTimeout(300);
+
+        // Should NOT see create commands for restricted entities
+        await expect(
+            employee.page.getByRole('option', { name: 'Create Project' })
+        ).not.toBeVisible();
+        await expect(
+            employee.page.getByRole('option', { name: 'Create Client' })
+        ).not.toBeVisible();
+        await expect(employee.page.getByRole('option', { name: 'Create Tag' })).not.toBeVisible();
+        await expect(
+            employee.page.getByRole('option', { name: 'Invite Member' })
+        ).not.toBeVisible();
+
+        // Should still see Create Time Entry (employees can create time entries)
+        await expect(
+            employee.page.getByRole('option', { name: 'Create Time Entry' })
+        ).toBeVisible();
+    });
+});

e2e/dashboard.spec.ts

@@ -0,0 +1,198 @@
+import { expect, test } from '../playwright/fixtures';
+import { PLAYWRIGHT_BASE_URL } from '../playwright/config';
+import type { Page } from '@playwright/test';
+import {
+    assertThatTimerHasStarted,
+    assertThatTimerIsStopped,
+    newTimeEntryResponse,
+    startOrStopTimerWithButton,
+    stoppedTimeEntryResponse,
+} from './utils/currentTimeEntry';
+import {
+    createBareTimeEntryViaApi,
+    createPublicProjectViaApi,
+    createTimeEntryViaApi,
+    updateOrganizationSettingViaApi,
+} from './utils/api';
+
+async function goToDashboard(page: Page) {
+    await page.goto(PLAYWRIGHT_BASE_URL + '/dashboard');
+}
+
+test('test that dashboard loads with all expected sections', async ({ page }) => {
+    await goToDashboard(page);
+    await expect(page.getByTestId('dashboard_view')).toBeVisible({ timeout: 10000 });
+
+    // Timer section (scoped to dashboard_timer to avoid matching sidebar timer)
+    await expect(page.getByTestId('time_entry_description')).toBeVisible();
+    await expect(
+        page
+            .getByTestId('dashboard_timer')
+            .getByTestId('timer_button')
+            .and(page.locator(':visible'))
+    ).toBeVisible();
+
+    // Dashboard cards
+    await expect(page.getByText('Recent Time Entries', { exact: true })).toBeVisible();
+    await expect(page.getByText('Last 7 Days', { exact: true })).toBeVisible();
+    await expect(page.getByText('Activity Graph', { exact: true })).toBeVisible();
+    await expect(page.getByText('Team Activity', { exact: true })).toBeVisible();
+
+    // Weekly overview section
+    await expect(page.getByText('This Week', { exact: true })).toBeVisible();
+});
+
+test('test that dashboard shows time entry data after creating entries', async ({ page, ctx }) => {
+    await createBareTimeEntryViaApi(ctx, 'Dashboard test entry', '1h');
+
+    await goToDashboard(page);
+    await expect(page.getByTestId('dashboard_view')).toBeVisible();
+
+    // The "Last 7 Days" or "This Week" section should reflect tracked time
+    await expect(page.getByText('This Week', { exact: true })).toBeVisible();
+});
+
+test('test that timer on dashboard can start and stop', async ({ page }) => {
+    await goToDashboard(page);
+    await Promise.all([newTimeEntryResponse(page), startOrStopTimerWithButton(page)]);
+    await assertThatTimerHasStarted(page);
+
+    await page.waitForTimeout(1500);
+
+    await Promise.all([stoppedTimeEntryResponse(page), startOrStopTimerWithButton(page)]);
+    await assertThatTimerIsStopped(page);
+});
+
+test('test that weekly overview section displays stat cards', async ({ page, ctx }) => {
+    await createBareTimeEntryViaApi(ctx, 'Stats test entry', '2h');
+
+    await goToDashboard(page);
+
+    // Verify stat card labels are visible
+    await expect(page.getByText('Spent Time')).toBeVisible();
+    await expect(page.getByText('Billable Time')).toBeVisible();
+    await expect(page.getByText('Billable Amount')).toBeVisible();
+});
+
+test('test that stopping timer refreshes dashboard data', async ({ page }) => {
+    await goToDashboard(page);
+
+    // Start timer
+    await Promise.all([newTimeEntryResponse(page), startOrStopTimerWithButton(page)]);
+    await assertThatTimerHasStarted(page);
+    await page.waitForTimeout(1500);
+
+    // Stop timer and verify dashboard queries are refetched
+    await Promise.all([
+        stoppedTimeEntryResponse(page),
+        page.waitForResponse(
+            (response) =>
+                response.url().includes('/charts/') &&
+                response.request().method() === 'GET' &&
+                response.status() === 200
+        ),
+        startOrStopTimerWithButton(page),
+    ]);
+    await assertThatTimerIsStopped(page);
+});
+
+// =============================================
+// Employee Permission Tests
+// =============================================
+
+test.describe('Employee Dashboard Restrictions', () => {
+    test('employee dashboard loads and timer is functional', async ({ employee }) => {
+        await employee.page.goto(PLAYWRIGHT_BASE_URL + '/dashboard');
+        await expect(employee.page.getByTestId('dashboard_view')).toBeVisible({
+            timeout: 10000,
+        });
+
+        // Timer should be available
+        await expect(
+            employee.page
+                .getByTestId('dashboard_timer')
+                .getByTestId('timer_button')
+                .and(employee.page.locator(':visible'))
+        ).toBeVisible();
+        await expect(employee.page.getByTestId('time_entry_description')).toBeEditable();
+    });
+
+    test('employee cannot see Team Activity card', async ({ employee }) => {
+        await employee.page.goto(PLAYWRIGHT_BASE_URL + '/dashboard');
+        await expect(employee.page.getByTestId('dashboard_view')).toBeVisible({
+            timeout: 10000,
+        });
+
+        // Other dashboard cards should be visible
+        await expect(employee.page.getByText('Recent Time Entries', { exact: true })).toBeVisible();
+
+        // Team Activity should NOT be visible for employees
+        await expect(employee.page.getByText('Team Activity', { exact: true })).not.toBeVisible();
+    });
+
+    test('employee cannot see Cost column in This Week table by default', async ({
+        ctx,
+        employee,
+    }) => {
+        const project = await createPublicProjectViaApi(ctx, {
+            name: 'EmpDashBillProj',
+            is_billable: true,
+            billable_rate: 10000,
+        });
+        await createTimeEntryViaApi(
+            { ...ctx, memberId: employee.memberId },
+            {
+                description: 'Emp dashboard cost entry',
+                duration: '1h',
+                projectId: project.id,
+                billable: true,
+            }
+        );
+
+        await employee.page.goto(PLAYWRIGHT_BASE_URL + '/dashboard');
+        await expect(employee.page.getByTestId('dashboard_view')).toBeVisible({
+            timeout: 10000,
+        });
+
+        // This Week table should be visible
+        await expect(employee.page.getByText('This Week', { exact: true })).toBeVisible();
+
+        // Duration column should be visible, but Cost column should NOT
+        await expect(employee.page.getByText('Duration', { exact: true })).toBeVisible();
+        await expect(employee.page.getByText('Cost', { exact: true })).not.toBeVisible();
+    });
+
+    test('employee can see Cost column in This Week table when employees_can_see_billable_rates is enabled', async ({
+        ctx,
+        employee,
+    }) => {
+        await updateOrganizationSettingViaApi(ctx, { employees_can_see_billable_rates: true });
+
+        const project = await createPublicProjectViaApi(ctx, {
+            name: 'EmpDashBillVisProj',
+            is_billable: true,
+            billable_rate: 10000,
+        });
+        await createTimeEntryViaApi(
+            { ...ctx, memberId: employee.memberId },
+            {
+                description: 'Emp dashboard cost visible entry',
+                duration: '1h',
+                projectId: project.id,
+                billable: true,
+            }
+        );
+
+        await employee.page.goto(PLAYWRIGHT_BASE_URL + '/dashboard');
+        await expect(employee.page.getByTestId('dashboard_view')).toBeVisible({
+            timeout: 10000,
+        });
+
+        // Both Duration and Cost columns should be visible
+        await expect(employee.page.getByText('Duration', { exact: true })).toBeVisible();
+        await expect(employee.page.getByText('Cost', { exact: true })).toBeVisible();
+
+        // 1h at 100.00/h = 100.00 EUR cost should be visible
+        await expect(employee.page.getByText('100,00 EUR').first()).toBeVisible();
+    });
+});

e2e/import-export.spec.ts

@@ -0,0 +1,154 @@
+import { expect, test } from '../playwright/fixtures';
+import { PLAYWRIGHT_BASE_URL } from '../playwright/config';
+import type { Page } from '@playwright/test';
+import path from 'path';
+
+async function goToImportExport(page: Page) {
+    await page.goto(PLAYWRIGHT_BASE_URL + '/import');
+}
+
+test('test that import page loads with type dropdown and file upload', async ({ page }) => {
+    await goToImportExport(page);
+    await expect(page.getByTestId('import_view')).toBeVisible({ timeout: 10000 });
+
+    // Import section
+    await expect(page.getByRole('heading', { name: 'Import Data' })).toBeVisible();
+    await expect(page.locator('#importType')).toBeVisible();
+
+    // Export section
+    await expect(page.getByRole('heading', { name: 'Export Data' })).toBeVisible();
+    await expect(page.getByRole('button', { name: 'Export Organization Data' })).toBeVisible();
+});
+
+test('test that selecting an import type shows instructions', async ({ page }) => {
+    await goToImportExport(page);
+
+    // Select a Toggl import type
+    await page.getByLabel('Import Type').selectOption({ index: 1 });
+
+    // Instructions should appear
+    await expect(page.getByText('Instructions:')).toBeVisible();
+});
+
+test('test that importing without selecting type shows error', async ({ page }) => {
+    await goToImportExport(page);
+
+    // Click Import Data without selecting a type
+    await page.getByRole('button', { name: 'Import Data' }).click();
+
+    // Should show an error notification
+    await expect(page.getByText('Please select the import type')).toBeVisible();
+});
+
+test('test that importing without selecting file shows error', async ({ page }) => {
+    await goToImportExport(page);
+
+    // Select an import type first
+    await page.getByLabel('Import Type').selectOption({ index: 1 });
+
+    // Click Import Data without selecting a file
+    await page.getByRole('button', { name: 'Import Data' }).click();
+
+    // Should show an error notification
+    await expect(
+        page.getByText('Please select the CSV or ZIP file that you want to import')
+    ).toBeVisible();
+});
+
+test('test that export button triggers export and shows success modal', async ({ page }) => {
+    await goToImportExport(page);
+    await expect(page.getByRole('button', { name: 'Export Organization Data' })).toBeVisible();
+
+    // Override window.open to prevent the page from navigating away to the
+    // download URL (the app uses window.open(url, '_self') which would navigate
+    // away before we can verify the success modal)
+    await page.evaluate(() => {
+        window.open = () => null;
+    });
+
+    // Click Export Organization Data and wait for the API response
+    await Promise.all([
+        page.waitForResponse(
+            (response) =>
+                response.url().includes('/export') &&
+                response.request().method() === 'POST' &&
+                response.status() === 200,
+            { timeout: 60000 }
+        ),
+        page.getByRole('button', { name: 'Export Organization Data' }).click(),
+    ]);
+
+    // Success modal should appear after export completes
+    await expect(page.getByText('The export was successful!')).toBeVisible();
+});
+
+test('test that import type dropdown has multiple options', async ({ page }) => {
+    await goToImportExport(page);
+
+    // The dropdown should load with options from the API
+    await page.waitForResponse(
+        (response) =>
+            response.url().includes('/importers') &&
+            response.request().method() === 'GET' &&
+            response.status() === 200
+    );
+
+    // Verify the select has options besides the default placeholder
+    const options = page.getByLabel('Import Type').locator('option');
+    const count = await options.count();
+    // Should have at least the placeholder + some import types
+    expect(count).toBeGreaterThan(1);
+});
+
+test('test that importing a generic time entries CSV works', async ({ page }) => {
+    await goToImportExport(page);
+    await expect(page.getByTestId('import_view')).toBeVisible({ timeout: 10000 });
+
+    // Select "Generic Time Entries" import type
+    await page.getByLabel('Import Type').selectOption({ label: 'Generic Time Entries' });
+    await expect(page.getByText('Instructions:')).toBeVisible();
+
+    // Upload the test CSV file
+    const csvPath = path.resolve('resources/testfiles/generic_time_entries_import_test_1.csv');
+    await page.locator('#file-upload').setInputFiles(csvPath);
+
+    // Click Import and wait for the API response
+    await Promise.all([
+        page.waitForResponse(
+            (response) =>
+                response.url().includes('/import') &&
+                response.request().method() === 'POST' &&
+                response.status() === 200,
+            { timeout: 30000 }
+        ),
+        page.getByRole('button', { name: 'Import Data' }).click(),
+    ]);
+
+    // Verify success modal with import results
+    await expect(page.getByRole('heading', { name: 'Import Result' })).toBeVisible();
+    await expect(page.getByText('The import was successful!')).toBeVisible();
+
+    // The CSV has 2 time entries, 1 client, 2 projects, 1 task
+    await expect(page.getByText('Time entries created:').locator('..')).toContainText('2');
+    await expect(page.getByText('Projects created:').locator('..')).toContainText('2');
+    await expect(page.getByText('Clients created:').locator('..')).toContainText('1');
+    await expect(page.getByText('Tasks created:').locator('..')).toContainText('1');
+});
+
+// =============================================
+// Employee Permission Tests
+// =============================================
+
+test.describe('Employee Import Restrictions', () => {
+    test('employee does not see Import / Export link in the sidebar', async ({ employee }) => {
+        await employee.page.goto(PLAYWRIGHT_BASE_URL + '/dashboard');
+        await expect(employee.page.getByTestId('dashboard_view')).toBeVisible({
+            timeout: 10000,
+        });
+
+        // The Import / Export link should NOT be visible in the sidebar for employees
+        await expect(
+            employee.page.getByRole('link', { name: 'Import / Export' })
+        ).not.toBeVisible();
+    });
+});

e2e/members.spec.ts

@@ -3,65 +3,69 @@
 // TODO: Remove Invitation
 import { expect, test } from '../playwright/fixtures';
 import { PLAYWRIGHT_BASE_URL } from '../playwright/config';
+import type { Page } from '@playwright/test';
+import { inviteAndAcceptMember } from './utils/members';
+import {
+    createPlaceholderMemberViaImportApi,
+    getMembersViaApi,
+    updateMemberBillableRateViaApi,
+    updateOrganizationSettingViaApi,
+} from './utils/api';
+import { getTableRowNames } from './utils/table';
 
-async function goToMembersPage(page) {
+// Tests that invite + accept members need more time
+test.describe.configure({ timeout: 45000 });
+
+async function goToMembersPage(page: Page) {
     await page.goto(PLAYWRIGHT_BASE_URL + '/members');
 }
 
-async function openInviteMemberModal(page) {
+async function openInviteMemberModal(page: Page) {
     await Promise.all([
         page.getByRole('button', { name: 'Invite Member' }).click(),
         expect(page.getByPlaceholder('Member Email')).toBeVisible(),
     ]);
 }
 
-test('test that new manager can be invited', async ({ page }) => {
+test('test that new manager can be invited and accepted', async ({ page, browser }) => {
+    const memberId = Math.round(Math.random() * 100000);
+    const memberEmail = `manager+${memberId}@invite.test`;
+
+    await inviteAndAcceptMember(page, browser, 'Invited Mgr', memberEmail, 'Manager');
+
+    // Verify the member appears in the members table with the correct role
     await goToMembersPage(page);
-    await openInviteMemberModal(page);
-    const editorId = Math.round(Math.random() * 10000);
-    await page.getByLabel('Email').fill(`new+${editorId}@editor.test`);
-    await page.getByRole('button', { name: 'Manager' }).click();
-    await Promise.all([
-        page
-            .getByRole('button', { name: 'Invite Member', exact: true })
-            .click(),
-        expect(page.getByRole('main')).toContainText(
-            `new+${editorId}@editor.test`
-        ),
-    ]);
+    const memberRow = page.getByRole('row').filter({ hasText: 'Invited Mgr' });
+    await expect(memberRow).toBeVisible();
+    await expect(memberRow.getByText('Manager', { exact: true })).toBeVisible();
 });
 
-test('test that new employee can be invited', async ({ page }) => {
+test('test that new employee can be invited and accepted', async ({ page, browser }) => {
+    const memberId = Math.round(Math.random() * 100000);
+    const memberEmail = `employee+${memberId}@invite.test`;
+
+    await inviteAndAcceptMember(page, browser, 'Invited Emp', memberEmail, 'Employee');
+
+    // Verify the member appears in the members table with the correct role
     await goToMembersPage(page);
-    await openInviteMemberModal(page);
-    const editorId = Math.round(Math.random() * 10000);
-    await page.getByLabel('Email').fill(`new+${editorId}@editor.test`);
-    await page.getByRole('button', { name: 'Employee' }).click();
-    await Promise.all([
-        page
-            .getByRole('button', { name: 'Invite Member', exact: true })
-            .click(),
-        await expect(page.getByRole('main')).toContainText(
-            `new+${editorId}@editor.test`
-        ),
-    ]);
+    const memberRow = page.getByRole('row').filter({ hasText: 'Invited Emp' });
+    await expect(memberRow).toBeVisible();
+    await expect(memberRow.getByText('Employee', { exact: true })).toBeVisible();
 });
 
-test('test that new admin can be invited', async ({ page }) => {
+test('test that new admin can be invited and accepted', async ({ page, browser }) => {
+    const memberId = Math.round(Math.random() * 100000);
+    const memberEmail = `admin+${memberId}@invite.test`;
+
+    await inviteAndAcceptMember(page, browser, 'Invited Adm', memberEmail, 'Administrator');
+
+    // Verify the member appears in the members table with the correct role
     await goToMembersPage(page);
-    await openInviteMemberModal(page);
-    const adminId = Math.round(Math.random() * 10000);
-    await page.getByLabel('Email').fill(`new+${adminId}@admin.test`);
-    await page.getByRole('button', { name: 'Administrator' }).click();
-    await Promise.all([
-        page
-            .getByRole('button', { name: 'Invite Member', exact: true })
-            .click(),
-        expect(page.getByRole('main')).toContainText(
-            `new+${adminId}@admin.test`
-        ),
-    ]);
+    const memberRow = page.getByRole('row').filter({ hasText: 'Invited Adm' });
+    await expect(memberRow).toBeVisible();
+    await expect(memberRow.getByText('Admin', { exact: true })).toBeVisible();
 });
+
 test('test that error shows if no role is selected', async ({ page }) => {
     await goToMembersPage(page);
     await openInviteMemberModal(page);
@@ -69,9 +73,7 @@ test('test that error shows if no role is selected', async ({ page }) => {
 
     await page.getByLabel('Email').fill(`new+${noRoleId}@norole.test`);
     await Promise.all([
-        page
-            .getByRole('button', { name: 'Invite Member', exact: true })
-            .click(),
+        page.getByRole('button', { name: 'Invite Member', exact: true }).click(),
         expect(page.getByText('Please select a role')).toBeVisible(),
     ]);
 });
@@ -83,11 +85,9 @@ test('test that organization billable rate can be updated with all existing time
     const newBillableRate = Math.round(Math.random() * 10000);
     await page.getByRole('row').first().getByRole('button').click();
     await page.getByRole('menuitem').getByText('Edit').click();
-    await page.getByText('Organization Default Rate').click();
-    await page.getByText('Custom Rate').click();
-    await page
-        .getByPlaceholder('Billable Rate')
-        .fill(newBillableRate.toString());
+    await page.getByRole('combobox').last().click();
+    await page.getByRole('option', { name: 'Custom Rate' }).click();
+    await page.getByPlaceholder('Billable Rate').fill(newBillableRate.toString());
     await page.getByRole('button', { name: 'Update Member' }).click();
 
     await Promise.all([
@@ -103,8 +103,839 @@ test('test that organization billable rate can be updated with all existing time
                 response.url().includes('/organizations/') &&
                 response.request().method() === 'PUT' &&
                 response.status() === 200 &&
-                (await response.json()).data.billable_rate ===
-                    newBillableRate * 100
+                (await response.json()).data.billable_rate === newBillableRate * 100
         ),
     ]);
 });
+
+test('test that switching member billable rate from custom back to default rate works', async ({
+    page,
+    ctx,
+}) => {
+    // Set a known org billable rate
+    await updateOrganizationSettingViaApi(ctx, { billable_rate: 12000 });
+
+    // Create a placeholder member with a custom billable rate
+    await createPlaceholderMemberViaImportApi(ctx, 'CustomToDefault Member');
+    const members = await getMembersViaApi(ctx);
+    const member = members.find((m) => m.name === 'CustomToDefault Member');
+    expect(member).toBeDefined();
+    await updateMemberBillableRateViaApi(ctx, member!.id, 25000);
+
+    await goToMembersPage(page);
+    const memberRow = page.getByRole('row').filter({ hasText: 'CustomToDefault Member' });
+    await expect(memberRow).toBeVisible();
+
+    // Open edit modal
+    await memberRow.getByRole('button').click();
+    await page.getByRole('menuitem').getByText('Edit').click();
+    await expect(page.getByRole('heading', { name: 'Update Member' })).toBeVisible();
+
+    // Verify it starts on Custom Rate
+    const billableCombobox = page.getByRole('dialog').getByRole('combobox').last();
+    await expect(billableCombobox).toContainText('Custom Rate');
+
+    // Switch to Default Rate
+    await billableCombobox.click();
+    await page.getByRole('option', { name: 'Default Rate' }).click();
+    await expect(billableCombobox).toContainText('Default Rate');
+
+    // Verify the billable rate input is disabled
+    await expect(page.getByPlaceholder('Billable Rate')).toBeDisabled();
+
+    // Submit — billable_rate changes from 25000 to null, so confirmation dialog appears
+    await page.getByRole('button', { name: 'Update Member' }).click();
+    await expect(page.getByRole('heading', { name: 'Update Member Billable Rate' })).toBeVisible();
+    await expect(page.getByText('the default rate of the organization')).toBeVisible();
+
+    // Confirm the update
+    await Promise.all([
+        page.getByRole('button', { name: 'Yes, update existing time' }).click(),
+        page.waitForRequest(
+            (request) =>
+                request.url().includes('/members/') &&
+                request.method() === 'PUT' &&
+                request.postDataJSON().billable_rate === null
+        ),
+    ]);
+
+    // Verify both dialogs are closed
+    await expect(page.getByRole('dialog')).not.toBeVisible();
+});
+
+test('test that default rate shows disabled input with organization billable rate', async ({
+    page,
+    ctx,
+}) => {
+    // Set a known org billable rate (150.00)
+    await updateOrganizationSettingViaApi(ctx, { billable_rate: 15000 });
+
+    await goToMembersPage(page);
+
+    // Open edit modal for the owner (who uses default rate by default)
+    await page.getByRole('row').first().getByRole('button').click();
+    await page.getByRole('menuitem').getByText('Edit').click();
+    await expect(page.getByRole('heading', { name: 'Update Member' })).toBeVisible();
+
+    // Verify it's on Default Rate
+    const billableCombobox = page.getByRole('dialog').getByRole('combobox').last();
+    await expect(billableCombobox).toContainText('Default Rate');
+
+    // Verify the input is disabled and shows the org rate (formatted with currency)
+    const billableInput = page.getByPlaceholder('Billable Rate');
+    await expect(billableInput).toBeDisabled();
+    await expect(billableInput).toHaveAttribute('aria-valuenow', '150');
+
+    // Close the dialog
+    await page.getByRole('button', { name: 'Cancel' }).click();
+    await expect(page.getByRole('dialog')).not.toBeVisible();
+});
+
+test('test that cancelling the billable rate confirmation dialog does not update the member', async ({
+    page,
+    ctx,
+}) => {
+    // Create a placeholder member with a custom billable rate
+    await createPlaceholderMemberViaImportApi(ctx, 'CancelConfirm Member');
+    const members = await getMembersViaApi(ctx);
+    const member = members.find((m) => m.name === 'CancelConfirm Member');
+    expect(member).toBeDefined();
+    await updateMemberBillableRateViaApi(ctx, member!.id, 10000);
+
+    await goToMembersPage(page);
+    const memberRow = page.getByRole('row').filter({ hasText: 'CancelConfirm Member' });
+    await expect(memberRow).toBeVisible();
+
+    // Open edit modal
+    await memberRow.getByRole('button').click();
+    await page.getByRole('menuitem').getByText('Edit').click();
+    await expect(page.getByRole('heading', { name: 'Update Member' })).toBeVisible();
+
+    // Change the billable rate
+    await page.getByPlaceholder('Billable Rate').fill('200');
+
+    // Click Update Member — confirmation dialog should appear
+    await page.getByRole('button', { name: 'Update Member' }).click();
+    await expect(page.getByRole('heading', { name: 'Update Member Billable Rate' })).toBeVisible();
+
+    // Set up listener to verify no PUT request is sent after cancel
+    let putRequestSent = false;
+    page.on('request', (request) => {
+        if (request.url().includes('/members/') && request.method() === 'PUT') {
+            putRequestSent = true;
+        }
+    });
+
+    // Click Cancel on the confirmation dialog
+    await page.getByRole('button', { name: 'Cancel' }).click();
+
+    // Verify confirmation dialog is closed
+    await expect(
+        page.getByRole('heading', { name: 'Update Member Billable Rate' })
+    ).not.toBeVisible();
+
+    // Verify no API call was made
+    expect(putRequestSent).toBe(false);
+});
+
+test('test that changing role of placeholder member is rejected', async ({ page, ctx }) => {
+    const placeholderName = 'RoleChange ' + Math.floor(Math.random() * 10000);
+
+    // Create a placeholder member via import
+    await createPlaceholderMemberViaImportApi(ctx, placeholderName);
+
+    // Go to members page and verify placeholder exists with role "Placeholder"
+    await goToMembersPage(page);
+    const memberRow = page.getByRole('row').filter({ hasText: placeholderName });
+    await expect(memberRow).toBeVisible();
+    await expect(memberRow.getByText('Placeholder', { exact: true })).toBeVisible();
+
+    // Open the edit modal for the placeholder member
+    await memberRow.getByRole('button').click();
+    await page.getByRole('menuitem').getByText('Edit').click();
+    await expect(page.getByRole('dialog')).toBeVisible();
+    await expect(page.getByRole('heading', { name: 'Update Member' })).toBeVisible();
+
+    // Change role to Employee
+    const roleSelect = page.getByRole('dialog').getByRole('combobox').first();
+    await roleSelect.click();
+    await expect(page.getByRole('option', { name: 'Employee' })).toBeVisible();
+    await page.getByRole('option', { name: 'Employee' }).click();
+    await expect(roleSelect).toContainText('Employee');
+
+    // Submit the change - the API should reject it with 400
+    await Promise.all([
+        page.getByRole('button', { name: 'Update Member' }).click(),
+        page.waitForResponse(
+            (response) =>
+                response.url().includes('/members/') &&
+                response.request().method() === 'PUT' &&
+                response.status() === 400
+        ),
+    ]);
+
+    // Verify error notification is shown
+    await expect(page.getByText('Failed to update member')).toBeVisible();
+});
+
+test('test that changing member role updates the role in the member table', async ({
+    page,
+    browser,
+}) => {
+    const memberId = Math.floor(Math.random() * 100000);
+    const memberEmail = `member+${memberId}@rolechange.test`;
+
+    // Invite and accept a new Employee member
+    await inviteAndAcceptMember(page, browser, 'Jane Smith', memberEmail, 'Employee');
+
+    // Verify the new member appears with the Employee role
+    await goToMembersPage(page);
+    const memberRow = page.getByRole('row').filter({ hasText: 'Jane Smith' });
+    await expect(memberRow).toBeVisible();
+    await expect(memberRow.getByText('Employee', { exact: true })).toBeVisible();
+
+    // Open the edit modal
+    await memberRow.getByRole('button').click();
+    await page.getByRole('menuitem').getByText('Edit').click();
+    await expect(page.getByRole('dialog')).toBeVisible();
+    await expect(page.getByRole('heading', { name: 'Update Member' })).toBeVisible();
+
+    // Change role to Manager
+    const roleSelect = page.getByRole('dialog').getByRole('combobox').first();
+    await roleSelect.click();
+    await expect(page.getByRole('option', { name: 'Manager' })).toBeVisible();
+    await page.getByRole('option', { name: 'Manager' }).click();
+    await expect(roleSelect).toContainText('Manager');
+
+    // Submit the change and verify the API call succeeds
+    await Promise.all([
+        page.getByRole('button', { name: 'Update Member' }).click(),
+        page.waitForResponse(
+            (response) =>
+                response.url().includes('/members/') &&
+                response.request().method() === 'PUT' &&
+                response.status() === 200
+        ),
+    ]);
+
+    // Verify dialog closed
+    await expect(page.getByRole('dialog')).not.toBeVisible();
+
+    // Verify the role updated in the table
+    await expect(memberRow.getByText('Manager', { exact: true })).toBeVisible();
+});
+
+test('test that merging a placeholder member works', async ({ page, ctx }) => {
+    const placeholderName = 'Merge Target ' + Math.floor(Math.random() * 10000);
+
+    // Create a placeholder member via import
+    await createPlaceholderMemberViaImportApi(ctx, placeholderName);
+
+    // Go to members page
+    await goToMembersPage(page);
+    await expect(page.getByText(placeholderName)).toBeVisible();
+
+    // Find the placeholder member row and open actions menu
+    const placeholderRow = page.getByRole('row').filter({ hasText: placeholderName });
+    await placeholderRow.getByRole('button').click();
+
+    // Click Merge
+    await page.getByTestId('member_merge').click();
+    await expect(page.getByRole('dialog')).toBeVisible();
+    await expect(page.getByRole('heading', { name: 'Merge Member' })).toBeVisible();
+
+    // Select the current user (the owner) as merge target via MemberCombobox
+    // The MemberCombobox renders a Button as trigger; clicking it opens the popover with the combobox input
+    await page.getByRole('dialog').getByRole('button', { name: 'Select a member...' }).click();
+
+    // Wait for dropdown options to load
+    const firstOption = page.getByRole('option').first();
+    await expect(firstOption).toBeVisible({ timeout: 10000 });
+    await firstOption.click();
+
+    // Submit merge
+    await Promise.all([
+        page.getByRole('button', { name: 'Merge Member' }).click(),
+        page.waitForResponse(
+            (response) =>
+                response.url().includes('/member/') &&
+                response.url().includes('/merge-into') &&
+                response.ok()
+        ),
+    ]);
+
+    // Wait for merge dialog to close after successful merge
+    await expect(page.getByRole('dialog').filter({ hasText: 'Merge Member' })).not.toBeVisible();
+
+    // Verify placeholder member is no longer in the members table
+    await expect(page.getByRole('main').getByText(placeholderName)).not.toBeVisible();
+});
+
+test('test that deleting a placeholder member works', async ({ page, ctx }) => {
+    const placeholderName = 'Delete Target ' + Math.floor(Math.random() * 10000);
+
+    // Create a placeholder member via import
+    await createPlaceholderMemberViaImportApi(ctx, placeholderName);
+
+    // Go to members page
+    await goToMembersPage(page);
+    const memberRow = page.getByRole('row').filter({ hasText: placeholderName });
+    await expect(memberRow).toBeVisible();
+
+    // Open actions menu and click Delete
+    await memberRow.getByRole('button').click();
+    await page.getByRole('menuitem').getByText('Delete').click();
+
+    // Verify delete modal is shown
+    await expect(page.getByRole('dialog')).toBeVisible();
+    await expect(page.getByRole('heading', { name: 'Delete Member' })).toBeVisible();
+
+    // Try to delete without checking the confirmation checkbox
+    await page.getByRole('button', { name: 'Delete Member' }).click();
+
+    // Should show validation error
+    await expect(
+        page.getByText('You must confirm that you understand the consequences of this action')
+    ).toBeVisible();
+
+    // Check the confirmation checkbox
+    await page.getByRole('checkbox').click();
+
+    // Click Delete Member button and wait for API response
+    await Promise.all([
+        page.getByRole('button', { name: 'Delete Member' }).click(),
+        page.waitForResponse(
+            (response) =>
+                response.url().includes('/members/') &&
+                response.request().method() === 'DELETE' &&
+                response.ok()
+        ),
+    ]);
+
+    // Verify modal is closed
+    await expect(page.getByRole('dialog')).not.toBeVisible();
+
+    // Verify member is removed from the table
+    await expect(page.getByRole('main').getByText(placeholderName)).not.toBeVisible();
+});
+
+test('test that member delete modal can be cancelled', async ({ page, ctx }) => {
+    const placeholderName = 'Delete Cancel ' + Math.floor(Math.random() * 10000);
+
+    // Create a placeholder member via import
+    await createPlaceholderMemberViaImportApi(ctx, placeholderName);
+
+    // Go to members page
+    await goToMembersPage(page);
+    const memberRow = page.getByRole('row').filter({ hasText: placeholderName });
+    await expect(memberRow).toBeVisible();
+
+    // Open actions menu and click Delete
+    await memberRow.getByRole('button').click();
+    await page.getByRole('menuitem').getByText('Delete').click();
+
+    // Verify delete modal is shown
+    await expect(page.getByRole('dialog')).toBeVisible();
+
+    // Set up listener to verify no DELETE request is sent
+    let deleteRequestSent = false;
+    page.on('request', (request) => {
+        if (request.url().includes('/members/') && request.method() === 'DELETE') {
+            deleteRequestSent = true;
+        }
+    });
+
+    // Click Cancel
+    await page.getByRole('button', { name: 'Cancel' }).click();
+
+    // Verify modal is closed
+    await expect(page.getByRole('dialog')).not.toBeVisible();
+
+    // Verify member is still in the table
+    await expect(memberRow).toBeVisible();
+
+    // Verify no DELETE request was sent
+    expect(deleteRequestSent).toBe(false);
+});
+
+test('test that organization owner cannot be deleted', async ({ page }) => {
+    await goToMembersPage(page);
+
+    // Find the owner row (John Doe with Owner role)
+    const ownerRow = page.getByRole('row').filter({ hasText: 'Owner' });
+    await expect(ownerRow).toBeVisible();
+
+    // Open the actions menu for the owner
+    await ownerRow.getByRole('button').click();
+
+    // Click Delete
+    await page.getByRole('menuitem').getByText('Delete').click();
+
+    // Verify delete modal is shown
+    await expect(page.getByRole('dialog')).toBeVisible();
+
+    // Check the confirmation checkbox
+    await page.getByRole('checkbox').click();
+
+    // Try to delete - should fail with 400 error
+    const responsePromise = page.waitForResponse(
+        (response) =>
+            response.url().includes('/members/') && response.request().method() === 'DELETE'
+    );
+    await page.getByRole('button', { name: 'Delete Member' }).click();
+    const response = await responsePromise;
+
+    // Verify the API returned an error status
+    expect(response.status()).toBe(400);
+
+    // Close the modal by pressing Escape
+    await page.keyboard.press('Escape');
+
+    // Refresh and verify the owner is still there
+    await goToMembersPage(page);
+    await expect(page.getByRole('row').filter({ hasText: 'Owner' })).toBeVisible();
+});
+
+// =============================================
+// Context Menu Tests
+// =============================================
+
+test('test that member context menu edit updates the member billable rate', async ({
+    page,
+    ctx,
+}) => {
+    const memberName = 'CtxEditMember ' + Math.floor(1 + Math.random() * 10000);
+    await createPlaceholderMemberViaImportApi(ctx, memberName);
+    await goToMembersPage(page);
+
+    const row = page.getByRole('row').filter({ hasText: memberName }).first();
+    await expect(row).toBeVisible();
+    await row.click({ button: 'right' });
+    await expect(page.getByRole('menu')).toBeVisible();
+    await page.getByRole('menuitem', { name: 'Edit' }).click();
+    await expect(page.getByRole('dialog')).toBeVisible();
+    await expect(page.getByRole('heading', { name: 'Update Member' })).toBeVisible();
+
+    // Change billable rate from default to custom
+    const billableRateSelect = page.getByRole('dialog').getByRole('combobox').last();
+    await billableRateSelect.click();
+    await page.getByRole('option', { name: 'Custom Rate' }).click();
+
+    // Set a custom billable rate
+    await page.getByPlaceholder('Billable Rate').fill('150');
+
+    // Click Update Member — confirmation dialog should appear
+    await page.getByRole('button', { name: 'Update Member' }).click();
+    await expect(page.getByRole('heading', { name: 'Update Member Billable Rate' })).toBeVisible();
+
+    // Confirm the billable rate change
+    await Promise.all([
+        page.getByRole('button', { name: 'Yes, update existing time entries' }).click(),
+        page.waitForResponse(
+            (response) =>
+                response.url().includes('/members/') &&
+                response.request().method() === 'PUT' &&
+                response.status() === 200
+        ),
+    ]);
+
+    // Verify dialog closed
+    await expect(page.getByRole('dialog')).not.toBeVisible();
+});
+
+test('test that member context menu merge merges the member', async ({ page, ctx }) => {
+    const memberName = 'CtxMergeMember ' + Math.floor(1 + Math.random() * 10000);
+    await createPlaceholderMemberViaImportApi(ctx, memberName);
+    await goToMembersPage(page);
+
+    const row = page.getByRole('row').filter({ hasText: memberName }).first();
+    await expect(row).toBeVisible();
+    await row.click({ button: 'right' });
+    await expect(page.getByRole('menu')).toBeVisible();
+    await page.getByRole('menuitem', { name: 'Merge' }).click();
+    await expect(page.getByRole('dialog')).toBeVisible();
+    await expect(page.getByRole('heading', { name: 'Merge Member' })).toBeVisible();
+
+    // Select the first available member as merge target
+    await page.getByRole('dialog').getByRole('button', { name: 'Select a member...' }).click();
+    const firstOption = page.getByRole('option').first();
+    await expect(firstOption).toBeVisible({ timeout: 10000 });
+    await firstOption.click();
+
+    // Submit merge
+    await Promise.all([
+        page.getByRole('button', { name: 'Merge Member' }).click(),
+        page.waitForResponse(
+            (response) =>
+                response.url().includes('/member/') &&
+                response.url().includes('/merge-into') &&
+                response.ok()
+        ),
+    ]);
+
+    // Verify placeholder member is no longer visible
+    await expect(page.getByRole('dialog').filter({ hasText: 'Merge Member' })).not.toBeVisible();
+    await expect(page.getByRole('main').getByText(memberName)).not.toBeVisible();
+});
+
+test('test that member context menu deactivate deactivates the member', async ({
+    page,
+    browser,
+}) => {
+    const memberId = Math.floor(Math.random() * 100000);
+    const memberEmail = `member+${memberId}@deactivate.test`;
+    const memberName = 'Deactivate Target';
+
+    // Invite and accept a new Employee member
+    await inviteAndAcceptMember(page, browser, memberName, memberEmail, 'Employee');
+
+    await goToMembersPage(page);
+    const row = page.getByRole('row').filter({ hasText: memberName }).first();
+    await expect(row).toBeVisible();
+
+    // Open context menu and click Deactivate
+    await row.click({ button: 'right' });
+    await expect(page.getByRole('menu')).toBeVisible();
+    await page.getByRole('menuitem', { name: 'Deactivate' }).click();
+    await expect(page.getByRole('dialog')).toBeVisible();
+    await expect(page.getByRole('heading', { name: 'Deactivate User' })).toBeVisible();
+
+    // Confirm deactivation
+    await Promise.all([
+        page.getByRole('button', { name: 'Deactivate' }).click(),
+        page.waitForResponse(
+            (response) =>
+                response.url().includes('/make-placeholder') &&
+                response.request().method() === 'POST' &&
+                response.ok()
+        ),
+    ]);
+
+    // Verify dialog closed and member role changed to Placeholder
+    await expect(page.getByRole('dialog')).not.toBeVisible();
+    await expect(row.getByText('Placeholder', { exact: true })).toBeVisible();
+});
+
+test('test that member context menu delete deletes the member', async ({ page, ctx }) => {
+    const memberName = 'CtxDeleteMember ' + Math.floor(1 + Math.random() * 10000);
+    await createPlaceholderMemberViaImportApi(ctx, memberName);
+    await goToMembersPage(page);
+
+    const row = page.getByRole('row').filter({ hasText: memberName }).first();
+    await expect(row).toBeVisible();
+    await row.click({ button: 'right' });
+    await expect(page.getByRole('menu')).toBeVisible();
+    await page.getByRole('menuitem', { name: 'Delete' }).click();
+    await expect(page.getByRole('dialog')).toBeVisible();
+    await expect(page.getByRole('heading', { name: 'Delete Member' })).toBeVisible();
+
+    // Check the confirmation checkbox
+    await page.getByRole('checkbox').click();
+
+    // Click Delete Member button and wait for API response
+    await Promise.all([
+        page.getByRole('button', { name: 'Delete Member' }).click(),
+        page.waitForResponse(
+            (response) =>
+                response.url().includes('/members/') &&
+                response.request().method() === 'DELETE' &&
+                response.ok()
+        ),
+    ]);
+
+    // Verify modal closed and member removed from table
+    await expect(page.getByRole('dialog')).not.toBeVisible();
+    await expect(page.getByRole('main').getByText(memberName)).not.toBeVisible();
+});
+
+// =============================================
+// Invitations Tab Tests
+// =============================================
+
+test('test that invitation shows in invitations tab and can be revoked', async ({ page }) => {
+    const inviteEmail = `invite+${Math.floor(Math.random() * 100000)}@pending.test`;
+
+    await goToMembersPage(page);
+    await openInviteMemberModal(page);
+
+    await page.getByPlaceholder('Member Email').fill(inviteEmail);
+    await page.getByRole('button', { name: 'Employee' }).click();
+    await Promise.all([
+        page.waitForResponse(
+            (response) =>
+                response.url().includes('/invitations') &&
+                response.request().method() === 'POST' &&
+                response.status() === 204
+        ),
+        page.getByRole('button', { name: 'Invite Member', exact: true }).click(),
+    ]);
+
+    // Wait for modal to close
+    await expect(page.getByPlaceholder('Member Email')).not.toBeVisible();
+
+    // Switch to Invitations tab and verify the invitation is visible
+    await page.getByText('Invitations', { exact: true }).click();
+    await expect(page.getByText(inviteEmail)).toBeVisible();
+
+    // Find and click the actions menu for this invitation
+    const invitationRow = page.locator('tr, [role="row"]').filter({ hasText: inviteEmail });
+    await invitationRow.getByRole('button').click();
+    await Promise.all([
+        page.waitForResponse(
+            (response) =>
+                response.url().includes('/invitations/') &&
+                response.request().method() === 'DELETE' &&
+                response.status() === 204
+        ),
+        page.getByRole('menuitem').getByText('Delete').click(),
+    ]);
+
+    // Verify invitation is removed
+    await expect(page.getByText(inviteEmail)).not.toBeVisible();
+});
+
+test('test that invitation can be resent', async ({ page }) => {
+    const inviteEmail = `resend+${Math.floor(Math.random() * 100000)}@invite.test`;
+
+    await goToMembersPage(page);
+    await openInviteMemberModal(page);
+
+    await page.getByPlaceholder('Member Email').fill(inviteEmail);
+    await page.getByRole('button', { name: 'Employee' }).click();
+    await Promise.all([
+        page.waitForResponse(
+            (response) =>
+                response.url().includes('/invitations') &&
+                response.request().method() === 'POST' &&
+                response.status() === 204
+        ),
+        page.getByRole('button', { name: 'Invite Member', exact: true }).click(),
+    ]);
+
+    // Wait for modal to close
+    await expect(page.getByPlaceholder('Member Email')).not.toBeVisible();
+
+    // Switch to Invitations tab
+    await page.getByText('Invitations', { exact: true }).click();
+    await expect(page.getByText(inviteEmail)).toBeVisible();
+
+    // Find and click the actions menu, then resend
+    const invitationRow = page.locator('tr, [role="row"]').filter({ hasText: inviteEmail });
+    await invitationRow.getByRole('button').click();
+    // Wait for dropdown menu to appear
+    await expect(page.getByRole('menuitem').getByText('Resend Invitation')).toBeVisible();
+    await Promise.all([
+        page.waitForResponse(
+            (response) =>
+                response.url().includes('/resend') && response.request().method() === 'POST'
+        ),
+        page.getByRole('menuitem').getByText('Resend Invitation').click(),
+    ]);
+});
+
+test('test that admin user cannot transfer ownership', async ({ page, browser }) => {
+    const memberId = Math.floor(Math.random() * 100000);
+    const memberEmail = `admin+${memberId}@perms.test`;
+
+    // Invite and accept an admin member
+    await inviteAndAcceptMember(
+        page,
+        browser,
+        'Admin User ' + memberId,
+        memberEmail,
+        'Administrator'
+    );
+
+    // Go to members page and verify the admin exists
+    await goToMembersPage(page);
+    const adminRow = page.getByRole('row').filter({ hasText: 'Admin User' });
+    await expect(adminRow).toBeVisible();
+
+    // The owner should still be the owner
+    const ownerRow = page.getByRole('row').filter({ hasText: 'Owner' });
+    await expect(ownerRow).toBeVisible();
+
+    // Open actions menu for the admin - should NOT have "Transfer Ownership" option
+    await adminRow.getByRole('button').click();
+    await expect(page.getByRole('menuitem').getByText('Edit')).toBeVisible();
+});
+
+test('test that accepted invitation disappears from invitations tab', async ({ page, browser }) => {
+    const memberId = Math.round(Math.random() * 100000);
+    const memberEmail = `accepted+${memberId}@invite.test`;
+
+    // Invite and accept the member
+    await inviteAndAcceptMember(page, browser, 'Accepted Member', memberEmail, 'Employee');
+
+    // Go to members page and switch to Invitations tab
+    await goToMembersPage(page);
+    await page.getByRole('tab', { name: 'Invitations' }).click();
+
+    // The accepted invitation should not be visible
+    await expect(page.getByText(memberEmail)).not.toBeVisible();
+});
+
+// =============================================
+// Sorting Tests
+// =============================================
+
+// Helper to clear localStorage before tests that check sorting
+async function clearMemberTableState(page: Page) {
+    await page.evaluate(() => {
+        localStorage.removeItem('member-table-state');
+    });
+}
+
+test('test that sorting members by name, role, and status works', async ({ page, ctx }) => {
+    // Create two placeholder members with names that sort predictably around "John Doe"
+    await createPlaceholderMemberViaImportApi(ctx, 'AAA SortFirst');
+    await createPlaceholderMemberViaImportApi(ctx, 'ZZZ SortLast');
+
+    await goToMembersPage(page);
+    await clearMemberTableState(page);
+    await page.reload();
+
+    const table = page.getByTestId('member_table');
+    await expect(table).toBeVisible();
+
+    // -- Name sorting (default is already name asc after clearing state) --
+    const nameHeader = table.getByText('Name').first();
+    let names = await getTableRowNames(table);
+    expect(names.indexOf('AAA SortFirst')).toBeLessThan(names.indexOf('ZZZ SortLast'));
+
+    await nameHeader.click(); // toggle to desc
+    names = await getTableRowNames(table);
+    expect(names.indexOf('ZZZ SortLast')).toBeLessThan(names.indexOf('AAA SortFirst'));
+
+    // -- Role sorting --
+    const roleHeader = table.getByText('Role').first();
+    await roleHeader.click(); // asc: Owner(0) < Placeholder(4)
+    names = await getTableRowNames(table);
+    const ownerIdx = names.indexOf('John Doe');
+    const placeholderIdx = names.indexOf('AAA SortFirst');
+    expect(ownerIdx).toBeLessThan(placeholderIdx);
+
+    await roleHeader.click(); // desc: Placeholder first
+    names = await getTableRowNames(table);
+    expect(names.indexOf('AAA SortFirst')).toBeLessThan(names.indexOf('John Doe'));
+
+    // -- Status sorting --
+    const statusHeader = table.getByText('Status').first();
+    await statusHeader.click(); // asc: Active(0) < Inactive(1)
+    names = await getTableRowNames(table);
+    expect(names.indexOf('John Doe')).toBeLessThan(names.indexOf('AAA SortFirst'));
+
+    await statusHeader.click(); // desc: Inactive first
+    names = await getTableRowNames(table);
+    expect(names.indexOf('AAA SortFirst')).toBeLessThan(names.indexOf('John Doe'));
+
+    // -- Email: just verify sort indicator appears --
+    const emailHeader = table.getByText('Email').first();
+    await emailHeader.click();
+    await expect(emailHeader.locator('svg')).toBeVisible();
+});
+
+test('test that member sort state persists after page reload', async ({ page }) => {
+    await goToMembersPage(page);
+    await clearMemberTableState(page);
+    await page.reload();
+
+    const table = page.getByTestId('member_table');
+    await expect(table).toBeVisible();
+
+    // Click Role header twice to set descending sort
+    const roleHeader = table.getByText('Role').first();
+    await roleHeader.click();
+    await expect(roleHeader.locator('svg')).toBeVisible();
+    await roleHeader.click();
+    await expect(roleHeader.locator('svg')).toBeVisible();
+
+    // Reload the page
+    await page.reload();
+
+    // Verify the sort indicator is still visible on Role column
+    await expect(page.getByTestId('member_table')).toBeVisible();
+    await expect(
+        page.getByTestId('member_table').getByText('Role').first().locator('svg')
+    ).toBeVisible();
+});
+
+test('test that sorting members by billable rate works', async ({ page, ctx }) => {
+    // Create two placeholder members and set different billable rates
+    await createPlaceholderMemberViaImportApi(ctx, 'HighRate Member');
+    await createPlaceholderMemberViaImportApi(ctx, 'LowRate Member');
+
+    const members = await getMembersViaApi(ctx);
+    const highRateMember = members.find((m) => m.name === 'HighRate Member');
+    const lowRateMember = members.find((m) => m.name === 'LowRate Member');
+    expect(highRateMember).toBeDefined();
+    expect(lowRateMember).toBeDefined();
+
+    await updateMemberBillableRateViaApi(ctx, highRateMember!.id, 20000);
+    await updateMemberBillableRateViaApi(ctx, lowRateMember!.id, 5000);
+
+    await goToMembersPage(page);
+    await clearMemberTableState(page);
+    await page.reload();
+
+    const table = page.getByTestId('member_table');
+    await expect(table).toBeVisible();
+
+    // First click = desc (highest first), null rates last
+    const billableHeader = table.getByText('Billable Rate').first();
+    await billableHeader.click();
+    await expect(billableHeader.locator('svg')).toBeVisible();
+    let names = await getTableRowNames(table);
+    expect(names.indexOf('HighRate Member')).toBeLessThan(names.indexOf('LowRate Member'));
+
+    // Second click = asc (lowest first), null rates still last
+    await billableHeader.click();
+    names = await getTableRowNames(table);
+    expect(names.indexOf('LowRate Member')).toBeLessThan(names.indexOf('HighRate Member'));
+});
+
+// =============================================
+// Employee Permission Tests
+// =============================================
+
+test.describe('Employee Sidebar Navigation', () => {
+    test('employee sidebar shows correct navigation links', async ({ employee }) => {
+        await employee.page.goto(PLAYWRIGHT_BASE_URL + '/dashboard');
+        await expect(employee.page.getByTestId('dashboard_view')).toBeVisible({
+            timeout: 10000,
+        });
+
+        // Visible links
+        await expect(employee.page.getByRole('link', { name: 'Dashboard' })).toBeVisible();
+        await expect(employee.page.getByRole('link', { name: 'Time', exact: true })).toBeVisible();
+        await expect(employee.page.getByRole('link', { name: 'Calendar' })).toBeVisible();
+        await expect(employee.page.getByRole('link', { name: 'Projects' })).toBeVisible();
+        await expect(employee.page.getByRole('link', { name: 'Clients' })).toBeVisible();
+        await expect(employee.page.getByRole('link', { name: 'Tags' })).toBeVisible();
+
+        // Hidden links
+        await expect(employee.page.getByRole('link', { name: 'Members' })).not.toBeVisible();
+        await expect(
+            employee.page.getByRole('link', { name: 'Settings', exact: true })
+        ).not.toBeVisible();
+    });
+
+    test('employee cannot see members list or invite members', async ({ employee }) => {
+        await employee.page.goto(PLAYWRIGHT_BASE_URL + '/members');
+
+        // Page loads but the members API returns 403 (no members:view permission)
+        await expect(employee.page.getByRole('heading', { name: 'Members' })).toBeVisible({
+            timeout: 10000,
+        });
+
+        // Member table is empty — no rows rendered (only headers)
+        await expect(employee.page.getByTestId('member_table').locator('[role="row"]')).toHaveCount(
+            0
+        );
+
+        // Employee should NOT see the Invite Member button
+        await expect(
+            employee.page.getByRole('button', { name: 'Invite member' })
+        ).not.toBeVisible();
+    });
+});

e2e/organization.spec.ts

@@ -9,7 +9,10 @@ async function goToOrganizationSettings(page) {
 
 async function createTimeEntry(page, duration: string) {
     await page.goto(PLAYWRIGHT_BASE_URL + '/time');
-    await page.getByRole('button', { name: 'Manual time entry' }).click();
+
+    // Open the dropdown menu and click "Manual time entry"
+    await page.getByRole('button', { name: 'Time entry actions' }).click();
+    await page.getByRole('menuitem', { name: 'Manual time entry' }).click();
 
     // Fill in the time entry details
     await page.getByTestId('time_entry_description').fill('Test time entry');
@@ -35,9 +38,9 @@ test('test that organization name can be updated', async ({ page }) => {
     await page.getByLabel('Organization Name').fill('NEW ORG NAME');
     await page.getByLabel('Organization Name').press('Enter');
     await page.getByLabel('Organization Name').press('Meta+r');
-    await expect(
-        page.locator('[data-testid="organization_switcher"]:visible')
-    ).toContainText('NEW ORG NAME');
+    await expect(page.locator('[data-testid="organization_switcher"]:visible')).toContainText(
+        'NEW ORG NAME'
+    );
 });
 
 test('test that organization billable rate can be updated with all existing time entries', async ({
@@ -46,9 +49,7 @@ test('test that organization billable rate can be updated with all existing time
     await goToOrganizationSettings(page);
     const newBillableRate = Math.round(Math.random() * 10000);
     await page.getByLabel('Organization Billable Rate').click();
-    await page
-        .getByLabel('Organization Billable Rate')
-        .fill(newBillableRate.toString());
+    await page.getByLabel('Organization Billable Rate').fill(newBillableRate.toString());
     await page
         .locator('form')
         .filter({ hasText: 'Organization Billable' })
@@ -56,9 +57,7 @@ test('test that organization billable rate can be updated with all existing time
         .click();
 
     await Promise.all([
-        page
-            .getByRole('button', { name: 'Yes, update existing time entries' })
-            .click(),
+        page.getByRole('button', { name: 'Yes, update existing time entries' }).click(),
         page.waitForRequest(
             async (request) =>
                 request.url().includes('/organizations/') &&
@@ -70,15 +69,12 @@ test('test that organization billable rate can be updated with all existing time
                 response.url().includes('/organizations/') &&
                 response.request().method() === 'PUT' &&
                 response.status() === 200 &&
-                (await response.json()).data.billable_rate ===
-                    newBillableRate * 100
+                (await response.json()).data.billable_rate === newBillableRate * 100
         ),
     ]);
 });
 
-test('test that organization format settings can be updated', async ({
-    page,
-}) => {
+test('test that organization format settings can be updated', async ({ page }) => {
     await goToOrganizationSettings(page);
 
     // Test number format
@@ -113,8 +109,7 @@ test('test that organization format settings can be updated', async ({
                 response.url().includes('/organizations/') &&
                 response.request().method() === 'PUT' &&
                 response.status() === 200 &&
-                (await response.json()).data.currency_format ===
-                    'iso-code-after-with-space'
+                (await response.json()).data.currency_format === 'iso-code-after-with-space'
         ),
     ]);
 
@@ -132,8 +127,7 @@ test('test that organization format settings can be updated', async ({
                 response.url().includes('/organizations/') &&
                 response.request().method() === 'PUT' &&
                 response.status() === 200 &&
-                (await response.json()).data.date_format ===
-                    'slash-separated-dd-mm-yyyy'
+                (await response.json()).data.date_format === 'slash-separated-dd-mm-yyyy'
         ),
     ]);
 
@@ -169,19 +163,14 @@ test('test that organization format settings can be updated', async ({
                 response.url().includes('/organizations/') &&
                 response.request().method() === 'PUT' &&
                 response.status() === 200 &&
-                (await response.json()).data.interval_format ===
-                    'hours-minutes-colon-separated'
+                (await response.json()).data.interval_format === 'hours-minutes-colon-separated'
         ),
     ]);
 });
 
-test('test that format settings are reflected in the dashboard', async ({
-    page,
-}) => {
+test('test that format settings are reflected in the dashboard', async ({ page }) => {
     // check that 0h 00min is displayed
-    await expect(
-        page.getByText('0h 00min', { exact: true }).nth(0)
-    ).toBeVisible();
+    await expect(page.getByText('0h 00min', { exact: true }).nth(0)).toBeVisible();
 
     // First set the format settings
     await goToOrganizationSettings(page);
@@ -213,10 +202,8 @@ test('test that format settings are reflected in the dashboard', async ({
                 response.url().includes('/organizations/') &&
                 response.request().method() === 'PUT' &&
                 response.status() === 200 &&
-                (await response.json()).data.interval_format ===
-                    'hours-minutes-colon-separated' &&
-                (await response.json()).data.currency_format ===
-                    'symbol-after' &&
+                (await response.json()).data.interval_format === 'hours-minutes-colon-separated' &&
+                (await response.json()).data.currency_format === 'symbol-after' &&
                 (await response.json()).data.number_format === 'comma-point'
         ),
     ]);
@@ -232,17 +219,215 @@ test('test that format settings are reflected in the dashboard', async ({
     // check that 00:00 is displayed
     await expect(page.getByText('0:00', { exact: true }).nth(0)).toBeVisible();
     // check that 0h 00min is not displayed
-    await expect(
-        page.getByText('0h 00min', { exact: true }).nth(0)
-    ).not.toBeVisible();
+    await expect(page.getByText('0h 00min', { exact: true }).nth(0)).not.toBeVisible();
 
     // check that the current date is displayed in the dd/mm/yyyy format on the time page
     await page.goto(PLAYWRIGHT_BASE_URL + '/time');
+    // Wait for time entries to load so organization data is available for date formatting
+    await page.waitForResponse(
+        (response) => response.url().includes('/time-entries') && response.status() === 200
+    );
     await expect(
-        page
-            .getByText(new Date().toLocaleDateString('en-GB'), { exact: true })
-            .nth(0)
-    ).toBeVisible();
+        page.getByText(new Date().toLocaleDateString('en-GB'), { exact: true }).nth(0)
+    ).toBeVisible({ timeout: 10000 });
 });
 
-// TODO: Test 12-hour clock format
+test('test that organization time entry settings can be toggled', async ({ page }) => {
+    await goToOrganizationSettings(page);
+
+    const preventOverlappingCheckbox = page.getByLabel(
+        'Prevent overlapping time entries (new entries only)'
+    );
+    const manageTasksCheckbox = page.getByLabel('Allow Employees to manage tasks');
+
+    // Get current states and toggle both
+    const wasOverlappingChecked = await preventOverlappingCheckbox.isChecked();
+    const wasManageTasksChecked = await manageTasksCheckbox.isChecked();
+
+    if (wasOverlappingChecked) {
+        await preventOverlappingCheckbox.uncheck();
+    } else {
+        await preventOverlappingCheckbox.check();
+    }
+
+    if (wasManageTasksChecked) {
+        await manageTasksCheckbox.uncheck();
+    } else {
+        await manageTasksCheckbox.check();
+    }
+
+    // Save
+    const settingsForm = page.locator('form').filter({ hasText: 'Prevent overlapping' });
+    await Promise.all([
+        settingsForm.getByRole('button', { name: 'Save' }).click(),
+        page.waitForResponse(
+            async (response) =>
+                response.url().includes('/organizations/') &&
+                response.request().method() === 'PUT' &&
+                response.status() === 200 &&
+                (await response.json()).data.prevent_overlapping_time_entries ===
+                    !wasOverlappingChecked
+        ),
+    ]);
+
+    // Reload and verify both settings persisted
+    await page.reload();
+    await expect(preventOverlappingCheckbox).toBeChecked({ checked: !wasOverlappingChecked });
+    await expect(manageTasksCheckbox).toBeChecked({ checked: !wasManageTasksChecked });
+
+    // Toggle both back to restore original state
+    if (!wasOverlappingChecked) {
+        await preventOverlappingCheckbox.uncheck();
+    } else {
+        await preventOverlappingCheckbox.check();
+    }
+
+    if (!wasManageTasksChecked) {
+        await manageTasksCheckbox.uncheck();
+    } else {
+        await manageTasksCheckbox.check();
+    }
+
+    await Promise.all([
+        settingsForm.getByRole('button', { name: 'Save' }).click(),
+        page.waitForResponse(
+            async (response) =>
+                response.url().includes('/organizations/') &&
+                response.request().method() === 'PUT' &&
+                response.status() === 200 &&
+                (await response.json()).data.prevent_overlapping_time_entries ===
+                    wasOverlappingChecked
+        ),
+    ]);
+});
+
+test('test that 12-hour clock format can be set', async ({ page }) => {
+    await goToOrganizationSettings(page);
+
+    await page.getByLabel('Time Format').click();
+    await page.getByRole('option', { name: '12-hour clock' }).click();
+    await Promise.all([
+        page
+            .locator('form')
+            .filter({ hasText: 'Time Format' })
+            .getByRole('button', { name: 'Save' })
+            .click(),
+        page.waitForResponse(
+            async (response) =>
+                response.url().includes('/organizations/') &&
+                response.request().method() === 'PUT' &&
+                response.status() === 200 &&
+                (await response.json()).data.time_format === '12-hours'
+        ),
+    ]);
+
+    // Reload and verify it persisted
+    await page.reload();
+    await expect(page.getByLabel('Time Format')).toContainText('12-hour clock');
+
+    // Reset back to 24-hour
+    await page.getByLabel('Time Format').click();
+    await page.getByRole('option', { name: '24-hour clock' }).click();
+    await Promise.all([
+        page
+            .locator('form')
+            .filter({ hasText: 'Time Format' })
+            .getByRole('button', { name: 'Save' })
+            .click(),
+        page.waitForResponse(
+            async (response) =>
+                response.url().includes('/organizations/') &&
+                response.request().method() === 'PUT' &&
+                response.status() === 200 &&
+                (await response.json()).data.time_format === '24-hours'
+        ),
+    ]);
+});
+
+test('test that format settings persist after page reload', async ({ page }) => {
+    await goToOrganizationSettings(page);
+
+    // Set a specific date format
+    await page.getByLabel('Date Format').click();
+    await page.getByRole('option', { name: 'DD/MM/YYYY' }).click();
+    await Promise.all([
+        page
+            .locator('form')
+            .filter({ hasText: 'Date Format' })
+            .getByRole('button', { name: 'Save' })
+            .click(),
+        page.waitForResponse(
+            async (response) =>
+                response.url().includes('/organizations/') &&
+                response.request().method() === 'PUT' &&
+                response.status() === 200
+        ),
+    ]);
+
+    // Reload and verify it persisted
+    await page.reload();
+    await expect(page.getByLabel('Date Format')).toContainText('DD/MM/YYYY');
+});
+
+// =============================================
+// Admin Permission Tests
+// =============================================
+
+test.describe('Admin Organization Settings Access', () => {
+    test('admin can see and edit organization settings', async ({ ctx, admin }) => {
+        await admin.page.goto(PLAYWRIGHT_BASE_URL + '/teams/' + ctx.orgId);
+
+        // Organization Name section is visible
+        await expect(
+            admin.page.getByRole('heading', { name: 'Organization Name', level: 3 })
+        ).toBeVisible({ timeout: 10000 });
+
+        // Editable settings sections should be visible
+        await expect(
+            admin.page.getByRole('heading', { name: 'Billable Rate', level: 3 })
+        ).toBeVisible();
+        await expect(
+            admin.page.getByRole('heading', { name: 'Format Settings', level: 3 })
+        ).toBeVisible();
+        await expect(
+            admin.page.getByRole('heading', { name: 'Organization Settings', level: 3 })
+        ).toBeVisible();
+
+        // Save buttons should be visible (admin can update)
+        await expect(admin.page.getByRole('button', { name: 'Save' }).first()).toBeVisible();
+
+        // Delete organization should NOT be visible (owner only)
+        await expect(
+            admin.page.getByRole('heading', { name: 'Delete Organization' })
+        ).not.toBeVisible();
+    });
+});
+
+// =============================================
+// Employee Permission Tests
+// =============================================
+
+test.describe('Employee Organization Settings Restrictions', () => {
+    test('employee can see org name but not editable settings', async ({ ctx, employee }) => {
+        await employee.page.goto(PLAYWRIGHT_BASE_URL + '/teams/' + ctx.orgId);
+
+        // Organization Name section is visible (but inputs are disabled)
+        await expect(
+            employee.page.getByRole('heading', { name: 'Organization Name', level: 3 })
+        ).toBeVisible({ timeout: 10000 });
+
+        // Editable settings sections should NOT be visible
+        await expect(
+            employee.page.getByRole('heading', { name: 'Billable Rate', level: 3 })
+        ).not.toBeVisible();
+        await expect(
+            employee.page.getByRole('heading', { name: 'Format Settings', level: 3 })
+        ).not.toBeVisible();
+        await expect(
+            employee.page.getByRole('heading', { name: 'Organization Settings', level: 3 })
+        ).not.toBeVisible();
+
+        // Save button should not be visible (employee cannot update)
+        await expect(employee.page.getByRole('button', { name: 'Save' })).not.toBeVisible();
+    });
+});

e2e/profile.spec.ts

@@ -1,34 +1,37 @@
-import {test, expect} from '../playwright/fixtures';
-import {PLAYWRIGHT_BASE_URL} from '../playwright/config';
+import { test, expect } from '../playwright/fixtures';
+import { PLAYWRIGHT_BASE_URL, TEST_USER_PASSWORD } from '../playwright/config';
+import type { Page } from '@playwright/test';
 
-test('test that user name can be updated', async ({page}) => {
+async function goToProfilePage(page: Page) {
     await page.goto(PLAYWRIGHT_BASE_URL + '/user/profile');
-    await page.getByLabel('Name', {exact: true} ).fill('NEW NAME');
+}
+
+test('test that user name can be updated', async ({ page }) => {
+    await page.goto(PLAYWRIGHT_BASE_URL + '/user/profile');
+    await page.getByLabel('Name', { exact: true }).fill('NEW NAME');
     await Promise.all([
-        page.getByRole('button', {name: 'Save'}).first().click(),
+        page.getByRole('button', { name: 'Save' }).first().click(),
         page.waitForResponse('**/user/profile-information'),
     ]);
     await page.reload();
-    await expect(page.getByLabel('Name', {exact: true})).toHaveValue('NEW NAME');
+    await expect(page.getByLabel('Name', { exact: true })).toHaveValue('NEW NAME');
 });
 
-test.skip('test that user email can be updated', async ({page}) => {
+test.skip('test that user email can be updated', async ({ page }) => {
     // this does not work because of email verification currently
     await page.goto(PLAYWRIGHT_BASE_URL + '/user/profile');
     const emailId = Math.round(Math.random() * 10000);
     await page.getByLabel('Email').fill(`newemail+${emailId}@test.com`);
-    await page.getByRole('button', {name: 'Save'}).first().click();
+    await page.getByRole('button', { name: 'Save' }).first().click();
     await page.reload();
-    await expect(page.getByLabel('Email')).toHaveValue(
-        `newemail+${emailId}@test.com`
-    );
+    await expect(page.getByLabel('Email')).toHaveValue(`newemail+${emailId}@test.com`);
 });
 
 async function createNewApiToken(page) {
     await page.getByLabel('API Key Name').fill('NEW API KEY');
     await Promise.all([
-        page.getByRole('button', {name: 'Create API Key'}).click(),
-        page.waitForResponse('**/users/me/api-tokens')
+        page.getByRole('button', { name: 'Create API Key' }).click(),
+        page.waitForResponse('**/users/me/api-tokens'),
     ]);
 
     await expect(page.locator('body')).toContainText('API Token created successfully');
@@ -36,34 +39,341 @@ async function createNewApiToken(page) {
     await expect(page.locator('body')).toContainText('NEW API KEY');
 }
 
-test('test that user can create an API key', async ({page}) => {
+test('test that user can create an API key', async ({ page }) => {
     await page.goto(PLAYWRIGHT_BASE_URL + '/user/profile');
     await createNewApiToken(page);
 });
 
-test('test that user can delete an API key', async ({page}) => {
+test('test that creating an API key with empty name shows validation error', async ({ page }) => {
+    await page.goto(PLAYWRIGHT_BASE_URL + '/user/profile');
+
+    // Wait for the API Key Name input to be visible before interacting
+    const nameInput = page.getByLabel('API Key Name');
+    await expect(nameInput).toBeVisible();
+
+    // Ensure the API Key Name input is empty
+    await nameInput.fill('');
+
+    // Click the create button and wait for the 422 response
+    const [response] = await Promise.all([
+        page.waitForResponse('**/users/me/api-tokens'),
+        page.getByRole('button', { name: 'Create API Key' }).click(),
+    ]);
+
+    expect(response.status()).toBe(422);
+
+    // Verify that an error notification is shown with validation message about the name field
+    await expect(page.getByText('name field is required')).toBeVisible({ timeout: 5000 });
+});
+
+test('test that user can delete an API key', async ({ page }) => {
     await page.goto(PLAYWRIGHT_BASE_URL + '/user/profile');
     await createNewApiToken(page);
     page.getByLabel('Delete API Token NEW API KEY').click();
-    await expect(page.getByRole('dialog')).toContainText('Are you sure you would like to delete this API token?');
+    await expect(page.getByRole('dialog')).toContainText(
+        'Are you sure you would like to delete this API token?'
+    );
     await Promise.all([
-        page.getByRole('dialog').getByRole('button', {name: 'Delete'}).click(),
-        page.waitForResponse('**/users/me/api-tokens')
+        page.getByRole('dialog').getByRole('button', { name: 'Delete' }).click(),
+        page.waitForResponse('**/users/me/api-tokens'),
     ]);
     await expect(page.locator('body')).not.toContainText('NEW API KEY');
 });
 
-
-test('test that user can revoke an API key', async ({page}) => {
+test('test that user can revoke an API key', async ({ page }) => {
     await page.goto(PLAYWRIGHT_BASE_URL + '/user/profile');
     await createNewApiToken(page);
     page.getByLabel('Revoke API Token NEW API KEY').click();
-    await expect(page.getByRole('dialog')).toContainText('Are you sure you would like to revoke this API token?');
+    await expect(page.getByRole('dialog')).toContainText(
+        'Are you sure you would like to revoke this API token?'
+    );
     await Promise.all([
-        page.getByRole('dialog').getByRole('button', {name: 'Revoke'}).click(),
-        page.waitForResponse('**/users/me/api-tokens')
+        page.getByRole('dialog').getByRole('button', { name: 'Revoke' }).click(),
+        page.waitForResponse('**/users/me/api-tokens'),
     ]);
-    await expect(page.getByRole('button', {name: 'Revoke'})).toBeHidden();
+    await expect(page.getByRole('button', { name: 'Revoke' })).toBeHidden();
     await expect(page.locator('body')).toContainText('NEW API KEY');
     await expect(page.locator('body')).toContainText('Revoked');
 });
+
+// =============================================
+// Update Password Form Tests
+// =============================================
+
+test('test that password mismatch shows error', async ({ page }) => {
+    await goToProfilePage(page);
+
+    // Fill in with mismatched passwords
+    await page.getByLabel('Current Password').fill(TEST_USER_PASSWORD);
+    await page.getByLabel('New Password').fill('newSecurePassword456');
+    await page.getByLabel('Confirm Password').fill('differentPassword789');
+
+    // Find the form containing the Confirm Password field and click its Save button
+    const passwordForm = page.getByLabel('Confirm Password').locator('xpath=ancestor::form');
+    await Promise.all([
+        page.waitForResponse(
+            (response) =>
+                response.url().includes('/user/password') && response.request().method() === 'PUT'
+        ),
+        passwordForm.getByRole('button', { name: 'Save' }).click(),
+    ]);
+
+    // Verify error message about password confirmation
+    await expect(page.getByText('confirmation does not match')).toBeVisible();
+});
+
+test('test that short password shows validation error', async ({ page }) => {
+    await goToProfilePage(page);
+
+    // Fill in with a too short password
+    await page.getByLabel('Current Password').fill(TEST_USER_PASSWORD);
+    await page.getByLabel('New Password').fill('short');
+    await page.getByLabel('Confirm Password').fill('short');
+
+    // Find the form containing the Confirm Password field and click its Save button
+    const passwordForm = page.getByLabel('Confirm Password').locator('xpath=ancestor::form');
+    await Promise.all([
+        page.waitForResponse(
+            (response) =>
+                response.url().includes('/user/password') && response.request().method() === 'PUT'
+        ),
+        passwordForm.getByRole('button', { name: 'Save' }).click(),
+    ]);
+
+    // Verify error message about password length
+    await expect(page.getByText('must be at least')).toBeVisible();
+});
+
+test('test that incorrect current password shows validation error', async ({ page }) => {
+    await goToProfilePage(page);
+
+    // Fill in with wrong current password
+    await page.getByLabel('Current Password').fill('wrongCurrentPassword123');
+    await page.getByLabel('New Password').fill('newSecurePassword456');
+    await page.getByLabel('Confirm Password').fill('newSecurePassword456');
+
+    // Find the form containing the Confirm Password field and click its Save button
+    const passwordForm = page.getByLabel('Confirm Password').locator('xpath=ancestor::form');
+    await Promise.all([
+        page.waitForResponse(
+            (response) =>
+                response.url().includes('/user/password') && response.request().method() === 'PUT'
+        ),
+        passwordForm.getByRole('button', { name: 'Save' }).click(),
+    ]);
+
+    // Verify error message about incorrect password
+    await expect(page.getByText('does not match')).toBeVisible();
+});
+
+test('test that password can be updated successfully', async ({ page }) => {
+    await goToProfilePage(page);
+    const newPassword = 'newSecurePassword456';
+
+    // Change password to new password
+    await page.getByLabel('Current Password').fill(TEST_USER_PASSWORD);
+    await page.getByLabel('New Password').fill(newPassword);
+    await page.getByLabel('Confirm Password').fill(newPassword);
+
+    const passwordForm = page.getByLabel('Confirm Password').locator('xpath=ancestor::form');
+    const responsePromise = page.waitForResponse(
+        (response) =>
+            response.url().includes('/user/password') && response.request().method() === 'PUT'
+    );
+    await passwordForm.getByRole('button', { name: 'Save' }).click();
+    const response = await responsePromise;
+
+    // Verify successful response (303 is Inertia redirect on success, means password was updated)
+    expect(response.status()).toBe(303);
+
+    // Verify no error messages are displayed
+    await expect(page.getByText('does not match')).not.toBeVisible();
+    await expect(page.getByText('must be at least')).not.toBeVisible();
+});
+
+// =============================================
+// Theme Selection Tests
+// =============================================
+
+test('test that theme can be changed to dark and light', async ({ page }) => {
+    await goToProfilePage(page);
+
+    // The theme select is a Reka UI combobox (button), not a native <select>
+    const themeSelect = page.locator('button[role="combobox"]');
+
+    // Change theme to dark
+    await themeSelect.click();
+    await page.getByRole('option', { name: 'Dark' }).click();
+
+    // Verify the html element has 'dark' class
+    await expect(page.locator('html')).toHaveClass(/dark/);
+
+    // Change theme to light
+    await themeSelect.click();
+    await page.getByRole('option', { name: 'Light' }).click();
+
+    // Verify the html element has 'light' class and no 'dark' class
+    await expect(page.locator('html')).toHaveClass(/light/);
+    await expect(page.locator('html')).not.toHaveClass(/dark/);
+
+    // Verify localStorage persists the setting
+    const storedTheme = await page.evaluate(() => localStorage.getItem('theme'));
+    expect(storedTheme).toContain('light');
+
+    // Reload and verify the theme persists
+    await page.reload();
+    await expect(page.locator('html')).toHaveClass(/light/);
+
+    // Reset to system
+    await page.locator('button[role="combobox"]').click();
+    await page.getByRole('option', { name: 'System' }).click();
+    await expect(page.getByText('System default:')).toBeVisible();
+});
+
+// =============================================
+// Group similar time entries
+// =============================================
+
+test('test that group similar time entries setting can be toggled', async ({ page }) => {
+    await goToProfilePage(page);
+
+    // Get the checkbox
+    const checkbox = page.getByLabel('Group similar time entries');
+
+    // Get initial value and verify it is checked (default is true)
+    const initialValue = await checkbox.isChecked();
+    await expect(checkbox).toBeChecked();
+
+    // Toggle the checkbox
+    await checkbox.click();
+
+    // Reload
+    await page.reload();
+
+    // Verify the value is toggled
+    const afterValue = await page.getByLabel('Group similar time entries').isChecked();
+    expect(afterValue).toBe(!initialValue);
+
+    // Verify localStorage persists the setting
+    const storedValue = await page.evaluate(() =>
+        localStorage.getItem('group-similar-time-entries')
+    );
+    expect(storedValue).toBe(String(!initialValue));
+});
+
+// =============================================
+// Two Factor Authentication Tests
+// =============================================
+
+test('test that password confirmation modal can be cancelled without sending API request', async ({
+    page,
+}) => {
+    await goToProfilePage(page);
+
+    // Find the Enable button in the 2FA section
+    const enableButton = page
+        .getByText('You have not enabled two factor authentication.')
+        .locator('..')
+        .getByRole('button', { name: 'Enable' });
+    await enableButton.click();
+
+    // Verify password confirmation modal appears
+    await expect(page.getByRole('dialog')).toBeVisible();
+
+    // Set up listener to verify no POST request is sent to confirm-password
+    let confirmPasswordRequestSent = false;
+    page.on('request', (request) => {
+        if (request.url().includes('/user/confirm-password') && request.method() === 'POST') {
+            confirmPasswordRequestSent = true;
+        }
+    });
+
+    // Click Cancel
+    await page.getByRole('dialog').getByRole('button', { name: 'Cancel' }).click();
+
+    // Verify modal is closed
+    await expect(page.getByRole('dialog')).not.toBeVisible();
+
+    // Verify no confirm-password request was sent
+    expect(confirmPasswordRequestSent).toBe(false);
+});
+
+test('test that password confirmation modal shows error for incorrect password', async ({
+    page,
+}) => {
+    await goToProfilePage(page);
+
+    // Find the Enable button in the 2FA section
+    const enableButton = page
+        .getByText('You have not enabled two factor authentication.')
+        .locator('..')
+        .getByRole('button', { name: 'Enable' });
+    await enableButton.click();
+
+    // Verify password confirmation modal appears
+    await expect(page.getByRole('dialog')).toBeVisible();
+
+    // Enter incorrect password and confirm
+    await page.getByPlaceholder('Password').fill('wrongpassword123');
+    await page.getByRole('dialog').getByRole('button', { name: 'Confirm' }).click();
+
+    // Should show error message (wait longer for API response)
+    await expect(page.getByRole('dialog').getByText('incorrect')).toBeVisible({ timeout: 10000 });
+});
+
+test('test that 2FA can be enabled with correct password', async ({ page }) => {
+    await goToProfilePage(page);
+
+    // Verify 2FA is not enabled
+    await expect(page.getByText('You have not enabled two factor authentication.')).toBeVisible();
+
+    // Find the Enable button in the 2FA section
+    const enableButton = page
+        .getByText('You have not enabled two factor authentication.')
+        .locator('..')
+        .getByRole('button', { name: 'Enable' });
+    await enableButton.click();
+
+    // Verify password confirmation modal appears
+    await expect(page.getByRole('dialog')).toBeVisible();
+
+    // Enter correct password and confirm
+    await page.getByPlaceholder('Password').fill(TEST_USER_PASSWORD);
+    await Promise.all([
+        page.getByRole('dialog').getByRole('button', { name: 'Confirm' }).click(),
+        page.waitForResponse(
+            (response) =>
+                response.url().includes('/user/two-factor-authentication') &&
+                response.request().method() === 'POST'
+        ),
+    ]);
+
+    // Verify QR code is shown
+    await expect(page.getByRole('heading', { name: 'Finish enabling two factor' })).toBeVisible();
+    await expect(page.getByText('Setup Key:')).toBeVisible();
+    await expect(page.getByLabel('Code')).toBeVisible();
+});
+
+// =============================================
+// Logout Other Browser Sessions Tests
+// =============================================
+
+test('test that logout other browser sessions works with correct password', async ({ page }) => {
+    await goToProfilePage(page);
+
+    await page.getByRole('button', { name: 'Log Out Other Browser Sessions' }).click();
+    await expect(page.getByRole('dialog')).toBeVisible();
+
+    await page.getByPlaceholder('Password').fill(TEST_USER_PASSWORD);
+    await Promise.all([
+        page
+            .getByRole('dialog')
+            .getByRole('button', { name: 'Log Out Other Browser Sessions' })
+            .click(),
+        page.waitForResponse(
+            (response) =>
+                response.url().includes('/user/other-browser-sessions') &&
+                response.request().method() === 'DELETE'
+        ),
+    ]);
+});

e2e/project-members.spec.ts

@@ -1,34 +1,27 @@
-import { expect, Page } from '@playwright/test';
+import { expect } from '@playwright/test';
+import type { Page } from '@playwright/test';
 import { PLAYWRIGHT_BASE_URL } from '../playwright/config';
 import { test } from '../playwright/fixtures';
 import { formatCentsWithOrganizationDefaults } from './utils/money';
-import type { CurrencyFormat } from '../resources/js/packages/ui/src/utils/money';
-import { NumberFormat } from '@/packages/ui/src/utils/number';
+import { createProjectViaApi, createProjectMemberViaApi, type TestContext } from './utils/api';
 
-async function goToProjectsOverview(page: Page) {
-    await page.goto(PLAYWRIGHT_BASE_URL + '/projects');
+async function createProjectWithMemberViaApi(ctx: TestContext, page: Page, projectName: string) {
+    const project = await createProjectViaApi(ctx, { name: projectName });
+    await createProjectMemberViaApi(ctx, project.id, { member_id: ctx.memberId });
+
+    // Navigate to the project detail page
+    await page.goto(PLAYWRIGHT_BASE_URL + '/projects/' + project.id);
+    await expect(page.getByTestId('project_member_table').getByRole('row').first()).toBeVisible();
+    return project;
 }
 
 test('test that updating project member billable rate works for existing time entries', async ({
     page,
+    ctx,
 }) => {
-    const newProjectName =
-        'New Project ' + Math.floor(1 + Math.random() * 10000);
+    const newProjectName = 'New Project ' + Math.floor(1 + Math.random() * 10000);
     const newBillableRate = Math.round(Math.random() * 10000);
-    await goToProjectsOverview(page);
-    await page.getByRole('button', { name: 'Create Project' }).click();
-    await page.getByLabel('Project Name').fill(newProjectName);
-
-    await page.getByRole('button', { name: 'Create Project' }).click();
-    await expect(page.getByText(newProjectName)).toBeVisible();
-
-    await page.getByText(newProjectName).click();
-    await page.getByRole('button', { name: 'Add Member' }).click();
-
-    await expect(page.getByText('Add Project Member').first()).toBeVisible();
-    await page.getByRole('button', { name: 'Select a member' }).click();
-    await page.keyboard.press('Enter');
-    await page.getByRole('button', { name: 'Add Project Member' }).click();
+    await createProjectWithMemberViaApi(ctx, page, newProjectName);
 
     await page
         .getByTestId('project_member_table')
@@ -36,9 +29,7 @@ test('test that updating project member billable rate works for existing time en
         .first()
         .getByRole('button')
         .click();
-    await page
-        .getByRole('menuitem', { name: 'Edit Project Member' })
-        .click();
+    await page.getByRole('menuitem', { name: 'Edit Project Member' }).click();
     await page.getByLabel('Billable Rate').fill(newBillableRate.toString());
     await page.getByRole('button', { name: 'Update Project Member' }).click();
 
@@ -55,8 +46,7 @@ test('test that updating project member billable rate works for existing time en
                 response.url().includes('/project-members/') &&
                 response.request().method() === 'PUT' &&
                 response.status() === 200 &&
-                (await response.json()).data.billable_rate ===
-                    newBillableRate * 100
+                (await response.json()).data.billable_rate === newBillableRate * 100
         ),
     ]);
     await expect(
@@ -66,3 +56,197 @@ test('test that updating project member billable rate works for existing time en
             .getByText(formatCentsWithOrganizationDefaults(newBillableRate * 100))
     ).toBeVisible();
 });
+
+test('test that project member edit modal can be cancelled without sending API request', async ({
+    page,
+    ctx,
+}) => {
+    const projectName = 'Cancel Test ' + Math.floor(1 + Math.random() * 10000);
+
+    await createProjectWithMemberViaApi(ctx, page, projectName);
+
+    // Open the edit modal
+    await page
+        .getByTestId('project_member_table')
+        .getByRole('row')
+        .first()
+        .getByRole('button')
+        .click();
+    await page.getByRole('menuitem', { name: 'Edit Project Member' }).click();
+
+    // Verify the modal is open and shows the member name
+    await expect(page.getByRole('heading', { name: 'Edit Project Member' })).toBeVisible();
+    await expect(page.getByRole('dialog').getByText('John Doe')).toBeVisible();
+
+    // Enter a new billable rate
+    await page.getByLabel('Billable Rate').fill('999');
+
+    // Set up listener to verify no PUT request is sent
+    let putRequestSent = false;
+    page.on('request', (request) => {
+        if (request.url().includes('/project-members/') && request.method() === 'PUT') {
+            putRequestSent = true;
+        }
+    });
+
+    // Click Cancel
+    await page.getByRole('button', { name: 'Cancel' }).click();
+
+    // Verify the modal is closed
+    await expect(page.getByRole('heading', { name: 'Edit Project Member' })).not.toBeVisible();
+
+    // Verify no PUT request was sent
+    expect(putRequestSent).toBe(false);
+});
+
+test('test that project member update without billable rate change skips confirmation and completes', async ({
+    page,
+    ctx,
+}) => {
+    const projectName = 'No Change ' + Math.floor(1 + Math.random() * 10000);
+
+    await createProjectWithMemberViaApi(ctx, page, projectName);
+
+    // Open the edit modal
+    await page
+        .getByTestId('project_member_table')
+        .getByRole('row')
+        .first()
+        .getByRole('button')
+        .click();
+    await page.getByRole('menuitem', { name: 'Edit Project Member' }).click();
+
+    // Click Update without changing anything - no confirmation modal since rate didn't change
+    await Promise.all([
+        page.waitForResponse(
+            (response) =>
+                response.url().includes('/project-members/') &&
+                response.request().method() === 'PUT' &&
+                response.status() === 200
+        ),
+        page.getByRole('button', { name: 'Update Project Member' }).click(),
+    ]);
+
+    // Verify the edit modal is closed (confirmation modal was skipped)
+    await expect(page.getByRole('heading', { name: 'Edit Project Member' })).not.toBeVisible();
+});
+
+test('test that billable rate confirmation modal can be cancelled without sending API request', async ({
+    page,
+    ctx,
+}) => {
+    const projectName = 'Rate Cancel ' + Math.floor(1 + Math.random() * 10000);
+    const newBillableRate = Math.round(Math.random() * 10000);
+
+    await createProjectWithMemberViaApi(ctx, page, projectName);
+
+    // Open the edit modal
+    await page
+        .getByTestId('project_member_table')
+        .getByRole('row')
+        .first()
+        .getByRole('button')
+        .click();
+    await page.getByRole('menuitem', { name: 'Edit Project Member' }).click();
+
+    // Change the billable rate
+    await page.getByLabel('Billable Rate').fill(newBillableRate.toString());
+
+    // Set up listener to verify no PUT request is sent
+    let putRequestSent = false;
+    page.on('request', (request) => {
+        if (request.url().includes('/project-members/') && request.method() === 'PUT') {
+            putRequestSent = true;
+        }
+    });
+
+    // Click Update - this should show the confirmation modal
+    await page.getByRole('button', { name: 'Update Project Member' }).click();
+
+    // Verify the confirmation modal is shown
+    await expect(page.getByText('update all existing time entries')).toBeVisible();
+
+    // Click Cancel to close the confirmation modal without updating
+    await page.getByRole('button', { name: 'Cancel' }).click();
+
+    // Verify the confirmation modal is closed but edit modal is still open
+    await expect(page.getByText('update all existing time entries')).not.toBeVisible();
+    await expect(page.getByRole('heading', { name: 'Edit Project Member' })).toBeVisible();
+
+    // Close the edit modal
+    await page.getByRole('dialog').getByRole('button', { name: 'Cancel' }).click();
+
+    // Verify the edit modal is closed
+    await expect(page.getByRole('heading', { name: 'Edit Project Member' })).not.toBeVisible();
+
+    // Verify no PUT request was sent
+    expect(putRequestSent).toBe(false);
+});
+
+test('test that clearing billable rate reverts to project default', async ({ page, ctx }) => {
+    const projectName = 'Revert Default ' + Math.floor(1 + Math.random() * 10000);
+    const customRate = Math.round(100 + Math.random() * 10000);
+
+    await createProjectWithMemberViaApi(ctx, page, projectName);
+
+    // Verify the billable rate shows "--" (project default) initially
+    await expect(
+        page.getByTestId('project_member_table').getByRole('row').first().getByText('--')
+    ).toBeVisible();
+
+    // Set a custom billable rate
+    await page
+        .getByTestId('project_member_table')
+        .getByRole('row')
+        .first()
+        .getByRole('button')
+        .click();
+    await page.getByRole('menuitem', { name: 'Edit Project Member' }).click();
+    await page.getByLabel('Billable Rate').fill(customRate.toString());
+    await page.getByRole('button', { name: 'Update Project Member' }).click();
+
+    // Confirm the billable rate update
+    await Promise.all([
+        page.getByRole('button', { name: 'Yes, update existing time' }).click(),
+        page.waitForResponse(
+            (response) =>
+                response.url().includes('/project-members/') &&
+                response.request().method() === 'PUT' &&
+                response.status() === 200
+        ),
+    ]);
+
+    // Verify the custom rate is shown in the table (not "--")
+    await expect(
+        page.getByTestId('project_member_table').getByRole('row').first().getByText('--')
+    ).not.toBeVisible();
+
+    // Now clear the billable rate to revert to project default
+    await page
+        .getByTestId('project_member_table')
+        .getByRole('row')
+        .first()
+        .getByRole('button')
+        .click();
+    await page.getByRole('menuitem', { name: 'Edit Project Member' }).click();
+
+    // Set billable rate to 0 to revert to project default
+    await page.getByLabel('Billable Rate').fill('0');
+    await page.getByRole('button', { name: 'Update Project Member' }).click();
+
+    // Confirm the billable rate update
+    await Promise.all([
+        page.getByRole('button', { name: 'Yes, update existing time' }).click(),
+        page.waitForResponse(
+            (response) =>
+                response.url().includes('/project-members/') &&
+                response.request().method() === 'PUT' &&
+                response.status() === 200
+        ),
+    ]);
+
+    // Verify the billable rate shows "--" again (project default)
+    await expect(
+        page.getByTestId('project_member_table').getByRole('row').first().getByText('--')
+    ).toBeVisible();
+});

e2e/reporting-detailed.spec.ts

@@ -0,0 +1,719 @@
+import { expect } from '@playwright/test';
+import { test } from '../playwright/fixtures';
+import { goToReportingDetailed, waitForDetailedReportingUpdate } from './utils/reporting';
+import {
+    createProjectViaApi,
+    createClientViaApi,
+    createTaskViaApi,
+    createTimeEntryViaApi,
+    createTimeEntryWithTagViaApi,
+    createBareTimeEntryViaApi,
+} from './utils/api';
+
+// Each test registers a new user and creates test data via API
+test.describe.configure({ timeout: 30000 });
+
+// ──────────────────────────────────────────────────
+// Basic Detailed View Tests
+// ──────────────────────────────────────────────────
+
+test('test that detailed view shows time entries correctly', async ({ page, ctx }) => {
+    const projectName = 'Detailed View Project ' + Math.floor(Math.random() * 10000);
+
+    const project = await createProjectViaApi(ctx, { name: projectName });
+    await createTimeEntryViaApi(ctx, {
+        description: `Entry for ${projectName}`,
+        duration: '1h',
+        projectId: project.id,
+    });
+
+    // Go to detailed reporting view
+    await goToReportingDetailed(page);
+
+    // Verify the time entry is shown with all details
+    await expect(page.getByText(projectName, { exact: true }).first()).toBeVisible();
+    await expect(page.locator('input[name="Duration"]').first()).toHaveValue('1:00:00');
+    await expect(page.getByText('Entry for ' + projectName, { exact: true }).first()).toBeVisible();
+});
+
+test('test that updating duration in detailed view works correctly', async ({ page, ctx }) => {
+    const projectName = 'Duration Update Project ' + Math.floor(Math.random() * 10000);
+    const initialDuration = '1h';
+    const updatedDuration = '2h 30min';
+
+    const project = await createProjectViaApi(ctx, { name: projectName });
+    await createTimeEntryViaApi(ctx, {
+        description: `Entry for ${projectName}`,
+        duration: initialDuration,
+        projectId: project.id,
+    });
+
+    // Go to detailed reporting view
+    await goToReportingDetailed(page);
+
+    // Find and update the duration
+    const durationInput = page.locator('input[name="Duration"]').first();
+    await durationInput.click();
+    await durationInput.fill(updatedDuration);
+    await Promise.all([
+        durationInput.press('Enter'),
+        page.waitForResponse(
+            (response) => response.url().includes('/time-entries') && response.status() === 200
+        ),
+    ]);
+
+    // Verify the new duration is displayed (reporting views promote to HH:MM:SS format)
+    await expect(durationInput).toHaveValue('2:30:00');
+});
+
+// ──────────────────────────────────────────────────
+// Project Filter Tests
+// ──────────────────────────────────────────────────
+
+test('test that project multiselect filters work on detailed reporting page', async ({
+    page,
+    ctx,
+}) => {
+    const project1 = 'DetailProj1 ' + Math.floor(Math.random() * 10000);
+    const project2 = 'DetailProj2 ' + Math.floor(Math.random() * 10000);
+
+    const p1 = await createProjectViaApi(ctx, { name: project1 });
+    const p2 = await createProjectViaApi(ctx, { name: project2 });
+    await createTimeEntryViaApi(ctx, {
+        description: `Entry for ${project1}`,
+        duration: '1h',
+        projectId: p1.id,
+    });
+    await createTimeEntryViaApi(ctx, {
+        description: `Entry for ${project2}`,
+        duration: '2h',
+        projectId: p2.id,
+    });
+
+    await goToReportingDetailed(page);
+
+    // Wait for initial data load
+    await expect(page.getByText(`Entry for ${project1}`).first()).toBeVisible();
+    await expect(page.getByText(`Entry for ${project2}`).first()).toBeVisible();
+
+    // Open project multiselect and select project1
+    await page.getByRole('button', { name: 'Projects' }).first().click();
+    await page.getByRole('option').filter({ hasText: project1 }).click();
+
+    await Promise.all([page.keyboard.press('Escape'), waitForDetailedReportingUpdate(page)]);
+
+    // Verify only project1 entry is shown
+    await expect(page.getByText(`Entry for ${project1}`).first()).toBeVisible();
+    await expect(page.getByText(`Entry for ${project2}`).first()).not.toBeVisible();
+});
+
+// ──────────────────────────────────────────────────
+// Client Filter Tests
+// ──────────────────────────────────────────────────
+
+test('test that client multiselect filters work on detailed reporting page', async ({
+    page,
+    ctx,
+}) => {
+    const client1 = 'DetailClient1 ' + Math.floor(Math.random() * 10000);
+    const project1 = 'DetailClientProj1 ' + Math.floor(Math.random() * 10000);
+    const project2 = 'DetailClientProj2 ' + Math.floor(Math.random() * 10000);
+
+    const c1 = await createClientViaApi(ctx, { name: client1 });
+    const p1 = await createProjectViaApi(ctx, { name: project1, client_id: c1.id });
+    const p2 = await createProjectViaApi(ctx, { name: project2 });
+    await createTimeEntryViaApi(ctx, {
+        description: `Entry for ${project1}`,
+        duration: '1h',
+        projectId: p1.id,
+    });
+    await createTimeEntryViaApi(ctx, {
+        description: `Entry for ${project2}`,
+        duration: '2h',
+        projectId: p2.id,
+    });
+
+    await goToReportingDetailed(page);
+
+    await expect(page.getByText(`Entry for ${project1}`).first()).toBeVisible();
+    await expect(page.getByText(`Entry for ${project2}`).first()).toBeVisible();
+
+    // Filter by client1
+    await page.getByRole('button', { name: 'Clients' }).first().click();
+    await page.getByRole('option').filter({ hasText: client1 }).click();
+
+    await Promise.all([page.keyboard.press('Escape'), waitForDetailedReportingUpdate(page)]);
+
+    // Only entries for project1 (with client1) should be visible
+    await expect(page.getByText(`Entry for ${project1}`).first()).toBeVisible();
+    await expect(page.getByText(`Entry for ${project2}`).first()).not.toBeVisible();
+});
+
+// ──────────────────────────────────────────────────
+// Task Filter Tests
+// ──────────────────────────────────────────────────
+
+test('test that task multiselect dropdown filters reporting by task', async ({ page, ctx }) => {
+    const projectName = 'TaskFilterProj ' + Math.floor(Math.random() * 10000);
+    const task1 = 'TaskFilter1 ' + Math.floor(Math.random() * 10000);
+    const task2 = 'TaskFilter2 ' + Math.floor(Math.random() * 10000);
+
+    const project = await createProjectViaApi(ctx, { name: projectName });
+    const t1 = await createTaskViaApi(ctx, { name: task1, project_id: project.id });
+    const t2 = await createTaskViaApi(ctx, { name: task2, project_id: project.id });
+    await createTimeEntryViaApi(ctx, {
+        description: `Entry for ${projectName} - ${task1}`,
+        duration: '1h',
+        projectId: project.id,
+        taskId: t1.id,
+    });
+    await createTimeEntryViaApi(ctx, {
+        description: `Entry for ${projectName} - ${task2}`,
+        duration: '2h',
+        projectId: project.id,
+        taskId: t2.id,
+    });
+
+    // Use the detailed view to verify task filtering (shows individual entries)
+    await goToReportingDetailed(page);
+
+    await expect(page.getByText(`Entry for ${projectName} - ${task1}`).first()).toBeVisible();
+    await expect(page.getByText(`Entry for ${projectName} - ${task2}`).first()).toBeVisible();
+
+    // Open task multiselect dropdown
+    await page.getByRole('button', { name: 'Tasks' }).first().click();
+
+    // Verify both tasks appear
+    await expect(page.getByRole('option').filter({ hasText: task1 })).toBeVisible();
+    await expect(page.getByRole('option').filter({ hasText: task2 })).toBeVisible();
+
+    // Select task1
+    await page.getByRole('option').filter({ hasText: task1 }).click();
+
+    await Promise.all([page.keyboard.press('Escape'), waitForDetailedReportingUpdate(page)]);
+
+    // Verify badge shows count of 1
+    await expect(page.getByRole('button', { name: 'Tasks' }).first().getByText('1')).toBeVisible();
+
+    // Verify only task1 entry is shown
+    await expect(page.getByText(`Entry for ${projectName} - ${task1}`).first()).toBeVisible();
+    await expect(page.getByText(`Entry for ${projectName} - ${task2}`).first()).not.toBeVisible();
+});
+
+test('test that selecting multiple tasks shows correct badge count', async ({ page, ctx }) => {
+    const projectName = 'MultiTaskProj ' + Math.floor(Math.random() * 10000);
+    const task1 = 'MultiTask1 ' + Math.floor(Math.random() * 10000);
+    const task2 = 'MultiTask2 ' + Math.floor(Math.random() * 10000);
+
+    const project = await createProjectViaApi(ctx, { name: projectName });
+    const t1 = await createTaskViaApi(ctx, { name: task1, project_id: project.id });
+    const t2 = await createTaskViaApi(ctx, { name: task2, project_id: project.id });
+    await createTimeEntryViaApi(ctx, {
+        description: `Entry for ${projectName} - ${task1}`,
+        duration: '1h',
+        projectId: project.id,
+        taskId: t1.id,
+    });
+    await createTimeEntryViaApi(ctx, {
+        description: `Entry for ${projectName} - ${task2}`,
+        duration: '2h',
+        projectId: project.id,
+        taskId: t2.id,
+    });
+
+    // Use the detailed view to verify task filtering
+    await goToReportingDetailed(page);
+
+    await expect(page.getByText(`Entry for ${projectName} - ${task1}`).first()).toBeVisible();
+    await expect(page.getByText(`Entry for ${projectName} - ${task2}`).first()).toBeVisible();
+
+    // Select both tasks
+    await page.getByRole('button', { name: 'Tasks' }).first().click();
+    await page.getByRole('option').filter({ hasText: task1 }).click();
+    await page.getByRole('option').filter({ hasText: task2 }).click();
+
+    await Promise.all([page.keyboard.press('Escape'), waitForDetailedReportingUpdate(page)]);
+
+    // Verify badge shows count of 2
+    await expect(page.getByRole('button', { name: 'Tasks' }).first().getByText('2')).toBeVisible();
+
+    // Verify both task entries are shown
+    await expect(page.getByText(`Entry for ${projectName} - ${task1}`).first()).toBeVisible();
+    await expect(page.getByText(`Entry for ${projectName} - ${task2}`).first()).toBeVisible();
+});
+
+test('test that deselecting a task removes the filter', async ({ page, ctx }) => {
+    const projectName = 'TaskDeselectProj ' + Math.floor(Math.random() * 10000);
+    const task1 = 'TaskDeselect1 ' + Math.floor(Math.random() * 10000);
+
+    const project = await createProjectViaApi(ctx, { name: projectName });
+    const t1 = await createTaskViaApi(ctx, { name: task1, project_id: project.id });
+    await createTimeEntryViaApi(ctx, {
+        description: `Entry for ${projectName} - ${task1}`,
+        duration: '1h',
+        projectId: project.id,
+        taskId: t1.id,
+    });
+
+    await goToReportingDetailed(page);
+    await expect(page.getByText(`Entry for ${projectName} - ${task1}`).first()).toBeVisible();
+
+    // Select task
+    await page.getByRole('button', { name: 'Tasks' }).first().click();
+    await page.getByRole('option').filter({ hasText: task1 }).click();
+    await Promise.all([page.keyboard.press('Escape'), waitForDetailedReportingUpdate(page)]);
+
+    await expect(page.getByRole('button', { name: 'Tasks' }).first().getByText('1')).toBeVisible();
+
+    // Deselect task
+    await page.getByRole('button', { name: 'Tasks' }).first().click();
+    await page.getByRole('option').filter({ hasText: task1 }).click();
+    await Promise.all([page.keyboard.press('Escape'), waitForDetailedReportingUpdate(page)]);
+
+    await expect(
+        page.getByRole('button', { name: 'Tasks' }).first().getByText(/^\d+$/)
+    ).not.toBeVisible();
+});
+
+// ──────────────────────────────────────────────────
+// Member Filter Tests
+// ──────────────────────────────────────────────────
+
+test('test that member multiselect filters work on detailed reporting page', async ({
+    page,
+    ctx,
+}) => {
+    const projectName = 'DetailMemberProj ' + Math.floor(Math.random() * 10000);
+
+    const project = await createProjectViaApi(ctx, { name: projectName });
+    await createTimeEntryViaApi(ctx, {
+        description: `Entry for ${projectName}`,
+        duration: '1h',
+        projectId: project.id,
+    });
+
+    await goToReportingDetailed(page);
+    await expect(page.getByText(`Entry for ${projectName}`).first()).toBeVisible();
+
+    // Filter by the current member
+    await page.getByRole('button', { name: 'Members' }).first().click();
+    await page.getByRole('option').filter({ hasText: 'John Doe' }).click();
+
+    await Promise.all([page.keyboard.press('Escape'), waitForDetailedReportingUpdate(page)]);
+
+    // Data should still be visible since all entries belong to this member
+    await expect(page.getByText(`Entry for ${projectName}`).first()).toBeVisible();
+
+    // Verify badge shows count of 1
+    await expect(
+        page.getByRole('button', { name: 'Members' }).first().getByText('1')
+    ).toBeVisible();
+});
+
+// ──────────────────────────────────────────────────
+// Tag Filter Tests
+// ──────────────────────────────────────────────────
+
+test('test that tag filter works on detailed reporting page', async ({ page, ctx }) => {
+    const tag1 = 'DetailTag1 ' + Math.floor(Math.random() * 10000);
+    const tag2 = 'DetailTag2 ' + Math.floor(Math.random() * 10000);
+
+    await createTimeEntryWithTagViaApi(ctx, tag1, '1h');
+    await createTimeEntryWithTagViaApi(ctx, tag2, '2h');
+
+    await goToReportingDetailed(page);
+
+    await expect(page.getByText(`Entry with tag ${tag1}`).first()).toBeVisible();
+    await expect(page.getByText(`Entry with tag ${tag2}`).first()).toBeVisible();
+
+    // Filter by tag1
+    await page.getByRole('button', { name: 'Tags' }).click();
+    await page.getByRole('option').filter({ hasText: tag1 }).click();
+
+    await Promise.all([page.keyboard.press('Escape'), waitForDetailedReportingUpdate(page)]);
+
+    await expect(page.getByText(`Entry with tag ${tag1}`).first()).toBeVisible();
+    await expect(page.getByText(`Entry with tag ${tag2}`).first()).not.toBeVisible();
+});
+
+// ──────────────────────────────────────────────────
+// Billable Filter Tests
+// ──────────────────────────────────────────────────
+
+test('test that billable filter works on detailed reporting page', async ({ page, ctx }) => {
+    const projectName = 'DetailBillProj ' + Math.floor(Math.random() * 10000);
+
+    const project = await createProjectViaApi(ctx, { name: projectName });
+    await createTimeEntryViaApi(ctx, {
+        description: `Entry for ${projectName}`,
+        duration: '1h',
+        projectId: project.id,
+    });
+
+    await goToReportingDetailed(page);
+    await expect(page.getByText(`Entry for ${projectName}`).first()).toBeVisible();
+
+    // Filter by billable only
+    await page.getByRole('combobox').filter({ hasText: 'Billable' }).click();
+    await Promise.all([
+        page.getByRole('option', { name: 'Billable', exact: true }).click(),
+        waitForDetailedReportingUpdate(page),
+    ]);
+
+    // Switch to Non Billable
+    await page.getByRole('combobox').filter({ hasText: 'Billable' }).click();
+    await Promise.all([
+        page.getByRole('option', { name: 'Non Billable', exact: true }).click(),
+        waitForDetailedReportingUpdate(page),
+    ]);
+
+    // Switch back to Both
+    await page.getByRole('combobox').filter({ hasText: 'Non Billable' }).click();
+    await Promise.all([
+        page.getByRole('option', { name: 'Both' }).click(),
+        waitForDetailedReportingUpdate(page),
+    ]);
+});
+
+// ──────────────────────────────────────────────────
+// Combined Filter Tests
+// ──────────────────────────────────────────────────
+
+test('test that combining project and task filters narrows results', async ({ page, ctx }) => {
+    const projectName = 'CombinedProj ' + Math.floor(Math.random() * 10000);
+    const otherProject = 'OtherCombProj ' + Math.floor(Math.random() * 10000);
+    const task1 = 'CombinedTask1 ' + Math.floor(Math.random() * 10000);
+
+    const p1 = await createProjectViaApi(ctx, { name: projectName });
+    const p2 = await createProjectViaApi(ctx, { name: otherProject });
+    const t1 = await createTaskViaApi(ctx, { name: task1, project_id: p1.id });
+    await createTimeEntryViaApi(ctx, {
+        description: `Entry for ${projectName} - ${task1}`,
+        duration: '1h',
+        projectId: p1.id,
+        taskId: t1.id,
+    });
+    await createTimeEntryViaApi(ctx, {
+        description: `Entry for ${otherProject}`,
+        duration: '2h',
+        projectId: p2.id,
+    });
+
+    await goToReportingDetailed(page);
+
+    await expect(page.getByText(`Entry for ${projectName} - ${task1}`).first()).toBeVisible();
+    await expect(page.getByText(`Entry for ${otherProject}`).first()).toBeVisible();
+
+    // Filter by project
+    await page.getByRole('button', { name: 'Projects' }).first().click();
+    await page.getByRole('option').filter({ hasText: projectName }).click();
+    await Promise.all([page.keyboard.press('Escape'), waitForDetailedReportingUpdate(page)]);
+
+    // Additionally filter by task
+    await page.getByRole('button', { name: 'Tasks' }).first().click();
+    await page.getByRole('option').filter({ hasText: task1 }).click();
+    await Promise.all([page.keyboard.press('Escape'), waitForDetailedReportingUpdate(page)]);
+
+    // Verify both badges show count of 1
+    await expect(
+        page.getByRole('button', { name: 'Projects' }).first().getByText('1')
+    ).toBeVisible();
+    await expect(page.getByRole('button', { name: 'Tasks' }).first().getByText('1')).toBeVisible();
+
+    // Verify only the combined entry is shown
+    await expect(page.getByText(`Entry for ${projectName} - ${task1}`).first()).toBeVisible();
+    await expect(page.getByText(`Entry for ${otherProject}`).first()).not.toBeVisible();
+});
+
+test('test that combining client and member filters narrows results on detailed page', async ({
+    page,
+    ctx,
+}) => {
+    const client1 = 'CombClient ' + Math.floor(Math.random() * 10000);
+    const project1 = 'CombClientProj ' + Math.floor(Math.random() * 10000);
+    const project2 = 'CombNoClientProj ' + Math.floor(Math.random() * 10000);
+
+    const c1 = await createClientViaApi(ctx, { name: client1 });
+    const p1 = await createProjectViaApi(ctx, { name: project1, client_id: c1.id });
+    const p2 = await createProjectViaApi(ctx, { name: project2 });
+    await createTimeEntryViaApi(ctx, {
+        description: `Entry for ${project1}`,
+        duration: '1h',
+        projectId: p1.id,
+    });
+    await createTimeEntryViaApi(ctx, {
+        description: `Entry for ${project2}`,
+        duration: '2h',
+        projectId: p2.id,
+    });
+
+    await goToReportingDetailed(page);
+
+    await expect(page.getByText(`Entry for ${project1}`).first()).toBeVisible();
+    await expect(page.getByText(`Entry for ${project2}`).first()).toBeVisible();
+
+    // Filter by client
+    await page.getByRole('button', { name: 'Clients' }).first().click();
+    await page.getByRole('option').filter({ hasText: client1 }).click();
+    await Promise.all([page.keyboard.press('Escape'), waitForDetailedReportingUpdate(page)]);
+
+    // Additionally filter by member
+    await page.getByRole('button', { name: 'Members' }).first().click();
+    await page.getByRole('option').filter({ hasText: 'John Doe' }).click();
+    await Promise.all([page.keyboard.press('Escape'), waitForDetailedReportingUpdate(page)]);
+
+    // Only project1 entry should be visible (filtered by client + member)
+    await expect(page.getByText(`Entry for ${project1}`).first()).toBeVisible();
+    await expect(page.getByText(`Entry for ${project2}`).first()).not.toBeVisible();
+
+    // Both badges should show count of 1
+    await expect(
+        page.getByRole('button', { name: 'Clients' }).first().getByText('1')
+    ).toBeVisible();
+    await expect(
+        page.getByRole('button', { name: 'Members' }).first().getByText('1')
+    ).toBeVisible();
+});
+
+test('test that combining tag and project filters narrows results', async ({ page, ctx }) => {
+    const tag1 = 'CombTag ' + Math.floor(Math.random() * 10000);
+    const project1 = 'CombTagProj ' + Math.floor(Math.random() * 10000);
+
+    const p1 = await createProjectViaApi(ctx, { name: project1 });
+
+    // Create a time entry with a project (no tag)
+    await createTimeEntryViaApi(ctx, {
+        description: `Entry for ${project1}`,
+        duration: '1h',
+        projectId: p1.id,
+    });
+
+    // Create a time entry with a tag (no specific project)
+    await createTimeEntryWithTagViaApi(ctx, tag1, '2h');
+
+    await goToReportingDetailed(page);
+
+    await expect(page.getByText(`Entry for ${project1}`).first()).toBeVisible();
+    await expect(page.getByText(`Entry with tag ${tag1}`).first()).toBeVisible();
+
+    // Filter by project
+    await page.getByRole('button', { name: 'Projects' }).first().click();
+    await page.getByRole('option').filter({ hasText: project1 }).click();
+    await Promise.all([page.keyboard.press('Escape'), waitForDetailedReportingUpdate(page)]);
+
+    // Only the project entry should be visible (tagged entry has no project)
+    await expect(page.getByText(`Entry for ${project1}`).first()).toBeVisible();
+    await expect(page.getByText(`Entry with tag ${tag1}`).first()).not.toBeVisible();
+});
+
+// ──────────────────────────────────────────────────
+// "No X" Filter Tests
+// ──────────────────────────────────────────────────
+
+test('test that "No Project" filter shows entries without a project', async ({ page, ctx }) => {
+    const project1 = 'NoProj1 ' + Math.floor(Math.random() * 10000);
+
+    const p1 = await createProjectViaApi(ctx, { name: project1 });
+    await createTimeEntryViaApi(ctx, {
+        description: `Entry for ${project1}`,
+        duration: '1h',
+        projectId: p1.id,
+    });
+    await createBareTimeEntryViaApi(ctx, 'Bare entry no project', '30min');
+
+    await goToReportingDetailed(page);
+
+    await expect(page.getByText(`Entry for ${project1}`).first()).toBeVisible();
+    await expect(page.getByText('Bare entry no project').first()).toBeVisible();
+
+    // Open project dropdown and select "No Project"
+    await page.getByRole('button', { name: 'Projects' }).first().click();
+    await page.getByRole('option').filter({ hasText: 'No Project' }).click();
+
+    await Promise.all([page.keyboard.press('Escape'), waitForDetailedReportingUpdate(page)]);
+
+    // Verify badge shows 1
+    await expect(
+        page.getByRole('button', { name: 'Projects' }).first().getByText('1')
+    ).toBeVisible();
+
+    // Only the bare entry (no project) should be visible
+    await expect(page.getByText('Bare entry no project').first()).toBeVisible();
+    await expect(page.getByText(`Entry for ${project1}`).first()).not.toBeVisible();
+});
+
+test('test that "No Task" filter shows entries without a task', async ({ page, ctx }) => {
+    const projectName = 'NoTaskProj ' + Math.floor(Math.random() * 10000);
+    const task1 = 'NoTaskFilter1 ' + Math.floor(Math.random() * 10000);
+
+    const project = await createProjectViaApi(ctx, { name: projectName });
+    const t1 = await createTaskViaApi(ctx, { name: task1, project_id: project.id });
+    await createTimeEntryViaApi(ctx, {
+        description: `Entry for ${projectName} - ${task1}`,
+        duration: '1h',
+        projectId: project.id,
+        taskId: t1.id,
+    });
+    await createTimeEntryViaApi(ctx, {
+        description: `Entry for ${projectName}`,
+        duration: '30min',
+        projectId: project.id,
+    });
+
+    await goToReportingDetailed(page);
+
+    await expect(page.getByText(`Entry for ${projectName} - ${task1}`).first()).toBeVisible();
+    await expect(page.getByText(`Entry for ${projectName}`).first()).toBeVisible();
+
+    // Open task dropdown and select "No Task"
+    await page.getByRole('button', { name: 'Tasks' }).first().click();
+    await page.getByRole('option').filter({ hasText: 'No Task' }).click();
+
+    await Promise.all([page.keyboard.press('Escape'), waitForDetailedReportingUpdate(page)]);
+
+    await expect(page.getByRole('button', { name: 'Tasks' }).first().getByText('1')).toBeVisible();
+
+    // Only the entry without a task should be visible
+    await expect(page.getByText(`Entry for ${projectName} - ${task1}`).first()).not.toBeVisible();
+});
+
+test('test that "No Tag" filter shows entries without tags', async ({ page, ctx }) => {
+    const tag1 = 'NoTagFilter1 ' + Math.floor(Math.random() * 10000);
+
+    await createTimeEntryWithTagViaApi(ctx, tag1, '1h');
+    await createBareTimeEntryViaApi(ctx, 'Entry without any tag', '30min');
+
+    await goToReportingDetailed(page);
+
+    await expect(page.getByText(`Entry with tag ${tag1}`).first()).toBeVisible();
+    await expect(page.getByText('Entry without any tag').first()).toBeVisible();
+
+    // Open tag dropdown and select "No Tag"
+    await page.getByRole('button', { name: 'Tags' }).click();
+    await page.getByRole('option').filter({ hasText: 'No Tag' }).click();
+
+    await Promise.all([page.keyboard.press('Escape'), waitForDetailedReportingUpdate(page)]);
+
+    await expect(page.getByRole('button', { name: 'Tags' }).getByText('1')).toBeVisible();
+
+    await expect(page.getByText('Entry without any tag').first()).toBeVisible();
+    await expect(page.getByText(`Entry with tag ${tag1}`).first()).not.toBeVisible();
+});
+
+test('test that "No Client" filter shows entries without a client', async ({ page, ctx }) => {
+    const client1 = 'NoClientFilter ' + Math.floor(Math.random() * 10000);
+    const projectWithClient = 'NoClientProj1 ' + Math.floor(Math.random() * 10000);
+    const projectNoClient = 'NoClientProj2 ' + Math.floor(Math.random() * 10000);
+
+    const c1 = await createClientViaApi(ctx, { name: client1 });
+    const pWithClient = await createProjectViaApi(ctx, {
+        name: projectWithClient,
+        client_id: c1.id,
+    });
+    const pNoClient = await createProjectViaApi(ctx, { name: projectNoClient });
+    await createTimeEntryViaApi(ctx, {
+        description: `Entry for ${projectWithClient}`,
+        duration: '1h',
+        projectId: pWithClient.id,
+    });
+    await createTimeEntryViaApi(ctx, {
+        description: `Entry for ${projectNoClient}`,
+        duration: '30min',
+        projectId: pNoClient.id,
+    });
+
+    await goToReportingDetailed(page);
+
+    await expect(page.getByText(`Entry for ${projectWithClient}`).first()).toBeVisible();
+    await expect(page.getByText(`Entry for ${projectNoClient}`).first()).toBeVisible();
+
+    // Open client dropdown and select "No Client"
+    await page.getByRole('button', { name: 'Clients' }).first().click();
+    await page.getByRole('option').filter({ hasText: 'No Client' }).click();
+
+    await Promise.all([page.keyboard.press('Escape'), waitForDetailedReportingUpdate(page)]);
+
+    await expect(
+        page.getByRole('button', { name: 'Clients' }).first().getByText('1')
+    ).toBeVisible();
+
+    await expect(page.getByText(`Entry for ${projectNoClient}`).first()).toBeVisible();
+    await expect(page.getByText(`Entry for ${projectWithClient}`).first()).not.toBeVisible();
+});
+
+test('test that combining "No Project" with a project ID shows both', async ({ page, ctx }) => {
+    const project1 = 'CombNoProj ' + Math.floor(Math.random() * 10000);
+
+    const p1 = await createProjectViaApi(ctx, { name: project1 });
+    await createTimeEntryViaApi(ctx, {
+        description: `Entry for ${project1}`,
+        duration: '1h',
+        projectId: p1.id,
+    });
+    await createBareTimeEntryViaApi(ctx, 'Bare combined entry', '30min');
+
+    await goToReportingDetailed(page);
+
+    await expect(page.getByText(`Entry for ${project1}`).first()).toBeVisible();
+    await expect(page.getByText('Bare combined entry').first()).toBeVisible();
+
+    // Select both "No Project" and the specific project
+    await page.getByRole('button', { name: 'Projects' }).first().click();
+    await page.getByRole('option').filter({ hasText: 'No Project' }).click();
+    await page.getByRole('option').filter({ hasText: project1 }).click();
+
+    await Promise.all([page.keyboard.press('Escape'), waitForDetailedReportingUpdate(page)]);
+
+    // Badge should show 2
+    await expect(
+        page.getByRole('button', { name: 'Projects' }).first().getByText('2')
+    ).toBeVisible();
+
+    // Both entries should be visible
+    await expect(page.getByText(`Entry for ${project1}`).first()).toBeVisible();
+    await expect(page.getByText('Bare combined entry').first()).toBeVisible();
+});
+
+// ──────────────────────────────────────────────────
+// Keyboard Navigation Tests
+// ──────────────────────────────────────────────────
+
+test('test that keyboard navigation works in multiselect dropdown', async ({ page, ctx }) => {
+    const project1 = 'KbNavProj1 ' + Math.floor(Math.random() * 10000);
+    const project2 = 'KbNavProj2 ' + Math.floor(Math.random() * 10000);
+
+    const p1 = await createProjectViaApi(ctx, { name: project1 });
+    const p2 = await createProjectViaApi(ctx, { name: project2 });
+    await createTimeEntryViaApi(ctx, {
+        description: `Entry for ${project1}`,
+        duration: '1h',
+        projectId: p1.id,
+    });
+    await createTimeEntryViaApi(ctx, {
+        description: `Entry for ${project2}`,
+        duration: '2h',
+        projectId: p2.id,
+    });
+
+    await goToReportingDetailed(page);
+    await expect(page.getByText(`Entry for ${project1}`).first()).toBeVisible();
+
+    // Open project dropdown
+    await page.getByRole('button', { name: 'Projects' }).first().click();
+
+    // The search input should be focused, first item ("No Project") highlighted
+    await expect(page.getByPlaceholder('Search for a Project...')).toBeFocused();
+
+    // Press ArrowDown to move to first project, then Enter to select it
+    await page.keyboard.press('ArrowDown');
+    await page.keyboard.press('ArrowDown');
+    await page.keyboard.press('Enter');
+
+    // Close dropdown and verify filter applied
+    await Promise.all([page.keyboard.press('Escape'), waitForDetailedReportingUpdate(page)]);
+
+    // Badge should show 1
+    await expect(
+        page.getByRole('button', { name: 'Projects' }).first().getByText('1')
+    ).toBeVisible();
+});