use staging

run auth with debug
Revert "submissions: refactor auth to only make requests when needed"
2024-12-30 05:08:41 -08:00 · 2024-12-28 22:11:16 -08:00 · 2024-12-28 22:11:16 -08:00 · 2024-12-28 17:20:27 -08:00 · 2024-12-27 18:50:36 -08:00 · 2024-12-27 18:50:24 -08:00
153 changed files with 33521 additions and 4701 deletions
--- a/.drone.yml
+++ b/.drone.yml
@@ -0,0 +1,88 @@
+---
+kind: pipeline
+type: docker
+
+platform:
+  os: linux
+  arch: amd64
+
+steps:
+  - name: api
+    image: plugins/docker
+    settings:
+      registry: registry.itzana.me
+      repo: registry.itzana.me/strafesnet/maptest-api
+      tags:
+        - ${DRONE_BRANCH}-${DRONE_BUILD_NUMBER}
+        - ${DRONE_BRANCH}
+      username:
+        from_secret: REGISTRY_USER
+      password:
+        from_secret: REGISTRY_PASS
+      dockerfile: Containerfile
+      context: .
+    when:
+      branch:
+        - master
+        - staging
+
+  - name: frontend
+    image: plugins/docker
+    settings:
+      registry: registry.itzana.me
+      repo: registry.itzana.me/strafesnet/maptest-frontend
+      tags:
+        - ${DRONE_BRANCH}-${DRONE_BUILD_NUMBER}
+        - ${DRONE_BRANCH}
+      username:
+        from_secret: REGISTRY_USER
+      password:
+        from_secret: REGISTRY_PASS
+      dockerfile: web/Containerfile
+      context: web
+    when:
+      branch:
+        - master
+        - staging
+
+  - name: validator
+    image: plugins/docker
+    settings:
+      registry: registry.itzana.me
+      repo: registry.itzana.me/strafesnet/maptest-validator
+      tags:
+        - ${DRONE_BRANCH}-${DRONE_BUILD_NUMBER}
+        - ${DRONE_BRANCH}
+      username:
+        from_secret: REGISTRY_USER
+      password:
+        from_secret: REGISTRY_PASS
+      dockerfile: validation/Containerfile
+      context: validation
+    when:
+      branch:
+        - master
+        - staging
+
+  - name: deploy
+    image: argoproj/argocd:latest
+    commands:
+      - echo "Deploy!" # Not going to do actually do this until 
+    environment:
+      USERNAME:
+        from_secret: ARGO_USER
+      PASSWORD:
+        from_secret: ARGO_PASS
+    depends_on:
+      - api
+      - frontend
+      - validator
+    when:
+      branch:
+        - master
+        - staging
+---
+kind: signature
+hmac: 9958fd5b01af1ebcc75f7277fe71eb5336b899445c359cecf1b14e83b3d05059
+
+...
--- a/.gitignore
+++ b/.gitignore
@@ -0,0 +1 @@
+.idea
--- a/33
+++ b/33
@@ -0,0 +1,33 @@
+# Stage 1: Build
+FROM docker.io/golang:1.23 AS builder
+
+# Set the working directory in the container
+WORKDIR /app
+
+# Copy go.mod and go.sum files
+COPY go.mod go.sum ./
+
+# Copy the entire project
+COPY . .
+
+# Build the Go application
+RUN CGO_ENABLED=0 GOOS=linux go build -o service ./cmd/maps-service/service.go
+
+# Stage 2: Run
+FROM alpine
+
+# Set up a non-root user for security
+RUN addgroup -S appgroup && adduser -S appuser -G appgroup
+USER appuser
+
+# Set the working directory in the container
+WORKDIR /home/appuser
+
+# Copy the built application from the builder stage
+COPY --from=builder /app/service .
+
+# Expose application port (adjust if needed)
+EXPOSE 8081
+
+# Command to run the application
+ENTRYPOINT ["./service"]
--- a/23
+++ b/23
@@ -0,0 +1,23 @@
+Permission is hereby granted, free of charge, to any
+person obtaining a copy of this software and associated
+documentation files (the "Software"), to deal in the
+Software without restriction, including without
+limitation the rights to use, copy, modify, merge,
+publish, distribute, sublicense, and/or sell copies of
+the Software, and to permit persons to whom the Software
+is furnished to do so, subject to the following
+conditions:
+
+The above copyright notice and this permission notice
+shall be included in all copies or substantial portions
+of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF
+ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED
+TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
+PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT
+SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR
+IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+DEALINGS IN THE SOFTWARE.
--- a/12
+++ b/12
@@ -0,0 +1,12 @@
+submissions:
+	DOCKER_BUILDKIT=1 docker build . -f Containerfile -t maps-service-submissions
+
+web:
+	docker build web -f web/Containerfile -t maps-service-web
+
+validation:
+	docker build validation -f validation/Containerfile -t maps-service-validation
+
+all: submissions web validation
+
+.PHONY: submissions web validation
--- a/README.md
+++ b/README.md
@@ -1,6 +1,15 @@
-# STRAFES.NET API
+# STRAFES.NET Map Submission System

-## How to Begin Development
+## Components
+- Submissions API (golang) `pkg/` `cmd/`
+- Website `/web/`
+- Script Validation (rust) `validation/`
+
+## How to Begin Development on Each Component
+
+### Submissions API
+
+Prerequisite: golang installed

 1. Run `go generate` to ensure the generated API is up-to-date. This project uses [ogen](https://github.com/ogen-go/ogen).
    ```bash
@@ -12,3 +21,38 @@
    ```

    By default, the project opens at `localhost:8080`.
+
+### Website
+
+Prerequisite: bun installed
+
+1. `cd web`
+2. `bun install`
+
+#### For development:
+3. `bun run dev`
+
+#### For production:
+3. `bun run build`
+4. `bun run start` (optionally start a node server)
+
+### Script Validation
+
+Prerequisite: rust installed
+
+1. `cd validation`
+2. `cargo run --release`
+
+#### License
+
+<sup>
+Licensed under <a href="LICENSE">MIT license</a>.
+</sup>
+
+<br>
+
+<sub>
+Unless you explicitly state otherwise, any contribution intentionally submitted
+for inclusion in this project by you, shall be licensed as above, without any
+additional terms or conditions.
+</sub>
--- a/api/oas_client_gen.go
+++ b/api/oas_client_gen.go
@@ -1,724 +0,0 @@
-// Code generated by ogen, DO NOT EDIT.
-
-package api
-
-import (
-	"context"
-	"net/url"
-	"strings"
-	"time"
-
-	"github.com/go-faster/errors"
-	"go.opentelemetry.io/otel/attribute"
-	"go.opentelemetry.io/otel/codes"
-	"go.opentelemetry.io/otel/metric"
-	semconv "go.opentelemetry.io/otel/semconv/v1.26.0"
-	"go.opentelemetry.io/otel/trace"
-
-	"github.com/ogen-go/ogen/conv"
-	ht "github.com/ogen-go/ogen/http"
-	"github.com/ogen-go/ogen/otelogen"
-	"github.com/ogen-go/ogen/uri"
-)
-
-// Invoker invokes operations described by OpenAPI v3 specification.
-type Invoker interface {
-	// CreateSubmission invokes createSubmission operation.
-	//
-	// Create new submission.
-	//
-	// POST /submissions
-	CreateSubmission(ctx context.Context) (*Submission, error)
-	// GetSubmission invokes getSubmission operation.
-	//
-	// Retrieve map with ID.
-	//
-	// GET /submissions/{SubmissionID}
-	GetSubmission(ctx context.Context, params GetSubmissionParams) (*Submission, error)
-	// ListSubmissions invokes listSubmissions operation.
-	//
-	// Get list of submissions.
-	//
-	// GET /submissions
-	ListSubmissions(ctx context.Context, params ListSubmissionsParams) ([]Submission, error)
-	// PatchSubmissionCompleted invokes patchSubmissionCompleted operation.
-	//
-	// Retrieve map with ID.
-	//
-	// PATCH /submissions/{SubmissionID}/completed
-	PatchSubmissionCompleted(ctx context.Context, params PatchSubmissionCompletedParams) error
-	// PatchSubmissionModel invokes patchSubmissionModel operation.
-	//
-	// Update model following role restrictions.
-	//
-	// PATCH /submissions/{SubmissionID}/model
-	PatchSubmissionModel(ctx context.Context, params PatchSubmissionModelParams) error
-	// PatchSubmissionStatus invokes patchSubmissionStatus operation.
-	//
-	// Update status following role restrictions.
-	//
-	// PATCH /submissions/{SubmissionID}/status
-	PatchSubmissionStatus(ctx context.Context, params PatchSubmissionStatusParams) error
-}
-
-// Client implements OAS client.
-type Client struct {
-	serverURL *url.URL
-	baseClient
-}
-type errorHandler interface {
-	NewError(ctx context.Context, err error) *ErrorStatusCode
-}
-
-var _ Handler = struct {
-	errorHandler
-	*Client
-}{}
-
-func trimTrailingSlashes(u *url.URL) {
-	u.Path = strings.TrimRight(u.Path, "/")
-	u.RawPath = strings.TrimRight(u.RawPath, "/")
-}
-
-// NewClient initializes new Client defined by OAS.
-func NewClient(serverURL string, opts ...ClientOption) (*Client, error) {
-	u, err := url.Parse(serverURL)
-	if err != nil {
-		return nil, err
-	}
-	trimTrailingSlashes(u)
-
-	c, err := newClientConfig(opts...).baseClient()
-	if err != nil {
-		return nil, err
-	}
-	return &Client{
-		serverURL:  u,
-		baseClient: c,
-	}, nil
-}
-
-type serverURLKey struct{}
-
-// WithServerURL sets context key to override server URL.
-func WithServerURL(ctx context.Context, u *url.URL) context.Context {
-	return context.WithValue(ctx, serverURLKey{}, u)
-}
-
-func (c *Client) requestURL(ctx context.Context) *url.URL {
-	u, ok := ctx.Value(serverURLKey{}).(*url.URL)
-	if !ok {
-		return c.serverURL
-	}
-	return u
-}
-
-// CreateSubmission invokes createSubmission operation.
-//
-// Create new submission.
-//
-// POST /submissions
-func (c *Client) CreateSubmission(ctx context.Context) (*Submission, error) {
-	res, err := c.sendCreateSubmission(ctx)
-	return res, err
-}
-
-func (c *Client) sendCreateSubmission(ctx context.Context) (res *Submission, err error) {
-	otelAttrs := []attribute.KeyValue{
-		otelogen.OperationID("createSubmission"),
-		semconv.HTTPRequestMethodKey.String("POST"),
-		semconv.HTTPRouteKey.String("/submissions"),
-	}
-
-	// Run stopwatch.
-	startTime := time.Now()
-	defer func() {
-		// Use floating point division here for higher precision (instead of Millisecond method).
-		elapsedDuration := time.Since(startTime)
-		c.duration.Record(ctx, float64(float64(elapsedDuration)/float64(time.Millisecond)), metric.WithAttributes(otelAttrs...))
-	}()
-
-	// Increment request counter.
-	c.requests.Add(ctx, 1, metric.WithAttributes(otelAttrs...))
-
-	// Start a span for this request.
-	ctx, span := c.cfg.Tracer.Start(ctx, "CreateSubmission",
-		trace.WithAttributes(otelAttrs...),
-		clientSpanKind,
-	)
-	// Track stage for error reporting.
-	var stage string
-	defer func() {
-		if err != nil {
-			span.RecordError(err)
-			span.SetStatus(codes.Error, stage)
-			c.errors.Add(ctx, 1, metric.WithAttributes(otelAttrs...))
-		}
-		span.End()
-	}()
-
-	stage = "BuildURL"
-	u := uri.Clone(c.requestURL(ctx))
-	var pathParts [1]string
-	pathParts[0] = "/submissions"
-	uri.AddPathParts(u, pathParts[:]...)
-
-	stage = "EncodeRequest"
-	r, err := ht.NewRequest(ctx, "POST", u)
-	if err != nil {
-		return res, errors.Wrap(err, "create request")
-	}
-
-	stage = "SendRequest"
-	resp, err := c.cfg.Client.Do(r)
-	if err != nil {
-		return res, errors.Wrap(err, "do request")
-	}
-	defer resp.Body.Close()
-
-	stage = "DecodeResponse"
-	result, err := decodeCreateSubmissionResponse(resp)
-	if err != nil {
-		return res, errors.Wrap(err, "decode response")
-	}
-
-	return result, nil
-}
-
-// GetSubmission invokes getSubmission operation.
-//
-// Retrieve map with ID.
-//
-// GET /submissions/{SubmissionID}
-func (c *Client) GetSubmission(ctx context.Context, params GetSubmissionParams) (*Submission, error) {
-	res, err := c.sendGetSubmission(ctx, params)
-	return res, err
-}
-
-func (c *Client) sendGetSubmission(ctx context.Context, params GetSubmissionParams) (res *Submission, err error) {
-	otelAttrs := []attribute.KeyValue{
-		otelogen.OperationID("getSubmission"),
-		semconv.HTTPRequestMethodKey.String("GET"),
-		semconv.HTTPRouteKey.String("/submissions/{SubmissionID}"),
-	}
-
-	// Run stopwatch.
-	startTime := time.Now()
-	defer func() {
-		// Use floating point division here for higher precision (instead of Millisecond method).
-		elapsedDuration := time.Since(startTime)
-		c.duration.Record(ctx, float64(float64(elapsedDuration)/float64(time.Millisecond)), metric.WithAttributes(otelAttrs...))
-	}()
-
-	// Increment request counter.
-	c.requests.Add(ctx, 1, metric.WithAttributes(otelAttrs...))
-
-	// Start a span for this request.
-	ctx, span := c.cfg.Tracer.Start(ctx, "GetSubmission",
-		trace.WithAttributes(otelAttrs...),
-		clientSpanKind,
-	)
-	// Track stage for error reporting.
-	var stage string
-	defer func() {
-		if err != nil {
-			span.RecordError(err)
-			span.SetStatus(codes.Error, stage)
-			c.errors.Add(ctx, 1, metric.WithAttributes(otelAttrs...))
-		}
-		span.End()
-	}()
-
-	stage = "BuildURL"
-	u := uri.Clone(c.requestURL(ctx))
-	var pathParts [2]string
-	pathParts[0] = "/submissions/"
-	{
-		// Encode "SubmissionID" parameter.
-		e := uri.NewPathEncoder(uri.PathEncoderConfig{
-			Param:   "SubmissionID",
-			Style:   uri.PathStyleSimple,
-			Explode: false,
-		})
-		if err := func() error {
-			return e.EncodeValue(conv.Int64ToString(params.SubmissionID))
-		}(); err != nil {
-			return res, errors.Wrap(err, "encode path")
-		}
-		encoded, err := e.Result()
-		if err != nil {
-			return res, errors.Wrap(err, "encode path")
-		}
-		pathParts[1] = encoded
-	}
-	uri.AddPathParts(u, pathParts[:]...)
-
-	stage = "EncodeRequest"
-	r, err := ht.NewRequest(ctx, "GET", u)
-	if err != nil {
-		return res, errors.Wrap(err, "create request")
-	}
-
-	stage = "SendRequest"
-	resp, err := c.cfg.Client.Do(r)
-	if err != nil {
-		return res, errors.Wrap(err, "do request")
-	}
-	defer resp.Body.Close()
-
-	stage = "DecodeResponse"
-	result, err := decodeGetSubmissionResponse(resp)
-	if err != nil {
-		return res, errors.Wrap(err, "decode response")
-	}
-
-	return result, nil
-}
-
-// ListSubmissions invokes listSubmissions operation.
-//
-// Get list of submissions.
-//
-// GET /submissions
-func (c *Client) ListSubmissions(ctx context.Context, params ListSubmissionsParams) ([]Submission, error) {
-	res, err := c.sendListSubmissions(ctx, params)
-	return res, err
-}
-
-func (c *Client) sendListSubmissions(ctx context.Context, params ListSubmissionsParams) (res []Submission, err error) {
-	otelAttrs := []attribute.KeyValue{
-		otelogen.OperationID("listSubmissions"),
-		semconv.HTTPRequestMethodKey.String("GET"),
-		semconv.HTTPRouteKey.String("/submissions"),
-	}
-
-	// Run stopwatch.
-	startTime := time.Now()
-	defer func() {
-		// Use floating point division here for higher precision (instead of Millisecond method).
-		elapsedDuration := time.Since(startTime)
-		c.duration.Record(ctx, float64(float64(elapsedDuration)/float64(time.Millisecond)), metric.WithAttributes(otelAttrs...))
-	}()
-
-	// Increment request counter.
-	c.requests.Add(ctx, 1, metric.WithAttributes(otelAttrs...))
-
-	// Start a span for this request.
-	ctx, span := c.cfg.Tracer.Start(ctx, "ListSubmissions",
-		trace.WithAttributes(otelAttrs...),
-		clientSpanKind,
-	)
-	// Track stage for error reporting.
-	var stage string
-	defer func() {
-		if err != nil {
-			span.RecordError(err)
-			span.SetStatus(codes.Error, stage)
-			c.errors.Add(ctx, 1, metric.WithAttributes(otelAttrs...))
-		}
-		span.End()
-	}()
-
-	stage = "BuildURL"
-	u := uri.Clone(c.requestURL(ctx))
-	var pathParts [1]string
-	pathParts[0] = "/submissions"
-	uri.AddPathParts(u, pathParts[:]...)
-
-	stage = "EncodeQueryParams"
-	q := uri.NewQueryEncoder()
-	{
-		// Encode "page" parameter.
-		cfg := uri.QueryParameterEncodingConfig{
-			Name:    "page",
-			Style:   uri.QueryStyleForm,
-			Explode: true,
-		}
-
-		if err := q.EncodeParam(cfg, func(e uri.Encoder) error {
-			return params.Page.EncodeURI(e)
-		}); err != nil {
-			return res, errors.Wrap(err, "encode query")
-		}
-	}
-	{
-		// Encode "filter" parameter.
-		cfg := uri.QueryParameterEncodingConfig{
-			Name:    "filter",
-			Style:   uri.QueryStyleForm,
-			Explode: true,
-		}
-
-		if err := q.EncodeParam(cfg, func(e uri.Encoder) error {
-			if val, ok := params.Filter.Get(); ok {
-				return val.EncodeURI(e)
-			}
-			return nil
-		}); err != nil {
-			return res, errors.Wrap(err, "encode query")
-		}
-	}
-	u.RawQuery = q.Values().Encode()
-
-	stage = "EncodeRequest"
-	r, err := ht.NewRequest(ctx, "GET", u)
-	if err != nil {
-		return res, errors.Wrap(err, "create request")
-	}
-
-	stage = "SendRequest"
-	resp, err := c.cfg.Client.Do(r)
-	if err != nil {
-		return res, errors.Wrap(err, "do request")
-	}
-	defer resp.Body.Close()
-
-	stage = "DecodeResponse"
-	result, err := decodeListSubmissionsResponse(resp)
-	if err != nil {
-		return res, errors.Wrap(err, "decode response")
-	}
-
-	return result, nil
-}
-
-// PatchSubmissionCompleted invokes patchSubmissionCompleted operation.
-//
-// Retrieve map with ID.
-//
-// PATCH /submissions/{SubmissionID}/completed
-func (c *Client) PatchSubmissionCompleted(ctx context.Context, params PatchSubmissionCompletedParams) error {
-	_, err := c.sendPatchSubmissionCompleted(ctx, params)
-	return err
-}
-
-func (c *Client) sendPatchSubmissionCompleted(ctx context.Context, params PatchSubmissionCompletedParams) (res *PatchSubmissionCompletedOK, err error) {
-	otelAttrs := []attribute.KeyValue{
-		otelogen.OperationID("patchSubmissionCompleted"),
-		semconv.HTTPRequestMethodKey.String("PATCH"),
-		semconv.HTTPRouteKey.String("/submissions/{SubmissionID}/completed"),
-	}
-
-	// Run stopwatch.
-	startTime := time.Now()
-	defer func() {
-		// Use floating point division here for higher precision (instead of Millisecond method).
-		elapsedDuration := time.Since(startTime)
-		c.duration.Record(ctx, float64(float64(elapsedDuration)/float64(time.Millisecond)), metric.WithAttributes(otelAttrs...))
-	}()
-
-	// Increment request counter.
-	c.requests.Add(ctx, 1, metric.WithAttributes(otelAttrs...))
-
-	// Start a span for this request.
-	ctx, span := c.cfg.Tracer.Start(ctx, "PatchSubmissionCompleted",
-		trace.WithAttributes(otelAttrs...),
-		clientSpanKind,
-	)
-	// Track stage for error reporting.
-	var stage string
-	defer func() {
-		if err != nil {
-			span.RecordError(err)
-			span.SetStatus(codes.Error, stage)
-			c.errors.Add(ctx, 1, metric.WithAttributes(otelAttrs...))
-		}
-		span.End()
-	}()
-
-	stage = "BuildURL"
-	u := uri.Clone(c.requestURL(ctx))
-	var pathParts [3]string
-	pathParts[0] = "/submissions/"
-	{
-		// Encode "SubmissionID" parameter.
-		e := uri.NewPathEncoder(uri.PathEncoderConfig{
-			Param:   "SubmissionID",
-			Style:   uri.PathStyleSimple,
-			Explode: false,
-		})
-		if err := func() error {
-			return e.EncodeValue(conv.Int64ToString(params.SubmissionID))
-		}(); err != nil {
-			return res, errors.Wrap(err, "encode path")
-		}
-		encoded, err := e.Result()
-		if err != nil {
-			return res, errors.Wrap(err, "encode path")
-		}
-		pathParts[1] = encoded
-	}
-	pathParts[2] = "/completed"
-	uri.AddPathParts(u, pathParts[:]...)
-
-	stage = "EncodeQueryParams"
-	q := uri.NewQueryEncoder()
-	{
-		// Encode "Completed" parameter.
-		cfg := uri.QueryParameterEncodingConfig{
-			Name:    "Completed",
-			Style:   uri.QueryStyleForm,
-			Explode: true,
-		}
-
-		if err := q.EncodeParam(cfg, func(e uri.Encoder) error {
-			return e.EncodeValue(conv.BoolToString(params.Completed))
-		}); err != nil {
-			return res, errors.Wrap(err, "encode query")
-		}
-	}
-	u.RawQuery = q.Values().Encode()
-
-	stage = "EncodeRequest"
-	r, err := ht.NewRequest(ctx, "PATCH", u)
-	if err != nil {
-		return res, errors.Wrap(err, "create request")
-	}
-
-	stage = "SendRequest"
-	resp, err := c.cfg.Client.Do(r)
-	if err != nil {
-		return res, errors.Wrap(err, "do request")
-	}
-	defer resp.Body.Close()
-
-	stage = "DecodeResponse"
-	result, err := decodePatchSubmissionCompletedResponse(resp)
-	if err != nil {
-		return res, errors.Wrap(err, "decode response")
-	}
-
-	return result, nil
-}
-
-// PatchSubmissionModel invokes patchSubmissionModel operation.
-//
-// Update model following role restrictions.
-//
-// PATCH /submissions/{SubmissionID}/model
-func (c *Client) PatchSubmissionModel(ctx context.Context, params PatchSubmissionModelParams) error {
-	_, err := c.sendPatchSubmissionModel(ctx, params)
-	return err
-}
-
-func (c *Client) sendPatchSubmissionModel(ctx context.Context, params PatchSubmissionModelParams) (res *PatchSubmissionModelOK, err error) {
-	otelAttrs := []attribute.KeyValue{
-		otelogen.OperationID("patchSubmissionModel"),
-		semconv.HTTPRequestMethodKey.String("PATCH"),
-		semconv.HTTPRouteKey.String("/submissions/{SubmissionID}/model"),
-	}
-
-	// Run stopwatch.
-	startTime := time.Now()
-	defer func() {
-		// Use floating point division here for higher precision (instead of Millisecond method).
-		elapsedDuration := time.Since(startTime)
-		c.duration.Record(ctx, float64(float64(elapsedDuration)/float64(time.Millisecond)), metric.WithAttributes(otelAttrs...))
-	}()
-
-	// Increment request counter.
-	c.requests.Add(ctx, 1, metric.WithAttributes(otelAttrs...))
-
-	// Start a span for this request.
-	ctx, span := c.cfg.Tracer.Start(ctx, "PatchSubmissionModel",
-		trace.WithAttributes(otelAttrs...),
-		clientSpanKind,
-	)
-	// Track stage for error reporting.
-	var stage string
-	defer func() {
-		if err != nil {
-			span.RecordError(err)
-			span.SetStatus(codes.Error, stage)
-			c.errors.Add(ctx, 1, metric.WithAttributes(otelAttrs...))
-		}
-		span.End()
-	}()
-
-	stage = "BuildURL"
-	u := uri.Clone(c.requestURL(ctx))
-	var pathParts [3]string
-	pathParts[0] = "/submissions/"
-	{
-		// Encode "SubmissionID" parameter.
-		e := uri.NewPathEncoder(uri.PathEncoderConfig{
-			Param:   "SubmissionID",
-			Style:   uri.PathStyleSimple,
-			Explode: false,
-		})
-		if err := func() error {
-			return e.EncodeValue(conv.Int64ToString(params.SubmissionID))
-		}(); err != nil {
-			return res, errors.Wrap(err, "encode path")
-		}
-		encoded, err := e.Result()
-		if err != nil {
-			return res, errors.Wrap(err, "encode path")
-		}
-		pathParts[1] = encoded
-	}
-	pathParts[2] = "/model"
-	uri.AddPathParts(u, pathParts[:]...)
-
-	stage = "EncodeQueryParams"
-	q := uri.NewQueryEncoder()
-	{
-		// Encode "ModelID" parameter.
-		cfg := uri.QueryParameterEncodingConfig{
-			Name:    "ModelID",
-			Style:   uri.QueryStyleForm,
-			Explode: true,
-		}
-
-		if err := q.EncodeParam(cfg, func(e uri.Encoder) error {
-			return e.EncodeValue(conv.Int64ToString(params.ModelID))
-		}); err != nil {
-			return res, errors.Wrap(err, "encode query")
-		}
-	}
-	{
-		// Encode "VersionID" parameter.
-		cfg := uri.QueryParameterEncodingConfig{
-			Name:    "VersionID",
-			Style:   uri.QueryStyleForm,
-			Explode: true,
-		}
-
-		if err := q.EncodeParam(cfg, func(e uri.Encoder) error {
-			return e.EncodeValue(conv.Int64ToString(params.VersionID))
-		}); err != nil {
-			return res, errors.Wrap(err, "encode query")
-		}
-	}
-	u.RawQuery = q.Values().Encode()
-
-	stage = "EncodeRequest"
-	r, err := ht.NewRequest(ctx, "PATCH", u)
-	if err != nil {
-		return res, errors.Wrap(err, "create request")
-	}
-
-	stage = "SendRequest"
-	resp, err := c.cfg.Client.Do(r)
-	if err != nil {
-		return res, errors.Wrap(err, "do request")
-	}
-	defer resp.Body.Close()
-
-	stage = "DecodeResponse"
-	result, err := decodePatchSubmissionModelResponse(resp)
-	if err != nil {
-		return res, errors.Wrap(err, "decode response")
-	}
-
-	return result, nil
-}
-
-// PatchSubmissionStatus invokes patchSubmissionStatus operation.
-//
-// Update status following role restrictions.
-//
-// PATCH /submissions/{SubmissionID}/status
-func (c *Client) PatchSubmissionStatus(ctx context.Context, params PatchSubmissionStatusParams) error {
-	_, err := c.sendPatchSubmissionStatus(ctx, params)
-	return err
-}
-
-func (c *Client) sendPatchSubmissionStatus(ctx context.Context, params PatchSubmissionStatusParams) (res *PatchSubmissionStatusOK, err error) {
-	otelAttrs := []attribute.KeyValue{
-		otelogen.OperationID("patchSubmissionStatus"),
-		semconv.HTTPRequestMethodKey.String("PATCH"),
-		semconv.HTTPRouteKey.String("/submissions/{SubmissionID}/status"),
-	}
-
-	// Run stopwatch.
-	startTime := time.Now()
-	defer func() {
-		// Use floating point division here for higher precision (instead of Millisecond method).
-		elapsedDuration := time.Since(startTime)
-		c.duration.Record(ctx, float64(float64(elapsedDuration)/float64(time.Millisecond)), metric.WithAttributes(otelAttrs...))
-	}()
-
-	// Increment request counter.
-	c.requests.Add(ctx, 1, metric.WithAttributes(otelAttrs...))
-
-	// Start a span for this request.
-	ctx, span := c.cfg.Tracer.Start(ctx, "PatchSubmissionStatus",
-		trace.WithAttributes(otelAttrs...),
-		clientSpanKind,
-	)
-	// Track stage for error reporting.
-	var stage string
-	defer func() {
-		if err != nil {
-			span.RecordError(err)
-			span.SetStatus(codes.Error, stage)
-			c.errors.Add(ctx, 1, metric.WithAttributes(otelAttrs...))
-		}
-		span.End()
-	}()
-
-	stage = "BuildURL"
-	u := uri.Clone(c.requestURL(ctx))
-	var pathParts [3]string
-	pathParts[0] = "/submissions/"
-	{
-		// Encode "SubmissionID" parameter.
-		e := uri.NewPathEncoder(uri.PathEncoderConfig{
-			Param:   "SubmissionID",
-			Style:   uri.PathStyleSimple,
-			Explode: false,
-		})
-		if err := func() error {
-			return e.EncodeValue(conv.Int64ToString(params.SubmissionID))
-		}(); err != nil {
-			return res, errors.Wrap(err, "encode path")
-		}
-		encoded, err := e.Result()
-		if err != nil {
-			return res, errors.Wrap(err, "encode path")
-		}
-		pathParts[1] = encoded
-	}
-	pathParts[2] = "/status"
-	uri.AddPathParts(u, pathParts[:]...)
-
-	stage = "EncodeQueryParams"
-	q := uri.NewQueryEncoder()
-	{
-		// Encode "Status" parameter.
-		cfg := uri.QueryParameterEncodingConfig{
-			Name:    "Status",
-			Style:   uri.QueryStyleForm,
-			Explode: true,
-		}
-
-		if err := q.EncodeParam(cfg, func(e uri.Encoder) error {
-			return e.EncodeValue(conv.Int32ToString(params.Status))
-		}); err != nil {
-			return res, errors.Wrap(err, "encode query")
-		}
-	}
-	u.RawQuery = q.Values().Encode()
-
-	stage = "EncodeRequest"
-	r, err := ht.NewRequest(ctx, "PATCH", u)
-	if err != nil {
-		return res, errors.Wrap(err, "create request")
-	}
-
-	stage = "SendRequest"
-	resp, err := c.cfg.Client.Do(r)
-	if err != nil {
-		return res, errors.Wrap(err, "do request")
-	}
-	defer resp.Body.Close()
-
-	stage = "DecodeResponse"
-	result, err := decodePatchSubmissionStatusResponse(resp)
-	if err != nil {
-		return res, errors.Wrap(err, "decode response")
-	}
-
-	return result, nil
-}
--- a/api/oas_handlers_gen.go
+++ b/api/oas_handlers_gen.go
@@ -1,760 +0,0 @@
-// Code generated by ogen, DO NOT EDIT.
-
-package api
-
-import (
-	"context"
-	"net/http"
-	"time"
-
-	"github.com/go-faster/errors"
-	"go.opentelemetry.io/otel/attribute"
-	"go.opentelemetry.io/otel/codes"
-	"go.opentelemetry.io/otel/metric"
-	semconv "go.opentelemetry.io/otel/semconv/v1.26.0"
-	"go.opentelemetry.io/otel/trace"
-
-	ht "github.com/ogen-go/ogen/http"
-	"github.com/ogen-go/ogen/middleware"
-	"github.com/ogen-go/ogen/ogenerrors"
-	"github.com/ogen-go/ogen/otelogen"
-)
-
-// handleCreateSubmissionRequest handles createSubmission operation.
-//
-// Create new submission.
-//
-// POST /submissions
-func (s *Server) handleCreateSubmissionRequest(args [0]string, argsEscaped bool, w http.ResponseWriter, r *http.Request) {
-	otelAttrs := []attribute.KeyValue{
-		otelogen.OperationID("createSubmission"),
-		semconv.HTTPRequestMethodKey.String("POST"),
-		semconv.HTTPRouteKey.String("/submissions"),
-	}
-
-	// Start a span for this request.
-	ctx, span := s.cfg.Tracer.Start(r.Context(), "CreateSubmission",
-		trace.WithAttributes(otelAttrs...),
-		serverSpanKind,
-	)
-	defer span.End()
-
-	// Add Labeler to context.
-	labeler := &Labeler{attrs: otelAttrs}
-	ctx = contextWithLabeler(ctx, labeler)
-
-	// Run stopwatch.
-	startTime := time.Now()
-	defer func() {
-		elapsedDuration := time.Since(startTime)
-		attrOpt := metric.WithAttributeSet(labeler.AttributeSet())
-
-		// Increment request counter.
-		s.requests.Add(ctx, 1, attrOpt)
-
-		// Use floating point division here for higher precision (instead of Millisecond method).
-		s.duration.Record(ctx, float64(float64(elapsedDuration)/float64(time.Millisecond)), attrOpt)
-	}()
-
-	var (
-		recordError = func(stage string, err error) {
-			span.RecordError(err)
-			span.SetStatus(codes.Error, stage)
-			s.errors.Add(ctx, 1, metric.WithAttributeSet(labeler.AttributeSet()))
-		}
-		err error
-	)
-
-	var response *Submission
-	if m := s.cfg.Middleware; m != nil {
-		mreq := middleware.Request{
-			Context:          ctx,
-			OperationName:    "CreateSubmission",
-			OperationSummary: "Create new submission",
-			OperationID:      "createSubmission",
-			Body:             nil,
-			Params:           middleware.Parameters{},
-			Raw:              r,
-		}
-
-		type (
-			Request  = struct{}
-			Params   = struct{}
-			Response = *Submission
-		)
-		response, err = middleware.HookMiddleware[
-			Request,
-			Params,
-			Response,
-		](
-			m,
-			mreq,
-			nil,
-			func(ctx context.Context, request Request, params Params) (response Response, err error) {
-				response, err = s.h.CreateSubmission(ctx)
-				return response, err
-			},
-		)
-	} else {
-		response, err = s.h.CreateSubmission(ctx)
-	}
-	if err != nil {
-		if errRes, ok := errors.Into[*ErrorStatusCode](err); ok {
-			if err := encodeErrorResponse(errRes, w, span); err != nil {
-				defer recordError("Internal", err)
-			}
-			return
-		}
-		if errors.Is(err, ht.ErrNotImplemented) {
-			s.cfg.ErrorHandler(ctx, w, r, err)
-			return
-		}
-		if err := encodeErrorResponse(s.h.NewError(ctx, err), w, span); err != nil {
-			defer recordError("Internal", err)
-		}
-		return
-	}
-
-	if err := encodeCreateSubmissionResponse(response, w, span); err != nil {
-		defer recordError("EncodeResponse", err)
-		if !errors.Is(err, ht.ErrInternalServerErrorResponse) {
-			s.cfg.ErrorHandler(ctx, w, r, err)
-		}
-		return
-	}
-}
-
-// handleGetSubmissionRequest handles getSubmission operation.
-//
-// Retrieve map with ID.
-//
-// GET /submissions/{SubmissionID}
-func (s *Server) handleGetSubmissionRequest(args [1]string, argsEscaped bool, w http.ResponseWriter, r *http.Request) {
-	otelAttrs := []attribute.KeyValue{
-		otelogen.OperationID("getSubmission"),
-		semconv.HTTPRequestMethodKey.String("GET"),
-		semconv.HTTPRouteKey.String("/submissions/{SubmissionID}"),
-	}
-
-	// Start a span for this request.
-	ctx, span := s.cfg.Tracer.Start(r.Context(), "GetSubmission",
-		trace.WithAttributes(otelAttrs...),
-		serverSpanKind,
-	)
-	defer span.End()
-
-	// Add Labeler to context.
-	labeler := &Labeler{attrs: otelAttrs}
-	ctx = contextWithLabeler(ctx, labeler)
-
-	// Run stopwatch.
-	startTime := time.Now()
-	defer func() {
-		elapsedDuration := time.Since(startTime)
-		attrOpt := metric.WithAttributeSet(labeler.AttributeSet())
-
-		// Increment request counter.
-		s.requests.Add(ctx, 1, attrOpt)
-
-		// Use floating point division here for higher precision (instead of Millisecond method).
-		s.duration.Record(ctx, float64(float64(elapsedDuration)/float64(time.Millisecond)), attrOpt)
-	}()
-
-	var (
-		recordError = func(stage string, err error) {
-			span.RecordError(err)
-			span.SetStatus(codes.Error, stage)
-			s.errors.Add(ctx, 1, metric.WithAttributeSet(labeler.AttributeSet()))
-		}
-		err          error
-		opErrContext = ogenerrors.OperationContext{
-			Name: "GetSubmission",
-			ID:   "getSubmission",
-		}
-	)
-	params, err := decodeGetSubmissionParams(args, argsEscaped, r)
-	if err != nil {
-		err = &ogenerrors.DecodeParamsError{
-			OperationContext: opErrContext,
-			Err:              err,
-		}
-		defer recordError("DecodeParams", err)
-		s.cfg.ErrorHandler(ctx, w, r, err)
-		return
-	}
-
-	var response *Submission
-	if m := s.cfg.Middleware; m != nil {
-		mreq := middleware.Request{
-			Context:          ctx,
-			OperationName:    "GetSubmission",
-			OperationSummary: "Retrieve map with ID",
-			OperationID:      "getSubmission",
-			Body:             nil,
-			Params: middleware.Parameters{
-				{
-					Name: "SubmissionID",
-					In:   "path",
-				}: params.SubmissionID,
-			},
-			Raw: r,
-		}
-
-		type (
-			Request  = struct{}
-			Params   = GetSubmissionParams
-			Response = *Submission
-		)
-		response, err = middleware.HookMiddleware[
-			Request,
-			Params,
-			Response,
-		](
-			m,
-			mreq,
-			unpackGetSubmissionParams,
-			func(ctx context.Context, request Request, params Params) (response Response, err error) {
-				response, err = s.h.GetSubmission(ctx, params)
-				return response, err
-			},
-		)
-	} else {
-		response, err = s.h.GetSubmission(ctx, params)
-	}
-	if err != nil {
-		if errRes, ok := errors.Into[*ErrorStatusCode](err); ok {
-			if err := encodeErrorResponse(errRes, w, span); err != nil {
-				defer recordError("Internal", err)
-			}
-			return
-		}
-		if errors.Is(err, ht.ErrNotImplemented) {
-			s.cfg.ErrorHandler(ctx, w, r, err)
-			return
-		}
-		if err := encodeErrorResponse(s.h.NewError(ctx, err), w, span); err != nil {
-			defer recordError("Internal", err)
-		}
-		return
-	}
-
-	if err := encodeGetSubmissionResponse(response, w, span); err != nil {
-		defer recordError("EncodeResponse", err)
-		if !errors.Is(err, ht.ErrInternalServerErrorResponse) {
-			s.cfg.ErrorHandler(ctx, w, r, err)
-		}
-		return
-	}
-}
-
-// handleListSubmissionsRequest handles listSubmissions operation.
-//
-// Get list of submissions.
-//
-// GET /submissions
-func (s *Server) handleListSubmissionsRequest(args [0]string, argsEscaped bool, w http.ResponseWriter, r *http.Request) {
-	otelAttrs := []attribute.KeyValue{
-		otelogen.OperationID("listSubmissions"),
-		semconv.HTTPRequestMethodKey.String("GET"),
-		semconv.HTTPRouteKey.String("/submissions"),
-	}
-
-	// Start a span for this request.
-	ctx, span := s.cfg.Tracer.Start(r.Context(), "ListSubmissions",
-		trace.WithAttributes(otelAttrs...),
-		serverSpanKind,
-	)
-	defer span.End()
-
-	// Add Labeler to context.
-	labeler := &Labeler{attrs: otelAttrs}
-	ctx = contextWithLabeler(ctx, labeler)
-
-	// Run stopwatch.
-	startTime := time.Now()
-	defer func() {
-		elapsedDuration := time.Since(startTime)
-		attrOpt := metric.WithAttributeSet(labeler.AttributeSet())
-
-		// Increment request counter.
-		s.requests.Add(ctx, 1, attrOpt)
-
-		// Use floating point division here for higher precision (instead of Millisecond method).
-		s.duration.Record(ctx, float64(float64(elapsedDuration)/float64(time.Millisecond)), attrOpt)
-	}()
-
-	var (
-		recordError = func(stage string, err error) {
-			span.RecordError(err)
-			span.SetStatus(codes.Error, stage)
-			s.errors.Add(ctx, 1, metric.WithAttributeSet(labeler.AttributeSet()))
-		}
-		err          error
-		opErrContext = ogenerrors.OperationContext{
-			Name: "ListSubmissions",
-			ID:   "listSubmissions",
-		}
-	)
-	params, err := decodeListSubmissionsParams(args, argsEscaped, r)
-	if err != nil {
-		err = &ogenerrors.DecodeParamsError{
-			OperationContext: opErrContext,
-			Err:              err,
-		}
-		defer recordError("DecodeParams", err)
-		s.cfg.ErrorHandler(ctx, w, r, err)
-		return
-	}
-
-	var response []Submission
-	if m := s.cfg.Middleware; m != nil {
-		mreq := middleware.Request{
-			Context:          ctx,
-			OperationName:    "ListSubmissions",
-			OperationSummary: "Get list of submissions",
-			OperationID:      "listSubmissions",
-			Body:             nil,
-			Params: middleware.Parameters{
-				{
-					Name: "page",
-					In:   "query",
-				}: params.Page,
-				{
-					Name: "filter",
-					In:   "query",
-				}: params.Filter,
-			},
-			Raw: r,
-		}
-
-		type (
-			Request  = struct{}
-			Params   = ListSubmissionsParams
-			Response = []Submission
-		)
-		response, err = middleware.HookMiddleware[
-			Request,
-			Params,
-			Response,
-		](
-			m,
-			mreq,
-			unpackListSubmissionsParams,
-			func(ctx context.Context, request Request, params Params) (response Response, err error) {
-				response, err = s.h.ListSubmissions(ctx, params)
-				return response, err
-			},
-		)
-	} else {
-		response, err = s.h.ListSubmissions(ctx, params)
-	}
-	if err != nil {
-		if errRes, ok := errors.Into[*ErrorStatusCode](err); ok {
-			if err := encodeErrorResponse(errRes, w, span); err != nil {
-				defer recordError("Internal", err)
-			}
-			return
-		}
-		if errors.Is(err, ht.ErrNotImplemented) {
-			s.cfg.ErrorHandler(ctx, w, r, err)
-			return
-		}
-		if err := encodeErrorResponse(s.h.NewError(ctx, err), w, span); err != nil {
-			defer recordError("Internal", err)
-		}
-		return
-	}
-
-	if err := encodeListSubmissionsResponse(response, w, span); err != nil {
-		defer recordError("EncodeResponse", err)
-		if !errors.Is(err, ht.ErrInternalServerErrorResponse) {
-			s.cfg.ErrorHandler(ctx, w, r, err)
-		}
-		return
-	}
-}
-
-// handlePatchSubmissionCompletedRequest handles patchSubmissionCompleted operation.
-//
-// Retrieve map with ID.
-//
-// PATCH /submissions/{SubmissionID}/completed
-func (s *Server) handlePatchSubmissionCompletedRequest(args [1]string, argsEscaped bool, w http.ResponseWriter, r *http.Request) {
-	otelAttrs := []attribute.KeyValue{
-		otelogen.OperationID("patchSubmissionCompleted"),
-		semconv.HTTPRequestMethodKey.String("PATCH"),
-		semconv.HTTPRouteKey.String("/submissions/{SubmissionID}/completed"),
-	}
-
-	// Start a span for this request.
-	ctx, span := s.cfg.Tracer.Start(r.Context(), "PatchSubmissionCompleted",
-		trace.WithAttributes(otelAttrs...),
-		serverSpanKind,
-	)
-	defer span.End()
-
-	// Add Labeler to context.
-	labeler := &Labeler{attrs: otelAttrs}
-	ctx = contextWithLabeler(ctx, labeler)
-
-	// Run stopwatch.
-	startTime := time.Now()
-	defer func() {
-		elapsedDuration := time.Since(startTime)
-		attrOpt := metric.WithAttributeSet(labeler.AttributeSet())
-
-		// Increment request counter.
-		s.requests.Add(ctx, 1, attrOpt)
-
-		// Use floating point division here for higher precision (instead of Millisecond method).
-		s.duration.Record(ctx, float64(float64(elapsedDuration)/float64(time.Millisecond)), attrOpt)
-	}()
-
-	var (
-		recordError = func(stage string, err error) {
-			span.RecordError(err)
-			span.SetStatus(codes.Error, stage)
-			s.errors.Add(ctx, 1, metric.WithAttributeSet(labeler.AttributeSet()))
-		}
-		err          error
-		opErrContext = ogenerrors.OperationContext{
-			Name: "PatchSubmissionCompleted",
-			ID:   "patchSubmissionCompleted",
-		}
-	)
-	params, err := decodePatchSubmissionCompletedParams(args, argsEscaped, r)
-	if err != nil {
-		err = &ogenerrors.DecodeParamsError{
-			OperationContext: opErrContext,
-			Err:              err,
-		}
-		defer recordError("DecodeParams", err)
-		s.cfg.ErrorHandler(ctx, w, r, err)
-		return
-	}
-
-	var response *PatchSubmissionCompletedOK
-	if m := s.cfg.Middleware; m != nil {
-		mreq := middleware.Request{
-			Context:          ctx,
-			OperationName:    "PatchSubmissionCompleted",
-			OperationSummary: "Retrieve map with ID",
-			OperationID:      "patchSubmissionCompleted",
-			Body:             nil,
-			Params: middleware.Parameters{
-				{
-					Name: "SubmissionID",
-					In:   "path",
-				}: params.SubmissionID,
-				{
-					Name: "Completed",
-					In:   "query",
-				}: params.Completed,
-			},
-			Raw: r,
-		}
-
-		type (
-			Request  = struct{}
-			Params   = PatchSubmissionCompletedParams
-			Response = *PatchSubmissionCompletedOK
-		)
-		response, err = middleware.HookMiddleware[
-			Request,
-			Params,
-			Response,
-		](
-			m,
-			mreq,
-			unpackPatchSubmissionCompletedParams,
-			func(ctx context.Context, request Request, params Params) (response Response, err error) {
-				err = s.h.PatchSubmissionCompleted(ctx, params)
-				return response, err
-			},
-		)
-	} else {
-		err = s.h.PatchSubmissionCompleted(ctx, params)
-	}
-	if err != nil {
-		if errRes, ok := errors.Into[*ErrorStatusCode](err); ok {
-			if err := encodeErrorResponse(errRes, w, span); err != nil {
-				defer recordError("Internal", err)
-			}
-			return
-		}
-		if errors.Is(err, ht.ErrNotImplemented) {
-			s.cfg.ErrorHandler(ctx, w, r, err)
-			return
-		}
-		if err := encodeErrorResponse(s.h.NewError(ctx, err), w, span); err != nil {
-			defer recordError("Internal", err)
-		}
-		return
-	}
-
-	if err := encodePatchSubmissionCompletedResponse(response, w, span); err != nil {
-		defer recordError("EncodeResponse", err)
-		if !errors.Is(err, ht.ErrInternalServerErrorResponse) {
-			s.cfg.ErrorHandler(ctx, w, r, err)
-		}
-		return
-	}
-}
-
-// handlePatchSubmissionModelRequest handles patchSubmissionModel operation.
-//
-// Update model following role restrictions.
-//
-// PATCH /submissions/{SubmissionID}/model
-func (s *Server) handlePatchSubmissionModelRequest(args [1]string, argsEscaped bool, w http.ResponseWriter, r *http.Request) {
-	otelAttrs := []attribute.KeyValue{
-		otelogen.OperationID("patchSubmissionModel"),
-		semconv.HTTPRequestMethodKey.String("PATCH"),
-		semconv.HTTPRouteKey.String("/submissions/{SubmissionID}/model"),
-	}
-
-	// Start a span for this request.
-	ctx, span := s.cfg.Tracer.Start(r.Context(), "PatchSubmissionModel",
-		trace.WithAttributes(otelAttrs...),
-		serverSpanKind,
-	)
-	defer span.End()
-
-	// Add Labeler to context.
-	labeler := &Labeler{attrs: otelAttrs}
-	ctx = contextWithLabeler(ctx, labeler)
-
-	// Run stopwatch.
-	startTime := time.Now()
-	defer func() {
-		elapsedDuration := time.Since(startTime)
-		attrOpt := metric.WithAttributeSet(labeler.AttributeSet())
-
-		// Increment request counter.
-		s.requests.Add(ctx, 1, attrOpt)
-
-		// Use floating point division here for higher precision (instead of Millisecond method).
-		s.duration.Record(ctx, float64(float64(elapsedDuration)/float64(time.Millisecond)), attrOpt)
-	}()
-
-	var (
-		recordError = func(stage string, err error) {
-			span.RecordError(err)
-			span.SetStatus(codes.Error, stage)
-			s.errors.Add(ctx, 1, metric.WithAttributeSet(labeler.AttributeSet()))
-		}
-		err          error
-		opErrContext = ogenerrors.OperationContext{
-			Name: "PatchSubmissionModel",
-			ID:   "patchSubmissionModel",
-		}
-	)
-	params, err := decodePatchSubmissionModelParams(args, argsEscaped, r)
-	if err != nil {
-		err = &ogenerrors.DecodeParamsError{
-			OperationContext: opErrContext,
-			Err:              err,
-		}
-		defer recordError("DecodeParams", err)
-		s.cfg.ErrorHandler(ctx, w, r, err)
-		return
-	}
-
-	var response *PatchSubmissionModelOK
-	if m := s.cfg.Middleware; m != nil {
-		mreq := middleware.Request{
-			Context:          ctx,
-			OperationName:    "PatchSubmissionModel",
-			OperationSummary: "Update model following role restrictions",
-			OperationID:      "patchSubmissionModel",
-			Body:             nil,
-			Params: middleware.Parameters{
-				{
-					Name: "SubmissionID",
-					In:   "path",
-				}: params.SubmissionID,
-				{
-					Name: "ModelID",
-					In:   "query",
-				}: params.ModelID,
-				{
-					Name: "VersionID",
-					In:   "query",
-				}: params.VersionID,
-			},
-			Raw: r,
-		}
-
-		type (
-			Request  = struct{}
-			Params   = PatchSubmissionModelParams
-			Response = *PatchSubmissionModelOK
-		)
-		response, err = middleware.HookMiddleware[
-			Request,
-			Params,
-			Response,
-		](
-			m,
-			mreq,
-			unpackPatchSubmissionModelParams,
-			func(ctx context.Context, request Request, params Params) (response Response, err error) {
-				err = s.h.PatchSubmissionModel(ctx, params)
-				return response, err
-			},
-		)
-	} else {
-		err = s.h.PatchSubmissionModel(ctx, params)
-	}
-	if err != nil {
-		if errRes, ok := errors.Into[*ErrorStatusCode](err); ok {
-			if err := encodeErrorResponse(errRes, w, span); err != nil {
-				defer recordError("Internal", err)
-			}
-			return
-		}
-		if errors.Is(err, ht.ErrNotImplemented) {
-			s.cfg.ErrorHandler(ctx, w, r, err)
-			return
-		}
-		if err := encodeErrorResponse(s.h.NewError(ctx, err), w, span); err != nil {
-			defer recordError("Internal", err)
-		}
-		return
-	}
-
-	if err := encodePatchSubmissionModelResponse(response, w, span); err != nil {
-		defer recordError("EncodeResponse", err)
-		if !errors.Is(err, ht.ErrInternalServerErrorResponse) {
-			s.cfg.ErrorHandler(ctx, w, r, err)
-		}
-		return
-	}
-}
-
-// handlePatchSubmissionStatusRequest handles patchSubmissionStatus operation.
-//
-// Update status following role restrictions.
-//
-// PATCH /submissions/{SubmissionID}/status
-func (s *Server) handlePatchSubmissionStatusRequest(args [1]string, argsEscaped bool, w http.ResponseWriter, r *http.Request) {
-	otelAttrs := []attribute.KeyValue{
-		otelogen.OperationID("patchSubmissionStatus"),
-		semconv.HTTPRequestMethodKey.String("PATCH"),
-		semconv.HTTPRouteKey.String("/submissions/{SubmissionID}/status"),
-	}
-
-	// Start a span for this request.
-	ctx, span := s.cfg.Tracer.Start(r.Context(), "PatchSubmissionStatus",
-		trace.WithAttributes(otelAttrs...),
-		serverSpanKind,
-	)
-	defer span.End()
-
-	// Add Labeler to context.
-	labeler := &Labeler{attrs: otelAttrs}
-	ctx = contextWithLabeler(ctx, labeler)
-
-	// Run stopwatch.
-	startTime := time.Now()
-	defer func() {
-		elapsedDuration := time.Since(startTime)
-		attrOpt := metric.WithAttributeSet(labeler.AttributeSet())
-
-		// Increment request counter.
-		s.requests.Add(ctx, 1, attrOpt)
-
-		// Use floating point division here for higher precision (instead of Millisecond method).
-		s.duration.Record(ctx, float64(float64(elapsedDuration)/float64(time.Millisecond)), attrOpt)
-	}()
-
-	var (
-		recordError = func(stage string, err error) {
-			span.RecordError(err)
-			span.SetStatus(codes.Error, stage)
-			s.errors.Add(ctx, 1, metric.WithAttributeSet(labeler.AttributeSet()))
-		}
-		err          error
-		opErrContext = ogenerrors.OperationContext{
-			Name: "PatchSubmissionStatus",
-			ID:   "patchSubmissionStatus",
-		}
-	)
-	params, err := decodePatchSubmissionStatusParams(args, argsEscaped, r)
-	if err != nil {
-		err = &ogenerrors.DecodeParamsError{
-			OperationContext: opErrContext,
-			Err:              err,
-		}
-		defer recordError("DecodeParams", err)
-		s.cfg.ErrorHandler(ctx, w, r, err)
-		return
-	}
-
-	var response *PatchSubmissionStatusOK
-	if m := s.cfg.Middleware; m != nil {
-		mreq := middleware.Request{
-			Context:          ctx,
-			OperationName:    "PatchSubmissionStatus",
-			OperationSummary: "Update status following role restrictions",
-			OperationID:      "patchSubmissionStatus",
-			Body:             nil,
-			Params: middleware.Parameters{
-				{
-					Name: "SubmissionID",
-					In:   "path",
-				}: params.SubmissionID,
-				{
-					Name: "Status",
-					In:   "query",
-				}: params.Status,
-			},
-			Raw: r,
-		}
-
-		type (
-			Request  = struct{}
-			Params   = PatchSubmissionStatusParams
-			Response = *PatchSubmissionStatusOK
-		)
-		response, err = middleware.HookMiddleware[
-			Request,
-			Params,
-			Response,
-		](
-			m,
-			mreq,
-			unpackPatchSubmissionStatusParams,
-			func(ctx context.Context, request Request, params Params) (response Response, err error) {
-				err = s.h.PatchSubmissionStatus(ctx, params)
-				return response, err
-			},
-		)
-	} else {
-		err = s.h.PatchSubmissionStatus(ctx, params)
-	}
-	if err != nil {
-		if errRes, ok := errors.Into[*ErrorStatusCode](err); ok {
-			if err := encodeErrorResponse(errRes, w, span); err != nil {
-				defer recordError("Internal", err)
-			}
-			return
-		}
-		if errors.Is(err, ht.ErrNotImplemented) {
-			s.cfg.ErrorHandler(ctx, w, r, err)
-			return
-		}
-		if err := encodeErrorResponse(s.h.NewError(ctx, err), w, span); err != nil {
-			defer recordError("Internal", err)
-		}
-		return
-	}
-
-	if err := encodePatchSubmissionStatusResponse(response, w, span); err != nil {
-		defer recordError("EncodeResponse", err)
-		if !errors.Is(err, ht.ErrInternalServerErrorResponse) {
-			s.cfg.ErrorHandler(ctx, w, r, err)
-		}
-		return
-	}
-}
--- a/api/oas_json_gen.go
+++ b/api/oas_json_gen.go
@@ -1,516 +0,0 @@
-// Code generated by ogen, DO NOT EDIT.
-
-package api
-
-import (
-	"math/bits"
-	"strconv"
-
-	"github.com/go-faster/errors"
-	"github.com/go-faster/jx"
-
-	"github.com/ogen-go/ogen/validate"
-)
-
-// Encode implements json.Marshaler.
-func (s *Error) Encode(e *jx.Encoder) {
-	e.ObjStart()
-	s.encodeFields(e)
-	e.ObjEnd()
-}
-
-// encodeFields encodes fields.
-func (s *Error) encodeFields(e *jx.Encoder) {
-	{
-		e.FieldStart("code")
-		e.Int64(s.Code)
-	}
-	{
-		e.FieldStart("message")
-		e.Str(s.Message)
-	}
-}
-
-var jsonFieldsNameOfError = [2]string{
-	0: "code",
-	1: "message",
-}
-
-// Decode decodes Error from json.
-func (s *Error) Decode(d *jx.Decoder) error {
-	if s == nil {
-		return errors.New("invalid: unable to decode Error to nil")
-	}
-	var requiredBitSet [1]uint8
-
-	if err := d.ObjBytes(func(d *jx.Decoder, k []byte) error {
-		switch string(k) {
-		case "code":
-			requiredBitSet[0] |= 1 << 0
-			if err := func() error {
-				v, err := d.Int64()
-				s.Code = int64(v)
-				if err != nil {
-					return err
-				}
-				return nil
-			}(); err != nil {
-				return errors.Wrap(err, "decode field \"code\"")
-			}
-		case "message":
-			requiredBitSet[0] |= 1 << 1
-			if err := func() error {
-				v, err := d.Str()
-				s.Message = string(v)
-				if err != nil {
-					return err
-				}
-				return nil
-			}(); err != nil {
-				return errors.Wrap(err, "decode field \"message\"")
-			}
-		default:
-			return d.Skip()
-		}
-		return nil
-	}); err != nil {
-		return errors.Wrap(err, "decode Error")
-	}
-	// Validate required fields.
-	var failures []validate.FieldError
-	for i, mask := range [1]uint8{
-		0b00000011,
-	} {
-		if result := (requiredBitSet[i] & mask) ^ mask; result != 0 {
-			// Mask only required fields and check equality to mask using XOR.
-			//
-			// If XOR result is not zero, result is not equal to expected, so some fields are missed.
-			// Bits of fields which would be set are actually bits of missed fields.
-			missed := bits.OnesCount8(result)
-			for bitN := 0; bitN < missed; bitN++ {
-				bitIdx := bits.TrailingZeros8(result)
-				fieldIdx := i*8 + bitIdx
-				var name string
-				if fieldIdx < len(jsonFieldsNameOfError) {
-					name = jsonFieldsNameOfError[fieldIdx]
-				} else {
-					name = strconv.Itoa(fieldIdx)
-				}
-				failures = append(failures, validate.FieldError{
-					Name:  name,
-					Error: validate.ErrFieldRequired,
-				})
-				// Reset bit.
-				result &^= 1 << bitIdx
-			}
-		}
-	}
-	if len(failures) > 0 {
-		return &validate.Error{Fields: failures}
-	}
-
-	return nil
-}
-
-// MarshalJSON implements stdjson.Marshaler.
-func (s *Error) MarshalJSON() ([]byte, error) {
-	e := jx.Encoder{}
-	s.Encode(&e)
-	return e.Bytes(), nil
-}
-
-// UnmarshalJSON implements stdjson.Unmarshaler.
-func (s *Error) UnmarshalJSON(data []byte) error {
-	d := jx.DecodeBytes(data)
-	return s.Decode(d)
-}
-
-// Encode encodes bool as json.
-func (o OptBool) Encode(e *jx.Encoder) {
-	if !o.Set {
-		return
-	}
-	e.Bool(bool(o.Value))
-}
-
-// Decode decodes bool from json.
-func (o *OptBool) Decode(d *jx.Decoder) error {
-	if o == nil {
-		return errors.New("invalid: unable to decode OptBool to nil")
-	}
-	o.Set = true
-	v, err := d.Bool()
-	if err != nil {
-		return err
-	}
-	o.Value = bool(v)
-	return nil
-}
-
-// MarshalJSON implements stdjson.Marshaler.
-func (s OptBool) MarshalJSON() ([]byte, error) {
-	e := jx.Encoder{}
-	s.Encode(&e)
-	return e.Bytes(), nil
-}
-
-// UnmarshalJSON implements stdjson.Unmarshaler.
-func (s *OptBool) UnmarshalJSON(data []byte) error {
-	d := jx.DecodeBytes(data)
-	return s.Decode(d)
-}
-
-// Encode encodes int32 as json.
-func (o OptInt32) Encode(e *jx.Encoder) {
-	if !o.Set {
-		return
-	}
-	e.Int32(int32(o.Value))
-}
-
-// Decode decodes int32 from json.
-func (o *OptInt32) Decode(d *jx.Decoder) error {
-	if o == nil {
-		return errors.New("invalid: unable to decode OptInt32 to nil")
-	}
-	o.Set = true
-	v, err := d.Int32()
-	if err != nil {
-		return err
-	}
-	o.Value = int32(v)
-	return nil
-}
-
-// MarshalJSON implements stdjson.Marshaler.
-func (s OptInt32) MarshalJSON() ([]byte, error) {
-	e := jx.Encoder{}
-	s.Encode(&e)
-	return e.Bytes(), nil
-}
-
-// UnmarshalJSON implements stdjson.Unmarshaler.
-func (s *OptInt32) UnmarshalJSON(data []byte) error {
-	d := jx.DecodeBytes(data)
-	return s.Decode(d)
-}
-
-// Encode encodes int64 as json.
-func (o OptInt64) Encode(e *jx.Encoder) {
-	if !o.Set {
-		return
-	}
-	e.Int64(int64(o.Value))
-}
-
-// Decode decodes int64 from json.
-func (o *OptInt64) Decode(d *jx.Decoder) error {
-	if o == nil {
-		return errors.New("invalid: unable to decode OptInt64 to nil")
-	}
-	o.Set = true
-	v, err := d.Int64()
-	if err != nil {
-		return err
-	}
-	o.Value = int64(v)
-	return nil
-}
-
-// MarshalJSON implements stdjson.Marshaler.
-func (s OptInt64) MarshalJSON() ([]byte, error) {
-	e := jx.Encoder{}
-	s.Encode(&e)
-	return e.Bytes(), nil
-}
-
-// UnmarshalJSON implements stdjson.Unmarshaler.
-func (s *OptInt64) UnmarshalJSON(data []byte) error {
-	d := jx.DecodeBytes(data)
-	return s.Decode(d)
-}
-
-// Encode encodes string as json.
-func (o OptString) Encode(e *jx.Encoder) {
-	if !o.Set {
-		return
-	}
-	e.Str(string(o.Value))
-}
-
-// Decode decodes string from json.
-func (o *OptString) Decode(d *jx.Decoder) error {
-	if o == nil {
-		return errors.New("invalid: unable to decode OptString to nil")
-	}
-	o.Set = true
-	v, err := d.Str()
-	if err != nil {
-		return err
-	}
-	o.Value = string(v)
-	return nil
-}
-
-// MarshalJSON implements stdjson.Marshaler.
-func (s OptString) MarshalJSON() ([]byte, error) {
-	e := jx.Encoder{}
-	s.Encode(&e)
-	return e.Bytes(), nil
-}
-
-// UnmarshalJSON implements stdjson.Unmarshaler.
-func (s *OptString) UnmarshalJSON(data []byte) error {
-	d := jx.DecodeBytes(data)
-	return s.Decode(d)
-}
-
-// Encode implements json.Marshaler.
-func (s *Submission) Encode(e *jx.Encoder) {
-	e.ObjStart()
-	s.encodeFields(e)
-	e.ObjEnd()
-}
-
-// encodeFields encodes fields.
-func (s *Submission) encodeFields(e *jx.Encoder) {
-	{
-		if s.ID.Set {
-			e.FieldStart("ID")
-			s.ID.Encode(e)
-		}
-	}
-	{
-		if s.DisplayName.Set {
-			e.FieldStart("DisplayName")
-			s.DisplayName.Encode(e)
-		}
-	}
-	{
-		if s.Creator.Set {
-			e.FieldStart("Creator")
-			s.Creator.Encode(e)
-		}
-	}
-	{
-		if s.GameID.Set {
-			e.FieldStart("GameID")
-			s.GameID.Encode(e)
-		}
-	}
-	{
-		if s.Date.Set {
-			e.FieldStart("Date")
-			s.Date.Encode(e)
-		}
-	}
-	{
-		if s.Submitter.Set {
-			e.FieldStart("Submitter")
-			s.Submitter.Encode(e)
-		}
-	}
-	{
-		if s.AssetID.Set {
-			e.FieldStart("AssetID")
-			s.AssetID.Encode(e)
-		}
-	}
-	{
-		if s.AssetVersion.Set {
-			e.FieldStart("AssetVersion")
-			s.AssetVersion.Encode(e)
-		}
-	}
-	{
-		if s.Completed.Set {
-			e.FieldStart("Completed")
-			s.Completed.Encode(e)
-		}
-	}
-	{
-		if s.SubmissionType.Set {
-			e.FieldStart("SubmissionType")
-			s.SubmissionType.Encode(e)
-		}
-	}
-	{
-		if s.TargetAssetID.Set {
-			e.FieldStart("TargetAssetID")
-			s.TargetAssetID.Encode(e)
-		}
-	}
-	{
-		if s.StatusID.Set {
-			e.FieldStart("StatusID")
-			s.StatusID.Encode(e)
-		}
-	}
-}
-
-var jsonFieldsNameOfSubmission = [12]string{
-	0:  "ID",
-	1:  "DisplayName",
-	2:  "Creator",
-	3:  "GameID",
-	4:  "Date",
-	5:  "Submitter",
-	6:  "AssetID",
-	7:  "AssetVersion",
-	8:  "Completed",
-	9:  "SubmissionType",
-	10: "TargetAssetID",
-	11: "StatusID",
-}
-
-// Decode decodes Submission from json.
-func (s *Submission) Decode(d *jx.Decoder) error {
-	if s == nil {
-		return errors.New("invalid: unable to decode Submission to nil")
-	}
-
-	if err := d.ObjBytes(func(d *jx.Decoder, k []byte) error {
-		switch string(k) {
-		case "ID":
-			if err := func() error {
-				s.ID.Reset()
-				if err := s.ID.Decode(d); err != nil {
-					return err
-				}
-				return nil
-			}(); err != nil {
-				return errors.Wrap(err, "decode field \"ID\"")
-			}
-		case "DisplayName":
-			if err := func() error {
-				s.DisplayName.Reset()
-				if err := s.DisplayName.Decode(d); err != nil {
-					return err
-				}
-				return nil
-			}(); err != nil {
-				return errors.Wrap(err, "decode field \"DisplayName\"")
-			}
-		case "Creator":
-			if err := func() error {
-				s.Creator.Reset()
-				if err := s.Creator.Decode(d); err != nil {
-					return err
-				}
-				return nil
-			}(); err != nil {
-				return errors.Wrap(err, "decode field \"Creator\"")
-			}
-		case "GameID":
-			if err := func() error {
-				s.GameID.Reset()
-				if err := s.GameID.Decode(d); err != nil {
-					return err
-				}
-				return nil
-			}(); err != nil {
-				return errors.Wrap(err, "decode field \"GameID\"")
-			}
-		case "Date":
-			if err := func() error {
-				s.Date.Reset()
-				if err := s.Date.Decode(d); err != nil {
-					return err
-				}
-				return nil
-			}(); err != nil {
-				return errors.Wrap(err, "decode field \"Date\"")
-			}
-		case "Submitter":
-			if err := func() error {
-				s.Submitter.Reset()
-				if err := s.Submitter.Decode(d); err != nil {
-					return err
-				}
-				return nil
-			}(); err != nil {
-				return errors.Wrap(err, "decode field \"Submitter\"")
-			}
-		case "AssetID":
-			if err := func() error {
-				s.AssetID.Reset()
-				if err := s.AssetID.Decode(d); err != nil {
-					return err
-				}
-				return nil
-			}(); err != nil {
-				return errors.Wrap(err, "decode field \"AssetID\"")
-			}
-		case "AssetVersion":
-			if err := func() error {
-				s.AssetVersion.Reset()
-				if err := s.AssetVersion.Decode(d); err != nil {
-					return err
-				}
-				return nil
-			}(); err != nil {
-				return errors.Wrap(err, "decode field \"AssetVersion\"")
-			}
-		case "Completed":
-			if err := func() error {
-				s.Completed.Reset()
-				if err := s.Completed.Decode(d); err != nil {
-					return err
-				}
-				return nil
-			}(); err != nil {
-				return errors.Wrap(err, "decode field \"Completed\"")
-			}
-		case "SubmissionType":
-			if err := func() error {
-				s.SubmissionType.Reset()
-				if err := s.SubmissionType.Decode(d); err != nil {
-					return err
-				}
-				return nil
-			}(); err != nil {
-				return errors.Wrap(err, "decode field \"SubmissionType\"")
-			}
-		case "TargetAssetID":
-			if err := func() error {
-				s.TargetAssetID.Reset()
-				if err := s.TargetAssetID.Decode(d); err != nil {
-					return err
-				}
-				return nil
-			}(); err != nil {
-				return errors.Wrap(err, "decode field \"TargetAssetID\"")
-			}
-		case "StatusID":
-			if err := func() error {
-				s.StatusID.Reset()
-				if err := s.StatusID.Decode(d); err != nil {
-					return err
-				}
-				return nil
-			}(); err != nil {
-				return errors.Wrap(err, "decode field \"StatusID\"")
-			}
-		default:
-			return d.Skip()
-		}
-		return nil
-	}); err != nil {
-		return errors.Wrap(err, "decode Submission")
-	}
-
-	return nil
-}
-
-// MarshalJSON implements stdjson.Marshaler.
-func (s *Submission) MarshalJSON() ([]byte, error) {
-	e := jx.Encoder{}
-	s.Encode(&e)
-	return e.Bytes(), nil
-}
-
-// UnmarshalJSON implements stdjson.Unmarshaler.
-func (s *Submission) UnmarshalJSON(data []byte) error {
-	d := jx.DecodeBytes(data)
-	return s.Decode(d)
-}
--- a/api/oas_parameters_gen.go
+++ b/api/oas_parameters_gen.go
@@ -1,551 +0,0 @@
-// Code generated by ogen, DO NOT EDIT.
-
-package api
-
-import (
-	"net/http"
-	"net/url"
-
-	"github.com/go-faster/errors"
-
-	"github.com/ogen-go/ogen/conv"
-	"github.com/ogen-go/ogen/middleware"
-	"github.com/ogen-go/ogen/ogenerrors"
-	"github.com/ogen-go/ogen/uri"
-	"github.com/ogen-go/ogen/validate"
-)
-
-// GetSubmissionParams is parameters of getSubmission operation.
-type GetSubmissionParams struct {
-	SubmissionID int64
-}
-
-func unpackGetSubmissionParams(packed middleware.Parameters) (params GetSubmissionParams) {
-	{
-		key := middleware.ParameterKey{
-			Name: "SubmissionID",
-			In:   "path",
-		}
-		params.SubmissionID = packed[key].(int64)
-	}
-	return params
-}
-
-func decodeGetSubmissionParams(args [1]string, argsEscaped bool, r *http.Request) (params GetSubmissionParams, _ error) {
-	// Decode path: SubmissionID.
-	if err := func() error {
-		param := args[0]
-		if argsEscaped {
-			unescaped, err := url.PathUnescape(args[0])
-			if err != nil {
-				return errors.Wrap(err, "unescape path")
-			}
-			param = unescaped
-		}
-		if len(param) > 0 {
-			d := uri.NewPathDecoder(uri.PathDecoderConfig{
-				Param:   "SubmissionID",
-				Value:   param,
-				Style:   uri.PathStyleSimple,
-				Explode: false,
-			})
-
-			if err := func() error {
-				val, err := d.DecodeValue()
-				if err != nil {
-					return err
-				}
-
-				c, err := conv.ToInt64(val)
-				if err != nil {
-					return err
-				}
-
-				params.SubmissionID = c
-				return nil
-			}(); err != nil {
-				return err
-			}
-		} else {
-			return validate.ErrFieldRequired
-		}
-		return nil
-	}(); err != nil {
-		return params, &ogenerrors.DecodeParamError{
-			Name: "SubmissionID",
-			In:   "path",
-			Err:  err,
-		}
-	}
-	return params, nil
-}
-
-// ListSubmissionsParams is parameters of listSubmissions operation.
-type ListSubmissionsParams struct {
-	Page   Pagination
-	Filter OptSubmissionFilter
-}
-
-func unpackListSubmissionsParams(packed middleware.Parameters) (params ListSubmissionsParams) {
-	{
-		key := middleware.ParameterKey{
-			Name: "page",
-			In:   "query",
-		}
-		params.Page = packed[key].(Pagination)
-	}
-	{
-		key := middleware.ParameterKey{
-			Name: "filter",
-			In:   "query",
-		}
-		if v, ok := packed[key]; ok {
-			params.Filter = v.(OptSubmissionFilter)
-		}
-	}
-	return params
-}
-
-func decodeListSubmissionsParams(args [0]string, argsEscaped bool, r *http.Request) (params ListSubmissionsParams, _ error) {
-	q := uri.NewQueryDecoder(r.URL.Query())
-	// Decode query: page.
-	if err := func() error {
-		cfg := uri.QueryParameterDecodingConfig{
-			Name:    "page",
-			Style:   uri.QueryStyleForm,
-			Explode: true,
-			Fields:  []uri.QueryParameterObjectField{{Name: "Page", Required: true}, {Name: "Limit", Required: true}},
-		}
-
-		if err := q.HasParam(cfg); err == nil {
-			if err := q.DecodeParam(cfg, func(d uri.Decoder) error {
-				return params.Page.DecodeURI(d)
-			}); err != nil {
-				return err
-			}
-			if err := func() error {
-				if err := params.Page.Validate(); err != nil {
-					return err
-				}
-				return nil
-			}(); err != nil {
-				return err
-			}
-		} else {
-			return validate.ErrFieldRequired
-		}
-		return nil
-	}(); err != nil {
-		return params, &ogenerrors.DecodeParamError{
-			Name: "page",
-			In:   "query",
-			Err:  err,
-		}
-	}
-	// Decode query: filter.
-	if err := func() error {
-		cfg := uri.QueryParameterDecodingConfig{
-			Name:    "filter",
-			Style:   uri.QueryStyleForm,
-			Explode: true,
-			Fields:  []uri.QueryParameterObjectField{{Name: "ID", Required: false}, {Name: "DisplayName", Required: false}, {Name: "Creator", Required: false}, {Name: "GameID", Required: false}, {Name: "Date", Required: false}},
-		}
-
-		if err := q.HasParam(cfg); err == nil {
-			if err := q.DecodeParam(cfg, func(d uri.Decoder) error {
-				var paramsDotFilterVal SubmissionFilter
-				if err := func() error {
-					return paramsDotFilterVal.DecodeURI(d)
-				}(); err != nil {
-					return err
-				}
-				params.Filter.SetTo(paramsDotFilterVal)
-				return nil
-			}); err != nil {
-				return err
-			}
-		}
-		return nil
-	}(); err != nil {
-		return params, &ogenerrors.DecodeParamError{
-			Name: "filter",
-			In:   "query",
-			Err:  err,
-		}
-	}
-	return params, nil
-}
-
-// PatchSubmissionCompletedParams is parameters of patchSubmissionCompleted operation.
-type PatchSubmissionCompletedParams struct {
-	SubmissionID int64
-	Completed    bool
-}
-
-func unpackPatchSubmissionCompletedParams(packed middleware.Parameters) (params PatchSubmissionCompletedParams) {
-	{
-		key := middleware.ParameterKey{
-			Name: "SubmissionID",
-			In:   "path",
-		}
-		params.SubmissionID = packed[key].(int64)
-	}
-	{
-		key := middleware.ParameterKey{
-			Name: "Completed",
-			In:   "query",
-		}
-		params.Completed = packed[key].(bool)
-	}
-	return params
-}
-
-func decodePatchSubmissionCompletedParams(args [1]string, argsEscaped bool, r *http.Request) (params PatchSubmissionCompletedParams, _ error) {
-	q := uri.NewQueryDecoder(r.URL.Query())
-	// Decode path: SubmissionID.
-	if err := func() error {
-		param := args[0]
-		if argsEscaped {
-			unescaped, err := url.PathUnescape(args[0])
-			if err != nil {
-				return errors.Wrap(err, "unescape path")
-			}
-			param = unescaped
-		}
-		if len(param) > 0 {
-			d := uri.NewPathDecoder(uri.PathDecoderConfig{
-				Param:   "SubmissionID",
-				Value:   param,
-				Style:   uri.PathStyleSimple,
-				Explode: false,
-			})
-
-			if err := func() error {
-				val, err := d.DecodeValue()
-				if err != nil {
-					return err
-				}
-
-				c, err := conv.ToInt64(val)
-				if err != nil {
-					return err
-				}
-
-				params.SubmissionID = c
-				return nil
-			}(); err != nil {
-				return err
-			}
-		} else {
-			return validate.ErrFieldRequired
-		}
-		return nil
-	}(); err != nil {
-		return params, &ogenerrors.DecodeParamError{
-			Name: "SubmissionID",
-			In:   "path",
-			Err:  err,
-		}
-	}
-	// Decode query: Completed.
-	if err := func() error {
-		cfg := uri.QueryParameterDecodingConfig{
-			Name:    "Completed",
-			Style:   uri.QueryStyleForm,
-			Explode: true,
-		}
-
-		if err := q.HasParam(cfg); err == nil {
-			if err := q.DecodeParam(cfg, func(d uri.Decoder) error {
-				val, err := d.DecodeValue()
-				if err != nil {
-					return err
-				}
-
-				c, err := conv.ToBool(val)
-				if err != nil {
-					return err
-				}
-
-				params.Completed = c
-				return nil
-			}); err != nil {
-				return err
-			}
-		} else {
-			return validate.ErrFieldRequired
-		}
-		return nil
-	}(); err != nil {
-		return params, &ogenerrors.DecodeParamError{
-			Name: "Completed",
-			In:   "query",
-			Err:  err,
-		}
-	}
-	return params, nil
-}
-
-// PatchSubmissionModelParams is parameters of patchSubmissionModel operation.
-type PatchSubmissionModelParams struct {
-	SubmissionID int64
-	ModelID      int64
-	VersionID    int64
-}
-
-func unpackPatchSubmissionModelParams(packed middleware.Parameters) (params PatchSubmissionModelParams) {
-	{
-		key := middleware.ParameterKey{
-			Name: "SubmissionID",
-			In:   "path",
-		}
-		params.SubmissionID = packed[key].(int64)
-	}
-	{
-		key := middleware.ParameterKey{
-			Name: "ModelID",
-			In:   "query",
-		}
-		params.ModelID = packed[key].(int64)
-	}
-	{
-		key := middleware.ParameterKey{
-			Name: "VersionID",
-			In:   "query",
-		}
-		params.VersionID = packed[key].(int64)
-	}
-	return params
-}
-
-func decodePatchSubmissionModelParams(args [1]string, argsEscaped bool, r *http.Request) (params PatchSubmissionModelParams, _ error) {
-	q := uri.NewQueryDecoder(r.URL.Query())
-	// Decode path: SubmissionID.
-	if err := func() error {
-		param := args[0]
-		if argsEscaped {
-			unescaped, err := url.PathUnescape(args[0])
-			if err != nil {
-				return errors.Wrap(err, "unescape path")
-			}
-			param = unescaped
-		}
-		if len(param) > 0 {
-			d := uri.NewPathDecoder(uri.PathDecoderConfig{
-				Param:   "SubmissionID",
-				Value:   param,
-				Style:   uri.PathStyleSimple,
-				Explode: false,
-			})
-
-			if err := func() error {
-				val, err := d.DecodeValue()
-				if err != nil {
-					return err
-				}
-
-				c, err := conv.ToInt64(val)
-				if err != nil {
-					return err
-				}
-
-				params.SubmissionID = c
-				return nil
-			}(); err != nil {
-				return err
-			}
-		} else {
-			return validate.ErrFieldRequired
-		}
-		return nil
-	}(); err != nil {
-		return params, &ogenerrors.DecodeParamError{
-			Name: "SubmissionID",
-			In:   "path",
-			Err:  err,
-		}
-	}
-	// Decode query: ModelID.
-	if err := func() error {
-		cfg := uri.QueryParameterDecodingConfig{
-			Name:    "ModelID",
-			Style:   uri.QueryStyleForm,
-			Explode: true,
-		}
-
-		if err := q.HasParam(cfg); err == nil {
-			if err := q.DecodeParam(cfg, func(d uri.Decoder) error {
-				val, err := d.DecodeValue()
-				if err != nil {
-					return err
-				}
-
-				c, err := conv.ToInt64(val)
-				if err != nil {
-					return err
-				}
-
-				params.ModelID = c
-				return nil
-			}); err != nil {
-				return err
-			}
-		} else {
-			return validate.ErrFieldRequired
-		}
-		return nil
-	}(); err != nil {
-		return params, &ogenerrors.DecodeParamError{
-			Name: "ModelID",
-			In:   "query",
-			Err:  err,
-		}
-	}
-	// Decode query: VersionID.
-	if err := func() error {
-		cfg := uri.QueryParameterDecodingConfig{
-			Name:    "VersionID",
-			Style:   uri.QueryStyleForm,
-			Explode: true,
-		}
-
-		if err := q.HasParam(cfg); err == nil {
-			if err := q.DecodeParam(cfg, func(d uri.Decoder) error {
-				val, err := d.DecodeValue()
-				if err != nil {
-					return err
-				}
-
-				c, err := conv.ToInt64(val)
-				if err != nil {
-					return err
-				}
-
-				params.VersionID = c
-				return nil
-			}); err != nil {
-				return err
-			}
-		} else {
-			return validate.ErrFieldRequired
-		}
-		return nil
-	}(); err != nil {
-		return params, &ogenerrors.DecodeParamError{
-			Name: "VersionID",
-			In:   "query",
-			Err:  err,
-		}
-	}
-	return params, nil
-}
-
-// PatchSubmissionStatusParams is parameters of patchSubmissionStatus operation.
-type PatchSubmissionStatusParams struct {
-	SubmissionID int64
-	Status       int32
-}
-
-func unpackPatchSubmissionStatusParams(packed middleware.Parameters) (params PatchSubmissionStatusParams) {
-	{
-		key := middleware.ParameterKey{
-			Name: "SubmissionID",
-			In:   "path",
-		}
-		params.SubmissionID = packed[key].(int64)
-	}
-	{
-		key := middleware.ParameterKey{
-			Name: "Status",
-			In:   "query",
-		}
-		params.Status = packed[key].(int32)
-	}
-	return params
-}
-
-func decodePatchSubmissionStatusParams(args [1]string, argsEscaped bool, r *http.Request) (params PatchSubmissionStatusParams, _ error) {
-	q := uri.NewQueryDecoder(r.URL.Query())
-	// Decode path: SubmissionID.
-	if err := func() error {
-		param := args[0]
-		if argsEscaped {
-			unescaped, err := url.PathUnescape(args[0])
-			if err != nil {
-				return errors.Wrap(err, "unescape path")
-			}
-			param = unescaped
-		}
-		if len(param) > 0 {
-			d := uri.NewPathDecoder(uri.PathDecoderConfig{
-				Param:   "SubmissionID",
-				Value:   param,
-				Style:   uri.PathStyleSimple,
-				Explode: false,
-			})
-
-			if err := func() error {
-				val, err := d.DecodeValue()
-				if err != nil {
-					return err
-				}
-
-				c, err := conv.ToInt64(val)
-				if err != nil {
-					return err
-				}
-
-				params.SubmissionID = c
-				return nil
-			}(); err != nil {
-				return err
-			}
-		} else {
-			return validate.ErrFieldRequired
-		}
-		return nil
-	}(); err != nil {
-		return params, &ogenerrors.DecodeParamError{
-			Name: "SubmissionID",
-			In:   "path",
-			Err:  err,
-		}
-	}
-	// Decode query: Status.
-	if err := func() error {
-		cfg := uri.QueryParameterDecodingConfig{
-			Name:    "Status",
-			Style:   uri.QueryStyleForm,
-			Explode: true,
-		}
-
-		if err := q.HasParam(cfg); err == nil {
-			if err := q.DecodeParam(cfg, func(d uri.Decoder) error {
-				val, err := d.DecodeValue()
-				if err != nil {
-					return err
-				}
-
-				c, err := conv.ToInt32(val)
-				if err != nil {
-					return err
-				}
-
-				params.Status = c
-				return nil
-			}); err != nil {
-				return err
-			}
-		} else {
-			return validate.ErrFieldRequired
-		}
-		return nil
-	}(); err != nil {
-		return params, &ogenerrors.DecodeParamError{
-			Name: "Status",
-			In:   "query",
-			Err:  err,
-		}
-	}
-	return params, nil
-}
--- a/api/oas_request_decoders_gen.go
+++ b/api/oas_request_decoders_gen.go
@@ -1,3 +0,0 @@
-// Code generated by ogen, DO NOT EDIT.
-
-package api
--- a/api/oas_request_encoders_gen.go
+++ b/api/oas_request_encoders_gen.go
@@ -1,3 +0,0 @@
-// Code generated by ogen, DO NOT EDIT.
-
-package api
--- a/api/oas_response_encoders_gen.go
+++ b/api/oas_response_encoders_gen.go
@@ -1,108 +0,0 @@
-// Code generated by ogen, DO NOT EDIT.
-
-package api
-
-import (
-	"net/http"
-
-	"github.com/go-faster/errors"
-	"github.com/go-faster/jx"
-	"go.opentelemetry.io/otel/codes"
-	"go.opentelemetry.io/otel/trace"
-
-	ht "github.com/ogen-go/ogen/http"
-)
-
-func encodeCreateSubmissionResponse(response *Submission, w http.ResponseWriter, span trace.Span) error {
-	w.Header().Set("Content-Type", "application/json; charset=utf-8")
-	w.WriteHeader(200)
-	span.SetStatus(codes.Ok, http.StatusText(200))
-
-	e := new(jx.Encoder)
-	response.Encode(e)
-	if _, err := e.WriteTo(w); err != nil {
-		return errors.Wrap(err, "write")
-	}
-
-	return nil
-}
-
-func encodeGetSubmissionResponse(response *Submission, w http.ResponseWriter, span trace.Span) error {
-	w.Header().Set("Content-Type", "application/json; charset=utf-8")
-	w.WriteHeader(200)
-	span.SetStatus(codes.Ok, http.StatusText(200))
-
-	e := new(jx.Encoder)
-	response.Encode(e)
-	if _, err := e.WriteTo(w); err != nil {
-		return errors.Wrap(err, "write")
-	}
-
-	return nil
-}
-
-func encodeListSubmissionsResponse(response []Submission, w http.ResponseWriter, span trace.Span) error {
-	w.Header().Set("Content-Type", "application/json; charset=utf-8")
-	w.WriteHeader(200)
-	span.SetStatus(codes.Ok, http.StatusText(200))
-
-	e := new(jx.Encoder)
-	e.ArrStart()
-	for _, elem := range response {
-		elem.Encode(e)
-	}
-	e.ArrEnd()
-	if _, err := e.WriteTo(w); err != nil {
-		return errors.Wrap(err, "write")
-	}
-
-	return nil
-}
-
-func encodePatchSubmissionCompletedResponse(response *PatchSubmissionCompletedOK, w http.ResponseWriter, span trace.Span) error {
-	w.WriteHeader(200)
-	span.SetStatus(codes.Ok, http.StatusText(200))
-
-	return nil
-}
-
-func encodePatchSubmissionModelResponse(response *PatchSubmissionModelOK, w http.ResponseWriter, span trace.Span) error {
-	w.WriteHeader(200)
-	span.SetStatus(codes.Ok, http.StatusText(200))
-
-	return nil
-}
-
-func encodePatchSubmissionStatusResponse(response *PatchSubmissionStatusOK, w http.ResponseWriter, span trace.Span) error {
-	w.WriteHeader(200)
-	span.SetStatus(codes.Ok, http.StatusText(200))
-
-	return nil
-}
-
-func encodeErrorResponse(response *ErrorStatusCode, w http.ResponseWriter, span trace.Span) error {
-	w.Header().Set("Content-Type", "application/json; charset=utf-8")
-	code := response.StatusCode
-	if code == 0 {
-		// Set default status code.
-		code = http.StatusOK
-	}
-	w.WriteHeader(code)
-	if st := http.StatusText(code); code >= http.StatusBadRequest {
-		span.SetStatus(codes.Error, st)
-	} else {
-		span.SetStatus(codes.Ok, st)
-	}
-
-	e := new(jx.Encoder)
-	response.Response.Encode(e)
-	if _, err := e.WriteTo(w); err != nil {
-		return errors.Wrap(err, "write")
-	}
-
-	if code >= http.StatusInternalServerError {
-		return errors.Wrapf(ht.ErrInternalServerErrorResponse, "code: %d, message: %s", code, http.StatusText(code))
-	}
-	return nil
-
-}
--- a/api/oas_router_gen.go
+++ b/api/oas_router_gen.go
@@ -1,435 +0,0 @@
-// Code generated by ogen, DO NOT EDIT.
-
-package api
-
-import (
-	"net/http"
-	"net/url"
-	"strings"
-
-	"github.com/ogen-go/ogen/uri"
-)
-
-func (s *Server) cutPrefix(path string) (string, bool) {
-	prefix := s.cfg.Prefix
-	if prefix == "" {
-		return path, true
-	}
-	if !strings.HasPrefix(path, prefix) {
-		// Prefix doesn't match.
-		return "", false
-	}
-	// Cut prefix from the path.
-	return strings.TrimPrefix(path, prefix), true
-}
-
-// ServeHTTP serves http request as defined by OpenAPI v3 specification,
-// calling handler that matches the path or returning not found error.
-func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) {
-	elem := r.URL.Path
-	elemIsEscaped := false
-	if rawPath := r.URL.RawPath; rawPath != "" {
-		if normalized, ok := uri.NormalizeEscapedPath(rawPath); ok {
-			elem = normalized
-			elemIsEscaped = strings.ContainsRune(elem, '%')
-		}
-	}
-
-	elem, ok := s.cutPrefix(elem)
-	if !ok || len(elem) == 0 {
-		s.notFound(w, r)
-		return
-	}
-	args := [1]string{}
-
-	// Static code generated router with unwrapped path search.
-	switch {
-	default:
-		if len(elem) == 0 {
-			break
-		}
-		switch elem[0] {
-		case '/': // Prefix: "/submissions"
-			origElem := elem
-			if l := len("/submissions"); len(elem) >= l && elem[0:l] == "/submissions" {
-				elem = elem[l:]
-			} else {
-				break
-			}
-
-			if len(elem) == 0 {
-				switch r.Method {
-				case "GET":
-					s.handleListSubmissionsRequest([0]string{}, elemIsEscaped, w, r)
-				case "POST":
-					s.handleCreateSubmissionRequest([0]string{}, elemIsEscaped, w, r)
-				default:
-					s.notAllowed(w, r, "GET,POST")
-				}
-
-				return
-			}
-			switch elem[0] {
-			case '/': // Prefix: "/"
-				origElem := elem
-				if l := len("/"); len(elem) >= l && elem[0:l] == "/" {
-					elem = elem[l:]
-				} else {
-					break
-				}
-
-				// Param: "SubmissionID"
-				// Match until "/"
-				idx := strings.IndexByte(elem, '/')
-				if idx < 0 {
-					idx = len(elem)
-				}
-				args[0] = elem[:idx]
-				elem = elem[idx:]
-
-				if len(elem) == 0 {
-					switch r.Method {
-					case "GET":
-						s.handleGetSubmissionRequest([1]string{
-							args[0],
-						}, elemIsEscaped, w, r)
-					default:
-						s.notAllowed(w, r, "GET")
-					}
-
-					return
-				}
-				switch elem[0] {
-				case '/': // Prefix: "/"
-					origElem := elem
-					if l := len("/"); len(elem) >= l && elem[0:l] == "/" {
-						elem = elem[l:]
-					} else {
-						break
-					}
-
-					if len(elem) == 0 {
-						break
-					}
-					switch elem[0] {
-					case 'c': // Prefix: "completed"
-						origElem := elem
-						if l := len("completed"); len(elem) >= l && elem[0:l] == "completed" {
-							elem = elem[l:]
-						} else {
-							break
-						}
-
-						if len(elem) == 0 {
-							// Leaf node.
-							switch r.Method {
-							case "PATCH":
-								s.handlePatchSubmissionCompletedRequest([1]string{
-									args[0],
-								}, elemIsEscaped, w, r)
-							default:
-								s.notAllowed(w, r, "PATCH")
-							}
-
-							return
-						}
-
-						elem = origElem
-					case 'm': // Prefix: "model"
-						origElem := elem
-						if l := len("model"); len(elem) >= l && elem[0:l] == "model" {
-							elem = elem[l:]
-						} else {
-							break
-						}
-
-						if len(elem) == 0 {
-							// Leaf node.
-							switch r.Method {
-							case "PATCH":
-								s.handlePatchSubmissionModelRequest([1]string{
-									args[0],
-								}, elemIsEscaped, w, r)
-							default:
-								s.notAllowed(w, r, "PATCH")
-							}
-
-							return
-						}
-
-						elem = origElem
-					case 's': // Prefix: "status"
-						origElem := elem
-						if l := len("status"); len(elem) >= l && elem[0:l] == "status" {
-							elem = elem[l:]
-						} else {
-							break
-						}
-
-						if len(elem) == 0 {
-							// Leaf node.
-							switch r.Method {
-							case "PATCH":
-								s.handlePatchSubmissionStatusRequest([1]string{
-									args[0],
-								}, elemIsEscaped, w, r)
-							default:
-								s.notAllowed(w, r, "PATCH")
-							}
-
-							return
-						}
-
-						elem = origElem
-					}
-
-					elem = origElem
-				}
-
-				elem = origElem
-			}
-
-			elem = origElem
-		}
-	}
-	s.notFound(w, r)
-}
-
-// Route is route object.
-type Route struct {
-	name        string
-	summary     string
-	operationID string
-	pathPattern string
-	count       int
-	args        [1]string
-}
-
-// Name returns ogen operation name.
-//
-// It is guaranteed to be unique and not empty.
-func (r Route) Name() string {
-	return r.name
-}
-
-// Summary returns OpenAPI summary.
-func (r Route) Summary() string {
-	return r.summary
-}
-
-// OperationID returns OpenAPI operationId.
-func (r Route) OperationID() string {
-	return r.operationID
-}
-
-// PathPattern returns OpenAPI path.
-func (r Route) PathPattern() string {
-	return r.pathPattern
-}
-
-// Args returns parsed arguments.
-func (r Route) Args() []string {
-	return r.args[:r.count]
-}
-
-// FindRoute finds Route for given method and path.
-//
-// Note: this method does not unescape path or handle reserved characters in path properly. Use FindPath instead.
-func (s *Server) FindRoute(method, path string) (Route, bool) {
-	return s.FindPath(method, &url.URL{Path: path})
-}
-
-// FindPath finds Route for given method and URL.
-func (s *Server) FindPath(method string, u *url.URL) (r Route, _ bool) {
-	var (
-		elem = u.Path
-		args = r.args
-	)
-	if rawPath := u.RawPath; rawPath != "" {
-		if normalized, ok := uri.NormalizeEscapedPath(rawPath); ok {
-			elem = normalized
-		}
-		defer func() {
-			for i, arg := range r.args[:r.count] {
-				if unescaped, err := url.PathUnescape(arg); err == nil {
-					r.args[i] = unescaped
-				}
-			}
-		}()
-	}
-
-	elem, ok := s.cutPrefix(elem)
-	if !ok {
-		return r, false
-	}
-
-	// Static code generated router with unwrapped path search.
-	switch {
-	default:
-		if len(elem) == 0 {
-			break
-		}
-		switch elem[0] {
-		case '/': // Prefix: "/submissions"
-			origElem := elem
-			if l := len("/submissions"); len(elem) >= l && elem[0:l] == "/submissions" {
-				elem = elem[l:]
-			} else {
-				break
-			}
-
-			if len(elem) == 0 {
-				switch method {
-				case "GET":
-					r.name = "ListSubmissions"
-					r.summary = "Get list of submissions"
-					r.operationID = "listSubmissions"
-					r.pathPattern = "/submissions"
-					r.args = args
-					r.count = 0
-					return r, true
-				case "POST":
-					r.name = "CreateSubmission"
-					r.summary = "Create new submission"
-					r.operationID = "createSubmission"
-					r.pathPattern = "/submissions"
-					r.args = args
-					r.count = 0
-					return r, true
-				default:
-					return
-				}
-			}
-			switch elem[0] {
-			case '/': // Prefix: "/"
-				origElem := elem
-				if l := len("/"); len(elem) >= l && elem[0:l] == "/" {
-					elem = elem[l:]
-				} else {
-					break
-				}
-
-				// Param: "SubmissionID"
-				// Match until "/"
-				idx := strings.IndexByte(elem, '/')
-				if idx < 0 {
-					idx = len(elem)
-				}
-				args[0] = elem[:idx]
-				elem = elem[idx:]
-
-				if len(elem) == 0 {
-					switch method {
-					case "GET":
-						r.name = "GetSubmission"
-						r.summary = "Retrieve map with ID"
-						r.operationID = "getSubmission"
-						r.pathPattern = "/submissions/{SubmissionID}"
-						r.args = args
-						r.count = 1
-						return r, true
-					default:
-						return
-					}
-				}
-				switch elem[0] {
-				case '/': // Prefix: "/"
-					origElem := elem
-					if l := len("/"); len(elem) >= l && elem[0:l] == "/" {
-						elem = elem[l:]
-					} else {
-						break
-					}
-
-					if len(elem) == 0 {
-						break
-					}
-					switch elem[0] {
-					case 'c': // Prefix: "completed"
-						origElem := elem
-						if l := len("completed"); len(elem) >= l && elem[0:l] == "completed" {
-							elem = elem[l:]
-						} else {
-							break
-						}
-
-						if len(elem) == 0 {
-							// Leaf node.
-							switch method {
-							case "PATCH":
-								r.name = "PatchSubmissionCompleted"
-								r.summary = "Retrieve map with ID"
-								r.operationID = "patchSubmissionCompleted"
-								r.pathPattern = "/submissions/{SubmissionID}/completed"
-								r.args = args
-								r.count = 1
-								return r, true
-							default:
-								return
-							}
-						}
-
-						elem = origElem
-					case 'm': // Prefix: "model"
-						origElem := elem
-						if l := len("model"); len(elem) >= l && elem[0:l] == "model" {
-							elem = elem[l:]
-						} else {
-							break
-						}
-
-						if len(elem) == 0 {
-							// Leaf node.
-							switch method {
-							case "PATCH":
-								r.name = "PatchSubmissionModel"
-								r.summary = "Update model following role restrictions"
-								r.operationID = "patchSubmissionModel"
-								r.pathPattern = "/submissions/{SubmissionID}/model"
-								r.args = args
-								r.count = 1
-								return r, true
-							default:
-								return
-							}
-						}
-
-						elem = origElem
-					case 's': // Prefix: "status"
-						origElem := elem
-						if l := len("status"); len(elem) >= l && elem[0:l] == "status" {
-							elem = elem[l:]
-						} else {
-							break
-						}
-
-						if len(elem) == 0 {
-							// Leaf node.
-							switch method {
-							case "PATCH":
-								r.name = "PatchSubmissionStatus"
-								r.summary = "Update status following role restrictions"
-								r.operationID = "patchSubmissionStatus"
-								r.pathPattern = "/submissions/{SubmissionID}/status"
-								r.args = args
-								r.count = 1
-								return r, true
-							default:
-								return
-							}
-						}
-
-						elem = origElem
-					}
-
-					elem = origElem
-				}
-
-				elem = origElem
-			}
-
-			elem = origElem
-		}
-	}
-	return r, false
-}
--- a/api/oas_schemas_gen.go
+++ b/api/oas_schemas_gen.go
@@ -1,524 +0,0 @@
-// Code generated by ogen, DO NOT EDIT.
-
-package api
-
-import (
-	"fmt"
-)
-
-func (s *ErrorStatusCode) Error() string {
-	return fmt.Sprintf("code %d: %+v", s.StatusCode, s.Response)
-}
-
-// Represents error object.
-// Ref: #/components/schemas/Error
-type Error struct {
-	Code    int64  `json:"code"`
-	Message string `json:"message"`
-}
-
-// GetCode returns the value of Code.
-func (s *Error) GetCode() int64 {
-	return s.Code
-}
-
-// GetMessage returns the value of Message.
-func (s *Error) GetMessage() string {
-	return s.Message
-}
-
-// SetCode sets the value of Code.
-func (s *Error) SetCode(val int64) {
-	s.Code = val
-}
-
-// SetMessage sets the value of Message.
-func (s *Error) SetMessage(val string) {
-	s.Message = val
-}
-
-// ErrorStatusCode wraps Error with StatusCode.
-type ErrorStatusCode struct {
-	StatusCode int
-	Response   Error
-}
-
-// GetStatusCode returns the value of StatusCode.
-func (s *ErrorStatusCode) GetStatusCode() int {
-	return s.StatusCode
-}
-
-// GetResponse returns the value of Response.
-func (s *ErrorStatusCode) GetResponse() Error {
-	return s.Response
-}
-
-// SetStatusCode sets the value of StatusCode.
-func (s *ErrorStatusCode) SetStatusCode(val int) {
-	s.StatusCode = val
-}
-
-// SetResponse sets the value of Response.
-func (s *ErrorStatusCode) SetResponse(val Error) {
-	s.Response = val
-}
-
-// NewOptBool returns new OptBool with value set to v.
-func NewOptBool(v bool) OptBool {
-	return OptBool{
-		Value: v,
-		Set:   true,
-	}
-}
-
-// OptBool is optional bool.
-type OptBool struct {
-	Value bool
-	Set   bool
-}
-
-// IsSet returns true if OptBool was set.
-func (o OptBool) IsSet() bool { return o.Set }
-
-// Reset unsets value.
-func (o *OptBool) Reset() {
-	var v bool
-	o.Value = v
-	o.Set = false
-}
-
-// SetTo sets value to v.
-func (o *OptBool) SetTo(v bool) {
-	o.Set = true
-	o.Value = v
-}
-
-// Get returns value and boolean that denotes whether value was set.
-func (o OptBool) Get() (v bool, ok bool) {
-	if !o.Set {
-		return v, false
-	}
-	return o.Value, true
-}
-
-// Or returns value if set, or given parameter if does not.
-func (o OptBool) Or(d bool) bool {
-	if v, ok := o.Get(); ok {
-		return v
-	}
-	return d
-}
-
-// NewOptInt32 returns new OptInt32 with value set to v.
-func NewOptInt32(v int32) OptInt32 {
-	return OptInt32{
-		Value: v,
-		Set:   true,
-	}
-}
-
-// OptInt32 is optional int32.
-type OptInt32 struct {
-	Value int32
-	Set   bool
-}
-
-// IsSet returns true if OptInt32 was set.
-func (o OptInt32) IsSet() bool { return o.Set }
-
-// Reset unsets value.
-func (o *OptInt32) Reset() {
-	var v int32
-	o.Value = v
-	o.Set = false
-}
-
-// SetTo sets value to v.
-func (o *OptInt32) SetTo(v int32) {
-	o.Set = true
-	o.Value = v
-}
-
-// Get returns value and boolean that denotes whether value was set.
-func (o OptInt32) Get() (v int32, ok bool) {
-	if !o.Set {
-		return v, false
-	}
-	return o.Value, true
-}
-
-// Or returns value if set, or given parameter if does not.
-func (o OptInt32) Or(d int32) int32 {
-	if v, ok := o.Get(); ok {
-		return v
-	}
-	return d
-}
-
-// NewOptInt64 returns new OptInt64 with value set to v.
-func NewOptInt64(v int64) OptInt64 {
-	return OptInt64{
-		Value: v,
-		Set:   true,
-	}
-}
-
-// OptInt64 is optional int64.
-type OptInt64 struct {
-	Value int64
-	Set   bool
-}
-
-// IsSet returns true if OptInt64 was set.
-func (o OptInt64) IsSet() bool { return o.Set }
-
-// Reset unsets value.
-func (o *OptInt64) Reset() {
-	var v int64
-	o.Value = v
-	o.Set = false
-}
-
-// SetTo sets value to v.
-func (o *OptInt64) SetTo(v int64) {
-	o.Set = true
-	o.Value = v
-}
-
-// Get returns value and boolean that denotes whether value was set.
-func (o OptInt64) Get() (v int64, ok bool) {
-	if !o.Set {
-		return v, false
-	}
-	return o.Value, true
-}
-
-// Or returns value if set, or given parameter if does not.
-func (o OptInt64) Or(d int64) int64 {
-	if v, ok := o.Get(); ok {
-		return v
-	}
-	return d
-}
-
-// NewOptString returns new OptString with value set to v.
-func NewOptString(v string) OptString {
-	return OptString{
-		Value: v,
-		Set:   true,
-	}
-}
-
-// OptString is optional string.
-type OptString struct {
-	Value string
-	Set   bool
-}
-
-// IsSet returns true if OptString was set.
-func (o OptString) IsSet() bool { return o.Set }
-
-// Reset unsets value.
-func (o *OptString) Reset() {
-	var v string
-	o.Value = v
-	o.Set = false
-}
-
-// SetTo sets value to v.
-func (o *OptString) SetTo(v string) {
-	o.Set = true
-	o.Value = v
-}
-
-// Get returns value and boolean that denotes whether value was set.
-func (o OptString) Get() (v string, ok bool) {
-	if !o.Set {
-		return v, false
-	}
-	return o.Value, true
-}
-
-// Or returns value if set, or given parameter if does not.
-func (o OptString) Or(d string) string {
-	if v, ok := o.Get(); ok {
-		return v
-	}
-	return d
-}
-
-// NewOptSubmissionFilter returns new OptSubmissionFilter with value set to v.
-func NewOptSubmissionFilter(v SubmissionFilter) OptSubmissionFilter {
-	return OptSubmissionFilter{
-		Value: v,
-		Set:   true,
-	}
-}
-
-// OptSubmissionFilter is optional SubmissionFilter.
-type OptSubmissionFilter struct {
-	Value SubmissionFilter
-	Set   bool
-}
-
-// IsSet returns true if OptSubmissionFilter was set.
-func (o OptSubmissionFilter) IsSet() bool { return o.Set }
-
-// Reset unsets value.
-func (o *OptSubmissionFilter) Reset() {
-	var v SubmissionFilter
-	o.Value = v
-	o.Set = false
-}
-
-// SetTo sets value to v.
-func (o *OptSubmissionFilter) SetTo(v SubmissionFilter) {
-	o.Set = true
-	o.Value = v
-}
-
-// Get returns value and boolean that denotes whether value was set.
-func (o OptSubmissionFilter) Get() (v SubmissionFilter, ok bool) {
-	if !o.Set {
-		return v, false
-	}
-	return o.Value, true
-}
-
-// Or returns value if set, or given parameter if does not.
-func (o OptSubmissionFilter) Or(d SubmissionFilter) SubmissionFilter {
-	if v, ok := o.Get(); ok {
-		return v
-	}
-	return d
-}
-
-// Ref: #/components/schemas/Pagination
-type Pagination struct {
-	Page  int32 `json:"Page"`
-	Limit int32 `json:"Limit"`
-}
-
-// GetPage returns the value of Page.
-func (s *Pagination) GetPage() int32 {
-	return s.Page
-}
-
-// GetLimit returns the value of Limit.
-func (s *Pagination) GetLimit() int32 {
-	return s.Limit
-}
-
-// SetPage sets the value of Page.
-func (s *Pagination) SetPage(val int32) {
-	s.Page = val
-}
-
-// SetLimit sets the value of Limit.
-func (s *Pagination) SetLimit(val int32) {
-	s.Limit = val
-}
-
-// PatchSubmissionCompletedOK is response for PatchSubmissionCompleted operation.
-type PatchSubmissionCompletedOK struct{}
-
-// PatchSubmissionModelOK is response for PatchSubmissionModel operation.
-type PatchSubmissionModelOK struct{}
-
-// PatchSubmissionStatusOK is response for PatchSubmissionStatus operation.
-type PatchSubmissionStatusOK struct{}
-
-// Ref: #/components/schemas/Submission
-type Submission struct {
-	ID             OptInt64  `json:"ID"`
-	DisplayName    OptString `json:"DisplayName"`
-	Creator        OptString `json:"Creator"`
-	GameID         OptInt32  `json:"GameID"`
-	Date           OptInt64  `json:"Date"`
-	Submitter      OptInt64  `json:"Submitter"`
-	AssetID        OptInt64  `json:"AssetID"`
-	AssetVersion   OptInt64  `json:"AssetVersion"`
-	Completed      OptBool   `json:"Completed"`
-	SubmissionType OptInt32  `json:"SubmissionType"`
-	TargetAssetID  OptInt64  `json:"TargetAssetID"`
-	StatusID       OptInt32  `json:"StatusID"`
-}
-
-// GetID returns the value of ID.
-func (s *Submission) GetID() OptInt64 {
-	return s.ID
-}
-
-// GetDisplayName returns the value of DisplayName.
-func (s *Submission) GetDisplayName() OptString {
-	return s.DisplayName
-}
-
-// GetCreator returns the value of Creator.
-func (s *Submission) GetCreator() OptString {
-	return s.Creator
-}
-
-// GetGameID returns the value of GameID.
-func (s *Submission) GetGameID() OptInt32 {
-	return s.GameID
-}
-
-// GetDate returns the value of Date.
-func (s *Submission) GetDate() OptInt64 {
-	return s.Date
-}
-
-// GetSubmitter returns the value of Submitter.
-func (s *Submission) GetSubmitter() OptInt64 {
-	return s.Submitter
-}
-
-// GetAssetID returns the value of AssetID.
-func (s *Submission) GetAssetID() OptInt64 {
-	return s.AssetID
-}
-
-// GetAssetVersion returns the value of AssetVersion.
-func (s *Submission) GetAssetVersion() OptInt64 {
-	return s.AssetVersion
-}
-
-// GetCompleted returns the value of Completed.
-func (s *Submission) GetCompleted() OptBool {
-	return s.Completed
-}
-
-// GetSubmissionType returns the value of SubmissionType.
-func (s *Submission) GetSubmissionType() OptInt32 {
-	return s.SubmissionType
-}
-
-// GetTargetAssetID returns the value of TargetAssetID.
-func (s *Submission) GetTargetAssetID() OptInt64 {
-	return s.TargetAssetID
-}
-
-// GetStatusID returns the value of StatusID.
-func (s *Submission) GetStatusID() OptInt32 {
-	return s.StatusID
-}
-
-// SetID sets the value of ID.
-func (s *Submission) SetID(val OptInt64) {
-	s.ID = val
-}
-
-// SetDisplayName sets the value of DisplayName.
-func (s *Submission) SetDisplayName(val OptString) {
-	s.DisplayName = val
-}
-
-// SetCreator sets the value of Creator.
-func (s *Submission) SetCreator(val OptString) {
-	s.Creator = val
-}
-
-// SetGameID sets the value of GameID.
-func (s *Submission) SetGameID(val OptInt32) {
-	s.GameID = val
-}
-
-// SetDate sets the value of Date.
-func (s *Submission) SetDate(val OptInt64) {
-	s.Date = val
-}
-
-// SetSubmitter sets the value of Submitter.
-func (s *Submission) SetSubmitter(val OptInt64) {
-	s.Submitter = val
-}
-
-// SetAssetID sets the value of AssetID.
-func (s *Submission) SetAssetID(val OptInt64) {
-	s.AssetID = val
-}
-
-// SetAssetVersion sets the value of AssetVersion.
-func (s *Submission) SetAssetVersion(val OptInt64) {
-	s.AssetVersion = val
-}
-
-// SetCompleted sets the value of Completed.
-func (s *Submission) SetCompleted(val OptBool) {
-	s.Completed = val
-}
-
-// SetSubmissionType sets the value of SubmissionType.
-func (s *Submission) SetSubmissionType(val OptInt32) {
-	s.SubmissionType = val
-}
-
-// SetTargetAssetID sets the value of TargetAssetID.
-func (s *Submission) SetTargetAssetID(val OptInt64) {
-	s.TargetAssetID = val
-}
-
-// SetStatusID sets the value of StatusID.
-func (s *Submission) SetStatusID(val OptInt32) {
-	s.StatusID = val
-}
-
-// Ref: #/components/schemas/SubmissionFilter
-type SubmissionFilter struct {
-	ID          OptInt64  `json:"ID"`
-	DisplayName OptString `json:"DisplayName"`
-	Creator     OptString `json:"Creator"`
-	GameID      OptInt32  `json:"GameID"`
-	Date        OptInt64  `json:"Date"`
-}
-
-// GetID returns the value of ID.
-func (s *SubmissionFilter) GetID() OptInt64 {
-	return s.ID
-}
-
-// GetDisplayName returns the value of DisplayName.
-func (s *SubmissionFilter) GetDisplayName() OptString {
-	return s.DisplayName
-}
-
-// GetCreator returns the value of Creator.
-func (s *SubmissionFilter) GetCreator() OptString {
-	return s.Creator
-}
-
-// GetGameID returns the value of GameID.
-func (s *SubmissionFilter) GetGameID() OptInt32 {
-	return s.GameID
-}
-
-// GetDate returns the value of Date.
-func (s *SubmissionFilter) GetDate() OptInt64 {
-	return s.Date
-}
-
-// SetID sets the value of ID.
-func (s *SubmissionFilter) SetID(val OptInt64) {
-	s.ID = val
-}
-
-// SetDisplayName sets the value of DisplayName.
-func (s *SubmissionFilter) SetDisplayName(val OptString) {
-	s.DisplayName = val
-}
-
-// SetCreator sets the value of Creator.
-func (s *SubmissionFilter) SetCreator(val OptString) {
-	s.Creator = val
-}
-
-// SetGameID sets the value of GameID.
-func (s *SubmissionFilter) SetGameID(val OptInt32) {
-	s.GameID = val
-}
-
-// SetDate sets the value of Date.
-func (s *SubmissionFilter) SetDate(val OptInt64) {
-	s.Date = val
-}
--- a/api/oas_server_gen.go
+++ b/api/oas_server_gen.go
@@ -1,70 +0,0 @@
-// Code generated by ogen, DO NOT EDIT.
-
-package api
-
-import (
-	"context"
-)
-
-// Handler handles operations described by OpenAPI v3 specification.
-type Handler interface {
-	// CreateSubmission implements createSubmission operation.
-	//
-	// Create new submission.
-	//
-	// POST /submissions
-	CreateSubmission(ctx context.Context) (*Submission, error)
-	// GetSubmission implements getSubmission operation.
-	//
-	// Retrieve map with ID.
-	//
-	// GET /submissions/{SubmissionID}
-	GetSubmission(ctx context.Context, params GetSubmissionParams) (*Submission, error)
-	// ListSubmissions implements listSubmissions operation.
-	//
-	// Get list of submissions.
-	//
-	// GET /submissions
-	ListSubmissions(ctx context.Context, params ListSubmissionsParams) ([]Submission, error)
-	// PatchSubmissionCompleted implements patchSubmissionCompleted operation.
-	//
-	// Retrieve map with ID.
-	//
-	// PATCH /submissions/{SubmissionID}/completed
-	PatchSubmissionCompleted(ctx context.Context, params PatchSubmissionCompletedParams) error
-	// PatchSubmissionModel implements patchSubmissionModel operation.
-	//
-	// Update model following role restrictions.
-	//
-	// PATCH /submissions/{SubmissionID}/model
-	PatchSubmissionModel(ctx context.Context, params PatchSubmissionModelParams) error
-	// PatchSubmissionStatus implements patchSubmissionStatus operation.
-	//
-	// Update status following role restrictions.
-	//
-	// PATCH /submissions/{SubmissionID}/status
-	PatchSubmissionStatus(ctx context.Context, params PatchSubmissionStatusParams) error
-	// NewError creates *ErrorStatusCode from error returned by handler.
-	//
-	// Used for common default response.
-	NewError(ctx context.Context, err error) *ErrorStatusCode
-}
-
-// Server implements http server based on OpenAPI v3 specification and
-// calls Handler to handle requests.
-type Server struct {
-	h Handler
-	baseServer
-}
-
-// NewServer creates new Server.
-func NewServer(h Handler, opts ...ServerOption) (*Server, error) {
-	s, err := newServerConfig(opts...).baseServer()
-	if err != nil {
-		return nil, err
-	}
-	return &Server{
-		h:          h,
-		baseServer: s,
-	}, nil
-}
--- a/api/oas_unimplemented_gen.go
+++ b/api/oas_unimplemented_gen.go
@@ -1,76 +0,0 @@
-// Code generated by ogen, DO NOT EDIT.
-
-package api
-
-import (
-	"context"
-
-	ht "github.com/ogen-go/ogen/http"
-)
-
-// UnimplementedHandler is no-op Handler which returns http.ErrNotImplemented.
-type UnimplementedHandler struct{}
-
-var _ Handler = UnimplementedHandler{}
-
-// CreateSubmission implements createSubmission operation.
-//
-// Create new submission.
-//
-// POST /submissions
-func (UnimplementedHandler) CreateSubmission(ctx context.Context) (r *Submission, _ error) {
-	return r, ht.ErrNotImplemented
-}
-
-// GetSubmission implements getSubmission operation.
-//
-// Retrieve map with ID.
-//
-// GET /submissions/{SubmissionID}
-func (UnimplementedHandler) GetSubmission(ctx context.Context, params GetSubmissionParams) (r *Submission, _ error) {
-	return r, ht.ErrNotImplemented
-}
-
-// ListSubmissions implements listSubmissions operation.
-//
-// Get list of submissions.
-//
-// GET /submissions
-func (UnimplementedHandler) ListSubmissions(ctx context.Context, params ListSubmissionsParams) (r []Submission, _ error) {
-	return r, ht.ErrNotImplemented
-}
-
-// PatchSubmissionCompleted implements patchSubmissionCompleted operation.
-//
-// Retrieve map with ID.
-//
-// PATCH /submissions/{SubmissionID}/completed
-func (UnimplementedHandler) PatchSubmissionCompleted(ctx context.Context, params PatchSubmissionCompletedParams) error {
-	return ht.ErrNotImplemented
-}
-
-// PatchSubmissionModel implements patchSubmissionModel operation.
-//
-// Update model following role restrictions.
-//
-// PATCH /submissions/{SubmissionID}/model
-func (UnimplementedHandler) PatchSubmissionModel(ctx context.Context, params PatchSubmissionModelParams) error {
-	return ht.ErrNotImplemented
-}
-
-// PatchSubmissionStatus implements patchSubmissionStatus operation.
-//
-// Update status following role restrictions.
-//
-// PATCH /submissions/{SubmissionID}/status
-func (UnimplementedHandler) PatchSubmissionStatus(ctx context.Context, params PatchSubmissionStatusParams) error {
-	return ht.ErrNotImplemented
-}
-
-// NewError creates *ErrorStatusCode from error returned by handler.
-//
-// Used for common default response.
-func (UnimplementedHandler) NewError(ctx context.Context, err error) (r *ErrorStatusCode) {
-	r = new(ErrorStatusCode)
-	return r
-}
--- a/api/oas_uri_gen.go
+++ b/api/oas_uri_gen.go
@@ -1,314 +0,0 @@
-// Code generated by ogen, DO NOT EDIT.
-
-package api
-
-import (
-	"math/bits"
-	"strconv"
-
-	"github.com/go-faster/errors"
-
-	"github.com/ogen-go/ogen/conv"
-	"github.com/ogen-go/ogen/uri"
-	"github.com/ogen-go/ogen/validate"
-)
-
-// EncodeURI encodes Pagination as URI form.
-func (s *Pagination) EncodeURI(e uri.Encoder) error {
-	if err := e.EncodeField("Page", func(e uri.Encoder) error {
-		return e.EncodeValue(conv.Int32ToString(s.Page))
-	}); err != nil {
-		return errors.Wrap(err, "encode field \"Page\"")
-	}
-	if err := e.EncodeField("Limit", func(e uri.Encoder) error {
-		return e.EncodeValue(conv.Int32ToString(s.Limit))
-	}); err != nil {
-		return errors.Wrap(err, "encode field \"Limit\"")
-	}
-	return nil
-}
-
-var uriFieldsNameOfPagination = [2]string{
-	0: "Page",
-	1: "Limit",
-}
-
-// DecodeURI decodes Pagination from URI form.
-func (s *Pagination) DecodeURI(d uri.Decoder) error {
-	if s == nil {
-		return errors.New("invalid: unable to decode Pagination to nil")
-	}
-	var requiredBitSet [1]uint8
-
-	if err := d.DecodeFields(func(k string, d uri.Decoder) error {
-		switch k {
-		case "Page":
-			requiredBitSet[0] |= 1 << 0
-			if err := func() error {
-				val, err := d.DecodeValue()
-				if err != nil {
-					return err
-				}
-
-				c, err := conv.ToInt32(val)
-				if err != nil {
-					return err
-				}
-
-				s.Page = c
-				return nil
-			}(); err != nil {
-				return errors.Wrap(err, "decode field \"Page\"")
-			}
-		case "Limit":
-			requiredBitSet[0] |= 1 << 1
-			if err := func() error {
-				val, err := d.DecodeValue()
-				if err != nil {
-					return err
-				}
-
-				c, err := conv.ToInt32(val)
-				if err != nil {
-					return err
-				}
-
-				s.Limit = c
-				return nil
-			}(); err != nil {
-				return errors.Wrap(err, "decode field \"Limit\"")
-			}
-		default:
-			return nil
-		}
-		return nil
-	}); err != nil {
-		return errors.Wrap(err, "decode Pagination")
-	}
-	// Validate required fields.
-	var failures []validate.FieldError
-	for i, mask := range [1]uint8{
-		0b00000011,
-	} {
-		if result := (requiredBitSet[i] & mask) ^ mask; result != 0 {
-			// Mask only required fields and check equality to mask using XOR.
-			//
-			// If XOR result is not zero, result is not equal to expected, so some fields are missed.
-			// Bits of fields which would be set are actually bits of missed fields.
-			missed := bits.OnesCount8(result)
-			for bitN := 0; bitN < missed; bitN++ {
-				bitIdx := bits.TrailingZeros8(result)
-				fieldIdx := i*8 + bitIdx
-				var name string
-				if fieldIdx < len(uriFieldsNameOfPagination) {
-					name = uriFieldsNameOfPagination[fieldIdx]
-				} else {
-					name = strconv.Itoa(fieldIdx)
-				}
-				failures = append(failures, validate.FieldError{
-					Name:  name,
-					Error: validate.ErrFieldRequired,
-				})
-				// Reset bit.
-				result &^= 1 << bitIdx
-			}
-		}
-	}
-	if len(failures) > 0 {
-		return &validate.Error{Fields: failures}
-	}
-
-	return nil
-}
-
-// EncodeURI encodes SubmissionFilter as URI form.
-func (s *SubmissionFilter) EncodeURI(e uri.Encoder) error {
-	if err := e.EncodeField("ID", func(e uri.Encoder) error {
-		if val, ok := s.ID.Get(); ok {
-			return e.EncodeValue(conv.Int64ToString(val))
-		}
-		return nil
-	}); err != nil {
-		return errors.Wrap(err, "encode field \"ID\"")
-	}
-	if err := e.EncodeField("DisplayName", func(e uri.Encoder) error {
-		if val, ok := s.DisplayName.Get(); ok {
-			return e.EncodeValue(conv.StringToString(val))
-		}
-		return nil
-	}); err != nil {
-		return errors.Wrap(err, "encode field \"DisplayName\"")
-	}
-	if err := e.EncodeField("Creator", func(e uri.Encoder) error {
-		if val, ok := s.Creator.Get(); ok {
-			return e.EncodeValue(conv.StringToString(val))
-		}
-		return nil
-	}); err != nil {
-		return errors.Wrap(err, "encode field \"Creator\"")
-	}
-	if err := e.EncodeField("GameID", func(e uri.Encoder) error {
-		if val, ok := s.GameID.Get(); ok {
-			return e.EncodeValue(conv.Int32ToString(val))
-		}
-		return nil
-	}); err != nil {
-		return errors.Wrap(err, "encode field \"GameID\"")
-	}
-	if err := e.EncodeField("Date", func(e uri.Encoder) error {
-		if val, ok := s.Date.Get(); ok {
-			return e.EncodeValue(conv.Int64ToString(val))
-		}
-		return nil
-	}); err != nil {
-		return errors.Wrap(err, "encode field \"Date\"")
-	}
-	return nil
-}
-
-var uriFieldsNameOfSubmissionFilter = [5]string{
-	0: "ID",
-	1: "DisplayName",
-	2: "Creator",
-	3: "GameID",
-	4: "Date",
-}
-
-// DecodeURI decodes SubmissionFilter from URI form.
-func (s *SubmissionFilter) DecodeURI(d uri.Decoder) error {
-	if s == nil {
-		return errors.New("invalid: unable to decode SubmissionFilter to nil")
-	}
-
-	if err := d.DecodeFields(func(k string, d uri.Decoder) error {
-		switch k {
-		case "ID":
-			if err := func() error {
-				var sDotIDVal int64
-				if err := func() error {
-					val, err := d.DecodeValue()
-					if err != nil {
-						return err
-					}
-
-					c, err := conv.ToInt64(val)
-					if err != nil {
-						return err
-					}
-
-					sDotIDVal = c
-					return nil
-				}(); err != nil {
-					return err
-				}
-				s.ID.SetTo(sDotIDVal)
-				return nil
-			}(); err != nil {
-				return errors.Wrap(err, "decode field \"ID\"")
-			}
-		case "DisplayName":
-			if err := func() error {
-				var sDotDisplayNameVal string
-				if err := func() error {
-					val, err := d.DecodeValue()
-					if err != nil {
-						return err
-					}
-
-					c, err := conv.ToString(val)
-					if err != nil {
-						return err
-					}
-
-					sDotDisplayNameVal = c
-					return nil
-				}(); err != nil {
-					return err
-				}
-				s.DisplayName.SetTo(sDotDisplayNameVal)
-				return nil
-			}(); err != nil {
-				return errors.Wrap(err, "decode field \"DisplayName\"")
-			}
-		case "Creator":
-			if err := func() error {
-				var sDotCreatorVal string
-				if err := func() error {
-					val, err := d.DecodeValue()
-					if err != nil {
-						return err
-					}
-
-					c, err := conv.ToString(val)
-					if err != nil {
-						return err
-					}
-
-					sDotCreatorVal = c
-					return nil
-				}(); err != nil {
-					return err
-				}
-				s.Creator.SetTo(sDotCreatorVal)
-				return nil
-			}(); err != nil {
-				return errors.Wrap(err, "decode field \"Creator\"")
-			}
-		case "GameID":
-			if err := func() error {
-				var sDotGameIDVal int32
-				if err := func() error {
-					val, err := d.DecodeValue()
-					if err != nil {
-						return err
-					}
-
-					c, err := conv.ToInt32(val)
-					if err != nil {
-						return err
-					}
-
-					sDotGameIDVal = c
-					return nil
-				}(); err != nil {
-					return err
-				}
-				s.GameID.SetTo(sDotGameIDVal)
-				return nil
-			}(); err != nil {
-				return errors.Wrap(err, "decode field \"GameID\"")
-			}
-		case "Date":
-			if err := func() error {
-				var sDotDateVal int64
-				if err := func() error {
-					val, err := d.DecodeValue()
-					if err != nil {
-						return err
-					}
-
-					c, err := conv.ToInt64(val)
-					if err != nil {
-						return err
-					}
-
-					sDotDateVal = c
-					return nil
-				}(); err != nil {
-					return err
-				}
-				s.Date.SetTo(sDotDateVal)
-				return nil
-			}(); err != nil {
-				return errors.Wrap(err, "decode field \"Date\"")
-			}
-		default:
-			return nil
-		}
-		return nil
-	}); err != nil {
-		return errors.Wrap(err, "decode SubmissionFilter")
-	}
-
-	return nil
-}
--- a/api/oas_validators_gen.go
+++ b/api/oas_validators_gen.go
@@ -1,61 +0,0 @@
-// Code generated by ogen, DO NOT EDIT.
-
-package api
-
-import (
-	"github.com/go-faster/errors"
-
-	"github.com/ogen-go/ogen/validate"
-)
-
-func (s *Pagination) Validate() error {
-	if s == nil {
-		return validate.ErrNilPointer
-	}
-
-	var failures []validate.FieldError
-	if err := func() error {
-		if err := (validate.Int{
-			MinSet:        true,
-			Min:           1,
-			MaxSet:        false,
-			Max:           0,
-			MinExclusive:  false,
-			MaxExclusive:  false,
-			MultipleOfSet: false,
-			MultipleOf:    0,
-		}).Validate(int64(s.Page)); err != nil {
-			return errors.Wrap(err, "int")
-		}
-		return nil
-	}(); err != nil {
-		failures = append(failures, validate.FieldError{
-			Name:  "Page",
-			Error: err,
-		})
-	}
-	if err := func() error {
-		if err := (validate.Int{
-			MinSet:        true,
-			Min:           1,
-			MaxSet:        true,
-			Max:           100,
-			MinExclusive:  false,
-			MaxExclusive:  false,
-			MultipleOfSet: false,
-			MultipleOf:    0,
-		}).Validate(int64(s.Limit)); err != nil {
-			return errors.Wrap(err, "int")
-		}
-		return nil
-	}(); err != nil {
-		failures = append(failures, validate.FieldError{
-			Name:  "Limit",
-			Error: err,
-		})
-	}
-	if len(failures) > 0 {
-		return &validate.Error{Fields: failures}
-	}
-	return nil
-}
--- a/cmd/maps-service/service.go
+++ b/cmd/maps-service/service.go
@@ -0,0 +1,23 @@
+package main
+
+import (
+	"git.itzana.me/strafesnet/maps-service/pkg/cmds"
+	log "github.com/sirupsen/logrus"
+	"github.com/urfave/cli/v2"
+	"os"
+)
+
+func main() {
+	log.SetLevel(log.InfoLevel)
+	log.SetFormatter(&log.JSONFormatter{})
+	log.SetReportCaller(true)
+
+	app := cmds.NewApp()
+	app.Commands = []*cli.Command{
+		cmds.NewServeCommand(),
+	}
+
+	if err := app.Run(os.Args); err != nil {
+		log.WithError(err).Fatal("Failed to run app")
+	}
+}
--- a/compose.yaml
+++ b/compose.yaml
@@ -0,0 +1,123 @@
+version: '3.9'
+networks:
+  maps-service-network:
+    driver: bridge
+
+services:
+  nats:
+    image: docker.io/nats:latest
+    container_name: nats
+    command: ["-js"] #"-DVV"
+    networks:
+      - maps-service-network
+
+  submissions:
+    image:
+      maps-service-submissions
+    container_name: submissions
+    command: [
+      # debug
+      "--debug","serve",
+      # http service port
+      "--port","8082",
+      # internal http endpoints
+      "--port-internal","8083",
+      # postgres
+      "--pg-host","10.0.0.29",
+      "--pg-port","5432",
+      "--pg-db","maps",
+      "--pg-user","quat",
+      "--pg-password","happypostgresuser",
+      # other hosts
+      "--nats-host","nats:4222",
+      "--auth-rpc-host","authrpc:8081"
+    ]
+    depends_on:
+      - authrpc
+      - nats
+    networks:
+      - maps-service-network
+    ports:
+      - "8082:8082"
+
+  web:
+    image:
+      maps-service-web
+    networks:
+      - maps-service-network
+    ports:
+      - "3000:3000"
+
+  validation:
+    image:
+      maps-service-validation
+    container_name: validation
+    env_file:
+      - ../auth-compose/strafesnet_staging.env
+    environment:
+      - ROBLOX_GROUP_ID=17032139 # "None" is special case string value
+      - API_HOST_INTERNAL=http://submissions:8083
+      - NATS_HOST=nats:4222
+      - DATA_HOST=http://dataservice:9000
+    depends_on:
+      - nats
+      # note: this races the submissions which creates a nats stream
+      # the validation will panic if the nats stream is not created
+      - submissions
+      - dataservice
+    networks:
+      - maps-service-network
+
+  dataservice:
+    image: registry.itzana.me/strafesnet/data-service:master
+    container_name: dataservice
+    environment:
+      - DEBUG=true
+      - PG_HOST=10.0.0.29
+      - PG_PORT=5432
+      - PG_USER=quat
+      - PG_DB=data
+      - PG_PASS=happypostgresuser
+    networks:
+      - maps-service-network
+
+  authredis:
+    image: docker.io/redis:latest
+    container_name: authredis
+    volumes:
+      - redis-data:/data
+    command: ["redis-server", "--appendonly", "yes"]
+    networks:
+      - maps-service-network
+
+  authrpc:
+    image: registry.itzana.me/strafesnet/auth-service:staging
+    container_name: authrpc
+    command: ["--debug", "serve", "rpc"]
+    environment:
+      - REDIS_ADDR=authredis:6379
+    env_file:
+      - ../auth-compose/auth-service.env
+    depends_on:
+      - authredis
+    networks:
+      - maps-service-network
+    logging:
+      driver: "none"
+
+  auth-web:
+    image: registry.itzana.me/strafesnet/auth-service:staging
+    command: ["serve", "web"]
+    environment:
+      - REDIS_ADDR=authredis:6379
+    env_file:
+      - ../auth-compose/auth-service.env
+    depends_on:
+      - authredis
+    networks:
+      - maps-service-network
+    ports:
+      - "8080:8080"
+
+volumes:
+  redis-data:
--- a/docs/submission-workflow.md
+++ b/docs/submission-workflow.md
--- a/generate.go
+++ b/generate.go
@@ -1,3 +1,4 @@
 package main

-//go:generate go run github.com/ogen-go/ogen/cmd/ogen@latest --target api --clean openapi.yaml
+//go:generate go run github.com/ogen-go/ogen/cmd/ogen@latest --target pkg/api --clean openapi.yaml
+//go:generate go run github.com/ogen-go/ogen/cmd/ogen@latest --target pkg/internal --clean openapi-internal.yaml
--- a/go.mod
+++ b/go.mod
@@ -5,17 +5,41 @@ go 1.22
 toolchain go1.23.3

 require (
-	git.itzana.me/strafesnet/go-grpc v0.0.0-20240302215338-8ebbc7cffb0a
+	git.itzana.me/strafesnet/go-grpc v0.0.0-20241129081229-9e166b3d11f7
+	git.itzana.me/strafesnet/utils v0.0.0-20220716194944-d8ca164052f9
+	github.com/dchest/siphash v1.2.3
 	github.com/go-faster/errors v0.7.1
 	github.com/go-faster/jx v1.1.0
+	github.com/nats-io/nats.go v1.37.0
 	github.com/ogen-go/ogen v1.2.1
+	github.com/sirupsen/logrus v1.9.3
+	github.com/urfave/cli/v2 v2.27.5
 	go.opentelemetry.io/otel v1.32.0
 	go.opentelemetry.io/otel/metric v1.32.0
 	go.opentelemetry.io/otel/trace v1.32.0
-	google.golang.org/grpc v1.64.0
+	google.golang.org/grpc v1.48.0
+	gorm.io/driver/postgres v1.5.10
+	gorm.io/gorm v1.25.10
 )

-require google.golang.org/genproto/googleapis/rpc v0.0.0-20240528184218-531527333157 // indirect
+require (
+	github.com/cpuguy83/go-md2man/v2 v2.0.5 // indirect
+	github.com/golang/protobuf v1.5.2 // indirect
+	github.com/jackc/pgpassfile v1.0.0 // indirect
+	github.com/jackc/pgservicefile v0.0.0-20221227161230-091c0ba34f0a // indirect
+	github.com/jackc/pgx/v5 v5.5.5 // indirect
+	github.com/jackc/puddle/v2 v2.2.1 // indirect
+	github.com/jinzhu/inflection v1.0.0 // indirect
+	github.com/jinzhu/now v1.1.5 // indirect
+	github.com/klauspost/compress v1.17.6 // indirect
+	github.com/nats-io/nkeys v0.4.7 // indirect
+	github.com/nats-io/nuid v1.0.1 // indirect
+	github.com/russross/blackfriday/v2 v2.1.0 // indirect
+	github.com/xrash/smetrics v0.0.0-20240521201337-686a1a2994c1 // indirect
+	golang.org/x/crypto v0.23.0 // indirect
+	google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013 // indirect
+	google.golang.org/protobuf v1.28.0 // indirect
+)

 require (
 	github.com/dlclark/regexp2 v1.11.0 // indirect
@@ -29,14 +53,12 @@ require (
 	github.com/mattn/go-colorable v0.1.13 // indirect
 	github.com/mattn/go-isatty v0.0.20 // indirect
 	github.com/segmentio/asm v1.2.0 // indirect
-	go.uber.org/multierr v1.11.0 // indirect
+	go.uber.org/multierr v1.11.0
 	go.uber.org/zap v1.27.0 // indirect
 	golang.org/x/exp v0.0.0-20240531132922-fd00a4e0eefc // indirect
 	golang.org/x/net v0.25.0 // indirect
 	golang.org/x/sync v0.7.0 // indirect
 	golang.org/x/sys v0.20.0 // indirect
 	golang.org/x/text v0.15.0 // indirect
-	//  google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013 // indirect
-	google.golang.org/protobuf v1.34.1 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 )
--- a/go.sum
+++ b/go.sum
@@ -1,9 +1,35 @@
-git.itzana.me/strafesnet/go-grpc v0.0.0-20240302215338-8ebbc7cffb0a h1:679jxkSaW3ZEj0XW6v+sr3Wr3LcmHRbbDLmo80xty5s=
-git.itzana.me/strafesnet/go-grpc v0.0.0-20240302215338-8ebbc7cffb0a/go.mod h1:X7XTRUScRkBWq8q8bplbeso105RPDlnY7J6Wy1IwBMs=
+cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
+cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
+git.itzana.me/strafesnet/go-grpc v0.0.0-20241129081229-9e166b3d11f7 h1:5XzWd3ZZjSw1M60IfHuILty2vRPBYiqM0FZ+E7uHCi8=
+git.itzana.me/strafesnet/go-grpc v0.0.0-20241129081229-9e166b3d11f7/go.mod h1:X7XTRUScRkBWq8q8bplbeso105RPDlnY7J6Wy1IwBMs=
+git.itzana.me/strafesnet/utils v0.0.0-20220716194944-d8ca164052f9 h1:7lU6jyR7S7Rhh1dnUp7GyIRHUTBXZagw8F4n4hOyxLw=
+git.itzana.me/strafesnet/utils v0.0.0-20220716194944-d8ca164052f9/go.mod h1:uyYerSieEt4v0MJCdPLppG0LtJ4Yj035vuTetWGsxjY=
+github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
+github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY=
+github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
+github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
+github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
+github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
+github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
+github.com/cncf/udpa/go v0.0.0-20210930031921-04548b0d99d4/go.mod h1:6pvJx4me5XPnfI9Z40ddWsdw2W/uZgQLFXToKeRcDiI=
+github.com/cncf/xds/go v0.0.0-20210922020428-25de7278fc84/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
+github.com/cncf/xds/go v0.0.0-20211001041855-01bcc9b48dfe/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
+github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
+github.com/cpuguy83/go-md2man/v2 v2.0.5 h1:ZtcqGrnekaHpVLArFSe4HK5DoKx1T0rq2DwVB0alcyc=
+github.com/cpuguy83/go-md2man/v2 v2.0.5/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/dchest/siphash v1.2.3 h1:QXwFc8cFOR2dSa/gE6o/HokBMWtLUaNDVd+22aKHeEA=
+github.com/dchest/siphash v1.2.3/go.mod h1:0NvQU092bT0ipiFN++/rXm69QG9tVxLAlQHIXMPAkHc=
 github.com/dlclark/regexp2 v1.11.0 h1:G/nrcoOa7ZXlpoa/91N3X7mM3r8eIlMBBJZvsz/mxKI=
 github.com/dlclark/regexp2 v1.11.0/go.mod h1:DHkYz0B9wPfa6wondMfaivmHpzrQ3v9q8cnmRbL6yW8=
+github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
+github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
+github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
+github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk=
+github.com/envoyproxy/go-control-plane v0.10.2-0.20220325020618-49ff273808a1/go.mod h1:KJwIaB5Mv44NWtYuAOFCVOjcI94vtpEz2JU/D2v6IjE=
+github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
 github.com/fatih/color v1.17.0 h1:GlRw1BRJxkpqUCBKzKOw098ed57fEsKeNjpTe3cSjK4=
 github.com/fatih/color v1.17.0/go.mod h1:YZ7TlrGPkiz6ku9fK3TLD/pl3CpsiFyu8N92HLgmosI=
 github.com/ghodss/yaml v1.0.0 h1:wQHKEahhL6wmXdzwWG11gIVCkOv05bNOh+Rxn0yngAk=
@@ -19,10 +45,51 @@ github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY=
 github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
 github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
 github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
+github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
+github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
+github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=
+github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8=
+github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA=
+github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs=
+github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w=
+github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0=
+github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8=
+github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
+github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
+github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
+github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw=
+github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
+github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
+github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
+github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
+github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
 github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
 github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw=
+github.com/jackc/pgpassfile v1.0.0 h1:/6Hmqy13Ss2zCq62VdNG8tM1wchn8zjSGOBJ6icpsIM=
+github.com/jackc/pgpassfile v1.0.0/go.mod h1:CEx0iS5ambNFdcRtxPj5JhEz+xB6uRky5eyVu/W2HEg=
+github.com/jackc/pgservicefile v0.0.0-20221227161230-091c0ba34f0a h1:bbPeKD0xmW/Y25WS6cokEszi5g+S0QxI/d45PkRi7Nk=
+github.com/jackc/pgservicefile v0.0.0-20221227161230-091c0ba34f0a/go.mod h1:5TJZWKEWniPve33vlWYSoGYefn3gLQRzjfDlhSJ9ZKM=
+github.com/jackc/pgx/v5 v5.5.5 h1:amBjrZVmksIdNjxGW/IiIMzxMKZFelXbUoPNb+8sjQw=
+github.com/jackc/pgx/v5 v5.5.5/go.mod h1:ez9gk+OAat140fv9ErkZDYFWmXLfV+++K0uAOiwgm1A=
+github.com/jackc/puddle/v2 v2.2.1 h1:RhxXJtFG022u4ibrCSMSiu5aOq1i77R3OHKNJj77OAk=
+github.com/jackc/puddle/v2 v2.2.1/go.mod h1:vriiEXHvEE654aYKXXjOvZM39qJ0q+azkZFrfEOc3H4=
+github.com/jinzhu/inflection v1.0.0 h1:K317FqzuhWc8YvSVlFMCCUb36O/S9MCKRDI7QkRKD/E=
+github.com/jinzhu/inflection v1.0.0/go.mod h1:h+uFLlag+Qp1Va5pdKtLDYj+kHp5pxUVkryuEj+Srlc=
+github.com/jinzhu/now v1.1.2/go.mod h1:d3SSVoowX0Lcu0IBviAWJpolVfI5UJVZZ7cO71lE/z8=
+github.com/jinzhu/now v1.1.5 h1:/o9tlHleP7gOFmsnYNz3RGnqzefHA47wQpKrrdTIwXQ=
+github.com/jinzhu/now v1.1.5/go.mod h1:d3SSVoowX0Lcu0IBviAWJpolVfI5UJVZZ7cO71lE/z8=
+github.com/klauspost/compress v1.17.6 h1:60eq2E/jlfwQXtvZEeBUYADs+BwKBWURIY+Gj2eRGjI=
+github.com/klauspost/compress v1.17.6/go.mod h1:/dCuZOvVtNoHsyb+cuJD3itjs3NbnF6KH9zAO4BDxPM=
 github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
 github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
@@ -32,50 +99,145 @@ github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovk
 github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
 github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
 github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
+github.com/nats-io/nats.go v1.37.0 h1:07rauXbVnnJvv1gfIyghFEo6lUcYRY0WXc3x7x0vUxE=
+github.com/nats-io/nats.go v1.37.0/go.mod h1:Ubdu4Nh9exXdSz0RVWRFBbRfrbSxOYd26oF0wkWclB8=
+github.com/nats-io/nkeys v0.4.7 h1:RwNJbbIdYCoClSDNY7QVKZlyb/wfT6ugvFCiKy6vDvI=
+github.com/nats-io/nkeys v0.4.7/go.mod h1:kqXRgRDPlGy7nGaEDMuYzmiJCIAAWDK0IMBtDmGD0nc=
+github.com/nats-io/nuid v1.0.1 h1:5iA8DT8V7q8WK2EScv2padNa/rTESc1KdnPw4TC2paw=
+github.com/nats-io/nuid v1.0.1/go.mod h1:19wcPz3Ph3q0Jbyiqsd0kePYG7A95tJPxeL+1OSON2c=
 github.com/ogen-go/ogen v1.2.1 h1:C5A0lvUMu2wl+eWIxnpXMWnuOJ26a2FyzR1CIC2qG0M=
 github.com/ogen-go/ogen v1.2.1/go.mod h1:P2zQdEu8UqaVRfD5GEFvl+9q63VjMLvDquq1wVbyInM=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
+github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ=
 github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ=
 github.com/rogpeppe/go-internal v1.10.0/go.mod h1:UQnix2H7Ngw/k4C5ijL5+65zddjncjaFoBhdsK/akog=
+github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk=
+github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/segmentio/asm v1.2.0 h1:9BQrFxC+YOHJlTlHGkTrFWf59nbL3XnCoFLTwDCI7ys=
 github.com/segmentio/asm v1.2.0/go.mod h1:BqMnlJP91P8d+4ibuonYZw9mfnzI9HfxselHZr5aAcs=
+github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
+github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=
+github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
+github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
+github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
+github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
 github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
+github.com/urfave/cli/v2 v2.27.5 h1:WoHEJLdsXr6dDWoJgMq/CboDmyY/8HMMH1fTECbih+w=
+github.com/urfave/cli/v2 v2.27.5/go.mod h1:3Sevf16NykTbInEnD0yKkjDAeZDS0A6bzhBH5hrMvTQ=
+github.com/xrash/smetrics v0.0.0-20240521201337-686a1a2994c1 h1:gEOO8jv9F4OT7lGCjxCBTO/36wtF6j2nSip77qHd4x4=
+github.com/xrash/smetrics v0.0.0-20240521201337-686a1a2994c1/go.mod h1:Ohn+xnUBiLI6FVj/9LpzZWtj1/D6lUovWYBkxHVV3aM=
 go.opentelemetry.io/otel v1.32.0 h1:WnBN+Xjcteh0zdk01SVqV55d/m62NJLJdIyb4y/WO5U=
 go.opentelemetry.io/otel v1.32.0/go.mod h1:00DCVSB0RQcnzlwyTfqtxSm+DRr9hpYrHjNGiBHVQIg=
 go.opentelemetry.io/otel/metric v1.32.0 h1:xV2umtmNcThh2/a/aCP+h64Xx5wsj8qqnkYZktzNa0M=
 go.opentelemetry.io/otel/metric v1.32.0/go.mod h1:jH7CIbbK6SH2V2wE16W05BHCtIDzauciCRLoc/SyMv8=
 go.opentelemetry.io/otel/trace v1.32.0 h1:WIC9mYrXf8TmY/EXuULKc8hR17vE+Hjv2cssQDe03fM=
 go.opentelemetry.io/otel/trace v1.32.0/go.mod h1:+i4rkvCraA+tG6AzwloGaCtkx53Fa+L+V8e9a7YvhT8=
+go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI=
 go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
 go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE=
 go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=
 go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y=
 go.uber.org/zap v1.27.0 h1:aJMhYGrd5QSmlpLMr2MftRKl7t8J8PTZPA732ud/XR8=
 go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E=
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.23.0 h1:dIJU/v2J8Mdglj/8rJ6UUOM3Zc9zLZxVZwwxMooUSAI=
+golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8=
+golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20240531132922-fd00a4e0eefc h1:O9NuF4s+E/PvMIy+9IUZB9znFwUIXEWSstNjek6VpVg=
 golang.org/x/exp v0.0.0-20240531132922-fd00a4e0eefc/go.mod h1:XtvwrStGgqGPLc4cjQfWqZHG1YFdYs6swckp8vpsjnc=
+golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
+golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
+golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
+golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
+golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.25.0 h1:d/OCCoBEUq33pjydKrGQhw7IlUPI2Oylr+8qLx49kac=
 golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM=
+golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
+golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
+golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M=
 golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
+golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.20.0 h1:Od9JTbYCk261bKm4M/mw7AklTlFYIa0bIp9BgSm1S8Y=
 golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.15.0 h1:h1V/4gjBv8v9cjcR6+AR5+/cIYK5N/WAgiv4xlsEtAk=
 golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20240528184218-531527333157 h1:Zy9XzmMEflZ/MAaA7vNcoebnRAld7FsPW1EeBB7V0m8=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20240528184218-531527333157/go.mod h1:EfXuqaE1J41VCDicxHzUDm+8rk+7ZdXzHV0IhO/I6s0=
-google.golang.org/grpc v1.64.0 h1:KH3VH9y/MgNQg1dE7b3XfVK0GsPSIzJwdF617gUSbvY=
-google.golang.org/grpc v1.64.0/go.mod h1:oxjF8E3FBnjp+/gVFYdWacaLDx9na1aqy9oovLpxQYg=
-google.golang.org/protobuf v1.34.1 h1:9ddQBjfCyZPOHPUiPxpYESBLc+T8P3E+Vo4IbKZgFWg=
-google.golang.org/protobuf v1.34.1/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
+golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
+golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
+golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
+golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
+google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
+google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
+google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
+google.golang.org/genproto v0.0.0-20200513103714-09dca8ec2884/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013 h1:+kGHl1aib/qcwaRi1CbqBZ1rk19r85MNUf8HaBghugY=
+google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
+google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
+google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
+google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
+google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
+google.golang.org/grpc v1.33.1/go.mod h1:fr5YgcSWrqhRRxogOsw7RzIpsmvOZ6IcH4kBYTpR3n0=
+google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
+google.golang.org/grpc v1.48.0 h1:rQOsyJ/8+ufEDJd/Gdsz7HG220Mh9HAhFHRGnIjda0w=
+google.golang.org/grpc v1.48.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk=
+google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
+google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
+google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
+google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE=
+google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo=
+google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
+google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
+google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
+google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=
+google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
+google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
+google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
+google.golang.org/protobuf v1.28.0 h1:w43yiav+6bVFTBQFZX0r7ipe9JQ1QsbMgHwbBziscLw=
+google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
+gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
 gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gorm.io/driver/postgres v1.5.10 h1:7Lggqempgy496c0WfHXsYWxk3Th+ZcW66/21QhVFdeE=
+gorm.io/driver/postgres v1.5.10/go.mod h1:DX3GReXH+3FPWGrrgffdvCk3DQ1dwDPdmbenSkweRGI=
+gorm.io/gorm v1.21.11/go.mod h1:F+OptMscr0P2F2qU97WT1WimdH9GaQPoDW7AYd5i2Y0=
+gorm.io/gorm v1.25.10 h1:dQpO+33KalOA+aFYGlK+EfxcI5MbO7EP2yYygwh9h+s=
+gorm.io/gorm v1.25.10/go.mod h1:hbnx/Oo0ChWMn1BIhpy1oYozzpM15i4YPuHDmfYtwg8=
+honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
--- a/internal/controller/submissions.go
+++ b/internal/controller/submissions.go
@@ -1,33 +0,0 @@
-package controller
-
-import (
-	"context"
-	"git.itzana.me/strafesnet/maps-service/internal/datastore"
-	"git.itzana.me/strafesnet/maps-service/api"
-)
-
-type Submissions struct {
-	Store datastore.Datastore
-}
-
-func (m Submissions) Get(ctx context.Context, params *api.GetSubmissionParams) (*api.Submission, error) {
-	item, err := m.Store.Submissions().Get(ctx, params.SubmissionID)
-	if err != nil {
-		return nil, err
-	}
-
-	return &api.Submission{
-		ID:             api.NewOptInt64(item.ID),
-		DisplayName:    api.NewOptString(item.DisplayName),
-		Creator:        api.NewOptString(item.Creator),
-		GameID:         api.NewOptInt32(item.GameID),
-		Date:           api.NewOptInt64(item.Date.Unix()),
-		Submitter:      api.NewOptInt64(item.Submitter),
-		AssetID:        api.NewOptInt64(item.AssetID),
-		AssetVersion:   api.NewOptInt64(item.AssetVersion),
-		Completed:      api.NewOptBool(item.Completed),
-		SubmissionType: api.NewOptInt32(item.SubmissionType),
-		TargetAssetID:  api.NewOptInt64(item.TargetAssetID),
-		StatusID:       api.NewOptInt32(item.StatusID),
-	}, nil
-}
--- a/internal/controller/users.go
+++ b/internal/controller/users.go
@@ -1,9 +0,0 @@
-package controller
-
-import (
-	"git.itzana.me/strafesnet/maps-service/internal/datastore"
-)
-
-type Users struct {
-	Store datastore.Datastore
-}
--- a/internal/datastore/datastore.go
+++ b/internal/datastore/datastore.go
@@ -1,36 +0,0 @@
-package datastore
-
-import (
-	"context"
-	"errors"
-
-	"git.itzana.me/strafesnet/maps-service/internal/model"
-)
-
-var (
-	ErrNotExist = errors.New("resource does not exist")
-)
-
-type Datastore interface {
-	Users() Users
-	Submissions() Submissions
-}
-
-
-type Users interface {
-	Get(ctx context.Context, id int64) (model.User, error)
-	GetList(ctx context.Context, id []int64) ([]model.User, error)
-	Create(ctx context.Context, user model.User) (model.User, error)
-	Update(ctx context.Context, id int64, values OptionalMap) error
-	Delete(ctx context.Context, id int64) error
-	List(ctx context.Context, filters OptionalMap, page model.Page) ([]model.User, error)
-}
-
-type Submissions interface {
-	Get(ctx context.Context, id int64) (model.Submission, error)
-	GetList(ctx context.Context, id []int64) ([]model.Submission, error)
-	Create(ctx context.Context, time model.Submission) (model.Submission, error)
-	Update(ctx context.Context, id int64, values OptionalMap) error
-	Delete(ctx context.Context, id int64) error
-	List(ctx context.Context, filters OptionalMap, page model.Page) ([]model.Submission, error)
-}
--- a/internal/datastore/gormstore/db.go
+++ b/internal/datastore/gormstore/db.go
@@ -1,48 +0,0 @@
-package gormstore
-
-import (
-	"fmt"
-	"os"
-	"time"
-
-	"git.itzana.me/strafesnet/maps-service/internal/datastore"
-	"git.itzana.me/strafesnet/maps-service/internal/model"
-	"git.itzana.me/strafesnet/utils/logger"
-	"github.com/eko/gocache/lib/v4/cache"
-	gocache_store "github.com/eko/gocache/store/go_cache/v4"
-	gocache "github.com/patrickmn/go-cache"
-	log "github.com/sirupsen/logrus"
-	"gorm.io/driver/postgres"
-	"gorm.io/gorm"
-)
-
-func New(migrate bool) (datastore.Datastore, error) {
-	db, err := gorm.Open(postgres.Open(fmt.Sprintf("host=%s user=%s password=%s dbname=%s port=%s", os.Getenv("PG_HOST"), os.Getenv("PG_USER"), os.Getenv("PG_PASS"), os.Getenv("PG_DB"), os.Getenv("PG_PORT"))), &gorm.Config{
-		Logger: logger.New()})
-	if err != nil {
-		log.WithFields(log.Fields{
-			"PG_USER": os.Getenv("PG_USER"),
-			"PG_HOST": os.Getenv("PG_HOST"),
-			"PG_PORT": os.Getenv("PG_PORT"),
-			"PG_DB":   os.Getenv("PG_DB"),
-			"error":   err,
-		}).Errorln("failed to connect to database")
-		return nil, err
-	}
-
-	sqlDB, err := db.DB()
-	if err != nil {
-		return nil, err
-	}
-	sqlDB.SetMaxIdleConns(10)
-	sqlDB.SetMaxOpenConns(25)
-
-	if migrate {
-		if err := db.AutoMigrate(&model.User{}, &model.Submission{}); err != nil {
-			log.WithField("error", err).Errorln("database migration failed")
-			return nil, err
-		}
-	}
-
-	return &Gormstore{db, cache.New[[]byte](gocache_store.NewGoCache(gocache.New(5*time.Minute, 10*time.Minute)))}, nil
-}
--- a/internal/datastore/gormstore/gormstore.go
+++ b/internal/datastore/gormstore/gormstore.go
@@ -1,20 +0,0 @@
-package gormstore
-
-import (
-	"git.itzana.me/strafesnet/maps-service/internal/datastore"
-	"github.com/eko/gocache/lib/v4/cache"
-	"gorm.io/gorm"
-)
-
-type Gormstore struct {
-	db    *gorm.DB
-	cache *cache.Cache[[]byte]
-}
-
-func (g Gormstore) Users() datastore.Users {
-	return &Users{db: g.db}
-}
-
-func (g Gormstore) Submissions() datastore.Submissions {
-	return &Submissions{db: g.db}
-}
--- a/internal/datastore/gormstore/submissions.go
+++ b/internal/datastore/gormstore/submissions.go
@@ -1,72 +0,0 @@
-package gormstore
-
-import (
-	"context"
-	"git.itzana.me/strafesnet/maps-service/internal/datastore"
-	"git.itzana.me/strafesnet/maps-service/internal/model"
-	"gorm.io/gorm"
-)
-
-type Submissions struct {
-	db *gorm.DB
-}
-
-func (m Submissions) Get(ctx context.Context, id int64) (model.Submission, error) {
-	var smap model.Submission
-	if err := m.db.WithContext(ctx).First(&smap, id).Error; err != nil {
-		if err == gorm.ErrRecordNotFound {
-			return smap, datastore.ErrNotExist
-		}
-		return smap, err
-	}
-
-	return smap, nil
-}
-
-func (m Submissions) GetList(ctx context.Context, id []int64) ([]model.Submission, error) {
-	var mapList []model.Submission
-	if err := m.db.WithContext(ctx).Find(&mapList, "id IN ?", id).Error; err != nil {
-		return mapList, err
-	}
-
-	return mapList, nil
-}
-
-func (m Submissions) Create(ctx context.Context, smap model.Submission) (model.Submission, error) {
-	if err := m.db.WithContext(ctx).Create(&smap).Error; err != nil {
-		return smap, err
-	}
-
-	return smap, nil
-}
-
-func (m Submissions) Update(ctx context.Context, id int64, values datastore.OptionalMap) error {
-	if err := m.db.WithContext(ctx).Model(&model.Submission{}).Where("id = ?", id).Updates(values.Map()).Error; err != nil {
-		if err == gorm.ErrRecordNotFound {
-			return datastore.ErrNotExist
-		}
-		return err
-	}
-
-	return nil
-}
-
-func (m Submissions) Delete(ctx context.Context, id int64) error {
-	if err := m.db.WithContext(ctx).Delete(&model.Submission{}, id).Error; err != nil {
-		if err == gorm.ErrRecordNotFound {
-			return datastore.ErrNotExist
-		}
-		return err
-	}
-
-	return nil
-}
-
-func (m Submissions) List(ctx context.Context, filters datastore.OptionalMap, page model.Page) ([]model.Submission, error) {
-	var maps []model.Submission
-	if err := m.db.WithContext(ctx).Where(filters.Map()).Offset(int((page.Number - 1) * page.Size)).Limit(int(page.Size)).Find(&maps).Error; err != nil {
-		return nil, err
-	}
-
-	return maps, nil
-}
--- a/internal/datastore/gormstore/users.go
+++ b/internal/datastore/gormstore/users.go
@@ -1,72 +0,0 @@
-package gormstore
-
-import (
-	"context"
-	"git.itzana.me/strafesnet/maps-service/internal/datastore"
-	"git.itzana.me/strafesnet/maps-service/internal/model"
-	"gorm.io/gorm"
-)
-
-type Users struct {
-	db *gorm.DB
-}
-
-func (u Users) Get(ctx context.Context, id int64) (model.User, error) {
-	var user model.User
-	if err := u.db.WithContext(ctx).First(&user, id).Error; err != nil {
-		if err == gorm.ErrRecordNotFound {
-			return user, datastore.ErrNotExist
-		}
-		return user, err
-	}
-
-	return user, nil
-}
-
-func (u Users) GetList(ctx context.Context, id []int64) ([]model.User, error) {
-	var user []model.User
-	if err := u.db.WithContext(ctx).Find(&user, "id IN ?", id).Error; err != nil {
-		return user, err
-	}
-
-	return user, nil
-}
-
-func (u Users) Create(ctx context.Context, user model.User) (model.User, error) {
-	if err := u.db.WithContext(ctx).Create(&user).Error; err != nil {
-		return user, err
-	}
-
-	return user, nil
-}
-
-func (u Users) Update(ctx context.Context, id int64, values datastore.OptionalMap) error {
-	if err := u.db.WithContext(ctx).Model(&model.User{}).Where("id = ?", id).Updates(values.Map()).Error; err != nil {
-		if err == gorm.ErrRecordNotFound {
-			return datastore.ErrNotExist
-		}
-		return err
-	}
-
-	return nil
-}
-
-func (u Users) Delete(ctx context.Context, id int64) error {
-	if err := u.db.WithContext(ctx).Delete(&model.User{}, id).Error; err != nil {
-		if err == gorm.ErrRecordNotFound {
-			return datastore.ErrNotExist
-		}
-		return err
-	}
-
-	return nil
-}
-
-func (u Users) List(ctx context.Context, filters datastore.OptionalMap, page model.Page) ([]model.User, error) {
-	var users []model.User
-	if err := u.db.WithContext(ctx).Where(filters.Map()).Offset(int((page.Number - 1) * page.Size)).Limit(int(page.Size)).Find(&users).Error; err != nil {
-		return nil, err
-	}
-
-	return users, nil
-}
--- a/internal/model/submission.go
+++ b/internal/model/submission.go
@@ -1,18 +0,0 @@
-package model
-
-import "time"
-
-type Submission struct {
-	ID             int64
-	DisplayName    string
-	Creator        string
-	GameID         int32
-	Date           time.Time
-	Submitter      int64 // UserID
-	AssetID        int64
-	AssetVersion   int64
-	Completed      bool
-	SubmissionType int32 // 1=New 2=Fix
-	TargetAssetID  int64 // where to upload map fix
-	StatusID       int32
-}
--- a/internal/model/user.go
+++ b/internal/model/user.go
@@ -1,7 +0,0 @@
-package model
-
-type User struct {
-	ID       int64
-	Username string `gorm:"not null"`
-	StateID  int32  `gorm:"not null;default:0"`
-}
--- a/openapi-internal.yaml
+++ b/openapi-internal.yaml
@@ -0,0 +1,399 @@
+openapi: 3.1.0
+info:
+  title: StrafesNET Internal - OpenAPI 3.1
+  description: Internal operations inaccessible from the public internet.
+  version: 0.1.0
+tags:
+  - name: Submissions
+    description: Submission operations
+paths:
+  /submissions/{SubmissionID}/model:
+    post:
+      summary: Update model following role restrictions
+      operationId: updateSubmissionModel
+      tags:
+        - Submissions
+      parameters:
+        - $ref: '#/components/parameters/SubmissionID'
+        - name: ModelID
+          in: query
+          required: true
+          schema:
+            type: integer
+            format: int64
+        - name: VersionID
+          in: query
+          required: true
+          schema:
+            type: integer
+            format: int64
+      responses:
+        "204":
+          description: Successful response
+        default:
+          description: General Error
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/Error"
+  /submissions/{SubmissionID}/status/validator-validated:
+    post:
+      summary: (Internal endpoint) Role Validator changes status from Validating -> Validated
+      operationId: actionSubmissionValidated
+      tags:
+        - Submissions
+      parameters:
+        - $ref: '#/components/parameters/SubmissionID'
+      responses:
+        "204":
+          description: Successful response
+        default:
+          description: General Error
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/Error"
+  /submissions/{SubmissionID}/status/validator-failed:
+    post:
+      summary: (Internal endpoint) Role Validator changes status from Validating -> Accepted
+      operationId: actionSubmissionAccepted
+      tags:
+        - Submissions
+      parameters:
+        - $ref: '#/components/parameters/SubmissionID'
+      responses:
+        "204":
+          description: Successful response
+        default:
+          description: General Error
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/Error"
+  /submissions/{SubmissionID}/status/validator-uploaded:
+    post:
+      summary: (Internal endpoint) Role Validator changes status from Uploading -> Uploaded
+      operationId: actionSubmissionUploaded
+      tags:
+        - Submissions
+      parameters:
+        - $ref: '#/components/parameters/SubmissionID'
+        - name: TargetAssetID
+          in: query
+          schema:
+            type: integer
+            format: int64
+      responses:
+        "204":
+          description: Successful response
+        default:
+          description: General Error
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/Error"
+  /submissions/{SubmissionID}/status/releaser-released:
+    post:
+      summary: (Internal endpoint) Role Releaser changes status from releasing -> released
+      operationId: actionSubmissionReleased
+      tags:
+        - Submissions
+      parameters:
+        - $ref: '#/components/parameters/SubmissionID'
+      responses:
+        "204":
+          description: Successful response
+        default:
+          description: General Error
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/Error"
+  /script-policy:
+    get:
+      summary: Get list of script policies
+      operationId: listScriptPolicy
+      tags:
+        - ScriptPolicy
+      parameters:
+      - $ref: "#/components/parameters/Page"
+      - $ref: "#/components/parameters/Limit"
+      - name: FromScriptHash
+        in: query
+        schema:
+          type: string
+          minLength: 16
+          maxLength: 16
+      - name: ToScriptID
+        in: query
+        schema:
+          type: integer
+          format: int64
+      - name: Policy
+        in: query
+        schema:
+          type: integer
+          format: int32
+      responses:
+        "200":
+          description: Successful response
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: "#/components/schemas/ScriptPolicy"
+        default:
+          description: General Error
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/Error"
+    post:
+      summary: Create a new script policy
+      operationId: createScriptPolicy
+      tags:
+        - ScriptPolicy
+      requestBody:
+        required: true
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/ScriptPolicyCreate'
+      responses:
+        "201":
+          description: Successful response
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/Id"
+        default:
+          description: General Error
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/Error"
+  /scripts:
+    get:
+      summary: Get list of scripts
+      operationId: listScripts
+      tags:
+        - Script
+      parameters:
+      - $ref: "#/components/parameters/Page"
+      - $ref: "#/components/parameters/Limit"
+      - name: Hash
+        in: query
+        schema:
+          type: string
+          minLength: 16
+          maxLength: 16
+      - name: Name
+        in: query
+        schema:
+          type: string
+          maxLength: 128
+      - name: Source
+        in: query
+        schema:
+          type: string
+          maxLength: 1048576
+      - name: SubmissionID
+        in: query
+        schema:
+          type: integer
+          format: int64
+      responses:
+        "200":
+          description: Successful response
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: "#/components/schemas/Script"
+        default:
+          description: General Error
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/Error"
+    post:
+      summary: Create a new script
+      operationId: createScript
+      tags:
+        - Scripts
+      requestBody:
+        required: true
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/ScriptCreate'
+      responses:
+        "201":
+          description: Successful response
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/Id"
+        default:
+          description: General Error
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/Error"
+  /scripts/{ScriptID}:
+    get:
+      summary: Get the specified script by ID
+      operationId: getScript
+      tags:
+        - Scripts
+      parameters:
+        - $ref: '#/components/parameters/ScriptID'
+      responses:
+        "200":
+          description: Successful response
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/Script"
+        default:
+          description: General Error
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/Error"
+components:
+  parameters:
+    SubmissionID:
+      name: SubmissionID
+      in: path
+      required: true
+      description: The unique identifier for a submission.
+      schema:
+        type: integer
+        format: int64
+    ScriptID:
+      name: ScriptID
+      in: path
+      required: true
+      description: The unique identifier for a script.
+      schema:
+        type: integer
+        format: int64
+    Page:
+      name: Page
+      in: query
+      required: true
+      schema:
+        type: integer
+        format: int32
+        minimum: 1
+    Limit:
+      name: Limit
+      in: query
+      required: true
+      schema:
+        type: integer
+        format: int32
+        minimum: 1
+        maximum: 100
+  schemas:
+    Id:
+      required:
+      - ID
+      type: object
+      properties:
+        ID:
+          type: integer
+          format: int64
+    Script:
+      required:
+      - ID
+      - Name
+      - Hash
+      - Source
+      - SubmissionID
+      type: object
+      properties:
+        ID:
+          type: integer
+          format: int64
+        Name:
+          type: string
+          maxLength: 128
+        Hash:
+          type: string
+          minLength: 16
+          maxLength: 16
+        Source:
+          type: string
+          maxLength: 1048576
+        SubmissionID:
+          type: integer
+          format: int64
+    ScriptCreate:
+      required:
+      - Name
+      - Source
+#     - SubmissionID
+      type: object
+      properties:
+        Name:
+          type: string
+          maxLength: 128
+        Source:
+          type: string
+          maxLength: 1048576
+        SubmissionID:
+          type: integer
+          format: int64
+    ScriptPolicy:
+      required:
+      - ID
+      - FromScriptHash
+      - ToScriptID
+      - Policy
+      type: object
+      properties:
+        ID:
+          type: integer
+          format: int64
+        FromScriptHash:
+          type: string
+          minLength: 16
+          maxLength: 16
+        ToScriptID:
+          type: integer
+          format: int64
+        Policy:
+          type: integer
+          format: int32
+    ScriptPolicyCreate:
+      required:
+      - FromScriptID
+      - ToScriptID
+      - Policy
+      type: object
+      properties:
+        FromScriptID:
+          type: integer
+          format: int64
+        ToScriptID:
+          type: integer
+          format: int64
+        Policy:
+          type: integer
+          format: int32
+    Error:
+      description: Represents error object
+      type: object
+      properties:
+        code:
+          type: integer
+          format: int64
+        message:
+          type: string
+      required:
+        - code
+        - message
--- a/openapi.yaml
+++ b/openapi.yaml
@@ -1,19 +1,20 @@
 openapi: 3.1.0
 info:
  title: StrafesNET Submissions - OpenAPI 3.1
-  description: Browse and manage map submissions in the staging pipeline.
+  description: Browse and manage map submissions.
  version: 0.1.0
 servers:
  - url: https://submissions.strafes.net/v1
 tags:
  - name: Submissions
    description: Submission operations
+  - name: Scripts
+    description: Script operations
+  - name: ScriptPolicy
+    description: Script policy operations
+security:
+  - cookieAuth: []
 paths:
-# status
-# 	submit
-# 	accept
-# 	publish
-# complete
  /submissions:
    get:
      summary: Get list of submissions
@@ -21,16 +22,23 @@ paths:
      tags:
        - Submissions
      parameters:
-        - name: page
-          in: query
-          required: true
-          schema:
-            $ref: "#/components/schemas/Pagination"
-        - name: filter
-          in: query
-          required: false
-          schema:
-            $ref: "#/components/schemas/SubmissionFilter"
+      - $ref: "#/components/parameters/Page"
+      - $ref: "#/components/parameters/Limit"
+      - name: DisplayName
+        in: query
+        schema:
+          type: string
+          maxLength: 128
+      - name: Creator
+        in: query
+        schema:
+          type: string
+          maxLength: 128
+      - name: GameID
+        in: query
+        schema:
+          type: integer
+          format: int32
      responses:
        "200":
          description: Successful response
@@ -51,18 +59,19 @@ paths:
      operationId: createSubmission
      tags:
        - Submissions
-# how to do this? body should have the submission in json or something
-#      content:
-#        application/json:
-#          schema:
-#           	$ref: "#/components/schemas/SubmissionCreate"
+      requestBody:
+        required: true
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/SubmissionCreate'
      responses:
-        "200":
+        "201":
          description: Successful response
          content:
            application/json:
              schema:
-                $ref: "#/components/schemas/Submission"
+                $ref: "#/components/schemas/Id"
        default:
          description: General Error
          content:
@@ -76,12 +85,7 @@ paths:
      tags:
        - Submissions
      parameters:
-        - name: SubmissionID
-          in: path
-          required: true
-          schema:
-            type: integer
-            format: int64
+        - $ref: '#/components/parameters/SubmissionID'
      responses:
        "200":
          description: Successful response
@@ -96,18 +100,13 @@ paths:
              schema:
                $ref: "#/components/schemas/Error"
  /submissions/{SubmissionID}/model:
-    patch:
+    post:
      summary: Update model following role restrictions
-      operationId: patchSubmissionModel
+      operationId: updateSubmissionModel
      tags:
        - Submissions
      parameters:
-        - name: SubmissionID
-          in: path
-          required: true
-          schema:
-            type: integer
-            format: int64
+        - $ref: '#/components/parameters/SubmissionID'
        - name: ModelID
          in: query
          required: true
@@ -121,7 +120,7 @@ paths:
            type: integer
            format: int64
      responses:
-        "200":
+        "204":
          description: Successful response
        default:
          description: General Error
@@ -130,25 +129,15 @@ paths:
              schema:
                $ref: "#/components/schemas/Error"
  /submissions/{SubmissionID}/completed:
-    patch:
+    post:
      summary: Retrieve map with ID
-      operationId: patchSubmissionCompleted
+      operationId: setSubmissionCompleted
      tags:
        - Submissions
      parameters:
-        - name: SubmissionID
-          in: path
-          required: true
-          schema:
-            type: integer
-            format: int64
-        - name: Completed
-          in: query
-          required: true
-          schema:
-            type: boolean
+        - $ref: '#/components/parameters/SubmissionID'
      responses:
-        "200":
+        "204":
          description: Successful response
        default:
          description: General Error
@@ -156,28 +145,353 @@ paths:
            application/json:
              schema:
                $ref: "#/components/schemas/Error"
-  /submissions/{SubmissionID}/status:
-    patch:
-      summary: Update status following role restrictions
-      operationId: patchSubmissionStatus
+  /submissions/{SubmissionID}/status/submit:
+    post:
+      summary: Role Submitter changes status from UnderConstruction|ChangesRequested -> Submitted
+      operationId: actionSubmissionSubmit
      tags:
        - Submissions
      parameters:
-        - name: SubmissionID
-          in: path
-          required: true
-          schema:
-            type: integer
-            format: int64
-        - name: Status
-          in: query
-          required: true
-          schema:
-            type: integer
-            format: int32
+        - $ref: '#/components/parameters/SubmissionID'
+      responses:
+        "204":
+          description: Successful response
+        default:
+          description: General Error
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/Error"
+  /submissions/{SubmissionID}/status/revoke:
+    post:
+      summary: Role Submitter changes status from Submitted|ChangesRequested -> UnderConstruction
+      operationId: actionSubmissionRevoke
+      tags:
+        - Submissions
+      parameters:
+        - $ref: '#/components/parameters/SubmissionID'
+      responses:
+        "204":
+          description: Successful response
+        default:
+          description: General Error
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/Error"
+  /submissions/{SubmissionID}/status/trigger-validate:
+    post:
+      summary: Role Reviewer triggers validation and changes status from Submitted|Accepted -> Validating
+      operationId: actionSubmissionTriggerValidate
+      tags:
+        - Submissions
+      parameters:
+        - $ref: '#/components/parameters/SubmissionID'
+      responses:
+        "204":
+          description: Successful response
+        default:
+          description: General Error
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/Error"
+  /submissions/{SubmissionID}/status/reject:
+    post:
+      summary: Role Reviewer changes status from Submitted -> Rejected
+      operationId: actionSubmissionReject
+      tags:
+        - Submissions
+      parameters:
+        - $ref: '#/components/parameters/SubmissionID'
+      responses:
+        "204":
+          description: Successful response
+        default:
+          description: General Error
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/Error"
+  /submissions/{SubmissionID}/status/request-changes:
+    post:
+      summary: Role Reviewer changes status from Validated|Accepted|Submitted -> ChangesRequested
+      operationId: actionSubmissionRequestChanges
+      tags:
+        - Submissions
+      parameters:
+        - $ref: '#/components/parameters/SubmissionID'
+      responses:
+        "204":
+          description: Successful response
+        default:
+          description: General Error
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/Error"
+  /submissions/{SubmissionID}/status/trigger-upload:
+    post:
+      summary: Role Admin changes status from Validated -> Uploading
+      operationId: actionSubmissionTriggerUpload
+      tags:
+        - Submissions
+      parameters:
+        - $ref: '#/components/parameters/SubmissionID'
+      responses:
+        "204":
+          description: Successful response
+        default:
+          description: General Error
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/Error"
+  /script-policy:
+    get:
+      summary: Get list of script policies
+      operationId: listScriptPolicy
+      tags:
+        - ScriptPolicy
+      parameters:
+      - $ref: "#/components/parameters/Page"
+      - $ref: "#/components/parameters/Limit"
+      - name: FromScriptHash
+        in: query
+        schema:
+          type: string
+          minLength: 16
+          maxLength: 16
+      - name: ToScriptID
+        in: query
+        schema:
+          type: integer
+          format: int64
+      - name: Policy
+        in: query
+        schema:
+          type: integer
+          format: int32
      responses:
        "200":
          description: Successful response
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: "#/components/schemas/ScriptPolicy"
+        default:
+          description: General Error
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/Error"
+    post:
+      summary: Create a new script policy
+      operationId: createScriptPolicy
+      tags:
+        - ScriptPolicy
+      requestBody:
+        required: true
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/ScriptPolicyCreate'
+      responses:
+        "201":
+          description: Successful response
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/Id"
+        default:
+          description: General Error
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/Error"
+  /script-policy/{ScriptPolicyID}:
+    get:
+      summary: Get the specified script policy by ID
+      operationId: getScriptPolicy
+      tags:
+        - ScriptPolicy
+      parameters:
+        - $ref: '#/components/parameters/ScriptPolicyID'
+      responses:
+        "200":
+          description: Successful response
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/ScriptPolicy"
+        default:
+          description: General Error
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/Error"
+    post:
+      summary: Update the specified script policy by ID
+      operationId: updateScriptPolicy
+      tags:
+        - ScriptPolicy
+      parameters:
+        - $ref: '#/components/parameters/ScriptPolicyID'
+      requestBody:
+        required: true
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/ScriptPolicyUpdate'
+      responses:
+        "204":
+          description: Successful response
+        default:
+          description: General Error
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/Error"
+    delete:
+      summary: Delete the specified script policy by ID
+      operationId: deleteScriptPolicy
+      tags:
+        - ScriptPolicy
+      parameters:
+        - $ref: '#/components/parameters/ScriptPolicyID'
+      responses:
+        "204":
+          description: Successful response
+        default:
+          description: General Error
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/Error"
+  /scripts:
+    get:
+      summary: Get list of scripts
+      operationId: listScripts
+      tags:
+        - Script
+      parameters:
+      - $ref: "#/components/parameters/Page"
+      - $ref: "#/components/parameters/Limit"
+      - name: Hash
+        in: query
+        schema:
+          type: string
+          minLength: 16
+          maxLength: 16
+      - name: Name
+        in: query
+        schema:
+          type: string
+          maxLength: 128
+      - name: Source
+        in: query
+        schema:
+          type: string
+          maxLength: 1048576
+      - name: SubmissionID
+        in: query
+        schema:
+          type: integer
+          format: int64
+      responses:
+        "200":
+          description: Successful response
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: "#/components/schemas/Script"
+        default:
+          description: General Error
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/Error"
+    post:
+      summary: Create a new script
+      operationId: createScript
+      tags:
+        - Scripts
+      requestBody:
+        required: true
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/ScriptCreate'
+      responses:
+        "201":
+          description: Successful response
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/Id"
+        default:
+          description: General Error
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/Error"
+  /scripts/{ScriptID}:
+    get:
+      summary: Get the specified script by ID
+      operationId: getScript
+      tags:
+        - Scripts
+      parameters:
+        - $ref: '#/components/parameters/ScriptID'
+      responses:
+        "200":
+          description: Successful response
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/Script"
+        default:
+          description: General Error
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/Error"
+    post:
+      summary: Update the specified script by ID
+      operationId: updateScript
+      tags:
+        - Scripts
+      parameters:
+        - $ref: '#/components/parameters/ScriptID'
+      requestBody:
+        required: true
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/ScriptUpdate'
+      responses:
+        "204":
+          description: Successful response
+        default:
+          description: General Error
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/Error"
+    delete:
+      summary: Delete the specified script by ID
+      operationId: deleteScript
+      tags:
+        - Scripts
+      parameters:
+        - $ref: '#/components/parameters/ScriptID'
+      responses:
+        "204":
+          description: Successful response
        default:
          description: General Error
          content:
@@ -185,19 +499,77 @@ paths:
              schema:
                $ref: "#/components/schemas/Error"
 components:
+  securitySchemes:
+    cookieAuth:
+      type: apiKey
+      in: cookie
+      name: session_id
+  parameters:
+    SubmissionID:
+      name: SubmissionID
+      in: path
+      required: true
+      description: The unique identifier for a submission.
+      schema:
+        type: integer
+        format: int64
+    ScriptID:
+      name: ScriptID
+      in: path
+      required: true
+      description: The unique identifier for a script.
+      schema:
+        type: integer
+        format: int64
+    ScriptPolicyID:
+      name: ScriptPolicyID
+      in: path
+      required: true
+      description: The unique identifier for a script policy.
+      schema:
+        type: integer
+        format: int64
+    Page:
+      name: Page
+      in: query
+      required: true
+      schema:
+        type: integer
+        format: int32
+        minimum: 1
+    Limit:
+      name: Limit
+      in: query
+      required: true
+      schema:
+        type: integer
+        format: int32
+        minimum: 1
+        maximum: 100
  schemas:
-    User:
+    Id:
+      required:
+      - ID
      type: object
      properties:
        ID:
          type: integer
          format: int64
-        Username:
-          type: string
-        StateID:
-          type: integer
-          format: int32
    Submission:
+      required:
+      - ID
+      - DisplayName
+      - Creator
+      - GameID
+      - CreatedAt
+      - UpdatedAt
+      - Submitter
+      - AssetID
+      - AssetVersion
+      - Completed
+      - SubmissionType
+#     - TargetAssetID
+      - StatusID
      type: object
      properties:
        ID:
@@ -205,12 +577,17 @@ components:
          format: int64
        DisplayName:
          type: string
+          maxLength: 128
        Creator:
          type: string
+          maxLength: 128
        GameID:
          type: integer
          format: int32
-        Date:
+        CreatedAt:
+          type: integer
+          format: int64
+        UpdatedAt:
          type: integer
          format: int64
        Submitter:
@@ -233,37 +610,146 @@ components:
        StatusID:
          type: integer
          format: int32
-    SubmissionFilter:
+    SubmissionCreate:
+      required:
+      - DisplayName
+      - Creator
+      - GameID
+      - AssetID
+      - AssetVersion
+#     - TargetAssetID
+      type: object
+      properties:
+        DisplayName:
+          type: string
+          maxLength: 128
+        Creator:
+          type: string
+          maxLength: 128
+        GameID:
+          type: integer
+          format: int32
+        AssetID:
+          type: integer
+          format: int64
+        AssetVersion:
+          type: integer
+          format: int64
+        TargetAssetID:
+          type: integer
+          format: int64
+    Script:
+      required:
+      - ID
+      - Name
+      - Hash
+      - Source
+      - SubmissionID
      type: object
      properties:
        ID:
          type: integer
          format: int64
-        DisplayName:
+        Name:
          type: string
-        Creator:
+          maxLength: 128
+        Hash:
          type: string
-        GameID:
-          type: integer
-          format: int32
-        Date:
+          minLength: 16
+          maxLength: 16
+        Source:
+          type: string
+          maxLength: 1048576
+        SubmissionID:
          type: integer
          format: int64
-    Pagination:
-      type: object
+    ScriptCreate:
      required:
-        - Page
-        - Limit
+      - Name
+      - Source
+#     - SubmissionID
+      type: object
      properties:
-        Page:
+        Name:
+          type: string
+          maxLength: 128
+        Source:
+          type: string
+          maxLength: 1048576
+        SubmissionID:
+          type: integer
+          format: int64
+    ScriptUpdate:
+      required:
+      - ID
+      type: object
+      properties:
+        ID:
+          type: integer
+          format: int64
+        Name:
+          type: string
+          maxLength: 128
+        Source:
+          type: string
+          maxLength: 1048576
+        SubmissionID:
+          type: integer
+          format: int64
+    ScriptPolicy:
+      required:
+      - ID
+      - FromScriptHash
+      - ToScriptID
+      - Policy
+      type: object
+      properties:
+        ID:
+          type: integer
+          format: int64
+        FromScriptHash:
+          type: string
+          minLength: 16
+          maxLength: 16
+        ToScriptID:
+          type: integer
+          format: int64
+        Policy:
          type: integer
          format: int32
-          minimum: 1
-        Limit:
+    ScriptPolicyCreate:
+      required:
+      - FromScriptID
+      - ToScriptID
+      - Policy
+      type: object
+      properties:
+        FromScriptID:
+          type: integer
+          format: int64
+        ToScriptID:
+          type: integer
+          format: int64
+        Policy:
+          type: integer
+          format: int32
+    ScriptPolicyUpdate:
+      required:
+      - ID
+      type: object
+      properties:
+        ID:
+          type: integer
+          format: int64
+        FromScriptID:
+          type: integer
+          format: int64
+        ToScriptID:
+          type: integer
+          format: int64
+        Policy:
          type: integer
          format: int32
-          minimum: 1
-          maximum: 100
    Error:
      description: Represents error object
      type: object
--- a/pkg/api/oas_cfg_gen.go
+++ b/pkg/api/oas_cfg_gen.go
--- a/pkg/api/oas_client_gen.go
+++ b/pkg/api/oas_client_gen.go
--- a/pkg/api/oas_handlers_gen.go
+++ b/pkg/api/oas_handlers_gen.go
--- a/pkg/api/oas_json_gen.go
+++ b/pkg/api/oas_json_gen.go
--- a/pkg/api/oas_labeler_gen.go
+++ b/pkg/api/oas_labeler_gen.go
--- a/pkg/api/oas_middleware_gen.go
+++ b/pkg/api/oas_middleware_gen.go
--- a/pkg/api/oas_operations_gen.go
+++ b/pkg/api/oas_operations_gen.go
@@ -0,0 +1,30 @@
+// Code generated by ogen, DO NOT EDIT.
+
+package api
+
+// OperationName is the ogen operation name
+type OperationName = string
+
+const (
+	ActionSubmissionRejectOperation          OperationName = "ActionSubmissionReject"
+	ActionSubmissionRequestChangesOperation  OperationName = "ActionSubmissionRequestChanges"
+	ActionSubmissionRevokeOperation          OperationName = "ActionSubmissionRevoke"
+	ActionSubmissionSubmitOperation          OperationName = "ActionSubmissionSubmit"
+	ActionSubmissionTriggerUploadOperation   OperationName = "ActionSubmissionTriggerUpload"
+	ActionSubmissionTriggerValidateOperation OperationName = "ActionSubmissionTriggerValidate"
+	CreateScriptOperation                    OperationName = "CreateScript"
+	CreateScriptPolicyOperation              OperationName = "CreateScriptPolicy"
+	CreateSubmissionOperation                OperationName = "CreateSubmission"
+	DeleteScriptOperation                    OperationName = "DeleteScript"
+	DeleteScriptPolicyOperation              OperationName = "DeleteScriptPolicy"
+	GetScriptOperation                       OperationName = "GetScript"
+	GetScriptPolicyOperation                 OperationName = "GetScriptPolicy"
+	GetSubmissionOperation                   OperationName = "GetSubmission"
+	ListScriptPolicyOperation                OperationName = "ListScriptPolicy"
+	ListScriptsOperation                     OperationName = "ListScripts"
+	ListSubmissionsOperation                 OperationName = "ListSubmissions"
+	SetSubmissionCompletedOperation          OperationName = "SetSubmissionCompleted"
+	UpdateScriptOperation                    OperationName = "UpdateScript"
+	UpdateScriptPolicyOperation              OperationName = "UpdateScriptPolicy"
+	UpdateSubmissionModelOperation           OperationName = "UpdateSubmissionModel"
+)
--- a/pkg/api/oas_parameters_gen.go
+++ b/pkg/api/oas_parameters_gen.go
--- a/pkg/api/oas_request_decoders_gen.go
+++ b/pkg/api/oas_request_decoders_gen.go
@@ -0,0 +1,355 @@
+// Code generated by ogen, DO NOT EDIT.
+
+package api
+
+import (
+	"io"
+	"mime"
+	"net/http"
+
+	"github.com/go-faster/errors"
+	"github.com/go-faster/jx"
+	"go.uber.org/multierr"
+
+	"github.com/ogen-go/ogen/ogenerrors"
+	"github.com/ogen-go/ogen/validate"
+)
+
+func (s *Server) decodeCreateScriptRequest(r *http.Request) (
+	req *ScriptCreate,
+	close func() error,
+	rerr error,
+) {
+	var closers []func() error
+	close = func() error {
+		var merr error
+		// Close in reverse order, to match defer behavior.
+		for i := len(closers) - 1; i >= 0; i-- {
+			c := closers[i]
+			merr = multierr.Append(merr, c())
+		}
+		return merr
+	}
+	defer func() {
+		if rerr != nil {
+			rerr = multierr.Append(rerr, close())
+		}
+	}()
+	ct, _, err := mime.ParseMediaType(r.Header.Get("Content-Type"))
+	if err != nil {
+		return req, close, errors.Wrap(err, "parse media type")
+	}
+	switch {
+	case ct == "application/json":
+		if r.ContentLength == 0 {
+			return req, close, validate.ErrBodyRequired
+		}
+		buf, err := io.ReadAll(r.Body)
+		if err != nil {
+			return req, close, err
+		}
+
+		if len(buf) == 0 {
+			return req, close, validate.ErrBodyRequired
+		}
+
+		d := jx.DecodeBytes(buf)
+
+		var request ScriptCreate
+		if err := func() error {
+			if err := request.Decode(d); err != nil {
+				return err
+			}
+			if err := d.Skip(); err != io.EOF {
+				return errors.New("unexpected trailing data")
+			}
+			return nil
+		}(); err != nil {
+			err = &ogenerrors.DecodeBodyError{
+				ContentType: ct,
+				Body:        buf,
+				Err:         err,
+			}
+			return req, close, err
+		}
+		if err := func() error {
+			if err := request.Validate(); err != nil {
+				return err
+			}
+			return nil
+		}(); err != nil {
+			return req, close, errors.Wrap(err, "validate")
+		}
+		return &request, close, nil
+	default:
+		return req, close, validate.InvalidContentType(ct)
+	}
+}
+
+func (s *Server) decodeCreateScriptPolicyRequest(r *http.Request) (
+	req *ScriptPolicyCreate,
+	close func() error,
+	rerr error,
+) {
+	var closers []func() error
+	close = func() error {
+		var merr error
+		// Close in reverse order, to match defer behavior.
+		for i := len(closers) - 1; i >= 0; i-- {
+			c := closers[i]
+			merr = multierr.Append(merr, c())
+		}
+		return merr
+	}
+	defer func() {
+		if rerr != nil {
+			rerr = multierr.Append(rerr, close())
+		}
+	}()
+	ct, _, err := mime.ParseMediaType(r.Header.Get("Content-Type"))
+	if err != nil {
+		return req, close, errors.Wrap(err, "parse media type")
+	}
+	switch {
+	case ct == "application/json":
+		if r.ContentLength == 0 {
+			return req, close, validate.ErrBodyRequired
+		}
+		buf, err := io.ReadAll(r.Body)
+		if err != nil {
+			return req, close, err
+		}
+
+		if len(buf) == 0 {
+			return req, close, validate.ErrBodyRequired
+		}
+
+		d := jx.DecodeBytes(buf)
+
+		var request ScriptPolicyCreate
+		if err := func() error {
+			if err := request.Decode(d); err != nil {
+				return err
+			}
+			if err := d.Skip(); err != io.EOF {
+				return errors.New("unexpected trailing data")
+			}
+			return nil
+		}(); err != nil {
+			err = &ogenerrors.DecodeBodyError{
+				ContentType: ct,
+				Body:        buf,
+				Err:         err,
+			}
+			return req, close, err
+		}
+		return &request, close, nil
+	default:
+		return req, close, validate.InvalidContentType(ct)
+	}
+}
+
+func (s *Server) decodeCreateSubmissionRequest(r *http.Request) (
+	req *SubmissionCreate,
+	close func() error,
+	rerr error,
+) {
+	var closers []func() error
+	close = func() error {
+		var merr error
+		// Close in reverse order, to match defer behavior.
+		for i := len(closers) - 1; i >= 0; i-- {
+			c := closers[i]
+			merr = multierr.Append(merr, c())
+		}
+		return merr
+	}
+	defer func() {
+		if rerr != nil {
+			rerr = multierr.Append(rerr, close())
+		}
+	}()
+	ct, _, err := mime.ParseMediaType(r.Header.Get("Content-Type"))
+	if err != nil {
+		return req, close, errors.Wrap(err, "parse media type")
+	}
+	switch {
+	case ct == "application/json":
+		if r.ContentLength == 0 {
+			return req, close, validate.ErrBodyRequired
+		}
+		buf, err := io.ReadAll(r.Body)
+		if err != nil {
+			return req, close, err
+		}
+
+		if len(buf) == 0 {
+			return req, close, validate.ErrBodyRequired
+		}
+
+		d := jx.DecodeBytes(buf)
+
+		var request SubmissionCreate
+		if err := func() error {
+			if err := request.Decode(d); err != nil {
+				return err
+			}
+			if err := d.Skip(); err != io.EOF {
+				return errors.New("unexpected trailing data")
+			}
+			return nil
+		}(); err != nil {
+			err = &ogenerrors.DecodeBodyError{
+				ContentType: ct,
+				Body:        buf,
+				Err:         err,
+			}
+			return req, close, err
+		}
+		if err := func() error {
+			if err := request.Validate(); err != nil {
+				return err
+			}
+			return nil
+		}(); err != nil {
+			return req, close, errors.Wrap(err, "validate")
+		}
+		return &request, close, nil
+	default:
+		return req, close, validate.InvalidContentType(ct)
+	}
+}
+
+func (s *Server) decodeUpdateScriptRequest(r *http.Request) (
+	req *ScriptUpdate,
+	close func() error,
+	rerr error,
+) {
+	var closers []func() error
+	close = func() error {
+		var merr error
+		// Close in reverse order, to match defer behavior.
+		for i := len(closers) - 1; i >= 0; i-- {
+			c := closers[i]
+			merr = multierr.Append(merr, c())
+		}
+		return merr
+	}
+	defer func() {
+		if rerr != nil {
+			rerr = multierr.Append(rerr, close())
+		}
+	}()
+	ct, _, err := mime.ParseMediaType(r.Header.Get("Content-Type"))
+	if err != nil {
+		return req, close, errors.Wrap(err, "parse media type")
+	}
+	switch {
+	case ct == "application/json":
+		if r.ContentLength == 0 {
+			return req, close, validate.ErrBodyRequired
+		}
+		buf, err := io.ReadAll(r.Body)
+		if err != nil {
+			return req, close, err
+		}
+
+		if len(buf) == 0 {
+			return req, close, validate.ErrBodyRequired
+		}
+
+		d := jx.DecodeBytes(buf)
+
+		var request ScriptUpdate
+		if err := func() error {
+			if err := request.Decode(d); err != nil {
+				return err
+			}
+			if err := d.Skip(); err != io.EOF {
+				return errors.New("unexpected trailing data")
+			}
+			return nil
+		}(); err != nil {
+			err = &ogenerrors.DecodeBodyError{
+				ContentType: ct,
+				Body:        buf,
+				Err:         err,
+			}
+			return req, close, err
+		}
+		if err := func() error {
+			if err := request.Validate(); err != nil {
+				return err
+			}
+			return nil
+		}(); err != nil {
+			return req, close, errors.Wrap(err, "validate")
+		}
+		return &request, close, nil
+	default:
+		return req, close, validate.InvalidContentType(ct)
+	}
+}
+
+func (s *Server) decodeUpdateScriptPolicyRequest(r *http.Request) (
+	req *ScriptPolicyUpdate,
+	close func() error,
+	rerr error,
+) {
+	var closers []func() error
+	close = func() error {
+		var merr error
+		// Close in reverse order, to match defer behavior.
+		for i := len(closers) - 1; i >= 0; i-- {
+			c := closers[i]
+			merr = multierr.Append(merr, c())
+		}
+		return merr
+	}
+	defer func() {
+		if rerr != nil {
+			rerr = multierr.Append(rerr, close())
+		}
+	}()
+	ct, _, err := mime.ParseMediaType(r.Header.Get("Content-Type"))
+	if err != nil {
+		return req, close, errors.Wrap(err, "parse media type")
+	}
+	switch {
+	case ct == "application/json":
+		if r.ContentLength == 0 {
+			return req, close, validate.ErrBodyRequired
+		}
+		buf, err := io.ReadAll(r.Body)
+		if err != nil {
+			return req, close, err
+		}
+
+		if len(buf) == 0 {
+			return req, close, validate.ErrBodyRequired
+		}
+
+		d := jx.DecodeBytes(buf)
+
+		var request ScriptPolicyUpdate
+		if err := func() error {
+			if err := request.Decode(d); err != nil {
+				return err
+			}
+			if err := d.Skip(); err != io.EOF {
+				return errors.New("unexpected trailing data")
+			}
+			return nil
+		}(); err != nil {
+			err = &ogenerrors.DecodeBodyError{
+				ContentType: ct,
+				Body:        buf,
+				Err:         err,
+			}
+			return req, close, err
+		}
+		return &request, close, nil
+	default:
+		return req, close, validate.InvalidContentType(ct)
+	}
+}
--- a/pkg/api/oas_request_encoders_gen.go
+++ b/pkg/api/oas_request_encoders_gen.go
@@ -0,0 +1,82 @@
+// Code generated by ogen, DO NOT EDIT.
+
+package api
+
+import (
+	"bytes"
+	"net/http"
+
+	"github.com/go-faster/jx"
+
+	ht "github.com/ogen-go/ogen/http"
+)
+
+func encodeCreateScriptRequest(
+	req *ScriptCreate,
+	r *http.Request,
+) error {
+	const contentType = "application/json"
+	e := new(jx.Encoder)
+	{
+		req.Encode(e)
+	}
+	encoded := e.Bytes()
+	ht.SetBody(r, bytes.NewReader(encoded), contentType)
+	return nil
+}
+
+func encodeCreateScriptPolicyRequest(
+	req *ScriptPolicyCreate,
+	r *http.Request,
+) error {
+	const contentType = "application/json"
+	e := new(jx.Encoder)
+	{
+		req.Encode(e)
+	}
+	encoded := e.Bytes()
+	ht.SetBody(r, bytes.NewReader(encoded), contentType)
+	return nil
+}
+
+func encodeCreateSubmissionRequest(
+	req *SubmissionCreate,
+	r *http.Request,
+) error {
+	const contentType = "application/json"
+	e := new(jx.Encoder)
+	{
+		req.Encode(e)
+	}
+	encoded := e.Bytes()
+	ht.SetBody(r, bytes.NewReader(encoded), contentType)
+	return nil
+}
+
+func encodeUpdateScriptRequest(
+	req *ScriptUpdate,
+	r *http.Request,
+) error {
+	const contentType = "application/json"
+	e := new(jx.Encoder)
+	{
+		req.Encode(e)
+	}
+	encoded := e.Bytes()
+	ht.SetBody(r, bytes.NewReader(encoded), contentType)
+	return nil
+}
+
+func encodeUpdateScriptPolicyRequest(
+	req *ScriptPolicyUpdate,
+	r *http.Request,
+) error {
+	const contentType = "application/json"
+	e := new(jx.Encoder)
+	{
+		req.Encode(e)
+	}
+	encoded := e.Bytes()
+	ht.SetBody(r, bytes.NewReader(encoded), contentType)
+	return nil
+}
--- a/pkg/api/oas_response_decoders_gen.go
+++ b/pkg/api/oas_response_decoders_gen.go
--- a/pkg/api/oas_response_encoders_gen.go
+++ b/pkg/api/oas_response_encoders_gen.go
@@ -0,0 +1,263 @@
+// Code generated by ogen, DO NOT EDIT.
+
+package api
+
+import (
+	"net/http"
+
+	"github.com/go-faster/errors"
+	"github.com/go-faster/jx"
+	"go.opentelemetry.io/otel/codes"
+	"go.opentelemetry.io/otel/trace"
+
+	ht "github.com/ogen-go/ogen/http"
+)
+
+func encodeActionSubmissionRejectResponse(response *ActionSubmissionRejectNoContent, w http.ResponseWriter, span trace.Span) error {
+	w.WriteHeader(204)
+	span.SetStatus(codes.Ok, http.StatusText(204))
+
+	return nil
+}
+
+func encodeActionSubmissionRequestChangesResponse(response *ActionSubmissionRequestChangesNoContent, w http.ResponseWriter, span trace.Span) error {
+	w.WriteHeader(204)
+	span.SetStatus(codes.Ok, http.StatusText(204))
+
+	return nil
+}
+
+func encodeActionSubmissionRevokeResponse(response *ActionSubmissionRevokeNoContent, w http.ResponseWriter, span trace.Span) error {
+	w.WriteHeader(204)
+	span.SetStatus(codes.Ok, http.StatusText(204))
+
+	return nil
+}
+
+func encodeActionSubmissionSubmitResponse(response *ActionSubmissionSubmitNoContent, w http.ResponseWriter, span trace.Span) error {
+	w.WriteHeader(204)
+	span.SetStatus(codes.Ok, http.StatusText(204))
+
+	return nil
+}
+
+func encodeActionSubmissionTriggerUploadResponse(response *ActionSubmissionTriggerUploadNoContent, w http.ResponseWriter, span trace.Span) error {
+	w.WriteHeader(204)
+	span.SetStatus(codes.Ok, http.StatusText(204))
+
+	return nil
+}
+
+func encodeActionSubmissionTriggerValidateResponse(response *ActionSubmissionTriggerValidateNoContent, w http.ResponseWriter, span trace.Span) error {
+	w.WriteHeader(204)
+	span.SetStatus(codes.Ok, http.StatusText(204))
+
+	return nil
+}
+
+func encodeCreateScriptResponse(response *ID, w http.ResponseWriter, span trace.Span) error {
+	w.Header().Set("Content-Type", "application/json; charset=utf-8")
+	w.WriteHeader(201)
+	span.SetStatus(codes.Ok, http.StatusText(201))
+
+	e := new(jx.Encoder)
+	response.Encode(e)
+	if _, err := e.WriteTo(w); err != nil {
+		return errors.Wrap(err, "write")
+	}
+
+	return nil
+}
+
+func encodeCreateScriptPolicyResponse(response *ID, w http.ResponseWriter, span trace.Span) error {
+	w.Header().Set("Content-Type", "application/json; charset=utf-8")
+	w.WriteHeader(201)
+	span.SetStatus(codes.Ok, http.StatusText(201))
+
+	e := new(jx.Encoder)
+	response.Encode(e)
+	if _, err := e.WriteTo(w); err != nil {
+		return errors.Wrap(err, "write")
+	}
+
+	return nil
+}
+
+func encodeCreateSubmissionResponse(response *ID, w http.ResponseWriter, span trace.Span) error {
+	w.Header().Set("Content-Type", "application/json; charset=utf-8")
+	w.WriteHeader(201)
+	span.SetStatus(codes.Ok, http.StatusText(201))
+
+	e := new(jx.Encoder)
+	response.Encode(e)
+	if _, err := e.WriteTo(w); err != nil {
+		return errors.Wrap(err, "write")
+	}
+
+	return nil
+}
+
+func encodeDeleteScriptResponse(response *DeleteScriptNoContent, w http.ResponseWriter, span trace.Span) error {
+	w.WriteHeader(204)
+	span.SetStatus(codes.Ok, http.StatusText(204))
+
+	return nil
+}
+
+func encodeDeleteScriptPolicyResponse(response *DeleteScriptPolicyNoContent, w http.ResponseWriter, span trace.Span) error {
+	w.WriteHeader(204)
+	span.SetStatus(codes.Ok, http.StatusText(204))
+
+	return nil
+}
+
+func encodeGetScriptResponse(response *Script, w http.ResponseWriter, span trace.Span) error {
+	w.Header().Set("Content-Type", "application/json; charset=utf-8")
+	w.WriteHeader(200)
+	span.SetStatus(codes.Ok, http.StatusText(200))
+
+	e := new(jx.Encoder)
+	response.Encode(e)
+	if _, err := e.WriteTo(w); err != nil {
+		return errors.Wrap(err, "write")
+	}
+
+	return nil
+}
+
+func encodeGetScriptPolicyResponse(response *ScriptPolicy, w http.ResponseWriter, span trace.Span) error {
+	w.Header().Set("Content-Type", "application/json; charset=utf-8")
+	w.WriteHeader(200)
+	span.SetStatus(codes.Ok, http.StatusText(200))
+
+	e := new(jx.Encoder)
+	response.Encode(e)
+	if _, err := e.WriteTo(w); err != nil {
+		return errors.Wrap(err, "write")
+	}
+
+	return nil
+}
+
+func encodeGetSubmissionResponse(response *Submission, w http.ResponseWriter, span trace.Span) error {
+	w.Header().Set("Content-Type", "application/json; charset=utf-8")
+	w.WriteHeader(200)
+	span.SetStatus(codes.Ok, http.StatusText(200))
+
+	e := new(jx.Encoder)
+	response.Encode(e)
+	if _, err := e.WriteTo(w); err != nil {
+		return errors.Wrap(err, "write")
+	}
+
+	return nil
+}
+
+func encodeListScriptPolicyResponse(response []ScriptPolicy, w http.ResponseWriter, span trace.Span) error {
+	w.Header().Set("Content-Type", "application/json; charset=utf-8")
+	w.WriteHeader(200)
+	span.SetStatus(codes.Ok, http.StatusText(200))
+
+	e := new(jx.Encoder)
+	e.ArrStart()
+	for _, elem := range response {
+		elem.Encode(e)
+	}
+	e.ArrEnd()
+	if _, err := e.WriteTo(w); err != nil {
+		return errors.Wrap(err, "write")
+	}
+
+	return nil
+}
+
+func encodeListScriptsResponse(response []Script, w http.ResponseWriter, span trace.Span) error {
+	w.Header().Set("Content-Type", "application/json; charset=utf-8")
+	w.WriteHeader(200)
+	span.SetStatus(codes.Ok, http.StatusText(200))
+
+	e := new(jx.Encoder)
+	e.ArrStart()
+	for _, elem := range response {
+		elem.Encode(e)
+	}
+	e.ArrEnd()
+	if _, err := e.WriteTo(w); err != nil {
+		return errors.Wrap(err, "write")
+	}
+
+	return nil
+}
+
+func encodeListSubmissionsResponse(response []Submission, w http.ResponseWriter, span trace.Span) error {
+	w.Header().Set("Content-Type", "application/json; charset=utf-8")
+	w.WriteHeader(200)
+	span.SetStatus(codes.Ok, http.StatusText(200))
+
+	e := new(jx.Encoder)
+	e.ArrStart()
+	for _, elem := range response {
+		elem.Encode(e)
+	}
+	e.ArrEnd()
+	if _, err := e.WriteTo(w); err != nil {
+		return errors.Wrap(err, "write")
+	}
+
+	return nil
+}
+
+func encodeSetSubmissionCompletedResponse(response *SetSubmissionCompletedNoContent, w http.ResponseWriter, span trace.Span) error {
+	w.WriteHeader(204)
+	span.SetStatus(codes.Ok, http.StatusText(204))
+
+	return nil
+}
+
+func encodeUpdateScriptResponse(response *UpdateScriptNoContent, w http.ResponseWriter, span trace.Span) error {
+	w.WriteHeader(204)
+	span.SetStatus(codes.Ok, http.StatusText(204))
+
+	return nil
+}
+
+func encodeUpdateScriptPolicyResponse(response *UpdateScriptPolicyNoContent, w http.ResponseWriter, span trace.Span) error {
+	w.WriteHeader(204)
+	span.SetStatus(codes.Ok, http.StatusText(204))
+
+	return nil
+}
+
+func encodeUpdateSubmissionModelResponse(response *UpdateSubmissionModelNoContent, w http.ResponseWriter, span trace.Span) error {
+	w.WriteHeader(204)
+	span.SetStatus(codes.Ok, http.StatusText(204))
+
+	return nil
+}
+
+func encodeErrorResponse(response *ErrorStatusCode, w http.ResponseWriter, span trace.Span) error {
+	w.Header().Set("Content-Type", "application/json; charset=utf-8")
+	code := response.StatusCode
+	if code == 0 {
+		// Set default status code.
+		code = http.StatusOK
+	}
+	w.WriteHeader(code)
+	if st := http.StatusText(code); code >= http.StatusBadRequest {
+		span.SetStatus(codes.Error, st)
+	} else {
+		span.SetStatus(codes.Ok, st)
+	}
+
+	e := new(jx.Encoder)
+	response.Response.Encode(e)
+	if _, err := e.WriteTo(w); err != nil {
+		return errors.Wrap(err, "write")
+	}
+
+	if code >= http.StatusInternalServerError {
+		return errors.Wrapf(ht.ErrInternalServerErrorResponse, "code: %d, message: %s", code, http.StatusText(code))
+	}
+	return nil
+
+}
--- a/pkg/api/oas_router_gen.go
+++ b/pkg/api/oas_router_gen.go
--- a/pkg/api/oas_schemas_gen.go
+++ b/pkg/api/oas_schemas_gen.go
@@ -0,0 +1,761 @@
+// Code generated by ogen, DO NOT EDIT.
+
+package api
+
+import (
+	"fmt"
+)
+
+func (s *ErrorStatusCode) Error() string {
+	return fmt.Sprintf("code %d: %+v", s.StatusCode, s.Response)
+}
+
+// ActionSubmissionRejectNoContent is response for ActionSubmissionReject operation.
+type ActionSubmissionRejectNoContent struct{}
+
+// ActionSubmissionRequestChangesNoContent is response for ActionSubmissionRequestChanges operation.
+type ActionSubmissionRequestChangesNoContent struct{}
+
+// ActionSubmissionRevokeNoContent is response for ActionSubmissionRevoke operation.
+type ActionSubmissionRevokeNoContent struct{}
+
+// ActionSubmissionSubmitNoContent is response for ActionSubmissionSubmit operation.
+type ActionSubmissionSubmitNoContent struct{}
+
+// ActionSubmissionTriggerUploadNoContent is response for ActionSubmissionTriggerUpload operation.
+type ActionSubmissionTriggerUploadNoContent struct{}
+
+// ActionSubmissionTriggerValidateNoContent is response for ActionSubmissionTriggerValidate operation.
+type ActionSubmissionTriggerValidateNoContent struct{}
+
+type CookieAuth struct {
+	APIKey string
+}
+
+// GetAPIKey returns the value of APIKey.
+func (s *CookieAuth) GetAPIKey() string {
+	return s.APIKey
+}
+
+// SetAPIKey sets the value of APIKey.
+func (s *CookieAuth) SetAPIKey(val string) {
+	s.APIKey = val
+}
+
+// DeleteScriptNoContent is response for DeleteScript operation.
+type DeleteScriptNoContent struct{}
+
+// DeleteScriptPolicyNoContent is response for DeleteScriptPolicy operation.
+type DeleteScriptPolicyNoContent struct{}
+
+// Represents error object.
+// Ref: #/components/schemas/Error
+type Error struct {
+	Code    int64  `json:"code"`
+	Message string `json:"message"`
+}
+
+// GetCode returns the value of Code.
+func (s *Error) GetCode() int64 {
+	return s.Code
+}
+
+// GetMessage returns the value of Message.
+func (s *Error) GetMessage() string {
+	return s.Message
+}
+
+// SetCode sets the value of Code.
+func (s *Error) SetCode(val int64) {
+	s.Code = val
+}
+
+// SetMessage sets the value of Message.
+func (s *Error) SetMessage(val string) {
+	s.Message = val
+}
+
+// ErrorStatusCode wraps Error with StatusCode.
+type ErrorStatusCode struct {
+	StatusCode int
+	Response   Error
+}
+
+// GetStatusCode returns the value of StatusCode.
+func (s *ErrorStatusCode) GetStatusCode() int {
+	return s.StatusCode
+}
+
+// GetResponse returns the value of Response.
+func (s *ErrorStatusCode) GetResponse() Error {
+	return s.Response
+}
+
+// SetStatusCode sets the value of StatusCode.
+func (s *ErrorStatusCode) SetStatusCode(val int) {
+	s.StatusCode = val
+}
+
+// SetResponse sets the value of Response.
+func (s *ErrorStatusCode) SetResponse(val Error) {
+	s.Response = val
+}
+
+// Ref: #/components/schemas/Id
+type ID struct {
+	ID int64 `json:"ID"`
+}
+
+// GetID returns the value of ID.
+func (s *ID) GetID() int64 {
+	return s.ID
+}
+
+// SetID sets the value of ID.
+func (s *ID) SetID(val int64) {
+	s.ID = val
+}
+
+// NewOptInt32 returns new OptInt32 with value set to v.
+func NewOptInt32(v int32) OptInt32 {
+	return OptInt32{
+		Value: v,
+		Set:   true,
+	}
+}
+
+// OptInt32 is optional int32.
+type OptInt32 struct {
+	Value int32
+	Set   bool
+}
+
+// IsSet returns true if OptInt32 was set.
+func (o OptInt32) IsSet() bool { return o.Set }
+
+// Reset unsets value.
+func (o *OptInt32) Reset() {
+	var v int32
+	o.Value = v
+	o.Set = false
+}
+
+// SetTo sets value to v.
+func (o *OptInt32) SetTo(v int32) {
+	o.Set = true
+	o.Value = v
+}
+
+// Get returns value and boolean that denotes whether value was set.
+func (o OptInt32) Get() (v int32, ok bool) {
+	if !o.Set {
+		return v, false
+	}
+	return o.Value, true
+}
+
+// Or returns value if set, or given parameter if does not.
+func (o OptInt32) Or(d int32) int32 {
+	if v, ok := o.Get(); ok {
+		return v
+	}
+	return d
+}
+
+// NewOptInt64 returns new OptInt64 with value set to v.
+func NewOptInt64(v int64) OptInt64 {
+	return OptInt64{
+		Value: v,
+		Set:   true,
+	}
+}
+
+// OptInt64 is optional int64.
+type OptInt64 struct {
+	Value int64
+	Set   bool
+}
+
+// IsSet returns true if OptInt64 was set.
+func (o OptInt64) IsSet() bool { return o.Set }
+
+// Reset unsets value.
+func (o *OptInt64) Reset() {
+	var v int64
+	o.Value = v
+	o.Set = false
+}
+
+// SetTo sets value to v.
+func (o *OptInt64) SetTo(v int64) {
+	o.Set = true
+	o.Value = v
+}
+
+// Get returns value and boolean that denotes whether value was set.
+func (o OptInt64) Get() (v int64, ok bool) {
+	if !o.Set {
+		return v, false
+	}
+	return o.Value, true
+}
+
+// Or returns value if set, or given parameter if does not.
+func (o OptInt64) Or(d int64) int64 {
+	if v, ok := o.Get(); ok {
+		return v
+	}
+	return d
+}
+
+// NewOptString returns new OptString with value set to v.
+func NewOptString(v string) OptString {
+	return OptString{
+		Value: v,
+		Set:   true,
+	}
+}
+
+// OptString is optional string.
+type OptString struct {
+	Value string
+	Set   bool
+}
+
+// IsSet returns true if OptString was set.
+func (o OptString) IsSet() bool { return o.Set }
+
+// Reset unsets value.
+func (o *OptString) Reset() {
+	var v string
+	o.Value = v
+	o.Set = false
+}
+
+// SetTo sets value to v.
+func (o *OptString) SetTo(v string) {
+	o.Set = true
+	o.Value = v
+}
+
+// Get returns value and boolean that denotes whether value was set.
+func (o OptString) Get() (v string, ok bool) {
+	if !o.Set {
+		return v, false
+	}
+	return o.Value, true
+}
+
+// Or returns value if set, or given parameter if does not.
+func (o OptString) Or(d string) string {
+	if v, ok := o.Get(); ok {
+		return v
+	}
+	return d
+}
+
+// Ref: #/components/schemas/Script
+type Script struct {
+	ID           int64  `json:"ID"`
+	Name         string `json:"Name"`
+	Hash         string `json:"Hash"`
+	Source       string `json:"Source"`
+	SubmissionID int64  `json:"SubmissionID"`
+}
+
+// GetID returns the value of ID.
+func (s *Script) GetID() int64 {
+	return s.ID
+}
+
+// GetName returns the value of Name.
+func (s *Script) GetName() string {
+	return s.Name
+}
+
+// GetHash returns the value of Hash.
+func (s *Script) GetHash() string {
+	return s.Hash
+}
+
+// GetSource returns the value of Source.
+func (s *Script) GetSource() string {
+	return s.Source
+}
+
+// GetSubmissionID returns the value of SubmissionID.
+func (s *Script) GetSubmissionID() int64 {
+	return s.SubmissionID
+}
+
+// SetID sets the value of ID.
+func (s *Script) SetID(val int64) {
+	s.ID = val
+}
+
+// SetName sets the value of Name.
+func (s *Script) SetName(val string) {
+	s.Name = val
+}
+
+// SetHash sets the value of Hash.
+func (s *Script) SetHash(val string) {
+	s.Hash = val
+}
+
+// SetSource sets the value of Source.
+func (s *Script) SetSource(val string) {
+	s.Source = val
+}
+
+// SetSubmissionID sets the value of SubmissionID.
+func (s *Script) SetSubmissionID(val int64) {
+	s.SubmissionID = val
+}
+
+// Ref: #/components/schemas/ScriptCreate
+type ScriptCreate struct {
+	Name         string   `json:"Name"`
+	Source       string   `json:"Source"`
+	SubmissionID OptInt64 `json:"SubmissionID"`
+}
+
+// GetName returns the value of Name.
+func (s *ScriptCreate) GetName() string {
+	return s.Name
+}
+
+// GetSource returns the value of Source.
+func (s *ScriptCreate) GetSource() string {
+	return s.Source
+}
+
+// GetSubmissionID returns the value of SubmissionID.
+func (s *ScriptCreate) GetSubmissionID() OptInt64 {
+	return s.SubmissionID
+}
+
+// SetName sets the value of Name.
+func (s *ScriptCreate) SetName(val string) {
+	s.Name = val
+}
+
+// SetSource sets the value of Source.
+func (s *ScriptCreate) SetSource(val string) {
+	s.Source = val
+}
+
+// SetSubmissionID sets the value of SubmissionID.
+func (s *ScriptCreate) SetSubmissionID(val OptInt64) {
+	s.SubmissionID = val
+}
+
+// Ref: #/components/schemas/ScriptPolicy
+type ScriptPolicy struct {
+	ID             int64  `json:"ID"`
+	FromScriptHash string `json:"FromScriptHash"`
+	ToScriptID     int64  `json:"ToScriptID"`
+	Policy         int32  `json:"Policy"`
+}
+
+// GetID returns the value of ID.
+func (s *ScriptPolicy) GetID() int64 {
+	return s.ID
+}
+
+// GetFromScriptHash returns the value of FromScriptHash.
+func (s *ScriptPolicy) GetFromScriptHash() string {
+	return s.FromScriptHash
+}
+
+// GetToScriptID returns the value of ToScriptID.
+func (s *ScriptPolicy) GetToScriptID() int64 {
+	return s.ToScriptID
+}
+
+// GetPolicy returns the value of Policy.
+func (s *ScriptPolicy) GetPolicy() int32 {
+	return s.Policy
+}
+
+// SetID sets the value of ID.
+func (s *ScriptPolicy) SetID(val int64) {
+	s.ID = val
+}
+
+// SetFromScriptHash sets the value of FromScriptHash.
+func (s *ScriptPolicy) SetFromScriptHash(val string) {
+	s.FromScriptHash = val
+}
+
+// SetToScriptID sets the value of ToScriptID.
+func (s *ScriptPolicy) SetToScriptID(val int64) {
+	s.ToScriptID = val
+}
+
+// SetPolicy sets the value of Policy.
+func (s *ScriptPolicy) SetPolicy(val int32) {
+	s.Policy = val
+}
+
+// Ref: #/components/schemas/ScriptPolicyCreate
+type ScriptPolicyCreate struct {
+	FromScriptID int64 `json:"FromScriptID"`
+	ToScriptID   int64 `json:"ToScriptID"`
+	Policy       int32 `json:"Policy"`
+}
+
+// GetFromScriptID returns the value of FromScriptID.
+func (s *ScriptPolicyCreate) GetFromScriptID() int64 {
+	return s.FromScriptID
+}
+
+// GetToScriptID returns the value of ToScriptID.
+func (s *ScriptPolicyCreate) GetToScriptID() int64 {
+	return s.ToScriptID
+}
+
+// GetPolicy returns the value of Policy.
+func (s *ScriptPolicyCreate) GetPolicy() int32 {
+	return s.Policy
+}
+
+// SetFromScriptID sets the value of FromScriptID.
+func (s *ScriptPolicyCreate) SetFromScriptID(val int64) {
+	s.FromScriptID = val
+}
+
+// SetToScriptID sets the value of ToScriptID.
+func (s *ScriptPolicyCreate) SetToScriptID(val int64) {
+	s.ToScriptID = val
+}
+
+// SetPolicy sets the value of Policy.
+func (s *ScriptPolicyCreate) SetPolicy(val int32) {
+	s.Policy = val
+}
+
+// Ref: #/components/schemas/ScriptPolicyUpdate
+type ScriptPolicyUpdate struct {
+	ID           int64    `json:"ID"`
+	FromScriptID OptInt64 `json:"FromScriptID"`
+	ToScriptID   OptInt64 `json:"ToScriptID"`
+	Policy       OptInt32 `json:"Policy"`
+}
+
+// GetID returns the value of ID.
+func (s *ScriptPolicyUpdate) GetID() int64 {
+	return s.ID
+}
+
+// GetFromScriptID returns the value of FromScriptID.
+func (s *ScriptPolicyUpdate) GetFromScriptID() OptInt64 {
+	return s.FromScriptID
+}
+
+// GetToScriptID returns the value of ToScriptID.
+func (s *ScriptPolicyUpdate) GetToScriptID() OptInt64 {
+	return s.ToScriptID
+}
+
+// GetPolicy returns the value of Policy.
+func (s *ScriptPolicyUpdate) GetPolicy() OptInt32 {
+	return s.Policy
+}
+
+// SetID sets the value of ID.
+func (s *ScriptPolicyUpdate) SetID(val int64) {
+	s.ID = val
+}
+
+// SetFromScriptID sets the value of FromScriptID.
+func (s *ScriptPolicyUpdate) SetFromScriptID(val OptInt64) {
+	s.FromScriptID = val
+}
+
+// SetToScriptID sets the value of ToScriptID.
+func (s *ScriptPolicyUpdate) SetToScriptID(val OptInt64) {
+	s.ToScriptID = val
+}
+
+// SetPolicy sets the value of Policy.
+func (s *ScriptPolicyUpdate) SetPolicy(val OptInt32) {
+	s.Policy = val
+}
+
+// Ref: #/components/schemas/ScriptUpdate
+type ScriptUpdate struct {
+	ID           int64     `json:"ID"`
+	Name         OptString `json:"Name"`
+	Source       OptString `json:"Source"`
+	SubmissionID OptInt64  `json:"SubmissionID"`
+}
+
+// GetID returns the value of ID.
+func (s *ScriptUpdate) GetID() int64 {
+	return s.ID
+}
+
+// GetName returns the value of Name.
+func (s *ScriptUpdate) GetName() OptString {
+	return s.Name
+}
+
+// GetSource returns the value of Source.
+func (s *ScriptUpdate) GetSource() OptString {
+	return s.Source
+}
+
+// GetSubmissionID returns the value of SubmissionID.
+func (s *ScriptUpdate) GetSubmissionID() OptInt64 {
+	return s.SubmissionID
+}
+
+// SetID sets the value of ID.
+func (s *ScriptUpdate) SetID(val int64) {
+	s.ID = val
+}
+
+// SetName sets the value of Name.
+func (s *ScriptUpdate) SetName(val OptString) {
+	s.Name = val
+}
+
+// SetSource sets the value of Source.
+func (s *ScriptUpdate) SetSource(val OptString) {
+	s.Source = val
+}
+
+// SetSubmissionID sets the value of SubmissionID.
+func (s *ScriptUpdate) SetSubmissionID(val OptInt64) {
+	s.SubmissionID = val
+}
+
+// SetSubmissionCompletedNoContent is response for SetSubmissionCompleted operation.
+type SetSubmissionCompletedNoContent struct{}
+
+// Ref: #/components/schemas/Submission
+type Submission struct {
+	ID             int64    `json:"ID"`
+	DisplayName    string   `json:"DisplayName"`
+	Creator        string   `json:"Creator"`
+	GameID         int32    `json:"GameID"`
+	CreatedAt      int64    `json:"CreatedAt"`
+	UpdatedAt      int64    `json:"UpdatedAt"`
+	Submitter      int64    `json:"Submitter"`
+	AssetID        int64    `json:"AssetID"`
+	AssetVersion   int64    `json:"AssetVersion"`
+	Completed      bool     `json:"Completed"`
+	SubmissionType int32    `json:"SubmissionType"`
+	TargetAssetID  OptInt64 `json:"TargetAssetID"`
+	StatusID       int32    `json:"StatusID"`
+}
+
+// GetID returns the value of ID.
+func (s *Submission) GetID() int64 {
+	return s.ID
+}
+
+// GetDisplayName returns the value of DisplayName.
+func (s *Submission) GetDisplayName() string {
+	return s.DisplayName
+}
+
+// GetCreator returns the value of Creator.
+func (s *Submission) GetCreator() string {
+	return s.Creator
+}
+
+// GetGameID returns the value of GameID.
+func (s *Submission) GetGameID() int32 {
+	return s.GameID
+}
+
+// GetCreatedAt returns the value of CreatedAt.
+func (s *Submission) GetCreatedAt() int64 {
+	return s.CreatedAt
+}
+
+// GetUpdatedAt returns the value of UpdatedAt.
+func (s *Submission) GetUpdatedAt() int64 {
+	return s.UpdatedAt
+}
+
+// GetSubmitter returns the value of Submitter.
+func (s *Submission) GetSubmitter() int64 {
+	return s.Submitter
+}
+
+// GetAssetID returns the value of AssetID.
+func (s *Submission) GetAssetID() int64 {
+	return s.AssetID
+}
+
+// GetAssetVersion returns the value of AssetVersion.
+func (s *Submission) GetAssetVersion() int64 {
+	return s.AssetVersion
+}
+
+// GetCompleted returns the value of Completed.
+func (s *Submission) GetCompleted() bool {
+	return s.Completed
+}
+
+// GetSubmissionType returns the value of SubmissionType.
+func (s *Submission) GetSubmissionType() int32 {
+	return s.SubmissionType
+}
+
+// GetTargetAssetID returns the value of TargetAssetID.
+func (s *Submission) GetTargetAssetID() OptInt64 {
+	return s.TargetAssetID
+}
+
+// GetStatusID returns the value of StatusID.
+func (s *Submission) GetStatusID() int32 {
+	return s.StatusID
+}
+
+// SetID sets the value of ID.
+func (s *Submission) SetID(val int64) {
+	s.ID = val
+}
+
+// SetDisplayName sets the value of DisplayName.
+func (s *Submission) SetDisplayName(val string) {
+	s.DisplayName = val
+}
+
+// SetCreator sets the value of Creator.
+func (s *Submission) SetCreator(val string) {
+	s.Creator = val
+}
+
+// SetGameID sets the value of GameID.
+func (s *Submission) SetGameID(val int32) {
+	s.GameID = val
+}
+
+// SetCreatedAt sets the value of CreatedAt.
+func (s *Submission) SetCreatedAt(val int64) {
+	s.CreatedAt = val
+}
+
+// SetUpdatedAt sets the value of UpdatedAt.
+func (s *Submission) SetUpdatedAt(val int64) {
+	s.UpdatedAt = val
+}
+
+// SetSubmitter sets the value of Submitter.
+func (s *Submission) SetSubmitter(val int64) {
+	s.Submitter = val
+}
+
+// SetAssetID sets the value of AssetID.
+func (s *Submission) SetAssetID(val int64) {
+	s.AssetID = val
+}
+
+// SetAssetVersion sets the value of AssetVersion.
+func (s *Submission) SetAssetVersion(val int64) {
+	s.AssetVersion = val
+}
+
+// SetCompleted sets the value of Completed.
+func (s *Submission) SetCompleted(val bool) {
+	s.Completed = val
+}
+
+// SetSubmissionType sets the value of SubmissionType.
+func (s *Submission) SetSubmissionType(val int32) {
+	s.SubmissionType = val
+}
+
+// SetTargetAssetID sets the value of TargetAssetID.
+func (s *Submission) SetTargetAssetID(val OptInt64) {
+	s.TargetAssetID = val
+}
+
+// SetStatusID sets the value of StatusID.
+func (s *Submission) SetStatusID(val int32) {
+	s.StatusID = val
+}
+
+// Ref: #/components/schemas/SubmissionCreate
+type SubmissionCreate struct {
+	DisplayName   string   `json:"DisplayName"`
+	Creator       string   `json:"Creator"`
+	GameID        int32    `json:"GameID"`
+	AssetID       int64    `json:"AssetID"`
+	AssetVersion  int64    `json:"AssetVersion"`
+	TargetAssetID OptInt64 `json:"TargetAssetID"`
+}
+
+// GetDisplayName returns the value of DisplayName.
+func (s *SubmissionCreate) GetDisplayName() string {
+	return s.DisplayName
+}
+
+// GetCreator returns the value of Creator.
+func (s *SubmissionCreate) GetCreator() string {
+	return s.Creator
+}
+
+// GetGameID returns the value of GameID.
+func (s *SubmissionCreate) GetGameID() int32 {
+	return s.GameID
+}
+
+// GetAssetID returns the value of AssetID.
+func (s *SubmissionCreate) GetAssetID() int64 {
+	return s.AssetID
+}
+
+// GetAssetVersion returns the value of AssetVersion.
+func (s *SubmissionCreate) GetAssetVersion() int64 {
+	return s.AssetVersion
+}
+
+// GetTargetAssetID returns the value of TargetAssetID.
+func (s *SubmissionCreate) GetTargetAssetID() OptInt64 {
+	return s.TargetAssetID
+}
+
+// SetDisplayName sets the value of DisplayName.
+func (s *SubmissionCreate) SetDisplayName(val string) {
+	s.DisplayName = val
+}
+
+// SetCreator sets the value of Creator.
+func (s *SubmissionCreate) SetCreator(val string) {
+	s.Creator = val
+}
+
+// SetGameID sets the value of GameID.
+func (s *SubmissionCreate) SetGameID(val int32) {
+	s.GameID = val
+}
+
+// SetAssetID sets the value of AssetID.
+func (s *SubmissionCreate) SetAssetID(val int64) {
+	s.AssetID = val
+}
+
+// SetAssetVersion sets the value of AssetVersion.
+func (s *SubmissionCreate) SetAssetVersion(val int64) {
+	s.AssetVersion = val
+}
+
+// SetTargetAssetID sets the value of TargetAssetID.
+func (s *SubmissionCreate) SetTargetAssetID(val OptInt64) {
+	s.TargetAssetID = val
+}
+
+// UpdateScriptNoContent is response for UpdateScript operation.
+type UpdateScriptNoContent struct{}
+
+// UpdateScriptPolicyNoContent is response for UpdateScriptPolicy operation.
+type UpdateScriptPolicyNoContent struct{}
+
+// UpdateSubmissionModelNoContent is response for UpdateSubmissionModel operation.
+type UpdateSubmissionModelNoContent struct{}
--- a/pkg/api/oas_security_gen.go
+++ b/pkg/api/oas_security_gen.go
@@ -0,0 +1,74 @@
+// Code generated by ogen, DO NOT EDIT.
+
+package api
+
+import (
+	"context"
+	"net/http"
+	"strings"
+
+	"github.com/go-faster/errors"
+
+	"github.com/ogen-go/ogen/ogenerrors"
+)
+
+// SecurityHandler is handler for security parameters.
+type SecurityHandler interface {
+	// HandleCookieAuth handles cookieAuth security.
+	HandleCookieAuth(ctx context.Context, operationName OperationName, t CookieAuth) (context.Context, error)
+}
+
+func findAuthorization(h http.Header, prefix string) (string, bool) {
+	v, ok := h["Authorization"]
+	if !ok {
+		return "", false
+	}
+	for _, vv := range v {
+		scheme, value, ok := strings.Cut(vv, " ")
+		if !ok || !strings.EqualFold(scheme, prefix) {
+			continue
+		}
+		return value, true
+	}
+	return "", false
+}
+
+func (s *Server) securityCookieAuth(ctx context.Context, operationName OperationName, req *http.Request) (context.Context, bool, error) {
+	var t CookieAuth
+	const parameterName = "session_id"
+	var value string
+	switch cookie, err := req.Cookie(parameterName); {
+	case err == nil: // if NO error
+		value = cookie.Value
+	case errors.Is(err, http.ErrNoCookie):
+		return ctx, false, nil
+	default:
+		return nil, false, errors.Wrap(err, "get cookie value")
+	}
+	t.APIKey = value
+	rctx, err := s.sec.HandleCookieAuth(ctx, operationName, t)
+	if errors.Is(err, ogenerrors.ErrSkipServerSecurity) {
+		return nil, false, nil
+	} else if err != nil {
+		return nil, false, err
+	}
+	return rctx, true, err
+}
+
+// SecuritySource is provider of security values (tokens, passwords, etc.).
+type SecuritySource interface {
+	// CookieAuth provides cookieAuth security value.
+	CookieAuth(ctx context.Context, operationName OperationName) (CookieAuth, error)
+}
+
+func (s *Client) securityCookieAuth(ctx context.Context, operationName OperationName, req *http.Request) error {
+	t, err := s.sec.CookieAuth(ctx, operationName)
+	if err != nil {
+		return errors.Wrap(err, "security source \"CookieAuth\"")
+	}
+	req.AddCookie(&http.Cookie{
+		Name:  "session_id",
+		Value: t.APIKey,
+	})
+	return nil
+}
--- a/pkg/api/oas_server_gen.go
+++ b/pkg/api/oas_server_gen.go
@@ -0,0 +1,162 @@
+// Code generated by ogen, DO NOT EDIT.
+
+package api
+
+import (
+	"context"
+)
+
+// Handler handles operations described by OpenAPI v3 specification.
+type Handler interface {
+	// ActionSubmissionReject implements actionSubmissionReject operation.
+	//
+	// Role Reviewer changes status from Submitted -> Rejected.
+	//
+	// POST /submissions/{SubmissionID}/status/reject
+	ActionSubmissionReject(ctx context.Context, params ActionSubmissionRejectParams) error
+	// ActionSubmissionRequestChanges implements actionSubmissionRequestChanges operation.
+	//
+	// Role Reviewer changes status from Validated|Accepted|Submitted -> ChangesRequested.
+	//
+	// POST /submissions/{SubmissionID}/status/request-changes
+	ActionSubmissionRequestChanges(ctx context.Context, params ActionSubmissionRequestChangesParams) error
+	// ActionSubmissionRevoke implements actionSubmissionRevoke operation.
+	//
+	// Role Submitter changes status from Submitted|ChangesRequested -> UnderConstruction.
+	//
+	// POST /submissions/{SubmissionID}/status/revoke
+	ActionSubmissionRevoke(ctx context.Context, params ActionSubmissionRevokeParams) error
+	// ActionSubmissionSubmit implements actionSubmissionSubmit operation.
+	//
+	// Role Submitter changes status from UnderConstruction|ChangesRequested -> Submitted.
+	//
+	// POST /submissions/{SubmissionID}/status/submit
+	ActionSubmissionSubmit(ctx context.Context, params ActionSubmissionSubmitParams) error
+	// ActionSubmissionTriggerUpload implements actionSubmissionTriggerUpload operation.
+	//
+	// Role Admin changes status from Validated -> Uploading.
+	//
+	// POST /submissions/{SubmissionID}/status/trigger-upload
+	ActionSubmissionTriggerUpload(ctx context.Context, params ActionSubmissionTriggerUploadParams) error
+	// ActionSubmissionTriggerValidate implements actionSubmissionTriggerValidate operation.
+	//
+	// Role Reviewer triggers validation and changes status from Submitted|Accepted -> Validating.
+	//
+	// POST /submissions/{SubmissionID}/status/trigger-validate
+	ActionSubmissionTriggerValidate(ctx context.Context, params ActionSubmissionTriggerValidateParams) error
+	// CreateScript implements createScript operation.
+	//
+	// Create a new script.
+	//
+	// POST /scripts
+	CreateScript(ctx context.Context, req *ScriptCreate) (*ID, error)
+	// CreateScriptPolicy implements createScriptPolicy operation.
+	//
+	// Create a new script policy.
+	//
+	// POST /script-policy
+	CreateScriptPolicy(ctx context.Context, req *ScriptPolicyCreate) (*ID, error)
+	// CreateSubmission implements createSubmission operation.
+	//
+	// Create new submission.
+	//
+	// POST /submissions
+	CreateSubmission(ctx context.Context, req *SubmissionCreate) (*ID, error)
+	// DeleteScript implements deleteScript operation.
+	//
+	// Delete the specified script by ID.
+	//
+	// DELETE /scripts/{ScriptID}
+	DeleteScript(ctx context.Context, params DeleteScriptParams) error
+	// DeleteScriptPolicy implements deleteScriptPolicy operation.
+	//
+	// Delete the specified script policy by ID.
+	//
+	// DELETE /script-policy/{ScriptPolicyID}
+	DeleteScriptPolicy(ctx context.Context, params DeleteScriptPolicyParams) error
+	// GetScript implements getScript operation.
+	//
+	// Get the specified script by ID.
+	//
+	// GET /scripts/{ScriptID}
+	GetScript(ctx context.Context, params GetScriptParams) (*Script, error)
+	// GetScriptPolicy implements getScriptPolicy operation.
+	//
+	// Get the specified script policy by ID.
+	//
+	// GET /script-policy/{ScriptPolicyID}
+	GetScriptPolicy(ctx context.Context, params GetScriptPolicyParams) (*ScriptPolicy, error)
+	// GetSubmission implements getSubmission operation.
+	//
+	// Retrieve map with ID.
+	//
+	// GET /submissions/{SubmissionID}
+	GetSubmission(ctx context.Context, params GetSubmissionParams) (*Submission, error)
+	// ListScriptPolicy implements listScriptPolicy operation.
+	//
+	// Get list of script policies.
+	//
+	// GET /script-policy
+	ListScriptPolicy(ctx context.Context, params ListScriptPolicyParams) ([]ScriptPolicy, error)
+	// ListScripts implements listScripts operation.
+	//
+	// Get list of scripts.
+	//
+	// GET /scripts
+	ListScripts(ctx context.Context, params ListScriptsParams) ([]Script, error)
+	// ListSubmissions implements listSubmissions operation.
+	//
+	// Get list of submissions.
+	//
+	// GET /submissions
+	ListSubmissions(ctx context.Context, params ListSubmissionsParams) ([]Submission, error)
+	// SetSubmissionCompleted implements setSubmissionCompleted operation.
+	//
+	// Retrieve map with ID.
+	//
+	// POST /submissions/{SubmissionID}/completed
+	SetSubmissionCompleted(ctx context.Context, params SetSubmissionCompletedParams) error
+	// UpdateScript implements updateScript operation.
+	//
+	// Update the specified script by ID.
+	//
+	// POST /scripts/{ScriptID}
+	UpdateScript(ctx context.Context, req *ScriptUpdate, params UpdateScriptParams) error
+	// UpdateScriptPolicy implements updateScriptPolicy operation.
+	//
+	// Update the specified script policy by ID.
+	//
+	// POST /script-policy/{ScriptPolicyID}
+	UpdateScriptPolicy(ctx context.Context, req *ScriptPolicyUpdate, params UpdateScriptPolicyParams) error
+	// UpdateSubmissionModel implements updateSubmissionModel operation.
+	//
+	// Update model following role restrictions.
+	//
+	// POST /submissions/{SubmissionID}/model
+	UpdateSubmissionModel(ctx context.Context, params UpdateSubmissionModelParams) error
+	// NewError creates *ErrorStatusCode from error returned by handler.
+	//
+	// Used for common default response.
+	NewError(ctx context.Context, err error) *ErrorStatusCode
+}
+
+// Server implements http server based on OpenAPI v3 specification and
+// calls Handler to handle requests.
+type Server struct {
+	h   Handler
+	sec SecurityHandler
+	baseServer
+}
+
+// NewServer creates new Server.
+func NewServer(h Handler, sec SecurityHandler, opts ...ServerOption) (*Server, error) {
+	s, err := newServerConfig(opts...).baseServer()
+	if err != nil {
+		return nil, err
+	}
+	return &Server{
+		h:          h,
+		sec:        sec,
+		baseServer: s,
+	}, nil
+}
--- a/pkg/api/oas_unimplemented_gen.go
+++ b/pkg/api/oas_unimplemented_gen.go
@@ -0,0 +1,211 @@
+// Code generated by ogen, DO NOT EDIT.
+
+package api
+
+import (
+	"context"
+
+	ht "github.com/ogen-go/ogen/http"
+)
+
+// UnimplementedHandler is no-op Handler which returns http.ErrNotImplemented.
+type UnimplementedHandler struct{}
+
+var _ Handler = UnimplementedHandler{}
+
+// ActionSubmissionReject implements actionSubmissionReject operation.
+//
+// Role Reviewer changes status from Submitted -> Rejected.
+//
+// POST /submissions/{SubmissionID}/status/reject
+func (UnimplementedHandler) ActionSubmissionReject(ctx context.Context, params ActionSubmissionRejectParams) error {
+	return ht.ErrNotImplemented
+}
+
+// ActionSubmissionRequestChanges implements actionSubmissionRequestChanges operation.
+//
+// Role Reviewer changes status from Validated|Accepted|Submitted -> ChangesRequested.
+//
+// POST /submissions/{SubmissionID}/status/request-changes
+func (UnimplementedHandler) ActionSubmissionRequestChanges(ctx context.Context, params ActionSubmissionRequestChangesParams) error {
+	return ht.ErrNotImplemented
+}
+
+// ActionSubmissionRevoke implements actionSubmissionRevoke operation.
+//
+// Role Submitter changes status from Submitted|ChangesRequested -> UnderConstruction.
+//
+// POST /submissions/{SubmissionID}/status/revoke
+func (UnimplementedHandler) ActionSubmissionRevoke(ctx context.Context, params ActionSubmissionRevokeParams) error {
+	return ht.ErrNotImplemented
+}
+
+// ActionSubmissionSubmit implements actionSubmissionSubmit operation.
+//
+// Role Submitter changes status from UnderConstruction|ChangesRequested -> Submitted.
+//
+// POST /submissions/{SubmissionID}/status/submit
+func (UnimplementedHandler) ActionSubmissionSubmit(ctx context.Context, params ActionSubmissionSubmitParams) error {
+	return ht.ErrNotImplemented
+}
+
+// ActionSubmissionTriggerUpload implements actionSubmissionTriggerUpload operation.
+//
+// Role Admin changes status from Validated -> Uploading.
+//
+// POST /submissions/{SubmissionID}/status/trigger-upload
+func (UnimplementedHandler) ActionSubmissionTriggerUpload(ctx context.Context, params ActionSubmissionTriggerUploadParams) error {
+	return ht.ErrNotImplemented
+}
+
+// ActionSubmissionTriggerValidate implements actionSubmissionTriggerValidate operation.
+//
+// Role Reviewer triggers validation and changes status from Submitted|Accepted -> Validating.
+//
+// POST /submissions/{SubmissionID}/status/trigger-validate
+func (UnimplementedHandler) ActionSubmissionTriggerValidate(ctx context.Context, params ActionSubmissionTriggerValidateParams) error {
+	return ht.ErrNotImplemented
+}
+
+// CreateScript implements createScript operation.
+//
+// Create a new script.
+//
+// POST /scripts
+func (UnimplementedHandler) CreateScript(ctx context.Context, req *ScriptCreate) (r *ID, _ error) {
+	return r, ht.ErrNotImplemented
+}
+
+// CreateScriptPolicy implements createScriptPolicy operation.
+//
+// Create a new script policy.
+//
+// POST /script-policy
+func (UnimplementedHandler) CreateScriptPolicy(ctx context.Context, req *ScriptPolicyCreate) (r *ID, _ error) {
+	return r, ht.ErrNotImplemented
+}
+
+// CreateSubmission implements createSubmission operation.
+//
+// Create new submission.
+//
+// POST /submissions
+func (UnimplementedHandler) CreateSubmission(ctx context.Context, req *SubmissionCreate) (r *ID, _ error) {
+	return r, ht.ErrNotImplemented
+}
+
+// DeleteScript implements deleteScript operation.
+//
+// Delete the specified script by ID.
+//
+// DELETE /scripts/{ScriptID}
+func (UnimplementedHandler) DeleteScript(ctx context.Context, params DeleteScriptParams) error {
+	return ht.ErrNotImplemented
+}
+
+// DeleteScriptPolicy implements deleteScriptPolicy operation.
+//
+// Delete the specified script policy by ID.
+//
+// DELETE /script-policy/{ScriptPolicyID}
+func (UnimplementedHandler) DeleteScriptPolicy(ctx context.Context, params DeleteScriptPolicyParams) error {
+	return ht.ErrNotImplemented
+}
+
+// GetScript implements getScript operation.
+//
+// Get the specified script by ID.
+//
+// GET /scripts/{ScriptID}
+func (UnimplementedHandler) GetScript(ctx context.Context, params GetScriptParams) (r *Script, _ error) {
+	return r, ht.ErrNotImplemented
+}
+
+// GetScriptPolicy implements getScriptPolicy operation.
+//
+// Get the specified script policy by ID.
+//
+// GET /script-policy/{ScriptPolicyID}
+func (UnimplementedHandler) GetScriptPolicy(ctx context.Context, params GetScriptPolicyParams) (r *ScriptPolicy, _ error) {
+	return r, ht.ErrNotImplemented
+}
+
+// GetSubmission implements getSubmission operation.
+//
+// Retrieve map with ID.
+//
+// GET /submissions/{SubmissionID}
+func (UnimplementedHandler) GetSubmission(ctx context.Context, params GetSubmissionParams) (r *Submission, _ error) {
+	return r, ht.ErrNotImplemented
+}
+
+// ListScriptPolicy implements listScriptPolicy operation.
+//
+// Get list of script policies.
+//
+// GET /script-policy
+func (UnimplementedHandler) ListScriptPolicy(ctx context.Context, params ListScriptPolicyParams) (r []ScriptPolicy, _ error) {
+	return r, ht.ErrNotImplemented
+}
+
+// ListScripts implements listScripts operation.
+//
+// Get list of scripts.
+//
+// GET /scripts
+func (UnimplementedHandler) ListScripts(ctx context.Context, params ListScriptsParams) (r []Script, _ error) {
+	return r, ht.ErrNotImplemented
+}
+
+// ListSubmissions implements listSubmissions operation.
+//
+// Get list of submissions.
+//
+// GET /submissions
+func (UnimplementedHandler) ListSubmissions(ctx context.Context, params ListSubmissionsParams) (r []Submission, _ error) {
+	return r, ht.ErrNotImplemented
+}
+
+// SetSubmissionCompleted implements setSubmissionCompleted operation.
+//
+// Retrieve map with ID.
+//
+// POST /submissions/{SubmissionID}/completed
+func (UnimplementedHandler) SetSubmissionCompleted(ctx context.Context, params SetSubmissionCompletedParams) error {
+	return ht.ErrNotImplemented
+}
+
+// UpdateScript implements updateScript operation.
+//
+// Update the specified script by ID.
+//
+// POST /scripts/{ScriptID}
+func (UnimplementedHandler) UpdateScript(ctx context.Context, req *ScriptUpdate, params UpdateScriptParams) error {
+	return ht.ErrNotImplemented
+}
+
+// UpdateScriptPolicy implements updateScriptPolicy operation.
+//
+// Update the specified script policy by ID.
+//
+// POST /script-policy/{ScriptPolicyID}
+func (UnimplementedHandler) UpdateScriptPolicy(ctx context.Context, req *ScriptPolicyUpdate, params UpdateScriptPolicyParams) error {
+	return ht.ErrNotImplemented
+}
+
+// UpdateSubmissionModel implements updateSubmissionModel operation.
+//
+// Update model following role restrictions.
+//
+// POST /submissions/{SubmissionID}/model
+func (UnimplementedHandler) UpdateSubmissionModel(ctx context.Context, params UpdateSubmissionModelParams) error {
+	return ht.ErrNotImplemented
+}
+
+// NewError creates *ErrorStatusCode from error returned by handler.
+//
+// Used for common default response.
+func (UnimplementedHandler) NewError(ctx context.Context, err error) (r *ErrorStatusCode) {
+	r = new(ErrorStatusCode)
+	return r
+}
--- a/pkg/api/oas_validators_gen.go
+++ b/pkg/api/oas_validators_gen.go
@@ -0,0 +1,323 @@
+// Code generated by ogen, DO NOT EDIT.
+
+package api
+
+import (
+	"github.com/go-faster/errors"
+
+	"github.com/ogen-go/ogen/validate"
+)
+
+func (s *Script) Validate() error {
+	if s == nil {
+		return validate.ErrNilPointer
+	}
+
+	var failures []validate.FieldError
+	if err := func() error {
+		if err := (validate.String{
+			MinLength:    0,
+			MinLengthSet: false,
+			MaxLength:    128,
+			MaxLengthSet: true,
+			Email:        false,
+			Hostname:     false,
+			Regex:        nil,
+		}).Validate(string(s.Name)); err != nil {
+			return errors.Wrap(err, "string")
+		}
+		return nil
+	}(); err != nil {
+		failures = append(failures, validate.FieldError{
+			Name:  "Name",
+			Error: err,
+		})
+	}
+	if err := func() error {
+		if err := (validate.String{
+			MinLength:    16,
+			MinLengthSet: true,
+			MaxLength:    16,
+			MaxLengthSet: true,
+			Email:        false,
+			Hostname:     false,
+			Regex:        nil,
+		}).Validate(string(s.Hash)); err != nil {
+			return errors.Wrap(err, "string")
+		}
+		return nil
+	}(); err != nil {
+		failures = append(failures, validate.FieldError{
+			Name:  "Hash",
+			Error: err,
+		})
+	}
+	if err := func() error {
+		if err := (validate.String{
+			MinLength:    0,
+			MinLengthSet: false,
+			MaxLength:    1048576,
+			MaxLengthSet: true,
+			Email:        false,
+			Hostname:     false,
+			Regex:        nil,
+		}).Validate(string(s.Source)); err != nil {
+			return errors.Wrap(err, "string")
+		}
+		return nil
+	}(); err != nil {
+		failures = append(failures, validate.FieldError{
+			Name:  "Source",
+			Error: err,
+		})
+	}
+	if len(failures) > 0 {
+		return &validate.Error{Fields: failures}
+	}
+	return nil
+}
+
+func (s *ScriptCreate) Validate() error {
+	if s == nil {
+		return validate.ErrNilPointer
+	}
+
+	var failures []validate.FieldError
+	if err := func() error {
+		if err := (validate.String{
+			MinLength:    0,
+			MinLengthSet: false,
+			MaxLength:    128,
+			MaxLengthSet: true,
+			Email:        false,
+			Hostname:     false,
+			Regex:        nil,
+		}).Validate(string(s.Name)); err != nil {
+			return errors.Wrap(err, "string")
+		}
+		return nil
+	}(); err != nil {
+		failures = append(failures, validate.FieldError{
+			Name:  "Name",
+			Error: err,
+		})
+	}
+	if err := func() error {
+		if err := (validate.String{
+			MinLength:    0,
+			MinLengthSet: false,
+			MaxLength:    1048576,
+			MaxLengthSet: true,
+			Email:        false,
+			Hostname:     false,
+			Regex:        nil,
+		}).Validate(string(s.Source)); err != nil {
+			return errors.Wrap(err, "string")
+		}
+		return nil
+	}(); err != nil {
+		failures = append(failures, validate.FieldError{
+			Name:  "Source",
+			Error: err,
+		})
+	}
+	if len(failures) > 0 {
+		return &validate.Error{Fields: failures}
+	}
+	return nil
+}
+
+func (s *ScriptPolicy) Validate() error {
+	if s == nil {
+		return validate.ErrNilPointer
+	}
+
+	var failures []validate.FieldError
+	if err := func() error {
+		if err := (validate.String{
+			MinLength:    16,
+			MinLengthSet: true,
+			MaxLength:    16,
+			MaxLengthSet: true,
+			Email:        false,
+			Hostname:     false,
+			Regex:        nil,
+		}).Validate(string(s.FromScriptHash)); err != nil {
+			return errors.Wrap(err, "string")
+		}
+		return nil
+	}(); err != nil {
+		failures = append(failures, validate.FieldError{
+			Name:  "FromScriptHash",
+			Error: err,
+		})
+	}
+	if len(failures) > 0 {
+		return &validate.Error{Fields: failures}
+	}
+	return nil
+}
+
+func (s *ScriptUpdate) Validate() error {
+	if s == nil {
+		return validate.ErrNilPointer
+	}
+
+	var failures []validate.FieldError
+	if err := func() error {
+		if value, ok := s.Name.Get(); ok {
+			if err := func() error {
+				if err := (validate.String{
+					MinLength:    0,
+					MinLengthSet: false,
+					MaxLength:    128,
+					MaxLengthSet: true,
+					Email:        false,
+					Hostname:     false,
+					Regex:        nil,
+				}).Validate(string(value)); err != nil {
+					return errors.Wrap(err, "string")
+				}
+				return nil
+			}(); err != nil {
+				return err
+			}
+		}
+		return nil
+	}(); err != nil {
+		failures = append(failures, validate.FieldError{
+			Name:  "Name",
+			Error: err,
+		})
+	}
+	if err := func() error {
+		if value, ok := s.Source.Get(); ok {
+			if err := func() error {
+				if err := (validate.String{
+					MinLength:    0,
+					MinLengthSet: false,
+					MaxLength:    1048576,
+					MaxLengthSet: true,
+					Email:        false,
+					Hostname:     false,
+					Regex:        nil,
+				}).Validate(string(value)); err != nil {
+					return errors.Wrap(err, "string")
+				}
+				return nil
+			}(); err != nil {
+				return err
+			}
+		}
+		return nil
+	}(); err != nil {
+		failures = append(failures, validate.FieldError{
+			Name:  "Source",
+			Error: err,
+		})
+	}
+	if len(failures) > 0 {
+		return &validate.Error{Fields: failures}
+	}
+	return nil
+}
+
+func (s *Submission) Validate() error {
+	if s == nil {
+		return validate.ErrNilPointer
+	}
+
+	var failures []validate.FieldError
+	if err := func() error {
+		if err := (validate.String{
+			MinLength:    0,
+			MinLengthSet: false,
+			MaxLength:    128,
+			MaxLengthSet: true,
+			Email:        false,
+			Hostname:     false,
+			Regex:        nil,
+		}).Validate(string(s.DisplayName)); err != nil {
+			return errors.Wrap(err, "string")
+		}
+		return nil
+	}(); err != nil {
+		failures = append(failures, validate.FieldError{
+			Name:  "DisplayName",
+			Error: err,
+		})
+	}
+	if err := func() error {
+		if err := (validate.String{
+			MinLength:    0,
+			MinLengthSet: false,
+			MaxLength:    128,
+			MaxLengthSet: true,
+			Email:        false,
+			Hostname:     false,
+			Regex:        nil,
+		}).Validate(string(s.Creator)); err != nil {
+			return errors.Wrap(err, "string")
+		}
+		return nil
+	}(); err != nil {
+		failures = append(failures, validate.FieldError{
+			Name:  "Creator",
+			Error: err,
+		})
+	}
+	if len(failures) > 0 {
+		return &validate.Error{Fields: failures}
+	}
+	return nil
+}
+
+func (s *SubmissionCreate) Validate() error {
+	if s == nil {
+		return validate.ErrNilPointer
+	}
+
+	var failures []validate.FieldError
+	if err := func() error {
+		if err := (validate.String{
+			MinLength:    0,
+			MinLengthSet: false,
+			MaxLength:    128,
+			MaxLengthSet: true,
+			Email:        false,
+			Hostname:     false,
+			Regex:        nil,
+		}).Validate(string(s.DisplayName)); err != nil {
+			return errors.Wrap(err, "string")
+		}
+		return nil
+	}(); err != nil {
+		failures = append(failures, validate.FieldError{
+			Name:  "DisplayName",
+			Error: err,
+		})
+	}
+	if err := func() error {
+		if err := (validate.String{
+			MinLength:    0,
+			MinLengthSet: false,
+			MaxLength:    128,
+			MaxLengthSet: true,
+			Email:        false,
+			Hostname:     false,
+			Regex:        nil,
+		}).Validate(string(s.Creator)); err != nil {
+			return errors.Wrap(err, "string")
+		}
+		return nil
+	}(); err != nil {
+		failures = append(failures, validate.FieldError{
+			Name:  "Creator",
+			Error: err,
+		})
+	}
+	if len(failures) > 0 {
+		return &validate.Error{Fields: failures}
+	}
+	return nil
+}
--- a/pkg/cmds/root.go
+++ b/pkg/cmds/root.go
@@ -0,0 +1,37 @@
+package cmds
+
+import (
+	log "github.com/sirupsen/logrus"
+	"github.com/urfave/cli/v2"
+	"os"
+	"path/filepath"
+)
+
+var (
+	appName    = filepath.Base(os.Args[0])
+	commonFlag = []cli.Flag{
+		&cli.BoolFlag{
+			Name:  "debug",
+			Usage: "Enable debug logging",
+			Value: false,
+			Action: func(ctx *cli.Context, debug bool) error {
+				log.Println("ran")
+				if debug {
+					log.SetLevel(log.DebugLevel)
+					log.SetFormatter(&log.TextFormatter{})
+					log.SetReportCaller(false)
+				}
+				return nil
+			},
+		},
+	}
+)
+
+func NewApp() *cli.App {
+	app := cli.NewApp()
+	app.Name = appName
+	app.Usage = "Maps API Service"
+	app.Flags = commonFlag
+
+	return app
+}
--- a/pkg/cmds/serve.go
+++ b/pkg/cmds/serve.go
@@ -0,0 +1,164 @@
+package cmds
+
+import (
+	"fmt"
+	"net/http"
+
+	"git.itzana.me/strafesnet/go-grpc/auth"
+	"git.itzana.me/strafesnet/maps-service/pkg/api"
+	"git.itzana.me/strafesnet/maps-service/pkg/datastore/gormstore"
+	internal "git.itzana.me/strafesnet/maps-service/pkg/internal"
+	"git.itzana.me/strafesnet/maps-service/pkg/service"
+	"git.itzana.me/strafesnet/maps-service/pkg/service_internal"
+	"github.com/nats-io/nats.go"
+	log "github.com/sirupsen/logrus"
+	"github.com/urfave/cli/v2"
+	"google.golang.org/grpc"
+	"google.golang.org/grpc/credentials/insecure"
+)
+
+func NewServeCommand() *cli.Command {
+	return &cli.Command{
+		Name:   "serve",
+		Usage:  "Run maps service",
+		Action: serve,
+		Flags: []cli.Flag{
+			&cli.StringFlag{
+				Name:     "pg-host",
+				Usage:    "Host of postgres database",
+				EnvVars:  []string{"PG_HOST"},
+				Required: true,
+			},
+			&cli.IntFlag{
+				Name:     "pg-port",
+				Usage:    "Port of postgres database",
+				EnvVars:  []string{"PG_PORT"},
+				Required: true,
+			},
+			&cli.StringFlag{
+				Name:     "pg-db",
+				Usage:    "Name of database to connect to",
+				EnvVars:  []string{"PG_DB"},
+				Required: true,
+			},
+			&cli.StringFlag{
+				Name:     "pg-user",
+				Usage:    "User to connect with",
+				EnvVars:  []string{"PG_USER"},
+				Required: true,
+			},
+			&cli.StringFlag{
+				Name:     "pg-password",
+				Usage:    "Password to connect with",
+				EnvVars:  []string{"PG_PASSWORD"},
+				Required: true,
+			},
+			&cli.BoolFlag{
+				Name:    "migrate",
+				Usage:   "Run database migrations",
+				Value:   true,
+				EnvVars: []string{"MIGRATE"},
+			},
+			&cli.IntFlag{
+				Name:    "port",
+				Usage:   "Port to listen on",
+				Value:   8080,
+				EnvVars: []string{"PORT"},
+			},
+			&cli.IntFlag{
+				Name:    "port-internal",
+				Usage:   "Port to listen on for internal api",
+				Value:   8081,
+				EnvVars: []string{"PORT_INTERNAL"},
+			},
+			&cli.StringFlag{
+				Name:    "auth-rpc-host",
+				Usage:   "Host of auth rpc",
+				EnvVars: []string{"AUTH_RPC_HOST"},
+				Value:   "auth-service:8090",
+			},
+			&cli.StringFlag{
+				Name:    "nats-host",
+				Usage:   "Host of nats",
+				EnvVars: []string{"NATS_HOST"},
+				Value:   "nats:4222",
+			},
+		},
+	}
+}
+
+func serve(ctx *cli.Context) error {
+	db, err := gormstore.New(ctx)
+	if err != nil {
+		log.WithError(err).Fatal("failed to connect database")
+	}
+	nc, err := nats.Connect(ctx.String("nats-host"))
+	if err != nil {
+		log.WithError(err).Fatal("failed to connect nats")
+	}
+	js, err := nc.JetStream()
+	if err != nil {
+		log.WithError(err).Fatal("failed to start jetstream")
+	}
+
+	_, err = js.AddStream(&nats.StreamConfig{
+		Name:      "maptest",
+		Subjects:  []string{"maptest.>"},
+		Retention: nats.WorkQueuePolicy,
+	})
+	if err != nil {
+		log.WithError(err).Fatal("failed to add stream")
+	}
+
+	svc := &service.Service{
+		DB:   db,
+		Nats: js,
+	}
+
+	conn, err := grpc.Dial(ctx.String("auth-rpc-host"), grpc.WithTransportCredentials(insecure.NewCredentials()))
+	if err != nil {
+		log.Fatal(err)
+	}
+	sec := service.SecurityHandler{
+		Client: auth.NewAuthServiceClient(conn),
+	}
+
+	srv, err := api.NewServer(svc, sec, api.WithPathPrefix("/v1"))
+	if err != nil {
+		log.WithError(err).Fatal("failed to initialize api server")
+	}
+
+	svc2 := &service_internal.Service{
+		DB:   db,
+		Nats: js,
+	}
+
+	srv2, err := internal.NewServer(svc2, internal.WithPathPrefix("/v1"))
+	if err != nil {
+		log.WithError(err).Fatal("failed to initialize api server")
+	}
+	// Channel to collect errors
+	errChan := make(chan error, 2)
+
+	// First server
+	go func(errChan chan error) {
+		errChan <- http.ListenAndServe(fmt.Sprintf(":%d", ctx.Int("port-internal")), srv2)
+	}(errChan)
+
+	// Second server
+	go func(errChan chan error) {
+		errChan <- http.ListenAndServe(fmt.Sprintf(":%d", ctx.Int("port")), srv)
+	}(errChan)
+
+	// Wait for the first error or completion of both tasks
+	for i := 0; i < 2; i++ {
+		err := <-errChan
+		if err != nil {
+			fmt.Println("Exiting due to:", err)
+			return err
+		}
+	}
+	log.Println("Both servers have stopped.")
+
+	return nil
+}
--- a/pkg/datastore/datastore.go
+++ b/pkg/datastore/datastore.go
@@ -0,0 +1,46 @@
+package datastore
+
+import (
+	"context"
+	"errors"
+	"git.itzana.me/strafesnet/maps-service/pkg/model"
+)
+
+var (
+	ErrNotExist        = errors.New("resource does not exist")
+	ErroNoRowsAffected = errors.New("query did not affect any rows")
+)
+
+type Datastore interface {
+	Submissions() Submissions
+	Scripts() Scripts
+	ScriptPolicy() ScriptPolicy
+}
+
+type Submissions interface {
+	Get(ctx context.Context, id int64) (model.Submission, error)
+	GetList(ctx context.Context, id []int64) ([]model.Submission, error)
+	Create(ctx context.Context, smap model.Submission) (model.Submission, error)
+	Update(ctx context.Context, id int64, values OptionalMap) error
+	IfStatusThenUpdate(ctx context.Context, id int64, statuses []model.Status, values OptionalMap) error
+	IfStatusThenUpdateAndGet(ctx context.Context, id int64, statuses []model.Status, values OptionalMap) (model.Submission, error)
+	Delete(ctx context.Context, id int64) error
+	List(ctx context.Context, filters OptionalMap, page model.Page) ([]model.Submission, error)
+}
+
+type Scripts interface {
+	Get(ctx context.Context, id int64) (model.Script, error)
+	Create(ctx context.Context, smap model.Script) (model.Script, error)
+	Update(ctx context.Context, id int64, values OptionalMap) error
+	Delete(ctx context.Context, id int64) error
+	List(ctx context.Context, filters OptionalMap, page model.Page) ([]model.Script, error)
+}
+
+type ScriptPolicy interface {
+	Get(ctx context.Context, id int64) (model.ScriptPolicy, error)
+	GetFromHash(ctx context.Context, hash uint64) (model.ScriptPolicy, error)
+	Create(ctx context.Context, smap model.ScriptPolicy) (model.ScriptPolicy, error)
+	Update(ctx context.Context, id int64, values OptionalMap) error
+	Delete(ctx context.Context, id int64) error
+	List(ctx context.Context, filters OptionalMap, page model.Page) ([]model.ScriptPolicy, error)
+}
--- a/internal/datastore/filter.go
+++ b/internal/datastore/filter.go
--- a/pkg/datastore/gormstore/db.go
+++ b/pkg/datastore/gormstore/db.go
@@ -0,0 +1,44 @@
+package gormstore
+
+import (
+	"fmt"
+	"git.itzana.me/strafesnet/maps-service/pkg/datastore"
+	"git.itzana.me/strafesnet/maps-service/pkg/model"
+	"git.itzana.me/strafesnet/utils/logger"
+	log "github.com/sirupsen/logrus"
+	"github.com/urfave/cli/v2"
+	"gorm.io/driver/postgres"
+	"gorm.io/gorm"
+)
+
+func New(ctx *cli.Context) (datastore.Datastore, error) {
+	db, err := gorm.Open(
+		postgres.Open(
+			fmt.Sprintf(
+				"host=%s user=%s password=%s dbname=%s port=%d",
+				ctx.String("pg-host"),
+				ctx.String("pg-user"),
+				ctx.String("pg-password"),
+				ctx.String("pg-db"),
+				ctx.Int("pg-port")),
+		), &gorm.Config{
+			Logger: logger.New(),
+		})
+	if err != nil {
+		log.WithError(err).Errorln("failed to connect to database")
+		return nil, err
+	}
+
+	if ctx.Bool("migrate") {
+		if err := db.AutoMigrate(
+			&model.Submission{},
+			&model.Script{},
+			&model.ScriptPolicy{},
+		); err != nil {
+			log.WithError(err).Errorln("database migration failed")
+			return nil, err
+		}
+	}
+
+	return &Gormstore{db}, nil
+}
--- a/pkg/datastore/gormstore/gormstore.go
+++ b/pkg/datastore/gormstore/gormstore.go
@@ -0,0 +1,22 @@
+package gormstore
+
+import (
+	"git.itzana.me/strafesnet/maps-service/pkg/datastore"
+	"gorm.io/gorm"
+)
+
+type Gormstore struct {
+	db *gorm.DB
+}
+
+func (g Gormstore) Submissions() datastore.Submissions {
+	return &Submissions{db: g.db}
+}
+
+func (g Gormstore) Scripts() datastore.Scripts {
+	return &Scripts{db: g.db}
+}
+
+func (g Gormstore) ScriptPolicy() datastore.ScriptPolicy {
+	return &ScriptPolicy{db: g.db}
+}
--- a/pkg/datastore/gormstore/script_policy.go
+++ b/pkg/datastore/gormstore/script_policy.go
@@ -0,0 +1,75 @@
+package gormstore
+
+import (
+	"context"
+	"errors"
+
+	"git.itzana.me/strafesnet/maps-service/pkg/datastore"
+	"git.itzana.me/strafesnet/maps-service/pkg/model"
+	"gorm.io/gorm"
+)
+
+type ScriptPolicy struct {
+	db *gorm.DB
+}
+
+func (env *ScriptPolicy) Get(ctx context.Context, id int64) (model.ScriptPolicy, error) {
+	var mdl model.ScriptPolicy
+	if err := env.db.First(&mdl, id).Error; err != nil {
+		if errors.Is(err, gorm.ErrRecordNotFound) {
+			return mdl, datastore.ErrNotExist
+		}
+		return mdl, err
+	}
+	return mdl, nil
+}
+
+func (env *ScriptPolicy) GetFromHash(ctx context.Context, hash uint64) (model.ScriptPolicy, error) {
+	var mdl model.ScriptPolicy
+	if err := env.db.Take(&mdl,"from_script_hash = ?", hash).Error; err != nil {
+		if errors.Is(err, gorm.ErrRecordNotFound) {
+			return mdl, datastore.ErrNotExist
+		}
+		return mdl, err
+	}
+	return mdl, nil
+}
+
+func (env *ScriptPolicy) Create(ctx context.Context, smap model.ScriptPolicy) (model.ScriptPolicy, error) {
+	if err := env.db.Create(&smap).Error; err != nil {
+		return smap, err
+	}
+
+	return smap, nil
+}
+
+func (env *ScriptPolicy) Update(ctx context.Context, id int64, values datastore.OptionalMap) error {
+	if err := env.db.Model(&model.ScriptPolicy{}).Where("id = ?", id).Updates(values.Map()).Error; err != nil {
+		if err == gorm.ErrRecordNotFound {
+			return datastore.ErrNotExist
+		}
+		return err
+	}
+
+	return nil
+}
+
+func (env *ScriptPolicy) Delete(ctx context.Context, id int64) error {
+	if err := env.db.Delete(&model.ScriptPolicy{}, id).Error; err != nil {
+		if err == gorm.ErrRecordNotFound {
+			return datastore.ErrNotExist
+		}
+		return err
+	}
+
+	return nil
+}
+
+func (env *ScriptPolicy) List(ctx context.Context, filters datastore.OptionalMap, page model.Page) ([]model.ScriptPolicy, error) {
+	var maps []model.ScriptPolicy
+	if err := env.db.Where(filters.Map()).Offset(int((page.Number - 1) * page.Size)).Limit(int(page.Size)).Find(&maps).Error; err != nil {
+		return nil, err
+	}
+
+	return maps, nil
+}
--- a/pkg/datastore/gormstore/scripts.go
+++ b/pkg/datastore/gormstore/scripts.go
@@ -0,0 +1,85 @@
+package gormstore
+
+import (
+	"context"
+	"errors"
+
+	"git.itzana.me/strafesnet/maps-service/pkg/datastore"
+	"git.itzana.me/strafesnet/maps-service/pkg/model"
+	"gorm.io/gorm"
+)
+
+type Scripts struct {
+	db *gorm.DB
+}
+
+func (env *Scripts) Get(ctx context.Context, id int64) (model.Script, error) {
+	var mdl model.Script
+	if err := env.db.First(&mdl, id).Error; err != nil {
+		if errors.Is(err, gorm.ErrRecordNotFound) {
+			return mdl, datastore.ErrNotExist
+		}
+		return mdl, err
+	}
+	return mdl, nil
+}
+
+func (env *Scripts) GetList(ctx context.Context, id []int64) ([]model.Script, error) {
+	var mapList []model.Script
+	if err := env.db.Find(&mapList, "id IN ?", id).Error; err != nil {
+		return mapList, err
+	}
+
+	return mapList, nil
+}
+
+func (env *Scripts) Create(ctx context.Context, smap model.Script) (model.Script, error) {
+	if err := env.db.Create(&smap).Error; err != nil {
+		return smap, err
+	}
+
+	return smap, nil
+}
+
+func (env *Scripts) Update(ctx context.Context, id int64, values datastore.OptionalMap) error {
+	if err := env.db.Model(&model.Script{}).Where("id = ?", id).Updates(values.Map()).Error; err != nil {
+		if err == gorm.ErrRecordNotFound {
+			return datastore.ErrNotExist
+		}
+		return err
+	}
+
+	return nil
+}
+
+// the update can only occur if the status matches one of the provided values.
+func (env *Scripts) IfStatusThenUpdate(ctx context.Context, id int64, statuses []model.Status, values datastore.OptionalMap) error {
+	if err := env.db.Model(&model.Script{}).Where("id = ?", id).Where("status IN ?", statuses).Updates(values.Map()).Error; err != nil {
+		if err == gorm.ErrRecordNotFound {
+			return datastore.ErrNotExist
+		}
+		return err
+	}
+
+	return nil
+}
+
+func (env *Scripts) Delete(ctx context.Context, id int64) error {
+	if err := env.db.Delete(&model.Script{}, id).Error; err != nil {
+		if err == gorm.ErrRecordNotFound {
+			return datastore.ErrNotExist
+		}
+		return err
+	}
+
+	return nil
+}
+
+func (env *Scripts) List(ctx context.Context, filters datastore.OptionalMap, page model.Page) ([]model.Script, error) {
+	var maps []model.Script
+	if err := env.db.Where(filters.Map()).Offset(int((page.Number - 1) * page.Size)).Limit(int(page.Size)).Find(&maps).Error; err != nil {
+		return nil, err
+	}
+
+	return maps, nil
+}
--- a/pkg/datastore/gormstore/submissions.go
+++ b/pkg/datastore/gormstore/submissions.go
@@ -0,0 +1,109 @@
+package gormstore
+
+import (
+	"context"
+	"errors"
+
+	"git.itzana.me/strafesnet/maps-service/pkg/datastore"
+	"git.itzana.me/strafesnet/maps-service/pkg/model"
+	"gorm.io/gorm"
+	"gorm.io/gorm/clause"
+)
+
+type Submissions struct {
+	db *gorm.DB
+}
+
+func (env *Submissions) Get(ctx context.Context, id int64) (model.Submission, error) {
+	var submission model.Submission
+	if err := env.db.First(&submission, id).Error; err != nil {
+		if errors.Is(err, gorm.ErrRecordNotFound) {
+			return submission, datastore.ErrNotExist
+		}
+		return submission, err
+	}
+	return submission, nil
+}
+
+func (env *Submissions) GetList(ctx context.Context, id []int64) ([]model.Submission, error) {
+	var mapList []model.Submission
+	if err := env.db.Find(&mapList, "id IN ?", id).Error; err != nil {
+		return mapList, err
+	}
+
+	return mapList, nil
+}
+
+func (env *Submissions) Create(ctx context.Context, smap model.Submission) (model.Submission, error) {
+	if err := env.db.Create(&smap).Error; err != nil {
+		return smap, err
+	}
+
+	return smap, nil
+}
+
+func (env *Submissions) Update(ctx context.Context, id int64, values datastore.OptionalMap) error {
+	if err := env.db.Model(&model.Submission{}).Where("id = ?", id).Updates(values.Map()).Error; err != nil {
+		if err == gorm.ErrRecordNotFound {
+			return datastore.ErrNotExist
+		}
+		return err
+	}
+
+	return nil
+}
+
+// the update can only occur if the status matches one of the provided values.
+func (env *Submissions) IfStatusThenUpdate(ctx context.Context, id int64, statuses []model.Status, values datastore.OptionalMap) error {
+	if err := env.db.Model(&model.Submission{}).Where("id = ?", id).Where("status_id IN ?", statuses).Updates(values.Map()).Error; err != nil {
+		if err == gorm.ErrRecordNotFound {
+			return datastore.ErrNotExist
+		}
+		return err
+	}
+
+	return nil
+}
+
+// the update can only occur if the status matches one of the provided values.
+// returns the updated value
+func (env *Submissions) IfStatusThenUpdateAndGet(ctx context.Context, id int64, statuses []model.Status, values datastore.OptionalMap) (model.Submission, error) {
+	var submission model.Submission
+	result := env.db.Model(&submission).
+		Clauses(clause.Returning{}).
+		Where("id = ?", id).
+		Where("status_id IN ?", statuses).
+		Updates(values.Map())
+	if result.Error != nil {
+		if result.Error == gorm.ErrRecordNotFound {
+			return submission, datastore.ErrNotExist
+		}
+		return submission, result.Error
+	}
+
+	if result.RowsAffected == 0 {
+		return submission, datastore.ErroNoRowsAffected
+	}
+
+	return submission, nil
+}
+
+func (env *Submissions) Delete(ctx context.Context, id int64) error {
+	if err := env.db.Delete(&model.Submission{}, id).Error; err != nil {
+		if err == gorm.ErrRecordNotFound {
+			return datastore.ErrNotExist
+		}
+		return err
+	}
+
+	return nil
+}
+
+func (env *Submissions) List(ctx context.Context, filters datastore.OptionalMap, page model.Page) ([]model.Submission, error) {
+	var maps []model.Submission
+	if err := env.db.Where(filters.Map()).Offset(int((page.Number - 1) * page.Size)).Limit(int(page.Size)).Find(&maps).Error; err != nil {
+		return nil, err
+	}
+
+	return maps, nil
+}
--- a/pkg/internal/oas_cfg_gen.go
+++ b/pkg/internal/oas_cfg_gen.go
@@ -0,0 +1,283 @@
+// Code generated by ogen, DO NOT EDIT.
+
+package api
+
+import (
+	"net/http"
+
+	"go.opentelemetry.io/otel"
+	"go.opentelemetry.io/otel/metric"
+	"go.opentelemetry.io/otel/trace"
+
+	ht "github.com/ogen-go/ogen/http"
+	"github.com/ogen-go/ogen/middleware"
+	"github.com/ogen-go/ogen/ogenerrors"
+	"github.com/ogen-go/ogen/otelogen"
+)
+
+var (
+	// Allocate option closure once.
+	clientSpanKind = trace.WithSpanKind(trace.SpanKindClient)
+	// Allocate option closure once.
+	serverSpanKind = trace.WithSpanKind(trace.SpanKindServer)
+)
+
+type (
+	optionFunc[C any] func(*C)
+	otelOptionFunc    func(*otelConfig)
+)
+
+type otelConfig struct {
+	TracerProvider trace.TracerProvider
+	Tracer         trace.Tracer
+	MeterProvider  metric.MeterProvider
+	Meter          metric.Meter
+}
+
+func (cfg *otelConfig) initOTEL() {
+	if cfg.TracerProvider == nil {
+		cfg.TracerProvider = otel.GetTracerProvider()
+	}
+	if cfg.MeterProvider == nil {
+		cfg.MeterProvider = otel.GetMeterProvider()
+	}
+	cfg.Tracer = cfg.TracerProvider.Tracer(otelogen.Name,
+		trace.WithInstrumentationVersion(otelogen.SemVersion()),
+	)
+	cfg.Meter = cfg.MeterProvider.Meter(otelogen.Name,
+		metric.WithInstrumentationVersion(otelogen.SemVersion()),
+	)
+}
+
+// ErrorHandler is error handler.
+type ErrorHandler = ogenerrors.ErrorHandler
+
+type serverConfig struct {
+	otelConfig
+	NotFound           http.HandlerFunc
+	MethodNotAllowed   func(w http.ResponseWriter, r *http.Request, allowed string)
+	ErrorHandler       ErrorHandler
+	Prefix             string
+	Middleware         Middleware
+	MaxMultipartMemory int64
+}
+
+// ServerOption is server config option.
+type ServerOption interface {
+	applyServer(*serverConfig)
+}
+
+var _ ServerOption = (optionFunc[serverConfig])(nil)
+
+func (o optionFunc[C]) applyServer(c *C) {
+	o(c)
+}
+
+var _ ServerOption = (otelOptionFunc)(nil)
+
+func (o otelOptionFunc) applyServer(c *serverConfig) {
+	o(&c.otelConfig)
+}
+
+func newServerConfig(opts ...ServerOption) serverConfig {
+	cfg := serverConfig{
+		NotFound: http.NotFound,
+		MethodNotAllowed: func(w http.ResponseWriter, r *http.Request, allowed string) {
+			status := http.StatusMethodNotAllowed
+			if r.Method == "OPTIONS" {
+				w.Header().Set("Access-Control-Allow-Methods", allowed)
+				w.Header().Set("Access-Control-Allow-Headers", "Content-Type")
+				status = http.StatusNoContent
+			} else {
+				w.Header().Set("Allow", allowed)
+			}
+			w.WriteHeader(status)
+		},
+		ErrorHandler:       ogenerrors.DefaultErrorHandler,
+		Middleware:         nil,
+		MaxMultipartMemory: 32 << 20, // 32 MB
+	}
+	for _, opt := range opts {
+		opt.applyServer(&cfg)
+	}
+	cfg.initOTEL()
+	return cfg
+}
+
+type baseServer struct {
+	cfg      serverConfig
+	requests metric.Int64Counter
+	errors   metric.Int64Counter
+	duration metric.Float64Histogram
+}
+
+func (s baseServer) notFound(w http.ResponseWriter, r *http.Request) {
+	s.cfg.NotFound(w, r)
+}
+
+func (s baseServer) notAllowed(w http.ResponseWriter, r *http.Request, allowed string) {
+	s.cfg.MethodNotAllowed(w, r, allowed)
+}
+
+func (cfg serverConfig) baseServer() (s baseServer, err error) {
+	s = baseServer{cfg: cfg}
+	if s.requests, err = otelogen.ServerRequestCountCounter(s.cfg.Meter); err != nil {
+		return s, err
+	}
+	if s.errors, err = otelogen.ServerErrorsCountCounter(s.cfg.Meter); err != nil {
+		return s, err
+	}
+	if s.duration, err = otelogen.ServerDurationHistogram(s.cfg.Meter); err != nil {
+		return s, err
+	}
+	return s, nil
+}
+
+type clientConfig struct {
+	otelConfig
+	Client ht.Client
+}
+
+// ClientOption is client config option.
+type ClientOption interface {
+	applyClient(*clientConfig)
+}
+
+var _ ClientOption = (optionFunc[clientConfig])(nil)
+
+func (o optionFunc[C]) applyClient(c *C) {
+	o(c)
+}
+
+var _ ClientOption = (otelOptionFunc)(nil)
+
+func (o otelOptionFunc) applyClient(c *clientConfig) {
+	o(&c.otelConfig)
+}
+
+func newClientConfig(opts ...ClientOption) clientConfig {
+	cfg := clientConfig{
+		Client: http.DefaultClient,
+	}
+	for _, opt := range opts {
+		opt.applyClient(&cfg)
+	}
+	cfg.initOTEL()
+	return cfg
+}
+
+type baseClient struct {
+	cfg      clientConfig
+	requests metric.Int64Counter
+	errors   metric.Int64Counter
+	duration metric.Float64Histogram
+}
+
+func (cfg clientConfig) baseClient() (c baseClient, err error) {
+	c = baseClient{cfg: cfg}
+	if c.requests, err = otelogen.ClientRequestCountCounter(c.cfg.Meter); err != nil {
+		return c, err
+	}
+	if c.errors, err = otelogen.ClientErrorsCountCounter(c.cfg.Meter); err != nil {
+		return c, err
+	}
+	if c.duration, err = otelogen.ClientDurationHistogram(c.cfg.Meter); err != nil {
+		return c, err
+	}
+	return c, nil
+}
+
+// Option is config option.
+type Option interface {
+	ServerOption
+	ClientOption
+}
+
+// WithTracerProvider specifies a tracer provider to use for creating a tracer.
+//
+// If none is specified, the global provider is used.
+func WithTracerProvider(provider trace.TracerProvider) Option {
+	return otelOptionFunc(func(cfg *otelConfig) {
+		if provider != nil {
+			cfg.TracerProvider = provider
+		}
+	})
+}
+
+// WithMeterProvider specifies a meter provider to use for creating a meter.
+//
+// If none is specified, the otel.GetMeterProvider() is used.
+func WithMeterProvider(provider metric.MeterProvider) Option {
+	return otelOptionFunc(func(cfg *otelConfig) {
+		if provider != nil {
+			cfg.MeterProvider = provider
+		}
+	})
+}
+
+// WithClient specifies http client to use.
+func WithClient(client ht.Client) ClientOption {
+	return optionFunc[clientConfig](func(cfg *clientConfig) {
+		if client != nil {
+			cfg.Client = client
+		}
+	})
+}
+
+// WithNotFound specifies Not Found handler to use.
+func WithNotFound(notFound http.HandlerFunc) ServerOption {
+	return optionFunc[serverConfig](func(cfg *serverConfig) {
+		if notFound != nil {
+			cfg.NotFound = notFound
+		}
+	})
+}
+
+// WithMethodNotAllowed specifies Method Not Allowed handler to use.
+func WithMethodNotAllowed(methodNotAllowed func(w http.ResponseWriter, r *http.Request, allowed string)) ServerOption {
+	return optionFunc[serverConfig](func(cfg *serverConfig) {
+		if methodNotAllowed != nil {
+			cfg.MethodNotAllowed = methodNotAllowed
+		}
+	})
+}
+
+// WithErrorHandler specifies error handler to use.
+func WithErrorHandler(h ErrorHandler) ServerOption {
+	return optionFunc[serverConfig](func(cfg *serverConfig) {
+		if h != nil {
+			cfg.ErrorHandler = h
+		}
+	})
+}
+
+// WithPathPrefix specifies server path prefix.
+func WithPathPrefix(prefix string) ServerOption {
+	return optionFunc[serverConfig](func(cfg *serverConfig) {
+		cfg.Prefix = prefix
+	})
+}
+
+// WithMiddleware specifies middlewares to use.
+func WithMiddleware(m ...Middleware) ServerOption {
+	return optionFunc[serverConfig](func(cfg *serverConfig) {
+		switch len(m) {
+		case 0:
+			cfg.Middleware = nil
+		case 1:
+			cfg.Middleware = m[0]
+		default:
+			cfg.Middleware = middleware.ChainMiddlewares(m...)
+		}
+	})
+}
+
+// WithMaxMultipartMemory specifies limit of memory for storing file parts.
+// File parts which can't be stored in memory will be stored on disk in temporary files.
+func WithMaxMultipartMemory(max int64) ServerOption {
+	return optionFunc[serverConfig](func(cfg *serverConfig) {
+		if max > 0 {
+			cfg.MaxMultipartMemory = max
+		}
+	})
+}
--- a/pkg/internal/oas_client_gen.go
+++ b/pkg/internal/oas_client_gen.go
--- a/pkg/internal/oas_handlers_gen.go
+++ b/pkg/internal/oas_handlers_gen.go
--- a/pkg/internal/oas_json_gen.go
+++ b/pkg/internal/oas_json_gen.go
@@ -0,0 +1,828 @@
+// Code generated by ogen, DO NOT EDIT.
+
+package api
+
+import (
+	"math/bits"
+	"strconv"
+
+	"github.com/go-faster/errors"
+	"github.com/go-faster/jx"
+
+	"github.com/ogen-go/ogen/validate"
+)
+
+// Encode implements json.Marshaler.
+func (s *Error) Encode(e *jx.Encoder) {
+	e.ObjStart()
+	s.encodeFields(e)
+	e.ObjEnd()
+}
+
+// encodeFields encodes fields.
+func (s *Error) encodeFields(e *jx.Encoder) {
+	{
+		e.FieldStart("code")
+		e.Int64(s.Code)
+	}
+	{
+		e.FieldStart("message")
+		e.Str(s.Message)
+	}
+}
+
+var jsonFieldsNameOfError = [2]string{
+	0: "code",
+	1: "message",
+}
+
+// Decode decodes Error from json.
+func (s *Error) Decode(d *jx.Decoder) error {
+	if s == nil {
+		return errors.New("invalid: unable to decode Error to nil")
+	}
+	var requiredBitSet [1]uint8
+
+	if err := d.ObjBytes(func(d *jx.Decoder, k []byte) error {
+		switch string(k) {
+		case "code":
+			requiredBitSet[0] |= 1 << 0
+			if err := func() error {
+				v, err := d.Int64()
+				s.Code = int64(v)
+				if err != nil {
+					return err
+				}
+				return nil
+			}(); err != nil {
+				return errors.Wrap(err, "decode field \"code\"")
+			}
+		case "message":
+			requiredBitSet[0] |= 1 << 1
+			if err := func() error {
+				v, err := d.Str()
+				s.Message = string(v)
+				if err != nil {
+					return err
+				}
+				return nil
+			}(); err != nil {
+				return errors.Wrap(err, "decode field \"message\"")
+			}
+		default:
+			return d.Skip()
+		}
+		return nil
+	}); err != nil {
+		return errors.Wrap(err, "decode Error")
+	}
+	// Validate required fields.
+	var failures []validate.FieldError
+	for i, mask := range [1]uint8{
+		0b00000011,
+	} {
+		if result := (requiredBitSet[i] & mask) ^ mask; result != 0 {
+			// Mask only required fields and check equality to mask using XOR.
+			//
+			// If XOR result is not zero, result is not equal to expected, so some fields are missed.
+			// Bits of fields which would be set are actually bits of missed fields.
+			missed := bits.OnesCount8(result)
+			for bitN := 0; bitN < missed; bitN++ {
+				bitIdx := bits.TrailingZeros8(result)
+				fieldIdx := i*8 + bitIdx
+				var name string
+				if fieldIdx < len(jsonFieldsNameOfError) {
+					name = jsonFieldsNameOfError[fieldIdx]
+				} else {
+					name = strconv.Itoa(fieldIdx)
+				}
+				failures = append(failures, validate.FieldError{
+					Name:  name,
+					Error: validate.ErrFieldRequired,
+				})
+				// Reset bit.
+				result &^= 1 << bitIdx
+			}
+		}
+	}
+	if len(failures) > 0 {
+		return &validate.Error{Fields: failures}
+	}
+
+	return nil
+}
+
+// MarshalJSON implements stdjson.Marshaler.
+func (s *Error) MarshalJSON() ([]byte, error) {
+	e := jx.Encoder{}
+	s.Encode(&e)
+	return e.Bytes(), nil
+}
+
+// UnmarshalJSON implements stdjson.Unmarshaler.
+func (s *Error) UnmarshalJSON(data []byte) error {
+	d := jx.DecodeBytes(data)
+	return s.Decode(d)
+}
+
+// Encode implements json.Marshaler.
+func (s *ID) Encode(e *jx.Encoder) {
+	e.ObjStart()
+	s.encodeFields(e)
+	e.ObjEnd()
+}
+
+// encodeFields encodes fields.
+func (s *ID) encodeFields(e *jx.Encoder) {
+	{
+		e.FieldStart("ID")
+		e.Int64(s.ID)
+	}
+}
+
+var jsonFieldsNameOfID = [1]string{
+	0: "ID",
+}
+
+// Decode decodes ID from json.
+func (s *ID) Decode(d *jx.Decoder) error {
+	if s == nil {
+		return errors.New("invalid: unable to decode ID to nil")
+	}
+	var requiredBitSet [1]uint8
+
+	if err := d.ObjBytes(func(d *jx.Decoder, k []byte) error {
+		switch string(k) {
+		case "ID":
+			requiredBitSet[0] |= 1 << 0
+			if err := func() error {
+				v, err := d.Int64()
+				s.ID = int64(v)
+				if err != nil {
+					return err
+				}
+				return nil
+			}(); err != nil {
+				return errors.Wrap(err, "decode field \"ID\"")
+			}
+		default:
+			return d.Skip()
+		}
+		return nil
+	}); err != nil {
+		return errors.Wrap(err, "decode ID")
+	}
+	// Validate required fields.
+	var failures []validate.FieldError
+	for i, mask := range [1]uint8{
+		0b00000001,
+	} {
+		if result := (requiredBitSet[i] & mask) ^ mask; result != 0 {
+			// Mask only required fields and check equality to mask using XOR.
+			//
+			// If XOR result is not zero, result is not equal to expected, so some fields are missed.
+			// Bits of fields which would be set are actually bits of missed fields.
+			missed := bits.OnesCount8(result)
+			for bitN := 0; bitN < missed; bitN++ {
+				bitIdx := bits.TrailingZeros8(result)
+				fieldIdx := i*8 + bitIdx
+				var name string
+				if fieldIdx < len(jsonFieldsNameOfID) {
+					name = jsonFieldsNameOfID[fieldIdx]
+				} else {
+					name = strconv.Itoa(fieldIdx)
+				}
+				failures = append(failures, validate.FieldError{
+					Name:  name,
+					Error: validate.ErrFieldRequired,
+				})
+				// Reset bit.
+				result &^= 1 << bitIdx
+			}
+		}
+	}
+	if len(failures) > 0 {
+		return &validate.Error{Fields: failures}
+	}
+
+	return nil
+}
+
+// MarshalJSON implements stdjson.Marshaler.
+func (s *ID) MarshalJSON() ([]byte, error) {
+	e := jx.Encoder{}
+	s.Encode(&e)
+	return e.Bytes(), nil
+}
+
+// UnmarshalJSON implements stdjson.Unmarshaler.
+func (s *ID) UnmarshalJSON(data []byte) error {
+	d := jx.DecodeBytes(data)
+	return s.Decode(d)
+}
+
+// Encode encodes int64 as json.
+func (o OptInt64) Encode(e *jx.Encoder) {
+	if !o.Set {
+		return
+	}
+	e.Int64(int64(o.Value))
+}
+
+// Decode decodes int64 from json.
+func (o *OptInt64) Decode(d *jx.Decoder) error {
+	if o == nil {
+		return errors.New("invalid: unable to decode OptInt64 to nil")
+	}
+	o.Set = true
+	v, err := d.Int64()
+	if err != nil {
+		return err
+	}
+	o.Value = int64(v)
+	return nil
+}
+
+// MarshalJSON implements stdjson.Marshaler.
+func (s OptInt64) MarshalJSON() ([]byte, error) {
+	e := jx.Encoder{}
+	s.Encode(&e)
+	return e.Bytes(), nil
+}
+
+// UnmarshalJSON implements stdjson.Unmarshaler.
+func (s *OptInt64) UnmarshalJSON(data []byte) error {
+	d := jx.DecodeBytes(data)
+	return s.Decode(d)
+}
+
+// Encode implements json.Marshaler.
+func (s *Script) Encode(e *jx.Encoder) {
+	e.ObjStart()
+	s.encodeFields(e)
+	e.ObjEnd()
+}
+
+// encodeFields encodes fields.
+func (s *Script) encodeFields(e *jx.Encoder) {
+	{
+		e.FieldStart("ID")
+		e.Int64(s.ID)
+	}
+	{
+		e.FieldStart("Name")
+		e.Str(s.Name)
+	}
+	{
+		e.FieldStart("Hash")
+		e.Str(s.Hash)
+	}
+	{
+		e.FieldStart("Source")
+		e.Str(s.Source)
+	}
+	{
+		e.FieldStart("SubmissionID")
+		e.Int64(s.SubmissionID)
+	}
+}
+
+var jsonFieldsNameOfScript = [5]string{
+	0: "ID",
+	1: "Name",
+	2: "Hash",
+	3: "Source",
+	4: "SubmissionID",
+}
+
+// Decode decodes Script from json.
+func (s *Script) Decode(d *jx.Decoder) error {
+	if s == nil {
+		return errors.New("invalid: unable to decode Script to nil")
+	}
+	var requiredBitSet [1]uint8
+
+	if err := d.ObjBytes(func(d *jx.Decoder, k []byte) error {
+		switch string(k) {
+		case "ID":
+			requiredBitSet[0] |= 1 << 0
+			if err := func() error {
+				v, err := d.Int64()
+				s.ID = int64(v)
+				if err != nil {
+					return err
+				}
+				return nil
+			}(); err != nil {
+				return errors.Wrap(err, "decode field \"ID\"")
+			}
+		case "Name":
+			requiredBitSet[0] |= 1 << 1
+			if err := func() error {
+				v, err := d.Str()
+				s.Name = string(v)
+				if err != nil {
+					return err
+				}
+				return nil
+			}(); err != nil {
+				return errors.Wrap(err, "decode field \"Name\"")
+			}
+		case "Hash":
+			requiredBitSet[0] |= 1 << 2
+			if err := func() error {
+				v, err := d.Str()
+				s.Hash = string(v)
+				if err != nil {
+					return err
+				}
+				return nil
+			}(); err != nil {
+				return errors.Wrap(err, "decode field \"Hash\"")
+			}
+		case "Source":
+			requiredBitSet[0] |= 1 << 3
+			if err := func() error {
+				v, err := d.Str()
+				s.Source = string(v)
+				if err != nil {
+					return err
+				}
+				return nil
+			}(); err != nil {
+				return errors.Wrap(err, "decode field \"Source\"")
+			}
+		case "SubmissionID":
+			requiredBitSet[0] |= 1 << 4
+			if err := func() error {
+				v, err := d.Int64()
+				s.SubmissionID = int64(v)
+				if err != nil {
+					return err
+				}
+				return nil
+			}(); err != nil {
+				return errors.Wrap(err, "decode field \"SubmissionID\"")
+			}
+		default:
+			return d.Skip()
+		}
+		return nil
+	}); err != nil {
+		return errors.Wrap(err, "decode Script")
+	}
+	// Validate required fields.
+	var failures []validate.FieldError
+	for i, mask := range [1]uint8{
+		0b00011111,
+	} {
+		if result := (requiredBitSet[i] & mask) ^ mask; result != 0 {
+			// Mask only required fields and check equality to mask using XOR.
+			//
+			// If XOR result is not zero, result is not equal to expected, so some fields are missed.
+			// Bits of fields which would be set are actually bits of missed fields.
+			missed := bits.OnesCount8(result)
+			for bitN := 0; bitN < missed; bitN++ {
+				bitIdx := bits.TrailingZeros8(result)
+				fieldIdx := i*8 + bitIdx
+				var name string
+				if fieldIdx < len(jsonFieldsNameOfScript) {
+					name = jsonFieldsNameOfScript[fieldIdx]
+				} else {
+					name = strconv.Itoa(fieldIdx)
+				}
+				failures = append(failures, validate.FieldError{
+					Name:  name,
+					Error: validate.ErrFieldRequired,
+				})
+				// Reset bit.
+				result &^= 1 << bitIdx
+			}
+		}
+	}
+	if len(failures) > 0 {
+		return &validate.Error{Fields: failures}
+	}
+
+	return nil
+}
+
+// MarshalJSON implements stdjson.Marshaler.
+func (s *Script) MarshalJSON() ([]byte, error) {
+	e := jx.Encoder{}
+	s.Encode(&e)
+	return e.Bytes(), nil
+}
+
+// UnmarshalJSON implements stdjson.Unmarshaler.
+func (s *Script) UnmarshalJSON(data []byte) error {
+	d := jx.DecodeBytes(data)
+	return s.Decode(d)
+}
+
+// Encode implements json.Marshaler.
+func (s *ScriptCreate) Encode(e *jx.Encoder) {
+	e.ObjStart()
+	s.encodeFields(e)
+	e.ObjEnd()
+}
+
+// encodeFields encodes fields.
+func (s *ScriptCreate) encodeFields(e *jx.Encoder) {
+	{
+		e.FieldStart("Name")
+		e.Str(s.Name)
+	}
+	{
+		e.FieldStart("Source")
+		e.Str(s.Source)
+	}
+	{
+		if s.SubmissionID.Set {
+			e.FieldStart("SubmissionID")
+			s.SubmissionID.Encode(e)
+		}
+	}
+}
+
+var jsonFieldsNameOfScriptCreate = [3]string{
+	0: "Name",
+	1: "Source",
+	2: "SubmissionID",
+}
+
+// Decode decodes ScriptCreate from json.
+func (s *ScriptCreate) Decode(d *jx.Decoder) error {
+	if s == nil {
+		return errors.New("invalid: unable to decode ScriptCreate to nil")
+	}
+	var requiredBitSet [1]uint8
+
+	if err := d.ObjBytes(func(d *jx.Decoder, k []byte) error {
+		switch string(k) {
+		case "Name":
+			requiredBitSet[0] |= 1 << 0
+			if err := func() error {
+				v, err := d.Str()
+				s.Name = string(v)
+				if err != nil {
+					return err
+				}
+				return nil
+			}(); err != nil {
+				return errors.Wrap(err, "decode field \"Name\"")
+			}
+		case "Source":
+			requiredBitSet[0] |= 1 << 1
+			if err := func() error {
+				v, err := d.Str()
+				s.Source = string(v)
+				if err != nil {
+					return err
+				}
+				return nil
+			}(); err != nil {
+				return errors.Wrap(err, "decode field \"Source\"")
+			}
+		case "SubmissionID":
+			if err := func() error {
+				s.SubmissionID.Reset()
+				if err := s.SubmissionID.Decode(d); err != nil {
+					return err
+				}
+				return nil
+			}(); err != nil {
+				return errors.Wrap(err, "decode field \"SubmissionID\"")
+			}
+		default:
+			return d.Skip()
+		}
+		return nil
+	}); err != nil {
+		return errors.Wrap(err, "decode ScriptCreate")
+	}
+	// Validate required fields.
+	var failures []validate.FieldError
+	for i, mask := range [1]uint8{
+		0b00000011,
+	} {
+		if result := (requiredBitSet[i] & mask) ^ mask; result != 0 {
+			// Mask only required fields and check equality to mask using XOR.
+			//
+			// If XOR result is not zero, result is not equal to expected, so some fields are missed.
+			// Bits of fields which would be set are actually bits of missed fields.
+			missed := bits.OnesCount8(result)
+			for bitN := 0; bitN < missed; bitN++ {
+				bitIdx := bits.TrailingZeros8(result)
+				fieldIdx := i*8 + bitIdx
+				var name string
+				if fieldIdx < len(jsonFieldsNameOfScriptCreate) {
+					name = jsonFieldsNameOfScriptCreate[fieldIdx]
+				} else {
+					name = strconv.Itoa(fieldIdx)
+				}
+				failures = append(failures, validate.FieldError{
+					Name:  name,
+					Error: validate.ErrFieldRequired,
+				})
+				// Reset bit.
+				result &^= 1 << bitIdx
+			}
+		}
+	}
+	if len(failures) > 0 {
+		return &validate.Error{Fields: failures}
+	}
+
+	return nil
+}
+
+// MarshalJSON implements stdjson.Marshaler.
+func (s *ScriptCreate) MarshalJSON() ([]byte, error) {
+	e := jx.Encoder{}
+	s.Encode(&e)
+	return e.Bytes(), nil
+}
+
+// UnmarshalJSON implements stdjson.Unmarshaler.
+func (s *ScriptCreate) UnmarshalJSON(data []byte) error {
+	d := jx.DecodeBytes(data)
+	return s.Decode(d)
+}
+
+// Encode implements json.Marshaler.
+func (s *ScriptPolicy) Encode(e *jx.Encoder) {
+	e.ObjStart()
+	s.encodeFields(e)
+	e.ObjEnd()
+}
+
+// encodeFields encodes fields.
+func (s *ScriptPolicy) encodeFields(e *jx.Encoder) {
+	{
+		e.FieldStart("ID")
+		e.Int64(s.ID)
+	}
+	{
+		e.FieldStart("FromScriptHash")
+		e.Str(s.FromScriptHash)
+	}
+	{
+		e.FieldStart("ToScriptID")
+		e.Int64(s.ToScriptID)
+	}
+	{
+		e.FieldStart("Policy")
+		e.Int32(s.Policy)
+	}
+}
+
+var jsonFieldsNameOfScriptPolicy = [4]string{
+	0: "ID",
+	1: "FromScriptHash",
+	2: "ToScriptID",
+	3: "Policy",
+}
+
+// Decode decodes ScriptPolicy from json.
+func (s *ScriptPolicy) Decode(d *jx.Decoder) error {
+	if s == nil {
+		return errors.New("invalid: unable to decode ScriptPolicy to nil")
+	}
+	var requiredBitSet [1]uint8
+
+	if err := d.ObjBytes(func(d *jx.Decoder, k []byte) error {
+		switch string(k) {
+		case "ID":
+			requiredBitSet[0] |= 1 << 0
+			if err := func() error {
+				v, err := d.Int64()
+				s.ID = int64(v)
+				if err != nil {
+					return err
+				}
+				return nil
+			}(); err != nil {
+				return errors.Wrap(err, "decode field \"ID\"")
+			}
+		case "FromScriptHash":
+			requiredBitSet[0] |= 1 << 1
+			if err := func() error {
+				v, err := d.Str()
+				s.FromScriptHash = string(v)
+				if err != nil {
+					return err
+				}
+				return nil
+			}(); err != nil {
+				return errors.Wrap(err, "decode field \"FromScriptHash\"")
+			}
+		case "ToScriptID":
+			requiredBitSet[0] |= 1 << 2
+			if err := func() error {
+				v, err := d.Int64()
+				s.ToScriptID = int64(v)
+				if err != nil {
+					return err
+				}
+				return nil
+			}(); err != nil {
+				return errors.Wrap(err, "decode field \"ToScriptID\"")
+			}
+		case "Policy":
+			requiredBitSet[0] |= 1 << 3
+			if err := func() error {
+				v, err := d.Int32()
+				s.Policy = int32(v)
+				if err != nil {
+					return err
+				}
+				return nil
+			}(); err != nil {
+				return errors.Wrap(err, "decode field \"Policy\"")
+			}
+		default:
+			return d.Skip()
+		}
+		return nil
+	}); err != nil {
+		return errors.Wrap(err, "decode ScriptPolicy")
+	}
+	// Validate required fields.
+	var failures []validate.FieldError
+	for i, mask := range [1]uint8{
+		0b00001111,
+	} {
+		if result := (requiredBitSet[i] & mask) ^ mask; result != 0 {
+			// Mask only required fields and check equality to mask using XOR.
+			//
+			// If XOR result is not zero, result is not equal to expected, so some fields are missed.
+			// Bits of fields which would be set are actually bits of missed fields.
+			missed := bits.OnesCount8(result)
+			for bitN := 0; bitN < missed; bitN++ {
+				bitIdx := bits.TrailingZeros8(result)
+				fieldIdx := i*8 + bitIdx
+				var name string
+				if fieldIdx < len(jsonFieldsNameOfScriptPolicy) {
+					name = jsonFieldsNameOfScriptPolicy[fieldIdx]
+				} else {
+					name = strconv.Itoa(fieldIdx)
+				}
+				failures = append(failures, validate.FieldError{
+					Name:  name,
+					Error: validate.ErrFieldRequired,
+				})
+				// Reset bit.
+				result &^= 1 << bitIdx
+			}
+		}
+	}
+	if len(failures) > 0 {
+		return &validate.Error{Fields: failures}
+	}
+
+	return nil
+}
+
+// MarshalJSON implements stdjson.Marshaler.
+func (s *ScriptPolicy) MarshalJSON() ([]byte, error) {
+	e := jx.Encoder{}
+	s.Encode(&e)
+	return e.Bytes(), nil
+}
+
+// UnmarshalJSON implements stdjson.Unmarshaler.
+func (s *ScriptPolicy) UnmarshalJSON(data []byte) error {
+	d := jx.DecodeBytes(data)
+	return s.Decode(d)
+}
+
+// Encode implements json.Marshaler.
+func (s *ScriptPolicyCreate) Encode(e *jx.Encoder) {
+	e.ObjStart()
+	s.encodeFields(e)
+	e.ObjEnd()
+}
+
+// encodeFields encodes fields.
+func (s *ScriptPolicyCreate) encodeFields(e *jx.Encoder) {
+	{
+		e.FieldStart("FromScriptID")
+		e.Int64(s.FromScriptID)
+	}
+	{
+		e.FieldStart("ToScriptID")
+		e.Int64(s.ToScriptID)
+	}
+	{
+		e.FieldStart("Policy")
+		e.Int32(s.Policy)
+	}
+}
+
+var jsonFieldsNameOfScriptPolicyCreate = [3]string{
+	0: "FromScriptID",
+	1: "ToScriptID",
+	2: "Policy",
+}
+
+// Decode decodes ScriptPolicyCreate from json.
+func (s *ScriptPolicyCreate) Decode(d *jx.Decoder) error {
+	if s == nil {
+		return errors.New("invalid: unable to decode ScriptPolicyCreate to nil")
+	}
+	var requiredBitSet [1]uint8
+
+	if err := d.ObjBytes(func(d *jx.Decoder, k []byte) error {
+		switch string(k) {
+		case "FromScriptID":
+			requiredBitSet[0] |= 1 << 0
+			if err := func() error {
+				v, err := d.Int64()
+				s.FromScriptID = int64(v)
+				if err != nil {
+					return err
+				}
+				return nil
+			}(); err != nil {
+				return errors.Wrap(err, "decode field \"FromScriptID\"")
+			}
+		case "ToScriptID":
+			requiredBitSet[0] |= 1 << 1
+			if err := func() error {
+				v, err := d.Int64()
+				s.ToScriptID = int64(v)
+				if err != nil {
+					return err
+				}
+				return nil
+			}(); err != nil {
+				return errors.Wrap(err, "decode field \"ToScriptID\"")
+			}
+		case "Policy":
+			requiredBitSet[0] |= 1 << 2
+			if err := func() error {
+				v, err := d.Int32()
+				s.Policy = int32(v)
+				if err != nil {
+					return err
+				}
+				return nil
+			}(); err != nil {
+				return errors.Wrap(err, "decode field \"Policy\"")
+			}
+		default:
+			return d.Skip()
+		}
+		return nil
+	}); err != nil {
+		return errors.Wrap(err, "decode ScriptPolicyCreate")
+	}
+	// Validate required fields.
+	var failures []validate.FieldError
+	for i, mask := range [1]uint8{
+		0b00000111,
+	} {
+		if result := (requiredBitSet[i] & mask) ^ mask; result != 0 {
+			// Mask only required fields and check equality to mask using XOR.
+			//
+			// If XOR result is not zero, result is not equal to expected, so some fields are missed.
+			// Bits of fields which would be set are actually bits of missed fields.
+			missed := bits.OnesCount8(result)
+			for bitN := 0; bitN < missed; bitN++ {
+				bitIdx := bits.TrailingZeros8(result)
+				fieldIdx := i*8 + bitIdx
+				var name string
+				if fieldIdx < len(jsonFieldsNameOfScriptPolicyCreate) {
+					name = jsonFieldsNameOfScriptPolicyCreate[fieldIdx]
+				} else {
+					name = strconv.Itoa(fieldIdx)
+				}
+				failures = append(failures, validate.FieldError{
+					Name:  name,
+					Error: validate.ErrFieldRequired,
+				})
+				// Reset bit.
+				result &^= 1 << bitIdx
+			}
+		}
+	}
+	if len(failures) > 0 {
+		return &validate.Error{Fields: failures}
+	}
+
+	return nil
+}
+
+// MarshalJSON implements stdjson.Marshaler.
+func (s *ScriptPolicyCreate) MarshalJSON() ([]byte, error) {
+	e := jx.Encoder{}
+	s.Encode(&e)
+	return e.Bytes(), nil
+}
+
+// UnmarshalJSON implements stdjson.Unmarshaler.
+func (s *ScriptPolicyCreate) UnmarshalJSON(data []byte) error {
+	d := jx.DecodeBytes(data)
+	return s.Decode(d)
+}
--- a/pkg/internal/oas_labeler_gen.go
+++ b/pkg/internal/oas_labeler_gen.go
@@ -0,0 +1,42 @@
+// Code generated by ogen, DO NOT EDIT.
+
+package api
+
+import (
+	"context"
+
+	"go.opentelemetry.io/otel/attribute"
+)
+
+// Labeler is used to allow adding custom attributes to the server request metrics.
+type Labeler struct {
+	attrs []attribute.KeyValue
+}
+
+// Add attributes to the Labeler.
+func (l *Labeler) Add(attrs ...attribute.KeyValue) {
+	l.attrs = append(l.attrs, attrs...)
+}
+
+// AttributeSet returns the attributes added to the Labeler as an attribute.Set.
+func (l *Labeler) AttributeSet() attribute.Set {
+	return attribute.NewSet(l.attrs...)
+}
+
+type labelerContextKey struct{}
+
+// LabelerFromContext retrieves the Labeler from the provided context, if present.
+//
+// If no Labeler was found in the provided context a new, empty Labeler is returned and the second
+// return value is false. In this case it is safe to use the Labeler but any attributes added to
+// it will not be used.
+func LabelerFromContext(ctx context.Context) (*Labeler, bool) {
+	if l, ok := ctx.Value(labelerContextKey{}).(*Labeler); ok {
+		return l, true
+	}
+	return &Labeler{}, false
+}
+
+func contextWithLabeler(ctx context.Context, l *Labeler) context.Context {
+	return context.WithValue(ctx, labelerContextKey{}, l)
+}
--- a/pkg/internal/oas_middleware_gen.go
+++ b/pkg/internal/oas_middleware_gen.go
@@ -0,0 +1,10 @@
+// Code generated by ogen, DO NOT EDIT.
+
+package api
+
+import (
+	"github.com/ogen-go/ogen/middleware"
+)
+
+// Middleware is middleware type.
+type Middleware = middleware.Middleware
--- a/pkg/internal/oas_operations_gen.go
+++ b/pkg/internal/oas_operations_gen.go
@@ -0,0 +1,19 @@
+// Code generated by ogen, DO NOT EDIT.
+
+package api
+
+// OperationName is the ogen operation name
+type OperationName = string
+
+const (
+	ActionSubmissionAcceptedOperation  OperationName = "ActionSubmissionAccepted"
+	ActionSubmissionReleasedOperation  OperationName = "ActionSubmissionReleased"
+	ActionSubmissionUploadedOperation  OperationName = "ActionSubmissionUploaded"
+	ActionSubmissionValidatedOperation OperationName = "ActionSubmissionValidated"
+	CreateScriptOperation              OperationName = "CreateScript"
+	CreateScriptPolicyOperation        OperationName = "CreateScriptPolicy"
+	GetScriptOperation                 OperationName = "GetScript"
+	ListScriptPolicyOperation          OperationName = "ListScriptPolicy"
+	ListScriptsOperation               OperationName = "ListScripts"
+	UpdateSubmissionModelOperation     OperationName = "UpdateSubmissionModel"
+)
--- a/pkg/internal/oas_parameters_gen.go
+++ b/pkg/internal/oas_parameters_gen.go
--- a/pkg/internal/oas_request_decoders_gen.go
+++ b/pkg/internal/oas_request_decoders_gen.go
@@ -0,0 +1,150 @@
+// Code generated by ogen, DO NOT EDIT.
+
+package api
+
+import (
+	"io"
+	"mime"
+	"net/http"
+
+	"github.com/go-faster/errors"
+	"github.com/go-faster/jx"
+	"go.uber.org/multierr"
+
+	"github.com/ogen-go/ogen/ogenerrors"
+	"github.com/ogen-go/ogen/validate"
+)
+
+func (s *Server) decodeCreateScriptRequest(r *http.Request) (
+	req *ScriptCreate,
+	close func() error,
+	rerr error,
+) {
+	var closers []func() error
+	close = func() error {
+		var merr error
+		// Close in reverse order, to match defer behavior.
+		for i := len(closers) - 1; i >= 0; i-- {
+			c := closers[i]
+			merr = multierr.Append(merr, c())
+		}
+		return merr
+	}
+	defer func() {
+		if rerr != nil {
+			rerr = multierr.Append(rerr, close())
+		}
+	}()
+	ct, _, err := mime.ParseMediaType(r.Header.Get("Content-Type"))
+	if err != nil {
+		return req, close, errors.Wrap(err, "parse media type")
+	}
+	switch {
+	case ct == "application/json":
+		if r.ContentLength == 0 {
+			return req, close, validate.ErrBodyRequired
+		}
+		buf, err := io.ReadAll(r.Body)
+		if err != nil {
+			return req, close, err
+		}
+
+		if len(buf) == 0 {
+			return req, close, validate.ErrBodyRequired
+		}
+
+		d := jx.DecodeBytes(buf)
+
+		var request ScriptCreate
+		if err := func() error {
+			if err := request.Decode(d); err != nil {
+				return err
+			}
+			if err := d.Skip(); err != io.EOF {
+				return errors.New("unexpected trailing data")
+			}
+			return nil
+		}(); err != nil {
+			err = &ogenerrors.DecodeBodyError{
+				ContentType: ct,
+				Body:        buf,
+				Err:         err,
+			}
+			return req, close, err
+		}
+		if err := func() error {
+			if err := request.Validate(); err != nil {
+				return err
+			}
+			return nil
+		}(); err != nil {
+			return req, close, errors.Wrap(err, "validate")
+		}
+		return &request, close, nil
+	default:
+		return req, close, validate.InvalidContentType(ct)
+	}
+}
+
+func (s *Server) decodeCreateScriptPolicyRequest(r *http.Request) (
+	req *ScriptPolicyCreate,
+	close func() error,
+	rerr error,
+) {
+	var closers []func() error
+	close = func() error {
+		var merr error
+		// Close in reverse order, to match defer behavior.
+		for i := len(closers) - 1; i >= 0; i-- {
+			c := closers[i]
+			merr = multierr.Append(merr, c())
+		}
+		return merr
+	}
+	defer func() {
+		if rerr != nil {
+			rerr = multierr.Append(rerr, close())
+		}
+	}()
+	ct, _, err := mime.ParseMediaType(r.Header.Get("Content-Type"))
+	if err != nil {
+		return req, close, errors.Wrap(err, "parse media type")
+	}
+	switch {
+	case ct == "application/json":
+		if r.ContentLength == 0 {
+			return req, close, validate.ErrBodyRequired
+		}
+		buf, err := io.ReadAll(r.Body)
+		if err != nil {
+			return req, close, err
+		}
+
+		if len(buf) == 0 {
+			return req, close, validate.ErrBodyRequired
+		}
+
+		d := jx.DecodeBytes(buf)
+
+		var request ScriptPolicyCreate
+		if err := func() error {
+			if err := request.Decode(d); err != nil {
+				return err
+			}
+			if err := d.Skip(); err != io.EOF {
+				return errors.New("unexpected trailing data")
+			}
+			return nil
+		}(); err != nil {
+			err = &ogenerrors.DecodeBodyError{
+				ContentType: ct,
+				Body:        buf,
+				Err:         err,
+			}
+			return req, close, err
+		}
+		return &request, close, nil
+	default:
+		return req, close, validate.InvalidContentType(ct)
+	}
+}
--- a/pkg/internal/oas_request_encoders_gen.go
+++ b/pkg/internal/oas_request_encoders_gen.go
@@ -0,0 +1,40 @@
+// Code generated by ogen, DO NOT EDIT.
+
+package api
+
+import (
+	"bytes"
+	"net/http"
+
+	"github.com/go-faster/jx"
+
+	ht "github.com/ogen-go/ogen/http"
+)
+
+func encodeCreateScriptRequest(
+	req *ScriptCreate,
+	r *http.Request,
+) error {
+	const contentType = "application/json"
+	e := new(jx.Encoder)
+	{
+		req.Encode(e)
+	}
+	encoded := e.Bytes()
+	ht.SetBody(r, bytes.NewReader(encoded), contentType)
+	return nil
+}
+
+func encodeCreateScriptPolicyRequest(
+	req *ScriptPolicyCreate,
+	r *http.Request,
+) error {
+	const contentType = "application/json"
+	e := new(jx.Encoder)
+	{
+		req.Encode(e)
+	}
+	encoded := e.Bytes()
+	ht.SetBody(r, bytes.NewReader(encoded), contentType)
+	return nil
+}
--- a/pkg/internal/oas_response_decoders_gen.go
+++ b/pkg/internal/oas_response_decoders_gen.go
@@ -3,6 +3,7 @@
 package api

 import (
+	"fmt"
 	"io"
 	"mime"
 	"net/http"
@@ -14,10 +15,14 @@ import (
 	"github.com/ogen-go/ogen/validate"
 )

-func decodeCreateSubmissionResponse(resp *http.Response) (res *Submission, _ error) {
+func decodeActionSubmissionAcceptedResponse(resp *http.Response) (res *ActionSubmissionAcceptedNoContent, _ error) {
 	switch resp.StatusCode {
-	case 200:
-		// Code 200.
+	case 204:
+		// Code 204.
+		return &ActionSubmissionAcceptedNoContent{}, nil
+	}
+	// Convenient error response.
+	defRes, err := func() (res *ErrorStatusCode, err error) {
 		ct, _, err := mime.ParseMediaType(resp.Header.Get("Content-Type"))
 		if err != nil {
 			return res, errors.Wrap(err, "parse media type")
@@ -30,7 +35,207 @@ func decodeCreateSubmissionResponse(resp *http.Response) (res *Submission, _ err
 			}
 			d := jx.DecodeBytes(buf)

-			var response Submission
+			var response Error
+			if err := func() error {
+				if err := response.Decode(d); err != nil {
+					return err
+				}
+				if err := d.Skip(); err != io.EOF {
+					return errors.New("unexpected trailing data")
+				}
+				return nil
+			}(); err != nil {
+				err = &ogenerrors.DecodeBodyError{
+					ContentType: ct,
+					Body:        buf,
+					Err:         err,
+				}
+				return res, err
+			}
+			return &ErrorStatusCode{
+				StatusCode: resp.StatusCode,
+				Response:   response,
+			}, nil
+		default:
+			return res, validate.InvalidContentType(ct)
+		}
+	}()
+	if err != nil {
+		return res, errors.Wrapf(err, "default (code %d)", resp.StatusCode)
+	}
+	return res, errors.Wrap(defRes, "error")
+}
+
+func decodeActionSubmissionReleasedResponse(resp *http.Response) (res *ActionSubmissionReleasedNoContent, _ error) {
+	switch resp.StatusCode {
+	case 204:
+		// Code 204.
+		return &ActionSubmissionReleasedNoContent{}, nil
+	}
+	// Convenient error response.
+	defRes, err := func() (res *ErrorStatusCode, err error) {
+		ct, _, err := mime.ParseMediaType(resp.Header.Get("Content-Type"))
+		if err != nil {
+			return res, errors.Wrap(err, "parse media type")
+		}
+		switch {
+		case ct == "application/json":
+			buf, err := io.ReadAll(resp.Body)
+			if err != nil {
+				return res, err
+			}
+			d := jx.DecodeBytes(buf)
+
+			var response Error
+			if err := func() error {
+				if err := response.Decode(d); err != nil {
+					return err
+				}
+				if err := d.Skip(); err != io.EOF {
+					return errors.New("unexpected trailing data")
+				}
+				return nil
+			}(); err != nil {
+				err = &ogenerrors.DecodeBodyError{
+					ContentType: ct,
+					Body:        buf,
+					Err:         err,
+				}
+				return res, err
+			}
+			return &ErrorStatusCode{
+				StatusCode: resp.StatusCode,
+				Response:   response,
+			}, nil
+		default:
+			return res, validate.InvalidContentType(ct)
+		}
+	}()
+	if err != nil {
+		return res, errors.Wrapf(err, "default (code %d)", resp.StatusCode)
+	}
+	return res, errors.Wrap(defRes, "error")
+}
+
+func decodeActionSubmissionUploadedResponse(resp *http.Response) (res *ActionSubmissionUploadedNoContent, _ error) {
+	switch resp.StatusCode {
+	case 204:
+		// Code 204.
+		return &ActionSubmissionUploadedNoContent{}, nil
+	}
+	// Convenient error response.
+	defRes, err := func() (res *ErrorStatusCode, err error) {
+		ct, _, err := mime.ParseMediaType(resp.Header.Get("Content-Type"))
+		if err != nil {
+			return res, errors.Wrap(err, "parse media type")
+		}
+		switch {
+		case ct == "application/json":
+			buf, err := io.ReadAll(resp.Body)
+			if err != nil {
+				return res, err
+			}
+			d := jx.DecodeBytes(buf)
+
+			var response Error
+			if err := func() error {
+				if err := response.Decode(d); err != nil {
+					return err
+				}
+				if err := d.Skip(); err != io.EOF {
+					return errors.New("unexpected trailing data")
+				}
+				return nil
+			}(); err != nil {
+				err = &ogenerrors.DecodeBodyError{
+					ContentType: ct,
+					Body:        buf,
+					Err:         err,
+				}
+				return res, err
+			}
+			return &ErrorStatusCode{
+				StatusCode: resp.StatusCode,
+				Response:   response,
+			}, nil
+		default:
+			return res, validate.InvalidContentType(ct)
+		}
+	}()
+	if err != nil {
+		return res, errors.Wrapf(err, "default (code %d)", resp.StatusCode)
+	}
+	return res, errors.Wrap(defRes, "error")
+}
+
+func decodeActionSubmissionValidatedResponse(resp *http.Response) (res *ActionSubmissionValidatedNoContent, _ error) {
+	switch resp.StatusCode {
+	case 204:
+		// Code 204.
+		return &ActionSubmissionValidatedNoContent{}, nil
+	}
+	// Convenient error response.
+	defRes, err := func() (res *ErrorStatusCode, err error) {
+		ct, _, err := mime.ParseMediaType(resp.Header.Get("Content-Type"))
+		if err != nil {
+			return res, errors.Wrap(err, "parse media type")
+		}
+		switch {
+		case ct == "application/json":
+			buf, err := io.ReadAll(resp.Body)
+			if err != nil {
+				return res, err
+			}
+			d := jx.DecodeBytes(buf)
+
+			var response Error
+			if err := func() error {
+				if err := response.Decode(d); err != nil {
+					return err
+				}
+				if err := d.Skip(); err != io.EOF {
+					return errors.New("unexpected trailing data")
+				}
+				return nil
+			}(); err != nil {
+				err = &ogenerrors.DecodeBodyError{
+					ContentType: ct,
+					Body:        buf,
+					Err:         err,
+				}
+				return res, err
+			}
+			return &ErrorStatusCode{
+				StatusCode: resp.StatusCode,
+				Response:   response,
+			}, nil
+		default:
+			return res, validate.InvalidContentType(ct)
+		}
+	}()
+	if err != nil {
+		return res, errors.Wrapf(err, "default (code %d)", resp.StatusCode)
+	}
+	return res, errors.Wrap(defRes, "error")
+}
+
+func decodeCreateScriptResponse(resp *http.Response) (res *ID, _ error) {
+	switch resp.StatusCode {
+	case 201:
+		// Code 201.
+		ct, _, err := mime.ParseMediaType(resp.Header.Get("Content-Type"))
+		if err != nil {
+			return res, errors.Wrap(err, "parse media type")
+		}
+		switch {
+		case ct == "application/json":
+			buf, err := io.ReadAll(resp.Body)
+			if err != nil {
+				return res, err
+			}
+			d := jx.DecodeBytes(buf)
+
+			var response ID
 			if err := func() error {
 				if err := response.Decode(d); err != nil {
 					return err
@@ -97,10 +302,10 @@ func decodeCreateSubmissionResponse(resp *http.Response) (res *Submission, _ err
 	return res, errors.Wrap(defRes, "error")
 }

-func decodeGetSubmissionResponse(resp *http.Response) (res *Submission, _ error) {
+func decodeCreateScriptPolicyResponse(resp *http.Response) (res *ID, _ error) {
 	switch resp.StatusCode {
-	case 200:
-		// Code 200.
+	case 201:
+		// Code 201.
 		ct, _, err := mime.ParseMediaType(resp.Header.Get("Content-Type"))
 		if err != nil {
 			return res, errors.Wrap(err, "parse media type")
@@ -113,7 +318,7 @@ func decodeGetSubmissionResponse(resp *http.Response) (res *Submission, _ error)
 			}
 			d := jx.DecodeBytes(buf)

-			var response Submission
+			var response ID
 			if err := func() error {
 				if err := response.Decode(d); err != nil {
 					return err
@@ -180,7 +385,7 @@ func decodeGetSubmissionResponse(resp *http.Response) (res *Submission, _ error)
 	return res, errors.Wrap(defRes, "error")
 }

-func decodeListSubmissionsResponse(resp *http.Response) (res []Submission, _ error) {
+func decodeGetScriptResponse(resp *http.Response) (res *Script, _ error) {
 	switch resp.StatusCode {
 	case 200:
 		// Code 200.
@@ -196,11 +401,103 @@ func decodeListSubmissionsResponse(resp *http.Response) (res []Submission, _ err
 			}
 			d := jx.DecodeBytes(buf)

-			var response []Submission
+			var response Script
 			if err := func() error {
-				response = make([]Submission, 0)
+				if err := response.Decode(d); err != nil {
+					return err
+				}
+				if err := d.Skip(); err != io.EOF {
+					return errors.New("unexpected trailing data")
+				}
+				return nil
+			}(); err != nil {
+				err = &ogenerrors.DecodeBodyError{
+					ContentType: ct,
+					Body:        buf,
+					Err:         err,
+				}
+				return res, err
+			}
+			// Validate response.
+			if err := func() error {
+				if err := response.Validate(); err != nil {
+					return err
+				}
+				return nil
+			}(); err != nil {
+				return res, errors.Wrap(err, "validate")
+			}
+			return &response, nil
+		default:
+			return res, validate.InvalidContentType(ct)
+		}
+	}
+	// Convenient error response.
+	defRes, err := func() (res *ErrorStatusCode, err error) {
+		ct, _, err := mime.ParseMediaType(resp.Header.Get("Content-Type"))
+		if err != nil {
+			return res, errors.Wrap(err, "parse media type")
+		}
+		switch {
+		case ct == "application/json":
+			buf, err := io.ReadAll(resp.Body)
+			if err != nil {
+				return res, err
+			}
+			d := jx.DecodeBytes(buf)
+
+			var response Error
+			if err := func() error {
+				if err := response.Decode(d); err != nil {
+					return err
+				}
+				if err := d.Skip(); err != io.EOF {
+					return errors.New("unexpected trailing data")
+				}
+				return nil
+			}(); err != nil {
+				err = &ogenerrors.DecodeBodyError{
+					ContentType: ct,
+					Body:        buf,
+					Err:         err,
+				}
+				return res, err
+			}
+			return &ErrorStatusCode{
+				StatusCode: resp.StatusCode,
+				Response:   response,
+			}, nil
+		default:
+			return res, validate.InvalidContentType(ct)
+		}
+	}()
+	if err != nil {
+		return res, errors.Wrapf(err, "default (code %d)", resp.StatusCode)
+	}
+	return res, errors.Wrap(defRes, "error")
+}
+
+func decodeListScriptPolicyResponse(resp *http.Response) (res []ScriptPolicy, _ error) {
+	switch resp.StatusCode {
+	case 200:
+		// Code 200.
+		ct, _, err := mime.ParseMediaType(resp.Header.Get("Content-Type"))
+		if err != nil {
+			return res, errors.Wrap(err, "parse media type")
+		}
+		switch {
+		case ct == "application/json":
+			buf, err := io.ReadAll(resp.Body)
+			if err != nil {
+				return res, err
+			}
+			d := jx.DecodeBytes(buf)
+
+			var response []ScriptPolicy
+			if err := func() error {
+				response = make([]ScriptPolicy, 0)
 				if err := d.Arr(func(d *jx.Decoder) error {
-					var elem Submission
+					var elem ScriptPolicy
 					if err := elem.Decode(d); err != nil {
 						return err
 					}
@@ -226,6 +523,23 @@ func decodeListSubmissionsResponse(resp *http.Response) (res []Submission, _ err
 				if response == nil {
 					return errors.New("nil is invalid value")
 				}
+				var failures []validate.FieldError
+				for i, elem := range response {
+					if err := func() error {
+						if err := elem.Validate(); err != nil {
+							return err
+						}
+						return nil
+					}(); err != nil {
+						failures = append(failures, validate.FieldError{
+							Name:  fmt.Sprintf("[%d]", i),
+							Error: err,
+						})
+					}
+				}
+				if len(failures) > 0 {
+					return &validate.Error{Fields: failures}
+				}
 				return nil
 			}(); err != nil {
 				return res, errors.Wrap(err, "validate")
@@ -280,11 +594,77 @@ func decodeListSubmissionsResponse(resp *http.Response) (res []Submission, _ err
 	return res, errors.Wrap(defRes, "error")
 }

-func decodePatchSubmissionCompletedResponse(resp *http.Response) (res *PatchSubmissionCompletedOK, _ error) {
+func decodeListScriptsResponse(resp *http.Response) (res []Script, _ error) {
 	switch resp.StatusCode {
 	case 200:
 		// Code 200.
-		return &PatchSubmissionCompletedOK{}, nil
+		ct, _, err := mime.ParseMediaType(resp.Header.Get("Content-Type"))
+		if err != nil {
+			return res, errors.Wrap(err, "parse media type")
+		}
+		switch {
+		case ct == "application/json":
+			buf, err := io.ReadAll(resp.Body)
+			if err != nil {
+				return res, err
+			}
+			d := jx.DecodeBytes(buf)
+
+			var response []Script
+			if err := func() error {
+				response = make([]Script, 0)
+				if err := d.Arr(func(d *jx.Decoder) error {
+					var elem Script
+					if err := elem.Decode(d); err != nil {
+						return err
+					}
+					response = append(response, elem)
+					return nil
+				}); err != nil {
+					return err
+				}
+				if err := d.Skip(); err != io.EOF {
+					return errors.New("unexpected trailing data")
+				}
+				return nil
+			}(); err != nil {
+				err = &ogenerrors.DecodeBodyError{
+					ContentType: ct,
+					Body:        buf,
+					Err:         err,
+				}
+				return res, err
+			}
+			// Validate response.
+			if err := func() error {
+				if response == nil {
+					return errors.New("nil is invalid value")
+				}
+				var failures []validate.FieldError
+				for i, elem := range response {
+					if err := func() error {
+						if err := elem.Validate(); err != nil {
+							return err
+						}
+						return nil
+					}(); err != nil {
+						failures = append(failures, validate.FieldError{
+							Name:  fmt.Sprintf("[%d]", i),
+							Error: err,
+						})
+					}
+				}
+				if len(failures) > 0 {
+					return &validate.Error{Fields: failures}
+				}
+				return nil
+			}(); err != nil {
+				return res, errors.Wrap(err, "validate")
+			}
+			return response, nil
+		default:
+			return res, validate.InvalidContentType(ct)
+		}
 	}
 	// Convenient error response.
 	defRes, err := func() (res *ErrorStatusCode, err error) {
@@ -331,62 +711,11 @@ func decodePatchSubmissionCompletedResponse(resp *http.Response) (res *PatchSubm
 	return res, errors.Wrap(defRes, "error")
 }

-func decodePatchSubmissionModelResponse(resp *http.Response) (res *PatchSubmissionModelOK, _ error) {
+func decodeUpdateSubmissionModelResponse(resp *http.Response) (res *UpdateSubmissionModelNoContent, _ error) {
 	switch resp.StatusCode {
-	case 200:
-		// Code 200.
-		return &PatchSubmissionModelOK{}, nil
-	}
-	// Convenient error response.
-	defRes, err := func() (res *ErrorStatusCode, err error) {
-		ct, _, err := mime.ParseMediaType(resp.Header.Get("Content-Type"))
-		if err != nil {
-			return res, errors.Wrap(err, "parse media type")
-		}
-		switch {
-		case ct == "application/json":
-			buf, err := io.ReadAll(resp.Body)
-			if err != nil {
-				return res, err
-			}
-			d := jx.DecodeBytes(buf)
-
-			var response Error
-			if err := func() error {
-				if err := response.Decode(d); err != nil {
-					return err
-				}
-				if err := d.Skip(); err != io.EOF {
-					return errors.New("unexpected trailing data")
-				}
-				return nil
-			}(); err != nil {
-				err = &ogenerrors.DecodeBodyError{
-					ContentType: ct,
-					Body:        buf,
-					Err:         err,
-				}
-				return res, err
-			}
-			return &ErrorStatusCode{
-				StatusCode: resp.StatusCode,
-				Response:   response,
-			}, nil
-		default:
-			return res, validate.InvalidContentType(ct)
-		}
-	}()
-	if err != nil {
-		return res, errors.Wrapf(err, "default (code %d)", resp.StatusCode)
-	}
-	return res, errors.Wrap(defRes, "error")
-}
-
-func decodePatchSubmissionStatusResponse(resp *http.Response) (res *PatchSubmissionStatusOK, _ error) {
-	switch resp.StatusCode {
-	case 200:
-		// Code 200.
-		return &PatchSubmissionStatusOK{}, nil
+	case 204:
+		// Code 204.
+		return &UpdateSubmissionModelNoContent{}, nil
 	}
 	// Convenient error response.
 	defRes, err := func() (res *ErrorStatusCode, err error) {
--- a/pkg/internal/oas_response_encoders_gen.go
+++ b/pkg/internal/oas_response_encoders_gen.go
@@ -0,0 +1,154 @@
+// Code generated by ogen, DO NOT EDIT.
+
+package api
+
+import (
+	"net/http"
+
+	"github.com/go-faster/errors"
+	"github.com/go-faster/jx"
+	"go.opentelemetry.io/otel/codes"
+	"go.opentelemetry.io/otel/trace"
+
+	ht "github.com/ogen-go/ogen/http"
+)
+
+func encodeActionSubmissionAcceptedResponse(response *ActionSubmissionAcceptedNoContent, w http.ResponseWriter, span trace.Span) error {
+	w.WriteHeader(204)
+	span.SetStatus(codes.Ok, http.StatusText(204))
+
+	return nil
+}
+
+func encodeActionSubmissionReleasedResponse(response *ActionSubmissionReleasedNoContent, w http.ResponseWriter, span trace.Span) error {
+	w.WriteHeader(204)
+	span.SetStatus(codes.Ok, http.StatusText(204))
+
+	return nil
+}
+
+func encodeActionSubmissionUploadedResponse(response *ActionSubmissionUploadedNoContent, w http.ResponseWriter, span trace.Span) error {
+	w.WriteHeader(204)
+	span.SetStatus(codes.Ok, http.StatusText(204))
+
+	return nil
+}
+
+func encodeActionSubmissionValidatedResponse(response *ActionSubmissionValidatedNoContent, w http.ResponseWriter, span trace.Span) error {
+	w.WriteHeader(204)
+	span.SetStatus(codes.Ok, http.StatusText(204))
+
+	return nil
+}
+
+func encodeCreateScriptResponse(response *ID, w http.ResponseWriter, span trace.Span) error {
+	w.Header().Set("Content-Type", "application/json; charset=utf-8")
+	w.WriteHeader(201)
+	span.SetStatus(codes.Ok, http.StatusText(201))
+
+	e := new(jx.Encoder)
+	response.Encode(e)
+	if _, err := e.WriteTo(w); err != nil {
+		return errors.Wrap(err, "write")
+	}
+
+	return nil
+}
+
+func encodeCreateScriptPolicyResponse(response *ID, w http.ResponseWriter, span trace.Span) error {
+	w.Header().Set("Content-Type", "application/json; charset=utf-8")
+	w.WriteHeader(201)
+	span.SetStatus(codes.Ok, http.StatusText(201))
+
+	e := new(jx.Encoder)
+	response.Encode(e)
+	if _, err := e.WriteTo(w); err != nil {
+		return errors.Wrap(err, "write")
+	}
+
+	return nil
+}
+
+func encodeGetScriptResponse(response *Script, w http.ResponseWriter, span trace.Span) error {
+	w.Header().Set("Content-Type", "application/json; charset=utf-8")
+	w.WriteHeader(200)
+	span.SetStatus(codes.Ok, http.StatusText(200))
+
+	e := new(jx.Encoder)
+	response.Encode(e)
+	if _, err := e.WriteTo(w); err != nil {
+		return errors.Wrap(err, "write")
+	}
+
+	return nil
+}
+
+func encodeListScriptPolicyResponse(response []ScriptPolicy, w http.ResponseWriter, span trace.Span) error {
+	w.Header().Set("Content-Type", "application/json; charset=utf-8")
+	w.WriteHeader(200)
+	span.SetStatus(codes.Ok, http.StatusText(200))
+
+	e := new(jx.Encoder)
+	e.ArrStart()
+	for _, elem := range response {
+		elem.Encode(e)
+	}
+	e.ArrEnd()
+	if _, err := e.WriteTo(w); err != nil {
+		return errors.Wrap(err, "write")
+	}
+
+	return nil
+}
+
+func encodeListScriptsResponse(response []Script, w http.ResponseWriter, span trace.Span) error {
+	w.Header().Set("Content-Type", "application/json; charset=utf-8")
+	w.WriteHeader(200)
+	span.SetStatus(codes.Ok, http.StatusText(200))
+
+	e := new(jx.Encoder)
+	e.ArrStart()
+	for _, elem := range response {
+		elem.Encode(e)
+	}
+	e.ArrEnd()
+	if _, err := e.WriteTo(w); err != nil {
+		return errors.Wrap(err, "write")
+	}
+
+	return nil
+}
+
+func encodeUpdateSubmissionModelResponse(response *UpdateSubmissionModelNoContent, w http.ResponseWriter, span trace.Span) error {
+	w.WriteHeader(204)
+	span.SetStatus(codes.Ok, http.StatusText(204))
+
+	return nil
+}
+
+func encodeErrorResponse(response *ErrorStatusCode, w http.ResponseWriter, span trace.Span) error {
+	w.Header().Set("Content-Type", "application/json; charset=utf-8")
+	code := response.StatusCode
+	if code == 0 {
+		// Set default status code.
+		code = http.StatusOK
+	}
+	w.WriteHeader(code)
+	if st := http.StatusText(code); code >= http.StatusBadRequest {
+		span.SetStatus(codes.Error, st)
+	} else {
+		span.SetStatus(codes.Ok, st)
+	}
+
+	e := new(jx.Encoder)
+	response.Response.Encode(e)
+	if _, err := e.WriteTo(w); err != nil {
+		return errors.Wrap(err, "write")
+	}
+
+	if code >= http.StatusInternalServerError {
+		return errors.Wrapf(ht.ErrInternalServerErrorResponse, "code: %d, message: %s", code, http.StatusText(code))
+	}
+	return nil
+
+}
--- a/pkg/internal/oas_router_gen.go
+++ b/pkg/internal/oas_router_gen.go
@@ -0,0 +1,745 @@
+// Code generated by ogen, DO NOT EDIT.
+
+package api
+
+import (
+	"net/http"
+	"net/url"
+	"strings"
+
+	"github.com/ogen-go/ogen/uri"
+)
+
+func (s *Server) cutPrefix(path string) (string, bool) {
+	prefix := s.cfg.Prefix
+	if prefix == "" {
+		return path, true
+	}
+	if !strings.HasPrefix(path, prefix) {
+		// Prefix doesn't match.
+		return "", false
+	}
+	// Cut prefix from the path.
+	return strings.TrimPrefix(path, prefix), true
+}
+
+// ServeHTTP serves http request as defined by OpenAPI v3 specification,
+// calling handler that matches the path or returning not found error.
+func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) {
+	elem := r.URL.Path
+	elemIsEscaped := false
+	if rawPath := r.URL.RawPath; rawPath != "" {
+		if normalized, ok := uri.NormalizeEscapedPath(rawPath); ok {
+			elem = normalized
+			elemIsEscaped = strings.ContainsRune(elem, '%')
+		}
+	}
+
+	elem, ok := s.cutPrefix(elem)
+	if !ok || len(elem) == 0 {
+		s.notFound(w, r)
+		return
+	}
+	args := [1]string{}
+
+	// Static code generated router with unwrapped path search.
+	switch {
+	default:
+		if len(elem) == 0 {
+			break
+		}
+		switch elem[0] {
+		case '/': // Prefix: "/s"
+			origElem := elem
+			if l := len("/s"); len(elem) >= l && elem[0:l] == "/s" {
+				elem = elem[l:]
+			} else {
+				break
+			}
+
+			if len(elem) == 0 {
+				break
+			}
+			switch elem[0] {
+			case 'c': // Prefix: "cript"
+				origElem := elem
+				if l := len("cript"); len(elem) >= l && elem[0:l] == "cript" {
+					elem = elem[l:]
+				} else {
+					break
+				}
+
+				if len(elem) == 0 {
+					break
+				}
+				switch elem[0] {
+				case '-': // Prefix: "-policy"
+					origElem := elem
+					if l := len("-policy"); len(elem) >= l && elem[0:l] == "-policy" {
+						elem = elem[l:]
+					} else {
+						break
+					}
+
+					if len(elem) == 0 {
+						// Leaf node.
+						switch r.Method {
+						case "GET":
+							s.handleListScriptPolicyRequest([0]string{}, elemIsEscaped, w, r)
+						case "POST":
+							s.handleCreateScriptPolicyRequest([0]string{}, elemIsEscaped, w, r)
+						default:
+							s.notAllowed(w, r, "GET,POST")
+						}
+
+						return
+					}
+
+					elem = origElem
+				case 's': // Prefix: "s"
+					origElem := elem
+					if l := len("s"); len(elem) >= l && elem[0:l] == "s" {
+						elem = elem[l:]
+					} else {
+						break
+					}
+
+					if len(elem) == 0 {
+						switch r.Method {
+						case "GET":
+							s.handleListScriptsRequest([0]string{}, elemIsEscaped, w, r)
+						case "POST":
+							s.handleCreateScriptRequest([0]string{}, elemIsEscaped, w, r)
+						default:
+							s.notAllowed(w, r, "GET,POST")
+						}
+
+						return
+					}
+					switch elem[0] {
+					case '/': // Prefix: "/"
+						origElem := elem
+						if l := len("/"); len(elem) >= l && elem[0:l] == "/" {
+							elem = elem[l:]
+						} else {
+							break
+						}
+
+						// Param: "ScriptID"
+						// Leaf parameter
+						args[0] = elem
+						elem = ""
+
+						if len(elem) == 0 {
+							// Leaf node.
+							switch r.Method {
+							case "GET":
+								s.handleGetScriptRequest([1]string{
+									args[0],
+								}, elemIsEscaped, w, r)
+							default:
+								s.notAllowed(w, r, "GET")
+							}
+
+							return
+						}
+
+						elem = origElem
+					}
+
+					elem = origElem
+				}
+
+				elem = origElem
+			case 'u': // Prefix: "ubmissions/"
+				origElem := elem
+				if l := len("ubmissions/"); len(elem) >= l && elem[0:l] == "ubmissions/" {
+					elem = elem[l:]
+				} else {
+					break
+				}
+
+				// Param: "SubmissionID"
+				// Match until "/"
+				idx := strings.IndexByte(elem, '/')
+				if idx < 0 {
+					idx = len(elem)
+				}
+				args[0] = elem[:idx]
+				elem = elem[idx:]
+
+				if len(elem) == 0 {
+					break
+				}
+				switch elem[0] {
+				case '/': // Prefix: "/"
+					origElem := elem
+					if l := len("/"); len(elem) >= l && elem[0:l] == "/" {
+						elem = elem[l:]
+					} else {
+						break
+					}
+
+					if len(elem) == 0 {
+						break
+					}
+					switch elem[0] {
+					case 'm': // Prefix: "model"
+						origElem := elem
+						if l := len("model"); len(elem) >= l && elem[0:l] == "model" {
+							elem = elem[l:]
+						} else {
+							break
+						}
+
+						if len(elem) == 0 {
+							// Leaf node.
+							switch r.Method {
+							case "POST":
+								s.handleUpdateSubmissionModelRequest([1]string{
+									args[0],
+								}, elemIsEscaped, w, r)
+							default:
+								s.notAllowed(w, r, "POST")
+							}
+
+							return
+						}
+
+						elem = origElem
+					case 's': // Prefix: "status/"
+						origElem := elem
+						if l := len("status/"); len(elem) >= l && elem[0:l] == "status/" {
+							elem = elem[l:]
+						} else {
+							break
+						}
+
+						if len(elem) == 0 {
+							break
+						}
+						switch elem[0] {
+						case 'r': // Prefix: "releaser-released"
+							origElem := elem
+							if l := len("releaser-released"); len(elem) >= l && elem[0:l] == "releaser-released" {
+								elem = elem[l:]
+							} else {
+								break
+							}
+
+							if len(elem) == 0 {
+								// Leaf node.
+								switch r.Method {
+								case "POST":
+									s.handleActionSubmissionReleasedRequest([1]string{
+										args[0],
+									}, elemIsEscaped, w, r)
+								default:
+									s.notAllowed(w, r, "POST")
+								}
+
+								return
+							}
+
+							elem = origElem
+						case 'v': // Prefix: "validator-"
+							origElem := elem
+							if l := len("validator-"); len(elem) >= l && elem[0:l] == "validator-" {
+								elem = elem[l:]
+							} else {
+								break
+							}
+
+							if len(elem) == 0 {
+								break
+							}
+							switch elem[0] {
+							case 'f': // Prefix: "failed"
+								origElem := elem
+								if l := len("failed"); len(elem) >= l && elem[0:l] == "failed" {
+									elem = elem[l:]
+								} else {
+									break
+								}
+
+								if len(elem) == 0 {
+									// Leaf node.
+									switch r.Method {
+									case "POST":
+										s.handleActionSubmissionAcceptedRequest([1]string{
+											args[0],
+										}, elemIsEscaped, w, r)
+									default:
+										s.notAllowed(w, r, "POST")
+									}
+
+									return
+								}
+
+								elem = origElem
+							case 'u': // Prefix: "uploaded"
+								origElem := elem
+								if l := len("uploaded"); len(elem) >= l && elem[0:l] == "uploaded" {
+									elem = elem[l:]
+								} else {
+									break
+								}
+
+								if len(elem) == 0 {
+									// Leaf node.
+									switch r.Method {
+									case "POST":
+										s.handleActionSubmissionUploadedRequest([1]string{
+											args[0],
+										}, elemIsEscaped, w, r)
+									default:
+										s.notAllowed(w, r, "POST")
+									}
+
+									return
+								}
+
+								elem = origElem
+							case 'v': // Prefix: "validated"
+								origElem := elem
+								if l := len("validated"); len(elem) >= l && elem[0:l] == "validated" {
+									elem = elem[l:]
+								} else {
+									break
+								}
+
+								if len(elem) == 0 {
+									// Leaf node.
+									switch r.Method {
+									case "POST":
+										s.handleActionSubmissionValidatedRequest([1]string{
+											args[0],
+										}, elemIsEscaped, w, r)
+									default:
+										s.notAllowed(w, r, "POST")
+									}
+
+									return
+								}
+
+								elem = origElem
+							}
+
+							elem = origElem
+						}
+
+						elem = origElem
+					}
+
+					elem = origElem
+				}
+
+				elem = origElem
+			}
+
+			elem = origElem
+		}
+	}
+	s.notFound(w, r)
+}
+
+// Route is route object.
+type Route struct {
+	name        string
+	summary     string
+	operationID string
+	pathPattern string
+	count       int
+	args        [1]string
+}
+
+// Name returns ogen operation name.
+//
+// It is guaranteed to be unique and not empty.
+func (r Route) Name() string {
+	return r.name
+}
+
+// Summary returns OpenAPI summary.
+func (r Route) Summary() string {
+	return r.summary
+}
+
+// OperationID returns OpenAPI operationId.
+func (r Route) OperationID() string {
+	return r.operationID
+}
+
+// PathPattern returns OpenAPI path.
+func (r Route) PathPattern() string {
+	return r.pathPattern
+}
+
+// Args returns parsed arguments.
+func (r Route) Args() []string {
+	return r.args[:r.count]
+}
+
+// FindRoute finds Route for given method and path.
+//
+// Note: this method does not unescape path or handle reserved characters in path properly. Use FindPath instead.
+func (s *Server) FindRoute(method, path string) (Route, bool) {
+	return s.FindPath(method, &url.URL{Path: path})
+}
+
+// FindPath finds Route for given method and URL.
+func (s *Server) FindPath(method string, u *url.URL) (r Route, _ bool) {
+	var (
+		elem = u.Path
+		args = r.args
+	)
+	if rawPath := u.RawPath; rawPath != "" {
+		if normalized, ok := uri.NormalizeEscapedPath(rawPath); ok {
+			elem = normalized
+		}
+		defer func() {
+			for i, arg := range r.args[:r.count] {
+				if unescaped, err := url.PathUnescape(arg); err == nil {
+					r.args[i] = unescaped
+				}
+			}
+		}()
+	}
+
+	elem, ok := s.cutPrefix(elem)
+	if !ok {
+		return r, false
+	}
+
+	// Static code generated router with unwrapped path search.
+	switch {
+	default:
+		if len(elem) == 0 {
+			break
+		}
+		switch elem[0] {
+		case '/': // Prefix: "/s"
+			origElem := elem
+			if l := len("/s"); len(elem) >= l && elem[0:l] == "/s" {
+				elem = elem[l:]
+			} else {
+				break
+			}
+
+			if len(elem) == 0 {
+				break
+			}
+			switch elem[0] {
+			case 'c': // Prefix: "cript"
+				origElem := elem
+				if l := len("cript"); len(elem) >= l && elem[0:l] == "cript" {
+					elem = elem[l:]
+				} else {
+					break
+				}
+
+				if len(elem) == 0 {
+					break
+				}
+				switch elem[0] {
+				case '-': // Prefix: "-policy"
+					origElem := elem
+					if l := len("-policy"); len(elem) >= l && elem[0:l] == "-policy" {
+						elem = elem[l:]
+					} else {
+						break
+					}
+
+					if len(elem) == 0 {
+						// Leaf node.
+						switch method {
+						case "GET":
+							r.name = ListScriptPolicyOperation
+							r.summary = "Get list of script policies"
+							r.operationID = "listScriptPolicy"
+							r.pathPattern = "/script-policy"
+							r.args = args
+							r.count = 0
+							return r, true
+						case "POST":
+							r.name = CreateScriptPolicyOperation
+							r.summary = "Create a new script policy"
+							r.operationID = "createScriptPolicy"
+							r.pathPattern = "/script-policy"
+							r.args = args
+							r.count = 0
+							return r, true
+						default:
+							return
+						}
+					}
+
+					elem = origElem
+				case 's': // Prefix: "s"
+					origElem := elem
+					if l := len("s"); len(elem) >= l && elem[0:l] == "s" {
+						elem = elem[l:]
+					} else {
+						break
+					}
+
+					if len(elem) == 0 {
+						switch method {
+						case "GET":
+							r.name = ListScriptsOperation
+							r.summary = "Get list of scripts"
+							r.operationID = "listScripts"
+							r.pathPattern = "/scripts"
+							r.args = args
+							r.count = 0
+							return r, true
+						case "POST":
+							r.name = CreateScriptOperation
+							r.summary = "Create a new script"
+							r.operationID = "createScript"
+							r.pathPattern = "/scripts"
+							r.args = args
+							r.count = 0
+							return r, true
+						default:
+							return
+						}
+					}
+					switch elem[0] {
+					case '/': // Prefix: "/"
+						origElem := elem
+						if l := len("/"); len(elem) >= l && elem[0:l] == "/" {
+							elem = elem[l:]
+						} else {
+							break
+						}
+
+						// Param: "ScriptID"
+						// Leaf parameter
+						args[0] = elem
+						elem = ""
+
+						if len(elem) == 0 {
+							// Leaf node.
+							switch method {
+							case "GET":
+								r.name = GetScriptOperation
+								r.summary = "Get the specified script by ID"
+								r.operationID = "getScript"
+								r.pathPattern = "/scripts/{ScriptID}"
+								r.args = args
+								r.count = 1
+								return r, true
+							default:
+								return
+							}
+						}
+
+						elem = origElem
+					}
+
+					elem = origElem
+				}
+
+				elem = origElem
+			case 'u': // Prefix: "ubmissions/"
+				origElem := elem
+				if l := len("ubmissions/"); len(elem) >= l && elem[0:l] == "ubmissions/" {
+					elem = elem[l:]
+				} else {
+					break
+				}
+
+				// Param: "SubmissionID"
+				// Match until "/"
+				idx := strings.IndexByte(elem, '/')
+				if idx < 0 {
+					idx = len(elem)
+				}
+				args[0] = elem[:idx]
+				elem = elem[idx:]
+
+				if len(elem) == 0 {
+					break
+				}
+				switch elem[0] {
+				case '/': // Prefix: "/"
+					origElem := elem
+					if l := len("/"); len(elem) >= l && elem[0:l] == "/" {
+						elem = elem[l:]
+					} else {
+						break
+					}
+
+					if len(elem) == 0 {
+						break
+					}
+					switch elem[0] {
+					case 'm': // Prefix: "model"
+						origElem := elem
+						if l := len("model"); len(elem) >= l && elem[0:l] == "model" {
+							elem = elem[l:]
+						} else {
+							break
+						}
+
+						if len(elem) == 0 {
+							// Leaf node.
+							switch method {
+							case "POST":
+								r.name = UpdateSubmissionModelOperation
+								r.summary = "Update model following role restrictions"
+								r.operationID = "updateSubmissionModel"
+								r.pathPattern = "/submissions/{SubmissionID}/model"
+								r.args = args
+								r.count = 1
+								return r, true
+							default:
+								return
+							}
+						}
+
+						elem = origElem
+					case 's': // Prefix: "status/"
+						origElem := elem
+						if l := len("status/"); len(elem) >= l && elem[0:l] == "status/" {
+							elem = elem[l:]
+						} else {
+							break
+						}
+
+						if len(elem) == 0 {
+							break
+						}
+						switch elem[0] {
+						case 'r': // Prefix: "releaser-released"
+							origElem := elem
+							if l := len("releaser-released"); len(elem) >= l && elem[0:l] == "releaser-released" {
+								elem = elem[l:]
+							} else {
+								break
+							}
+
+							if len(elem) == 0 {
+								// Leaf node.
+								switch method {
+								case "POST":
+									r.name = ActionSubmissionReleasedOperation
+									r.summary = "(Internal endpoint) Role Releaser changes status from releasing -> released"
+									r.operationID = "actionSubmissionReleased"
+									r.pathPattern = "/submissions/{SubmissionID}/status/releaser-released"
+									r.args = args
+									r.count = 1
+									return r, true
+								default:
+									return
+								}
+							}
+
+							elem = origElem
+						case 'v': // Prefix: "validator-"
+							origElem := elem
+							if l := len("validator-"); len(elem) >= l && elem[0:l] == "validator-" {
+								elem = elem[l:]
+							} else {
+								break
+							}
+
+							if len(elem) == 0 {
+								break
+							}
+							switch elem[0] {
+							case 'f': // Prefix: "failed"
+								origElem := elem
+								if l := len("failed"); len(elem) >= l && elem[0:l] == "failed" {
+									elem = elem[l:]
+								} else {
+									break
+								}
+
+								if len(elem) == 0 {
+									// Leaf node.
+									switch method {
+									case "POST":
+										r.name = ActionSubmissionAcceptedOperation
+										r.summary = "(Internal endpoint) Role Validator changes status from Validating -> Accepted"
+										r.operationID = "actionSubmissionAccepted"
+										r.pathPattern = "/submissions/{SubmissionID}/status/validator-failed"
+										r.args = args
+										r.count = 1
+										return r, true
+									default:
+										return
+									}
+								}
+
+								elem = origElem
+							case 'u': // Prefix: "uploaded"
+								origElem := elem
+								if l := len("uploaded"); len(elem) >= l && elem[0:l] == "uploaded" {
+									elem = elem[l:]
+								} else {
+									break
+								}
+
+								if len(elem) == 0 {
+									// Leaf node.
+									switch method {
+									case "POST":
+										r.name = ActionSubmissionUploadedOperation
+										r.summary = "(Internal endpoint) Role Validator changes status from Uploading -> Uploaded"
+										r.operationID = "actionSubmissionUploaded"
+										r.pathPattern = "/submissions/{SubmissionID}/status/validator-uploaded"
+										r.args = args
+										r.count = 1
+										return r, true
+									default:
+										return
+									}
+								}
+
+								elem = origElem
+							case 'v': // Prefix: "validated"
+								origElem := elem
+								if l := len("validated"); len(elem) >= l && elem[0:l] == "validated" {
+									elem = elem[l:]
+								} else {
+									break
+								}
+
+								if len(elem) == 0 {
+									// Leaf node.
+									switch method {
+									case "POST":
+										r.name = ActionSubmissionValidatedOperation
+										r.summary = "(Internal endpoint) Role Validator changes status from Validating -> Validated"
+										r.operationID = "actionSubmissionValidated"
+										r.pathPattern = "/submissions/{SubmissionID}/status/validator-validated"
+										r.args = args
+										r.count = 1
+										return r, true
+									default:
+										return
+									}
+								}
+
+								elem = origElem
+							}
+
+							elem = origElem
+						}
+
+						elem = origElem
+					}
+
+					elem = origElem
+				}
+
+				elem = origElem
+			}
+
+			elem = origElem
+		}
+	}
+	return r, false
+}
--- a/pkg/internal/oas_schemas_gen.go
+++ b/pkg/internal/oas_schemas_gen.go
@@ -0,0 +1,413 @@
+// Code generated by ogen, DO NOT EDIT.
+
+package api
+
+import (
+	"fmt"
+)
+
+func (s *ErrorStatusCode) Error() string {
+	return fmt.Sprintf("code %d: %+v", s.StatusCode, s.Response)
+}
+
+// ActionSubmissionAcceptedNoContent is response for ActionSubmissionAccepted operation.
+type ActionSubmissionAcceptedNoContent struct{}
+
+// ActionSubmissionReleasedNoContent is response for ActionSubmissionReleased operation.
+type ActionSubmissionReleasedNoContent struct{}
+
+// ActionSubmissionUploadedNoContent is response for ActionSubmissionUploaded operation.
+type ActionSubmissionUploadedNoContent struct{}
+
+// ActionSubmissionValidatedNoContent is response for ActionSubmissionValidated operation.
+type ActionSubmissionValidatedNoContent struct{}
+
+// Represents error object.
+// Ref: #/components/schemas/Error
+type Error struct {
+	Code    int64  `json:"code"`
+	Message string `json:"message"`
+}
+
+// GetCode returns the value of Code.
+func (s *Error) GetCode() int64 {
+	return s.Code
+}
+
+// GetMessage returns the value of Message.
+func (s *Error) GetMessage() string {
+	return s.Message
+}
+
+// SetCode sets the value of Code.
+func (s *Error) SetCode(val int64) {
+	s.Code = val
+}
+
+// SetMessage sets the value of Message.
+func (s *Error) SetMessage(val string) {
+	s.Message = val
+}
+
+// ErrorStatusCode wraps Error with StatusCode.
+type ErrorStatusCode struct {
+	StatusCode int
+	Response   Error
+}
+
+// GetStatusCode returns the value of StatusCode.
+func (s *ErrorStatusCode) GetStatusCode() int {
+	return s.StatusCode
+}
+
+// GetResponse returns the value of Response.
+func (s *ErrorStatusCode) GetResponse() Error {
+	return s.Response
+}
+
+// SetStatusCode sets the value of StatusCode.
+func (s *ErrorStatusCode) SetStatusCode(val int) {
+	s.StatusCode = val
+}
+
+// SetResponse sets the value of Response.
+func (s *ErrorStatusCode) SetResponse(val Error) {
+	s.Response = val
+}
+
+// Ref: #/components/schemas/Id
+type ID struct {
+	ID int64 `json:"ID"`
+}
+
+// GetID returns the value of ID.
+func (s *ID) GetID() int64 {
+	return s.ID
+}
+
+// SetID sets the value of ID.
+func (s *ID) SetID(val int64) {
+	s.ID = val
+}
+
+// NewOptInt32 returns new OptInt32 with value set to v.
+func NewOptInt32(v int32) OptInt32 {
+	return OptInt32{
+		Value: v,
+		Set:   true,
+	}
+}
+
+// OptInt32 is optional int32.
+type OptInt32 struct {
+	Value int32
+	Set   bool
+}
+
+// IsSet returns true if OptInt32 was set.
+func (o OptInt32) IsSet() bool { return o.Set }
+
+// Reset unsets value.
+func (o *OptInt32) Reset() {
+	var v int32
+	o.Value = v
+	o.Set = false
+}
+
+// SetTo sets value to v.
+func (o *OptInt32) SetTo(v int32) {
+	o.Set = true
+	o.Value = v
+}
+
+// Get returns value and boolean that denotes whether value was set.
+func (o OptInt32) Get() (v int32, ok bool) {
+	if !o.Set {
+		return v, false
+	}
+	return o.Value, true
+}
+
+// Or returns value if set, or given parameter if does not.
+func (o OptInt32) Or(d int32) int32 {
+	if v, ok := o.Get(); ok {
+		return v
+	}
+	return d
+}
+
+// NewOptInt64 returns new OptInt64 with value set to v.
+func NewOptInt64(v int64) OptInt64 {
+	return OptInt64{
+		Value: v,
+		Set:   true,
+	}
+}
+
+// OptInt64 is optional int64.
+type OptInt64 struct {
+	Value int64
+	Set   bool
+}
+
+// IsSet returns true if OptInt64 was set.
+func (o OptInt64) IsSet() bool { return o.Set }
+
+// Reset unsets value.
+func (o *OptInt64) Reset() {
+	var v int64
+	o.Value = v
+	o.Set = false
+}
+
+// SetTo sets value to v.
+func (o *OptInt64) SetTo(v int64) {
+	o.Set = true
+	o.Value = v
+}
+
+// Get returns value and boolean that denotes whether value was set.
+func (o OptInt64) Get() (v int64, ok bool) {
+	if !o.Set {
+		return v, false
+	}
+	return o.Value, true
+}
+
+// Or returns value if set, or given parameter if does not.
+func (o OptInt64) Or(d int64) int64 {
+	if v, ok := o.Get(); ok {
+		return v
+	}
+	return d
+}
+
+// NewOptString returns new OptString with value set to v.
+func NewOptString(v string) OptString {
+	return OptString{
+		Value: v,
+		Set:   true,
+	}
+}
+
+// OptString is optional string.
+type OptString struct {
+	Value string
+	Set   bool
+}
+
+// IsSet returns true if OptString was set.
+func (o OptString) IsSet() bool { return o.Set }
+
+// Reset unsets value.
+func (o *OptString) Reset() {
+	var v string
+	o.Value = v
+	o.Set = false
+}
+
+// SetTo sets value to v.
+func (o *OptString) SetTo(v string) {
+	o.Set = true
+	o.Value = v
+}
+
+// Get returns value and boolean that denotes whether value was set.
+func (o OptString) Get() (v string, ok bool) {
+	if !o.Set {
+		return v, false
+	}
+	return o.Value, true
+}
+
+// Or returns value if set, or given parameter if does not.
+func (o OptString) Or(d string) string {
+	if v, ok := o.Get(); ok {
+		return v
+	}
+	return d
+}
+
+// Ref: #/components/schemas/Script
+type Script struct {
+	ID           int64  `json:"ID"`
+	Name         string `json:"Name"`
+	Hash         string `json:"Hash"`
+	Source       string `json:"Source"`
+	SubmissionID int64  `json:"SubmissionID"`
+}
+
+// GetID returns the value of ID.
+func (s *Script) GetID() int64 {
+	return s.ID
+}
+
+// GetName returns the value of Name.
+func (s *Script) GetName() string {
+	return s.Name
+}
+
+// GetHash returns the value of Hash.
+func (s *Script) GetHash() string {
+	return s.Hash
+}
+
+// GetSource returns the value of Source.
+func (s *Script) GetSource() string {
+	return s.Source
+}
+
+// GetSubmissionID returns the value of SubmissionID.
+func (s *Script) GetSubmissionID() int64 {
+	return s.SubmissionID
+}
+
+// SetID sets the value of ID.
+func (s *Script) SetID(val int64) {
+	s.ID = val
+}
+
+// SetName sets the value of Name.
+func (s *Script) SetName(val string) {
+	s.Name = val
+}
+
+// SetHash sets the value of Hash.
+func (s *Script) SetHash(val string) {
+	s.Hash = val
+}
+
+// SetSource sets the value of Source.
+func (s *Script) SetSource(val string) {
+	s.Source = val
+}
+
+// SetSubmissionID sets the value of SubmissionID.
+func (s *Script) SetSubmissionID(val int64) {
+	s.SubmissionID = val
+}
+
+// Ref: #/components/schemas/ScriptCreate
+type ScriptCreate struct {
+	Name         string   `json:"Name"`
+	Source       string   `json:"Source"`
+	SubmissionID OptInt64 `json:"SubmissionID"`
+}
+
+// GetName returns the value of Name.
+func (s *ScriptCreate) GetName() string {
+	return s.Name
+}
+
+// GetSource returns the value of Source.
+func (s *ScriptCreate) GetSource() string {
+	return s.Source
+}
+
+// GetSubmissionID returns the value of SubmissionID.
+func (s *ScriptCreate) GetSubmissionID() OptInt64 {
+	return s.SubmissionID
+}
+
+// SetName sets the value of Name.
+func (s *ScriptCreate) SetName(val string) {
+	s.Name = val
+}
+
+// SetSource sets the value of Source.
+func (s *ScriptCreate) SetSource(val string) {
+	s.Source = val
+}
+
+// SetSubmissionID sets the value of SubmissionID.
+func (s *ScriptCreate) SetSubmissionID(val OptInt64) {
+	s.SubmissionID = val
+}
+
+// Ref: #/components/schemas/ScriptPolicy
+type ScriptPolicy struct {
+	ID             int64  `json:"ID"`
+	FromScriptHash string `json:"FromScriptHash"`
+	ToScriptID     int64  `json:"ToScriptID"`
+	Policy         int32  `json:"Policy"`
+}
+
+// GetID returns the value of ID.
+func (s *ScriptPolicy) GetID() int64 {
+	return s.ID
+}
+
+// GetFromScriptHash returns the value of FromScriptHash.
+func (s *ScriptPolicy) GetFromScriptHash() string {
+	return s.FromScriptHash
+}
+
+// GetToScriptID returns the value of ToScriptID.
+func (s *ScriptPolicy) GetToScriptID() int64 {
+	return s.ToScriptID
+}
+
+// GetPolicy returns the value of Policy.
+func (s *ScriptPolicy) GetPolicy() int32 {
+	return s.Policy
+}
+
+// SetID sets the value of ID.
+func (s *ScriptPolicy) SetID(val int64) {
+	s.ID = val
+}
+
+// SetFromScriptHash sets the value of FromScriptHash.
+func (s *ScriptPolicy) SetFromScriptHash(val string) {
+	s.FromScriptHash = val
+}
+
+// SetToScriptID sets the value of ToScriptID.
+func (s *ScriptPolicy) SetToScriptID(val int64) {
+	s.ToScriptID = val
+}
+
+// SetPolicy sets the value of Policy.
+func (s *ScriptPolicy) SetPolicy(val int32) {
+	s.Policy = val
+}
+
+// Ref: #/components/schemas/ScriptPolicyCreate
+type ScriptPolicyCreate struct {
+	FromScriptID int64 `json:"FromScriptID"`
+	ToScriptID   int64 `json:"ToScriptID"`
+	Policy       int32 `json:"Policy"`
+}
+
+// GetFromScriptID returns the value of FromScriptID.
+func (s *ScriptPolicyCreate) GetFromScriptID() int64 {
+	return s.FromScriptID
+}
+
+// GetToScriptID returns the value of ToScriptID.
+func (s *ScriptPolicyCreate) GetToScriptID() int64 {
+	return s.ToScriptID
+}
+
+// GetPolicy returns the value of Policy.
+func (s *ScriptPolicyCreate) GetPolicy() int32 {
+	return s.Policy
+}
+
+// SetFromScriptID sets the value of FromScriptID.
+func (s *ScriptPolicyCreate) SetFromScriptID(val int64) {
+	s.FromScriptID = val
+}
+
+// SetToScriptID sets the value of ToScriptID.
+func (s *ScriptPolicyCreate) SetToScriptID(val int64) {
+	s.ToScriptID = val
+}
+
+// SetPolicy sets the value of Policy.
+func (s *ScriptPolicyCreate) SetPolicy(val int32) {
+	s.Policy = val
+}
+
+// UpdateSubmissionModelNoContent is response for UpdateSubmissionModel operation.
+type UpdateSubmissionModelNoContent struct{}
--- a/pkg/internal/oas_server_gen.go
+++ b/pkg/internal/oas_server_gen.go
@@ -0,0 +1,94 @@
+// Code generated by ogen, DO NOT EDIT.
+
+package api
+
+import (
+	"context"
+)
+
+// Handler handles operations described by OpenAPI v3 specification.
+type Handler interface {
+	// ActionSubmissionAccepted implements actionSubmissionAccepted operation.
+	//
+	// (Internal endpoint) Role Validator changes status from Validating -> Accepted.
+	//
+	// POST /submissions/{SubmissionID}/status/validator-failed
+	ActionSubmissionAccepted(ctx context.Context, params ActionSubmissionAcceptedParams) error
+	// ActionSubmissionReleased implements actionSubmissionReleased operation.
+	//
+	// (Internal endpoint) Role Releaser changes status from releasing -> released.
+	//
+	// POST /submissions/{SubmissionID}/status/releaser-released
+	ActionSubmissionReleased(ctx context.Context, params ActionSubmissionReleasedParams) error
+	// ActionSubmissionUploaded implements actionSubmissionUploaded operation.
+	//
+	// (Internal endpoint) Role Validator changes status from Uploading -> Uploaded.
+	//
+	// POST /submissions/{SubmissionID}/status/validator-uploaded
+	ActionSubmissionUploaded(ctx context.Context, params ActionSubmissionUploadedParams) error
+	// ActionSubmissionValidated implements actionSubmissionValidated operation.
+	//
+	// (Internal endpoint) Role Validator changes status from Validating -> Validated.
+	//
+	// POST /submissions/{SubmissionID}/status/validator-validated
+	ActionSubmissionValidated(ctx context.Context, params ActionSubmissionValidatedParams) error
+	// CreateScript implements createScript operation.
+	//
+	// Create a new script.
+	//
+	// POST /scripts
+	CreateScript(ctx context.Context, req *ScriptCreate) (*ID, error)
+	// CreateScriptPolicy implements createScriptPolicy operation.
+	//
+	// Create a new script policy.
+	//
+	// POST /script-policy
+	CreateScriptPolicy(ctx context.Context, req *ScriptPolicyCreate) (*ID, error)
+	// GetScript implements getScript operation.
+	//
+	// Get the specified script by ID.
+	//
+	// GET /scripts/{ScriptID}
+	GetScript(ctx context.Context, params GetScriptParams) (*Script, error)
+	// ListScriptPolicy implements listScriptPolicy operation.
+	//
+	// Get list of script policies.
+	//
+	// GET /script-policy
+	ListScriptPolicy(ctx context.Context, params ListScriptPolicyParams) ([]ScriptPolicy, error)
+	// ListScripts implements listScripts operation.
+	//
+	// Get list of scripts.
+	//
+	// GET /scripts
+	ListScripts(ctx context.Context, params ListScriptsParams) ([]Script, error)
+	// UpdateSubmissionModel implements updateSubmissionModel operation.
+	//
+	// Update model following role restrictions.
+	//
+	// POST /submissions/{SubmissionID}/model
+	UpdateSubmissionModel(ctx context.Context, params UpdateSubmissionModelParams) error
+	// NewError creates *ErrorStatusCode from error returned by handler.
+	//
+	// Used for common default response.
+	NewError(ctx context.Context, err error) *ErrorStatusCode
+}
+
+// Server implements http server based on OpenAPI v3 specification and
+// calls Handler to handle requests.
+type Server struct {
+	h Handler
+	baseServer
+}
+
+// NewServer creates new Server.
+func NewServer(h Handler, opts ...ServerOption) (*Server, error) {
+	s, err := newServerConfig(opts...).baseServer()
+	if err != nil {
+		return nil, err
+	}
+	return &Server{
+		h:          h,
+		baseServer: s,
+	}, nil
+}
--- a/pkg/internal/oas_unimplemented_gen.go
+++ b/pkg/internal/oas_unimplemented_gen.go
@@ -0,0 +1,112 @@
+// Code generated by ogen, DO NOT EDIT.
+
+package api
+
+import (
+	"context"
+
+	ht "github.com/ogen-go/ogen/http"
+)
+
+// UnimplementedHandler is no-op Handler which returns http.ErrNotImplemented.
+type UnimplementedHandler struct{}
+
+var _ Handler = UnimplementedHandler{}
+
+// ActionSubmissionAccepted implements actionSubmissionAccepted operation.
+//
+// (Internal endpoint) Role Validator changes status from Validating -> Accepted.
+//
+// POST /submissions/{SubmissionID}/status/validator-failed
+func (UnimplementedHandler) ActionSubmissionAccepted(ctx context.Context, params ActionSubmissionAcceptedParams) error {
+	return ht.ErrNotImplemented
+}
+
+// ActionSubmissionReleased implements actionSubmissionReleased operation.
+//
+// (Internal endpoint) Role Releaser changes status from releasing -> released.
+//
+// POST /submissions/{SubmissionID}/status/releaser-released
+func (UnimplementedHandler) ActionSubmissionReleased(ctx context.Context, params ActionSubmissionReleasedParams) error {
+	return ht.ErrNotImplemented
+}
+
+// ActionSubmissionUploaded implements actionSubmissionUploaded operation.
+//
+// (Internal endpoint) Role Validator changes status from Uploading -> Uploaded.
+//
+// POST /submissions/{SubmissionID}/status/validator-uploaded
+func (UnimplementedHandler) ActionSubmissionUploaded(ctx context.Context, params ActionSubmissionUploadedParams) error {
+	return ht.ErrNotImplemented
+}
+
+// ActionSubmissionValidated implements actionSubmissionValidated operation.
+//
+// (Internal endpoint) Role Validator changes status from Validating -> Validated.
+//
+// POST /submissions/{SubmissionID}/status/validator-validated
+func (UnimplementedHandler) ActionSubmissionValidated(ctx context.Context, params ActionSubmissionValidatedParams) error {
+	return ht.ErrNotImplemented
+}
+
+// CreateScript implements createScript operation.
+//
+// Create a new script.
+//
+// POST /scripts
+func (UnimplementedHandler) CreateScript(ctx context.Context, req *ScriptCreate) (r *ID, _ error) {
+	return r, ht.ErrNotImplemented
+}
+
+// CreateScriptPolicy implements createScriptPolicy operation.
+//
+// Create a new script policy.
+//
+// POST /script-policy
+func (UnimplementedHandler) CreateScriptPolicy(ctx context.Context, req *ScriptPolicyCreate) (r *ID, _ error) {
+	return r, ht.ErrNotImplemented
+}
+
+// GetScript implements getScript operation.
+//
+// Get the specified script by ID.
+//
+// GET /scripts/{ScriptID}
+func (UnimplementedHandler) GetScript(ctx context.Context, params GetScriptParams) (r *Script, _ error) {
+	return r, ht.ErrNotImplemented
+}
+
+// ListScriptPolicy implements listScriptPolicy operation.
+//
+// Get list of script policies.
+//
+// GET /script-policy
+func (UnimplementedHandler) ListScriptPolicy(ctx context.Context, params ListScriptPolicyParams) (r []ScriptPolicy, _ error) {
+	return r, ht.ErrNotImplemented
+}
+
+// ListScripts implements listScripts operation.
+//
+// Get list of scripts.
+//
+// GET /scripts
+func (UnimplementedHandler) ListScripts(ctx context.Context, params ListScriptsParams) (r []Script, _ error) {
+	return r, ht.ErrNotImplemented
+}
+
+// UpdateSubmissionModel implements updateSubmissionModel operation.
+//
+// Update model following role restrictions.
+//
+// POST /submissions/{SubmissionID}/model
+func (UnimplementedHandler) UpdateSubmissionModel(ctx context.Context, params UpdateSubmissionModelParams) error {
+	return ht.ErrNotImplemented
+}
+
+// NewError creates *ErrorStatusCode from error returned by handler.
+//
+// Used for common default response.
+func (UnimplementedHandler) NewError(ctx context.Context, err error) (r *ErrorStatusCode) {
+	r = new(ErrorStatusCode)
+	return r
+}
--- a/pkg/internal/oas_validators_gen.go
+++ b/pkg/internal/oas_validators_gen.go
@@ -0,0 +1,159 @@
+// Code generated by ogen, DO NOT EDIT.
+
+package api
+
+import (
+	"github.com/go-faster/errors"
+
+	"github.com/ogen-go/ogen/validate"
+)
+
+func (s *Script) Validate() error {
+	if s == nil {
+		return validate.ErrNilPointer
+	}
+
+	var failures []validate.FieldError
+	if err := func() error {
+		if err := (validate.String{
+			MinLength:    0,
+			MinLengthSet: false,
+			MaxLength:    128,
+			MaxLengthSet: true,
+			Email:        false,
+			Hostname:     false,
+			Regex:        nil,
+		}).Validate(string(s.Name)); err != nil {
+			return errors.Wrap(err, "string")
+		}
+		return nil
+	}(); err != nil {
+		failures = append(failures, validate.FieldError{
+			Name:  "Name",
+			Error: err,
+		})
+	}
+	if err := func() error {
+		if err := (validate.String{
+			MinLength:    16,
+			MinLengthSet: true,
+			MaxLength:    16,
+			MaxLengthSet: true,
+			Email:        false,
+			Hostname:     false,
+			Regex:        nil,
+		}).Validate(string(s.Hash)); err != nil {
+			return errors.Wrap(err, "string")
+		}
+		return nil
+	}(); err != nil {
+		failures = append(failures, validate.FieldError{
+			Name:  "Hash",
+			Error: err,
+		})
+	}
+	if err := func() error {
+		if err := (validate.String{
+			MinLength:    0,
+			MinLengthSet: false,
+			MaxLength:    1048576,
+			MaxLengthSet: true,
+			Email:        false,
+			Hostname:     false,
+			Regex:        nil,
+		}).Validate(string(s.Source)); err != nil {
+			return errors.Wrap(err, "string")
+		}
+		return nil
+	}(); err != nil {
+		failures = append(failures, validate.FieldError{
+			Name:  "Source",
+			Error: err,
+		})
+	}
+	if len(failures) > 0 {
+		return &validate.Error{Fields: failures}
+	}
+	return nil
+}
+
+func (s *ScriptCreate) Validate() error {
+	if s == nil {
+		return validate.ErrNilPointer
+	}
+
+	var failures []validate.FieldError
+	if err := func() error {
+		if err := (validate.String{
+			MinLength:    0,
+			MinLengthSet: false,
+			MaxLength:    128,
+			MaxLengthSet: true,
+			Email:        false,
+			Hostname:     false,
+			Regex:        nil,
+		}).Validate(string(s.Name)); err != nil {
+			return errors.Wrap(err, "string")
+		}
+		return nil
+	}(); err != nil {
+		failures = append(failures, validate.FieldError{
+			Name:  "Name",
+			Error: err,
+		})
+	}
+	if err := func() error {
+		if err := (validate.String{
+			MinLength:    0,
+			MinLengthSet: false,
+			MaxLength:    1048576,
+			MaxLengthSet: true,
+			Email:        false,
+			Hostname:     false,
+			Regex:        nil,
+		}).Validate(string(s.Source)); err != nil {
+			return errors.Wrap(err, "string")
+		}
+		return nil
+	}(); err != nil {
+		failures = append(failures, validate.FieldError{
+			Name:  "Source",
+			Error: err,
+		})
+	}
+	if len(failures) > 0 {
+		return &validate.Error{Fields: failures}
+	}
+	return nil
+}
+
+func (s *ScriptPolicy) Validate() error {
+	if s == nil {
+		return validate.ErrNilPointer
+	}
+
+	var failures []validate.FieldError
+	if err := func() error {
+		if err := (validate.String{
+			MinLength:    16,
+			MinLengthSet: true,
+			MaxLength:    16,
+			MaxLengthSet: true,
+			Email:        false,
+			Hostname:     false,
+			Regex:        nil,
+		}).Validate(string(s.FromScriptHash)); err != nil {
+			return errors.Wrap(err, "string")
+		}
+		return nil
+	}(); err != nil {
+		failures = append(failures, validate.FieldError{
+			Name:  "FromScriptHash",
+			Error: err,
+		})
+	}
+	if len(failures) > 0 {
+		return &validate.Error{Fields: failures}
+	}
+	return nil
+}
--- a/pkg/model/nats.go
+++ b/pkg/model/nats.go
@@ -0,0 +1,29 @@
+package model
+
+// These represent the information needed in the nats message
+// to perform the operation, they are encoded to json
+
+// Requests are sent from maps-service to validator
+
+type ValidateRequest struct {
+	// submission_id is passed back in the response message
+	SubmissionID     int64
+	ModelID          int64
+	ModelVersion     int64
+	ValidatedModelID int64 // optional value
+}
+
+// Create a new map
+type PublishNewRequest struct {
+	SubmissionID int64
+	ModelID      int64
+	ModelVersion int64
+	ModelName    string
+}
+
+type PublishFixRequest struct {
+	SubmissionID  int64
+	ModelID       int64
+	ModelVersion  int64
+	TargetAssetID int64
+}
--- a/internal/model/page.go
+++ b/internal/model/page.go
--- a/pkg/model/policy.go
+++ b/pkg/model/policy.go
@@ -0,0 +1,28 @@
+package model
+
+import "time"
+
+type Policy int32
+
+const (
+	ScriptPolicyNone    Policy = 0 // not yet reviewed
+	ScriptPolicyAllowed Policy = 1
+	ScriptPolicyBlocked Policy = 2
+	ScriptPolicyDelete  Policy = 3
+	ScriptPolicyReplace Policy = 4
+)
+
+type ScriptPolicy struct {
+	ID int64 `gorm:"primaryKey"`
+	// Hash of the source code that leads to this policy.
+	// If this is a replacement mapping, the original source may not be pointed to by any policy.
+	// The original source should still exist in the scripts table, which can be located by the same hash.
+	FromScriptHash int64 // postgres does not support unsigned integers, so we have to pretend
+	// The ID of the replacement source (ScriptPolicyReplace)
+	// or verbatim source (ScriptPolicyAllowed)
+	// or 0 (other)
+	ToScriptID int64
+	Policy     Policy
+	CreatedAt  time.Time
+	UpdatedAt  time.Time
+}
--- a/pkg/model/script.go
+++ b/pkg/model/script.go
@@ -0,0 +1,34 @@
+package model
+
+import (
+	"fmt"
+	"strconv"
+	"time"
+
+	"github.com/dchest/siphash"
+)
+
+// compute the hash of a source code string
+func HashSource(source string) uint64{
+	return siphash.Hash(0, 0, []byte(source))
+}
+
+// format a hash value as a hexidecimal string
+func HashFormat(hash uint64) string{
+	return fmt.Sprintf("%016x", hash)
+}
+
+// parse a hexidecimal hash string
+func HashParse(hash string) (uint64, error){
+	return strconv.ParseUint(hash, 16, 64)
+}
+
+type Script struct {
+	ID           int64 `gorm:"primaryKey"`
+	Name         string
+	Hash         int64 // postgres does not support unsigned integers, so we have to pretend
+	Source       string
+	SubmissionID int64 // which submission did this script first appear in
+	CreatedAt    time.Time
+	UpdatedAt    time.Time
+}
--- a/pkg/model/submission.go
+++ b/pkg/model/submission.go
@@ -0,0 +1,38 @@
+package model
+
+import "time"
+
+type Status int32
+
+const (
+	// Phase: Final Status
+	StatusReleased  Status = 9
+	StatusRejected  Status = 8
+
+	// Phase: Testing
+	StatusUploaded   Status = 7 // uploaded to the group, but pending release
+	StatusUploading  Status = 6
+	StatusValidated  Status = 5
+	StatusValidating Status = 4
+	StatusAccepted   Status = 3 // pending script review, can re-trigger validation
+
+	// Phase: Creation
+	StatusChangesRequested  Status = 2
+	StatusSubmitted         Status = 1
+	StatusUnderConstruction Status = 0
+)
+
+type Submission struct {
+	ID            int64 `gorm:"primaryKey"`
+	DisplayName   string
+	Creator       string
+	GameID        int32
+	CreatedAt     time.Time
+	UpdatedAt     time.Time
+	Submitter     int64 // UserID
+	AssetID       int64
+	AssetVersion  int64
+	Completed     bool   // Has this version of the map been completed at least once on maptest
+	TargetAssetID int64 // where to upload map fix.  if the TargetAssetID is 0, it's a new map.
+	StatusID      Status
+}
--- a/pkg/service/script_policy.go
+++ b/pkg/service/script_policy.go
@@ -0,0 +1,166 @@
+package service
+
+import (
+	"context"
+
+	"git.itzana.me/strafesnet/maps-service/pkg/api"
+	"git.itzana.me/strafesnet/maps-service/pkg/datastore"
+	"git.itzana.me/strafesnet/maps-service/pkg/model"
+)
+
+// CreateScriptPolicy implements createScriptPolicy operation.
+//
+// Create a new script policy.
+//
+// POST /script-policy
+func (svc *Service) CreateScriptPolicy(ctx context.Context, req *api.ScriptPolicyCreate) (*api.ID, error) {
+	userInfo, ok := ctx.Value("UserInfo").(UserInfo)
+	if !ok {
+		return nil, ErrUserInfo
+	}
+
+	if !userInfo.Roles.ScriptWrite {
+		return nil, ErrPermissionDenied
+	}
+
+	from_script, err := svc.DB.Scripts().Get(ctx, req.FromScriptID)
+	if err != nil {
+		return nil, err
+	}
+
+	// the existence of ToScriptID does not need to be validated because it's checked by a foreign key constraint.
+
+	script, err := svc.DB.ScriptPolicy().Create(ctx, model.ScriptPolicy{
+		ID:             0,
+		FromScriptHash: from_script.Hash,
+		ToScriptID:     req.ToScriptID,
+		Policy:         model.Policy(req.Policy),
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	return &api.ID{
+		ID: script.ID,
+	}, nil
+}
+
+
+// ListScriptPolicy implements listScriptPolicy operation.
+//
+// Get list of script policies.
+//
+// GET /script-policy
+func (svc *Service) ListScriptPolicy(ctx context.Context, params api.ListScriptPolicyParams) ([]api.ScriptPolicy, error) {
+	filter := datastore.Optional()
+
+	if params.FromScriptHash.IsSet(){
+		hash, err := model.HashParse(params.FromScriptHash.Value)
+		if err != nil {
+			return nil, err
+		}
+		filter.AddNotNil("from_script_hash", int64(hash)) // No type safety!
+	}
+	if params.ToScriptID.IsSet(){
+		filter.AddNotNil("to_script_id", params.ToScriptID.Value)
+	}
+	if params.Policy.IsSet(){
+		filter.AddNotNil("policy", params.Policy.Value)
+	}
+
+	items, err := svc.DB.ScriptPolicy().List(ctx, filter, model.Page{
+		Number: params.Page,
+		Size:   params.Limit,
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	var resp []api.ScriptPolicy
+	for i := 0; i < len(items); i++ {
+		resp = append(resp, api.ScriptPolicy{
+			ID:             items[i].ID,
+			FromScriptHash: model.HashFormat(uint64(items[i].FromScriptHash)),
+			ToScriptID:     items[i].ToScriptID,
+			Policy:         int32(items[i].Policy),
+		})
+	}
+
+	return resp, nil
+}
+
+// DeleteScriptPolicy implements deleteScriptPolicy operation.
+//
+// Delete the specified script policy by ID.
+//
+// DELETE /script-policy/{ScriptPolicyID}
+func (svc *Service) DeleteScriptPolicy(ctx context.Context, params api.DeleteScriptPolicyParams) error {
+	userInfo, ok := ctx.Value("UserInfo").(UserInfo)
+	if !ok {
+		return ErrUserInfo
+	}
+
+	if !userInfo.Roles.ScriptWrite {
+		return ErrPermissionDenied
+	}
+
+	return svc.DB.ScriptPolicy().Delete(ctx, params.ScriptPolicyID)
+}
+
+// GetScriptPolicy implements getScriptPolicy operation.
+//
+// Get the specified script policy by ID.
+//
+// GET /script-policy/{ScriptPolicyID}
+func (svc *Service) GetScriptPolicy(ctx context.Context, params api.GetScriptPolicyParams) (*api.ScriptPolicy, error) {
+	_, ok := ctx.Value("UserInfo").(UserInfo)
+	if !ok {
+		return nil, ErrUserInfo
+	}
+
+	// Read permission for script policy only requires you to be logged in
+
+	policy, err := svc.DB.ScriptPolicy().Get(ctx, params.ScriptPolicyID)
+	if err != nil {
+		return nil, err
+	}
+
+	return &api.ScriptPolicy{
+		ID:             policy.ID,
+		FromScriptHash: model.HashFormat(uint64(policy.FromScriptHash)),
+		ToScriptID:     policy.ToScriptID,
+		Policy:         int32(policy.Policy),
+	}, nil
+}
+
+// UpdateScriptPolicy implements updateScriptPolicy operation.
+//
+// Update the specified script policy by ID.
+//
+// POST /script-policy/{ScriptPolicyID}
+func (svc *Service) UpdateScriptPolicy(ctx context.Context, req *api.ScriptPolicyUpdate, params api.UpdateScriptPolicyParams) error {
+	userInfo, ok := ctx.Value("UserInfo").(UserInfo)
+	if !ok {
+		return ErrUserInfo
+	}
+
+	if !userInfo.Roles.ScriptWrite {
+		return ErrPermissionDenied
+	}
+
+	pmap := datastore.Optional()
+	if from_script_id, ok := req.FromScriptID.Get(); ok {
+		from_script, err := svc.DB.Scripts().Get(ctx, from_script_id)
+		if err != nil {
+			return err
+		}
+		pmap.Add("from_script_hash", from_script.Hash)
+	}
+	if to_script_id, ok := req.ToScriptID.Get(); ok {
+		pmap.Add("to_script_id", to_script_id)
+	}
+	if policy, ok := req.Policy.Get(); ok {
+		pmap.Add("policy", policy)
+	}
+	return svc.DB.ScriptPolicy().Update(ctx, req.ID, pmap)
+}
--- a/pkg/service/scripts.go
+++ b/pkg/service/scripts.go
@@ -0,0 +1,160 @@
+package service
+
+import (
+	"context"
+
+	"git.itzana.me/strafesnet/maps-service/pkg/api"
+	"git.itzana.me/strafesnet/maps-service/pkg/datastore"
+	"git.itzana.me/strafesnet/maps-service/pkg/model"
+)
+
+// CreateScript implements createScript operation.
+//
+// Create a new script.
+//
+// POST /scripts
+func (svc *Service) CreateScript(ctx context.Context, req *api.ScriptCreate) (*api.ID, error) {
+	userInfo, ok := ctx.Value("UserInfo").(UserInfo)
+	if !ok {
+		return nil, ErrUserInfo
+	}
+
+	if !userInfo.Roles.ScriptWrite {
+		return nil, ErrPermissionDenied
+	}
+
+	script, err := svc.DB.Scripts().Create(ctx, model.Script{
+		ID:           0,
+		Name:         req.Name,
+		Hash:         int64(model.HashSource(req.Source)),
+		Source:       req.Source,
+		SubmissionID: req.SubmissionID.Or(0),
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	return &api.ID{
+		ID: script.ID,
+	}, nil
+}
+
+// ListScripts implements listScripts operation.
+//
+// Get list of scripts.
+//
+// GET /scripts
+func (svc *Service) ListScripts(ctx context.Context, params api.ListScriptsParams) ([]api.Script, error) {
+	filter := datastore.Optional()
+
+	if params.Hash.IsSet(){
+		hash, err := model.HashParse(params.Hash.Value)
+		if err != nil {
+			return nil, err
+		}
+		filter.AddNotNil("hash", int64(hash)) // No type safety!
+	}
+	if params.Name.IsSet(){
+		filter.AddNotNil("name", params.Name.Value)
+	}
+	if params.Source.IsSet(){
+		filter.AddNotNil("source", params.Source.Value)
+	}
+	if params.SubmissionID.IsSet(){
+		filter.AddNotNil("submission_id", params.SubmissionID.Value)
+	}
+
+	items, err := svc.DB.Scripts().List(ctx, filter, model.Page{
+		Number: params.Page,
+		Size:   params.Limit,
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	var resp []api.Script
+	for i := 0; i < len(items); i++ {
+		resp = append(resp, api.Script{
+			ID:           items[i].ID,
+			Hash:         model.HashFormat(uint64(items[i].Hash)),
+			Source:       items[i].Source,
+			SubmissionID: items[i].SubmissionID,
+		})
+	}
+
+	return resp, nil
+}
+
+// DeleteScript implements deleteScript operation.
+//
+// Delete the specified script by ID.
+//
+// DELETE /scripts/{ScriptID}
+func (svc *Service) DeleteScript(ctx context.Context, params api.DeleteScriptParams) error {
+	userInfo, ok := ctx.Value("UserInfo").(UserInfo)
+	if !ok {
+		return ErrUserInfo
+	}
+
+	if !userInfo.Roles.ScriptWrite {
+		return ErrPermissionDenied
+	}
+
+	return svc.DB.Scripts().Delete(ctx, params.ScriptID)
+}
+
+// GetScript implements getScript operation.
+//
+// Get the specified script by ID.
+//
+// GET /scripts/{ScriptID}
+func (svc *Service) GetScript(ctx context.Context, params api.GetScriptParams) (*api.Script, error) {
+	_, ok := ctx.Value("UserInfo").(UserInfo)
+	if !ok {
+		return nil, ErrUserInfo
+	}
+
+	// Read permission for scripts only requires you to be logged in
+
+	script, err := svc.DB.Scripts().Get(ctx, params.ScriptID)
+	if err != nil {
+		return nil, err
+	}
+
+	return &api.Script{
+		ID:           script.ID,
+		Name:         script.Name,
+		Hash:         model.HashFormat(uint64(script.Hash)),
+		Source:       script.Source,
+		SubmissionID: script.SubmissionID,
+	}, nil
+}
+
+// UpdateScript implements updateScript operation.
+//
+// Update the specified script by ID.
+//
+// PATCH /scripts/{ScriptID}
+func (svc *Service) UpdateScript(ctx context.Context, req *api.ScriptUpdate, params api.UpdateScriptParams) error {
+	userInfo, ok := ctx.Value("UserInfo").(UserInfo)
+	if !ok {
+		return ErrUserInfo
+	}
+
+	if !userInfo.Roles.ScriptWrite {
+		return ErrPermissionDenied
+	}
+
+	pmap := datastore.Optional()
+	if Name, ok := req.Name.Get(); ok {
+		pmap.Add("name", Name)
+	}
+	if source, ok := req.Source.Get(); ok {
+		pmap.Add("source", source)
+		pmap.Add("hash", int64(model.HashSource(source))) // No type safety!
+	}
+	if SubmissionID, ok := req.SubmissionID.Get(); ok {
+		pmap.Add("submission_id", SubmissionID)
+	}
+	return svc.DB.Scripts().Update(ctx, req.ID, pmap)
+}
--- a/pkg/service/security.go
+++ b/pkg/service/security.go
@@ -0,0 +1,102 @@
+package service
+
+import (
+	"context"
+	"errors"
+	"git.itzana.me/strafesnet/go-grpc/auth"
+	"git.itzana.me/strafesnet/maps-service/pkg/api"
+)
+
+var (
+	// ErrMissingSessionID there is no session id
+	ErrMissingSessionID = errors.New("SessionID missing")
+	// ErrInvalidSession caller does not have a valid session
+	ErrInvalidSession = errors.New("Session invalid")
+)
+
+var (
+	// has ScriptWrite
+	RoleQuat int32 = 255
+	// has SubmissionPublish
+	RoleMapAdmin int32 = 128
+	// has SubmissionReview
+	RoleMapCouncil int32 = 64
+)
+
+type Roles struct {
+	// human roles
+	SubmissionRelease bool
+	SubmissionReview  bool
+	ScriptWrite       bool
+	// Thumbnail bool
+	// MapDownload
+
+	// automated roles
+	Maptest   bool
+}
+
+type UserInfo struct {
+	Roles  Roles
+	UserID uint64
+}
+
+func (usr UserInfo) IsSubmitter(submitter uint64) bool {
+	return usr.UserID == submitter
+}
+
+type SecurityHandler struct {
+	Client auth.AuthServiceClient
+}
+
+func (svc SecurityHandler) HandleCookieAuth(ctx context.Context, operationName api.OperationName, t api.CookieAuth) (context.Context, error) {
+	sessionId := t.GetAPIKey()
+	if sessionId == "" {
+		return nil, ErrMissingSessionID
+	}
+
+	session, err := svc.Client.GetSessionUser(ctx, &auth.IdMessage{
+		SessionID: sessionId,
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	role, err := svc.Client.GetGroupRole(ctx, &auth.IdMessage{
+		SessionID: sessionId,
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	validate, err := svc.Client.ValidateSession(ctx, &auth.IdMessage{
+		SessionID: sessionId,
+	})
+	if err != nil {
+		return nil, err
+	}
+	if !validate.Valid {
+		return nil, ErrInvalidSession
+	}
+
+	roles := Roles{}
+
+	// fix this when roblox udpates group roles
+	for _, r := range role.Roles {
+		if RoleQuat <= r.Rank {
+			roles.ScriptWrite = true
+		}
+		if RoleMapAdmin <= r.Rank {
+			roles.SubmissionRelease = true
+		}
+		if RoleMapCouncil <= r.Rank {
+			roles.SubmissionReview = true
+		}
+	}
+
+	newCtx := context.WithValue(ctx, "UserInfo", UserInfo{
+		Roles:  roles,
+		UserID: session.UserID,
+	})
+
+	return newCtx, nil
+}
--- a/pkg/service/service.go
+++ b/pkg/service/service.go
@@ -0,0 +1,44 @@
+package service
+
+import (
+	"context"
+	"errors"
+	"git.itzana.me/strafesnet/maps-service/pkg/api"
+	"git.itzana.me/strafesnet/maps-service/pkg/datastore"
+	"github.com/nats-io/nats.go"
+)
+
+var (
+	// ErrPermissionDenied caller does not have the required role
+	ErrPermissionDenied = errors.New("Permission denied")
+	// ErrUserInfo user info is missing for some reason
+	ErrUserInfo = errors.New("Missing user info")
+)
+
+type Service struct {
+	DB   datastore.Datastore
+	Nats nats.JetStreamContext
+}
+
+// NewError creates *ErrorStatusCode from error returned by handler.
+//
+// Used for common default response.
+func (svc *Service) NewError(ctx context.Context, err error) *api.ErrorStatusCode {
+	status := 500
+	if errors.Is(err, datastore.ErrNotExist) {
+		status = 404
+	}
+	if errors.Is(err, ErrPermissionDenied) {
+		status = 403
+	}
+	if errors.Is(err, ErrUserInfo) {
+		status = 401
+	}
+	return &api.ErrorStatusCode{
+		StatusCode: status,
+		Response: api.Error{
+			Code:    int64(status),
+			Message: err.Error(),
+		},
+	}
+}
--- a/pkg/service/submissions.go
+++ b/pkg/service/submissions.go
@@ -0,0 +1,446 @@
+package service
+
+import (
+	"context"
+	"encoding/json"
+	"errors"
+
+	"git.itzana.me/strafesnet/maps-service/pkg/api"
+	"git.itzana.me/strafesnet/maps-service/pkg/datastore"
+	"git.itzana.me/strafesnet/maps-service/pkg/model"
+)
+
+var(
+	CreationPhaseSubmissionsLimit = 20
+	CreationPhaseSubmissionStatuses = []model.Status{
+		model.StatusChangesRequested,
+		model.StatusSubmitted,
+		model.StatusUnderConstruction,
+	}
+	ActiveSubmissionStatuses = []model.Status{
+		model.StatusUploaded,
+		model.StatusUploading,
+		model.StatusValidated,
+		model.StatusValidating,
+		model.StatusAccepted,
+		model.StatusChangesRequested,
+		model.StatusSubmitted,
+		model.StatusUnderConstruction,
+	}
+)
+
+var (
+	ErrCreationPhaseSubmissionsLimit = errors.New("Active submissions limited to 20")
+	ErrActiveSubmissionSameAssetID = errors.New("There is an active submission with the same AssetID")
+	ErrActiveSubmissionSameTargetAssetID = errors.New("There is an active submission with the same TargetAssetID")
+)
+
+// POST /submissions
+func (svc *Service) CreateSubmission(ctx context.Context, request *api.SubmissionCreate) (*api.ID, error) {
+	userInfo, ok := ctx.Value("UserInfo").(UserInfo)
+	if !ok {
+		return nil, ErrUserInfo
+	}
+
+	userId := userInfo.UserID
+
+	// Check if user's submissions in the creation phase exceeds the limit
+	{
+		filter := datastore.Optional()
+		filter.Add("submitter", int64(userId))
+		filter.Add("status_id", CreationPhaseSubmissionStatuses)
+		creation_submissions, err := svc.DB.Submissions().List(ctx, filter, model.Page{
+			Number: 1,
+			Size:   int32(CreationPhaseSubmissionsLimit),
+		})
+		if err != nil {
+			return nil, err
+		}
+
+		if CreationPhaseSubmissionsLimit <= len(creation_submissions) {
+			return nil, ErrCreationPhaseSubmissionsLimit
+		}
+	}
+
+	// Check if an active submission with the same asset id exists
+	{
+		filter := datastore.Optional()
+		filter.Add("asset_id", request.AssetID)
+		filter.Add("asset_version", request.AssetVersion)
+		filter.Add("status_id", ActiveSubmissionStatuses)
+		active_submissions, err := svc.DB.Submissions().List(ctx, filter, model.Page{
+			Number: 1,
+			Size:   1,
+		})
+		if err != nil {
+			return nil, err
+		}
+		if len(active_submissions) != 0{
+			return nil, ErrActiveSubmissionSameAssetID
+		}
+	}
+
+	// Check if an active submission with the same target asset id exists
+	if request.TargetAssetID.IsSet() && request.TargetAssetID.Value != 0{
+		filter := datastore.Optional()
+		filter.Add("target_asset_id", request.TargetAssetID.Value)
+		filter.Add("status_id", ActiveSubmissionStatuses)
+		active_submissions, err := svc.DB.Submissions().List(ctx, filter, model.Page{
+			Number: 1,
+			Size:   1,
+		})
+		if err != nil {
+			return nil, err
+		}
+		if len(active_submissions) != 0{
+			return nil, ErrActiveSubmissionSameTargetAssetID
+		}
+	}
+
+	submission, err := svc.DB.Submissions().Create(ctx, model.Submission{
+		ID:            0,
+		DisplayName:   request.DisplayName,
+		Creator:       request.Creator,
+		GameID:        request.GameID,
+		Submitter:     int64(userId),
+		AssetID:       request.AssetID,
+		AssetVersion:  request.AssetVersion,
+		Completed:     false,
+		TargetAssetID: request.TargetAssetID.Value,
+		StatusID:      model.StatusUnderConstruction,
+	})
+	if err != nil {
+		return nil, err
+	}
+	return &api.ID{
+		ID: submission.ID,
+	}, nil
+}
+
+// GetSubmission implements getSubmission operation.
+//
+// Retrieve map with ID.
+//
+// GET /submissions/{SubmissionID}
+func (svc *Service) GetSubmission(ctx context.Context, params api.GetSubmissionParams) (*api.Submission, error) {
+	submission, err := svc.DB.Submissions().Get(ctx, params.SubmissionID)
+	if err != nil {
+		return nil, err
+	}
+	return &api.Submission{
+		ID:            submission.ID,
+		DisplayName:   submission.DisplayName,
+		Creator:       submission.Creator,
+		GameID:        submission.GameID,
+		CreatedAt:     submission.CreatedAt.Unix(),
+		UpdatedAt:     submission.UpdatedAt.Unix(),
+		Submitter:     int64(submission.Submitter),
+		AssetID:       int64(submission.AssetID),
+		AssetVersion:  int64(submission.AssetVersion),
+		Completed:     submission.Completed,
+		TargetAssetID: api.NewOptInt64(int64(submission.TargetAssetID)),
+		StatusID:      int32(submission.StatusID),
+	}, nil
+}
+
+// ListSubmissions implements listSubmissions operation.
+//
+// Get list of submissions.
+//
+// GET /submissions
+func (svc *Service) ListSubmissions(ctx context.Context, params api.ListSubmissionsParams) ([]api.Submission, error) {
+	filter := datastore.Optional()
+
+	if params.DisplayName.IsSet(){
+		filter.Add("display_name", params.DisplayName.Value)
+	}
+	if params.Creator.IsSet(){
+		filter.Add("creator", params.Creator.Value)
+	}
+	if params.GameID.IsSet(){
+		filter.Add("game_id", params.GameID.Value)
+	}
+
+	items, err := svc.DB.Submissions().List(ctx, filter, model.Page{
+		Number: params.Page,
+		Size:   params.Limit,
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	var resp []api.Submission
+	for i := 0; i < len(items); i++ {
+		resp = append(resp, api.Submission{
+			ID:            items[i].ID,
+			DisplayName:   items[i].DisplayName,
+			Creator:       items[i].Creator,
+			GameID:        items[i].GameID,
+			CreatedAt:     items[i].CreatedAt.Unix(),
+			UpdatedAt:     items[i].UpdatedAt.Unix(),
+			Submitter:     int64(items[i].Submitter),
+			AssetID:       int64(items[i].AssetID),
+			AssetVersion:  int64(items[i].AssetVersion),
+			Completed:     items[i].Completed,
+			TargetAssetID: api.NewOptInt64(int64(items[i].TargetAssetID)),
+			StatusID:      int32(items[i].StatusID),
+		})
+	}
+
+	return resp, nil
+}
+
+// PatchSubmissionCompleted implements patchSubmissionCompleted operation.
+//
+// Retrieve map with ID.
+//
+// POST /submissions/{SubmissionID}/completed
+func (svc *Service) SetSubmissionCompleted(ctx context.Context, params api.SetSubmissionCompletedParams) error {
+	userInfo, ok := ctx.Value("UserInfo").(UserInfo)
+	if !ok {
+		return ErrUserInfo
+	}
+
+	// check if caller has MaptestGame role (request must originate from a maptest roblox game)
+	if !userInfo.Roles.Maptest {
+		return ErrPermissionDenied
+	}
+
+	pmap := datastore.Optional()
+	pmap.Add("completed", true)
+	err := svc.DB.Submissions().Update(ctx, params.SubmissionID, pmap)
+	return err
+}
+
+// UpdateSubmissionModel implements patchSubmissionModel operation.
+//
+// Update model following role restrictions.
+//
+// POST /submissions/{SubmissionID}/model
+func (svc *Service) UpdateSubmissionModel(ctx context.Context, params api.UpdateSubmissionModelParams) error {
+	userInfo, ok := ctx.Value("UserInfo").(UserInfo)
+	if !ok {
+		return ErrUserInfo
+	}
+
+	// read submission (this could be done with a transaction WHERE clause)
+	submission, err := svc.DB.Submissions().Get(ctx, params.SubmissionID)
+	if err != nil {
+		return err
+	}
+
+	// check if caller is the submitter
+	if !userInfo.IsSubmitter(uint64(submission.Submitter)) {
+		return ErrPermissionDenied
+	}
+
+	// check if Status is ChangesRequested|Submitted|UnderConstruction
+	pmap := datastore.Optional()
+	pmap.AddNotNil("asset_id", params.ModelID)
+	pmap.AddNotNil("asset_version", params.VersionID)
+	//always reset completed when model changes
+	pmap.Add("completed", false)
+	return svc.DB.Submissions().IfStatusThenUpdate(ctx, params.SubmissionID, []model.Status{model.StatusChangesRequested, model.StatusSubmitted, model.StatusUnderConstruction}, pmap)
+}
+
+// ActionSubmissionReject invokes actionSubmissionReject operation.
+//
+// Role Reviewer changes status from Submitted -> Rejected.
+//
+// POST /submissions/{SubmissionID}/status/reject
+func (svc *Service) ActionSubmissionReject(ctx context.Context, params api.ActionSubmissionRejectParams) error {
+	userInfo, ok := ctx.Value("UserInfo").(UserInfo)
+	if !ok {
+		return ErrUserInfo
+	}
+
+	// check if caller has required role
+	if !userInfo.Roles.SubmissionReview {
+		return ErrPermissionDenied
+	}
+
+	// transaction
+	smap := datastore.Optional()
+	smap.Add("status_id", model.StatusRejected)
+	return svc.DB.Submissions().IfStatusThenUpdate(ctx, params.SubmissionID, []model.Status{model.StatusSubmitted}, smap)
+}
+
+// ActionSubmissionRequestChanges invokes actionSubmissionRequestChanges operation.
+//
+// Role Reviewer changes status from Validated|Accepted|Submitted -> ChangesRequested.
+//
+// POST /submissions/{SubmissionID}/status/request-changes
+func (svc *Service) ActionSubmissionRequestChanges(ctx context.Context, params api.ActionSubmissionRequestChangesParams) error {
+	userInfo, ok := ctx.Value("UserInfo").(UserInfo)
+	if !ok {
+		return ErrUserInfo
+	}
+
+	// check if caller has required role
+	if !userInfo.Roles.SubmissionReview {
+		return ErrPermissionDenied
+	}
+
+	// transaction
+	smap := datastore.Optional()
+	smap.Add("status_id", model.StatusChangesRequested)
+	return svc.DB.Submissions().IfStatusThenUpdate(ctx, params.SubmissionID, []model.Status{model.StatusValidated, model.StatusAccepted, model.StatusSubmitted}, smap)
+}
+
+// ActionSubmissionRevoke invokes actionSubmissionRevoke operation.
+//
+// Role Submitter changes status from Submitted|ChangesRequested -> UnderConstruction.
+//
+// POST /submissions/{SubmissionID}/status/revoke
+func (svc *Service) ActionSubmissionRevoke(ctx context.Context, params api.ActionSubmissionRevokeParams) error {
+	userInfo, ok := ctx.Value("UserInfo").(UserInfo)
+	if !ok {
+		return ErrUserInfo
+	}
+
+	// read submission (this could be done with a transaction WHERE clause)
+	submission, err := svc.DB.Submissions().Get(ctx, params.SubmissionID)
+	if err != nil {
+		return err
+	}
+
+	// check if caller is the submitter
+	if !userInfo.IsSubmitter(uint64(submission.Submitter)) {
+		return ErrPermissionDenied
+	}
+
+	// transaction
+	smap := datastore.Optional()
+	smap.Add("status_id", model.StatusUnderConstruction)
+	return svc.DB.Submissions().IfStatusThenUpdate(ctx, params.SubmissionID, []model.Status{model.StatusSubmitted, model.StatusChangesRequested}, smap)
+}
+
+// ActionSubmissionSubmit invokes actionSubmissionSubmit operation.
+//
+// Role Submitter changes status from UnderConstruction|ChangesRequested -> Submitted.
+//
+// POST /submissions/{SubmissionID}/status/submit
+func (svc *Service) ActionSubmissionSubmit(ctx context.Context, params api.ActionSubmissionSubmitParams) error {
+	userInfo, ok := ctx.Value("UserInfo").(UserInfo)
+	if !ok {
+		return ErrUserInfo
+	}
+
+	// read submission (this could be done with a transaction WHERE clause)
+	submission, err := svc.DB.Submissions().Get(ctx, params.SubmissionID)
+	if err != nil {
+		return err
+	}
+
+	// check if caller is the submitter
+	if !userInfo.IsSubmitter(uint64(submission.Submitter)) {
+		return ErrPermissionDenied
+	}
+
+	// transaction
+	smap := datastore.Optional()
+	smap.Add("status_id", model.StatusSubmitted)
+	return svc.DB.Submissions().IfStatusThenUpdate(ctx, params.SubmissionID, []model.Status{model.StatusUnderConstruction, model.StatusChangesRequested}, smap)
+}
+
+// ActionSubmissionTriggerUpload invokes actionSubmissionTriggerUpload operation.
+//
+// Role Admin changes status from Validated -> Uploading.
+//
+// POST /submissions/{SubmissionID}/status/trigger-upload
+func (svc *Service) ActionSubmissionTriggerUpload(ctx context.Context, params api.ActionSubmissionTriggerUploadParams) error {
+	userInfo, ok := ctx.Value("UserInfo").(UserInfo)
+	if !ok {
+		return ErrUserInfo
+	}
+
+	// check if caller has required role
+	if !userInfo.Roles.SubmissionRelease {
+		return ErrPermissionDenied
+	}
+
+	// transaction
+	smap := datastore.Optional()
+	smap.Add("status_id", model.StatusUploading)
+	submission, err := svc.DB.Submissions().IfStatusThenUpdateAndGet(ctx, params.SubmissionID, []model.Status{model.StatusValidated}, smap)
+	if err != nil {
+		return err
+	}
+
+	// sentinel value because we are not using rust
+	if submission.TargetAssetID == 0 {
+		// this is a new map
+		publish_new_request := model.PublishNewRequest{
+			SubmissionID: submission.ID,
+			ModelID:      submission.AssetID,
+			ModelVersion: submission.AssetVersion,
+			// publish as displayname, whatever
+			ModelName:    submission.DisplayName,
+		}
+
+		j, err := json.Marshal(publish_new_request)
+		if err != nil {
+			return err
+		}
+
+		svc.Nats.Publish("maptest.submissions.publishnew", []byte(j))
+	} else {
+		// this is a map fix
+		publish_fix_request := model.PublishFixRequest{
+			SubmissionID:  submission.ID,
+			ModelID:       submission.AssetID,
+			ModelVersion:  submission.AssetVersion,
+			TargetAssetID: submission.TargetAssetID,
+		}
+
+		j, err := json.Marshal(publish_fix_request)
+		if err != nil {
+			return err
+		}
+
+		svc.Nats.Publish("maptest.submissions.publishfix", []byte(j))
+	}
+
+	return nil
+}
+
+// ActionSubmissionTriggerValidate invokes actionSubmissionTriggerValidate operation.
+//
+// Role Reviewer triggers validation and changes status from Submitted|Accepted -> Validating.
+//
+// POST /submissions/{SubmissionID}/status/trigger-validate
+func (svc *Service) ActionSubmissionTriggerValidate(ctx context.Context, params api.ActionSubmissionTriggerValidateParams) error {
+	userInfo, ok := ctx.Value("UserInfo").(UserInfo)
+	if !ok {
+		return ErrUserInfo
+	}
+
+	// check if caller has required role
+	if !userInfo.Roles.SubmissionReview {
+		return ErrPermissionDenied
+	}
+
+	// transaction
+	smap := datastore.Optional()
+	smap.Add("status_id", model.StatusValidating)
+	submission, err := svc.DB.Submissions().IfStatusThenUpdateAndGet(ctx, params.SubmissionID, []model.Status{model.StatusSubmitted, model.StatusAccepted}, smap)
+	if err != nil {
+		return err
+	}
+
+	validate_request := model.ValidateRequest{
+		SubmissionID:     submission.ID,
+		ModelID:          submission.AssetID,
+		ModelVersion:     submission.AssetVersion,
+		ValidatedModelID: 0, //TODO: reuse velidation models
+	}
+
+	j, err := json.Marshal(validate_request)
+	if err != nil {
+		return err
+	}
+
+	svc.Nats.Publish("maptest.submissions.validate", []byte(j))
+
+	return nil
+}
--- a/pkg/service_internal/script_policy.go
+++ b/pkg/service_internal/script_policy.go
@@ -0,0 +1,80 @@
+package service_internal
+
+import (
+	"context"
+
+	"git.itzana.me/strafesnet/maps-service/pkg/datastore"
+	"git.itzana.me/strafesnet/maps-service/pkg/internal"
+	"git.itzana.me/strafesnet/maps-service/pkg/model"
+)
+
+// CreateScriptPolicy implements createScriptPolicy operation.
+//
+// Create a new script policy.
+//
+// POST /script-policy
+func (svc *Service) CreateScriptPolicy(ctx context.Context, req *api.ScriptPolicyCreate) (*api.ID, error) {
+	from_script, err := svc.DB.Scripts().Get(ctx, req.FromScriptID)
+	if err != nil {
+		return nil, err
+	}
+
+	// the existence of ToScriptID does not need to be validated because it's checked by a foreign key constraint.
+
+	script, err := svc.DB.ScriptPolicy().Create(ctx, model.ScriptPolicy{
+		ID:             0,
+		FromScriptHash: from_script.Hash,
+		ToScriptID:     req.ToScriptID,
+		Policy:         model.Policy(req.Policy),
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	return &api.ID{
+		ID: script.ID,
+	}, nil
+}
+
+// ListScriptPolicy implements listScriptPolicy operation.
+//
+// Get list of script policies.
+//
+// GET /script-policy
+func (svc *Service) ListScriptPolicy(ctx context.Context, params api.ListScriptPolicyParams) ([]api.ScriptPolicy, error) {
+	filter := datastore.Optional()
+
+	if params.FromScriptHash.IsSet(){
+		hash, err := model.HashParse(params.FromScriptHash.Value)
+		if err != nil {
+			return nil, err
+		}
+		filter.AddNotNil("from_script_hash", int64(hash)) // No type safety!
+	}
+	if params.ToScriptID.IsSet(){
+		filter.AddNotNil("to_script_id", params.ToScriptID.Value)
+	}
+	if params.Policy.IsSet(){
+		filter.AddNotNil("policy", params.Policy.Value)
+	}
+
+	items, err := svc.DB.ScriptPolicy().List(ctx, filter, model.Page{
+		Number: params.Page,
+		Size:   params.Limit,
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	var resp []api.ScriptPolicy
+	for i := 0; i < len(items); i++ {
+		resp = append(resp, api.ScriptPolicy{
+			ID:             items[i].ID,
+			FromScriptHash: model.HashFormat(uint64(items[i].FromScriptHash)),
+			ToScriptID:     items[i].ToScriptID,
+			Policy:         int32(items[i].Policy),
+		})
+	}
+
+	return resp, nil
+}
--- a/pkg/service_internal/scripts.go
+++ b/pkg/service_internal/scripts.go
@@ -0,0 +1,97 @@
+package service_internal
+
+import (
+	"context"
+
+	"git.itzana.me/strafesnet/maps-service/pkg/datastore"
+	"git.itzana.me/strafesnet/maps-service/pkg/internal"
+	"git.itzana.me/strafesnet/maps-service/pkg/model"
+)
+
+// CreateScript implements createScript operation.
+//
+// Create a new script.
+//
+// POST /scripts
+func (svc *Service) CreateScript(ctx context.Context, req *api.ScriptCreate) (*api.ID, error) {
+	script, err := svc.DB.Scripts().Create(ctx, model.Script{
+		ID:           0,
+		Name:         req.Name,
+		Hash:         int64(model.HashSource(req.Source)),
+		Source:       req.Source,
+		SubmissionID: req.SubmissionID.Or(0),
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	return &api.ID{
+		ID: script.ID,
+	}, nil
+}
+
+// ListScripts implements listScripts operation.
+//
+// Get list of scripts.
+//
+// GET /scripts
+func (svc *Service) ListScripts(ctx context.Context, params api.ListScriptsParams) ([]api.Script, error) {
+	filter := datastore.Optional()
+
+	if params.Hash.IsSet(){
+		hash, err := model.HashParse(params.Hash.Value)
+		if err != nil {
+			return nil, err
+		}
+		filter.AddNotNil("hash", int64(hash)) // No type safety!
+	}
+	if params.Name.IsSet(){
+		filter.AddNotNil("name", params.Name.Value)
+	}
+	if params.Source.IsSet(){
+		filter.AddNotNil("source", params.Source.Value)
+	}
+	if params.SubmissionID.IsSet(){
+		filter.AddNotNil("submission_id", params.SubmissionID.Value)
+	}
+
+	items, err := svc.DB.Scripts().List(ctx, filter, model.Page{
+		Number: params.Page,
+		Size:   params.Limit,
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	var resp []api.Script
+	for i := 0; i < len(items); i++ {
+		resp = append(resp, api.Script{
+			ID:           items[i].ID,
+			Hash:         model.HashFormat(uint64(items[i].Hash)),
+			Source:       items[i].Source,
+			SubmissionID: items[i].SubmissionID,
+		})
+	}
+
+	return resp, nil
+}
+
+// GetScript implements getScript operation.
+//
+// Get the specified script by ID.
+//
+// GET /scripts/{ScriptID}
+func (svc *Service) GetScript(ctx context.Context, params api.GetScriptParams) (*api.Script, error) {
+	script, err := svc.DB.Scripts().Get(ctx, params.ScriptID)
+	if err != nil {
+		return nil, err
+	}
+
+	return &api.Script{
+		ID:           script.ID,
+		Name:         script.Name,
+		Hash:         model.HashFormat(uint64(script.Hash)),
+		Source:       script.Source,
+		SubmissionID: script.SubmissionID,
+	}, nil
+}
--- a/pkg/service_internal/service_internal.go
+++ b/pkg/service_internal/service_internal.go
@@ -0,0 +1,30 @@
+package service_internal
+
+import (
+	"context"
+	"errors"
+
+	"git.itzana.me/strafesnet/maps-service/pkg/datastore"
+	internal "git.itzana.me/strafesnet/maps-service/pkg/internal"
+	"github.com/nats-io/nats.go"
+)
+
+type Service struct {
+	DB   datastore.Datastore
+	Nats nats.JetStreamContext
+}
+
+// yay duplicate code
+func (svc *Service) NewError(ctx context.Context, err error) *internal.ErrorStatusCode {
+	status := 500
+	if errors.Is(err, datastore.ErrNotExist) {
+		status = 404
+	}
+	return &internal.ErrorStatusCode{
+		StatusCode: status,
+		Response: internal.Error{
+			Code:    int64(status),
+			Message: err.Error(),
+		},
+	}
+}
--- a/pkg/service_internal/submissions.go
+++ b/pkg/service_internal/submissions.go
@@ -0,0 +1,83 @@
+package service_internal
+
+import (
+	"context"
+
+	internal "git.itzana.me/strafesnet/maps-service/pkg/internal"
+	"git.itzana.me/strafesnet/maps-service/pkg/datastore"
+	"git.itzana.me/strafesnet/maps-service/pkg/model"
+)
+
+// UpdateSubmissionModel implements patchSubmissionModel operation.
+//
+// Update model following role restrictions.
+//
+// POST /submissions/{SubmissionID}/model
+func (svc *Service) UpdateSubmissionModel(ctx context.Context, params internal.UpdateSubmissionModelParams) error {
+	// check if Status is ChangesRequested|Submitted|UnderConstruction
+	pmap := datastore.Optional()
+	pmap.AddNotNil("asset_id", params.ModelID)
+	pmap.AddNotNil("asset_version", params.VersionID)
+	//always reset completed when model changes
+	pmap.Add("completed", false)
+	return svc.DB.Submissions().IfStatusThenUpdate(ctx, params.SubmissionID, []model.Status{model.StatusValidating}, pmap)
+}
+
+// ActionSubmissionValidate invokes actionSubmissionValidate operation.
+//
+// Role Validator changes status from Validating -> Validated.
+//
+// POST /submissions/{SubmissionID}/status/validator-validated
+func (svc *Service) ActionSubmissionValidated(ctx context.Context, params internal.ActionSubmissionValidatedParams) error {
+	println("[ActionSubmissionValidated] Implicit Validator permission granted!")
+
+	// transaction
+	smap := datastore.Optional()
+	smap.Add("status_id", model.StatusValidated)
+	return svc.DB.Submissions().IfStatusThenUpdate(ctx, params.SubmissionID, []model.Status{model.StatusValidating}, smap)
+}
+
+// ActionSubmissionAccepted implements actionSubmissionAccepted operation.
+//
+// (Internal endpoint) Role Validator changes status from Validating -> Accepted.
+//
+// POST /submissions/{SubmissionID}/status/validator-failed
+func (svc *Service) ActionSubmissionAccepted(ctx context.Context, params internal.ActionSubmissionAcceptedParams) error {
+	println("[ActionSubmissionAccepted] Implicit Validator permission granted!")
+
+	// transaction
+	smap := datastore.Optional()
+	smap.Add("status_id", model.StatusAccepted)
+	return svc.DB.Submissions().IfStatusThenUpdate(ctx, params.SubmissionID, []model.Status{model.StatusValidating}, smap)
+}
+
+// ActionSubmissionReleased implements actionSubmissionReleased operation.
+//
+// (Internal endpoint) Role Releaser changes status from Uploaded -> Released.
+//
+// POST /submissions/{SubmissionID}/status/releaser-released
+func (svc *Service) ActionSubmissionReleased(ctx context.Context, params internal.ActionSubmissionReleasedParams) error {
+	println("[ActionSubmissionReleased] Implicit Validator permission granted!")
+
+	// transaction
+	smap := datastore.Optional()
+	smap.Add("status_id", model.StatusReleased)
+	return svc.DB.Submissions().IfStatusThenUpdate(ctx, params.SubmissionID, []model.Status{model.StatusUploaded}, smap)
+}
+
+// ActionSubmissionUploaded implements actionSubmissionUploaded operation.
+//
+// (Internal endpoint) Role Validator changes status from Uploading -> Uploaded.
+//
+// POST /submissions/{SubmissionID}/status/validator-uploaded
+func (svc *Service) ActionSubmissionUploaded(ctx context.Context, params internal.ActionSubmissionUploadedParams) error {
+	println("[ActionSubmissionUploaded] Implicit Validator permission granted!")
+
+	// transaction
+	smap := datastore.Optional()
+	smap.Add("status_id", model.StatusUploaded)
+	if params.TargetAssetID.IsSet() {
+		smap.AddNotNil("target_asset_id", params.TargetAssetID.Value)
+	}
+	return svc.DB.Submissions().IfStatusThenUpdate(ctx, params.SubmissionID, []model.Status{model.StatusUploading}, smap)
+}
--- a/server.go
+++ b/server.go
@@ -1,55 +0,0 @@
-package main
-
-import (
-	"context"
-	"log"
-	"net/http"
-
-	"git.itzana.me/strafesnet/maps-service/api"
-	"git.itzana.me/strafesnet/maps-service/internal/controller/submissions"
-	"git.itzana.me/strafesnet/maps-service/internal/controller/users"
-	"git.itzana.me/strafesnet/maps-service/internal/datastore/gormstore"
-)
-
-type apiServer struct {
-	submissions *submissions.Submissions
-	users *users.Users
-}
-
-// GetUserRank implements api.Handler.
-func (m *apiServer) GetSubmission(ctx context.Context, params api.GetSubmissionParams) (*api.Submission, error) {
-	return m.submissions.Get(ctx,params)
-}
-
-// NewError implements api.Handler.
-func (m *apiServer) NewError(ctx context.Context, err error) *api.ErrorStatusCode {
-	return &api.ErrorStatusCode{
-		StatusCode: 500,
-		Response:   api.Error{Message: err.Error()},
-	}
-}
-
-func main() {
-	db, err := gormstore.New(true)
-	if err != nil {
-		log.WithField("error", err).Fatalln("database startup failed")
-		return
-	}
-
-	svc := &apiServer{
-		submissions: db.Submissions(),
-		users: db.Users(),
-	}
-
-	srv, err := api.NewServer(
-		svc,
-		api.WithPathPrefix("/v2"),
-	)
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	if err := http.ListenAndServe(":8080", srv); err != nil {
-		log.Fatal(err)
-	}
-}
--- a/validation/.cargo/config.toml
+++ b/validation/.cargo/config.toml
@@ -0,0 +1,2 @@
+[registries.strafesnet]
+index = "sparse+https://git.itzana.me/api/packages/strafesnet/cargo/"
--- a/validation/.dockerignore
+++ b/validation/.dockerignore
@@ -0,0 +1 @@
+/target
--- a/validation/Cargo.lock
+++ b/validation/Cargo.lock
--- a/validation/Cargo.toml
+++ b/validation/Cargo.toml
@@ -1,7 +1,18 @@
 [package]
-name = "maps-valication"
+name = "maps-validation"
 version = "0.1.0"
 edition = "2021"

 [dependencies]
-bitflags = "2.6.0"
+submissions-api = { path = "api", features = ["internal"], registry = "strafesnet" }
+async-nats = "0.38.0"
+futures = "0.3.31"
+rbx_asset = { version = "0.2.5", registry = "strafesnet" }
+rbx_binary = { version = "0.7.4", registry = "strafesnet"}
+rbx_dom_weak = { version = "2.9.0", registry = "strafesnet"}
+rbx_reflection_database = { version = "0.2.12", registry = "strafesnet"}
+rbx_xml = { version = "0.13.3", registry = "strafesnet"}
+serde = { version = "1.0.215", features = ["derive"] }
+serde_json = "1.0.133"
+siphasher = "1.0.1"
+tokio = { version = "1.41.1", features = ["macros", "rt-multi-thread", "signal"] }
--- a/validation/Containerfile
+++ b/validation/Containerfile
@@ -0,0 +1,24 @@
+# Using the `rust-musl-builder` as base image, instead of
+# the official Rust toolchain
+FROM docker.io/clux/muslrust:stable AS chef
+USER root
+RUN cargo install cargo-chef
+WORKDIR /app
+
+FROM chef AS planner
+COPY . .
+RUN cargo chef prepare --recipe-path recipe.json
+
+FROM chef AS builder
+COPY --from=planner /app/recipe.json recipe.json
+COPY api ./api
+# Notice that we are specifying the --target flag!
+RUN cargo chef cook --release --target x86_64-unknown-linux-musl --recipe-path recipe.json
+COPY . .
+RUN cargo build --release --target x86_64-unknown-linux-musl --bin maps-validation
+
+FROM docker.io/alpine:latest AS runtime
+RUN addgroup -S myuser && adduser -S myuser -G myuser
+COPY --from=builder /app/target/x86_64-unknown-linux-musl/release/maps-validation /usr/local/bin/
+USER myuser
+ENTRYPOINT ["/usr/local/bin/maps-validation"]
--- a/Show More
+++ b/Show More