Updated Javascript and Python dependencies.

* Address CodeRabbit review feedback for streaming and SQL extraction.

- Anthropic: preserve separators between text blocks in streaming to
  match _parse_response() behavior.
- Docker: validate that the API URL points to a loopback address to
  constrain the request surface.
- Docker/OpenAI: raise LLMClientError on empty streams instead of
  yielding blank LLMResponse objects, matching non-streaming behavior.
- SQL extraction: strip trailing semicolons before joining blocks to
  avoid double semicolons in output.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* Address remaining CodeRabbit review feedback for streaming and rendering.

- Use distinct 3-tuple ('complete', text, messages) for completion events
  to avoid ambiguity with ('tool_use', [...]) 2-tuples in chat streaming.
- Pass conversation history from request into chat_with_database_stream()
  so follow-up NLQ turns retain context.
- Add re.IGNORECASE to SQL fence regex for case-insensitive matching.
- Render MarkdownContent as block element instead of span to avoid
  invalid DOM when response contains paragraphs, lists, or tables.
- Keep stop notice as a separate message instead of appending to partial
  markdown, preventing it from being swallowed by open code fences.
- Snapshot streamingIdRef before setMessages in error handler to avoid
  race condition where ref is cleared before React executes the updater.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* Address CodeRabbit review feedback for streaming providers and history.

- Fix critical NameError: use self._api_url instead of undefined API_URL
  in anthropic and openai streaming _process_stream() methods.
- Match sync path auth handling: conditionally set API key headers in
  streaming paths for both anthropic and openai providers.
- Remove unconditional temperature from openai streaming payload to
  match sync path compatibility approach.
- Add URL scheme validation to OllamaClient.__init__ to prevent unsafe
  local/resource access via non-http schemes.
- Guard ollama streaming finalizer: raise error when stream drops
  without a done frame and no content was received.
- Update chat.py type hint and docstring for 3-tuple completion event.
- Serialize and return filtered conversation history in the complete
  SSE event so the client can round-trip it on follow-up turns.
- Store and send conversation history from NLQChatPanel, clear on
  conversation reset.
- Fix JSON-fallback SQL render path: clear content when SQL was
  extracted without fenced blocks so ChatMessage uses sql-only renderer.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* Fix missing closing brace in NLQChatPanel switch statement.

Adding block scoping to the error case introduced an unmatched brace
that prevented the switch statement from closing properly, causing
an eslint parse error.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* Fix missing compaction module and SQL extraction test.

- Replace compaction module imports with inline history deserialization
  and filtering since compaction.py is on a different branch.
- Add rstrip(';') to SQL extraction test to match production code,
  fixing double-semicolon assertion failure.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* Fix SQL extraction test expected values after rstrip(';') change.

The rstrip(';') applied to each block before joining means single
blocks and the last block in multi-block joins no longer have
trailing semicolons. Update expected values to match.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* Strictly guard Ollama stream: raise if no terminal done frame received.

Truncated content from a dropped connection should not be treated as
a complete response, even if partial text was streamed. Always raise
when final_data is None, matching CodeRabbit's recommendation.

.coderabbit.yaml

@@ -0,0 +1,186 @@
+language: en-US
+tone_instructions: ''
+early_access: false
+enable_free_tier: true
+reviews:
+  profile: chill
+  request_changes_workflow: false
+  high_level_summary: true
+  high_level_summary_placeholder: '@coderabbitai summary'
+  high_level_summary_in_walkthrough: false
+  auto_title_placeholder: '@coderabbitai'
+  auto_title_instructions: ''
+  review_status: true
+  commit_status: true
+  fail_commit_status: false
+  collapse_walkthrough: false
+  changed_files_summary: true
+  sequence_diagrams: true
+  estimate_code_review_effort: true
+  assess_linked_issues: true
+  related_issues: true
+  related_prs: true
+  suggested_labels: true
+  labeling_instructions: []
+  auto_apply_labels: false
+  suggested_reviewers: true
+  auto_assign_reviewers: false
+  in_progress_fortune: true
+  poem: false
+  path_filters: []
+  path_instructions: []
+  abort_on_close: true
+  disable_cache: false
+  auto_review:
+    enabled: true
+    auto_incremental_review: true
+    ignore_title_keywords: []
+    labels: []
+    drafts: false
+    base_branches: []
+    ignore_usernames: []
+  finishing_touches:
+    docstrings:
+      enabled: true
+    unit_tests:
+      enabled: true
+  pre_merge_checks:
+    docstrings:
+      mode: warning
+      threshold: 80
+    title:
+      mode: warning
+      requirements: ''
+    description:
+      mode: warning
+    issue_assessment:
+      mode: warning
+    custom_checks: []
+  tools:
+    ast-grep:
+      rule_dirs: []
+      util_dirs: []
+      essential_rules: true
+      packages: []
+    shellcheck:
+      enabled: true
+    ruff:
+      enabled: true
+    markdownlint:
+      enabled: true
+    github-checks:
+      enabled: true
+      timeout_ms: 900000
+    languagetool:
+      enabled: true
+      enabled_rules: []
+      disabled_rules: []
+      enabled_categories: []
+      disabled_categories: []
+      enabled_only: false
+      level: default
+    biome:
+      enabled: true
+    hadolint:
+      enabled: true
+    swiftlint:
+      enabled: true
+    phpstan:
+      enabled: true
+      level: default
+    phpmd:
+      enabled: true
+    phpcs:
+      enabled: true
+    golangci-lint:
+      enabled: true
+    yamllint:
+      enabled: true
+    gitleaks:
+      enabled: true
+    checkov:
+      enabled: true
+    detekt:
+      enabled: true
+    eslint:
+      enabled: true
+    flake8:
+      enabled: true
+    rubocop:
+      enabled: true
+    buf:
+      enabled: true
+    regal:
+      enabled: true
+    actionlint:
+      enabled: true
+    pmd:
+      enabled: true
+    clang:
+      enabled: true
+    cppcheck:
+      enabled: true
+    semgrep:
+      enabled: true
+    circleci:
+      enabled: true
+    clippy:
+      enabled: true
+    sqlfluff:
+      enabled: true
+    prismaLint:
+      enabled: true
+    pylint:
+      enabled: true
+    oxc:
+      enabled: true
+    shopifyThemeCheck:
+      enabled: true
+    luacheck:
+      enabled: true
+    brakeman:
+      enabled: true
+    dotenvLint:
+      enabled: true
+    htmlhint:
+      enabled: true
+    checkmake:
+      enabled: true
+    osvScanner:
+      enabled: true
+chat:
+  art: true
+  auto_reply: true
+  integrations:
+    jira:
+      usage: auto
+    linear:
+      usage: auto
+knowledge_base:
+  opt_out: false
+  web_search:
+    enabled: true
+  code_guidelines:
+    enabled: true
+    filePatterns: []
+  learnings:
+    scope: auto
+  issues:
+    scope: auto
+  jira:
+    usage: auto
+    project_keys: []
+  linear:
+    usage: auto
+    team_keys: []
+  pull_requests:
+    scope: auto
+  mcp:
+    usage: auto
+    disabled_servers: []
+code_generation:
+  docstrings:
+    language: en-US
+    path_instructions: []
+  unit_tests:
+    path_instructions: []

.dockerignore

@@ -1,4 +1,5 @@
 web/node_modules
+web/config_*.py
 web/*.log
 web/regression
 web/**/tests/

.gitattributes

@@ -0,0 +1,2 @@
+# Auto detect text files and normalize end of lines to LF (\n)
+* text=auto eol=lf

.github/workflows/run-feature-tests-epas.yml

@@ -21,7 +21,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        pgver: [13, 14, 15, 16, 17]
+        pgver: [14, 15, 16, 17, 18]
 
     runs-on: ubuntu-22.04
 

.github/workflows/run-feature-tests-pg.yml

@@ -20,7 +20,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        pgver: [13, 14, 15, 16, 17, 18]
+        pgver: [14, 15, 16, 17, 18]
 
     runs-on: ubuntu-22.04
 

.github/workflows/run-python-tests-epas.yml

@@ -32,7 +32,7 @@ jobs:
       fail-fast: false
       matrix:
         os: [ubuntu-22.04, windows-latest]
-        pgver: [13, 14, 15, 16, 17]
+        pgver: [14, 15, 16, 17, 18]
 
     runs-on: ${{ matrix.os }}
 

.github/workflows/run-python-tests-pg.yml

@@ -21,7 +21,7 @@ jobs:
       fail-fast: false
       matrix:
         os: [macos-latest, ubuntu-22.04, windows-latest]
-        pgver: [13, 14, 15, 16, 17, 18]
+        pgver: [14, 15, 16, 17, 18]
 
     runs-on: ${{ matrix.os }}
 

Dockerfile

@@ -2,7 +2,7 @@
 #
 # pgAdmin 4 - PostgreSQL Tools
 #
-# Copyright (C) 2013 - 2025, The pgAdmin Development Team
+# Copyright (C) 2013 - 2026, The pgAdmin Development Team
 # This software is released under the PostgreSQL Licence
 #
 #########################################################################
@@ -31,51 +31,38 @@ RUN apk add --no-cache \
     yarn \
     zlib-dev
 
-COPY .git .git
-# Create the /pgadmin4 directory and copy the source into it. Explicitly
-# remove the node_modules directory as we'll recreate a clean version, as well
-# as various other files we don't want
+# Create the /pgadmin4 directory and copy the source into it
 COPY web /pgadmin4/web
-RUN rm -rf /pgadmin4/web/*.log \
-           /pgadmin4/web/config_*.py \
-           /pgadmin4/web/node_modules \
-           /pgadmin4/web/regression \
-           `find /pgadmin4/web -type d -name tests` \
-           `find /pgadmin4/web -type f -name .DS_Store`
-
 WORKDIR /pgadmin4/web
 
 # Build the JS vendor code in the app-builder, and then remove the vendor source.
-RUN export CPPFLAGS="-DPNG_ARM_NEON_OPT=0" && \
+RUN --mount=type=bind,source=.git,target=/pgadmin4/.git \
+    --mount=type=tmpfs,target=node_modules \
+    --mount=type=tmpfs,target=pgadmin/static/js/generated/.cache \
+    export CPPFLAGS="-DPNG_ARM_NEON_OPT=0" && \
     npm install -g corepack && \
     corepack enable && \
     yarn set version berry && \
     yarn set version 4 && \
     yarn install && \
     yarn run bundle && \
-    rm -rf node_modules \
-           yarn.lock \
+    rm -rf yarn.lock \
            package.json \
            .[^.]* \
            babel.cfg \
            webpack.* \
            jest.config.js \
-           babel.* \
-           ./pgadmin/static/js/generated/.cache \
-           /pgadmin4/.git
+           babel.*
 
 #########################################################################
 # Next, create the base environment for Python
 #########################################################################
 
-FROM alpine:latest AS env-builder
+FROM python:3-alpine AS env-builder
 
 # Install dependencies
-COPY requirements.txt /
 RUN apk add --no-cache \
-        make \
-        python3 \
-        py3-pip && \
+        make && \
     apk add --no-cache --virtual build-deps \
         build-base \
         openssl-dev \
@@ -86,9 +73,9 @@ RUN apk add --no-cache \
         cargo \
         zlib-dev \
         libjpeg-turbo-dev \
-        libpng-dev \
-        python3-dev && \
-    python3 -m venv --system-site-packages --without-pip /venv && \
+        libpng-dev
+COPY requirements.txt /
+RUN python3 -m venv --system-site-packages --without-pip /venv && \
     /venv/bin/python3 -m pip install --no-cache-dir -r requirements.txt && \
     apk del --no-cache build-deps
 
@@ -164,40 +151,12 @@ COPY --from=pg18-builder /usr/local/bin/psql /usr/local/pgsql/pgsql-18/
 # Assemble everything into the final container.
 #########################################################################
 
-FROM alpine:latest
+FROM python:3-alpine
 
-# Copy in the Python packages
-COPY --from=env-builder /venv /venv
-
-# Copy in the tools
-COPY --from=tool-builder /usr/local/pgsql /usr/local/
-COPY --from=pg18-builder /usr/local/lib/libpq.so.5.18 /usr/lib/
-COPY --from=pg18-builder /usr/lib/libzstd.so.1.5.7 /usr/lib/
-COPY --from=pg18-builder /usr/lib/liblz4.so.1.10.0 /usr/lib/
-
-RUN ln -s libpq.so.5.18 /usr/lib/libpq.so.5 && \
-    ln -s libpq.so.5.18 /usr/lib/libpq.so && \
-    ln -s libzstd.so.1.5.7 /usr/lib/libzstd.so.1 && \
-    ln -s liblz4.so.1.10.0 /usr/lib/liblz4.so.1
-
-WORKDIR /pgadmin4
-ENV PYTHONPATH=/pgadmin4
-
-# Copy in the code and docs
-COPY --from=app-builder /pgadmin4/web /pgadmin4
-COPY --from=docs-builder /pgadmin4/docs/en_US/_build/html/ /pgadmin4/docs
-COPY pkg/docker/run_pgadmin.py /pgadmin4
-COPY pkg/docker/gunicorn_config.py /pgadmin4
-COPY pkg/docker/entrypoint.sh /entrypoint.sh
-
-# License files
-COPY LICENSE /pgadmin4/LICENSE
-
-# Install runtime dependencies and configure everything in one RUN step
-RUN apk add --no-cache \
-        python3 \
+# Install runtime dependencies
+RUN apk update && apk upgrade && \
+    apk add \
         bash \
-        py3-pip \
         postfix \
         krb5-libs \
         libjpeg-turbo \
@@ -207,7 +166,33 @@ RUN apk add --no-cache \
         libedit \
         libldap \
         libcap && \
-    /venv/bin/python3 -m pip install --no-cache-dir gunicorn==23.0.0 && \
+    rm -rf /var/cache/apk/*
+
+# Copy in the Python packages
+COPY --from=env-builder /venv /venv
+
+# Copy in the tools
+COPY --from=tool-builder /usr/local/pgsql /usr/local/
+COPY --from=pg18-builder /usr/local/lib/libpq.so.5.18 /usr/lib/liblz4.so.1.10.0 /usr/lib/
+
+RUN ln -s libpq.so.5.18 /usr/lib/libpq.so.5 && \
+    ln -s libpq.so.5.18 /usr/lib/libpq.so && \
+    ln -s liblz4.so.1.10.0 /usr/lib/liblz4.so.1
+
+WORKDIR /pgadmin4
+ENV PYTHONPATH=/pgadmin4
+
+# Copy in the code and docs
+COPY --from=app-builder /pgadmin4/web /pgadmin4
+COPY --from=docs-builder /pgadmin4/docs/en_US/_build/html/ /pgadmin4/docs
+COPY pkg/docker/run_pgadmin.py pkg/docker/gunicorn_config.py /pgadmin4/
+COPY pkg/docker/entrypoint.sh /entrypoint.sh
+
+# License files
+COPY LICENSE /pgadmin4/LICENSE
+
+# Configure everything in one RUN step
+RUN /venv/bin/python3 -m pip install --no-cache-dir gunicorn==23.0.0 && \
     find / -type d -name '__pycache__' -exec rm -rf {} + && \
     useradd -r -u 5050 -g root -s /sbin/nologin pgadmin && \
     mkdir -p /run/pgadmin /var/lib/pgadmin && \
@@ -217,7 +202,7 @@ RUN apk add --no-cache \
     chown pgadmin:root /pgadmin4/config_distro.py && \
     chmod g=u /pgadmin4/config_distro.py && \
     chmod g=u /etc/passwd && \
-    setcap CAP_NET_BIND_SERVICE=+eip /usr/bin/python3.12 && \
+    setcap CAP_NET_BIND_SERVICE=+eip /usr/local/bin/python3.[0-9][0-9] && \
     echo "pgadmin ALL = NOPASSWD: /usr/sbin/postfix start" > /etc/sudoers.d/postfix && \
     echo "pgadminr ALL = NOPASSWD: /usr/sbin/postfix start" >> /etc/sudoers.d/postfix
 

LICENSE

@@ -4,7 +4,7 @@ pgAdmin 4
 This software is released under the PostgreSQL licence.
 
 -------------------------------------------------------------------------------
-Copyright (C) 2013 - 2025, The pgAdmin Development Team
+Copyright (C) 2013 - 2026, The pgAdmin Development Team
 
 Permission to use, copy, modify, and distribute this software and its
 documentation for any purpose, without fee, and without a written agreement is

Make.bat

@@ -59,6 +59,7 @@ REM Main build sequence Ends
     IF "%PGADMIN_VCREDIST_DIR%" == "" SET "PGADMIN_VCREDIST_DIR=C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Redist\MSVC\14.40.33807"
     IF "%PGADMIN_VCREDIST_FILE%" == "" SET "PGADMIN_VCREDIST_FILE=vc_redist.x64.exe"
     IF "%PGADMIN_SIGNTOOL_DIR%" == "" SET "PGADMIN_SIGNTOOL_DIR=C:\Program Files (x86)\Windows Kits\10\bin\10.0.22621.0\x64"
+    IF "%PGADMIN_WINDOWS_CSC%" == "" SET "PGADMIN_WINDOWS_CSC="
 
     REM Set additional variables we need
     FOR /F "tokens=3" %%a IN ('findstr /C:"APP_RELEASE =" %WD%\web\version.py')  DO SET APP_MAJOR=%%a
@@ -99,6 +100,11 @@ REM Main build sequence Ends
     ECHO VC++ redist file:          %PGADMIN_VCREDIST_FILE%
     ECHO InnoTool directory:        %PGADMIN_INNOTOOL_DIR%
     ECHO signtool directory:        %PGADMIN_SIGNTOOL_DIR%
+    IF "%PGADMIN_WINDOWS_CSC%" == "" (
+        ECHO Code signing certificate:  [NONE - Signing disabled]
+    ) ELSE (
+        ECHO Code signing certificate:  %PGADMIN_WINDOWS_CSC%
+    )
     ECHO.
     ECHO App version:               %APP_VERSION%
     ECHO App version suffix:        %APP_VERSION_SUFFIX%
@@ -306,14 +312,18 @@ REM Main build sequence Ends
     %TMPDIR%\rcedit-x64.exe "%BUILDROOT%\runtime\pgAdmin4.exe" --set-version-string "ProductName" "%APP_NAME%"
     %TMPDIR%\rcedit-x64.exe "%BUILDROOT%\runtime\pgAdmin4.exe" --set-product-version "%APP_VERSION%""
 
-    ECHO Attempting to sign the pgAdmin4.exe...
-    CALL "%PGADMIN_SIGNTOOL_DIR%\signtool.exe" sign /fd certHash /tr http://timestamp.digicert.com /td SHA256 "%BUILDROOT%\runtime\pgAdmin4.exe"
-    IF %ERRORLEVEL% NEQ 0 (
-        ECHO.
-        ECHO ************************************************************
-        ECHO * Failed to sign the pgAdmin4.exe
-        ECHO ************************************************************
-        PAUSE
+    IF NOT "%PGADMIN_WINDOWS_CSC%" == "" (
+        ECHO Attempting to sign the pgAdmin4.exe...
+        CALL "%PGADMIN_SIGNTOOL_DIR%\signtool.exe" sign /sm /n "%PGADMIN_WINDOWS_CSC%" /tr http://timestamp.digicert.com /td sha256 /fd sha1 /v "%BUILDROOT%\runtime\pgAdmin4.exe"
+        IF %ERRORLEVEL% NEQ 0 (
+            ECHO.
+            ECHO ************************************************************
+            ECHO * Failed to sign the pgAdmin4.exe
+            ECHO ************************************************************
+            PAUSE
+        )
+    ) ELSE (
+        ECHO Skipping code signing ^(PGADMIN_WINDOWS_CSC is not set^)...
     )
 
     ECHO Staging PostgreSQL components...
@@ -356,7 +366,11 @@ REM Main build sequence Ends
     DEL /s "%WD%\pkg\win32\installer.iss.in_stage*" > nul
 
     ECHO Creating windows installer using INNO tool...
-    CALL "%PGADMIN_INNOTOOL_DIR%\ISCC.exe" "%WD%\pkg\win32\installer.iss" "/SpgAdminSigntool=%PGADMIN_SIGNTOOL_DIR%\signtool.exe sign /fd certHash /tr http://timestamp.digicert.com /td SHA256 $f" || EXIT /B 1
+    IF NOT "%PGADMIN_WINDOWS_CSC%" == "" (
+        CALL "%PGADMIN_INNOTOOL_DIR%\ISCC.exe" "%WD%\pkg\win32\installer.iss" "/SpgAdminSigntool=%PGADMIN_SIGNTOOL_DIR%\signtool.exe sign /sm /n $q%PGADMIN_WINDOWS_CSC%$q /tr http://timestamp.digicert.com /td sha256 /fd sha1 /v $f" || EXIT /B 1
+    ) ELSE (
+        CALL "%PGADMIN_INNOTOOL_DIR%\ISCC.exe" "%WD%\pkg\win32\installer.iss" || EXIT /B 1
+    )
 
     ECHO Renaming installer...
     MOVE "%WD%\pkg\win32\Output\pgadmin4-setup.exe" "%DISTROOT%\%INSTALLERNAME%" > nul || EXIT /B 1
@@ -374,6 +388,11 @@ REM Main build sequence Ends
     EXIT /B 0
 
 :VERIFY_SIGNATURE
+    IF "%PGADMIN_WINDOWS_CSC%" == "" (
+        ECHO Skipping signature verification ^(PGADMIN_WINDOWS_CSC is not set^)...
+        EXIT /B 0
+    )
+
     ECHO Verifying the installer signature...
 
     CALL "%PGADMIN_SIGNTOOL_DIR%\signtool.exe" verify /pa /v "%DISTROOT%\%INSTALLERNAME%"

Makefile

@@ -2,7 +2,7 @@
 #
 # pgAdmin 4 - PostgreSQL Tools
 #
-# Copyright (C) 2013 - 2025, The pgAdmin Development Team
+# Copyright (C) 2013 - 2026, The pgAdmin Development Team
 # This software is released under the PostgreSQL Licence
 #
 #########################################################################

docs/en_US/ai_tools.rst

@@ -0,0 +1,249 @@
+.. _ai_tools:
+
+*******************
+`AI Reports`:index:
+*******************
+
+**AI Reports** is a feature that provides AI-powered database analysis and insights
+using Large Language Models (LLMs). Use the *Tools → AI Reports* menu to access
+the various AI-powered reports.
+
+The AI Reports feature allows you to:
+
+ * Generate security reports to identify potential security vulnerabilities and configuration issues.
+
+ * Create performance reports with optimization recommendations for queries and configurations.
+
+ * Perform design reviews to analyze database schema structure and suggest improvements.
+
+**Prerequisites:**
+
+Before using AI Reports, you must:
+
+ 1. Ensure AI features are enabled in the server configuration (set ``LLM_ENABLED`` to ``True`` in ``config.py``).
+
+ 2. Configure an LLM provider in :ref:`Preferences → AI <preferences>`.
+
+**Note:**
+
+ * AI Reports using cloud providers (Anthropic, OpenAI) require an active internet connection.
+   Local providers (Ollama, Docker Model Runner) do not require internet access.
+
+ * API usage may incur costs depending on your LLM provider's pricing model.
+   Local providers (Ollama, Docker Model Runner) are free to use.
+
+ * The quality and accuracy of reports depend on the LLM provider and model configured.
+
+
+Configuring AI Reports
+**********************
+
+To configure AI Reports, navigate to *File → Preferences → AI* (or click the *Settings*
+button and select *AI*).
+
+.. image:: images/preferences_ai.png
+    :alt: AI preferences
+    :align: center
+
+Select your preferred LLM provider from the dropdown:
+
+**Anthropic**
+  Use Claude models from Anthropic, or any Anthropic-compatible API provider.
+
+  * **API URL**: Custom API endpoint URL (leave empty for default: https://api.anthropic.com/v1).
+  * **API Key File**: Path to a file containing your Anthropic API key (obtain from https://console.anthropic.com/). This path refers to the filesystem where the pgAdmin server is running (e.g., inside the container if using Docker). The ``~`` prefix is expanded to the home directory of the user running the pgAdmin server process. Optional when using a custom URL with a provider that does not require authentication.
+  * **Model**: Select from available Claude models (e.g., claude-sonnet-4-20250514).
+
+**OpenAI**
+  Use GPT models from OpenAI, or any OpenAI-compatible API provider (e.g.,
+  LiteLLM, LM Studio, EXO, or other local inference servers).
+
+  * **API URL**: Custom API endpoint URL (leave empty for default: https://api.openai.com/v1). Include the ``/v1`` path prefix if required by your provider.
+  * **API Key File**: Path to a file containing your OpenAI API key (obtain from https://platform.openai.com/). This path refers to the filesystem where the pgAdmin server is running (e.g., inside the container if using Docker). The ``~`` prefix is expanded to the home directory of the user running the pgAdmin server process. Optional when using a custom URL with a provider that does not require authentication.
+  * **Model**: Select from available GPT models (e.g., gpt-4).
+
+**Ollama**
+  Use locally-hosted open-source models via Ollama. Requires a running Ollama instance.
+
+  * **API URL**: The URL of your Ollama server (default: http://localhost:11434).
+  * **Model**: Enter the name of the Ollama model to use (e.g., llama2, mistral).
+
+**Docker Model Runner**
+  Use models running in Docker Desktop's built-in model runner (available in Docker Desktop 4.40+).
+  No API key is required.
+
+  * **API URL**: The URL of the Docker Model Runner API (default: http://localhost:12434).
+  * **Model**: Select from available models or enter a custom model name.
+
+.. note:: You can also use the *OpenAI* provider with a custom API URL for any
+   OpenAI-compatible endpoint, including Docker Model Runner and other local
+   inference servers.
+
+After configuring your provider, click *Save* to apply the changes.
+
+
+Security Reports
+****************
+
+Security Reports analyze your PostgreSQL server, database, or schema for potential
+security vulnerabilities and configuration issues.
+
+To generate a security report:
+
+1. In the *Browser* tree, select a server, database, or schema.
+
+2. Choose *Tools → AI Reports → Security* from the menu, or right-click the
+   object and select *Security* from the context menu.
+
+3. The report will be generated and displayed in a new tab.
+
+.. image:: images/ai_security_report.png
+    :alt: AI security report
+    :align: center
+
+**Security Report Scope:**
+
+* **Server Level**: Analyzes server configuration, authentication settings, roles, and permissions.
+
+* **Database Level**: Reviews database-specific security settings, roles with database access, and object permissions.
+
+* **Schema Level**: Examines schema permissions, object ownership, and access controls.
+
+Each report includes:
+
+* **Security Findings**: Identified vulnerabilities or security concerns.
+
+* **Risk Assessment**: Severity levels for each finding (Critical, High, Medium, Low).
+
+* **Recommendations**: Specific actions to remediate security issues.
+
+* **Best Practices**: General security recommendations for PostgreSQL.
+
+
+Performance Reports
+*******************
+
+Performance Reports analyze query performance, configuration settings, and provide
+optimization recommendations.
+
+To generate a performance report:
+
+1. In the *Browser* tree, select a server or database.
+
+2. Choose *Tools → AI Reports → Performance* from the menu, or right-click the
+   object and select *Performance* from the context menu.
+
+3. The report will be generated and displayed in a new tab.
+
+**Performance Report Scope:**
+
+* **Server Level**: Analyzes server configuration parameters, resource utilization, and overall server performance metrics.
+
+* **Database Level**: Reviews database-specific configuration, query performance, index usage, and table statistics.
+
+Each report includes:
+
+* **Performance Metrics**: Key performance indicators and statistics.
+
+* **Configuration Analysis**: Review of relevant configuration parameters.
+
+* **Query Optimization**: Recommendations for improving slow queries.
+
+* **Index Recommendations**: Suggestions for adding, removing, or modifying indexes.
+
+* **Capacity Planning**: Resource utilization trends and recommendations.
+
+
+Design Review Reports
+*********************
+
+Design Review Reports analyze your database schema structure and suggest
+improvements for normalization, naming conventions, and best practices.
+
+To generate a design review report:
+
+1. In the *Browser* tree, select a database or schema.
+
+2. Choose *Tools → AI Reports → Design* from the menu, or right-click the
+   object and select *Design* from the context menu.
+
+3. The report will be generated and displayed in a new tab.
+
+**Design Review Scope:**
+
+* **Database Level**: Reviews overall database structure, schema organization, and cross-schema dependencies.
+
+* **Schema Level**: Analyzes tables, views, functions, and other objects within the schema.
+
+Each report includes:
+
+* **Schema Structure Analysis**: Review of table structures, relationships, and constraints.
+
+* **Normalization Review**: Recommendations for database normalization (1NF, 2NF, 3NF, etc.).
+
+* **Naming Conventions**: Suggestions for consistent naming patterns.
+
+* **Data Type Usage**: Review of data type choices and recommendations.
+
+* **Index Design**: Analysis of indexing strategy.
+
+* **Best Practices**: General PostgreSQL schema design recommendations.
+
+
+Working with Reports
+********************
+
+All AI reports are displayed in a dedicated panel with the following features:
+
+**Report Display**
+  Reports are formatted as Markdown and rendered with syntax highlighting for SQL code.
+
+**Toolbar Actions**
+
+  * **Stop** - Cancel the current report generation. This is useful if the report
+    is taking too long or if you want to change parameters.
+
+  * **Regenerate** - Generate a new report for the same object. Useful when you
+    want to get a fresh analysis or if data has changed.
+
+  * **Download** - Download the report as a Markdown (.md) file. The filename
+    includes the report type, object name, and date for easy identification.
+
+**Multiple Reports**
+  You can generate and view multiple reports simultaneously. Each report opens in
+  a new tab, allowing you to compare reports across different servers, databases,
+  or schemas.
+
+**Report Management**
+  Each report tab can be closed individually by clicking the *X* in the tab.
+  Panel titles show the object name and report type for easy identification.
+
+**Copying Content**
+  You can select and copy text from reports to use in documentation or share with
+  your team.
+
+
+Troubleshooting
+***************
+
+**"AI features are disabled in the server configuration"**
+  The administrator has disabled AI features on the server. Contact your
+  pgAdmin administrator to enable the ``LLM_ENABLED`` configuration option.
+
+**"Please configure an LLM provider in Preferences"**
+  You need to configure an LLM provider before using AI Reports. See *Configuring AI Reports* above.
+
+**"Please connect to the server/database first"**
+  You must establish a connection to the server or database before generating reports.
+
+**API Connection Errors**
+  * Verify your API key is correct (for Anthropic and OpenAI).
+  * Check your internet connection (for cloud providers).
+  * For Ollama, ensure the Ollama server is running and accessible.
+  * For Docker Model Runner, ensure Docker Desktop 4.40+ is running with the model runner enabled.
+  * Check that your firewall allows connections to the LLM provider's API.
+
+**Report Generation Fails**
+  * Check the pgAdmin logs for detailed error messages.
+  * Verify the database connection is still active.
+  * Ensure the selected model is available for your account/subscription.

docs/en_US/backup_dialog.rst

@@ -77,13 +77,13 @@ tab to provide options related to data or pgAdmin objects that correspond to *pg
 * Move switches in the **Sections** field box to select a portion of the object
   that will be backed up.
 
-   * Move the switch next to *Pre-data* towards right position to include all
+   * Move the switch next to *Pre-data* to the *Yes* position to include all
      data definition items not included in the data or post-data item lists.
 
-   * Move the switch next to *Data* towards right position to backup actual table
+   * Move the switch next to *Data* to the *Yes* position to backup actual table
      data, large-object contents, and sequence values.
 
-   * Move the switch next to *Post-data* towards right position to include
+   * Move the switch next to *Post-data* to the *Yes* position to include
      definitions of indexes, triggers, rules, and constraints other than
      validated check constraints.
 
@@ -94,13 +94,13 @@ tab to provide options related to data or pgAdmin objects that correspond to *pg
 * Move switches in the **Type of objects** field box to specify details about
   the type of objects that will be backed up.
 
-   * Move the switch next to *Only data* towards right position to limit the back
+   * Move the switch next to *Only data* to the *Yes* position to limit the back
      up to data.
 
    * Move the switch next to *Only schemas* to limit the back up to schema-level
      database objects.
 
-   * Move the switch next to *Blobs* towards left position to exclude large
+   * Move the switch next to *Blobs* to the *No* position to exclude large
      objects in the backup.
 
 .. image:: images/backup_do_not_save.png
@@ -110,36 +110,36 @@ tab to provide options related to data or pgAdmin objects that correspond to *pg
 * Move switches in the **Do not save** field box to select the objects that will
   not be included in the backup.
 
-   * Move the switch next to *Owner* towards right position to exclude commands
+   * Move the switch next to *Owner* to the *Yes* position to exclude commands
      that set object ownership.
 
-   * Move the switch next to *Privileges* towards right position to exclude
+   * Move the switch next to *Privileges* to the *Yes* position to exclude
      commands that create access privileges.
 
-   * Move the switch next to *Tablespaces* towards right position to exclude
+   * Move the switch next to *Tablespaces* to the *Yes* position to exclude
      tablespaces.
 
-   * Move the switch next to *Unlogged table data* towards right position to
+   * Move the switch next to *Unlogged table data* to the *Yes* position to
      exclude the contents of unlogged tables.
 
-   * Move the switch next to *Comments* towards right position to exclude
+   * Move the switch next to *Comments* to the *Yes* position to exclude
      commands that set the comments. **Note:** This option is visible only for
      database server greater than or equal to 11.
 
-   * Move the switch next to *Publications* towards right position to exclude
+   * Move the switch next to *Publications* to the *Yes* position to exclude
      publications.
 
-   * Move the switch next to *Subscriptions* towards right position to exclude
+   * Move the switch next to *Subscriptions* to the *Yes* position to exclude
      subscriptions.
 
-   * Move the switch next to *Security labels* towards right position to exclude
+   * Move the switch next to *Security labels* to the *Yes* position to exclude
      Security labels.
 
-   * Move the switch next to *Toast compressions* towards right position to exclude
+   * Move the switch next to *Toast compressions* to the *Yes* position to exclude
      Toast compressions. **Note:** This option is visible only for
      database server greater than or equal to 14.
 
-   * Move the switch next to *Table access methods* towards right position to exclude
+   * Move the switch next to *Table access methods* to the *Yes* position to exclude
      Table access methods. **Note:** This option is visible only for
      database server greater than or equal to 15.
 
@@ -150,7 +150,7 @@ tab to provide options related to data or pgAdmin objects that correspond to *pg
 Click the *Query Options* tab to continue. Use these additional fields to specify
 the type of statements that should be included in the backup.
 
-   * Move the switch next to *Use INSERT commands* towards right position to
+   * Move the switch next to *Use INSERT commands* to the *Yes* position to
      dump the data in the form of INSERT statements rather than using a COPY
      command.  Please note: this may make restoration from backup slow.
 
@@ -165,16 +165,16 @@ the type of statements that should be included in the backup.
      **Note:** This option is visible only for database server greater than or
      equal to 12.
 
-   * Move the switch next to *Include CREATE DATABASE statement* towards right
+   * Move the switch next to *Include CREATE DATABASE statement* to the *Yes*
      position to include a command in the backup that creates a new database
      when restoring the backup.
 
-   * Move the switch next to *Include DROP DATABASE statement* towards right
+   * Move the switch next to *Include DROP DATABASE statement* to the *Yes*
      position to include a command in the backup that will drop any existing
      database object with the same name before recreating the object during a
      backup.
 
-   * Move the switch next to *Include IF EXISTS clause* towards right
+   * Move the switch next to *Include IF EXISTS clause* to the *Yes*
      position to add an IF EXISTS clause to drop databases and other objects.
      This option is not valid unless *Include DROP DATABASE statement* is also set.
 
@@ -185,17 +185,17 @@ the type of statements that should be included in the backup.
 Click the *Table Options* tab to continue. Use the fields in the *Table Options*
 tab related to tables that should be included in the backup.
 
-   * Move the switch next to *Use Column INSERTS* towards right position to dump
+   * Move the switch next to *Use Column INSERTS* to the *Yes* position to dump
      the data in the form of INSERT statements and include explicit column
      names. Please note: this may make restoration from backup slow.
 
-   * Move the switch next to *Load via partition root* towards right position,
+   * Move the switch next to *Load via partition root* to the *Yes* position,
      so when dumping a COPY or INSERT statement for a partitioned table, target
      the root of the partitioning hierarchy which contains it rather than the
      partition itself. **Note:** This option is visible only for database server
      greater than or equal to 11.
 
-   * Move the switch next to *Enable row security* towards right position to
+   * Move the switch next to *Enable row security* to the *Yes* position to
      set row_security to on instead, allowing the user to dump the parts of the
      contents of the table that they have access to. This option is relevant
      only when dumping the contents of a table which has row security.
@@ -235,10 +235,10 @@ tab to provide other backup options.
   that should be excluded from the backup.
 
    * Move the switch next to *Triggers* (active when creating a data-only backup)
-     towards right position to include commands that will disable triggers on the
+     to the *Yes* position to include commands that will disable triggers on the
      target table while the data is being loaded.
 
-   * Move the switch next to *$ quoting* towards right position to enable dollar
+   * Move the switch next to *$ quoting* to the *Yes* position to enable dollar
      quoting within function bodies; if disabled, the function body will be
      quoted using SQL standard string syntax.
 
@@ -249,13 +249,13 @@ tab to provide other backup options.
 * Move switches in the **Miscellaneous** field box to specify miscellaneous
   backup options.
 
-   * Move the switch next to *Verbose messages* towards left position to instruct
+   * Move the switch next to *Verbose messages* to the *No* position to instruct
      *pg_dump* to exclude verbose messages.
 
-   * Move the switch next to *Force double quotes on identifiers* towards right
+   * Move the switch next to *Force double quotes on identifiers* to the *Yes*
      position to force the quoting of all identifiers.
 
-   * Move the switch next to *Use SET SESSION AUTHORIZATION* towards right
+   * Move the switch next to *Use SET SESSION AUTHORIZATION* to the *Yes*
      position to include a statement that will use a SET SESSION AUTHORIZATION
      command to determine object ownership (instead of an ALTER OWNER command).
 
@@ -265,9 +265,9 @@ tab to provide other backup options.
    * Use the *Extra float digits* field to use the specified value when dumping
      floating-point data, instead of the maximum available precision.
 
-   * Use the *Lock wait timeout* field to do not wait forever to acquire shared
-     table locks at the beginning of the dump. Instead, fail if unable to lock a
-     table within the specified timeout.
+   * Use the *Lock wait timeout* field to specify a timeout rather than waiting
+     indefinitely to acquire shared table locks at the beginning of the dump.
+     If unable to lock a table within the specified timeout, the operation will fail.
 
 Click the *Objects* tab to continue.
 
@@ -287,6 +287,6 @@ command:
 
 * Click the *Cancel* button to exit without saving work.
 
-pgAdmin will run the backup process in background. You can view all the background
-process with there running status and logs on the :ref:`Processes <processes>`
-tab
+pgAdmin will run the backup process in the background. You can view all the background
+processes with their running status and logs on the :ref:`Processes <processes>`
+tab.

docs/en_US/backup_globals_dialog.rst

@@ -34,6 +34,6 @@ statements that should be included in the backup.
 Click the *Backup* button to build and execute a command based on your
 selections; click the *Cancel* button to exit without saving work.
 
-pgAdmin will run the backup process in background. You can view all the background
-process with there running status and logs on the :ref:`Processes <processes>`
-tab
+pgAdmin will run the backup process in the background. You can view all the background
+processes with their running status and logs on the :ref:`Processes <processes>`
+tab.

docs/en_US/backup_server_dialog.rst

@@ -34,7 +34,7 @@ tab to provide options related to data or pgAdmin objects that correspond to *pg
 * Move switches in the **Type of objects** field box to specify details about
   the type of objects that will be backed up.
 
-   * Move the switch next to *Only data* towards right position to limit the back
+   * Move the switch next to *Only data* to the *Yes* position to limit the back
      up to data.
 
    * Move the switch next to *Only schemas* to limit the back up to schema-level
@@ -52,39 +52,39 @@ tab to provide options related to data or pgAdmin objects that correspond to *pg
 * Move switches in the **Do not save** field box to select the objects that will
   not be included in the backup.
 
-   * Move the switch next to *Owner* towards right position to exclude commands
+   * Move the switch next to *Owner* to the *Yes* position to exclude commands
      that set object ownership.
 
-   * Move the switch next to *Role passwords* towards right position to exclude
+   * Move the switch next to *Role passwords* to the *Yes* position to exclude
      passwords for roles.
 
-   * Move the switch next to *Privileges* towards right position to exclude
+   * Move the switch next to *Privileges* to the *Yes* position to exclude
      commands that create access privileges.
 
-   * Move the switch next to *Tablespaces* towards right position to exclude
+   * Move the switch next to *Tablespaces* to the *Yes* position to exclude
      tablespaces.
 
-   * Move the switch next to *Unlogged table data* towards right position to
+   * Move the switch next to *Unlogged table data* to the *Yes* position to
      exclude the contents of unlogged tables.
 
-   * Move the switch next to *Comments* towards right position to exclude
+   * Move the switch next to *Comments* to the *Yes* position to exclude
      commands that set the comments. **Note:** This option is visible only for
      database server greater than or equal to 11.
 
-   * Move the switch next to *Publications* towards right position to exclude
+   * Move the switch next to *Publications* to the *Yes* position to exclude
      publications.
 
-   * Move the switch next to *Subscriptions* towards right position to exclude
+   * Move the switch next to *Subscriptions* to the *Yes* position to exclude
      subscriptions.
 
-   * Move the switch next to *Security labels* towards right position to exclude
+   * Move the switch next to *Security labels* to the *Yes* position to exclude
      Security labels.
 
-   * Move the switch next to *Toast compressions* towards right position to exclude
+   * Move the switch next to *Toast compressions* to the *Yes* position to exclude
      Toast compressions. **Note:** This option is visible only for
      database server greater than or equal to 14.
 
-   * Move the switch next to *Table access methods* towards right position to exclude
+   * Move the switch next to *Table access methods* to the *Yes* position to exclude
      Table access methods. **Note:** This option is visible only for
      database server greater than or equal to 15.
 
@@ -95,7 +95,7 @@ tab to provide options related to data or pgAdmin objects that correspond to *pg
 Click the *Query Options* tab to continue. Use these additional fields to specify
 the type of statements that should be included in the backup.
 
-   * Move the switch next to *Use INSERT commands* towards right position to
+   * Move the switch next to *Use INSERT commands* to the *Yes* position to
      dump the data in the form of INSERT statements rather than using a COPY
      command.  Please note: this may make restoration from backup slow.
 
@@ -110,12 +110,12 @@ the type of statements that should be included in the backup.
      **Note:** This option is visible only for database server greater than or
      equal to 12.
 
-   * Move the switch next to *Include DROP DATABASE statement* towards right
+   * Move the switch next to *Include DROP DATABASE statement* to the *Yes*
      position to include a command in the backup that will drop any existing
      database object with the same name before recreating the object during a
      backup.
 
-   * Move the switch next to *Include IF EXISTS clause* towards right
+   * Move the switch next to *Include IF EXISTS clause* to the *Yes*
      position to add an IF EXISTS clause to drop databases and other objects.
      This option is not valid unless *Include DROP DATABASE statement* is also set.
 
@@ -126,11 +126,11 @@ the type of statements that should be included in the backup.
 Click the *Table Options* tab to continue. Use the fields in the *Table Options*
 tab related to tables that should be included in the backup.
 
-   * Move the switch next to *Use Column INSERTS* towards right position to dump
+   * Move the switch next to *Use Column INSERTS* to the *Yes* position to dump
      the data in the form of INSERT statements and include explicit column
      names. Please note: this may make restoration from backup slow.
 
-   * Move the switch next to *Load via partition root* towards right position,
+   * Move the switch next to *Load via partition root* to the *Yes* position,
      so when dumping a COPY or INSERT statement for a partitioned table, target
      the root of the partitioning hierarchy which contains it rather than the
      partition itself. **Note:** This option is visible only for database server
@@ -147,10 +147,10 @@ tab to provide other backup options.
   that should be excluded from the backup.
 
    * Move the switch next to *Triggers* (active when creating a data-only backup)
-     towards right position to include commands that will disable triggers on the
+     to the *Yes* position to include commands that will disable triggers on the
      target table while the data is being loaded.
 
-   * Move the switch next to *$ quoting* towards right position to enable dollar
+   * Move the switch next to *$ quoting* to the *Yes* position to enable dollar
      quoting within function bodies; if disabled, the function body will be
      quoted using SQL standard string syntax.
 
@@ -161,13 +161,13 @@ tab to provide other backup options.
 * Move switches in the **Miscellaneous** field box to specify miscellaneous
   backup options.
 
-   * Move the switch next to *Verbose messages* towards left position to instruct
+   * Move the switch next to *Verbose messages* to the *No* position to instruct
      *pg_dumpall* to exclude verbose messages.
 
-   * Move the switch next to *Force double quotes on identifiers* towards right
+   * Move the switch next to *Force double quotes on identifiers* to the *Yes*
      position to force the quoting of all identifiers.
 
-   * Move the switch next to *Use SET SESSION AUTHORIZATION* towards right
+   * Move the switch next to *Use SET SESSION AUTHORIZATION* to the *Yes*
      position to include a statement that will use a SET SESSION AUTHORIZATION
      command to determine object ownership (instead of an ALTER OWNER command).
 
@@ -177,9 +177,9 @@ tab to provide other backup options.
    * Use the *Extra float digits* field to use the specified value when dumping
      floating-point data, instead of the maximum available precision.
 
-   * Use the *Lock wait timeout* field to do not wait forever to acquire shared
-     table locks at the beginning of the dump. Instead, fail if unable to lock a
-     table within the specified timeout.
+   * Use the *Lock wait timeout* field to specify a timeout rather than waiting
+     indefinitely to acquire shared table locks at the beginning of the dump.
+     If unable to lock a table within the specified timeout, the operation will fail.
 
 When you’ve specified the details that will be incorporated into the pg_dumpall
 command:
@@ -189,6 +189,6 @@ command:
 
 * Click the *Cancel* button to exit without saving work.
 
-pgAdmin will run the backup process in background. You can view all the background
-process with there running status and logs on the :ref:`Processes <processes>`
-tab
+pgAdmin will run the backup process in the background. You can view all the background
+processes with their running status and logs on the :ref:`Processes <processes>`
+tab.

docs/en_US/cloud_aws_rds.rst

@@ -91,8 +91,8 @@ button to deploy the instance on Amazon RDS.
 
 Once you click on the finish, one background process will start which will
 deploy the instance in the cloud and monitor the progress of the deployment.
-You can view all the background process with there running status and logs
-on the :ref:`Processes <processes>` tab
+You can view all the background processes with their running status and logs
+on the :ref:`Processes <processes>` tab.
 
 The Server will be added to the tree with the cloud deployment icon. Once the
 deployment is done, the server details will be updated.

docs/en_US/cloud_azure_database.rst

@@ -107,8 +107,8 @@ button to deploy the instance on Azure Database.
 
 Once you click on the finish, one background process will start which will
 deploy the instance in the cloud and monitor the progress of the deployment.
-You can view all the background process with there running status and logs
-on the :ref:`Processes <processes>` tab
+You can view all the background processes with their running status and logs
+on the :ref:`Processes <processes>` tab.
 
 .. image:: images/cloud_azure_bg_process_watcher.png
     :alt: Cloud Deployment

docs/en_US/cloud_edb_biganimal.rst

@@ -103,8 +103,8 @@ button to deploy the instance on EDB BigAnimal.
 
 Once you click on the finish, one background process will start which will
 deploy the instance in the cloud and monitor the progress of the deployment.
-You can view all the background process with there running status and logs
-on the :ref:`Processes <processes>` tab
+You can view all the background processes with their running status and logs
+on the :ref:`Processes <processes>` tab.
 
 The Server will be added to the tree with the cloud deployment icon. Once the
 deployment is done, the server details will be updated.

docs/en_US/cloud_google_cloud_sql.rst

@@ -105,8 +105,8 @@ button to deploy the instance on Azure PostgreSQL.
 
 Once you click on the finish, one background process will start which will
 deploy the instance in the cloud and monitor the progress of the deployment.
-You can view all the background process with there running status and logs
-on the :ref:`Processes <processes>` tab
+You can view all the background processes with their running status and logs
+on the :ref:`Processes <processes>` tab.
 
 
 The Server will be added to the tree with the cloud deployment icon. Once the

docs/en_US/code_review.rst

@@ -16,7 +16,7 @@ review process for any changes submitted for inclusion in pgAdmin.
   bulk updates every year). The start date should always be 2013, and the end year
   the current year, e.g.
 
-    Copyright (C) 2013 - 2025, The pgAdmin Development Team
+    Copyright (C) 2013 - 2026, The pgAdmin Development Team
 
 * Ensure there's a blank line immediately following any copyright headers.
 

docs/en_US/coding_standards.rst

@@ -120,7 +120,7 @@ with the required file header is shown below::
     #
     # pgAdmin 4 - PostgreSQL Tools
     #
-    # Copyright (C) 2013 - 2025, The pgAdmin Development Team
+    # Copyright (C) 2013 - 2026, The pgAdmin Development Team
     # This software is released under the PostgreSQL Licence
     #
     ##########################################################################

docs/en_US/collation_dialog.rst

@@ -57,7 +57,7 @@ settings:
   deterministic comparisons. By default, this option is set to true. In a
   deterministic comparison, strings that are not byte-wise equal are considered
   unequal, even if they are considered logically equal in the comparison.
-* Use the *Rules* field to specify a rules for customizing the behavior of the collation.
+* Use the *Rules* field to specify rules for customizing the behavior of the collation.
   It includes considerations such as character ordering, case sensitivity, and accent
   sensitivity.
 * Use the *Version* field to specify version string to store with the collation object.
@@ -65,8 +65,8 @@ settings:
 
 Click the *SQL* tab to continue.
 
-Your entries in the *Collation* dialog generate a SQL command (see an example b
-elow). Use the *SQL* tab for review; revisit or switch tabs to make any changes
+Your entries in the *Collation* dialog generate a SQL command (see an example
+below). Use the *SQL* tab for review; revisit or switch tabs to make any changes
 to the SQL command.
 
 Example
@@ -80,7 +80,7 @@ the *Collation* dialog:
     :align: center
 
 The example shown demonstrates creating a collation named *french* that uses the
-rules specified for the locale, *fr-BI-x-icu.  The collation is owned by
+rules specified for the locale, *fr-BI-x-icu*.  The collation is owned by
 *postgres*.
 
 * Click the *Info* button (i) to access online help. For more information about

docs/en_US/column_dialog.rst

@@ -144,7 +144,7 @@ the *Add* icon (+) to add each security label selection:
 
 * Specify a security label provider in the *Provider* field. The named provider
   must be loaded and must consent to the proposed labeling operation.
-* Specify a a security label in the *Security Label* field. The meaning of a
+* Specify a security label in the *Security Label* field. The meaning of a
   given label is at the discretion of the label provider. PostgreSQL places no
   restrictions on whether or how a label provider must interpret security
   labels; it merely provides a mechanism for storing them.

docs/en_US/database_dialog.rst

@@ -63,7 +63,7 @@ Use the *Definition* tab to set properties for the database:
 * Specify a connection limit in the *Connection Limit* field to configure the
   maximum number of connection requests. The default value (*-1*) allows
   unlimited connections to the database.
-* If the *templates?* is set to true, then database will be a template database.
+* If *Template?* is set to *Yes*, the database will be a template database.
 
 Click the *Security* tab to continue.
 
@@ -89,7 +89,7 @@ database. Click the *Add* icon (+) to add each security label selection:
 
 * Specify a security label provider in the *Provider* field. The named provider
   must be loaded and must consent to the proposed labeling operation.
-* Specify a a security label in the *Security Label* field. The meaning of a
+* Specify a security label in the *Security Label* field. The meaning of a
   given label is at the discretion of the label provider. PostgreSQL places no
   restrictions on whether or how a label provider must interpret security
   labels; it merely provides a mechanism for storing them.
@@ -125,8 +125,8 @@ Use the *Advanced* tab to set advanced parameters for the database.
 
 * Use *Schema restriction* field to provide a SQL restriction that will be used
   against the pg_namespace table to limit the schemas that you see.
-  For example, you might enter: *public* so that only *public* are shown in
-  the pgAdmin browser.Separate entries with a comma or tab as you type.
+  For example, you might enter: *public* so that only *public* is shown in
+  the pgAdmin browser. Separate entries with a comma or tab as you type.
 
 Click the *SQL* tab to continue.
 

docs/en_US/developer_tools.rst

@@ -17,3 +17,4 @@ PL/SQL code.
    schema_diff
    erd_tool
    psql_tool
+   ai_tools

docs/en_US/domain_dialog.rst

@@ -89,7 +89,7 @@ Use the *Security Labels* panel to assign security labels. Click the *Add* icon
 
 * Specify a security label provider in the *Provider* field. The named provider
   must be loaded and must consent to the proposed labeling operation.
-* Specify a a security label in the *Security Label* field. The meaning of a
+* Specify a security label in the *Security Label* field. The meaning of a
   given label is at the discretion of the label provider. PostgreSQL places no
   restrictions on whether or how a label provider must interpret security
   labels; it merely provides a mechanism for storing them.

docs/en_US/editgrid.rst

@@ -49,7 +49,7 @@ To modify the displayed data:
 * To change a numeric value within the grid, double-click the value to select
   the field.  Modify the content in the square in which it is displayed.
 * To change a non-numeric value within the grid, double-click the content to
-  access the edit bubble.  After modifying the contentof the edit bubble, click
+  access the edit bubble.  After modifying the content of the edit bubble, click
   the *Ok* button to display your changes in the data grid, or *Cancel* to
   exit the edit bubble without saving.
 
@@ -62,7 +62,7 @@ table. As soon as you store the data, the row is assigned a row number, and a
 fresh empty line is added to the data grid.
 
 To write a SQL NULL to the table, simply leave the field empty. When you store
-the new row, the will server fill in the default value for that column. If you
+the new row, the server will fill in the default value for that column. If you
 store a change to an existing row, the value NULL will explicitly be written.
 
 To write an empty string to the table, enter the special string '' (two single
@@ -110,9 +110,9 @@ properties of the geometries directly in map, just click the specific geometry:
 
 **JSON Data Editor**
 
-A built in json editor is provided for *JSON/JSONB Data*.Double clicking on json/jsonb
-data type cell in data grid will open JSON Editor.Editor provides different mode to
-view and edit json data.
+A built-in JSON editor is provided for *JSON/JSONB Data*. Double-clicking on a JSON/JSONB
+data type cell in the data grid will open the JSON Editor. The editor provides different modes to
+view and edit JSON data.
 
 
 .. image:: images/json_editor_modes.png
@@ -120,21 +120,21 @@ view and edit json data.
     :align: center
 
 *Code Mode*:
-Provides way to format & compact json data.Also provides ability to repair json data
-by fixing quotes and escape characters, removing comments and JSONP notation and
-turn JavaScript objects into JSON.
+Provides a way to format and compact JSON data. Also provides the ability to repair JSON data
+by fixing quotes and escape characters, removing comments and JSONP notation, and
+turning JavaScript objects into JSON.
 
 *Tree Mode*:
-Enabled to change, add, move, remove, and duplicate fields and values.Provides ability
-to searh & hilight data.
+Enables changing, adding, moving, removing, and duplicating fields and values. Provides the ability
+to search and highlight data.
 
 *Form Mode*:
-Allows only to edit values in json data there by providing ability to keep data structure
+Allows editing only the values in JSON data, thereby providing the ability to keep the data structure
 unchanged while editing.
 
 *Preview Mode*:
-Provides ability to check data before saving and also shows size of current json data.
-Format and compact json data as well.
+Provides the ability to check data before saving and also shows the size of the current JSON data.
+Allows formatting and compacting JSON data as well.
 
 
 *Editor Toolbar*
@@ -170,18 +170,18 @@ Tree/Form mode:
    +----------------------+----------------------------------------------------------------------------------------+---------------------------+
    | *Transform*          | Click to *Transform*  to filter data  using JSME query language.                       | Code, Preview, Tree       |
    +----------------------+----------------------------------------------------------------------------------------+---------------------------+
-   | *Undo*               | Click to *Undo* to undo last action performed on data .                                | Code, Preview, Tree, From |
+   | *Undo*               | Click to *Undo* to undo last action performed on data.                                 | Code, Preview, Tree, Form |
    +----------------------+----------------------------------------------------------------------------------------+---------------------------+
-   | *Redo*               | Click to *Redo* to repat last action performed on data .                               | Code, Preview, Tree, From |
+   | *Redo*               | Click to *Redo* to repeat last action performed on data.                               | Code, Preview, Tree, Form |
    +----------------------+----------------------------------------------------------------------------------------+---------------------------+
-   | *Mode*               | Click to *Mode* dropdown to change dipaly mode of editor.Different modes avaialble     | Code, Tree, From, Preview |
-   |                      | are Code, Preview, Tree, From.                                                         |                           |
+   | *Mode*               | Click the *Mode* dropdown to change the display mode of the editor. Different modes    | Code, Tree, Form, Preview |
+   |                      | available are Code, Preview, Tree, and Form.                                           |                           |
    +----------------------+----------------------------------------------------------------------------------------+---------------------------+
-   | *Expand All*         | Click to *Expand All* to expand json data.                                             | Tree, From                |
+   | *Expand All*         | Click *Expand All* to expand JSON data.                                                | Tree, Form                |
    +----------------------+----------------------------------------------------------------------------------------+---------------------------+
-   | *Collapse All*       | Click to *Redo* to collapse json data.                                                 | Tree, From                |
+   | *Collapse All*       | Click *Collapse All* to collapse JSON data.                                            | Tree, Form                |
    +----------------------+----------------------------------------------------------------------------------------+---------------------------+
-   | *Search Box*         | Enter partial/complete string to search in data.                                       | Tree, From                |
+   | *Search Box*         | Enter partial/complete string to search in data.                                       | Tree, Form                |
    +----------------------+----------------------------------------------------------------------------------------+---------------------------+
 
 
@@ -235,6 +235,6 @@ A View/Edit Data tab can be converted to a Query Tool Tab just by editing the qu
     :alt: Promote View/Edit Data tab to Query Tool tab warning
     :align: center
 
-You can disable the dialog by selecting the "Don't Ask again" checkbox. If you wish to resume the confirmation dialog, you can do it from "Prefrences -> Query Tool -> Editor -> Show View/Edit Data Promotion Warning?"
+You can disable the dialog by selecting the "Don't Ask again" checkbox. If you wish to resume the confirmation dialog, you can do it from "Preferences -> Query Tool -> Editor -> Show View/Edit Data Promotion Warning?"
 
 Once you chose to continue, you won't be able to use the features of View/Edit mode like the filter and sorting options, limit, etc. It is a one-way conversion. It will be a query tool now.

docs/en_US/erd_tool.rst

@@ -72,7 +72,7 @@ Export Options
    |                      | You can select the option *With DROP Table* if you wish to have DROP Table DDL statements before  |                |
    |                      | each CREATE Table DDL. You can see the option by clicking the down arrow beside the SQL button.   |                |
    +----------------------+---------------------------------------------------------------------------------------------------+----------------+
-   | *Download image*     | Click the *Download image* icon to save the ERD diagram in a image formate                        | Option/Alt +   |
+   | *Download image*     | Click the *Download image* icon to save the ERD diagram in an image format.                       | Option/Alt +   |
    |                      |                                                                                                   | Ctrl + I       |
    +----------------------+---------------------------------------------------------------------------------------------------+----------------+
 
@@ -135,7 +135,7 @@ Node Color Options
    | Icon                 | Behavior                                                                                                 |
    +======================+==========================================================================================================+
    | *Fill Color*         | Use Fill Color to change the background color of a table node. This is helpful if you want to            |
-   |                      | identify a of group tables. Once set, all the newly added tables will take the same color.               |
+   |                      | identify a group of tables. Once set, all the newly added tables will take the same color.               |
    +----------------------+----------------------------------------------------------------------------------------------------------+
    | *Text Color*         | Use Text Color to change the text color of a table node based on the fill color to make text             |
    |                      | easily readable.                                                                                         |
@@ -154,7 +154,7 @@ Utility Options
    | *Add/Edit note*         | Click this button to make notes on tables nodes while designing the database.                  | Option/Alt +   |
    |                         |                                                                                                | Ctrl + N       |
    +-------------------------+------------------------------------------------------------------------------------------------+----------------+
-   | *Auto align*            | Click this button to auto align all tables and links to make it look more cleaner.             | Option/Alt +   |
+   | *Auto align*            | Click this button to auto-align all tables and links to make them look cleaner.                | Option/Alt +   |
    |                         |                                                                                                | Ctrl + L       |
    +-------------------------+------------------------------------------------------------------------------------------------+----------------+
    | *Show details*          | Click this button to toggle the column details visibility. It allows you to show few or more   | Option/Alt +   |
@@ -194,7 +194,7 @@ Table Dialog
 The table dialog allows you to:
 
 * Change the table structure details.
-* It can be used edit an existing table or add a new one.
+* It can be used to edit an existing table or add a new one.
 * Refer :ref:`table dialog <table_dialog>` for information on different fields.
 
 Table Node
@@ -206,11 +206,11 @@ Table Node
 
 The table node shows table details in a graphical representation:
 
-* The top bar has a *details toggle button* that is used to toggle column details visibility. There is also a *note button* that is visible only if there is some note added. you can click on this button to quickly change the note.
+* The top bar has a *details toggle button* that is used to toggle column details visibility. There is also a *note button* that is visible only if there is some note added. You can click on this button to quickly change the note.
 * The first row shows the schema name of the table. Eg. *public* in above image.
 * The second row shows the table name. Eg. *users* in above image.
 * All other rows below the table name are the columns of the table along with data type. If the column is a primary key then it will have lock key icon eg. id is the primary key in above image. Otherwise, it will have column icon.
-* you can click on the node and drag to move on the canvas.
+* You can click on the node and drag to move on the canvas.
 * Upon double click on the table node or by clicking the edit button from the toolbar, the table dialog opens where you can change the table details. Refer :ref:`table dialog <table_dialog>` for information on different fields.
 
 The One to One Link Dialog
@@ -225,7 +225,7 @@ The one to one link dialog allows you to:
 * Add a one to one relationship between two tables.
 * *Local Table* is the table that references a table and has the *one* end point.
 * *Local Column* the column that references.
-* *Select Constraint* To implement one to one relationship, the *Local Column* must have primaty key or unique constraint. The default is a unique constraint. Please note that this field is visible only when the selected *Local Column* does not have either of the mentioned constraints.
+* *Select Constraint* To implement a one-to-one relationship, the *Local Column* must have a primary key or unique constraint. The default is a unique constraint. Please note that this field is visible only when the selected *Local Column* does not have either of the mentioned constraints.
 * *Referenced Table* is the table that is being referred and has the *one* end point.
 * *Referenced Column* the column that is being referred.
 
@@ -272,7 +272,7 @@ The table link shows relationship between tables:
 * The single line endpoint of the link shows the column that is being referred.
 * The three line endpoint of the link shows the column that refers.
 * If one of the columns that is being referred or that refers is removed from the table then the link will get dropped.
-* you can click on the link and drag to move on the canvas.
+* You can click on the link and drag to move on the canvas.
 
 
 The Table Notes

docs/en_US/event_trigger_dialog.rst

@@ -67,7 +67,7 @@ in the *Delete Row* popup.
 
 Click the *SQL* tab to continue.
 
-Your entries in the *Event Trigger* dialog generate a generate a SQL command.
+Your entries in the *Event Trigger* dialog generate a SQL command.
 Use the *SQL* tab for review; revisit or switch tabs to make any changes to the
 SQL command.
 

docs/en_US/export_data_using_query.rst

@@ -58,8 +58,8 @@ Click the *Query* tab to continue.
 
 Use the fields in the *Query* tab to write the query that will be exported:
 
-* Use the *Export Data Query* field to specifies A SELECT, VALUES, INSERT, UPDATE,
-  DELETE, or MERGE command whose results are to be copied .
+* Use the *Export Data Query* field to specify a SELECT, VALUES, INSERT, UPDATE,
+  DELETE, or MERGE command whose results are to be copied.
 
 * Use *Force Quote columns* field to forces quoting to be used for all non-NULL
   values in each specified column. NULL output is never quoted. This is a creatable

docs/en_US/extension_dialog.rst

@@ -23,7 +23,7 @@ Use the fields in the *General* tab to identify an extension:
 
 * Use the drop-down listbox in the *Name* field to select the extension. Each
   extension must have a unique name.
-* Move the switch next to *Cascade?* towards right position to automatically
+* Move the switch next to *Cascade?* to the *Yes* position to automatically
   install any extensions that this extension depends on that are not already
   installed.
 * Store notes about the extension in the *Comment* field.

docs/en_US/foreign_table_dialog.rst

@@ -131,7 +131,7 @@ function. Click the *Add* icon (+) to add each security label selection:
 
 * Specify a security label provider in the *Provider* field. The named provider
   must be loaded and must consent to the proposed labeling operation.
-* Specify a a security label in the *Security Label* field. The meaning of a
+* Specify a security label in the *Security Label* field. The meaning of a
   given label is at the discretion of the label provider. PostgreSQL places no
   restrictions on whether or how a label provider must interpret security
   labels; it merely provides a mechanism for storing them.

docs/en_US/function_dialog.rst

@@ -156,7 +156,7 @@ function. Click the *Add* icon (+) to add each security label selection:
 
 * Specify a security label provider in the *Provider* field. The named provider
   must be loaded and must consent to the proposed labeling operation.
-* Specify a a security label in the *Security Label* field. The meaning of a
+* Specify a security label in the *Security Label* field. The meaning of a
   given label is at the discretion of the label provider. PostgreSQL places no
   restrictions on whether or how a label provider must interpret security
   labels; it merely provides a mechanism for storing them.
@@ -167,7 +167,7 @@ in the *Delete Row* popup.
 
 Click the *SQL* tab to continue.
 
-Your entries in the *Function* dialog generate a generate a SQL command (see an
+Your entries in the *Function* dialog generate a SQL command (see an
 example below). Use the *SQL* tab for review; revisit or switch tabs to make any
 changes to the SQL command.
 
@@ -181,8 +181,8 @@ the *Function* dialog:
     :alt: Function dialog sql tab
     :align: center
 
-The example demonstrates creating an *plpgsql* function named *hire_salesmen*. The
-function have three columns (p_ename, p_sal and p_comm).
+The example demonstrates creating a *plpgsql* function named *hire_salesmen*. The
+function has three columns (p_ename, p_sal and p_comm).
 
 * Click the *Info* button (i) to access online help.
 * Click the *Save* button to save work.

docs/en_US/grant_wizard.rst

@@ -46,7 +46,7 @@ Use the fields in the *Privileges Selection* window to grant
 privileges. If you grant a privilege WITH GRANT OPTION, the Grantee will have
 the right to grant privileges on the object to others. If WITH GRANT OPTION is
 subsequently revoked, any role who received access to that object from that
-Grantee (directly or through a chain of grants) will lose thier privileges on
+Grantee (directly or through a chain of grants) will lose their privileges on
 the object.
 
 * Click the *Add* icon (+) to assign a set of privileges.

docs/en_US/import_export_servers.rst

@@ -196,4 +196,4 @@ The following example shows both a minimally defined and a fully defined server:
         }
     }
 
-.. note:: If you're running pgAdmin in Server Mode, the values for parameters that require file paths should be specified relative to the user's home directory which is /<DATA_DIR>/storage/<user_id>/. If DATA_DIR is not specified, then it will /var/libe/pgadmin/storage/<user_id>/
+.. note:: If you're running pgAdmin in Server Mode, the values for parameters that require file paths should be specified relative to the user's home directory which is /<DATA_DIR>/storage/<user_id>/. If DATA_DIR is not specified, then it will be /var/lib/pgadmin/storage/<user_id>/

docs/en_US/index_dialog.rst

@@ -48,6 +48,31 @@ Use the fields in the *Definition* tab to define the index:
     * Select *brin* to create a BRIN index.  A BRIN index may improve
       performance when managing minimum and maximum values and ranges.
 
+* Use the drop-down listbox next to *Depends on extensions* to select the extension 
+  that this index depends on (for example, edbspl). If set, dropping the extension 
+  will automatically drop the index as well.
+* Move the switch next to *Only Table?* to the *Yes* position to create the index
+  only on the parent table without recursing to its partitions. This button will be
+  enabled for partition tables only. The default is *No*.
+* Move the switch next to *Unique?* to the *Yes* position to check for duplicate values
+  in the table when the index is created and when data is added. The default is *No*.
+* Move the switch next to *NULLs not distinct?* to the *Yes* position to treat null values as not distinct. 
+  The default is *No*. This option is available only on PostgreSQL 15 and above.
+* Move the *Clustered?* switch to the *Yes* position to instruct the server to
+  cluster the table.
+* Move the *Concurrent build?* switch to the *Yes* position to build the index
+  without taking any locks that prevent concurrent inserts, updates, or deletes
+  on the table.
+* Use the *Constraint* field to provide a constraint expression; a constraint
+  expression limits the entries in the index to those rows that satisfy the
+  constraint.
+
+Click the *With* tab to continue.
+
+.. image:: images/index_with.png
+    :alt: Index dialog with tab
+    :align: center
+
 * Use the *Fill Factor* field to specify a fill factor for the index. The fill
   factor specifies how full the selected method will try to fill each index
   page.
@@ -57,24 +82,12 @@ Use the fields in the *Definition* tab to define the index:
   for each entry of a BRIN index.
 * Select *Buffering* to specify whether the buffering build technique is used to build the index. The default is
   *Auto*
-* Move the switch next to *Deduplicate items?* towards the *right position* to control usage of the B-tree 
+* Move the switch next to *Deduplicate items?* to the *Yes* position to control usage of the B-tree 
   deduplication technique. The default is *Yes*. This option is available only on PostgreSQL 13 and above.
-* Move the switch next to *Fast update?* towards the *right position* to control usage of the fast update technique. 
+* Move the switch next to *Fast update?* to the *Yes* position to control usage of the fast update technique. 
   The default is *Yes*.
-* Move the switch next to *Autosummarize* towards the *right position* to define whether a summarization run is 
+* Move the switch next to *Autosummarize* to the *Yes* position to define whether a summarization run is 
   queued for the previous page range whenever an insertion is detected on the next one. The default is *No*
-* Move the switch next to *Unique?* towards the *right position* to check for duplicate values
-  in the table when the index is created and when data is added. The default is *No*.
-* Move the switch next to *NULLs not distinct?* towards the *right position* to treat null values as not distinct. 
-  The default is*No*. This option is available only on PostgreSQL 15 and above.
-* Move the *Clustered?* switch to the *Yes* position to instruct the server to
-  cluster the table.
-* Move the *Concurrent build?* switch to the *Yes* position to build the index
-  without taking any locks that prevent concurrent inserts, updates, or deletes
-  on the table.
-* Use the *Constraint* field to provide a constraint expression; a constraint
-  expression limits the entries in the index to those rows that satisfy the
-  constraint.
 
 Click the *Columns* tab to continue.
 

docs/en_US/language_dialog.rst

@@ -64,7 +64,7 @@ function. Click the *Add* icon (+) to add each security label selection:
 
 * Specify a security label provider in the *Provider* field. The named provider
   must be loaded and must consent to the proposed labeling operation.
-* Specify a a security label in the *Security Label* field. The meaning of a
+* Specify a security label in the *Security Label* field. The meaning of a
   given label is at the discretion of the label provider. PostgreSQL places no
   restrictions on whether or how a label provider must interpret security
   labels; it merely provides a mechanism for storing them.

docs/en_US/licence.rst

@@ -13,7 +13,7 @@ documentation is attributed to the
 
 .. topic:: pgAdmin 4
 
-    Copyright (C) 2013 - 2025, The pgAdmin Development Team
+    Copyright (C) 2013 - 2026, The pgAdmin Development Team
 
     Permission to use, copy, modify, and distribute this software and its
     documentation for any purpose, without fee, and without a written agreement is

docs/en_US/maintenance_dialog.rst

@@ -29,31 +29,31 @@ maintenance:
    * Move the *ANALYZE* switch to the *Yes* position to issue ANALYZE commands
      whenever the content of a table has changed sufficiently.
 
-   * Move the *DISABLE PAGE SKIPPING* switch to the *Yes* position to disables
+   * Move the *DISABLE PAGE SKIPPING* switch to the *Yes* position to disable
      all page-skipping behavior.
 
-   * Move the *SKIP LOCKED* switch to the *Yes* position to specifies that
+   * Move the *SKIP LOCKED* switch to the *Yes* position to specify that
      VACUUM should not wait for any conflicting locks to be released when
      beginning work on a relation. This option is available from v12 onwards.
 
-   * Move the *TRUNCATE* switch to the *Yes* position to specifies that VACUUM
+   * Move the *TRUNCATE* switch to the *Yes* position to specify that VACUUM
      should attempt to truncate off any empty pages at the end of the table and
      allow the disk space for the truncated pages to be returned to the operating
      system. This option is available from v12 onwards.
 
-   * Move the *PROCESS TOAST* switch to the *Yes* position to specifies that
+   * Move the *PROCESS TOAST* switch to the *Yes* position to specify that
      VACUUM should attempt to process the corresponding TOAST table for each
      relation, if one exists. This option is available from v14 onwards.
 
-   * Move the *PROCESS MAIN* switch to the *Yes* position to specifies that
+   * Move the *PROCESS MAIN* switch to the *Yes* position to specify that
      VACUUM should attempt to process the main relation. This option is available
      from v16 onwards.
 
-   * Move the *SKIP DATABASE STATS* switch to the *Yes* position to specifies
+   * Move the *SKIP DATABASE STATS* switch to the *Yes* position to specify
      that VACUUM should skip updating the database-wide statistics about oldest
      unfrozen XIDs. This option is available from v16 onwards.
 
-   * Move the *ONLY DATABASE STATS* switch to the *Yes* position to specifies
+   * Move the *ONLY DATABASE STATS* switch to the *Yes* position to specify
      that VACUUM should do nothing except update the database-wide statistics
      about oldest unfrozen XIDs . This option is available from v16 onwards.
 
@@ -64,7 +64,7 @@ maintenance:
      of VACUUM in parallel using integer background workers. This option is
      available from v13 onwards.
 
-   * Use the *BUFFER USAGE LIMIT* field to specifies the Buffer Access Strategy
+   * Use the *BUFFER USAGE LIMIT* field to specify the Buffer Access Strategy
      ring buffer size for VACUUM. This size is used to calculate the number of
      shared buffers which will be reused as part of this strategy. This option
      is available from v16 onwards
@@ -78,11 +78,11 @@ maintenance:
   This enables the query optimizer to select the fastest query plan for optimal
   performance.
 
-   * Move the *SKIP LOCKED* switch to the *Yes* position to specifies that
+   * Move the *SKIP LOCKED* switch to the *Yes* position to specify that
      ANALYZE should not wait for any conflicting locks to be released when
      beginning work on a relation. This option is available from v12 onwards.
 
-   * Use the *BUFFER USAGE LIMIT* field to specifies the Buffer Access Strategy
+   * Use the *BUFFER USAGE LIMIT* field to specify the Buffer Access Strategy
      ring buffer size for ANALYZE. This size is used to calculate the number of
      shared buffers which will be reused as part of this strategy. This option
      is available from v16 onwards
@@ -103,7 +103,7 @@ maintenance:
      without taking any locks that prevent concurrent inserts, updates, or
      deletes on the table. This option is available from v12 onwards.
 
-   * Use the *TABLESPACE* field to specifies that indexes will be rebuilt on
+   * Use the *TABLESPACE* field to specify that indexes will be rebuilt on
      a new tablespace. This option is available from v14 onwards.
 
 .. image:: images/maintenance_cluster.png
@@ -118,6 +118,6 @@ switch to the *No* position; by default, status messages are included.
 When you've completed the dialog, click *OK* to start the background process;
 to exit the dialog without performing maintenance operations, click *Cancel*.
 
-pgAdmin will run the maintenance process in background. You can view all the background
-process with there running status and logs on the :ref:`Processes <processes>`
+pgAdmin will run the maintenance process in the background. You can view all the background
+processes with their running status and logs on the :ref:`Processes <processes>`
 tab.

docs/en_US/materialized_view_dialog.rst

@@ -10,7 +10,7 @@ the REFRESH MATERIALIZED VIEW command to update the content of a materialized
 view.
 
 The *Materialized View* dialog organizes the development of a materialized_view
-through the following dialog tabs: *General*, *Definition*, *Storage*,
+through the following dialog tabs: *General*, *Definition*, *Code*,
 *Parameter*, and *Security*. The *SQL* tab displays the SQL code generated by
 dialog selections.
 
@@ -31,10 +31,10 @@ Use the fields in the *General* tab to identify the materialized view:
 Click the *Definition* tab to continue.
 
 .. image:: images/materialized_view_definition.png
-    :alt: Materialized view dialog storage tab
+    :alt: Materialized view dialog definition tab
     :align: center
 
-Use the fields in the *Storage* tab to maintain the materialized view:
+Use the fields in the *Definition* tab to maintain the materialized view:
 
 * Move the *With Data* switch to the *Yes* position to specify the materialized
   view should be populated at creation time. If not, the materialized view
@@ -47,11 +47,14 @@ Use the fields in the *Storage* tab to maintain the materialized view:
 * Use the *Fill Factor* field to specify a fill factor for the materialized
   view. The fill factor for a table is a percentage between 10 and 100. 100
   (complete packing) is the default.
+* Use the drop-down listbox next to *Depends on extensions* to select the extension that this materialized view
+  depends on (for example, edbspl). If set, dropping the extension will automatically drop the
+  materialized view as well.
 
 Click the *Code* tab to continue.
 
 .. image:: images/materialized_view_code.png
-    :alt: Materialized view dialog definition tab
+    :alt: Materialized view dialog code tab
     :align: center
 
 Use the text editor field in the *Code* tab to provide the query that will
@@ -101,7 +104,7 @@ selection:
 
 * Specify a security label provider in the *Provider* field. The named provider
   must be loaded and must consent to the proposed labeling operation.
-* Specify a a security label in the *Security Label* field. The meaning of a
+* Specify a security label in the *Security Label* field. The meaning of a
   given label is at the discretion of the label provider. PostgreSQL places no
   restrictions on whether or how a label provider must interpret security
   labels; it merely provides a mechanism for storing them.

docs/en_US/menu_bar.rst

@@ -5,8 +5,10 @@
 *****************
 
 The pgAdmin menu bar provides drop-down menus for access to options, commands,
-and utilities. The menu bar displays the following selections: *File*, *Object*,
-Tools*, and *Help*. Selections may be grayed out which indicates they are
+and utilities. Its layout adapts based on your deployment: in Web mode,
+you will see *File*, *Object*, *Tools*, and *Help* menus. In Desktop mode,
+the *pgAdmin4* application menu replaces the standard *File* menu.
+Selections may be grayed out which indicates they are
 disabled for the object currently selected in the *pgAdmin* tree control.
 
 The File Menu
@@ -16,7 +18,7 @@ The File Menu
     :alt: pgAdmin file menu bar
     :align: center
 
-Use the *File* menu to access the following options:
+Use the *File* menu available in web mode to access the following options:
 
 +-------------------------+---------------------------------------------------------------------------------------------------------+
 | Option                  | Action                                                                                                  |
@@ -25,8 +27,30 @@ Use the *File* menu to access the following options:
 +-------------------------+---------------------------------------------------------------------------------------------------------+
 | *Reset Layout*          | If you have modified the workspace, click to restore the default layout.                                |
 +-------------------------+---------------------------------------------------------------------------------------------------------+
-| *Runtime*               | Click to open a submenu to Configure, View Log and Zoom settings. Only visible when pgAdmin4 runs in    |
-|                         | desktop mode. To know more about runtime menu :ref:`click here <desktop_deployment>`                    |
+
+
+The pgAdmin4 Menu
+*****************
+
+.. image:: /images/pgadmin4_menu.png
+    :alt: pgAdmin pgadmin4 menu bar
+    :align: center
+
+Use the *pgAdmin4* menu available in desktop mode to access the following options:
+
++-------------------------+---------------------------------------------------------------------------------------------------------+
+| Option                  | Action                                                                                                  |
++=========================+=========================================================================================================+
+| *About pgAdmin 4*       | Provide pgadmin4 configuration information like version, mode etc.                                      |
++-------------------------+---------------------------------------------------------------------------------------------------------+
+| *Preferences/settings*  | Click to open the :ref:`Preferences <preferences>` dialog to customize your pgAdmin settings.           |
++-------------------------+---------------------------------------------------------------------------------------------------------+
+| *Reset Layout*          | If you have modified the workspace, click to restore the default layout.                                |
++-------------------------+---------------------------------------------------------------------------------------------------------+
+| *View Logs*             | This will show current pgadmin4 logs.                                                                   |
++-------------------------+---------------------------------------------------------------------------------------------------------+
+| *Configure runtime*     | Click to open a  window that allows to configure application port, connection timeout to launch the     |
+|                         | application. To know more about runtime menu :ref:`click here <desktop_deployment>`                     |
 +-------------------------+---------------------------------------------------------------------------------------------------------+
 
 The Object Menu
@@ -132,6 +156,12 @@ Use the *Tools* menu to access the following options (in alphabetical order):
 +------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------+
 | *Search Objects...*          | Click to open the :ref:`Search Objects... <search_objects>` and start searching any kind of objects in a database.                        |
 +------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------+
+| *AI Reports*                 | Click to access a submenu with AI-powered analysis options (requires :ref:`AI configuration <ai_tools>`):                                 |
+|                              |                                                                                                                                           |
+|                              | - *Security Report* - Generate an AI-powered security analysis for the selected server, database, or schema.                              |
+|                              | - *Performance Report* - Generate an AI-powered performance analysis for the selected server or database.                                 |
+|                              | - *Design Report* - Generate an AI-powered design review for the selected database or schema.                                             |
++------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------+
 | *Add named restore point*    | Click to open the :ref:`Add named restore point... <add_restore_point_dialog>` dialog to take a point-in-time snapshot of the current     |
 |                              | server state.                                                                                                                             |
 +------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------+

docs/en_US/oauth2.rst

@@ -1,15 +1,40 @@
 .. _oauth2:
 
-*****************************************
-`Enabling OAUTH2 Authentication`:index:
-*****************************************
+*******************************************************
+`Enabling OAUTH2 and OIDC Authentication`:index:
+*******************************************************
 
 
-To enable OAUTH2 authentication for pgAdmin, you must configure the OAUTH2
-settings in the *config_local.py* or *config_system.py* file (see the
-:ref:`config.py <config_py>` documentation) on the system where pgAdmin is
-installed in Server mode. You can copy these settings from *config.py* file
-and modify the values for the following parameters:
+To enable OAUTH2 or OpenID Connect (OIDC) authentication for pgAdmin, you must
+configure the OAUTH2 settings in the *config_local.py* or *config_system.py*
+file (see the :ref:`config.py <config_py>` documentation) on the system where
+pgAdmin is installed in Server mode. You can copy these settings from *config.py*
+file and modify the values for the following parameters.
+
+OAuth2 vs OpenID Connect (OIDC)
+================================
+
+pgAdmin supports both OAuth2 and OIDC authentication protocols:
+
+**OAuth2** is an authorization framework that allows third-party applications to
+obtain limited access to user accounts. When using OAuth2, pgAdmin must explicitly
+call the provider's userinfo endpoint to retrieve user profile information.
+
+**OpenID Connect (OIDC)** is an identity layer built on top of OAuth2 that provides
+standardized user authentication and profile information. When using OIDC, user
+identity information is included directly in the ID token, which is more efficient
+and secure.
+
+.. note::
+   When **OAUTH2_SERVER_METADATA_URL** is configured, pgAdmin treats the provider
+   as an OIDC provider and will:
+
+   - Use ID token claims for user identity (sub, email, preferred_username)
+   - Skip the userinfo endpoint call when ID token contains sufficient information
+   - Validate the ID token automatically using the provider's public keys
+
+   This is the **recommended approach** for modern identity providers like
+   Microsoft Entra ID (Azure AD), Google, Keycloak, Auth0, and Okta.
 
 
 .. _AzureAD: https://learn.microsoft.com/en-us/security/zero-trust/develop/configure-tokens-group-claims-app-roles
@@ -23,29 +48,28 @@ and modify the values for the following parameters:
 
    "AUTHENTICATION_SOURCES", "The default value for this parameter is *internal*.
    To enable OAUTH2 authentication, you must include *oauth2* in the list of values
-   for this parameter. you can modify the value as follows:
+   for this parameter. You can modify the value as follows:
 
    * [‘oauth2’, ‘internal’]: pgAdmin will display an additional button for authenticating with oauth2"
     "OAUTH2_NAME", "The name of the Oauth2 provider, ex: Google, Github"
     "OAUTH2_DISPLAY_NAME", "Oauth2 display name in pgAdmin"
     "OAUTH2_CLIENT_ID", "Oauth2 Client ID"
-    "OAUTH2_CLIENT_SECRET", "Oauth2 Client Secret"
+    "OAUTH2_CLIENT_SECRET", "Oauth2 Client Secret. **Optional for public clients using Authorization Code + PKCE**. For confidential clients (server-side apps), keep this set. For public clients (no secret), pgAdmin will enforce PKCE and perform an unauthenticated token exchange."
+    "OAUTH2_CLIENT_AUTH_METHOD", "Client authentication method for the token endpoint. Default behavior uses *OAUTH2_CLIENT_SECRET* (confidential client), or PKCE when no secret is provided (public client). Set to *workload_identity* to authenticate using an Azure Entra ID workload identity (federated credential) without a client secret."
+    "OAUTH2_WORKLOAD_IDENTITY_TOKEN_FILE", "When **OAUTH2_CLIENT_AUTH_METHOD** is *workload_identity*, path to the projected OIDC token file (Kubernetes service account JWT). This file must exist at pgAdmin startup."
     "OAUTH2_TOKEN_URL", "Oauth2 Access Token endpoint"
     "OAUTH2_AUTHORIZATION_URL", "Endpoint for user authorization"
-    "OAUTH2_SERVER_METADATA_URL", "Server metadata url for your OAuth2 provider"
+    "OAUTH2_SERVER_METADATA_URL", "**OIDC Discovery URL** (recommended for OIDC providers). When set, pgAdmin will use OIDC flow with automatic ID token validation and user claims from the ID token. Example: *https://login.microsoftonline.com/{tenant}/v2.0/.well-known/openid-configuration*. When using this parameter, OAUTH2_TOKEN_URL and OAUTH2_AUTHORIZATION_URL are optional as they will be discovered automatically."
     "OAUTH2_API_BASE_URL", "Oauth2 base URL endpoint to make requests simple, ex: *https://api.github.com/*"
-    "OAUTH2_USERINFO_ENDPOINT", "User Endpoint, ex: *user* (for github, or *user/emails* if the user's email address is private) and *userinfo* (for google),"
-    "OAUTH2_SCOPE", "Oauth scope, ex: 'openid email profile'. Note that an 'email' claim is required in the resulting profile."
+    "OAUTH2_USERINFO_ENDPOINT", "User Endpoint, ex: *user* (for github, or *user/emails* if the user's email address is private) and *userinfo* (for google). **For OIDC providers**, this is optional if the ID token contains sufficient claims (email, preferred_username, or sub)."
+    "OAUTH2_SCOPE", "Oauth scope, ex: 'openid email profile'. **For OIDC providers**, include 'openid' scope to receive an ID token."
     "OAUTH2_ICON", "The Font-awesome icon to be placed on the oauth2 button,  ex: fa-github"
     "OAUTH2_BUTTON_COLOR", "Oauth2 button color"
-    "OAUTH2_USERNAME_CLAIM", "The claim which is used for the username. If the value is empty
-    the email is used as username, but if a value is provided, the claim has to exist. Ex: *oid* (for AzureAD), *email* (for Github)"
+    "OAUTH2_USERNAME_CLAIM", "The claim which is used for the username. If the value is empty, **for OIDC providers** pgAdmin will use: 1) email, 2) preferred_username, or 3) sub (in that order). **For OAuth2 providers** without OIDC, email is required. Ex: *oid* (for AzureAD), *email* (for Github), *preferred_username* (for Keycloak)"
     "OAUTH2_AUTO_CREATE_USER", "Set the value to *True* if you want to automatically
     create a pgAdmin user corresponding to a successfully authenticated Oauth2 user.
     Please note that password is not stored in the pgAdmin database."
-    "OAUTH2_ADDITIONAL_CLAIMS", "If a dictionary is provided, pgAdmin will check for a matching key and value on the userinfo endpoint 
-    and in the Id Token. In case there is no match with the provided config, the user will receive an authorization error.
-    Useful for checking AzureAD_ *wids* or *groups*, GitLab_ *owner*, *maintainer* and *reporter* claims."
+    "OAUTH2_ADDITIONAL_CLAIMS", "If a dictionary is provided, pgAdmin will check for a matching key and value on the **ID token first** (for OIDC providers), then fall back to the userinfo endpoint response. In case there is no match with the provided config, the user will receive an authorization error. Useful for checking AzureAD_ *wids* or *groups*, GitLab_ *owner*, *maintainer* and *reporter* claims."
     "OAUTH2_SSL_CERT_VERIFICATION", "Set this variable to False to disable SSL certificate verification for OAuth2 provider.
     This may need to set False, in case of self-signed certificates."
     "OAUTH2_CHALLENGE_METHOD", "Enable PKCE workflow. PKCE method name, only *S256* is supported"
@@ -83,3 +107,240 @@ Ref: https://oauth.net/2/pkce
 
 To enable PKCE workflow, set the configuration parameters OAUTH2_CHALLENGE_METHOD to *S256* and OAUTH2_RESPONSE_TYPE to *code*.
 Both parameters are mandatory to enable PKCE workflow.
+
+Public vs Confidential OAuth Clients
+====================================
+
+OAuth providers support two common client types:
+
+- **Confidential clients** have a client secret and can authenticate to the token endpoint.
+- **Public clients** do not have a client secret (or the secret cannot be safely stored).
+
+pgAdmin supports interactive user login for both client types:
+
+- If **OAUTH2_CLIENT_SECRET** is set, pgAdmin treats the provider as a confidential client.
+- If **OAUTH2_CLIENT_SECRET** is missing, empty, or set to *None*, pgAdmin treats the provider as a public client and **requires PKCE**.
+
+.. note::
+    For public clients, pgAdmin uses Authlib's native behavior to perform an **unauthenticated token exchange**
+    (token endpoint client authentication method: ``none``). This is required for Authorization Code + PKCE
+    flows where no client secret is available.
+
+Azure Entra ID Workload Identity (AKS) (No Client Secret)
+=========================================================
+
+pgAdmin can authenticate to Microsoft Entra ID (Azure AD) **without a client secret** using an
+AKS Workload Identity projected service account token (OIDC federated credential).
+
+This is a **confidential client** scenario (server-side app), but client authentication to the token
+endpoint is performed using a **JWT client assertion**.
+
+Enable workload identity mode
+-----------------------------
+
+Set the following parameters in your provider configuration:
+
+.. code-block:: python
+
+    OAUTH2_CONFIG = [{
+        'OAUTH2_NAME': 'entra-workload-identity',
+        'OAUTH2_DISPLAY_NAME': 'Microsoft Entra ID',
+        'OAUTH2_CLIENT_ID': '<Application (client) ID>',
+        'OAUTH2_CLIENT_SECRET': None,  # not required
+        'OAUTH2_CLIENT_AUTH_METHOD': 'workload_identity',
+        'OAUTH2_WORKLOAD_IDENTITY_TOKEN_FILE':
+            '/var/run/secrets/azure/tokens/azure-identity-token',
+        'OAUTH2_SERVER_METADATA_URL':
+            'https://login.microsoftonline.com/<tenant-id>/v2.0/.well-known/openid-configuration',
+        'OAUTH2_SCOPE': 'openid email profile',
+    }]
+
+With this configuration:
+
+- pgAdmin will **not** require **OAUTH2_CLIENT_SECRET**.
+- pgAdmin will **not** use PKCE for this provider.
+- During the token exchange, pgAdmin will send:
+
+    - ``client_assertion_type=urn:ietf:params:oauth:client-assertion-type:jwt-bearer``
+    - ``client_assertion=<projected service account JWT>``
+
+Azure App Registration setup
+----------------------------
+
+In Microsoft Entra ID:
+
+- Create an **App registration** for pgAdmin.
+- Configure a **Redirect URI** to ``<http/https>://<pgAdmin Server URL>/oauth2/authorize``.
+- In **Certificates & secrets**, you do **not** need to create a client secret for workload identity.
+
+Federated credential (workload identity) configuration
+------------------------------------------------------
+
+Add a **Federated credential** to the App registration:
+
+- **Issuer**: your AKS cluster OIDC issuer URL.
+- **Subject**: ``system:serviceaccount:<namespace>:<serviceaccount-name>``
+- **Audience**: typically ``api://AzureADTokenExchange``
+
+AKS ServiceAccount example
+--------------------------
+
+Example ServiceAccount for AKS Workload Identity:
+
+.. code-block:: yaml
+
+    apiVersion: v1
+    kind: ServiceAccount
+    metadata:
+      name: pgadmin
+      namespace: pgadmin
+      annotations:
+        azure.workload.identity/client-id: "<Application (client) ID>"
+    ---
+    apiVersion: apps/v1
+    kind: Deployment
+    metadata:
+      name: pgadmin
+      namespace: pgadmin
+    spec:
+      template:
+        metadata:
+          labels:
+            azure.workload.identity/use: "true"
+        spec:
+          serviceAccountName: pgadmin
+
+.. note::
+    The projected token file path can vary by cluster configuration.
+    In many AKS setups it is provided via the ``AZURE_FEDERATED_TOKEN_FILE`` environment
+    variable and mounted under ``/var/run/secrets/azure/tokens/``.
+
+OIDC Configuration Examples
+============================
+
+Using OIDC with Discovery Metadata (Recommended)
+-------------------------------------------------
+
+When using OIDC providers, configure the **OAUTH2_SERVER_METADATA_URL** parameter
+to enable automatic discovery and ID token validation:
+
+.. code-block:: python
+
+    OAUTH2_CONFIG = [{
+        'OAUTH2_NAME': 'my-oidc-provider',
+        'OAUTH2_DISPLAY_NAME': 'My OIDC Provider',
+        'OAUTH2_CLIENT_ID': 'your-client-id',
+        'OAUTH2_CLIENT_SECRET': 'your-client-secret',
+        'OAUTH2_SERVER_METADATA_URL': 'https://provider.example.com/.well-known/openid-configuration',
+        'OAUTH2_SCOPE': 'openid email profile',
+        # OAUTH2_USERINFO_ENDPOINT is optional when using OIDC
+        # Token and authorization URLs are discovered automatically
+    }]
+
+With this configuration:
+
+- pgAdmin will use the OIDC discovery endpoint to automatically find token and authorization URLs
+- User identity will be extracted from ID token claims (sub, email, preferred_username)
+- The userinfo endpoint will only be called as a fallback if ID token lacks required claims
+- ID token will be automatically validated using the provider's public keys
+
+Using OIDC as a Public Client (No Client Secret) with PKCE
+-----------------------------------------------------------
+
+If your OAuth/OIDC application is configured as a **public client** (no client secret), pgAdmin can still perform
+interactive user login using Authorization Code + PKCE.
+
+.. code-block:: python
+
+    OAUTH2_CONFIG = [{
+        'OAUTH2_NAME': 'my-oidc-public',
+        'OAUTH2_DISPLAY_NAME': 'My OIDC Provider (Public Client)',
+        'OAUTH2_CLIENT_ID': 'your-client-id',
+        # Public client: omit OAUTH2_CLIENT_SECRET or set it to None/empty.
+        'OAUTH2_CLIENT_SECRET': None,
+        'OAUTH2_SERVER_METADATA_URL': 'https://provider.example.com/.well-known/openid-configuration',
+        'OAUTH2_SCOPE': 'openid email profile',
+        # PKCE is mandatory for public clients
+        'OAUTH2_CHALLENGE_METHOD': 'S256',
+        'OAUTH2_RESPONSE_TYPE': 'code',
+    }]
+
+With this configuration:
+
+- pgAdmin enforces PKCE (challenge method + response type)
+- The token exchange is performed without a client secret
+
+Username Resolution for OIDC
+-----------------------------
+
+When **OAUTH2_SERVER_METADATA_URL** is configured (OIDC mode), pgAdmin will
+resolve the username in the following order:
+
+1. **OAUTH2_USERNAME_CLAIM** (if configured) - checks ID token first, then userinfo
+2. **email** claim from ID token or userinfo endpoint
+3. **preferred_username** claim from ID token (standard OIDC claim)
+4. **sub** claim from ID token (always present in OIDC, used as last resort)
+
+Example with custom username claim:
+
+.. code-block:: python
+
+    OAUTH2_CONFIG = [{
+        # ... other config ...
+        'OAUTH2_USERNAME_CLAIM': 'preferred_username',
+        # pgAdmin will use 'preferred_username' from ID token for the username
+    }]
+
+Example without custom claim (uses automatic fallback):
+
+.. code-block:: python
+
+    OAUTH2_CONFIG = [{
+        # ... other config ...
+        # No OAUTH2_USERNAME_CLAIM specified
+        # pgAdmin will try: email -> preferred_username -> sub
+    }]
+
+Additional Claims Authorization with OIDC
+------------------------------------------
+
+When using **OAUTH2_ADDITIONAL_CLAIMS** with OIDC providers, pgAdmin will:
+
+1. Check the ID token claims first (more secure, no additional network call)
+2. Fall back to userinfo endpoint response if needed
+
+Example:
+
+.. code-block:: python
+
+    OAUTH2_CONFIG = [{
+        # ... other config ...
+        'OAUTH2_ADDITIONAL_CLAIMS': {
+            'groups': ['admin-group', 'pgadmin-users'],
+            'roles': ['database-admin']
+        },
+        # pgAdmin will check these claims in ID token first,
+        # then userinfo endpoint if not found
+    }]
+
+Legacy OAuth2 Configuration (Without OIDC)
+-------------------------------------------
+
+For providers that don't support OIDC discovery, configure all endpoints manually:
+
+.. code-block:: python
+
+    OAUTH2_CONFIG = [{
+        'OAUTH2_NAME': 'github',
+        'OAUTH2_DISPLAY_NAME': 'GitHub',
+        'OAUTH2_CLIENT_ID': 'your-client-id',
+        'OAUTH2_CLIENT_SECRET': 'your-client-secret',
+        'OAUTH2_TOKEN_URL': 'https://github.com/login/oauth/access_token',
+        'OAUTH2_AUTHORIZATION_URL': 'https://github.com/login/oauth/authorize',
+        'OAUTH2_API_BASE_URL': 'https://api.github.com/',
+        'OAUTH2_USERINFO_ENDPOINT': 'user',
+        'OAUTH2_SCOPE': 'user:email',
+        # No OAUTH2_SERVER_METADATA_URL - pure OAuth2 mode
+    }]
+
+In this mode, user identity is retrieved only from the userinfo endpoint.

docs/en_US/preferences.rst

@@ -27,6 +27,83 @@ The left pane of the *Preferences* tab displays a tree control; each node of
 the tree control provides access to options that are related to the node under
 which they are displayed.
 
+The AI Node
+***********
+
+Use preferences found in the *AI* node of the tree control to configure
+AI-powered features and LLM (Large Language Model) providers.
+
+.. image:: images/preferences_ai.png
+    :alt: Preferences AI section
+    :align: center
+
+**Note:** AI features must be enabled in the server configuration (``LLM_ENABLED = True``
+in ``config.py``) for these preferences to be available.
+
+Use the fields on the *AI* panel to configure your LLM provider:
+
+* Use the *Default Provider* drop-down to select your LLM provider. Options include:
+  *Anthropic*, *OpenAI*, *Ollama*, or *Docker Model Runner*.
+
+**Anthropic Settings:**
+
+* Use the *API URL* field to set a custom API endpoint URL. Leave empty to use
+  the default Anthropic API (``https://api.anthropic.com/v1``). Set a custom URL
+  to use an Anthropic-compatible API provider.
+
+* Use the *API Key File* field to specify the path to a file containing your
+  Anthropic API key. This path refers to the filesystem where the pgAdmin
+  server is running (e.g., inside the container if using Docker). The ``~``
+  prefix is expanded to the home directory of the user running the pgAdmin
+  server process. The API key may be optional when using a custom API URL
+  with a provider that does not require authentication.
+
+* Use the *Model* field to select from the available Claude models. Click the
+  refresh button to fetch the latest available models from your configured
+  endpoint.
+
+**OpenAI Settings:**
+
+* Use the *API URL* field to set a custom API endpoint URL. Leave empty to use
+  the default OpenAI API (``https://api.openai.com/v1``). Set a custom URL to
+  use any OpenAI-compatible API provider (e.g., LiteLLM, LM Studio, EXO).
+  Include the ``/v1`` path prefix if required by your provider
+  (e.g., ``http://localhost:1234/v1``).
+
+* Use the *API Key File* field to specify the path to a file containing your
+  OpenAI API key. This path refers to the filesystem where the pgAdmin
+  server is running (e.g., inside the container if using Docker). The ``~``
+  prefix is expanded to the home directory of the user running the pgAdmin
+  server process. The API key may be optional when using a custom API URL
+  with a provider that does not require authentication.
+
+* Use the *Model* field to select from the available GPT models. Click the
+  refresh button to fetch the latest available models from your configured
+  endpoint.
+
+**Ollama Settings:**
+
+* Use the *API URL* field to specify the Ollama server URL
+  (default: ``http://localhost:11434``).
+
+* Use the *Model* field to select from the available models or enter a custom
+  model name (e.g., ``llama2``, ``mistral``). Click the refresh button to fetch
+  the latest available models from your Ollama server.
+
+**Docker Model Runner Settings:**
+
+* Use the *API URL* field to specify the Docker Model Runner API URL
+  (default: ``http://localhost:12434``). Available in Docker Desktop 4.40+.
+
+* Use the *Model* field to select from the available models or enter a custom
+  model name. Click the refresh button to fetch the latest available models
+  from your Docker Model Runner.
+
+.. note:: You can also use the *OpenAI* provider with a custom API URL for any
+   OpenAI-compatible endpoint, including Docker Model Runner, LM Studio, EXO,
+   and other local inference servers. This can be useful when you want to use
+   a provider that isn't explicitly listed but supports the OpenAI API format.
+
 The Browser Node
 ****************
 
@@ -60,6 +137,9 @@ Use the fields on the *Display* panel to specify general display preferences:
   all the shared servers from the object explorer. **Note:** This option is visible only when
   pgAdmin is running in server mode.
 
+* When the *Show column data type?* switch is turned off, then the data types 
+  of the columns will not be displayed alongside their column names.
+
 * When the *Show empty object collections?* switch is turned off, then all object
   collections which are empty will be hidden from browser tree.
 
@@ -101,7 +181,7 @@ related settings:
     :align: center
 
 * Use *Enable object breadcrumbs?* to enable or disable object breadcrumbs
-  displayed on on object mouse hover.
+  displayed on object mouse hover.
 
 * Use *Show comment with object breadcrumbs?* to enable or disable the
   comment visibility which comes displayed with object breadcrumbs.
@@ -139,11 +219,11 @@ Use field on *Tab settings* panel to specify the tab related properties.
 
 * Use *Debugger tab title placeholder* field to customize the Debugger tab title.
 
-* When the *Dynamic tab size* If set to True, the tabs will take full size as per the title, it will also applicable for already opened tabs
+* When the *Dynamic tab size* switch is set to *True*, the tabs will take full size as per the title. This will also apply to already opened tabs.
 
 * Use the *PSQL tool tab title placeholder* field to customize the PSQL tool tab title.
 
-* When the *Open in new browser tab* filed is selected for Query tool, Schema Diff or Debugger, it will
+* When the *Open in new browser tab* field is selected for Query tool, Schema Diff or Debugger, it will
   open in a new browser tab when invoked.
 
 * Use the *Query tool tab title placeholder* field to customize the query tool tab title.
@@ -172,7 +252,7 @@ Expand the *Dashboards* node to specify your dashboard display preferences.
     :alt: Preferences dashboard refresh options
     :align: center
 
-Use the fields on the *Refresh rates* panel to specify your refersh rates
+Use the fields on the *Refresh rates* panel to specify your refresh rate
 preferences for the graphs on the *Dashboard* tab:
 
 * Use the *Average load statistics refresh rate* field to specify the number of
@@ -389,11 +469,17 @@ Use the fields on the *File Downloads* panel to manage file downloads related pr
 
 * When the *Automatically open downloaded files?* switch is set to *True*
   the downloaded file will automatically open in the system's default
-  application associated with that file type.
+  application associated with that file type. **Note:** This option is applicable and
+  visible only in desktop mode.
+
+* When the *Enable binary data download?* switch is set to *True*,
+  binary data can be downloaded from the result grid. Default is set to *False*
+  to prevent excessive memory usage on the server.
 
 * When the *Prompt for the download location?* switch is set to *True*
   a prompt will appear after clicking the download button, allowing you
-  to choose the download location.
+  to choose the download location. **Note:** This option is applicable and
+  visible only in desktop mode.
 
 **Note:** File Downloads related settings are applicable and visible only in desktop mode.
 
@@ -457,7 +543,7 @@ monitored databases:
   locations used by PostgreSQL.
 
 **Note:** Use the 'Validate path' button to check the existence of the utility
-programs (pg_dump, pg_dumpall, pg_restore and psql) and there respective versions.
+programs (pg_dump, pg_dumpall, pg_restore and psql) and their respective versions.
 
 .. image:: images/preferences_paths_help.png
     :alt: Preferences binary path help section

docs/en_US/procedure_dialog.rst

@@ -135,7 +135,7 @@ procedure. Click *Add* to add each security label selection:
 
 * Specify a security label provider in the *Provider* field. The named provider
   must be loaded and must consent to the proposed labeling operation.
-* Specify a a security label in the *Security Label* field. The meaning of a
+* Specify a security label in the *Security Label* field. The meaning of a
   given label is at the discretion of the label provider. PostgreSQL places no
   restrictions on whether or how a label provider must interpret security
   labels; it merely provides a mechanism for storing them.

docs/en_US/query_tool.rst

@@ -32,8 +32,9 @@ The Query Tool features two panels:
 
 * The upper panel displays the *SQL Editor*. You can use the panel to enter,
   edit, or execute a query or a script. It also shows the *History* tab which can be used
-  to view the queries that have been executed in the session, and a *Scratch Pad*
-  which can be used to hold text snippets during editing. If the Scratch Pad is
+  to view the queries that have been executed in the session, a *Scratch Pad*
+  which can be used to hold text snippets during editing, and an *AI Assistant*
+  tab for generating SQL from natural language (when AI is configured). If the Scratch Pad is
   closed, it can be re-opened (or additional ones opened) by right-clicking in
   the SQL Editor and other panels and adding a new panel.
 * The lower panel displays the *Data Output* panel. The tabbed panel displays
@@ -201,6 +202,49 @@ can be adjusted in ``config_local.py`` or ``config_system.py`` (see the
 `MAX_QUERY_HIST_STORED` value. See the :ref:`Deployment <deployment>` section
 for more information.
 
+AI Assistant Panel
+******************
+
+The *AI Assistant* tab provides a chat-style interface for generating SQL queries
+from natural language descriptions. This feature requires an AI provider to be
+configured in *Preferences > AI*. For configuration details, see the
+:ref:`preferences` documentation.
+
+.. image:: images/query_ai_assistant.png
+    :alt: Query tool AI Assistant panel
+    :align: center
+
+To use the AI Assistant:
+
+1. Click on the *AI Assistant* tab in the upper panel, or use the *AI Assistant*
+   toolbar button.
+2. Type a description of the SQL query you need in natural language.
+3. Press Enter or click the send button to submit your request.
+4. The AI will analyze your database schema and generate appropriate SQL.
+
+The AI Assistant displays conversations with your messages and AI responses. When
+the AI generates SQL, it appears in a syntax-highlighted code block with action
+buttons:
+
+* **Insert** - Insert the SQL at the current cursor position in the SQL Editor.
+* **Replace** - Replace all content in the SQL Editor with the generated SQL.
+* **Copy** - Copy the SQL to the clipboard.
+
+The AI Assistant maintains conversation context, allowing you to refine queries
+iteratively. For example, you can ask for a query and then follow up with
+"also add a filter for active users" to modify the previous result.
+
+**Tips for effective use:**
+
+* Be specific about table and column names if you know them.
+* Describe the desired output format (e.g., "show count by category").
+* For complex queries, break down requirements step by step.
+* Use the *Clear* button to start a fresh conversation.
+
+**Note:** The AI Assistant uses database schema inspection tools to understand
+your database structure. It supports SELECT, INSERT, UPDATE, DELETE, and DDL
+statements. All generated queries should be reviewed before execution.
+
 The Data Output Panel
 *********************
 
@@ -275,6 +319,8 @@ the drop down on the right side of *Explain Analyze* button in the toolbar.
 
 Please note that pgAdmin generates the *Explain [Analyze]* plan in JSON format.
 
+**Note**: If multiple queries are present and none is selected, *Explain [Analyze]* runs the query located at the cursor position.
+
 On successful generation of *Explain* plan, it will create three tabs/panels
 under the Explain panel.
 
@@ -333,6 +379,44 @@ If planner mis-estimated number of rows (actual vs planned) by
     :alt: Query tool explain plan statistics
     :align: center
 
+* AI Insights
+
+The *AI Insights* tab provides AI-powered analysis of query execution plans,
+identifying performance bottlenecks and suggesting optimizations. This tab is
+only available when an AI provider is configured in *Preferences > AI*.
+
+.. image:: images/query_explain_ai_insights.png
+    :alt: Query tool explain plan AI insights
+    :align: center
+
+When you switch to the AI Insights tab, the AI analyzes the execution plan and
+provides:
+
+**Performance Bottlenecks** - Issues identified in the query plan, such as:
+
+* Sequential scans on large tables that could benefit from indexes
+* Significant differences between estimated and actual row counts
+* Expensive sort or hash operations
+* Nested loops with high iteration counts
+
+**Recommendations** - Concrete suggestions to improve query performance:
+
+* Index creation statements with appropriate columns
+* ANALYZE commands to update table statistics
+* Configuration parameter adjustments
+* Query restructuring suggestions
+
+Each recommendation that includes SQL (such as CREATE INDEX statements) has
+action buttons to *Copy* the SQL to the clipboard or *Insert* it into the
+Query Editor.
+
+Click the *Regenerate* button to request a fresh analysis of the current plan.
+
+**Note:** AI analysis is generated on-demand when you first click the AI Insights
+tab or when a new explain plan is generated while the tab is active. The analysis
+provides guidance but all suggested changes should be carefully evaluated before
+applying to production databases.
+
 Messages Panel
 **************
 

docs/en_US/query_tool_toolbar.rst

@@ -241,6 +241,8 @@ Pagination Options
    +----------------------+---------------------------------------------------------------------------------------------------+----------------+
    | *Edit Range*         | Click to open the from and to rows range inputs to allow setting them.                            |                |
    +----------------------+---------------------------------------------------------------------------------------------------+----------------+
+   | *Show Entire Range*  | Click to get all the rows and set the from and to rows range                                      |                |
+   +----------------------+---------------------------------------------------------------------------------------------------+----------------+
    | *Page No*            | Enter the page no you want to jump to out of total shown next to this input                       |                |
    +----------------------+---------------------------------------------------------------------------------------------------+----------------+
    | *First Page*         | Click to go to the first page.                                                                    |                |

docs/en_US/release_notes.rst

@@ -12,6 +12,10 @@ notes for it.
    :maxdepth: 1
 
 
+   release_notes_9_14
+   release_notes_9_13
+   release_notes_9_12
+   release_notes_9_11
    release_notes_9_10
    release_notes_9_9
    release_notes_9_8

docs/en_US/release_notes_9_11.rst

@@ -0,0 +1,45 @@
+************
+Version 9.11
+************
+
+Release date: 2025-12-11
+
+This release contains a number of bug fixes and new features since the release of pgAdmin 4 v9.10.
+
+Supported Database Servers
+**************************
+**PostgreSQL**: 13, 14, 15, 16, 17 and 18
+
+**EDB Advanced Server**: 13, 14, 15, 16, 17 and 18
+
+Bundled PostgreSQL Utilities
+****************************
+**psql**, **pg_dump**, **pg_dumpall**, **pg_restore**: 18.0
+
+
+New features
+************
+
+  | `Issue #6388 <https://github.com/pgadmin-org/pgadmin4/issues/6388>`_ -  Add support of DEPENDS/NO DEPENDS ON EXTENSION for INDEX.
+  | `Issue #6390 <https://github.com/pgadmin-org/pgadmin4/issues/6390>`_ -  Add support of DEPENDS/NO DEPENDS ON EXTENSION for MATERIALIZED VIEW.
+  | `Issue #8968 <https://github.com/pgadmin-org/pgadmin4/issues/8968>`_ -  Add support for showing the column data type beside column name in the object explorer.
+  | `Issue #9263 <https://github.com/pgadmin-org/pgadmin4/issues/9263>`_ -  Added Ubuntu 25.10 and Fedora 43
+  | `Issue #9345 <https://github.com/pgadmin-org/pgadmin4/issues/9345>`_ -  Add conditional TLS support for the Ingress in the Helm chart.
+
+Housekeeping
+************
+
+Bug fixes
+*********
+
+  | `Issue #9036 <https://github.com/pgadmin-org/pgadmin4/issues/9036>`_ -  Fixed an issue on type casting of default string function/procedure arguments in debugger tool.
+  | `Issue #9155 <https://github.com/pgadmin-org/pgadmin4/issues/9155>`_ -  Fix pkg_resources deprecation warning by migrating Docker base image to python:3-alpine from alpine:latest.
+  | `Issue #9297 <https://github.com/pgadmin-org/pgadmin4/issues/9297>`_ -  Fixed an issue where EXPLAIN should run on query under cursor if no text is selected.
+  | `Issue #9351 <https://github.com/pgadmin-org/pgadmin4/issues/9351>`_ -  Fixed an issue where opening file in Query Tool does not retain file name in tab.
+  | `Issue #9354 <https://github.com/pgadmin-org/pgadmin4/issues/9354>`_ -  Fixed an issue where connection is failing via Query Tool/PSQL Tool workspaces.
+  | `Issue #9368 <https://github.com/pgadmin-org/pgadmin4/issues/9368>`_ -  Plain SQL restore runs with '\restrict' option to prevent harmful psql meta-commands (CVE-2025-13780).
+  | `Issue #9372 <https://github.com/pgadmin-org/pgadmin4/issues/9372>`_ -  Fixed an issue where copying highlighted text in the query tool data output cell editor would copy the complete string.
+  | `Issue #9373 <https://github.com/pgadmin-org/pgadmin4/issues/9373>`_ -  Fixed an issue where copying a single cell should not add quoting.
+  | `Issue #9393 <https://github.com/pgadmin-org/pgadmin4/issues/9393>`_ -  Fix the Helm chart server definition and change the app version.
+  | `Issue #9399 <https://github.com/pgadmin-org/pgadmin4/issues/9399>`_ -  Specify the correct hostname placeholder for the Password Exec command.
+  | `Issue #9408 <https://github.com/pgadmin-org/pgadmin4/issues/9408>`_ -  Ensure the proper handling of extra volume mount configurations in the Helm deployment template by correcting the configuration value references.

docs/en_US/release_notes_9_12.rst

@@ -0,0 +1,60 @@
+************
+Version 9.12
+************
+
+Release date: 2026-02-05
+
+This release contains a number of bug fixes and new features since the release of pgAdmin 4 v9.11.
+
+.. warning:: Starting with this release, pgAdmin Windows installers are signed
+    with a new code signing certificate. When installing or running pgAdmin on
+    Windows, you should verify that the digital signature shows the certificate
+    name as **"Open Source Developer, David John Page"**. This certificate will
+    be used for this and future releases.
+
+Supported Database Servers
+**************************
+**PostgreSQL**: 13, 14, 15, 16, 17 and 18
+
+**EDB Advanced Server**: 13, 14, 15, 16, 17 and 18
+
+Bundled PostgreSQL Utilities
+****************************
+**psql**, **pg_dump**, **pg_dumpall**, **pg_restore**: 18.0
+
+
+New features
+************
+
+  | `Issue #6451 <https://github.com/pgadmin-org/pgadmin4/issues/6451>`_ - Add new options like INHERIT and SET to the Role's membership tab.
+  | `Issue #8890 <https://github.com/pgadmin-org/pgadmin4/issues/8890>`_ - Add a new button in the query tool data output toolbar to get entire range of data.
+  | `Issue #9292 <https://github.com/pgadmin-org/pgadmin4/issues/9292>`_ - Enhance OAUTH2 and OIDC authentication support with improved claims handling and configuration options.
+
+Housekeeping
+************
+
+
+Bug fixes
+*********
+
+  | `Issue #8916 <https://github.com/pgadmin-org/pgadmin4/issues/8916>`_ - Warn user of unsaved data output edits before page navigation.
+  | `Issue #8987 <https://github.com/pgadmin-org/pgadmin4/issues/8987>`_ - Fix Query Tool state restoration for new connections and queries.
+  | `Issue #9074 <https://github.com/pgadmin-org/pgadmin4/issues/9074>`_ - Fix pg_restore logs to distinguish UI sync issues from actual failures.
+  | `Issue #9110 <https://github.com/pgadmin-org/pgadmin4/issues/9110>`_ - Optimize checkbox selection logic in backup dialog objects tree.
+  | `Issue #9196 <https://github.com/pgadmin-org/pgadmin4/issues/9196>`_ - Fixed an issue where double click to open a file in the file manager is not working.
+  | `Issue #9223 <https://github.com/pgadmin-org/pgadmin4/issues/9223>`_ - Upgrade ID column in the database table to BigInteger to support large OID values.
+  | `Issue #9235 <https://github.com/pgadmin-org/pgadmin4/issues/9235>`_ - Fixed an issue where "View/Edit Data" shortcut opened "First 100 rows" instead of "All Rows".
+  | `Issue #9258 <https://github.com/pgadmin-org/pgadmin4/issues/9258>`_ - Ensure saved shared server passwords are re-encrypted on password change.
+  | `Issue #9260 <https://github.com/pgadmin-org/pgadmin4/issues/9260>`_ - Fixed an issue where data filter dialog removes newline character when sending SQL to the query tool.
+  | `Issue #9285 <https://github.com/pgadmin-org/pgadmin4/issues/9285>`_ - Fixed an issue where the dashboard freezes on initial render when there is a high number of locks.
+  | `Issue #9293 <https://github.com/pgadmin-org/pgadmin4/issues/9293>`_ - Fixed the SSL certificate issue while checking for the upgrade.
+  | `Issue #9332 <https://github.com/pgadmin-org/pgadmin4/issues/9332>`_ - Fixed a sorting issue in the system stats memory usage table.
+  | `Issue #9350 <https://github.com/pgadmin-org/pgadmin4/issues/9350>`_ - Disable Parameters and Membership fields when object is not new for Login and group roles.
+  | `Issue #9380 <https://github.com/pgadmin-org/pgadmin4/issues/9380>`_ - Fixed an issue where the Query History panel would auto-scroll to the top and did not preserve the scroll bar position for the selected entry.
+  | `Issue #9402 <https://github.com/pgadmin-org/pgadmin4/issues/9402>`_ - Fixed an issue where pgAdmin4 app on macOS cannot auto-update while running on a read-only volume even if present in the Applications folder.
+  | `Issue #9500 <https://github.com/pgadmin-org/pgadmin4/issues/9500>`_ - Fixed an issue where connection parameters were using localized values instead of literal values, causing connection failures.
+  | `Issue #9518 <https://github.com/pgadmin-org/pgadmin4/issues/9518>`_ - Mask the secret key for restrict option in the process watcher when restoring plain SQL file (CVE-2026-1707).
+  | `Issue #9522 <https://github.com/pgadmin-org/pgadmin4/issues/9522>`_ - Ensure the container deployment supports boolean values in yaml format.
+  | `Issue #9552 <https://github.com/pgadmin-org/pgadmin4/issues/9552>`_ - Ensure that the tooltip for the password cell is not visible.
+  | `Issue #9553 <https://github.com/pgadmin-org/pgadmin4/issues/9553>`_ - Fix pgAdmin fails when performing Backup/Restore on a PostgreSQL connection defined exclusively via pg_service.conf.
+  | `Issue #9567 <https://github.com/pgadmin-org/pgadmin4/issues/9567>`_ - Update menu bar documentation.

docs/en_US/release_notes_9_13.rst

@@ -0,0 +1,44 @@
+************
+Version 9.13
+************
+
+Release date: 2026-03-05
+
+This release contains a number of bug fixes and new features since the release of pgAdmin 4 v9.12.
+
+Supported Database Servers
+**************************
+**PostgreSQL**: 13, 14, 15, 16, 17 and 18
+
+**EDB Advanced Server**: 13, 14, 15, 16, 17 and 18
+
+Bundled PostgreSQL Utilities
+****************************
+**psql**, **pg_dump**, **pg_dumpall**, **pg_restore**: 18.0
+
+
+New features
+************
+
+  | `Issue #229 <https://github.com/pgadmin-org/pgadmin4/issues/229>`_   - Allow users to customize "OF TYPE" columns during table creation.
+  | `Issue #5578 <https://github.com/pgadmin-org/pgadmin4/issues/5578>`_ - No FK are shown in diagram created from existing tables in the ERD Tool.
+  | `Issue #6386 <https://github.com/pgadmin-org/pgadmin4/issues/6386>`_ - Add support for 'ONLY' in Index creation dialog.
+  | `Issue #8198 <https://github.com/pgadmin-org/pgadmin4/issues/8198>`_ - Allow "drag-n-drop" for only user chosen tables, and show relations between them.
+  | `Issue #9229 <https://github.com/pgadmin-org/pgadmin4/issues/9229>`_ - Load predefined users from a JSON file through command line.
+  | `Issue #9641 <https://github.com/pgadmin-org/pgadmin4/issues/9641>`_ - Core LLM integration infrastructure, AI reports for security, schema, and performance, AI chat for the Query Tool, and AI Insights for EXPLAIN.
+
+Housekeeping
+************
+
+Bug fixes
+*********
+
+  | `Issue #7578 <https://github.com/pgadmin-org/pgadmin4/issues/7578>`_ - Fixed an issue where the 'Quote strings only' configuration was ignored when downloading the result set.
+  | `Issue #8988 <https://github.com/pgadmin-org/pgadmin4/issues/8988>`_ - Fixed an issue where tools settings changed by the users were not restored on application relaunch.
+  | `Issue #9258 <https://github.com/pgadmin-org/pgadmin4/issues/9258>`_ - Fixed an issue where modifying a shared server incorrectly updated the original server details.
+  | `Issue #9484 <https://github.com/pgadmin-org/pgadmin4/issues/9484>`_ - Fixed an issue where a long name in ERD table node was not breaking into multiple lines.
+  | `Issue #9486 <https://github.com/pgadmin-org/pgadmin4/issues/9486>`_ - Fixed an issue where column comments were not displayed in the SQL tab for materialised views.
+  | `Issue #9572 <https://github.com/pgadmin-org/pgadmin4/issues/9572>`_ - Fix an issue where deployment of helm chart crashing with operation not permitted.
+  | `Issue #9583 <https://github.com/pgadmin-org/pgadmin4/issues/9583>`_ - Fix translation compilation.
+  | `Issue #9649 <https://github.com/pgadmin-org/pgadmin4/issues/9649>`_ - Fix broken checkbox selection in backup dialog objects tree.
+  | `Issue #9651 <https://github.com/pgadmin-org/pgadmin4/issues/9651>`_ - Fixed an issue in file dialog where rename was not working.

docs/en_US/release_notes_9_14.rst

@@ -0,0 +1,47 @@
+************
+Version 9.14
+************
+
+Release date: 2026-04-02
+
+This release contains a number of bug fixes and new features since the release of pgAdmin 4 v9.13.
+
+Supported Database Servers
+**************************
+**PostgreSQL**: 13, 14, 15, 16, 17 and 18
+
+**EDB Advanced Server**: 13, 14, 15, 16, 17 and 18
+
+Bundled PostgreSQL Utilities
+****************************
+**psql**, **pg_dump**, **pg_dumpall**, **pg_restore**: 18.0
+
+
+New features
+************
+
+  | `Issue #4011 <https://github.com/pgadmin-org/pgadmin4/issues/4011>`_ -  Added support to download binary data from result grid.
+  | `Issue #9703 <https://github.com/pgadmin-org/pgadmin4/issues/9703>`_ -  Added support for custom LLM provider URLs for OpenAI and Anthropic, allowing use of OpenAI-compatible providers such as LM Studio, EXO, and LiteLLM.
+  | `Issue #9709 <https://github.com/pgadmin-org/pgadmin4/issues/9709>`_ -  Fixed an issue where AI features (AI Assistant tab, AI Reports menus, and AI Preferences) were visible in the UI even when LLM_ENABLED is set to False.
+  | `Issue #9738 <https://github.com/pgadmin-org/pgadmin4/issues/9738>`_ -  Allow copying of text from the AI Assistant chat panel.
+
+Housekeeping
+************
+
+Bug fixes
+*********
+
+  | `Issue #8992 <https://github.com/pgadmin-org/pgadmin4/issues/8992>`_ -  Fixed an issue where selecting all in the Query Tool's Messages tab would select the entire page content.
+  | `Issue #9279 <https://github.com/pgadmin-org/pgadmin4/issues/9279>`_ -  Fixed an issue where OAuth2 authentication fails with 'object has no attribute' if OAUTH2_AUTO_CREATE_USER is False.
+  | `Issue #9392 <https://github.com/pgadmin-org/pgadmin4/issues/9392>`_ -  Ensure that the Geometry Viewer refreshes when re-running queries or switching geometry columns, preventing stale data from being displayed.
+  | `Issue #9457 <https://github.com/pgadmin-org/pgadmin4/issues/9457>`_ -  Fixed Process Watcher garbled text on Windows with non-UTF-8 locales.
+  | `Issue #9694 <https://github.com/pgadmin-org/pgadmin4/issues/9694>`_ -  Fixed an issue where AI Reports are grayed out after setting an API key by auto-selecting the default provider.
+  | `Issue #9702 <https://github.com/pgadmin-org/pgadmin4/issues/9702>`_ -  Fixed misleading AI activity messages that could be mistaken for actual database operations.
+  | `Issue #9719 <https://github.com/pgadmin-org/pgadmin4/issues/9719>`_ -  Fixed an issue where AI Reports fail with OpenAI models that do not support the temperature parameter.
+  | `Issue #9721 <https://github.com/pgadmin-org/pgadmin4/issues/9721>`_ -  Fixed an issue where permissions page is not completely accessible on full scroll.
+  | `Issue #9729 <https://github.com/pgadmin-org/pgadmin4/issues/9729>`_ -  Fixed an issue where some LLM models would not use database tools in the AI assistant, instead returning text descriptions of tool calls.
+  | `Issue #9732 <https://github.com/pgadmin-org/pgadmin4/issues/9732>`_ -  Improve the AI Assistant user prompt to be more descriptive of the actual functionality.
+  | `Issue #9734 <https://github.com/pgadmin-org/pgadmin4/issues/9734>`_ -  Fixed an issue where LLM responses are not streamed or rendered properly in the AI Assistant.
+  | `Issue #9736 <https://github.com/pgadmin-org/pgadmin4/issues/9736>`_ -  Fix an issue where the AI Assistant was not retaining conversation context between messages, with chat history compaction to manage token budgets.
+  | `Issue #9740 <https://github.com/pgadmin-org/pgadmin4/issues/9740>`_ -  Fixed an issue where the AI Assistant input textbox sometimes swallows the first character of input.
+  | `Issue #9758 <https://github.com/pgadmin-org/pgadmin4/issues/9758>`_ -  Clarify where the LLM API key files should be.

docs/en_US/restore_dialog.rst

@@ -29,6 +29,10 @@ restore process:
      copy of the backed-up object.
    * Select *Plain* to restore a plain SQL backup. When selecting this option
      all the other options will not be applicable.
+     **Note:** The plain SQL restore process is executed in the backend using
+     the psql command with the \restrict option. The purpose of \restrict is to
+     enhance security by preventing dangerous commands embedded in a plain text
+     dump file from being executed on a PostgreSQL server.
    * Select *Directory* to restore from a compressed directory-format archive.
 
 * Enter the complete path to the backup file in the *Filename* field.
@@ -50,13 +54,13 @@ tab to provide options related to data or pgAdmin objects that correspond to *pg
 * Move switches in the **Sections** field box to specify the content that will be
   restored:
 
-   * Move the switch next to *Pre-data* towards right position to restore all
+   * Move the switch next to *Pre-data* to the *Yes* position to restore all
      data definition items not included in the data or post-data item lists.
 
-   * Move the switch next to *Data* towards right position to restore actual
+   * Move the switch next to *Data* to the *Yes* position to restore actual
      table data, large-object contents, and sequence values.
 
-   * Move the switch next to *Post-data* towards right position position to restore
+   * Move the switch next to *Post-data* to the *Yes* position to restore
      definitions of indexes, triggers, rules, and constraints (other than
      validated check constraints).
 
@@ -67,7 +71,7 @@ tab to provide options related to data or pgAdmin objects that correspond to *pg
 * Move switches in the **Type of objects** field box to specify the objects that
   will be restored:
 
-   * Move the switch next to *Only data* towards right position to limit the
+   * Move the switch next to *Only data* to the *Yes* position to limit the
      restoration to data.
 
    * Move the switch next to *Only schema* to limit the restoration to
@@ -80,29 +84,29 @@ tab to provide options related to data or pgAdmin objects that correspond to *pg
 * Move switches in the **Do not save** box to specify which objects will not
   be restored:
 
-   * Move the switch next to *Owner* towards right position to exclude commands
+   * Move the switch next to *Owner* to the *Yes* position to exclude commands
      that set object ownership.
 
-   * Move the switch next to *Privileges* towards right position to exclude
+   * Move the switch next to *Privileges* to the *Yes* position to exclude
      commands that create access privileges.
 
-   * Move the switch next to *Tablespaces* towards right position to exclude
+   * Move the switch next to *Tablespaces* to the *Yes* position to exclude
      tablespaces.
 
-   * Move the switch next to *Comments* towards right position to exclude
+   * Move the switch next to *Comments* to the *Yes* position to exclude
      commands that set the comments. **Note:** This option is visible only for
      database server greater than or equal to 11.
 
-   * Move the switch next to *Publications* towards right position to exclude
+   * Move the switch next to *Publications* to the *Yes* position to exclude
      publications.
 
-   * Move the switch next to *Subscriptions* towards right position to exclude
+   * Move the switch next to *Subscriptions* to the *Yes* position to exclude
      subscriptions.
 
-   * Move the switch next to *Security labels* towards right position to exclude
+   * Move the switch next to *Security labels* to the *Yes* position to exclude
      Security labels.
 
-   * Move the switch next to *Table access methods* towards right position to exclude
+   * Move the switch next to *Table access methods* to the *Yes* position to exclude
      Table access methods. **Note:** This option is visible only for
      database server greater than or equal to 15.
 
@@ -114,17 +118,17 @@ Click the *Query Options* tab to continue. Use these additional fields to specif
 the type of statements that should be included in the restore:
 
 
-   * Move the switch next to *Include CREATE DATABASE statement* towards right position
+   * Move the switch next to *Include CREATE DATABASE statement* to the *Yes* position
      to include a command that creates a new database before performing the restore.
 
-   * Move the switch next to *Clean before restore* towards right position to
+   * Move the switch next to *Clean before restore* to the *Yes* position to
      drop each existing database object (and data) before restoring.
 
-   * Move the switch next to *Include IF EXISTS clause* towards right
+   * Move the switch next to *Include IF EXISTS clause* to the *Yes*
      position to add an IF EXISTS clause to drop databases and other objects.
      This option is not valid unless *Clean before restore* is also set.
 
-   * Move the switch next to *Single transaction* towards right position to
+   * Move the switch next to *Single transaction* to the *Yes* position to
      execute the restore as a single transaction (that is, wrap the emitted
      commands in *BEGIN/COMMIT*). This ensures that either all the commands
      complete successfully, or no changes are applied. This option implies
@@ -137,12 +141,12 @@ the type of statements that should be included in the restore:
 Click the *Table Options* tab to continue. Use the fields in the *Table Options*
 tab related to tables that should be included in the backup.
 
-   * Move the switch next to *Enable row security* towards right position to
+   * Move the switch next to *Enable row security* to the *Yes* position to
      set row_security to on instead, allowing the user to dump the parts of the
      contents of the table that they have access to. This option is relevant
      only when dumping the contents of a table which has row security.
 
-   * Move the switch next to *No data for failed tables* towards right position
+   * Move the switch next to *No data for failed tables* to the *Yes* position
      to ignore data that fails a trigger.
 
 Click the *Options* tab to continue. Use the fields in the *Options*
@@ -156,20 +160,20 @@ tab to provide other restore options.
   should be excluded from the restore:
 
    * Move the switch next to *Triggers* (active when creating a data-only
-     restore) towards right position to include commands that will disable
+     restore) to the *Yes* position to include commands that will disable
      triggers on the target table while the data is being loaded.
 
 * Move switches in the **Miscellaneous/Behavior** box to specify
   miscellaneous restore options:
 
-   * Move the switch next to *Verbose messages* towards left to instruct
+   * Move the switch next to *Verbose messages* to the *No* position to instruct
      *pg_restore* to exclude verbose messages.
 
-   * Move the switch next to *Use SET SESSION AUTHORIZATION* towards right position
+   * Move the switch next to *Use SET SESSION AUTHORIZATION* to the *Yes* position
      to include a statement that will use a SET SESSION AUTHORIZATION
      command to determine object ownership (instead of an ALTER OWNER command).
 
-   * Move the switch next to *Exit on error* towards right position to instruct
+   * Move the switch next to *Exit on error* to the *Yes* position to instruct
      *pg_restore* to exit restore if there is an error in sending SQL commands.
      The default is to continue and to display a count of errors at the end of
      the restore.
@@ -182,6 +186,6 @@ command, click the *Restore* button to start the process, or click the *Cancel*
 button to exit without saving your work. A popup will confirm if the restore is
 successful.
 
-pgAdmin will run the restore process in background. You can view all the background
-process with there running status and logs on the :ref:`Processes <processes>`
-tab
+pgAdmin will run the restore process in the background. You can view all the background
+processes with their running status and logs on the :ref:`Processes <processes>`
+tab.

docs/en_US/role_dialog.rst

@@ -65,15 +65,26 @@ Use the *Privileges* tab to grant privileges to the role.
 * Move the *Bypass RLS?* switch to the *Yes* position to control whether a
   role can bypasses every row-level security (RLS) policy. The default value is *No*.
 
+Click the *Membership* tab to continue.
+
 .. image:: images/role_membership.png
     :alt: Role dialog membership tab
     :align: center
 
-* Specify member of the role in the *Member of* field and specify the members in the *Member* field.
-  Confirm each selection by checking the checkbox to the right of the role name;
-  delete a selection by clicking the *x* to the left of the role name.
-  Membership conveys the privileges granted to the specified role to each of
-  its members.
+Use the *Membership* tab to define role memberships. A role can be a member of
+other roles and can have other roles as members.
+
+* Use *Member of* section to specify roles of which the current role
+  is a member. To assign *Admin Option* for a selected role, click on 
+  the appropriate checkbox.
+* Use *Members* section to specify roles that are members of the current
+  role. To assign *Admin Option* for a selected role, click on the appropriate checkbox.
+
+Click the *Add* icon (+) to add more roles; to discard a
+role, click the trash icon to the left of the row and confirm the deletion
+in the *Delete Row* popup.
+
+**Note:** Apart from *Admin Option*, *Inherit Option* and *Set Option* are available for both *Member of* section and *Members* section from PostgreSQL version >= 16.
 
 Click the *Parameters* tab to continue.
 
@@ -105,7 +116,7 @@ Use the *Security* tab to define security labels applied to the role. Click the
 
 * Specify a security label provider in the *Provider* field. The named provider
   must be loaded and must consent to the proposed labeling operation.
-* Specify a a security label in the *Security Label* field. The meaning of a
+* Specify a security label in the *Security Label* field. The meaning of a
   given label is at the discretion of the label provider. PostgreSQL places no
   restrictions on whether or how a label provider must interpret security
   labels; it merely provides a mechanism for storing them.

docs/en_US/schema_dialog.rst

@@ -49,7 +49,7 @@ panel:
 
 * Specify a security label provider in the *Provider* field. The named provider
   must be loaded and must consent to the proposed labeling operation.
-* Specify a a security label in the *Security Label* field. The meaning of a
+* Specify a security label in the *Security Label* field. The meaning of a
   given label is at the discretion of the label provider. PostgreSQL places no
   restrictions on whether or how a label provider must interpret security
   labels; it merely provides a mechanism for storing them.

docs/en_US/schema_diff.rst

@@ -79,13 +79,13 @@ same or different (and within the same server or from different servers).
 
 Use the drop-down near to *Compare* button to ignore owner, whitespace, tablespace and grants.
 
- * Ignore Owner – Select to ignores the owner while comparing the objects.
+ * Ignore Owner – Select to ignore the owner while comparing the objects.
 
- * Ignore Whitespace – Select to ignores the whitespace while comparing the string objects. Whitespace includes space, tabs, and CRLF.
+ * Ignore Whitespace – Select to ignore the whitespace while comparing the string objects. Whitespace includes space, tabs, and CRLF.
 
- * Ignore Tablespace – Select to ignores the tablespace while comparing the objects.
+ * Ignore Tablespace – Select to ignore the tablespace while comparing the objects.
 
- * Ignore Grant/Revoke – Select to ignores the grant and revoke command while comparing the objects.
+ * Ignore Grant/Revoke – Select to ignore the grant and revoke command while comparing the objects.
 
 After you select servers, and databases, click on the
 *Compare* button to obtain the *Comparison Result*.

docs/en_US/sequence_dialog.rst

@@ -55,11 +55,11 @@ Use the fields in the *Definition* tab to define the sequence:
   to be preallocated and stored in memory for faster access. The minimum value
   is 1 (only one value can be generated at a time, i.e., no cache), and this is
   also the default.
-* Move the switch next to *Cycled* towards the *right position* to allow the sequence to wrap
+* Move the switch next to *Cycled* to the *Yes* position to allow the sequence to wrap
   around when the MAXVALUE or the MINVALUE has been reached by an ascending or
   descending sequence respectively. If the limit is reached, the next number
   generated will be the MINVALUE or MAXVALUE, respectively. The default is *No*.
-* Move the switch next to *Unlogged?* towards the *right position* to make the sequence Unlogged.
+* Move the switch next to *Unlogged?* to the *Yes* position to make the sequence Unlogged.
   The default is *No*. This option is available only on PostgreSQL 15 and above.
 * The *OWNED BY* option causes the sequence to be associated with a specific
   table column, such that if that column (or its whole table) is dropped, the
@@ -93,7 +93,7 @@ sequence. Click the *Add* icon (+) to add each security label selection:
 
 * Specify a security label provider in the *Provider* field. The named provider
   must be loaded and must consent to the proposed labeling operation.
-* Specify a a security label in the *Security Label* field. The meaning of a
+* Specify a security label in the *Security Label* field. The meaning of a
   given label is at the discretion of the label provider. PostgreSQL places no
   restrictions on whether or how a label provider must interpret security
   labels; it merely provides a mechanism for storing them.
@@ -104,7 +104,7 @@ in the *Delete Row* popup.
 
 Click the *SQL* tab to continue.
 
-Your entries in the *Sequence* dialog generate a generate a SQL command (see an
+Your entries in the *Sequence* dialog generate a SQL command (see an
 example below). Use the *SQL* tab for review; revisit or switch tabs to make any
 changes to the SQL command.
 

docs/en_US/table_dialog.rst

@@ -421,20 +421,20 @@ not-null constraints;  after saving the new or modified table, any changes to
 the original table will not be applied to the new table.
 
 * Use the drop-down listbox next to *Relation* to select a reference table.
-* Move the switch next to *With default values?* towards the *right position* to copy default
+* Move the switch next to *With default values?* to the *Yes* position to copy default
   values.
-* Move the switch next to *With constraints?* towards the *right position* to copy table and
+* Move the switch next to *With constraints?* to the *Yes* position to copy table and
   column constraints.
-* Move the switch next to *With indexes?* towards the *right position* to copy indexes.
-* Move the switch next to *With storage?* towards the *right position* to copy storage settings.
-* Move the switch next to *With comments?* towards the *right position* to copy comments.
-* Move the switch next to *With compression?* towards the *right position* to copy
+* Move the switch next to *With indexes?* to the *Yes* position to copy indexes.
+* Move the switch next to *With storage?* to the *Yes* position to copy storage settings.
+* Move the switch next to *With comments?* to the *Yes* position to copy comments.
+* Move the switch next to *With compression?* to the *Yes* position to copy
   compression method. This option is available only on PostgreSQL 14 and above.
-* Move the switch next to *With generated?* towards the *right position* to copy
+* Move the switch next to *With generated?* to the *Yes* position to copy
   generation expressions of copied column. This option is available only on PostgreSQL 12 and above.
-* Move the switch next to *With identity?* towards the *right position* to copy
+* Move the switch next to *With identity?* to the *Yes* position to copy
   any identity specifications of copied column.
-* Move the switch next to *With statistics?* towards the *right position* to copy
+* Move the switch next to *With statistics?* to the *Yes* position to copy
   extended statistics.
 
 With PostgreSQL 10 forward, the *Partition* tab will be visible.
@@ -531,7 +531,7 @@ function. Click the *Add* icon (+) to add each security label selection:
 
 * Specify a security label provider in the *Provider* field. The named provider
   must be loaded and must consent to the proposed labeling operation.
-* Specify a a security label in the *Security Label* field. The meaning of a
+* Specify a security label in the *Security Label* field. The meaning of a
   given label is at the discretion of the label provider. PostgreSQL places no
   restrictions on whether or how a label provider must interpret security
   labels; it merely provides a mechanism for storing them.

docs/en_US/tablespace_dialog.rst

@@ -75,7 +75,7 @@ tablespace. Click the *Add* icon (+) to add each security label selection:
 
 * Specify a security label provider in the *Provider* field. The named provider
   must be loaded and must consent to the proposed labeling operation.
-* Specify a a security label in the *Security Label* field. The meaning of a
+* Specify a security label in the *Security Label* field. The meaning of a
   given label is at the discretion of the label provider. PostgreSQL places no
   restrictions on whether or how a label provider must interpret security
   labels; it merely provides a mechanism for storing them.

docs/en_US/trigger_function_dialog.rst

@@ -139,7 +139,7 @@ function. Click the *Add* icon (+) to add each security label selection:
 
 * Specify a security label provider in the *Provider* field. The named provider
   must be loaded and must consent to the proposed labeling operation.
-* Specify a a security label in the *Security Label* field. The meaning of a
+* Specify a security label in the *Security Label* field. The meaning of a
   given label is at the discretion of the label provider. PostgreSQL places no
   restrictions on whether or how a label provider must interpret security
   labels; it merely provides a mechanism for storing them.

docs/en_US/type_dialog.rst

@@ -162,7 +162,7 @@ disabled.
   values to a canonical form.
 * Use the drop-down listbox next to *Sub-type diff function* to select a
   user-defined subtype_diff function.
-* Specify the optional *Multirange type name* parameter to specifies the
+* Specify the optional *Multirange type name* parameter to specify the
   name of the corresponding multirange type. If not specified, this name is
   chosen automatically.
 

docs/en_US/user_management.rst

@@ -270,6 +270,50 @@ username/email address.
     /path/to/python /path/to/setup.py get-users --username user1@gmail.com
 
 
+Load Users
+**********
+
+To bulk import users from a JSON file, invoke ``setup.py`` with ``load-users`` command line option,
+followed by the path to the JSON file.
+
+.. code-block:: bash
+
+    /path/to/python /path/to/setup.py load-users /path/to/users.json
+
+**JSON File Format**
+
+The input JSON file must contain a ``users`` array with user objects:
+
+.. code-block:: json
+
+    {
+        "users": [
+            {
+                "username": "admin@example.com",
+                "email": "admin@example.com",
+                "password": "securepassword",
+                "role": "Administrator",
+                "active": true,
+                "auth_source": "internal"
+            },
+            {
+                "username": "ldap_user",
+                "email": "ldap_user@example.com",
+                "role": "User",
+                "active": true,
+                "auth_source": "ldap"
+            }
+        ]
+    }
+
+The command handles errors gracefully:
+
+* Users that already exist are skipped
+* Invalid roles are reported and skipped
+* Missing passwords for internal auth are reported and skipped
+* Passwords shorter than 6 characters are reported and skipped
+
+
 Output
 ******
 

docs/en_US/view_dialog.rst

@@ -86,7 +86,7 @@ Click the *Add* icon (+) to add each security label selection:
 
 * Specify a security label provider in the *Provider* field. The named provider
   must be loaded and must consent to the proposed labeling operation.
-* Specify a a security label in the *Security Label* field. The meaning of a
+* Specify a security label in the *Security Label* field. The meaning of a
   given label is at the discretion of the label provider. PostgreSQL places no
   restrictions on whether or how a label provider must interpret security
   labels; it merely provides a mechanism for storing them.

pkg/debian/build.sh

@@ -86,7 +86,11 @@ EOF
 #!/bin/sh
 
 echo "Load apparmor pgAdmin profile..."
-apparmor_parser -r /etc/apparmor.d/pgadmin4
+if command -v apparmor_parser >/dev/null 2>&1; then
+  apparmor_parser -r /etc/apparmor.d/pgadmin4
+else
+  echo "Warning: apparmor_parser not found, skipping profile load. pgAdmin desktop may not work on Ubuntu 24+ with userns restrictions."
+fi
 EOF
   chmod 755 "${DESKTOPROOT}/DEBIAN/postinst"
 fi

pkg/docker/entrypoint.sh

@@ -23,6 +23,10 @@ function file_env() {
 	local val="$def"
 	if [ "${!var:-}" ]; then
 		val="${!var}"
+	elif [ "${!fileVar:-}" ] && [ ! -r "${!fileVar}" ]; then
+		printf >&2 'error: %s is set to "%s" but the file does not exist or is not readable\n' \
+			"$fileVar" "${!fileVar}"
+		exit 1
 	elif [ "${!fileVar:-}" ]; then
 		val="$(< "${!fileVar}")"
 	fi
@@ -61,9 +65,14 @@ EOF
     # This is a bit kludgy, but necessary as the container uses BusyBox/ash as
     # it's shell and not bash which would allow a much cleaner implementation
     for var in $(env | grep "^PGADMIN_CONFIG_" | cut -d "=" -f 1); do
-        # shellcheck disable=SC2086
-        # shellcheck disable=SC2046
-        echo ${var#PGADMIN_CONFIG_} = $(eval "echo \$$var") >> "${CONFIG_DISTRO_FILE_PATH}"
+        # Get the raw value
+        val=$(eval "echo \"\$$var\"")
+        # This normalization step is what makes 'true', 'True'
+        case "$(echo "$val" | tr '[:upper:]' '[:lower:]')" in
+            true)  val="True" ;;
+            false) val="False" ;;
+        esac
+        echo "${var#PGADMIN_CONFIG_} = $val" >> "${CONFIG_DISTRO_FILE_PATH}"
     done
 fi
 

pkg/helm/README.md

@@ -39,3 +39,7 @@ The chart should dump its version and appVersion in the Chart.yaml file every re
 | `service.loadBalancerIP` | Load balancer IP (Only if service.type is LoadBalancer) | `""` |
 | `ingress.enabled` | Ingress resource creation | `false` |
 | `ingress.hostname` | Ingress resource hostname | `"pgadmin4.local"` |
+| `ingress.tlsSecret` | Ingress tls secret name | `""` |
+| `strategy.type` | Deployment strategy type (RollingUpdate or Recreate) | Kubernetes default (RollingUpdate) |
+| `strategy.rollingUpdate.maxSurge` | Maximum number of pods that can be created over the desired replicas | Kubernetes default (25%) |
+| `strategy.rollingUpdate.maxUnavailable` | Maximum number of pods that can be unavailable during the update | Kubernetes default (25%) |

pkg/helm/templates/configmap-serverDefinitions.yaml

@@ -12,5 +12,5 @@ metadata:
 data:
 {{- $variableToPreserveTPL := tpl (dict "Servers" .Values.serverDefinitions.data | toYaml) . | fromYaml }}
 {{- include "tpl.preserve.variable" $variableToPreserveTPL }}
-  servers.json: | {{ $variableToPreserveTPL | toYaml | nindent 4 }}
-{{- end }}
+  servers.json: | {{ $variableToPreserveTPL | toPrettyJson | nindent 4 }}
+{{- end }}

pkg/helm/templates/deployment.yaml

@@ -10,6 +10,15 @@ metadata:
   {{- end }}
 spec:
   replicas: {{ .Values.replicas }}
+  {{- if .Values.strategy }}
+  strategy:
+    type: {{ .Values.strategy.type }}
+    {{- if and (eq .Values.strategy.type "RollingUpdate") .Values.strategy.rollingUpdate }}
+    rollingUpdate:
+      maxSurge: {{ .Values.strategy.rollingUpdate.maxSurge }}
+      maxUnavailable: {{ .Values.strategy.rollingUpdate.maxUnavailable }}
+    {{- end }}
+  {{- end }}
   selector:
     matchLabels:
       app: {{ default "pgadmin4" .Values.commonLabels.app }}
@@ -131,7 +140,7 @@ spec:
               mountPath: /pgadmin4/config_distro.py
               subPath: config_distro.py
             - name: empty-dir
-              mountPath: /usr/bin/python3
+              mountPath: /usr/local/bin/python3
               subPath: python3
             - name: empty-dir
               mountPath: /tmp
@@ -154,7 +163,7 @@ spec:
               mountPath: /pgadmin4/preferences.json
               subPath: preferences.json
               {{- end }}
-              {{- with .Values.extraVolumes }}
+              {{- with .Values.extraVolumeMounts }}
               {{- . | toYaml | nindent 12 }}
               {{- end }}
           {{- if .Values.startupProbe.enabled }}
@@ -205,7 +214,7 @@ spec:
           image: {{ template "pgadmin4.image" . }}
           imagePullPolicy: {{ .Values.image.pullPolicy }}
           command: ["sh", "-x", "-c"]
-          args: ['ls /usr/bin/python3.* | sort -V -r | head -n 1 | xargs -I {} cp {} python3']
+          args: ['ls /venv/bin/python3.* | sort -V -r | head -n 1 | xargs -i cp {} python3']
           workingDir: /emptyDir
           volumeMounts:
             - name: empty-dir

pkg/helm/templates/ingress.yaml

@@ -21,4 +21,10 @@ spec:
               name: http
         path: /
         pathType: Prefix
+  {{- if .Values.ingress.tlsSecret }}
+  tls:
+  - hosts:
+    - {{ tpl .Values.ingress.hostname . }}
+    secretName: {{ .Values.ingress.tlsSecret }}
+  {{- end }}
 {{- end }}

pkg/helm/values.yaml

@@ -25,6 +25,12 @@ extraDeploy: []
 
 replicas: 1
 
+# strategy:
+#   type: RollingUpdate
+#   rollingUpdate:
+#     maxSurge: 25%
+#     maxUnavailable: 25%
+
 containerPort: 5050
 disablePostfix: true
 enableServiceLinks: false
@@ -98,7 +104,8 @@ ingress:
   enabled: false
   hostname: pgadmin4.local
   annotations: {}
-
+  # If set, enables TLS configuration in the Ingress resource.
+  tlsSecret: ""
 startupProbe:
   enabled: false
   httpGet:
@@ -152,5 +159,5 @@ containerSecurityContext:
   appArmorProfile:
     type: RuntimeDefault
   windowsOptions:
-
     hostProcess: false
+

pkg/mac/Info.plist.in

@@ -45,8 +45,6 @@
 		<key>SYSTEM_VERSION_COMPAT</key>
 		<string>0</string>
 	</dict>
-	<key>LSFileQuarantineEnabled</key>
-	<true/>
 	<key>LSHasLocalizedDisplayName</key>
 	<string>1</string>
 	<key>LSMinimumSystemVersion</key>
@@ -69,5 +67,7 @@
 	<string>scripting.sdef</string>
 	<key>SCMRevision</key>
 	<string>62f83a7521ae1f32e563795732dff0c9da1b660d-refs/heads/master@{#812354}</string>
+	<key>LSApplicationCategoryType</key>
+    <string>public.app-category.developer-tools</string>
 </dict>
 </plist>

pkg/mac/README.md

@@ -16,7 +16,7 @@ Either build the sources or get them from macports or similar:
 1. To bundle a different version of Python from the default of 3.13.1, set the
    *PGADMIN_PYTHON_VERSION* environment variable, e.g:
 
-       export PGADMIN_PYTHON_VERSION=3.13.1
+       export PGADMIN_PYTHON_VERSION=3.13.11
 
 2. If a path different from the default of /usr/local/pgsql for the PostgreSQL
    installation has been used, set the *PGADMIN_POSTGRES_DIR* environment variable

pkg/mac/build-functions.sh

@@ -67,6 +67,9 @@ _build_runtime() {
 }
 
 _create_python_env() {
+    # Force the current shell to not generate cache during build process
+    export PYTHONDONTWRITEBYTECODE=1
+
     echo "Creating the Python environment..."
     PATH=${PGADMIN_POSTGRES_DIR}/bin:${PATH}
     LD_LIBRARY_PATH=${PGADMIN_POSTGRES_DIR}/lib:${LD_LIBRARY_PATH}
@@ -87,7 +90,7 @@ _create_python_env() {
         --destination "${BUNDLE_DIR}/Contents/Frameworks/"
 
     "${BUNDLE_DIR}/Contents/Frameworks/Python.framework/Versions/Current/bin/python3" -m ensurepip --upgrade || exit 1
-    "${BUNDLE_DIR}/Contents/Frameworks/Python.framework/Versions/Current/bin/pip3" install -r "${SOURCE_DIR}/requirements.txt" || exit 1
+    "${BUNDLE_DIR}/Contents/Frameworks/Python.framework/Versions/Current/bin/pip3" install --no-cache-dir -r "${SOURCE_DIR}/requirements.txt" || exit 1
 
     # Make sure all the .so's in the Python env have the executable bit set
     # so they get properly signed later
@@ -135,7 +138,7 @@ _build_docs() {
     # shellcheck disable=SC1091
     source "${BUILD_ROOT}/venv/bin/activate"
     pip3 install --upgrade pip
-    pip3 install -r "${SOURCE_DIR}/requirements.txt"
+    pip3 install --no-cache-dir -r "${SOURCE_DIR}/requirements.txt"
     pip3 install sphinx==7.4.7
     pip3 install sphinxcontrib-youtube
 
@@ -334,6 +337,10 @@ _codesign_binaries() {
         return
     fi
 
+    echo "Purging build-machine pollution (pycache) before signing..."
+    find "${BUNDLE_DIR}" -name "__pycache__" -type d -exec rm -rf {} +
+    find "${BUNDLE_DIR}" -name "*.pyc" -delete
+
     if [ -z "${DEVELOPER_ID}" ] ; then
         echo "Developer ID Application not found in codesign.conf" >&2
         exit 1

pkg/mac/build.sh

@@ -53,8 +53,8 @@ if [ "${PGADMIN_POSTGRES_DIR}" == "" ]; then
 fi
 
 if [ "${PGADMIN_PYTHON_VERSION}" == "" ]; then
-    echo "PGADMIN_PYTHON_VERSION not set. Setting it to the default: 3.13.1"
-    export PGADMIN_PYTHON_VERSION=3.13.1
+    echo "PGADMIN_PYTHON_VERSION not set. Setting it to the default: 3.13.11"
+    export PGADMIN_PYTHON_VERSION=3.13.11
 fi
 
 # Initialize variables

pkg/mac/licence.rtf

@@ -10,7 +10,7 @@
 \fs22 \
 \
 
-\f1\i Copyright (C) 2013 - 2025, The pgAdmin Development Team
+\f1\i Copyright (C) 2013 - 2026, The pgAdmin Development Team
 \f0\i0 \
 \
 Permission to use, copy, modify, and distribute this software and its documentation for any purpose, without fee, and without a written agreement is hereby granted, provided that the above copyright notice and this paragraph and the following two paragraphs appear in all copies.\

pkg/pip/build.sh

@@ -4,7 +4,7 @@
 #
 # pgAdmin 4 - PostgreSQL Tools
 #
-# Copyright (C) 2013 - 2025, The pgAdmin Development Team
+# Copyright (C) 2013 - 2026, The pgAdmin Development Team
 # This software is released under the PostgreSQL Licence
 #
 #########################################################################

pkg/pip/setup_pip.py

@@ -2,7 +2,7 @@
 #
 # pgAdmin 4 - PostgreSQL Tools
 #
-# Copyright (C) 2013 - 2025, The pgAdmin Development Team
+# Copyright (C) 2013 - 2026, The pgAdmin Development Team
 # This software is released under the PostgreSQL Licence
 #
 ##########################################################################

pkg/redhat/setup.sh

@@ -61,8 +61,6 @@ echo
 %_gpg_path ~/.gnupg
 %_gpg_name <your signing key>
 %_gpgbin /usr/bin/gpg2
-%__gpg_sign_cmd %{__gpg} gpg --force-v3-sigs --batch --verbose --no-armor --no-secmem-warning -u "%{_gpg_name}" -sbo %{__signature_filename
-} --digest-algo sha256 %{__plaintext_filename}
 EOF
 
 echo

pkg/src/build.sh

@@ -4,7 +4,7 @@
 #
 # pgAdmin 4 - PostgreSQL Tools
 #
-# Copyright (C) 2013 - 2025, The pgAdmin Development Team
+# Copyright (C) 2013 - 2026, The pgAdmin Development Team
 # This software is released under the PostgreSQL Licence
 #
 #########################################################################

requirements.txt

@@ -12,13 +12,14 @@
 # relevant packages.
 ###############################################################################
 
-Authlib==1.6.5
-azure-identity==1.25.1
-azure-mgmt-rdbms==10.1.0
-azure-mgmt-resource==24.0.0
+Authlib==1.6.9
+azure-identity==1.25.3
+azure-mgmt-rdbms==10.1.1
+azure-mgmt-resource==25.0.0
 azure-mgmt-subscription==3.1.1
 bcrypt==5.0.*
-boto3==1.40.*
+boto3==1.42.*
+certifi==2026.2.25
 cryptography==46.0.*
 Flask-Babel==4.0.*
 Flask-Compress==1.*
@@ -27,35 +28,37 @@ Flask-Mail==0.*
 Flask-Migrate==4.*
 Flask-Paranoid==0.*
 Flask-Security-Too==5.4.*; python_version <= '3.9'
-Flask-Security-Too==5.6.*; python_version > '3.9'
-Flask-SocketIO==5.5.*
+Flask-Security-Too==5.7.*; python_version > '3.9'
+Flask-SocketIO==5.6.*
 Flask-SQLAlchemy==3.1.*
 Flask-WTF==1.2.*
 Flask==3.1.*
 google-api-python-client==2.*
-google-auth-oauthlib==1.2.3
-gssapi==1.10.*
+google-auth-oauthlib==1.3.0
+gssapi==1.11.*
 jsonformatter~=0.3.4
 keyring==25.*
 ldap3==2.*
 libgravatar==1.0.*
 paramiko==3.5.1
 passlib==1.*
-psutil==7.1.*
-psycopg[c]==3.2.12
+psutil==7.2.*
+psycopg[c]==3.2.13; python_version < '3.10'
+psycopg[c]==3.3.3; python_version >= '3.10'
 pyotp==2.*
 python-dateutil==2.*
-pytz==2025.*
+pytz==2026.*
 # pinned for https://github.com/andfoy/pywinpty/issues/545
 pywinpty==2.0.*; sys_platform=="win32"
-qrcode[pil]==8.*; python_version >= '3.9'
-setuptools==80.*
+qrcode[pil]==8.*
+setuptools==82.*
 SQLAlchemy==2.*
 sqlparse==0.*
 sshtunnel==0.*
-typer[all]==0.20.*
+typer[all]==0.23.*; python_version <= '3.9'
+typer[all]==0.24.*; python_version > '3.9'
 urllib3==1.26.*; python_version <= '3.9'
-urllib3==2.5.*;  python_version > '3.9'
+urllib3==2.6.*;  python_version > '3.9'
 user-agents==2.2.0
 Werkzeug==3.1.*
 WTForms==3.1.*; python_version <= '3.9'

runtime/.eslintrc.js

@@ -2,7 +2,7 @@
 //
 // pgAdmin 4 - PostgreSQL Tools
 //
-// Copyright (C) 2013 - 2025, The pgAdmin Development Team
+// Copyright (C) 2013 - 2026, The pgAdmin Development Team
 // This software is released under the PostgreSQL Licence
 //
 //////////////////////////////////////////////////////////////