Fixed Python & feature test failures caused by Werkzeug 3.1.7 rejecting empty Host header in CSRF token generation.

* Address CodeRabbit review feedback for streaming and SQL extraction.

- Anthropic: preserve separators between text blocks in streaming to
  match _parse_response() behavior.
- Docker: validate that the API URL points to a loopback address to
  constrain the request surface.
- Docker/OpenAI: raise LLMClientError on empty streams instead of
  yielding blank LLMResponse objects, matching non-streaming behavior.
- SQL extraction: strip trailing semicolons before joining blocks to
  avoid double semicolons in output.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* Address remaining CodeRabbit review feedback for streaming and rendering.

- Use distinct 3-tuple ('complete', text, messages) for completion events
  to avoid ambiguity with ('tool_use', [...]) 2-tuples in chat streaming.
- Pass conversation history from request into chat_with_database_stream()
  so follow-up NLQ turns retain context.
- Add re.IGNORECASE to SQL fence regex for case-insensitive matching.
- Render MarkdownContent as block element instead of span to avoid
  invalid DOM when response contains paragraphs, lists, or tables.
- Keep stop notice as a separate message instead of appending to partial
  markdown, preventing it from being swallowed by open code fences.
- Snapshot streamingIdRef before setMessages in error handler to avoid
  race condition where ref is cleared before React executes the updater.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* Address CodeRabbit review feedback for streaming providers and history.

- Fix critical NameError: use self._api_url instead of undefined API_URL
  in anthropic and openai streaming _process_stream() methods.
- Match sync path auth handling: conditionally set API key headers in
  streaming paths for both anthropic and openai providers.
- Remove unconditional temperature from openai streaming payload to
  match sync path compatibility approach.
- Add URL scheme validation to OllamaClient.__init__ to prevent unsafe
  local/resource access via non-http schemes.
- Guard ollama streaming finalizer: raise error when stream drops
  without a done frame and no content was received.
- Update chat.py type hint and docstring for 3-tuple completion event.
- Serialize and return filtered conversation history in the complete
  SSE event so the client can round-trip it on follow-up turns.
- Store and send conversation history from NLQChatPanel, clear on
  conversation reset.
- Fix JSON-fallback SQL render path: clear content when SQL was
  extracted without fenced blocks so ChatMessage uses sql-only renderer.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* Fix missing closing brace in NLQChatPanel switch statement.

Adding block scoping to the error case introduced an unmatched brace
that prevented the switch statement from closing properly, causing
an eslint parse error.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* Fix missing compaction module and SQL extraction test.

- Replace compaction module imports with inline history deserialization
  and filtering since compaction.py is on a different branch.
- Add rstrip(';') to SQL extraction test to match production code,
  fixing double-semicolon assertion failure.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* Fix SQL extraction test expected values after rstrip(';') change.

The rstrip(';') applied to each block before joining means single
blocks and the last block in multi-block joins no longer have
trailing semicolons. Update expected values to match.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* Strictly guard Ollama stream: raise if no terminal done frame received.

Truncated content from a dropped connection should not be treated as
a complete response, even if partial text was streamed. Always raise
when final_data is None, matching CodeRabbit's recommendation.

.github/workflows/run-feature-tests-epas.yml

@@ -21,7 +21,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        pgver: [13, 14, 15, 16, 17]
+        pgver: [14, 15, 16, 17, 18]
 
     runs-on: ubuntu-22.04
 

.github/workflows/run-feature-tests-pg.yml

@@ -20,7 +20,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        pgver: [13, 14, 15, 16, 17, 18]
+        pgver: [14, 15, 16, 17, 18]
 
     runs-on: ubuntu-22.04
 

.github/workflows/run-python-tests-epas.yml

@@ -32,7 +32,7 @@ jobs:
       fail-fast: false
       matrix:
         os: [ubuntu-22.04, windows-latest]
-        pgver: [13, 14, 15, 16, 17]
+        pgver: [14, 15, 16, 17, 18]
 
     runs-on: ${{ matrix.os }}
 

.github/workflows/run-python-tests-pg.yml

@@ -21,7 +21,7 @@ jobs:
       fail-fast: false
       matrix:
         os: [macos-latest, ubuntu-22.04, windows-latest]
-        pgver: [13, 14, 15, 16, 17, 18]
+        pgver: [14, 15, 16, 17, 18]
 
     runs-on: ${{ matrix.os }}
 

Dockerfile

@@ -2,7 +2,7 @@
 #
 # pgAdmin 4 - PostgreSQL Tools
 #
-# Copyright (C) 2013 - 2025, The pgAdmin Development Team
+# Copyright (C) 2013 - 2026, The pgAdmin Development Team
 # This software is released under the PostgreSQL Licence
 #
 #########################################################################
@@ -31,32 +31,28 @@ RUN apk add --no-cache \
     yarn \
     zlib-dev
 
-COPY .git /pgadmin4/.git
-# Create the /pgadmin4 directory and copy the source into it. Explicitly
-# remove the node_modules directory as we'll recreate a clean version, as well
-# as various other files we don't want
+# Create the /pgadmin4 directory and copy the source into it
 COPY web /pgadmin4/web
-
 WORKDIR /pgadmin4/web
 
 # Build the JS vendor code in the app-builder, and then remove the vendor source.
-RUN export CPPFLAGS="-DPNG_ARM_NEON_OPT=0" && \
+RUN --mount=type=bind,source=.git,target=/pgadmin4/.git \
+    --mount=type=tmpfs,target=node_modules \
+    --mount=type=tmpfs,target=pgadmin/static/js/generated/.cache \
+    export CPPFLAGS="-DPNG_ARM_NEON_OPT=0" && \
     npm install -g corepack && \
     corepack enable && \
     yarn set version berry && \
     yarn set version 4 && \
     yarn install && \
     yarn run bundle && \
-    rm -rf node_modules \
-           yarn.lock \
+    rm -rf yarn.lock \
            package.json \
            .[^.]* \
            babel.cfg \
            webpack.* \
            jest.config.js \
-           babel.* \
-           ./pgadmin/static/js/generated/.cache \
-           /pgadmin4/.git
+           babel.*
 
 #########################################################################
 # Next, create the base environment for Python
@@ -65,7 +61,6 @@ RUN export CPPFLAGS="-DPNG_ARM_NEON_OPT=0" && \
 FROM python:3-alpine AS env-builder
 
 # Install dependencies
-COPY requirements.txt /
 RUN apk add --no-cache \
         make && \
     apk add --no-cache --virtual build-deps \
@@ -78,8 +73,9 @@ RUN apk add --no-cache \
         cargo \
         zlib-dev \
         libjpeg-turbo-dev \
-        libpng-dev && \
-    python3 -m venv --system-site-packages --without-pip /venv && \
+        libpng-dev
+COPY requirements.txt /
+RUN python3 -m venv --system-site-packages --without-pip /venv && \
     /venv/bin/python3 -m pip install --no-cache-dir -r requirements.txt && \
     apk del --no-cache build-deps
 

LICENSE

@@ -4,7 +4,7 @@ pgAdmin 4
 This software is released under the PostgreSQL licence.
 
 -------------------------------------------------------------------------------
-Copyright (C) 2013 - 2025, The pgAdmin Development Team
+Copyright (C) 2013 - 2026, The pgAdmin Development Team
 
 Permission to use, copy, modify, and distribute this software and its
 documentation for any purpose, without fee, and without a written agreement is

Make.bat

@@ -59,6 +59,7 @@ REM Main build sequence Ends
     IF "%PGADMIN_VCREDIST_DIR%" == "" SET "PGADMIN_VCREDIST_DIR=C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Redist\MSVC\14.40.33807"
     IF "%PGADMIN_VCREDIST_FILE%" == "" SET "PGADMIN_VCREDIST_FILE=vc_redist.x64.exe"
     IF "%PGADMIN_SIGNTOOL_DIR%" == "" SET "PGADMIN_SIGNTOOL_DIR=C:\Program Files (x86)\Windows Kits\10\bin\10.0.22621.0\x64"
+    IF "%PGADMIN_WINDOWS_CSC%" == "" SET "PGADMIN_WINDOWS_CSC="
 
     REM Set additional variables we need
     FOR /F "tokens=3" %%a IN ('findstr /C:"APP_RELEASE =" %WD%\web\version.py')  DO SET APP_MAJOR=%%a
@@ -99,6 +100,11 @@ REM Main build sequence Ends
     ECHO VC++ redist file:          %PGADMIN_VCREDIST_FILE%
     ECHO InnoTool directory:        %PGADMIN_INNOTOOL_DIR%
     ECHO signtool directory:        %PGADMIN_SIGNTOOL_DIR%
+    IF "%PGADMIN_WINDOWS_CSC%" == "" (
+        ECHO Code signing certificate:  [NONE - Signing disabled]
+    ) ELSE (
+        ECHO Code signing certificate:  %PGADMIN_WINDOWS_CSC%
+    )
     ECHO.
     ECHO App version:               %APP_VERSION%
     ECHO App version suffix:        %APP_VERSION_SUFFIX%
@@ -306,14 +312,18 @@ REM Main build sequence Ends
     %TMPDIR%\rcedit-x64.exe "%BUILDROOT%\runtime\pgAdmin4.exe" --set-version-string "ProductName" "%APP_NAME%"
     %TMPDIR%\rcedit-x64.exe "%BUILDROOT%\runtime\pgAdmin4.exe" --set-product-version "%APP_VERSION%""
 
-    ECHO Attempting to sign the pgAdmin4.exe...
-    CALL "%PGADMIN_SIGNTOOL_DIR%\signtool.exe" sign /fd certHash /tr http://timestamp.digicert.com /td SHA256 "%BUILDROOT%\runtime\pgAdmin4.exe"
-    IF %ERRORLEVEL% NEQ 0 (
-        ECHO.
-        ECHO ************************************************************
-        ECHO * Failed to sign the pgAdmin4.exe
-        ECHO ************************************************************
-        PAUSE
+    IF NOT "%PGADMIN_WINDOWS_CSC%" == "" (
+        ECHO Attempting to sign the pgAdmin4.exe...
+        CALL "%PGADMIN_SIGNTOOL_DIR%\signtool.exe" sign /sm /n "%PGADMIN_WINDOWS_CSC%" /tr http://timestamp.digicert.com /td sha256 /fd sha1 /v "%BUILDROOT%\runtime\pgAdmin4.exe"
+        IF %ERRORLEVEL% NEQ 0 (
+            ECHO.
+            ECHO ************************************************************
+            ECHO * Failed to sign the pgAdmin4.exe
+            ECHO ************************************************************
+            PAUSE
+        )
+    ) ELSE (
+        ECHO Skipping code signing ^(PGADMIN_WINDOWS_CSC is not set^)...
     )
 
     ECHO Staging PostgreSQL components...
@@ -356,7 +366,11 @@ REM Main build sequence Ends
     DEL /s "%WD%\pkg\win32\installer.iss.in_stage*" > nul
 
     ECHO Creating windows installer using INNO tool...
-    CALL "%PGADMIN_INNOTOOL_DIR%\ISCC.exe" "%WD%\pkg\win32\installer.iss" "/SpgAdminSigntool=%PGADMIN_SIGNTOOL_DIR%\signtool.exe sign /fd certHash /tr http://timestamp.digicert.com /td SHA256 $f" || EXIT /B 1
+    IF NOT "%PGADMIN_WINDOWS_CSC%" == "" (
+        CALL "%PGADMIN_INNOTOOL_DIR%\ISCC.exe" "%WD%\pkg\win32\installer.iss" "/SpgAdminSigntool=%PGADMIN_SIGNTOOL_DIR%\signtool.exe sign /sm /n $q%PGADMIN_WINDOWS_CSC%$q /tr http://timestamp.digicert.com /td sha256 /fd sha1 /v $f" || EXIT /B 1
+    ) ELSE (
+        CALL "%PGADMIN_INNOTOOL_DIR%\ISCC.exe" "%WD%\pkg\win32\installer.iss" || EXIT /B 1
+    )
 
     ECHO Renaming installer...
     MOVE "%WD%\pkg\win32\Output\pgadmin4-setup.exe" "%DISTROOT%\%INSTALLERNAME%" > nul || EXIT /B 1
@@ -374,6 +388,11 @@ REM Main build sequence Ends
     EXIT /B 0
 
 :VERIFY_SIGNATURE
+    IF "%PGADMIN_WINDOWS_CSC%" == "" (
+        ECHO Skipping signature verification ^(PGADMIN_WINDOWS_CSC is not set^)...
+        EXIT /B 0
+    )
+
     ECHO Verifying the installer signature...
 
     CALL "%PGADMIN_SIGNTOOL_DIR%\signtool.exe" verify /pa /v "%DISTROOT%\%INSTALLERNAME%"

Makefile

@@ -2,7 +2,7 @@
 #
 # pgAdmin 4 - PostgreSQL Tools
 #
-# Copyright (C) 2013 - 2025, The pgAdmin Development Team
+# Copyright (C) 2013 - 2026, The pgAdmin Development Team
 # This software is released under the PostgreSQL Licence
 #
 #########################################################################

docs/en_US/ai_tools.rst

@@ -0,0 +1,249 @@
+.. _ai_tools:
+
+*******************
+`AI Reports`:index:
+*******************
+
+**AI Reports** is a feature that provides AI-powered database analysis and insights
+using Large Language Models (LLMs). Use the *Tools → AI Reports* menu to access
+the various AI-powered reports.
+
+The AI Reports feature allows you to:
+
+ * Generate security reports to identify potential security vulnerabilities and configuration issues.
+
+ * Create performance reports with optimization recommendations for queries and configurations.
+
+ * Perform design reviews to analyze database schema structure and suggest improvements.
+
+**Prerequisites:**
+
+Before using AI Reports, you must:
+
+ 1. Ensure AI features are enabled in the server configuration (set ``LLM_ENABLED`` to ``True`` in ``config.py``).
+
+ 2. Configure an LLM provider in :ref:`Preferences → AI <preferences>`.
+
+**Note:**
+
+ * AI Reports using cloud providers (Anthropic, OpenAI) require an active internet connection.
+   Local providers (Ollama, Docker Model Runner) do not require internet access.
+
+ * API usage may incur costs depending on your LLM provider's pricing model.
+   Local providers (Ollama, Docker Model Runner) are free to use.
+
+ * The quality and accuracy of reports depend on the LLM provider and model configured.
+
+
+Configuring AI Reports
+**********************
+
+To configure AI Reports, navigate to *File → Preferences → AI* (or click the *Settings*
+button and select *AI*).
+
+.. image:: images/preferences_ai.png
+    :alt: AI preferences
+    :align: center
+
+Select your preferred LLM provider from the dropdown:
+
+**Anthropic**
+  Use Claude models from Anthropic, or any Anthropic-compatible API provider.
+
+  * **API URL**: Custom API endpoint URL (leave empty for default: https://api.anthropic.com/v1).
+  * **API Key File**: Path to a file containing your Anthropic API key (obtain from https://console.anthropic.com/). This path refers to the filesystem where the pgAdmin server is running (e.g., inside the container if using Docker). The ``~`` prefix is expanded to the home directory of the user running the pgAdmin server process. Optional when using a custom URL with a provider that does not require authentication.
+  * **Model**: Select from available Claude models (e.g., claude-sonnet-4-20250514).
+
+**OpenAI**
+  Use GPT models from OpenAI, or any OpenAI-compatible API provider (e.g.,
+  LiteLLM, LM Studio, EXO, or other local inference servers).
+
+  * **API URL**: Custom API endpoint URL (leave empty for default: https://api.openai.com/v1). Include the ``/v1`` path prefix if required by your provider.
+  * **API Key File**: Path to a file containing your OpenAI API key (obtain from https://platform.openai.com/). This path refers to the filesystem where the pgAdmin server is running (e.g., inside the container if using Docker). The ``~`` prefix is expanded to the home directory of the user running the pgAdmin server process. Optional when using a custom URL with a provider that does not require authentication.
+  * **Model**: Select from available GPT models (e.g., gpt-4).
+
+**Ollama**
+  Use locally-hosted open-source models via Ollama. Requires a running Ollama instance.
+
+  * **API URL**: The URL of your Ollama server (default: http://localhost:11434).
+  * **Model**: Enter the name of the Ollama model to use (e.g., llama2, mistral).
+
+**Docker Model Runner**
+  Use models running in Docker Desktop's built-in model runner (available in Docker Desktop 4.40+).
+  No API key is required.
+
+  * **API URL**: The URL of the Docker Model Runner API (default: http://localhost:12434).
+  * **Model**: Select from available models or enter a custom model name.
+
+.. note:: You can also use the *OpenAI* provider with a custom API URL for any
+   OpenAI-compatible endpoint, including Docker Model Runner and other local
+   inference servers.
+
+After configuring your provider, click *Save* to apply the changes.
+
+
+Security Reports
+****************
+
+Security Reports analyze your PostgreSQL server, database, or schema for potential
+security vulnerabilities and configuration issues.
+
+To generate a security report:
+
+1. In the *Browser* tree, select a server, database, or schema.
+
+2. Choose *Tools → AI Reports → Security* from the menu, or right-click the
+   object and select *Security* from the context menu.
+
+3. The report will be generated and displayed in a new tab.
+
+.. image:: images/ai_security_report.png
+    :alt: AI security report
+    :align: center
+
+**Security Report Scope:**
+
+* **Server Level**: Analyzes server configuration, authentication settings, roles, and permissions.
+
+* **Database Level**: Reviews database-specific security settings, roles with database access, and object permissions.
+
+* **Schema Level**: Examines schema permissions, object ownership, and access controls.
+
+Each report includes:
+
+* **Security Findings**: Identified vulnerabilities or security concerns.
+
+* **Risk Assessment**: Severity levels for each finding (Critical, High, Medium, Low).
+
+* **Recommendations**: Specific actions to remediate security issues.
+
+* **Best Practices**: General security recommendations for PostgreSQL.
+
+
+Performance Reports
+*******************
+
+Performance Reports analyze query performance, configuration settings, and provide
+optimization recommendations.
+
+To generate a performance report:
+
+1. In the *Browser* tree, select a server or database.
+
+2. Choose *Tools → AI Reports → Performance* from the menu, or right-click the
+   object and select *Performance* from the context menu.
+
+3. The report will be generated and displayed in a new tab.
+
+**Performance Report Scope:**
+
+* **Server Level**: Analyzes server configuration parameters, resource utilization, and overall server performance metrics.
+
+* **Database Level**: Reviews database-specific configuration, query performance, index usage, and table statistics.
+
+Each report includes:
+
+* **Performance Metrics**: Key performance indicators and statistics.
+
+* **Configuration Analysis**: Review of relevant configuration parameters.
+
+* **Query Optimization**: Recommendations for improving slow queries.
+
+* **Index Recommendations**: Suggestions for adding, removing, or modifying indexes.
+
+* **Capacity Planning**: Resource utilization trends and recommendations.
+
+
+Design Review Reports
+*********************
+
+Design Review Reports analyze your database schema structure and suggest
+improvements for normalization, naming conventions, and best practices.
+
+To generate a design review report:
+
+1. In the *Browser* tree, select a database or schema.
+
+2. Choose *Tools → AI Reports → Design* from the menu, or right-click the
+   object and select *Design* from the context menu.
+
+3. The report will be generated and displayed in a new tab.
+
+**Design Review Scope:**
+
+* **Database Level**: Reviews overall database structure, schema organization, and cross-schema dependencies.
+
+* **Schema Level**: Analyzes tables, views, functions, and other objects within the schema.
+
+Each report includes:
+
+* **Schema Structure Analysis**: Review of table structures, relationships, and constraints.
+
+* **Normalization Review**: Recommendations for database normalization (1NF, 2NF, 3NF, etc.).
+
+* **Naming Conventions**: Suggestions for consistent naming patterns.
+
+* **Data Type Usage**: Review of data type choices and recommendations.
+
+* **Index Design**: Analysis of indexing strategy.
+
+* **Best Practices**: General PostgreSQL schema design recommendations.
+
+
+Working with Reports
+********************
+
+All AI reports are displayed in a dedicated panel with the following features:
+
+**Report Display**
+  Reports are formatted as Markdown and rendered with syntax highlighting for SQL code.
+
+**Toolbar Actions**
+
+  * **Stop** - Cancel the current report generation. This is useful if the report
+    is taking too long or if you want to change parameters.
+
+  * **Regenerate** - Generate a new report for the same object. Useful when you
+    want to get a fresh analysis or if data has changed.
+
+  * **Download** - Download the report as a Markdown (.md) file. The filename
+    includes the report type, object name, and date for easy identification.
+
+**Multiple Reports**
+  You can generate and view multiple reports simultaneously. Each report opens in
+  a new tab, allowing you to compare reports across different servers, databases,
+  or schemas.
+
+**Report Management**
+  Each report tab can be closed individually by clicking the *X* in the tab.
+  Panel titles show the object name and report type for easy identification.
+
+**Copying Content**
+  You can select and copy text from reports to use in documentation or share with
+  your team.
+
+
+Troubleshooting
+***************
+
+**"AI features are disabled in the server configuration"**
+  The administrator has disabled AI features on the server. Contact your
+  pgAdmin administrator to enable the ``LLM_ENABLED`` configuration option.
+
+**"Please configure an LLM provider in Preferences"**
+  You need to configure an LLM provider before using AI Reports. See *Configuring AI Reports* above.
+
+**"Please connect to the server/database first"**
+  You must establish a connection to the server or database before generating reports.
+
+**API Connection Errors**
+  * Verify your API key is correct (for Anthropic and OpenAI).
+  * Check your internet connection (for cloud providers).
+  * For Ollama, ensure the Ollama server is running and accessible.
+  * For Docker Model Runner, ensure Docker Desktop 4.40+ is running with the model runner enabled.
+  * Check that your firewall allows connections to the LLM provider's API.
+
+**Report Generation Fails**
+  * Check the pgAdmin logs for detailed error messages.
+  * Verify the database connection is still active.
+  * Ensure the selected model is available for your account/subscription.

docs/en_US/code_review.rst

@@ -16,7 +16,7 @@ review process for any changes submitted for inclusion in pgAdmin.
   bulk updates every year). The start date should always be 2013, and the end year
   the current year, e.g.
 
-    Copyright (C) 2013 - 2025, The pgAdmin Development Team
+    Copyright (C) 2013 - 2026, The pgAdmin Development Team
 
 * Ensure there's a blank line immediately following any copyright headers.
 

docs/en_US/coding_standards.rst

@@ -120,7 +120,7 @@ with the required file header is shown below::
     #
     # pgAdmin 4 - PostgreSQL Tools
     #
-    # Copyright (C) 2013 - 2025, The pgAdmin Development Team
+    # Copyright (C) 2013 - 2026, The pgAdmin Development Team
     # This software is released under the PostgreSQL Licence
     #
     ##########################################################################

docs/en_US/developer_tools.rst

@@ -17,3 +17,4 @@ PL/SQL code.
    schema_diff
    erd_tool
    psql_tool
+   ai_tools

docs/en_US/import_export_servers.rst

@@ -196,4 +196,4 @@ The following example shows both a minimally defined and a fully defined server:
         }
     }
 
-.. note:: If you're running pgAdmin in Server Mode, the values for parameters that require file paths should be specified relative to the user's home directory which is /<DATA_DIR>/storage/<user_id>/. If DATA_DIR is not specified, then it will /var/libe/pgadmin/storage/<user_id>/
+.. note:: If you're running pgAdmin in Server Mode, the values for parameters that require file paths should be specified relative to the user's home directory which is /<DATA_DIR>/storage/<user_id>/. If DATA_DIR is not specified, then it will be /var/lib/pgadmin/storage/<user_id>/

docs/en_US/index_dialog.rst

@@ -51,6 +51,28 @@ Use the fields in the *Definition* tab to define the index:
 * Use the drop-down listbox next to *Depends on extensions* to select the extension 
   that this index depends on (for example, edbspl). If set, dropping the extension 
   will automatically drop the index as well.
+* Move the switch next to *Only Table?* to the *Yes* position to create the index
+  only on the parent table without recursing to its partitions. This button will be
+  enabled for partition tables only. The default is *No*.
+* Move the switch next to *Unique?* to the *Yes* position to check for duplicate values
+  in the table when the index is created and when data is added. The default is *No*.
+* Move the switch next to *NULLs not distinct?* to the *Yes* position to treat null values as not distinct. 
+  The default is *No*. This option is available only on PostgreSQL 15 and above.
+* Move the *Clustered?* switch to the *Yes* position to instruct the server to
+  cluster the table.
+* Move the *Concurrent build?* switch to the *Yes* position to build the index
+  without taking any locks that prevent concurrent inserts, updates, or deletes
+  on the table.
+* Use the *Constraint* field to provide a constraint expression; a constraint
+  expression limits the entries in the index to those rows that satisfy the
+  constraint.
+
+Click the *With* tab to continue.
+
+.. image:: images/index_with.png
+    :alt: Index dialog with tab
+    :align: center
+
 * Use the *Fill Factor* field to specify a fill factor for the index. The fill
   factor specifies how full the selected method will try to fill each index
   page.
@@ -66,18 +88,6 @@ Use the fields in the *Definition* tab to define the index:
   The default is *Yes*.
 * Move the switch next to *Autosummarize* to the *Yes* position to define whether a summarization run is 
   queued for the previous page range whenever an insertion is detected on the next one. The default is *No*
-* Move the switch next to *Unique?* to the *Yes* position to check for duplicate values
-  in the table when the index is created and when data is added. The default is *No*.
-* Move the switch next to *NULLs not distinct?* to the *Yes* position to treat null values as not distinct. 
-  The default is *No*. This option is available only on PostgreSQL 15 and above.
-* Move the *Clustered?* switch to the *Yes* position to instruct the server to
-  cluster the table.
-* Move the *Concurrent build?* switch to the *Yes* position to build the index
-  without taking any locks that prevent concurrent inserts, updates, or deletes
-  on the table.
-* Use the *Constraint* field to provide a constraint expression; a constraint
-  expression limits the entries in the index to those rows that satisfy the
-  constraint.
 
 Click the *Columns* tab to continue.
 

docs/en_US/licence.rst

@@ -13,7 +13,7 @@ documentation is attributed to the
 
 .. topic:: pgAdmin 4
 
-    Copyright (C) 2013 - 2025, The pgAdmin Development Team
+    Copyright (C) 2013 - 2026, The pgAdmin Development Team
 
     Permission to use, copy, modify, and distribute this software and its
     documentation for any purpose, without fee, and without a written agreement is

docs/en_US/menu_bar.rst

@@ -5,8 +5,10 @@
 *****************
 
 The pgAdmin menu bar provides drop-down menus for access to options, commands,
-and utilities. The menu bar displays the following selections: *File*, *Object*,
-Tools*, and *Help*. Selections may be grayed out which indicates they are
+and utilities. Its layout adapts based on your deployment: in Web mode,
+you will see *File*, *Object*, *Tools*, and *Help* menus. In Desktop mode,
+the *pgAdmin4* application menu replaces the standard *File* menu.
+Selections may be grayed out which indicates they are
 disabled for the object currently selected in the *pgAdmin* tree control.
 
 The File Menu
@@ -16,7 +18,7 @@ The File Menu
     :alt: pgAdmin file menu bar
     :align: center
 
-Use the *File* menu to access the following options:
+Use the *File* menu available in web mode to access the following options:
 
 +-------------------------+---------------------------------------------------------------------------------------------------------+
 | Option                  | Action                                                                                                  |
@@ -25,8 +27,30 @@ Use the *File* menu to access the following options:
 +-------------------------+---------------------------------------------------------------------------------------------------------+
 | *Reset Layout*          | If you have modified the workspace, click to restore the default layout.                                |
 +-------------------------+---------------------------------------------------------------------------------------------------------+
-| *Runtime*               | Click to open a submenu to Configure, View Log and Zoom settings. Only visible when pgAdmin4 runs in    |
-|                         | desktop mode. To know more about runtime menu :ref:`click here <desktop_deployment>`                    |
+
+
+The pgAdmin4 Menu
+*****************
+
+.. image:: /images/pgadmin4_menu.png
+    :alt: pgAdmin pgadmin4 menu bar
+    :align: center
+
+Use the *pgAdmin4* menu available in desktop mode to access the following options:
+
++-------------------------+---------------------------------------------------------------------------------------------------------+
+| Option                  | Action                                                                                                  |
++=========================+=========================================================================================================+
+| *About pgAdmin 4*       | Provide pgadmin4 configuration information like version, mode etc.                                      |
++-------------------------+---------------------------------------------------------------------------------------------------------+
+| *Preferences/settings*  | Click to open the :ref:`Preferences <preferences>` dialog to customize your pgAdmin settings.           |
++-------------------------+---------------------------------------------------------------------------------------------------------+
+| *Reset Layout*          | If you have modified the workspace, click to restore the default layout.                                |
++-------------------------+---------------------------------------------------------------------------------------------------------+
+| *View Logs*             | This will show current pgadmin4 logs.                                                                   |
++-------------------------+---------------------------------------------------------------------------------------------------------+
+| *Configure runtime*     | Click to open a  window that allows to configure application port, connection timeout to launch the     |
+|                         | application. To know more about runtime menu :ref:`click here <desktop_deployment>`                     |
 +-------------------------+---------------------------------------------------------------------------------------------------------+
 
 The Object Menu
@@ -132,6 +156,12 @@ Use the *Tools* menu to access the following options (in alphabetical order):
 +------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------+
 | *Search Objects...*          | Click to open the :ref:`Search Objects... <search_objects>` and start searching any kind of objects in a database.                        |
 +------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------+
+| *AI Reports*                 | Click to access a submenu with AI-powered analysis options (requires :ref:`AI configuration <ai_tools>`):                                 |
+|                              |                                                                                                                                           |
+|                              | - *Security Report* - Generate an AI-powered security analysis for the selected server, database, or schema.                              |
+|                              | - *Performance Report* - Generate an AI-powered performance analysis for the selected server or database.                                 |
+|                              | - *Design Report* - Generate an AI-powered design review for the selected database or schema.                                             |
++------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------+
 | *Add named restore point*    | Click to open the :ref:`Add named restore point... <add_restore_point_dialog>` dialog to take a point-in-time snapshot of the current     |
 |                              | server state.                                                                                                                             |
 +------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------+

docs/en_US/oauth2.rst

@@ -1,15 +1,40 @@
 .. _oauth2:
 
-*****************************************
-`Enabling OAUTH2 Authentication`:index:
-*****************************************
+*******************************************************
+`Enabling OAUTH2 and OIDC Authentication`:index:
+*******************************************************
 
 
-To enable OAUTH2 authentication for pgAdmin, you must configure the OAUTH2
-settings in the *config_local.py* or *config_system.py* file (see the
-:ref:`config.py <config_py>` documentation) on the system where pgAdmin is
-installed in Server mode. You can copy these settings from *config.py* file
-and modify the values for the following parameters:
+To enable OAUTH2 or OpenID Connect (OIDC) authentication for pgAdmin, you must
+configure the OAUTH2 settings in the *config_local.py* or *config_system.py*
+file (see the :ref:`config.py <config_py>` documentation) on the system where
+pgAdmin is installed in Server mode. You can copy these settings from *config.py*
+file and modify the values for the following parameters.
+
+OAuth2 vs OpenID Connect (OIDC)
+================================
+
+pgAdmin supports both OAuth2 and OIDC authentication protocols:
+
+**OAuth2** is an authorization framework that allows third-party applications to
+obtain limited access to user accounts. When using OAuth2, pgAdmin must explicitly
+call the provider's userinfo endpoint to retrieve user profile information.
+
+**OpenID Connect (OIDC)** is an identity layer built on top of OAuth2 that provides
+standardized user authentication and profile information. When using OIDC, user
+identity information is included directly in the ID token, which is more efficient
+and secure.
+
+.. note::
+   When **OAUTH2_SERVER_METADATA_URL** is configured, pgAdmin treats the provider
+   as an OIDC provider and will:
+
+   - Use ID token claims for user identity (sub, email, preferred_username)
+   - Skip the userinfo endpoint call when ID token contains sufficient information
+   - Validate the ID token automatically using the provider's public keys
+
+   This is the **recommended approach** for modern identity providers like
+   Microsoft Entra ID (Azure AD), Google, Keycloak, Auth0, and Okta.
 
 
 .. _AzureAD: https://learn.microsoft.com/en-us/security/zero-trust/develop/configure-tokens-group-claims-app-roles
@@ -23,29 +48,28 @@ and modify the values for the following parameters:
 
    "AUTHENTICATION_SOURCES", "The default value for this parameter is *internal*.
    To enable OAUTH2 authentication, you must include *oauth2* in the list of values
-   for this parameter. you can modify the value as follows:
+   for this parameter. You can modify the value as follows:
 
    * [‘oauth2’, ‘internal’]: pgAdmin will display an additional button for authenticating with oauth2"
     "OAUTH2_NAME", "The name of the Oauth2 provider, ex: Google, Github"
     "OAUTH2_DISPLAY_NAME", "Oauth2 display name in pgAdmin"
     "OAUTH2_CLIENT_ID", "Oauth2 Client ID"
-    "OAUTH2_CLIENT_SECRET", "Oauth2 Client Secret"
+    "OAUTH2_CLIENT_SECRET", "Oauth2 Client Secret. **Optional for public clients using Authorization Code + PKCE**. For confidential clients (server-side apps), keep this set. For public clients (no secret), pgAdmin will enforce PKCE and perform an unauthenticated token exchange."
+    "OAUTH2_CLIENT_AUTH_METHOD", "Client authentication method for the token endpoint. Default behavior uses *OAUTH2_CLIENT_SECRET* (confidential client), or PKCE when no secret is provided (public client). Set to *workload_identity* to authenticate using an Azure Entra ID workload identity (federated credential) without a client secret."
+    "OAUTH2_WORKLOAD_IDENTITY_TOKEN_FILE", "When **OAUTH2_CLIENT_AUTH_METHOD** is *workload_identity*, path to the projected OIDC token file (Kubernetes service account JWT). This file must exist at pgAdmin startup."
     "OAUTH2_TOKEN_URL", "Oauth2 Access Token endpoint"
     "OAUTH2_AUTHORIZATION_URL", "Endpoint for user authorization"
-    "OAUTH2_SERVER_METADATA_URL", "Server metadata url for your OAuth2 provider"
+    "OAUTH2_SERVER_METADATA_URL", "**OIDC Discovery URL** (recommended for OIDC providers). When set, pgAdmin will use OIDC flow with automatic ID token validation and user claims from the ID token. Example: *https://login.microsoftonline.com/{tenant}/v2.0/.well-known/openid-configuration*. When using this parameter, OAUTH2_TOKEN_URL and OAUTH2_AUTHORIZATION_URL are optional as they will be discovered automatically."
     "OAUTH2_API_BASE_URL", "Oauth2 base URL endpoint to make requests simple, ex: *https://api.github.com/*"
-    "OAUTH2_USERINFO_ENDPOINT", "User Endpoint, ex: *user* (for github, or *user/emails* if the user's email address is private) and *userinfo* (for google),"
-    "OAUTH2_SCOPE", "Oauth scope, ex: 'openid email profile'. Note that an 'email' claim is required in the resulting profile."
+    "OAUTH2_USERINFO_ENDPOINT", "User Endpoint, ex: *user* (for github, or *user/emails* if the user's email address is private) and *userinfo* (for google). **For OIDC providers**, this is optional if the ID token contains sufficient claims (email, preferred_username, or sub)."
+    "OAUTH2_SCOPE", "Oauth scope, ex: 'openid email profile'. **For OIDC providers**, include 'openid' scope to receive an ID token."
     "OAUTH2_ICON", "The Font-awesome icon to be placed on the oauth2 button,  ex: fa-github"
     "OAUTH2_BUTTON_COLOR", "Oauth2 button color"
-    "OAUTH2_USERNAME_CLAIM", "The claim which is used for the username. If the value is empty
-    the email is used as username, but if a value is provided, the claim has to exist. Ex: *oid* (for AzureAD), *email* (for Github)"
+    "OAUTH2_USERNAME_CLAIM", "The claim which is used for the username. If the value is empty, **for OIDC providers** pgAdmin will use: 1) email, 2) preferred_username, or 3) sub (in that order). **For OAuth2 providers** without OIDC, email is required. Ex: *oid* (for AzureAD), *email* (for Github), *preferred_username* (for Keycloak)"
     "OAUTH2_AUTO_CREATE_USER", "Set the value to *True* if you want to automatically
     create a pgAdmin user corresponding to a successfully authenticated Oauth2 user.
     Please note that password is not stored in the pgAdmin database."
-    "OAUTH2_ADDITIONAL_CLAIMS", "If a dictionary is provided, pgAdmin will check for a matching key and value on the userinfo endpoint 
-    and in the Id Token. In case there is no match with the provided config, the user will receive an authorization error.
-    Useful for checking AzureAD_ *wids* or *groups*, GitLab_ *owner*, *maintainer* and *reporter* claims."
+    "OAUTH2_ADDITIONAL_CLAIMS", "If a dictionary is provided, pgAdmin will check for a matching key and value on the **ID token first** (for OIDC providers), then fall back to the userinfo endpoint response. In case there is no match with the provided config, the user will receive an authorization error. Useful for checking AzureAD_ *wids* or *groups*, GitLab_ *owner*, *maintainer* and *reporter* claims."
     "OAUTH2_SSL_CERT_VERIFICATION", "Set this variable to False to disable SSL certificate verification for OAuth2 provider.
     This may need to set False, in case of self-signed certificates."
     "OAUTH2_CHALLENGE_METHOD", "Enable PKCE workflow. PKCE method name, only *S256* is supported"
@@ -83,3 +107,240 @@ Ref: https://oauth.net/2/pkce
 
 To enable PKCE workflow, set the configuration parameters OAUTH2_CHALLENGE_METHOD to *S256* and OAUTH2_RESPONSE_TYPE to *code*.
 Both parameters are mandatory to enable PKCE workflow.
+
+Public vs Confidential OAuth Clients
+====================================
+
+OAuth providers support two common client types:
+
+- **Confidential clients** have a client secret and can authenticate to the token endpoint.
+- **Public clients** do not have a client secret (or the secret cannot be safely stored).
+
+pgAdmin supports interactive user login for both client types:
+
+- If **OAUTH2_CLIENT_SECRET** is set, pgAdmin treats the provider as a confidential client.
+- If **OAUTH2_CLIENT_SECRET** is missing, empty, or set to *None*, pgAdmin treats the provider as a public client and **requires PKCE**.
+
+.. note::
+    For public clients, pgAdmin uses Authlib's native behavior to perform an **unauthenticated token exchange**
+    (token endpoint client authentication method: ``none``). This is required for Authorization Code + PKCE
+    flows where no client secret is available.
+
+Azure Entra ID Workload Identity (AKS) (No Client Secret)
+=========================================================
+
+pgAdmin can authenticate to Microsoft Entra ID (Azure AD) **without a client secret** using an
+AKS Workload Identity projected service account token (OIDC federated credential).
+
+This is a **confidential client** scenario (server-side app), but client authentication to the token
+endpoint is performed using a **JWT client assertion**.
+
+Enable workload identity mode
+-----------------------------
+
+Set the following parameters in your provider configuration:
+
+.. code-block:: python
+
+    OAUTH2_CONFIG = [{
+        'OAUTH2_NAME': 'entra-workload-identity',
+        'OAUTH2_DISPLAY_NAME': 'Microsoft Entra ID',
+        'OAUTH2_CLIENT_ID': '<Application (client) ID>',
+        'OAUTH2_CLIENT_SECRET': None,  # not required
+        'OAUTH2_CLIENT_AUTH_METHOD': 'workload_identity',
+        'OAUTH2_WORKLOAD_IDENTITY_TOKEN_FILE':
+            '/var/run/secrets/azure/tokens/azure-identity-token',
+        'OAUTH2_SERVER_METADATA_URL':
+            'https://login.microsoftonline.com/<tenant-id>/v2.0/.well-known/openid-configuration',
+        'OAUTH2_SCOPE': 'openid email profile',
+    }]
+
+With this configuration:
+
+- pgAdmin will **not** require **OAUTH2_CLIENT_SECRET**.
+- pgAdmin will **not** use PKCE for this provider.
+- During the token exchange, pgAdmin will send:
+
+    - ``client_assertion_type=urn:ietf:params:oauth:client-assertion-type:jwt-bearer``
+    - ``client_assertion=<projected service account JWT>``
+
+Azure App Registration setup
+----------------------------
+
+In Microsoft Entra ID:
+
+- Create an **App registration** for pgAdmin.
+- Configure a **Redirect URI** to ``<http/https>://<pgAdmin Server URL>/oauth2/authorize``.
+- In **Certificates & secrets**, you do **not** need to create a client secret for workload identity.
+
+Federated credential (workload identity) configuration
+------------------------------------------------------
+
+Add a **Federated credential** to the App registration:
+
+- **Issuer**: your AKS cluster OIDC issuer URL.
+- **Subject**: ``system:serviceaccount:<namespace>:<serviceaccount-name>``
+- **Audience**: typically ``api://AzureADTokenExchange``
+
+AKS ServiceAccount example
+--------------------------
+
+Example ServiceAccount for AKS Workload Identity:
+
+.. code-block:: yaml
+
+    apiVersion: v1
+    kind: ServiceAccount
+    metadata:
+      name: pgadmin
+      namespace: pgadmin
+      annotations:
+        azure.workload.identity/client-id: "<Application (client) ID>"
+    ---
+    apiVersion: apps/v1
+    kind: Deployment
+    metadata:
+      name: pgadmin
+      namespace: pgadmin
+    spec:
+      template:
+        metadata:
+          labels:
+            azure.workload.identity/use: "true"
+        spec:
+          serviceAccountName: pgadmin
+
+.. note::
+    The projected token file path can vary by cluster configuration.
+    In many AKS setups it is provided via the ``AZURE_FEDERATED_TOKEN_FILE`` environment
+    variable and mounted under ``/var/run/secrets/azure/tokens/``.
+
+OIDC Configuration Examples
+============================
+
+Using OIDC with Discovery Metadata (Recommended)
+-------------------------------------------------
+
+When using OIDC providers, configure the **OAUTH2_SERVER_METADATA_URL** parameter
+to enable automatic discovery and ID token validation:
+
+.. code-block:: python
+
+    OAUTH2_CONFIG = [{
+        'OAUTH2_NAME': 'my-oidc-provider',
+        'OAUTH2_DISPLAY_NAME': 'My OIDC Provider',
+        'OAUTH2_CLIENT_ID': 'your-client-id',
+        'OAUTH2_CLIENT_SECRET': 'your-client-secret',
+        'OAUTH2_SERVER_METADATA_URL': 'https://provider.example.com/.well-known/openid-configuration',
+        'OAUTH2_SCOPE': 'openid email profile',
+        # OAUTH2_USERINFO_ENDPOINT is optional when using OIDC
+        # Token and authorization URLs are discovered automatically
+    }]
+
+With this configuration:
+
+- pgAdmin will use the OIDC discovery endpoint to automatically find token and authorization URLs
+- User identity will be extracted from ID token claims (sub, email, preferred_username)
+- The userinfo endpoint will only be called as a fallback if ID token lacks required claims
+- ID token will be automatically validated using the provider's public keys
+
+Using OIDC as a Public Client (No Client Secret) with PKCE
+-----------------------------------------------------------
+
+If your OAuth/OIDC application is configured as a **public client** (no client secret), pgAdmin can still perform
+interactive user login using Authorization Code + PKCE.
+
+.. code-block:: python
+
+    OAUTH2_CONFIG = [{
+        'OAUTH2_NAME': 'my-oidc-public',
+        'OAUTH2_DISPLAY_NAME': 'My OIDC Provider (Public Client)',
+        'OAUTH2_CLIENT_ID': 'your-client-id',
+        # Public client: omit OAUTH2_CLIENT_SECRET or set it to None/empty.
+        'OAUTH2_CLIENT_SECRET': None,
+        'OAUTH2_SERVER_METADATA_URL': 'https://provider.example.com/.well-known/openid-configuration',
+        'OAUTH2_SCOPE': 'openid email profile',
+        # PKCE is mandatory for public clients
+        'OAUTH2_CHALLENGE_METHOD': 'S256',
+        'OAUTH2_RESPONSE_TYPE': 'code',
+    }]
+
+With this configuration:
+
+- pgAdmin enforces PKCE (challenge method + response type)
+- The token exchange is performed without a client secret
+
+Username Resolution for OIDC
+-----------------------------
+
+When **OAUTH2_SERVER_METADATA_URL** is configured (OIDC mode), pgAdmin will
+resolve the username in the following order:
+
+1. **OAUTH2_USERNAME_CLAIM** (if configured) - checks ID token first, then userinfo
+2. **email** claim from ID token or userinfo endpoint
+3. **preferred_username** claim from ID token (standard OIDC claim)
+4. **sub** claim from ID token (always present in OIDC, used as last resort)
+
+Example with custom username claim:
+
+.. code-block:: python
+
+    OAUTH2_CONFIG = [{
+        # ... other config ...
+        'OAUTH2_USERNAME_CLAIM': 'preferred_username',
+        # pgAdmin will use 'preferred_username' from ID token for the username
+    }]
+
+Example without custom claim (uses automatic fallback):
+
+.. code-block:: python
+
+    OAUTH2_CONFIG = [{
+        # ... other config ...
+        # No OAUTH2_USERNAME_CLAIM specified
+        # pgAdmin will try: email -> preferred_username -> sub
+    }]
+
+Additional Claims Authorization with OIDC
+------------------------------------------
+
+When using **OAUTH2_ADDITIONAL_CLAIMS** with OIDC providers, pgAdmin will:
+
+1. Check the ID token claims first (more secure, no additional network call)
+2. Fall back to userinfo endpoint response if needed
+
+Example:
+
+.. code-block:: python
+
+    OAUTH2_CONFIG = [{
+        # ... other config ...
+        'OAUTH2_ADDITIONAL_CLAIMS': {
+            'groups': ['admin-group', 'pgadmin-users'],
+            'roles': ['database-admin']
+        },
+        # pgAdmin will check these claims in ID token first,
+        # then userinfo endpoint if not found
+    }]
+
+Legacy OAuth2 Configuration (Without OIDC)
+-------------------------------------------
+
+For providers that don't support OIDC discovery, configure all endpoints manually:
+
+.. code-block:: python
+
+    OAUTH2_CONFIG = [{
+        'OAUTH2_NAME': 'github',
+        'OAUTH2_DISPLAY_NAME': 'GitHub',
+        'OAUTH2_CLIENT_ID': 'your-client-id',
+        'OAUTH2_CLIENT_SECRET': 'your-client-secret',
+        'OAUTH2_TOKEN_URL': 'https://github.com/login/oauth/access_token',
+        'OAUTH2_AUTHORIZATION_URL': 'https://github.com/login/oauth/authorize',
+        'OAUTH2_API_BASE_URL': 'https://api.github.com/',
+        'OAUTH2_USERINFO_ENDPOINT': 'user',
+        'OAUTH2_SCOPE': 'user:email',
+        # No OAUTH2_SERVER_METADATA_URL - pure OAuth2 mode
+    }]
+
+In this mode, user identity is retrieved only from the userinfo endpoint.

docs/en_US/preferences.rst

@@ -27,6 +27,83 @@ The left pane of the *Preferences* tab displays a tree control; each node of
 the tree control provides access to options that are related to the node under
 which they are displayed.
 
+The AI Node
+***********
+
+Use preferences found in the *AI* node of the tree control to configure
+AI-powered features and LLM (Large Language Model) providers.
+
+.. image:: images/preferences_ai.png
+    :alt: Preferences AI section
+    :align: center
+
+**Note:** AI features must be enabled in the server configuration (``LLM_ENABLED = True``
+in ``config.py``) for these preferences to be available.
+
+Use the fields on the *AI* panel to configure your LLM provider:
+
+* Use the *Default Provider* drop-down to select your LLM provider. Options include:
+  *Anthropic*, *OpenAI*, *Ollama*, or *Docker Model Runner*.
+
+**Anthropic Settings:**
+
+* Use the *API URL* field to set a custom API endpoint URL. Leave empty to use
+  the default Anthropic API (``https://api.anthropic.com/v1``). Set a custom URL
+  to use an Anthropic-compatible API provider.
+
+* Use the *API Key File* field to specify the path to a file containing your
+  Anthropic API key. This path refers to the filesystem where the pgAdmin
+  server is running (e.g., inside the container if using Docker). The ``~``
+  prefix is expanded to the home directory of the user running the pgAdmin
+  server process. The API key may be optional when using a custom API URL
+  with a provider that does not require authentication.
+
+* Use the *Model* field to select from the available Claude models. Click the
+  refresh button to fetch the latest available models from your configured
+  endpoint.
+
+**OpenAI Settings:**
+
+* Use the *API URL* field to set a custom API endpoint URL. Leave empty to use
+  the default OpenAI API (``https://api.openai.com/v1``). Set a custom URL to
+  use any OpenAI-compatible API provider (e.g., LiteLLM, LM Studio, EXO).
+  Include the ``/v1`` path prefix if required by your provider
+  (e.g., ``http://localhost:1234/v1``).
+
+* Use the *API Key File* field to specify the path to a file containing your
+  OpenAI API key. This path refers to the filesystem where the pgAdmin
+  server is running (e.g., inside the container if using Docker). The ``~``
+  prefix is expanded to the home directory of the user running the pgAdmin
+  server process. The API key may be optional when using a custom API URL
+  with a provider that does not require authentication.
+
+* Use the *Model* field to select from the available GPT models. Click the
+  refresh button to fetch the latest available models from your configured
+  endpoint.
+
+**Ollama Settings:**
+
+* Use the *API URL* field to specify the Ollama server URL
+  (default: ``http://localhost:11434``).
+
+* Use the *Model* field to select from the available models or enter a custom
+  model name (e.g., ``llama2``, ``mistral``). Click the refresh button to fetch
+  the latest available models from your Ollama server.
+
+**Docker Model Runner Settings:**
+
+* Use the *API URL* field to specify the Docker Model Runner API URL
+  (default: ``http://localhost:12434``). Available in Docker Desktop 4.40+.
+
+* Use the *Model* field to select from the available models or enter a custom
+  model name. Click the refresh button to fetch the latest available models
+  from your Docker Model Runner.
+
+.. note:: You can also use the *OpenAI* provider with a custom API URL for any
+   OpenAI-compatible endpoint, including Docker Model Runner, LM Studio, EXO,
+   and other local inference servers. This can be useful when you want to use
+   a provider that isn't explicitly listed but supports the OpenAI API format.
+
 The Browser Node
 ****************
 
@@ -392,11 +469,17 @@ Use the fields on the *File Downloads* panel to manage file downloads related pr
 
 * When the *Automatically open downloaded files?* switch is set to *True*
   the downloaded file will automatically open in the system's default
-  application associated with that file type.
+  application associated with that file type. **Note:** This option is applicable and
+  visible only in desktop mode.
+
+* When the *Enable binary data download?* switch is set to *True*,
+  binary data can be downloaded from the result grid. Default is set to *False*
+  to prevent excessive memory usage on the server.
 
 * When the *Prompt for the download location?* switch is set to *True*
   a prompt will appear after clicking the download button, allowing you
-  to choose the download location.
+  to choose the download location. **Note:** This option is applicable and
+  visible only in desktop mode.
 
 **Note:** File Downloads related settings are applicable and visible only in desktop mode.
 

docs/en_US/query_tool.rst

@@ -32,8 +32,9 @@ The Query Tool features two panels:
 
 * The upper panel displays the *SQL Editor*. You can use the panel to enter,
   edit, or execute a query or a script. It also shows the *History* tab which can be used
-  to view the queries that have been executed in the session, and a *Scratch Pad*
-  which can be used to hold text snippets during editing. If the Scratch Pad is
+  to view the queries that have been executed in the session, a *Scratch Pad*
+  which can be used to hold text snippets during editing, and an *AI Assistant*
+  tab for generating SQL from natural language (when AI is configured). If the Scratch Pad is
   closed, it can be re-opened (or additional ones opened) by right-clicking in
   the SQL Editor and other panels and adding a new panel.
 * The lower panel displays the *Data Output* panel. The tabbed panel displays
@@ -201,6 +202,49 @@ can be adjusted in ``config_local.py`` or ``config_system.py`` (see the
 `MAX_QUERY_HIST_STORED` value. See the :ref:`Deployment <deployment>` section
 for more information.
 
+AI Assistant Panel
+******************
+
+The *AI Assistant* tab provides a chat-style interface for generating SQL queries
+from natural language descriptions. This feature requires an AI provider to be
+configured in *Preferences > AI*. For configuration details, see the
+:ref:`preferences` documentation.
+
+.. image:: images/query_ai_assistant.png
+    :alt: Query tool AI Assistant panel
+    :align: center
+
+To use the AI Assistant:
+
+1. Click on the *AI Assistant* tab in the upper panel, or use the *AI Assistant*
+   toolbar button.
+2. Type a description of the SQL query you need in natural language.
+3. Press Enter or click the send button to submit your request.
+4. The AI will analyze your database schema and generate appropriate SQL.
+
+The AI Assistant displays conversations with your messages and AI responses. When
+the AI generates SQL, it appears in a syntax-highlighted code block with action
+buttons:
+
+* **Insert** - Insert the SQL at the current cursor position in the SQL Editor.
+* **Replace** - Replace all content in the SQL Editor with the generated SQL.
+* **Copy** - Copy the SQL to the clipboard.
+
+The AI Assistant maintains conversation context, allowing you to refine queries
+iteratively. For example, you can ask for a query and then follow up with
+"also add a filter for active users" to modify the previous result.
+
+**Tips for effective use:**
+
+* Be specific about table and column names if you know them.
+* Describe the desired output format (e.g., "show count by category").
+* For complex queries, break down requirements step by step.
+* Use the *Clear* button to start a fresh conversation.
+
+**Note:** The AI Assistant uses database schema inspection tools to understand
+your database structure. It supports SELECT, INSERT, UPDATE, DELETE, and DDL
+statements. All generated queries should be reviewed before execution.
+
 The Data Output Panel
 *********************
 
@@ -335,6 +379,44 @@ If planner mis-estimated number of rows (actual vs planned) by
     :alt: Query tool explain plan statistics
     :align: center
 
+* AI Insights
+
+The *AI Insights* tab provides AI-powered analysis of query execution plans,
+identifying performance bottlenecks and suggesting optimizations. This tab is
+only available when an AI provider is configured in *Preferences > AI*.
+
+.. image:: images/query_explain_ai_insights.png
+    :alt: Query tool explain plan AI insights
+    :align: center
+
+When you switch to the AI Insights tab, the AI analyzes the execution plan and
+provides:
+
+**Performance Bottlenecks** - Issues identified in the query plan, such as:
+
+* Sequential scans on large tables that could benefit from indexes
+* Significant differences between estimated and actual row counts
+* Expensive sort or hash operations
+* Nested loops with high iteration counts
+
+**Recommendations** - Concrete suggestions to improve query performance:
+
+* Index creation statements with appropriate columns
+* ANALYZE commands to update table statistics
+* Configuration parameter adjustments
+* Query restructuring suggestions
+
+Each recommendation that includes SQL (such as CREATE INDEX statements) has
+action buttons to *Copy* the SQL to the clipboard or *Insert* it into the
+Query Editor.
+
+Click the *Regenerate* button to request a fresh analysis of the current plan.
+
+**Note:** AI analysis is generated on-demand when you first click the AI Insights
+tab or when a new explain plan is generated while the tab is active. The analysis
+provides guidance but all suggested changes should be carefully evaluated before
+applying to production databases.
+
 Messages Panel
 **************
 

docs/en_US/query_tool_toolbar.rst

@@ -241,6 +241,8 @@ Pagination Options
    +----------------------+---------------------------------------------------------------------------------------------------+----------------+
    | *Edit Range*         | Click to open the from and to rows range inputs to allow setting them.                            |                |
    +----------------------+---------------------------------------------------------------------------------------------------+----------------+
+   | *Show Entire Range*  | Click to get all the rows and set the from and to rows range                                      |                |
+   +----------------------+---------------------------------------------------------------------------------------------------+----------------+
    | *Page No*            | Enter the page no you want to jump to out of total shown next to this input                       |                |
    +----------------------+---------------------------------------------------------------------------------------------------+----------------+
    | *First Page*         | Click to go to the first page.                                                                    |                |

docs/en_US/release_notes.rst

@@ -12,6 +12,9 @@ notes for it.
    :maxdepth: 1
 
 
+   release_notes_9_14
+   release_notes_9_13
+   release_notes_9_12
    release_notes_9_11
    release_notes_9_10
    release_notes_9_9

docs/en_US/release_notes_9_12.rst

@@ -0,0 +1,60 @@
+************
+Version 9.12
+************
+
+Release date: 2026-02-05
+
+This release contains a number of bug fixes and new features since the release of pgAdmin 4 v9.11.
+
+.. warning:: Starting with this release, pgAdmin Windows installers are signed
+    with a new code signing certificate. When installing or running pgAdmin on
+    Windows, you should verify that the digital signature shows the certificate
+    name as **"Open Source Developer, David John Page"**. This certificate will
+    be used for this and future releases.
+
+Supported Database Servers
+**************************
+**PostgreSQL**: 13, 14, 15, 16, 17 and 18
+
+**EDB Advanced Server**: 13, 14, 15, 16, 17 and 18
+
+Bundled PostgreSQL Utilities
+****************************
+**psql**, **pg_dump**, **pg_dumpall**, **pg_restore**: 18.0
+
+
+New features
+************
+
+  | `Issue #6451 <https://github.com/pgadmin-org/pgadmin4/issues/6451>`_ - Add new options like INHERIT and SET to the Role's membership tab.
+  | `Issue #8890 <https://github.com/pgadmin-org/pgadmin4/issues/8890>`_ - Add a new button in the query tool data output toolbar to get entire range of data.
+  | `Issue #9292 <https://github.com/pgadmin-org/pgadmin4/issues/9292>`_ - Enhance OAUTH2 and OIDC authentication support with improved claims handling and configuration options.
+
+Housekeeping
+************
+
+
+Bug fixes
+*********
+
+  | `Issue #8916 <https://github.com/pgadmin-org/pgadmin4/issues/8916>`_ - Warn user of unsaved data output edits before page navigation.
+  | `Issue #8987 <https://github.com/pgadmin-org/pgadmin4/issues/8987>`_ - Fix Query Tool state restoration for new connections and queries.
+  | `Issue #9074 <https://github.com/pgadmin-org/pgadmin4/issues/9074>`_ - Fix pg_restore logs to distinguish UI sync issues from actual failures.
+  | `Issue #9110 <https://github.com/pgadmin-org/pgadmin4/issues/9110>`_ - Optimize checkbox selection logic in backup dialog objects tree.
+  | `Issue #9196 <https://github.com/pgadmin-org/pgadmin4/issues/9196>`_ - Fixed an issue where double click to open a file in the file manager is not working.
+  | `Issue #9223 <https://github.com/pgadmin-org/pgadmin4/issues/9223>`_ - Upgrade ID column in the database table to BigInteger to support large OID values.
+  | `Issue #9235 <https://github.com/pgadmin-org/pgadmin4/issues/9235>`_ - Fixed an issue where "View/Edit Data" shortcut opened "First 100 rows" instead of "All Rows".
+  | `Issue #9258 <https://github.com/pgadmin-org/pgadmin4/issues/9258>`_ - Ensure saved shared server passwords are re-encrypted on password change.
+  | `Issue #9260 <https://github.com/pgadmin-org/pgadmin4/issues/9260>`_ - Fixed an issue where data filter dialog removes newline character when sending SQL to the query tool.
+  | `Issue #9285 <https://github.com/pgadmin-org/pgadmin4/issues/9285>`_ - Fixed an issue where the dashboard freezes on initial render when there is a high number of locks.
+  | `Issue #9293 <https://github.com/pgadmin-org/pgadmin4/issues/9293>`_ - Fixed the SSL certificate issue while checking for the upgrade.
+  | `Issue #9332 <https://github.com/pgadmin-org/pgadmin4/issues/9332>`_ - Fixed a sorting issue in the system stats memory usage table.
+  | `Issue #9350 <https://github.com/pgadmin-org/pgadmin4/issues/9350>`_ - Disable Parameters and Membership fields when object is not new for Login and group roles.
+  | `Issue #9380 <https://github.com/pgadmin-org/pgadmin4/issues/9380>`_ - Fixed an issue where the Query History panel would auto-scroll to the top and did not preserve the scroll bar position for the selected entry.
+  | `Issue #9402 <https://github.com/pgadmin-org/pgadmin4/issues/9402>`_ - Fixed an issue where pgAdmin4 app on macOS cannot auto-update while running on a read-only volume even if present in the Applications folder.
+  | `Issue #9500 <https://github.com/pgadmin-org/pgadmin4/issues/9500>`_ - Fixed an issue where connection parameters were using localized values instead of literal values, causing connection failures.
+  | `Issue #9518 <https://github.com/pgadmin-org/pgadmin4/issues/9518>`_ - Mask the secret key for restrict option in the process watcher when restoring plain SQL file (CVE-2026-1707).
+  | `Issue #9522 <https://github.com/pgadmin-org/pgadmin4/issues/9522>`_ - Ensure the container deployment supports boolean values in yaml format.
+  | `Issue #9552 <https://github.com/pgadmin-org/pgadmin4/issues/9552>`_ - Ensure that the tooltip for the password cell is not visible.
+  | `Issue #9553 <https://github.com/pgadmin-org/pgadmin4/issues/9553>`_ - Fix pgAdmin fails when performing Backup/Restore on a PostgreSQL connection defined exclusively via pg_service.conf.
+  | `Issue #9567 <https://github.com/pgadmin-org/pgadmin4/issues/9567>`_ - Update menu bar documentation.

docs/en_US/release_notes_9_13.rst

@@ -0,0 +1,44 @@
+************
+Version 9.13
+************
+
+Release date: 2026-03-05
+
+This release contains a number of bug fixes and new features since the release of pgAdmin 4 v9.12.
+
+Supported Database Servers
+**************************
+**PostgreSQL**: 13, 14, 15, 16, 17 and 18
+
+**EDB Advanced Server**: 13, 14, 15, 16, 17 and 18
+
+Bundled PostgreSQL Utilities
+****************************
+**psql**, **pg_dump**, **pg_dumpall**, **pg_restore**: 18.0
+
+
+New features
+************
+
+  | `Issue #229 <https://github.com/pgadmin-org/pgadmin4/issues/229>`_   - Allow users to customize "OF TYPE" columns during table creation.
+  | `Issue #5578 <https://github.com/pgadmin-org/pgadmin4/issues/5578>`_ - No FK are shown in diagram created from existing tables in the ERD Tool.
+  | `Issue #6386 <https://github.com/pgadmin-org/pgadmin4/issues/6386>`_ - Add support for 'ONLY' in Index creation dialog.
+  | `Issue #8198 <https://github.com/pgadmin-org/pgadmin4/issues/8198>`_ - Allow "drag-n-drop" for only user chosen tables, and show relations between them.
+  | `Issue #9229 <https://github.com/pgadmin-org/pgadmin4/issues/9229>`_ - Load predefined users from a JSON file through command line.
+  | `Issue #9641 <https://github.com/pgadmin-org/pgadmin4/issues/9641>`_ - Core LLM integration infrastructure, AI reports for security, schema, and performance, AI chat for the Query Tool, and AI Insights for EXPLAIN.
+
+Housekeeping
+************
+
+Bug fixes
+*********
+
+  | `Issue #7578 <https://github.com/pgadmin-org/pgadmin4/issues/7578>`_ - Fixed an issue where the 'Quote strings only' configuration was ignored when downloading the result set.
+  | `Issue #8988 <https://github.com/pgadmin-org/pgadmin4/issues/8988>`_ - Fixed an issue where tools settings changed by the users were not restored on application relaunch.
+  | `Issue #9258 <https://github.com/pgadmin-org/pgadmin4/issues/9258>`_ - Fixed an issue where modifying a shared server incorrectly updated the original server details.
+  | `Issue #9484 <https://github.com/pgadmin-org/pgadmin4/issues/9484>`_ - Fixed an issue where a long name in ERD table node was not breaking into multiple lines.
+  | `Issue #9486 <https://github.com/pgadmin-org/pgadmin4/issues/9486>`_ - Fixed an issue where column comments were not displayed in the SQL tab for materialised views.
+  | `Issue #9572 <https://github.com/pgadmin-org/pgadmin4/issues/9572>`_ - Fix an issue where deployment of helm chart crashing with operation not permitted.
+  | `Issue #9583 <https://github.com/pgadmin-org/pgadmin4/issues/9583>`_ - Fix translation compilation.
+  | `Issue #9649 <https://github.com/pgadmin-org/pgadmin4/issues/9649>`_ - Fix broken checkbox selection in backup dialog objects tree.
+  | `Issue #9651 <https://github.com/pgadmin-org/pgadmin4/issues/9651>`_ - Fixed an issue in file dialog where rename was not working.

docs/en_US/release_notes_9_14.rst

@@ -0,0 +1,47 @@
+************
+Version 9.14
+************
+
+Release date: 2026-04-02
+
+This release contains a number of bug fixes and new features since the release of pgAdmin 4 v9.13.
+
+Supported Database Servers
+**************************
+**PostgreSQL**: 13, 14, 15, 16, 17 and 18
+
+**EDB Advanced Server**: 13, 14, 15, 16, 17 and 18
+
+Bundled PostgreSQL Utilities
+****************************
+**psql**, **pg_dump**, **pg_dumpall**, **pg_restore**: 18.0
+
+
+New features
+************
+
+  | `Issue #4011 <https://github.com/pgadmin-org/pgadmin4/issues/4011>`_ -  Added support to download binary data from result grid.
+  | `Issue #9703 <https://github.com/pgadmin-org/pgadmin4/issues/9703>`_ -  Added support for custom LLM provider URLs for OpenAI and Anthropic, allowing use of OpenAI-compatible providers such as LM Studio, EXO, and LiteLLM.
+  | `Issue #9709 <https://github.com/pgadmin-org/pgadmin4/issues/9709>`_ -  Fixed an issue where AI features (AI Assistant tab, AI Reports menus, and AI Preferences) were visible in the UI even when LLM_ENABLED is set to False.
+  | `Issue #9738 <https://github.com/pgadmin-org/pgadmin4/issues/9738>`_ -  Allow copying of text from the AI Assistant chat panel.
+
+Housekeeping
+************
+
+Bug fixes
+*********
+
+  | `Issue #8992 <https://github.com/pgadmin-org/pgadmin4/issues/8992>`_ -  Fixed an issue where selecting all in the Query Tool's Messages tab would select the entire page content.
+  | `Issue #9279 <https://github.com/pgadmin-org/pgadmin4/issues/9279>`_ -  Fixed an issue where OAuth2 authentication fails with 'object has no attribute' if OAUTH2_AUTO_CREATE_USER is False.
+  | `Issue #9392 <https://github.com/pgadmin-org/pgadmin4/issues/9392>`_ -  Ensure that the Geometry Viewer refreshes when re-running queries or switching geometry columns, preventing stale data from being displayed.
+  | `Issue #9457 <https://github.com/pgadmin-org/pgadmin4/issues/9457>`_ -  Fixed Process Watcher garbled text on Windows with non-UTF-8 locales.
+  | `Issue #9694 <https://github.com/pgadmin-org/pgadmin4/issues/9694>`_ -  Fixed an issue where AI Reports are grayed out after setting an API key by auto-selecting the default provider.
+  | `Issue #9702 <https://github.com/pgadmin-org/pgadmin4/issues/9702>`_ -  Fixed misleading AI activity messages that could be mistaken for actual database operations.
+  | `Issue #9719 <https://github.com/pgadmin-org/pgadmin4/issues/9719>`_ -  Fixed an issue where AI Reports fail with OpenAI models that do not support the temperature parameter.
+  | `Issue #9721 <https://github.com/pgadmin-org/pgadmin4/issues/9721>`_ -  Fixed an issue where permissions page is not completely accessible on full scroll.
+  | `Issue #9729 <https://github.com/pgadmin-org/pgadmin4/issues/9729>`_ -  Fixed an issue where some LLM models would not use database tools in the AI assistant, instead returning text descriptions of tool calls.
+  | `Issue #9732 <https://github.com/pgadmin-org/pgadmin4/issues/9732>`_ -  Improve the AI Assistant user prompt to be more descriptive of the actual functionality.
+  | `Issue #9734 <https://github.com/pgadmin-org/pgadmin4/issues/9734>`_ -  Fixed an issue where LLM responses are not streamed or rendered properly in the AI Assistant.
+  | `Issue #9736 <https://github.com/pgadmin-org/pgadmin4/issues/9736>`_ -  Fix an issue where the AI Assistant was not retaining conversation context between messages, with chat history compaction to manage token budgets.
+  | `Issue #9740 <https://github.com/pgadmin-org/pgadmin4/issues/9740>`_ -  Fixed an issue where the AI Assistant input textbox sometimes swallows the first character of input.
+  | `Issue #9758 <https://github.com/pgadmin-org/pgadmin4/issues/9758>`_ -  Clarify where the LLM API key files should be.

docs/en_US/role_dialog.rst

@@ -65,15 +65,26 @@ Use the *Privileges* tab to grant privileges to the role.
 * Move the *Bypass RLS?* switch to the *Yes* position to control whether a
   role can bypasses every row-level security (RLS) policy. The default value is *No*.
 
+Click the *Membership* tab to continue.
+
 .. image:: images/role_membership.png
     :alt: Role dialog membership tab
     :align: center
 
-* Specify member of the role in the *Member of* field and specify the members in the *Member* field.
-  Confirm each selection by checking the checkbox to the right of the role name;
-  delete a selection by clicking the *x* to the left of the role name.
-  Membership conveys the privileges granted to the specified role to each of
-  its members.
+Use the *Membership* tab to define role memberships. A role can be a member of
+other roles and can have other roles as members.
+
+* Use *Member of* section to specify roles of which the current role
+  is a member. To assign *Admin Option* for a selected role, click on 
+  the appropriate checkbox.
+* Use *Members* section to specify roles that are members of the current
+  role. To assign *Admin Option* for a selected role, click on the appropriate checkbox.
+
+Click the *Add* icon (+) to add more roles; to discard a
+role, click the trash icon to the left of the row and confirm the deletion
+in the *Delete Row* popup.
+
+**Note:** Apart from *Admin Option*, *Inherit Option* and *Set Option* are available for both *Member of* section and *Members* section from PostgreSQL version >= 16.
 
 Click the *Parameters* tab to continue.
 

docs/en_US/user_management.rst

@@ -270,6 +270,50 @@ username/email address.
     /path/to/python /path/to/setup.py get-users --username user1@gmail.com
 
 
+Load Users
+**********
+
+To bulk import users from a JSON file, invoke ``setup.py`` with ``load-users`` command line option,
+followed by the path to the JSON file.
+
+.. code-block:: bash
+
+    /path/to/python /path/to/setup.py load-users /path/to/users.json
+
+**JSON File Format**
+
+The input JSON file must contain a ``users`` array with user objects:
+
+.. code-block:: json
+
+    {
+        "users": [
+            {
+                "username": "admin@example.com",
+                "email": "admin@example.com",
+                "password": "securepassword",
+                "role": "Administrator",
+                "active": true,
+                "auth_source": "internal"
+            },
+            {
+                "username": "ldap_user",
+                "email": "ldap_user@example.com",
+                "role": "User",
+                "active": true,
+                "auth_source": "ldap"
+            }
+        ]
+    }
+
+The command handles errors gracefully:
+
+* Users that already exist are skipped
+* Invalid roles are reported and skipped
+* Missing passwords for internal auth are reported and skipped
+* Passwords shorter than 6 characters are reported and skipped
+
+
 Output
 ******
 

pkg/debian/build.sh

@@ -86,7 +86,11 @@ EOF
 #!/bin/sh
 
 echo "Load apparmor pgAdmin profile..."
-apparmor_parser -r /etc/apparmor.d/pgadmin4
+if command -v apparmor_parser >/dev/null 2>&1; then
+  apparmor_parser -r /etc/apparmor.d/pgadmin4
+else
+  echo "Warning: apparmor_parser not found, skipping profile load. pgAdmin desktop may not work on Ubuntu 24+ with userns restrictions."
+fi
 EOF
   chmod 755 "${DESKTOPROOT}/DEBIAN/postinst"
 fi

pkg/docker/entrypoint.sh

@@ -23,6 +23,10 @@ function file_env() {
 	local val="$def"
 	if [ "${!var:-}" ]; then
 		val="${!var}"
+	elif [ "${!fileVar:-}" ] && [ ! -r "${!fileVar}" ]; then
+		printf >&2 'error: %s is set to "%s" but the file does not exist or is not readable\n' \
+			"$fileVar" "${!fileVar}"
+		exit 1
 	elif [ "${!fileVar:-}" ]; then
 		val="$(< "${!fileVar}")"
 	fi
@@ -61,9 +65,14 @@ EOF
     # This is a bit kludgy, but necessary as the container uses BusyBox/ash as
     # it's shell and not bash which would allow a much cleaner implementation
     for var in $(env | grep "^PGADMIN_CONFIG_" | cut -d "=" -f 1); do
-        # shellcheck disable=SC2086
-        # shellcheck disable=SC2046
-        echo ${var#PGADMIN_CONFIG_} = $(eval "echo \$$var") >> "${CONFIG_DISTRO_FILE_PATH}"
+        # Get the raw value
+        val=$(eval "echo \"\$$var\"")
+        # This normalization step is what makes 'true', 'True'
+        case "$(echo "$val" | tr '[:upper:]' '[:lower:]')" in
+            true)  val="True" ;;
+            false) val="False" ;;
+        esac
+        echo "${var#PGADMIN_CONFIG_} = $val" >> "${CONFIG_DISTRO_FILE_PATH}"
     done
 fi
 

pkg/helm/Chart.yaml

@@ -1,7 +1,7 @@
 apiVersion: v2
 name: pgadmin4-helm
-version: 9.11.0
-appVersion: 9.11.0
+version: 9.13.0
+appVersion: 9.13.0
 description: pgAdmin is the most popular and feature rich Open Source administration and development platform for PostgreSQL, the most advanced Open Source database in the world.
 home: https://pgadmin.org
 sources: ["https://github.com/pgadmin-org/pgadmin4/tree/master/helm"]

pkg/helm/README.md

@@ -40,3 +40,6 @@ The chart should dump its version and appVersion in the Chart.yaml file every re
 | `ingress.enabled` | Ingress resource creation | `false` |
 | `ingress.hostname` | Ingress resource hostname | `"pgadmin4.local"` |
 | `ingress.tlsSecret` | Ingress tls secret name | `""` |
+| `strategy.type` | Deployment strategy type (RollingUpdate or Recreate) | Kubernetes default (RollingUpdate) |
+| `strategy.rollingUpdate.maxSurge` | Maximum number of pods that can be created over the desired replicas | Kubernetes default (25%) |
+| `strategy.rollingUpdate.maxUnavailable` | Maximum number of pods that can be unavailable during the update | Kubernetes default (25%) |

pkg/helm/templates/deployment.yaml

@@ -10,6 +10,15 @@ metadata:
   {{- end }}
 spec:
   replicas: {{ .Values.replicas }}
+  {{- if .Values.strategy }}
+  strategy:
+    type: {{ .Values.strategy.type }}
+    {{- if and (eq .Values.strategy.type "RollingUpdate") .Values.strategy.rollingUpdate }}
+    rollingUpdate:
+      maxSurge: {{ .Values.strategy.rollingUpdate.maxSurge }}
+      maxUnavailable: {{ .Values.strategy.rollingUpdate.maxUnavailable }}
+    {{- end }}
+  {{- end }}
   selector:
     matchLabels:
       app: {{ default "pgadmin4" .Values.commonLabels.app }}
@@ -131,7 +140,7 @@ spec:
               mountPath: /pgadmin4/config_distro.py
               subPath: config_distro.py
             - name: empty-dir
-              mountPath: /usr/bin/python3
+              mountPath: /usr/local/bin/python3
               subPath: python3
             - name: empty-dir
               mountPath: /tmp
@@ -205,7 +214,7 @@ spec:
           image: {{ template "pgadmin4.image" . }}
           imagePullPolicy: {{ .Values.image.pullPolicy }}
           command: ["sh", "-x", "-c"]
-          args: ['ls /usr/bin/python3.* | sort -V -r | head -n 1 | xargs -i cp {} python3']
+          args: ['ls /venv/bin/python3.* | sort -V -r | head -n 1 | xargs -i cp {} python3']
           workingDir: /emptyDir
           volumeMounts:
             - name: empty-dir

pkg/helm/values.yaml

@@ -25,6 +25,12 @@ extraDeploy: []
 
 replicas: 1
 
+# strategy:
+#   type: RollingUpdate
+#   rollingUpdate:
+#     maxSurge: 25%
+#     maxUnavailable: 25%
+
 containerPort: 5050
 disablePostfix: true
 enableServiceLinks: false

pkg/mac/Info.plist.in

@@ -45,8 +45,6 @@
 		<key>SYSTEM_VERSION_COMPAT</key>
 		<string>0</string>
 	</dict>
-	<key>LSFileQuarantineEnabled</key>
-	<true/>
 	<key>LSHasLocalizedDisplayName</key>
 	<string>1</string>
 	<key>LSMinimumSystemVersion</key>
@@ -69,5 +67,7 @@
 	<string>scripting.sdef</string>
 	<key>SCMRevision</key>
 	<string>62f83a7521ae1f32e563795732dff0c9da1b660d-refs/heads/master@{#812354}</string>
+	<key>LSApplicationCategoryType</key>
+    <string>public.app-category.developer-tools</string>
 </dict>
 </plist>

pkg/mac/README.md

@@ -16,7 +16,7 @@ Either build the sources or get them from macports or similar:
 1. To bundle a different version of Python from the default of 3.13.1, set the
    *PGADMIN_PYTHON_VERSION* environment variable, e.g:
 
-       export PGADMIN_PYTHON_VERSION=3.13.1
+       export PGADMIN_PYTHON_VERSION=3.13.11
 
 2. If a path different from the default of /usr/local/pgsql for the PostgreSQL
    installation has been used, set the *PGADMIN_POSTGRES_DIR* environment variable

pkg/mac/build-functions.sh

@@ -67,6 +67,9 @@ _build_runtime() {
 }
 
 _create_python_env() {
+    # Force the current shell to not generate cache during build process
+    export PYTHONDONTWRITEBYTECODE=1
+
     echo "Creating the Python environment..."
     PATH=${PGADMIN_POSTGRES_DIR}/bin:${PATH}
     LD_LIBRARY_PATH=${PGADMIN_POSTGRES_DIR}/lib:${LD_LIBRARY_PATH}
@@ -87,7 +90,7 @@ _create_python_env() {
         --destination "${BUNDLE_DIR}/Contents/Frameworks/"
 
     "${BUNDLE_DIR}/Contents/Frameworks/Python.framework/Versions/Current/bin/python3" -m ensurepip --upgrade || exit 1
-    "${BUNDLE_DIR}/Contents/Frameworks/Python.framework/Versions/Current/bin/pip3" install -r "${SOURCE_DIR}/requirements.txt" || exit 1
+    "${BUNDLE_DIR}/Contents/Frameworks/Python.framework/Versions/Current/bin/pip3" install --no-cache-dir -r "${SOURCE_DIR}/requirements.txt" || exit 1
 
     # Make sure all the .so's in the Python env have the executable bit set
     # so they get properly signed later
@@ -135,7 +138,7 @@ _build_docs() {
     # shellcheck disable=SC1091
     source "${BUILD_ROOT}/venv/bin/activate"
     pip3 install --upgrade pip
-    pip3 install -r "${SOURCE_DIR}/requirements.txt"
+    pip3 install --no-cache-dir -r "${SOURCE_DIR}/requirements.txt"
     pip3 install sphinx==7.4.7
     pip3 install sphinxcontrib-youtube
 
@@ -334,6 +337,10 @@ _codesign_binaries() {
         return
     fi
 
+    echo "Purging build-machine pollution (pycache) before signing..."
+    find "${BUNDLE_DIR}" -name "__pycache__" -type d -exec rm -rf {} +
+    find "${BUNDLE_DIR}" -name "*.pyc" -delete
+
     if [ -z "${DEVELOPER_ID}" ] ; then
         echo "Developer ID Application not found in codesign.conf" >&2
         exit 1

pkg/mac/build.sh

@@ -53,8 +53,8 @@ if [ "${PGADMIN_POSTGRES_DIR}" == "" ]; then
 fi
 
 if [ "${PGADMIN_PYTHON_VERSION}" == "" ]; then
-    echo "PGADMIN_PYTHON_VERSION not set. Setting it to the default: 3.13.1"
-    export PGADMIN_PYTHON_VERSION=3.13.1
+    echo "PGADMIN_PYTHON_VERSION not set. Setting it to the default: 3.13.11"
+    export PGADMIN_PYTHON_VERSION=3.13.11
 fi
 
 # Initialize variables

pkg/mac/licence.rtf

@@ -10,7 +10,7 @@
 \fs22 \
 \
 
-\f1\i Copyright (C) 2013 - 2025, The pgAdmin Development Team
+\f1\i Copyright (C) 2013 - 2026, The pgAdmin Development Team
 \f0\i0 \
 \
 Permission to use, copy, modify, and distribute this software and its documentation for any purpose, without fee, and without a written agreement is hereby granted, provided that the above copyright notice and this paragraph and the following two paragraphs appear in all copies.\

pkg/pip/build.sh

@@ -4,7 +4,7 @@
 #
 # pgAdmin 4 - PostgreSQL Tools
 #
-# Copyright (C) 2013 - 2025, The pgAdmin Development Team
+# Copyright (C) 2013 - 2026, The pgAdmin Development Team
 # This software is released under the PostgreSQL Licence
 #
 #########################################################################

pkg/pip/setup_pip.py

@@ -2,7 +2,7 @@
 #
 # pgAdmin 4 - PostgreSQL Tools
 #
-# Copyright (C) 2013 - 2025, The pgAdmin Development Team
+# Copyright (C) 2013 - 2026, The pgAdmin Development Team
 # This software is released under the PostgreSQL Licence
 #
 ##########################################################################

pkg/src/build.sh

@@ -4,7 +4,7 @@
 #
 # pgAdmin 4 - PostgreSQL Tools
 #
-# Copyright (C) 2013 - 2025, The pgAdmin Development Team
+# Copyright (C) 2013 - 2026, The pgAdmin Development Team
 # This software is released under the PostgreSQL Licence
 #
 #########################################################################

requirements.txt

@@ -12,13 +12,14 @@
 # relevant packages.
 ###############################################################################
 
-Authlib==1.6.5
-azure-identity==1.25.1
+Authlib==1.6.9
+azure-identity==1.25.3
 azure-mgmt-rdbms==10.1.1
-azure-mgmt-resource==24.0.0
+azure-mgmt-resource==25.0.0
 azure-mgmt-subscription==3.1.1
 bcrypt==5.0.*
 boto3==1.42.*
+certifi==2026.2.25
 cryptography==46.0.*
 Flask-Babel==4.0.*
 Flask-Compress==1.*
@@ -28,33 +29,34 @@ Flask-Migrate==4.*
 Flask-Paranoid==0.*
 Flask-Security-Too==5.4.*; python_version <= '3.9'
 Flask-Security-Too==5.7.*; python_version > '3.9'
-Flask-SocketIO==5.5.*
+Flask-SocketIO==5.6.*
 Flask-SQLAlchemy==3.1.*
 Flask-WTF==1.2.*
 Flask==3.1.*
 google-api-python-client==2.*
-google-auth-oauthlib==1.2.3
-gssapi==1.10.*
+google-auth-oauthlib==1.3.0
+gssapi==1.11.*
 jsonformatter~=0.3.4
 keyring==25.*
 ldap3==2.*
 libgravatar==1.0.*
 paramiko==3.5.1
 passlib==1.*
-psutil==7.1.*
+psutil==7.2.*
 psycopg[c]==3.2.13; python_version < '3.10'
-psycopg[c]==3.3.0; python_version >= '3.10'
+psycopg[c]==3.3.3; python_version >= '3.10'
 pyotp==2.*
 python-dateutil==2.*
-pytz==2025.*
+pytz==2026.*
 # pinned for https://github.com/andfoy/pywinpty/issues/545
 pywinpty==2.0.*; sys_platform=="win32"
-qrcode[pil]==8.*; python_version >= '3.9'
-setuptools==80.*
+qrcode[pil]==8.*
+setuptools==82.*
 SQLAlchemy==2.*
 sqlparse==0.*
 sshtunnel==0.*
-typer[all]==0.20.*
+typer[all]==0.23.*; python_version <= '3.9'
+typer[all]==0.24.*; python_version > '3.9'
 urllib3==1.26.*; python_version <= '3.9'
 urllib3==2.6.*;  python_version > '3.9'
 user-agents==2.2.0

runtime/.eslintrc.js

@@ -2,7 +2,7 @@
 //
 // pgAdmin 4 - PostgreSQL Tools
 //
-// Copyright (C) 2013 - 2025, The pgAdmin Development Team
+// Copyright (C) 2013 - 2026, The pgAdmin Development Team
 // This software is released under the PostgreSQL Licence
 //
 //////////////////////////////////////////////////////////////

runtime/package.json

@@ -12,12 +12,12 @@
   },
   "packageManager": "yarn@4.9.2",
   "devDependencies": {
-    "electron": "39.2.4",
-    "eslint": "^9.39.1",
-    "eslint-plugin-unused-imports": "^4.2.0"
+    "electron": "41.0.2",
+    "eslint": "^9.39.2",
+    "eslint-plugin-unused-imports": "^4.4.1"
   },
   "dependencies": {
-    "axios": "^1.13.2",
+    "axios": "^1.13.5",
     "electron-context-menu": "^4.1.0",
     "electron-store": "^11.0.2"
   }

runtime/src/js/autoUpdaterHandler.js

@@ -1,3 +1,12 @@
+/////////////////////////////////////////////////////////////
+//
+// pgAdmin 4 - PostgreSQL Tools
+//
+// Copyright (C) 2013 - 2026, The pgAdmin Development Team
+// This software is released under the PostgreSQL Licence
+//
+//////////////////////////////////////////////////////////////
+
 import { autoUpdater, ipcMain } from 'electron';
 import { refreshMenus } from './menu.js';
 import * as misc from './misc.js';
@@ -76,7 +85,7 @@ function handleSendDataForAppUpdate({
       data.product_name
     ) {
       const ftpUrl = encodeURIComponent(
-        `${data.auto_update_url}/pgadmin4-${data.upgrade_version}-${process.arch}.zip`
+        `${data.auto_update_url}/pgadmin4-${data.upgrade_version}-${process.arch}.zip`,
       );
       let serverUrl = `${baseUrl}/misc/auto_update/${data.current_version_int}/${data.upgrade_version}/${data.upgrade_version_int}/${data.product_name}/${ftpUrl}/?key=${UUID}`;
 
@@ -122,7 +131,7 @@ export function setupAutoUpdater({
         baseUrl,
         UUID,
         forceQuitAndInstallUpdate,
-      })
+      }),
     );
   }
 }

runtime/src/js/downloader.js

@@ -2,7 +2,7 @@
 //
 // pgAdmin 4 - PostgreSQL Tools
 //
-// Copyright (C) 2013 - 2025, The pgAdmin Development Team
+// Copyright (C) 2013 - 2026, The pgAdmin Development Team
 // This software is released under the PostgreSQL Licence
 //
 //////////////////////////////////////////////////////////////

runtime/src/js/menu.js

@@ -2,7 +2,7 @@
 //
 // pgAdmin 4 - PostgreSQL Tools
 //
-// Copyright (C) 2013 - 2025, The pgAdmin Development Team
+// Copyright (C) 2013 - 2026, The pgAdmin Development Team
 // This software is released under the PostgreSQL Licence
 //
 //////////////////////////////////////////////////////////////
@@ -135,11 +135,11 @@ function buildMenu(pgadminMenus, pgAdminMainScreen, configStore, callbacks) {
       { type: 'separator' },
       ...(isMac
         ? [
-            { role: 'hide' },
-            { role: 'hideOthers' },
-            { role: 'unhide' },
-            { type: 'separator' },
-          ]
+          { role: 'hide' },
+          { role: 'hideOthers' },
+          { role: 'unhide' },
+          { type: 'separator' },
+        ]
         : []),
       { role: 'quit' },
     ],
@@ -172,7 +172,7 @@ function buildMenu(pgadminMenus, pgAdminMainScreen, configStore, callbacks) {
         { type: 'separator' },
       ].concat(isLinux ? [] : [{ role: 'togglefullscreen' }]),
     },
-    { role: 'windowMenu' }
+    { role: 'windowMenu' },
   );
 
   template.push(pgadminMenus[pgadminMenus.length - 1]);

runtime/src/js/misc.js

@@ -2,7 +2,7 @@
 //
 // pgAdmin 4 - PostgreSQL Tools
 //
-// Copyright (C) 2013 - 2025, The pgAdmin Development Team
+// Copyright (C) 2013 - 2026, The pgAdmin Development Team
 // This software is released under the PostgreSQL Licence
 //
 //////////////////////////////////////////////////////////////

runtime/src/js/other_preload.js

@@ -2,7 +2,7 @@
 //
 // pgAdmin 4 - PostgreSQL Tools
 //
-// Copyright (C) 2013 - 2025, The pgAdmin Development Team
+// Copyright (C) 2013 - 2026, The pgAdmin Development Team
 // This software is released under the PostgreSQL Licence
 //
 //////////////////////////////////////////////////////////////

runtime/src/js/pgadmin.js

@@ -2,7 +2,7 @@
 //
 // pgAdmin 4 - PostgreSQL Tools
 //
-// Copyright (C) 2013 - 2025, The pgAdmin Development Team
+// Copyright (C) 2013 - 2026, The pgAdmin Development Team
 // This software is released under the PostgreSQL Licence
 //
 //////////////////////////////////////////////////////////////
@@ -229,6 +229,9 @@ function startDesktopMode() {
   process.env.PGADMIN_INT_KEY = UUID;
   process.env.PGADMIN_SERVER_MODE = 'OFF';
 
+  // Prevent Python from writing .pyc files to the signed bundle
+  process.env.PYTHONDONTWRITEBYTECODE = '1';
+
   // Start Page URL
   baseUrl = `http://127.0.0.1:${serverPort}`;
   startPageUrl = `${baseUrl}/?key=${UUID}`;
@@ -369,7 +372,7 @@ function launchPgAdminWindow() {
 
   setupMenu(pgAdminMainScreen, configStore, menuCallbacks);
   
-  setupDownloader()
+  setupDownloader();
   
   pgAdminMainScreen.loadURL(startPageUrl);
 
@@ -449,7 +452,7 @@ function notifyUpdateInstalled() {
         }, 10000);
       } else {
         // If main screen not ready, wait and send after it's created
-        app.once('browser-window-created', (event, window) => {
+        app.once('browser-window-created', (_event, _window) => {
           misc.writeServerLog('[Auto-Updater]: Update installed successfully.');
           setTimeout(() => {
             pgAdminMainScreen.webContents.send('notifyAppAutoUpdate', {update_installed: true});

runtime/src/js/pgadmin_preload.js

@@ -2,7 +2,7 @@
 //
 // pgAdmin 4 - PostgreSQL Tools
 //
-// Copyright (C) 2013 - 2025, The pgAdmin Development Team
+// Copyright (C) 2013 - 2026, The pgAdmin Development Team
 // This software is released under the PostgreSQL Licence
 //
 //////////////////////////////////////////////////////////////

runtime/src/js/progress.js

@@ -2,7 +2,7 @@
 //
 // pgAdmin 4 - PostgreSQL Tools
 //
-// Copyright (C) 2013 - 2025, The pgAdmin Development Team
+// Copyright (C) 2013 - 2026, The pgAdmin Development Team
 // This software is released under the PostgreSQL Licence
 //
 //////////////////////////////////////////////////////////////

runtime/yarn.lock

@@ -25,13 +25,13 @@ __metadata:
   linkType: hard
 
 "@eslint-community/eslint-utils@npm:^4.8.0":
-  version: 4.9.0
-  resolution: "@eslint-community/eslint-utils@npm:4.9.0"
+  version: 4.9.1
+  resolution: "@eslint-community/eslint-utils@npm:4.9.1"
   dependencies:
     eslint-visitor-keys: "npm:^3.4.3"
   peerDependencies:
     eslint: ^6.0.0 || ^7.0.0 || >=8.0.0
-  checksum: 10c0/8881e22d519326e7dba85ea915ac7a143367c805e6ba1374c987aa2fbdd09195cc51183d2da72c0e2ff388f84363e1b220fd0d19bef10c272c63455162176817
+  checksum: 10c0/dc4ab5e3e364ef27e33666b11f4b86e1a6c1d7cbf16f0c6ff87b1619b3562335e9201a3d6ce806221887ff780ec9d828962a290bb910759fd40a674686503f02
   languageName: node
   linkType: hard
 
@@ -42,14 +42,14 @@ __metadata:
   languageName: node
   linkType: hard
 
-"@eslint/config-array@npm:^0.21.1":
-  version: 0.21.1
-  resolution: "@eslint/config-array@npm:0.21.1"
+"@eslint/config-array@npm:^0.21.2":
+  version: 0.21.2
+  resolution: "@eslint/config-array@npm:0.21.2"
   dependencies:
     "@eslint/object-schema": "npm:^2.1.7"
     debug: "npm:^4.3.1"
-    minimatch: "npm:^3.1.2"
-  checksum: 10c0/2f657d4edd6ddcb920579b72e7a5b127865d4c3fb4dda24f11d5c4f445a93ca481aebdbd6bf3291c536f5d034458dbcbb298ee3b698bc6c9dd02900fe87eec3c
+    minimatch: "npm:^3.1.5"
+  checksum: 10c0/89dfe815d18456177c0a1f238daf4593107fd20298b3598e0103054360d3b8d09d967defd8318f031185d68df1f95cfa68becf1390a9c5c6887665f1475142e3
   languageName: node
   linkType: hard
 
@@ -71,27 +71,27 @@ __metadata:
   languageName: node
   linkType: hard
 
-"@eslint/eslintrc@npm:^3.3.1":
-  version: 3.3.3
-  resolution: "@eslint/eslintrc@npm:3.3.3"
+"@eslint/eslintrc@npm:^3.3.5":
+  version: 3.3.5
+  resolution: "@eslint/eslintrc@npm:3.3.5"
   dependencies:
-    ajv: "npm:^6.12.4"
+    ajv: "npm:^6.14.0"
     debug: "npm:^4.3.2"
     espree: "npm:^10.0.1"
     globals: "npm:^14.0.0"
     ignore: "npm:^5.2.0"
     import-fresh: "npm:^3.2.1"
     js-yaml: "npm:^4.1.1"
-    minimatch: "npm:^3.1.2"
+    minimatch: "npm:^3.1.5"
     strip-json-comments: "npm:^3.1.1"
-  checksum: 10c0/532c7acc7ddd042724c28b1f020bd7bf148fcd4653bb44c8314168b5f772508c842ce4ee070299cac51c5c5757d2124bdcfcef5551c8c58ff9986e3e17f2260d
+  checksum: 10c0/9fb9f1ca65e46d6173966e3aaa5bd353e3a65d7f1f582bebf77f578fab7d7960a399fac1ecfb1e7d52bd61f5cefd6531087ca52a3a3c388f2e1b4f1ebd3da8b7
   languageName: node
   linkType: hard
 
-"@eslint/js@npm:9.39.1":
-  version: 9.39.1
-  resolution: "@eslint/js@npm:9.39.1"
-  checksum: 10c0/6f7f26f8cdb7ad6327bbf9741973b6278eb946f18f70e35406e88194b0d5c522d0547a34a02f2a208eec95c5d1388cdf7ccb20039efd2e4cb6655615247a50f1
+"@eslint/js@npm:9.39.4":
+  version: 9.39.4
+  resolution: "@eslint/js@npm:9.39.4"
+  checksum: 10c0/5aa7dea2cbc5decf7f5e3b0c6f86a084ccee0f792d288ca8e839f8bc1b64e03e227068968e49b26096e6f71fd857ab6e42691d1b993826b9a3883f1bdd7a0e46
   languageName: node
   linkType: hard
 
@@ -179,9 +179,9 @@ __metadata:
   linkType: hard
 
 "@types/http-cache-semantics@npm:*":
-  version: 4.0.4
-  resolution: "@types/http-cache-semantics@npm:4.0.4"
-  checksum: 10c0/51b72568b4b2863e0fe8d6ce8aad72a784b7510d72dc866215642da51d84945a9459fa89f49ec48f1e9a1752e6a78e85a4cda0ded06b1c73e727610c925f9ce6
+  version: 4.2.0
+  resolution: "@types/http-cache-semantics@npm:4.2.0"
+  checksum: 10c0/82dd33cbe7d4843f1e884a251c6a12d385b62274353b9db167462e7fbffdbb3a83606f9952203017c5b8cabbd7b9eef0cf240a3a9dedd20f69875c9701939415
   languageName: node
   linkType: hard
 
@@ -202,20 +202,20 @@ __metadata:
   linkType: hard
 
 "@types/node@npm:*":
-  version: 24.10.1
-  resolution: "@types/node@npm:24.10.1"
+  version: 25.5.0
+  resolution: "@types/node@npm:25.5.0"
   dependencies:
-    undici-types: "npm:~7.16.0"
-  checksum: 10c0/d6bca7a78f550fbb376f236f92b405d676003a8a09a1b411f55920ef34286ee3ee51f566203920e835478784df52662b5b2af89159d9d319352e9ea21801c002
+    undici-types: "npm:~7.18.0"
+  checksum: 10c0/70c508165b6758c4f88d4f91abca526c3985eee1985503d4c2bd994dbaf588e52ac57e571160f18f117d76e963570ac82bd20e743c18987e82564312b3b62119
   languageName: node
   linkType: hard
 
-"@types/node@npm:^22.7.7":
-  version: 22.19.1
-  resolution: "@types/node@npm:22.19.1"
+"@types/node@npm:^24.9.0":
+  version: 24.12.0
+  resolution: "@types/node@npm:24.12.0"
   dependencies:
-    undici-types: "npm:~6.21.0"
-  checksum: 10c0/6edd93aea86da740cb7872626839cd6f4a67a049d3a3a6639cb592c620ec591408a30989ab7410008d1a0b2d4985ce50f1e488e79c033e4476d3bec6833b0a2f
+    undici-types: "npm:~7.16.0"
+  checksum: 10c0/8b31c0af5b5474f13048a4e77c57f22cd4f8fe6e58c4b6fde9456b0c13f46a5bfaf5744ff88fd089581de9f0d6e99c584e022681de7acb26a58d258c654c4843
   languageName: node
   linkType: hard
 
@@ -247,11 +247,11 @@ __metadata:
   linkType: hard
 
 "acorn@npm:^8.15.0":
-  version: 8.15.0
-  resolution: "acorn@npm:8.15.0"
+  version: 8.16.0
+  resolution: "acorn@npm:8.16.0"
   bin:
     acorn: bin/acorn
-  checksum: 10c0/dec73ff59b7d6628a01eebaece7f2bdb8bb62b9b5926dcad0f8931f2b8b79c2be21f6c68ac095592adb5adb15831a3635d9343e6a91d028bbe85d564875ec3ec
+  checksum: 10c0/c9c52697227661b68d0debaf972222d4f622aa06b185824164e153438afa7b08273432ca43ea792cadb24dada1d46f6f6bb1ef8de9956979288cc1b96bf9914e
   languageName: node
   linkType: hard
 
@@ -269,31 +269,31 @@ __metadata:
   languageName: node
   linkType: hard
 
-"ajv@npm:^6.12.4":
-  version: 6.12.6
-  resolution: "ajv@npm:6.12.6"
+"ajv@npm:^6.14.0":
+  version: 6.14.0
+  resolution: "ajv@npm:6.14.0"
   dependencies:
     fast-deep-equal: "npm:^3.1.1"
     fast-json-stable-stringify: "npm:^2.0.0"
     json-schema-traverse: "npm:^0.4.1"
     uri-js: "npm:^4.2.2"
-  checksum: 10c0/41e23642cbe545889245b9d2a45854ebba51cda6c778ebced9649420d9205f2efb39cb43dbc41e358409223b1ea43303ae4839db682c848b891e4811da1a5a71
+  checksum: 10c0/a2bc39b0555dc9802c899f86990eb8eed6e366cddbf65be43d5aa7e4f3c4e1a199d5460fd7ca4fb3d864000dbbc049253b72faa83b3b30e641ca52cb29a68c22
   languageName: node
   linkType: hard
 
 "ajv@npm:^8.0.0, ajv@npm:^8.17.1":
-  version: 8.17.1
-  resolution: "ajv@npm:8.17.1"
+  version: 8.18.0
+  resolution: "ajv@npm:8.18.0"
   dependencies:
     fast-deep-equal: "npm:^3.1.3"
     fast-uri: "npm:^3.0.1"
     json-schema-traverse: "npm:^1.0.0"
     require-from-string: "npm:^2.0.2"
-  checksum: 10c0/ec3ba10a573c6b60f94639ffc53526275917a2df6810e4ab5a6b959d87459f9ef3f00d5e7865b82677cb7d21590355b34da14d1d0b9c32d75f95a187e76fff35
+  checksum: 10c0/e7517c426173513a07391be951879932bdf3348feaebd2199f5b901c20f99d60db8cd1591502d4d551dc82f594e82a05c4fe1c70139b15b8937f7afeaed9532f
   languageName: node
   linkType: hard
 
-"ansi-regex@npm:^6.0.1":
+"ansi-regex@npm:^6.2.2":
   version: 6.2.2
   resolution: "ansi-regex@npm:6.2.2"
   checksum: 10c0/05d4acb1d2f59ab2cf4b794339c7b168890d44dda4bf0ce01152a8da0213aca207802f930442ce8cd22d7a92f44907664aac6508904e75e038fa944d2601b30f
@@ -345,23 +345,23 @@ __metadata:
   linkType: hard
 
 "atomically@npm:^2.0.3":
-  version: 2.1.0
-  resolution: "atomically@npm:2.1.0"
+  version: 2.1.1
+  resolution: "atomically@npm:2.1.1"
   dependencies:
     stubborn-fs: "npm:^2.0.0"
     when-exit: "npm:^2.1.4"
-  checksum: 10c0/c352ce2e247e4f9aec4e5f46b9720a3598a8241ba4ac7d067060cfd418051268976fec5c958b9d13cc1139b9f11076a8cbdb7837c2e15ca34d3dcceb9c1000b5
+  checksum: 10c0/8813decdea834eab9b95c63ae3762355e9182e718b49be50153539bb52f727851f5096ef180f84901572dac31c51cb113a3bf3dda12fa633a16bc58f49ba003d
   languageName: node
   linkType: hard
 
-"axios@npm:^1.13.2":
-  version: 1.13.2
-  resolution: "axios@npm:1.13.2"
+"axios@npm:^1.13.5":
+  version: 1.13.6
+  resolution: "axios@npm:1.13.6"
   dependencies:
-    follow-redirects: "npm:^1.15.6"
-    form-data: "npm:^4.0.4"
+    follow-redirects: "npm:^1.15.11"
+    form-data: "npm:^4.0.5"
     proxy-from-env: "npm:^1.1.0"
-  checksum: 10c0/e8a42e37e5568ae9c7a28c348db0e8cf3e43d06fcbef73f0048669edfe4f71219664da7b6cc991b0c0f01c28a48f037c515263cb79be1f1ae8ff034cd813867b
+  checksum: 10c0/51fb5af055c3b85662fa97df17d986ae2c37d13bf86d50b6bb36b6b3a2dec6966a1d3a14ab3774b71707b155ae3597ed9b7babdf1a1a863d1a31840cb8e7ec71
   languageName: node
   linkType: hard
 
@@ -497,8 +497,8 @@ __metadata:
   linkType: hard
 
 "conf@npm:^15.0.2":
-  version: 15.0.2
-  resolution: "conf@npm:15.0.2"
+  version: 15.1.0
+  resolution: "conf@npm:15.1.0"
   dependencies:
     ajv: "npm:^8.17.1"
     ajv-formats: "npm:^3.0.1"
@@ -509,7 +509,7 @@ __metadata:
     json-schema-typed: "npm:^8.0.1"
     semver: "npm:^7.7.2"
     uint8array-extras: "npm:^1.5.0"
-  checksum: 10c0/77713ffe61e1ec26713fba972b6a4f589a3c45872cf07f0e6499a3e54fe855d2c88bf80e148346b28abef0174e4bffcb98cc0a58dd42d451c936a045bd319113
+  checksum: 10c0/ba3c74891f48232a7d32e473508c147a431a7bfdd266ebdeaf4e737227568345ea632a42d02e35f13740cb9a54076d79572d31591d6debae3b6bee089fa91c8a
   languageName: node
   linkType: hard
 
@@ -663,16 +663,16 @@ __metadata:
   languageName: node
   linkType: hard
 
-"electron@npm:39.2.4":
-  version: 39.2.4
-  resolution: "electron@npm:39.2.4"
+"electron@npm:41.0.2":
+  version: 41.0.2
+  resolution: "electron@npm:41.0.2"
   dependencies:
     "@electron/get": "npm:^2.0.0"
-    "@types/node": "npm:^22.7.7"
+    "@types/node": "npm:^24.9.0"
     extract-zip: "npm:^2.0.1"
   bin:
     electron: cli.js
-  checksum: 10c0/d84bf710c16124c4b81e36b1fedbb8ee2ac040447b1ea3fcf374c509db7e40859579685e33d6dcdd2d8adbd8e3562f2bad062780c4a9f620d77c6ba0c4e72554
+  checksum: 10c0/2aabd5d72e339e1c839cb75491e1f1154120dd2c16039c515db4cc26cb85d05006d8ebb251c8d5b5b811527e2135afe5fe68e1e95831e821b6e38d957ca9c808
   languageName: node
   linkType: hard
 
@@ -769,16 +769,16 @@ __metadata:
   languageName: node
   linkType: hard
 
-"eslint-plugin-unused-imports@npm:^4.2.0":
-  version: 4.3.0
-  resolution: "eslint-plugin-unused-imports@npm:4.3.0"
+"eslint-plugin-unused-imports@npm:^4.4.1":
+  version: 4.4.1
+  resolution: "eslint-plugin-unused-imports@npm:4.4.1"
   peerDependencies:
     "@typescript-eslint/eslint-plugin": ^8.0.0-0 || ^7.0.0 || ^6.0.0 || ^5.0.0
-    eslint: ^9.0.0 || ^8.0.0
+    eslint: ^10.0.0 || ^9.0.0 || ^8.0.0
   peerDependenciesMeta:
     "@typescript-eslint/eslint-plugin":
       optional: true
-  checksum: 10c0/aa4d8ebd8bea5fc0ac8d3fdeb0d0ed2dd0fccb96a1f5569bca772f71b4c45edd1b3c32d9754fb175c45ccf4d123725f333bf99380b9896bb678a8d599e290aa3
+  checksum: 10c0/bef630eedc3c239ca1c0a11c6af60485310e3934bd0819d3eb51e0acabdafc722c97d35457750a957541f5cc6a99aa78abb359eb3837d3702d836b6d24cbd573
   languageName: node
   linkType: hard
 
@@ -806,23 +806,23 @@ __metadata:
   languageName: node
   linkType: hard
 
-"eslint@npm:^9.39.1":
-  version: 9.39.1
-  resolution: "eslint@npm:9.39.1"
+"eslint@npm:^9.39.2":
+  version: 9.39.4
+  resolution: "eslint@npm:9.39.4"
   dependencies:
     "@eslint-community/eslint-utils": "npm:^4.8.0"
     "@eslint-community/regexpp": "npm:^4.12.1"
-    "@eslint/config-array": "npm:^0.21.1"
+    "@eslint/config-array": "npm:^0.21.2"
     "@eslint/config-helpers": "npm:^0.4.2"
     "@eslint/core": "npm:^0.17.0"
-    "@eslint/eslintrc": "npm:^3.3.1"
-    "@eslint/js": "npm:9.39.1"
+    "@eslint/eslintrc": "npm:^3.3.5"
+    "@eslint/js": "npm:9.39.4"
     "@eslint/plugin-kit": "npm:^0.4.1"
     "@humanfs/node": "npm:^0.16.6"
     "@humanwhocodes/module-importer": "npm:^1.0.1"
     "@humanwhocodes/retry": "npm:^0.4.2"
     "@types/estree": "npm:^1.0.6"
-    ajv: "npm:^6.12.4"
+    ajv: "npm:^6.14.0"
     chalk: "npm:^4.0.0"
     cross-spawn: "npm:^7.0.6"
     debug: "npm:^4.3.2"
@@ -841,7 +841,7 @@ __metadata:
     is-glob: "npm:^4.0.0"
     json-stable-stringify-without-jsonify: "npm:^1.0.1"
     lodash.merge: "npm:^4.6.2"
-    minimatch: "npm:^3.1.2"
+    minimatch: "npm:^3.1.5"
     natural-compare: "npm:^1.4.0"
     optionator: "npm:^0.9.3"
   peerDependencies:
@@ -851,7 +851,7 @@ __metadata:
       optional: true
   bin:
     eslint: bin/eslint.js
-  checksum: 10c0/59b2480639404ba24578ca480f973683b87b7aac8aa7e349240474a39067804fd13cd8b9cb22fee074170b8c7c563b57bab703ec0f0d3f81ea017e5d2cad299d
+  checksum: 10c0/1955067c2d991f0c84f4c4abfafe31bb47fa3b717a7fd3e43fe1e511c6f859d7700cbca969f85661dc4c130f7aeced5e5444884314198a54428f5e5141db9337
   languageName: node
   linkType: hard
 
@@ -867,11 +867,11 @@ __metadata:
   linkType: hard
 
 "esquery@npm:^1.5.0":
-  version: 1.6.0
-  resolution: "esquery@npm:1.6.0"
+  version: 1.7.0
+  resolution: "esquery@npm:1.7.0"
   dependencies:
     estraverse: "npm:^5.1.0"
-  checksum: 10c0/cb9065ec605f9da7a76ca6dadb0619dfb611e37a81e318732977d90fab50a256b95fee2d925fba7c2f3f0523aa16f91587246693bc09bc34d5a59575fe6e93d2
+  checksum: 10c0/77d5173db450b66f3bc685d11af4c90cffeedb340f34a39af96d43509a335ce39c894fd79233df32d38f5e4e219fa0f7076f6ec90bae8320170ba082c0db4793
   languageName: node
   linkType: hard
 
@@ -1001,13 +1001,13 @@ __metadata:
   linkType: hard
 
 "flatted@npm:^3.2.9":
-  version: 3.3.3
-  resolution: "flatted@npm:3.3.3"
-  checksum: 10c0/e957a1c6b0254aa15b8cce8533e24165abd98fadc98575db082b786b5da1b7d72062b81bfdcd1da2f4d46b6ed93bec2434e62333e9b4261d79ef2e75a10dd538
+  version: 3.4.1
+  resolution: "flatted@npm:3.4.1"
+  checksum: 10c0/3987a7f1e39bc7215cece001354313b462cdb4fb2dde0df4f7acd9e5016fbae56ee6fb3f0870b2150145033be8bda4f01af6f87a00946049651131bbfca7dfa6
   languageName: node
   linkType: hard
 
-"follow-redirects@npm:^1.15.6":
+"follow-redirects@npm:^1.15.11":
   version: 1.15.11
   resolution: "follow-redirects@npm:1.15.11"
   peerDependenciesMeta:
@@ -1017,7 +1017,7 @@ __metadata:
   languageName: node
   linkType: hard
 
-"form-data@npm:^4.0.4":
+"form-data@npm:^4.0.5":
   version: 4.0.5
   resolution: "form-data@npm:4.0.5"
   dependencies:
@@ -1056,9 +1056,9 @@ __metadata:
   linkType: hard
 
 "get-east-asian-width@npm:^1.0.0":
-  version: 1.4.0
-  resolution: "get-east-asian-width@npm:1.4.0"
-  checksum: 10c0/4e481d418e5a32061c36fbb90d1b225a254cc5b2df5f0b25da215dcd335a3c111f0c2023ffda43140727a9cafb62dac41d022da82c08f31083ee89f714ee3b83
+  version: 1.5.0
+  resolution: "get-east-asian-width@npm:1.5.0"
+  checksum: 10c0/bff8bbc8d81790b9477f7aa55b1806b9f082a8dc1359fff7bd8b96939622c86b729685afc2bfeb22def1fc6ef1e5228e4d87dd4e6da60bc43a5edfb03c4ee167
   languageName: node
   linkType: hard
 
@@ -1461,12 +1461,12 @@ __metadata:
   languageName: node
   linkType: hard
 
-"minimatch@npm:^3.1.2":
-  version: 3.1.2
-  resolution: "minimatch@npm:3.1.2"
+"minimatch@npm:^3.1.5":
+  version: 3.1.5
+  resolution: "minimatch@npm:3.1.5"
   dependencies:
     brace-expansion: "npm:^1.1.7"
-  checksum: 10c0/0262810a8fc2e72cca45d6fd86bd349eee435eb95ac6aa45c9ea2180e7ee875ef44c32b55b5973ceabe95ea12682f6e3725cbb63d7a2d1da3ae1163c8b210311
+  checksum: 10c0/2ecbdc0d33f07bddb0315a8b5afbcb761307a8778b48f0b312418ccbced99f104a2d17d8aca7573433c70e8ccd1c56823a441897a45e384ea76ef401a26ace70
   languageName: node
   linkType: hard
 
@@ -1587,12 +1587,12 @@ __metadata:
   version: 0.0.0-use.local
   resolution: "pgadmin4@workspace:."
   dependencies:
-    axios: "npm:^1.13.2"
-    electron: "npm:39.2.4"
+    axios: "npm:^1.13.5"
+    electron: "npm:41.0.2"
     electron-context-menu: "npm:^4.1.0"
     electron-store: "npm:^11.0.2"
-    eslint: "npm:^9.39.1"
-    eslint-plugin-unused-imports: "npm:^4.2.0"
+    eslint: "npm:^9.39.2"
+    eslint-plugin-unused-imports: "npm:^4.4.1"
   languageName: unknown
   linkType: soft
 
@@ -1618,12 +1618,12 @@ __metadata:
   linkType: hard
 
 "pump@npm:^3.0.0":
-  version: 3.0.3
-  resolution: "pump@npm:3.0.3"
+  version: 3.0.4
+  resolution: "pump@npm:3.0.4"
   dependencies:
     end-of-stream: "npm:^1.1.0"
     once: "npm:^1.3.1"
-  checksum: 10c0/ada5cdf1d813065bbc99aa2c393b8f6beee73b5de2890a8754c9f488d7323ffd2ca5f5a0943b48934e3fcbd97637d0337369c3c631aeb9614915db629f1c75c9
+  checksum: 10c0/2780e66b5471c19e3e3e1063b84f3f6a3a08367f24c5ed552f98cd5901e6ada27c7ad6495d4244f553fd03b01884a4561933064f053f47c8994d84fd352768ea
   languageName: node
   linkType: hard
 
@@ -1711,11 +1711,11 @@ __metadata:
   linkType: hard
 
 "semver@npm:^7.3.2, semver@npm:^7.7.2":
-  version: 7.7.3
-  resolution: "semver@npm:7.7.3"
+  version: 7.7.4
+  resolution: "semver@npm:7.7.4"
   bin:
     semver: bin/semver.js
-  checksum: 10c0/4afe5c986567db82f44c8c6faef8fe9df2a9b1d98098fc1721f57c696c4c21cebd572f297fc21002f81889492345b8470473bc6f4aff5fb032a6ea59ea2bc45e
+  checksum: 10c0/5215ad0234e2845d4ea5bb9d836d42b03499546ddafb12075566899fc617f68794bb6f146076b6881d755de17d6c6cc73372555879ec7dce2c2feee947866ad2
   languageName: node
   linkType: hard
 
@@ -1791,11 +1791,11 @@ __metadata:
   linkType: hard
 
 "strip-ansi@npm:^7.1.0":
-  version: 7.1.2
-  resolution: "strip-ansi@npm:7.1.2"
+  version: 7.2.0
+  resolution: "strip-ansi@npm:7.2.0"
   dependencies:
-    ansi-regex: "npm:^6.0.1"
-  checksum: 10c0/0d6d7a023de33368fd042aab0bf48f4f4077abdfd60e5393e73c7c411e85e1b3a83507c11af2e656188511475776215df9ca589b4da2295c9455cc399ce1858b
+    ansi-regex: "npm:^6.2.2"
+  checksum: 10c0/544d13b7582f8254811ea97db202f519e189e59d35740c46095897e254e4f1aa9fe1524a83ad6bc5ad67d4dd6c0281d2e0219ed62b880a6238a16a17d375f221
   languageName: node
   linkType: hard
 
@@ -1864,11 +1864,11 @@ __metadata:
   linkType: hard
 
 "type-fest@npm:^5.0.0, type-fest@npm:^5.0.1":
-  version: 5.2.0
-  resolution: "type-fest@npm:5.2.0"
+  version: 5.4.4
+  resolution: "type-fest@npm:5.4.4"
   dependencies:
     tagged-tag: "npm:^1.0.0"
-  checksum: 10c0/5fd6c651c08d735213257c1b9498dc4a5b78ce94748901da5945a8e0cde5152dfba59c4bd749845072278ebf92be4351369ed5c79cc695402d3aa4fe1d3f9aa5
+  checksum: 10c0/bf9c6d7df5383fd720aac71da8ce8690ff1c554459d19cf3c72d61eac98255dba57abe20c628f91f4116f66211791462fdafa90b2be2d7405a5a4c295e4d849d
   languageName: node
   linkType: hard
 
@@ -1879,13 +1879,6 @@ __metadata:
   languageName: node
   linkType: hard
 
-"undici-types@npm:~6.21.0":
-  version: 6.21.0
-  resolution: "undici-types@npm:6.21.0"
-  checksum: 10c0/c01ed51829b10aa72fc3ce64b747f8e74ae9b60eafa19a7b46ef624403508a54c526ffab06a14a26b3120d055e1104d7abe7c9017e83ced038ea5cf52f8d5e04
-  languageName: node
-  linkType: hard
-
 "undici-types@npm:~7.16.0":
   version: 7.16.0
   resolution: "undici-types@npm:7.16.0"
@@ -1893,6 +1886,13 @@ __metadata:
   languageName: node
   linkType: hard
 
+"undici-types@npm:~7.18.0":
+  version: 7.18.2
+  resolution: "undici-types@npm:7.18.2"
+  checksum: 10c0/85a79189113a238959d7a647368e4f7c5559c3a404ebdb8fc4488145ce9426fcd82252a844a302798dfc0e37e6fb178ff481ed03bc4caf634c5757d9ef43521d
+  languageName: node
+  linkType: hard
+
 "universalify@npm:^0.1.0":
   version: 0.1.2
   resolution: "universalify@npm:0.1.2"

tools/copyright_updater.py

@@ -4,7 +4,7 @@
 #
 # pgAdmin 4 - PostgreSQL Tools
 #
-# Copyright (C) 2013 - 2025, The pgAdmin Development Team
+# Copyright (C) 2013 - 2026, The pgAdmin Development Team
 # This software is released under the PostgreSQL Licence
 #
 ##########################################################################

tools/get_sb_package.py

@@ -4,7 +4,7 @@
 #
 # pgAdmin 4 - PostgreSQL Tools
 #
-# Copyright (C) 2013 - 2025, The pgAdmin Development Team
+# Copyright (C) 2013 - 2026, The pgAdmin Development Team
 # This software is released under the PostgreSQL Licence
 #
 ##########################################################################

tools/release_converter.py

@@ -5,7 +5,7 @@
 #
 # pgAdmin 4 - PostgreSQL Tools
 #
-# Copyright (C) 2013 - 2025, The pgAdmin Development Team
+# Copyright (C) 2013 - 2026, The pgAdmin Development Team
 # This software is released under the PostgreSQL Licence
 #
 ##########################################################################

tools/sql_keywords.py

@@ -4,7 +4,7 @@
 #
 # pgAdmin 4 - PostgreSQL Tools
 #
-# Copyright (C) 2013 - 2025, The pgAdmin Development Team
+# Copyright (C) 2013 - 2026, The pgAdmin Development Team
 # This software is released under the PostgreSQL Licence
 #
 ##########################################################################

tools/update_selenoid_browsers.py

@@ -2,7 +2,7 @@
 #
 # pgAdmin 4 - PostgreSQL Tools
 #
-# Copyright (C) 2013 - 2025, The pgAdmin Development Team
+# Copyright (C) 2013 - 2026, The pgAdmin Development Team
 # This software is released under the PostgreSQL Licence
 #
 # #########################################################################

web/.eslintrc.js

@@ -2,7 +2,7 @@
 //
 // pgAdmin 4 - PostgreSQL Tools
 //
-// Copyright (C) 2013 - 2025, The pgAdmin Development Team
+// Copyright (C) 2013 - 2026, The pgAdmin Development Team
 // This software is released under the PostgreSQL Licence
 //
 //////////////////////////////////////////////////////////////

web/branding.py

@@ -2,7 +2,7 @@
 #
 # pgAdmin 4 - PostgreSQL Tools
 #
-# Copyright (C) 2013 - 2025, The pgAdmin Development Team
+# Copyright (C) 2013 - 2026, The pgAdmin Development Team
 # This software is released under the PostgreSQL Licence
 #
 ##########################################################################
@@ -21,7 +21,7 @@ APP_PATH = 'pgadmin'
 APP_WIN_PATH = "pgAdmin"
 
 # Copyright string for display in the app
-APP_COPYRIGHT = 'Copyright (C) 2013 - 2025, The pgAdmin Development Team'
+APP_COPYRIGHT = 'Copyright (C) 2013 - 2026, The pgAdmin Development Team'
 
 # User ID (email address) to use for the default user in desktop mode.
 # The default should be fine here, as it's not exposed in the app.

web/config.py

@@ -4,7 +4,7 @@
 #
 # pgAdmin 4 - PostgreSQL Tools
 #
-# Copyright (C) 2013 - 2025, The pgAdmin Development Team
+# Copyright (C) 2013 - 2026, The pgAdmin Development Team
 # This software is released under the PostgreSQL Licence
 #
 # config.py - Core application configuration settings
@@ -970,6 +970,86 @@ MAX_SERVER_TAGS_ALLOWED = 5
 
 ON_DEMAND_LOG_COUNT = 10000
 
+##########################################################################
+# AI/LLM Settings
+##########################################################################
+
+# Master switch to enable/disable LLM features entirely.
+# When False, all AI/LLM features are disabled and cannot be enabled
+# by users through preferences. When True, users can configure their
+# preferred LLM provider in preferences.
+LLM_ENABLED = True
+
+# Default LLM Provider
+# Specifies which LLM provider to use by default when LLM_ENABLED is True.
+# Users can override this in their preferences.
+# Valid values: 'anthropic', 'openai', 'ollama', 'docker', or '' (disabled)
+DEFAULT_LLM_PROVIDER = ''
+
+# Anthropic Configuration
+# URL for the Anthropic API endpoint. Leave empty to use the default
+# (https://api.anthropic.com/v1). Set a custom URL to use an
+# Anthropic-compatible API provider.
+ANTHROPIC_API_URL = ''
+
+# Path to a file containing the Anthropic API key. The file should contain
+# only the API key with no additional whitespace or formatting.
+# Default: ~/.anthropic-api-key
+# Note: The API key may be optional when using a custom API URL with a
+# provider that does not require authentication.
+ANTHROPIC_API_KEY_FILE = '~/.anthropic-api-key'
+
+# The Anthropic model to use for AI features.
+# Examples: claude-sonnet-4-20250514, claude-3-5-haiku-20241022
+ANTHROPIC_API_MODEL = ''
+
+# OpenAI Configuration
+# URL for the OpenAI API endpoint. Leave empty to use the default
+# (https://api.openai.com/v1). Set a custom URL to use any
+# OpenAI-compatible API provider (e.g., LiteLLM, LM Studio, EXO).
+# Include the /v1 path prefix if required by your provider
+# (e.g., http://localhost:1234/v1).
+OPENAI_API_URL = ''
+
+# Path to a file containing the OpenAI API key. The file should contain
+# only the API key with no additional whitespace or formatting.
+# Default: ~/.openai-api-key
+# Note: The API key may be optional when using a custom API URL with a
+# provider that does not require authentication.
+OPENAI_API_KEY_FILE = '~/.openai-api-key'
+
+# The OpenAI model to use for AI features.
+# Examples: gpt-4o, gpt-4o-mini, gpt-4-turbo
+OPENAI_API_MODEL = ''
+
+# Ollama Configuration
+# URL for the Ollama API endpoint. Leave empty to disable Ollama.
+# Typical value: http://localhost:11434
+OLLAMA_API_URL = ''
+
+# The Ollama model to use for AI features.
+# Examples: llama3.2, codellama, mistral
+OLLAMA_API_MODEL = ''
+
+# Docker Model Runner Configuration
+# Docker Desktop 4.40+ includes a built-in model runner with an
+# OpenAI-compatible API. No API key is required.
+# URL for the Docker Model Runner API endpoint. Leave empty to disable.
+# Typical value: http://localhost:12434
+# Tip: You can also use the OpenAI provider with a custom API URL for any
+# OpenAI-compatible endpoint, including Docker Model Runner.
+DOCKER_API_URL = ''
+
+# The Docker Model Runner model to use for AI features.
+# Examples: ai/qwen3-coder, ai/llama3.2
+DOCKER_API_MODEL = ''
+
+# Maximum Tool Iterations
+# The maximum number of tool call iterations allowed during an AI conversation.
+# This prevents runaway conversations that could consume excessive resources.
+# Users can override this in their preferences.
+MAX_LLM_TOOL_ITERATIONS = 20
+
 #############################################################################
 # Patch the default config with custom config and other manipulations
 #############################################################################

web/jest.config.js

@@ -52,7 +52,7 @@ module.exports = {
   ],
   'testEnvironment': 'jsdom',
   'transformIgnorePatterns': [
-    '[/\\\\]node_modules[/\\\\](?!react-dnd|dnd-core|@react-dnd|react-resize-detector|react-data-grid).+\\.(js|jsx|mjs|cjs|ts|tsx)$',
+    '[/\\\\]node_modules[/\\\\](?!react-dnd|dnd-core|@react-dnd|react-resize-detector|react-data-grid|marked).+\\.(js|jsx|mjs|cjs|ts|tsx)$',
     '^.+\\.module\\.(css|sass|scss)$'
   ]
 };

web/migrations/alembic.ini

@@ -2,7 +2,7 @@
 #
 # pgAdmin 4 - PostgreSQL Tools
 #
-# Copyright (C) 2013 - 2025, The pgAdmin Development Team
+# Copyright (C) 2013 - 2026, The pgAdmin Development Team
 # This software is released under the PostgreSQL Licence
 #
 ##########################################################################

web/migrations/env.py

@@ -2,7 +2,7 @@
 #
 # pgAdmin 4 - PostgreSQL Tools
 #
-# Copyright (C) 2013 - 2025, The pgAdmin Development Team
+# Copyright (C) 2013 - 2026, The pgAdmin Development Team
 # This software is released under the PostgreSQL Licence
 #
 ##########################################################################

web/migrations/script.py.mako

@@ -2,7 +2,7 @@
 ##
 ## pgAdmin 4 - PostgreSQL Tools
 ##
-## Copyright (C) 2013 - 2025, The pgAdmin Development Team
+## Copyright (C) 2013 - 2026, The pgAdmin Development Team
 ## This software is released under the PostgreSQL Licence
 ##
 ##########################################################################

web/migrations/versions/018e16dad6aa_.py

@@ -0,0 +1,38 @@
+##########################################################################
+#
+# pgAdmin 4 - PostgreSQL Tools
+#
+# Copyright (C) 2013 - 2026, The pgAdmin Development Team
+# This software is released under the PostgreSQL Licence
+#
+##########################################################################
+
+"""
+Updated id column type to BIGINT.
+
+Revision ID: 018e16dad6aa
+Revises: efbbe5d5862f
+Create Date: 2026-01-08 14:37:33.257002
+
+"""
+import sqlalchemy as sa
+from alembic import op
+
+# revision identifiers, used by Alembic.
+revision = '018e16dad6aa'
+down_revision = 'efbbe5d5862f'
+branch_labels = None
+depends_on = None
+
+
+def upgrade():
+    with op.batch_alter_table("database") as batch_op:
+        batch_op.alter_column('id',
+                              existing_type=sa.Integer(),
+                              type_=sa.BigInteger(),
+                              nullable=False)
+
+
+def downgrade():
+    # pgAdmin only upgrades, downgrade not implemented.
+    pass

web/migrations/versions/02b9dccdcfcb_.py

@@ -2,7 +2,7 @@
 #
 # pgAdmin 4 - PostgreSQL Tools
 #
-# Copyright (C) 2013 - 2025, The pgAdmin Development Team
+# Copyright (C) 2013 - 2026, The pgAdmin Development Team
 # This software is released under the PostgreSQL Licence
 #
 ##########################################################################

web/migrations/versions/09d53fca90c7_.py

@@ -2,7 +2,7 @@
 #
 # pgAdmin 4 - PostgreSQL Tools
 #
-# Copyright (C) 2013 - 2025, The pgAdmin Development Team
+# Copyright (C) 2013 - 2026, The pgAdmin Development Team
 # This software is released under the PostgreSQL Licence
 #
 ##########################################################################

web/migrations/versions/1586db67b98e_.py

@@ -2,7 +2,7 @@
 #
 # pgAdmin 4 - PostgreSQL Tools
 #
-# Copyright (C) 2013 - 2025, The pgAdmin Development Team
+# Copyright (C) 2013 - 2026, The pgAdmin Development Team
 # This software is released under the PostgreSQL Licence
 #
 ##########################################################################

web/migrations/versions/15c88f765bc8_.py

@@ -2,7 +2,7 @@
 #
 # pgAdmin 4 - PostgreSQL Tools
 #
-# Copyright (C) 2013 - 2025, The pgAdmin Development Team
+# Copyright (C) 2013 - 2026, The pgAdmin Development Team
 # This software is released under the PostgreSQL Licence
 #
 ##########################################################################

web/migrations/versions/1f0eddc8fc79_.py

@@ -2,7 +2,7 @@
 #
 # pgAdmin 4 - PostgreSQL Tools
 #
-# Copyright (C) 2013 - 2025, The pgAdmin Development Team
+# Copyright (C) 2013 - 2026, The pgAdmin Development Team
 # This software is released under the PostgreSQL Licence
 #
 ##########################################################################

web/migrations/versions/255e2842e4d7_.py

@@ -2,7 +2,7 @@
 #
 # pgAdmin 4 - PostgreSQL Tools
 #
-# Copyright (C) 2013 - 2025, The pgAdmin Development Team
+# Copyright (C) 2013 - 2026, The pgAdmin Development Team
 # This software is released under the PostgreSQL Licence
 #
 ##########################################################################

web/migrations/versions/35f29b1701bd_.py

@@ -2,7 +2,7 @@
 #
 # pgAdmin 4 - PostgreSQL Tools
 #
-# Copyright (C) 2013 - 2025, The pgAdmin Development Team
+# Copyright (C) 2013 - 2026, The pgAdmin Development Team
 # This software is released under the PostgreSQL Licence
 #
 ##########################################################################

web/migrations/versions/398697dc9550_.py

@@ -2,7 +2,7 @@
 #
 # pgAdmin 4 - PostgreSQL Tools
 #
-# Copyright (C) 2013 - 2025, The pgAdmin Development Team
+# Copyright (C) 2013 - 2026, The pgAdmin Development Team
 # This software is released under the PostgreSQL Licence
 #
 ##########################################################################

web/migrations/versions/3c1e4b6eda55_.py

@@ -2,7 +2,7 @@
 #
 # pgAdmin 4 - PostgreSQL Tools
 #
-# Copyright (C) 2013 - 2025, The pgAdmin Development Team
+# Copyright (C) 2013 - 2026, The pgAdmin Development Team
 # This software is released under the PostgreSQL Licence
 #
 ##########################################################################

web/migrations/versions/3ce25f562f3b_.py

@@ -2,7 +2,7 @@
 #
 # pgAdmin 4 - PostgreSQL Tools
 #
-# Copyright (C) 2013 - 2025, The pgAdmin Development Team
+# Copyright (C) 2013 - 2026, The pgAdmin Development Team
 # This software is released under the PostgreSQL Licence
 #
 ##########################################################################

web/migrations/versions/44926ac97232_.py

@@ -2,7 +2,7 @@
 #
 # pgAdmin 4 - PostgreSQL Tools
 #
-# Copyright (C) 2013 - 2025, The pgAdmin Development Team
+# Copyright (C) 2013 - 2026, The pgAdmin Development Team
 # This software is released under the PostgreSQL Licence
 #
 ##########################################################################

web/migrations/versions/44b9ce549393_.py

@@ -2,7 +2,7 @@
 #
 # pgAdmin 4 - PostgreSQL Tools
 #
-# Copyright (C) 2013 - 2025, The pgAdmin Development Team
+# Copyright (C) 2013 - 2026, The pgAdmin Development Team
 # This software is released under the PostgreSQL Licence
 #
 ##########################################################################

web/migrations/versions/493cd3e39c0c_.py

@@ -2,7 +2,7 @@
 #
 # pgAdmin 4 - PostgreSQL Tools
 #
-# Copyright (C) 2013 - 2025, The pgAdmin Development Team
+# Copyright (C) 2013 - 2026, The pgAdmin Development Team
 # This software is released under the PostgreSQL Licence
 #
 ##########################################################################

web/migrations/versions/50aad68f99c2_.py

@@ -2,7 +2,7 @@
 #
 # pgAdmin 4 - PostgreSQL Tools
 #
-# Copyright (C) 2013 - 2025, The pgAdmin Development Team
+# Copyright (C) 2013 - 2026, The pgAdmin Development Team
 # This software is released under the PostgreSQL Licence
 #
 ##########################################################################

web/migrations/versions/6650c52670c2_.py

@@ -2,7 +2,7 @@
 #
 # pgAdmin 4 - PostgreSQL Tools
 #
-# Copyright (C) 2013 - 2025, The pgAdmin Development Team
+# Copyright (C) 2013 - 2026, The pgAdmin Development Team
 # This software is released under the PostgreSQL Licence
 #
 ##########################################################################

web/migrations/versions/7c56ea250085_.py

@@ -2,7 +2,7 @@
 #
 # pgAdmin 4 - PostgreSQL Tools
 #
-# Copyright (C) 2013 - 2025, The pgAdmin Development Team
+# Copyright (C) 2013 - 2026, The pgAdmin Development Team
 # This software is released under the PostgreSQL Licence
 #
 ##########################################################################

web/migrations/versions/7fedf8531802_.py

@@ -2,7 +2,7 @@
 #
 # pgAdmin 4 - PostgreSQL Tools
 #
-# Copyright (C) 2013 - 2025, The pgAdmin Development Team
+# Copyright (C) 2013 - 2026, The pgAdmin Development Team
 # This software is released under the PostgreSQL Licence
 #
 ##########################################################################

web/migrations/versions/81c7ffeffeee_.py

@@ -2,7 +2,7 @@
 #
 # pgAdmin 4 - PostgreSQL Tools
 #
-# Copyright (C) 2013 - 2025, The pgAdmin Development Team
+# Copyright (C) 2013 - 2026, The pgAdmin Development Team
 # This software is released under the PostgreSQL Licence
 #
 ##########################################################################