diff --git a/config/reference.php b/config/reference.php
index e1304d43..b561084b 100644
--- a/config/reference.php
+++ b/config/reference.php
@@ -193,40 +193,40 @@ use Symfony\Component\Config\Loader\ParamConfigurator as Param;
  *     workflows?: bool|array{
  *         enabled?: bool|Param, // Default: false
  *         workflows?: array<string, array{ // Default: []
- *                 audit_trail?: bool|array{
- *                     enabled?: bool|Param, // Default: false
- *                 },
- *                 type?: "workflow"|"state_machine"|Param, // Default: "state_machine"
- *                 marking_store?: array{
- *                     type?: "method"|Param,
- *                     property?: scalar|Param|null,
- *                     service?: scalar|Param|null,
- *                 },
- *                 supports?: string|list<scalar|Param|null>,
- *                 definition_validators?: list<scalar|Param|null>,
- *                 support_strategy?: scalar|Param|null,
- *                 initial_marking?: backed-enum|string|list<scalar|Param|null>,
- *                 events_to_dispatch?: null|list<string|Param>,
- *                 places?: string|list<array{ // Default: []
- *                         name?: scalar|Param|null,
- *                         metadata?: array<string, mixed>,
- *                     }>,
- *                 transitions?: list<array{ // Default: []
- *                         name?: string|Param,
- *                         guard?: string|Param, // An expression to block the transition.
- *                         from?: backed-enum|string|list<array{ // Default: []
- *                                 place?: string|Param,
- *                                 weight?: int|Param, // Default: 1
- *                             }>,
- *                         to?: backed-enum|string|list<array{ // Default: []
- *                                 place?: string|Param,
- *                                 weight?: int|Param, // Default: 1
- *                             }>,
- *                         weight?: int|Param, // Default: 1
- *                         metadata?: array<string, mixed>,
- *                     }>,
+ *             audit_trail?: bool|array{
+ *                 enabled?: bool|Param, // Default: false
+ *             },
+ *             type?: "workflow"|"state_machine"|Param, // Default: "state_machine"
+ *             marking_store?: array{
+ *                 type?: "method"|Param,
+ *                 property?: scalar|Param|null,
+ *                 service?: scalar|Param|null,
+ *             },
+ *             supports?: string|list<scalar|Param|null>,
+ *             definition_validators?: list<scalar|Param|null>,
+ *             support_strategy?: scalar|Param|null,
+ *             initial_marking?: \BackedEnum|string|list<scalar|Param|null>,
+ *             events_to_dispatch?: null|list<string|Param>,
+ *             places?: string|list<array{ // Default: []
+ *                 name?: scalar|Param|null,
  *                 metadata?: array<string, mixed>,
  *             }>,
+ *             transitions?: list<array{ // Default: []
+ *                 name?: string|Param,
+ *                 guard?: string|Param, // An expression to block the transition.
+ *                 from?: \BackedEnum|string|list<array{ // Default: []
+ *                     place?: string|Param,
+ *                     weight?: int|Param, // Default: 1
+ *                 }>,
+ *                 to?: \BackedEnum|string|list<array{ // Default: []
+ *                     place?: string|Param,
+ *                     weight?: int|Param, // Default: 1
+ *                 }>,
+ *                 weight?: int|Param, // Default: 1
+ *                 metadata?: array<string, mixed>,
+ *             }>,
+ *             metadata?: array<string, mixed>,
+ *         }>,
  *     },
  *     router?: bool|array{ // Router configuration
  *         enabled?: bool|Param, // Default: false
@@ -273,14 +273,14 @@ use Symfony\Component\Config\Loader\ParamConfigurator as Param;
  *         base_path?: scalar|Param|null, // Default: ""
  *         base_urls?: string|list<scalar|Param|null>,
  *         packages?: array<string, array{ // Default: []
- *                 strict_mode?: bool|Param, // Throw an exception if an entry is missing from the manifest.json. // Default: false
- *                 version_strategy?: scalar|Param|null, // Default: null
- *                 version?: scalar|Param|null,
- *                 version_format?: scalar|Param|null, // Default: null
- *                 json_manifest_path?: scalar|Param|null, // Default: null
- *                 base_path?: scalar|Param|null, // Default: ""
- *                 base_urls?: string|list<scalar|Param|null>,
- *             }>,
+ *             strict_mode?: bool|Param, // Throw an exception if an entry is missing from the manifest.json. // Default: false
+ *             version_strategy?: scalar|Param|null, // Default: null
+ *             version?: scalar|Param|null,
+ *             version_format?: scalar|Param|null, // Default: null
+ *             json_manifest_path?: scalar|Param|null, // Default: null
+ *             base_path?: scalar|Param|null, // Default: ""
+ *             base_urls?: string|list<scalar|Param|null>,
+ *         }>,
  *     },
  *     asset_mapper?: bool|array{ // Asset Mapper configuration
  *         enabled?: bool|Param, // Default: false
@@ -318,16 +318,16 @@ use Symfony\Component\Config\Loader\ParamConfigurator as Param;
  *             localizable_html_attributes?: list<scalar|Param|null>,
  *         },
  *         providers?: array<string, array{ // Default: []
- *                 dsn?: scalar|Param|null,
- *                 domains?: list<scalar|Param|null>,
- *                 locales?: list<scalar|Param|null>,
- *             }>,
+ *             dsn?: scalar|Param|null,
+ *             domains?: list<scalar|Param|null>,
+ *             locales?: list<scalar|Param|null>,
+ *         }>,
  *         globals?: array<string, string|array{ // Default: []
- *                 value?: mixed,
- *                 message?: string|Param,
- *                 parameters?: array<string, scalar|Param|null>,
- *                 domain?: string|Param,
- *             }>,
+ *             value?: mixed,
+ *             message?: string|Param,
+ *             parameters?: array<string, scalar|Param|null>,
+ *             domain?: string|Param,
+ *         }>,
  *     },
  *     validation?: bool|array{ // Validation configuration
  *         enabled?: bool|Param, // Default: true
@@ -345,8 +345,8 @@ use Symfony\Component\Config\Loader\ParamConfigurator as Param;
  *         },
  *         disable_translation?: bool|Param, // Default: false
  *         auto_mapping?: array<string, array{ // Default: []
- *                 services?: list<scalar|Param|null>,
- *             }>,
+ *             services?: list<scalar|Param|null>,
+ *         }>,
  *     },
  *     annotations?: bool|array{
  *         enabled?: bool|Param, // Default: false
@@ -362,11 +362,11 @@ use Symfony\Component\Config\Loader\ParamConfigurator as Param;
  *         },
  *         default_context?: array<string, mixed>,
  *         named_serializers?: array<string, array{ // Default: []
- *                 name_converter?: scalar|Param|null,
- *                 default_context?: array<string, mixed>,
- *                 include_built_in_normalizers?: bool|Param, // Whether to include the built-in normalizers // Default: true
- *                 include_built_in_encoders?: bool|Param, // Whether to include the built-in encoders // Default: true
- *             }>,
+ *             name_converter?: scalar|Param|null,
+ *             default_context?: array<string, mixed>,
+ *             include_built_in_normalizers?: bool|Param, // Whether to include the built-in normalizers // Default: true
+ *             include_built_in_encoders?: bool|Param, // Whether to include the built-in encoders // Default: true
+ *         }>,
  *     },
  *     property_access?: bool|array{ // Property access configuration
  *         enabled?: bool|Param, // Default: true
@@ -396,24 +396,24 @@ use Symfony\Component\Config\Loader\ParamConfigurator as Param;
  *         default_doctrine_dbal_provider?: scalar|Param|null, // Default: "database_connection"
  *         default_pdo_provider?: scalar|Param|null, // Default: null
  *         pools?: array<string, array{ // Default: []
- *                 adapters?: string|list<scalar|Param|null>,
- *                 tags?: scalar|Param|null, // Default: null
- *                 public?: bool|Param, // Default: false
- *                 default_lifetime?: scalar|Param|null, // Default lifetime of the pool.
- *                 provider?: scalar|Param|null, // Overwrite the setting from the default provider for this adapter.
- *                 early_expiration_message_bus?: scalar|Param|null,
- *                 clearer?: scalar|Param|null,
- *             }>,
+ *             adapters?: string|list<scalar|Param|null>,
+ *             tags?: scalar|Param|null, // Default: null
+ *             public?: bool|Param, // Default: false
+ *             default_lifetime?: scalar|Param|null, // Default lifetime of the pool.
+ *             provider?: scalar|Param|null, // Overwrite the setting from the default provider for this adapter.
+ *             early_expiration_message_bus?: scalar|Param|null,
+ *             clearer?: scalar|Param|null,
+ *         }>,
  *     },
  *     php_errors?: array{ // PHP errors handling configuration
  *         log?: mixed, // Use the application logger instead of the PHP logger for logging PHP errors. // Default: true
  *         throw?: bool|Param, // Throw PHP errors as \ErrorException instances. // Default: true
  *     },
  *     exceptions?: array<string, array{ // Default: []
- *             log_level?: scalar|Param|null, // The level of log message. Null to let Symfony decide. // Default: null
- *             status_code?: scalar|Param|null, // The status code of the response. Null or 0 to let Symfony decide. // Default: null
- *             log_channel?: scalar|Param|null, // The channel of log message. Null to let Symfony decide. // Default: null
- *         }>,
+ *         log_level?: scalar|Param|null, // The level of log message. Null to let Symfony decide. // Default: null
+ *         status_code?: scalar|Param|null, // The status code of the response. Null or 0 to let Symfony decide. // Default: null
+ *         log_channel?: scalar|Param|null, // The channel of log message. Null to let Symfony decide. // Default: null
+ *     }>,
  *     web_link?: bool|array{ // Web links configuration
  *         enabled?: bool|Param, // Default: true
  *     },
@@ -428,8 +428,8 @@ use Symfony\Component\Config\Loader\ParamConfigurator as Param;
  *     messenger?: bool|array{ // Messenger configuration
  *         enabled?: bool|Param, // Default: false
  *         routing?: array<string, string|array{ // Default: []
- *                 senders?: list<scalar|Param|null>,
- *             }>,
+ *             senders?: list<scalar|Param|null>,
+ *         }>,
  *         serializer?: array{
  *             default_serializer?: scalar|Param|null, // Service id to use as the default serializer for the transports. // Default: "messenger.transport.native_php_serializer"
  *             symfony_serializer?: array{
@@ -438,34 +438,34 @@ use Symfony\Component\Config\Loader\ParamConfigurator as Param;
  *             },
  *         },
  *         transports?: array<string, string|array{ // Default: []
- *                 dsn?: scalar|Param|null,
- *                 serializer?: scalar|Param|null, // Service id of a custom serializer to use. // Default: null
- *                 options?: array<string, mixed>,
- *                 failure_transport?: scalar|Param|null, // Transport name to send failed messages to (after all retries have failed). // Default: null
- *                 retry_strategy?: string|array{
- *                     service?: scalar|Param|null, // Service id to override the retry strategy entirely. // Default: null
- *                     max_retries?: int|Param, // Default: 3
- *                     delay?: int|Param, // Time in ms to delay (or the initial value when multiplier is used). // Default: 1000
- *                     multiplier?: float|Param, // If greater than 1, delay will grow exponentially for each retry: this delay = (delay * (multiple ^ retries)). // Default: 2
- *                     max_delay?: int|Param, // Max time in ms that a retry should ever be delayed (0 = infinite). // Default: 0
- *                     jitter?: float|Param, // Randomness to apply to the delay (between 0 and 1). // Default: 0.1
- *                 },
- *                 rate_limiter?: scalar|Param|null, // Rate limiter name to use when processing messages. // Default: null
- *             }>,
+ *             dsn?: scalar|Param|null,
+ *             serializer?: scalar|Param|null, // Service id of a custom serializer to use. // Default: null
+ *             options?: array<string, mixed>,
+ *             failure_transport?: scalar|Param|null, // Transport name to send failed messages to (after all retries have failed). // Default: null
+ *             retry_strategy?: string|array{
+ *                 service?: scalar|Param|null, // Service id to override the retry strategy entirely. // Default: null
+ *                 max_retries?: int|Param, // Default: 3
+ *                 delay?: int|Param, // Time in ms to delay (or the initial value when multiplier is used). // Default: 1000
+ *                 multiplier?: float|Param, // If greater than 1, delay will grow exponentially for each retry: this delay = (delay * (multiple ^ retries)). // Default: 2
+ *                 max_delay?: int|Param, // Max time in ms that a retry should ever be delayed (0 = infinite). // Default: 0
+ *                 jitter?: float|Param, // Randomness to apply to the delay (between 0 and 1). // Default: 0.1
+ *             },
+ *             rate_limiter?: scalar|Param|null, // Rate limiter name to use when processing messages. // Default: null
+ *         }>,
  *         failure_transport?: scalar|Param|null, // Transport name to send failed messages to (after all retries have failed). // Default: null
  *         stop_worker_on_signals?: int|string|list<scalar|Param|null>,
  *         default_bus?: scalar|Param|null, // Default: null
  *         buses?: array<string, array{ // Default: {"messenger.bus.default":{"default_middleware":{"enabled":true,"allow_no_handlers":false,"allow_no_senders":true},"middleware":[]}}
- *                 default_middleware?: bool|string|array{
- *                     enabled?: bool|Param, // Default: true
- *                     allow_no_handlers?: bool|Param, // Default: false
- *                     allow_no_senders?: bool|Param, // Default: true
- *                 },
- *                 middleware?: string|list<string|array{ // Default: []
- *                         id?: scalar|Param|null,
- *                         arguments?: list<mixed>,
- *                     }>,
+ *             default_middleware?: bool|string|array{
+ *                 enabled?: bool|Param, // Default: true
+ *                 allow_no_handlers?: bool|Param, // Default: false
+ *                 allow_no_senders?: bool|Param, // Default: true
+ *             },
+ *             middleware?: string|list<string|array{ // Default: []
+ *                 id?: scalar|Param|null,
+ *                 arguments?: list<mixed>,
  *             }>,
+ *         }>,
  *     },
  *     scheduler?: bool|array{ // Scheduler configuration
  *         enabled?: bool|Param, // Default: false
@@ -511,9 +511,9 @@ use Symfony\Component\Config\Loader\ParamConfigurator as Param;
  *                 enabled?: bool|Param, // Default: false
  *                 retry_strategy?: scalar|Param|null, // service id to override the retry strategy. // Default: null
  *                 http_codes?: int|string|array<string, array{ // Default: []
- *                         code?: int|Param,
- *                         methods?: string|list<string|Param>,
- *                     }>,
+ *                     code?: int|Param,
+ *                     methods?: string|list<string|Param>,
+ *                 }>,
  *                 max_retries?: int|Param, // Default: 3
  *                 delay?: int|Param, // Time in ms to delay (or the initial value when multiplier is used). // Default: 1000
  *                 multiplier?: float|Param, // If greater than 1, delay will grow exponentially for each retry: delay * (multiple ^ retries). // Default: 2
@@ -523,57 +523,57 @@ use Symfony\Component\Config\Loader\ParamConfigurator as Param;
  *         },
  *         mock_response_factory?: scalar|Param|null, // The id of the service that should generate mock responses. It should be either an invokable or an iterable.
  *         scoped_clients?: array<string, string|array{ // Default: []
- *                 scope?: scalar|Param|null, // The regular expression that the request URL must match before adding the other options. When none is provided, the base URI is used instead.
- *                 base_uri?: scalar|Param|null, // The URI to resolve relative URLs, following rules in RFC 3985, section 2.
- *                 auth_basic?: scalar|Param|null, // An HTTP Basic authentication "username:password".
- *                 auth_bearer?: scalar|Param|null, // A token enabling HTTP Bearer authorization.
- *                 auth_ntlm?: scalar|Param|null, // A "username:password" pair to use Microsoft NTLM authentication (requires the cURL extension).
- *                 query?: array<string, scalar|Param|null>,
- *                 headers?: array<string, mixed>,
- *                 max_redirects?: int|Param, // The maximum number of redirects to follow.
- *                 http_version?: scalar|Param|null, // The default HTTP version, typically 1.1 or 2.0, leave to null for the best version.
- *                 resolve?: array<string, scalar|Param|null>,
- *                 proxy?: scalar|Param|null, // The URL of the proxy to pass requests through or null for automatic detection.
- *                 no_proxy?: scalar|Param|null, // A comma separated list of hosts that do not require a proxy to be reached.
- *                 timeout?: float|Param, // The idle timeout, defaults to the "default_socket_timeout" ini parameter.
- *                 max_duration?: float|Param, // The maximum execution time for the request+response as a whole.
- *                 bindto?: scalar|Param|null, // A network interface name, IP address, a host name or a UNIX socket to bind to.
- *                 verify_peer?: bool|Param, // Indicates if the peer should be verified in a TLS context.
- *                 verify_host?: bool|Param, // Indicates if the host should exist as a certificate common name.
- *                 cafile?: scalar|Param|null, // A certificate authority file.
- *                 capath?: scalar|Param|null, // A directory that contains multiple certificate authority files.
- *                 local_cert?: scalar|Param|null, // A PEM formatted certificate file.
- *                 local_pk?: scalar|Param|null, // A private key file.
- *                 passphrase?: scalar|Param|null, // The passphrase used to encrypt the "local_pk" file.
- *                 ciphers?: scalar|Param|null, // A list of TLS ciphers separated by colons, commas or spaces (e.g. "RC3-SHA:TLS13-AES-128-GCM-SHA256"...).
- *                 peer_fingerprint?: array{ // Associative array: hashing algorithm => hash(es).
- *                     sha1?: mixed,
- *                     pin-sha256?: mixed,
- *                     md5?: mixed,
- *                 },
- *                 crypto_method?: scalar|Param|null, // The minimum version of TLS to accept; must be one of STREAM_CRYPTO_METHOD_TLSv*_CLIENT constants.
- *                 extra?: array<string, mixed>,
- *                 rate_limiter?: scalar|Param|null, // Rate limiter name to use for throttling requests. // Default: null
- *                 caching?: bool|array{ // Caching configuration.
- *                     enabled?: bool|Param, // Default: false
- *                     cache_pool?: string|Param, // The taggable cache pool to use for storing the responses. // Default: "cache.http_client"
- *                     shared?: bool|Param, // Indicates whether the cache is shared (public) or private. // Default: true
- *                     max_ttl?: int|Param, // The maximum TTL (in seconds) allowed for cached responses. Null means no cap. // Default: null
- *                 },
- *                 retry_failed?: bool|array{
- *                     enabled?: bool|Param, // Default: false
- *                     retry_strategy?: scalar|Param|null, // service id to override the retry strategy. // Default: null
- *                     http_codes?: int|string|array<string, array{ // Default: []
- *                             code?: int|Param,
- *                             methods?: string|list<string|Param>,
- *                         }>,
- *                     max_retries?: int|Param, // Default: 3
- *                     delay?: int|Param, // Time in ms to delay (or the initial value when multiplier is used). // Default: 1000
- *                     multiplier?: float|Param, // If greater than 1, delay will grow exponentially for each retry: delay * (multiple ^ retries). // Default: 2
- *                     max_delay?: int|Param, // Max time in ms that a retry should ever be delayed (0 = infinite). // Default: 0
- *                     jitter?: float|Param, // Randomness in percent (between 0 and 1) to apply to the delay. // Default: 0.1
- *                 },
- *             }>,
+ *             scope?: scalar|Param|null, // The regular expression that the request URL must match before adding the other options. When none is provided, the base URI is used instead.
+ *             base_uri?: scalar|Param|null, // The URI to resolve relative URLs, following rules in RFC 3985, section 2.
+ *             auth_basic?: scalar|Param|null, // An HTTP Basic authentication "username:password".
+ *             auth_bearer?: scalar|Param|null, // A token enabling HTTP Bearer authorization.
+ *             auth_ntlm?: scalar|Param|null, // A "username:password" pair to use Microsoft NTLM authentication (requires the cURL extension).
+ *             query?: array<string, scalar|Param|null>,
+ *             headers?: array<string, mixed>,
+ *             max_redirects?: int|Param, // The maximum number of redirects to follow.
+ *             http_version?: scalar|Param|null, // The default HTTP version, typically 1.1 or 2.0, leave to null for the best version.
+ *             resolve?: array<string, scalar|Param|null>,
+ *             proxy?: scalar|Param|null, // The URL of the proxy to pass requests through or null for automatic detection.
+ *             no_proxy?: scalar|Param|null, // A comma separated list of hosts that do not require a proxy to be reached.
+ *             timeout?: float|Param, // The idle timeout, defaults to the "default_socket_timeout" ini parameter.
+ *             max_duration?: float|Param, // The maximum execution time for the request+response as a whole.
+ *             bindto?: scalar|Param|null, // A network interface name, IP address, a host name or a UNIX socket to bind to.
+ *             verify_peer?: bool|Param, // Indicates if the peer should be verified in a TLS context.
+ *             verify_host?: bool|Param, // Indicates if the host should exist as a certificate common name.
+ *             cafile?: scalar|Param|null, // A certificate authority file.
+ *             capath?: scalar|Param|null, // A directory that contains multiple certificate authority files.
+ *             local_cert?: scalar|Param|null, // A PEM formatted certificate file.
+ *             local_pk?: scalar|Param|null, // A private key file.
+ *             passphrase?: scalar|Param|null, // The passphrase used to encrypt the "local_pk" file.
+ *             ciphers?: scalar|Param|null, // A list of TLS ciphers separated by colons, commas or spaces (e.g. "RC3-SHA:TLS13-AES-128-GCM-SHA256"...).
+ *             peer_fingerprint?: array{ // Associative array: hashing algorithm => hash(es).
+ *                 sha1?: mixed,
+ *                 pin-sha256?: mixed,
+ *                 md5?: mixed,
+ *             },
+ *             crypto_method?: scalar|Param|null, // The minimum version of TLS to accept; must be one of STREAM_CRYPTO_METHOD_TLSv*_CLIENT constants.
+ *             extra?: array<string, mixed>,
+ *             rate_limiter?: scalar|Param|null, // Rate limiter name to use for throttling requests. // Default: null
+ *             caching?: bool|array{ // Caching configuration.
+ *                 enabled?: bool|Param, // Default: false
+ *                 cache_pool?: string|Param, // The taggable cache pool to use for storing the responses. // Default: "cache.http_client"
+ *                 shared?: bool|Param, // Indicates whether the cache is shared (public) or private. // Default: true
+ *                 max_ttl?: int|Param, // The maximum TTL (in seconds) allowed for cached responses. Null means no cap. // Default: null
+ *             },
+ *             retry_failed?: bool|array{
+ *                 enabled?: bool|Param, // Default: false
+ *                 retry_strategy?: scalar|Param|null, // service id to override the retry strategy. // Default: null
+ *                 http_codes?: int|string|array<string, array{ // Default: []
+ *                     code?: int|Param,
+ *                     methods?: string|list<string|Param>,
+ *                 }>,
+ *                 max_retries?: int|Param, // Default: 3
+ *                 delay?: int|Param, // Time in ms to delay (or the initial value when multiplier is used). // Default: 1000
+ *                 multiplier?: float|Param, // If greater than 1, delay will grow exponentially for each retry: delay * (multiple ^ retries). // Default: 2
+ *                 max_delay?: int|Param, // Max time in ms that a retry should ever be delayed (0 = infinite). // Default: 0
+ *                 jitter?: float|Param, // Randomness in percent (between 0 and 1) to apply to the delay. // Default: 0.1
+ *             },
+ *         }>,
  *     },
  *     mailer?: bool|array{ // Mailer configuration
  *         enabled?: bool|Param, // Default: true
@@ -586,8 +586,8 @@ use Symfony\Component\Config\Loader\ParamConfigurator as Param;
  *             allowed_recipients?: string|list<scalar|Param|null>,
  *         },
  *         headers?: array<string, string|array{ // Default: []
- *                 value?: mixed,
- *             }>,
+ *             value?: mixed,
+ *         }>,
  *         dkim_signer?: bool|array{ // DKIM signer configuration
  *             enabled?: bool|Param, // Default: false
  *             key?: scalar|Param|null, // Key content, or path to key (in PEM format with the `file://` prefix) // Default: ""
@@ -624,25 +624,25 @@ use Symfony\Component\Config\Loader\ParamConfigurator as Param;
  *         notification_on_failed_messages?: bool|Param, // Default: false
  *         channel_policy?: array<string, string|list<scalar|Param|null>>,
  *         admin_recipients?: list<array{ // Default: []
- *                 email?: scalar|Param|null,
- *                 phone?: scalar|Param|null, // Default: ""
- *             }>,
+ *             email?: scalar|Param|null,
+ *             phone?: scalar|Param|null, // Default: ""
+ *         }>,
  *     },
  *     rate_limiter?: bool|array{ // Rate limiter configuration
  *         enabled?: bool|Param, // Default: true
  *         limiters?: array<string, array{ // Default: []
- *                 lock_factory?: scalar|Param|null, // The service ID of the lock factory used by this limiter (or null to disable locking). // Default: "auto"
- *                 cache_pool?: scalar|Param|null, // The cache pool to use for storing the current limiter state. // Default: "cache.rate_limiter"
- *                 storage_service?: scalar|Param|null, // The service ID of a custom storage implementation, this precedes any configured "cache_pool". // Default: null
- *                 policy?: "fixed_window"|"token_bucket"|"sliding_window"|"compound"|"no_limit"|Param, // The algorithm to be used by this limiter.
- *                 limiters?: string|list<scalar|Param|null>,
- *                 limit?: int|Param, // The maximum allowed hits in a fixed interval or burst.
- *                 interval?: scalar|Param|null, // Configures the fixed interval if "policy" is set to "fixed_window" or "sliding_window". The value must be a number followed by "second", "minute", "hour", "day", "week" or "month" (or their plural equivalent).
- *                 rate?: array{ // Configures the fill rate if "policy" is set to "token_bucket".
- *                     interval?: scalar|Param|null, // Configures the rate interval. The value must be a number followed by "second", "minute", "hour", "day", "week" or "month" (or their plural equivalent).
- *                     amount?: int|Param, // Amount of tokens to add each interval. // Default: 1
- *                 },
- *             }>,
+ *             lock_factory?: scalar|Param|null, // The service ID of the lock factory used by this limiter (or null to disable locking). // Default: "auto"
+ *             cache_pool?: scalar|Param|null, // The cache pool to use for storing the current limiter state. // Default: "cache.rate_limiter"
+ *             storage_service?: scalar|Param|null, // The service ID of a custom storage implementation, this precedes any configured "cache_pool". // Default: null
+ *             policy?: "fixed_window"|"token_bucket"|"sliding_window"|"compound"|"no_limit"|Param, // The algorithm to be used by this limiter.
+ *             limiters?: string|list<scalar|Param|null>,
+ *             limit?: int|Param, // The maximum allowed hits in a fixed interval or burst.
+ *             interval?: scalar|Param|null, // Configures the fixed interval if "policy" is set to "fixed_window" or "sliding_window". The value must be a number followed by "second", "minute", "hour", "day", "week" or "month" (or their plural equivalent).
+ *             rate?: array{ // Configures the fill rate if "policy" is set to "token_bucket".
+ *                 interval?: scalar|Param|null, // Configures the rate interval. The value must be a number followed by "second", "minute", "hour", "day", "week" or "month" (or their plural equivalent).
+ *                 amount?: int|Param, // Amount of tokens to add each interval. // Default: 1
+ *             },
+ *         }>,
  *     },
  *     uid?: bool|array{ // Uid configuration
  *         enabled?: bool|Param, // Default: true
@@ -655,33 +655,33 @@ use Symfony\Component\Config\Loader\ParamConfigurator as Param;
  *     html_sanitizer?: bool|array{ // HtmlSanitizer configuration
  *         enabled?: bool|Param, // Default: false
  *         sanitizers?: array<string, array{ // Default: []
- *                 allow_safe_elements?: bool|Param, // Allows "safe" elements and attributes. // Default: false
- *                 allow_static_elements?: bool|Param, // Allows all static elements and attributes from the W3C Sanitizer API standard. // Default: false
- *                 allow_elements?: array<string, mixed>,
- *                 block_elements?: string|list<string|Param>,
- *                 drop_elements?: string|list<string|Param>,
- *                 allow_attributes?: array<string, mixed>,
- *                 drop_attributes?: array<string, mixed>,
- *                 force_attributes?: array<string, array<string, string|Param>>,
- *                 force_https_urls?: bool|Param, // Transforms URLs using the HTTP scheme to use the HTTPS scheme instead. // Default: false
- *                 allowed_link_schemes?: string|list<string|Param>,
- *                 allowed_link_hosts?: null|string|list<string|Param>,
- *                 allow_relative_links?: bool|Param, // Allows relative URLs to be used in links href attributes. // Default: false
- *                 allowed_media_schemes?: string|list<string|Param>,
- *                 allowed_media_hosts?: null|string|list<string|Param>,
- *                 allow_relative_medias?: bool|Param, // Allows relative URLs to be used in media source attributes (img, audio, video, ...). // Default: false
- *                 with_attribute_sanitizers?: string|list<string|Param>,
- *                 without_attribute_sanitizers?: string|list<string|Param>,
- *                 max_input_length?: int|Param, // The maximum length allowed for the sanitized input. // Default: 0
- *             }>,
+ *             allow_safe_elements?: bool|Param, // Allows "safe" elements and attributes. // Default: false
+ *             allow_static_elements?: bool|Param, // Allows all static elements and attributes from the W3C Sanitizer API standard. // Default: false
+ *             allow_elements?: array<string, mixed>,
+ *             block_elements?: string|list<string|Param>,
+ *             drop_elements?: string|list<string|Param>,
+ *             allow_attributes?: array<string, mixed>,
+ *             drop_attributes?: array<string, mixed>,
+ *             force_attributes?: array<string, array<string, string|Param>>,
+ *             force_https_urls?: bool|Param, // Transforms URLs using the HTTP scheme to use the HTTPS scheme instead. // Default: false
+ *             allowed_link_schemes?: string|list<string|Param>,
+ *             allowed_link_hosts?: null|string|list<string|Param>,
+ *             allow_relative_links?: bool|Param, // Allows relative URLs to be used in links href attributes. // Default: false
+ *             allowed_media_schemes?: string|list<string|Param>,
+ *             allowed_media_hosts?: null|string|list<string|Param>,
+ *             allow_relative_medias?: bool|Param, // Allows relative URLs to be used in media source attributes (img, audio, video, ...). // Default: false
+ *             with_attribute_sanitizers?: string|list<string|Param>,
+ *             without_attribute_sanitizers?: string|list<string|Param>,
+ *             max_input_length?: int|Param, // The maximum length allowed for the sanitized input. // Default: 0
+ *         }>,
  *     },
  *     webhook?: bool|array{ // Webhook configuration
  *         enabled?: bool|Param, // Default: false
  *         message_bus?: scalar|Param|null, // The message bus to use. // Default: "messenger.default_bus"
  *         routing?: array<string, array{ // Default: []
- *                 service?: scalar|Param|null,
- *                 secret?: scalar|Param|null, // Default: ""
- *             }>,
+ *             service?: scalar|Param|null,
+ *             secret?: scalar|Param|null, // Default: ""
+ *         }>,
  *     },
  *     remote-event?: bool|array{ // RemoteEvent configuration
  *         enabled?: bool|Param, // Default: false
@@ -694,11 +694,62 @@ use Symfony\Component\Config\Loader\ParamConfigurator as Param;
  *     dbal?: array{
  *         default_connection?: scalar|Param|null,
  *         types?: array<string, string|array{ // Default: []
- *                 class?: scalar|Param|null,
- *                 commented?: bool|Param, // Deprecated: The doctrine-bundle type commenting features were removed; the corresponding config parameter was deprecated in 2.0 and will be dropped in 3.0.
- *             }>,
+ *             class?: scalar|Param|null,
+ *             commented?: bool|Param, // Deprecated: The doctrine-bundle type commenting features were removed; the corresponding config parameter was deprecated in 2.0 and will be dropped in 3.0.
+ *         }>,
  *         driver_schemes?: array<string, scalar|Param|null>,
  *         connections?: array<string, array{ // Default: []
+ *             url?: scalar|Param|null, // A URL with connection information; any parameter value parsed from this string will override explicitly set parameters
+ *             dbname?: scalar|Param|null,
+ *             host?: scalar|Param|null, // Defaults to "localhost" at runtime.
+ *             port?: scalar|Param|null, // Defaults to null at runtime.
+ *             user?: scalar|Param|null, // Defaults to "root" at runtime.
+ *             password?: scalar|Param|null, // Defaults to null at runtime.
+ *             override_url?: bool|Param, // Deprecated: The "doctrine.dbal.override_url" configuration key is deprecated.
+ *             dbname_suffix?: scalar|Param|null, // Adds the given suffix to the configured database name, this option has no effects for the SQLite platform
+ *             application_name?: scalar|Param|null,
+ *             charset?: scalar|Param|null,
+ *             path?: scalar|Param|null,
+ *             memory?: bool|Param,
+ *             unix_socket?: scalar|Param|null, // The unix socket to use for MySQL
+ *             persistent?: bool|Param, // True to use as persistent connection for the ibm_db2 driver
+ *             protocol?: scalar|Param|null, // The protocol to use for the ibm_db2 driver (default to TCPIP if omitted)
+ *             service?: bool|Param, // True to use SERVICE_NAME as connection parameter instead of SID for Oracle
+ *             servicename?: scalar|Param|null, // Overrules dbname parameter if given and used as SERVICE_NAME or SID connection parameter for Oracle depending on the service parameter.
+ *             sessionMode?: scalar|Param|null, // The session mode to use for the oci8 driver
+ *             server?: scalar|Param|null, // The name of a running database server to connect to for SQL Anywhere.
+ *             default_dbname?: scalar|Param|null, // Override the default database (postgres) to connect to for PostgreSQL connexion.
+ *             sslmode?: scalar|Param|null, // Determines whether or with what priority a SSL TCP/IP connection will be negotiated with the server for PostgreSQL.
+ *             sslrootcert?: scalar|Param|null, // The name of a file containing SSL certificate authority (CA) certificate(s). If the file exists, the server's certificate will be verified to be signed by one of these authorities.
+ *             sslcert?: scalar|Param|null, // The path to the SSL client certificate file for PostgreSQL.
+ *             sslkey?: scalar|Param|null, // The path to the SSL client key file for PostgreSQL.
+ *             sslcrl?: scalar|Param|null, // The file name of the SSL certificate revocation list for PostgreSQL.
+ *             pooled?: bool|Param, // True to use a pooled server with the oci8/pdo_oracle driver
+ *             MultipleActiveResultSets?: bool|Param, // Configuring MultipleActiveResultSets for the pdo_sqlsrv driver
+ *             use_savepoints?: bool|Param, // Use savepoints for nested transactions
+ *             instancename?: scalar|Param|null, // Optional parameter, complete whether to add the INSTANCE_NAME parameter in the connection. It is generally used to connect to an Oracle RAC server to select the name of a particular instance.
+ *             connectstring?: scalar|Param|null, // Complete Easy Connect connection descriptor, see https://docs.oracle.com/database/121/NETAG/naming.htm.When using this option, you will still need to provide the user and password parameters, but the other parameters will no longer be used. Note that when using this parameter, the getHost and getPort methods from Doctrine\DBAL\Connection will no longer function as expected.
+ *             driver?: scalar|Param|null, // Default: "pdo_mysql"
+ *             platform_service?: scalar|Param|null, // Deprecated: The "platform_service" configuration key is deprecated since doctrine-bundle 2.9. DBAL 4 will not support setting a custom platform via connection params anymore.
+ *             auto_commit?: bool|Param,
+ *             schema_filter?: scalar|Param|null,
+ *             logging?: bool|Param, // Default: true
+ *             profiling?: bool|Param, // Default: true
+ *             profiling_collect_backtrace?: bool|Param, // Enables collecting backtraces when profiling is enabled // Default: false
+ *             profiling_collect_schema_errors?: bool|Param, // Enables collecting schema errors when profiling is enabled // Default: true
+ *             disable_type_comments?: bool|Param,
+ *             server_version?: scalar|Param|null,
+ *             idle_connection_ttl?: int|Param, // Default: 600
+ *             driver_class?: scalar|Param|null,
+ *             wrapper_class?: scalar|Param|null,
+ *             keep_slave?: bool|Param, // Deprecated: The "keep_slave" configuration key is deprecated since doctrine-bundle 2.2. Use the "keep_replica" configuration key instead.
+ *             keep_replica?: bool|Param,
+ *             options?: array<string, mixed>,
+ *             mapping_types?: array<string, scalar|Param|null>,
+ *             default_table_options?: array<string, scalar|Param|null>,
+ *             schema_manager_factory?: scalar|Param|null, // Default: "doctrine.dbal.default_schema_manager_factory"
+ *             result_cache?: scalar|Param|null,
+ *             slaves?: array<string, array{ // Default: []
  *                 url?: scalar|Param|null, // A URL with connection information; any parameter value parsed from this string will override explicitly set parameters
  *                 dbname?: scalar|Param|null,
  *                 host?: scalar|Param|null, // Defaults to "localhost" at runtime.
@@ -729,91 +780,40 @@ use Symfony\Component\Config\Loader\ParamConfigurator as Param;
  *                 use_savepoints?: bool|Param, // Use savepoints for nested transactions
  *                 instancename?: scalar|Param|null, // Optional parameter, complete whether to add the INSTANCE_NAME parameter in the connection. It is generally used to connect to an Oracle RAC server to select the name of a particular instance.
  *                 connectstring?: scalar|Param|null, // Complete Easy Connect connection descriptor, see https://docs.oracle.com/database/121/NETAG/naming.htm.When using this option, you will still need to provide the user and password parameters, but the other parameters will no longer be used. Note that when using this parameter, the getHost and getPort methods from Doctrine\DBAL\Connection will no longer function as expected.
- *                 driver?: scalar|Param|null, // Default: "pdo_mysql"
- *                 platform_service?: scalar|Param|null, // Deprecated: The "platform_service" configuration key is deprecated since doctrine-bundle 2.9. DBAL 4 will not support setting a custom platform via connection params anymore.
- *                 auto_commit?: bool|Param,
- *                 schema_filter?: scalar|Param|null,
- *                 logging?: bool|Param, // Default: true
- *                 profiling?: bool|Param, // Default: true
- *                 profiling_collect_backtrace?: bool|Param, // Enables collecting backtraces when profiling is enabled // Default: false
- *                 profiling_collect_schema_errors?: bool|Param, // Enables collecting schema errors when profiling is enabled // Default: true
- *                 disable_type_comments?: bool|Param,
- *                 server_version?: scalar|Param|null,
- *                 idle_connection_ttl?: int|Param, // Default: 600
- *                 driver_class?: scalar|Param|null,
- *                 wrapper_class?: scalar|Param|null,
- *                 keep_slave?: bool|Param, // Deprecated: The "keep_slave" configuration key is deprecated since doctrine-bundle 2.2. Use the "keep_replica" configuration key instead.
- *                 keep_replica?: bool|Param,
- *                 options?: array<string, mixed>,
- *                 mapping_types?: array<string, scalar|Param|null>,
- *                 default_table_options?: array<string, scalar|Param|null>,
- *                 schema_manager_factory?: scalar|Param|null, // Default: "doctrine.dbal.default_schema_manager_factory"
- *                 result_cache?: scalar|Param|null,
- *                 slaves?: array<string, array{ // Default: []
- *                         url?: scalar|Param|null, // A URL with connection information; any parameter value parsed from this string will override explicitly set parameters
- *                         dbname?: scalar|Param|null,
- *                         host?: scalar|Param|null, // Defaults to "localhost" at runtime.
- *                         port?: scalar|Param|null, // Defaults to null at runtime.
- *                         user?: scalar|Param|null, // Defaults to "root" at runtime.
- *                         password?: scalar|Param|null, // Defaults to null at runtime.
- *                         override_url?: bool|Param, // Deprecated: The "doctrine.dbal.override_url" configuration key is deprecated.
- *                         dbname_suffix?: scalar|Param|null, // Adds the given suffix to the configured database name, this option has no effects for the SQLite platform
- *                         application_name?: scalar|Param|null,
- *                         charset?: scalar|Param|null,
- *                         path?: scalar|Param|null,
- *                         memory?: bool|Param,
- *                         unix_socket?: scalar|Param|null, // The unix socket to use for MySQL
- *                         persistent?: bool|Param, // True to use as persistent connection for the ibm_db2 driver
- *                         protocol?: scalar|Param|null, // The protocol to use for the ibm_db2 driver (default to TCPIP if omitted)
- *                         service?: bool|Param, // True to use SERVICE_NAME as connection parameter instead of SID for Oracle
- *                         servicename?: scalar|Param|null, // Overrules dbname parameter if given and used as SERVICE_NAME or SID connection parameter for Oracle depending on the service parameter.
- *                         sessionMode?: scalar|Param|null, // The session mode to use for the oci8 driver
- *                         server?: scalar|Param|null, // The name of a running database server to connect to for SQL Anywhere.
- *                         default_dbname?: scalar|Param|null, // Override the default database (postgres) to connect to for PostgreSQL connexion.
- *                         sslmode?: scalar|Param|null, // Determines whether or with what priority a SSL TCP/IP connection will be negotiated with the server for PostgreSQL.
- *                         sslrootcert?: scalar|Param|null, // The name of a file containing SSL certificate authority (CA) certificate(s). If the file exists, the server's certificate will be verified to be signed by one of these authorities.
- *                         sslcert?: scalar|Param|null, // The path to the SSL client certificate file for PostgreSQL.
- *                         sslkey?: scalar|Param|null, // The path to the SSL client key file for PostgreSQL.
- *                         sslcrl?: scalar|Param|null, // The file name of the SSL certificate revocation list for PostgreSQL.
- *                         pooled?: bool|Param, // True to use a pooled server with the oci8/pdo_oracle driver
- *                         MultipleActiveResultSets?: bool|Param, // Configuring MultipleActiveResultSets for the pdo_sqlsrv driver
- *                         use_savepoints?: bool|Param, // Use savepoints for nested transactions
- *                         instancename?: scalar|Param|null, // Optional parameter, complete whether to add the INSTANCE_NAME parameter in the connection. It is generally used to connect to an Oracle RAC server to select the name of a particular instance.
- *                         connectstring?: scalar|Param|null, // Complete Easy Connect connection descriptor, see https://docs.oracle.com/database/121/NETAG/naming.htm.When using this option, you will still need to provide the user and password parameters, but the other parameters will no longer be used. Note that when using this parameter, the getHost and getPort methods from Doctrine\DBAL\Connection will no longer function as expected.
- *                     }>,
- *                 replicas?: array<string, array{ // Default: []
- *                         url?: scalar|Param|null, // A URL with connection information; any parameter value parsed from this string will override explicitly set parameters
- *                         dbname?: scalar|Param|null,
- *                         host?: scalar|Param|null, // Defaults to "localhost" at runtime.
- *                         port?: scalar|Param|null, // Defaults to null at runtime.
- *                         user?: scalar|Param|null, // Defaults to "root" at runtime.
- *                         password?: scalar|Param|null, // Defaults to null at runtime.
- *                         override_url?: bool|Param, // Deprecated: The "doctrine.dbal.override_url" configuration key is deprecated.
- *                         dbname_suffix?: scalar|Param|null, // Adds the given suffix to the configured database name, this option has no effects for the SQLite platform
- *                         application_name?: scalar|Param|null,
- *                         charset?: scalar|Param|null,
- *                         path?: scalar|Param|null,
- *                         memory?: bool|Param,
- *                         unix_socket?: scalar|Param|null, // The unix socket to use for MySQL
- *                         persistent?: bool|Param, // True to use as persistent connection for the ibm_db2 driver
- *                         protocol?: scalar|Param|null, // The protocol to use for the ibm_db2 driver (default to TCPIP if omitted)
- *                         service?: bool|Param, // True to use SERVICE_NAME as connection parameter instead of SID for Oracle
- *                         servicename?: scalar|Param|null, // Overrules dbname parameter if given and used as SERVICE_NAME or SID connection parameter for Oracle depending on the service parameter.
- *                         sessionMode?: scalar|Param|null, // The session mode to use for the oci8 driver
- *                         server?: scalar|Param|null, // The name of a running database server to connect to for SQL Anywhere.
- *                         default_dbname?: scalar|Param|null, // Override the default database (postgres) to connect to for PostgreSQL connexion.
- *                         sslmode?: scalar|Param|null, // Determines whether or with what priority a SSL TCP/IP connection will be negotiated with the server for PostgreSQL.
- *                         sslrootcert?: scalar|Param|null, // The name of a file containing SSL certificate authority (CA) certificate(s). If the file exists, the server's certificate will be verified to be signed by one of these authorities.
- *                         sslcert?: scalar|Param|null, // The path to the SSL client certificate file for PostgreSQL.
- *                         sslkey?: scalar|Param|null, // The path to the SSL client key file for PostgreSQL.
- *                         sslcrl?: scalar|Param|null, // The file name of the SSL certificate revocation list for PostgreSQL.
- *                         pooled?: bool|Param, // True to use a pooled server with the oci8/pdo_oracle driver
- *                         MultipleActiveResultSets?: bool|Param, // Configuring MultipleActiveResultSets for the pdo_sqlsrv driver
- *                         use_savepoints?: bool|Param, // Use savepoints for nested transactions
- *                         instancename?: scalar|Param|null, // Optional parameter, complete whether to add the INSTANCE_NAME parameter in the connection. It is generally used to connect to an Oracle RAC server to select the name of a particular instance.
- *                         connectstring?: scalar|Param|null, // Complete Easy Connect connection descriptor, see https://docs.oracle.com/database/121/NETAG/naming.htm.When using this option, you will still need to provide the user and password parameters, but the other parameters will no longer be used. Note that when using this parameter, the getHost and getPort methods from Doctrine\DBAL\Connection will no longer function as expected.
- *                     }>,
  *             }>,
+ *             replicas?: array<string, array{ // Default: []
+ *                 url?: scalar|Param|null, // A URL with connection information; any parameter value parsed from this string will override explicitly set parameters
+ *                 dbname?: scalar|Param|null,
+ *                 host?: scalar|Param|null, // Defaults to "localhost" at runtime.
+ *                 port?: scalar|Param|null, // Defaults to null at runtime.
+ *                 user?: scalar|Param|null, // Defaults to "root" at runtime.
+ *                 password?: scalar|Param|null, // Defaults to null at runtime.
+ *                 override_url?: bool|Param, // Deprecated: The "doctrine.dbal.override_url" configuration key is deprecated.
+ *                 dbname_suffix?: scalar|Param|null, // Adds the given suffix to the configured database name, this option has no effects for the SQLite platform
+ *                 application_name?: scalar|Param|null,
+ *                 charset?: scalar|Param|null,
+ *                 path?: scalar|Param|null,
+ *                 memory?: bool|Param,
+ *                 unix_socket?: scalar|Param|null, // The unix socket to use for MySQL
+ *                 persistent?: bool|Param, // True to use as persistent connection for the ibm_db2 driver
+ *                 protocol?: scalar|Param|null, // The protocol to use for the ibm_db2 driver (default to TCPIP if omitted)
+ *                 service?: bool|Param, // True to use SERVICE_NAME as connection parameter instead of SID for Oracle
+ *                 servicename?: scalar|Param|null, // Overrules dbname parameter if given and used as SERVICE_NAME or SID connection parameter for Oracle depending on the service parameter.
+ *                 sessionMode?: scalar|Param|null, // The session mode to use for the oci8 driver
+ *                 server?: scalar|Param|null, // The name of a running database server to connect to for SQL Anywhere.
+ *                 default_dbname?: scalar|Param|null, // Override the default database (postgres) to connect to for PostgreSQL connexion.
+ *                 sslmode?: scalar|Param|null, // Determines whether or with what priority a SSL TCP/IP connection will be negotiated with the server for PostgreSQL.
+ *                 sslrootcert?: scalar|Param|null, // The name of a file containing SSL certificate authority (CA) certificate(s). If the file exists, the server's certificate will be verified to be signed by one of these authorities.
+ *                 sslcert?: scalar|Param|null, // The path to the SSL client certificate file for PostgreSQL.
+ *                 sslkey?: scalar|Param|null, // The path to the SSL client key file for PostgreSQL.
+ *                 sslcrl?: scalar|Param|null, // The file name of the SSL certificate revocation list for PostgreSQL.
+ *                 pooled?: bool|Param, // True to use a pooled server with the oci8/pdo_oracle driver
+ *                 MultipleActiveResultSets?: bool|Param, // Configuring MultipleActiveResultSets for the pdo_sqlsrv driver
+ *                 use_savepoints?: bool|Param, // Use savepoints for nested transactions
+ *                 instancename?: scalar|Param|null, // Optional parameter, complete whether to add the INSTANCE_NAME parameter in the connection. It is generally used to connect to an Oracle RAC server to select the name of a particular instance.
+ *                 connectstring?: scalar|Param|null, // Complete Easy Connect connection descriptor, see https://docs.oracle.com/database/121/NETAG/naming.htm.When using this option, you will still need to provide the user and password parameters, but the other parameters will no longer be used. Note that when using this parameter, the getHost and getPort methods from Doctrine\DBAL\Connection will no longer function as expected.
+ *             }>,
+ *         }>,
  *     },
  *     orm?: array{
  *         default_entity_manager?: scalar|Param|null,
@@ -828,94 +828,94 @@ use Symfony\Component\Config\Loader\ParamConfigurator as Param;
  *             evict_cache?: bool|Param, // Set to true to fetch the entity from the database instead of using the cache, if any // Default: false
  *         },
  *         entity_managers?: array<string, array{ // Default: []
- *                 query_cache_driver?: string|array{
- *                     type?: scalar|Param|null, // Default: null
- *                     id?: scalar|Param|null,
- *                     pool?: scalar|Param|null,
- *                 },
- *                 metadata_cache_driver?: string|array{
- *                     type?: scalar|Param|null, // Default: null
- *                     id?: scalar|Param|null,
- *                     pool?: scalar|Param|null,
- *                 },
- *                 result_cache_driver?: string|array{
- *                     type?: scalar|Param|null, // Default: null
- *                     id?: scalar|Param|null,
- *                     pool?: scalar|Param|null,
- *                 },
- *                 entity_listeners?: array{
- *                     entities?: array<string, array{ // Default: []
- *                             listeners?: array<string, array{ // Default: []
- *                                     events?: list<array{ // Default: []
- *                                             type?: scalar|Param|null,
- *                                             method?: scalar|Param|null, // Default: null
- *                                         }>,
- *                                 }>,
+ *             query_cache_driver?: string|array{
+ *                 type?: scalar|Param|null, // Default: null
+ *                 id?: scalar|Param|null,
+ *                 pool?: scalar|Param|null,
+ *             },
+ *             metadata_cache_driver?: string|array{
+ *                 type?: scalar|Param|null, // Default: null
+ *                 id?: scalar|Param|null,
+ *                 pool?: scalar|Param|null,
+ *             },
+ *             result_cache_driver?: string|array{
+ *                 type?: scalar|Param|null, // Default: null
+ *                 id?: scalar|Param|null,
+ *                 pool?: scalar|Param|null,
+ *             },
+ *             entity_listeners?: array{
+ *                 entities?: array<string, array{ // Default: []
+ *                     listeners?: array<string, array{ // Default: []
+ *                         events?: list<array{ // Default: []
+ *                             type?: scalar|Param|null,
+ *                             method?: scalar|Param|null, // Default: null
  *                         }>,
+ *                     }>,
+ *                 }>,
+ *             },
+ *             connection?: scalar|Param|null,
+ *             class_metadata_factory_name?: scalar|Param|null, // Default: "Doctrine\\ORM\\Mapping\\ClassMetadataFactory"
+ *             default_repository_class?: scalar|Param|null, // Default: "Doctrine\\ORM\\EntityRepository"
+ *             auto_mapping?: scalar|Param|null, // Default: false
+ *             naming_strategy?: scalar|Param|null, // Default: "doctrine.orm.naming_strategy.default"
+ *             quote_strategy?: scalar|Param|null, // Default: "doctrine.orm.quote_strategy.default"
+ *             typed_field_mapper?: scalar|Param|null, // Default: "doctrine.orm.typed_field_mapper.default"
+ *             entity_listener_resolver?: scalar|Param|null, // Default: null
+ *             fetch_mode_subselect_batch_size?: scalar|Param|null,
+ *             repository_factory?: scalar|Param|null, // Default: "doctrine.orm.container_repository_factory"
+ *             schema_ignore_classes?: list<scalar|Param|null>,
+ *             report_fields_where_declared?: bool|Param, // Set to "true" to opt-in to the new mapping driver mode that was added in Doctrine ORM 2.16 and will be mandatory in ORM 3.0. See https://github.com/doctrine/orm/pull/10455. // Default: true
+ *             validate_xml_mapping?: bool|Param, // Set to "true" to opt-in to the new mapping driver mode that was added in Doctrine ORM 2.14. See https://github.com/doctrine/orm/pull/6728. // Default: false
+ *             second_level_cache?: array{
+ *                 region_cache_driver?: string|array{
+ *                     type?: scalar|Param|null, // Default: null
+ *                     id?: scalar|Param|null,
+ *                     pool?: scalar|Param|null,
  *                 },
- *                 connection?: scalar|Param|null,
- *                 class_metadata_factory_name?: scalar|Param|null, // Default: "Doctrine\\ORM\\Mapping\\ClassMetadataFactory"
- *                 default_repository_class?: scalar|Param|null, // Default: "Doctrine\\ORM\\EntityRepository"
- *                 auto_mapping?: scalar|Param|null, // Default: false
- *                 naming_strategy?: scalar|Param|null, // Default: "doctrine.orm.naming_strategy.default"
- *                 quote_strategy?: scalar|Param|null, // Default: "doctrine.orm.quote_strategy.default"
- *                 typed_field_mapper?: scalar|Param|null, // Default: "doctrine.orm.typed_field_mapper.default"
- *                 entity_listener_resolver?: scalar|Param|null, // Default: null
- *                 fetch_mode_subselect_batch_size?: scalar|Param|null,
- *                 repository_factory?: scalar|Param|null, // Default: "doctrine.orm.container_repository_factory"
- *                 schema_ignore_classes?: list<scalar|Param|null>,
- *                 report_fields_where_declared?: bool|Param, // Set to "true" to opt-in to the new mapping driver mode that was added in Doctrine ORM 2.16 and will be mandatory in ORM 3.0. See https://github.com/doctrine/orm/pull/10455. // Default: true
- *                 validate_xml_mapping?: bool|Param, // Set to "true" to opt-in to the new mapping driver mode that was added in Doctrine ORM 2.14. See https://github.com/doctrine/orm/pull/6728. // Default: false
- *                 second_level_cache?: array{
- *                     region_cache_driver?: string|array{
+ *                 region_lock_lifetime?: scalar|Param|null, // Default: 60
+ *                 log_enabled?: bool|Param, // Default: true
+ *                 region_lifetime?: scalar|Param|null, // Default: 3600
+ *                 enabled?: bool|Param, // Default: true
+ *                 factory?: scalar|Param|null,
+ *                 regions?: array<string, array{ // Default: []
+ *                     cache_driver?: string|array{
  *                         type?: scalar|Param|null, // Default: null
  *                         id?: scalar|Param|null,
  *                         pool?: scalar|Param|null,
  *                     },
- *                     region_lock_lifetime?: scalar|Param|null, // Default: 60
- *                     log_enabled?: bool|Param, // Default: true
- *                     region_lifetime?: scalar|Param|null, // Default: 3600
- *                     enabled?: bool|Param, // Default: true
- *                     factory?: scalar|Param|null,
- *                     regions?: array<string, array{ // Default: []
- *                             cache_driver?: string|array{
- *                                 type?: scalar|Param|null, // Default: null
- *                                 id?: scalar|Param|null,
- *                                 pool?: scalar|Param|null,
- *                             },
- *                             lock_path?: scalar|Param|null, // Default: "%kernel.cache_dir%/doctrine/orm/slc/filelock"
- *                             lock_lifetime?: scalar|Param|null, // Default: 60
- *                             type?: scalar|Param|null, // Default: "default"
- *                             lifetime?: scalar|Param|null, // Default: 0
- *                             service?: scalar|Param|null,
- *                             name?: scalar|Param|null,
- *                         }>,
- *                     loggers?: array<string, array{ // Default: []
- *                             name?: scalar|Param|null,
- *                             service?: scalar|Param|null,
- *                         }>,
- *                 },
- *                 hydrators?: array<string, scalar|Param|null>,
- *                 mappings?: array<string, bool|string|array{ // Default: []
- *                         mapping?: scalar|Param|null, // Default: true
- *                         type?: scalar|Param|null,
- *                         dir?: scalar|Param|null,
- *                         alias?: scalar|Param|null,
- *                         prefix?: scalar|Param|null,
- *                         is_bundle?: bool|Param,
- *                     }>,
- *                 dql?: array{
- *                     string_functions?: array<string, scalar|Param|null>,
- *                     numeric_functions?: array<string, scalar|Param|null>,
- *                     datetime_functions?: array<string, scalar|Param|null>,
- *                 },
- *                 filters?: array<string, string|array{ // Default: []
- *                         class?: scalar|Param|null,
- *                         enabled?: bool|Param, // Default: false
- *                         parameters?: array<string, mixed>,
- *                     }>,
- *                 identity_generation_preferences?: array<string, scalar|Param|null>,
+ *                     lock_path?: scalar|Param|null, // Default: "%kernel.cache_dir%/doctrine/orm/slc/filelock"
+ *                     lock_lifetime?: scalar|Param|null, // Default: 60
+ *                     type?: scalar|Param|null, // Default: "default"
+ *                     lifetime?: scalar|Param|null, // Default: 0
+ *                     service?: scalar|Param|null,
+ *                     name?: scalar|Param|null,
+ *                 }>,
+ *                 loggers?: array<string, array{ // Default: []
+ *                     name?: scalar|Param|null,
+ *                     service?: scalar|Param|null,
+ *                 }>,
+ *             },
+ *             hydrators?: array<string, scalar|Param|null>,
+ *             mappings?: array<string, bool|string|array{ // Default: []
+ *                 mapping?: scalar|Param|null, // Default: true
+ *                 type?: scalar|Param|null,
+ *                 dir?: scalar|Param|null,
+ *                 alias?: scalar|Param|null,
+ *                 prefix?: scalar|Param|null,
+ *                 is_bundle?: bool|Param,
  *             }>,
+ *             dql?: array{
+ *                 string_functions?: array<string, scalar|Param|null>,
+ *                 numeric_functions?: array<string, scalar|Param|null>,
+ *                 datetime_functions?: array<string, scalar|Param|null>,
+ *             },
+ *             filters?: array<string, string|array{ // Default: []
+ *                 class?: scalar|Param|null,
+ *                 enabled?: bool|Param, // Default: false
+ *                 parameters?: array<string, mixed>,
+ *             }>,
+ *             identity_generation_preferences?: array<string, scalar|Param|null>,
+ *         }>,
  *         resolve_target_entities?: array<string, scalar|Param|null>,
  *     },
  * }
@@ -957,391 +957,391 @@ use Symfony\Component\Config\Loader\ParamConfigurator as Param;
  *         allow_if_equal_granted_denied?: bool|Param, // Default: true
  *     },
  *     password_hashers?: array<string, string|array{ // Default: []
- *             algorithm?: scalar|Param|null,
- *             migrate_from?: string|list<scalar|Param|null>,
- *             hash_algorithm?: scalar|Param|null, // Name of hashing algorithm for PBKDF2 (i.e. sha256, sha512, etc..) See hash_algos() for a list of supported algorithms. // Default: "sha512"
- *             key_length?: scalar|Param|null, // Default: 40
- *             ignore_case?: bool|Param, // Default: false
- *             encode_as_base64?: bool|Param, // Default: true
- *             iterations?: scalar|Param|null, // Default: 5000
- *             cost?: int|Param, // Default: null
- *             memory_cost?: scalar|Param|null, // Default: null
- *             time_cost?: scalar|Param|null, // Default: null
- *             id?: scalar|Param|null,
- *         }>,
+ *         algorithm?: scalar|Param|null,
+ *         migrate_from?: string|list<scalar|Param|null>,
+ *         hash_algorithm?: scalar|Param|null, // Name of hashing algorithm for PBKDF2 (i.e. sha256, sha512, etc..) See hash_algos() for a list of supported algorithms. // Default: "sha512"
+ *         key_length?: scalar|Param|null, // Default: 40
+ *         ignore_case?: bool|Param, // Default: false
+ *         encode_as_base64?: bool|Param, // Default: true
+ *         iterations?: scalar|Param|null, // Default: 5000
+ *         cost?: int|Param, // Default: null
+ *         memory_cost?: scalar|Param|null, // Default: null
+ *         time_cost?: scalar|Param|null, // Default: null
+ *         id?: scalar|Param|null,
+ *     }>,
  *     providers?: array<string, array{ // Default: []
- *             id?: scalar|Param|null,
- *             chain?: array{
- *                 providers?: string|list<scalar|Param|null>,
- *             },
- *             entity?: array{
- *                 class?: scalar|Param|null, // The full entity class name of your user class.
- *                 property?: scalar|Param|null, // Default: null
- *                 manager_name?: scalar|Param|null, // Default: null
- *             },
- *             memory?: array{
- *                 users?: array<string, array{ // Default: []
- *                         password?: scalar|Param|null, // Default: null
- *                         roles?: string|list<scalar|Param|null>,
- *                     }>,
- *             },
- *             ldap?: array{
- *                 service?: scalar|Param|null,
- *                 base_dn?: scalar|Param|null,
- *                 search_dn?: scalar|Param|null, // Default: null
- *                 search_password?: scalar|Param|null, // Default: null
- *                 extra_fields?: list<scalar|Param|null>,
- *                 default_roles?: string|list<scalar|Param|null>,
- *                 role_fetcher?: scalar|Param|null, // Default: null
- *                 uid_key?: scalar|Param|null, // Default: "sAMAccountName"
- *                 filter?: scalar|Param|null, // Default: "({uid_key}={user_identifier})"
- *                 password_attribute?: scalar|Param|null, // Default: null
- *             },
- *             saml?: array{
- *                 user_class?: scalar|Param|null,
- *                 default_roles?: list<scalar|Param|null>,
- *             },
- *         }>,
+ *         id?: scalar|Param|null,
+ *         chain?: array{
+ *             providers?: string|list<scalar|Param|null>,
+ *         },
+ *         entity?: array{
+ *             class?: scalar|Param|null, // The full entity class name of your user class.
+ *             property?: scalar|Param|null, // Default: null
+ *             manager_name?: scalar|Param|null, // Default: null
+ *         },
+ *         memory?: array{
+ *             users?: array<string, array{ // Default: []
+ *                 password?: scalar|Param|null, // Default: null
+ *                 roles?: string|list<scalar|Param|null>,
+ *             }>,
+ *         },
+ *         ldap?: array{
+ *             service?: scalar|Param|null,
+ *             base_dn?: scalar|Param|null,
+ *             search_dn?: scalar|Param|null, // Default: null
+ *             search_password?: scalar|Param|null, // Default: null
+ *             extra_fields?: list<scalar|Param|null>,
+ *             default_roles?: string|list<scalar|Param|null>,
+ *             role_fetcher?: scalar|Param|null, // Default: null
+ *             uid_key?: scalar|Param|null, // Default: "sAMAccountName"
+ *             filter?: scalar|Param|null, // Default: "({uid_key}={user_identifier})"
+ *             password_attribute?: scalar|Param|null, // Default: null
+ *         },
+ *         saml?: array{
+ *             user_class?: scalar|Param|null,
+ *             default_roles?: list<scalar|Param|null>,
+ *         },
+ *     }>,
  *     firewalls?: array<string, array{ // Default: []
- *             pattern?: scalar|Param|null,
- *             host?: scalar|Param|null,
- *             methods?: string|list<scalar|Param|null>,
- *             security?: bool|Param, // Default: true
- *             user_checker?: scalar|Param|null, // The UserChecker to use when authenticating users in this firewall. // Default: "security.user_checker"
- *             request_matcher?: scalar|Param|null,
- *             access_denied_url?: scalar|Param|null,
- *             access_denied_handler?: scalar|Param|null,
- *             entry_point?: scalar|Param|null, // An enabled authenticator name or a service id that implements "Symfony\Component\Security\Http\EntryPoint\AuthenticationEntryPointInterface".
- *             provider?: scalar|Param|null,
- *             stateless?: bool|Param, // Default: false
- *             lazy?: bool|Param, // Default: false
- *             context?: scalar|Param|null,
- *             logout?: array{
- *                 enable_csrf?: bool|Param|null, // Default: null
- *                 csrf_token_id?: scalar|Param|null, // Default: "logout"
- *                 csrf_parameter?: scalar|Param|null, // Default: "_csrf_token"
- *                 csrf_token_manager?: scalar|Param|null,
- *                 path?: scalar|Param|null, // Default: "/logout"
- *                 target?: scalar|Param|null, // Default: "/"
- *                 invalidate_session?: bool|Param, // Default: true
- *                 clear_site_data?: string|list<"*"|"cache"|"cookies"|"storage"|"executionContexts"|Param>,
- *                 delete_cookies?: string|array<string, array{ // Default: []
- *                         path?: scalar|Param|null, // Default: null
- *                         domain?: scalar|Param|null, // Default: null
- *                         secure?: scalar|Param|null, // Default: false
- *                         samesite?: scalar|Param|null, // Default: null
- *                         partitioned?: scalar|Param|null, // Default: false
- *                     }>,
- *             },
- *             switch_user?: array{
- *                 provider?: scalar|Param|null,
- *                 parameter?: scalar|Param|null, // Default: "_switch_user"
- *                 role?: scalar|Param|null, // Default: "ROLE_ALLOWED_TO_SWITCH"
- *                 target_route?: scalar|Param|null, // Default: null
- *             },
- *             required_badges?: list<scalar|Param|null>,
- *             custom_authenticators?: list<scalar|Param|null>,
- *             login_throttling?: array{
- *                 limiter?: scalar|Param|null, // A service id implementing "Symfony\Component\HttpFoundation\RateLimiter\RequestRateLimiterInterface".
- *                 max_attempts?: int|Param, // Default: 5
- *                 interval?: scalar|Param|null, // Default: "1 minute"
- *                 lock_factory?: scalar|Param|null, // The service ID of the lock factory used by the login rate limiter (or null to disable locking). // Default: null
- *                 cache_pool?: string|Param, // The cache pool to use for storing the limiter state // Default: "cache.rate_limiter"
- *                 storage_service?: string|Param, // The service ID of a custom storage implementation, this precedes any configured "cache_pool" // Default: null
- *             },
- *             two_factor?: array{
- *                 check_path?: scalar|Param|null, // Default: "/2fa_check"
- *                 post_only?: bool|Param, // Default: true
- *                 auth_form_path?: scalar|Param|null, // Default: "/2fa"
- *                 always_use_default_target_path?: bool|Param, // Default: false
- *                 default_target_path?: scalar|Param|null, // Default: "/"
- *                 success_handler?: scalar|Param|null, // Default: null
- *                 failure_handler?: scalar|Param|null, // Default: null
- *                 authentication_required_handler?: scalar|Param|null, // Default: null
- *                 auth_code_parameter_name?: scalar|Param|null, // Default: "_auth_code"
- *                 trusted_parameter_name?: scalar|Param|null, // Default: "_trusted"
- *                 remember_me_sets_trusted?: scalar|Param|null, // Default: false
- *                 multi_factor?: bool|Param, // Default: false
- *                 prepare_on_login?: bool|Param, // Default: false
- *                 prepare_on_access_denied?: bool|Param, // Default: false
- *                 enable_csrf?: scalar|Param|null, // Default: false
- *                 csrf_parameter?: scalar|Param|null, // Default: "_csrf_token"
- *                 csrf_token_id?: scalar|Param|null, // Default: "two_factor"
- *                 csrf_header?: scalar|Param|null, // Default: null
- *                 csrf_token_manager?: scalar|Param|null, // Default: "scheb_two_factor.csrf_token_manager"
- *                 provider?: scalar|Param|null, // Default: null
- *             },
- *             webauthn?: array{
- *                 user_provider?: scalar|Param|null, // Default: null
- *                 options_storage?: scalar|Param|null, // Deprecated: The child node "options_storage" at path "security.firewalls..webauthn.options_storage" is deprecated. Please use the root option "options_storage" instead. // Default: null
- *                 success_handler?: scalar|Param|null, // Default: "Webauthn\\Bundle\\Security\\Handler\\DefaultSuccessHandler"
- *                 failure_handler?: scalar|Param|null, // Default: "Webauthn\\Bundle\\Security\\Handler\\DefaultFailureHandler"
- *                 secured_rp_ids?: array<string, scalar|Param|null>,
- *                 authentication?: bool|array{
- *                     enabled?: bool|Param, // Default: true
- *                     profile?: scalar|Param|null, // Default: "default"
- *                     options_builder?: scalar|Param|null, // Default: null
- *                     routes?: array{
- *                         host?: scalar|Param|null, // Default: null
- *                         options_method?: scalar|Param|null, // Default: "POST"
- *                         options_path?: scalar|Param|null, // Default: "/login/options"
- *                         result_method?: scalar|Param|null, // Default: "POST"
- *                         result_path?: scalar|Param|null, // Default: "/login"
- *                     },
- *                     options_handler?: scalar|Param|null, // Default: "Webauthn\\Bundle\\Security\\Handler\\DefaultRequestOptionsHandler"
- *                 },
- *                 registration?: bool|array{
- *                     enabled?: bool|Param, // Default: false
- *                     hide_existing_credentials?: bool|Param, // Default: true
- *                     profile?: scalar|Param|null, // Default: "default"
- *                     options_builder?: scalar|Param|null, // Default: null
- *                     routes?: array{
- *                         host?: scalar|Param|null, // Default: null
- *                         options_method?: scalar|Param|null, // Default: "POST"
- *                         options_path?: scalar|Param|null, // Default: "/register/options"
- *                         result_method?: scalar|Param|null, // Default: "POST"
- *                         result_path?: scalar|Param|null, // Default: "/register"
- *                     },
- *                     options_handler?: scalar|Param|null, // Default: "Webauthn\\Bundle\\Security\\Handler\\DefaultCreationOptionsHandler"
- *                 },
- *             },
- *             x509?: array{
- *                 provider?: scalar|Param|null,
- *                 user?: scalar|Param|null, // Default: "SSL_CLIENT_S_DN_Email"
- *                 credentials?: scalar|Param|null, // Default: "SSL_CLIENT_S_DN"
- *                 user_identifier?: scalar|Param|null, // Default: "emailAddress"
- *             },
- *             remote_user?: array{
- *                 provider?: scalar|Param|null,
- *                 user?: scalar|Param|null, // Default: "REMOTE_USER"
- *             },
- *             saml?: array{
- *                 provider?: scalar|Param|null,
- *                 remember_me?: bool|Param, // Default: true
- *                 success_handler?: scalar|Param|null, // Default: "Nbgrp\\OneloginSamlBundle\\Security\\Http\\Authentication\\SamlAuthenticationSuccessHandler"
- *                 failure_handler?: scalar|Param|null,
- *                 check_path?: scalar|Param|null, // Default: "/login_check"
- *                 use_forward?: bool|Param, // Default: false
- *                 login_path?: scalar|Param|null, // Default: "/login"
- *                 identifier_attribute?: scalar|Param|null, // Default: null
- *                 use_attribute_friendly_name?: bool|Param, // Default: false
- *                 user_factory?: scalar|Param|null, // Default: null
- *                 token_factory?: scalar|Param|null, // Default: null
- *                 persist_user?: bool|Param, // Default: false
- *                 always_use_default_target_path?: bool|Param, // Default: false
- *                 default_target_path?: scalar|Param|null, // Default: "/"
- *                 target_path_parameter?: scalar|Param|null, // Default: "_target_path"
- *                 use_referer?: bool|Param, // Default: false
- *                 failure_path?: scalar|Param|null, // Default: null
- *                 failure_forward?: bool|Param, // Default: false
- *                 failure_path_parameter?: scalar|Param|null, // Default: "_failure_path"
- *             },
- *             login_link?: array{
- *                 check_route?: scalar|Param|null, // Route that will validate the login link - e.g. "app_login_link_verify".
- *                 check_post_only?: scalar|Param|null, // If true, only HTTP POST requests to "check_route" will be handled by the authenticator. // Default: false
- *                 signature_properties?: list<scalar|Param|null>,
- *                 lifetime?: int|Param, // The lifetime of the login link in seconds. // Default: 600
- *                 max_uses?: int|Param, // Max number of times a login link can be used - null means unlimited within lifetime. // Default: null
- *                 used_link_cache?: scalar|Param|null, // Cache service id used to expired links of max_uses is set.
- *                 success_handler?: scalar|Param|null, // A service id that implements Symfony\Component\Security\Http\Authentication\AuthenticationSuccessHandlerInterface.
- *                 failure_handler?: scalar|Param|null, // A service id that implements Symfony\Component\Security\Http\Authentication\AuthenticationFailureHandlerInterface.
- *                 provider?: scalar|Param|null, // The user provider to load users from.
- *                 secret?: scalar|Param|null, // Default: "%kernel.secret%"
- *                 always_use_default_target_path?: bool|Param, // Default: false
- *                 default_target_path?: scalar|Param|null, // Default: "/"
- *                 login_path?: scalar|Param|null, // Default: "/login"
- *                 target_path_parameter?: scalar|Param|null, // Default: "_target_path"
- *                 use_referer?: bool|Param, // Default: false
- *                 failure_path?: scalar|Param|null, // Default: null
- *                 failure_forward?: bool|Param, // Default: false
- *                 failure_path_parameter?: scalar|Param|null, // Default: "_failure_path"
- *             },
- *             form_login?: array{
- *                 provider?: scalar|Param|null,
- *                 remember_me?: bool|Param, // Default: true
- *                 success_handler?: scalar|Param|null,
- *                 failure_handler?: scalar|Param|null,
- *                 check_path?: scalar|Param|null, // Default: "/login_check"
- *                 use_forward?: bool|Param, // Default: false
- *                 login_path?: scalar|Param|null, // Default: "/login"
- *                 username_parameter?: scalar|Param|null, // Default: "_username"
- *                 password_parameter?: scalar|Param|null, // Default: "_password"
- *                 csrf_parameter?: scalar|Param|null, // Default: "_csrf_token"
- *                 csrf_token_id?: scalar|Param|null, // Default: "authenticate"
- *                 enable_csrf?: bool|Param, // Default: false
- *                 post_only?: bool|Param, // Default: true
- *                 form_only?: bool|Param, // Default: false
- *                 always_use_default_target_path?: bool|Param, // Default: false
- *                 default_target_path?: scalar|Param|null, // Default: "/"
- *                 target_path_parameter?: scalar|Param|null, // Default: "_target_path"
- *                 use_referer?: bool|Param, // Default: false
- *                 failure_path?: scalar|Param|null, // Default: null
- *                 failure_forward?: bool|Param, // Default: false
- *                 failure_path_parameter?: scalar|Param|null, // Default: "_failure_path"
- *             },
- *             form_login_ldap?: array{
- *                 provider?: scalar|Param|null,
- *                 remember_me?: bool|Param, // Default: true
- *                 success_handler?: scalar|Param|null,
- *                 failure_handler?: scalar|Param|null,
- *                 check_path?: scalar|Param|null, // Default: "/login_check"
- *                 use_forward?: bool|Param, // Default: false
- *                 login_path?: scalar|Param|null, // Default: "/login"
- *                 username_parameter?: scalar|Param|null, // Default: "_username"
- *                 password_parameter?: scalar|Param|null, // Default: "_password"
- *                 csrf_parameter?: scalar|Param|null, // Default: "_csrf_token"
- *                 csrf_token_id?: scalar|Param|null, // Default: "authenticate"
- *                 enable_csrf?: bool|Param, // Default: false
- *                 post_only?: bool|Param, // Default: true
- *                 form_only?: bool|Param, // Default: false
- *                 always_use_default_target_path?: bool|Param, // Default: false
- *                 default_target_path?: scalar|Param|null, // Default: "/"
- *                 target_path_parameter?: scalar|Param|null, // Default: "_target_path"
- *                 use_referer?: bool|Param, // Default: false
- *                 failure_path?: scalar|Param|null, // Default: null
- *                 failure_forward?: bool|Param, // Default: false
- *                 failure_path_parameter?: scalar|Param|null, // Default: "_failure_path"
- *                 service?: scalar|Param|null, // Default: "ldap"
- *                 dn_string?: scalar|Param|null, // Default: "{user_identifier}"
- *                 query_string?: scalar|Param|null,
- *                 search_dn?: scalar|Param|null, // Default: ""
- *                 search_password?: scalar|Param|null, // Default: ""
- *             },
- *             json_login?: array{
- *                 provider?: scalar|Param|null,
- *                 remember_me?: bool|Param, // Default: true
- *                 success_handler?: scalar|Param|null,
- *                 failure_handler?: scalar|Param|null,
- *                 check_path?: scalar|Param|null, // Default: "/login_check"
- *                 use_forward?: bool|Param, // Default: false
- *                 login_path?: scalar|Param|null, // Default: "/login"
- *                 username_path?: scalar|Param|null, // Default: "username"
- *                 password_path?: scalar|Param|null, // Default: "password"
- *             },
- *             json_login_ldap?: array{
- *                 provider?: scalar|Param|null,
- *                 remember_me?: bool|Param, // Default: true
- *                 success_handler?: scalar|Param|null,
- *                 failure_handler?: scalar|Param|null,
- *                 check_path?: scalar|Param|null, // Default: "/login_check"
- *                 use_forward?: bool|Param, // Default: false
- *                 login_path?: scalar|Param|null, // Default: "/login"
- *                 username_path?: scalar|Param|null, // Default: "username"
- *                 password_path?: scalar|Param|null, // Default: "password"
- *                 service?: scalar|Param|null, // Default: "ldap"
- *                 dn_string?: scalar|Param|null, // Default: "{user_identifier}"
- *                 query_string?: scalar|Param|null,
- *                 search_dn?: scalar|Param|null, // Default: ""
- *                 search_password?: scalar|Param|null, // Default: ""
- *             },
- *             access_token?: array{
- *                 provider?: scalar|Param|null,
- *                 remember_me?: bool|Param, // Default: true
- *                 success_handler?: scalar|Param|null,
- *                 failure_handler?: scalar|Param|null,
- *                 realm?: scalar|Param|null, // Default: null
- *                 token_extractors?: string|list<scalar|Param|null>,
- *                 token_handler?: string|array{
- *                     id?: scalar|Param|null,
- *                     oidc_user_info?: string|array{
- *                         base_uri?: scalar|Param|null, // Base URI of the userinfo endpoint on the OIDC server, or the OIDC server URI to use the discovery (require "discovery" to be configured).
- *                         discovery?: array{ // Enable the OIDC discovery.
- *                             cache?: array{
- *                                 id?: scalar|Param|null, // Cache service id to use to cache the OIDC discovery configuration.
- *                             },
- *                         },
- *                         claim?: scalar|Param|null, // Claim which contains the user identifier (e.g. sub, email, etc.). // Default: "sub"
- *                         client?: scalar|Param|null, // HttpClient service id to use to call the OIDC server.
- *                     },
- *                     oidc?: array{
- *                         discovery?: array{ // Enable the OIDC discovery.
- *                             base_uri?: string|list<scalar|Param|null>,
- *                             cache?: array{
- *                                 id?: scalar|Param|null, // Cache service id to use to cache the OIDC discovery configuration.
- *                             },
- *                         },
- *                         claim?: scalar|Param|null, // Claim which contains the user identifier (e.g.: sub, email..). // Default: "sub"
- *                         audience?: scalar|Param|null, // Audience set in the token, for validation purpose.
- *                         issuers?: list<scalar|Param|null>,
- *                         algorithm?: array<mixed>,
- *                         algorithms?: list<scalar|Param|null>,
- *                         key?: scalar|Param|null, // Deprecated: The "key" option is deprecated and will be removed in 8.0. Use the "keyset" option instead. // JSON-encoded JWK used to sign the token (must contain a "kty" key).
- *                         keyset?: scalar|Param|null, // JSON-encoded JWKSet used to sign the token (must contain a list of valid public keys).
- *                         encryption?: bool|array{
- *                             enabled?: bool|Param, // Default: false
- *                             enforce?: bool|Param, // When enabled, the token shall be encrypted. // Default: false
- *                             algorithms?: list<scalar|Param|null>,
- *                             keyset?: scalar|Param|null, // JSON-encoded JWKSet used to decrypt the token (must contain a list of valid private keys).
- *                         },
- *                     },
- *                     cas?: array{
- *                         validation_url?: scalar|Param|null, // CAS server validation URL
- *                         prefix?: scalar|Param|null, // CAS prefix // Default: "cas"
- *                         http_client?: scalar|Param|null, // HTTP Client service // Default: null
- *                     },
- *                     oauth2?: scalar|Param|null,
- *                 },
- *             },
- *             http_basic?: array{
- *                 provider?: scalar|Param|null,
- *                 realm?: scalar|Param|null, // Default: "Secured Area"
- *             },
- *             http_basic_ldap?: array{
- *                 provider?: scalar|Param|null,
- *                 realm?: scalar|Param|null, // Default: "Secured Area"
- *                 service?: scalar|Param|null, // Default: "ldap"
- *                 dn_string?: scalar|Param|null, // Default: "{user_identifier}"
- *                 query_string?: scalar|Param|null,
- *                 search_dn?: scalar|Param|null, // Default: ""
- *                 search_password?: scalar|Param|null, // Default: ""
- *             },
- *             remember_me?: array{
- *                 secret?: scalar|Param|null, // Default: "%kernel.secret%"
- *                 service?: scalar|Param|null,
- *                 user_providers?: string|list<scalar|Param|null>,
- *                 catch_exceptions?: bool|Param, // Default: true
- *                 signature_properties?: list<scalar|Param|null>,
- *                 token_provider?: string|array{
- *                     service?: scalar|Param|null, // The service ID of a custom remember-me token provider.
- *                     doctrine?: bool|array{
- *                         enabled?: bool|Param, // Default: false
- *                         connection?: scalar|Param|null, // Default: null
- *                     },
- *                 },
- *                 token_verifier?: scalar|Param|null, // The service ID of a custom rememberme token verifier.
- *                 name?: scalar|Param|null, // Default: "REMEMBERME"
- *                 lifetime?: int|Param, // Default: 31536000
- *                 path?: scalar|Param|null, // Default: "/"
+ *         pattern?: scalar|Param|null,
+ *         host?: scalar|Param|null,
+ *         methods?: string|list<scalar|Param|null>,
+ *         security?: bool|Param, // Default: true
+ *         user_checker?: scalar|Param|null, // The UserChecker to use when authenticating users in this firewall. // Default: "security.user_checker"
+ *         request_matcher?: scalar|Param|null,
+ *         access_denied_url?: scalar|Param|null,
+ *         access_denied_handler?: scalar|Param|null,
+ *         entry_point?: scalar|Param|null, // An enabled authenticator name or a service id that implements "Symfony\Component\Security\Http\EntryPoint\AuthenticationEntryPointInterface".
+ *         provider?: scalar|Param|null,
+ *         stateless?: bool|Param, // Default: false
+ *         lazy?: bool|Param, // Default: false
+ *         context?: scalar|Param|null,
+ *         logout?: array{
+ *             enable_csrf?: bool|Param|null, // Default: null
+ *             csrf_token_id?: scalar|Param|null, // Default: "logout"
+ *             csrf_parameter?: scalar|Param|null, // Default: "_csrf_token"
+ *             csrf_token_manager?: scalar|Param|null,
+ *             path?: scalar|Param|null, // Default: "/logout"
+ *             target?: scalar|Param|null, // Default: "/"
+ *             invalidate_session?: bool|Param, // Default: true
+ *             clear_site_data?: string|list<"*"|"cache"|"cookies"|"storage"|"executionContexts"|Param>,
+ *             delete_cookies?: string|array<string, array{ // Default: []
+ *                 path?: scalar|Param|null, // Default: null
  *                 domain?: scalar|Param|null, // Default: null
- *                 secure?: true|false|"auto"|Param, // Default: null
- *                 httponly?: bool|Param, // Default: true
- *                 samesite?: null|"lax"|"strict"|"none"|Param, // Default: "lax"
- *                 always_remember_me?: bool|Param, // Default: false
- *                 remember_me_parameter?: scalar|Param|null, // Default: "_remember_me"
+ *                 secure?: scalar|Param|null, // Default: false
+ *                 samesite?: scalar|Param|null, // Default: null
+ *                 partitioned?: scalar|Param|null, // Default: false
+ *             }>,
+ *         },
+ *         switch_user?: array{
+ *             provider?: scalar|Param|null,
+ *             parameter?: scalar|Param|null, // Default: "_switch_user"
+ *             role?: scalar|Param|null, // Default: "ROLE_ALLOWED_TO_SWITCH"
+ *             target_route?: scalar|Param|null, // Default: null
+ *         },
+ *         required_badges?: list<scalar|Param|null>,
+ *         custom_authenticators?: list<scalar|Param|null>,
+ *         login_throttling?: array{
+ *             limiter?: scalar|Param|null, // A service id implementing "Symfony\Component\HttpFoundation\RateLimiter\RequestRateLimiterInterface".
+ *             max_attempts?: int|Param, // Default: 5
+ *             interval?: scalar|Param|null, // Default: "1 minute"
+ *             lock_factory?: scalar|Param|null, // The service ID of the lock factory used by the login rate limiter (or null to disable locking). // Default: null
+ *             cache_pool?: string|Param, // The cache pool to use for storing the limiter state // Default: "cache.rate_limiter"
+ *             storage_service?: string|Param, // The service ID of a custom storage implementation, this precedes any configured "cache_pool" // Default: null
+ *         },
+ *         two_factor?: array{
+ *             check_path?: scalar|Param|null, // Default: "/2fa_check"
+ *             post_only?: bool|Param, // Default: true
+ *             auth_form_path?: scalar|Param|null, // Default: "/2fa"
+ *             always_use_default_target_path?: bool|Param, // Default: false
+ *             default_target_path?: scalar|Param|null, // Default: "/"
+ *             success_handler?: scalar|Param|null, // Default: null
+ *             failure_handler?: scalar|Param|null, // Default: null
+ *             authentication_required_handler?: scalar|Param|null, // Default: null
+ *             auth_code_parameter_name?: scalar|Param|null, // Default: "_auth_code"
+ *             trusted_parameter_name?: scalar|Param|null, // Default: "_trusted"
+ *             remember_me_sets_trusted?: scalar|Param|null, // Default: false
+ *             multi_factor?: bool|Param, // Default: false
+ *             prepare_on_login?: bool|Param, // Default: false
+ *             prepare_on_access_denied?: bool|Param, // Default: false
+ *             enable_csrf?: scalar|Param|null, // Default: false
+ *             csrf_parameter?: scalar|Param|null, // Default: "_csrf_token"
+ *             csrf_token_id?: scalar|Param|null, // Default: "two_factor"
+ *             csrf_header?: scalar|Param|null, // Default: null
+ *             csrf_token_manager?: scalar|Param|null, // Default: "scheb_two_factor.csrf_token_manager"
+ *             provider?: scalar|Param|null, // Default: null
+ *         },
+ *         webauthn?: array{
+ *             user_provider?: scalar|Param|null, // Default: null
+ *             options_storage?: scalar|Param|null, // Deprecated: The child node "options_storage" at path "security.firewalls..webauthn.options_storage" is deprecated. Please use the root option "options_storage" instead. // Default: null
+ *             success_handler?: scalar|Param|null, // Default: "Webauthn\\Bundle\\Security\\Handler\\DefaultSuccessHandler"
+ *             failure_handler?: scalar|Param|null, // Default: "Webauthn\\Bundle\\Security\\Handler\\DefaultFailureHandler"
+ *             secured_rp_ids?: array<string, scalar|Param|null>,
+ *             authentication?: bool|array{
+ *                 enabled?: bool|Param, // Default: true
+ *                 profile?: scalar|Param|null, // Default: "default"
+ *                 options_builder?: scalar|Param|null, // Default: null
+ *                 routes?: array{
+ *                     host?: scalar|Param|null, // Default: null
+ *                     options_method?: scalar|Param|null, // Default: "POST"
+ *                     options_path?: scalar|Param|null, // Default: "/login/options"
+ *                     result_method?: scalar|Param|null, // Default: "POST"
+ *                     result_path?: scalar|Param|null, // Default: "/login"
+ *                 },
+ *                 options_handler?: scalar|Param|null, // Default: "Webauthn\\Bundle\\Security\\Handler\\DefaultRequestOptionsHandler"
  *             },
- *         }>,
+ *             registration?: bool|array{
+ *                 enabled?: bool|Param, // Default: false
+ *                 hide_existing_credentials?: bool|Param, // Default: true
+ *                 profile?: scalar|Param|null, // Default: "default"
+ *                 options_builder?: scalar|Param|null, // Default: null
+ *                 routes?: array{
+ *                     host?: scalar|Param|null, // Default: null
+ *                     options_method?: scalar|Param|null, // Default: "POST"
+ *                     options_path?: scalar|Param|null, // Default: "/register/options"
+ *                     result_method?: scalar|Param|null, // Default: "POST"
+ *                     result_path?: scalar|Param|null, // Default: "/register"
+ *                 },
+ *                 options_handler?: scalar|Param|null, // Default: "Webauthn\\Bundle\\Security\\Handler\\DefaultCreationOptionsHandler"
+ *             },
+ *         },
+ *         x509?: array{
+ *             provider?: scalar|Param|null,
+ *             user?: scalar|Param|null, // Default: "SSL_CLIENT_S_DN_Email"
+ *             credentials?: scalar|Param|null, // Default: "SSL_CLIENT_S_DN"
+ *             user_identifier?: scalar|Param|null, // Default: "emailAddress"
+ *         },
+ *         remote_user?: array{
+ *             provider?: scalar|Param|null,
+ *             user?: scalar|Param|null, // Default: "REMOTE_USER"
+ *         },
+ *         saml?: array{
+ *             provider?: scalar|Param|null,
+ *             remember_me?: bool|Param, // Default: true
+ *             success_handler?: scalar|Param|null, // Default: "Nbgrp\\OneloginSamlBundle\\Security\\Http\\Authentication\\SamlAuthenticationSuccessHandler"
+ *             failure_handler?: scalar|Param|null,
+ *             check_path?: scalar|Param|null, // Default: "/login_check"
+ *             use_forward?: bool|Param, // Default: false
+ *             login_path?: scalar|Param|null, // Default: "/login"
+ *             identifier_attribute?: scalar|Param|null, // Default: null
+ *             use_attribute_friendly_name?: bool|Param, // Default: false
+ *             user_factory?: scalar|Param|null, // Default: null
+ *             token_factory?: scalar|Param|null, // Default: null
+ *             persist_user?: bool|Param, // Default: false
+ *             always_use_default_target_path?: bool|Param, // Default: false
+ *             default_target_path?: scalar|Param|null, // Default: "/"
+ *             target_path_parameter?: scalar|Param|null, // Default: "_target_path"
+ *             use_referer?: bool|Param, // Default: false
+ *             failure_path?: scalar|Param|null, // Default: null
+ *             failure_forward?: bool|Param, // Default: false
+ *             failure_path_parameter?: scalar|Param|null, // Default: "_failure_path"
+ *         },
+ *         login_link?: array{
+ *             check_route?: scalar|Param|null, // Route that will validate the login link - e.g. "app_login_link_verify".
+ *             check_post_only?: scalar|Param|null, // If true, only HTTP POST requests to "check_route" will be handled by the authenticator. // Default: false
+ *             signature_properties?: list<scalar|Param|null>,
+ *             lifetime?: int|Param, // The lifetime of the login link in seconds. // Default: 600
+ *             max_uses?: int|Param, // Max number of times a login link can be used - null means unlimited within lifetime. // Default: null
+ *             used_link_cache?: scalar|Param|null, // Cache service id used to expired links of max_uses is set.
+ *             success_handler?: scalar|Param|null, // A service id that implements Symfony\Component\Security\Http\Authentication\AuthenticationSuccessHandlerInterface.
+ *             failure_handler?: scalar|Param|null, // A service id that implements Symfony\Component\Security\Http\Authentication\AuthenticationFailureHandlerInterface.
+ *             provider?: scalar|Param|null, // The user provider to load users from.
+ *             secret?: scalar|Param|null, // Default: "%kernel.secret%"
+ *             always_use_default_target_path?: bool|Param, // Default: false
+ *             default_target_path?: scalar|Param|null, // Default: "/"
+ *             login_path?: scalar|Param|null, // Default: "/login"
+ *             target_path_parameter?: scalar|Param|null, // Default: "_target_path"
+ *             use_referer?: bool|Param, // Default: false
+ *             failure_path?: scalar|Param|null, // Default: null
+ *             failure_forward?: bool|Param, // Default: false
+ *             failure_path_parameter?: scalar|Param|null, // Default: "_failure_path"
+ *         },
+ *         form_login?: array{
+ *             provider?: scalar|Param|null,
+ *             remember_me?: bool|Param, // Default: true
+ *             success_handler?: scalar|Param|null,
+ *             failure_handler?: scalar|Param|null,
+ *             check_path?: scalar|Param|null, // Default: "/login_check"
+ *             use_forward?: bool|Param, // Default: false
+ *             login_path?: scalar|Param|null, // Default: "/login"
+ *             username_parameter?: scalar|Param|null, // Default: "_username"
+ *             password_parameter?: scalar|Param|null, // Default: "_password"
+ *             csrf_parameter?: scalar|Param|null, // Default: "_csrf_token"
+ *             csrf_token_id?: scalar|Param|null, // Default: "authenticate"
+ *             enable_csrf?: bool|Param, // Default: false
+ *             post_only?: bool|Param, // Default: true
+ *             form_only?: bool|Param, // Default: false
+ *             always_use_default_target_path?: bool|Param, // Default: false
+ *             default_target_path?: scalar|Param|null, // Default: "/"
+ *             target_path_parameter?: scalar|Param|null, // Default: "_target_path"
+ *             use_referer?: bool|Param, // Default: false
+ *             failure_path?: scalar|Param|null, // Default: null
+ *             failure_forward?: bool|Param, // Default: false
+ *             failure_path_parameter?: scalar|Param|null, // Default: "_failure_path"
+ *         },
+ *         form_login_ldap?: array{
+ *             provider?: scalar|Param|null,
+ *             remember_me?: bool|Param, // Default: true
+ *             success_handler?: scalar|Param|null,
+ *             failure_handler?: scalar|Param|null,
+ *             check_path?: scalar|Param|null, // Default: "/login_check"
+ *             use_forward?: bool|Param, // Default: false
+ *             login_path?: scalar|Param|null, // Default: "/login"
+ *             username_parameter?: scalar|Param|null, // Default: "_username"
+ *             password_parameter?: scalar|Param|null, // Default: "_password"
+ *             csrf_parameter?: scalar|Param|null, // Default: "_csrf_token"
+ *             csrf_token_id?: scalar|Param|null, // Default: "authenticate"
+ *             enable_csrf?: bool|Param, // Default: false
+ *             post_only?: bool|Param, // Default: true
+ *             form_only?: bool|Param, // Default: false
+ *             always_use_default_target_path?: bool|Param, // Default: false
+ *             default_target_path?: scalar|Param|null, // Default: "/"
+ *             target_path_parameter?: scalar|Param|null, // Default: "_target_path"
+ *             use_referer?: bool|Param, // Default: false
+ *             failure_path?: scalar|Param|null, // Default: null
+ *             failure_forward?: bool|Param, // Default: false
+ *             failure_path_parameter?: scalar|Param|null, // Default: "_failure_path"
+ *             service?: scalar|Param|null, // Default: "ldap"
+ *             dn_string?: scalar|Param|null, // Default: "{user_identifier}"
+ *             query_string?: scalar|Param|null,
+ *             search_dn?: scalar|Param|null, // Default: ""
+ *             search_password?: scalar|Param|null, // Default: ""
+ *         },
+ *         json_login?: array{
+ *             provider?: scalar|Param|null,
+ *             remember_me?: bool|Param, // Default: true
+ *             success_handler?: scalar|Param|null,
+ *             failure_handler?: scalar|Param|null,
+ *             check_path?: scalar|Param|null, // Default: "/login_check"
+ *             use_forward?: bool|Param, // Default: false
+ *             login_path?: scalar|Param|null, // Default: "/login"
+ *             username_path?: scalar|Param|null, // Default: "username"
+ *             password_path?: scalar|Param|null, // Default: "password"
+ *         },
+ *         json_login_ldap?: array{
+ *             provider?: scalar|Param|null,
+ *             remember_me?: bool|Param, // Default: true
+ *             success_handler?: scalar|Param|null,
+ *             failure_handler?: scalar|Param|null,
+ *             check_path?: scalar|Param|null, // Default: "/login_check"
+ *             use_forward?: bool|Param, // Default: false
+ *             login_path?: scalar|Param|null, // Default: "/login"
+ *             username_path?: scalar|Param|null, // Default: "username"
+ *             password_path?: scalar|Param|null, // Default: "password"
+ *             service?: scalar|Param|null, // Default: "ldap"
+ *             dn_string?: scalar|Param|null, // Default: "{user_identifier}"
+ *             query_string?: scalar|Param|null,
+ *             search_dn?: scalar|Param|null, // Default: ""
+ *             search_password?: scalar|Param|null, // Default: ""
+ *         },
+ *         access_token?: array{
+ *             provider?: scalar|Param|null,
+ *             remember_me?: bool|Param, // Default: true
+ *             success_handler?: scalar|Param|null,
+ *             failure_handler?: scalar|Param|null,
+ *             realm?: scalar|Param|null, // Default: null
+ *             token_extractors?: string|list<scalar|Param|null>,
+ *             token_handler?: string|array{
+ *                 id?: scalar|Param|null,
+ *                 oidc_user_info?: string|array{
+ *                     base_uri?: scalar|Param|null, // Base URI of the userinfo endpoint on the OIDC server, or the OIDC server URI to use the discovery (require "discovery" to be configured).
+ *                     discovery?: array{ // Enable the OIDC discovery.
+ *                         cache?: array{
+ *                             id?: scalar|Param|null, // Cache service id to use to cache the OIDC discovery configuration.
+ *                         },
+ *                     },
+ *                     claim?: scalar|Param|null, // Claim which contains the user identifier (e.g. sub, email, etc.). // Default: "sub"
+ *                     client?: scalar|Param|null, // HttpClient service id to use to call the OIDC server.
+ *                 },
+ *                 oidc?: array{
+ *                     discovery?: array{ // Enable the OIDC discovery.
+ *                         base_uri?: string|list<scalar|Param|null>,
+ *                         cache?: array{
+ *                             id?: scalar|Param|null, // Cache service id to use to cache the OIDC discovery configuration.
+ *                         },
+ *                     },
+ *                     claim?: scalar|Param|null, // Claim which contains the user identifier (e.g.: sub, email..). // Default: "sub"
+ *                     audience?: scalar|Param|null, // Audience set in the token, for validation purpose.
+ *                     issuers?: list<scalar|Param|null>,
+ *                     algorithm?: array<mixed>,
+ *                     algorithms?: list<scalar|Param|null>,
+ *                     key?: scalar|Param|null, // Deprecated: The "key" option is deprecated and will be removed in 8.0. Use the "keyset" option instead. // JSON-encoded JWK used to sign the token (must contain a "kty" key).
+ *                     keyset?: scalar|Param|null, // JSON-encoded JWKSet used to sign the token (must contain a list of valid public keys).
+ *                     encryption?: bool|array{
+ *                         enabled?: bool|Param, // Default: false
+ *                         enforce?: bool|Param, // When enabled, the token shall be encrypted. // Default: false
+ *                         algorithms?: list<scalar|Param|null>,
+ *                         keyset?: scalar|Param|null, // JSON-encoded JWKSet used to decrypt the token (must contain a list of valid private keys).
+ *                     },
+ *                 },
+ *                 cas?: array{
+ *                     validation_url?: scalar|Param|null, // CAS server validation URL
+ *                     prefix?: scalar|Param|null, // CAS prefix // Default: "cas"
+ *                     http_client?: scalar|Param|null, // HTTP Client service // Default: null
+ *                 },
+ *                 oauth2?: scalar|Param|null,
+ *             },
+ *         },
+ *         http_basic?: array{
+ *             provider?: scalar|Param|null,
+ *             realm?: scalar|Param|null, // Default: "Secured Area"
+ *         },
+ *         http_basic_ldap?: array{
+ *             provider?: scalar|Param|null,
+ *             realm?: scalar|Param|null, // Default: "Secured Area"
+ *             service?: scalar|Param|null, // Default: "ldap"
+ *             dn_string?: scalar|Param|null, // Default: "{user_identifier}"
+ *             query_string?: scalar|Param|null,
+ *             search_dn?: scalar|Param|null, // Default: ""
+ *             search_password?: scalar|Param|null, // Default: ""
+ *         },
+ *         remember_me?: array{
+ *             secret?: scalar|Param|null, // Default: "%kernel.secret%"
+ *             service?: scalar|Param|null,
+ *             user_providers?: string|list<scalar|Param|null>,
+ *             catch_exceptions?: bool|Param, // Default: true
+ *             signature_properties?: list<scalar|Param|null>,
+ *             token_provider?: string|array{
+ *                 service?: scalar|Param|null, // The service ID of a custom remember-me token provider.
+ *                 doctrine?: bool|array{
+ *                     enabled?: bool|Param, // Default: false
+ *                     connection?: scalar|Param|null, // Default: null
+ *                 },
+ *             },
+ *             token_verifier?: scalar|Param|null, // The service ID of a custom rememberme token verifier.
+ *             name?: scalar|Param|null, // Default: "REMEMBERME"
+ *             lifetime?: int|Param, // Default: 31536000
+ *             path?: scalar|Param|null, // Default: "/"
+ *             domain?: scalar|Param|null, // Default: null
+ *             secure?: true|false|"auto"|Param, // Default: null
+ *             httponly?: bool|Param, // Default: true
+ *             samesite?: null|"lax"|"strict"|"none"|Param, // Default: "lax"
+ *             always_remember_me?: bool|Param, // Default: false
+ *             remember_me_parameter?: scalar|Param|null, // Default: "_remember_me"
+ *         },
+ *     }>,
  *     access_control?: list<array{ // Default: []
- *             request_matcher?: scalar|Param|null, // Default: null
- *             requires_channel?: scalar|Param|null, // Default: null
- *             path?: scalar|Param|null, // Use the urldecoded format. // Default: null
- *             host?: scalar|Param|null, // Default: null
- *             port?: int|Param, // Default: null
- *             ips?: string|list<scalar|Param|null>,
- *             attributes?: array<string, scalar|Param|null>,
- *             route?: scalar|Param|null, // Default: null
- *             methods?: string|list<scalar|Param|null>,
- *             allow_if?: scalar|Param|null, // Default: null
- *             roles?: string|list<scalar|Param|null>,
- *         }>,
+ *         request_matcher?: scalar|Param|null, // Default: null
+ *         requires_channel?: scalar|Param|null, // Default: null
+ *         path?: scalar|Param|null, // Use the urldecoded format. // Default: null
+ *         host?: scalar|Param|null, // Default: null
+ *         port?: int|Param, // Default: null
+ *         ips?: string|list<scalar|Param|null>,
+ *         attributes?: array<string, scalar|Param|null>,
+ *         route?: scalar|Param|null, // Default: null
+ *         methods?: string|list<scalar|Param|null>,
+ *         allow_if?: scalar|Param|null, // Default: null
+ *         roles?: string|list<scalar|Param|null>,
+ *     }>,
  *     role_hierarchy?: array<string, string|list<scalar|Param|null>>,
  * }
  * @psalm-type TwigConfig = array{
  *     form_themes?: list<scalar|Param|null>,
  *     globals?: array<string, array{ // Default: []
- *             id?: scalar|Param|null,
- *             type?: scalar|Param|null,
- *             value?: mixed,
- *         }>,
+ *         id?: scalar|Param|null,
+ *         type?: scalar|Param|null,
+ *         value?: mixed,
+ *     }>,
  *     autoescape_service?: scalar|Param|null, // Default: null
  *     autoescape_service_method?: scalar|Param|null, // Default: null
  *     base_template_class?: scalar|Param|null, // Deprecated: The child node "base_template_class" at path "twig.base_template_class" is deprecated.
@@ -1380,144 +1380,144 @@ use Symfony\Component\Config\Loader\ParamConfigurator as Param;
  *     use_microseconds?: scalar|Param|null, // Default: true
  *     channels?: list<scalar|Param|null>,
  *     handlers?: array<string, array{ // Default: []
- *             type?: scalar|Param|null,
- *             id?: scalar|Param|null,
- *             enabled?: bool|Param, // Default: true
- *             priority?: scalar|Param|null, // Default: 0
- *             level?: scalar|Param|null, // Default: "DEBUG"
- *             bubble?: bool|Param, // Default: true
- *             interactive_only?: bool|Param, // Default: false
- *             app_name?: scalar|Param|null, // Default: null
- *             include_stacktraces?: bool|Param, // Default: false
- *             process_psr_3_messages?: array{
- *                 enabled?: bool|Param|null, // Default: null
- *                 date_format?: scalar|Param|null,
- *                 remove_used_context_fields?: bool|Param,
- *             },
- *             path?: scalar|Param|null, // Default: "%kernel.logs_dir%/%kernel.environment%.log"
- *             file_permission?: scalar|Param|null, // Default: null
- *             use_locking?: bool|Param, // Default: false
- *             filename_format?: scalar|Param|null, // Default: "{filename}-{date}"
- *             date_format?: scalar|Param|null, // Default: "Y-m-d"
- *             ident?: scalar|Param|null, // Default: false
- *             logopts?: scalar|Param|null, // Default: 1
- *             facility?: scalar|Param|null, // Default: "user"
- *             max_files?: scalar|Param|null, // Default: 0
- *             action_level?: scalar|Param|null, // Default: "WARNING"
- *             activation_strategy?: scalar|Param|null, // Default: null
- *             stop_buffering?: bool|Param, // Default: true
- *             passthru_level?: scalar|Param|null, // Default: null
- *             excluded_http_codes?: list<array{ // Default: []
- *                     code?: scalar|Param|null,
- *                     urls?: list<scalar|Param|null>,
- *                 }>,
- *             accepted_levels?: list<scalar|Param|null>,
- *             min_level?: scalar|Param|null, // Default: "DEBUG"
- *             max_level?: scalar|Param|null, // Default: "EMERGENCY"
- *             buffer_size?: scalar|Param|null, // Default: 0
- *             flush_on_overflow?: bool|Param, // Default: false
- *             handler?: scalar|Param|null,
- *             url?: scalar|Param|null,
- *             exchange?: scalar|Param|null,
- *             exchange_name?: scalar|Param|null, // Default: "log"
- *             channel?: scalar|Param|null, // Default: null
- *             bot_name?: scalar|Param|null, // Default: "Monolog"
- *             use_attachment?: scalar|Param|null, // Default: true
- *             use_short_attachment?: scalar|Param|null, // Default: false
- *             include_extra?: scalar|Param|null, // Default: false
- *             icon_emoji?: scalar|Param|null, // Default: null
- *             webhook_url?: scalar|Param|null,
- *             exclude_fields?: list<scalar|Param|null>,
- *             token?: scalar|Param|null,
- *             region?: scalar|Param|null,
- *             source?: scalar|Param|null,
- *             use_ssl?: bool|Param, // Default: true
- *             user?: mixed,
- *             title?: scalar|Param|null, // Default: null
- *             host?: scalar|Param|null, // Default: null
- *             port?: scalar|Param|null, // Default: 514
- *             config?: list<scalar|Param|null>,
- *             members?: list<scalar|Param|null>,
- *             connection_string?: scalar|Param|null,
- *             timeout?: scalar|Param|null,
- *             time?: scalar|Param|null, // Default: 60
- *             deduplication_level?: scalar|Param|null, // Default: 400
- *             store?: scalar|Param|null, // Default: null
- *             connection_timeout?: scalar|Param|null,
- *             persistent?: bool|Param,
- *             message_type?: scalar|Param|null, // Default: 0
- *             parse_mode?: scalar|Param|null, // Default: null
- *             disable_webpage_preview?: bool|Param|null, // Default: null
- *             disable_notification?: bool|Param|null, // Default: null
- *             split_long_messages?: bool|Param, // Default: false
- *             delay_between_messages?: bool|Param, // Default: false
- *             topic?: int|Param, // Default: null
- *             factor?: int|Param, // Default: 1
- *             tags?: string|list<scalar|Param|null>,
- *             console_formatter_options?: mixed, // Default: []
- *             formatter?: scalar|Param|null,
- *             nested?: bool|Param, // Default: false
- *             publisher?: string|array{
- *                 id?: scalar|Param|null,
- *                 hostname?: scalar|Param|null,
- *                 port?: scalar|Param|null, // Default: 12201
- *                 chunk_size?: scalar|Param|null, // Default: 1420
- *                 encoder?: "json"|"compressed_json"|Param,
- *             },
- *             mongodb?: string|array{
- *                 id?: scalar|Param|null, // ID of a MongoDB\Client service
- *                 uri?: scalar|Param|null,
- *                 username?: scalar|Param|null,
- *                 password?: scalar|Param|null,
- *                 database?: scalar|Param|null, // Default: "monolog"
- *                 collection?: scalar|Param|null, // Default: "logs"
- *             },
- *             elasticsearch?: string|array{
- *                 id?: scalar|Param|null,
- *                 hosts?: list<scalar|Param|null>,
- *                 host?: scalar|Param|null,
- *                 port?: scalar|Param|null, // Default: 9200
- *                 transport?: scalar|Param|null, // Default: "Http"
- *                 user?: scalar|Param|null, // Default: null
- *                 password?: scalar|Param|null, // Default: null
- *             },
- *             index?: scalar|Param|null, // Default: "monolog"
- *             document_type?: scalar|Param|null, // Default: "logs"
- *             ignore_error?: scalar|Param|null, // Default: false
- *             redis?: string|array{
- *                 id?: scalar|Param|null,
- *                 host?: scalar|Param|null,
- *                 password?: scalar|Param|null, // Default: null
- *                 port?: scalar|Param|null, // Default: 6379
- *                 database?: scalar|Param|null, // Default: 0
- *                 key_name?: scalar|Param|null, // Default: "monolog_redis"
- *             },
- *             predis?: string|array{
- *                 id?: scalar|Param|null,
- *                 host?: scalar|Param|null,
- *             },
- *             from_email?: scalar|Param|null,
- *             to_email?: string|list<scalar|Param|null>,
- *             subject?: scalar|Param|null,
- *             content_type?: scalar|Param|null, // Default: null
- *             headers?: list<scalar|Param|null>,
- *             mailer?: scalar|Param|null, // Default: null
- *             email_prototype?: string|array{
- *                 id?: scalar|Param|null,
- *                 method?: scalar|Param|null, // Default: null
- *             },
- *             verbosity_levels?: array{
- *                 VERBOSITY_QUIET?: scalar|Param|null, // Default: "ERROR"
- *                 VERBOSITY_NORMAL?: scalar|Param|null, // Default: "WARNING"
- *                 VERBOSITY_VERBOSE?: scalar|Param|null, // Default: "NOTICE"
- *                 VERBOSITY_VERY_VERBOSE?: scalar|Param|null, // Default: "INFO"
- *                 VERBOSITY_DEBUG?: scalar|Param|null, // Default: "DEBUG"
- *             },
- *             channels?: string|array{
- *                 type?: scalar|Param|null,
- *                 elements?: list<scalar|Param|null>,
- *             },
+ *         type?: scalar|Param|null,
+ *         id?: scalar|Param|null,
+ *         enabled?: bool|Param, // Default: true
+ *         priority?: scalar|Param|null, // Default: 0
+ *         level?: scalar|Param|null, // Default: "DEBUG"
+ *         bubble?: bool|Param, // Default: true
+ *         interactive_only?: bool|Param, // Default: false
+ *         app_name?: scalar|Param|null, // Default: null
+ *         include_stacktraces?: bool|Param, // Default: false
+ *         process_psr_3_messages?: array{
+ *             enabled?: bool|Param|null, // Default: null
+ *             date_format?: scalar|Param|null,
+ *             remove_used_context_fields?: bool|Param,
+ *         },
+ *         path?: scalar|Param|null, // Default: "%kernel.logs_dir%/%kernel.environment%.log"
+ *         file_permission?: scalar|Param|null, // Default: null
+ *         use_locking?: bool|Param, // Default: false
+ *         filename_format?: scalar|Param|null, // Default: "{filename}-{date}"
+ *         date_format?: scalar|Param|null, // Default: "Y-m-d"
+ *         ident?: scalar|Param|null, // Default: false
+ *         logopts?: scalar|Param|null, // Default: 1
+ *         facility?: scalar|Param|null, // Default: "user"
+ *         max_files?: scalar|Param|null, // Default: 0
+ *         action_level?: scalar|Param|null, // Default: "WARNING"
+ *         activation_strategy?: scalar|Param|null, // Default: null
+ *         stop_buffering?: bool|Param, // Default: true
+ *         passthru_level?: scalar|Param|null, // Default: null
+ *         excluded_http_codes?: list<array{ // Default: []
+ *             code?: scalar|Param|null,
+ *             urls?: list<scalar|Param|null>,
  *         }>,
+ *         accepted_levels?: list<scalar|Param|null>,
+ *         min_level?: scalar|Param|null, // Default: "DEBUG"
+ *         max_level?: scalar|Param|null, // Default: "EMERGENCY"
+ *         buffer_size?: scalar|Param|null, // Default: 0
+ *         flush_on_overflow?: bool|Param, // Default: false
+ *         handler?: scalar|Param|null,
+ *         url?: scalar|Param|null,
+ *         exchange?: scalar|Param|null,
+ *         exchange_name?: scalar|Param|null, // Default: "log"
+ *         channel?: scalar|Param|null, // Default: null
+ *         bot_name?: scalar|Param|null, // Default: "Monolog"
+ *         use_attachment?: scalar|Param|null, // Default: true
+ *         use_short_attachment?: scalar|Param|null, // Default: false
+ *         include_extra?: scalar|Param|null, // Default: false
+ *         icon_emoji?: scalar|Param|null, // Default: null
+ *         webhook_url?: scalar|Param|null,
+ *         exclude_fields?: list<scalar|Param|null>,
+ *         token?: scalar|Param|null,
+ *         region?: scalar|Param|null,
+ *         source?: scalar|Param|null,
+ *         use_ssl?: bool|Param, // Default: true
+ *         user?: mixed,
+ *         title?: scalar|Param|null, // Default: null
+ *         host?: scalar|Param|null, // Default: null
+ *         port?: scalar|Param|null, // Default: 514
+ *         config?: list<scalar|Param|null>,
+ *         members?: list<scalar|Param|null>,
+ *         connection_string?: scalar|Param|null,
+ *         timeout?: scalar|Param|null,
+ *         time?: scalar|Param|null, // Default: 60
+ *         deduplication_level?: scalar|Param|null, // Default: 400
+ *         store?: scalar|Param|null, // Default: null
+ *         connection_timeout?: scalar|Param|null,
+ *         persistent?: bool|Param,
+ *         message_type?: scalar|Param|null, // Default: 0
+ *         parse_mode?: scalar|Param|null, // Default: null
+ *         disable_webpage_preview?: bool|Param|null, // Default: null
+ *         disable_notification?: bool|Param|null, // Default: null
+ *         split_long_messages?: bool|Param, // Default: false
+ *         delay_between_messages?: bool|Param, // Default: false
+ *         topic?: int|Param, // Default: null
+ *         factor?: int|Param, // Default: 1
+ *         tags?: string|list<scalar|Param|null>,
+ *         console_formatter_options?: mixed, // Default: []
+ *         formatter?: scalar|Param|null,
+ *         nested?: bool|Param, // Default: false
+ *         publisher?: string|array{
+ *             id?: scalar|Param|null,
+ *             hostname?: scalar|Param|null,
+ *             port?: scalar|Param|null, // Default: 12201
+ *             chunk_size?: scalar|Param|null, // Default: 1420
+ *             encoder?: "json"|"compressed_json"|Param,
+ *         },
+ *         mongodb?: string|array{
+ *             id?: scalar|Param|null, // ID of a MongoDB\Client service
+ *             uri?: scalar|Param|null,
+ *             username?: scalar|Param|null,
+ *             password?: scalar|Param|null,
+ *             database?: scalar|Param|null, // Default: "monolog"
+ *             collection?: scalar|Param|null, // Default: "logs"
+ *         },
+ *         elasticsearch?: string|array{
+ *             id?: scalar|Param|null,
+ *             hosts?: list<scalar|Param|null>,
+ *             host?: scalar|Param|null,
+ *             port?: scalar|Param|null, // Default: 9200
+ *             transport?: scalar|Param|null, // Default: "Http"
+ *             user?: scalar|Param|null, // Default: null
+ *             password?: scalar|Param|null, // Default: null
+ *         },
+ *         index?: scalar|Param|null, // Default: "monolog"
+ *         document_type?: scalar|Param|null, // Default: "logs"
+ *         ignore_error?: scalar|Param|null, // Default: false
+ *         redis?: string|array{
+ *             id?: scalar|Param|null,
+ *             host?: scalar|Param|null,
+ *             password?: scalar|Param|null, // Default: null
+ *             port?: scalar|Param|null, // Default: 6379
+ *             database?: scalar|Param|null, // Default: 0
+ *             key_name?: scalar|Param|null, // Default: "monolog_redis"
+ *         },
+ *         predis?: string|array{
+ *             id?: scalar|Param|null,
+ *             host?: scalar|Param|null,
+ *         },
+ *         from_email?: scalar|Param|null,
+ *         to_email?: string|list<scalar|Param|null>,
+ *         subject?: scalar|Param|null,
+ *         content_type?: scalar|Param|null, // Default: null
+ *         headers?: list<scalar|Param|null>,
+ *         mailer?: scalar|Param|null, // Default: null
+ *         email_prototype?: string|array{
+ *             id?: scalar|Param|null,
+ *             method?: scalar|Param|null, // Default: null
+ *         },
+ *         verbosity_levels?: array{
+ *             VERBOSITY_QUIET?: scalar|Param|null, // Default: "ERROR"
+ *             VERBOSITY_NORMAL?: scalar|Param|null, // Default: "WARNING"
+ *             VERBOSITY_VERBOSE?: scalar|Param|null, // Default: "NOTICE"
+ *             VERBOSITY_VERY_VERBOSE?: scalar|Param|null, // Default: "INFO"
+ *             VERBOSITY_DEBUG?: scalar|Param|null, // Default: "DEBUG"
+ *         },
+ *         channels?: string|array{
+ *             type?: scalar|Param|null,
+ *             elements?: list<scalar|Param|null>,
+ *         },
+ *     }>,
  * }
  * @psalm-type DebugConfig = array{
  *     max_items?: int|Param, // Max number of displayed items past the first level, -1 means no limit. // Default: 2500
@@ -1557,52 +1557,52 @@ use Symfony\Component\Config\Loader\ParamConfigurator as Param;
  * }
  * @psalm-type LiipImagineConfig = array{
  *     resolvers?: array<string, array{ // Default: []
- *             web_path?: array{
- *                 web_root?: scalar|Param|null, // Default: "%kernel.project_dir%/public"
- *                 cache_prefix?: scalar|Param|null, // Default: "media/cache"
- *             },
- *             aws_s3?: array{
- *                 bucket?: scalar|Param|null,
- *                 cache?: scalar|Param|null, // Default: false
- *                 use_psr_cache?: bool|Param, // Default: false
- *                 acl?: scalar|Param|null, // Default: "public-read"
- *                 cache_prefix?: scalar|Param|null, // Default: ""
- *                 client_id?: scalar|Param|null, // Default: null
- *                 client_config?: list<mixed>,
- *                 get_options?: array<string, scalar|Param|null>,
- *                 put_options?: array<string, scalar|Param|null>,
- *                 proxies?: array<string, scalar|Param|null>,
- *             },
- *             flysystem?: array{
- *                 filesystem_service?: scalar|Param|null,
- *                 cache_prefix?: scalar|Param|null, // Default: ""
- *                 root_url?: scalar|Param|null,
- *                 visibility?: "public"|"private"|"noPredefinedVisibility"|Param, // Default: "public"
- *             },
- *         }>,
+ *         web_path?: array{
+ *             web_root?: scalar|Param|null, // Default: "%kernel.project_dir%/public"
+ *             cache_prefix?: scalar|Param|null, // Default: "media/cache"
+ *         },
+ *         aws_s3?: array{
+ *             bucket?: scalar|Param|null,
+ *             cache?: scalar|Param|null, // Default: false
+ *             use_psr_cache?: bool|Param, // Default: false
+ *             acl?: scalar|Param|null, // Default: "public-read"
+ *             cache_prefix?: scalar|Param|null, // Default: ""
+ *             client_id?: scalar|Param|null, // Default: null
+ *             client_config?: list<mixed>,
+ *             get_options?: array<string, scalar|Param|null>,
+ *             put_options?: array<string, scalar|Param|null>,
+ *             proxies?: array<string, scalar|Param|null>,
+ *         },
+ *         flysystem?: array{
+ *             filesystem_service?: scalar|Param|null,
+ *             cache_prefix?: scalar|Param|null, // Default: ""
+ *             root_url?: scalar|Param|null,
+ *             visibility?: "public"|"private"|"noPredefinedVisibility"|Param, // Default: "public"
+ *         },
+ *     }>,
  *     loaders?: array<string, array{ // Default: []
- *             stream?: array{
- *                 wrapper?: scalar|Param|null,
- *                 context?: scalar|Param|null, // Default: null
+ *         stream?: array{
+ *             wrapper?: scalar|Param|null,
+ *             context?: scalar|Param|null, // Default: null
+ *         },
+ *         filesystem?: array{
+ *             locator?: "filesystem"|"filesystem_insecure"|Param, // Using the "filesystem_insecure" locator is not recommended due to a less secure resolver mechanism, but is provided for those using heavily symlinked projects. // Default: "filesystem"
+ *             data_root?: string|list<scalar|Param|null>,
+ *             allow_unresolvable_data_roots?: bool|Param, // Default: false
+ *             bundle_resources?: array{
+ *                 enabled?: bool|Param, // Default: false
+ *                 access_control_type?: "blacklist"|"whitelist"|Param, // Sets the access control method applied to bundle names in "access_control_list" into a blacklist or whitelist. // Default: "blacklist"
+ *                 access_control_list?: list<scalar|Param|null>,
  *             },
- *             filesystem?: array{
- *                 locator?: "filesystem"|"filesystem_insecure"|Param, // Using the "filesystem_insecure" locator is not recommended due to a less secure resolver mechanism, but is provided for those using heavily symlinked projects. // Default: "filesystem"
- *                 data_root?: string|list<scalar|Param|null>,
- *                 allow_unresolvable_data_roots?: bool|Param, // Default: false
- *                 bundle_resources?: array{
- *                     enabled?: bool|Param, // Default: false
- *                     access_control_type?: "blacklist"|"whitelist"|Param, // Sets the access control method applied to bundle names in "access_control_list" into a blacklist or whitelist. // Default: "blacklist"
- *                     access_control_list?: list<scalar|Param|null>,
- *                 },
- *             },
- *             flysystem?: array{
- *                 filesystem_service?: scalar|Param|null,
- *             },
- *             asset_mapper?: array<mixed>,
- *             chain?: array{
- *                 loaders?: list<scalar|Param|null>,
- *             },
- *         }>,
+ *         },
+ *         flysystem?: array{
+ *             filesystem_service?: scalar|Param|null,
+ *         },
+ *         asset_mapper?: array<mixed>,
+ *         chain?: array{
+ *             loaders?: list<scalar|Param|null>,
+ *         },
+ *     }>,
  *     driver?: scalar|Param|null, // Default: "gd"
  *     cache?: scalar|Param|null, // Default: "default"
  *     cache_base_path?: scalar|Param|null, // Default: ""
@@ -1627,18 +1627,18 @@ use Symfony\Component\Config\Loader\ParamConfigurator as Param;
  *         redirect_response_code?: int|Param, // Default: 302
  *     },
  *     filter_sets?: array<string, array{ // Default: []
- *             quality?: scalar|Param|null,
- *             jpeg_quality?: scalar|Param|null,
- *             png_compression_level?: scalar|Param|null,
- *             png_compression_filter?: scalar|Param|null,
- *             format?: scalar|Param|null,
- *             animated?: bool|Param,
- *             cache?: scalar|Param|null,
- *             data_loader?: scalar|Param|null,
- *             default_image?: scalar|Param|null,
- *             filters?: array<string, array<string, mixed>>,
- *             post_processors?: array<string, array<string, mixed>>,
- *         }>,
+ *         quality?: scalar|Param|null,
+ *         jpeg_quality?: scalar|Param|null,
+ *         png_compression_level?: scalar|Param|null,
+ *         png_compression_filter?: scalar|Param|null,
+ *         format?: scalar|Param|null,
+ *         animated?: bool|Param,
+ *         cache?: scalar|Param|null,
+ *         data_loader?: scalar|Param|null,
+ *         default_image?: scalar|Param|null,
+ *         filters?: array<string, array<string, mixed>>,
+ *         post_processors?: array<string, array<string, mixed>>,
+ *     }>,
  *     twig?: array{
  *         mode?: "none"|"lazy"|"legacy"|Param, // Twig mode: none/lazy/legacy (default) // Default: "legacy"
  *         assets_version?: scalar|Param|null, // Default: null
@@ -1853,8 +1853,8 @@ use Symfony\Component\Config\Loader\ParamConfigurator as Param;
  *     clickjacking?: array{
  *         hosts?: list<scalar|Param|null>,
  *         paths?: array<string, array{ // Default: {"^/.*":{"header":"DENY"}}
- *                 header?: scalar|Param|null, // Default: "DENY"
- *             }>,
+ *             header?: scalar|Param|null, // Default: "DENY"
+ *         }>,
  *         content_types?: list<scalar|Param|null>,
  *     },
  *     external_redirects?: array{
@@ -2019,12 +2019,12 @@ use Symfony\Component\Config\Loader\ParamConfigurator as Param;
  *     cross_origin_isolation?: bool|array{
  *         enabled?: bool|Param, // Default: false
  *         paths?: array<string, array{ // Default: []
- *                 coep?: "unsafe-none"|"require-corp"|"credentialless"|Param, // Cross-Origin-Embedder-Policy (COEP) header value
- *                 coop?: "unsafe-none"|"same-origin-allow-popups"|"same-origin"|"noopener-allow-popups"|Param, // Cross-Origin-Opener-Policy (COOP) header value
- *                 corp?: "same-site"|"same-origin"|"cross-origin"|Param, // Cross-Origin-Resource-Policy (CORP) header value
- *                 report_only?: bool|Param, // Use Report-Only headers instead of enforcing (applies to COEP and COOP only) // Default: false
- *                 report_to?: scalar|Param|null, // Reporting endpoint name for violations (requires Reporting API configuration, applies to COEP and COOP only) // Default: null
- *             }>,
+ *             coep?: "unsafe-none"|"require-corp"|"credentialless"|Param, // Cross-Origin-Embedder-Policy (COEP) header value
+ *             coop?: "unsafe-none"|"same-origin-allow-popups"|"same-origin"|"noopener-allow-popups"|Param, // Cross-Origin-Opener-Policy (COOP) header value
+ *             corp?: "same-site"|"same-origin"|"cross-origin"|Param, // Cross-Origin-Resource-Policy (CORP) header value
+ *             report_only?: bool|Param, // Use Report-Only headers instead of enforcing (applies to COEP and COOP only) // Default: false
+ *             report_to?: scalar|Param|null, // Reporting endpoint name for violations (requires Reporting API configuration, applies to COEP and COOP only) // Default: null
+ *         }>,
  *     },
  * }
  * @psalm-type TurboConfig = array{
@@ -2099,31 +2099,31 @@ use Symfony\Component\Config\Loader\ParamConfigurator as Param;
  *     counter_checker?: scalar|Param|null, // This service will check if the counter is valid. By default it throws an exception (recommended). // Default: "Webauthn\\Counter\\ThrowExceptionIfInvalid"
  *     top_origin_validator?: scalar|Param|null, // For cross origin (e.g. iframe), this service will be in charge of verifying the top origin. // Default: null
  *     creation_profiles?: bool|array<string, array{ // Default: []
- *             rp?: array{
- *                 id?: scalar|Param|null, // Default: null
- *                 name?: scalar|Param|null, // Deprecated: The child node "name" at path "webauthn.creation_profiles..rp.name" is deprecated and will be removed in the next major release. // Default: ""
- *                 icon?: scalar|Param|null, // Deprecated: The child node "icon" at path "webauthn.creation_profiles..rp.icon" is deprecated and has no effect. // Default: null
- *             },
- *             challenge_length?: int|Param, // Default: 32
- *             timeout?: int|Param, // Default: null
- *             authenticator_selection_criteria?: array{
- *                 authenticator_attachment?: scalar|Param|null, // Default: null
- *                 require_resident_key?: bool|Param, // Default: false
- *                 user_verification?: scalar|Param|null, // Default: "preferred"
- *                 resident_key?: scalar|Param|null, // Default: "preferred"
- *             },
- *             extensions?: array<string, scalar|Param|null>,
- *             public_key_credential_parameters?: list<int|Param>,
- *             attestation_conveyance?: scalar|Param|null, // Default: "none"
- *             conditional_create?: bool|Param, // Enable Conditional Create (auto-register) for this profile. When true, user presence can be false after password authentication. See https://github.com/w3c/webauthn/wiki/Explainer:-Conditional-Create // Default: false
- *         }>,
- *     request_profiles?: bool|array<string, array{ // Default: []
- *             rp_id?: scalar|Param|null, // Default: null
- *             challenge_length?: int|Param, // Default: 32
- *             timeout?: int|Param, // Default: null
+ *         rp?: array{
+ *             id?: scalar|Param|null, // Default: null
+ *             name?: scalar|Param|null, // Deprecated: The child node "name" at path "webauthn.creation_profiles..rp.name" is deprecated and will be removed in the next major release. // Default: ""
+ *             icon?: scalar|Param|null, // Deprecated: The child node "icon" at path "webauthn.creation_profiles..rp.icon" is deprecated and has no effect. // Default: null
+ *         },
+ *         challenge_length?: int|Param, // Default: 32
+ *         timeout?: int|Param, // Default: null
+ *         authenticator_selection_criteria?: array{
+ *             authenticator_attachment?: scalar|Param|null, // Default: null
+ *             require_resident_key?: bool|Param, // Default: false
  *             user_verification?: scalar|Param|null, // Default: "preferred"
- *             extensions?: array<string, scalar|Param|null>,
- *         }>,
+ *             resident_key?: scalar|Param|null, // Default: "preferred"
+ *         },
+ *         extensions?: array<string, scalar|Param|null>,
+ *         public_key_credential_parameters?: list<int|Param>,
+ *         attestation_conveyance?: scalar|Param|null, // Default: "none"
+ *         conditional_create?: bool|Param, // Enable Conditional Create (auto-register) for this profile. When true, user presence can be false after password authentication. See https://github.com/w3c/webauthn/wiki/Explainer:-Conditional-Create // Default: false
+ *     }>,
+ *     request_profiles?: bool|array<string, array{ // Default: []
+ *         rp_id?: scalar|Param|null, // Default: null
+ *         challenge_length?: int|Param, // Default: 32
+ *         timeout?: int|Param, // Default: null
+ *         user_verification?: scalar|Param|null, // Default: "preferred"
+ *         extensions?: array<string, scalar|Param|null>,
+ *     }>,
  *     client_override_policy?: array{ // Configuration for allowing client request values to override profile configuration
  *         user_verification?: array{
  *             enabled?: bool|Param, // Whether to allow client requests to override the user verification requirement // Default: false
@@ -2158,39 +2158,39 @@ use Symfony\Component\Config\Loader\ParamConfigurator as Param;
  *     controllers?: bool|array{
  *         enabled?: bool|Param, // Default: false
  *         creation?: array<string, array{ // Default: []
- *                 options_method?: scalar|Param|null, // Default: "POST"
- *                 options_path?: scalar|Param|null,
- *                 result_method?: scalar|Param|null, // Default: "POST"
- *                 result_path?: scalar|Param|null, // Default: null
- *                 host?: scalar|Param|null, // Default: null
- *                 profile?: scalar|Param|null, // Default: "default"
- *                 options_builder?: scalar|Param|null, // When set, corresponds to the ID of the Public Key Credential Creation Builder. The profile-based ebuilder is ignored. // Default: null
- *                 user_entity_guesser?: scalar|Param|null,
- *                 hide_existing_credentials?: scalar|Param|null, // In order to prevent username enumeration, the existing credentials can be hidden. This is highly recommended when the attestation ceremony is performed by anonymous users. // Default: false
- *                 options_storage?: scalar|Param|null, // Deprecated: The child node "options_storage" at path "webauthn.controllers.creation..options_storage" is deprecated. Please use the root option "options_storage" instead. // Service responsible of the options/user entity storage during the ceremony // Default: null
- *                 success_handler?: scalar|Param|null, // Default: "Webauthn\\Bundle\\Service\\DefaultSuccessHandler"
- *                 failure_handler?: scalar|Param|null, // Default: "Webauthn\\Bundle\\Service\\DefaultFailureHandler"
- *                 options_handler?: scalar|Param|null, // Default: "Webauthn\\Bundle\\Security\\Handler\\DefaultCreationOptionsHandler"
- *                 allowed_origins?: array<string, scalar|Param|null>,
- *                 allow_subdomains?: bool|Param, // Default: false
- *                 secured_rp_ids?: array<string, scalar|Param|null>,
- *             }>,
+ *             options_method?: scalar|Param|null, // Default: "POST"
+ *             options_path?: scalar|Param|null,
+ *             result_method?: scalar|Param|null, // Default: "POST"
+ *             result_path?: scalar|Param|null, // Default: null
+ *             host?: scalar|Param|null, // Default: null
+ *             profile?: scalar|Param|null, // Default: "default"
+ *             options_builder?: scalar|Param|null, // When set, corresponds to the ID of the Public Key Credential Creation Builder. The profile-based ebuilder is ignored. // Default: null
+ *             user_entity_guesser?: scalar|Param|null,
+ *             hide_existing_credentials?: scalar|Param|null, // In order to prevent username enumeration, the existing credentials can be hidden. This is highly recommended when the attestation ceremony is performed by anonymous users. // Default: false
+ *             options_storage?: scalar|Param|null, // Deprecated: The child node "options_storage" at path "webauthn.controllers.creation..options_storage" is deprecated. Please use the root option "options_storage" instead. // Service responsible of the options/user entity storage during the ceremony // Default: null
+ *             success_handler?: scalar|Param|null, // Default: "Webauthn\\Bundle\\Service\\DefaultSuccessHandler"
+ *             failure_handler?: scalar|Param|null, // Default: "Webauthn\\Bundle\\Service\\DefaultFailureHandler"
+ *             options_handler?: scalar|Param|null, // Default: "Webauthn\\Bundle\\Security\\Handler\\DefaultCreationOptionsHandler"
+ *             allowed_origins?: array<string, scalar|Param|null>,
+ *             allow_subdomains?: bool|Param, // Default: false
+ *             secured_rp_ids?: array<string, scalar|Param|null>,
+ *         }>,
  *         request?: array<string, array{ // Default: []
- *                 options_method?: scalar|Param|null, // Default: "POST"
- *                 options_path?: scalar|Param|null,
- *                 result_method?: scalar|Param|null, // Default: "POST"
- *                 result_path?: scalar|Param|null, // Default: null
- *                 host?: scalar|Param|null, // Default: null
- *                 profile?: scalar|Param|null, // Default: "default"
- *                 options_builder?: scalar|Param|null, // When set, corresponds to the ID of the Public Key Credential Creation Builder. The profile-based ebuilder is ignored. // Default: null
- *                 options_storage?: scalar|Param|null, // Deprecated: The child node "options_storage" at path "webauthn.controllers.request..options_storage" is deprecated. Please use the root option "options_storage" instead. // Service responsible of the options/user entity storage during the ceremony // Default: null
- *                 success_handler?: scalar|Param|null, // Default: "Webauthn\\Bundle\\Service\\DefaultSuccessHandler"
- *                 failure_handler?: scalar|Param|null, // Default: "Webauthn\\Bundle\\Service\\DefaultFailureHandler"
- *                 options_handler?: scalar|Param|null, // Default: "Webauthn\\Bundle\\Security\\Handler\\DefaultRequestOptionsHandler"
- *                 allowed_origins?: array<string, scalar|Param|null>,
- *                 allow_subdomains?: bool|Param, // Default: false
- *                 secured_rp_ids?: array<string, scalar|Param|null>,
- *             }>,
+ *             options_method?: scalar|Param|null, // Default: "POST"
+ *             options_path?: scalar|Param|null,
+ *             result_method?: scalar|Param|null, // Default: "POST"
+ *             result_path?: scalar|Param|null, // Default: null
+ *             host?: scalar|Param|null, // Default: null
+ *             profile?: scalar|Param|null, // Default: "default"
+ *             options_builder?: scalar|Param|null, // When set, corresponds to the ID of the Public Key Credential Creation Builder. The profile-based ebuilder is ignored. // Default: null
+ *             options_storage?: scalar|Param|null, // Deprecated: The child node "options_storage" at path "webauthn.controllers.request..options_storage" is deprecated. Please use the root option "options_storage" instead. // Service responsible of the options/user entity storage during the ceremony // Default: null
+ *             success_handler?: scalar|Param|null, // Default: "Webauthn\\Bundle\\Service\\DefaultSuccessHandler"
+ *             failure_handler?: scalar|Param|null, // Default: "Webauthn\\Bundle\\Service\\DefaultFailureHandler"
+ *             options_handler?: scalar|Param|null, // Default: "Webauthn\\Bundle\\Security\\Handler\\DefaultRequestOptionsHandler"
+ *             allowed_origins?: array<string, scalar|Param|null>,
+ *             allow_subdomains?: bool|Param, // Default: false
+ *             secured_rp_ids?: array<string, scalar|Param|null>,
+ *         }>,
  *     },
  *     passkey_endpoints?: bool|array{ // Enable the .well-known/passkey-endpoints discovery endpoint as defined in the W3C Passkey Endpoints specification.
  *         enabled?: bool|Param, // Default: false
@@ -2210,109 +2210,109 @@ use Symfony\Component\Config\Loader\ParamConfigurator as Param;
  * }
  * @psalm-type NbgrpOneloginSamlConfig = array{ // nb:group OneLogin PHP Symfony Bundle configuration
  *     onelogin_settings?: array<string, array{ // Default: []
- *             baseurl?: scalar|Param|null, // Default: "<request_scheme_and_host>/saml/"
- *             strict?: bool|Param,
- *             debug?: bool|Param,
- *             idp?: array{
- *                 entityId?: scalar|Param|null,
- *                 singleSignOnService?: array{
- *                     url?: scalar|Param|null,
- *                     binding?: scalar|Param|null,
- *                 },
- *                 singleLogoutService?: array{
- *                     url?: scalar|Param|null,
- *                     responseUrl?: scalar|Param|null,
- *                     binding?: scalar|Param|null,
- *                 },
- *                 x509cert?: scalar|Param|null,
- *                 certFingerprint?: scalar|Param|null,
- *                 certFingerprintAlgorithm?: "sha1"|"sha256"|"sha384"|"sha512"|Param,
- *                 x509certMulti?: array{
- *                     signing?: list<scalar|Param|null>,
- *                     encryption?: list<scalar|Param|null>,
- *                 },
+ *         baseurl?: scalar|Param|null, // Default: "<request_scheme_and_host>/saml/"
+ *         strict?: bool|Param,
+ *         debug?: bool|Param,
+ *         idp?: array{
+ *             entityId?: scalar|Param|null,
+ *             singleSignOnService?: array{
+ *                 url?: scalar|Param|null,
+ *                 binding?: scalar|Param|null,
  *             },
- *             sp?: array{
- *                 entityId?: scalar|Param|null, // Default: "<request_scheme_and_host>/saml/metadata"
- *                 assertionConsumerService?: array{
- *                     url?: scalar|Param|null, // Default: "<request_scheme_and_host>/saml/acs"
- *                     binding?: scalar|Param|null,
- *                 },
- *                 attributeConsumingService?: array{
- *                     serviceName?: scalar|Param|null,
- *                     serviceDescription?: scalar|Param|null,
- *                     requestedAttributes?: list<array{ // Default: []
- *                             name?: scalar|Param|null,
- *                             isRequired?: bool|Param, // Default: false
- *                             nameFormat?: scalar|Param|null,
- *                             friendlyName?: scalar|Param|null,
- *                             attributeValue?: array<mixed>,
- *                         }>,
- *                 },
- *                 singleLogoutService?: array{
- *                     url?: scalar|Param|null, // Default: "<request_scheme_and_host>/saml/logout"
- *                     binding?: scalar|Param|null,
- *                 },
- *                 NameIDFormat?: scalar|Param|null,
- *                 x509cert?: scalar|Param|null,
- *                 privateKey?: scalar|Param|null,
- *                 x509certNew?: scalar|Param|null,
+ *             singleLogoutService?: array{
+ *                 url?: scalar|Param|null,
+ *                 responseUrl?: scalar|Param|null,
+ *                 binding?: scalar|Param|null,
  *             },
- *             compress?: array{
- *                 requests?: bool|Param,
- *                 responses?: bool|Param,
+ *             x509cert?: scalar|Param|null,
+ *             certFingerprint?: scalar|Param|null,
+ *             certFingerprintAlgorithm?: "sha1"|"sha256"|"sha384"|"sha512"|Param,
+ *             x509certMulti?: array{
+ *                 signing?: list<scalar|Param|null>,
+ *                 encryption?: list<scalar|Param|null>,
  *             },
- *             security?: array{
- *                 nameIdEncrypted?: bool|Param,
- *                 authnRequestsSigned?: bool|Param,
- *                 logoutRequestSigned?: bool|Param,
- *                 logoutResponseSigned?: bool|Param,
- *                 signMetadata?: bool|Param,
- *                 wantMessagesSigned?: bool|Param,
- *                 wantAssertionsEncrypted?: bool|Param,
- *                 wantAssertionsSigned?: bool|Param,
- *                 wantNameId?: bool|Param,
- *                 wantNameIdEncrypted?: bool|Param,
- *                 requestedAuthnContext?: mixed,
- *                 requestedAuthnContextComparison?: "exact"|"minimum"|"maximum"|"better"|Param,
- *                 wantXMLValidation?: bool|Param,
- *                 relaxDestinationValidation?: bool|Param,
- *                 destinationStrictlyMatches?: bool|Param,
- *                 allowRepeatAttributeName?: bool|Param,
- *                 rejectUnsolicitedResponsesWithInResponseTo?: bool|Param,
- *                 signatureAlgorithm?: "http://www.w3.org/2000/09/xmldsig#rsa-sha1"|"http://www.w3.org/2000/09/xmldsig#dsa-sha1"|"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"|"http://www.w3.org/2001/04/xmldsig-more#rsa-sha384"|"http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"|Param,
- *                 digestAlgorithm?: "http://www.w3.org/2000/09/xmldsig#sha1"|"http://www.w3.org/2001/04/xmlenc#sha256"|"http://www.w3.org/2001/04/xmldsig-more#sha384"|"http://www.w3.org/2001/04/xmlenc#sha512"|Param,
- *                 encryption_algorithm?: "http://www.w3.org/2001/04/xmlenc#tripledes-cbc"|"http://www.w3.org/2001/04/xmlenc#aes128-cbc"|"http://www.w3.org/2001/04/xmlenc#aes192-cbc"|"http://www.w3.org/2001/04/xmlenc#aes256-cbc"|"http://www.w3.org/2009/xmlenc11#aes128-gcm"|"http://www.w3.org/2009/xmlenc11#aes192-gcm"|"http://www.w3.org/2009/xmlenc11#aes256-gcm"|Param,
- *                 lowercaseUrlencoding?: bool|Param,
+ *         },
+ *         sp?: array{
+ *             entityId?: scalar|Param|null, // Default: "<request_scheme_and_host>/saml/metadata"
+ *             assertionConsumerService?: array{
+ *                 url?: scalar|Param|null, // Default: "<request_scheme_and_host>/saml/acs"
+ *                 binding?: scalar|Param|null,
  *             },
- *             contactPerson?: array{
- *                 technical?: array{
- *                     givenName?: scalar|Param|null,
- *                     emailAddress?: scalar|Param|null,
- *                 },
- *                 support?: array{
- *                     givenName?: scalar|Param|null,
- *                     emailAddress?: scalar|Param|null,
- *                 },
- *                 administrative?: array{
- *                     givenName?: scalar|Param|null,
- *                     emailAddress?: scalar|Param|null,
- *                 },
- *                 billing?: array{
- *                     givenName?: scalar|Param|null,
- *                     emailAddress?: scalar|Param|null,
- *                 },
- *                 other?: array{
- *                     givenName?: scalar|Param|null,
- *                     emailAddress?: scalar|Param|null,
- *                 },
- *             },
- *             organization?: list<array{ // Default: []
+ *             attributeConsumingService?: array{
+ *                 serviceName?: scalar|Param|null,
+ *                 serviceDescription?: scalar|Param|null,
+ *                 requestedAttributes?: list<array{ // Default: []
  *                     name?: scalar|Param|null,
- *                     displayname?: scalar|Param|null,
- *                     url?: scalar|Param|null,
+ *                     isRequired?: bool|Param, // Default: false
+ *                     nameFormat?: scalar|Param|null,
+ *                     friendlyName?: scalar|Param|null,
+ *                     attributeValue?: array<mixed>,
  *                 }>,
+ *             },
+ *             singleLogoutService?: array{
+ *                 url?: scalar|Param|null, // Default: "<request_scheme_and_host>/saml/logout"
+ *                 binding?: scalar|Param|null,
+ *             },
+ *             NameIDFormat?: scalar|Param|null,
+ *             x509cert?: scalar|Param|null,
+ *             privateKey?: scalar|Param|null,
+ *             x509certNew?: scalar|Param|null,
+ *         },
+ *         compress?: array{
+ *             requests?: bool|Param,
+ *             responses?: bool|Param,
+ *         },
+ *         security?: array{
+ *             nameIdEncrypted?: bool|Param,
+ *             authnRequestsSigned?: bool|Param,
+ *             logoutRequestSigned?: bool|Param,
+ *             logoutResponseSigned?: bool|Param,
+ *             signMetadata?: bool|Param,
+ *             wantMessagesSigned?: bool|Param,
+ *             wantAssertionsEncrypted?: bool|Param,
+ *             wantAssertionsSigned?: bool|Param,
+ *             wantNameId?: bool|Param,
+ *             wantNameIdEncrypted?: bool|Param,
+ *             requestedAuthnContext?: mixed,
+ *             requestedAuthnContextComparison?: "exact"|"minimum"|"maximum"|"better"|Param,
+ *             wantXMLValidation?: bool|Param,
+ *             relaxDestinationValidation?: bool|Param,
+ *             destinationStrictlyMatches?: bool|Param,
+ *             allowRepeatAttributeName?: bool|Param,
+ *             rejectUnsolicitedResponsesWithInResponseTo?: bool|Param,
+ *             signatureAlgorithm?: "http://www.w3.org/2000/09/xmldsig#rsa-sha1"|"http://www.w3.org/2000/09/xmldsig#dsa-sha1"|"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"|"http://www.w3.org/2001/04/xmldsig-more#rsa-sha384"|"http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"|Param,
+ *             digestAlgorithm?: "http://www.w3.org/2000/09/xmldsig#sha1"|"http://www.w3.org/2001/04/xmlenc#sha256"|"http://www.w3.org/2001/04/xmldsig-more#sha384"|"http://www.w3.org/2001/04/xmlenc#sha512"|Param,
+ *             encryption_algorithm?: "http://www.w3.org/2001/04/xmlenc#tripledes-cbc"|"http://www.w3.org/2001/04/xmlenc#aes128-cbc"|"http://www.w3.org/2001/04/xmlenc#aes192-cbc"|"http://www.w3.org/2001/04/xmlenc#aes256-cbc"|"http://www.w3.org/2009/xmlenc11#aes128-gcm"|"http://www.w3.org/2009/xmlenc11#aes192-gcm"|"http://www.w3.org/2009/xmlenc11#aes256-gcm"|Param,
+ *             lowercaseUrlencoding?: bool|Param,
+ *         },
+ *         contactPerson?: array{
+ *             technical?: array{
+ *                 givenName?: scalar|Param|null,
+ *                 emailAddress?: scalar|Param|null,
+ *             },
+ *             support?: array{
+ *                 givenName?: scalar|Param|null,
+ *                 emailAddress?: scalar|Param|null,
+ *             },
+ *             administrative?: array{
+ *                 givenName?: scalar|Param|null,
+ *                 emailAddress?: scalar|Param|null,
+ *             },
+ *             billing?: array{
+ *                 givenName?: scalar|Param|null,
+ *                 emailAddress?: scalar|Param|null,
+ *             },
+ *             other?: array{
+ *                 givenName?: scalar|Param|null,
+ *                 emailAddress?: scalar|Param|null,
+ *             },
+ *         },
+ *         organization?: list<array{ // Default: []
+ *             name?: scalar|Param|null,
+ *             displayname?: scalar|Param|null,
+ *             url?: scalar|Param|null,
  *         }>,
+ *     }>,
  *     use_proxy_vars?: bool|Param, // Default: false
  *     idp_parameter_name?: scalar|Param|null, // Default: "idp"
  *     entity_manager_name?: scalar|Param|null,
@@ -2346,11 +2346,11 @@ use Symfony\Component\Config\Loader\ParamConfigurator as Param;
  *     },
  *     auto_install?: bool|Param, // Default: false
  *     fonts?: list<array{ // Default: []
- *             normal?: scalar|Param|null,
- *             bold?: scalar|Param|null,
- *             italic?: scalar|Param|null,
- *             bold_italic?: scalar|Param|null,
- *         }>,
+ *         normal?: scalar|Param|null,
+ *         bold?: scalar|Param|null,
+ *         italic?: scalar|Param|null,
+ *         bold_italic?: scalar|Param|null,
+ *     }>,
  * }
  * @psalm-type KnpuOauth2ClientConfig = array{
  *     http_client?: scalar|Param|null, // Service id of HTTP client to use (must implement GuzzleHttp\ClientInterface) // Default: null
@@ -2376,18 +2376,18 @@ use Symfony\Component\Config\Loader\ParamConfigurator as Param;
  *         skip_same_as_origin?: bool|Param, // Default: true
  *     },
  *     paths?: array<string, array{ // Default: []
- *             allow_credentials?: bool|Param,
- *             allow_origin?: list<scalar|Param|null>,
- *             allow_headers?: list<scalar|Param|null>,
- *             allow_methods?: list<scalar|Param|null>,
- *             allow_private_network?: bool|Param,
- *             expose_headers?: list<scalar|Param|null>,
- *             max_age?: scalar|Param|null, // Default: 0
- *             hosts?: list<scalar|Param|null>,
- *             origin_regex?: bool|Param,
- *             forced_allow_origin_value?: scalar|Param|null, // Default: null
- *             skip_same_as_origin?: bool|Param,
- *         }>,
+ *         allow_credentials?: bool|Param,
+ *         allow_origin?: list<scalar|Param|null>,
+ *         allow_headers?: list<scalar|Param|null>,
+ *         allow_methods?: list<scalar|Param|null>,
+ *         allow_private_network?: bool|Param,
+ *         expose_headers?: list<scalar|Param|null>,
+ *         max_age?: scalar|Param|null, // Default: 0
+ *         hosts?: list<scalar|Param|null>,
+ *         origin_regex?: bool|Param,
+ *         forced_allow_origin_value?: scalar|Param|null, // Default: null
+ *         skip_same_as_origin?: bool|Param,
+ *     }>,
  * }
  * @psalm-type JbtronicsSettingsConfig = array{
  *     search_paths?: list<scalar|Param|null>,
@@ -2518,13 +2518,13 @@ use Symfony\Component\Config\Loader\ParamConfigurator as Param;
  *         persist_authorization?: bool|Param, // Persist the SwaggerUI Authorization in the localStorage. // Default: false
  *         versions?: list<scalar|Param|null>,
  *         api_keys?: array<string, array{ // Default: []
- *                 name?: scalar|Param|null, // The name of the header or query parameter containing the api key.
- *                 type?: "query"|"header"|Param, // Whether the api key should be a query parameter or a header.
- *             }>,
+ *             name?: scalar|Param|null, // The name of the header or query parameter containing the api key.
+ *             type?: "query"|"header"|Param, // Whether the api key should be a query parameter or a header.
+ *         }>,
  *         http_auth?: array<string, array{ // Default: []
- *                 scheme?: scalar|Param|null, // The OpenAPI HTTP auth scheme, for example "bearer"
- *                 bearerFormat?: scalar|Param|null, // The OpenAPI HTTP bearer format
- *             }>,
+ *             scheme?: scalar|Param|null, // The OpenAPI HTTP auth scheme, for example "bearer"
+ *             bearerFormat?: scalar|Param|null, // The OpenAPI HTTP bearer format
+ *         }>,
  *         swagger_ui_extra_configuration?: mixed, // To pass extra configuration to Swagger UI, like docExpansion or filter. // Default: []
  *     },
  *     http_cache?: array{
@@ -2565,9 +2565,9 @@ use Symfony\Component\Config\Loader\ParamConfigurator as Param;
  *         },
  *         termsOfService?: scalar|Param|null, // A URL to the Terms of Service for the API. MUST be in the format of a URL. // Default: null
  *         tags?: list<array{ // Default: []
- *                 name?: scalar|Param|null,
- *                 description?: scalar|Param|null, // Default: null
- *             }>,
+ *             name?: scalar|Param|null,
+ *             description?: scalar|Param|null, // Default: null
+ *         }>,
  *         license?: array{
  *             name?: scalar|Param|null, // The license name used for the API. // Default: null
  *             url?: scalar|Param|null, // URL to the license used for the API. MUST be in the format of a URL. // Default: null
@@ -2589,17 +2589,17 @@ use Symfony\Component\Config\Loader\ParamConfigurator as Param;
  *     },
  *     exception_to_status?: array<string, int|Param>,
  *     formats?: array<string, array{ // Default: {"jsonld":{"mime_types":["application/ld+json"]}}
- *             mime_types?: list<scalar|Param|null>,
- *         }>,
+ *         mime_types?: list<scalar|Param|null>,
+ *     }>,
  *     patch_formats?: array<string, array{ // Default: {"json":{"mime_types":["application/merge-patch+json"]}}
- *             mime_types?: list<scalar|Param|null>,
- *         }>,
+ *         mime_types?: list<scalar|Param|null>,
+ *     }>,
  *     docs_formats?: array<string, array{ // Default: {"jsonld":{"mime_types":["application/ld+json"]},"jsonopenapi":{"mime_types":["application/vnd.openapi+json"]},"html":{"mime_types":["text/html"]},"yamlopenapi":{"mime_types":["application/vnd.openapi+yaml"]}}
- *             mime_types?: list<scalar|Param|null>,
- *         }>,
+ *         mime_types?: list<scalar|Param|null>,
+ *     }>,
  *     error_formats?: array<string, array{ // Default: {"jsonld":{"mime_types":["application/ld+json"]},"jsonproblem":{"mime_types":["application/problem+json"]},"json":{"mime_types":["application/problem+json","application/json"]}}
- *             mime_types?: list<scalar|Param|null>,
- *         }>,
+ *         mime_types?: list<scalar|Param|null>,
+ *     }>,
  *     jsonschema_formats?: list<scalar|Param|null>,
  *     defaults?: array{
  *         uri_template?: mixed,
@@ -2671,30 +2671,30 @@ use Symfony\Component\Config\Loader\ParamConfigurator as Param;
  *         policy?: mixed,
  *         middleware?: mixed,
  *         parameters?: array<string, array{ // Default: []
- *                 key?: mixed,
- *                 schema?: mixed,
- *                 open_api?: mixed,
- *                 provider?: mixed,
- *                 filter?: mixed,
- *                 property?: mixed,
- *                 description?: mixed,
- *                 properties?: mixed,
- *                 required?: mixed,
- *                 priority?: mixed,
- *                 hydra?: mixed,
- *                 constraints?: mixed,
- *                 security?: mixed,
- *                 security_message?: mixed,
- *                 extra_properties?: mixed,
- *                 filter_context?: mixed,
- *                 native_type?: mixed,
- *                 cast_to_array?: mixed,
- *                 cast_to_native_type?: mixed,
- *                 cast_fn?: mixed,
- *                 default?: mixed,
- *                 filter_class?: mixed,
- *                 ...<string, mixed>
- *             }>,
+ *             key?: mixed,
+ *             schema?: mixed,
+ *             open_api?: mixed,
+ *             provider?: mixed,
+ *             filter?: mixed,
+ *             property?: mixed,
+ *             description?: mixed,
+ *             properties?: mixed,
+ *             required?: mixed,
+ *             priority?: mixed,
+ *             hydra?: mixed,
+ *             constraints?: mixed,
+ *             security?: mixed,
+ *             security_message?: mixed,
+ *             extra_properties?: mixed,
+ *             filter_context?: mixed,
+ *             native_type?: mixed,
+ *             cast_to_array?: mixed,
+ *             cast_to_native_type?: mixed,
+ *             cast_fn?: mixed,
+ *             default?: mixed,
+ *             filter_class?: mixed,
+ *             ...<string, mixed>
+ *         }>,
  *         strict_query_parameter_validation?: mixed,
  *         hide_hydra_operation?: mixed,
  *         json_stream?: mixed,
@@ -2735,22 +2735,22 @@ use Symfony\Component\Config\Loader\ParamConfigurator as Param;
  *             cache_retention?: "none"|"short"|"long"|Param, // Prompt cache retention policy for Anthropic models // Default: "short"
  *         },
  *         azure?: array<string, array{ // Default: []
- *                 api_key?: string|Param,
- *                 base_url?: string|Param,
- *                 deployment?: string|Param,
- *                 api_version?: string|Param, // The used API version
- *                 http_client?: string|Param, // Service ID of the HTTP client to use // Default: "http_client"
- *             }>,
+ *             api_key?: string|Param,
+ *             base_url?: string|Param,
+ *             deployment?: string|Param,
+ *             api_version?: string|Param, // The used API version
+ *             http_client?: string|Param, // Service ID of the HTTP client to use // Default: "http_client"
+ *         }>,
  *         bedrock?: array<string, array{ // Default: []
- *                 bedrock_runtime_client?: string|Param, // Service ID of the Bedrock runtime client to use // Default: null
- *                 model_catalog?: string|Param, // Default: null
- *             }>,
+ *             bedrock_runtime_client?: string|Param, // Service ID of the Bedrock runtime client to use // Default: null
+ *             model_catalog?: string|Param, // Default: null
+ *         }>,
  *         cache?: array<string, array{ // Default: []
- *                 platform?: string|Param,
- *                 service?: string|Param, // The cache service id as defined under the "cache" configuration key // Default: "cache.app"
- *                 cache_key?: string|Param, // Key used to store platform results, if not set, the current platform name will be used, the "prompt_cache_key" can be set during platform call to override this value
- *                 ttl?: int|Param,
- *             }>,
+ *             platform?: string|Param,
+ *             service?: string|Param, // The cache service id as defined under the "cache" configuration key // Default: "cache.app"
+ *             cache_key?: string|Param, // Key used to store platform results, if not set, the current platform name will be used, the "prompt_cache_key" can be set during platform call to override this value
+ *             ttl?: int|Param,
+ *         }>,
  *         cartesia?: array{
  *             api_key?: string|Param,
  *             version?: string|Param,
@@ -2783,23 +2783,23 @@ use Symfony\Component\Config\Loader\ParamConfigurator as Param;
  *             http_client?: string|Param, // Service ID of the HTTP client to use // Default: "http_client"
  *         },
  *         failover?: array<string, array{ // Default: []
- *                 platforms?: list<scalar|Param|null>,
- *                 rate_limiter?: string|Param,
- *             }>,
+ *             platforms?: list<scalar|Param|null>,
+ *             rate_limiter?: string|Param,
+ *         }>,
  *         gemini?: array{
  *             api_key?: string|Param,
  *             http_client?: string|Param, // Service ID of the HTTP client to use // Default: "http_client"
  *         },
  *         generic?: array<string, array{ // Default: []
- *                 base_url?: string|Param,
- *                 api_key?: string|Param,
- *                 http_client?: string|Param, // Service ID of the HTTP client to use // Default: "http_client"
- *                 model_catalog?: string|Param, // Service ID of the model catalog to use
- *                 supports_completions?: bool|Param, // Default: true
- *                 supports_embeddings?: bool|Param, // Default: true
- *                 completions_path?: string|Param, // Default: "/v1/chat/completions"
- *                 embeddings_path?: string|Param, // Default: "/v1/embeddings"
- *             }>,
+ *             base_url?: string|Param,
+ *             api_key?: string|Param,
+ *             http_client?: string|Param, // Service ID of the HTTP client to use // Default: "http_client"
+ *             model_catalog?: string|Param, // Service ID of the model catalog to use
+ *             supports_completions?: bool|Param, // Default: true
+ *             supports_embeddings?: bool|Param, // Default: true
+ *             completions_path?: string|Param, // Default: "/v1/chat/completions"
+ *             embeddings_path?: string|Param, // Default: "/v1/embeddings"
+ *         }>,
  *         huggingface?: array{
  *             api_key?: string|Param,
  *             provider?: string|Param, // Default: "hf-inference"
@@ -2852,328 +2852,328 @@ use Symfony\Component\Config\Loader\ParamConfigurator as Param;
  *         },
  *     },
  *     model?: array<string, array<string, array{ // Default: []
- *                 class?: string|Param, // The fully qualified class name of the model (must extend Symfony\AI\Platform\Model) // Default: "Symfony\\AI\\Platform\\Model"
- *                 capabilities?: list<value-of<\Symfony\AI\Platform\Capability>|\Symfony\AI\Platform\Capability|Param>,
- *             }>>,
+ *         class?: string|Param, // The fully qualified class name of the model (must extend Symfony\AI\Platform\Model) // Default: "Symfony\\AI\\Platform\\Model"
+ *         capabilities?: list<value-of<\Symfony\AI\Platform\Capability>|\Symfony\AI\Platform\Capability|Param>,
+ *     }>>,
  *     agent?: array<string, array{ // Default: []
- *             platform?: string|Param, // Service name of platform // Default: "Symfony\\AI\\Platform\\PlatformInterface"
- *             model?: mixed,
- *             memory?: mixed, // Memory configuration: string for static memory, or array with "service" key for service reference // Default: null
- *             prompt?: string|array{ // The system prompt configuration
- *                 text?: string|Param, // The system prompt text
- *                 file?: string|Param, // Path to file containing the system prompt
- *                 include_tools?: bool|Param, // Include tool definitions at the end of the system prompt // Default: false
- *                 enable_translation?: bool|Param, // Enable translation for the system prompt // Default: false
- *                 translation_domain?: string|Param, // The translation domain for the system prompt // Default: null
- *             },
- *             tools?: bool|array{
- *                 enabled?: bool|Param, // Default: true
- *                 services?: list<string|array{ // Default: []
- *                         service?: string|Param,
- *                         agent?: string|Param,
- *                         name?: string|Param,
- *                         description?: string|Param,
- *                         method?: string|Param,
- *                     }>,
- *             },
- *             keep_tool_messages?: bool|Param, // Keep tool messages in the conversation history // Default: false
- *             include_sources?: bool|Param, // Include sources exposed by tools as part of the tool result metadata // Default: false
- *             fault_tolerant_toolbox?: bool|Param, // Continue the agent run even if a tool call fails // Default: true
- *             speech?: bool|array{ // Speech (TTS/STT) decorator configuration
- *                 enabled?: bool|Param, // Default: true
- *                 text_to_speech_platform?: string|Param, // Service name of the TTS platform (e.g. ai.platform.elevenlabs). // Default: null
- *                 speech_to_text_platform?: string|Param, // Service name of the STT platform (e.g. ai.platform.openai). // Default: null
- *                 tts_model?: string|Param, // Text-to-speech model name // Default: null
- *                 tts_options?: mixed, // Provider-specific TTS options // Default: []
- *                 stt_model?: string|Param, // Speech-to-text model name // Default: null
- *                 stt_options?: mixed, // Provider-specific STT options // Default: []
- *             },
- *         }>,
+ *         platform?: string|Param, // Service name of platform // Default: "Symfony\\AI\\Platform\\PlatformInterface"
+ *         model?: mixed,
+ *         memory?: mixed, // Memory configuration: string for static memory, or array with "service" key for service reference // Default: null
+ *         prompt?: string|array{ // The system prompt configuration
+ *             text?: string|Param, // The system prompt text
+ *             file?: string|Param, // Path to file containing the system prompt
+ *             include_tools?: bool|Param, // Include tool definitions at the end of the system prompt // Default: false
+ *             enable_translation?: bool|Param, // Enable translation for the system prompt // Default: false
+ *             translation_domain?: string|Param, // The translation domain for the system prompt // Default: null
+ *         },
+ *         tools?: bool|array{
+ *             enabled?: bool|Param, // Default: true
+ *             services?: list<string|array{ // Default: []
+ *                 service?: string|Param,
+ *                 agent?: string|Param,
+ *                 name?: string|Param,
+ *                 description?: string|Param,
+ *                 method?: string|Param,
+ *             }>,
+ *         },
+ *         keep_tool_messages?: bool|Param, // Keep tool messages in the conversation history // Default: false
+ *         include_sources?: bool|Param, // Include sources exposed by tools as part of the tool result metadata // Default: false
+ *         fault_tolerant_toolbox?: bool|Param, // Continue the agent run even if a tool call fails // Default: true
+ *         speech?: bool|array{ // Speech (TTS/STT) decorator configuration
+ *             enabled?: bool|Param, // Default: true
+ *             text_to_speech_platform?: string|Param, // Service name of the TTS platform (e.g. ai.platform.elevenlabs). // Default: null
+ *             speech_to_text_platform?: string|Param, // Service name of the STT platform (e.g. ai.platform.openai). // Default: null
+ *             tts_model?: string|Param, // Text-to-speech model name // Default: null
+ *             tts_options?: mixed, // Provider-specific TTS options // Default: []
+ *             stt_model?: string|Param, // Speech-to-text model name // Default: null
+ *             stt_options?: mixed, // Provider-specific STT options // Default: []
+ *         },
+ *     }>,
  *     multi_agent?: array<string, array{ // Default: []
- *             orchestrator?: string|Param, // Service ID of the orchestrator agent
- *             handoffs?: array<string, list<scalar|Param|null>>,
- *             fallback?: string|Param, // Service ID of the fallback agent for unmatched requests
- *         }>,
+ *         orchestrator?: string|Param, // Service ID of the orchestrator agent
+ *         handoffs?: array<string, list<scalar|Param|null>>,
+ *         fallback?: string|Param, // Service ID of the fallback agent for unmatched requests
+ *     }>,
  *     store?: array{
  *         azuresearch?: array<string, array{ // Default: []
- *                 endpoint?: string|Param,
- *                 api_key?: string|Param,
- *                 api_version?: string|Param,
- *                 index_name?: string|Param, // The name of the store will be used if the "index_name" option is not set
- *                 http_client?: string|Param, // Default: "http_client"
- *                 vector_field?: string|Param, // Default: "vector"
- *             }>,
+ *             endpoint?: string|Param,
+ *             api_key?: string|Param,
+ *             api_version?: string|Param,
+ *             index_name?: string|Param, // The name of the store will be used if the "index_name" option is not set
+ *             http_client?: string|Param, // Default: "http_client"
+ *             vector_field?: string|Param, // Default: "vector"
+ *         }>,
  *         cache?: array<string, array{ // Default: []
- *                 service?: string|Param, // Default: "cache.app"
- *                 cache_key?: string|Param, // The name of the store will be used if the key is not set.
- *                 strategy?: string|Param, // Default: "cosine"
- *             }>,
+ *             service?: string|Param, // Default: "cache.app"
+ *             cache_key?: string|Param, // The name of the store will be used if the key is not set.
+ *             strategy?: string|Param, // Default: "cosine"
+ *         }>,
  *         chromadb?: array<string, array{ // Default: []
- *                 client?: string|Param, // Default: "Codewithkyrian\\ChromaDB\\Client"
- *                 collection?: string|Param,
- *             }>,
+ *             client?: string|Param, // Default: "Codewithkyrian\\ChromaDB\\Client"
+ *             collection?: string|Param,
+ *         }>,
  *         clickhouse?: array<string, array{ // Default: []
- *                 dsn?: string|Param,
- *                 http_client?: string|Param,
- *                 database?: string|Param,
- *                 table?: string|Param,
- *             }>,
+ *             dsn?: string|Param,
+ *             http_client?: string|Param,
+ *             database?: string|Param,
+ *             table?: string|Param,
+ *         }>,
  *         cloudflare?: array<string, array{ // Default: []
- *                 account_id?: string|Param,
- *                 api_key?: string|Param,
- *                 index_name?: string|Param,
- *                 dimensions?: int|Param, // Default: 1536
- *                 metric?: string|Param, // Default: "cosine"
- *                 endpoint?: string|Param,
- *             }>,
+ *             account_id?: string|Param,
+ *             api_key?: string|Param,
+ *             index_name?: string|Param,
+ *             dimensions?: int|Param, // Default: 1536
+ *             metric?: string|Param, // Default: "cosine"
+ *             endpoint?: string|Param,
+ *         }>,
  *         elasticsearch?: array<string, array{ // Default: []
- *                 endpoint?: string|Param,
- *                 index_name?: string|Param,
- *                 vectors_field?: string|Param, // Default: "_vectors"
- *                 dimensions?: int|Param, // Default: 1536
- *                 similarity?: string|Param, // Default: "cosine"
- *                 http_client?: string|Param, // Default: "http_client"
- *             }>,
+ *             endpoint?: string|Param,
+ *             index_name?: string|Param,
+ *             vectors_field?: string|Param, // Default: "_vectors"
+ *             dimensions?: int|Param, // Default: 1536
+ *             similarity?: string|Param, // Default: "cosine"
+ *             http_client?: string|Param, // Default: "http_client"
+ *         }>,
  *         manticoresearch?: array<string, array{ // Default: []
- *                 endpoint?: string|Param,
- *                 table?: string|Param,
- *                 field?: string|Param, // Default: "_vectors"
- *                 type?: string|Param, // Default: "hnsw"
- *                 similarity?: string|Param, // Default: "cosine"
- *                 dimensions?: int|Param, // Default: 1536
- *                 quantization?: string|Param,
- *             }>,
+ *             endpoint?: string|Param,
+ *             table?: string|Param,
+ *             field?: string|Param, // Default: "_vectors"
+ *             type?: string|Param, // Default: "hnsw"
+ *             similarity?: string|Param, // Default: "cosine"
+ *             dimensions?: int|Param, // Default: 1536
+ *             quantization?: string|Param,
+ *         }>,
  *         mariadb?: array<string, array{ // Default: []
- *                 connection?: string|Param,
- *                 table_name?: string|Param,
- *                 index_name?: string|Param,
- *                 vector_field_name?: string|Param,
- *                 setup_options?: array{
- *                     dimensions?: int|Param,
- *                 },
- *                 distance?: "cosine"|"euclidean"|"distance"|Param, // Distance metric to use for vector similarity search // Default: "euclidean"
- *             }>,
+ *             connection?: string|Param,
+ *             table_name?: string|Param,
+ *             index_name?: string|Param,
+ *             vector_field_name?: string|Param,
+ *             setup_options?: array{
+ *                 dimensions?: int|Param,
+ *             },
+ *             distance?: "cosine"|"euclidean"|"distance"|Param, // Distance metric to use for vector similarity search // Default: "euclidean"
+ *         }>,
  *         meilisearch?: array<string, array{ // Default: []
- *                 endpoint?: string|Param,
- *                 api_key?: string|Param,
- *                 index_name?: string|Param,
- *                 embedder?: string|Param, // Default: "default"
- *                 vector_field?: string|Param, // Default: "_vectors"
- *                 dimensions?: int|Param, // Default: 1536
- *                 semantic_ratio?: float|Param, // The ratio between semantic (vector) and full-text search (0.0 to 1.0). Default: 1.0 (100% semantic) // Default: 1.0
- *             }>,
+ *             endpoint?: string|Param,
+ *             api_key?: string|Param,
+ *             index_name?: string|Param,
+ *             embedder?: string|Param, // Default: "default"
+ *             vector_field?: string|Param, // Default: "_vectors"
+ *             dimensions?: int|Param, // Default: 1536
+ *             semantic_ratio?: float|Param, // The ratio between semantic (vector) and full-text search (0.0 to 1.0). Default: 1.0 (100% semantic) // Default: 1.0
+ *         }>,
  *         memory?: array<string, array{ // Default: []
- *                 strategy?: string|Param,
- *             }>,
+ *             strategy?: string|Param,
+ *         }>,
  *         milvus?: array<string, array{ // Default: []
- *                 endpoint?: string|Param,
- *                 api_key?: string|Param,
- *                 database?: string|Param,
- *                 collection?: string|Param,
- *                 vector_field?: string|Param, // Default: "_vectors"
- *                 dimensions?: int|Param, // Default: 1536
- *                 metric_type?: string|Param, // Default: "COSINE"
- *             }>,
+ *             endpoint?: string|Param,
+ *             api_key?: string|Param,
+ *             database?: string|Param,
+ *             collection?: string|Param,
+ *             vector_field?: string|Param, // Default: "_vectors"
+ *             dimensions?: int|Param, // Default: 1536
+ *             metric_type?: string|Param, // Default: "COSINE"
+ *         }>,
  *         mongodb?: array<string, array{ // Default: []
- *                 client?: string|Param, // Default: "MongoDB\\Client"
- *                 database?: string|Param,
- *                 collection?: string|Param,
- *                 index_name?: string|Param,
- *                 vector_field?: string|Param, // Default: "vector"
- *                 bulk_write?: bool|Param, // Default: false
- *                 setup_options?: array{
- *                     fields?: mixed, // Default: []
- *                 },
- *             }>,
+ *             client?: string|Param, // Default: "MongoDB\\Client"
+ *             database?: string|Param,
+ *             collection?: string|Param,
+ *             index_name?: string|Param,
+ *             vector_field?: string|Param, // Default: "vector"
+ *             bulk_write?: bool|Param, // Default: false
+ *             setup_options?: array{
+ *                 fields?: mixed, // Default: []
+ *             },
+ *         }>,
  *         neo4j?: array<string, array{ // Default: []
- *                 endpoint?: string|Param,
- *                 username?: string|Param,
- *                 password?: string|Param,
- *                 database?: string|Param,
- *                 vector_index_name?: string|Param,
- *                 node_name?: string|Param,
- *                 vector_field?: string|Param, // Default: "embeddings"
- *                 dimensions?: int|Param, // Default: 1536
- *                 distance?: string|Param, // Default: "cosine"
- *                 quantization?: bool|Param,
- *             }>,
+ *             endpoint?: string|Param,
+ *             username?: string|Param,
+ *             password?: string|Param,
+ *             database?: string|Param,
+ *             vector_index_name?: string|Param,
+ *             node_name?: string|Param,
+ *             vector_field?: string|Param, // Default: "embeddings"
+ *             dimensions?: int|Param, // Default: 1536
+ *             distance?: string|Param, // Default: "cosine"
+ *             quantization?: bool|Param,
+ *         }>,
  *         opensearch?: array<string, array{ // Default: []
- *                 endpoint?: string|Param,
- *                 index_name?: string|Param,
- *                 vectors_field?: string|Param, // Default: "_vectors"
- *                 dimensions?: int|Param, // Default: 1536
- *                 space_type?: string|Param, // Default: "l2"
- *                 http_client?: string|Param, // Default: "http_client"
- *             }>,
+ *             endpoint?: string|Param,
+ *             index_name?: string|Param,
+ *             vectors_field?: string|Param, // Default: "_vectors"
+ *             dimensions?: int|Param, // Default: 1536
+ *             space_type?: string|Param, // Default: "l2"
+ *             http_client?: string|Param, // Default: "http_client"
+ *         }>,
  *         pinecone?: array<string, array{ // Default: []
- *                 client?: string|Param, // Default: "Probots\\Pinecone\\Client"
- *                 index_name?: string|Param,
- *                 namespace?: string|Param,
- *                 filter?: list<scalar|Param|null>,
- *                 top_k?: int|Param,
- *             }>,
+ *             client?: string|Param, // Default: "Probots\\Pinecone\\Client"
+ *             index_name?: string|Param,
+ *             namespace?: string|Param,
+ *             filter?: list<scalar|Param|null>,
+ *             top_k?: int|Param,
+ *         }>,
  *         postgres?: array<string, array{ // Default: []
- *                 dsn?: string|Param,
- *                 username?: string|Param,
- *                 password?: string|Param,
- *                 table_name?: string|Param,
- *                 vector_field?: string|Param, // Default: "embedding"
- *                 distance?: "cosine"|"inner_product"|"l1"|"l2"|Param, // Distance metric to use for vector similarity search // Default: "l2"
- *                 dbal_connection?: string|Param,
- *                 setup_options?: array{
- *                     vector_type?: string|Param, // Default: "vector"
- *                     vector_size?: int|Param, // Default: 1536
- *                     index_method?: string|Param, // Default: "ivfflat"
- *                     index_opclass?: string|Param, // Default: "vector_cosine_ops"
- *                 },
- *             }>,
+ *             dsn?: string|Param,
+ *             username?: string|Param,
+ *             password?: string|Param,
+ *             table_name?: string|Param,
+ *             vector_field?: string|Param, // Default: "embedding"
+ *             distance?: "cosine"|"inner_product"|"l1"|"l2"|Param, // Distance metric to use for vector similarity search // Default: "l2"
+ *             dbal_connection?: string|Param,
+ *             setup_options?: array{
+ *                 vector_type?: string|Param, // Default: "vector"
+ *                 vector_size?: int|Param, // Default: 1536
+ *                 index_method?: string|Param, // Default: "ivfflat"
+ *                 index_opclass?: string|Param, // Default: "vector_cosine_ops"
+ *             },
+ *         }>,
  *         qdrant?: array<string, array{ // Default: []
- *                 endpoint?: string|Param,
- *                 api_key?: string|Param,
- *                 collection_name?: string|Param, // The name of the store will be used if the "collection_name" is not set
- *                 http_client?: string|Param, // Default: "http_client"
- *                 dimensions?: int|Param, // Default: 1536
- *                 distance?: string|Param, // Default: "Cosine"
- *                 async?: bool|Param, // Default: false
- *             }>,
+ *             endpoint?: string|Param,
+ *             api_key?: string|Param,
+ *             collection_name?: string|Param, // The name of the store will be used if the "collection_name" is not set
+ *             http_client?: string|Param, // Default: "http_client"
+ *             dimensions?: int|Param, // Default: 1536
+ *             distance?: string|Param, // Default: "Cosine"
+ *             async?: bool|Param, // Default: false
+ *         }>,
  *         redis?: array<string, array{ // Default: []
- *                 connection_parameters?: mixed, // see https://github.com/phpredis/phpredis?tab=readme-ov-file#example-1
- *                 client?: string|Param, // a service id of a Redis client
- *                 index_name?: string|Param,
- *                 key_prefix?: string|Param, // Default: "vector:"
- *                 distance?: "COSINE"|"L2"|"IP"|Param, // Distance metric to use for vector similarity search // Default: "COSINE"
- *             }>,
+ *             connection_parameters?: mixed, // see https://github.com/phpredis/phpredis?tab=readme-ov-file#example-1
+ *             client?: string|Param, // a service id of a Redis client
+ *             index_name?: string|Param,
+ *             key_prefix?: string|Param, // Default: "vector:"
+ *             distance?: "COSINE"|"L2"|"IP"|Param, // Distance metric to use for vector similarity search // Default: "COSINE"
+ *         }>,
  *         s3vectors?: array<string, array{ // Default: []
- *                 client?: string|Param, // Service reference to an existing S3VectorsClient
- *                 configuration?: array<mixed>,
- *                 vector_bucket_name?: string|Param,
- *                 index_name?: string|Param,
- *                 filter?: array<mixed>,
- *                 top_k?: int|Param, // Default number of results to return // Default: 3
- *             }>,
+ *             client?: string|Param, // Service reference to an existing S3VectorsClient
+ *             configuration?: array<mixed>,
+ *             vector_bucket_name?: string|Param,
+ *             index_name?: string|Param,
+ *             filter?: array<mixed>,
+ *             top_k?: int|Param, // Default number of results to return // Default: 3
+ *         }>,
  *         sqlite?: array<string, array{ // Default: []
- *                 dsn?: string|Param,
- *                 connection?: string|Param,
- *                 table_name?: string|Param,
- *                 strategy?: string|Param,
- *                 vec?: bool|Param, // Default: false
- *                 distance?: "cosine"|"L2"|Param, // Default: "cosine"
- *                 vector_dimension?: int|Param, // Default: 1536
- *             }>,
+ *             dsn?: string|Param,
+ *             connection?: string|Param,
+ *             table_name?: string|Param,
+ *             strategy?: string|Param,
+ *             vec?: bool|Param, // Default: false
+ *             distance?: "cosine"|"L2"|Param, // Default: "cosine"
+ *             vector_dimension?: int|Param, // Default: 1536
+ *         }>,
  *         supabase?: array<string, array{ // Default: []
- *                 http_client?: string|Param, // Service ID of the HTTP client to use // Default: "http_client"
- *                 url?: string|Param,
- *                 api_key?: string|Param,
- *                 table?: string|Param,
- *                 vector_field?: string|Param, // Default: "embedding"
- *                 vector_dimension?: int|Param, // Default: 1536
- *                 function_name?: string|Param, // Default: "match_documents"
- *             }>,
+ *             http_client?: string|Param, // Service ID of the HTTP client to use // Default: "http_client"
+ *             url?: string|Param,
+ *             api_key?: string|Param,
+ *             table?: string|Param,
+ *             vector_field?: string|Param, // Default: "embedding"
+ *             vector_dimension?: int|Param, // Default: 1536
+ *             function_name?: string|Param, // Default: "match_documents"
+ *         }>,
  *         surrealdb?: array<string, array{ // Default: []
- *                 endpoint?: string|Param,
- *                 username?: string|Param,
- *                 password?: string|Param,
- *                 namespace?: string|Param,
- *                 database?: string|Param,
- *                 table?: string|Param,
- *                 vector_field?: string|Param, // Default: "_vectors"
- *                 strategy?: string|Param, // Default: "cosine"
- *                 dimensions?: int|Param, // Default: 1536
- *                 namespaced_user?: bool|Param,
- *             }>,
+ *             endpoint?: string|Param,
+ *             username?: string|Param,
+ *             password?: string|Param,
+ *             namespace?: string|Param,
+ *             database?: string|Param,
+ *             table?: string|Param,
+ *             vector_field?: string|Param, // Default: "_vectors"
+ *             strategy?: string|Param, // Default: "cosine"
+ *             dimensions?: int|Param, // Default: 1536
+ *             namespaced_user?: bool|Param,
+ *         }>,
  *         typesense?: array<string, array{ // Default: []
- *                 endpoint?: string|Param,
- *                 api_key?: string|Param,
- *                 collection?: string|Param,
- *                 vector_field?: string|Param, // Default: "_vectors"
- *                 dimensions?: int|Param, // Default: 1536
- *             }>,
+ *             endpoint?: string|Param,
+ *             api_key?: string|Param,
+ *             collection?: string|Param,
+ *             vector_field?: string|Param, // Default: "_vectors"
+ *             dimensions?: int|Param, // Default: 1536
+ *         }>,
  *         weaviate?: array<string, array{ // Default: []
- *                 endpoint?: string|Param,
- *                 api_key?: string|Param,
- *                 http_client?: string|Param, // Default: "http_client"
- *                 collection?: string|Param, // The name of the store will be used if the "collection" is not set
- *             }>,
+ *             endpoint?: string|Param,
+ *             api_key?: string|Param,
+ *             http_client?: string|Param, // Default: "http_client"
+ *             collection?: string|Param, // The name of the store will be used if the "collection" is not set
+ *         }>,
  *         vektor?: array<string, array{ // Default: []
- *                 storage_path?: string|Param, // Default: "%kernel.project_dir%/var/share"
- *                 dimensions?: int|Param, // Default: 1536
- *             }>,
+ *             storage_path?: string|Param, // Default: "%kernel.project_dir%/var/share"
+ *             dimensions?: int|Param, // Default: 1536
+ *         }>,
  *     },
  *     message_store?: array{
  *         cache?: array<string, array{ // Default: []
- *                 service?: string|Param, // Default: "cache.app"
- *                 key?: string|Param, // The name of the message store will be used if the key is not set
- *                 ttl?: int|Param,
- *             }>,
+ *             service?: string|Param, // Default: "cache.app"
+ *             key?: string|Param, // The name of the message store will be used if the key is not set
+ *             ttl?: int|Param,
+ *         }>,
  *         cloudflare?: array<string, array{ // Default: []
- *                 account_id?: string|Param,
- *                 api_key?: string|Param,
- *                 namespace?: string|Param,
- *                 endpoint_url?: string|Param, // If the version of the Cloudflare API is updated, use this key to support it.
- *             }>,
+ *             account_id?: string|Param,
+ *             api_key?: string|Param,
+ *             namespace?: string|Param,
+ *             endpoint_url?: string|Param, // If the version of the Cloudflare API is updated, use this key to support it.
+ *         }>,
  *         doctrine?: array{
  *             dbal?: array<string, array{ // Default: []
- *                     connection?: string|Param,
- *                     table_name?: string|Param, // The name of the message store will be used if the table_name is not set
- *                 }>,
+ *                 connection?: string|Param,
+ *                 table_name?: string|Param, // The name of the message store will be used if the table_name is not set
+ *             }>,
  *         },
  *         meilisearch?: array<string, array{ // Default: []
- *                 endpoint?: string|Param,
- *                 api_key?: string|Param,
- *                 index_name?: string|Param,
- *             }>,
+ *             endpoint?: string|Param,
+ *             api_key?: string|Param,
+ *             index_name?: string|Param,
+ *         }>,
  *         memory?: array<string, array{ // Default: []
- *                 identifier?: string|Param,
- *             }>,
+ *             identifier?: string|Param,
+ *         }>,
  *         mongodb?: array<string, array{ // Default: []
- *                 client?: string|Param, // Default: "MongoDB\\Client"
- *                 database?: string|Param,
- *                 collection?: string|Param,
- *             }>,
+ *             client?: string|Param, // Default: "MongoDB\\Client"
+ *             database?: string|Param,
+ *             collection?: string|Param,
+ *         }>,
  *         pogocache?: array<string, array{ // Default: []
- *                 endpoint?: string|Param,
- *                 password?: string|Param,
- *                 key?: string|Param,
- *             }>,
+ *             endpoint?: string|Param,
+ *             password?: string|Param,
+ *             key?: string|Param,
+ *         }>,
  *         redis?: array<string, array{ // Default: []
- *                 connection_parameters?: mixed, // see https://github.com/phpredis/phpredis?tab=readme-ov-file#example-1
- *                 client?: string|Param, // a service id of a Redis client
- *                 endpoint?: string|Param,
- *                 index_name?: string|Param,
- *             }>,
+ *             connection_parameters?: mixed, // see https://github.com/phpredis/phpredis?tab=readme-ov-file#example-1
+ *             client?: string|Param, // a service id of a Redis client
+ *             endpoint?: string|Param,
+ *             index_name?: string|Param,
+ *         }>,
  *         session?: array<string, array{ // Default: []
- *                 identifier?: string|Param,
- *             }>,
+ *             identifier?: string|Param,
+ *         }>,
  *         surrealdb?: array<string, array{ // Default: []
- *                 endpoint?: string|Param,
- *                 username?: string|Param,
- *                 password?: string|Param,
- *                 namespace?: string|Param,
- *                 database?: string|Param,
- *                 table?: string|Param,
- *                 namespaced_user?: bool|Param, // Using a namespaced user is a good practice to prevent any undesired access to a specific table, see https://surrealdb.com/docs/surrealdb/reference-guide/security-best-practices
- *             }>,
+ *             endpoint?: string|Param,
+ *             username?: string|Param,
+ *             password?: string|Param,
+ *             namespace?: string|Param,
+ *             database?: string|Param,
+ *             table?: string|Param,
+ *             namespaced_user?: bool|Param, // Using a namespaced user is a good practice to prevent any undesired access to a specific table, see https://surrealdb.com/docs/surrealdb/reference-guide/security-best-practices
+ *         }>,
  *     },
  *     chat?: array<string, array{ // Default: []
- *             agent?: string|Param,
- *             message_store?: string|Param,
- *         }>,
+ *         agent?: string|Param,
+ *         message_store?: string|Param,
+ *     }>,
  *     vectorizer?: array<string, array{ // Default: []
- *             platform?: string|Param, // Service name of platform // Default: "Symfony\\AI\\Platform\\PlatformInterface"
- *             model?: mixed,
- *         }>,
+ *         platform?: string|Param, // Service name of platform // Default: "Symfony\\AI\\Platform\\PlatformInterface"
+ *         model?: mixed,
+ *     }>,
  *     indexer?: array<string, array{ // Default: []
- *             loader?: string|Param, // Service name of loader // Default: null
- *             source?: mixed, // Source identifier (file path, URL, etc.) or array of sources // Default: null
- *             transformers?: list<scalar|Param|null>,
- *             filters?: list<scalar|Param|null>,
- *             vectorizer?: scalar|Param|null, // Service name of vectorizer // Default: "Symfony\\AI\\Store\\Document\\VectorizerInterface"
- *             store?: string|Param, // Service name of store // Default: "Symfony\\AI\\Store\\StoreInterface"
- *         }>,
+ *         loader?: string|Param, // Service name of loader // Default: null
+ *         source?: mixed, // Source identifier (file path, URL, etc.) or array of sources // Default: null
+ *         transformers?: list<scalar|Param|null>,
+ *         filters?: list<scalar|Param|null>,
+ *         vectorizer?: scalar|Param|null, // Service name of vectorizer // Default: "Symfony\\AI\\Store\\Document\\VectorizerInterface"
+ *         store?: string|Param, // Service name of store // Default: "Symfony\\AI\\Store\\StoreInterface"
+ *     }>,
  *     retriever?: array<string, array{ // Default: []
- *             vectorizer?: scalar|Param|null, // Service name of vectorizer // Default: "Symfony\\AI\\Store\\Document\\VectorizerInterface"
- *             store?: string|Param, // Service name of store // Default: "Symfony\\AI\\Store\\StoreInterface"
- *         }>,
+ *         vectorizer?: scalar|Param|null, // Service name of vectorizer // Default: "Symfony\\AI\\Store\\Document\\VectorizerInterface"
+ *         store?: string|Param, // Service name of store // Default: "Symfony\\AI\\Store\\StoreInterface"
+ *     }>,
  * }
  * @psalm-type ConfigType = array{
  *     imports?: ImportsConfig,
diff --git a/tests/Services/Cache/ElementCacheTagGeneratorTest.php b/tests/Services/Cache/ElementCacheTagGeneratorTest.php
new file mode 100644
index 00000000..f747441f
--- /dev/null
+++ b/tests/Services/Cache/ElementCacheTagGeneratorTest.php
@@ -0,0 +1,67 @@
+<?php
+
+declare(strict_types=1);
+
+/*
+ * This file is part of Part-DB (https://github.com/Part-DB/Part-DB-symfony).
+ *
+ *  Copyright (C) 2019 - 2026 Jan Böhmer (https://github.com/jbtronics)
+ *
+ *  This program is free software: you can redistribute it and/or modify
+ *  it under the terms of the GNU Affero General Public License as published
+ *  by the Free Software Foundation, either version 3 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU Affero General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Affero General Public License
+ *  along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+
+namespace App\Tests\Services\Cache;
+
+use App\Entity\Parts\Part;
+use App\Services\Cache\ElementCacheTagGenerator;
+use PHPUnit\Framework\TestCase;
+
+final class ElementCacheTagGeneratorTest extends TestCase
+{
+    private ElementCacheTagGenerator $service;
+
+    protected function setUp(): void
+    {
+        $this->service = new ElementCacheTagGenerator();
+    }
+
+    public function testClassNameIsConvertedToTag(): void
+    {
+        $tag = $this->service->getElementTypeCacheTag(Part::class);
+        // Backslashes must be replaced by underscores
+        $this->assertStringNotContainsString('\\', $tag);
+        $this->assertSame(str_replace('\\', '_', Part::class), $tag);
+    }
+
+    public function testObjectInputGivesSameResultAsClassName(): void
+    {
+        $part = new Part();
+        $tagFromObject = $this->service->getElementTypeCacheTag($part);
+        $tagFromClass = $this->service->getElementTypeCacheTag(Part::class);
+        $this->assertSame($tagFromClass, $tagFromObject);
+    }
+
+    public function testResultIsCached(): void
+    {
+        $tag1 = $this->service->getElementTypeCacheTag(Part::class);
+        $tag2 = $this->service->getElementTypeCacheTag(Part::class);
+        $this->assertSame($tag1, $tag2);
+    }
+
+    public function testNonExistentClassThrowsException(): void
+    {
+        $this->expectException(\InvalidArgumentException::class);
+        $this->service->getElementTypeCacheTag('App\\NonExistent\\Foo');
+    }
+}
diff --git a/tests/Services/Formatters/MarkdownParserTest.php b/tests/Services/Formatters/MarkdownParserTest.php
new file mode 100644
index 00000000..0b27972f
--- /dev/null
+++ b/tests/Services/Formatters/MarkdownParserTest.php
@@ -0,0 +1,86 @@
+<?php
+
+declare(strict_types=1);
+
+/*
+ * This file is part of Part-DB (https://github.com/Part-DB/Part-DB-symfony).
+ *
+ *  Copyright (C) 2019 - 2026 Jan Böhmer (https://github.com/jbtronics)
+ *
+ *  This program is free software: you can redistribute it and/or modify
+ *  it under the terms of the GNU Affero General Public License as published
+ *  by the Free Software Foundation, either version 3 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU Affero General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Affero General Public License
+ *  along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+
+namespace App\Tests\Services\Formatters;
+
+use App\Services\Formatters\MarkdownParser;
+use PHPUnit\Framework\TestCase;
+use Symfony\Contracts\Translation\TranslatorInterface;
+
+final class MarkdownParserTest extends TestCase
+{
+    private MarkdownParser $service;
+
+    protected function setUp(): void
+    {
+        $translator = $this->createMock(TranslatorInterface::class);
+        $translator->method('trans')->willReturn('Loading...');
+        $this->service = new MarkdownParser($translator);
+    }
+
+    public function testOutputContainsDataMarkdownAttribute(): void
+    {
+        $result = $this->service->markForRendering('**hello**');
+        $this->assertStringContainsString('data-markdown=', $result);
+        $this->assertStringContainsString('data-controller="common--markdown"', $result);
+    }
+
+    public function testMarkdownContentIsHtmlescapedInAttribute(): void
+    {
+        $result = $this->service->markForRendering('<script>alert(1)</script>');
+        // The raw < should not appear unescaped inside the attribute
+        $this->assertStringNotContainsString('<script>', $result);
+        $this->assertStringContainsString('&lt;script&gt;', $result);
+    }
+
+    public function testInlineModeAddsInlineClass(): void
+    {
+        $result = $this->service->markForRendering('text', true);
+        $this->assertStringContainsString('markdown-inline', $result);
+    }
+
+    public function testNonInlineModeDoesNotAddInlineClass(): void
+    {
+        $result = $this->service->markForRendering('text', false);
+        $this->assertStringNotContainsString('markdown-inline', $result);
+    }
+
+    public function testOutputIsWrappedInDiv(): void
+    {
+        $result = $this->service->markForRendering('test');
+        $this->assertStringStartsWith('<div', $result);
+        $this->assertStringEndsWith('</div>', $result);
+    }
+
+    public function testTranslatorIsCalledForLoadingText(): void
+    {
+        $translator = $this->createMock(TranslatorInterface::class);
+        $translator->expects($this->once())
+            ->method('trans')
+            ->with('markdown.loading')
+            ->willReturn('Loading...');
+
+        $service = new MarkdownParser($translator);
+        $service->markForRendering('test');
+    }
+}
diff --git a/tests/Services/Formatters/MoneyFormatterTest.php b/tests/Services/Formatters/MoneyFormatterTest.php
new file mode 100644
index 00000000..d98a6c5f
--- /dev/null
+++ b/tests/Services/Formatters/MoneyFormatterTest.php
@@ -0,0 +1,97 @@
+<?php
+
+declare(strict_types=1);
+
+/*
+ * This file is part of Part-DB (https://github.com/Part-DB/Part-DB-symfony).
+ *
+ *  Copyright (C) 2019 - 2026 Jan Böhmer (https://github.com/jbtronics)
+ *
+ *  This program is free software: you can redistribute it and/or modify
+ *  it under the terms of the GNU Affero General Public License as published
+ *  by the Free Software Foundation, either version 3 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU Affero General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Affero General Public License
+ *  along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+
+namespace App\Tests\Services\Formatters;
+
+use App\Entity\PriceInformations\Currency;
+use App\Services\Formatters\MoneyFormatter;
+use Symfony\Bundle\FrameworkBundle\Test\WebTestCase;
+
+final class MoneyFormatterTest extends WebTestCase
+{
+    private static MoneyFormatter $service;
+
+    public static function setUpBeforeClass(): void
+    {
+        self::bootKernel();
+        self::$service = self::getContainer()->get(MoneyFormatter::class);
+    }
+
+    public function testFormatWithFloatInput(): void
+    {
+        $currency = new Currency();
+        $currency->setIsoCode('USD');
+        $result = self::$service->format(1.5, $currency);
+
+        $this->assertSame('$ 1.50', $result);
+    }
+
+    public function testFormatWithNullCurrencyUsesBaseCurrency(): void
+    {
+        $result = self::$service->format(1.5);
+        // Should return a non-empty formatted string
+        $this->assertNotEmpty($result);
+        $this->assertIsString($result);
+    }
+
+    public function testFormatWithExplicitCurrencyUsesThatCurrency(): void
+    {
+        $currency = new Currency();
+        $currency->setIsoCode('USD');
+
+        $result = self::$service->format(10.0, $currency);
+        $this->assertNotEmpty($result);
+        $this->assertStringContainsString('10', $result);
+    }
+
+    public function testFormatStringInputWorksSameAsFloat(): void
+    {
+        $resultFloat = self::$service->format(1.5);
+        $resultString = self::$service->format('1.5');
+        $this->assertSame($resultFloat, $resultString);
+    }
+
+    public function testShowAllDigitsRespectsFractionCount(): void
+    {
+        // With show_all_digits = true and decimals = 3, we expect exactly 3 decimal places
+        $result = self::$service->format(1.5, null, 3, true);
+        // The number should contain exactly 3 decimal digits
+        $this->assertMatchesRegularExpression('/\d{3}(?!\d)/', $result);
+    }
+
+    public function testZeroIsFormattedCorrectly(): void
+    {
+        $result = self::$service->format(0.0);
+        $this->assertNotEmpty($result);
+        $this->assertStringContainsString('0', $result);
+    }
+
+    public function testCurrencyWithEmptyIsoCodeFallsBackToBaseCurrency(): void
+    {
+        $currency = new Currency();
+        // Empty ISO code → should fall back to base currency
+        $resultWithEmpty = self::$service->format(1.0, $currency);
+        $resultWithNull = self::$service->format(1.0, null);
+        $this->assertSame($resultWithNull, $resultWithEmpty);
+    }
+}
diff --git a/tests/Services/LogSystem/LogDiffFormatterTest.php b/tests/Services/LogSystem/LogDiffFormatterTest.php
new file mode 100644
index 00000000..e8062a76
--- /dev/null
+++ b/tests/Services/LogSystem/LogDiffFormatterTest.php
@@ -0,0 +1,79 @@
+<?php
+
+declare(strict_types=1);
+
+/*
+ * This file is part of Part-DB (https://github.com/Part-DB/Part-DB-symfony).
+ *
+ *  Copyright (C) 2019 - 2026 Jan Böhmer (https://github.com/jbtronics)
+ *
+ *  This program is free software: you can redistribute it and/or modify
+ *  it under the terms of the GNU Affero General Public License as published
+ *  by the Free Software Foundation, either version 3 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU Affero General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Affero General Public License
+ *  along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+
+namespace App\Tests\Services\LogSystem;
+
+use App\Services\LogSystem\LogDiffFormatter;
+use PHPUnit\Framework\TestCase;
+
+final class LogDiffFormatterTest extends TestCase
+{
+    private LogDiffFormatter $service;
+
+    protected function setUp(): void
+    {
+        $this->service = new LogDiffFormatter();
+    }
+
+    public function testPositiveNumericDiff(): void
+    {
+        $result = $this->service->formatDiff(1, 6);
+        $this->assertStringContainsString('text-success', $result);
+        $this->assertStringContainsString('+5', $result);
+    }
+
+    public function testNegativeNumericDiff(): void
+    {
+        $result = $this->service->formatDiff(10, 3);
+        $this->assertStringContainsString('text-danger', $result);
+        $this->assertStringContainsString('-7', $result);
+    }
+
+    public function testZeroNumericDiff(): void
+    {
+        $result = $this->service->formatDiff(5, 5);
+        $this->assertStringContainsString('text-muted', $result);
+        $this->assertStringContainsString('0', $result);
+    }
+
+    public function testStringDiffReturnsNonEmptyHtml(): void
+    {
+        $result = $this->service->formatDiff('hello world', 'hello PHP');
+        $this->assertNotEmpty($result);
+        // DiffHelper returns HTML
+        $this->assertStringContainsString('<', $result);
+    }
+
+    public function testUnsupportedTypesReturnEmptyString(): void
+    {
+        // booleans are neither string nor numeric → empty
+        $result = $this->service->formatDiff(true, false);
+        $this->assertSame('', $result);
+    }
+
+    public function testFloatDiff(): void
+    {
+        $result = $this->service->formatDiff(1.5, 3.0);
+        $this->assertStringContainsString('text-success', $result);
+    }
+}
diff --git a/tests/Services/LogSystem/LogEntryExtraFormatterTest.php b/tests/Services/LogSystem/LogEntryExtraFormatterTest.php
new file mode 100644
index 00000000..ceee721a
--- /dev/null
+++ b/tests/Services/LogSystem/LogEntryExtraFormatterTest.php
@@ -0,0 +1,92 @@
+<?php
+
+declare(strict_types=1);
+
+/*
+ * This file is part of Part-DB (https://github.com/Part-DB/Part-DB-symfony).
+ *
+ *  Copyright (C) 2019 - 2026 Jan Böhmer (https://github.com/jbtronics)
+ *
+ *  This program is free software: you can redistribute it and/or modify
+ *  it under the terms of the GNU Affero General Public License as published
+ *  by the Free Software Foundation, either version 3 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU Affero General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Affero General Public License
+ *  along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+
+namespace App\Tests\Services\LogSystem;
+
+use App\Entity\LogSystem\DatabaseUpdatedLogEntry;
+use App\Entity\LogSystem\UserLoginLogEntry;
+use App\Entity\LogSystem\UserLogoutLogEntry;
+use App\Services\LogSystem\LogEntryExtraFormatter;
+use Symfony\Bundle\FrameworkBundle\Test\WebTestCase;
+
+final class LogEntryExtraFormatterTest extends WebTestCase
+{
+    private static LogEntryExtraFormatter $service;
+
+    public static function setUpBeforeClass(): void
+    {
+        self::bootKernel();
+        self::$service = self::getContainer()->get(LogEntryExtraFormatter::class);
+    }
+
+    public function testFormatUserLoginLogEntryContainsIp(): void
+    {
+        $entry = new UserLoginLogEntry('127.0.0.1', anonymize: false);
+        $result = self::$service->format($entry);
+        $this->assertNotEmpty($result);
+        $this->assertStringContainsString('127.0.0.1', $result);
+    }
+
+    public function testFormatDatabaseUpdatedLogEntryContainsVersions(): void
+    {
+        $entry = new DatabaseUpdatedLogEntry('1.0.0', '2.0.0');
+        $result = self::$service->format($entry);
+        $this->assertStringContainsString('1.0.0', $result);
+        $this->assertStringContainsString('2.0.0', $result);
+    }
+
+    public function testFormatUserLogoutContainsIp(): void
+    {
+        $entry = new UserLogoutLogEntry('10.0.0.1', anonymize: false);
+        $result = self::$service->format($entry);
+        $this->assertNotEmpty($result);
+        $this->assertStringContainsString('10.0.0.1', $result);
+    }
+
+    public function testFormatConsoleReplacesHtmlTags(): void
+    {
+        $entry = new DatabaseUpdatedLogEntry('1.0', '2.0');
+        $result = self::$service->formatConsole($entry);
+        // Console format replaces the arrow icon with →
+        $this->assertStringContainsString('→', $result);
+        // No raw HTML tags should remain from the arrow icon
+        $this->assertStringNotContainsString('<i class="fas fa-long-arrow-alt-right"></i>', $result);
+    }
+
+    public function testFormatConsoleReturnsString(): void
+    {
+        $entry = new UserLoginLogEntry('192.168.1.1', anonymize: false);
+        $result = self::$service->formatConsole($entry);
+        $this->assertIsString($result);
+        $this->assertNotEmpty($result);
+    }
+
+    public function testIpAddressIsHtmlEscapedInFormat(): void
+    {
+        // Verify that the IP embedded in the result is safe (htmlspecialchars is applied)
+        $entry = new UserLoginLogEntry('192.168.0.1', anonymize: false);
+        $result = self::$service->format($entry);
+        // The result must not contain unescaped HTML even from a crafted IP
+        $this->assertStringNotContainsString('<script>', $result);
+    }
+}
diff --git a/tests/Services/LogSystem/LogLevelHelperTest.php b/tests/Services/LogSystem/LogLevelHelperTest.php
new file mode 100644
index 00000000..169c72fc
--- /dev/null
+++ b/tests/Services/LogSystem/LogLevelHelperTest.php
@@ -0,0 +1,85 @@
+<?php
+
+declare(strict_types=1);
+
+/*
+ * This file is part of Part-DB (https://github.com/Part-DB/Part-DB-symfony).
+ *
+ *  Copyright (C) 2019 - 2026 Jan Böhmer (https://github.com/jbtronics)
+ *
+ *  This program is free software: you can redistribute it and/or modify
+ *  it under the terms of the GNU Affero General Public License as published
+ *  by the Free Software Foundation, either version 3 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU Affero General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Affero General Public License
+ *  along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+
+namespace App\Tests\Services\LogSystem;
+
+use App\Services\LogSystem\LogLevelHelper;
+use PHPUnit\Framework\Attributes\DataProvider;
+use PHPUnit\Framework\TestCase;
+use Psr\Log\LogLevel;
+
+final class LogLevelHelperTest extends TestCase
+{
+    private LogLevelHelper $service;
+
+    protected function setUp(): void
+    {
+        $this->service = new LogLevelHelper();
+    }
+
+    public static function iconClassProvider(): \Generator
+    {
+        yield [LogLevel::DEBUG, 'fa-bug'];
+        yield [LogLevel::INFO, 'fa-info'];
+        yield [LogLevel::NOTICE, 'fa-flag'];
+        yield [LogLevel::WARNING, 'fa-exclamation-circle'];
+        yield [LogLevel::ERROR, 'fa-exclamation-triangle'];
+        yield [LogLevel::CRITICAL, 'fa-bolt'];
+        yield [LogLevel::ALERT, 'fa-radiation'];
+        yield [LogLevel::EMERGENCY, 'fa-skull-crossbones'];
+    }
+
+    #[DataProvider('iconClassProvider')]
+    public function testLogLevelToIconClass(string $logLevel, string $expectedIcon): void
+    {
+        $this->assertSame($expectedIcon, $this->service->logLevelToIconClass($logLevel));
+    }
+
+    public function testUnknownLogLevelReturnsDefaultIcon(): void
+    {
+        $this->assertSame('fa-question-circle', $this->service->logLevelToIconClass('unknown_level'));
+    }
+
+    public static function tableColorProvider(): \Generator
+    {
+        yield [LogLevel::EMERGENCY, 'table-danger'];
+        yield [LogLevel::ALERT, 'table-danger'];
+        yield [LogLevel::CRITICAL, 'table-danger'];
+        yield [LogLevel::ERROR, 'table-danger'];
+        yield [LogLevel::WARNING, 'table-warning'];
+        yield [LogLevel::NOTICE, 'table-info'];
+        yield [LogLevel::INFO, ''];
+        yield [LogLevel::DEBUG, ''];
+    }
+
+    #[DataProvider('tableColorProvider')]
+    public function testLogLevelToTableColorClass(string $logLevel, string $expectedClass): void
+    {
+        $this->assertSame($expectedClass, $this->service->logLevelToTableColorClass($logLevel));
+    }
+
+    public function testUnknownLogLevelReturnsEmptyColor(): void
+    {
+        $this->assertSame('', $this->service->logLevelToTableColorClass('unknown_level'));
+    }
+}
diff --git a/tests/Services/UserSystem/PermissionPresetsHelperTest.php b/tests/Services/UserSystem/PermissionPresetsHelperTest.php
new file mode 100644
index 00000000..c141997a
--- /dev/null
+++ b/tests/Services/UserSystem/PermissionPresetsHelperTest.php
@@ -0,0 +1,105 @@
+<?php
+
+declare(strict_types=1);
+
+/*
+ * This file is part of Part-DB (https://github.com/Part-DB/Part-DB-symfony).
+ *
+ *  Copyright (C) 2019 - 2026 Jan Böhmer (https://github.com/jbtronics)
+ *
+ *  This program is free software: you can redistribute it and/or modify
+ *  it under the terms of the GNU Affero General Public License as published
+ *  by the Free Software Foundation, either version 3 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU Affero General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Affero General Public License
+ *  along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+
+namespace App\Tests\Services\UserSystem;
+
+use App\Entity\UserSystem\User;
+use App\Services\UserSystem\PermissionManager;
+use App\Services\UserSystem\PermissionPresetsHelper;
+use Symfony\Bundle\FrameworkBundle\Test\WebTestCase;
+
+final class PermissionPresetsHelperTest extends WebTestCase
+{
+    private static PermissionPresetsHelper $service;
+    private static PermissionManager $permissionManager;
+
+    public static function setUpBeforeClass(): void
+    {
+        self::bootKernel();
+        self::$service = self::getContainer()->get(PermissionPresetsHelper::class);
+        self::$permissionManager = self::getContainer()->get(PermissionManager::class);
+    }
+
+    private function createUser(): User
+    {
+        return new User();
+    }
+
+    public function testAllInheritPresetLeavesAllPermissionsInherit(): void
+    {
+        $user = $this->createUser();
+        self::$service->applyPreset($user, PermissionPresetsHelper::PRESET_ALL_INHERIT);
+
+        // After all-inherit preset, 'parts' read should be null (inherit)
+        $this->assertNull(self::$permissionManager->dontInherit($user, 'parts', 'read'));
+    }
+
+    public function testAllForbidPresetSetsAllPermissionsToFalse(): void
+    {
+        $user = $this->createUser();
+        self::$service->applyPreset($user, PermissionPresetsHelper::PRESET_ALL_FORBID);
+
+        // After all-forbid, 'parts' read should be false (disallowed)
+        $this->assertFalse(self::$permissionManager->dontInherit($user, 'parts', 'read'));
+    }
+
+    public function testAllAllowPresetSetsAllPermissionsToTrue(): void
+    {
+        $user = $this->createUser();
+        self::$service->applyPreset($user, PermissionPresetsHelper::PRESET_ALL_ALLOW);
+
+        // After all-allow, 'parts' read should be true (allowed)
+        $this->assertTrue(self::$permissionManager->dontInherit($user, 'parts', 'read'));
+    }
+
+    public function testReadOnlyPresetAllowsPartsRead(): void
+    {
+        $user = $this->createUser();
+        self::$service->applyPreset($user, PermissionPresetsHelper::PRESET_READ_ONLY);
+
+        $this->assertTrue(self::$permissionManager->dontInherit($user, 'parts', 'read'));
+    }
+
+    public function testReadOnlyPresetDoesNotAllowPartsCreate(): void
+    {
+        $user = $this->createUser();
+        self::$service->applyPreset($user, PermissionPresetsHelper::PRESET_READ_ONLY);
+
+        // create should remain null (inherit) or false — not explicitly allowed
+        $createValue = self::$permissionManager->dontInherit($user, 'parts', 'create');
+        $this->assertNotTrue($createValue);
+    }
+
+    public function testUnknownPresetThrowsException(): void
+    {
+        $this->expectException(\InvalidArgumentException::class);
+        self::$service->applyPreset($this->createUser(), 'non_existent_preset');
+    }
+
+    public function testApplyPresetReturnsTheSameUser(): void
+    {
+        $user = $this->createUser();
+        $returned = self::$service->applyPreset($user, PermissionPresetsHelper::PRESET_ALL_INHERIT);
+        $this->assertSame($user, $returned);
+    }
+}
diff --git a/tests/Validator/Constraints/BigDecimal/BigDecimalGreaterThanValidatorTest.php b/tests/Validator/Constraints/BigDecimal/BigDecimalGreaterThanValidatorTest.php
new file mode 100644
index 00000000..024f6221
--- /dev/null
+++ b/tests/Validator/Constraints/BigDecimal/BigDecimalGreaterThanValidatorTest.php
@@ -0,0 +1,95 @@
+<?php
+
+declare(strict_types=1);
+
+/*
+ * This file is part of Part-DB (https://github.com/Part-DB/Part-DB-symfony).
+ *
+ *  Copyright (C) 2019 - 2026 Jan Böhmer (https://github.com/jbtronics)
+ *
+ *  This program is free software: you can redistribute it and/or modify
+ *  it under the terms of the GNU Affero General Public License as published
+ *  by the Free Software Foundation, either version 3 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU Affero General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Affero General Public License
+ *  along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+
+namespace App\Tests\Validator\Constraints\BigDecimal;
+
+use App\Validator\Constraints\BigDecimal\BigDecimalGreaterThanValidator;
+use App\Validator\Constraints\BigDecimal\BigDecimalPositive;
+use Brick\Math\BigDecimal;
+use Symfony\Component\Validator\ConstraintValidatorInterface;
+use Symfony\Component\Validator\Test\ConstraintValidatorTestCase;
+
+/**
+ * Tests BigDecimalGreaterThanValidator via the BigDecimalPositive constraint (value > 0).
+ */
+final class BigDecimalGreaterThanValidatorTest extends ConstraintValidatorTestCase
+{
+    protected function createValidator(): ConstraintValidatorInterface
+    {
+        return new BigDecimalGreaterThanValidator();
+    }
+
+    public function testNullIsValid(): void
+    {
+        $this->validator->validate(null, new BigDecimalPositive());
+        $this->assertNoViolation();
+    }
+
+    public function testPositiveIntegerIsValid(): void
+    {
+        $this->validator->validate(1, new BigDecimalPositive());
+        $this->assertNoViolation();
+    }
+
+    public function testPositiveStringIsValid(): void
+    {
+        $this->validator->validate('0.01', new BigDecimalPositive());
+        $this->assertNoViolation();
+    }
+
+    public function testPositiveBigDecimalIsValid(): void
+    {
+        $this->validator->validate(BigDecimal::of('1.5'), new BigDecimalPositive());
+        $this->assertNoViolation();
+    }
+
+    public function testZeroIsInvalid(): void
+    {
+        $constraint = new BigDecimalPositive();
+        $this->validator->validate(0, $constraint);
+        $this->buildViolation($constraint->message)
+            ->setParameters(['{{ value }}' => '0', '{{ compared_value }}' => '0', '{{ compared_value_type }}' => 'int'])
+            ->setCode(\Symfony\Component\Validator\Constraints\GreaterThan::TOO_LOW_ERROR)
+            ->assertRaised();
+    }
+
+    public function testZeroBigDecimalIsInvalid(): void
+    {
+        $constraint = new BigDecimalPositive();
+        $this->validator->validate(BigDecimal::of('0.00'), $constraint);
+        $this->buildViolation($constraint->message)
+            ->setParameters(['{{ value }}' => '0.00', '{{ compared_value }}' => '0', '{{ compared_value_type }}' => 'int'])
+            ->setCode(\Symfony\Component\Validator\Constraints\GreaterThan::TOO_LOW_ERROR)
+            ->assertRaised();
+    }
+
+    public function testNegativeIsInvalid(): void
+    {
+        $constraint = new BigDecimalPositive();
+        $this->validator->validate(-1, $constraint);
+        $this->buildViolation($constraint->message)
+            ->setParameters(['{{ value }}' => '-1', '{{ compared_value }}' => '0', '{{ compared_value_type }}' => 'int'])
+            ->setCode(\Symfony\Component\Validator\Constraints\GreaterThan::TOO_LOW_ERROR)
+            ->assertRaised();
+    }
+}
diff --git a/tests/Validator/Constraints/BigDecimal/BigDecimalGreaterThenOrEqualValidatorTest.php b/tests/Validator/Constraints/BigDecimal/BigDecimalGreaterThenOrEqualValidatorTest.php
new file mode 100644
index 00000000..6933ca7e
--- /dev/null
+++ b/tests/Validator/Constraints/BigDecimal/BigDecimalGreaterThenOrEqualValidatorTest.php
@@ -0,0 +1,91 @@
+<?php
+
+declare(strict_types=1);
+
+/*
+ * This file is part of Part-DB (https://github.com/Part-DB/Part-DB-symfony).
+ *
+ *  Copyright (C) 2019 - 2026 Jan Böhmer (https://github.com/jbtronics)
+ *
+ *  This program is free software: you can redistribute it and/or modify
+ *  it under the terms of the GNU Affero General Public License as published
+ *  by the Free Software Foundation, either version 3 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU Affero General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Affero General Public License
+ *  along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+
+namespace App\Tests\Validator\Constraints\BigDecimal;
+
+use App\Validator\Constraints\BigDecimal\BigDecimalGreaterThenOrEqualValidator;
+use App\Validator\Constraints\BigDecimal\BigDecimalPositiveOrZero;
+use Brick\Math\BigDecimal;
+use Symfony\Component\Validator\ConstraintValidatorInterface;
+use Symfony\Component\Validator\Test\ConstraintValidatorTestCase;
+
+/**
+ * Tests BigDecimalGreaterThenOrEqualValidator via the BigDecimalPositiveOrZero constraint (value >= 0).
+ */
+final class BigDecimalGreaterThenOrEqualValidatorTest extends ConstraintValidatorTestCase
+{
+    protected function createValidator(): ConstraintValidatorInterface
+    {
+        return new BigDecimalGreaterThenOrEqualValidator();
+    }
+
+    public function testNullIsValid(): void
+    {
+        $this->validator->validate(null, new BigDecimalPositiveOrZero());
+        $this->assertNoViolation();
+    }
+
+    public function testPositiveIntegerIsValid(): void
+    {
+        $this->validator->validate(1, new BigDecimalPositiveOrZero());
+        $this->assertNoViolation();
+    }
+
+    public function testZeroIsValid(): void
+    {
+        $this->validator->validate(0, new BigDecimalPositiveOrZero());
+        $this->assertNoViolation();
+    }
+
+    public function testZeroBigDecimalIsValid(): void
+    {
+        $this->validator->validate(BigDecimal::of('0.00'), new BigDecimalPositiveOrZero());
+        $this->assertNoViolation();
+    }
+
+    public function testPositiveBigDecimalIsValid(): void
+    {
+        $this->validator->validate(BigDecimal::of('3.14'), new BigDecimalPositiveOrZero());
+        $this->assertNoViolation();
+    }
+
+    public function testNegativeIsInvalid(): void
+    {
+        $constraint = new BigDecimalPositiveOrZero();
+        $this->validator->validate(-1, $constraint);
+        $this->buildViolation($constraint->message)
+            ->setParameters(['{{ value }}' => '-1', '{{ compared_value }}' => '0', '{{ compared_value_type }}' => 'int'])
+            ->setCode(\Symfony\Component\Validator\Constraints\GreaterThanOrEqual::TOO_LOW_ERROR)
+            ->assertRaised();
+    }
+
+    public function testNegativeBigDecimalIsInvalid(): void
+    {
+        $constraint = new BigDecimalPositiveOrZero();
+        $this->validator->validate(BigDecimal::of('-0.01'), $constraint);
+        $this->buildViolation($constraint->message)
+            ->setParameters(['{{ value }}' => '-0.01', '{{ compared_value }}' => '0', '{{ compared_value_type }}' => 'int'])
+            ->setCode(\Symfony\Component\Validator\Constraints\GreaterThanOrEqual::TOO_LOW_ERROR)
+            ->assertRaised();
+    }
+}
diff --git a/tests/Validator/Constraints/ValidFileFilterValidatorTest.php b/tests/Validator/Constraints/ValidFileFilterValidatorTest.php
new file mode 100644
index 00000000..933a59ec
--- /dev/null
+++ b/tests/Validator/Constraints/ValidFileFilterValidatorTest.php
@@ -0,0 +1,81 @@
+<?php
+
+declare(strict_types=1);
+
+/*
+ * This file is part of Part-DB (https://github.com/Part-DB/Part-DB-symfony).
+ *
+ *  Copyright (C) 2019 - 2026 Jan Böhmer (https://github.com/jbtronics)
+ *
+ *  This program is free software: you can redistribute it and/or modify
+ *  it under the terms of the GNU Affero General Public License as published
+ *  by the Free Software Foundation, either version 3 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU Affero General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Affero General Public License
+ *  along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+
+namespace App\Tests\Validator\Constraints;
+
+use App\Validator\Constraints\ValidFileFilter;
+use Symfony\Bundle\FrameworkBundle\Test\WebTestCase;
+use Symfony\Component\Validator\Validator\ValidatorInterface;
+
+final class ValidFileFilterValidatorTest extends WebTestCase
+{
+    private static ValidatorInterface $validator;
+
+    public static function setUpBeforeClass(): void
+    {
+        self::bootKernel();
+        self::$validator = self::getContainer()->get('validator');
+    }
+
+    public function testNullIsValid(): void
+    {
+        $violations = self::$validator->validate(null, new ValidFileFilter());
+        $this->assertCount(0, $violations);
+    }
+
+    public function testEmptyStringIsValid(): void
+    {
+        $violations = self::$validator->validate('', new ValidFileFilter());
+        $this->assertCount(0, $violations);
+    }
+
+    public function testValidExtensionFilterIsValid(): void
+    {
+        $violations = self::$validator->validate('.jpg,.png', new ValidFileFilter());
+        $this->assertCount(0, $violations);
+    }
+
+    public function testValidMimeTypeFilterIsValid(): void
+    {
+        $violations = self::$validator->validate('image/*', new ValidFileFilter());
+        $this->assertCount(0, $violations);
+    }
+
+    public function testMixedValidFilterIsValid(): void
+    {
+        $violations = self::$validator->validate('image/*, .pdf, video/mp4', new ValidFileFilter());
+        $this->assertCount(0, $violations);
+    }
+
+    public function testInvalidFilterRaisesViolation(): void
+    {
+        $violations = self::$validator->validate('*.notvalid', new ValidFileFilter());
+        $this->assertCount(1, $violations);
+    }
+
+    public function testFullFilenameRaisesViolation(): void
+    {
+        $violations = self::$validator->validate('test.png', new ValidFileFilter());
+        $this->assertCount(1, $violations);
+    }
+}
diff --git a/tests/Validator/Constraints/Year2038BugWorkaroundValidatorTest.php b/tests/Validator/Constraints/Year2038BugWorkaroundValidatorTest.php
new file mode 100644
index 00000000..a8c5d0a9
--- /dev/null
+++ b/tests/Validator/Constraints/Year2038BugWorkaroundValidatorTest.php
@@ -0,0 +1,73 @@
+<?php
+
+declare(strict_types=1);
+
+/*
+ * This file is part of Part-DB (https://github.com/Part-DB/Part-DB-symfony).
+ *
+ *  Copyright (C) 2019 - 2026 Jan Böhmer (https://github.com/jbtronics)
+ *
+ *  This program is free software: you can redistribute it and/or modify
+ *  it under the terms of the GNU Affero General Public License as published
+ *  by the Free Software Foundation, either version 3 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU Affero General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Affero General Public License
+ *  along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+
+namespace App\Tests\Validator\Constraints;
+
+use App\Validator\Constraints\Year2038BugWorkaround;
+use App\Validator\Constraints\Year2038BugWorkaroundValidator;
+use Symfony\Component\Validator\ConstraintValidatorInterface;
+use Symfony\Component\Validator\Test\ConstraintValidatorTestCase;
+
+final class Year2038BugWorkaroundValidatorTest extends ConstraintValidatorTestCase
+{
+    protected function createValidator(): ConstraintValidatorInterface
+    {
+        // Disable validation by default so tests run on both 32- and 64-bit systems
+        return new Year2038BugWorkaroundValidator(disable_validation: true);
+    }
+
+    public function testIsNotActivatedWhenDisabled(): void
+    {
+        $validator = new Year2038BugWorkaroundValidator(disable_validation: true);
+        $this->assertFalse($validator->isActivated());
+    }
+
+    public function testIsNotActivatedOn64Bit(): void
+    {
+        // On any normal 64-bit CI/dev system PHP_INT_SIZE === 8, so activation requires 32-bit
+        if (PHP_INT_SIZE !== 8) {
+            $this->markTestSkipped('This test is only meaningful on 64-bit systems.');
+        }
+        $validator = new Year2038BugWorkaroundValidator(disable_validation: false);
+        $this->assertFalse($validator->isActivated());
+    }
+
+    public function testNullValueProducesNoViolation(): void
+    {
+        $this->validator->validate(null, new Year2038BugWorkaround());
+        $this->assertNoViolation();
+    }
+
+    public function testDateBefore2038ProducesNoViolationWhenDisabled(): void
+    {
+        $this->validator->validate(new \DateTime('2037-01-01'), new Year2038BugWorkaround());
+        $this->assertNoViolation();
+    }
+
+    public function testDateAfter2038ProducesNoViolationWhenDisabled(): void
+    {
+        // Validation disabled → even a "bad" date causes no violation
+        $this->validator->validate(new \DateTime('2039-01-01'), new Year2038BugWorkaround());
+        $this->assertNoViolation();
+    }
+}