diff --git a/.github/actions/run-minio/action.yml b/.github/actions/run-minio/action.yml
new file mode 100644
index 000000000..42fb34e79
--- /dev/null
+++ b/.github/actions/run-minio/action.yml
@@ -0,0 +1,36 @@
+name: run-minio
+author: atimin
+description: "Run MinIO server and provision a bucket"
+inputs:
+  access_key:
+    description: "MinIO access key"
+    required: true
+    default: "minioadmin"
+  secret_key:
+    description: "MinIO secret key"
+    required: true
+    default: "minioadmin"
+  bucket_name:
+    description: "Name of the bucket to create"
+    required: true
+    default: "test-bucket"
+runs:
+  using: "composite"
+  steps:
+    - name: Set up MinIO server
+      run: |
+        docker run -d --name minio-server -p 9000:9000 \
+            -e "MINIO_ROOT_USER=${{ inputs.access_key }}" \
+            -e "MINIO_ROOT_PASSWORD=${{ inputs.secret_key }}" \
+            minio/minio server /data
+        sleep 5  # Wait for the server to start
+        docker logs minio-server
+      shell: bash
+
+    - name: Create bucket
+      run: |
+        echo "Create bucket ${{ inputs.bucket_name }}"
+
+        docker exec minio-server mc alias set local http://localhost:9000 ${{ inputs.access_key }} ${{ inputs.secret_key }}
+        docker exec minio-server mc mb local/${{ inputs.bucket_name }}
+      shell: bash
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index a9c009edb..d1415cfc1 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -1,7 +1,7 @@
 name: ci
 on:
   push:
-    branches: [main, stable]
+    branches: [ main, stable ]
     tags:
       - "v*"
     paths-ignore:
@@ -10,7 +10,7 @@ on:
       - CHANGELOG.md
 
   pull_request:
-    branches: [main, stable]
+    branches: [ main, stable ]
     paths-ignore:
       - docs/**
       - README.md
@@ -18,11 +18,9 @@ on:
 
 env:
   REGISTRY_IMAGE: reduct/store
-  MINIMAL_RUST_VERSION: 1.85.0
 
 jobs:
   rust_fmt:
-
     runs-on: ubuntu-latest
     name: Rust Linter
     steps:
@@ -43,8 +41,12 @@ jobs:
         uses: docker/build-push-action@v4
         with:
           context: .
+          file: buildx.Dockerfile
           tags: ${{github.repository}}:latest
           outputs: type=docker,dest=/tmp/image.tar
+          build-args: |
+            ARTIFACT_SAS_URL=${{ secrets.ARTIFACT_SAS_URL }}
+            RUST_VERSION=${{ vars.MINIMAL_RUST_VERSION }}
 
       - name: Upload artifact
         uses: actions/upload-artifact@v4
@@ -94,7 +96,7 @@ jobs:
       - name: Install Rust
         uses: dtolnay/rust-toolchain@stable
         with:
-          toolchain: ${{ env.MINIMAL_RUST_VERSION }}
+          toolchain: ${{ vars.MINIMAL_RUST_VERSION }}
 
       - name: Install toolchain
         run: rustup target add ${{ matrix.target }}
@@ -118,7 +120,8 @@ jobs:
       - name: Build binary
         env:
           RUSTFLAGS: "-C target-feature=+crt-static"
-        run: cargo build --release -p reductstore --target ${{ matrix.target }}
+          ARTIFACT_SAS_URL: ${{ secrets.ARTIFACT_SAS_URL }}
+        run: cargo build --release -p reductstore --target ${{ matrix.target }} --all-features
 
       - name: Upload binary
         uses: actions/upload-artifact@v4
@@ -142,19 +145,20 @@ jobs:
       - build_binaries
     strategy:
       matrix:
-        os: [ubuntu-24.04, windows-2022, macos-13]
+        os: [ ubuntu-24.04, windows-2022, macos-14 ]
         include:
           - os: ubuntu-24.04
             target: x86_64-unknown-linux-gnu
           - os: windows-2022
             target: x86_64-pc-windows-gnu
-          - os: macos-13
-            target: x86_64-apple-darwin
+          - os: macos-14
+            target: aarch64-apple-darwin
 
     runs-on: ${{ matrix.os }}
     timeout-minutes: 5
     env:
       RUST_BACKTRACE: 1
+      RUST_LOG: debug
     steps:
       - uses: actions/download-artifact@v4
         with:
@@ -183,7 +187,11 @@ jobs:
       - rust_fmt
     env:
       CARGO_TERM_COLOR: always
-      RUST_LOG: trace # expand logging
+      RUST_LOG: debug # expand logging
+      MINIO_ACCESS_KEY: minioadmin
+      MINIO_SECRET_KEY: minioadmin
+      MINIO_BUCKET: test
+      MINIO_ENDPOINT: http://127.0.0.1:9000
     steps:
       - uses: actions/checkout@v4
 
@@ -198,8 +206,16 @@ jobs:
           version: "26.x"
           repo-token: ${{ secrets.ACTION_GITHUB_TOKEN }}
 
+      - uses: ./.github/actions/run-minio
+        with:
+          access_key: ${{ env.MINIO_ACCESS_KEY }}
+          secret_key: ${{ env.MINIO_SECRET_KEY }}
+          bucket_name: ${{ env.MINIO_BUCKET }}
+
       - name: Generate code coverage
-        run: cargo llvm-cov --all-features --workspace --lcov --output-path lcov.info
+        env:
+          ARTIFACT_SAS_URL: ${{ secrets.ARTIFACT_SAS_URL }}
+        run: cargo llvm-cov --features s3-backend,fs-backend,ci  --workspace --lcov --output-path lcov.info
 
       - name: Upload coverage to Codecov
         continue-on-error: true
@@ -217,15 +233,20 @@ jobs:
       - build
     strategy:
       matrix:
-        token: ["", "XXXX"]
-        cert_path: ["", "/misc/certificate.crt"]
-        license_path: ["", "/misc/license.lic"]
+        token: [ "", "XXXX" ]
+        cert_path: [ "", "/misc/certificate.crt" ]
+        license_path: [ "", "/misc/license.lic" ]
+        backend: [ "fs", "s3" ]
         include:
           - cert_path: "/misc/certificate.crt"
             url: https://127.0.0.1:8383
           - cert_path: ""
             url: http://127.0.0.1:8383
     timeout-minutes: 5
+    env:
+        MINIO_ACCESS_KEY: minioadmin
+        MINIO_SECRET_KEY: minioadmin
+        MINIO_BUCKET: test
     steps:
       - uses: actions/checkout@v4
 
@@ -243,7 +264,8 @@ jobs:
       - name: Create license
         run: echo '${{secrets.LICENSE_KEY}}' > ./misc/license.lic
 
-      - name: Run Database
+      - name: Run ReductStore with FileSystem backend
+        if: ${{matrix.backend == 'fs'}}
         run: |
           docker run --network=host -v ${PWD}/misc:/misc --env RS_API_TOKEN=${{matrix.token}}  \
             --name reduct                                     \
@@ -254,6 +276,31 @@ jobs:
             -d ${{github.repository}}
           sleep 5
 
+      - name: Run MinIO server and create bucket
+        if : ${{matrix.backend == 's3'}}
+        uses: ./.github/actions/run-minio
+        with:
+          access_key: ${{ env.MINIO_ACCESS_KEY }}
+          secret_key: ${{ env.MINIO_SECRET_KEY }}
+          bucket_name: ${{ env.MINIO_BUCKET }}
+
+      - name: Run ReductStore with S3 backend
+        if: ${{matrix.backend == 's3'}}
+        run: |
+            docker run --network=host -v ${PWD}/misc:/misc \
+            --env RS_API_TOKEN=${{matrix.token}} \
+            --env RS_CERT_PATH=${{matrix.cert_path}} \
+            --env RS_LICENSE_PATH=${{matrix.license_path}} \
+            --env RS_CERT_KEY_PATH=/misc/privateKey.key \
+            --env RS_STORAGE_TYPE=s3 \
+            --env RS_REMOTE_BACKEND_ENDPOINT=${{ env.MINIO_ENDPOINT }} \
+            --env RS_REMOTE_ACCESS_KEY=${{ env.MINIO_ACCESS_KEY }} \
+            --env RS_REMOTE_SECRET_KEY=${{ env.MINIO_SECRET_KEY }} \
+            --env RS_REMOTE_BUCKET=${{ env.MINIO_BUCKET }} \
+            --env RS_CORS_ALLOW_ORIGIN="https://first-allowed-origin.com, https://second-allowed-origin.com" \
+            --name reduct -d ${{github.repository}}
+            sleep 5
+
       - name: Build API tests
         run: |
           docker login -u ${{ secrets.DOCKER_USER }} -p ${{ secrets.DOCKER_TOKEN }}
@@ -280,7 +327,8 @@ jobs:
         version:
           [
             "latest",
-            "v1.14.0",
+            "v1.15.6",
+            "v1.14.8",
             "v1.13.5",
             "v1.12.4",
             "v1.11.2",
@@ -360,12 +408,16 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        cmd: ["stop", "kill"]
+        backend: [ "fs", "s3" ]
+        cmd: [ "stop", "kill" ]
     needs:
       - unit_tests
       - build
     env:
       RS_API_TOKEN: XXXX
+      MINIO_ACCESS_KEY: minioadmin
+      MINIO_SECRET_KEY: minioadmin
+      MINIO_BUCKET: test
     steps:
       - uses: actions/checkout@v4
       - uses: actions/setup-python@v5
@@ -383,12 +435,33 @@ jobs:
           docker load --input /tmp/image.tar
           docker image ls -a
 
-      - name: Run ReductStore
+      - name: Run ReductStore with FileSystem backend
+        if: ${{matrix.backend == 'fs'}}
         run: |
           docker run --network=host -v ./data:/data --env RS_API_TOKEN=${RS_API_TOKEN} --name reductstore -d ${{github.repository}}
           sleep 5
           docker logs reductstore
 
+      - name: Run MiniO server and create bucket
+        if : ${{matrix.backend == 's3'}}
+        uses: ./.github/actions/run-minio
+        with:
+          access_key: ${{ env.MINIO_ACCESS_KEY }}
+          secret_key: ${{ env.MINIO_SECRET_KEY }}
+          bucket_name: ${{ env.MINIO_BUCKET }}
+
+      - name: Run ReductStore with S3 backend
+        if: ${{matrix.backend == 's3'}}
+        run: |
+          docker run --network=host -v ./data:/data \
+            --env RS_API_TOKEN=${RS_API_TOKEN} \
+            --env RS_STORAGE_TYPE=s3 \
+            --env RS_REMOTE_BACKEND_ENDPOINT=http://127.0.0.1:9000 \
+            --env RS_REMOTE_ACCESS_KEY=${MINIO_ACCESS_KEY} \
+            --env RS_REMOTE_SECRET_KEY=${MINIO_SECRET_KEY} \
+            --env RS_REMOTE_BUCKET=${MINIO_BUCKET} \
+            --name reductstore -d ${{github.repository}}
+
       - name: Upload data
         run: |
           pip install -r ./integration_tests/data_check/requirements.txt
@@ -401,7 +474,7 @@ jobs:
           sleep 5
           docker logs reductstore-1
 
-      - name: Check data after migraiton
+      - name: Check data after migration
         run: python3 ./integration_tests/data_check/checker.py
 
       - name: Save docker logs
@@ -410,7 +483,7 @@ jobs:
       - uses: actions/upload-artifact@v4
         if: always()
         with:
-          name: docker-log-recovery-${{matrix.cmd}}
+          name: docker-log-recovery-${{matrix.cmd}}-${{matrix.backend}}
           path: /tmp/docker-log.zip
 
       - name: Show replication report
@@ -523,7 +596,7 @@ jobs:
       - unit_tests
     strategy:
       matrix:
-        branch: ["main", "latest"]
+        branch: [ "main", "latest" ]
     timeout-minutes: 5
 
     steps:
@@ -543,7 +616,6 @@ jobs:
             --name reductstore \
             --env RS_DATA_PATH=/data \
             --env RS_API_TOKEN=token \
-            --env RS_LOG_LEVEL=DEBUG \
             -p 8383:8383 \
             -v ./data:/data \
             ${{ github.repository }}:latest
@@ -645,7 +717,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        arch: [amd64, arm64]
+        arch: [ amd64, arm64 ]
     needs:
       - build_snap
       - api_tests
@@ -678,7 +750,7 @@ jobs:
     if: github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/')
     strategy:
       matrix:
-        platform: [linux/amd64, linux/arm64]
+        platform: [ linux/amd64, linux/arm64 ]
         include:
           - platform: linux/amd64
             cargo_target: x86_64-unknown-linux-gnu
@@ -727,6 +799,9 @@ jobs:
             GIT_COMMIT=${{env.GITHUB_SHA}}
             CARGO_TARGET=${{matrix.cargo_target}}
             GCC_COMPILER=${{matrix.gcc_compiler}}
+            ARTIFACT_SAS_URL=${{ secrets.ARTIFACT_SAS_URL }}
+            RUST_VERSION=${{ vars.MINIMAL_RUST_VERSION }}
+
           outputs: type=image,name=${{ env.REGISTRY_IMAGE }},push-by-digest=true,name-canonical=true,push=true
 
       - name: Export digest
@@ -795,7 +870,7 @@ jobs:
       - name: Set up Rust
         uses: dtolnay/rust-toolchain@stable
         with:
-          toolchain: ${{ env.MINIMAL_RUST_VERSION }}
+          toolchain: ${{ vars.MINIMAL_RUST_VERSION }}
       - uses: arduino/setup-protoc@v1
         with:
           version: "3.x"
diff --git a/CHANGELOG.md b/CHANGELOG.md
index f5e77bfa4..257acd4fb 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,9 +7,106 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+### Added
+
+- Integrate S3 Storage Backend, [PR-919](https://github.com/reductstore/reductstore/pull/919)
+
+### Changed
+
+- Update extensions for Rust 1.89: ros-ext v0.3.0, select v0.5.0, [PR-921](https://github.com/reductstore/reductstore/pull/921)
+
+### Fixed
+
+- Add CA certificates to Docker image for AWS S3 access, [PR-924](https://github.com/reductstore/reductstore/pull/924)
+- Fix path for token repository when cache used, [PR-925](https://github.com/reductstore/reductstore/pull/925)
+
+## [1.16.3] - 2025-08-22
+
+### Fixed
+
+- Fix double synchronization of transaction log + integrity checks, [PR-912](https://github.com/reductstore/reductstore/pull/912)
+
+## [1.16.2] - 2025-08-22
+
+### Fixed
+
+- Prevent data lost of unsynchronized files in case of power failure for unfinished blocks, [PR-909](https://github.com/reductstore/reductstore/pull/909)
+
+### Security
+
+- CVE-2025-55159: Update slab up to 0.4.11, [PR-911](https://github.com/reductstore/reductstore/pull/911)
+
+## [1.16.1] - 2025-08-09
+
+### Fixed
+
+- Fix directive parsing and order of operators in conditional query, [PR-899](https://github.com/reductstore/reductstore/pull/899)
+
+### Changed
+
+- Update Web Console up to v1.11.2, [PR-900](https://github.com/reductstore/reductstore/pull/900)
+
+## [1.16.0] - 2025-07-31
+
+### Added
+
+- Pass server information to extensions, [PR-816](https://github.com/reductstore/reductstore/pull/816)
+- Integrate ReductSelect v0.1.0, [PR-821](https://github.com/reductstore/reductstore/pull/821)
+- Integrate ReductRos v0.1.0, [PR-856](https://github.com/reductstore/reductstore/pull/856)
+- Filter buckets by read permission in server information, [PR-849](https://github.com/reductstore/reductstore/pull/849)
+- Support for duration literals, [PR-864](https://github.com/reductstore/reductstore/pull/864)
+- Support for `#ctx_before` and `#ctx_after` directives, [PR-866](https://github.com/reductstore/reductstore/pull/866)
+- Support for wildcards in write/read token permissions, [PR-877](https://github.com/reductstore/reductstore/pull/877)
+- Check format of read/write token permissions, [PR-881](https://github.com/reductstore/reductstore/pull/881)
+- Add support for selecting specific labels via the `#select_labels` directive, [PR-888](https://github.com/reductstore/reductstore/pull/888)
+
+### Changed
+
+- Add "@" prefix to computed labels, [PR-815](https://github.com/reductstore/reductstore/pull/815)
+- Refactor Extension API for multi-line CSV processing, ReductSelect v0.2.0, [PR-823](https://github.com/reductstore/reductstore/pull/823)
+- Run all operands after a compute-staged one on the compute stage, [PR-835](https://github.com/reductstore/reductstore/pull/835)
+- Replace auto-staging for extension filtering with when condition in ext parameter, [PR-838](https://github.com/reductstore/reductstore/pull/838)
+- Update ReductSelect up to v0.3.0, with CSV headers and data buffering, [PR-850](https://github.com/reductstore/reductstore/pull/850)
+- Update ReductROS up to v0.2.0 with binary data encoding, [PR-882](https://github.com/reductstore/reductstore/pull/882)
+- Update WebConsole up to v1.11.0 with many improvements, [PR-883](https://github.com/reductstore/reductstore/pull/883)
+- Update ReductSelect up to v0.4.0, [PR-889](https://github.com/reductstore/reductstore/pull/889)
+- Update Web Console up to v1.11.1 and ReductSelect up to 0.4.1, [PR-890](https://github.com/reductstore/reductstore/pull/890)
+
+### Fixed
+
+- Fix hanging query request if no extension registered, [PR-830](https://github.com/reductstore/reductstore/pull/830)
+- Fix `$limit` operator in extension context, [PR-848](https://github.com/reductstore/reductstore/pull/848)
+- Fix query finalization in ExtRepository, [PR-891](https://github.com/reductstore/reductstore/pull/891)
+
+### Removed
+
+- `x-reduct-last` header from query response, [PR-876](https://github.com/reductstore/reductstore/pull/876)
+
+## [1.15.6] - 2025-06-25
+
+### Fixed
+
+- Fix replication of update transaction to empty bucket, [PR-867](https://github.com/reductstore/reductstore/pull/867)
+
+## [1.15.5] - 2025-06-10
+
+### Fixed
+
+- Fix crash if RS_API_PATH has wrong format, [PR-846](https://github.com/reductstore/reductstore/pull/846)
+
+### Changed
+
+- Update Web Console up to 1.10.2, [PR-847](https://github.com/reductstore/reductstore/pull/847)
+
+## [1.15.4] - 2025-05-28
+
+### Fixed
+
+- Update yanked zip dependency to 4.0.0, [PR-837](https://github.com/reductstore/reductstore/pull/837)
+
 ## [1.15.3] - 2025-05-26
 
-## Fixed
+### Fixed
 
 - Fix lock of write channel for small chunks, [PR-834](https://github.com/reductstore/reductstore/pull/834)
 
@@ -43,7 +140,6 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - RS-645: Implement `$timestamp` operator, [PR-798](https://github.com/reductstore/reductstore/pull/798)
 - RS-646: Enable logging in extensions, [PR-646](https://github.com/reductstore/reductstore/pull/794)
 
-
 ### Changed
 
 - Minimum Rust version to 1.85
@@ -186,7 +282,6 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 - Update Web Console up to v1.8.0, [PR-655](https://github.com/reductstore/reductstore/pull/655)
 
-
 ### Fixed
 
 - RS-544: Fix keeping quota error, [PR-654](https://github.com/reductstore/reductstore/pull/654)
@@ -199,7 +294,6 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - RS-536: Update README.md, [PR-649](https://github.com/reductstore/reductstore/pull/649)
 - RS-193: Cross-compilation in CI/CD, [PR-651](https://github.com/reductstore/reductstore/pull/651)
 
-
 ## [1.12.4] - 2024-11-20
 
 ### Fixed
@@ -688,7 +782,7 @@ reduct-rs: `ReductClient.url`, `ReductClient.token`, `ReductCientBuilder.try_bui
 
 ### Added
 
-- Labels for  `POST|GET /api/v1/:bucket/:entry` as headers with
+- Labels for `POST|GET /api/v1/:bucket/:entry` as headers with
   prefix `x-reduct-label-`, [PR-224](https://github.com/reductstore/reductstore/pull/224)
 - `include-<label>` and `exclude-<label>` query parameters for query endpoint
   `GET /api/v1/:bucket/:entry/q`, [PR-226](https://github.com/reductstore/reductstore/pull/226)
@@ -970,7 +1064,7 @@ reduct-rs: `ReductClient.url`, `ReductClient.token`, `ReductCientBuilder.try_bui
 
 - Block structure in entry, [PR-58](https://github.com/reductstore/reductstore/pull/58)
 
-## [0.3.0]  - 2022-03-14
+## [0.3.0] - 2022-03-14
 
 ### Added
 
@@ -991,8 +1085,8 @@ reduct-rs: `ReductClient.url`, `ReductClient.token`, `ReductCientBuilder.try_bui
 
 ### Fixed:
 
-* Crushing when API token is wrong, [PR-42](https://github.com/reductstore/reductstore/pull/42)
-* Order of authentication checks, [PR-43](https://github.com/reductstore/reductstore/pull/43)
+- Crushing when API token is wrong, [PR-42](https://github.com/reductstore/reductstore/pull/42)
+- Order of authentication checks, [PR-43](https://github.com/reductstore/reductstore/pull/43)
 
 ## [0.2.0] - 2022-02-26
 
@@ -1024,165 +1118,91 @@ reduct-rs: `ReductClient.url`, `ReductClient.token`, `ReductCientBuilder.try_bui
 
 - Initial release with basic HTTP API and FIFO bucket quota
 
-
-[Unreleased]: https://github.com/reductstore/reductstore/compare/v1.15.3...HEAD
-
+[Unreleased]: https://github.com/reductstore/reductstore/compare/v1.16.3...HEAD
+[1.16.3]: https://github.com/reductstore/reductstore/compare/v1.16.2...v1.16.3
+[1.16.2]: https://github.com/reductstore/reductstore/compare/v1.16.1...v1.16.2
+[1.16.1]: https://github.com/reductstore/reductstore/compare/v1.16.0...v1.16.1
+[1.16.0]: https://github.com/reductstore/reductstore/compare/v1.15.6...v1.16.0
+[1.15.6]: https://github.com/reductstore/reductstore/compare/v1.15.5...v1.15.6
+[1.15.5]: https://github.com/reductstore/reductstore/compare/v1.15.4...v1.15.5
+[1.15.4]: https://github.com/reductstore/reductstore/compare/v1.15.3...v1.15.4
 [1.15.3]: https://github.com/reductstore/reductstore/compare/v1.15.2...v1.15.3
-
 [1.15.2]: https://github.com/reductstore/reductstore/compare/v1.15.1...v1.15.2
-
 [1.15.1]: https://github.com/reductstore/reductstore/compare/v1.15.0...v1.15.1
-
 [1.15.0]: https://github.com/reductstore/reductstore/compare/v1.14.8...v1.15.0
-
 [1.14.8]: https://github.com/reductstore/reductstore/compare/v1.14.7...v1.14.8
-
 [1.14.7]: https://github.com/reductstore/reductstore/compare/v1.14.6...v1.14.7
-
 [1.14.6]: https://github.com/reductstore/reductstore/compare/v1.14.5...v1.14.6
-
 [1.14.5]: https://github.com/reductstore/reductstore/compare/v1.14.4...v1.14.5
-
 [1.14.4]: https://github.com/reductstore/reductstore/compare/v1.14.3...v1.14.4
-
 [1.14.3]: https://github.com/reductstore/reductstore/compare/v1.14.2...v1.14.3
-
 [1.14.2]: https://github.com/reductstore/reductstore/compare/v1.14.1...v1.14.2
-
 [1.14.1]: https://github.com/reductstore/reductstore/compare/v1.14.0...v1.14.1
-
 [1.14.0]: https://github.com/reductstore/reductstore/compare/v1.13.5...v1.14.0
-
 [1.13.5]: https://github.com/reductstore/reductstore/compare/v1.13.4...v1.13.5
-
 [1.13.4]: https://github.com/reductstore/reductstore/compare/v1.13.3...v1.13.4
-
 [1.13.3]: https://github.com/reductstore/reductstore/compare/v1.13.2...v1.13.3
-
 [1.13.2]: https://github.com/reductstore/reductstore/compare/v1.13.1...v1.13.2
-
 [1.13.1]: https://github.com/reductstore/reductstore/compare/v1.13.0...v1.13.1
-
 [1.13.0]: https://github.com/reductstore/reductstore/compare/v1.12.4...v1.13.0
-
 [1.12.4]: https://github.com/reductstore/reductstore/compare/v1.12.3...v1.12.4
-
 [1.12.3]: https://github.com/reductstore/reductstore/compare/v1.12.2...v1.12.3
-
 [1.12.2]: https://github.com/reductstore/reductstore/compare/v1.12.1...v1.12.2
-
 [1.12.1]: https://github.com/reductstore/reductstore/compare/v1.12.0...v1.12.1
-
 [1.12.0]: https://github.com/reductstore/reductstore/compare/v1.11.1...v1.12.0
-
 [1.11.2]: https://github.com/reductstore/reductstore/compare/v1.11.1...v1.11.2
-
 [1.11.1]: https://github.com/reductstore/reductstore/compare/v1.11.0...v1.11.1
-
 [1.11.0]: https://github.com/reductstore/reductstore/compare/v1.10.1...v1.11.0
-
 [1.10.1]: https://github.com/reductstore/reductstore/compare/v1.10.0...v1.10.1
-
 [1.10.0]: https://github.com/reductstore/reductstore/compare/v1.9.5...v1.10.0
-
 [1.9.5]: https://github.com/reductstore/reductstore/compare/v1.9.4...v1.9.5
-
 [1.9.4]: https://github.com/reductstore/reductstore/compare/v1.9.3...v1.9.4
-
 [1.9.3]: https://github.com/reductstore/reductstore/compare/v1.9.2...v1.9.3
-
 [1.9.2]: https://github.com/reductstore/reductstore/compare/v1.9.1...v1.9.2
-
 [1.9.1]: https://github.com/reductstore/reductstore/compare/v1.9.0...v1.9.1
-
 [1.9.0]: https://github.com/reductstore/reductstore/compare/v1.8.2...v1.9.0
-
 [1.8.2]: https://github.com/reductstore/reductstore/compare/v1.8.1...v1.8.2
-
 [1.8.1]: https://github.com/reductstore/reductstore/compare/v1.8.0...v1.8.1
-
 [1.8.0]: https://github.com/reductstore/reductstore/compare/v1.7.3...v1.8.0
-
 [1.7.3]: https://github.com/reductstore/reductstore/compare/v1.7.2...v1.7.3
-
 [1.7.2]: https://github.com/reductstore/reductstore/compare/v1.7.1...v1.7.2
-
 [1.7.1]: https://github.com/reductstore/reductstore/compare/v1.7.0...v1.7.1
-
 [1.7.0]: https://github.com/reductstore/reductstore/compare/v1.6.2...v1.7.0
-
 [1.6.2]: https://github.com/reductstore/reductstore/compare/v1.6.1...v1.6.2
-
 [1.6.1]: https://github.com/reductstore/reductstore/compare/v1.6.0...v1.6.1
-
 [1.6.0]: https://github.com/reductstore/reductstore/compare/v1.5.1...v1.6.0
-
 [1.5.1]: https://github.com/reductstore/reductstore/compare/v1.5.0...v1.5.1
-
 [1.5.0]: https://github.com/reductstore/reductstore/compare/v1.4.1...v1.5.0
-
 [1.4.1]: https://github.com/reductstore/reductstore/compare/v1.4.0...v1.4.1
-
 [1.4.0]: https://github.com/reductstore/reductstore/compare/v1.4.0-beta.1...v1.4.0
-
 [1.4.0-beta.1]: https://github.com/reductstore/reductstore/compare/v1.4.0-alpha.2...v1.4.0-beta.1
-
 [1.4.0-alpha.2]: https://github.com/reductstore/reductstore/compare/v1.4.0-alpha.1...v1.4.0-alpha.2
-
 [1.4.0-alpha.1]: https://github.com/reductstore/reductstore/compare/v1.3.2...v1.4.0-alpha.1
-
 [1.3.2]: https://github.com/reductstore/reductstore/compare/v1.3.1...v1.3.2
-
 [1.3.1]: https://github.com/reductstore/reductstore/compare/v1.3.0...v1.3.1
-
 [1.3.0]: https://github.com/reductstore/reductstore/compare/v1.2.3...v1.3.0
-
 [1.2.3]: https://github.com/reductstore/reductstore/compare/v1.2.2...v1.2.3
-
 [1.2.2]: https://github.com/reductstore/reductstore/compare/v1.2.1...v1.2.2
-
 [1.2.1]: https://github.com/reductstore/reductstore/compare/v1.2.0...v1.2.1
-
 [1.2.0]: https://github.com/reductstore/reductstore/compare/v1.1.1...v1.2.0
-
 [1.1.1]: https://github.com/reductstore/reductstore/compare/v1.1.0...v1.1.1
-
 [1.1.0]: https://github.com/reductstore/reductstore/compare/v1.0.0...v1.1.0
-
 [1.0.1]: https://github.com/reductstore/reductstore/compare/v1.0.0...v1.0.1
-
 [1.0.0]: https://github.com/reductstore/reductstore/compare/v0.9.0...v1.0.0
-
 [0.9.0]: https://github.com/reductstore/reductstore/compare/v0.8.0...v0.9.0
-
 [0.8.0]: https://github.com/reductstore/reductstore/compare/v0.7.1...v0.8.0
-
 [0.7.1]: https://github.com/reductstore/reductstore/compare/v0.7.0...v0.7.1
-
 [0.7.0]: https://github.com/reductstore/reductstore/compare/v0.6.1...v0.7.0
-
 [0.6.1]: https://github.com/reductstore/reductstore/compare/v0.6.0...v0.6.1
-
 [0.6.0]: https://github.com/reductstore/reductstore/compare/v0.5.1...v0.6.0
-
 [0.5.1]: https://github.com/reductstore/reductstore/compare/v0.5.0...v0.5.1
-
 [0.5.0]: https://github.com/reductstore/reductstore/compare/v0.4.3...v0.5.0
-
 [0.4.3]: https://github.com/reductstore/reductstore/compare/v0.4.2...v0.4.3
-
 [0.4.2]: https://github.com/reductstore/reductstore/compare/v0.4.1...v0.4.2
-
 [0.4.1]: https://github.com/reductstore/reductstore/compare/v0.4.0...v0.4.1
-
 [0.4.0]: https://github.com/reductstore/reductstore/compare/v0.3.0...v0.4.0
-
 [0.3.0]: https://github.com/reductstore/reductstore/compare/v0.2.1...v0.3.0
-
 [0.2.1]: https://github.com/reductstore/reductstore/compare/v0.2.0...v0.2.1
-
 [0.2.0]: https://github.com/reductstore/reductstore/compare/v0.1.1...v0.2.0
-
 [0.1.1]: https://github.com/reductstore/reductstore/compare/v0.1.0...v0.1.1
-
 [0.1.0]: https://github.com/reductstore/reductstore/releases/tag/v0.1.0
diff --git a/Cargo.lock b/Cargo.lock
index 5c14cbed3..b161ac9c0 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -13,9 +13,9 @@ dependencies = [
 
 [[package]]
 name = "adler2"
-version = "2.0.0"
+version = "2.0.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "512761e0bb2578dd7380c6baaa0f4ce03e84f95e960231d1dec8bf4d7d6e2627"
+checksum = "320119579fcad9c21884f5c4861d16174d0e06250625266f50fe6898340abefa"
 
 [[package]]
 name = "aes"
@@ -37,6 +37,12 @@ dependencies = [
  "memchr",
 ]
 
+[[package]]
+name = "allocator-api2"
+version = "0.2.21"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "683d7910e743518b0e34f1186f92494becacb047c7b6bf616c96772180fef923"
+
 [[package]]
 name = "android-tzdata"
 version = "0.1.1"
@@ -54,9 +60,9 @@ dependencies = [
 
 [[package]]
 name = "anstream"
-version = "0.6.18"
+version = "0.6.20"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8acc5369981196006228e28809f761875c0327210a891e941f4c683b3a99529b"
+checksum = "3ae563653d1938f79b1ab1b5e668c87c76a9930414574a6583a7b7e11a8e6192"
 dependencies = [
  "anstyle",
  "anstyle-parse",
@@ -69,50 +75,50 @@ dependencies = [
 
 [[package]]
 name = "anstyle"
-version = "1.0.10"
+version = "1.0.11"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "55cc3b69f167a1ef2e161439aa98aed94e6028e5f9a59be9a6ffb47aef1651f9"
+checksum = "862ed96ca487e809f1c8e5a8447f6ee2cf102f846893800b20cebdf541fc6bbd"
 
 [[package]]
 name = "anstyle-parse"
-version = "0.2.6"
+version = "0.2.7"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3b2d16507662817a6a20a9ea92df6652ee4f94f914589377d69f3b21bc5798a9"
+checksum = "4e7644824f0aa2c7b9384579234ef10eb7efb6a0deb83f9630a49594dd9c15c2"
 dependencies = [
  "utf8parse",
 ]
 
 [[package]]
 name = "anstyle-query"
-version = "1.1.2"
+version = "1.1.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "79947af37f4177cfead1110013d678905c37501914fba0efea834c3fe9a8d60c"
+checksum = "9e231f6134f61b71076a3eab506c379d4f36122f2af15a9ff04415ea4c3339e2"
 dependencies = [
- "windows-sys 0.59.0",
+ "windows-sys 0.60.2",
 ]
 
 [[package]]
 name = "anstyle-wincon"
-version = "3.0.7"
+version = "3.0.10"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ca3534e77181a9cc07539ad51f2141fe32f6c3ffd4df76db8ad92346b003ae4e"
+checksum = "3e0633414522a32ffaac8ac6cc8f748e090c5717661fddeea04219e2344f5f2a"
 dependencies = [
  "anstyle",
- "once_cell",
- "windows-sys 0.59.0",
+ "once_cell_polyfill",
+ "windows-sys 0.60.2",
 ]
 
 [[package]]
 name = "anyhow"
-version = "1.0.97"
+version = "1.0.99"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "dcfed56ad506cb2c684a14971b8861fdc3baaaae314b9e5f9bb532cbe3ba7a4f"
+checksum = "b0674a1ddeecb70197781e945de4b3b8ffb61fa939a5597bcf48503737663100"
 
 [[package]]
 name = "arbitrary"
-version = "1.4.1"
+version = "1.4.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "dde20b3d026af13f561bdd0f15edf01fc734f0dafcedbaf42bba506a9517f223"
+checksum = "c3d036a3c4ab069c7b410a2ce876bd74808d2d0888a82667669f8e783a898bf1"
 dependencies = [
  "derive_arbitrary",
 ]
@@ -148,18 +154,18 @@ checksum = "c7c24de15d275a1ecfd47a380fb4d5ec9bfe0933f309ed5e705b775596a3574d"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.101",
+ "syn 2.0.106",
 ]
 
 [[package]]
 name = "async-trait"
-version = "0.1.88"
+version = "0.1.89"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e539d3fca749fcee5236ab05e93a52867dd549cc157c8cb7f99595f3cedffdb5"
+checksum = "9035ad2d096bed7955a320ee7e2230574d28fd3c3a0f186cbea1ff3c7eed5dbb"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.101",
+ "syn 2.0.106",
 ]
 
 [[package]]
@@ -170,15 +176,57 @@ checksum = "1505bd5d3d116872e7271a6d4e16d81d0c8570876c8de68093a09ac269d8aac0"
 
 [[package]]
 name = "autocfg"
-version = "1.4.0"
+version = "1.5.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c08606f8c3cbf4ce6ec8e28fb0014a2c086708fe954eaa885384a6165172e7e8"
+
+[[package]]
+name = "aws-config"
+version = "1.8.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8bc1b40fb26027769f16960d2f4a6bc20c4bb755d403e552c8c1a73af433c246"
+dependencies = [
+ "aws-credential-types",
+ "aws-runtime",
+ "aws-sdk-sso",
+ "aws-sdk-ssooidc",
+ "aws-sdk-sts",
+ "aws-smithy-async",
+ "aws-smithy-http",
+ "aws-smithy-json",
+ "aws-smithy-runtime",
+ "aws-smithy-runtime-api",
+ "aws-smithy-types",
+ "aws-types",
+ "bytes",
+ "fastrand",
+ "hex",
+ "http 1.3.1",
+ "ring",
+ "time",
+ "tokio",
+ "tracing",
+ "url",
+ "zeroize",
+]
+
+[[package]]
+name = "aws-credential-types"
+version = "1.2.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ace50bade8e6234aa140d9a2f552bbee1db4d353f69b8217bc503490fc1a9f26"
+checksum = "d025db5d9f52cbc413b167136afb3d8aeea708c0d8884783cf6253be5e22f6f2"
+dependencies = [
+ "aws-smithy-async",
+ "aws-smithy-runtime-api",
+ "aws-smithy-types",
+ "zeroize",
+]
 
 [[package]]
 name = "aws-lc-rs"
-version = "1.12.6"
+version = "1.13.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "dabb68eb3a7aa08b46fddfd59a3d55c978243557a90ab804769f7e20e67d2b01"
+checksum = "5c953fe1ba023e6b7730c0d4b031d06f267f23a46167dcbd40316644b10a17ba"
 dependencies = [
  "aws-lc-sys",
  "zeroize",
@@ -186,9 +234,9 @@ dependencies = [
 
 [[package]]
 name = "aws-lc-sys"
-version = "0.27.1"
+version = "0.30.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "77926887776171ced7d662120a75998e444d3750c951abfe07f90da130514b1f"
+checksum = "dbfd150b5dbdb988bcc8fb1fe787eb6b7ee6180ca24da683b61ea5405f3d43ff"
 dependencies = [
  "bindgen",
  "cc",
@@ -197,6 +245,371 @@ dependencies = [
  "fs_extra",
 ]
 
+[[package]]
+name = "aws-runtime"
+version = "1.5.10"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c034a1bc1d70e16e7f4e4caf7e9f7693e4c9c24cd91cf17c2a0b21abaebc7c8b"
+dependencies = [
+ "aws-credential-types",
+ "aws-sigv4",
+ "aws-smithy-async",
+ "aws-smithy-eventstream",
+ "aws-smithy-http",
+ "aws-smithy-runtime",
+ "aws-smithy-runtime-api",
+ "aws-smithy-types",
+ "aws-types",
+ "bytes",
+ "fastrand",
+ "http 0.2.12",
+ "http-body 0.4.6",
+ "percent-encoding",
+ "pin-project-lite",
+ "tracing",
+ "uuid",
+]
+
+[[package]]
+name = "aws-sdk-s3"
+version = "1.104.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "38c488cd6abb0ec9811c401894191932e941c5f91dc226043edacd0afa1634bc"
+dependencies = [
+ "aws-credential-types",
+ "aws-runtime",
+ "aws-sigv4",
+ "aws-smithy-async",
+ "aws-smithy-checksums",
+ "aws-smithy-eventstream",
+ "aws-smithy-http",
+ "aws-smithy-json",
+ "aws-smithy-runtime",
+ "aws-smithy-runtime-api",
+ "aws-smithy-types",
+ "aws-smithy-xml",
+ "aws-types",
+ "bytes",
+ "fastrand",
+ "hex",
+ "hmac",
+ "http 0.2.12",
+ "http 1.3.1",
+ "http-body 0.4.6",
+ "lru",
+ "percent-encoding",
+ "regex-lite",
+ "sha2",
+ "tracing",
+ "url",
+]
+
+[[package]]
+name = "aws-sdk-sso"
+version = "1.83.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "643cd43af212d2a1c4dedff6f044d7e1961e5d9e7cfe773d70f31d9842413886"
+dependencies = [
+ "aws-credential-types",
+ "aws-runtime",
+ "aws-smithy-async",
+ "aws-smithy-http",
+ "aws-smithy-json",
+ "aws-smithy-runtime",
+ "aws-smithy-runtime-api",
+ "aws-smithy-types",
+ "aws-types",
+ "bytes",
+ "fastrand",
+ "http 0.2.12",
+ "regex-lite",
+ "tracing",
+]
+
+[[package]]
+name = "aws-sdk-ssooidc"
+version = "1.84.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "20ec4a95bd48e0db7a424356a161f8d87bd6a4f0af37204775f0da03d9e39fc3"
+dependencies = [
+ "aws-credential-types",
+ "aws-runtime",
+ "aws-smithy-async",
+ "aws-smithy-http",
+ "aws-smithy-json",
+ "aws-smithy-runtime",
+ "aws-smithy-runtime-api",
+ "aws-smithy-types",
+ "aws-types",
+ "bytes",
+ "fastrand",
+ "http 0.2.12",
+ "regex-lite",
+ "tracing",
+]
+
+[[package]]
+name = "aws-sdk-sts"
+version = "1.85.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "410309ad0df4606bc721aff0d89c3407682845453247213a0ccc5ff8801ee107"
+dependencies = [
+ "aws-credential-types",
+ "aws-runtime",
+ "aws-smithy-async",
+ "aws-smithy-http",
+ "aws-smithy-json",
+ "aws-smithy-query",
+ "aws-smithy-runtime",
+ "aws-smithy-runtime-api",
+ "aws-smithy-types",
+ "aws-smithy-xml",
+ "aws-types",
+ "fastrand",
+ "http 0.2.12",
+ "regex-lite",
+ "tracing",
+]
+
+[[package]]
+name = "aws-sigv4"
+version = "1.3.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "084c34162187d39e3740cb635acd73c4e3a551a36146ad6fe8883c929c9f876c"
+dependencies = [
+ "aws-credential-types",
+ "aws-smithy-eventstream",
+ "aws-smithy-http",
+ "aws-smithy-runtime-api",
+ "aws-smithy-types",
+ "bytes",
+ "crypto-bigint 0.5.5",
+ "form_urlencoded",
+ "hex",
+ "hmac",
+ "http 0.2.12",
+ "http 1.3.1",
+ "p256",
+ "percent-encoding",
+ "ring",
+ "sha2",
+ "subtle",
+ "time",
+ "tracing",
+ "zeroize",
+]
+
+[[package]]
+name = "aws-smithy-async"
+version = "1.2.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1e190749ea56f8c42bf15dd76c65e14f8f765233e6df9b0506d9d934ebef867c"
+dependencies = [
+ "futures-util",
+ "pin-project-lite",
+ "tokio",
+]
+
+[[package]]
+name = "aws-smithy-checksums"
+version = "0.63.8"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "56d2df0314b8e307995a3b86d44565dfe9de41f876901a7d71886c756a25979f"
+dependencies = [
+ "aws-smithy-http",
+ "aws-smithy-types",
+ "bytes",
+ "crc-fast",
+ "hex",
+ "http 0.2.12",
+ "http-body 0.4.6",
+ "md-5",
+ "pin-project-lite",
+ "sha1",
+ "sha2",
+ "tracing",
+]
+
+[[package]]
+name = "aws-smithy-eventstream"
+version = "0.60.11"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "182b03393e8c677347fb5705a04a9392695d47d20ef0a2f8cfe28c8e6b9b9778"
+dependencies = [
+ "aws-smithy-types",
+ "bytes",
+ "crc32fast",
+]
+
+[[package]]
+name = "aws-smithy-http"
+version = "0.62.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "7c4dacf2d38996cf729f55e7a762b30918229917eca115de45dfa8dfb97796c9"
+dependencies = [
+ "aws-smithy-eventstream",
+ "aws-smithy-runtime-api",
+ "aws-smithy-types",
+ "bytes",
+ "bytes-utils",
+ "futures-core",
+ "http 0.2.12",
+ "http 1.3.1",
+ "http-body 0.4.6",
+ "percent-encoding",
+ "pin-project-lite",
+ "pin-utils",
+ "tracing",
+]
+
+[[package]]
+name = "aws-smithy-http-client"
+version = "1.1.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "147e8eea63a40315d704b97bf9bc9b8c1402ae94f89d5ad6f7550d963309da1b"
+dependencies = [
+ "aws-smithy-async",
+ "aws-smithy-runtime-api",
+ "aws-smithy-types",
+ "h2 0.3.27",
+ "h2 0.4.12",
+ "http 0.2.12",
+ "http 1.3.1",
+ "http-body 0.4.6",
+ "hyper 0.14.32",
+ "hyper 1.7.0",
+ "hyper-rustls 0.24.2",
+ "hyper-rustls 0.27.7",
+ "hyper-util",
+ "pin-project-lite",
+ "rustls 0.21.12",
+ "rustls 0.23.31",
+ "rustls-native-certs 0.8.1",
+ "rustls-pki-types",
+ "tokio",
+ "tokio-rustls 0.26.2",
+ "tower",
+ "tracing",
+]
+
+[[package]]
+name = "aws-smithy-json"
+version = "0.61.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "eaa31b350998e703e9826b2104dd6f63be0508666e1aba88137af060e8944047"
+dependencies = [
+ "aws-smithy-types",
+]
+
+[[package]]
+name = "aws-smithy-observability"
+version = "0.1.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9364d5989ac4dd918e5cc4c4bdcc61c9be17dcd2586ea7f69e348fc7c6cab393"
+dependencies = [
+ "aws-smithy-runtime-api",
+]
+
+[[package]]
+name = "aws-smithy-query"
+version = "0.60.7"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f2fbd61ceb3fe8a1cb7352e42689cec5335833cd9f94103a61e98f9bb61c64bb"
+dependencies = [
+ "aws-smithy-types",
+ "urlencoding",
+]
+
+[[package]]
+name = "aws-smithy-runtime"
+version = "1.9.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d3946acbe1ead1301ba6862e712c7903ca9bb230bdf1fbd1b5ac54158ef2ab1f"
+dependencies = [
+ "aws-smithy-async",
+ "aws-smithy-http",
+ "aws-smithy-http-client",
+ "aws-smithy-observability",
+ "aws-smithy-runtime-api",
+ "aws-smithy-types",
+ "bytes",
+ "fastrand",
+ "http 0.2.12",
+ "http 1.3.1",
+ "http-body 0.4.6",
+ "http-body 1.0.1",
+ "pin-project-lite",
+ "pin-utils",
+ "tokio",
+ "tracing",
+]
+
+[[package]]
+name = "aws-smithy-runtime-api"
+version = "1.9.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "07f5e0fc8a6b3f2303f331b94504bbf754d85488f402d6f1dd7a6080f99afe56"
+dependencies = [
+ "aws-smithy-async",
+ "aws-smithy-types",
+ "bytes",
+ "http 0.2.12",
+ "http 1.3.1",
+ "pin-project-lite",
+ "tokio",
+ "tracing",
+ "zeroize",
+]
+
+[[package]]
+name = "aws-smithy-types"
+version = "1.3.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d498595448e43de7f4296b7b7a18a8a02c61ec9349128c80a368f7c3b4ab11a8"
+dependencies = [
+ "base64-simd",
+ "bytes",
+ "bytes-utils",
+ "futures-core",
+ "http 0.2.12",
+ "http 1.3.1",
+ "http-body 0.4.6",
+ "http-body 1.0.1",
+ "http-body-util",
+ "itoa",
+ "num-integer",
+ "pin-project-lite",
+ "pin-utils",
+ "ryu",
+ "serde",
+ "time",
+ "tokio",
+ "tokio-util",
+]
+
+[[package]]
+name = "aws-smithy-xml"
+version = "0.60.10"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "3db87b96cb1b16c024980f133968d52882ca0daaee3a086c6decc500f6c99728"
+dependencies = [
+ "xmlparser",
+]
+
+[[package]]
+name = "aws-types"
+version = "1.3.8"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b069d19bf01e46298eaedd7c6f283fe565a59263e53eebec945f3e6398f42390"
+dependencies = [
+ "aws-credential-types",
+ "aws-smithy-async",
+ "aws-smithy-runtime-api",
+ "aws-smithy-types",
+ "rustc_version",
+ "tracing",
+]
+
 [[package]]
 name = "axum"
 version = "0.8.4"
@@ -208,10 +621,10 @@ dependencies = [
  "bytes",
  "form_urlencoded",
  "futures-util",
- "http",
- "http-body",
+ "http 1.3.1",
+ "http-body 1.0.1",
  "http-body-util",
- "hyper",
+ "hyper 1.7.0",
  "hyper-util",
  "itoa",
  "matchit",
@@ -240,8 +653,8 @@ checksum = "68464cd0412f486726fb3373129ef5d2993f90c34bc2bc1c1e9943b2f4fc7ca6"
 dependencies = [
  "bytes",
  "futures-core",
- "http",
- "http-body",
+ "http 1.3.1",
+ "http-body 1.0.1",
  "http-body-util",
  "mime",
  "pin-project-lite",
@@ -263,8 +676,8 @@ dependencies = [
  "bytes",
  "futures-util",
  "headers",
- "http",
- "http-body",
+ "http 1.3.1",
+ "http-body 1.0.1",
  "http-body-util",
  "mime",
  "pin-project-lite",
@@ -283,7 +696,7 @@ checksum = "604fde5e028fea851ce1d8570bbdc034bec850d157f7569d10f347d06808c05c"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.101",
+ "syn 2.0.106",
 ]
 
 [[package]]
@@ -295,24 +708,24 @@ dependencies = [
  "arc-swap",
  "bytes",
  "fs-err",
- "http",
- "http-body",
- "hyper",
+ "http 1.3.1",
+ "http-body 1.0.1",
+ "hyper 1.7.0",
  "hyper-util",
  "pin-project-lite",
- "rustls",
- "rustls-pemfile",
+ "rustls 0.23.31",
+ "rustls-pemfile 2.2.0",
  "rustls-pki-types",
  "tokio",
- "tokio-rustls",
+ "tokio-rustls 0.26.2",
  "tower-service",
 ]
 
 [[package]]
 name = "backtrace"
-version = "0.3.74"
+version = "0.3.75"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8d82cb332cdfaed17ae235a638438ac4d4839913cc2af585c3c6746e8f8bee1a"
+checksum = "6806a6321ec58106fea15becdad98371e28d92ccbc7c8f1b3b6dd724fe8f1002"
 dependencies = [
  "addr2line",
  "cfg-if",
@@ -323,6 +736,12 @@ dependencies = [
  "windows-targets 0.52.6",
 ]
 
+[[package]]
+name = "base16ct"
+version = "0.1.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "349a06037c7bf932dd7e7d1f653678b2038b9ad46a74102f1fc7bd7872678cce"
+
 [[package]]
 name = "base64"
 version = "0.21.7"
@@ -335,6 +754,22 @@ version = "0.22.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "72b3254f16251a8381aa12e40e3c4d2f0199f8c6508fbecb9d91f575e0fbb8c6"
 
+[[package]]
+name = "base64-simd"
+version = "0.8.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "339abbe78e73178762e23bea9dfd08e697eb3f3301cd4be981c0f78ba5859195"
+dependencies = [
+ "outref",
+ "vsimd",
+]
+
+[[package]]
+name = "base64ct"
+version = "1.8.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "55248b47b0caf0546f7988906588779981c43bb1bc9d0c44087278f80cdb44ba"
+
 [[package]]
 name = "bindgen"
 version = "0.69.5"
@@ -354,15 +789,15 @@ dependencies = [
  "regex",
  "rustc-hash 1.1.0",
  "shlex",
- "syn 2.0.101",
+ "syn 2.0.106",
  "which",
 ]
 
 [[package]]
 name = "bitflags"
-version = "2.9.0"
+version = "2.9.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5c8214115b7bf84099f1309324e63141d4c5d7cc26862f97a0a857dbefe165bd"
+checksum = "2261d10cca569e4643e526d8dc2e62e433cc8aba21ab764233731f8d369bf394"
 
 [[package]]
 name = "block-buffer"
@@ -375,9 +810,9 @@ dependencies = [
 
 [[package]]
 name = "bumpalo"
-version = "3.17.0"
+version = "3.19.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1628fb46dfa0b37568d12e5edd512553eccf6a22a78e8bde00bb4aed84d5bdbf"
+checksum = "46c5e41b57b8bba42a04676d81cb89e9ee8e859a1a66f80a5a72e1cb76b34d43"
 
 [[package]]
 name = "byteorder"
@@ -391,6 +826,16 @@ version = "1.10.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "d71b6127be86fdcfddb610f7182ac57211d4b18a3e9c82eb2d17662f2227ad6a"
 
+[[package]]
+name = "bytes-utils"
+version = "0.1.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "7dafe3a8757b027e2be6e4e5601ed563c55989fcf1546e933c66c8eb3a058d35"
+dependencies = [
+ "bytes",
+ "either",
+]
+
 [[package]]
 name = "bytesize"
 version = "2.0.1"
@@ -399,29 +844,20 @@ checksum = "a3c8f83209414aacf0eeae3cf730b18d6981697fba62f200fcfb92b9f082acba"
 
 [[package]]
 name = "bzip2"
-version = "0.5.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "49ecfb22d906f800d4fe833b6282cf4dc1c298f5057ca0b5445e5c209735ca47"
-dependencies = [
- "bzip2-sys",
-]
-
-[[package]]
-name = "bzip2-sys"
-version = "0.1.13+1.0.8"
+version = "0.6.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "225bff33b2141874fe80d71e07d6eec4f85c5c216453dd96388240f96e1acc14"
+checksum = "bea8dcd42434048e4f7a304411d9273a411f647446c1234a65ce0554923f4cff"
 dependencies = [
- "cc",
- "pkg-config",
+ "libbz2-rs-sys",
 ]
 
 [[package]]
 name = "cc"
-version = "1.2.17"
+version = "1.2.35"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1fcb57c740ae1daf453ae85f16e37396f672b039e00d9d866e07ddb24e328e3a"
+checksum = "590f9024a68a8c40351881787f1934dc11afd69090f5edb6831464694d836ea3"
 dependencies = [
+ "find-msvc-tools",
  "jobserver",
  "libc",
  "shlex",
@@ -438,9 +874,9 @@ dependencies = [
 
 [[package]]
 name = "cfg-if"
-version = "1.0.0"
+version = "1.0.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd"
+checksum = "2fd1289c04a9ea8cb22300a459a72a385d7c73d3259e2ed7dcb2af674838cfa9"
 
 [[package]]
 name = "cfg_aliases"
@@ -495,9 +931,15 @@ dependencies = [
 
 [[package]]
 name = "colorchoice"
-version = "1.0.3"
+version = "1.0.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5b63caa9aa9397e2d9480a9b13673856c78d8ac123288526c37d7839f2a86990"
+checksum = "b05b61dc5112cbb17e4b6cd61790d9845d13888356391624cbe7e41efeac1e75"
+
+[[package]]
+name = "const-oid"
+version = "0.9.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c2459377285ad874054d797f3ccebf984978aa39129f6eafde5cdc8315b612f8"
 
 [[package]]
 name = "constant_time_eq"
@@ -505,6 +947,26 @@ version = "0.3.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "7c74b8349d32d297c9134b8c88677813a227df8f779daa29bfc29c183fe3dca6"
 
+[[package]]
+name = "core-foundation"
+version = "0.9.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "91e195e091a93c46f7102ec7818a2aa394e1e1771c3ab4825963fa03e45afb8f"
+dependencies = [
+ "core-foundation-sys",
+ "libc",
+]
+
+[[package]]
+name = "core-foundation"
+version = "0.10.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b2a6cd9ae233e7f62ba4e9353e81a88df7fc8a5987b8d445b4d90c879bd156f6"
+dependencies = [
+ "core-foundation-sys",
+ "libc",
+]
+
 [[package]]
 name = "core-foundation-sys"
 version = "0.8.7"
@@ -522,9 +984,9 @@ dependencies = [
 
 [[package]]
 name = "crc"
-version = "3.2.1"
+version = "3.3.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "69e6e4d7b33a94f0991c26729976b10ebde1d34c3ee82408fb536164fa10d636"
+checksum = "9710d3b3739c2e349eb44fe848ad0b7c8cb1e42bd87ee49371df2f7acaf3e675"
 dependencies = [
  "crc-catalog",
 ]
@@ -535,11 +997,24 @@ version = "2.4.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "19d374276b40fb8bbdee95aef7c7fa6b5316ec764510eb64b8dd0e2ed0d7e7f5"
 
+[[package]]
+name = "crc-fast"
+version = "1.3.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6bf62af4cc77d8fe1c22dde4e721d87f2f54056139d8c412e1366b740305f56f"
+dependencies = [
+ "crc",
+ "digest",
+ "libc",
+ "rand",
+ "regex",
+]
+
 [[package]]
 name = "crc32fast"
-version = "1.4.2"
+version = "1.5.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a97769d94ddab943e4510d138150169a2758b5ef3eb191a9ee688de3e23ef7b3"
+checksum = "9481c1c90cbf2ac953f07c8d4a58aa3945c425b7185c9154d67a65e4230da511"
 dependencies = [
  "cfg-if",
 ]
@@ -565,6 +1040,28 @@ version = "0.8.21"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "d0a5c400df2834b80a4c3327b3aad3a4c4cd4de0629063962b03235697506a28"
 
+[[package]]
+name = "crypto-bigint"
+version = "0.4.9"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ef2b4b23cddf68b89b8f8069890e8c270d54e2d5fe1b143820234805e4cb17ef"
+dependencies = [
+ "generic-array",
+ "rand_core 0.6.4",
+ "subtle",
+ "zeroize",
+]
+
+[[package]]
+name = "crypto-bigint"
+version = "0.5.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0dc92fb57ca44df6db8059111ab3af99a63d5d0f8375d9972e319a379c6bab76"
+dependencies = [
+ "rand_core 0.6.4",
+ "subtle",
+]
+
 [[package]]
 name = "crypto-common"
 version = "0.1.6"
@@ -581,24 +1078,34 @@ version = "0.1.9"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "da692b8d1080ea3045efaab14434d40468c3d8657e42abddfffca87b428f4c1b"
 
+[[package]]
+name = "der"
+version = "0.6.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f1a467a65c5e759bce6e65eaf91cc29f466cdc57cb65777bd646872a8a1fd4de"
+dependencies = [
+ "const-oid",
+ "zeroize",
+]
+
 [[package]]
 name = "deranged"
-version = "0.4.1"
+version = "0.5.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "28cfac68e08048ae1883171632c2aef3ebc555621ae56fbccce1cbf22dd7f058"
+checksum = "d630bccd429a5bb5a64b5e94f693bfc48c9f8566418fda4c494cc94f911f87cc"
 dependencies = [
  "powerfmt",
 ]
 
 [[package]]
 name = "derive_arbitrary"
-version = "1.4.1"
+version = "1.4.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "30542c1ad912e0e3d22a1935c290e12e8a29d704a420177a31faad4a601a0800"
+checksum = "1e567bd82dcff979e4b03460c307b3cdc9e96fde3d73bed1496d2bc75d9dd62a"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.101",
+ "syn 2.0.106",
 ]
 
 [[package]]
@@ -620,14 +1127,14 @@ checksum = "97369cbbc041bc366949bc74d34658d6cda5621039731c6310521892a3a20ae0"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.101",
+ "syn 2.0.106",
 ]
 
 [[package]]
 name = "dlopen2"
-version = "0.7.0"
+version = "0.8.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9e1297103d2bbaea85724fcee6294c2d50b1081f9ad47d0f6f6f61eda65315a6"
+checksum = "b54f373ccf864bf587a89e880fb7610f8d73f3045f13580948ccbcaff26febff"
 dependencies = [
  "dlopen2_derive",
  "libc",
@@ -637,13 +1144,13 @@ dependencies = [
 
 [[package]]
 name = "dlopen2_derive"
-version = "0.4.0"
+version = "0.4.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f2b99bf03862d7f545ebc28ddd33a665b50865f4dfd84031a393823879bd4c54"
+checksum = "788160fb30de9cdd857af31c6a2675904b16ece8fc2737b2c7127ba368c9d0f4"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.101",
+ "syn 2.0.106",
 ]
 
 [[package]]
@@ -658,12 +1165,44 @@ version = "1.0.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "92773504d58c093f6de2459af4af33faa518c13451eb8f2b5698ed3d36e7c813"
 
+[[package]]
+name = "ecdsa"
+version = "0.14.8"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "413301934810f597c1d19ca71c8710e99a3f1ba28a0d2ebc01551a2daeea3c5c"
+dependencies = [
+ "der",
+ "elliptic-curve",
+ "rfc6979",
+ "signature",
+]
+
 [[package]]
 name = "either"
 version = "1.15.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "48c757948c5ede0e46177b7add2e67155f70e33c07fea8284df6576da70b3719"
 
+[[package]]
+name = "elliptic-curve"
+version = "0.12.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e7bb888ab5300a19b8e5bceef25ac745ad065f3c9f7efc6de1b91958110891d3"
+dependencies = [
+ "base16ct",
+ "crypto-bigint 0.4.9",
+ "der",
+ "digest",
+ "ff",
+ "generic-array",
+ "group",
+ "pkcs8",
+ "rand_core 0.6.4",
+ "sec1",
+ "subtle",
+ "zeroize",
+]
+
 [[package]]
 name = "env_filter"
 version = "0.1.3"
@@ -675,9 +1214,9 @@ dependencies = [
 
 [[package]]
 name = "env_logger"
-version = "0.11.7"
+version = "0.11.8"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c3716d7a920fb4fac5d84e9d4bce8ceb321e9414b4409da61b07b75c1e3d0697"
+checksum = "13c863f0904021b108aa8b2f55046443e6b1ebde8fd4a15c399893aae4fa069f"
 dependencies = [
  "anstream",
  "anstyle",
@@ -703,12 +1242,12 @@ dependencies = [
 
 [[package]]
 name = "errno"
-version = "0.3.10"
+version = "0.3.13"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "33d852cb9b869c2a9b3df2f71a3074817f01e1844f839a144f5fcef059a4eb5d"
+checksum = "778e2ac28f6c47af28e4907f13ffd1e1ddbd400980a9abd7c8df189bf578a5ad"
 dependencies = [
  "libc",
- "windows-sys 0.59.0",
+ "windows-sys 0.60.2",
 ]
 
 [[package]]
@@ -717,6 +1256,22 @@ version = "2.3.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "37909eebbb50d72f9059c3b6d82c0463f2ff062c9e95845c43a6c9c0355411be"
 
+[[package]]
+name = "ff"
+version = "0.12.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d013fc25338cc558c5c2cfbad646908fb23591e2404481826742b651c9af7160"
+dependencies = [
+ "rand_core 0.6.4",
+ "subtle",
+]
+
+[[package]]
+name = "find-msvc-tools"
+version = "0.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e178e4fba8a2726903f6ba98a6d221e76f9c12c650d5dc0e6afdc50677b49650"
+
 [[package]]
 name = "fixedbitset"
 version = "0.5.7"
@@ -725,11 +1280,12 @@ checksum = "1d674e81391d1e1ab681a28d99df07927c6d4aa5b027d7da16ba32d1d21ecd99"
 
 [[package]]
 name = "flate2"
-version = "1.1.0"
+version = "1.1.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "11faaf5a5236997af9848be0bef4db95824b1d534ebc64d0f0c6cf3e67bd38dc"
+checksum = "4a3d7db9596fecd151c5f638c0ee5d5bd487b6e0ea232e5dc96d5250f6f94b1d"
 dependencies = [
  "crc32fast",
+ "libz-rs-sys",
  "miniz_oxide",
 ]
 
@@ -737,13 +1293,19 @@ dependencies = [
 name = "fnv"
 version = "1.0.7"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3f9eec918d3f24069decb9af1554cad7c880e2da24a9afd88aca000531ab82c1"
+checksum = "3f9eec918d3f24069decb9af1554cad7c880e2da24a9afd88aca000531ab82c1"
+
+[[package]]
+name = "foldhash"
+version = "0.1.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d9c4f5dac5e15c24eb999c26181a6ca40b39fe946cbe4c263c7209467bc83af2"
 
 [[package]]
 name = "form_urlencoded"
-version = "1.2.1"
+version = "1.2.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e13624c2627564efccf4934284bdd98cbaa14e79b0b5a141218e507b3a823456"
+checksum = "cb4cb245038516f5f85277875cdaa4f7d2c9a0fa0468de06ed190163b1581fcf"
 dependencies = [
  "percent-encoding",
 ]
@@ -756,9 +1318,9 @@ checksum = "28dd6caf6059519a65843af8fe2a3ae298b14b80179855aeb4adc2c1934ee619"
 
 [[package]]
 name = "fs-err"
-version = "3.1.0"
+version = "3.1.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1f89bda4c2a21204059a977ed3bfe746677dfd137b83c339e702b0ac91d482aa"
+checksum = "88d7be93788013f265201256d58f04936a8079ad5dc898743aa20525f503b683"
 dependencies = [
  "autocfg",
  "tokio",
@@ -826,7 +1388,7 @@ checksum = "162ee34ebcb7c64a8abebc059ce0fee27c2262618d7b60ed8faf72fef13c3650"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.101",
+ "syn 2.0.106",
 ]
 
 [[package]]
@@ -877,28 +1439,28 @@ dependencies = [
 
 [[package]]
 name = "getrandom"
-version = "0.2.15"
+version = "0.2.16"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c4567c8db10ae91089c99af84c68c38da3ec2f087c3f82960bcdbf3656b6f4d7"
+checksum = "335ff9f135e4384c8150d6f27c6daed433577f86b4750418338c01a1a2528592"
 dependencies = [
  "cfg-if",
  "js-sys",
  "libc",
- "wasi 0.11.0+wasi-snapshot-preview1",
+ "wasi 0.11.1+wasi-snapshot-preview1",
  "wasm-bindgen",
 ]
 
 [[package]]
 name = "getrandom"
-version = "0.3.2"
+version = "0.3.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "73fea8450eea4bac3940448fb7ae50d91f034f941199fcd9d909a5a07aa455f0"
+checksum = "26145e563e54f2cadc477553f1ec5ee650b00862f0a58bcd12cbdc5f0ea2d2f4"
 dependencies = [
  "cfg-if",
  "js-sys",
  "libc",
  "r-efi",
- "wasi 0.14.2+wasi-0.2.4",
+ "wasi 0.14.3+wasi-0.2.4",
  "wasm-bindgen",
 ]
 
@@ -910,22 +1472,52 @@ checksum = "07e28edb80900c19c28f1072f2e8aeca7fa06b23cd4169cefe1af5aa3260783f"
 
 [[package]]
 name = "glob"
-version = "0.3.2"
+version = "0.3.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0cc23270f6e1808e30a928bdc84dea0b9b4136a8bc82338574f23baf47bbd280"
+
+[[package]]
+name = "group"
+version = "0.12.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5dfbfb3a6cfbd390d5c9564ab283a0349b9b9fcd46a706c1eb10e0db70bfbac7"
+dependencies = [
+ "ff",
+ "rand_core 0.6.4",
+ "subtle",
+]
+
+[[package]]
+name = "h2"
+version = "0.3.27"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a8d1add55171497b4705a648c6b583acafb01d58050a51727785f0b2c8e0a2b2"
+checksum = "0beca50380b1fc32983fc1cb4587bfa4bb9e78fc259aad4a0032d2080309222d"
+dependencies = [
+ "bytes",
+ "fnv",
+ "futures-core",
+ "futures-sink",
+ "futures-util",
+ "http 0.2.12",
+ "indexmap",
+ "slab",
+ "tokio",
+ "tokio-util",
+ "tracing",
+]
 
 [[package]]
 name = "h2"
-version = "0.4.8"
+version = "0.4.12"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5017294ff4bb30944501348f6f8e42e6ad28f42c8bbef7a74029aff064a4e3c2"
+checksum = "f3c0b69cfcb4e1b9f1bf2f53f95f766e4661169728ec61cd3fe5a0166f2d1386"
 dependencies = [
  "atomic-waker",
  "bytes",
  "fnv",
  "futures-core",
  "futures-sink",
- "http",
+ "http 1.3.1",
  "indexmap",
  "slab",
  "tokio",
@@ -935,20 +1527,25 @@ dependencies = [
 
 [[package]]
 name = "hashbrown"
-version = "0.15.2"
+version = "0.15.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "bf151400ff0baff5465007dd2f3e717f3fe502074ca563069ce3a6629d07b289"
+checksum = "9229cfe53dfd69f0609a49f65461bd93001ea1ef889cd5529dd176593f5338a1"
+dependencies = [
+ "allocator-api2",
+ "equivalent",
+ "foldhash",
+]
 
 [[package]]
 name = "headers"
-version = "0.4.0"
+version = "0.4.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "322106e6bd0cba2d5ead589ddb8150a13d7c4217cf80d7c4f682ca994ccc6aa9"
+checksum = "b3314d5adb5d94bcdf56771f2e50dbbc80bb4bdf88967526706205ac9eff24eb"
 dependencies = [
- "base64 0.21.7",
+ "base64 0.22.1",
  "bytes",
  "headers-core",
- "http",
+ "http 1.3.1",
  "httpdate",
  "mime",
  "sha1",
@@ -960,7 +1557,7 @@ version = "0.3.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "54b4a22553d4242c49fddb9ba998a99962b5cc6f22cb5a3482bec22522403ce4"
 dependencies = [
- "http",
+ "http 1.3.1",
 ]
 
 [[package]]
@@ -993,6 +1590,17 @@ dependencies = [
  "windows-sys 0.59.0",
 ]
 
+[[package]]
+name = "http"
+version = "0.2.12"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "601cbb57e577e2f5ef5be8e7b83f0f63994f25aa94d673e54a92d5c516d101f1"
+dependencies = [
+ "bytes",
+ "fnv",
+ "itoa",
+]
+
 [[package]]
 name = "http"
 version = "1.3.1"
@@ -1004,6 +1612,17 @@ dependencies = [
  "itoa",
 ]
 
+[[package]]
+name = "http-body"
+version = "0.4.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "7ceab25649e9960c0311ea418d17bee82c0dcec1bd053b5f9a66e265a693bed2"
+dependencies = [
+ "bytes",
+ "http 0.2.12",
+ "pin-project-lite",
+]
+
 [[package]]
 name = "http-body"
 version = "1.0.1"
@@ -1011,7 +1630,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "1efedce1fb8e6913f23e0c92de8e62cd5b772a67e7b3946df930a62566c93184"
 dependencies = [
  "bytes",
- "http",
+ "http 1.3.1",
 ]
 
 [[package]]
@@ -1022,8 +1641,8 @@ checksum = "b021d93e26becf5dc7e1b75b1bed1fd93124b374ceb73f43d4d4eafec896a64a"
 dependencies = [
  "bytes",
  "futures-core",
- "http",
- "http-body",
+ "http 1.3.1",
+ "http-body 1.0.1",
  "pin-project-lite",
 ]
 
@@ -1041,20 +1660,46 @@ checksum = "df3b46402a9d5adb4c86a0cf463f42e19994e3ee891101b1841f30a545cb49a9"
 
 [[package]]
 name = "hyper"
-version = "1.6.0"
+version = "0.14.32"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "cc2b571658e38e0c01b1fdca3bbbe93c00d3d71693ff2770043f8c29bc7d6f80"
+checksum = "41dfc780fdec9373c01bae43289ea34c972e40ee3c9f6b3c8801a35f35586ce7"
 dependencies = [
  "bytes",
  "futures-channel",
+ "futures-core",
  "futures-util",
- "h2",
- "http",
- "http-body",
+ "h2 0.3.27",
+ "http 0.2.12",
+ "http-body 0.4.6",
+ "httparse",
+ "httpdate",
+ "itoa",
+ "pin-project-lite",
+ "socket2 0.5.10",
+ "tokio",
+ "tower-service",
+ "tracing",
+ "want",
+]
+
+[[package]]
+name = "hyper"
+version = "1.7.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "eb3aa54a13a0dfe7fbe3a59e0c76093041720fdc77b110cc0fc260fafb4dc51e"
+dependencies = [
+ "atomic-waker",
+ "bytes",
+ "futures-channel",
+ "futures-core",
+ "h2 0.4.12",
+ "http 1.3.1",
+ "http-body 1.0.1",
  "httparse",
  "httpdate",
  "itoa",
  "pin-project-lite",
+ "pin-utils",
  "smallvec",
  "tokio",
  "want",
@@ -1062,36 +1707,57 @@ dependencies = [
 
 [[package]]
 name = "hyper-rustls"
-version = "0.27.5"
+version = "0.24.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2d191583f3da1305256f22463b9bb0471acad48a4e534a5218b9963e9c1f59b2"
+checksum = "ec3efd23720e2049821a693cbc7e65ea87c72f1c58ff2f9522ff332b1491e590"
 dependencies = [
  "futures-util",
- "http",
- "hyper",
+ "http 0.2.12",
+ "hyper 0.14.32",
+ "log",
+ "rustls 0.21.12",
+ "rustls-native-certs 0.6.3",
+ "tokio",
+ "tokio-rustls 0.24.1",
+]
+
+[[package]]
+name = "hyper-rustls"
+version = "0.27.7"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e3c93eb611681b207e1fe55d5a71ecf91572ec8a6705cdb6857f7d8d5242cf58"
+dependencies = [
+ "http 1.3.1",
+ "hyper 1.7.0",
  "hyper-util",
- "rustls",
+ "rustls 0.23.31",
+ "rustls-native-certs 0.8.1",
  "rustls-pki-types",
  "tokio",
- "tokio-rustls",
+ "tokio-rustls 0.26.2",
  "tower-service",
  "webpki-roots",
 ]
 
 [[package]]
 name = "hyper-util"
-version = "0.1.10"
+version = "0.1.16"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "df2dcfbe0677734ab2f3ffa7fa7bfd4706bfdc1ef393f2ee30184aed67e631b4"
+checksum = "8d9b05277c7e8da2c93a568989bb6207bef0112e8d17df7a6eda4a3cf143bc5e"
 dependencies = [
+ "base64 0.22.1",
  "bytes",
  "futures-channel",
+ "futures-core",
  "futures-util",
- "http",
- "http-body",
- "hyper",
+ "http 1.3.1",
+ "http-body 1.0.1",
+ "hyper 1.7.0",
+ "ipnet",
+ "libc",
+ "percent-encoding",
  "pin-project-lite",
- "socket2",
+ "socket2 0.6.0",
  "tokio",
  "tower-service",
  "tracing",
@@ -1099,9 +1765,9 @@ dependencies = [
 
 [[package]]
 name = "iana-time-zone"
-version = "0.1.62"
+version = "0.1.63"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b2fd658b06e56721792c5df4475705b6cda790e9298d19d2f8af083457bcd127"
+checksum = "b0c919e5debc312ad217002b8048a17b7d83f80703865bbfcfebb0458b0b27d8"
 dependencies = [
  "android_system_properties",
  "core-foundation-sys",
@@ -1123,21 +1789,22 @@ dependencies = [
 
 [[package]]
 name = "icu_collections"
-version = "1.5.0"
+version = "2.0.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "db2fa452206ebee18c4b5c2274dbf1de17008e874b4dc4f0aea9d01ca79e4526"
+checksum = "200072f5d0e3614556f94a9930d5dc3e0662a652823904c3a75dc3b0af7fee47"
 dependencies = [
  "displaydoc",
+ "potential_utf",
  "yoke",
  "zerofrom",
  "zerovec",
 ]
 
 [[package]]
-name = "icu_locid"
-version = "1.5.0"
+name = "icu_locale_core"
+version = "2.0.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "13acbb8371917fc971be86fc8057c41a64b521c184808a698c02acc242dbf637"
+checksum = "0cde2700ccaed3872079a65fb1a78f6c0a36c91570f28755dda67bc8f7d9f00a"
 dependencies = [
  "displaydoc",
  "litemap",
@@ -1146,31 +1813,11 @@ dependencies = [
  "zerovec",
 ]
 
-[[package]]
-name = "icu_locid_transform"
-version = "1.5.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "01d11ac35de8e40fdeda00d9e1e9d92525f3f9d887cdd7aa81d727596788b54e"
-dependencies = [
- "displaydoc",
- "icu_locid",
- "icu_locid_transform_data",
- "icu_provider",
- "tinystr",
- "zerovec",
-]
-
-[[package]]
-name = "icu_locid_transform_data"
-version = "1.5.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7515e6d781098bf9f7205ab3fc7e9709d34554ae0b21ddbcb5febfa4bc7df11d"
-
 [[package]]
 name = "icu_normalizer"
-version = "1.5.0"
+version = "2.0.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "19ce3e0da2ec68599d193c93d088142efd7f9c5d6fc9b803774855747dc6a84f"
+checksum = "436880e8e18df4d7bbc06d58432329d6458cc84531f7ac5f024e93deadb37979"
 dependencies = [
  "displaydoc",
  "icu_collections",
@@ -1178,72 +1825,59 @@ dependencies = [
  "icu_properties",
  "icu_provider",
  "smallvec",
- "utf16_iter",
- "utf8_iter",
- "write16",
  "zerovec",
 ]
 
 [[package]]
 name = "icu_normalizer_data"
-version = "1.5.1"
+version = "2.0.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c5e8338228bdc8ab83303f16b797e177953730f601a96c25d10cb3ab0daa0cb7"
+checksum = "00210d6893afc98edb752b664b8890f0ef174c8adbb8d0be9710fa66fbbf72d3"
 
 [[package]]
 name = "icu_properties"
-version = "1.5.1"
+version = "2.0.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "93d6020766cfc6302c15dbbc9c8778c37e62c14427cb7f6e601d849e092aeef5"
+checksum = "016c619c1eeb94efb86809b015c58f479963de65bdb6253345c1a1276f22e32b"
 dependencies = [
  "displaydoc",
  "icu_collections",
- "icu_locid_transform",
+ "icu_locale_core",
  "icu_properties_data",
  "icu_provider",
- "tinystr",
+ "potential_utf",
+ "zerotrie",
  "zerovec",
 ]
 
 [[package]]
 name = "icu_properties_data"
-version = "1.5.1"
+version = "2.0.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "85fb8799753b75aee8d2a21d7c14d9f38921b54b3dbda10f5a3c7a7b82dba5e2"
+checksum = "298459143998310acd25ffe6810ed544932242d3f07083eee1084d83a71bd632"
 
 [[package]]
 name = "icu_provider"
-version = "1.5.0"
+version = "2.0.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6ed421c8a8ef78d3e2dbc98a973be2f3770cb42b606e3ab18d6237c4dfde68d9"
+checksum = "03c80da27b5f4187909049ee2d72f276f0d9f99a42c306bd0131ecfe04d8e5af"
 dependencies = [
  "displaydoc",
- "icu_locid",
- "icu_provider_macros",
+ "icu_locale_core",
  "stable_deref_trait",
  "tinystr",
  "writeable",
  "yoke",
  "zerofrom",
+ "zerotrie",
  "zerovec",
 ]
 
-[[package]]
-name = "icu_provider_macros"
-version = "1.5.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1ec89e9337638ecdc08744df490b221a7399bf8d164eb52a665454e60e075ad6"
-dependencies = [
- "proc-macro2",
- "quote",
- "syn 2.0.101",
-]
-
 [[package]]
 name = "idna"
-version = "1.0.3"
+version = "1.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "686f825264d630750a544639377bae737628043f20d38bbc029e8f29ea968a7e"
+checksum = "3b0875f23caa03898994f6ddc501886a45c7d3d62d04d2d90788d47be1b1e4de"
 dependencies = [
  "idna_adapter",
  "smallvec",
@@ -1252,9 +1886,9 @@ dependencies = [
 
 [[package]]
 name = "idna_adapter"
-version = "1.2.0"
+version = "1.2.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "daca1df1c957320b2cf139ac61e7bd64fed304c5040df000a745aa1de3b4ef71"
+checksum = "3acae9609540aa318d1bc588455225fb2085b9ed0c4f6bd0d9d5bcd86f1a0344"
 dependencies = [
  "icu_normalizer",
  "icu_properties",
@@ -1262,9 +1896,9 @@ dependencies = [
 
 [[package]]
 name = "indexmap"
-version = "2.8.0"
+version = "2.11.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3954d50fe15b02142bf25d3b8bdadb634ec3948f103d04ffe3031bc8fe9d7058"
+checksum = "f2481980430f9f78649238835720ddccc57e52df14ffce1c6f37391d61b563e9"
 dependencies = [
  "equivalent",
  "hashbrown",
@@ -1302,19 +1936,40 @@ dependencies = [
 
 [[package]]
 name = "inventory"
-version = "0.3.20"
+version = "0.3.21"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ab08d7cd2c5897f2c949e5383ea7c7db03fb19130ffcfbf7eda795137ae3cb83"
+checksum = "bc61209c082fbeb19919bee74b176221b27223e27b65d781eb91af24eb1fb46e"
 dependencies = [
  "rustversion",
 ]
 
+[[package]]
+name = "io-uring"
+version = "0.7.10"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "046fa2d4d00aea763528b4950358d0ead425372445dc8ff86312b3c69ff7727b"
+dependencies = [
+ "bitflags",
+ "cfg-if",
+ "libc",
+]
+
 [[package]]
 name = "ipnet"
 version = "2.11.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "469fb0b9cefa57e3ef31275ee7cacb78f2fdca44e4765491884a2b119d4eb130"
 
+[[package]]
+name = "iri-string"
+version = "0.7.8"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "dbc5ebe9c3a1a7a5127f920a418f7585e9e758e911d0466ed004f393b0e380b2"
+dependencies = [
+ "memchr",
+ "serde",
+]
+
 [[package]]
 name = "is_terminal_polyfill"
 version = "1.70.1"
@@ -1347,10 +2002,11 @@ checksum = "4a5f13b858c8d314ee3e8f639011f7ccefe71f97f96e50151fb991f267928e2c"
 
 [[package]]
 name = "jobserver"
-version = "0.1.32"
+version = "0.1.34"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "48d1dbcbbeb6a7fec7e059840aa538bd62aaccf972c7346c4d9d2059312853d0"
+checksum = "9afb3de4395d6b3e67a780b6de64b51c978ecf11cb9a462c66be7d4ca9039d33"
 dependencies = [
+ "getrandom 0.3.3",
  "libc",
 ]
 
@@ -1391,20 +2047,55 @@ version = "1.3.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "830d08ce1d1d941e6b30645f1a0eb5643013d835ce3779a5fc208261dbe10f55"
 
+[[package]]
+name = "libbz2-rs-sys"
+version = "0.2.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "2c4a545a15244c7d945065b5d392b2d2d7f21526fba56ce51467b06ed445e8f7"
+
 [[package]]
 name = "libc"
-version = "0.2.171"
+version = "0.2.175"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c19937216e9d3aa9956d9bb8dfc0b0c8beb6058fc4f7a4dc4d850edf86a237d6"
+checksum = "6a82ae493e598baaea5209805c49bbf2ea7de956d50d7da0da1164f9c6d28543"
 
 [[package]]
 name = "libloading"
-version = "0.8.6"
+version = "0.8.8"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "fc2f4eb4bc735547cfed7c0a4922cbd04a4655978c09b54f1f7b228750664c34"
+checksum = "07033963ba89ebaf1584d767badaa2e8fcec21aedea6b8c0346d487d49c28667"
 dependencies = [
  "cfg-if",
- "windows-targets 0.52.6",
+ "windows-targets 0.53.3",
+]
+
+[[package]]
+name = "liblzma"
+version = "0.4.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "10bf66f4598dc77ff96677c8e763655494f00ff9c1cf79e2eb5bb07bc31f807d"
+dependencies = [
+ "liblzma-sys",
+]
+
+[[package]]
+name = "liblzma-sys"
+version = "0.4.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "01b9596486f6d60c3bbe644c0e1be1aa6ccc472ad630fe8927b456973d7cb736"
+dependencies = [
+ "cc",
+ "libc",
+ "pkg-config",
+]
+
+[[package]]
+name = "libz-rs-sys"
+version = "0.5.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "840db8cf39d9ec4dd794376f38acc40d0fc65eec2a8f484f7fd375b84602becd"
+dependencies = [
+ "zlib-rs",
 ]
 
 [[package]]
@@ -1415,32 +2106,26 @@ checksum = "d26c52dbd32dccf2d10cac7725f8eae5296885fb5703b261f7d0a0739ec807ab"
 
 [[package]]
 name = "linux-raw-sys"
-version = "0.9.3"
+version = "0.9.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "fe7db12097d22ec582439daf8618b8fdd1a7bef6270e9af3b1ebcd30893cf413"
+checksum = "cd945864f07fe9f5371a27ad7b52a172b4b499999f1d97574c9fa68373937e12"
 
 [[package]]
 name = "litemap"
-version = "0.7.5"
+version = "0.8.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "23fb14cb19457329c82206317a5663005a4d404783dc74f4252769b0d5f42856"
+checksum = "241eaef5fd12c88705a01fc1066c48c4b36e0dd4377dcdc7ec3942cea7a69956"
 
 [[package]]
 name = "lock_api"
-version = "0.4.12"
+version = "0.4.13"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "07af8b9cdd281b7915f413fa73f29ebd5d55d0d3f0155584dade1ff18cea1b17"
+checksum = "96936507f153605bddfcda068dd804796c84324ed2510809e5b2a624c81da765"
 dependencies = [
  "autocfg",
  "scopeguard",
 ]
 
-[[package]]
-name = "lockfree-object-pool"
-version = "0.1.6"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9374ef4228402d4b7e403e5838cb880d9ee663314b0a900d5a6aabf0c213552e"
-
 [[package]]
 name = "log"
 version = "0.4.27"
@@ -1448,33 +2133,27 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "13dc2df351e3202783a1fe0d44375f7295ffb4049267b0f3018346dc122a1d94"
 
 [[package]]
-name = "lzma-rs"
-version = "0.3.0"
+name = "lru"
+version = "0.12.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "297e814c836ae64db86b36cf2a557ba54368d03f6afcd7d947c266692f71115e"
+checksum = "234cf4f4a04dc1f57e24b96cc0cd600cf2af460d4161ac5ecdd0af8e1f3b2a38"
 dependencies = [
- "byteorder",
- "crc",
+ "hashbrown",
 ]
 
 [[package]]
-name = "lzma-sys"
-version = "0.1.20"
+name = "lru-slab"
+version = "0.1.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5fda04ab3764e6cde78b9974eec4f779acaba7c4e84b36eca3cf77c581b85d27"
-dependencies = [
- "cc",
- "libc",
- "pkg-config",
-]
+checksum = "112b39cec0b298b6c1999fee3e31427f74f676e4cb9879ed1a121b43661a4154"
 
 [[package]]
 name = "matchers"
-version = "0.1.0"
+version = "0.2.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8263075bb86c5a1b1427b5ae862e8889656f126e9f77c484496e8b47cf5c5558"
+checksum = "d1525a2a28c7f4fa0fc98bb91ae755d1e2d1505079e05539e35bc876b5d65ae9"
 dependencies = [
- "regex-automata 0.1.10",
+ "regex-automata",
 ]
 
 [[package]]
@@ -1483,11 +2162,21 @@ version = "0.8.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "47e1ffaa40ddd1f3ed91f717a33c8c0ee23fff369e3aa8772b9605cc1d22f4c3"
 
+[[package]]
+name = "md-5"
+version = "0.10.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d89e7ee0cfbedfc4da3340218492196241d89eefb6dab27de5df917a6d2e78cf"
+dependencies = [
+ "cfg-if",
+ "digest",
+]
+
 [[package]]
 name = "memchr"
-version = "2.7.4"
+version = "2.7.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "78ca9ab1a0babb1e7d5695e3530886289c18cf2f87ec19a575a0abdce112e3a3"
+checksum = "32a282da65faaf38286cf3be983213fcf1d2e2a58700e808f83f4ea9a4804bc0"
 
 [[package]]
 name = "mime"
@@ -1513,22 +2202,22 @@ checksum = "68354c5c6bd36d73ff3feceb05efa59b6acb7626617f4962be322a825e61f79a"
 
 [[package]]
 name = "miniz_oxide"
-version = "0.8.5"
+version = "0.8.9"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8e3e04debbb59698c15bacbb6d93584a8c0ca9cc3213cb423d31f760d8843ce5"
+checksum = "1fa76a2c86f704bdb222d66965fb3d63269ce38518b83cb0575fca855ebb6316"
 dependencies = [
  "adler2",
 ]
 
 [[package]]
 name = "mio"
-version = "1.0.3"
+version = "1.0.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2886843bf800fba2e3377cff24abf6379b4c4d5c6681eaf9ea5b0d15090450bd"
+checksum = "78bed444cc8a2160f01cbcf811ef18cac863ad68ae8ca62092e8db51d51c761c"
 dependencies = [
  "libc",
- "wasi 0.11.0+wasi-snapshot-preview1",
- "windows-sys 0.52.0",
+ "wasi 0.11.1+wasi-snapshot-preview1",
+ "windows-sys 0.59.0",
 ]
 
 [[package]]
@@ -1554,14 +2243,20 @@ dependencies = [
  "cfg-if",
  "proc-macro2",
  "quote",
- "syn 2.0.101",
+ "syn 2.0.106",
 ]
 
 [[package]]
 name = "multimap"
-version = "0.10.0"
+version = "0.10.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1d87ecb2933e8aeadb3e3a02b828fed80a7528047e68b4f424523a0981a3a084"
+
+[[package]]
+name = "needs_env_var"
+version = "1.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "defc4c55412d89136f966bbb339008b474350e5e6e78d2714439c386b3137a03"
+checksum = "b3b406fd667619150b3ac88bfa5b2791311d7100c0b91eb6ed6488b82349856d"
 
 [[package]]
 name = "nom"
@@ -1575,12 +2270,11 @@ dependencies = [
 
 [[package]]
 name = "nu-ansi-term"
-version = "0.46.0"
+version = "0.50.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "77a8165726e8236064dbb45459242600304b42a5ea24ee2948e18e023bf7ba84"
+checksum = "d4a28e057d01f97e61255210fcff094d74ed0466038633e95017f5beb68e4399"
 dependencies = [
- "overload",
- "winapi",
+ "windows-sys 0.52.0",
 ]
 
 [[package]]
@@ -1633,16 +2327,39 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "42f5e15c9953c5e4ccceeb2e7382a716482c34515315f7b03532b8b4e8393d2d"
 
 [[package]]
-name = "overload"
-version = "0.1.1"
+name = "once_cell_polyfill"
+version = "1.70.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a4895175b425cb1f87721b59f0f286c2092bd4af812243672510e1ac53e2e0ad"
+
+[[package]]
+name = "openssl-probe"
+version = "0.1.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d05e27ee213611ffe7d6348b942e8f942b37114c00cc03cec254295a4a17852e"
+
+[[package]]
+name = "outref"
+version = "0.5.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1a80800c0488c3a21695ea981a54918fbb37abf04f4d0720c453632255e2ff0e"
+
+[[package]]
+name = "p256"
+version = "0.11.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b15813163c1d831bf4a13c3610c05c0d03b39feb07f7e09fa234dac9b15aaf39"
+checksum = "51f44edd08f51e2ade572f141051021c5af22677e42b7dd28a88155151c33594"
+dependencies = [
+ "ecdsa",
+ "elliptic-curve",
+ "sha2",
+]
 
 [[package]]
 name = "parking_lot"
-version = "0.12.3"
+version = "0.12.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f1bf18183cf54e8d6059647fc3063646a1801cf30896933ec2311622cc4b9a27"
+checksum = "70d58bf43669b5795d1576d0641cfb6fbb2057bf629506267a92807158584a13"
 dependencies = [
  "lock_api",
  "parking_lot_core",
@@ -1650,9 +2367,9 @@ dependencies = [
 
 [[package]]
 name = "parking_lot_core"
-version = "0.9.10"
+version = "0.9.11"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1e401f977ab385c9e4e3ab30627d6f26d00e2c73eef317493c4ec6d468726cf8"
+checksum = "bc838d2a56b5b1a6c25f55575dfc605fabb63bb2365f6c2353ef9159aa69e4a5"
 dependencies = [
  "cfg-if",
  "libc",
@@ -1683,9 +2400,9 @@ dependencies = [
 
 [[package]]
 name = "percent-encoding"
-version = "2.3.1"
+version = "2.3.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e3148f5046208a5d56bcfc03053e3ca6334e51da8dfb19b6cdc8b306fae3283e"
+checksum = "9b4f627cb1b25917193a259e49bdad08f671f8d9708acfd5fe0a8c1455d87220"
 
 [[package]]
 name = "petgraph"
@@ -1709,18 +2426,43 @@ version = "0.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "8b870d8c151b6f2fb93e84a13146138f05d02ed11c7e7c54f8826aaaf7c9f184"
 
+[[package]]
+name = "pkcs8"
+version = "0.9.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9eca2c590a5f85da82668fa685c09ce2888b9430e83299debf1f34b65fd4a4ba"
+dependencies = [
+ "der",
+ "spki",
+]
+
 [[package]]
 name = "pkg-config"
 version = "0.3.32"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "7edddbd0b52d732b21ad9a5fab5c704c14cd949e5e9a1ec5929a24fded1b904c"
 
+[[package]]
+name = "potential_utf"
+version = "0.1.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "84df19adbe5b5a0782edcab45899906947ab039ccf4573713735ee7de1e6b08a"
+dependencies = [
+ "zerovec",
+]
+
 [[package]]
 name = "powerfmt"
 version = "0.2.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "439ee305def115ba05938db6eb1644ff94165c5ab5e9420d1c1bcedbba909391"
 
+[[package]]
+name = "ppmd-rust"
+version = "1.2.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c834641d8ad1b348c9ee86dec3b9840d805acd5f24daa5f90c788951a52ff59b"
+
 [[package]]
 name = "ppv-lite86"
 version = "0.2.21"
@@ -1758,12 +2500,12 @@ dependencies = [
 
 [[package]]
 name = "prettyplease"
-version = "0.2.31"
+version = "0.2.37"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5316f57387668042f561aae71480de936257848f9c43ce528e311d89a07cadeb"
+checksum = "479ca8adacdd7ce8f1fb39ce9ecccbfe93a3f1344b3d0d97f20bc0196208f62b"
 dependencies = [
  "proc-macro2",
- "syn 2.0.101",
+ "syn 2.0.106",
 ]
 
 [[package]]
@@ -1782,23 +2524,23 @@ version = "3.3.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "edce586971a4dfaa28950c6f18ed55e0406c1ab88bbce2c6f6293a7aaba73d35"
 dependencies = [
- "toml_edit 0.22.24",
+ "toml_edit 0.22.27",
 ]
 
 [[package]]
 name = "proc-macro2"
-version = "1.0.94"
+version = "1.0.101"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a31971752e70b8b2686d7e46ec17fb38dad4051d94024c88df49b667caea9c84"
+checksum = "89ae43fd86e4158d6db51ad8e2b80f313af9cc74f5c0e03ccb87de09998732de"
 dependencies = [
  "unicode-ident",
 ]
 
 [[package]]
 name = "prost"
-version = "0.13.5"
+version = "0.14.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2796faa41db3ec313a31f7624d9286acf277b52de526150b7e69f3debf891ee5"
+checksum = "7231bd9b3d3d33c86b58adbac74b5ec0ad9f496b19d22801d773636feaa95f3d"
 dependencies = [
  "bytes",
  "prost-derive",
@@ -1806,9 +2548,9 @@ dependencies = [
 
 [[package]]
 name = "prost-build"
-version = "0.13.5"
+version = "0.14.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "be769465445e8c1474e9c5dac2018218498557af32d9ed057325ec9a41ae81bf"
+checksum = "ac6c3320f9abac597dcbc668774ef006702672474aad53c6d596b62e487b40b1"
 dependencies = [
  "heck",
  "itertools 0.14.0",
@@ -1820,37 +2562,37 @@ dependencies = [
  "prost",
  "prost-types",
  "regex",
- "syn 2.0.101",
+ "syn 2.0.106",
  "tempfile",
 ]
 
 [[package]]
 name = "prost-derive"
-version = "0.13.5"
+version = "0.14.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8a56d757972c98b346a9b766e3f02746cde6dd1cd1d1d563472929fdd74bec4d"
+checksum = "9120690fafc389a67ba3803df527d0ec9cbbc9cc45e4cc20b332996dfb672425"
 dependencies = [
  "anyhow",
  "itertools 0.14.0",
  "proc-macro2",
  "quote",
- "syn 2.0.101",
+ "syn 2.0.106",
 ]
 
 [[package]]
 name = "prost-types"
-version = "0.13.5"
+version = "0.14.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "52c2c1bf36ddb1a1c396b3601a3cec27c2462e45f07c386894ec3ccf5332bd16"
+checksum = "b9b4db3d6da204ed77bb26ba83b6122a73aeb2e87e25fbf7ad2e84c4ccbf8f72"
 dependencies = [
  "prost",
 ]
 
 [[package]]
 name = "prost-wkt"
-version = "0.6.1"
+version = "0.7.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "497e1e938f0c09ef9cabe1d49437b4016e03e8f82fbbe5d1c62a9b61b9decae1"
+checksum = "655944d0ce015e71b3ec21279437e6a09e58433e50c7b0677901f3d5235e74f5"
 dependencies = [
  "chrono",
  "inventory",
@@ -1863,9 +2605,9 @@ dependencies = [
 
 [[package]]
 name = "prost-wkt-build"
-version = "0.6.1"
+version = "0.7.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "07b8bf115b70a7aa5af1fd5d6e9418492e9ccb6e4785e858c938e28d132a884b"
+checksum = "f869f1443fee474b785e935d92e1007f57443e485f51668ed41943fc01a321a2"
 dependencies = [
  "heck",
  "prost",
@@ -1876,9 +2618,9 @@ dependencies = [
 
 [[package]]
 name = "prost-wkt-types"
-version = "0.6.1"
+version = "0.7.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c8cdde6df0a98311c839392ca2f2f0bcecd545f86a62b4e3c6a49c336e970fe5"
+checksum = "eeeffd6b9becd4600dd461399f3f71aeda2ff0848802a9ed526cf12e8f42902a"
 dependencies = [
  "chrono",
  "prost",
@@ -1894,9 +2636,9 @@ dependencies = [
 
 [[package]]
 name = "quinn"
-version = "0.11.7"
+version = "0.11.9"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c3bd15a6f2967aef83887dcb9fec0014580467e33720d073560cf015a5683012"
+checksum = "b9e20a958963c291dc322d98411f541009df2ced7b5a4f2bd52337638cfccf20"
 dependencies = [
  "bytes",
  "cfg_aliases",
@@ -1904,8 +2646,8 @@ dependencies = [
  "quinn-proto",
  "quinn-udp",
  "rustc-hash 2.1.1",
- "rustls",
- "socket2",
+ "rustls 0.23.31",
+ "socket2 0.6.0",
  "thiserror",
  "tokio",
  "tracing",
@@ -1914,16 +2656,17 @@ dependencies = [
 
 [[package]]
 name = "quinn-proto"
-version = "0.11.10"
+version = "0.11.13"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b820744eb4dc9b57a3398183639c511b5a26d2ed702cedd3febaa1393caa22cc"
+checksum = "f1906b49b0c3bc04b5fe5d86a77925ae6524a19b816ae38ce1e426255f1d8a31"
 dependencies = [
  "bytes",
- "getrandom 0.3.2",
+ "getrandom 0.3.3",
+ "lru-slab",
  "rand",
  "ring",
  "rustc-hash 2.1.1",
- "rustls",
+ "rustls 0.23.31",
  "rustls-pki-types",
  "slab",
  "thiserror",
@@ -1934,16 +2677,16 @@ dependencies = [
 
 [[package]]
 name = "quinn-udp"
-version = "0.5.11"
+version = "0.5.14"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "541d0f57c6ec747a90738a52741d3221f7960e8ac2f0ff4b1a63680e033b4ab5"
+checksum = "addec6a0dcad8a8d96a771f815f0eaf55f9d1805756410b39f5fa81332574cbd"
 dependencies = [
  "cfg_aliases",
  "libc",
  "once_cell",
- "socket2",
+ "socket2 0.6.0",
  "tracing",
- "windows-sys 0.59.0",
+ "windows-sys 0.60.2",
 ]
 
 [[package]]
@@ -1957,28 +2700,37 @@ dependencies = [
 
 [[package]]
 name = "r-efi"
-version = "5.2.0"
+version = "5.3.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "74765f6d916ee2faa39bc8e68e4f3ed8949b48cccdac59983d287a7cb71ce9c5"
+checksum = "69cdb34c158ceb288df11e18b4bd39de994f6657d83847bdffdbd7f346754b0f"
 
 [[package]]
 name = "rand"
-version = "0.9.1"
+version = "0.9.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9fbfd9d094a40bf3ae768db9361049ace4c0e04a4fd6b359518bd7b73a73dd97"
+checksum = "6db2770f06117d490610c7488547d543617b21bfa07796d7a12f6f1bd53850d1"
 dependencies = [
  "rand_chacha",
- "rand_core",
+ "rand_core 0.9.3",
 ]
 
 [[package]]
 name = "rand_chacha"
 version = "0.9.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d3022b5f1df60f26e1ffddd6c66e8aa15de382ae63b3a0c1bfc0e4d3e3f325cb"
+checksum = "d3022b5f1df60f26e1ffddd6c66e8aa15de382ae63b3a0c1bfc0e4d3e3f325cb"
+dependencies = [
+ "ppv-lite86",
+ "rand_core 0.9.3",
+]
+
+[[package]]
+name = "rand_core"
+version = "0.6.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ec0be4795e2f6a28069bec0b5ff3e2ac9bafc99e6a9a7dc3547996c5c816922c"
 dependencies = [
- "ppv-lite86",
- "rand_core",
+ "getrandom 0.2.16",
 ]
 
 [[package]]
@@ -1987,26 +2739,27 @@ version = "0.9.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "99d9a13982dcf210057a8a78572b2217b667c3beacbf3a0d8b454f6f82837d38"
 dependencies = [
- "getrandom 0.3.2",
+ "getrandom 0.3.3",
 ]
 
 [[package]]
 name = "redox_syscall"
-version = "0.5.10"
+version = "0.5.17"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0b8c0c260b63a8219631167be35e6a988e9554dbd323f8bd08439c8ed1302bd1"
+checksum = "5407465600fb0548f1442edf71dd20683c6ed326200ace4b1ef0763521bb3b77"
 dependencies = [
  "bitflags",
 ]
 
 [[package]]
 name = "reduct-base"
-version = "1.15.3"
+version = "1.17.0"
 dependencies = [
  "async-trait",
  "bytes",
  "chrono",
- "http",
+ "futures",
+ "http 1.3.1",
  "int-enum",
  "log",
  "rstest",
@@ -2019,19 +2772,22 @@ dependencies = [
 
 [[package]]
 name = "reduct-macros"
-version = "1.15.3"
+version = "1.17.0"
 dependencies = [
  "quote",
- "syn 2.0.101",
+ "syn 2.0.106",
 ]
 
 [[package]]
 name = "reductstore"
-version = "1.15.3"
+version = "1.17.0"
 dependencies = [
  "assert_matches",
  "async-stream",
  "async-trait",
+ "aws-config",
+ "aws-credential-types",
+ "aws-sdk-s3",
  "axum",
  "axum-extra",
  "axum-server",
@@ -2045,11 +2801,12 @@ dependencies = [
  "dlopen2",
  "futures-util",
  "hex",
- "hyper",
+ "hyper 1.7.0",
  "jsonwebtoken",
  "log",
  "mime_guess",
  "mockall",
+ "needs_env_var",
  "prost",
  "prost-build",
  "prost-wkt-types",
@@ -2060,7 +2817,7 @@ dependencies = [
  "reqwest",
  "ring",
  "rstest",
- "rustls",
+ "rustls 0.23.31",
  "serde",
  "serde_json",
  "serial_test",
@@ -2074,47 +2831,38 @@ dependencies = [
 
 [[package]]
 name = "regex"
-version = "1.11.1"
+version = "1.11.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b544ef1b4eac5dc2db33ea63606ae9ffcfac26c1416a2806ae0bf5f56b201191"
+checksum = "23d7fd106d8c02486a8d64e778353d1cffe08ce79ac2e82f540c86d0facf6912"
 dependencies = [
  "aho-corasick",
  "memchr",
- "regex-automata 0.4.9",
- "regex-syntax 0.8.5",
-]
-
-[[package]]
-name = "regex-automata"
-version = "0.1.10"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6c230d73fb8d8c1b9c0b3135c5142a8acee3a0558fb8db5cf1cb65f8d7862132"
-dependencies = [
- "regex-syntax 0.6.29",
+ "regex-automata",
+ "regex-syntax",
 ]
 
 [[package]]
 name = "regex-automata"
-version = "0.4.9"
+version = "0.4.10"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "809e8dc61f6de73b46c85f4c96486310fe304c434cfa43669d7b40f711150908"
+checksum = "6b9458fa0bfeeac22b5ca447c63aaf45f28439a709ccd244698632f9aa6394d6"
 dependencies = [
  "aho-corasick",
  "memchr",
- "regex-syntax 0.8.5",
+ "regex-syntax",
 ]
 
 [[package]]
-name = "regex-syntax"
-version = "0.6.29"
+name = "regex-lite"
+version = "0.1.7"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f162c6dd7b008981e4d40210aca20b4bd0f9b60ca9271061b07f78537722f2e1"
+checksum = "943f41321c63ef1c92fd763bfe054d2668f7f225a5c29f0105903dc2fc04ba30"
 
 [[package]]
 name = "regex-syntax"
-version = "0.8.5"
+version = "0.8.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2b15c43186be67a4fd63bee50d0303afffcef381492ebe2c5d87f324e1b8815c"
+checksum = "caf4aa5b0f434c91fe5c7f1ecb6a5ece2130b02ad2a590589dda5146df959001"
 
 [[package]]
 name = "relative-path"
@@ -2124,40 +2872,37 @@ checksum = "ba39f3699c378cd8970968dcbff9c43159ea4cfbd88d43c00b22f2ef10a435d2"
 
 [[package]]
 name = "reqwest"
-version = "0.12.15"
+version = "0.12.23"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d19c46a6fdd48bc4dab94b6103fccc55d34c67cc0ad04653aad4ea2a07cd7bbb"
+checksum = "d429f34c8092b2d42c7c93cec323bb4adeb7c67698f70839adec842ec10c7ceb"
 dependencies = [
  "base64 0.22.1",
  "bytes",
  "futures-channel",
  "futures-core",
  "futures-util",
- "http",
- "http-body",
+ "http 1.3.1",
+ "http-body 1.0.1",
  "http-body-util",
- "hyper",
- "hyper-rustls",
+ "hyper 1.7.0",
+ "hyper-rustls 0.27.7",
  "hyper-util",
- "ipnet",
  "js-sys",
  "log",
- "mime",
- "once_cell",
  "percent-encoding",
  "pin-project-lite",
  "quinn",
- "rustls",
- "rustls-pemfile",
+ "rustls 0.23.31",
  "rustls-pki-types",
  "serde",
  "serde_json",
  "serde_urlencoded",
  "sync_wrapper",
  "tokio",
- "tokio-rustls",
+ "tokio-rustls 0.26.2",
  "tokio-util",
  "tower",
+ "tower-http",
  "tower-service",
  "url",
  "wasm-bindgen",
@@ -2165,7 +2910,17 @@ dependencies = [
  "wasm-streams",
  "web-sys",
  "webpki-roots",
- "windows-registry",
+]
+
+[[package]]
+name = "rfc6979"
+version = "0.3.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "7743f17af12fa0b03b803ba12cd6a8d9483a587e89c69445e3909655c0b9fabb"
+dependencies = [
+ "crypto-bigint 0.4.9",
+ "hmac",
+ "zeroize",
 ]
 
 [[package]]
@@ -2176,7 +2931,7 @@ checksum = "a4689e6c2294d81e88dc6261c768b63bc4fcdb852be6d1352498b114f61383b7"
 dependencies = [
  "cc",
  "cfg-if",
- "getrandom 0.2.15",
+ "getrandom 0.2.16",
  "libc",
  "untrusted",
  "windows-sys 0.52.0",
@@ -2184,21 +2939,20 @@ dependencies = [
 
 [[package]]
 name = "rstest"
-version = "0.25.0"
+version = "0.26.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6fc39292f8613e913f7df8fa892b8944ceb47c247b78e1b1ae2f09e019be789d"
+checksum = "f5a3193c063baaa2a95a33f03035c8a72b83d97a54916055ba22d35ed3839d49"
 dependencies = [
  "futures-timer",
  "futures-util",
  "rstest_macros",
- "rustc_version",
 ]
 
 [[package]]
 name = "rstest_macros"
-version = "0.25.0"
+version = "0.26.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1f168d99749d307be9de54d23fd226628d99768225ef08f6ffb52e0182a27746"
+checksum = "9c845311f0ff7951c5506121a9ad75aec44d083c31583b2ea5a30bcb0b0abba0"
 dependencies = [
  "cfg-if",
  "glob",
@@ -2208,15 +2962,15 @@ dependencies = [
  "regex",
  "relative-path",
  "rustc_version",
- "syn 2.0.101",
+ "syn 2.0.106",
  "unicode-ident",
 ]
 
 [[package]]
 name = "rustc-demangle"
-version = "0.1.24"
+version = "0.1.26"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "719b953e2095829ee67db738b3bfa9fa368c94900df327b3f07fe6e794d2fe1f"
+checksum = "56f7d92ca342cea22a06f2121d944b4fd82af56988c270852495420f961d4ace"
 
 [[package]]
 name = "rustc-hash"
@@ -2254,33 +3008,78 @@ dependencies = [
 
 [[package]]
 name = "rustix"
-version = "1.0.3"
+version = "1.0.8"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e56a18552996ac8d29ecc3b190b4fdbb2d91ca4ec396de7bbffaf43f3d637e96"
+checksum = "11181fbabf243db407ef8df94a6ce0b2f9a733bd8be4ad02b4eda9602296cac8"
 dependencies = [
  "bitflags",
  "errno",
  "libc",
- "linux-raw-sys 0.9.3",
- "windows-sys 0.59.0",
+ "linux-raw-sys 0.9.4",
+ "windows-sys 0.60.2",
+]
+
+[[package]]
+name = "rustls"
+version = "0.21.12"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "3f56a14d1f48b391359b22f731fd4bd7e43c97f3c50eee276f3aa09c94784d3e"
+dependencies = [
+ "log",
+ "ring",
+ "rustls-webpki 0.101.7",
+ "sct",
 ]
 
 [[package]]
 name = "rustls"
-version = "0.23.26"
+version = "0.23.31"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "df51b5869f3a441595eac5e8ff14d486ff285f7b8c0df8770e49c3b56351f0f0"
+checksum = "c0ebcbd2f03de0fc1122ad9bb24b127a5a6cd51d72604a3f3c50ac459762b6cc"
 dependencies = [
  "aws-lc-rs",
  "log",
  "once_cell",
  "ring",
  "rustls-pki-types",
- "rustls-webpki",
+ "rustls-webpki 0.103.4",
  "subtle",
  "zeroize",
 ]
 
+[[package]]
+name = "rustls-native-certs"
+version = "0.6.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a9aace74cb666635c918e9c12bc0d348266037aa8eb599b5cba565709a8dff00"
+dependencies = [
+ "openssl-probe",
+ "rustls-pemfile 1.0.4",
+ "schannel",
+ "security-framework 2.11.1",
+]
+
+[[package]]
+name = "rustls-native-certs"
+version = "0.8.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "7fcff2dd52b58a8d98a70243663a0d234c4e2b79235637849d15913394a247d3"
+dependencies = [
+ "openssl-probe",
+ "rustls-pki-types",
+ "schannel",
+ "security-framework 3.3.0",
+]
+
+[[package]]
+name = "rustls-pemfile"
+version = "1.0.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1c74cae0a4cf6ccbbf5f359f08efdf8ee7e1dc532573bf0db71968cb56b1448c"
+dependencies = [
+ "base64 0.21.7",
+]
+
 [[package]]
 name = "rustls-pemfile"
 version = "2.2.0"
@@ -2292,18 +3091,29 @@ dependencies = [
 
 [[package]]
 name = "rustls-pki-types"
-version = "1.11.0"
+version = "1.12.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "917ce264624a4b4db1c364dcc35bfca9ded014d0a958cd47ad3e960e988ea51c"
+checksum = "229a4a4c221013e7e1f1a043678c5cc39fe5171437c88fb47151a21e6f5b5c79"
 dependencies = [
  "web-time",
+ "zeroize",
+]
+
+[[package]]
+name = "rustls-webpki"
+version = "0.101.7"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8b6275d1ee7a1cd780b64aca7726599a1dbc893b1e64144529e55c3c2f745765"
+dependencies = [
+ "ring",
+ "untrusted",
 ]
 
 [[package]]
 name = "rustls-webpki"
-version = "0.103.1"
+version = "0.103.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "fef8b8769aaccf73098557a87cd1816b4f9c7c16811c9c77142aa695c16f2c03"
+checksum = "0a17884ae0c1b773f1ccd2bd4a8c72f16da897310a98b0e84bf349ad5ead92fc"
 dependencies = [
  "aws-lc-rs",
  "ring",
@@ -2313,9 +3123,9 @@ dependencies = [
 
 [[package]]
 name = "rustversion"
-version = "1.0.20"
+version = "1.0.22"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "eded382c5f5f786b989652c49544c4877d9f015cc22e145a5ea8ea66c2921cd2"
+checksum = "b39cdef0fa800fc44525c84ccb54a029961a8215f9619753635a9c0d2538d46d"
 
 [[package]]
 name = "ryu"
@@ -2325,24 +3135,93 @@ checksum = "28d3b2b1366ec20994f1fd18c3c594f05c5dd4bc44d8bb0c1c632c8d6829481f"
 
 [[package]]
 name = "scc"
-version = "2.3.3"
+version = "2.4.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ea091f6cac2595aa38993f04f4ee692ed43757035c36e67c180b6828356385b1"
+checksum = "46e6f046b7fef48e2660c57ed794263155d713de679057f2d0c169bfc6e756cc"
 dependencies = [
  "sdd",
 ]
 
+[[package]]
+name = "schannel"
+version = "0.1.27"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1f29ebaa345f945cec9fbbc532eb307f0fdad8161f281b6369539c8d84876b3d"
+dependencies = [
+ "windows-sys 0.59.0",
+]
+
 [[package]]
 name = "scopeguard"
 version = "1.2.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "94143f37725109f92c262ed2cf5e59bce7498c01bcc1502d7b9afe439a4e9f49"
 
+[[package]]
+name = "sct"
+version = "0.7.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "da046153aa2352493d6cb7da4b6e5c0c057d8a1d0a9aa8560baffdd945acd414"
+dependencies = [
+ "ring",
+ "untrusted",
+]
+
 [[package]]
 name = "sdd"
-version = "3.0.8"
+version = "3.0.10"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "490dcfcbfef26be6800d11870ff2df8774fa6e86d047e3e8c8a76b25655e41ca"
+
+[[package]]
+name = "sec1"
+version = "0.3.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "3be24c1842290c45df0a7bf069e0c268a747ad05a192f2fd7dcfdbc1cba40928"
+dependencies = [
+ "base16ct",
+ "der",
+ "generic-array",
+ "pkcs8",
+ "subtle",
+ "zeroize",
+]
+
+[[package]]
+name = "security-framework"
+version = "2.11.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "897b2245f0b511c87893af39b033e5ca9cce68824c4d7e7630b5a1d339658d02"
+dependencies = [
+ "bitflags",
+ "core-foundation 0.9.4",
+ "core-foundation-sys",
+ "libc",
+ "security-framework-sys",
+]
+
+[[package]]
+name = "security-framework"
+version = "3.3.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "80fb1d92c5028aa318b4b8bd7302a5bfcf48be96a37fc6fc790f806b0004ee0c"
+dependencies = [
+ "bitflags",
+ "core-foundation 0.10.1",
+ "core-foundation-sys",
+ "libc",
+ "security-framework-sys",
+]
+
+[[package]]
+name = "security-framework-sys"
+version = "2.14.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "584e070911c7017da6cb2eb0788d09f43d789029b5877d3e5ecc8acf86ceee21"
+checksum = "49db231d56a190491cb4aeda9527f1ad45345af50b0851622a7adb8c03b01c32"
+dependencies = [
+ "core-foundation-sys",
+ "libc",
+]
 
 [[package]]
 name = "semver"
@@ -2367,14 +3246,14 @@ checksum = "5b0276cf7f2c73365f7157c8123c21cd9a50fbbd844757af28ca1f5925fc2a00"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.101",
+ "syn 2.0.106",
 ]
 
 [[package]]
 name = "serde_json"
-version = "1.0.140"
+version = "1.0.143"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "20068b6e96dc6c9bd23e01df8827e6c7e1f2fddd43c21810382803c136b99373"
+checksum = "d401abef1d108fbd9cbaebc3e46611f4b1021f714a0597a71f41ee463f5f4a5a"
 dependencies = [
  "indexmap",
  "itoa",
@@ -2427,7 +3306,7 @@ checksum = "5d69265a08751de7844521fd15003ae0a888e035773ba05695c5c759a6f89eef"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.101",
+ "syn 2.0.106",
 ]
 
 [[package]]
@@ -2441,6 +3320,17 @@ dependencies = [
  "digest",
 ]
 
+[[package]]
+name = "sha2"
+version = "0.10.9"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a7507d819769d01a365ab707794a4084392c824f54a7a6a7862f8c3d0892b283"
+dependencies = [
+ "cfg-if",
+ "cpufeatures",
+ "digest",
+]
+
 [[package]]
 name = "sharded-slab"
 version = "0.1.7"
@@ -2458,13 +3348,23 @@ checksum = "0fda2ff0d084019ba4d7c6f371c95d8fd75ce3524c3cb8fb653a3023f6323e64"
 
 [[package]]
 name = "signal-hook-registry"
-version = "1.4.2"
+version = "1.4.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a9e9e0b4211b72e7b8b6e85c807d36c212bdb33ea8587f7569562a84df5465b1"
+checksum = "b2a4719bff48cee6b39d12c020eeb490953ad2443b7055bd0b21fca26bd8c28b"
 dependencies = [
  "libc",
 ]
 
+[[package]]
+name = "signature"
+version = "1.6.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "74233d3b3b2f6d4b006dc19dee745e73e2a6bfb6f93607cd3b02bd5b00797d7c"
+dependencies = [
+ "digest",
+ "rand_core 0.6.4",
+]
+
 [[package]]
 name = "simd-adler32"
 version = "0.3.7"
@@ -2485,29 +3385,46 @@ dependencies = [
 
 [[package]]
 name = "slab"
-version = "0.4.9"
+version = "0.4.11"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8f92a496fb766b417c996b9c5e57daf2f7ad3b0bebe1ccfca4856390e3d3bb67"
-dependencies = [
- "autocfg",
-]
+checksum = "7a2ae44ef20feb57a68b23d846850f861394c2e02dc425a50098ae8c90267589"
 
 [[package]]
 name = "smallvec"
-version = "1.14.0"
+version = "1.15.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7fcf8323ef1faaee30a44a340193b1ac6814fd9b7b4e88e9d4519a3e4abe1cfd"
+checksum = "67b1b7a3b5fe4f1376887184045fcf45c69e92af734b7aaddc05fb777b6fbd03"
 
 [[package]]
 name = "socket2"
-version = "0.5.8"
+version = "0.5.10"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c970269d99b64e60ec3bd6ad27270092a5394c4e309314b18ae3fe575695fbe8"
+checksum = "e22376abed350d73dd1cd119b57ffccad95b4e585a7cda43e286245ce23c0678"
 dependencies = [
  "libc",
  "windows-sys 0.52.0",
 ]
 
+[[package]]
+name = "socket2"
+version = "0.6.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "233504af464074f9d066d7b5416c5f9b894a5862a6506e306f7b816cdd6f1807"
+dependencies = [
+ "libc",
+ "windows-sys 0.59.0",
+]
+
+[[package]]
+name = "spki"
+version = "0.6.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "67cf02bbac7a337dc36e4f5a693db6c21e7863f45070f7064577eb4367a3212b"
+dependencies = [
+ "base64ct",
+ "der",
+]
+
 [[package]]
 name = "stable_deref_trait"
 version = "1.2.0"
@@ -2533,9 +3450,9 @@ dependencies = [
 
 [[package]]
 name = "syn"
-version = "2.0.101"
+version = "2.0.106"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8ce2b7fc941b3a24138a0a7cf8e858bfc6a992e7978a068a5c760deb0ed43caf"
+checksum = "ede7c438028d4436d71104916910f5bb611972c5cfd7f89b8300a8186e6fada6"
 dependencies = [
  "proc-macro2",
  "quote",
@@ -2553,26 +3470,26 @@ dependencies = [
 
 [[package]]
 name = "synstructure"
-version = "0.13.1"
+version = "0.13.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c8af7666ab7b6390ab78131fb5b0fce11d6b7a6951602017c35fa82800708971"
+checksum = "728a70f3dbaf5bab7f0c4b1ac8d7ae5ea60a4b5549c8a5914361c99147a709d2"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.101",
+ "syn 2.0.106",
 ]
 
 [[package]]
 name = "tempfile"
-version = "3.19.1"
+version = "3.21.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7437ac7763b9b123ccf33c338a5cc1bac6f69b45a136c19bdd8a65e3916435bf"
+checksum = "15b61f8f20e3a6f7e0649d825294eaf317edce30f82cf6026e7e4cb9222a7d1e"
 dependencies = [
  "fastrand",
- "getrandom 0.3.2",
+ "getrandom 0.3.3",
  "once_cell",
- "rustix 1.0.3",
- "windows-sys 0.59.0",
+ "rustix 1.0.8",
+ "windows-sys 0.60.2",
 ]
 
 [[package]]
@@ -2583,9 +3500,9 @@ checksum = "8f50febec83f5ee1df3015341d8bd429f2d1cc62bcba7ea2076759d315084683"
 
 [[package]]
 name = "test-log"
-version = "0.2.17"
+version = "0.2.18"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e7f46083d221181166e5b6f6b1e5f1d499f3a76888826e6cb1d057554157cd0f"
+checksum = "1e33b98a582ea0be1168eba097538ee8dd4bbe0f2b01b22ac92ea30054e5be7b"
 dependencies = [
  "env_logger",
  "test-log-macros",
@@ -2594,33 +3511,33 @@ dependencies = [
 
 [[package]]
 name = "test-log-macros"
-version = "0.2.17"
+version = "0.2.18"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "888d0c3c6db53c0fdab160d2ed5e12ba745383d3e85813f2ea0f2b1475ab553f"
+checksum = "451b374529930d7601b1eef8d32bc79ae870b6079b069401709c2a8bf9e75f36"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.101",
+ "syn 2.0.106",
 ]
 
 [[package]]
 name = "thiserror"
-version = "2.0.12"
+version = "2.0.16"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "567b8a2dae586314f7be2a752ec7474332959c6460e02bde30d702a66d488708"
+checksum = "3467d614147380f2e4e374161426ff399c91084acd2363eaf549172b3d5e60c0"
 dependencies = [
  "thiserror-impl",
 ]
 
 [[package]]
 name = "thiserror-impl"
-version = "2.0.12"
+version = "2.0.16"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7f7cf42b4507d8ea322120659672cf1b9dbb93f8f2d4ecfd6e51350ff5b17a1d"
+checksum = "6c5e1be1c48b9172ee610da68fd9cd2770e7a4056cb3fc98710ee6906f0c7960"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.101",
+ "syn 2.0.106",
 ]
 
 [[package]]
@@ -2635,22 +3552,20 @@ dependencies = [
 
 [[package]]
 name = "thread_local"
-version = "1.1.8"
+version = "1.1.9"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8b9ef9bad013ada3808854ceac7b46812a6465ba368859a37e2100283d2d719c"
+checksum = "f60246a4944f24f6e018aa17cdeffb7818b76356965d03b07d6a9886e8962185"
 dependencies = [
  "cfg-if",
- "once_cell",
 ]
 
 [[package]]
 name = "time"
-version = "0.3.41"
+version = "0.3.42"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8a7619e19bc266e0f9c5e6686659d394bc57973859340060a69221e57dbc0c40"
+checksum = "8ca967379f9d8eb8058d86ed467d81d03e81acd45757e4ca341c24affbe8e8e3"
 dependencies = [
  "deranged",
- "itoa",
  "num-conv",
  "powerfmt",
  "serde",
@@ -2660,15 +3575,15 @@ dependencies = [
 
 [[package]]
 name = "time-core"
-version = "0.1.4"
+version = "0.1.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c9e9a38711f559d9e3ce1cdb06dd7c5b8ea546bc90052da6d06bb76da74bb07c"
+checksum = "a9108bb380861b07264b950ded55a44a14a4adc68b9f5efd85aafc3aa4d40a68"
 
 [[package]]
 name = "time-macros"
-version = "0.2.22"
+version = "0.2.23"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3526739392ec93fd8b359c8e98514cb3e8e021beb4e5f597b00a0221f8ed8a49"
+checksum = "7182799245a7264ce590b349d90338f1c1affad93d2639aed5f8f69c090b334c"
 dependencies = [
  "num-conv",
  "time-core",
@@ -2676,9 +3591,9 @@ dependencies = [
 
 [[package]]
 name = "tinystr"
-version = "0.7.6"
+version = "0.8.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9117f5d4db391c1cf6927e7bea3db74b9a1c1add8f7eda9ffd5364f40f57b82f"
+checksum = "5d4f6d1145dcb577acf783d4e601bc1d76a13337bb54e6233add580b07344c8b"
 dependencies = [
  "displaydoc",
  "zerovec",
@@ -2686,9 +3601,9 @@ dependencies = [
 
 [[package]]
 name = "tinyvec"
-version = "1.9.0"
+version = "1.10.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "09b3661f17e86524eccd4371ab0429194e0d7c008abb45f7a7495b1719463c71"
+checksum = "bfa5fdc3bce6191a1dbc8c02d5c8bffcf557bafa17c124c5264a458f1b0613fa"
 dependencies = [
  "tinyvec_macros",
 ]
@@ -2701,20 +3616,22 @@ checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20"
 
 [[package]]
 name = "tokio"
-version = "1.44.2"
+version = "1.47.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e6b88822cbe49de4185e3a4cbf8321dd487cf5fe0c5c65695fef6346371e9c48"
+checksum = "89e49afdadebb872d3145a5638b59eb0691ea23e46ca484037cfab3b76b95038"
 dependencies = [
  "backtrace",
  "bytes",
+ "io-uring",
  "libc",
  "mio",
  "parking_lot",
  "pin-project-lite",
  "signal-hook-registry",
- "socket2",
+ "slab",
+ "socket2 0.6.0",
  "tokio-macros",
- "windows-sys 0.52.0",
+ "windows-sys 0.59.0",
 ]
 
 [[package]]
@@ -2725,7 +3642,17 @@ checksum = "6e06d43f1345a3bcd39f6a56dbb7dcab2ba47e68e8ac134855e7e2bdbaf8cab8"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.101",
+ "syn 2.0.106",
+]
+
+[[package]]
+name = "tokio-rustls"
+version = "0.24.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c28327cf380ac148141087fbfb9de9d7bd4e84ab5d2c28fbc911d753de8a7081"
+dependencies = [
+ "rustls 0.21.12",
+ "tokio",
 ]
 
 [[package]]
@@ -2734,15 +3661,15 @@ version = "0.26.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "8e727b36a1a0e8b74c376ac2211e40c2c8af09fb4013c60d910495810f008e9b"
 dependencies = [
- "rustls",
+ "rustls 0.23.31",
  "tokio",
 ]
 
 [[package]]
 name = "tokio-util"
-version = "0.7.14"
+version = "0.7.16"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6b9590b93e6fcc1739458317cccd391ad3955e2bde8913edf6f95f9e65a8f034"
+checksum = "14307c986784f72ef81c89db7d9e28d6ac26d16213b109ea501696195e6e3ce5"
 dependencies = [
  "bytes",
  "futures-core",
@@ -2753,9 +3680,9 @@ dependencies = [
 
 [[package]]
 name = "toml_datetime"
-version = "0.6.8"
+version = "0.6.11"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0dd7358ecb8fc2f8d014bf86f6f638ce72ba252a2c3a2572f2a795f1d23efb41"
+checksum = "22cddaf88f4fbc13c51aebbf5f8eceb5c7c5a9da2ac40a13519eb5b0a0e8f11c"
 
 [[package]]
 name = "toml_edit"
@@ -2770,13 +3697,13 @@ dependencies = [
 
 [[package]]
 name = "toml_edit"
-version = "0.22.24"
+version = "0.22.27"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "17b4795ff5edd201c7cd6dca065ae59972ce77d1b80fa0a84d94950ece7d1474"
+checksum = "41fe8c660ae4257887cf66394862d21dbca4a6ddd26f04a3560410406a2f819a"
 dependencies = [
  "indexmap",
  "toml_datetime",
- "winnow 0.7.4",
+ "winnow 0.7.13",
 ]
 
 [[package]]
@@ -2797,14 +3724,18 @@ dependencies = [
 
 [[package]]
 name = "tower-http"
-version = "0.6.2"
+version = "0.6.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "403fa3b783d4b626a8ad51d766ab03cb6d2dbfc46b1c5d4448395e6628dc9697"
+checksum = "adc82fd73de2a9722ac5da747f12383d2bfdb93591ee6c58486e0097890f05f2"
 dependencies = [
  "bitflags",
  "bytes",
- "http",
+ "futures-util",
+ "http 1.3.1",
+ "http-body 1.0.1",
+ "iri-string",
  "pin-project-lite",
+ "tower",
  "tower-layer",
  "tower-service",
 ]
@@ -2829,14 +3760,26 @@ checksum = "784e0ac535deb450455cbfa28a6f0df145ea1bb7ae51b821cf5e7927fdcfbdd0"
 dependencies = [
  "log",
  "pin-project-lite",
+ "tracing-attributes",
  "tracing-core",
 ]
 
+[[package]]
+name = "tracing-attributes"
+version = "0.1.30"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "81383ab64e72a7a8b8e13130c49e3dab29def6d0c7d76a03087b3cf71c5c6903"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn 2.0.106",
+]
+
 [[package]]
 name = "tracing-core"
-version = "0.1.33"
+version = "0.1.34"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e672c95779cf947c5311f83787af4fa8fffd12fb27e4993211a84bdfd9610f9c"
+checksum = "b9d12581f227e93f094d3af2ae690a574abb8a2b9b7a96e7cfe9647b2b617678"
 dependencies = [
  "once_cell",
  "valuable",
@@ -2855,14 +3798,14 @@ dependencies = [
 
 [[package]]
 name = "tracing-subscriber"
-version = "0.3.19"
+version = "0.3.20"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e8189decb5ac0fa7bc8b96b7cb9b2701d60d48805aca84a238004d665fcc4008"
+checksum = "2054a14f5307d601f88daf0553e1cbf472acc4f2c51afab632431cdcd72124d5"
 dependencies = [
  "matchers",
  "nu-ansi-term",
  "once_cell",
- "regex",
+ "regex-automata",
  "sharded-slab",
  "thread_local",
  "tracing",
@@ -2909,7 +3852,7 @@ checksum = "35f5380909ffc31b4de4f4bdf96b877175a016aa2ca98cee39fcfd8c4d53d952"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.101",
+ "syn 2.0.106",
 ]
 
 [[package]]
@@ -2932,9 +3875,9 @@ checksum = "8ecb6da28b8a351d773b68d5825ac39017e680750f980f3a1a85cd8dd28a47c1"
 
 [[package]]
 name = "url"
-version = "2.5.4"
+version = "2.5.7"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "32f8b686cadd1473f4bd0117a5d28d36b1ade384ea9b5069a1c40aefed7fda60"
+checksum = "08bc136a29a3d1758e07a9cca267be308aeebf5cfd5a10f3f67ab2097683ef5b"
 dependencies = [
  "form_urlencoded",
  "idna",
@@ -2943,10 +3886,10 @@ dependencies = [
 ]
 
 [[package]]
-name = "utf16_iter"
-version = "1.0.5"
+name = "urlencoding"
+version = "2.1.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c8232dd3cdaed5356e0f716d285e4b40b932ac434100fe9b7e0e8e935b9e6246"
+checksum = "daf8dba3b7eb870caf1ddeed7bc9d2a049f3cfdfae7cb521b087cc33ae4c49da"
 
 [[package]]
 name = "utf8_iter"
@@ -2960,6 +3903,16 @@ version = "0.2.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "06abde3611657adf66d383f00b093d7faecc7fa57071cce2578660c9f1010821"
 
+[[package]]
+name = "uuid"
+version = "1.18.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "2f87b8aa10b915a06587d0dec516c282ff295b475d94abf425d62b57710070a2"
+dependencies = [
+ "js-sys",
+ "wasm-bindgen",
+]
+
 [[package]]
 name = "valuable"
 version = "0.1.1"
@@ -2972,6 +3925,12 @@ version = "0.9.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "0b928f33d975fc6ad9f86c8f283853ad26bdd5b10b7f1542aa2fa15e2289105a"
 
+[[package]]
+name = "vsimd"
+version = "0.8.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5c3082ca00d5a5ef149bb8b555a72ae84c9c59f7250f013ac822ac2e49b19c64"
+
 [[package]]
 name = "want"
 version = "0.3.1"
@@ -2983,17 +3942,17 @@ dependencies = [
 
 [[package]]
 name = "wasi"
-version = "0.11.0+wasi-snapshot-preview1"
+version = "0.11.1+wasi-snapshot-preview1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423"
+checksum = "ccf3ec651a847eb01de73ccad15eb7d99f80485de043efb2f370cd654f4ea44b"
 
 [[package]]
 name = "wasi"
-version = "0.14.2+wasi-0.2.4"
+version = "0.14.3+wasi-0.2.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9683f9a5a998d873c0d21fcbe3c083009670149a8fab228644b8bd36b2c48cb3"
+checksum = "6a51ae83037bdd272a9e28ce236db8c07016dd0d50c27038b3f407533c030c95"
 dependencies = [
- "wit-bindgen-rt",
+ "wit-bindgen",
 ]
 
 [[package]]
@@ -3018,7 +3977,7 @@ dependencies = [
  "log",
  "proc-macro2",
  "quote",
- "syn 2.0.101",
+ "syn 2.0.106",
  "wasm-bindgen-shared",
 ]
 
@@ -3053,7 +4012,7 @@ checksum = "8ae87ea40c9f689fc23f209965b6fb8a99ad69aeeb0231408be24920604395de"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.101",
+ "syn 2.0.106",
  "wasm-bindgen-backend",
  "wasm-bindgen-shared",
 ]
@@ -3102,9 +4061,9 @@ dependencies = [
 
 [[package]]
 name = "webpki-roots"
-version = "0.26.8"
+version = "1.0.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2210b291f7ea53617fbafcc4939f10914214ec15aace5ba62293a668f322c5c9"
+checksum = "7e8983c3ab33d6fb807cfcdad2491c4ea8cbc8ed839181c7dfd9c67c83e261b2"
 dependencies = [
  "rustls-pki-types",
 ]
@@ -3145,44 +4104,59 @@ checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f"
 
 [[package]]
 name = "windows-core"
-version = "0.52.0"
+version = "0.61.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "33ab640c8d7e35bf8ba19b884ba838ceb4fba93a4e8c65a9059d08afcfc683d9"
+checksum = "c0fdd3ddb90610c7638aa2b3a3ab2904fb9e5cdbecc643ddb3647212781c4ae3"
 dependencies = [
- "windows-targets 0.52.6",
+ "windows-implement",
+ "windows-interface",
+ "windows-link",
+ "windows-result",
+ "windows-strings",
 ]
 
 [[package]]
-name = "windows-link"
-version = "0.1.1"
+name = "windows-implement"
+version = "0.60.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "76840935b766e1b0a05c0066835fb9ec80071d4c09a16f6bd5f7e655e3c14c38"
+checksum = "a47fddd13af08290e67f4acabf4b459f647552718f683a7b415d290ac744a836"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn 2.0.106",
+]
 
 [[package]]
-name = "windows-registry"
-version = "0.4.0"
+name = "windows-interface"
+version = "0.59.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4286ad90ddb45071efd1a66dfa43eb02dd0dfbae1545ad6cc3c51cf34d7e8ba3"
+checksum = "bd9211b69f8dcdfa817bfd14bf1c97c9188afa36f4750130fcdf3f400eca9fa8"
 dependencies = [
- "windows-result",
- "windows-strings",
- "windows-targets 0.53.0",
+ "proc-macro2",
+ "quote",
+ "syn 2.0.106",
 ]
 
+[[package]]
+name = "windows-link"
+version = "0.1.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5e6ad25900d524eaabdbbb96d20b4311e1e7ae1699af4fb28c17ae66c80d798a"
+
 [[package]]
 name = "windows-result"
-version = "0.3.2"
+version = "0.3.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c64fd11a4fd95df68efcfee5f44a294fe71b8bc6a91993e2791938abcc712252"
+checksum = "56f42bd332cc6c8eac5af113fc0c1fd6a8fd2aa08a0119358686e5160d0586c6"
 dependencies = [
  "windows-link",
 ]
 
 [[package]]
 name = "windows-strings"
-version = "0.3.1"
+version = "0.4.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "87fa48cc5d406560701792be122a10132491cff9d0aeb23583cc2dcafc847319"
+checksum = "56e6c93f3a0c3b36176cb1327a4958a0353d5d166c2a35cb268ace15e91d3b57"
 dependencies = [
  "windows-link",
 ]
@@ -3205,6 +4179,15 @@ dependencies = [
  "windows-targets 0.52.6",
 ]
 
+[[package]]
+name = "windows-sys"
+version = "0.60.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f2f500e4d28234f72040990ec9d39e3a6b950f9f22d3dba18416c35882612bcb"
+dependencies = [
+ "windows-targets 0.53.3",
+]
+
 [[package]]
 name = "windows-targets"
 version = "0.52.6"
@@ -3223,10 +4206,11 @@ dependencies = [
 
 [[package]]
 name = "windows-targets"
-version = "0.53.0"
+version = "0.53.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b1e4c7e8ceaaf9cb7d7507c974735728ab453b67ef8f18febdd7c11fe59dca8b"
+checksum = "d5fe6031c4041849d7c496a8ded650796e7b6ecc19df1a431c1a363342e5dc91"
 dependencies = [
+ "windows-link",
  "windows_aarch64_gnullvm 0.53.0",
  "windows_aarch64_msvc 0.53.0",
  "windows_i686_gnu 0.53.0",
@@ -3344,48 +4328,36 @@ dependencies = [
 
 [[package]]
 name = "winnow"
-version = "0.7.4"
+version = "0.7.13"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0e97b544156e9bebe1a0ffbc03484fc1ffe3100cbce3ffb17eac35f7cdd7ab36"
+checksum = "21a0236b59786fed61e2a80582dd500fe61f18b5dca67a4a067d0bc9039339cf"
 dependencies = [
  "memchr",
 ]
 
 [[package]]
-name = "wit-bindgen-rt"
-version = "0.39.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6f42320e61fe2cfd34354ecb597f86f413484a798ba44a8ca1165c58d42da6c1"
-dependencies = [
- "bitflags",
-]
-
-[[package]]
-name = "write16"
-version = "1.0.0"
+name = "wit-bindgen"
+version = "0.45.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d1890f4022759daae28ed4fe62859b1236caebfc61ede2f63ed4e695f3f6d936"
+checksum = "052283831dbae3d879dc7f51f3d92703a316ca49f91540417d38591826127814"
 
 [[package]]
 name = "writeable"
-version = "0.5.5"
+version = "0.6.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1e9df38ee2d2c3c5948ea468a8406ff0db0b29ae1ffde1bcf20ef305bcc95c51"
+checksum = "ea2f10b9bb0928dfb1b42b65e1f9e36f7f54dbdf08457afefb38afcdec4fa2bb"
 
 [[package]]
-name = "xz2"
-version = "0.1.7"
+name = "xmlparser"
+version = "0.13.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "388c44dc09d76f1536602ead6d325eb532f5c122f17782bd57fb47baeeb767e2"
-dependencies = [
- "lzma-sys",
-]
+checksum = "66fee0b777b0f5ac1c69bb06d361268faafa61cd4682ae064a171c16c433e9e4"
 
 [[package]]
 name = "yoke"
-version = "0.7.5"
+version = "0.8.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "120e6aef9aa629e3d4f52dc8cc43a015c7724194c97dfaf45180d2daf2b77f40"
+checksum = "5f41bb01b8226ef4bfd589436a297c53d118f65921786300e427be8d487695cc"
 dependencies = [
  "serde",
  "stable_deref_trait",
@@ -3395,34 +4367,34 @@ dependencies = [
 
 [[package]]
 name = "yoke-derive"
-version = "0.7.5"
+version = "0.8.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2380878cad4ac9aac1e2435f3eb4020e8374b5f13c296cb75b4620ff8e229154"
+checksum = "38da3c9736e16c5d3c8c597a9aaa5d1fa565d0532ae05e27c24aa62fb32c0ab6"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.101",
+ "syn 2.0.106",
  "synstructure",
 ]
 
 [[package]]
 name = "zerocopy"
-version = "0.8.24"
+version = "0.8.26"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2586fea28e186957ef732a5f8b3be2da217d65c5969d4b1e17f973ebbe876879"
+checksum = "1039dd0d3c310cf05de012d8a39ff557cb0d23087fd44cad61df08fc31907a2f"
 dependencies = [
  "zerocopy-derive",
 ]
 
 [[package]]
 name = "zerocopy-derive"
-version = "0.8.24"
+version = "0.8.26"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a996a8f63c5c4448cd959ac1bab0aaa3306ccfd060472f85943ee0750f0169be"
+checksum = "9ecf5b4cc5364572d7f4c329661bcc82724222973f2cab6f050a4e5c22f75181"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.101",
+ "syn 2.0.106",
 ]
 
 [[package]]
@@ -3442,7 +4414,7 @@ checksum = "d71e5d6e06ab090c67b5e44993ec16b72dcbaabc526db883a360057678b48502"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.101",
+ "syn 2.0.106",
  "synstructure",
 ]
 
@@ -3463,14 +4435,25 @@ checksum = "ce36e65b0d2999d2aafac989fb249189a141aee1f53c612c1f37d72631959f69"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.101",
+ "syn 2.0.106",
+]
+
+[[package]]
+name = "zerotrie"
+version = "0.2.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "36f0bbd478583f79edad978b407914f61b2972f5af6fa089686016be8f9af595"
+dependencies = [
+ "displaydoc",
+ "yoke",
+ "zerofrom",
 ]
 
 [[package]]
 name = "zerovec"
-version = "0.10.4"
+version = "0.11.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "aa2b893d79df23bfb12d5461018d408ea19dfafe76c2c7ef6d4eba614f8ff079"
+checksum = "e7aa2bd55086f1ab526693ecbe444205da57e25f4489879da80635a46d90e73b"
 dependencies = [
  "yoke",
  "zerofrom",
@@ -3479,54 +4462,57 @@ dependencies = [
 
 [[package]]
 name = "zerovec-derive"
-version = "0.10.3"
+version = "0.11.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6eafa6dfb17584ea3e2bd6e76e0cc15ad7af12b09abdd1ca55961bed9b1063c6"
+checksum = "5b96237efa0c878c64bd89c436f661be4e46b2f3eff1ebb976f7ef2321d2f58f"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.101",
+ "syn 2.0.106",
 ]
 
 [[package]]
 name = "zip"
-version = "2.6.1"
+version = "4.6.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1dcb24d0152526ae49b9b96c1dcf71850ca1e0b882e4e28ed898a93c41334744"
+checksum = "c034aa6c54f654df20e7dc3713bc51705c12f280748fb6d7f40f87c696623e34"
 dependencies = [
  "aes",
  "arbitrary",
  "bzip2",
  "constant_time_eq",
  "crc32fast",
- "crossbeam-utils",
  "deflate64",
  "flate2",
- "getrandom 0.3.2",
+ "getrandom 0.3.3",
  "hmac",
  "indexmap",
- "lzma-rs",
+ "liblzma",
  "memchr",
  "pbkdf2",
+ "ppmd-rust",
  "sha1",
  "time",
- "xz2",
  "zeroize",
  "zopfli",
  "zstd",
 ]
 
+[[package]]
+name = "zlib-rs"
+version = "0.5.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "2f06ae92f42f5e5c42443fd094f245eb656abf56dd7cce9b8b263236565e00f2"
+
 [[package]]
 name = "zopfli"
-version = "0.8.1"
+version = "0.8.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e5019f391bac5cf252e93bbcc53d039ffd62c7bfb7c150414d61369afe57e946"
+checksum = "edfc5ee405f504cd4984ecc6f14d02d55cfda60fa4b689434ef4102aae150cd7"
 dependencies = [
  "bumpalo",
  "crc32fast",
- "lockfree-object-pool",
  "log",
- "once_cell",
  "simd-adler32",
 ]
 
diff --git a/Cargo.toml b/Cargo.toml
index 8a4cfb9dd..1db4a1597 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -8,7 +8,7 @@ members = [
 resolver = "2"
 
 [workspace.package]
-version = "1.15.3"
+version = "1.17.0"
 authors = ["Alexey Timin <atimin@reduct.store>", "ReductSoftware UG <info@reduct.store>"]
 edition = "2021"
-rust-version = "1.85.0"
+rust-version = "1.89.0"
diff --git a/Dockerfile b/Dockerfile
deleted file mode 100644
index c90c617db..000000000
--- a/Dockerfile
+++ /dev/null
@@ -1,34 +0,0 @@
-FROM ubuntu:22.04 AS  builder
-
-RUN apt-get update && apt-get install -y \
-    cmake \
-    build-essential \
-    curl \
-    protobuf-compiler
-
-RUN curl https://sh.rustup.rs -sSf | sh -s -- -y
-
-# Add .cargo/bin to PATH
-ENV PATH="/root/.cargo/bin:${PATH}"
-
-WORKDIR /src
-
-COPY reductstore reductstore
-COPY reduct_base reduct_base
-COPY reduct_macros reduct_macros
-COPY .cargo .cargo
-COPY Cargo.toml Cargo.toml
-COPY Cargo.lock Cargo.lock
-
-ARG GIT_COMMIT=unspecified
-RUN GIT_COMMIT=${GIT_COMMIT} cargo build --release
-
-FROM ubuntu:22.04
-
-COPY --from=builder /src/target/release/reductstore /usr/local/bin/reductstore
-
-EXPOSE 8383
-
-RUN mkdir /data
-
-CMD ["reductstore"]
diff --git a/README.md b/README.md
index 0cdd71ab3..17a8ee5eb 100644
--- a/README.md
+++ b/README.md
@@ -107,6 +107,7 @@ Here are the client SDKs available:
 - [Python Client SDK](https://github.com/reductstore/reduct-py)
 - [JavaScript Client SDK](https://github.com/reductstore/reduct-js)
 - [C++ Client SDK](https://github.com/reductstore/reduct-cpp)
+- [Go Client SDK](https://github.com/reductstore/reduct-go)
 
 ## Tools
 
diff --git a/buildx.Dockerfile b/buildx.Dockerfile
index e8ec4fb99..7bf1f965a 100644
--- a/buildx.Dockerfile
+++ b/buildx.Dockerfile
@@ -6,7 +6,7 @@ ARG TARGETPLATFORM
 ARG BUILDPLATFORM
 ARG CARGO_TARGET
 ARG GCC_COMPILER=gcc-11
-ARG GIT_COMMIT=unspecified
+ARG RUST_VERSION
 
 RUN apt-get update && apt-get install -y \
     cmake \
@@ -14,12 +14,13 @@ RUN apt-get update && apt-get install -y \
     curl \
     protobuf-compiler \
     clang \
+    ca-certificates \
     ${GCC_COMPILER}
 
 RUN curl https://sh.rustup.rs -sSf | sh -s -- -y
-
 # Add .cargo/bin to PATH
 ENV PATH="/root/.cargo/bin:${PATH}"
+RUN rustup default ${RUST_VERSION}
 RUN rustup target add ${CARGO_TARGET}
 
 WORKDIR /src
@@ -31,9 +32,10 @@ COPY .cargo /root/.cargo
 COPY Cargo.toml Cargo.toml
 COPY Cargo.lock Cargo.lock
 
-
+ARG GIT_COMMIT=unspecified
+ARG ARTIFACT_SAS_URL
 RUN cargo install --force --locked bindgen-cli
-RUN GIT_COMMIT=${GIT_COMMIT} cargo build --release --target ${CARGO_TARGET} --package reductstore
+RUN GIT_COMMIT=${GIT_COMMIT} ARTIFACT_SAS_URL=${ARTIFACT_SAS_URL} cargo build --release --target ${CARGO_TARGET} --package reductstore --all-features
 RUN cargo install reduct-cli --target ${CARGO_TARGET} --root /src/target/${CARGO_TARGET}/release
 
 RUN mkdir /data
@@ -44,6 +46,10 @@ ARG CARGO_TARGET
 COPY --from=builder /src/target/${CARGO_TARGET}/release/reductstore /usr/local/bin/reductstore
 COPY --from=builder /src/target/${CARGO_TARGET}/release/bin/reduct-cli /usr/local/bin/reduct-cli
 COPY --from=builder /data /data
+COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
+
+ENV SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt
+ENV AWS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt
 
 HEALTHCHECK --interval=5s --timeout=3s \
   CMD reduct-cli server alive http://localhost:8383 || exit 1
diff --git a/integration_tests/api/bucket_api_test.py b/integration_tests/api/bucket_api_test.py
index d6fbca72e..6683e1552 100644
--- a/integration_tests/api/bucket_api_test.py
+++ b/integration_tests/api/bucket_api_test.py
@@ -1,4 +1,5 @@
 import json
+from time import sleep
 
 from .conftest import requires_env, auth_headers
 
@@ -45,7 +46,8 @@ def test__create_bucket_with_full_access_token(
     assert resp.status_code == 401
 
     resp = session.post(
-        f"{base_url}/b/{bucket_name}", headers=auth_headers(token_without_permissions)
+        f"{base_url}/b/{bucket_name}",
+        headers=auth_headers(token_without_permissions.value),
     )
     assert resp.status_code == 403
 
@@ -79,7 +81,12 @@ def test__create_bucket_custom(base_url, session, bucket_name):
 
 @requires_env("API_TOKEN")
 def test__get_bucket_with_authenticated_token(
-    base_url, session, bucket_name, token_without_permissions
+    base_url,
+    session,
+    bucket_name,
+    token_without_permissions,
+    token_read_bucket,
+    token_write_bucket,
 ):
     """Needs an authenticated token"""
     session.post(f"{base_url}/b/{bucket_name}")
@@ -88,10 +95,21 @@ def test__get_bucket_with_authenticated_token(
     assert resp.status_code == 401
 
     resp = session.get(
-        f"{base_url}/b/{bucket_name}", headers=auth_headers(token_without_permissions)
+        f"{base_url}/b/{bucket_name}",
+        headers=auth_headers(token_without_permissions.value),
+    )
+    assert resp.status_code == 403
+
+    resp = session.get(
+        f"{base_url}/b/{bucket_name}", headers=auth_headers(token_read_bucket.value)
     )
     assert resp.status_code == 200
 
+    resp = session.get(
+        f"{base_url}/b/{bucket_name}", headers=auth_headers(token_write_bucket.value)
+    )
+    assert resp.status_code == 403
+
 
 def test__get_bucket_stats(base_url, session, bucket_name):
     """Should get stats from bucket"""
@@ -185,17 +203,18 @@ def test__update_bucket_with_full_access_token(
     assert resp.status_code == 401
 
     resp = session.put(
-        f"{base_url}/b/{bucket_name}", headers=auth_headers(token_without_permissions)
+        f"{base_url}/b/{bucket_name}",
+        headers=auth_headers(token_without_permissions.value),
     )
     assert resp.status_code == 403
 
     resp = session.put(
-        f"{base_url}/b/{bucket_name}", headers=auth_headers(token_read_bucket)
+        f"{base_url}/b/{bucket_name}", headers=auth_headers(token_read_bucket.value)
     )
     assert resp.status_code == 403
 
     resp = session.put(
-        f"{base_url}/b/{bucket_name}", headers=auth_headers(token_write_bucket)
+        f"{base_url}/b/{bucket_name}", headers=auth_headers(token_write_bucket.value)
     )
     assert resp.status_code == 403
 
@@ -226,17 +245,18 @@ def test__remove_bucket_with_full_access_token(
     assert resp.status_code == 401
 
     resp = session.delete(
-        f"{base_url}/b/{bucket_name}", headers=auth_headers(token_without_permissions)
+        f"{base_url}/b/{bucket_name}",
+        headers=auth_headers(token_without_permissions.value),
     )
     assert resp.status_code == 403
 
     resp = session.delete(
-        f"{base_url}/b/{bucket_name}", headers=auth_headers(token_read_bucket)
+        f"{base_url}/b/{bucket_name}", headers=auth_headers(token_read_bucket.value)
     )
     assert resp.status_code == 403
 
     resp = session.delete(
-        f"{base_url}/b/{bucket_name}", headers=auth_headers(token_write_bucket)
+        f"{base_url}/b/{bucket_name}", headers=auth_headers(token_write_bucket.value)
     )
     assert resp.status_code == 403
 
@@ -267,7 +287,8 @@ def test__head_bucket_with_full_access_token(
     assert resp.status_code == 401
 
     resp = session.head(
-        f"{base_url}/b/{bucket_name}", headers=auth_headers(token_without_permissions)
+        f"{base_url}/b/{bucket_name}",
+        headers=auth_headers(token_without_permissions.value),
     )
     assert resp.status_code == 200
 
@@ -311,20 +332,20 @@ def test__rename_bucket_with_full_access_token(
     resp = session.put(
         f"{base_url}/b/{bucket_name}/rename",
         json={"new_name": new_bucket_name},
-        headers=auth_headers(token_without_permissions),
+        headers=auth_headers(token_without_permissions.value),
     )
     assert resp.status_code == 403
 
     resp = session.put(
         f"{base_url}/b/{bucket_name}/rename",
         json={"new_name": new_bucket_name},
-        headers=auth_headers(token_read_bucket),
+        headers=auth_headers(token_read_bucket.value),
     )
     assert resp.status_code == 403
 
     resp = session.put(
         f"{base_url}/b/{bucket_name}/rename",
         json={"new_name": new_bucket_name},
-        headers=auth_headers(token_write_bucket),
+        headers=auth_headers(token_write_bucket.value),
     )
     assert resp.status_code == 403
diff --git a/integration_tests/api/conftest.py b/integration_tests/api/conftest.py
index e2cf95461..d6e9f0447 100644
--- a/integration_tests/api/conftest.py
+++ b/integration_tests/api/conftest.py
@@ -2,6 +2,7 @@
 import os
 import random
 import secrets
+from collections import namedtuple
 from typing import Callable
 
 import pytest
@@ -75,9 +76,12 @@ def _make_token_permissions(session, base_url, token_generator):
     permissions = {
         "full_access": False,
     }
-    resp = session.post(f"{base_url}/tokens/{token_generator()}", json=permissions)
+    name = token_generator()
+    resp = session.post(f"{base_url}/tokens/{name}", json=permissions)
     assert resp.status_code == 200
-    return json.loads(resp.content)["value"]
+    return namedtuple("Token", ["name", "value"])(
+        name, json.loads(resp.content)["value"]
+    )
 
 
 @pytest.fixture(name="token_read_bucket")
@@ -87,9 +91,12 @@ def _make_token_read_bucket(session, base_url, bucket_name, token_generator):
         "full_access": False,
         "read": [bucket_name],
     }
-    resp = session.post(f"{base_url}/tokens/{token_generator()}", json=permissions)
+    name = token_generator()
+    resp = session.post(f"{base_url}/tokens/{name}", json=permissions)
     assert resp.status_code == 200
-    return json.loads(resp.content)["value"]
+    return namedtuple("Token", ["name", "value"])(
+        name, json.loads(resp.content)["value"]
+    )
 
 
 @pytest.fixture(name="token_write_bucket")
@@ -100,6 +107,9 @@ def _make_token_write_bucket(session, base_url, bucket_name, token_generator):
         "full_access": False,
         "write": [bucket_name],
     }
-    resp = session.post(f"{base_url}/tokens/{token_generator()}", json=permissions)
+    name = token_generator()
+    resp = session.post(f"{base_url}/tokens/{name}", json=permissions)
     assert resp.status_code == 200
-    return json.loads(resp.content)["value"]
+    return namedtuple("Token", ["name", "value"])(
+        name, json.loads(resp.content)["value"]
+    )
diff --git a/integration_tests/api/data/file.mcap b/integration_tests/api/data/file.mcap
new file mode 100644
index 000000000..87271d679
Binary files /dev/null and b/integration_tests/api/data/file.mcap differ
diff --git a/integration_tests/api/entry_api/entry_test.py b/integration_tests/api/entry_api/entry_test.py
index d796ef09c..801249895 100644
--- a/integration_tests/api/entry_api/entry_test.py
+++ b/integration_tests/api/entry_api/entry_test.py
@@ -1,4 +1,4 @@
-from ..conftest import requires_env
+from ..conftest import requires_env, auth_headers
 
 
 def test_remove_entry(base_url, session, bucket):
@@ -29,19 +29,19 @@ def test_remove_with_bucket_write_permissions(
 
     resp = session.delete(
         f"{base_url}/b/{bucket}/entry",
-        headers={"Authorization": f"Bearer {token_without_permissions}"},
+        headers=auth_headers(token_without_permissions.value),
     )
     assert resp.status_code == 403
 
     resp = session.delete(
         f"{base_url}/b/{bucket}/entry",
-        headers={"Authorization": f"Bearer {token_read_bucket}"},
+        headers=auth_headers(token_read_bucket.value),
     )
     assert resp.status_code == 403
 
     resp = session.delete(
         f"{base_url}/b/{bucket}/entry",
-        headers={"Authorization": f"Bearer {token_write_bucket}"},
+        headers=auth_headers(token_write_bucket.value),
     )
     assert resp.status_code == 200
 
@@ -74,27 +74,27 @@ def test_rename_with_bucket_write_permissions(
     token_read_bucket,
     token_write_bucket,
 ):
-    """Needs write permissions to rename entry"""
+    """Needs to write permissions to rename entry"""
     resp = session.post(f"{base_url}/b/{bucket}/entry?ts=1000", data="some_data1")
     assert resp.status_code == 200
 
     resp = session.put(
         f"{base_url}/b/{bucket}/entry/rename",
         json={"new_name": "new_name"},
-        headers={"Authorization": f"Bearer {token_without_permissions}"},
+        headers=auth_headers(token_without_permissions.value),
     )
     assert resp.status_code == 403
 
     resp = session.put(
         f"{base_url}/b/{bucket}/entry/rename",
         json={"new_name": "new_name"},
-        headers={"Authorization": f"Bearer {token_read_bucket}"},
+        headers=auth_headers(token_read_bucket.value),
     )
     assert resp.status_code == 403
 
     resp = session.put(
         f"{base_url}/b/{bucket}/entry/rename",
         json={"new_name": "new_name"},
-        headers={"Authorization": f"Bearer {token_write_bucket}"},
+        headers=auth_headers(token_write_bucket.value),
     )
     assert resp.status_code == 200
diff --git a/integration_tests/api/entry_api/query_test.py b/integration_tests/api/entry_api/query_test.py
index c548b6eef..29656f477 100644
--- a/integration_tests/api/entry_api/query_test.py
+++ b/integration_tests/api/entry_api/query_test.py
@@ -63,14 +63,12 @@ def test_query_entry_next(base_url, session, bucket):
     assert resp.status_code == 200
     assert resp.content == b"some_data"
     assert resp.headers["x-reduct-time"] == "1000"
-    assert resp.headers["x-reduct-last"] == "0"
 
     resp = session.get(f"{base_url}/b/{bucket}/entry?q={query_id}")
 
     assert resp.status_code == 200
     assert resp.content == b"some_data"
     assert resp.headers["x-reduct-time"] == "1100"
-    assert resp.headers["x-reduct-last"] == "0"
 
     resp = session.get(f"{base_url}/b/{bucket}/entry?q={query_id}")
     assert resp.status_code == 204
@@ -294,20 +292,20 @@ def test__query_with_read_token(
 
     resp = session.get(
         f"{base_url}/b/{bucket}/entry/q",
-        headers=auth_headers(token_without_permissions),
+        headers=auth_headers(token_without_permissions.value),
     )
     assert resp.status_code == 403
 
     resp = session.post(
         f"{base_url}/b/{bucket}/entry/q",
-        headers=auth_headers(token_read_bucket),
+        headers=auth_headers(token_read_bucket.value),
         json={"query_type": "QUERY"},
     )
     assert resp.status_code == 404  # no data
 
     resp = session.post(
         f"{base_url}/b/{bucket}/entry/q",
-        headers=auth_headers(token_write_bucket),
+        headers=auth_headers(token_write_bucket.value),
         json={"query_type": "QUERY"},
     )
     assert resp.status_code == 403
diff --git a/integration_tests/api/entry_api/read_write_record_test.py b/integration_tests/api/entry_api/read_write_record_test.py
index 22f5ee4f1..bbbe3a81f 100644
--- a/integration_tests/api/entry_api/read_write_record_test.py
+++ b/integration_tests/api/entry_api/read_write_record_test.py
@@ -50,7 +50,6 @@ def test_read_write_entries_big_blob_ok(base_url, session, bucket):
 
     assert resp.headers["content-type"] == "application/octet-stream"
     assert resp.headers["x-reduct-time"] == str(ts)
-    assert resp.headers["x-reduct-last"] == "1"
 
 
 @requires_env("API_TOKEN")
@@ -68,17 +67,19 @@ def test__read_with_read_token(
 
     resp = session.get(
         f"{base_url}/b/{bucket}/entry?ts=1000",
-        headers=auth_headers(token_without_permissions),
+        headers=auth_headers(token_without_permissions.value),
     )
     assert resp.status_code == 403
 
     resp = session.get(
-        f"{base_url}/b/{bucket}/entry?ts=1000", headers=auth_headers(token_read_bucket)
+        f"{base_url}/b/{bucket}/entry?ts=1000",
+        headers=auth_headers(token_read_bucket.value),
     )
     assert resp.status_code == 404  # no data
 
     resp = session.get(
-        f"{base_url}/b/{bucket}/entry?ts=1000", headers=auth_headers(token_write_bucket)
+        f"{base_url}/b/{bucket}/entry?ts=1000",
+        headers=auth_headers(token_write_bucket.value),
     )
     assert resp.status_code == 403
 
@@ -111,7 +112,6 @@ def test_latest_record(base_url, session, bucket):
     assert resp.status_code == 200
     assert resp.content == b"some_data2"
     assert resp.headers["x-reduct-time"] == "1010"
-    assert resp.headers["x-reduct-last"] == "1"
 
 
 def test_read_write_big_blob(base_url, session, bucket):
@@ -152,7 +152,7 @@ def test__write_with_write_token(
     token_read_bucket,
     token_write_bucket,
 ):
-    """Needs write permissions to write"""
+    """Needs to write permissions to write"""
     resp = session.post(
         f"{base_url}/b/{bucket}/entry?ts=1000", headers=auth_headers("")
     )
@@ -160,17 +160,19 @@ def test__write_with_write_token(
 
     resp = session.post(
         f"{base_url}/b/{bucket}/entry?ts=1000",
-        headers=auth_headers(token_without_permissions),
+        headers=auth_headers(token_without_permissions.value),
     )
     assert resp.status_code == 403
 
     resp = session.post(
-        f"{base_url}/b/{bucket}/entry?ts=1000", headers=auth_headers(token_read_bucket)
+        f"{base_url}/b/{bucket}/entry?ts=1000",
+        headers=auth_headers(token_read_bucket.value),
     )
     assert resp.status_code == 403
 
     resp = session.post(
-        f"{base_url}/b/{bucket}/entry?ts=1000", headers=auth_headers(token_write_bucket)
+        f"{base_url}/b/{bucket}/entry?ts=1000",
+        headers=auth_headers(token_write_bucket.value),
     )
     assert resp.status_code == 200
 
@@ -180,7 +182,6 @@ def test__head_entry_with_full_access_token(
     base_url,
     session,
     bucket,
-    token_without_permissions,
     token_write_bucket,
     token_read_bucket,
 ):
@@ -191,12 +192,13 @@ def test__head_entry_with_full_access_token(
     resp = session.post(
         f"{base_url}/b/{bucket}/{entry_name}?ts={ts}",
         data=dummy_data,
-        headers=auth_headers(token_write_bucket),
+        headers=auth_headers(token_write_bucket.value),
     )
     assert resp.status_code == 200
 
     resp = session.head(
-        f"{base_url}/b/{bucket}/{entry_name}", headers=auth_headers(token_read_bucket)
+        f"{base_url}/b/{bucket}/{entry_name}",
+        headers=auth_headers(token_read_bucket.value),
     )
     assert resp.status_code == 200
     assert len(resp.content) == 0
diff --git a/integration_tests/api/entry_api/remove_record_test.py b/integration_tests/api/entry_api/remove_record_test.py
index 0963666ee..e7bc41d9d 100644
--- a/integration_tests/api/entry_api/remove_record_test.py
+++ b/integration_tests/api/entry_api/remove_record_test.py
@@ -1,5 +1,5 @@
 import pytest
-from ..conftest import requires_env
+from ..conftest import requires_env, auth_headers
 
 
 @pytest.fixture(name="write_data")
@@ -92,21 +92,21 @@ def test_remove_record_with_permission(
 
     resp = session.delete(
         f"{base_url}/b/{bucket}/entry?ts={ts1}",
-        headers={"Authorization": f"Bearer {token_without_permissions}"},
+        headers=auth_headers(token_without_permissions.value),
     )
 
     assert resp.status_code == 403
 
     resp = session.delete(
         f"{base_url}/b/{bucket}/entry?ts={ts1}",
-        headers={"Authorization": f"Bearer {token_read_bucket}"},
+        headers=auth_headers(token_read_bucket.value),
     )
 
     assert resp.status_code == 403
 
     resp = session.delete(
         f"{base_url}/b/{bucket}/entry?ts={ts1}",
-        headers={"Authorization": f"Bearer {token_write_bucket}"},
+        headers=auth_headers(token_write_bucket.value),
     )
 
     assert resp.status_code == 200
@@ -126,21 +126,21 @@ def test_remove_records_in_batch_with_permission(
 
     resp = session.delete(
         f"{base_url}/b/{bucket}/entry/batch",
-        headers={"Authorization": f"Bearer {token_without_permissions}"},
+        headers=auth_headers(token_without_permissions.value),
     )
 
     assert resp.status_code == 403
 
     resp = session.delete(
         f"{base_url}/b/{bucket}/entry/batch",
-        headers={"Authorization": f"Bearer {token_read_bucket}"},
+        headers=auth_headers(token_read_bucket.value),
     )
 
     assert resp.status_code == 403
 
     resp = session.delete(
         f"{base_url}/b/{bucket}/entry/batch",
-        headers={"Authorization": f"Bearer {token_write_bucket}"},
+        headers=auth_headers(token_write_bucket.value),
     )
 
     assert resp.status_code == 200
@@ -160,21 +160,21 @@ def test_remove_records_query_with_permission(
 
     resp = session.delete(
         f"{base_url}/b/{bucket}/entry/q?start={ts1}&stop={ts2 + 1}",
-        headers={"Authorization": f"Bearer {token_without_permissions}"},
+        headers=auth_headers(token_without_permissions.value),
     )
 
     assert resp.status_code == 403
 
     resp = session.delete(
         f"{base_url}/b/{bucket}/entry/q?start={ts1}&stop={ts2 + 1}",
-        headers={"Authorization": f"Bearer {token_read_bucket}"},
+        headers=auth_headers(token_read_bucket.value),
     )
 
     assert resp.status_code == 403
 
     resp = session.delete(
         f"{base_url}/b/{bucket}/entry/q?start={ts1}&stop={ts2 + 1}",
-        headers={"Authorization": f"Bearer {token_write_bucket}"},
+        headers=auth_headers(token_write_bucket.value),
     )
 
     assert resp.status_code == 200
diff --git a/integration_tests/api/ext_test.py b/integration_tests/api/ext_test.py
new file mode 100644
index 000000000..a1a574563
--- /dev/null
+++ b/integration_tests/api/ext_test.py
@@ -0,0 +1,70 @@
+import json
+from pathlib import Path
+
+from .conftest import requires_env
+
+
+@requires_env("LICENSE_PATH")
+def test__select_ext(base_url, bucket, session):
+    """Check if the select extension is available"""
+    resp = session.post(f"{base_url}/b/{bucket}/entry?ts=1", data="1,2,3,4,5")
+    assert resp.status_code == 200
+
+    resp = session.post(
+        f"{base_url}/b/{bucket}/entry/q",
+        json={
+            "query_type": "QUERY",
+            "ext": {"select": {"columns": [{"index": 0, "as_label": "a"}]}},
+        },
+    )
+
+    assert resp.status_code == 200
+
+    query_id = int(json.loads(resp.content)["id"])
+    assert query_id >= 0
+
+    resp = session.get(f"{base_url}/b/{bucket}/entry/batch?q={query_id}")
+    assert resp.status_code == 200
+
+    assert resp.headers["x-reduct-time-1"] == "2,text/csv,@a=1"
+
+
+@requires_env("LICENSE_PATH")
+def test__ros_ext(base_url, bucket, session):
+    data = b""
+    with open(f"{Path(__file__).parent}/data/file.mcap", "rb") as f:
+        data = f.read()
+
+    resp = session.post(
+        f"{base_url}/b/{bucket}/entry?ts=1",
+        data=data,
+        headers={"Content-Type": "application/mcap"},
+    )
+    assert resp.status_code == 200
+
+    resp = session.post(
+        f"{base_url}/b/{bucket}/entry/q",
+        json={
+            "query_type": "QUERY",
+            "ext": {
+                "ros": {  # name of the extension to use
+                    "extract": {
+                        "topic": "/test"  # Specify the topic to extract from the mcap file
+                    },
+                },
+                "when": {"$limit": 1},
+            },
+        },
+    )
+
+    assert resp.status_code == 200
+    query_id = int(json.loads(resp.content)["id"])
+    assert query_id >= 0
+    resp = session.get(f"{base_url}/b/{bucket}/entry/batch?q={query_id}")
+    assert resp.status_code == 200
+
+    assert (
+        resp.headers["x-reduct-time-24"]
+        == "16,application/json,@encoding=cdr,@schema=std_msgs/String,@topic=/test"
+    )
+    assert resp.content == b'{"data":"hello"}'
diff --git a/integration_tests/api/http_test.py b/integration_tests/api/http_test.py
index 85bf9e190..af4dad8d6 100644
--- a/integration_tests/api/http_test.py
+++ b/integration_tests/api/http_test.py
@@ -6,7 +6,7 @@ def test_api_version(base_url, session):
     resp = session.get(f"{base_url}/info")
 
     assert resp.status_code == 200
-    assert resp.headers["x-reduct-api"] == "1.15"
+    assert resp.headers["x-reduct-api"] == "1.17"
 
 
 def test_cors_allows_first_allowed_origin(base_url, session):
diff --git a/integration_tests/api/server_api_test.py b/integration_tests/api/server_api_test.py
index b2c494f3c..b69db9d25 100644
--- a/integration_tests/api/server_api_test.py
+++ b/integration_tests/api/server_api_test.py
@@ -51,7 +51,7 @@ def test__authorized_info(base_url, session, token_without_permissions):
     assert resp.status_code == 401
 
     resp = session.get(
-        f"{base_url}/info", headers=auth_headers(token_without_permissions)
+        f"{base_url}/info", headers=auth_headers(token_without_permissions.value)
     )
     assert resp.status_code == 200
 
@@ -80,7 +80,7 @@ def test__authorized_list(base_url, session, token_without_permissions):
     assert resp.status_code == 401
 
     resp = session.get(
-        f"{base_url}/list", headers=auth_headers(token_without_permissions)
+        f"{base_url}/list", headers=auth_headers(token_without_permissions.value)
     )
     assert resp.status_code == 200
 
diff --git a/integration_tests/api/token_api_test.py b/integration_tests/api/token_api_test.py
index 69ef8a1ce..c0b49a5fa 100644
--- a/integration_tests/api/token_api_test.py
+++ b/integration_tests/api/token_api_test.py
@@ -36,10 +36,13 @@ def test__creat_token_with_full_access(
     resp = session.post(
         f"{base_url}/tokens/{token_name}",
         json=permissions,
-        headers=auth_headers(token_without_permissions),
+        headers=auth_headers(token_without_permissions.value),
     )
     assert resp.status_code == 403
-    assert resp.headers["x-reduct-error"] == "Token doesn't have full access"
+    assert (
+        resp.headers["x-reduct-error"]
+        == f"Token '{token_without_permissions.name}' doesn't have full access"
+    )
 
 
 @requires_env("API_TOKEN")
@@ -63,10 +66,13 @@ def test__list_token_with_full_access(base_url, session, token_without_permissio
     assert resp.status_code == 401
 
     resp = session.get(
-        f"{base_url}/tokens", headers=auth_headers(token_without_permissions)
+        f"{base_url}/tokens", headers=auth_headers(token_without_permissions.value)
     )
     assert resp.status_code == 403
-    assert resp.headers["x-reduct-error"] == "Token doesn't have full access"
+    assert (
+        resp.headers["x-reduct-error"]
+        == f"Token '{token_without_permissions.name}' doesn't have full access"
+    )
 
 
 @requires_env("API_TOKEN")
@@ -104,10 +110,14 @@ def test__get_token_with_full_access(base_url, session, token_without_permission
     assert resp.status_code == 401
 
     resp = session.get(
-        f"{base_url}/tokens/token-name", headers=auth_headers(token_without_permissions)
+        f"{base_url}/tokens/token-name",
+        headers=auth_headers(token_without_permissions.value),
     )
     assert resp.status_code == 403
-    assert resp.headers["x-reduct-error"] == "Token doesn't have full access"
+    assert (
+        resp.headers["x-reduct-error"]
+        == f"Token '{token_without_permissions.name}' doesn't have full access"
+    )
 
 
 @requires_env("API_TOKEN")
@@ -133,7 +143,11 @@ def test__delete_token_with_full_access(base_url, session, token_without_permiss
     assert resp.status_code == 401
 
     resp = session.delete(
-        f"{base_url}/tokens/token-name", headers=auth_headers(token_without_permissions)
+        f"{base_url}/tokens/token-name",
+        headers=auth_headers(token_without_permissions.value),
     )
     assert resp.status_code == 403
-    assert resp.headers["x-reduct-error"] == "Token doesn't have full access"
+    assert (
+        resp.headers["x-reduct-error"]
+        == f"Token '{token_without_permissions.name}' doesn't have full access"
+    )
diff --git a/misc/test_script.py b/misc/test_script.py
new file mode 100644
index 000000000..72e6ca245
--- /dev/null
+++ b/misc/test_script.py
@@ -0,0 +1,39 @@
+from datetime import datetime
+
+from reduct import Client, BucketSettings, QuotaType
+
+
+async def main():
+    async with Client("http://localhost:8383", api_token="my-token") as client:
+        bucket = await client.create_bucket(
+            "my-bucket",
+            BucketSettings(quota_type=QuotaType.FIFO, quota_size=1_000_000_000),
+            exist_ok=True,
+        )
+
+        # 3. Write some data with timestamps in the 'entry-1' entry
+        now = datetime.now().timestamp()
+        await bucket.write(
+            "sensor-1",
+            b"<Blob data>",
+            timestamp=now,
+            labels={"score": 10, "label2": "value2"},
+        )
+        await bucket.write(
+            "sensor-1",
+            b"<Blob data>",
+            timestamp=now + 1,
+            labels={"score": 20, "label2": "value2"},
+        )
+
+        when = {"#select_labels": ["score"]}
+        async for record in bucket.query("sensor-1", start=now, when=when):
+            print(f"Record labels: {record.labels}")
+            print(await record.read_all())
+
+
+# 5. Run the main function
+if __name__ == "__main__":
+    import asyncio
+
+    asyncio.run(main())
diff --git a/reduct_base/Cargo.toml b/reduct_base/Cargo.toml
index 4b53edd6c..7207bd119 100644
--- a/reduct_base/Cargo.toml
+++ b/reduct_base/Cargo.toml
@@ -27,17 +27,17 @@ all = ["io", "ext"]
 
 [dependencies]
 serde = { version = "1.0.219", features = ["derive"] }
-serde_json = { version = "1.0.140", features = ["preserve_order"] }
+serde_json = { version = "1.0.143", features = ["preserve_order"] }
 int-enum = "0.5.0"
 chrono = { version = "0.4.41", features = ["serde"] }
 url = "2.5.4"
 http = "1.2.0"
 bytes = "1.10.0"
-async-trait = { version =  "0.1.87" , optional = true }
-tokio = { version = "1.44.2", optional = true, features = ["default", "rt", "time"] }
+async-trait = { version =  "0.1.89" , optional = true }
+tokio = { version = "1.47.1", optional = true, features = ["default", "rt", "time"] }
 log = "0.4.0"
 thread-id = "5.0.0"
-
+futures = "0.3.31"
 
 [dev-dependencies]
-rstest = "0.25.0"
+rstest = "0.26.1"
diff --git a/reduct_base/src/batch.rs b/reduct_base/src/batch.rs
index ab8e219bc..1cf2d7dcf 100644
--- a/reduct_base/src/batch.rs
+++ b/reduct_base/src/batch.rs
@@ -1,4 +1,4 @@
-// Copyright 2023 ReductSoftware UG
+// Copyright 2023-2025 ReductSoftware UG
 // This Source Code Form is subject to the terms of the Mozilla Public
 //    License, v. 2.0. If a copy of the MPL was not distributed with this
 //    file, You can obtain one at https://mozilla.org/MPL/2.0/.
@@ -8,7 +8,7 @@ use crate::{unprocessable_entity, Labels};
 use http::{HeaderMap, HeaderValue};
 
 pub struct RecordHeader {
-    pub content_length: usize,
+    pub content_length: u64,
     pub content_type: String,
     pub labels: Labels,
 }
@@ -30,7 +30,7 @@ pub fn parse_batched_header(header: &str) -> Result<RecordHeader, ReductError> {
         .ok_or(unprocessable_entity!("Invalid batched header"))?;
     let content_length = content_length
         .trim()
-        .parse::<usize>()
+        .parse::<u64>()
         .map_err(|_| unprocessable_entity!("Invalid content length"))?;
 
     let (content_type, rest) = rest
@@ -47,6 +47,13 @@ pub fn parse_batched_header(header: &str) -> Result<RecordHeader, ReductError> {
     let mut rest = rest.to_string();
     while let Some(pair) = rest.split_once('=') {
         let (key, value) = pair;
+        let key = key.trim();
+        if key.starts_with("@") {
+            return Err(unprocessable_entity!(
+                "Label names must not start with '@': reserved for computed labels",
+            ));
+        }
+
         rest = if value.starts_with('\"') {
             let value = value[1..].to_string();
             let (value, rest) = value
@@ -59,7 +66,7 @@ pub fn parse_batched_header(header: &str) -> Result<RecordHeader, ReductError> {
             labels.insert(key.trim().to_string(), value.trim().to_string());
             rest.trim().to_string()
         } else {
-            labels.insert(key.trim().to_string(), value.trim().to_string());
+            labels.insert(key.to_string(), value.trim().to_string());
             break;
         };
     }
@@ -151,9 +158,19 @@ mod tests {
     #[case("xxx")]
     fn test_parse_header_bad_header(#[case] header: &str) {
         let err = parse_batched_header(header).err().unwrap();
+        assert_eq!(err, unprocessable_entity!("Invalid batched header"));
+    }
+
+    #[rstest]
+    fn test_parse_header_bad_label() {
+        let err = parse_batched_header("123, text/plain, @label1=value1, label2=value2")
+            .err()
+            .unwrap();
         assert_eq!(
             err,
-            ReductError::unprocessable_entity("Invalid batched header")
+            unprocessable_entity!(
+                "Label names must not start with '@': reserved for computed labels"
+            )
         );
     }
 }
diff --git a/reduct_base/src/error.rs b/reduct_base/src/error.rs
index ea6c09aae..1e4d30d3f 100644
--- a/reduct_base/src/error.rs
+++ b/reduct_base/src/error.rs
@@ -293,6 +293,16 @@ macro_rules! bad_request {
     };
 }
 
+#[macro_export]
+macro_rules! forbidden {
+    ($msg:expr, $($arg:tt)*) => {
+        ReductError::forbidden(&format!($msg, $($arg)*))
+    };
+    ($msg:expr) => {
+        ReductError::forbidden($msg)
+    };
+}
+
 #[macro_export]
 macro_rules! unprocessable_entity {
     ($msg:expr, $($arg:tt)*) => {
diff --git a/reduct_base/src/ext.rs b/reduct_base/src/ext.rs
index 030f0b3d6..5896a263e 100644
--- a/reduct_base/src/ext.rs
+++ b/reduct_base/src/ext.rs
@@ -5,19 +5,60 @@
 
 mod ext_info;
 mod ext_settings;
-mod process_status;
 
 use crate::error::ReductError;
 use crate::io::ReadRecord;
 use crate::msg::entry_api::QueryEntry;
 use async_trait::async_trait;
-
 pub use ext_info::{IoExtensionInfo, IoExtensionInfoBuilder};
-
-pub use process_status::ProcessStatus;
+use futures::stream::Stream;
 
 pub use ext_settings::{ExtSettings, ExtSettingsBuilder};
 pub type BoxedReadRecord = Box<dyn ReadRecord + Send + Sync>;
+pub type BoxedRecordStream =
+    Box<dyn Stream<Item = Result<BoxedReadRecord, ReductError>> + Send + Sync>;
+
+pub const EXTENSION_API_VERSION: &str = "0.3";
+
+#[async_trait]
+pub trait Commiter {
+    /// Commit record after processing and filtering.
+    ///
+    /// This method is called after processing and filtering the record and
+    /// can be used to rebatch records when they represent entries of some data format like CVS lines, or JSON objects.
+    /// An extension can concatenate multiple records into one or split one record into multiple records depending on the query.
+    async fn commit_record(
+        &mut self,
+        record: BoxedReadRecord,
+    ) -> Option<Result<BoxedReadRecord, ReductError>>;
+
+    /// Flush the rest of the records.
+    async fn flush(&mut self) -> Option<Result<BoxedReadRecord, ReductError>>;
+}
+
+#[async_trait]
+pub trait Processor {
+    /// Processes a record in the extension.
+    ///
+    /// This method is called for each record that is fetched from the storage engine.
+    ///
+    /// # Arguments
+    ///
+    /// * `query_id` - The ID of the query.
+    /// * `record` - The record to process.
+    ///
+    /// # Returns
+    ////
+    ///  A stream of records that are processed by the extension. If the input represents data that has multiple entries,
+    ///  the extension can return a stream of records that are processed by the extension for each entry.
+    async fn process_record(
+        &mut self,
+        record: BoxedReadRecord,
+    ) -> Result<BoxedRecordStream, ReductError>;
+}
+
+pub type BoxedCommiter = Box<dyn Commiter + Send + Sync>;
+pub type BoxedProcessor = Box<dyn Processor + Send + Sync>;
 
 /// The trait for the IO extension.
 ///
@@ -39,49 +80,18 @@ pub trait IoExtension {
     ///
     /// # Arguments
     ///
-    /// * `query_id` - The ID of the query.
     /// * `bucket_name` - The name of the bucket.
     /// * `entry_name` - The name of the entry.
     /// * `query` - The query options
-    fn register_query(
-        &mut self,
-        query_id: u64,
-        bucket_name: &str,
-        entry_name: &str,
-        query: &QueryEntry,
-    ) -> Result<(), ReductError>;
-
-    /// Unregisters a query in the extension.
-    ///
-    /// This method is called after fetching records from the storage engine.
-    ///
-    /// # Arguments
-    ///
-    /// * `query_id` - The ID of the query.
-    ///
-    /// # Returns
-    ///
-    /// The status of the unregistering of the query.
-    fn unregister_query(&mut self, query_id: u64) -> Result<(), ReductError>;
-
-    /// Processes a record in the extension.
-    ///
-    /// This method is called for each record that is fetched from the storage engine.
-    ///
-    /// # Arguments
-    ///
-    /// * `query_id` - The ID of the query.
-    /// * `record` - The record to process.
     ///
     /// # Returns
     ///
-    /// The status of the processing of the record.
-    /// Ready status means that the record is ready to be processed by the next extension in the pipeline.
-    /// NotReady status means that the record is not ready to be processed by the next extension in the pipeline, but the pipeline should continue.
-    /// Stop status means that the pipeline should stop processing records.
-    async fn next_processed_record(
+    /// BoxedProcessor to process the data in the extension and return internal entries as temporary records.
+    /// BoxedCommiter to commit the records after processing and filtering into the final records.
+    fn query(
         &mut self,
-        query_id: u64,
-        record: BoxedReadRecord,
-    ) -> ProcessStatus;
+        bucket_name: &str,
+        entry_name: &str,
+        query: &QueryEntry,
+    ) -> Result<(BoxedProcessor, BoxedCommiter), ReductError>;
 }
diff --git a/reduct_base/src/ext/ext_settings.rs b/reduct_base/src/ext/ext_settings.rs
index 3160d85a8..f6afbb204 100644
--- a/reduct_base/src/ext/ext_settings.rs
+++ b/reduct_base/src/ext/ext_settings.rs
@@ -3,41 +3,52 @@
 //    License, v. 2.0. If a copy of the MPL was not distributed with this
 //    file, You can obtain one at https://mozilla.org/MPL/2.0/.
 
+use crate::msg::server_api::ServerInfo;
+
 /// Settings for initializing an extension.
 #[derive(Debug, PartialEq, Clone)]
 pub struct ExtSettings {
     /// The log level for the extension.
     log_level: String,
-}
-
-impl Default for ExtSettings {
-    fn default() -> Self {
-        Self {
-            log_level: "INFO".to_string(),
-        }
-    }
+    server_info: ServerInfo,
 }
 
 /// Builder for `ExtSettings`.
 pub struct ExtSettingsBuilder {
-    settings: ExtSettings,
+    log_level: String,
+    server_info: Option<ServerInfo>,
 }
 
 impl ExtSettingsBuilder {
     /// Creates a new `ExtSettingsBuilder`.
     fn new() -> Self {
         Self {
-            settings: ExtSettings::default(),
+            log_level: "INFO".to_string(),
+            server_info: None,
         }
     }
     /// Sets the log level for the extension.
     pub fn log_level(mut self, log_level: &str) -> Self {
-        self.settings.log_level = log_level.to_string();
+        self.log_level = log_level.to_string();
+        self
+    }
+
+    /// Sets the server info for the extension.
+    pub fn server_info(mut self, server_info: ServerInfo) -> Self {
+        self.server_info = Some(server_info);
         self
     }
 
+    /// Builds the `ExtSettings`.
+    ///
+    /// # Panics
+    ///
+    /// Panics if the server info is not set.
     pub fn build(self) -> ExtSettings {
-        self.settings
+        ExtSettings {
+            log_level: self.log_level,
+            server_info: self.server_info.expect("Server info must be set"),
+        }
     }
 }
 
@@ -47,6 +58,11 @@ impl ExtSettings {
         &self.log_level
     }
 
+    /// Returns the server info for the extension.
+    pub fn server_info(&self) -> &ServerInfo {
+        &self.server_info
+    }
+
     /// Creates a new `ExtSettingsBuilder`.
     pub fn builder() -> ExtSettingsBuilder {
         ExtSettingsBuilder::new()
@@ -59,8 +75,15 @@ mod tests {
 
     #[test]
     fn test_ext_settings_builder() {
-        let settings = ExtSettings::builder().log_level("info").build();
+        let settings = ExtSettings::builder()
+            .log_level("INFO")
+            .server_info(ServerInfo {
+                version: "1.0".to_string(),
+                ..ServerInfo::default()
+            })
+            .build();
 
-        assert_eq!(settings.log_level(), "info");
+        assert_eq!(settings.log_level(), "INFO");
+        assert_eq!(settings.server_info().version, "1.0");
     }
 }
diff --git a/reduct_base/src/ext/process_status.rs b/reduct_base/src/ext/process_status.rs
deleted file mode 100644
index b2e5bf3b9..000000000
--- a/reduct_base/src/ext/process_status.rs
+++ /dev/null
@@ -1,50 +0,0 @@
-// Copyright 2025 ReductSoftware UG
-// This Source Code Form is subject to the terms of the Mozilla Public
-//    License, v. 2.0. If a copy of the MPL was not distributed with this
-//    file, You can obtain one at https://mozilla.org/MPL/2.0/.
-
-use crate::error::ReductError;
-use crate::ext::BoxedReadRecord;
-use std::fmt::Debug;
-
-/// The status of the processing of a record.
-///
-/// The three possible states allow to aggregate records on the extension side.
-pub enum ProcessStatus {
-    Ready(Result<BoxedReadRecord, ReductError>),
-    NotReady,
-    Stop,
-}
-
-impl Debug for ProcessStatus {
-    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
-        match self {
-            ProcessStatus::Ready(_) => write!(f, "Ready(?)"),
-            ProcessStatus::NotReady => write!(f, "NotReady"),
-            ProcessStatus::Stop => write!(f, "Stop"),
-        }
-    }
-}
-
-#[cfg(test)]
-
-mod tests {
-    use super::*;
-
-    use crate::io::tests::MockRecord;
-
-    use rstest::rstest;
-
-    #[rstest]
-    fn test_debug() {
-        let record: BoxedReadRecord = Box::new(MockRecord {});
-        let status = ProcessStatus::Ready(Ok(record));
-        assert_eq!(format!("{:?}", status), "Ready(?)");
-
-        let status = ProcessStatus::NotReady;
-        assert_eq!(format!("{:?}", status), "NotReady");
-
-        let status = ProcessStatus::Stop;
-        assert_eq!(format!("{:?}", status), "Stop");
-    }
-}
diff --git a/reduct_base/src/io.rs b/reduct_base/src/io.rs
index 097ab15d9..c548d5061 100644
--- a/reduct_base/src/io.rs
+++ b/reduct_base/src/io.rs
@@ -2,28 +2,155 @@ use crate::error::ReductError;
 use crate::{internal_server_error, Labels};
 use async_trait::async_trait;
 use bytes::Bytes;
+use std::collections::HashMap;
 use std::time::Duration;
 use tokio::runtime::Handle;
 
 pub type WriteChunk = Result<Option<Bytes>, ReductError>;
 pub type ReadChunk = Option<Result<Bytes, ReductError>>;
 
-pub trait RecordMeta {
+#[derive(Debug, Clone, PartialEq)]
+pub struct RecordMeta {
+    timestamp: u64,
+    state: i32,
+    labels: Labels,
+    content_type: String,
+    content_length: u64,
+    computed_labels: Labels,
+}
+
+pub struct BuilderRecordMeta {
+    timestamp: u64,
+    state: i32,
+    labels: Labels,
+    content_type: String,
+    content_length: u64,
+    computed_labels: Labels,
+}
+
+impl BuilderRecordMeta {
+    pub fn timestamp(mut self, timestamp: u64) -> Self {
+        self.timestamp = timestamp;
+        self
+    }
+
+    pub fn state(mut self, state: i32) -> Self {
+        self.state = state;
+        self
+    }
+
+    pub fn labels<T: ToString>(mut self, labels: HashMap<T, T>) -> Self {
+        self.labels = labels
+            .into_iter()
+            .map(|(k, v)| (k.to_string(), v.to_string()))
+            .collect();
+        self
+    }
+
+    pub fn content_type(mut self, content_type: String) -> Self {
+        self.content_type = content_type;
+        self
+    }
+
+    pub fn content_length(mut self, content_length: u64) -> Self {
+        self.content_length = content_length;
+        self
+    }
+
+    pub fn computed_labels<T: ToString>(mut self, computed_labels: HashMap<T, T>) -> Self {
+        self.computed_labels = computed_labels
+            .into_iter()
+            .map(|(k, v)| (k.to_string(), v.to_string()))
+            .collect();
+        self
+    }
+
+    /// Builds a `RecordMeta` instance from the builder.
+    pub fn build(self) -> RecordMeta {
+        RecordMeta {
+            timestamp: self.timestamp,
+            state: self.state,
+            labels: self.labels,
+            content_type: self.content_type,
+            content_length: self.content_length,
+            computed_labels: self.computed_labels,
+        }
+    }
+}
+
+impl RecordMeta {
+    /// Creates a builder for a new `RecordMeta` instance.
+    pub fn builder() -> BuilderRecordMeta {
+        BuilderRecordMeta {
+            timestamp: 0,
+            state: 0,
+            labels: Labels::new(),
+            content_type: "application/octet-stream".to_string(),
+            content_length: 0,
+            computed_labels: Labels::new(),
+        }
+    }
+
+    /// Creates a builder from an existing `RecordMeta` instance.
+    pub fn builder_from(meta: RecordMeta) -> BuilderRecordMeta {
+        BuilderRecordMeta {
+            timestamp: meta.timestamp,
+            state: meta.state,
+            labels: meta.labels,
+            content_type: meta.content_type,
+            content_length: meta.content_length,
+            computed_labels: meta.computed_labels,
+        }
+    }
+
     /// Returns the timestamp of the record as Unix time in microseconds.
-    fn timestamp(&self) -> u64;
+    pub fn timestamp(&self) -> u64 {
+        self.timestamp
+    }
 
     /// Returns the labels associated with the record.
-    fn labels(&self) -> &Labels;
+    pub fn labels(&self) -> &Labels {
+        &self.labels
+    }
+
+    /// Returns a mutable reference to the labels associated with the record.
+    pub fn labels_mut(&mut self) -> &mut Labels {
+        &mut self.labels
+    }
 
     /// For filtering unfinished records.
-    fn state(&self) -> i32 {
-        0
+    pub fn state(&self) -> i32 {
+        self.state
+    }
+
+    /// Returns computed labels associated with the record.
+    ///
+    /// Computed labels are labels that are added by query processing and are not part of the original record.
+    pub fn computed_labels(&self) -> &Labels {
+        &self.computed_labels
+    }
+
+    /// Returns the labels associated with the record.
+    ///
+    /// Computed labels are labels that are added by query processing and are not part of the original record.
+    pub fn computed_labels_mut(&mut self) -> &mut Labels {
+        &mut self.computed_labels
+    }
+
+    /// Returns the length of the record content in bytes.
+    pub fn content_length(&self) -> u64 {
+        self.content_length
+    }
+
+    /// Returns the content type of the record as a MIME type.
+    pub fn content_type(&self) -> &str {
+        &self.content_type
     }
 }
 
 /// Represents a record in the storage engine that can be read as a stream of bytes.
 #[async_trait]
-pub trait ReadRecord: RecordMeta {
+pub trait ReadRecord {
     /// Reads a chunk of the record content.
     ///
     /// # Returns
@@ -55,24 +182,11 @@ pub trait ReadRecord: RecordMeta {
         Handle::current().block_on(self.read())
     }
 
-    /// Returns true if this is the last record in the stream.
-    fn last(&self) -> bool;
-
-    /// Returns computed labels associated with the record.
-    ///
-    /// Computed labels are labels that are added by query processing and are not part of the original record.
-    fn computed_labels(&self) -> &Labels;
-
-    /// Returns the labels associated with the record.
-    ///
-    /// Computed labels are labels that are added by query processing and are not part of the original record.
-    fn computed_labels_mut(&mut self) -> &mut Labels;
-
-    /// Returns the length of the record content in bytes.
-    fn content_length(&self) -> u64;
+    /// Returns meta information about the record.
+    fn meta(&self) -> &RecordMeta;
 
-    /// Returns the content type of the record as a MIME type.
-    fn content_type(&self) -> &str;
+    /// Returns a mutable reference to the meta information about the record.
+    fn meta_mut(&mut self) -> &mut RecordMeta;
 }
 
 #[async_trait]
@@ -94,7 +208,8 @@ pub trait WriteRecord {
 #[cfg(test)]
 pub(crate) mod tests {
     use super::*;
-    use rstest::rstest;
+
+    use rstest::{fixture, rstest};
 
     use tokio::task::spawn_blocking;
 
@@ -102,7 +217,7 @@ pub(crate) mod tests {
     #[tokio::test]
     async fn test_blocking_read() {
         let result = spawn_blocking(move || {
-            let mut record = MockRecord {};
+            let mut record = MockRecord::new();
             record.blocking_read()
         });
         assert_eq!(
@@ -114,7 +229,7 @@ pub(crate) mod tests {
     #[rstest]
     #[tokio::test]
     async fn test_default_read_timeout() {
-        let mut record = MockRecord {};
+        let mut record = MockRecord::new();
         let result = record.read_timeout(Duration::from_secs(1)).await;
         assert_eq!(result.unwrap(), Ok(Bytes::from_static(b"test")));
 
@@ -125,43 +240,86 @@ pub(crate) mod tests {
         );
     }
 
-    pub struct MockRecord {}
+    mod meta {
+        use super::*;
 
-    impl RecordMeta for MockRecord {
-        fn timestamp(&self) -> u64 {
-            todo!()
+        #[rstest]
+        fn test_builder(meta: RecordMeta) {
+            assert_eq!(meta.timestamp(), 1234567890);
+            assert_eq!(meta.state(), 1);
+            assert_eq!(meta.content_type(), "application/json");
+            assert_eq!(meta.content_length(), 1024);
         }
 
-        fn labels(&self) -> &Labels {
-            todo!()
+        #[rstest]
+        fn test_builder_from(meta: RecordMeta) {
+            let builder = RecordMeta::builder_from(meta.clone());
+            let new_meta = builder.build();
+
+            assert_eq!(new_meta.timestamp(), 1234567890);
+            assert_eq!(new_meta.state(), 1);
+            assert_eq!(new_meta.content_type(), "application/json");
+            assert_eq!(new_meta.content_length(), 1024);
         }
-    }
 
-    #[async_trait]
-    impl ReadRecord for MockRecord {
-        async fn read(&mut self) -> ReadChunk {
-            tokio::time::sleep(Duration::from_millis(100)).await;
-            Some(Ok(Bytes::from("test")))
+        #[rstest]
+        fn test_meta_mut() {
+            let mut record = MockRecord::new();
+            let meta_mut = record.meta_mut();
+            meta_mut
+                .labels_mut()
+                .insert("test_key".to_string(), "test_value".to_string());
+            assert_eq!(
+                record.meta().labels().get("test_key"),
+                Some(&"test_value".to_string())
+            );
         }
 
-        fn last(&self) -> bool {
-            todo!()
+        #[fixture]
+        fn meta() -> RecordMeta {
+            RecordMeta::builder()
+                .timestamp(1234567890)
+                .state(1)
+                .labels(Labels::new())
+                .content_type("application/json".to_string())
+                .content_length(1024)
+                .computed_labels(Labels::new())
+                .build()
         }
+    }
+
+    pub struct MockRecord {
+        metadata: RecordMeta,
+    }
 
-        fn computed_labels(&self) -> &Labels {
-            todo!()
+    impl MockRecord {
+        pub fn new() -> Self {
+            Self {
+                metadata: RecordMeta::builder()
+                    .timestamp(0)
+                    .state(0)
+                    .labels(Labels::new())
+                    .content_type("application/octet-stream".to_string())
+                    .content_length(0)
+                    .computed_labels(Labels::new())
+                    .build(),
+            }
         }
+    }
 
-        fn computed_labels_mut(&mut self) -> &mut Labels {
-            todo!()
+    #[async_trait]
+    impl ReadRecord for MockRecord {
+        async fn read(&mut self) -> ReadChunk {
+            tokio::time::sleep(Duration::from_millis(100)).await;
+            Some(Ok(Bytes::from("test")))
         }
 
-        fn content_length(&self) -> u64 {
-            todo!()
+        fn meta(&self) -> &RecordMeta {
+            &self.metadata
         }
 
-        fn content_type(&self) -> &str {
-            todo!()
+        fn meta_mut(&mut self) -> &mut RecordMeta {
+            &mut self.metadata
         }
     }
 }
diff --git a/reduct_macros/Cargo.toml b/reduct_macros/Cargo.toml
index 47dbdca3f..55929c117 100644
--- a/reduct_macros/Cargo.toml
+++ b/reduct_macros/Cargo.toml
@@ -15,5 +15,5 @@ keywords = ["database", "time-series", "blob", "storage", "reductstore"]
 proc-macro = true
 
 [dependencies]
-syn = { version = "2.0.101", features = ["derive"] }
+syn = { version = "2.0.106", features = ["derive"] }
 quote = "1.0.40"
diff --git a/reductstore/Cargo.toml b/reductstore/Cargo.toml
index 53203436e..1fc4885a1 100644
--- a/reductstore/Cargo.toml
+++ b/reductstore/Cargo.toml
@@ -17,8 +17,15 @@ categories = ["database-implementations", "command-line-utilities", "database"]
 include = ["src/**/*", "Cargo.toml", "Cargo.lock", "build.rs", "README.md", "LICENSE"]
 
 [features]
-default = ["web-console"]
+default = ["web-console", "fs-backend"]
 web-console = []
+select-ext = []
+ros-ext = []
+ci = [] # features enables CI-specific tests
+
+
+fs-backend = []
+s3-backend = ["dep:aws-sdk-s3", "dep:aws-config", "dep:aws-credential-types"]
 
 [lib]
 crate-type = ["lib"]
@@ -30,51 +37,59 @@ reduct-base = { path = "../reduct_base", version = "1.15.0", features = ["ext"]
 reduct-macros = { path = "../reduct_macros", version = "1.15.0" }
 
 chrono = { version = "0.4.41", features = ["serde"] }
-zip = "2.6.1"
-tempfile = "3.19.1"
+zip = "4.5.0"
+tempfile = "3.20.0"
 hex = "0.4.3"
-prost = "0.13.1"
-prost-wkt-types = "0.6.1"
-rand = "0.9.1"
+prost-wkt-types = "0.7.0"
+rand = "0.9.2"
 serde = { version = "1.0.219", features = ["derive"] }
-serde_json = "1.0.140"
+serde_json = { version = "1.0.143", features = ["preserve_order"] }
 regex = "1.11.1"
 bytes = "1.10.1"
 axum = { version = "0.8.4", features = ["default", "macros"] }
 axum-extra = { version = "0.10.0", features = ["default", "typed-header"] }
-tokio = { version = "1.44.2", features = ["full"] }
-hyper = { version = "1.6.0", features = ["full"] }
+tokio = { version = "1.47.1", features = ["full"] }
+hyper = { version = "1.7.0", features = ["full"] }
 futures-util = "0.3.31"
 axum-server = { version = "0.7.1", features = ["tls-rustls"] }
 mime_guess = "2.0.5"
 bytesize = "2.0.1"
-async-trait = "0.1.88"
+async-trait = "0.1.89"
 url = { version = "2.5.4", features = ["serde"] }
 jsonwebtoken = "9.3.1"
 base64 = "0.22.1"
 ring = "0.17.12"
 reqwest = { version = "0.12", default-features = false, features = ["json", "rustls-tls", "stream"] }
 async-stream = "0.3.6"
-tower-http = { version = "0.6.2", features = ["cors"] }
+tower-http = { version = "0.6.6", features = ["cors"] }
 crc64fast = "1.1.0"
-rustls = "0.23.26"
+rustls = "0.23.31"
 byteorder = "1.5.0"
 crossbeam-channel = "0.5.15"
-dlopen2="0.7.0"
+dlopen2 = "0.8.0"
 log = "0.4"
+prost = "0.14.1"
+
+
+# optional dependencies for remote backend
+aws-sdk-s3 = { version = "1.103.0", optional = true, features = ["rustls"] }
+aws-config = { version = "1.8.5", optional = true, features = ["rustls"] }
+aws-credential-types = { version = "1.2.5", optional = true, features = ["hardcoded-credentials"]}
 
 [build-dependencies]
-prost-build = "0.13.1"
-reqwest = { version = "0.12.15", default-features = false, features = ["rustls-tls", "blocking"] }
+prost-build = "0.14.1"
+reqwest = { version = "0.12.23", default-features = false, features = ["rustls-tls", "blocking", "json"] }
 chrono = "0.4.41"
+serde_json = "1.0.143"
 
 [dev-dependencies]
 mockall = "0.13.1"
-rstest = "0.25.0"
+rstest = "0.26.1"
 serial_test = "3.2.0"
-test-log = "0.2.17"
-reqwest = { version = "0.12.15", default-features = false, features = ["rustls-tls", "blocking"] }
+test-log = "0.2.18"
+reqwest = { version = "0.12.23", default-features = false, features = ["rustls-tls", "blocking"] }
 assert_matches = "1.5"
+needs_env_var = "1.1.0"
 
 [package.metadata.docs.rs]
 no-default-features = true
diff --git a/reductstore/build.rs b/reductstore/build.rs
index 9239dfda3..88e693b31 100644
--- a/reductstore/build.rs
+++ b/reductstore/build.rs
@@ -1,9 +1,10 @@
 // Copyright 2023-2025 ReductSoftware UG
 // Licensed under the Business Source License 1.1
-extern crate core;
 
-use reqwest::blocking::get;
-use reqwest::StatusCode;
+use reqwest::{
+    blocking::{get, Client},
+    StatusCode, Url,
+};
 use std::path::Path;
 use std::time::SystemTime;
 use std::{env, fs};
@@ -25,7 +26,14 @@ fn main() -> Result<(), Box<dyn std::error::Error>> {
         )
         .expect("Failed to compile protos");
 
-    download_web_console();
+    #[cfg(feature = "web-console")]
+    download_web_console("v1.11.2");
+
+    #[cfg(feature = "select-ext")]
+    download_ext("select-ext", "v0.5.0");
+
+    #[cfg(feature = "ros-ext")]
+    download_ext("ros-ext", "v0.3.0");
 
     // get build time and commit
     let build_time = chrono::DateTime::<chrono::Utc>::from(SystemTime::now())
@@ -42,19 +50,17 @@ fn main() -> Result<(), Box<dyn std::error::Error>> {
     println!("cargo:rustc-env=COMMIT={}", commit);
     Ok(())
 }
-
 #[cfg(feature = "web-console")]
-fn download_web_console() {
-    const WEB_CONSOLE_VERSION: &str = "v1.10.1";
+fn download_web_console(version: &str) {
     let out_dir = env::var("OUT_DIR").unwrap();
-    let console_path = &format!("{}/console-{}.zip", out_dir, WEB_CONSOLE_VERSION);
+    let console_path = &format!("{}/console-{}.zip", out_dir, version);
     if Path::exists(Path::new(console_path)) {
         return;
     }
 
     let mut resp = get(format!(
         "https://github.com/reductstore/web-console/releases/download/{}/web-console.build.zip",
-        WEB_CONSOLE_VERSION
+        version
     ))
     .expect("Failed to download Web Console");
     if resp.status() != StatusCode::OK {
@@ -69,5 +75,40 @@ fn download_web_console() {
     fs::copy(console_path, format!("{}/console.zip", out_dir)).expect("Failed to copy console.zip");
 }
 
-#[cfg(not(feature = "web-console"))]
-fn download_web_console() {}
+#[allow(dead_code)]
+fn download_ext(name: &str, version: &str) {
+    let artifacts_host_url =
+        Url::parse("https://reductsoft.z6.web.core.windows.net/").expect("Failed to parse SAS URL");
+
+    let target = env::var("TARGET").unwrap();
+    let out_dir = env::var("OUT_DIR").unwrap();
+
+    let ext_path = &format!("{}/{}-{}.zip", out_dir.clone(), name, version);
+    if Path::exists(Path::new(ext_path)) {
+        return;
+    }
+
+    println!("Downloading {}...", name);
+    let mut ext_url = artifacts_host_url
+        .join(&format!(
+            "/{}/{}/{}.zip/{}.zip",
+            name, version, target, target
+        ))
+        .expect("Failed to create URL");
+    ext_url.set_query(artifacts_host_url.query());
+
+    let client = Client::builder().user_agent("ReductStore").build().unwrap();
+    let resp = client
+        .get(ext_url)
+        .send()
+        .expect(format!("Failed to download {}.zip", name).as_str());
+    if resp.status() != StatusCode::OK {
+        panic!("Failed to download {}: {}", name, resp.status());
+    }
+
+    println!("Writing {}.zip...", ext_path);
+
+    fs::write(ext_path, resp.bytes().unwrap())
+        .expect(format!("Failed to write {}.zip", name).as_str());
+    fs::copy(ext_path, format!("{}/{}.zip", out_dir, name)).expect("Failed to copy extension");
+}
diff --git a/reductstore/src/api.rs b/reductstore/src/api.rs
index b07117b92..a8a2e657c 100644
--- a/reductstore/src/api.rs
+++ b/reductstore/src/api.rs
@@ -26,6 +26,7 @@ use axum::{middleware::from_fn, Router};
 use bucket::create_bucket_api_routes;
 use entry::create_entry_api_routes;
 use hyper::http::HeaderValue;
+use log::{error, warn};
 use middleware::{default_headers, print_statuses};
 pub use reduct_base::error::ErrorCode;
 use reduct_base::error::ReductError as BaseHttpError;
@@ -84,11 +85,23 @@ impl IntoResponse for HttpError {
         let body = format!("{{\"detail\": \"{}\"}}", converted_quotes);
 
         // its often easiest to implement `IntoResponse` by calling other implementations
-        let mut resp = (StatusCode::from_u16(err.status as u16).unwrap(), body).into_response();
+        let http_code = if (err.status as i16) < 0 {
+            warn!("Invalid status code: {}", err.status);
+            StatusCode::INTERNAL_SERVER_ERROR
+        } else {
+            StatusCode::from_u16(err.status as u16).unwrap_or(StatusCode::INTERNAL_SERVER_ERROR)
+        };
+
+        let err_msg = if let Ok(header_value) = HeaderValue::from_str(&err.message) {
+            header_value
+        } else {
+            error!("Invalid error message: {}", err.message);
+            HeaderValue::from_str("Unparsable message").unwrap()
+        };
+        let mut resp = (http_code, body).into_response();
         resp.headers_mut()
             .insert("content-type", "application/json".parse().unwrap());
-        resp.headers_mut()
-            .insert("x-reduct-error", err.message.parse().unwrap());
+        resp.headers_mut().insert("x-reduct-error", err_msg);
         resp
     }
 }
@@ -159,6 +172,14 @@ fn configure_cors(cors_allow_origin: &Vec<String>) -> CorsLayer {
 
 #[cfg(test)]
 mod tests {
+    use super::*;
+    use crate::asset::asset_manager::create_asset_manager;
+    use crate::auth::token_repository::create_token_repository;
+    use crate::backend::Backend;
+    use crate::cfg::replication::ReplicationConfig;
+    use crate::core::file_cache::FILE_CACHE;
+    use crate::ext::ext_repository::create_ext_repository;
+    use crate::replication::create_replication_repo;
     use axum::body::Body;
     use axum::extract::Path;
     use axum_extra::headers::{Authorization, HeaderMap, HeaderMapExt};
@@ -166,18 +187,11 @@ mod tests {
     use reduct_base::ext::ExtSettings;
     use reduct_base::msg::bucket_api::BucketSettings;
     use reduct_base::msg::replication_api::ReplicationSettings;
+    use reduct_base::msg::server_api::ServerInfo;
     use reduct_base::msg::token_api::Permissions;
     use rstest::fixture;
     use std::collections::HashMap;
 
-    use crate::asset::asset_manager::create_asset_manager;
-    use crate::auth::token_repository::create_token_repository;
-    use crate::cfg::replication::ReplicationConfig;
-    use crate::ext::ext_repository::create_ext_repository;
-    use crate::replication::create_replication_repo;
-
-    use super::*;
-
     mod http_error {
         use super::*;
         use axum::body::to_bytes;
@@ -203,6 +217,25 @@ mod tests {
             assert_eq!(body, Bytes::from(r#"{"detail": "Test error"}"#))
         }
 
+        #[rstest]
+        #[tokio::test]
+        async fn test_no_http_error() {
+            let error = HttpError::new(ErrorCode::Interrupt, "Test error");
+            let resp = error.into_response();
+            assert_eq!(resp.status(), StatusCode::INTERNAL_SERVER_ERROR);
+            assert_eq!(
+                resp.headers().get("content-type").unwrap(),
+                HeaderValue::from_static("application/json")
+            );
+            assert_eq!(
+                resp.headers().get("x-reduct-error").unwrap(),
+                HeaderValue::from_static("Test error")
+            );
+
+            let body: Bytes = to_bytes(resp.into_body(), 1000).await.unwrap();
+            assert_eq!(body, Bytes::from(r#"{"detail": "Test error"}"#))
+        }
+
         #[rstest]
         #[tokio::test]
         async fn test_http_json_format() {
@@ -216,11 +249,31 @@ mod tests {
             let body: Bytes = to_bytes(resp.into_body(), 1000).await.unwrap();
             assert_eq!(body, Bytes::from(r#"{"detail": "Test 'error'"}"#))
         }
+
+        #[rstest]
+        #[tokio::test]
+        async fn test_http_error_unparsable_message() {
+            let error = HttpError::new(
+                ErrorCode::BadRequest,
+                &String::from_utf8_lossy(b"Test \x7f"),
+            );
+            let resp = error.into_response();
+            assert_eq!(
+                resp.headers().get("x-reduct-error").unwrap(),
+                HeaderValue::from_static("Unparsable message")
+            );
+        }
     }
 
     #[fixture]
     pub(crate) async fn components() -> Arc<Components> {
-        let data_path = tempfile::tempdir().unwrap().into_path();
+        let data_path = tempfile::tempdir().unwrap().keep();
+        FILE_CACHE.set_storage_backend(
+            Backend::builder()
+                .local_data_path(data_path.to_str().unwrap())
+                .try_build()
+                .unwrap(),
+        );
 
         let storage = Storage::load(data_path.clone(), None);
         let mut token_repo = create_token_repository(data_path.clone(), "init-token");
@@ -283,8 +336,14 @@ mod tests {
             base_path: "/".to_string(),
             replication_repo: RwLock::new(replication_repo),
             io_settings: IoConfig::default(),
-            ext_repo: create_ext_repository(None, ExtSettings::default())
-                .expect("Failed to create extension repo"),
+            ext_repo: create_ext_repository(
+                None,
+                vec![],
+                ExtSettings::builder()
+                    .server_info(ServerInfo::default())
+                    .build(),
+            )
+            .expect("Failed to create extension repo"),
         };
 
         Arc::new(components)
diff --git a/reductstore/src/api/bucket/create.rs b/reductstore/src/api/bucket/create.rs
index 7794fea88..5c90595cb 100644
--- a/reductstore/src/api/bucket/create.rs
+++ b/reductstore/src/api/bucket/create.rs
@@ -17,7 +17,7 @@ pub(crate) async fn create_bucket(
     headers: HeaderMap,
     settings: BucketSettingsAxum,
 ) -> Result<(), HttpError> {
-    check_permissions(&components, headers, FullAccessPolicy {}).await?;
+    check_permissions(&components, &headers, FullAccessPolicy {}).await?;
     components
         .storage
         .create_bucket(&bucket_name, settings.into())?;
diff --git a/reductstore/src/api/bucket/get.rs b/reductstore/src/api/bucket/get.rs
index 6a2683bf9..c20a548d3 100644
--- a/reductstore/src/api/bucket/get.rs
+++ b/reductstore/src/api/bucket/get.rs
@@ -5,7 +5,7 @@ use crate::api::bucket::FullBucketInfoAxum;
 use crate::api::middleware::check_permissions;
 use crate::api::Components;
 use crate::api::HttpError;
-use crate::auth::policy::AuthenticatedPolicy;
+use crate::auth::policy::ReadAccessPolicy;
 use axum::extract::{Path, State};
 use axum_extra::headers::HeaderMap;
 use std::sync::Arc;
@@ -17,7 +17,14 @@ pub(crate) async fn get_bucket(
     Path(bucket_name): Path<String>,
     headers: HeaderMap,
 ) -> Result<FullBucketInfoAxum, HttpError> {
-    check_permissions(&components, headers, AuthenticatedPolicy {}).await?;
+    check_permissions(
+        &components,
+        &headers,
+        ReadAccessPolicy {
+            bucket: &bucket_name,
+        },
+    )
+    .await?;
     let bucket_info = components.storage.get_bucket(&bucket_name)?.upgrade()?;
     Ok(bucket_info.info()?.into())
 }
@@ -32,7 +39,9 @@ mod tests {
 
     use rstest::rstest;
 
+    use axum::http::HeaderValue;
     use reduct_base::error::ErrorCode;
+    use reduct_base::msg::token_api::Permissions;
     use std::sync::Arc;
 
     #[rstest]
@@ -64,4 +73,36 @@ mod tests {
             HttpError::new(ErrorCode::NotFound, "Bucket 'not-found' is not found")
         )
     }
+
+    #[rstest]
+    #[tokio::test]
+    async fn test_get_bucket_unauthorized(
+        #[future] components: Arc<Components>,
+        mut headers: HeaderMap,
+    ) {
+        let components = components.await;
+        let token = components
+            .token_repo
+            .write()
+            .await
+            .generate_token(
+                "test-token",
+                Permissions {
+                    full_access: false,
+                    read: vec!["bucket-1".to_string()],
+                    write: vec![],
+                },
+            )
+            .unwrap();
+
+        headers.insert(
+            "Authorization",
+            HeaderValue::from_str(&format!("Bearer {}", token.value)).unwrap(),
+        );
+        let err = get_bucket(State(components), Path("bucket-2".to_string()), headers)
+            .await
+            .err()
+            .unwrap();
+        assert_eq!(err.0.status(), ErrorCode::Forbidden);
+    }
 }
diff --git a/reductstore/src/api/bucket/head.rs b/reductstore/src/api/bucket/head.rs
index f967ff368..3b359b11e 100644
--- a/reductstore/src/api/bucket/head.rs
+++ b/reductstore/src/api/bucket/head.rs
@@ -15,7 +15,7 @@ pub(crate) async fn head_bucket(
     Path(bucket_name): Path<String>,
     headers: HeaderMap,
 ) -> Result<(), HttpError> {
-    check_permissions(&components, headers, AuthenticatedPolicy {}).await?;
+    check_permissions(&components, &headers, AuthenticatedPolicy {}).await?;
     components.storage.get_bucket(&bucket_name)?;
     Ok(())
 }
diff --git a/reductstore/src/api/bucket/remove.rs b/reductstore/src/api/bucket/remove.rs
index b267e22db..3f74ccb64 100644
--- a/reductstore/src/api/bucket/remove.rs
+++ b/reductstore/src/api/bucket/remove.rs
@@ -16,7 +16,7 @@ pub(crate) async fn remove_bucket(
     Path(bucket_name): Path<String>,
     headers: HeaderMap,
 ) -> Result<(), HttpError> {
-    check_permissions(&components, headers, FullAccessPolicy {}).await?;
+    check_permissions(&components, &headers, FullAccessPolicy {}).await?;
     components.storage.remove_bucket(&bucket_name).await?;
     components
         .token_repo
diff --git a/reductstore/src/api/bucket/rename.rs b/reductstore/src/api/bucket/rename.rs
index 68d39a358..b0b835bca 100644
--- a/reductstore/src/api/bucket/rename.rs
+++ b/reductstore/src/api/bucket/rename.rs
@@ -17,7 +17,7 @@ pub(crate) async fn rename_bucket(
     headers: HeaderMap,
     request: Json<RenameBucket>,
 ) -> Result<(), HttpError> {
-    check_permissions(&components, headers, FullAccessPolicy {}).await?;
+    check_permissions(&components, &headers, FullAccessPolicy {}).await?;
     components
         .storage
         .rename_bucket(&bucket_name, &request.new_name)
diff --git a/reductstore/src/api/bucket/update.rs b/reductstore/src/api/bucket/update.rs
index d745f8395..97c559725 100644
--- a/reductstore/src/api/bucket/update.rs
+++ b/reductstore/src/api/bucket/update.rs
@@ -16,7 +16,7 @@ pub(crate) async fn update_bucket(
     headers: HeaderMap,
     settings: BucketSettingsAxum,
 ) -> Result<(), HttpError> {
-    check_permissions(&components, headers, FullAccessPolicy {}).await?;
+    check_permissions(&components, &headers, FullAccessPolicy {}).await?;
 
     Ok(components
         .storage
diff --git a/reductstore/src/api/entry/common.rs b/reductstore/src/api/entry/common.rs
index 3a6db291e..7c5ee2f5a 100644
--- a/reductstore/src/api/entry/common.rs
+++ b/reductstore/src/api/entry/common.rs
@@ -9,13 +9,13 @@ use reduct_base::unprocessable_entity;
 use std::collections::HashMap;
 use std::str::FromStr;
 
-pub(super) fn parse_content_length_from_header(headers: &HeaderMap) -> Result<usize, HttpError> {
+pub(super) fn parse_content_length_from_header(headers: &HeaderMap) -> Result<u64, HttpError> {
     let content_size = headers
         .get("content-length")
         .ok_or(unprocessable_entity!("content-length header is required"))?
         .to_str()
         .map_err(|_| unprocessable_entity!("content-length header must be a string",))?
-        .parse::<usize>()
+        .parse::<u64>()
         .map_err(|_| unprocessable_entity!("content-length header must be a number"))?;
     Ok(content_size)
 }
diff --git a/reductstore/src/api/entry/read_batched.rs b/reductstore/src/api/entry/read_batched.rs
index caf739e23..f673d356d 100644
--- a/reductstore/src/api/entry/read_batched.rs
+++ b/reductstore/src/api/entry/read_batched.rs
@@ -20,7 +20,7 @@ use crate::storage::query::QueryRx;
 use futures_util::Future;
 use log::debug;
 use reduct_base::error::ReductError;
-use reduct_base::ext::{BoxedReadRecord, ProcessStatus};
+use reduct_base::ext::BoxedReadRecord;
 use reduct_base::unprocessable_entity;
 use std::collections::HashMap;
 use std::pin::pin;
@@ -44,9 +44,9 @@ pub(crate) async fn read_batched_records(
     let entry_name = path.get("entry_name").unwrap();
     check_permissions(
         &components,
-        headers,
+        &headers,
         ReadAccessPolicy {
-            bucket: bucket_name.clone(),
+            bucket: &bucket_name,
         },
     )
     .await?;
@@ -74,6 +74,38 @@ pub(crate) async fn read_batched_records(
     .await
 }
 
+fn make_batch_header(reader: &BoxedReadRecord) -> (HeaderName, HeaderValue) {
+    let meta = reader.meta();
+    let name = HeaderName::from_str(&format!("x-reduct-time-{}", meta.timestamp())).unwrap();
+    let mut meta_data = vec![
+        meta.content_length().to_string(),
+        meta.content_type().to_string(),
+    ];
+
+    let format_labels = |(k, v): (&String, &String)| {
+        if v.contains(",") {
+            format!("{}=\"{}\"", k, v)
+        } else {
+            format!("{}={}", k, v)
+        }
+    };
+
+    let mut labels: Vec<String> = meta.labels().iter().map(format_labels).collect();
+
+    labels.extend(
+        meta.computed_labels()
+            .iter()
+            .map(|(k, v)| format_labels((&format!("@{}", k), v))),
+    );
+
+    labels.sort();
+
+    meta_data.append(&mut labels);
+    let value: HeaderValue = meta_data.join(",").parse().unwrap();
+
+    (name, value)
+}
+
 async fn fetch_and_response_batched_records(
     bucket: Arc<Bucket>,
     entry_name: &str,
@@ -82,33 +114,6 @@ async fn fetch_and_response_batched_records(
     io_settings: &IoConfig,
     ext_repository: &BoxedManageExtensions,
 ) -> Result<impl IntoResponse, HttpError> {
-    let make_header = |reader: &BoxedReadRecord| {
-        let name = HeaderName::from_str(&format!("x-reduct-time-{}", reader.timestamp())).unwrap();
-        let mut meta_data = vec![
-            reader.content_length().to_string(),
-            reader.content_type().to_string(),
-        ];
-
-        let format_labels = |(k, v): (&String, &String)| {
-            if v.contains(",") {
-                format!("{}=\"{}\"", k, v)
-            } else {
-                format!("{}={}", k, v)
-            }
-        };
-
-        let mut labels: Vec<String> = reader.labels().iter().map(format_labels).collect();
-
-        labels.extend(reader.computed_labels().iter().map(format_labels));
-
-        labels.sort();
-
-        meta_data.append(&mut labels);
-        let value: HeaderValue = meta_data.join(",").parse().unwrap();
-
-        (name, value)
-    };
-
     let mut header_size = 0usize;
     let mut body_size = 0u64;
     let mut headers = HeaderMap::new();
@@ -125,7 +130,7 @@ async fn fetch_and_response_batched_records(
 
     let start_time = std::time::Instant::now();
     loop {
-        let reader = match next_record_reader(
+        let batch_of_readers = match next_record_readers(
             query_id,
             rx.upgrade()?,
             &format!("{}/{}/{}", bucket_name, entry_name, query_id),
@@ -134,44 +139,48 @@ async fn fetch_and_response_batched_records(
         )
         .await
         {
-            ProcessStatus::Ready(value) => value,
-            ProcessStatus::NotReady => continue,
-            ProcessStatus::Stop => break,
+            Some(value) => value,
+            None => continue,
         };
 
-        match reader {
-            Ok(reader) => {
-                {
-                    let (name, value) = make_header(&reader);
-                    header_size += name.as_str().len() + value.to_str().unwrap().len() + 2;
-                    body_size += reader.content_length();
-                    headers.insert(name, value);
-                }
-                readers.push(reader);
-
-                if header_size > io_settings.batch_max_metadata_size
-                    || body_size > io_settings.batch_max_size
-                    || readers.len() > io_settings.batch_max_records
-                    || start_time.elapsed() > io_settings.batch_timeout
-                {
-                    // This is not correct, because we should check sizes before adding the record
-                    // but we can't know the size in advance and after next() we can't go back
-                    break;
+        for reader in batch_of_readers {
+            match reader {
+                Ok(reader) => {
+                    {
+                        let (name, value) = make_batch_header(&reader);
+                        header_size += name.as_str().len() + value.to_str().unwrap().len() + 2;
+                        body_size += reader.meta().content_length();
+                        headers.insert(name, value);
+                    }
+
+                    readers.push(reader);
                 }
-            }
-            Err(err) => {
-                if readers.is_empty() {
-                    return Err(HttpError::from(err));
-                } else {
-                    if err.status() == ErrorCode::NoContent {
-                        last = true;
-                        break;
-                    } else {
+                Err(err) => {
+                    if readers.is_empty() {
                         return Err(HttpError::from(err));
+                    } else {
+                        if err.status() == ErrorCode::NoContent {
+                            last = true;
+                            break;
+                        } else {
+                            return Err(HttpError::from(err));
+                        }
                     }
                 }
             }
-        };
+        }
+
+        if last {
+            break;
+        }
+
+        if header_size > io_settings.batch_max_metadata_size
+            || body_size > io_settings.batch_max_size
+            || readers.len() > io_settings.batch_max_records
+            || start_time.elapsed() > io_settings.batch_timeout
+        {
+            break;
+        }
     }
 
     // TODO: it's workaround
@@ -201,24 +210,24 @@ async fn fetch_and_response_batched_records(
 
 // This function is used to get the next record from the query receiver
 // created for better testing
-async fn next_record_reader(
+async fn next_record_readers(
     query_id: u64,
     rx: Arc<AsyncRwLock<QueryRx>>,
     query_path: &str,
     recv_timeout: Duration,
     ext_repository: &BoxedManageExtensions,
-) -> ProcessStatus {
+) -> Option<Vec<Result<BoxedReadRecord, ReductError>>> {
     // we need to wait for the first record
     if let Ok(result) = timeout(
         recv_timeout,
-        ext_repository.next_processed_record(query_id, rx),
+        ext_repository.fetch_and_process_record(query_id, rx),
     )
     .await
     {
         result
     } else {
         debug!("Timeout while waiting for record from query {}", query_path);
-        ProcessStatus::Stop
+        None
     }
 }
 
@@ -269,20 +278,25 @@ impl Stream for ReadersWrapper {
 #[cfg(test)]
 mod tests {
     use super::*;
-
-    use axum::body::to_bytes;
+    use async_trait::async_trait;
 
     use crate::api::entry::tests::query;
+    use axum::body::to_bytes;
+    use mockall::mock;
 
     use crate::api::tests::{components, headers, path_to_entry_1};
 
     use crate::ext::ext_repository::create_ext_repository;
     use reduct_base::ext::ExtSettings;
+    use reduct_base::io::{ReadRecord, RecordMeta};
+    use reduct_base::msg::server_api::ServerInfo;
+    use reduct_base::Labels;
     use rstest::*;
     use tempfile::tempdir;
+    use test_log::test as test_log;
     use tokio::time::sleep;
 
-    #[rstest]
+    #[test_log(rstest)]
     #[case("GET", "Hey!!!")]
     #[case("HEAD", "")]
     #[tokio::test]
@@ -294,26 +308,25 @@ mod tests {
         #[case] _body: String,
     ) {
         let components = components.await;
-        let entry = components
-            .storage
-            .get_bucket("bucket-1")
-            .unwrap()
-            .upgrade_and_unwrap()
-            .get_entry("entry-1")
-            .unwrap()
-            .upgrade_and_unwrap();
-        for time in 10..100 {
-            let mut writer = entry
-                .begin_write(time, 6, "text/plain".to_string(), HashMap::new())
-                .await
-                .unwrap();
-            writer.send(Ok(Some(Bytes::from("Hey!!!")))).await.unwrap();
-            writer.send(Ok(None)).await.unwrap();
+        {
+            let entry = components
+                .storage
+                .get_bucket("bucket-1")
+                .unwrap()
+                .upgrade_and_unwrap()
+                .get_entry("entry-1")
+                .unwrap()
+                .upgrade_and_unwrap();
+            for time in 10..100 {
+                let mut writer = entry
+                    .begin_write(time, 6, "text/plain".to_string(), HashMap::new())
+                    .await
+                    .unwrap();
+                writer.send(Ok(Some(Bytes::from("Hey!!!")))).await.unwrap();
+                writer.send(Ok(None)).await.unwrap();
+            }
         }
 
-        // let threads finish writing
-        sleep(Duration::from_millis(100)).await;
-
         let query_id = query(&path_to_entry_1, components.clone()).await;
         let query = Query(HashMap::from_iter(vec![(
             "q".to_string(),
@@ -381,10 +394,9 @@ mod tests {
             );
         }
 
+        sleep(Duration::from_millis(200)).await;
         let response = read_batched_records!();
         let resp_headers = response.headers();
-        println!("{:?}", resp_headers);
-
         assert_eq!(
             resp_headers["x-reduct-error"],
             format!("Query {} not found and it might have expired. Check TTL in your query request. Default value 60 sec.", query_id)
@@ -443,21 +455,19 @@ mod tests {
             let (_tx, rx) = tokio::sync::mpsc::channel(1);
             let rx = Arc::new(AsyncRwLock::new(rx));
             assert!(
-                matches!(
-                    timeout(
-                        Duration::from_secs(1),
-                        next_record_reader(
-                            1,
-                            rx.clone(),
-                            "",
-                            Duration::from_millis(10),
-                            &ext_repository
-                        )
+                timeout(
+                    Duration::from_secs(1),
+                    next_record_readers(
+                        1,
+                        rx.clone(),
+                        "",
+                        Duration::from_millis(10),
+                        &ext_repository
                     )
-                    .await
-                    .unwrap(),
-                    ProcessStatus::Stop,
-                ),
+                )
+                .await
+                .unwrap()
+                .is_none(),
                 "should return None if the query is closed"
             );
         }
@@ -468,30 +478,59 @@ mod tests {
             let (tx, rx) = tokio::sync::mpsc::channel(1);
             let rx = Arc::new(AsyncRwLock::new(rx));
             drop(tx);
-            assert!(
-                matches!(
-                    timeout(
-                        Duration::from_secs(1),
-                        next_record_reader(
-                            1,
-                            rx.clone(),
-                            "",
-                            Duration::from_millis(0),
-                            &ext_repository
-                        )
+            assert_eq!(
+                timeout(
+                    Duration::from_secs(1),
+                    next_record_readers(
+                        1,
+                        rx.clone(),
+                        "",
+                        Duration::from_millis(0),
+                        &ext_repository
                     )
-                    .await
-                    .unwrap(),
-                    ProcessStatus::Stop
-                ),
+                )
+                .await
+                .unwrap()
+                .unwrap()[0]
+                    .as_ref()
+                    .err()
+                    .unwrap()
+                    .status(),
+                ErrorCode::NoContent,
                 "should return None if the query is closed"
             );
         }
     }
 
+    #[rstest]
+    fn test_batch_compute_labels() {
+        let mut record = MockRecord::new();
+        let meta = RecordMeta::builder()
+            .timestamp(1000u64)
+            .labels(Labels::from_iter(vec![("a".to_string(), "b".to_string())]))
+            .computed_labels(Labels::from_iter(vec![("x".to_string(), "y".to_string())]))
+            .content_length(100u64)
+            .content_type("text/plain".to_string())
+            .build();
+        record.expect_meta().return_const(meta);
+
+        let record: BoxedReadRecord = Box::new(record);
+
+        let (name, value) = make_batch_header(&record);
+        assert_eq!(name, HeaderName::from_static("x-reduct-time-1000"));
+        assert_eq!(value.to_str().unwrap(), "100,text/plain,@x=y,a=b");
+    }
+
     #[fixture]
     fn ext_repository() -> BoxedManageExtensions {
-        create_ext_repository(Some(tempdir().unwrap().into_path()), ExtSettings::default()).unwrap()
+        create_ext_repository(
+            Some(tempdir().unwrap().keep()),
+            vec![],
+            ExtSettings::builder()
+                .server_info(ServerInfo::default())
+                .build(),
+        )
+        .unwrap()
     }
 
     mod stream_wrapper {
@@ -506,4 +545,17 @@ mod tests {
             assert_eq!(wrapper.size_hint(), (0, None));
         }
     }
+
+    mock! {
+        Record {}
+
+        #[async_trait]
+        impl ReadRecord for Record {
+            async fn read(&mut self) -> Option<Result<Bytes, ReductError>>;
+
+          fn meta(&self) -> &RecordMeta;
+
+          fn meta_mut(&mut self) -> &mut RecordMeta;
+        }
+    }
 }
diff --git a/reductstore/src/api/entry/read_query.rs b/reductstore/src/api/entry/read_query.rs
index e565dd5fc..8bb57c722 100644
--- a/reductstore/src/api/entry/read_query.rs
+++ b/reductstore/src/api/entry/read_query.rs
@@ -25,9 +25,9 @@ pub(crate) async fn read_query(
 
     check_permissions(
         &components,
-        headers,
+        &headers,
         ReadAccessPolicy {
-            bucket: bucket_name.clone(),
+            bucket: &bucket_name,
         },
     )
     .await?;
@@ -44,7 +44,7 @@ mod tests {
     use super::*;
     use crate::api::tests::{components, headers, path_to_entry_1};
     use reduct_base::error::ErrorCode;
-    use reduct_base::io::ReadRecord;
+
     use rstest::*;
 
     #[rstest]
@@ -84,7 +84,7 @@ mod tests {
             .upgrade()
             .unwrap();
         let mut rx = rx.write().await;
-        assert!(rx.recv().await.unwrap().unwrap().last());
+        assert!(rx.recv().await.unwrap().is_ok());
 
         assert_eq!(
             rx.recv().await.unwrap().err().unwrap().status,
diff --git a/reductstore/src/api/entry/read_query_post.rs b/reductstore/src/api/entry/read_query_post.rs
index 425394f95..9627b1c6d 100644
--- a/reductstore/src/api/entry/read_query_post.rs
+++ b/reductstore/src/api/entry/read_query_post.rs
@@ -24,9 +24,9 @@ pub(crate) async fn read_query_json(
 
     check_permissions(
         &components,
-        headers,
+        &headers,
         ReadAccessPolicy {
-            bucket: bucket_name.clone(),
+            bucket: &bucket_name,
         },
     )
     .await?;
@@ -50,7 +50,7 @@ mod tests {
     use crate::core::weak::Weak;
     use crate::storage::query::QueryRx;
     use reduct_base::error::{ErrorCode, ReductError};
-    use reduct_base::io::ReadRecord;
+
     use reduct_base::msg::entry_api::QueryType;
     use rstest::*;
     use serde_json::json;
@@ -76,7 +76,7 @@ mod tests {
             .upgrade()
             .unwrap();
         let mut rx = rx.write().await;
-        assert!(rx.recv().await.unwrap().unwrap().last());
+        assert!(rx.recv().await.unwrap().is_ok());
         assert_eq!(
             rx.recv().await.unwrap().err().unwrap().status,
             ErrorCode::NoContent
diff --git a/reductstore/src/api/entry/read_single.rs b/reductstore/src/api/entry/read_single.rs
index 0328bb94a..9309e363c 100644
--- a/reductstore/src/api/entry/read_single.rs
+++ b/reductstore/src/api/entry/read_single.rs
@@ -22,9 +22,8 @@ use crate::storage::query::QueryRx;
 use futures_util::Future;
 use hyper::http::HeaderValue;
 use reduct_base::bad_request;
-use reduct_base::io::{ReadRecord, RecordMeta};
+use reduct_base::io::ReadRecord;
 use std::collections::HashMap;
-use std::i64;
 use std::pin::{pin, Pin};
 use std::sync::Arc;
 use std::task::{Context, Poll};
@@ -42,9 +41,9 @@ pub(crate) async fn read_record(
     let entry_name = path.get("entry_name").unwrap();
     check_permissions(
         &components,
-        headers,
+        &headers,
         ReadAccessPolicy {
-            bucket: bucket_name.clone(),
+            bucket: &bucket_name,
         },
     )
     .await?;
@@ -70,7 +69,8 @@ async fn fetch_and_response_single_record(
     let make_headers = |record_reader: &RecordReader| {
         let mut headers = HeaderMap::new();
 
-        for (k, v) in record_reader.labels() {
+        let meta = record_reader.meta();
+        for (k, v) in meta.labels() {
             headers.insert(
                 format!("x-reduct-label-{}", k)
                     .parse::<HeaderName>()
@@ -81,20 +81,10 @@ async fn fetch_and_response_single_record(
 
         headers.insert(
             "content-type",
-            HeaderValue::from_str(record_reader.content_type()).unwrap(),
-        );
-        headers.insert(
-            "content-length",
-            HeaderValue::from(record_reader.content_length()),
-        );
-        headers.insert(
-            "x-reduct-time",
-            HeaderValue::from(record_reader.timestamp()),
-        );
-        headers.insert(
-            "x-reduct-last",
-            HeaderValue::from(i64::from(record_reader.last())),
+            HeaderValue::from_str(meta.content_type()).unwrap(),
         );
+        headers.insert("content-length", HeaderValue::from(meta.content_length()));
+        headers.insert("x-reduct-time", HeaderValue::from(meta.timestamp()));
         headers
     };
 
@@ -395,7 +385,6 @@ mod tests {
                         labels: vec![],
                         content_type: "".to_string(),
                     },
-                    false,
                 ),
                 empty_body: false,
             };
diff --git a/reductstore/src/api/entry/remove_batched.rs b/reductstore/src/api/entry/remove_batched.rs
index ff1856c73..d8ad85735 100644
--- a/reductstore/src/api/entry/remove_batched.rs
+++ b/reductstore/src/api/entry/remove_batched.rs
@@ -25,9 +25,9 @@ pub(crate) async fn remove_batched_records(
     let bucket_name = path.get("bucket_name").unwrap();
     check_permissions(
         &components,
-        headers.clone(),
+        &headers,
         WriteAccessPolicy {
-            bucket: bucket_name.clone(),
+            bucket: bucket_name,
         },
     )
     .await?;
diff --git a/reductstore/src/api/entry/remove_entry.rs b/reductstore/src/api/entry/remove_entry.rs
index 7ad1bb754..3d13bd45e 100644
--- a/reductstore/src/api/entry/remove_entry.rs
+++ b/reductstore/src/api/entry/remove_entry.rs
@@ -22,9 +22,9 @@ pub(crate) async fn remove_entry(
 
     check_permissions(
         &components,
-        headers,
+        &headers,
         WriteAccessPolicy {
-            bucket: bucket_name.clone(),
+            bucket: bucket_name,
         },
     )
     .await?;
diff --git a/reductstore/src/api/entry/remove_query.rs b/reductstore/src/api/entry/remove_query.rs
index 5956b2590..79ec2a821 100644
--- a/reductstore/src/api/entry/remove_query.rs
+++ b/reductstore/src/api/entry/remove_query.rs
@@ -27,9 +27,9 @@ pub(crate) async fn remove_query(
 
     check_permissions(
         &components,
-        headers,
+        &headers,
         WriteAccessPolicy {
-            bucket: bucket_name.clone(),
+            bucket: bucket_name,
         },
     )
     .await?;
diff --git a/reductstore/src/api/entry/remove_query_post.rs b/reductstore/src/api/entry/remove_query_post.rs
index 97409cbb1..3e5496cd6 100644
--- a/reductstore/src/api/entry/remove_query_post.rs
+++ b/reductstore/src/api/entry/remove_query_post.rs
@@ -32,9 +32,9 @@ pub(crate) async fn remove_query_json(
 
     check_permissions(
         &components,
-        headers,
+        &headers,
         WriteAccessPolicy {
-            bucket: bucket_name.clone(),
+            bucket: bucket_name,
         },
     )
     .await?;
diff --git a/reductstore/src/api/entry/remove_single.rs b/reductstore/src/api/entry/remove_single.rs
index a4655fb21..def09893a 100644
--- a/reductstore/src/api/entry/remove_single.rs
+++ b/reductstore/src/api/entry/remove_single.rs
@@ -20,14 +20,7 @@ pub(crate) async fn remove_record(
     Query(params): Query<HashMap<String, String>>,
 ) -> Result<(), HttpError> {
     let bucket = path.get("bucket_name").unwrap();
-    check_permissions(
-        &components,
-        headers.clone(),
-        WriteAccessPolicy {
-            bucket: bucket.clone(),
-        },
-    )
-    .await?;
+    check_permissions(&components, &headers, WriteAccessPolicy { bucket }).await?;
 
     let ts = parse_timestamp_from_query(&params)?;
     let entry_name = path.get("entry_name").unwrap();
diff --git a/reductstore/src/api/entry/rename_entry.rs b/reductstore/src/api/entry/rename_entry.rs
index 7274fe76a..2f2dbb63a 100644
--- a/reductstore/src/api/entry/rename_entry.rs
+++ b/reductstore/src/api/entry/rename_entry.rs
@@ -23,9 +23,9 @@ pub(crate) async fn rename_entry(
 
     check_permissions(
         &components,
-        headers,
+        &headers,
         WriteAccessPolicy {
-            bucket: bucket_name.clone(),
+            bucket: bucket_name,
         },
     )
     .await?;
diff --git a/reductstore/src/api/entry/update_batched.rs b/reductstore/src/api/entry/update_batched.rs
index 0b651a61c..c324e9920 100644
--- a/reductstore/src/api/entry/update_batched.rs
+++ b/reductstore/src/api/entry/update_batched.rs
@@ -9,6 +9,7 @@ use axum::extract::{Path, State};
 use axum_extra::headers::HeaderMap;
 
 use reduct_base::batch::{parse_batched_header, sort_headers_by_time};
+use reduct_base::io::RecordMeta;
 use reduct_base::Labels;
 
 use crate::api::entry::common::err_to_batched_header;
@@ -29,9 +30,9 @@ pub(crate) async fn update_batched_records(
     let bucket_name = path.get("bucket_name").unwrap();
     check_permissions(
         &components,
-        headers.clone(),
+        &headers,
         WriteAccessPolicy {
-            bucket: bucket_name.clone(),
+            bucket: bucket_name,
         },
     )
     .await?;
@@ -81,7 +82,10 @@ pub(crate) async fn update_batched_records(
                 replication_repo.notify(TransactionNotification {
                     bucket: bucket_name.clone(),
                     entry: entry_name.clone(),
-                    labels: new_labels,
+                    meta: RecordMeta::builder()
+                        .timestamp(time)
+                        .labels(new_labels)
+                        .build(),
                     event: Transaction::UpdateRecord(time),
                 })?;
             }
@@ -100,7 +104,7 @@ mod tests {
     use axum::response::IntoResponse;
     use axum_extra::headers::HeaderValue;
     use bytes::Bytes;
-    use reduct_base::io::RecordMeta;
+    use reduct_base::io::ReadRecord;
     use rstest::rstest;
 
     #[rstest]
@@ -192,9 +196,9 @@ mod tests {
                 .begin_read(0)
                 .await
                 .unwrap();
-            assert_eq!(reader.labels().len(), 2);
-            assert_eq!(&reader.labels()["x"], "z");
-            assert_eq!(&reader.labels()["1"], "2");
+            assert_eq!(reader.meta().labels().len(), 2);
+            assert_eq!(&reader.meta().labels()["x"], "z");
+            assert_eq!(&reader.meta().labels()["1"], "2");
         }
 
         assert_eq!(err_map.len(), 0);
diff --git a/reductstore/src/api/entry/update_single.rs b/reductstore/src/api/entry/update_single.rs
index 929fdd58f..63347607f 100644
--- a/reductstore/src/api/entry/update_single.rs
+++ b/reductstore/src/api/entry/update_single.rs
@@ -7,7 +7,7 @@ use std::sync::Arc;
 use axum::body::Body;
 use axum::extract::{Path, Query, State};
 use axum_extra::headers::HeaderMap;
-
+use reduct_base::io::RecordMeta;
 use reduct_base::Labels;
 
 use crate::api::entry::common::parse_timestamp_from_query;
@@ -26,14 +26,7 @@ pub(crate) async fn update_record(
     _: Body,
 ) -> Result<(), HttpError> {
     let bucket = path.get("bucket_name").unwrap();
-    check_permissions(
-        &components,
-        headers.clone(),
-        WriteAccessPolicy {
-            bucket: bucket.clone(),
-        },
-    )
-    .await?;
+    check_permissions(&components, &headers, WriteAccessPolicy { bucket }).await?;
 
     let ts = parse_timestamp_from_query(&params)?;
 
@@ -81,7 +74,10 @@ pub(crate) async fn update_record(
         .notify(TransactionNotification {
             bucket: bucket.clone(),
             entry: entry_name.clone(),
-            labels: batched_result.get(&ts).unwrap().clone()?,
+            meta: RecordMeta::builder()
+                .timestamp(ts)
+                .labels(batched_result.get(&ts).unwrap().clone()?.clone())
+                .build(),
             event: Transaction::UpdateRecord(ts),
         })?;
 
@@ -93,7 +89,7 @@ mod tests {
     use crate::api::tests::{components, empty_body, path_to_entry_1};
 
     use axum_extra::headers::{Authorization, HeaderMapExt};
-    use reduct_base::io::RecordMeta;
+    use reduct_base::io::ReadRecord;
     use rstest::*;
 
     use super::*;
@@ -133,9 +129,9 @@ mod tests {
             .await
             .unwrap();
 
-        assert_eq!(record.labels().len(), 2);
-        assert_eq!(&record.labels()["x"], "z",);
-        assert_eq!(&record.labels()["1"], "2",);
+        assert_eq!(record.meta().labels().len(), 2);
+        assert_eq!(&record.meta().labels()["x"], "z",);
+        assert_eq!(&record.meta().labels()["1"], "2",);
 
         let info = components
             .replication_repo
diff --git a/reductstore/src/api/entry/write_batched.rs b/reductstore/src/api/entry/write_batched.rs
index bd217b904..df1b46e5e 100644
--- a/reductstore/src/api/entry/write_batched.rs
+++ b/reductstore/src/api/entry/write_batched.rs
@@ -19,7 +19,7 @@ use crate::storage::storage::IO_OPERATION_TIMEOUT;
 use log::{debug, error};
 use reduct_base::batch::{parse_batched_header, sort_headers_by_time, RecordHeader};
 use reduct_base::error::ReductError;
-use reduct_base::io::WriteRecord;
+use reduct_base::io::{RecordMeta, WriteRecord};
 use reduct_base::{bad_request, internal_server_error, unprocessable_entity};
 use std::collections::{BTreeMap, HashMap};
 use std::sync::Arc;
@@ -42,12 +42,12 @@ pub(crate) async fn write_batched_records(
     Path(path): Path<HashMap<String, String>>,
     body: Body,
 ) -> Result<impl IntoResponse, HttpError> {
-    let bucket_name = path.get("bucket_name").unwrap().clone();
+    let bucket_name = path.get("bucket_name").unwrap();
     check_permissions(
         &components,
-        headers.clone(),
+        &headers,
         WriteAccessPolicy {
-            bucket: bucket_name.clone(),
+            bucket: bucket_name,
         },
     )
     .await?;
@@ -107,7 +107,10 @@ pub(crate) async fn write_batched_records(
                             TransactionNotification {
                                 bucket: bucket_name.clone(),
                                 entry: entry_name.clone(),
-                                labels: ctx.header.labels.clone(),
+                                meta: RecordMeta::builder()
+                                    .timestamp(ctx.time)
+                                    .labels(ctx.header.labels.clone())
+                                    .build(),
                                 event: Transaction::WriteRecord(ctx.time),
                             },
                         )?;
@@ -196,15 +199,15 @@ async fn write_chunk(
     writer: &mut Box<dyn WriteRecord + Sync + Send>,
     chunk: Bytes,
     written: &mut usize,
-    content_size: usize,
+    content_size: u64,
 ) -> Result<Option<Bytes>, ReductError> {
-    let to_write = content_size - *written;
+    let to_write = content_size - *written as u64;
     *written += chunk.len();
-    let (chunk, rest) = if chunk.len() < to_write {
+    let (chunk, rest) = if (chunk.len() as u64) < to_write {
         (chunk, None)
     } else {
-        let chuck_to_write = chunk.slice(0..to_write);
-        (chuck_to_write, Some(chunk.slice(to_write..)))
+        let chuck_to_write = chunk.slice(0..to_write as usize);
+        (chuck_to_write, Some(chunk.slice(to_write as usize..)))
     };
 
     writer
@@ -217,7 +220,7 @@ fn check_content_length(
     headers: &HeaderMap,
     timed_headers: &Vec<(u64, RecordHeader)>,
 ) -> Result<(), ReductError> {
-    let total_content_length: usize = timed_headers
+    let total_content_length: u64 = timed_headers
         .iter()
         .map(|(_, header)| header.content_length)
         .sum();
@@ -228,7 +231,7 @@ fn check_content_length(
             .ok_or(unprocessable_entity!("content-length header is required",))?
             .to_str()
             .unwrap()
-            .parse::<usize>()
+            .parse::<u64>()
             .map_err(|_| unprocessable_entity!("Invalid content-length header"))?
     {
         return Err(unprocessable_entity!(
@@ -277,7 +280,7 @@ mod tests {
 
     use axum_extra::headers::HeaderValue;
     use reduct_base::error::ErrorCode;
-    use reduct_base::io::{ReadRecord, RecordMeta};
+    use reduct_base::io::ReadRecord;
     use rstest::{fixture, rstest};
 
     #[rstest]
@@ -379,9 +382,9 @@ mod tests {
                 .begin_read(1)
                 .await
                 .unwrap();
-            assert_eq!(&reader.labels()["a"], "b");
-            assert_eq!(reader.content_type(), "text/plain");
-            assert_eq!(reader.content_length(), 10);
+            assert_eq!(&reader.meta().labels()["a"], "b");
+            assert_eq!(reader.meta().content_type(), "text/plain");
+            assert_eq!(reader.meta().content_length(), 10);
             assert_eq!(reader.read().await.unwrap(), Ok(Bytes::from("1234567890")));
         }
         {
@@ -392,9 +395,9 @@ mod tests {
                 .begin_read(2)
                 .await
                 .unwrap();
-            assert_eq!(&reader.labels()["c"], "d,f");
-            assert_eq!(reader.content_type(), "text/plain");
-            assert_eq!(reader.content_length(), 20);
+            assert_eq!(&reader.meta().labels()["c"], "d,f");
+            assert_eq!(reader.meta().content_type(), "text/plain");
+            assert_eq!(reader.meta().content_length(), 20);
             assert_eq!(
                 reader.read().await.unwrap(),
                 Ok(Bytes::from("abcdef1234567890abcd"))
@@ -408,9 +411,9 @@ mod tests {
                 .begin_read(10)
                 .await
                 .unwrap();
-            assert!(reader.labels().is_empty());
-            assert_eq!(reader.content_type(), "text/plain");
-            assert_eq!(reader.content_length(), 18);
+            assert!(reader.meta().labels().is_empty());
+            assert_eq!(reader.meta().content_type(), "text/plain");
+            assert_eq!(reader.meta().content_length(), 18);
             assert_eq!(
                 reader.read().await.unwrap(),
                 Ok(Bytes::from("ef1234567890abcdef"))
@@ -482,12 +485,12 @@ mod tests {
             .upgrade_and_unwrap();
         {
             let mut reader = bucket.begin_read("entry-1", 1).await.unwrap();
-            assert_eq!(reader.content_length(), 10);
+            assert_eq!(reader.meta().content_length(), 10);
             assert_eq!(reader.read().await.unwrap(), Ok(Bytes::from("1234567890")));
         }
         {
             let mut reader = bucket.begin_read("entry-1", 3).await.unwrap();
-            assert_eq!(reader.content_length(), 18);
+            assert_eq!(reader.meta().content_length(), 18);
             assert_eq!(
                 reader.read().await.unwrap(),
                 Ok(Bytes::from("ef1234567890abcdef"))
diff --git a/reductstore/src/api/entry/write_single.rs b/reductstore/src/api/entry/write_single.rs
index 46326d90c..cf28438ca 100644
--- a/reductstore/src/api/entry/write_single.rs
+++ b/reductstore/src/api/entry/write_single.rs
@@ -2,7 +2,7 @@
 // Licensed under the Business Source License 1.1
 
 use crate::api::middleware::check_permissions;
-use crate::api::{Components, ErrorCode, HttpError};
+use crate::api::{Components, HttpError};
 use crate::auth::policy::WriteAccessPolicy;
 use axum::body::Body;
 use axum::extract::{Path, Query, State};
@@ -15,7 +15,8 @@ use crate::storage::storage::IO_OPERATION_TIMEOUT;
 use futures_util::StreamExt;
 use log::{debug, error};
 use reduct_base::error::ReductError;
-use reduct_base::{bad_request, Labels};
+use reduct_base::io::RecordMeta;
+use reduct_base::{bad_request, unprocessable_entity, Labels};
 use std::collections::HashMap;
 use std::sync::Arc;
 use tokio::time::timeout;
@@ -29,14 +30,7 @@ pub(crate) async fn write_record(
     body: Body,
 ) -> Result<(), HttpError> {
     let bucket = path.get("bucket_name").unwrap();
-    check_permissions(
-        &components,
-        headers.clone(),
-        WriteAccessPolicy {
-            bucket: bucket.clone(),
-        },
-    )
-    .await?;
+    check_permissions(&components, &headers.clone(), WriteAccessPolicy { bucket }).await?;
 
     let mut stream = body.into_data_stream();
 
@@ -55,10 +49,11 @@ pub(crate) async fn write_record(
                 let value = match v.to_str() {
                     Ok(value) => value.to_string(),
                     Err(_) => {
-                        return Err(HttpError::new(
-                            ErrorCode::UnprocessableEntity,
-                            &format!("Label values for {} must be valid UTF-8 strings", k),
-                        ));
+                        return Err(unprocessable_entity!(
+                            "Label values for {} must be valid UTF-8 strings",
+                            k
+                        )
+                        .into());
                     }
                 };
                 labels.insert(key, value);
@@ -116,7 +111,7 @@ pub(crate) async fn write_record(
                 .notify(TransactionNotification {
                     bucket: bucket.clone(),
                     entry: path.get("entry_name").unwrap().to_string(),
-                    labels,
+                    meta: RecordMeta::builder().timestamp(ts).labels(labels).build(),
                     event: WriteRecord(ts),
                 })?;
             Ok(())
@@ -140,7 +135,8 @@ mod tests {
     use crate::api::tests::{components, empty_body, path_to_entry_1};
 
     use axum_extra::headers::{Authorization, HeaderMapExt};
-    use reduct_base::io::RecordMeta;
+    use reduct_base::io::ReadRecord;
+    use reduct_base::not_found;
     use rstest::*;
 
     #[rstest]
@@ -174,7 +170,7 @@ mod tests {
             .await
             .unwrap();
 
-        assert_eq!(&record.labels()["x"], "y");
+        assert_eq!(&record.meta().labels()["x"], "y");
 
         let info = components
             .replication_repo
@@ -211,10 +207,7 @@ mod tests {
         .err()
         .unwrap();
 
-        assert_eq!(
-            err,
-            HttpError::new(ErrorCode::NotFound, "Bucket 'XXX' is not found")
-        );
+        assert_eq!(err, not_found!("Bucket 'XXX' is not found").into());
     }
 
     #[rstest]
@@ -242,10 +235,7 @@ mod tests {
 
         assert_eq!(
             err,
-            HttpError::new(
-                ErrorCode::UnprocessableEntity,
-                "'ts' must be an unix timestamp in microseconds",
-            )
+            unprocessable_entity!("'ts' must be an unix timestamp in microseconds").into()
         );
     }
 
diff --git a/reductstore/src/api/middleware.rs b/reductstore/src/api/middleware.rs
index 36e80eb8b..742d03354 100644
--- a/reductstore/src/api/middleware.rs
+++ b/reductstore/src/api/middleware.rs
@@ -63,7 +63,7 @@ pub async fn print_statuses(
 
 pub(crate) async fn check_permissions<P>(
     components: &Components,
-    headers: HeaderMap,
+    headers: &HeaderMap,
     policy: P,
 ) -> Result<(), HttpError>
 where
diff --git a/reductstore/src/api/replication/create.rs b/reductstore/src/api/replication/create.rs
index 49ad4a71d..62daa6ab4 100644
--- a/reductstore/src/api/replication/create.rs
+++ b/reductstore/src/api/replication/create.rs
@@ -16,7 +16,7 @@ pub(crate) async fn create_replication(
     headers: HeaderMap,
     settings: ReplicationSettingsAxum,
 ) -> Result<(), HttpError> {
-    check_permissions(&components, headers, FullAccessPolicy {}).await?;
+    check_permissions(&components, &headers, FullAccessPolicy {}).await?;
 
     components
         .replication_repo
diff --git a/reductstore/src/api/replication/get.rs b/reductstore/src/api/replication/get.rs
index 4368e96e5..6f8756f73 100644
--- a/reductstore/src/api/replication/get.rs
+++ b/reductstore/src/api/replication/get.rs
@@ -15,7 +15,7 @@ pub(crate) async fn get_replication(
     Path(replication_name): Path<String>,
     headers: HeaderMap,
 ) -> Result<ReplicationFullInfoAxum, HttpError> {
-    check_permissions(&components, headers, FullAccessPolicy {}).await?;
+    check_permissions(&components, &headers, FullAccessPolicy {}).await?;
 
     let info = components
         .replication_repo
diff --git a/reductstore/src/api/replication/list.rs b/reductstore/src/api/replication/list.rs
index 005a38d5f..6f7c70966 100644
--- a/reductstore/src/api/replication/list.rs
+++ b/reductstore/src/api/replication/list.rs
@@ -16,7 +16,7 @@ pub(crate) async fn list_replications(
     State(components): State<Arc<Components>>,
     headers: HeaderMap,
 ) -> Result<ReplicationListAxum, HttpError> {
-    check_permissions(&components, headers, FullAccessPolicy {}).await?;
+    check_permissions(&components, &headers, FullAccessPolicy {}).await?;
 
     let mut list = ReplicationListAxum::default();
 
diff --git a/reductstore/src/api/replication/remove.rs b/reductstore/src/api/replication/remove.rs
index 8cc801675..29177b65a 100644
--- a/reductstore/src/api/replication/remove.rs
+++ b/reductstore/src/api/replication/remove.rs
@@ -15,7 +15,7 @@ pub(crate) async fn remove_replication(
     Path(replication_name): Path<String>,
     headers: HeaderMap,
 ) -> Result<(), HttpError> {
-    check_permissions(&components, headers, FullAccessPolicy {}).await?;
+    check_permissions(&components, &headers, FullAccessPolicy {}).await?;
 
     components
         .replication_repo
diff --git a/reductstore/src/api/replication/update.rs b/reductstore/src/api/replication/update.rs
index e91f9d3ab..ce4f46e8d 100644
--- a/reductstore/src/api/replication/update.rs
+++ b/reductstore/src/api/replication/update.rs
@@ -16,7 +16,7 @@ pub(crate) async fn update_replication(
     headers: HeaderMap,
     settings: ReplicationSettingsAxum,
 ) -> Result<(), HttpError> {
-    check_permissions(&components, headers, FullAccessPolicy {}).await?;
+    check_permissions(&components, &headers, FullAccessPolicy {}).await?;
 
     components
         .replication_repo
diff --git a/reductstore/src/api/server/info.rs b/reductstore/src/api/server/info.rs
index 7d247ce4a..65da9a94b 100644
--- a/reductstore/src/api/server/info.rs
+++ b/reductstore/src/api/server/info.rs
@@ -15,7 +15,7 @@ pub(crate) async fn info(
     State(components): State<Arc<Components>>,
     headers: HeaderMap,
 ) -> Result<ServerInfoAxum, HttpError> {
-    check_permissions(&components, headers, AuthenticatedPolicy {}).await?;
+    check_permissions(&components, &headers, AuthenticatedPolicy {}).await?;
 
     Ok(components.storage.info()?.into())
 }
diff --git a/reductstore/src/api/server/list.rs b/reductstore/src/api/server/list.rs
index 4e33e441d..23c08737e 100644
--- a/reductstore/src/api/server/list.rs
+++ b/reductstore/src/api/server/list.rs
@@ -1,12 +1,13 @@
-// Copyright 2023-2024 ReductSoftware UG
+// Copyright 2023-2025 ReductSoftware UG
 // Licensed under the Business Source License 1.1
 
 use crate::api::middleware::check_permissions;
 use crate::api::server::BucketInfoListAxum;
 use crate::api::{Components, HttpError};
-use crate::auth::policy::AuthenticatedPolicy;
+use crate::auth::policy::{AuthenticatedPolicy, ReadAccessPolicy};
 use axum::extract::State;
 use axum_extra::headers::HeaderMap;
+use reduct_base::msg::server_api::BucketInfoList;
 use std::sync::Arc;
 
 // GET /list
@@ -14,16 +15,38 @@ pub(crate) async fn list(
     State(components): State<Arc<Components>>,
     headers: HeaderMap,
 ) -> Result<BucketInfoListAxum, HttpError> {
-    check_permissions(&components, headers, AuthenticatedPolicy {}).await?;
+    check_permissions(&components, &headers, AuthenticatedPolicy {}).await?;
 
-    let list = components.storage.get_bucket_list()?;
-    Ok(list.into())
+    let mut filtered_by_read_permission = vec![];
+
+    for bucket in components.storage.get_bucket_list()?.buckets {
+        // Filter out buckets that are not visible to the user
+        if check_permissions(
+            &components,
+            &headers,
+            ReadAccessPolicy {
+                bucket: &bucket.name,
+            },
+        )
+        .await
+        .is_ok()
+        {
+            filtered_by_read_permission.push(bucket);
+        }
+    }
+
+    Ok(BucketInfoList {
+        buckets: filtered_by_read_permission,
+    }
+    .into())
 }
 
 #[cfg(test)]
 mod tests {
     use super::*;
     use crate::api::tests::{components, headers};
+    use axum::http::HeaderValue;
+    use reduct_base::msg::token_api::Permissions;
     use rstest::rstest;
 
     #[rstest]
@@ -32,4 +55,30 @@ mod tests {
         let list = list(State(components.await), headers).await.unwrap();
         assert_eq!(list.0.buckets.len(), 2);
     }
+
+    #[rstest]
+    #[tokio::test]
+    async fn test_filtered_list(#[future] components: Arc<Components>, mut headers: HeaderMap) {
+        let components = components.await;
+        let token = components
+            .token_repo
+            .write()
+            .await
+            .generate_token(
+                "with-one-bucket",
+                Permissions {
+                    read: vec!["bucket-1".to_string()],
+                    ..Default::default()
+                },
+            )
+            .unwrap();
+
+        headers.insert(
+            "Authorization",
+            HeaderValue::from_str(&format!("Bearer {}", token.value)).unwrap(),
+        );
+        let list = list(State(components), headers).await.unwrap();
+        assert_eq!(list.0.buckets.len(), 1);
+        assert_eq!(list.0.buckets[0].name, "bucket-1");
+    }
 }
diff --git a/reductstore/src/api/token/create.rs b/reductstore/src/api/token/create.rs
index e3271527d..ac214defe 100644
--- a/reductstore/src/api/token/create.rs
+++ b/reductstore/src/api/token/create.rs
@@ -16,7 +16,7 @@ pub(crate) async fn create_token(
     headers: HeaderMap,
     permissions: PermissionsAxum,
 ) -> Result<TokenCreateResponseAxum, HttpError> {
-    check_permissions(&components, headers, FullAccessPolicy {}).await?;
+    check_permissions(&components, &headers, FullAccessPolicy {}).await?;
 
     Ok(TokenCreateResponseAxum(
         components
diff --git a/reductstore/src/api/token/get.rs b/reductstore/src/api/token/get.rs
index 965a96c01..e77bd246e 100644
--- a/reductstore/src/api/token/get.rs
+++ b/reductstore/src/api/token/get.rs
@@ -15,7 +15,7 @@ pub(crate) async fn get_token(
     Path(token_name): Path<String>,
     headers: HeaderMap,
 ) -> Result<TokenAxum, HttpError> {
-    check_permissions(&components, headers, FullAccessPolicy {}).await?;
+    check_permissions(&components, &headers, FullAccessPolicy {}).await?;
 
     let mut token = components
         .token_repo
diff --git a/reductstore/src/api/token/list.rs b/reductstore/src/api/token/list.rs
index 9a106e74c..2c69f3f88 100644
--- a/reductstore/src/api/token/list.rs
+++ b/reductstore/src/api/token/list.rs
@@ -15,7 +15,7 @@ pub(crate) async fn list_tokens(
     State(components): State<Arc<Components>>,
     headers: HeaderMap,
 ) -> Result<TokenListAxum, HttpError> {
-    check_permissions(&components, headers, FullAccessPolicy {}).await?;
+    check_permissions(&components, &headers, FullAccessPolicy {}).await?;
     let token_repo = components.token_repo.read().await;
 
     let mut list = TokenListAxum::default();
diff --git a/reductstore/src/api/token/me.rs b/reductstore/src/api/token/me.rs
index cab9d098a..6b50876ab 100644
--- a/reductstore/src/api/token/me.rs
+++ b/reductstore/src/api/token/me.rs
@@ -15,7 +15,7 @@ pub(crate) async fn me(
     State(components): State<Arc<Components>>,
     headers: HeaderMap,
 ) -> Result<TokenAxum, HttpError> {
-    check_permissions(&components, headers.clone(), AuthenticatedPolicy {}).await?;
+    check_permissions(&components, &headers.clone(), AuthenticatedPolicy {}).await?;
     let header = match headers.get("Authorization") {
         Some(header) => header.to_str().ok(),
         None => None,
diff --git a/reductstore/src/api/token/remove.rs b/reductstore/src/api/token/remove.rs
index 581b235fa..f488f357f 100644
--- a/reductstore/src/api/token/remove.rs
+++ b/reductstore/src/api/token/remove.rs
@@ -14,7 +14,7 @@ pub(crate) async fn remove_token(
     Path(token_name): Path<String>,
     headers: HeaderMap,
 ) -> Result<(), HttpError> {
-    check_permissions(&components, headers, FullAccessPolicy {}).await?;
+    check_permissions(&components, &headers, FullAccessPolicy {}).await?;
 
     Ok(components
         .token_repo
diff --git a/reductstore/src/asset/asset_manager.rs b/reductstore/src/asset/asset_manager.rs
index 8a366e04b..2094e801b 100644
--- a/reductstore/src/asset/asset_manager.rs
+++ b/reductstore/src/asset/asset_manager.rs
@@ -5,6 +5,7 @@ use bytes::Bytes;
 use log::{debug, trace};
 use std::fs::File;
 use std::io::{Cursor, Read};
+use std::path::PathBuf;
 use tempfile::{tempdir, TempDir};
 use zip::ZipArchive;
 
@@ -21,6 +22,9 @@ pub trait ManageStaticAsset {
     ///
     /// The file content as string.
     fn read(&self, relative_path: &str) -> Result<Bytes, ReductError>;
+
+    /// Get the absolute path of a file extracted from the zip archive.
+    fn absolut_path(&self, relative_path: &str) -> Result<PathBuf, ReductError>;
 }
 
 /// Asset manager that reads files from a zip archive as hex string and returns them as string
@@ -95,6 +99,16 @@ impl ManageStaticAsset for ZipAssetManager {
 
         Ok(Bytes::from(content))
     }
+
+    fn absolut_path(&self, relative_path: &str) -> Result<PathBuf, ReductError> {
+        let path = self.path.path().join(relative_path);
+        if !path.try_exists()? {
+            return Err(ReductError::not_found(
+                format!("File {:?} not found", path).as_str(),
+            ));
+        }
+        Ok(path)
+    }
 }
 
 /// Empty asset manager that does not support any files
@@ -104,6 +118,10 @@ impl ManageStaticAsset for NoAssetManager {
     fn read(&self, _relative_path: &str) -> Result<Bytes, ReductError> {
         Err(ReductError::not_found("No static files supported"))
     }
+
+    fn absolut_path(&self, _relative_path: &str) -> Result<PathBuf, ReductError> {
+        Err(ReductError::not_found("No static files supported"))
+    }
 }
 
 pub fn create_asset_manager(zipped_content: &[u8]) -> Box<dyn ManageStaticAsset + Send + Sync> {
@@ -117,13 +135,79 @@ pub fn create_asset_manager(zipped_content: &[u8]) -> Box<dyn ManageStaticAsset
 #[cfg(test)]
 mod tests {
     use super::*;
-    use reduct_base::error::ReductError;
-
-    #[test]
-    fn test_empty_asset_manager() {
-        let asset_manager = create_asset_manager(&[]);
-        assert!(
-            asset_manager.read("test") == Err(ReductError::not_found("No static files supported"))
-        );
+    use rstest::rstest;
+
+    mod empty {
+        use super::*;
+        use reduct_base::not_found;
+        #[test]
+        fn test_empty_asset_manager() {
+            let asset_manager = create_asset_manager(&[]);
+            assert_eq!(
+                asset_manager.read("test"),
+                Err(not_found!("No static files supported"))
+            );
+        }
+
+        #[test]
+        fn test_absolute_path() {
+            let asset_manager = create_asset_manager(&[]);
+            assert_eq!(
+                asset_manager.absolut_path("test"),
+                Err(not_found!("No static files supported"))
+            );
+        }
+    }
+
+    mod zip_asset {
+        use super::*;
+        use reduct_base::error::ErrorCode;
+        use rstest::fixture;
+        use std::fs;
+        use std::fs::File;
+        use std::io::Write;
+        use zip::write::{ExtendedFileOptions, FileOptions};
+        use zip::ZipWriter;
+
+        #[rstest]
+        fn test_absolute_path(zip_file: PathBuf) {
+            let asset_manager = ZipAssetManager::new(fs::read(zip_file).unwrap().as_slice());
+            assert_eq!(
+                asset_manager.absolut_path("").unwrap(),
+                asset_manager.path.path()
+            );
+        }
+
+        #[rstest]
+        fn test_absolute_path_not_found(zip_file: PathBuf) {
+            let asset_manager = ZipAssetManager::new(fs::read(zip_file).unwrap().as_slice());
+            assert_eq!(
+                asset_manager.absolut_path("xxx.txt").unwrap_err().status,
+                ErrorCode::NotFound
+            );
+        }
+
+        #[rstest]
+        fn test_read(zip_file: PathBuf) {
+            let asset_manager = ZipAssetManager::new(fs::read(zip_file).unwrap().as_slice());
+            let content = asset_manager.read("test.txt").unwrap();
+            assert_eq!(content, Bytes::from("test"));
+        }
+
+        #[fixture]
+        fn zip_file() -> PathBuf {
+            let archive = tempdir().unwrap().keep().join("test.zip");
+            let mut file = File::create(archive.clone()).unwrap();
+            file.write_all(b"test").unwrap();
+
+            // crete zip file
+            let mut zip = ZipWriter::new(file);
+
+            zip.start_file::<&str, ExtendedFileOptions>("test.txt", FileOptions::default())
+                .unwrap();
+            zip.write_all(b"test").unwrap();
+            zip.finish().unwrap();
+            archive
+        }
     }
 }
diff --git a/reductstore/src/auth/policy.rs b/reductstore/src/auth/policy.rs
index 835122af7..d37382649 100644
--- a/reductstore/src/auth/policy.rs
+++ b/reductstore/src/auth/policy.rs
@@ -1,7 +1,8 @@
-// Copyright 2023 ReductSoftware UG
+// Copyright 2023-2025 ReductSoftware UG
 // Licensed under the Business Source License 1.1
 use reduct_base::error::ReductError;
 
+use reduct_base::forbidden;
 use reduct_base::msg::token_api::Token;
 
 /// Policy is a trait that defines the interface for a policy.
@@ -46,80 +47,83 @@ pub struct FullAccessPolicy {}
 
 impl Policy for FullAccessPolicy {
     fn validate(&self, token: Result<Token, ReductError>) -> Result<(), ReductError> {
-        if token?
-            .permissions
-            .ok_or(ReductError::internal_server_error("No permissions set"))?
-            .full_access
-        {
+        let token = token?;
+        if token.permissions.unwrap_or_default().full_access {
             Ok(())
         } else {
-            Err(ReductError::forbidden("Token doesn't have full access"))
+            Err(forbidden!(
+                "Token '{}' doesn't have full access",
+                token.name
+            ))
         }
     }
 }
 
 /// ReadAccessPolicy validates a token that has read access for a certain bucket
-pub struct ReadAccessPolicy {
-    pub(crate) bucket: String,
+pub struct ReadAccessPolicy<'a> {
+    pub(crate) bucket: &'a str,
 }
 
-impl Policy for ReadAccessPolicy {
+impl Policy for ReadAccessPolicy<'_> {
     fn validate(&self, token: Result<Token, ReductError>) -> Result<(), ReductError> {
-        let permissions = &token?
-            .permissions
-            .ok_or(ReductError::internal_server_error("No permissions set"))?;
+        let token = token?;
+        let permissions = &token.permissions.unwrap_or_default();
 
         if permissions.full_access {
             return Ok(());
         }
 
-        for bucket in &permissions.read {
-            if bucket == &self.bucket {
-                return Ok(());
-            }
+        if check_bucket_permissions(&permissions.read, self.bucket) {
+            return Ok(());
         }
 
-        Err(ReductError::forbidden(
-            format!(
-                "Token doesn't have read access for the {} bucket",
-                self.bucket
-            )
-            .as_str(),
+        Err(forbidden!(
+            "Token '{}' doesn't have read access to bucket '{}'",
+            token.name,
+            self.bucket
         ))
     }
 }
 
 /// WriteAccessPolicy validates a token that has write access for a certain bucket
-pub struct WriteAccessPolicy {
-    pub(crate) bucket: String,
+pub struct WriteAccessPolicy<'a> {
+    pub(crate) bucket: &'a str,
 }
 
-impl Policy for WriteAccessPolicy {
+impl Policy for WriteAccessPolicy<'_> {
     fn validate(&self, token: Result<Token, ReductError>) -> Result<(), ReductError> {
-        let permissions = &token?
-            .permissions
-            .ok_or(ReductError::internal_server_error("No permissions set"))?;
+        let token = token?;
+        let permissions = &token.permissions.unwrap_or_default();
 
         if permissions.full_access {
             return Ok(());
         }
 
-        for bucket in &permissions.write {
-            if bucket == &self.bucket {
-                return Ok(());
-            }
+        if check_bucket_permissions(&permissions.write, self.bucket) {
+            return Ok(());
         }
 
-        Err(ReductError::forbidden(
-            format!(
-                "Token doesn't have write access for the {} bucket",
-                self.bucket
-            )
-            .as_str(),
+        Err(forbidden!(
+            "Token '{}' doesn't have write access to bucket '{}'",
+            token.name,
+            self.bucket
         ))
     }
 }
 
+fn check_bucket_permissions(token_list: &Vec<String>, bucket: &str) -> bool {
+    for token_bucket in token_list {
+        // Check if the token has access for the specified bucket with wildcard support
+        let wildcard_bucket = token_bucket.ends_with('*');
+        if token_bucket == bucket
+            || (wildcard_bucket && bucket.starts_with(&token_bucket[..token_bucket.len() - 1]))
+        {
+            return true;
+        }
+    }
+    false
+}
+
 #[cfg(test)]
 mod tests {
     use super::*;
@@ -129,9 +133,7 @@ mod tests {
     fn test_anonymous_policy() {
         let policy = AnonymousPolicy {};
         assert!(policy.validate(Ok(Token::default())).is_ok());
-        assert!(policy
-            .validate(Err(ReductError::forbidden("Invalid token")))
-            .is_ok());
+        assert!(policy.validate(Err(forbidden!("Invalid token"))).is_ok());
     }
 
     #[test]
@@ -139,8 +141,8 @@ mod tests {
         let policy = AuthenticatedPolicy {};
         assert!(policy.validate(Ok(Token::default())).is_ok());
         assert_eq!(
-            policy.validate(Err(ReductError::forbidden("Invalid token"))),
-            Err(ReductError::forbidden("Invalid token"))
+            policy.validate(Err(forbidden!("Invalid token"))),
+            Err(forbidden!("Invalid token"))
         );
     }
 
@@ -148,6 +150,7 @@ mod tests {
     fn test_full_access_policy() {
         let policy = FullAccessPolicy {};
         let mut token = Token {
+            name: "test_token".to_string(),
             permissions: Some(Permissions {
                 full_access: true,
                 read: vec![],
@@ -160,21 +163,20 @@ mod tests {
         token.permissions.as_mut().unwrap().full_access = false;
         assert_eq!(
             policy.validate(Ok(token)),
-            Err(ReductError::forbidden("Token doesn't have full access"))
+            Err(forbidden!("Token 'test_token' doesn't have full access"))
         );
 
         assert_eq!(
-            policy.validate(Err(ReductError::forbidden("Invalid token"))),
-            Err(ReductError::forbidden("Invalid token"))
+            policy.validate(Err(forbidden!("Invalid token"))),
+            Err(forbidden!("Invalid token"))
         );
     }
 
     #[test]
     fn test_read_access_policy() {
-        let policy = ReadAccessPolicy {
-            bucket: "bucket".to_string(),
-        };
+        let policy = ReadAccessPolicy { bucket: "bucket" };
         let mut token = Token {
+            name: "test_token".to_string(),
             permissions: Some(Permissions {
                 full_access: true,
                 read: vec![],
@@ -190,24 +192,29 @@ mod tests {
 
         token.permissions.as_mut().unwrap().read = vec!["bucket2".to_string()];
         assert_eq!(
-            policy.validate(Ok(token)),
-            Err(ReductError::forbidden(
-                "Token doesn't have read access for the bucket bucket"
+            policy.validate(Ok(token.clone())),
+            Err(forbidden!(
+                "Token 'test_token' doesn't have read access to bucket 'bucket'"
             ))
         );
 
+        token.permissions.as_mut().unwrap().read = vec!["bucket*".to_string()];
+        assert!(policy.validate(Ok(token.clone())).is_ok());
+
+        token.permissions.as_mut().unwrap().read = vec!["*".to_string()];
+        assert!(policy.validate(Ok(token)).is_ok());
+
         assert_eq!(
-            policy.validate(Err(ReductError::forbidden("Invalid token"))),
-            Err(ReductError::forbidden("Invalid token"))
+            policy.validate(Err(forbidden!("Invalid token"))),
+            Err(forbidden!("Invalid token"))
         );
     }
 
     #[test]
     fn test_write_access_policy() {
-        let policy = WriteAccessPolicy {
-            bucket: "bucket".to_string(),
-        };
+        let policy = WriteAccessPolicy { bucket: "bucket" };
         let mut token = Token {
+            name: "test_token".to_string(),
             permissions: Some(Permissions {
                 full_access: true,
                 read: vec![],
@@ -223,15 +230,21 @@ mod tests {
 
         token.permissions.as_mut().unwrap().write = vec!["bucket2".to_string()];
         assert_eq!(
-            policy.validate(Ok(token)),
-            Err(ReductError::forbidden(
-                "Token doesn't have write access for the bucket bucket"
+            policy.validate(Ok(token.clone())),
+            Err(forbidden!(
+                "Token 'test_token' doesn't have write access to bucket 'bucket'"
             ))
         );
 
+        token.permissions.as_mut().unwrap().write = vec!["bucket*".to_string()];
+        assert!(policy.validate(Ok(token.clone())).is_ok());
+
+        token.permissions.as_mut().unwrap().write = vec!["*".to_string()];
+        assert!(policy.validate(Ok(token)).is_ok());
+
         assert_eq!(
-            policy.validate(Err(ReductError::forbidden("Invalid token"))),
-            Err(ReductError::forbidden("Invalid token"))
+            policy.validate(Err(forbidden!("Invalid token"))),
+            Err(forbidden!("Invalid token"))
         );
     }
 }
diff --git a/reductstore/src/auth/token_auth.rs b/reductstore/src/auth/token_auth.rs
index bfb5daee6..341c53b0b 100644
--- a/reductstore/src/auth/token_auth.rs
+++ b/reductstore/src/auth/token_auth.rs
@@ -1,4 +1,4 @@
-// Copyright 2023 ReductSoftware UG
+// Copyright 2023-2025 ReductSoftware UG
 // Licensed under the Business Source License 1.1
 
 use crate::auth::policy::Policy;
@@ -6,7 +6,7 @@ use crate::auth::token_repository::ManageTokens;
 use reduct_base::error::ReductError;
 
 /// Authorization by token
-pub struct TokenAuthorization {
+pub(crate) struct TokenAuthorization {
     api_token: String,
 }
 
@@ -91,7 +91,7 @@ mod tests {
     }
 
     fn setup() -> (Box<dyn ManageTokens>, TokenAuthorization) {
-        let repo = create_token_repository(tempdir().unwrap().into_path(), "test");
+        let repo = create_token_repository(tempdir().unwrap().keep(), "test");
         let auth = TokenAuthorization::new("test");
 
         (repo, auth)
diff --git a/reductstore/src/auth/token_repository.rs b/reductstore/src/auth/token_repository.rs
index 19cf79452..d931dceb3 100644
--- a/reductstore/src/auth/token_repository.rs
+++ b/reductstore/src/auth/token_repository.rs
@@ -1,8 +1,9 @@
-// Copyright 2023-2024 ReductSoftware UG
+// Copyright 2023-2025 ReductSoftware UG
 // Licensed under the Business Source License 1.1
 
 use crate::auth::proto::token::Permissions as ProtoPermissions;
 use crate::auth::proto::{Token as ProtoToken, TokenRepo as ProtoTokenRepo, TokenRepo};
+use crate::core::file_cache::FILE_CACHE;
 use chrono::{DateTime, Utc};
 use log::{debug, warn};
 use prost::bytes::Bytes;
@@ -10,19 +11,20 @@ use prost::Message;
 use prost_wkt_types::Timestamp;
 use rand::Rng;
 use reduct_base::error::ReductError;
+use reduct_base::msg::token_api::{Permissions, Token, TokenCreateResponse};
 use reduct_base::{
     bad_request, conflict, internal_server_error, not_found, unauthorized, unprocessable_entity,
 };
+use regex::Regex;
 use std::collections::HashMap;
+use std::io::{Read, SeekFrom, Write};
 use std::path::PathBuf;
 use std::time::{Duration, SystemTime, UNIX_EPOCH};
 
-use reduct_base::msg::token_api::{Permissions, Token, TokenCreateResponse};
-
 const TOKEN_REPO_FILE_NAME: &str = ".auth";
 const INIT_TOKEN_NAME: &str = "init-token";
 
-pub trait ManageTokens {
+pub(crate) trait ManageTokens {
     /// Create a new token
     ///
     /// # Arguments
@@ -39,14 +41,6 @@ pub trait ManageTokens {
         permissions: Permissions,
     ) -> Result<TokenCreateResponse, ReductError>;
 
-    /// Update a token
-    ///
-    /// # Arguments
-    ///
-    /// `name` - The name of the token
-    /// `permissions` - The permissions of the token
-    fn update_token(&mut self, name: &str, permissions: Permissions) -> Result<(), ReductError>;
-
     /// Get a token by name
     ///
     /// # Arguments
@@ -120,9 +114,10 @@ pub trait ManageTokens {
 struct TokenRepository {
     config_path: PathBuf,
     repo: HashMap<String, Token>,
+    permission_regex: Regex,
 }
 
-pub fn parse_bearer_token(authorization_header: &str) -> Result<String, ReductError> {
+pub(crate) fn parse_bearer_token(authorization_header: &str) -> Result<String, ReductError> {
     if !authorization_header.starts_with("Bearer ") {
         return Err(ReductError::unauthorized(
             "No bearer token in request header",
@@ -152,7 +147,7 @@ impl From<Token> for ProtoToken {
                 seconds: token.created_at.timestamp(),
                 nanos: token.created_at.timestamp_subsec_nanos() as i32,
             }),
-            permissions: permissions,
+            permissions,
         }
     }
 }
@@ -207,15 +202,31 @@ impl TokenRepository {
         }
 
         // Load the token repository from the file system
-        let mut token_repository = TokenRepository { config_path, repo };
+        let permission_regex =
+            Regex::new(r"^[*a-zA-Z0-9_\-]+$").expect("Invalid regex for permissions");
+        let mut token_repository = TokenRepository {
+            config_path,
+            repo,
+            permission_regex,
+        };
 
-        match std::fs::read(&token_repository.config_path) {
-            Ok(data) => {
+        let lock = FILE_CACHE.read(&token_repository.config_path, SeekFrom::Start(0));
+        match lock {
+            Ok(lock) => {
                 debug!(
                     "Loading token repository from {}",
                     token_repository.config_path.as_path().display()
                 );
-                let toke_repository = ProtoTokenRepo::decode(&mut Bytes::from(data))
+
+                let mut buf = Vec::new();
+                lock.upgrade()
+                    .unwrap()
+                    .write()
+                    .unwrap()
+                    .read_to_end(&mut buf)
+                    .expect("Could not read token repository");
+
+                let toke_repository = ProtoTokenRepo::decode(&mut Bytes::from(buf))
                     .expect("Could not decode token repository");
                 for token in toke_repository.tokens {
                     token_repository
@@ -264,7 +275,14 @@ impl TokenRepository {
         let mut buf = Vec::new();
         repo.encode(&mut buf)
             .map_err(|_| ReductError::internal_server_error("Could not encode token repository"))?;
-        std::fs::write(&self.config_path, buf).map_err(|err| {
+
+        let lock = FILE_CACHE
+            .write_or_create(&self.config_path, SeekFrom::Start(0))?
+            .upgrade()?;
+
+        let mut file = lock.write()?;
+        file.set_len(0)?;
+        file.write_all(&buf).map_err(|err| {
             internal_server_error!(
                 "Could not write token repository to {}: {}",
                 self.config_path.as_path().display(),
@@ -272,6 +290,7 @@ impl TokenRepository {
             )
         })?;
 
+        file.sync_all()?;
         Ok(())
     }
 }
@@ -292,6 +311,15 @@ impl ManageTokens for TokenRepository {
             return Err(conflict!("Token '{}' already exists", name));
         }
 
+        for entry in permissions.read.iter().chain(&permissions.write) {
+            if !self.permission_regex.is_match(entry) {
+                return Err(unprocessable_entity!(
+                    "Permission can contain only bucket names or wildcard '*', got '{}'",
+                    entry
+                ));
+            }
+        }
+
         let created_at = DateTime::<Utc>::from(SystemTime::now());
 
         // Create a random hex string
@@ -314,24 +342,6 @@ impl ManageTokens for TokenRepository {
         Ok(TokenCreateResponse { value, created_at })
     }
 
-    fn update_token(&mut self, name: &str, permissions: Permissions) -> Result<(), ReductError> {
-        match self.repo.get(name) {
-            Some(token) => {
-                if token.is_provisioned {
-                    Err(conflict!("Can't update provisioned token '{}'", name))
-                } else {
-                    let mut updated_token = token.clone();
-                    updated_token.permissions = Some(permissions);
-                    self.repo.insert(name.to_string(), updated_token);
-                    self.save_repo()?;
-                    Ok(())
-                }
-            }
-
-            None => Err(not_found!("Token '{}' doesn't exist", name)),
-        }
-    }
-
     fn get_token(&self, name: &str) -> Result<&Token, ReductError> {
         match self.repo.get(name) {
             Some(token) => Ok(token),
@@ -442,10 +452,6 @@ impl ManageTokens for NoAuthRepository {
         Err(bad_request!("Authentication is disabled"))
     }
 
-    fn update_token(&mut self, _name: &str, _permissions: Permissions) -> Result<(), ReductError> {
-        Err(bad_request!("Authentication is disabled"))
-    }
-
     fn get_token(&self, _name: &str) -> Result<&Token, ReductError> {
         Err(bad_request!("Authentication is disabled"))
     }
@@ -488,7 +494,7 @@ impl ManageTokens for NoAuthRepository {
 /// Creates a token repository
 ///
 /// If `init_token` is empty, the repository will be stubbed and authentication will be disabled.
-pub fn create_token_repository(
+pub(crate) fn create_token_repository(
     path: PathBuf,
     init_token: &str,
 ) -> Box<dyn ManageTokens + Send + Sync> {
@@ -601,109 +607,51 @@ mod tests {
 
             assert_eq!(token, Err(bad_request!("Authentication is disabled")));
         }
-    }
-
-    mod update_token {
-        use super::*;
-        #[rstest]
-        fn test_update_token_ok(mut repo: Box<dyn ManageTokens>) {
-            let token = repo
-                .update_token(
-                    "test",
-                    Permissions {
-                        full_access: false,
-                        read: vec!["test".to_string()],
-                        write: vec![],
-                    },
-                )
-                .unwrap();
-
-            assert_eq!(token, ());
-
-            let token = repo.get_token("test").unwrap().clone();
-
-            assert_eq!(token.name, "test");
-
-            let permissions = token.permissions.unwrap();
-            assert_eq!(permissions.full_access, false);
-            assert_eq!(permissions.read, vec!["test".to_string()]);
-        }
 
         #[rstest]
-        fn test_update_token_not_found(mut repo: Box<dyn ManageTokens>) {
-            let token = repo.update_token(
+        #[case("*", None)]
+        #[case("bucket_1", None)]
+        #[case("bucket_2", None)]
+        #[case("bucket-*", None)]
+        #[case("%!", Some(unprocessable_entity!("Permission can contain only bucket names or wildcard '*', got '%!'")))]
+        fn test_create_token_check_format_read(
+            mut repo: Box<dyn ManageTokens>,
+            #[case] bucket: &str,
+            #[case] expected: Option<ReductError>,
+        ) {
+            let token = repo.generate_token(
                 "test-1",
                 Permissions {
                     full_access: true,
-                    read: vec![],
+                    read: vec![bucket.to_string()],
                     write: vec![],
                 },
             );
 
-            assert_eq!(
-                token,
-                Err(ReductError::not_found("Token 'test-1' doesn't exist"))
-            );
-        }
-
-        #[rstest]
-        fn test_update_token_persistent(path: PathBuf) {
-            let mut repo = create_token_repository(path.clone(), "test");
-            repo.generate_token(
-                "test",
-                Permissions {
-                    full_access: true,
-                    read: vec![],
-                    write: vec![],
-                },
-            )
-            .unwrap();
-
-            repo.update_token(
-                "test",
-                Permissions {
-                    full_access: false,
-                    read: vec!["test".to_string()],
-                    write: vec![],
-                },
-            )
-            .unwrap();
-
-            let repo = create_token_repository(path.clone(), "test");
-            let token = repo.get_token("test").unwrap().clone();
-
-            assert_eq!(token.name, "test");
-
-            let permissions = token.permissions.unwrap();
-            assert_eq!(permissions.full_access, false);
-            assert_eq!(permissions.read, vec!["test".to_string()]);
+            assert_eq!(token.err(), expected);
         }
 
         #[rstest]
-        fn test_update_provisioned_token(mut repo: Box<dyn ManageTokens>) {
-            let token = repo.get_mut_token("test").unwrap();
-            token.is_provisioned = true;
-
-            let token = repo.update_token("test", Permissions::default());
-
-            assert_eq!(
-                token,
-                Err(conflict!("Can't update provisioned token 'test'"))
-            );
-        }
-
-        #[rstest]
-        fn test_update_token_no_init_token(mut disabled_repo: Box<dyn ManageTokens>) {
-            let token = disabled_repo.update_token(
-                "test",
+        #[case("*", None)]
+        #[case("bucket_1", None)]
+        #[case("bucket_2", None)]
+        #[case("bucket-*", None)]
+        #[case("%!", Some(unprocessable_entity!("Permission can contain only bucket names or wildcard '*', got '%!'")))]
+        fn test_create_token_check_format_write(
+            mut repo: Box<dyn ManageTokens>,
+            #[case] bucket: &str,
+            #[case] expected: Option<ReductError>,
+        ) {
+            let token = repo.generate_token(
+                "test-1",
                 Permissions {
                     full_access: true,
                     read: vec![],
-                    write: vec![],
+                    write: vec![bucket.to_string()],
                 },
             );
 
-            assert_eq!(token, Err(bad_request!("Authentication is disabled")));
+            assert_eq!(token.err(), expected);
         }
     }
 
@@ -934,7 +882,7 @@ mod tests {
 
     #[fixture]
     fn path() -> PathBuf {
-        tempdir().unwrap().into_path()
+        tempdir().unwrap().keep()
     }
 
     #[fixture]
diff --git a/reductstore/src/backend.rs b/reductstore/src/backend.rs
new file mode 100644
index 000000000..e168fdca5
--- /dev/null
+++ b/reductstore/src/backend.rs
@@ -0,0 +1,605 @@
+// Copyright 2025 ReductSoftware UG
+// This Source Code Form is subject to the terms of the Mozilla Public
+//    License, v. 2.0. If a copy of the MPL was not distributed with this
+//    file, You can obtain one at https://mozilla.org/MPL/2.0/.
+
+#[cfg(feature = "fs-backend")]
+pub(super) mod fs;
+
+pub(super) mod remote;
+
+pub(crate) mod file;
+mod noop;
+
+use crate::backend::file::{AccessMode, OpenOptions};
+use crate::backend::noop::NoopBackend;
+use reduct_base::error::ReductError;
+use reduct_base::internal_server_error;
+use std::path::{Path, PathBuf};
+use std::sync::Arc;
+
+pub(crate) trait StorageBackend {
+    fn path(&self) -> &PathBuf;
+    fn rename(&self, from: &Path, to: &Path) -> std::io::Result<()>;
+
+    fn remove(&self, path: &Path) -> std::io::Result<()>;
+
+    fn remove_dir_all(&self, path: &Path) -> std::io::Result<()>;
+
+    fn create_dir_all(&self, path: &Path) -> std::io::Result<()>;
+
+    fn read_dir(&self, path: &Path) -> std::io::Result<Vec<PathBuf>>;
+
+    fn try_exists(&self, _path: &Path) -> std::io::Result<bool>;
+
+    fn upload(&self, path: &Path) -> std::io::Result<()>;
+
+    fn download(&self, path: &Path) -> std::io::Result<()>;
+
+    fn update_local_cache(&self, path: &Path, mode: &AccessMode) -> std::io::Result<()>;
+
+    fn invalidate_locally_cached_files(&self) -> Vec<PathBuf>;
+}
+
+pub type BoxedBackend = Box<dyn StorageBackend + Send + Sync>;
+
+#[derive(Default, Clone, Debug, PartialEq)]
+pub enum BackendType {
+    #[cfg(feature = "fs-backend")]
+    #[default]
+    Filesystem,
+    #[cfg(feature = "s3-backend")]
+    S3,
+}
+
+#[derive(Default)]
+pub struct BackpackBuilder {
+    backend_type: BackendType,
+
+    local_data_path: Option<String>,
+    remote_bucket: Option<String>,
+    remote_cache_path: Option<String>,
+    remote_region: Option<String>,
+    remote_endpoint: Option<String>,
+    remote_access_key: Option<String>,
+    remote_secret_key: Option<String>,
+    remote_cache_size: Option<u64>,
+}
+
+impl BackpackBuilder {
+    pub fn new() -> Self {
+        Self::default()
+    }
+
+    pub fn backend_type(mut self, backend_type: BackendType) -> Self {
+        self.backend_type = backend_type;
+        self
+    }
+
+    pub fn local_data_path(mut self, path: &str) -> Self {
+        self.local_data_path = Some(path.to_string());
+        self
+    }
+
+    pub fn remote_bucket(mut self, bucket: &str) -> Self {
+        self.remote_bucket = Some(bucket.to_string());
+        self
+    }
+
+    pub fn remote_cache_path(mut self, path: &str) -> Self {
+        self.remote_cache_path = Some(path.to_string());
+        self
+    }
+
+    pub fn cache_size(mut self, size: u64) -> Self {
+        self.remote_cache_size = Some(size);
+        self
+    }
+
+    pub fn remote_region(mut self, region: &str) -> Self {
+        self.remote_region = Some(region.to_string());
+        self
+    }
+
+    pub fn remote_endpoint(mut self, endpoint: &str) -> Self {
+        self.remote_endpoint = Some(endpoint.to_string());
+        self
+    }
+
+    pub fn remote_access_key(mut self, access_key: &str) -> Self {
+        self.remote_access_key = Some(access_key.to_string());
+        self
+    }
+
+    pub fn remote_secret_key(mut self, secret_key: &str) -> Self {
+        self.remote_secret_key = Some(secret_key.to_string());
+        self
+    }
+
+    pub fn try_build(self) -> Result<Backend, ReductError> {
+        let backend: BoxedBackend = match self.backend_type {
+            #[cfg(feature = "fs-backend")]
+            BackendType::Filesystem => {
+                let Some(data_path) = self.local_data_path else {
+                    Err(internal_server_error!(
+                        "local_data_path is required for Filesystem backend",
+                    ))?
+                };
+
+                Box::new(fs::FileSystemBackend::new(PathBuf::from(data_path)))
+            }
+
+            #[cfg(feature = "s3-backend")]
+            BackendType::S3 => {
+                let Some(bucket) = self.remote_bucket else {
+                    Err(internal_server_error!(
+                        "remote_bucket is required remote S3 backend"
+                    ))?
+                };
+
+                let Some(cache_path) = self.remote_cache_path else {
+                    Err(internal_server_error!(
+                        "remote_cache_path is required remote S3 backend"
+                    ))?
+                };
+
+                let Some(access_key) = self.remote_access_key else {
+                    Err(internal_server_error!(
+                        "remote_access_key is required for S3 backend"
+                    ))?
+                };
+
+                let Some(secret_key) = self.remote_secret_key else {
+                    Err(internal_server_error!(
+                        "remote_secret_key is required for S3 backend"
+                    ))?
+                };
+
+                let Some(cache_size) = self.remote_cache_size else {
+                    Err(internal_server_error!(
+                        "remote_cache_size is required for S3 backend"
+                    ))?
+                };
+
+                let settings = remote::RemoteBackendSettings {
+                    connector_type: BackendType::S3,
+                    cache_path: PathBuf::from(cache_path),
+                    endpoint: self.remote_endpoint,
+                    access_key,
+                    secret_key,
+                    region: self.remote_region,
+                    bucket,
+                    cache_size,
+                };
+
+                Box::new(remote::RemoteBackend::new(settings))
+            }
+        };
+
+        Ok(Backend {
+            backend: Arc::new(backend),
+        })
+    }
+}
+
+pub struct Backend {
+    backend: Arc<BoxedBackend>,
+}
+
+impl Default for Backend {
+    fn default() -> Self {
+        Self {
+            backend: Arc::new(Box::new(NoopBackend::new())),
+        }
+    }
+}
+
+impl Backend {
+    pub fn builder() -> BackpackBuilder {
+        BackpackBuilder::new()
+    }
+
+    /// Create a new instance of `fs::OpenOptions`.
+    pub fn open_options(&self) -> OpenOptions {
+        OpenOptions::new(Arc::clone(&self.backend))
+    }
+
+    pub fn rename<P: AsRef<std::path::Path>, Q: AsRef<std::path::Path>>(
+        &self,
+        from: P,
+        to: Q,
+    ) -> std::io::Result<()> {
+        self.backend.rename(from.as_ref(), to.as_ref())
+    }
+
+    pub fn remove<P: AsRef<std::path::Path>>(&self, path: P) -> std::io::Result<()> {
+        self.backend.remove(path.as_ref())
+    }
+
+    pub fn remove_dir_all<P: AsRef<std::path::Path>>(&self, path: P) -> std::io::Result<()> {
+        self.backend.remove_dir_all(path.as_ref())
+    }
+
+    pub fn create_dir_all<P: AsRef<std::path::Path>>(&self, path: P) -> std::io::Result<()> {
+        self.backend.create_dir_all(path.as_ref())
+    }
+
+    pub fn read_dir(&self, path: &PathBuf) -> std::io::Result<Vec<PathBuf>> {
+        self.backend.read_dir(path)
+    }
+
+    pub fn try_exists<P: AsRef<std::path::Path>>(&self, path: P) -> std::io::Result<bool> {
+        self.backend.try_exists(path.as_ref())
+    }
+
+    pub fn invalidate_locally_cached_files(&self) -> Vec<PathBuf> {
+        self.backend.invalidate_locally_cached_files()
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+    use mockall::mock;
+    use rstest::*;
+    use tempfile::tempdir;
+
+    #[cfg(feature = "fs-backend")]
+    mod fs {
+        use super::*;
+        #[rstest]
+        fn test_backend_builder_fs() {
+            {
+                let backend = Backend::builder()
+                    .backend_type(BackendType::Filesystem)
+                    .local_data_path("/tmp/data")
+                    .try_build()
+                    .expect("Failed to build Filesystem backend");
+                assert_eq!(backend.backend.path(), &PathBuf::from("/tmp/data"));
+            }
+        }
+    }
+
+    #[cfg(feature = "s3-backend")]
+    mod s3 {
+        use super::*;
+        #[rstest]
+        fn test_backend_builder_s3() {
+            {
+                let backend = Backend::builder()
+                    .backend_type(BackendType::S3)
+                    .remote_bucket("my-bucket")
+                    .remote_cache_path("/tmp/cache")
+                    .remote_region("us-east-1")
+                    .remote_endpoint("http://localhost:9000")
+                    .remote_access_key("access_key")
+                    .remote_secret_key("secret_key")
+                    .cache_size(1024 * 1024 * 1024) // 1 GB
+                    .try_build()
+                    .expect("Failed to build S3 backend");
+                assert_eq!(backend.backend.path(), &PathBuf::from("/tmp/cache"));
+            }
+        }
+
+        #[rstest]
+        fn test_backend_builder_s3_bucket_missing() {
+            let err = Backend::builder()
+                .backend_type(BackendType::S3)
+                .remote_cache_path("/tmp/cache")
+                .remote_region("us-east-1")
+                .remote_endpoint("http://localhost:9000")
+                .remote_access_key("access_key")
+                .remote_secret_key("secret_key")
+                .cache_size(1024 * 1024 * 1024) // 1 GB
+                .try_build()
+                .err()
+                .unwrap();
+
+            assert_eq!(
+                err,
+                internal_server_error!("remote_bucket is required remote S3 backend")
+            );
+        }
+
+        #[rstest]
+        fn test_backend_builder_s3_cache_path_missing() {
+            let err = Backend::builder()
+                .backend_type(BackendType::S3)
+                .remote_bucket("my-bucket")
+                .remote_region("us-east-1")
+                .remote_endpoint("http://localhost:9000")
+                .remote_access_key("access_key")
+                .remote_secret_key("secret_key")
+                .cache_size(1024 * 1024 * 1024) // 1 GB
+                .try_build()
+                .err()
+                .unwrap();
+
+            assert_eq!(
+                err,
+                internal_server_error!("remote_cache_path is required remote S3 backend")
+            );
+        }
+
+        #[rstest]
+        fn test_backend_builder_s3_region_missing() {
+            let result = Backend::builder()
+                .backend_type(BackendType::S3)
+                .remote_bucket("my-bucket")
+                .remote_cache_path("/tmp/cache")
+                .remote_region("us-east-1")
+                .remote_endpoint("http://localhost:9000")
+                .remote_access_key("access_key")
+                .remote_secret_key("secret_key")
+                .cache_size(1024 * 1024 * 1024) // 1 GB
+                .try_build();
+
+            assert!(
+                result.is_ok(),
+                "Is not needed for MinIO and other S3-compatible storages"
+            );
+        }
+
+        #[rstest]
+        fn test_backend_builder_s3_endpoint_missing() {
+            let result = Backend::builder()
+                .backend_type(BackendType::S3)
+                .remote_bucket("my-bucket")
+                .remote_cache_path("/tmp/cache")
+                .remote_region("us-east-1")
+                .remote_access_key("access_key")
+                .remote_secret_key("secret_key")
+                .cache_size(1024 * 1024 * 1024)
+                .try_build();
+
+            assert!(
+                result.is_ok(),
+                "Is not needed for AWS S3 and other S3-compatible storages"
+            );
+        }
+
+        #[rstest]
+        fn test_backend_builder_s3_access_key_missing() {
+            let err = Backend::builder()
+                .backend_type(BackendType::S3)
+                .remote_bucket("my-bucket")
+                .remote_cache_path("/tmp/cache")
+                .remote_region("us-east-1")
+                .remote_endpoint("http://localhost:9000")
+                .remote_secret_key("secret_key")
+                .cache_size(1024 * 1024 * 1024)
+                .try_build()
+                .err()
+                .unwrap();
+
+            assert_eq!(
+                err,
+                internal_server_error!("remote_access_key is required for S3 backend")
+            );
+        }
+
+        #[rstest]
+        fn test_backend_builder_s3_secret_key_missing() {
+            let err = Backend::builder()
+                .backend_type(BackendType::S3)
+                .remote_bucket("my-bucket")
+                .remote_cache_path("/tmp/cache")
+                .remote_region("us-east-1")
+                .remote_endpoint("http://localhost:9000")
+                .remote_access_key("access_key")
+                .cache_size(1024 * 1024 * 1024)
+                .try_build()
+                .err()
+                .unwrap();
+
+            assert_eq!(
+                err,
+                internal_server_error!("remote_secret_key is required for S3 backend")
+            );
+        }
+
+        #[rstest]
+        fn test_backend_builder_s3_cache_size_missing() {
+            let err = Backend::builder()
+                .backend_type(BackendType::S3)
+                .backend_type(BackendType::S3)
+                .remote_bucket("my-bucket")
+                .remote_cache_path("/tmp/cache")
+                .remote_region("us-east-1")
+                .remote_endpoint("http://localhost:9000")
+                .remote_access_key("access_key")
+                .remote_secret_key("secret_key")
+                .try_build()
+                .err()
+                .unwrap();
+
+            assert_eq!(
+                err,
+                internal_server_error!("remote_cache_size is required for S3 backend")
+            );
+        }
+    }
+
+    mod open {
+        use super::*;
+        #[rstest]
+        fn test_backend_open_options(mut mock_backend: MockBackend) {
+            let path = mock_backend.path().join("test.txt").clone();
+
+            // download because it is not cached yet
+            mock_backend
+                .expect_try_exists()
+                .returning(move |_| Ok(true));
+            mock_backend.expect_download().returning(move |p| {
+                assert_eq!(path, p);
+                Ok(())
+            });
+
+            let backend = build_backend(mock_backend);
+            let file = backend
+                .open_options()
+                .create(true)
+                .write(true)
+                .open("test.txt")
+                .unwrap();
+
+            assert!(file.is_synced());
+            assert_eq!(file.mode(), &AccessMode::ReadWrite);
+            assert_eq!(file.metadata().unwrap().len(), 0);
+        }
+    }
+
+    mod rename {
+        use super::*;
+
+        #[rstest]
+        fn test_backend_rename(mut mock_backend: MockBackend) {
+            mock_backend
+                .expect_rename()
+                .returning(move |old_path, new_path| {
+                    assert_eq!(old_path, Path::new("old_name.txt"));
+                    assert_eq!(new_path, Path::new("new_name.txt"));
+                    Ok(())
+                });
+
+            let backend = build_backend(mock_backend);
+            backend.rename("old_name.txt", "new_name.txt").unwrap();
+        }
+    }
+
+    mod remove {
+        use super::*;
+
+        #[rstest]
+        fn test_backend_remove(mut mock_backend: MockBackend) {
+            mock_backend.expect_remove().returning(move |path| {
+                assert_eq!(path, Path::new("temp_file.txt"));
+                Ok(())
+            });
+
+            let backend = build_backend(mock_backend);
+            backend.remove("temp_file.txt").unwrap();
+        }
+    }
+
+    mod remove_dir_all {
+        use super::*;
+
+        #[rstest]
+        fn test_backend_remove_dir_all(mut mock_backend: MockBackend) {
+            mock_backend.expect_remove_dir_all().returning(move |path| {
+                assert_eq!(path, Path::new("temp_dir"));
+                Ok(())
+            });
+
+            let backend = build_backend(mock_backend);
+            backend.remove_dir_all("temp_dir").unwrap();
+        }
+    }
+
+    mod create_dir_all {
+        use super::*;
+
+        #[rstest]
+        fn test_backend_create_dir_all(mut mock_backend: MockBackend) {
+            mock_backend.expect_create_dir_all().returning(move |path| {
+                assert_eq!(path, Path::new("new_dir"));
+                Ok(())
+            });
+
+            let backend = build_backend(mock_backend);
+            backend.create_dir_all("new_dir").unwrap();
+        }
+    }
+
+    mod read_dir {
+        use super::*;
+
+        #[rstest]
+        fn test_backend_read_dir(mut mock_backend: MockBackend) {
+            let expected_files = vec![PathBuf::from("file1.txt"), PathBuf::from("file2.txt")];
+            let copy_of_expected = expected_files.clone();
+            mock_backend.expect_read_dir().returning(move |path| {
+                assert_eq!(path, Path::new("some_dir"));
+                Ok(copy_of_expected.clone())
+            });
+
+            let backend = build_backend(mock_backend);
+            let files = backend.read_dir(&PathBuf::from("some_dir")).unwrap();
+            assert_eq!(files, expected_files);
+        }
+    }
+
+    mod try_exists {
+        use super::*;
+
+        #[rstest]
+        fn test_backend_try_exists(mut mock_backend: MockBackend) {
+            mock_backend.expect_try_exists().returning(move |path| {
+                assert_eq!(path, Path::new("existing_file.txt"));
+                Ok(true)
+            });
+
+            let backend = build_backend(mock_backend);
+            let exists = backend.try_exists("existing_file.txt").unwrap();
+            assert!(exists);
+        }
+    }
+
+    mod invalidate_locally_cached_files {
+        use super::*;
+
+        #[rstest]
+        fn test_backend_invalidate_locally_cached_files(mut mock_backend: MockBackend) {
+            let expected_invalidated = vec![
+                PathBuf::from("cached_file1.txt"),
+                PathBuf::from("cached_file2.txt"),
+            ];
+            let copy_of_expected = expected_invalidated.clone();
+            mock_backend
+                .expect_invalidate_locally_cached_files()
+                .returning(move || copy_of_expected.clone());
+
+            let backend = build_backend(mock_backend);
+            let invalidated = backend.invalidate_locally_cached_files();
+            assert_eq!(invalidated, expected_invalidated);
+        }
+    }
+
+    mock! {
+        pub Backend {}
+
+        impl StorageBackend for Backend {
+            fn path(&self) -> &PathBuf;
+            fn rename(&self, from: &Path, to: &Path) -> std::io::Result<()>;
+            fn remove(&self, path: &Path) -> std::io::Result<()>;
+            fn remove_dir_all(&self, path: &Path) -> std::io::Result<()>;
+            fn create_dir_all(&self, path: &Path) -> std::io::Result<()>;
+            fn read_dir(&self, path: &Path) -> std::io::Result<Vec<PathBuf>>;
+            fn try_exists(&self, path: &Path) -> std::io::Result<bool>;
+            fn upload(&self, path: &Path) -> std::io::Result<()>;
+            fn download(&self, path: &Path) -> std::io::Result<()>;
+            fn update_local_cache(&self, path: &Path, mode: &AccessMode) -> std::io::Result<()>;
+            fn invalidate_locally_cached_files(&self) -> Vec<PathBuf>;
+        }
+
+    }
+
+    #[fixture]
+    fn mock_backend(path: PathBuf) -> MockBackend {
+        let mut mock = MockBackend::new();
+        mock.expect_path().return_const(path.clone());
+        mock
+    }
+
+    #[fixture]
+    fn path() -> PathBuf {
+        tempdir().unwrap().keep()
+    }
+
+    fn build_backend(mock_backend: MockBackend) -> Backend {
+        Backend {
+            backend: Arc::new(Box::new(mock_backend)),
+        }
+    }
+}
diff --git a/reductstore/src/backend/file.rs b/reductstore/src/backend/file.rs
new file mode 100644
index 000000000..f470e19af
--- /dev/null
+++ b/reductstore/src/backend/file.rs
@@ -0,0 +1,383 @@
+// Copyright 2025 ReductSoftware UG
+// This Source Code Form is subject to the terms of the Mozilla Public
+//    License, v. 2.0. If a copy of the MPL was not distributed with this
+//    file, You can obtain one at https://mozilla.org/MPL/2.0/.
+use crate::backend::BoxedBackend;
+use log::debug;
+use std::fs::File as StdFile;
+use std::fs::OpenOptions as StdOpenOptions;
+use std::io::{Read, Seek, SeekFrom, Write};
+use std::path::PathBuf;
+use std::sync::Arc;
+use std::time::Instant;
+
+#[derive(PartialEq, Clone, Debug)]
+pub enum AccessMode {
+    Read,
+    ReadWrite,
+}
+
+pub struct File {
+    inner: StdFile,
+    backend: Arc<BoxedBackend>,
+    path: PathBuf,
+    last_synced: Instant,
+    is_synced: bool,
+    mode: AccessMode,
+}
+
+pub struct OpenOptions {
+    inner: StdOpenOptions,
+    backend: Arc<BoxedBackend>,
+    create: bool,
+    mode: AccessMode,
+}
+
+impl OpenOptions {
+    pub(crate) fn new(backend: Arc<BoxedBackend>) -> Self {
+        Self {
+            inner: StdOpenOptions::new(),
+            backend,
+            create: false,
+            mode: AccessMode::Read,
+        }
+    }
+
+    pub fn read(&mut self, read: bool) -> &mut Self {
+        self.inner.read(read);
+        self
+    }
+
+    pub fn write(&mut self, write: bool) -> &mut Self {
+        self.inner.write(write);
+        if write {
+            self.mode = AccessMode::ReadWrite;
+        }
+        self
+    }
+
+    pub fn create(&mut self, create: bool) -> &mut Self {
+        self.inner.create(create);
+        self.create = create;
+        if create {
+            self.mode = AccessMode::ReadWrite;
+        }
+        self
+    }
+
+    pub fn open<P: AsRef<std::path::Path>>(&self, path: P) -> std::io::Result<File> {
+        let full_path = self.backend.path().join(path.as_ref());
+        if !full_path.exists() {
+            // the call initiates downloading the file from remote storage if needed
+            if self.backend.try_exists(&full_path)? {
+                self.backend.download(&full_path)?;
+            } else if !self.create {
+                return Err(std::io::Error::new(
+                    std::io::ErrorKind::NotFound,
+                    format!("File {:?} does not exist", full_path),
+                ));
+            }
+        }
+
+        let file = self.inner.open(full_path.clone())?;
+        Ok(File {
+            inner: file,
+            backend: Arc::clone(&self.backend),
+            path: full_path,
+            last_synced: Instant::now(),
+            is_synced: true,
+            mode: self.mode.clone(),
+        })
+    }
+}
+
+impl File {
+    pub fn sync_all(&mut self) -> std::io::Result<()> {
+        if self.is_synced() {
+            return Ok(());
+        }
+
+        debug!("File {} synced to storage backend", self.path.display());
+
+        self.inner.sync_all()?;
+        self.backend.upload(&self.path)?;
+        self.last_synced = Instant::now();
+        self.is_synced = true;
+        Ok(())
+    }
+    pub fn metadata(&self) -> std::io::Result<std::fs::Metadata> {
+        self.inner.metadata()
+    }
+
+    pub fn set_len(&mut self, size: u64) -> std::io::Result<()> {
+        self.is_synced = false;
+        self.inner.set_len(size)
+    }
+
+    // Specifically for cache management
+    pub fn last_synced(&self) -> std::time::Instant {
+        self.last_synced
+    }
+
+    pub fn is_synced(&self) -> bool {
+        self.is_synced
+    }
+
+    pub fn path(&self) -> &PathBuf {
+        &self.path
+    }
+
+    pub fn mode(&self) -> &AccessMode {
+        &self.mode
+    }
+
+    pub fn access(&self) -> std::io::Result<()> {
+        self.backend.update_local_cache(&self.path, &self.mode)
+    }
+}
+
+impl Read for File {
+    fn read(&mut self, buf: &mut [u8]) -> std::io::Result<usize> {
+        self.inner.read(buf)
+    }
+}
+
+impl Write for File {
+    fn write(&mut self, buf: &[u8]) -> std::io::Result<usize> {
+        self.is_synced = false;
+        self.inner.write(buf)
+    }
+
+    fn flush(&mut self) -> std::io::Result<()> {
+        self.inner.flush()
+    }
+}
+
+impl Seek for File {
+    fn seek(&mut self, pos: SeekFrom) -> std::io::Result<u64> {
+        self.inner.seek(pos)
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+    use crate::backend::StorageBackend;
+    use mockall::mock;
+    use rstest::*;
+    use std::fs;
+    use std::path::{Path, PathBuf};
+    use tempfile::tempdir;
+
+    mod open_options {
+        use super::*;
+        use std::fs;
+
+        #[rstest]
+        fn test_open_options_read(mut mock_backend: MockBackend) {
+            let path = mock_backend.path().to_path_buf();
+            let copy_path = path.clone();
+
+            // check if file exists
+            mock_backend
+                .expect_try_exists()
+                .times(1)
+                .returning(|_| Ok(true));
+            // download because it does not exist in cache
+            mock_backend.expect_download().times(1).returning(move |p| {
+                assert_eq!(p, copy_path.join("non-existing.txt").as_path());
+                fs::create_dir_all(p.parent().unwrap()).unwrap();
+                fs::write(&copy_path.join("non-existing.txt"), "content").unwrap();
+                Ok(())
+            });
+
+            let file = OpenOptions::new(Arc::new(Box::new(mock_backend)))
+                .read(true)
+                .open("non-existing.txt")
+                .unwrap();
+
+            assert_eq!(file.mode(), &AccessMode::Read);
+            assert!(file.is_synced());
+            assert_eq!(file.path(), &path.join("non-existing.txt"));
+            assert_eq!(file.metadata().unwrap().len(), 7);
+        }
+
+        #[rstest]
+        fn test_open_options_read_existing(mut mock_backend: MockBackend) {
+            let path = mock_backend.path().to_path_buf();
+
+            // no download because it exists in cache
+            mock_backend.expect_download().times(0);
+
+            let file = OpenOptions::new(Arc::new(Box::new(mock_backend)))
+                .read(true)
+                .open("test.txt")
+                .unwrap();
+
+            assert_eq!(file.mode(), &AccessMode::Read);
+            assert!(file.is_synced());
+            assert_eq!(file.path(), &path.join("test.txt"));
+            assert_eq!(file.metadata().unwrap().len(), 7);
+        }
+
+        #[rstest]
+        fn test_open_options_create_ignore_file_not_exist(mut mock_backend: MockBackend) {
+            let path = mock_backend.path().to_path_buf();
+            let copy_path = path.clone();
+
+            mock_backend
+                .expect_try_exists()
+                .times(1)
+                .returning(move |p| {
+                    assert_eq!(p, copy_path.join("new_file.txt").as_path());
+                    Ok(false)
+                });
+            mock_backend.expect_download().times(0);
+
+            let file = OpenOptions::new(Arc::new(Box::new(mock_backend)))
+                .write(true)
+                .create(true)
+                .open("new_file.txt")
+                .unwrap();
+
+            assert_eq!(file.mode(), &AccessMode::ReadWrite);
+            assert!(file.is_synced());
+            assert_eq!(file.path(), &path.join("new_file.txt"));
+            assert_eq!(file.metadata().unwrap().len(), 0);
+        }
+    }
+
+    mod sync {
+        use super::*;
+        use std::io::Write;
+
+        #[rstest]
+        fn test_file_sync_all(mut mock_backend: MockBackend) {
+            let path = mock_backend.path().to_path_buf();
+
+            // expect upload when syncing
+            mock_backend.expect_upload().times(1).returning(move |p| {
+                assert_eq!(p, path.join("test.txt").as_path());
+                Ok(())
+            });
+
+            let mut file = OpenOptions::new(Arc::new(Box::new(mock_backend)))
+                .write(true)
+                .open("test.txt")
+                .unwrap();
+
+            assert!(file.is_synced());
+            file.write_all(b" more").unwrap();
+            assert!(!file.is_synced());
+            file.sync_all().unwrap();
+            assert!(file.is_synced());
+        }
+
+        #[rstest]
+        fn test_is_sync_after_write(mock_backend: MockBackend) {
+            let mut file = OpenOptions::new(Arc::new(Box::new(mock_backend)))
+                .write(true)
+                .open("test.txt")
+                .unwrap();
+
+            assert!(file.is_synced());
+            file.write_all(b" more").unwrap();
+            assert!(!file.is_synced());
+        }
+
+        #[rstest]
+        fn test_is_sync_after_set_len(mock_backend: MockBackend) {
+            let mut file = OpenOptions::new(Arc::new(Box::new(mock_backend)))
+                .write(true)
+                .open("test.txt")
+                .unwrap();
+
+            assert!(file.is_synced());
+            file.set_len(10).unwrap();
+            assert!(!file.is_synced());
+        }
+    }
+
+    mod access {
+        use super::*;
+
+        #[rstest]
+        fn test_file_access_read(mut mock_backend: MockBackend) {
+            let path = mock_backend.path().to_path_buf();
+
+            // expect update_local_cache when accessing
+            mock_backend
+                .expect_update_local_cache()
+                .times(1)
+                .returning(move |p, mode| {
+                    assert_eq!(p, path.join("test.txt").as_path());
+                    assert_eq!(mode, &AccessMode::Read);
+                    Ok(())
+                });
+
+            let file = OpenOptions::new(Arc::new(Box::new(mock_backend)))
+                .read(true)
+                .open("test.txt")
+                .unwrap();
+
+            file.access().unwrap();
+        }
+
+        #[rstest]
+        fn test_file_access_read_write(mut mock_backend: MockBackend) {
+            let path = mock_backend.path().to_path_buf();
+
+            // expect update_local_cache when accessing
+            mock_backend
+                .expect_update_local_cache()
+                .times(1)
+                .returning(move |p, mode| {
+                    assert_eq!(p, path.join("test.txt").as_path());
+                    assert_eq!(mode, &AccessMode::ReadWrite);
+                    Ok(())
+                });
+
+            let file = OpenOptions::new(Arc::new(Box::new(mock_backend)))
+                .write(true)
+                .open("test.txt")
+                .unwrap();
+
+            file.access().unwrap();
+        }
+    }
+
+    mock! {
+        pub Backend {}
+
+        impl StorageBackend for Backend {
+            fn path(&self) -> &PathBuf;
+            fn rename(&self, from: &Path, to: &Path) -> std::io::Result<()>;
+            fn remove(&self, path: &Path) -> std::io::Result<()>;
+            fn remove_dir_all(&self, path: &Path) -> std::io::Result<()>;
+            fn create_dir_all(&self, path: &Path) -> std::io::Result<()>;
+            fn read_dir(&self, path: &Path) -> std::io::Result<Vec<PathBuf>>;
+            fn try_exists(&self, path: &Path) -> std::io::Result<bool>;
+            fn upload(&self, path: &Path) -> std::io::Result<()>;
+            fn download(&self, path: &Path) -> std::io::Result<()>;
+            fn update_local_cache(&self, path: &Path, mode: &AccessMode) -> std::io::Result<()>;
+            fn invalidate_locally_cached_files(&self) -> Vec<PathBuf>;
+        }
+
+    }
+
+    #[fixture]
+    fn mock_backend(path: PathBuf) -> MockBackend {
+        // create the file in cache
+        fs::create_dir_all(path.as_path()).unwrap();
+        fs::write(&path.join("test.txt"), "content").unwrap();
+
+        let mut backend = MockBackend::new();
+        backend.expect_path().return_const(path.clone());
+        backend
+    }
+
+    #[fixture]
+    fn path() -> PathBuf {
+        tempdir().unwrap().keep()
+    }
+}
diff --git a/reductstore/src/backend/fs.rs b/reductstore/src/backend/fs.rs
new file mode 100644
index 000000000..c72eb12d5
--- /dev/null
+++ b/reductstore/src/backend/fs.rs
@@ -0,0 +1,205 @@
+// Copyright 2025 ReductSoftware UG
+// This Source Code Form is subject to the terms of the Mozilla Public
+//    License, v. 2.0. If a copy of the MPL was not distributed with this
+//    file, You can obtain one at https://mozilla.org/MPL/2.0/.
+
+use crate::backend::file::AccessMode;
+use crate::backend::StorageBackend;
+use std::path::{Path, PathBuf};
+
+pub(crate) struct FileSystemBackend {
+    path: PathBuf,
+}
+
+impl FileSystemBackend {
+    pub fn new(path: PathBuf) -> Self {
+        FileSystemBackend { path }
+    }
+}
+
+impl StorageBackend for FileSystemBackend {
+    fn path(&self) -> &PathBuf {
+        &self.path
+    }
+
+    fn rename(&self, from: &Path, to: &Path) -> std::io::Result<()> {
+        std::fs::rename(from, to)
+    }
+
+    fn remove(&self, path: &Path) -> std::io::Result<()> {
+        std::fs::remove_file(path)
+    }
+
+    fn remove_dir_all(&self, path: &Path) -> std::io::Result<()> {
+        std::fs::remove_dir_all(path)
+    }
+
+    fn create_dir_all(&self, path: &Path) -> std::io::Result<()> {
+        std::fs::create_dir_all(path)
+    }
+
+    fn read_dir(&self, path: &Path) -> std::io::Result<Vec<PathBuf>> {
+        std::fs::read_dir(path).map(|read_dir| {
+            read_dir
+                .filter_map(|entry| entry.ok().map(|e| e.path()))
+                .collect()
+        })
+    }
+
+    fn try_exists(&self, path: &Path) -> std::io::Result<bool> {
+        path.try_exists()
+    }
+
+    fn upload(&self, _path: &Path) -> std::io::Result<()> {
+        // do nothing because the file owner is responsible for syncing with fs
+        Ok(())
+    }
+
+    fn download(&self, _path: &Path) -> std::io::Result<()> {
+        // do nothing because filesystem backend does not need downloading
+        Ok(())
+    }
+
+    fn update_local_cache(&self, _path: &Path, _mode: &AccessMode) -> std::io::Result<()> {
+        // do nothing because filesystem backend does not need access tracking
+        Ok(())
+    }
+
+    fn invalidate_locally_cached_files(&self) -> Vec<PathBuf> {
+        // do nothing because filesystem backend does not have a cache
+        vec![]
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+    use rstest::*;
+    use std::fs::OpenOptions;
+    use std::io::Write;
+    use tempfile::tempdir;
+
+    mod rename_file {
+        use super::*;
+        use std::io::Read;
+
+        #[rstest]
+        fn test_rename_file(fs_backend: FileSystemBackend) {
+            let path = fs_backend.path().join("old_name.txt");
+            let mut file = OpenOptions::new()
+                .write(true)
+                .create(true)
+                .open(&path)
+                .unwrap();
+            writeln!(file, "This is a test file.").unwrap();
+
+            let new_path = path.with_file_name("new_name.txt");
+            fs_backend.rename(&path, &new_path).unwrap();
+            assert!(!fs_backend.try_exists(&path).unwrap());
+            assert!(fs_backend.try_exists(&new_path).unwrap());
+
+            let mut read_file = OpenOptions::new().read(true).open(&new_path).unwrap();
+            let mut content = String::new();
+            read_file.read_to_string(&mut content).unwrap();
+            assert_eq!(content, "This is a test file.\n");
+        }
+    }
+
+    mod remove_file {
+        use super::*;
+        use std::fs::OpenOptions;
+
+        #[rstest]
+        fn test_remove_file(fs_backend: FileSystemBackend) {
+            let path = fs_backend.path().join("temp_file.txt");
+            let mut file = OpenOptions::new()
+                .write(true)
+                .create(true)
+                .open(&path)
+                .unwrap();
+            writeln!(file, "Temporary file content.").unwrap();
+
+            assert!(fs_backend.try_exists(&path).unwrap());
+            fs_backend.remove(&path).unwrap();
+            assert!(!fs_backend.try_exists(&path).unwrap());
+        }
+    }
+
+    mod remove_dir_all {
+        use super::*;
+        use std::fs::OpenOptions;
+
+        #[rstest]
+        fn test_remove_dir_all(fs_backend: FileSystemBackend) {
+            let dir_path = fs_backend.path().join("temp_dir");
+            fs_backend.create_dir_all(&dir_path).unwrap();
+            let file_path = dir_path.join("file.txt");
+            let mut file = OpenOptions::new()
+                .write(true)
+                .create(true)
+                .open(&file_path)
+                .unwrap();
+            writeln!(file, "File in temporary directory.").unwrap();
+            file.sync_all().unwrap();
+
+            fs_backend.remove_dir_all(&dir_path).unwrap();
+            assert!(!fs_backend.try_exists(&dir_path).unwrap());
+        }
+    }
+
+    mod create_dir_all {
+        use super::*;
+
+        #[rstest]
+        fn test_create_dir_all(fs_backend: FileSystemBackend) {
+            let dir_path = fs_backend.path().join("new_dir/sub_dir");
+            fs_backend.create_dir_all(&dir_path).unwrap();
+            assert!(fs_backend.try_exists(&dir_path).unwrap());
+        }
+    }
+
+    mod read_dir {
+        use super::*;
+        use std::fs::OpenOptions;
+
+        #[rstest]
+        fn test_read_dir(fs_backend: FileSystemBackend) {
+            let dir_path = fs_backend.path().join("read_dir_test");
+            fs_backend.create_dir_all(&dir_path).unwrap();
+
+            let file1_path = dir_path.join("file1.txt");
+            let _ = OpenOptions::new()
+                .write(true)
+                .create(true)
+                .open(&file1_path)
+                .unwrap();
+
+            let file2_path = dir_path.join("file2.txt");
+            let _ = OpenOptions::new()
+                .write(true)
+                .create(true)
+                .open(&file2_path)
+                .unwrap();
+
+            fs_backend.create_dir_all(&dir_path.join("child/")).unwrap();
+
+            let entries = fs_backend.read_dir(&dir_path).unwrap();
+            let entry_names: Vec<String> = entries
+                .iter()
+                .map(|p| p.file_name().unwrap().to_string_lossy().to_string())
+                .collect();
+
+            assert_eq!(entry_names.len(), 3);
+            assert!(entry_names.contains(&"file1.txt".to_string()));
+            assert!(entry_names.contains(&"file2.txt".to_string()));
+            assert!(entry_names.contains(&"child".to_string()));
+        }
+    }
+
+    #[fixture]
+    fn fs_backend() -> FileSystemBackend {
+        let dir = tempdir().unwrap().keep();
+        let backend = FileSystemBackend::new(dir.to_path_buf());
+        backend
+    }
+}
diff --git a/reductstore/src/backend/noop.rs b/reductstore/src/backend/noop.rs
new file mode 100644
index 000000000..2d1c53d01
--- /dev/null
+++ b/reductstore/src/backend/noop.rs
@@ -0,0 +1,92 @@
+// Copyright 2025 ReductSoftware UG
+// This Source Code Form is subject to the terms of the Mozilla Public
+//    License, v. 2.0. If a copy of the MPL was not distributed with this
+//    file, You can obtain one at https://mozilla.org/MPL/2.0/.
+
+use crate::backend::file::AccessMode;
+use crate::backend::StorageBackend;
+use std::path::{Path, PathBuf};
+
+pub(super) struct NoopBackend;
+
+impl StorageBackend for NoopBackend {
+    fn path(&self) -> &PathBuf {
+        panic!("NoopBackend does not have a path");
+    }
+
+    fn rename(&self, _from: &Path, _to: &Path) -> std::io::Result<()> {
+        Ok(())
+    }
+
+    fn remove(&self, _path: &Path) -> std::io::Result<()> {
+        Ok(())
+    }
+
+    fn remove_dir_all(&self, _path: &Path) -> std::io::Result<()> {
+        Ok(())
+    }
+
+    fn create_dir_all(&self, _path: &Path) -> std::io::Result<()> {
+        Ok(())
+    }
+
+    fn read_dir(&self, _path: &Path) -> std::io::Result<Vec<PathBuf>> {
+        Ok(vec![])
+    }
+
+    fn try_exists(&self, _path: &Path) -> std::io::Result<bool> {
+        Ok(false)
+    }
+
+    fn upload(&self, _path: &Path) -> std::io::Result<()> {
+        Ok(())
+    }
+
+    fn download(&self, _path: &Path) -> std::io::Result<()> {
+        Ok(())
+    }
+
+    fn update_local_cache(&self, _path: &Path, _mode: &AccessMode) -> std::io::Result<()> {
+        Ok(())
+    }
+
+    fn invalidate_locally_cached_files(&self) -> Vec<PathBuf> {
+        vec![]
+    }
+}
+
+impl NoopBackend {
+    pub fn new() -> Self {
+        NoopBackend
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+    use rstest::*;
+
+    #[rstest]
+    fn test_noop_backend() {
+        let backend = NoopBackend::new();
+        assert!(!backend.try_exists(Path::new("some/path")).unwrap());
+        assert!(backend.read_dir(Path::new("some/path")).unwrap().is_empty());
+        assert!(backend.rename(Path::new("from"), Path::new("to")).is_ok());
+        assert!(backend.remove(Path::new("some/path")).is_ok());
+        assert!(backend.remove_dir_all(Path::new("some/path")).is_ok());
+        assert!(backend.create_dir_all(Path::new("some/path")).is_ok());
+        assert!(backend.upload(Path::new("some/path")).is_ok());
+        assert!(backend.download(Path::new("some/path")).is_ok());
+        assert!(backend
+            .update_local_cache(Path::new("some/path"), &AccessMode::Read)
+            .is_ok());
+        assert!(backend.invalidate_locally_cached_files().is_empty());
+    }
+
+    #[rstest]
+    #[should_panic(expected = "NoopBackend does not have a path")]
+    fn test_noop_backend_path() {
+        let backend = NoopBackend::new();
+        let _ = backend.path();
+    }
+}
diff --git a/reductstore/src/backend/remote.rs b/reductstore/src/backend/remote.rs
new file mode 100644
index 000000000..f946523d0
--- /dev/null
+++ b/reductstore/src/backend/remote.rs
@@ -0,0 +1,649 @@
+// Copyright 2025 ReductSoftware UG
+// This Source Code Form is subject to the terms of the Mozilla Public
+//    License, v. 2.0. If a copy of the MPL was not distributed with this
+//    file, You can obtain one at https://mozilla.org/MPL/2.0/.
+
+mod local_cache;
+
+#[cfg(feature = "s3-backend")]
+mod s3_connector;
+
+use crate::backend::file::AccessMode;
+use crate::backend::remote::local_cache::LocalCache;
+use crate::backend::{BackendType, StorageBackend};
+use log::debug;
+use std::io;
+use std::path::{Path, PathBuf};
+use std::sync::Mutex;
+use std::time::Instant;
+
+#[cfg(feature = "s3-backend")]
+use crate::backend::remote::s3_connector::S3Connector;
+
+#[allow(dead_code)]
+pub(super) trait RemoteStorageConnector {
+    fn download_object(&self, key: &str, dest: &PathBuf) -> Result<(), io::Error>;
+    fn upload_object(&self, key: &str, src: &PathBuf) -> Result<(), io::Error>;
+    fn create_dir_all(&self, key: &str) -> Result<(), io::Error>;
+    fn list_objects(&self, key: &str, recursive: bool) -> Result<Vec<String>, io::Error>;
+    fn remove_object(&self, key: &str) -> Result<(), io::Error>;
+    fn head_object(&self, key: &str) -> Result<bool, io::Error>;
+    fn rename_object(&self, from: &str, to: &str) -> Result<(), io::Error>;
+}
+
+#[allow(dead_code)]
+pub(crate) struct RemoteBackendSettings {
+    pub connector_type: BackendType,
+    pub cache_path: PathBuf,
+    pub cache_size: u64,
+    pub endpoint: Option<String>,
+    pub access_key: String,
+    pub secret_key: String,
+    pub region: Option<String>,
+    pub bucket: String,
+}
+
+struct LocalCacheEntry {
+    last_accessed: Instant,
+    size: u64,
+}
+
+pub(crate) struct RemoteBackend {
+    cache_path: PathBuf,
+    connector: Box<dyn RemoteStorageConnector + Send + Sync>,
+    local_cache: Mutex<LocalCache>,
+}
+
+impl RemoteBackend {
+    #[allow(dead_code, unused_variables)]
+    pub fn new(settings: RemoteBackendSettings) -> Self {
+        let cache_path = settings.cache_path.clone();
+        let local_cache = Mutex::new(LocalCache::new(cache_path.clone(), settings.cache_size));
+
+        let connector = match settings.connector_type {
+            #[cfg(feature = "s3-backend")]
+            BackendType::S3 => Box::new(S3Connector::new(settings)),
+            #[cfg(feature = "fs-backend")]
+            BackendType::Filesystem =>
+            // panic because we shouldn't be here if filesystem is selected
+                panic!("Filesystem remote storage backend is not supported, falling back to S3 connector"),
+        };
+
+        #[allow(unreachable_code)]
+        RemoteBackend {
+            cache_path,
+            connector,
+            local_cache,
+        }
+    }
+
+    #[cfg(test)]
+    fn new_test(
+        connector: Box<dyn RemoteStorageConnector + Send + Sync>,
+        cache_path: PathBuf,
+        cache_size: u64,
+    ) -> Self {
+        let local_cache = Mutex::new(LocalCache::new(cache_path.clone(), cache_size));
+
+        RemoteBackend {
+            cache_path,
+            connector,
+            local_cache,
+        }
+    }
+}
+
+impl StorageBackend for RemoteBackend {
+    fn path(&self) -> &PathBuf {
+        &self.cache_path
+    }
+
+    fn rename(&self, from: &Path, to: &Path) -> io::Result<()> {
+        let (from_key, to_key) = {
+            let cache = &mut self.local_cache.lock().unwrap();
+            cache.rename(from, to)?;
+            let from_key = cache.build_key(from);
+            let to_key = cache.build_key(to);
+            (from_key, to_key)
+        };
+
+        debug!(
+            "Renaming S3 object from key: {} to key: {}",
+            from_key, to_key
+        );
+        // at least minio doesn't remove folders recursively, so we need to list and remove all objects
+        for key in self.connector.list_objects(&from_key, true)? {
+            self.connector.rename_object(
+                &format!("{}/{}", from_key, key),
+                &format!("{}/{}", to_key, key),
+            )?;
+        }
+
+        if to.is_dir() {
+            self.connector
+                .rename_object(&format!("{}/", from_key), &format!("{}/", to_key))?;
+        } else {
+            self.connector.rename_object(&from_key, &to_key)?;
+        }
+
+        Ok(())
+    }
+
+    fn remove(&self, path: &Path) -> io::Result<()> {
+        let s3_key = {
+            let cache = &mut self.local_cache.lock().unwrap();
+            cache.remove(&path)?;
+            cache.build_key(path)
+        };
+
+        debug!("Removing S3 object for key: {}", s3_key);
+        self.connector.remove_object(&s3_key)
+    }
+
+    fn remove_dir_all(&self, path: &Path) -> io::Result<()> {
+        let s3_key = {
+            let cache = &mut self.local_cache.lock().unwrap();
+            cache.remove_all(&path)?;
+            cache.build_key(path)
+        };
+
+        debug!("Removing S3 directory for key: {}", s3_key);
+        // at least minio doesn't remove folders recursively, so we need to list and remove all objects
+        for key in self.connector.list_objects(&s3_key, true)? {
+            self.connector
+                .remove_object(&format!("{}/{}", s3_key, key))?;
+        }
+
+        self.connector.remove_object(&format!("{}/", s3_key))
+    }
+
+    fn create_dir_all(&self, path: &Path) -> io::Result<()> {
+        let s3_key = {
+            let cache = &self.local_cache.lock().unwrap();
+            cache.create_dir_all(&path)?;
+            cache.build_key(path)
+        };
+
+        if s3_key.is_empty() {
+            return Ok(());
+        }
+
+        self.connector.create_dir_all(&s3_key)
+    }
+
+    fn read_dir(&self, path: &Path) -> io::Result<Vec<PathBuf>> {
+        let cache = &self.local_cache.lock().unwrap();
+        let s3_key = cache.build_key(path);
+
+        let mut paths = vec![];
+        for key in self.connector.list_objects(&s3_key, false)? {
+            if key == s3_key {
+                continue;
+            }
+
+            let local_path = self.cache_path.join(path).join(&key);
+            if key.ends_with('/') {
+                debug!(
+                    "Creating local directory {:?} for S3 key: {}",
+                    local_path, key
+                );
+                cache.create_dir_all(&local_path)?;
+            }
+
+            paths.push(local_path);
+        }
+        Ok(paths)
+    }
+
+    fn try_exists(&self, path: &Path) -> io::Result<bool> {
+        // check cache first and then load from remote if not in cache
+        let s3_key = {
+            let cache = &self.local_cache.lock().unwrap();
+            if cache.try_exists(path)? {
+                return Ok(true);
+            }
+
+            cache.build_key(path)
+        };
+
+        debug!("Checking S3 key: {} to local path: {:?}", s3_key, path);
+        self.connector.head_object(&s3_key)
+    }
+
+    fn upload(&self, full_path: &Path) -> io::Result<()> {
+        // upload to remote
+        let s3_key = {
+            let cache = &mut self.local_cache.lock().unwrap();
+            cache.register_file(full_path)?;
+            cache.build_key(full_path)
+        };
+
+        let full_path = self.cache_path.join(full_path);
+        debug!(
+            "Syncing local file {} to S3 key: {}",
+            full_path.display(),
+            s3_key
+        );
+        self.connector
+            .upload_object(&s3_key, &full_path.to_path_buf())?;
+
+        Ok(())
+    }
+
+    fn download(&self, path: &Path) -> io::Result<()> {
+        let s3_key = {
+            let cache = &mut self.local_cache.lock().unwrap();
+            if cache.try_exists(path)? {
+                return Ok(());
+            }
+            cache.build_key(path)
+        };
+
+        let full_path = self.cache_path.join(path);
+        debug!(
+            "Downloading S3 key: {} to local path: {:?}",
+            s3_key, full_path
+        );
+        self.connector.download_object(&s3_key, &full_path)?;
+        self.local_cache.lock().unwrap().register_file(&full_path)?;
+        Ok(())
+    }
+
+    fn update_local_cache(&self, path: &Path, _mode: &AccessMode) -> std::io::Result<()> {
+        self.local_cache.lock().unwrap().access_file(path)
+    }
+
+    fn invalidate_locally_cached_files(&self) -> Vec<PathBuf> {
+        let mut cache = self.local_cache.lock().unwrap();
+        cache.invalidate_old_files()
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+    use mockall::mock;
+    use rstest::*;
+    use tempfile::tempdir;
+
+    #[rstest]
+    fn test_remote_backend_creation(mock_connector: MockRemoteStorageConnector, path: PathBuf) {
+        let remote_backend = make_remote_backend(mock_connector, path.clone());
+        assert_eq!(remote_backend.path(), &path);
+    }
+
+    mod rename {
+        use super::*;
+        use mockall::predicate::eq;
+        use std::fs;
+        use std::path::PathBuf;
+
+        #[rstest]
+        fn test_rename_file(mut mock_connector: MockRemoteStorageConnector, path: PathBuf) {
+            let from_key = "file1.txt";
+            let to_key = "file2.txt";
+
+            mock_connector
+                .expect_list_objects()
+                .with(eq(from_key), eq(true))
+                .times(1)
+                .returning(|_, _| Ok(vec![]));
+
+            mock_connector
+                .expect_rename_object()
+                .with(eq(from_key), eq(to_key))
+                .times(1)
+                .returning(|_, _| Ok(()));
+
+            let remote_backend = make_remote_backend(mock_connector, path.clone());
+
+            let from = path.join(from_key);
+            let to = path.join(to_key);
+            fs::create_dir_all(&path).unwrap();
+            fs::write(&from, b"test").unwrap();
+
+            remote_backend.rename(&from, &to).unwrap();
+        }
+
+        #[rstest]
+        fn test_rename_directory(mut mock_connector: MockRemoteStorageConnector, path: PathBuf) {
+            let from_key = "dir1/";
+            let to_key = "dir2/";
+
+            mock_connector
+                .expect_list_objects()
+                .with(eq("dir1"), eq(true))
+                .times(1)
+                .returning(|_, _| Ok(vec!["file_in_dir.txt".to_string()]));
+
+            mock_connector
+                .expect_rename_object()
+                .with(eq("dir1/file_in_dir.txt"), eq("dir2/file_in_dir.txt"))
+                .times(1)
+                .returning(|_, _| Ok(()));
+
+            mock_connector
+                .expect_rename_object()
+                .with(eq(from_key), eq(to_key))
+                .times(1)
+                .returning(|_, _| Ok(()));
+
+            let remote_backend = make_remote_backend(mock_connector, path.clone());
+
+            let from = path.join(from_key);
+            let to = path.join(to_key);
+            fs::create_dir_all(&from).unwrap();
+            fs::write(from.join("file_in_dir.txt"), b"test").unwrap();
+
+            remote_backend.rename(&from, &to).unwrap();
+        }
+    }
+
+    mod remove {
+        use super::*;
+        use mockall::predicate::eq;
+        use std::fs;
+        use std::path::PathBuf;
+
+        #[rstest]
+        fn test_remove_file(mut mock_connector: MockRemoteStorageConnector, path: PathBuf) {
+            let key = "file1.txt";
+
+            mock_connector
+                .expect_remove_object()
+                .with(eq(key))
+                .times(1)
+                .returning(|_| Ok(()));
+
+            let remote_backend = make_remote_backend(mock_connector, path.clone());
+
+            let file_path = path.join(key);
+            fs::create_dir_all(&path).unwrap();
+            fs::write(&file_path, b"test").unwrap();
+
+            remote_backend.remove(&file_path).unwrap();
+        }
+
+        #[rstest]
+        fn test_remove_directory(mut mock_connector: MockRemoteStorageConnector, path: PathBuf) {
+            let dir_key = "dir1/";
+            let file_key = "dir1/file_in_dir.txt";
+
+            mock_connector
+                .expect_list_objects()
+                .with(eq("dir1"), eq(true))
+                .times(1)
+                .returning(|_, _| Ok(vec!["file_in_dir.txt".to_string()]));
+
+            mock_connector
+                .expect_remove_object()
+                .with(eq(file_key))
+                .times(1)
+                .returning(|_| Ok(()));
+
+            mock_connector
+                .expect_remove_object()
+                .with(eq(dir_key))
+                .times(1)
+                .returning(|_| Ok(()));
+
+            let remote_backend = make_remote_backend(mock_connector, path.clone());
+
+            let dir_path = path.join("dir1");
+            fs::create_dir_all(&dir_path).unwrap();
+            fs::write(dir_path.join("file_in_dir.txt"), b"test").unwrap();
+
+            remote_backend.remove_dir_all(&dir_path).unwrap();
+        }
+    }
+
+    mod create {
+        use super::*;
+        use mockall::predicate::eq;
+        use std::path::PathBuf;
+
+        #[rstest]
+        fn test_create_dir_all(mut mock_connector: MockRemoteStorageConnector, path: PathBuf) {
+            mock_connector
+                .expect_create_dir_all()
+                .with(eq("dir1"))
+                .times(1)
+                .returning(|_| Ok(()));
+
+            let remote_backend = make_remote_backend(mock_connector, path.clone());
+
+            let dir_path = path.join("dir1");
+            remote_backend.create_dir_all(&dir_path).unwrap();
+            assert!(dir_path.exists());
+            assert!(dir_path.is_dir());
+        }
+    }
+
+    mod read_dir {
+        use super::*;
+        use mockall::predicate::eq;
+        use std::fs;
+        use std::path::PathBuf;
+
+        #[rstest]
+        fn test_read_dir(mut mock_connector: MockRemoteStorageConnector, path: PathBuf) {
+            mock_connector
+                .expect_list_objects()
+                .with(eq("dir1"), eq(false))
+                .times(1)
+                .returning(|_, _| Ok(vec!["file1.txt".to_string(), "subdir/".to_string()]));
+
+            let remote_backend = make_remote_backend(mock_connector, path.clone());
+
+            let dir_path = path.join("dir1");
+            fs::create_dir_all(&dir_path).unwrap();
+
+            let entries = remote_backend.read_dir(&dir_path).unwrap();
+            assert_eq!(entries.len(), 2);
+            assert!(entries.contains(&dir_path.join("file1.txt")));
+            assert!(entries.contains(&dir_path.join("subdir")));
+            assert!(dir_path.join("subdir").is_dir());
+        }
+    }
+
+    mod try_exists {
+        use super::*;
+        use mockall::predicate::eq;
+        use std::fs;
+        use std::path::PathBuf;
+
+        #[rstest]
+        fn test_try_exists_file_in_cache(
+            mock_connector: MockRemoteStorageConnector,
+            path: PathBuf,
+        ) {
+            let file_key = "file1.txt";
+            let remote_backend = make_remote_backend(mock_connector, path.clone());
+
+            let file_path = path.join(file_key);
+            fs::create_dir_all(&path).unwrap();
+            fs::write(&file_path, b"test").unwrap();
+
+            assert!(remote_backend.try_exists(&file_path).unwrap());
+        }
+
+        #[rstest]
+        fn test_try_exists_file_in_remote(
+            mut mock_connector: MockRemoteStorageConnector,
+            path: PathBuf,
+        ) {
+            let file_key = "file1.txt";
+
+            mock_connector
+                .expect_head_object()
+                .with(eq(file_key))
+                .times(1)
+                .returning(|_| Ok(true));
+
+            let remote_backend = make_remote_backend(mock_connector, path.clone());
+
+            let file_path = path.join(file_key);
+            assert!(remote_backend.try_exists(&file_path).unwrap());
+        }
+
+        #[rstest]
+        fn test_try_exists_file_not_exist(
+            mut mock_connector: MockRemoteStorageConnector,
+            path: PathBuf,
+        ) {
+            let file_key = "file1.txt";
+
+            mock_connector
+                .expect_head_object()
+                .with(eq(file_key))
+                .times(1)
+                .returning(|_| Ok(false));
+
+            let remote_backend = make_remote_backend(mock_connector, path.clone());
+
+            let file_path = path.join(file_key);
+            assert!(!remote_backend.try_exists(&file_path).unwrap());
+        }
+    }
+
+    mod upload {
+        use super::*;
+        use mockall::predicate::eq;
+        use std::fs;
+        use std::path::PathBuf;
+
+        #[rstest]
+        fn test_upload_file(mut mock_connector: MockRemoteStorageConnector, path: PathBuf) {
+            let file_key = "file1.txt";
+
+            mock_connector
+                .expect_upload_object()
+                .with(eq(file_key), eq(path.join(file_key).to_path_buf()))
+                .times(1)
+                .returning(|_, _| Ok(()));
+
+            let remote_backend = make_remote_backend(mock_connector, path.clone());
+
+            let file_path = path.join(file_key);
+            fs::create_dir_all(&path).unwrap();
+            fs::write(&file_path, b"test").unwrap();
+
+            remote_backend.upload(&file_path).unwrap();
+        }
+    }
+
+    mod download {
+        use super::*;
+        use mockall::predicate::eq;
+        use std::fs;
+        use std::path::PathBuf;
+
+        #[rstest]
+        fn test_download_file(mut mock_connector: MockRemoteStorageConnector, path: PathBuf) {
+            let file_key = "file1.txt";
+            let file_path = path.join(file_key);
+
+            mock_connector
+                .expect_download_object()
+                .with(eq(file_key), eq(path.join(file_key).to_path_buf()))
+                .times(1)
+                .returning(|_, path| {
+                    fs::create_dir_all(path.parent().unwrap()).unwrap();
+                    fs::write(path.clone(), b"test").unwrap(); // we need to create the file to register it in cache
+                    Ok(())
+                });
+
+            let remote_backend = make_remote_backend(mock_connector, path.clone());
+
+            remote_backend.download(&file_path).unwrap();
+        }
+    }
+
+    mod update_local_cache {
+        use super::*;
+        use std::fs;
+        use std::path::PathBuf;
+
+        #[rstest]
+        fn test_update_local_cache(path: PathBuf) {
+            let remote_backend =
+                make_remote_backend(MockRemoteStorageConnector::new(), path.clone());
+
+            let file_key = "file1.txt";
+            let file_path = path.join(file_key);
+            fs::create_dir_all(&path).unwrap();
+            fs::write(&file_path, b"test").unwrap();
+
+            assert!(remote_backend
+                .update_local_cache(&file_path, &AccessMode::Read)
+                .is_ok());
+        }
+    }
+
+    mod invalidate_locally_cached_files {
+        use super::*;
+        use std::fs;
+        use std::path::PathBuf;
+
+        #[rstest]
+        fn test_invalidate_locally_cached_files(path: PathBuf) {
+            let remote_backend = make_remote_backend_with_size(
+                MockRemoteStorageConnector::new(),
+                path.clone(),
+                1, // 1 byte cache size to force invalidation
+            );
+
+            let file_key = "file1.txt";
+            let file_path = path.join(file_key);
+            fs::create_dir_all(&path).unwrap();
+            fs::write(&file_path, b"test").unwrap();
+
+            remote_backend
+                .update_local_cache(&file_path, &AccessMode::Read)
+                .unwrap();
+            let invalidated_files = remote_backend.invalidate_locally_cached_files();
+            assert_eq!(invalidated_files, vec![file_path])
+        }
+    }
+
+    mock! {
+        pub RemoteStorageConnector {}
+
+        impl RemoteStorageConnector for RemoteStorageConnector {
+            fn download_object(&self, key: &str, dest: &PathBuf) -> Result<(), io::Error>;
+            fn upload_object(&self, key: &str, src: &PathBuf) -> Result<(), io::Error>;
+            fn create_dir_all(&self, key: &str) -> Result<(), io::Error>;
+            fn list_objects(&self, key: &str, recursive: bool) -> Result<Vec<String>, io::Error>;
+            fn remove_object(&self, key: &str) -> Result<(), io::Error>;
+            fn head_object(&self, key: &str) -> Result<bool, io::Error>;
+            fn rename_object(&self, from: &str, to: &str) -> Result<(), io::Error>;
+        }
+    }
+
+    #[fixture]
+    fn mock_connector() -> MockRemoteStorageConnector {
+        let mock = MockRemoteStorageConnector::new();
+        mock
+    }
+
+    #[fixture]
+    fn path() -> PathBuf {
+        tempdir().unwrap().keep()
+    }
+
+    fn make_remote_backend(
+        mock_connector: MockRemoteStorageConnector,
+        path: PathBuf,
+    ) -> RemoteBackend {
+        let cache_size = 10 * 1024 * 1024; // 10 MB
+        make_remote_backend_with_size(mock_connector, path, cache_size)
+    }
+
+    fn make_remote_backend_with_size(
+        mock_connector: MockRemoteStorageConnector,
+        path: PathBuf,
+        cache_size: u64,
+    ) -> RemoteBackend {
+        RemoteBackend::new_test(Box::new(mock_connector), path, cache_size)
+    }
+}
diff --git a/reductstore/src/backend/remote/local_cache.rs b/reductstore/src/backend/remote/local_cache.rs
new file mode 100644
index 000000000..3cf6c0673
--- /dev/null
+++ b/reductstore/src/backend/remote/local_cache.rs
@@ -0,0 +1,437 @@
+// Copyright 2025 ReductSoftware UG
+// This Source Code Form is subject to the terms of the Mozilla Public
+//    License, v. 2.0. If a copy of the MPL was not distributed with this
+//    file, You can obtain one at https://mozilla.org/MPL/2.0/.
+
+use log::{info, warn};
+use std::collections::HashMap;
+use std::path::{Path, PathBuf};
+use std::time::Instant;
+use std::{fs, io};
+
+pub(super) struct LocalCache {
+    path: PathBuf,
+    max_size: u64,
+    current_size: u64,
+    entries: HashMap<PathBuf, crate::backend::remote::LocalCacheEntry>,
+}
+
+#[allow(dead_code)]
+impl LocalCache {
+    pub fn new(path: PathBuf, max_size: u64) -> Self {
+        info!("Cleaning up local cache at {:?}", path);
+        if let Err(err) = fs::remove_dir_all(&path) {
+            if err.kind() != io::ErrorKind::NotFound {
+                warn!("Failed to clean up local cache at {:?}: {}", path, err);
+            }
+        }
+
+        LocalCache {
+            path,
+            max_size,
+            current_size: 0,
+            entries: HashMap::new(),
+        }
+    }
+
+    pub fn build_key(&self, path: &Path) -> String {
+        path.strip_prefix(&self.path)
+            .unwrap()
+            .to_str()
+            .unwrap_or("")
+            .to_string()
+            .replace('\\', "/") // normalize Windows paths
+    }
+
+    pub fn remove(&mut self, path: &Path) -> io::Result<()> {
+        if let Err(err) = fs::remove_file(path) {
+            if err.kind() != io::ErrorKind::NotFound {
+                return Err(err);
+            }
+        }
+
+        if let Some(entry) = self.entries.remove(path) {
+            self.current_size -= entry.size;
+        }
+        Ok(())
+    }
+
+    pub fn remove_all(&mut self, dir: &Path) -> io::Result<()> {
+        fs::remove_dir_all(dir)?;
+
+        let paths_to_remove: Vec<PathBuf> = self
+            .entries
+            .keys()
+            .filter(|p| p.starts_with(dir))
+            .cloned()
+            .collect();
+
+        for path in paths_to_remove {
+            if let Err(err) = self.remove(&path) {
+                warn!("Failed to remove cached file {:?}: {}", path, err);
+            }
+        }
+
+        Ok(())
+    }
+
+    pub fn rename(&mut self, from: &Path, to: &Path) -> io::Result<()> {
+        fs::rename(from, to)?;
+
+        if let Some(entry) = self.entries.remove(from) {
+            self.entries.insert(to.to_path_buf(), entry);
+        }
+        Ok(())
+    }
+
+    pub fn create_dir_all(&self, path: &Path) -> io::Result<()> {
+        fs::create_dir_all(path)
+    }
+
+    pub fn try_exists(&self, path: &Path) -> io::Result<bool> {
+        let full_path = self.path.join(path);
+        full_path.try_exists()
+    }
+
+    pub fn register_file(&mut self, path: &Path) -> io::Result<()> {
+        let metadata = fs::metadata(&path)?;
+        let file_size = metadata.len();
+
+        self.current_size += file_size;
+        if let Some(previous) = self.entries.insert(
+            path.to_path_buf(),
+            crate::backend::remote::LocalCacheEntry {
+                last_accessed: Instant::now(),
+                size: file_size,
+            },
+        ) {
+            self.current_size -= previous.size;
+        }
+
+        Ok(())
+    }
+
+    pub fn access_file(&mut self, path: &Path) -> io::Result<()> {
+        if let Some(entry) = self.entries.get_mut(path) {
+            entry.last_accessed = Instant::now();
+        } else {
+            self.register_file(path)?;
+        }
+        Ok(())
+    }
+
+    pub fn invalidate_old_files(&mut self) -> Vec<PathBuf> {
+        let mut removed_files = vec![];
+
+        if self.current_size <= self.max_size {
+            return removed_files;
+        }
+
+        let mut entries: Vec<(&PathBuf, &crate::backend::remote::LocalCacheEntry)> =
+            self.entries.iter().collect();
+        entries.sort_by_key(|&(_, entry)| entry.last_accessed);
+
+        for (path, entry) in entries {
+            if self.current_size <= self.max_size {
+                break;
+            }
+
+            self.current_size -= entry.size;
+            removed_files.push(path.clone());
+        }
+
+        for path in &removed_files {
+            self.entries.remove(path);
+        }
+
+        removed_files
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+    use rstest::*;
+
+    mod new {
+        use super::*;
+        use std::fs;
+
+        #[rstest]
+        fn test_remove_folder_before_create(path: PathBuf) {
+            fs::create_dir_all(&path).unwrap();
+            fs::write(path.join("test_file"), b"test").unwrap();
+
+            let _local_cache = LocalCache::new(path.clone(), 1024 * 1024);
+
+            assert!(!path.exists());
+        }
+
+        #[rstest]
+        fn test_if_path_does_not_exist(path: PathBuf) {
+            let cache_path = path.join("non_existent_cache");
+            let _local_cache = LocalCache::new(cache_path.clone(), 1024 * 1024);
+
+            assert!(!cache_path.exists());
+        }
+    }
+
+    mod build_key {
+        use super::*;
+
+        #[rstest]
+        fn test_build_key(local_cache: LocalCache) {
+            let file_path = local_cache.path.join("dir").join("file.txt");
+            let key = local_cache.build_key(&file_path);
+
+            assert_eq!(key, "dir/file.txt");
+        }
+    }
+
+    mod remove {
+        use super::*;
+
+        #[rstest]
+        fn test_remove_registered_file(mut local_cache: LocalCache) {
+            let file_path = local_cache.path.join("file_to_remove.txt");
+            fs::create_dir_all(local_cache.path.clone()).unwrap();
+            fs::write(&file_path, b"test").unwrap();
+            local_cache.register_file(&file_path).unwrap();
+
+            assert!(file_path.exists());
+            assert!(local_cache.entries.contains_key(&file_path));
+            assert_eq!(local_cache.current_size, 4);
+
+            local_cache.remove(&file_path).unwrap();
+
+            assert!(!file_path.exists());
+            assert!(!local_cache.entries.contains_key(&file_path));
+            assert_eq!(local_cache.current_size, 0);
+        }
+
+        #[rstest]
+        fn test_remove_non_registered_file(mut local_cache: LocalCache) {
+            let file_path = local_cache.path.join("file_to_remove.txt");
+            fs::create_dir_all(local_cache.path.clone()).unwrap();
+            fs::write(&file_path, b"test").unwrap();
+
+            assert!(file_path.exists());
+            assert!(!local_cache.entries.contains_key(&file_path));
+            assert_eq!(local_cache.current_size, 0);
+
+            local_cache.remove(&file_path).unwrap();
+
+            assert!(!file_path.exists());
+            assert!(!local_cache.entries.contains_key(&file_path));
+            assert_eq!(local_cache.current_size, 0);
+        }
+    }
+
+    mod remove_all {
+        use super::*;
+
+        #[rstest]
+        fn test_remove_all_registered_files(mut local_cache: LocalCache) {
+            let dir_to_remove = local_cache.path.join("dir_to_remove");
+            let file_path1 = dir_to_remove.join("file1.txt");
+            let file_path2 = dir_to_remove.join("file2.txt");
+            fs::create_dir_all(&dir_to_remove).unwrap();
+            fs::write(&file_path1, b"test1").unwrap();
+            fs::write(&file_path2, b"test2").unwrap();
+            local_cache.register_file(&file_path1).unwrap();
+            local_cache.register_file(&file_path2).unwrap();
+
+            let dir_to_keep = local_cache.path.join("dir_to_keep");
+            let file_path3 = dir_to_keep.join("file1.txt");
+            fs::create_dir_all(&dir_to_keep).unwrap();
+            fs::write(&file_path3, b"test1").unwrap();
+            local_cache.register_file(&file_path3).unwrap();
+
+            assert!(dir_to_remove.exists());
+            assert!(dir_to_keep.exists());
+            assert!(local_cache.entries.contains_key(&file_path1));
+            assert!(local_cache.entries.contains_key(&file_path2));
+            assert!(local_cache.entries.contains_key(&file_path3));
+            assert_eq!(local_cache.current_size, 15);
+
+            local_cache.remove_all(&dir_to_remove).unwrap();
+
+            assert!(!dir_to_remove.exists());
+            assert!(dir_to_keep.exists());
+            assert!(!local_cache.entries.contains_key(&file_path1));
+            assert!(!local_cache.entries.contains_key(&file_path2));
+            assert!(local_cache.entries.contains_key(&file_path3));
+            assert_eq!(local_cache.current_size, 5);
+        }
+
+        #[rstest]
+        fn test_remove_all_non_registered_files(mut local_cache: LocalCache) {
+            let dir_to_remove = local_cache.path.join("dir_to_remove");
+            let file_path1 = dir_to_remove.join("file1.txt");
+            let file_path2 = dir_to_remove.join("file2.txt");
+            fs::create_dir_all(&dir_to_remove).unwrap();
+            fs::write(&file_path1, b"test1").unwrap();
+            fs::write(&file_path2, b"test2").unwrap();
+
+            assert!(dir_to_remove.exists());
+            assert!(local_cache.entries.is_empty());
+            assert_eq!(local_cache.current_size, 0);
+
+            local_cache.remove_all(&dir_to_remove).unwrap();
+
+            assert!(!dir_to_remove.exists());
+            assert!(local_cache.entries.is_empty());
+            assert_eq!(local_cache.current_size, 0);
+        }
+    }
+
+    mod create_dir_all {
+        use super::*;
+
+        #[rstest]
+        fn test_create_new_directory(local_cache: LocalCache) {
+            let new_dir = local_cache.path.join("new_dir");
+
+            assert!(!new_dir.exists());
+
+            local_cache.create_dir_all(&new_dir).unwrap();
+
+            assert!(new_dir.exists());
+            assert!(new_dir.is_dir());
+        }
+
+        #[rstest]
+        fn test_create_existing_directory(local_cache: LocalCache) {
+            let existing_dir = local_cache.path.join("existing_dir");
+            fs::create_dir_all(&existing_dir).unwrap();
+
+            assert!(existing_dir.exists());
+            assert!(existing_dir.is_dir());
+
+            local_cache.create_dir_all(&existing_dir).unwrap();
+
+            assert!(existing_dir.exists());
+            assert!(existing_dir.is_dir());
+        }
+    }
+
+    mod try_exists {
+        use super::*;
+
+        #[rstest]
+        fn test_try_exists_existing_file(local_cache: LocalCache) {
+            let file_path = local_cache.path.join("existing_file.txt");
+            fs::create_dir_all(local_cache.path.clone()).unwrap();
+            fs::write(&file_path, b"test").unwrap();
+
+            assert!(local_cache.try_exists(&file_path).unwrap());
+        }
+
+        #[rstest]
+        fn test_try_exists_non_existing_file(local_cache: LocalCache) {
+            let file_path = local_cache.path.join("non_existing_file.txt");
+
+            assert!(!local_cache.try_exists(&file_path).unwrap());
+        }
+    }
+
+    mod register_file {
+        use super::*;
+
+        #[rstest]
+        fn test_register_new_file(local_cache_with_file: (LocalCache, PathBuf)) {
+            let (local_cache, file_path) = local_cache_with_file;
+            assert!(local_cache.entries.contains_key(&file_path));
+            assert_eq!(local_cache.current_size, 4);
+        }
+
+        #[rstest]
+        fn test_register_existing_file(local_cache_with_file: (LocalCache, PathBuf)) {
+            let (mut local_cache, file_path) = local_cache_with_file;
+            fs::write(&file_path, b"test-more-data").unwrap();
+
+            local_cache.register_file(&file_path).unwrap();
+            assert!(local_cache.entries.contains_key(&file_path));
+            assert_eq!(local_cache.current_size, 14, "should recalculate size");
+        }
+    }
+
+    mod access_file {
+        use super::*;
+        use std::thread;
+        use std::time::Duration;
+
+        #[rstest]
+        fn test_access_registered_file(local_cache_with_file: (LocalCache, PathBuf)) {
+            let (mut local_cache, file_path) = local_cache_with_file;
+            let previous_access_time = local_cache.entries.get(&file_path).unwrap().last_accessed;
+
+            thread::sleep(Duration::from_millis(10));
+            local_cache.access_file(&file_path).unwrap();
+            let new_access_time = local_cache.entries.get(&file_path).unwrap().last_accessed;
+
+            assert!(new_access_time > previous_access_time);
+            assert_eq!(local_cache.current_size, 4);
+        }
+    }
+
+    mod invalidate_old_files {
+        use super::*;
+        use std::thread;
+        use std::time::Duration;
+
+        #[rstest]
+        fn test_invalidate_when_under_limit(mut local_cache: LocalCache) {
+            let removed_files = local_cache.invalidate_old_files();
+            assert!(removed_files.is_empty());
+            assert_eq!(local_cache.current_size, 0);
+        }
+
+        #[rstest]
+        fn test_invalidate_when_over_limit(mut local_cache: LocalCache) {
+            let file_path1 = local_cache.path.join("file1.txt");
+            let file_path2 = local_cache.path.join("file2.txt");
+            fs::create_dir_all(local_cache.path.clone()).unwrap();
+            fs::write(&file_path1, b"data1").unwrap();
+            fs::write(&file_path2, b"data2").unwrap();
+            local_cache.register_file(&file_path1).unwrap();
+            local_cache.register_file(&file_path2).unwrap();
+
+            local_cache.access_file(&file_path2).unwrap();
+            thread::sleep(Duration::from_millis(10)); // ensure different access times
+            local_cache.access_file(&file_path1).unwrap();
+
+            assert_eq!(local_cache.current_size, 10);
+
+            // Set max size to 6 to force invalidation
+            local_cache.max_size = 6;
+            let removed_files = local_cache.invalidate_old_files();
+
+            assert_eq!(removed_files.len(), 1);
+            assert!(removed_files.contains(&file_path2), "file2 remains");
+            assert!(!removed_files.contains(&file_path1));
+            assert_eq!(local_cache.current_size, 5);
+        }
+    }
+
+    #[fixture]
+    fn path() -> PathBuf {
+        let temp_dir = tempfile::tempdir().unwrap();
+        temp_dir.keep().join("cache")
+    }
+
+    #[fixture]
+    fn local_cache(path: PathBuf) -> LocalCache {
+        LocalCache::new(path.clone(), 1024 * 1024)
+    }
+
+    #[fixture]
+    fn local_cache_with_file(path: PathBuf) -> (LocalCache, PathBuf) {
+        let mut local_cache = LocalCache::new(path.clone(), 1024 * 1024);
+        let file_path = path.join("file.txt");
+        fs::create_dir_all(path.clone()).unwrap();
+        fs::write(&file_path, b"test").unwrap();
+        local_cache.register_file(&file_path).unwrap();
+        (local_cache, file_path)
+    }
+}
diff --git a/reductstore/src/backend/remote/s3_connector.rs b/reductstore/src/backend/remote/s3_connector.rs
new file mode 100644
index 000000000..c2402171a
--- /dev/null
+++ b/reductstore/src/backend/remote/s3_connector.rs
@@ -0,0 +1,642 @@
+// Copyright 2025 ReductSoftware UG
+// This Source Code Form is subject to the terms of the Mozilla Public
+//    License, v. 2.0. If a copy of the MPL was not distributed with this
+//    file, You can obtain one at https://mozilla.org/MPL/2.0/.
+
+use crate::backend::remote::RemoteBackendSettings;
+use crate::backend::remote::RemoteStorageConnector;
+use aws_config::{BehaviorVersion, Region};
+use aws_credential_types::Credentials;
+use aws_sdk_s3::error::{DisplayErrorContext, ProvideErrorMetadata, SdkError};
+use aws_sdk_s3::primitives::ByteStream;
+use aws_sdk_s3::Client;
+use log::{debug, error, info};
+use std::collections::HashSet;
+use std::io;
+use std::path::PathBuf;
+use std::sync::Arc;
+use tokio::io::AsyncWriteExt;
+use tokio::runtime::Runtime;
+use tokio::task::block_in_place;
+pub(super) struct S3Connector {
+    bucket: String,
+    client: Arc<Client>,
+    rt: Arc<Runtime>,
+    prefix: &'static str,
+}
+
+impl S3Connector {
+    pub fn new(settings: RemoteBackendSettings) -> Self {
+        let rt = Arc::new(
+            tokio::runtime::Builder::new_multi_thread()
+                .worker_threads(2)
+                .thread_name("remote-client-worker")
+                .enable_all()
+                .build()
+                .unwrap(),
+        );
+
+        let base_config = aws_config::defaults(BehaviorVersion::latest()).region(
+            settings
+                .region
+                .as_ref()
+                .map(|r| Region::new(r.clone()))
+                .unwrap_or_else(|| Region::new("notset".to_string())),
+        );
+
+        info!("Initializing S3 client for bucket: {}", settings.bucket);
+        let base = block_in_place(|| rt.block_on(base_config.load()));
+
+        let creds = Credentials::from_keys(
+            settings.access_key.clone(),
+            settings.secret_key.clone(),
+            None,
+        );
+        let conf = aws_sdk_s3::config::Builder::from(&base)
+            .set_endpoint_url(settings.endpoint)
+            .clone()
+            .credentials_provider(creds)
+            .force_path_style(true)
+            .request_checksum_calculation(
+                aws_sdk_s3::config::RequestChecksumCalculation::WhenRequired,
+            )
+            .build();
+
+        let client = Client::from_conf(conf.clone());
+
+        S3Connector {
+            client: Arc::new(client),
+            bucket: settings.bucket,
+            rt,
+            prefix: "r/",
+        }
+    }
+}
+
+impl RemoteStorageConnector for S3Connector {
+    fn download_object(&self, key: &str, dest: &PathBuf) -> Result<(), io::Error> {
+        let client = Arc::clone(&self.client);
+        let rt = Arc::clone(&self.rt);
+        let key = format!("{}{}", self.prefix, key);
+
+        block_in_place(move || {
+            rt.block_on(async {
+                let mut resp = client
+                    .get_object()
+                    .bucket(&self.bucket)
+                    .key(&key)
+                    .send()
+                    .await
+                    .map_err(|e| {
+                        error!("S3 get_object error: {}", DisplayErrorContext(&e));
+                        io::Error::new(
+                            io::ErrorKind::Other,
+                            format!(
+                                "S3 get_object error bucket={}, key={}: {}",
+                                &self.bucket,
+                                &key,
+                                e.message().unwrap_or("connection error")
+                            ),
+                        )
+                    })?;
+                let mut file = tokio::fs::File::create(dest).await?;
+
+                while let Some(chunk) = resp.body.next().await {
+                    let data = chunk?;
+                    file.write_all(&data).await?;
+                }
+                file.flush().await?;
+                file.sync_all().await?;
+                Ok(())
+            })
+        })
+    }
+    fn upload_object(&self, key: &str, src: &PathBuf) -> Result<(), io::Error> {
+        let client = Arc::clone(&self.client);
+        let rt = Arc::clone(&self.rt);
+        let key = format!("{}{}", self.prefix, key);
+
+        block_in_place(move || {
+            rt.block_on(async {
+                let stream = ByteStream::from_path(src).await?;
+
+                client
+                    .put_object()
+                    .bucket(&self.bucket)
+                    .key(&key)
+                    .body(stream)
+                    .send()
+                    .await
+                    .map_err(|e| {
+                        error!("S3 put_object error: {}", DisplayErrorContext(&e));
+                        io::Error::new(
+                            io::ErrorKind::Other,
+                            format!(
+                                "S3 put_object error bucket={}, key={}: {}",
+                                &self.bucket,
+                                &key,
+                                e.message().unwrap_or("connection error")
+                            ),
+                        )
+                    })?;
+                Ok(())
+            })
+        })
+    }
+    fn create_dir_all(&self, key: &str) -> Result<(), io::Error> {
+        let client = Arc::clone(&self.client);
+        let rt = Arc::clone(&self.rt);
+
+        let dir_key = if key.ends_with('/') {
+            format!("{}{}", self.prefix, key)
+        } else {
+            format!("{}{}/", self.prefix, key)
+        };
+
+        block_in_place(|| {
+            rt.block_on(async {
+                client
+                    .put_object()
+                    .bucket(&self.bucket)
+                    .key(&dir_key)
+                    .body(Vec::new().into())
+                    .send()
+                    .await
+                    .map_err(|e| {
+                        error!("S3 put_object: {}", DisplayErrorContext(&e));
+                        io::Error::new(
+                            io::ErrorKind::Other,
+                            format!(
+                                "S3 put_object error bucket={}, key={}: {}",
+                                &self.bucket,
+                                dir_key,
+                                e.message().unwrap_or("connection error")
+                            ),
+                        )
+                    })?;
+                Ok(())
+            })
+        })
+    }
+    fn list_objects(&self, key: &str, recursive: bool) -> Result<Vec<String>, io::Error> {
+        let client = Arc::clone(&self.client);
+        let rt = Arc::clone(&self.rt);
+        let prefix = if key.ends_with("/") || key.is_empty() {
+            format!("{}{}", self.prefix, key)
+        } else {
+            format!("{}{}/", self.prefix, key)
+        };
+
+        block_in_place(|| {
+            rt.block_on(async {
+                let mut keys = HashSet::new();
+                let mut continuation_token = None;
+
+                loop {
+                    let resp = client
+                        .list_objects_v2()
+                        .bucket(&self.bucket)
+                        .set_continuation_token(continuation_token.clone())
+                        .prefix(&prefix)
+                        .send()
+                        .await
+                        .map_err(|e| {
+                            error!("S3 list_objects_v2 error: {}", DisplayErrorContext(&e));
+                            io::Error::new(
+                                io::ErrorKind::Other,
+                                format!(
+                                    "S3 list_objects_v2 error bucket={}, key={}: {}",
+                                    &self.bucket,
+                                    &prefix,
+                                    e.message().unwrap_or("connection error")
+                                ),
+                            )
+                        })?;
+
+                    for object in resp.contents() {
+                        // Didn't find a better way to filter out "subdirectories"
+                        let Some(key) = object.key() else { continue };
+                        if key == &prefix {
+                            continue;
+                        }
+
+                        let key = key.strip_prefix(&prefix).unwrap_or(key);
+                        if recursive {
+                            keys.insert(key.to_string());
+                        } else {
+                            if let Some((first, _rest)) = key.split_once('/') {
+                                // treat first segment as a "dir"
+                                let dir = format!("{}/", first);
+                                keys.insert(dir);
+                            } else {
+                                // no slash => top-level "file"
+                                keys.insert(key.to_string());
+                            }
+                        }
+                    }
+
+                    if resp.is_truncated().unwrap_or(false) {
+                        continuation_token = resp.next_continuation_token().map(|s| s.to_string());
+                    } else {
+                        break;
+                    }
+                }
+
+                let keys = keys.into_iter().collect::<Vec<_>>();
+                Ok(keys)
+            })
+        })
+    }
+    fn remove_object(&self, key: &str) -> Result<(), io::Error> {
+        let client = Arc::clone(&self.client);
+        let rt = Arc::clone(&self.rt);
+        let key = format!("{}{}", self.prefix, key);
+
+        block_in_place(|| {
+            rt.block_on(async {
+                client
+                    .delete_object()
+                    .bucket(&self.bucket)
+                    .key(&key)
+                    .send()
+                    .await
+                    .map_err(|e| {
+                        error!("S3 delete_object error: {}", DisplayErrorContext(&e));
+                        io::Error::new(
+                            io::ErrorKind::Other,
+                            format!(
+                                "S3 delete_object error bucket={}, key={}: {}",
+                                &self.bucket,
+                                &key,
+                                e.message().unwrap_or("connection error")
+                            ),
+                        )
+                    })?;
+                Ok(())
+            })
+        })
+    }
+    fn head_object(&self, key: &str) -> Result<bool, io::Error> {
+        let client = Arc::clone(&self.client);
+        let rt = Arc::clone(&self.rt);
+        let key = format!("{}{}", self.prefix, key);
+
+        block_in_place(|| {
+            rt.block_on(async {
+                let resp = client
+                    .head_object()
+                    .bucket(&self.bucket)
+                    .key(&key)
+                    .send()
+                    .await;
+
+                match resp {
+                    Ok(_) => Ok(true),
+                    Err(e) => {
+                        // Inspect the error
+                        if let SdkError::ServiceError(err) = &e {
+                            if err.err().is_not_found() {
+                                return Ok(false); // Object does not exist
+                            }
+                        }
+                        error!("S3 head_object error: {}", DisplayErrorContext(&e));
+
+                        Err(io::Error::new(
+                            io::ErrorKind::Other,
+                            format!(
+                                "S3 head_object error bucket={}, key={}: {}",
+                                &self.bucket,
+                                &key,
+                                e.message().unwrap_or("connection error")
+                            ),
+                        ))
+                    }
+                }
+            })
+        })
+    }
+    fn rename_object(&self, from: &str, to: &str) -> Result<(), io::Error> {
+        let client = Arc::clone(&self.client);
+        let rt = Arc::clone(&self.rt);
+        let from_key = format!("{}{}", self.prefix, from);
+        let to_key = format!("{}{}", self.prefix, to);
+
+        debug!(
+            "Renaming S3 object from key: {} to key: {}",
+            &from_key, &to_key
+        );
+        block_in_place(|| {
+            rt.block_on(async {
+                client
+                    .rename_object()
+                    .bucket(&self.bucket)
+                    .rename_source(&from_key)
+                    .key(&to_key)
+                    .send()
+                    .await
+                    .map_err(|e| {
+                        io::Error::new(
+                            io::ErrorKind::Other,
+                            format!(
+                                "S3 rename_object error bucket={}, from_key={}, to_key={}: {}",
+                                &self.bucket,
+                                &from_key,
+                                &to_key,
+                                e.message().unwrap_or("connection error")
+                            ),
+                        )
+                    })?;
+
+                // Optionally, delete the source object after copying
+                client
+                    .delete_object()
+                    .bucket(&self.bucket)
+                    .key(&from_key)
+                    .send()
+                    .await
+                    .map_err(|e| {
+                        io::Error::new(
+                            io::ErrorKind::Other,
+                            format!(
+                                "S3 delete_object error bucket={}, key={}: {}",
+                                &self.bucket,
+                                &from_key,
+                                e.message().unwrap_or("connection error")
+                            ),
+                        )
+                    })?;
+                Ok(())
+            })
+        })
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+    use rstest::*;
+    use std::fs;
+    use tempfile::tempdir;
+
+    // Dummy tests without S3 connection
+    // These tests are just to ensure that the code paths are correct
+    // and that error handling works as expected.
+    mod dummy {
+        use super::*;
+        #[rstest]
+        fn download_object(connector: S3Connector) {
+            let key = "test_download.txt";
+            let dest = PathBuf::from("/tmp/test_download.txt");
+
+            assert_eq!(
+                connector
+                    .download_object(key, &dest)
+                    .err()
+                    .unwrap()
+                    .to_string(),
+                "S3 get_object error bucket=test-bucket, key=r/test_download.txt: connection error"
+            );
+        }
+
+        #[rstest]
+        fn upload_object(connector: S3Connector, path: PathBuf) {
+            let key = "test_upload.txt";
+            let src = path.join("test_upload.txt");
+            fs::write(&src, b"test upload content").unwrap();
+
+            assert_eq!(
+                connector
+                    .upload_object(key, &src)
+                    .err()
+                    .unwrap()
+                    .to_string(),
+                "S3 put_object error bucket=test-bucket, key=r/test_upload.txt: connection error"
+            );
+        }
+
+        #[rstest]
+        fn create_dir_all(connector: S3Connector) {
+            let key = "test_dir/";
+
+            assert_eq!(
+                connector.create_dir_all(key).err().unwrap().to_string(),
+                "S3 put_object error bucket=test-bucket, key=r/test_dir/: connection error"
+            );
+        }
+
+        #[rstest]
+        fn list_objects(connector: S3Connector) {
+            let key = "test_list/";
+            let recursive = false;
+
+            assert_eq!(
+                connector
+                    .list_objects(key, recursive)
+                    .err()
+                    .unwrap()
+                    .to_string(),
+                "S3 list_objects_v2 error bucket=test-bucket, key=r/test_list/: connection error"
+            );
+        }
+
+        #[rstest]
+        fn remove_object(connector: S3Connector) {
+            let key = "test_remove.txt";
+
+            assert_eq!(
+                connector.remove_object(key).err().unwrap().to_string(),
+                "S3 delete_object error bucket=test-bucket, key=r/test_remove.txt: connection error"
+            );
+        }
+
+        #[rstest]
+        fn head_object(connector: S3Connector) {
+            let key = "test_head.txt";
+
+            assert_eq!(
+                connector.head_object(key).err().unwrap().to_string(),
+                "S3 head_object error bucket=test-bucket, key=r/test_head.txt: connection error"
+            );
+        }
+
+        #[rstest]
+        fn rename_object(connector: S3Connector) {
+            let from = "test_rename_from.txt";
+            let to = "test_rename_to.txt";
+
+            assert_eq!(connector.rename_object(from, to).err().unwrap().to_string(),
+                       "S3 rename_object error bucket=test-bucket, from_key=r/test_rename_from.txt, to_key=r/test_rename_to.txt: connection error"
+            );
+        }
+
+        #[fixture]
+        fn path() -> PathBuf {
+            tempdir().unwrap().keep()
+        }
+
+        #[fixture]
+        fn connector(settings: RemoteBackendSettings) -> S3Connector {
+            S3Connector::new(settings)
+        }
+
+        #[fixture]
+        fn settings() -> RemoteBackendSettings {
+            RemoteBackendSettings {
+                connector_type: Default::default(),
+                cache_path: Default::default(),
+                bucket: "test-bucket".to_string(),
+                region: Some("us-east-1".to_string()),
+                endpoint: Some("http://xxxxx:9000".to_string()), // we do just a dry run
+                access_key: "minioadmin".to_string(),
+                secret_key: "minioadmin".to_string(),
+                cache_size: 0,
+            }
+        }
+    }
+
+    #[cfg(feature = "ci")]
+    mod ci {
+        use super::*;
+        use crate::backend::BackendType;
+        use crate::core::env;
+        use crate::core::env::StdEnvGetter;
+        use serial_test::serial;
+        use tempfile::tempdir;
+
+        #[rstest]
+        #[serial]
+        fn download_object(connector: S3Connector, path: PathBuf) {
+            let key = "test/test.txt";
+            let dest = path.join("downloaded_test.txt");
+            assert!(!dest.exists());
+
+            (connector.download_object(key, &dest).unwrap());
+            assert!(dest.exists());
+            let content = std::fs::read_to_string(&dest).unwrap();
+            assert_eq!(content, "This is a test file for download.\n");
+        }
+
+        #[rstest]
+        #[serial]
+        fn upload_object(connector: S3Connector, path: PathBuf) {
+            let key = "test/uploaded_test.txt";
+            let src = path.join("uploaded_test.txt");
+            fs::write(&src, b"This is a test file for upload.\n").unwrap();
+
+            (connector.upload_object(key, &src).unwrap());
+            assert!(connector.head_object(key).unwrap());
+        }
+
+        #[rstest]
+        #[serial]
+        fn create_dir_all(connector: S3Connector) {
+            let key = "test/new_dir/";
+
+            (connector.create_dir_all(key).unwrap());
+            assert!(connector.head_object(key).unwrap());
+        }
+
+        #[rstest]
+        #[serial]
+        fn list_objects_recursive(connector: S3Connector) {
+            connector.create_dir_all("test/subdir1/").unwrap();
+            connector.create_dir_all("test/subdir1/subdir2").unwrap();
+
+            let objects = connector.list_objects("", true).unwrap();
+            assert_eq!(objects.len(), 3);
+            assert!(objects.contains(&"test/test.txt".to_string()));
+            assert!(objects.contains(&"test/subdir1/".to_string()));
+            assert!(objects.contains(&"test/subdir1/subdir2/".to_string()));
+        }
+
+        #[rstest]
+        #[serial]
+        fn list_objects_non_recursive(connector: S3Connector) {
+            connector.create_dir_all("test/subdir1/").unwrap();
+            connector.create_dir_all("test/subdir1/subdir2").unwrap();
+
+            let objects = connector.list_objects("", false).unwrap();
+            assert_eq!(objects.len(), 1);
+            assert!(objects.contains(&"test/".to_string()));
+        }
+
+        #[rstest]
+        #[serial]
+        fn rename_object(connector: S3Connector) {
+            let from = "test/uploaded_test.txt";
+            let to = "test/renamed_test.txt";
+
+            (connector.rename_object(from, to).unwrap());
+            assert!(!connector.head_object(from).unwrap());
+            assert!(connector.head_object(to).unwrap());
+        }
+
+        #[rstest]
+        #[serial]
+        fn remove_object(connector: S3Connector) {
+            let key = "test/uploaded_test.txt";
+
+            (connector.remove_object(key).unwrap());
+            assert!(!connector.head_object(key).unwrap());
+        }
+
+        #[rstest]
+        #[serial]
+        fn head_object(connector: S3Connector) {
+            let existing_key = "test/test.txt";
+            let non_existing_key = "test/non_existing.txt";
+
+            assert!(connector.head_object(existing_key).unwrap());
+            assert!(!connector.head_object(non_existing_key).unwrap());
+        }
+
+        #[fixture]
+        fn path() -> PathBuf {
+            tempdir().unwrap().keep()
+        }
+
+        #[fixture]
+        fn connector(settings: RemoteBackendSettings) -> S3Connector {
+            let mut connector = S3Connector::new(settings);
+            connector.prefix = "ci/";
+
+            for key in connector.list_objects("", true).unwrap() {
+                connector
+                    .remove_object(&key)
+                    .expect("Failed to clean up S3 bucket");
+            }
+
+            let key = "test/test.txt";
+            let src = tempdir().unwrap().keep().join("test.txt");
+            fs::write(&src, b"This is a test file for download.\n").unwrap();
+            connector
+                .upload_object(key, &src)
+                .expect("Failed to upload test file to S3");
+            connector
+        }
+
+        #[fixture]
+        fn settings() -> RemoteBackendSettings {
+            let mut env = env::Env::new(StdEnvGetter::default());
+            RemoteBackendSettings {
+                connector_type: BackendType::S3,
+                cache_path: tempdir().unwrap().keep(),
+                bucket: env
+                    .get_optional("MINIO_BUCKET")
+                    .expect("MINIO_BUCKET must be set"),
+                region: None,
+                endpoint: Some(
+                    env.get_optional("MINIO_ENDPOINT")
+                        .unwrap_or("http://127.0.0.1:9000".to_string()),
+                ),
+                access_key: env
+                    .get_optional("MINIO_ACCESS_KEY")
+                    .unwrap_or("minioadmin".to_string()),
+                secret_key: env
+                    .get_optional("MINIO_SECRET_KEY")
+                    .unwrap_or("minioadmin".to_string()),
+                cache_size: 1000,
+            }
+        }
+    }
+}
diff --git a/reductstore/src/cfg.rs b/reductstore/src/cfg.rs
index 8befea23c..de1173e6b 100644
--- a/reductstore/src/cfg.rs
+++ b/reductstore/src/cfg.rs
@@ -3,14 +3,18 @@
 
 pub mod io;
 mod provision;
+mod remote_storage;
 pub mod replication;
 
 use crate::api::Components;
 use crate::asset::asset_manager::create_asset_manager;
 use crate::auth::token_auth::TokenAuthorization;
+use crate::backend::Backend;
 use crate::cfg::io::IoConfig;
+use crate::cfg::remote_storage::RemoteStorageConfig;
 use crate::cfg::replication::ReplicationConfig;
 use crate::core::env::{Env, GetEnv};
+use crate::core::file_cache::FILE_CACHE;
 use crate::ext::ext_repository::create_ext_repository;
 use log::info;
 use reduct_base::error::ReductError;
@@ -46,18 +50,23 @@ pub struct Cfg<EnvGetter: GetEnv> {
     pub replications: HashMap<String, ReplicationSettings>,
     pub io_conf: IoConfig,
     pub replication_conf: ReplicationConfig,
-    env: Env<EnvGetter>,
+    pub cs_config: RemoteStorageConfig,
+    pub env: Env<EnvGetter>,
 }
 
 impl<EnvGetter: GetEnv> Cfg<EnvGetter> {
     pub fn from_env(env_getter: EnvGetter) -> Self {
         let mut env = Env::new(env_getter);
         let port: u16 = env.get("RS_PORT", DEFAULT_PORT);
+
+        let mut api_base_path = env.get("RS_API_BASE_PATH", "/".to_string());
+        Self::normalize_url_path(&mut api_base_path);
+
         let cfg = Cfg {
             log_level: env.get("RS_LOG_LEVEL", DEFAULT_LOG_LEVEL.to_string()),
             host: env.get("RS_HOST", DEFAULT_HOST.to_string()),
             port: port.clone(),
-            api_base_path: env.get("RS_API_BASE_PATH", "/".to_string()),
+            api_base_path,
             data_path: env.get("RS_DATA_PATH", "/data".to_string()),
             api_token: env.get_masked("RS_API_TOKEN", "".to_string()),
             cert_path: env.get_masked("RS_CERT_PATH", "".to_string()),
@@ -70,16 +79,67 @@ impl<EnvGetter: GetEnv> Cfg<EnvGetter> {
             replications: Self::parse_replications(&mut env),
             io_conf: Self::parse_io_config(&mut env),
             replication_conf: Self::parse_replication_config(&mut env, port),
+            cs_config: Self::parse_remote_storage_cfg(&mut env),
             env,
         };
 
         cfg
     }
 
+    fn normalize_url_path(api_base_path: &mut String) {
+        if !api_base_path.starts_with('/') {
+            api_base_path.insert(0, '/');
+        }
+
+        if !api_base_path.ends_with('/') {
+            api_base_path.push('/');
+        }
+    }
+
     pub fn build(&self) -> Result<Components, ReductError> {
+        // Initialize storage backend
+        let mut backend_builder = Backend::builder()
+            .backend_type(self.cs_config.backend_type.clone())
+            .local_data_path(&self.data_path)
+            .cache_size(self.cs_config.cache_size);
+
+        if let Some(bucket) = &self.cs_config.bucket {
+            backend_builder = backend_builder.remote_bucket(bucket);
+        }
+
+        if let Some(region) = &self.cs_config.region {
+            backend_builder = backend_builder.remote_region(region);
+        }
+
+        if let Some(endpoint) = &self.cs_config.endpoint {
+            backend_builder = backend_builder.remote_endpoint(endpoint);
+        }
+
+        if let Some(access_key) = &self.cs_config.access_key {
+            backend_builder = backend_builder.remote_access_key(access_key);
+        }
+
+        if let Some(secret_key) = &self.cs_config.secret_key {
+            backend_builder = backend_builder.remote_secret_key(secret_key);
+        }
+
+        if let Some(cache_path) = &self.cs_config.cache_path {
+            backend_builder = backend_builder.remote_cache_path(cache_path);
+        }
+
+        FILE_CACHE.set_storage_backend(backend_builder.try_build().map_err(|e| {
+            internal_server_error!(
+                "Failed to initialize storage backend at {}: {}",
+                self.data_path,
+                e
+            )
+        })?);
+
         let storage = Arc::new(self.provision_buckets());
-        let token_repo = self.provision_tokens();
+        let token_repo = self.provision_tokens(storage.data_path());
         let console = create_asset_manager(load_console());
+        let select_ext = create_asset_manager(load_select_ext());
+        let ros_ext = create_asset_manager(load_ros_ext());
         let replication_engine = self.provision_replication_repo(Arc::clone(&storage))?;
 
         let ext_path = if let Some(ext_path) = &self.ext_path {
@@ -90,6 +150,8 @@ impl<EnvGetter: GetEnv> Cfg<EnvGetter> {
             None
         };
 
+        let server_info = storage.info()?;
+
         Ok(Components {
             storage,
             token_repo: tokio::sync::RwLock::new(token_repo),
@@ -98,7 +160,11 @@ impl<EnvGetter: GetEnv> Cfg<EnvGetter> {
             replication_repo: tokio::sync::RwLock::new(replication_engine),
             ext_repo: create_ext_repository(
                 ext_path,
-                ExtSettings::builder().log_level(&self.log_level).build(),
+                vec![select_ext, ros_ext],
+                ExtSettings::builder()
+                    .log_level(&self.log_level)
+                    .server_info(server_info)
+                    .build(),
             )?,
 
             base_path: self.api_base_path.clone(),
@@ -129,6 +195,30 @@ fn load_console() -> &'static [u8] {
     b""
 }
 
+#[cfg(feature = "select-ext")]
+fn load_select_ext() -> &'static [u8] {
+    info!("Load Reduct Select Extension");
+    include_bytes!(concat!(env!("OUT_DIR"), "/select-ext.zip"))
+}
+
+#[cfg(not(feature = "select-ext"))]
+fn load_select_ext() -> &'static [u8] {
+    info!("Reduct Select Extension is disabled");
+    b""
+}
+
+#[cfg(feature = "ros-ext")]
+fn load_ros_ext() -> &'static [u8] {
+    info!("Load Reduct ROS Extension");
+    include_bytes!(concat!(env!("OUT_DIR"), "/ros-ext.zip"))
+}
+
+#[cfg(not(feature = "ros-ext"))]
+fn load_ros_ext() -> &'static [u8] {
+    info!("Reduct ROS Extension is disabled");
+    b""
+}
+
 impl<EnvGetter: GetEnv> Display for Cfg<EnvGetter> {
     fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result {
         write!(f, "{}", self.env.message())
@@ -217,17 +307,21 @@ mod tests {
     }
 
     #[rstest]
-    fn test_api_base_path(mut env_getter: MockEnvGetter) {
+    #[case("/api")]
+    #[case("/api/")]
+    #[case("api/")]
+    #[case("api")]
+    fn test_api_base_path(mut env_getter: MockEnvGetter, #[case] path: &str) {
         env_getter
             .expect_get()
             .with(eq("RS_API_BASE_PATH"))
             .times(1)
-            .return_const(Ok("/api".to_string()));
+            .return_const(Ok(path.to_string()));
         env_getter
             .expect_get()
             .return_const(Err(VarError::NotPresent));
         let cfg = Cfg::from_env(env_getter);
-        assert_eq!(cfg.api_base_path, "/api");
+        assert_eq!(cfg.api_base_path, "/api/");
     }
 
     #[rstest]
@@ -317,10 +411,55 @@ mod tests {
         assert_eq!(cfg.ext_path, Some("/tmp/ext".to_string()));
     }
 
+    #[cfg(feature = "fs-backend")]
+    #[rstest]
+    fn test_remote_storage_s3() {
+        // we cover only s3 parts here, filesystem is used as backend
+        let mut env_getter = MockEnvGetter::new();
+        env_getter
+            .expect_get()
+            .with(eq("RS_DATA_PATH"))
+            .return_const(Ok("/tmp/data".to_string()));
+        env_getter
+            .expect_get()
+            .with(eq("RS_REMOTE_BUCKET"))
+            .return_const(Ok("my-bucket".to_string()));
+        env_getter
+            .expect_get()
+            .with(eq("RS_REMOTE_ENDPOINT"))
+            .return_const(Ok("https://s3.example.com".to_string()));
+        env_getter
+            .expect_get()
+            .with(eq("RS_REMOTE_REGION"))
+            .return_const(Ok("us-east-1".to_string()));
+        env_getter
+            .expect_get()
+            .with(eq("RS_REMOTE_ACCESS_KEY"))
+            .return_const(Ok("my-access-key".to_string()));
+        env_getter
+            .expect_get()
+            .with(eq("RS_REMOTE_SECRET_KEY"))
+            .return_const(Ok("my-secret-key".to_string()));
+        env_getter
+            .expect_get()
+            .with(eq("RS_REMOTE_CACHE_PATH"))
+            .return_const(Ok("/tmp/cache".to_string()));
+        env_getter
+            .expect_get()
+            .with(eq("RS_REMOTE_CACHE_SIZE"))
+            .return_const(Ok("1073741824".to_string()));
+        env_getter
+            .expect_get()
+            .return_const(Err(VarError::NotPresent));
+        env_getter.expect_all().returning(|| BTreeMap::new());
+        let cfg = Cfg::from_env(env_getter);
+        cfg.build().unwrap();
+    }
+
     #[fixture]
     fn env_getter() -> MockEnvGetter {
         let mut mock_getter = MockEnvGetter::new();
         mock_getter.expect_all().returning(|| BTreeMap::new());
-        return mock_getter;
+        mock_getter
     }
 }
diff --git a/reductstore/src/cfg/provision/bucket.rs b/reductstore/src/cfg/provision/bucket.rs
index 60ad09fe7..3bd06a6df 100644
--- a/reductstore/src/cfg/provision/bucket.rs
+++ b/reductstore/src/cfg/provision/bucket.rs
@@ -1,6 +1,7 @@
 // Copyright 2025 ReductSoftware UG
 // Licensed under the Business Source License 1.1
 
+use crate::backend::BackendType;
 use crate::cfg::Cfg;
 use crate::core::env::{Env, GetEnv};
 use crate::license::parse_license;
@@ -15,7 +16,16 @@ use std::path::PathBuf;
 impl<EnvGetter: GetEnv> Cfg<EnvGetter> {
     pub(in crate::cfg) fn provision_buckets(&self) -> Storage {
         let license = parse_license(self.license_path.clone());
-        let storage = Storage::load(PathBuf::from(self.data_path.clone()), license);
+        let data_path = if self.cs_config.backend_type == BackendType::Filesystem {
+            self.data_path.clone()
+        } else {
+            self.cs_config
+                .cache_path
+                .clone()
+                .expect("Cache path must be set for remote storage")
+        };
+
+        let storage = Storage::load(PathBuf::from(data_path), license);
         for (name, settings) in &self.buckets {
             let settings = match storage.create_bucket(&name, settings.clone()) {
                 Ok(bucket) => {
@@ -192,7 +202,7 @@ mod tests {
         mock_getter
             .expect_get()
             .with(eq("RS_DATA_PATH"))
-            .return_const(Ok(tmp.into_path().to_str().unwrap().to_string()));
+            .return_const(Ok(tmp.keep().to_str().unwrap().to_string()));
         mock_getter.expect_all().returning(|| {
             let mut map = BTreeMap::new();
             map.insert("RS_BUCKET_1_NAME".to_string(), "bucket1".to_string());
diff --git a/reductstore/src/cfg/provision/replication.rs b/reductstore/src/cfg/provision/replication.rs
index 7fd25a390..0982e9ff3 100644
--- a/reductstore/src/cfg/provision/replication.rs
+++ b/reductstore/src/cfg/provision/replication.rs
@@ -400,7 +400,7 @@ mod tests {
     #[fixture]
     fn path() -> PathBuf {
         let tmp = tempfile::tempdir().unwrap();
-        tmp.into_path()
+        tmp.keep()
     }
 
     #[fixture]
diff --git a/reductstore/src/cfg/provision/token.rs b/reductstore/src/cfg/provision/token.rs
index 823c7c1df..69afda535 100644
--- a/reductstore/src/cfg/provision/token.rs
+++ b/reductstore/src/cfg/provision/token.rs
@@ -11,9 +11,11 @@ use std::collections::HashMap;
 use std::path::PathBuf;
 
 impl<EnvGetter: GetEnv> Cfg<EnvGetter> {
-    pub(in crate::cfg) fn provision_tokens(&self) -> Box<dyn ManageTokens + Send + Sync> {
-        let mut token_repo =
-            create_token_repository(PathBuf::from(self.data_path.clone()), &self.api_token);
+    pub(in crate::cfg) fn provision_tokens(
+        &self,
+        data_path: &PathBuf,
+    ) -> Box<dyn ManageTokens + Send + Sync> {
+        let mut token_repo = create_token_repository(PathBuf::from(data_path), &self.api_token);
 
         for (name, token) in &self.tokens {
             let is_generated = match token_repo
@@ -200,7 +202,7 @@ mod tests {
         mock_getter
             .expect_get()
             .with(eq("RS_DATA_PATH"))
-            .return_const(Ok(tmp.into_path().to_str().unwrap().to_string()));
+            .return_const(Ok(tmp.keep().to_str().unwrap().to_string()));
         mock_getter
             .expect_get()
             .with(eq("RS_API_TOKEN"))
diff --git a/reductstore/src/cfg/remote_storage.rs b/reductstore/src/cfg/remote_storage.rs
new file mode 100644
index 000000000..bebab7112
--- /dev/null
+++ b/reductstore/src/cfg/remote_storage.rs
@@ -0,0 +1,169 @@
+// Copyright 2025 ReductSoftware UG
+// Licensed under the Business Source License 1.1
+
+use crate::backend::BackendType;
+use crate::cfg::Cfg;
+use crate::core::env::{Env, GetEnv};
+use bytesize::ByteSize;
+
+/// Cloud storage settings
+#[derive(Clone, Debug, PartialEq)]
+pub struct RemoteStorageConfig {
+    pub backend_type: BackendType,
+    pub bucket: Option<String>,
+    pub endpoint: Option<String>,
+    pub region: Option<String>,
+    pub access_key: Option<String>,
+    pub secret_key: Option<String>,
+    pub cache_path: Option<String>,
+    pub cache_size: u64,
+}
+
+impl<EnvGetter: GetEnv> Cfg<EnvGetter> {
+    pub(super) fn parse_remote_storage_cfg(env: &mut Env<EnvGetter>) -> RemoteStorageConfig {
+        let secret_key = env.get_masked("RS_REMOTE_SECRET_KEY", "".to_string());
+        RemoteStorageConfig {
+            backend_type: env
+                .get_optional::<String>("RS_REMOTE_BACKEND_TYPE")
+                .map(|s| match s.to_lowercase().as_str() {
+                    #[cfg(feature = "s3-backend")]
+                    "s3" => BackendType::S3,
+                    #[cfg(feature = "fs-backend")]
+                    _ => BackendType::Filesystem,
+                })
+                .unwrap_or(BackendType::Filesystem),
+            bucket: env.get_optional::<String>("RS_REMOTE_BUCKET"),
+            endpoint: env.get_optional::<String>("RS_REMOTE_ENDPOINT"),
+            region: env.get_optional::<String>("RS_REMOTE_REGION"),
+            access_key: env.get_optional::<String>("RS_REMOTE_ACCESS_KEY"),
+            secret_key: if secret_key.is_empty() {
+                None
+            } else {
+                Some(secret_key)
+            },
+            cache_path: env.get_optional::<String>("RS_REMOTE_CACHE_PATH"),
+            cache_size: env
+                .get_optional::<ByteSize>("RS_REMOTE_CACHE_SIZE")
+                .unwrap_or(ByteSize::gb(1))
+                .as_u64(),
+        }
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+    use crate::cfg::tests::MockEnvGetter;
+    use mockall::predicate::eq;
+    use rstest::*;
+    use std::env::VarError;
+
+    #[cfg(feature = "fs-backend")]
+    #[rstest]
+    fn test_default_remote_storage_cfg() {
+        let mut env_getter = MockEnvGetter::new();
+        env_getter
+            .expect_get()
+            .with(eq("RS_REMOTE_BACKEND_TYPE"))
+            .return_const(Err(VarError::NotPresent));
+        env_getter
+            .expect_get()
+            .with(eq("RS_REMOTE_BUCKET"))
+            .return_const(Err(VarError::NotPresent));
+        env_getter
+            .expect_get()
+            .with(eq("RS_REMOTE_ENDPOINT"))
+            .return_const(Err(VarError::NotPresent));
+        env_getter
+            .expect_get()
+            .with(eq("RS_REMOTE_REGION"))
+            .return_const(Err(VarError::NotPresent));
+        env_getter
+            .expect_get()
+            .with(eq("RS_REMOTE_ACCESS_KEY"))
+            .return_const(Err(VarError::NotPresent));
+        env_getter
+            .expect_get()
+            .with(eq("RS_REMOTE_SECRET_KEY"))
+            .return_const(Err(VarError::NotPresent));
+        env_getter
+            .expect_get()
+            .with(eq("RS_REMOTE_CACHE_PATH"))
+            .return_const(Err(VarError::NotPresent));
+        env_getter
+            .expect_get()
+            .with(eq("RS_REMOTE_CACHE_SIZE"))
+            .return_const(Err(VarError::NotPresent));
+
+        let mut env = Env::new(env_getter);
+
+        let cfg = Cfg::parse_remote_storage_cfg(&mut env);
+        assert_eq!(
+            cfg,
+            RemoteStorageConfig {
+                backend_type: BackendType::Filesystem,
+                bucket: None,
+                endpoint: None,
+                region: None,
+                access_key: None,
+                secret_key: None,
+                cache_path: None,
+                cache_size: ByteSize::gb(1).as_u64(),
+            }
+        );
+    }
+
+    #[cfg(feature = "s3-backend")]
+    #[rstest]
+    fn test_custom_remote_storage_cfg() {
+        let mut env_getter = MockEnvGetter::new();
+        env_getter
+            .expect_get()
+            .with(eq("RS_REMOTE_BACKEND_TYPE"))
+            .return_const(Ok("s3".to_string()));
+        env_getter
+            .expect_get()
+            .with(eq("RS_REMOTE_BUCKET"))
+            .return_const(Ok("my-bucket".to_string()));
+        env_getter
+            .expect_get()
+            .with(eq("RS_REMOTE_ENDPOINT"))
+            .return_const(Ok("https://s3.example.com".to_string()));
+        env_getter
+            .expect_get()
+            .with(eq("RS_REMOTE_REGION"))
+            .return_const(Ok("us-west-1".to_string()));
+        env_getter
+            .expect_get()
+            .with(eq("RS_REMOTE_ACCESS_KEY"))
+            .return_const(Ok("my-access-key".to_string()));
+        env_getter
+            .expect_get()
+            .with(eq("RS_REMOTE_SECRET_KEY"))
+            .return_const(Ok("my-secret-key".to_string()));
+        env_getter
+            .expect_get()
+            .with(eq("RS_REMOTE_CACHE_PATH"))
+            .return_const(Ok("/tmp/cache".to_string()));
+        env_getter
+            .expect_get()
+            .with(eq("RS_REMOTE_CACHE_SIZE"))
+            .return_const(Ok("2GB".to_string()));
+        let mut env = Env::new(env_getter);
+
+        let cfg = Cfg::parse_remote_storage_cfg(&mut env);
+        assert_eq!(
+            cfg,
+            RemoteStorageConfig {
+                backend_type: BackendType::S3,
+                bucket: Some("my-bucket".to_string()),
+                endpoint: Some("https://s3.example.com".to_string()),
+                region: Some("us-west-1".to_string()),
+                access_key: Some("my-access-key".to_string()),
+                secret_key: Some("my-secret-key".to_string()),
+                cache_path: Some("/tmp/cache".to_string()),
+                cache_size: ByteSize::gb(2).as_u64(),
+            }
+        );
+    }
+}
diff --git a/reductstore/src/core/cache.rs b/reductstore/src/core/cache.rs
index 8eea94bf5..641805f7d 100644
--- a/reductstore/src/core/cache.rs
+++ b/reductstore/src/core/cache.rs
@@ -138,6 +138,10 @@ impl<K: Eq + Hash + Clone, V> Cache<K, V> {
         self.store.keys().collect()
     }
 
+    pub fn iter_mut(&mut self) -> impl Iterator<Item = (&K, &mut V)> {
+        self.store.iter_mut().map(|(k, v)| (k, &mut v.value))
+    }
+
     fn discard_old_descriptors(&mut self) -> Vec<(K, V)> {
         // remove old descriptors
         let mut removed = Vec::new();
diff --git a/reductstore/src/core/file_cache.rs b/reductstore/src/core/file_cache.rs
index a2c3d49bb..9ee3d27b8 100644
--- a/reductstore/src/core/file_cache.rs
+++ b/reductstore/src/core/file_cache.rs
@@ -1,20 +1,32 @@
-// Copyright 2023-2024 ReductSoftware UG
+// Copyright 2023-2025 ReductSoftware UG
 // Licensed under the Business Source License 1.1
 
+use crate::backend::file::{AccessMode, File};
+use crate::backend::Backend;
 use crate::core::cache::Cache;
+use log::{debug, warn};
 use reduct_base::error::ReductError;
 use reduct_base::internal_server_error;
-use std::fs::{remove_dir_all, remove_file, rename, File};
+use std::fs;
 use std::io::{Seek, SeekFrom};
 use std::path::PathBuf;
-use std::sync::{Arc, LazyLock, RwLock, Weak};
+use std::sync::atomic::{AtomicBool, Ordering};
+use std::sync::{Arc, LazyLock, RwLock, RwLockWriteGuard, Weak};
+use std::thread::spawn;
 use std::time::Duration;
 
 const FILE_CACHE_MAX_SIZE: usize = 1024;
 const FILE_CACHE_TIME_TO_LIVE: Duration = Duration::from_secs(60);
 
-pub(crate) static FILE_CACHE: LazyLock<FileCache> =
-    LazyLock::new(|| FileCache::new(FILE_CACHE_MAX_SIZE, FILE_CACHE_TIME_TO_LIVE));
+const FILE_CACHE_SYNC_INTERVAL: Duration = Duration::from_millis(60_000);
+
+pub(crate) static FILE_CACHE: LazyLock<FileCache> = LazyLock::new(|| {
+    FileCache::new(
+        FILE_CACHE_MAX_SIZE,
+        FILE_CACHE_TIME_TO_LIVE,
+        FILE_CACHE_SYNC_INTERVAL,
+    )
+});
 
 pub(crate) struct FileWeak {
     file: Weak<RwLock<File>>,
@@ -22,41 +34,37 @@ pub(crate) struct FileWeak {
 }
 
 impl FileWeak {
-    fn new(file: FileRc, path: PathBuf) -> Self {
+    fn new(file: FileRc) -> Self {
         FileWeak {
             file: Arc::downgrade(&file),
-            path,
+            path: file.read().unwrap().path().clone(),
         }
     }
 
     pub fn upgrade(&self) -> Result<FileRc, ReductError> {
-        self.file.upgrade().ok_or(internal_server_error!(
+        let file = self.file.upgrade().ok_or(internal_server_error!(
             "File descriptor for {:?} is no longer available",
             self.path
-        ))
+        ))?;
+
+        // Notify storage backend that the file was accessed
+        file.read()?.access()?;
+        Ok(file)
     }
 }
 
 pub(crate) type FileRc = Arc<RwLock<File>>;
 
-#[derive(PartialEq)]
-enum AccessMode {
-    Read,
-    ReadWrite,
-}
-
-struct FileDescriptor {
-    file_ref: FileRc,
-    mode: AccessMode,
-}
-
 /// A cache to keep file descriptors open
 ///
 /// This optimization is needed for network file systems because opening
 /// and closing files for writing causes synchronization overhead.
-#[derive(Clone)]
+///
+/// Additionally, it periodically syncs files to disk to ensure data integrity.
 pub(crate) struct FileCache {
-    cache: Arc<RwLock<Cache<PathBuf, FileDescriptor>>>,
+    cache: Arc<RwLock<Cache<PathBuf, FileRc>>>,
+    stop_sync_worker: Arc<AtomicBool>,
+    backpack: Arc<RwLock<Backend>>,
 }
 
 impl FileCache {
@@ -66,12 +74,83 @@ impl FileCache {
     ///
     /// * `max_size` - The maximum number of file descriptors to keep open
     /// * `ttl` - The time to live for a file descriptor
-    pub fn new(max_size: usize, ttl: Duration) -> Self {
+    /// * `sync_interval` - The interval to sync files from cache to disk
+    fn new(max_size: usize, ttl: Duration, sync_interval: Duration) -> Self {
+        let cache = Arc::new(RwLock::new(Cache::<PathBuf, FileRc>::new(max_size, ttl)));
+        let cache_clone = Arc::clone(&cache);
+        let stop_sync_worker = Arc::new(AtomicBool::new(false));
+        let stop_sync_worker_clone = Arc::clone(&stop_sync_worker);
+        let backpack = Arc::new(RwLock::new(Backend::default()));
+        let backpack_clone = Arc::clone(&backpack);
+
+        spawn(move || {
+            // Periodically sync files from cache to disk
+            while !stop_sync_worker.load(Ordering::Relaxed) {
+                std::thread::sleep(Duration::from_millis(100));
+                Self::sync_rw_and_unused_files(&backpack_clone, &cache, sync_interval, false);
+            }
+        });
+
         FileCache {
-            cache: Arc::new(RwLock::new(Cache::new(max_size, ttl))),
+            cache: cache_clone,
+            stop_sync_worker: stop_sync_worker_clone,
+            backpack,
         }
     }
 
+    fn sync_rw_and_unused_files(
+        backend: &Arc<RwLock<Backend>>,
+        cache: &Arc<RwLock<Cache<PathBuf, FileRc>>>,
+        sync_interval: Duration,
+        force: bool,
+    ) {
+        let mut cache = cache.write().unwrap();
+        let invalidated_files = backend.read().unwrap().invalidate_locally_cached_files();
+        for path in invalidated_files {
+            if let Some(file) = cache.remove(&path) {
+                if let Err(err) = file.write().unwrap().sync_all() {
+                    warn!("Failed to sync invalidated file {:?}: {}", path, err);
+                }
+            }
+
+            fs::remove_file(&path).ok();
+            debug!("Removed invalidated file {:?} from cache and storage", path);
+        }
+
+        for (path, file) in cache.iter_mut() {
+            let mut file_lock = if force {
+                // force sync, we need to get a write lock and wait for it
+                file.write().unwrap()
+            } else {
+                // if the file is used by other threads, sync it next time
+                let Some(file) = file.try_write().ok() else {
+                    continue;
+                };
+                file
+            };
+
+            // Sync only writeable files that are not synced yet
+            // and are not used by other threads
+            if file_lock.mode() != &AccessMode::ReadWrite
+                || Arc::strong_count(&file) > 1
+                || Arc::weak_count(&file) > 0
+                || file_lock.is_synced()
+                || file_lock.last_synced().elapsed() < sync_interval
+            {
+                continue;
+            }
+
+            if let Err(err) = file_lock.sync_all() {
+                warn!("Failed to sync file {}: {}", path.display(), err);
+                continue;
+            }
+        }
+    }
+
+    pub fn set_storage_backend(&self, backpack: Backend) {
+        *self.backpack.write().unwrap() = backpack;
+    }
+
     /// Get a file descriptor for reading
     ///
     /// If the file is not in the cache, it will be opened and added to the cache.
@@ -86,25 +165,23 @@ impl FileCache {
     /// A file reference
     pub fn read(&self, path: &PathBuf, pos: SeekFrom) -> Result<FileWeak, ReductError> {
         let mut cache = self.cache.write()?;
-        let file = if let Some(desc) = cache.get_mut(path) {
-            Arc::clone(&desc.file_ref)
-        } else {
-            let file = File::options().read(true).open(path)?;
+        let open_file = |cache| -> Result<FileRc, ReductError> {
+            let file = self.backpack.read()?.open_options().read(true).open(path)?;
             let file = Arc::new(RwLock::new(file));
-            cache.insert(
-                path.clone(),
-                FileDescriptor {
-                    file_ref: Arc::clone(&file),
-                    mode: AccessMode::Read,
-                },
-            );
-            file
+            Self::save_in_cache_and_sync_discarded(path.clone(), cache, &file);
+            Ok(file)
+        };
+
+        let file = if let Some(file) = cache.get_mut(path) {
+            Arc::clone(&file)
+        } else {
+            open_file(&mut cache)?
         };
 
         if pos != SeekFrom::Current(0) {
             file.write()?.seek(pos)?;
         }
-        Ok(FileWeak::new(file, path.clone()))
+        Ok(FileWeak::new(file))
     }
 
     /// Get a file descriptor for writing
@@ -122,38 +199,36 @@ impl FileCache {
     /// A file reference
     pub fn write_or_create(&self, path: &PathBuf, pos: SeekFrom) -> Result<FileWeak, ReductError> {
         let mut cache = self.cache.write()?;
-
-        let file = if let Some(desc) = cache.get_mut(path) {
-            if desc.mode == AccessMode::ReadWrite {
-                Arc::clone(&desc.file_ref)
-            } else {
-                let rw_file = File::options().write(true).read(true).open(path)?;
-                desc.file_ref = Arc::new(RwLock::new(rw_file));
-                desc.mode = AccessMode::ReadWrite;
-
-                Arc::clone(&desc.file_ref)
-            }
-        } else {
-            let file = File::options()
-                .create(true)
+        let open_file = |cache, create| -> Result<FileRc, ReductError> {
+            let file = self
+                .backpack
+                .read()?
+                .open_options()
+                .create(create)
                 .write(true)
                 .read(true)
                 .open(path)?;
             let file = Arc::new(RwLock::new(file));
-            cache.insert(
-                path.clone(),
-                FileDescriptor {
-                    file_ref: Arc::clone(&file),
-                    mode: AccessMode::ReadWrite,
-                },
-            );
-            file
+            Self::save_in_cache_and_sync_discarded(path.clone(), cache, &file);
+            Ok(file)
+        };
+
+        let file = if let Some(file) = cache.get_mut(path).cloned() {
+            let lock = file.read()?;
+            if lock.mode() == &AccessMode::ReadWrite {
+                Arc::clone(&file)
+            } else {
+                // file was opened in read-only mode, we need to reopen it in read-write mode
+                open_file(&mut cache, false)?
+            }
+        } else {
+            open_file(&mut cache, true)?
         };
 
         if pos != SeekFrom::Current(0) {
             file.write()?.seek(pos)?;
         }
-        Ok(FileWeak::new(file, path.clone()))
+        Ok(FileWeak::new(file))
     }
 
     /// Removes a file from the file system and the cache.
@@ -178,10 +253,7 @@ impl FileCache {
     pub fn remove(&self, path: &PathBuf) -> Result<(), ReductError> {
         let mut cache = self.cache.write()?;
         cache.remove(path);
-
-        if path.try_exists()? {
-            remove_file(path)?;
-        }
+        self.backpack.read()?.remove(path)?;
 
         Ok(())
     }
@@ -189,12 +261,27 @@ impl FileCache {
     pub fn remove_dir(&self, path: &PathBuf) -> Result<(), ReductError> {
         self.discard_recursive(path)?;
         if path.try_exists()? {
-            remove_dir_all(path)?;
+            self.backpack.read()?.remove_dir_all(path)?;
         }
 
         Ok(())
     }
 
+    pub fn create_dir_all(&self, path: &PathBuf) -> Result<(), ReductError> {
+        self.backpack.read()?.create_dir_all(path)?;
+        Ok(())
+    }
+
+    pub fn read_dir(&self, path: &PathBuf) -> Result<Vec<PathBuf>, ReductError> {
+        Ok(self.backpack.read()?.read_dir(path)?)
+    }
+
+    /// Discards all files in the cache that are under the specified path.
+    ///
+    /// This function iterates through the cache and removes all file descriptors
+    /// whose paths start with the specified `path`. If a file is in read-write mode
+    /// and has not been synced, it attempts to sync the file before removing it from the cache.
+    ///
     pub fn discard_recursive(&self, path: &PathBuf) -> Result<(), ReductError> {
         let mut cache = self.cache.write()?;
         let files_to_remove = cache
@@ -203,9 +290,19 @@ impl FileCache {
             .filter(|file_path| file_path.starts_with(path))
             .map(|file_path| (*file_path).clone())
             .collect::<Vec<PathBuf>>();
+
         for file_path in files_to_remove {
-            cache.remove(&file_path);
+            if let Some(file) = cache.remove(&file_path) {
+                // If the file is in read-write mode and not synced, we need to sync it before removing from cache
+                let mut lock = file.write()?;
+                if lock.mode() == &AccessMode::ReadWrite && !lock.is_synced() {
+                    if let Err(err) = lock.sync_all() {
+                        warn!("Failed to sync file {}: {}", file_path.display(), err);
+                    }
+                }
+            }
         }
+
         Ok(())
     }
 
@@ -225,9 +322,41 @@ impl FileCache {
     pub fn rename(&self, old_path: &PathBuf, new_path: &PathBuf) -> Result<(), ReductError> {
         let mut cache = self.cache.write()?;
         cache.remove(old_path);
-        rename(old_path, new_path)?;
+        self.backpack.read()?.rename(old_path, new_path)?;
         Ok(())
     }
+
+    pub fn try_exists(&self, path: &PathBuf) -> Result<bool, ReductError> {
+        let backpack = self.backpack.read()?;
+        Ok(backpack.try_exists(path)?)
+    }
+
+    pub fn force_sync_all(&self) {
+        Self::sync_rw_and_unused_files(&self.backpack, &self.cache, Duration::from_secs(0), true);
+    }
+
+    /// Saves a file descriptor in the cache and syncs any discarded files.
+    ///
+    /// We need to make sure that we sync all files that were discarded
+    fn save_in_cache_and_sync_discarded(
+        path: PathBuf,
+        cache: &mut RwLockWriteGuard<Cache<PathBuf, FileRc>>,
+        file: &Arc<RwLock<File>>,
+    ) -> () {
+        let discarded_files = cache.insert(path.clone(), Arc::clone(file));
+
+        for (_, file) in discarded_files {
+            if let Err(err) = file.write().unwrap().sync_all() {
+                warn!("Failed to sync file {:?}: {}", path, err);
+            }
+        }
+    }
+}
+
+impl Drop for FileCache {
+    fn drop(&mut self) {
+        self.stop_sync_worker.store(true, Ordering::Relaxed);
+    }
 }
 
 #[cfg(test)]
@@ -383,13 +512,93 @@ mod tests {
         assert_eq!(tmp_dir.exists(), false);
     }
 
+    mod sync_rw_and_unused_files {
+        use super::*;
+
+        #[rstest]
+        fn test_sync_unused_files(cache: FileCache, tmp_dir: PathBuf) {
+            let file_path = tmp_dir.join("test_sync_rw_and_unused_files.txt");
+            {
+                let file_ref = cache
+                    .write_or_create(&file_path, SeekFrom::Start(0))
+                    .unwrap()
+                    .upgrade()
+                    .unwrap();
+                file_ref.write().unwrap().write_all(b"test").unwrap();
+
+                assert!(
+                    !cache
+                        .cache
+                        .write()
+                        .unwrap()
+                        .get(&file_path)
+                        .unwrap()
+                        .read()
+                        .unwrap()
+                        .is_synced(),
+                    "File should not be synced initially"
+                );
+            }
+
+            // Wait for the sync worker to run
+            sleep(Duration::from_millis(250));
+
+            assert!(
+                cache
+                    .cache
+                    .write()
+                    .unwrap()
+                    .get(&file_path)
+                    .unwrap()
+                    .read()
+                    .unwrap()
+                    .is_synced(),
+                "File should be synced after sync worker runs"
+            );
+        }
+
+        #[rstest]
+        fn test_not_sync_used_files(cache: FileCache, tmp_dir: PathBuf) {
+            let file_path = tmp_dir.join("test_not_sync_unused_files.txt");
+            let file_ref = cache
+                .write_or_create(&file_path, SeekFrom::Start(0))
+                .unwrap()
+                .upgrade()
+                .unwrap();
+            file_ref.write().unwrap().write_all(b"test").unwrap();
+
+            // Wait for the sync worker to run
+            sleep(Duration::from_millis(250));
+
+            assert!(
+                !cache
+                    .cache
+                    .write()
+                    .unwrap()
+                    .get(&file_path)
+                    .unwrap()
+                    .read()
+                    .unwrap()
+                    .is_synced(),
+                "File should not be synced after sync worker runs"
+            );
+        }
+    }
+
     #[fixture]
     fn cache() -> FileCache {
-        FileCache::new(2, Duration::from_millis(100))
+        let cache = FileCache::new(2, Duration::from_millis(100), Duration::from_millis(100));
+        cache.set_storage_backend(
+            Backend::builder()
+                .local_data_path(tempfile::tempdir().unwrap().keep().to_str().unwrap())
+                .try_build()
+                .unwrap(),
+        );
+        cache
     }
 
     #[fixture]
     fn tmp_dir() -> PathBuf {
-        tempfile::tempdir().unwrap().into_path()
+        tempfile::tempdir().unwrap().keep()
     }
 }
diff --git a/reductstore/src/ext/ext_repository.rs b/reductstore/src/ext/ext_repository.rs
index 660137eaf..9e967fbab 100644
--- a/reductstore/src/ext/ext_repository.rs
+++ b/reductstore/src/ext/ext_repository.rs
@@ -1,19 +1,25 @@
 // Copyright 2025 ReductSoftware UG
 // Licensed under the Business Source License 1.1
 
-use crate::ext::filter::ExtWhenFilter;
+mod create;
+mod load;
+
+use crate::asset::asset_manager::ManageStaticAsset;
 use crate::storage::query::base::QueryOptions;
-use crate::storage::query::condition::{EvaluationStage, Parser};
+use crate::storage::query::condition::Parser;
 use crate::storage::query::QueryRx;
 use async_trait::async_trait;
 use dlopen2::wrapper::{Container, WrapperApi};
-use log::{error, info};
+use futures_util::StreamExt;
+use reduct_base::error::ErrorCode::NoContent;
 use reduct_base::error::ReductError;
-use reduct_base::ext::{BoxedReadRecord, ExtSettings, IoExtension, ProcessStatus};
+use reduct_base::ext::{
+    BoxedCommiter, BoxedProcessor, BoxedReadRecord, BoxedRecordStream, ExtSettings, IoExtension,
+};
 use reduct_base::msg::entry_api::QueryEntry;
-use reduct_base::{internal_server_error, unprocessable_entity, Labels};
+use reduct_base::{no_content, unprocessable_entity};
 use std::collections::HashMap;
-use std::path::PathBuf;
+use std::pin::Pin;
 use std::sync::Arc;
 use std::time::Instant;
 use tokio::sync::RwLock as AsyncRwLock;
@@ -35,21 +41,36 @@ pub(crate) trait ManageExtensions {
         entry_name: &str,
         query: QueryEntry,
     ) -> Result<(), ReductError>;
-    async fn next_processed_record(
+
+    /// Fetches and processes a record from the extension.
+    ///
+    /// This method is called for each record that is fetched from the storage engine.
+    ///
+    /// # Arguments
+    ///
+    /// * `query_id` - The ID of the query.
+    /// * `query_rx` - The receiver for the query.
+    ///
+    /// # Returns
+    ///
+    ///  204 No Content if no records are available.
+    async fn fetch_and_process_record(
         &self,
         query_id: u64,
         query_rx: Arc<AsyncRwLock<QueryRx>>,
-    ) -> ProcessStatus;
+    ) -> Option<Vec<Result<BoxedReadRecord, ReductError>>>;
 }
 
 pub type BoxedManageExtensions = Box<dyn ManageExtensions + Sync + Send>;
 
 pub(crate) struct QueryContext {
-    id: u64,
     query: QueryOptions,
-    condition_filter: ExtWhenFilter,
+    condition_filter: Box<dyn RecordFilter<BoxedReadRecord> + Send + Sync>,
     last_access: Instant,
-    ext_pipeline: Vec<IoExtRef>,
+    current_stream: Option<Pin<BoxedRecordStream>>,
+
+    processor: BoxedProcessor,
+    commiter: BoxedCommiter,
 }
 
 struct ExtRepository {
@@ -58,89 +79,9 @@ struct ExtRepository {
 
     #[allow(dead_code)]
     ext_wrappers: Vec<Container<ExtensionApi>>, // we need to keep the wrappers alive
-}
-
-impl ExtRepository {
-    pub(crate) fn try_load(
-        path: &PathBuf,
-        settings: ExtSettings,
-    ) -> Result<ExtRepository, ReductError> {
-        let mut extension_map = IoExtMap::new();
-
-        let query_map = AsyncRwLock::new(HashMap::new());
-
-        if !path.exists() {
-            return Err(internal_server_error!(
-                "Extension directory {:?} does not exist",
-                path
-            ));
-        }
-
-        let mut ext_wrappers = Vec::new();
-        for entry in path.read_dir()? {
-            let path = entry?.path();
-            if path.is_file()
-                && path
-                    .extension()
-                    .map_or(false, |ext| ext == "so" || ext == "dll" || ext == "dylib")
-            {
-                let ext_wrapper = unsafe {
-                    match Container::<ExtensionApi>::load(path.clone()) {
-                        Ok(wrapper) => wrapper,
-                        Err(e) => {
-                            error!("Failed to load extension '{:?}': {:?}", path, e);
-                            continue;
-                        }
-                    }
-                };
-
-                let ext = unsafe { Box::from_raw(ext_wrapper.get_ext(settings.clone())) };
 
-                info!("Load extension: {:?}", ext.info());
-
-                let name = ext.info().name().to_string();
-                extension_map.insert(name, Arc::new(AsyncRwLock::new(ext)));
-                ext_wrappers.push(ext_wrapper);
-            }
-        }
-
-        Ok(ExtRepository {
-            extension_map,
-            query_map,
-            ext_wrappers,
-        })
-    }
-
-    async fn send_record_to_ext_pipeline(
-        query_id: u64,
-        mut record: BoxedReadRecord,
-        ext_pipeline: Vec<IoExtRef>,
-    ) -> ProcessStatus {
-        let mut computed_labels = Labels::new();
-        for ext in ext_pipeline {
-            computed_labels.extend(record.computed_labels().clone().into_iter());
-            let status = ext
-                .write()
-                .await
-                .next_processed_record(query_id, record)
-                .await;
-
-            if let ProcessStatus::Ready(result) = status {
-                if let Ok(processed_record) = result {
-                    record = processed_record;
-                } else {
-                    return ProcessStatus::Ready(result);
-                }
-            } else {
-                return status;
-            }
-        }
-
-        record
-            .computed_labels_mut()
-            .extend(computed_labels.clone().into_iter());
-        ProcessStatus::Ready(Ok(record))
-    }
+    #[allow(dead_code)]
+    embedded_extensions: Vec<Box<dyn ManageStaticAsset + Sync + Send>>, // we need to keep them from being cleaned up
 }
 
 #[async_trait]
@@ -162,31 +103,51 @@ impl ManageExtensions for ExtRepository {
         query_id: u64,
         bucket_name: &str,
         entry_name: &str,
-        query_request: QueryEntry,
+        mut query_request: QueryEntry,
     ) -> Result<(), ReductError> {
-        let mut pipeline = Vec::new();
         let mut query_map = self.query_map.write().await;
+        let ext_params = query_request.ext.as_mut();
+        let controllers = if ext_params.is_some() && ext_params.as_ref().unwrap().is_object() {
+            let ext_query = ext_params.unwrap().as_object_mut().unwrap();
+
+            // check if the query has references to computed labels and no extension is found
+            let condition = if let Some(condition) = ext_query.remove("when") {
+                let node = Parser::new().parse(condition)?;
+                Some(node)
+            } else {
+                None
+            };
 
-        let ext_params = query_request.ext.as_ref();
-        if ext_params.is_some() && ext_params.unwrap().is_object() {
-            for (name, _) in ext_params.unwrap().as_object().unwrap().iter() {
-                if let Some(ext) = self.extension_map.get(name) {
-                    ext.write().await.register_query(
-                        query_id,
-                        bucket_name,
-                        entry_name,
-                        &query_request,
-                    )?;
-                    pipeline.push(Arc::clone(ext));
-                } else {
-                    return Err(unprocessable_entity!(
-                        "Unknown extension '{}' in query id={}",
-                        name,
-                        query_id
-                    ));
-                }
+            if ext_query.iter().count() > 1 {
+                return Err(unprocessable_entity!(
+                    "Multiple extensions are not supported in query id={}",
+                    query_id
+                ));
             }
-        }
+
+            let Some(name) = ext_query.keys().next() else {
+                return Err(unprocessable_entity!(
+                    "Extension name is not found in query id={}",
+                    query_id
+                ));
+            };
+
+            if let Some(ext) = self.extension_map.get(name) {
+                let (processor, commiter) =
+                    ext.write()
+                        .await
+                        .query(bucket_name, entry_name, &query_request)?;
+                Some((processor, commiter, condition))
+            } else {
+                return Err(unprocessable_entity!(
+                    "Unknown extension '{}' in query id={}",
+                    name,
+                    query_id
+                ));
+            }
+        } else {
+            None
+        };
 
         let query_options: QueryOptions = query_request.into();
         // remove expired queries
@@ -194,11 +155,6 @@ impl ManageExtensions for ExtRepository {
 
         for (key, query) in query_map.iter() {
             if query.last_access.elapsed() > query.query.ttl {
-                for ext in &query.ext_pipeline {
-                    if let Err(e) = ext.write().await.unregister_query(query.id) {
-                        error!("Failed to unregister query {}: {:?}", query_id, e);
-                    }
-                }
                 ids_to_remove.push(*key);
             }
         }
@@ -207,230 +163,166 @@ impl ManageExtensions for ExtRepository {
             query_map.remove(&key);
         }
 
-        // check if the query has references to computed labels and no extension is found
-        let condition = if let Some(condition) = &query_options.when {
-            let node = Parser::new().parse(condition)?;
-            if pipeline.is_empty() && node.stage() == &EvaluationStage::Compute {
-                return Err(unprocessable_entity!(
-                    "There is at least one reference to computed labels but no extension is found"
-                ));
-            }
-            Some(node)
-        } else {
-            None
-        };
+        if let Some((processor, commiter, condition)) = controllers {
+            let condition_filter = if let Some(condition) = condition {
+                let (node, directives) = condition;
+                Box::new(WhenFilter::try_new(node, directives, true)?)
+            } else {
+                DummyFilter::boxed()
+            };
 
-        if pipeline.is_empty() {
-            // No extension found, we don't need to register the query
-            return Ok(());
+            query_map.insert(query_id, {
+                QueryContext {
+                    query: query_options,
+                    condition_filter,
+                    last_access: Instant::now(),
+                    current_stream: None,
+                    processor,
+                    commiter,
+                }
+            });
         }
 
-        query_map.insert(query_id, {
-            QueryContext {
-                id: query_id,
-                query: query_options,
-                condition_filter: ExtWhenFilter::new(condition),
-                last_access: Instant::now(),
-                ext_pipeline: pipeline,
-            }
-        });
-
         Ok(())
     }
 
-    async fn next_processed_record(
+    async fn fetch_and_process_record(
         &self,
         query_id: u64,
         query_rx: Arc<AsyncRwLock<QueryRx>>,
-    ) -> ProcessStatus {
-        // check if registered
-        if let Some(record) = query_rx.write().await.recv().await {
-            match record {
-                Ok(record) => {
-                    let record = Box::new(record);
-                    let pipline = {
-                        // check if query is registered and
-                        let mut lock = self.query_map.write().await;
-
-                        let query = lock.get_mut(&query_id);
-                        if query.is_none() {
-                            return ProcessStatus::Ready(Ok(record));
-                        }
+    ) -> Option<Vec<Result<BoxedReadRecord, ReductError>>> {
+        // TODO: The code is awkward, we need to refactor it
+        // unfortunately stream! macro does not work here and crashes compiler
+        let mut lock = self.query_map.write().await;
+        let query = match lock.get_mut(&query_id) {
+            Some(query) => query,
+            None => {
+                let result = query_rx
+                    .write()
+                    .await
+                    .recv()
+                    .await
+                    .map(|record| record.map(|r| vec![Box::new(r) as BoxedReadRecord]));
 
-                        let query = query.unwrap();
-                        query.last_access = Instant::now();
-                        query.ext_pipeline.clone()
-                    };
-
-                    let status = Self::send_record_to_ext_pipeline(query_id, record, pipline).await;
-                    if let ProcessStatus::Ready(Ok(record)) = status {
-                        let mut lock = self.query_map.write().await;
-                        let query = lock.get_mut(&query_id).unwrap();
-                        query
-                            .condition_filter
-                            .filter_record(ProcessStatus::Ready(Ok(record)), query.query.strict)
-                    } else {
-                        status
-                    }
+                if result.is_none() {
+                    // If no record is available, return a no content error to finish the query.
+                    return Some(vec![Err(no_content!("No content"))]);
                 }
-                Err(e) => ProcessStatus::Ready(Err(e)),
+
+                return result.map(|r| {
+                    r.map_or_else(
+                        |e| vec![Err(e)],
+                        |records| records.into_iter().map(Ok).collect(),
+                    )
+                });
             }
-        } else {
-            ProcessStatus::Stop
-        }
-    }
-}
+        };
 
-pub fn create_ext_repository(
-    path: Option<PathBuf>,
-    settings: ExtSettings,
-) -> Result<BoxedManageExtensions, ReductError> {
-    if let Some(path) = path {
-        Ok(Box::new(ExtRepository::try_load(&path, settings)?))
-    } else {
-        // Dummy extension repository if
-        struct NoExtRepository;
+        query.last_access = Instant::now();
 
-        #[async_trait]
-        impl ManageExtensions for NoExtRepository {
-            async fn register_query(
-                &self,
-                _query_id: u64,
-                _bucket_name: &str,
-                _entry_name: &str,
-                _query: QueryEntry,
-            ) -> Result<(), ReductError> {
-                Ok(())
-            }
+        if let Some(mut current_stream) = query.current_stream.take() {
+            let item = current_stream.next().await;
+            query.current_stream = Some(current_stream);
 
-            async fn next_processed_record(
-                &self,
-                _query_id: u64,
-                query_rx: Arc<AsyncRwLock<QueryRx>>,
-            ) -> ProcessStatus {
-                let record = query_rx.write().await.recv().await;
-                match record {
-                    Some(Ok(record)) => ProcessStatus::Ready(Ok(Box::new(record))),
-                    Some(Err(e)) => ProcessStatus::Ready(Err(e)),
-                    None => ProcessStatus::Stop,
+            if let Some(result) = item {
+                if let Err(e) = result {
+                    return Some(vec![Err(e)]);
                 }
+
+                let record = result.unwrap();
+
+                return match query.condition_filter.filter(record) {
+                    Ok(Some(records)) => {
+                        let mut commited_records = vec![];
+                        for record in records {
+                            if let Some(rec) = query.commiter.commit_record(record).await {
+                                commited_records.push(rec);
+                            }
+                        }
+
+                        if commited_records.is_empty() {
+                            None
+                        } else {
+                            Some(commited_records)
+                        }
+                    }
+                    Ok(None) => {
+                        query.current_stream = None;
+                        None
+                    }
+                    Err(e) => Some(vec![Err(e)]),
+                };
+            } else {
+                // stream is empty, we need to process the next record
+                query.current_stream = None;
             }
         }
 
-        Ok(Box::new(NoExtRepository))
+        let Some(record) = query_rx.write().await.recv().await else {
+            return Some(vec![Err(no_content!("No content"))]);
+        };
+
+        let record = match record {
+            Ok(record) => record,
+            Err(e) => {
+                return if e.status == NoContent {
+                    if let Some(last_record) = query.commiter.flush().await {
+                        match last_record {
+                            Ok(rec) => {
+                                Some(vec![Ok(rec), Err(e)]) // return the last record if available and the error
+                            }
+                            Err(e) => Some(vec![Err(e)]),
+                        }
+                    } else {
+                        Some(vec![Err(e)])
+                    }
+                } else {
+                    Some(vec![Err(e)])
+                };
+            }
+        };
+
+        assert!(query.current_stream.is_none(), "Must be None");
+
+        let stream = match query.processor.process_record(Box::new(record)).await {
+            Ok(stream) => stream,
+            Err(e) => return Some(vec![Err(e)]),
+        };
+
+        query.current_stream = Some(Box::into_pin(stream));
+        None
     }
 }
 
+use crate::ext::filter::DummyFilter;
+use crate::storage::query::filters::{RecordFilter, WhenFilter};
+pub(crate) use create::create_ext_repository;
+
 #[cfg(test)]
 pub(super) mod tests {
     use super::*;
-    use reduct_base::ext::IoExtensionInfo;
-    use reqwest::blocking::get;
-    use reqwest::StatusCode;
+    use futures_util::Stream;
+    use reduct_base::ext::{Commiter, IoExtensionInfo, Processor};
     use rstest::{fixture, rstest};
 
     use crate::storage::entry::RecordReader;
     use crate::storage::proto::Record;
-    use mockall::mock;
+    use async_stream::stream;
     use mockall::predicate::eq;
+    use mockall::{mock, predicate};
     use prost_wkt_types::Timestamp;
     use reduct_base::io::{ReadChunk, ReadRecord, RecordMeta};
+    use reduct_base::msg::server_api::ServerInfo;
+    use reduct_base::Labels;
     use serde_json::json;
-    use std::fs;
+    use std::task::{Context, Poll};
     use tempfile::tempdir;
-    use test_log::test as log_test;
-
-    mod load {
-        use super::*;
-        #[log_test(rstest)]
-        fn test_load_extension(ext_repo: ExtRepository) {
-            assert_eq!(ext_repo.extension_map.len(), 1);
-            let ext = ext_repo
-                .extension_map
-                .get("test-ext")
-                .unwrap()
-                .blocking_read();
-            let info = ext.info().clone();
-            assert_eq!(
-                info,
-                IoExtensionInfo::builder()
-                    .name("test-ext")
-                    .version("0.1.1")
-                    .build()
-            );
-        }
-
-        #[log_test(rstest)]
-        fn test_failed_load(ext_settings: ExtSettings) {
-            let path = tempdir().unwrap().into_path();
-            fs::create_dir_all(&path).unwrap();
-            fs::write(&path.join("libtest.so"), b"test").unwrap();
-            let ext_repo = ExtRepository::try_load(&path, ext_settings).unwrap();
-            assert_eq!(ext_repo.extension_map.len(), 0);
-        }
-
-        #[log_test(rstest)]
-        fn test_failed_open_dir(ext_settings: ExtSettings) {
-            let path = PathBuf::from("non_existing_dir");
-            let ext_repo = ExtRepository::try_load(&path, ext_settings);
-            assert_eq!(
-                ext_repo.err().unwrap(),
-                internal_server_error!("Extension directory \"non_existing_dir\" does not exist")
-            );
-        }
-
-        #[fixture]
-        fn ext_settings() -> ExtSettings {
-            ExtSettings::default()
-        }
-
-        #[fixture]
-        fn ext_repo(ext_settings: ExtSettings) -> ExtRepository {
-            // This is the path to the build directory of the extension from ext_stub crate
-            const EXTENSION_VERSION: &str = "0.1.1";
 
-            if !cfg!(target_arch = "x86_64") {
-                panic!("Unsupported architecture");
-            }
-
-            let file_name = if cfg!(target_os = "linux") {
-                // This is the path to the build directory of the extension from ext_stub crate
-                "libtest_ext-x86_64-unknown-linux-gnu.so"
-            } else if cfg!(target_os = "macos") {
-                "libtest_ext-x86_64-apple-darwin.dylib"
-            } else if cfg!(target_os = "windows") {
-                "libtest_ext-x86_64-pc-windows-gnu.dll"
-            } else {
-                panic!("Unsupported platform")
-            };
-
-            let ext_path = PathBuf::from(tempdir().unwrap().into_path()).join("ext");
-            fs::create_dir_all(ext_path.clone()).unwrap();
-
-            let link = format!(
-                "https://github.com/reductstore/test-ext/releases/download/v{}/{}",
-                EXTENSION_VERSION, file_name
-            );
-
-            let mut resp = get(link).expect("Failed to download extension");
-            if resp.status() != StatusCode::OK {
-                if resp.status() == StatusCode::FOUND {
-                    resp = get(resp.headers().get("location").unwrap().to_str().unwrap())
-                        .expect("Failed to download extension");
-                } else {
-                    panic!("Failed to download extension: {}", resp.status());
-                }
-            }
-
-            fs::write(ext_path.join(file_name), resp.bytes().unwrap())
-                .expect("Failed to write extension");
-
-            ExtRepository::try_load(&ext_path.to_path_buf(), ext_settings).unwrap()
-        }
-    }
     mod register_query {
         use super::*;
-        use mockall::predicate::ge;
+        use mockall::predicate::always;
+
+        use reduct_base::not_found;
         use std::time::Duration;
 
         #[rstest]
@@ -452,7 +344,11 @@ pub(super) mod tests {
 
         #[rstest]
         #[tokio::test]
-        async fn test_with_ext_part(mut mock_ext: MockIoExtension) {
+        async fn test_with_ext_part(
+            mut mock_ext: MockIoExtension,
+            processor: BoxedProcessor,
+            commiter: BoxedCommiter,
+        ) {
             let query = QueryEntry {
                 ext: Some(json!({
                     "test-ext": {},
@@ -461,9 +357,9 @@ pub(super) mod tests {
             };
 
             mock_ext
-                .expect_register_query()
-                .with(eq(1), eq("bucket"), eq("entry"), eq(query.clone()))
-                .return_const(Ok(()));
+                .expect_query()
+                .with(eq("bucket"), eq("entry"), eq(query.clone()))
+                .return_once(|_, _, _| Ok((processor, commiter)));
 
             let mocked_ext_repo = mocked_ext_repo("test-ext", mock_ext);
 
@@ -482,24 +378,42 @@ pub(super) mod tests {
 
         #[rstest]
         #[tokio::test]
-        async fn test_without_ext_but_computed_labels(mut mock_ext: MockIoExtension) {
+        async fn test_when_parsing(
+            mut mock_ext: MockIoExtension,
+            processor: BoxedProcessor,
+            commiter: BoxedCommiter,
+        ) {
             let query = QueryEntry {
-                when: Some(json!({"@label": { "$eq": "value" }})),
+                ext: Some(json!({
+                    "test-ext": {},
+                    "when": {"@label": {"$eq": "value"}},
+                })),
                 ..Default::default()
             };
-            mock_ext.expect_register_query().never();
+            mock_ext
+                .expect_query()
+                .with(eq("bucket"), eq("entry"), always())
+                .return_once(|_, _, _| Ok((processor, commiter)));
 
-            let mocked_ext_repo = mocked_ext_repo("test", mock_ext);
+            let mocked_ext_repo = mocked_ext_repo("test-ext", mock_ext);
+
+            assert!(mocked_ext_repo
+                .register_query(1, "bucket", "entry", query)
+                .await
+                .is_ok(),);
 
+            // make sure we parsed condition correctly
+            let mut query_map = mocked_ext_repo.query_map.write().await;
+            assert_eq!(query_map.len(), 1, "Query should be registered");
+            let query_context = query_map.get_mut(&1).unwrap();
             assert_eq!(
-                mocked_ext_repo
-                    .register_query(1, "bucket", "entry", query)
-                    .await
+                query_context
+                    .condition_filter
+                    .filter(Box::new(MockRecord::new("not-in-when", "val")))
                     .err()
                     .unwrap(),
-                unprocessable_entity!(
-                    "There is at least one reference to computed labels but no extension is found"
-                )
+                not_found!("Reference '@label' not found"),
+                "Condition should be parsed and applied"
             );
         }
 
@@ -515,17 +429,15 @@ pub(super) mod tests {
             };
 
             mock_ext
-                .expect_register_query()
-                .with(ge(1), eq("bucket"), eq("entry"), eq(query.clone()))
-                .return_const(Ok(()));
-            mock_ext
-                .expect_unregister_query()
-                .with(eq(1))
-                .return_const(Ok(()));
-            mock_ext
-                .expect_unregister_query()
-                .with(eq(2))
-                .return_const(Ok(()));
+                .expect_query()
+                .with(eq("bucket"), eq("entry"), eq(query.clone()))
+                .returning(|_, _, _| {
+                    Ok((
+                        Box::new(MockProcessor::new()),
+                        Box::new(MockCommiter::new()),
+                    ))
+                })
+                .times(3);
 
             let mocked_ext_repo = mocked_ext_repo("test-ext", mock_ext);
             assert!(mocked_ext_repo
@@ -559,16 +471,26 @@ pub(super) mod tests {
         }
 
         #[rstest]
+        #[case(json!({"test-ext": {}, "test-ext2": {}}),  unprocessable_entity!("Multiple extensions are not supported in query id=1"))]
+        #[case(json!({"unknown-ext": {}}),  unprocessable_entity!("Unknown extension 'unknown-ext' in query id=1"))]
+        #[case(json!({}),  unprocessable_entity!("Extension name is not found in query id=1"))]
         #[tokio::test]
-        async fn error_unknown_extension(mut mock_ext: MockIoExtension) {
+        async fn test_error_handling(
+            mut mock_ext: MockIoExtension,
+            processor: BoxedProcessor,
+            commiter: BoxedCommiter,
+            #[case] ext_params: serde_json::Value,
+            #[case] expected_error: ReductError,
+        ) {
             let query = QueryEntry {
-                ext: Some(json!({
-                    "unknown-ext": {},
-                })),
+                ext: Some(ext_params),
                 ..Default::default()
             };
 
-            mock_ext.expect_register_query().never();
+            mock_ext
+                .expect_query()
+                .with(eq("bucket"), eq("entry"), eq(query.clone()))
+                .return_once(|_, _, _| Ok((processor, commiter)));
 
             let mocked_ext_repo = mocked_ext_repo("test-ext", mock_ext);
             assert_eq!(
@@ -577,93 +499,37 @@ pub(super) mod tests {
                     .await
                     .err()
                     .unwrap(),
-                unprocessable_entity!("Unknown extension 'unknown-ext' in query id=1")
+                expected_error
             );
         }
     }
 
-    mod send_record_to_ext_pipeline {
-        use super::*;
-        use assert_matches::assert_matches;
-        use mockall::predicate::always;
-        use reduct_base::internal_server_error;
-
-        #[rstest]
-        #[tokio::test]
-        async fn test_no_ext() {
-            let record = Box::new(MockRecord::new("key1", "val1"));
-            let query = QueryContext {
-                id: 1,
-                query: QueryOptions::default(),
-                condition_filter: ExtWhenFilter::new(None),
-                last_access: Instant::now(),
-                ext_pipeline: vec![],
-            };
-
-            let status = ExtRepository::send_record_to_ext_pipeline(
-                query.id,
-                record,
-                query.ext_pipeline.clone(),
-            )
-            .await;
-            assert_matches!(status, ProcessStatus::Ready(_));
-        }
-
-        #[rstest]
-        #[tokio::test(flavor = "current_thread")]
-        async fn test_stop_pipeline_at_errors() {
-            let record = Box::new(MockRecord::new("key1", "val1"));
-            let mut mock_ext_1 = MockIoExtension::new();
-            let mut mock_ext_2 = MockIoExtension::new();
-
-            mock_ext_1
-                .expect_next_processed_record()
-                .with(eq(1), always())
-                .return_once(|_, _| ProcessStatus::Ready(Err(internal_server_error!("test"))));
-            mock_ext_2.expect_next_processed_record().never();
-
-            let query = QueryContext {
-                id: 1,
-                query: QueryOptions::default(),
-                condition_filter: ExtWhenFilter::new(None),
-                last_access: Instant::now(),
-                ext_pipeline: vec![
-                    Arc::new(AsyncRwLock::new(Box::new(mock_ext_1))),
-                    Arc::new(AsyncRwLock::new(Box::new(mock_ext_2))),
-                ],
-            };
-
-            let status = ExtRepository::send_record_to_ext_pipeline(
-                query.id,
-                record,
-                query.ext_pipeline.clone(),
-            )
-            .await;
-            let ProcessStatus::Ready(result) = status else {
-                panic!("Expected ProcessStatus::Ready");
-            };
-
-            assert_eq!(result.err().unwrap(), internal_server_error!("test"));
-        }
-    }
     mod next_processed_record {
         use super::*;
         use crate::storage::entry::RecordReader;
-        use assert_matches::assert_matches;
+
         use mockall::predicate;
         use reduct_base::internal_server_error;
+        use tokio::sync::mpsc;
 
         #[rstest]
         #[tokio::test]
         async fn test_empty_query() {
             let mocked_ext_repo = mocked_ext_repo("test-ext", MockIoExtension::new());
-            let (tx, rx) = tokio::sync::mpsc::channel(1);
+            let (tx, rx) = mpsc::channel(1);
             drop(tx);
 
             let query_rx = Arc::new(AsyncRwLock::new(rx));
-            assert_matches!(
-                mocked_ext_repo.next_processed_record(1, query_rx).await,
-                ProcessStatus::Stop
+            assert_eq!(
+                *mocked_ext_repo
+                    .fetch_and_process_record(1, query_rx)
+                    .await
+                    .unwrap()[0]
+                    .as_ref()
+                    .err()
+                    .unwrap(),
+                no_content!("No content"),
+                "Should return no content error when no records are available"
             );
         }
 
@@ -676,9 +542,15 @@ pub(super) mod tests {
             tx.send(Err(err.clone())).await.unwrap();
 
             let query_rx = Arc::new(AsyncRwLock::new(rx));
-            assert_matches!(
-                mocked_ext_repo.next_processed_record(1, query_rx).await,
-                ProcessStatus::Ready(Err(_))
+            assert_eq!(
+                *mocked_ext_repo
+                    .fetch_and_process_record(1, query_rx)
+                    .await
+                    .unwrap()[0]
+                    .as_ref()
+                    .err()
+                    .unwrap(),
+                err
             );
         }
 
@@ -691,10 +563,12 @@ pub(super) mod tests {
             tx.send(Ok(record_reader)).await.unwrap();
 
             let query_rx = Arc::new(AsyncRwLock::new(rx));
-            assert_matches!(
-                mocked_ext_repo.next_processed_record(1, query_rx).await,
-                ProcessStatus::Ready(Ok(_))
-            );
+            assert!(mocked_ext_repo
+                .fetch_and_process_record(1, query_rx)
+                .await
+                .unwrap()[0]
+                .as_ref()
+                .is_ok(),);
         }
 
         #[rstest]
@@ -702,12 +576,18 @@ pub(super) mod tests {
         async fn test_process_not_ready(
             record_reader: RecordReader,
             mut mock_ext: MockIoExtension,
+            mut processor: Box<MockProcessor>,
+            mut commiter: Box<MockCommiter>,
         ) {
-            mock_ext.expect_register_query().return_const(Ok(()));
+            processor
+                .expect_process_record()
+                .return_once(|_| Ok(MockStream::boxed(Poll::Pending) as BoxedRecordStream));
+            commiter.expect_commit_record().never();
+
             mock_ext
-                .expect_next_processed_record()
-                .with(eq(1), predicate::always())
-                .return_once(|_, _| ProcessStatus::NotReady);
+                .expect_query()
+                .with(eq("bucket"), eq("entry"), predicate::always())
+                .return_once(|_, _, _| Ok((processor, commiter)));
 
             let query = QueryEntry {
                 ext: Some(json!({
@@ -727,80 +607,270 @@ pub(super) mod tests {
             tx.send(Ok(record_reader)).await.unwrap();
 
             let query_rx = Arc::new(AsyncRwLock::new(rx));
-            let status = mocked_ext_repo.next_processed_record(1, query_rx).await;
-            let ProcessStatus::NotReady = status else {
-                panic!("Expected ProcessStatus::NotReady");
-            };
+            assert!(mocked_ext_repo
+                .fetch_and_process_record(1, query_rx)
+                .await
+                .is_none());
         }
 
         #[rstest]
         #[tokio::test(flavor = "current_thread")]
-        async fn test_process_in_pipeline(record_reader: RecordReader) {
-            let record1 = Box::new(MockRecord::new("key1", "val1"));
-            let record2 = Box::new(MockRecord::new("key2", "val2"));
-
-            let mut mock1 = MockIoExtension::new();
-            let mut mock2 = MockIoExtension::new();
-
-            mock1.expect_register_query().return_const(Ok(()));
-            mock2.expect_register_query().return_const(Ok(()));
-            mock1
-                .expect_next_processed_record()
-                .with(eq(1), predicate::always())
-                .return_once(|_, _| ProcessStatus::Ready(Ok(record1)));
-            mock2
-                .expect_next_processed_record()
-                .with(eq(1), predicate::always())
-                .return_once(|_, _| ProcessStatus::Ready(Ok(record2)));
-
-            let mut mocked_ext_repo = mocked_ext_repo("test1", mock1);
-            mocked_ext_repo.extension_map.insert(
-                "test2".to_string(),
-                Arc::new(AsyncRwLock::new(Box::new(mock2))),
-            );
+        async fn test_process_a_record(
+            record_reader: RecordReader,
+            mut mock_ext: MockIoExtension,
+            mut processor: Box<MockProcessor>,
+            mut commiter: Box<MockCommiter>,
+        ) {
+            processor.expect_process_record().return_once(|_| {
+                Ok(MockStream::boxed(Poll::Ready(Some(Ok(MockRecord::boxed(
+                    "key", "val",
+                ))))))
+            });
+
+            commiter.expect_commit_record().return_once(|_| {
+                Some(Ok(
+                    Box::new(MockRecord::new("key", "val")) as BoxedReadRecord
+                ))
+            });
+            commiter.expect_flush().return_once(|| None).times(1);
+
+            mock_ext
+                .expect_query()
+                .with(eq("bucket"), eq("entry"), predicate::always())
+                .return_once(|_, _, _| Ok((processor, commiter)));
 
             let query = QueryEntry {
                 ext: Some(json!({
                     "test1": {},
-                    "test2": {}
                 })),
-                when: Some(json!({"@key2": { "$eq": "val2" }})),
                 ..Default::default()
             };
+
+            let mocked_ext_repo = mocked_ext_repo("test1", mock_ext);
+
             mocked_ext_repo
                 .register_query(1, "bucket", "entry", query)
                 .await
                 .unwrap();
-            let (tx, rx) = tokio::sync::mpsc::channel(1);
 
+            let (tx, rx) = tokio::sync::mpsc::channel(2);
             tx.send(Ok(record_reader)).await.unwrap();
+            tx.send(Err(no_content!(""))).await.unwrap();
 
             let query_rx = Arc::new(AsyncRwLock::new(rx));
-            let status = mocked_ext_repo.next_processed_record(1, query_rx).await;
 
-            let ProcessStatus::Ready(record) = status else {
-                panic!("Expected ProcessStatus::Ready");
+            assert!(
+                mocked_ext_repo
+                    .fetch_and_process_record(1, query_rx.clone())
+                    .await
+                    .is_none(),
+                "First run should be None (stupid implementation)"
+            );
+
+            let mut records = mocked_ext_repo
+                .fetch_and_process_record(1, query_rx.clone())
+                .await
+                .unwrap();
+
+            assert_eq!(records.len(), 1, "Should return one record");
+
+            let record = records.get_mut(0).unwrap().as_mut().unwrap();
+            assert_eq!(record.read().await, None);
+
+            assert_eq!(
+                *mocked_ext_repo
+                    .fetch_and_process_record(1, query_rx)
+                    .await
+                    .unwrap()[0]
+                    .as_ref()
+                    .err()
+                    .unwrap(),
+                no_content!("")
+            );
+        }
+
+        #[rstest]
+        #[tokio::test(flavor = "current_thread")]
+        async fn test_process_flushed_record(
+            record_reader: RecordReader,
+            mut mock_ext: MockIoExtension,
+            mut processor: Box<MockProcessor>,
+            mut commiter: Box<MockCommiter>,
+        ) {
+            processor.expect_process_record().return_once(|_| {
+                Ok(MockStream::boxed(Poll::Ready(Some(Ok(MockRecord::boxed(
+                    "key", "val",
+                ))))))
+            });
+
+            commiter.expect_commit_record().return_once(|_| None);
+
+            commiter
+                .expect_flush()
+                .return_once(|| {
+                    Some(Ok(
+                        Box::new(MockRecord::new("key", "val")) as BoxedReadRecord
+                    ))
+                })
+                .times(1);
+
+            mock_ext
+                .expect_query()
+                .with(eq("bucket"), eq("entry"), predicate::always())
+                .return_once(|_, _, _| Ok((processor, commiter)));
+
+            let query = QueryEntry {
+                ext: Some(json!({
+                    "test1": {},
+                })),
+                ..Default::default()
             };
 
+            let mocked_ext_repo = mocked_ext_repo("test1", mock_ext);
+            mocked_ext_repo
+                .register_query(1, "bucket", "entry", query)
+                .await
+                .unwrap();
+
+            let (tx, rx) = tokio::sync::mpsc::channel(2);
+            tx.send(Ok(record_reader)).await.unwrap();
+            tx.send(Err(no_content!(""))).await.unwrap();
+
+            let query_rx = Arc::new(AsyncRwLock::new(rx));
+            assert!(
+                mocked_ext_repo
+                    .fetch_and_process_record(1, query_rx.clone())
+                    .await
+                    .is_none(),
+                "First run should be None (stupid implementation)"
+            );
+
+            assert!(
+                mocked_ext_repo
+                    .fetch_and_process_record(1, query_rx.clone())
+                    .await
+                    .is_none(),
+                "we don't commit the record waiting for flush"
+            );
+
+            let results = mocked_ext_repo
+                .fetch_and_process_record(1, query_rx.clone())
+                .await
+                .unwrap();
+
             assert_eq!(
-                record.unwrap().computed_labels(),
-                &Labels::from_iter(
-                    vec![
-                        ("key1".to_string(), "val1".to_string()),
-                        ("key2".to_string(), "val2".to_string())
-                    ]
-                    .into_iter()
-                ),
-                "Computed labels to be merged from both extensions"
+                results.len(),
+                2,
+                "Should return one record and non-content error"
+            );
+            assert!(
+                results[0].as_ref().is_ok(),
+                "we should get the record from flush"
+            );
+            assert_eq!(
+                results[1].as_ref().err().unwrap().status(),
+                NoContent,
+                "we should get no content error"
             );
         }
     }
 
+    #[rstest]
+    #[tokio::test(flavor = "current_thread")]
+    async fn test_process_a_record_limit(
+        record_reader: RecordReader,
+        mut mock_ext: MockIoExtension,
+        mut processor: Box<MockProcessor>,
+        mut commiter: Box<MockCommiter>,
+    ) {
+        processor.expect_process_record().return_once(|_| {
+            let stream = stream! {
+                yield Ok(MockRecord::boxed("key", "val"));
+                yield Ok(MockRecord::boxed("key", "val"));
+            };
+            Ok(Box::new(stream) as BoxedRecordStream)
+        });
+
+        commiter.expect_commit_record().return_once(|_| {
+            Some(Ok(
+                Box::new(MockRecord::new("key", "val")) as BoxedReadRecord
+            ))
+        });
+        commiter.expect_flush().return_once(|| None).times(1);
+
+        mock_ext
+            .expect_query()
+            .with(eq("bucket"), eq("entry"), predicate::always())
+            .return_once(|_, _, _| Ok((processor, commiter)));
+
+        let query = QueryEntry {
+            ext: Some(json!({
+                "test1": {},
+                "when": {"$limit": 1},
+            })),
+            ..Default::default()
+        };
+
+        let mocked_ext_repo = mocked_ext_repo("test1", mock_ext);
+
+        mocked_ext_repo
+            .register_query(1, "bucket", "entry", query)
+            .await
+            .unwrap();
+
+        let (tx, rx) = tokio::sync::mpsc::channel(2);
+        tx.send(Ok(record_reader)).await.unwrap();
+        tx.send(Err(no_content!(""))).await.unwrap();
+
+        let query_rx = Arc::new(AsyncRwLock::new(rx));
+
+        assert!(mocked_ext_repo
+            .fetch_and_process_record(1, query_rx.clone())
+            .await
+            .is_none());
+
+        mocked_ext_repo
+            .fetch_and_process_record(1, query_rx.clone())
+            .await
+            .unwrap()[0]
+            .as_ref()
+            .expect("Should return a record");
+
+        assert!(
+            mocked_ext_repo
+                .fetch_and_process_record(1, query_rx.clone())
+                .await
+                .is_none(),
+            "Flush should not return any records"
+        );
+
+        assert_eq!(
+            *mocked_ext_repo
+                .fetch_and_process_record(1, query_rx)
+                .await
+                .unwrap()[0]
+                .as_ref()
+                .err()
+                .unwrap(),
+            no_content!("")
+        );
+    }
+
     #[fixture]
     fn mock_ext() -> MockIoExtension {
         MockIoExtension::new()
     }
 
+    #[fixture]
+    fn processor() -> Box<MockProcessor> {
+        Box::new(MockProcessor::new())
+    }
+
+    #[fixture]
+    fn commiter() -> Box<MockCommiter> {
+        Box::new(MockCommiter::new())
+    }
+
     #[fixture]
     fn record_reader() -> RecordReader {
         let record = Record {
@@ -810,7 +880,7 @@ pub(super) mod tests {
             }),
             ..Default::default()
         };
-        RecordReader::form_record(record, false)
+        RecordReader::form_record(record)
     }
 
     #[fixture]
@@ -819,9 +889,11 @@ pub(super) mod tests {
     }
 
     fn mocked_ext_repo(name: &str, mock_ext: MockIoExtension) -> ExtRepository {
-        let ext_settings = ExtSettings::default();
+        let ext_settings = ExtSettings::builder()
+            .server_info(ServerInfo::default())
+            .build();
         let mut ext_repo =
-            ExtRepository::try_load(&tempdir().unwrap().into_path(), ext_settings).unwrap();
+            ExtRepository::try_load(vec![tempdir().unwrap().keep()], vec![], ext_settings).unwrap();
         ext_repo.extension_map.insert(
             name.to_string(),
             Arc::new(AsyncRwLock::new(Box::new(mock_ext))),
@@ -836,53 +908,80 @@ pub(super) mod tests {
         impl IoExtension for IoExtension {
             fn info(&self) -> &IoExtensionInfo;
 
-            fn register_query(
+
+            fn query(
                 &mut self,
-                query_id: u64,
                 bucket_name: &str,
                 entry_name: &str,
                 query: &QueryEntry,
-            ) -> Result<(), ReductError>;
+            ) -> Result<(BoxedProcessor, BoxedCommiter), ReductError>;
+        }
+
+    }
 
-            fn unregister_query(&mut self, query_id: u64) -> Result<(), ReductError>;
+    mock! {
+        Processor {}
 
-            async fn next_processed_record(
+        #[async_trait]
+        impl Processor for Processor {
+            async fn process_record(
                 &mut self,
-                query_id: u64,
                 record: BoxedReadRecord,
-            ) -> ProcessStatus;
+            ) -> Result<BoxedRecordStream, ReductError>;
         }
+    }
+
+    mock! {
+        Commiter {}
 
+        #[async_trait]
+        impl Commiter for Commiter {
+            async fn commit_record(&mut self, record: BoxedReadRecord) -> Option<Result<BoxedReadRecord, ReductError>>;
+            async fn flush(&mut self) -> Option<Result<BoxedReadRecord, ReductError>>;
+        }
     }
 
-    #[derive(Clone, PartialEq, Debug)]
-    pub struct MockRecord {
-        computed_labels: Labels,
-        labels: Labels,
+    struct MockStream {
+        ret_value: Option<Poll<Option<Result<BoxedReadRecord, ReductError>>>>,
     }
+    impl Stream for MockStream {
+        type Item = Result<BoxedReadRecord, ReductError>;
 
-    impl MockRecord {
-        pub fn new(key: &str, val: &str) -> Self {
-            MockRecord {
-                computed_labels: Labels::from_iter(
-                    vec![(key.to_string(), val.to_string())].into_iter(),
-                ),
-                labels: Labels::new(),
-            }
+        fn poll_next(mut self: Pin<&mut Self>, _cx: &mut Context) -> Poll<Option<Self::Item>> {
+            let Some(ret_value) = self.ret_value.take() else {
+                return Poll::Ready(None);
+            };
+
+            ret_value
         }
+    }
 
-        pub fn labels_mut(&mut self) -> &mut Labels {
-            &mut self.labels
+    impl MockStream {
+        fn boxed(ret_value: Poll<Option<Result<BoxedReadRecord, ReductError>>>) -> Box<Self> {
+            Box::new(MockStream {
+                ret_value: Some(ret_value),
+            })
         }
     }
 
-    impl RecordMeta for MockRecord {
-        fn timestamp(&self) -> u64 {
-            0
+    #[derive(Clone, PartialEq, Debug)]
+    pub struct MockRecord {
+        meta: RecordMeta,
+    }
+
+    impl MockRecord {
+        pub fn new(key: &str, val: &str) -> Self {
+            let meta = RecordMeta::builder()
+                .timestamp(0)
+                .computed_labels(Labels::from_iter(
+                    vec![(key.to_string(), val.to_string())].into_iter(),
+                ))
+                .build();
+            MockRecord { meta }
         }
 
-        fn labels(&self) -> &Labels {
-            &self.labels
+        pub fn boxed(key: &str, val: &str) -> BoxedReadRecord {
+            Box::new(MockRecord::new(key, val))
         }
     }
 
@@ -892,24 +991,12 @@ pub(super) mod tests {
             None
         }
 
-        fn last(&self) -> bool {
-            todo!()
-        }
-
-        fn computed_labels(&self) -> &Labels {
-            &self.computed_labels
-        }
-
-        fn computed_labels_mut(&mut self) -> &mut Labels {
-            &mut self.computed_labels
-        }
-
-        fn content_length(&self) -> u64 {
-            todo!()
+        fn meta(&self) -> &RecordMeta {
+            &self.meta
         }
 
-        fn content_type(&self) -> &str {
-            todo!()
+        fn meta_mut(&mut self) -> &mut RecordMeta {
+            &mut self.meta
         }
     }
 }
diff --git a/reductstore/src/ext/ext_repository/create.rs b/reductstore/src/ext/ext_repository/create.rs
new file mode 100644
index 000000000..e5c741a38
--- /dev/null
+++ b/reductstore/src/ext/ext_repository/create.rs
@@ -0,0 +1,117 @@
+// Copyright 2025 ReductSoftware UG
+// Licensed under the Business Source License 1.1
+
+use crate::asset::asset_manager::ManageStaticAsset;
+use crate::ext::ext_repository::{BoxedManageExtensions, ExtRepository, ManageExtensions};
+use crate::storage::query::QueryRx;
+use async_trait::async_trait;
+use reduct_base::error::ReductError;
+use reduct_base::ext::{BoxedReadRecord, ExtSettings};
+use reduct_base::msg::entry_api::QueryEntry;
+use reduct_base::no_content;
+use std::path::PathBuf;
+use std::sync::Arc;
+use tokio::sync::RwLock as AsyncRwLock;
+
+pub fn create_ext_repository(
+    external_path: Option<PathBuf>,
+    embedded_extensions: Vec<Box<dyn ManageStaticAsset + Sync + Send>>,
+    settings: ExtSettings,
+) -> Result<BoxedManageExtensions, ReductError> {
+    if external_path.is_some() || !embedded_extensions.is_empty() {
+        let mut paths = if let Some(path) = external_path {
+            vec![path]
+        } else {
+            Vec::new()
+        };
+
+        for embedded in &embedded_extensions {
+            if let Ok(path) = embedded.absolut_path("") {
+                paths.push(path);
+            }
+        }
+
+        Ok(Box::new(ExtRepository::try_load(
+            paths,
+            embedded_extensions,
+            settings,
+        )?))
+    } else {
+        // Dummy extension repository if
+        struct NoExtRepository;
+
+        #[async_trait]
+        impl ManageExtensions for NoExtRepository {
+            async fn register_query(
+                &self,
+                _query_id: u64,
+                _bucket_name: &str,
+                _entry_name: &str,
+                _query: QueryEntry,
+            ) -> Result<(), ReductError> {
+                Ok(())
+            }
+
+            async fn fetch_and_process_record(
+                &self,
+                _query_id: u64,
+                query_rx: Arc<AsyncRwLock<QueryRx>>,
+            ) -> Option<Vec<Result<BoxedReadRecord, ReductError>>> {
+                let result = query_rx
+                    .write()
+                    .await
+                    .recv()
+                    .await
+                    .map(|record| vec![record.map(|r| Box::new(r) as BoxedReadRecord)]);
+
+                if result.is_none() {
+                    // If no record is available, return a no content error to finish the query.
+                    return Some(vec![Err(no_content!("No content"))]);
+                }
+
+                result
+            }
+        }
+
+        Ok(Box::new(NoExtRepository))
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    use crate::ext::ext_repository::create_ext_repository;
+    use reduct_base::error::ErrorCode::NoContent;
+    use reduct_base::ext::ExtSettings;
+    use reduct_base::msg::server_api::ServerInfo;
+    use std::sync::Arc;
+    use tokio::sync::mpsc;
+    use tokio::sync::RwLock as AsyncRwLock;
+
+    #[tokio::test]
+    async fn test_no_content_error_returned() {
+        // Create the dummy extension repository
+        let ext_repo = create_ext_repository(
+            None,
+            vec![],
+            ExtSettings::builder()
+                .server_info(ServerInfo::default())
+                .build(),
+        )
+        .unwrap();
+
+        let (tx, rx) = mpsc::channel(1);
+        let rx = Arc::new(AsyncRwLock::new(rx));
+        drop(tx); // Close the sender to simulate no records being available
+
+        // Call fetch_and_process_record, which should return None
+        let result = ext_repo.fetch_and_process_record(1, rx.clone()).await;
+        assert!(
+            result.is_some(),
+            "Should return Some if no record is available"
+        );
+        assert_eq!(
+            result.unwrap()[0].as_ref().err().unwrap().status(),
+            NoContent
+        );
+    }
+}
diff --git a/reductstore/src/ext/ext_repository/load.rs b/reductstore/src/ext/ext_repository/load.rs
new file mode 100644
index 000000000..0ebc9b1e2
--- /dev/null
+++ b/reductstore/src/ext/ext_repository/load.rs
@@ -0,0 +1,185 @@
+// Copyright 2025 ReductSoftware UG
+// Licensed under the Business Source License 1.1
+
+use crate::asset::asset_manager::ManageStaticAsset;
+use crate::ext::ext_repository::{ExtRepository, ExtensionApi, IoExtMap};
+use dlopen2::wrapper::Container;
+use log::{error, info};
+use reduct_base::error::ReductError;
+use reduct_base::ext::ExtSettings;
+use reduct_base::internal_server_error;
+use std::collections::HashMap;
+use std::path::PathBuf;
+use std::sync::Arc;
+use tokio::sync::RwLock as AsyncRwLock;
+
+impl ExtRepository {
+    pub(super) fn try_load(
+        paths: Vec<PathBuf>,
+        embedded_extensions: Vec<Box<dyn ManageStaticAsset + Sync + Send>>,
+        settings: ExtSettings,
+    ) -> Result<ExtRepository, ReductError> {
+        let mut extension_map = IoExtMap::new();
+
+        let query_map = AsyncRwLock::new(HashMap::new());
+        let mut ext_wrappers = Vec::new();
+
+        for path in paths {
+            if !path.exists() {
+                return Err(internal_server_error!(
+                    "Extension directory {:?} does not exist",
+                    path
+                ));
+            }
+
+            for entry in path.read_dir()? {
+                let path = entry?.path();
+                if path.is_file()
+                    && path
+                        .extension()
+                        .map_or(false, |ext| ext == "so" || ext == "dll" || ext == "dylib")
+                {
+                    let ext_wrapper = unsafe {
+                        match Container::<ExtensionApi>::load(path.clone()) {
+                            Ok(wrapper) => wrapper,
+                            Err(e) => {
+                                error!("Failed to load extension '{:?}': {:?}", path, e);
+                                continue;
+                            }
+                        }
+                    };
+
+                    let ext = unsafe { Box::from_raw(ext_wrapper.get_ext(settings.clone())) };
+
+                    info!("Load extension: {:?}", ext.info());
+
+                    let name = ext.info().name().to_string();
+                    extension_map.insert(name, Arc::new(AsyncRwLock::new(ext)));
+                    ext_wrappers.push(ext_wrapper);
+                }
+            }
+        }
+
+        Ok(ExtRepository {
+            extension_map,
+            query_map,
+            ext_wrappers,
+            embedded_extensions,
+        })
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+    use reduct_base::ext::IoExtensionInfo;
+    use reduct_base::msg::server_api::ServerInfo;
+    use reqwest::blocking::get;
+    use reqwest::StatusCode;
+    use rstest::{fixture, rstest};
+    use std::fs;
+    use tempfile::tempdir;
+    use test_log::test as log_test;
+
+    const EXTENSION_VERSION: &str = "0.2.3";
+
+    #[log_test(rstest)]
+    fn test_load_extension(ext_repo: ExtRepository) {
+        assert_eq!(ext_repo.extension_map.len(), 1);
+        let ext = ext_repo
+            .extension_map
+            .get("test-ext")
+            .unwrap()
+            .blocking_read();
+        let info = ext.info().clone();
+        assert_eq!(
+            info,
+            IoExtensionInfo::builder()
+                .name("test-ext")
+                .version(EXTENSION_VERSION)
+                .build()
+        );
+    }
+
+    #[log_test(rstest)]
+    fn test_failed_load(ext_settings: ExtSettings) {
+        let path = tempdir().unwrap().keep();
+        fs::create_dir_all(&path).unwrap();
+        fs::write(&path.join("libtest.so"), b"test").unwrap();
+        let ext_repo = ExtRepository::try_load(vec![path], vec![], ext_settings).unwrap();
+        assert_eq!(ext_repo.extension_map.len(), 0);
+    }
+
+    #[log_test(rstest)]
+    fn test_failed_open_dir(ext_settings: ExtSettings) {
+        let path = PathBuf::from("non_existing_dir");
+        let ext_repo = ExtRepository::try_load(vec![path], vec![], ext_settings);
+        assert_eq!(
+            ext_repo.err().unwrap(),
+            internal_server_error!("Extension directory \"non_existing_dir\" does not exist")
+        );
+    }
+
+    #[fixture]
+    fn ext_settings() -> ExtSettings {
+        ExtSettings::builder()
+            .server_info(ServerInfo::default())
+            .build()
+    }
+
+    #[fixture]
+    fn ext_repo(ext_settings: ExtSettings) -> ExtRepository {
+        // This is the path to the build directory of the extension from ext_stub crate
+
+        let file_name = if cfg!(target_os = "linux") {
+            // This is the path to the build directory of the extension from ext_stub crate
+            if cfg!(target_arch = "aarch64") {
+                "libtest_ext-aarch64-unknown-linux-gnu.so"
+            } else if cfg!(target_arch = "x86_64") {
+                "libtest_ext-x86_64-unknown-linux-gnu.so"
+            } else {
+                panic!("Unsupported architecture")
+            }
+        } else if cfg!(target_os = "macos") {
+            if cfg!(target_arch = "aarch64") {
+                "libtest_ext-aarch64-apple-darwin.dylib"
+            } else if cfg!(target_arch = "x86_64") {
+                "libtest_ext-x86_64-apple-darwin.dylib"
+            } else {
+                panic!("Unsupported architecture")
+            }
+        } else if cfg!(target_os = "windows") {
+            if cfg!(target_arch = "x86_64") {
+                "libtest_ext-x86_64-pc-windows-gnu.dll"
+            } else {
+                panic!("Unsupported architecture")
+            }
+        } else {
+            panic!("Unsupported platform")
+        };
+
+        let ext_path = PathBuf::from(tempdir().unwrap().keep()).join("ext");
+        fs::create_dir_all(ext_path.clone()).unwrap();
+
+        let link = format!(
+            "https://github.com/reductstore/test-ext/releases/download/v{}/{}",
+            EXTENSION_VERSION, file_name
+        );
+
+        let mut resp = get(link).expect("Failed to download extension");
+        if resp.status() != StatusCode::OK {
+            if resp.status() == StatusCode::FOUND {
+                resp = get(resp.headers().get("location").unwrap().to_str().unwrap())
+                    .expect("Failed to download extension");
+            } else {
+                panic!("Failed to download extension: {}", resp.status());
+            }
+        }
+
+        fs::write(ext_path.join(file_name), resp.bytes().unwrap())
+            .expect("Failed to write extension");
+
+        let empty_ext_path = tempdir().unwrap().keep();
+        ExtRepository::try_load(vec![ext_path, empty_ext_path], vec![], ext_settings).unwrap()
+    }
+}
diff --git a/reductstore/src/ext/filter.rs b/reductstore/src/ext/filter.rs
index efd980a71..ad7f82a0f 100644
--- a/reductstore/src/ext/filter.rs
+++ b/reductstore/src/ext/filter.rs
@@ -1,156 +1,89 @@
-// Copyright 2025 ReductSoftware UG
-// Licensed under the Business Source License 1.1
-
-use crate::storage::query::condition::{BoxedNode, Context, EvaluationStage};
-use reduct_base::conflict;
+use crate::storage::proto::record::State::Finished;
+use crate::storage::query::filters::{FilterRecord, RecordFilter};
 use reduct_base::error::ReductError;
-use reduct_base::ext::{BoxedReadRecord, ProcessStatus};
+use reduct_base::ext::BoxedReadRecord;
 use std::collections::HashMap;
 
-pub(super) struct ExtWhenFilter {
-    condition: Option<BoxedNode>,
+// Copyright 2025 ReductSoftware UG
+// Licensed under the Business Source License 1.1
+pub(super) struct DummyFilter {}
+
+impl<R: FilterRecord> RecordFilter<R> for DummyFilter {
+    fn filter(&mut self, record: R) -> Result<Option<Vec<R>>, ReductError> {
+        Ok(Some(vec![record]))
+    }
 }
 
-/// This filter is used to filter records based on a condition.
-///
-/// It is used in the `ext` module to filter records after they processed by extension,
-/// and it puts computed labels into the context.
-impl ExtWhenFilter {
-    pub fn new(condition: Option<BoxedNode>) -> Self {
-        ExtWhenFilter { condition }
+impl DummyFilter {
+    pub fn boxed() -> Box<dyn RecordFilter<BoxedReadRecord> + Send + Sync> {
+        Box::new(DummyFilter {})
     }
+}
 
-    pub fn filter_record(&mut self, status: ProcessStatus, strict: bool) -> ProcessStatus {
-        if self.condition.is_none() {
-            return status;
-        }
+impl FilterRecord for BoxedReadRecord {
+    fn state(&self) -> i32 {
+        Finished as i32
+    }
 
-        // filter with computed labels
-        if let ProcessStatus::Ready(record) = &status {
-            match self.filter_with_computed(&record.as_ref().unwrap()) {
-                Ok(true) => status,
-                Ok(false) => ProcessStatus::NotReady,
-                Err(e) => {
-                    if strict {
-                        ProcessStatus::Ready(Err(e))
-                    } else {
-                        status
-                    }
-                }
-            }
-        } else {
-            status
-        }
+    fn timestamp(&self) -> u64 {
+        self.meta().timestamp()
     }
 
-    fn filter_with_computed(&mut self, reader: &BoxedReadRecord) -> Result<bool, ReductError> {
-        let mut labels = reader
-            .labels()
-            .iter()
-            .map(|(k, v)| (k.as_str(), v.as_str()))
-            .collect::<HashMap<_, _>>();
+    fn labels(&self) -> HashMap<&String, &String> {
+        self.meta().labels().iter().map(|(k, v)| (k, v)).collect()
+    }
 
-        for (k, v) in reader.computed_labels() {
-            if labels.insert(k, v).is_some() {
-                return Err(conflict!("Computed label '@{}' already exists", k));
-            }
-        }
+    fn set_labels(&mut self, labels: HashMap<String, String>) {
+        let labels_mut = self.meta_mut().labels_mut();
+        labels_mut.clear();
+        labels_mut.extend(labels);
+    }
 
-        let context = Context::new(reader.timestamp(), labels, EvaluationStage::Compute);
-        Ok(self
-            .condition
-            .as_mut()
-            .unwrap()
-            .apply(&context)?
-            .as_bool()?)
+    fn computed_labels(&self) -> HashMap<&String, &String> {
+        self.meta()
+            .computed_labels()
+            .iter()
+            .map(|(k, v)| (k, v))
+            .collect()
     }
 }
 
 #[cfg(test)]
 mod tests {
     use super::*;
-    use crate::ext::ext_repository::tests::{mocked_record, MockRecord};
-    use crate::storage::query::condition::Parser;
-    use assert_matches::assert_matches;
-    use rstest::rstest;
-    use serde_json::json;
-
-    #[rstest]
-    fn pass_status_if_condition_none(mocked_record: Box<MockRecord>) {
-        let mut filter = ExtWhenFilter::new(None);
-        let status = ProcessStatus::Ready(Ok(mocked_record));
-        assert_matches!(
-            filter.filter_record(status, false),
-            ProcessStatus::Ready(Ok(_))
-        )
-    }
-
-    #[rstest]
-    fn not_ready_if_condition_false(mocked_record: Box<MockRecord>) {
-        let mut filter = ExtWhenFilter::new(Some(
-            Parser::new()
-                .parse(&json!({"$and": [false, "@key1"]}))
-                .unwrap(),
-        ));
-        let status = ProcessStatus::Ready(Ok(mocked_record));
-        assert_matches!(filter.filter_record(status, true), ProcessStatus::NotReady)
-    }
+    use crate::ext::ext_repository::tests::mocked_record;
 
-    #[rstest]
-    fn ready_if_condition_true(mocked_record: Box<MockRecord>) {
-        let mut filter = ExtWhenFilter::new(Some(
-            Parser::new()
-                .parse(&json!({"$and": [true, "@key1"]}))
-                .unwrap(),
-        ));
-        let status = ProcessStatus::Ready(Ok(mocked_record));
-        assert_matches!(filter.filter_record(status, true), ProcessStatus::Ready(_))
-    }
+    use rstest::rstest;
 
     #[rstest]
-    fn ready_with_error_strict(mocked_record: Box<MockRecord>) {
-        let mut filter = ExtWhenFilter::new(Some(
-            Parser::new()
-                .parse(&json!({"$and": [true, "@not-exit"]}))
-                .unwrap(),
-        ));
-        let status = ProcessStatus::Ready(Ok(mocked_record));
-        assert_matches!(
-            filter.filter_record(status, true),
-            ProcessStatus::Ready(Err(_))
-        )
+    fn test_dummy_filter(mocked_record: BoxedReadRecord) {
+        let mut filter = DummyFilter::boxed();
+        let result = filter.filter(mocked_record).unwrap();
+        assert_eq!(
+            result.unwrap().len(),
+            1,
+            "Dummy filter should pass all records"
+        );
     }
 
     #[rstest]
-    fn ready_without_error(mocked_record: Box<MockRecord>) {
-        let mut filter = ExtWhenFilter::new(Some(
-            Parser::new()
-                .parse(&json!({"$and": [true, "@not-exit"]}))
-                .unwrap(),
-        ));
-        let status = ProcessStatus::Ready(Ok(mocked_record));
-        assert_matches!(filter.filter_record(status, false), ProcessStatus::Ready(_))
+    fn test_filter_record(mocked_record: BoxedReadRecord) {
+        assert_eq!(mocked_record.state(), Finished as i32);
+        assert_eq!(mocked_record.timestamp(), 0);
+        assert!(mocked_record.labels().is_empty());
+        assert!(!mocked_record.computed_labels().is_empty());
     }
 
     #[rstest]
-    fn conflict(mut mocked_record: Box<MockRecord>) {
-        let mut filter = ExtWhenFilter::new(Some(
-            Parser::new()
-                .parse(&json!({"$and": [true, "@key1"]}))
-                .unwrap(),
-        ));
-
-        mocked_record
-            .labels_mut()
-            .insert("key1".to_string(), "value1".to_string()); // conflicts with computed key1
-        let status = ProcessStatus::Ready(Ok(mocked_record));
-        let ProcessStatus::Ready(result) = filter.filter_record(status, true) else {
-            panic!("Expected ProcessStatus::Ready");
-        };
+    fn test_set_labels(mut mocked_record: BoxedReadRecord) {
+        let mut labels = HashMap::new();
+        labels.insert("test_key".to_string(), "test_value".to_string());
+        mocked_record.set_labels(labels);
 
+        assert_eq!(mocked_record.labels().len(), 1);
         assert_eq!(
-            result.err().unwrap(),
-            conflict!("Computed label '@key1' already exists")
-        )
+            mocked_record.labels().get(&"test_key".to_string()),
+            Some(&&"test_value".to_string())
+        );
     }
 }
diff --git a/reductstore/src/lib.rs b/reductstore/src/lib.rs
index 58d502f60..9802e414b 100644
--- a/reductstore/src/lib.rs
+++ b/reductstore/src/lib.rs
@@ -1,4 +1,4 @@
-// Copyright 2023-2024 ReductSoftware UG
+// Copyright 2023-2025 ReductSoftware UG
 // Licensed under the Business Source License 1.1
 pub mod api;
 pub mod asset;
@@ -9,3 +9,5 @@ pub mod ext;
 mod license;
 pub mod replication;
 pub mod storage;
+
+pub(crate) mod backend;
diff --git a/reductstore/src/license.rs b/reductstore/src/license.rs
index accf146ed..905307d28 100644
--- a/reductstore/src/license.rs
+++ b/reductstore/src/license.rs
@@ -97,7 +97,7 @@ mod tests {
         }
         "#;
 
-        let license_path = tempdir().unwrap().into_path().join("license.jwt");
+        let license_path = tempdir().unwrap().keep().join("license.jwt");
         fs::write(&license_path, license_file).unwrap();
         license_path
     }
@@ -111,7 +111,7 @@ mod tests {
         }
         "#;
 
-        let license_path = tempdir().unwrap().into_path().join("license.jwt");
+        let license_path = tempdir().unwrap().keep().join("license.jwt");
         fs::write(&license_path, license_file).unwrap();
         license_path
     }
diff --git a/reductstore/src/main.rs b/reductstore/src/main.rs
index e202c0b4c..21fc46a1c 100644
--- a/reductstore/src/main.rs
+++ b/reductstore/src/main.rs
@@ -1,4 +1,4 @@
-// Copyright 2023-2024 ReductSoftware UG
+// Copyright 2023-2025 ReductSoftware UG
 // Licensed under the Business Source License 1.1
 
 use std::net::{IpAddr, SocketAddr};
@@ -117,8 +117,7 @@ async fn launch_server() {
     };
 }
 
-// IMPORTANT: Use only current_thread runtime for the main function, we have deadlocks with multi-threaded runtime
-#[tokio::main(flavor = "current_thread")]
+#[tokio::main(flavor = "multi_thread", worker_threads = 4)]
 async fn main() {
     launch_server().await;
 }
@@ -231,13 +230,17 @@ mod tests {
     #[rstest]
     #[tokio::test]
     async fn test_shutdown() {
+        let data_path = tempdir().unwrap().keep();
+        env::set_var("RS_DATA_PATH", data_path.to_str().unwrap());
+
         let handle = Handle::new();
-        let storage = Arc::new(Storage::load(tempdir().unwrap().into_path(), None));
+        let cfg = Cfg::from_env(StdEnvGetter::default()); // init file cache
+        let storage = cfg.build().unwrap().storage;
         shutdown_app(handle.clone(), storage.clone());
     }
 
     async fn set_env_and_run(cfg: HashMap<String, String>) -> JoinHandle<()> {
-        let data_path = tempdir().unwrap().into_path();
+        let data_path = tempdir().unwrap().keep();
 
         env::set_var("RS_DATA_PATH", data_path.to_str().unwrap());
         env::set_var("RS_CERT_PATH", "");
diff --git a/reductstore/src/replication.rs b/reductstore/src/replication.rs
index cd5d804d0..51a3b9c9f 100644
--- a/reductstore/src/replication.rs
+++ b/reductstore/src/replication.rs
@@ -1,16 +1,15 @@
 // Copyright 2023-2024 ReductSoftware UG
 // Licensed under the Business Source License 1.1
 
-use std::sync::Arc;
-
 use crate::cfg::replication::ReplicationConfig;
 use crate::replication::replication_task::ReplicationTask;
 use crate::storage::storage::Storage;
 use reduct_base::error::ReductError;
+use reduct_base::io::RecordMeta;
 use reduct_base::msg::replication_api::{
     FullReplicationInfo, ReplicationInfo, ReplicationSettings,
 };
-use reduct_base::Labels;
+use std::sync::Arc;
 
 mod diagnostics;
 pub mod proto;
@@ -47,6 +46,13 @@ impl Transaction {
             Transaction::UpdateRecord(ts) => ts,
         }
     }
+
+    pub fn into_timestamp(self) -> u64 {
+        match self {
+            Transaction::WriteRecord(ts) => ts,
+            Transaction::UpdateRecord(ts) => ts,
+        }
+    }
 }
 
 impl TryFrom<u8> for Transaction {
@@ -67,7 +73,7 @@ impl TryFrom<u8> for Transaction {
 pub struct TransactionNotification {
     pub bucket: String,
     pub entry: String,
-    pub labels: Labels,
+    pub meta: RecordMeta,
     pub event: Transaction,
 }
 pub trait ManageReplications {
diff --git a/reductstore/src/replication/remote_bucket.rs b/reductstore/src/replication/remote_bucket.rs
index 5632a63bb..d852748f7 100644
--- a/reductstore/src/replication/remote_bucket.rs
+++ b/reductstore/src/replication/remote_bucket.rs
@@ -203,7 +203,7 @@ pub(super) mod tests {
         let (_tx, rx) = tokio::sync::mpsc::channel(1);
         let mut rec = Record::default();
         rec.timestamp = Some(Timestamp::default());
-        let record = RecordReader::form_record_with_rx(rx, rec, false);
+        let record = RecordReader::form_record_with_rx(rx, rec);
         remote_bucket.write_batch("test", vec![(record, Transaction::WriteRecord(0))])
     }
 }
diff --git a/reductstore/src/replication/remote_bucket/client_wrapper.rs b/reductstore/src/replication/remote_bucket/client_wrapper.rs
index ba58e4413..8ae8d5d7e 100644
--- a/reductstore/src/replication/remote_bucket/client_wrapper.rs
+++ b/reductstore/src/replication/remote_bucket/client_wrapper.rs
@@ -10,7 +10,7 @@ use std::collections::BTreeMap;
 use crate::replication::remote_bucket::ErrorRecordMap;
 use crate::storage::entry::RecordReader;
 use reduct_base::error::{ErrorCode, IntEnum, ReductError};
-use reduct_base::io::{ReadRecord, RecordMeta};
+use reduct_base::io::ReadRecord;
 use reduct_base::unprocessable_entity;
 use reqwest::header::{HeaderMap, HeaderValue, CONTENT_LENGTH, CONTENT_TYPE};
 use reqwest::{Body, Client, Error, Method, Response};
@@ -103,7 +103,7 @@ impl BucketWrapper {
         let content_length: u64 = if update_only {
             0
         } else {
-            records.iter().map(|r| r.content_length()).sum()
+            records.iter().map(|r| r.meta().content_length()).sum()
         };
 
         headers.insert(
@@ -116,18 +116,19 @@ impl BucketWrapper {
         );
 
         for record in records {
+            let meta = record.meta();
             let mut header_values = Vec::new();
             if update_only {
                 header_values.push("0".to_string());
                 header_values.push("".to_string());
             } else {
-                header_values.push(record.content_length().to_string());
-                header_values.push(record.content_type().to_string());
+                header_values.push(meta.content_length().to_string());
+                header_values.push(meta.content_type().to_string());
             }
 
-            if !record.labels().is_empty() {
+            if !meta.labels().is_empty() {
                 let mut label_headers = vec![];
-                for (name, value) in record.labels() {
+                for (name, value) in meta.labels() {
                     if value.contains(',') {
                         label_headers.push(format!("{}=\"{}\"", name, value));
                     } else {
@@ -140,7 +141,7 @@ impl BucketWrapper {
             }
 
             headers.insert(
-                HeaderName::from_str(&format!("x-reduct-time-{}", record.timestamp())).unwrap(),
+                HeaderName::from_str(&format!("x-reduct-time-{}", meta.timestamp())).unwrap(),
                 HeaderValue::from_str(&header_values.join(",").to_string()).unwrap(),
             );
         }
@@ -174,42 +175,39 @@ impl BucketWrapper {
         response: Result<Response, Error>,
     ) -> Result<BTreeMap<u64, ReductError>, ReductError> {
         let mut failed_records = BTreeMap::new();
-        if response.is_err() {
-            check_response(response)?;
-        } else {
-            let response = response.unwrap();
-            let headers = response
-                .headers()
-                .iter()
-                .filter(|(key, _)| key.as_str().starts_with("x-reduct-error"))
-                .collect::<Vec<_>>();
-
-            for (key, value) in headers {
-                let record_ts = key
-                    .as_str()
-                    .trim_start_matches("x-reduct-error-")
-                    .parse::<u64>()
-                    .map_err(|err| unprocessable_entity!("Invalid timestamp {}: {}", key, err))?;
-
-                let (status, message) = value.to_str().unwrap().split_once(',').unwrap();
-                failed_records.insert(
-                    record_ts,
-                    ReductError::new(
-                        ErrorCode::from_int(status.parse().unwrap()).unwrap(),
-                        message,
-                    ),
-                );
-            }
+        let response = check_response(response)?;
+        let headers = response
+            .headers()
+            .iter()
+            .filter(|(key, _)| key.as_str().starts_with("x-reduct-error-"))
+            .collect::<Vec<_>>();
+
+        for (key, value) in headers {
+            let record_ts = key
+                .as_str()
+                .trim_start_matches("x-reduct-error-")
+                .parse::<u64>()
+                .map_err(|err| unprocessable_entity!("Invalid timestamp {}: {}", key, err))?;
+
+            let (status, message) = value.to_str().unwrap().split_once(',').unwrap();
+            failed_records.insert(
+                record_ts,
+                ReductError::new(
+                    ErrorCode::from_int(status.parse().unwrap()).unwrap(),
+                    message,
+                ),
+            );
         }
+
         Ok(failed_records)
     }
 
     fn sort_by_timestamp(records_to_update: &mut Vec<RecordReader>) {
-        records_to_update.sort_by(|a, b| b.timestamp().cmp(&a.timestamp()));
+        records_to_update.sort_by(|a, b| b.meta().timestamp().cmp(&a.meta().timestamp()));
     }
 }
 
-fn check_response(response: Result<Response, Error>) -> Result<(), ReductError> {
+fn check_response(response: Result<Response, Error>) -> Result<Response, ReductError> {
     let map_error = |error: reqwest::Error| -> ReductError {
         let status = if error.is_connect() {
             ErrorCode::ConnectionError
@@ -226,7 +224,7 @@ fn check_response(response: Result<Response, Error>) -> Result<(), ReductError>
 
     let response = response.map_err(map_error)?;
     if response.status().is_success() {
-        return Ok(());
+        return Ok(response);
     }
 
     let status =
@@ -296,8 +294,7 @@ impl ReductBucketApi for BucketWrapper {
             tx.send(response).await.unwrap();
         });
 
-        let failed_records = Self::parse_record_errors(rx.blocking_recv().unwrap())?;
-        Ok(failed_records)
+        Self::parse_record_errors(rx.blocking_recv().unwrap())
     }
 
     fn update_batch(
@@ -319,9 +316,7 @@ impl ReductBucketApi for BucketWrapper {
             tx.send(response).await.unwrap();
         });
 
-        let failed_records = Self::parse_record_errors(rx.blocking_recv().unwrap())?;
-
-        Ok(failed_records)
+        Self::parse_record_errors(rx.blocking_recv().unwrap())
     }
 
     fn server_url(&self) -> &str {
@@ -450,7 +445,7 @@ mod tests {
                 .body(Bytes::new())
                 .unwrap();
             let response = Ok(response).map(|r| r.into());
-            assert!(check_response(response).is_ok());
+            assert_eq!(check_response(response).unwrap().status(), 200);
         }
 
         #[rstest]
@@ -461,7 +456,10 @@ mod tests {
                 .body(Bytes::new())
                 .unwrap();
             let response = Ok(response).map(|r| r.into());
-            assert!(check_response(response).is_err());
+            assert_eq!(
+                check_response(response).unwrap_err().status(),
+                ErrorCode::NotFound
+            );
         }
     }
 
@@ -502,8 +500,8 @@ mod tests {
 
         (
             vec![
-                RecordReader::form_record_with_rx(rx1, rec1, false),
-                RecordReader::form_record_with_rx(rx2, rec2, false),
+                RecordReader::form_record_with_rx(rx1, rec1),
+                RecordReader::form_record_with_rx(rx2, rec2),
             ],
             vec![tx1, tx2],
         )
diff --git a/reductstore/src/replication/remote_bucket/states/bucket_available.rs b/reductstore/src/replication/remote_bucket/states/bucket_available.rs
index 06a009bb8..bdc5d0875 100644
--- a/reductstore/src/replication/remote_bucket/states/bucket_available.rs
+++ b/reductstore/src/replication/remote_bucket/states/bucket_available.rs
@@ -1,4 +1,4 @@
-// Copyright 2023-2024 ReductSoftware UG
+// Copyright 2023-2025 ReductSoftware UG
 // Licensed under the Business Source License 1.1
 
 use crate::replication::remote_bucket::client_wrapper::{BoxedBucketApi, BoxedClientApi};
@@ -8,9 +8,8 @@ use crate::replication::remote_bucket::ErrorRecordMap;
 use crate::replication::Transaction;
 use crate::storage::entry::RecordReader;
 use log::{debug, warn};
-use reduct_base::error::ErrorCode::MethodNotAllowed;
 use reduct_base::error::{ErrorCode, ReductError};
-use reduct_base::io::RecordMeta;
+use reduct_base::io::ReadRecord;
 use std::collections::BTreeMap;
 
 /// A state when the remote bucket is available.
@@ -91,15 +90,22 @@ impl RemoteBucketState for BucketAvailableState {
                         err
                     );
 
-                    if err.status != MethodNotAllowed {
-                        return self.check_error_and_change_state(err);
+                    match err.status {
+                        ErrorCode::NotFound => {
+                            warn!(
+                                "Entry {} not found on remote bucket {}/{}: {}",
+                                entry_name,
+                                self.bucket.server_url(),
+                                self.bucket.name(),
+                                err
+                            );
+                        }
+                        _ => return self.check_error_and_change_state(err),
                     }
 
-                    warn!("Please update the remote instance up to 1.11: {}", err);
-
                     let mut error_map = BTreeMap::new();
                     for record in &records_to_update {
-                        error_map.insert(record.timestamp(), err.clone());
+                        error_map.insert(record.meta().timestamp(), err.clone());
                     }
                     error_map
                 }
@@ -110,7 +116,7 @@ impl RemoteBucketState for BucketAvailableState {
 
         // Write the records that failed to update with new records.
         while let Some(record) = records_to_update.pop() {
-            if error_map.contains_key(&record.timestamp()) {
+            if error_map.contains_key(&record.meta().timestamp()) {
                 records_to_write.push(record);
             }
         }
@@ -343,11 +349,37 @@ mod tests {
         let state = state.write_batch("test", vec![record_to_update, record_to_write()]);
         assert!(
             state.last_result().is_ok(),
-            "we should not have any errors because wrote error records"
+            "we should not have any errors because wrote errored records"
         );
         assert!(state.is_available());
     }
 
+    #[rstest]
+    #[tokio::test]
+    async fn test_update_record_entry_not_found(
+        client: MockReductClientApi,
+        mut bucket: MockReductBucketApi,
+        record_to_update: (RecordReader, Transaction),
+    ) {
+        bucket
+            .expect_update_batch()
+            .returning(|_, _| Err(ReductError::new(ErrorCode::NotFound, "Entry not found")));
+
+        bucket.expect_write_batch().returning(|_, records| {
+            assert_eq!(records.len(), 1, "we create an entry and write the records");
+            Ok(ErrorRecordMap::new())
+        });
+
+        let state = Box::new(BucketAvailableState::new(
+            Box::new(client),
+            Box::new(bucket),
+        ));
+
+        let state = state.write_batch("test", vec![record_to_update]);
+        assert!(state.last_result().is_ok());
+        assert!(state.is_available());
+    }
+
     #[fixture]
     fn record_to_write() -> (RecordReader, Transaction) {
         let (_, rx) = tokio::sync::mpsc::channel(1);
@@ -362,7 +394,6 @@ mod tests {
                     content_type: "text/plain".to_string(),
                     state: 0,
                 },
-                false,
             ),
             Transaction::WriteRecord(0),
         )
@@ -382,7 +413,6 @@ mod tests {
                     content_type: "text/plain".to_string(),
                     state: 0,
                 },
-                false,
             ),
             Transaction::UpdateRecord(0),
         )
diff --git a/reductstore/src/replication/replication_repository.rs b/reductstore/src/replication/replication_repository.rs
index e30accdb2..7f5aa41e4 100644
--- a/reductstore/src/replication/replication_repository.rs
+++ b/reductstore/src/replication/replication_repository.rs
@@ -1,8 +1,9 @@
-// Copyright 2023-2024 ReductSoftware UG
+// Copyright 2023-2025 ReductSoftware UG
 // Licensed under the Business Source License 1.1
 
 use crate::cfg::replication::ReplicationConfig;
 use crate::cfg::DEFAULT_PORT;
+use crate::core::file_cache::FILE_CACHE;
 use crate::replication::proto::replication_repo::Item;
 use crate::replication::proto::{
     Label as ProtoLabel, ReplicationRepo as ProtoReplicationRepo,
@@ -21,6 +22,8 @@ use reduct_base::msg::replication_api::{
 };
 use reduct_base::{not_found, unprocessable_entity};
 use std::collections::HashMap;
+use std::io::SeekFrom::Start;
+use std::io::{Read, Write};
 use std::path::PathBuf;
 use std::sync::Arc;
 use url::Url;
@@ -194,6 +197,10 @@ impl ManageReplications for ReplicationRepository {
 
     fn notify(&mut self, notification: TransactionNotification) -> Result<(), ReductError> {
         for (_, replication) in self.replications.iter_mut() {
+            if replication.settings().src_bucket != notification.bucket {
+                continue; // skip if the replication is not for the source bucket
+            }
+
             let _ = replication.notify(notification.clone())?;
         }
         Ok(())
@@ -211,13 +218,25 @@ impl ReplicationRepository {
             config,
         };
 
-        match std::fs::read(&repo.repo_path) {
-            Ok(data) => {
+        let read_conf_file = || {
+            let lock = FILE_CACHE
+                .write_or_create(&repo.repo_path, Start(0))
+                .expect("Failed to create or open replication repository file")
+                .upgrade()
+                .unwrap();
+
+            let mut buf = Vec::new();
+            lock.write().unwrap().read_to_end(&mut buf)?;
+            Ok::<Vec<u8>, ReductError>(buf)
+        };
+
+        match read_conf_file() {
+            Ok(buf) => {
                 debug!(
                     "Reading replication repository from {}",
                     repo.repo_path.as_os_str().to_str().unwrap_or("...")
                 );
-                let proto_repo = ProtoReplicationRepo::decode(&mut Bytes::from(data))
+                let proto_repo = ProtoReplicationRepo::decode(&mut Bytes::from(buf))
                     .expect("Error decoding replication repository");
                 for item in proto_repo.replications {
                     if let Err(err) =
@@ -227,14 +246,7 @@ impl ReplicationRepository {
                     }
                 }
             }
-            Err(_) => {
-                debug!(
-                    "Creating a new token repository {}",
-                    repo.repo_path.as_os_str().to_str().unwrap_or("...")
-                );
-                repo.save_repo()
-                    .expect("Failed to create a new token repository");
-            }
+            Err(_) => {}
         }
         repo
     }
@@ -256,13 +268,16 @@ impl ReplicationRepository {
             .encode(&mut buf)
             .expect("Error encoding replication repository");
 
-        std::fs::write(&self.repo_path, buf).map_err(|e| {
-            ReductError::internal_server_error(&format!(
-                "Failed to write replication repository to {}: {}",
-                self.repo_path.as_os_str().to_str().unwrap_or("..."),
-                e
-            ))
-        })
+        let lock = FILE_CACHE
+            .write_or_create(&self.repo_path, Start(0))?
+            .upgrade()?;
+
+        let mut file = lock.write()?;
+        file.set_len(0)?;
+        file.write_all(&buf)?;
+        file.sync_all()?;
+
+        Ok(())
     }
 
     fn create_or_update_replication_task(
@@ -304,7 +319,7 @@ impl ReplicationRepository {
 
         // check syntax of when condition
         if let Some(when) = &settings.when {
-            if let Err(e) = Parser::new().parse(when) {
+            if let Err(e) = Parser::new().parse(when.clone()) {
                 return Err(unprocessable_entity!(
                     "Invalid replication condition: {}",
                     e
@@ -626,6 +641,7 @@ mod tests {
 
     mod get {
         use super::*;
+        use reduct_base::io::RecordMeta;
 
         #[rstest]
         fn test_get_replication(mut repo: ReplicationRepository, settings: ReplicationSettings) {
@@ -635,7 +651,7 @@ mod tests {
                 repl.notify(TransactionNotification {
                     bucket: "bucket-1".to_string(),
                     entry: "entry-1".to_string(),
-                    labels: Labels::default(),
+                    meta: RecordMeta::builder().build(),
                     event: WriteRecord(0),
                 })
                 .unwrap();
@@ -668,6 +684,50 @@ mod tests {
         }
     }
 
+    mod notify {
+        use super::*;
+        use reduct_base::io::RecordMeta;
+
+        #[rstest]
+        fn test_notify_replication(mut repo: ReplicationRepository, settings: ReplicationSettings) {
+            repo.create_replication("test", settings.clone()).unwrap();
+
+            let notification = TransactionNotification {
+                bucket: "bucket-1".to_string(),
+                entry: "entry-1".to_string(),
+                meta: RecordMeta::builder().build(),
+                event: WriteRecord(0),
+            };
+
+            repo.notify(notification.clone()).unwrap();
+            let repl = repo.get_replication("test").unwrap();
+            assert_eq!(repl.info().pending_records, 1);
+        }
+
+        #[rstest]
+        fn test_notify_wrong_bucket(
+            mut repo: ReplicationRepository,
+            settings: ReplicationSettings,
+        ) {
+            repo.create_replication("test", settings.clone()).unwrap();
+
+            let notification = TransactionNotification {
+                bucket: "bucket-2".to_string(),
+                entry: "entry-1".to_string(),
+                meta: RecordMeta::builder().build(),
+                event: WriteRecord(0),
+            };
+
+            repo.notify(notification).unwrap();
+            let repl = repo.get_replication("test").unwrap();
+            assert_eq!(
+                repl.info().pending_records,
+                0,
+                "Should not notify replication for wrong bucket"
+            );
+        }
+    }
+
     mod from {
         use super::*;
 
@@ -734,7 +794,7 @@ mod tests {
     #[fixture]
     fn storage() -> Arc<Storage> {
         let tmp_dir = tempfile::tempdir().unwrap();
-        let storage = Storage::load(tmp_dir.into_path(), None);
+        let storage = Storage::load(tmp_dir.keep(), None);
         let bucket = storage
             .create_bucket("bucket-1", BucketSettings::default())
             .unwrap()
diff --git a/reductstore/src/replication/replication_sender.rs b/reductstore/src/replication/replication_sender.rs
index 76bf41d9e..efe8142f8 100644
--- a/reductstore/src/replication/replication_sender.rs
+++ b/reductstore/src/replication/replication_sender.rs
@@ -99,7 +99,7 @@ impl ReplicationSender {
                             processed_transactions += 1;
 
                             if let Some(record_to_sync) = record_to_sync {
-                                let record_size = record_to_sync.content_length();
+                                let record_size = record_to_sync.meta().content_length();
                                 total_size += record_size;
                                 batch.push((record_to_sync, transaction));
 
@@ -473,7 +473,7 @@ mod tests {
             .begin_write(
                 "test",
                 20,
-                MAX_IO_BUFFER_SIZE * CHANNEL_BUFFER_SIZE + 1,
+                (MAX_IO_BUFFER_SIZE * CHANNEL_BUFFER_SIZE + 1) as u64,
                 "".to_string(),
                 Labels::new(),
             )
@@ -562,7 +562,7 @@ mod tests {
         let sender = build_sender(remote_bucket, settings);
 
         let transaction = Transaction::WriteRecord(10);
-        imitate_write_record(&sender, &transaction, (MAX_PAYLOAD_SIZE + 1) as usize);
+        imitate_write_record(&sender, &transaction, MAX_PAYLOAD_SIZE + 1);
 
         assert_eq!(sender.run(), SyncState::SyncedOrRemoved);
         assert!(
@@ -583,7 +583,7 @@ mod tests {
         assert_eq!(diagnostics.errored, 0, "no errors happened");
     }
 
-    fn imitate_write_record(sender: &ReplicationSender, transaction: &Transaction, size: usize) {
+    fn imitate_write_record(sender: &ReplicationSender, transaction: &Transaction, size: u64) {
         sender
             .log_map
             .read()
@@ -626,13 +626,14 @@ mod tests {
         remote_bucket: MockRmBucket,
         settings: ReplicationSettings,
     ) -> ReplicationSender {
-        let tmp_dir = tempfile::tempdir().unwrap().into_path();
+        let tmp_dir = tempfile::tempdir().unwrap().keep();
 
         let storage = Arc::new(Storage::load(tmp_dir, None));
 
         let log_map = Arc::new(RwLock::new(HashMap::new()));
         let log = RwLock::new(
-            TransactionLog::try_load_or_create(storage.data_path().join("test.log"), 1000).unwrap(),
+            TransactionLog::try_load_or_create(&storage.data_path().join("test.log"), 1000)
+                .unwrap(),
         );
 
         log_map.write().unwrap().insert("test".to_string(), log);
diff --git a/reductstore/src/replication/replication_task.rs b/reductstore/src/replication/replication_task.rs
index 8fc9a1f04..087428da7 100644
--- a/reductstore/src/replication/replication_task.rs
+++ b/reductstore/src/replication/replication_task.rs
@@ -1,4 +1,4 @@
-// Copyright 2023-2024 ReductSoftware UG
+// Copyright 2023-2025 ReductSoftware UG
 // Licensed under the Business Source License 1.1
 
 use std::collections::HashMap;
@@ -131,10 +131,25 @@ impl ReplicationTask {
                         &entry.name,
                         &replication_name,
                     );
-                    let log = TransactionLog::try_load_or_create(
-                        path,
+                    let log = match TransactionLog::try_load_or_create(
+                        &path,
                         thr_system_options.transaction_log_size,
-                    )?;
+                    ) {
+                        Ok(log) => log,
+                        Err(err) => {
+                            error!(
+                                "Failed to load transaction log for entry '{}': {:?}",
+                                entry.name, err
+                            );
+                            info!("Creating a new transaction log for entry '{}'", entry.name);
+                            FILE_CACHE.remove(&path)?;
+                            TransactionLog::try_load_or_create(
+                                &path,
+                                thr_system_options.transaction_log_size,
+                            )?
+                        }
+                    };
+
                     logs.insert(entry.name, RwLock::new(log));
                 }
 
@@ -183,7 +198,7 @@ impl ReplicationTask {
 
                         info!("Creating a new transaction log: {:?}", path);
                         match TransactionLog::try_load_or_create(
-                            path,
+                            &path,
                             thr_system_options.transaction_log_size,
                         ) {
                             Ok(log) => {
@@ -219,32 +234,31 @@ impl ReplicationTask {
 
     pub fn notify(&mut self, notification: TransactionNotification) -> Result<(), ReductError> {
         // We need to have a filter for each entry
-        {
+        let entry_name = notification.entry.clone();
+        let notifications = {
             let mut lock = self.filter_map.write()?;
             if !lock.contains_key(&notification.entry) {
                 lock.insert(
                     notification.entry.clone(),
-                    TransactionFilter::new(self.name(), self.settings.clone()),
+                    TransactionFilter::try_new(self.name(), self.settings.clone())?,
                 );
             }
 
-            let filter = lock.get_mut(&notification.entry).unwrap();
-            if !filter.filter(&notification) {
-                return Ok(());
-            }
-        }
+            let filter = lock.get_mut(&entry_name).unwrap();
+            filter.filter(notification)
+        };
 
         // NOTE: very important not to lock the log_map for too long
         // because it is used by the replication thread
-        if !self.log_map.read()?.contains_key(&notification.entry) {
+        if !self.log_map.read()?.contains_key(&entry_name) {
             let mut map = self.log_map.write()?;
             map.insert(
-                notification.entry.clone(),
+                entry_name.clone(),
                 RwLock::new(TransactionLog::try_load_or_create(
-                    Self::build_path_to_transaction_log(
+                    &Self::build_path_to_transaction_log(
                         self.storage.data_path(),
                         &self.settings.src_bucket,
-                        &notification.entry,
+                        &entry_name,
                         &self.name,
                     ),
                     self.system_options.transaction_log_size,
@@ -253,12 +267,15 @@ impl ReplicationTask {
         };
 
         let log_map = self.log_map.read()?;
-        let log = log_map.get(&notification.entry).unwrap();
+        let log = log_map.get(&entry_name).unwrap();
 
-        if let Some(_) = log.write()?.push_back(notification.event.clone())? {
-            error!("Transaction log is full, dropping the oldest transaction without replication");
+        for notification in notifications.into_iter() {
+            if let Some(_) = log.write()?.push_back(notification.event)? {
+                error!(
+                    "Transaction log is full, dropping the oldest transaction without replication"
+                );
+            }
         }
-
         Ok(())
     }
 
@@ -327,15 +344,15 @@ impl Drop for ReplicationTask {
 #[cfg(test)]
 mod tests {
     use super::*;
-    use std::fs;
-
     use bytes::Bytes;
+    use std::fs;
+    use std::io::Write;
 
+    use crate::core::file_cache::FILE_CACHE;
     use mockall::mock;
+    use reduct_base::io::RecordMeta;
     use rstest::*;
 
-    use crate::core::file_cache::FILE_CACHE;
-
     use crate::replication::remote_bucket::ErrorRecordMap;
     use crate::replication::Transaction;
     use crate::storage::entry::io::record_reader::RecordReader;
@@ -359,8 +376,12 @@ mod tests {
     }
 
     #[rstest]
-    fn test_transaction_log_init(remote_bucket: MockRmBucket, settings: ReplicationSettings) {
-        let replication = build_replication(remote_bucket, settings);
+    fn test_transaction_log_init(
+        remote_bucket: MockRmBucket,
+        settings: ReplicationSettings,
+        path: PathBuf,
+    ) {
+        let replication = build_replication(path, remote_bucket, settings);
         assert_eq!(replication.log_map.read().unwrap().len(), 2);
         assert!(
             replication.log_map.read().unwrap().contains_key("test1"),
@@ -372,17 +393,95 @@ mod tests {
         );
     }
 
+    #[rstest]
+    fn test_transaction_log_init_err(
+        remote_bucket: MockRmBucket,
+        settings: ReplicationSettings,
+        path: PathBuf,
+    ) {
+        {
+            // create a broken transaction log
+            let log_path = ReplicationTask::build_path_to_transaction_log(
+                &path,
+                &settings.src_bucket,
+                "test1",
+                &"test".to_string(),
+            );
+
+            fs::create_dir_all(log_path.parent().unwrap()).unwrap();
+            let mut log_file = fs::File::create(&log_path).unwrap();
+
+            log_file
+                .write_all(&[0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0])
+                .unwrap();
+        }
+
+        let replication = build_replication(path, remote_bucket, settings);
+        assert_eq!(replication.log_map.read().unwrap().len(), 2);
+        let log_len = replication
+            .log_map
+            .read()
+            .unwrap()
+            .get("test1")
+            .unwrap()
+            .read()
+            .unwrap()
+            .len();
+        assert_eq!(
+            log_len, 0,
+            "Task recreated a new transaction log for 'test1' after broken log"
+        );
+    }
+
+    #[rstest]
+    fn test_add_new_entry(
+        mut remote_bucket: MockRmBucket,
+        mut notification: TransactionNotification,
+        settings: ReplicationSettings,
+        path: PathBuf,
+    ) {
+        remote_bucket
+            .expect_write_batch()
+            .returning(|_, _| Ok(ErrorRecordMap::new()));
+        remote_bucket.expect_is_active().return_const(true);
+        let mut replication = build_replication(path, remote_bucket, settings.clone());
+
+        notification.entry = "new_entry".to_string();
+        fs::create_dir_all(
+            replication
+                .storage
+                .data_path()
+                .join(settings.src_bucket)
+                .join("new_entry"),
+        )
+        .unwrap();
+
+        replication.notify(notification).unwrap();
+        sleep(Duration::from_millis(100));
+        assert!(transaction_log_is_empty(&replication));
+        assert_eq!(
+            replication.info(),
+            ReplicationInfo {
+                name: "test".to_string(),
+                is_active: true,
+                is_provisioned: false,
+                pending_records: 0,
+            }
+        );
+    }
+
     #[rstest]
     fn test_replication_ok_active(
         mut remote_bucket: MockRmBucket,
         notification: TransactionNotification,
         settings: ReplicationSettings,
+        path: PathBuf,
     ) {
         remote_bucket
             .expect_write_batch()
             .returning(|_, _| Ok(ErrorRecordMap::new()));
         remote_bucket.expect_is_active().return_const(true);
-        let mut replication = build_replication(remote_bucket, settings);
+        let mut replication = build_replication(path, remote_bucket, settings);
 
         replication.notify(notification).unwrap();
         sleep(Duration::from_millis(100));
@@ -413,12 +512,13 @@ mod tests {
         mut remote_bucket: MockRmBucket,
         notification: TransactionNotification,
         settings: ReplicationSettings,
+        path: PathBuf,
     ) {
         remote_bucket
             .expect_write_batch()
             .returning(|_, _| Ok(ErrorRecordMap::new()));
         remote_bucket.expect_is_active().return_const(false);
-        let mut replication = build_replication(remote_bucket, settings);
+        let mut replication = build_replication(path, remote_bucket, settings);
 
         replication.notify(notification).unwrap();
         sleep(Duration::from_millis(100));
@@ -449,6 +549,7 @@ mod tests {
         mut notification: TransactionNotification,
         mut remote_bucket: MockRmBucket,
         settings: ReplicationSettings,
+        path: PathBuf,
     ) {
         remote_bucket
             .expect_write_batch()
@@ -459,7 +560,7 @@ mod tests {
             ..settings
         };
 
-        let mut replication = build_replication(MockRmBucket::new(), settings.clone());
+        let mut replication = build_replication(path, MockRmBucket::new(), settings.clone());
 
         let mut time = 10;
         for entry in &["test1", "test2"] {
@@ -487,12 +588,13 @@ mod tests {
         mut remote_bucket: MockRmBucket,
         notification: TransactionNotification,
         settings: ReplicationSettings,
+        path: PathBuf,
     ) {
         remote_bucket
             .expect_write_batch()
             .return_const(Ok(ErrorRecordMap::new()));
         remote_bucket.expect_is_active().return_const(true);
-        let mut replication = build_replication(remote_bucket, settings.clone());
+        let mut replication = build_replication(path, remote_bucket, settings.clone());
         replication.notify(notification.clone()).unwrap();
 
         let path = ReplicationTask::build_path_to_transaction_log(
@@ -516,12 +618,13 @@ mod tests {
         mut remote_bucket: MockRmBucket,
         notification: TransactionNotification,
         settings: ReplicationSettings,
+        path: PathBuf,
     ) {
         remote_bucket
             .expect_write_batch()
             .return_const(Ok(ErrorRecordMap::new()));
         remote_bucket.expect_is_active().return_const(true);
-        let mut replication = build_replication(remote_bucket, settings.clone());
+        let mut replication = build_replication(path, remote_bucket, settings.clone());
         replication.notify(notification.clone()).unwrap();
 
         let path = ReplicationTask::build_path_to_transaction_log(
@@ -552,12 +655,11 @@ mod tests {
     }
 
     fn build_replication(
+        path: PathBuf,
         remote_bucket: MockRmBucket,
         settings: ReplicationSettings,
     ) -> ReplicationTask {
-        let tmp_dir = tempfile::tempdir().unwrap().into_path();
-
-        let storage = Arc::new(Storage::load(tmp_dir, None));
+        let storage = Arc::new(Storage::load(path, None));
 
         let bucket = storage
             .create_bucket("src", BucketSettings::default())
@@ -608,7 +710,7 @@ mod tests {
         TransactionNotification {
             bucket: "src".to_string(),
             entry: "test1".to_string(),
-            labels: Labels::new(),
+            meta: RecordMeta::builder().timestamp(10).build(),
             event: Transaction::WriteRecord(10),
         }
     }
@@ -629,6 +731,11 @@ mod tests {
         }
     }
 
+    #[fixture]
+    fn path() -> PathBuf {
+        tempfile::tempdir().unwrap().keep()
+    }
+
     fn transaction_log_is_empty(replication: &ReplicationTask) -> bool {
         sleep(Duration::from_millis(50));
         sleep(Duration::from_millis(50));
diff --git a/reductstore/src/replication/transaction_filter.rs b/reductstore/src/replication/transaction_filter.rs
index 5999a25d6..25dc2a7ce 100644
--- a/reductstore/src/replication/transaction_filter.rs
+++ b/reductstore/src/replication/transaction_filter.rs
@@ -2,30 +2,50 @@
 // Licensed under the Business Source License 1.1
 
 use log::warn;
-use reduct_base::io::RecordMeta;
+use reduct_base::error::ReductError;
 use reduct_base::msg::replication_api::ReplicationSettings;
-use reduct_base::Labels;
+use std::collections::HashMap;
 
 use crate::replication::TransactionNotification;
 use crate::storage::query::condition::Parser;
 use crate::storage::query::filters::{
-    EachNFilter, EachSecondFilter, ExcludeLabelFilter, IncludeLabelFilter, RecordFilter, WhenFilter,
+    apply_filters_recursively, EachNFilter, EachSecondFilter, ExcludeLabelFilter, FilterRecord,
+    IncludeLabelFilter, RecordFilter, WhenFilter,
 };
 
+type Filter = Box<dyn RecordFilter<TransactionNotification> + Send + Sync>;
 /// Filter for transaction notifications.
 pub(super) struct TransactionFilter {
     bucket: String,
     entries: Vec<String>,
-    query_filters: Vec<Box<dyn RecordFilter + Send + Sync>>,
+    query_filters: Vec<Filter>,
 }
 
-impl RecordMeta for TransactionNotification {
+impl FilterRecord for TransactionNotification {
     fn timestamp(&self) -> u64 {
-        self.event.timestamp().clone()
+        *self.event.timestamp()
     }
 
-    fn labels(&self) -> &Labels {
-        &self.labels
+    fn labels(&self) -> HashMap<&String, &String> {
+        self.meta.labels().iter().map(|(k, v)| (k, v)).collect()
+    }
+
+    fn set_labels(&mut self, labels: HashMap<String, String>) {
+        let labels_mut = self.meta.labels_mut();
+        labels_mut.clear();
+        labels_mut.extend(labels);
+    }
+
+    fn computed_labels(&self) -> HashMap<&String, &String> {
+        self.meta
+            .computed_labels()
+            .iter()
+            .map(|(k, v)| (k, v))
+            .collect()
+    }
+
+    fn state(&self) -> i32 {
+        self.meta.state()
     }
 }
 
@@ -38,8 +58,8 @@ impl TransactionFilter {
     /// * `entries` - Entries to filter. Supports wildcards. If empty, all entries are matched.
     /// * `include` - Labels to include. All must match. If empty, all labels are matched.
     /// * `exclude` - Labels to exclude. Any must match. If empty, no labels are matched.
-    pub(super) fn new(name: &str, settings: ReplicationSettings) -> Self {
-        let mut query_filters: Vec<Box<dyn RecordFilter + Send + Sync>> = vec![];
+    pub(super) fn try_new(name: &str, settings: ReplicationSettings) -> Result<Self, ReductError> {
+        let mut query_filters: Vec<Filter> = vec![];
         if !settings.include.is_empty() {
             query_filters.push(Box::new(IncludeLabelFilter::new(settings.include)));
         }
@@ -57,9 +77,9 @@ impl TransactionFilter {
         }
 
         if let Some(when) = settings.when {
-            match Parser::new().parse(&when) {
-                Ok(condition) => {
-                    query_filters.push(Box::new(WhenFilter::new(condition)));
+            match Parser::new().parse(when.clone()) {
+                Ok((condition, directives)) => {
+                    query_filters.push(Box::new(WhenFilter::try_new(condition, directives, true)?));
                 }
                 Err(err) => warn!(
                     "Error parsing when condition in {} replication task: {}",
@@ -68,11 +88,11 @@ impl TransactionFilter {
             }
         }
 
-        Self {
+        Ok(Self {
             bucket: settings.src_bucket,
             entries: settings.entries,
             query_filters,
-        }
+        })
     }
 
     /// Filter a transaction notification.
@@ -84,9 +104,12 @@ impl TransactionFilter {
     /// # Returns
     ///
     /// `true` if the notification matches the filter, `false` otherwise.
-    pub(super) fn filter(&mut self, notification: &TransactionNotification) -> bool {
+    pub(super) fn filter(
+        &mut self,
+        notification: TransactionNotification,
+    ) -> Vec<TransactionNotification> {
         if notification.bucket != self.bucket {
-            return false;
+            return vec![];
         }
 
         if !self.entries.is_empty() {
@@ -104,57 +127,67 @@ impl TransactionFilter {
                 }
             }
             if !found {
-                return false;
+                return vec![];
             }
         }
 
-        // filter out notifications
-        for filter in self.query_filters.iter_mut() {
-            match filter.filter(notification) {
-                Ok(false) => return false,
-                Err(err) => {
-                    warn!("Error filtering transaction notification: {}", err);
-                    return false;
-                }
-                _ => {}
+        match apply_filters_recursively(
+            self.query_filters.as_mut_slice(),
+            vec![notification.clone()],
+            0,
+        ) {
+            Ok(Some(notifications)) => notifications,
+            Ok(None) => {
+                warn!(
+                    "Filtering interrupted in replication task '{}'",
+                    self.bucket
+                );
+                vec![]
+            }
+            Err(err) => {
+                warn!(
+                    "Error applying filters in replication task '{}': {}",
+                    self.bucket, err
+                );
+                vec![]
             }
         }
-
-        true
     }
 }
 
 #[cfg(test)]
 mod tests {
+    use crate::replication::Transaction;
+    use reduct_base::io::RecordMeta;
     use reduct_base::Labels;
     use rstest::*;
 
-    use crate::replication::Transaction;
-
     use super::*;
 
     #[rstest]
     fn test_transaction_filter(notification: TransactionNotification) {
-        let mut filter = TransactionFilter::new(
+        let mut filter = TransactionFilter::try_new(
             "test",
             ReplicationSettings {
                 src_bucket: "bucket".to_string(),
                 ..ReplicationSettings::default()
             },
-        );
-        assert!(filter.filter(&notification));
+        )
+        .unwrap();
+        assert_eq!(filter.filter(notification).len(), 1);
     }
 
     #[rstest]
     fn test_transaction_filter_bucket(notification: TransactionNotification) {
-        let mut filter = TransactionFilter::new(
+        let mut filter = TransactionFilter::try_new(
             "test",
             ReplicationSettings {
                 src_bucket: "other".to_string(),
                 ..ReplicationSettings::default()
             },
-        );
-        assert!(!filter.filter(&notification));
+        )
+        .unwrap();
+        assert_eq!(filter.filter(notification).len(), 0);
     }
 
     #[rstest]
@@ -168,15 +201,18 @@ mod tests {
         #[case] expected: bool,
         notification: TransactionNotification,
     ) {
-        let mut filter = TransactionFilter::new(
+        let mut filter = TransactionFilter::try_new(
             "test",
             ReplicationSettings {
                 src_bucket: "bucket".to_string(),
                 entries,
                 ..ReplicationSettings::default()
             },
-        );
-        assert_eq!(filter.filter(&notification), expected);
+        )
+        .unwrap();
+
+        let filtered = filter.filter(notification);
+        assert_eq!(filtered.is_empty(), !expected);
     }
 
     #[rstest]
@@ -191,15 +227,18 @@ mod tests {
         #[case] expected: bool,
         notification: TransactionNotification,
     ) {
-        let mut filter = TransactionFilter::new(
+        let mut filter = TransactionFilter::try_new(
             "test",
             ReplicationSettings {
                 src_bucket: "bucket".to_string(),
                 include: Labels::from_iter(include),
                 ..ReplicationSettings::default()
             },
-        );
-        assert_eq!(filter.filter(&notification), expected);
+        )
+        .unwrap();
+
+        let filtered = filter.filter(notification);
+        assert_eq!(filtered.is_empty(), !expected);
     }
 
     #[rstest]
@@ -213,119 +252,136 @@ mod tests {
         #[case] expected: bool,
         notification: TransactionNotification,
     ) {
-        let mut filter = TransactionFilter::new(
+        let mut filter = TransactionFilter::try_new(
             "test",
             ReplicationSettings {
                 src_bucket: "bucket".to_string(),
                 exclude: Labels::from_iter(exclude),
                 ..ReplicationSettings::default()
             },
-        );
-        assert_eq!(filter.filter(&notification), expected);
+        )
+        .unwrap();
+
+        let filtered = filter.filter(notification);
+        assert_eq!(filtered.is_empty(), !expected);
     }
 
     #[rstest]
     fn test_transaction_filter_each_n(notification: TransactionNotification) {
-        let mut filter = TransactionFilter::new(
+        let mut filter = TransactionFilter::try_new(
             "test",
             ReplicationSettings {
                 src_bucket: "bucket".to_string(),
                 each_n: Some(2),
                 ..ReplicationSettings::default()
             },
-        );
+        )
+        .unwrap();
 
-        assert!(filter.filter(&notification));
-        assert!(!filter.filter(&notification));
-        assert!(filter.filter(&notification));
+        assert_eq!(filter.filter(notification.clone()).len(), 1);
+        assert_eq!(filter.filter(notification.clone()).len(), 0);
+        assert_eq!(filter.filter(notification).len(), 1);
     }
 
     #[rstest]
     fn test_transaction_filter_each_s(mut notification: TransactionNotification) {
-        let mut filter = TransactionFilter::new(
+        let mut filter = TransactionFilter::try_new(
             "test",
             ReplicationSettings {
                 src_bucket: "bucket".to_string(),
                 each_s: Some(1.0),
                 ..ReplicationSettings::default()
             },
-        );
+        )
+        .unwrap();
 
-        assert!(filter.filter(&notification));
+        assert_eq!(filter.filter(notification.clone()).len(), 1);
         notification.event = Transaction::WriteRecord(1);
-        assert!(!filter.filter(&notification));
+        assert_eq!(filter.filter(notification.clone()).len(), 0);
         notification.event = Transaction::WriteRecord(2);
-        assert!(!filter.filter(&notification));
+        assert_eq!(filter.filter(notification.clone()).len(), 0);
         notification.event = Transaction::WriteRecord(1000_002);
-        assert!(filter.filter(&notification));
+        assert_eq!(filter.filter(notification.clone()).len(), 1);
     }
 
     #[rstest]
     fn test_transaction_filter_when(notification: TransactionNotification) {
-        let mut filter = TransactionFilter::new(
+        let mut filter = TransactionFilter::try_new(
             "test",
             ReplicationSettings {
                 src_bucket: "bucket".to_string(),
                 when: Some(serde_json::json!({"$eq": ["&x", "y"]})),
                 ..ReplicationSettings::default()
             },
-        );
+        )
+        .unwrap();
+
+        assert_eq!(filter.filter(notification.clone()).len(), 1);
 
-        assert!(filter.filter(&notification));
-        filter = TransactionFilter::new(
+        filter = TransactionFilter::try_new(
             "test",
             ReplicationSettings {
                 src_bucket: "bucket".to_string(),
                 when: Some(serde_json::json!({"$eq": ["&x", "z"]})),
                 ..ReplicationSettings::default()
             },
-        );
-        assert!(!filter.filter(&notification));
+        )
+        .unwrap();
+
+        assert_eq!(filter.filter(notification).len(), 0);
     }
 
     #[rstest]
     fn test_transaction_filter_when_non_strict(notification: TransactionNotification) {
-        let mut filter = TransactionFilter::new(
+        let mut filter = TransactionFilter::try_new(
             "test",
             ReplicationSettings {
                 src_bucket: "bucket".to_string(),
                 when: Some(serde_json::json!({"$eq": ["&NOT_EXIST", "y"]})),
                 ..ReplicationSettings::default()
             },
+        )
+        .unwrap();
+
+        assert!(
+            filter.filter(notification).is_empty(),
+            "label doesn't exist but we consider it as false"
         );
+    }
+
+    #[rstest]
+    fn test_transaction_filter_interrupted(notification: TransactionNotification) {
+        let mut filter = TransactionFilter::try_new(
+            "test",
+            ReplicationSettings {
+                src_bucket: "bucket".to_string(),
+                when: Some(serde_json::json!({"$limit": 0})),
+                ..ReplicationSettings::default()
+            },
+        )
+        .unwrap();
 
         assert!(
-            !filter.filter(&notification),
+            filter.filter(notification).is_empty(),
             "label doesn't exist but we consider it as false"
         );
     }
 
     #[rstest]
     fn test_transaction_filter_invalid_when() {
-        let filter = TransactionFilter::new(
+        let filter = TransactionFilter::try_new(
             "test",
             ReplicationSettings {
                 src_bucket: "bucket".to_string(),
                 when: Some(serde_json::json!({"$UNKNOWN_OP": ["&x", "y", "z"]})),
                 ..ReplicationSettings::default()
             },
-        );
+        )
+        .unwrap();
 
         assert!(filter.query_filters.is_empty());
     }
 
-    mod filter_point {
-
-        use super::*;
-
-        #[rstest]
-        fn test_filter_point(notification: TransactionNotification) {
-            assert_eq!(notification.timestamp(), 0);
-            assert_eq!(notification.labels(), &notification.labels);
-            assert_eq!(notification.state(), 0);
-        }
-    }
-
     #[fixture]
     fn notification() -> TransactionNotification {
         let labels = Labels::from_iter(vec![
@@ -335,8 +391,53 @@ mod tests {
         TransactionNotification {
             bucket: "bucket".to_string(),
             entry: "entry".to_string(),
-            labels,
+            meta: RecordMeta::builder()
+                .timestamp(0)
+                .labels(labels)
+                .computed_labels(Labels::default())
+                .state(0)
+                .build(),
             event: Transaction::WriteRecord(0),
         }
     }
+
+    mod filter_record_impl {
+        use super::*;
+
+        #[rstest]
+        fn test_filter_record_impl(notification: TransactionNotification) {
+            let record: Box<dyn FilterRecord> = Box::new(notification.clone());
+            assert_eq!(record.timestamp(), *notification.event.timestamp());
+
+            for (key, value) in notification.meta.labels() {
+                assert_eq!(record.labels().get(key), Some(&value));
+            }
+
+            for (key, value) in notification.meta.computed_labels() {
+                assert_eq!(record.computed_labels().get(key), Some(&value));
+            }
+
+            assert_eq!(record.state(), notification.meta.state());
+        }
+
+        #[rstest]
+        fn test_set_labels(mut notification: TransactionNotification) {
+            let new_labels = HashMap::from([
+                ("a".to_string(), "b".to_string()),
+                ("c".to_string(), "d".to_string()),
+            ]);
+
+            notification.set_labels(new_labels.clone());
+
+            assert_eq!(notification.labels().len(), 2);
+            assert_eq!(
+                notification.labels().get(&"a".to_string()),
+                Some(&&"b".to_string())
+            );
+            assert_eq!(
+                notification.labels().get(&"c".to_string()),
+                Some(&&"d".to_string())
+            );
+        }
+    }
 }
diff --git a/reductstore/src/replication/transaction_log.rs b/reductstore/src/replication/transaction_log.rs
index f7ab1a675..6b94be273 100644
--- a/reductstore/src/replication/transaction_log.rs
+++ b/reductstore/src/replication/transaction_log.rs
@@ -1,9 +1,9 @@
-// Copyright 2023-2024 ReductSoftware UG
+// Copyright 2023-2025 ReductSoftware UG
 // Licensed under the Business Source License 1.1
 
 use crate::core::file_cache::FILE_CACHE;
 use crate::replication::Transaction;
-use log::{debug, error, warn};
+use log::{debug, warn};
 use reduct_base::error::ReductError;
 use reduct_base::internal_server_error;
 use std::io::{Read, Seek, SeekFrom, Write};
@@ -28,28 +28,6 @@ pub(super) struct TransactionLog {
 const HEADER_SIZE: usize = 16;
 const ENTRY_SIZE: usize = 9;
 
-impl Drop for TransactionLog {
-    fn drop(&mut self) {
-        // Flush and sync the file in a separate thread.
-        let file = FILE_CACHE.write_or_create(&self.file_path, SeekFrom::Current(0));
-        if file.is_err() {
-            error!("Failed to open transaction log: {}", file.err().unwrap());
-            return;
-        }
-
-        let file = file.unwrap().upgrade().unwrap();
-        let sync = || {
-            let mut file = file.write()?;
-            file.flush()?;
-            file.sync_all()?;
-
-            Ok::<(), ReductError>(())
-        };
-
-        sync().map_or_else(|e| error!("Failed to sync transaction log: {}", e), |r| r);
-    }
-}
-
 impl TransactionLog {
     /// Create a new transaction log or load an existing one.
     ///
@@ -61,7 +39,7 @@ impl TransactionLog {
     /// # Returns
     ///
     /// A new transaction log instance or an error.
-    pub fn try_load_or_create(path: PathBuf, capacity: usize) -> Result<Self, ReductError> {
+    pub fn try_load_or_create(path: &PathBuf, capacity: usize) -> Result<Self, ReductError> {
         let init_capacity_in_bytes = capacity * ENTRY_SIZE + HEADER_SIZE;
 
         let instance = if !path.try_exists()? {
@@ -77,7 +55,7 @@ impl TransactionLog {
             file.sync_all()?;
 
             Self {
-                file_path: path,
+                file_path: path.clone(),
                 capacity_in_bytes: init_capacity_in_bytes,
                 write_pos: HEADER_SIZE,
                 read_pos: HEADER_SIZE,
@@ -94,6 +72,15 @@ impl TransactionLog {
             };
             let write_pos = u64::from_be_bytes(buf[0..8].try_into().unwrap()) as usize;
             let read_pos = u64::from_be_bytes(buf[8..16].try_into().unwrap()) as usize;
+
+            Self::integrity_check(
+                path,
+                init_capacity_in_bytes,
+                capacity_in_bytes,
+                write_pos,
+                read_pos,
+            )?;
+
             let capacity_in_bytes = if init_capacity_in_bytes != capacity_in_bytes {
                 // If the capacity is changed, we need to check if the log is empty
                 // then we can change the capacity.
@@ -105,7 +92,7 @@ impl TransactionLog {
                     let file = FILE_CACHE
                         .write_or_create(&path, SeekFrom::Start(0))?
                         .upgrade()?;
-                    let file = file.write()?;
+                    let mut file = file.write()?;
 
                     file.set_len(init_capacity_in_bytes as u64)?;
                     init_capacity_in_bytes
@@ -118,7 +105,7 @@ impl TransactionLog {
             };
 
             Self {
-                file_path: path,
+                file_path: path.to_path_buf(),
                 capacity_in_bytes,
                 write_pos,
                 read_pos,
@@ -128,6 +115,44 @@ impl TransactionLog {
         Ok(instance)
     }
 
+    fn integrity_check(
+        path: &PathBuf,
+        init_capacity_in_bytes: usize,
+        capacity_in_bytes: usize,
+        write_pos: usize,
+        read_pos: usize,
+    ) -> Result<(), ReductError> {
+        if init_capacity_in_bytes < HEADER_SIZE
+            || (capacity_in_bytes - HEADER_SIZE) % ENTRY_SIZE != 0
+        {
+            return Err(internal_server_error!(
+                "Invalid size {} of transaction log {}",
+                capacity_in_bytes,
+                path.to_str().unwrap_or("unknown path")
+            ));
+        }
+
+        let check_pos = |pos: usize, name: &str| {
+            if pos < HEADER_SIZE
+                || pos >= capacity_in_bytes
+                || (pos - HEADER_SIZE) % ENTRY_SIZE != 0
+            {
+                return Err(internal_server_error!(
+                    "Invalid {} position {} in transaction log {}",
+                    name,
+                    pos,
+                    path.to_str().unwrap_or("unknown path")
+                ));
+            }
+            Ok(())
+        };
+
+        check_pos(write_pos, "write")?;
+        check_pos(read_pos, "read")?;
+
+        Ok(())
+    }
+
     /// Push a new transaction to the log.
     ///
     /// # Arguments
@@ -271,13 +296,13 @@ mod tests {
 
     #[rstest]
     fn test_new_transaction_log(path: PathBuf) {
-        let transaction_log = TransactionLog::try_load_or_create(path, 100).unwrap();
+        let transaction_log = TransactionLog::try_load_or_create(&path, 100).unwrap();
         assert_eq!(transaction_log.is_empty(), true);
     }
 
     #[rstest]
     fn test_write_read_transaction_log(path: PathBuf) {
-        let mut transaction_log = TransactionLog::try_load_or_create(path, 100).unwrap();
+        let mut transaction_log = TransactionLog::try_load_or_create(&path, 100).unwrap();
         assert_eq!(
             transaction_log
                 .push_back(Transaction::WriteRecord(1))
@@ -308,7 +333,7 @@ mod tests {
 
     #[rstest]
     fn test_write_broken_type(path: PathBuf) {
-        let mut transaction_log = TransactionLog::try_load_or_create(path.clone(), 100).unwrap();
+        let mut transaction_log = TransactionLog::try_load_or_create(&path, 100).unwrap();
         assert_eq!(
             transaction_log
                 .push_back(Transaction::WriteRecord(1))
@@ -337,7 +362,7 @@ mod tests {
 
     #[rstest]
     fn test_out_of_range(path: PathBuf) {
-        let mut transaction_log = TransactionLog::try_load_or_create(path, 100).unwrap();
+        let mut transaction_log = TransactionLog::try_load_or_create(&path, 100).unwrap();
         assert_eq!(
             transaction_log
                 .push_back(Transaction::WriteRecord(1))
@@ -369,7 +394,7 @@ mod tests {
 
     #[rstest]
     fn test_overflow(path: PathBuf) {
-        let mut transaction_log = TransactionLog::try_load_or_create(path, 3).unwrap();
+        let mut transaction_log = TransactionLog::try_load_or_create(&path, 3).unwrap();
         for i in 1..5 {
             transaction_log
                 .push_back(Transaction::WriteRecord(i))
@@ -385,14 +410,14 @@ mod tests {
 
     #[rstest]
     fn test_recovery(path: PathBuf) {
-        let mut transaction_log = TransactionLog::try_load_or_create(path.clone(), 3).unwrap();
+        let mut transaction_log = TransactionLog::try_load_or_create(&path, 3).unwrap();
         for i in 1..5 {
             transaction_log
                 .push_back(Transaction::WriteRecord(i))
                 .unwrap();
         }
 
-        let mut transaction_log = TransactionLog::try_load_or_create(path, 3).unwrap();
+        let mut transaction_log = TransactionLog::try_load_or_create(&path, 3).unwrap();
         assert_eq!(transaction_log.len(), 2);
         assert_eq!(
             transaction_log.front(2).unwrap(),
@@ -405,27 +430,27 @@ mod tests {
 
     #[rstest]
     fn test_recovery_init(path: PathBuf) {
-        let mut transaction_log = TransactionLog::try_load_or_create(path.clone(), 3).unwrap();
+        let mut transaction_log = TransactionLog::try_load_or_create(&path, 3).unwrap();
         transaction_log
             .push_back(Transaction::WriteRecord(1))
             .unwrap();
         drop(transaction_log);
 
-        let transaction_log = TransactionLog::try_load_or_create(path, 3).unwrap();
+        let transaction_log = TransactionLog::try_load_or_create(&path, 3).unwrap();
         assert_eq!(transaction_log.write_pos, HEADER_SIZE + ENTRY_SIZE);
         assert_eq!(transaction_log.read_pos, HEADER_SIZE);
     }
 
     #[rstest]
     fn test_recovery_empty_cache(path: PathBuf) {
-        let mut transaction_log = TransactionLog::try_load_or_create(path.clone(), 3).unwrap();
+        let mut transaction_log = TransactionLog::try_load_or_create(&path, 3).unwrap();
         transaction_log
             .push_back(Transaction::WriteRecord(1))
             .unwrap();
 
         FILE_CACHE.discard_recursive(&path).unwrap(); // discard the cache to simulate restart
 
-        let mut transaction_log = TransactionLog::try_load_or_create(path, 3).unwrap();
+        let mut transaction_log = TransactionLog::try_load_or_create(&path, 3).unwrap();
 
         // check if the transaction log is still working after cache discard
         assert_eq!(
@@ -438,13 +463,13 @@ mod tests {
 
     #[rstest]
     fn test_resize_empty_log(path: PathBuf) {
-        TransactionLog::try_load_or_create(path.clone(), 3).unwrap();
+        TransactionLog::try_load_or_create(&path, 3).unwrap();
         assert_eq!(
             fs::metadata(&path).unwrap().len() as usize,
             ENTRY_SIZE * 3 + HEADER_SIZE
         );
 
-        TransactionLog::try_load_or_create(path.clone(), 5).unwrap();
+        TransactionLog::try_load_or_create(&path, 5).unwrap();
         assert_eq!(
             fs::metadata(&path).unwrap().len() as usize,
             ENTRY_SIZE * 5 + HEADER_SIZE
@@ -453,7 +478,7 @@ mod tests {
 
     #[rstest]
     fn test_resize_non_empty_log(path: PathBuf) {
-        let mut transaction_log = TransactionLog::try_load_or_create(path.clone(), 3).unwrap();
+        let mut transaction_log = TransactionLog::try_load_or_create(&path, 3).unwrap();
         transaction_log
             .push_back(Transaction::WriteRecord(1))
             .unwrap();
@@ -462,7 +487,7 @@ mod tests {
             ENTRY_SIZE * 3 + HEADER_SIZE
         );
 
-        TransactionLog::try_load_or_create(path.clone(), 5).unwrap();
+        TransactionLog::try_load_or_create(&path, 5).unwrap();
         assert_eq!(
             fs::metadata(&path).unwrap().len() as usize,
             ENTRY_SIZE * 3 + HEADER_SIZE,
@@ -470,9 +495,72 @@ mod tests {
         );
     }
 
+    mod integrity_tests {
+        use super::*;
+
+        #[rstest]
+        #[case([0, 0, 0, 0, 0, 0, 0, 17, 0, 0, 0, 0, 0, 0, 0, 16], "Invalid write position 17 in transaction log"
+        )]
+        #[case([0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 16], "Invalid write position 1 in transaction log"
+        )]
+        #[case([0, 0, 0, 0, 0, 0, 0, 34, 0, 0, 0, 0, 0, 0, 0, 16], "Invalid write position 34 in transaction log"
+        )]
+        #[case([0, 0, 0, 0, 0, 0, 0, 16, 0, 0, 0, 0, 0, 0, 0, 17], "Invalid read position 17 in transaction log"
+        )]
+        #[case([0, 0, 0, 0, 0, 0, 0, 16, 0, 0, 0, 0, 0, 0, 0, 1], "Invalid read position 1 in transaction log"
+        )]
+        #[case([0, 0, 0, 0, 0, 0, 0, 16, 0, 0, 0, 0, 0, 0, 0, 34], "Invalid read position 34 in transaction log"
+        )]
+        fn test_invalid_position(
+            #[case] buf: [u8; 16],
+            #[case] expected_error: &str,
+            path: PathBuf,
+        ) {
+            {
+                let file = FILE_CACHE
+                    .write_or_create(&path, SeekFrom::Start(0))
+                    .unwrap()
+                    .upgrade()
+                    .unwrap();
+                let mut file = file.write().unwrap();
+                file.write_all(&buf).unwrap();
+                file.set_len((HEADER_SIZE + ENTRY_SIZE * 2) as u64).unwrap();
+            }
+
+            let result = TransactionLog::try_load_or_create(&path, 3);
+            assert_eq!(
+                result.err().unwrap(),
+                internal_server_error!("{} {}", expected_error, path.to_str().unwrap())
+            );
+        }
+
+        #[rstest]
+        fn test_invalid_size(path: PathBuf) {
+            {
+                let file = FILE_CACHE
+                    .write_or_create(&path, SeekFrom::Start(0))
+                    .unwrap()
+                    .upgrade()
+                    .unwrap();
+                let mut file = file.write().unwrap();
+                file.write_all(&[0u8; 16]).unwrap();
+                file.set_len((HEADER_SIZE + 1) as u64).unwrap();
+            }
+
+            let result = TransactionLog::try_load_or_create(&path, 3);
+            assert_eq!(
+                result.err().unwrap(),
+                internal_server_error!(
+                    "Invalid size 17 of transaction log {}",
+                    path.to_str().unwrap()
+                )
+            );
+        }
+    }
+
     #[fixture]
     fn path() -> PathBuf {
-        let path = tempdir().unwrap().into_path().join("transaction_log");
+        let path = tempdir().unwrap().keep().join("transaction_log");
         path
     }
 }
diff --git a/reductstore/src/storage/block_manager.rs b/reductstore/src/storage/block_manager.rs
index 92dbdae4b..ab7e91f60 100644
--- a/reductstore/src/storage/block_manager.rs
+++ b/reductstore/src/storage/block_manager.rs
@@ -204,7 +204,7 @@ impl BlockManager {
             let file = FILE_CACHE
                 .write_or_create(&self.path_to_data(block_id), SeekFrom::Start(0))?
                 .upgrade()?;
-            let file = file.write()?;
+            let mut file = file.write()?;
             file.set_len(max_block_size)?;
         }
 
@@ -233,14 +233,14 @@ impl BlockManager {
         let file = FILE_CACHE
             .write_or_create(&path, SeekFrom::Current(0))?
             .upgrade()?;
-        let data_block = file.write()?;
+        let mut data_block = file.write()?;
         data_block.set_len(block.size())?;
         data_block.sync_all()?;
 
         let file = FILE_CACHE
             .write_or_create(&self.path_to_desc(block.block_id()), SeekFrom::Current(0))?
             .upgrade()?;
-        let descr_block = file.write()?;
+        let mut descr_block = file.write()?;
         descr_block.sync_all()?;
 
         Ok(())
@@ -264,11 +264,14 @@ impl BlockManager {
 
         self.block_cache.remove(&block_id);
 
-        let path = self.path_to_data(block_id);
-        FILE_CACHE.remove(&path)?;
+        let data_block_path = self.path_to_data(block_id);
+        FILE_CACHE.remove(&data_block_path)?;
 
-        let path = self.path_to_desc(block_id);
-        FILE_CACHE.remove(&path)?;
+        let desc_block_path = self.path_to_desc(block_id);
+        if FILE_CACHE.try_exists(&desc_block_path)? {
+            // it can be still in WAL only
+            FILE_CACHE.remove(&desc_block_path)?;
+        }
 
         self.wal.remove(block_id)?;
         Ok(())
@@ -608,6 +611,7 @@ mod tests {
     use reduct_base::error::ErrorCode;
     use rstest::{fixture, rstest};
 
+    use crate::backend::Backend;
     use crate::storage::entry::RecordWriter;
     use crate::storage::storage::MAX_IO_BUFFER_SIZE;
     use rand::distr::Alphanumeric;
@@ -959,7 +963,7 @@ mod tests {
                 Arc::clone(&block_manager),
                 block_ref.clone(),
                 record_time,
-                false,
+                None,
             )
             .unwrap();
 
@@ -1073,7 +1077,13 @@ mod tests {
 
     #[fixture]
     fn block_manager(block_id: u64) -> BlockManager {
-        let path = tempdir().unwrap().into_path().join("bucket").join("entry");
+        let path = tempdir().unwrap().keep().join("bucket").join("entry");
+        FILE_CACHE.set_storage_backend(
+            Backend::builder()
+                .local_data_path(path.to_str().unwrap())
+                .try_build()
+                .unwrap(),
+        );
 
         let mut bm = BlockManager::new(path.clone(), BlockIndex::new(path.join(BLOCK_INDEX_FILE)));
         let block_ref = bm.start_new_block(block_id, 1024).unwrap().clone();
diff --git a/reductstore/src/storage/block_manager/block_index.rs b/reductstore/src/storage/block_manager/block_index.rs
index 031b44d14..9c3236a30 100644
--- a/reductstore/src/storage/block_manager/block_index.rs
+++ b/reductstore/src/storage/block_manager/block_index.rs
@@ -1,4 +1,4 @@
-// Copyright 2024 ReductSoftware UG
+// Copyright 2024-2025 ReductSoftware UG
 // Licensed under the Business Source License 1.1
 
 use bytes::Bytes;
@@ -7,7 +7,6 @@ use prost::Message;
 use reduct_base::error::ReductError;
 use reduct_base::internal_server_error;
 use std::collections::{BTreeSet, HashMap};
-use std::fs::read_dir;
 use std::io::{Read, SeekFrom, Write};
 use std::path::PathBuf;
 
@@ -119,7 +118,7 @@ impl BlockIndex {
     }
 
     pub fn try_load(path: PathBuf) -> Result<Self, ReductError> {
-        if !path.try_exists()? {
+        if !FILE_CACHE.try_exists(&path)? {
             return Err(internal_server_error!("Block index {:?} not found", path));
         }
 
@@ -135,15 +134,10 @@ impl BlockIndex {
                 ));
             };
 
-            let has_block_descriptors = read_dir(&path.parent().unwrap())?.any(|file| {
-                file.map(|f| {
-                    f.file_name()
-                        .to_str()
-                        .unwrap()
-                        .ends_with(DESCRIPTOR_FILE_EXT)
-                })
-                .unwrap_or(false)
-            });
+            let has_block_descriptors = FILE_CACHE
+                .read_dir(&path.parent().unwrap().into())?
+                .iter()
+                .any(|path| path.ends_with(DESCRIPTOR_FILE_EXT));
 
             if lock.metadata()?.len() == 0 && has_block_descriptors {
                 return Err(internal_server_error!("Block index {:?} is empty", path));
@@ -247,7 +241,6 @@ impl BlockIndex {
             internal_server_error!("Failed to write block index {:?}: {}", self.path_buf, err)
         })?;
 
-        lock.flush()?;
         lock.sync_all()?;
 
         Ok(())
@@ -293,7 +286,7 @@ mod tests {
 
         #[rstest]
         fn test_ok() {
-            let path = tempdir().unwrap().into_path().join(BLOCK_INDEX_FILE);
+            let path = tempdir().unwrap().keep().join(BLOCK_INDEX_FILE);
 
             let block_index_proto = BlockIndexProto {
                 blocks: vec![BlockEntry {
@@ -327,7 +320,7 @@ mod tests {
 
         #[rstest]
         fn test_index_file_corrupted() {
-            let path = tempdir().unwrap().into_path().join(BLOCK_INDEX_FILE);
+            let path = tempdir().unwrap().keep().join(BLOCK_INDEX_FILE);
 
             let block_index_proto = BlockIndexProto {
                 blocks: vec![BlockEntry {
@@ -351,7 +344,7 @@ mod tests {
 
         #[rstest]
         fn test_decode_err() {
-            let path = tempdir().unwrap().into_path().join(BLOCK_INDEX_FILE);
+            let path = tempdir().unwrap().keep().join(BLOCK_INDEX_FILE);
             fs::write(&path, vec![0, 1, 2, 3]).unwrap();
 
             let block_index = BlockIndex::try_load(path.clone()).err().unwrap();
@@ -364,7 +357,7 @@ mod tests {
 
         #[rstest]
         fn test_ok() {
-            let path = tempdir().unwrap().into_path().join(BLOCK_INDEX_FILE);
+            let path = tempdir().unwrap().keep().join(BLOCK_INDEX_FILE);
 
             let mut block_index = BlockIndex::new(path.clone());
             block_index.insert_or_update(BlockEntry {
diff --git a/reductstore/src/storage/block_manager/wal.rs b/reductstore/src/storage/block_manager/wal.rs
index df419761a..0485d2789 100644
--- a/reductstore/src/storage/block_manager/wal.rs
+++ b/reductstore/src/storage/block_manager/wal.rs
@@ -1,4 +1,4 @@
-// Copyright 2024 ReductSoftware UG
+// Copyright 2024-2025 ReductSoftware UG
 // Licensed under the Business Source License 1.1
 
 use std::collections::hash_map::Entry::{Occupied, Vacant};
@@ -233,15 +233,15 @@ impl Wal for WalImpl {
 
     fn remove(&self, block_id: u64) -> Result<(), ReductError> {
         let path = self.block_wal_path(block_id);
-        FILE_CACHE.remove(&path)?;
+        if FILE_CACHE.try_exists(&path)? {
+            FILE_CACHE.remove(&path)?;
+        }
         Ok(())
     }
 
     fn list(&self) -> Result<Vec<u64>, ReductError> {
         let mut blocks = Vec::new();
-        for entry in std::fs::read_dir(&self.root_path)? {
-            let entry = entry?;
-            let path = entry.path();
+        for path in FILE_CACHE.read_dir(&self.root_path)? {
             if path.extension().unwrap_or_default() == "wal" {
                 let block_id = path
                     .file_stem()
@@ -276,7 +276,9 @@ impl Wal for WalImpl {
 pub(in crate::storage) fn create_wal(entry_path: PathBuf) -> Box<dyn Wal + Send + Sync> {
     let wal_folder = entry_path.join("wal");
     if !wal_folder.try_exists().unwrap() {
-        std::fs::create_dir_all(&wal_folder).expect("Failed to create WAL folder");
+        FILE_CACHE
+            .create_dir_all(&wal_folder)
+            .expect("Failed to create WAL folder");
     }
     Box::new(WalImpl::new(entry_path.join("wal")))
 }
@@ -377,7 +379,7 @@ mod tests {
 
     #[fixture]
     fn wal() -> WalImpl {
-        let path = tempfile::tempdir().unwrap().into_path();
+        let path = tempfile::tempdir().unwrap().keep();
         std::fs::create_dir_all(path.join("wal")).unwrap();
         WalImpl::new(path.join("wal"))
     }
diff --git a/reductstore/src/storage/bucket.rs b/reductstore/src/storage/bucket.rs
index 20ac581f5..828610da0 100644
--- a/reductstore/src/storage/bucket.rs
+++ b/reductstore/src/storage/bucket.rs
@@ -24,6 +24,7 @@ use reduct_base::msg::bucket_api::{BucketInfo, BucketSettings, FullBucketInfo};
 use reduct_base::msg::entry_api::EntryInfo;
 use reduct_base::{conflict, internal_server_error, not_found, Labels};
 use std::collections::BTreeMap;
+use std::io::{Read, SeekFrom};
 use std::path::PathBuf;
 use std::sync::atomic::AtomicBool;
 use std::sync::{Arc, RwLock};
@@ -56,7 +57,7 @@ impl Bucket {
         settings: BucketSettings,
     ) -> Result<Bucket, ReductError> {
         let path = path.join(name);
-        std::fs::create_dir_all(&path)?;
+        FILE_CACHE.create_dir_all(&path)?;
         let settings = Self::fill_settings(settings, Self::defaults());
 
         let bucket = Bucket {
@@ -82,7 +83,15 @@ impl Bucket {
     ///
     /// * `Bucket` - The bucket or an HTTPError
     pub fn restore(path: PathBuf) -> Result<Bucket, ReductError> {
-        let buf: Vec<u8> = std::fs::read(path.join(SETTINGS_NAME))?;
+        let buf = {
+            let lock = FILE_CACHE
+                .read(&path.join(SETTINGS_NAME), SeekFrom::Start(0))?
+                .upgrade()?;
+            let mut buf = Vec::new();
+            lock.write()?.read_to_end(&mut buf)?;
+            buf
+        };
+
         let settings = ProtoBucketSettings::decode(&mut Bytes::from(buf))
             .map_err(|e| internal_server_error!("Failed to decode settings: {}", e))?;
 
@@ -92,8 +101,7 @@ impl Bucket {
         let mut entries = BTreeMap::new();
         let mut task_set = Vec::new();
 
-        for entry in std::fs::read_dir(&path)? {
-            let path = entry?.path();
+        for path in FILE_CACHE.read_dir(&path)? {
             if path.is_dir() {
                 let handler = Entry::restore(
                     path,
@@ -134,8 +142,7 @@ impl Bucket {
     /// * `&mut Entry` - The entry or an HTTPError
     pub fn get_or_create_entry(&self, key: &str) -> Result<Weak<Entry>, ReductError> {
         check_name_convention(key)?;
-        let mut entries = self.entries.write()?;
-        if !entries.contains_key(key) {
+        if !self.entries.read()?.contains_key(key) {
             let settings = self.settings.read()?;
             let entry = Entry::try_new(
                 &key,
@@ -145,10 +152,12 @@ impl Bucket {
                     max_block_records: settings.max_block_records.unwrap(),
                 },
             )?;
-            entries.insert(key.to_string(), Arc::new(entry));
+            self.entries
+                .write()?
+                .insert(key.to_string(), Arc::new(entry));
         }
 
-        Ok(entries.get_mut(key).unwrap().clone().into())
+        Ok(self.entries.read()?.get(key).unwrap().clone().into())
     }
 
     /// Get an entry in the bucket
@@ -178,7 +187,7 @@ impl Bucket {
         let mut latest_record = 0u64;
         let mut entries: Vec<EntryInfo> = vec![];
 
-        let entry_map = self.entries.read().unwrap();
+        let entry_map = self.entries.read()?;
         for entry in entry_map.values() {
             let info = entry.info()?;
             entries.push(info.clone());
@@ -197,7 +206,7 @@ impl Bucket {
                     .is_provisioned
                     .load(std::sync::atomic::Ordering::Relaxed),
             },
-            settings: self.settings.read().unwrap().clone(),
+            settings: self.settings.read()?.clone(),
             entries,
         })
     }
@@ -220,7 +229,7 @@ impl Bucket {
         &self,
         name: &str,
         time: u64,
-        content_size: usize,
+        content_size: u64,
         content_type: String,
         labels: Labels,
     ) -> TaskHandle<Result<Box<dyn WriteRecord + Sync + Send>, ReductError>> {
@@ -289,7 +298,7 @@ impl Bucket {
 
             entries.write()?.remove(&old_name);
             FILE_CACHE.discard_recursive(&old_path)?; // we need to close all open files
-            std::fs::rename(&old_path, &new_path)?;
+            FILE_CACHE.rename(&old_path, &new_path)?;
 
             let entry = Entry::restore(
                 new_path,
@@ -543,7 +552,7 @@ mod tests {
             .begin_write(
                 entry_name,
                 time,
-                content.len(),
+                content.len() as u64,
                 "".to_string(),
                 Labels::new(),
             )
@@ -581,7 +590,7 @@ mod tests {
 
     #[fixture]
     pub fn path() -> PathBuf {
-        tempdir().unwrap().into_path()
+        tempdir().unwrap().keep()
     }
 
     #[fixture]
diff --git a/reductstore/src/storage/bucket/quotas.rs b/reductstore/src/storage/bucket/quotas.rs
index 884072d90..49766c7b6 100644
--- a/reductstore/src/storage/bucket/quotas.rs
+++ b/reductstore/src/storage/bucket/quotas.rs
@@ -9,7 +9,7 @@ use reduct_base::msg::bucket_api::QuotaType;
 use reduct_base::{bad_request, internal_server_error};
 
 impl Bucket {
-    pub(super) fn keep_quota_for(&self, content_size: usize) -> Result<(), ReductError> {
+    pub(super) fn keep_quota_for(&self, content_size: u64) -> Result<(), ReductError> {
         let settings = self.settings.read()?;
         let quota_size = settings.quota_size.unwrap_or(0);
         match settings.quota_type.clone().unwrap_or(QuotaType::NONE) {
@@ -25,37 +25,53 @@ impl Bucket {
         }
     }
 
-    fn remove_oldest_block(&self, content_size: usize, quota_size: u64) -> Result<(), ReductError> {
-        let mut size = self.info()?.info.size + content_size as u64;
+    fn remove_oldest_block(&self, content_size: u64, quota_size: u64) -> Result<(), ReductError> {
+        let get_bucket_size = || {
+            self.entries
+                .read()
+                .map(|entries| {
+                    entries
+                        .values()
+                        .map(|e| e.size())
+                        .reduce(|acc, e| acc + e)
+                        .unwrap_or(0)
+                })
+                .unwrap_or(0)
+        };
+
+        let mut size = get_bucket_size() + content_size as u64;
         while size > quota_size {
-            debug!(
-                "Need more space. Remove an oldest block from bucket '{}'",
-                self.name()
-            );
-
-            let mut candidates: Vec<(u64, &Entry)> = vec![];
-            let entries = self.entries.read()?;
-            for (_, entry) in entries.iter() {
-                let info = entry.info()?;
-                candidates.push((info.oldest_record, entry));
-            }
-            candidates.sort_by_key(|entry| entry.0);
+            let mut success = false;
 
-            let candidates = candidates
-                .iter()
-                .map(|(_, entry)| entry.name().to_string())
-                .collect::<Vec<String>>();
+            {
+                debug!(
+                    "Need more space. Remove an oldest block from bucket '{}'",
+                    self.name()
+                );
 
-            let mut success = false;
-            for name in candidates {
-                debug!("Remove an oldest block from entry '{}'", name);
-                match entries.get(&name).unwrap().try_remove_oldest_block().wait() {
-                    Ok(_) => {
-                        success = true;
-                        break;
-                    }
-                    Err(e) => {
-                        debug!("Failed to remove oldest block from entry '{}': {}", name, e);
+                let mut candidates: Vec<(u64, &Entry)> = vec![];
+                let entries = self.entries.read()?;
+                for (_, entry) in entries.iter() {
+                    let info = entry.info()?;
+                    candidates.push((info.oldest_record, entry));
+                }
+                candidates.sort_by_key(|entry| entry.0);
+
+                let candidates = candidates
+                    .iter()
+                    .map(|(_, entry)| entry.name().to_string())
+                    .collect::<Vec<String>>();
+
+                for name in candidates {
+                    debug!("Remove an oldest block from entry '{}'", name);
+                    match entries.get(&name).unwrap().try_remove_oldest_block().wait() {
+                        Ok(_) => {
+                            success = true;
+                            break;
+                        }
+                        Err(e) => {
+                            debug!("Failed to remove oldest block from entry '{}': {}", name, e);
+                        }
                     }
                 }
             }
@@ -67,7 +83,7 @@ impl Bucket {
                 ));
             }
 
-            size = self.info()?.info.size + content_size as u64;
+            size = get_bucket_size() + content_size as u64;
         }
 
         // Remove empty entries
diff --git a/reductstore/src/storage/bucket/settings.rs b/reductstore/src/storage/bucket/settings.rs
index 6cb5a3d76..430fffccd 100644
--- a/reductstore/src/storage/bucket/settings.rs
+++ b/reductstore/src/storage/bucket/settings.rs
@@ -1,6 +1,7 @@
-// Copyright 2023-2024 ReductSoftware UG
+// Copyright 2023-2025 ReductSoftware UG
 // Licensed under the Business Source License 1.1
 
+use crate::core::file_cache::FILE_CACHE;
 use crate::core::thread_pool::{unique, TaskHandle};
 use crate::storage::bucket::Bucket;
 use crate::storage::entry::EntrySettings;
@@ -9,7 +10,7 @@ use prost::Message;
 use reduct_base::error::ReductError;
 use reduct_base::msg::bucket_api::{BucketSettings, QuotaType};
 use reduct_base::{conflict, internal_server_error};
-use std::io::Write;
+use std::io::{SeekFrom, Write};
 
 pub(super) const DEFAULT_MAX_RECORDS: u64 = 1024;
 pub(super) const DEFAULT_MAX_BLOCK_SIZE: u64 = 64000000;
@@ -117,8 +118,12 @@ impl Bucket {
                 .encode(&mut buf)
                 .map_err(|e| internal_server_error!("Failed to encode bucket settings: {}", e))?;
 
-            let mut file = std::fs::File::create(path)?;
-            file.write(&buf)?;
+            let lock = FILE_CACHE
+                .write_or_create(&path, SeekFrom::Start(0))?
+                .upgrade()?;
+            let mut file = lock.write()?;
+            file.write_all(&buf)?;
+            file.sync_all()?;
             Ok(())
         })
     }
diff --git a/reductstore/src/storage/entry.rs b/reductstore/src/storage/entry.rs
index 6efb5e166..06d0c7fc8 100644
--- a/reductstore/src/storage/entry.rs
+++ b/reductstore/src/storage/entry.rs
@@ -18,7 +18,6 @@ use log::debug;
 use reduct_base::error::ReductError;
 use reduct_base::msg::entry_api::{EntryInfo, QueryEntry};
 use std::collections::HashMap;
-use std::fs;
 use std::path::PathBuf;
 use std::sync::atomic::{AtomicU64, Ordering};
 use std::sync::{Arc, RwLock};
@@ -27,6 +26,7 @@ use tokio::sync::RwLock as AsyncRwLock;
 
 pub(crate) use io::record_writer::{RecordDrainer, RecordWriter};
 
+use crate::core::file_cache::FILE_CACHE;
 use crate::core::thread_pool::{
     group_from_path, shared, try_unique, unique_child, GroupDepth, TaskHandle,
 };
@@ -74,7 +74,7 @@ impl Entry {
         path: PathBuf,
         settings: EntrySettings,
     ) -> Result<Self, ReductError> {
-        fs::create_dir_all(path.join(name))?;
+        FILE_CACHE.create_dir_all(&path.join(name))?;
         let path = path.join(name);
         Ok(Self {
             name: name.to_string(),
@@ -215,6 +215,11 @@ impl Entry {
         })
     }
 
+    pub fn size(&self) -> u64 {
+        let bm = self.block_manager.read().unwrap();
+        bm.index().size()
+    }
+
     /// Try to remove the oldest block.
     ///
     /// # Returns
@@ -230,7 +235,6 @@ impl Entry {
 
         let oldest_block_id = *index_tree.first().unwrap();
         let block_manager = Arc::clone(&self.block_manager);
-
         match try_unique(
             &format!("{}/{}", self.task_group(), oldest_block_id),
             "try to remove oldest block",
@@ -238,6 +242,10 @@ impl Entry {
             move || {
                 let mut bm = block_manager.write().unwrap();
                 bm.remove_block(oldest_block_id)?;
+                debug!(
+                    "Removing the oldest block {}.blk",
+                    bm.path().join(oldest_block_id.to_string()).display()
+                );
                 Ok(())
             },
         ) {
@@ -387,7 +395,7 @@ mod tests {
         use super::*;
 
         use reduct_base::error::ErrorCode;
-        use reduct_base::io::RecordMeta;
+        use reduct_base::io::ReadRecord;
         use reduct_base::{no_content, not_found};
         use std::thread::sleep;
 
@@ -412,15 +420,15 @@ mod tests {
 
                 {
                     let reader = rx.blocking_recv().unwrap().unwrap();
-                    assert_eq!(reader.timestamp(), 1000000);
+                    assert_eq!(reader.meta().timestamp(), 1000000);
                 }
                 {
                     let reader = rx.blocking_recv().unwrap().unwrap();
-                    assert_eq!(reader.timestamp(), 2000000);
+                    assert_eq!(reader.meta().timestamp(), 2000000);
                 }
                 {
                     let reader = rx.blocking_recv().unwrap().unwrap();
-                    assert_eq!(reader.timestamp(), 3000000);
+                    assert_eq!(reader.meta().timestamp(), 3000000);
                 }
 
                 assert_eq!(
@@ -454,7 +462,7 @@ mod tests {
                 let rx = entry.get_query_receiver(id).unwrap().upgrade_and_unwrap();
                 let mut rx = rx.blocking_write();
                 let reader = rx.blocking_recv().unwrap().unwrap();
-                assert_eq!(reader.timestamp(), 1000000);
+                assert_eq!(reader.meta().timestamp(), 1000000);
                 assert_eq!(
                     rx.blocking_recv().unwrap().err(),
                     Some(no_content!("No content"))
@@ -476,7 +484,7 @@ mod tests {
                         Err(e) => panic!("Unexpected error: {:?}", e),
                     }
                 };
-                assert_eq!(reader.timestamp(), 2000000);
+                assert_eq!(reader.meta().timestamp(), 2000000);
             }
 
             sleep(Duration::from_millis(1700));
@@ -550,7 +558,7 @@ mod tests {
             let mut sender = entry
                 .begin_write(
                     1000000,
-                    MAX_IO_BUFFER_SIZE + 1,
+                    (MAX_IO_BUFFER_SIZE + 1) as u64,
                     "text/plain".to_string(),
                     Labels::new(),
                 )
@@ -620,12 +628,17 @@ mod tests {
 
     #[fixture]
     pub(super) fn path() -> PathBuf {
-        tempfile::tempdir().unwrap().into_path().join("bucket")
+        tempfile::tempdir().unwrap().keep().join("bucket")
     }
 
     pub fn write_record(entry: &mut Entry, time: u64, data: Vec<u8>) {
         let mut sender = entry
-            .begin_write(time, data.len(), "text/plain".to_string(), Labels::new())
+            .begin_write(
+                time,
+                data.len() as u64,
+                "text/plain".to_string(),
+                Labels::new(),
+            )
             .wait()
             .unwrap();
         sender.blocking_send(Ok(Some(Bytes::from(data)))).unwrap();
@@ -636,7 +649,7 @@ mod tests {
 
     pub fn write_record_with_labels(entry: &mut Entry, time: u64, data: Vec<u8>, labels: Labels) {
         let mut sender = entry
-            .begin_write(time, data.len(), "text/plain".to_string(), labels)
+            .begin_write(time, data.len() as u64, "text/plain".to_string(), labels)
             .wait()
             .unwrap();
         sender.blocking_send(Ok(Some(Bytes::from(data)))).unwrap();
diff --git a/reductstore/src/storage/entry/entry_loader.rs b/reductstore/src/storage/entry/entry_loader.rs
index ad064cd4d..7d068558d 100644
--- a/reductstore/src/storage/entry/entry_loader.rs
+++ b/reductstore/src/storage/entry/entry_loader.rs
@@ -1,9 +1,8 @@
-// Copyright 2024 ReductSoftware UG
+// Copyright 2024-2025 ReductSoftware UG
 // Licensed under the Business Source License 1.1
 
 use std::collections::HashMap;
-use std::fs;
-use std::io::Write;
+use std::io::{Read, SeekFrom, Write};
 use std::path::PathBuf;
 use std::sync::{Arc, RwLock};
 use std::time::Instant;
@@ -14,6 +13,7 @@ use crc64fast::Digest;
 use log::{debug, error, info, trace, warn};
 use prost::Message;
 
+use crate::core::file_cache::FILE_CACHE;
 use crate::storage::block_manager::block_index::BlockIndex;
 use crate::storage::block_manager::wal::{create_wal, WalEntry};
 use crate::storage::block_manager::{
@@ -80,9 +80,7 @@ impl EntryLoader {
         options: EntrySettings,
     ) -> Result<Entry, ReductError> {
         let mut block_index = BlockIndex::new(path.join(BLOCK_INDEX_FILE));
-        for filein in fs::read_dir(path.clone())? {
-            let file = filein?;
-            let path = file.path();
+        for path in FILE_CACHE.read_dir(&path)? {
             if path.is_dir() {
                 continue;
             }
@@ -97,20 +95,23 @@ impl EntryLoader {
                     error!("Failed to decode block {:?}: {}", path, $err);
                     warn!("Removing meta block {:?}", path);
                     let mut data_path = path.clone();
-                    fs::remove_file(path)?;
+                    FILE_CACHE.remove(&path)?;
 
                     data_path.set_extension(DATA_FILE_EXT[1..].to_string());
                     warn!("Removing data block {:?}", data_path);
-                    fs::remove_file(data_path)?;
+                    FILE_CACHE.remove(&data_path)?;
                     continue;
                 }};
             }
 
-            let buf = fs::read(path.clone())?;
+            let file = FILE_CACHE.read(&path, SeekFrom::Start(0))?.upgrade()?;
+            let mut buf = vec![];
+            file.write()?.read_to_end(&mut buf)?;
             let mut crc = Digest::new();
             crc.write(&buf);
 
-            let mut block = match MinimalBlock::decode(Bytes::from(buf)) {
+            let descriptor_content = Bytes::from(buf);
+            let mut block = match MinimalBlock::decode(descriptor_content.clone()) {
                 Ok(block) => block,
                 Err(err) => {
                     remove_bad_block!(err);
@@ -120,7 +121,7 @@ impl EntryLoader {
             // Migration for old blocks without fields to speed up the restore process
             if block.record_count == 0 {
                 debug!("Record count is 0. Migrate the block");
-                let mut full_block = match Block::decode(Bytes::from(fs::read(path.clone())?)) {
+                let mut full_block = match Block::decode(descriptor_content) {
                     Ok(block) => block,
                     Err(err) => {
                         remove_bad_block!(err);
@@ -133,7 +134,11 @@ impl EntryLoader {
                 block.record_count = full_block.record_count;
                 block.metadata_size = full_block.metadata_size;
 
-                let mut file = fs::File::create(path.clone())?;
+                let lock = FILE_CACHE
+                    .write_or_create(&path, SeekFrom::Start(0))?
+                    .upgrade()?;
+                let mut file = lock.write()?;
+                file.set_len(0)?;
 
                 let buf = full_block.encode_to_vec();
                 crc = Digest::new();
@@ -199,13 +204,12 @@ impl EntryLoader {
     }
 
     fn check_descriptor_count(path: &PathBuf, block_index: &BlockIndex) -> Result<(), ReductError> {
-        let number_of_descriptors = std::fs::read_dir(&path)?
+        let number_of_descriptors = FILE_CACHE
+            .read_dir(&path)?
             .into_iter()
-            .filter(|entry| {
-                let entry = entry.as_ref().unwrap().path();
-                entry.is_file()
-                    && DESCRIPTOR_FILE_EXT.contains(entry.extension().unwrap().to_str().unwrap())
-            })
+            .filter(|entry|
+                // path maybe a virtual from remote storage
+                entry.to_str().unwrap_or("").ends_with(DESCRIPTOR_FILE_EXT))
             .count();
 
         if number_of_descriptors != block_index.tree().len() {
@@ -229,15 +233,20 @@ impl EntryLoader {
         let mut inconsistent_data = false;
         for block_id in block_index.tree().iter() {
             let desc_path = path.join(format!("{}{}", block_id, DESCRIPTOR_FILE_EXT));
-            if !desc_path.exists() {
-                warn!("Block descriptor {:?} not found", path);
+            if FILE_CACHE.try_exists(&desc_path)? {
+                let data_path = path.join(format!("{}{}", block_id, DATA_FILE_EXT));
+                if !FILE_CACHE.try_exists(&data_path)? {
+                    warn!(
+                        "Data block {:?} not found. Removing its descriptor",
+                        data_path
+                    );
+                    FILE_CACHE.remove(&desc_path)?;
+                    inconsistent_data = true;
+                }
+            } else {
+                warn!("Block descriptor {:?} not found", desc_path);
                 inconsistent_data = true;
             }
-
-            let data_path = path.join(format!("{}{}", block_id, DATA_FILE_EXT));
-            if !data_path.exists() {
-                warn!("Block descriptor {:?} not found. Removing it", path);
-            }
         }
 
         if inconsistent_data {
@@ -352,11 +361,13 @@ mod tests {
     use crate::storage::block_manager::wal::WalEntry;
     use crate::storage::entry::tests::{entry, entry_settings, path, write_stub_record};
     use crate::storage::proto::{record, us_to_ts, BlockIndex as BlockIndexProto, Record};
+    use std::fs;
     use std::io::SeekFrom;
 
     use super::*;
+    use crate::backend::Backend;
     use crate::core::file_cache::FILE_CACHE;
-    use reduct_base::io::{ReadRecord, RecordMeta};
+    use reduct_base::io::ReadRecord;
     use rstest::{fixture, rstest};
 
     #[rstest]
@@ -408,9 +419,9 @@ mod tests {
         assert_eq!(info.size, 88);
 
         let mut rec = entry.begin_read(1).wait().unwrap();
-        assert_eq!(rec.timestamp(), 1);
-        assert_eq!(rec.content_length(), 10);
-        assert_eq!(rec.content_type(), "text/plain");
+        assert_eq!(rec.meta().timestamp(), 1);
+        assert_eq!(rec.meta().content_length(), 10);
+        assert_eq!(rec.meta().content_type(), "text/plain");
 
         assert_eq!(
             rec.blocking_read().unwrap().unwrap(),
@@ -418,9 +429,9 @@ mod tests {
         );
 
         let mut rec = entry.begin_read(2000010).wait().unwrap();
-        assert_eq!(rec.timestamp(), 2000010);
-        assert_eq!(rec.content_length(), 10);
-        assert_eq!(rec.content_type(), "text/plain");
+        assert_eq!(rec.meta().timestamp(), 2000010);
+        assert_eq!(rec.meta().content_length(), 10);
+        assert_eq!(rec.meta().content_type(), "text/plain");
 
         assert_eq!(
             rec.blocking_read().unwrap().unwrap(),
@@ -448,8 +459,16 @@ mod tests {
 
     #[rstest]
     fn test_migration_v18_v19(entry_settings: EntrySettings, path: PathBuf) {
+        FILE_CACHE.set_storage_backend(
+            Backend::builder()
+                .local_data_path(path.to_str().unwrap())
+                .try_build()
+                .unwrap(),
+        );
+
         let path = path.join("entry");
-        fs::create_dir_all(path.clone()).unwrap();
+        FILE_CACHE.create_dir_all(&path).unwrap();
+
         let mut block_manager = BlockManager::new(
             path.clone(),
             BlockIndex::new(path.clone().join(BLOCK_INDEX_FILE)),
@@ -483,10 +502,19 @@ mod tests {
             .clone()
             .into();
         block_proto.record_count = 0;
-        fs::write(path.join("1.meta"), block_proto.encode_to_vec()).unwrap();
+
+        let lock = FILE_CACHE
+            .write_or_create(&path.join("1.meta"), SeekFrom::Start(0))
+            .unwrap()
+            .upgrade()
+            .unwrap();
+
+        lock.write()
+            .unwrap()
+            .write_all(&block_proto.encode_to_vec())
+            .unwrap();
 
         // repack the block
-        FILE_CACHE.remove(&path.join(BLOCK_INDEX_FILE)).unwrap();
         let entry = EntryLoader::restore_entry(path.clone(), entry_settings).unwrap();
         let info = entry.info().unwrap();
 
@@ -518,7 +546,7 @@ mod tests {
                 .unwrap()
                 .upgrade()
                 .unwrap();
-            let file = rc.write().unwrap();
+            let mut file = rc.write().unwrap();
             file.set_len(0).unwrap();
             file.sync_all().unwrap();
         }
@@ -640,6 +668,7 @@ mod tests {
     mod wal_recovery {
         use crate::storage::proto::Record;
         use reduct_base::error::ErrorCode::InternalServerError;
+        use std::fs;
         use std::fs::File;
 
         use super::*;
diff --git a/reductstore/src/storage/entry/io/record_reader.rs b/reductstore/src/storage/entry/io/record_reader.rs
index e43570706..35f8957cd 100644
--- a/reductstore/src/storage/entry/io/record_reader.rs
+++ b/reductstore/src/storage/entry/io/record_reader.rs
@@ -4,14 +4,14 @@
 use crate::core::file_cache::FileWeak;
 use crate::core::thread_pool::shared_child_isolated;
 use crate::storage::block_manager::{BlockManager, BlockRef, RecordRx};
-use crate::storage::proto::{ts_to_us, Record};
+use crate::storage::proto::Record;
 use crate::storage::storage::{CHANNEL_BUFFER_SIZE, IO_OPERATION_TIMEOUT, MAX_IO_BUFFER_SIZE};
 use async_trait::async_trait;
 use bytes::Bytes;
-use log::error;
+use log::{debug, error};
 use reduct_base::error::ReductError;
 use reduct_base::io::{ReadChunk, ReadRecord, RecordMeta};
-use reduct_base::{internal_server_error, timeout, Labels};
+use reduct_base::{internal_server_error, timeout};
 use std::cmp::min;
 use std::io::Read;
 use std::io::{Seek, SeekFrom};
@@ -25,13 +25,7 @@ use tokio::sync::mpsc::{channel, Sender};
 /// RecordReader is responsible for reading the content of a record from the storage.
 pub(crate) struct RecordReader {
     rx: Option<RecordRx>,
-    timestamp: u64,
-    content_type: String,
-    length: u64,
-    last: bool,
-    labels: Labels,
-    computed_labels: Labels,
-    state: i32,
+    meta: RecordMeta,
 }
 
 struct ReadContext {
@@ -54,6 +48,7 @@ impl RecordReader {
     /// * `block_manager` - The block manager to read the record from
     /// * `block_ref` - The block reference to read the record from
     /// * `record_timestamp` - The timestamp of the record
+    /// * `processed_record` - The metadata of the record, if any then we use it instead of reading from the block
     ///
     /// # Returns
     ///
@@ -62,9 +57,9 @@ impl RecordReader {
         block_manager: Arc<RwLock<BlockManager>>,
         block_ref: BlockRef,
         record_timestamp: u64,
-        last: bool,
+        processed_record: Option<Record>,
     ) -> Result<Self, ReductError> {
-        let (record, ctx) = {
+        let (record_from_block, ctx) = {
             let bm = block_manager.write()?;
             let block = block_ref.read()?;
 
@@ -113,7 +108,13 @@ impl RecordReader {
             });
         };
 
-        Ok(Self::form_record_with_rx(rx, record, last))
+        if let Some(processed_record) = processed_record {
+            // the reader can be created after when filter
+            // where labels can be processed or changed
+            Ok(Self::form_record_with_rx(rx, processed_record))
+        } else {
+            Ok(Self::form_record_with_rx(rx, record_from_block))
+        }
     }
 
     /// Create a new record reader for a record with no content.
@@ -123,38 +124,21 @@ impl RecordReader {
     /// # Arguments
     ///
     /// * `record` - The record to read
-    /// * `last` - Whether this is the last record in the entry
     ///
     /// # Returns
     ///
     /// * `RecordReader` - The record reader to read the record content in chunks
-    pub fn form_record(record: Record, last: bool) -> Self {
-        RecordReader {
-            rx: None,
-            timestamp: ts_to_us(record.timestamp.as_ref().unwrap()),
-            length: record.end - record.begin,
-            content_type: record.content_type.clone(),
-            labels: record
-                .labels
-                .into_iter()
-                .map(|l| (l.name, l.value))
-                .collect(),
-            computed_labels: Labels::new(),
-            state: record.state,
-            last,
-        }
+    pub fn form_record(record: Record) -> Self {
+        let meta: RecordMeta = record.into();
+        RecordReader { rx: None, meta }
     }
 
-    pub fn form_record_with_rx(rx: RecordRx, record: Record, last: bool) -> Self {
-        let mut me = Self::form_record(record, last);
+    pub fn form_record_with_rx(rx: RecordRx, record: Record) -> Self {
+        let mut me = Self::form_record(record);
         me.rx = Some(rx);
         me
     }
 
-    pub fn set_last(&mut self, last: bool) {
-        self.last = last;
-    }
-
     fn read(tx: Sender<Result<Bytes, ReductError>>, ctx: ReadContext) {
         let mut read_bytes = 0;
         let path = format!(
@@ -184,9 +168,10 @@ impl RecordReader {
         };
 
         if let Err(e) = read_all() {
-            error!(
+            // it's debug level because extensions may stop reading records intentionally
+            debug!(
                 "Failed to send record {}/{}/{}: {}",
-                ctx.bucket_name, ctx.entry_name, ctx.record_timestamp, e
+                ctx.bucket_name, ctx.entry_name, ctx.record_timestamp, e.message
             )
         }
     }
@@ -217,20 +202,6 @@ impl RecordReader {
     }
 }
 
-impl RecordMeta for RecordReader {
-    fn timestamp(&self) -> u64 {
-        self.timestamp
-    }
-
-    fn labels(&self) -> &Labels {
-        &self.labels
-    }
-
-    fn state(&self) -> i32 {
-        self.state
-    }
-}
-
 #[async_trait]
 impl ReadRecord for RecordReader {
     async fn read(&mut self) -> ReadChunk {
@@ -259,24 +230,12 @@ impl ReadRecord for RecordReader {
         }
     }
 
-    fn last(&self) -> bool {
-        self.last
+    fn meta(&self) -> &RecordMeta {
+        &self.meta
     }
 
-    fn computed_labels(&self) -> &Labels {
-        &self.computed_labels
-    }
-
-    fn computed_labels_mut(&mut self) -> &mut Labels {
-        &mut self.computed_labels
-    }
-
-    fn content_length(&self) -> u64 {
-        self.length
-    }
-
-    fn content_type(&self) -> &str {
-        &self.content_type
+    fn meta_mut(&mut self) -> &mut RecordMeta {
+        &mut self.meta
     }
 }
 
@@ -368,7 +327,7 @@ mod tests {
         }
         #[fixture]
         fn file_to_read(content_size: usize) -> PathBuf {
-            let tmp_file = tempdir().unwrap().into_path().join("test_file");
+            let tmp_file = tempdir().unwrap().keep().join("test_file");
             std::fs::write(&tmp_file, vec![0; content_size]).unwrap();
 
             tmp_file
@@ -383,6 +342,7 @@ mod tests {
 
         use crate::core::thread_pool::find_task_group;
         use crate::storage::entry::tests::get_task_group;
+
         use prost_wkt_types::Timestamp;
         use std::time::Duration;
 
@@ -445,19 +405,20 @@ mod tests {
         #[rstest]
         fn test_state(mut record: Record) {
             record.state = 1;
-            let reader = RecordReader::form_record(record, false);
-            assert_eq!(reader.state(), 1);
+            let reader = RecordReader::form_record(record);
+            assert_eq!(reader.meta().state(), 1);
         }
 
         #[rstest]
-        fn test_computed_labels(record: Record) {
-            let mut reader = RecordReader::form_record(record, false);
-            reader
-                .computed_labels_mut()
-                .insert("key".to_string(), "value".to_string());
+        fn test_meta_mut(record: Record) {
+            let mut reader = RecordReader::form_record(record);
+            let meta_mut = reader.meta_mut();
+            meta_mut
+                .labels_mut()
+                .insert("test_key".to_string(), "test_value".to_string());
             assert_eq!(
-                reader.computed_labels(),
-                &Labels::from([("key".to_string(), "value".to_string())])
+                reader.meta().labels().get("test_key"),
+                Some(&"test_value".to_string())
             );
         }
 
@@ -465,7 +426,7 @@ mod tests {
         #[tokio::test]
         async fn test_read_timeout(record: Record) {
             let (_tx, rx) = channel(CHANNEL_BUFFER_SIZE);
-            let mut reader = RecordReader::form_record_with_rx(rx, record, false);
+            let mut reader = RecordReader::form_record_with_rx(rx, record);
 
             let result = reader.read_timeout(Duration::from_millis(100)).await;
             assert_eq!(
diff --git a/reductstore/src/storage/entry/io/record_writer.rs b/reductstore/src/storage/entry/io/record_writer.rs
index 18c110c55..147ffa86e 100644
--- a/reductstore/src/storage/entry/io/record_writer.rs
+++ b/reductstore/src/storage/entry/io/record_writer.rs
@@ -421,7 +421,7 @@ mod tests {
 
         #[fixture]
         fn path() -> PathBuf {
-            tempdir().unwrap().into_path().join("bucket").join("entry")
+            tempdir().unwrap().keep().join("bucket").join("entry")
         }
 
         #[fixture]
diff --git a/reductstore/src/storage/entry/read_record.rs b/reductstore/src/storage/entry/read_record.rs
index cae0ded95..bd8e2aae2 100644
--- a/reductstore/src/storage/entry/read_record.rs
+++ b/reductstore/src/storage/entry/read_record.rs
@@ -49,7 +49,7 @@ impl Entry {
                 ));
             }
 
-            RecordReader::try_new(block_manager, block_ref, time, true)
+            RecordReader::try_new(block_manager, block_ref, time, None)
         })
     }
 }
@@ -62,7 +62,7 @@ mod tests {
     use crate::storage::storage::MAX_IO_BUFFER_SIZE;
     use bytes::Bytes;
     use reduct_base::error::ReductError;
-    use reduct_base::io::{ReadRecord, RecordMeta};
+    use reduct_base::io::ReadRecord;
     use reduct_base::Labels;
     use rstest::rstest;
     use std::path::PathBuf;
@@ -206,6 +206,6 @@ mod tests {
         }
 
         let reader = entry.begin_read(30 * step).wait().unwrap();
-        assert_eq!(reader.timestamp(), 3000000);
+        assert_eq!(reader.meta().timestamp(), 3000000);
     }
 }
diff --git a/reductstore/src/storage/entry/remove_records.rs b/reductstore/src/storage/entry/remove_records.rs
index 15118293b..21c88bbdb 100644
--- a/reductstore/src/storage/entry/remove_records.rs
+++ b/reductstore/src/storage/entry/remove_records.rs
@@ -6,7 +6,7 @@ use crate::storage::block_manager::BlockManager;
 use crate::storage::entry::Entry;
 use log::warn;
 use reduct_base::error::{ErrorCode, ReductError};
-use reduct_base::io::RecordMeta;
+use reduct_base::io::ReadRecord;
 use reduct_base::msg::entry_api::QueryEntry;
 use reduct_base::not_found;
 use std::collections::BTreeMap;
@@ -86,7 +86,7 @@ impl Entry {
                     let result = rx.upgrade()?.blocking_write().blocking_recv();
                     match result {
                         Some(Ok(rec)) => {
-                            records_to_remove.push(rec.timestamp());
+                            records_to_remove.push(rec.meta().timestamp());
                         }
                         Some(Err(ReductError {
                             status: ErrorCode::NoContent,
diff --git a/reductstore/src/storage/entry/update_labels.rs b/reductstore/src/storage/entry/update_labels.rs
index d5d0edf08..1e7c270e2 100644
--- a/reductstore/src/storage/entry/update_labels.rs
+++ b/reductstore/src/storage/entry/update_labels.rs
@@ -151,7 +151,7 @@ mod tests {
     use crate::storage::entry::tests::{entry, write_record_with_labels};
 
     use crate::storage::entry::EntrySettings;
-    use reduct_base::io::RecordMeta;
+    use reduct_base::io::ReadRecord;
     use rstest::rstest;
 
     #[rstest]
@@ -200,13 +200,13 @@ mod tests {
         assert_eq!(updated_labels, &expected_labels_3);
 
         // check if the records were updated
-        let labels = entry.begin_read(1).wait().unwrap().labels().clone();
+        let labels = entry.begin_read(1).wait().unwrap().meta().labels().clone();
         assert_eq!(labels, expected_labels_1);
 
-        let labels = entry.begin_read(2).wait().unwrap().labels().clone();
+        let labels = entry.begin_read(2).wait().unwrap().meta().labels().clone();
         assert_eq!(labels, expected_labels_2);
 
-        let labels = entry.begin_read(3).wait().unwrap().labels().clone();
+        let labels = entry.begin_read(3).wait().unwrap().meta().labels().clone();
         assert_eq!(labels, expected_labels_3);
     }
 
diff --git a/reductstore/src/storage/entry/write_record.rs b/reductstore/src/storage/entry/write_record.rs
index a587f2c3e..8257b3e0b 100644
--- a/reductstore/src/storage/entry/write_record.rs
+++ b/reductstore/src/storage/entry/write_record.rs
@@ -28,7 +28,7 @@ impl Entry {
     pub fn begin_write(
         &self,
         time: u64,
-        content_size: usize,
+        content_size: u64,
         content_type: String,
         labels: Labels,
     ) -> TaskHandle<Result<Box<dyn WriteRecord + Sync + Send>, ReductError>> {
@@ -143,7 +143,7 @@ impl Entry {
     fn prepare_block_for_writing(
         block: &mut BlockRef,
         time: u64,
-        content_size: usize,
+        content_size: u64,
         content_type: String,
         labels: Labels,
     ) -> Result<(), ReductError> {
@@ -151,7 +151,7 @@ impl Entry {
         let record = Record {
             timestamp: Some(us_to_ts(&time)),
             begin: block.size(),
-            end: block.size() + content_size as u64,
+            end: block.size() + content_size,
             content_type,
             state: record::State::Started as i32,
             labels: labels
diff --git a/reductstore/src/storage/proto.rs b/reductstore/src/storage/proto.rs
index 6239a778f..dbc63d42b 100644
--- a/reductstore/src/storage/proto.rs
+++ b/reductstore/src/storage/proto.rs
@@ -2,6 +2,9 @@
 // Licensed under the Business Source License 1.1
 
 use prost_wkt_types::Timestamp;
+use reduct_base::io::RecordMeta;
+use reduct_base::Labels;
+
 include!(concat!(env!("OUT_DIR"), "/reduct.proto.storage.rs"));
 
 /// Converts a Timestamp to UNIX microseconds.
@@ -17,3 +20,19 @@ pub fn us_to_ts(ts: &u64) -> Timestamp {
         ..Default::default()
     }
 }
+
+impl Into<RecordMeta> for Record {
+    fn into(self) -> RecordMeta {
+        RecordMeta::builder()
+            .timestamp(ts_to_us(self.timestamp.as_ref().unwrap()))
+            .content_length(self.end - self.begin)
+            .content_type(self.content_type)
+            .state(self.state)
+            .labels(Labels::from_iter(
+                self.labels
+                    .into_iter()
+                    .map(|label| (label.name, label.value)),
+            ))
+            .build()
+    }
+}
diff --git a/reductstore/src/storage/query.rs b/reductstore/src/storage/query.rs
index 306fb2774..8f836ed41 100644
--- a/reductstore/src/storage/query.rs
+++ b/reductstore/src/storage/query.rs
@@ -176,10 +176,12 @@ impl QueryWatcher {
 #[cfg(test)]
 mod tests {
     use super::*;
+    use crate::backend::Backend;
+    use crate::core::file_cache::FILE_CACHE;
     use crate::storage::block_manager::block_index::BlockIndex;
     use crate::storage::proto::Record;
     use prost_wkt_types::Timestamp;
-    use reduct_base::io::RecordMeta;
+    use reduct_base::io::ReadRecord;
     use rstest::*;
     use test_log::test as log_test;
     use tokio::time::timeout;
@@ -224,7 +226,7 @@ mod tests {
             block_manager.clone(),
         );
         assert!(rx.is_empty());
-        tokio::time::sleep(Duration::from_millis(100)).await;
+        tokio::time::sleep(Duration::from_millis(200)).await;
         assert!(handle.is_finished());
     }
 
@@ -241,8 +243,8 @@ mod tests {
             options,
             block_manager.clone(),
         );
-        assert_eq!(rx.recv().await.unwrap().unwrap().timestamp(), 0);
-        assert_eq!(rx.recv().await.unwrap().unwrap().timestamp(), 1);
+        assert_eq!(rx.recv().await.unwrap().unwrap().meta().timestamp(), 0);
+        assert_eq!(rx.recv().await.unwrap().unwrap().meta().timestamp(), 1);
         assert_eq!(rx.recv().await.unwrap().err().unwrap().status, NoContent);
         assert_eq!(timeout(Duration::from_millis(1000), handle).await, Ok(()));
     }
@@ -263,8 +265,8 @@ mod tests {
             options,
             block_manager.clone(),
         );
-        assert_eq!(rx.recv().await.unwrap().unwrap().timestamp(), 0);
-        assert_eq!(rx.recv().await.unwrap().unwrap().timestamp(), 1);
+        assert_eq!(rx.recv().await.unwrap().unwrap().meta().timestamp(), 0);
+        assert_eq!(rx.recv().await.unwrap().unwrap().meta().timestamp(), 1);
         assert_eq!(rx.recv().await.unwrap().err().unwrap().status, NoContent);
 
         block_manager
@@ -286,7 +288,7 @@ mod tests {
                 content_type: "".to_string(),
             });
 
-        assert_eq!(rx.recv().await.unwrap().unwrap().timestamp(), 2);
+        assert_eq!(rx.recv().await.unwrap().unwrap().meta().timestamp(), 2);
         assert_eq!(rx.recv().await.unwrap().err().unwrap().status, NoContent);
         assert!(
             timeout(Duration::from_millis(1000), handle).await.is_err(),
@@ -315,10 +317,17 @@ mod tests {
     fn block_manager() -> Arc<RwLock<BlockManager>> {
         let path = tempfile::tempdir()
             .unwrap()
-            .into_path()
+            .keep()
             .join("bucket")
             .join("entry");
 
+        FILE_CACHE.set_storage_backend(
+            Backend::builder()
+                .local_data_path(path.to_str().unwrap())
+                .try_build()
+                .unwrap(),
+        );
+
         let mut block_manager =
             BlockManager::new(path.clone(), BlockIndex::new(path.join("index")));
         let block_ref = block_manager.start_new_block(0, 10).unwrap();
diff --git a/reductstore/src/storage/query/base.rs b/reductstore/src/storage/query/base.rs
index ea682d22c..48f666076 100644
--- a/reductstore/src/storage/query/base.rs
+++ b/reductstore/src/storage/query/base.rs
@@ -117,7 +117,7 @@ pub(crate) mod tests {
         // Two blocks
         // the first block has two records: 0, 5
         // the second block has a record: 1000
-        let dir = tempdir().unwrap().into_path().join("bucket").join("entry");
+        let dir = tempdir().unwrap().keep().join("bucket").join("entry");
         let mut block_manager = BlockManager::new(dir.clone(), BlockIndex::new(dir.join("index")));
         let block_ref = block_manager.start_new_block(0, 10).unwrap();
 
diff --git a/reductstore/src/storage/query/condition.rs b/reductstore/src/storage/query/condition.rs
index d130d2d84..4fbed7ca1 100644
--- a/reductstore/src/storage/query/condition.rs
+++ b/reductstore/src/storage/query/condition.rs
@@ -1,11 +1,11 @@
 // Copyright 2024 ReductSoftware UG
 // Licensed under the Business Source License 1.1
 
-use crate::storage::query::condition::value::Value;
 use reduct_base::error::ReductError;
 use std::collections::HashMap;
 use std::fmt::Debug;
 
+mod computed_reference;
 mod constant;
 mod operators;
 mod parser;
@@ -19,22 +19,18 @@ mod value;
 pub(crate) struct Context<'a> {
     timestamp: u64,
     labels: HashMap<&'a str, &'a str>,
-    stage: EvaluationStage,
+    computed_labels: HashMap<&'a str, &'a str>,
 }
-
-#[derive(PartialEq, Debug, Default, Clone)]
-pub(crate) enum EvaluationStage {
-    #[default]
-    Retrieve,
-    Compute,
-}
-
 impl<'a> Context<'a> {
-    pub fn new(timestamp: u64, labels: HashMap<&'a str, &'a str>, stage: EvaluationStage) -> Self {
+    pub fn new(
+        timestamp: u64,
+        labels: HashMap<&'a str, &'a str>,
+        computed_labels: HashMap<&'a str, &'a str>,
+    ) -> Self {
         Context {
             timestamp,
             labels,
-            stage,
+            computed_labels,
         }
     }
 }
@@ -46,22 +42,8 @@ pub(crate) trait Node {
     /// Evaluates the node in the given context.
     fn apply(&mut self, context: &Context) -> Result<Value, ReductError>;
 
-    fn operands(&self) -> &Vec<BoxedNode>;
-
     /// Returns a string representation of the node.
     fn print(&self) -> String;
-
-    fn stage(&self) -> &EvaluationStage {
-        if self
-            .operands()
-            .iter()
-            .any(|o| o.stage() == &EvaluationStage::Compute)
-        {
-            &EvaluationStage::Compute
-        } else {
-            &EvaluationStage::Retrieve
-        }
-    }
 }
 
 pub(crate) trait Boxed: Node {
@@ -82,4 +64,6 @@ impl Debug for BoxedNode {
     }
 }
 
+pub(crate) use parser::Directives;
 pub(crate) use parser::Parser;
+pub(crate) use value::Value;
diff --git a/reductstore/src/storage/query/condition/computed_reference.rs b/reductstore/src/storage/query/condition/computed_reference.rs
new file mode 100644
index 000000000..1eef37de8
--- /dev/null
+++ b/reductstore/src/storage/query/condition/computed_reference.rs
@@ -0,0 +1,72 @@
+// Copyright 2025 ReductSoftware UG
+// Licensed under the Business Source License 1.1
+
+use crate::storage::query::condition::value::Value;
+use crate::storage::query::condition::{BoxedNode, Context, Node};
+use reduct_base::error::ReductError;
+use reduct_base::not_found;
+
+/// A node representing a reference to a label in the context.
+pub(super) struct ComputedReference {
+    name: String,
+}
+
+impl Node for ComputedReference {
+    fn apply(&mut self, context: &Context) -> Result<Value, ReductError> {
+        let label_value = context
+            .computed_labels
+            .get(self.name.as_str())
+            .ok_or(not_found!("Reference '@{}' not found", self.name))?;
+
+        let value = Value::parse(label_value);
+        Ok(value)
+    }
+
+    fn print(&self) -> String {
+        format!("CompRef({})", self.name)
+    }
+}
+
+impl ComputedReference {
+    pub fn new(name: String) -> Self {
+        ComputedReference { name }
+    }
+
+    pub fn boxed(name: String) -> BoxedNode {
+        Box::new(ComputedReference::new(name))
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+    use crate::storage::query::condition::value::Value;
+
+    #[test]
+    fn apply() {
+        let mut reference = ComputedReference::new("label".to_string());
+        let mut context = Context::default();
+        context.computed_labels.insert("label", "true");
+        let result = reference.apply(&context).unwrap();
+        assert_eq!(result, Value::Bool(true));
+    }
+
+    #[test]
+    fn apply_not_found() {
+        let mut reference = ComputedReference::new("label".to_string());
+        let context = Context::default();
+        let result = reference.apply(&context);
+        assert!(result
+            .err()
+            .unwrap()
+            .to_string()
+            .contains("Reference '@label' not found"));
+    }
+
+    #[test]
+    fn print() {
+        let reference = ComputedReference::new("label".to_string());
+        let result = reference.print();
+        assert_eq!(result, "CompRef(label)");
+    }
+}
diff --git a/reductstore/src/storage/query/condition/constant.rs b/reductstore/src/storage/query/condition/constant.rs
index 9ed6ee59b..3bde42549 100644
--- a/reductstore/src/storage/query/condition/constant.rs
+++ b/reductstore/src/storage/query/condition/constant.rs
@@ -2,13 +2,12 @@
 // Licensed under the Business Source License 1.1
 
 use crate::storage::query::condition::value::Value;
-use crate::storage::query::condition::{BoxedNode, Context, EvaluationStage, Node};
+use crate::storage::query::condition::{BoxedNode, Context, Node};
 use reduct_base::error::ReductError;
 
 /// A node representing a constant value.
 pub(super) struct Constant {
     value: Value,
-    operands: Vec<BoxedNode>,
 }
 
 impl Node for Constant {
@@ -16,25 +15,14 @@ impl Node for Constant {
         Ok(self.value.clone())
     }
 
-    fn operands(&self) -> &Vec<BoxedNode> {
-        &self.operands
-    }
-
     fn print(&self) -> String {
         format!("{:?}", self.value)
     }
-
-    fn stage(&self) -> &EvaluationStage {
-        &EvaluationStage::Retrieve
-    }
 }
 
 impl Constant {
     pub fn new(value: Value) -> Self {
-        Constant {
-            value,
-            operands: vec![],
-        }
+        Constant { value }
     }
 
     pub fn boxed(value: Value) -> BoxedNode {
@@ -46,7 +34,6 @@ impl From<bool> for Constant {
     fn from(value: bool) -> Self {
         Constant {
             value: Value::Bool(value),
-            operands: vec![],
         }
     }
 }
@@ -74,13 +61,6 @@ mod tests {
             assert_eq!(result, "Bool(true)");
         }
 
-        #[test]
-        fn operands() {
-            let constant = Constant::new(Value::Bool(true));
-            let result = constant.operands();
-            assert_eq!(result.len(), 0);
-        }
-
         #[test]
         fn from_bool() {
             let mut constant = Constant::from(true);
diff --git a/reductstore/src/storage/query/condition/operators/aggregation/each_n.rs b/reductstore/src/storage/query/condition/operators/aggregation/each_n.rs
index c9ea44ef0..0b9e35cc4 100644
--- a/reductstore/src/storage/query/condition/operators/aggregation/each_n.rs
+++ b/reductstore/src/storage/query/condition/operators/aggregation/each_n.rs
@@ -48,10 +48,6 @@ impl Node for EachN {
         }
     }
 
-    fn operands(&self) -> &Vec<BoxedNode> {
-        &self.operands
-    }
-
     fn print(&self) -> String {
         format!("EachN({:?})", self.operands[0])
     }
diff --git a/reductstore/src/storage/query/condition/operators/aggregation/each_t.rs b/reductstore/src/storage/query/condition/operators/aggregation/each_t.rs
index d5b9c2dae..60e9271a6 100644
--- a/reductstore/src/storage/query/condition/operators/aggregation/each_t.rs
+++ b/reductstore/src/storage/query/condition/operators/aggregation/each_t.rs
@@ -39,7 +39,12 @@ impl Node for EachT {
         }
 
         let last_time = self.last_timestamp.unwrap();
-        let s = self.operands[0].apply(context)?.as_float()?;
+        let value = self.operands[0].apply(context)?;
+        let s = if value.is_duration() {
+            value.as_float()? / 1_000_000.0
+        } else {
+            value.as_float()?
+        };
 
         let ret = context.timestamp - last_time >= (s * 1_000_000.0) as u64;
         if ret {
@@ -49,10 +54,6 @@ impl Node for EachT {
         Ok(Value::Bool(ret))
     }
 
-    fn operands(&self) -> &Vec<BoxedNode> {
-        &self.operands
-    }
-
     fn print(&self) -> String {
         format!("EachT({:?})", self.operands[0])
     }
@@ -67,8 +68,10 @@ mod tests {
     use rstest::rstest;
 
     #[rstest]
-    fn apply_ok() {
-        let mut op = EachT::new(vec![Constant::boxed(Value::Float(0.1))]);
+    #[case(Value::Float(0.1))]
+    #[case(Value::Duration(100_000))]
+    fn apply_ok(#[case] value: Value) {
+        let mut op = EachT::new(vec![Constant::boxed(value)]);
 
         let mut context = Context::default();
         assert_eq!(op.apply(&context).unwrap(), Value::Bool(false));
diff --git a/reductstore/src/storage/query/condition/operators/aggregation/limit.rs b/reductstore/src/storage/query/condition/operators/aggregation/limit.rs
index fe81110e4..ccf39aba9 100644
--- a/reductstore/src/storage/query/condition/operators/aggregation/limit.rs
+++ b/reductstore/src/storage/query/condition/operators/aggregation/limit.rs
@@ -38,10 +38,6 @@ impl Node for Limit {
         Ok(Value::Bool(true))
     }
 
-    fn operands(&self) -> &Vec<BoxedNode> {
-        &self.operands
-    }
-
     fn print(&self) -> String {
         format!("Limit({:?})", self.operands[0])
     }
diff --git a/reductstore/src/storage/query/condition/operators/arithmetic/abs.rs b/reductstore/src/storage/query/condition/operators/arithmetic/abs.rs
index 8b59f0790..185aabb87 100644
--- a/reductstore/src/storage/query/condition/operators/arithmetic/abs.rs
+++ b/reductstore/src/storage/query/condition/operators/arithmetic/abs.rs
@@ -21,10 +21,6 @@ impl Node for Abs {
     fn print(&self) -> String {
         format!("Abs({:?})", self.operands[0])
     }
-
-    fn operands(&self) -> &Vec<BoxedNode> {
-        &self.operands
-    }
 }
 
 impl Boxed for Abs {
diff --git a/reductstore/src/storage/query/condition/operators/arithmetic/add.rs b/reductstore/src/storage/query/condition/operators/arithmetic/add.rs
index cba41dbb3..967abd188 100644
--- a/reductstore/src/storage/query/condition/operators/arithmetic/add.rs
+++ b/reductstore/src/storage/query/condition/operators/arithmetic/add.rs
@@ -26,10 +26,6 @@ impl Node for Add {
         Ok(sum.unwrap_or(Value::Int(0)))
     }
 
-    fn operands(&self) -> &Vec<BoxedNode> {
-        &self.operands
-    }
-
     fn print(&self) -> String {
         format!("Add({:?})", self.operands)
     }
diff --git a/reductstore/src/storage/query/condition/operators/arithmetic/div.rs b/reductstore/src/storage/query/condition/operators/arithmetic/div.rs
index 8984ff704..34bc3c27f 100644
--- a/reductstore/src/storage/query/condition/operators/arithmetic/div.rs
+++ b/reductstore/src/storage/query/condition/operators/arithmetic/div.rs
@@ -19,10 +19,6 @@ impl Node for Div {
         value_1.divide(value_2)
     }
 
-    fn operands(&self) -> &Vec<BoxedNode> {
-        &self.operands
-    }
-
     fn print(&self) -> String {
         format!("Div({:?}, {:?})", self.operands[0], self.operands[1])
     }
diff --git a/reductstore/src/storage/query/condition/operators/arithmetic/div_num.rs b/reductstore/src/storage/query/condition/operators/arithmetic/div_num.rs
index b8a644515..a18a8d5d8 100644
--- a/reductstore/src/storage/query/condition/operators/arithmetic/div_num.rs
+++ b/reductstore/src/storage/query/condition/operators/arithmetic/div_num.rs
@@ -19,10 +19,6 @@ impl Node for DivNum {
         value_1.divide_num(value_2)
     }
 
-    fn operands(&self) -> &Vec<BoxedNode> {
-        &self.operands
-    }
-
     fn print(&self) -> String {
         format!("DivNum({:?}, {:?})", self.operands[0], self.operands[1])
     }
diff --git a/reductstore/src/storage/query/condition/operators/arithmetic/mult.rs b/reductstore/src/storage/query/condition/operators/arithmetic/mult.rs
index 741ed365c..5718b30c5 100644
--- a/reductstore/src/storage/query/condition/operators/arithmetic/mult.rs
+++ b/reductstore/src/storage/query/condition/operators/arithmetic/mult.rs
@@ -26,10 +26,6 @@ impl Node for Mult {
         Ok(prod.unwrap_or(Value::Int(0)))
     }
 
-    fn operands(&self) -> &Vec<BoxedNode> {
-        &self.operands
-    }
-
     fn print(&self) -> String {
         format!("Mult({:?})", self.operands)
     }
diff --git a/reductstore/src/storage/query/condition/operators/arithmetic/rem.rs b/reductstore/src/storage/query/condition/operators/arithmetic/rem.rs
index c13bc31da..4ec7e2bd5 100644
--- a/reductstore/src/storage/query/condition/operators/arithmetic/rem.rs
+++ b/reductstore/src/storage/query/condition/operators/arithmetic/rem.rs
@@ -19,10 +19,6 @@ impl Node for Rem {
         value_1.remainder(value_2)
     }
 
-    fn operands(&self) -> &Vec<BoxedNode> {
-        &self.operands
-    }
-
     fn print(&self) -> String {
         format!("Rem({:?}, {:?})", self.operands[0], self.operands[1])
     }
diff --git a/reductstore/src/storage/query/condition/operators/arithmetic/sub.rs b/reductstore/src/storage/query/condition/operators/arithmetic/sub.rs
index b436420d2..906551f51 100644
--- a/reductstore/src/storage/query/condition/operators/arithmetic/sub.rs
+++ b/reductstore/src/storage/query/condition/operators/arithmetic/sub.rs
@@ -19,10 +19,6 @@ impl Node for Sub {
         value_1.subtract(value_2)
     }
 
-    fn operands(&self) -> &Vec<BoxedNode> {
-        &self.operands
-    }
-
     fn print(&self) -> String {
         format!("Sub({:?}, {:?})", self.operands[0], self.operands[1])
     }
diff --git a/reductstore/src/storage/query/condition/operators/comparison/eq.rs b/reductstore/src/storage/query/condition/operators/comparison/eq.rs
index 8732c945f..059e48412 100644
--- a/reductstore/src/storage/query/condition/operators/comparison/eq.rs
+++ b/reductstore/src/storage/query/condition/operators/comparison/eq.rs
@@ -18,10 +18,6 @@ impl Node for Eq {
         Ok(Value::Bool(value_1 == value_2))
     }
 
-    fn operands(&self) -> &Vec<BoxedNode> {
-        &self.operands
-    }
-
     fn print(&self) -> String {
         format!("Eq({:?}, {:?})", self.operands[0], self.operands[1])
     }
diff --git a/reductstore/src/storage/query/condition/operators/comparison/gt.rs b/reductstore/src/storage/query/condition/operators/comparison/gt.rs
index eea0a3b61..3f00b8c1d 100644
--- a/reductstore/src/storage/query/condition/operators/comparison/gt.rs
+++ b/reductstore/src/storage/query/condition/operators/comparison/gt.rs
@@ -18,10 +18,6 @@ impl Node for Gt {
         Ok(Value::Bool(value_1 > value_2))
     }
 
-    fn operands(&self) -> &Vec<BoxedNode> {
-        &self.operands
-    }
-
     fn print(&self) -> String {
         format!("Gt({:?}, {:?})", self.operands[0], self.operands[1])
     }
diff --git a/reductstore/src/storage/query/condition/operators/comparison/gte.rs b/reductstore/src/storage/query/condition/operators/comparison/gte.rs
index 8fc154302..597ff7d84 100644
--- a/reductstore/src/storage/query/condition/operators/comparison/gte.rs
+++ b/reductstore/src/storage/query/condition/operators/comparison/gte.rs
@@ -18,10 +18,6 @@ impl Node for Gte {
         Ok(Value::Bool(value_1 >= value_2))
     }
 
-    fn operands(&self) -> &Vec<BoxedNode> {
-        &self.operands
-    }
-
     fn print(&self) -> String {
         format!("Gte({:?}, {:?})", self.operands[0], self.operands[1])
     }
diff --git a/reductstore/src/storage/query/condition/operators/comparison/lt.rs b/reductstore/src/storage/query/condition/operators/comparison/lt.rs
index 1e841f612..74ab51497 100644
--- a/reductstore/src/storage/query/condition/operators/comparison/lt.rs
+++ b/reductstore/src/storage/query/condition/operators/comparison/lt.rs
@@ -18,10 +18,6 @@ impl Node for Lt {
         Ok(Value::Bool(value_1 < value_2))
     }
 
-    fn operands(&self) -> &Vec<BoxedNode> {
-        &self.operands
-    }
-
     fn print(&self) -> String {
         format!("Lt({:?}, {:?})", self.operands[0], self.operands[1])
     }
diff --git a/reductstore/src/storage/query/condition/operators/comparison/lte.rs b/reductstore/src/storage/query/condition/operators/comparison/lte.rs
index b83e6cc47..44cc628c7 100644
--- a/reductstore/src/storage/query/condition/operators/comparison/lte.rs
+++ b/reductstore/src/storage/query/condition/operators/comparison/lte.rs
@@ -18,10 +18,6 @@ impl Node for Lte {
         Ok(Value::Bool(value_1 <= value_2))
     }
 
-    fn operands(&self) -> &Vec<BoxedNode> {
-        &self.operands
-    }
-
     fn print(&self) -> String {
         format!("Lte({:?}, {:?})", self.operands[0], self.operands[1])
     }
diff --git a/reductstore/src/storage/query/condition/operators/comparison/ne.rs b/reductstore/src/storage/query/condition/operators/comparison/ne.rs
index d847d43af..94e7363b9 100644
--- a/reductstore/src/storage/query/condition/operators/comparison/ne.rs
+++ b/reductstore/src/storage/query/condition/operators/comparison/ne.rs
@@ -18,10 +18,6 @@ impl Node for Ne {
         Ok(Value::Bool(value_1 != value_2))
     }
 
-    fn operands(&self) -> &Vec<BoxedNode> {
-        self.operands.as_ref()
-    }
-
     fn print(&self) -> String {
         format!("Ne({:?}, {:?})", self.operands[0], self.operands[1])
     }
diff --git a/reductstore/src/storage/query/condition/operators/logical/all_of.rs b/reductstore/src/storage/query/condition/operators/logical/all_of.rs
index 34d104b0e..53bccea43 100644
--- a/reductstore/src/storage/query/condition/operators/logical/all_of.rs
+++ b/reductstore/src/storage/query/condition/operators/logical/all_of.rs
@@ -22,10 +22,6 @@ impl Node for AllOf {
         Ok(Value::Bool(true))
     }
 
-    fn operands(&self) -> &Vec<BoxedNode> {
-        &self.operands
-    }
-
     fn print(&self) -> String {
         format!("AllOf({:?})", self.operands)
     }
diff --git a/reductstore/src/storage/query/condition/operators/logical/any_of.rs b/reductstore/src/storage/query/condition/operators/logical/any_of.rs
index 93b15dd05..90cb4eb26 100644
--- a/reductstore/src/storage/query/condition/operators/logical/any_of.rs
+++ b/reductstore/src/storage/query/condition/operators/logical/any_of.rs
@@ -22,10 +22,6 @@ impl Node for AnyOf {
         Ok(Value::Bool(false))
     }
 
-    fn operands(&self) -> &Vec<BoxedNode> {
-        &self.operands
-    }
-
     fn print(&self) -> String {
         format!("AnyOf({:?})", self.operands)
     }
diff --git a/reductstore/src/storage/query/condition/operators/logical/in.rs b/reductstore/src/storage/query/condition/operators/logical/in.rs
index f62ea76fc..5b54afa2b 100644
--- a/reductstore/src/storage/query/condition/operators/logical/in.rs
+++ b/reductstore/src/storage/query/condition/operators/logical/in.rs
@@ -23,10 +23,6 @@ impl Node for In {
         Ok(Value::Bool(false))
     }
 
-    fn operands(&self) -> &Vec<BoxedNode> {
-        &self.operands
-    }
-
     fn print(&self) -> String {
         format!(
             "In({:?}, [{:}])",
diff --git a/reductstore/src/storage/query/condition/operators/logical/nin.rs b/reductstore/src/storage/query/condition/operators/logical/nin.rs
index d8c15cfa6..1944c5339 100644
--- a/reductstore/src/storage/query/condition/operators/logical/nin.rs
+++ b/reductstore/src/storage/query/condition/operators/logical/nin.rs
@@ -22,9 +22,6 @@ impl Node for Nin {
 
         Ok(Value::Bool(true))
     }
-    fn operands(&self) -> &Vec<BoxedNode> {
-        &self.operands
-    }
 
     fn print(&self) -> String {
         format!(
diff --git a/reductstore/src/storage/query/condition/operators/logical/none_of.rs b/reductstore/src/storage/query/condition/operators/logical/none_of.rs
index 45b4b1af1..76ea9c61e 100644
--- a/reductstore/src/storage/query/condition/operators/logical/none_of.rs
+++ b/reductstore/src/storage/query/condition/operators/logical/none_of.rs
@@ -22,10 +22,6 @@ impl Node for NoneOf {
         Ok(Value::Bool(true))
     }
 
-    fn operands(&self) -> &Vec<BoxedNode> {
-        &self.operands
-    }
-
     fn print(&self) -> String {
         format!("NoneOf({:?})", self.operands)
     }
diff --git a/reductstore/src/storage/query/condition/operators/logical/one_of.rs b/reductstore/src/storage/query/condition/operators/logical/one_of.rs
index 92f57e933..1029bc895 100644
--- a/reductstore/src/storage/query/condition/operators/logical/one_of.rs
+++ b/reductstore/src/storage/query/condition/operators/logical/one_of.rs
@@ -23,10 +23,6 @@ impl Node for OneOf {
         Ok(Value::Bool(count == 1))
     }
 
-    fn operands(&self) -> &Vec<BoxedNode> {
-        &self.operands
-    }
-
     fn print(&self) -> String {
         format!("OneOf({:?})", self.operands)
     }
diff --git a/reductstore/src/storage/query/condition/operators/misc/cast.rs b/reductstore/src/storage/query/condition/operators/misc/cast.rs
index b680126e0..8e9879511 100644
--- a/reductstore/src/storage/query/condition/operators/misc/cast.rs
+++ b/reductstore/src/storage/query/condition/operators/misc/cast.rs
@@ -14,14 +14,10 @@ pub(crate) struct Cast {
 impl Node for Cast {
     fn apply(&mut self, context: &Context) -> Result<Value, ReductError> {
         let op = self.operands[0].apply(context)?;
-        let type_name = self.operands[1].apply(context)?.as_string()?;
+        let type_name = self.operands[1].apply(context)?.to_string();
         op.cast(type_name.as_str())
     }
 
-    fn operands(&self) -> &Vec<BoxedNode> {
-        &self.operands
-    }
-
     fn print(&self) -> String {
         format!("Cast({:?}, {:?})", self.operands[0], self.operands[1])
     }
diff --git a/reductstore/src/storage/query/condition/operators/misc/exists.rs b/reductstore/src/storage/query/condition/operators/misc/exists.rs
index 8dd48e08a..24a7e4157 100644
--- a/reductstore/src/storage/query/condition/operators/misc/exists.rs
+++ b/reductstore/src/storage/query/condition/operators/misc/exists.rs
@@ -15,17 +15,13 @@ impl Node for Exists {
     fn apply(&mut self, context: &Context) -> Result<Value, ReductError> {
         for operand in &mut self.operands {
             let value = operand.apply(context)?;
-            if !context.labels.contains_key(value.as_string()?.as_str()) {
+            if !context.labels.contains_key(value.to_string().as_str()) {
                 return Ok(Value::Bool(false));
             }
         }
         Ok(Value::Bool(true))
     }
 
-    fn operands(&self) -> &Vec<BoxedNode> {
-        &self.operands
-    }
-
     fn print(&self) -> String {
         format!("Exists({:?})", self.operands)
     }
diff --git a/reductstore/src/storage/query/condition/operators/misc/ref.rs b/reductstore/src/storage/query/condition/operators/misc/ref.rs
index d6eff7464..5b57de0c3 100644
--- a/reductstore/src/storage/query/condition/operators/misc/ref.rs
+++ b/reductstore/src/storage/query/condition/operators/misc/ref.rs
@@ -13,17 +13,13 @@ pub(crate) struct Ref {
 
 impl Node for Ref {
     fn apply(&mut self, context: &Context) -> Result<Value, ReductError> {
-        let label = self.operands[0].apply(context)?.as_string()?;
+        let label = self.operands[0].apply(context)?.to_string();
         context.labels.get(label.as_str()).map_or_else(
             || Err(not_found!("Label '{:?}' not found", label)),
             |v| Ok(Value::parse(v)),
         )
     }
 
-    fn operands(&self) -> &Vec<BoxedNode> {
-        &self.operands
-    }
-
     fn print(&self) -> String {
         format!("Ref({:?})", self.operands[0])
     }
diff --git a/reductstore/src/storage/query/condition/operators/misc/timestamp.rs b/reductstore/src/storage/query/condition/operators/misc/timestamp.rs
index 7fd0d9ff7..b51e3c72d 100644
--- a/reductstore/src/storage/query/condition/operators/misc/timestamp.rs
+++ b/reductstore/src/storage/query/condition/operators/misc/timestamp.rs
@@ -7,19 +7,13 @@ use reduct_base::error::ReductError;
 use reduct_base::unprocessable_entity;
 
 /// A node representing the timestamp of a current record in a query.
-pub(crate) struct Timestamp {
-    operands: Vec<BoxedNode>,
-}
+pub(crate) struct Timestamp {}
 
 impl Node for Timestamp {
     fn apply(&mut self, context: &Context) -> Result<Value, ReductError> {
         Ok(Value::Int(context.timestamp as i64))
     }
 
-    fn operands(&self) -> &Vec<BoxedNode> {
-        &self.operands
-    }
-
     fn print(&self) -> String {
         "Timestamp()".to_string()
     }
@@ -31,13 +25,13 @@ impl Boxed for Timestamp {
             return Err(unprocessable_entity!("$timestamp requires no operands"));
         }
 
-        Ok(Box::new(Timestamp::new(operands)))
+        Ok(Box::new(Timestamp::new()))
     }
 }
 
 impl Timestamp {
-    pub fn new(operands: Vec<BoxedNode>) -> Self {
-        Self { operands }
+    pub fn new() -> Self {
+        Self {}
     }
 }
 
@@ -51,7 +45,7 @@ mod tests {
 
     #[rstest]
     fn apply_ok() {
-        let mut op = Timestamp::new(vec![]);
+        let mut op = Timestamp::new();
 
         let mut context = Context::default();
         context.timestamp = 1234567890;
@@ -69,7 +63,7 @@ mod tests {
 
     #[rstest]
     fn print() {
-        let and = Timestamp::new(vec![]);
+        let and = Timestamp::new();
         assert_eq!(and.print(), "Timestamp()".to_string());
     }
 }
diff --git a/reductstore/src/storage/query/condition/operators/string/contains.rs b/reductstore/src/storage/query/condition/operators/string/contains.rs
index 7335b6012..e73d8fa6c 100644
--- a/reductstore/src/storage/query/condition/operators/string/contains.rs
+++ b/reductstore/src/storage/query/condition/operators/string/contains.rs
@@ -18,10 +18,6 @@ impl Node for Contains {
         Ok(Value::Bool(value_1.contains(value_2)?))
     }
 
-    fn operands(&self) -> &Vec<BoxedNode> {
-        &self.operands
-    }
-
     fn print(&self) -> String {
         format!("Contains({:?}, {:?})", self.operands[0], self.operands[1])
     }
diff --git a/reductstore/src/storage/query/condition/operators/string/ends_with.rs b/reductstore/src/storage/query/condition/operators/string/ends_with.rs
index f7f3aace7..4a60a4a71 100644
--- a/reductstore/src/storage/query/condition/operators/string/ends_with.rs
+++ b/reductstore/src/storage/query/condition/operators/string/ends_with.rs
@@ -18,10 +18,6 @@ impl Node for EndsWith {
         Ok(Value::Bool(value_1.ends_with(value_2)?))
     }
 
-    fn operands(&self) -> &Vec<BoxedNode> {
-        &self.operands
-    }
-
     fn print(&self) -> String {
         format!("EndsWith({:?}, {:?})", self.operands[0], self.operands[1])
     }
diff --git a/reductstore/src/storage/query/condition/operators/string/starts_with.rs b/reductstore/src/storage/query/condition/operators/string/starts_with.rs
index e5e809614..e53a16190 100644
--- a/reductstore/src/storage/query/condition/operators/string/starts_with.rs
+++ b/reductstore/src/storage/query/condition/operators/string/starts_with.rs
@@ -18,10 +18,6 @@ impl Node for StartsWith {
         Ok(Value::Bool(value_1.starts_with(value_2)?))
     }
 
-    fn operands(&self) -> &Vec<BoxedNode> {
-        &self.operands
-    }
-
     fn print(&self) -> String {
         format!("StartsWith({:?}, {:?})", self.operands[0], self.operands[1])
     }
diff --git a/reductstore/src/storage/query/condition/parser.rs b/reductstore/src/storage/query/condition/parser.rs
index 1457e1273..c5102ca99 100644
--- a/reductstore/src/storage/query/condition/parser.rs
+++ b/reductstore/src/storage/query/condition/parser.rs
@@ -1,6 +1,7 @@
-// Copyright 2024 ReductSoftware UG
+// Copyright 2024-2025 ReductSoftware UG
 // Licensed under the Business Source License 1.1
 
+use crate::storage::query::condition::computed_reference::ComputedReference;
 use crate::storage::query::condition::constant::Constant;
 use crate::storage::query::condition::operators::aggregation::{EachN, EachT, Limit};
 use crate::storage::query::condition::operators::arithmetic::{
@@ -11,109 +12,104 @@ use crate::storage::query::condition::operators::logical::{AllOf, AnyOf, In, Nin
 use crate::storage::query::condition::operators::misc::{Cast, Exists, Ref, Timestamp};
 use crate::storage::query::condition::operators::string::{Contains, EndsWith, StartsWith};
 use crate::storage::query::condition::reference::Reference;
-use crate::storage::query::condition::value::Value;
-use crate::storage::query::condition::{Boxed, BoxedNode, Context, EvaluationStage, Node};
+use crate::storage::query::condition::value::{parse_duration, Value};
+use crate::storage::query::condition::{Boxed, BoxedNode};
 use reduct_base::error::ReductError;
 use reduct_base::unprocessable_entity;
-use serde_json::{Map, Value as JsonValue};
+use serde_json::{Map, Number, Value as JsonValue};
+use std::collections::HashMap;
 
 /// Parses a JSON object into a condition tree.
 pub(crate) struct Parser {}
 
-/// A node in a condition tree.
-///
-/// It evaluates the node in the given context on different stages.
-struct StagedAllOff {
-    operands: Vec<BoxedNode>,
-}
-
-impl Node for StagedAllOff {
-    fn apply(&mut self, context: &Context) -> Result<Value, ReductError> {
-        for operand in self.operands.iter_mut() {
-            // Filter out operands that are not in the current stage
-            if operand.stage() == &context.stage {
-                let value = operand.apply(context)?;
-                if !value.as_bool()? {
-                    return Ok(Value::Bool(false));
-                }
-            }
-        }
-
-        Ok(Value::Bool(true))
-    }
-
-    fn operands(&self) -> &Vec<BoxedNode> {
-        &self.operands
-    }
-
-    fn print(&self) -> String {
-        format!("AllOf({:?})", self.operands)
-    }
-}
-
-impl Boxed for StagedAllOff {
-    fn boxed(operands: Vec<BoxedNode>) -> Result<BoxedNode, ReductError> {
-        Ok(Box::new(Self { operands }))
-    }
-}
+pub(crate) type Directives = HashMap<String, Vec<Value>>;
+static DIRECTIVES: [&str; 3] = ["#ctx_before", "#ctx_after", "#select_labels"];
 
 impl Parser {
-    pub fn parse(&self, json: &JsonValue) -> Result<BoxedNode, ReductError> {
-        let expressions = self.parse_intern(json)?;
-        Ok(StagedAllOff::boxed(expressions)?)
+    /// Parses a JSON object into a condition tree.
+    ///
+    /// # Arguments
+    ///
+    /// * `json` - A JSON value representing the condition.
+    ///
+    /// # Returns
+    ///
+    /// A boxed node representing the condition tree.
+    /// The root node is a `StagedAllOf` that aggregates all expressions
+    pub fn parse(&self, mut json: JsonValue) -> Result<(BoxedNode, Directives), ReductError> {
+        // parse directives if any
+        let directives = Self::parse_directives(&mut json)?;
+        let expressions = Self::parse_recursively(&json)?;
+        Ok((AllOf::boxed(expressions)?, directives))
     }
 
-    fn parse_intern(&self, json: &JsonValue) -> Result<Vec<BoxedNode>, ReductError> {
-        match json {
-            JsonValue::Object(map) => {
-                let mut expressions = vec![];
-                for (key, value) in map.iter() {
-                    if let JsonValue::Array(operand_list) = value {
-                        // Parse array notation e.g. {"$and": [true, true]}
-                        expressions.push(self.parse_array_syntax(key, operand_list)?);
-                    } else if let JsonValue::Object(operator_right_operand) = value {
-                        // Parse object notation e.g. {"&label": {"$and": true}}
-                        expressions.push(self.parse_object_syntax(key, operator_right_operand)?);
-                    } else {
-                        // For unary operators, we need to parse the value
-                        let operands = self.parse_intern(value)?;
-                        let operator = Self::parse_operator(key, operands)?;
-                        expressions.push(operator);
-                    }
+    fn parse_directives(json: &mut JsonValue) -> Result<Directives, ReductError> {
+        let mut directives = Directives::new();
+        let mut keys_to_remove = vec![];
+        for (key, value) in json.as_object().unwrap_or(&Map::new()).iter() {
+            if key.starts_with("#") {
+                if !DIRECTIVES.contains(&key.as_str()) {
+                    return Err(unprocessable_entity!(
+                        "Directive '{}' is not supported",
+                        key
+                    ));
                 }
 
-                // We use AND operator to aggregate results from all expressions
-                Ok(expressions)
-            }
-
-            JsonValue::Bool(value) => Ok(vec![Constant::boxed(Value::Bool(*value))]),
-
-            JsonValue::Number(value) => {
-                if value.is_i64() || value.is_u64() {
-                    Ok(vec![Constant::boxed(Value::Int(value.as_i64().unwrap()))])
-                } else {
-                    Ok(vec![Constant::boxed(Value::Float(value.as_f64().unwrap()))])
-                }
-            }
-            JsonValue::String(value) => {
-                if value.starts_with("&") {
-                    Ok(vec![Reference::boxed(
-                        value[1..].to_string(),
-                        EvaluationStage::Retrieve,
-                    )])
-                } else if value.starts_with("@") {
-                    Ok(vec![Reference::boxed(
-                        value[1..].to_string(),
-                        EvaluationStage::Compute,
-                    )])
-                } else if value.starts_with("$") {
-                    // operator without operands (nullary)
-                    Ok(vec![Self::parse_operator(value, vec![])?])
+                let parse_primitive = |v: &JsonValue| -> Value {
+                    match v {
+                        JsonValue::Bool(value) => Value::Bool(*value),
+                        JsonValue::Number(value) => {
+                            if value.is_i64() || value.is_u64() {
+                                Value::Int(value.as_i64().unwrap())
+                            } else {
+                                Value::Float(value.as_f64().unwrap())
+                            }
+                        }
+                        JsonValue::String(value) => {
+                            if let Ok(duration) = parse_duration(value) {
+                                duration
+                            } else {
+                                Value::String(value.to_string())
+                            }
+                        }
+                        _ => panic!("Unsupported directive value type: {}", v), // panic because it's programming error
+                    }
+                };
+
+                let mut parsed_values = vec![];
+
+                if value.is_null() {
+                    return Err(unprocessable_entity!("Directive '{}' cannot be null", key));
+                } else if value.is_object() {
+                    return Err(unprocessable_entity!(
+                        "Directive '{}' cannot be an object",
+                        key
+                    ));
+                } else if value.is_array() {
+                    for item in value.as_array().unwrap() {
+                        parsed_values.push(parse_primitive(item));
+                    }
                 } else {
-                    Ok(vec![Constant::boxed(Value::String(value.clone()))])
+                    parsed_values.push(parse_primitive(value))
                 }
+                directives.insert(key.to_string(), parsed_values);
+                keys_to_remove.push(key.to_string());
             }
+        }
 
+        // Remove directives from the original JSON object
+        for key in keys_to_remove {
+            json.as_object_mut().unwrap().shift_remove(&key);
+        }
+        Ok(directives)
+    }
+
+    fn parse_recursively(json: &JsonValue) -> Result<Vec<BoxedNode>, ReductError> {
+        match json {
+            JsonValue::Object(map) => Self::parse_object(map),
+            JsonValue::Bool(value) => Self::parse_bool(value),
+            JsonValue::Number(value) => Self::parse_number(value),
+            JsonValue::String(value) => Self::parse_string(value),
             JsonValue::Array(_) => Err(unprocessable_entity!(
                 "Array type is not supported: {}",
                 json
@@ -125,24 +121,70 @@ impl Parser {
         }
     }
 
+    fn parse_object(map: &Map<String, serde_json::Value>) -> Result<Vec<BoxedNode>, ReductError> {
+        let mut expressions = vec![];
+        for (key, value) in map.iter() {
+            if let JsonValue::Array(operand_list) = value {
+                // Parse array notation e.g. {"$and": [true, true]}
+                expressions.push(Self::parse_array_syntax(key, operand_list)?);
+            } else if let JsonValue::Object(operator_right_operand) = value {
+                // Parse object notation e.g. {"&label": {"$and": true}}
+                expressions.push(Self::parse_object_syntax(key, operator_right_operand)?);
+            } else {
+                // For unary operators, we need to parse the value
+                let operands = Self::parse_recursively(value)?;
+                let operator = Self::parse_operator(key, operands)?;
+                expressions.push(operator);
+            }
+        }
+
+        // We use AND operator to aggregate results from all expressions
+        Ok(expressions)
+    }
+
+    fn parse_bool(value: &bool) -> Result<Vec<BoxedNode>, ReductError> {
+        Ok(vec![Constant::boxed(Value::Bool(*value))])
+    }
+
+    fn parse_number(value: &Number) -> Result<Vec<BoxedNode>, ReductError> {
+        if value.is_i64() || value.is_u64() {
+            Ok(vec![Constant::boxed(Value::Int(value.as_i64().unwrap()))])
+        } else {
+            Ok(vec![Constant::boxed(Value::Float(value.as_f64().unwrap()))])
+        }
+    }
+
+    fn parse_string(value: &str) -> Result<Vec<BoxedNode>, ReductError> {
+        if value.starts_with("&") {
+            Ok(vec![Reference::boxed(value[1..].to_string())])
+        } else if value.starts_with("@") {
+            Ok(vec![ComputedReference::boxed(value[1..].to_string())])
+        } else if value.starts_with("$") {
+            Ok(vec![Self::parse_operator(value, vec![])?])
+        } else if let Ok(duration) = parse_duration(value) {
+            Ok(vec![Constant::boxed(duration)])
+        } else {
+            Ok(vec![Constant::boxed(Value::String(value.to_string()))])
+        }
+    }
+
     fn parse_array_syntax(
-        &self,
         operator: &str,
         json_operands: &Vec<JsonValue>,
     ) -> Result<BoxedNode, ReductError> {
         let mut operands = vec![];
         for operand in json_operands {
-            operands.extend(self.parse_intern(operand)?);
+            operands.extend(Self::parse_recursively(operand)?);
         }
         Self::parse_operator(operator, operands)
     }
 
     fn parse_object_syntax(
-        &self,
         left_operand: &str,
         op_right_operand: &Map<String, JsonValue>,
     ) -> Result<BoxedNode, ReductError> {
-        let mut left_operand = self.parse_intern(&JsonValue::String(left_operand.to_string()))?;
+        let mut left_operand =
+            Self::parse_recursively(&JsonValue::String(left_operand.to_string()))?;
         if op_right_operand.len() != 1 {
             return Err(unprocessable_entity!(
                 "Object notation must have exactly one operator"
@@ -150,12 +192,19 @@ impl Parser {
         }
 
         let (operator, operand) = op_right_operand.iter().next().unwrap();
-        let right_operand = self.parse_intern(operand)?;
+        let right_operand = Self::parse_recursively(operand)?;
         left_operand.extend(right_operand);
         Self::parse_operator(operator, left_operand)
     }
 
     fn parse_operator(operator: &str, operands: Vec<BoxedNode>) -> Result<BoxedNode, ReductError> {
+        if !operator.starts_with("$") {
+            return Err(unprocessable_entity!(
+                "Operator '{}' must start with '$'",
+                operator
+            ));
+        }
+
         match operator {
             // Aggregation operators
             "$each_n" => EachN::boxed(operands),
@@ -224,7 +273,7 @@ mod tests {
         let json = json!({
         "$and": [true, {"$gt": [20, 10]}]
         });
-        let mut node = parser.parse(&json).unwrap();
+        let (mut node, _) = parser.parse(json).unwrap();
         assert!(node.apply(&context).unwrap().as_bool().unwrap());
     }
 
@@ -233,12 +282,8 @@ mod tests {
         let json = json!({
             "&label": {"$gt": 10}
         });
-        let mut node = parser.parse(&json).unwrap();
-        let context = Context::new(
-            0,
-            HashMap::from_iter(vec![("label", "20")]),
-            EvaluationStage::Retrieve,
-        );
+        let (mut node, _) = parser.parse(json).unwrap();
+        let context = Context::new(0, HashMap::from_iter(vec![("label", "20")]), HashMap::new());
         assert!(node.apply(&context).unwrap().as_bool().unwrap());
     }
 
@@ -247,7 +292,7 @@ mod tests {
         let json = json!({
             "$and": [1, -2]
         });
-        let mut node = parser.parse(&json).unwrap();
+        let (mut node, _) = parser.parse(json).unwrap();
         assert!(node.apply(&context).unwrap().as_bool().unwrap());
     }
 
@@ -256,16 +301,25 @@ mod tests {
         let json = json!({
             "$and": [1.1, -2.2]
         });
-        let mut node = parser.parse(&json).unwrap();
+        let (mut node, _) = parser.parse(json).unwrap();
         assert!(node.apply(&context).unwrap().as_bool().unwrap());
     }
 
     #[rstest]
     fn test_parse_string(parser: Parser, context: Context) {
         let json = json!({
-            "$and": [                "a","b"]
+            "$and": ["a","b"]
+        });
+        let (mut node, _) = parser.parse(json).unwrap();
+        assert!(node.apply(&context).unwrap().as_bool().unwrap());
+    }
+
+    #[rstest]
+    fn test_parse_duration(parser: Parser, context: Context) {
+        let json = json!({
+            "$eq": ["1h", 3600_000_000u64]
         });
-        let mut node = parser.parse(&json).unwrap();
+        let (mut node, _) = parser.parse(json).unwrap();
         assert!(node.apply(&context).unwrap().as_bool().unwrap());
     }
 
@@ -278,11 +332,11 @@ mod tests {
             ]
         }        );
 
-        let mut node = parser.parse(&json).unwrap();
+        let (mut node, _) = parser.parse(json).unwrap();
         let context = Context::new(
             0,
             HashMap::from_iter(vec![("label", "true")]),
-            EvaluationStage::Retrieve,
+            HashMap::new(),
         );
         assert!(node.apply(&context).unwrap().as_bool().unwrap());
     }
@@ -295,7 +349,7 @@ mod tests {
                 1
             ]
         });
-        let mut node = parser.parse(&json).unwrap();
+        let (mut node, _) = parser.parse(json).unwrap();
         assert_eq!(node.apply(&context).unwrap(), Value::Int(1));
     }
 
@@ -304,7 +358,7 @@ mod tests {
         let json = json!({
         "$limit": 100
         });
-        let mut node = parser.parse(&json).unwrap();
+        let (mut node, _) = parser.parse(json).unwrap();
         assert_eq!(node.apply(&context).unwrap(), Value::Int(1));
     }
 
@@ -313,7 +367,7 @@ mod tests {
         let json = json!( {
             "$xx": [true, true]
         });
-        let result = parser.parse(&json);
+        let result = parser.parse(json);
         assert_eq!(
             result.err().unwrap().to_string(),
             "[UnprocessableEntity] Operator '$xx' not supported"
@@ -328,7 +382,7 @@ mod tests {
                     "x": "y"
                 }
             }        );
-        let result = parser.parse(&json);
+        let result = parser.parse(json);
         assert_eq!(
             result.err().unwrap().to_string(),
             "[UnprocessableEntity] Object notation must have exactly one operator"
@@ -342,7 +396,7 @@ mod tests {
                 "$in": [10, 20]
             }
         });
-        let result = parser.parse(&json);
+        let result = parser.parse(json);
         assert_eq!(
             result.err().unwrap().to_string(),
             "[UnprocessableEntity] Array type is not supported: [10,20]"
@@ -356,13 +410,126 @@ mod tests {
                 "$and": null
             }
         });
-        let result = parser.parse(&json);
+        let result = parser.parse(json);
         assert_eq!(
             result.err().unwrap().to_string(),
             "[UnprocessableEntity] Null type is not supported: null"
         );
     }
 
+    #[rstest]
+    fn test_parser_invalid_operator_without_dollar(parser: Parser) {
+        let json = json!({
+            "and": [true, true]
+        });
+        let result = parser.parse(json);
+        assert_eq!(
+            result.err().unwrap().to_string(),
+            "[UnprocessableEntity] Operator 'and' must start with '$'"
+        );
+    }
+
+    mod parse_directives {
+        use super::*;
+        use rstest::rstest;
+        use serde::Serialize;
+
+        #[rstest]
+        fn test_parse_directives(parser: Parser) {
+            let json = json!({
+                "#ctx_before": "1h",
+                "#ctx_after": "2h",
+                "#select_labels": ["label1", "label2"]
+            });
+            let (_, directives) = parser.parse(json).unwrap();
+            assert_eq!(directives.len(), 3);
+            assert_eq!(
+                directives["#ctx_before"],
+                vec![Value::Duration(3600_000_000)]
+            );
+            assert_eq!(
+                directives["#ctx_after"],
+                vec![Value::Duration(7200_000_000)]
+            );
+            assert_eq!(
+                directives["#select_labels"],
+                vec![
+                    Value::String("label1".to_string()),
+                    Value::String("label2".to_string())
+                ]
+            );
+        }
+
+        #[rstest]
+        #[case(true, Value::Bool(true))]
+        #[case(123, Value::Int(123))]
+        #[case(123.45, Value::Float(123.45))]
+        #[case("test", Value::String("test".to_string()))]
+        fn test_parse_directives_primitive_values<T: Serialize>(
+            parser: Parser,
+            #[case] value: T,
+            #[case] expected: Value,
+        ) {
+            let json = json!({
+                "#ctx_before": value,
+            });
+            let (_, directives) = parser.parse(json).unwrap();
+            assert_eq!(directives["#ctx_before"], vec![expected]);
+        }
+
+        #[rstest]
+        fn test_parse_array_directives(parser: Parser) {
+            let json = json!({
+                "#select_labels": ["label1", "label2"]
+            });
+            let (_, directives) = parser.parse(json).unwrap();
+            assert_eq!(
+                directives["#select_labels"],
+                vec![
+                    Value::String("label1".to_string()),
+                    Value::String("label2".to_string())
+                ]
+            );
+        }
+
+        #[rstest]
+        fn test_parse_invalid_directive(parser: Parser) {
+            let json = json!({
+                "#invalid_directive": "value"
+            });
+            let result = parser.parse(json);
+            assert_eq!(
+                result.err().unwrap().to_string(),
+                "[UnprocessableEntity] Directive '#invalid_directive' is not supported"
+            );
+        }
+
+        #[rstest]
+        fn test_parse_object_directive(parser: Parser) {
+            let json = json!({
+                "#ctx_before": {"invalid": "object"}
+            });
+            let result = parser.parse(json);
+            assert_eq!(
+                result.err().unwrap().to_string(),
+                "[UnprocessableEntity] Directive '#ctx_before' cannot be an object"
+            );
+        }
+
+        #[rstest]
+        fn test_parse_null_directive(parser: Parser) {
+            let json = json!({
+                "#ctx_before": null
+            });
+
+            let result = parser.parse(json);
+            assert_eq!(
+                result.err().unwrap().to_string(),
+                "[UnprocessableEntity] Directive '#ctx_before' cannot be null"
+            );
+        }
+    }
+
     mod parse_operators {
         use super::*;
         #[rstest]
@@ -416,12 +583,12 @@ mod tests {
         ) {
             let json = serde_json::from_str(&format!(
                 r#"{{"$eq":[{}, {{"{}": {} }}] }}"#,
-                expected.as_string().unwrap(),
+                expected.to_string(),
                 operator,
                 operands
             ))
             .unwrap();
-            let mut node = parser.parse(&json).unwrap();
+            let (mut node, _) = parser.parse(json).unwrap();
             assert!(
                 node.apply(&context).unwrap().as_bool().unwrap(),
                 "{}",
@@ -430,35 +597,6 @@ mod tests {
         }
     }
 
-    mod staged_all_of {
-        use super::*;
-        use rstest::rstest;
-
-        #[rstest]
-        fn test_staged_all_of() {
-            let operands: Vec<BoxedNode> = vec![
-                Constant::boxed(Value::Bool(true)),
-                Constant::boxed(Value::Bool(false)),
-            ];
-            let staged_all_of = StagedAllOff::boxed(operands);
-            assert_eq!(
-                staged_all_of.unwrap().print(),
-                "AllOf([Bool(true), Bool(false)])"
-            );
-        }
-
-        #[rstest]
-        fn test_run_only_staged_all_of() {
-            let operands: Vec<BoxedNode> = vec![
-                Constant::boxed(Value::Bool(false)), // ignored because not in stage
-            ];
-
-            let mut staged_all_of = StagedAllOff::boxed(operands).unwrap();
-            let context = Context::new(0, HashMap::new(), EvaluationStage::Compute);
-            assert_eq!(staged_all_of.apply(&context).unwrap(), Value::Bool(true));
-        }
-    }
-
     #[fixture]
     fn parser() -> Parser {
         Parser::new()
diff --git a/reductstore/src/storage/query/condition/reference.rs b/reductstore/src/storage/query/condition/reference.rs
index e00d50388..64858aa80 100644
--- a/reductstore/src/storage/query/condition/reference.rs
+++ b/reductstore/src/storage/query/condition/reference.rs
@@ -2,15 +2,13 @@
 // Licensed under the Business Source License 1.1
 
 use crate::storage::query::condition::value::Value;
-use crate::storage::query::condition::{BoxedNode, Context, EvaluationStage, Node};
+use crate::storage::query::condition::{BoxedNode, Context, Node};
 use reduct_base::error::ReductError;
 use reduct_base::not_found;
 
 /// A node representing a reference to a label in the context.
 pub(super) struct Reference {
     name: String,
-    stage: EvaluationStage,
-    operands: Vec<BoxedNode>,
 }
 
 impl Node for Reference {
@@ -24,30 +22,18 @@ impl Node for Reference {
         Ok(value)
     }
 
-    fn operands(&self) -> &Vec<BoxedNode> {
-        &self.operands
-    }
-
-    fn stage(&self) -> &EvaluationStage {
-        &self.stage
-    }
-
     fn print(&self) -> String {
         format!("Ref({})", self.name)
     }
 }
 
 impl Reference {
-    pub fn new(name: String, stage: EvaluationStage) -> Self {
-        Reference {
-            name,
-            stage,
-            operands: vec![],
-        }
+    pub fn new(name: String) -> Self {
+        Reference { name }
     }
 
-    pub fn boxed(name: String, stage: EvaluationStage) -> BoxedNode {
-        Box::new(Reference::new(name, stage))
+    pub fn boxed(name: String) -> BoxedNode {
+        Box::new(Reference::new(name))
     }
 }
 
@@ -55,11 +41,10 @@ impl Reference {
 mod tests {
     use super::*;
     use crate::storage::query::condition::value::Value;
-    use rstest::rstest;
 
     #[test]
     fn apply() {
-        let mut reference = Reference::new("label".to_string(), EvaluationStage::Retrieve);
+        let mut reference = Reference::new("label".to_string());
         let mut context = Context::default();
         context.labels.insert("label", "true");
         let result = reference.apply(&context).unwrap();
@@ -68,7 +53,7 @@ mod tests {
 
     #[test]
     fn apply_not_found() {
-        let mut reference = Reference::new("label".to_string(), EvaluationStage::Retrieve);
+        let mut reference = Reference::new("label".to_string());
         let context = Context::default();
         let result = reference.apply(&context);
         assert!(result
@@ -80,24 +65,8 @@ mod tests {
 
     #[test]
     fn print() {
-        let reference = Reference::new("label".to_string(), EvaluationStage::Retrieve);
+        let reference = Reference::new("label".to_string());
         let result = reference.print();
         assert_eq!(result, "Ref(label)");
     }
-
-    #[test]
-    fn operands() {
-        let reference = Reference::new("label".to_string(), EvaluationStage::Retrieve);
-        let result = reference.operands();
-        assert_eq!(result.len(), 0);
-    }
-
-    #[rstest]
-    #[case(EvaluationStage::Retrieve)]
-    #[case(EvaluationStage::Compute)]
-    fn test_stage(#[case] stage: EvaluationStage) {
-        let reference = Reference::new("label".to_string(), stage.clone());
-        let result = reference.stage();
-        assert_eq!(result, &stage);
-    }
 }
diff --git a/reductstore/src/storage/query/condition/value.rs b/reductstore/src/storage/query/condition/value.rs
index ef19e28aa..f8138f848 100644
--- a/reductstore/src/storage/query/condition/value.rs
+++ b/reductstore/src/storage/query/condition/value.rs
@@ -4,25 +4,29 @@
 mod cmp;
 
 mod arithmetic;
+mod duration_format;
 mod misc;
 mod string;
 
 use reduct_base::error::ReductError;
 use reduct_base::unprocessable_entity;
+use std::fmt::Display;
 
-pub(crate) use arithmetic::abs::Abs;
-pub(crate) use arithmetic::add::Add;
-pub(crate) use arithmetic::div::Div;
-pub(crate) use arithmetic::div_num::DivNum;
-pub(crate) use arithmetic::mult::Mult;
-pub(crate) use arithmetic::rem::Rem;
-pub(crate) use arithmetic::sub::Sub;
+pub(super) use arithmetic::abs::Abs;
+pub(super) use arithmetic::add::Add;
+pub(super) use arithmetic::div::Div;
+pub(super) use arithmetic::div_num::DivNum;
+pub(super) use arithmetic::mult::Mult;
+pub(super) use arithmetic::rem::Rem;
+pub(super) use arithmetic::sub::Sub;
 
-pub(crate) use string::contains::Contains;
-pub(crate) use string::ends_with::EndsWith;
-pub(crate) use string::starts_with::StartsWith;
+pub(super) use string::contains::Contains;
+pub(super) use string::ends_with::EndsWith;
+pub(super) use string::starts_with::StartsWith;
 
-pub(crate) use misc::cast::Cast;
+use crate::storage::query::condition::value::duration_format::fmt_duration;
+pub(super) use crate::storage::query::condition::value::duration_format::parse_duration;
+pub(super) use misc::cast::Cast;
 
 /// A value that can be used in a condition.
 #[derive(Debug, Clone)]
@@ -31,6 +35,7 @@ pub(crate) enum Value {
     Int(i64),
     Float(f64),
     String(String),
+    Duration(i64),
 }
 
 impl Value {
@@ -61,7 +66,7 @@ impl Value {
     pub fn as_bool(&self) -> Result<bool, ReductError> {
         match self {
             Value::Bool(value) => Ok(*value),
-            Value::Int(value) => Ok(value != &0),
+            Value::Int(value) | Value::Duration(value) => Ok(value != &0),
             Value::Float(value) => Ok(value != &0.0),
             Value::String(value) => Ok(!value.is_empty()),
         }
@@ -72,7 +77,7 @@ impl Value {
     pub fn as_int(&self) -> Result<i64, ReductError> {
         match self {
             Value::Bool(value) => Ok(*value as i64),
-            Value::Int(value) => Ok(*value),
+            Value::Int(value) | Value::Duration(value) => Ok(*value),
             Value::Float(value) => Ok(*value as i64),
             Value::String(value) => {
                 if let Ok(value) = value.parse::<i64>() {
@@ -91,7 +96,7 @@ impl Value {
     pub fn as_float(&self) -> Result<f64, ReductError> {
         match self {
             Value::Bool(value) => Ok(*value as i64 as f64),
-            Value::Int(value) => Ok(*value as f64),
+            Value::Int(value) | Value::Duration(value) => Ok(*value as f64),
             Value::Float(value) => Ok(*value),
             Value::String(value) => {
                 if let Ok(value) = value.parse::<f64>() {
@@ -106,26 +111,35 @@ impl Value {
         }
     }
 
-    /// Converts the value to a string.
-    #[allow(dead_code)]
-    pub fn as_string(&self) -> Result<String, ReductError> {
+    /// Check if it is a string
+    pub fn is_string(&self) -> bool {
         match self {
-            Value::Bool(value) => Ok(value.to_string()),
-            Value::Int(value) => Ok(value.to_string()),
-            Value::Float(value) => Ok(value.to_string()),
-            Value::String(value) => Ok(value.clone()),
+            Value::String(_) => true,
+            _ => false,
         }
     }
 
-    /// Check if it is a string
-    pub fn is_string(&self) -> bool {
+    /// Check if it is a duration
+    pub fn is_duration(&self) -> bool {
         match self {
-            Value::String(_) => true,
+            Value::Duration(_) => true,
             _ => false,
         }
     }
 }
 
+impl Display for Value {
+    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
+        match self {
+            Value::Bool(value) => write!(f, "{}", value),
+            Value::Int(value) => write!(f, "{}", value),
+            Value::Float(value) => write!(f, "{}", value),
+            Value::String(value) => write!(f, "{}", value),
+            Value::Duration(value) => fmt_duration(*value, f),
+        }
+    }
+}
+
 #[cfg(test)]
 mod tests {
     use super::*;
@@ -218,13 +232,13 @@ mod tests {
         }
 
         #[rstest]
-        #[case(Value::Bool(true), Ok("true".to_string()))]
-        #[case(Value::Bool(false), Ok("false".to_string()))]
-        #[case(Value::Int(42), Ok("42".to_string()))]
-        #[case(Value::Float(42.0), Ok("42".to_string()))]
-        #[case(Value::String("string".to_string()), Ok("string".to_string()))]
-        fn as_string(#[case] value: Value, #[case] expected: Result<String, ReductError>) {
-            let result = value.as_string();
+        #[case(Value::Bool(true), "true".to_string())]
+        #[case(Value::Bool(false), "false".to_string())]
+        #[case(Value::Int(42), "42".to_string())]
+        #[case(Value::Float(42.0), "42".to_string())]
+        #[case(Value::String("string".to_string()), "string".to_string())]
+        fn to_string(#[case] value: Value, #[case] expected: String) {
+            let result = value.to_string();
             assert_eq!(result, expected);
         }
     }
diff --git a/reductstore/src/storage/query/condition/value/arithmetic/abs.rs b/reductstore/src/storage/query/condition/value/arithmetic/abs.rs
index 658bf8c39..5a5bce78e 100644
--- a/reductstore/src/storage/query/condition/value/arithmetic/abs.rs
+++ b/reductstore/src/storage/query/condition/value/arithmetic/abs.rs
@@ -18,7 +18,7 @@ impl Abs for Value {
         let mut result = self;
         match result {
             Value::Bool(s) => result = Value::Int(s as i64),
-            Value::Int(s) => result = Value::Int(s.abs()),
+            Value::Int(s) | Value::Duration(s) => result = Value::Int(s.abs()),
             Value::Float(s) => result = Value::Float(s.abs()),
             Value::String(_) => {
                 return Err(unprocessable_entity!(
@@ -43,6 +43,7 @@ mod tests {
     #[case(Value::Float(-1.0), Value::Float(1.0))]
     #[case(Value::Float(0.0), Value::Float(0.0))]
     #[case(Value::Float(1.0), Value::Float(1.0))]
+    #[case(Value::Duration(-1), Value::Duration(1))]
     fn test_abs(#[case] value: Value, #[case] expected: Value) {
         let result = value.abs().unwrap();
         assert_eq!(result, expected);
diff --git a/reductstore/src/storage/query/condition/value/arithmetic/add.rs b/reductstore/src/storage/query/condition/value/arithmetic/add.rs
index a54f0395b..40975acbf 100644
--- a/reductstore/src/storage/query/condition/value/arithmetic/add.rs
+++ b/reductstore/src/storage/query/condition/value/arithmetic/add.rs
@@ -28,25 +28,28 @@ impl Add for Value {
         match result {
             Value::Bool(s) => match other {
                 Value::Bool(v) => result = Value::Int(s as i64 + v as i64),
-                Value::Int(v) => result = Value::Int(s as i64 + v),
+                Value::Int(v) | Value::Duration(v) => result = Value::Int(s as i64 + v),
                 Value::Float(v) => result = Value::Float(s as i8 as f64 + v),
                 Value::String(_) => {
                     return Err(unprocessable_entity!("Cannot add boolean to string"));
                 }
             },
 
-            Value::Int(s) => match other {
+            Value::Int(s) | Value::Duration(s) => match other {
                 Value::Bool(v) => result = Value::Int(s + v as i64),
-                Value::Int(v) => result = Value::Int(s + v),
+                Value::Int(v) | Value::Duration(v) => result = Value::Int(s + v),
                 Value::Float(v) => result = Value::Float(s as f64 + v),
                 Value::String(_) => {
+                    if let Value::Duration(_) = result {
+                        return Err(unprocessable_entity!("Cannot add duration to string"));
+                    }
                     return Err(unprocessable_entity!("Cannot add integer to string"));
                 }
             },
 
             Value::Float(s) => match other {
                 Value::Bool(v) => result = Value::Float(s + v as i8 as f64),
-                Value::Int(v) => result = Value::Float(s + v as f64),
+                Value::Int(v) | Value::Duration(v) => result = Value::Float(s + v as f64),
                 Value::Float(v) => result = Value::Float(s + v),
                 Value::String(_) => {
                     return Err(unprocessable_entity!("Cannot add float to string"));
@@ -65,6 +68,9 @@ impl Add for Value {
                     return Err(unprocessable_entity!("Cannot add string to float"));
                 }
                 Value::String(v) => result = Value::String(format!("{}{}", s, v)),
+                Value::Duration(_) => {
+                    return Err(unprocessable_entity!("Cannot add string to duration"));
+                }
             },
         }
 
@@ -80,6 +86,7 @@ mod tests {
     #[case(Value::Bool(true), Value::Bool(false), Value::Int(1))]
     #[case(Value::Bool(true), Value::Int(2), Value::Int(3))]
     #[case(Value::Bool(true), Value::Float(2.0), Value::Float(3.0))]
+    #[case(Value::Bool(true), Value::Duration(2), Value::Duration(3))]
     #[case(Value::Int(2), Value::Bool(true), Value::Int(3))]
     #[case(Value::Int(2), Value::Int(3), Value::Int(5))]
     #[case(Value::Int(2), Value::Float(3.0), Value::Float(5.0))]
@@ -95,9 +102,11 @@ mod tests {
     #[case(Value::Bool(true), Value::String("world".to_string()), unprocessable_entity!("Cannot add boolean to string"))]
     #[case(Value::Int(2), Value::String("world".to_string()), unprocessable_entity!("Cannot add integer to string"))]
     #[case(Value::Float(2.0), Value::String("world".to_string()), unprocessable_entity!("Cannot add float to string"))]
+    #[case(Value::Duration(2), Value::String("world".to_string()), unprocessable_entity!("Cannot add duration to string"))]
     #[case(Value::String("hello".to_string()), Value::Bool(true), unprocessable_entity!("Cannot add string to boolean"))]
     #[case(Value::String("hello".to_string()), Value::Int(2), unprocessable_entity!("Cannot add string to integer"))]
     #[case(Value::String("hello".to_string()), Value::Float(2.0), unprocessable_entity!("Cannot add string to float"))]
+    #[case(Value::String("hello".to_string()), Value::Duration(2), unprocessable_entity!("Cannot add string to duration"))]
     fn test_add_err(#[case] a: Value, #[case] b: Value, #[case] expected: ReductError) {
         assert_eq!(a.add(b), Err(expected));
     }
diff --git a/reductstore/src/storage/query/condition/value/arithmetic/div.rs b/reductstore/src/storage/query/condition/value/arithmetic/div.rs
index 388a4e0f6..a5e92c8da 100644
--- a/reductstore/src/storage/query/condition/value/arithmetic/div.rs
+++ b/reductstore/src/storage/query/condition/value/arithmetic/div.rs
@@ -52,12 +52,15 @@ mod tests {
     #[case(Value::Bool(true), Value::Bool(true), Value::Float(1.0))]
     #[case(Value::Bool(true), Value::Int(2), Value::Float(0.5))]
     #[case(Value::Bool(true), Value::Float(3.0), Value::Float(1.0 / 3.0))]
+    #[case(Value::Bool(true), Value::Duration(4), Value::Float(0.25))]
     #[case(Value::Int(4), Value::Bool(true), Value::Float(4.0))]
     #[case(Value::Int(5), Value::Int(2), Value::Float(2.5))]
     #[case(Value::Int(6), Value::Float(3.0), Value::Float(2.0))]
+    #[case(Value::Int(7), Value::Duration(2), Value::Float(3.5))]
     #[case(Value::Float(7.0), Value::Bool(true), Value::Float(7.0))]
     #[case(Value::Float(8.0), Value::Int(2), Value::Float(4.0))]
     #[case(Value::Float(9.0), Value::Float(3.0), Value::Float(3.0))]
+    #[case(Value::Float(10.0), Value::Duration(2), Value::Float(5.0))]
     fn divide_ok(#[case] value: Value, #[case] other: Value, #[case] expected: Value) {
         let result = value.divide(other).unwrap();
         assert_eq!(result, expected);
@@ -67,6 +70,7 @@ mod tests {
     #[case(Value::Bool(true), Value::String("xxx".to_string()))]
     #[case(Value::Int(1), Value::String("xxx".to_string()))]
     #[case(Value::Float(2.0), Value::String("xxx".to_string()))]
+    #[case( Value::Duration(3), Value::String("xxx".to_string()))]
     fn divide_by_string(#[case] value: Value, #[case] other: Value) {
         let result = value.divide(other);
         assert_eq!(
@@ -80,6 +84,7 @@ mod tests {
     #[case(Value::String("xxx".to_string()), Value::Int(1))]
     #[case(Value::String("xxx".to_string()), Value::Float(2.0))]
     #[case(Value::String("xxx".to_string()), Value::String("xxx".to_string()))]
+    #[case(Value::String("xxx".to_string()),  Value::Duration(3))]
     fn divide_string(#[case] value: Value, #[case] other: Value) {
         let result = value.divide(other);
         assert_eq!(result, Err(unprocessable_entity!("Cannot divide string")));
diff --git a/reductstore/src/storage/query/condition/value/arithmetic/div_num.rs b/reductstore/src/storage/query/condition/value/arithmetic/div_num.rs
index f476b6bcc..6dd7faa41 100644
--- a/reductstore/src/storage/query/condition/value/arithmetic/div_num.rs
+++ b/reductstore/src/storage/query/condition/value/arithmetic/div_num.rs
@@ -52,12 +52,15 @@ mod tests {
     #[case(Value::Bool(true), Value::Bool(true), Value::Int(1))]
     #[case(Value::Bool(true), Value::Int(2), Value::Int(0))]
     #[case(Value::Bool(true), Value::Float(3.0), Value::Int(0))]
+    #[case(Value::Bool(true), Value::Duration(4), Value::Int(0))]
     #[case(Value::Int(4), Value::Bool(true), Value::Int(4))]
     #[case(Value::Int(5), Value::Int(2), Value::Int(2))]
     #[case(Value::Int(6), Value::Float(3.0), Value::Int(2))]
+    #[case(Value::Int(7), Value::Duration(2), Value::Int(3))]
     #[case(Value::Float(7.0), Value::Bool(true), Value::Int(7))]
     #[case(Value::Float(8.0), Value::Int(2), Value::Int(4))]
     #[case(Value::Float(9.0), Value::Float(3.0), Value::Int(3))]
+    #[case(Value::Float(10.0), Value::Duration(2), Value::Int(5))]
     fn divide_ok(#[case] value: Value, #[case] other: Value, #[case] expected: Value) {
         let result = value.divide_num(other).unwrap();
         assert_eq!(result, expected);
@@ -67,6 +70,7 @@ mod tests {
     #[case(Value::Bool(true), Value::String("xxx".to_string()))]
     #[case(Value::Int(1), Value::String("xxx".to_string()))]
     #[case(Value::Float(2.0), Value::String("xxx".to_string()))]
+    #[case( Value::Duration(3), Value::String("xxx".to_string()))]
     fn divide_by_string(#[case] value: Value, #[case] other: Value) {
         let result = value.divide_num(other);
         assert_eq!(
@@ -80,6 +84,7 @@ mod tests {
     #[case(Value::String("xxx".to_string()), Value::Int(1))]
     #[case(Value::String("xxx".to_string()), Value::Float(2.0))]
     #[case(Value::String("xxx".to_string()), Value::String("xxx".to_string()))]
+    #[case(Value::String("xxx".to_string()),  Value::Duration(3))]
     fn divide_string(#[case] value: Value, #[case] other: Value) {
         let result = value.divide_num(other);
         assert_eq!(result, Err(unprocessable_entity!("Cannot divide string")));
@@ -88,6 +93,7 @@ mod tests {
     #[rstest]
     #[case(Value::Int(1), Value::Int(0))]
     #[case(Value::Float(1.0), Value::Float(0.0))]
+    #[case(Value::Duration(1), Value::Duration(0))]
     fn divide_by_zero(#[case] value: Value, #[case] other: Value) {
         let result = value.divide_num(other);
         assert_eq!(result, Err(unprocessable_entity!("Cannot divide by zero")));
diff --git a/reductstore/src/storage/query/condition/value/arithmetic/mult.rs b/reductstore/src/storage/query/condition/value/arithmetic/mult.rs
index d8417058a..1f9c07553 100644
--- a/reductstore/src/storage/query/condition/value/arithmetic/mult.rs
+++ b/reductstore/src/storage/query/condition/value/arithmetic/mult.rs
@@ -28,25 +28,28 @@ impl Mult for Value {
         match result {
             Value::Bool(s) => match other {
                 Value::Bool(v) => result = Value::Int(s as i64 * v as i64),
-                Value::Int(v) => result = Value::Int(s as i64 * v),
+                Value::Int(v) | Value::Duration(v) => result = Value::Int(s as i64 * v),
                 Value::Float(v) => result = Value::Float(s as i8 as f64 * v),
                 Value::String(_) => {
                     return Err(unprocessable_entity!("Cannot multiply boolean by string"));
                 }
             },
 
-            Value::Int(s) => match other {
+            Value::Int(s) | Value::Duration(s) => match other {
                 Value::Bool(v) => result = Value::Int(s * v as i64),
-                Value::Int(v) => result = Value::Int(s * v),
+                Value::Int(v) | Value::Duration(v) => result = Value::Int(s * v),
                 Value::Float(v) => result = Value::Float(s as f64 * v),
                 Value::String(_) => {
+                    if let Value::Duration(_) = result {
+                        return Err(unprocessable_entity!("Cannot multiply duration by string"));
+                    }
                     return Err(unprocessable_entity!("Cannot multiply integer by string"));
                 }
             },
 
             Value::Float(s) => match other {
                 Value::Bool(v) => result = Value::Float(s * v as i8 as f64),
-                Value::Int(v) => result = Value::Float(s * v as f64),
+                Value::Int(v) | Value::Duration(v) => result = Value::Float(s * v as f64),
                 Value::Float(v) => result = Value::Float(s * v),
                 Value::String(_) => {
                     return Err(unprocessable_entity!("Cannot multiply float by string"));
@@ -68,6 +71,9 @@ impl Mult for Value {
                     Value::String(_) => {
                         Err(unprocessable_entity!("Cannot multiply string by string"))
                     }
+                    Value::Duration(_) => {
+                        Err(unprocessable_entity!("Cannot multiply string by duration"))
+                    }
                 }
             }
         }
@@ -84,12 +90,15 @@ mod tests {
     #[case(Value::Bool(true), Value::Bool(false), Value::Int(0))]
     #[case(Value::Bool(true), Value::Int(2), Value::Int(2))]
     #[case(Value::Bool(true), Value::Float(2.0), Value::Float(2.0))]
+    #[case(Value::Bool(true), Value::Duration(2), Value::Duration(2))]
     #[case(Value::Int(2), Value::Bool(true), Value::Int(2))]
     #[case(Value::Int(2), Value::Int(2), Value::Int(4))]
     #[case(Value::Int(2), Value::Float(2.0), Value::Float(4.0))]
+    #[case(Value::Int(2), Value::Duration(2), Value::Duration(4))]
     #[case(Value::Float(2.0), Value::Bool(true), Value::Float(2.0))]
     #[case(Value::Float(2.0), Value::Int(2), Value::Float(4.0))]
     #[case(Value::Float(2.0), Value::Float(2.0), Value::Float(4.0))]
+    #[case(Value::Float(2.0), Value::Duration(2), Value::Duration(4))]
     fn multiply(#[case] value: Value, #[case] other: Value, #[case] expected: Value) {
         let result = value.multiply(other).unwrap();
         assert_eq!(result, expected);
@@ -99,10 +108,12 @@ mod tests {
     #[case(Value::Bool(true), Value::String("string".to_string()), unprocessable_entity!("Cannot multiply boolean by string"))]
     #[case(Value::Int(2), Value::String("string".to_string()), unprocessable_entity!("Cannot multiply integer by string"))]
     #[case(Value::Float(2.0), Value::String("string".to_string()), unprocessable_entity!("Cannot multiply float by string"))]
+    #[case(Value::Duration(2), Value::String("string".to_string()), unprocessable_entity!("Cannot multiply duration by string"))]
     #[case(Value::String("string".to_string()), Value::Bool(true), unprocessable_entity!("Cannot multiply string by boolean"))]
     #[case(Value::String("string".to_string()), Value::Int(2), unprocessable_entity!("Cannot multiply string by integer"))]
     #[case(Value::String("string".to_string()), Value::Float(2.0), unprocessable_entity!("Cannot multiply string by float"))]
     #[case(Value::String("string".to_string()), Value::String("string".to_string()), unprocessable_entity!("Cannot multiply string by string"))]
+    #[case(Value::String("string".to_string()), Value::Duration(2), unprocessable_entity!("Cannot multiply string by duration"))]
     fn multiply_error(#[case] value: Value, #[case] other: Value, #[case] expected: ReductError) {
         let result = value.multiply(other);
         assert_eq!(result, Err(expected));
diff --git a/reductstore/src/storage/query/condition/value/arithmetic/rem.rs b/reductstore/src/storage/query/condition/value/arithmetic/rem.rs
index 76066c227..65f5d19aa 100644
--- a/reductstore/src/storage/query/condition/value/arithmetic/rem.rs
+++ b/reductstore/src/storage/query/condition/value/arithmetic/rem.rs
@@ -28,25 +28,28 @@ impl Rem for Value {
         match result {
             Value::Bool(s) => match other {
                 Value::Bool(v) => result = Value::Int(s as i64 % v as i64),
-                Value::Int(v) => result = Value::Int(s as i64 % v),
+                Value::Int(v) | Value::Duration(v) => result = Value::Int(s as i64 % v),
                 Value::Float(v) => result = Value::Float(s as i8 as f64 % v),
                 Value::String(_) => {
                     return Err(unprocessable_entity!("Cannot divide boolean by string"));
                 }
             },
 
-            Value::Int(s) => match other {
+            Value::Int(s) | Value::Duration(s) => match other {
                 Value::Bool(v) => result = Value::Int(s % v as i64),
-                Value::Int(v) => result = Value::Int(s % v),
+                Value::Int(v) | Value::Duration(v) => result = Value::Int(s % v),
                 Value::Float(v) => result = Value::Float(s as f64 % v),
                 Value::String(_) => {
+                    if let Value::Duration(_) = result {
+                        return Err(unprocessable_entity!("Cannot divide duration by string"));
+                    }
                     return Err(unprocessable_entity!("Cannot divide integer by string"));
                 }
             },
 
             Value::Float(s) => match other {
                 Value::Bool(v) => result = Value::Float(s % v as i8 as f64),
-                Value::Int(v) => result = Value::Float(s % v as f64),
+                Value::Int(v) | Value::Duration(v) => result = Value::Float(s % v as f64),
                 Value::Float(v) => result = Value::Float(s % v),
                 Value::String(_) => {
                     return Err(unprocessable_entity!("Cannot divide float by string"));
@@ -57,9 +60,11 @@ impl Rem for Value {
                 return match other {
                     Value::Bool(_) => Err(unprocessable_entity!("Cannot divide string by boolean")),
                     Value::Int(_) => Err(unprocessable_entity!("Cannot divide string by integer")),
-
                     Value::Float(_) => Err(unprocessable_entity!("Cannot divide string by float")),
                     Value::String(_) => Err(unprocessable_entity!("Cannot divide string")),
+                    Value::Duration(_) => {
+                        Err(unprocessable_entity!("Cannot divide string by duration"))
+                    }
                 }
             }
         }
@@ -76,9 +81,11 @@ mod tests {
     #[case(Value::Bool(true), Value::Bool(true), Value::Int(0))]
     #[case(Value::Bool(true), Value::Int(2), Value::Int(1))]
     #[case(Value::Bool(true), Value::Float(3.0), Value::Float(1.0))]
+    #[case(Value::Bool(true), Value::Duration(4), Value::Float(1.0))]
     #[case(Value::Int(4), Value::Bool(true), Value::Int(0))]
     #[case(Value::Int(5), Value::Int(2), Value::Int(1))]
     #[case(Value::Int(6), Value::Float(3.5), Value::Float(2.5))]
+    #[case(Value::Int(7), Value::Duration(2), Value::Float(1.0))]
     #[case(Value::Float(7.0), Value::Bool(true), Value::Float(0.0))]
     #[case(Value::Float(8.0), Value::Int(3), Value::Float(2.0))]
     #[case(Value::Float(-9.0), Value::Float(3.5), Value::Float(-2.0))]
@@ -91,10 +98,12 @@ mod tests {
     #[case(Value::Bool(true), Value::String("string".to_string()), unprocessable_entity!("Cannot divide boolean by string"))]
     #[case(Value::Int(1), Value::String("string".to_string()), unprocessable_entity!("Cannot divide integer by string"))]
     #[case(Value::Float(2.0), Value::String("string".to_string()), unprocessable_entity!("Cannot divide float by string"))]
+    #[case( Value::Duration(3), Value::String("string".to_string()), unprocessable_entity!("Cannot divide duration by string"))]
     #[case(Value::String("string".to_string()), Value::Bool(true), unprocessable_entity!("Cannot divide string by boolean"))]
     #[case(Value::String("string".to_string()), Value::Int(1), unprocessable_entity!("Cannot divide string by integer"))]
     #[case(Value::String("string".to_string()), Value::Float(2.0), unprocessable_entity!("Cannot divide string by float"))]
     #[case(Value::String("string".to_string()), Value::String("string".to_string()), unprocessable_entity!("Cannot divide string"))]
+    #[case(Value::String("string".to_string()),  Value::Duration(3), unprocessable_entity!("Cannot divide string by duration"))]
     fn rem_err(#[case] value: Value, #[case] other: Value, #[case] expected: ReductError) {
         let result = value.remainder(other);
         assert_eq!(result, Err(expected));
diff --git a/reductstore/src/storage/query/condition/value/arithmetic/sub.rs b/reductstore/src/storage/query/condition/value/arithmetic/sub.rs
index cada61fb2..0bb4266a4 100644
--- a/reductstore/src/storage/query/condition/value/arithmetic/sub.rs
+++ b/reductstore/src/storage/query/condition/value/arithmetic/sub.rs
@@ -28,25 +28,30 @@ impl Sub for Value {
         match result {
             Value::Bool(s) => match other {
                 Value::Bool(v) => result = Value::Int(s as i64 - v as i64),
-                Value::Int(v) => result = Value::Int(s as i64 - v),
+                Value::Int(v) | Value::Duration(v) => result = Value::Int(s as i64 - v),
                 Value::Float(v) => result = Value::Float(s as i8 as f64 - v),
                 Value::String(_) => {
                     return Err(unprocessable_entity!("Cannot subtract string from boolean"));
                 }
             },
 
-            Value::Int(s) => match other {
+            Value::Int(s) | Value::Duration(s) => match other {
                 Value::Bool(v) => result = Value::Int(s - v as i64),
-                Value::Int(v) => result = Value::Int(s - v),
+                Value::Int(v) | Value::Duration(v) => result = Value::Int(s - v),
                 Value::Float(v) => result = Value::Float(s as f64 - v),
                 Value::String(_) => {
+                    if let Value::Duration(_) = result {
+                        return Err(unprocessable_entity!(
+                            "Cannot subtract string from duration"
+                        ));
+                    }
                     return Err(unprocessable_entity!("Cannot subtract string from integer"));
                 }
             },
 
             Value::Float(s) => match other {
                 Value::Bool(v) => result = Value::Float(s - v as i8 as f64),
-                Value::Int(v) => result = Value::Float(s - v as f64),
+                Value::Int(v) | Value::Duration(v) => result = Value::Float(s - v as f64),
                 Value::Float(v) => result = Value::Float(s - v),
                 Value::String(_) => {
                     return Err(unprocessable_entity!("Cannot subtract string from float"));
@@ -66,6 +71,9 @@ impl Sub for Value {
                         Err(unprocessable_entity!("Cannot subtract string from float"))
                     }
                     Value::String(_) => Err(unprocessable_entity!("Cannot subtract string")),
+                    Value::Duration(_) => Err(unprocessable_entity!(
+                        "Cannot subtract string from duration"
+                    )),
                 }
             }
         }
@@ -82,12 +90,15 @@ mod tests {
     #[case(Value::Bool(true), Value::Bool(false), Value::Int(1))]
     #[case(Value::Bool(true), Value::Int(1), Value::Int(0))]
     #[case(Value::Bool(true), Value::Float(1.0), Value::Float(0.0))]
+    #[case(Value::Bool(true), Value::Duration(1), Value::Float(0.0))]
     #[case(Value::Int(1), Value::Bool(true), Value::Int(0))]
     #[case(Value::Int(1), Value::Int(1), Value::Int(0))]
     #[case(Value::Int(1), Value::Float(1.0), Value::Float(0.0))]
+    #[case(Value::Int(1), Value::Duration(1), Value::Float(0.0))]
     #[case(Value::Float(1.0), Value::Bool(true), Value::Float(0.0))]
     #[case(Value::Float(1.0), Value::Int(1), Value::Float(0.0))]
     #[case(Value::Float(1.0), Value::Float(1.0), Value::Float(0.0))]
+    #[case(Value::Float(1.0), Value::Duration(1), Value::Float(0.0))]
     fn sub(#[case] value: Value, #[case] other: Value, #[case] expected: Value) {
         let result = value.subtract(other).unwrap();
         assert_eq!(result, expected);
@@ -97,10 +108,12 @@ mod tests {
     #[case(Value::Bool(true), Value::String("string".to_string()), unprocessable_entity!("Cannot subtract string from boolean"))]
     #[case(Value::Int(1), Value::String("string".to_string()), unprocessable_entity!("Cannot subtract string from integer"))]
     #[case(Value::Float(1.0), Value::String("string".to_string()), unprocessable_entity!("Cannot subtract string from float"))]
+    #[case(Value::Duration(1), Value::String("string".to_string()), unprocessable_entity!("Cannot subtract string from duration"))]
     #[case(Value::String("string".to_string()), Value::Bool(true), unprocessable_entity!("Cannot subtract string from boolean"))]
     #[case(Value::String("string".to_string()), Value::Int(1), unprocessable_entity!("Cannot subtract string from integer"))]
     #[case(Value::String("string".to_string()), Value::Float(1.0), unprocessable_entity!("Cannot subtract string from float"))]
     #[case(Value::String("string".to_string()), Value::String("string".to_string()), unprocessable_entity!("Cannot subtract string"))]
+    #[case(Value::String("string".to_string()), Value::Duration(1), unprocessable_entity!("Cannot subtract string from duration"))]
 
     fn sub_err(#[case] value: Value, #[case] other: Value, #[case] expected: ReductError) {
         let result = value.subtract(other);
diff --git a/reductstore/src/storage/query/condition/value/cmp.rs b/reductstore/src/storage/query/condition/value/cmp.rs
index d0aa0ff64..bf4bda5a6 100644
--- a/reductstore/src/storage/query/condition/value/cmp.rs
+++ b/reductstore/src/storage/query/condition/value/cmp.rs
@@ -7,15 +7,26 @@ impl PartialEq<Self> for Value {
     fn eq(&self, other: &Self) -> bool {
         match (self, other) {
             (Value::Bool(left), Value::Bool(right)) => left == right,
-            (Value::Bool(left), Value::Int(right)) => *left as i64 == *right,
+            (Value::Bool(left), Value::Int(right) | Value::Duration(right)) => {
+                *left as i64 == *right
+            }
             (Value::Bool(left), Value::Float(right)) => *left as i64 as f64 == *right,
 
-            (Value::Int(left), Value::Int(right)) => left == right,
-            (Value::Int(left), Value::Bool(right)) => *left == *right as i64,
-            (Value::Int(left), Value::Float(right)) => *left as f64 == *right,
+            (
+                Value::Int(left) | Value::Duration(left),
+                Value::Int(right) | Value::Duration(right),
+            ) => left == right,
+            (Value::Int(left) | Value::Duration(left), Value::Bool(right)) => {
+                *left == *right as i64
+            }
+            (Value::Int(left) | Value::Duration(left), Value::Float(right)) => {
+                *left as f64 == *right
+            }
 
             (Value::Float(left), Value::Float(right)) => left == right,
-            (Value::Float(left), Value::Int(right)) => *left == *right as f64,
+            (Value::Float(left), Value::Int(right) | Value::Duration(right)) => {
+                *left == *right as f64
+            }
             (Value::Float(left), Value::Bool(right)) => *left == *right as i64 as f64,
 
             (Value::String(left), Value::String(right)) => left == right,
@@ -29,15 +40,26 @@ impl PartialOrd for Value {
     fn partial_cmp(&self, other: &Self) -> Option<std::cmp::Ordering> {
         match (self, other) {
             (Value::Bool(left), Value::Bool(right)) => left.partial_cmp(right),
-            (Value::Bool(left), Value::Int(right)) => (*left as i64).partial_cmp(right),
+            (Value::Bool(left), Value::Int(right) | Value::Duration(right)) => {
+                (*left as i64).partial_cmp(right)
+            }
             (Value::Bool(left), Value::Float(right)) => (*left as i64 as f64).partial_cmp(right),
 
-            (Value::Int(left), Value::Int(right)) => left.partial_cmp(right),
-            (Value::Int(left), Value::Bool(right)) => left.partial_cmp(&(*right as i64)),
-            (Value::Int(left), Value::Float(right)) => (*left as f64).partial_cmp(right),
+            (
+                Value::Int(left) | Value::Duration(left),
+                Value::Int(right) | Value::Duration(right),
+            ) => left.partial_cmp(right),
+            (Value::Int(left) | Value::Duration(left), Value::Bool(right)) => {
+                left.partial_cmp(&(*right as i64))
+            }
+            (Value::Int(left) | Value::Duration(left), Value::Float(right)) => {
+                (*left as f64).partial_cmp(right)
+            }
 
             (Value::Float(left), Value::Float(right)) => left.partial_cmp(right),
-            (Value::Float(left), Value::Int(right)) => left.partial_cmp(&(*right as f64)),
+            (Value::Float(left), Value::Int(right) | Value::Duration(right)) => {
+                left.partial_cmp(&(*right as f64))
+            }
             (Value::Float(left), Value::Bool(right)) => left.partial_cmp(&(*right as i64 as f64)),
 
             (Value::String(left), Value::String(right)) => left.partial_cmp(right),
@@ -67,6 +89,7 @@ mod tests {
         #[case(Value::Bool(true), Value::String("string".to_string()), false)]
         #[case(Value::Bool(false), Value::String("string".to_string()), false)]
         #[case(Value::Bool(true), Value::String("true".to_string()), false)]
+        #[case(Value::Bool(true), Value::Duration(1), true)]
         fn partial_eq_bool(#[case] left: Value, #[case] right: Value, #[case] expected: bool) {
             let result = left == right;
             assert_eq!(result, expected);
@@ -88,6 +111,8 @@ mod tests {
         #[case(Value::Int(1), Value::Float(-1.0), false)]
         #[case(Value::Int(1), Value::String("string".to_string()), false)]
         #[case(Value::Int(-1), Value::String("string".to_string()), false)]
+        #[case(Value::Int(1), Value::Duration(1), true)]
+        #[case(Value::Int(-1), Value::Duration(1), false)]
         fn partial_eq_int(#[case] left: Value, #[case] right: Value, #[case] expected: bool) {
             let result = left == right;
             assert_eq!(result, expected);
@@ -109,6 +134,8 @@ mod tests {
         #[case(Value::Float(1.0), Value::Int(-1), false)]
         #[case(Value::Float(1.0), Value::String("string".to_string()), false)]
         #[case(Value::Float(-1.0), Value::String("string".to_string()), false)]
+        #[case(Value::Float(1.0), Value::Duration(1), true)]
+        #[case(Value::Float(-1.0), Value::Duration(1), false)]
         fn partial_eq_float(#[case] left: Value, #[case] right: Value, #[case] expected: bool) {
             let result = left == right;
             assert_eq!(result, expected);
@@ -122,6 +149,7 @@ mod tests {
         #[case(Value::String("a".to_string()), Value::Bool(false), false)]
         #[case(Value::String("a".to_string()), Value::Int(1), false)]
         #[case(Value::String("a".to_string()), Value::Float(1.0), false)]
+        #[case(Value::String("a".to_string()), Value::Duration(1), false)]
         fn partial_eq_string(#[case] left: Value, #[case] right: Value, #[case] expected: bool) {
             let result = left == right;
             assert_eq!(result, expected);
@@ -154,6 +182,9 @@ mod tests {
         #[case(Value::Bool(false), Value::String("string".to_string()), None)]
         #[case(Value::Bool(true), Value::String("true".to_string()), None)]
         #[case(Value::Bool(false), Value::String("true".to_string()), None)]
+        #[case(Value::Bool(true), Value::Duration(1), Some(Ordering::Equal))]
+        #[case(Value::Bool(false), Value::Duration(1), Some(Ordering::Less))]
+        #[case(Value::Bool(true), Value::Duration(0), Some(Ordering::Greater))]
         fn partial_cmp_bool(
             #[case] left: Value,
             #[case] right: Value,
@@ -180,6 +211,9 @@ mod tests {
         #[case(Value::Int(1), Value::Float(-1.0), Some(Ordering::Greater))]
         #[case(Value::Int(1), Value::String("string".to_string()), None)]
         #[case(Value::Int(-1), Value::String("string".to_string()), None)]
+        #[case(Value::Int(1), Value::Duration(1), Some(Ordering::Equal))]
+        #[case(Value::Int(-1), Value::Duration(1), Some(Ordering::Less))]
+        #[case(Value::Int(1), Value::Duration(0), Some(Ordering::Greater))]
         fn partial_cmp_int(
             #[case] left: Value,
             #[case] right: Value,
@@ -206,6 +240,8 @@ mod tests {
         #[case(Value::Float(1.0), Value::Int(-1), Some(Ordering::Greater))]
         #[case(Value::Float(1.0), Value::String("string".to_string()), None)]
         #[case(Value::Float(-1.0), Value::String("string".to_string()), None)]
+        #[case(Value::Float(1.0), Value::Duration(1), Some(Ordering::Equal))]
+        #[case(Value::Float(-1.0), Value::Duration(1), Some(Ordering::Less))]
         fn partial_cmp_float(
             #[case] left: Value,
             #[case] right: Value,
@@ -223,6 +259,7 @@ mod tests {
         #[case(Value::String("a".to_string()), Value::Bool(false), None)]
         #[case(Value::String("a".to_string()), Value::Int(1), None)]
         #[case(Value::String("a".to_string()), Value::Float(1.0), None)]
+        #[case(Value::String("a".to_string()), Value::Duration(1), None)]
         fn partial_cmp_string(
             #[case] left: Value,
             #[case] right: Value,
diff --git a/reductstore/src/storage/query/condition/value/duration_format.rs b/reductstore/src/storage/query/condition/value/duration_format.rs
new file mode 100644
index 000000000..05ae901a1
--- /dev/null
+++ b/reductstore/src/storage/query/condition/value/duration_format.rs
@@ -0,0 +1,177 @@
+// Copyright 2025 ReductSoftware UG
+// Licensed under the Business Source License 1.1
+use crate::storage::query::condition::value::Value;
+use reduct_base::error::ReductError;
+use reduct_base::unprocessable_entity;
+
+/// Parses a duration string into a `Value::Duration`.
+///
+/// # Arguments
+///
+/// * `duration_string` - The string representing the duration, e.g., "100ms", "2.5m", "1h".
+///
+/// # Returns
+///
+/// A `Result` containing the parsed duration as i64 (in microseconds) or an error if the string is invalid.
+fn parse_single_duration(duration_string: &str) -> Result<i64, ReductError> {
+    if duration_string.trim().is_empty() {
+        return Err(unprocessable_entity!("Duration literal cannot be empty"));
+    }
+
+    let duration_string = duration_string.trim();
+    let (num_part, unit_part) = duration_string
+        .chars()
+        .partition::<String, _>(|c| c.is_digit(10) || *c == '.' || *c == '-');
+    let value: i64 = num_part
+        .parse()
+        .map_err(|_| unprocessable_entity!("Invalid duration value: {}", duration_string))?;
+
+    let unit = unit_part.as_str();
+    let seconds = match unit {
+        "us" => value,
+        "ms" => value * 1000,
+        "s" => value * 1_000_000,
+        "m" => value * 60_000_000,
+        "h" => value * 3_600_000_000,
+        "d" => value * 86_400_000_000,
+        _ => {
+            return Err(unprocessable_entity!(
+                "Invalid duration unit: {}",
+                unit_part
+            ))
+        }
+    };
+    Ok(seconds)
+}
+
+/// Parses a duration string containing multiple parts (e.g., "100ms 500us") into a `Value::Duration`.
+/// # Arguments
+///
+/// * `duration_string` - The string representing the duration, which can contain multiple parts separated by whitespace.
+///
+/// # Returns
+///
+/// A `Result` containing the total duration as `Value::Duration` or an error if the string is invalid.
+pub(crate) fn parse_duration(duration_string: &str) -> Result<Value, ReductError> {
+    if duration_string.trim().is_empty() {
+        return Err(unprocessable_entity!("Duration literal cannot be empty"));
+    }
+
+    let mut total_seconds = 0;
+    for part in duration_string.split_whitespace() {
+        let seconds = parse_single_duration(part)?;
+        total_seconds += seconds;
+    }
+    Ok(Value::Duration(total_seconds))
+}
+
+/// Formats a duration in microseconds into a human-readable string.
+///
+/// # Arguments
+///
+/// * `usec` - The duration in microseconds.
+/// * `f` - The formatter to write the output to.
+///
+/// # Returns
+///
+/// A `Result` indicating success or failure of the formatting operation.
+pub(super) fn fmt_duration(mut usec: i64, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
+    let mut parts = Vec::new();
+    let units = [
+        ("d", 86_400_000_000), // days
+        ("h", 3_600_000_000),  // hours
+        ("m", 60_000_000),     // minutes
+        ("s", 1_000_000),      // seconds
+        ("ms", 1000),          // milliseconds
+        ("us", 1),             // microseconds
+    ];
+    for &(unit, unit_seconds) in &units {
+        if usec.abs() >= unit_seconds {
+            let value = usec / unit_seconds;
+            parts.push(format!("{}{}", value, unit));
+            usec -= value * unit_seconds;
+        }
+    }
+    if parts.is_empty() {
+        parts.push("0us".to_string());
+    }
+    write!(f, "{}", parts.join(" "))
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+    use rstest::rstest;
+
+    #[rstest]
+    #[case(0, "0us")]
+    #[case(1, "1us")]
+    #[case(-1, "-1us")]
+    #[case(100, "100us")]
+    #[case(100_000, "100ms")]
+    #[case(1_000_000, "1s")]
+    #[case(-1_000_000, "-1s")]
+    #[case(60_000_000, "1m")]
+    #[case(3_600_000_000, "1h")]
+    #[case(86_400_000_000, "1d")]
+    #[case(86_400_000_000 + 3_600_000_000, "1d 1h")]
+    #[case(86_400_000_000 - 3_600_000_000 + 5, "23h 5us")]
+    fn test_fmt_duration(#[case] value: i64, #[case] literal: &str) {
+        let value = Value::Duration(value);
+        assert_eq!(parse_duration(literal).unwrap(), value);
+        assert_eq!(value.to_string(), literal);
+    }
+
+    #[rstest]
+    fn test_parse_invalid_duration() {
+        assert_eq!(
+            parse_single_duration("").err().unwrap(),
+            unprocessable_entity!("Duration literal cannot be empty")
+        );
+        assert_eq!(
+            parse_single_duration("100xyz").err().unwrap(),
+            unprocessable_entity!("Invalid duration unit: xyz")
+        );
+        assert_eq!(
+            parse_single_duration("abc").err().unwrap(),
+            unprocessable_entity!("Invalid duration value: abc")
+        );
+
+        assert_eq!(
+            parse_single_duration("2.5m").err().unwrap(),
+            unprocessable_entity!("Invalid duration value: 2.5m")
+        );
+    }
+
+    #[rstest]
+    fn test_parse_duration() {
+        assert_eq!(
+            parse_duration("100ms 500us").unwrap(),
+            Value::Duration(100_500)
+        );
+        assert_eq!(
+            parse_duration("1h -30m").unwrap(),
+            Value::Duration(1_800_000_000)
+        );
+        assert_eq!(
+            parse_duration("2d 3h").unwrap(),
+            Value::Duration(183_600_000_000)
+        );
+    }
+
+    #[rstest]
+    fn test_invalid_duration() {
+        assert_eq!(
+            parse_duration("").err().unwrap(),
+            unprocessable_entity!("Duration literal cannot be empty")
+        );
+        assert_eq!(
+            parse_duration("1h 100xyz").err().unwrap(),
+            unprocessable_entity!("Invalid duration unit: xyz")
+        );
+        assert_eq!(
+            parse_duration("1h,2m").err().unwrap(),
+            unprocessable_entity!("Invalid duration unit: h,m")
+        );
+    }
+}
diff --git a/reductstore/src/storage/query/condition/value/misc/cast.rs b/reductstore/src/storage/query/condition/value/misc/cast.rs
index 2787b7a4f..92c426bc1 100644
--- a/reductstore/src/storage/query/condition/value/misc/cast.rs
+++ b/reductstore/src/storage/query/condition/value/misc/cast.rs
@@ -27,7 +27,8 @@ impl Cast for Value {
             "bool" => self.as_bool().map(Value::Bool),
             "int" => self.as_int().map(Value::Int),
             "float" => self.as_float().map(Value::Float),
-            "string" => self.as_string().map(Value::String),
+            "string" => Ok(Value::String(self.to_string())),
+            "duration" => self.as_int().map(Value::Duration),
             _ => Err(unprocessable_entity!("Unknown type '{}'", type_name)),
         }
     }
@@ -44,20 +45,29 @@ mod tests {
     #[case("bool", Value::Int(1), Ok(Value::Bool(true)))]
     #[case("bool", Value::Float(1.0), Ok(Value::Bool(true)))]
     #[case("bool", Value::String("true".to_string()), Ok(Value::Bool(true)))]
+    #[case("bool", Value::Duration(1), Ok(Value::Bool(true)))]
     #[case("int", Value::Bool(true), Ok(Value::Int(1)))]
     #[case("int", Value::Int(1), Ok(Value::Int(1)))]
     #[case("int", Value::Float(1.0), Ok(Value::Int(1)))]
     #[case("int", Value::String("1".to_string()), Ok(Value::Int(1)))]
     #[case("int", Value::String("xx".to_string()), Err(unprocessable_entity!("Value 'xx' could not be parsed as integer")))]
+    #[case("int", Value::Duration(1), Ok(Value::Int(1)))]
     #[case("float", Value::Bool(true), Ok(Value::Float(1.0)))]
     #[case("float", Value::Int(1), Ok(Value::Float(1.0)))]
     #[case("float", Value::Float(1.0), Ok(Value::Float(1.0)))]
     #[case("float", Value::String("1.0".to_string()), Ok(Value::Float(1.0)))]
     #[case("float", Value::String("xx".to_string()), Err(unprocessable_entity!("Value 'xx' could not be parsed as float")))]
+    #[case("float", Value::Duration(1), Ok(Value::Float(1.0)))]
     #[case("string", Value::Bool(true), Ok(Value::String("true".to_string())))]
     #[case("string", Value::Int(1), Ok(Value::String("1".to_string())))]
     #[case("string", Value::Float(1.0), Ok(Value::String("1".to_string())))]
     #[case("string", Value::String("1".to_string()), Ok(Value::String("1".to_string())))]
+    #[case("string", Value::Duration(1), Ok(Value::String("1us".to_string())))]
+    #[case("duration", Value::Bool(true), Ok(Value::Duration(1)))]
+    #[case("duration", Value::Int(1), Ok(Value::Duration(1)))]
+    #[case("duration", Value::Float(1.0), Ok(Value::Duration(1)))]
+    #[case("duration", Value::String("1".to_string()), Ok(Value::Duration(1)))]
+    #[case("duration", Value::String("xx".to_string()), Err(unprocessable_entity!("Value 'xx' could not be parsed as integer")))]
     #[case("unknown", Value::Bool(true), Err(unprocessable_entity!("Unknown type 'unknown'")))]
     fn test_cast(
         #[case] type_name: &str,
diff --git a/reductstore/src/storage/query/condition/value/string/contains.rs b/reductstore/src/storage/query/condition/value/string/contains.rs
index c21aeff71..6e1cbe6f9 100644
--- a/reductstore/src/storage/query/condition/value/string/contains.rs
+++ b/reductstore/src/storage/query/condition/value/string/contains.rs
@@ -20,8 +20,8 @@ pub(crate) trait Contains {
 
 impl Contains for Value {
     fn contains(self, other: Self) -> Result<bool, ReductError> {
-        let other = other.as_string()?;
-        let self_string = self.as_string()?;
+        let other = other.to_string();
+        let self_string = self.to_string();
         Ok(self_string.contains(&other))
     }
 }
diff --git a/reductstore/src/storage/query/condition/value/string/ends_with.rs b/reductstore/src/storage/query/condition/value/string/ends_with.rs
index dedf82320..8b3792fcf 100644
--- a/reductstore/src/storage/query/condition/value/string/ends_with.rs
+++ b/reductstore/src/storage/query/condition/value/string/ends_with.rs
@@ -20,8 +20,8 @@ pub(crate) trait EndsWith {
 
 impl EndsWith for Value {
     fn ends_with(self, other: Self) -> Result<bool, ReductError> {
-        let other = other.as_string()?;
-        let self_string = self.as_string()?;
+        let other = other.to_string();
+        let self_string = self.to_string();
         Ok(self_string.ends_with(&other))
     }
 }
diff --git a/reductstore/src/storage/query/condition/value/string/starts_with.rs b/reductstore/src/storage/query/condition/value/string/starts_with.rs
index 10faa338b..3b80aa538 100644
--- a/reductstore/src/storage/query/condition/value/string/starts_with.rs
+++ b/reductstore/src/storage/query/condition/value/string/starts_with.rs
@@ -20,8 +20,8 @@ pub(crate) trait StartsWith {
 
 impl StartsWith for Value {
     fn starts_with(self, other: Self) -> Result<bool, ReductError> {
-        let other = other.as_string()?;
-        let self_string = self.as_string()?;
+        let other = other.to_string();
+        let self_string = self.to_string();
         Ok(self_string.starts_with(&other))
     }
 }
diff --git a/reductstore/src/storage/query/continuous.rs b/reductstore/src/storage/query/continuous.rs
index 8bd16af2f..8c7b99c43 100644
--- a/reductstore/src/storage/query/continuous.rs
+++ b/reductstore/src/storage/query/continuous.rs
@@ -2,12 +2,11 @@
 // Licensed under the Business Source License 1.1
 
 use crate::storage::block_manager::BlockManager;
+use crate::storage::entry::RecordReader;
 use crate::storage::query::base::{Query, QueryOptions};
 use crate::storage::query::historical::HistoricalQuery;
 use reduct_base::error::{ErrorCode, ReductError};
-
-use crate::storage::entry::RecordReader;
-use reduct_base::io::RecordMeta;
+use reduct_base::io::ReadRecord;
 use std::sync::{Arc, RwLock};
 
 pub struct ContinuousQuery {
@@ -38,7 +37,7 @@ impl Query for ContinuousQuery {
     ) -> Result<RecordReader, ReductError> {
         match self.query.next(block_manager) {
             Ok(reader) => {
-                self.next_start = reader.timestamp() + 1;
+                self.next_start = reader.meta().timestamp() + 1;
                 self.count += 1;
                 Ok(reader)
             }
@@ -80,7 +79,7 @@ mod tests {
         .unwrap();
         {
             let reader = query.next(block_manager.clone()).unwrap();
-            assert_eq!(reader.timestamp(), 1000);
+            assert_eq!(reader.meta().timestamp(), 1000);
         }
         assert_eq!(
             query.next(block_manager.clone()).err(),
diff --git a/reductstore/src/storage/query/filters.rs b/reductstore/src/storage/query/filters.rs
index a242bb94a..f1a7d93e6 100644
--- a/reductstore/src/storage/query/filters.rs
+++ b/reductstore/src/storage/query/filters.rs
@@ -1,4 +1,4 @@
-// Copyright 2023-2024 ReductSoftware UG
+// Copyright 2023-2025 ReductSoftware UG
 // Licensed under the Business Source License 1.1
 
 pub(crate) mod each_n;
@@ -9,75 +9,108 @@ pub(crate) mod record_state;
 pub(crate) mod time_range;
 pub(crate) mod when;
 
+pub(crate) use each_n::EachNFilter;
+pub(crate) use each_s::EachSecondFilter;
+pub(crate) use exclude::ExcludeLabelFilter;
+pub(crate) use include::IncludeLabelFilter;
+pub(crate) use record_state::RecordStateFilter;
+use reduct_base::error::ReductError;
+use std::collections::HashMap;
+pub(crate) use time_range::TimeRangeFilter;
+pub(crate) use when::WhenFilter;
+
+/// A trait to access record metadata for filtering purposes with minimal overhead.
+pub(crate) trait FilterRecord {
+    fn state(&self) -> i32;
+
+    fn timestamp(&self) -> u64;
+
+    fn labels(&self) -> HashMap<&String, &String>;
+
+    fn set_labels(&mut self, labels: HashMap<String, String>);
+
+    fn computed_labels(&self) -> HashMap<&String, &String>;
+}
+
 /// Trait for record filters in queries.
-pub trait RecordFilter {
+pub(crate) trait RecordFilter<R: FilterRecord> {
     /// Filter the record by condition.
     ///
     /// # Arguments
     ///
     /// * `record` - The record metadata to filter.
+    /// * `ctx` - The context for the filter, which can be used to pass additional information.
     ///
     /// # Returns
     ///
-    /// * `Ok(true)` if the record passes the filter, `Ok(false)` otherwise.
-    /// * Err(`ReductError::Interrupt`) if the filter is interrupted
-    /// * `Err(ReductError)` if an error occurs during filtering.
-    fn filter(&mut self, record: &dyn RecordMeta) -> Result<bool, ReductError>;
+    /// * `Ok(Some(Vec<(R, Self::Ctx)>))` - returns a vector of records and their contexts if the record matches the filter. Empty vector if no records match.
+    /// * `Ok(None)` - if the filtering is interrupted e.g. $limit operator is reached.
+    /// * `Err(ReductError)` - if an error occurs during filtering.
+    fn filter(&mut self, record: R) -> Result<Option<Vec<R>>, ReductError>;
 }
 
-pub(crate) use each_n::EachNFilter;
-pub(crate) use each_s::EachSecondFilter;
-pub(crate) use exclude::ExcludeLabelFilter;
-pub(crate) use include::IncludeLabelFilter;
-pub(crate) use record_state::RecordStateFilter;
-use reduct_base::error::ReductError;
-use reduct_base::io::RecordMeta;
-pub(crate) use time_range::TimeRangeFilter;
-pub(crate) use when::WhenFilter;
+pub(crate) fn apply_filters_recursively<R: FilterRecord>(
+    filters: &mut [Box<dyn RecordFilter<R> + Send + Sync>],
+    notifications: Vec<R>,
+    index: usize,
+) -> Result<Option<Vec<R>>, ReductError> {
+    if index == filters.len() {
+        return Ok(Some(notifications));
+    }
+
+    for notification in notifications {
+        match filters[index].filter(notification)? {
+            Some(notifications) => {
+                if !notifications.is_empty() {
+                    return apply_filters_recursively(filters, notifications, index + 1);
+                }
+            }
+
+            None => return Ok(None),
+        }
+    }
+
+    Ok(Some(vec![]))
+}
 
 #[cfg(test)]
+
 mod tests {
-    use crate::storage::proto::{ts_to_us, Record};
-    use prost_wkt_types::Timestamp;
+    use super::*;
     use reduct_base::io::RecordMeta;
-    use reduct_base::Labels;
-
-    // Wrapper for Record to implement RecordMeta
-    // and use it in filter tests
-    pub(super) struct RecordWrapper {
-        timestamp: u64,
-        labels: Labels,
-        state: i32,
+
+    #[derive(Debug, Clone, PartialEq)]
+    pub(super) struct TestFilterRecord {
+        meta: RecordMeta,
     }
 
-    impl RecordMeta for RecordWrapper {
+    impl From<RecordMeta> for TestFilterRecord {
+        fn from(meta: RecordMeta) -> Self {
+            TestFilterRecord { meta }
+        }
+    }
+
+    impl FilterRecord for TestFilterRecord {
+        fn state(&self) -> i32 {
+            self.meta.state()
+        }
+
         fn timestamp(&self) -> u64 {
-            self.timestamp
+            self.meta.timestamp()
         }
 
-        fn labels(&self) -> &Labels {
-            &self.labels
+        fn labels(&self) -> HashMap<&String, &String> {
+            self.meta.labels().iter().collect()
         }
 
-        fn state(&self) -> i32 {
-            self.state
+        fn set_labels(&mut self, labels: HashMap<String, String>) {
+            let labels_mut = self.meta.labels_mut();
+            labels_mut.clear();
+            labels_mut.extend(labels);
         }
-    }
 
-    impl From<Record> for RecordWrapper {
-        fn from(record: Record) -> Self {
-            RecordWrapper {
-                timestamp: ts_to_us(record.timestamp.as_ref().unwrap_or(&Timestamp {
-                    seconds: 0,
-                    nanos: 0,
-                })),
-                labels: record
-                    .labels
-                    .iter()
-                    .map(|l| (l.name.clone(), l.value.clone()))
-                    .collect(),
-                state: record.state,
-            }
+        fn computed_labels(&self) -> HashMap<&String, &String> {
+            self.meta.computed_labels().iter().collect()
         }
     }
 }
diff --git a/reductstore/src/storage/query/filters/each_n.rs b/reductstore/src/storage/query/filters/each_n.rs
index 5fde16944..cf59711b3 100644
--- a/reductstore/src/storage/query/filters/each_n.rs
+++ b/reductstore/src/storage/query/filters/each_n.rs
@@ -1,9 +1,8 @@
 // Copyright 2023-2024 ReductSoftware UG
 // Licensed under the Business Source License 1.1
 
-use crate::storage::query::filters::RecordFilter;
+use crate::storage::query::filters::{FilterRecord, RecordFilter};
 use reduct_base::error::ReductError;
-use reduct_base::io::RecordMeta;
 
 /// Filter that passes every N-th record
 pub struct EachNFilter {
@@ -20,35 +19,48 @@ impl EachNFilter {
     }
 }
 
-impl RecordFilter for EachNFilter {
-    fn filter(&mut self, _record: &dyn RecordMeta) -> Result<bool, ReductError> {
+impl<R: FilterRecord> RecordFilter<R> for EachNFilter {
+    fn filter(&mut self, record: R) -> Result<Option<Vec<R>>, ReductError> {
         let ret = self.count % self.n == 0;
         self.count += 1;
-        Ok(ret)
+        if ret {
+            Ok(Some(vec![record]))
+        } else {
+            Ok(Some(vec![]))
+        }
     }
 }
 
 #[cfg(test)]
 mod tests {
     use super::*;
-    use crate::storage::proto::Record;
-    use crate::storage::query::filters::tests::RecordWrapper;
+    use crate::storage::query::filters::tests::TestFilterRecord;
+    use reduct_base::io::RecordMeta;
     use rstest::*;
 
     #[rstest]
     fn test_each_n_filter() {
         let mut filter = EachNFilter::new(2);
-        let record = Record::default();
+        let record: TestFilterRecord = RecordMeta::builder().build().into();
 
-        let wrapper = RecordWrapper::from(record.clone());
-        assert!(filter.filter(&wrapper).unwrap(), "First time should pass");
-        assert!(
-            !filter.filter(&wrapper).unwrap(),
+        assert_eq!(
+            filter.filter(record.clone()).unwrap(),
+            Some(vec![record.clone()]),
+            "First time should pass"
+        );
+        assert_eq!(
+            filter.filter(record.clone()).unwrap(),
+            Some(vec![]),
             "Second time should not pass"
         );
-        assert!(filter.filter(&wrapper).unwrap(), "Third time should pass");
-        assert!(
-            !filter.filter(&wrapper).unwrap(),
+        assert_eq!(
+            filter.filter(record.clone()).unwrap(),
+            Some(vec![record.clone()]),
+            "Third time should pass"
+        );
+        assert_eq!(
+            filter.filter(record.clone()).unwrap(),
+            Some(vec![]),
             "Fourth time should not pass"
         );
     }
diff --git a/reductstore/src/storage/query/filters/each_s.rs b/reductstore/src/storage/query/filters/each_s.rs
index 625d2fd0e..e89865486 100644
--- a/reductstore/src/storage/query/filters/each_s.rs
+++ b/reductstore/src/storage/query/filters/each_s.rs
@@ -1,9 +1,8 @@
 // Copyright 2023-2024 ReductSoftware UG
 // Licensed under the Business Source License 1.1
 
-use crate::storage::query::filters::RecordFilter;
+use crate::storage::query::filters::{FilterRecord, RecordFilter};
 use reduct_base::error::ReductError;
-use reduct_base::io::RecordMeta;
 
 /// Filter that passes every N-th record
 pub struct EachSecondFilter {
@@ -23,53 +22,47 @@ impl EachSecondFilter {
     }
 }
 
-impl RecordFilter for EachSecondFilter {
-    fn filter(&mut self, record: &dyn RecordMeta) -> Result<bool, ReductError> {
+impl<R: FilterRecord> RecordFilter<R> for EachSecondFilter {
+    fn filter(&mut self, record: R) -> Result<Option<Vec<R>>, ReductError> {
         let ret = record.timestamp() as i64 - self.last_time >= (self.s * 1_000_000.0) as i64;
         if ret {
             self.last_time = record.timestamp().clone() as i64;
         }
 
-        Ok(ret)
+        if ret {
+            Ok(Some(vec![record]))
+        } else {
+            Ok(Some(vec![]))
+        }
     }
 }
 
 #[cfg(test)]
 mod tests {
     use super::*;
-    use crate::storage::proto::Record;
-    use crate::storage::query::filters::tests::RecordWrapper;
-    use prost_wkt_types::Timestamp;
+    use crate::storage::query::filters::tests::TestFilterRecord;
+    use reduct_base::io::RecordMeta;
     use rstest::*;
 
     #[rstest]
     fn test_each_s_filter() {
         let mut filter = EachSecondFilter::new(2.0);
-        let mut record = Record::default();
-        record.timestamp = Some(Timestamp {
-            seconds: 1,
-            nanos: 0,
-        });
-
-        let wrapper = RecordWrapper::from(record.clone());
-        assert!(filter.filter(&wrapper).unwrap());
-        assert!(!filter.filter(&wrapper).unwrap());
-
-        record.timestamp = Some(Timestamp {
-            seconds: 2,
-            nanos: 0,
-        });
+        let record: TestFilterRecord = RecordMeta::builder().timestamp(1000_000).build().into();
 
-        let wrapper = RecordWrapper::from(record.clone());
-        assert!(!filter.filter(&wrapper).unwrap());
+        assert_eq!(
+            filter.filter(record.clone()).unwrap(),
+            Some(vec![record.clone()]),
+        );
+        assert_eq!(filter.filter(record.clone()).unwrap(), Some(vec![]),);
 
-        record.timestamp = Some(Timestamp {
-            seconds: 3,
-            nanos: 0,
-        });
+        let record: TestFilterRecord = RecordMeta::builder().timestamp(2000_000).build().into();
+        assert_eq!(filter.filter(record).unwrap(), Some(vec![]),);
 
-        let wrapper = RecordWrapper::from(record.clone());
-        assert!(filter.filter(&wrapper).unwrap());
-        assert!(!filter.filter(&wrapper).unwrap());
+        let record: TestFilterRecord = RecordMeta::builder().timestamp(3000_000).build().into();
+        assert_eq!(
+            filter.filter(record.clone()).unwrap(),
+            Some(vec![record.clone()]),
+        );
+        assert_eq!(filter.filter(record.clone()).unwrap(), Some(vec![]),);
     }
 }
diff --git a/reductstore/src/storage/query/filters/exclude.rs b/reductstore/src/storage/query/filters/exclude.rs
index f57a70383..84f5f2ded 100644
--- a/reductstore/src/storage/query/filters/exclude.rs
+++ b/reductstore/src/storage/query/filters/exclude.rs
@@ -2,10 +2,9 @@
 // Licensed under the Business Source License 1.1
 
 use reduct_base::error::ReductError;
-use reduct_base::io::RecordMeta;
 use reduct_base::Labels;
 
-use crate::storage::query::filters::RecordFilter;
+use crate::storage::query::filters::{FilterRecord, RecordFilter};
 
 /// Filter that excludes records with specific labels
 pub struct ExcludeLabelFilter {
@@ -27,25 +26,27 @@ impl ExcludeLabelFilter {
     }
 }
 
-impl RecordFilter for ExcludeLabelFilter {
-    fn filter(&mut self, record: &dyn RecordMeta) -> Result<bool, ReductError> {
-        let result = !self
-            .labels
-            .iter()
-            .all(|(key, value)| record.labels().iter().any(|(k, v)| k == key && v == value));
-
-        Ok(result)
+impl<R: FilterRecord> RecordFilter<R> for ExcludeLabelFilter {
+    fn filter(&mut self, record: R) -> Result<Option<Vec<R>>, ReductError> {
+        let result = !self.labels.iter().all(|(key, value)| {
+            record
+                .labels()
+                .iter()
+                .any(|(k, v)| *k == key && *v == value)
+        });
+        if result {
+            Ok(Some(vec![record]))
+        } else {
+            Ok(Some(vec![]))
+        }
     }
 }
 
 #[cfg(test)]
 mod tests {
     use super::*;
-    use crate::storage::proto::record::Label;
-    use crate::storage::proto::Record;
-
-    use crate::storage::query::filters::tests::RecordWrapper;
-
+    use crate::storage::query::filters::tests::TestFilterRecord;
+    use reduct_base::io::RecordMeta;
     use rstest::*;
 
     #[rstest]
@@ -54,16 +55,20 @@ mod tests {
             "key".to_string(),
             "value".to_string(),
         )]));
-        let record = Record {
-            labels: vec![Label {
-                name: "key".to_string(),
-                value: "value".to_string(),
-            }],
-            ..Default::default()
-        };
 
-        let wrapper = RecordWrapper::from(record);
-        assert!(!filter.filter(&wrapper).unwrap(), "Record should not pass");
+        let record: TestFilterRecord = RecordMeta::builder()
+            .labels(Labels::from_iter(vec![(
+                "key".to_string(),
+                "value".to_string(),
+            )]))
+            .build()
+            .into();
+
+        assert_eq!(
+            filter.filter(record.clone()).unwrap(),
+            Some(vec![]),
+            "Record with key=value should not pass"
+        );
     }
 
     #[rstest]
@@ -72,16 +77,19 @@ mod tests {
             "key".to_string(),
             "value".to_string(),
         )]));
-        let record = Record {
-            labels: vec![Label {
-                name: "key".to_string(),
-                value: "other".to_string(),
-            }],
-            ..Default::default()
-        };
 
-        let wrapper = RecordWrapper::from(record);
-        assert!(filter.filter(&wrapper).unwrap(), "Record should pass");
+        let record: TestFilterRecord = RecordMeta::builder()
+            .labels(Labels::from_iter(vec![(
+                "key".to_string(),
+                "other".to_string(),
+            )]))
+            .build()
+            .into();
+        assert_eq!(
+            filter.filter(record.clone()).unwrap(),
+            Some(vec![record]),
+            "Record with key=other should pass"
+        );
     }
 
     #[rstest]
@@ -90,41 +98,31 @@ mod tests {
             ("key1".to_string(), "value1".to_string()),
             ("key2".to_string(), "value2".to_string()),
         ]));
-        let record = Record {
-            labels: vec![
-                Label {
-                    name: "key1".to_string(),
-                    value: "value1".to_string(),
-                },
-                Label {
-                    name: "key2".to_string(),
-                    value: "value2".to_string(),
-                },
-                Label {
-                    name: "key3".to_string(),
-                    value: "value3".to_string(),
-                },
-            ],
-            ..Default::default()
-        };
 
-        let wrapper = RecordWrapper::from(record);
-        assert!(
-            !filter.filter(&wrapper).unwrap(),
+        let record: TestFilterRecord = RecordMeta::builder()
+            .labels(Labels::from_iter(vec![
+                ("key1".to_string(), "value1".to_string()),
+                ("key2".to_string(), "value2".to_string()),
+                ("key3".to_string(), "value3".to_string()),
+            ]))
+            .build()
+            .into();
+        assert_eq!(
+            filter.filter(record).unwrap(),
+            Some(vec![]),
             "Record should not pass because it has key1=value1 and key2=value2"
         );
 
-        let record = Record {
-            labels: vec![Label {
-                name: "key1".to_string(),
-                value: "value1".to_string(),
-            }],
-            ..Default::default()
-        };
-
-        let wrapper = RecordWrapper::from(record);
-        assert!(
-            filter.filter(&wrapper).unwrap(),
+        let record: TestFilterRecord = RecordMeta::builder()
+            .labels(Labels::from_iter(vec![(
+                "key1".to_string(),
+                "value1".to_string(),
+            )]))
+            .build()
+            .into();
+        assert_eq!(
+            filter.filter(record.clone()).unwrap(),
+            Some(vec![record]),
             "Record should pass because it has only key1=value1"
         );
     }
diff --git a/reductstore/src/storage/query/filters/include.rs b/reductstore/src/storage/query/filters/include.rs
index f2085ff34..0438d0285 100644
--- a/reductstore/src/storage/query/filters/include.rs
+++ b/reductstore/src/storage/query/filters/include.rs
@@ -4,7 +4,7 @@
 use reduct_base::error::ReductError;
 use reduct_base::Labels;
 
-use crate::storage::query::filters::{RecordFilter, RecordMeta};
+use crate::storage::query::filters::{FilterRecord, RecordFilter};
 
 /// Filter that excludes records with specific labels
 pub struct IncludeLabelFilter {
@@ -26,23 +26,29 @@ impl IncludeLabelFilter {
     }
 }
 
-impl RecordFilter for IncludeLabelFilter {
-    fn filter(&mut self, record: &dyn RecordMeta) -> Result<bool, ReductError> {
-        let result = self
-            .labels
-            .iter()
-            .all(|(key, value)| record.labels().iter().any(|(k, v)| k == key && v == value));
+impl<R: FilterRecord> RecordFilter<R> for IncludeLabelFilter {
+    fn filter(&mut self, record: R) -> Result<Option<Vec<R>>, ReductError> {
+        let result = self.labels.iter().all(|(key, value)| {
+            record
+                .labels()
+                .iter()
+                .any(|(k, v)| *k == key && *v == value)
+        });
 
-        Ok(result)
+        if result {
+            Ok(Some(vec![record]))
+        } else {
+            Ok(Some(vec![]))
+        }
     }
 }
 
 #[cfg(test)]
 mod tests {
     use super::*;
-    use crate::storage::proto::record::Label;
-    use crate::storage::proto::Record;
-    use crate::storage::query::filters::tests::RecordWrapper;
+
+    use crate::storage::query::filters::tests::TestFilterRecord;
+    use reduct_base::io::RecordMeta;
     use rstest::*;
 
     #[rstest]
@@ -51,16 +57,19 @@ mod tests {
             "key".to_string(),
             "value".to_string(),
         )]));
-        let record = Record {
-            labels: vec![Label {
-                name: "key".to_string(),
-                value: "value".to_string(),
-            }],
-            ..Default::default()
-        };
 
-        let wrapper = RecordWrapper::from(record.clone());
-        assert!(filter.filter(&wrapper).unwrap(), "Record should pass");
+        let record: TestFilterRecord = RecordMeta::builder()
+            .labels(Labels::from_iter(vec![(
+                "key".to_string(),
+                "value".to_string(),
+            )]))
+            .build()
+            .into();
+        assert_eq!(
+            filter.filter(record.clone()).unwrap(),
+            Some(vec![record]),
+            "Record should pass"
+        );
     }
 
     #[rstest]
@@ -69,16 +78,18 @@ mod tests {
             "key".to_string(),
             "value".to_string(),
         )]));
-        let record = Record {
-            labels: vec![Label {
-                name: "key".to_string(),
-                value: "other".to_string(),
-            }],
-            ..Default::default()
-        };
-
-        let wrapper = RecordWrapper::from(record);
-        assert!(!filter.filter(&wrapper).unwrap(), "Record should not pass");
+        let record: TestFilterRecord = RecordMeta::builder()
+            .labels(Labels::from_iter(vec![(
+                "key".to_string(),
+                "other".to_string(),
+            )]))
+            .build()
+            .into();
+        assert_eq!(
+            filter.filter(record).unwrap(),
+            Some(vec![]),
+            "Record should not pass"
+        );
     }
 
     #[rstest]
@@ -87,41 +98,31 @@ mod tests {
             ("key1".to_string(), "value1".to_string()),
             ("key2".to_string(), "value2".to_string()),
         ]));
-        let record = Record {
-            labels: vec![
-                Label {
-                    name: "key1".to_string(),
-                    value: "value1".to_string(),
-                },
-                Label {
-                    name: "key2".to_string(),
-                    value: "value2".to_string(),
-                },
-                Label {
-                    name: "key3".to_string(),
-                    value: "value3".to_string(),
-                },
-            ],
-            ..Default::default()
-        };
 
-        let wrapper = RecordWrapper::from(record);
-        assert!(
-            filter.filter(&wrapper).unwrap(),
+        let record: TestFilterRecord = RecordMeta::builder()
+            .labels(Labels::from_iter(vec![
+                ("key1".to_string(), "value1".to_string()),
+                ("key2".to_string(), "value2".to_string()),
+                ("key3".to_string(), "value3".to_string()),
+            ]))
+            .build()
+            .into();
+        assert_eq!(
+            filter.filter(record.clone()).unwrap(),
+            Some(vec![record]),
             "Record should pass because it has key1=value1 and key2=value2"
         );
 
-        let record = Record {
-            labels: vec![Label {
-                name: "key1".to_string(),
-                value: "value1".to_string(),
-            }],
-            ..Default::default()
-        };
-
-        let wrapper = RecordWrapper::from(record);
-        assert!(
-            !filter.filter(&wrapper).unwrap(),
+        let record: TestFilterRecord = RecordMeta::builder()
+            .labels(Labels::from_iter(vec![(
+                "key1".to_string(),
+                "value1".to_string(),
+            )]))
+            .build()
+            .into();
+        assert_eq!(
+            filter.filter(record.clone()).unwrap(),
+            Some(vec![]),
             "Record should not pass because it has only key1=value1"
         );
     }
diff --git a/reductstore/src/storage/query/filters/record_state.rs b/reductstore/src/storage/query/filters/record_state.rs
index cc2881bb0..9b8c039dd 100644
--- a/reductstore/src/storage/query/filters/record_state.rs
+++ b/reductstore/src/storage/query/filters/record_state.rs
@@ -4,7 +4,7 @@
 use crate::storage::proto::record::State;
 use reduct_base::error::ReductError;
 
-use crate::storage::query::filters::{RecordFilter, RecordMeta};
+use crate::storage::query::filters::{FilterRecord, RecordFilter};
 
 /// Filter that passes records with a specific state
 pub struct RecordStateFilter {
@@ -26,10 +26,14 @@ impl RecordStateFilter {
     }
 }
 
-impl RecordFilter for RecordStateFilter {
-    fn filter(&mut self, record: &dyn RecordMeta) -> Result<bool, ReductError> {
+impl<R: FilterRecord> RecordFilter<R> for RecordStateFilter {
+    fn filter(&mut self, record: R) -> Result<Option<Vec<R>>, ReductError> {
         let result = record.state() == self.state as i32;
-        Ok(result)
+        if result {
+            Ok(Some(vec![record]))
+        } else {
+            Ok(Some(vec![]))
+        }
     }
 }
 
@@ -37,31 +41,37 @@ impl RecordFilter for RecordStateFilter {
 mod tests {
     use super::*;
     use crate::storage::proto::record::State;
-    use crate::storage::proto::Record;
-    use crate::storage::query::filters::tests::RecordWrapper;
+
+    use crate::storage::query::filters::tests::TestFilterRecord;
+    use reduct_base::io::RecordMeta;
     use rstest::*;
 
     #[rstest]
     fn test_record_state_filter() {
         let mut filter = RecordStateFilter::new(State::Finished);
-        let record = Record {
-            state: State::Finished as i32,
-            ..Default::default()
-        };
 
-        let wrapper = RecordWrapper::from(record.clone());
-        assert!(filter.filter(&wrapper).unwrap(), "Record should pass");
+        let record: TestFilterRecord = RecordMeta::builder()
+            .state(State::Finished as i32)
+            .build()
+            .into();
+        assert_eq!(
+            filter.filter(record.clone()).unwrap(),
+            Some(vec![record]),
+            "Record should pass"
+        );
     }
 
     #[rstest]
     fn test_record_state_filter_no_records() {
         let mut filter = RecordStateFilter::new(State::Finished);
-        let record = Record {
-            state: State::Started as i32,
-            ..Default::default()
-        };
-
-        let wrapper = RecordWrapper::from(record.clone());
-        assert!(!filter.filter(&wrapper).unwrap(), "Record should not pass");
+        let record: TestFilterRecord = RecordMeta::builder()
+            .state(State::Started as i32)
+            .build()
+            .into();
+        assert_eq!(
+            filter.filter(record).unwrap(),
+            Some(vec![]),
+            "Record should not pass"
+        );
     }
 }
diff --git a/reductstore/src/storage/query/filters/time_range.rs b/reductstore/src/storage/query/filters/time_range.rs
index 2aa14f901..0775da5b5 100644
--- a/reductstore/src/storage/query/filters/time_range.rs
+++ b/reductstore/src/storage/query/filters/time_range.rs
@@ -1,7 +1,7 @@
 // Copyright 2023-2024 ReductSoftware UG
 // Licensed under the Business Source License 1.1
 
-use crate::storage::query::filters::{RecordFilter, RecordMeta};
+use crate::storage::query::filters::{FilterRecord, RecordFilter};
 use reduct_base::error::ReductError;
 
 /// Filter that passes records with a timestamp within a specific range
@@ -26,38 +26,43 @@ impl TimeRangeFilter {
     }
 }
 
-impl RecordFilter for TimeRangeFilter {
-    fn filter(&mut self, record: &dyn RecordMeta) -> Result<bool, ReductError> {
-        let ts = record.timestamp() as u64;
+impl<R: FilterRecord> RecordFilter<R> for TimeRangeFilter {
+    fn filter(&mut self, record: R) -> Result<Option<Vec<R>>, ReductError> {
+        let ts = record.timestamp();
         let ret = ts >= self.start && ts < self.stop;
         if ret {
             // Ensure that we don't return the same record twice
             self.start = ts + 1;
         }
 
-        Ok(ret)
+        if ret {
+            Ok(Some(vec![record]))
+        } else {
+            Ok(Some(vec![]))
+        }
     }
 }
 
 #[cfg(test)]
 mod tests {
     use super::*;
-    use crate::storage::proto::{us_to_ts, Record};
-    use crate::storage::query::filters::tests::RecordWrapper;
+
+    use crate::storage::query::filters::tests::TestFilterRecord;
+    use reduct_base::io::RecordMeta;
     use rstest::*;
 
     #[rstest]
     fn test_time_range_filter() {
         let mut filter = TimeRangeFilter::new(0, 10);
-        let record = Record {
-            timestamp: Some(us_to_ts(&5)),
-            ..Default::default()
-        };
-
-        let wrapper = RecordWrapper::from(record.clone());
-        assert!(filter.filter(&wrapper).unwrap(), "First time should pass");
-        assert!(
-            !filter.filter(&wrapper).unwrap(),
+        let record: TestFilterRecord = RecordMeta::builder().timestamp(5).build().into();
+        assert_eq!(
+            filter.filter(record.clone()).unwrap(),
+            Some(vec![record.clone()]),
+            "First time should pass"
+        );
+        assert_eq!(
+            filter.filter(record.clone()).unwrap(),
+            Some(vec![]),
             "Second time should not pass, as we have already returned the record"
         );
     }
@@ -65,36 +70,35 @@ mod tests {
     #[rstest]
     fn test_time_range_filter_no_records() {
         let mut filter = TimeRangeFilter::new(0, 10);
-        let record = Record {
-            timestamp: Some(us_to_ts(&15)),
-            ..Default::default()
-        };
-
-        let wrapper = RecordWrapper::from(record.clone());
-        assert!(!filter.filter(&wrapper).unwrap(), "Record should not pass");
+        let record: TestFilterRecord = RecordMeta::builder().timestamp(15).build().into();
+        assert_eq!(
+            filter.filter(record).unwrap(),
+            Some(vec![]),
+            "Record should not pass"
+        );
     }
 
     #[rstest]
     fn test_time_include_start() {
         let mut filter = TimeRangeFilter::new(0, 10);
-        let record = Record {
-            timestamp: Some(us_to_ts(&0)),
-            ..Default::default()
-        };
 
-        let wrapper = RecordWrapper::from(record.clone());
-        assert!(filter.filter(&wrapper).unwrap(), "Record should pass");
+        let record: TestFilterRecord = RecordMeta::builder().timestamp(0).build().into();
+        assert_eq!(
+            filter.filter(record.clone()).unwrap(),
+            Some(vec![record]),
+            "Record should pass"
+        );
     }
 
     #[rstest]
     fn test_time_exclude_end() {
         let mut filter = TimeRangeFilter::new(0, 10);
-        let record = Record {
-            timestamp: Some(us_to_ts(&10)),
-            ..Default::default()
-        };
 
-        let wrapper = RecordWrapper::from(record.clone());
-        assert!(!filter.filter(&wrapper).unwrap(), "Record should not pass");
+        let record: TestFilterRecord = RecordMeta::builder().timestamp(10).build().into();
+        assert_eq!(
+            filter.filter(record.clone()).unwrap(),
+            Some(vec![]),
+            "Record should not pass"
+        );
     }
 }
diff --git a/reductstore/src/storage/query/filters/when.rs b/reductstore/src/storage/query/filters/when.rs
index 6a016cc95..037d47b91 100644
--- a/reductstore/src/storage/query/filters/when.rs
+++ b/reductstore/src/storage/query/filters/when.rs
@@ -1,23 +1,59 @@
-// Copyright 2023-2024 ReductSoftware UG
+// Copyright 2024-2025 ReductSoftware UG
 // Licensed under the Business Source License 1.1
 
-use crate::storage::query::condition::{BoxedNode, Context, EvaluationStage};
-use crate::storage::query::filters::{RecordFilter, RecordMeta};
-use reduct_base::error::ReductError;
+mod ctx_after;
+mod ctx_before;
+mod select_labels;
+
+use crate::storage::query::condition::{BoxedNode, Context, Directives};
+use crate::storage::query::filters::when::ctx_after::CtxAfter;
+use crate::storage::query::filters::when::ctx_before::CtxBefore;
+use crate::storage::query::filters::when::select_labels::LabelSelector;
+use crate::storage::query::filters::{FilterRecord, RecordFilter};
+use reduct_base::error::{ErrorCode, ReductError};
+use std::collections::VecDeque;
+
+pub(super) enum Padding {
+    Records(usize),
+    Duration(u64),
+}
 
 /// A node representing a when filter with a condition.
-pub struct WhenFilter {
+pub struct WhenFilter<R> {
     condition: BoxedNode,
+    strict: bool,
+
+    ctx_before: CtxBefore,
+    ctx_after: CtxAfter,
+    ctx_buffer: VecDeque<R>,
+
+    label_selector: LabelSelector,
 }
 
-impl WhenFilter {
-    pub fn new(condition: BoxedNode) -> Self {
-        WhenFilter { condition }
+impl<R> WhenFilter<R> {
+    pub fn try_new(
+        condition: BoxedNode,
+        mut directives: Directives,
+        strict: bool,
+    ) -> Result<Self, ReductError> {
+        Ok(Self {
+            condition,
+            strict,
+            ctx_before: CtxBefore::try_new(directives.remove("#ctx_before"))?,
+            ctx_after: CtxAfter::try_new(directives.remove("#ctx_after"))?,
+            label_selector: LabelSelector::try_new(directives.remove("#select_labels"))?,
+            ctx_buffer: VecDeque::new(),
+        })
     }
 }
 
-impl RecordFilter for WhenFilter {
-    fn filter(&mut self, record: &dyn RecordMeta) -> Result<bool, ReductError> {
+impl<R: FilterRecord> RecordFilter<R> for WhenFilter<R> {
+    fn filter(&mut self, record: R) -> Result<Option<Vec<R>>, ReductError> {
+        self.ctx_before.queue_record(&mut self.ctx_buffer, record);
+
+        let record = self.ctx_buffer.back().unwrap();
+
+        // Prepare the context for the condition evaluation
         let context = Context::new(
             record.timestamp(),
             record
@@ -25,38 +61,361 @@ impl RecordFilter for WhenFilter {
                 .iter()
                 .map(|(k, v)| (k.as_str(), v.as_str()))
                 .collect(),
-            EvaluationStage::Retrieve,
+            record
+                .computed_labels()
+                .iter()
+                .map(|(k, v)| (k.as_str(), v.as_str()))
+                .collect(),
         );
-        Ok(self.condition.apply(&context)?.as_bool()?)
+
+        let result = match self.condition.apply(&context) {
+            Ok(value) => value.as_bool()?,
+            Err(err) => {
+                if err.status == ErrorCode::Interrupt {
+                    return Ok(None);
+                }
+
+                if self.strict {
+                    // in strict mode, we return an error if a filter fails
+                    return Err(err);
+                }
+
+                false
+            }
+        };
+
+        if self.ctx_after.check(result, record.timestamp()) {
+            let drained = self.ctx_buffer.drain(..);
+            let filtered = drained
+                .map(|record| self.label_selector.select_labels(record))
+                .collect();
+            Ok(Some(filtered))
+        } else {
+            Ok(Some(vec![]))
+        }
     }
 }
 
 #[cfg(test)]
 mod tests {
     use super::*;
-    use crate::storage::proto::record::Label;
-    use crate::storage::proto::Record;
+    use std::collections::HashMap;
+
     use crate::storage::query::condition::Parser;
-    use crate::storage::query::filters::tests::RecordWrapper;
-    use rstest::rstest;
+    use crate::storage::query::filters::tests::TestFilterRecord;
+    use reduct_base::io::RecordMeta;
+    use rstest::{fixture, rstest};
+    use serde_json::json;
 
     #[rstest]
-    fn filter() {
-        let parser = Parser::new();
-        let json = serde_json::from_str(r#"{"$and": [true, "&label"]}"#).unwrap();
-        let condition = parser.parse(&json).unwrap();
-
-        let mut filter = WhenFilter::new(condition);
-        let record = Record {
-            labels: vec![Label {
-                name: "label".to_string(),
-                value: "true".to_string(),
-            }],
-            ..Default::default()
-        };
+    fn filter(parser: Parser, record_true: TestFilterRecord) {
+        let (condition, directives) = parser
+            .parse(json!({
+                "$and": [true, "&label"]
+            }))
+            .unwrap();
+
+        let mut filter = WhenFilter::try_new(condition, directives, true).unwrap();
+
+        let result = filter.filter(record_true.clone()).unwrap();
+        assert_eq!(result, Some(vec![record_true]));
+    }
+
+    mod context_n {
+        use super::*;
+
+        #[rstest]
+        fn filter_ctx_before_n(
+            parser: Parser,
+            record_true: TestFilterRecord,
+            record_false: TestFilterRecord,
+        ) {
+            let (condition, directives) = parser
+                .parse(json!({
+                    "#ctx_before": 2,
+                    "$and": [true, "&label"]
+                }))
+                .unwrap();
+
+            let mut filter = WhenFilter::try_new(condition, directives, true).unwrap();
+
+            let result = filter.filter(record_false.clone()).unwrap();
+            assert_eq!(result, Some(vec![]));
+
+            let result = filter.filter(record_false.clone()).unwrap();
+            assert_eq!(result, Some(vec![]));
+
+            let result = filter.filter(record_false.clone()).unwrap();
+            assert_eq!(result, Some(vec![]));
+
+            let result = filter.filter(record_true.clone()).unwrap();
+            assert_eq!(
+                result,
+                Some(vec![
+                    record_false.clone(),
+                    record_false,
+                    record_true.clone()
+                ])
+            );
+
+            let result = filter.filter(record_true.clone()).unwrap();
+            assert_eq!(result, Some(vec![record_true]));
+        }
+
+        #[rstest]
+        fn filter_ctx_before_with_limit(
+            parser: Parser,
+            record_true: TestFilterRecord,
+            record_false: TestFilterRecord,
+        ) {
+            let (condition, directives) = parser
+                .parse(json!({
+                "#ctx_before": 2,
+                "$and": [true, "&label"],
+                "$limit": [1]
+                }))
+                .unwrap();
+
+            let mut filter = WhenFilter::try_new(condition, directives, true).unwrap();
+
+            let result = filter.filter(record_false.clone()).unwrap();
+            assert_eq!(result, Some(vec![]));
+
+            let result = filter.filter(record_false.clone()).unwrap();
+            assert_eq!(result, Some(vec![]));
+
+            let result = filter.filter(record_false.clone()).unwrap();
+            assert_eq!(result, Some(vec![]));
+
+            let result = filter.filter(record_true.clone()).unwrap();
+            assert_eq!(
+                result,
+                Some(vec![
+                    record_false.clone(),
+                    record_false,
+                    record_true.clone()
+                ])
+            );
+
+            let result = filter.filter(record_true.clone()).unwrap();
+            assert_eq!(result, None);
+        }
+
+        #[rstest]
+        fn filter_ctx_after_n(
+            parser: Parser,
+            record_true: TestFilterRecord,
+            record_false: TestFilterRecord,
+        ) {
+            let (condition, directives) = parser
+                .parse(json!({
+                    "#ctx_after": 2,
+                    "$and": [true, "&label"]
+                }))
+                .unwrap();
+
+            let mut filter = WhenFilter::try_new(condition, directives, true).unwrap();
+
+            let result = filter.filter(record_true.clone()).unwrap();
+            assert_eq!(result, Some(vec![record_true.clone()]));
+
+            let result = filter.filter(record_false.clone()).unwrap();
+            assert_eq!(result, Some(vec![record_false.clone()]));
+
+            let result = filter.filter(record_false.clone()).unwrap();
+            assert_eq!(result, Some(vec![record_false]));
+
+            let result = filter.filter(record_true.clone()).unwrap();
+            assert_eq!(result, Some(vec![record_true]));
+        }
+
+        #[fixture]
+        fn record_false() -> TestFilterRecord {
+            RecordMeta::builder()
+                .labels(HashMap::from_iter(vec![("label", "false")]))
+                .build()
+                .into()
+        }
+    }
+
+    mod context_dur {
+        use super::*;
+
+        #[rstest]
+        fn filter_ctx_before_duration(
+            parser: Parser,
+            record_false_3: TestFilterRecord,
+            record_false_4: TestFilterRecord,
+            record_true_5: TestFilterRecord,
+        ) {
+            let (condition, directives) = parser
+                .parse(json!({
+                    "#ctx_before": "2ms",
+                    "$and": [true, "&label"]
+                }))
+                .unwrap();
+
+            let mut filter = WhenFilter::try_new(condition, directives, true).unwrap();
+            let result = filter.filter(record_false_3.clone()).unwrap();
+            assert_eq!(result, Some(vec![]));
+
+            let result = filter.filter(record_false_4.clone()).unwrap();
+            assert_eq!(result, Some(vec![]));
+
+            let result = filter.filter(record_true_5.clone()).unwrap();
+            assert_eq!(
+                result,
+                Some(vec![record_false_3, record_false_4, record_true_5])
+            );
+        }
+
+        #[rstest]
+        fn filter_ctx_after_duration(
+            parser: Parser,
+            record_true_5: TestFilterRecord,
+            record_false_6: TestFilterRecord,
+            record_false_7: TestFilterRecord,
+        ) {
+            let (condition, directives) = parser
+                .parse(json!({
+                    "#ctx_after": "2ms",
+                    "$and": [true, "&label"]
+                }))
+                .unwrap();
+
+            let mut filter = WhenFilter::try_new(condition, directives, true).unwrap();
+
+            let result = filter.filter(record_true_5.clone()).unwrap();
+            assert_eq!(result, Some(vec![record_true_5]));
+
+            let result = filter.filter(record_false_6.clone()).unwrap();
+            assert_eq!(result, Some(vec![record_false_6]));
+
+            let result = filter.filter(record_false_7.clone()).unwrap();
+            assert_eq!(result, Some(vec![record_false_7]));
+        }
+
+        #[fixture]
+        fn record_false_3() -> TestFilterRecord {
+            RecordMeta::builder()
+                .timestamp(3000)
+                .labels(HashMap::from_iter(vec![("label", "false")]))
+                .build()
+                .into()
+        }
+
+        #[fixture]
+        fn record_false_7() -> TestFilterRecord {
+            RecordMeta::builder()
+                .timestamp(7000)
+                .labels(HashMap::from_iter(vec![("label", "false")]))
+                .build()
+                .into()
+        }
+
+        #[fixture]
+        fn record_false_6() -> TestFilterRecord {
+            RecordMeta::builder()
+                .timestamp(6000)
+                .labels(HashMap::from_iter(vec![("label", "false")]))
+                .build()
+                .into()
+        }
+
+        #[fixture]
+        fn record_true_5() -> TestFilterRecord {
+            RecordMeta::builder()
+                .timestamp(5000)
+                .labels(HashMap::from_iter(vec![("label", "true")]))
+                .build()
+                .into()
+        }
+
+        #[fixture]
+        fn record_false_4() -> TestFilterRecord {
+            RecordMeta::builder()
+                .timestamp(4000)
+                .labels(HashMap::from_iter(vec![("label", "false")]))
+                .build()
+                .into()
+        }
+    }
+
+    mod select_labels {
+        use super::*;
+
+        #[rstest]
+        fn filter_with_select_labels(parser: Parser, record_select_labels: TestFilterRecord) {
+            let (condition, directives) = parser
+                .parse(json!({
+                    "#select_labels": ["label1", "label3"],
+                    "$and": [true, "&label"]
+                }))
+                .unwrap();
+
+            let mut filter = WhenFilter::try_new(condition, directives, true).unwrap();
+
+            let result = filter.filter(record_select_labels).unwrap();
+            assert!(result.is_some());
+            let filtered_records = result.unwrap();
+            assert_eq!(filtered_records.len(), 1);
+
+            let record_labels = filtered_records[0].labels();
+            assert_eq!(record_labels.len(), 2);
+            assert!(record_labels.contains_key(&"label1".to_string()));
+            assert!(record_labels.contains_key(&"label3".to_string()));
+
+            assert!(!record_labels.contains_key(&"label".to_string()));
+            assert!(!record_labels.contains_key(&"label2".to_string()));
+        }
+
+        #[rstest]
+        fn filter_without_select_labels(parser: Parser, record_select_labels: TestFilterRecord) {
+            let (condition, directives) = parser
+                .parse(json!({
+                    "$and": [true, "&label"]
+                }))
+                .unwrap();
+
+            let mut filter = WhenFilter::try_new(condition, directives, true).unwrap();
+
+            let result = filter.filter(record_select_labels).unwrap();
+            assert!(result.is_some());
+            let filtered_records = result.unwrap();
+            assert_eq!(filtered_records.len(), 1);
+
+            let record_labels = filtered_records[0].labels();
+            assert_eq!(record_labels.len(), 4);
+            assert!(record_labels.contains_key(&"label".to_string()));
+            assert!(record_labels.contains_key(&"label1".to_string()));
+            assert!(record_labels.contains_key(&"label2".to_string()));
+            assert!(record_labels.contains_key(&"label3".to_string()));
+        }
+
+        #[fixture]
+        fn record_select_labels() -> TestFilterRecord {
+            RecordMeta::builder()
+                .labels(HashMap::from_iter(vec![
+                    ("label".to_string(), "true".to_string()),
+                    ("label1".to_string(), "value1".to_string()),
+                    ("label2".to_string(), "value2".to_string()),
+                    ("label3".to_string(), "value3".to_string()),
+                ]))
+                .build()
+                .into()
+        }
+    }
+
+    #[fixture]
+    fn parser() -> Parser {
+        Parser::new()
+    }
 
-        let wrapper = RecordWrapper::from(record.clone());
-        let result = filter.filter(&wrapper).unwrap();
-        assert_eq!(result, true);
+    #[fixture]
+    fn record_true() -> TestFilterRecord {
+        RecordMeta::builder()
+            .labels(HashMap::from_iter(vec![("label", "true")]))
+            .build()
+            .into()
     }
 }
diff --git a/reductstore/src/storage/query/filters/when/ctx_after.rs b/reductstore/src/storage/query/filters/when/ctx_after.rs
new file mode 100644
index 000000000..5b016dcb7
--- /dev/null
+++ b/reductstore/src/storage/query/filters/when/ctx_after.rs
@@ -0,0 +1,119 @@
+// Copyright 2025 ReductSoftware UG
+// Licensed under the Business Source License 1.1
+
+use crate::storage::query::condition::Value;
+use crate::storage::query::filters::when::Padding;
+use crate::storage::query::filters::when::Padding::{Duration, Records};
+use reduct_base::error::ReductError;
+use reduct_base::unprocessable_entity;
+
+/// Context for managing records after a condition is checked in a `when` filter.
+pub(super) struct CtxAfter {
+    after: Padding,
+    count: i64,
+    last_ts: Option<u64>,
+}
+
+impl CtxAfter {
+    pub fn try_new(directive: Option<Vec<Value>>) -> Result<Self, ReductError> {
+        let after = match directive {
+            Some(after) => {
+                if after.len() != 1 {
+                    return Err(unprocessable_entity!("#ctx_after must be a single value"));
+                }
+                let after_val = after.first().unwrap();
+
+                let val = after_val.as_int().map_err(|e| {
+                    unprocessable_entity!(
+                        "#ctx_after must be an integer or duration: {}",
+                        e.message
+                    )
+                })?;
+
+                if val < 0 {
+                    return Err(unprocessable_entity!("#ctx_after must be non-negative",));
+                }
+                if after_val.is_duration() {
+                    Duration(val as u64)
+                } else {
+                    Records(val as usize)
+                }
+            }
+            None => Records(0), // Default to 0 records after
+        };
+
+        Ok(CtxAfter {
+            after,
+            count: 0,
+            last_ts: None,
+        })
+    }
+
+    /// Checks the condition against the context, updating the state based on the padding type.
+    pub(crate) fn check(&mut self, condition: bool, time: u64) -> bool {
+        match self.after {
+            Records(n) => {
+                self.count -= 1;
+                if condition {
+                    self.count = n as i64;
+                }
+                self.count >= 0
+            }
+            Duration(us) => {
+                if condition {
+                    self.last_ts = Some(time);
+                }
+
+                self.last_ts.is_some_and(|last_ts| last_ts + us >= time)
+            }
+        }
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    #[test]
+    fn test_ctx_after_records() {
+        let mut ctx = CtxAfter::try_new(Some(vec![Value::Int(3)])).unwrap();
+        assert!(ctx.check(true, 1000));
+        assert!(ctx.check(false, 2000));
+        assert!(ctx.check(false, 3000));
+        assert!(ctx.check(false, 4000));
+        assert!(!ctx.check(false, 5000)); // Should be false after 3 records
+    }
+
+    #[test]
+    fn test_ctx_after_duration() {
+        let mut ctx = CtxAfter::try_new(Some(vec![Value::Duration(5000)])).unwrap();
+        assert!(ctx.check(true, 1000));
+        assert!(ctx.check(false, 2000));
+        assert!(ctx.check(false, 6000)); // Should still be true due to duration
+        assert!(!ctx.check(false, 7000)); // Should be false after duration expires
+    }
+
+    #[test]
+    fn test_ctx_after_invalid() {
+        let result = CtxAfter::try_new(Some(vec![Value::Int(-1)]));
+        assert_eq!(
+            result.err().unwrap(),
+            unprocessable_entity!("#ctx_after must be non-negative")
+        );
+
+        let result = CtxAfter::try_new(Some(vec![Value::String("invalid".to_string())]));
+        assert_eq!(result.err().unwrap(), unprocessable_entity!("#ctx_after must be an integer or duration: Value 'invalid' could not be parsed as integer"));
+
+        let result = CtxAfter::try_new(Some(vec![Value::Int(1), Value::Int(2)]));
+        assert_eq!(
+            result.err().unwrap(),
+            unprocessable_entity!("#ctx_after must be a single value")
+        );
+
+        let result = CtxAfter::try_new(Some(vec![]));
+        assert_eq!(
+            result.err().unwrap(),
+            unprocessable_entity!("#ctx_after must be a single value")
+        );
+    }
+}
diff --git a/reductstore/src/storage/query/filters/when/ctx_before.rs b/reductstore/src/storage/query/filters/when/ctx_before.rs
new file mode 100644
index 000000000..015ae4d01
--- /dev/null
+++ b/reductstore/src/storage/query/filters/when/ctx_before.rs
@@ -0,0 +1,163 @@
+// Copyright 2025 ReductSoftware UG
+// Licensed under the Business Source License 1.1
+
+use crate::storage::query::condition::Value;
+use crate::storage::query::filters::when::Padding;
+use crate::storage::query::filters::when::Padding::{Duration, Records};
+use crate::storage::query::filters::FilterRecord;
+use reduct_base::error::ReductError;
+use reduct_base::unprocessable_entity;
+use std::collections::VecDeque;
+
+/// Context for managing records before a condition is checked in a `when` filter.
+pub(super) struct CtxBefore {
+    before: Padding,
+}
+
+impl CtxBefore {
+    pub fn try_new(directive: Option<Vec<Value>>) -> Result<Self, ReductError> {
+        let before = match directive {
+            Some(before) => {
+                if before.len() != 1 {
+                    return Err(unprocessable_entity!("#ctx_before must be a single value"));
+                }
+
+                let before_val = before.first().unwrap();
+                let val = before_val.as_int().map_err(|e| {
+                    unprocessable_entity!(
+                        "#ctx_before must be an integer or duration: {}",
+                        e.message
+                    )
+                })?;
+                if val < 0 {
+                    return Err(unprocessable_entity!("#ctx_before must be non-negative",));
+                }
+
+                if before_val.is_duration() {
+                    Duration(val as u64)
+                } else {
+                    Records(val as usize)
+                }
+            }
+
+            None => {
+                // Default to 0 records before if no padding is specified
+                Records(0)
+            }
+        };
+
+        Ok(CtxBefore { before })
+    }
+
+    /// Queues a record into the context buffer, managing the size based on the `before` padding.
+    ///
+    /// Note: we need to keep the buffer outside of the filter to allow use reference to the first record
+    ///
+    /// # Arguments
+    ///
+    /// * `ctx_buffer` - A mutable reference to the buffer where records are stored.
+    /// * `record` - The record to be queued.
+    pub(crate) fn queue_record<R>(&self, ctx_buffer: &mut VecDeque<R>, record: R)
+    where
+        R: FilterRecord,
+    {
+        ctx_buffer.push_back(record);
+        match self.before {
+            Records(n) => {
+                if ctx_buffer.len() > n + 1 {
+                    ctx_buffer.pop_front();
+                }
+            }
+            Duration(us) => {
+                let mut first_record_ts = ctx_buffer.front().unwrap().timestamp();
+                let last_record_ts = ctx_buffer.back().unwrap().timestamp();
+                while last_record_ts - first_record_ts > us {
+                    ctx_buffer.pop_front().unwrap();
+                    first_record_ts = ctx_buffer.front().map_or(0, |r| r.timestamp());
+                }
+            }
+        }
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+    use crate::storage::query::filters::tests::TestFilterRecord;
+
+    use reduct_base::io::RecordMeta;
+    use rstest::*;
+
+    #[rstest]
+    fn test_ctx_before_records() {
+        let ctx = CtxBefore::try_new(Some(vec![Value::Int(2)])).unwrap();
+        let mut buffer = VecDeque::new();
+        let record: TestFilterRecord = RecordMeta::builder().build().into();
+
+        ctx.queue_record(&mut buffer, record.clone());
+        assert_eq!(buffer.len(), 1);
+        assert_eq!(buffer.front(), Some(&record));
+
+        ctx.queue_record(&mut buffer, record.clone());
+        assert_eq!(buffer.len(), 2);
+
+        ctx.queue_record(&mut buffer, record.clone());
+        assert_eq!(buffer.len(), 3);
+
+        ctx.queue_record(&mut buffer, record.clone());
+        assert_eq!(buffer.len(), 3, "Should not exceed 3 records");
+    }
+
+    #[rstest]
+    fn test_ctx_before_duration() {
+        let ctx = CtxBefore::try_new(Some(vec![Value::Duration(5000)])).unwrap();
+        let mut buffer = VecDeque::new();
+        let record1: TestFilterRecord = RecordMeta::builder().timestamp(1000).build().into();
+        let record2: TestFilterRecord = RecordMeta::builder().timestamp(6000).build().into();
+        let record3: TestFilterRecord = RecordMeta::builder().timestamp(6001).build().into();
+
+        ctx.queue_record(&mut buffer, record1.clone());
+        assert_eq!(buffer.len(), 1);
+        assert_eq!(buffer.front(), Some(&record1));
+
+        ctx.queue_record(&mut buffer, record2.clone());
+        assert_eq!(buffer.len(), 2);
+        assert_eq!(buffer.front(), Some(&record1));
+
+        ctx.queue_record(&mut buffer, record3.clone());
+        assert_eq!(
+            buffer.len(),
+            2,
+            "Should remove the first record after 5000ms"
+        );
+        assert_eq!(
+            buffer.front(),
+            Some(&record2),
+            "Should keep the second record"
+        );
+    }
+
+    #[test]
+    fn test_ctx_after_invalid() {
+        let result = CtxBefore::try_new(Some(vec![Value::Int(-1)]));
+        assert_eq!(
+            result.err().unwrap(),
+            unprocessable_entity!("#ctx_before must be non-negative")
+        );
+
+        let result = CtxBefore::try_new(Some(vec![Value::String("invalid".to_string())]));
+        assert_eq!(result.err().unwrap(), unprocessable_entity!("#ctx_before must be an integer or duration: Value 'invalid' could not be parsed as integer"));
+
+        let result = CtxBefore::try_new(Some(vec![Value::Int(1), Value::Int(2)]));
+        assert_eq!(
+            result.err().unwrap(),
+            unprocessable_entity!("#ctx_before must be a single value")
+        );
+
+        let result = CtxBefore::try_new(Some(vec![]));
+        assert_eq!(
+            result.err().unwrap(),
+            unprocessable_entity!("#ctx_before must be a single value")
+        );
+    }
+}
diff --git a/reductstore/src/storage/query/filters/when/select_labels.rs b/reductstore/src/storage/query/filters/when/select_labels.rs
new file mode 100644
index 000000000..6591d8a67
--- /dev/null
+++ b/reductstore/src/storage/query/filters/when/select_labels.rs
@@ -0,0 +1,120 @@
+// Copyright 2025 ReductSoftware UG
+// Licensed under the Business Source License 1.1
+
+use crate::storage::query::condition::Value;
+use crate::storage::query::filters::FilterRecord;
+use reduct_base::error::ReductError;
+use reduct_base::unprocessable_entity;
+use std::collections::{HashMap, HashSet};
+
+pub(super) struct LabelSelector {
+    labels: HashSet<String>,
+}
+
+impl LabelSelector {
+    pub fn try_new(directive: Option<Vec<Value>>) -> Result<Self, ReductError> {
+        let labels = match directive {
+            Some(labels) => {
+                if labels.is_empty() {
+                    return Err(unprocessable_entity!(
+                        "#select_labels must contain at least one label"
+                    ));
+                }
+
+                for label in &labels {
+                    if !label.is_string() {
+                        return Err(unprocessable_entity!(
+                            "#select_labels must contain only string values"
+                        ));
+                    }
+                }
+
+                labels
+                    .into_iter()
+                    .map(|label| label.to_string())
+                    .collect::<HashSet<String>>()
+            }
+            None => HashSet::new(), // Default to no labels selected
+        };
+
+        Ok(LabelSelector { labels })
+    }
+
+    pub fn select_labels<F: FilterRecord>(&self, mut record: F) -> F {
+        if !self.labels.is_empty() {
+            let filtered_labels = record
+                .labels()
+                .into_iter()
+                .filter(|(k, _)| self.labels.contains(k.as_str()))
+                .map(|(k, v)| (k.to_string(), v.to_string()))
+                .collect::<HashMap<String, String>>();
+
+            record.set_labels(filtered_labels);
+        }
+
+        record
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+    use crate::storage::query::filters::tests::TestFilterRecord;
+    use crate::storage::query::filters::FilterRecord;
+    use reduct_base::io::RecordMeta;
+    use reduct_base::Labels;
+    use rstest::{fixture, rstest};
+
+    #[rstest]
+    fn test_label_selector(record: TestFilterRecord) {
+        let selector =
+            LabelSelector::try_new(Some(vec![Value::String("label1".to_string())])).unwrap();
+
+        let filtered_record = selector.select_labels(record);
+        assert_eq!(filtered_record.labels().len(), 1);
+        assert!(filtered_record.labels().contains_key(&"label1".to_string()));
+    }
+
+    #[rstest]
+    fn test_label_selector_empty(record: TestFilterRecord) {
+        let selector = LabelSelector::try_new(None).unwrap();
+
+        let filtered_record = selector.select_labels(record.clone());
+        assert_eq!(
+            filtered_record.labels(),
+            record.labels(),
+            "should be unchanged"
+        );
+    }
+
+    #[rstest]
+    fn test_new_label_selector_invalid() {
+        let result = LabelSelector::try_new(Some(vec![Value::Int(42)]));
+        assert!(
+            result.is_err(),
+            "should return an error for non-string values"
+        );
+    }
+
+    #[rstest]
+    fn test_new_label_selector_empty() {
+        let result = LabelSelector::try_new(Some(vec![]));
+        assert!(
+            result.is_err(),
+            "should return an error for empty label list"
+        );
+    }
+
+    #[fixture]
+    fn record() -> TestFilterRecord {
+        RecordMeta::builder()
+            .timestamp(1234567890)
+            .state(1)
+            .labels(Labels::from_iter(vec![
+                ("label1".to_string(), "value1".to_string()),
+                ("label2".to_string(), "value2".to_string()),
+            ]))
+            .build()
+            .into()
+    }
+}
diff --git a/reductstore/src/storage/query/historical.rs b/reductstore/src/storage/query/historical.rs
index 6f42ca76a..b945809dd 100644
--- a/reductstore/src/storage/query/historical.rs
+++ b/reductstore/src/storage/query/historical.rs
@@ -1,21 +1,46 @@
-// Copyright 2023-2024 ReductSoftware UG
+// Copyright 2023-2025 ReductSoftware UG
 // Licensed under the Business Source License 1.1
 
-use std::collections::VecDeque;
-use std::sync::{Arc, RwLock};
-
 use crate::storage::block_manager::{BlockManager, BlockRef};
 use crate::storage::entry::RecordReader;
+use crate::storage::proto::record;
 use crate::storage::proto::{record::State as RecordState, ts_to_us, Record};
 use crate::storage::query::base::{Query, QueryOptions};
 use crate::storage::query::condition::Parser;
 use crate::storage::query::filters::{
-    EachNFilter, EachSecondFilter, ExcludeLabelFilter, IncludeLabelFilter, RecordFilter,
-    RecordStateFilter, TimeRangeFilter, WhenFilter,
+    apply_filters_recursively, EachNFilter, EachSecondFilter, ExcludeLabelFilter, FilterRecord,
+    IncludeLabelFilter, RecordFilter, RecordStateFilter, TimeRangeFilter, WhenFilter,
 };
-use reduct_base::error::{ErrorCode, ReductError};
-use reduct_base::io::RecordMeta;
-use reduct_base::Labels;
+use reduct_base::error::ReductError;
+use std::collections::{HashMap, VecDeque};
+use std::sync::{Arc, RwLock};
+
+impl FilterRecord for Record {
+    fn state(&self) -> i32 {
+        self.state
+    }
+
+    fn timestamp(&self) -> u64 {
+        self.timestamp.as_ref().map_or(0, |ts| ts_to_us(ts))
+    }
+
+    fn labels(&self) -> HashMap<&String, &String> {
+        HashMap::from_iter(self.labels.iter().map(|label| (&label.name, &label.value)))
+    }
+
+    fn set_labels(&mut self, labels: HashMap<String, String>) {
+        self.labels = labels
+            .into_iter()
+            .map(|(k, v)| record::Label { name: k, value: v })
+            .collect();
+    }
+
+    fn computed_labels(&self) -> HashMap<&String, &String> {
+        HashMap::new()
+    }
+}
+
+type Filter = Box<dyn RecordFilter<Record> + Send + Sync>;
 
 pub struct HistoricalQuery {
     /// The start time of the query.
@@ -27,11 +52,9 @@ pub struct HistoricalQuery {
     /// The current block that is being read. Cached to avoid loading the same block multiple times.
     current_block: Option<BlockRef>,
     /// Filters
-    filters: Vec<Box<dyn RecordFilter + Send + Sync>>,
+    filters: Vec<Filter>,
     /// Request only metadata without the content.
     only_metadata: bool,
-    /// Strict mode
-    strict: bool,
     /// Interrupted query
     is_interrupted: bool,
 }
@@ -42,7 +65,7 @@ impl HistoricalQuery {
         stop_time: u64,
         options: QueryOptions,
     ) -> Result<Self, ReductError> {
-        let mut filters: Vec<Box<dyn RecordFilter + Send + Sync>> = vec![
+        let mut filters: Vec<Filter> = vec![
             Box::new(TimeRangeFilter::new(start_time, stop_time)),
             Box::new(RecordStateFilter::new(RecordState::Finished)),
         ];
@@ -65,8 +88,12 @@ impl HistoricalQuery {
 
         if let Some(when) = options.when {
             let parser = Parser::new();
-            let condition = parser.parse(&when)?;
-            filters.push(Box::new(WhenFilter::new(condition)));
+            let (condition, directives) = parser.parse(when)?;
+            filters.push(Box::new(WhenFilter::try_new(
+                condition,
+                directives,
+                options.strict,
+            )?));
         }
 
         Ok(HistoricalQuery {
@@ -76,7 +103,6 @@ impl HistoricalQuery {
             current_block: None,
             filters,
             only_metadata: options.only_metadata,
-            strict: options.strict,
             is_interrupted: false,
         })
     }
@@ -116,10 +142,9 @@ impl Query for HistoricalQuery {
                 let block_ref = bm.load_block(block_id)?;
 
                 self.current_block = Some(block_ref);
-                let (mut found_records, continue_query) =
-                    self.filter_records_from_current_block()?;
-                self.is_interrupted = !continue_query;
+                let mut found_records = self.filter_records_from_current_block()?;
                 found_records.sort_by_key(|rec| ts_to_us(rec.timestamp.as_ref().unwrap()));
+
                 self.records_from_current_block.extend(found_records);
                 if !self.records_from_current_block.is_empty() {
                     break;
@@ -135,93 +160,36 @@ impl Query for HistoricalQuery {
         let block = self.current_block.as_ref().unwrap();
 
         if self.only_metadata {
-            Ok(RecordReader::form_record(record.clone(), false))
+            Ok(RecordReader::form_record(record))
         } else {
             RecordReader::try_new(
                 Arc::clone(&block_manager),
                 block.clone(),
                 ts_to_us(&record.timestamp.unwrap()),
-                false,
+                Some(record),
             )
         }
     }
 }
 
-// Wrapper for RecordMeta to implement RecordMeta for Record
-// This is needed because we need different layout for labels in RecordMeta and Record
-struct RecordMetaWrapper {
-    time: u64,
-    labels: Labels,
-    state: i32,
-}
-
-impl RecordMeta for RecordMetaWrapper {
-    fn timestamp(&self) -> u64 {
-        self.time
-    }
-
-    fn labels(&self) -> &Labels {
-        &self.labels
-    }
-
-    fn state(&self) -> i32 {
-        self.state
-    }
-}
-
-impl From<Record> for RecordMetaWrapper {
-    fn from(record: Record) -> Self {
-        RecordMetaWrapper {
-            time: ts_to_us(record.timestamp.as_ref().unwrap()),
-            labels: record
-                .labels
-                .iter()
-                .map(|label| (label.name.clone(), label.value.clone()))
-                .collect(),
-            state: record.state,
-        }
-    }
-}
-
 impl HistoricalQuery {
-    fn filter_records_from_current_block(&mut self) -> Result<(Vec<Record>, bool), ReductError> {
+    fn filter_records_from_current_block(&mut self) -> Result<Vec<Record>, ReductError> {
         let block = self.current_block.as_ref().unwrap().read()?;
         let mut filtered_records = Vec::new();
         for record in block.record_index().values() {
-            let wrapper = RecordMetaWrapper::from(record.clone());
-            let mut include_record = true;
-            for filter in self.filters.iter_mut() {
-                match filter.filter(&wrapper) {
-                    Ok(false) => {
-                        include_record = false;
-                        break;
-                    }
-                    Ok(true) => {}
-
-                    Err(err) => {
-                        // if the filter is interrupted, we return what we have
-                        // and notify the caller to stop the query
-                        if err.status == ErrorCode::Interrupt {
-                            return Ok((filtered_records, false));
-                        }
-
-                        if self.strict {
-                            // in strict mode, we return an error if a filter fails
-                            return Err(err);
-                        }
-
-                        // in non-strict mode, we ignore the record with the failed filter
-                        include_record = false;
-                        break;
-                    }
+            match apply_filters_recursively(self.filters.as_mut_slice(), vec![record.clone()], 0)? {
+                Some(records) => {
+                    filtered_records.extend(records);
+                }
+                None => {
+                    // If the filtering is interrupted, we stop processing further records.
+                    self.is_interrupted = true;
+                    break;
                 }
-            }
-            if include_record {
-                filtered_records.push(record.clone());
             }
         }
 
-        Ok((filtered_records, true))
+        Ok(filtered_records)
     }
 }
 
@@ -234,19 +202,43 @@ mod tests {
     use super::*;
 
     use crate::storage::proto::record;
+    use crate::storage::proto::{us_to_ts, Record};
     use crate::storage::query::base::tests::block_manager;
     use reduct_base::error::ErrorCode;
     use reduct_base::ext::BoxedReadRecord;
     use reduct_base::io::ReadRecord;
     use reduct_base::{no_content, not_found};
 
+    #[test]
+    fn test_set_labels() {
+        let mut record = Record {
+            timestamp: Some(us_to_ts(&100)),
+            begin: 0,
+            end: 10,
+            state: record::State::Finished as i32,
+            labels: vec![],
+            content_type: "text/plain".to_string(),
+        };
+
+        let new_labels = HashMap::from([
+            ("key1".to_string(), "value1".to_string()),
+            ("key2".to_string(), "value2".to_string()),
+        ]);
+
+        record.set_labels(new_labels);
+
+        assert_eq!(record.labels.len(), 2);
+        assert_eq!(record.labels()[&"key1".to_string()], "value1");
+        assert_eq!(record.labels()[&"key2".to_string()], "value2");
+    }
+
     #[rstest]
     fn test_query_ok_1_rec(block_manager: Arc<RwLock<BlockManager>>) {
         let mut query = HistoricalQuery::try_new(0, 5, QueryOptions::default()).unwrap();
         let records = read_to_vector(&mut query, block_manager);
 
         assert_eq!(records.len(), 1);
-        assert_eq!(records[0].0.timestamp(), 0);
+        assert_eq!(records[0].0.meta().timestamp(), 0);
         assert_eq!(records[0].1, "0123456789");
     }
 
@@ -256,9 +248,9 @@ mod tests {
         let records = read_to_vector(&mut query, block_manager);
 
         assert_eq!(records.len(), 2);
-        assert_eq!(records[0].0.timestamp(), 0);
+        assert_eq!(records[0].0.meta().timestamp(), 0);
         assert_eq!(records[0].1, "0123456789");
-        assert_eq!(records[1].0.timestamp(), 5);
+        assert_eq!(records[1].0.meta().timestamp(), 5);
         assert_eq!(records[1].1, "0123456789");
     }
 
@@ -268,11 +260,11 @@ mod tests {
         let records = read_to_vector(&mut query, block_manager);
 
         assert_eq!(records.len(), 3);
-        assert_eq!(records[0].0.timestamp(), 0);
+        assert_eq!(records[0].0.meta().timestamp(), 0);
         assert_eq!(records[0].1, "0123456789");
-        assert_eq!(records[1].0.timestamp(), 5);
+        assert_eq!(records[1].0.meta().timestamp(), 5);
         assert_eq!(records[1].1, "0123456789");
-        assert_eq!(records[2].0.timestamp(), 1000);
+        assert_eq!(records[2].0.meta().timestamp(), 1000);
         assert_eq!(records[2].1, "0123456789");
     }
 
@@ -293,9 +285,9 @@ mod tests {
         let records = read_to_vector(&mut query, block_manager);
 
         assert_eq!(records.len(), 1);
-        assert_eq!(records[0].0.timestamp(), 1000);
+        assert_eq!(records[0].0.meta().timestamp(), 1000);
         assert_eq!(
-            records[0].0.labels(),
+            records[0].0.meta().labels(),
             &HashMap::from([
                 ("block".to_string(), "2".to_string()),
                 ("record".to_string(), "1".to_string()),
@@ -322,9 +314,9 @@ mod tests {
         let records = read_to_vector(&mut query, block_manager);
 
         assert_eq!(records.len(), 2);
-        assert_eq!(records[0].0.timestamp(), 5);
+        assert_eq!(records[0].0.meta().timestamp(), 5);
         assert_eq!(
-            records[0].0.labels(),
+            records[0].0.meta().labels(),
             &HashMap::from([
                 ("block".to_string(), "1".to_string()),
                 ("record".to_string(), "2".to_string()),
@@ -372,8 +364,8 @@ mod tests {
         let records = read_to_vector(&mut query, block_manager);
 
         assert_eq!(records.len(), 2);
-        assert_eq!(records[0].0.timestamp(), 0);
-        assert_eq!(records[1].0.timestamp(), 1000);
+        assert_eq!(records[0].0.meta().timestamp(), 0);
+        assert_eq!(records[1].0.meta().timestamp(), 1000);
     }
 
     #[rstest]
@@ -390,8 +382,8 @@ mod tests {
         let records = read_to_vector(&mut query, block_manager);
 
         assert_eq!(records.len(), 2);
-        assert_eq!(records[0].0.timestamp(), 0);
-        assert_eq!(records[1].0.timestamp(), 1000);
+        assert_eq!(records[0].0.meta().timestamp(), 0);
+        assert_eq!(records[1].0.meta().timestamp(), 1000);
     }
 
     #[rstest]
@@ -408,7 +400,7 @@ mod tests {
         let records = read_to_vector(&mut query, block_manager);
 
         assert_eq!(records.len(), 1);
-        assert_eq!(records[0].0.timestamp(), 0);
+        assert_eq!(records[0].0.meta().timestamp(), 0);
     }
 
     #[rstest]
@@ -445,7 +437,7 @@ mod tests {
         let records = read_to_vector(&mut query, block_manager);
 
         assert_eq!(records.len(), 1);
-        assert_eq!(records[0].0.timestamp(), 0);
+        assert_eq!(records[0].0.meta().timestamp(), 0);
     }
 
     #[rstest]
diff --git a/reductstore/src/storage/query/limited.rs b/reductstore/src/storage/query/limited.rs
index f017f325b..8dd538c25 100644
--- a/reductstore/src/storage/query/limited.rs
+++ b/reductstore/src/storage/query/limited.rs
@@ -35,15 +35,7 @@ impl Query for LimitedQuery {
         }
 
         self.limit_count -= 1;
-        let reader = self.query.next(block_manager);
-        if self.limit_count == 0 {
-            reader.map(|mut r| {
-                r.set_last(true);
-                r
-            })
-        } else {
-            reader
-        }
+        self.query.next(block_manager)
     }
 }
 
@@ -52,7 +44,7 @@ mod tests {
     use super::*;
     use crate::storage::query::base::tests::block_manager;
     use reduct_base::error::ErrorCode;
-    use reduct_base::io::{ReadRecord, RecordMeta};
+    use reduct_base::io::ReadRecord;
     use rstest::rstest;
 
     #[rstest]
@@ -68,8 +60,7 @@ mod tests {
         .unwrap();
 
         let reader = query.next(block_manager.clone()).unwrap();
-        assert_eq!(reader.timestamp(), 0);
-        assert!(reader.last());
+        assert_eq!(reader.meta().timestamp(), 0);
 
         assert_eq!(
             query.next(block_manager).err(),
diff --git a/reductstore/src/storage/storage.rs b/reductstore/src/storage/storage.rs
index 0845fea77..78dc07770 100644
--- a/reductstore/src/storage/storage.rs
+++ b/reductstore/src/storage/storage.rs
@@ -1,4 +1,4 @@
-// Copyright 2023-2024 ReductSoftware UG
+// Copyright 2023-2025 ReductSoftware UG
 // Licensed under the Business Source License 1.1
 
 use log::{debug, error, info};
@@ -48,15 +48,14 @@ impl Storage {
     ///
     /// If the data_path doesn't exist and can't be created, or if a bucket can't be restored.
     pub fn load(data_path: PathBuf, license: Option<License>) -> Storage {
-        if !data_path.try_exists().unwrap_or(false) {
+        if !FILE_CACHE.try_exists(&data_path).unwrap_or(false) {
             info!("Folder {:?} doesn't exist. Create it.", data_path);
-            std::fs::create_dir_all(&data_path).unwrap();
+            FILE_CACHE.create_dir_all(&data_path).unwrap();
         }
 
         // restore buckets
         let mut buckets = BTreeMap::new();
-        for entry in std::fs::read_dir(&data_path).unwrap() {
-            let path = entry.unwrap().path();
+        for path in FILE_CACHE.read_dir(&data_path).unwrap() {
             if path.is_dir() {
                 match Bucket::restore(path.clone()) {
                     Ok(bucket) => {
@@ -142,7 +141,7 @@ impl Storage {
     ///
     /// * `Bucket` - The bucket or an HTTPError
     pub(crate) fn get_bucket(&self, name: &str) -> Result<Weak<Bucket>, ReductError> {
-        let buckets = self.buckets.read().unwrap();
+        let buckets = self.buckets.read()?;
         match buckets.get(name) {
             Some(bucket) => Ok(Arc::clone(bucket).into()),
             None => Err(ReductError::not_found(
@@ -236,7 +235,7 @@ impl Storage {
                 Some(_) => {
                     sync_task.wait()?;
                     FILE_CACHE.discard_recursive(&path)?;
-                    std::fs::rename(&path, &new_path)?;
+                    FILE_CACHE.rename(&path, &new_path)?;
                     let bucket = Bucket::restore(new_path)?;
                     buckets.insert(new_name.to_string(), Arc::new(bucket));
                     debug!("Bucket '{}' is renamed to '{}'", old_name, new_name);
@@ -273,6 +272,8 @@ impl Storage {
             }
         }
 
+        FILE_CACHE.force_sync_all();
+
         Ok(())
     }
 
@@ -294,6 +295,7 @@ pub(super) fn check_name_convention(name: &str) -> Result<(), ReductError> {
 #[cfg(test)]
 mod tests {
     use super::*;
+    use crate::backend::Backend;
     use bytes::Bytes;
     use reduct_base::msg::bucket_api::QuotaType;
     use reduct_base::Labels;
@@ -411,12 +413,13 @@ mod tests {
         }
 
         #[rstest]
-        fn test_ignore_broken_buket(storage: Storage) {
+        fn test_ignore_broken_bucket(storage: Storage) {
             let bucket_settings = BucketSettings {
                 quota_size: Some(100),
                 quota_type: Some(QuotaType::FIFO),
                 ..Bucket::defaults()
             };
+
             let bucket = storage
                 .create_bucket("test", bucket_settings.clone())
                 .unwrap()
@@ -424,7 +427,7 @@ mod tests {
             assert_eq!(bucket.name(), "test");
 
             let path = storage.data_path.join("test");
-            std::fs::remove_file(path.join(SETTINGS_NAME)).unwrap();
+            FILE_CACHE.remove(&path.join(SETTINGS_NAME)).unwrap();
             let storage = Storage::load(storage.data_path.clone(), None);
             assert_eq!(
                 storage.info().unwrap(),
@@ -654,11 +657,17 @@ mod tests {
     #[fixture]
 
     fn path() -> PathBuf {
-        tempdir().unwrap().into_path()
+        tempdir().unwrap().keep()
     }
 
     #[fixture]
     fn storage(path: PathBuf) -> Storage {
+        FILE_CACHE.set_storage_backend(
+            Backend::builder()
+                .local_data_path(path.to_str().unwrap())
+                .try_build()
+                .unwrap(),
+        );
         Storage::load(path, None)
     }
 }