chore: cleanup and route refactoring

Signed-off-by: allanice001 <allanice001@gmail.com>

ui/src/pages/org/settings.tsx

@@ -1,6 +1,8 @@
-import { useEffect } from "react"
+import { useEffect, useMemo } from "react"
+import { credentialsApi } from "@/api/credentials.ts"
 import { withRefresh } from "@/api/with-refresh.ts"
 import { orgStore } from "@/auth/org.ts"
+import type { DtoCredentialOut } from "@/sdk"
 import { makeOrgsApi } from "@/sdkClient.ts"
 import { zodResolver } from "@hookform/resolvers/zod"
 import { useMutation, useQuery, useQueryClient } from "@tanstack/react-query"
@@ -20,6 +22,20 @@ import {
 } from "@/components/ui/form.tsx"
 import { Input } from "@/components/ui/input.tsx"
 
+const isS3 = (c: DtoCredentialOut) =>
+  c.provider === "aws" &&
+  c.scope_kind === "service" &&
+  // scope may be JSON; allow both object and stringified JSON
+  (() => {
+    const s = (c as any).scope
+    try {
+      const obj = typeof s === "string" ? JSON.parse(s) : s || {}
+      return obj?.service === "s3"
+    } catch {
+      return false
+    }
+  })()
+
 const schema = z.object({
   name: z.string().min(1, "Required"),
   domain: z.string().optional(),
@@ -38,6 +54,13 @@ export const OrgSettings = () => {
     queryFn: () => withRefresh(() => api.getOrg({ id: orgId! })),
   })
 
+  const credentialQ = useQuery({
+    queryKey: ["credentials", "s3"],
+    queryFn: () => credentialsApi.listCredentials(), // client-side filter
+  })
+
+  const s3Credentials = useMemo(() => (credentialQ.data ?? []).filter(isS3), [credentialQ.data])
+
   const form = useForm<Values>({
     resolver: zodResolver(schema),
     defaultValues: {