diff --git a/apps/web/next.config.ts b/apps/web/next.config.ts
index 83f9727..7e59e37 100644
--- a/apps/web/next.config.ts
+++ b/apps/web/next.config.ts
@@ -8,6 +8,8 @@ const nextConfig: NextConfig = {
   transpilePackages: ["@msk-forms/ui", "@msk-forms/shared", "@msk-forms/db"],
   // typedRoutes graduated out of `experimental` in Next.js 16.
   typedRoutes: true,
+  // sharp is a native module (logo re-encoding) — keep it external, don't bundle.
+  serverExternalPackages: ["sharp"],
   // Note: Next.js 16 removed `next lint` — linting runs centrally via the
   // flat config (eslint.config.mjs) at the monorepo root.
 };
diff --git a/apps/web/package.json b/apps/web/package.json
index 0b5e8af..cedcf27 100644
--- a/apps/web/package.json
+++ b/apps/web/package.json
@@ -28,6 +28,7 @@
     "qrcode": "^1.5.4",
     "react": "^19.0.0",
     "react-dom": "^19.0.0",
+    "sharp": "^0.35.2",
     "tailwind-merge": "^2.6.0",
     "zod": "^3.24.1",
     "zustand": "^5.0.2"
diff --git a/apps/web/src/app/api/guilds/[guildId]/branding/logo/route.ts b/apps/web/src/app/api/guilds/[guildId]/branding/logo/route.ts
new file mode 100644
index 0000000..59da9fc
--- /dev/null
+++ b/apps/web/src/app/api/guilds/[guildId]/branding/logo/route.ts
@@ -0,0 +1,117 @@
+import { Prisma, prisma } from "@msk-forms/db";
+import { type Branding } from "@msk-forms/shared";
+import { NextResponse, type NextRequest } from "next/server";
+import sharp from "sharp";
+
+import { getCurrentUser } from "@/lib/auth";
+import { parseBranding } from "@/lib/branding";
+import { canManageForms } from "@/lib/guild";
+import { sniffRasterImage } from "@/lib/image";
+import { deleteObject, putObject, s3Enabled } from "@/lib/s3";
+
+export const runtime = "nodejs";
+export const dynamic = "force-dynamic";
+
+const MAX_BYTES = 1024 * 1024; // 1 MB
+const MAX_DIM = 512;
+
+async function loadBranding(guildId: string): Promise<Branding> {
+  const guild = await prisma.guild.findUnique({ where: { id: guildId }, select: { branding: true } });
+  return parseBranding(guild?.branding);
+}
+
+/** Upload a guild logo. Manager-only, hardened against malicious uploads. */
+export async function POST(
+  request: NextRequest,
+  { params }: { params: Promise<{ guildId: string }> },
+) {
+  const { guildId } = await params;
+
+  const user = await getCurrentUser();
+  if (!user) return NextResponse.json({ error: "Unauthorized." }, { status: 401 });
+  if (!(await canManageForms(guildId, user.id))) {
+    return NextResponse.json({ error: "Forbidden." }, { status: 403 });
+  }
+  if (!s3Enabled()) {
+    return NextResponse.json({ error: "File storage is not available." }, { status: 503 });
+  }
+
+  const formData = await request.formData().catch(() => null);
+  const file = formData?.get("file");
+  if (!(file instanceof File)) {
+    return NextResponse.json({ error: "Missing file." }, { status: 400 });
+  }
+  if (file.size === 0 || file.size > MAX_BYTES) {
+    return NextResponse.json({ error: "Logo must be 1 byte–1 MB." }, { status: 413 });
+  }
+
+  const input = new Uint8Array(await file.arrayBuffer());
+
+  // 1) Reject anything that isn't a known raster image by its real bytes
+  //    (no SVG → no script; ignore the client-declared MIME entirely).
+  if (!sniffRasterImage(input)) {
+    return NextResponse.json(
+      { error: "Only PNG, JPEG, WebP or GIF images are allowed." },
+      { status: 415 },
+    );
+  }
+
+  // 2) Decode + re-encode with sharp: this strips any hidden payload, EXIF,
+  //    color profiles, or polyglot tricks — only pixels survive. Bounded
+  //    input pixels guard against decompression bombs.
+  let webp: Buffer;
+  try {
+    webp = await sharp(input, { limitInputPixels: 24_000_000, failOn: "error" })
+      .rotate()
+      .resize(MAX_DIM, MAX_DIM, { fit: "inside", withoutEnlargement: true })
+      .webp({ quality: 88 })
+      .toBuffer();
+  } catch {
+    return NextResponse.json({ error: "That image couldn't be processed." }, { status: 422 });
+  }
+
+  const branding = await loadBranding(guildId);
+  const key = `branding/${guildId}/${crypto.randomUUID()}.webp`;
+  try {
+    await putObject(key, new Uint8Array(webp), "image/webp");
+  } catch (err) {
+    console.error("[logo] storage error:", (err as Error).message);
+    return NextResponse.json({ error: "Upload failed. Please try again." }, { status: 502 });
+  }
+
+  // Swap in the new key, then best-effort remove the old object.
+  const previous = branding.logoKey;
+  await prisma.guild.update({
+    where: { id: guildId },
+    data: { branding: { ...branding, logoKey: key } as Prisma.InputJsonValue },
+  });
+  if (previous && previous !== key) await deleteObject(previous);
+
+  return NextResponse.json({ ok: true });
+}
+
+/** Remove a guild logo. Manager-only. */
+export async function DELETE(
+  _request: NextRequest,
+  { params }: { params: Promise<{ guildId: string }> },
+) {
+  const { guildId } = await params;
+
+  const user = await getCurrentUser();
+  if (!user) return NextResponse.json({ error: "Unauthorized." }, { status: 401 });
+  if (!(await canManageForms(guildId, user.id))) {
+    return NextResponse.json({ error: "Forbidden." }, { status: 403 });
+  }
+
+  const branding = await loadBranding(guildId);
+  if (branding.logoKey) {
+    const { logoKey, ...rest } = branding;
+    void logoKey;
+    await prisma.guild.update({
+      where: { id: guildId },
+      data: { branding: rest as Prisma.InputJsonValue },
+    });
+    await deleteObject(branding.logoKey);
+  }
+  return NextResponse.json({ ok: true });
+}
diff --git a/apps/web/src/app/api/guilds/[guildId]/branding/route.ts b/apps/web/src/app/api/guilds/[guildId]/branding/route.ts
index d3dd217..085566c 100644
--- a/apps/web/src/app/api/guilds/[guildId]/branding/route.ts
+++ b/apps/web/src/app/api/guilds/[guildId]/branding/route.ts
@@ -1,14 +1,15 @@
 import { Prisma, prisma } from "@msk-forms/db";
-import { brandingSchema } from "@msk-forms/shared";
+import { brandingColorSchema, type Branding } from "@msk-forms/shared";
 import { NextResponse, type NextRequest } from "next/server";
 
 import { getCurrentUser } from "@/lib/auth";
+import { parseBranding } from "@/lib/branding";
 import { canManageForms } from "@/lib/guild";
 
 export const runtime = "nodejs";
 export const dynamic = "force-dynamic";
 
-/** Update a guild's branding. Requires owner/admin. */
+/** Update a guild's accent color. Owner/admin only. Preserves the logo. */
 export async function PATCH(
   request: NextRequest,
   { params }: { params: Promise<{ guildId: string }> },
@@ -21,7 +22,7 @@ export async function PATCH(
     return NextResponse.json({ error: "Forbidden." }, { status: 403 });
   }
 
-  const parsed = brandingSchema.safeParse(await request.json().catch(() => null));
+  const parsed = brandingColorSchema.safeParse(await request.json().catch(() => null));
   if (!parsed.success) {
     return NextResponse.json(
       { error: parsed.error.issues[0]?.message ?? "Invalid branding." },
@@ -29,9 +30,18 @@ export async function PATCH(
     );
   }
 
+  // Read-merge-write so the separately-managed logo isn't clobbered.
+  const guild = await prisma.guild.findUnique({
+    where: { id: guildId },
+    select: { branding: true },
+  });
+  const next: Branding = { ...parseBranding(guild?.branding) };
+  if (parsed.data.accentColor) next.accentColor = parsed.data.accentColor;
+  else delete next.accentColor;
+
   await prisma.guild.update({
     where: { id: guildId },
-    data: { branding: parsed.data as Prisma.InputJsonValue },
+    data: { branding: next as Prisma.InputJsonValue },
   });
   return NextResponse.json({ ok: true });
 }
diff --git a/apps/web/src/app/api/guilds/[guildId]/logo/route.ts b/apps/web/src/app/api/guilds/[guildId]/logo/route.ts
new file mode 100644
index 0000000..c3366d1
--- /dev/null
+++ b/apps/web/src/app/api/guilds/[guildId]/logo/route.ts
@@ -0,0 +1,38 @@
+import { prisma } from "@msk-forms/db";
+import { NextResponse, type NextRequest } from "next/server";
+
+import { parseBranding } from "@/lib/branding";
+import { getObject } from "@/lib/s3";
+
+export const runtime = "nodejs";
+export const dynamic = "force-dynamic";
+
+/**
+ * Stream a guild's logo (public branding asset). Always served as image/webp
+ * (logos are re-encoded to WebP on upload) with nosniff, so the response can't
+ * be reinterpreted as another content type.
+ */
+export async function GET(
+  _request: NextRequest,
+  { params }: { params: Promise<{ guildId: string }> },
+) {
+  const { guildId } = await params;
+
+  const guild = await prisma.guild.findUnique({
+    where: { id: guildId },
+    select: { branding: true },
+  });
+  const key = parseBranding(guild?.branding).logoKey;
+  if (!key) return NextResponse.json({ error: "No logo." }, { status: 404 });
+
+  const object = await getObject(key);
+  if (!object) return NextResponse.json({ error: "No logo." }, { status: 404 });
+
+  return new NextResponse(object.body, {
+    headers: {
+      "Content-Type": "image/webp",
+      "X-Content-Type-Options": "nosniff",
+      "Cache-Control": "public, max-age=300",
+    },
+  });
+}
diff --git a/apps/web/src/app/dashboard/[guildId]/branding/page.tsx b/apps/web/src/app/dashboard/[guildId]/branding/page.tsx
index 75bfce1..f1a4a72 100644
--- a/apps/web/src/app/dashboard/[guildId]/branding/page.tsx
+++ b/apps/web/src/app/dashboard/[guildId]/branding/page.tsx
@@ -2,8 +2,9 @@ import { prisma } from "@msk-forms/db";
 import { Card } from "@msk-forms/ui";
 
 import { BrandingForm } from "@/components/branding/branding-form";
+import { LogoForm } from "@/components/branding/logo-form";
 import { requireUser } from "@/lib/auth";
-import { parseBranding } from "@/lib/branding";
+import { logoUrl, parseBranding } from "@/lib/branding";
 import { canManageForms } from "@/lib/guild";
 import { getDict } from "@/i18n";
 
@@ -37,6 +38,7 @@ export default async function BrandingPage({
     <div className="flex flex-col gap-4">
       <h2 className="font-heading text-xl font-semibold text-foreground">{t.branding.title}</h2>
       <BrandingForm guildId={guildId} initial={branding} t={t.branding} />
+      <LogoForm guildId={guildId} logoUrl={logoUrl(guildId, branding)} t={t.branding} />
     </div>
   );
 }
diff --git a/apps/web/src/app/f/[slug]/page.tsx b/apps/web/src/app/f/[slug]/page.tsx
index 344e514..30dc2a5 100644
--- a/apps/web/src/app/f/[slug]/page.tsx
+++ b/apps/web/src/app/f/[slug]/page.tsx
@@ -6,7 +6,7 @@ import type { CSSProperties } from "react";
 
 import { FormRenderer } from "@/components/form/form-renderer";
 import { getCurrentUser } from "@/lib/auth";
-import { brandStyle, parseBranding } from "@/lib/branding";
+import { brandStyle, logoUrl, parseBranding } from "@/lib/branding";
 import { captchaSiteKey } from "@/lib/captcha";
 import { getLiveFormBySlug } from "@/lib/forms";
 import { getDict } from "@/i18n";
@@ -25,11 +25,13 @@ export default async function PublicFormPage({
 
   if (!form || !form.spec) notFound();
 
-  const brand = brandStyle(parseBranding(form.guild.branding));
+  const branding = parseBranding(form.guild.branding);
+  const brand = brandStyle(branding);
+  const logo = logoUrl(form.guildId, branding);
 
   if (form.status !== "live") {
     return (
-      <Shell guildName={form.guild.name} title={form.title} style={brand}>
+      <Shell guildName={form.guild.name} title={form.title} style={brand} logoSrc={logo}>
         <p className="text-sm text-muted-foreground">{t.notAccepting}</p>
       </Shell>
     );
@@ -39,7 +41,7 @@ export default async function PublicFormPage({
     const user = await getCurrentUser();
     if (!user) {
       return (
-        <Shell guildName={form.guild.name} title={form.title} style={brand}>
+        <Shell guildName={form.guild.name} title={form.title} style={brand} logoSrc={logo}>
           <p className="text-sm text-muted-foreground">{t.needLogin}</p>
           <a
             href={`/api/auth/discord/login?returnTo=/f/${slug}`}
@@ -54,7 +56,7 @@ export default async function PublicFormPage({
 
   if (form.visibility === "password" || form.visibility === "role_required") {
     return (
-      <Shell guildName={form.guild.name} title={form.title} style={brand}>
+      <Shell guildName={form.guild.name} title={form.title} style={brand} logoSrc={logo}>
         <p className="text-sm text-muted-foreground">{t.accessRestricted}</p>
       </Shell>
     );
@@ -64,7 +66,7 @@ export default async function PublicFormPage({
   const nonce = (await headers()).get("x-nonce") ?? undefined;
 
   return (
-    <Shell guildName={form.guild.name} title={form.title} description={form.description} style={brand}>
+    <Shell guildName={form.guild.name} title={form.title} description={form.description} style={brand} logoSrc={logo}>
       {siteKey && (
         <Script
           src="https://challenges.cloudflare.com/turnstile/v0/api.js"
@@ -97,16 +99,19 @@ function Shell({
   description,
   children,
   style,
+  logoSrc,
 }: {
   guildName: string;
   title: string;
   description?: string | null;
   children: React.ReactNode;
   style?: CSSProperties;
+  logoSrc?: string | null;
 }) {
   return (
     <main className="mx-auto flex max-w-2xl flex-col gap-6 px-6 py-12" style={style}>
       <header className="flex flex-col gap-1">
+        {logoSrc && <img src={logoSrc} alt="" className="mb-2 h-12 w-auto self-start" />}
         <span className="text-sm font-medium text-primary">{guildName}</span>
         <h1 className="font-heading text-3xl font-bold text-foreground">{title}</h1>
         {description && <p className="text-muted-foreground">{description}</p>}
diff --git a/apps/web/src/app/s/[id]/page.tsx b/apps/web/src/app/s/[id]/page.tsx
index 8e53b80..46093de 100644
--- a/apps/web/src/app/s/[id]/page.tsx
+++ b/apps/web/src/app/s/[id]/page.tsx
@@ -4,7 +4,7 @@ import { notFound } from "next/navigation";
 
 import { AnswerSummary } from "@/components/submission/answer-summary";
 import { SubmissionActions } from "@/components/submission/submission-actions";
-import { brandStyle, parseBranding } from "@/lib/branding";
+import { brandStyle, logoUrl, parseBranding } from "@/lib/branding";
 import { getSubmissionForStatus, resolveStatus } from "@/lib/forms";
 import { getDict } from "@/i18n";
 
@@ -25,11 +25,14 @@ export default async function SubmissionStatusPage({
   const t = (await getDict()).status;
   const status = resolveStatus(submission.status, submission.statusDefs);
   const answers = (submission.answers ?? {}) as Record<string, unknown>;
-  const brand = brandStyle(parseBranding(submission.form.guild.branding));
+  const branding = parseBranding(submission.form.guild.branding);
+  const brand = brandStyle(branding);
+  const logo = logoUrl(submission.form.guildId, branding);
 
   return (
     <main className="mx-auto flex max-w-2xl flex-col gap-6 px-6 py-12" style={brand}>
       <header className="flex flex-col gap-3">
+        {logo && <img src={logo} alt="" className="h-12 w-auto self-start" />}
         <span className="text-sm font-medium text-primary">{t.yourSubmission}</span>
         <h1 className="font-heading text-3xl font-bold text-foreground">
           {submission.form.title}
diff --git a/apps/web/src/components/branding/logo-form.tsx b/apps/web/src/components/branding/logo-form.tsx
new file mode 100644
index 0000000..978d01d
--- /dev/null
+++ b/apps/web/src/components/branding/logo-form.tsx
@@ -0,0 +1,85 @@
+"use client";
+
+import { Button, Card, Field } from "@msk-forms/ui";
+import { useRouter } from "next/navigation";
+import { useRef, useState } from "react";
+
+import type { Dictionary } from "@/i18n";
+
+type BrandingDict = Dictionary["branding"];
+
+export function LogoForm({
+  guildId,
+  logoUrl,
+  t,
+}: {
+  guildId: string;
+  logoUrl: string | null;
+  t: BrandingDict;
+}) {
+  const router = useRouter();
+  const inputRef = useRef<HTMLInputElement>(null);
+  const [busy, setBusy] = useState(false);
+  const [error, setError] = useState<string | null>(null);
+
+  async function call(method: "POST" | "DELETE", body?: FormData) {
+    setError(null);
+    setBusy(true);
+    try {
+      const res = await fetch(`/api/guilds/${guildId}/branding/logo`, { method, body });
+      if (!res.ok) {
+        const data = (await res.json().catch(() => null)) as { error?: string } | null;
+        throw new Error(data?.error ?? t.logoFailed);
+      }
+      router.refresh();
+    } catch (err) {
+      setError(err instanceof Error ? err.message : t.logoFailed);
+    } finally {
+      setBusy(false);
+      if (inputRef.current) inputRef.current.value = "";
+    }
+  }
+
+  function onSelect(e: React.ChangeEvent<HTMLInputElement>) {
+    const file = e.target.files?.[0];
+    if (!file) return;
+    const fd = new FormData();
+    fd.set("file", file);
+    void call("POST", fd);
+  }
+
+  return (
+    <Card className="flex flex-col gap-4 p-5">
+      <Field label={t.logo} hint={t.logoHint}>
+        {logoUrl && (
+          <img
+            src={logoUrl}
+            alt=""
+            className="mb-2 h-16 w-auto rounded-md border border-border bg-background p-2"
+          />
+        )}
+        <input
+          ref={inputRef}
+          type="file"
+          accept="image/png,image/jpeg,image/webp,image/gif"
+          disabled={busy}
+          onChange={onSelect}
+          className="block w-full text-sm text-muted-foreground file:mr-3 file:rounded-md file:border-0 file:bg-secondary file:px-3 file:py-1.5 file:text-sm file:font-medium file:text-secondary-foreground hover:file:bg-secondary/80 disabled:opacity-50"
+        />
+      </Field>
+
+      {logoUrl && (
+        <Button
+          variant="ghost"
+          className="self-start text-destructive hover:text-destructive"
+          disabled={busy}
+          onClick={() => call("DELETE")}
+        >
+          {t.logoRemove}
+        </Button>
+      )}
+      {busy && <p className="text-xs text-muted-foreground">{t.logoUploading}</p>}
+      {error && <p className="text-sm text-destructive">{error}</p>}
+    </Card>
+  );
+}
diff --git a/apps/web/src/i18n/dictionaries.ts b/apps/web/src/i18n/dictionaries.ts
index 7686619..3872203 100644
--- a/apps/web/src/i18n/dictionaries.ts
+++ b/apps/web/src/i18n/dictionaries.ts
@@ -105,6 +105,9 @@ const en = {
     save: "Save", saving: "Saving…", saved: "Saved.", reset: "Reset",
     errSave: "Could not save branding.",
     noPerm: "You don’t have permission to edit branding.",
+    logo: "Logo",
+    logoHint: "PNG, JPEG or WebP, up to 1 MB. Shown on your public form and status pages.",
+    logoUploading: "Uploading…", logoRemove: "Remove logo", logoFailed: "Could not update the logo.",
   },
   botConfig: {
     title: "Bot settings",
@@ -254,6 +257,9 @@ const de: Dictionary = {
     save: "Speichern", saving: "Wird gespeichert…", saved: "Gespeichert.", reset: "Zurücksetzen",
     errSave: "Branding konnte nicht gespeichert werden.",
     noPerm: "Du hast keine Berechtigung, das Branding zu bearbeiten.",
+    logo: "Logo",
+    logoHint: "PNG, JPEG oder WebP, bis 1 MB. Wird auf deinen öffentlichen Formular- und Status-Seiten angezeigt.",
+    logoUploading: "Wird hochgeladen…", logoRemove: "Logo entfernen", logoFailed: "Logo konnte nicht aktualisiert werden.",
   },
   botConfig: {
     title: "Bot-Einstellungen",
diff --git a/apps/web/src/lib/branding.ts b/apps/web/src/lib/branding.ts
index 6c4bec0..70ea782 100644
--- a/apps/web/src/lib/branding.ts
+++ b/apps/web/src/lib/branding.ts
@@ -7,6 +7,15 @@ export function parseBranding(json: unknown): Branding {
   return result.success ? result.data : {};
 }
 
+/**
+ * Public URL for a guild's logo, or null if none. The `v` query busts the
+ * browser cache when the logo changes (the served route looks up the key).
+ */
+export function logoUrl(guildId: string, branding: Branding): string | null {
+  if (!branding.logoKey) return null;
+  return `/api/guilds/${guildId}/logo?v=${branding.logoKey.slice(-8)}`;
+}
+
 /**
  * Convert `#rrggbb` to the `H S% L%` channel triplet used by the theme's HSL
  * tokens (e.g. `--primary: 161 94% 30%`). Returns null for malformed input.
diff --git a/apps/web/src/lib/image.test.ts b/apps/web/src/lib/image.test.ts
new file mode 100644
index 0000000..80fec26
--- /dev/null
+++ b/apps/web/src/lib/image.test.ts
@@ -0,0 +1,20 @@
+import { describe, expect, it } from "vitest";
+
+import { sniffRasterImage } from "./image";
+
+describe("sniffRasterImage", () => {
+  it("detects PNG / JPEG / GIF / WebP signatures", () => {
+    expect(sniffRasterImage(new Uint8Array([0x89, 0x50, 0x4e, 0x47, 0x0d, 0x0a, 0x1a, 0x0a, 0]))).toBe("png");
+    expect(sniffRasterImage(new Uint8Array([0xff, 0xd8, 0xff, 0xe0]))).toBe("jpeg");
+    expect(sniffRasterImage(new Uint8Array([0x47, 0x49, 0x46, 0x38, 0x39]))).toBe("gif");
+    const webp = new Uint8Array([0x52, 0x49, 0x46, 0x46, 0, 0, 0, 0, 0x57, 0x45, 0x42, 0x50, 0]);
+    expect(sniffRasterImage(webp)).toBe("webp");
+  });
+
+  it("rejects SVG and other non-raster content", () => {
+    // "<svg" / "<?xml" — must NOT be accepted.
+    expect(sniffRasterImage(new TextEncoder().encode("<svg xmlns=…"))).toBeNull();
+    expect(sniffRasterImage(new TextEncoder().encode("<?xml version"))).toBeNull();
+    expect(sniffRasterImage(new Uint8Array([0x00, 0x01, 0x02]))).toBeNull();
+  });
+});
diff --git a/apps/web/src/lib/image.ts b/apps/web/src/lib/image.ts
new file mode 100644
index 0000000..e182313
--- /dev/null
+++ b/apps/web/src/lib/image.ts
@@ -0,0 +1,35 @@
+/**
+ * Sniff a raster image's real type from its magic bytes — never trust the
+ * client-declared MIME. SVG is intentionally unsupported (it can carry script
+ * and would be a stored-XSS vector when served from our origin).
+ */
+export type RasterImage = "png" | "jpeg" | "webp" | "gif";
+
+export function sniffRasterImage(bytes: Uint8Array): RasterImage | null {
+  const b = bytes;
+  // PNG: 89 50 4E 47 0D 0A 1A 0A
+  if (b.length > 8 && b[0] === 0x89 && b[1] === 0x50 && b[2] === 0x4e && b[3] === 0x47) {
+    return "png";
+  }
+  // JPEG: FF D8 FF
+  if (b.length > 3 && b[0] === 0xff && b[1] === 0xd8 && b[2] === 0xff) return "jpeg";
+  // GIF: "GIF8"
+  if (b.length > 4 && b[0] === 0x47 && b[1] === 0x49 && b[2] === 0x46 && b[3] === 0x38) {
+    return "gif";
+  }
+  // WebP: "RIFF" .... "WEBP"
+  if (
+    b.length > 12 &&
+    b[0] === 0x52 &&
+    b[1] === 0x49 &&
+    b[2] === 0x46 &&
+    b[3] === 0x46 &&
+    b[8] === 0x57 &&
+    b[9] === 0x45 &&
+    b[10] === 0x42 &&
+    b[11] === 0x50
+  ) {
+    return "webp";
+  }
+  return null;
+}
diff --git a/packages/shared/src/branding.ts b/packages/shared/src/branding.ts
index 55fa871..d114678 100644
--- a/packages/shared/src/branding.ts
+++ b/packages/shared/src/branding.ts
@@ -5,11 +5,21 @@ import { z } from "zod";
  * public form and status pages. v1: an accent color (overrides the theme's
  * primary). Logo and more can extend this shape later.
  */
+const accentColor = z
+  .string()
+  .regex(/^#[0-9a-fA-F]{6}$/, "Use a hex color like #00E676.")
+  .optional();
+
+/** Stored branding shape (Guild.branding). `logoKey` is set server-side only. */
 export const brandingSchema = z.object({
-  accentColor: z
-    .string()
-    .regex(/^#[0-9a-fA-F]{6}$/, "Use a hex color like #00E676.")
-    .optional(),
+  accentColor,
+  logoKey: z.string().max(512).optional(),
 });
 
 export type Branding = z.infer<typeof brandingSchema>;
+
+/**
+ * Input for the accent-color form. Deliberately excludes `logoKey` so the
+ * color endpoint can't be used to point the logo at an arbitrary object.
+ */
+export const brandingColorSchema = z.object({ accentColor });
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
index 5813ade..4b61ba3 100644
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -133,6 +133,9 @@ importers:
       react-dom:
         specifier: ^19.0.0
         version: 19.2.7(react@19.2.7)
+      sharp:
+        specifier: ^0.35.2
+        version: 0.35.2
       tailwind-merge:
         specifier: ^2.6.0
         version: 2.6.1
@@ -627,70 +630,145 @@ packages:
     cpu: [arm64]
     os: [darwin]
 
+  '@img/sharp-darwin-arm64@0.35.2':
+    resolution: {integrity: sha512-eEieHsMksAW4IiO5NzauESRl2D2qz3J/kwUxUrSfV06A93eEaRfMpHXyUb1mAqrR7i8U9A0GRqE9pjn6u1Jjpg==}
+    engines: {node: '>=20.9.0'}
+    cpu: [arm64]
+    os: [darwin]
+
   '@img/sharp-darwin-x64@0.34.5':
     resolution: {integrity: sha512-YNEFAF/4KQ/PeW0N+r+aVVsoIY0/qxxikF2SWdp+NRkmMB7y9LBZAVqQ4yhGCm/H3H270OSykqmQMKLBhBJDEw==}
     engines: {node: ^18.17.0 || ^20.3.0 || >=21.0.0}
     cpu: [x64]
     os: [darwin]
 
+  '@img/sharp-darwin-x64@0.35.2':
+    resolution: {integrity: sha512-BaktuGPCeHJMARpodR8jK4uKiZrPAy9WrfQW0sdI37clracq8Bp01AYS3SZgi5FS/y5twa9t4+LIuuxQjqRrWw==}
+    engines: {node: '>=20.9.0'}
+    cpu: [x64]
+    os: [darwin]
+
+  '@img/sharp-freebsd-wasm32@0.35.2':
+    resolution: {integrity: sha512-YoAxdnd8hPUkvLHd3bWY+YA8nw3xM/RyRopYucNsWHVSan8NLVM3X2volsfoRDcXdUJPg6tXahSd7HXPK7lRnw==}
+    engines: {node: '>=20.9.0'}
+    os: [freebsd]
+
   '@img/sharp-libvips-darwin-arm64@1.2.4':
     resolution: {integrity: sha512-zqjjo7RatFfFoP0MkQ51jfuFZBnVE2pRiaydKJ1G/rHZvnsrHAOcQALIi9sA5co5xenQdTugCvtb1cuf78Vf4g==}
     cpu: [arm64]
     os: [darwin]
 
+  '@img/sharp-libvips-darwin-arm64@1.3.1':
+    resolution: {integrity: sha512-4V/M3roRMTYjiwZY9IOVQOE8OyeCxFAkYmyZDrZl51uOKjibm3oeEJ4WAmLxutAfzFbC9jqUiPs2gbnGflH+7g==}
+    cpu: [arm64]
+    os: [darwin]
+
   '@img/sharp-libvips-darwin-x64@1.2.4':
     resolution: {integrity: sha512-1IOd5xfVhlGwX+zXv2N93k0yMONvUlANylbJw1eTah8K/Jtpi15KC+WSiaX/nBmbm2HxRM1gZ0nSdjSsrZbGKg==}
     cpu: [x64]
     os: [darwin]
 
+  '@img/sharp-libvips-darwin-x64@1.3.1':
+    resolution: {integrity: sha512-c0/DxItpJv2+dGhgycJBBgotdqruGYDvA79drdh0MD1dFpy7JzJ/PlXwi1H4rFf0eTy8tgbI91aHDnZIceY3jQ==}
+    cpu: [x64]
+    os: [darwin]
+
   '@img/sharp-libvips-linux-arm64@1.2.4':
     resolution: {integrity: sha512-excjX8DfsIcJ10x1Kzr4RcWe1edC9PquDRRPx3YVCvQv+U5p7Yin2s32ftzikXojb1PIFc/9Mt28/y+iRklkrw==}
     cpu: [arm64]
     os: [linux]
     libc: [glibc]
 
+  '@img/sharp-libvips-linux-arm64@1.3.1':
+    resolution: {integrity: sha512-JznefmcK9j1JKPz8AkQDh89kjojubyfOasWBPKfzMIhPwsgDy9evpE/naJTXXXmghS1iFwR8u/kTwh/I2/+GCw==}
+    cpu: [arm64]
+    os: [linux]
+    libc: [glibc]
+
   '@img/sharp-libvips-linux-arm@1.2.4':
     resolution: {integrity: sha512-bFI7xcKFELdiNCVov8e44Ia4u2byA+l3XtsAj+Q8tfCwO6BQ8iDojYdvoPMqsKDkuoOo+X6HZA0s0q11ANMQ8A==}
     cpu: [arm]
     os: [linux]
     libc: [glibc]
 
+  '@img/sharp-libvips-linux-arm@1.3.1':
+    resolution: {integrity: sha512-aGGy9aWzXgHBG7HNyQPWorZthlp7+x6fDRoPAQbGO3ThcttuTyKIx3NuSHb6zb4gBNq6/yNn9f1cy9nFKS/Vmg==}
+    cpu: [arm]
+    os: [linux]
+    libc: [glibc]
+
   '@img/sharp-libvips-linux-ppc64@1.2.4':
     resolution: {integrity: sha512-FMuvGijLDYG6lW+b/UvyilUWu5Ayu+3r2d1S8notiGCIyYU/76eig1UfMmkZ7vwgOrzKzlQbFSuQfgm7GYUPpA==}
     cpu: [ppc64]
     os: [linux]
     libc: [glibc]
 
+  '@img/sharp-libvips-linux-ppc64@1.3.1':
+    resolution: {integrity: sha512-1EkwGNCZk6iWNCMWqrvdJ+r1j0PT1zIz60CNPhYnJlK/zyeWqlsPZIe+ocBVqPF8k/Ssee/NCk+tE9Ryrko6ng==}
+    cpu: [ppc64]
+    os: [linux]
+    libc: [glibc]
+
   '@img/sharp-libvips-linux-riscv64@1.2.4':
     resolution: {integrity: sha512-oVDbcR4zUC0ce82teubSm+x6ETixtKZBh/qbREIOcI3cULzDyb18Sr/Wcyx7NRQeQzOiHTNbZFF1UwPS2scyGA==}
     cpu: [riscv64]
     os: [linux]
     libc: [glibc]
 
+  '@img/sharp-libvips-linux-riscv64@1.3.1':
+    resolution: {integrity: sha512-Ilays+w2bXdnxzxtQdmXR62u8o8GYa3eL4+Gr+1KiE4xperMZUslRaVPJwwPkzlHEjGfXAfRVAa/7CYCtSqsBw==}
+    cpu: [riscv64]
+    os: [linux]
+    libc: [glibc]
+
   '@img/sharp-libvips-linux-s390x@1.2.4':
     resolution: {integrity: sha512-qmp9VrzgPgMoGZyPvrQHqk02uyjA0/QrTO26Tqk6l4ZV0MPWIW6LTkqOIov+J1yEu7MbFQaDpwdwJKhbJvuRxQ==}
     cpu: [s390x]
     os: [linux]
     libc: [glibc]
 
+  '@img/sharp-libvips-linux-s390x@1.3.1':
+    resolution: {integrity: sha512-VfBwVHQTbRoj4XlpA/KLZ7ltgMpz+4WSejFzQ+GnoImjo1PtEJ59QB2qR1xQEeRPYIkNrPIm2L4cICMvz4C2ew==}
+    cpu: [s390x]
+    os: [linux]
+    libc: [glibc]
+
   '@img/sharp-libvips-linux-x64@1.2.4':
     resolution: {integrity: sha512-tJxiiLsmHc9Ax1bz3oaOYBURTXGIRDODBqhveVHonrHJ9/+k89qbLl0bcJns+e4t4rvaNBxaEZsFtSfAdquPrw==}
     cpu: [x64]
     os: [linux]
     libc: [glibc]
 
+  '@img/sharp-libvips-linux-x64@1.3.1':
+    resolution: {integrity: sha512-+c8ukgwU62DS54nCAjw7keOfHUkmr0B5QHEdcOqRnodF/MNXJbVI8Eopoj4B/0H8Asr65I+A4Amrn7a85/md6A==}
+    cpu: [x64]
+    os: [linux]
+    libc: [glibc]
+
   '@img/sharp-libvips-linuxmusl-arm64@1.2.4':
     resolution: {integrity: sha512-FVQHuwx1IIuNow9QAbYUzJ+En8KcVm9Lk5+uGUQJHaZmMECZmOlix9HnH7n1TRkXMS0pGxIJokIVB9SuqZGGXw==}
     cpu: [arm64]
     os: [linux]
     libc: [musl]
 
+  '@img/sharp-libvips-linuxmusl-arm64@1.3.1':
+    resolution: {integrity: sha512-qlKb/pwbkAi1WMsJrYHk7CuDrd12s27U2QnRhFYUoJNrRCmkosMTttuRFat/DDB3IlDm5qE1TJgZ4JDnHX8Ldw==}
+    cpu: [arm64]
+    os: [linux]
+    libc: [musl]
+
   '@img/sharp-libvips-linuxmusl-x64@1.2.4':
     resolution: {integrity: sha512-+LpyBk7L44ZIXwz/VYfglaX/okxezESc6UxDSoyo2Ks6Jxc4Y7sGjpgU9s4PMgqgjj1gZCylTieNamqA1MF7Dg==}
     cpu: [x64]
     os: [linux]
     libc: [musl]
 
+  '@img/sharp-libvips-linuxmusl-x64@1.3.1':
+    resolution: {integrity: sha512-yO21HwoUVLN8Qa+/SBjQLMYwBWAVJjeGPNe+hc0OUeMeifEtJqu5a1c4HayE1nNpDih9y3/KkoltfkDodmKAlg==}
+    cpu: [x64]
+    os: [linux]
+    libc: [musl]
+
   '@img/sharp-linux-arm64@0.34.5':
     resolution: {integrity: sha512-bKQzaJRY/bkPOXyKx5EVup7qkaojECG6NLYswgktOZjaXecSAeCWiZwwiFf3/Y+O1HrauiE3FVsGxFg8c24rZg==}
     engines: {node: ^18.17.0 || ^20.3.0 || >=21.0.0}
@@ -698,6 +776,13 @@ packages:
     os: [linux]
     libc: [glibc]
 
+  '@img/sharp-linux-arm64@0.35.2':
+    resolution: {integrity: sha512-af12Pnd0ZGu2HfP8NayB0kk6eC/lrfbQE6HlR4jD+34wdJ1Vw9TF6TMn6ZvffT+WgqVsl0hRbmNvz2u/23VmwA==}
+    engines: {node: '>=20.9.0'}
+    cpu: [arm64]
+    os: [linux]
+    libc: [glibc]
+
   '@img/sharp-linux-arm@0.34.5':
     resolution: {integrity: sha512-9dLqsvwtg1uuXBGZKsxem9595+ujv0sJ6Vi8wcTANSFpwV/GONat5eCkzQo/1O6zRIkh0m/8+5BjrRr7jDUSZw==}
     engines: {node: ^18.17.0 || ^20.3.0 || >=21.0.0}
@@ -705,6 +790,13 @@ packages:
     os: [linux]
     libc: [glibc]
 
+  '@img/sharp-linux-arm@0.35.2':
+    resolution: {integrity: sha512-SE4kzF2mepn6z+6E7L6lsV8FzuLL6IPQdyX8ZiwROAG/G8td+hP/m7FsFPwidtrF19gvajuC9l6TxAVcsA4S7A==}
+    engines: {node: '>=20.9.0'}
+    cpu: [arm]
+    os: [linux]
+    libc: [glibc]
+
   '@img/sharp-linux-ppc64@0.34.5':
     resolution: {integrity: sha512-7zznwNaqW6YtsfrGGDA6BRkISKAAE1Jo0QdpNYXNMHu2+0dTrPflTLNkpc8l7MUP5M16ZJcUvysVWWrMefZquA==}
     engines: {node: ^18.17.0 || ^20.3.0 || >=21.0.0}
@@ -712,6 +804,13 @@ packages:
     os: [linux]
     libc: [glibc]
 
+  '@img/sharp-linux-ppc64@0.35.2':
+    resolution: {integrity: sha512-hYSBm7zcNtDCozCxQHYZJiu63b/bXsgRZuOxCIBZsStMM9Vap47iFHdbX4kCvQsblPB/k+clhELpdQJHQLSHvg==}
+    engines: {node: '>=20.9.0'}
+    cpu: [ppc64]
+    os: [linux]
+    libc: [glibc]
+
   '@img/sharp-linux-riscv64@0.34.5':
     resolution: {integrity: sha512-51gJuLPTKa7piYPaVs8GmByo7/U7/7TZOq+cnXJIHZKavIRHAP77e3N2HEl3dgiqdD/w0yUfiJnII77PuDDFdw==}
     engines: {node: ^18.17.0 || ^20.3.0 || >=21.0.0}
@@ -719,6 +818,13 @@ packages:
     os: [linux]
     libc: [glibc]
 
+  '@img/sharp-linux-riscv64@0.35.2':
+    resolution: {integrity: sha512-qQt0Kc13+Hoan/Awq/qMSQw3L+RI1NCRPgD5cUJ/1WSSmIoysLOc72jlRM3E0OHN9Yr313jgeQ2T+zW+F03QFA==}
+    engines: {node: '>=20.9.0'}
+    cpu: [riscv64]
+    os: [linux]
+    libc: [glibc]
+
   '@img/sharp-linux-s390x@0.34.5':
     resolution: {integrity: sha512-nQtCk0PdKfho3eC5MrbQoigJ2gd1CgddUMkabUj+rBevs8tZ2cULOx46E7oyX+04WGfABgIwmMC0VqieTiR4jg==}
     engines: {node: ^18.17.0 || ^20.3.0 || >=21.0.0}
@@ -726,6 +832,13 @@ packages:
     os: [linux]
     libc: [glibc]
 
+  '@img/sharp-linux-s390x@0.35.2':
+    resolution: {integrity: sha512-E4fLLfRPzDLlEeDaTzI98OFLcv++WL5ChLLMwPoVd0CIoZQqupBSNbOisPL5am9XsbQ9T84+iiMpUvbFtkunbA==}
+    engines: {node: '>=20.9.0'}
+    cpu: [s390x]
+    os: [linux]
+    libc: [glibc]
+
   '@img/sharp-linux-x64@0.34.5':
     resolution: {integrity: sha512-MEzd8HPKxVxVenwAa+JRPwEC7QFjoPWuS5NZnBt6B3pu7EG2Ge0id1oLHZpPJdn3OQK+BQDiw9zStiHBTJQQQQ==}
     engines: {node: ^18.17.0 || ^20.3.0 || >=21.0.0}
@@ -733,6 +846,13 @@ packages:
     os: [linux]
     libc: [glibc]
 
+  '@img/sharp-linux-x64@0.35.2':
+    resolution: {integrity: sha512-gi0zFJJRLswfCZmHtJdikXPOc5u7qamSOS3NHedLqLd4W8Q0NqjdBr6TTRIgsfFjqfTsHFgdfvJ9LwqSgcHiAA==}
+    engines: {node: '>=20.9.0'}
+    cpu: [x64]
+    os: [linux]
+    libc: [glibc]
+
   '@img/sharp-linuxmusl-arm64@0.34.5':
     resolution: {integrity: sha512-fprJR6GtRsMt6Kyfq44IsChVZeGN97gTD331weR1ex1c1rypDEABN6Tm2xa1wE6lYb5DdEnk03NZPqA7Id21yg==}
     engines: {node: ^18.17.0 || ^20.3.0 || >=21.0.0}
@@ -740,6 +860,13 @@ packages:
     os: [linux]
     libc: [musl]
 
+  '@img/sharp-linuxmusl-arm64@0.35.2':
+    resolution: {integrity: sha512-siWbOW1u6HFnFLrp0waKyW7VEf7jYvcDWdrXEFa8AkdAQgEvuu5Fz8/Y70w9EeqAdwDtfU012BhEHHaDqvQNzg==}
+    engines: {node: '>=20.9.0'}
+    cpu: [arm64]
+    os: [linux]
+    libc: [musl]
+
   '@img/sharp-linuxmusl-x64@0.34.5':
     resolution: {integrity: sha512-Jg8wNT1MUzIvhBFxViqrEhWDGzqymo3sV7z7ZsaWbZNDLXRJZoRGrjulp60YYtV4wfY8VIKcWidjojlLcWrd8Q==}
     engines: {node: ^18.17.0 || ^20.3.0 || >=21.0.0}
@@ -747,29 +874,63 @@ packages:
     os: [linux]
     libc: [musl]
 
+  '@img/sharp-linuxmusl-x64@0.35.2':
+    resolution: {integrity: sha512-YBqMMcjDi4QGYiSn4vNOYBhmlC4z5AXqkOUUqI2e0AFA4urNv4ESgOgwNl3K+4etQhha0twXlzeF20bbULm9Yg==}
+    engines: {node: '>=20.9.0'}
+    cpu: [x64]
+    os: [linux]
+    libc: [musl]
+
   '@img/sharp-wasm32@0.34.5':
     resolution: {integrity: sha512-OdWTEiVkY2PHwqkbBI8frFxQQFekHaSSkUIJkwzclWZe64O1X4UlUjqqqLaPbUpMOQk6FBu/HtlGXNblIs0huw==}
     engines: {node: ^18.17.0 || ^20.3.0 || >=21.0.0}
     cpu: [wasm32]
 
+  '@img/sharp-wasm32@0.35.2':
+    resolution: {integrity: sha512-Mrv4JQNYVQ94xH+jzZ9r+gowleN8mv2FTgKT+PI6bx5C0G8TdNYndu161pg2i7uoBwxy2ImPMHrJOM2LZef7Bw==}
+    engines: {node: '>=20.9.0'}
+
+  '@img/sharp-webcontainers-wasm32@0.35.2':
+    resolution: {integrity: sha512-QNV27pxs9wpApEiCfvHM1RDoP1w1+2KrUWWDPEhEwg+latvOrfuhWrHWZKwdSFwU6jh3myjw/yOCRsUIuOft3g==}
+    engines: {node: '>=20.9.0'}
+    cpu: [wasm32]
+
   '@img/sharp-win32-arm64@0.34.5':
     resolution: {integrity: sha512-WQ3AgWCWYSb2yt+IG8mnC6Jdk9Whs7O0gxphblsLvdhSpSTtmu69ZG1Gkb6NuvxsNACwiPV6cNSZNzt0KPsw7g==}
     engines: {node: ^18.17.0 || ^20.3.0 || >=21.0.0}
     cpu: [arm64]
     os: [win32]
 
+  '@img/sharp-win32-arm64@0.35.2':
+    resolution: {integrity: sha512-BiVRYc/t6/Vl3e1hBx0hugG4oN9Pydf4fgMSpxTQJmwGUg/YoXTWHiFeRymHfCZzifxu4F4rpk/I67D0LQ20wQ==}
+    engines: {node: '>=20.9.0'}
+    cpu: [arm64]
+    os: [win32]
+
   '@img/sharp-win32-ia32@0.34.5':
     resolution: {integrity: sha512-FV9m/7NmeCmSHDD5j4+4pNI8Cp3aW+JvLoXcTUo0IqyjSfAZJ8dIUmijx1qaJsIiU+Hosw6xM5KijAWRJCSgNg==}
     engines: {node: ^18.17.0 || ^20.3.0 || >=21.0.0}
     cpu: [ia32]
     os: [win32]
 
+  '@img/sharp-win32-ia32@0.35.2':
+    resolution: {integrity: sha512-YYEhx9PImCC7T0tI8JDMi4DB9LwLCXCU5OWNYEXAxh5Q1ShKkyC6byxzoBJ3gEFDnH2lQckWuDe70G7mB2XJog==}
+    engines: {node: ^20.9.0}
+    cpu: [ia32]
+    os: [win32]
+
   '@img/sharp-win32-x64@0.34.5':
     resolution: {integrity: sha512-+29YMsqY2/9eFEiW93eqWnuLcWcufowXewwSNIT6UwZdUUCrM3oFjMWH/Z6/TMmb4hlFenmfAVbpWeup2jryCw==}
     engines: {node: ^18.17.0 || ^20.3.0 || >=21.0.0}
     cpu: [x64]
     os: [win32]
 
+  '@img/sharp-win32-x64@0.35.2':
+    resolution: {integrity: sha512-imoOyBcoM/iiUr4J6VPpCNjPnjvP/Gks95898yB8YqoGGYmHYbOyCuNv9FMhFgtaiHFGbHW8bxKqRV6VjtXThQ==}
+    engines: {node: '>=20.9.0'}
+    cpu: [x64]
+    os: [win32]
+
   '@ioredis/commands@1.10.0':
     resolution: {integrity: sha512-UmeW7z4LfctwoQ5wkhVzgq8tXkreED2xZGpX+Bg+zA+WJFZCT6c062AfCK/Dfk81xZnnwdhJCUMkitihRaoC2Q==}
 
@@ -2417,6 +2578,10 @@ packages:
     resolution: {integrity: sha512-Ou9I5Ft9WNcCbXrU9cMgPBcCK8LiwLqcbywW3t4oDV37n1pzpuNLsYiAV8eODnjbtQlSDwZ2cUEeQz4E54Hltg==}
     engines: {node: ^18.17.0 || ^20.3.0 || >=21.0.0}
 
+  sharp@0.35.2:
+    resolution: {integrity: sha512-FVtFjtBCMiJS6yb5CX7Sop45WFMpeGw6oRKuJnXYgf/f1ms/D7LE/ZUSNxnW7rZ/dbslQWYkoqFHGPaDBtaK4w==}
+    engines: {node: '>=20.9.0'}
+
   shebang-command@2.0.0:
     resolution: {integrity: sha512-kHxr2zZpYtdmrN1qDjrrX/Z1rR1kG8Dx+gkpK1G4eXmvXswmcE1hTWBWYUzlraYw1/yZp6YuDY77YtvbN0dmDA==}
     engines: {node: '>=8'}
@@ -3211,103 +3376,206 @@ snapshots:
 
   '@humanwhocodes/retry@0.4.3': {}
 
-  '@img/colour@1.1.0':
-    optional: true
+  '@img/colour@1.1.0': {}
 
   '@img/sharp-darwin-arm64@0.34.5':
     optionalDependencies:
       '@img/sharp-libvips-darwin-arm64': 1.2.4
     optional: true
 
+  '@img/sharp-darwin-arm64@0.35.2':
+    optionalDependencies:
+      '@img/sharp-libvips-darwin-arm64': 1.3.1
+    optional: true
+
   '@img/sharp-darwin-x64@0.34.5':
     optionalDependencies:
       '@img/sharp-libvips-darwin-x64': 1.2.4
     optional: true
 
+  '@img/sharp-darwin-x64@0.35.2':
+    optionalDependencies:
+      '@img/sharp-libvips-darwin-x64': 1.3.1
+    optional: true
+
+  '@img/sharp-freebsd-wasm32@0.35.2':
+    dependencies:
+      '@img/sharp-wasm32': 0.35.2
+    optional: true
+
   '@img/sharp-libvips-darwin-arm64@1.2.4':
     optional: true
 
+  '@img/sharp-libvips-darwin-arm64@1.3.1':
+    optional: true
+
   '@img/sharp-libvips-darwin-x64@1.2.4':
     optional: true
 
+  '@img/sharp-libvips-darwin-x64@1.3.1':
+    optional: true
+
   '@img/sharp-libvips-linux-arm64@1.2.4':
     optional: true
 
+  '@img/sharp-libvips-linux-arm64@1.3.1':
+    optional: true
+
   '@img/sharp-libvips-linux-arm@1.2.4':
     optional: true
 
+  '@img/sharp-libvips-linux-arm@1.3.1':
+    optional: true
+
   '@img/sharp-libvips-linux-ppc64@1.2.4':
     optional: true
 
+  '@img/sharp-libvips-linux-ppc64@1.3.1':
+    optional: true
+
   '@img/sharp-libvips-linux-riscv64@1.2.4':
     optional: true
 
+  '@img/sharp-libvips-linux-riscv64@1.3.1':
+    optional: true
+
   '@img/sharp-libvips-linux-s390x@1.2.4':
     optional: true
 
+  '@img/sharp-libvips-linux-s390x@1.3.1':
+    optional: true
+
   '@img/sharp-libvips-linux-x64@1.2.4':
     optional: true
 
+  '@img/sharp-libvips-linux-x64@1.3.1':
+    optional: true
+
   '@img/sharp-libvips-linuxmusl-arm64@1.2.4':
     optional: true
 
+  '@img/sharp-libvips-linuxmusl-arm64@1.3.1':
+    optional: true
+
   '@img/sharp-libvips-linuxmusl-x64@1.2.4':
     optional: true
 
+  '@img/sharp-libvips-linuxmusl-x64@1.3.1':
+    optional: true
+
   '@img/sharp-linux-arm64@0.34.5':
     optionalDependencies:
       '@img/sharp-libvips-linux-arm64': 1.2.4
     optional: true
 
+  '@img/sharp-linux-arm64@0.35.2':
+    optionalDependencies:
+      '@img/sharp-libvips-linux-arm64': 1.3.1
+    optional: true
+
   '@img/sharp-linux-arm@0.34.5':
     optionalDependencies:
       '@img/sharp-libvips-linux-arm': 1.2.4
     optional: true
 
+  '@img/sharp-linux-arm@0.35.2':
+    optionalDependencies:
+      '@img/sharp-libvips-linux-arm': 1.3.1
+    optional: true
+
   '@img/sharp-linux-ppc64@0.34.5':
     optionalDependencies:
       '@img/sharp-libvips-linux-ppc64': 1.2.4
     optional: true
 
+  '@img/sharp-linux-ppc64@0.35.2':
+    optionalDependencies:
+      '@img/sharp-libvips-linux-ppc64': 1.3.1
+    optional: true
+
   '@img/sharp-linux-riscv64@0.34.5':
     optionalDependencies:
       '@img/sharp-libvips-linux-riscv64': 1.2.4
     optional: true
 
+  '@img/sharp-linux-riscv64@0.35.2':
+    optionalDependencies:
+      '@img/sharp-libvips-linux-riscv64': 1.3.1
+    optional: true
+
   '@img/sharp-linux-s390x@0.34.5':
     optionalDependencies:
       '@img/sharp-libvips-linux-s390x': 1.2.4
     optional: true
 
+  '@img/sharp-linux-s390x@0.35.2':
+    optionalDependencies:
+      '@img/sharp-libvips-linux-s390x': 1.3.1
+    optional: true
+
   '@img/sharp-linux-x64@0.34.5':
     optionalDependencies:
       '@img/sharp-libvips-linux-x64': 1.2.4
     optional: true
 
+  '@img/sharp-linux-x64@0.35.2':
+    optionalDependencies:
+      '@img/sharp-libvips-linux-x64': 1.3.1
+    optional: true
+
   '@img/sharp-linuxmusl-arm64@0.34.5':
     optionalDependencies:
       '@img/sharp-libvips-linuxmusl-arm64': 1.2.4
     optional: true
 
+  '@img/sharp-linuxmusl-arm64@0.35.2':
+    optionalDependencies:
+      '@img/sharp-libvips-linuxmusl-arm64': 1.3.1
+    optional: true
+
   '@img/sharp-linuxmusl-x64@0.34.5':
     optionalDependencies:
       '@img/sharp-libvips-linuxmusl-x64': 1.2.4
     optional: true
 
+  '@img/sharp-linuxmusl-x64@0.35.2':
+    optionalDependencies:
+      '@img/sharp-libvips-linuxmusl-x64': 1.3.1
+    optional: true
+
   '@img/sharp-wasm32@0.34.5':
     dependencies:
       '@emnapi/runtime': 1.11.1
     optional: true
 
+  '@img/sharp-wasm32@0.35.2':
+    dependencies:
+      '@emnapi/runtime': 1.11.1
+    optional: true
+
+  '@img/sharp-webcontainers-wasm32@0.35.2':
+    dependencies:
+      '@img/sharp-wasm32': 0.35.2
+    optional: true
+
   '@img/sharp-win32-arm64@0.34.5':
     optional: true
 
+  '@img/sharp-win32-arm64@0.35.2':
+    optional: true
+
   '@img/sharp-win32-ia32@0.34.5':
     optional: true
 
+  '@img/sharp-win32-ia32@0.35.2':
+    optional: true
+
   '@img/sharp-win32-x64@0.34.5':
     optional: true
 
+  '@img/sharp-win32-x64@0.35.2':
+    optional: true
+
   '@ioredis/commands@1.10.0': {}
 
   '@jridgewell/gen-mapping@0.3.13':
@@ -4069,8 +4337,7 @@ snapshots:
 
   destr@2.0.5: {}
 
-  detect-libc@2.1.2:
-    optional: true
+  detect-libc@2.1.2: {}
 
   didyoumean@1.2.2: {}
 
@@ -4859,6 +5126,38 @@ snapshots:
       '@img/sharp-win32-x64': 0.34.5
     optional: true
 
+  sharp@0.35.2:
+    dependencies:
+      '@img/colour': 1.1.0
+      detect-libc: 2.1.2
+      semver: 7.8.4
+    optionalDependencies:
+      '@img/sharp-darwin-arm64': 0.35.2
+      '@img/sharp-darwin-x64': 0.35.2
+      '@img/sharp-freebsd-wasm32': 0.35.2
+      '@img/sharp-libvips-darwin-arm64': 1.3.1
+      '@img/sharp-libvips-darwin-x64': 1.3.1
+      '@img/sharp-libvips-linux-arm': 1.3.1
+      '@img/sharp-libvips-linux-arm64': 1.3.1
+      '@img/sharp-libvips-linux-ppc64': 1.3.1
+      '@img/sharp-libvips-linux-riscv64': 1.3.1
+      '@img/sharp-libvips-linux-s390x': 1.3.1
+      '@img/sharp-libvips-linux-x64': 1.3.1
+      '@img/sharp-libvips-linuxmusl-arm64': 1.3.1
+      '@img/sharp-libvips-linuxmusl-x64': 1.3.1
+      '@img/sharp-linux-arm': 0.35.2
+      '@img/sharp-linux-arm64': 0.35.2
+      '@img/sharp-linux-ppc64': 0.35.2
+      '@img/sharp-linux-riscv64': 0.35.2
+      '@img/sharp-linux-s390x': 0.35.2
+      '@img/sharp-linux-x64': 0.35.2
+      '@img/sharp-linuxmusl-arm64': 0.35.2
+      '@img/sharp-linuxmusl-x64': 0.35.2
+      '@img/sharp-webcontainers-wasm32': 0.35.2
+      '@img/sharp-win32-arm64': 0.35.2
+      '@img/sharp-win32-ia32': 0.35.2
+      '@img/sharp-win32-x64': 0.35.2
+
   shebang-command@2.0.0:
     dependencies:
       shebang-regex: 3.0.0