enhance(backend): refine system account (#15530)

* wip * wip * wip * Update SystemAccountService.ts * Update 1740121393164-system-accounts.js * Update DeleteAccountService.ts * wip * wip * wip * wip * Update 1740121393164-system-accounts.js * Update RepositoryModule.ts * wip * wip * wip * Update ApRendererService.ts * wip * wip * Update SystemAccountService.ts * fix tests * fix tests * fix tests * fix tests * fix tests * fix tests * add print logs * ログが長すぎて出てないかもしれない * fix migration * refactor * fix fed-tests * Update RelayService.ts * merge * Update user.test.ts * chore: emit log * fix: tweak sleep duration * fix: exit 1 * fix: wait for misskey processes to become healthy * fix: longer sleep for user deletion * fix: make sleep longer again * デッドロック解消の試み https://github.com/misskey-dev/misskey/issues/15005 * Revert "デッドロック解消の試み" This reverts commit 266141f66fb584371bbb56ef7eba04e14bcff94d. * wip * Update SystemAccountService.ts --------- Co-authored-by: おさむのひと <46447427+samunohito@users.noreply.github.com> Co-authored-by: zyoshoka <107108195+zyoshoka@users.noreply.github.com>
2025-03-02 20:06:20 +09:00 · 2025-03-02 20:06:20 +09:00 · 616cccf251
commit 616cccf251
parent 7114523d84
71 changed files with 783 additions and 439 deletions
--- a/.github/workflows/test-federation.yml
+++ b/.github/workflows/test-federation.yml
@ -62,14 +62,30 @@ jobs:
          bash ./setup.sh
          sudo chmod 644 ./certificates/*.test.key
      - name: Start servers
        id: start_servers
        continue-on-error: true
        # https://github.com/docker/compose/issues/1294#issuecomment-374847206
        run: |
          cd packages/backend/test-federation
          docker compose up -d --scale tester=0
      - name: Print start_servers error
        if: ${{ steps.start_servers.outcome == 'failure' }}
        run: |
          cd packages/backend/test-federation
          docker compose logs | tail -n 300
          exit 1
      - name: Test
        id: test
        continue-on-error: true
        run: |
          cd packages/backend/test-federation
          docker compose run --no-deps tester
      - name: Log
        if: ${{ steps.test.outcome == 'failure' }}
        run: |
          cd packages/backend/test-federation
          docker compose logs
          exit 1
      - name: Stop servers
        run: |
          cd packages/backend/test-federation
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -1,7 +1,8 @@
 ## Unreleased
 ### General
-
+- Enhance: プロキシアカウントをシステムアカウントとして作成するように
 - Fix: システムアカウントが削除できる問題を修正
 ### Client
 -
--- a/cypress/e2e/basic.cy.ts
+++ b/cypress/e2e/basic.cy.ts
@ -233,7 +233,7 @@ describe('After user setup', () => {
 		cy.get('[data-cy-post-form-text]').type('Hello, Misskey!');
 		cy.get('[data-cy-open-post-form-submit]').click();
-		cy.contains('Hello, Misskey!');
+		cy.contains('Hello, Misskey!', { timeout: 15000 });
  });
 	it('open note form with hotkey', () => {
--- a/locales/index.d.ts
+++ b/locales/index.d.ts
@ -10058,6 +10058,10 @@ export interface Locale extends ILocale {
         * ギャラリーの投稿を削除
         */
        "deleteGalleryPost": string;
        /**
         * プロキシアカウントの説明を更新
         */
        "updateProxyAccountDescription": string;
    };
    "_fileViewer": {
        /**
--- a/locales/ja-JP.yml
+++ b/locales/ja-JP.yml
@ -2664,6 +2664,7 @@ _moderationLogTypes:
  deletePage: "ページを削除"
  deleteFlash: "Playを削除"
  deleteGalleryPost: "ギャラリーの投稿を削除"
  updateProxyAccountDescription: "プロキシアカウントの説明を更新"
 _fileViewer:
  title: "ファイルの詳細"
--- a/package.json
+++ b/package.json
@ -25,7 +25,7 @@
 		"build-storybook": "pnpm --filter frontend build-storybook",
 		"build-misskey-js-with-types": "pnpm build-pre && pnpm --filter backend... --filter=!misskey-js build && pnpm --filter backend generate-api-json --no-build && ncp packages/backend/built/api.json packages/misskey-js/generator/api.json && pnpm --filter misskey-js update-autogen-code && pnpm --filter misskey-js build && pnpm --filter misskey-js api",
 		"start": "pnpm check:connect && cd packages/backend && node ./built/boot/entry.js",
-		"start:test": "cd packages/backend && cross-env NODE_ENV=test node ./built/boot/entry.js",
+		"start:test": "ncp ./.github/misskey/test.yml ./.config/test.yml && cd packages/backend && cross-env NODE_ENV=test node ./built/boot/entry.js",
 		"init": "pnpm migrate",
 		"migrate": "cd packages/backend && pnpm migrate",
 		"revert": "cd packages/backend && pnpm revert",
@ -37,7 +37,7 @@
 		"cy:open": "pnpm cypress open --browser --e2e --config-file=cypress.config.ts",
 		"cy:run": "pnpm cypress run",
 		"e2e": "pnpm start-server-and-test start:test http://localhost:61812 cy:run",
-		"e2e-dev-container": "cp ./.config/cypress-devcontainer.yml ./.config/test.yml && pnpm start-server-and-test start:test http://localhost:61812 cy:run",
+		"e2e-dev-container": "ncp ./.config/cypress-devcontainer.yml ./.config/test.yml && pnpm start-server-and-test start:test http://localhost:61812 cy:run",
 		"jest": "cd packages/backend && pnpm jest",
 		"jest-and-coverage": "cd packages/backend && pnpm jest-and-coverage",
 		"test": "pnpm -r test",
--- a/packages/backend/migration/1740121393164-system-accounts.js
+++ b/packages/backend/migration/1740121393164-system-accounts.js
@ -0,0 +1,37 @@
 /*
 * SPDX-FileCopyrightText: syuilo and misskey-project
 * SPDX-License-Identifier: AGPL-3.0-only
 */
 export class SystemAccounts1740121393164 {
    name = 'SystemAccounts1740121393164'
    async up(queryRunner) {
        await queryRunner.query(`CREATE TABLE "system_account" ("id" character varying(32) NOT NULL, "userId" character varying(32) NOT NULL, "type" character varying(256) NOT NULL, CONSTRAINT "PK_edb56f4aaf9ddd50ee556da97ba" PRIMARY KEY ("id"))`);
        await queryRunner.query(`CREATE INDEX "IDX_41a3c87a37aea616ee459369e1" ON "system_account" ("userId") `);
        await queryRunner.query(`CREATE UNIQUE INDEX "IDX_c362033aee0ea51011386a5a7e" ON "system_account" ("type") `);
        await queryRunner.query(`ALTER TABLE "system_account" ADD CONSTRAINT "FK_41a3c87a37aea616ee459369e12" FOREIGN KEY ("userId") REFERENCES "user"("id") ON DELETE CASCADE ON UPDATE NO ACTION`);
 				const instanceActor = await queryRunner.query(`SELECT "id" FROM "user" WHERE "username" = 'instance.actor'`);
 				if (instanceActor.length > 0) {
 					await queryRunner.query(`INSERT INTO "system_account" ("id", "userId", "type") VALUES ('${instanceActor[0].id}', '${instanceActor[0].id}', 'actor')`);
 				}
 				const relayActor = await queryRunner.query(`SELECT "id" FROM "user" WHERE "username" = 'relay.actor'`);
 				if (relayActor.length > 0) {
 					await queryRunner.query(`INSERT INTO "system_account" ("id", "userId", "type") VALUES ('${relayActor[0].id}', '${relayActor[0].id}', 'relay')`);
 				}
 				const meta = await queryRunner.query(`SELECT "proxyAccountId" FROM "meta" ORDER BY "id" DESC LIMIT 1`);
 				if (!meta && meta.length >= 1 && meta[0].proxyAccountId) {
 					await queryRunner.query(`INSERT INTO "system_account" ("id", "userId", "type") VALUES ('${meta[0].proxyAccountId}', '${meta[0].proxyAccountId}', 'proxy')`);
 				}
    }
    async down(queryRunner) {
        await queryRunner.query(`ALTER TABLE "system_account" DROP CONSTRAINT "FK_41a3c87a37aea616ee459369e12"`);
        await queryRunner.query(`DROP INDEX "public"."IDX_c362033aee0ea51011386a5a7e"`);
        await queryRunner.query(`DROP INDEX "public"."IDX_41a3c87a37aea616ee459369e1"`);
        await queryRunner.query(`DROP TABLE "system_account"`);
    }
 }
--- a/packages/backend/migration/1740129169650-system-accounts-2.js
+++ b/packages/backend/migration/1740129169650-system-accounts-2.js
@ -0,0 +1,18 @@
 /*
 * SPDX-FileCopyrightText: syuilo and misskey-project
 * SPDX-License-Identifier: AGPL-3.0-only
 */
 export class SystemAccounts21740129169650 {
    name = 'SystemAccounts21740129169650'
    async up(queryRunner) {
        await queryRunner.query(`ALTER TABLE "meta" DROP CONSTRAINT "FK_ab1bc0c1e209daa77b8e8d212ad"`);
        await queryRunner.query(`ALTER TABLE "meta" DROP COLUMN "proxyAccountId"`);
    }
    async down(queryRunner) {
        await queryRunner.query(`ALTER TABLE "meta" ADD "proxyAccountId" character varying(32)`);
        await queryRunner.query(`ALTER TABLE "meta" ADD CONSTRAINT "FK_ab1bc0c1e209daa77b8e8d212ad" FOREIGN KEY ("proxyAccountId") REFERENCES "user"("id") ON DELETE SET NULL ON UPDATE NO ACTION`);
    }
 }
--- a/packages/backend/migration/1740133121105-system-accounts-3.js
+++ b/packages/backend/migration/1740133121105-system-accounts-3.js
@ -0,0 +1,23 @@
 /*
 * SPDX-FileCopyrightText: syuilo and misskey-project
 * SPDX-License-Identifier: AGPL-3.0-only
 */
 export class SystemAccounts31740133121105 {
    name = 'SystemAccounts31740133121105'
    async up(queryRunner) {
        await queryRunner.query(`ALTER TABLE "meta" ADD "rootUserId" character varying(32)`);
        await queryRunner.query(`ALTER TABLE "meta" ADD CONSTRAINT "FK_c80e4079d632f95eac06a9d28cc" FOREIGN KEY ("rootUserId") REFERENCES "user"("id") ON DELETE SET NULL ON UPDATE NO ACTION`);
 				const users = await queryRunner.query(`SELECT "id" FROM "user" WHERE "isRoot" = true LIMIT 1`);
 				if (users.length > 0) {
 					await queryRunner.query(`UPDATE "meta" SET "rootUserId" = $1`, [users[0].id]);
 				}
    }
    async down(queryRunner) {
        await queryRunner.query(`ALTER TABLE "meta" DROP CONSTRAINT "FK_c80e4079d632f95eac06a9d28cc"`);
        await queryRunner.query(`ALTER TABLE "meta" DROP COLUMN "rootUserId"`);
    }
 }
--- a/packages/backend/src/GlobalModule.ts
+++ b/packages/backend/src/GlobalModule.ts
@ -133,7 +133,7 @@ const $meta: Provider = {
 						for (const key in body.after) {
 							(meta as any)[key] = (body.after as any)[key];
 						}
-						meta.proxyAccount = null; // joinなカラムは通常取ってこないので
+						meta.rootUser = null; // joinなカラムは通常取ってこないので
 						break;
 					}
 					default:
--- a/packages/backend/src/core/AbuseReportService.ts
+++ b/packages/backend/src/core/AbuseReportService.ts
@ -10,9 +10,9 @@ import { bindThis } from '@/decorators.js';
 import type { AbuseUserReportsRepository, MiAbuseUserReport, MiUser, UsersRepository } from '@/models/_.js';
 import { AbuseReportNotificationService } from '@/core/AbuseReportNotificationService.js';
 import { QueueService } from '@/core/QueueService.js';
 import { InstanceActorService } from '@/core/InstanceActorService.js';
 import { ApRendererService } from '@/core/activitypub/ApRendererService.js';
 import { ModerationLogService } from '@/core/ModerationLogService.js';
 import { SystemAccountService } from '@/core/SystemAccountService.js';
 import { IdService } from './IdService.js';
@Injectable()
@ -27,7 +27,7 @@ export class AbuseReportService {
 		private idService: IdService,
 		private abuseReportNotificationService: AbuseReportNotificationService,
 		private queueService: QueueService,
-		private instanceActorService: InstanceActorService,
+		private systemAccountService: SystemAccountService,
 		private apRendererService: ApRendererService,
 		private moderationLogService: ModerationLogService,
 	) {
@ -136,7 +136,7 @@ export class AbuseReportService {
 			forwarded: true,
 		});
-		const actor = await this.instanceActorService.getInstanceActor();
+		const actor = await this.systemAccountService.fetch('actor');
 		const targetUser = await this.usersRepository.findOneByOrFail({ id: report.targetUserId });
 		const flag = this.apRendererService.renderFlag(actor, targetUser.uri!, report.comment);
--- a/packages/backend/src/core/AccountMoveService.ts
+++ b/packages/backend/src/core/AccountMoveService.ts
@ -20,10 +20,10 @@ import { ApPersonService } from '@/core/activitypub/models/ApPersonService.js';
 import { ApDeliverManagerService } from '@/core/activitypub/ApDeliverManagerService.js';
 import { ApRendererService } from '@/core/activitypub/ApRendererService.js';
 import { UserEntityService } from '@/core/entities/UserEntityService.js';
 import { ProxyAccountService } from '@/core/ProxyAccountService.js';
 import { FederatedInstanceService } from '@/core/FederatedInstanceService.js';
 import InstanceChart from '@/core/chart/charts/instance.js';
 import PerUserFollowingChart from '@/core/chart/charts/per-user-following.js';
 import { SystemAccountService } from '@/core/SystemAccountService.js';
@Injectable()
 export class AccountMoveService {
@ -55,12 +55,12 @@ export class AccountMoveService {
 		private apRendererService: ApRendererService,
 		private apDeliverManagerService: ApDeliverManagerService,
 		private globalEventService: GlobalEventService,
 		private proxyAccountService: ProxyAccountService,
 		private perUserFollowingChart: PerUserFollowingChart,
 		private federatedInstanceService: FederatedInstanceService,
 		private instanceChart: InstanceChart,
 		private relayService: RelayService,
 		private queueService: QueueService,
 		private systemAccountService: SystemAccountService,
 	) {
 	}
@ -126,11 +126,11 @@ export class AccountMoveService {
 		}
 		// follow the new account
-		const proxy = await this.proxyAccountService.fetch();
+		const proxy = await this.systemAccountService.fetch('proxy');
 		const followings = await this.followingsRepository.findBy({
 			followeeId: src.id,
 			followerHost: IsNull(), // follower is local
-			followerId: proxy ? Not(proxy.id) : undefined,
+			followerId: Not(proxy.id),
 		});
 		const followJobs = followings.map(following => ({
 			from: { id: following.followerId },
@ -250,10 +250,8 @@ export class AccountMoveService {
 		// Have the proxy account follow the new account in the same way as UserListService.push
 		if (this.userEntityService.isRemoteUser(dst)) {
-			const proxy = await this.proxyAccountService.fetch();
+			const proxy = await this.systemAccountService.fetch('proxy');
-			if (proxy) {
+			this.queueService.createFollowJob([{ from: { id: proxy.id }, to: { id: dst.id } }]);
 				this.queueService.createFollowJob([{ from: { id: proxy.id }, to: { id: dst.id } }]);
 			}
 		}
 	}
--- a/packages/backend/src/core/CoreModule.ts
+++ b/packages/backend/src/core/CoreModule.ts
@ -24,7 +24,6 @@ import { AppLockService } from './AppLockService.js';
 import { AchievementService } from './AchievementService.js';
 import { AvatarDecorationService } from './AvatarDecorationService.js';
 import { CaptchaService } from './CaptchaService.js';
 import { CreateSystemUserService } from './CreateSystemUserService.js';
 import { CustomEmojiService } from './CustomEmojiService.js';
 import { DeleteAccountService } from './DeleteAccountService.js';
 import { DownloadService } from './DownloadService.js';
@ -37,7 +36,7 @@ import { HashtagService } from './HashtagService.js';
 import { HttpRequestService } from './HttpRequestService.js';
 import { IdService } from './IdService.js';
 import { ImageProcessingService } from './ImageProcessingService.js';
-import { InstanceActorService } from './InstanceActorService.js';
+import { SystemAccountService } from './SystemAccountService.js';
 import { InternalStorageService } from './InternalStorageService.js';
 import { MetaService } from './MetaService.js';
 import { MfmService } from './MfmService.js';
@ -69,7 +68,6 @@ import { UserSuspendService } from './UserSuspendService.js';
 import { UserAuthService } from './UserAuthService.js';
 import { VideoProcessingService } from './VideoProcessingService.js';
 import { UserWebhookService } from './UserWebhookService.js';
 import { ProxyAccountService } from './ProxyAccountService.js';
 import { UtilityService } from './UtilityService.js';
 import { FileInfoService } from './FileInfoService.js';
 import { SearchService } from './SearchService.js';
@ -167,7 +165,6 @@ const $AppLockService: Provider = { provide: 'AppLockService', useExisting: AppL
 const $AchievementService: Provider = { provide: 'AchievementService', useExisting: AchievementService };
 const $AvatarDecorationService: Provider = { provide: 'AvatarDecorationService', useExisting: AvatarDecorationService };
 const $CaptchaService: Provider = { provide: 'CaptchaService', useExisting: CaptchaService };
 const $CreateSystemUserService: Provider = { provide: 'CreateSystemUserService', useExisting: CreateSystemUserService };
 const $CustomEmojiService: Provider = { provide: 'CustomEmojiService', useExisting: CustomEmojiService };
 const $DeleteAccountService: Provider = { provide: 'DeleteAccountService', useExisting: DeleteAccountService };
 const $DownloadService: Provider = { provide: 'DownloadService', useExisting: DownloadService };
@ -180,7 +177,6 @@ const $HashtagService: Provider = { provide: 'HashtagService', useExisting: Hash
 const $HttpRequestService: Provider = { provide: 'HttpRequestService', useExisting: HttpRequestService };
 const $IdService: Provider = { provide: 'IdService', useExisting: IdService };
 const $ImageProcessingService: Provider = { provide: 'ImageProcessingService', useExisting: ImageProcessingService };
 const $InstanceActorService: Provider = { provide: 'InstanceActorService', useExisting: InstanceActorService };
 const $InternalStorageService: Provider = { provide: 'InternalStorageService', useExisting: InternalStorageService };
 const $MetaService: Provider = { provide: 'MetaService', useExisting: MetaService };
 const $MfmService: Provider = { provide: 'MfmService', useExisting: MfmService };
@ -191,7 +187,7 @@ const $NotePiningService: Provider = { provide: 'NotePiningService', useExisting
 const $NoteReadService: Provider = { provide: 'NoteReadService', useExisting: NoteReadService };
 const $NotificationService: Provider = { provide: 'NotificationService', useExisting: NotificationService };
 const $PollService: Provider = { provide: 'PollService', useExisting: PollService };
-const $ProxyAccountService: Provider = { provide: 'ProxyAccountService', useExisting: ProxyAccountService };
+const $SystemAccountService: Provider = { provide: 'SystemAccountService', useExisting: SystemAccountService };
 const $PushNotificationService: Provider = { provide: 'PushNotificationService', useExisting: PushNotificationService };
 const $QueryService: Provider = { provide: 'QueryService', useExisting: QueryService };
 const $ReactionService: Provider = { provide: 'ReactionService', useExisting: ReactionService };
@ -318,7 +314,6 @@ const $ApQuestionService: Provider = { provide: 'ApQuestionService', useExisting
 		AchievementService,
 		AvatarDecorationService,
 		CaptchaService,
 		CreateSystemUserService,
 		CustomEmojiService,
 		DeleteAccountService,
 		DownloadService,
@ -331,7 +326,6 @@ const $ApQuestionService: Provider = { provide: 'ApQuestionService', useExisting
 		HttpRequestService,
 		IdService,
 		ImageProcessingService,
 		InstanceActorService,
 		InternalStorageService,
 		MetaService,
 		MfmService,
@ -342,7 +336,7 @@ const $ApQuestionService: Provider = { provide: 'ApQuestionService', useExisting
 		NoteReadService,
 		NotificationService,
 		PollService,
-		ProxyAccountService,
+		SystemAccountService,
 		PushNotificationService,
 		QueryService,
 		ReactionService,
@ -465,7 +459,6 @@ const $ApQuestionService: Provider = { provide: 'ApQuestionService', useExisting
 		$AchievementService,
 		$AvatarDecorationService,
 		$CaptchaService,
 		$CreateSystemUserService,
 		$CustomEmojiService,
 		$DeleteAccountService,
 		$DownloadService,
@ -478,7 +471,6 @@ const $ApQuestionService: Provider = { provide: 'ApQuestionService', useExisting
 		$HttpRequestService,
 		$IdService,
 		$ImageProcessingService,
 		$InstanceActorService,
 		$InternalStorageService,
 		$MetaService,
 		$MfmService,
@ -489,7 +481,7 @@ const $ApQuestionService: Provider = { provide: 'ApQuestionService', useExisting
 		$NoteReadService,
 		$NotificationService,
 		$PollService,
-		$ProxyAccountService,
+		$SystemAccountService,
 		$PushNotificationService,
 		$QueryService,
 		$ReactionService,
@ -613,7 +605,6 @@ const $ApQuestionService: Provider = { provide: 'ApQuestionService', useExisting
 		AchievementService,
 		AvatarDecorationService,
 		CaptchaService,
 		CreateSystemUserService,
 		CustomEmojiService,
 		DeleteAccountService,
 		DownloadService,
@ -626,7 +617,6 @@ const $ApQuestionService: Provider = { provide: 'ApQuestionService', useExisting
 		HttpRequestService,
 		IdService,
 		ImageProcessingService,
 		InstanceActorService,
 		InternalStorageService,
 		MetaService,
 		MfmService,
@ -637,7 +627,7 @@ const $ApQuestionService: Provider = { provide: 'ApQuestionService', useExisting
 		NoteReadService,
 		NotificationService,
 		PollService,
-		ProxyAccountService,
+		SystemAccountService,
 		PushNotificationService,
 		QueryService,
 		ReactionService,
@ -759,7 +749,6 @@ const $ApQuestionService: Provider = { provide: 'ApQuestionService', useExisting
 		$AchievementService,
 		$AvatarDecorationService,
 		$CaptchaService,
 		$CreateSystemUserService,
 		$CustomEmojiService,
 		$DeleteAccountService,
 		$DownloadService,
@ -772,7 +761,6 @@ const $ApQuestionService: Provider = { provide: 'ApQuestionService', useExisting
 		$HttpRequestService,
 		$IdService,
 		$ImageProcessingService,
 		$InstanceActorService,
 		$InternalStorageService,
 		$MetaService,
 		$MfmService,
@ -783,7 +771,7 @@ const $ApQuestionService: Provider = { provide: 'ApQuestionService', useExisting
 		$NoteReadService,
 		$NotificationService,
 		$PollService,
-		$ProxyAccountService,
+		$SystemAccountService,
 		$PushNotificationService,
 		$QueryService,
 		$ReactionService,
--- a/packages/backend/src/core/CreateSystemUserService.ts
+++ b/packages/backend/src/core/CreateSystemUserService.ts
@ -1,86 +0,0 @@
 /*
 * SPDX-FileCopyrightText: syuilo and misskey-project
 * SPDX-License-Identifier: AGPL-3.0-only
 */
 import { randomUUID } from 'node:crypto';
 import { Inject, Injectable } from '@nestjs/common';
 import bcrypt from 'bcryptjs';
 import { IsNull, DataSource } from 'typeorm';
 import { genRsaKeyPair } from '@/misc/gen-key-pair.js';
 import { MiUser } from '@/models/User.js';
 import { MiUserProfile } from '@/models/UserProfile.js';
 import { IdService } from '@/core/IdService.js';
 import { MiUserKeypair } from '@/models/UserKeypair.js';
 import { MiUsedUsername } from '@/models/UsedUsername.js';
 import { DI } from '@/di-symbols.js';
 import { generateNativeUserToken } from '@/misc/token.js';
 import { bindThis } from '@/decorators.js';
@Injectable()
 export class CreateSystemUserService {
 	constructor(
 		@Inject(DI.db)
 		private db: DataSource,
 		private idService: IdService,
 	) {
 	}
 	@bindThis
 	public async createSystemUser(username: string): Promise<MiUser> {
 		const password = randomUUID();
 		// Generate hash of password
 		const salt = await bcrypt.genSalt(8);
 		const hash = await bcrypt.hash(password, salt);
 		// Generate secret
 		const secret = generateNativeUserToken();
 		const keyPair = await genRsaKeyPair();
 		let account!: MiUser;
 		// Start transaction
 		await this.db.transaction(async transactionalEntityManager => {
 			const exist = await transactionalEntityManager.findOneBy(MiUser, {
 				usernameLower: username.toLowerCase(),
 				host: IsNull(),
 			});
 			if (exist) throw new Error('the user is already exists');
 			account = await transactionalEntityManager.insert(MiUser, {
 				id: this.idService.gen(),
 				username: username,
 				usernameLower: username.toLowerCase(),
 				host: null,
 				token: secret,
 				isRoot: false,
 				isLocked: true,
 				isExplorable: false,
 				isBot: true,
 			}).then(x => transactionalEntityManager.findOneByOrFail(MiUser, x.identifiers[0]));
 			await transactionalEntityManager.insert(MiUserKeypair, {
 				publicKey: keyPair.publicKey,
 				privateKey: keyPair.privateKey,
 				userId: account.id,
 			});
 			await transactionalEntityManager.insert(MiUserProfile, {
 				userId: account.id,
 				autoAcceptFollowed: false,
 				password: hash,
 			});
 			await transactionalEntityManager.insert(MiUsedUsername, {
 				createdAt: new Date(),
 				username: username.toLowerCase(),
 			});
 		});
 		return account;
 	}
 }
--- a/packages/backend/src/core/DeleteAccountService.ts
+++ b/packages/backend/src/core/DeleteAccountService.ts
@ -5,7 +5,7 @@
 import { Inject, Injectable } from '@nestjs/common';
 import { Not, IsNull } from 'typeorm';
-import type { FollowingsRepository, MiUser, UsersRepository } from '@/models/_.js';
+import type { FollowingsRepository, MiMeta, MiUser, UsersRepository } from '@/models/_.js';
 import { QueueService } from '@/core/QueueService.js';
 import { DI } from '@/di-symbols.js';
 import { bindThis } from '@/decorators.js';
@ -13,10 +13,14 @@ import { GlobalEventService } from '@/core/GlobalEventService.js';
 import { UserEntityService } from '@/core/entities/UserEntityService.js';
 import { ApRendererService } from '@/core/activitypub/ApRendererService.js';
 import { ModerationLogService } from '@/core/ModerationLogService.js';
 import { SystemAccountService } from '@/core/SystemAccountService.js';
@Injectable()
 export class DeleteAccountService {
 	constructor(
 		@Inject(DI.meta)
 		private meta: MiMeta,
 		@Inject(DI.usersRepository)
 		private usersRepository: UsersRepository,
@ -28,6 +32,7 @@ export class DeleteAccountService {
 		private queueService: QueueService,
 		private globalEventService: GlobalEventService,
 		private moderationLogService: ModerationLogService,
 		private systemAccountService: SystemAccountService,
 	) {
 	}
@ -36,8 +41,13 @@ export class DeleteAccountService {
 		id: string;
 		host: string | null;
 	}, moderator?: MiUser): Promise<void> {
 		if (this.meta.rootUserId === user.id) throw new Error('cannot delete a root account');
 		const _user = await this.usersRepository.findOneByOrFail({ id: user.id });
-		if (_user.isRoot) throw new Error('cannot delete a root account');
+
 		if (user.host === null && _user.username.includes('.')) {
 			throw new Error('cannot delete a system account');
 		}
 		if (moderator != null) {
 			this.moderationLogService.log(moderator, 'deleteAccount', {
--- a/packages/backend/src/core/InstanceActorService.ts
+++ b/packages/backend/src/core/InstanceActorService.ts
@ -1,57 +0,0 @@
 /*
 * SPDX-FileCopyrightText: syuilo and misskey-project
 * SPDX-License-Identifier: AGPL-3.0-only
 */
 import { Inject, Injectable } from '@nestjs/common';
 import { IsNull, Not } from 'typeorm';
 import type { MiLocalUser } from '@/models/User.js';
 import type { UsersRepository } from '@/models/_.js';
 import { MemorySingleCache } from '@/misc/cache.js';
 import { DI } from '@/di-symbols.js';
 import { CreateSystemUserService } from '@/core/CreateSystemUserService.js';
 import { bindThis } from '@/decorators.js';
 const ACTOR_USERNAME = 'instance.actor' as const;
@Injectable()
 export class InstanceActorService {
 	private cache: MemorySingleCache<MiLocalUser>;
 	constructor(
 		@Inject(DI.usersRepository)
 		private usersRepository: UsersRepository,
 		private createSystemUserService: CreateSystemUserService,
 	) {
 		this.cache = new MemorySingleCache<MiLocalUser>(Infinity);
 	}
 	@bindThis
 	public async realLocalUsersPresent(): Promise<boolean> {
 		return await this.usersRepository.existsBy({
 			host: IsNull(),
 			username: Not(ACTOR_USERNAME),
 		});
 	}
 	@bindThis
 	public async getInstanceActor(): Promise<MiLocalUser> {
 		const cached = this.cache.get();
 		if (cached) return cached;
 		const user = await this.usersRepository.findOneBy({
 			host: IsNull(),
 			username: ACTOR_USERNAME,
 		}) as MiLocalUser | undefined;
 		if (user) {
 			this.cache.set(user);
 			return user;
 		} else {
 			const created = await this.createSystemUserService.createSystemUser(ACTOR_USERNAME) as MiLocalUser;
 			this.cache.set(created);
 			return created;
 		}
 	}
 }
--- a/packages/backend/src/core/MetaService.ts
+++ b/packages/backend/src/core/MetaService.ts
@ -53,7 +53,7 @@ export class MetaService implements OnApplicationShutdown {
 				case 'metaUpdated': {
 					this.cache = { // TODO: このあたりのデシリアライズ処理は各modelファイル内に関数としてexportしたい
 						...(body.after),
-						proxyAccount: null, // joinなカラムは通常取ってこないので
+						rootUser: null, // joinなカラムは通常取ってこないので
 					};
 					break;
 				}
@ -113,17 +113,20 @@ export class MetaService implements OnApplicationShutdown {
 			if (before) {
 				await transactionalEntityManager.update(MiMeta, before.id, data);
 				const metas = await transactionalEntityManager.find(MiMeta, {
 					order: {
 						id: 'DESC',
 					},
 				});
 				return metas[0];
 			} else {
-				return await transactionalEntityManager.save(MiMeta, data);
+				await transactionalEntityManager.save(MiMeta, {
 					...data,
 					id: 'x',
 				});
 			}
 			const afters = await transactionalEntityManager.find(MiMeta, {
 				order: {
 					id: 'DESC',
 				},
 			});
 			return afters[0];
 		});
 		if (data.hiddenTags) {
--- a/packages/backend/src/core/ProxyAccountService.ts
+++ b/packages/backend/src/core/ProxyAccountService.ts
@ -1,28 +0,0 @@
 /*
 * SPDX-FileCopyrightText: syuilo and misskey-project
 * SPDX-License-Identifier: AGPL-3.0-only
 */
 import { Inject, Injectable } from '@nestjs/common';
 import type { MiMeta, UsersRepository } from '@/models/_.js';
 import type { MiLocalUser } from '@/models/User.js';
 import { DI } from '@/di-symbols.js';
 import { bindThis } from '@/decorators.js';
@Injectable()
 export class ProxyAccountService {
 	constructor(
 		@Inject(DI.meta)
 		private meta: MiMeta,
 		@Inject(DI.usersRepository)
 		private usersRepository: UsersRepository,
 	) {
 	}
 	@bindThis
 	public async fetch(): Promise<MiLocalUser | null> {
 		if (this.meta.proxyAccountId == null) return null;
 		return await this.usersRepository.findOneByOrFail({ id: this.meta.proxyAccountId }) as MiLocalUser;
 	}
 }
--- a/packages/backend/src/core/RelayService.ts
+++ b/packages/backend/src/core/RelayService.ts
@ -4,53 +4,34 @@
 */
 import { Inject, Injectable } from '@nestjs/common';
-import { IsNull } from 'typeorm';
+import type { MiUser } from '@/models/User.js';
-import type { MiLocalUser, MiUser } from '@/models/User.js';
+import type { RelaysRepository } from '@/models/_.js';
 import type { RelaysRepository, UsersRepository } from '@/models/_.js';
 import { IdService } from '@/core/IdService.js';
 import { MemorySingleCache } from '@/misc/cache.js';
 import type { MiRelay } from '@/models/Relay.js';
 import { QueueService } from '@/core/QueueService.js';
 import { CreateSystemUserService } from '@/core/CreateSystemUserService.js';
 import { ApRendererService } from '@/core/activitypub/ApRendererService.js';
 import { DI } from '@/di-symbols.js';
 import { deepClone } from '@/misc/clone.js';
 import { bindThis } from '@/decorators.js';
-
+import { SystemAccountService } from '@/core/SystemAccountService.js';
 const ACTOR_USERNAME = 'relay.actor' as const;
@Injectable()
 export class RelayService {
 	private relaysCache: MemorySingleCache<MiRelay[]>;
 	constructor(
 		@Inject(DI.usersRepository)
 		private usersRepository: UsersRepository,
 		@Inject(DI.relaysRepository)
 		private relaysRepository: RelaysRepository,
 		private idService: IdService,
 		private queueService: QueueService,
-		private createSystemUserService: CreateSystemUserService,
+		private systemAccountService: SystemAccountService,
 		private apRendererService: ApRendererService,
 	) {
 		this.relaysCache = new MemorySingleCache<MiRelay[]>(1000 * 60 * 10); // 10m
 	}
 	@bindThis
 	private async getRelayActor(): Promise<MiLocalUser> {
 		const user = await this.usersRepository.findOneBy({
 			host: IsNull(),
 			username: ACTOR_USERNAME,
 		});
 		if (user) return user as MiLocalUser;
 		const created = await this.createSystemUserService.createSystemUser(ACTOR_USERNAME);
 		return created as MiLocalUser;
 	}
 	@bindThis
 	public async addRelay(inbox: string): Promise<MiRelay> {
 		const relay = await this.relaysRepository.insertOne({
@ -59,8 +40,8 @@ export class RelayService {
 			status: 'requesting',
 		});
-		const relayActor = await this.getRelayActor();
+		const relayActor = await this.systemAccountService.fetch('relay');
-		const follow = await this.apRendererService.renderFollowRelay(relay, relayActor);
+		const follow = this.apRendererService.renderFollowRelay(relay, relayActor);
 		const activity = this.apRendererService.addContext(follow);
 		this.queueService.deliver(relayActor, activity, relay.inbox, false);
@ -77,7 +58,7 @@ export class RelayService {
 			throw new Error('relay not found');
 		}
-		const relayActor = await this.getRelayActor();
+		const relayActor = await this.systemAccountService.fetch('relay');
 		const follow = this.apRendererService.renderFollowRelay(relay, relayActor);
 		const undo = this.apRendererService.renderUndo(follow, relayActor);
 		const activity = this.apRendererService.addContext(undo);
--- a/packages/backend/src/core/RoleService.ts
+++ b/packages/backend/src/core/RoleService.ts
@ -101,7 +101,6 @@ export const DEFAULT_POLICIES: RolePolicies = {
@Injectable()
 export class RoleService implements OnApplicationShutdown, OnModuleInit {
 	private rootUserIdCache: MemorySingleCache<MiUser['id']>;
 	private rolesCache: MemorySingleCache<MiRole[]>;
 	private roleAssignmentByUserIdCache: MemoryKVCache<MiRoleAssignment[]>;
 	private notificationService: NotificationService;
@ -137,7 +136,6 @@ export class RoleService implements OnApplicationShutdown, OnModuleInit {
 		private moderationLogService: ModerationLogService,
 		private fanoutTimelineService: FanoutTimelineService,
 	) {
 		this.rootUserIdCache = new MemorySingleCache<MiUser['id']>(1000 * 60 * 60 * 24 * 7); // 1week. rootユーザのIDは不変なので長めに
 		this.rolesCache = new MemorySingleCache<MiRole[]>(1000 * 60 * 60); // 1h
 		this.roleAssignmentByUserIdCache = new MemoryKVCache<MiRoleAssignment[]>(1000 * 60 * 5); // 5m
@ -406,15 +404,15 @@ export class RoleService implements OnApplicationShutdown, OnModuleInit {
 	}
 	@bindThis
-	public async isModerator(user: { id: MiUser['id']; isRoot: MiUser['isRoot'] } | null): Promise<boolean> {
+	public async isModerator(user: { id: MiUser['id'] } | null): Promise<boolean> {
 		if (user == null) return false;
-		return user.isRoot || (await this.getUserRoles(user.id)).some(r => r.isModerator || r.isAdministrator);
+		return (this.meta.rootUserId === user.id) || (await this.getUserRoles(user.id)).some(r => r.isModerator || r.isAdministrator);
 	}
 	@bindThis
-	public async isAdministrator(user: { id: MiUser['id']; isRoot: MiUser['isRoot'] } | null): Promise<boolean> {
+	public async isAdministrator(user: { id: MiUser['id'] } | null): Promise<boolean> {
 		if (user == null) return false;
-		return user.isRoot || (await this.getUserRoles(user.id)).some(r => r.isAdministrator);
+		return (this.meta.rootUserId === user.id) || (await this.getUserRoles(user.id)).some(r => r.isAdministrator);
 	}
 	@bindThis
@ -463,16 +461,8 @@ export class RoleService implements OnApplicationShutdown, OnModuleInit {
 				.map(a => a.userId),
 		);
-		if (includeRoot) {
+		if (includeRoot && this.meta.rootUserId) {
-			const rootUserId = await this.rootUserIdCache.fetch(async () => {
+			resultSet.add(this.meta.rootUserId);
 				const it = await this.usersRepository.createQueryBuilder('users')
 					.select('id')
 					.where({ isRoot: true })
 					.getRawOne<{ id: string }>();
 				// eslint-disable-next-line @typescript-eslint/no-non-null-assertion
 				return it!.id;
 			});
 			resultSet.add(rootUserId);
 		}
 		return [...resultSet].sort((x, y) => x.localeCompare(y));
--- a/packages/backend/src/core/SignupService.ts
+++ b/packages/backend/src/core/SignupService.ts
@ -16,11 +16,12 @@ import { MiUserKeypair } from '@/models/UserKeypair.js';
 import { MiUsedUsername } from '@/models/UsedUsername.js';
 import { generateNativeUserToken } from '@/misc/token.js';
 import { UserEntityService } from '@/core/entities/UserEntityService.js';
 import { InstanceActorService } from '@/core/InstanceActorService.js';
 import { bindThis } from '@/decorators.js';
 import UsersChart from '@/core/chart/charts/users.js';
 import { UtilityService } from '@/core/UtilityService.js';
 import { UserService } from '@/core/UserService.js';
 import { SystemAccountService } from '@/core/SystemAccountService.js';
 import { MetaService } from '@/core/MetaService.js';
@Injectable()
 export class SignupService {
@ -41,7 +42,8 @@ export class SignupService {
 		private userService: UserService,
 		private userEntityService: UserEntityService,
 		private idService: IdService,
-		private instanceActorService: InstanceActorService,
+		private systemAccountService: SystemAccountService,
 		private metaService: MetaService,
 		private usersChart: UsersChart,
 	) {
 	}
@ -86,9 +88,7 @@ export class SignupService {
 			throw new Error('USED_USERNAME');
 		}
-		const isTheFirstUser = !await this.instanceActorService.realLocalUsersPresent();
+		if (!opts.ignorePreservedUsernames && this.meta.rootUserId != null) {
 		if (!opts.ignorePreservedUsernames && !isTheFirstUser) {
 			const isPreserved = this.meta.preservedUsernames.map(x => x.toLowerCase()).includes(username.toLowerCase());
 			if (isPreserved) {
 				throw new Error('USED_USERNAME');
@ -129,7 +129,6 @@ export class SignupService {
 				usernameLower: username.toLowerCase(),
 				host: this.utilityService.toPunyNullable(host),
 				token: secret,
 				isRoot: isTheFirstUser,
 			}));
 			await transactionalEntityManager.save(new MiUserKeypair({
@ -153,6 +152,10 @@ export class SignupService {
 		this.usersChart.update(account, true);
 		this.userService.notifySystemWebhook(account, 'userCreated');
 		if (this.meta.rootUserId == null) {
 			await this.metaService.update({ rootUserId: account.id });
 		}
 		return { account, secret };
 	}
 }
--- a/packages/backend/src/core/SystemAccountService.ts
+++ b/packages/backend/src/core/SystemAccountService.ts
@ -0,0 +1,172 @@
 /*
 * SPDX-FileCopyrightText: syuilo and misskey-project
 * SPDX-License-Identifier: AGPL-3.0-only
 */
 import { randomUUID } from 'node:crypto';
 import { Inject, Injectable } from '@nestjs/common';
 import { DataSource, IsNull } from 'typeorm';
 import bcrypt from 'bcryptjs';
 import { MiLocalUser, MiUser } from '@/models/User.js';
 import { MiSystemAccount, MiUsedUsername, MiUserKeypair, MiUserProfile, type UsersRepository, type SystemAccountsRepository } from '@/models/_.js';
 import type { MiMeta, UserProfilesRepository } from '@/models/_.js';
 import { MemoryKVCache } from '@/misc/cache.js';
 import { DI } from '@/di-symbols.js';
 import { bindThis } from '@/decorators.js';
 import { generateNativeUserToken } from '@/misc/token.js';
 import { IdService } from '@/core/IdService.js';
 import { genRsaKeyPair } from '@/misc/gen-key-pair.js';
 export const SYSTEM_ACCOUNT_TYPES = ['actor', 'relay', 'proxy'] as const;
@Injectable()
 export class SystemAccountService {
 	private cache: MemoryKVCache<MiLocalUser>;
 	constructor(
 		@Inject(DI.db)
 		private db: DataSource,
 		@Inject(DI.meta)
 		private meta: MiMeta,
 		@Inject(DI.systemAccountsRepository)
 		private systemAccountsRepository: SystemAccountsRepository,
 		@Inject(DI.usersRepository)
 		private usersRepository: UsersRepository,
 		@Inject(DI.userProfilesRepository)
 		private userProfilesRepository: UserProfilesRepository,
 		private idService: IdService,
 	) {
 		this.cache = new MemoryKVCache<MiLocalUser>(1000 * 60 * 10); // 10m
 	}
 	@bindThis
 	public async list(): Promise<MiSystemAccount[]> {
 		const accounts = await this.systemAccountsRepository.findBy({});
 		return accounts;
 	}
 	@bindThis
 	public async fetch(type: typeof SYSTEM_ACCOUNT_TYPES[number]): Promise<MiLocalUser> {
 		const cached = this.cache.get(type);
 		if (cached) return cached;
 		const systemAccount = await this.systemAccountsRepository.findOne({
 			where: { type: type },
 			relations: ['user'],
 		});
 		if (systemAccount) {
 			this.cache.set(type, systemAccount.user as MiLocalUser);
 			return systemAccount.user as MiLocalUser;
 		} else {
 			const created = await this.createCorrespondingUser(type, {
 				username: `system.${type}`, // NOTE: (できれば避けたいが) . が含まれるかどうかでシステムアカウントかどうかを判定している処理もあるので変えないように
 				name: this.meta.name,
 			});
 			this.cache.set(type, created);
 			return created;
 		}
 	}
 	@bindThis
 	private async createCorrespondingUser(type: typeof SYSTEM_ACCOUNT_TYPES[number], extra: {
 		username: MiUser['username'];
 		name?: MiUser['name'];
 	}): Promise<MiLocalUser> {
 		const password = randomUUID();
 		// Generate hash of password
 		const salt = await bcrypt.genSalt(8);
 		const hash = await bcrypt.hash(password, salt);
 		// Generate secret
 		const secret = generateNativeUserToken();
 		const keyPair = await genRsaKeyPair();
 		let account!: MiUser;
 		// Start transaction
 		await this.db.transaction(async transactionalEntityManager => {
 			const exist = await transactionalEntityManager.findOneBy(MiUser, {
 				usernameLower: extra.username.toLowerCase(),
 				host: IsNull(),
 			});
 			if (exist) {
 				account = exist;
 				return;
 			}
 			account = await transactionalEntityManager.insert(MiUser, {
 				id: this.idService.gen(),
 				username: extra.username,
 				usernameLower: extra.username.toLowerCase(),
 				host: null,
 				token: secret,
 				isLocked: true,
 				isExplorable: false,
 				isBot: true,
 				name: extra.name,
 			}).then(x => transactionalEntityManager.findOneByOrFail(MiUser, x.identifiers[0]));
 			await transactionalEntityManager.insert(MiUserKeypair, {
 				publicKey: keyPair.publicKey,
 				privateKey: keyPair.privateKey,
 				userId: account.id,
 			});
 			await transactionalEntityManager.insert(MiUserProfile, {
 				userId: account.id,
 				autoAcceptFollowed: false,
 				password: hash,
 			});
 			await transactionalEntityManager.insert(MiUsedUsername, {
 				createdAt: new Date(),
 				username: extra.username.toLowerCase(),
 			});
 			await transactionalEntityManager.insert(MiSystemAccount, {
 				id: this.idService.gen(),
 				userId: account.id,
 				type: type,
 			});
 		});
 		return account as MiLocalUser;
 	}
 	@bindThis
 	public async updateCorrespondingUserProfile(type: typeof SYSTEM_ACCOUNT_TYPES[number], extra: {
 		name?: string;
 		description?: MiUserProfile['description'];
 	}): Promise<MiLocalUser> {
 		const user = await this.fetch(type);
 		const updates = {} as Partial<MiUser>;
 		if (extra.name !== undefined) updates.name = extra.name;
 		if (Object.keys(updates).length > 0) {
 			await this.usersRepository.update(user.id, updates);
 		}
 		const profileUpdates = {} as Partial<MiUserProfile>;
 		if (extra.description !== undefined) profileUpdates.description = extra.description;
 		if (Object.keys(profileUpdates).length > 0) {
 			await this.userProfilesRepository.update(user.id, profileUpdates);
 		}
 		const updated = await this.usersRepository.findOneByOrFail({ id: user.id }) as MiLocalUser;
 		this.cache.set(type, updated);
 		return updated;
 	}
 }
--- a/packages/backend/src/core/UserListService.ts
+++ b/packages/backend/src/core/UserListService.ts
@ -15,11 +15,11 @@ import type { GlobalEvents } from '@/core/GlobalEventService.js';
 import { GlobalEventService } from '@/core/GlobalEventService.js';
 import { DI } from '@/di-symbols.js';
 import { UserEntityService } from '@/core/entities/UserEntityService.js';
 import { ProxyAccountService } from '@/core/ProxyAccountService.js';
 import { bindThis } from '@/decorators.js';
 import { QueueService } from '@/core/QueueService.js';
 import { RedisKVCache } from '@/misc/cache.js';
 import { RoleService } from '@/core/RoleService.js';
 import { SystemAccountService } from '@/core/SystemAccountService.js';
@Injectable()
 export class UserListService implements OnApplicationShutdown, OnModuleInit {
@ -43,8 +43,8 @@ export class UserListService implements OnApplicationShutdown, OnModuleInit {
 		private userEntityService: UserEntityService,
 		private idService: IdService,
 		private globalEventService: GlobalEventService,
 		private proxyAccountService: ProxyAccountService,
 		private queueService: QueueService,
 		private systemAccountService: SystemAccountService,
 	) {
 		this.membersCache = new RedisKVCache<Set<string>>(this.redisClient, 'userListMembers', {
 			lifetime: 1000 * 60 * 30, // 30m
@ -111,10 +111,8 @@ export class UserListService implements OnApplicationShutdown, OnModuleInit {
 		// このインスタンス内にこのリモートユーザーをフォローしているユーザーがいなくても投稿を受け取るためにダミーのユーザーがフォローしたということにする
 		if (this.userEntityService.isRemoteUser(target)) {
-			const proxy = await this.proxyAccountService.fetch();
+			const proxy = await this.systemAccountService.fetch('proxy');
-			if (proxy) {
+			this.queueService.createFollowJob([{ from: { id: proxy.id }, to: { id: target.id } }]);
 				this.queueService.createFollowJob([{ from: { id: proxy.id }, to: { id: target.id } }]);
 			}
 		}
 	}
--- a/packages/backend/src/core/WebhookTestService.ts
+++ b/packages/backend/src/core/WebhookTestService.ts
@ -73,7 +73,6 @@ function generateDummyUser(override?: Partial<MiUser>): MiUser {
 		isLocked: false,
 		isBot: false,
 		isCat: true,
 		isRoot: false,
 		isExplorable: true,
 		isHibernated: false,
 		isDeleted: false,
--- a/packages/backend/src/core/activitypub/ApRendererService.ts
+++ b/packages/backend/src/core/activitypub/ApRendererService.ts
@ -23,7 +23,7 @@ import { MfmService } from '@/core/MfmService.js';
 import { UserEntityService } from '@/core/entities/UserEntityService.js';
 import { DriveFileEntityService } from '@/core/entities/DriveFileEntityService.js';
 import type { MiUserKeypair } from '@/models/UserKeypair.js';
-import type { UsersRepository, UserProfilesRepository, NotesRepository, DriveFilesRepository, PollsRepository } from '@/models/_.js';
+import type { UsersRepository, UserProfilesRepository, NotesRepository, DriveFilesRepository, PollsRepository, MiMeta } from '@/models/_.js';
 import { bindThis } from '@/decorators.js';
 import { CustomEmojiService } from '@/core/CustomEmojiService.js';
 import { IdService } from '@/core/IdService.js';
@ -39,6 +39,9 @@ export class ApRendererService {
 		@Inject(DI.config)
 		private config: Config,
 		@Inject(DI.meta)
 		private meta: MiMeta,
 		@Inject(DI.usersRepository)
 		private usersRepository: UsersRepository,
@ -186,7 +189,7 @@ export class ApRendererService {
 				url: emoji.publicUrl || emoji.originalUrl,
 			},
 			_misskey_license: {
-				freeText: emoji.license
+				freeText: emoji.license,
 			},
 		};
 	}
@ -255,6 +258,38 @@ export class ApRendererService {
 		};
 	}
 	@bindThis
 	public renderIdenticon(user: MiLocalUser): IApImage {
 		return {
 			type: 'Image',
 			url: this.userEntityService.getIdenticonUrl(user),
 			sensitive: false,
 			name: null,
 		};
 	}
 	@bindThis
 	public renderSystemAvatar(user: MiLocalUser): IApImage {
 		if (this.meta.iconUrl == null) return this.renderIdenticon(user);
 		return {
 			type: 'Image',
 			url: this.meta.iconUrl,
 			sensitive: false,
 			name: null,
 		};
 	}
 	@bindThis
 	public renderSystemBanner(): IApImage | null {
 		if (this.meta.bannerUrl == null) return null;
 		return {
 			type: 'Image',
 			url: this.meta.bannerUrl,
 			sensitive: false,
 			name: null,
 		};
 	}
 	@bindThis
 	public renderKey(user: MiLocalUser, key: MiUserKeypair, postfix?: string): IKey {
 		return {
@ -503,8 +538,8 @@ export class ApRendererService {
 			_misskey_requireSigninToViewContents: user.requireSigninToViewContents,
 			_misskey_makeNotesFollowersOnlyBefore: user.makeNotesFollowersOnlyBefore,
 			_misskey_makeNotesHiddenBefore: user.makeNotesHiddenBefore,
-			icon: avatar ? this.renderImage(avatar) : null,
+			icon: avatar ? this.renderImage(avatar) : isSystem ? this.renderSystemAvatar(user) : this.renderIdenticon(user),
-			image: banner ? this.renderImage(banner) : null,
+			image: banner ? this.renderImage(banner) : isSystem ? this.renderSystemBanner() : null,
 			tag,
 			manuallyApprovesFollowers: user.isLocked,
 			discoverable: user.isExplorable,
--- a/packages/backend/src/core/activitypub/ApResolverService.ts
+++ b/packages/backend/src/core/activitypub/ApResolverService.ts
@ -6,7 +6,6 @@
 import { Inject, Injectable } from '@nestjs/common';
 import { IsNull, Not } from 'typeorm';
 import type { MiLocalUser, MiRemoteUser } from '@/models/User.js';
 import { InstanceActorService } from '@/core/InstanceActorService.js';
 import type { NotesRepository, PollsRepository, NoteReactionsRepository, UsersRepository, FollowRequestsRepository, MiMeta } from '@/models/_.js';
 import type { Config } from '@/config.js';
 import { HttpRequestService } from '@/core/HttpRequestService.js';
@ -15,13 +14,14 @@ import { UtilityService } from '@/core/UtilityService.js';
 import { bindThis } from '@/decorators.js';
 import { LoggerService } from '@/core/LoggerService.js';
 import type Logger from '@/logger.js';
 import { SystemAccountService } from '@/core/SystemAccountService.js';
 import { IdentifiableError } from '@/misc/identifiable-error.js';
 import { isCollectionOrOrderedCollection } from './type.js';
 import { ApDbResolverService } from './ApDbResolverService.js';
 import { ApRendererService } from './ApRendererService.js';
 import { ApRequestService } from './ApRequestService.js';
 import type { IObject, ICollection, IOrderedCollection } from './type.js';
 import { IdentifiableError } from '@/misc/identifiable-error.js';
 import { FetchAllowSoftFailMask } from './misc/check-against-url.js';
 import type { IObject, ICollection, IOrderedCollection } from './type.js';
 export class Resolver {
 	private history: Set<string>;
@ -37,7 +37,7 @@ export class Resolver {
 		private noteReactionsRepository: NoteReactionsRepository,
 		private followRequestsRepository: FollowRequestsRepository,
 		private utilityService: UtilityService,
-		private instanceActorService: InstanceActorService,
+		private systemAccountService: SystemAccountService,
 		private apRequestService: ApRequestService,
 		private httpRequestService: HttpRequestService,
 		private apRendererService: ApRendererService,
@ -105,7 +105,7 @@ export class Resolver {
 		}
 		if (this.config.signToActivityPubGet && !this.user) {
-			this.user = await this.instanceActorService.getInstanceActor();
+			this.user = await this.systemAccountService.fetch('actor');
 		}
 		const object = (this.user
@ -119,7 +119,7 @@ export class Resolver {
 		) {
 			throw new IdentifiableError('72180409-793c-4973-868e-5a118eb5519b', 'invalid response');
 		}
-		
+
 		return object;
 	}
@ -202,7 +202,7 @@ export class ApResolverService {
 		private followRequestsRepository: FollowRequestsRepository,
 		private utilityService: UtilityService,
-		private instanceActorService: InstanceActorService,
+		private systemAccountService: SystemAccountService,
 		private apRequestService: ApRequestService,
 		private httpRequestService: HttpRequestService,
 		private apRendererService: ApRendererService,
@ -222,7 +222,7 @@ export class ApResolverService {
 			this.noteReactionsRepository,
 			this.followRequestsRepository,
 			this.utilityService,
-			this.instanceActorService,
+			this.systemAccountService,
 			this.apRequestService,
 			this.httpRequestService,
 			this.apRendererService,
--- a/packages/backend/src/core/entities/MetaEntityService.ts
+++ b/packages/backend/src/core/entities/MetaEntityService.ts
@ -11,8 +11,7 @@ import type { MiMeta } from '@/models/Meta.js';
 import type { AdsRepository } from '@/models/_.js';
 import { MAX_NOTE_TEXT_LENGTH } from '@/const.js';
 import { bindThis } from '@/decorators.js';
-import { UserEntityService } from '@/core/entities/UserEntityService.js';
+import { SystemAccountService } from '@/core/SystemAccountService.js';
 import { InstanceActorService } from '@/core/InstanceActorService.js';
 import type { Config } from '@/config.js';
 import { DI } from '@/di-symbols.js';
 import { DEFAULT_POLICIES } from '@/core/RoleService.js';
@ -29,8 +28,7 @@ export class MetaEntityService {
 		@Inject(DI.adsRepository)
 		private adsRepository: AdsRepository,
-		private userEntityService: UserEntityService,
+		private systemAccountService: SystemAccountService,
 		private instanceActorService: InstanceActorService,
 	) { }
 	@bindThis
@ -149,14 +147,14 @@ export class MetaEntityService {
 		const packed = await this.pack(instance);
-		const proxyAccount = instance.proxyAccountId ? await this.userEntityService.pack(instance.proxyAccountId).catch(() => null) : null;
+		const proxyAccount = await this.systemAccountService.fetch('proxy');
 		const packDetailed: Packed<'MetaDetailed'> = {
 			...packed,
 			cacheRemoteFiles: instance.cacheRemoteFiles,
 			cacheRemoteSensitiveFiles: instance.cacheRemoteSensitiveFiles,
-			requireSetup: !await this.instanceActorService.realLocalUsersPresent(),
+			requireSetup: this.meta.rootUserId == null,
-			proxyAccountName: proxyAccount ? proxyAccount.username : null,
+			proxyAccountName: proxyAccount.username,
 			features: {
 				localTimeline: instance.policies.ltlAvailable,
 				globalTimeline: instance.policies.gtlAvailable,
--- a/packages/backend/src/core/entities/UserEntityService.ts
+++ b/packages/backend/src/core/entities/UserEntityService.ts
@ -28,6 +28,7 @@ import type {
 	FollowingsRepository,
 	FollowRequestsRepository,
 	MiFollowing,
 	MiMeta,
 	MiUserNotePining,
 	MiUserProfile,
 	MutingsRepository,
@ -100,6 +101,9 @@ export class UserEntityService implements OnModuleInit {
 		@Inject(DI.config)
 		private config: Config,
 		@Inject(DI.meta)
 		private meta: MiMeta,
 		@Inject(DI.redis)
 		private redisClient: Redis.Redis,
@ -381,7 +385,11 @@ export class UserEntityService implements OnModuleInit {
 	@bindThis
 	public getIdenticonUrl(user: MiUser): string {
-		return `${this.config.url}/identicon/${user.username.toLowerCase()}@${user.host ?? this.config.host}`;
+		if ((user.host == null || user.host === this.config.host) && user.username.includes('.') && this.meta.iconUrl) { // ローカルのシステムアカウントの場合
 			return this.meta.iconUrl;
 		} else {
 			return `${this.config.url}/identicon/${user.username.toLowerCase()}@${user.host ?? this.config.host}`;
 		}
 	}
 	@bindThis
--- a/packages/backend/src/di-symbols.ts
+++ b/packages/backend/src/di-symbols.ts
@ -74,6 +74,7 @@ export const DI = {
 	registryItemsRepository: Symbol('registryItemsRepository'),
 	webhooksRepository: Symbol('webhooksRepository'),
 	systemWebhooksRepository: Symbol('systemWebhooksRepository'),
 	systemAccountsRepository: Symbol('systemAccountsRepository'),
 	adsRepository: Symbol('adsRepository'),
 	passwordResetRequestsRepository: Symbol('passwordResetRequestsRepository'),
 	retentionAggregationsRepository: Symbol('retentionAggregationsRepository'),
--- a/packages/backend/src/models/Meta.ts
+++ b/packages/backend/src/models/Meta.ts
@ -3,7 +3,7 @@
 * SPDX-License-Identifier: AGPL-3.0-only
 */
-import { Entity, Column, PrimaryColumn, ManyToOne, JoinColumn } from 'typeorm';
+import { Entity, Column, PrimaryColumn, ManyToOne } from 'typeorm';
 import { id } from './util/id.js';
 import { MiUser } from './User.js';
@ -15,6 +15,18 @@ export class MiMeta {
 	})
 	public id: string;
 	@Column({
 		...id(),
 		nullable: true,
 	})
 	public rootUserId: MiUser['id'] | null;
 	@ManyToOne(type => MiUser, {
 		onDelete: 'SET NULL',
 		nullable: true,
 	})
 	public rootUser: MiUser | null;
 	@Column('varchar', {
 		length: 1024, nullable: true,
 	})
@ -172,18 +184,6 @@ export class MiMeta {
 	})
 	public cacheRemoteSensitiveFiles: boolean;
 	@Column({
 		...id(),
 		nullable: true,
 	})
 	public proxyAccountId: MiUser['id'] | null;
 	@ManyToOne(type => MiUser, {
 		onDelete: 'SET NULL',
 	})
 	@JoinColumn()
 	public proxyAccount: MiUser | null;
 	@Column('boolean', {
 		default: false,
 	})
--- a/packages/backend/src/models/RepositoryModule.ts
+++ b/packages/backend/src/models/RepositoryModule.ts
@ -3,7 +3,6 @@
 * SPDX-License-Identifier: AGPL-3.0-only
 */
 import type { Provider } from '@nestjs/common';
 import { Module } from '@nestjs/common';
 import { DI } from '@/di-symbols.js';
 import {
@ -63,6 +62,7 @@ import {
 	MiRoleAssignment,
 	MiSignin,
 	MiSwSubscription,
 	MiSystemAccount,
 	MiSystemWebhook,
 	MiUsedUsername,
 	MiUser,
@ -77,8 +77,9 @@ import {
 	MiUserProfile,
 	MiUserPublickey,
 	MiUserSecurityKey,
-	MiWebhook
+	MiWebhook,
 } from './_.js';
 import type { Provider } from '@nestjs/common';
 import type { DataSource } from 'typeorm';
 const $usersRepository: Provider = {
@ -285,6 +286,12 @@ const $swSubscriptionsRepository: Provider = {
 	inject: [DI.db],
 };
 const $systemAccountsRepository: Provider = {
 	provide: DI.systemAccountsRepository,
 	useFactory: (db: DataSource) => db.getRepository(MiSystemAccount),
 	inject: [DI.db],
 };
 const $hashtagsRepository: Provider = {
 	provide: DI.hashtagsRepository,
 	useFactory: (db: DataSource) => db.getRepository(MiHashtag).extend(miRepository as MiRepository<MiHashtag>),
@ -532,6 +539,7 @@ const $reversiGamesRepository: Provider = {
 		$renoteMutingsRepository,
 		$blockingsRepository,
 		$swSubscriptionsRepository,
 		$systemAccountsRepository,
 		$hashtagsRepository,
 		$abuseUserReportsRepository,
 		$abuseReportNotificationRecipientRepository,
@ -603,6 +611,7 @@ const $reversiGamesRepository: Provider = {
 		$renoteMutingsRepository,
 		$blockingsRepository,
 		$swSubscriptionsRepository,
 		$systemAccountsRepository,
 		$hashtagsRepository,
 		$abuseUserReportsRepository,
 		$abuseReportNotificationRecipientRepository,
--- a/packages/backend/src/models/SystemAccount.ts
+++ b/packages/backend/src/models/SystemAccount.ts
@ -0,0 +1,31 @@
 /*
 * SPDX-FileCopyrightText: syuilo and misskey-project
 * SPDX-License-Identifier: AGPL-3.0-only
 */
 import { Column, Entity, Index, JoinColumn, ManyToOne, PrimaryColumn } from 'typeorm';
 import { Serialized } from '@/types.js';
 import { id } from './util/id.js';
 import { MiUser } from './User.js';
@Entity('system_account')
@Index(['type'], { unique: true })
 export class MiSystemAccount {
 	@PrimaryColumn(id())
 	public id: string;
 	@Index()
 	@Column(id())
 	public userId: MiUser['id'];
 	@ManyToOne(type => MiUser, {
 		onDelete: 'CASCADE',
 	})
 	@JoinColumn()
 	public user: MiUser | null;
 	@Column('varchar', {
 		length: 256,
 	})
 	public type: string;
 }
--- a/packages/backend/src/models/User.ts
+++ b/packages/backend/src/models/User.ts
@ -184,12 +184,6 @@ export class MiUser {
 	})
 	public isCat: boolean;
 	@Column('boolean', {
 		default: false,
 		comment: 'Whether the User is the root.',
 	})
 	public isRoot: boolean;
 	@Index()
 	@Column('boolean', {
 		default: true,
--- a/packages/backend/src/models/_.ts
+++ b/packages/backend/src/models/_.ts
@ -56,6 +56,7 @@ import { MiRegistryItem } from '@/models/RegistryItem.js';
 import { MiRelay } from '@/models/Relay.js';
 import { MiSignin } from '@/models/Signin.js';
 import { MiSwSubscription } from '@/models/SwSubscription.js';
 import { MiSystemAccount } from '@/models/SystemAccount.js';
 import { MiUsedUsername } from '@/models/UsedUsername.js';
 import { MiUser } from '@/models/User.js';
 import { MiUserIp } from '@/models/UserIp.js';
@ -171,6 +172,7 @@ export {
 	MiRelay,
 	MiSignin,
 	MiSwSubscription,
 	MiSystemAccount,
 	MiUsedUsername,
 	MiUser,
 	MiUserIp,
@ -242,6 +244,7 @@ export type RegistryItemsRepository = Repository<MiRegistryItem> & MiRepository<
 export type RelaysRepository = Repository<MiRelay> & MiRepository<MiRelay>;
 export type SigninsRepository = Repository<MiSignin> & MiRepository<MiSignin>;
 export type SwSubscriptionsRepository = Repository<MiSwSubscription> & MiRepository<MiSwSubscription>;
 export type SystemAccountsRepository = Repository<MiSystemAccount> & MiRepository<MiSystemAccount>;
 export type UsedUsernamesRepository = Repository<MiUsedUsername> & MiRepository<MiUsedUsername>;
 export type UsersRepository = Repository<MiUser> & MiRepository<MiUser>;
 export type UserIpsRepository = Repository<MiUserIp> & MiRepository<MiUserIp>;
--- a/packages/backend/src/postgres.ts
+++ b/packages/backend/src/postgres.ts
@ -82,6 +82,7 @@ import { MiReversiGame } from '@/models/ReversiGame.js';
 import { Config } from '@/config.js';
 import MisskeyLogger from '@/logger.js';
 import { bindThis } from '@/decorators.js';
 import { MiSystemAccount } from './models/SystemAccount.js';
 pg.types.setTypeParser(20, Number);
@ -206,6 +207,7 @@ export const entities = [
 	MiEmoji,
 	MiHashtag,
 	MiSwSubscription,
 	MiSystemAccount,
 	MiAbuseUserReport,
 	MiAbuseReportNotificationRecipient,
 	MiRegistrationTicket,
--- a/packages/backend/src/server/NodeinfoServerService.ts
+++ b/packages/backend/src/server/NodeinfoServerService.ts
@ -9,11 +9,11 @@ import type { Config } from '@/config.js';
 import { MetaService } from '@/core/MetaService.js';
 import { MAX_NOTE_TEXT_LENGTH } from '@/const.js';
 import { MemorySingleCache } from '@/misc/cache.js';
 import { UserEntityService } from '@/core/entities/UserEntityService.js';
 import { bindThis } from '@/decorators.js';
 import NotesChart from '@/core/chart/charts/notes.js';
 import UsersChart from '@/core/chart/charts/users.js';
 import { DEFAULT_POLICIES } from '@/core/RoleService.js';
 import { SystemAccountService } from '@/core/SystemAccountService.js';
 import type { FastifyInstance, FastifyPluginOptions } from 'fastify';
 const nodeinfo2_1path = '/nodeinfo/2.1';
@ -26,7 +26,7 @@ export class NodeinfoServerService {
 		@Inject(DI.config)
 		private config: Config,
-		private userEntityService: UserEntityService,
+		private systemAccountService: SystemAccountService,
 		private metaService: MetaService,
 		private notesChart: NotesChart,
 		private usersChart: UsersChart,
@ -70,7 +70,7 @@ export class NodeinfoServerService {
 			const activeHalfyear = null;
 			const activeMonth = null;
-			const proxyAccount = meta.proxyAccountId ? await this.userEntityService.pack(meta.proxyAccountId).catch(() => null) : null;
+			const proxyAccount = await this.systemAccountService.fetch('proxy');
 			const basePolicies = { ...DEFAULT_POLICIES, ...meta.policies };
@ -123,7 +123,7 @@ export class NodeinfoServerService {
 					maxNoteTextLength: MAX_NOTE_TEXT_LENGTH,
 					enableEmail: meta.enableEmail,
 					enableServiceWorker: meta.enableServiceWorker,
-					proxyAccountName: proxyAccount ? proxyAccount.username : null,
+					proxyAccountName: proxyAccount.username,
 					themeColor: meta.themeColor ?? '#86b300',
 				},
 			};
--- a/packages/backend/src/server/api/ApiCallService.ts
+++ b/packages/backend/src/server/api/ApiCallService.ts
@ -371,7 +371,7 @@ export class ApiCallService implements OnApplicationShutdown {
 			}
 		}
-		if ((ep.meta.requireModerator || ep.meta.requireAdmin) && !user!.isRoot) {
+		if ((ep.meta.requireModerator || ep.meta.requireAdmin) && (this.meta.rootUserId !== user!.id)) {
 			const myRoles = await this.roleService.getUserRoles(user!.id);
 			if (ep.meta.requireModerator && !myRoles.some(r => r.isModerator || r.isAdministrator)) {
 				throw new ApiError({
@ -391,7 +391,7 @@ export class ApiCallService implements OnApplicationShutdown {
 			}
 		}
-		if (ep.meta.requireRolePolicy != null && !user!.isRoot) {
+		if (ep.meta.requireRolePolicy != null && (this.meta.rootUserId !== user!.id)) {
 			const myRoles = await this.roleService.getUserRoles(user!.id);
 			const policies = await this.roleService.getUserPolicies(user!.id);
 			if (!policies[ep.meta.requireRolePolicy] && !myRoles.some(r => r.isAdministrator)) {
--- a/packages/backend/src/server/api/endpoint-list.ts
+++ b/packages/backend/src/server/api/endpoint-list.ts
@ -100,6 +100,7 @@ export * as 'admin/unset-user-banner' from './endpoints/admin/unset-user-banner.
 export * as 'admin/unsuspend-user' from './endpoints/admin/unsuspend-user.js';
 export * as 'admin/update-abuse-user-report' from './endpoints/admin/update-abuse-user-report.js';
 export * as 'admin/update-meta' from './endpoints/admin/update-meta.js';
 export * as 'admin/update-proxy-account' from './endpoints/admin/update-proxy-account.js';
 export * as 'admin/update-user-note' from './endpoints/admin/update-user-note.js';
 export * as 'announcements' from './endpoints/announcements.js';
 export * as 'announcements/show' from './endpoints/announcements/show.js';
--- a/packages/backend/src/server/api/endpoints/admin/accounts/create.ts
+++ b/packages/backend/src/server/api/endpoints/admin/accounts/create.ts
@ -4,12 +4,10 @@
 */
 import { Inject, Injectable } from '@nestjs/common';
 import { IsNull } from 'typeorm';
 import { Endpoint } from '@/server/api/endpoint-base.js';
-import type { UsersRepository } from '@/models/_.js';
+import type { MiMeta, UsersRepository } from '@/models/_.js';
 import { SignupService } from '@/core/SignupService.js';
 import { UserEntityService } from '@/core/entities/UserEntityService.js';
 import { InstanceActorService } from '@/core/InstanceActorService.js';
 import { localUsernameSchema, passwordSchema } from '@/models/User.js';
 import { DI } from '@/di-symbols.js';
 import type { Config } from '@/config.js';
@ -62,18 +60,19 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
 		@Inject(DI.config)
 		private config: Config,
 		@Inject(DI.meta)
 		private serverSettings: MiMeta,
 		@Inject(DI.usersRepository)
 		private usersRepository: UsersRepository,
 		private userEntityService: UserEntityService,
 		private signupService: SignupService,
 		private instanceActorService: InstanceActorService,
 	) {
 		super(meta, paramDef, async (ps, _me, token) => {
 			const me = _me ? await this.usersRepository.findOneByOrFail({ id: _me.id }) : null;
 			const realUsers = await this.instanceActorService.realLocalUsersPresent();
-			if (!realUsers && me == null && token == null) {
+			if (this.serverSettings.rootUserId == null && me == null && token == null) {
 				// 初回セットアップの場合
 				if (this.config.setupPassword != null) {
 					// 初期パスワードが設定されている場合
@ -85,7 +84,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
 					// 初期パスワードが設定されていないのに初期パスワードが入力された場合
 					throw new ApiError(meta.errors.wrongInitialPassword);
 				}
-			} else if ((realUsers && !me?.isRoot) || token !== null) {
+			} else if ((this.serverSettings.rootUserId != null && (this.serverSettings.rootUserId !== me?.id)) || token !== null) {
 				// 初回セットアップではなく、管理者でない場合 or 外部トークンを使用している場合
 				throw new ApiError(meta.errors.accessDenied);
 			}
--- a/packages/backend/src/server/api/endpoints/admin/accounts/delete.ts
+++ b/packages/backend/src/server/api/endpoints/admin/accounts/delete.ts
@ -42,10 +42,6 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
 				throw new Error('user not found');
 			}
 			if (user.isRoot) {
 				throw new Error('cannot delete a root account');
 			}
 			await this.deleteAccoountService.deleteAccount(user, me);
 		});
 	}
--- a/packages/backend/src/server/api/endpoints/admin/meta.ts
+++ b/packages/backend/src/server/api/endpoints/admin/meta.ts
@ -9,6 +9,7 @@ import { MetaService } from '@/core/MetaService.js';
 import type { Config } from '@/config.js';
 import { DI } from '@/di-symbols.js';
 import { DEFAULT_POLICIES } from '@/core/RoleService.js';
 import { SystemAccountService } from '@/core/SystemAccountService.js';
 export const meta = {
 	tags: ['meta'],
@ -237,7 +238,7 @@ export const meta = {
 			},
 			proxyAccountId: {
 				type: 'string',
-				optional: false, nullable: true,
+				optional: false, nullable: false,
 				format: 'id',
 			},
 			email: {
@ -545,10 +546,13 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
 		private config: Config,
 		private metaService: MetaService,
 		private systemAccountService: SystemAccountService,
 	) {
 		super(meta, paramDef, async () => {
 			const instance = await this.metaService.fetch(true);
 			const proxy = await this.systemAccountService.fetch('proxy');
 			return {
 				maintainerName: instance.maintainerName,
 				maintainerEmail: instance.maintainerEmail,
@ -613,7 +617,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
 				sensitiveMediaDetectionSensitivity: instance.sensitiveMediaDetectionSensitivity,
 				setSensitiveFlagAutomatically: instance.setSensitiveFlagAutomatically,
 				enableSensitiveMediaDetectionForVideos: instance.enableSensitiveMediaDetectionForVideos,
-				proxyAccountId: instance.proxyAccountId,
+				proxyAccountId: proxy.id,
 				email: instance.email,
 				smtpSecure: instance.smtpSecure,
 				smtpHost: instance.smtpHost,
--- a/packages/backend/src/server/api/endpoints/admin/reset-password.ts
+++ b/packages/backend/src/server/api/endpoints/admin/reset-password.ts
@ -6,7 +6,7 @@
 import { Inject, Injectable } from '@nestjs/common';
 import bcrypt from 'bcryptjs';
 import { Endpoint } from '@/server/api/endpoint-base.js';
-import type { UsersRepository, UserProfilesRepository } from '@/models/_.js';
+import type { UsersRepository, UserProfilesRepository, MiMeta } from '@/models/_.js';
 import { DI } from '@/di-symbols.js';
 import { secureRndstr } from '@/misc/secure-rndstr.js';
 import { ModerationLogService } from '@/core/ModerationLogService.js';
@ -43,6 +43,9 @@ export const paramDef = {
@Injectable()
 export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-disable-line import/no-default-export
 	constructor(
 		@Inject(DI.meta)
 		private serverSettings: MiMeta,
 		@Inject(DI.usersRepository)
 		private usersRepository: UsersRepository,
@ -58,7 +61,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
 				throw new Error('user not found');
 			}
-			if (user.isRoot) {
+			if (this.serverSettings.rootUserId === user.id) {
 				throw new Error('cannot reset password of root');
 			}
--- a/packages/backend/src/server/api/endpoints/admin/update-meta.ts
+++ b/packages/backend/src/server/api/endpoints/admin/update-meta.ts
@ -89,7 +89,6 @@ export const paramDef = {
 		sensitiveMediaDetectionSensitivity: { type: 'string', enum: ['medium', 'low', 'high', 'veryLow', 'veryHigh'] },
 		setSensitiveFlagAutomatically: { type: 'boolean' },
 		enableSensitiveMediaDetectionForVideos: { type: 'boolean' },
 		proxyAccountId: { type: 'string', format: 'misskey:id', nullable: true },
 		maintainerName: { type: 'string', nullable: true },
 		maintainerEmail: { type: 'string', nullable: true },
 		langs: {
@ -394,10 +393,6 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
 				set.enableSensitiveMediaDetectionForVideos = ps.enableSensitiveMediaDetectionForVideos;
 			}
 			if (ps.proxyAccountId !== undefined) {
 				set.proxyAccountId = ps.proxyAccountId;
 			}
 			if (ps.maintainerName !== undefined) {
 				set.maintainerName = ps.maintainerName;
 			}
--- a/packages/backend/src/server/api/endpoints/admin/update-proxy-account.ts
+++ b/packages/backend/src/server/api/endpoints/admin/update-proxy-account.ts
@ -0,0 +1,62 @@
 /*
 * SPDX-FileCopyrightText: syuilo and misskey-project
 * SPDX-License-Identifier: AGPL-3.0-only
 */
 import { Injectable } from '@nestjs/common';
 import { Endpoint } from '@/server/api/endpoint-base.js';
 import {
 	descriptionSchema,
 } from '@/models/User.js';
 import { UserEntityService } from '@/core/entities/UserEntityService.js';
 import { ModerationLogService } from '@/core/ModerationLogService.js';
 import { SystemAccountService } from '@/core/SystemAccountService.js';
 export const meta = {
 	tags: ['admin'],
 	requireCredential: true,
 	requireModerator: true,
 	kind: 'write:admin:account',
 	res: {
 		type: 'object',
 		nullable: false, optional: false,
 		ref: 'UserDetailed',
 	},
 } as const;
 export const paramDef = {
 	type: 'object',
 	properties: {
 		description: { ...descriptionSchema, nullable: true },
 	},
 } as const;
@Injectable()
 export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-disable-line import/no-default-export
 	constructor(
 		private userEntityService: UserEntityService,
 		private moderationLogService: ModerationLogService,
 		private systemAccountService: SystemAccountService,
 	) {
 		super(meta, paramDef, async (ps, me) => {
 			const proxy = await this.systemAccountService.updateCorrespondingUserProfile('proxy', {
 				description: ps.description,
 			});
 			const updated = await this.userEntityService.pack(proxy.id, proxy, {
 				schema: 'MeDetailed',
 			});
 			if (ps.description !== undefined) {
 				this.moderationLogService.log(me, 'updateProxyAccountDescription', {
 					before: null, //TODO
 					after: ps.description,
 				});
 			}
 			return updated;
 		});
 	}
 }
--- a/packages/backend/src/server/api/endpoints/i/move.ts
+++ b/packages/backend/src/server/api/endpoints/i/move.ts
@ -3,7 +3,7 @@
 * SPDX-License-Identifier: AGPL-3.0-only
 */
-import { Injectable } from '@nestjs/common';
+import { Inject, Injectable } from '@nestjs/common';
 import ms from 'ms';
 import { Endpoint } from '@/server/api/endpoint-base.js';
@ -19,6 +19,8 @@ import { ApPersonService } from '@/core/activitypub/models/ApPersonService.js';
 import { UserEntityService } from '@/core/entities/UserEntityService.js';
 import * as Acct from '@/misc/acct.js';
 import { DI } from '@/di-symbols.js';
 import { MiMeta } from '@/models/_.js';
 export const meta = {
 	tags: ['users'],
@ -81,6 +83,9 @@ export const paramDef = {
@Injectable()
 export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-disable-line import/no-default-export
 	constructor(
 		@Inject(DI.meta)
 		private serverSettings: MiMeta,
 		private remoteUserResolveService: RemoteUserResolveService,
 		private apiLoggerService: ApiLoggerService,
 		private accountMoveService: AccountMoveService,
@ -92,7 +97,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
 			// check parameter
 			if (!ps.moveToAccount) throw new ApiError(meta.errors.noSuchUser);
 			// abort if user is the root
-			if (me.isRoot) throw new ApiError(meta.errors.rootForbidden);
+			if (this.serverSettings.rootUserId === me.id) throw new ApiError(meta.errors.rootForbidden);
 			// abort if user has already moved
 			if (me.movedToUri) throw new ApiError(meta.errors.alreadyMoved);
--- a/packages/backend/src/server/api/endpoints/reset-db.ts
+++ b/packages/backend/src/server/api/endpoints/reset-db.ts
@ -6,9 +6,12 @@
 import { Inject, Injectable } from '@nestjs/common';
 import { DataSource } from 'typeorm';
 import * as Redis from 'ioredis';
 import { LoggerService } from '@/core/LoggerService.js';
 import { Endpoint } from '@/server/api/endpoint-base.js';
 import { DI } from '@/di-symbols.js';
 import { resetDb } from '@/misc/reset-db.js';
 import { MetaService } from '@/core/MetaService.js';
 import { GlobalEventService } from '@/core/GlobalEventService.js';
 export const meta = {
 	tags: ['non-productive'],
@ -36,13 +39,27 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
 		@Inject(DI.redis)
 		private redisClient: Redis.Redis,
 		private loggerService: LoggerService,
 		private metaService: MetaService,
 		private globalEventService: GlobalEventService,
 	) {
 		super(meta, paramDef, async (ps, me) => {
 			if (process.env.NODE_ENV !== 'test') throw new Error('NODE_ENV is not a test');
-			await redisClient.flushdb();
+			const logger = this.loggerService.getLogger('reset-db');
 			logger.info('---- Resetting database...');
 			await this.redisClient.flushdb();
 			await resetDb(this.db);
 			// DIコンテナで管理しているmetaのインスタンスには上記のリセット処理が届かないため、
 			// 初期値を流して明示的にリフレッシュする
 			const meta = await this.metaService.fetch(true);
 			this.globalEventService.publishInternalEvent('metaUpdated', { after: meta });
 			logger.info('---- Database reset complete.');
 			await new Promise(resolve => setTimeout(resolve, 1000));
 		});
 	}
--- a/packages/backend/src/types.ts
+++ b/packages/backend/src/types.ts
@ -122,6 +122,7 @@ export const moderationLogTypes = [
 	'deletePage',
 	'deleteFlash',
 	'deleteGalleryPost',
 	'updateProxyAccountDescription',
 ] as const;
 export type ModerationLogPayloads = {
@ -374,25 +375,29 @@ export type ModerationLogPayloads = {
 		postUserUsername: string;
 		post: any;
 	};
 	updateProxyAccountDescription: {
 		before: string | null;
 		after: string | null;
 	};
 };
 export type Serialized<T> = {
 	[K in keyof T]:
-		T[K] extends Date
+	T[K] extends Date
-			? string
+		? string
-			: T[K] extends (Date | null)
+		: T[K] extends (Date | null)
-				? (string | null)
+			? (string | null)
-				: T[K] extends Record<string, any>
+			: T[K] extends Record<string, any>
-					? Serialized<T[K]>
+				? Serialized<T[K]>
-					: T[K] extends (Record<string, any> | null)
+				: T[K] extends (Record<string, any> | null)
 					? (Serialized<T[K]> | null)
-						: T[K] extends (Record<string, any> | undefined)
+					: T[K] extends (Record<string, any> | undefined)
 						? (Serialized<T[K]> | undefined)
-							: T[K];
+						: T[K];
 };
 export type FilterUnionByProperty<
-  Union,
+	Union,
-  Property extends string | number | symbol,
+	Property extends string | number | symbol,
-  Condition
+	Condition,
 > = Union extends Record<Property, Condition> ? Union : never;
--- a/packages/backend/test-federation/compose.yml
+++ b/packages/backend/test-federation/compose.yml
@ -20,8 +20,12 @@ services:
    depends_on:
      a.test:
        condition: service_healthy
      misskey.a.test:
        condition: service_healthy
      b.test:
        condition: service_healthy
      misskey.b.test:
        condition: service_healthy
    environment:
      - NODE_ENV=development
      - NODE_EXTRA_CA_CERTS=/usr/local/share/ca-certificates/rootCA.crt
--- a/packages/backend/test-federation/test/abuse-report.test.ts
+++ b/packages/backend/test-federation/test/abuse-report.test.ts
@ -35,7 +35,7 @@ describe('Abuse report', () => {
 			const reportsInB = await bModerator.client.request('admin/abuse-user-reports', {});
 			const reportInB = reportsInB.filter(report => report.comment.includes(comment))[0];
 			// NOTE: reporter is not Alice, and is not moderator in A
-			strictEqual(reportInB.reporter.url, 'https://a.test/@instance.actor');
+			strictEqual(reportInB.reporter.url, 'https://a.test/@system.actor');
 			strictEqual(reportInB.targetUserId, bob.id);
 			// NOTE: cannot forward multiple times
--- a/packages/backend/test-federation/test/user.test.ts
+++ b/packages/backend/test-federation/test/user.test.ts
@ -37,6 +37,7 @@ describe('User', () => {
 					'id',
 					'host',
 					'avatarUrl',
 					'avatarBlurhash',
 					'instance',
 					'badgeRoles',
 					'url',
@ -379,7 +380,8 @@ describe('User', () => {
 				strictEqual(followers.length, 1); // followed by Bob
 				await alice.client.request('i/delete-account', { password: alice.password });
-				await sleep();
+				// NOTE: user deletion query is slow
 				await sleep(4000);
 				const following = await bob.client.request('users/following', { userId: bob.id });
 				strictEqual(following.length, 0); // no following relation
@ -477,7 +479,8 @@ describe('User', () => {
 				strictEqual(followers.length, 1); // followed by Bob
 				await aAdmin.client.request('admin/suspend-user', { userId: alice.id });
-				await sleep();
+				// NOTE: user deletion query is slow
 				await sleep(4000);
 				const following = await bob.client.request('users/following', { userId: bob.id });
 				strictEqual(following.length, 0); // no following relation
--- a/packages/backend/test-federation/test/utils.ts
+++ b/packages/backend/test-federation/test/utils.ts
@ -36,7 +36,7 @@ export type Request = <
 type Host = 'a.test' | 'b.test';
-export async function sleep(ms = 200): Promise<void> {
+export async function sleep(ms = 250): Promise<void> {
 	return new Promise(resolve => setTimeout(resolve, ms));
 }
--- a/packages/backend/test/misc/mock-resolver.ts
+++ b/packages/backend/test/misc/mock-resolver.ts
@ -7,14 +7,10 @@ import type { Config } from '@/config.js';
 import type { ApDbResolverService } from '@/core/activitypub/ApDbResolverService.js';
 import type { ApRendererService } from '@/core/activitypub/ApRendererService.js';
 import type { ApRequestService } from '@/core/activitypub/ApRequestService.js';
 import { Resolver } from '@/core/activitypub/ApResolverService.js';
 import type { IObject } from '@/core/activitypub/type.js';
 import type { HttpRequestService } from '@/core/HttpRequestService.js';
 import type { InstanceActorService } from '@/core/InstanceActorService.js';
 import type { LoggerService } from '@/core/LoggerService.js';
 import type { MetaService } from '@/core/MetaService.js';
 import type { UtilityService } from '@/core/UtilityService.js';
 import { bindThis } from '@/decorators.js';
 import type {
 	FollowRequestsRepository,
 	MiMeta,
@ -23,6 +19,9 @@ import type {
 	PollsRepository,
 	UsersRepository,
 } from '@/models/_.js';
 import { SystemAccountService } from '@/core/SystemAccountService.js';
 import { bindThis } from '@/decorators.js';
 import { Resolver } from '@/core/activitypub/ApResolverService.js';
 type MockResponse = {
 	type: string;
@ -43,7 +42,7 @@ export class MockResolver extends Resolver {
 			{} as NoteReactionsRepository,
 			{} as FollowRequestsRepository,
 			{} as UtilityService,
-			{} as InstanceActorService,
+			{} as SystemAccountService,
 			{} as ApRequestService,
 			{} as HttpRequestService,
 			{} as ApRendererService,
--- a/packages/backend/test/unit/AbuseReportNotificationService.ts
+++ b/packages/backend/test/unit/AbuseReportNotificationService.ts
@ -149,9 +149,9 @@ describe('AbuseReportNotificationService', () => {
 	});
 	beforeEach(async () => {
-		root = await createUser({ username: 'root', usernameLower: 'root', isRoot: true });
+		root = await createUser({ username: 'root', usernameLower: 'root' });
-		alice = await createUser({ username: 'alice', usernameLower: 'alice', isRoot: false });
+		alice = await createUser({ username: 'alice', usernameLower: 'alice' });
-		bob = await createUser({ username: 'bob', usernameLower: 'bob', isRoot: false });
+		bob = await createUser({ username: 'bob', usernameLower: 'bob' });
 		systemWebhook1 = await createWebhook();
 		systemWebhook2 = await createWebhook();
--- a/packages/backend/test/unit/FlashService.ts
+++ b/packages/backend/test/unit/FlashService.ts
@ -79,9 +79,9 @@ describe('FlashService', () => {
 		userProfilesRepository = app.get(DI.userProfilesRepository);
 		idService = app.get(IdService);
-		root = await createUser({ username: 'root', usernameLower: 'root', isRoot: true });
+		root = await createUser({ username: 'root', usernameLower: 'root' });
-		alice = await createUser({ username: 'alice', usernameLower: 'alice', isRoot: false });
+		alice = await createUser({ username: 'alice', usernameLower: 'alice' });
-		bob = await createUser({ username: 'bob', usernameLower: 'bob', isRoot: false });
+		bob = await createUser({ username: 'bob', usernameLower: 'bob' });
 	});
 	afterEach(async () => {
--- a/packages/backend/test/unit/RelayService.ts
+++ b/packages/backend/test/unit/RelayService.ts
@ -3,24 +3,21 @@
 * SPDX-License-Identifier: AGPL-3.0-only
 */
 import { UtilityService } from '@/core/UtilityService.js';
 process.env.NODE_ENV = 'test';
 import { jest } from '@jest/globals';
 import { ModuleMocker } from 'jest-mock';
 import { Test } from '@nestjs/testing';
-import { GlobalModule } from '@/GlobalModule.js';
+import { ModuleMocker } from 'jest-mock';
 import { RelayService } from '@/core/RelayService.js';
 import { ApRendererService } from '@/core/activitypub/ApRendererService.js';
 import { CreateSystemUserService } from '@/core/CreateSystemUserService.js';
 import { UserEntityService } from '@/core/entities/UserEntityService.js';
 import { QueueService } from '@/core/QueueService.js';
 import { IdService } from '@/core/IdService.js';
 import type { RelaysRepository } from '@/models/_.js';
 import { DI } from '@/di-symbols.js';
 import type { TestingModule } from '@nestjs/testing';
 import type { MockFunctionMetadata } from 'jest-mock';
 import { ApRendererService } from '@/core/activitypub/ApRendererService.js';
 import { UserEntityService } from '@/core/entities/UserEntityService.js';
 import { IdService } from '@/core/IdService.js';
 import { QueueService } from '@/core/QueueService.js';
 import { RelayService } from '@/core/RelayService.js';
 import { SystemAccountService } from '@/core/SystemAccountService.js';
 import { GlobalModule } from '@/GlobalModule.js';
 import { UtilityService } from '@/core/UtilityService.js';
 const moduleMocker = new ModuleMocker(global);
@ -28,8 +25,6 @@ describe('RelayService', () => {
 	let app: TestingModule;
 	let relayService: RelayService;
 	let queueService: jest.Mocked<QueueService>;
 	let relaysRepository: RelaysRepository;
 	let userEntityService: UserEntityService;
 	beforeAll(async () => {
 		app = await Test.createTestingModule({
@ -38,10 +33,10 @@ describe('RelayService', () => {
 			],
 			providers: [
 				IdService,
 				CreateSystemUserService,
 				ApRendererService,
 				RelayService,
 				UserEntityService,
 				SystemAccountService,
 				UtilityService,
 			],
 		})
@ -61,8 +56,6 @@ describe('RelayService', () => {
 		relayService = app.get<RelayService>(RelayService);
 		queueService = app.get<QueueService>(QueueService) as jest.Mocked<QueueService>;
 		relaysRepository = app.get<RelaysRepository>(DI.relaysRepository);
 		userEntityService = app.get<UserEntityService>(UserEntityService);
 	});
 	afterAll(async () => {
--- a/packages/backend/test/unit/RoleService.ts
+++ b/packages/backend/test/unit/RoleService.ts
@ -57,6 +57,12 @@ describe('RoleService', () => {
 		return await usersRepository.findOneByOrFail(x.identifiers[0]);
 	}
 	async function createRoot(data: Partial<MiUser> = {}) {
 		const user = await createUser(data);
 		meta.rootUserId = user.id;
 		return user;
 	}
 	async function createRole(data: Partial<MiRole> = {}) {
 		const x = await rolesRepository.insert({
 			id: genAidx(Date.now()),
@ -279,7 +285,7 @@ describe('RoleService', () => {
 	describe('getModeratorIds', () => {
 		test('includeAdmins = false, includeRoot = false, excludeExpire = false', async () => {
 			const [adminUser1, adminUser2, modeUser1, modeUser2, normalUser1, normalUser2, rootUser] = await Promise.all([
-				createUser(), createUser(), createUser(), createUser(), createUser(), createUser(), createUser({ isRoot: true }),
+				createUser(), createUser(), createUser(), createUser(), createUser(), createUser(), createRoot(),
 			]);
 			const role1 = await createRole({ name: 'admin', isAdministrator: true });
@ -305,7 +311,7 @@ describe('RoleService', () => {
 		test('includeAdmins = false, includeRoot = false, excludeExpire = true', async () => {
 			const [adminUser1, adminUser2, modeUser1, modeUser2, normalUser1, normalUser2, rootUser] = await Promise.all([
-				createUser(), createUser(), createUser(), createUser(), createUser(), createUser(), createUser({ isRoot: true }),
+				createUser(), createUser(), createUser(), createUser(), createUser(), createUser(), createRoot(),
 			]);
 			const role1 = await createRole({ name: 'admin', isAdministrator: true });
@ -331,7 +337,7 @@ describe('RoleService', () => {
 		test('includeAdmins = true, includeRoot = false, excludeExpire = false', async () => {
 			const [adminUser1, adminUser2, modeUser1, modeUser2, normalUser1, normalUser2, rootUser] = await Promise.all([
-				createUser(), createUser(), createUser(), createUser(), createUser(), createUser(), createUser({ isRoot: true }),
+				createUser(), createUser(), createUser(), createUser(), createUser(), createUser(), createRoot(),
 			]);
 			const role1 = await createRole({ name: 'admin', isAdministrator: true });
@ -357,7 +363,7 @@ describe('RoleService', () => {
 		test('includeAdmins = true, includeRoot = false, excludeExpire = true', async () => {
 			const [adminUser1, adminUser2, modeUser1, modeUser2, normalUser1, normalUser2, rootUser] = await Promise.all([
-				createUser(), createUser(), createUser(), createUser(), createUser(), createUser(), createUser({ isRoot: true }),
+				createUser(), createUser(), createUser(), createUser(), createUser(), createUser(), createRoot(),
 			]);
 			const role1 = await createRole({ name: 'admin', isAdministrator: true });
@ -383,7 +389,7 @@ describe('RoleService', () => {
 		test('includeAdmins = false, includeRoot = true, excludeExpire = false', async () => {
 			const [adminUser1, adminUser2, modeUser1, modeUser2, normalUser1, normalUser2, rootUser] = await Promise.all([
-				createUser(), createUser(), createUser(), createUser(), createUser(), createUser(), createUser({ isRoot: true }),
+				createUser(), createUser(), createUser(), createUser(), createUser(), createUser(), createRoot(),
 			]);
 			const role1 = await createRole({ name: 'admin', isAdministrator: true });
@ -409,7 +415,7 @@ describe('RoleService', () => {
 		test('root has moderator role', async () => {
 			const [adminUser1, modeUser1, normalUser1, rootUser] = await Promise.all([
-				createUser(), createUser(), createUser(), createUser({ isRoot: true }),
+				createUser(), createUser(), createUser(), createRoot(),
 			]);
 			const role1 = await createRole({ name: 'admin', isAdministrator: true });
@ -433,7 +439,7 @@ describe('RoleService', () => {
 		test('root has administrator role', async () => {
 			const [adminUser1, modeUser1, normalUser1, rootUser] = await Promise.all([
-				createUser(), createUser(), createUser(), createUser({ isRoot: true }),
+				createUser(), createUser(), createUser(), createRoot(),
 			]);
 			const role1 = await createRole({ name: 'admin', isAdministrator: true });
@ -457,7 +463,7 @@ describe('RoleService', () => {
 		test('root has moderator role(expire)', async () => {
 			const [adminUser1, modeUser1, normalUser1, rootUser] = await Promise.all([
-				createUser(), createUser(), createUser(), createUser({ isRoot: true }),
+				createUser(), createUser(), createUser(), createRoot(),
 			]);
 			const role1 = await createRole({ name: 'admin', isAdministrator: true });
--- a/packages/backend/test/unit/SystemWebhookService.ts
+++ b/packages/backend/test/unit/SystemWebhookService.ts
@ -97,7 +97,7 @@ describe('SystemWebhookService', () => {
 	}
 	async function beforeEachImpl() {
-		root = await createUser({ isRoot: true, username: 'root', usernameLower: 'root' });
+		root = await createUser({ username: 'root', usernameLower: 'root' });
 	}
 	async function afterEachImpl() {
--- a/packages/backend/test/unit/UserSearchService.ts
+++ b/packages/backend/test/unit/UserSearchService.ts
@ -113,7 +113,7 @@ describe('UserSearchService', () => {
 	});
 	beforeEach(async () => {
-		root = await createUser({ username: 'root', usernameLower: 'root', isRoot: true });
+		root = await createUser({ username: 'root', usernameLower: 'root' });
 		alice = await createUser({ username: 'Alice', usernameLower: 'alice' });
 		alyce = await createUser({ username: 'Alyce', usernameLower: 'alyce' });
 		alycia = await createUser({ username: 'Alycia', usernameLower: 'alycia' });
--- a/packages/backend/test/unit/UserWebhookService.ts
+++ b/packages/backend/test/unit/UserWebhookService.ts
@ -91,7 +91,7 @@ describe('UserWebhookService', () => {
 	}
 	async function beforeEachImpl() {
-		root = await createUser({ isRoot: true, username: 'root', usernameLower: 'root' });
+		root = await createUser({ username: 'root', usernameLower: 'root' });
 	}
 	async function afterEachImpl() {
--- a/packages/backend/test/unit/WebhookTestService.ts
+++ b/packages/backend/test/unit/WebhookTestService.ts
@ -88,8 +88,8 @@ describe('WebhookTestService', () => {
 	});
 	beforeEach(async () => {
-		root = await createUser({ username: 'root', usernameLower: 'root', isRoot: true });
+		root = await createUser({ username: 'root', usernameLower: 'root' });
-		alice = await createUser({ username: 'alice', usernameLower: 'alice', isRoot: false });
+		alice = await createUser({ username: 'alice', usernameLower: 'alice' });
 		userWebhookService.fetchWebhooks.mockReturnValue(Promise.resolve([
 			{ id: 'dummy-webhook', active: true, userId: alice.id } as MiWebhook,
--- a/packages/backend/test/unit/queue/processors/CheckModeratorsActivityProcessorService.ts
+++ b/packages/backend/test/unit/queue/processors/CheckModeratorsActivityProcessorService.ts
@ -316,7 +316,7 @@ describe('CheckModeratorsActivityProcessorService', () => {
 				createUser({}, { email: 'user2@example.com', emailVerified: false }),
 				createUser({}, { email: null, emailVerified: false }),
 				createUser({}, { email: 'user4@example.com', emailVerified: true }),
-				createUser({ isRoot: true }, { email: 'root@example.com', emailVerified: true }),
+				createUser({}, { email: 'root@example.com', emailVerified: true }),
 			]);
 			mockModeratorRole([user1, user2, user3, root]);
@ -349,7 +349,7 @@ describe('CheckModeratorsActivityProcessorService', () => {
 				createUser({}, { email: 'user2@example.com', emailVerified: false }),
 				createUser({}, { email: null, emailVerified: false }),
 				createUser({}, { email: 'user4@example.com', emailVerified: true }),
-				createUser({ isRoot: true }, { email: 'root@example.com', emailVerified: true }),
+				createUser({}, { email: 'root@example.com', emailVerified: true }),
 			]);
 			mockModeratorRole([user1, user2, user3, root]);
--- a/packages/frontend/src/pages/admin-user.vue
+++ b/packages/frontend/src/pages/admin-user.vue
@ -22,7 +22,7 @@ SPDX-License-Identifier: AGPL-3.0-only
 					</div>
 				</div>
-				<MkInfo v-if="['instance.actor', 'relay.actor'].includes(user.username)">{{ i18n.ts.isSystemAccount }}</MkInfo>
+				<MkInfo v-if="isSystem">{{ i18n.ts.isSystemAccount }}</MkInfo>
 				<FormLink v-if="user.host" :to="`/instance-info/${user.host}`">{{ i18n.ts.instanceInfo }}</FormLink>
@ -37,21 +37,23 @@ SPDX-License-Identifier: AGPL-3.0-only
 						<template #value><span class="_monospace">{{ ips[0].ip }}</span></template>
 					</MkKeyValue>
 					-->
-					<MkKeyValue oneline>
+					<template v-if="!isSystem">
-						<template #key>{{ i18n.ts.createdAt }}</template>
+						<MkKeyValue oneline>
-						<template #value><span class="_monospace"><MkTime :time="user.createdAt" :mode="'detail'"/></span></template>
+							<template #key>{{ i18n.ts.createdAt }}</template>
-					</MkKeyValue>
+							<template #value><span class="_monospace"><MkTime :time="user.createdAt" :mode="'detail'"/></span></template>
-					<MkKeyValue v-if="info" oneline>
+						</MkKeyValue>
-						<template #key>{{ i18n.ts.lastActiveDate }}</template>
+						<MkKeyValue v-if="info" oneline>
-						<template #value><span class="_monospace"><MkTime :time="info.lastActiveDate" :mode="'detail'"/></span></template>
+							<template #key>{{ i18n.ts.lastActiveDate }}</template>
-					</MkKeyValue>
+							<template #value><span class="_monospace"><MkTime :time="info.lastActiveDate" :mode="'detail'"/></span></template>
-					<MkKeyValue v-if="info" oneline>
+						</MkKeyValue>
-						<template #key>{{ i18n.ts.email }}</template>
+						<MkKeyValue v-if="info" oneline>
-						<template #value><span class="_monospace">{{ info.email }}</span></template>
+							<template #key>{{ i18n.ts.email }}</template>
-					</MkKeyValue>
+							<template #value><span class="_monospace">{{ info.email }}</span></template>
 						</MkKeyValue>
 					</template>
 				</div>
-				<MkTextarea v-model="moderationNote" manualSave>
+				<MkTextarea v-if="!isSystem" v-model="moderationNote" manualSave>
 					<template #label>{{ i18n.ts.moderationNote }}</template>
 					<template #caption>{{ i18n.ts.moderationNoteDescription }}</template>
 				</MkTextarea>
@ -92,7 +94,7 @@ SPDX-License-Identifier: AGPL-3.0-only
 				</FormSection>
 			-->
-				<FormSection>
+				<FormSection v-if="!isSystem">
 					<div class="_gaps">
 						<MkSwitch v-model="suspended" @update:modelValue="toggleSuspend">{{ i18n.ts.suspend }}</MkSwitch>
@ -252,6 +254,7 @@ const ap = ref<any>(null);
 const moderator = ref(false);
 const silenced = ref(false);
 const suspended = ref(false);
 const isSystem = ref(false);
 const moderationNote = ref('');
 const filesPagination = {
 	endpoint: 'admin/drive/files' as const,
@ -288,6 +291,7 @@ function createFetcher() {
 		silenced.value = info.value.isSilenced;
 		suspended.value = info.value.isSuspended;
 		moderationNote.value = info.value.moderationNote;
 		isSystem.value = user.value.host == null && user.value.username.includes('.');
 		watch(moderationNote, async () => {
 			await misskeyApi('admin/update-user-note', { userId: user.value.id, text: moderationNote.value });
@ -507,7 +511,15 @@ watch(user, () => {
 const headerActions = computed(() => []);
-const headerTabs = computed(() => [{
+const headerTabs = computed(() => isSystem.value ? [{
 	key: 'overview',
 	title: i18n.ts.overview,
 	icon: 'ti ti-info-circle',
 }, {
 	key: 'raw',
 	title: 'Raw',
 	icon: 'ti ti-code',
 }] : [{
 	key: 'overview',
 	title: i18n.ts.overview,
 	icon: 'ti ti-info-circle',
--- a/packages/frontend/src/pages/admin/modlog.ModLog.vue
+++ b/packages/frontend/src/pages/admin/modlog.ModLog.vue
@ -170,6 +170,11 @@ SPDX-License-Identifier: AGPL-3.0-only
 				<CodeDiff :context="5" :hideHeader="true" :oldString="log.info.before ?? ''" :newString="log.info.after ?? ''" maxHeight="300px"/>
 			</div>
 		</template>
 		<template v-else-if="log.type === 'updateProxyAccountDescription'">
 			<div :class="$style.diff">
 				<CodeDiff :context="5" :hideHeader="true" :oldString="log.info.before ?? ''" :newString="log.info.after ?? ''" maxHeight="300px"/>
 			</div>
 		</template>
 		<details>
 			<summary>raw</summary>
--- a/packages/frontend/src/pages/admin/settings.vue
+++ b/packages/frontend/src/pages/admin/settings.vue
@ -238,15 +238,17 @@ SPDX-License-Identifier: AGPL-3.0-only
 				<MkFolder>
 					<template #icon><i class="ti ti-ghost"></i></template>
 					<template #label>{{ i18n.ts.proxyAccount }}</template>
 					<template v-if="proxyAccountForm.modified.value" #footer>
 						<MkFormFooter :form="proxyAccountForm"/>
 					</template>
 					<div class="_gaps">
 						<MkInfo>{{ i18n.ts.proxyAccountDescription }}</MkInfo>
 						<MkKeyValue>
 							<template #key>{{ i18n.ts.proxyAccount }}</template>
 							<template #value>{{ proxyAccount ? `@${proxyAccount.username}` : i18n.ts.none }}</template>
 						</MkKeyValue>
-						<MkButton primary @click="chooseProxyAccount">{{ i18n.ts.selectAccount }}</MkButton>
+						<MkTextarea v-model="proxyAccountForm.state.description" :max="500" tall mfmAutocomplete :mfmPreview="true">
 							<template #label>{{ i18n.ts._profile.description }}</template>
 							<template #caption>{{ i18n.ts._profile.youCanIncludeHashtags }}</template>
 						</MkTextarea>
 					</div>
 				</MkFolder>
 			</div>
@ -256,7 +258,7 @@ SPDX-License-Identifier: AGPL-3.0-only
 </template>
 <script lang="ts" setup>
-import { ref, computed } from 'vue';
+import { ref, computed, reactive } from 'vue';
 import XHeader from './_header_.vue';
 import MkSwitch from '@/components/MkSwitch.vue';
 import MkInput from '@/components/MkInput.vue';
@ -277,7 +279,7 @@ import MkRadios from '@/components/MkRadios.vue';
 const meta = await misskeyApi('admin/meta');
-const proxyAccount = ref(meta.proxyAccountId ? await misskeyApi('users/show', { userId: meta.proxyAccountId }) : null);
+const proxyAccount = await misskeyApi('users/show', { userId: meta.proxyAccountId });
 const infoForm = useForm({
 	name: meta.name ?? '',
@ -378,16 +380,14 @@ const federationForm = useForm({
 	fetchInstance(true);
 });
-function chooseProxyAccount() {
+const proxyAccountForm = useForm({
-	os.selectUser({ localOnly: true }).then(user => {
+	description: proxyAccount.description,
-		proxyAccount.value = user;
+}, async (state) => {
-		os.apiWithDialog('admin/update-meta', {
+	await os.apiWithDialog('admin/update-proxy-account', {
-			proxyAccountId: user.id,
+		description: state.description,
 		}).then(() => {
 			fetchInstance(true);
 		});
 	});
-}
+	fetchInstance(true);
 });
 const headerTabs = computed(() => []);
--- a/packages/frontend/src/pages/user/home.vue
+++ b/packages/frontend/src/pages/user/home.vue
@ -13,7 +13,8 @@ SPDX-License-Identifier: AGPL-3.0-only
 			<div class="profile _gaps">
 				<MkAccountMoved v-if="user.movedTo" :movedTo="user.movedTo"/>
-				<MkRemoteCaution v-if="user.host != null" :href="user.url ?? user.uri!" class="warn"/>
+				<MkRemoteCaution v-if="user.host != null" :href="user.url ?? user.uri!"/>
 				<MkInfo v-if="user.host == null && user.username.includes('.')">{{ i18n.ts.isSystemAccount }}</MkInfo>
 				<div :key="user.id" class="main _panel">
 					<div class="banner-container" :style="style">
--- a/packages/frontend/test/home.test.ts
+++ b/packages/frontend/test/home.test.ts
@ -42,8 +42,6 @@ describe('XHome', () => {
 		const anchor = home.container.querySelector<HTMLAnchorElement>('a[href^="https://example.com/"]');
 		assert.exists(anchor, 'anchor to the remote exists');
 		assert.strictEqual(anchor?.href, 'https://example.com/@user/profile');
 		assert.ok(anchor?.parentElement?.classList.contains('warn'), 'the parent is a warning');
 	});
 	test('The remote caution should fall back to uri if url is null', async () => {
--- a/packages/misskey-js/etc/misskey-js.api.md
+++ b/packages/misskey-js/etc/misskey-js.api.md
@ -398,6 +398,12 @@ type AdminUpdateAbuseUserReportRequest = operations['admin___update-abuse-user-r
 // @public (undocumented)
 type AdminUpdateMetaRequest = operations['admin___update-meta']['requestBody']['content']['application/json'];
 // @public (undocumented)
 type AdminUpdateProxyAccountRequest = operations['admin___update-proxy-account']['requestBody']['content']['application/json'];
 // @public (undocumented)
 type AdminUpdateProxyAccountResponse = operations['admin___update-proxy-account']['responses']['200']['content']['application/json'];
 // @public (undocumented)
 type AdminUpdateUserNoteRequest = operations['admin___update-user-note']['requestBody']['content']['application/json'];
@ -1357,6 +1363,8 @@ declare namespace entities {
        AdminUnsuspendUserRequest,
        AdminUpdateAbuseUserReportRequest,
        AdminUpdateMetaRequest,
        AdminUpdateProxyAccountRequest,
        AdminUpdateProxyAccountResponse,
        AdminUpdateUserNoteRequest,
        AnnouncementsRequest,
        AnnouncementsResponse,
--- a/packages/misskey-js/src/autogen/apiClientJSDoc.ts
+++ b/packages/misskey-js/src/autogen/apiClientJSDoc.ts
@ -1005,6 +1005,17 @@ declare module '../api.js' {
      credential?: string | null,
    ): Promise<SwitchCaseResponseType<E, P>>;
    /**
     * No description provided.
     * 
     * **Credential required**: *Yes* / **Permission**: *write:admin:account*
     */
    request<E extends 'admin/update-proxy-account', P extends Endpoints[E]['req']>(
      endpoint: E,
      params: P,
      credential?: string | null,
    ): Promise<SwitchCaseResponseType<E, P>>;
    /**
     * No description provided.
     * 
--- a/packages/misskey-js/src/autogen/endpoint.ts
+++ b/packages/misskey-js/src/autogen/endpoint.ts
@ -122,6 +122,8 @@ import type {
 	AdminUnsuspendUserRequest,
 	AdminUpdateAbuseUserReportRequest,
 	AdminUpdateMetaRequest,
 	AdminUpdateProxyAccountRequest,
 	AdminUpdateProxyAccountResponse,
 	AdminUpdateUserNoteRequest,
 	AnnouncementsRequest,
 	AnnouncementsResponse,
@ -676,6 +678,7 @@ export type Endpoints = {
 	'admin/unsuspend-user': { req: AdminUnsuspendUserRequest; res: EmptyResponse };
 	'admin/update-abuse-user-report': { req: AdminUpdateAbuseUserReportRequest; res: EmptyResponse };
 	'admin/update-meta': { req: AdminUpdateMetaRequest; res: EmptyResponse };
 	'admin/update-proxy-account': { req: AdminUpdateProxyAccountRequest; res: AdminUpdateProxyAccountResponse };
 	'admin/update-user-note': { req: AdminUpdateUserNoteRequest; res: EmptyResponse };
 	'announcements': { req: AnnouncementsRequest; res: AnnouncementsResponse };
 	'announcements/show': { req: AnnouncementsShowRequest; res: AnnouncementsShowResponse };
--- a/packages/misskey-js/src/autogen/entities.ts
+++ b/packages/misskey-js/src/autogen/entities.ts
@ -125,6 +125,8 @@ export type AdminUnsetUserBannerRequest = operations['admin___unset-user-banner'
 export type AdminUnsuspendUserRequest = operations['admin___unsuspend-user']['requestBody']['content']['application/json'];
 export type AdminUpdateAbuseUserReportRequest = operations['admin___update-abuse-user-report']['requestBody']['content']['application/json'];
 export type AdminUpdateMetaRequest = operations['admin___update-meta']['requestBody']['content']['application/json'];
 export type AdminUpdateProxyAccountRequest = operations['admin___update-proxy-account']['requestBody']['content']['application/json'];
 export type AdminUpdateProxyAccountResponse = operations['admin___update-proxy-account']['responses']['200']['content']['application/json'];
 export type AdminUpdateUserNoteRequest = operations['admin___update-user-note']['requestBody']['content']['application/json'];
 export type AnnouncementsRequest = operations['announcements']['requestBody']['content']['application/json'];
 export type AnnouncementsResponse = operations['announcements']['responses']['200']['content']['application/json'];
--- a/packages/misskey-js/src/autogen/types.ts
+++ b/packages/misskey-js/src/autogen/types.ts
@ -834,6 +834,15 @@ export type paths = {
     */
    post: operations['admin___update-meta'];
  };
  '/admin/update-proxy-account': {
    /**
     * admin/update-proxy-account
     * @description No description provided.
     *
     * **Credential required**: *Yes* / **Permission**: *write:admin:account*
     */
    post: operations['admin___update-proxy-account'];
  };
  '/admin/update-user-note': {
    /**
     * admin/update-user-note
@ -8285,7 +8294,7 @@ export type operations = {
            setSensitiveFlagAutomatically: boolean;
            enableSensitiveMediaDetectionForVideos: boolean;
            /** Format: id */
-            proxyAccountId: string | null;
+            proxyAccountId: string;
            email: string | null;
            smtpSecure: boolean;
            smtpHost: string | null;
@ -10626,8 +10635,6 @@ export type operations = {
          sensitiveMediaDetectionSensitivity?: 'medium' | 'low' | 'high' | 'veryLow' | 'veryHigh';
          setSensitiveFlagAutomatically?: boolean;
          enableSensitiveMediaDetectionForVideos?: boolean;
          /** Format: misskey:id */
          proxyAccountId?: string | null;
          maintainerName?: string | null;
          maintainerEmail?: string | null;
          langs?: string[];
@ -10739,6 +10746,59 @@ export type operations = {
      };
    };
  };
  /**
   * admin/update-proxy-account
   * @description No description provided.
   *
   * **Credential required**: *Yes* / **Permission**: *write:admin:account*
   */
  'admin___update-proxy-account': {
    requestBody: {
      content: {
        'application/json': {
          description?: string | null;
        };
      };
    };
    responses: {
      /** @description OK (with results) */
      200: {
        content: {
          'application/json': components['schemas']['UserDetailed'];
        };
      };
      /** @description Client error */
      400: {
        content: {
          'application/json': components['schemas']['Error'];
        };
      };
      /** @description Authentication error */
      401: {
        content: {
          'application/json': components['schemas']['Error'];
        };
      };
      /** @description Forbidden error */
      403: {
        content: {
          'application/json': components['schemas']['Error'];
        };
      };
      /** @description I'm Ai */
      418: {
        content: {
          'application/json': components['schemas']['Error'];
        };
      };
      /** @description Internal server error */
      500: {
        content: {
          'application/json': components['schemas']['Error'];
        };
      };
    };
  };
  /**
   * admin/update-user-note
   * @description No description provided.