From adefac81e269e5296ed2d63f7d7e40b7191ca3a6 Mon Sep 17 00:00:00 2001
From: Ephraim Duncan <55143799+ephraimduncan@users.noreply.github.com>
Date: Sun, 24 Aug 2025 06:48:30 +0000
Subject: [PATCH 01/47] fix: outdated docs (#1985)

---
 README.md                                                   | 4 +---
 SIGNING.md                                                  | 2 +-
 .../developers/contributing/contributing-translations.mdx   | 2 +-
 apps/documentation/pages/developers/self-hosting/how-to.mdx | 6 +++---
 docker/testing/compose.yml                                  | 2 +-
 render.yaml                                                 | 2 +-
 6 files changed, 8 insertions(+), 10 deletions(-)

diff --git a/README.md b/README.md
index aa423aa2b..185d9839e 100644
--- a/README.md
+++ b/README.md
@@ -214,8 +214,6 @@ For detailed instructions on how to configure and run the Docker container, plea
 
 We support a variety of deployment methods, and are actively working on adding more. Stay tuned for updates!
 
-> Please note that the below deployment methods are for v0.9, we will update these to v1.0 once it has been released.
-
 ### Fetch, configure, and build
 
 First, clone the code from Github:
@@ -258,7 +256,7 @@ npm run start
 
 This will start the server on `localhost:3000`. For now, any reverse proxy can then do the frontend and SSL termination.
 
-> If you want to run with another port than 3000, you can start the application with `next -p <ANY PORT>` from the `apps/web` folder.
+> If you want to run with another port than 3000, you can start the application with `next -p <ANY PORT>` from the `apps/remix` folder.
 
 ### Run as a service
 
diff --git a/SIGNING.md b/SIGNING.md
index d8f664cee..3eb94fbfb 100644
--- a/SIGNING.md
+++ b/SIGNING.md
@@ -18,7 +18,7 @@ For the digital signature of your documents you need a signing certificate in .p
 
 4. You will be prompted to enter a password for the p12 file. Choose a strong password and remember it, as you will need it to use the certificate (**can be empty for dev certificates**)
 
-5. Place the certificate `/apps/web/resources/certificate.p12` (If the path does not exist, it needs to be created)
+5. Place the certificate `/apps/remix/resources/certificate.p12` (If the path does not exist, it needs to be created)
 
 ## Docker
 
diff --git a/apps/documentation/pages/developers/contributing/contributing-translations.mdx b/apps/documentation/pages/developers/contributing/contributing-translations.mdx
index e313a4dc1..b8ffbb362 100644
--- a/apps/documentation/pages/developers/contributing/contributing-translations.mdx
+++ b/apps/documentation/pages/developers/contributing/contributing-translations.mdx
@@ -25,7 +25,7 @@ The translation files are organized into folders represented by their respective
 Each PO file contains translations which look like this:
 
 ```po
-#: apps/web/src/app/(signing)/sign/[token]/no-longer-available.tsx:61
+#: apps/remix/app/(signing)/sign/[token]/no-longer-available.tsx:61
 msgid "Want to send slick signing links like this one? <0>Check out Documenso.</0>"
 msgstr "Möchten Sie auffällige Signatur-Links wie diesen senden? <0>Überprüfen Sie Documenso.</0>"
 ```
diff --git a/apps/documentation/pages/developers/self-hosting/how-to.mdx b/apps/documentation/pages/developers/self-hosting/how-to.mdx
index 4025ce6d0..08797e801 100644
--- a/apps/documentation/pages/developers/self-hosting/how-to.mdx
+++ b/apps/documentation/pages/developers/self-hosting/how-to.mdx
@@ -54,7 +54,7 @@ Install the project dependencies as follows:
 
 ```bash
 npm i
-npm run build:web
+npm run build
 npm run prisma:migrate-deploy
 ```
 
@@ -69,7 +69,7 @@ npm run start
 This will start the server on `localhost:3000`. Any reverse proxy can handle the front end and SSL termination.
 
 <Callout type="info">
- If you want to run with another port than `3000`, you can start the application with `next -p <ANY PORT>` from the `apps/web` folder.
+ If you want to run with another port than `3000`, you can start the application with `next -p <ANY PORT>` from the `apps/remix` folder.
 </Callout>
 
 </Steps>
@@ -249,7 +249,7 @@ After=network.target
 Environment=PATH=/path/to/your/node/binaries
 Type=simple
 User=www-data
-WorkingDirectory=/var/www/documenso/apps/web
+WorkingDirectory=/var/www/documenso/apps/remix
 ExecStart=/usr/bin/next start -p 3500
 TimeoutSec=15
 Restart=always
diff --git a/docker/testing/compose.yml b/docker/testing/compose.yml
index 28ec055c1..110e9da6b 100644
--- a/docker/testing/compose.yml
+++ b/docker/testing/compose.yml
@@ -51,4 +51,4 @@ services:
     ports:
       - 3000:3000
     volumes:
-      - ../../apps/web/example/cert.p12:/opt/documenso/cert.p12
+      - ../../apps/remix/example/cert.p12:/opt/documenso/cert.p12
diff --git a/render.yaml b/render.yaml
index 07a90f0b1..a3d7d2a8f 100644
--- a/render.yaml
+++ b/render.yaml
@@ -4,7 +4,7 @@ services:
     name: documenso-app
     plan: free
     buildCommand: npm i && npm run build
-    startCommand: npx prisma migrate deploy --schema packages/prisma/schema.prisma && npx turbo run start --filter=@documenso/web
+    startCommand: npx prisma migrate deploy --schema packages/prisma/schema.prisma && npx turbo run start --filter=@documenso/remix
     healthCheckPath: /api/health
 
     envVars:

From d7e5a9eec7cacb307817d609ddeece0838d0c3ec Mon Sep 17 00:00:00 2001
From: David Nguyen <davidngu28@gmail.com>
Date: Mon, 25 Aug 2025 08:23:12 +1000
Subject: [PATCH 02/47] fix: refactor document router (#1990)

---
 .../dialogs/document-delete-dialog.tsx        |   2 +-
 .../dialogs/document-duplicate-dialog.tsx     |   5 +-
 .../dialogs/document-resend-dialog.tsx        |   2 +-
 .../components/general/app-command-menu.tsx   |   2 +-
 .../document-audit-log-download-button.tsx    |   2 +-
 .../document/document-drop-zone-wrapper.tsx   |   2 +-
 .../general/document/document-edit-form.tsx   |  50 +-
 .../document/document-page-view-button.tsx    |   2 +-
 .../document/document-page-view-dropdown.tsx  |   4 +-
 .../document-page-view-recent-activity.tsx    |   2 +-
 .../general/document/document-upload.tsx      |   2 +-
 .../general/legacy-field-warning-popover.tsx  |   2 +-
 .../template-page-view-documents-table.tsx    |   2 +-
 .../template-page-view-recent-activity.tsx    |   2 +-
 .../components/tables/document-logs-table.tsx |   2 +-
 .../tables/documents-table-action-button.tsx  |   2 +-
 .../documents-table-action-dropdown.tsx       |   4 +-
 .../app/components/tables/documents-table.tsx |   2 +-
 .../app/components/tables/inbox-table.tsx     |   5 +-
 .../t.$teamUrl+/documents._index.tsx          |   6 +-
 .../lib/utils/handle-oauth-callback-url.ts    |   6 +-
 .../send-document-cancelled-emails.handler.ts |   8 +-
 ...rganisation-member-joined-email.handler.ts |  16 +-
 ...-organisation-member-left-email.handler.ts |  13 +-
 .../send-recipient-signed-email.handler.ts    |   8 +-
 .../emails/send-rejection-emails.handler.ts   |   8 +-
 .../document/create-document-v2.ts            |   4 +-
 .../server-only/document/find-documents.ts    |   7 +-
 .../document/get-document-by-token.ts         |  17 +-
 .../get-document-with-details-by-id.ts        |   3 -
 .../document/reject-document-with-token.ts    |   8 +-
 .../document/send-completed-email.ts          |   8 +-
 .../server-only/document/send-delete-email.ts |   8 +-
 .../document/super-delete-document.ts         |   8 +-
 .../create-document-from-direct-template.ts   |   8 +-
 .../lib/server-only/user/reset-password.ts    |   9 +-
 packages/lib/server-only/user/verify-email.ts |   8 +-
 .../mask-recipient-tokens-for-document.ts     |   2 +-
 .../create-document-temporary.ts              |  81 ++
 .../create-document-temporary.types.ts        | 120 +++
 .../server/document-router/create-document.ts |  47 ++
 .../document-router/create-document.types.ts  |  27 +
 .../server/document-router/delete-document.ts |  35 +
 .../document-router/delete-document.types.ts  |  22 +
 .../document-router/distribute-document.ts    |  50 ++
 .../distribute-document.types.ts              |  48 ++
 .../download-document-audit-logs.ts           |  47 ++
 .../download-document-audit-logs.types.ts     |  16 +
 .../download-document-certificate.ts          |  46 ++
 .../download-document-certificate.types.ts    |  16 +
 .../document-router/download-document.ts      |  16 +-
 .../download-document.types.ts                |  32 +
 .../document-router/duplicate-document.ts     |  29 +
 .../duplicate-document.types.ts               |  23 +
 .../find-document-audit-logs.ts               |  41 +
 .../find-document-audit-logs.types.ts         |  20 +
 .../find-documents-internal.ts                |  74 ++
 .../find-documents-internal.types.ts          |  29 +
 .../server/document-router/find-documents.ts  |  43 ++
 .../document-router/find-documents.types.ts   |  42 +
 .../document-router/get-document-by-token.ts  |  43 ++
 .../get-document-by-token.types.ts            |  14 +
 .../server/document-router/get-document.ts    |  29 +
 .../document-router/get-document.types.ts     |  24 +
 .../document-router/redistribute-document.ts  |  35 +
 .../redistribute-document.types.ts            |  28 +
 .../trpc/server/document-router/router.ts     | 722 +-----------------
 .../trpc/server/document-router/schema.ts     | 287 +------
 .../server/document-router/search-document.ts |  21 +
 .../document-router/search-document.types.ts  |  16 +
 .../create-organisation-group.ts              |   8 +-
 71 files changed, 1310 insertions(+), 1072 deletions(-)
 create mode 100644 packages/trpc/server/document-router/create-document-temporary.ts
 create mode 100644 packages/trpc/server/document-router/create-document-temporary.types.ts
 create mode 100644 packages/trpc/server/document-router/create-document.ts
 create mode 100644 packages/trpc/server/document-router/create-document.types.ts
 create mode 100644 packages/trpc/server/document-router/delete-document.ts
 create mode 100644 packages/trpc/server/document-router/delete-document.types.ts
 create mode 100644 packages/trpc/server/document-router/distribute-document.ts
 create mode 100644 packages/trpc/server/document-router/distribute-document.types.ts
 create mode 100644 packages/trpc/server/document-router/download-document-audit-logs.ts
 create mode 100644 packages/trpc/server/document-router/download-document-audit-logs.types.ts
 create mode 100644 packages/trpc/server/document-router/download-document-certificate.ts
 create mode 100644 packages/trpc/server/document-router/download-document-certificate.types.ts
 create mode 100644 packages/trpc/server/document-router/download-document.types.ts
 create mode 100644 packages/trpc/server/document-router/duplicate-document.ts
 create mode 100644 packages/trpc/server/document-router/duplicate-document.types.ts
 create mode 100644 packages/trpc/server/document-router/find-document-audit-logs.ts
 create mode 100644 packages/trpc/server/document-router/find-document-audit-logs.types.ts
 create mode 100644 packages/trpc/server/document-router/find-documents-internal.ts
 create mode 100644 packages/trpc/server/document-router/find-documents-internal.types.ts
 create mode 100644 packages/trpc/server/document-router/find-documents.ts
 create mode 100644 packages/trpc/server/document-router/find-documents.types.ts
 create mode 100644 packages/trpc/server/document-router/get-document-by-token.ts
 create mode 100644 packages/trpc/server/document-router/get-document-by-token.types.ts
 create mode 100644 packages/trpc/server/document-router/get-document.ts
 create mode 100644 packages/trpc/server/document-router/get-document.types.ts
 create mode 100644 packages/trpc/server/document-router/redistribute-document.ts
 create mode 100644 packages/trpc/server/document-router/redistribute-document.types.ts
 create mode 100644 packages/trpc/server/document-router/search-document.ts
 create mode 100644 packages/trpc/server/document-router/search-document.types.ts

diff --git a/apps/remix/app/components/dialogs/document-delete-dialog.tsx b/apps/remix/app/components/dialogs/document-delete-dialog.tsx
index 746ef1570..a802387ef 100644
--- a/apps/remix/app/components/dialogs/document-delete-dialog.tsx
+++ b/apps/remix/app/components/dialogs/document-delete-dialog.tsx
@@ -49,7 +49,7 @@ export const DocumentDeleteDialog = ({
   const [inputValue, setInputValue] = useState('');
   const [isDeleteEnabled, setIsDeleteEnabled] = useState(status === DocumentStatus.DRAFT);
 
-  const { mutateAsync: deleteDocument, isPending } = trpcReact.document.deleteDocument.useMutation({
+  const { mutateAsync: deleteDocument, isPending } = trpcReact.document.delete.useMutation({
     onSuccess: async () => {
       void refreshLimits();
 
diff --git a/apps/remix/app/components/dialogs/document-duplicate-dialog.tsx b/apps/remix/app/components/dialogs/document-duplicate-dialog.tsx
index bb87f99dc..57146ed9f 100644
--- a/apps/remix/app/components/dialogs/document-duplicate-dialog.tsx
+++ b/apps/remix/app/components/dialogs/document-duplicate-dialog.tsx
@@ -36,11 +36,12 @@ export const DocumentDuplicateDialog = ({
 
   const team = useCurrentTeam();
 
-  const { data: document, isLoading } = trpcReact.document.getDocumentById.useQuery(
+  const { data: document, isLoading } = trpcReact.document.get.useQuery(
     {
       documentId: id,
     },
     {
+      queryHash: `document-duplicate-dialog-${id}`,
       enabled: open === true,
     },
   );
@@ -55,7 +56,7 @@ export const DocumentDuplicateDialog = ({
   const documentsPath = formatDocumentsPath(team.url);
 
   const { mutateAsync: duplicateDocument, isPending: isDuplicateLoading } =
-    trpcReact.document.duplicateDocument.useMutation({
+    trpcReact.document.duplicate.useMutation({
       onSuccess: async ({ documentId }) => {
         toast({
           title: _(msg`Document Duplicated`),
diff --git a/apps/remix/app/components/dialogs/document-resend-dialog.tsx b/apps/remix/app/components/dialogs/document-resend-dialog.tsx
index b3dc69503..e1a97ecc1 100644
--- a/apps/remix/app/components/dialogs/document-resend-dialog.tsx
+++ b/apps/remix/app/components/dialogs/document-resend-dialog.tsx
@@ -71,7 +71,7 @@ export const DocumentResendDialog = ({ document, recipients }: DocumentResendDia
     document.status !== 'PENDING' ||
     !recipients.some((r) => r.signingStatus === SigningStatus.NOT_SIGNED);
 
-  const { mutateAsync: resendDocument } = trpcReact.document.resendDocument.useMutation();
+  const { mutateAsync: resendDocument } = trpcReact.document.redistribute.useMutation();
 
   const form = useForm<TResendDocumentFormSchema>({
     resolver: zodResolver(ZResendDocumentFormSchema),
diff --git a/apps/remix/app/components/general/app-command-menu.tsx b/apps/remix/app/components/general/app-command-menu.tsx
index 9e9724d2e..2305bc6af 100644
--- a/apps/remix/app/components/general/app-command-menu.tsx
+++ b/apps/remix/app/components/general/app-command-menu.tsx
@@ -64,7 +64,7 @@ export function AppCommandMenu({ open, onOpenChange }: AppCommandMenuProps) {
   const [pages, setPages] = useState<string[]>([]);
 
   const { data: searchDocumentsData, isPending: isSearchingDocuments } =
-    trpcReact.document.searchDocuments.useQuery(
+    trpcReact.document.search.useQuery(
       {
         query: search,
       },
diff --git a/apps/remix/app/components/general/document/document-audit-log-download-button.tsx b/apps/remix/app/components/general/document/document-audit-log-download-button.tsx
index fb531eb37..77e90eff8 100644
--- a/apps/remix/app/components/general/document/document-audit-log-download-button.tsx
+++ b/apps/remix/app/components/general/document/document-audit-log-download-button.tsx
@@ -21,7 +21,7 @@ export const DocumentAuditLogDownloadButton = ({
   const { _ } = useLingui();
 
   const { mutateAsync: downloadAuditLogs, isPending } =
-    trpc.document.downloadAuditLogs.useMutation();
+    trpc.document.auditLog.download.useMutation();
 
   const onDownloadAuditLogsClick = async () => {
     try {
diff --git a/apps/remix/app/components/general/document/document-drop-zone-wrapper.tsx b/apps/remix/app/components/general/document/document-drop-zone-wrapper.tsx
index 16a52194e..e5fe18636 100644
--- a/apps/remix/app/components/general/document/document-drop-zone-wrapper.tsx
+++ b/apps/remix/app/components/general/document/document-drop-zone-wrapper.tsx
@@ -49,7 +49,7 @@ export const DocumentDropZoneWrapper = ({ children, className }: DocumentDropZon
 
   const { quota, remaining, refreshLimits } = useLimits();
 
-  const { mutateAsync: createDocument } = trpc.document.createDocument.useMutation();
+  const { mutateAsync: createDocument } = trpc.document.create.useMutation();
 
   const isUploadDisabled = remaining.documents === 0 || !user.emailVerified;
 
diff --git a/apps/remix/app/components/general/document/document-edit-form.tsx b/apps/remix/app/components/general/document/document-edit-form.tsx
index e03744164..df73d92b6 100644
--- a/apps/remix/app/components/general/document/document-edit-form.tsx
+++ b/apps/remix/app/components/general/document/document-edit-form.tsx
@@ -59,23 +59,22 @@ export const DocumentEditForm = ({
 
   const utils = trpc.useUtils();
 
-  const { data: document, refetch: refetchDocument } =
-    trpc.document.getDocumentWithDetailsById.useQuery(
-      {
-        documentId: initialDocument.id,
-      },
-      {
-        initialData: initialDocument,
-        ...SKIP_QUERY_BATCH_META,
-      },
-    );
+  const { data: document, refetch: refetchDocument } = trpc.document.get.useQuery(
+    {
+      documentId: initialDocument.id,
+    },
+    {
+      initialData: initialDocument,
+      ...SKIP_QUERY_BATCH_META,
+    },
+  );
 
   const { recipients, fields } = document;
 
-  const { mutateAsync: updateDocument } = trpc.document.updateDocument.useMutation({
+  const { mutateAsync: updateDocument } = trpc.document.update.useMutation({
     ...DO_NOT_INVALIDATE_QUERY_ON_MUTATION,
     onSuccess: (newData) => {
-      utils.document.getDocumentWithDetailsById.setData(
+      utils.document.get.setData(
         {
           documentId: initialDocument.id,
         },
@@ -84,23 +83,10 @@ export const DocumentEditForm = ({
     },
   });
 
-  const { mutateAsync: setSigningOrderForDocument } =
-    trpc.document.setSigningOrderForDocument.useMutation({
-      ...DO_NOT_INVALIDATE_QUERY_ON_MUTATION,
-      onSuccess: (newData) => {
-        utils.document.getDocumentWithDetailsById.setData(
-          {
-            documentId: initialDocument.id,
-          },
-          (oldData) => ({ ...(oldData || initialDocument), ...newData, id: Number(newData.id) }),
-        );
-      },
-    });
-
   const { mutateAsync: addFields } = trpc.field.addFields.useMutation({
     ...DO_NOT_INVALIDATE_QUERY_ON_MUTATION,
     onSuccess: ({ fields: newFields }) => {
-      utils.document.getDocumentWithDetailsById.setData(
+      utils.document.get.setData(
         {
           documentId: initialDocument.id,
         },
@@ -112,7 +98,7 @@ export const DocumentEditForm = ({
   const { mutateAsync: setRecipients } = trpc.recipient.setDocumentRecipients.useMutation({
     ...DO_NOT_INVALIDATE_QUERY_ON_MUTATION,
     onSuccess: ({ recipients: newRecipients }) => {
-      utils.document.getDocumentWithDetailsById.setData(
+      utils.document.get.setData(
         {
           documentId: initialDocument.id,
         },
@@ -121,10 +107,10 @@ export const DocumentEditForm = ({
     },
   });
 
-  const { mutateAsync: sendDocument } = trpc.document.sendDocument.useMutation({
+  const { mutateAsync: sendDocument } = trpc.document.distribute.useMutation({
     ...DO_NOT_INVALIDATE_QUERY_ON_MUTATION,
     onSuccess: (newData) => {
-      utils.document.getDocumentWithDetailsById.setData(
+      utils.document.get.setData(
         {
           documentId: initialDocument.id,
         },
@@ -216,15 +202,11 @@ export const DocumentEditForm = ({
   const onAddSignersFormSubmit = async (data: TAddSignersFormSchema) => {
     try {
       await Promise.all([
-        setSigningOrderForDocument({
-          documentId: document.id,
-          signingOrder: data.signingOrder,
-        }),
-
         updateDocument({
           documentId: document.id,
           meta: {
             allowDictateNextSigner: data.allowDictateNextSigner,
+            signingOrder: data.signingOrder,
           },
         }),
 
diff --git a/apps/remix/app/components/general/document/document-page-view-button.tsx b/apps/remix/app/components/general/document/document-page-view-button.tsx
index 55f6d85c2..e5fea4d2b 100644
--- a/apps/remix/app/components/general/document/document-page-view-button.tsx
+++ b/apps/remix/app/components/general/document/document-page-view-button.tsx
@@ -42,7 +42,7 @@ export const DocumentPageViewButton = ({ document }: DocumentPageViewButtonProps
 
   const onDownloadClick = async () => {
     try {
-      const documentWithData = await trpcClient.document.getDocumentById.query(
+      const documentWithData = await trpcClient.document.get.query(
         {
           documentId: document.id,
         },
diff --git a/apps/remix/app/components/general/document/document-page-view-dropdown.tsx b/apps/remix/app/components/general/document/document-page-view-dropdown.tsx
index c4043de3a..326c7553c 100644
--- a/apps/remix/app/components/general/document/document-page-view-dropdown.tsx
+++ b/apps/remix/app/components/general/document/document-page-view-dropdown.tsx
@@ -71,7 +71,7 @@ export const DocumentPageViewDropdown = ({ document }: DocumentPageViewDropdownP
 
   const onDownloadClick = async () => {
     try {
-      const documentWithData = await trpcClient.document.getDocumentById.query(
+      const documentWithData = await trpcClient.document.get.query(
         {
           documentId: document.id,
         },
@@ -100,7 +100,7 @@ export const DocumentPageViewDropdown = ({ document }: DocumentPageViewDropdownP
 
   const onDownloadOriginalClick = async () => {
     try {
-      const documentWithData = await trpcClient.document.getDocumentById.query(
+      const documentWithData = await trpcClient.document.get.query(
         {
           documentId: document.id,
         },
diff --git a/apps/remix/app/components/general/document/document-page-view-recent-activity.tsx b/apps/remix/app/components/general/document/document-page-view-recent-activity.tsx
index 10beae93b..abeeacbc4 100644
--- a/apps/remix/app/components/general/document/document-page-view-recent-activity.tsx
+++ b/apps/remix/app/components/general/document/document-page-view-recent-activity.tsx
@@ -32,7 +32,7 @@ export const DocumentPageViewRecentActivity = ({
     hasNextPage,
     fetchNextPage,
     isFetchingNextPage,
-  } = trpc.document.findDocumentAuditLogs.useInfiniteQuery(
+  } = trpc.document.auditLog.find.useInfiniteQuery(
     {
       documentId,
       filterForRecentActivity: true,
diff --git a/apps/remix/app/components/general/document/document-upload.tsx b/apps/remix/app/components/general/document/document-upload.tsx
index c21fcc5f0..b86a12ecc 100644
--- a/apps/remix/app/components/general/document/document-upload.tsx
+++ b/apps/remix/app/components/general/document/document-upload.tsx
@@ -52,7 +52,7 @@ export const DocumentUploadDropzone = ({ className }: DocumentUploadDropzoneProp
 
   const [isLoading, setIsLoading] = useState(false);
 
-  const { mutateAsync: createDocument } = trpc.document.createDocument.useMutation();
+  const { mutateAsync: createDocument } = trpc.document.create.useMutation();
 
   const disabledMessage = useMemo(() => {
     if (organisation.subscription && remaining.documents === 0) {
diff --git a/apps/remix/app/components/general/legacy-field-warning-popover.tsx b/apps/remix/app/components/general/legacy-field-warning-popover.tsx
index 6bd489c27..3165b1be7 100644
--- a/apps/remix/app/components/general/legacy-field-warning-popover.tsx
+++ b/apps/remix/app/components/general/legacy-field-warning-popover.tsx
@@ -28,7 +28,7 @@ export const LegacyFieldWarningPopover = ({
   const { mutateAsync: updateTemplate, isPending: isUpdatingTemplate } =
     trpc.template.updateTemplate.useMutation();
   const { mutateAsync: updateDocument, isPending: isUpdatingDocument } =
-    trpc.document.updateDocument.useMutation();
+    trpc.document.update.useMutation();
 
   const onUpdateFieldsClick = async () => {
     if (type === 'document') {
diff --git a/apps/remix/app/components/general/template/template-page-view-documents-table.tsx b/apps/remix/app/components/general/template/template-page-view-documents-table.tsx
index bef9189d5..6072a8846 100644
--- a/apps/remix/app/components/general/template/template-page-view-documents-table.tsx
+++ b/apps/remix/app/components/general/template/template-page-view-documents-table.tsx
@@ -67,7 +67,7 @@ export const TemplatePageViewDocumentsTable = ({
     Object.fromEntries(searchParams ?? []),
   );
 
-  const { data, isLoading, isLoadingError } = trpc.document.findDocuments.useQuery(
+  const { data, isLoading, isLoadingError } = trpc.document.find.useQuery(
     {
       templateId,
       page: parsedSearchParams.page,
diff --git a/apps/remix/app/components/general/template/template-page-view-recent-activity.tsx b/apps/remix/app/components/general/template/template-page-view-recent-activity.tsx
index e0f3f67c9..9b39a27a8 100644
--- a/apps/remix/app/components/general/template/template-page-view-recent-activity.tsx
+++ b/apps/remix/app/components/general/template/template-page-view-recent-activity.tsx
@@ -18,7 +18,7 @@ export const TemplatePageViewRecentActivity = ({
   templateId,
   documentRootPath,
 }: TemplatePageViewRecentActivityProps) => {
-  const { data, isLoading, isLoadingError, refetch } = trpc.document.findDocuments.useQuery({
+  const { data, isLoading, isLoadingError, refetch } = trpc.document.find.useQuery({
     templateId,
     orderByColumn: 'createdAt',
     orderByDirection: 'asc',
diff --git a/apps/remix/app/components/tables/document-logs-table.tsx b/apps/remix/app/components/tables/document-logs-table.tsx
index 8cdae26d5..a042c6a44 100644
--- a/apps/remix/app/components/tables/document-logs-table.tsx
+++ b/apps/remix/app/components/tables/document-logs-table.tsx
@@ -34,7 +34,7 @@ export const DocumentLogsTable = ({ documentId }: DocumentLogsTableProps) => {
 
   const parsedSearchParams = ZUrlSearchParamsSchema.parse(Object.fromEntries(searchParams ?? []));
 
-  const { data, isLoading, isLoadingError } = trpc.document.findDocumentAuditLogs.useQuery(
+  const { data, isLoading, isLoadingError } = trpc.document.auditLog.find.useQuery(
     {
       documentId,
       page: parsedSearchParams.page,
diff --git a/apps/remix/app/components/tables/documents-table-action-button.tsx b/apps/remix/app/components/tables/documents-table-action-button.tsx
index 1333ca912..c1d68c133 100644
--- a/apps/remix/app/components/tables/documents-table-action-button.tsx
+++ b/apps/remix/app/components/tables/documents-table-action-button.tsx
@@ -45,7 +45,7 @@ export const DocumentsTableActionButton = ({ row }: DocumentsTableActionButtonPr
   const onDownloadClick = async () => {
     try {
       const document = !recipient
-        ? await trpcClient.document.getDocumentById.query(
+        ? await trpcClient.document.get.query(
             {
               documentId: row.id,
             },
diff --git a/apps/remix/app/components/tables/documents-table-action-dropdown.tsx b/apps/remix/app/components/tables/documents-table-action-dropdown.tsx
index 1186afb18..8114c6cc1 100644
--- a/apps/remix/app/components/tables/documents-table-action-dropdown.tsx
+++ b/apps/remix/app/components/tables/documents-table-action-dropdown.tsx
@@ -77,7 +77,7 @@ export const DocumentsTableActionDropdown = ({
   const onDownloadClick = async () => {
     try {
       const document = !recipient
-        ? await trpcClient.document.getDocumentById.query({
+        ? await trpcClient.document.get.query({
             documentId: row.id,
           })
         : await trpcClient.document.getDocumentByToken.query({
@@ -103,7 +103,7 @@ export const DocumentsTableActionDropdown = ({
   const onDownloadOriginalClick = async () => {
     try {
       const document = !recipient
-        ? await trpcClient.document.getDocumentById.query({
+        ? await trpcClient.document.get.query({
             documentId: row.id,
           })
         : await trpcClient.document.getDocumentByToken.query({
diff --git a/apps/remix/app/components/tables/documents-table.tsx b/apps/remix/app/components/tables/documents-table.tsx
index fa5be7d2d..a003f4d0d 100644
--- a/apps/remix/app/components/tables/documents-table.tsx
+++ b/apps/remix/app/components/tables/documents-table.tsx
@@ -11,7 +11,7 @@ import { useUpdateSearchParams } from '@documenso/lib/client-only/hooks/use-upda
 import { useSession } from '@documenso/lib/client-only/providers/session';
 import { isDocumentCompleted } from '@documenso/lib/utils/document';
 import { formatDocumentsPath } from '@documenso/lib/utils/teams';
-import type { TFindDocumentsResponse } from '@documenso/trpc/server/document-router/schema';
+import type { TFindDocumentsResponse } from '@documenso/trpc/server/document-router/find-documents.types';
 import type { DataTableColumnDef } from '@documenso/ui/primitives/data-table';
 import { DataTable } from '@documenso/ui/primitives/data-table';
 import { DataTablePagination } from '@documenso/ui/primitives/data-table-pagination';
diff --git a/apps/remix/app/components/tables/inbox-table.tsx b/apps/remix/app/components/tables/inbox-table.tsx
index 45f837c17..f2d138e0d 100644
--- a/apps/remix/app/components/tables/inbox-table.tsx
+++ b/apps/remix/app/components/tables/inbox-table.tsx
@@ -17,7 +17,6 @@ import { isDocumentCompleted } from '@documenso/lib/utils/document';
 import { trpc as trpcClient } from '@documenso/trpc/client';
 import { trpc } from '@documenso/trpc/react';
 import type { TFindInboxResponse } from '@documenso/trpc/server/document-router/find-inbox.types';
-import type { TFindDocumentsResponse } from '@documenso/trpc/server/document-router/schema';
 import { Button } from '@documenso/ui/primitives/button';
 import type { DataTableColumnDef } from '@documenso/ui/primitives/data-table';
 import { DataTable } from '@documenso/ui/primitives/data-table';
@@ -32,12 +31,12 @@ import { useOptionalCurrentTeam } from '~/providers/team';
 import { StackAvatarsWithTooltip } from '../general/stack-avatars-with-tooltip';
 
 export type DocumentsTableProps = {
-  data?: TFindDocumentsResponse;
+  data?: TFindInboxResponse;
   isLoading?: boolean;
   isLoadingError?: boolean;
 };
 
-type DocumentsTableRow = TFindDocumentsResponse['data'][number];
+type DocumentsTableRow = TFindInboxResponse['data'][number];
 
 export const InboxTable = () => {
   const { _, i18n } = useLingui();
diff --git a/apps/remix/app/routes/_authenticated+/t.$teamUrl+/documents._index.tsx b/apps/remix/app/routes/_authenticated+/t.$teamUrl+/documents._index.tsx
index 02ae85896..eac87bae7 100644
--- a/apps/remix/app/routes/_authenticated+/t.$teamUrl+/documents._index.tsx
+++ b/apps/remix/app/routes/_authenticated+/t.$teamUrl+/documents._index.tsx
@@ -12,10 +12,8 @@ import { parseToIntegerArray } from '@documenso/lib/utils/params';
 import { formatDocumentsPath } from '@documenso/lib/utils/teams';
 import { ExtendedDocumentStatus } from '@documenso/prisma/types/extended-document-status';
 import { trpc } from '@documenso/trpc/react';
-import {
-  type TFindDocumentsInternalResponse,
-  ZFindDocumentsInternalRequestSchema,
-} from '@documenso/trpc/server/document-router/schema';
+import type { TFindDocumentsInternalResponse } from '@documenso/trpc/server/document-router/find-documents-internal.types';
+import { ZFindDocumentsInternalRequestSchema } from '@documenso/trpc/server/document-router/find-documents-internal.types';
 import { Avatar, AvatarFallback, AvatarImage } from '@documenso/ui/primitives/avatar';
 import { Tabs, TabsList, TabsTrigger } from '@documenso/ui/primitives/tabs';
 
diff --git a/packages/auth/server/lib/utils/handle-oauth-callback-url.ts b/packages/auth/server/lib/utils/handle-oauth-callback-url.ts
index 76ec6a607..96967cc4e 100644
--- a/packages/auth/server/lib/utils/handle-oauth-callback-url.ts
+++ b/packages/auth/server/lib/utils/handle-oauth-callback-url.ts
@@ -92,7 +92,11 @@ export const handleOAuthCallbackUrl = async (options: HandleOAuthCallbackUrlOpti
       providerAccountId: sub,
     },
     include: {
-      user: true,
+      user: {
+        select: {
+          id: true,
+        },
+      },
     },
   });
 
diff --git a/packages/lib/jobs/definitions/emails/send-document-cancelled-emails.handler.ts b/packages/lib/jobs/definitions/emails/send-document-cancelled-emails.handler.ts
index 5140c95ee..c17d7fc48 100644
--- a/packages/lib/jobs/definitions/emails/send-document-cancelled-emails.handler.ts
+++ b/packages/lib/jobs/definitions/emails/send-document-cancelled-emails.handler.ts
@@ -29,7 +29,13 @@ export const run = async ({
       id: documentId,
     },
     include: {
-      user: true,
+      user: {
+        select: {
+          id: true,
+          email: true,
+          name: true,
+        },
+      },
       documentMeta: true,
       recipients: true,
       team: {
diff --git a/packages/lib/jobs/definitions/emails/send-organisation-member-joined-email.handler.ts b/packages/lib/jobs/definitions/emails/send-organisation-member-joined-email.handler.ts
index 444ce2985..db8ac2980 100644
--- a/packages/lib/jobs/definitions/emails/send-organisation-member-joined-email.handler.ts
+++ b/packages/lib/jobs/definitions/emails/send-organisation-member-joined-email.handler.ts
@@ -39,7 +39,13 @@ export const run = async ({
           },
         },
         include: {
-          user: true,
+          user: {
+            select: {
+              id: true,
+              email: true,
+              name: true,
+            },
+          },
         },
       },
     },
@@ -51,7 +57,13 @@ export const run = async ({
       organisationId: payload.organisationId,
     },
     include: {
-      user: true,
+      user: {
+        select: {
+          id: true,
+          email: true,
+          name: true,
+        },
+      },
     },
   });
 
diff --git a/packages/lib/jobs/definitions/emails/send-organisation-member-left-email.handler.ts b/packages/lib/jobs/definitions/emails/send-organisation-member-left-email.handler.ts
index 2bfc88aef..babfc7396 100644
--- a/packages/lib/jobs/definitions/emails/send-organisation-member-left-email.handler.ts
+++ b/packages/lib/jobs/definitions/emails/send-organisation-member-left-email.handler.ts
@@ -39,7 +39,13 @@ export const run = async ({
           },
         },
         include: {
-          user: true,
+          user: {
+            select: {
+              id: true,
+              email: true,
+              name: true,
+            },
+          },
         },
       },
     },
@@ -49,6 +55,11 @@ export const run = async ({
     where: {
       id: payload.memberUserId,
     },
+    select: {
+      id: true,
+      email: true,
+      name: true,
+    },
   });
 
   const { branding, emailLanguage, senderEmail } = await getEmailContext({
diff --git a/packages/lib/jobs/definitions/emails/send-recipient-signed-email.handler.ts b/packages/lib/jobs/definitions/emails/send-recipient-signed-email.handler.ts
index 8912362d7..7f201f0ef 100644
--- a/packages/lib/jobs/definitions/emails/send-recipient-signed-email.handler.ts
+++ b/packages/lib/jobs/definitions/emails/send-recipient-signed-email.handler.ts
@@ -38,7 +38,13 @@ export const run = async ({
           id: recipientId,
         },
       },
-      user: true,
+      user: {
+        select: {
+          id: true,
+          email: true,
+          name: true,
+        },
+      },
       documentMeta: true,
     },
   });
diff --git a/packages/lib/jobs/definitions/emails/send-rejection-emails.handler.ts b/packages/lib/jobs/definitions/emails/send-rejection-emails.handler.ts
index d69304a12..f162ca134 100644
--- a/packages/lib/jobs/definitions/emails/send-rejection-emails.handler.ts
+++ b/packages/lib/jobs/definitions/emails/send-rejection-emails.handler.ts
@@ -33,7 +33,13 @@ export const run = async ({
         id: documentId,
       },
       include: {
-        user: true,
+        user: {
+          select: {
+            id: true,
+            email: true,
+            name: true,
+          },
+        },
         documentMeta: true,
         team: {
           select: {
diff --git a/packages/lib/server-only/document/create-document-v2.ts b/packages/lib/server-only/document/create-document-v2.ts
index 4a23d67c7..4fe6103d8 100644
--- a/packages/lib/server-only/document/create-document-v2.ts
+++ b/packages/lib/server-only/document/create-document-v2.ts
@@ -15,7 +15,7 @@ import type { ApiRequestMetadata } from '@documenso/lib/universal/extract-reques
 import { nanoid, prefixedId } from '@documenso/lib/universal/id';
 import { createDocumentAuditLogData } from '@documenso/lib/utils/document-audit-logs';
 import { prisma } from '@documenso/prisma';
-import type { TCreateDocumentV2Request } from '@documenso/trpc/server/document-router/schema';
+import type { TCreateDocumentTemporaryRequest } from '@documenso/trpc/server/document-router/create-document-temporary.types';
 
 import type { TDocumentAccessAuthTypes, TDocumentActionAuthTypes } from '../../types/document-auth';
 import type { TDocumentFormValues } from '../../types/document-form-values';
@@ -45,7 +45,7 @@ export type CreateDocumentOptions = {
     globalAccessAuth?: TDocumentAccessAuthTypes[];
     globalActionAuth?: TDocumentActionAuthTypes[];
     formValues?: TDocumentFormValues;
-    recipients: TCreateDocumentV2Request['recipients'];
+    recipients: TCreateDocumentTemporaryRequest['recipients'];
     folderId?: string;
   };
   meta?: Partial<Omit<TemplateMeta, 'id' | 'templateId'>>;
diff --git a/packages/lib/server-only/document/find-documents.ts b/packages/lib/server-only/document/find-documents.ts
index e6b2bde42..97dd07582 100644
--- a/packages/lib/server-only/document/find-documents.ts
+++ b/packages/lib/server-only/document/find-documents.ts
@@ -49,6 +49,11 @@ export const findDocuments = async ({
     where: {
       id: userId,
     },
+    select: {
+      id: true,
+      email: true,
+      name: true,
+    },
   });
 
   let team = null;
@@ -267,7 +272,7 @@ export const findDocuments = async ({
 
 const findDocumentsFilter = (
   status: ExtendedDocumentStatus,
-  user: User,
+  user: Pick<User, 'id' | 'email' | 'name'>,
   folderId?: string | null,
 ) => {
   return match<ExtendedDocumentStatus, Prisma.DocumentWhereInput>(status)
diff --git a/packages/lib/server-only/document/get-document-by-token.ts b/packages/lib/server-only/document/get-document-by-token.ts
index b91427328..e062a7824 100644
--- a/packages/lib/server-only/document/get-document-by-token.ts
+++ b/packages/lib/server-only/document/get-document-by-token.ts
@@ -73,7 +73,13 @@ export const getDocumentAndSenderByToken = async ({
       },
     },
     include: {
-      user: true,
+      user: {
+        select: {
+          id: true,
+          email: true,
+          name: true,
+        },
+      },
       documentData: true,
       documentMeta: true,
       recipients: {
@@ -90,9 +96,6 @@ export const getDocumentAndSenderByToken = async ({
     },
   });
 
-  // eslint-disable-next-line no-unused-vars, @typescript-eslint/no-unused-vars
-  const { password: _password, ...user } = result.user;
-
   const recipient = result.recipients[0];
 
   // Sanity check, should not be possible.
@@ -120,7 +123,11 @@ export const getDocumentAndSenderByToken = async ({
 
   return {
     ...result,
-    user,
+    user: {
+      id: result.user.id,
+      email: result.user.email,
+      name: result.user.name,
+    },
   };
 };
 
diff --git a/packages/lib/server-only/document/get-document-with-details-by-id.ts b/packages/lib/server-only/document/get-document-with-details-by-id.ts
index a889c410b..2a93156a7 100644
--- a/packages/lib/server-only/document/get-document-with-details-by-id.ts
+++ b/packages/lib/server-only/document/get-document-with-details-by-id.ts
@@ -7,14 +7,12 @@ export type GetDocumentWithDetailsByIdOptions = {
   documentId: number;
   userId: number;
   teamId: number;
-  folderId?: string;
 };
 
 export const getDocumentWithDetailsById = async ({
   documentId,
   userId,
   teamId,
-  folderId,
 }: GetDocumentWithDetailsByIdOptions) => {
   const { documentWhereInput } = await getDocumentWhereInput({
     documentId,
@@ -25,7 +23,6 @@ export const getDocumentWithDetailsById = async ({
   const document = await prisma.document.findFirst({
     where: {
       ...documentWhereInput,
-      folderId,
     },
     include: {
       documentData: true,
diff --git a/packages/lib/server-only/document/reject-document-with-token.ts b/packages/lib/server-only/document/reject-document-with-token.ts
index f0c5764ef..2de1d0e81 100644
--- a/packages/lib/server-only/document/reject-document-with-token.ts
+++ b/packages/lib/server-only/document/reject-document-with-token.ts
@@ -28,13 +28,7 @@ export async function rejectDocumentWithToken({
       documentId,
     },
     include: {
-      document: {
-        include: {
-          user: true,
-          recipients: true,
-          documentMeta: true,
-        },
-      },
+      document: true,
     },
   });
 
diff --git a/packages/lib/server-only/document/send-completed-email.ts b/packages/lib/server-only/document/send-completed-email.ts
index b4392f891..b5e5ba256 100644
--- a/packages/lib/server-only/document/send-completed-email.ts
+++ b/packages/lib/server-only/document/send-completed-email.ts
@@ -33,7 +33,13 @@ export const sendCompletedEmail = async ({ documentId, requestMetadata }: SendDo
       documentData: true,
       documentMeta: true,
       recipients: true,
-      user: true,
+      user: {
+        select: {
+          id: true,
+          email: true,
+          name: true,
+        },
+      },
       team: {
         select: {
           id: true,
diff --git a/packages/lib/server-only/document/send-delete-email.ts b/packages/lib/server-only/document/send-delete-email.ts
index 8d786ff0b..e76ac636b 100644
--- a/packages/lib/server-only/document/send-delete-email.ts
+++ b/packages/lib/server-only/document/send-delete-email.ts
@@ -24,7 +24,13 @@ export const sendDeleteEmail = async ({ documentId, reason }: SendDeleteEmailOpt
       id: documentId,
     },
     include: {
-      user: true,
+      user: {
+        select: {
+          id: true,
+          email: true,
+          name: true,
+        },
+      },
       documentMeta: true,
     },
   });
diff --git a/packages/lib/server-only/document/super-delete-document.ts b/packages/lib/server-only/document/super-delete-document.ts
index 87ab1a98f..ab6321c5e 100644
--- a/packages/lib/server-only/document/super-delete-document.ts
+++ b/packages/lib/server-only/document/super-delete-document.ts
@@ -30,7 +30,13 @@ export const superDeleteDocument = async ({ id, requestMetadata }: SuperDeleteDo
     include: {
       recipients: true,
       documentMeta: true,
-      user: true,
+      user: {
+        select: {
+          id: true,
+          email: true,
+          name: true,
+        },
+      },
     },
   });
 
diff --git a/packages/lib/server-only/template/create-document-from-direct-template.ts b/packages/lib/server-only/template/create-document-from-direct-template.ts
index bed997aab..a7afd8a1a 100644
--- a/packages/lib/server-only/template/create-document-from-direct-template.ts
+++ b/packages/lib/server-only/template/create-document-from-direct-template.ts
@@ -105,7 +105,13 @@ export const createDocumentFromDirectTemplate = async ({
       directLink: true,
       templateDocumentData: true,
       templateMeta: true,
-      user: true,
+      user: {
+        select: {
+          id: true,
+          email: true,
+          name: true,
+        },
+      },
     },
   });
 
diff --git a/packages/lib/server-only/user/reset-password.ts b/packages/lib/server-only/user/reset-password.ts
index e01555cce..99d796e7b 100644
--- a/packages/lib/server-only/user/reset-password.ts
+++ b/packages/lib/server-only/user/reset-password.ts
@@ -24,7 +24,14 @@ export const resetPassword = async ({ token, password, requestMetadata }: ResetP
       token,
     },
     include: {
-      user: true,
+      user: {
+        select: {
+          id: true,
+          email: true,
+          name: true,
+          password: true,
+        },
+      },
     },
   });
 
diff --git a/packages/lib/server-only/user/verify-email.ts b/packages/lib/server-only/user/verify-email.ts
index 5285b9476..1b3a44e71 100644
--- a/packages/lib/server-only/user/verify-email.ts
+++ b/packages/lib/server-only/user/verify-email.ts
@@ -12,7 +12,13 @@ export type VerifyEmailProps = {
 export const verifyEmail = async ({ token }: VerifyEmailProps) => {
   const verificationToken = await prisma.verificationToken.findFirst({
     include: {
-      user: true,
+      user: {
+        select: {
+          id: true,
+          email: true,
+          name: true,
+        },
+      },
     },
     where: {
       token,
diff --git a/packages/lib/utils/mask-recipient-tokens-for-document.ts b/packages/lib/utils/mask-recipient-tokens-for-document.ts
index c0eff4588..ddadb4f3f 100644
--- a/packages/lib/utils/mask-recipient-tokens-for-document.ts
+++ b/packages/lib/utils/mask-recipient-tokens-for-document.ts
@@ -4,7 +4,7 @@ import type { DocumentWithRecipients } from '@documenso/prisma/types/document-wi
 
 export type MaskRecipientTokensForDocumentOptions<T extends DocumentWithRecipients> = {
   document: T;
-  user?: User;
+  user?: Pick<User, 'id' | 'email' | 'name'>;
   token?: string;
 };
 
diff --git a/packages/trpc/server/document-router/create-document-temporary.ts b/packages/trpc/server/document-router/create-document-temporary.ts
new file mode 100644
index 000000000..fdc64f1d6
--- /dev/null
+++ b/packages/trpc/server/document-router/create-document-temporary.ts
@@ -0,0 +1,81 @@
+import { DocumentDataType } from '@prisma/client';
+
+import { getServerLimits } from '@documenso/ee/server-only/limits/server';
+import { AppError, AppErrorCode } from '@documenso/lib/errors/app-error';
+import { createDocumentData } from '@documenso/lib/server-only/document-data/create-document-data';
+import { createDocumentV2 } from '@documenso/lib/server-only/document/create-document-v2';
+import { getPresignPostUrl } from '@documenso/lib/universal/upload/server-actions';
+
+import { authenticatedProcedure } from '../trpc';
+import {
+  ZCreateDocumentTemporaryRequestSchema,
+  ZCreateDocumentTemporaryResponseSchema,
+  createDocumentTemporaryMeta,
+} from './create-document-temporary.types';
+
+/**
+ * Temporariy endpoint for V2 Beta until we allow passthrough documents on create.
+ *
+ * @public
+ * @deprecated
+ */
+export const createDocumentTemporaryRoute = authenticatedProcedure
+  .meta(createDocumentTemporaryMeta)
+  .input(ZCreateDocumentTemporaryRequestSchema)
+  .output(ZCreateDocumentTemporaryResponseSchema)
+  .mutation(async ({ input, ctx }) => {
+    const { teamId, user } = ctx;
+
+    const {
+      title,
+      externalId,
+      visibility,
+      globalAccessAuth,
+      globalActionAuth,
+      recipients,
+      meta,
+      folderId,
+    } = input;
+
+    const { remaining } = await getServerLimits({ userId: user.id, teamId });
+
+    if (remaining.documents <= 0) {
+      throw new AppError(AppErrorCode.LIMIT_EXCEEDED, {
+        message: 'You have reached your document limit for this month. Please upgrade your plan.',
+        statusCode: 400,
+      });
+    }
+
+    const fileName = title.endsWith('.pdf') ? title : `${title}.pdf`;
+
+    const { url, key } = await getPresignPostUrl(fileName, 'application/pdf');
+
+    const documentData = await createDocumentData({
+      data: key,
+      type: DocumentDataType.S3_PATH,
+    });
+
+    const createdDocument = await createDocumentV2({
+      userId: ctx.user.id,
+      teamId,
+      documentDataId: documentData.id,
+      normalizePdf: false, // Not normalizing because of presigned URL.
+      data: {
+        title,
+        externalId,
+        visibility,
+        globalAccessAuth,
+        globalActionAuth,
+        recipients,
+        folderId,
+      },
+      meta,
+      requestMetadata: ctx.metadata,
+    });
+
+    return {
+      document: createdDocument,
+      folder: createdDocument.folder, // Todo: Remove this prior to api-v2 release.
+      uploadUrl: url,
+    };
+  });
diff --git a/packages/trpc/server/document-router/create-document-temporary.types.ts b/packages/trpc/server/document-router/create-document-temporary.types.ts
new file mode 100644
index 000000000..858b3835a
--- /dev/null
+++ b/packages/trpc/server/document-router/create-document-temporary.types.ts
@@ -0,0 +1,120 @@
+import { DocumentSigningOrder } from '@prisma/client';
+import { z } from 'zod';
+
+import { ZDocumentSchema } from '@documenso/lib/types/document';
+import {
+  ZDocumentAccessAuthTypesSchema,
+  ZDocumentActionAuthTypesSchema,
+} from '@documenso/lib/types/document-auth';
+import { ZDocumentEmailSettingsSchema } from '@documenso/lib/types/document-email';
+import { ZDocumentFormValuesSchema } from '@documenso/lib/types/document-form-values';
+import {
+  ZFieldHeightSchema,
+  ZFieldPageNumberSchema,
+  ZFieldPageXSchema,
+  ZFieldPageYSchema,
+  ZFieldWidthSchema,
+} from '@documenso/lib/types/field';
+import { ZFieldAndMetaSchema } from '@documenso/lib/types/field-meta';
+
+import { ZCreateRecipientSchema } from '../recipient-router/schema';
+import type { TrpcRouteMeta } from '../trpc';
+import {
+  ZDocumentExternalIdSchema,
+  ZDocumentMetaDateFormatSchema,
+  ZDocumentMetaDistributionMethodSchema,
+  ZDocumentMetaDrawSignatureEnabledSchema,
+  ZDocumentMetaLanguageSchema,
+  ZDocumentMetaMessageSchema,
+  ZDocumentMetaRedirectUrlSchema,
+  ZDocumentMetaSubjectSchema,
+  ZDocumentMetaTimezoneSchema,
+  ZDocumentMetaTypedSignatureEnabledSchema,
+  ZDocumentMetaUploadSignatureEnabledSchema,
+  ZDocumentTitleSchema,
+  ZDocumentVisibilitySchema,
+} from './schema';
+
+/**
+ * Temporariy endpoint for V2 Beta until we allow passthrough documents on create.
+ */
+export const createDocumentTemporaryMeta: TrpcRouteMeta = {
+  openapi: {
+    method: 'POST',
+    path: '/document/create/beta',
+    summary: 'Create document',
+    description:
+      'You will need to upload the PDF to the provided URL returned. Note: Once V2 API is released, this will be removed since we will allow direct uploads, instead of using an upload URL.',
+    tags: ['Document'],
+  },
+};
+
+export const ZCreateDocumentTemporaryRequestSchema = z.object({
+  title: ZDocumentTitleSchema,
+  externalId: ZDocumentExternalIdSchema.optional(),
+  visibility: ZDocumentVisibilitySchema.optional(),
+  globalAccessAuth: z.array(ZDocumentAccessAuthTypesSchema).optional(),
+  globalActionAuth: z.array(ZDocumentActionAuthTypesSchema).optional(),
+  formValues: ZDocumentFormValuesSchema.optional(),
+  folderId: z
+    .string()
+    .describe(
+      'The ID of the folder to create the document in. If not provided, the document will be created in the root folder.',
+    )
+    .optional(),
+  recipients: z
+    .array(
+      ZCreateRecipientSchema.extend({
+        fields: ZFieldAndMetaSchema.and(
+          z.object({
+            pageNumber: ZFieldPageNumberSchema,
+            pageX: ZFieldPageXSchema,
+            pageY: ZFieldPageYSchema,
+            width: ZFieldWidthSchema,
+            height: ZFieldHeightSchema,
+          }),
+        )
+          .array()
+          .optional(),
+      }),
+    )
+    .refine(
+      (recipients) => {
+        const emails = recipients.map((recipient) => recipient.email);
+
+        return new Set(emails).size === emails.length;
+      },
+      { message: 'Recipients must have unique emails' },
+    )
+    .optional(),
+  meta: z
+    .object({
+      subject: ZDocumentMetaSubjectSchema.optional(),
+      message: ZDocumentMetaMessageSchema.optional(),
+      timezone: ZDocumentMetaTimezoneSchema.optional(),
+      dateFormat: ZDocumentMetaDateFormatSchema.optional(),
+      distributionMethod: ZDocumentMetaDistributionMethodSchema.optional(),
+      signingOrder: z.nativeEnum(DocumentSigningOrder).optional(),
+      redirectUrl: ZDocumentMetaRedirectUrlSchema.optional(),
+      language: ZDocumentMetaLanguageSchema.optional(),
+      typedSignatureEnabled: ZDocumentMetaTypedSignatureEnabledSchema.optional(),
+      drawSignatureEnabled: ZDocumentMetaDrawSignatureEnabledSchema.optional(),
+      uploadSignatureEnabled: ZDocumentMetaUploadSignatureEnabledSchema.optional(),
+      emailSettings: ZDocumentEmailSettingsSchema.optional(),
+    })
+    .optional(),
+});
+
+export const ZCreateDocumentTemporaryResponseSchema = z.object({
+  document: ZDocumentSchema,
+  uploadUrl: z
+    .string()
+    .describe(
+      'The URL to upload the document PDF to. Use a PUT request with the file via form-data',
+    ),
+});
+
+export type TCreateDocumentTemporaryRequest = z.infer<typeof ZCreateDocumentTemporaryRequestSchema>;
+export type TCreateDocumentTemporaryResponse = z.infer<
+  typeof ZCreateDocumentTemporaryResponseSchema
+>;
diff --git a/packages/trpc/server/document-router/create-document.ts b/packages/trpc/server/document-router/create-document.ts
new file mode 100644
index 000000000..bf66f93d3
--- /dev/null
+++ b/packages/trpc/server/document-router/create-document.ts
@@ -0,0 +1,47 @@
+import { getServerLimits } from '@documenso/ee/server-only/limits/server';
+import { AppError, AppErrorCode } from '@documenso/lib/errors/app-error';
+import { createDocument } from '@documenso/lib/server-only/document/create-document';
+
+import { authenticatedProcedure } from '../trpc';
+import {
+  ZCreateDocumentRequestSchema,
+  ZCreateDocumentResponseSchema,
+} from './create-document.types';
+
+export const createDocumentRoute = authenticatedProcedure
+  .input(ZCreateDocumentRequestSchema)
+  .output(ZCreateDocumentResponseSchema)
+  .mutation(async ({ input, ctx }) => {
+    const { user, teamId } = ctx;
+    const { title, documentDataId, timezone, folderId } = input;
+
+    ctx.logger.info({
+      input: {
+        folderId,
+      },
+    });
+
+    const { remaining } = await getServerLimits({ userId: user.id, teamId });
+
+    if (remaining.documents <= 0) {
+      throw new AppError(AppErrorCode.LIMIT_EXCEEDED, {
+        message: 'You have reached your document limit for this month. Please upgrade your plan.',
+        statusCode: 400,
+      });
+    }
+
+    const document = await createDocument({
+      userId: user.id,
+      teamId,
+      title,
+      documentDataId,
+      normalizePdf: true,
+      userTimezone: timezone,
+      requestMetadata: ctx.metadata,
+      folderId,
+    });
+
+    return {
+      id: document.id,
+    };
+  });
diff --git a/packages/trpc/server/document-router/create-document.types.ts b/packages/trpc/server/document-router/create-document.types.ts
new file mode 100644
index 000000000..4dfc89dce
--- /dev/null
+++ b/packages/trpc/server/document-router/create-document.types.ts
@@ -0,0 +1,27 @@
+import { z } from 'zod';
+
+import { ZDocumentMetaTimezoneSchema, ZDocumentTitleSchema } from './schema';
+
+// Currently not in use until we allow passthrough documents on create.
+// export const createDocumentMeta: TrpcRouteMeta = {
+//   openapi: {
+//     method: 'POST',
+//     path: '/document/create',
+//     summary: 'Create document',
+//     tags: ['Document'],
+//   },
+// };
+
+export const ZCreateDocumentRequestSchema = z.object({
+  title: ZDocumentTitleSchema,
+  documentDataId: z.string().min(1),
+  timezone: ZDocumentMetaTimezoneSchema.optional(),
+  folderId: z.string().describe('The ID of the folder to create the document in').optional(),
+});
+
+export const ZCreateDocumentResponseSchema = z.object({
+  id: z.number(),
+});
+
+export type TCreateDocumentRequest = z.infer<typeof ZCreateDocumentRequestSchema>;
+export type TCreateDocumentResponse = z.infer<typeof ZCreateDocumentResponseSchema>;
diff --git a/packages/trpc/server/document-router/delete-document.ts b/packages/trpc/server/document-router/delete-document.ts
new file mode 100644
index 000000000..659ff0394
--- /dev/null
+++ b/packages/trpc/server/document-router/delete-document.ts
@@ -0,0 +1,35 @@
+import { deleteDocument } from '@documenso/lib/server-only/document/delete-document';
+
+import { authenticatedProcedure } from '../trpc';
+import {
+  ZDeleteDocumentRequestSchema,
+  ZDeleteDocumentResponseSchema,
+  deleteDocumentMeta,
+} from './delete-document.types';
+import { ZGenericSuccessResponse } from './schema';
+
+export const deleteDocumentRoute = authenticatedProcedure
+  .meta(deleteDocumentMeta)
+  .input(ZDeleteDocumentRequestSchema)
+  .output(ZDeleteDocumentResponseSchema)
+  .mutation(async ({ input, ctx }) => {
+    const { teamId } = ctx;
+    const { documentId } = input;
+
+    ctx.logger.info({
+      input: {
+        documentId,
+      },
+    });
+
+    const userId = ctx.user.id;
+
+    await deleteDocument({
+      id: documentId,
+      userId,
+      teamId,
+      requestMetadata: ctx.metadata,
+    });
+
+    return ZGenericSuccessResponse;
+  });
diff --git a/packages/trpc/server/document-router/delete-document.types.ts b/packages/trpc/server/document-router/delete-document.types.ts
new file mode 100644
index 000000000..72c7a711d
--- /dev/null
+++ b/packages/trpc/server/document-router/delete-document.types.ts
@@ -0,0 +1,22 @@
+import { z } from 'zod';
+
+import type { TrpcRouteMeta } from '../trpc';
+import { ZSuccessResponseSchema } from './schema';
+
+export const deleteDocumentMeta: TrpcRouteMeta = {
+  openapi: {
+    method: 'POST',
+    path: '/document/delete',
+    summary: 'Delete document',
+    tags: ['Document'],
+  },
+};
+
+export const ZDeleteDocumentRequestSchema = z.object({
+  documentId: z.number(),
+});
+
+export const ZDeleteDocumentResponseSchema = ZSuccessResponseSchema;
+
+export type TDeleteDocumentRequest = z.infer<typeof ZDeleteDocumentRequestSchema>;
+export type TDeleteDocumentResponse = z.infer<typeof ZDeleteDocumentResponseSchema>;
diff --git a/packages/trpc/server/document-router/distribute-document.ts b/packages/trpc/server/document-router/distribute-document.ts
new file mode 100644
index 000000000..00fe8ef92
--- /dev/null
+++ b/packages/trpc/server/document-router/distribute-document.ts
@@ -0,0 +1,50 @@
+import { upsertDocumentMeta } from '@documenso/lib/server-only/document-meta/upsert-document-meta';
+import { sendDocument } from '@documenso/lib/server-only/document/send-document';
+
+import { authenticatedProcedure } from '../trpc';
+import {
+  ZDistributeDocumentRequestSchema,
+  ZDistributeDocumentResponseSchema,
+  distributeDocumentMeta,
+} from './distribute-document.types';
+
+export const distributeDocumentRoute = authenticatedProcedure
+  .meta(distributeDocumentMeta)
+  .input(ZDistributeDocumentRequestSchema)
+  .output(ZDistributeDocumentResponseSchema)
+  .mutation(async ({ input, ctx }) => {
+    const { teamId } = ctx;
+    const { documentId, meta = {} } = input;
+
+    ctx.logger.info({
+      input: {
+        documentId,
+      },
+    });
+
+    if (Object.values(meta).length > 0) {
+      await upsertDocumentMeta({
+        userId: ctx.user.id,
+        teamId,
+        documentId,
+        subject: meta.subject,
+        message: meta.message,
+        dateFormat: meta.dateFormat,
+        timezone: meta.timezone,
+        redirectUrl: meta.redirectUrl,
+        distributionMethod: meta.distributionMethod,
+        emailSettings: meta.emailSettings,
+        language: meta.language,
+        emailId: meta.emailId,
+        emailReplyTo: meta.emailReplyTo,
+        requestMetadata: ctx.metadata,
+      });
+    }
+
+    return await sendDocument({
+      userId: ctx.user.id,
+      documentId,
+      teamId,
+      requestMetadata: ctx.metadata,
+    });
+  });
diff --git a/packages/trpc/server/document-router/distribute-document.types.ts b/packages/trpc/server/document-router/distribute-document.types.ts
new file mode 100644
index 000000000..41bf23eb2
--- /dev/null
+++ b/packages/trpc/server/document-router/distribute-document.types.ts
@@ -0,0 +1,48 @@
+import { z } from 'zod';
+
+import { ZDocumentLiteSchema } from '@documenso/lib/types/document';
+import { ZDocumentEmailSettingsSchema } from '@documenso/lib/types/document-email';
+
+import type { TrpcRouteMeta } from '../trpc';
+import {
+  ZDocumentMetaDateFormatSchema,
+  ZDocumentMetaDistributionMethodSchema,
+  ZDocumentMetaLanguageSchema,
+  ZDocumentMetaMessageSchema,
+  ZDocumentMetaRedirectUrlSchema,
+  ZDocumentMetaSubjectSchema,
+  ZDocumentMetaTimezoneSchema,
+} from './schema';
+
+export const distributeDocumentMeta: TrpcRouteMeta = {
+  openapi: {
+    method: 'POST',
+    path: '/document/distribute',
+    summary: 'Distribute document',
+    description: 'Send the document out to recipients based on your distribution method',
+    tags: ['Document'],
+  },
+};
+
+export const ZDistributeDocumentRequestSchema = z.object({
+  documentId: z.number().describe('The ID of the document to send.'),
+  meta: z
+    .object({
+      subject: ZDocumentMetaSubjectSchema.optional(),
+      message: ZDocumentMetaMessageSchema.optional(),
+      timezone: ZDocumentMetaTimezoneSchema.optional(),
+      dateFormat: ZDocumentMetaDateFormatSchema.optional(),
+      distributionMethod: ZDocumentMetaDistributionMethodSchema.optional(),
+      redirectUrl: ZDocumentMetaRedirectUrlSchema.optional(),
+      language: ZDocumentMetaLanguageSchema.optional(),
+      emailId: z.string().nullish(),
+      emailReplyTo: z.string().email().nullish(),
+      emailSettings: ZDocumentEmailSettingsSchema.optional(),
+    })
+    .optional(),
+});
+
+export const ZDistributeDocumentResponseSchema = ZDocumentLiteSchema;
+
+export type TDistributeDocumentRequest = z.infer<typeof ZDistributeDocumentRequestSchema>;
+export type TDistributeDocumentResponse = z.infer<typeof ZDistributeDocumentResponseSchema>;
diff --git a/packages/trpc/server/document-router/download-document-audit-logs.ts b/packages/trpc/server/document-router/download-document-audit-logs.ts
new file mode 100644
index 000000000..af84c43e0
--- /dev/null
+++ b/packages/trpc/server/document-router/download-document-audit-logs.ts
@@ -0,0 +1,47 @@
+import { DateTime } from 'luxon';
+
+import { NEXT_PUBLIC_WEBAPP_URL } from '@documenso/lib/constants/app';
+import { AppError, AppErrorCode } from '@documenso/lib/errors/app-error';
+import { encryptSecondaryData } from '@documenso/lib/server-only/crypto/encrypt';
+import { getDocumentById } from '@documenso/lib/server-only/document/get-document-by-id';
+
+import { authenticatedProcedure } from '../trpc';
+import {
+  ZDownloadDocumentAuditLogsRequestSchema,
+  ZDownloadDocumentAuditLogsResponseSchema,
+} from './download-document-audit-logs.types';
+
+export const downloadDocumentAuditLogsRoute = authenticatedProcedure
+  .input(ZDownloadDocumentAuditLogsRequestSchema)
+  .output(ZDownloadDocumentAuditLogsResponseSchema)
+  .mutation(async ({ input, ctx }) => {
+    const { teamId } = ctx;
+    const { documentId } = input;
+
+    ctx.logger.info({
+      input: {
+        documentId,
+      },
+    });
+
+    const document = await getDocumentById({
+      documentId,
+      userId: ctx.user.id,
+      teamId,
+    }).catch(() => null);
+
+    if (!document || (teamId && document.teamId !== teamId)) {
+      throw new AppError(AppErrorCode.UNAUTHORIZED, {
+        message: 'You do not have access to this document.',
+      });
+    }
+
+    const encrypted = encryptSecondaryData({
+      data: document.id.toString(),
+      expiresAt: DateTime.now().plus({ minutes: 5 }).toJSDate().valueOf(),
+    });
+
+    return {
+      url: `${NEXT_PUBLIC_WEBAPP_URL()}/__htmltopdf/audit-log?d=${encrypted}`,
+    };
+  });
diff --git a/packages/trpc/server/document-router/download-document-audit-logs.types.ts b/packages/trpc/server/document-router/download-document-audit-logs.types.ts
new file mode 100644
index 000000000..b4cc209c2
--- /dev/null
+++ b/packages/trpc/server/document-router/download-document-audit-logs.types.ts
@@ -0,0 +1,16 @@
+import { z } from 'zod';
+
+export const ZDownloadDocumentAuditLogsRequestSchema = z.object({
+  documentId: z.number(),
+});
+
+export const ZDownloadDocumentAuditLogsResponseSchema = z.object({
+  url: z.string(),
+});
+
+export type TDownloadDocumentAuditLogsRequest = z.infer<
+  typeof ZDownloadDocumentAuditLogsRequestSchema
+>;
+export type TDownloadDocumentAuditLogsResponse = z.infer<
+  typeof ZDownloadDocumentAuditLogsResponseSchema
+>;
diff --git a/packages/trpc/server/document-router/download-document-certificate.ts b/packages/trpc/server/document-router/download-document-certificate.ts
new file mode 100644
index 000000000..b59eafbf0
--- /dev/null
+++ b/packages/trpc/server/document-router/download-document-certificate.ts
@@ -0,0 +1,46 @@
+import { DateTime } from 'luxon';
+
+import { NEXT_PUBLIC_WEBAPP_URL } from '@documenso/lib/constants/app';
+import { AppError } from '@documenso/lib/errors/app-error';
+import { encryptSecondaryData } from '@documenso/lib/server-only/crypto/encrypt';
+import { getDocumentById } from '@documenso/lib/server-only/document/get-document-by-id';
+import { isDocumentCompleted } from '@documenso/lib/utils/document';
+
+import { authenticatedProcedure } from '../trpc';
+import {
+  ZDownloadDocumentCertificateRequestSchema,
+  ZDownloadDocumentCertificateResponseSchema,
+} from './download-document-certificate.types';
+
+export const downloadDocumentCertificateRoute = authenticatedProcedure
+  .input(ZDownloadDocumentCertificateRequestSchema)
+  .output(ZDownloadDocumentCertificateResponseSchema)
+  .mutation(async ({ input, ctx }) => {
+    const { teamId } = ctx;
+    const { documentId } = input;
+
+    ctx.logger.info({
+      input: {
+        documentId,
+      },
+    });
+
+    const document = await getDocumentById({
+      documentId,
+      userId: ctx.user.id,
+      teamId,
+    });
+
+    if (!isDocumentCompleted(document.status)) {
+      throw new AppError('DOCUMENT_NOT_COMPLETE');
+    }
+
+    const encrypted = encryptSecondaryData({
+      data: document.id.toString(),
+      expiresAt: DateTime.now().plus({ minutes: 5 }).toJSDate().valueOf(),
+    });
+
+    return {
+      url: `${NEXT_PUBLIC_WEBAPP_URL()}/__htmltopdf/certificate?d=${encrypted}`,
+    };
+  });
diff --git a/packages/trpc/server/document-router/download-document-certificate.types.ts b/packages/trpc/server/document-router/download-document-certificate.types.ts
new file mode 100644
index 000000000..df81f1cad
--- /dev/null
+++ b/packages/trpc/server/document-router/download-document-certificate.types.ts
@@ -0,0 +1,16 @@
+import { z } from 'zod';
+
+export const ZDownloadDocumentCertificateRequestSchema = z.object({
+  documentId: z.number(),
+});
+
+export const ZDownloadDocumentCertificateResponseSchema = z.object({
+  url: z.string(),
+});
+
+export type TDownloadDocumentCertificateRequest = z.infer<
+  typeof ZDownloadDocumentCertificateRequestSchema
+>;
+export type TDownloadDocumentCertificateResponse = z.infer<
+  typeof ZDownloadDocumentCertificateResponseSchema
+>;
diff --git a/packages/trpc/server/document-router/download-document.ts b/packages/trpc/server/document-router/download-document.ts
index 84b75265c..a0cbbf104 100644
--- a/packages/trpc/server/document-router/download-document.ts
+++ b/packages/trpc/server/document-router/download-document.ts
@@ -6,18 +6,14 @@ import { getPresignGetUrl } from '@documenso/lib/universal/upload/server-actions
 import { isDocumentCompleted } from '@documenso/lib/utils/document';
 
 import { authenticatedProcedure } from '../trpc';
-import { ZDownloadDocumentRequestSchema, ZDownloadDocumentResponseSchema } from './schema';
+import {
+  ZDownloadDocumentRequestSchema,
+  ZDownloadDocumentResponseSchema,
+  downloadDocumentMeta,
+} from './download-document.types';
 
 export const downloadDocumentRoute = authenticatedProcedure
-  .meta({
-    openapi: {
-      method: 'GET',
-      path: '/document/{documentId}/download-beta',
-      summary: 'Download document (beta)',
-      description: 'Get a pre-signed download URL for the original or signed version of a document',
-      tags: ['Document'],
-    },
-  })
+  .meta(downloadDocumentMeta)
   .input(ZDownloadDocumentRequestSchema)
   .output(ZDownloadDocumentResponseSchema)
   .query(async ({ input, ctx }) => {
diff --git a/packages/trpc/server/document-router/download-document.types.ts b/packages/trpc/server/document-router/download-document.types.ts
new file mode 100644
index 000000000..be4f454f8
--- /dev/null
+++ b/packages/trpc/server/document-router/download-document.types.ts
@@ -0,0 +1,32 @@
+import { z } from 'zod';
+
+import type { TrpcRouteMeta } from '../trpc';
+
+export const downloadDocumentMeta: TrpcRouteMeta = {
+  openapi: {
+    method: 'GET',
+    path: '/document/{documentId}/download-beta',
+    summary: 'Download document (beta)',
+    description: 'Get a pre-signed download URL for the original or signed version of a document',
+    tags: ['Document'],
+  },
+};
+
+export const ZDownloadDocumentRequestSchema = z.object({
+  documentId: z.number().describe('The ID of the document to download.'),
+  version: z
+    .enum(['original', 'signed'])
+    .describe(
+      'The version of the document to download. "signed" returns the completed document with signatures, "original" returns the original uploaded document.',
+    )
+    .default('signed'),
+});
+
+export const ZDownloadDocumentResponseSchema = z.object({
+  downloadUrl: z.string().describe('Pre-signed URL for downloading the PDF file'),
+  filename: z.string().describe('The filename of the PDF file'),
+  contentType: z.string().describe('MIME type of the file'),
+});
+
+export type TDownloadDocumentRequest = z.infer<typeof ZDownloadDocumentRequestSchema>;
+export type TDownloadDocumentResponse = z.infer<typeof ZDownloadDocumentResponseSchema>;
diff --git a/packages/trpc/server/document-router/duplicate-document.ts b/packages/trpc/server/document-router/duplicate-document.ts
new file mode 100644
index 000000000..be8f29d03
--- /dev/null
+++ b/packages/trpc/server/document-router/duplicate-document.ts
@@ -0,0 +1,29 @@
+import { duplicateDocument } from '@documenso/lib/server-only/document/duplicate-document-by-id';
+
+import { authenticatedProcedure } from '../trpc';
+import {
+  ZDuplicateDocumentRequestSchema,
+  ZDuplicateDocumentResponseSchema,
+  duplicateDocumentMeta,
+} from './duplicate-document.types';
+
+export const duplicateDocumentRoute = authenticatedProcedure
+  .meta(duplicateDocumentMeta)
+  .input(ZDuplicateDocumentRequestSchema)
+  .output(ZDuplicateDocumentResponseSchema)
+  .mutation(async ({ input, ctx }) => {
+    const { teamId, user } = ctx;
+    const { documentId } = input;
+
+    ctx.logger.info({
+      input: {
+        documentId,
+      },
+    });
+
+    return await duplicateDocument({
+      userId: user.id,
+      teamId,
+      documentId,
+    });
+  });
diff --git a/packages/trpc/server/document-router/duplicate-document.types.ts b/packages/trpc/server/document-router/duplicate-document.types.ts
new file mode 100644
index 000000000..e77bccc73
--- /dev/null
+++ b/packages/trpc/server/document-router/duplicate-document.types.ts
@@ -0,0 +1,23 @@
+import { z } from 'zod';
+
+import type { TrpcRouteMeta } from '../trpc';
+
+export const duplicateDocumentMeta: TrpcRouteMeta = {
+  openapi: {
+    method: 'POST',
+    path: '/document/duplicate',
+    summary: 'Duplicate document',
+    tags: ['Document'],
+  },
+};
+
+export const ZDuplicateDocumentRequestSchema = z.object({
+  documentId: z.number(),
+});
+
+export const ZDuplicateDocumentResponseSchema = z.object({
+  documentId: z.number(),
+});
+
+export type TDuplicateDocumentRequest = z.infer<typeof ZDuplicateDocumentRequestSchema>;
+export type TDuplicateDocumentResponse = z.infer<typeof ZDuplicateDocumentResponseSchema>;
diff --git a/packages/trpc/server/document-router/find-document-audit-logs.ts b/packages/trpc/server/document-router/find-document-audit-logs.ts
new file mode 100644
index 000000000..17de388a3
--- /dev/null
+++ b/packages/trpc/server/document-router/find-document-audit-logs.ts
@@ -0,0 +1,41 @@
+import { findDocumentAuditLogs } from '@documenso/lib/server-only/document/find-document-audit-logs';
+
+import { authenticatedProcedure } from '../trpc';
+import {
+  ZFindDocumentAuditLogsRequestSchema,
+  ZFindDocumentAuditLogsResponseSchema,
+} from './find-document-audit-logs.types';
+
+export const findDocumentAuditLogsRoute = authenticatedProcedure
+  .input(ZFindDocumentAuditLogsRequestSchema)
+  .output(ZFindDocumentAuditLogsResponseSchema)
+  .query(async ({ input, ctx }) => {
+    const { teamId } = ctx;
+
+    const {
+      page,
+      perPage,
+      documentId,
+      cursor,
+      filterForRecentActivity,
+      orderByColumn,
+      orderByDirection,
+    } = input;
+
+    ctx.logger.info({
+      input: {
+        documentId,
+      },
+    });
+
+    return await findDocumentAuditLogs({
+      userId: ctx.user.id,
+      teamId,
+      page,
+      perPage,
+      documentId,
+      cursor,
+      filterForRecentActivity,
+      orderBy: orderByColumn ? { column: orderByColumn, direction: orderByDirection } : undefined,
+    });
+  });
diff --git a/packages/trpc/server/document-router/find-document-audit-logs.types.ts b/packages/trpc/server/document-router/find-document-audit-logs.types.ts
new file mode 100644
index 000000000..6e8991667
--- /dev/null
+++ b/packages/trpc/server/document-router/find-document-audit-logs.types.ts
@@ -0,0 +1,20 @@
+import { z } from 'zod';
+
+import { ZDocumentAuditLogSchema } from '@documenso/lib/types/document-audit-logs';
+import { ZFindResultResponse, ZFindSearchParamsSchema } from '@documenso/lib/types/search-params';
+
+export const ZFindDocumentAuditLogsRequestSchema = ZFindSearchParamsSchema.extend({
+  documentId: z.number().min(1),
+  cursor: z.string().optional(),
+  filterForRecentActivity: z.boolean().optional(),
+  orderByColumn: z.enum(['createdAt', 'type']).optional(),
+  orderByDirection: z.enum(['asc', 'desc']).default('desc'),
+});
+
+export const ZFindDocumentAuditLogsResponseSchema = ZFindResultResponse.extend({
+  data: ZDocumentAuditLogSchema.array(),
+  nextCursor: z.string().optional(),
+});
+
+export type TFindDocumentAuditLogsRequest = z.infer<typeof ZFindDocumentAuditLogsRequestSchema>;
+export type TFindDocumentAuditLogsResponse = z.infer<typeof ZFindDocumentAuditLogsResponseSchema>;
diff --git a/packages/trpc/server/document-router/find-documents-internal.ts b/packages/trpc/server/document-router/find-documents-internal.ts
new file mode 100644
index 000000000..47748771b
--- /dev/null
+++ b/packages/trpc/server/document-router/find-documents-internal.ts
@@ -0,0 +1,74 @@
+import { findDocuments } from '@documenso/lib/server-only/document/find-documents';
+import type { GetStatsInput } from '@documenso/lib/server-only/document/get-stats';
+import { getStats } from '@documenso/lib/server-only/document/get-stats';
+import { getTeamById } from '@documenso/lib/server-only/team/get-team';
+
+import { authenticatedProcedure } from '../trpc';
+import {
+  ZFindDocumentsInternalRequestSchema,
+  ZFindDocumentsInternalResponseSchema,
+} from './find-documents-internal.types';
+
+export const findDocumentsInternalRoute = authenticatedProcedure
+  .input(ZFindDocumentsInternalRequestSchema)
+  .output(ZFindDocumentsInternalResponseSchema)
+  .query(async ({ input, ctx }) => {
+    const { user, teamId } = ctx;
+
+    const {
+      query,
+      templateId,
+      page,
+      perPage,
+      orderByDirection,
+      orderByColumn,
+      source,
+      status,
+      period,
+      senderIds,
+      folderId,
+    } = input;
+
+    const getStatOptions: GetStatsInput = {
+      user,
+      period,
+      search: query,
+      folderId,
+    };
+
+    if (teamId) {
+      const team = await getTeamById({ userId: user.id, teamId });
+
+      getStatOptions.team = {
+        teamId: team.id,
+        teamEmail: team.teamEmail?.email,
+        senderIds,
+        currentTeamMemberRole: team.currentTeamRole,
+        currentUserEmail: user.email,
+        userId: user.id,
+      };
+    }
+
+    const [stats, documents] = await Promise.all([
+      getStats(getStatOptions),
+      findDocuments({
+        userId: user.id,
+        teamId,
+        query,
+        templateId,
+        page,
+        perPage,
+        source,
+        status,
+        period,
+        senderIds,
+        folderId,
+        orderBy: orderByColumn ? { column: orderByColumn, direction: orderByDirection } : undefined,
+      }),
+    ]);
+
+    return {
+      ...documents,
+      stats,
+    };
+  });
diff --git a/packages/trpc/server/document-router/find-documents-internal.types.ts b/packages/trpc/server/document-router/find-documents-internal.types.ts
new file mode 100644
index 000000000..16e8edb66
--- /dev/null
+++ b/packages/trpc/server/document-router/find-documents-internal.types.ts
@@ -0,0 +1,29 @@
+import { z } from 'zod';
+
+import { ZDocumentManySchema } from '@documenso/lib/types/document';
+import { ZFindResultResponse } from '@documenso/lib/types/search-params';
+import { ExtendedDocumentStatus } from '@documenso/prisma/types/extended-document-status';
+
+import { ZFindDocumentsRequestSchema } from './find-documents.types';
+
+export const ZFindDocumentsInternalRequestSchema = ZFindDocumentsRequestSchema.extend({
+  period: z.enum(['7d', '14d', '30d']).optional(),
+  senderIds: z.array(z.number()).optional(),
+  status: z.nativeEnum(ExtendedDocumentStatus).optional(),
+  folderId: z.string().optional(),
+});
+
+export const ZFindDocumentsInternalResponseSchema = ZFindResultResponse.extend({
+  data: ZDocumentManySchema.array(),
+  stats: z.object({
+    [ExtendedDocumentStatus.DRAFT]: z.number(),
+    [ExtendedDocumentStatus.PENDING]: z.number(),
+    [ExtendedDocumentStatus.COMPLETED]: z.number(),
+    [ExtendedDocumentStatus.REJECTED]: z.number(),
+    [ExtendedDocumentStatus.INBOX]: z.number(),
+    [ExtendedDocumentStatus.ALL]: z.number(),
+  }),
+});
+
+export type TFindDocumentsInternalRequest = z.infer<typeof ZFindDocumentsInternalRequestSchema>;
+export type TFindDocumentsInternalResponse = z.infer<typeof ZFindDocumentsInternalResponseSchema>;
diff --git a/packages/trpc/server/document-router/find-documents.ts b/packages/trpc/server/document-router/find-documents.ts
new file mode 100644
index 000000000..71684b326
--- /dev/null
+++ b/packages/trpc/server/document-router/find-documents.ts
@@ -0,0 +1,43 @@
+import { findDocuments } from '@documenso/lib/server-only/document/find-documents';
+
+import { authenticatedProcedure } from '../trpc';
+import {
+  ZFindDocumentsMeta,
+  ZFindDocumentsRequestSchema,
+  ZFindDocumentsResponseSchema,
+} from './find-documents.types';
+
+export const findDocumentsRoute = authenticatedProcedure
+  .meta(ZFindDocumentsMeta)
+  .input(ZFindDocumentsRequestSchema)
+  .output(ZFindDocumentsResponseSchema)
+  .query(async ({ input, ctx }) => {
+    const { user, teamId } = ctx;
+
+    const {
+      query,
+      templateId,
+      page,
+      perPage,
+      orderByDirection,
+      orderByColumn,
+      source,
+      status,
+      folderId,
+    } = input;
+
+    const documents = await findDocuments({
+      userId: user.id,
+      teamId,
+      templateId,
+      query,
+      source,
+      status,
+      page,
+      perPage,
+      folderId,
+      orderBy: orderByColumn ? { column: orderByColumn, direction: orderByDirection } : undefined,
+    });
+
+    return documents;
+  });
diff --git a/packages/trpc/server/document-router/find-documents.types.ts b/packages/trpc/server/document-router/find-documents.types.ts
new file mode 100644
index 000000000..dafb047b6
--- /dev/null
+++ b/packages/trpc/server/document-router/find-documents.types.ts
@@ -0,0 +1,42 @@
+import { DocumentSource, DocumentStatus } from '@prisma/client';
+import { z } from 'zod';
+
+import { ZDocumentManySchema } from '@documenso/lib/types/document';
+import { ZFindResultResponse, ZFindSearchParamsSchema } from '@documenso/lib/types/search-params';
+
+import type { TrpcRouteMeta } from '../trpc';
+
+export const ZFindDocumentsMeta: TrpcRouteMeta = {
+  openapi: {
+    method: 'GET',
+    path: '/document',
+    summary: 'Find documents',
+    description: 'Find documents based on a search criteria',
+    tags: ['Document'],
+  },
+};
+
+export const ZFindDocumentsRequestSchema = ZFindSearchParamsSchema.extend({
+  templateId: z
+    .number()
+    .describe('Filter documents by the template ID used to create it.')
+    .optional(),
+  source: z
+    .nativeEnum(DocumentSource)
+    .describe('Filter documents by how it was created.')
+    .optional(),
+  status: z
+    .nativeEnum(DocumentStatus)
+    .describe('Filter documents by the current status')
+    .optional(),
+  folderId: z.string().describe('Filter documents by folder ID').optional(),
+  orderByColumn: z.enum(['createdAt']).optional(),
+  orderByDirection: z.enum(['asc', 'desc']).describe('').default('desc'),
+});
+
+export const ZFindDocumentsResponseSchema = ZFindResultResponse.extend({
+  data: ZDocumentManySchema.array(),
+});
+
+export type TFindDocumentsRequest = z.infer<typeof ZFindDocumentsRequestSchema>;
+export type TFindDocumentsResponse = z.infer<typeof ZFindDocumentsResponseSchema>;
diff --git a/packages/trpc/server/document-router/get-document-by-token.ts b/packages/trpc/server/document-router/get-document-by-token.ts
new file mode 100644
index 000000000..b640f6946
--- /dev/null
+++ b/packages/trpc/server/document-router/get-document-by-token.ts
@@ -0,0 +1,43 @@
+import { AppError, AppErrorCode } from '@documenso/lib/errors/app-error';
+import { prisma } from '@documenso/prisma';
+
+import { authenticatedProcedure } from '../trpc';
+import {
+  ZGetDocumentByTokenRequestSchema,
+  ZGetDocumentByTokenResponseSchema,
+} from './get-document-by-token.types';
+
+export const getDocumentByTokenRoute = authenticatedProcedure
+  .input(ZGetDocumentByTokenRequestSchema)
+  .output(ZGetDocumentByTokenResponseSchema)
+  .query(async ({ input, ctx }) => {
+    const { token } = input;
+
+    const document = await prisma.document.findFirst({
+      where: {
+        recipients: {
+          some: {
+            token,
+            email: ctx.user.email,
+          },
+        },
+      },
+      include: {
+        documentData: true,
+      },
+    });
+
+    if (!document) {
+      throw new AppError(AppErrorCode.NOT_FOUND, {
+        message: 'Document not found',
+      });
+    }
+
+    ctx.logger.info({
+      documentId: document.id,
+    });
+
+    return {
+      documentData: document.documentData,
+    };
+  });
diff --git a/packages/trpc/server/document-router/get-document-by-token.types.ts b/packages/trpc/server/document-router/get-document-by-token.types.ts
new file mode 100644
index 000000000..34f79c620
--- /dev/null
+++ b/packages/trpc/server/document-router/get-document-by-token.types.ts
@@ -0,0 +1,14 @@
+import { z } from 'zod';
+
+import DocumentDataSchema from '@documenso/prisma/generated/zod/modelSchema/DocumentDataSchema';
+
+export const ZGetDocumentByTokenRequestSchema = z.object({
+  token: z.string().min(1),
+});
+
+export const ZGetDocumentByTokenResponseSchema = z.object({
+  documentData: DocumentDataSchema,
+});
+
+export type TGetDocumentByTokenRequest = z.infer<typeof ZGetDocumentByTokenRequestSchema>;
+export type TGetDocumentByTokenResponse = z.infer<typeof ZGetDocumentByTokenResponseSchema>;
diff --git a/packages/trpc/server/document-router/get-document.ts b/packages/trpc/server/document-router/get-document.ts
new file mode 100644
index 000000000..4dad5291f
--- /dev/null
+++ b/packages/trpc/server/document-router/get-document.ts
@@ -0,0 +1,29 @@
+import { getDocumentWithDetailsById } from '@documenso/lib/server-only/document/get-document-with-details-by-id';
+
+import { authenticatedProcedure } from '../trpc';
+import {
+  ZGetDocumentRequestSchema,
+  ZGetDocumentResponseSchema,
+  getDocumentMeta,
+} from './get-document.types';
+
+export const getDocumentRoute = authenticatedProcedure
+  .meta(getDocumentMeta)
+  .input(ZGetDocumentRequestSchema)
+  .output(ZGetDocumentResponseSchema)
+  .query(async ({ input, ctx }) => {
+    const { teamId, user } = ctx;
+    const { documentId } = input;
+
+    ctx.logger.info({
+      input: {
+        documentId,
+      },
+    });
+
+    return await getDocumentWithDetailsById({
+      userId: user.id,
+      teamId,
+      documentId,
+    });
+  });
diff --git a/packages/trpc/server/document-router/get-document.types.ts b/packages/trpc/server/document-router/get-document.types.ts
new file mode 100644
index 000000000..08072f021
--- /dev/null
+++ b/packages/trpc/server/document-router/get-document.types.ts
@@ -0,0 +1,24 @@
+import { z } from 'zod';
+
+import { ZDocumentSchema } from '@documenso/lib/types/document';
+
+import type { TrpcRouteMeta } from '../trpc';
+
+export const getDocumentMeta: TrpcRouteMeta = {
+  openapi: {
+    method: 'GET',
+    path: '/document/{documentId}',
+    summary: 'Get document',
+    description: 'Returns a document given an ID',
+    tags: ['Document'],
+  },
+};
+
+export const ZGetDocumentRequestSchema = z.object({
+  documentId: z.number(),
+});
+
+export const ZGetDocumentResponseSchema = ZDocumentSchema;
+
+export type TGetDocumentRequest = z.infer<typeof ZGetDocumentRequestSchema>;
+export type TGetDocumentResponse = z.infer<typeof ZGetDocumentResponseSchema>;
diff --git a/packages/trpc/server/document-router/redistribute-document.ts b/packages/trpc/server/document-router/redistribute-document.ts
new file mode 100644
index 000000000..6bc06e189
--- /dev/null
+++ b/packages/trpc/server/document-router/redistribute-document.ts
@@ -0,0 +1,35 @@
+import { resendDocument } from '@documenso/lib/server-only/document/resend-document';
+
+import { authenticatedProcedure } from '../trpc';
+import {
+  ZRedistributeDocumentRequestSchema,
+  ZRedistributeDocumentResponseSchema,
+  redistributeDocumentMeta,
+} from './redistribute-document.types';
+import { ZGenericSuccessResponse } from './schema';
+
+export const redistributeDocumentRoute = authenticatedProcedure
+  .meta(redistributeDocumentMeta)
+  .input(ZRedistributeDocumentRequestSchema)
+  .output(ZRedistributeDocumentResponseSchema)
+  .mutation(async ({ input, ctx }) => {
+    const { teamId } = ctx;
+    const { documentId, recipients } = input;
+
+    ctx.logger.info({
+      input: {
+        documentId,
+        recipients,
+      },
+    });
+
+    await resendDocument({
+      userId: ctx.user.id,
+      teamId,
+      documentId,
+      recipients,
+      requestMetadata: ctx.metadata,
+    });
+
+    return ZGenericSuccessResponse;
+  });
diff --git a/packages/trpc/server/document-router/redistribute-document.types.ts b/packages/trpc/server/document-router/redistribute-document.types.ts
new file mode 100644
index 000000000..6444b6fe5
--- /dev/null
+++ b/packages/trpc/server/document-router/redistribute-document.types.ts
@@ -0,0 +1,28 @@
+import { z } from 'zod';
+
+import type { TrpcRouteMeta } from '../trpc';
+import { ZSuccessResponseSchema } from './schema';
+
+export const redistributeDocumentMeta: TrpcRouteMeta = {
+  openapi: {
+    method: 'POST',
+    path: '/document/redistribute',
+    summary: 'Redistribute document',
+    description:
+      'Redistribute the document to the provided recipients who have not actioned the document. Will use the distribution method set in the document',
+    tags: ['Document'],
+  },
+};
+
+export const ZRedistributeDocumentRequestSchema = z.object({
+  documentId: z.number(),
+  recipients: z
+    .array(z.number())
+    .min(1)
+    .describe('The IDs of the recipients to redistribute the document to.'),
+});
+
+export const ZRedistributeDocumentResponseSchema = ZSuccessResponseSchema;
+
+export type TRedistributeDocumentRequest = z.infer<typeof ZRedistributeDocumentRequestSchema>;
+export type TRedistributeDocumentResponse = z.infer<typeof ZRedistributeDocumentResponseSchema>;
diff --git a/packages/trpc/server/document-router/router.ts b/packages/trpc/server/document-router/router.ts
index 8d3cc8020..da5b8e769 100644
--- a/packages/trpc/server/document-router/router.ts
+++ b/packages/trpc/server/document-router/router.ts
@@ -1,691 +1,49 @@
-import { DocumentDataType } from '@prisma/client';
-import { DateTime } from 'luxon';
-
-import { getServerLimits } from '@documenso/ee/server-only/limits/server';
-import { NEXT_PUBLIC_WEBAPP_URL } from '@documenso/lib/constants/app';
-import { AppError, AppErrorCode } from '@documenso/lib/errors/app-error';
-import { encryptSecondaryData } from '@documenso/lib/server-only/crypto/encrypt';
-import { createDocumentData } from '@documenso/lib/server-only/document-data/create-document-data';
-import { upsertDocumentMeta } from '@documenso/lib/server-only/document-meta/upsert-document-meta';
-import { createDocument } from '@documenso/lib/server-only/document/create-document';
-import { createDocumentV2 } from '@documenso/lib/server-only/document/create-document-v2';
-import { deleteDocument } from '@documenso/lib/server-only/document/delete-document';
-import { duplicateDocument } from '@documenso/lib/server-only/document/duplicate-document-by-id';
-import { findDocumentAuditLogs } from '@documenso/lib/server-only/document/find-document-audit-logs';
-import { findDocuments } from '@documenso/lib/server-only/document/find-documents';
-import { getDocumentById } from '@documenso/lib/server-only/document/get-document-by-id';
-import { getDocumentAndSenderByToken } from '@documenso/lib/server-only/document/get-document-by-token';
-import { getDocumentWithDetailsById } from '@documenso/lib/server-only/document/get-document-with-details-by-id';
-import type { GetStatsInput } from '@documenso/lib/server-only/document/get-stats';
-import { getStats } from '@documenso/lib/server-only/document/get-stats';
-import { resendDocument } from '@documenso/lib/server-only/document/resend-document';
-import { searchDocumentsWithKeyword } from '@documenso/lib/server-only/document/search-documents-with-keyword';
-import { sendDocument } from '@documenso/lib/server-only/document/send-document';
-import { getTeamById } from '@documenso/lib/server-only/team/get-team';
-import { getPresignPostUrl } from '@documenso/lib/universal/upload/server-actions';
-import { isDocumentCompleted } from '@documenso/lib/utils/document';
-
-import { authenticatedProcedure, procedure, router } from '../trpc';
+import { router } from '../trpc';
+import { createDocumentRoute } from './create-document';
+import { createDocumentTemporaryRoute } from './create-document-temporary';
+import { deleteDocumentRoute } from './delete-document';
+import { distributeDocumentRoute } from './distribute-document';
 import { downloadDocumentRoute } from './download-document';
+import { downloadDocumentAuditLogsRoute } from './download-document-audit-logs';
+import { downloadDocumentCertificateRoute } from './download-document-certificate';
+import { duplicateDocumentRoute } from './duplicate-document';
+import { findDocumentAuditLogsRoute } from './find-document-audit-logs';
+import { findDocumentsRoute } from './find-documents';
+import { findDocumentsInternalRoute } from './find-documents-internal';
 import { findInboxRoute } from './find-inbox';
+import { getDocumentRoute } from './get-document';
+import { getDocumentByTokenRoute } from './get-document-by-token';
 import { getInboxCountRoute } from './get-inbox-count';
-import {
-  ZCreateDocumentRequestSchema,
-  ZCreateDocumentV2RequestSchema,
-  ZCreateDocumentV2ResponseSchema,
-  ZDeleteDocumentMutationSchema,
-  ZDistributeDocumentRequestSchema,
-  ZDistributeDocumentResponseSchema,
-  ZDownloadAuditLogsMutationSchema,
-  ZDownloadCertificateMutationSchema,
-  ZDuplicateDocumentRequestSchema,
-  ZDuplicateDocumentResponseSchema,
-  ZFindDocumentAuditLogsQuerySchema,
-  ZFindDocumentsInternalRequestSchema,
-  ZFindDocumentsInternalResponseSchema,
-  ZFindDocumentsRequestSchema,
-  ZFindDocumentsResponseSchema,
-  ZGenericSuccessResponse,
-  ZGetDocumentByIdQuerySchema,
-  ZGetDocumentByTokenQuerySchema,
-  ZGetDocumentWithDetailsByIdRequestSchema,
-  ZGetDocumentWithDetailsByIdResponseSchema,
-  ZResendDocumentMutationSchema,
-  ZSearchDocumentsMutationSchema,
-  ZSetSigningOrderForDocumentMutationSchema,
-  ZSuccessResponseSchema,
-} from './schema';
+import { redistributeDocumentRoute } from './redistribute-document';
+import { searchDocumentRoute } from './search-document';
 import { updateDocumentRoute } from './update-document';
 
 export const documentRouter = router({
-  inbox: {
+  get: getDocumentRoute,
+  find: findDocumentsRoute,
+  create: createDocumentRoute,
+  update: updateDocumentRoute,
+  delete: deleteDocumentRoute,
+  duplicate: duplicateDocumentRoute,
+  downloadCertificate: downloadDocumentCertificateRoute,
+  distribute: distributeDocumentRoute,
+  redistribute: redistributeDocumentRoute,
+  search: searchDocumentRoute,
+
+  // Temporary v2 beta routes to be removed once V2 is fully released.
+  download: downloadDocumentRoute,
+  createDocumentTemporary: createDocumentTemporaryRoute,
+
+  // Internal document routes for custom frontend requests.
+  getDocumentByToken: getDocumentByTokenRoute,
+  findDocumentsInternal: findDocumentsInternalRoute,
+
+  auditLog: {
+    find: findDocumentAuditLogsRoute,
+    download: downloadDocumentAuditLogsRoute,
+  },
+  inbox: router({
     find: findInboxRoute,
     getCount: getInboxCountRoute,
-  },
-  updateDocument: updateDocumentRoute,
-  downloadDocument: downloadDocumentRoute,
-
-  /**
-   * @private
-   */
-  getDocumentById: authenticatedProcedure
-    .input(ZGetDocumentByIdQuerySchema)
-    .query(async ({ input, ctx }) => {
-      const { teamId } = ctx;
-      const { documentId } = input;
-
-      ctx.logger.info({
-        input: {
-          documentId,
-        },
-      });
-
-      return await getDocumentById({
-        userId: ctx.user.id,
-        teamId,
-        documentId,
-      });
-    }),
-
-  /**
-   * @private
-   */
-  getDocumentByToken: procedure
-    .input(ZGetDocumentByTokenQuerySchema)
-    .query(async ({ input, ctx }) => {
-      const { token } = input;
-
-      return await getDocumentAndSenderByToken({
-        token,
-        userId: ctx.user?.id,
-      });
-    }),
-
-  /**
-   * @public
-   */
-  findDocuments: authenticatedProcedure
-    .meta({
-      openapi: {
-        method: 'GET',
-        path: '/document',
-        summary: 'Find documents',
-        description: 'Find documents based on a search criteria',
-        tags: ['Document'],
-      },
-    })
-    .input(ZFindDocumentsRequestSchema)
-    .output(ZFindDocumentsResponseSchema)
-    .query(async ({ input, ctx }) => {
-      const { user, teamId } = ctx;
-
-      const {
-        query,
-        templateId,
-        page,
-        perPage,
-        orderByDirection,
-        orderByColumn,
-        source,
-        status,
-        folderId,
-      } = input;
-
-      const documents = await findDocuments({
-        userId: user.id,
-        teamId,
-        templateId,
-        query,
-        source,
-        status,
-        page,
-        perPage,
-        folderId,
-        orderBy: orderByColumn ? { column: orderByColumn, direction: orderByDirection } : undefined,
-      });
-
-      return documents;
-    }),
-
-  /**
-   * Internal endpoint for /documents page to additionally return getStats.
-   *
-   * @private
-   */
-  findDocumentsInternal: authenticatedProcedure
-    .input(ZFindDocumentsInternalRequestSchema)
-    .output(ZFindDocumentsInternalResponseSchema)
-    .query(async ({ input, ctx }) => {
-      const { user, teamId } = ctx;
-
-      const {
-        query,
-        templateId,
-        page,
-        perPage,
-        orderByDirection,
-        orderByColumn,
-        source,
-        status,
-        period,
-        senderIds,
-        folderId,
-      } = input;
-
-      const getStatOptions: GetStatsInput = {
-        user,
-        period,
-        search: query,
-        folderId,
-      };
-
-      if (teamId) {
-        const team = await getTeamById({ userId: user.id, teamId });
-
-        getStatOptions.team = {
-          teamId: team.id,
-          teamEmail: team.teamEmail?.email,
-          senderIds,
-          currentTeamMemberRole: team.currentTeamRole,
-          currentUserEmail: user.email,
-          userId: user.id,
-        };
-      }
-
-      const [stats, documents] = await Promise.all([
-        getStats(getStatOptions),
-        findDocuments({
-          userId: user.id,
-          teamId,
-          query,
-          templateId,
-          page,
-          perPage,
-          source,
-          status,
-          period,
-          senderIds,
-          folderId,
-          orderBy: orderByColumn
-            ? { column: orderByColumn, direction: orderByDirection }
-            : undefined,
-        }),
-      ]);
-
-      return {
-        ...documents,
-        stats,
-      };
-    }),
-
-  /**
-   * @public
-   *
-   * Todo: Refactor to getDocumentById.
-   */
-  getDocumentWithDetailsById: authenticatedProcedure
-    .meta({
-      openapi: {
-        method: 'GET',
-        path: '/document/{documentId}',
-        summary: 'Get document',
-        description: 'Returns a document given an ID',
-        tags: ['Document'],
-      },
-    })
-    .input(ZGetDocumentWithDetailsByIdRequestSchema)
-    .output(ZGetDocumentWithDetailsByIdResponseSchema)
-    .query(async ({ input, ctx }) => {
-      const { teamId, user } = ctx;
-      const { documentId, folderId } = input;
-
-      ctx.logger.info({
-        input: {
-          documentId,
-          folderId,
-        },
-      });
-
-      return await getDocumentWithDetailsById({
-        userId: user.id,
-        teamId,
-        documentId,
-        folderId,
-      });
-    }),
-
-  /**
-   * Temporariy endpoint for V2 Beta until we allow passthrough documents on create.
-   *
-   * @public
-   * @deprecated
-   */
-  createDocumentTemporary: authenticatedProcedure
-    .meta({
-      openapi: {
-        method: 'POST',
-        path: '/document/create/beta',
-        summary: 'Create document',
-        description:
-          'You will need to upload the PDF to the provided URL returned. Note: Once V2 API is released, this will be removed since we will allow direct uploads, instead of using an upload URL.',
-        tags: ['Document'],
-      },
-    })
-    .input(ZCreateDocumentV2RequestSchema)
-    .output(ZCreateDocumentV2ResponseSchema)
-    .mutation(async ({ input, ctx }) => {
-      const { teamId, user } = ctx;
-
-      const {
-        title,
-        externalId,
-        visibility,
-        globalAccessAuth,
-        globalActionAuth,
-        recipients,
-        meta,
-        folderId,
-      } = input;
-
-      const { remaining } = await getServerLimits({ userId: user.id, teamId });
-
-      if (remaining.documents <= 0) {
-        throw new AppError(AppErrorCode.LIMIT_EXCEEDED, {
-          message: 'You have reached your document limit for this month. Please upgrade your plan.',
-          statusCode: 400,
-        });
-      }
-
-      const fileName = title.endsWith('.pdf') ? title : `${title}.pdf`;
-
-      const { url, key } = await getPresignPostUrl(fileName, 'application/pdf');
-
-      const documentData = await createDocumentData({
-        data: key,
-        type: DocumentDataType.S3_PATH,
-      });
-
-      const createdDocument = await createDocumentV2({
-        userId: ctx.user.id,
-        teamId,
-        documentDataId: documentData.id,
-        normalizePdf: false, // Not normalizing because of presigned URL.
-        data: {
-          title,
-          externalId,
-          visibility,
-          globalAccessAuth,
-          globalActionAuth,
-          recipients,
-          folderId,
-        },
-        meta,
-        requestMetadata: ctx.metadata,
-      });
-
-      return {
-        document: createdDocument,
-        folder: createdDocument.folder, // Todo: Remove this prior to api-v2 release.
-        uploadUrl: url,
-      };
-    }),
-
-  /**
-   * Wait until RR7 so we can passthrough documents.
-   *
-   * @private
-   */
-  createDocument: authenticatedProcedure
-    // .meta({
-    //   openapi: {
-    //     method: 'POST',
-    //     path: '/document/create',
-    //     summary: 'Create document',
-    //     tags: ['Document'],
-    //   },
-    // })
-    .input(ZCreateDocumentRequestSchema)
-    .mutation(async ({ input, ctx }) => {
-      const { user, teamId } = ctx;
-      const { title, documentDataId, timezone, folderId } = input;
-
-      ctx.logger.info({
-        input: {
-          folderId,
-        },
-      });
-
-      const { remaining } = await getServerLimits({ userId: user.id, teamId });
-
-      if (remaining.documents <= 0) {
-        throw new AppError(AppErrorCode.LIMIT_EXCEEDED, {
-          message: 'You have reached your document limit for this month. Please upgrade your plan.',
-          statusCode: 400,
-        });
-      }
-
-      return await createDocument({
-        userId: user.id,
-        teamId,
-        title,
-        documentDataId,
-        normalizePdf: true,
-        userTimezone: timezone,
-        requestMetadata: ctx.metadata,
-        folderId,
-      });
-    }),
-
-  /**
-   * @public
-   */
-  deleteDocument: authenticatedProcedure
-    .meta({
-      openapi: {
-        method: 'POST',
-        path: '/document/delete',
-        summary: 'Delete document',
-        tags: ['Document'],
-      },
-    })
-    .input(ZDeleteDocumentMutationSchema)
-    .output(ZSuccessResponseSchema)
-    .mutation(async ({ input, ctx }) => {
-      const { teamId } = ctx;
-      const { documentId } = input;
-
-      ctx.logger.info({
-        input: {
-          documentId,
-        },
-      });
-
-      const userId = ctx.user.id;
-
-      await deleteDocument({
-        id: documentId,
-        userId,
-        teamId,
-        requestMetadata: ctx.metadata,
-      });
-
-      return ZGenericSuccessResponse;
-    }),
-
-  /**
-   * @private
-   *
-   * Todo: Remove and use `updateDocument` endpoint instead.
-   */
-  setSigningOrderForDocument: authenticatedProcedure
-    .input(ZSetSigningOrderForDocumentMutationSchema)
-    .mutation(async ({ input, ctx }) => {
-      const { teamId } = ctx;
-      const { documentId, signingOrder } = input;
-
-      ctx.logger.info({
-        input: {
-          documentId,
-          signingOrder,
-        },
-      });
-
-      return await upsertDocumentMeta({
-        userId: ctx.user.id,
-        teamId,
-        documentId,
-        signingOrder,
-        requestMetadata: ctx.metadata,
-      });
-    }),
-
-  /**
-   * @public
-   *
-   * Todo: Refactor to distributeDocument.
-   * Todo: Rework before releasing API.
-   */
-  sendDocument: authenticatedProcedure
-    .meta({
-      openapi: {
-        method: 'POST',
-        path: '/document/distribute',
-        summary: 'Distribute document',
-        description: 'Send the document out to recipients based on your distribution method',
-        tags: ['Document'],
-      },
-    })
-    .input(ZDistributeDocumentRequestSchema)
-    .output(ZDistributeDocumentResponseSchema)
-    .mutation(async ({ input, ctx }) => {
-      const { teamId } = ctx;
-      const { documentId, meta = {} } = input;
-
-      ctx.logger.info({
-        input: {
-          documentId,
-        },
-      });
-
-      if (Object.values(meta).length > 0) {
-        await upsertDocumentMeta({
-          userId: ctx.user.id,
-          teamId,
-          documentId,
-          subject: meta.subject,
-          message: meta.message,
-          dateFormat: meta.dateFormat,
-          timezone: meta.timezone,
-          redirectUrl: meta.redirectUrl,
-          distributionMethod: meta.distributionMethod,
-          emailSettings: meta.emailSettings,
-          language: meta.language,
-          emailId: meta.emailId,
-          emailReplyTo: meta.emailReplyTo,
-          requestMetadata: ctx.metadata,
-        });
-      }
-
-      return await sendDocument({
-        userId: ctx.user.id,
-        documentId,
-        teamId,
-        requestMetadata: ctx.metadata,
-      });
-    }),
-
-  /**
-   * @public
-   *
-   * Todo: Refactor to redistributeDocument.
-   */
-  resendDocument: authenticatedProcedure
-    .meta({
-      openapi: {
-        method: 'POST',
-        path: '/document/redistribute',
-        summary: 'Redistribute document',
-        description:
-          'Redistribute the document to the provided recipients who have not actioned the document. Will use the distribution method set in the document',
-        tags: ['Document'],
-      },
-    })
-    .input(ZResendDocumentMutationSchema)
-    .output(ZSuccessResponseSchema)
-    .mutation(async ({ input, ctx }) => {
-      const { teamId } = ctx;
-      const { documentId, recipients } = input;
-
-      ctx.logger.info({
-        input: {
-          documentId,
-          recipients,
-        },
-      });
-
-      await resendDocument({
-        userId: ctx.user.id,
-        teamId,
-        documentId,
-        recipients,
-        requestMetadata: ctx.metadata,
-      });
-
-      return ZGenericSuccessResponse;
-    }),
-
-  /**
-   * @public
-   */
-  duplicateDocument: authenticatedProcedure
-    .meta({
-      openapi: {
-        method: 'POST',
-        path: '/document/duplicate',
-        summary: 'Duplicate document',
-        tags: ['Document'],
-      },
-    })
-    .input(ZDuplicateDocumentRequestSchema)
-    .output(ZDuplicateDocumentResponseSchema)
-    .mutation(async ({ input, ctx }) => {
-      const { teamId, user } = ctx;
-      const { documentId } = input;
-
-      ctx.logger.info({
-        input: {
-          documentId,
-        },
-      });
-
-      return await duplicateDocument({
-        userId: user.id,
-        teamId,
-        documentId,
-      });
-    }),
-
-  /**
-   * @private
-   */
-  searchDocuments: authenticatedProcedure
-    .input(ZSearchDocumentsMutationSchema)
-    .query(async ({ input, ctx }) => {
-      const { query } = input;
-
-      const documents = await searchDocumentsWithKeyword({
-        query,
-        userId: ctx.user.id,
-      });
-
-      return documents;
-    }),
-
-  /**
-   * @private
-   */
-  findDocumentAuditLogs: authenticatedProcedure
-    .input(ZFindDocumentAuditLogsQuerySchema)
-    .query(async ({ input, ctx }) => {
-      const { teamId } = ctx;
-
-      const {
-        page,
-        perPage,
-        documentId,
-        cursor,
-        filterForRecentActivity,
-        orderByColumn,
-        orderByDirection,
-      } = input;
-
-      ctx.logger.info({
-        input: {
-          documentId,
-        },
-      });
-
-      return await findDocumentAuditLogs({
-        userId: ctx.user.id,
-        teamId,
-        page,
-        perPage,
-        documentId,
-        cursor,
-        filterForRecentActivity,
-        orderBy: orderByColumn ? { column: orderByColumn, direction: orderByDirection } : undefined,
-      });
-    }),
-
-  /**
-   * @private
-   */
-  downloadAuditLogs: authenticatedProcedure
-    .input(ZDownloadAuditLogsMutationSchema)
-    .mutation(async ({ input, ctx }) => {
-      const { teamId } = ctx;
-      const { documentId } = input;
-
-      ctx.logger.info({
-        input: {
-          documentId,
-        },
-      });
-
-      const document = await getDocumentById({
-        documentId,
-        userId: ctx.user.id,
-        teamId,
-      }).catch(() => null);
-
-      if (!document || (teamId && document.teamId !== teamId)) {
-        throw new AppError(AppErrorCode.UNAUTHORIZED, {
-          message: 'You do not have access to this document.',
-        });
-      }
-
-      const encrypted = encryptSecondaryData({
-        data: document.id.toString(),
-        expiresAt: DateTime.now().plus({ minutes: 5 }).toJSDate().valueOf(),
-      });
-
-      return {
-        url: `${NEXT_PUBLIC_WEBAPP_URL()}/__htmltopdf/audit-log?d=${encrypted}`,
-      };
-    }),
-
-  /**
-   * @private
-   */
-  downloadCertificate: authenticatedProcedure
-    .input(ZDownloadCertificateMutationSchema)
-    .mutation(async ({ input, ctx }) => {
-      const { teamId } = ctx;
-      const { documentId } = input;
-
-      ctx.logger.info({
-        input: {
-          documentId,
-        },
-      });
-
-      const document = await getDocumentById({
-        documentId,
-        userId: ctx.user.id,
-        teamId,
-      });
-
-      if (!isDocumentCompleted(document.status)) {
-        throw new AppError('DOCUMENT_NOT_COMPLETE');
-      }
-
-      const encrypted = encryptSecondaryData({
-        data: document.id.toString(),
-        expiresAt: DateTime.now().plus({ minutes: 5 }).toJSDate().valueOf(),
-      });
-
-      return {
-        url: `${NEXT_PUBLIC_WEBAPP_URL()}/__htmltopdf/certificate?d=${encrypted}`,
-      };
-    }),
+  }),
 });
diff --git a/packages/trpc/server/document-router/schema.ts b/packages/trpc/server/document-router/schema.ts
index 22425a2f4..f362bf1a1 100644
--- a/packages/trpc/server/document-router/schema.ts
+++ b/packages/trpc/server/document-router/schema.ts
@@ -1,39 +1,9 @@
-import {
-  DocumentDistributionMethod,
-  DocumentSigningOrder,
-  DocumentSource,
-  DocumentStatus,
-  DocumentVisibility,
-  FieldType,
-} from '@prisma/client';
+import { DocumentDistributionMethod, DocumentVisibility } from '@prisma/client';
 import { z } from 'zod';
 
 import { VALID_DATE_FORMAT_VALUES } from '@documenso/lib/constants/date-formats';
 import { SUPPORTED_LANGUAGE_CODES } from '@documenso/lib/constants/i18n';
-import {
-  ZDocumentLiteSchema,
-  ZDocumentManySchema,
-  ZDocumentSchema,
-} from '@documenso/lib/types/document';
-import {
-  ZDocumentAccessAuthTypesSchema,
-  ZDocumentActionAuthTypesSchema,
-} from '@documenso/lib/types/document-auth';
-import { ZDocumentEmailSettingsSchema } from '@documenso/lib/types/document-email';
-import { ZDocumentFormValuesSchema } from '@documenso/lib/types/document-form-values';
-import {
-  ZFieldHeightSchema,
-  ZFieldPageNumberSchema,
-  ZFieldPageXSchema,
-  ZFieldPageYSchema,
-  ZFieldWidthSchema,
-} from '@documenso/lib/types/field';
-import { ZFieldAndMetaSchema } from '@documenso/lib/types/field-meta';
-import { ZFindResultResponse, ZFindSearchParamsSchema } from '@documenso/lib/types/search-params';
 import { isValidRedirectUrl } from '@documenso/lib/utils/is-valid-redirect-url';
-import { ExtendedDocumentStatus } from '@documenso/prisma/types/extended-document-status';
-
-import { ZCreateRecipientSchema } from '../recipient-router/schema';
 
 /**
  * Required for empty responses since we currently can't 201 requests for our openapi setup.
@@ -116,258 +86,3 @@ export const ZDocumentMetaDrawSignatureEnabledSchema = z
 export const ZDocumentMetaUploadSignatureEnabledSchema = z
   .boolean()
   .describe('Whether to allow recipients to sign using an uploaded signature.');
-
-export const ZFindDocumentsRequestSchema = ZFindSearchParamsSchema.extend({
-  templateId: z
-    .number()
-    .describe('Filter documents by the template ID used to create it.')
-    .optional(),
-  source: z
-    .nativeEnum(DocumentSource)
-    .describe('Filter documents by how it was created.')
-    .optional(),
-  status: z
-    .nativeEnum(DocumentStatus)
-    .describe('Filter documents by the current status')
-    .optional(),
-  folderId: z.string().describe('Filter documents by folder ID').optional(),
-  orderByColumn: z.enum(['createdAt']).optional(),
-  orderByDirection: z.enum(['asc', 'desc']).describe('').default('desc'),
-});
-
-export const ZFindDocumentsResponseSchema = ZFindResultResponse.extend({
-  data: ZDocumentManySchema.array(),
-});
-
-export type TFindDocumentsResponse = z.infer<typeof ZFindDocumentsResponseSchema>;
-
-export const ZFindDocumentsInternalRequestSchema = ZFindDocumentsRequestSchema.extend({
-  period: z.enum(['7d', '14d', '30d']).optional(),
-  senderIds: z.array(z.number()).optional(),
-  status: z.nativeEnum(ExtendedDocumentStatus).optional(),
-  folderId: z.string().optional(),
-});
-
-export const ZFindDocumentsInternalResponseSchema = ZFindResultResponse.extend({
-  data: ZDocumentManySchema.array(),
-  stats: z.object({
-    [ExtendedDocumentStatus.DRAFT]: z.number(),
-    [ExtendedDocumentStatus.PENDING]: z.number(),
-    [ExtendedDocumentStatus.COMPLETED]: z.number(),
-    [ExtendedDocumentStatus.REJECTED]: z.number(),
-    [ExtendedDocumentStatus.INBOX]: z.number(),
-    [ExtendedDocumentStatus.ALL]: z.number(),
-  }),
-});
-
-export type TFindDocumentsInternalResponse = z.infer<typeof ZFindDocumentsInternalResponseSchema>;
-
-export const ZFindDocumentAuditLogsQuerySchema = ZFindSearchParamsSchema.extend({
-  documentId: z.number().min(1),
-  cursor: z.string().optional(),
-  filterForRecentActivity: z.boolean().optional(),
-  orderByColumn: z.enum(['createdAt', 'type']).optional(),
-  orderByDirection: z.enum(['asc', 'desc']).default('desc'),
-});
-
-export const ZGetDocumentByIdQuerySchema = z.object({
-  documentId: z.number(),
-});
-
-export const ZDuplicateDocumentRequestSchema = z.object({
-  documentId: z.number(),
-});
-
-export const ZDuplicateDocumentResponseSchema = z.object({
-  documentId: z.number(),
-});
-
-export const ZGetDocumentByTokenQuerySchema = z.object({
-  token: z.string().min(1),
-});
-
-export type TGetDocumentByTokenQuerySchema = z.infer<typeof ZGetDocumentByTokenQuerySchema>;
-
-export const ZGetDocumentWithDetailsByIdRequestSchema = z.object({
-  documentId: z.number(),
-  folderId: z.string().describe('Filter documents by folder ID').optional(),
-});
-
-export const ZGetDocumentWithDetailsByIdResponseSchema = ZDocumentSchema;
-
-export const ZCreateDocumentRequestSchema = z.object({
-  title: ZDocumentTitleSchema,
-  documentDataId: z.string().min(1),
-  timezone: ZDocumentMetaTimezoneSchema.optional(),
-  folderId: z.string().describe('The ID of the folder to create the document in').optional(),
-});
-
-export const ZCreateDocumentV2RequestSchema = z.object({
-  title: ZDocumentTitleSchema,
-  externalId: ZDocumentExternalIdSchema.optional(),
-  visibility: ZDocumentVisibilitySchema.optional(),
-  globalAccessAuth: z.array(ZDocumentAccessAuthTypesSchema).optional(),
-  globalActionAuth: z.array(ZDocumentActionAuthTypesSchema).optional(),
-  formValues: ZDocumentFormValuesSchema.optional(),
-  folderId: z
-    .string()
-    .describe(
-      'The ID of the folder to create the document in. If not provided, the document will be created in the root folder.',
-    )
-    .optional(),
-  recipients: z
-    .array(
-      ZCreateRecipientSchema.extend({
-        fields: ZFieldAndMetaSchema.and(
-          z.object({
-            pageNumber: ZFieldPageNumberSchema,
-            pageX: ZFieldPageXSchema,
-            pageY: ZFieldPageYSchema,
-            width: ZFieldWidthSchema,
-            height: ZFieldHeightSchema,
-          }),
-        )
-          .array()
-          .optional(),
-      }),
-    )
-    .refine(
-      (recipients) => {
-        const emails = recipients.map((recipient) => recipient.email);
-
-        return new Set(emails).size === emails.length;
-      },
-      { message: 'Recipients must have unique emails' },
-    )
-    .optional(),
-  meta: z
-    .object({
-      subject: ZDocumentMetaSubjectSchema.optional(),
-      message: ZDocumentMetaMessageSchema.optional(),
-      timezone: ZDocumentMetaTimezoneSchema.optional(),
-      dateFormat: ZDocumentMetaDateFormatSchema.optional(),
-      distributionMethod: ZDocumentMetaDistributionMethodSchema.optional(),
-      signingOrder: z.nativeEnum(DocumentSigningOrder).optional(),
-      redirectUrl: ZDocumentMetaRedirectUrlSchema.optional(),
-      language: ZDocumentMetaLanguageSchema.optional(),
-      typedSignatureEnabled: ZDocumentMetaTypedSignatureEnabledSchema.optional(),
-      drawSignatureEnabled: ZDocumentMetaDrawSignatureEnabledSchema.optional(),
-      uploadSignatureEnabled: ZDocumentMetaUploadSignatureEnabledSchema.optional(),
-      emailSettings: ZDocumentEmailSettingsSchema.optional(),
-    })
-    .optional(),
-});
-
-export type TCreateDocumentV2Request = z.infer<typeof ZCreateDocumentV2RequestSchema>;
-
-export const ZCreateDocumentV2ResponseSchema = z.object({
-  document: ZDocumentSchema,
-  uploadUrl: z
-    .string()
-    .describe(
-      'The URL to upload the document PDF to. Use a PUT request with the file via form-data',
-    ),
-});
-
-export const ZSetFieldsForDocumentMutationSchema = z.object({
-  documentId: z.number(),
-  fields: z.array(
-    z.object({
-      id: z.number().nullish(),
-      type: z.nativeEnum(FieldType),
-      signerEmail: z.string().min(1),
-      pageNumber: z.number().min(1),
-      pageX: z.number().min(0),
-      pageY: z.number().min(0),
-      pageWidth: z.number().min(0),
-      pageHeight: z.number().min(0),
-    }),
-  ),
-});
-
-export type TSetFieldsForDocumentMutationSchema = z.infer<
-  typeof ZSetFieldsForDocumentMutationSchema
->;
-
-export const ZDistributeDocumentRequestSchema = z.object({
-  documentId: z.number().describe('The ID of the document to send.'),
-  meta: z
-    .object({
-      subject: ZDocumentMetaSubjectSchema.optional(),
-      message: ZDocumentMetaMessageSchema.optional(),
-      timezone: ZDocumentMetaTimezoneSchema.optional(),
-      dateFormat: ZDocumentMetaDateFormatSchema.optional(),
-      distributionMethod: ZDocumentMetaDistributionMethodSchema.optional(),
-      redirectUrl: ZDocumentMetaRedirectUrlSchema.optional(),
-      language: ZDocumentMetaLanguageSchema.optional(),
-      emailId: z.string().nullish(),
-      emailReplyTo: z.string().email().nullish(),
-      emailSettings: ZDocumentEmailSettingsSchema.optional(),
-    })
-    .optional(),
-});
-
-export const ZDistributeDocumentResponseSchema = ZDocumentLiteSchema;
-
-export const ZSetPasswordForDocumentMutationSchema = z.object({
-  documentId: z.number(),
-  password: z.string(),
-});
-
-export type TSetPasswordForDocumentMutationSchema = z.infer<
-  typeof ZSetPasswordForDocumentMutationSchema
->;
-
-export const ZSetSigningOrderForDocumentMutationSchema = z.object({
-  documentId: z.number(),
-  signingOrder: z.nativeEnum(DocumentSigningOrder),
-});
-
-export type TSetSigningOrderForDocumentMutationSchema = z.infer<
-  typeof ZSetSigningOrderForDocumentMutationSchema
->;
-
-export const ZResendDocumentMutationSchema = z.object({
-  documentId: z.number(),
-  recipients: z
-    .array(z.number())
-    .min(1)
-    .describe('The IDs of the recipients to redistribute the document to.'),
-});
-
-export const ZDeleteDocumentMutationSchema = z.object({
-  documentId: z.number(),
-});
-
-export type TDeleteDocumentMutationSchema = z.infer<typeof ZDeleteDocumentMutationSchema>;
-
-export const ZSearchDocumentsMutationSchema = z.object({
-  query: z.string(),
-});
-
-export const ZDownloadAuditLogsMutationSchema = z.object({
-  documentId: z.number(),
-});
-
-export const ZDownloadCertificateMutationSchema = z.object({
-  documentId: z.number(),
-});
-
-export const ZDownloadDocumentRequestSchema = z.object({
-  documentId: z.number().describe('The ID of the document to download.'),
-  version: z
-    .enum(['original', 'signed'])
-    .describe(
-      'The version of the document to download. "signed" returns the completed document with signatures, "original" returns the original uploaded document.',
-    )
-    .default('signed'),
-});
-
-export const ZDownloadDocumentResponseSchema = z.object({
-  downloadUrl: z.string().describe('Pre-signed URL for downloading the PDF file'),
-  filename: z.string().describe('The filename of the PDF file'),
-  contentType: z.string().describe('MIME type of the file'),
-});
-
-export type TDownloadDocumentRequest = z.infer<typeof ZDownloadDocumentRequestSchema>;
-export type TDownloadDocumentResponse = z.infer<typeof ZDownloadDocumentResponseSchema>;
diff --git a/packages/trpc/server/document-router/search-document.ts b/packages/trpc/server/document-router/search-document.ts
new file mode 100644
index 000000000..4acd3be69
--- /dev/null
+++ b/packages/trpc/server/document-router/search-document.ts
@@ -0,0 +1,21 @@
+import { searchDocumentsWithKeyword } from '@documenso/lib/server-only/document/search-documents-with-keyword';
+
+import { authenticatedProcedure } from '../trpc';
+import {
+  ZSearchDocumentRequestSchema,
+  ZSearchDocumentResponseSchema,
+} from './search-document.types';
+
+export const searchDocumentRoute = authenticatedProcedure
+  .input(ZSearchDocumentRequestSchema)
+  .output(ZSearchDocumentResponseSchema)
+  .query(async ({ input, ctx }) => {
+    const { query } = input;
+
+    const documents = await searchDocumentsWithKeyword({
+      query,
+      userId: ctx.user.id,
+    });
+
+    return documents;
+  });
diff --git a/packages/trpc/server/document-router/search-document.types.ts b/packages/trpc/server/document-router/search-document.types.ts
new file mode 100644
index 000000000..5a6903066
--- /dev/null
+++ b/packages/trpc/server/document-router/search-document.types.ts
@@ -0,0 +1,16 @@
+import { z } from 'zod';
+
+export const ZSearchDocumentRequestSchema = z.object({
+  query: z.string(),
+});
+
+export const ZSearchDocumentResponseSchema = z
+  .object({
+    title: z.string(),
+    path: z.string(),
+    value: z.string(),
+  })
+  .array();
+
+export type TSearchDocumentRequest = z.infer<typeof ZSearchDocumentRequestSchema>;
+export type TSearchDocumentResponse = z.infer<typeof ZSearchDocumentResponseSchema>;
diff --git a/packages/trpc/server/organisation-router/create-organisation-group.ts b/packages/trpc/server/organisation-router/create-organisation-group.ts
index b2dc3cde9..db87c8378 100644
--- a/packages/trpc/server/organisation-router/create-organisation-group.ts
+++ b/packages/trpc/server/organisation-router/create-organisation-group.ts
@@ -40,7 +40,13 @@ export const createOrganisationGroupRoute = authenticatedProcedure
         groups: true,
         members: {
           include: {
-            user: true,
+            user: {
+              select: {
+                id: true,
+                email: true,
+                name: true,
+              },
+            },
           },
         },
       },

From 5a5bfe6e3427c19db8b4888d6a93a6ef8333a225 Mon Sep 17 00:00:00 2001
From: David Nguyen <davidngu28@gmail.com>
Date: Mon, 25 Aug 2025 08:23:48 +1000
Subject: [PATCH 03/47] fix: refactor admin router (#1982)

---
 .../dialogs/admin-document-delete-dialog.tsx  |   2 +-
 .../dialogs/admin-user-delete-dialog.tsx      |   2 +-
 .../dialogs/admin-user-disable-dialog.tsx     |   2 +-
 .../dialogs/admin-user-enable-dialog.tsx      |   2 +-
 .../admin-document-recipient-item-table.tsx   |   2 +-
 .../_authenticated+/admin+/documents.$id.tsx  |   2 +-
 .../admin+/documents._index.tsx               |   2 +-
 .../_authenticated+/admin+/users.$id.tsx      |   6 +-
 packages/lib/server-only/admin/update-user.ts |   2 +-
 .../server/admin-router/delete-document.ts    |  28 +++
 .../admin-router/delete-document.types.ts     |  11 +
 .../trpc/server/admin-router/delete-user.ts   |  19 ++
 .../server/admin-router/delete-user.types.ts  |  10 +
 .../trpc/server/admin-router/disable-user.ts  |  29 +++
 .../server/admin-router/disable-user.types.ts |  10 +
 .../trpc/server/admin-router/enable-user.ts   |  29 +++
 .../server/admin-router/enable-user.types.ts  |  10 +
 .../server/admin-router/find-documents.ts     |  13 ++
 .../admin-router/find-documents.types.ts      |  17 ++
 .../server/admin-router/reseal-document.ts    |  28 +++
 .../admin-router/reseal-document.types.ts     |  10 +
 packages/trpc/server/admin-router/router.ts   | 200 ++----------------
 packages/trpc/server/admin-router/schema.ts   |  67 ------
 .../server/admin-router/update-recipient.ts   |  22 ++
 .../admin-router/update-recipient.types.ts    |  12 ++
 .../admin-router/update-site-setting.ts       |  27 +++
 .../admin-router/update-site-setting.types.ts |  10 +
 .../trpc/server/admin-router/update-user.ts   |  20 ++
 .../server/admin-router/update-user.types.ts  |  14 ++
 29 files changed, 353 insertions(+), 255 deletions(-)
 create mode 100644 packages/trpc/server/admin-router/delete-document.ts
 create mode 100644 packages/trpc/server/admin-router/delete-document.types.ts
 create mode 100644 packages/trpc/server/admin-router/delete-user.ts
 create mode 100644 packages/trpc/server/admin-router/delete-user.types.ts
 create mode 100644 packages/trpc/server/admin-router/disable-user.ts
 create mode 100644 packages/trpc/server/admin-router/disable-user.types.ts
 create mode 100644 packages/trpc/server/admin-router/enable-user.ts
 create mode 100644 packages/trpc/server/admin-router/enable-user.types.ts
 create mode 100644 packages/trpc/server/admin-router/find-documents.ts
 create mode 100644 packages/trpc/server/admin-router/find-documents.types.ts
 create mode 100644 packages/trpc/server/admin-router/reseal-document.ts
 create mode 100644 packages/trpc/server/admin-router/reseal-document.types.ts
 delete mode 100644 packages/trpc/server/admin-router/schema.ts
 create mode 100644 packages/trpc/server/admin-router/update-recipient.ts
 create mode 100644 packages/trpc/server/admin-router/update-recipient.types.ts
 create mode 100644 packages/trpc/server/admin-router/update-site-setting.ts
 create mode 100644 packages/trpc/server/admin-router/update-site-setting.types.ts
 create mode 100644 packages/trpc/server/admin-router/update-user.ts
 create mode 100644 packages/trpc/server/admin-router/update-user.types.ts

diff --git a/apps/remix/app/components/dialogs/admin-document-delete-dialog.tsx b/apps/remix/app/components/dialogs/admin-document-delete-dialog.tsx
index 26692fedb..9f82d8551 100644
--- a/apps/remix/app/components/dialogs/admin-document-delete-dialog.tsx
+++ b/apps/remix/app/components/dialogs/admin-document-delete-dialog.tsx
@@ -34,7 +34,7 @@ export const AdminDocumentDeleteDialog = ({ document }: AdminDocumentDeleteDialo
   const [reason, setReason] = useState('');
 
   const { mutateAsync: deleteDocument, isPending: isDeletingDocument } =
-    trpc.admin.deleteDocument.useMutation();
+    trpc.admin.document.delete.useMutation();
 
   const handleDeleteDocument = async () => {
     try {
diff --git a/apps/remix/app/components/dialogs/admin-user-delete-dialog.tsx b/apps/remix/app/components/dialogs/admin-user-delete-dialog.tsx
index 58ffa9c85..d2f0cf8b7 100644
--- a/apps/remix/app/components/dialogs/admin-user-delete-dialog.tsx
+++ b/apps/remix/app/components/dialogs/admin-user-delete-dialog.tsx
@@ -35,7 +35,7 @@ export const AdminUserDeleteDialog = ({ className, user }: AdminUserDeleteDialog
   const [email, setEmail] = useState('');
 
   const { mutateAsync: deleteUser, isPending: isDeletingUser } =
-    trpc.admin.deleteUser.useMutation();
+    trpc.admin.user.delete.useMutation();
 
   const onDeleteAccount = async () => {
     try {
diff --git a/apps/remix/app/components/dialogs/admin-user-disable-dialog.tsx b/apps/remix/app/components/dialogs/admin-user-disable-dialog.tsx
index ee42931a9..5d995ccdf 100644
--- a/apps/remix/app/components/dialogs/admin-user-disable-dialog.tsx
+++ b/apps/remix/app/components/dialogs/admin-user-disable-dialog.tsx
@@ -37,7 +37,7 @@ export const AdminUserDisableDialog = ({
   const [email, setEmail] = useState('');
 
   const { mutateAsync: disableUser, isPending: isDisablingUser } =
-    trpc.admin.disableUser.useMutation();
+    trpc.admin.user.disable.useMutation();
 
   const onDisableAccount = async () => {
     try {
diff --git a/apps/remix/app/components/dialogs/admin-user-enable-dialog.tsx b/apps/remix/app/components/dialogs/admin-user-enable-dialog.tsx
index 1718c9e97..702b2d73b 100644
--- a/apps/remix/app/components/dialogs/admin-user-enable-dialog.tsx
+++ b/apps/remix/app/components/dialogs/admin-user-enable-dialog.tsx
@@ -34,7 +34,7 @@ export const AdminUserEnableDialog = ({ className, userToEnable }: AdminUserEnab
   const [email, setEmail] = useState('');
 
   const { mutateAsync: enableUser, isPending: isEnablingUser } =
-    trpc.admin.enableUser.useMutation();
+    trpc.admin.user.enable.useMutation();
 
   const onEnableAccount = async () => {
     try {
diff --git a/apps/remix/app/components/tables/admin-document-recipient-item-table.tsx b/apps/remix/app/components/tables/admin-document-recipient-item-table.tsx
index 58e25b179..89a9366b1 100644
--- a/apps/remix/app/components/tables/admin-document-recipient-item-table.tsx
+++ b/apps/remix/app/components/tables/admin-document-recipient-item-table.tsx
@@ -52,7 +52,7 @@ export const AdminDocumentRecipientItemTable = ({ recipient }: RecipientItemProp
     },
   });
 
-  const { mutateAsync: updateRecipient } = trpc.admin.updateRecipient.useMutation();
+  const { mutateAsync: updateRecipient } = trpc.admin.recipient.update.useMutation();
 
   const columns = useMemo(() => {
     return [
diff --git a/apps/remix/app/routes/_authenticated+/admin+/documents.$id.tsx b/apps/remix/app/routes/_authenticated+/admin+/documents.$id.tsx
index db1b4d0e8..623ac0938 100644
--- a/apps/remix/app/routes/_authenticated+/admin+/documents.$id.tsx
+++ b/apps/remix/app/routes/_authenticated+/admin+/documents.$id.tsx
@@ -48,7 +48,7 @@ export default function AdminDocumentDetailsPage({ loaderData }: Route.Component
   const { toast } = useToast();
 
   const { mutate: resealDocument, isPending: isResealDocumentLoading } =
-    trpc.admin.resealDocument.useMutation({
+    trpc.admin.document.reseal.useMutation({
       onSuccess: () => {
         toast({
           title: _(msg`Success`),
diff --git a/apps/remix/app/routes/_authenticated+/admin+/documents._index.tsx b/apps/remix/app/routes/_authenticated+/admin+/documents._index.tsx
index 35640b28e..27b7509f2 100644
--- a/apps/remix/app/routes/_authenticated+/admin+/documents._index.tsx
+++ b/apps/remix/app/routes/_authenticated+/admin+/documents._index.tsx
@@ -33,7 +33,7 @@ export default function AdminDocumentsPage() {
   const perPage = searchParams?.get?.('perPage') ? Number(searchParams.get('perPage')) : undefined;
 
   const { data: findDocumentsData, isPending: isFindDocumentsLoading } =
-    trpc.admin.findDocuments.useQuery(
+    trpc.admin.document.find.useQuery(
       {
         query: debouncedTerm,
         page: page || 1,
diff --git a/apps/remix/app/routes/_authenticated+/admin+/users.$id.tsx b/apps/remix/app/routes/_authenticated+/admin+/users.$id.tsx
index 458553dae..9242d3dd5 100644
--- a/apps/remix/app/routes/_authenticated+/admin+/users.$id.tsx
+++ b/apps/remix/app/routes/_authenticated+/admin+/users.$id.tsx
@@ -9,7 +9,7 @@ import { Link } from 'react-router';
 import type { z } from 'zod';
 
 import { trpc } from '@documenso/trpc/react';
-import { ZAdminUpdateProfileMutationSchema } from '@documenso/trpc/server/admin-router/schema';
+import { ZUpdateUserRequestSchema } from '@documenso/trpc/server/admin-router/update-user.types';
 import { Button } from '@documenso/ui/primitives/button';
 import {
   Form,
@@ -33,7 +33,7 @@ import { AdminOrganisationsTable } from '~/components/tables/admin-organisations
 
 import { MultiSelectRoleCombobox } from '../../../components/general/multiselect-role-combobox';
 
-const ZUserFormSchema = ZAdminUpdateProfileMutationSchema.omit({ id: true });
+const ZUserFormSchema = ZUpdateUserRequestSchema.omit({ id: true });
 
 type TUserFormSchema = z.infer<typeof ZUserFormSchema>;
 
@@ -85,7 +85,7 @@ const AdminUserPage = ({ user }: { user: User }) => {
 
   const roles = user.roles ?? [];
 
-  const { mutateAsync: updateUserMutation } = trpc.admin.updateUser.useMutation();
+  const { mutateAsync: updateUserMutation } = trpc.admin.user.update.useMutation();
 
   const form = useForm<TUserFormSchema>({
     resolver: zodResolver(ZUserFormSchema),
diff --git a/packages/lib/server-only/admin/update-user.ts b/packages/lib/server-only/admin/update-user.ts
index 6ee176803..c600fe863 100644
--- a/packages/lib/server-only/admin/update-user.ts
+++ b/packages/lib/server-only/admin/update-user.ts
@@ -16,7 +16,7 @@ export const updateUser = async ({ id, name, email, roles }: UpdateUserOptions)
     },
   });
 
-  return await prisma.user.update({
+  await prisma.user.update({
     where: {
       id,
     },
diff --git a/packages/trpc/server/admin-router/delete-document.ts b/packages/trpc/server/admin-router/delete-document.ts
new file mode 100644
index 000000000..70fc96591
--- /dev/null
+++ b/packages/trpc/server/admin-router/delete-document.ts
@@ -0,0 +1,28 @@
+import { sendDeleteEmail } from '@documenso/lib/server-only/document/send-delete-email';
+import { superDeleteDocument } from '@documenso/lib/server-only/document/super-delete-document';
+
+import { adminProcedure } from '../trpc';
+import {
+  ZDeleteDocumentRequestSchema,
+  ZDeleteDocumentResponseSchema,
+} from './delete-document.types';
+
+export const deleteDocumentRoute = adminProcedure
+  .input(ZDeleteDocumentRequestSchema)
+  .output(ZDeleteDocumentResponseSchema)
+  .mutation(async ({ ctx, input }) => {
+    const { id, reason } = input;
+
+    ctx.logger.info({
+      input: {
+        id,
+      },
+    });
+
+    await sendDeleteEmail({ documentId: id, reason });
+
+    await superDeleteDocument({
+      id,
+      requestMetadata: ctx.metadata.requestMetadata,
+    });
+  });
diff --git a/packages/trpc/server/admin-router/delete-document.types.ts b/packages/trpc/server/admin-router/delete-document.types.ts
new file mode 100644
index 000000000..58ff6ff35
--- /dev/null
+++ b/packages/trpc/server/admin-router/delete-document.types.ts
@@ -0,0 +1,11 @@
+import { z } from 'zod';
+
+export const ZDeleteDocumentRequestSchema = z.object({
+  id: z.number().min(1),
+  reason: z.string(),
+});
+
+export const ZDeleteDocumentResponseSchema = z.void();
+
+export type TDeleteDocumentRequest = z.infer<typeof ZDeleteDocumentRequestSchema>;
+export type TDeleteDocumentResponse = z.infer<typeof ZDeleteDocumentResponseSchema>;
diff --git a/packages/trpc/server/admin-router/delete-user.ts b/packages/trpc/server/admin-router/delete-user.ts
new file mode 100644
index 000000000..c78fdd651
--- /dev/null
+++ b/packages/trpc/server/admin-router/delete-user.ts
@@ -0,0 +1,19 @@
+import { deleteUser } from '@documenso/lib/server-only/user/delete-user';
+
+import { adminProcedure } from '../trpc';
+import { ZDeleteUserRequestSchema, ZDeleteUserResponseSchema } from './delete-user.types';
+
+export const deleteUserRoute = adminProcedure
+  .input(ZDeleteUserRequestSchema)
+  .output(ZDeleteUserResponseSchema)
+  .mutation(async ({ input, ctx }) => {
+    const { id } = input;
+
+    ctx.logger.info({
+      input: {
+        id,
+      },
+    });
+
+    await deleteUser({ id });
+  });
diff --git a/packages/trpc/server/admin-router/delete-user.types.ts b/packages/trpc/server/admin-router/delete-user.types.ts
new file mode 100644
index 000000000..b2d01f91b
--- /dev/null
+++ b/packages/trpc/server/admin-router/delete-user.types.ts
@@ -0,0 +1,10 @@
+import { z } from 'zod';
+
+export const ZDeleteUserRequestSchema = z.object({
+  id: z.number().min(1),
+});
+
+export const ZDeleteUserResponseSchema = z.void();
+
+export type TDeleteUserRequest = z.infer<typeof ZDeleteUserRequestSchema>;
+export type TDeleteUserResponse = z.infer<typeof ZDeleteUserResponseSchema>;
diff --git a/packages/trpc/server/admin-router/disable-user.ts b/packages/trpc/server/admin-router/disable-user.ts
new file mode 100644
index 000000000..9a2a1a854
--- /dev/null
+++ b/packages/trpc/server/admin-router/disable-user.ts
@@ -0,0 +1,29 @@
+import { AppError, AppErrorCode } from '@documenso/lib/errors/app-error';
+import { disableUser } from '@documenso/lib/server-only/user/disable-user';
+import { getUserById } from '@documenso/lib/server-only/user/get-user-by-id';
+
+import { adminProcedure } from '../trpc';
+import { ZDisableUserRequestSchema, ZDisableUserResponseSchema } from './disable-user.types';
+
+export const disableUserRoute = adminProcedure
+  .input(ZDisableUserRequestSchema)
+  .output(ZDisableUserResponseSchema)
+  .mutation(async ({ input, ctx }) => {
+    const { id } = input;
+
+    ctx.logger.info({
+      input: {
+        id,
+      },
+    });
+
+    const user = await getUserById({ id }).catch(() => null);
+
+    if (!user) {
+      throw new AppError(AppErrorCode.NOT_FOUND, {
+        message: 'User not found',
+      });
+    }
+
+    await disableUser({ id });
+  });
diff --git a/packages/trpc/server/admin-router/disable-user.types.ts b/packages/trpc/server/admin-router/disable-user.types.ts
new file mode 100644
index 000000000..51d26a3d8
--- /dev/null
+++ b/packages/trpc/server/admin-router/disable-user.types.ts
@@ -0,0 +1,10 @@
+import { z } from 'zod';
+
+export const ZDisableUserRequestSchema = z.object({
+  id: z.number().min(1),
+});
+
+export const ZDisableUserResponseSchema = z.void();
+
+export type TDisableUserRequest = z.infer<typeof ZDisableUserRequestSchema>;
+export type TDisableUserResponse = z.infer<typeof ZDisableUserResponseSchema>;
diff --git a/packages/trpc/server/admin-router/enable-user.ts b/packages/trpc/server/admin-router/enable-user.ts
new file mode 100644
index 000000000..171e3bf8a
--- /dev/null
+++ b/packages/trpc/server/admin-router/enable-user.ts
@@ -0,0 +1,29 @@
+import { AppError, AppErrorCode } from '@documenso/lib/errors/app-error';
+import { enableUser } from '@documenso/lib/server-only/user/enable-user';
+import { getUserById } from '@documenso/lib/server-only/user/get-user-by-id';
+
+import { adminProcedure } from '../trpc';
+import { ZEnableUserRequestSchema, ZEnableUserResponseSchema } from './enable-user.types';
+
+export const enableUserRoute = adminProcedure
+  .input(ZEnableUserRequestSchema)
+  .output(ZEnableUserResponseSchema)
+  .mutation(async ({ input, ctx }) => {
+    const { id } = input;
+
+    ctx.logger.info({
+      input: {
+        id,
+      },
+    });
+
+    const user = await getUserById({ id }).catch(() => null);
+
+    if (!user) {
+      throw new AppError(AppErrorCode.NOT_FOUND, {
+        message: 'User not found',
+      });
+    }
+
+    await enableUser({ id });
+  });
diff --git a/packages/trpc/server/admin-router/enable-user.types.ts b/packages/trpc/server/admin-router/enable-user.types.ts
new file mode 100644
index 000000000..5e44cb18e
--- /dev/null
+++ b/packages/trpc/server/admin-router/enable-user.types.ts
@@ -0,0 +1,10 @@
+import { z } from 'zod';
+
+export const ZEnableUserRequestSchema = z.object({
+  id: z.number().min(1),
+});
+
+export const ZEnableUserResponseSchema = z.void();
+
+export type TEnableUserRequest = z.infer<typeof ZEnableUserRequestSchema>;
+export type TEnableUserResponse = z.infer<typeof ZEnableUserResponseSchema>;
diff --git a/packages/trpc/server/admin-router/find-documents.ts b/packages/trpc/server/admin-router/find-documents.ts
new file mode 100644
index 000000000..7ce96c1f5
--- /dev/null
+++ b/packages/trpc/server/admin-router/find-documents.ts
@@ -0,0 +1,13 @@
+import { findDocuments } from '@documenso/lib/server-only/admin/get-all-documents';
+
+import { adminProcedure } from '../trpc';
+import { ZFindDocumentsRequestSchema, ZFindDocumentsResponseSchema } from './find-documents.types';
+
+export const findDocumentsRoute = adminProcedure
+  .input(ZFindDocumentsRequestSchema)
+  .output(ZFindDocumentsResponseSchema)
+  .query(async ({ input }) => {
+    const { query, page, perPage } = input;
+
+    return await findDocuments({ query, page, perPage });
+  });
diff --git a/packages/trpc/server/admin-router/find-documents.types.ts b/packages/trpc/server/admin-router/find-documents.types.ts
new file mode 100644
index 000000000..b6fc4e864
--- /dev/null
+++ b/packages/trpc/server/admin-router/find-documents.types.ts
@@ -0,0 +1,17 @@
+import { z } from 'zod';
+
+import { ZDocumentManySchema } from '@documenso/lib/types/document';
+import { ZFindResultResponse, ZFindSearchParamsSchema } from '@documenso/lib/types/search-params';
+
+export const ZFindDocumentsRequestSchema = ZFindSearchParamsSchema.extend({
+  perPage: z.number().optional().default(20),
+});
+
+export const ZFindDocumentsResponseSchema = ZFindResultResponse.extend({
+  data: ZDocumentManySchema.omit({
+    team: true,
+  }).array(),
+});
+
+export type TFindDocumentsRequest = z.infer<typeof ZFindDocumentsRequestSchema>;
+export type TFindDocumentsResponse = z.infer<typeof ZFindDocumentsResponseSchema>;
diff --git a/packages/trpc/server/admin-router/reseal-document.ts b/packages/trpc/server/admin-router/reseal-document.ts
new file mode 100644
index 000000000..7436d29c7
--- /dev/null
+++ b/packages/trpc/server/admin-router/reseal-document.ts
@@ -0,0 +1,28 @@
+import { getEntireDocument } from '@documenso/lib/server-only/admin/get-entire-document';
+import { sealDocument } from '@documenso/lib/server-only/document/seal-document';
+import { isDocumentCompleted } from '@documenso/lib/utils/document';
+
+import { adminProcedure } from '../trpc';
+import {
+  ZResealDocumentRequestSchema,
+  ZResealDocumentResponseSchema,
+} from './reseal-document.types';
+
+export const resealDocumentRoute = adminProcedure
+  .input(ZResealDocumentRequestSchema)
+  .output(ZResealDocumentResponseSchema)
+  .mutation(async ({ input, ctx }) => {
+    const { id } = input;
+
+    ctx.logger.info({
+      input: {
+        id,
+      },
+    });
+
+    const document = await getEntireDocument({ id });
+
+    const isResealing = isDocumentCompleted(document.status);
+
+    await sealDocument({ documentId: id, isResealing });
+  });
diff --git a/packages/trpc/server/admin-router/reseal-document.types.ts b/packages/trpc/server/admin-router/reseal-document.types.ts
new file mode 100644
index 000000000..e33c2dc5c
--- /dev/null
+++ b/packages/trpc/server/admin-router/reseal-document.types.ts
@@ -0,0 +1,10 @@
+import { z } from 'zod';
+
+export const ZResealDocumentRequestSchema = z.object({
+  id: z.number().min(1),
+});
+
+export const ZResealDocumentResponseSchema = z.void();
+
+export type TResealDocumentRequest = z.infer<typeof ZResealDocumentRequestSchema>;
+export type TResealDocumentResponse = z.infer<typeof ZResealDocumentResponseSchema>;
diff --git a/packages/trpc/server/admin-router/router.ts b/packages/trpc/server/admin-router/router.ts
index 3487a3d21..7c6f1558b 100644
--- a/packages/trpc/server/admin-router/router.ts
+++ b/packages/trpc/server/admin-router/router.ts
@@ -1,40 +1,23 @@
-import { AppError, AppErrorCode } from '@documenso/lib/errors/app-error';
-import { findDocuments } from '@documenso/lib/server-only/admin/get-all-documents';
-import { getEntireDocument } from '@documenso/lib/server-only/admin/get-entire-document';
-import { updateRecipient } from '@documenso/lib/server-only/admin/update-recipient';
-import { updateUser } from '@documenso/lib/server-only/admin/update-user';
-import { sealDocument } from '@documenso/lib/server-only/document/seal-document';
-import { sendDeleteEmail } from '@documenso/lib/server-only/document/send-delete-email';
-import { superDeleteDocument } from '@documenso/lib/server-only/document/super-delete-document';
-import { upsertSiteSetting } from '@documenso/lib/server-only/site-settings/upsert-site-setting';
-import { deleteUser } from '@documenso/lib/server-only/user/delete-user';
-import { disableUser } from '@documenso/lib/server-only/user/disable-user';
-import { enableUser } from '@documenso/lib/server-only/user/enable-user';
-import { getUserById } from '@documenso/lib/server-only/user/get-user-by-id';
-import { isDocumentCompleted } from '@documenso/lib/utils/document';
-
-import { adminProcedure, router } from '../trpc';
+import { router } from '../trpc';
 import { createAdminOrganisationRoute } from './create-admin-organisation';
 import { createStripeCustomerRoute } from './create-stripe-customer';
 import { createSubscriptionClaimRoute } from './create-subscription-claim';
+import { deleteDocumentRoute } from './delete-document';
 import { deleteSubscriptionClaimRoute } from './delete-subscription-claim';
+import { deleteUserRoute } from './delete-user';
+import { disableUserRoute } from './disable-user';
+import { enableUserRoute } from './enable-user';
 import { findAdminOrganisationsRoute } from './find-admin-organisations';
+import { findDocumentsRoute } from './find-documents';
 import { findSubscriptionClaimsRoute } from './find-subscription-claims';
 import { getAdminOrganisationRoute } from './get-admin-organisation';
+import { resealDocumentRoute } from './reseal-document';
 import { resetTwoFactorRoute } from './reset-two-factor-authentication';
-import {
-  ZAdminDeleteDocumentMutationSchema,
-  ZAdminDeleteUserMutationSchema,
-  ZAdminDisableUserMutationSchema,
-  ZAdminEnableUserMutationSchema,
-  ZAdminFindDocumentsQuerySchema,
-  ZAdminResealDocumentMutationSchema,
-  ZAdminUpdateProfileMutationSchema,
-  ZAdminUpdateRecipientMutationSchema,
-  ZAdminUpdateSiteSettingMutationSchema,
-} from './schema';
 import { updateAdminOrganisationRoute } from './update-admin-organisation';
+import { updateRecipientRoute } from './update-recipient';
+import { updateSiteSettingRoute } from './update-site-setting';
 import { updateSubscriptionClaimRoute } from './update-subscription-claim';
+import { updateUserRoute } from './update-user';
 
 export const adminRouter = router({
   organisation: {
@@ -53,156 +36,19 @@ export const adminRouter = router({
     createCustomer: createStripeCustomerRoute,
   },
   user: {
+    update: updateUserRoute,
+    delete: deleteUserRoute,
+    enable: enableUserRoute,
+    disable: disableUserRoute,
     resetTwoFactor: resetTwoFactorRoute,
   },
-
-  // Todo: migrate old routes
-  findDocuments: adminProcedure.input(ZAdminFindDocumentsQuerySchema).query(async ({ input }) => {
-    const { query, page, perPage } = input;
-
-    return await findDocuments({ query, page, perPage });
-  }),
-
-  updateUser: adminProcedure
-    .input(ZAdminUpdateProfileMutationSchema)
-    .mutation(async ({ input, ctx }) => {
-      const { id, name, email, roles } = input;
-
-      ctx.logger.info({
-        input: {
-          id,
-          roles,
-        },
-      });
-
-      return await updateUser({ id, name, email, roles });
-    }),
-
-  updateRecipient: adminProcedure
-    .input(ZAdminUpdateRecipientMutationSchema)
-    .mutation(async ({ input, ctx }) => {
-      const { id, name, email } = input;
-
-      ctx.logger.info({
-        input: {
-          id,
-        },
-      });
-
-      return await updateRecipient({ id, name, email });
-    }),
-
-  updateSiteSetting: adminProcedure
-    .input(ZAdminUpdateSiteSettingMutationSchema)
-    .mutation(async ({ ctx, input }) => {
-      const { id, enabled, data } = input;
-
-      ctx.logger.info({
-        input: {
-          id,
-        },
-      });
-
-      return await upsertSiteSetting({
-        id,
-        enabled,
-        data,
-        userId: ctx.user.id,
-      });
-    }),
-
-  resealDocument: adminProcedure
-    .input(ZAdminResealDocumentMutationSchema)
-    .mutation(async ({ input, ctx }) => {
-      const { id } = input;
-
-      ctx.logger.info({
-        input: {
-          id,
-        },
-      });
-
-      const document = await getEntireDocument({ id });
-
-      const isResealing = isDocumentCompleted(document.status);
-
-      return await sealDocument({ documentId: id, isResealing });
-    }),
-
-  enableUser: adminProcedure
-    .input(ZAdminEnableUserMutationSchema)
-    .mutation(async ({ input, ctx }) => {
-      const { id } = input;
-
-      ctx.logger.info({
-        input: {
-          id,
-        },
-      });
-
-      const user = await getUserById({ id }).catch(() => null);
-
-      if (!user) {
-        throw new AppError(AppErrorCode.NOT_FOUND, {
-          message: 'User not found',
-        });
-      }
-
-      return await enableUser({ id });
-    }),
-
-  disableUser: adminProcedure
-    .input(ZAdminDisableUserMutationSchema)
-    .mutation(async ({ input, ctx }) => {
-      const { id } = input;
-
-      ctx.logger.info({
-        input: {
-          id,
-        },
-      });
-
-      const user = await getUserById({ id }).catch(() => null);
-
-      if (!user) {
-        throw new AppError(AppErrorCode.NOT_FOUND, {
-          message: 'User not found',
-        });
-      }
-
-      return await disableUser({ id });
-    }),
-
-  deleteUser: adminProcedure
-    .input(ZAdminDeleteUserMutationSchema)
-    .mutation(async ({ input, ctx }) => {
-      const { id } = input;
-
-      ctx.logger.info({
-        input: {
-          id,
-        },
-      });
-
-      return await deleteUser({ id });
-    }),
-
-  deleteDocument: adminProcedure
-    .input(ZAdminDeleteDocumentMutationSchema)
-    .mutation(async ({ ctx, input }) => {
-      const { id, reason } = input;
-
-      ctx.logger.info({
-        input: {
-          id,
-        },
-      });
-
-      await sendDeleteEmail({ documentId: id, reason });
-
-      return await superDeleteDocument({
-        id,
-        requestMetadata: ctx.metadata.requestMetadata,
-      });
-    }),
+  document: {
+    find: findDocumentsRoute,
+    delete: deleteDocumentRoute,
+    reseal: resealDocumentRoute,
+  },
+  recipient: {
+    update: updateRecipientRoute,
+  },
+  updateSiteSetting: updateSiteSettingRoute,
 });
diff --git a/packages/trpc/server/admin-router/schema.ts b/packages/trpc/server/admin-router/schema.ts
deleted file mode 100644
index 6fc7f5df5..000000000
--- a/packages/trpc/server/admin-router/schema.ts
+++ /dev/null
@@ -1,67 +0,0 @@
-import { Role } from '@prisma/client';
-import z from 'zod';
-
-import { ZSiteSettingSchema } from '@documenso/lib/server-only/site-settings/schema';
-import { ZFindSearchParamsSchema } from '@documenso/lib/types/search-params';
-
-export const ZAdminFindDocumentsQuerySchema = ZFindSearchParamsSchema.extend({
-  perPage: z.number().optional().default(20),
-});
-
-export type TAdminFindDocumentsQuerySchema = z.infer<typeof ZAdminFindDocumentsQuerySchema>;
-
-export const ZAdminUpdateProfileMutationSchema = z.object({
-  id: z.number().min(1),
-  name: z.string().nullish(),
-  email: z.string().email().optional(),
-  roles: z.array(z.nativeEnum(Role)).optional(),
-});
-
-export type TAdminUpdateProfileMutationSchema = z.infer<typeof ZAdminUpdateProfileMutationSchema>;
-
-export const ZAdminUpdateRecipientMutationSchema = z.object({
-  id: z.number().min(1),
-  name: z.string().optional(),
-  email: z.string().email().optional(),
-});
-
-export type TAdminUpdateRecipientMutationSchema = z.infer<
-  typeof ZAdminUpdateRecipientMutationSchema
->;
-
-export const ZAdminUpdateSiteSettingMutationSchema = ZSiteSettingSchema;
-
-export type TAdminUpdateSiteSettingMutationSchema = z.infer<
-  typeof ZAdminUpdateSiteSettingMutationSchema
->;
-
-export const ZAdminResealDocumentMutationSchema = z.object({
-  id: z.number().min(1),
-});
-
-export type TAdminResealDocumentMutationSchema = z.infer<typeof ZAdminResealDocumentMutationSchema>;
-
-export const ZAdminDeleteUserMutationSchema = z.object({
-  id: z.number().min(1),
-});
-
-export type TAdminDeleteUserMutationSchema = z.infer<typeof ZAdminDeleteUserMutationSchema>;
-
-export const ZAdminEnableUserMutationSchema = z.object({
-  id: z.number().min(1),
-});
-
-export type TAdminEnableUserMutationSchema = z.infer<typeof ZAdminEnableUserMutationSchema>;
-
-export const ZAdminDisableUserMutationSchema = z.object({
-  id: z.number().min(1),
-});
-
-export type TAdminDisableUserMutationSchema = z.infer<typeof ZAdminDisableUserMutationSchema>;
-
-export const ZAdminDeleteDocumentMutationSchema = z.object({
-  id: z.number().min(1),
-  reason: z.string(),
-});
-
-export type TAdminDeleteDocomentMutationSchema = z.infer<typeof ZAdminDeleteDocumentMutationSchema>;
diff --git a/packages/trpc/server/admin-router/update-recipient.ts b/packages/trpc/server/admin-router/update-recipient.ts
new file mode 100644
index 000000000..1fc286af2
--- /dev/null
+++ b/packages/trpc/server/admin-router/update-recipient.ts
@@ -0,0 +1,22 @@
+import { updateRecipient } from '@documenso/lib/server-only/admin/update-recipient';
+
+import { adminProcedure } from '../trpc';
+import {
+  ZUpdateRecipientRequestSchema,
+  ZUpdateRecipientResponseSchema,
+} from './update-recipient.types';
+
+export const updateRecipientRoute = adminProcedure
+  .input(ZUpdateRecipientRequestSchema)
+  .output(ZUpdateRecipientResponseSchema)
+  .mutation(async ({ input, ctx }) => {
+    const { id, name, email } = input;
+
+    ctx.logger.info({
+      input: {
+        id,
+      },
+    });
+
+    await updateRecipient({ id, name, email });
+  });
diff --git a/packages/trpc/server/admin-router/update-recipient.types.ts b/packages/trpc/server/admin-router/update-recipient.types.ts
new file mode 100644
index 000000000..7b9bc4008
--- /dev/null
+++ b/packages/trpc/server/admin-router/update-recipient.types.ts
@@ -0,0 +1,12 @@
+import { z } from 'zod';
+
+export const ZUpdateRecipientRequestSchema = z.object({
+  id: z.number().min(1),
+  name: z.string().optional(),
+  email: z.string().email().optional(),
+});
+
+export const ZUpdateRecipientResponseSchema = z.void();
+
+export type TUpdateRecipientRequest = z.infer<typeof ZUpdateRecipientRequestSchema>;
+export type TUpdateRecipientResponse = z.infer<typeof ZUpdateRecipientResponseSchema>;
diff --git a/packages/trpc/server/admin-router/update-site-setting.ts b/packages/trpc/server/admin-router/update-site-setting.ts
new file mode 100644
index 000000000..1b0ff971a
--- /dev/null
+++ b/packages/trpc/server/admin-router/update-site-setting.ts
@@ -0,0 +1,27 @@
+import { upsertSiteSetting } from '@documenso/lib/server-only/site-settings/upsert-site-setting';
+
+import { adminProcedure } from '../trpc';
+import {
+  ZUpdateSiteSettingRequestSchema,
+  ZUpdateSiteSettingResponseSchema,
+} from './update-site-setting.types';
+
+export const updateSiteSettingRoute = adminProcedure
+  .input(ZUpdateSiteSettingRequestSchema)
+  .output(ZUpdateSiteSettingResponseSchema)
+  .mutation(async ({ ctx, input }) => {
+    const { id, enabled, data } = input;
+
+    ctx.logger.info({
+      input: {
+        id,
+      },
+    });
+
+    await upsertSiteSetting({
+      id,
+      enabled,
+      data,
+      userId: ctx.user.id,
+    });
+  });
diff --git a/packages/trpc/server/admin-router/update-site-setting.types.ts b/packages/trpc/server/admin-router/update-site-setting.types.ts
new file mode 100644
index 000000000..bd8638b3e
--- /dev/null
+++ b/packages/trpc/server/admin-router/update-site-setting.types.ts
@@ -0,0 +1,10 @@
+import { z } from 'zod';
+
+import { ZSiteSettingSchema } from '@documenso/lib/server-only/site-settings/schema';
+
+export const ZUpdateSiteSettingRequestSchema = ZSiteSettingSchema;
+
+export const ZUpdateSiteSettingResponseSchema = z.void();
+
+export type TUpdateSiteSettingRequest = z.infer<typeof ZUpdateSiteSettingRequestSchema>;
+export type TUpdateSiteSettingResponse = z.infer<typeof ZUpdateSiteSettingResponseSchema>;
diff --git a/packages/trpc/server/admin-router/update-user.ts b/packages/trpc/server/admin-router/update-user.ts
new file mode 100644
index 000000000..d04a7f80e
--- /dev/null
+++ b/packages/trpc/server/admin-router/update-user.ts
@@ -0,0 +1,20 @@
+import { updateUser } from '@documenso/lib/server-only/admin/update-user';
+
+import { adminProcedure } from '../trpc';
+import { ZUpdateUserRequestSchema, ZUpdateUserResponseSchema } from './update-user.types';
+
+export const updateUserRoute = adminProcedure
+  .input(ZUpdateUserRequestSchema)
+  .output(ZUpdateUserResponseSchema)
+  .mutation(async ({ input, ctx }) => {
+    const { id, name, email, roles } = input;
+
+    ctx.logger.info({
+      input: {
+        id,
+        roles,
+      },
+    });
+
+    await updateUser({ id, name, email, roles });
+  });
diff --git a/packages/trpc/server/admin-router/update-user.types.ts b/packages/trpc/server/admin-router/update-user.types.ts
new file mode 100644
index 000000000..f4650fca4
--- /dev/null
+++ b/packages/trpc/server/admin-router/update-user.types.ts
@@ -0,0 +1,14 @@
+import { Role } from '@prisma/client';
+import { z } from 'zod';
+
+export const ZUpdateUserRequestSchema = z.object({
+  id: z.number().min(1),
+  name: z.string().nullish(),
+  email: z.string().email().optional(),
+  roles: z.array(z.nativeEnum(Role)).optional(),
+});
+
+export const ZUpdateUserResponseSchema = z.void();
+
+export type TUpdateUserRequest = z.infer<typeof ZUpdateUserRequestSchema>;
+export type TUpdateUserResponse = z.infer<typeof ZUpdateUserResponseSchema>;

From 49fabeb0ec47e1f3dc6c5dc7d2bae3f0ab0b0a5d Mon Sep 17 00:00:00 2001
From: David Nguyen <davidngu28@gmail.com>
Date: Mon, 25 Aug 2025 08:24:32 +1000
Subject: [PATCH 04/47] fix: refactor auth router (#1983)

---
 .../dialogs/passkey-create-dialog.tsx         |   4 +-
 apps/remix/app/components/forms/signin.tsx    |   2 +-
 .../document-signing-auth-passkey.tsx         |   2 +-
 .../document-signing-auth-provider.tsx        |   2 +-
 ...ettings-security-passkey-table-actions.tsx |   4 +-
 .../settings-security-passkey-table.tsx       |   2 +-
 .../create-passkey-authentication-options.ts  |  17 +++
 ...te-passkey-authentication-options.types.ts |  19 +++
 .../create-passkey-registration-options.ts    |  16 +++
 ...eate-passkey-registration-options.types.ts |  12 ++
 .../create-passkey-signin-options.ts          |  24 ++++
 .../create-passkey-signin-options.types.ts    |  15 +++
 .../trpc/server/auth-router/create-passkey.ts |  21 +++
 .../auth-router/create-passkey.types.ts       |  13 ++
 .../trpc/server/auth-router/delete-passkey.ts |  23 ++++
 .../auth-router/delete-passkey.types.ts       |  10 ++
 .../trpc/server/auth-router/find-passkeys.ts  |  18 +++
 .../server/auth-router/find-passkeys.types.ts |  33 +++++
 packages/trpc/server/auth-router/router.ts    | 125 +++---------------
 packages/trpc/server/auth-router/schema.ts    |  50 -------
 .../trpc/server/auth-router/update-passkey.ts |  24 ++++
 .../auth-router/update-passkey.types.ts       |  11 ++
 22 files changed, 280 insertions(+), 167 deletions(-)
 create mode 100644 packages/trpc/server/auth-router/create-passkey-authentication-options.ts
 create mode 100644 packages/trpc/server/auth-router/create-passkey-authentication-options.types.ts
 create mode 100644 packages/trpc/server/auth-router/create-passkey-registration-options.ts
 create mode 100644 packages/trpc/server/auth-router/create-passkey-registration-options.types.ts
 create mode 100644 packages/trpc/server/auth-router/create-passkey-signin-options.ts
 create mode 100644 packages/trpc/server/auth-router/create-passkey-signin-options.types.ts
 create mode 100644 packages/trpc/server/auth-router/create-passkey.ts
 create mode 100644 packages/trpc/server/auth-router/create-passkey.types.ts
 create mode 100644 packages/trpc/server/auth-router/delete-passkey.ts
 create mode 100644 packages/trpc/server/auth-router/delete-passkey.types.ts
 create mode 100644 packages/trpc/server/auth-router/find-passkeys.ts
 create mode 100644 packages/trpc/server/auth-router/find-passkeys.types.ts
 create mode 100644 packages/trpc/server/auth-router/update-passkey.ts
 create mode 100644 packages/trpc/server/auth-router/update-passkey.types.ts

diff --git a/apps/remix/app/components/dialogs/passkey-create-dialog.tsx b/apps/remix/app/components/dialogs/passkey-create-dialog.tsx
index 6a21895d3..8bfcbe3e5 100644
--- a/apps/remix/app/components/dialogs/passkey-create-dialog.tsx
+++ b/apps/remix/app/components/dialogs/passkey-create-dialog.tsx
@@ -65,9 +65,9 @@ export const PasskeyCreateDialog = ({ trigger, onSuccess, ...props }: PasskeyCre
   });
 
   const { mutateAsync: createPasskeyRegistrationOptions, isPending } =
-    trpc.auth.createPasskeyRegistrationOptions.useMutation();
+    trpc.auth.passkey.createRegistrationOptions.useMutation();
 
-  const { mutateAsync: createPasskey } = trpc.auth.createPasskey.useMutation();
+  const { mutateAsync: createPasskey } = trpc.auth.passkey.create.useMutation();
 
   const onFormSubmit = async ({ passkeyName }: TCreatePasskeyFormSchema) => {
     setFormError(null);
diff --git a/apps/remix/app/components/forms/signin.tsx b/apps/remix/app/components/forms/signin.tsx
index 2d7f9dffe..a9b7000ea 100644
--- a/apps/remix/app/components/forms/signin.tsx
+++ b/apps/remix/app/components/forms/signin.tsx
@@ -114,7 +114,7 @@ export const SignInForm = ({
   }, [returnTo]);
 
   const { mutateAsync: createPasskeySigninOptions } =
-    trpc.auth.createPasskeySigninOptions.useMutation();
+    trpc.auth.passkey.createSigninOptions.useMutation();
 
   const form = useForm<TSignInFormSchema>({
     values: {
diff --git a/apps/remix/app/components/general/document-signing/document-signing-auth-passkey.tsx b/apps/remix/app/components/general/document-signing/document-signing-auth-passkey.tsx
index 22e641713..930738c74 100644
--- a/apps/remix/app/components/general/document-signing/document-signing-auth-passkey.tsx
+++ b/apps/remix/app/components/general/document-signing/document-signing-auth-passkey.tsx
@@ -77,7 +77,7 @@ export const DocumentSigningAuthPasskey = ({
   });
 
   const { mutateAsync: createPasskeyAuthenticationOptions } =
-    trpc.auth.createPasskeyAuthenticationOptions.useMutation();
+    trpc.auth.passkey.createAuthenticationOptions.useMutation();
 
   const [formErrorCode, setFormErrorCode] = useState<string | null>(null);
 
diff --git a/apps/remix/app/components/general/document-signing/document-signing-auth-provider.tsx b/apps/remix/app/components/general/document-signing/document-signing-auth-provider.tsx
index 42e5ffd5b..c3b1be53e 100644
--- a/apps/remix/app/components/general/document-signing/document-signing-auth-provider.tsx
+++ b/apps/remix/app/components/general/document-signing/document-signing-auth-provider.tsx
@@ -93,7 +93,7 @@ export const DocumentSigningAuthProvider = ({
     [documentAuthOptions, recipient],
   );
 
-  const passkeyQuery = trpc.auth.findPasskeys.useQuery(
+  const passkeyQuery = trpc.auth.passkey.find.useQuery(
     {
       perPage: MAXIMUM_PASSKEYS,
     },
diff --git a/apps/remix/app/components/tables/settings-security-passkey-table-actions.tsx b/apps/remix/app/components/tables/settings-security-passkey-table-actions.tsx
index e86800149..835bebf55 100644
--- a/apps/remix/app/components/tables/settings-security-passkey-table-actions.tsx
+++ b/apps/remix/app/components/tables/settings-security-passkey-table-actions.tsx
@@ -62,7 +62,7 @@ export const SettingsSecurityPasskeyTableActions = ({
   });
 
   const { mutateAsync: updatePasskey, isPending: isUpdatingPasskey } =
-    trpc.auth.updatePasskey.useMutation({
+    trpc.auth.passkey.update.useMutation({
       onSuccess: () => {
         toast({
           title: _(msg`Success`),
@@ -84,7 +84,7 @@ export const SettingsSecurityPasskeyTableActions = ({
     });
 
   const { mutateAsync: deletePasskey, isPending: isDeletingPasskey } =
-    trpc.auth.deletePasskey.useMutation({
+    trpc.auth.passkey.delete.useMutation({
       onSuccess: () => {
         toast({
           title: _(msg`Success`),
diff --git a/apps/remix/app/components/tables/settings-security-passkey-table.tsx b/apps/remix/app/components/tables/settings-security-passkey-table.tsx
index 3d202900a..b2fe09621 100644
--- a/apps/remix/app/components/tables/settings-security-passkey-table.tsx
+++ b/apps/remix/app/components/tables/settings-security-passkey-table.tsx
@@ -26,7 +26,7 @@ export const SettingsSecurityPasskeyTable = () => {
 
   const parsedSearchParams = ZUrlSearchParamsSchema.parse(Object.fromEntries(searchParams ?? []));
 
-  const { data, isLoading, isLoadingError } = trpc.auth.findPasskeys.useQuery(
+  const { data, isLoading, isLoadingError } = trpc.auth.passkey.find.useQuery(
     {
       page: parsedSearchParams.page,
       perPage: parsedSearchParams.perPage,
diff --git a/packages/trpc/server/auth-router/create-passkey-authentication-options.ts b/packages/trpc/server/auth-router/create-passkey-authentication-options.ts
new file mode 100644
index 000000000..6b507f7ca
--- /dev/null
+++ b/packages/trpc/server/auth-router/create-passkey-authentication-options.ts
@@ -0,0 +1,17 @@
+import { createPasskeyAuthenticationOptions } from '@documenso/lib/server-only/auth/create-passkey-authentication-options';
+
+import { authenticatedProcedure } from '../trpc';
+import {
+  ZCreatePasskeyAuthenticationOptionsRequestSchema,
+  ZCreatePasskeyAuthenticationOptionsResponseSchema,
+} from './create-passkey-authentication-options.types';
+
+export const createPasskeyAuthenticationOptionsRoute = authenticatedProcedure
+  .input(ZCreatePasskeyAuthenticationOptionsRequestSchema)
+  .output(ZCreatePasskeyAuthenticationOptionsResponseSchema)
+  .mutation(async ({ ctx, input }) => {
+    return await createPasskeyAuthenticationOptions({
+      userId: ctx.user.id,
+      preferredPasskeyId: input?.preferredPasskeyId,
+    });
+  });
diff --git a/packages/trpc/server/auth-router/create-passkey-authentication-options.types.ts b/packages/trpc/server/auth-router/create-passkey-authentication-options.types.ts
new file mode 100644
index 000000000..a9ae6ad12
--- /dev/null
+++ b/packages/trpc/server/auth-router/create-passkey-authentication-options.types.ts
@@ -0,0 +1,19 @@
+import { z } from 'zod';
+
+export const ZCreatePasskeyAuthenticationOptionsRequestSchema = z
+  .object({
+    preferredPasskeyId: z.string().optional(),
+  })
+  .optional();
+
+export const ZCreatePasskeyAuthenticationOptionsResponseSchema = z.object({
+  tokenReference: z.string(),
+  options: z.any(), // PublicKeyCredentialRequestOptions type
+});
+
+export type TCreatePasskeyAuthenticationOptionsRequest = z.infer<
+  typeof ZCreatePasskeyAuthenticationOptionsRequestSchema
+>;
+export type TCreatePasskeyAuthenticationOptionsResponse = z.infer<
+  typeof ZCreatePasskeyAuthenticationOptionsResponseSchema
+>;
diff --git a/packages/trpc/server/auth-router/create-passkey-registration-options.ts b/packages/trpc/server/auth-router/create-passkey-registration-options.ts
new file mode 100644
index 000000000..969da6d98
--- /dev/null
+++ b/packages/trpc/server/auth-router/create-passkey-registration-options.ts
@@ -0,0 +1,16 @@
+import { createPasskeyRegistrationOptions } from '@documenso/lib/server-only/auth/create-passkey-registration-options';
+
+import { authenticatedProcedure } from '../trpc';
+import {
+  ZCreatePasskeyRegistrationOptionsRequestSchema,
+  ZCreatePasskeyRegistrationOptionsResponseSchema,
+} from './create-passkey-registration-options.types';
+
+export const createPasskeyRegistrationOptionsRoute = authenticatedProcedure
+  .input(ZCreatePasskeyRegistrationOptionsRequestSchema)
+  .output(ZCreatePasskeyRegistrationOptionsResponseSchema)
+  .mutation(async ({ ctx }) => {
+    return await createPasskeyRegistrationOptions({
+      userId: ctx.user.id,
+    });
+  });
diff --git a/packages/trpc/server/auth-router/create-passkey-registration-options.types.ts b/packages/trpc/server/auth-router/create-passkey-registration-options.types.ts
new file mode 100644
index 000000000..317201d3c
--- /dev/null
+++ b/packages/trpc/server/auth-router/create-passkey-registration-options.types.ts
@@ -0,0 +1,12 @@
+import { z } from 'zod';
+
+export const ZCreatePasskeyRegistrationOptionsRequestSchema = z.void();
+
+export const ZCreatePasskeyRegistrationOptionsResponseSchema = z.any(); // PublicKeyCredentialCreationOptions type
+
+export type TCreatePasskeyRegistrationOptionsRequest = z.infer<
+  typeof ZCreatePasskeyRegistrationOptionsRequestSchema
+>;
+export type TCreatePasskeyRegistrationOptionsResponse = z.infer<
+  typeof ZCreatePasskeyRegistrationOptionsResponseSchema
+>;
diff --git a/packages/trpc/server/auth-router/create-passkey-signin-options.ts b/packages/trpc/server/auth-router/create-passkey-signin-options.ts
new file mode 100644
index 000000000..924db1821
--- /dev/null
+++ b/packages/trpc/server/auth-router/create-passkey-signin-options.ts
@@ -0,0 +1,24 @@
+import { createPasskeySigninOptions } from '@documenso/lib/server-only/auth/create-passkey-signin-options';
+import { nanoid } from '@documenso/lib/universal/id';
+
+import { procedure } from '../trpc';
+import {
+  ZCreatePasskeySigninOptionsRequestSchema,
+  ZCreatePasskeySigninOptionsResponseSchema,
+} from './create-passkey-signin-options.types';
+
+export const createPasskeySigninOptionsRoute = procedure
+  .input(ZCreatePasskeySigninOptionsRequestSchema)
+  .output(ZCreatePasskeySigninOptionsResponseSchema)
+  .mutation(async () => {
+    const sessionIdToken = nanoid(16);
+
+    const [sessionId] = decodeURI(sessionIdToken).split('|');
+
+    const options = await createPasskeySigninOptions({ sessionId });
+
+    return {
+      options,
+      sessionId,
+    };
+  });
diff --git a/packages/trpc/server/auth-router/create-passkey-signin-options.types.ts b/packages/trpc/server/auth-router/create-passkey-signin-options.types.ts
new file mode 100644
index 000000000..38585372a
--- /dev/null
+++ b/packages/trpc/server/auth-router/create-passkey-signin-options.types.ts
@@ -0,0 +1,15 @@
+import { z } from 'zod';
+
+export const ZCreatePasskeySigninOptionsRequestSchema = z.void();
+
+export const ZCreatePasskeySigninOptionsResponseSchema = z.object({
+  options: z.any(), // PublicKeyCredentialRequestOptions type
+  sessionId: z.string(),
+});
+
+export type TCreatePasskeySigninOptionsRequest = z.infer<
+  typeof ZCreatePasskeySigninOptionsRequestSchema
+>;
+export type TCreatePasskeySigninOptionsResponse = z.infer<
+  typeof ZCreatePasskeySigninOptionsResponseSchema
+>;
diff --git a/packages/trpc/server/auth-router/create-passkey.ts b/packages/trpc/server/auth-router/create-passkey.ts
new file mode 100644
index 000000000..42b97b45b
--- /dev/null
+++ b/packages/trpc/server/auth-router/create-passkey.ts
@@ -0,0 +1,21 @@
+import type { RegistrationResponseJSON } from '@simplewebauthn/types';
+
+import { createPasskey } from '@documenso/lib/server-only/auth/create-passkey';
+
+import { authenticatedProcedure } from '../trpc';
+import { ZCreatePasskeyRequestSchema, ZCreatePasskeyResponseSchema } from './create-passkey.types';
+
+export const createPasskeyRoute = authenticatedProcedure
+  .input(ZCreatePasskeyRequestSchema)
+  .output(ZCreatePasskeyResponseSchema)
+  .mutation(async ({ ctx, input }) => {
+    // eslint-disable-next-line @typescript-eslint/consistent-type-assertions
+    const verificationResponse = input.verificationResponse as RegistrationResponseJSON;
+
+    return await createPasskey({
+      userId: ctx.user.id,
+      verificationResponse,
+      passkeyName: input.passkeyName,
+      requestMetadata: ctx.metadata.requestMetadata,
+    });
+  });
diff --git a/packages/trpc/server/auth-router/create-passkey.types.ts b/packages/trpc/server/auth-router/create-passkey.types.ts
new file mode 100644
index 000000000..06abf1793
--- /dev/null
+++ b/packages/trpc/server/auth-router/create-passkey.types.ts
@@ -0,0 +1,13 @@
+import { z } from 'zod';
+
+import { ZRegistrationResponseJSONSchema } from '@documenso/lib/types/webauthn';
+
+export const ZCreatePasskeyRequestSchema = z.object({
+  passkeyName: z.string().trim().min(1),
+  verificationResponse: ZRegistrationResponseJSONSchema,
+});
+
+export const ZCreatePasskeyResponseSchema = z.void();
+
+export type TCreatePasskeyRequest = z.infer<typeof ZCreatePasskeyRequestSchema>;
+export type TCreatePasskeyResponse = z.infer<typeof ZCreatePasskeyResponseSchema>;
diff --git a/packages/trpc/server/auth-router/delete-passkey.ts b/packages/trpc/server/auth-router/delete-passkey.ts
new file mode 100644
index 000000000..af1cdc6b7
--- /dev/null
+++ b/packages/trpc/server/auth-router/delete-passkey.ts
@@ -0,0 +1,23 @@
+import { deletePasskey } from '@documenso/lib/server-only/auth/delete-passkey';
+
+import { authenticatedProcedure } from '../trpc';
+import { ZDeletePasskeyRequestSchema, ZDeletePasskeyResponseSchema } from './delete-passkey.types';
+
+export const deletePasskeyRoute = authenticatedProcedure
+  .input(ZDeletePasskeyRequestSchema)
+  .output(ZDeletePasskeyResponseSchema)
+  .mutation(async ({ ctx, input }) => {
+    const { passkeyId } = input;
+
+    ctx.logger.info({
+      input: {
+        passkeyId,
+      },
+    });
+
+    await deletePasskey({
+      userId: ctx.user.id,
+      passkeyId,
+      requestMetadata: ctx.metadata.requestMetadata,
+    });
+  });
diff --git a/packages/trpc/server/auth-router/delete-passkey.types.ts b/packages/trpc/server/auth-router/delete-passkey.types.ts
new file mode 100644
index 000000000..7cfc4eacf
--- /dev/null
+++ b/packages/trpc/server/auth-router/delete-passkey.types.ts
@@ -0,0 +1,10 @@
+import { z } from 'zod';
+
+export const ZDeletePasskeyRequestSchema = z.object({
+  passkeyId: z.string().trim().min(1),
+});
+
+export const ZDeletePasskeyResponseSchema = z.void();
+
+export type TDeletePasskeyRequest = z.infer<typeof ZDeletePasskeyRequestSchema>;
+export type TDeletePasskeyResponse = z.infer<typeof ZDeletePasskeyResponseSchema>;
diff --git a/packages/trpc/server/auth-router/find-passkeys.ts b/packages/trpc/server/auth-router/find-passkeys.ts
new file mode 100644
index 000000000..ff7e5be79
--- /dev/null
+++ b/packages/trpc/server/auth-router/find-passkeys.ts
@@ -0,0 +1,18 @@
+import { findPasskeys } from '@documenso/lib/server-only/auth/find-passkeys';
+
+import { authenticatedProcedure } from '../trpc';
+import { ZFindPasskeysRequestSchema, ZFindPasskeysResponseSchema } from './find-passkeys.types';
+
+export const findPasskeysRoute = authenticatedProcedure
+  .input(ZFindPasskeysRequestSchema)
+  .output(ZFindPasskeysResponseSchema)
+  .query(async ({ input, ctx }) => {
+    const { page, perPage, orderBy } = input;
+
+    return await findPasskeys({
+      page,
+      perPage,
+      orderBy,
+      userId: ctx.user.id,
+    });
+  });
diff --git a/packages/trpc/server/auth-router/find-passkeys.types.ts b/packages/trpc/server/auth-router/find-passkeys.types.ts
new file mode 100644
index 000000000..1982f430e
--- /dev/null
+++ b/packages/trpc/server/auth-router/find-passkeys.types.ts
@@ -0,0 +1,33 @@
+import { z } from 'zod';
+
+import { ZFindResultResponse, ZFindSearchParamsSchema } from '@documenso/lib/types/search-params';
+import PasskeySchema from '@documenso/prisma/generated/zod/modelSchema/PasskeySchema';
+
+export const ZFindPasskeysRequestSchema = ZFindSearchParamsSchema.extend({
+  orderBy: z
+    .object({
+      column: z.enum(['createdAt', 'updatedAt', 'name']),
+      direction: z.enum(['asc', 'desc']),
+    })
+    .optional(),
+});
+
+export const ZFindPasskeysResponseSchema = ZFindResultResponse.extend({
+  data: z.array(
+    PasskeySchema.pick({
+      id: true,
+      userId: true,
+      name: true,
+      createdAt: true,
+      updatedAt: true,
+      lastUsedAt: true,
+      counter: true,
+      credentialDeviceType: true,
+      credentialBackedUp: true,
+      transports: true,
+    }),
+  ),
+});
+
+export type TFindPasskeysRequest = z.infer<typeof ZFindPasskeysRequestSchema>;
+export type TFindPasskeysResponse = z.infer<typeof ZFindPasskeysResponseSchema>;
diff --git a/packages/trpc/server/auth-router/router.ts b/packages/trpc/server/auth-router/router.ts
index 2eb54d1e6..5fc4b2c99 100644
--- a/packages/trpc/server/auth-router/router.ts
+++ b/packages/trpc/server/auth-router/router.ts
@@ -1,113 +1,20 @@
-import type { RegistrationResponseJSON } from '@simplewebauthn/types';
-
-import { createPasskey } from '@documenso/lib/server-only/auth/create-passkey';
-import { createPasskeyAuthenticationOptions } from '@documenso/lib/server-only/auth/create-passkey-authentication-options';
-import { createPasskeyRegistrationOptions } from '@documenso/lib/server-only/auth/create-passkey-registration-options';
-import { createPasskeySigninOptions } from '@documenso/lib/server-only/auth/create-passkey-signin-options';
-import { deletePasskey } from '@documenso/lib/server-only/auth/delete-passkey';
-import { findPasskeys } from '@documenso/lib/server-only/auth/find-passkeys';
-import { updatePasskey } from '@documenso/lib/server-only/auth/update-passkey';
-import { nanoid } from '@documenso/lib/universal/id';
-
-import { authenticatedProcedure, procedure, router } from '../trpc';
-import {
-  ZCreatePasskeyAuthenticationOptionsMutationSchema,
-  ZCreatePasskeyMutationSchema,
-  ZDeletePasskeyMutationSchema,
-  ZFindPasskeysQuerySchema,
-  ZUpdatePasskeyMutationSchema,
-} from './schema';
+import { router } from '../trpc';
+import { createPasskeyRoute } from './create-passkey';
+import { createPasskeyAuthenticationOptionsRoute } from './create-passkey-authentication-options';
+import { createPasskeyRegistrationOptionsRoute } from './create-passkey-registration-options';
+import { createPasskeySigninOptionsRoute } from './create-passkey-signin-options';
+import { deletePasskeyRoute } from './delete-passkey';
+import { findPasskeysRoute } from './find-passkeys';
+import { updatePasskeyRoute } from './update-passkey';
 
 export const authRouter = router({
-  createPasskey: authenticatedProcedure
-    .input(ZCreatePasskeyMutationSchema)
-    .mutation(async ({ ctx, input }) => {
-      // eslint-disable-next-line @typescript-eslint/consistent-type-assertions
-      const verificationResponse = input.verificationResponse as RegistrationResponseJSON;
-
-      return await createPasskey({
-        userId: ctx.user.id,
-        verificationResponse,
-        passkeyName: input.passkeyName,
-        requestMetadata: ctx.metadata.requestMetadata,
-      });
-    }),
-
-  createPasskeyAuthenticationOptions: authenticatedProcedure
-    .input(ZCreatePasskeyAuthenticationOptionsMutationSchema)
-    .mutation(async ({ ctx, input }) => {
-      return await createPasskeyAuthenticationOptions({
-        userId: ctx.user.id,
-        preferredPasskeyId: input?.preferredPasskeyId,
-      });
-    }),
-
-  createPasskeyRegistrationOptions: authenticatedProcedure.mutation(async ({ ctx }) => {
-    return await createPasskeyRegistrationOptions({
-      userId: ctx.user.id,
-    });
+  passkey: router({
+    create: createPasskeyRoute,
+    createAuthenticationOptions: createPasskeyAuthenticationOptionsRoute,
+    createRegistrationOptions: createPasskeyRegistrationOptionsRoute,
+    createSigninOptions: createPasskeySigninOptionsRoute,
+    delete: deletePasskeyRoute,
+    find: findPasskeysRoute,
+    update: updatePasskeyRoute,
   }),
-
-  createPasskeySigninOptions: procedure.mutation(async () => {
-    const sessionIdToken = nanoid(16);
-
-    const [sessionId] = decodeURI(sessionIdToken).split('|');
-
-    const options = await createPasskeySigninOptions({ sessionId });
-
-    return {
-      options,
-      sessionId,
-    };
-  }),
-
-  deletePasskey: authenticatedProcedure
-    .input(ZDeletePasskeyMutationSchema)
-    .mutation(async ({ ctx, input }) => {
-      const { passkeyId } = input;
-
-      ctx.logger.info({
-        input: {
-          passkeyId,
-        },
-      });
-
-      await deletePasskey({
-        userId: ctx.user.id,
-        passkeyId,
-        requestMetadata: ctx.metadata.requestMetadata,
-      });
-    }),
-
-  findPasskeys: authenticatedProcedure
-    .input(ZFindPasskeysQuerySchema)
-    .query(async ({ input, ctx }) => {
-      const { page, perPage, orderBy } = input;
-
-      return await findPasskeys({
-        page,
-        perPage,
-        orderBy,
-        userId: ctx.user.id,
-      });
-    }),
-
-  updatePasskey: authenticatedProcedure
-    .input(ZUpdatePasskeyMutationSchema)
-    .mutation(async ({ ctx, input }) => {
-      const { passkeyId, name } = input;
-
-      ctx.logger.info({
-        input: {
-          passkeyId,
-        },
-      });
-
-      await updatePasskey({
-        userId: ctx.user.id,
-        passkeyId,
-        name,
-        requestMetadata: ctx.metadata.requestMetadata,
-      });
-    }),
 });
diff --git a/packages/trpc/server/auth-router/schema.ts b/packages/trpc/server/auth-router/schema.ts
index 55ea2167d..91c8d5d4e 100644
--- a/packages/trpc/server/auth-router/schema.ts
+++ b/packages/trpc/server/auth-router/schema.ts
@@ -1,8 +1,5 @@
 import { z } from 'zod';
 
-import { ZFindSearchParamsSchema } from '@documenso/lib/types/search-params';
-import { ZRegistrationResponseJSONSchema } from '@documenso/lib/types/webauthn';
-
 export const ZCurrentPasswordSchema = z
   .string()
   .min(6, { message: 'Must be at least 6 characters in length' })
@@ -24,50 +21,3 @@ export const ZPasswordSchema = z
   .refine((value) => value.length > 25 || /[`~<>?,./!@#$%^&*()\-_"'+=|{}[\];:\\]/.test(value), {
     message: 'One special character is required',
   });
-
-export const ZSignUpMutationSchema = z.object({
-  name: z.string().min(1),
-  email: z.string().email(),
-  password: ZPasswordSchema,
-  signature: z.string().nullish(),
-  url: z
-    .string()
-    .trim()
-    .toLowerCase()
-    .min(1)
-    .regex(/^[a-z0-9-]+$/, {
-      message: 'Username can only container alphanumeric characters and dashes.',
-    })
-    .optional(),
-});
-
-export const ZCreatePasskeyMutationSchema = z.object({
-  passkeyName: z.string().trim().min(1),
-  verificationResponse: ZRegistrationResponseJSONSchema,
-});
-
-export const ZCreatePasskeyAuthenticationOptionsMutationSchema = z
-  .object({
-    preferredPasskeyId: z.string().optional(),
-  })
-  .optional();
-
-export const ZDeletePasskeyMutationSchema = z.object({
-  passkeyId: z.string().trim().min(1),
-});
-
-export const ZUpdatePasskeyMutationSchema = z.object({
-  passkeyId: z.string().trim().min(1),
-  name: z.string().trim().min(1),
-});
-
-export const ZFindPasskeysQuerySchema = ZFindSearchParamsSchema.extend({
-  orderBy: z
-    .object({
-      column: z.enum(['createdAt', 'updatedAt', 'name']),
-      direction: z.enum(['asc', 'desc']),
-    })
-    .optional(),
-});
-
-export type TSignUpMutationSchema = z.infer<typeof ZSignUpMutationSchema>;
diff --git a/packages/trpc/server/auth-router/update-passkey.ts b/packages/trpc/server/auth-router/update-passkey.ts
new file mode 100644
index 000000000..eeec06653
--- /dev/null
+++ b/packages/trpc/server/auth-router/update-passkey.ts
@@ -0,0 +1,24 @@
+import { updatePasskey } from '@documenso/lib/server-only/auth/update-passkey';
+
+import { authenticatedProcedure } from '../trpc';
+import { ZUpdatePasskeyRequestSchema, ZUpdatePasskeyResponseSchema } from './update-passkey.types';
+
+export const updatePasskeyRoute = authenticatedProcedure
+  .input(ZUpdatePasskeyRequestSchema)
+  .output(ZUpdatePasskeyResponseSchema)
+  .mutation(async ({ ctx, input }) => {
+    const { passkeyId, name } = input;
+
+    ctx.logger.info({
+      input: {
+        passkeyId,
+      },
+    });
+
+    await updatePasskey({
+      userId: ctx.user.id,
+      passkeyId,
+      name,
+      requestMetadata: ctx.metadata.requestMetadata,
+    });
+  });
diff --git a/packages/trpc/server/auth-router/update-passkey.types.ts b/packages/trpc/server/auth-router/update-passkey.types.ts
new file mode 100644
index 000000000..e898234da
--- /dev/null
+++ b/packages/trpc/server/auth-router/update-passkey.types.ts
@@ -0,0 +1,11 @@
+import { z } from 'zod';
+
+export const ZUpdatePasskeyRequestSchema = z.object({
+  passkeyId: z.string().trim().min(1),
+  name: z.string().trim().min(1),
+});
+
+export const ZUpdatePasskeyResponseSchema = z.void();
+
+export type TUpdatePasskeyRequest = z.infer<typeof ZUpdatePasskeyRequestSchema>;
+export type TUpdatePasskeyResponse = z.infer<typeof ZUpdatePasskeyResponseSchema>;

From b8d07fd1a640de56010ed9f0afd59a8f473f4929 Mon Sep 17 00:00:00 2001
From: David Nguyen <davidngu28@gmail.com>
Date: Mon, 25 Aug 2025 08:25:01 +1000
Subject: [PATCH 05/47] fix: refactor token router (#1981)

---
 .../dialogs/token-delete-dialog.tsx           |  2 +-
 apps/remix/app/components/forms/token.tsx     |  6 +--
 .../t.$teamUrl+/settings.tokens.tsx           |  2 +-
 .../public-api/delete-api-token-by-id.ts      |  2 +-
 .../api-token-router/create-api-token.ts      | 27 ++++++++++
 .../create-api-token.types.ts                 | 12 +++++
 .../api-token-router/delete-api-token.ts      | 27 ++++++++++
 .../delete-api-token.types.ts                 |  8 +++
 .../server/api-token-router/get-api-tokens.ts | 19 +++++++
 .../api-token-router/get-api-tokens.types.ts  | 16 ++++++
 .../trpc/server/api-token-router/router.ts    | 54 +++----------------
 .../trpc/server/api-token-router/schema.ts    | 16 ------
 12 files changed, 122 insertions(+), 69 deletions(-)
 create mode 100644 packages/trpc/server/api-token-router/create-api-token.ts
 create mode 100644 packages/trpc/server/api-token-router/create-api-token.types.ts
 create mode 100644 packages/trpc/server/api-token-router/delete-api-token.ts
 create mode 100644 packages/trpc/server/api-token-router/delete-api-token.types.ts
 create mode 100644 packages/trpc/server/api-token-router/get-api-tokens.ts
 create mode 100644 packages/trpc/server/api-token-router/get-api-tokens.types.ts
 delete mode 100644 packages/trpc/server/api-token-router/schema.ts

diff --git a/apps/remix/app/components/dialogs/token-delete-dialog.tsx b/apps/remix/app/components/dialogs/token-delete-dialog.tsx
index aa557132b..bd20c2377 100644
--- a/apps/remix/app/components/dialogs/token-delete-dialog.tsx
+++ b/apps/remix/app/components/dialogs/token-delete-dialog.tsx
@@ -56,7 +56,7 @@ export default function TokenDeleteDialog({ token, onDelete, children }: TokenDe
 
   type TDeleteTokenByIdMutationSchema = z.infer<typeof ZTokenDeleteDialogSchema>;
 
-  const { mutateAsync: deleteTokenMutation } = trpc.apiToken.deleteTokenById.useMutation({
+  const { mutateAsync: deleteTokenMutation } = trpc.apiToken.delete.useMutation({
     onSuccess() {
       onDelete?.();
     },
diff --git a/apps/remix/app/components/forms/token.tsx b/apps/remix/app/components/forms/token.tsx
index 13b7da0b1..1b8e4f3e3 100644
--- a/apps/remix/app/components/forms/token.tsx
+++ b/apps/remix/app/components/forms/token.tsx
@@ -13,7 +13,7 @@ import type { z } from 'zod';
 import { useCopyToClipboard } from '@documenso/lib/client-only/hooks/use-copy-to-clipboard';
 import { AppError, AppErrorCode } from '@documenso/lib/errors/app-error';
 import { trpc } from '@documenso/trpc/react';
-import { ZCreateTokenMutationSchema } from '@documenso/trpc/server/api-token-router/schema';
+import { ZCreateApiTokenRequestSchema } from '@documenso/trpc/server/api-token-router/create-api-token.types';
 import { cn } from '@documenso/ui/lib/utils';
 import { Button } from '@documenso/ui/primitives/button';
 import { Card, CardContent } from '@documenso/ui/primitives/card';
@@ -47,7 +47,7 @@ export const EXPIRATION_DATES = {
   ONE_YEAR: msg`12 months`,
 } as const;
 
-const ZCreateTokenFormSchema = ZCreateTokenMutationSchema.pick({
+const ZCreateTokenFormSchema = ZCreateApiTokenRequestSchema.pick({
   tokenName: true,
   expirationDate: true,
 });
@@ -75,7 +75,7 @@ export const ApiTokenForm = ({ className, tokens }: ApiTokenFormProps) => {
   const [newlyCreatedToken, setNewlyCreatedToken] = useState<NewlyCreatedToken | null>();
   const [noExpirationDate, setNoExpirationDate] = useState(false);
 
-  const { mutateAsync: createTokenMutation } = trpc.apiToken.createToken.useMutation({
+  const { mutateAsync: createTokenMutation } = trpc.apiToken.create.useMutation({
     onSuccess(data) {
       setNewlyCreatedToken(data);
     },
diff --git a/apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.tokens.tsx b/apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.tokens.tsx
index 1d5f86bd5..584a71197 100644
--- a/apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.tokens.tsx
+++ b/apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.tokens.tsx
@@ -21,7 +21,7 @@ export function meta() {
 export default function ApiTokensPage() {
   const { i18n } = useLingui();
 
-  const { data: tokens } = trpc.apiToken.getTokens.useQuery();
+  const { data: tokens } = trpc.apiToken.getMany.useQuery();
 
   const team = useOptionalCurrentTeam();
 
diff --git a/packages/lib/server-only/public-api/delete-api-token-by-id.ts b/packages/lib/server-only/public-api/delete-api-token-by-id.ts
index 751b08c4f..b7723dfd7 100644
--- a/packages/lib/server-only/public-api/delete-api-token-by-id.ts
+++ b/packages/lib/server-only/public-api/delete-api-token-by-id.ts
@@ -25,7 +25,7 @@ export const deleteTokenById = async ({ id, userId, teamId }: DeleteTokenByIdOpt
     });
   }
 
-  return await prisma.apiToken.delete({
+  await prisma.apiToken.delete({
     where: {
       id,
       teamId,
diff --git a/packages/trpc/server/api-token-router/create-api-token.ts b/packages/trpc/server/api-token-router/create-api-token.ts
new file mode 100644
index 000000000..6b8e665f8
--- /dev/null
+++ b/packages/trpc/server/api-token-router/create-api-token.ts
@@ -0,0 +1,27 @@
+import { createApiToken } from '@documenso/lib/server-only/public-api/create-api-token';
+
+import { authenticatedProcedure } from '../trpc';
+import {
+  ZCreateApiTokenRequestSchema,
+  ZCreateApiTokenResponseSchema,
+} from './create-api-token.types';
+
+export const createApiTokenRoute = authenticatedProcedure
+  .input(ZCreateApiTokenRequestSchema)
+  .output(ZCreateApiTokenResponseSchema)
+  .mutation(async ({ input, ctx }) => {
+    const { tokenName, teamId, expirationDate } = input;
+
+    ctx.logger.info({
+      input: {
+        teamId,
+      },
+    });
+
+    return await createApiToken({
+      userId: ctx.user.id,
+      teamId,
+      tokenName,
+      expiresIn: expirationDate,
+    });
+  });
diff --git a/packages/trpc/server/api-token-router/create-api-token.types.ts b/packages/trpc/server/api-token-router/create-api-token.types.ts
new file mode 100644
index 000000000..c73c65833
--- /dev/null
+++ b/packages/trpc/server/api-token-router/create-api-token.types.ts
@@ -0,0 +1,12 @@
+import { z } from 'zod';
+
+export const ZCreateApiTokenRequestSchema = z.object({
+  teamId: z.number(),
+  tokenName: z.string().min(3, { message: 'The token name should be 3 characters or longer' }),
+  expirationDate: z.string().nullable(),
+});
+
+export const ZCreateApiTokenResponseSchema = z.object({
+  id: z.number(),
+  token: z.string(),
+});
diff --git a/packages/trpc/server/api-token-router/delete-api-token.ts b/packages/trpc/server/api-token-router/delete-api-token.ts
new file mode 100644
index 000000000..45fcc2dee
--- /dev/null
+++ b/packages/trpc/server/api-token-router/delete-api-token.ts
@@ -0,0 +1,27 @@
+import { deleteTokenById } from '@documenso/lib/server-only/public-api/delete-api-token-by-id';
+
+import { authenticatedProcedure } from '../trpc';
+import {
+  ZDeleteApiTokenRequestSchema,
+  ZDeleteApiTokenResponseSchema,
+} from './delete-api-token.types';
+
+export const deleteApiTokenRoute = authenticatedProcedure
+  .input(ZDeleteApiTokenRequestSchema)
+  .output(ZDeleteApiTokenResponseSchema)
+  .mutation(async ({ input, ctx }) => {
+    const { id, teamId } = input;
+
+    ctx.logger.info({
+      input: {
+        id,
+        teamId,
+      },
+    });
+
+    await deleteTokenById({
+      id,
+      teamId,
+      userId: ctx.user.id,
+    });
+  });
diff --git a/packages/trpc/server/api-token-router/delete-api-token.types.ts b/packages/trpc/server/api-token-router/delete-api-token.types.ts
new file mode 100644
index 000000000..7cf235fae
--- /dev/null
+++ b/packages/trpc/server/api-token-router/delete-api-token.types.ts
@@ -0,0 +1,8 @@
+import { z } from 'zod';
+
+export const ZDeleteApiTokenRequestSchema = z.object({
+  id: z.number().min(1),
+  teamId: z.number(),
+});
+
+export const ZDeleteApiTokenResponseSchema = z.void();
diff --git a/packages/trpc/server/api-token-router/get-api-tokens.ts b/packages/trpc/server/api-token-router/get-api-tokens.ts
new file mode 100644
index 000000000..4473c8d42
--- /dev/null
+++ b/packages/trpc/server/api-token-router/get-api-tokens.ts
@@ -0,0 +1,19 @@
+import { getApiTokens } from '@documenso/lib/server-only/public-api/get-api-tokens';
+
+import { authenticatedProcedure } from '../trpc';
+import { ZGetApiTokensRequestSchema, ZGetApiTokensResponseSchema } from './get-api-tokens.types';
+
+export const getApiTokensRoute = authenticatedProcedure
+  .input(ZGetApiTokensRequestSchema)
+  .output(ZGetApiTokensResponseSchema)
+  .query(async ({ ctx }) => {
+    const { teamId } = ctx;
+
+    ctx.logger.info({
+      input: {
+        teamId,
+      },
+    });
+
+    return await getApiTokens({ userId: ctx.user.id, teamId });
+  });
diff --git a/packages/trpc/server/api-token-router/get-api-tokens.types.ts b/packages/trpc/server/api-token-router/get-api-tokens.types.ts
new file mode 100644
index 000000000..9e380bf9d
--- /dev/null
+++ b/packages/trpc/server/api-token-router/get-api-tokens.types.ts
@@ -0,0 +1,16 @@
+import { z } from 'zod';
+
+import ApiTokenSchema from '@documenso/prisma/generated/zod/modelSchema/ApiTokenSchema';
+
+export const ZGetApiTokensRequestSchema = z.void();
+
+export const ZGetApiTokensResponseSchema = z.array(
+  ApiTokenSchema.pick({
+    id: true,
+    name: true,
+    createdAt: true,
+    expires: true,
+  }),
+);
+
+export type TGetApiTokensResponse = z.infer<typeof ZGetApiTokensResponseSchema>;
diff --git a/packages/trpc/server/api-token-router/router.ts b/packages/trpc/server/api-token-router/router.ts
index f1439060c..8a17d5b66 100644
--- a/packages/trpc/server/api-token-router/router.ts
+++ b/packages/trpc/server/api-token-router/router.ts
@@ -1,50 +1,10 @@
-import { createApiToken } from '@documenso/lib/server-only/public-api/create-api-token';
-import { deleteTokenById } from '@documenso/lib/server-only/public-api/delete-api-token-by-id';
-import { getApiTokens } from '@documenso/lib/server-only/public-api/get-api-tokens';
-
-import { authenticatedProcedure, router } from '../trpc';
-import { ZCreateTokenMutationSchema, ZDeleteTokenByIdMutationSchema } from './schema';
+import { router } from '../trpc';
+import { createApiTokenRoute } from './create-api-token';
+import { deleteApiTokenRoute } from './delete-api-token';
+import { getApiTokensRoute } from './get-api-tokens';
 
 export const apiTokenRouter = router({
-  getTokens: authenticatedProcedure.query(async ({ ctx }) => {
-    return await getApiTokens({ userId: ctx.user.id, teamId: ctx.teamId });
-  }),
-
-  createToken: authenticatedProcedure
-    .input(ZCreateTokenMutationSchema)
-    .mutation(async ({ input, ctx }) => {
-      const { tokenName, teamId, expirationDate } = input;
-
-      ctx.logger.info({
-        input: {
-          teamId,
-        },
-      });
-
-      return await createApiToken({
-        userId: ctx.user.id,
-        teamId,
-        tokenName,
-        expiresIn: expirationDate,
-      });
-    }),
-
-  deleteTokenById: authenticatedProcedure
-    .input(ZDeleteTokenByIdMutationSchema)
-    .mutation(async ({ input, ctx }) => {
-      const { id, teamId } = input;
-
-      ctx.logger.info({
-        input: {
-          id,
-          teamId,
-        },
-      });
-
-      return await deleteTokenById({
-        id,
-        teamId,
-        userId: ctx.user.id,
-      });
-    }),
+  create: createApiTokenRoute,
+  getMany: getApiTokensRoute,
+  delete: deleteApiTokenRoute,
 });
diff --git a/packages/trpc/server/api-token-router/schema.ts b/packages/trpc/server/api-token-router/schema.ts
deleted file mode 100644
index 85c41d956..000000000
--- a/packages/trpc/server/api-token-router/schema.ts
+++ /dev/null
@@ -1,16 +0,0 @@
-import { z } from 'zod';
-
-export const ZCreateTokenMutationSchema = z.object({
-  teamId: z.number(),
-  tokenName: z.string().min(3, { message: 'The token name should be 3 characters or longer' }),
-  expirationDate: z.string().nullable(),
-});
-
-export type TCreateTokenMutationSchema = z.infer<typeof ZCreateTokenMutationSchema>;
-
-export const ZDeleteTokenByIdMutationSchema = z.object({
-  id: z.number().min(1),
-  teamId: z.number(),
-});
-
-export type TDeleteTokenByIdMutationSchema = z.infer<typeof ZDeleteTokenByIdMutationSchema>;

From fe4d3ed1fdc702ec2629dc1092c194f434a3f619 Mon Sep 17 00:00:00 2001
From: Lucas Smith <me@lucasjamessmith.me>
Date: Mon, 25 Aug 2025 09:48:04 +1000
Subject: [PATCH 06/47] v1.12.2-rc.5

---
 apps/remix/package.json | 2 +-
 package-lock.json       | 6 +++---
 package.json            | 2 +-
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/apps/remix/package.json b/apps/remix/package.json
index a0c20d515..728f4ec26 100644
--- a/apps/remix/package.json
+++ b/apps/remix/package.json
@@ -101,5 +101,5 @@
     "vite-plugin-babel-macros": "^1.0.6",
     "vite-tsconfig-paths": "^5.1.4"
   },
-  "version": "1.12.2-rc.4"
+  "version": "1.12.2-rc.5"
 }
diff --git a/package-lock.json b/package-lock.json
index 7b2d0ed69..28385e051 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,12 +1,12 @@
 {
   "name": "@documenso/root",
-  "version": "1.12.2-rc.4",
+  "version": "1.12.2-rc.5",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "@documenso/root",
-      "version": "1.12.2-rc.4",
+      "version": "1.12.2-rc.5",
       "workspaces": [
         "apps/*",
         "packages/*"
@@ -89,7 +89,7 @@
     },
     "apps/remix": {
       "name": "@documenso/remix",
-      "version": "1.12.2-rc.4",
+      "version": "1.12.2-rc.5",
       "dependencies": {
         "@documenso/api": "*",
         "@documenso/assets": "*",
diff --git a/package.json b/package.json
index 1f1a39496..86efef735 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "private": true,
-  "version": "1.12.2-rc.4",
+  "version": "1.12.2-rc.5",
   "scripts": {
     "build": "turbo run build",
     "dev": "turbo run dev --filter=@documenso/remix",

From dbf10e5b7b30c8bbbedca026d51752e211b339fd Mon Sep 17 00:00:00 2001
From: David Nguyen <davidngu28@gmail.com>
Date: Mon, 25 Aug 2025 11:32:15 +1000
Subject: [PATCH 07/47] chore: add agents file (#1991)

---
 AGENTS.md | 57 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 57 insertions(+)
 create mode 100644 AGENTS.md

diff --git a/AGENTS.md b/AGENTS.md
new file mode 100644
index 000000000..b6fba867d
--- /dev/null
+++ b/AGENTS.md
@@ -0,0 +1,57 @@
+# Agent Guidelines for Documenso
+
+## Build/Test/Lint Commands
+
+- `npm run build` - Build all packages
+- `npm run lint` - Lint all packages
+- `npm run lint:fix` - Auto-fix linting issues
+- `npm run test:e2e` - Run E2E tests with Playwright
+- `npm run test:dev -w @documenso/app-tests` - Run single E2E test in dev mode
+- `npm run test-ui:dev -w @documenso/app-tests` - Run E2E tests with UI
+- `npm run format` - Format code with Prettier
+- `npm run dev` - Start development server for Remix app
+
+## Code Style Guidelines
+
+- Use TypeScript for all code; prefer `type` over `interface`
+- Use functional components with `const Component = () => {}`
+- Never use classes; prefer functional/declarative patterns
+- Use descriptive variable names with auxiliary verbs (isLoading, hasError)
+- Directory names: lowercase with dashes (auth-wizard)
+- Use named exports for components
+- Never use 'use client' directive
+- Never use 1-line if statements
+- Structure files: exported component, subcomponents, helpers, static content, types
+
+## Error Handling & Validation
+
+- Use custom AppError class when throwing errors
+- When catching errors on the frontend use `const error = AppError.parse(error)` to get the error code
+- Use early returns and guard clauses
+- Use Zod for form validation and react-hook-form for forms
+- Use error boundaries for unexpected errors
+
+## UI & Styling
+
+- Use Shadcn UI, Radix, and Tailwind CSS with mobile-first approach
+- Use `<Form>` `<FormItem>` elements with fieldset having `:disabled` attribute when loading
+- Use Lucide icons with longhand names (HomeIcon vs Home)
+
+## TRPC Routes
+
+- Each route in own file: `routers/teams/create-team.ts`
+- Associated types file: `routers/teams/create-team.types.ts`
+- Request/response schemas: `Z[RouteName]RequestSchema`, `Z[RouteName]ResponseSchema`
+- Only use GET and POST methods in OpenAPI meta
+- Deconstruct input argument on its own line
+- Prefer route names such as get/getMany/find/create/update/delete
+- "create" routes request schema should have the ID and data in the top level
+- "update" routes request schema should have the ID in the top level and the data in a nested "data" object
+
+## Translations & Remix
+
+- Use `<Trans>string</Trans>` for JSX translations from `@lingui/react/macro`
+- Use `t\`string\`` macro for TypeScript translations
+- Use `(params: Route.Params)` and `(loaderData: Route.LoaderData)` for routes
+- Directly return data from loaders, don't use `json()`
+- Use `superLoaderJson` when sending complex data through loaders such as dates or prisma decimals

From 7eb882aea8ff51f3f75ff44dac6b378a6ca3e27e Mon Sep 17 00:00:00 2001
From: David Nguyen <davidngu28@gmail.com>
Date: Mon, 25 Aug 2025 20:59:37 +1000
Subject: [PATCH 08/47] fix: email domain sender logic (#1993)

---
 packages/lib/server-only/email/get-email-context.ts | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/packages/lib/server-only/email/get-email-context.ts b/packages/lib/server-only/email/get-email-context.ts
index 2dcf909fe..a9f924980 100644
--- a/packages/lib/server-only/email/get-email-context.ts
+++ b/packages/lib/server-only/email/get-email-context.ts
@@ -1,3 +1,5 @@
+import { P, match } from 'ts-pattern';
+
 import type { BrandingSettings } from '@documenso/email/providers/branding';
 import { prisma } from '@documenso/prisma';
 import type {
@@ -104,7 +106,12 @@ export const getEmailContext = async (
   }
 
   const replyToEmail = meta?.emailReplyTo || emailContext.settings.emailReplyTo || undefined;
-  const senderEmailId = meta?.emailId === null ? null : emailContext.settings.emailId;
+
+  const senderEmailId = match(meta?.emailId)
+    .with(P.string, (emailId) => emailId) // Explicit string means to use the provided email ID.
+    .with(undefined, () => emailContext.settings.emailId) // Undefined means to use the inherited email ID.
+    .with(null, () => null) // Explicit null means to use the Documenso email.
+    .exhaustive();
 
   const foundSenderEmail = emailContext.allowedEmails.find((email) => email.id === senderEmailId);
 

From 44f5da95b3a4eae28f635ab3bf25f37ee0a51df1 Mon Sep 17 00:00:00 2001
From: David Nguyen <davidngu28@gmail.com>
Date: Mon, 25 Aug 2025 21:00:35 +1000
Subject: [PATCH 09/47] chore: refactor routes (#1992)

---
 .../dialogs/admin-user-delete-dialog.tsx      |  4 ++--
 .../dialogs/admin-user-disable-dialog.tsx     |  4 ++--
 .../dialogs/admin-user-enable-dialog.tsx      |  4 ++--
 .../admin-user-reset-two-factor-dialog.tsx    |  4 ++--
 .../_authenticated+/admin+/users.$id.tsx      |  6 +++---
 .../organisation.invite.$token.tsx            |  3 +++
 .../lib/utils/handle-oauth-callback-url.ts    |  4 ++++
 .../emails/send-signing-email.handler.ts      |  5 +++++
 packages/lib/server-only/admin/update-user.ts |  6 ------
 .../lib/server-only/user/get-user-by-id.ts    | 20 +++++++++++++++++-
 .../lib/server-only/user/update-profile.ts    |  4 ++--
 packages/trpc/server/admin-router/get-user.ts | 19 +++++++++++++++++
 .../server/admin-router/get-user.types.ts     | 21 +++++++++++++++++++
 packages/trpc/server/admin-router/router.ts   |  2 ++
 packages/trpc/server/profile-router/router.ts | 20 +++---------------
 packages/trpc/server/profile-router/schema.ts |  6 ------
 16 files changed, 89 insertions(+), 43 deletions(-)
 create mode 100644 packages/trpc/server/admin-router/get-user.ts
 create mode 100644 packages/trpc/server/admin-router/get-user.types.ts

diff --git a/apps/remix/app/components/dialogs/admin-user-delete-dialog.tsx b/apps/remix/app/components/dialogs/admin-user-delete-dialog.tsx
index d2f0cf8b7..157cc5284 100644
--- a/apps/remix/app/components/dialogs/admin-user-delete-dialog.tsx
+++ b/apps/remix/app/components/dialogs/admin-user-delete-dialog.tsx
@@ -3,12 +3,12 @@ import { useState } from 'react';
 import { msg } from '@lingui/core/macro';
 import { useLingui } from '@lingui/react';
 import { Trans } from '@lingui/react/macro';
-import type { User } from '@prisma/client';
 import { useNavigate } from 'react-router';
 import { match } from 'ts-pattern';
 
 import { AppError, AppErrorCode } from '@documenso/lib/errors/app-error';
 import { trpc } from '@documenso/trpc/react';
+import type { TGetUserResponse } from '@documenso/trpc/server/admin-router/get-user.types';
 import { Alert, AlertDescription, AlertTitle } from '@documenso/ui/primitives/alert';
 import { Button } from '@documenso/ui/primitives/button';
 import {
@@ -25,7 +25,7 @@ import { useToast } from '@documenso/ui/primitives/use-toast';
 
 export type AdminUserDeleteDialogProps = {
   className?: string;
-  user: User;
+  user: TGetUserResponse;
 };
 
 export const AdminUserDeleteDialog = ({ className, user }: AdminUserDeleteDialogProps) => {
diff --git a/apps/remix/app/components/dialogs/admin-user-disable-dialog.tsx b/apps/remix/app/components/dialogs/admin-user-disable-dialog.tsx
index 5d995ccdf..347532a19 100644
--- a/apps/remix/app/components/dialogs/admin-user-disable-dialog.tsx
+++ b/apps/remix/app/components/dialogs/admin-user-disable-dialog.tsx
@@ -3,11 +3,11 @@ import { useState } from 'react';
 import { msg } from '@lingui/core/macro';
 import { useLingui } from '@lingui/react';
 import { Trans } from '@lingui/react/macro';
-import type { User } from '@prisma/client';
 import { match } from 'ts-pattern';
 
 import { AppError, AppErrorCode } from '@documenso/lib/errors/app-error';
 import { trpc } from '@documenso/trpc/react';
+import type { TGetUserResponse } from '@documenso/trpc/server/admin-router/get-user.types';
 import { Alert, AlertDescription, AlertTitle } from '@documenso/ui/primitives/alert';
 import { Button } from '@documenso/ui/primitives/button';
 import {
@@ -24,7 +24,7 @@ import { useToast } from '@documenso/ui/primitives/use-toast';
 
 export type AdminUserDisableDialogProps = {
   className?: string;
-  userToDisable: User;
+  userToDisable: TGetUserResponse;
 };
 
 export const AdminUserDisableDialog = ({
diff --git a/apps/remix/app/components/dialogs/admin-user-enable-dialog.tsx b/apps/remix/app/components/dialogs/admin-user-enable-dialog.tsx
index 702b2d73b..64f9aa72d 100644
--- a/apps/remix/app/components/dialogs/admin-user-enable-dialog.tsx
+++ b/apps/remix/app/components/dialogs/admin-user-enable-dialog.tsx
@@ -3,11 +3,11 @@ import { useState } from 'react';
 import { msg } from '@lingui/core/macro';
 import { useLingui } from '@lingui/react';
 import { Trans } from '@lingui/react/macro';
-import type { User } from '@prisma/client';
 import { match } from 'ts-pattern';
 
 import { AppError, AppErrorCode } from '@documenso/lib/errors/app-error';
 import { trpc } from '@documenso/trpc/react';
+import type { TGetUserResponse } from '@documenso/trpc/server/admin-router/get-user.types';
 import { Alert, AlertDescription, AlertTitle } from '@documenso/ui/primitives/alert';
 import { Button } from '@documenso/ui/primitives/button';
 import {
@@ -24,7 +24,7 @@ import { useToast } from '@documenso/ui/primitives/use-toast';
 
 export type AdminUserEnableDialogProps = {
   className?: string;
-  userToEnable: User;
+  userToEnable: TGetUserResponse;
 };
 
 export const AdminUserEnableDialog = ({ className, userToEnable }: AdminUserEnableDialogProps) => {
diff --git a/apps/remix/app/components/dialogs/admin-user-reset-two-factor-dialog.tsx b/apps/remix/app/components/dialogs/admin-user-reset-two-factor-dialog.tsx
index f95657d9f..59372ecc9 100644
--- a/apps/remix/app/components/dialogs/admin-user-reset-two-factor-dialog.tsx
+++ b/apps/remix/app/components/dialogs/admin-user-reset-two-factor-dialog.tsx
@@ -3,12 +3,12 @@ import { useState } from 'react';
 import { msg } from '@lingui/core/macro';
 import { useLingui } from '@lingui/react';
 import { Trans } from '@lingui/react/macro';
-import type { User } from '@prisma/client';
 import { useRevalidator } from 'react-router';
 import { match } from 'ts-pattern';
 
 import { AppError, AppErrorCode } from '@documenso/lib/errors/app-error';
 import { trpc } from '@documenso/trpc/react';
+import type { TGetUserResponse } from '@documenso/trpc/server/admin-router/get-user.types';
 import { Alert, AlertDescription, AlertTitle } from '@documenso/ui/primitives/alert';
 import { Button } from '@documenso/ui/primitives/button';
 import {
@@ -25,7 +25,7 @@ import { useToast } from '@documenso/ui/primitives/use-toast';
 
 export type AdminUserResetTwoFactorDialogProps = {
   className?: string;
-  user: User;
+  user: TGetUserResponse;
 };
 
 export const AdminUserResetTwoFactorDialog = ({
diff --git a/apps/remix/app/routes/_authenticated+/admin+/users.$id.tsx b/apps/remix/app/routes/_authenticated+/admin+/users.$id.tsx
index 9242d3dd5..3cd0f5853 100644
--- a/apps/remix/app/routes/_authenticated+/admin+/users.$id.tsx
+++ b/apps/remix/app/routes/_authenticated+/admin+/users.$id.tsx
@@ -2,13 +2,13 @@ import { zodResolver } from '@hookform/resolvers/zod';
 import { msg } from '@lingui/core/macro';
 import { useLingui } from '@lingui/react';
 import { Trans } from '@lingui/react/macro';
-import type { User } from '@prisma/client';
 import { useForm } from 'react-hook-form';
 import { useRevalidator } from 'react-router';
 import { Link } from 'react-router';
 import type { z } from 'zod';
 
 import { trpc } from '@documenso/trpc/react';
+import type { TGetUserResponse } from '@documenso/trpc/server/admin-router/get-user.types';
 import { ZUpdateUserRequestSchema } from '@documenso/trpc/server/admin-router/update-user.types';
 import { Button } from '@documenso/ui/primitives/button';
 import {
@@ -38,7 +38,7 @@ const ZUserFormSchema = ZUpdateUserRequestSchema.omit({ id: true });
 type TUserFormSchema = z.infer<typeof ZUserFormSchema>;
 
 export default function UserPage({ params }: { params: { id: number } }) {
-  const { data: user, isLoading: isLoadingUser } = trpc.profile.getUser.useQuery(
+  const { data: user, isLoading: isLoadingUser } = trpc.admin.user.get.useQuery(
     {
       id: Number(params.id),
     },
@@ -78,7 +78,7 @@ export default function UserPage({ params }: { params: { id: number } }) {
   return <AdminUserPage user={user} />;
 }
 
-const AdminUserPage = ({ user }: { user: User }) => {
+const AdminUserPage = ({ user }: { user: TGetUserResponse }) => {
   const { _ } = useLingui();
   const { toast } = useToast();
   const { revalidate } = useRevalidator();
diff --git a/apps/remix/app/routes/_unauthenticated+/organisation.invite.$token.tsx b/apps/remix/app/routes/_unauthenticated+/organisation.invite.$token.tsx
index 5fa253ca3..39acc2194 100644
--- a/apps/remix/app/routes/_unauthenticated+/organisation.invite.$token.tsx
+++ b/apps/remix/app/routes/_unauthenticated+/organisation.invite.$token.tsx
@@ -45,6 +45,9 @@ export async function loader({ params, request }: Route.LoaderArgs) {
         mode: 'insensitive',
       },
     },
+    select: {
+      id: true,
+    },
   });
 
   // Directly convert the team member invite to a team member if they already have an account.
diff --git a/packages/auth/server/lib/utils/handle-oauth-callback-url.ts b/packages/auth/server/lib/utils/handle-oauth-callback-url.ts
index 96967cc4e..15fc1f7fa 100644
--- a/packages/auth/server/lib/utils/handle-oauth-callback-url.ts
+++ b/packages/auth/server/lib/utils/handle-oauth-callback-url.ts
@@ -111,6 +111,10 @@ export const handleOAuthCallbackUrl = async (options: HandleOAuthCallbackUrlOpti
     where: {
       email: email,
     },
+    select: {
+      id: true,
+      emailVerified: true,
+    },
   });
 
   // Handle existing user but no account.
diff --git a/packages/lib/jobs/definitions/emails/send-signing-email.handler.ts b/packages/lib/jobs/definitions/emails/send-signing-email.handler.ts
index 7bdee4ab9..7d62ed1d2 100644
--- a/packages/lib/jobs/definitions/emails/send-signing-email.handler.ts
+++ b/packages/lib/jobs/definitions/emails/send-signing-email.handler.ts
@@ -42,6 +42,11 @@ export const run = async ({
       where: {
         id: userId,
       },
+      select: {
+        id: true,
+        email: true,
+        name: true,
+      },
     }),
     prisma.document.findFirstOrThrow({
       where: {
diff --git a/packages/lib/server-only/admin/update-user.ts b/packages/lib/server-only/admin/update-user.ts
index c600fe863..cc9dcb80d 100644
--- a/packages/lib/server-only/admin/update-user.ts
+++ b/packages/lib/server-only/admin/update-user.ts
@@ -10,12 +10,6 @@ export type UpdateUserOptions = {
 };
 
 export const updateUser = async ({ id, name, email, roles }: UpdateUserOptions) => {
-  await prisma.user.findFirstOrThrow({
-    where: {
-      id,
-    },
-  });
-
   await prisma.user.update({
     where: {
       id,
diff --git a/packages/lib/server-only/user/get-user-by-id.ts b/packages/lib/server-only/user/get-user-by-id.ts
index a01447206..26e0fcc7b 100644
--- a/packages/lib/server-only/user/get-user-by-id.ts
+++ b/packages/lib/server-only/user/get-user-by-id.ts
@@ -1,13 +1,31 @@
 import { prisma } from '@documenso/prisma';
 
+import { AppError, AppErrorCode } from '../../errors/app-error';
+
 export interface GetUserByIdOptions {
   id: number;
 }
 
 export const getUserById = async ({ id }: GetUserByIdOptions) => {
-  return await prisma.user.findFirstOrThrow({
+  const user = await prisma.user.findFirst({
     where: {
       id,
     },
+    select: {
+      id: true,
+      name: true,
+      email: true,
+      emailVerified: true,
+      roles: true,
+      disabled: true,
+      twoFactorEnabled: true,
+      signature: true,
+    },
   });
+
+  if (!user) {
+    throw new AppError(AppErrorCode.NOT_FOUND);
+  }
+
+  return user;
 };
diff --git a/packages/lib/server-only/user/update-profile.ts b/packages/lib/server-only/user/update-profile.ts
index b156a06af..766a09e3e 100644
--- a/packages/lib/server-only/user/update-profile.ts
+++ b/packages/lib/server-only/user/update-profile.ts
@@ -24,7 +24,7 @@ export const updateProfile = async ({
     },
   });
 
-  return await prisma.$transaction(async (tx) => {
+  await prisma.$transaction(async (tx) => {
     await tx.userSecurityAuditLog.create({
       data: {
         userId,
@@ -34,7 +34,7 @@ export const updateProfile = async ({
       },
     });
 
-    return await tx.user.update({
+    await tx.user.update({
       where: {
         id: userId,
       },
diff --git a/packages/trpc/server/admin-router/get-user.ts b/packages/trpc/server/admin-router/get-user.ts
new file mode 100644
index 000000000..c60fd6b21
--- /dev/null
+++ b/packages/trpc/server/admin-router/get-user.ts
@@ -0,0 +1,19 @@
+import { getUserById } from '@documenso/lib/server-only/user/get-user-by-id';
+
+import { adminProcedure } from '../trpc';
+import { ZGetUserRequestSchema, ZGetUserResponseSchema } from './get-user.types';
+
+export const getUserRoute = adminProcedure
+  .input(ZGetUserRequestSchema)
+  .output(ZGetUserResponseSchema)
+  .query(async ({ input, ctx }) => {
+    const { id } = input;
+
+    ctx.logger.info({
+      input: {
+        id,
+      },
+    });
+
+    return await getUserById({ id });
+  });
diff --git a/packages/trpc/server/admin-router/get-user.types.ts b/packages/trpc/server/admin-router/get-user.types.ts
new file mode 100644
index 000000000..fe4ebac5e
--- /dev/null
+++ b/packages/trpc/server/admin-router/get-user.types.ts
@@ -0,0 +1,21 @@
+import { z } from 'zod';
+
+import UserSchema from '@documenso/prisma/generated/zod/modelSchema/UserSchema';
+
+export const ZGetUserRequestSchema = z.object({
+  id: z.number().min(1),
+});
+
+export const ZGetUserResponseSchema = UserSchema.pick({
+  id: true,
+  name: true,
+  email: true,
+  emailVerified: true,
+  roles: true,
+  disabled: true,
+  twoFactorEnabled: true,
+  signature: true,
+});
+
+export type TGetUserRequest = z.infer<typeof ZGetUserRequestSchema>;
+export type TGetUserResponse = z.infer<typeof ZGetUserResponseSchema>;
diff --git a/packages/trpc/server/admin-router/router.ts b/packages/trpc/server/admin-router/router.ts
index 7c6f1558b..f8d472a79 100644
--- a/packages/trpc/server/admin-router/router.ts
+++ b/packages/trpc/server/admin-router/router.ts
@@ -11,6 +11,7 @@ import { findAdminOrganisationsRoute } from './find-admin-organisations';
 import { findDocumentsRoute } from './find-documents';
 import { findSubscriptionClaimsRoute } from './find-subscription-claims';
 import { getAdminOrganisationRoute } from './get-admin-organisation';
+import { getUserRoute } from './get-user';
 import { resealDocumentRoute } from './reseal-document';
 import { resetTwoFactorRoute } from './reset-two-factor-authentication';
 import { updateAdminOrganisationRoute } from './update-admin-organisation';
@@ -36,6 +37,7 @@ export const adminRouter = router({
     createCustomer: createStripeCustomerRoute,
   },
   user: {
+    get: getUserRoute,
     update: updateUserRoute,
     delete: deleteUserRoute,
     enable: enableUserRoute,
diff --git a/packages/trpc/server/profile-router/router.ts b/packages/trpc/server/profile-router/router.ts
index 60b7c1323..3f903eb49 100644
--- a/packages/trpc/server/profile-router/router.ts
+++ b/packages/trpc/server/profile-router/router.ts
@@ -3,14 +3,12 @@ import type { SetAvatarImageOptions } from '@documenso/lib/server-only/profile/s
 import { setAvatarImage } from '@documenso/lib/server-only/profile/set-avatar-image';
 import { deleteUser } from '@documenso/lib/server-only/user/delete-user';
 import { findUserSecurityAuditLogs } from '@documenso/lib/server-only/user/find-user-security-audit-logs';
-import { getUserById } from '@documenso/lib/server-only/user/get-user-by-id';
 import { submitSupportTicket } from '@documenso/lib/server-only/user/submit-support-ticket';
 import { updateProfile } from '@documenso/lib/server-only/user/update-profile';
 
-import { adminProcedure, authenticatedProcedure, router } from '../trpc';
+import { authenticatedProcedure, router } from '../trpc';
 import {
   ZFindUserSecurityAuditLogsSchema,
-  ZRetrieveUserByIdQuerySchema,
   ZSetProfileImageMutationSchema,
   ZSubmitSupportTicketMutationSchema,
   ZUpdateProfileMutationSchema,
@@ -26,24 +24,12 @@ export const profileRouter = router({
       });
     }),
 
-  getUser: adminProcedure.input(ZRetrieveUserByIdQuerySchema).query(async ({ input, ctx }) => {
-    const { id } = input;
-
-    ctx.logger.info({
-      input: {
-        id,
-      },
-    });
-
-    return await getUserById({ id });
-  }),
-
   updateProfile: authenticatedProcedure
     .input(ZUpdateProfileMutationSchema)
     .mutation(async ({ input, ctx }) => {
       const { name, signature } = input;
 
-      return await updateProfile({
+      await updateProfile({
         userId: ctx.user.id,
         name,
         signature,
@@ -52,7 +38,7 @@ export const profileRouter = router({
     }),
 
   deleteAccount: authenticatedProcedure.mutation(async ({ ctx }) => {
-    return await deleteUser({
+    await deleteUser({
       id: ctx.user.id,
     });
   }),
diff --git a/packages/trpc/server/profile-router/schema.ts b/packages/trpc/server/profile-router/schema.ts
index e1db5dd78..2d6a85dc3 100644
--- a/packages/trpc/server/profile-router/schema.ts
+++ b/packages/trpc/server/profile-router/schema.ts
@@ -7,12 +7,6 @@ export const ZFindUserSecurityAuditLogsSchema = z.object({
 
 export type TFindUserSecurityAuditLogsSchema = z.infer<typeof ZFindUserSecurityAuditLogsSchema>;
 
-export const ZRetrieveUserByIdQuerySchema = z.object({
-  id: z.number().min(1),
-});
-
-export type TRetrieveUserByIdQuerySchema = z.infer<typeof ZRetrieveUserByIdQuerySchema>;
-
 export const ZUpdateProfileMutationSchema = z.object({
   name: z.string().min(1),
   signature: z.string(),

From 4012022f5562f0e133a43765fa3300546b5bf459 Mon Sep 17 00:00:00 2001
From: Lucas Smith <me@lucasjamessmith.me>
Date: Tue, 26 Aug 2025 11:08:43 +1000
Subject: [PATCH 10/47] fix: element visible race condition (#1996)

On larger documents we could accidentally start trying to render fields
while not all pages of the PDF have loaded due to us checking for a
single page existing. This would cause an error to be thrown, hard
locking those documents.

This change resolves this by grabbing the highest page number from the
given fields and using it for the visibility check instead.
---
 .../components/embed/authoring/configure-fields-view.tsx    | 6 +++++-
 .../components/embed/embed-direct-template-client-page.tsx  | 6 +++++-
 apps/remix/app/components/embed/embed-document-fields.tsx   | 4 +++-
 .../app/components/embed/embed-document-signing-page.tsx    | 6 +++++-
 .../embed/multisign/multi-sign-document-signing-view.tsx    | 6 +++++-
 .../direct-template/direct-template-signing-form.tsx        | 6 +++++-
 .../general/document-signing/document-signing-page-view.tsx | 6 +++++-
 .../_authenticated+/t.$teamUrl+/documents.$id._index.tsx    | 1 +
 .../ui/components/document/document-read-only-fields.tsx    | 4 +++-
 9 files changed, 37 insertions(+), 8 deletions(-)

diff --git a/apps/remix/app/components/embed/authoring/configure-fields-view.tsx b/apps/remix/app/components/embed/authoring/configure-fields-view.tsx
index 60b732a76..21faee750 100644
--- a/apps/remix/app/components/embed/authoring/configure-fields-view.tsx
+++ b/apps/remix/app/components/embed/authoring/configure-fields-view.tsx
@@ -172,6 +172,8 @@ export const ConfigureFieldsView = ({
     name: 'fields',
   });
 
+  const highestPageNumber = Math.max(...localFields.map((field) => field.pageNumber));
+
   const onFieldCopy = useCallback(
     (event?: KeyboardEvent | null, options?: { duplicate?: boolean; duplicateAll?: boolean }) => {
       const { duplicate = false, duplicateAll = false } = options ?? {};
@@ -540,7 +542,9 @@ export const ConfigureFieldsView = ({
                 <div>
                   <PDFViewer documentData={normalizedDocumentData} />
 
-                  <ElementVisible target={PDF_VIEWER_PAGE_SELECTOR}>
+                  <ElementVisible
+                    target={`${PDF_VIEWER_PAGE_SELECTOR}[data-page-number="${highestPageNumber}"]`}
+                  >
                     {localFields.map((field, index) => {
                       const recipientIndex = recipients.findIndex(
                         (r) => r.id === field.recipientId,
diff --git a/apps/remix/app/components/embed/embed-direct-template-client-page.tsx b/apps/remix/app/components/embed/embed-direct-template-client-page.tsx
index 09f6a91d2..8b883a36b 100644
--- a/apps/remix/app/components/embed/embed-direct-template-client-page.tsx
+++ b/apps/remix/app/components/embed/embed-direct-template-client-page.tsx
@@ -91,6 +91,8 @@ export const EmbedDirectTemplateClientPage = ({
     localFields.filter((field) => field.inserted),
   ];
 
+  const highestPendingPageNumber = Math.max(...pendingFields.map((field) => field.page));
+
   const hasSignatureField = localFields.some((field) => field.type === FieldType.SIGNATURE);
 
   const { mutateAsync: createDocumentFromDirectTemplate, isPending: isSubmitting } =
@@ -442,7 +444,9 @@ export const EmbedDirectTemplateClientPage = ({
           </div>
         </div>
 
-        <ElementVisible target={PDF_VIEWER_PAGE_SELECTOR}>
+        <ElementVisible
+          target={`${PDF_VIEWER_PAGE_SELECTOR}[data-page-number="${highestPendingPageNumber}"]`}
+        >
           {showPendingFieldTooltip && pendingFields.length > 0 && (
             <FieldToolTip key={pendingFields[0].id} field={pendingFields[0]} color="warning">
               <Trans>Click to insert field</Trans>
diff --git a/apps/remix/app/components/embed/embed-document-fields.tsx b/apps/remix/app/components/embed/embed-document-fields.tsx
index 561fdf4cb..ea14b3f1f 100644
--- a/apps/remix/app/components/embed/embed-document-fields.tsx
+++ b/apps/remix/app/components/embed/embed-document-fields.tsx
@@ -50,8 +50,10 @@ export const EmbedDocumentFields = ({
   onSignField,
   onUnsignField,
 }: EmbedDocumentFieldsProps) => {
+  const highestPageNumber = Math.max(...fields.map((field) => field.page));
+
   return (
-    <ElementVisible target={PDF_VIEWER_PAGE_SELECTOR}>
+    <ElementVisible target={`${PDF_VIEWER_PAGE_SELECTOR}[data-page-number="${highestPageNumber}"]`}>
       {fields.map((field) =>
         match(field.type)
           .with(FieldType.SIGNATURE, () => (
diff --git a/apps/remix/app/components/embed/embed-document-signing-page.tsx b/apps/remix/app/components/embed/embed-document-signing-page.tsx
index ef2eedc1c..d7d8a0713 100644
--- a/apps/remix/app/components/embed/embed-document-signing-page.tsx
+++ b/apps/remix/app/components/embed/embed-document-signing-page.tsx
@@ -106,6 +106,8 @@ export const EmbedSignDocumentClientPage = ({
     fields.filter((field) => field.inserted),
   ];
 
+  const highestPendingPageNumber = Math.max(...pendingFields.map((field) => field.page));
+
   const { mutateAsync: completeDocumentWithToken, isPending: isSubmitting } =
     trpc.recipient.completeDocumentWithToken.useMutation();
 
@@ -465,7 +467,9 @@ export const EmbedSignDocumentClientPage = ({
             </div>
           </div>
 
-          <ElementVisible target={PDF_VIEWER_PAGE_SELECTOR}>
+          <ElementVisible
+            target={`${PDF_VIEWER_PAGE_SELECTOR}[data-page-number="${highestPendingPageNumber}"]`}
+          >
             {showPendingFieldTooltip && pendingFields.length > 0 && (
               <FieldToolTip key={pendingFields[0].id} field={pendingFields[0]} color="warning">
                 <Trans>Click to insert field</Trans>
diff --git a/apps/remix/app/components/embed/multisign/multi-sign-document-signing-view.tsx b/apps/remix/app/components/embed/multisign/multi-sign-document-signing-view.tsx
index 37abdcce3..5867a1a2a 100644
--- a/apps/remix/app/components/embed/multisign/multi-sign-document-signing-view.tsx
+++ b/apps/remix/app/components/embed/multisign/multi-sign-document-signing-view.tsx
@@ -92,6 +92,8 @@ export const MultiSignDocumentSigningView = ({
       [],
   ];
 
+  const highestPendingPageNumber = Math.max(...pendingFields.map((field) => field.page));
+
   const uninsertedFields = document?.fields.filter((field) => !field.inserted) ?? [];
 
   const onSignField = async (payload: TSignFieldWithTokenMutationSchema) => {
@@ -357,7 +359,9 @@ export const MultiSignDocumentSigningView = ({
               </div>
 
               {hasDocumentLoaded && (
-                <ElementVisible target={PDF_VIEWER_PAGE_SELECTOR}>
+                <ElementVisible
+                  target={`${PDF_VIEWER_PAGE_SELECTOR}[data-page-number="${highestPendingPageNumber}"]`}
+                >
                   {showPendingFieldTooltip && pendingFields.length > 0 && (
                     <FieldToolTip
                       key={pendingFields[0].id}
diff --git a/apps/remix/app/components/general/direct-template/direct-template-signing-form.tsx b/apps/remix/app/components/general/direct-template/direct-template-signing-form.tsx
index da38f51c4..8f78ae754 100644
--- a/apps/remix/app/components/general/direct-template/direct-template-signing-form.tsx
+++ b/apps/remix/app/components/general/direct-template/direct-template-signing-form.tsx
@@ -79,6 +79,8 @@ export const DirectTemplateSigningForm = ({
   const [validateUninsertedFields, setValidateUninsertedFields] = useState(false);
   const [isSubmitting, setIsSubmitting] = useState(false);
 
+  const highestPageNumber = Math.max(...localFields.map((field) => field.page));
+
   const fieldsRequiringValidation = useMemo(() => {
     return localFields.filter((field) => isFieldUnsignedAndRequired(field));
   }, [localFields]);
@@ -221,7 +223,9 @@ export const DirectTemplateSigningForm = ({
       <DocumentFlowFormContainerHeader title={flowStep.title} description={flowStep.description} />
 
       <DocumentFlowFormContainerContent>
-        <ElementVisible target={PDF_VIEWER_PAGE_SELECTOR}>
+        <ElementVisible
+          target={`${PDF_VIEWER_PAGE_SELECTOR}[data-page-number="${highestPageNumber}"]`}
+        >
           {validateUninsertedFields && uninsertedFields[0] && (
             <FieldToolTip key={uninsertedFields[0].id} field={uninsertedFields[0]} color="warning">
               <Trans>Click to insert field</Trans>
diff --git a/apps/remix/app/components/general/document-signing/document-signing-page-view.tsx b/apps/remix/app/components/general/document-signing/document-signing-page-view.tsx
index a1bf3d24e..cbbdc7926 100644
--- a/apps/remix/app/components/general/document-signing/document-signing-page-view.tsx
+++ b/apps/remix/app/components/general/document-signing/document-signing-page-view.tsx
@@ -78,6 +78,8 @@ export const DocumentSigningPageView = ({
   const targetSigner =
     recipient.role === RecipientRole.ASSISTANT && selectedSigner ? selectedSigner : null;
 
+  const highestPageNumber = Math.max(...fields.map((field) => field.page));
+
   return (
     <DocumentSigningRecipientProvider recipient={recipient} targetSigner={targetSigner}>
       <div className="mx-auto w-full max-w-screen-xl sm:px-6">
@@ -224,7 +226,9 @@ export const DocumentSigningPageView = ({
           <DocumentSigningAutoSign recipient={recipient} fields={fields} />
         )}
 
-        <ElementVisible target={PDF_VIEWER_PAGE_SELECTOR}>
+        <ElementVisible
+          target={`${PDF_VIEWER_PAGE_SELECTOR}[data-page-number="${highestPageNumber}"]`}
+        >
           {fields
             .filter(
               (field) =>
diff --git a/apps/remix/app/routes/_authenticated+/t.$teamUrl+/documents.$id._index.tsx b/apps/remix/app/routes/_authenticated+/t.$teamUrl+/documents.$id._index.tsx
index 75592696c..84c9c6883 100644
--- a/apps/remix/app/routes/_authenticated+/t.$teamUrl+/documents.$id._index.tsx
+++ b/apps/remix/app/routes/_authenticated+/t.$teamUrl+/documents.$id._index.tsx
@@ -67,6 +67,7 @@ export async function loader({ params, request }: Route.LoaderArgs) {
   const documentVisibility = document?.visibility;
   const currentTeamMemberRole = team.currentTeamRole;
   const isRecipient = document?.recipients.find((recipient) => recipient.email === user.email);
+
   let canAccessDocument = true;
 
   if (!isRecipient && document?.userId !== user.id) {
diff --git a/packages/ui/components/document/document-read-only-fields.tsx b/packages/ui/components/document/document-read-only-fields.tsx
index 0786357d1..d1c96f8a9 100644
--- a/packages/ui/components/document/document-read-only-fields.tsx
+++ b/packages/ui/components/document/document-read-only-fields.tsx
@@ -95,8 +95,10 @@ export const DocumentReadOnlyFields = ({
     setHiddenFieldIds((prev) => ({ ...prev, [fieldId]: true }));
   };
 
+  const highestPageNumber = Math.max(...fields.map((field) => field.page));
+
   return (
-    <ElementVisible target={PDF_VIEWER_PAGE_SELECTOR}>
+    <ElementVisible target={`${PDF_VIEWER_PAGE_SELECTOR}[data-page-number="${highestPageNumber}"]`}>
       {fields.map(
         (field) =>
           !hiddenFieldIds[field.secondaryId] && (

From 184ebdedf1051b99ab9da83d57faf541c81dad77 Mon Sep 17 00:00:00 2001
From: Lucas Smith <me@lucasjamessmith.me>
Date: Tue, 26 Aug 2025 11:17:43 +1000
Subject: [PATCH 11/47] v1.12.2-rc.6

---
 apps/remix/package.json | 2 +-
 package-lock.json       | 6 +++---
 package.json            | 2 +-
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/apps/remix/package.json b/apps/remix/package.json
index 728f4ec26..a97fff5f3 100644
--- a/apps/remix/package.json
+++ b/apps/remix/package.json
@@ -101,5 +101,5 @@
     "vite-plugin-babel-macros": "^1.0.6",
     "vite-tsconfig-paths": "^5.1.4"
   },
-  "version": "1.12.2-rc.5"
+  "version": "1.12.2-rc.6"
 }
diff --git a/package-lock.json b/package-lock.json
index 28385e051..647e4c43c 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,12 +1,12 @@
 {
   "name": "@documenso/root",
-  "version": "1.12.2-rc.5",
+  "version": "1.12.2-rc.6",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "@documenso/root",
-      "version": "1.12.2-rc.5",
+      "version": "1.12.2-rc.6",
       "workspaces": [
         "apps/*",
         "packages/*"
@@ -89,7 +89,7 @@
     },
     "apps/remix": {
       "name": "@documenso/remix",
-      "version": "1.12.2-rc.5",
+      "version": "1.12.2-rc.6",
       "dependencies": {
         "@documenso/api": "*",
         "@documenso/assets": "*",
diff --git a/package.json b/package.json
index 86efef735..9e6654c0e 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "private": true,
-  "version": "1.12.2-rc.5",
+  "version": "1.12.2-rc.6",
   "scripts": {
     "build": "turbo run build",
     "dev": "turbo run dev --filter=@documenso/remix",

From 657db3bc84a4eb07539b58996203e180a3072840 Mon Sep 17 00:00:00 2001
From: Lucas Smith <me@lucasjamessmith.me>
Date: Thu, 28 Aug 2025 16:15:52 +1000
Subject: [PATCH 12/47] fix: improve mobile signing ux (#2003)

Improves the mobile signing UX making actions available via the floating
navbar more obvious.

Also adds an automatic switch to the complete button once all fields
have been signed.
---
 .../embed-direct-template-client-page.tsx     |  45 ++++--
 .../embed/embed-document-signing-page.tsx     |  47 ++++--
 .../document-signing-form.tsx                 |  89 ++---------
 .../document-signing-page-view.tsx            | 144 ++++++++++++++++--
 4 files changed, 210 insertions(+), 115 deletions(-)

diff --git a/apps/remix/app/components/embed/embed-direct-template-client-page.tsx b/apps/remix/app/components/embed/embed-direct-template-client-page.tsx
index 8b883a36b..db429f7e4 100644
--- a/apps/remix/app/components/embed/embed-direct-template-client-page.tsx
+++ b/apps/remix/app/components/embed/embed-direct-template-client-page.tsx
@@ -57,7 +57,7 @@ export const EmbedDirectTemplateClientPage = ({
   token,
   updatedAt,
   documentData,
-  recipient,
+  recipient: _recipient,
   fields,
   metadata,
   hidePoweredBy = false,
@@ -95,6 +95,8 @@ export const EmbedDirectTemplateClientPage = ({
 
   const hasSignatureField = localFields.some((field) => field.type === FieldType.SIGNATURE);
 
+  const signatureValid = !hasSignatureField || (signature && signature.trim() !== '');
+
   const { mutateAsync: createDocumentFromDirectTemplate, isPending: isSubmitting } =
     trpc.template.createDocumentFromDirectTemplate.useMutation();
 
@@ -345,19 +347,34 @@ export const EmbedDirectTemplateClientPage = ({
                   <Trans>Sign document</Trans>
                 </h3>
 
-                <Button variant="outline" className="h-8 w-8 p-0 md:hidden">
-                  {isExpanded ? (
-                    <LucideChevronDown
-                      className="text-muted-foreground h-5 w-5"
-                      onClick={() => setIsExpanded(false)}
-                    />
-                  ) : (
-                    <LucideChevronUp
-                      className="text-muted-foreground h-5 w-5"
-                      onClick={() => setIsExpanded(true)}
-                    />
-                  )}
-                </Button>
+                {isExpanded ? (
+                  <Button
+                    variant="outline"
+                    className="h-8 w-8 p-0 md:hidden"
+                    onClick={() => setIsExpanded(false)}
+                  >
+                    <LucideChevronDown className="text-muted-foreground h-5 w-5" />
+                  </Button>
+                ) : pendingFields.length > 0 ? (
+                  <Button
+                    variant="outline"
+                    className="h-8 w-8 p-0 md:hidden"
+                    onClick={() => setIsExpanded(true)}
+                  >
+                    <LucideChevronUp className="text-muted-foreground h-5 w-5" />
+                  </Button>
+                ) : (
+                  <Button
+                    variant="default"
+                    size="sm"
+                    className="md:hidden"
+                    disabled={isThrottled || (hasSignatureField && !signatureValid)}
+                    loading={isSubmitting}
+                    onClick={() => throttledOnCompleteClick()}
+                  >
+                    <Trans>Complete</Trans>
+                  </Button>
+                )}
               </div>
             </div>
 
diff --git a/apps/remix/app/components/embed/embed-document-signing-page.tsx b/apps/remix/app/components/embed/embed-document-signing-page.tsx
index d7d8a0713..2f24dceeb 100644
--- a/apps/remix/app/components/embed/embed-document-signing-page.tsx
+++ b/apps/remix/app/components/embed/embed-document-signing-page.tsx
@@ -89,7 +89,7 @@ export const EmbedSignDocumentClientPage = ({
   const [isExpanded, setIsExpanded] = useState(false);
   const [isNameLocked, setIsNameLocked] = useState(false);
   const [showPendingFieldTooltip, setShowPendingFieldTooltip] = useState(false);
-  const [showOtherRecipientsCompletedFields, setShowOtherRecipientsCompletedFields] =
+  const [_showOtherRecipientsCompletedFields, setShowOtherRecipientsCompletedFields] =
     useState(false);
 
   const [allowDocumentRejection, setAllowDocumentRejection] = useState(false);
@@ -118,6 +118,8 @@ export const EmbedSignDocumentClientPage = ({
 
   const hasSignatureField = fields.some((field) => field.type === FieldType.SIGNATURE);
 
+  const signatureValid = !hasSignatureField || (signature && signature.trim() !== '');
+
   const assistantSignersId = useId();
 
   const onNextFieldClick = () => {
@@ -307,19 +309,36 @@ export const EmbedSignDocumentClientPage = ({
                     )}
                   </h3>
 
-                  <Button variant="outline" className="h-8 w-8 p-0 md:hidden">
-                    {isExpanded ? (
-                      <LucideChevronDown
-                        className="text-muted-foreground h-5 w-5"
-                        onClick={() => setIsExpanded(false)}
-                      />
-                    ) : (
-                      <LucideChevronUp
-                        className="text-muted-foreground h-5 w-5"
-                        onClick={() => setIsExpanded(true)}
-                      />
-                    )}
-                  </Button>
+                  {isExpanded ? (
+                    <Button
+                      variant="outline"
+                      className="bg-background dark:bg-foreground h-8 w-8 p-0 md:hidden"
+                      onClick={() => setIsExpanded(false)}
+                    >
+                      <LucideChevronDown className="text-muted-foreground dark:text-background h-5 w-5" />
+                    </Button>
+                  ) : pendingFields.length > 0 ? (
+                    <Button
+                      variant="outline"
+                      className="bg-background dark:bg-foreground h-8 w-8 p-0 md:hidden"
+                      onClick={() => setIsExpanded(true)}
+                    >
+                      <LucideChevronUp className="text-muted-foreground dark:text-background h-5 w-5" />
+                    </Button>
+                  ) : (
+                    <Button
+                      variant="default"
+                      size="sm"
+                      className="md:hidden"
+                      disabled={
+                        isThrottled || (!isAssistantMode && hasSignatureField && !signatureValid)
+                      }
+                      loading={isSubmitting}
+                      onClick={() => throttledOnCompleteClick()}
+                    >
+                      <Trans>Complete</Trans>
+                    </Button>
+                  )}
                 </div>
               </div>
 
diff --git a/apps/remix/app/components/general/document-signing/document-signing-form.tsx b/apps/remix/app/components/general/document-signing/document-signing-form.tsx
index b3356bee8..b2b58aa3b 100644
--- a/apps/remix/app/components/general/document-signing/document-signing-form.tsx
+++ b/apps/remix/app/components/general/document-signing/document-signing-form.tsx
@@ -7,14 +7,11 @@ import { type Field, FieldType, type Recipient, RecipientRole } from '@prisma/cl
 import { Controller, useForm } from 'react-hook-form';
 import { useNavigate } from 'react-router';
 
-import { useAnalytics } from '@documenso/lib/client-only/hooks/use-analytics';
-import { useOptionalSession } from '@documenso/lib/client-only/providers/session';
 import type { DocumentAndSender } from '@documenso/lib/server-only/document/get-document-by-token';
 import type { TRecipientActionAuth } from '@documenso/lib/types/document-auth';
 import { isFieldUnsignedAndRequired } from '@documenso/lib/utils/advanced-fields-helpers';
-import { sortFieldsByPosition, validateFieldsInserted } from '@documenso/lib/utils/fields';
+import { sortFieldsByPosition } from '@documenso/lib/utils/fields';
 import type { RecipientWithFields } from '@documenso/prisma/types/recipient-with-fields';
-import { trpc } from '@documenso/trpc/react';
 import { FieldToolTip } from '@documenso/ui/components/field/field-tooltip';
 import { Button } from '@documenso/ui/primitives/button';
 import { Input } from '@documenso/ui/primitives/input';
@@ -34,29 +31,33 @@ export type DocumentSigningFormProps = {
   document: DocumentAndSender;
   recipient: Recipient;
   fields: Field[];
-  redirectUrl?: string | null;
   isRecipientsTurn: boolean;
   allRecipients?: RecipientWithFields[];
   setSelectedSignerId?: (id: number | null) => void;
+  completeDocument: (
+    authOptions?: TRecipientActionAuth,
+    nextSigner?: { email: string; name: string },
+  ) => Promise<void>;
+  isSubmitting: boolean;
+  fieldsValidated: () => void;
+  nextRecipient?: RecipientWithFields;
 };
 
 export const DocumentSigningForm = ({
   document,
   recipient,
   fields,
-  redirectUrl,
   isRecipientsTurn,
   allRecipients = [],
   setSelectedSignerId,
+  completeDocument,
+  isSubmitting,
+  fieldsValidated,
+  nextRecipient,
 }: DocumentSigningFormProps) => {
-  const { sessionData } = useOptionalSession();
-  const user = sessionData?.user;
-
   const { _ } = useLingui();
   const { toast } = useToast();
-
   const navigate = useNavigate();
-  const analytics = useAnalytics();
 
   const assistantSignersId = useId();
 
@@ -66,21 +67,12 @@ export const DocumentSigningForm = ({
   const [isConfirmationDialogOpen, setIsConfirmationDialogOpen] = useState(false);
   const [isAssistantSubmitting, setIsAssistantSubmitting] = useState(false);
 
-  const {
-    mutateAsync: completeDocumentWithToken,
-    isPending,
-    isSuccess,
-  } = trpc.recipient.completeDocumentWithToken.useMutation();
-
   const assistantForm = useForm<{ selectedSignerId: number | undefined }>({
     defaultValues: {
       selectedSignerId: undefined,
     },
   });
 
-  // Keep the loading state going if successful since the redirect may take some time.
-  const isSubmitting = isPending || isSuccess;
-
   const fieldsRequiringValidation = useMemo(
     () => fields.filter(isFieldUnsignedAndRequired),
     [fields],
@@ -96,9 +88,9 @@ export const DocumentSigningForm = ({
     return fieldsRequiringValidation.filter((field) => field.recipientId === recipient.id);
   }, [fieldsRequiringValidation, recipient]);
 
-  const fieldsValidated = () => {
+  const localFieldsValidated = () => {
     setValidateUninsertedFields(true);
-    validateFieldsInserted(fieldsRequiringValidation);
+    fieldsValidated();
   };
 
   const onAssistantFormSubmit = () => {
@@ -126,55 +118,6 @@ export const DocumentSigningForm = ({
     }
   };
 
-  const completeDocument = async (
-    authOptions?: TRecipientActionAuth,
-    nextSigner?: { email: string; name: string },
-  ) => {
-    const payload = {
-      token: recipient.token,
-      documentId: document.id,
-      authOptions,
-      ...(nextSigner?.email && nextSigner?.name ? { nextSigner } : {}),
-    };
-
-    await completeDocumentWithToken(payload);
-
-    analytics.capture('App: Recipient has completed signing', {
-      signerId: recipient.id,
-      documentId: document.id,
-      timestamp: new Date().toISOString(),
-    });
-
-    if (redirectUrl) {
-      window.location.href = redirectUrl;
-    } else {
-      await navigate(`/sign/${recipient.token}/complete`);
-    }
-  };
-
-  const nextRecipient = useMemo(() => {
-    if (
-      !document.documentMeta?.signingOrder ||
-      document.documentMeta.signingOrder !== 'SEQUENTIAL'
-    ) {
-      return undefined;
-    }
-
-    const sortedRecipients = allRecipients.sort((a, b) => {
-      // Sort by signingOrder first (nulls last), then by id
-      if (a.signingOrder === null && b.signingOrder === null) return a.id - b.id;
-      if (a.signingOrder === null) return 1;
-      if (b.signingOrder === null) return -1;
-      if (a.signingOrder === b.signingOrder) return a.id - b.id;
-      return a.signingOrder - b.signingOrder;
-    });
-
-    const currentIndex = sortedRecipients.findIndex((r) => r.id === recipient.id);
-    return currentIndex !== -1 && currentIndex < sortedRecipients.length - 1
-      ? sortedRecipients[currentIndex + 1]
-      : undefined;
-  }, [document.documentMeta?.signingOrder, allRecipients, recipient.id]);
-
   return (
     <div className="flex h-full flex-col">
       {validateUninsertedFields && uninsertedFields[0] && (
@@ -205,7 +148,7 @@ export const DocumentSigningForm = ({
                     isSubmitting={isSubmitting}
                     documentTitle={document.title}
                     fields={fields}
-                    fieldsValidated={fieldsValidated}
+                    fieldsValidated={localFieldsValidated}
                     onSignatureComplete={async (nextSigner) => {
                       await completeDocument(undefined, nextSigner);
                     }}
@@ -364,7 +307,7 @@ export const DocumentSigningForm = ({
                   isSubmitting={isSubmitting || isAssistantSubmitting}
                   documentTitle={document.title}
                   fields={fields}
-                  fieldsValidated={fieldsValidated}
+                  fieldsValidated={localFieldsValidated}
                   disabled={!isRecipientsTurn}
                   onSignatureComplete={async (nextSigner) => {
                     await completeDocument(undefined, nextSigner);
diff --git a/apps/remix/app/components/general/document-signing/document-signing-page-view.tsx b/apps/remix/app/components/general/document-signing/document-signing-page-view.tsx
index cbbdc7926..626a5195f 100644
--- a/apps/remix/app/components/general/document-signing/document-signing-page-view.tsx
+++ b/apps/remix/app/components/general/document-signing/document-signing-page-view.tsx
@@ -1,15 +1,18 @@
-import { useState } from 'react';
+import { useMemo, useState } from 'react';
 
 import { Trans } from '@lingui/react/macro';
 import type { Field } from '@prisma/client';
 import { FieldType, RecipientRole } from '@prisma/client';
 import { LucideChevronDown, LucideChevronUp } from 'lucide-react';
-import { match } from 'ts-pattern';
+import { useNavigate } from 'react-router';
+import { P, match } from 'ts-pattern';
 
+import { useAnalytics } from '@documenso/lib/client-only/hooks/use-analytics';
 import { DEFAULT_DOCUMENT_DATE_FORMAT } from '@documenso/lib/constants/date-formats';
 import { PDF_VIEWER_PAGE_SELECTOR } from '@documenso/lib/constants/pdf-viewer';
 import { DEFAULT_DOCUMENT_TIME_ZONE } from '@documenso/lib/constants/time-zones';
 import type { DocumentAndSender } from '@documenso/lib/server-only/document/get-document-by-token';
+import type { TRecipientActionAuth } from '@documenso/lib/types/document-auth';
 import {
   ZCheckboxFieldMeta,
   ZDropdownFieldMeta,
@@ -18,8 +21,11 @@ import {
   ZTextFieldMeta,
 } from '@documenso/lib/types/field-meta';
 import type { CompletedField } from '@documenso/lib/types/fields';
+import { isFieldUnsignedAndRequired } from '@documenso/lib/utils/advanced-fields-helpers';
+import { validateFieldsInserted } from '@documenso/lib/utils/fields';
 import type { FieldWithSignatureAndFieldMeta } from '@documenso/prisma/types/field-with-signature-and-fieldmeta';
 import type { RecipientWithFields } from '@documenso/prisma/types/recipient-with-fields';
+import { trpc } from '@documenso/trpc/react';
 import { DocumentReadOnlyFields } from '@documenso/ui/components/document/document-read-only-fields';
 import { Button } from '@documenso/ui/primitives/button';
 import { Card, CardContent } from '@documenso/ui/primitives/card';
@@ -40,6 +46,7 @@ import { DocumentSigningRejectDialog } from '~/components/general/document-signi
 import { DocumentSigningSignatureField } from '~/components/general/document-signing/document-signing-signature-field';
 import { DocumentSigningTextField } from '~/components/general/document-signing/document-signing-text-field';
 
+import { DocumentSigningCompleteDialog } from './document-signing-complete-dialog';
 import { DocumentSigningRecipientProvider } from './document-signing-recipient-provider';
 
 export type DocumentSigningPageViewProps = {
@@ -63,9 +70,56 @@ export const DocumentSigningPageView = ({
 }: DocumentSigningPageViewProps) => {
   const { documentData, documentMeta } = document;
 
+  const navigate = useNavigate();
+  const analytics = useAnalytics();
+
   const [selectedSignerId, setSelectedSignerId] = useState<number | null>(allRecipients?.[0]?.id);
   const [isExpanded, setIsExpanded] = useState(false);
 
+  const {
+    mutateAsync: completeDocumentWithToken,
+    isPending,
+    isSuccess,
+  } = trpc.recipient.completeDocumentWithToken.useMutation();
+
+  // Keep the loading state going if successful since the redirect may take some time.
+  const isSubmitting = isPending || isSuccess;
+
+  const fieldsRequiringValidation = useMemo(
+    () => fields.filter(isFieldUnsignedAndRequired),
+    [fields],
+  );
+
+  const fieldsValidated = () => {
+    validateFieldsInserted(fieldsRequiringValidation);
+  };
+
+  const completeDocument = async (
+    authOptions?: TRecipientActionAuth,
+    nextSigner?: { email: string; name: string },
+  ) => {
+    const payload = {
+      token: recipient.token,
+      documentId: document.id,
+      authOptions,
+      ...(nextSigner?.email && nextSigner?.name ? { nextSigner } : {}),
+    };
+
+    await completeDocumentWithToken(payload);
+
+    analytics.capture('App: Recipient has completed signing', {
+      signerId: recipient.id,
+      documentId: document.id,
+      timestamp: new Date().toISOString(),
+    });
+
+    if (documentMeta?.redirectUrl) {
+      window.location.href = documentMeta.redirectUrl;
+    } else {
+      await navigate(`/sign/${recipient.token}/complete`);
+    }
+  };
+
   let senderName = document.user.name ?? '';
   let senderEmail = `(${document.user.email})`;
 
@@ -78,8 +132,31 @@ export const DocumentSigningPageView = ({
   const targetSigner =
     recipient.role === RecipientRole.ASSISTANT && selectedSigner ? selectedSigner : null;
 
+  const nextRecipient = useMemo(() => {
+    if (!documentMeta?.signingOrder || documentMeta.signingOrder !== 'SEQUENTIAL') {
+      return undefined;
+    }
+
+    const sortedRecipients = allRecipients.sort((a, b) => {
+      // Sort by signingOrder first (nulls last), then by id
+      if (a.signingOrder === null && b.signingOrder === null) return a.id - b.id;
+      if (a.signingOrder === null) return 1;
+      if (b.signingOrder === null) return -1;
+      if (a.signingOrder === b.signingOrder) return a.id - b.id;
+      return a.signingOrder - b.signingOrder;
+    });
+
+    const currentIndex = sortedRecipients.findIndex((r) => r.id === recipient.id);
+    return currentIndex !== -1 && currentIndex < sortedRecipients.length - 1
+      ? sortedRecipients[currentIndex + 1]
+      : undefined;
+  }, [document.documentMeta?.signingOrder, allRecipients, recipient.id]);
+
   const highestPageNumber = Math.max(...fields.map((field) => field.page));
 
+  const pendingFields = fieldsRequiringValidation.filter((field) => !field.inserted);
+  const hasPendingFields = pendingFields.length > 0;
+
   return (
     <DocumentSigningRecipientProvider recipient={recipient} targetSigner={targetSigner}>
       <div className="mx-auto w-full max-w-screen-xl sm:px-6">
@@ -165,19 +242,55 @@ export const DocumentSigningPageView = ({
                     .otherwise(() => null)}
                 </h3>
 
-                <Button variant="outline" className="h-8 w-8 p-0 md:hidden">
-                  {isExpanded ? (
-                    <LucideChevronDown
-                      className="text-muted-foreground h-5 w-5"
+                {match({ hasPendingFields, isExpanded, role: recipient.role })
+                  .with(
+                    {
+                      hasPendingFields: false,
+                      role: P.not(RecipientRole.ASSISTANT),
+                      isExpanded: false,
+                    },
+                    () => (
+                      <div className="md:hidden">
+                        <DocumentSigningCompleteDialog
+                          isSubmitting={isSubmitting}
+                          documentTitle={document.title}
+                          fields={fields}
+                          fieldsValidated={fieldsValidated}
+                          disabled={!isRecipientsTurn}
+                          onSignatureComplete={async (nextSigner) => {
+                            await completeDocument(undefined, nextSigner);
+                          }}
+                          role={recipient.role}
+                          allowDictateNextSigner={
+                            nextRecipient && documentMeta?.allowDictateNextSigner
+                          }
+                          defaultNextSigner={
+                            nextRecipient
+                              ? { name: nextRecipient.name, email: nextRecipient.email }
+                              : undefined
+                          }
+                        />
+                      </div>
+                    ),
+                  )
+                  .with({ isExpanded: true }, () => (
+                    <Button
+                      variant="outline"
+                      className="bg-background dark:bg-foreground h-8 w-8 p-0 md:hidden"
                       onClick={() => setIsExpanded(false)}
-                    />
-                  ) : (
-                    <LucideChevronUp
-                      className="text-muted-foreground h-5 w-5"
+                    >
+                      <LucideChevronDown className="text-muted-foreground dark:text-background h-5 w-5" />
+                    </Button>
+                  ))
+                  .otherwise(() => (
+                    <Button
+                      variant="outline"
+                      className="bg-background dark:bg-foreground h-8 w-8 p-0 md:hidden"
                       onClick={() => setIsExpanded(true)}
-                    />
-                  )}
-                </Button>
+                    >
+                      <LucideChevronUp className="text-muted-foreground dark:text-background h-5 w-5" />
+                    </Button>
+                  ))}
               </div>
 
               <div className="hidden group-data-[expanded]/document-widget:block md:block">
@@ -206,10 +319,13 @@ export const DocumentSigningPageView = ({
                   document={document}
                   recipient={recipient}
                   fields={fields}
-                  redirectUrl={documentMeta?.redirectUrl}
                   isRecipientsTurn={isRecipientsTurn}
                   allRecipients={allRecipients}
                   setSelectedSignerId={setSelectedSignerId}
+                  completeDocument={completeDocument}
+                  isSubmitting={isSubmitting}
+                  fieldsValidated={fieldsValidated}
+                  nextRecipient={nextRecipient}
                 />
               </div>
             </div>

From 31c1a9a7835dabd6029edf2634bf35847154ddd6 Mon Sep 17 00:00:00 2001
From: Ephraim Duncan <55143799+ephraimduncan@users.noreply.github.com>
Date: Thu, 28 Aug 2025 06:19:14 +0000
Subject: [PATCH 13/47] fix: preserve existing recipient properties when adding
 new recipient (#1987)

---
 packages/api/v1/implementation.ts | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/packages/api/v1/implementation.ts b/packages/api/v1/implementation.ts
index e9fcbf4d8..08556154a 100644
--- a/packages/api/v1/implementation.ts
+++ b/packages/api/v1/implementation.ts
@@ -34,6 +34,7 @@ import { createTemplate } from '@documenso/lib/server-only/template/create-templ
 import { deleteTemplate } from '@documenso/lib/server-only/template/delete-template';
 import { findTemplates } from '@documenso/lib/server-only/template/find-templates';
 import { getTemplateById } from '@documenso/lib/server-only/template/get-template-by-id';
+import { ZRecipientAuthOptionsSchema } from '@documenso/lib/types/document-auth';
 import { extractDerivedDocumentEmailSettings } from '@documenso/lib/types/document-email';
 import {
   ZCheckboxFieldMeta,
@@ -980,10 +981,12 @@ export const ApiContractV1Implementation = tsr.router(ApiContractV1, {
         userId: user.id,
         teamId: team?.id,
         recipients: [
-          ...recipients.map(({ email, name }) => ({
-            email,
-            name,
-            role,
+          ...recipients.map((recipient) => ({
+            email: recipient.email,
+            name: recipient.name,
+            role: recipient.role,
+            signingOrder: recipient.signingOrder,
+            actionAuth: ZRecipientAuthOptionsSchema.parse(recipient.authOptions)?.actionAuth ?? [],
           })),
           {
             email,

From 7d257236a6519b56595fcb5a968dac5c1e91748f Mon Sep 17 00:00:00 2001
From: samuel-cglg <124675162+samuel-cglg@users.noreply.github.com>
Date: Thu, 28 Aug 2025 08:20:27 +0200
Subject: [PATCH 14/47] fix: default pagination on documents list API (#1929)

---
 packages/api/v1/schema.ts | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/packages/api/v1/schema.ts b/packages/api/v1/schema.ts
index c33120ae3..b8e31bfe0 100644
--- a/packages/api/v1/schema.ts
+++ b/packages/api/v1/schema.ts
@@ -33,7 +33,7 @@ export const ZNoBodyMutationSchema = null;
  */
 export const ZGetDocumentsQuerySchema = z.object({
   page: z.coerce.number().min(1).optional().default(1),
-  perPage: z.coerce.number().min(1).optional().default(1),
+  perPage: z.coerce.number().min(1).optional().default(10),
 });
 
 export type TGetDocumentsQuerySchema = z.infer<typeof ZGetDocumentsQuerySchema>;
@@ -637,5 +637,5 @@ export const ZSuccessfulGetTemplatesResponseSchema = z.object({
 
 export const ZGetTemplatesQuerySchema = z.object({
   page: z.coerce.number().min(1).optional().default(1),
-  perPage: z.coerce.number().min(1).optional().default(1),
+  perPage: z.coerce.number().min(1).optional().default(10),
 });

From 2603ae8b905288c60f2f3abb299e6a320b639a43 Mon Sep 17 00:00:00 2001
From: samuel-cglg <124675162+samuel-cglg@users.noreply.github.com>
Date: Sun, 31 Aug 2025 03:37:49 +0200
Subject: [PATCH 15/47] fix: send signing request email after the document
 status is updated (#1944)

When sending a document for signing, emails for recipients are sent
before the document status is updated.
In this case, the job "send.signing.requested.email" fails because it
cannot find the document with a PENDING status.
---
 .../server-only/document/send-document.tsx    | 54 +++++++++----------
 1 file changed, 27 insertions(+), 27 deletions(-)

diff --git a/packages/lib/server-only/document/send-document.tsx b/packages/lib/server-only/document/send-document.tsx
index b8a77ee7e..22dbcb071 100644
--- a/packages/lib/server-only/document/send-document.tsx
+++ b/packages/lib/server-only/document/send-document.tsx
@@ -148,33 +148,6 @@ export const sendDocument = async ({
   //   throw new Error('Some signers have not been assigned a signature field.');
   // }
 
-  const isRecipientSigningRequestEmailEnabled = extractDerivedDocumentEmailSettings(
-    document.documentMeta,
-  ).recipientSigningRequest;
-
-  // Only send email if one of the following is true:
-  // - It is explicitly set
-  // - The email is enabled for signing requests AND sendEmail is undefined
-  if (sendEmail || (isRecipientSigningRequestEmailEnabled && sendEmail === undefined)) {
-    await Promise.all(
-      recipientsToNotify.map(async (recipient) => {
-        if (recipient.sendStatus === SendStatus.SENT || recipient.role === RecipientRole.CC) {
-          return;
-        }
-
-        await jobs.triggerJob({
-          name: 'send.signing.requested.email',
-          payload: {
-            userId,
-            documentId,
-            recipientId: recipient.id,
-            requestMetadata: requestMetadata?.requestMetadata,
-          },
-        });
-      }),
-    );
-  }
-
   const allRecipientsHaveNoActionToTake = document.recipients.every(
     (recipient) =>
       recipient.role === RecipientRole.CC || recipient.signingStatus === SigningStatus.SIGNED,
@@ -227,6 +200,33 @@ export const sendDocument = async ({
     });
   });
 
+  const isRecipientSigningRequestEmailEnabled = extractDerivedDocumentEmailSettings(
+    document.documentMeta,
+  ).recipientSigningRequest;
+
+  // Only send email if one of the following is true:
+  // - It is explicitly set
+  // - The email is enabled for signing requests AND sendEmail is undefined
+  if (sendEmail || (isRecipientSigningRequestEmailEnabled && sendEmail === undefined)) {
+    await Promise.all(
+      recipientsToNotify.map(async (recipient) => {
+        if (recipient.sendStatus === SendStatus.SENT || recipient.role === RecipientRole.CC) {
+          return;
+        }
+
+        await jobs.triggerJob({
+          name: 'send.signing.requested.email',
+          payload: {
+            userId,
+            documentId,
+            recipientId: recipient.id,
+            requestMetadata: requestMetadata?.requestMetadata,
+          },
+        });
+      }),
+    );
+  }
+
   await triggerWebhook({
     event: WebhookTriggerEvents.DOCUMENT_SENT,
     data: ZWebhookDocumentSchema.parse(mapDocumentToWebhookDocumentPayload(updatedDocument)),

From 19565c182160ec098a832bb033ced01e006a2723 Mon Sep 17 00:00:00 2001
From: Ephraim Duncan <55143799+ephraimduncan@users.noreply.github.com>
Date: Sun, 31 Aug 2025 02:17:31 +0000
Subject: [PATCH 16/47] fix: access audit logs for documents in folder (#1989)

---
 .../_authenticated+/t.$teamUrl+/documents.$id.logs.tsx    | 8 ++------
 1 file changed, 2 insertions(+), 6 deletions(-)

diff --git a/apps/remix/app/routes/_authenticated+/t.$teamUrl+/documents.$id.logs.tsx b/apps/remix/app/routes/_authenticated+/t.$teamUrl+/documents.$id.logs.tsx
index 56a01bb90..b27ded2bb 100644
--- a/apps/remix/app/routes/_authenticated+/t.$teamUrl+/documents.$id.logs.tsx
+++ b/apps/remix/app/routes/_authenticated+/t.$teamUrl+/documents.$id.logs.tsx
@@ -50,10 +50,6 @@ export async function loader({ params, request }: Route.LoaderArgs) {
     throw redirect(documentRootPath);
   }
 
-  if (document.folderId) {
-    throw redirect(documentRootPath);
-  }
-
   const recipients = await getRecipientsForDocument({
     documentId,
     userId: user.id,
@@ -68,13 +64,13 @@ export async function loader({ params, request }: Route.LoaderArgs) {
 
   return {
     document,
-    documentRootPath,
     recipients,
+    documentRootPath,
   };
 }
 
 export default function DocumentsLogsPage({ loaderData }: Route.ComponentProps) {
-  const { document, documentRootPath, recipients } = loaderData;
+  const { document, recipients, documentRootPath } = loaderData;
 
   const { _, i18n } = useLingui();
 

From bb5c2edefd909fed06254666ee22da2c442151e2 Mon Sep 17 00:00:00 2001
From: Catalin Pit <me+github@catalins.tech>
Date: Tue, 2 Sep 2025 14:01:16 +0300
Subject: [PATCH 17/47] feat: implement auto-save functionality for signers in
 document edit form (#1792)

---
 .../general/document/document-edit-form.tsx   | 222 +++++++++----
 .../general/template/template-edit-form.tsx   | 137 +++++---
 .../t.$teamUrl+/templates._index.tsx          |   2 +-
 .../autosave-fields-step.spec.ts              | 293 +++++++++++++++++
 .../autosave-settings-step.spec.ts            | 243 ++++++++++++++
 .../autosave-signers-step.spec.ts             | 168 ++++++++++
 .../autosave-subject-step.spec.ts             | 200 ++++++++++++
 .../document-flow/stepper-component.spec.ts   |   6 +-
 .../template-autosave-fields-step.spec.ts     | 304 ++++++++++++++++++
 .../template-autosave-settings-step.spec.ts   | 244 ++++++++++++++
 .../template-autosave-signers-step.spec.ts    | 174 ++++++++++
 packages/app-tests/playwright.config.ts       |   2 +-
 .../lib/client-only/hooks/use-autosave.ts     |  31 ++
 .../recipient/get-recipients-for-template.ts  |  23 +-
 .../primitives/document-flow/add-fields.tsx   |  46 ++-
 .../primitives/document-flow/add-settings.tsx |  70 +++-
 .../primitives/document-flow/add-signers.tsx  | 170 ++++++++--
 .../primitives/document-flow/add-subject.tsx  |  37 ++-
 .../field-item-advanced-settings.tsx          |  36 ++-
 .../template-flow/add-template-fields.tsx     |  71 +++-
 .../add-template-placeholder-recipients.tsx   | 126 ++++++--
 .../template-flow/add-template-settings.tsx   |  97 +++++-
 22 files changed, 2482 insertions(+), 220 deletions(-)
 create mode 100644 packages/app-tests/e2e/document-flow/autosave-fields-step.spec.ts
 create mode 100644 packages/app-tests/e2e/document-flow/autosave-settings-step.spec.ts
 create mode 100644 packages/app-tests/e2e/document-flow/autosave-signers-step.spec.ts
 create mode 100644 packages/app-tests/e2e/document-flow/autosave-subject-step.spec.ts
 create mode 100644 packages/app-tests/e2e/templates-flow/template-autosave-fields-step.spec.ts
 create mode 100644 packages/app-tests/e2e/templates-flow/template-autosave-settings-step.spec.ts
 create mode 100644 packages/app-tests/e2e/templates-flow/template-autosave-signers-step.spec.ts
 create mode 100644 packages/lib/client-only/hooks/use-autosave.ts

diff --git a/apps/remix/app/components/general/document/document-edit-form.tsx b/apps/remix/app/components/general/document/document-edit-form.tsx
index df73d92b6..e8ffa5fe5 100644
--- a/apps/remix/app/components/general/document/document-edit-form.tsx
+++ b/apps/remix/app/components/general/document/document-edit-form.tsx
@@ -159,34 +159,37 @@ export const DocumentEditForm = ({
     return initialStep;
   });
 
+  const saveSettingsData = async (data: TAddSettingsFormSchema) => {
+    const { timezone, dateFormat, redirectUrl, language, signatureTypes } = data.meta;
+
+    const parsedGlobalAccessAuth = z
+      .array(ZDocumentAccessAuthTypesSchema)
+      .safeParse(data.globalAccessAuth);
+
+    return updateDocument({
+      documentId: document.id,
+      data: {
+        title: data.title,
+        externalId: data.externalId || null,
+        visibility: data.visibility,
+        globalAccessAuth: parsedGlobalAccessAuth.success ? parsedGlobalAccessAuth.data : [],
+        globalActionAuth: data.globalActionAuth ?? [],
+      },
+      meta: {
+        timezone,
+        dateFormat,
+        redirectUrl,
+        language: isValidLanguageCode(language) ? language : undefined,
+        typedSignatureEnabled: signatureTypes.includes(DocumentSignatureType.TYPE),
+        uploadSignatureEnabled: signatureTypes.includes(DocumentSignatureType.UPLOAD),
+        drawSignatureEnabled: signatureTypes.includes(DocumentSignatureType.DRAW),
+      },
+    });
+  };
+
   const onAddSettingsFormSubmit = async (data: TAddSettingsFormSchema) => {
     try {
-      const { timezone, dateFormat, redirectUrl, language, signatureTypes } = data.meta;
-
-      const parsedGlobalAccessAuth = z
-        .array(ZDocumentAccessAuthTypesSchema)
-        .safeParse(data.globalAccessAuth);
-
-      await updateDocument({
-        documentId: document.id,
-        data: {
-          title: data.title,
-          externalId: data.externalId || null,
-          visibility: data.visibility,
-          globalAccessAuth: parsedGlobalAccessAuth.success ? parsedGlobalAccessAuth.data : [],
-          globalActionAuth: data.globalActionAuth ?? [],
-        },
-        meta: {
-          timezone,
-          dateFormat,
-          redirectUrl,
-          language: isValidLanguageCode(language) ? language : undefined,
-          typedSignatureEnabled: signatureTypes.includes(DocumentSignatureType.TYPE),
-          uploadSignatureEnabled: signatureTypes.includes(DocumentSignatureType.UPLOAD),
-          drawSignatureEnabled: signatureTypes.includes(DocumentSignatureType.DRAW),
-        },
-      });
-
+      await saveSettingsData(data);
       setStep('signers');
     } catch (err) {
       console.error(err);
@@ -199,26 +202,58 @@ export const DocumentEditForm = ({
     }
   };
 
+  const onAddSettingsFormAutoSave = async (data: TAddSettingsFormSchema) => {
+    try {
+      await saveSettingsData(data);
+    } catch (err) {
+      console.error(err);
+
+      toast({
+        title: _(msg`Error`),
+        description: _(msg`An error occurred while auto-saving the document settings.`),
+        variant: 'destructive',
+      });
+    }
+  };
+
+  const saveSignersData = async (data: TAddSignersFormSchema) => {
+    return Promise.all([
+      updateDocument({
+        documentId: document.id,
+        meta: {
+          allowDictateNextSigner: data.allowDictateNextSigner,
+          signingOrder: data.signingOrder,
+        },
+      }),
+
+      setRecipients({
+        documentId: document.id,
+        recipients: data.signers.map((signer) => ({
+          ...signer,
+          // Explicitly set to null to indicate we want to remove auth if required.
+          actionAuth: signer.actionAuth ?? [],
+        })),
+      }),
+    ]);
+  };
+
+  const onAddSignersFormAutoSave = async (data: TAddSignersFormSchema) => {
+    try {
+      await saveSignersData(data);
+    } catch (err) {
+      console.error(err);
+
+      toast({
+        title: _(msg`Error`),
+        description: _(msg`An error occurred while adding signers.`),
+        variant: 'destructive',
+      });
+    }
+  };
+
   const onAddSignersFormSubmit = async (data: TAddSignersFormSchema) => {
     try {
-      await Promise.all([
-        updateDocument({
-          documentId: document.id,
-          meta: {
-            allowDictateNextSigner: data.allowDictateNextSigner,
-            signingOrder: data.signingOrder,
-          },
-        }),
-
-        setRecipients({
-          documentId: document.id,
-          recipients: data.signers.map((signer) => ({
-            ...signer,
-            // Explicitly set to null to indicate we want to remove auth if required.
-            actionAuth: signer.actionAuth ?? [],
-          })),
-        }),
-      ]);
+      await saveSignersData(data);
 
       setStep('fields');
     } catch (err) {
@@ -232,12 +267,16 @@ export const DocumentEditForm = ({
     }
   };
 
+  const saveFieldsData = async (data: TAddFieldsFormSchema) => {
+    return addFields({
+      documentId: document.id,
+      fields: data.fields,
+    });
+  };
+
   const onAddFieldsFormSubmit = async (data: TAddFieldsFormSchema) => {
     try {
-      await addFields({
-        documentId: document.id,
-        fields: data.fields,
-      });
+      await saveFieldsData(data);
 
       // Clear all field data from localStorage
       for (let i = 0; i < localStorage.length; i++) {
@@ -259,24 +298,60 @@ export const DocumentEditForm = ({
     }
   };
 
-  const onAddSubjectFormSubmit = async (data: TAddSubjectFormSchema) => {
+  const onAddFieldsFormAutoSave = async (data: TAddFieldsFormSchema) => {
+    try {
+      await saveFieldsData(data);
+      // Don't clear localStorage on auto-save, only on explicit submit
+    } catch (err) {
+      console.error(err);
+
+      toast({
+        title: _(msg`Error`),
+        description: _(msg`An error occurred while auto-saving the fields.`),
+        variant: 'destructive',
+      });
+    }
+  };
+
+  const saveSubjectData = async (data: TAddSubjectFormSchema) => {
     const { subject, message, distributionMethod, emailId, emailReplyTo, emailSettings } =
       data.meta;
 
-    try {
-      await sendDocument({
-        documentId: document.id,
-        meta: {
-          subject,
-          message,
-          distributionMethod,
-          emailId,
-          emailReplyTo: emailReplyTo || null,
-          emailSettings: emailSettings,
-        },
-      });
+    return updateDocument({
+      documentId: document.id,
+      meta: {
+        subject,
+        message,
+        distributionMethod,
+        emailId,
+        emailReplyTo,
+        emailSettings: emailSettings,
+      },
+    });
+  };
 
-      if (distributionMethod === DocumentDistributionMethod.EMAIL) {
+  const sendDocumentWithSubject = async (data: TAddSubjectFormSchema) => {
+    const { subject, message, distributionMethod, emailId, emailReplyTo, emailSettings } =
+      data.meta;
+
+    return sendDocument({
+      documentId: document.id,
+      meta: {
+        subject,
+        message,
+        distributionMethod,
+        emailId,
+        emailReplyTo: emailReplyTo || null,
+        emailSettings,
+      },
+    });
+  };
+
+  const onAddSubjectFormSubmit = async (data: TAddSubjectFormSchema) => {
+    try {
+      await sendDocumentWithSubject(data);
+
+      if (data.meta.distributionMethod === DocumentDistributionMethod.EMAIL) {
         toast({
           title: _(msg`Document sent`),
           description: _(msg`Your document has been sent successfully.`),
@@ -304,6 +379,21 @@ export const DocumentEditForm = ({
     }
   };
 
+  const onAddSubjectFormAutoSave = async (data: TAddSubjectFormSchema) => {
+    try {
+      // Save form data without sending the document
+      await saveSubjectData(data);
+    } catch (err) {
+      console.error(err);
+
+      toast({
+        title: _(msg`Error`),
+        description: _(msg`An error occurred while auto-saving the subject form.`),
+        variant: 'destructive',
+      });
+    }
+  };
+
   const currentDocumentFlow = documentFlow[step];
 
   /**
@@ -349,25 +439,28 @@ export const DocumentEditForm = ({
               fields={fields}
               isDocumentPdfLoaded={isDocumentPdfLoaded}
               onSubmit={onAddSettingsFormSubmit}
+              onAutoSave={onAddSettingsFormAutoSave}
             />
 
             <AddSignersFormPartial
-              key={recipients.length}
+              key={document.id}
               documentFlow={documentFlow.signers}
               recipients={recipients}
               signingOrder={document.documentMeta?.signingOrder}
               allowDictateNextSigner={document.documentMeta?.allowDictateNextSigner}
               fields={fields}
               onSubmit={onAddSignersFormSubmit}
+              onAutoSave={onAddSignersFormAutoSave}
               isDocumentPdfLoaded={isDocumentPdfLoaded}
             />
 
             <AddFieldsFormPartial
-              key={fields.length}
+              key={document.id}
               documentFlow={documentFlow.fields}
               recipients={recipients}
               fields={fields}
               onSubmit={onAddFieldsFormSubmit}
+              onAutoSave={onAddFieldsFormAutoSave}
               isDocumentPdfLoaded={isDocumentPdfLoaded}
               teamId={team.id}
             />
@@ -379,6 +472,7 @@ export const DocumentEditForm = ({
               recipients={recipients}
               fields={fields}
               onSubmit={onAddSubjectFormSubmit}
+              onAutoSave={onAddSubjectFormAutoSave}
               isDocumentPdfLoaded={isDocumentPdfLoaded}
             />
           </Stepper>
diff --git a/apps/remix/app/components/general/template/template-edit-form.tsx b/apps/remix/app/components/general/template/template-edit-form.tsx
index 3cea126c8..17d7a45a1 100644
--- a/apps/remix/app/components/general/template/template-edit-form.tsx
+++ b/apps/remix/app/components/general/template/template-edit-form.tsx
@@ -124,32 +124,36 @@ export const TemplateEditForm = ({
     },
   });
 
-  const onAddSettingsFormSubmit = async (data: TAddTemplateSettingsFormSchema) => {
+  const saveSettingsData = async (data: TAddTemplateSettingsFormSchema) => {
     const { signatureTypes } = data.meta;
 
     const parsedGlobalAccessAuth = z
       .array(ZDocumentAccessAuthTypesSchema)
       .safeParse(data.globalAccessAuth);
 
+    return updateTemplateSettings({
+      templateId: template.id,
+      data: {
+        title: data.title,
+        externalId: data.externalId || null,
+        visibility: data.visibility,
+        globalAccessAuth: parsedGlobalAccessAuth.success ? parsedGlobalAccessAuth.data : [],
+        globalActionAuth: data.globalActionAuth ?? [],
+      },
+      meta: {
+        ...data.meta,
+        emailReplyTo: data.meta.emailReplyTo || null,
+        typedSignatureEnabled: signatureTypes.includes(DocumentSignatureType.TYPE),
+        uploadSignatureEnabled: signatureTypes.includes(DocumentSignatureType.UPLOAD),
+        drawSignatureEnabled: signatureTypes.includes(DocumentSignatureType.DRAW),
+        language: isValidLanguageCode(data.meta.language) ? data.meta.language : undefined,
+      },
+    });
+  };
+
+  const onAddSettingsFormSubmit = async (data: TAddTemplateSettingsFormSchema) => {
     try {
-      await updateTemplateSettings({
-        templateId: template.id,
-        data: {
-          title: data.title,
-          externalId: data.externalId || null,
-          visibility: data.visibility,
-          globalAccessAuth: parsedGlobalAccessAuth.success ? parsedGlobalAccessAuth.data : [],
-          globalActionAuth: data.globalActionAuth ?? [],
-        },
-        meta: {
-          ...data.meta,
-          emailReplyTo: data.meta.emailReplyTo || null,
-          typedSignatureEnabled: signatureTypes.includes(DocumentSignatureType.TYPE),
-          uploadSignatureEnabled: signatureTypes.includes(DocumentSignatureType.UPLOAD),
-          drawSignatureEnabled: signatureTypes.includes(DocumentSignatureType.DRAW),
-          language: isValidLanguageCode(data.meta.language) ? data.meta.language : undefined,
-        },
-      });
+      await saveSettingsData(data);
 
       setStep('signers');
     } catch (err) {
@@ -163,24 +167,42 @@ export const TemplateEditForm = ({
     }
   };
 
+  const onAddSettingsFormAutoSave = async (data: TAddTemplateSettingsFormSchema) => {
+    try {
+      await saveSettingsData(data);
+    } catch (err) {
+      console.error(err);
+
+      toast({
+        title: _(msg`Error`),
+        description: _(msg`An error occurred while auto-saving the template settings.`),
+        variant: 'destructive',
+      });
+    }
+  };
+
+  const saveTemplatePlaceholderData = async (data: TAddTemplatePlacholderRecipientsFormSchema) => {
+    return Promise.all([
+      updateTemplateSettings({
+        templateId: template.id,
+        meta: {
+          signingOrder: data.signingOrder,
+          allowDictateNextSigner: data.allowDictateNextSigner,
+        },
+      }),
+
+      setRecipients({
+        templateId: template.id,
+        recipients: data.signers,
+      }),
+    ]);
+  };
+
   const onAddTemplatePlaceholderFormSubmit = async (
     data: TAddTemplatePlacholderRecipientsFormSchema,
   ) => {
     try {
-      await Promise.all([
-        updateTemplateSettings({
-          templateId: template.id,
-          meta: {
-            signingOrder: data.signingOrder,
-            allowDictateNextSigner: data.allowDictateNextSigner,
-          },
-        }),
-
-        setRecipients({
-          templateId: template.id,
-          recipients: data.signers,
-        }),
-      ]);
+      await saveTemplatePlaceholderData(data);
 
       setStep('fields');
     } catch (err) {
@@ -192,12 +214,46 @@ export const TemplateEditForm = ({
     }
   };
 
+  const onAddTemplatePlaceholderFormAutoSave = async (
+    data: TAddTemplatePlacholderRecipientsFormSchema,
+  ) => {
+    try {
+      await saveTemplatePlaceholderData(data);
+    } catch (err) {
+      console.error(err);
+
+      toast({
+        title: _(msg`Error`),
+        description: _(msg`An error occurred while auto-saving the template placeholders.`),
+        variant: 'destructive',
+      });
+    }
+  };
+
+  const saveFieldsData = async (data: TAddTemplateFieldsFormSchema) => {
+    return addTemplateFields({
+      templateId: template.id,
+      fields: data.fields,
+    });
+  };
+
+  const onAddFieldsFormAutoSave = async (data: TAddTemplateFieldsFormSchema) => {
+    try {
+      await saveFieldsData(data);
+    } catch (err) {
+      console.error(err);
+
+      toast({
+        title: _(msg`Error`),
+        description: _(msg`An error occurred while auto-saving the template fields.`),
+        variant: 'destructive',
+      });
+    }
+  };
+
   const onAddFieldsFormSubmit = async (data: TAddTemplateFieldsFormSchema) => {
     try {
-      await addTemplateFields({
-        templateId: template.id,
-        fields: data.fields,
-      });
+      await saveFieldsData(data);
 
       // Clear all field data from localStorage
       for (let i = 0; i < localStorage.length; i++) {
@@ -270,11 +326,12 @@ export const TemplateEditForm = ({
               recipients={recipients}
               fields={fields}
               onSubmit={onAddSettingsFormSubmit}
+              onAutoSave={onAddSettingsFormAutoSave}
               isDocumentPdfLoaded={isDocumentPdfLoaded}
             />
 
             <AddTemplatePlaceholderRecipientsFormPartial
-              key={recipients.length}
+              key={template.id}
               documentFlow={documentFlow.signers}
               recipients={recipients}
               fields={fields}
@@ -282,15 +339,17 @@ export const TemplateEditForm = ({
               allowDictateNextSigner={template.templateMeta?.allowDictateNextSigner}
               templateDirectLink={template.directLink}
               onSubmit={onAddTemplatePlaceholderFormSubmit}
+              onAutoSave={onAddTemplatePlaceholderFormAutoSave}
               isDocumentPdfLoaded={isDocumentPdfLoaded}
             />
 
             <AddTemplateFieldsFormPartial
-              key={fields.length}
+              key={template.id}
               documentFlow={documentFlow.fields}
               recipients={recipients}
               fields={fields}
               onSubmit={onAddFieldsFormSubmit}
+              onAutoSave={onAddFieldsFormAutoSave}
               teamId={team?.id}
             />
           </Stepper>
diff --git a/apps/remix/app/routes/_authenticated+/t.$teamUrl+/templates._index.tsx b/apps/remix/app/routes/_authenticated+/t.$teamUrl+/templates._index.tsx
index bd9f0de99..56e046f13 100644
--- a/apps/remix/app/routes/_authenticated+/t.$teamUrl+/templates._index.tsx
+++ b/apps/remix/app/routes/_authenticated+/t.$teamUrl+/templates._index.tsx
@@ -9,10 +9,10 @@ import { trpc } from '@documenso/trpc/react';
 import { Avatar, AvatarFallback, AvatarImage } from '@documenso/ui/primitives/avatar';
 
 import { FolderGrid } from '~/components/general/folder/folder-grid';
+import { TemplateDropZoneWrapper } from '~/components/general/template/template-drop-zone-wrapper';
 import { TemplatesTable } from '~/components/tables/templates-table';
 import { useCurrentTeam } from '~/providers/team';
 import { appMetaTags } from '~/utils/meta';
-import { TemplateDropZoneWrapper } from '~/components/general/template/template-drop-zone-wrapper';
 
 export function meta() {
   return appMetaTags('Templates');
diff --git a/packages/app-tests/e2e/document-flow/autosave-fields-step.spec.ts b/packages/app-tests/e2e/document-flow/autosave-fields-step.spec.ts
new file mode 100644
index 000000000..247f87319
--- /dev/null
+++ b/packages/app-tests/e2e/document-flow/autosave-fields-step.spec.ts
@@ -0,0 +1,293 @@
+import type { Page } from '@playwright/test';
+import { expect, test } from '@playwright/test';
+
+import { getFieldsForDocument } from '@documenso/lib/server-only/field/get-fields-for-document';
+import { seedBlankDocument } from '@documenso/prisma/seed/documents';
+import { seedUser } from '@documenso/prisma/seed/users';
+
+import { apiSignin } from '../fixtures/authentication';
+
+const setupDocumentAndNavigateToFieldsStep = async (page: Page) => {
+  const { user, team } = await seedUser();
+  const document = await seedBlankDocument(user, team.id);
+
+  await apiSignin({
+    page,
+    email: user.email,
+    redirectPath: `/documents/${document.id}/edit`,
+  });
+
+  await page.getByRole('button', { name: 'Continue' }).click();
+
+  await page.getByPlaceholder('Email').fill('recipient1@documenso.com');
+  await page.getByPlaceholder('Name').fill('Recipient 1');
+
+  await page.getByRole('button', { name: 'Add signer' }).click();
+
+  await page.getByPlaceholder('Email').nth(1).fill('recipient2@documenso.com');
+  await page.getByPlaceholder('Name').nth(1).fill('Recipient 2');
+
+  await page.getByRole('button', { name: 'Continue' }).click();
+
+  return { user, team, document };
+};
+
+const triggerAutosave = async (page: Page) => {
+  await page.locator('#document-flow-form-container').click();
+  await page.locator('#document-flow-form-container').blur();
+
+  await page.waitForTimeout(5000);
+};
+
+test.describe('AutoSave Fields Step', () => {
+  test('should autosave the fields without advanced settings', async ({ page }) => {
+    const { user, document, team } = await setupDocumentAndNavigateToFieldsStep(page);
+
+    await expect(page.getByRole('heading', { name: 'Add Fields' })).toBeVisible();
+
+    await page.getByRole('button', { name: 'Signature' }).click();
+    await page.locator('canvas').click({
+      position: {
+        x: 100,
+        y: 100,
+      },
+    });
+
+    await page.getByRole('button', { name: 'Text' }).click();
+    await page.locator('canvas').click({
+      position: {
+        x: 100,
+        y: 200,
+      },
+    });
+
+    await page.getByTestId('field-advanced-settings-footer').waitFor({ state: 'visible' });
+
+    await page
+      .getByTestId('field-advanced-settings-footer')
+      .getByRole('button', { name: 'Cancel' })
+      .click();
+
+    await triggerAutosave(page);
+
+    await page.getByRole('combobox').click();
+    await page.getByRole('option', { name: 'Recipient 2 (recipient2@documenso.com)' }).click();
+
+    await page.getByRole('button', { name: 'Signature' }).click();
+    await page.locator('canvas').click({
+      position: {
+        x: 100,
+        y: 500,
+      },
+    });
+
+    await triggerAutosave(page);
+
+    await expect(async () => {
+      const retrievedFields = await getFieldsForDocument({
+        documentId: document.id,
+        userId: user.id,
+        teamId: team.id,
+      });
+
+      expect(retrievedFields.length).toBe(3);
+      expect(retrievedFields[0].type).toBe('SIGNATURE');
+      expect(retrievedFields[1].type).toBe('TEXT');
+      expect(retrievedFields[2].type).toBe('SIGNATURE');
+    }).toPass();
+  });
+
+  test('should autosave the field deletion', async ({ page }) => {
+    const { user, document, team } = await setupDocumentAndNavigateToFieldsStep(page);
+
+    await expect(page.getByRole('heading', { name: 'Add Fields' })).toBeVisible();
+
+    await page.getByRole('button', { name: 'Signature' }).click();
+    await page.locator('canvas').click({
+      position: {
+        x: 100,
+        y: 100,
+      },
+    });
+
+    await page.getByRole('button', { name: 'Text' }).click();
+    await page.locator('canvas').click({
+      position: {
+        x: 100,
+        y: 200,
+      },
+    });
+
+    await page.getByTestId('field-advanced-settings-footer').waitFor({ state: 'visible' });
+
+    await page
+      .getByTestId('field-advanced-settings-footer')
+      .getByRole('button', { name: 'Cancel' })
+      .click();
+
+    await triggerAutosave(page);
+
+    await page.getByRole('combobox').click();
+    await page.getByRole('option', { name: 'Recipient 2 (recipient2@documenso.com)' }).click();
+
+    await page.getByRole('button', { name: 'Signature' }).click();
+    await page.locator('canvas').click({
+      position: {
+        x: 100,
+        y: 500,
+      },
+    });
+
+    await triggerAutosave(page);
+
+    await page.getByRole('combobox').click();
+    await page.getByRole('option', { name: 'Recipient 1 (recipient1@documenso.com)' }).click();
+
+    await page.getByText('Text').nth(1).click();
+    await page.getByRole('button', { name: 'Remove' }).click();
+
+    await triggerAutosave(page);
+
+    await expect(async () => {
+      const retrievedFields = await getFieldsForDocument({
+        documentId: document.id,
+        userId: user.id,
+        teamId: team.id,
+      });
+
+      expect(retrievedFields.length).toBe(2);
+      expect(retrievedFields[0].type).toBe('SIGNATURE');
+      expect(retrievedFields[1].type).toBe('SIGNATURE');
+    }).toPass();
+  });
+
+  test('should autosave the field duplication', async ({ page }) => {
+    const { user, document, team } = await setupDocumentAndNavigateToFieldsStep(page);
+
+    await expect(page.getByRole('heading', { name: 'Add Fields' })).toBeVisible();
+
+    await page.getByRole('button', { name: 'Signature' }).click();
+    await page.locator('canvas').click({
+      position: {
+        x: 100,
+        y: 100,
+      },
+    });
+
+    await page.getByRole('button', { name: 'Text' }).click();
+    await page.locator('canvas').click({
+      position: {
+        x: 100,
+        y: 200,
+      },
+    });
+
+    await page.getByTestId('field-advanced-settings-footer').waitFor({ state: 'visible' });
+
+    await page
+      .getByTestId('field-advanced-settings-footer')
+      .getByRole('button', { name: 'Cancel' })
+      .click();
+
+    await triggerAutosave(page);
+
+    await page.getByRole('combobox').click();
+    await page.getByRole('option', { name: 'Recipient 2 (recipient2@documenso.com)' }).click();
+
+    await page.getByRole('button', { name: 'Signature' }).click();
+    await page.locator('canvas').click({
+      position: {
+        x: 100,
+        y: 500,
+      },
+    });
+
+    await triggerAutosave(page);
+
+    await page.getByRole('combobox').click();
+    await page.getByRole('option', { name: 'Recipient 1 (recipient1@documenso.com)' }).click();
+
+    await page.getByText('Signature').nth(1).click();
+    await page.getByRole('button', { name: 'Duplicate', exact: true }).click();
+
+    await triggerAutosave(page);
+
+    await expect(async () => {
+      const retrievedFields = await getFieldsForDocument({
+        documentId: document.id,
+        userId: user.id,
+        teamId: team.id,
+      });
+
+      expect(retrievedFields.length).toBe(4);
+      expect(retrievedFields[0].type).toBe('SIGNATURE');
+      expect(retrievedFields[1].type).toBe('TEXT');
+      expect(retrievedFields[2].type).toBe('SIGNATURE');
+      expect(retrievedFields[3].type).toBe('SIGNATURE');
+    }).toPass();
+  });
+
+  test('should autosave the fields with advanced settings', async ({ page }) => {
+    const { user, document, team } = await setupDocumentAndNavigateToFieldsStep(page);
+
+    await expect(page.getByRole('heading', { name: 'Add Fields' })).toBeVisible();
+
+    await page.getByRole('button', { name: 'Signature' }).click();
+    await page.locator('canvas').click({
+      position: {
+        x: 100,
+        y: 100,
+      },
+    });
+
+    await page.getByRole('button', { name: 'Text' }).click();
+    await page.locator('canvas').click({
+      position: {
+        x: 100,
+        y: 200,
+      },
+    });
+
+    await page.getByRole('textbox', { name: 'Field label' }).fill('Test Field');
+    await page.getByRole('textbox', { name: 'Field placeholder' }).fill('Test Placeholder');
+    await page.getByRole('textbox', { name: 'Add text to the field' }).fill('Test Text');
+
+    await page
+      .getByTestId('field-advanced-settings-footer')
+      .getByRole('button', { name: 'Save' })
+      .click();
+
+    await triggerAutosave(page);
+
+    await expect(async () => {
+      const retrievedFields = await getFieldsForDocument({
+        documentId: document.id,
+        userId: user.id,
+        teamId: team.id,
+      });
+
+      expect(retrievedFields.length).toBe(2);
+      expect(retrievedFields[0].type).toBe('SIGNATURE');
+      expect(retrievedFields[1].type).toBe('TEXT');
+
+      const textField = retrievedFields[1];
+      expect(textField.fieldMeta).toBeDefined();
+
+      if (
+        textField.fieldMeta &&
+        typeof textField.fieldMeta === 'object' &&
+        'type' in textField.fieldMeta
+      ) {
+        expect(textField.fieldMeta.type).toBe('text');
+        expect(textField.fieldMeta.label).toBe('Test Field');
+        expect(textField.fieldMeta.placeholder).toBe('Test Placeholder');
+
+        if (textField.fieldMeta.type === 'text') {
+          expect(textField.fieldMeta.text).toBe('Test Text');
+        }
+      } else {
+        throw new Error('fieldMeta should be defined and contain advanced settings');
+      }
+    }).toPass();
+  });
+});
diff --git a/packages/app-tests/e2e/document-flow/autosave-settings-step.spec.ts b/packages/app-tests/e2e/document-flow/autosave-settings-step.spec.ts
new file mode 100644
index 000000000..e34f2c104
--- /dev/null
+++ b/packages/app-tests/e2e/document-flow/autosave-settings-step.spec.ts
@@ -0,0 +1,243 @@
+import type { Page } from '@playwright/test';
+import { expect, test } from '@playwright/test';
+
+import { getDocumentById } from '@documenso/lib/server-only/document/get-document-by-id';
+import { seedBlankDocument } from '@documenso/prisma/seed/documents';
+import { seedUser } from '@documenso/prisma/seed/users';
+
+import { apiSignin } from '../fixtures/authentication';
+
+test.describe.configure({ mode: 'parallel', timeout: 60000 });
+
+const setupDocument = async (page: Page) => {
+  const { user, team } = await seedUser();
+
+  const document = await seedBlankDocument(user, team.id);
+
+  await apiSignin({
+    page,
+    email: user.email,
+    redirectPath: `/documents/${document.id}/edit`,
+  });
+
+  return { user, team, document };
+};
+
+const triggerAutosave = async (page: Page) => {
+  await page.locator('#document-flow-form-container').click();
+  await page.locator('#document-flow-form-container').blur();
+
+  await page.waitForTimeout(5000);
+};
+
+test.describe('AutoSave Settings Step', () => {
+  test('should autosave the title change', async ({ page }) => {
+    const { user, document, team } = await setupDocument(page);
+
+    const newDocumentTitle = 'New Document Title';
+
+    await page.getByRole('textbox', { name: 'Title *' }).fill(newDocumentTitle);
+
+    await triggerAutosave(page);
+
+    await expect(async () => {
+      const retrieved = await getDocumentById({
+        documentId: document.id,
+        userId: user.id,
+        teamId: team.id,
+      });
+
+      await expect(page.getByRole('textbox', { name: 'Title *' })).toHaveValue(retrieved.title);
+    }).toPass();
+  });
+
+  test('should autosave the language change', async ({ page }) => {
+    const { user, document, team } = await setupDocument(page);
+
+    const newDocumentLanguage = 'French';
+    const expectedLanguageCode = 'fr';
+
+    await page.getByRole('combobox').first().click();
+    await page.getByRole('option', { name: newDocumentLanguage }).click();
+
+    await triggerAutosave(page);
+
+    await expect(async () => {
+      const retrieved = await getDocumentById({
+        documentId: document.id,
+        userId: user.id,
+        teamId: team.id,
+      });
+
+      expect(retrieved.documentMeta?.language).toBe(expectedLanguageCode);
+    }).toPass();
+  });
+
+  test('should autosave the document access change', async ({ page }) => {
+    const { user, document, team } = await setupDocument(page);
+
+    const access = 'Require account';
+    const accessValue = 'ACCOUNT';
+
+    await page.getByRole('combobox').nth(1).click();
+    await page.getByRole('option', { name: access }).click();
+
+    await triggerAutosave(page);
+
+    await expect(async () => {
+      const retrieved = await getDocumentById({
+        documentId: document.id,
+        userId: user.id,
+        teamId: team.id,
+      });
+
+      expect(retrieved.authOptions?.globalAccessAuth).toContain(accessValue);
+    }).toPass();
+  });
+
+  test('should autosave the external ID change', async ({ page }) => {
+    const { user, document, team } = await setupDocument(page);
+
+    const newExternalId = '1234567890';
+
+    await page.getByRole('button', { name: 'Advanced Options' }).click();
+
+    await page.getByRole('textbox', { name: 'External ID' }).fill(newExternalId);
+
+    await triggerAutosave(page);
+
+    await expect(async () => {
+      const retrieved = await getDocumentById({
+        documentId: document.id,
+        userId: user.id,
+        teamId: team.id,
+      });
+
+      expect(retrieved.externalId).toBe(newExternalId);
+    }).toPass();
+  });
+
+  test('should autosave the allowed signature types change', async ({ page }) => {
+    const { user, document, team } = await setupDocument(page);
+
+    await page.getByRole('button', { name: 'Advanced Options' }).click();
+
+    await page.getByRole('combobox').nth(3).click();
+    await page.getByRole('option', { name: 'Draw' }).click();
+    await page.getByRole('option', { name: 'Type' }).click();
+
+    await triggerAutosave(page);
+
+    await expect(async () => {
+      const retrieved = await getDocumentById({
+        documentId: document.id,
+        userId: user.id,
+        teamId: team.id,
+      });
+
+      expect(retrieved.documentMeta?.drawSignatureEnabled).toBe(false);
+      expect(retrieved.documentMeta?.typedSignatureEnabled).toBe(false);
+      expect(retrieved.documentMeta?.uploadSignatureEnabled).toBe(true);
+    }).toPass();
+  });
+
+  test('should autosave the date format change', async ({ page }) => {
+    const { user, document, team } = await setupDocument(page);
+
+    await page.getByRole('button', { name: 'Advanced Options' }).click();
+
+    await page.getByRole('combobox').nth(4).click();
+    await page.getByRole('option', { name: 'ISO 8601', exact: true }).click();
+
+    await triggerAutosave(page);
+
+    await expect(async () => {
+      const retrieved = await getDocumentById({
+        documentId: document.id,
+        userId: user.id,
+        teamId: team.id,
+      });
+
+      expect(retrieved.documentMeta?.dateFormat).toBe("yyyy-MM-dd'T'HH:mm:ss.SSSXXX");
+    }).toPass();
+  });
+
+  test('should autosave the timezone change', async ({ page }) => {
+    const { user, document, team } = await setupDocument(page);
+
+    await page.getByRole('button', { name: 'Advanced Options' }).click();
+
+    await page.getByRole('combobox').nth(5).click();
+    await page.getByRole('option', { name: 'Europe/London' }).click();
+
+    await triggerAutosave(page);
+
+    await expect(async () => {
+      const retrieved = await getDocumentById({
+        documentId: document.id,
+        userId: user.id,
+        teamId: team.id,
+      });
+
+      expect(retrieved.documentMeta?.timezone).toBe('Europe/London');
+    }).toPass();
+  });
+
+  test('should autosave the redirect URL change', async ({ page }) => {
+    const { user, document, team } = await setupDocument(page);
+
+    const newRedirectUrl = 'https://documenso.com/test/';
+
+    await page.getByRole('button', { name: 'Advanced Options' }).click();
+
+    await page.getByRole('textbox', { name: 'Redirect URL' }).fill(newRedirectUrl);
+
+    await triggerAutosave(page);
+
+    await expect(async () => {
+      const retrieved = await getDocumentById({
+        documentId: document.id,
+        userId: user.id,
+        teamId: team.id,
+      });
+
+      expect(retrieved.documentMeta?.redirectUrl).toBe(newRedirectUrl);
+    }).toPass();
+  });
+
+  test('should autosave multiple field changes together', async ({ page }) => {
+    const { user, document, team } = await setupDocument(page);
+
+    const newTitle = 'Updated Document Title';
+    await page.getByRole('textbox', { name: 'Title *' }).fill(newTitle);
+
+    await page.getByRole('combobox').first().click();
+    await page.getByRole('option', { name: 'German' }).click();
+
+    await page.getByRole('combobox').nth(1).click();
+    await page.getByRole('option', { name: 'Require account' }).click();
+
+    await page.getByRole('button', { name: 'Advanced Options' }).click();
+    const newExternalId = 'MULTI-TEST-123';
+    await page.getByRole('textbox', { name: 'External ID' }).fill(newExternalId);
+
+    await page.getByRole('combobox').nth(5).click();
+    await page.getByRole('option', { name: 'Europe/Berlin' }).click();
+
+    await triggerAutosave(page);
+
+    await expect(async () => {
+      const retrieved = await getDocumentById({
+        documentId: document.id,
+        userId: user.id,
+        teamId: team.id,
+      });
+
+      expect(retrieved.title).toBe(newTitle);
+      expect(retrieved.documentMeta?.language).toBe('de');
+      expect(retrieved.authOptions?.globalAccessAuth).toContain('ACCOUNT');
+      expect(retrieved.externalId).toBe(newExternalId);
+      expect(retrieved.documentMeta?.timezone).toBe('Europe/Berlin');
+    }).toPass();
+  });
+});
diff --git a/packages/app-tests/e2e/document-flow/autosave-signers-step.spec.ts b/packages/app-tests/e2e/document-flow/autosave-signers-step.spec.ts
new file mode 100644
index 000000000..e4d255750
--- /dev/null
+++ b/packages/app-tests/e2e/document-flow/autosave-signers-step.spec.ts
@@ -0,0 +1,168 @@
+import type { Page } from '@playwright/test';
+import { expect, test } from '@playwright/test';
+
+import { getDocumentById } from '@documenso/lib/server-only/document/get-document-by-id';
+import { getRecipientsForDocument } from '@documenso/lib/server-only/recipient/get-recipients-for-document';
+import { seedBlankDocument } from '@documenso/prisma/seed/documents';
+import { seedUser } from '@documenso/prisma/seed/users';
+
+import { apiSignin } from '../fixtures/authentication';
+
+test.describe.configure({ mode: 'parallel', timeout: 60000 });
+
+const setupDocumentAndNavigateToSignersStep = async (page: Page) => {
+  const { user, team } = await seedUser();
+  const document = await seedBlankDocument(user, team.id);
+
+  await apiSignin({
+    page,
+    email: user.email,
+    redirectPath: `/documents/${document.id}/edit`,
+  });
+
+  await page.getByRole('button', { name: 'Continue' }).click();
+
+  return { user, team, document };
+};
+
+const triggerAutosave = async (page: Page) => {
+  await page.locator('#document-flow-form-container').click();
+  await page.locator('#document-flow-form-container').blur();
+
+  await page.waitForTimeout(5000);
+};
+
+const addSignerAndSave = async (page: Page) => {
+  await page.getByPlaceholder('Email').fill('recipient1@documenso.com');
+  await page.getByPlaceholder('Name').fill('Recipient 1');
+
+  await triggerAutosave(page);
+};
+
+test.describe('AutoSave Signers Step', () => {
+  test('should autosave the signers addition', async ({ page }) => {
+    const { user, document, team } = await setupDocumentAndNavigateToSignersStep(page);
+
+    await addSignerAndSave(page);
+
+    await expect(async () => {
+      const retrievedRecipients = await getRecipientsForDocument({
+        documentId: document.id,
+        userId: user.id,
+        teamId: team.id,
+      });
+
+      expect(retrievedRecipients.length).toBe(1);
+      expect(retrievedRecipients[0].email).toBe('recipient1@documenso.com');
+      expect(retrievedRecipients[0].name).toBe('Recipient 1');
+    }).toPass();
+  });
+
+  test('should autosave the signer deletion', async ({ page }) => {
+    const { user, document, team } = await setupDocumentAndNavigateToSignersStep(page);
+
+    await addSignerAndSave(page);
+
+    await page.getByRole('button', { name: 'Add myself' }).click();
+    await triggerAutosave(page);
+
+    await page.getByTestId('remove-signer-button').first().click();
+    await triggerAutosave(page);
+
+    await expect(async () => {
+      const retrievedRecipients = await getRecipientsForDocument({
+        documentId: document.id,
+        userId: user.id,
+        teamId: team.id,
+      });
+
+      expect(retrievedRecipients.length).toBe(1);
+      expect(retrievedRecipients[0].email).toBe(user.email);
+      expect(retrievedRecipients[0].name).toBe(user.name);
+    }).toPass();
+  });
+
+  test('should autosave the signer update', async ({ page }) => {
+    const { user, document, team } = await setupDocumentAndNavigateToSignersStep(page);
+
+    await addSignerAndSave(page);
+
+    await page.getByPlaceholder('Name').fill('Documenso Manager');
+    await page.getByPlaceholder('Email').fill('manager@documenso.com');
+
+    await triggerAutosave(page);
+
+    await page.getByRole('combobox').click();
+    await page.getByRole('option', { name: 'Receives copy' }).click();
+
+    await triggerAutosave(page);
+
+    await expect(async () => {
+      const retrievedRecipients = await getRecipientsForDocument({
+        documentId: document.id,
+        userId: user.id,
+        teamId: team.id,
+      });
+
+      expect(retrievedRecipients.length).toBe(1);
+      expect(retrievedRecipients[0].email).toBe('manager@documenso.com');
+      expect(retrievedRecipients[0].name).toBe('Documenso Manager');
+      expect(retrievedRecipients[0].role).toBe('CC');
+    }).toPass();
+  });
+
+  test('should autosave the signing order change', async ({ page }) => {
+    const { user, document, team } = await setupDocumentAndNavigateToSignersStep(page);
+
+    await addSignerAndSave(page);
+
+    await page.getByRole('button', { name: 'Add signer' }).click();
+
+    await page.getByTestId('signer-email-input').nth(1).fill('recipient2@documenso.com');
+    await page.getByLabel('Name').nth(1).fill('Recipient 2');
+
+    await page.getByRole('button', { name: 'Add Signer' }).click();
+
+    await page.getByTestId('signer-email-input').nth(2).fill('recipient3@documenso.com');
+    await page.getByLabel('Name').nth(2).fill('Recipient 3');
+
+    await triggerAutosave(page);
+
+    await page.getByLabel('Enable signing order').check();
+    await page.getByLabel('Allow signers to dictate next signer').check();
+    await triggerAutosave(page);
+
+    await page.getByTestId('signing-order-input').nth(0).fill('3');
+    await page.getByTestId('signing-order-input').nth(0).blur();
+    await triggerAutosave(page);
+
+    await page.getByTestId('signing-order-input').nth(1).fill('1');
+    await page.getByTestId('signing-order-input').nth(1).blur();
+    await triggerAutosave(page);
+
+    await page.getByTestId('signing-order-input').nth(2).fill('2');
+    await page.getByTestId('signing-order-input').nth(2).blur();
+    await triggerAutosave(page);
+
+    await expect(async () => {
+      const retrievedDocumentData = await getDocumentById({
+        documentId: document.id,
+        userId: user.id,
+        teamId: team.id,
+      });
+
+      const retrievedRecipients = await getRecipientsForDocument({
+        documentId: document.id,
+        userId: user.id,
+        teamId: team.id,
+      });
+
+      expect(retrievedDocumentData.documentMeta?.signingOrder).toBe('SEQUENTIAL');
+      expect(retrievedDocumentData.documentMeta?.allowDictateNextSigner).toBe(true);
+      expect(retrievedRecipients.length).toBe(3);
+      expect(retrievedRecipients[0].signingOrder).toBe(2);
+      expect(retrievedRecipients[1].signingOrder).toBe(3);
+      expect(retrievedRecipients[2].signingOrder).toBe(1);
+    }).toPass();
+  });
+});
diff --git a/packages/app-tests/e2e/document-flow/autosave-subject-step.spec.ts b/packages/app-tests/e2e/document-flow/autosave-subject-step.spec.ts
new file mode 100644
index 000000000..270a31d8e
--- /dev/null
+++ b/packages/app-tests/e2e/document-flow/autosave-subject-step.spec.ts
@@ -0,0 +1,200 @@
+import type { Page } from '@playwright/test';
+import { expect, test } from '@playwright/test';
+
+import { getDocumentById } from '@documenso/lib/server-only/document/get-document-by-id';
+import { seedBlankDocument } from '@documenso/prisma/seed/documents';
+import { seedUser } from '@documenso/prisma/seed/users';
+
+import { apiSignin } from '../fixtures/authentication';
+
+test.describe.configure({ mode: 'parallel', timeout: 60000 });
+
+export const setupDocumentAndNavigateToSubjectStep = async (page: Page) => {
+  const { user, team } = await seedUser();
+  const document = await seedBlankDocument(user, team.id);
+
+  await apiSignin({
+    page,
+    email: user.email,
+    redirectPath: `/documents/${document.id}/edit`,
+  });
+
+  await page.getByRole('button', { name: 'Continue' }).click();
+
+  await page.getByPlaceholder('Email').fill('recipient1@documenso.com');
+  await page.getByPlaceholder('Name').fill('Recipient 1');
+
+  await page.getByRole('button', { name: 'Continue' }).click();
+
+  await page.getByRole('button', { name: 'Signature' }).click();
+  await page.locator('canvas').click({
+    position: {
+      x: 100,
+      y: 100,
+    },
+  });
+
+  await page.getByRole('button', { name: 'Continue' }).click();
+
+  await expect(page.getByRole('heading', { name: 'Distribute Document' })).toBeVisible();
+
+  return { user, team, document };
+};
+
+export const triggerAutosave = async (page: Page) => {
+  await page.locator('#document-flow-form-container').click();
+  await page.locator('#document-flow-form-container').blur();
+
+  await page.waitForTimeout(5000);
+};
+
+test.describe('AutoSave Subject Step', () => {
+  test('should autosave the subject field', async ({ page }) => {
+    const { user, document, team } = await setupDocumentAndNavigateToSubjectStep(page);
+
+    const subject = 'Hello world!';
+
+    await page.getByRole('textbox', { name: 'Subject (Optional)' }).fill(subject);
+
+    await triggerAutosave(page);
+
+    await expect(async () => {
+      const retrievedDocumentData = await getDocumentById({
+        documentId: document.id,
+        userId: user.id,
+        teamId: team.id,
+      });
+
+      await expect(page.getByRole('textbox', { name: 'Subject (Optional)' })).toHaveValue(
+        retrievedDocumentData.documentMeta?.subject ?? '',
+      );
+    }).toPass();
+  });
+
+  test('should autosave the message field', async ({ page }) => {
+    const { user, document, team } = await setupDocumentAndNavigateToSubjectStep(page);
+
+    const message = 'Please review and sign this important document. Thank you!';
+
+    await page.getByRole('textbox', { name: 'Message (Optional)' }).fill(message);
+
+    await triggerAutosave(page);
+
+    await expect(async () => {
+      const retrievedDocumentData = await getDocumentById({
+        documentId: document.id,
+        userId: user.id,
+        teamId: team.id,
+      });
+
+      await expect(page.getByRole('textbox', { name: 'Message (Optional)' })).toHaveValue(
+        retrievedDocumentData.documentMeta?.message ?? '',
+      );
+    }).toPass();
+  });
+
+  test('should autosave the email settings checkboxes', async ({ page }) => {
+    const { user, document, team } = await setupDocumentAndNavigateToSubjectStep(page);
+
+    // Toggle some email settings checkboxes (randomly - some checked, some unchecked)
+    await page.getByText('Send recipient signed email').click();
+    await page.getByText('Send recipient removed email').click();
+    await page.getByText('Send document completed email', { exact: true }).click();
+    await page.getByText('Send document deleted email').click();
+
+    await triggerAutosave(page);
+
+    await expect(async () => {
+      const retrievedDocumentData = await getDocumentById({
+        documentId: document.id,
+        userId: user.id,
+        teamId: team.id,
+      });
+
+      const emailSettings = retrievedDocumentData.documentMeta?.emailSettings;
+
+      await expect(page.getByText('Send recipient signed email')).toBeChecked({
+        checked: emailSettings?.recipientSigned,
+      });
+      await expect(page.getByText('Send recipient removed email')).toBeChecked({
+        checked: emailSettings?.recipientRemoved,
+      });
+      await expect(page.getByText('Send document completed email', { exact: true })).toBeChecked({
+        checked: emailSettings?.documentCompleted,
+      });
+      await expect(page.getByText('Send document deleted email')).toBeChecked({
+        checked: emailSettings?.documentDeleted,
+      });
+
+      await expect(page.getByText('Send recipient signing request email')).toBeChecked({
+        checked: emailSettings?.recipientSigningRequest,
+      });
+      await expect(page.getByText('Send document pending email')).toBeChecked({
+        checked: emailSettings?.documentPending,
+      });
+      await expect(page.getByText('Send document completed email to the owner')).toBeChecked({
+        checked: emailSettings?.ownerDocumentCompleted,
+      });
+    }).toPass();
+  });
+
+  test('should autosave all fields and settings together', async ({ page }) => {
+    const { user, document, team } = await setupDocumentAndNavigateToSubjectStep(page);
+
+    const subject = 'Combined Test Subject - Please Sign';
+    const message =
+      'This is a comprehensive test message for autosave functionality. Please review and sign at your earliest convenience.';
+
+    await page.getByRole('textbox', { name: 'Subject (Optional)' }).fill(subject);
+    await page.getByRole('textbox', { name: 'Message (Optional)' }).fill(message);
+
+    await page.getByText('Send recipient signed email').click();
+    await page.getByText('Send recipient removed email').click();
+    await page.getByText('Send document completed email', { exact: true }).click();
+    await page.getByText('Send document deleted email').click();
+
+    await triggerAutosave(page);
+
+    await expect(async () => {
+      const retrievedDocumentData = await getDocumentById({
+        documentId: document.id,
+        userId: user.id,
+        teamId: team.id,
+      });
+
+      expect(retrievedDocumentData.documentMeta?.subject).toBe(subject);
+      expect(retrievedDocumentData.documentMeta?.message).toBe(message);
+      expect(retrievedDocumentData.documentMeta?.emailSettings).toBeDefined();
+
+      await expect(page.getByRole('textbox', { name: 'Subject (Optional)' })).toHaveValue(
+        retrievedDocumentData.documentMeta?.subject ?? '',
+      );
+      await expect(page.getByRole('textbox', { name: 'Message (Optional)' })).toHaveValue(
+        retrievedDocumentData.documentMeta?.message ?? '',
+      );
+
+      await expect(page.getByText('Send recipient signed email')).toBeChecked({
+        checked: retrievedDocumentData.documentMeta?.emailSettings?.recipientSigned,
+      });
+      await expect(page.getByText('Send recipient removed email')).toBeChecked({
+        checked: retrievedDocumentData.documentMeta?.emailSettings?.recipientRemoved,
+      });
+      await expect(page.getByText('Send document completed email', { exact: true })).toBeChecked({
+        checked: retrievedDocumentData.documentMeta?.emailSettings?.documentCompleted,
+      });
+      await expect(page.getByText('Send document deleted email')).toBeChecked({
+        checked: retrievedDocumentData.documentMeta?.emailSettings?.documentDeleted,
+      });
+
+      await expect(page.getByText('Send recipient signing request email')).toBeChecked({
+        checked: retrievedDocumentData.documentMeta?.emailSettings?.recipientSigningRequest,
+      });
+      await expect(page.getByText('Send document pending email')).toBeChecked({
+        checked: retrievedDocumentData.documentMeta?.emailSettings?.documentPending,
+      });
+      await expect(page.getByText('Send document completed email to the owner')).toBeChecked({
+        checked: retrievedDocumentData.documentMeta?.emailSettings?.ownerDocumentCompleted,
+      });
+    }).toPass();
+  });
+});
diff --git a/packages/app-tests/e2e/document-flow/stepper-component.spec.ts b/packages/app-tests/e2e/document-flow/stepper-component.spec.ts
index 579e21e26..1e1a70288 100644
--- a/packages/app-tests/e2e/document-flow/stepper-component.spec.ts
+++ b/packages/app-tests/e2e/document-flow/stepper-component.spec.ts
@@ -534,9 +534,6 @@ test('[DOCUMENT_FLOW]: should be able to create and sign a document with 3 recip
   await page.getByLabel('Title').fill(documentTitle);
   await page.getByRole('button', { name: 'Continue' }).click();
 
-  await expect(page.getByRole('heading', { name: 'Add Signers' })).toBeVisible();
-  await page.getByLabel('Enable signing order').check();
-
   for (let i = 1; i <= 3; i++) {
     if (i > 1) {
       await page.getByRole('button', { name: 'Add Signer' }).click();
@@ -558,6 +555,9 @@ test('[DOCUMENT_FLOW]: should be able to create and sign a document with 3 recip
       .fill(`User ${i}`);
   }
 
+  await expect(page.getByRole('heading', { name: 'Add Signers' })).toBeVisible();
+  await page.getByLabel('Enable signing order').check();
+
   await page.getByRole('button', { name: 'Continue' }).click();
 
   await expect(page.getByRole('heading', { name: 'Add Fields' })).toBeVisible();
diff --git a/packages/app-tests/e2e/templates-flow/template-autosave-fields-step.spec.ts b/packages/app-tests/e2e/templates-flow/template-autosave-fields-step.spec.ts
new file mode 100644
index 000000000..5a167340a
--- /dev/null
+++ b/packages/app-tests/e2e/templates-flow/template-autosave-fields-step.spec.ts
@@ -0,0 +1,304 @@
+import type { Page } from '@playwright/test';
+import { expect, test } from '@playwright/test';
+
+import { getTemplateById } from '@documenso/lib/server-only/template/get-template-by-id';
+import { seedBlankTemplate } from '@documenso/prisma/seed/templates';
+import { seedUser } from '@documenso/prisma/seed/users';
+
+import { apiSignin } from '../fixtures/authentication';
+
+const setupTemplateAndNavigateToFieldsStep = async (page: Page) => {
+  const { user, team } = await seedUser();
+  const template = await seedBlankTemplate(user, team.id);
+
+  await apiSignin({
+    page,
+    email: user.email,
+    redirectPath: `/templates/${template.id}/edit`,
+  });
+
+  await page.getByRole('button', { name: 'Continue' }).click();
+
+  await page.getByPlaceholder('Email').fill('recipient1@documenso.com');
+  await page.getByPlaceholder('Name').fill('Recipient 1');
+
+  await page.getByRole('button', { name: 'Add Placeholder Recipient' }).click();
+
+  await page.getByPlaceholder('Email').nth(1).fill('recipient2@documenso.com');
+  await page.getByPlaceholder('Name').nth(1).fill('Recipient 2');
+
+  await page.getByRole('button', { name: 'Continue' }).click();
+
+  return { user, team, template };
+};
+
+const triggerAutosave = async (page: Page) => {
+  await page.locator('#document-flow-form-container').click();
+  await page.locator('#document-flow-form-container').blur();
+
+  await page.waitForTimeout(5000);
+};
+
+test.describe('AutoSave Fields Step', () => {
+  test('should autosave the fields without advanced settings', async ({ page }) => {
+    const { user, template, team } = await setupTemplateAndNavigateToFieldsStep(page);
+
+    await expect(page.getByRole('heading', { name: 'Add Fields' })).toBeVisible();
+
+    await page.getByRole('button', { name: 'Signature' }).click();
+    await page.locator('canvas').click({
+      position: {
+        x: 100,
+        y: 100,
+      },
+    });
+
+    await page.getByRole('button', { name: 'Text' }).click();
+    await page.locator('canvas').click({
+      position: {
+        x: 100,
+        y: 200,
+      },
+    });
+
+    await page.getByTestId('field-advanced-settings-footer').waitFor({ state: 'visible' });
+
+    await page
+      .getByTestId('field-advanced-settings-footer')
+      .getByRole('button', { name: 'Cancel' })
+      .click();
+
+    await triggerAutosave(page);
+
+    await page.getByRole('combobox').click();
+    await page.getByRole('option', { name: 'Recipient 2 (recipient2@documenso.com)' }).click();
+
+    await page.getByRole('button', { name: 'Signature' }).click();
+    await page.locator('canvas').click({
+      position: {
+        x: 100,
+        y: 500,
+      },
+    });
+
+    await triggerAutosave(page);
+
+    await expect(async () => {
+      const retrievedFields = await getTemplateById({
+        id: template.id,
+        userId: user.id,
+        teamId: team.id,
+      });
+
+      const fields = retrievedFields.fields;
+
+      expect(fields.length).toBe(3);
+      expect(fields[0].type).toBe('SIGNATURE');
+      expect(fields[1].type).toBe('TEXT');
+      expect(fields[2].type).toBe('SIGNATURE');
+    }).toPass();
+  });
+
+  test('should autosave the field deletion', async ({ page }) => {
+    const { user, template, team } = await setupTemplateAndNavigateToFieldsStep(page);
+
+    await expect(page.getByRole('heading', { name: 'Add Fields' })).toBeVisible();
+
+    await page.getByRole('button', { name: 'Signature' }).click();
+    await page.locator('canvas').click({
+      position: {
+        x: 100,
+        y: 100,
+      },
+    });
+
+    await page.getByRole('button', { name: 'Text' }).click();
+    await page.locator('canvas').click({
+      position: {
+        x: 100,
+        y: 200,
+      },
+    });
+
+    await page.getByTestId('field-advanced-settings-footer').waitFor({ state: 'visible' });
+
+    await page
+      .getByTestId('field-advanced-settings-footer')
+      .getByRole('button', { name: 'Cancel' })
+      .click();
+
+    await triggerAutosave(page);
+
+    await page.getByRole('combobox').click();
+    await page.getByRole('option', { name: 'Recipient 2 (recipient2@documenso.com)' }).click();
+
+    await page.getByRole('button', { name: 'Signature' }).click();
+    await page.locator('canvas').click({
+      position: {
+        x: 100,
+        y: 500,
+      },
+    });
+
+    await triggerAutosave(page);
+
+    await page.getByRole('combobox').click();
+    await page.getByRole('option', { name: 'Recipient 1 (recipient1@documenso.com)' }).click();
+
+    await page.getByText('Text').nth(1).click();
+    await page.getByRole('button', { name: 'Remove' }).click();
+
+    await triggerAutosave(page);
+
+    await expect(async () => {
+      const retrievedFields = await getTemplateById({
+        id: template.id,
+        userId: user.id,
+        teamId: team.id,
+      });
+
+      const fields = retrievedFields.fields;
+
+      expect(fields.length).toBe(2);
+      expect(fields[0].type).toBe('SIGNATURE');
+      expect(fields[1].type).toBe('SIGNATURE');
+    }).toPass();
+  });
+
+  test('should autosave the field duplication', async ({ page }) => {
+    const { user, template, team } = await setupTemplateAndNavigateToFieldsStep(page);
+
+    await expect(page.getByRole('heading', { name: 'Add Fields' })).toBeVisible();
+
+    await page.getByRole('button', { name: 'Signature' }).click();
+    await page.locator('canvas').click({
+      position: {
+        x: 100,
+        y: 100,
+      },
+    });
+
+    await page.getByRole('button', { name: 'Text' }).click();
+    await page.locator('canvas').click({
+      position: {
+        x: 100,
+        y: 200,
+      },
+    });
+
+    await page.getByTestId('field-advanced-settings-footer').waitFor({ state: 'visible' });
+
+    await page
+      .getByTestId('field-advanced-settings-footer')
+      .getByRole('button', { name: 'Cancel' })
+      .click();
+
+    await triggerAutosave(page);
+
+    await page.getByRole('combobox').click();
+    await page.getByRole('option', { name: 'Recipient 2 (recipient2@documenso.com)' }).click();
+
+    await page.getByRole('button', { name: 'Signature' }).click();
+    await page.locator('canvas').click({
+      position: {
+        x: 100,
+        y: 500,
+      },
+    });
+
+    await triggerAutosave(page);
+
+    await page.getByRole('combobox').click();
+    await page.getByRole('option', { name: 'Recipient 1 (recipient1@documenso.com)' }).click();
+
+    await page.getByText('Signature').nth(1).click();
+    await page.getByRole('button', { name: 'Duplicate', exact: true }).click();
+
+    await triggerAutosave(page);
+
+    await expect(async () => {
+      const retrievedFields = await getTemplateById({
+        id: template.id,
+        userId: user.id,
+        teamId: team.id,
+      });
+
+      const fields = retrievedFields.fields;
+
+      expect(fields.length).toBe(4);
+      expect(fields[0].type).toBe('SIGNATURE');
+      expect(fields[1].type).toBe('TEXT');
+      expect(fields[2].type).toBe('SIGNATURE');
+      expect(fields[3].type).toBe('SIGNATURE');
+    }).toPass();
+  });
+
+  test('should autosave the fields with advanced settings', async ({ page }) => {
+    const { user, template, team } = await setupTemplateAndNavigateToFieldsStep(page);
+
+    await expect(page.getByRole('heading', { name: 'Add Fields' })).toBeVisible();
+
+    await page.getByRole('button', { name: 'Signature' }).click();
+    await page.locator('canvas').click({
+      position: {
+        x: 100,
+        y: 100,
+      },
+    });
+
+    await page.getByRole('button', { name: 'Text' }).click();
+    await page.locator('canvas').click({
+      position: {
+        x: 100,
+        y: 200,
+      },
+    });
+
+    await page.getByRole('textbox', { name: 'Field label' }).fill('Test Field');
+    await page.getByRole('textbox', { name: 'Field placeholder' }).fill('Test Placeholder');
+    await page.getByRole('textbox', { name: 'Add text to the field' }).fill('Test Text');
+
+    await page.getByTestId('field-advanced-settings-footer').waitFor({ state: 'visible' });
+
+    await page
+      .getByTestId('field-advanced-settings-footer')
+      .getByRole('button', { name: 'Save' })
+      .click();
+
+    await page.waitForTimeout(2500);
+    await triggerAutosave(page);
+
+    await expect(async () => {
+      const retrievedTemplate = await getTemplateById({
+        id: template.id,
+        userId: user.id,
+        teamId: team.id,
+      });
+
+      const fields = retrievedTemplate.fields;
+
+      expect(fields.length).toBe(2);
+      expect(fields[0].type).toBe('SIGNATURE');
+      expect(fields[1].type).toBe('TEXT');
+
+      const textField = fields[1];
+      expect(textField.fieldMeta).toBeDefined();
+
+      if (
+        textField.fieldMeta &&
+        typeof textField.fieldMeta === 'object' &&
+        'type' in textField.fieldMeta
+      ) {
+        expect(textField.fieldMeta.type).toBe('text');
+        expect(textField.fieldMeta.label).toBe('Test Field');
+        expect(textField.fieldMeta.placeholder).toBe('Test Placeholder');
+
+        if (textField.fieldMeta.type === 'text') {
+          expect(textField.fieldMeta.text).toBe('Test Text');
+        }
+      } else {
+        throw new Error('fieldMeta should be defined and contain advanced settings');
+      }
+    }).toPass();
+  });
+});
diff --git a/packages/app-tests/e2e/templates-flow/template-autosave-settings-step.spec.ts b/packages/app-tests/e2e/templates-flow/template-autosave-settings-step.spec.ts
new file mode 100644
index 000000000..af12e7290
--- /dev/null
+++ b/packages/app-tests/e2e/templates-flow/template-autosave-settings-step.spec.ts
@@ -0,0 +1,244 @@
+import type { Page } from '@playwright/test';
+import { expect, test } from '@playwright/test';
+
+import { getTemplateById } from '@documenso/lib/server-only/template/get-template-by-id';
+import { seedBlankTemplate } from '@documenso/prisma/seed/templates';
+import { seedUser } from '@documenso/prisma/seed/users';
+
+import { apiSignin } from '../fixtures/authentication';
+
+test.describe.configure({ mode: 'parallel', timeout: 60000 });
+
+const setupTemplate = async (page: Page) => {
+  const { user, team } = await seedUser();
+  const template = await seedBlankTemplate(user, team.id);
+
+  await apiSignin({
+    page,
+    email: user.email,
+    redirectPath: `/templates/${template.id}/edit`,
+  });
+
+  return { user, team, template };
+};
+
+const triggerAutosave = async (page: Page) => {
+  await page.locator('#document-flow-form-container').click();
+  await page.locator('#document-flow-form-container').blur();
+
+  await page.waitForTimeout(5000);
+};
+
+test.describe('AutoSave Settings Step - Templates', () => {
+  test('should autosave the title change', async ({ page }) => {
+    const { user, template, team } = await setupTemplate(page);
+
+    const newTemplateTitle = 'New Template Title';
+
+    await page.getByRole('textbox', { name: 'Title *' }).fill(newTemplateTitle);
+
+    await triggerAutosave(page);
+
+    await expect(async () => {
+      const retrievedTemplate = await getTemplateById({
+        id: template.id,
+        userId: user.id,
+        teamId: team.id,
+      });
+
+      await expect(page.getByRole('textbox', { name: 'Title *' })).toHaveValue(
+        retrievedTemplate.title,
+      );
+    }).toPass();
+  });
+
+  test('should autosave the language change', async ({ page }) => {
+    const { user, template, team } = await setupTemplate(page);
+
+    const newTemplateLanguage = 'French';
+    const expectedLanguageCode = 'fr';
+
+    await page.getByRole('combobox').first().click();
+    await page.getByRole('option', { name: newTemplateLanguage }).click();
+
+    await triggerAutosave(page);
+
+    await expect(async () => {
+      const retrievedTemplate = await getTemplateById({
+        id: template.id,
+        userId: user.id,
+        teamId: team.id,
+      });
+
+      expect(retrievedTemplate.templateMeta?.language).toBe(expectedLanguageCode);
+    }).toPass();
+  });
+
+  test('should autosave the template access change', async ({ page }) => {
+    const { user, template, team } = await setupTemplate(page);
+
+    const access = 'Require account';
+    const accessValue = 'ACCOUNT';
+
+    await page.getByRole('combobox').nth(1).click();
+    await page.getByRole('option', { name: access }).click();
+
+    await triggerAutosave(page);
+
+    await expect(async () => {
+      const retrievedTemplate = await getTemplateById({
+        id: template.id,
+        userId: user.id,
+        teamId: team.id,
+      });
+
+      expect(retrievedTemplate.authOptions?.globalAccessAuth).toContain(accessValue);
+    }).toPass();
+  });
+
+  test('should autosave the external ID change', async ({ page }) => {
+    const { user, template, team } = await setupTemplate(page);
+
+    const newExternalId = '1234567890';
+
+    await page.getByRole('button', { name: 'Advanced Options' }).click();
+
+    await page.getByRole('textbox', { name: 'External ID' }).fill(newExternalId);
+
+    await triggerAutosave(page);
+
+    await expect(async () => {
+      const retrievedTemplate = await getTemplateById({
+        id: template.id,
+        userId: user.id,
+        teamId: team.id,
+      });
+
+      expect(retrievedTemplate.externalId).toBe(newExternalId);
+    }).toPass();
+  });
+
+  test('should autosave the allowed signature types change', async ({ page }) => {
+    const { user, template, team } = await setupTemplate(page);
+
+    await page.getByRole('button', { name: 'Advanced Options' }).click();
+
+    await page.getByRole('combobox').nth(4).click();
+    await page.getByRole('option', { name: 'Draw' }).click();
+    await page.getByRole('option', { name: 'Type' }).click();
+
+    await triggerAutosave(page);
+
+    await expect(async () => {
+      const retrievedTemplate = await getTemplateById({
+        id: template.id,
+        userId: user.id,
+        teamId: team.id,
+      });
+
+      expect(retrievedTemplate.templateMeta?.drawSignatureEnabled).toBe(false);
+      expect(retrievedTemplate.templateMeta?.typedSignatureEnabled).toBe(false);
+      expect(retrievedTemplate.templateMeta?.uploadSignatureEnabled).toBe(true);
+    }).toPass();
+  });
+
+  test('should autosave the date format change', async ({ page }) => {
+    const { user, template, team } = await setupTemplate(page);
+
+    await page.getByRole('button', { name: 'Advanced Options' }).click();
+
+    await page.getByRole('combobox').nth(5).click();
+    await page.getByRole('option', { name: 'ISO 8601', exact: true }).click();
+
+    await triggerAutosave(page);
+
+    await expect(async () => {
+      const retrievedTemplate = await getTemplateById({
+        id: template.id,
+        userId: user.id,
+        teamId: team.id,
+      });
+
+      expect(retrievedTemplate.templateMeta?.dateFormat).toBe("yyyy-MM-dd'T'HH:mm:ss.SSSXXX");
+    }).toPass();
+  });
+
+  test('should autosave the timezone change', async ({ page }) => {
+    const { user, template, team } = await setupTemplate(page);
+
+    await page.getByRole('button', { name: 'Advanced Options' }).click();
+
+    await page.getByRole('combobox').nth(6).click();
+    await page.getByRole('option', { name: 'Europe/London' }).click();
+
+    await triggerAutosave(page);
+
+    await expect(async () => {
+      const retrievedTemplate = await getTemplateById({
+        id: template.id,
+        userId: user.id,
+        teamId: team.id,
+      });
+
+      expect(retrievedTemplate.templateMeta?.timezone).toBe('Europe/London');
+    }).toPass();
+  });
+
+  test('should autosave the redirect URL change', async ({ page }) => {
+    const { user, template, team } = await setupTemplate(page);
+
+    const newRedirectUrl = 'https://documenso.com/test/';
+
+    await page.getByRole('button', { name: 'Advanced Options' }).click();
+
+    await page.getByRole('textbox', { name: 'Redirect URL' }).fill(newRedirectUrl);
+
+    await triggerAutosave(page);
+
+    await expect(async () => {
+      const retrievedTemplate = await getTemplateById({
+        id: template.id,
+        userId: user.id,
+        teamId: team.id,
+      });
+
+      expect(retrievedTemplate.templateMeta?.redirectUrl).toBe(newRedirectUrl);
+    }).toPass();
+  });
+
+  test('should autosave multiple field changes together', async ({ page }) => {
+    const { user, template, team } = await setupTemplate(page);
+
+    const newTitle = 'Updated Template Title';
+    await page.getByRole('textbox', { name: 'Title *' }).fill(newTitle);
+
+    await page.getByRole('combobox').first().click();
+    await page.getByRole('option', { name: 'German' }).click();
+
+    await page.getByRole('combobox').nth(1).click();
+    await page.getByRole('option', { name: 'Require account' }).click();
+
+    await page.getByRole('button', { name: 'Advanced Options' }).click();
+    const newExternalId = 'MULTI-TEST-123';
+    await page.getByRole('textbox', { name: 'External ID' }).fill(newExternalId);
+
+    await page.getByRole('combobox').nth(6).click();
+    await page.getByRole('option', { name: 'Europe/Berlin' }).click();
+
+    await triggerAutosave(page);
+
+    await expect(async () => {
+      const retrievedTemplate = await getTemplateById({
+        id: template.id,
+        userId: user.id,
+        teamId: team.id,
+      });
+
+      expect(retrievedTemplate.title).toBe(newTitle);
+      expect(retrievedTemplate.templateMeta?.language).toBe('de');
+      expect(retrievedTemplate.authOptions?.globalAccessAuth).toContain('ACCOUNT');
+      expect(retrievedTemplate.externalId).toBe(newExternalId);
+      expect(retrievedTemplate.templateMeta?.timezone).toBe('Europe/Berlin');
+    }).toPass();
+  });
+});
diff --git a/packages/app-tests/e2e/templates-flow/template-autosave-signers-step.spec.ts b/packages/app-tests/e2e/templates-flow/template-autosave-signers-step.spec.ts
new file mode 100644
index 000000000..f5bd07e94
--- /dev/null
+++ b/packages/app-tests/e2e/templates-flow/template-autosave-signers-step.spec.ts
@@ -0,0 +1,174 @@
+import type { Page } from '@playwright/test';
+import { expect, test } from '@playwright/test';
+
+import { getRecipientsForTemplate } from '@documenso/lib/server-only/recipient/get-recipients-for-template';
+import { getTemplateById } from '@documenso/lib/server-only/template/get-template-by-id';
+import { seedBlankTemplate } from '@documenso/prisma/seed/templates';
+import { seedUser } from '@documenso/prisma/seed/users';
+
+import { apiSignin } from '../fixtures/authentication';
+
+test.describe.configure({ mode: 'parallel', timeout: 60000 });
+
+const setupTemplateAndNavigateToSignersStep = async (page: Page) => {
+  const { user, team } = await seedUser();
+  const template = await seedBlankTemplate(user, team.id);
+
+  await apiSignin({
+    page,
+    email: user.email,
+    redirectPath: `/templates/${template.id}/edit`,
+  });
+
+  await page.getByRole('button', { name: 'Continue' }).click();
+
+  return { user, team, template };
+};
+
+const triggerAutosave = async (page: Page) => {
+  await page.locator('#document-flow-form-container').click();
+  await page.locator('#document-flow-form-container').blur();
+
+  await page.waitForTimeout(5000);
+};
+
+const addSignerAndSave = async (page: Page) => {
+  await page.getByPlaceholder('Email').fill('recipient1@documenso.com');
+  await page.getByPlaceholder('Name').fill('Recipient 1');
+
+  await triggerAutosave(page);
+};
+
+test.describe('AutoSave Signers Step - Templates', () => {
+  test('should autosave the signers addition', async ({ page }) => {
+    const { user, template, team } = await setupTemplateAndNavigateToSignersStep(page);
+
+    await addSignerAndSave(page);
+
+    await expect(async () => {
+      const retrievedRecipients = await getRecipientsForTemplate({
+        templateId: template.id,
+        userId: user.id,
+        teamId: team.id,
+      });
+
+      expect(retrievedRecipients.length).toBe(1);
+      expect(retrievedRecipients[0].email).toBe('recipient1@documenso.com');
+      expect(retrievedRecipients[0].name).toBe('Recipient 1');
+    }).toPass();
+  });
+
+  test('should autosave the signer deletion', async ({ page }) => {
+    const { user, template, team } = await setupTemplateAndNavigateToSignersStep(page);
+
+    await addSignerAndSave(page);
+
+    await page.getByRole('button', { name: 'Add myself' }).click();
+    await triggerAutosave(page);
+
+    await page.getByTestId('remove-placeholder-recipient-button').first().click();
+    await triggerAutosave(page);
+
+    await expect(async () => {
+      const retrievedRecipients = await getRecipientsForTemplate({
+        templateId: template.id,
+        userId: user.id,
+        teamId: team.id,
+      });
+
+      expect(retrievedRecipients.length).toBe(1);
+      expect(retrievedRecipients[0].email).toBe(user.email);
+      expect(retrievedRecipients[0].name).toBe(user.name);
+    }).toPass();
+  });
+
+  test('should autosave the signer update', async ({ page }) => {
+    const { user, template, team } = await setupTemplateAndNavigateToSignersStep(page);
+
+    await addSignerAndSave(page);
+
+    await page.getByPlaceholder('Name').fill('Documenso Manager');
+    await page.getByPlaceholder('Email').fill('manager@documenso.com');
+
+    await triggerAutosave(page);
+
+    await page.getByRole('combobox').click();
+    await page.getByRole('option', { name: 'Receives copy' }).click();
+
+    await triggerAutosave(page);
+
+    await expect(async () => {
+      const retrievedRecipients = await getRecipientsForTemplate({
+        templateId: template.id,
+        userId: user.id,
+        teamId: team.id,
+      });
+
+      expect(retrievedRecipients.length).toBe(1);
+      expect(retrievedRecipients[0].email).toBe('manager@documenso.com');
+      expect(retrievedRecipients[0].name).toBe('Documenso Manager');
+      expect(retrievedRecipients[0].role).toBe('CC');
+    }).toPass();
+  });
+
+  test('should autosave the signing order change', async ({ page }) => {
+    const { user, template, team } = await setupTemplateAndNavigateToSignersStep(page);
+
+    await addSignerAndSave(page);
+
+    await page.getByRole('button', { name: 'Add placeholder recipient' }).click();
+
+    await page
+      .getByTestId('placeholder-recipient-email-input')
+      .nth(1)
+      .fill('recipient2@documenso.com');
+    await page.getByTestId('placeholder-recipient-name-input').nth(1).fill('Recipient 2');
+
+    await page.getByRole('button', { name: 'Add placeholder recipient' }).click();
+
+    await page
+      .getByTestId('placeholder-recipient-email-input')
+      .nth(2)
+      .fill('recipient3@documenso.com');
+    await page.getByTestId('placeholder-recipient-name-input').nth(2).fill('Recipient 3');
+
+    await triggerAutosave(page);
+
+    await page.getByLabel('Enable signing order').check();
+    await page.getByLabel('Allow signers to dictate next signer').check();
+    await triggerAutosave(page);
+
+    await page.getByTestId('placeholder-recipient-signing-order-input').nth(0).fill('3');
+    await page.getByTestId('placeholder-recipient-signing-order-input').nth(0).blur();
+    await triggerAutosave(page);
+
+    await page.getByTestId('placeholder-recipient-signing-order-input').nth(1).fill('1');
+    await page.getByTestId('placeholder-recipient-signing-order-input').nth(1).blur();
+    await triggerAutosave(page);
+
+    await page.getByTestId('placeholder-recipient-signing-order-input').nth(2).fill('2');
+    await page.getByTestId('placeholder-recipient-signing-order-input').nth(2).blur();
+    await triggerAutosave(page);
+
+    await expect(async () => {
+      const retrievedTemplate = await getTemplateById({
+        id: template.id,
+        userId: user.id,
+        teamId: team.id,
+      });
+
+      const retrievedRecipients = await getRecipientsForTemplate({
+        templateId: template.id,
+        userId: user.id,
+        teamId: team.id,
+      });
+
+      expect(retrievedTemplate.templateMeta?.signingOrder).toBe('SEQUENTIAL');
+      expect(retrievedTemplate.templateMeta?.allowDictateNextSigner).toBe(true);
+      expect(retrievedRecipients.length).toBe(3);
+      expect(retrievedRecipients[0].signingOrder).toBe(2);
+      expect(retrievedRecipients[1].signingOrder).toBe(3);
+      expect(retrievedRecipients[2].signingOrder).toBe(1);
+    }).toPass();
+  });
+});
diff --git a/packages/app-tests/playwright.config.ts b/packages/app-tests/playwright.config.ts
index 5fb03ada5..3536e340d 100644
--- a/packages/app-tests/playwright.config.ts
+++ b/packages/app-tests/playwright.config.ts
@@ -17,7 +17,7 @@ export default defineConfig({
   testDir: './e2e',
   /* Run tests in files in parallel */
   fullyParallel: false,
-  workers: 1,
+  workers: 4,
   maxFailures: process.env.CI ? 1 : undefined,
   /* Fail the build on CI if you accidentally left test.only in the source code. */
   forbidOnly: !!process.env.CI,
diff --git a/packages/lib/client-only/hooks/use-autosave.ts b/packages/lib/client-only/hooks/use-autosave.ts
new file mode 100644
index 000000000..5c9b3db62
--- /dev/null
+++ b/packages/lib/client-only/hooks/use-autosave.ts
@@ -0,0 +1,31 @@
+import { useCallback, useEffect, useRef } from 'react';
+
+export const useAutoSave = <T>(onSave: (data: T) => Promise<void>) => {
+  const saveTimeoutRef = useRef<NodeJS.Timeout>();
+
+  const saveFormData = async (data: T) => {
+    try {
+      await onSave(data);
+    } catch (error) {
+      console.error('Auto-save failed:', error);
+    }
+  };
+
+  const scheduleSave = useCallback((data: T) => {
+    if (saveTimeoutRef.current) {
+      clearTimeout(saveTimeoutRef.current);
+    }
+
+    saveTimeoutRef.current = setTimeout(() => void saveFormData(data), 2000);
+  }, []);
+
+  useEffect(() => {
+    return () => {
+      if (saveTimeoutRef.current) {
+        clearTimeout(saveTimeoutRef.current);
+      }
+    };
+  }, []);
+
+  return { scheduleSave };
+};
diff --git a/packages/lib/server-only/recipient/get-recipients-for-template.ts b/packages/lib/server-only/recipient/get-recipients-for-template.ts
index 14cafebfb..6d5c4c88f 100644
--- a/packages/lib/server-only/recipient/get-recipients-for-template.ts
+++ b/packages/lib/server-only/recipient/get-recipients-for-template.ts
@@ -1,5 +1,7 @@
 import { prisma } from '@documenso/prisma';
 
+import { buildTeamWhereQuery } from '../../utils/teams';
+
 export interface GetRecipientsForTemplateOptions {
   templateId: number;
   userId: number;
@@ -14,21 +16,12 @@ export const getRecipientsForTemplate = async ({
   const recipients = await prisma.recipient.findMany({
     where: {
       templateId,
-      template: teamId
-        ? {
-            team: {
-              id: teamId,
-              members: {
-                some: {
-                  userId,
-                },
-              },
-            },
-          }
-        : {
-            userId,
-            teamId: null,
-          },
+      template: {
+        team: buildTeamWhereQuery({
+          teamId,
+          userId,
+        }),
+      },
     },
     orderBy: {
       id: 'asc',
diff --git a/packages/ui/primitives/document-flow/add-fields.tsx b/packages/ui/primitives/document-flow/add-fields.tsx
index 137516804..820696e0e 100644
--- a/packages/ui/primitives/document-flow/add-fields.tsx
+++ b/packages/ui/primitives/document-flow/add-fields.tsx
@@ -21,6 +21,7 @@ import { useHotkeys } from 'react-hotkeys-hook';
 import { prop, sortBy } from 'remeda';
 
 import { getBoundingClientRect } from '@documenso/lib/client-only/get-bounding-client-rect';
+import { useAutoSave } from '@documenso/lib/client-only/hooks/use-autosave';
 import { useDocumentElement } from '@documenso/lib/client-only/hooks/use-document-element';
 import { PDF_VIEWER_PAGE_SELECTOR } from '@documenso/lib/constants/pdf-viewer';
 import {
@@ -83,6 +84,7 @@ export type AddFieldsFormProps = {
   recipients: Recipient[];
   fields: Field[];
   onSubmit: (_data: TAddFieldsFormSchema) => void;
+  onAutoSave: (_data: TAddFieldsFormSchema) => Promise<void>;
   canGoBack?: boolean;
   isDocumentPdfLoaded: boolean;
   teamId: number;
@@ -94,6 +96,7 @@ export const AddFieldsFormPartial = ({
   recipients,
   fields,
   onSubmit,
+  onAutoSave,
   canGoBack = false,
   isDocumentPdfLoaded,
   teamId,
@@ -590,6 +593,20 @@ export const AddFieldsFormPartial = ({
     }
   };
 
+  const { scheduleSave } = useAutoSave(onAutoSave);
+
+  const handleAutoSave = async () => {
+    const isFormValid = await form.trigger();
+
+    if (!isFormValid) {
+      return;
+    }
+
+    const formData = form.getValues();
+
+    scheduleSave(formData);
+  };
+
   return (
     <>
       {showAdvancedSettings && currentField ? (
@@ -603,7 +620,14 @@ export const AddFieldsFormPartial = ({
           fields={localFields}
           onAdvancedSettings={handleAdvancedSettings}
           isDocumentPdfLoaded={isDocumentPdfLoaded}
-          onSave={handleSavedFieldSettings}
+          onSave={(fieldState) => {
+            handleSavedFieldSettings(fieldState);
+            void handleAutoSave();
+          }}
+          onAutoSave={async (fieldState) => {
+            handleSavedFieldSettings(fieldState);
+            await handleAutoSave();
+          }}
         />
       ) : (
         <>
@@ -660,14 +684,26 @@ export const AddFieldsFormPartial = ({
                       defaultWidth={DEFAULT_WIDTH_PX}
                       passive={isFieldWithinBounds && !!selectedField}
                       onFocus={() => setLastActiveField(field)}
-                      onBlur={() => setLastActiveField(null)}
+                      onBlur={() => {
+                        setLastActiveField(null);
+                        void handleAutoSave();
+                      }}
                       onMouseEnter={() => setLastActiveField(field)}
                       onMouseLeave={() => setLastActiveField(null)}
                       onResize={(options) => onFieldResize(options, index)}
                       onMove={(options) => onFieldMove(options, index)}
-                      onRemove={() => remove(index)}
-                      onDuplicate={() => onFieldCopy(null, { duplicate: true })}
-                      onDuplicateAllPages={() => onFieldCopy(null, { duplicateAll: true })}
+                      onRemove={() => {
+                        remove(index);
+                        void handleAutoSave();
+                      }}
+                      onDuplicate={() => {
+                        onFieldCopy(null, { duplicate: true });
+                        void handleAutoSave();
+                      }}
+                      onDuplicateAllPages={() => {
+                        onFieldCopy(null, { duplicateAll: true });
+                        void handleAutoSave();
+                      }}
                       onAdvancedSettings={() => {
                         setCurrentField(field);
                         handleAdvancedSettings();
diff --git a/packages/ui/primitives/document-flow/add-settings.tsx b/packages/ui/primitives/document-flow/add-settings.tsx
index 3c06f9d1c..3d1789e31 100644
--- a/packages/ui/primitives/document-flow/add-settings.tsx
+++ b/packages/ui/primitives/document-flow/add-settings.tsx
@@ -14,6 +14,7 @@ import { InfoIcon } from 'lucide-react';
 import { useForm } from 'react-hook-form';
 import { match } from 'ts-pattern';
 
+import { useAutoSave } from '@documenso/lib/client-only/hooks/use-autosave';
 import { useCurrentOrganisation } from '@documenso/lib/client-only/providers/organisation';
 import { DATE_FORMATS, DEFAULT_DOCUMENT_DATE_FORMAT } from '@documenso/lib/constants/date-formats';
 import { DOCUMENT_SIGNATURE_TYPES } from '@documenso/lib/constants/document';
@@ -79,6 +80,7 @@ export type AddSettingsFormProps = {
   document: TDocument;
   currentTeamMemberRole?: TeamMemberRole;
   onSubmit: (_data: TAddSettingsFormSchema) => void;
+  onAutoSave: (_data: TAddSettingsFormSchema) => Promise<void>;
 };
 
 export const AddSettingsFormPartial = ({
@@ -89,6 +91,7 @@ export const AddSettingsFormPartial = ({
   document,
   currentTeamMemberRole,
   onSubmit,
+  onAutoSave,
 }: AddSettingsFormProps) => {
   const { t } = useLingui();
 
@@ -161,6 +164,28 @@ export const AddSettingsFormPartial = ({
     document.documentMeta?.timezone,
   ]);
 
+  const { scheduleSave } = useAutoSave(onAutoSave);
+
+  const handleAutoSave = async () => {
+    const isFormValid = await form.trigger();
+
+    if (!isFormValid) {
+      return;
+    }
+
+    const formData = form.getValues();
+
+    /*
+     * Parse the form data through the Zod schema to handle transformations
+     * (like -1 -> undefined for the Document Global Auth Access)
+     */
+    const parseResult = ZAddSettingsFormSchema.safeParse(formData);
+
+    if (parseResult.success) {
+      scheduleSave(parseResult.data);
+    }
+  };
+
   return (
     <>
       <DocumentFlowFormContainerHeader
@@ -196,6 +221,7 @@ export const AddSettingsFormPartial = ({
                       className="bg-background"
                       {...field}
                       disabled={document.status !== DocumentStatus.DRAFT || field.disabled}
+                      onBlur={handleAutoSave}
                     />
                   </FormControl>
                   <FormMessage />
@@ -227,9 +253,13 @@ export const AddSettingsFormPartial = ({
 
                   <FormControl>
                     <Select
+                      {...field}
+                      onValueChange={(value) => {
+                        field.onChange(value);
+                        void handleAutoSave();
+                      }}
                       value={field.value}
                       disabled={field.disabled}
-                      onValueChange={field.onChange}
                     >
                       <SelectTrigger className="bg-background">
                         <SelectValue />
@@ -261,9 +291,13 @@ export const AddSettingsFormPartial = ({
 
                   <FormControl>
                     <DocumentGlobalAuthAccessSelect
+                      {...field}
+                      onValueChange={(value) => {
+                        field.onChange(value);
+                        void handleAutoSave();
+                      }}
                       value={field.value}
                       disabled={field.disabled}
-                      onValueChange={field.onChange}
                     />
                   </FormControl>
                 </FormItem>
@@ -286,7 +320,10 @@ export const AddSettingsFormPartial = ({
                         canUpdateVisibility={canUpdateVisibility}
                         currentTeamMemberRole={currentTeamMemberRole}
                         {...field}
-                        onValueChange={field.onChange}
+                        onValueChange={(value) => {
+                          field.onChange(value);
+                          void handleAutoSave();
+                        }}
                       />
                     </FormControl>
                   </FormItem>
@@ -307,9 +344,13 @@ export const AddSettingsFormPartial = ({
 
                     <FormControl>
                       <DocumentGlobalAuthActionSelect
+                        {...field}
+                        onValueChange={(value) => {
+                          field.onChange(value);
+                          void handleAutoSave();
+                        }}
                         value={field.value}
                         disabled={field.disabled}
-                        onValueChange={field.onChange}
                       />
                     </FormControl>
                   </FormItem>
@@ -347,7 +388,7 @@ export const AddSettingsFormPartial = ({
                           </FormLabel>
 
                           <FormControl>
-                            <Input className="bg-background" {...field} />
+                            <Input className="bg-background" {...field} onBlur={handleAutoSave} />
                           </FormControl>
 
                           <FormMessage />
@@ -372,7 +413,10 @@ export const AddSettingsFormPartial = ({
                                 value: option.value,
                               }))}
                               selectedValues={field.value}
-                              onChange={field.onChange}
+                              onChange={(value) => {
+                                field.onChange(value);
+                                void handleAutoSave();
+                              }}
                               className="bg-background w-full"
                               emptySelectionPlaceholder="Select signature types"
                             />
@@ -394,8 +438,12 @@ export const AddSettingsFormPartial = ({
 
                           <FormControl>
                             <Select
+                              {...field}
+                              onValueChange={(value) => {
+                                field.onChange(value);
+                                void handleAutoSave();
+                              }}
                               value={field.value}
-                              onValueChange={field.onChange}
                               disabled={documentHasBeenSent}
                             >
                               <SelectTrigger className="bg-background">
@@ -430,8 +478,12 @@ export const AddSettingsFormPartial = ({
                             <Combobox
                               className="bg-background"
                               options={TIME_ZONES}
+                              {...field}
+                              onChange={(value) => {
+                                value && field.onChange(value);
+                                void handleAutoSave();
+                              }}
                               value={field.value}
-                              onChange={(value) => value && field.onChange(value)}
                               disabled={documentHasBeenSent}
                             />
                           </FormControl>
@@ -462,7 +514,7 @@ export const AddSettingsFormPartial = ({
                           </FormLabel>
 
                           <FormControl>
-                            <Input className="bg-background" {...field} />
+                            <Input className="bg-background" {...field} onBlur={handleAutoSave} />
                           </FormControl>
 
                           <FormMessage />
diff --git a/packages/ui/primitives/document-flow/add-signers.tsx b/packages/ui/primitives/document-flow/add-signers.tsx
index 6b280f90f..a57c87167 100644
--- a/packages/ui/primitives/document-flow/add-signers.tsx
+++ b/packages/ui/primitives/document-flow/add-signers.tsx
@@ -14,6 +14,7 @@ import { useFieldArray, useForm } from 'react-hook-form';
 import { prop, sortBy } from 'remeda';
 
 import { useLimits } from '@documenso/ee/server-only/limits/provider/client';
+import { useAutoSave } from '@documenso/lib/client-only/hooks/use-autosave';
 import { useCurrentOrganisation } from '@documenso/lib/client-only/providers/organisation';
 import { useSession } from '@documenso/lib/client-only/providers/session';
 import { ZRecipientAuthOptionsSchema } from '@documenso/lib/types/document-auth';
@@ -55,6 +56,7 @@ export type AddSignersFormProps = {
   signingOrder?: DocumentSigningOrder | null;
   allowDictateNextSigner?: boolean;
   onSubmit: (_data: TAddSignersFormSchema) => void;
+  onAutoSave: (_data: TAddSignersFormSchema) => Promise<void>;
   isDocumentPdfLoaded: boolean;
 };
 
@@ -65,6 +67,7 @@ export const AddSignersFormPartial = ({
   signingOrder,
   allowDictateNextSigner,
   onSubmit,
+  onAutoSave,
   isDocumentPdfLoaded,
 }: AddSignersFormProps) => {
   const { _ } = useLingui();
@@ -166,6 +169,29 @@ export const AddSignersFormPartial = ({
     name: 'signers',
   });
 
+  const emptySigners = useCallback(
+    () => form.getValues('signers').filter((signer) => signer.email === ''),
+    [form],
+  );
+
+  const { scheduleSave } = useAutoSave(onAutoSave);
+
+  const handleAutoSave = async () => {
+    if (emptySigners().length > 0) {
+      return;
+    }
+
+    const isFormValid = await form.trigger();
+
+    if (!isFormValid) {
+      return;
+    }
+
+    const formData = form.getValues();
+
+    scheduleSave(formData);
+  };
+
   const emptySignerIndex = watchedSigners.findIndex((signer) => !signer.name && !signer.email);
   const isUserAlreadyARecipient = watchedSigners.some(
     (signer) => signer.email.toLowerCase() === user?.email?.toLowerCase(),
@@ -216,24 +242,47 @@ export const AddSignersFormPartial = ({
     const formStateIndex = form.getValues('signers').findIndex((s) => s.formId === signer.formId);
     if (formStateIndex !== -1) {
       removeSigner(formStateIndex);
+
       const updatedSigners = form.getValues('signers').filter((s) => s.formId !== signer.formId);
-      form.setValue('signers', normalizeSigningOrders(updatedSigners));
+
+      form.setValue('signers', normalizeSigningOrders(updatedSigners), {
+        shouldValidate: true,
+        shouldDirty: true,
+      });
+
+      void handleAutoSave();
     }
   };
 
   const onAddSelfSigner = () => {
     if (emptySignerIndex !== -1) {
-      setValue(`signers.${emptySignerIndex}.name`, user?.name ?? '');
-      setValue(`signers.${emptySignerIndex}.email`, user?.email ?? '');
-    } else {
-      appendSigner({
-        formId: nanoid(12),
-        name: user?.name ?? '',
-        email: user?.email ?? '',
-        role: RecipientRole.SIGNER,
-        actionAuth: [],
-        signingOrder: signers.length > 0 ? (signers[signers.length - 1]?.signingOrder ?? 0) + 1 : 1,
+      setValue(`signers.${emptySignerIndex}.name`, user?.name ?? '', {
+        shouldValidate: true,
+        shouldDirty: true,
       });
+      setValue(`signers.${emptySignerIndex}.email`, user?.email ?? '', {
+        shouldValidate: true,
+        shouldDirty: true,
+      });
+
+      form.setFocus(`signers.${emptySignerIndex}.email`);
+    } else {
+      appendSigner(
+        {
+          formId: nanoid(12),
+          name: user?.name ?? '',
+          email: user?.email ?? '',
+          role: RecipientRole.SIGNER,
+          actionAuth: [],
+          signingOrder:
+            signers.length > 0 ? (signers[signers.length - 1]?.signingOrder ?? 0) + 1 : 1,
+        },
+        {
+          shouldFocus: true,
+        },
+      );
+
+      void form.trigger('signers');
     }
   };
 
@@ -263,7 +312,10 @@ export const AddSignersFormPartial = ({
         signingOrder: !canRecipientBeModified(signer.nativeId) ? signer.signingOrder : index + 1,
       }));
 
-      form.setValue('signers', updatedSigners);
+      form.setValue('signers', updatedSigners, {
+        shouldValidate: true,
+        shouldDirty: true,
+      });
 
       const lastSigner = updatedSigners[updatedSigners.length - 1];
       if (lastSigner.role === RecipientRole.ASSISTANT) {
@@ -276,8 +328,10 @@ export const AddSignersFormPartial = ({
       }
 
       await form.trigger('signers');
+
+      void handleAutoSave();
     },
-    [form, canRecipientBeModified, watchedSigners, toast],
+    [form, canRecipientBeModified, watchedSigners, handleAutoSave, toast],
   );
 
   const handleRoleChange = useCallback(
@@ -287,7 +341,10 @@ export const AddSignersFormPartial = ({
 
       // Handle parallel to sequential conversion for assistants
       if (role === RecipientRole.ASSISTANT && signingOrder === DocumentSigningOrder.PARALLEL) {
-        form.setValue('signingOrder', DocumentSigningOrder.SEQUENTIAL);
+        form.setValue('signingOrder', DocumentSigningOrder.SEQUENTIAL, {
+          shouldValidate: true,
+          shouldDirty: true,
+        });
         toast({
           title: _(msg`Signing order is enabled.`),
           description: _(msg`You cannot add assistants when signing order is disabled.`),
@@ -302,7 +359,10 @@ export const AddSignersFormPartial = ({
         signingOrder: !canRecipientBeModified(signer.nativeId) ? signer.signingOrder : idx + 1,
       }));
 
-      form.setValue('signers', updatedSigners);
+      form.setValue('signers', updatedSigners, {
+        shouldValidate: true,
+        shouldDirty: true,
+      });
 
       if (role === RecipientRole.ASSISTANT && index === updatedSigners.length - 1) {
         toast({
@@ -341,7 +401,10 @@ export const AddSignersFormPartial = ({
         signingOrder: !canRecipientBeModified(s.nativeId) ? s.signingOrder : idx + 1,
       }));
 
-      form.setValue('signers', updatedSigners);
+      form.setValue('signers', updatedSigners, {
+        shouldValidate: true,
+        shouldDirty: true,
+      });
 
       if (signer.role === RecipientRole.ASSISTANT && newPosition === remainingSigners.length - 1) {
         toast({
@@ -364,9 +427,20 @@ export const AddSignersFormPartial = ({
       role: signer.role === RecipientRole.ASSISTANT ? RecipientRole.SIGNER : signer.role,
     }));
 
-    form.setValue('signers', updatedSigners);
-    form.setValue('signingOrder', DocumentSigningOrder.PARALLEL);
-    form.setValue('allowDictateNextSigner', false);
+    form.setValue('signers', updatedSigners, {
+      shouldValidate: true,
+      shouldDirty: true,
+    });
+    form.setValue('signingOrder', DocumentSigningOrder.PARALLEL, {
+      shouldValidate: true,
+      shouldDirty: true,
+    });
+    form.setValue('allowDictateNextSigner', false, {
+      shouldValidate: true,
+      shouldDirty: true,
+    });
+
+    void handleAutoSave();
   }, [form]);
 
   return (
@@ -408,19 +482,39 @@ export const AddSignersFormPartial = ({
 
                         // If sequential signing is turned off, disable dictate next signer
                         if (!checked) {
-                          form.setValue('allowDictateNextSigner', false);
+                          form.setValue('allowDictateNextSigner', false, {
+                            shouldValidate: true,
+                            shouldDirty: true,
+                          });
                         }
+
+                        void handleAutoSave();
                       }}
-                      disabled={isSubmitting || hasDocumentBeenSent}
+                      disabled={isSubmitting || hasDocumentBeenSent || emptySigners().length !== 0}
                     />
                   </FormControl>
 
-                  <FormLabel
-                    htmlFor="signingOrder"
-                    className="text-sm leading-none peer-disabled:cursor-not-allowed peer-disabled:opacity-70"
-                  >
-                    <Trans>Enable signing order</Trans>
-                  </FormLabel>
+                  <div className="flex items-center text-sm leading-none peer-disabled:cursor-not-allowed peer-disabled:opacity-70">
+                    <FormLabel
+                      htmlFor="signingOrder"
+                      className="text-sm leading-none peer-disabled:cursor-not-allowed peer-disabled:opacity-70"
+                    >
+                      <Trans>Enable signing order</Trans>
+                    </FormLabel>
+
+                    <Tooltip>
+                      <TooltipTrigger asChild>
+                        <span className="text-muted-foreground ml-1 cursor-help">
+                          <HelpCircle className="h-3.5 w-3.5" />
+                        </span>
+                      </TooltipTrigger>
+                      <TooltipContent className="max-w-80 p-4">
+                        <p>
+                          <Trans>Add 2 or more signers to enable signing order.</Trans>
+                        </p>
+                      </TooltipContent>
+                    </Tooltip>
+                  </div>
                 </FormItem>
               )}
             />
@@ -435,12 +529,15 @@ export const AddSignersFormPartial = ({
                       {...field}
                       id="allowDictateNextSigner"
                       checked={value}
-                      onCheckedChange={field.onChange}
+                      onCheckedChange={(checked) => {
+                        field.onChange(checked);
+                        void handleAutoSave();
+                      }}
                       disabled={isSubmitting || hasDocumentBeenSent || !isSigningOrderSequential}
                     />
                   </FormControl>
 
-                  <div className="flex items-center">
+                  <div className="flex items-center text-sm leading-none peer-disabled:cursor-not-allowed peer-disabled:opacity-70">
                     <FormLabel
                       htmlFor="allowDictateNextSigner"
                       className="text-sm leading-none peer-disabled:cursor-not-allowed peer-disabled:opacity-70"
@@ -533,6 +630,7 @@ export const AddSignersFormPartial = ({
                                         <Input
                                           type="number"
                                           max={signers.length}
+                                          data-testid="signing-order-input"
                                           className={cn(
                                             'w-full text-center',
                                             '[appearance:textfield] [&::-webkit-inner-spin-button]:appearance-none [&::-webkit-outer-spin-button]:appearance-none',
@@ -541,10 +639,12 @@ export const AddSignersFormPartial = ({
                                           onChange={(e) => {
                                             field.onChange(e);
                                             handleSigningOrderChange(index, e.target.value);
+                                            void handleAutoSave();
                                           }}
                                           onBlur={(e) => {
                                             field.onBlur();
                                             handleSigningOrderChange(index, e.target.value);
+                                            void handleAutoSave();
                                           }}
                                           disabled={
                                             snapshot.isDragging ||
@@ -588,7 +688,9 @@ export const AddSignersFormPartial = ({
                                           isSubmitting ||
                                           !canRecipientBeModified(signer.nativeId)
                                         }
+                                        data-testid="signer-email-input"
                                         onKeyDown={onKeyDown}
+                                        onBlur={handleAutoSave}
                                       />
                                     </FormControl>
 
@@ -626,6 +728,7 @@ export const AddSignersFormPartial = ({
                                           !canRecipientBeModified(signer.nativeId)
                                         }
                                         onKeyDown={onKeyDown}
+                                        onBlur={handleAutoSave}
                                       />
                                     </FormControl>
 
@@ -668,6 +771,7 @@ export const AddSignersFormPartial = ({
 
                               <div className="col-span-2 flex gap-x-2">
                                 <FormField
+                                  control={form.control}
                                   name={`signers.${index}.role`}
                                   render={({ field }) => (
                                     <FormItem
@@ -681,10 +785,11 @@ export const AddSignersFormPartial = ({
                                         <RecipientRoleSelect
                                           {...field}
                                           isAssistantEnabled={isSigningOrderSequential}
-                                          onValueChange={(value) =>
+                                          onValueChange={(value) => {
                                             // eslint-disable-next-line @typescript-eslint/consistent-type-assertions
-                                            handleRoleChange(index, value as RecipientRole)
-                                          }
+                                            handleRoleChange(index, value as RecipientRole);
+                                            void handleAutoSave();
+                                          }}
                                           disabled={
                                             snapshot.isDragging ||
                                             isSubmitting ||
@@ -706,6 +811,7 @@ export const AddSignersFormPartial = ({
                                       'mb-6': form.formState.errors.signers?.[index],
                                     },
                                   )}
+                                  data-testid="remove-signer-button"
                                   disabled={
                                     snapshot.isDragging ||
                                     isSubmitting ||
diff --git a/packages/ui/primitives/document-flow/add-subject.tsx b/packages/ui/primitives/document-flow/add-subject.tsx
index 6553597f2..82f6f11d5 100644
--- a/packages/ui/primitives/document-flow/add-subject.tsx
+++ b/packages/ui/primitives/document-flow/add-subject.tsx
@@ -1,3 +1,5 @@
+import { useEffect } from 'react';
+
 import { zodResolver } from '@hookform/resolvers/zod';
 import { msg } from '@lingui/core/macro';
 import { useLingui } from '@lingui/react';
@@ -8,6 +10,7 @@ import { AnimatePresence, motion } from 'framer-motion';
 import { InfoIcon } from 'lucide-react';
 import { useForm } from 'react-hook-form';
 
+import { useAutoSave } from '@documenso/lib/client-only/hooks/use-autosave';
 import { useCurrentOrganisation } from '@documenso/lib/client-only/providers/organisation';
 import { RECIPIENT_ROLES_DESCRIPTION } from '@documenso/lib/constants/recipient-roles';
 import type { TDocument } from '@documenso/lib/types/document';
@@ -60,6 +63,7 @@ export type AddSubjectFormProps = {
   fields: Field[];
   document: TDocument;
   onSubmit: (_data: TAddSubjectFormSchema) => void;
+  onAutoSave: (_data: TAddSubjectFormSchema) => Promise<void>;
   isDocumentPdfLoaded: boolean;
 };
 
@@ -69,6 +73,7 @@ export const AddSubjectFormPartial = ({
   fields: fields,
   document,
   onSubmit,
+  onAutoSave,
   isDocumentPdfLoaded,
 }: AddSubjectFormProps) => {
   const { _ } = useLingui();
@@ -95,6 +100,8 @@ export const AddSubjectFormPartial = ({
     handleSubmit,
     setValue,
     watch,
+    trigger,
+    getValues,
     formState: { isSubmitting },
   } = form;
 
@@ -129,6 +136,35 @@ export const AddSubjectFormPartial = ({
   const onFormSubmit = handleSubmit(onSubmit);
   const { currentStep, totalSteps, previousStep } = useStep();
 
+  const { scheduleSave } = useAutoSave(onAutoSave);
+
+  const handleAutoSave = async () => {
+    const isFormValid = await trigger();
+
+    if (!isFormValid) {
+      return;
+    }
+
+    const formData = getValues();
+
+    scheduleSave(formData);
+  };
+
+  useEffect(() => {
+    const container = window.document.getElementById('document-flow-form-container');
+
+    const handleBlur = () => {
+      void handleAutoSave();
+    };
+
+    if (container) {
+      container.addEventListener('blur', handleBlur, true);
+      return () => {
+        container.removeEventListener('blur', handleBlur, true);
+      };
+    }
+  }, []);
+
   return (
     <>
       <DocumentFlowFormContainerHeader
@@ -185,7 +221,6 @@ export const AddSubjectFormPartial = ({
                             <FormLabel>
                               <Trans>Email Sender</Trans>
                             </FormLabel>
-
                             <FormControl>
                               <Select
                                 {...field}
diff --git a/packages/ui/primitives/document-flow/field-item-advanced-settings.tsx b/packages/ui/primitives/document-flow/field-item-advanced-settings.tsx
index 1d0a03cc4..0afdcbf67 100644
--- a/packages/ui/primitives/document-flow/field-item-advanced-settings.tsx
+++ b/packages/ui/primitives/document-flow/field-item-advanced-settings.tsx
@@ -6,6 +6,7 @@ import { useLingui } from '@lingui/react';
 import { FieldType } from '@prisma/client';
 import { match } from 'ts-pattern';
 
+import { useAutoSave } from '@documenso/lib/client-only/hooks/use-autosave';
 import {
   type TBaseFieldMeta as BaseFieldMeta,
   type TCheckboxFieldMeta as CheckboxFieldMeta,
@@ -48,6 +49,7 @@ export type FieldAdvancedSettingsProps = {
   onAdvancedSettings?: () => void;
   isDocumentPdfLoaded?: boolean;
   onSave?: (fieldState: FieldMeta) => void;
+  onAutoSave?: (fieldState: FieldMeta) => Promise<void>;
 };
 
 export type FieldMetaKeys =
@@ -146,7 +148,16 @@ const getDefaultState = (fieldType: FieldType): FieldMeta => {
 
 export const FieldAdvancedSettings = forwardRef<HTMLDivElement, FieldAdvancedSettingsProps>(
   (
-    { title, description, field, fields, onAdvancedSettings, isDocumentPdfLoaded = true, onSave },
+    {
+      title,
+      description,
+      field,
+      fields,
+      onAdvancedSettings,
+      isDocumentPdfLoaded = true,
+      onSave,
+      onAutoSave,
+    },
     ref,
   ) => {
     const { _ } = useLingui();
@@ -177,6 +188,24 @@ export const FieldAdvancedSettings = forwardRef<HTMLDivElement, FieldAdvancedSet
       // eslint-disable-next-line react-hooks/exhaustive-deps
     }, [fieldMeta]);
 
+    const { scheduleSave } = useAutoSave(onAutoSave || (async () => {}));
+
+    const handleAutoSave = () => {
+      if (errors.length === 0) {
+        scheduleSave(fieldState);
+      }
+    };
+
+    // Auto-save to localStorage and schedule remote save when fieldState changes
+    useEffect(() => {
+      try {
+        localStorage.setItem(localStorageKey, JSON.stringify(fieldState));
+        handleAutoSave();
+      } catch (error) {
+        console.error('Failed to save to localStorage:', error);
+      }
+    }, [fieldState, localStorageKey, handleAutoSave]);
+
     const handleFieldChange = (
       key: FieldMetaKeys,
       value:
@@ -325,7 +354,10 @@ export const FieldAdvancedSettings = forwardRef<HTMLDivElement, FieldAdvancedSet
           )}
         </DocumentFlowFormContainerContent>
 
-        <DocumentFlowFormContainerFooter className="mt-auto">
+        <DocumentFlowFormContainerFooter
+          className="mt-auto"
+          data-testid="field-advanced-settings-footer"
+        >
           <DocumentFlowFormContainerActions
             goNextLabel={msg`Save`}
             goBackLabel={msg`Cancel`}
diff --git a/packages/ui/primitives/template-flow/add-template-fields.tsx b/packages/ui/primitives/template-flow/add-template-fields.tsx
index 9dbf12ecc..b6471bc61 100644
--- a/packages/ui/primitives/template-flow/add-template-fields.tsx
+++ b/packages/ui/primitives/template-flow/add-template-fields.tsx
@@ -21,6 +21,7 @@ import { useFieldArray, useForm } from 'react-hook-form';
 import { useHotkeys } from 'react-hotkeys-hook';
 
 import { getBoundingClientRect } from '@documenso/lib/client-only/get-bounding-client-rect';
+import { useAutoSave } from '@documenso/lib/client-only/hooks/use-autosave';
 import { useDocumentElement } from '@documenso/lib/client-only/hooks/use-document-element';
 import { PDF_VIEWER_PAGE_SELECTOR } from '@documenso/lib/constants/pdf-viewer';
 import { RECIPIENT_ROLES_DESCRIPTION } from '@documenso/lib/constants/recipient-roles';
@@ -73,6 +74,7 @@ export type AddTemplateFieldsFormProps = {
   recipients: Recipient[];
   fields: Field[];
   onSubmit: (_data: TAddTemplateFieldsFormSchema) => void;
+  onAutoSave: (_data: TAddTemplateFieldsFormSchema) => Promise<void>;
   teamId: number;
 };
 
@@ -81,6 +83,7 @@ export const AddTemplateFieldsFormPartial = ({
   recipients,
   fields,
   onSubmit,
+  onAutoSave,
   teamId,
 }: AddTemplateFieldsFormProps) => {
   const { _ } = useLingui();
@@ -121,6 +124,20 @@ export const AddTemplateFieldsFormPartial = ({
 
   const onFormSubmit = form.handleSubmit(onSubmit);
 
+  const { scheduleSave } = useAutoSave(onAutoSave);
+
+  const handleAutoSave = async () => {
+    const isFormValid = await form.trigger();
+
+    if (!isFormValid) {
+      return;
+    }
+
+    const formData = form.getValues();
+
+    scheduleSave(formData);
+  };
+
   const {
     append,
     remove,
@@ -160,6 +177,7 @@ export const AddTemplateFieldsFormPartial = ({
           };
 
           append(newField);
+          void handleAutoSave();
 
           return;
         }
@@ -187,6 +205,7 @@ export const AddTemplateFieldsFormPartial = ({
             append(newField);
           });
 
+          void handleAutoSave();
           return;
         }
 
@@ -198,7 +217,15 @@ export const AddTemplateFieldsFormPartial = ({
         });
       }
     },
-    [append, lastActiveField, selectedSigner?.email, selectedSigner?.id, toast],
+    [
+      append,
+      lastActiveField,
+      selectedSigner?.email,
+      selectedSigner?.id,
+      selectedSigner?.token,
+      toast,
+      handleAutoSave,
+    ],
   );
 
   const onFieldPaste = useCallback(
@@ -218,9 +245,18 @@ export const AddTemplateFieldsFormPartial = ({
           pageX: copiedField.pageX + 3,
           pageY: copiedField.pageY + 3,
         });
+
+        void handleAutoSave();
       }
     },
-    [append, fieldClipboard, selectedSigner?.email, selectedSigner?.id, selectedSigner?.token],
+    [
+      append,
+      fieldClipboard,
+      selectedSigner?.email,
+      selectedSigner?.id,
+      selectedSigner?.token,
+      handleAutoSave,
+    ],
   );
 
   useHotkeys(['ctrl+c', 'meta+c'], (evt) => onFieldCopy(evt));
@@ -378,8 +414,10 @@ export const AddTemplateFieldsFormPartial = ({
         pageWidth,
         pageHeight,
       });
+
+      void handleAutoSave();
     },
-    [getFieldPosition, localFields, update],
+    [getFieldPosition, localFields, update, handleAutoSave],
   );
 
   const onFieldMove = useCallback(
@@ -401,8 +439,10 @@ export const AddTemplateFieldsFormPartial = ({
         pageX,
         pageY,
       });
+
+      void handleAutoSave();
     },
-    [getFieldPosition, localFields, update],
+    [getFieldPosition, localFields, update, handleAutoSave],
   );
 
   useEffect(() => {
@@ -504,6 +544,7 @@ export const AddTemplateFieldsFormPartial = ({
     });
 
     form.setValue('fields', updatedFields);
+    void handleAutoSave();
   };
 
   return (
@@ -519,6 +560,10 @@ export const AddTemplateFieldsFormPartial = ({
           fields={localFields}
           onAdvancedSettings={handleAdvancedSettings}
           onSave={handleSavedFieldSettings}
+          onAutoSave={async (fieldState) => {
+            handleSavedFieldSettings(fieldState);
+            await handleAutoSave();
+          }}
         />
       ) : (
         <>
@@ -566,12 +611,22 @@ export const AddTemplateFieldsFormPartial = ({
                     defaultWidth={DEFAULT_WIDTH_PX}
                     passive={isFieldWithinBounds && !!selectedField}
                     onFocus={() => setLastActiveField(field)}
-                    onBlur={() => setLastActiveField(null)}
+                    onBlur={() => {
+                      setLastActiveField(null);
+                      void handleAutoSave();
+                    }}
                     onResize={(options) => onFieldResize(options, index)}
                     onMove={(options) => onFieldMove(options, index)}
-                    onRemove={() => remove(index)}
-                    onDuplicate={() => onFieldCopy(null, { duplicate: true })}
-                    onDuplicateAllPages={() => onFieldCopy(null, { duplicateAll: true })}
+                    onRemove={() => {
+                      remove(index);
+                      void handleAutoSave();
+                    }}
+                    onDuplicate={() => {
+                      onFieldCopy(null, { duplicate: true });
+                    }}
+                    onDuplicateAllPages={() => {
+                      onFieldCopy(null, { duplicateAll: true });
+                    }}
                     onAdvancedSettings={() => {
                       setCurrentField(field);
                       handleAdvancedSettings();
diff --git a/packages/ui/primitives/template-flow/add-template-placeholder-recipients.tsx b/packages/ui/primitives/template-flow/add-template-placeholder-recipients.tsx
index 4bb66198b..70f42b990 100644
--- a/packages/ui/primitives/template-flow/add-template-placeholder-recipients.tsx
+++ b/packages/ui/primitives/template-flow/add-template-placeholder-recipients.tsx
@@ -1,4 +1,4 @@
-import { useCallback, useEffect, useId, useMemo, useRef, useState } from 'react';
+import { useCallback, useId, useMemo, useRef, useState } from 'react';
 
 import type { DropResult, SensorAPI } from '@hello-pangea/dnd';
 import { DragDropContext, Draggable, Droppable } from '@hello-pangea/dnd';
@@ -12,6 +12,7 @@ import { motion } from 'framer-motion';
 import { GripVerticalIcon, HelpCircle, Link2Icon, Plus, Trash } from 'lucide-react';
 import { useFieldArray, useForm } from 'react-hook-form';
 
+import { useAutoSave } from '@documenso/lib/client-only/hooks/use-autosave';
 import { useCurrentOrganisation } from '@documenso/lib/client-only/providers/organisation';
 import { useSession } from '@documenso/lib/client-only/providers/session';
 import { isTemplateRecipientEmailPlaceholder } from '@documenso/lib/constants/template';
@@ -55,6 +56,7 @@ export type AddTemplatePlaceholderRecipientsFormProps = {
   allowDictateNextSigner?: boolean;
   templateDirectLink?: TemplateDirectLink | null;
   onSubmit: (_data: TAddTemplatePlacholderRecipientsFormSchema) => void;
+  onAutoSave: (_data: TAddTemplatePlacholderRecipientsFormSchema) => Promise<void>;
   isDocumentPdfLoaded: boolean;
 };
 
@@ -67,6 +69,7 @@ export const AddTemplatePlaceholderRecipientsFormPartial = ({
   allowDictateNextSigner,
   isDocumentPdfLoaded,
   onSubmit,
+  onAutoSave,
 }: AddTemplatePlaceholderRecipientsFormProps) => {
   const initialId = useId();
   const $sensorApi = useRef<SensorAPI | null>(null);
@@ -123,15 +126,38 @@ export const AddTemplatePlaceholderRecipientsFormPartial = ({
     },
   });
 
-  useEffect(() => {
-    form.reset({
-      signers: generateDefaultFormSigners(),
-      signingOrder: signingOrder || DocumentSigningOrder.PARALLEL,
-      allowDictateNextSigner: allowDictateNextSigner ?? false,
-    });
+  const emptySigners = useCallback(
+    () => form.getValues('signers').filter((signer) => signer.email === ''),
+    [form],
+  );
 
-    // eslint-disable-next-line react-hooks/exhaustive-deps
-  }, [recipients]);
+  const { scheduleSave } = useAutoSave(onAutoSave);
+
+  const handleAutoSave = async () => {
+    if (emptySigners().length > 0) {
+      return;
+    }
+
+    const isFormValid = await form.trigger();
+
+    if (!isFormValid) {
+      return;
+    }
+
+    const formData = form.getValues();
+
+    scheduleSave(formData);
+  };
+
+  // useEffect(() => {
+  //   form.reset({
+  //     signers: generateDefaultFormSigners(),
+  //     signingOrder: signingOrder || DocumentSigningOrder.PARALLEL,
+  //     allowDictateNextSigner: allowDictateNextSigner ?? false,
+  //   });
+
+  //   // eslint-disable-next-line react-hooks/exhaustive-deps
+  // }, [recipients]);
 
   // Always show advanced settings if any recipient has auth options.
   const alwaysShowAdvancedSettings = useMemo(() => {
@@ -204,7 +230,12 @@ export const AddTemplatePlaceholderRecipientsFormPartial = ({
   const onRemoveSigner = (index: number) => {
     removeSigner(index);
     const updatedSigners = signers.filter((_, idx) => idx !== index);
-    form.setValue('signers', normalizeSigningOrders(updatedSigners));
+    form.setValue('signers', normalizeSigningOrders(updatedSigners), {
+      shouldValidate: true,
+      shouldDirty: true,
+    });
+
+    void handleAutoSave();
   };
 
   const isSignerDirectRecipient = (
@@ -231,7 +262,10 @@ export const AddTemplatePlaceholderRecipientsFormPartial = ({
         signingOrder: index + 1,
       }));
 
-      form.setValue('signers', updatedSigners);
+      form.setValue('signers', updatedSigners, {
+        shouldValidate: true,
+        shouldDirty: true,
+      });
 
       const lastSigner = updatedSigners[updatedSigners.length - 1];
       if (lastSigner.role === RecipientRole.ASSISTANT) {
@@ -244,8 +278,10 @@ export const AddTemplatePlaceholderRecipientsFormPartial = ({
       }
 
       await form.trigger('signers');
+
+      void handleAutoSave();
     },
-    [form, watchedSigners, toast],
+    [form, watchedSigners, toast, handleAutoSave],
   );
 
   const handleSigningOrderChange = useCallback(
@@ -273,7 +309,10 @@ export const AddTemplatePlaceholderRecipientsFormPartial = ({
         signingOrder: idx + 1,
       }));
 
-      form.setValue('signers', updatedSigners);
+      form.setValue('signers', updatedSigners, {
+        shouldValidate: true,
+        shouldDirty: true,
+      });
 
       if (signer.role === RecipientRole.ASSISTANT && newPosition === remainingSigners.length - 1) {
         toast({
@@ -283,8 +322,10 @@ export const AddTemplatePlaceholderRecipientsFormPartial = ({
           ),
         });
       }
+
+      void handleAutoSave();
     },
-    [form, toast],
+    [form, toast, handleAutoSave],
   );
 
   const handleRoleChange = useCallback(
@@ -294,7 +335,10 @@ export const AddTemplatePlaceholderRecipientsFormPartial = ({
 
       // Handle parallel to sequential conversion for assistants
       if (role === RecipientRole.ASSISTANT && signingOrder === DocumentSigningOrder.PARALLEL) {
-        form.setValue('signingOrder', DocumentSigningOrder.SEQUENTIAL);
+        form.setValue('signingOrder', DocumentSigningOrder.SEQUENTIAL, {
+          shouldValidate: true,
+          shouldDirty: true,
+        });
         toast({
           title: _(msg`Signing order is enabled.`),
           description: _(msg`You cannot add assistants when signing order is disabled.`),
@@ -309,7 +353,10 @@ export const AddTemplatePlaceholderRecipientsFormPartial = ({
         signingOrder: idx + 1,
       }));
 
-      form.setValue('signers', updatedSigners);
+      form.setValue('signers', updatedSigners, {
+        shouldValidate: true,
+        shouldDirty: true,
+      });
 
       if (role === RecipientRole.ASSISTANT && index === updatedSigners.length - 1) {
         toast({
@@ -319,8 +366,10 @@ export const AddTemplatePlaceholderRecipientsFormPartial = ({
           ),
         });
       }
+
+      void handleAutoSave();
     },
-    [form, toast],
+    [form, toast, handleAutoSave],
   );
 
   const [showSigningOrderConfirmation, setShowSigningOrderConfirmation] = useState(false);
@@ -334,10 +383,21 @@ export const AddTemplatePlaceholderRecipientsFormPartial = ({
       role: signer.role === RecipientRole.ASSISTANT ? RecipientRole.SIGNER : signer.role,
     }));
 
-    form.setValue('signers', updatedSigners);
-    form.setValue('signingOrder', DocumentSigningOrder.PARALLEL);
-    form.setValue('allowDictateNextSigner', false);
-  }, [form]);
+    form.setValue('signers', updatedSigners, {
+      shouldValidate: true,
+      shouldDirty: true,
+    });
+    form.setValue('signingOrder', DocumentSigningOrder.PARALLEL, {
+      shouldValidate: true,
+      shouldDirty: true,
+    });
+    form.setValue('allowDictateNextSigner', false, {
+      shouldValidate: true,
+      shouldDirty: true,
+    });
+
+    void handleAutoSave();
+  }, [form, handleAutoSave]);
 
   return (
     <>
@@ -382,8 +442,13 @@ export const AddTemplatePlaceholderRecipientsFormPartial = ({
 
                         // If sequential signing is turned off, disable dictate next signer
                         if (!checked) {
-                          form.setValue('allowDictateNextSigner', false);
+                          form.setValue('allowDictateNextSigner', false, {
+                            shouldValidate: true,
+                            shouldDirty: true,
+                          });
                         }
+
+                        void handleAutoSave();
                       }}
                       disabled={isSubmitting}
                     />
@@ -409,7 +474,10 @@ export const AddTemplatePlaceholderRecipientsFormPartial = ({
                       {...field}
                       id="allowDictateNextSigner"
                       checked={value}
-                      onCheckedChange={field.onChange}
+                      onCheckedChange={(checked) => {
+                        field.onChange(checked);
+                        void handleAutoSave();
+                      }}
                       disabled={isSubmitting || !isSigningOrderSequential}
                     />
                   </FormControl>
@@ -500,6 +568,7 @@ export const AddTemplatePlaceholderRecipientsFormPartial = ({
                                         <Input
                                           type="number"
                                           max={signers.length}
+                                          data-testid="placeholder-recipient-signing-order-input"
                                           className={cn(
                                             'w-full text-center',
                                             '[appearance:textfield] [&::-webkit-inner-spin-button]:appearance-none [&::-webkit-outer-spin-button]:appearance-none',
@@ -558,6 +627,8 @@ export const AddTemplatePlaceholderRecipientsFormPartial = ({
                                           signers[index].email === user?.email ||
                                           isSignerDirectRecipient(signer)
                                         }
+                                        onBlur={handleAutoSave}
+                                        data-testid="placeholder-recipient-email-input"
                                       />
                                     </FormControl>
 
@@ -592,6 +663,8 @@ export const AddTemplatePlaceholderRecipientsFormPartial = ({
                                           signers[index].email === user?.email ||
                                           isSignerDirectRecipient(signer)
                                         }
+                                        onBlur={handleAutoSave}
+                                        data-testid="placeholder-recipient-name-input"
                                       />
                                     </FormControl>
 
@@ -633,10 +706,10 @@ export const AddTemplatePlaceholderRecipientsFormPartial = ({
                                       <FormControl>
                                         <RecipientRoleSelect
                                           {...field}
-                                          onValueChange={(value) =>
+                                          onValueChange={(value) => {
                                             // eslint-disable-next-line @typescript-eslint/consistent-type-assertions
-                                            handleRoleChange(index, value as RecipientRole)
-                                          }
+                                            handleRoleChange(index, value as RecipientRole);
+                                          }}
                                           disabled={isSubmitting}
                                           hideCCRecipients={isSignerDirectRecipient(signer)}
                                         />
@@ -672,6 +745,7 @@ export const AddTemplatePlaceholderRecipientsFormPartial = ({
                                     className="col-span-1 mt-auto inline-flex h-10 w-10 items-center justify-center text-slate-500 hover:opacity-80 disabled:cursor-not-allowed disabled:opacity-50"
                                     disabled={isSubmitting || signers.length === 1}
                                     onClick={() => onRemoveSigner(index)}
+                                    data-testid="remove-placeholder-recipient-button"
                                   >
                                     <Trash className="h-5 w-5" />
                                   </button>
diff --git a/packages/ui/primitives/template-flow/add-template-settings.tsx b/packages/ui/primitives/template-flow/add-template-settings.tsx
index d880b8edb..374e31a69 100644
--- a/packages/ui/primitives/template-flow/add-template-settings.tsx
+++ b/packages/ui/primitives/template-flow/add-template-settings.tsx
@@ -9,6 +9,7 @@ import { InfoIcon } from 'lucide-react';
 import { useForm } from 'react-hook-form';
 import { match } from 'ts-pattern';
 
+import { useAutoSave } from '@documenso/lib/client-only/hooks/use-autosave';
 import { useCurrentOrganisation } from '@documenso/lib/client-only/providers/organisation';
 import { DATE_FORMATS, DEFAULT_DOCUMENT_DATE_FORMAT } from '@documenso/lib/constants/date-formats';
 import {
@@ -83,6 +84,7 @@ export type AddTemplateSettingsFormProps = {
   template: TTemplate;
   currentTeamMemberRole?: TeamMemberRole;
   onSubmit: (_data: TAddTemplateSettingsFormSchema) => void;
+  onAutoSave: (_data: TAddTemplateSettingsFormSchema) => Promise<void>;
 };
 
 export const AddTemplateSettingsFormPartial = ({
@@ -93,6 +95,7 @@ export const AddTemplateSettingsFormPartial = ({
   template,
   currentTeamMemberRole,
   onSubmit,
+  onAutoSave,
 }: AddTemplateSettingsFormProps) => {
   const { t, i18n } = useLingui();
 
@@ -160,6 +163,28 @@ export const AddTemplateSettingsFormPartial = ({
     }
   }, [form, form.setValue, form.formState.touchedFields.meta?.timezone]);
 
+  const { scheduleSave } = useAutoSave(onAutoSave);
+
+  const handleAutoSave = async () => {
+    const isFormValid = await form.trigger();
+
+    if (!isFormValid) {
+      return;
+    }
+
+    const formData = form.getValues();
+
+    /*
+     * Parse the form data through the Zod schema to handle transformations
+     * (like -1 -> undefined for the Document Global Auth Access)
+     */
+    const parseResult = ZAddTemplateSettingsFormSchema.safeParse(formData);
+
+    if (parseResult.success) {
+      scheduleSave(parseResult.data);
+    }
+  };
+
   return (
     <>
       <DocumentFlowFormContainerHeader
@@ -191,7 +216,7 @@ export const AddTemplateSettingsFormPartial = ({
                   </FormLabel>
 
                   <FormControl>
-                    <Input className="bg-background" {...field} />
+                    <Input className="bg-background" {...field} onBlur={handleAutoSave} />
                   </FormControl>
                   <FormMessage />
                 </FormItem>
@@ -219,7 +244,13 @@ export const AddTemplateSettingsFormPartial = ({
                   </FormLabel>
 
                   <FormControl>
-                    <Select {...field} onValueChange={field.onChange}>
+                    <Select
+                      {...field}
+                      onValueChange={(value) => {
+                        field.onChange(value);
+                        void handleAutoSave();
+                      }}
+                    >
                       <SelectTrigger className="bg-background">
                         <SelectValue />
                       </SelectTrigger>
@@ -250,9 +281,13 @@ export const AddTemplateSettingsFormPartial = ({
 
                   <FormControl>
                     <DocumentGlobalAuthAccessSelect
+                      {...field}
+                      onValueChange={(value) => {
+                        field.onChange(value);
+                        void handleAutoSave();
+                      }}
                       value={field.value}
                       disabled={field.disabled}
-                      onValueChange={field.onChange}
                     />
                   </FormControl>
                 </FormItem>
@@ -275,7 +310,10 @@ export const AddTemplateSettingsFormPartial = ({
                         canUpdateVisibility={canUpdateVisibility}
                         currentTeamMemberRole={currentTeamMemberRole}
                         {...field}
-                        onValueChange={field.onChange}
+                        onValueChange={(value) => {
+                          field.onChange(value);
+                          void handleAutoSave();
+                        }}
                       />
                     </FormControl>
                   </FormItem>
@@ -334,7 +372,13 @@ export const AddTemplateSettingsFormPartial = ({
                   </FormLabel>
 
                   <FormControl>
-                    <Select {...field} onValueChange={field.onChange}>
+                    <Select
+                      {...field}
+                      onValueChange={(value) => {
+                        field.onChange(value);
+                        void handleAutoSave();
+                      }}
+                    >
                       <SelectTrigger className="bg-background text-muted-foreground">
                         <SelectValue data-testid="documentDistributionMethodSelectValue" />
                       </SelectTrigger>
@@ -371,7 +415,10 @@ export const AddTemplateSettingsFormPartial = ({
                         value: option.value,
                       }))}
                       selectedValues={field.value}
-                      onChange={field.onChange}
+                      onChange={(value) => {
+                        field.onChange(value);
+                        void handleAutoSave();
+                      }}
                       className="bg-background w-full"
                       emptySelectionPlaceholder="Select signature types"
                     />
@@ -395,9 +442,13 @@ export const AddTemplateSettingsFormPartial = ({
 
                     <FormControl>
                       <DocumentGlobalAuthActionSelect
+                        {...field}
+                        onValueChange={(value) => {
+                          field.onChange(value);
+                          void handleAutoSave();
+                        }}
                         value={field.value}
                         disabled={field.disabled}
-                        onValueChange={field.onChange}
                       />
                     </FormControl>
                   </FormItem>
@@ -488,7 +539,7 @@ export const AddTemplateSettingsFormPartial = ({
                             </FormLabel>
 
                             <FormControl>
-                              <Input {...field} />
+                              <Input {...field} onBlur={handleAutoSave} />
                             </FormControl>
 
                             <FormMessage />
@@ -515,7 +566,11 @@ export const AddTemplateSettingsFormPartial = ({
                             </FormLabel>
 
                             <FormControl>
-                              <Textarea className="bg-background h-16 resize-none" {...field} />
+                              <Textarea
+                                className="bg-background h-16 resize-none"
+                                {...field}
+                                onBlur={handleAutoSave}
+                              />
                             </FormControl>
 
                             <FormMessage />
@@ -525,7 +580,12 @@ export const AddTemplateSettingsFormPartial = ({
 
                       <DocumentEmailCheckboxes
                         value={emailSettings}
-                        onChange={(value) => form.setValue('meta.emailSettings', value)}
+                        onChange={(value) => {
+                          form.setValue('meta.emailSettings', value, {
+                            shouldDirty: true,
+                          });
+                          void handleAutoSave();
+                        }}
                       />
                     </div>
                   </AccordionContent>
@@ -563,7 +623,7 @@ export const AddTemplateSettingsFormPartial = ({
                           </FormLabel>
 
                           <FormControl>
-                            <Input className="bg-background" {...field} />
+                            <Input className="bg-background" {...field} onBlur={handleAutoSave} />
                           </FormControl>
 
                           <FormMessage />
@@ -581,7 +641,13 @@ export const AddTemplateSettingsFormPartial = ({
                           </FormLabel>
 
                           <FormControl>
-                            <Select {...field} onValueChange={field.onChange}>
+                            <Select
+                              {...field}
+                              onValueChange={(value) => {
+                                field.onChange(value);
+                                void handleAutoSave();
+                              }}
+                            >
                               <SelectTrigger className="bg-background">
                                 <SelectValue />
                               </SelectTrigger>
@@ -615,7 +681,10 @@ export const AddTemplateSettingsFormPartial = ({
                               className="bg-background time-zone-field"
                               options={TIME_ZONES}
                               {...field}
-                              onChange={(value) => value && field.onChange(value)}
+                              onChange={(value) => {
+                                value && field.onChange(value);
+                                void handleAutoSave();
+                              }}
                             />
                           </FormControl>
 
@@ -645,7 +714,7 @@ export const AddTemplateSettingsFormPartial = ({
                           </FormLabel>
 
                           <FormControl>
-                            <Input className="bg-background" {...field} />
+                            <Input className="bg-background" {...field} onBlur={handleAutoSave} />
                           </FormControl>
 
                           <FormMessage />

From 374f2c45b47576cbcafaa418eb23095ea0a75431 Mon Sep 17 00:00:00 2001
From: Timur Ercan <timur.ercan31@gmail.com>
Date: Mon, 8 Sep 2025 17:56:53 +0200
Subject: [PATCH 18/47] chore: add soc2 compliance (#2019)

added soc2 compliance to docs
---
 .../users/compliance/standards-and-regulations.mdx | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/apps/documentation/pages/users/compliance/standards-and-regulations.mdx b/apps/documentation/pages/users/compliance/standards-and-regulations.mdx
index c1c7845df..4d5193944 100644
--- a/apps/documentation/pages/users/compliance/standards-and-regulations.mdx
+++ b/apps/documentation/pages/users/compliance/standards-and-regulations.mdx
@@ -19,13 +19,13 @@ device, and other FDA-regulated industries.
 - [x] User Access Management
 - [x] Quality Assurance Documentation
 
-## SOC/ SOC II
+## SOC 2
 
-<Callout type="warning" emoji="⏳">
-  Status: [Planned](https://github.com/documenso/backlog/issues/24)
+<Callout type="info" emoji="✅">
+  Status: [Compliant](https://documen.so/trust)
 </Callout>
 
-SOC II is a framework for managing and auditing the security, availability, processing integrity, confidentiality,
+SOC 2 is a framework for managing and auditing the security, availability, processing integrity, confidentiality,
 and data privacy in cloud and IT service organizations, established by the American Institute of Certified
 Public Accountants (AICPA).
 
@@ -34,9 +34,9 @@ Public Accountants (AICPA).
 <Callout type="warning" emoji="⏳">
   Status: [Planned](https://github.com/documenso/backlog/issues/26)
 </Callout>
-ISO 27001 is an international standard for managing information security, specifying requirements for
-establishing, implementing, maintaining, and continually improving an information security management
-system (ISMS).
+ISO 27001 is an international standard for managing information security, specifying requirements
+for establishing, implementing, maintaining, and continually improving an information security
+management system (ISMS).
 
 ### HIPAA
 

From 9ac7b94d9a9a41f916b97c03fc039dea468168fd Mon Sep 17 00:00:00 2001
From: David Nguyen <davidngu28@gmail.com>
Date: Tue, 9 Sep 2025 17:14:07 +1000
Subject: [PATCH 19/47] feat: add organisation sso portal (#1946)

Allow organisations to manage an SSO OIDC compliant portal. This method
is intended to streamline the onboarding process and paves the way to
allow organisations to manage their members in a more strict way.
---
 .../pages/users/organisations/_meta.json      |   3 +-
 .../pages/users/organisations/sso/_meta.json  |   4 +
 .../pages/users/organisations/sso/index.mdx   | 149 ++++++
 .../organisations/sso/microsoft-entra-id.mdx  |  76 +++
 .../organisations-sso-settings.webp           | Bin 0 -> 179112 bytes
 .../o.$orgUrl.settings._layout.tsx            |  13 +
 .../o.$orgUrl.settings.sso.tsx                | 432 ++++++++++++++++++
 .../settings+/security._index.tsx             |  21 +
 .../settings+/security.linked-accounts.tsx    | 179 ++++++++
 .../_unauthenticated+/o.$orgUrl.signin.tsx    | 218 +++++++++
 .../organisation.sso.confirmation.$token.tsx  | 333 ++++++++++++++
 apps/remix/public/static/building-2.png       | Bin 0 -> 297 bytes
 packages/auth/client/index.ts                 |  36 ++
 packages/auth/server/index.ts                 |   2 +
 .../lib/utils/delete-account-provider.ts      |  37 ++
 .../auth/server/lib/utils/get-accounts.ts     |  32 ++
 .../lib/utils/handle-oauth-callback-url.ts    | 153 ++++---
 .../handle-oauth-organisation-callback-url.ts |  99 ++++
 .../server/lib/utils/organisation-portal.ts   |  94 ++++
 packages/auth/server/routes/account.ts        |  25 +
 packages/auth/server/routes/callback.ts       |  28 ++
 packages/auth/server/routes/email-password.ts |   4 +-
 packages/auth/server/routes/oauth.ts          |  17 +
 .../lib/link-organisation-account.ts          | 163 +++++++
 ...isation-account-link-confirmation-email.ts | 119 +++++
 packages/email/static/building-2.png          | Bin 0 -> 297 bytes
 ...organisation-account-link-confirmation.tsx | 145 ++++++
 packages/lib/constants/auth.ts                |   3 +
 packages/lib/constants/email.ts               |   2 +
 packages/lib/constants/organisations.ts       |   4 +
 .../auth/send-confirmation-email.ts           |  18 +-
 .../accept-organisation-invitation.ts         |  70 ++-
 .../organisation/create-organisation.ts       |  11 +
 .../user/generate-confirmation-token.ts       |  41 --
 ...et-most-recent-email-verification-token.ts |  21 +
 ...st-recent-verification-token-by-user-id.ts |  18 -
 .../user/send-confirmation-token.ts           |   9 +-
 packages/lib/server-only/user/verify-email.ts |   6 +-
 packages/lib/types/organisation.ts            |  18 +-
 packages/lib/types/subscription.ts            |   7 +
 packages/lib/universal/id.ts                  |   1 +
 .../organisation-authentication-portal.ts     |  13 +
 .../migration.sql                             |  75 +++
 packages/prisma/schema.prisma                 |  32 +-
 packages/prisma/seed/organisations.ts         |  45 +-
 .../create-organisation-email-domain.types.ts |   2 +-
 .../decline-link-organisation-account.ts      |  25 +
 ...decline-link-organisation-account.types.ts |  11 +
 .../get-organisation-authentication-portal.ts |  84 ++++
 ...rganisation-authentication-portal.types.ts |  28 ++
 .../link-organisation-account.ts              |  22 +
 .../link-organisation-account.types.ts        |   9 +
 .../trpc/server/enterprise-router/router.ts   |  10 +
 ...date-organisation-authentication-portal.ts | 109 +++++
 ...rganisation-authentication-portal.types.ts |  24 +
 .../delete-organisation.ts                    |  22 +-
 56 files changed, 2922 insertions(+), 200 deletions(-)
 create mode 100644 apps/documentation/pages/users/organisations/sso/_meta.json
 create mode 100644 apps/documentation/pages/users/organisations/sso/index.mdx
 create mode 100644 apps/documentation/pages/users/organisations/sso/microsoft-entra-id.mdx
 create mode 100644 apps/documentation/public/organisations/organisations-sso-settings.webp
 create mode 100644 apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
 create mode 100644 apps/remix/app/routes/_authenticated+/settings+/security.linked-accounts.tsx
 create mode 100644 apps/remix/app/routes/_unauthenticated+/o.$orgUrl.signin.tsx
 create mode 100644 apps/remix/app/routes/_unauthenticated+/organisation.sso.confirmation.$token.tsx
 create mode 100644 apps/remix/public/static/building-2.png
 create mode 100644 packages/auth/server/lib/utils/delete-account-provider.ts
 create mode 100644 packages/auth/server/lib/utils/get-accounts.ts
 create mode 100644 packages/auth/server/lib/utils/handle-oauth-organisation-callback-url.ts
 create mode 100644 packages/auth/server/lib/utils/organisation-portal.ts
 create mode 100644 packages/auth/server/routes/account.ts
 create mode 100644 packages/ee/server-only/lib/link-organisation-account.ts
 create mode 100644 packages/ee/server-only/lib/send-organisation-account-link-confirmation-email.ts
 create mode 100644 packages/email/static/building-2.png
 create mode 100644 packages/email/templates/organisation-account-link-confirmation.tsx
 delete mode 100644 packages/lib/server-only/user/generate-confirmation-token.ts
 create mode 100644 packages/lib/server-only/user/get-most-recent-email-verification-token.ts
 delete mode 100644 packages/lib/server-only/user/get-most-recent-verification-token-by-user-id.ts
 create mode 100644 packages/lib/utils/organisation-authentication-portal.ts
 create mode 100644 packages/prisma/migrations/20250807011918_add_organisation_sso_portal/migration.sql
 create mode 100644 packages/trpc/server/enterprise-router/decline-link-organisation-account.ts
 create mode 100644 packages/trpc/server/enterprise-router/decline-link-organisation-account.types.ts
 create mode 100644 packages/trpc/server/enterprise-router/get-organisation-authentication-portal.ts
 create mode 100644 packages/trpc/server/enterprise-router/get-organisation-authentication-portal.types.ts
 create mode 100644 packages/trpc/server/enterprise-router/link-organisation-account.ts
 create mode 100644 packages/trpc/server/enterprise-router/link-organisation-account.types.ts
 create mode 100644 packages/trpc/server/enterprise-router/update-organisation-authentication-portal.ts
 create mode 100644 packages/trpc/server/enterprise-router/update-organisation-authentication-portal.types.ts

diff --git a/apps/documentation/pages/users/organisations/_meta.json b/apps/documentation/pages/users/organisations/_meta.json
index b77f9137c..dfc75fc95 100644
--- a/apps/documentation/pages/users/organisations/_meta.json
+++ b/apps/documentation/pages/users/organisations/_meta.json
@@ -3,5 +3,6 @@
   "members": "Members",
   "groups": "Groups",
   "teams": "Teams",
+  "sso": "SSO",
   "billing": "Billing"
-}
\ No newline at end of file
+}
diff --git a/apps/documentation/pages/users/organisations/sso/_meta.json b/apps/documentation/pages/users/organisations/sso/_meta.json
new file mode 100644
index 000000000..4ba07c6f6
--- /dev/null
+++ b/apps/documentation/pages/users/organisations/sso/_meta.json
@@ -0,0 +1,4 @@
+{
+  "index": "Configuration",
+  "microsoft-entra-id": "Microsoft Entra ID"
+}
diff --git a/apps/documentation/pages/users/organisations/sso/index.mdx b/apps/documentation/pages/users/organisations/sso/index.mdx
new file mode 100644
index 000000000..c909b3336
--- /dev/null
+++ b/apps/documentation/pages/users/organisations/sso/index.mdx
@@ -0,0 +1,149 @@
+---
+title: SSO Portal
+description: Learn how to set up a custom SSO login portal for your organisation.
+---
+
+import Image from 'next/image';
+
+import { Callout, Steps } from 'nextra/components';
+
+# Organisation SSO Portal
+
+The SSO Portal provides a dedicated login URL for your organisation that integrates with any OIDC compliant identity provider. This feature provides:
+
+- **Single Sign-On**: Access Documenso using your own authentication system
+- **Automatic onboarding**: New users will be automatically added to your organisation when they sign in through the portal
+- **Delegated account management**: Your organisation has full control over the users who sign in through the portal
+
+<Callout type="warning">
+  Anyone who signs in through your portal will be added to your organisation as a member.
+</Callout>
+
+## Getting Started
+
+To set up the SSO Portal, you need to be an organisation owner, admin, or manager.
+
+<Callout type="info">
+  **Enterprise Only**: This feature is only available to Enterprise customers.
+</Callout>
+
+<Steps>
+
+### Access Organisation SSO Settings
+
+![Organisation SSO Portal settings](/organisations/organisations-sso-settings.webp)
+
+### Configure SSO Portal
+
+See the [Microsoft Entra ID](/users/organisations/sso/microsoft-entra-id) guide to find the values for the following fields.
+
+#### Issuer URL
+
+Enter the OpenID discovery endpoint URL for your provider. Here are some common examples:
+
+- **Google Workspace**: `https://accounts.google.com/.well-known/openid-configuration`
+- **Microsoft Entra ID**: `https://login.microsoftonline.com/{tenant-id}/v2.0/.well-known/openid-configuration`
+- **Okta**: `https://{your-domain}.okta.com/.well-known/openid-configuration`
+- **Auth0**: `https://{your-domain}.auth0.com/.well-known/openid-configuration`
+
+#### Client Credentials
+
+Enter the client ID and client secret provided by your identity provider:
+
+- **Client ID**: The unique identifier for your application
+- **Client Secret**: The secret key for authenticating your application
+
+#### Default Organisation Role
+
+Select the default Organisation role that new users will receive when they first sign in through the portal.
+
+#### Allowed Email Domains
+
+Specify which email domains are allowed to sign in through your SSO portal. Separate domains with spaces:
+
+```
+your-domain.com another-domain.com
+```
+
+Leave this field empty to allow all domains.
+
+### Configure Your Identity Provider
+
+You'll need to configure your identity provider with the following information:
+
+- Redirect URI
+- Scopes
+
+These values are found at the top of the page.
+
+### Save Configuration
+
+Toggle the "Enable SSO portal" switch to activate the feature for your organisation.
+
+Click "Update" to save your SSO portal configuration. The portal will be activated once all required fields are completed.
+
+</Steps>
+
+## Testing Your SSO Portal
+
+Once configured, you can test your SSO portal by:
+
+1. Navigating to your portal URL found at the top of the organisation SSO portal settings page
+2. Sign in with a test account from your configured domain
+3. Verifying that the user is properly provisioned with the correct organisation role
+
+## Best Practices
+
+### Reduce Friction
+
+Create a custom subdomain for your organisation's SSO portal. For example, you can create a subdomain like `documenso.your-organisation.com` which redirects to the portal link.
+
+### Security Considerations
+
+Please note that anyone who signs in through your portal will be added to your organisation as a member.
+
+- **Domain Restrictions**: Use allowed domains to prevent unauthorized access
+- **Role Assignment**: Carefully consider the default organisation role for new users
+
+## Troubleshooting
+
+### Common Issues
+
+**"Invalid issuer URL"**
+
+- Verify the issuer URL is correct and accessible
+- Ensure the URL follows the OpenID Connect discovery format
+
+**"Client authentication failed"**
+
+- Check that your client ID and client secret are correct
+- Verify that your application is properly registered with your identity provider
+
+**"User not provisioned"**
+
+- Check that the user's email domain is in the allowed domains list
+- Verify the default organisation role is set correctly
+
+**"Redirect URI mismatch"**
+
+- Ensure the redirect URI in Documenso matches exactly what's configured in your identity provider
+- Check for any trailing slashes or protocol mismatches
+
+### Getting Help
+
+If you encounter issues with your SSO portal configuration:
+
+1. Review your identity provider's documentation for OpenID Connect setup
+2. Check the Documenso logs for detailed error messages
+3. Contact your identity provider's support for provider-specific issues
+
+<Callout type="info">
+  For additional support for SSO Portal configuration, contact our support team at
+  support@documenso.com.
+</Callout>
+
+## Identity Provider Guides
+
+For detailed setup instructions for specific identity providers:
+
+- [Microsoft Entra ID](/users/organisations/sso/microsoft-entra-id) - Complete guide for Azure AD configuration
diff --git a/apps/documentation/pages/users/organisations/sso/microsoft-entra-id.mdx b/apps/documentation/pages/users/organisations/sso/microsoft-entra-id.mdx
new file mode 100644
index 000000000..6b3ed6d65
--- /dev/null
+++ b/apps/documentation/pages/users/organisations/sso/microsoft-entra-id.mdx
@@ -0,0 +1,76 @@
+---
+title: Microsoft Entra ID
+description: Learn how to configure Microsoft Entra ID (Azure AD) for your organisation's SSO portal.
+---
+
+import Image from 'next/image';
+
+import { Callout, Steps } from 'nextra/components';
+
+# Microsoft Entra ID Configuration
+
+Microsoft Entra ID (formerly Azure Active Directory) is a popular identity provider for enterprise SSO. This guide will walk you through creating an app registration and configuring it for use with your Documenso SSO portal.
+
+## Prerequisites
+
+- Access to Microsoft Entra ID (Azure AD) admin center
+- Access to your Documenso organisation as an administrator or manager
+
+<Callout type="warning">Each user in your Azure AD will need an email associated with it.</Callout>
+
+## Creating an App Registration
+
+<Steps>
+
+### Access Azure Portal
+
+1. Navigate to the Azure Portal
+2. Sign in with your Microsoft Entra ID administrator account
+3. Search for "Azure Active Directory" or "Microsoft Entra ID" in the search bar
+4. Click on "Microsoft Entra ID" from the results
+
+### Create App Registration
+
+1. In the left sidebar, click on "App registrations"
+2. Click the "New registration" button
+
+### Configure App Registration
+
+Fill in the registration form with the following details:
+
+- **Name**: Your preferred name (e.g. `Documenso SSO Portal`)
+- **Supported account types**: Choose based on your needs
+- **Redirect URI (Web)**: Found in the Documenso SSO portal settings page
+
+Click "Register" to create the app registration.
+
+### Get Client ID
+
+After registration, you'll be taken to the app's overview page. The **Application (client) ID** is displayed prominently - this is your Client ID for Documenso.
+
+### Create Client Secret
+
+1. In the left sidebar, click on "Certificates & secrets"
+2. Click "New client secret"
+3. Add a description (e.g., "Documenso SSO Secret")
+4. Choose an expiration period (recommended 12-24 months)
+5. Click "Add"
+
+Make sure you copy the "Secret value", not the "Secret ID", you won't be able to access it again after you leave the page.
+
+</Steps>
+
+## Getting Your OpenID Configuration URL
+
+1. In the Azure portal, go to "Microsoft Entra ID"
+2. Click on "Overview" in the left sidebar
+3. Click the "Endpoints" in the horizontal tab
+4. Copy the "OpenID Connect metadata document" value
+
+## Configure Documenso SSO Portal
+
+Now you have all the information needed to configure your Documenso SSO portal:
+
+- **Issuer URL**: The "OpenID Connect metadata document" value from the previous step
+- **Client ID**: The Application (client) ID from your app registration
+- **Client Secret**: The secret value you copied during creation
diff --git a/apps/documentation/public/organisations/organisations-sso-settings.webp b/apps/documentation/public/organisations/organisations-sso-settings.webp
new file mode 100644
index 0000000000000000000000000000000000000000..b6d46f77eeba06b816758cce98d6908b974d4e77
GIT binary patch
literal 179112
zcmeEO`#;nF`+jZCr_A|OnqzWk&Yj2*krg=%qd88@L<e#<LXIWmSQ1eVGsZ?(mh&-+
zIiE_D=8$tGeE0b~zVB^6?D5$4cs-xj^M1VU>$>jyp0&BDX<-u>us1QXLRy_eWHR5w
z-t_8%`2uB%jy_lqQBp?={uIA|X?Pg{H(l>Cb2akK-PY0L9-)(bIbP)4AFi*n5{tMP
zVptJido`*xv$BwXM_1*!C*e_AK#`vl8FS_H^Lwivch8?*g!K3KTUmH{eH6U+G`FUm
zSHa7x)O9H!KH&FSx&^6e?D=Xz;H*~do0DbzM}(Vys{E$NGvk!It56AOw3W-1-~I!4
zE?aP06^T3{`!!|Bn}2q;Z)X(`*aQ9ziy&N~R*P%DfQfW@^K^NMhP?707<tJn*3~sb
z8wn1AaF*Sp<V6a-smZ-Zc8Y{~yo#5hv?Ycaukzhnef_+2I@8~p+Zk(fEQ80*3o98g
zUFt?Up;fEaL-Ksu@p<jit-=0(M_S)kO#i+FS&j$gQ~ahz^R3U2$)n#LD1NakBDH=_
zQ?oKtx*imfX_+a?o;0<7603H;<l6*AjkzH6Nq(UERhDDj#?g_1uk*E>#6(U35ZVmy
zN4_m*nV~p!5;`4d(-nlialfmH?AJHtHAPwJIz44BrR4k^-OtNEo1(Rma;vpKBIFR=
zpN8(Y&&_Xr@!F5}{mzQ<h3m_Di{}oOzgVPu(wQr>PQKLT-0z}t^v)wsuS9H*xc~+8
zbUzvM5$gKE(aDg3kChfmkK`$-^5)>6ssfA0)RfBp?(QG65y7<GsDq5dquWG>JqPv1
zCaDrbh@tIeoM8>a@4*8x!I+}LnDoywGc!7_9y2pj6_39&?nJe3y^B_-P$QUEH&6F;
zYM1>fkgLNuin<?Y+K`{5zEAP{9{}mcfO)u(R`OfNk)xxz`O@-M7J*}cOf-dF?H8Iy
zSk3#!5>(nPm|i1)Zf@7*kPrCp@gD;JA@Cmp{~_=n0{<cK9|Hd&@E-#IA@Cmp{~_=n
z0{<cK9|Hd&@E-#IA@Cmp{~_=n0{<cK9|Hfs5io+i5={`30zo}%1Yl&i5s_{rDg~uk
z@CDcC=VdTv=mIQ)3HHEcwcxU+m2^1FiZ2Zvt7gHsT`p<{RIq`Yfg2u-lG3Fe{Pn6A
z@3n%n|AtaWn#<!Vt<-{RKspdo^GG=xOa~Y-g9(;{Agyis@BVf@<1>pvwe6m9OXm7z
z%`jnp<7)|fIa}c<4@9?UiLH5jycul8LT~PFGkDjFR8g9W&?C<ml|I7Cc!CO-MBrI@
z_O4spSTvn>GxHN;f;93mMED8YViMop+;LWz?$?r1c3=aH#TAN`vEwCO^ZCKmsY;Ig
z+>4XqqlZ=dw~`EXV7fXmG7uvMHDvD0jwN~<jCI7ZR)YkkrF-cSz5##zxf}~oR$E{o
z4HyAH(ZE-ckr<RH2#rN!p9n1~Px%Z6vC%M^XQX~v^EhHZ@UZF#jx=*}V%>KCNxTa!
z!^C0HAXZTGNN99lT_P4OuVOou{FZH#cD?E#VwrcW?8Pl0lps3ZJW_Qvl!(QJ*?IJp
zvjd#pofG~9(;`otg$*SGkOZ+Gc4~~>@-+1<YIA~^6+;Bcqu(`<ye)_a$d3Z=u5P~Q
zao`DGmYtJ)-s+T)hw3h0DiH-X@<1Ls0ErcZL*t6uYIlB?WG#v)Q_BZVk+XlWm9s&F
z$!URq8p=Z?h*!ezlDQlC&P=suQ?Pav&s_hR@ZXPc1%^8FBIPxy7mnjm02YnLIpQ2^
zA2>pJf^RPNf?tbqxn7bZqUF;9{>XDepB#M4`~8_3?hAZtyVsXo9gU`kMyu);vX}43
z;@U0Lwo!bnFdf(OXjNm*ALL0iH0{RRo^0%Zg<8d}nQpY!X)u1?%?vqsr-@491z{b(
z?z(d>D;U{SuZqc;^{L-#yR*7@(Ifx&XU{e=t^Rhw1>axgyRRA+JD4%^xk3_(PmP^7
z;hah^jup#CWr@9AGJ%s-DNmCj6jhipCnqzsPopo#qT%9T<>+l&aNCkeO!gx;PFDuo
zNV5@AA%_}&UgfcGbG*5taTyuqKBN!p)kPq2ZIr3(>+!y|?o(f!9;tD~t4##l+?nM6
zphjj~9B8Pv7r)|+k5$#xh1sb2wv6(<4Y|2163jKvw%e<IdBFG5d6>X%g<u|-ljTe)
zR|>cpPUHx^OXo(Bc{5UUs)w_Ks$SbcSe2a8MVuzmk!@Ki<VjuU!QT~s-CL6Qs-r96
zBh6l%?@+L>Y+kP$#H{+jI9|ZfGv03xOb-nS5w5<yPrgls>%ayZcQlPatXh)#`C^>)
zVm1W(U+TG6jdyu$L*t4#l==~uIlXq(?m25Bt|0`U_jHn{?6b^8e}8;EHFt@{Z5)fy
z;qJjoRp4G!)J&pY;V{OK{@;_ZpUI}D*&VT1P;l8!dC<#Y^@nYa)C5jAA-mhXV#y?h
z)AVf!^PG2mXW&R=i5M3(A)U?4nD@q#@y@1F3~1lZM;Xpl^r&ZBT^{I2gU3GNlJCis
zC>5~LLSW``x>cRGT_oz1wa^;58_G6{JaKuN=IRJJ@6#F2gx!7PYLHV76@2EJI4PIO
z2w!Uo3S$xDmcK=I=?|kbZ!TyowHyP|1&l=V?a3j2P*%vRQ59db<gUfCW4-!4>1ObT
zt!B~>5N~&-6YNtP&{53VmLtm|4j|&Wz-d=4<7FNso}BEV3qC~PGz_mv2urrf>)5#D
zd14jfI;&+Uu0Nd~79uCq8NMwJ4|dC!bV^ZlFU7Wl)0QK+uO^+Q_P@Yr(6$o2Ii_e-
z#e$XOB9i6?xauJ~SRZbK*<}=M5j2Qv4)3@y&;td;Q@(2G_e4e)u!=waYWOj2fg9io
z+P|(HV<cC*YGLpH_F4bmQ4}-S#vUViz#)H#xi=xrF_P!6bv_nG<DeFPM69FNwij&3
zM#gofITRyIJ}BP?fE?*~&{esdA)95H9E7a8VQ?PphNJ)>c#fR~@X0~A3qSb^N}R{H
zdZc&Vy^C=-<@UDa{ycV71k9_AMIh9XEu=Xm8x>9~aiW`*)(#=nt*;g9`^@zX5yOI|
zUQcF$9dYXr;a;6aWVGjOnqSM~{OmD@W@`r9ZQ|9pIaum$a@mr|u7wZY2z(<iE_dR+
zc!{B;qFju-<mF(zKs<B%89vAuiJLF9drTh&@Opp+Sj#Re8-D9QTV<4%X+Bx$Z5{(v
zv@Ug1jzb`dhs<Q#w5@DPH8x5NJ;-EidwZ5$DbB;K(ydRDf^0*oaK#hsM1zaQ%2&y#
zU$Xe=qvrb#6<F%WW%7b24@9S03}VQItF<gHB03RmPQCQ#-L(L5ez0w24}iD>5Jf1E
zR%CcaZln;Da2f!Gi9c1!ecC4j1mwg5*KNez&zT7d34e@S=(Tm{HXn+4ZDk%Kf0|bt
zU#K|*SLps$xc?d2T_~cCBmaFpVuT}e&+w0NW1p$@Id7wivJ?PNwuU1yduu+lh9zHT
zSY)JmWQ4Z(Sd|$Z5ST1&wInB5fpuO1QF28Fx(td1Qry8BcoyAOPDmPDQ#K)14u8d5
zTmb0mQD^6@zH&$VLmB`+_2ryw_jA53JNFpqDX#QF)@Me=Y2W0zP`!1+k{VAFVQTUk
zaguUmb>7a3{ZZ2jd9%M9nQA;aKrG5tPL5j&L`AO*hP02del8zn9HKokR4i7NiOY6;
z!O`#-BQqEn4~O#)v*?-4L*;>aZ6j7*FeF-rJ*B|K$BZSt@J0*(1dH>TeY6bx7Q_k4
zV?WmplKC(Z;H;P%aIMosKpSlMDkiB6s`2B!cF(sF-iM}X^5*@M^}FXuZMtYjb1NQ4
zP(m`AVRC(rQ0szSSlua+w#&cvRp$~Pa8AGa@sEm~ya@_5RG2(*kzYt%x&s==r6>br
zm~#sOfMRjL(y$h*TS{k-uz6{sH=fn9q$}6*ytR-%FDQFoMSuRob7zozS?=GDx`r{j
zEPT9m-)twh_22fxi`m5$Jz|WmAwa26l~N7nfjuTX*mqd?pi_}I_JiPPnEE_)oo9xf
z#<<%)rvE%E_e~+Y84Q+D*8j+61Kb<D*b8*vV;2m~gw7Ru$7Gawf`63B!zD29Ih5{c
z=Vsi<dn-Aw-Kk>BBJjhGaH<FsT7=Nv$Ml5Ck_qZK2R{$GHYQ%}d_^kH#c%~C#Tiu;
z%BbsUA88lH#`k3U$j3eH2YPKKh2|uOl}2&^zCv~k>VF@^6(X%y6VYK$F9PIKq3ajt
zq$fVEIG)+4187SnqkTL8xc$ynqZ(LQtEkBZFM#LDv10wI0hTY6i57OV;Ij=Cr}><@
z3nE*oL53<&L^Lp@sok;lw*-$xYojnQxJ~FMJa46FLRZD)ioJN!GoSPCKYA}ruBv2^
z=-kGyO82kJYxJm_L$t3>)_pL;w_?*5GJAvt&D{F3JLN0tE78w;kGX_}*)h|NuI}dL
zb-r&e{0D~>Gm*OUc6@JltoxW8D0;;N$q<2)(S_MYp}ZL&Gxl>HBGDNEX^;dKBtxUn
z9p9FQ)>dSZm8>oYO`=I=YC@^g4CdyTiG=EnAfoHKRUq?aqD<PUf*VJT3JFjmZcRuM
z;?=m64XxeNO|7_)!|LX)uN4)&M>5UR5eR}jPaG<)kliar_55ur*otRxnYu0sv49DV
zbb6_{_JKWZae~b;Z(1oXjL~G)Pbv>xAu*m1_E^@mSa~2;e!JYX8Od;Ca<n3N4DV&C
zC*V*kgjfI2=V4d8N}i0=kS?)TOe^%vL30DrK&XZ&phnib)q01HqVBX-`YPn+AadpH
ze8(Z9+;2tVbD+bD!`ir~y>JEZOnLMCLhH|GySd#p;Y58X1&x-mxiMuy7}FOWl}L=Z
zzD_k@ytr-OG-xia<v=YDv15_pL2x3qc&B}5nl+!LfOvD|>h#=;?`WrhK(U<`*KDqB
z+cIj(qj>>MR}&`lWv05aAyo)`X&2nvxRbtv8X%Rk@dMnyJcXZ-?8#_)0*5EOVYP6)
zn$F!RSvor5=j`_5{oQdalYaP21_Z88V#hmu$FY1)hzj-Xn~uqRyiTt)5ikGbv1CHK
zSe0zKQ#B2XEu&As3M)sM>&Bv^2UHm0^sP`>$Ri#u*6Gz-sZn5^c{WA4XnOPbE|{7y
zhVUGRnQkk=HLe$%vwnsM()ypxfbmNpc`YtT=qFA3uF6XG*Bh<q*dF!5ub_Id@#O8i
zMBy-j&f?2-CTSv}>rzbesg<KK3&%X-=ulOyeg`+qM~4OFjKrQwil2*we48%Ps<ebR
zDR9nFMbS>>N5=I>YC^*iJ}esM=K0WcA;TeWo73`7U+<3=4i?Ptte7<80ea}uvp=Y~
z^}EY#BjcU#0jn+US9xOxX+(<=0%M6yFU5N|8I<47!fOh|=kQvE7GVoHF1wM@Pp{;%
zG|^VsgohZHGWG6MUxtsW*r;u%Oc%_Tl&**wv+T2tcuPyN00TT~?4hp`-->BcqDyU2
zZygqYCw&kfF(TA{YDm(-KvXxLb=f2ODC?JDX@NOq{sV=`8clL5{)QW7C_x<FADR(;
ztus2ZNrFmwQ$!Jy!G%R*2Y*l>nEa_j|5_sYLXcVuyZzaVc?K4+qNQi_VhHIrmDBMo
z?4cVRB7xr)ra_>}`j?j%mrLG8W5aG5xq*0p+|UHHO%g(ZveD#MpuSF~yjm4Ab~<ZG
z%nhs%jqXO`9bhz07V&w^h>?=5rUuJ3G7c`6X;`X(=nPtt5X*z;;>gwQ_Q#xJUTbW;
zz{E(l*U6KUo-Hrbx>XP?k?_81g&(&_rtYuPSPj#)Wv_};cO`3+?8%i)&Xzl~=bcvw
za-7fm#?J$2;O$fDWincXasXz<d$r`G80p4wKnu+{e_hs&d#5(hA2|*KG_MXuMq9m_
z2`Uds;1Cv7^8m6W#~+q>$&=Xu?V*(qMmBO%I<QV2Gc;7(b-`%LBK7J*5f;y?Q^WR7
z<e6Wk+vhYdmDew#JD*8GV$}u7G<)4RomWE<Z<0>OFI3>#MtGgnkq(H`eg{m9=Qwv4
zc@ottFHVv79%*Nluu07H5svo(x@|*uWnW27`0BtYm8U{sOl7Mh?J&3Wz9&;b#g+#x
zrf>lfJ4PKLk%aGtfl4`{8}hC4h8gEr6IwTZmLLawiC76({4|<o!{yo%+FTyeJajqJ
zO;+bK&j7$pc&dr^cBt<V&CsM-3|QpUH3brC?$hjQFcO8Lp{yuX%6vo2bWzMl9o#_U
znyLFmmQ<BeM-}0stlzzLS8tR)HGf7xFrTDnd>(vG>>ciFvvK4~iZF^PD4Yn_Ki}%^
z)J}hH*1m1?7D5tJXJoNyq6-4IxS33OW`QDoip3F)rC*=f^Q%8KV#ie4X<U1f!2&}n
zEW%dH0(?*~Act23<*C703Q@!q6Ivu2Jm)I^y)X?;@<s+;u^Erj(ydo=Qsl!I03$<}
zv&M}T%c4v3>~&y;6ftP*HNx2CCv;Y;1ix`Co1Ec9Zx+4l>7eaGFTqZop(3SRU!?8y
z_J+_@a7QNL=~W)LW}K2|JYf`jajmtNH=}U$Ct<W2W93x|RV}spTxt)sS~hVJ(RYW*
zDn~DqQAB#P*WaI8)5y8s&%+8;2Jh59pMrV{$i*7P^Z<BsO{jn(aH>t4jz6`@Ex{I?
znfPc(2t;dFh1h6Oha`(f1DL8TGzNvVlCoff0^07O(N+X|Shc<Bghh2oE*iSPmI95H
zCkV<LT2yFFHvBEbs&70Ksxn1hv!>*c$}Y*sRN%~bI^L2>(h|*ELqjXvP}o<<QpDiv
zXJv+phJuMXfTtv2#+iK}OO5$qm#R1Dx1)Bu;@VwREE+%HYwJWp5hWV!reIcXG<E?*
zJPRBE1Epd)38+!OmXEd^>qaTBRH{#zg76}sIyk&R<-1r0n+eR2r1)V4i=N-PsLcjw
z=52P<S%lNvm_HE~1eQOj(>7)#{GGWT6LZ!wGq~(Uu^`6;zZ@jSMxtH&Gxrab*La}2
zoi#(hvNy{RVNP7T8q?YSYtB^|Xn$uTR;l8@MESci7|J4MVKb0y%Mj6fc3u}ps%RCa
zxgLj`mPs3MkkGFuBSRczhI!OAdP#Q@mEtimsL`3vqd(RQuEMPSh@BOvU*I}3zZO+T
zop}k93z8Px5*_8E$;gR{Y!OXS=qrZ-#{g#xlh=#(j;{KrXZkhAmx=J!DLcva5JbS4
zgiqbVy;<D8Okk5h8s;^qHe|)PIy1a0+>Cj8<!SQA4S6+aDiF<>HM@c2w;^S0kY<3(
zzj^EYnJhOQm<|yQO@4P-TRdi5sgpC76&zZ&YLaXkJ{TDX-vYc=9+Y7;QnOK#zre4=
zHk7{X=4m^-w6KieIfek^Eo+{Bv|)eseec9X2Dwtqhl-}DY=eQJqEdIYb5#flsJTw3
zaxFR`C|*)baqVnI-rru7+22bC*E*~n{89@S&uKV%i?ALfMcE44^eESX)5`29wl%Nq
zgX#C34F$6bd1cwt)Im4d(m}N1m27b6%+Bm9cQ!Ksi^uOT@|inCYcNo&_kV_Jv~ioM
z%f@1<q43Yfdb}T?h2ENdl9HVC+pr>5qtKqp{>D}Ndj?QH+$jJcmG5xVLp45BO!^7v
zB;(N}CFa4wOT~UD_(nr|QMq&!)Kl3>T%j$+W}+WUpyJDn?1)E!y(0HYCGF*EC(9qh
za>|I8&*pMC5und_r)GY(QF58md*Fi;p(f_F`c4TY8s$Kx|1AC8ppw;_X;?wRs1KF$
zX^ObVf`CdVV*edR3BG#LWE~Usc<QH6I)3nOP4jr<s)DJ(I$NmnJcU(=JAl6$^R-$q
ztcZ>v25!mjmv}O@ac(?2x@81_ILP$j(fDcf4Kh0H1c6Bb@Q6Z3H;dRY3p|32br4+$
z@>EeG6g<mi1p!8SW^y!!0$`2r87aJzB{kM=KU&zofno0~uQX#SSof2|`&CI(4=VW7
zD$b7dVhce!pB?<jc?556sfuyW@N*JGy3>+F8@sSLz^e$5T+B+c9S4$AW-oT#+6nFT
z+gW}wc&|oJ4Rf=>ag7bR1(tZMF8<KmY#w6y<m+-`CYqGXb0@59Rm`CteM6FF#4_+r
z9f}vTD&FD#O6jcxLLsCvPjLw622@Hg4I1<4OPXTaih#Lk&XiIZJdTwG5bWG`W{Z2R
zp!BeIyun@5ckbPyib|TKP?<1F9Wii+ZKmEUF9!M{xWhBubDSiZ3Z<CVzP(yg%A~e6
zN%YpAY8mEiAi?iN*KeiMrj08k<yg^Qxa#SroTFay!|-Z)Z5<>ruEIQfh!^auo2H^V
zNCrSe0#qX%01k6yGf}hF3Udc}=Ay$Qy6T_I?aVB!@BiK=%;`t&)jv5Ie$HU~OZeIg
zw88eIMPcg4Rl8VixMFD5pQ@m>Ikpe<75fIfy9$j(?;ZG=RE)e?Oe>4O8-L_`j!Sck
zgL|_tj~X_IPrm&9rJn!a_Wpk4p|f8PmT}PwgUfaEHSeuUvF8QXy^bF!PQhy(=VjFb
zRePQ3bfYqz(Hcygstzzdn^b{ClGTOS69it};1o<~cm+!2Q1>JjQzJ28;A+~nLKSu%
zKO&tbhHlwg7+(ML`(IQ<<iYC8f~fwn{nS6@->)3}YM%Yns=`B56<oRp2BqyoHgGo;
zf|Yv?Jc7GV+2b~{oSMmm_Yc0W4n`gJ>7f5MScV@>862+nbw&L?sGU2yz_hyrjO1=;
zbTEl<=_po(nV@)`ARr)AINe-SD$UJ^T-h6`5yP}9eOn$&or8&OguRff{eGyoSbjmW
zHd}`E`4aL}+$dbrt=Qc3v|^Z@7B2v03Dv;&yk*l?-T3=rZhLw0Y-H%4lZSu0p7cC9
zT>5t-Dy)$z=@G*Pb-q-Vd_C%@a;YtB({ZNb-OBVqMtJ|JF@^}MA&4bTq@w=cM*Yj9
zMWQ9W<>-4~cFX=Q*}vu3aHZXZ?sI(tvL*|O2|Z@d&!P-k@CJi;xu}}F_a;Qhy&WDZ
zZ<jiBLpO%SuFoRTpp=)DcjyY8mp_yOITKrjcS3tKZ<J=6uyC`CG=Jvh%J<)2+h{o$
zdwJAmaP;r=zohk-E>Y)*fAmiNVhMkIZ8#^Oh&6b{{>^sDvm-VoVRrUo=eiWCZhk*M
z|7(l-yUXC9rR8wz<>CI~+|kxzvB4oyHx}nZ?j5}!&L{Pl_^|%9gHQrM1Firph<WuG
z87%sPg<79&Ut@q{L=cPwzOj`jGm8x?+hH1;FQ!#tuu}kt6_Pd~Dd(u4bc;OYJG1M{
z+j%z^emKayP~#x6Wq-ZpDE&zb^>BAXEBx%qUyf)GY01&ymguKk@Gof`@A?@h_n_Y+
z4;MBJ4*wh-Ey7&(m!^*X9v#^`)gmi;2sN|ih3h)_Ql?CHwYavxDF^?QAYFaC&5v%O
z#(0kSbv&DH9)mFwV-_du_^RWuRI_nL>oq!rUyfH}E9NTyc*P{shI$>$<kWCqPART0
zEx*TJwrmVrT%!K_Hb^}A>qNN0%MY;}iF}1a4FgiV&hwhYs6T6({!v>yVJ%0CzH^cL
zPmUrT{V)~}%P;GQsEi8AV>FREg7{(|BwR7UtAX%%Htfsauq!0ZPhj-U*IV!GV|c{+
zsNmfDAZA8+emPdU)Sm3!EWFK4<J3+fg@AMhqmBj*B8T5(TSi7wBSQbMgd5CtDe76{
z?2?``n3WX0_7DD1=!pH*2Q7b=^P~O^M;(5TYRgosz@?IO@~l)(Kcp(}2TnJ8*^UA2
z&hH4yxbOQn8xFnfcr16mes8d6H{#6Ys+ESl7W-kIW6CKc4g#xz!|Z5ifX8(L5c{#b
z6BT}VFcuLSvGZqV>m~XSdh(Y<-j(EQJ9qjS&hzHCkCxsP`?nk{oi#Z4S8s6i#Q**1
zRb_8^GhayxqG(9`2`V0^wjd8cQe;FHHhQ<g=xBodXst8y<pMf{OCQSk=6?Q|8(&+G
z@T(s6uaxo~a4uIj8&C?O@w`1f_jhK2xc{%wfEs={+;?_MKfGXR!+rma?d{DAgLn7O
z8j$_pUpkz6>GJ#U{*%LBP8F4&<6vQRw74$Gz61O^8&wR@CWIx1ZQMqh@waA3G%T80
zut-7?#tzi3;HMY`Qhm)YnRed81Zd1>ZTJG7`ad~U?$}=IxP3L>xNCgZmw5DZF6y9w
z8KF6Y#3=mw_tfl1i3ST72JifudiipHiBW&}>-*8xUet-(<`Y;x?LOtHY8?grtNdl1
zK+#H|LppCg{XBOC=QA|Z8Vk4oU_%YYxkgi&6fwZ=g|idL%8cK&yVN_u*a(`U8hUWd
zcuUe<#Q7R5P2`}|5_ZIxi#j?#XAr^h^82F(XKD4>@Z_oH{!@_~2YW}q`qm@2hV5Gp
zkd#Ui9VH;8>{ix)hlO4=W$_dwVTAYu$OCbRnDY9uJB+~5WAhSJ2fo;hutioMI@7?k
z2JLqQD|2?s%NLtp=9lA<P$@Q5jUV;INXWMO<<9+T>$7x-`Z3itxDoL@=$N$jVMqr5
zugUE7$M66At(g0_9d)!zL}DsLzKLRZbXs#DJMO{~z%ywYYmA%Ze3@qsB*$ui=~=xA
z-RQB~;T^}u$AsCjpmAuZdh9ZY7sBTbx6G_5*N`a9<{eLv=gk-Ul{UA3FnsizXb`zJ
zS8%C|pA<4ZUSunG_FcypSk&*`lSlvBiIM-N_vWnL8kXP&VvxWPcmw~Vk}^4yJld}^
zuU_~_hRJNB(QO!!6m<BVXpwGtN+SwJd|Guyz$P&X?}-=CcO@6}2tc}xD!p-zK(K1j
z?nQ%3M-5y0b9&*APk#IJ@~`*C_vQ{Y^wCd`og-q@0iFMv;e?ehna+)LLf~3$ZxmS#
z^a1!gcq?90khDT_uI8Z~589sk`*3Lbm!$0n95q(VYVC&SfU{#tagP$adRT~X93{Ie
zI8iBiAOS4^atS^-dGz~Wc<%U?v2(bKKCYQ@BK^_(#+U!rvNhT~^Wq7j?ovD=r6|~w
zK+9W!rq~Jv*MF4j(yFE1(>C7cjXBP(3OH|n-5P*(I#Ji0)nKmC<uho!48X!_4QQ-!
z=z;JFsDWwIeu&1~Ag8&*8UO#K*}>n3r^B<h{zfm*FKXZZxB2K))SosLm-j83!|UR@
ztmYNb@u@3fLY`L}sKSLyZrzz#MjAp2v_@uD53yq`vUQh<xhS(kNaOKgm{FxZ>Y4Qz
zJdlp20|YU*gj1ey7SU9DD@6<Z`oYqdE7J$9e~%MGR>m(!J!t57(YP}(=Ie3^l^4^A
zHGZXui*|=!X52v5HhYV(@IErv<K@g%7h!!La74A`3~<Nk(9NtECg2Tj2|R>VNKvnX
zmmsDFuA{;|S+HS=?7_m8zwqDoBE$d60WR|stB+DToz~OzT5VeXfz&jZ%vJ~N*@3q=
znIJBVCUYV96Grm5&*_t{8-gT^N%2lV1EWLe)qHSUV*v4a0QeM#?-!ZJoi=6LL$Yb_
zR(X9?$fn|!Y{5l6FL#>WNBrh)O}+Burg=#AJl?(~Ts!`>JXM;pkjxdAwmQ}rQb~^y
z<Fl3Hg(P?<6+VB(if%Z1j9#%@MUN$En8Ta#IXNJ@Vu(tHcxo{#e@+?^$&lHP8^zbD
zD%jrUNt0IGnwh(_^ujmAf&awI=M7=YjCBvqXNB3#jiG(AVKq7_9NkRcRqG$Ox}vxn
zXTxT#!$2}YEH}3D%%3_>i8~)e>Rb}s^mrxmqJ`cBdRe1ZpCNOGlGCOni=8_0>wnia
zuKZhFULIq)GE6W$XgJ&Q*LzvSk?^EMvu8jVqiL!X)|0vMz$D#`3$Dp&6dyqr`^B9d
z4Ca!`-9++kal2>2^{#8Uk<;nBvLy5?F=LM;c04_F2Lgn$vb5fs+ep^K|3eb%4bCVH
z3uc;IryA*45w4`7HnxYvUG4hP=E;&d=UIzxZE|TF`B{}`VCU2SU|~i^I(NfvCPAz`
zI|D>rz3a1?dNYtE3}=!xi3ToX=PAO*dh<IKbGa){(t4K!cGgy#O69!}ZaJN<n9xtv
zz>f*zXu5Y8vyiUCUyGVYtPX>R6R^~z8zHCi;FM*lp~?@aFN<Ztn6;3aV;-&_uV!pm
zS9tA|2ZPym!Dwb_ZyA%Y;XwLP`fGf{cfT?^mnlx!pGDj9Tzi))s4P6NeYs)>Of8R=
zW)o<C7%U75wd>=KS@q-y@3}|L%brAEzQ*dM>9GuQX8~lc5>wdVPsC75+EqH&IeJx7
zzA*KkCiSm~v_Yf=c81zJs+@tKa4NAdmP~fvnuCWzk+tO*#bcsz>g_2Vm1qeo&@KIn
zQ?F^!&ZiNhR+X9v%T}N3R)EkG8c^G>E)37laR_}ne?yXGw=Zq5Wi1?##zfp$S;Q#q
zk|=P+Yr7!#zL=bSRY>yvmoW_^jI#!ZmqhbgQS9zk3Gw&iP{>Z6%KR=c6<>Mf3ts&h
z*h^F76(miBMyu?#_UM~Twq<erDjXh8PM7CYG`885<poHJsXX|DB+pN|&*r-WOK%<g
z#>!Dv#5DlbWbr;Dgmk-;sQfHR$)pAo>(Crnm1ul3s$~C^xK^X3;+e3PPg>wgig?Cp
zn>KZcyJ4s4)#8#+2~#gnr`Bntn`o*P_y$8q1GTQ8_>PWt*O}L0C1_?RfXyK6w!532
znFtv0*$f4<=AwSoLoK~MGs)U-B(0S?heX}uau;V-4%rluD;SK1Cn!^a7v=Th=Y7!F
zfyUcrn?0^h%-~5D0#?D?Lb=i{!Jd<03a%Egl$X=GB*i7ieNUz|#!WLRTcBdb?x)sg
zyq08^xj)8>&dwrOY@TonrtV)Q`l<Odr_~fuluI1m*)8gXB0fS+Wmqgr7$;Cy9MFa1
z8Ma7VNbZ`6pE};L=_AJZ&5>LX<5Ew<%Ffj^TO7P1$DR6$R+sgI?eZjVBdTDkLXc_Q
zbKcW*IJpk)h40V#7LmEp*!Bt((}Ju<!I-aOK#^N_fSaA(C^js&_9{q7h({*jN8;nD
z)sC!ZL2qz7KYm`|r=^J*>q#h{wnE|@*&W*<PH5x`;R+)A&Wqh;{(Fs<x@Y!vyiMqm
z6nUG{62*9j*Kgd%Ih9na^S-y<e8vvsKAq~fHC9_NQPipMrA4=^Bv6eyDjb6oZUBkp
zJ9!947k;s<(?h#p>7j?Np`msRdIhS%!zJqX)@#RV?a48?1o+`=fKt;Eajcw#;p$6Q
zU~b&!`d%Uv@F&Xoe9uH0?hz=OkaobhIRWM26dX!z^u3l_F=$R?DT{fhX4u*|qjIPf
zsv#~N?XlF$>7gmv7F*~eiy~GtdmP$JbS0`i@e29E4kMKXiA&0Q4U^r++BaK018s2=
ziE64hMH4!*P9*P<JQP)#iOBiQznis<mgmmk{tSp$*hM*%i}V7iz|%48hhQ#OrbSK=
z1$ETg5oAon*IMR3J1N&jJYK#2TSdgRvl-}2<9(aMJ1|M?@!bgzSG<shG==I@h11yb
zD*F#k^Am1ssUxyX18-rSV2^(KaQwCV*X)2mUTB|nuNpp{>^O7kcy>p9;2S5iPUS+J
zIicFkC?2G3T%O7?s+5LK;;`j~y!rw~bOLwi$rI&ltyvgFFMQyX?}~FGqJ)EK3cBr9
zNR9(Bi#OmSEC6W?3(XK2iY?QtZk(lLGJHxiUVSp>wsjBL`D7Kk@~3_E*^WK&JgPUa
zaf=7X&`tl;FFO-<cXi8$=_Mdl{@%1zC=d}u8L9OhUry8nY?I5cK~zm2o?|oAOqyJ^
zd-t;=Tg)@M;HoIIUJp4=!}Eghwmk5pkT{#0(qpXpq(oR6>#&D3C_-wN%{sP3J3|3E
zsu&V=Qe;)><oTDSmHe9_C!^FUX^i`C{AWfx+%?r*6P!`}>MM&kapttD9~!VGl}76g
zMN0EmwWhoWOQqR)chwU6&?lWKuQhOQMQZcDC}Hs1l}_=gosc0FrC42YyTopF+2Gys
zoJt$m`;)1GCysQu)eBE?xnAY)EUi|ddKNzYcmbI*sm8(uLXN}E0^{PFCHrf3t||m^
z8|E$V^9OfzUR8^)gg1tmO^pbgFGsND`;o{NNsD*aH$FNr-v9Gs^jfW85<^BVU3?_s
zB&y_8X}N3@o@Cj=ReQ<t<&u{F?>ZlJ{pO>_ch}x|El>uNjTU}i2(C>Htacl>2H|O*
zdfa9#ie8_Tqu*jQADc-Igv5?Xa579_(r0Lve@z4bd5EN{8!iOfP4&sz@Fn+mEZ7NC
z1g|HAnkn6`m_+a8RYvywmb%js!oJ&ffp)vpXCe4W!7-hJ6jA@~i&E}=eeGHHqO9yM
zL&H`a9@H1>C~p7wn;zL>--L12cllZN0;n<0Zbysuvqkt685aci-R;fqdD3U>7J@N%
zXiC<{G=I}`A-m|+TYk@bGWGR2DdGZrJv9_(KBOGaDt|BRbVW!roNU#eDNVYK{^G4~
znlOBd(T~X4M(*Z?9$ixey|O1$xoNS9bCaMtpc_pBUTY5}$0jI-CfvA9q?cNM2#X$4
z3HKQf##?Twhh<zNJ)X+FDc0%u;ri7}DLHqg44v8|^T=QM_;z4>wXN1jc12&!D?t~o
zjS5b^d3RTAi}$FcS!y-$PwP%X#PZtS`n?s=I|8-iiH~^-yy>5t?&q!m;qB8MvnTf4
zo9uM|y&6AxHpjpg83N<^T};{^4xE(^>m{S?e{%KRcAU;?syy`G_tnAOAoPynIi?Rt
z*IVuMyZCr67iFuiWXo#7w{0O%#YTK(z^=}!Ex~9TwHmWMhe(V9ncjO~s9sg$iGZbj
z(WEzrMpKo$dAavCCI241c`*j#b7MQc5qNC;q+d+NxeVXjYkj6X=dw#y79R29PCrny
z$nj(e^NDp?8SAhA{9-puLjjh2S}JF?cGobD>T0=x`AYqKv%+9&V&~Uv_WtiwJJA5p
z-6G4EUyPeS`k%is_`bw9{k`28m0i?c@~Thcn!Wa?gS+*gW<Etax%jTgOa=Jiv)cVa
zW=Ay*KbPZfIJRXi+YR9Rsp&K^;28ysPdbHPe&14SV^DgoyzLfWYz?AtROM~Ri-_V2
zEHSb2h3=s{Oc7m>f|8u?-5e5EbOr8(5rSTR2)J&Qv*Pexd-_1&7<}_W{rG0DFHKh(
zy5vR2%zJ0mK6I>Wj+9RRU?f_TY)E)h&4~y&E;Vkf_3z$J-?k&t<<(0C^%Pvq;)_-1
zh=88Ht$H<;G}4#FkgpMuKNl8A`n_bo0*i@pMG&0}y>$Q$&XijVh<Q5xs)9%B%KC6u
z7hyNZ-Kl85rSf*gyPHB)3U{2U-XK4xUkE0S(yA4#gr8gi)lFT<%d>~ZdWDpmP|Hm|
zw)<c-pIOY6U+;+A%ez|<<5~r(#c9)6lr=k595fZvajB1F>J{?jJx+&#(o2KFPSa{#
zTqF;#hqKO~#SuGEALM9WYcid6TIbj+myWSR;-l5R6m-er2Ugr&k^YNj>L2e^z7aV5
zyoVmRsP38A!R-BW%<GYzo-KISyjMq(Pp1Eg{IvBTDzYi(tOE^`5$x17CiFc2+`E=j
z*EI#58b>W^|E?jwotdq2aVXu7V*E<le(Ho0tSA5NSob!ZAhF}f>NwIAqk+v>)zK0L
zuGVE6_({Hvz6um1bqg0r$KIGCCW!&)qOmw%46~)J7Km2AETjJ^k}pHVaY5%%;Eo{Q
zyb=kji+fPaTI>6ui2$qGk4PuF670|7>KpZ64u1cww|-_WnxI_JWFN7Pd;!dbI1%i;
zr!Q7bA^xn*41M?8wUn%m-l7?K4TRU^Y&mdNCo*XBrTgavQ|>U2_u9R{ylWh**=$LB
zigHD&l+>~5k>xSioB>(i4%(jIdklf@)f@Y^89C~6STxlLEH_SdbvP3+jYp5iOPzVX
zQby|c@<6>K7lJDiB`73N7=dE1BU>67MO=&5Ho{jjdnuSnSGm+o^0j)QeaV#@Qn!Iv
zTb?jCVg9au8@+x{SF(%HM!72s)vPnqP553I+h-NelDJ;KkhHB97Bq5aAN!uYbw1Uq
z3-a3KrO(SR_nI@p#on-9u|z*DuIJ!ZJ6m60cXEy`UXSL6Z|hC+3Cc))99H+O?9p0|
z(7731uR(Tf_T4i)fbLxuD*YV$Z&GeCP2Bfg_D${gZxZMFc|H%bdzuFcHC0Lse=o^P
zaSOZiV)o6=#!rD=-#63MX4V&zci;y%4G+&mSq6O>HbUau;srHy>VsETOH^```=nt{
zPu~ka@m^<0NgfzF=i0Wc6AYA2(-EwmS7AEpD}Z_`r-W`Ps(~sl1OLVS+Fkrp3dxx(
z>{FFVCHU!xjo$@+KqFfbDJKORGS2Kr!|v}5&n-qJ*|UQX+%R$0Hui|5vEArP^Ebb-
z$nZNLwY9<<E1T}=hyA+wRY~!ZKx}hd_VqLLjj6o#f`fib(N`}P4Dp^S_h_j1edn_O
z08$N!AO5za?mMt_p36#Ic`fr^sxny9w3|uO5&a#{U5puuJJ*`*D1h6XSbVry^9tDM
zQvG0R*_(Si+=sezZ~619#>`)Q&Tb0a;s02RZZt^k`@RVZ;j!R4mMz{PH}CpxMc{Gs
ziu4z)?|pv>3KthB_UTm!Yi2(mF5%~@U2;0D49FAj#`31F*bRW89zd?C^_CKE_jY5u
z2xt2Yjs7E9pZnMI7i^(fwh`Ea?6Of$-f<pJFil>*hz+Jqz=mmn<Zp$K!hF(?hAq@C
z;vmim4{FE%NspVTcYQqjE$sV#u+tyuSGX4{O~E`x6K^Ag!ybjK?}n-^g^k#LFADC9
zC0|U6D3=T4_Yd&5Io#`c+wiO@cjpCVhw~#wns(u~*HGuWt6Ude<MHC9pdl#rT-ZtL
zt67HZ31^`&cmA!G$@3BK&6Rb(9^4?_cC69AfAVy9^nSnSYOPoCV7PEtals_|^*wXk
zY3~fb@=>urmVVHnA4zIWs%AkOL0X>|Hqn=UcfP&(;F;*XH!@A*eP?Ec`R_L+t1*He
zysci5o+#+PH<2`jbk2HmEo(Wf;_;ZeA49^~M<N<<-Fbck<?`H7AV8M2VUO$AHmDjT
z!@^$u_xPsHQ#L%Jq>BY27%E;PmS$o@NYbuiXIAN|?ZNndZn|WB<tJjU&5OtnQ!bAh
zmDW0=F;^ZO98+}{a~&VJ_?)=FzX9?;HP>dhTk4#y89UyPIr&R%#L%WnmF4tHOD)2a
zd4aHNWACyJ_AKv86xJllypU6-mh6A&XK6^D5^w&)9{}r8XCJLjT-A0y3ei2z8Q2&Z
z_!6i8&KAeNnR@&WpeHpq%7ZZPkcRkwuTpcN<XMiL+(|OWsj8fCjmvgVI8U{_c%Sen
zXa9ae)H`{d#J>H^IQu{MCfi7nE8>wWtrlOpl5#T}P`|$gEvE1JT$xt9<9Nu9LReTa
zTrEh)D4sb;b!cpHNHeFDke1Pgl4fTc6d?<#zKt%lk3V0_(Y*VtoI^qv9xsF!3<Z9$
zWgb}b$nzx}V7cO^*;jOKaHKOkyr2?W>BQf*`|X!=&H>f=CxT>n6)jwdbB3-%V;@ib
zIqokvhv}U?R#h4NM1FVT!s)3KH~Tc-SNl~}+cq!qB}AASWuF_QI=dVxuXDF3AU6XP
zfi+hp%B|{*u=80O0owT!ro~~CEByxV8c(ic%=IKP{)BVa3~IpcN8Ls$QYxjum*pvy
zO@Ftt6m-|T*IAx7eOuTSLa@8KogRI3b?d@_lQbeQaQ$&`pXSPvGeJ80C^GR6Phe@|
zgS(5nV@*->u0$p>l&_?Jjsr>03!_PPR!Vd|cDyX$ZpLdxV~H^tX-4+hf}#6yO5Yk*
z7crW9XJ0PYC83CXfUL~rl|=7;PianW7#tCogJ|{4Tv$WbcbF=Nfm&DIadd6Q2wief
zLy1bo^tk^!W(XChr~+0Y5wb1=54LnSPmG+Y8h4H-Uy2F#T|{+0=)QjDHBX<lo8y(r
zKeLNlcV7&gqxnsD1T<79^HpMak9QnsH$I6de8cmDza;iO+=ZzM9?czFBUMe>Oj(4U
z-n8x*t<Mf^@AQ22(SogcdZM7r@Tl)G1$pJ&J|&_kGjcMM%&$*)*w=Lbso`GSS*&0-
zy?yG1q>%s3J=L+*fnJsF$;VCx8@-WiY{z2Rymiv@vnM0%SYC71k6~HZ0j8?XldbhG
z-gD1E<j~8j$4X#!JtfJ?VbLZTAXx-dmD()K|I1y|R4sw(nf29NwOY)9u)$5=<&L*q
zlY)8O`{|1h;lMXn|K2&p!{s;)IhPabIu04M{}nQ8^gej1M<nYNr>5bb@C9=0I(WS2
znT&|jSfJteb2a{rN?HtKpywLS&GjgM@H^}1)9jalpB$vtysQMdPjuv_uuS(~h*x;}
zptgXV@=$J~RWxt9>-}d7v&218Auhw#n&W|6{i<5v@U;KKDLJ970}o0Ac2-{KICVxz
ziE`#*U_N6zZ}&uFtJZ`MyWp(dP6IR}slGCC?R?c`cP*S`y;>E<G6Jsa!)x>KVLg;W
zdFF28EmN%hwIPI!2*#u9u0By{x>BbZQB)3keS=x{REHvC?0-3nCbsHH>t&y*+(xXc
z7S`;5<2!@lBp0l_1px%w?qz*~K?gK7PJH3>SJD+1rMbS66>oDA%}iA*{v$uvmA|O6
zveesGJ+9QGimZ$EcRgz#v=RTSvFgLed;C|<*dGULD~dm-TRu~1fBlai^Ri#Mn07Bj
zTk5y&LyZW&Tk7nk?-KcVEfv?@^t&{UA@2$2``kB3zz6sBCOb4gTG56i*H=r0PH$?u
z3i>;`muTh&_xa{CY`$!ACrs#u72UqG>T=X85a$=uD!+B`nCB?$iCWbjdghf>LVdGR
zEjpVXcy!{?3s;LhUNMp`2dSXbua$gWYxHX~!Enf0(b{*M<eogxXWWWyPeW^3cEoB|
z)kc)Rsg3Nq;@jE-q;GJ)vYKL`ISYMV%65&+x}mSZ-puwXZ2bwx6ahXiXd@MZxRLsf
z%52%m8#Wt7n2T39!FJV%D?>vcTKVGC!tfQuv+F-@izYzCMUSh_9`t|AU%c4zqUDK1
z)ym2yz9Z|*lC$WKoCQHdAob?nuj~c?cU>(x50r8sgXu2r1_ynE$2>q6CFYmebu|%N
zW9ZR4$Aw%KsM+j$8$`1QG=}n<vs#|}m&f%&c7EFQx9eu_NuTjto&RfF6Z|ltCpqZO
z>P-upb7aX)&ag4@Y72YZfz8V4ydQ@bYl8jD!?IKoQ*E2ircQ~Dk!}fnM=|CJLtA#3
z)c?(DbqFiAd4fTL580GoF?WovxOqSFwIPiRvtx52UbLkxOIcarx`ioMCsbI<cZ%RF
z<IS9YWYOAF+p_v_KHDZL{<G^^h9LSQ?S}woPts6_r{PM>3efT}J}z2g{IlD`Ez#&V
zm6}~_)Jyu8(;t4H=-(t<&HrMgXLGY+y1peRN-4^;N_Z<o(d8@Dfu<$*od@^zD!a#@
zhY~Cek7b+)4^A@96>wFj|2baxF2WfUq5%oD8;%gf>P1lB`?=>w2i=ldhe%NxzEV{T
z(Yo#5+@_qv7$F8>5dGdpuFQSrcmzR(h?aIOoEaws?imxRn<MpdeinTB+v)soerE>P
z<(KTcQJY12RSIEmM<(&Clx!<Wn}QglJOLf7R-tfMZZ;}_m0c#cR~)ly(urYsx}QiG
z*Jd5|6z`Nv20z`o+GovJyn$ykdb`5b%sDplx^d(A`MTzV`ud?T0pKB&IqZWI=k<4h
z5`(+JEADaRS@)Rb<MyJ_kPL5*Rjz@?M=bdZlX}*wijBu`huI6}UeBnkY14i4hn*ms
ze{X^%`y9Kqesg>1J^TZ9`prJf>+KUHL3_IWSkbHdn3XHIaLmt0a=J@oNGL-VmL_Ux
z>fSeeV#`xGx+gu@M%VGA3?|v)rp!|L?P>SEm9LZg%(=5GT%uC+>~W%Y^NYr@e9CSe
z;Ru^Rt)K^XS?L)hRR+T5|Hj|)nWI-V5C%P{gIBW5Q|(ksk^LXyryH8bJpp<6sBep~
zE=*SZ37E4uE73dW8&0!?>s-JL2`_+itk{usrqwC}g4e*U^7r+<NaNKbp>b4ka1s@`
zH@&OE2kC6Pq50|jxBa_q-vbI&XRF8Y?`NAK;z6Wk#wHlb!;>L4<&@%+?e|zkBtJ)w
zOGnLIMz`&mi2vke`)2(cdu!PX-yO#I)E&PWG-O)@cYgbvprDt^B^tdN{=!gg0o@m(
z%G!08eN1b>%I_va>957V)bWR|CuZAT%_1(Z&JBKxHkY{3J(>B<;QU-&Z~N|nyHHin
zu62m?$qaD9wTA13S1aCd1vzxI8i4<$oTzo%TYo)wX68Vhz}wxFcze|<rff~3Dzclt
z^U%)ce>ddC!Srf3O{IsP%}9UdA9|v(p6Sk*1bZF$&7YueCN>Ff=gd1lDIv({m{jLR
zzLk%@en!0VXOm(P_H;p43}Bq6S~G^7FGa8o-CoDf+o?52e&-$hi*xSC-cOEja%ga?
zaWh_I`}f6j@x(5RTnI><)mR-z+*%4@eLyt!YH;sMPchZd3?0N~`PUiee@VJl+PF45
z)0YnewAXH>P3ZO57wg%a`NE0kXox+{9u!q^@}6`uP4eT{3$67{$2Q}a<#PXgs$7mZ
zu1XbeSu@;U`zN@5Q*9ej6|s1UhopO{;a=cehtf)DF8Vr6bnI}ST(zE3cj95_xd|R>
z)BPP;ko$gi@3>;4P*4{kHFQkBZ)c~seQU<`%Ji<%16S+If$TbMm6R;HQ>N5dhaB+8
z@!HDH&)f68>L#YSyOkBDySA*>wvuqb31)Q0S!Ha12U>7hsMDuH4Cwtd)29+|N63DY
zcj{|`J``17P&rS|t`z%hymps5eX1$35Dw*)ay@&|JNSz$v~DH(6#q@&Hh*yKtkdjw
zUi&7kLK?8pzjZ>Zt7BS0=;lI@rOoEtmP>!eW`$mUoU48NSdKe>ul}#b_Zsoz9TU!N
z!p5}%<8;7AyNMsKqgd<6PUkRbv-kj4aALe{wbtzk(O%-{xt*_4Kzofi+i|hsy5G5=
zWv_ULAdTGWil2?|?nxVu=?`LVV!yaunbs|hczHJI6_#wG>2U&AeWz?@woH`!SVnFL
zvE3H0z(W_d{8na*KV7=_{x)psBirxe{sk}JxxfXa(-ZDov0B~b#;0NVet{9hp5uk2
z?3JC1(Y9Mfj=cp%J<U*9;o#ZXYK_BRG@=*_{J1XO_2K+dN8~20`AXW(pJvDRQ(9ei
zv%U{%Fqo(L@9cP{za19~X}dhOTv^!CdJ^=${|J(?*|b?G{^NiU+5b+Jts>;yn7X_#
z=kboK_|v1qE0J)Jgy*A6s6LWv%?GKvu2bucU5JkOO8ZR-G}bb~@804w6K+O{O@2((
zgMb&KW|jJDl&VXveW;iZejN%+SF-)e!{RNB8BH(lOpWxD{_)6^;>r#KK!ijt?&{kT
zm<mZNV58CrsnBN2VDn5u=?r#bz|7gWP(HDFp0TSPvAmkmsPpJLW^oQJn!u(FDP6?s
znelUakm<I!``WgHqc4glXYU6#a;O*;W30y29UTEMWc{lMs1Y|%PpD5LqT47LDit#w
z(jC&OPOG<T@I*WBQ}#j3NzE}G^xi}Rrrod4C0i+^e7=y4IPaVlZTGy5&fDRFn)gNm
z2vWhcOw8E^10P&I>h0N%{hghIkY{^J$?j9Ax+7(Sc`g}Ma)(HmePQs+v8LI*5x**%
z;~ZLavJQH`rKy-Y!ZLM{zTn<Ra$~~4@O><xo;sE3`vhNCE>f3i-rDOr4oC8XNX$`2
zrjeV#7qF9lT4q~TD<rEeKs+F7@C#V4<A`U!Bcb-U!9C}!LXbN~92Hx_Y_Dc33<{GG
zH=0sO9#C0L3B&Xc7fi6dpY|V)O0(pW%IrBND%!flR=vU4JQiflyYQeoqGjuUytbb5
zi1NZ&*a>lg&&c1;;`i;3i{uQIS^3@W&q`aP&*T4(rMC`f^8NmY@6jm@0!pfsgh)uE
z5+aR^W`u-v38R_5MG2AaMx;g~IR=Oz-Hh&r(KP{q-~IVM&ws1?iqqG*&Ux)apK%K!
zh;Xy=Ug?rqxiyJ|Rqf~XQ}$!au`4RE29#TI5cRm(z-UW>9d4?W`2FT(mcRe?WyU`1
z&{e6q#lRQuS?6g!p*nV3<3;G(NKE-*T69^1W@A#z$dG8|%;o&Q^wI;7v+WNv*Lp~5
zF3<xBP!5-7k&*o5BI&1?vo5HBCORT~nX6rMCdX?;Ic@xLPOS-SIxf-4R^(_rMUilC
zhvo<v^AhRZ4eRoy^$qYmT&W}L?BU+m%f-QVtOaW(Ult?}T=;G8D{$euc;7{)!IQ^$
zPpH4ZeX`tvW^sNY*T?<LlRAbMyPpwfqHT}kCpYxGBhW^Z(U+)ys%J+|*HuZe#DR72
z&$hctyA%%XUuh}$6JSV&)hgWE57=?=*?roSjSVudx-a;PX}^8n^-J83AVYNiR2r2;
z)a)mxH^yzFk{>Y><F9gUOGRrHo7){R34jKYg4db0u>)07Iw5dmLiyyAhL1sS6OFJ0
z$jCC&3JSVsB={8DKN!zU>S3=du3x0<+SF21QV@5a?+^|XJUwAP#~bM}KU<dwLAW^^
z`Bkm|;z9`GLxRnHe3{5sFCka=+#W7Q?V;11J=SRxaC&LgzLSp3i{5CSi3Fr!W1``s
zM|G73lUVb&jiZY72JQ^@HDr%hY0Q2F69q^o{Q!uKRYO|wH1}73reU3SIt=BqegtVk
z4SWq{`p@LfPUX`_f?kF!J$<E}I%EtFQ1Dd0ET72?;D4No?b{g*s+@oyEUxX}2)}Wj
z0>D0a|0g)DH|e>?+7nrh@6Z#1-#?+dyB~_Y2CT`740=Ri{h?0l3FX!!8jHnRoD<BY
zVk-<KdxipU@1{YcfX9_HdxQq(!(4}Xb5Mn)fQiXpfA9OyXe7Z&DB6dQ*{0fYrBwe*
z5sf5}GrwTVEp>LQOgI>*|3a7M?x1lz*ukx}HxY;%*2@B>9{V?@)fiJI9g>vW2>&Nr
zW=q-znHT|Xy{tPW#_GpIo{vM5&c(&QSEaTTW^FK?G<|1Vfn+`N9W{3_nP_i8{_&cw
zu69OURW}t0C71F2ypGj#`7Ag_XRayEPfApp1nC;U=HW^pitqljtW9}^Px;gg@ypS&
z*~||Zdlp(a>G*lVDa@eH{{x6MVBuT%74ez~5SCc&^a(J=_}BIVWs~GQ6lbB6hI3KJ
z)^G7e9%smYnjbp&hX`sj?Zc(bW0u!Qt%VcWJ6U4}Kh3we_FK0|?uaH!J;)^O6IH5u
zUj1zm1)FSyXT4v#$K%nVsNa%%1KBTHVi{cHtxP#-i2F7FKyJ{45r5ZSZs1_d|K9s@
zx8hqpYm|vPDBV4MI*K^8Md+rt<icDvV(JE-Dgy?6(Ah4|IvaZn0~{Yal0pZ&r1{Os
z76EpxC-wi1L3caC<Wz?%{flYRek7%O7r3XB5lNX_nKvL|4F-3<F>t-mD=Wl9%mf?%
zguPR)rS2$&rx5_$l^>H|l;)RuixSDpeQjAAP#A9s35x3Z@MIc7!q~q@JSn%>3XeHp
zne>XSZWOy?6F=eVsL(=gcCUxLefPAwuReV{o_62Z@s|AF;gfU02!BW+a5`a|A}&1X
zN#xYVHMp+YAsn5&=yGU{2rA`i#Ubr*3xpe&Ni+NOAd4}y=MCw50Xsc>*fI^N5wWAb
z%aWOBlDjpP2PKP3c`uV({ujlCt^{<36#pmJrgVAz??Cy53Mum&gt1o%JrH4E@mje0
zG2}U?M!{yrrgRX}|Hk@S?`Dzu>t_u$<kR@j+B63Q69k6aC~E#EKMQti%CQjwCKbGM
zA#}IZ5nJ#Rm&*s)7?TRuR2RvhEH~5a&HL*zU0Cn({qbei{RQ;f`W@xHKAiQS*Ef7q
z?=sXZnD9Tb-rtsN`qTBR>o4)Xi1;NPz@yi!=Qxql`SpXt=OsiTfBy{DkGJciGKJP+
z1kr^9d{K{QTZaiJUb}np^1j2<AVWFbFDDf28w^_RgoB>*E;1Ix;zmEPS*yMK2T|(_
zaFn^nEPYpXm;PY2?H`u9B++*a68-(vmi`HJ_GgGv>l%;T53hmhBCCScVn}@BR%gD6
zWgl6VgJEqarN|(GM(s5o;?&w2Ec1KnC-MC&7P(w~8A`=N!PH0Bcu6i3(DY#IHh?%V
z9`>q*hs?K1>!Ta@%7gd2<}~e;LLcyjDx+w4s1<Kx@cq+g(v*cI-C4Rk6h7Q9Ge8-1
z@t=DN56rxUF|Q=*Y=V3=8IfYdiJxVJ;UfKzD0^^gN8iN<b{1Ij^QQtlZf1VCydUa#
z*c?6Bm2s{mIhl-+lP`l#e>C~x7Mo#nSt0A80vka3EZ+z`v2GowPlHmPO0$qYC;1c;
z2@90?*H!#Xn`qKT8aZ()-H6mW(bvUP7ZgH29)1FY_IyLI=ua8CE>3B5lzSs{bko>=
zE5NoIv^&q!cE9wk#QoTi+oQU{6xoL2tr230W}J}7Z2dTV?mzDaIjDBc^xfL;{iot*
za<XP7J4rvUst!tIR*rk;H!0ai6;53n-L_a6+~UGG!zBmS%$sdLwptKF%BRPq8(WY`
zl!BozhD9eF+tf94X}Co{5lB#zo8hF3qX`Xl1^a3Boj$2T65S6{dm~G0N^a#WmkdaZ
z^Ctv+$D6;hOd(mQ?Jt2EVFyQJqSF-W%q!1m#DV(D0fOvx=eQeS=v445Eoe@Uz3g(q
zrRwoOpIYbn86BM|ihKwUEIaw)mG3;kI=&Q)MeS%<KrN~yvs6D~%mV4`%!`iMVt)9U
zm+Ct+X;By?+s&^@*<H3bNiDXm^i9~RN6kCB)yM`TD@v+|-$33FC<=@7|JLubX|_oP
zBRO<ZW|yV;nYHlqSN{XK*k-l?l;3QJk2lLEqD8-g7%$u?5em}fbFC%Ek4%tG&1&?%
zpxJGAgw>hZqTXtgF0I5|XV$S|j`2#Pj*9eTsMofav6deS*(E#|5@eXUjpV<M!m>m6
zc2WH8HF(^6jhOQ73-pYYjB9+uV|j#A%uh1%N+Hk6Az82wWVwzX8LCbQrA&_MmK_<X
zEp>E647Z6TaN)P_b(Z?vbQhCYYTLdcxFaf%csx2l=4f9nFg8WT7DJkEA}lOfKC4e2
zQRrMjZjT^_TBu(pU1ICIPP0zhbflA`M14g3n6Btm_Jq#$e3%dB%Qtt7_eB@sn0U<~
z_vp)V=}AM(CZxrjuJj<R#cMh&$iC|^(|XY@ee8Ci!{w-{db@kK@`uhlX0V;%CAo7V
zMVb9Wsjtidcm$_<@ye-v%Z7=Hv|8QzCFYID^HS54@X9QL?P9>wZLgKj^hbNA#*_e>
zUv8BZyH+h-cAc0i4`JCap(=G9JQJ+-NpJa~m9CEQ$_-ZitCbqgcfDVme^A16^DO`a
z$7m`RcubcCXqN{)dO_ct(DR@mhJy7o$}voc{F@%*eYib3P+62k$0m<QV{r`cw-}QQ
z-ixRnS_%iUVSwnjZ^2@MS^-lS;fgYHf?OA%BmG!wTo0jW6G4mKRt%Y+u?fXHGXF&a
z6er79opnDeN=$<^&HKG0;2UX^K`S29+#KSmj0A%C$a;;hOJvNUe@;ugA1mTJw;@d`
zONS%vxJKX5Bzs?_KWuk5WFWEu-ii=}eHNkf=Fp8CZ5XdMz;3TYEY<4_NgVPFi2yrc
zmI2wHCHR&H+88qnC>XRh?f30im%nL#I@!D*AKf?FQ6`s-xrAJgvBOKAAT<Y^#8-7?
zBdSPr&an+2e!{Rxv3zYNnw0d(wYp<-lUQ6LYA5(f9&MOMgyr2AHvPc^hZPBbY@6*g
z;JXbG+dAtYXpY~zPhqzf`i7WCxYcTt1w%|(OM%da^Z;Lzo%aDva=<VgW0iL2oaL^O
zi(*AP$q$w#k&SoERR0lz)t^6S2OV?L?C%;x_Lo{Pa7_WEpNf-eIc+9Ba}A5Fk{NIY
ze4sFVnpyJfs(rXw;tx_a{H{(T+CTISd5Dd-R~=|wuCki67opnT_awZ`H{WL~nrRgr
zl*B(a?EE7g=tSyxb}PzX$xk=s*k+T`|9%U%g=Qn<4G{DSvl0b?Hoz)D5{M`a@txr7
zC_#(}ru{UNzdMI84$8b=Le}j|C}fr5Sf31$(-6lFnxFlG=9a*5g5Grp#aQpFz6PxT
z>WTe;`hB|SJ{WdfRI}3r#H0a>ItX(7!t^LD`59yUiak8U#k2`OQRHy4C=n0=9po{N
z#@dt6AZvn@Ccutf(f^$zOoKx%hp9V*kf5Re6WC5tniZ>lzO<9xe<tV+Uwk8}k={}&
zv?9GH*}o${(y&`2BiGCLRLU1xCaMOQ!LSnkZbKg2ZwJYuxN=luDGi{i8PJ<d-9_@f
z92nbYO-O2A(?ypJ*USUDl<m+Y&Vp+2c7V{oxoyoJ1T{(`{tEdR(C{I;tOX1pnotMD
zXb*iXINz%D8LE45Oa52G?(AZOL8`{^PtpG{Nq}U#GB-!f%2D1Euw<|Maq5f5#yQNI
zcx3V0&$WcwnD$Eo{8E`GJD+hu9GNSm$N`E&ertqtg%WAk-dSJD=ee_Ob$UZbSQfEi
z(3_`=_2XbP>e{?RTRz4fE;Y}?ntYulE^_fDUxM))$}D;CpSdLPZo+Z%#lO_!qJUT8
z<Vp`98IO2Z%P{!-Ft2eY<CG|X<%>vKSzAmNIqo(0JA)rbpTdB0WiL|#5-I=#Yo(KG
z47NP;Dw@|z+)d-J?JGgaK$0oAhZiarg^wF$Ihp<n8IGw$e6p178d&{Nm&~Gr{3M5`
zf5Ph=C-}YKRHTNY1wy1owwfBh_QlhpB;;u_2ZGJcD#n<hWRTuC^b;@Q=d~WfS@<)j
z90z%W?R}RDY9)MszM6NAY*zC+Kb`oi`bs*=i<31@%%0vd`1`b4ta$kq_Vtr=e_A5^
z#%jm7S;)vrq8nYk68_n&HVT=B`Hmp@w7sM7jq@wXQoFggHPM5xcOs-bq%g5az_RCE
z2e}9v^%Kh%BsSc}j`d7sOiyA7{e@Vms$7Q`G`*rb^z!yI^!7FhsJ~$K1S-e_Tw52f
zz5F(LvxU!eBi}`+5-^iGz}}Ikb~>cAY1j$aN$~%S>=XE48P;V3;t{C}nmsGk->_Qq
z6b(+JF2#X8-;_@6W&<h4oF$fTe3gHjCmIO89K2h>CZClguj(aUt&R@PBZot4VO@eY
zB;6uw{iK#=<Ql3a^Nq!@2Ba3HfY2P&-u(J0QNQ0SeD`~z4#poG(c=ingS;mU_~!z?
zp<+2i6MJ=tZV~&UkI@X;+4*kSs%>I>?Ei88?0r0)4FhEgxd+u0bpO%gZ|l#W<jk1N
z(uUxQxwbB!gFeM>FyQGDb(^dzfA{07ZYvUpAx=}I9`w_d?5(d8cDUGz^zYe1R{RqF
z?wMy7GoI^(eE}?$W-?{hsSSASgkPMi>!xQbzvIb@a9DSvJQQKePn!%y?UV*wVwz<M
zEHfe?saa%UvNVPxm3$9G5iyu^Jeyju-cdBm5smk(5h?%iUy`nkJ$PMrksK8U!@MIT
zy(@aBlBDv3`g24WF*lwyfmO#=r`5Rm=q}TLB$cUm^zo6#6o)U=xouiOK%$6Bo)V%k
z*6v<?@(PPQEB|>xXE}td+vqpET~eD041cOO9lB!#csg)xT<l|7F;jYHohxRE6XvM#
zo#YMm({X5kKg}-*LH+xRhtJX;_!ein{F93O*R|1U@C03Q*2}wej+c9A9Vr_?N_Un=
z3CF0$u!=6#x{89hW*i+vHU@9Qy5<a0rE(24$V>FWHX_5?*CKcXFF;*>`Y2%8BwUw(
zgS5-Ij2OK8;8OgqW|=kR6hmB5m)sCbRO0vQMcdAPW<1mI?+z^d<iAe+6FdXv0;ZP+
z_=GyMNE2ni`u;$v#55FAD;1>=Jf*^ikbSSSh+t{pC|CT9Dp7kC{SXUHwbhPitPcAk
zp>E>W^drv6leVai;T>Am{w+f8(_F^q>o?>|xqQF?!q|}i)kedaX#S+pTU$|P<m9Q$
z{m=M!sr|KP4ZJ=FZHe<l$H~Akky3)8z)I?Bb9XOWo-g8+C|Ue8xn{m!vF-l7$J&ir
zU|hf<`RG-mw~S%VaV12r0dE#&Jx{XHt_Bq(7fDtwc!50C??^=Pd$HwuZ<b5*?9_Yr
zNl(gMn~~%|YG>8Al}+nsJMc&ZV|ql`sEh}4KFIusIZ{x3yMII^ZxlE^>t#rpMPj3&
zEvz_-XB1^a|JE+(4YdRZ7V6S~Od}y6PH9U4CMa#HAhk6I`d?hcKSJ1kFbVF|nh2+g
zuir}5kT;7Ji|U}zt18v|;H|V>@BV#ie>tPm|IY5rK?||PkA$4s)*tzQz<m6eYYbwl
zlrZ|2rEfZajPPn{dx*jSN+<W=m}@S}Im@!UwfzZK(Fo&Hc33Ldt4&MA3ByPjIin3w
zf|XO<r6+t;oCgIoV2463t^Y`hn6<%)HHncRUYEJ>6Hse+u-6)TPb5hC-3>csyUY_o
zr&vIOHo*T0tGT?jrQCX$GFd@}Pe#yBs{cE3cU>23m^r_*eWr8N0bX0qL8FBl2goQ(
z|0GKI3)2KVLHeEfdrM|G9UYv;doP#27Mg<|s0PS&nL|ZD6)!LWk-w_Z=jvsKCY?#*
z#pQFFv>G}>j*o1{>7$D$)F-eRVTUBgQU0N;M2b2#6b%)SGxb&8&-o4RCA`CkQ4qxf
z-F@w>dtxvL9iZDUL2N7cAtG3Gocs}1ZE_9>Crm~2aEag9v4$J}Io_r&jEWP4G`oTh
z@Z(QdUjM@Dh=Yo-6?|o;yi3_{eDQF`i7|aN6vcm%fZBQ7lT8lCkUkR8pC$jw(qCu6
zK>ZQV_4_b_i3LC#T(vtXLZCGza$#S`953@DY(%jI6XcPItKuWu24vkMIP}AhI*YGg
zjWD9<Z=XFt@$>T6Yw$F@&)c?1n!7}i=B-m^f<S;RLL~$`jAsuLv)(C|x|Eo&S3k;Z
z>x!Z3Q&c2at+l`sH7F8_$SJ>HzDZA7?;HjO@Lty<%o>rRYam+!<bIn&W0f)f%536e
z>H|)~%sOdU=UFit*|rpt?v6~<&dY9r+J0CU<*xUXU&e&8VV!I*`YyDFUx6T*1ti#G
z<3A>QWev!W_6^8=!f}5vXJd<)p%Y5Fi`TvvT2M>Mh#xVlheFeV>yPHxtMi|Cftfd!
zXn7Ue%_kN4#wfNs$~nTGZyZUxvLVxU_ZpC&c|Zw@8au<QrqG!sxB1}spBW+PPe(_X
zE9jML(h3drT!jC4ZI)jidaR0y&c5kEyvEz$70`33lT#fR%^d~7I@7$*g|QC<KBIPm
z*2mBcaA?5{%*!S@?=yp9jB)#E3<wgEJMdrzmiq;maW@PixOn*K@u#odrL0@EX{-%A
zw&Ki$r(9@*^b<9x61QS3UlzEegU#0Z`qgsjx*GoxYqX*XHB51WjEplDY+6ViMbe3W
z_!;vh#zL+Quj3O&G^ah0k-kk#pdDZ_op@X?EUdkye9|lcho%wQ;Mi_5U*nNf&cMnP
zMNA#h&BN^(^|!LUdz~V3tHfBE{AGie+&KU`1>CY3*c<Wv?$bHwB&Bb-<8#s_*j)sC
zy}XwK)Kk64Phj5-EVq<Fqjr|O2t*xSKQAGYrHFb|5=6IzJ3Kr()&z8pr1wpJzOG#^
z-zoUfefN&Y7v-Awe3%GWKWr@C5sBu8V}6<Dmd>KBb{^GXuOm!sXzy6c20(<PX=!wP
zOwqt!CXVc7n!G!K7U}c{HVe1NCqU6&rr|tdyVmvlq(R@D0T`Am;gYV??t$2$d~Ae8
z=%;YZRnt}W=#Bkw^D6_}ifVKLvy<#|N^Gw=CdP3D)|zld&i+8i+T>VhXhDftxRyf^
zTptSs4F)JqF-T?7{q4B1TX0u&gxuXQ(-At_+(C4TU{n;1@a!tPB>JBiU0aGP?U_As
z9C9~AXY_5$$sy;jEy3*CD9G{YEdGOTb4(nFV-N$@(kW`J*R?qYP<HdTGi13NQlh)T
z6!B5sq`=#+kQXG+vjWLsn|#STd~j$^=dfZyTvZrLx?zQ5HOvu=So~D?OK?iYJd2J3
zAP;!_k?8(VR7v_Ic(!>QAw7iu$25KD7?QnC^z1Lce5YYm3ah<5|8H|~|6cQ2mP4T0
z6`+3EjF@?|UxHakM3qblnC(=Q5E-1%cIZoFEh)EygR0fe{_lh^vhw4CV)3{AU;kh(
z3(~)wEzxcp$iMzApRcwvFE3T_O83D*C|Pw3$OFi9Hgv;m`a~i&A2uM*Dd5ml2ErK3
zcVOhVRrmGRf5&#9pJEhV?5aPG`WM)Jm+5cSC%4t~zp;V$PgGMh!m^gjrIA>as&UV!
zceS8-a^UHF+SmqPEB7A|Xv>4FFx(xIt84>BRlIT%oRj(F6{u#lOHTs@6tXH-iw!@p
z58#f8FGvF^ad%QPR!U+ue0$9qQeN0;O5Ti7h!|@(B2`jB8Ql^81Ub*x3|`rmI1_+l
zW+OpIfbsfOajtXZe0d`GPo(ABX2)OYme_;ku0t}s4kEBZNp8K|gkZhhTwDoJq&Z#u
zo7~edvyZTUCK2UWvDtv6&H021`luQ)nY~`~Pc|!gRrMtO@8j$|pum?7j>+o%pEUfq
zQBEsm^5xqv`Hw{hEN05v9BkcbH?JK%c?9yZkGr#i>aTP+D<0WjY56vddr-&R$(lLn
zZ;(42SDpDZSlH1m6R71elNI2nU_9r74oB@=bieF$QwXP7n??n*!?(umUHBI|%%OXf
zbI{1-wQ?4GL(r0<@53>~krovf58OsO<a@4vs!Oaihokr#-3_6$pzMpsp*i5tVenOL
zzyIHE^E1J3xwK=_ZJn%*$j=}nW}Rw5s&71OM1BO#jj2@wa$zF90m*Wxc=X}vW<ovf
zS{7*=_*;I^>Ggw-O0$A#t$b(Qd%fIWp|}{da+rG5neWIK?5u~O`N01Ybm1WrdxW5&
zPu*-p#z}e@2KAFzuMY_OgT%TnIhTb)g*U*j|2NxHOVEOYzd)zE1fAa1UMjWS0pFQR
zPJ_zw9sy1<(+!IOneab5Xutnuxx8d|@?;Lm{=$`h09@mF4Ct1@JVR#izgsSM!+C7G
zIp%-#-eBWA|E;!Pk_ZL@wV?L76ba+Oq3d8clcnuPkh-x0KAUCF_+z=8?At8(_yYrQ
z7XFh@sFHqvf&CIXUhHZYUD6=9Awum2WN#_BVHUaNaz{|r{TH%9o2Il&6VSm{_5IGO
zQVAL-^wf&4v;k@bHDa*K6UFuQ=GCMfxw>_kGnAf>f=<P?4AfkHUvT7us=2)|`q|em
znDqlZ7e)Yx@r%^fY)xZSw%tum)U@|rsdod33*8%qmw+=%j7NGH%JI<4f^+*VM4)!A
zkFz3rwpTPepAaDaZ$5*@FYOxoAt6&-=S6bX(No+%>PiKb)BpLW<W!&c_2$>G9I=BU
zQ_BLXd@4xAU+SKQga?1j&*Ty#?+;|#L<7xz*G|Kw1v>|B&1;X})O8p4n>hES(!T%9
zAQ{|R8YqpV4Cs83wOZ~!67U_Q7f8*-P>>!?7BFxaOmp<HwW*j}99>mdjw@S)<JtXz
zJYb6J!gMz_qla@|ZjI<58TxThJ+6~PtAnt7NhyPdsR6LWqf241Yk#0&`G}*0@U*T4
zl=Zz#(DFeMpePEQtjs}&*1x}BE;sQ5W#-n6?dJ6vj&rJ6Q>#OrZG8Sg$t+HsDpX+2
zO(=T9#gogfefYZCaoBI0VZ%cu;}?xbjw}%qUZv_ZcVdMJy`7bTzT}j-xEW}t+j`8s
zM@uiQL6HD?$?vvQei_^wu<qicBFq0#yW;cWv<6;GO{ZPY?7f+Rw(IKNVZU(np1091
z&5zivRYd`7#Hcv3UC-)K3FmJ43@xY;n^SwBwNMTKRecvUASWsylXIQvWu_n7DZAr#
zF0KU|0?uvHe@yjMe73r>Wym|x8)dbQmge$&_3@s$=}+f@yvkm|2;}8LB}j!5OZf+L
zP+YHn7HX&Q=%z<oup08wpVtPfA3wQ9wi_$i*uC*Jg+XO685%yQzES0(tEwdYw9jST
zfGX73gW>iJ6zpnS`HVT};!6(^9p{&a{I~?e$pa7Aar40X1XsH5l`S-{CgO>{s!G{_
zbu<fNfJU$eY9z<6(Sh-oF<Q}_gDTfjk-{;(;7AL?2bs+UVnifGx<Rc&gyY?5dMsll
z`pnf922Z4g!?~X_82qR5DoxI$ZpSz{F}U!G3kafvLk~IE%U>_Z_*pkH{8AUXvZ(gI
zRy%o=tlC#5FHSivjJ%tfjKF(r+QIl#2vt94SL4geQ9hW?<f{;ga`dBLg2FOe$NUnR
zocW_!{=b<%tctEbQSEpYQ<tK=taRfP*<qhUoJoYd;-e_r{wW|ueUNATbYj1R;d+8*
zNmuuOkL%kkI{*KVBX7#)b|UVYiRI4iKwaB5sZjScxT0<DoYCtZ(_l~z`qz|JjeWFC
zZBA#~I&X-6&>OE*4?g5fqow3XOMp-KRt_c|mncqzZpB>LesOQ6IC@0!>0);`(hQ=o
zcWjh>%h!4w%mjz30!D{B|FRyMcp$j%{@=Qh&B2g8J24%@{6GxS>~@Up)y<?ausjiP
zyLz^&t?%8E8R_B<$<Gyi5NW=UCC3B-fZ{EA9z?jW%{R9pBpEeYu=5T=<20-+gz|dp
zUN<D2ynVfFjiOD339v+;glGno9e8^fV#q|yO=pF{ZPNZpDJ18sXUY36fH>p=5P11`
z5a9gLyjOJVV01;p__K>?*Tp?N0QeWKl6Em7HclvH^P_Jn;P&L7Sc0K6!)gg-EAHz%
z`zU#F3dQ9A=A_|mMUDh*FN1<>ki;Gq^|u-Kw~rujjJh(Ff!}zjKCKac7OvuCtcD1%
z{4!P*)Wg1Kz;@1~P*<-W6;E#7I!g#_mEF9^eu)IJl1HXtcKa)cnkv=JqJMRX?MK`d
zi{T@7o-eIh=CU7;ll}S|61^~?5ZHjcu@d7)_n%Qs(n%;XMO|Gs)uu5!LKpc<=UQ2A
zq8SW^Jm1ncnB+!2vP7O-drid*3_c7K_E7T>mAgDI1=>1X7f;8?03fI3Ugf|=u2e+q
zOSPwPzv`jaJRNugYec^(e&0r3I-EWHf^x(=Ki$2`1c0{vHJ;6ey@g=eia*CD<Lo|>
z+<FfFusz0T&+ovU;^5o48*iVsC#-@7O^Xi2>Mwo*F1icfKu?uRw$goSu`o~5^iE^n
z2|lWlJg-*QT|K#|_>sY7J~pu3htt4f;kg$=I>e}z`l9bF?2TRrK1<&h{nkd7%ndWv
z%*h4-wyT{VScPRQ%s1lpQ#gArZsK_Cuyj%WWaMuVu~<TMxkPmnLjuXQx05{CR{oKT
zLL=#@c*EsEx$w}PzaC7)MhMH0Mg@ba1;4S4$f^7DStV2e@G9(PpXGjEn9B0xS%YC=
zp|6Vs&*=9*LEb&xG4VYfMWGvGL5_s(3=OLvYlURuSHDZey8EdPpmrSji2;B(e#31*
z34%Bi67IkAjw7U4f#N*=+TmfcNA$}@<JDg+*48Ix-{0ECW{F>xP!%t$nSH+fOZ(g0
z+imnEF6lo|!mKdQonP~P+f`>1k4E=gk5^dDJMx%PR4Fr1vrbyP2pH#=B(pT61ePpm
zbwRX;dsuUlZycQmrU%%_^~viN2KSd|+o-@wRseASL`?`B)+FQXxS#TkDmB;4&R(Ab
zao<|tuAwB)eXoNaD=5Tzp1)F!+d$#1RF2?+xxzUQX#+A|y_mhjzAFKDl4^$_g$;90
zvgv`Pu@lDr)talFrsW0gN9#E<8DI2yriMCPn{XYxK#Vh}gdt5WvM9Q{`R8dKBMM-r
zvVMGguHvI*9V$x6$E5JPUa;Bg_Y{hjfvwovOMD<BasX~i4bE)hL_0<L1d$Lxe_iAl
z(kQPWvrV`2yXMwEi?QL~&Cw4qs543KvKLkbB%xO;&A;6h8844_oie?+;0tfd`nDX!
ze~<Zj?PSL6h6$`FnUQiN@<~!Z5+Q%;N|T(baw43nVj@6SGqCdFt3y*_f3H`Z!sX09
z)*Jxb@;-1$kab5lH(zC!i{Val##B)d;CV!ZB_q&=Lj^Yp0885MG0*7wo||`<nzt<M
z)doK$)Ti1l0};5|8EkW@AswCjS*Dz{iaNX6gIR2ZO1(j0e^bbNe_wmaFkp*%cI*dc
zKo&fjabV<TvK9)9o_|u$rSv?iZQ96;V%TWG^d+L5pdNbVF4-n+PqrLVW1j~IR7%^<
zX2MeENdZNCStdTPzmP4B6}kVA=cU#o?U)Q1hY>ZeK4k!*a?HCSr5D^08rXyloDA5(
z8~;7)WT#TC1LU9|<%B*WeiIw;B@>o1PiXM2IF(jV31Bt5k-UoD^q#&R5Eh(+CO64G
z{erJ?=--;X7oSLearW<DWnUpGiJNMuYTP@}yw<6uT6LF(1B|v_E8pn|eZ~dQ=~~tD
zK90Cu$Zm{zt!c`7{{5{Qpjg2I0G5|Rt!{+l$sv;!SVv!4hY@2~!2zCcNZn7~p5Osx
zK=^dCyeX}l8PQq~$c7bfir1wv-0OZ+NW8g$NHu*rOmZ*g!-5>HnZ(kpwhOxp`+Y|y
zqjm1=)#&!rORvYz6by0*@uc6~1ZD|}K?+@{hG-%gI3w!;0Ab!UR)^Prs27s87tH`1
zjmT_dQOmK<rpvz2)Uvat2kx4fle{(Z1~_QGlZcKOq-AHrsVLd;fClOy-#f&>elfO6
ze%8@|LnafJc5T)lrTT$_FZCWF|D2!axf#Lm^OLTVog4@d*od7(;cYbH0pCmTMMnmQ
zm@M^c8#no0@NKej&M5`@F5ochFP|;-8MmI08Li~~*b%O0-AX3fFL`LC+MAXCU2S`$
zT_+;pzxxnizXUri&zE3-73fi?fPS{rGtDZu2wQqd5cbMXGU|o}zvPMrLtQW3`_g1M
z&JX(F%@~_FU0u<af34?1p@JqoD-+T&wqMV0%X$FqJme!FhUvmr5<zuzb+KLAv!k!s
z($$pkVog<;e)Q_P!2j>tysEo7ZUd%B2*7A<b7qXX_nO6MJ{<rGhT`rL{+#@G)GSMi
zAf`ZOeYz8}f3bCE6Dm}1!2O){1$E2cf0R%FxbMiO!4h!rxQg=KuRyc{(p<$bq+9`X
z6~%#3CojG5@73}Rr+&i&C_Om8@+zY?K}?ujk~D|%XCZ1I=GftaijW|uK)(e>yd^aX
zWQ)RfT>xBLOp8!7--Z@%yy4`X1u`T0p`dgKmJf6(eb>yM?DlU9T_kjjVypEVaT8MP
z#dJVro71Kj4(+1m!^z`(?PTWKdL7qh?(KBk2UqX#C80VyQ)~4lu*k-Bp)}_SEmb3E
z@T?Al0=;1`$Gt6Yd<>VJ)g(Uf5G<dq3$6=_J2~+37KP1}LBHVfSl1XR-M&S!+eI2U
zO#LJq8_7p&EgtOPwGCioNde2u8hjx7eA+nP^5V1^wJ6-i%nGsm5O9^ZBntq~ViG>6
zECImMh`idjWilpUsq5r{cm~VzLDmp?4ZcBx&bxX89<^B*%Y1f){;5(NxdspxccL#I
zhY#?$kmcJcLl8QR)G8vbcuY3A^uMNda>+*Tv^9YSx9g;un&LTol%ah#w)e36f8Iwd
zytnbC<(yGe*O(HW&WDUh@9~7SfSsj<Oz+sM`MJH&X^3jP5Xy8b8E?PDH1nWI5@<_!
zr@KIn;}D8@tc372%bsltUuvE{&>XZlNQ-<HYw*?cfjA4Rw_02tT%l{i=6?3#p5C`t
zAASb35bLuWx_nLh(!iLBs0y{&v?<Ims>0mKQi_pnw#PraltUJ_)R`hDAb<PLk`oKS
zdc)$txyxSruc-mwH$g&h7!h3^?kr|90c~-g44zr9g8g~1SG8kn-<l+oaQ<vPMt)nj
zvXAuBhYcku(^%73)t*Dn+=b9mM)!edsY*2OE1t6#t6j(!zQ`AIcVSplvaVFZN{zDE
z134Obish|%0B;0|RRV_);BM;_fQ-MgRX*lI@HRhrqw)1Cg}A8g9L>hGG=~IZ^h1+7
z4_!PVz-t=PF-(K%*rNU$13D=nhPiRhHP3>q0m;ZMynpBL)8wUGmFZof$3gC5J$&0*
zI6CL-9FgkbR&#~yT0B@9`tFlMcJdf;q39tR&Rbh-zN^8C$%$dHR$+mPcFR_K=e;{E
zf87pLug03rx66uxo4)+kt1SXnD&L`VZ-j#q`0vc2?H<HWe|7&p(?8jVZzQD)EMd(F
z!$i3+UV$zJXePN6O4=fIKzwe%77^Q6jxZR43rCrj%#R9&ajX;0IC>&jdQBA;LrDw`
zIPeOi*J5*`*FFvKMb_>5^eSPB%cAjtdymrChyX5+G#Yifx@{6*81|o{^;&UEu2KOl
z{O-4(TQ8Cmh3wx-D5Y+a&Bg0@DZ9cknOZ%%ZBEyW$OH4;%Y|}dT}9rbWURTj?!8i>
z$v0=I8)v_b<MU)PRiRH4;=XRBqoSK}%$w5&Cuzrqp(FTksleo)4<KQ*r)&C(v#zSH
zdpAub=@QNXO35^q{5|gc&}?0v!u=+vIlBONwFj>>NRjU*t}iE1V-7@Wr6pBUG{tz#
zzk22B^42v2FaV&TqfPUWJ$Jz@extCrm(!j1*<Q(}wZ-mbg_jf_ud2_(*6J(7mH3Hl
zg&{FLH=tPbk(i!8Iy#X%Z4{a)+iAaHwDTe>hiyU2%dncZG1e1ULTHk_4T)n7w|Pnk
z{9Whmj2A&r$jw3Sy=ppOyWqut`#~bjxX7fSlnhtCwO8IdLkpzP(xFJ<4OI52%Zas>
zS97}+2RFK{#=q#wAHUih`u%V^-bPHY@U7(hmC7a!rh;>EC9_@uTV-stt3uOF;XsvO
zO1u8*`Qy$WLO}5}=|}eL%#i$F>>jen&i}L|d7=C`#O1Fu>;7_9;}=n0p>Vm3#pBs4
zr{DIh7uPNHtrfJx-id=L{xCVGSEgV5uL3_8k?M%G*;3EG!y}7DYhA_FOJ{1}*{HCk
zann(D{dNbIUVQ!U&F2SyfL~;O?Qsr|jdt*Wxgv?Y0G<K6eoJM@=*EQsS3T0MYZFN=
zm6E{7Q0!%1O9<S};rz@18@ciW1|J=z)lhJ}q=GxU<IoJ82=`93_gVQu+_aJF2e?mq
zZ6u3|6t4X5Ub%li(K}tX&nE|F$1!n-BhJ`2KyZh^byb@^ijlL`6}`!JkXg@8qd~x{
zp(vTaxc;Q-yV@TnYhU+o13kaTE0`Da3Z4Dyj6k#S;(d_03rf6#(PU63-!;NVO75W#
zc@F*jdt7jZ_6PCG=B9UjkIp<0`cf|t&tmuo3!lD`n0uKHx95MSLE6?j6m0kUYE0;t
zYKu+INp1eU@Na4UmW0%j`ow?_kDR=!ikL$6!bM9H7lUB78&8K)t+TdC?INkk3lq}S
za~ohO{iLZ-D6j7I3rMz%Ow(1npwQZwIWt*_fOimC+kbcG%_#(EaS!-oI$mjgva8Cf
z=8LzYfPZ@c(#D6S&qCoem7eBxBfQfYj)AA$(1gbGyb23y>GQGItL~s!%$O9!08WzH
z)9G||52?^pK+f-LwxV<YkhDH=UJWVb&&mwVTbkx!AMeGy`linzOU-&bC1?FzaBVW8
z)vn$r=qxBRbExxI*bam@e76;wg|h1c0uGvvrunHe1sR)`+RRrn;w64aNyP$wt2>kd
zr?U1&1HC+f7n{!{35Tm^|0)b2=M_r09zrv;XZMMKh6nY5*91Mbaz}7Z!X$?5-w#Is
z^N)*$NwiOxyC`-`&fLAh!*S&OQpJcqt=U@psFoczj$-Uj$qU8Nx8BvFkV%I?2`n52
z3D-qXd6-9KYDw5!3JsmAoq?8%yM!;+U4qo|qs$H$P$$i&=WCH!KbKB^F?+_IY>L#S
zn2x>O+sA8baQxNq;6m0c$R&c@&xa~cZb^SPxs)g-_lwMk1hDjnWo_fr{lSm*j_r~L
zp8L>`ienSO0U?k_w-@HEn+%`lp{-N)CF~|7GV;<Z3uHP?M}jy0=ehX6cNBZwd{cBp
zTU{YTx#XOxS!wDc0663T2*X?t!N{|vrJH*?Hh!X(kG#$<hhB~Ixc{EXP<1)w;@hj5
zKTQB|4a<IRkxfELLu)~})Spx~#8^XE8BmuwB)y9*BX?0d9m2`^lS6|11=@%e(6uiu
z61Du21m#F$Qs392T-0x`|7~F4ec=$iwU<MMlZ{|lN<J~Sw>9qBp(Ix1*ERW6znl!-
zQ^O+-alQ5zM?R-6Z3x(X1X%V@qP)F1A42E0LJR9*Q+UAFi{Lx|E_vIgJ?k;q`0iGb
zb@Aqov|cQk*9HUOF{;OJ#v{KNd|GB4CS5SGx|<l}NYP+XHS$tTd+5oktg+)tx_Rp~
zgL@bH_T*CF^J&!NGzw7B=TRGoe*ombHG!oC>FgBz!wXj)YYp!Si*lqHz}9gelkjS*
z;HaX8{F}^K=`Vezz;(?JFY-2b&ZdLU@O-V$-R%8JwJm-HZ>LVLzD4-|CB9Dj<zG5P
z>Q(<+WpmOld(@tFK-8vn?}uFPe-N9kWv%2ipv^<z`OzF(BT49bx(JQXT8d_ZQJhx=
z?N0N}zpF%c!v5fpLTP18!^axbj%mi-*8tP2-Po4dT7dAhg65mO>I()zvFu#|5_?|%
z@&1<ugS6VcRA=<Yv6(%}-N`5sdZq+1ZyJ?i_FCF`N4(w`Vf)k;azWAeybj@gpBzU$
znWbVy!&OOsp+AYPe0;^Z68CrYm(mZu*WHo6G`VE^^Z0(zsdQDGoMe94p53l7|0NMp
z(L`WPEXdSfW{u;WtuW@Q80fll!MN@k2Ep~%JavixQvZtBah0nj-uHB71acO!USpGe
zhC;taTTJ_tFhg0D%#~N=Om#nZ3V76Hu5bb}e_rw`hg_rGLMA}b+KF~Cop|N+uYhpK
zN)<q~Z$+RMFVA*Hn1IUT={x)2aU{m3P%8WC?P3W2T7<jTTd60C#-D&G_sRd>KoD6$
zb>%|2`HnRXS2cJ5<oH)bG+D;4ilHyJH+)|mV}u$b++Gt#gkFA(;9iRrEd><A0u{Z3
zu>5(?f5i3BEGP^OO$GF++<Gtv9K1y0hPxvlYtC;`0L?RQr1`2>J2=^Ul_M7)q&_1h
zlMb{Ow%&`9E@@L3-~+D6^9ARp=&9w6fRIDBm&jx;YzFQjzD5VtCdTAV85aZKj=QI@
zHwya>$i;|-IC18^UYWgSYsG!n5?b?edmh2F8D^8jr5gY35d?sB;40v9p%hRM>#AP1
z7Db+lmEMw{nLp6Wmj%)s{&c>N&yAGH6qlB>klNZvxZ3b>GY|fon(sXr5GQVQnyFNA
zl}JCJ#Gdu`oww6Uxhs7^MnIw`{+epY&Go2!#l5|9lRJQCvsL=joa8^%Cx&5<Qhcuh
zr>-CMyA(d{iKr()#FDdxOCFtH^m_++`$Smolv_U|jx%tcPJJ(Lr|Pd@0nmY-@U-|z
z(`AukTxOyzld#wHmS;)=6XevN4FM=K{Tbe=hti#PoEMrKG!2_Cmj$2bo_CR>vTI^h
z)ATp*&x6O80Mz~WTz7+?RWPO@@J=Vo)XfJw&472;fjGnLxyi7dgin6uNOP^(U0TJy
zO=MJHpgGk9Ls3kO4`<Vqclyb;krdw6WngN!o$n&c+Y(Bo(5qp#NVJrUUp^Muy1))B
zSvwC-gn)Uc`D|eXgUaI70A{~JK#}t^>wVMZ>e+1#JvKbxy>CmY(i^|%G;WLvw2;_{
zkdR;ES%t@Rb^^TzC!kofiAuCni1NT(Vu}WXCw{{rz|5KW7Isx2InQBw@9(&6wyBkv
zu+KY2xp#(gsy-CJVRH08fAQT9)HN5oNmGIVQ}v~k=UdJ+3>$0xuEibKTJEflsfv24
zmg9ZGk)V3{qfOx)JgI7i;ru^`lQOO+Nyg-P_7XU$WUZ+H*Lf)cV7Pp?VbZkyN69U2
zY0`9?8l8IgpMQn_H}wNy0-h4ql=^l$fI){50(gFx$s{hpnpDJQ@P72*p_?*0c{jR;
zGx&P%^`)cX=QbtTvBFa3qCfriS0{Vr2uh&`28^T~g;`AM2F(Er(F0ZOKPZgTU${5V
zXU~=t>x#e(C8NHp5pJPSPk`U!5{0~aTLQ0R?d>hL@w%fQd*@<2H?r)9SUinZQ3L14
zgQY?QF<^$d$sus2V&r64^Rv)?%5vF>pPvu0^ZQ`;J7DG`v}Gs5=cE13$<96kBLoP4
z6i|D(4*N0Jlu76Qp7H#G9gGmDoE}4b2&i9FvI*sLA_iIbb9QJD6hH4Bf$3(;dzPvc
zdvDwFo51wUV!4<{qi}Hr5tS``lo;hzR@4}y<Qy)LGkNWwE04oH9K3q`HE{2&zRZ^7
zi>2YQD#|#_-Yx_i_>93NeB?hhF)M*K_=L~1a9KV6KfwoqUq4t2WVHtus&2eeRfA#w
zfO>U)cu(PU%n$(j%q(UF6<!oYehX?cebyrASJ@Qyb86}e<?3EQ7?$zsaa|k3@NF<!
z_rSEt!<|ewLjDnv`!6svhK{7<Jb3@@K~SY>%8JD%YYF*M)@y(JdULINcrvtfrauXX
zujF9|R2Ui+(!XAPld#4Yiwxb{`BE@|d;fa=gt-Xja_!;hXhPfe;xs6ehK0<%DZ}Z^
ze$f-&HezbcQ~%7I*;&fdkqn?Nxd0KG34578F=W5Jng{NzjVJ8HXqq1r=Ug>5oe|!>
zxqKXO{?o{~!!)*GLlLNN$+B91X_1|p9T4#*qXu|WdNN~A_|-qi#5;LKw#9bd8BiSC
zp=*VSp1gq+j|NWP7()=i1t@})!%LGgim<yFMRRK|&(|P4JU+IZ<{>fA8)Jl>exT?o
zM&ndoOw}@@Q0XHDvEvLK)m*h4ovd-y^yCB(q|%OoqX+Wh@1nB_d&6LRLq3I*@aXWW
z8QpoOzy-G#xujr<yuv4S^Pw<!kC5gd58b>DqA{8v02F&=Mf5a2so?>i_+Q5)+ga?H
zeFFeS-{zsstFg<A33^^q_i*wbgYrXrS~X}_PaixdI!jLr9Hxh?;&qjrp1s-oT<nFB
z{HRJz<VG2$nw#Qt0tKNc-xvJ`FKu(vOp6&gJ}|34;}{$SOV6Cwu&ZR-!rBWj_NPSx
zy|Hhq_E{+EG6G)6)A^-5RGHhqI$=8Oy3&%r_1Y`Hw2JEANtFT+Ojq~-K=$B%mYb$p
z>OF>$<Mb~|D?r=Hbz_Jt!ro5u=cIvKhIYkfq{PZ)w7{3&r0n|=UIG?_8RLY3-Z)a6
z#FcC#K1nHW-*2x6%AqOuy16DfaZj#fiHlf!YPr?mgPJ<j)`@)yXepYfPvBT2D)O1n
z0ouir4VKwe*|Gj(`eKDPA2@s)AS>U6+vGD#C3}VQ+Hhsq7R?gt$`gdYU*&l09%Sp|
zLU>JGgKeB<&wjh(SA{VSe}A<+(zxeN`%*gfeHR*yo(;IJQxx~c8ji$65akuflg0$V
zTh8#^z`b<JsD-?567~b30FXJzz{^9e5{O>7#Z}Nj=v7ERMs)u&*3uXVPgH3a!%l8p
zHqH2~j&wT9`zH72J0nRyt`DGa0YU9fqSR6otqO30u&b6^yN+)Q{&r4kHmA6NB`hVN
z&!OrnC$Ijk_8AK=6>?-9(}d%Db=t7B_4w)_&cW+>&CY=Kfu9ij1@x$nP3O)lxF=ye
zi4~q%7$rnM2T*h;%z2<^Nf_25{4Jjc62W~><JSgiciNnUqk02vF{EBBmp=AJxB&qE
zvv5=XUYgo5VQ+eN4?!+eSm^U?@(1*2AO{}_X7YR@A|ch>(#yzm{=@poH>B#ql!`tN
z<dXzQyJou^-yEr5TxL^`<gg&P)|$oHUHIJ!wzck$?1;Oa7UG3R6{td@)(6BIGb%TS
z_}c0Z{|(<=??_Gw&hmLiryf3G_;cix6DYR0jbDnRw*Hd;j&Vm>EH*y7$a3}4G?USz
zUW$Vo%wu<P^1&N!n(;(O#w2)tjyUr&J>&qBd@*c-9~Ei7p{)8EdDd%CbjE+?0NnM3
zy29<-|C2_qv!m(zfN$N<GG;o&0#M}0r9I3g0Ml=#|Jq!OZbn=cz?-rz`^i}<gYcFJ
zU5r6v4A0bxhSjs>aH%9zH?;FxdVt*nvtQ4ru<wT!UUT7T{Oo9x!%d|+FWD0wkMD{t
zs~4MXjjEjt%zsMRJsf8<<}KX7N(xsjLQCEruqOv>%HRI;rHw1yZ8Qz#$mk{y$oT3#
z`T$63Y!N|C{8r{$*tEYoYHmncc1;g>uR-Q;E)+fZ1S^XyREW<M2G1ETsA7oY_}k^p
zmRljj)WFWW0kU(MpVi5VXs2B7oddWQ1pqvFh7Yv19@GaZT(488e()aI^sy5_K&E{p
z+rFXh1O@?sqKB9rIpFTtJG!}{1UN&UJ&w5fdy<$)005(Lz{w)cJ*w0wrGQmT#_6ne
z0dCN+JSBuEn6Lfswc+ns|2`H|`zWupBUzRbCh#wvDB)+1s;z;xG<)yY){hu+5eD<#
zxnK|6+3p<z>c=5VSk)O3)5Kex;>J=%J%9c$ivy}#oHoR#__~Jt>xZsOBwn|Qce`ZL
zgg@E+uz%tE;-nPMXR0#`gz%<xgW*hs@43fDE^Z^MQc=x83qNzG&^>_S%SJBdrUq^)
znxtQthn25h5|Pazzw)fO&e_kHTxZ?Z`WRm8*ijx1&-K#KdAQX|UJm%gvZHxjFV0AT
zrA*Y#jei;h@I@{P58P}fd9LM3(S9e&G6p8=6wSoIe8@C+P!n=Zh3ZH<jdfButzjy^
zF;R)079BmueLt#$^1IuwiK&#kou%e1q7Nfev|u(H6ZMxb#|GT`H{y83uFoc1El$<L
z@}33Or4uAjE@Vcv2fIk@+rFGrn&MBc!n{)c$>*iiMbA;@b75JB8$y{}a!->2BsLNi
z1z|<TaDb!JSiPkrkFw(8&+X07H(=0p`f!&UCVcd(*K=(X$IbJH^O;0n_5m2v5oTXq
z2vX4U#kmJMCVS}uk=ZiDN6Cw-2DD#zpE~>*GRzWh$N(Ca+9BbKvIn@M?!`rrhnI-S
z=~9)9H)(srLSXKB%7AEP34D=rD`jdp`GF?x<5qU|_j`nYm*ZP*9M4cfRjtH9AqgiX
z8X{X)H9KBr)*;~Ean|*=wf=KW17q=n@3M0;^{Ll3L9pq~(~EMT&9<2Jq7~h`6?OY>
z@A}Nb2@GI<*xjD)O3}1ogXCw~KQCR+8#Dqe-HBrHa%0)SxV}5-dJ8j|-t#-ilgr>q
zZTLXAZ0#2hzV~HA3xNU*r43uZ^4a0*I$}v+jqfWM{dCsP*;MOi8Did(OqajedI)c4
z<=B@My@z*=e@oK*=i*h(d1`qBLK(qfDkEL~$akMFk4Ik#wM({i!t(M`gw#wDv?ql;
ze)u<L&CZk3t5`%;Vbb0iaCF5ny5`O_ZMe**k88jD6s%6>7qAJylSC%N|I}3Zq-hYV
z$hY%B{7MG1#PL=fwoH-_;62KuVHNOPXy4z6a5?eM22`D6m6-ImA`w<e$O)^XovrAM
zy8!hln@M?Ck%u>sbC0i*@4NWR3a|Z4h9xBl*?`K8ouP&0p9PqKkGJf9lW~UCPl4ed
zLu?fS&3}}W?+>Nz6Fh6Ry)6wIBnGCg9&duzR=H`CAqwf<^`XCO$^(25<Wjy&ACls-
zHl1hYAEz0>L$enx!UqAx|5)TK?6IzX6Cv4hBg`@Ev;UlB^9MI~JcSf4!cEWni2x-x
zzHfi|%2n#U{RXFl78SbcJGA)QUUL~gQPkI@%Hxfr!xt-e{p>zqASeC)yYKP$I|M*?
zEgm3M1#Zfc^W)k*75kK1DKZgYspY^PeXJfKFuP9%5IEimMq{2+2BQ`J;k2J?;QKg;
ze6UB+96tMTb>^OVDBPNE*OdkqxXBm(!pS>)t4q^bD{`?H1%@?OMKMcu6(^0@q3F+u
ztAE%anP*sroO$T&boC;s`x|jj(+yFt<jZ57e+MVrZ&a004{L_D>l$UO1`S5L5VvQW
zzZ%QD7Y<IN`~EsMZN<`?I9vvfi8;oFUN3y9X+$6=&PM#IN@vA|wEMMWe9l&drfHH~
zniu@C={o82QYMD1Fvcwh35}T%BfENnw}uLv1nUji*#Ae^SB6Cub!{I?8l*(&MnFKN
zJ0w-QW5A+2M?gYEDG_POLAp^I1{hFEV(5;c2N+<eVQ9X2zWDRJKfYgcv9CFsJ^P%q
z_FDJ4@3r(4h?YzCCKri7RxGxAdm)<t@SH}6{jUd7!nNWOzarD21)5IVx$JNkYYD?q
z)a2|vDD8dQeL)qpy8JY9(Qh)1U^Pz(eH6>c=xO(P7VQQuy01|(6r?Z&9MA&F)+a?l
z!zvGA#I%ubD<$y4<WJ^7&9`uv3_9BH_shj$T$%TjTu)B+T~py}&EE_FNpd+CS+W%g
zaUO$#ab(aj1X%|`)AIuyq757SfM|CsA_!@Q8sj&3!npRqpBxyeAHKZ3Ap&ss4IR?{
zA}@>*LJ0s7by!*C=OM}U+1s19MAY|MJtFOiy5xM)P<_my2WUj<e*)6aL!(weSYU?U
zH5P)4WQ^5{ZbFJ>@u&u!$?FCjuHg=UAnX9}>!Q}9Sq}K#WHCQe{Y5DVLj-iWWgIWy
zVS}#;`-WXD4p_p7VURrhY9j=eELnam)dCL)`}`h@4rNJ|01HLo17R-)@*Wl!cj34I
zcY=d`3jmzCLE+2|@TMUvXKbbJMI^Z_-$KDlPF>gCH-n((%KTRYyQ%-2t@mEuAQlsU
z<0t0?40N?9qNeS%<*we|UhB^BRJ`z<hCt|ym@&Av5zrm91#r{Fh#bnv#a}{DzWRKQ
z)HHZvfnajMWwwJjk2>9Xj@Ji{cY|Ot+@Y=#2Mi+LbJKI1AG%Qa+tPM>8`TfP2ME^_
zZsv{_*nqKjQ}Uv_A+@dE(u`RUcP1W-Y=#H&@w*R$@Z~DzKZM$Tp*b^#cwli%3g2>z
zFbXJj71@k5XnZ&+89y-aTek?khJ4R+(W{-$E}Z9^&g%(RQS5Nkw`RIUJg5}tE2)r;
zCGD}zaOX~e+SwpzX`WJ90$zi7p(^kt6Po$4=*(gF=*ImX2~YUCiW)}(GcNyg-00cA
zqPR8O)uJVGlZiZ@V0mHf2zshhsfyW+Tyke>7FsUjIx=j<z(N6lpJb(f$>RpsYHBL9
zfff9=_gz1CFBorPT>eSQwVBthDbVq$2{ml{<)N`pFDMP?sJEI2biL>#o1eQ&9gdQ<
z_NsgQJf0Ez9wZF?eaV`Qd$txZNKv7iol<G&#sMe;?6H)MN?(sdh@J+$EDTCKHtAD*
zEW~(6ef(Q3M}LUNp^yCGHPX<WXP)r$TL7Sz_ZmaP!1$d!7wzz=MM6)w$1Ip}|3@3K
z`!fm0v=nx<7gY*@;CC)u=R6Wq@v({XwSfakY2`MG^jg12ABt2K4Bwn{!#Im+uxtGQ
zoz*)sKn{W;8`&@8cMW?zsm)qUr|o3W@yXA>Tp+TC*CljzV`$NvOH+$N`Tmov1}=>B
zKjm=8fWV<7<6qD9=);LWjCt%|Pk|OS7NM!A=QZE(0A;3@-sm?0O`>qNC$D3iY?QK6
z`1C2cMem3HR$5QMj~4K2hcR~_&dF?ZE6hVwu$|k}xL|EQ%keD-K{>)YE>!4Pqpf!^
zTOsj94cvm{wrc!NxzA1{G2-(4$0^}13zNDiQ@HLoz3p<YGl4UyuP;Db+<p`9f9X;6
z1|b(w0V5ULc2;F6w|D(Mm9QA78{hk#Z^<8hQa9tw>3$KCqW(=sK~ln>T&O6AHS;oL
zw-psOO$=!H-~+CGIkOFjIL?^N|G0QbB$Cuz{HYD8Daj5xa|PS7v<0<JK}6dwK$z%K
ztDMS6Rc6>%j%HZaJ66~sEL2EeS$mx<<SoR+C8$R>8!QmB-V1~=3~v_p#o+@llrk-7
zt43QiKQYn6x2EU6;GV1o9vM6)M_&a>;1_Kk>)S2VF&dPuW$$|J`ql<5I6#}yP*sx%
z0L+1|j8t9W*tUl|qR6}S>Wr;uA_JO+iUMIU^F^So?z<m!yjb#7>XH?_Ti$s-g-4g~
zAV3(w6FR;o%iqwQ$UwHH7N4<K451QliJ3H_PU0G@&L4<Pl7D_&A-m^KIi9MKVwxRW
z_!HyRA?YAO6Br7TFJhkDT4Ut?k|6c#i)d%|7w+H!k^pj@Dly5S9FHQBskVdds2Iwq
zjP)IZ{J+=mxbKQFq$`Nh*dTndCk;#j+8s>S-e$Jz$@CwZ=GTJ1tgU~ZvHkgToo&PT
zt77M(UwT+|xpdxzGvg7VTw-~Gk{YQIkjqi@r7wHc?m6K}`?ChlCz<hj3IQ&pWWb}_
z1rc}mC06|~92@AWa!?|bpz+v(deHKIiYjmA{l`%W66<OaQ}ic+$2(^Y>ukM^-}$5b
zU&Fv-47gYABoHIV*xAYCsqouw)CahL)S{f;d<TbK*X=%8_H%=gzq*|`hF6x`$`;FU
z0G<BXDUeT^zm9z9)p(ahScx>h6sUcm2f`pFjMT!^{3m7PP*;92;VzT9MH9K{g|)ib
z^oMafhWUtNt<KHBS;&OuGpab}&llci%0I%_YwS5QABKrg5Rk4;RWN$s4h0VDln)8`
zH!73O{L=g4HB8HnU%4F11f)+9hU1Ry67RhAIwbH1$WF%$iMTNAy;{~fH7O!oL*3#5
zA|h090>?k};Vba04x(}Y?TZh7Q(Km`<r<7}{@yKBlL;?982|9XiL~yRAuXSb2&Ne;
zg+^cr0mCdqDRqqgl=8ADb#*C$_)v-4G^IW*=t%L~9=>PizfvGfSPL-W0F=M^ZK9<n
z<#M0K<hapb2l`BI8rmIp4ut_*`7(QL9tqNsx)%Nf_JJroOJDGpcl^vXoBPzEw{C{d
zSl>>!Tb=?GD6HNv_vEJPO~7gK%@w9wlp#mW1V`5cUHU%bn41M6?PbJY4EwZj{^Gy;
z$LkX`LhW6LcG+n)8?O{e2&Qn+1oE%%vUE1~yP18aPY&)-rBjrL2>3{^d<;_SooF#`
z<K8Zv%_3R84oo;!e;@E|m1McSo#JQYy+C2LZMq1YgYZ1UYSd?L>RqlQ&G_c9)R3J{
z6aXAPi76ncJvy^beE5v6kx!Z3sYm3E{E<jRz^96HdXY>?`e79TfS=_>Mk52@c>cj}
zV%KWzPW_F9V{|-W@<1D7;fBnlyNH%*`OjO&-2K?JT#+b$12tbST41C#quTm`n|1*O
zkvZMR4RMz#nx#vuhX7gBd__u#9kB}A^|4i0`D-xn>KvI$M*!e&EW&4-G|h*in2L+w
zp@_m<0&%>s!5Q3Uhro&SZQu4o*hRVA$Fq=BKh7|3VBU!7@#pWXLN68uMtnrL;a03~
zd)<LBi<j>e9NIl3onHHPJ3vvF0Ro2`H?Yv=r*~|xFHIuwP1~vWG$}g!v3S7Qn&>s+
zwyB0#^csEJoUFF)UQ~vQN%H3XjDuRg*J)edJMEg#P*4@GKHIGdv;s9QUEUN(h$!v;
z(RKBES+D1CEhj<U=HqTT6q+)zv53XR!g?nGK~irP{?x<6+IJdF#Uj||bkz1qnOyLJ
z{ZE%CYBXwZ$a?9Xw0oP`L~xOomy9v1yBiZx3y*PBP!&r{%zmP0&SKB{`;nwJ=Nr$^
z0?`OI1Q*@}l{-aB6J}AEM(y^}=z8jXk2QW4I)Of)zx47JTs}!oj52HvA2-r<!xhKz
zHPe*44OW6OyyA?>5AnwD<ideSqJVxlKG2x~gz+z3h#!(8)o~;iZH(sa&D8T@s07PD
z72-4kK*m(6@Fjoe`M;q+wW%gS#8hoX*rq}&i82itU{2V9LyGgXezn>Jm<J>prJ9`B
zwn7zriG(}3+u`+Kf-HZTr-heJX>37P8<F-F2kitgBiNhkfiiE_`Oi*M2Whq$TxCzE
zkG9B85;?9<j#C&eQNd80j}CO%qUSp;{)$(x?^gA1sNb9gE}kv;eAfd9Ih|I+$#Jw4
ze?|5o*&!E8-_mljU!wlC++hYg=#xym_fDruAmC>V`|yiU%BKeL&dp}E4Y(h<39+T`
zuL~fl>JSFWK+J_YOak&pYCE=NKi%|~a+lwtu3)o1`cx#-;~&lJVYqxzjswnpT-IIh
z5#wx?)NacWJtf?isHu{@V4s8FN-4O{hME;36y;;d@zk8_WI(L0jxxZq@~J#I_zlNr
z1AxOgsiRsMyMSq#jyz#|H}Bv!*A{@4EVhbTb=0N@wniAC&C3(Uyw5>>W5aPAGgq!b
zXtMWM1g!c7t7Lm_a#pldg4`CyoqO{ix=x|MAMs!><$NYS&(1H<xPZ1dQpHtxOfFG@
zB&SypM3}NQp5v`gLkSy-!rTYT54(*>whg@64uBJ(FMnDr-1fZQ3V^?maHzsP%e0FD
zRPc-5%Mb(v#uBcygw3zD9-ReY(xY>IY?Q!DRx(GCD1K<$s0YwN7=J<ptaA%Ck>LXe
zQ|G_hkV%U-o<#3yeBkj3U#cwARM|@_H2@s&fp2DLTGvnO<oCI`EIeGz=Ye58`6uJK
zmY3a@r9<itZrLyi){TUbsg-?5CbxNnfB!qOLBTjry=8&2Y$bCiSi@poBXGKa8B9H0
zT=(=xV749s%4ySu+({|*F7^9t<V%e-w&=$?QLghJEhLrX0KhR+1jrqb2|h5S|F!EQ
z_ZVj@Gw|*<1{_|R-X(g!YDc5g47o}Qy<P7DiW^fkg4Y55tLt`t=>Zk+_JElUEfGt$
z-El1@IQWWQcjo3l+mGv!cGh3rBZU!Jya_qY+tP#J%<<L~jyD$DSbA^I+j{_s#%&6@
z2e@S`G~sSD)7X5w%{T&USjS@FjTNv}N_*wLK7<(d2njiyY{1{Zh12CNQNH3|ts6|$
zmu)}VyifTT8ZsObiqwpU=LH`%a-6R#!Kw-Os^;`?tl_^t(#w&c85!e%7^-1LWv5_$
z!32C@w`rv(ncW}H{MBXvX8du){VJ|;Nrwx<XD)YRp<ewr>N4f)ALyg|*8;s`I7lap
zE33!q21s?Ugt(uxIaw;nO(zr7kZ?baT&_OtCDqJ2<zv;6eH|O`z1LPF*|rHKlTMF}
z(!G{=un|;m;&%B{57d!hl@{V&=;-f?s_k}ln$`JYzm04_ivY^y?twK`mVP)tFzW{y
zz><OMSsFUnHE??wN)mIy6l}u}EEh*DK1E?)Yg!**FK?!9Z`>yG<r7!eRe>-XTMs1}
zV5DWf-2#skZhLigfx#Ml<dI3!=*o36m}?qRx(=DW+mV5MOb5BSGNK`S3xq}AKgF~^
zUusg(YB8DoIX^QUG_=SHJnr;EvYg1`0UfM}>hob5=mX%O6MY>xHEvwx00*ZEXen-D
zY(7vchabP5&IyhdXjThZpPK4-@@!KJ-82OX8mFS5JRc1XIIHAioeE{IuP(b4o9F+A
zhEAgc)E&W-qm!vE@-oEB^Eg7bGKc#ee)?R&l0WG{*pwcV_q_(A;ejxB%V^pf4|I>f
zo7Q?JxwOoC!%{|9ecAHT>K!Rh9pQw4<x_!hoL>29*#ga_5zmp<O;caj+-DWvz`B;R
zGSo{}EMJl)nMvJf1<!>2D+Tw#_$)11w)yozh~gTe3Q#`wruw68g<z6zS<^mAs8GYy
z*%3iuRrQeI@kP8RR;EhOsT0_lEg0d40I`sC5O{=&fcR^UIv`3YrOP5{^WAnaZ1!a<
z3QcW<p39prt@H^+>k{gJ>~VjsEPE<(hOu`e8oUX{dEK8!jjV8Ci22Z?Ox1WIUA^<Y
zYfmnKKhf>&UH97yC-B@Ps-dzP8`?IExj@{mX0vF~`PmW~s7jxs_(hq}EV#}QUjm;r
z62n3XNm{Z_I}x{_yesF$y)nl7YO`hS->Rt$#dcrH3`%z~Y~|3Kd<q$}GL93HhnACN
zNV}bUn5UVtPGMl`OUmnYa~7tJTzk~`R1~O)_{mpw@oq{7Ze4!)GP{gOcDevmx|IAV
ztiCf{F)@A1kP0}d=(LO8*IPY~ivRB34&F;B>Bc|Xq}NSc7}^-IsVh<wimu$ZnY}Af
z`9)jfHy<NvcxpXp;F&nZu9_zhru$N8W#68BVBwxuB8urFzro^sq4EZt9}^UOy2SAP
zSHLW?;i49-V3yAot|=!^F0^g;Y^}kuje0EUwdWcZb&|XY*73J@wzxjHqcDfvP>cl<
z1r?z<i}JhrrP`0pzG_C9G}MIzSw(2bKBJTz4bbuI$q~kREVu_PrEDc!J#)?wD_cLi
zQYU656+9))cuMGY(XxWtb9d;de7RJqXXClGAvnoK%E!4IMyh>}PNKqCEM&S}@CDvb
zXi-;1OpN&?P)(O2JVV2-zCoMf6uY=^Q>Prj&}nwwWt#y3yrFOEpk<8o+;HXO_?u>o
z<JeXZx`L+S;EqyvrSm?U-|xWz4BWzzGlTJ40+k%zok<Q}K?=}ut=OoPLw>5?Xv_F>
z=2E7jo9?QKT+hhFKxfaEnwy3G!kkZDz^mLZ#IK)iZBMkQj29J1V=61yl)!9{LZSMf
zx|)}hKti$Q3$qO(OMiAv)kx0*&DgnqkQfpQg&#at1?98aDsoW?$Ix?iC#V*XIQ^9Q
z$z&$7HV;xlOkO*y(Cc3axWlBtMItT@CSqYM(>~LmbWcdXl$mK_M=~V1^j|HWxk4QX
z=rtM_6zVqr47XWednO4sY+`D(GK^}*yS0lOTJDZL+K4Vip?}WkNGisW1N7?SS%YdN
ze0%l`(`6<J68z53<kjC%-YC3#CDZYxKzcSD#?{JK&24=I(YkC0h(=j53FOs(@J;`l
z)DFERJ7_%)y+xR86%E;?NOPIQC*Hziquz-0PnF$y&#U#Jx6gk;!v2Lp*XP!A^zDwz
z$+awwesPrAJ<5feR)Xznl@tm6h<JVW_0jCr+OU}cz2`W#e4u&VVY7C7cJN>|^tP4+
zqy|ca0RB+gI;bFm1dwUD{Sd6NpvmUV6Rn^k9U@qoe+N}^3&LvkI2x5y=TJj!h0ggL
z*#F#RGAF2r%$ky^_FWN@j4P9@kPRr9M?IxGX<9q3W#p){tway?XWK5bF5=$u+|?Bs
zM`8=9rYl_Vm@VFz;wKrF9m$2m>!C6S`>t|{7UP5rE0v4WP~+5`byOL))mH793)ktP
zI~tQo@N}9SSJ$wSb@iQi$qDsA<zgTAWD=wL6@zs?GuI@D?(zb`LZ~WvvFWOm#i(-t
z6KB@MM7U4Fi)lNG-wA!s9&Wj;3V5RY&FvOvSji7@$HVV@>(1%Z;O^$EAI}vr49vz4
zg|=)(+(L4l{1ko=Y?$d;ojzU)-SRf&j+UFyzdQNc=&^oL#EZQ8VPEaG+Q+Y)P9@eu
zU06N%vJQrk4VP8Glw8z%<Y)9eSP5Ztb44Xw{V4Cbz8wC;C{wKyKU3^(@|w}mn?G3U
z_~8!Sy&m^yADpOeNu8?bVMa<pc43*~s_4Jaca1_C(DE90i+RHBL=(dktLphIqdZ*z
zcshEBm0q5J-dTP%c8wkB=lIorL1~Ip9q9Z}D@~pPyDTmvmMRyIaVRLqb5$a)-K||S
z<X#BAeM_UJgYC+5<{YL_4@4H2krLpLI{MjoZq?ji^6z|H(FQrwY((!dbkXCghn-cX
zdPqqQQd$_Is<R0H>AV|J(IRgvl1paFzcjxtQ&qi^-E{xDSAu9mx}+8+<6P}XJ$*jv
zzD{bte{{6#fyqo^_Uy>2v}PpiF&WqS``!5@p(bAsZo_g#D6sd~h0%cck4O0uTG23X
z!v9cj=w|<1Z5iljo;j}dQ4i599T%f0Pu;if_*ISlER2gm17j(11m)WhE{T@bsvIOm
zdHPP>%Is{h|Gl(HHRguTfPn;DPyH&>L@IhNR~C5n{Ly<vyw0SL)+Et?Tq=NRqNza5
zzVeqvIpC|{(0qYJU(eutiQLx3=Bq<;E81+(_x+Q<=;|xS@2!bZF(tp(s(xFw<QO^h
zi+2XxRsh1WDXU^niGmyjamohRr1Su<ry3{*%z=Cx%<BZ6)Z*ii>Cc=Qq9Srs|Iy|b
zEwubwp&il9b?#QqIMM4-g(_{ASLcA2kLZ2F=Mp>#H<O{BQeKU}S-B)Uvxhv}Z=?T-
zY0y~0k+&TmiGF2?KNQ#k@921c37UNW;ajM+W555mv>fc{TF5yMtpVFO-Sr{uBc*__
zi*N7tB^<KJ!AG{y=DffCo@eW%AKniLM}VM+YU0f))$!*A8erMtd={EU)EH6PI}k##
z5d>c+l`J@EvqkStssGLF)4<AA`mVh9wgo+EJFtPVXMaMOyTl_$EyT<d?#VE(8E)9D
zW*?X4D9)O+I|%+x%5Us)*Yy(7)Y^AFb{1}Flu@YpB9|8a!TtTI;KH-h@;xQNic`lF
zArVWzTM_}=gLZbD^zQW$I}Dtr#>yxb^jTnZ&F?|JN&^|_bw}AjWybZSqgY+9Ki-dM
z?a&*4c}4(u_!WM2{#;KmMkEj+7+3bOI^OGyqOki53yfi;d6*8`6oy%um(CNJL^hAr
zL7k;^lq*uQ9*_n7(r;~FAc72Cw3&4jLvbj4@8yR^#O|V?!^e7ap)gp7<(-_Pesnc^
zBfenOG(Zl5WM^|MSE5y4aC#CWmE@|KAwev6a&4o^9Q;Odix#dBGW-k7`DzmnceZvA
z`-a-C7#iZF9)uN<>Hv|e=e>_l=xlQuMOe$TRAe*}P|BY#8Ru#3E9RDWc&N{sXK%eX
zbcGJI5=q92ubqEdv;|vE3F{IAHE)O-R-@?TNp02N>*Q%qUTec%&MXvMGVGgPCmp+M
z+2=ja+JYT~GL+|$`D`_yA+zY}v!RT_FyD?hccz@Yd)yF8Y32!UV*k*TUS+21>*-dW
z?*biXXop^(Cxm!MEGTLiEGEyPvB%XNM+%q;n#O-IE|y^uzeKB0NZ59M`Jjvx;E{#2
z@Jem+drahyH+#GGdOUgYrOn2^lL;l$@M6x=eK3gxJ)1uq=1s{<Fnu<78eAxsou0Te
zk*jg+t`n$FPZ@-}Q@;@}uZjxZnMLi+=4C)>O9<`4k7qNb<mG^0H~Y+rR@XToIB!Rq
zgF?-V(+o<|Dc9f(|1V-s$qM{E1=R7b+u@TC?(Xf8S`tqlX-Gz*1IA2zXS7rgh^#k=
z_g_4P2YS^Ci&s54K&_PmSy@a_nelrDwcXpSm#fi?Nd_kVXdzu_dAssg3Lx#>%Dsf^
z$(IKg=N0||K~wY;ccWp`9&cuz+mI%|z~8EV%_3}FU4+Xzk;vewK=m)zs@V6+UX8|i
zToNs}RMaeETCdpze$X4y-^>RD;_uC`#@60$KOgbb##Ud{^UmIHFUvlfVM^<@Z{$46
zQ)b5oY55T>`;Ylr0X8dFB<(?MTXY`+Y^aBS>OaR~LJ&q~n8rdO!b++bCF&)z626Op
zd-WFOQ^SuKQmP)?I$-}!DP4|Q)R_8R(@ZVxW#zZqq-FF~9C=$65=?v90V3}I;_(6@
zda&t8mzn*AR127G7<Vm>JnaS^sKdxQlnKwKi{Gug^4V=-{(HPO44(FJZz5j)iwlBq
z0m-cJz*6JxeeDYNrWfdG?G8*paLC0q7k_Pj`gu(5Rv_*WStfIV1RpQ{yTz6(UFz71
zCVkKSn%=s?h9m8*)e_8M)ejQBytp}MS<fE(im1l1X%9KN=(Q-n_-%;*9_r=$nTn_{
zK?S_LG7@E-P6>R4U}iHgDwWS1npNKMr!Kj!#Ps78CP=QGJPbqSwt!8d73I!%J_+6E
zpWiPdaHeRFFW7Q`>L5NhI`E?2Dig7Qy;YD*@7na~XKHCjv=nn&ekc2uo*TAlnx-wk
zZ&4a(Xsv;E?Gy67FBk@2xDj=hMiu{zM+AF3B~C;!FN-2)wW>ICHKKw)oJxq`i?bc9
z1z^e!H>xxqn>M4WE)&@x+!BH)5!5tNp(umX6J6$#GC&SxRC}l8UW&>LIj3V`+{{Au
z*1``2wdF7AAXwC?`{e39OM~+Y#knsE>lwje<;E7Hg6{q%Z^vM1Q;i!9{WmY-1LpGi
z34ri>=~gDSwEpY6^!UrmIKaSMM{gk#aD~l(!`UE=c-wlZu7Iu!<WtzchU>#1(Pwx+
zGbqa#Uz28L_2mr<yZhAcQ}o_I@#Uj56a-ak#9sYXpjs?MqSn1U0vm?F#OBePiy%+0
zT7p?`>@~DsU*lwVWO}<2P`+$`IZ`1Pk6y>IQZvbck4L}|JwGFDt=$cJ?;|W!ha+FP
z@B8Z3tZ*1rutk(e^&Nnvo%}QIXoKR8#EJ54?E+a|S&ue3V$_+j@(&IDfCYPETGY`z
z`g*~XI!_y`>Y_pW>T>bh;MjE*{qL_|1%Lb4%FKgIM$X%-FZ`w#1eZT8%7(HD_cO1u
zb$$L}5ph@aG}7rMCc;MIVJ=Qb7c>;7e+dx0jIM?cDA$%}{EXZDzOz<_8TtOHxzft=
zWB|n2OqMF8O!uUzX8^Np@yzw@P+>LXbCnX@8;|b#<ll|_45N;0?NKo-3yG5%&+@Ww
z&<^2bs&=4Ro&B#BWC>1C_+nx#nf{poPOTam%;aYg(_=ai6#^YlH5<d#vKhSr>n2>U
z3Ln7FS#&R)r-k9+qODPKEp6uPVAxREni8EPdn>~T%Fl$^?Qf3v(9({{X2pxah{8Y5
zZfq~7@&--+{hEyE$|g>`TpxH(VSji%49*jqmUK(nNxHoveMAh<N>yI50Jc}7Fc>oi
zpjUIa4k?tOdE^3Vqaa#13#7UY%p_bMOqM~5@_XBpPpkEDhlT_R06`9*t9CqHJ(>|u
zU&b)%o1M_xV^LyyOW4h|3H{=Yh22BBQ=*xJUFICtgAs@lALmH*1@dwqU$i?}31;O>
zOs~e+=HbwgGh_F+HvS?|`{7-&^*&=_{4H-0<!dG!uF>x)D^Ko}`fxO00|}hrTn#ML
zfKoXJQ;Y={#r66vqQq`4iS=2sFL3NAUw4<VO}fxqwFw|A^XT|;MeVHiFy*_~q{O~)
zb1iZy<LYRU_DLEKp9Tkx4HFLzu2sU9hQM*BEG|1P@R`$*$E>zd7BVX+fBu;6ebg)Y
z=S!+piHUs3+(gFN?={2Q){h8;Dfwtr>)xDJdA+SK@^*^3sA{qH>~ng1^u$WuG>U6Q
zQ#=`5Dx(&x>_;AT9K?>Qy=$>nGb}(<|LpFlhL0mgk*PvS&=wP$u^VRGpI7KOKTYV_
zLNVo5M2UA0hCoTV1;ySQvO9hBz7nzV+N!^*VEp%lBj+mNt(tKF@wwm5vk5|bVfVsj
zFR`E2$tp|GJG?psJ=>}PJ@<U}sf^~^(uD9R)<e?>8ews$6Gi!`s!?D}MD(bi$Ys)-
zidjR=gNUdY|F0<LuZHA?#?$kyF^l<3+b^(~@)FwNw_K0N_Hg~gk*SlvEZj!>85(o)
z9-Kc3lM->>sd`NvM#tGE+dylH?4Q|gYXTl04(sK!;e1c|#ce3W!!QxOgoZs4NpHBR
zrbacx)0ALi*|bsy$+*bj)DQrIFW2}*zttp-|0H@n?iO~Ta6Nz*7Iwr_e56&oL!0bv
znBO>ax1*^Va&HkYOgX^dq#R<aKAL32OHZQb6S;v16q?Jq1Dr@tw>XH#<YbSnh}#nh
z^W*<GKo%R|B7i3OfN^RVB8!RMqZ{W};PPf4P>ZI)R2^Z*(It35os8QB+H5y9LWjQQ
z>(}x!uVTUdn7XYClb4H_ZfNjz;PK{pI*b9A4%M)Rk$sB!RI`ci`}(O$HIuhmc!cni
zzjELjU{$D^^AqEj7eVWRno<IIt0L^NwcpRbwUW^ek_9Z}m!nop-=0hS5+d-duWZFA
zZ3Y4$OKR(e9aX{Oy@-0%>3^R|F8`Ko=WS%zx|@RJl6X_WWF%9&z9OfD2@>WqMpan+
z4XqrB*FIGya@!<j5`&tZ9gji~r|=9`pF32|79TE-^%{iT$Mc5wE~blBC~*ijZSs*(
z@+$}82f4FYKUzCJ99{(j>oq!=UM3iF^zG_+-tpZZ{{#Rn5ITT^|9gf!>0KVQw@6|*
z<n%JwORRgcPIf@k)sO&i^yE``R%V!7{6eE=a=OW=@IhK03Qt@K6A7xPv*o?E2K^#>
z^|2Ib61y4*u=cZx7^n2LoR*aQGF|nvnbx?8R19iLRy(c;_un<l!s9#WouxZVp`(w^
zZ1P8)X$pR0%h}jXHnviEX)`WXQ1olyIk#;!5d=y;3!cUSyluB=$fklUc6QsEE&N%j
z?>&XCD^`rlk?FB7*T2jRuvtMEeI%toJlOuqpR>34f8)=}hEH=tD8Fd>rphmQUl7)%
z6R*q*lRhx(U(>}rV|m;0e@aRy&SF+%6qV3{(j0O}JNq~}lug&*F%zirbkh%LU1w9f
zG}yR)iLe7G#^`fQs>ltqfE(}EpNj1sBEWWYUtJQ%hhetr2B%sW=S|CKQ?dG`*O(94
z#f|P)uB7m=KQo7=VZSoA8~QT1k_BZ)j)bk(0(KLQ-Y^lBT@T_c7w~IkR)(av2*;gK
zB@c6%o@JCO;GQ#E$F1=%Q~l&pLF8sCoyEo&x;egNUsaNiQ5~0UkwF$iG%71mWf!(r
z`DEqXh8FQ9<I82jZ~*5}Z9d`g5X9wlrckct3idB9GMK}bzxpw@qty+RQSJ)Evn862
zI(n;(*tK<IRyE%(^6zx9i!5^IeIgB7seAF*XVlN9!p*bD_v+K_9W4|pqd^NVbvFLF
zC;)1cU%_x+E^|@ap7d+#23-E0tx<G(IEip~dloClkT+nRer`~NsWqL%++L%HbB-U0
z)|$dUmq`ko*c9#f`<<`yZheF1%+9ro;{W8iKqBz~UpdB)T?*11VyXLGROmE~HL0W<
z^&(k3S&Ym%+SYp?+OPIYsM?w4X9l3G{q6z{&M+!7`Z@XRC%Ih`TbMY1B?+E_i;stV
z-j_g>HPEq$2+f4(-W@y-E|BSVgU5V!!e=riemB$4wM1t6RmyJM&gHlj{}*oM618EW
za73u}%}k&?>4^GTdyD(tCS0mY=X#rWx~EvRFw8^=W>PganF_7EVbNWW$0~G}s!&cr
zqMBjYm(01Z<4%!@1#h$a77#%=<pG{&XE-)4%dnYF8PGzT!*%}E2%IWM&zjm}kXrt-
zvi0*gMWAhWBKEg~<b&sBYsC)*Yj#*VzC1c-Aw+gs0C9molx2PfyWUg&#aHZy>3bB~
zjt+YU#sipeEdn_Q6p3Zza&~7-x|)ox|85xJ=xfit!UQK8N-s9qv>1926!+2W&)`st
zdg-*IJ{%Y`9txZDJHAVr3D*(Oz%yOlR|@Sqx66iOE-$@4IBSeuD&68Vcy<O|9z_CH
zw%t-nFvBdWg^hzptQUeYIrB9~K3l)!^&JChlISc>n^|)TP3l{>(kn0RiNvdLy!5;I
zJP!AoSN64abJWyyVyf4gi*7&g%duu}ps|%G6j?GPyJoFQq)YYdS)hQ}+R4;d6o+QB
z5oGE8gTON!8i8!znH+3j&A<_xr>?DYV#bXmm8>XFyoxjAW}GyC<(sx%1Qd&TXN5Qy
z%i-$KThwn=96|OEjozNXoY#tb!sc}C5|ozWYpt@hc2gyWRd$SYZjOsXbhK4bOK7Fq
zP?$*543`6rW2utCdNC)){Au(SV{z1+l6Q;%zab>V>|FlLc!B8MpN+}KjTj<ax~8qZ
z)eJc;#nklWK*<8zQ0nqmSnLD>&4NpRX|G<x(d>TA_G~Q-z}Bg(3<=w6HTHV>(d_RT
zVd0kZ{_$)apDs=PbTOsV(OO~j{OKw6?Qegx;M?`Bb?@?_RioNDaB=wrDymAN*yI2H
zoGfuVn+?fw?l-&n0m-P{Ka$0z2nMRX8k7ZH_Ux?kNpSF;c1666tQY|yPY*U0t*as*
zD-rk8ZXEmN(vPj3L0ORsVRw#vsDTG~bk9udwH|-85LWK=8k%uAy;?E&dV9R!Gwlay
zyH5l>Qp;zfYY)i_>@&F2FY1ch2)jAJNw;B{bK%Tf&+4h$fKubukO(1AQXKGiy1W-f
zs3ov$B`6JLxNB2uK$#<|04D{q(kTG7si@hSU7rFOJYXp%vppxL%N7Dne@sIt6#Q<F
z)RDhV+EnXb(|QZ+2;mH##FAX-c{#>NQ|Y@`!V%m3m4Ik7C$5ZJ{xR*=@07G6$#xh8
z;r7peUwD71T;vOKH5-Jnb8eZR<D|6loOuFvjiYy?D8D}<bh(p@ThhDvqx_H~Po3KD
zADNFZoBAU>;<+Oku>m|>E=>uf`bSJRR(=G@YBBjYWYnE&<kh4PzrEv4r)_7zi2o-%
z_(#vkL;VB#oHWeUie^VgZQ}9Ah@GNE8Am!;=)?OD9!R|D&EC;ZVKLiGJ}Tih1j*f<
zEbA&n3&pFxPhqaJHRY8R{oE;jr?clp_G@9<`>ExF6@Cx#{vwOq+b^r2iicQORK{+!
zt`3nns*0h2!_u6RgCjTV&G&rc$MI<^lHfe!=`B`pS?#hvJNuBK)lVbLwW8S;;lZdl
zUC(ZsNesL!w8(sYxkd7ZK5l!f!Nh(2%*eP}t$u$NPwDD|2h=LonTjWH;Lxh}ZCFF`
zWcUMcS%^e!L$cLCzRi*IjsiUFr@oo{=YwjenGlQ5TdnWto1E9qjc%V=uBS-lD0PFa
zE}Hk+T^>A-<C$r%zCjvs2QQSuWi$sZc8%*yfBlO#9;TKz;Wzw6x@<dM@z@<!A?s@+
z8!Yx}E#H(;tbFjSg!T5?$A17eoU{5a7N}5r7w2B>vV{UEJlQu!$epj5eWHw5+u6Jx
zYI<F;Yxej56adt2+v8o+v5?4YjKLY-CI8-Y13JRxv=4IEX2Q7lW4J@`e1!gw*U~$;
zs}M6N+O_ICY*yiGa@?Y5`JL=E%V=;st~5QY(DBjxNoE*A<;a;5hk}5Q5|`NmlKS&!
zt=wp+)g><5?PJ$Hya<y>_FwZ+EQyvAW~aTHrii;wjj8wT$=+H1#t;9tsaK=vU9|3T
zT5aHVQ{daq4^)u3we#PH*_vw0iV|VW%|6J1;zqoRWsUuM9t2t*7Ok46OSn8gP2M><
zzrYJS7@yc2*0kG8OVLD5&VRUWYLMPHHtIm<UIj^WbvGDhDj3=m0Z%<jMG(Ua#|fLX
z^P<(8n@T!5|8P^5@26$WT_%ljY!3WAy(vh3htib@7L|DvWe^V$oxgjzc&lf<Xkyh{
z^em&r$Sp|TMQ#^-tMt*&%q{c^DG3X~hL#wD%Y==JpW(hX&yE;*x`4isyS-ctMTWvI
zJ(Tvqx5DMu`>^Y+-2)Zy<d;*6Ks5N)P3!i<{hv^0@-b#AMqe|x^gtH8$flO^22Hm{
zjJ_Fo(m$VoTzYT>RA2e-`CZ(2s<k!^?jzY+_dkCn@4n(N*s7XS^iF+*yE^oJ@4F)0
zWPdGM#zFP}6bk(oO)?iQ$_v4`&pA<28}OuQpHStWmU90aRMp&hHPjgi+b?6i{;z?>
z%l{ex{eQplKj*mmuQ^!%dtmXu2SEQlkp15S|Kq>>k4sqp`;x`~@4)|?LsrPwY;R{8
zWU`L-*6aGl58~K}#IJk&gX24n{LA1b0d@2hr2ZqCd4#J*u}dK!H}<l&zKGvCugfMT
zt7z%kFVv7P!|v(mprhoQkDls;Y@F1+`Sb*3#I$KVf32SSnwfZAMh}2)ykxR@dPesH
zP9|C_t1_XQ%V~1ku?vqEQMJ`xcL1Ogf<|6`Xi+rvilz<v_asB6Y|Kx<1qAQul9p9O
z5R}K8K!017tQx+1&m6g5*6RidnqPmUzN$*a*VY`=IQ;fQBjcrORX{*;u)Xh0n?qig
z?f!=bRG;&$S69pjxkYF#s4GG%%IMMj?$w`tdmNxoeaR{UTfe{b2lp7>xtLp=DtOrO
znw8mnS9VzuS8D6}xcyPjAz}64=IJJ8g0cO&exu4g?cwjV`)PFf9{UZQ>W6W2N+JZC
zhuBm(C@7G^gM9?#w-p+s;N;<C;MZ`oB73@olj_o)Z|IzM(M`B((I}gzUqCb-p@nvq
zvg;`fL@O^~3j3{%PRIvEO<nhwQh!3rI_mXdkD)cNWZtD2@I>&ge@j)5-OH0K0!y$Q
zqxw=D?X4M&&^Oh4Hkl@Akfxc`tB!>_W$N{@H}9E0?w37ldxO@*0eb2TjOd42=pUE3
z7R(jLHPi2^zDJuRRo&nH7<8aLW((H~(ougSO2dXzh@71(BriT7MyjSja)M6-GIGac
ztlT>ObK5o+h;S{YBxO+!d#KtriFr+A@NA+2l2$2G3ASJnn>GKw!qS&C>x28tug`J=
zPTWjzGu|^QzP_B<?RPT#sCjea*w}apn$4<|Uaq8XDNlXnd8bW^N%_?yaC70@#-38B
z-u*(pl3>ZAxlo4RTuSDA-fup4JxHDG{lpNE5NnX0xsuZmyLnbB%KN3!X{#!*YkMBV
z`&jkRU^3H1GDRwNo|E$)dt6+VUqY7(N%d|{jK)fu)M#kP(lfLI`G)nA*<e2qUsPqk
z)j#;V-(t6!#>j)60%s7Ox1!|RG!qeeDnI49wB+P@9$zzIr3ik-`bdI^hZzIxsN<@Z
zR?>F(h5R%G{95sAvgRQSdV77*-0IiKYn}6@Jw$3V0Hv^;t_VS4Lm&K}ph=D9Abhw~
zjs-0~B1HNz1UUm#{K3EGZTJn`S}U}Etd1pkyL`b_S&qEy)lk<a(OZoT(b?5Fij`?p
zcOV~c`_Ld%F4)!0MuO9CXhG7bw}oW$8*Ocecl&1Vcf>my?Z2?@iIy1r>s<BXUNd16
z&Z<sl(Dv$K`&cH@1n7#3g15Drb)JDIhv2PAxeg&~KJK@DAB<Wefk)r~dw&Cg!FYcK
zMwk2mizL`Qf5fd6ZBVCR;NPdm^3bVdm5cpW90R?BQ@P5gou^=-<tKCp2{k0?Dzp=o
zRw5%^wkq4x&XFgMmL}9fWg*bs48P)_ptD+_lf$oB4DW<HL}8eDzl~x=p{mM%iqx-Y
z22}s&=b8mQTbTK){Q$v@@l!Kf<kJAEgg+y+>(0w(-Yk5|k6WM=bUrC%*g>~iG21B_
z%D6wMEF9(fjoIsysS)jGWMA))a!?P&Vfvy21BWL?z!Qao=dDphtr4w<yjEJ@dCgbf
z@M_TokPqGS=9Zs#k>Po5F<PM|naFq;&LOX_)+gtDaaUvOhfb8u*Pb3%E;5gY9#K-?
znNLDKeyJcX{q4#llt@Pu@$WCg>zFTteBSv{)lcU<$GM`-y~PDGSV>L9lcnq>lchT9
z;V(@%LweNl@QcqY@pokX@WRbe7>Q)T9bOH(yy#K2L86r-PcGFZU8CjcTjECHWtHwH
zief@KS)1+qWg_M^>d8xi%}Qk>iZa!BSk5SQ<y6<rH(p<=9acPjE6)RQIti;YA-~B~
z!bbwm1pldf5PuOfP2Jfq<AOZ5+I$~fZ*wb85`J&kEV$de9(hSu_DbZ(59$sH_uVJW
zx)#9&q1m^7ODm5&naV12(5DiY<LK>Jj|gpLF67~{Ll!QH=gC3dIC$dC*(0F7bt%8U
z?Qdp_@p{tnSKD^*58kim_SwavoVs-GeoI@ePb}ztOs&B%4V<M7^zhUDaEDgOFAb#2
z(-3iY`G+(Xy05}k8h7>SIF(i?xcArWxtXX{7SRy!gN_dE=53o_=E9aV`6@(^U$8sJ
zL7veBk2i*!$&tUR%j(aYG~0$8?bRo~L2MuiO_NY}cj|98A~mz4{Ql7fCLKa?Z~f9O
zB)u|@TFURFjnh8Hi_nA5N9tD@-dMIF=CUJyDX5e8JlEn|nW6`fRv~y{g(B>GJu<t-
z%v{FVm{{EG_W9u=q(vGILEAp;i2Vz5NIT)H_#~^vhnSBii8mT;jq}co+CEnNZnbSd
z&(fvP^$KffON3favY!ZKH&BExMwv`;zP|TZqI8&gXK3{!Z9C7_6g`^?4eiHR!`oPE
zr6m*E`>(q+9Cq>V`?Et%V<Vp6Yupt*NSUxQDiE-Z$&V{aHrK|!^5G6`f&1xvC4DW;
zJD<d!kv|>0U^`9V=PX$Eb-fsGvgijvnHk<>+~M=khxisBYCHd+b8H)L+GFRnL&zIG
z=W9dIvV6C>Rn>6F+MDEPSAU6lP+nP>*@Ip(v0C3%afqK8>k%s9>|keSX1~OqNbW$p
zz|N{^%UG*`^JIJ0WUfhx5$fXpG%d?IBBb5r7Ww-GmjknYB8rX#6}y>i`wes!MEeAJ
zonql~VfusKA%Um7RW&Db)zF2fSbAf<yOk<gzWcZKjFAsmv$z9cZu@%h8x`1JdJP)e
zbPrj!c1_u`<!{lj83}sC#<~c;KEv4qK1Pn2t=74Kmwqx2Q@km&dhvo?shM)pNJ0-v
zGlrFvmh_9wDv--&^;P2EQr_9uM~`<*gZw_n0-bS-8>PGnH&b$GH>(<;h<=O;>45a)
z6fFIFxtYptu;q6X>@yr+vbf*eyZ??s*22|XY-Q;lEQH6&XeohqAQ7}%g6%`LuV5NK
zTBj6e@n4yIwY-<w@(lvLm*j7J@32R`lh^}ZwOR1bXC&GOQXeZPXkLncwOb$%ez3I=
z0&c4o0SQ=p)taM+cak4!Uqg0IpqCd7Ye5IpW`$$YrU~f`{JLv6_pw#WMh$rVHG|Dp
z$}iMUl1;_+Wz5#!MV8#L&TCDi{!Y?%_tsyZ86LrG{%qg)#ee<2Y%f}nY_YaVUAGDY
zOaqXO&%_UXv#W;(tBlE>b>x#`Q{x1SGtpVlP4DD5uJ%Mhkv7SB_NuZlmIJuE9{SKt
zp+1~2Wk7FLGIw4HL3Q^oj?eLS|GNH$qN2*>?Rs$0sStD+Y(jK$o)hYhQ1bl1%1I3A
zH|hBuGgu+*m4U{+NYiQb5@lT&SCd1P76od?Kj25d@XsogFz+)tcrUtGj;fxO_fp}D
z4z>$hB<LGDInGsyo<u6sOs^%JQGirRh7QI>;<2R!R|B<nxjRw1T{+Optm*NGtCWnq
zl!p%{+_R30Zr+<wzOXw=a!L1d#Kgh>P>e<UpnTZr$`^B|3XAqBZiZWja3!=)+T25H
zMA3@v#O+wb^EGo7d(&)b%AiG)&rhliLtA1Zk@pzV-MHhwkuKE3LgLh__w2PObd?uF
zj%XQ!<B<HCg$Wdi8L>}zey2vLe#^-<O_Vk?J2Vr2ZTbDZ@m8zPbU~KZPQ~lHhbgqW
zoO>^BLd-z9AxAZT177(lZyX=j-z<1~yeWwOT@5DkZ9))CT$W>}w)EY3PaeOyFb2VY
zUIe$bKeGL#w;{M@&Lu{i^1s(ME{so@z;Lll6Q?0=xjCZK=ZvHjSydb2h{Gi>-wOsl
zX&A7WEZlTaxOW$`wr*eljfqv9xo_<)zgDlCkdz#6xN4^C5!(={WtY*2<n-Lo4w4hI
zD1uMOhpTbQxHDeQH=uOopQhACB5oWk7n{%}BvG167O7!Nt2ew!_*x~|W@l)fCT38J
z#ed`<US8dr7!;`<&X6)ZtjmPcl}DD>4fY8#0=YxSlh5+wHEx-L%Y{<Cg*9^8GL5*7
z?CY^plc4;M3j~HE$5TXA#fgMkH)utSf2S2!#3-(co+l%n$);xWAdA|n_`082oaKTY
zO;iL;%Dj_x1-IXuy0!B9af-D01TG#rr<kOBBug`_9D<z(FCp0J2U_2sQq~sT>=aTM
zj6Kk!$~2<Rxf~CWOz;7*ymyWN6J`1LEYEi=Y6onLGUKKY)qr=yyNckd3Y-#@1WXeF
zej|L!2d`o5`?2zd1TxENV`t5WzLh#t^g$0auXc}p@k+hL_m_z9I(j;GE_hBhU8A2E
zoZf)^6c!zPbn@I?%BG2|+&KE~gxZ1Mo|jf=V!t(`eG*@B9xdTupt^weOJ|CmC%S1}
zjbVn3x0R!RT*@x$Z0TBjn%jaBA?XSN8Mdy$Z?pT=8#2Pon0vj`Wum&Ao}#K`7tAK$
zYZd~BSxhFcE;6q}Ds+F|D+<jX&(G5(y9&N(Nc0g&I9oiH`QeLRFcwT;*S*K_J{PWc
zQHh6?HDID^!z_szD4yIkAQL3pSy9SCjxY@pZJka4$sFu^7bsIkE`8qeNf|SRw_9As
zcPr@S7Z~GnYkQc|A~%=CjPu<H%9%Cg|0yxr<w1iN^V*X>Gi);+^WhTWzjj(}M;2G)
zov2i(-<Zj|*xjdCFAhYOAWw%CeB`otdbs=imr}1*D)`=9wJlD%Sxb1R+E;x&w;@!z
zzLuABA(>kq`t~wsO;c<`ip2|=ob(oVu9)CeKmKMX<^x2JCr^V?$k~-i@M-t8wmvad
zEz>xvSf^Z_BG2XOzN{O+P-}*k+l1zOCLr^^eOr_VmpXv`iDMPQHyagYJx0BbQjfN6
z6o2RxzWT($?tPB(5RwV)yG#m!$;^w|5UR%WmDUK}qa&hbRUJP0(A(DRLOOZ?>3X;-
z#QA+Dm$=I!O`kD~J?{?W&RbgI#QmnmrxAM7!v3Z5A!M~mZY#oQpT_4jhsJxlA^xZB
z*h9n6{VIFjt`#!^+nLU+9|1Pm5)pCq?=*9KLl&yn7lIrhcOU}{J-<KLo90Lly<arR
zKRquUf2#a};-~5#7NYbQ1#Fhj5>uM~S<t^KS6f+aB3d&Otsds%-!Oi;T%P0PrQ2No
zbC`mx3l_Rmxz0r)iYZ2a@cJjfdT6B=aQ9)!o6gP1hwb-PK&y=gUCg4r-6DCqOefWx
zeAw8<_Sw&ozxwKH&II;0SEkmf9SZHNQsjT#4AfG$V;@}a8X66fDDIbdMj}}M42zzg
zWL~D;8h#o^lC7EJd`7)2`_}z3gBRVOOXzdFw<@3gEfO>+EKa-l+qvAIoXQctq)M*J
z&&p(6yYQa9_w5m&tq~g^)--~rmG$KipN5_O+Z%*Y+{b0B>f6_8dj4-oRY5dwbx;|&
zI$SEQgeFv6&hAQXC_XA>M1}@Uwb@reH}UM3v?ccM+m&k0uGTItwW5!<Tk;#+B`DX5
zb%!f<BMPgOJT_D>m{Vp9-|a3Sn-%pL!-n_dQ@a>Vf>*QTrA2Zd1TI{!=}Lgn)h@-^
zti8EL&3~>+IK;|zv%a+Lm*rK|y^Q!&Y}sc_e~IV=7R^EWjUcAB$(OtK__J0~0>L*P
z{sIDJacMUzWs#@97kLFC()_2x;UXM%-|h(2712pI9w=?I*=98=N1MIaOm6?m*-qR2
zkc>)jA2ksFo%K`bFL*qd?ta7{>5!dZJ;|RU9qBVyl`e*f`Lr*?Yf0YQoj!odkMa}0
z{wx$<2-XQ8|21rTIqy95;2_(b;Q7YKbxopl3zJoGl%JWf<pKlmM@$DDakr{!C`#uK
z`TYkJ39-8Dr5Xvbo<CGp2#*;q)V$f`R!`z%IrNbuqh^Zme23T%5&j|iJ+mJ<9haS5
z`a3S)2c9yQQ&#-5kRRb#6*Bmm7l@H6F;L5^$<9;G`_DRg6V+|>!+va;BKQ7XW>1Dc
zj;8hpZOAvY)OnVwK3p>Pq$fq7By)|~v_gy%((UMqRVtx7u8IRs@d+^uhM%j(fUG{s
zF#pZyx>!-ggAW4>49U{b-e>SRc+YD7zfm3w)jE#6G<E!IO=Bs;aU^5)+kT=QgVj&-
zoma<}kb6-4IfZ!pnEjnaap>e$MJeXj1THgd@zv>`%3?v4#76Wi8#Xrh#hVGXwKFHe
z>_@*CJXKtMVaFc}2(%gV3=3~W*1HvsxK+qFxy^Hd(UbF3<$GVq*-;aC1xFo6`8e-`
z$BPLEqiHyiB{f`3$d~d*aj!qU|A2&Axv;)Ml0rs3i)=In?vMzd`${$-^6qds?!nH#
z@jO{i@6NA%GeL5RJi1S8zKZzav}%foJ@GG7O}{PmD8(Mq*{Wy27|etJ5RwhyyLzr<
z_Dv4!{gt{%^|p_Q+50!2EyY``$vZoW2uh(Vb*9Qw^ky(g@Bh>vkMo;bx}2182EM@T
ztm#?LN3Ayyy!4~tT1kT~LT<mEo2Pi5pYKJibi_O~9r-@;caqg|>jH{8|MBq=nSs{W
zXAOF~hPz5x(+5G-$_4sap0ZAJB4Jg-(<M8N#?0oRk7t4$8WwDoawAE1RaW2flBy{1
zRlb3VgqRv0I@~julzv@)%x*Q!M~+qm3sK%TqR@8rNG}mgA^yQ`VsD=kJ?=RL@{2-z
z);K4<bPbg4s9EY3pz#&fe>W#qe^Nz2C|RT5K`&?~^EVmmp9!mHDK)hE)Nk=z*e}58
zlvb@Y3e8>>CgAfSaEa!<9c{G{>!+zVitL?6Tia&!tTlNnM}n5pLFRrPD+Ol$N=|eV
z<1JF@Pyc+UDnHrpR&w>(0>o<Px||eoyYoS+rM?Xjei~^C-BM|k?T-6jl>K#7RNou8
z4IdDc5Tp@A=`QImrMp8~8d17a1VIq#jzI+J?i>W9LpleP?m>oOgkj)0pYQK|-u15c
z`Rn-y&SK3P_Bpd>?|bik-`5op-^_XO3~j8}T>e0fK=Nw+%TPrRiajw=wlk*qc}+zB
zJ@^(T2sU3GM`lfmgC`wTV|>kBc=*?>(6$1bZ6ZPGSj?h0M)9%j!!^w7r4|qA;r~KY
zT2x2ndevo2W#N%VT-@#_fgsbR@Bt+w{y0TEufSYs=)Y0P<yiI0+?$)C!O47`?6}UC
zg0VepB{SJvmD{IL%bnwAee|B0X|$p564Uv_OlH+WcDh%cZ*IJRjfWpzpsH{g4`V*z
zWtuenG-{PV;DJlrbX}JbWGliOgCQFbmEk1)LYn!TPZDg7q-V}0*qn8(IlG9rBV3a^
z5JCeQ9GI8@``}`USSFvvq{;WGF9gra#f~oi*05L{k$o(ARGs}+M9S5#Vp(tY#awup
zQS*nhMC3tazgnfmg4>rNL!evI+)>z~Ch^}WvygrPnUN~yQ}waRhy4d1q~NtAUk|E0
zsaPV~3!bXKQVwX4bwB3AGi$+PX4;MnW7x-|jH8+`6_#+DD;EJ9DD6oLHt^B_9ty>g
z2(O*0p-eIiP1EtGJlIO?Bbtr&Vf&uM8S*^4k0j5pK<Y&)$+nwc$|K#*9%Tsad&P9E
zB;*_bOb!sUJ@u8Oo#k2K9y1E{MOCPEQ6c2ZO~1atQgcwb!AZz^h($DNZ)ns062eOS
zUMh<+IX(Ec2a@je5sBr-`z9&d%y&~b3tW0G><q0QU5A<cpot0TK6--Di@IEJW3v2C
zKspyKEe?<smnW_k$7z5_e?6Knl;)-rbbR~M|4zGt-WdA6L9{H|pDaT@KW#oyT|c#m
z!<%YXtc<ZvkEM38CCN)xQ%|d4r4-rl5ajw5Vjd`6tWX&RU>#Ma7tFN2(gigG))}#u
zlIVSTp~mY0m!+c`uFpFK-%o<r*rc7prw`I<JV<?$bs))FYSLV6@^y?#an1?x6hl2M
zSdkCVA+;N?F6%i4Nz1)fKgK$A3j+~eSx{u9Wuu<L+dD)S-)3dh%Exen;#g5Bd><nv
z0q*SZ1PW{%L{}_jR(YP7iIA4r_rGj=8cy_2?H!FF;#%O@0<);3Fjx*ggmX2WdP+*3
zo<|`>^i`rD`{jQ6Eixv}Rm_K);h$Y4Rak}E1;eK;BAQPxrY~vfkuj_YoS}nC5;=sP
zQ{+7ohN`H-x&05JC57MMmW9!GnpLi3{0#xUMZEfo;SPUDo!?)pur?aZy;&&Ur*$gf
z(kz<wcZnk`N+G7@xxf?3aG7t;XG$D?)bAI(&+xy8vvyQ-?FxnG=MGbm+U+tDFuDJ0
zBoFlZ;-zSRJbH&LhkV4kU{DH+nj*xwW}qfj9`2`Fw#ObTmE2V^yQ+FIo4l*Rc~^0y
zynhz*cZY+zZOuBfZtW0_2@4^9_TqE(d8|n@7^&`;`-DDQ=5P-Hw_~;{)r7@QJjsN~
zMJisgA{rBv7x!{SmXtnBcPyC_YDIh3y*gov)5&lSuX*8V^}De}J;4+?<U3+;ZyZwX
z<eQvNHNV~ee?Hl+qZ(RI2A0}mS@%i~p_4Dc=G&5A`N(69TyD2_wmR`vMFP6z2#lpo
z>S_lX8~J^97{@Owe&Xu)73knIGc!)QayP8(bkUYam#6n?A!ikcbkDj&R=To(kT#KV
zd5!%}e<}S5<>P~S<i-jDWE-iU^*!j^QGP+uCq07lqm+MK>Uh?EU0K%E(OOIIPwK{k
zn$VKkBR>#%8gzDwjkl}#fT)A9t3&E&MC21o^q1w1g|y;g!r#Wb$@N2uqLRPC`(XHA
zT%A`dWu$P%AaEngr>s;xB`1Ui!-Jwp{LnxwNcv^W(Xr(~X{%TF^;RgY!UsP*3*7+Q
z^R-*Q9lL=C)S9rJR2T&yYC{kQBbXT5lz*1{?YVw*+j2sWNHkPdmS>ZVOmT)s8k<*?
zQy?dRFt+gMo8N0o3M}q1kFmAcU)ODg-K(9u8IQ@Mdmp7wPL24w!m`O8PdW95cA3M2
zuLa-#k_E!;ubin+oJD6XUpFUzsVC(gN3mb-%7W?LLT0t=rID-YkjE;T_TTPVsmVSR
z6nc;>PITR2ursA@zY@3}0@qw5*$CgK_J?1EB-AWa711zTV5xo@RIz*gCNExB&7`Wd
zAXD<sCf~o-X=!S5mT-_BdV;z%1hrA1+oLYVp<M2i?5P0(8w<|&#DA^}nUg~gLk71I
zjqW-%>T47iksUbg;l!tgg=T3X=Q}*_EG(Q$UX%P)SH42Ot)!YVIEVv8l*hM<wayr}
z3RZ*nggSEYRX5$gAv!z3UG|?z=!!QtRmW1Y0gtFmZ9N6Pj>dytfJF17j{0B?HZ9wN
zFK;z&-@0P6MWLWU-a5ZjLWe^YhyKl7B%s2?)#B0o|5*0o8>!uJPiWew2tAV%hy!r1
zp7)N^ss5jla1#>}*3SLubOq<r&y8-5B6O8C(e@yn_BzC8th=2gS&#WN+k9-Vv)mDP
z6HhJcDa8jX0zFMEKlB>()Pzv0h~WUjJKI&PQb{4CQt3j<NC4TS_lDPAIJt?CCw<h<
ze0ycz>SpNi&R`--nVkN+^IgauQ;5_JYO;C^F)#m26@>K(J1nZG7SbaJ(RJ?&)Be8n
ze%O(?S|PG{!9X|sbBSPYR;|xsn*Q1d_wn_BgnPF?J06kD-#_mb<q|mpS)TEs*a@cB
zhJSK!8gn%~^;pcg;rkmZH#FXl6(VI|cY3nku2t?`2%aLeF-XvY?B4U%%3i8U!X3!A
zPWiC%gRb%U9}c?_WTl_1{VS$W5-!BdbF5mYN0+W%WQO<b>oc9~%HJqZt!1-3jmdBB
zeXaCMVgKm#8xr%b|AH+<kv3?>*ukge{Ci8t>r024$Z@F3Zrg2`uZcU;Bc_Jwv|-Ub
z9z&d?gX;ji{!i`(sVyElWYfo*25DMT>w2j_&or?kp-V<Ud@av>_ea@}w5-e4Ej{g0
z{fu%5(`6UJu4Q*UzcN2{(?|l-+&p-8?x+1AXym8jvQ8bIKJrpYUghln?m=_yep>cD
z&Ah=NSb0Y0>U0<4#yNw=3dtnYkH&~@uNeIbFmV6vz35-WR<w1Bnn=j%j)_mrCT2BK
zbL^Rh9Krix_2jpvXfl&PZ%u=1!GZvoNu;{ZdW8RaZqQeJsxCR{S*H>~Ll3qH_hV5f
zY6tsBZ?}9z5W$gaw=R4dAx=6gj~B);Q6kHJ4X^gcO|CxIu`zORBv#oJMjUC+zvv2<
zjkmDQsivD=e4D(Cp)-W_3Xxg-yKaB;&Q*pg@cUGE%e@hOhE|!F!kDPdN>U$zS882`
zJky2w=9LB8x21bKFCXjNG$LsP!F?G$2c58h?!k@DCIxm|n%M(P71Q5@u^3FC%@?i7
zppEfyak-cCKOcZX9{+L6XMr2BOq%JBEPL4OIU4G*YPm*Y7=^gC^S+0{%GdQ4NlQn9
zIWpB9VzTxMN{?smjwa4DKdp<1*}9DlJW1FDt1rCV^;tsa_ksd_MN0<1gvrW%JMAYn
zicNpCaMgKK>F=$cCbaI9x0iL;@ySI07&@?1F7c2dQ#85b6uEb>yt62oFPFUlnG`bB
zGg_ax@hX78uV?vY`e;(({2-|KytMSP7h#SUUzZ=TXpo+#cgh9?Rz2@aern(Qf7;0g
zw$sa2-<tON(Cx@Fjr@-M=z6~k86z6qVBk5LsJWhdlXvm4Y(kvBPk0$${7v$QFE1MQ
z;t{81%llVGN~R-9YWne(*4Yy<s8b2?y|9g1fqAazf2)<<!kyPwwWA_mCS|5-{V<Ny
z)J0TdR^8K((KsrnH2pL9B|2axz7Z13X(vePZyekxXYuH}BAZ`*bf*8^n9<4ae*S8d
zHT{&5Al<UU{gB6kjhh25-xu>;9a`nUw`A6az#BxAIJ-q^uDLOynlHbfbyU68y7i<A
z(qnCxKRi4^&=l1y#LXZu%egn#RSlz3m^UE(nakw9_X|s!eUrwUgP&Lg2ODakJ*JSL
zxKW0J=s|0hyq@!pk>#@Rkajt9@EkDRB2{kWlbYP>UYV;=+&4>My5Xwo#;znM0|xlF
zuz1&4{NVWRU%tD>f5nNv+Fp;{$%ReEJ)>S$zztFTUxOvVB}3EQuu4H>eLa||=$ZT!
z|Ma`(n`ZNlPaPy2u92!qhJV%Z47gIV(hu8CO!%kk|2d0}x^}hxa^s^n3w>efNP^N?
zp{GVV{QAPP+$HJI+1PvLsFht?F!j&%bMXzH`xjXl%QY!BppQVB{SYFpBAGwG+U&9`
z^7dQK>r-!!YYHVcf%x!|-H_8LcNy}jyv;R8`8JYl&m-|Fl0?<(wL?ha7tC(QaC)|Q
z{!n<ZWoie0m8va+9P)O7JhbC?*4wwEw3!G2v*zmCLoq|>*B~J+q~D`Uw!04B=J=;k
zA4h|NPN%HRwP)h>ldE}t&;P8S8Ry9tpSbHVaQOPqjy9;zPnwf0Cx%LKT#@E5;X#~@
zl9Y03j^*PDQTZq4Fg${eIeVD8RxDLfg2*?IFJ_m$5I!hX<{>`v$=WiJ?#E*d^=A7b
zGd(#yV#a__C2QXbMUiVH#FOPT1j8sEMU|M+OWvB1Mgq(8;>&qD@x`8bUH3jRHYo0S
zm(i7nNRPqnAW3a8!b-bJaKjAXGmQk_Fpf<r_1mW`R@+SB{|+z>g&i+zzAneF$cNFE
z@wAz1`Aydgelv4+WFepUe7)sYrV=%B#MyVI9EUZJq#(4_^ESI5G@e1BHIPy?qQ~FI
z_^FrqOf~S1R#KY^*>#+b+chdq%p#=0rk&bxY8Znt*wF3fO6o-c>H%8+wsarhMYbrL
zk%COQOn{xzz|bf^AZ6Yxz2A$;Zk2~}_mlBgUe|v@LV4oV6uzajPss-?<r+rSEk5K`
z3EXk7bYIBXjk(pANf}LZDAD-QzrzvEBS|qmUwa>NM8q&$(isU;yL;I(F8UcvM4Gr@
z{AWOR^*STOu!`L0av@dp$JM5oqt(c1@!eB%N3<fWoXf?k$fPiHo;KWWp?1>zO@-<&
zS7_OLOmK(gGO<O|-DloL%5UIZl*LbO2K9!9`~tt=?e8Exa7&*{_T7PE$y$5V%-sra
z<BzJ&L%QYrs0&{V;@4zP;-i)9@8fTWLw$ZZbGkF}E5ELyuKS?Y_whi*2ilNOWPdBv
zGOi5HD3eO&;-DO-pup03!9~`KojiYKo)FnS1Jk&B(lYKB-(f&`KSHN<WA)TtrciUB
z32|tQAn+H%@UIEx{_3cl%ujd@M|Oq33*uqMybG`Ks3t{P*E@(p!JI6*YxFkm-riRU
zQ7H|QPm|T#JGV(fBwdl1>F|S$WjAn3;nW$I`ITJ0e*vLIPma+<8YgpQ=o0+<IX4V*
z0reeo69vD&PWW0iGvCtCM_fu_D?4I~O=ZF{r`NQP<^vt*l47kcTgNjJ!cbG!u_%jh
zV7k6~(mZu)$cu>;ulJ!g5FjrTC_epdkjV9(YXG^)0Q%4&e9Y}&-~Wz9e2+WEZSEm!
za!?%i5n;Rc^19%v)HMv+YvV}d(M#!PNN+6D?cfJi!`v-wgrPPL7T~u}#=*QUxq{}0
z;2$UNz(2w^;J2M?*Rb#pX8!Y3!`!_6U=~?!^#(>PA51=bA2O8j2Yl5P_^SV9n-RJ~
z(eN8EwXC`id>sP1fmy_AKP~gSm4lc0A^-dFzpJbNUH$(gf&D-7r2g-;sQ+)8SpNTi
zCe{DTY^+K!U+HN?N2L{V>Ut`4M666C#e{FS;||0b)n>42Snv&!edE*%FZ$F~-<5bh
z@a|TTvgD{47QRaGoV|&1@P=$)Tq|TJe_Moa=xw&M-@pT=?SvgMLwZYIY?F`QtO-&m
zNx{0yXYZr&$dTa2#N}KW?ItOYrpKb@y@Kr3Suc0!v}LoP2~Ash=d;9Q--=CL5WjU2
zxMp?|eQOvk0jX(Npqkjg2E<usTV35b_yxuzMV@R=EN==l=({Tq0kxA0TUS99a#N@S
zEslNxeS*>|@XSu{BK%n@I;eQ6;^G`JpMBTK{`=8lrGu)!(cf2X=ciTB08+lswa@?>
zkw<Tn*UBS{msw>B_yItd)bqW7>J_qEkQx_YTU@p>h;1ixxeaJ7?~HxE^apJ@w6;34
zD1>M7(XNR?@o4z8vs0_9H5<&4dY+T(E3j;tuE|h>h9^|zQWiOwI30JpYdtHn@^vQX
zc@?pB_-dB`&^(w;LZue{G+-yh1ty1l>_lBTBX?$gtjsuRm{<&>_x|nOh<p&t8%^z-
z+>SwguO4?C^lF@B>#PiuUcIz$AYRZqtb{1P4Ag6jz%=^?3z{EV7qqDuS*Qz_LKa)L
zw_1K2TE4M*opoj8zB6Vy{0blZdPolEx@0i#RmnM7cKigZKf_9Q_*#t&KHAk$7<b)*
zn8pWQe13C&&ksUAS2MWHw#v>rS(^Hpz)pl$(_!#Gk{c54I)x&c&pK4@69C&x{F9gH
zKx2W!CG!!+!}Pdzug3Jd@xF}WEUBaG&8{v`9>mzOfK%lacJWLb9{?-)9mG3|3w?@X
z%}*oq&Nhz;Ex<O^S~ZcK``Um!rxKZ^it95+DC8j3+E1ALTkE8Z1Oae!)G)a-=t?Kp
z5Zgnc7!u9TX!_w08!viZEqcdyg>+=VU@P-3vw^|N_OQ6}oe|zUO0M4t+1;)@XkkKp
zmL?HQzqsU-DOljm{`YTSFjlK0RUIYwzM&@f)53=;i4+%UZr8hA&meZ~gg_D*46>$U
znZO;_VDQ=>rsQXm&ZFDuR?S0GcB=^~5`oxjoWoFH8X#5sb3FIsmQ@-6T;wxXOf5?e
zX>|SMbom>?9*S{dHN8gE@*=ti6g5b=KWC|k4HE9n0uZQg1~p(4fNVui@Zv<sY02dK
z5NpI^-~3gMo1SMw?pQTP1hmy6_Xb_5i#AR>gd}7LoUcRtr`tML@?p-&(~JJAM>v4A
z?&60~Ps*EC2?$Gm9HpYP%~E&k;<5GCddHen4bwmLp6X|;r9RC0KHbaHdq9?N!CPU8
z@f*Qg#Mpw2_DI$}0C^_5gIe&7=i~ia6R$n8d4Iud7DB>v{l-=tu!-y=snY%U?IpqW
zdfbN59?TmAN>Nw4S|pF1{#gFGmNr&p91k;cx*LUd<|9b)zc6fe92%EVEh%x^c5{RD
zQ?|``1QmayoLf5X#=b=?4hbOdcI@^L7*_0A+v&8#3R!{Q1{Z&Gdn4z9?)UwN$nq;F
z-(P+VcnB!_LcpDqT+4V;ea1Vt<5kOG8SA^FN9K5i9BW-?tw)GPsrS5A$`4YkmoPQK
zHz5V~7^Bb4`JnP4<$2DxtIJdGRx)cNFG+l$?P&dbj}>VfS%9cZ`tqU0KtXS}dWL6K
zyXF*VC^>ntc-SqYtutk19mb(Hn^mD+YHzz>!=e2Xhw#;W@8PJ&g@(dn#jCZKsa4v3
z6&9qU+M`;O*&@+CCQnD561Uy`d0!N(uE=amq4vsUD;*458u||>L|6%TM?ZK2z|Qb}
zr*{Ht%cotgLXVu>&%05-GmY{sK)kvlEeI1{rE;1^H`n^-HzL3G1U!6Vu+Sm?-Wn$k
zl56?Rph5HnOhoK$bQC#HkWzmEdSMarJeoE@ri9`&Z_6jedD*PvWPMG;p@cS{tCG@(
z=6t~oQqXFQBTxCoR{vMC@L879(Oz!%uX3;G%zT2^tbSrsV20$p_Gn>UGy7IQOm_Wb
zBFrTCxR7g=%e>s@UB%?fuiO|D^j;+e7VtVHYAmu@?2pd&H#Q)RX==UtF=M5<nq8o_
zy}LfH{>LgG(yH@U=6Pm=PVNcBJ8YZ9C-Q>k{EKT=7=^mso*eSGZ*qQzkeLU@FMM}X
z%itNJH0XY&@jC6IRzMzx&uyVI07UTkWKbKOeGo~}>!osP*pE;%`LsmsFO{$8>|T={
zbE?7h82~7U8@=01x?U+svc|jNqr0INF*2ykNhd?!Y9($X@%w5DN?r}~&ee=H!<6O6
z18at<W(J!6MhAVFtX=qv-+bPVj8*V0zf`K^dTwT?si<qJUz4y~&w_F#<azb=&$Eg~
z!hSBg*l6IUP6K<;n7J)*Z&~Rcp!yP$_3}A>g+{W!pB;DgN+QNS-s8a9+-j*GA1JkV
zZ@|M4A_H&o-s3RfVm4sQv^ryK1sxtDw+>@xGkuGRa#$c={*%P5Cl(Nf)Cc>$>u;ze
zKTtS}NRP$_8YjIiL=INWT7E?HUekI{H3oy_lyYFL+#P6|U>!y@-t+mz`3mpEDi5P$
zvVhlX;O!IAbKiu%Shi4EO3Oi9Sydr(JL9b_bkV{fnOlDuzpb3B@ng<uMWz1oxeSll
zXoF>4f8gfYnn#7srS1sr6_?xKr{3QtJmN*Phy4gqED%x-a;9sJ-|l@z92Wgp2u(7>
z(1pQiIBI=ulCJ+QEwixyoed<L*Y)?!6&?x#0dlcg5twLMYYF<6&uQbKGUyGJAPQiq
zb#Pj79#yKeM9?`PsH1h}3BA9@-|0N%T$xSp!eW9|`$5euomY@_18N0(Q}?>sVK_Dz
zN^%cW391aOxK>Pa-b4Qg)XBE16bdf(vi|@gxzVzN#!w}b)|^ofA2kJE%t!L7Nl+->
z(A-d?qh(YR>%jgtQa&0+Bmy(qVg`DbT>B^sV@t&D8-)jaG2&Yx%Xx)qh;jT{M47MO
z<Z)Q<tNGsggY~);J-IG@c`}`YhL2XbZ^z1^n}310SlCH~U1d+0#&>70If4wgr~I4I
zL9>)?_UieNV>U};8{SyTdMu#sM|MqRdd_0F9&YU*bAvQbqwgCRb<3CYE|-U&5wxLj
zKM#J)==J`#1Zwf>3WmhM;+WP_Udh-|_ulgk`2}(O?^e_mcAko__MfC6T9`pMy?tPP
zU?Csj*I~-{$Hnksqh*-ptmXV$7mYwsL9ETl!*m(Lx{$dvCPAJOg|@1>3*)^EpAI{g
zhAs|7yp!b-n)lTXMOPtfs-M1tiJ-YPM4dU3wMcz-R6SEN)L2WsOP%J`rv=*5R3Ku0
za%xJpe6mJF3jhMhM}MaWDEi(tZgfKV!`>S_^LIz5!nm!f1@mWq0%a6tdtJl6m5t=$
zwRb}M>&*@n+B9D}C=5*o4|`A`v$Ag91VRywu?{tC?;F$Zm~-Q9>|FlddC0Yg<nyte
z`pc$l^u!#)74WFKVl0N!Ou(&VOrpfYlIPfTl0ULilRn%VH?ivJ2fjvii^EgR<0@Wa
zt%2f7?a*MYX|6Ud%Ytw=-(X)+5U$SS(e3%{X#u=IB*^8W_G@+Ko!41~G+C9vSk)8Y
zv_vmv3~fIanNOClK8BU_$kSXz9;;z2P-SL!V&D(AA;Z)}*z@wtkAifT`no$0!qGd(
zs>I6w#z4CIJXrHO7{ZQjo@nnbrmc;uw!Pq2Z^%lz?RM~1e<3VF`>~bFy+3QIS}-`S
zcn^BL=l=kZJ@J2eHNWs|RNcofum>dSVRQATJofdMj7Gd6hy=SNIM4l3H_&ZrthR{w
zt2=XHxzJfw-Kx9RQ1YGTQ@jext1p%G`F16Q)8)<6G{F9CNJ8bMet0B>bbuYz+cF;z
zKi%}Ji9mrMt-9=Ig-?aRYabEdciRbM&bl>&36RGX+<EqDs{-srstPfgCN?51Y)B+j
zwmM3?rp$Lwv-fo6lb=a`^B8p}#aFkIf3WR`&)Ey|G0g}UFaxtlkuc)?J~b*x!Kb<T
zL&}!|XH1$`rU9jbtt-l)h~Nz#3+HeVr!-X|36H(xlYIJ|57uVTHODRCLz1y$L>?5$
zUF+t%@VdFkF_^}Oex-uMnJ!?VRDLAKX#0WYOX%z1+n@!aLc-~xJ@ITDp!nO~>l5Mh
zKaV+Zzl+4D6~y*3@8rKBo~tAI=&hvZ_}{a?)`dj6U))Tf_7FSERBh)Zc`4B~cJR=N
zBlpm*mBQ~^g@?KMph1N*g)-X<Np%_gvSKXL=T(bq&+-SOGwy6+I6>UAyj-Fs<qd;x
zDic)W86r~7HGWqc$Ai2_^nBuJO$$2_C#L!mFM0ypzPw<Gc#hLm_x!!HR+w~5J(tbL
zlYf!8W_x8PgMoEc)g1lPthkhc6B2Ui!<0(d^FfWB6<<qi!<QW1bDO)|y{lbN6rz@K
z%RMT=!75gScMhE|CenK%q48d0|2AephjlclP$774Unu8fJEm=BuEp7P1|p+uVhA5Y
z%AY*lG7osI)}<EO4Ra5V<Poe>&Ughc!2*{0Y|p!R$1G0(pjbJxO}l1R^$f((0=g8_
z#x$z336mMI0r#9O>X6N#YJmJW4CBH;J%@0;4asB#dL?oN>6nXkmD-Bf8du)>nHZV-
zIXz;N5sdldT=BRv-rY{#Z|x%25)0seeI1xkuFO@oCNng`(mPTN%3_uvm1r5mHbGOr
zke*Qz00cxvg^}$hEH5!Vl<dig3@^8ViiLAOc%2}$;dK=D#QgnlSva+Si~gYAtH`A!
zhCH6iW)NbuF6B*Tbp0cKQIq#Fcs1`T+Wv1Dhz#?wCt>ofA^*z*4JeNX21kkoqj;B&
zMm;_!y`cOPmox7AW7*Q^DEq;kYH^}Zxt_6v@|$L(>L=KKpfo+dG+6JM9sc{O;X?GV
zLLf>fnLZmHB%MKlBtM~ny;--=(l}_;<_@oW0-PNLX4~|DDc+pZR6Cf1mla}3gc&#6
zJAC-lH>!wpzt5iYIm6}j<13jDADd!!4_EU=i|I7udiVY_G9*RvEt8SQ|K$0V6xcmj
z4XfFu(iSsLL;RJ6u2KSJ@`D?zq@|}K91qO{)`z&LjoCk;{wNmV>Q$mbK@V_*nbrO)
zttaG|jc1WN|DwMWexfQr$$iM=oju01=v}|9`sV68LPe@@Y6T7lOJ+e4P*LHd5UkBX
z9xIyBU|8)o2XIy+_V%xF@omXx%D$fFTw+O90=(OcA_+={n%Z!1D^s~L?azKvWP=K~
zU<$Y3JFbzc%Un>=n&qod5uCticOtu9eUy$MZCR0gOYI_Onk6`f<O6z>4(%!tTIi6*
zBkE3UK4l#?-x-@X7dPL$b$Qe6;1~qLk>mUq=%A4&yX=*D{n~!oPx|RB6~N`ia&a5%
z-HF684uf}ELMjqtY`O`}jtRgN!9>UGgLK0#zL!1gzL&<Y*jmRhIkQuhT}EtICD&`>
zs8lsTo+@Z{Z9Ny6+(SEx1xPil1Xh?d?30IjTXBsMtjWwTdDUO89nbpFyz2hoNYLSn
zNVF=)X0NfD6{Vi|*;hw(1<%dZ)5s}cck{asO#b{H#7gpIWofi>N%JeQtZto!o{L1Z
z)Zz6z6QGdceC}D!mW7Sk=$K_zPQ`m#WgfEl@egJepNYE@d9`1@Nn$x54?gyPU2RBI
z{q?_voS}x^;}J?4v2=T5^u%cep?-VGb6$}ShGr6c2H<3DQSx5VcDJxa-6#l$^D~j+
zxZv^VG!VcB9-2@Wf-<bW-?z0nNbTSC66&PdB2#U_8gX7uj&fJe=Fs+(ieLd$6vtS*
z?++nwH;vtyMaapu4J0HpOTTDs^mL+@GCVqY#G9_ww>%KpoET@K(k)akfU=4N0Ec1C
z+FeCB8V`$|l)B_dVEdjgK?X0;pF^!BZ3MV3;!u`d1EqP06XRM&FD+0*g?Zvh&wtrj
z-u0YL)odq(&(ZYn$J;69XZL`fW#4m|`$lj>gwKq2Deq*J&3;11+>cg=DlII)*!@|!
zd+3{O#=9efN@tE0%a1ZB@rS_D(cE2_jII-l731>n7a1nK{AdT(&kPq=-s^sksIdY2
zBLAuGDTK30qeQ`%f=@052GLCghbkQXdYO@vN*4W(Ysx$gm>OSs_?esx{1c0QKq3zS
z#@N7q2`HY!TFqylB+`vK_VeSf2<KX1mzt+2tRrjcN8(STca0+f+EMyyZx5vOh4mhd
zL4FF^cFD51>Yg3ZcH+WvwPVosm?i%Jki9R*H}J%T2dva*^XXJF;l7exrK=sXi`Z!K
z;?{6cr}(9@_0hFj_${7I=4`DwRzyY)9N8J8EYUEtgMsDgejZ19`8LMWdaB;q&lF26
z)w`D})-k=2o!vXa7{AzKEVA>TNa&`XZR)L`zwaTRa8<L0{e2D|xDC#<ZWrYepLy{w
z0wA?;VqnSElHmQ1Lw?`#a^kQ6f90)H&~KeZ4jukczgq^LNwKY)(_jNEDsr%d2fX4x
z!a^%umut<fH}ZMXlOicy;L6R^*M|SCoh5TAW+y10u5CLQ2ZLRa2jy$z8Zw9bAa&n$
z=f*L7a$t=sE-Ow|FCOb&rHTx6O{1>%A@|9Tm{0q~Up@SWvpE>#|1MtHo`&!K#~7uo
z6LIJi(lS`=&ny6gOF$mW3x*hefu)ja22Ux4gNkzNz0AD{T4Q?I#EUY*D`#Wk6HDLF
z&~;6N5+yJH=6r49k&eX;AoA)U%DM|69;(^B)c2waHA^nt^+3B3{W#aW@`T#wOH(?J
z>!?6_q+0thsOrCVa^cIP{12lmdv4eL-A_v{z;b2&d<1g&GeZh8bf>kN{#f~mq65*J
z&;Z%g!#S+m^$xc6Cne`@h7ApJ1fhxfp90!-zU7S!ehB4Vy6$Q1ip7hT5V*2{U#`CR
zU;om+q8X&beK+c0y!!LBqVYP`<e;3jxw8ChU4HW6G*il&u0myyjI@e!lt$U-T4UlT
zc~}u9M_OHmliry2(?E*>fL)cAZblG15m}J_WeE#g!}SnW4nC&&7#<{B%yPoC=;Zhy
zPqWDVf%NZLL<@-z(*NGl3*ZMYx@KDK(gWH2Tz90C$(QLMv-+;BjZi{pUgr@~1awL<
zn$CnT8?(Kj{=^@I$&2IlOK4=XLvB9>X+NLK9Y6Xzk@L)498E%~{Wp^H=xq<iKuFXo
zd{&@E+*sqcm;AU5Qx+uLcEq;9TzbjG?KlBOyb`DTLZvjP7FpW(ktv`9JuW8)4ah!V
z<sF@j$>|^GtQq}sbGU=5E}k`{dTekqEo;_TS>ZF<7UXX&kxXN?DA~EV9X`{X{-grb
zqQrxN?o)kTuCHG=nYh#1m@@M}=Yr(n;TcOKE!*BXOD-3sQBN_e0VI2N`Wx0eCF@wq
zuYkPlb*&I|r3BKdFAfuNN%;v&kscGc4>Tn6YU8LX;{Y5A`bEXWzKOK5QNKx=$oXD-
zE+`(S`KEINzj1Q6xlR@S-R1y!Ngvq;&zT(m+Xc2*n<bB)l{zWov<i+3rMwCJHlU)z
z+8)amw~(_Q#bxp1>jyayj8AC(Q%=8VdYVo+Z@*08VO|lARoWb{GTFBXT_v2;K_0WN
z-V?_A8gaYK#?CD6KOP$Ie>3=6YJ@-i&y-4^lmUN;nc_r*H%gGsfwQdOeB++)$Ux~Z
zW&QD7TRC6j{p`~UKO4T6Z^3i~I!*Ni>=n=e5YZ_5L+r%$F#3re7GSTmGojM(5XKK`
z)9}Vm<&idloH!*E7Q+~C^5&C%^at#U_crZEk-Rafqe+#ct!YFan4?-(FQ0D2Q&`(<
zs@D%rZU7*u!g5G&C_0FxVln_rD*d>cYmiTThvfrpD^hDsd^?JDU7G*c(+*#FH<ou%
zf%7+52MdO7eF&j4NyN6DaU}21^4<5d$`0teHYAAUCL(4@y+bVa+#2Hm4CLJh>sS#s
zxbj^CC7ok46@}?csa3~Utiz$GrF=~Tvaq<m;rX+I@wC5F$cByG7gkxJyMfaWrw**P
z1QwoTNa7vWR3v?-JW!KSBLg@TFC=sFj$AJSp7G(-t<lKGF^gv011j@J%2}fEcTH7R
z=C+e@*$lf6R0>~T1`_D{IJPl<vXEH@$GXD$UDM`gBDo{xE~m{f8C2!A<yF?KEIVLR
zGL{vL-tX#k4!~xh#MovAcGgL%*i|gb*!UZT8a16RusT~aMEvRw(?gZFPvJjzr~ZK-
zP^E<njDNb!S#jMT8r?mxP{seo1w{OA6RfkG1bP{e?X{(keq`+3Rqj|`H6v&)*Z4t!
z;&gF6YW?_XKGrO@!zB5YpEg$JS`pe{6=VU{<~`c5sw8feVKEJth2-6{iHX@&{VbX>
zn?4!%mkO})NWAYQPkt4FZX>zJv;0~`n0J4i+&;UoHYhQtPtx=S<Txqf#PiVl!^Pg#
zUUj$Y<$NJG1?%F#&edb!dCe1r4$hqlf0bP+A(<0oj^Kk}?%gPy&*rb?=}(X17E<OD
zgkeVQKK1Y5DFfGMo*QeTlJ{P}7F$O*S+e=W4>U5NQx}VQ*0I4t!>NTBm*kLevEG(#
zYDe^G*Ej%-Z(Q%x0KNR?kW&NP<Ke?@hzb=!Te$nU?UjAu)MOYBK1mgaQWU2%;k3e*
zJ(*3e&=$JN(zwmyDSYG@tZqnh_s?&SCkl941HTM5MRKpy=7e=rf->4x+1B{S3{Nl~
ztu<5Bt!FnqL9#slmw#m;%XWXMdS5JFqB<c#p+7xWlR<ZV{ce9~xx+edfQ);txn41c
z;Q9K;jbNPwY##$JTb%#)vU$FlGzEm{Y~a?-?Cb_ZdxF%qZDyv6D-R6Xf*Lny_RCE_
zBe6NTH&uLoxz#Q!Y{gAIah@Lpi()OV+Nzwpt9@&skEZIGv-6tBW*2U?|0|zKtHsn<
zKbpL)C1j9mSdX5YyZ&lzA)!)!e+;JWKUGcV$yk~)ys0MFQ-eNAOSg6&{M--3q=YS{
zn;qH4Bj(Rf$0d103^4?MuZ`yZ_n)rYs!WY|+1<Que~w*hRhj)Gc^zVzirx$<$xY7+
zwc0op4Cj`T>yZEXxY-|F?V?y(Dyk!OVvB_eoHW4T1n2dv`Ua;EVu5{gVaNS4*xncQ
z<WYwATLtliREgwL)Y2cfdqA)CU*&G}9Gxc|Ah%@`AD_QkG%Hz1g&FOwn76u@5!b~~
zfH{N;Y0_luJ1ow(@FPrpOn_P3yt**A6ZdJQ{d{pxNscpR3GTKcSyA9jkm3`fQ;N)R
zaehys7cCx=86Sl8g)<Q@n}>HI5p^y9y>Hr(gM*=v443LFL8G8*E|Iejl7(+nk1l-P
zig#9isSYE$x~`a42bZhsm#ujo6PMo@zjs!6AibSRtFGN3j=%c7cBA!kovm^)Ze9m9
z6-%v?Pfjt4WWO6>w9?SWk?DN;dvJw%5?*6Vk=p6?9LJ8z9vI}4w-EM<$O<&quA}l?
zd1dwV=1&cK3QjM@Do#MB+=mM5Zy0BugBr<Si~?JxJdF2&Jhp5yCguu!I`NMhGw-ng
zVOziIz==zf9OsV8g?!`VX5aQxL#ewX?dD48|L0=t|GwA)FOFE8nk|oOR&E0puE30}
zyHd}!a=)3m{6puHUToLEFH-X>qhLDzf4|b%)M4cdqI`=TAgP6U<LN^RWz4qYub8MO
zPbqg)0b;%E;&jDCZRDU7H0OaQzTjM22!AUw#C`s6tQ{g?Vau*wfV#Brtq4qSHhaj=
z?OA%OE3dx)ykf|!e?33l?*l>5Nk(gT(l7re2sgxlUY-IB8hR&7PU5&iyv{np>EbPL
z4T?u=6%v$XR`M6V@>8;4dk}B`o9p)1YNS*FiBR$3P{{&6%p$v~!N;K0#uF&v?*%!z
z>dq%G*ZHBS0P5b+DS=ybDc5<O8^vWj3L0WzNf;6672;*PO_xU`c6zm8B`YA%9y%KL
zm_~@(ZGJZdR_@4B!Va#iP7f8wqky5FPS8;d0G$`-nGc37o@^(ZCE=AXcLbN%%8K~@
zKpTGqPwb>pem?{)T6CbgW1=u33XP;F-B?egdlF$gqPpTGrm?v(<=2lg$CeVyDZt@q
zpnX}u%p!FUsL!orgJ>xKS=~E0e05Ea`qj+)IWK<ieP;z$Dyjd1q0zl<^JYFX|B8_S
z(TPMQop<51kG@KK`DBi<H+ofrPfQ+hntng<sIfZC4_rs!xF|cPsTqhZlY)9(%mo^=
zv~f3H7#U^HH5t4yrU&#Y;*7|A>N3T}_E25eu)9Tvp&-z71g#zEnB350XU?CF#ZuS5
z?G@%P-#0EE(L9o?Y@jFc_PUkZ{L?KwSi`B}Bxl#n?HUnjT&=N??<!fKgPP!y_i%Gn
z+J+{L1=jmcoxT8w=HO^Fx!ygH30-q{9PETU@Sj>*w$^|MzmNe$Vp@H{<{2nlbn0D{
zQYH52`)hWKaXV0p=x=ljZvl<GqhHT5;7)pTn*X@?6k2L3?@OQjaXOLQ-H#IIy53%@
zsac4wFmHYaJ`>JBSs8B)TVeT0#-;GgJ7TN2CayQpoW-%)I`zyEHWN;_aIwmN<O~mP
z{szl+5Q5emN|uLfDX3~3+<>jr+gle{e)mUTDJL396e=u?&<57%wA|-vO#JuuTqE^Q
zR?<+d-MiuR(UE^OT}HW=V4^@+f-rl`_HRpZJen49YWavYELJ^Y#pCVnM(|MhEfte#
zBgUnBipFqKeyJ}Hl}QdF%y*6gU5^UD4kV$u^$hfChvZwl?%-)ayrUL#8dB%E-9f&&
zl!dgEdgK4<+plqwfl9EC;3ri2%bIK~wj<1R+;G=!F`vs6)So}=8v9$mT<@h}I&m#>
z9h#p|Nr;z@o$=k`<j=3Fq3^q<8oz8DO@kqerIsRi>drC~pTfiN@)Y-sAWwh&ZBnQe
zyQga-^IW6BAf*wec=@?v8t$tM=KE`F!#o#1gBzclyEGuOSpKRz{MIW#qv-w49}#q(
z4*DGlT?~`!`YopMs3yi;%ddqjp)wJJa5cS`wApmEoRZgAZJRUEX^ld<7{1iB`a%Ra
z&n8qtWPgLUObI|?Cr-8DZD|WOAQld7dtJ8v?_T(A$Q9fK%kkyqnvtHpi*{#$$OxyH
zBjXDZ^ZfNYB!1dG3Nt8*PsI^y?H|&0-I7g^)D`<^0q*2+)iRayJ8kn=EovUL61}T+
zWb7-TF!j^D`DgL2Ebz^uij|d9RW-xp`_Hj>1HrZQ!MK+oADY@y?){LpRie0+Lten&
zEtA^^(e8OpborRRq1v@eiuK@bDb|Q!=-vGc4aG91U;&>n@8noZ?WcXqyut940t*WK
zq}D^(f5^+~EOfBH!t9|~DAayc@PX$VN=Uv3vpnfO(s+N-&8qvv<wPenIdH=2-SVuA
z(A$b2#V=du;=XSaJG%z)c3nLC9Lz<E>R(K(@qmdZ`BO-EBVmI(Y6B#(h14(`a7JzJ
z(?eSkHOI-DmJ2d5?4;0k7k_Y1^W~H~mN5Kw%KNwrw0DX(Q<9YH(IHcX6w&a8a|!it
zpfjNV;NP6}x^;M$J17_zATR!YI|qT2Q2;<5tYhCBa@S)Xo5c$VdKsxR8HD!;rGk6u
zT|zd8(ApBn>V&l%b~mnmZ_1SZMdyaK3rLz~V5K=jz)cXRC8YGYjKUT#`(LK~6fg%k
zb5&OkQB&WZgL|fv?pOg_#N#XI5WuV@i}#`0IF)=v-ll^KOD{jXmTzy)3ZEl}*5qz0
zR8Eo*(EV88pMQ%mB9oBtJ=k+p0V2kWF^&Hb<Co@&ACx3Q@m5E)>7pEA^T~Ai1b}eO
zItuyc{WZtsRL5E9J-XbuLLZh8xFvP?yW=ow%iB;t9j5hm7vBi%BO3nKEx>t|SMuNT
zHw4_ah(~f8*`grH;@wf?l-=PJ3Y7Ek$CF;NI4viLScgE5Apo%^#ehT>>3h`+a|h_~
zN{p7JhD5TMm(pkRH-lMg3l0unKI5CfuXe2fEX_Nwa=e`elMj59ofIoG|A`{p?yZI{
zf}4!r*sYhao#(ZBcnxAbbMHbgi#UL!<1TN}-kMIUyX)<>aUPHGYd`d~EV8;Ir1sz9
zUZQmf(pT}bO#v0FMT-$LE%(}Z!a10f^p*cn-$#44pW5#{C13uQCx#IKK5~0g&_{8*
zaMVc`xbRa@oGXj9|7oF$dp-vLpz+dj?IB=F_Vole!;2!RKp2hsF%$PUH?zx~7#|=h
zrZFvO2dAVjQw`UR8#fqx7l?HjJu3%z^ms#otJnL-Y;8M<;2MgN6$Jaiqdutg;(ZTw
zzYX6L@7UoqY{!6rJSb*;HV**2nYtWpn{aR~)}#@rG19az(oV}Dl-x@di0~kK#KcOY
zOKNrzTr4qPOKP|-F9RE41R;-Q_prwTyKX6Q^?=|1c(`SUcsF!_311xGg)leMPmV%5
z%fIbU^IcUm726!cn&@!TzJid$fhgg9EPzF-Ht;gp+Wlmc^5CVHBR80L<oik2=U`TS
zDY?tEB9(xBQq$~O0z|6wzf<8N0ncalP+uuklIpBtb-4sx1cOJ=9_oN2lY9aFJs>5|
z5hES6bMM(X3pBEy+TFy)f-i;8K_Rc7hScXQY7M1rgV78{*9od{vY#tIgMJZ{y{qq8
zZEEXUsKU=YAqQl7_=JWP%j(iA6f)y1@4p>tY%m8JA2u_xPRp%7inwm+I`+N?-0VDy
zlddGhx<N>2Ysnl1P`96#uVQApu?e?5kCv8vrzqCe#`dghNCRK}0;VVEr^iL)VMgTV
zDnW6?dy=B@mt(>uda+n9-iX$oru^EI>87+{`q;G&!sU&zRK0VMXd@C{g{ilHNZ0=%
zX)l6;xsGk;_m(7{FpNlW-v`9|An?wY*m$*pC=`TE2EZGG*bTve{}`-56c~O~u|$Z4
zp&?G_o-WGl7T&3raAV@_A{6fe?(Z0#8}#h=+y}`|R&SOs#|f6Ms$R*0>;#JEj1V2^
zpKe$IB&{KGQu$-nr+A%?=E(K@6#Ko<My~q30mB%aUrpED;ddWhvCpf+!=BaW=BFUR
zSq76A@o<$|?heTD4?l#5zv#+tdFj6#;19+kCjkrZt?A>YpFnO<?v?Mf#XFH8U{gHE
zg9>C{C*ES7a<s;fcY>O=<z#)~Wi?g#&JJ2*9l!f-VVC@Om_yKulgC~3@fi!x2VK)G
zn7P0fO3G1)fxkju4;+yCKLINc(PO0R0_;oPYQt$`sU)RJ_-$yKVhH8yh4{Ab41zRt
zr2{FC@AgU&E<NW}OQ%k-Ffn=cb1`^nsq9UZ%m_@v#psfd9{Q~5GMlSmcu<0gx$hLS
zE_I7#g}AN_9hJU{YrTb1XXtBFm|bO!9U)q|`Q#RlCz@K1@grpS(&BY(g^VI<nEV8q
z_Bpxb9)Nu}?<I7d=*?1}#9}nu+>@fv&YXBL;5U4uj5gxm1QZGn6re788>y5XI8h)V
z8~A5-k(nPJ=oQC3wZq(sZfa}DK+b<LSK-h>;G2BE`Y^G^0nQqH`xwdaTMRZG<W*dU
zQFBAgDU3c=>=qS{qggqt(p|v*y+tB){J%5fx!QVoO}wm_{H7!E@3Tda3km{y38KoO
z)_?gTSlGcpTYD`i#5EG}Ej&EN85<yp06&FP>aloA<$K!^@sreI_W<(S8<1)XkXX&)
zgBaE=QSu}g?HETaQ&9SG*R)RzL^(?)L&Bi1MWt9*3(`yViL)pyip3Mh!L866%rWY^
zPEtCz;O&Vwz~`3H81r=S0dPMo^aUssFFcn%+JKw)7o2F%60dOoCaT5%hYpo`&TZ2V
z%3W5ZZf}|n?>~PT)8hy8UEaG7NZ;)F7t+~KM(q5rf4}xEq)K+lMWBZ@vF(QzWTbv?
zfen(X9&3N)Cq}NWx-_PzM*-kv5PrQ6x-xMEaFyLUf|YP|br833xdMWS2h;Vn4_8~|
zpl+(hGa$vErHb0dkR+Sp*DxH6y6}N07wp{|S#5XR5O)ZZ^ayQ>#oY&!JL{&On5@sS
zI;9nP0o#9b*dN6OcUIT>tw{nm0ksCC&aZeIK3YVbuNX4zcMR}FwIJVV;}<F<bl%>W
z;zz^)dHLsK=sz#!Bpex^-NF5n=m6&x%yAlI!#bi^OQ~kfY}N`_rTTVhjPUUuX(np%
zG?NIXZM_;t_eYwSe#1jZYzPgLn^w9Tfrfk8iEf`&FG6Jjd4-E(stAc`w6B-xq04#U
z%{CzKO7`IE-qCC5gL>q$vCIPo7a=g6jIUM$k7phq5N`*=jU|&-?_|_>5E$C??@FoB
z5-Vc8wo%Fdey`@*H4=e@^UGhe6{vFB{86~sGQf(Uf|b)wV%1JrZiJir67rcGet1t!
z4A6DVe+(d5N%o0UBZ60NOikTkxO&yU?X{BNuoX=l9ET;i0>B>;{NaxxK*U3Kfw{9B
z%HeCLjquDFaHf2+>TS|%a@V5*F5Vy-q-xn0)pr=eI+6kcMty4uK$naZ@qSKQN(dKd
z+nTb*<}2D=a56{IMcA1;R8dEOAJ#*i;=#IFvA|+5%9XuFB|crA@qO9ce1sR2(tJE_
z$Gs$AXrY|8{4iXCoq#9&Zfs~i_=iLDB~hDOtvr0OgyDsRjI>Ya>%GF{^9F%jtO%*Q
z8&(JLmHh9N2F81)d)~Ms_;q5p7;7aKp%(Wdn;1Mo!T0D6*sEEWHxJI5VpKE>j7h*x
zWf9xgL~Eqc1+v(FyF9{ApZ60Si}D6bWL+?)!lmQI7H@K9qep-UX5GgHad<@Ms$WHL
zU6iQpS7-9QswC>;%~SI6>)f71n1s{oZGn%#{9}WPdLtIlUeDZmZc@g<J?QVENo*R$
z3cC+99VnA>wEmtek^(#&k7Dl7rKlq}|C;YI!$00BbwRu7*-No!Qt%>^ysDq_2VDuj
z6b^i0@gj0Qwe9N2<q>;pK~B&+bpZmvo@F9bZXx6{x5wI5RT^LDk0M>HD2E3q_652q
z$z-4J;E3Ybu)ew|Bw5M34-`wOnN5KZ5KYExSla{MrfvSa!#$H6a#0<k;FRXy+glvY
zAKE^1Bx@Q;{9W3*I?dFv@Z_8Q{GJH5;NKszeB#R)tE>I!fo16ur|=4K1UVQs(z<%A
z&HoV4_BJVV%t<9&{zj4Ir+K;9ee0bW8D9fk55yq%w*n7W5=Wn<mr@Rht&MBB!;E%D
zSiq*H<frD*&I5D-R6rs8h{A^RC2D==%)lVUVLvjfiSIKSXV8T;yW3wzqJ)m}Jy#Pp
z5VEMm^k$&bLw-{G3W2aGQ~g=zW*(p=rpRa`ak3rIv)+^VFr+)zINl#Ct#I}9egOLJ
zZuR)0VDI><gC~k>{hIcjD?YGL5G$osg^GOK0WOr78|iwQ>2Te8&^?`(p`mF>S@_{f
z3WnS^49tAGd@)uexB!#zS`e8k@#d2|^x`K&#ZhJ}0{kN*rSJ0LijU55aL(=-^cC2<
zFXxFdyT4&z<{B;mN0t40=;;JR>bn~xNJHz9Rq&lbo_ANbCoXBlul|>d%zjwHgDUd&
zM0mu>#9wfQ4w%*M*G+^3{+L~iu|7@3Zk@mQwE8q0c|GOL2L~5CL%YdSv+7&sOXCyX
zFryEnd;c5K=t8LEZ+6F7<blS17wNR3{V8Z7i&IdsjBdd$%Mi$fGCS`{embQYwODNC
z#Fw;HAs@}LMvyiK5GIkbf{|aVMeTXug9fA-Y9hz(9zd6p#Y-rMD*w-#c1xVZ{fE`8
zT6Eyo+7YNWkf^_cwu)2t{wY^iHFY)R&gHJspoiiEcpUy)83O8Qt#4SXikPtL7-^3Z
zGR2>SsE6eI%2%PeV4>@up&@;!L8)y|d#5*abhJkU24vscL->2``1n64Ima%E2<&fV
zX}_A3SV#GwS5CZMPNZTleGNlP>kPvSN)h~1o6^-BJw#yDHM(2Yd)+$1&cM>chYMgB
zWwg9IR+|LmS9>H27Rpp)wB!Q6oTNg+w^d#EU`10;fwOc}a42YADx=YV$9NmG@n~{$
z@aw@ei_%jy7<<ka{9ic0{qA)cYxcw$ilQJ6><nSoZN4t9k_py7urs;LWwD#1grqzl
zPp_)6Y)(;}r0u3-Z-agfpLE(%-2$oc{H}vlaLA9ESW)fMeKFHf%j-|gtspK{@(}mm
zCefSczx0(ISUgG2t0_q%vd>aAOx-DV-XSZt@z<)nXTfz$+r;$$9*&Z>Jym?I#NLO^
zN!QiV*S?pt-Ug&!6)(xoACgG5vVNEHJS>~Zd$?ojm#_;ncvpFFS@3QR(G7dfDeK=^
z1NXCd_A~I6R>+f6u#iFuvlR|Kw~IDC-X%A{0<21853pvJYWI?A#XJ#L6{`H&_kkB8
z5DZ+dh+J+}eT<>wtF9ubqS54dqcw_8^kyHIXW(T8vQ*r2v<%#Psob2n!yLUJs1goL
zZ&QmPigdVNb3+FP4tWJdl#NC|Gzu8XEFLA|T83m_-Fhi$4iw9UH*G?tz1>t@SmbLW
zaekdx0P+_L`<!oew(hLZ%UBVUdnwv)x%3mOI9`zur6F)0jA}91b~9pAm(t~{b`VAE
zNc0s%wX~YZGDq5$_kLQV?Q##l?fSOYJ<2NrYjXNsKV+c$-_y}Qe@Ge}`~8y#BV}?i
z3jyPg5soj>r_W=axZa+Pg-)e$dcq3g5luz^MAv*xM94#}_MlV5rYJg4J{a%%M?`7m
z1`Eg`40f#Gni+o#I%%J%HK!?(iIUSj)wu^~yU)jEHEcl%*Zu!5rrt6jiuV2Ao+YGi
zq(M;W1_9|5M7p~dknRrYRYXdpySuwtN<_M0>5}da>Hqlsy?CBiurND2vvb9np98ZD
z$_K1YP3IJS`<`#5?fau(X(5BSp!k`NxC~qy8F;=#H(czGJ+X|qxV~n1dfa^!ln!VE
zG9;2LEYwhAqK1t5sl2fir!$tx;Bzrem!q+p3q(>YAbh*?2ce|wm%itmt-S^Gg2+Rm
z9`3vAZ?#8vYBK|B>|kx4`7d+~%hB*)EL0Hgga3oy82{N$u*RyCC8!)+miET)l(@JN
zWb$`@w+Wg+G3h|5DBAl~blXgjjIpBF<&BI=&bQk|JRvrfVEN_)1dCdEL<9`EM58gq
z<7s}SyG1ZKdK%OwrrPxU-N=p9HXsNyul%N;I6DX6ras=ihLdtU`BjE+U<195BD~>v
z3pF};`w=25^$W_P@017HGMh77m;9YFs_bpdGRX53d|!g{b5~yJTVK^(oVl*~w0VRb
zY6}?St>ostv;|b&BTo6ZF}p!mRc<^pprfcgB4Nq@{^p10GuFFTsmIe5`bicCThLnP
z63&H7qP%2^!FmwOYg})A@NsvW|6Ta>Ug7gj>eo*{Q@q~3<b3k8gkk1jWeQO;Xc2<t
zgAv}Zl2NM;{0Jo<HUWm3RX=&p9OPr~$Ga_Y0PT2U-+h9<q>CGA6M&IGfINo@W6V>F
z-h@_1aQ)E6VdeYUyEJ-pT#MYWV!sWo4DeF`V<&d0_J@{ez`T2)%KI)*t?lXDUi!>b
zJ)i?;IsZ=J4H6*Zu6HQ_GOGd5fKx0jT|K_LWqnu#Kw_e=ZR8AS@EBjZ=J7*@B#vjK
zhrDU(g9PcYmieahtiGIo15Z3+c<e=WAX^=D!=Km}a`rK_@n~`IO1tuDk-a@212!4y
zx20u=iU&Rv1DJT>Y;da~=<27%{8uP&+#6b44kwbzZ7h2@u+!&_F<n{Q9vmT}=vcme
z=`}0lY^m5;+)T7>?ToBJyfXCpneUlLhr=k2Km+I)C3ai6fg&33`0vl}_74bwPPF4Q
z8){1XeZ2sj&aUg~9l!7$Yb@u~QAO2?g4vuDkn%c_-u`fd*!ESR9wZi_<CAhuG9Fl2
zne=a;j6LW}8GTQggux)bcUZ`;_;kbkAvR6)?q+-Ry3IMVrtgn#jUCXLbeu?LY<*ca
zr8w!|F)&70==pT*xX_;Cognpm8C)=RFban2%sm0h@f(n!gZ0i+x~WM(RLVKXdc;pu
zNdcAhW)ZaGQ!))r1R8mMKLa=rCGR&KAC6Zzr+(a@oG%rmVmLhdyL|dE5X<-5-a`(+
z<2ibKEFCco)$&u8l*~iA*>=4<+t!XHd!I7bkhj755(Ij$oII$#@9LC9%=*okXZ{L`
zlX$vaL{6#=pkQPCK@W!XVLeN|z9R7_M%TBXKl?g~h~w$}@7hWwaUr~Gw;UwAuY$46
zSaP-Lm$Tcmkxvij3wL-q$vdw)`hx)BP)m__)WS^MRU9MLq^j?A*2?wGgzrBYHE08o
zZNglN>_pi*SAsT(;;{4*$0fg+{LGiDT?x&{!7o3<_5VH8AEwFz{>z^pc;4_T`K+H)
zWWu4^n@zRzZ+w=^jm0yZ=djMXX93OMjUDG-2d~3QuWo;}@%FlFA9}t6El5D@dS>%I
zI+q8HZJtnblwU1A;x3sNHI4QLeh4}faIF5ia{uRGP?B1Fz}4>J#Kq8V{#d&rLgcf6
z^ZGT5^Lc1FicBCGNyGj9T@_8xI87}s`h!uX(zY5ZYc_33@68+0r+2SHumzg2KCHf1
z08tki^rh+ze_a=Rw8c~}#z4HQ>sm|Y=m;Fo0E~gu`jew3VGFdyQ(7(A_ss+^IquB(
zfd1q}TEhyq3b+%5pFA6&xVh_vEedw^bN|b@u)d`H6{__NbLP{|app-1vy4^E{>Icz
z=0E>0MADJ&MN7tcg{bJ+c|cCN{lnQEQ5$Mhblr7D-ctU)A%(y`Hi2j3yGX}!F(oB)
zWn;Rd$8%53i!6rEA0pX)xSC06;3eQ|Ki%A7u)ZC6*I+j}D8U%pCg>14o6mF+Ai8kt
z6U9(uwBA!W<9HlA-%u79Gumd*(Kg!TsMj-!de&7~`CE!o`2)5J)b~z$w5Bn4t{l!>
z_;sbkSb6M^0mZ{{CenXn*S`F;7F}s4YQUF)LFxd%Bg?{BkOG~ybM5{dQ~|!~FjB%O
z4RIs}8yG1VOz>W*3BF=~7SN`w@UZP#wb;fHvG63UtUTw;hb>?|IrZaJDw&V~-&Ver
zMw@#hy@<b$D1VHeJG|;<#WHfP%Mgj$cKQCnZb4D3_!S3Q2))m!qVChd=?JU)+%Cf5
zQ(KYNmxYdi>42+A{mJPxe6e49x$P@I6|O@pKNgq8?1*NrcWV?JGS*p)x-Oqw@)FP{
z*Imwm5ERnAqlh}7GI?kAu;(~2p@-155A!H`LL9EnOvd?!yG@H&_fo)w&vGseALta9
zn6}e<C^#;R6i3Afu9$4bEQ24n9J2+zSpTq~P4U;eahE=dh%V%1)C-GGtD~8hqwP;@
z=8WrqJ1a+5XY`S2P2143B+M{rNORYl$sf<Rk4N8#_RK3a?d}&};;`(<cK+((59Xw{
z)Td<TdjG?ny5;~-9<`UeI8;9k8Dv>t<-}v|Gkgw3Elq2A*}g&w#;y9l$4k-Ja39Pa
zrs?t`eTX(~6;tT`%4(BE^3KnwHj#a?Lcah>2iMEwh~4+zFjbmg8S5ow!%c3=jcVdd
zity3ChuKB1q2Vy-xllaaz3ikbSiT8(5{=vle7b(BmNpsScun=Y_{F8>ROKJplivJ}
zzX4C|k>S(rmS_)HWxKK?xXbGMf7=*~m(J6Gc>sT9d`oKy5;XowA9XE4`ihX-fDXdC
z`}W<+4^>0f-aWBaqK`a&PLGK7o@0_MR<$p;jJ{4Ems}ZQ2;Nj7kxiXwourXnT}t&u
z3gWWh>5QyjcKx!sWu|?F&#OI_%})ARV!ZH8o?v{|<Jm1w`Bx<TkAf-gs3nXkwmcXV
z)J+C|LVNs0mw={c4R$iqdKhbB;@tc3sTe%dTrf;(^)>f`H^cqX<OQS#6=Jg4!P)#I
z77`;3Sqx84>5mbg7))k{=h-cI=Tq#xtN#VmKUcssks>DlDpN4cNVz@iug!8jJ#3-G
zJ&mLI#NCyU<Fe#X#QS|$$$0jXvgGF1aN3H=G_rca?-#kG#qhnvilQUBdUv^T#PO2y
zyW2ZSVB_~hdfj8r7{Lcbwv?vy8<shYd}i(#8~TtIq-bweJj2%th_^+08sBuoPel+6
zk~BHqJ7#U~e^cbep^%r#F^<H)ats&?WhVbSaD8n(O8AQ8Zs?C~FJE?Ewq77FNp{PE
zqG!kconu=Hir57)h+r!KpMzam>y?Wavj+JJjY%EGPK6%s!_kT-<Qe5d)kw|5ssAh<
zNNB|MM|9sJo3yvW3+0bURs)2EgAv8pqwRm@AY1_*CVY)x9F70uHPmwjQO=Pyf(tKw
zwx&4B|CXrgu7cwJUg+UkNQO(4xUoMJ0BG8makUl80@hQFgbELcCXsr#PIm@<{-&*Q
z=Xl}r((>_we0eY(PHo#FF;UR^0*u_%E|enbKYD74^mf^Q{JHJy%bdk6H?qD=lKFSL
zaI(1~MW>_K_6gEo7V>zm+|j#P<&DVeEiRY$k3<>@GNZ+dz)HVM`Fq_fKBfE76CuZB
zMb_vw1D%}Vj7`I(j4Z*^TyL3SXu1yzxy%!-I8;LZnqbuRePEI9>F3QdkGa>6^_kP|
zLDvupHk;mdX6l7wVmK35@tDoGKC(;OI>EMWfqnF9c*)Mxox!REYc~<${u1Jj-I~`N
zC&_!~;Y_2d71I?~1hMl(sCIk5BVG%GU22o1=8)R(F6*^`Ad0Ub^W(WNg4SKT95wTQ
zKae}7Xuwx!|Mv=2`BG*{bH6j7zGOb{sHA=;(L3v?glCuK66BBM69g{M7E=k-E8DcR
zl!oPGr(%x?@tMn@ElCUYRP8ltW2sE}-WT2MRoDbpdZbs&qk>hZ5`1}pLy13aF<dI5
zH!`L2sKn^-_Mzhb`_6+yqD~oVZNa+q8x>E)-2F5u8~}zl`7~_{lS9kg1y)gXj?b>+
zW=0FcVzj>6dA>`F!^fbzoqC~NPCqN%24YOGM~Kj~n(v4GBg>zGpCmeWNI}xsLTGO?
zLH0RbF?;#d*LGKQy1hZP;_K3n5}%j9?zFj@PF_?7OAS|c*mSg%9xb8(iyB}R9@rQo
z(f;OU#0OcT*L#WmXH`*QY{G4Oi{W7;N-5<54L<6F(ubq<${A(Cil>L)_O1-hpJq??
zcxoN$O_nsd@_dJ0PG;bJ-_ABsFvBmZbbbqXxY^yevHLv454Qxwe+DvMp#p-oN@arz
z|COq8?dKAg!AmIVN996lR;9j|%VNq|z!3x&1ra44Mo>UZ>cYw{*!9)3rWdaRju%E9
zq37RX^~2w8Wn?}(OVR7l!J39@R{5IQ$w127sV3Kb+T<~iPAHc}GGz>=H)oE>yiH_c
zUY5kB=z1<MWYdb-X}E7Zh3D!t6bzB+H|l}UfEkYf8*u8}ja_P>Yqab(-G^>DpaKqu
zk51`5qkStN9)WF?1gH{~6%KmLuibw#p13cE{j19tzUl%w%#(f%V;U*RPxOCRTU}{v
zp}c~YH0+mNrabvfH==pBO*WP$=LYPv24m8>MiKkACxt57FxEvES|+?&`jkQVOj9mf
zjaX!e^(smE7eA%Km=VbjM2FmPt3{1A3x!{e_1a6CMC+U>sU;x1<bK^{yA5@nNCpE5
z;GS$%w=^HpYo;GUQMkiZ$_}_WxD~aei3Ol{44z;6^7*-*a!s#?-moK$4G0w}_CHDQ
z-&-eMd$?24E>hobwK4|j$5OPQVXs+vix_35C;G%>%UMwdQKy|8Rv3+n?{_LTHG&{R
z0{Y3Oj8eD_Y)xju6J7?Ec+ckYO!_vALU@>w8xoy*hpcm$F4)tdPbS|>xXz!d=gz73
zjQQw#rJ(4FdI41nLJt;^Zi~E|<OXHVv7zrc`RvD~)N=kH=KQa_&;lepM-=sE$8Fku
zbte(fdbkwp)peXZ)A(DUlfYruqfqIW;|7IE86d`v{fF>2akSz|za?J^SUG5!A_8V_
zZVxlA#wU_*M&BIsKmPq|BVwx;>cE32*a%Sgk0ZNc93dWpJyPr8EC+NrnC~t%&5F3P
zNCA(3zaH@wOZLq)`*z4Pt$o$DWdG2LL5j_K{;8M+a7w>@8ky5xH*xy|N;E;XO~ZL-
zV4)Lzd*DoOFmCsMCkqy~(yvL@A?&F5UU3QxJPp`^z42q(P>!HSO^cZhigCH;V1ELT
z6>q`Pyf$=iIjMYFdERKN7|(PwI_y0Mc8@3A1xI=!$5C(R9D+Fwc8`8>2&{7CZrVn{
z{GiPh*(_JSad9#c30o*F91mFSJ-4AmtD8X)etUPLGn#@;#ADoEalBVCFJnlmGD))w
z2F3A2@b$NA=12i_s+Jj)6ZIXVj~)-<1P@_c=K(I6P}`EgdL-TdTFH+}H@63wAg|nW
zSX6%}*)(d=3=_6i>r;+bN;zT+V7vJvVqe7D^>`t^HtUP%d1|U^q)uGktN|!2#BKg{
z<h5tuna#m76Tg0)4}R^_?}#+3?CP0M==<`D%8jD&&3}?X73y9<04eQ48PVNFYV35|
zEARGKz$e>l)oV~M-Or{j)`+D;+EvUGF>B>k_6ma`#U^GEicBB1mvf$5|6Z(ctYhuq
zc1D!zDe&v_D(qx##5yV=SGaM;#W-$I$5<x2Co1rRuB}}NlqBbA>PdG8R|>`ZT%`)Q
z4V|=?U4W%-dp-z~Y)Hu*@!qz6ljOa9k%=Krbb0z-#9@-CjKj|3VbF4`BZKLtlJMdz
zp3)8@eM0tE_=E1+8Nz`i_rEc+ZCTev(caPRUDTOQ$IE~v&EjVz6ds}B)zV=<{Ejal
zbTjwWm4$SaulnmWNQK~!n_TBBAxt;yJwwyaDMYw&A8KLivO=-X9p+Qx0+E2H7O=@@
z|Dk#7LG>B|b${MG<k0?=Avzcd*oPJz>Ag@DMoo}Qfj%t`-Os$GdqQj<bYz|Uw0;Ro
z$i~*>PB`c8%Z1PZox}+R?Y#O-IYBL+Gff@#xH}cMo(WAaC}BxcGetIv$(Ax$4Ug+c
zI_s_7l6*EFEN42pz!M^C$>Mdb-i7>tSR9Cpa}98A95rudEgjFid}z*PLnV7of9NWh
zHuYh>_+9d8X67<jbNXgOxwYXzbsuCWBoZ`st2q-@CD?<l9ha9{9S}fF{GwRoIX{F~
zXrI2TZ|<^^lk4dcrm1Iuc~p5`z62rNafNS7h!ep~Hj?4nS+FT9Aw?pxEj#EQW)-0S
z-sX(D*Y2q3sQL#BymVx1G8o=p2=Cx|TPN7>nSQhxI0snDnum-`*73S|Jg^K61&A1L
z?!U(vU%6d82xvy)ZE|Z_;ak!7`|VI@M+m$yY^(i-i9LEHaIp*xLGBq^PiXcuPy6v&
zh8Zjrd5hRf0n05ZyG%56;xW=<D8Cp<)zsi=cS-Ni{QCbcop!tQJVUrw$`VEZ7InwJ
zJS;rd$jMIMDuh2)g=1Aiuz&x`C>o8wyDwAfsPC~vVmNb$?t}Qua(9up!L41f1T}d6
z{a|{pba_ZzSV8_PI7QyUA9qnP+ykfhxSre<`vabhM5GvJ_+=O!-)>JEe0BeCKlB~L
z_2vf|Yf7?a!{gD6jYbQR*bNk*Gu*23Mm#`DtFm_Fs3hZL(94CRi7tI>xmmIoz-p*@
zu3zb*yAHNI?POzK&h9s&hge}gl#WycG;m+<f!olY`k4{otSZI;Z7af2Kjha04ZRh!
zBPCy8+_U#nuQ7{YSk(&Ln2t=1xY`#txb>%p6@u`{x2uz2*%apA-pyi>0v`;9k)G)$
zgYQVf7?;AT>)?VmKXlLcylkMJSu^{6!q{<^Zg0kt=CSbMgYFC*c+Nkr6LS&z&QYb5
zU>s}$`Fnztx$nAH!7ZqCL7TC2p8q%%VFemBzMa!S(R6I7>7y|<(IJ0f<TRx#Sz6o0
zOPa`pfEa0xh;4)fTniDrucTRo*C{>q5qy(g-46uM&ldG^$)}&pwqM)}|5csxg50--
zZjk%7<m{nc&d`yapyOG>v#DL*4Iaqg*j%6S@AbYmPdoTp->CQwk#3WIEAE;H)~+_y
z!1uB@bfMbdJ5@6gcY8|p9yg=d)!>oq14kvnNrf%t2Nm8{x&dMC`g73wcV5O2o>fo=
zDlkp(UrB5R)Uzc03A~O!VCn1se)(4eTYuJ~et2IYgz)HNNq_qPVc9IRkHDiqBo!44
zl)0<P0rFLqf0qvSG~<=!-I$X2=13E1Ot1hf{^xc}B5r=%Ps3FV{To^^<gtk}g^<ma
z!#(X@nkfK|(ig(cXJnEXVx<;^fT~~3C4wnn8;FDQvx}KeIimxchMLHF?p}AZ{Ex<M
zNQlUX)<vVV<5s*U&rC<{la1K`(>5%5YM*>z`kouFi)X<#)aQCSZrTsSgS~M4naUbb
zQXuJ*qbMl2@rme@WeXiCFnb(FfuXh&Y>9;iHl%0pB<*|7@1Z#PtksotOYx$oaI(VC
zz2pUuow%(7u~xTi;sbU2L~>^f(d(GcIPFx}8b<rxXgq*K&Nm!u`jZu@-$*Lo=-|&q
ziXKylwkt<u@KyRrdTOGb-IkrVqI1|Ole-^xWLh#r3}{R8RWG!b!=e%2Wf*#L8;4&5
zA))m%W*MEG;f&H{PWp`{Tj6C1aI1>w8ke_N&6Y3j2tRARH+((|wrHESpR`_nQ~Etk
zyrfy^n7$o^9U6|&l43)gg%<nh^d<yQ%Z=S)lwj^~+9r7rj5CwIEqaL(`!bp2Cc3R(
z1W{TbG*N`VSc;OB_&K7~OxDa1WW-M$54ru)SS)M>CH>@Fit;5r5nR>m9>_pzi1oH?
zPo<*2+1c_HKO`pCaro-NOY<GwHzE8z=F}Tq)Fy2VF?K9{?cJEZ<x$7OeQlo};>}*@
z=xFZ0vsfG217P~!(6n?i&IWbSiDLY1r+6Y^9fa-m!!$$8<2*jW@P`H4=OzBO^+`Jy
zPzZU~p~F)5qp{*gegjvrmZ>xY24s~mI~T!ZH|7Ki>o<;t0yTQ-0@}tN5rgmbSrhQE
z6C2Hz$IAohNxf%CasXg8XwE3<^@(o)*<doep3kQ5&Pl6i)WvARCsrYRD#wwuF(}Jv
z)-UPuex}u(13g!@bd;YY@O(+Yv=qDa@zh~1dK2thCEF&kKyw>gl~N}7D7!+A%w1PK
zY7#<WK=83(F*fqhmUM>hAQq`!jK+)N5(D9j?tXQ80K(<IwkXk-yS_`&c#+Z<tliNp
zn0oMpnZ|DSFjzp;UBj`bsW~81)FQR)FHG)zmloD}ZCSFpUy<^)(Xifu0N{`~+_Le#
z-JSH0$P@y_23F1_GGoRa?Qtp(l!E&&<9rl$cvs>hmMN1(b<|%xpFs)H$_@Gcbuf54
z%kaZ!;@_pq$CeP5Y#*P7^|x}1AFe@79j%|(ZTmE`4v9xHRzu%8pXAMPVy_#<lMBK!
zmQ8I$6)CS(ZNJoIr6K)L8sTe)en&Fg#WAjyw~702&(^;?#F^F0xxsOC@PRCQ1*amE
zL)~V>^iFTYo$4+Q<^eYfxKzF-+dEkAcJ+h?*n4^5tZ^8BTe{2K?iFEmCgeAoy+y75
zPtp&UreFf^tnL+`@?pe$0LalTJ#u0OZNWc0D2%t$c9*{K)UbM{#hu2j*4CL?xT^!V
zyW&7E94YSpXNnuY!8vkTbj10pD%hv$G|*s};g>vUj{soZJ8hmbX?A4Nom}wJJ%&#n
z*AXMHzWml-&N$3Hf7a(WmC|`C+|S4XE7y++5A4BT3pEr?x?DPk>|6)hVvZcjezY?h
zZ2ObKslwL#cUi!sDnY@0f*;4~vWr}aQrU@(*W<`5+BgVl8@Zg~_2uWOl=C5UJ48$l
zyu>h|+JZ{Zid=3YN=B;V^4WHN1pw<<Q-adKNu;NR*xj;2g^NXXVxI@wI=uK6>r8I&
z1rS~>_m3<gr(fB+I6bOX?cA=N$7A{PW!r*X9J1AI>bE>s9(`|cP(K&h3k({lk2BsU
zI21>p%i@fH4IqM}&&gmGO~CeD?LR4hZ<|F!ZJdau4LW@#I*9+(**cr@H52$GbKL5_
zBgKa@)ZByKTkjTsJc?EM&HfGKFV>eF#x9+jW%DboLKKePaNZo0%e$XER2DxlgR1@B
zY_^2>sb%Gs&UKL`(y?vIJomnKExWx9?bMuOIQjWigqwZ}Wb=?0232gE!Y+31;Kfeu
zO_$rsTkCi~yoq#)FWi2`B|{j?;=$$4C2vu}ZEDqcEYC$sgXM5I!r%5vrWW+50MU#6
z0<h#|_199tA=21$qrQiqDP2xY#5X1|cd*gwZwvW80q{co;nT#1fS~oo6eDs#4$`yf
z*<Clv-Qh>!c?MwY0}aE(?v0Ba5S-qlaZaPxulspoI;DK0%Wfsv5CVHn_LSB^js!4@
ze_Qr3`R`=cVZO>d?zV^rPmC1x%-N&2C+)8(sC`tvNhYb55JzKan$CRzeh&}}2oWYY
zum{|K_=SmWgFqWkF(h911e{U*fp<)idNyoc4}U?0C=0i~Hp^U?WW|jYZbjFP!9K}v
zPU^jQEmA`dl<7N!-+ttt%^TL1QWq9!B|k|@stau|0ET=<^Al6>w!HuSIkX?>{OZ7`
zX^L)Gc^&0trNph+Pf;ct{Hs0$2@MH2kh5s1FZ!i;{$=|XxeBd@Rt1Fxq;)o<uf{2c
zJ_Z>4i~aYWo8%r0Wd6-I0(Xs7m?o18MZFZjteO>Bj-OC<I$pMbQ^C}!^<rTLbJ<Ce
zl<_puk>JQ)o6}e_>`LncgZ1R??uROj@Y;#ZXaT@ucE`<!hiHVP-rsksRH4#y`gVVt
zs7Z9-Qr%PGqS4nw>Ou?LWn`K9570A5az|JY5`Xc!#vNaixFZ1^3K2hssuC@perXQ>
z?<RPtLVh&wH|s-W#~nsz!22w^oLV(-;MGr-J{xx(&$BYHvvpxZ0^(%jc0@lS11Wt=
zh*TY<io=JINGnF#cQz5%hnjMPJEo;y>5jlVnZ&6mzQJLcn{C%R|7P0)OEGq<Z}dRR
zlja(eF`)P-a+l(!Wm@OmZh*cjt`Kw{R8B#0X>-QXL2Q47CH$t*^YzMlUENLvneKBy
zgL3=@TA*P1B5v1*5UCCxQk=4(i2Ule4&_@o)7`)R=<%8*8C6_Y-Svq<e)lbw1D#oS
zFSHMr+jE@MWOpOWOV!lCh^S@%3@^`3>&8QWilyhK?^H^cOTIZeY8dPICfZC~qQsk<
z+4cmVUp!DTNw##}rHTB4cN2PpyEHd=*o6J6!wl^uPVZK3RaGezQZ_LupDuexh3BSo
z;LMXr-V;4Pvv8?52@|YH-Os3-G_SC;b_2MED9WNgx@402S<WEXh|uLn{p$Bu?~;~B
z@emLg4_oBOAH&+<S(#?yyKkCvMa|Et_|d5_{Yo<vqmb6yhDsp*PKr<9B{@SyRT4f!
zSrMh_au+D(S)Df!DZj=(UEHdNsTWU{4}j6mE>{~6i+65j8-7$WgV;Is;-`askVPU4
z9cKj{kSr?L?;D5FT3N!b=At|8i@QJ`(hVfD(sTbpWZ7O*HWU?HFPlgZ&Pk2zXZ9Qo
zQ0TV0+%IX22jyuQJ9d|G7>cvZOm{({L<1s$$_5~7P!_pZRcxREPLS;FWe1}$m=tZO
zG&h*RimQ41r8t-wPmBRH&4EkwU;IWD51b3%P}vSss<T&4UmmG^CgO7873ONR+<K;P
zesR9OSN!)Pqaxi~>mmiDL^Ay?Gm2R1hoKsd^oIBZnhc;Mom0ktx9cGX<6Bt*y$XA~
zu@P5jwq*koO*WvS54e~;>~}GLK5PW*rgcudIX$H-d25oIP0z+@OB729n_o=c2W4dJ
zI?)t}sU%RM(g2*f#j0(-Dp!HFQa=uDF=j52@-uR#(uyj_WHsf!Uj11$se9#2a>o&N
zo<Coi_2X^jev3PGBlDT31?Du*){9C3fB(nUkIZY8`-{st@V&ft@>FEwKqgm?#=U|2
zu@Ox0GS!EVcu<Ox7;=s@&hxN276voSw!URp9=Xu=^9NK(y?nWp<TB;K#(UV>wF!u^
zc&XLRJeY*`bAieidA=cnOc5!BL?27h|6?$!L<bl{K>7RTM-G(Ckv*`lA@Wxqp*m$!
zq{((!3JDF7rs~9>W2pP>zs&#&E`fdE-cI<LUV8fz1h}0U+ebEm_HEb3SfIR10hLt#
zn^IZzH4_e7V4sLD?0&8wd9SzR5t`3g8!<g|#06v6Cg<4eI=?zhK3NgD<VBty00;N}
z=*ov{omeD(l9%qsT%O4)+DTo+&!Y<+msXL0Pn|dq8^)(f3pa>4K<U%Qk<pQ0m6U+p
z9QQ)$_@nWgmtI$3mFQ~xT%Q3hb#dJYs45`!l}9_}n^JP%FCrAyM>^cKSE{+ketFUm
zqr;XtFDrKf{;2qoe>Iz0Dc)|Yr7B~J1fYIOMv@3oMAu=T+%}&jfqRj8K+G0GhKOVT
zGSC)(Xb-&cA$N>BGqKDS5eEDcP%cRMSQU)#9PP_D4h1+v*IaDfu~Z?VKDw!3P%_bT
z8vGgzgu`;l_xst)4pp!3lu%cWuhz~%4#8#8Y-Cug{T>ed(LMcG8^+K>PL_pf1ozKq
z7KL@}xgMo%UThFHr+WJM$Xd&fLoWx<$@s35UQiPFIr549+D>HoITAcB;rnTM!XaK*
zW&8DY0~cvjkbfJ?hp{v-yx5ySo~74;-ey1I*+8QS3~^lUMIF@Aff_IgDfZlu8EwaF
zU(k5`-h8cXQCi4Pv9OsIev)q?By1$W2yVSn%fUf^uUhA=&jKGDe%>^j9|hqFEpjzF
zjA{p`^x6q90=S<+$fUQ26%nT3^v;#<W)|$Bzb&(}AO%#$aST<`dJl@8Ox*Z;TGX*V
zwHm1n2|lc*ysF)sZ6|htj=Xz2cFC50bUo|i*%h4xHm_#vO}-{2+<Dk977!GTY}jNd
zD|<lT+~s%O%zh%26q$}C>d}wPT$xR@{ybRtFyFpbcUK9et~Cwhqlk>s+%|tI_j|a`
za8{fdy-0gK#?8Jr>3l8f(vwDUXUS&thNh)-?-Vr-wQt?k&cgy;qTa<Fsw8x*ir6^j
z-fqhn9cdp30!<2gx64AynPnWZJ)CL7{p+@C;$VncZny3XuldLh1Ar?gypmbzff`4B
z-daVgkBqwQ*k-gdst-p7dQH2OKDdu9uDfk7f*lot16HTnV6-N+&wY$07v?d)Svli+
zzZgah2z7(9ff!4iZ``O2m&WZ+{Ai^iH__?+ADb@hYyYjo-*w$Vd$Wn{V<zrSVC~aB
zl2g}DTJc}{57Tc>sSvff3?>3Q<O~ywKSTB~(;_3Jo$r4C&|euHIV5On_0IHQeo$mK
z<7GQx@4Y^K+ZBkj8hb<$yL!C$swD!>5Fl<Fa#SLvQG0uSZ|4EF8&4}9l*-&ZxQmP>
z!l``6cNz<p%5HCjBj*#E4JBB_eTJ8L97`G|B*BfF>AzrGq;C9Kqx`<!S~dmqLpGi$
z9Ib$-R$U=|_Djp`{oYzmoFf65huZT;E3F@SOn$?2x0e;*Kyjj%vZAd|xSg3jytu3=
z>xmA1VYr^}ZM(D^dsoEsGsH|QH!Hm7b6zq0KzSq_5I^m`^R218+jc@WQ>170eQ4!b
zXi!wbpk#>oA+;u+&_qS{2W_T1iS+uPkMVh*`pWu%7)W<FTsgSy1;a@g&T7!nD{Cab
z1JkgcN3RDz=POM%P@+lCx_y?y)4!5!1Z@p3#Ji%U8hNCZcEwY<xoC!cYVqY&{~bKq
z&$&IowvA-4E2eMcXni&D?DDgr^Jtv%#o6G^k*=E6PHR6g(UPVjN2_2bc}x{+H$e(V
z{ccar&N`y5R%Mgk^+hLI;@?1?pg&G;ki^L{LG63Uu2mU=*18v6>tvT#jLdsvi)x-z
zoQT?_@B+0@j4S8oCz@udTp1n`O0E<bF(uV$!5MDQbBcQUT(KQIe+ZjQn4YBHA_@$3
z8?7@Ri6kx4MJ7ZbJ9{w`H*(6B=KkNLngA!2D>$jB#`x~+v7B|hyMwqH9mDi7{0`Rj
zh?BfBHl2j~e@OgM<WbBDKmYlOP(q}jr8+!jE33(Jpl!fVOMyJqv>Z<xf9~ni{YDrq
z99zN@!MtTCqI+Cc=-5_#JB+ZJxd&iUn7<x=>d`KDe3Q6L$onQV_|kkEMmLUM8cq({
z&55L+ufMLlnbl8k2-tlG_v+8O0~Q(km<N;F>@#izbNU|!Zd^|Lq}%Qjkhc2Oa~fxM
zDoO^Sn_zeTs^opm<<IsZfKjYH1r+cTs=_I%odT6+%%V=H<f2_RhL`k(SIP$<)zkPW
z0D3RQel43iytDzaxO0DY1eyq>E)!C>|M9F}hIQ_9*TeTh_RRYZ%6(!?%Vm?$#-(c8
zEGo&ar`&^@Q{AUuX+ifbjbE#JXcK7+2NWm+ou89JS;lI3A}@7Q!Jyq#o?<vCZT3PJ
z8#wvGC@i<Eoa+-|6ZbGHKGh6nfIYs*f}@GQ@SDiRa^``2B6d$nQ&7g9S{<Bu_hOu@
zwu9r&a(feFpj*osO9XLa>8Xi~Xzy@c21sIF%Z55QwTD1}bEwfG=vG(0B}H#)0E2#x
z$5K8vb+eaqZ~;1)q`sDr(V*u{-!RjXCd1Tk1E;%QIE&7dEIO^+xPhxLbmM}*=rB7Z
zUe^B{sVa>9_P6eS@qg*fmoRm~`IMWT=G$Uq;AJ`=KZQK!2cyeBJXTyuU2}gcXIxZf
z0MQh+meLsY)PR6#Fr8C9zAg*pCS={CeRj4g0*cH&qQK_K!~PmyV9ok!dp<QVMdkL7
zE=9P1y=d?$b0gI}EMMBT2kZT~+EPNiDuyDy4_d5uunoS4PTu8)=EIp&B`$2!iNNzg
zYIrw~eC{8-nR|&?*@vWV_YcGkmmlt+^)DeOdv>X5!P<$VJpriTTUqW^k>x!RT4x||
zTObFOnH7`R9UmZ7p&@<nn0ZiwA@{pB4k(t6W`5rWE_-jef8i&Zv$4^#pIuhK(DqvE
z^`6(5?avd!uyixmq-fG3p1fJn-0hD`^*}Sv_0eK|!J1s&1??v>cv@<)d0P(32B*8l
zD+Xi>FV$yDAJ#`_B1r&%)sF8|meO?ch^#A^)_YY`Jk%554qn{)T}yO6+{RWBpnM7G
zd$T9;SwV;$=co5cv#51OqW|6l0#O?9c0FNnVI~*!7}w#h@~4Bzv?NJlA9)`K!3!xr
zvBYLs(nR(9g@gO=#*lY&v(a2<Qd+eO?T0Co>yPB@<!VojECh;dgPtZp(VI)c{<a~1
zMxCipq_+Uq$`|657fJJW_lbJX_w@cqugiIAS_B5)qXW1>;Fti9iNS}~o<5P8-ytco
zE@@uVS4Yi#_?e?b7$QDs;s*V#og*=0ci$m(Gu}A?tw+E4#0OA*eWCI1kPUb(EjIco
z!7W3qcaaYSSj`8e9U;J!m5Q`1wc5o{&y#J&n+D!WH*Liag^M(F{}cI^`*&pk)A#$T
z!SjcYV*Z{F#tmAdmE=4L7e=KaT^~+g5mqrJ6Ee)U$VL#GTCP9UcUrOM$%5aZDx(DO
zBPxRSqpd+gGob_ks~{V_#89a!B0vQnWomk`79YeIeoj)0WQU92hzVrr4-b#PL>t&<
zLD?Xf+eIjx!PthDl;`CWomOy5!nJ0uoF~G|P)~H_OYN^zzYHz$-#JQ1lp?kkRCnp%
z5Eb?VTW~p4UIR{D=WtK&_WO`e3emK=;DBA+Q<*t=XLAdx{a=>5N<%@>;b}_%HC!+h
zR_1ImTaanVj&0M#iI1}Nmu2}NQmr%L<Eq^~iT>+7vSo@0a8~lf@{X@uQtb`CTn#K)
z86R#-@n-@jD9TrnpM5s$Q_{7>IHo7p54UzR!%CKRN}-`I${wc$K;az@c?o(?YDygk
zUapGRgwi*e;Ank==8k=wdy@w*Ns&$6Aa;)dm?ZY_hPgv`&vXT^hy9Vy#usJs7NP!P
zHZBbBlYTjy@&x_gbk=^UO*0zAA4uR#skHuuEIO1dM%Rp(c#(CeOTs`NO!iEH5M8ki
z`q!FO39-@OD06TxD*d6hLG%{hJe_>wF?(u1kH?$?i_x_GQ*8akMgv|-Z~A~Zh(3FP
zAEo0|TZL;8gkhuP&rkEbo79=oLw#){-&%93t{z_UM(^YMF6vfp#hjM=NR115lW-)!
zDd;STCQjd86~}8>4_+!rO{5A-T+~xVu3a0}>HHb$2fb2GPD=`T<-A|vU4Qy_Q;SxZ
zrHqJ&t2AUZT$sZ=ptqf^4K=c*?5Kp+!Mv7Hc!P(>opd;|x^aJFR@58>frI~1DE_vD
zbP_YOsL|5QaeGvOCgfeYSKU&|xx)Rdiutc}X{cAQpZar;S4lOLQp^Y_4{Ar_mi0Ru
zy9SfExu5GB694{&VKmN$t*kf_d0GV@h$|YNPG@HM1C2d5Rp>IK1~czJ{Whq|-YE#!
zG|sB%Pmz8ftV*XaZGX$|noX4lUD8ZlD0H#Sj;)r|E9_}!>y+4NXTx%(T?8{DPDX5t
z8Yaj(AWOD%QSD<|09rDB>}#~bgG^3=>hc1#lGoKg;`BXB6c5$M3-Djkwj<hX$--O>
zMn)kAhb{2JC8(#Ce!~wl@Q{c@ZK7$DmlDR%_%W%=oC7o=kBipQ{q|z4+`@VAqd<`d
zBnFscgxs#&@7AF<sHe71mW|^@ph7*Ekr``OBX*Zy#XPHwKiRwzQC2zt+fKoh&Cdrm
zb6(h;mTV@x<nS=X4rDqgWy(UWjPoxQ?ESwlbC{%9fPbS5$a9`A2P`DbA>@&ZE^O-5
zOQ1@HNGXlRl=myo5_d09-Cku!BRFYE6UVEd<<~)l-sE1fD9>qcx((Mob6cGWSL-WR
z{G1o5!j_kb+xtJqV_lbud3%%_m-OE;|2*y2Gjv<_j?Ybw*;jIpa|x1CC?v_HH_>os
z3BfghgvyZQ4Q9<BT#m5iHMiz|d!-;gCI8|hS@(CX<^94me39blRI=CWUv7#>Gs+`n
z3EApf?JF1J!)+7?-3wD%Jvpite`8#tr<-<6{(b)=BkYzy3zxEpQ?~V2!>9i^N?O=Y
zSE!w%josdtP%ofYhu-hLFot<Ib;0Z_Icd`g1!8GmM`qd81!Ximw7bh(8j^iGF$w=<
zRIc7yI=y08iJ`XOIlEp8v)n&ly9se_%~z_doUB(@uRSU$zH4-vucwZA{Ythg>O}o3
zJ`&KQuKEM4eT&NIp(zso<E=+VOfaeC^7o1Ob2v&aR?Hc%8WV~|_S?5&Z(md$YKG;l
zgRMbdRPop=kbt+mrk|WG6Pc>y%Q9mYSFHx<Abm=55BH0s-`D4w8Ma!~759$&khc1E
z4S|Jp$8vfgi=w{kj|GVplMwk&A_blP0(p)^?d0Fmke{D$sd^{Mx0e+yvbj>`2)<fG
z3~ne@({nzE3|5KK{~)tnDmHvJsla;HX;;D|?u1H9jVhC<nH(>{nF}k}#OE+`3yG&p
z_?kF|BgjP`uN3;)BtKg2m_JDkq*K-_d~^{N|GJ7PBY_#kR>~Rv3z$cFhL`gP?ORbI
z2j*pyfpuOhPZ?Xu<$(2Xql>fycB9G~BZl<7ij>ww8`)3tUPB2)_3}9z5hoTY!~md{
z!w@3}08P01$4Ka%sr_ES3<Btu8fAb~lpZOkMdW9ZYT@8fA9oXe&$+eZ{u%RQQ{tZJ
zV;KFJlmZh3HQIo1>^qZqCv>HeK(;wrxEmjdS&vKKrpB`nlUpVvruJ88TEy?{8$1$j
z<A!+Yen}a%s@jBBE2g!|qF~SI|I}n)D2#i5(rupMxp_bGN8`3CV<Ul5Pkf|f;<@!{
zV^fta6xE^vOnNWAgjVqATO$G0<5;rRj3M8Kwp@Nrv}S%ykJ!>5h{lynYK<+x`3d<E
z<vFwJ#cs|TfY+cjuU7pfL>C2bIJtaKa+{g~#q6`OB*Ab)3Vjsv20CW!^_0x_3<bFl
zW!dj<F5Mg<j31saOjIr6mRK<!cVB3tOVVx@=y<C|_dSIxf8UUlr}dXWS(fFJ$yV|c
zaOq0;Ml8`PA>yTO;o1xo5h(SpnSdeaWtHXcq&ZPoD#3Z~eGG5O!s+zV!EPr*6xr@n
zae@K~iA9SkxHsc_w48_PyaO3L{3NTgx#mT2J2&U|aTX+s10O`cjQPu5Xx30le|eKJ
zqQowIOw}oIZ^jP(lHXy)39hI?9q&l>JA$}9!BA6zjRjyPt<=49uU-^<J&^^>#`i1z
zR_X@4b|4Ji=3Fx^-%F(8f4x?6k<LnEJ)=1+eyg*@sw2bdO>R5#Dn|*s4L=xZ5mgWs
zz0dX+?{=>2QM+IjX_AXJ-yt;~;}|8KT!9xG3A9Ck1hhoaVio(MX~{#dv|7eg;>HNC
z1TM>|kk8K9mTdl0x2$~L8>7QR>jK46?ymE?khGSoJ)$y~gaDnQYz(o29K3Y3t*JEq
zFl5;_9xFkoAg=TT$_~5NI#8^EDD+jW6yamXVh8$-?{vl8`T9GEFR8Vg6%Ji2&`wAW
zfv|I03h|MM97OF)O8+&(v6Bk~aO&Pw)@Fzy)7>-(slob9n&X56cl;be*u?ZDj}rfF
zb!r-C?qdATL1DI>pYH($37L1vn<dUxAKaf_iwB~uQ70{<Nb@gxqhd=wOq85i7kg2L
z{;m$L_}XY3+xZ+<_lPc!n!1%4eVFjSp3}U5bXkJAbErdwhj77gH|oHz#lC4m@w+?Q
zHp-PYxV^b6Er?^8^PCH}S)!u<`|C1IH-Yi5#Z`mgA?{{})xUkv-YC0v-n1=TK8cEu
zU5o|5CD7j&E)eY0{yG>=Lx&F6L7_rHgTckS_0u?W04|g@FVLN5ZkXTPvY~}GOp*d8
zwA4hp(P}78jMjX~!&i|Hp!|@mr7V!bft(cG<3jo+eIz&r09dAC7d|LW(VdM+>K`3$
z$uf>*VSXKaf>wdD)Bx*hA!A5Wh~miogjqY&jlq8a2i4~xU&2*<p_qCreN_}%h1xzf
zX6K)Hg*+nz$hubgY7m<sT(1NK9pGaRwI!EF`itK#L5vC5xxS;In~X7uoeX*b7zY88
z4k#+$?)P1UrzK-o<s;5ojkbN&d6-N?uL=ShG{6*-^lTK!eaV(LII56$8ec_$-D9v*
zqq)C-2Nn~#$(sdHcOFzNVc>pWh%!Nm3MUUgbZ3@Qz@=voNkFFLtLZa$fl}i!IjPf%
zphlyk*7&*<gU+eOUjl(>PL!(2o3G`riadL+)GP*e0D!WdFC%~y@|)N`c`?H9F$qz@
zhP0}z6MA1H&u^Su>hZ^PBX2LNF2`4`Y#|*2ICgzbqGi2qV9eS4ATLSF_V%<gJRAU!
z2+i?cnn@+XL$-#*@x-k}`z(FhmHSEfO`CqJ&o=6E@_#xB-Y11+_VG>a4!gIw=-ntN
z=eCs6AFy<leg9|!9Vq`w;30IV_$*D9S-LeOAq5uG=f)1kKo!~mNaxBM8k?YKguab8
z9%>&(p@=MOXEx{smcfP69AIJgy<(bYc=gNdtY`(>T9*3THEBSnic%#Z3x!q(f}N~|
zOJ&Tnb<F@#80(M{b>{-kXt1DX<96Hv6JRlW;HwaR=81&^Fvocxf`>@$7YQ-AFg{2k
z;3H+a5_;{9^y%l=UO9JLsP9IZy)>tBoBXT!|41Ot)C{>Vq3PYpdHiLh>e2bAR+hsr
zOOmtE=Z@X@nQ)f2?7oa6gscEe>V??R9-#W|w=J=WYFaSO+G7*pj73Nl90QhTHM9^?
zJ)*Ro&HtKeiPOhms99*>BXtrixJfWW?IEU-Z-|3rm0Pe!FgA11QVOY0<Rp)8>N_6G
z$K?(nBW*}d!)bGfssto|QK8BBW`ruQT{&ECvW4_c3z10i3LxhYHqLA+@_%4$nE(Au
zSJnQ-6P83?mtyn<p#*i9B)dEv%;`oE@yi)7);=R==&Yti-AgWP&|6b`4kITMu|>gC
zq7|r_ZU%-wc+z95GN?c$ntTl|abHD|>i&rdpI@!Bw{k~Si>E7R&Q!z5>X0fVJ8J!S
zRS~lJVNjCx(@Is>Z%MF*_)4v^&`He1%+JO{Bkp#~YK6TbRgfUuZXrltINoo3>~&3P
zvyaEWS^rr%(B`5D14#NP7V*2nSyfC=quxUZJ~H>38-R(e-R{|{DJ}HfOAJPA<iMm-
z>_P1ZdaGiuJ|-gj9BWh{t9;93CQpVCB!bd!%hACKcp&&FRAG}1uGP~i4>nc%iC*s-
z7A4^g-I&}(NPh<YOAChpx%)N+03d#Xw-?|e8-`11-Zx?ftbVgO<c7c~a~vbemC$0L
z-4@%yd-#yI1W@isdV9BL1|dIGNKWKAX&_RXphQe4DA{5+{2n4=>ox{X1tO26hEi;`
zobO)_*#MjumDB&BfyeyZdulQW(F9RY9}%dnd<5UGcfo}SwTHZFGxvYbffeAu68pHp
z$G(XhnbBBZ-mgvvprC8b{+THU!MriS&(_0$UXN0Cw4^Lj*Qg#FOBiW#)?_M>glg=0
z=D;8(S65EY{({Z{Gp|sdRs@9Z=1bG>VfN~#Kdu<m<|G$!B?Vz#-o>1$ilIe(L_h$p
zah(h@=<09TSMzyL1*Mp0Njk&90MJFmG=5VtFQKJMrKvkHaE4b$9)*kgN$i6`3wBtF
z#O$%b4}gqWN{b89i8M^uKi<*Wgian#a#H7bpcZxchgdm@B0&b!Oc?2cFy35{30jd(
z7e=iLYVah_DFzx||H<@t6KrN{eS!znCbeNv(v@t^RmYL>{9S{(&vzm>A*COcY;&SO
zP>fDERZj1;?3I)m$Fl$lVP|W>DZ2tnYxubP@Ny6!;OLH&6;J;<>H^vJzJ&*8IMhP2
zi%^^r`hri>F{juqs7@wMK{gO=xc05L-6AGc*moJ;Jrphwj0i=^lE!{BMNhY`y-^6Q
z1Clj*d=kFIaq*_00N*Q=Y)DWUm1d_4fu<NDYO$|bsV#7E<e+2~Kn9nmrx~=<)sEOC
z26{pRrHaHjY!(S+l{IPCRPNbB0Dek&vd^U|0c_7We)a8fm(A%PyHIc8>oQ_+pu%mU
z;Ji^!b@jOJ%APE!Y6!Y=dJ2LG$=K0UnGgsW*RVJ>_37u&SZ@Ji1t_gicD8SBt+B*X
z<IJk{N>R6kA5O5G`WAy+-oF)-Ak*!V?yo$r!7J5Z;{1N>l5i(4wJEw9Re%zdMZ;1N
zx^I=2j=18<T|=VLJ$uvLy8tXp<Qas)3_7k~<x$2&WJI<=L*SU$m|_xn7SfAvu_zP&
zyP%rA$e*;Rj>&RJLM0niriDzrrNVtZ-QuQvPKG%pLZprkC?j<$nJ_3~0!dUnQc>07
zdHBn<)iac4tmgV3QC8)hBn49ApX#tEX>fBkU}S3%8w0@pA2N@Wu)H7dX9AsO1c}h4
zLQ|=enL;EAa4Fe0XuPa!xOp)^`tvgv(#wN8B*N9NLoa^+0V@@h#+VI5sS%T6vM$}v
zh(buH7&M_1VP_aK8-pl$684>)SdH&xNxyIcD64iUPz;j|b&SKi-H)hZ8q=d1Z6CVQ
z@QaU1Fnq5r<;SEau6a2$oRo3DO=7HZ)%1$$9~cMb%3?L>tvb#$q#W|Jq08R&_cLaN
zE~2QRu!V$Y$jN;trV+GK0jL#Bn?IkpK8FqIMN)r96W_v9bj}jHC`HpOhL0e<L<Ni^
zV?)|qy2GQ+4109=LLJ1HKFKuHF=&Y44XkfNPWcIef&5}hYC4B7vjR%|k0M|zq?MZ1
zlq>+kzOp4m6fGWisl}oR5J$ZhHUMfiQ-c<@rY3lw&N$C}-V>nbRcp=hG8RyNr^Iby
zh#DhLy_7wWLRS~}aWt@gs%B7I(v(IP4fSRK?(Nj6GYC6K&mY@81b%nF0>A~=E%!XF
z+_WSV%~eNj3Zi$esD`3sR?d}P-PbN5B59%#@r(&KI<<$Pxm`lD&A5bR4wMI3p(CJx
z02(srQF1#(Soxh1;`|>qHZn%U26T8A5<+70>B-;m;kd&n#for&H77<Oj^$HKm`p?}
z_3kd7EN6?Gt$<ZzHz8}BL>M0FrCj?D!+8;aM~#TCoRLDe5a}Mn(`>4!6<aWn(RPV-
z%f4L7_w-=Gb$pt_<H3JszXZpMp`6ENNwYS8kzhj)0F2UJNm6K+BgN#%R`YYyU@}T+
zHCaUy29}xAGJQd==6d_DdLL`J?~}?O#W)&uPu1M_5Oir2Yz_)n>cv-ob7BJqw5@=@
zx?=G!7ny{SBskv`eXXrhLL>3Qe1^ciT%>)K_#u{STKm40C@Rp&=~YxDQtSJ;y-fha
zsSmQ}AR!l#nsb#8?v^sXk30FV0Dp<?6zpUw>L?BZ{WKgpCUwUkpW8K+zLoby(It%5
zJU22iOV)T|u`Z1vagFaqf0sc4UA*VwT6Kb_zt2Mj9pR0>7o|`kD~+fV9(yqM8bsa9
z&?gSe&zh`<*)&8U1EJ#xHc1&$7f8H&2(1j2WRx*7AXVJ#9^Qgu%Q68v7{X3-_b6iW
zrq0%ig8CxJPJs4In8EqA*cYVew&wy_DCmH_`1I~(P6rtEqI1Jma}qFpz#wR%Wav3F
zORiBPK~F#DMw5Ykc&5@Ht}HK^*YkhYfJ&|YXP|4tQ~R8{ukMaeon5fP5t9vq-WwmE
z`@dU@_I0}$%V#<wjy~hvk=E&i+!XQJyxyUA;<;J7A;|J=8tJw8Bw)^!XQ>6U<u%ho
zkYKY`@5JNW4MR3_08wgi3mg!~PxyW{b;2;a*}uG7$443!873r=gTTV4S|#u(5Ysfb
zo-C1ycqV}RQDCOv?6*F^V6ypM=y6zTm*~yNbn9B>8`wJUFcT?mkZQFofW<vdh|Cmn
zzn34~+Gc?Ua=wt1C9!h2S>C=aNUR**3~+=PP>#n2I(0qfJ^MsskbRbzR;`s&EljmX
z`@H+s23O1n48}$WW8fj{9j6i6vmHZeU{MeaXGtnGykci{6j@2yoH`elW|H@paAq~f
zAgRqzRUw1#EerYPvWLET$-+^%1m!X%IeCapng^0yUdB(k6JNZ@k;~jkjYvL3eYSCp
zsMb53EW&PQD~Fc^uiZf*yLb@bz3!l9h3AYpJpfv`&n$r~MKHe)_{2P?L*{MzUKxIP
zMfw8h)Qer&c6&E%0H(B(o%mM!F9YMKSD6!gyA7xnr(yjC6`5LiG7-;EDOqLfd;33M
zl#atNK#|~Ed^#B_xh|*vvc3kwutq#CjSPY};=KG^+E|v-T697fVhbr5oyZ@hSNZrC
zR!zX_41K#>pXTl@vxMAcQ32kP5xpN@a3vjRd1|JUxzp-<y_92O3Tsu3?MNat*<jES
z(((Vt)meu{6?Xl4C@DcYC8QgX?vPGt5D*k4rAu-U0g>*8k!}!>PU#Mb5n%wObLatP
z7|!;6zjLndI)9<FpS}0mPsdun8&A^t*Olc%8`bZda?_5CB!;hjct-I#ldG9=%B9lg
zl*9BlIU<TVSbxM=2LoCNEs4}HAAu6G2g(t*Q`yeB7`#>*fo6jvP8nox7X`=<$Pyl?
zi5lGacCjU!q$Iq2Wc7CWYk3B~Y=FS;zu~`jRd<d>5B?CVN4vT=KW{qxvN)gXV@kQ(
zOkhNz9GyfdFex%wV5q|g%A;zkNLsUeDg0c;b2F%#0^>u!k2eq`*SLLXWu^SyJ4?&U
z|Ecg73i`<?OqnmG5+D+$<)nwdQoNu1R!#AaD#o8O&{M+Z)AAhMMvL~Hda|*5%4Eft
z(sKiY<Va$-Zak*g`|K5JkWJ(d(M2h&siE!m=5*X4^0z`_xS64LyzzB%U@d%40kPpG
zQDLKEWr2ZcQiWpF10T{vE)`PGf%G^`nb3uChcGOVy)C%4dDfjpV-ed(+*!xHqxPnj
zeI%<`zDvYjWQI>=nr%=uZJVZqz;@Zu)kiAxF#M)=yhVh+r9Yy06A$EWXjMP}0&@OE
zqo@4eHy6su<RF;SHHl|v^jZu~QJ)TRa&|2C3zp3}KW-I)H(FMJm^?|=ZUozJyikHm
z29ahd2JPk_eS8PG^xUYdy<ZqR&p;ySTDbhB(V&|QkBZ{Uu`-Z{->Qm=av>RBTvkz4
zjW5Pyom-zO@n1iPL6gS0#^WLL5FgW$Pdlzf!s|d)z`!+A0ENDm%*-W+WoVO4+ali>
z$6$U5aRT(C3j9<Kiq?!^e4tRwaGg12lhY{QDCMxPUE6OmE*vBq7R)6em2XA3FrK`n
zc)};%Tr|W{2JCxGaCza|z5eiA(&bv3rl;n1O~7}CgbcgI^qg5)L49;$`QXh$;%^66
zzf}nKNYtVC1JK0N@>>)8u4*EaVhi-xn@{t2c`VVv3zT%$$<NXm?3fH}OSHTvh<AjD
zaC1J{xDKLZ%KQ~XlB8Z>G2@nB=e+q*?w<0wn2l9`KP2%s(ukUr{%$y;#GZZ()=p1R
zVSN<DQSn%pL%&e9Qlr9z<g0o_r8Y27lTJRj2{qwTQc*5e#%$?gXm-(kBFy#FKu&2x
zFT-iXba9oM=%tVtZPL!DiQmFN*QqVFyZy)4WQ5H>&wuQedi-i0ZZpDkSFrouor~Lh
z(I-CJ+BhwmV_q<9H=!u%@a*W8?sQgXN|H+}O?A}mh3)xyS>8|(bi$#$lN<{)^2MEj
zr2y|b$ro^7KCqe^d<+6*CcaugI&0?*vYXXu02zz9S5`l`gcIzXxUb&t{8;a|{kR$i
zi2SF4t@ov@1}IdLwAkkNRmwN395VfMf%jEH3ZIPQsWF6}9EsjmedcmF#BQ11v*g3_
z!C=-Ddcm(Q6i7X!<SRg$c=p?3^5Y~M^A&+D0Usr`c@h~c@A1E#uTqj%a@DG=rKyPQ
zJ<^iclJi)nmbv=PXEvjwtD-AHZuHZR_+M8=I~+0<2ww0R)jZ&;Q(R=b35*#cs<$a#
zp-?a&`H~nrCAu*~B!EMj9>rjO_vYW;OZ0q#$y!Q~j7jV_Dg)`NN9C_^gpja4_l&$`
z{1?59lp4HapQk^Iu^yXyvaUTC6uBzT`kdde#r#fPR>ojfw+Q>jk(wwH^T?c<<)utS
za1pypUvNW4%fcR!55eOyN*2Z&C0TPnV?{^=-CtL00)-T@P?iCz&R)|efDE7PPgA*M
z+DjHC3d^E$KJq%u(fD-UF!E!KV&!MFoC_tFamw>g$iftia7GDiD<z-szKpsizoan1
zRM3U#D1Ca2cYkk+gV{&kiU|=IiKAdKi83<7ccHt**YsXpG9^v^{F_XUq;Q5}Ddyv^
z4Y_2JFyGwpiR8ER6ly_~`2fL;ieUTEO!<D;O`{UVw|agPy0e*QCzP*SaVS0r+E%aU
zUH8%vkEq0uD3FlG<|qs}K4CV*`+-IApWWNPIrJYY<WV25Gj3VQVll;W5`ihrvTF99
zghg|*(L@$~Jw=miOws+UpGKUUPjI3n!?`5h7CKURt66zsL^sO<eZt7+D#=BKV@35A
z#duYHyVJ{sQC3P77}kP{YT#6adrVn<l1ym3SU7b)g5mF^&lqho(pY(*aZH6D2v4kh
z!>#-Si-hQPI<pehpWpy8{cO;x8>UAJnJgnK1Ir&$yci4B5&w2TBo?dB5BjCeo*5@z
z<c(Oy_(u^#b@vYn-};`e^6>jz5yVn536qJpZRJPqDJdKSf>>DdlC2TSVM(5b4>dl=
zD)X4+2<429KH<l|Oy<EV2p8EWTi{hFD83y3d{Cez9I37B>A0gp%t2JCC=Ox6R#4M$
zz5JW<%ILt@O88nZ>E2&v+XH)k(Z_U)6?b0MvytRUD<)YIX7PCC1ereQYlRZ$H{tqA
z0bjGfQq8rXuzHUSVQQx|lSVnmNp-)4=Q9GSf0g){|L-}4Y1XBU%v_n6%O@YqnBGZ{
zdOWJRsU8ULRQg$n4>+oEyFICM9yqRK!TD+`u(7F|VIz?9Y-1d@e;o~%*HZG%^TK!;
zKV$fAuUxV)fPu!>bc;UTO#t^=vyzI4K-o%T1Szk~rn5;bkxRiePK1-0hS%RuF)6z2
zuvh@Z^802R$2`C(tYzE0V`3#EG@A2?s<5kq8Q;TuV8)Z-<Q}R#2TE1iIv2$IouY<*
z#=nChXXX4a9a#$=p0myYCz?9zylK9Y_h;f6OFXBTm>d=`WBT8wU0YNUtOj=HwdRt5
zX2F*c6`|ys<4U3<;V1&<<83m|j*@2rMwdV0VKDcBeWgm^(6at6K7UIkC)x$4HWIv4
zr-zfG)hHO7?+Tpfy>|;A=~4SrN@g)yisBwhKs-v(Y7n$g>jQ3U>uQ<^W!zd+;#4c1
ze=yQ9XjV?1q_$cARIMGjI@@LLS9hjKo1nP|1lE^caSA(~*AX7njuC6LCT8bi>ASpC
zP!2ZnGfr`TVE>KF$tHv%%6fhoaH0Y}^^-IEFTN}FxXEXP!9GM!NzEY(Rts3TzgTNu
zSc#t)Rec#wKSt4v8u=}VSZ>s9&1UC-;W^R%S+=pa-ln2K#`&G?%g<%EN}S`P#A?@^
zQ81nws7Z=#ERK+>#oe(y?w<*-<r-D-N#ciHgoC-S9$m`K5%wlzdb~na%J};rbbnTL
z@|nD@w{Wr}7P<UHj+9pBi<TQ20bD5dSOk|8LImt4DoD9=YCJvxx2>CQjaGG8H>>dS
zZOuN*5$mCFGFxSx>!J9@Jfyt2tL10B8iv@|{zv9i-BQ~5PwL?L=dKB<!;cHtDkff@
zdv=FpQp_IIF%<~{E<HvabpS6HQzKTuSC$lOQ)M+vCkcDw-)-G_^Of$3Dif}cNkL!V
z*4S+^aoFF=PvU9&El_Q-R;IAfKALuk6JB>n{^^ur?pSrUxd3D66mfn##aS{?*|Gn4
zO$=Z)M+V|b{0W`=w*OZp$lyL(R)cQ|W$IMT&*WGq`CW=ofk|2T%-Z8Jn@<Jp3)@Jg
zxa14~;_GWm&m21dA4GAe==UMx=@2ItzUck7RsQ+xZyiA7u<9?BKr(^9DFM(!jetRw
zS1WgJrf1lC6S@<D!_y<+rUmD-7e6-x-xh8LB)e$5I`WjjKY0mu^2m$3bO6K}z|9~K
z<BZBDYdH=gi$+e!>L-gc`iwRLsE)|s-X)mF7ul8eBsEm+_!zgT<M6@L$~i0JH}2c!
zwO+n}3+QeFXB73R2J7PCDACkEk}yWJv`<|1D?Dc_st(P?W4XP3(NO|e_tQWCTXvz}
zQxj+(C#wr?8yax(4;KA9XLSj!k%d!(UW9L|0bwM6ljO`5K_R3N5xdEJ)H}e*=Ono2
z*8&mPwnefdszTqqi{lX+lNKhZ-HA_D-UQGk``UlZ3Md3j@R-FM*cz2}@K`tUNNPg9
zS`)SG4c~0p{`@K$_>2jb^$@i3in<LC0kCUk&J!n|7)R_~_V|*6Y;-4N1gmVI+=!wO
zdD+04N_o|&_Nt#%tW=61P^~iNHmH|l2Y2Typ$boj5zB*`rIb@D+(a70M_Q^LKVU2N
zjT1#F^d1NBfBzo#3V#=4p+nYMl&-tx$i{C0cR!$P?GXBC`PGsv$Air7nC79WpMXi3
zqJckylTKQ<oD8~u>x`8_dytS7^5YDP%MMIRQCd6E;3M3Qs^sdW1LsX;)wMvG2WD+J
zHuIIDqx|aeg@X<TejV6ieZlWMCGqm{5hgDT|Cns79alckh0iDW<p8h;n`A1Z8QMlC
zoil2W+#0hYioS?U;_MGSI*bfHtTz4JEQB>5Pk5UI0Sby4Ie^`2ApP<6sff)&He10i
zPEUxh+OT)>K<(>|2)1^LNk-jD`U$`->n;wa1-M=hWv@(@iv~7C*i9qT9^*{>QlWqF
zn2(wKS6Z=V%1MC2()y^ZnV8=zpaD2%1s4N7<IWj)RC#)-^tb^!+I9TefNu!M#f{3z
zUpR?zXt#t3ht|jLPi`+51(XHNpI2S>SdZ%Wn*0l4H|QeT!1G6^7d!Ab)&V-kRk~{>
z=yR<T8$aI-4B93;Jvmdz0i2Z(=e_6gt&A!xklPd3VB|D|fA_JXNQNUNPgirvdV2))
zrl)RcZSdRFYZ?+rbB`;%Tj3M3(*krXj~he-4cZW)9l0En`r(+l$+p0(Pw><mVtrVd
zQH&wlEFs(7g2GdjI*?h*KeDVgS%RtB1DKlrzHlOp?;I1P3-Agmft`#54co;-4No1n
z=>fSVpQ1*<Ia<mA2#u`JSHiGL<1CpwfLzJAJH)ZPtv~otY@`+JKb+lCE}HtN{n3`&
zzCo_veZ!Wm!Mn+PBMTbNWoOI=*7{6x!2Q%9N@3izPGk0xcEQBlJ48dRR)tECBJRT5
zv?g5Cu_3>Y8TD=iV&Pk&Ew7i%CzokN<H5UHDS9R3xoDMU1zXlf<i}xhOdTOZM4{NA
zD>ivyY0$dP#auc6l~Cb=m9ZZZbNaB}fzYPM@E*Av(nBX?SYOQ5k$-kc(KH~ZTGn1g
zcVt5PD%T||h7hAz^%0wJo(1HpD&634(sL51ahP%6=B5v#<^;{BENlzelggv7fK5Yq
z`9buS)Y?>1kUMopTX0LSCqt-!^<sx~a7;$wq+`YmVHk0NWps7z*t0eiUj0CB;$L0X
z*D&KHCzJyr<KIeq+@>dMD3m9AIM*#W?~^rrmw$W}mo4G`MvtO>g;KTW=H}gVC8y}&
ztK5f)x<#MRXULK7K0!@6J^Ag9tJjCPZle7$_jl7Qt-n^h7LkNs097m5>CwceB#Gfp
zA{Dd6fd{UPVG+oW@+hR|kITC0-nxV*6DdN@F#ELt@m}<QWNlkt7{9A{&J}Lbm(25+
zXl>NYg}HZpDPEtYzp7F2hYqVP%vg3{VVZdVVV^=|lFC*-`)oDa=`Nf%?l*}-(gLIM
zAC`*8i7f0|tKzuca;C^R5J<tqz{CJu8IpZoWUi4t8h5QImhlb%e&CZa8lF3`B_>U1
z{|qZPe4eS6$<8)>mxoQerIeOdLR|3lCASt&42WvYlCfujk0a=Aw}G%Nbs-XSzW#^h
znY8Mchk|Po{z$SFqkn_-^ZLC;Np`-KW^GT*hap|&zYE{_aaTssNgq>n05Mz++0XG4
zJ>R^Yt_~%&t{Zzda8j2+33{i#|MKTH*+t=a^_rlIgC8)7PO`4!pSJsW@Cu@(p1!YC
z!NT1%pn<f<kzlv$lQ5y@A@3K@9REnd>yT?{Th_|^Z%ROc`m{;3=H}Z&39&`OK>a<d
z-JXLpsi}XAv5kCah5jBKDSmshE_{IC9pqlU`MWI!D;^<wcup?(<h6-Pfe~X>RfDzw
zu2OYvJvl6}6zDq0PYqQDZ}{z7%)Z#cEPOaUEO%EsC<f>jcRvVFReHYqmAskiLO5H!
z)@W;ODM$M#O8IC0X--O>WkE>Xc3DiH;1IuGqY5ZA?mwba&@MT)O(JbSDPi^n?n<>7
zr=VV!EOKcn(ZET3QdtXMHv_8(&!+M;p~1Zzh;?Y|WM$$Nj9q?P&|Wer{@cxxWpV(W
ztTi<+aobL9Xmgopjlf%~su8cZREBTXp~Du6VP-?DhK<no>JF1sFbhB1s0hm!f2=ya
zE+~W_A_H>pCH?Y7D!5N`&Wk<*=o{aoIYUJZv8vVYffuQ}{Or4vYtt`uDCO*zh^H}k
z18PU;K%n)NR0(?p$ocCn>jd3N_cP|mkS=^h%zRqia`k5XDf_bbAACVJ{f$`#-KrVT
z!TP6WjSG7<9bd{x3aJ{}F(rdCD9V!6KTO8&I2qYOtzwEMJ6ev1%HJDw!5sH=?MsWL
zM9XJ8>8G7BdbO96%t6ns1*ttl#+Ud_3jHrl%5He(#b~H=^XXc+<+p31W_Ho-${&Nu
z3B}}duqsRq37=wr;X<t8%(PpaA1l3mBjnbdBm1+#V*FT%R)1b8UxPh!H)ub7B@@!=
zajCmArYj}4p#AXf_S;n+!^juzikxO$E9Qh(ccjD44<fi@u&A>BM3_*C=?--#<_s3-
zF&pX}dXxn?9YjvMJ~!Ju&ZM_hB-v{2u>akDi4XW3iBATvH72XCdu26LC_W;H$9&`1
z?gMc-htcAZ*WWfKphM0-4~kCkxxT?h!QuC23*P|2{wcTD>Wi|-IBP*nhvCNBAmV3l
zDXD{wTSD%xxnc{tLMEa2h&n6{Zxa>ofc=V^bY<H8I4lsg)#4h~I<LKxoUY!|$zdpN
z_q}>n+GZ!9WLAel+zWF7ihZcyMDcI(s31M`xms0-z@M;8zfF7r?bVY*kQxw~*f#E&
zY>x^8*jhAC%1V7@s4;#W<W}g8>Vgz1R3_}Z72trv>BHczCGz*3froaz{MPb^_$DFo
zD6_XjN{NZ~k>ot;=EMJa9LQ#)5$iXC{mq})HMklYHB7H*(jfH0q_KGa`<fe-op<&Z
zD?ixTd;j{6b>amL(>D{h!MV!>HaR~=>ZozkG1(9~*E{x0NM=t@+<-y?dToujw{X8~
za$3_~&N5%A4Ca<UCssdGWGKDyg5f>mfL+?R=W1cG(OF+D?pGO-3+ggnsHPg>PqUS$
zgX0<eY#r!K;GVTa)5PU?as(jefU)EqRi&2kFQZI(2etxrFM9tz>-;qqHZ&^YG&1>O
z*Kk4W-<h`YbORv2%lzF=c5+jP-Qm??83ebcY0?uHjJo4d!?+ZozfxaGr61SMMutd)
ziDbvFT)fYL6Q3|=`*}r}QR6mj9pfJV1YkM+Y2(o&do_I8B^OmT8YTeapj=IbZ3+L|
z>C&VBP<lYUqZPdJpA9ji%Kwz8=WnJyZXYk4hB5!vVj;#RDd$#Ti}@jeK|C5Unm2_5
z%3Xd4N>xq~6FvTc2~+2t-Cjt`9OSy&2?pXOnJ3HXzDy0yV(;wrSZ6m7;!|%HS9(Ah
zLy%o%oES2caaH!!lyCg&{d@dw^Viq;Kni9$dVLm8wuPDM8A2}LkWRA;s`N5CKnh%<
z1=tWOmfRW!F(3^R>t@3VR>PGq4ricyH6VqKxrr~OFiEOgUW4}nY<A}m_-6|&$j_l(
z!h?)8HGK*jcDl<EGhW4vo=0dLkNfIWD1H9j3?I+z;-5Z5+}K{(nqVBs%>&y<J!rX~
zxgfhj{kZoQLQc=oL2Dc0;zt5e2z*mnHI>cHdB&Z$AmTNGlN3J*oiOb&y`<Rk>vuBb
zg}+a$rH>zg!WS<%3|vO1oFSh=$D8la-5CX;iP^)$-G*I(Eu&F-tFC_Y-ebR?W5kS|
zgr?mL0XRRBTV<Tw&)mkq5>a+;6|v*i;)NMq1StL)<TWJ!gkHZ0e-@xANkDTI0K2%u
z1TD%Vd#3Xlq}$TexT3f<f=^7*a4?1^fOl91uSNX2vZu6p(0S2wkNfoRfzJjsCMKAe
z35^`4$35&i_&ZJHeoK|!FL592r-_-BaEIV*c)+@IJ)dG2htEgrCkKFZI@<|Y$OIg-
z@u<mUBN*0j6R|7Er}Qws?;gjEXAUx%-=72bcAjv9(E!&&|07?(TKq(E+V=xjG6Al{
z$|2Z0h(#`;&F+EdKGKDq<Z7~E*UL|xD#TSJZ=v|MxCb1zNhU{Vn=wsM*5?rVn51#(
zBM2lU5N|^o+Gw$Y|Do+e9A~OtgYO~X3EbWS5Db0}MrYz<5E51sLXb<`oXxHuuJo-1
zL-XVQ)FEVf@!equ!dC}-74Chj9RhbNE5#nk;LT|_L7a`tJ#Hzn+KJ+aWg~QFM0R^S
zzOy(p2e}*F;2=uf&5P7EFkI~I6#SE_WC>s5^mn$$$^9)2oKefUY1q5|x`a;@IUYGu
z;5=jbn{lQc&f_sRHjQyI2<Wc*7104OscHl@k-Z*NE|8Xh=JJvbeaV>78Zr&<3ei@v
zwD#h%(Whnn_H0ce$@PH}MClc@4)6k=Ie;DIf<hrdJB{e`6;PO2g2>VrmFz4~FOhW}
zxgkA*gwnTokbKT1^i~!NpmThc@i*lDUEM*4VTeXu4Pk`J)t%pg?<v%1(Tx_oBwl}i
z+@n<&0a207tY){6kflU&!%Ks_w(SCtk+MPFl#8ScVXx+Q2`fs|P}FA#9D8S%AEcl!
zvV=eLRW*994QMuf+XfUfe=I8}qF3KM2W@mi_;qmsVPODp5rl+GSKFEC2vJk8m>Gy3
zv*czH?9T6G)@7uD6hKs6Zb&;F&#8Jqq4TGv%<USJn`PQ`?BOmqpLE;D08LL7wh&<e
zto5wdx;C-NoHpDORKoX=PcS;<4&Ff`?L(+AJ+!VY@E${?He?(zrv#b+it!w}6LKPe
zIU2}~S4W<A`QB2)nIKBn6(`&oz}i8dgC>;AyzY=oi)%$Ram#!pS9LuJh8EK<+_4Wv
zFaRQ8>vL`u{AUq;<3_5LKzo$x8RW*$MxD=<KLC-K<sV<brp0Ob#u2ESFR;`<0|e3#
zkN5W%sNo@3KPUx(nNj5DYQ6>Kf*H;PUeN}?$2;cu5Fyng0AilwsLt))3|{tw9`9Tj
zWfmN?ZQ}7Om&-^~wK&f1_}<+BJSvA@&q=|b=&G@+vvyaYtL9#|R{()#KqvGhpQuVW
zkba@+W@Fkf%&R@+Rb|i3oeI<Fr%cq2UU}(b8n8{!k=N$HGnYT2(|W#7@&^*@5GaIf
zh#}5j4P`eETx3P%gyzaayhKEB9-Hjd+5Mf~6wcn@(-#}AR3>4V0lDMc5}H3#)Lp-d
z*ACdzk$HEY!`GtKfnKv_<<f^CpB={i8^?yQ-U4)lGzj2+mivP7Yi<Pk>~b0nZ!BYX
zB=X(;Mf1}IP?NleIzCZn<G$U1w-}vCit)F*7_7BEOWq7^aADW){aW{^z~vWoIoVyE
zEEn4WKyj`C!R(&iRG?nccwHQkT1MmNkwAaQ!^$8-{#Dca0k(7UA!>x~_)S%;cuhN?
zb$v%}QMzj7a$t0rNk(k;wEvSyx=Z1U-JBhtGR+3rPn&h<`+F~SY|dHOrR5qrs7(4D
z2mkE~-xq+Owrp~MZf9{Gc@mEb;s3B^HPYP?0%(f^jX?~)dSjV4RZ?mzTK%BST3yFe
zY*ix%w5MB#g5UpHfBTY%1)bE>W8rP8HeWzLE-KrCGt(KE<I2$&Kj7*LJz9CIU=&B9
zV{FGR;j9lUqoX#OBC?F=h}8-8hu}_^J*20_-}97<@#J4Nk*>d7p$fO;6ULv}zc7LM
z!j4cB3WrqEg;!mt;b$O9Gnx_%;4E%xpC0Q6V~H+E`6>trzUMi4IXzUORIJKQ^j@+D
zb(40SD)FW8wSOtlDVK2tT$_N_4;PcmuUaUwQX$H!QXf=bc*sOo{xF^|N-%mX>v@pH
zUoj<JI>4@>9f@1bx1?O)?fey*SDE!fA`~^TcE2byoK#Vw|C!C>e5fNQ3P3NE!ZRrJ
zr@iu5Z{dyXt`8_w6ZCL`?#`XhAo7>aT<g>i`*aJ7)v*g6Q$oCpWJzkUjz1y=70#~L
z?qxtPXzq^gKxSWF=*a%)-W!&`-~270{lF5y*Lh|4pq3%lqq;&V<1AmMUixsW*tO*Z
zCP%!5@I3D`Wb!+I|CsR^?GNwsw*D%N=pycaQ#B_44LbW~0I)VTb8Z1LQKBGCHDM{(
z=bL97g+-^G4fVck@e!9+JMYyAClm^Wj!jZM?OQSOw1s5j&{tZ@IVE_x_E;2pmGXCP
z7gT^A6(SD|REJUuQtXvh&-gcI#py<K?0R~l3lEdxW4nFEQn~QVvK|V4Z>Y}6^45}D
zcG2kvq9sNSZWCf$)i-hlT_q*iN0%brcXxb0rmV`$C-0Epwi}-{=Sk#SMy=(zZt5>=
zSfNfh?~#+7O|A6imwOv|_}B<?yuy{4Qdt>16YkOY>aNd>bW)2=UI583t9gaytChGy
zN4FU4t}mU2nzQgO=2`oLeGdV1F`?&aYI#x&G#3Obag`XLm8-kCN@=Fs$o*|EWcLJq
z*=DZRK8He%t6iawDDP`E0bQvcoSDj;vO*q`%1;qlfPjIKjx7CiRv!>EOjS6{O1;F@
zmPiByiXY?SRiK#r+<;mxYDrhq)x+_Y%6L>8u5IzoGOAA~*|0Ljo<)KvaOl0RwJqqn
zkCITnrI72ZPfPxe%xea<AtCur_|`^t7sVi}Tz^ar-+>+7?|uayK+Visj@+3iBeUUZ
z5Yk~1_o`q`?`0&f{zg`^B_N-EfW6v^+e=I;x(R1D$IGXcjrc^;MF}c5eU9yL0^I?i
zU(rRM-4?tDG#yFoa?=Yt-~@OTwB}ed$07<1b4%Qz3U(=UQd~M-JSwASWnd?#Z+883
zKbvn<_ReYS4PHL;NXGP|M}R;)BnGWYoRGH1{Y?KjV%E92``8XpqV<aFy&aF$%ZbH#
zQ8aRl#Ymn|PztN_G>R@jEK*e#$j@+g8dzWTicYnMANe08hmz`Cvk>i#NIYGmICw}1
zyJX%9o$O#d=(baiXC!D7)GJAC5Z=ozlxnY2iSf*KPd9eD#G#L^p;f5V71Mj)>ujy(
zVQ&|#;goCnFX7vdX(g~~N+6u0cUnCMG;4^N#b*xP6A3kG(#MNhpt8P`G<XjTEqlJY
zpkC8@V6+gfB8ip!lS-k&K2t%)rXbmV<`s(!X)qVNT<CF=S4r?9Mh6f&y)nm^ZaA+E
zg#U#5Ji~UDM`r!Yr*lS@)Ya>#I>g!ZA0-p{4q~zI)!T6y1;G3g$ccX}Fc|ngT@|rH
zIfGtsxPLLv)$~MbZ5V*D0y3D|%bf_=#|w$F$8?ad*s02b+OC0gpv3i{RpXBx-DlJ2
zyD`n*X!FMR)w{dR9WJ-;Yjm0JE+5ua4A={y;)82K;tee@I0|8o|0dO@a>K_Rm=ZNL
z#-T5M^j`5tV~<HvJ!^ObBXF>UVF!pk&>J+B@A;V<KhZZp)8Y?nq;L1<e*aW18X$a)
zY5(?Znb*;m1sv1>xB(VOr;1SjG9)-X*mZPD+72sx{=JnIj(HIssQ1(Y1PUeeT{YG~
z8RX-$cI$<bXCVUxV?OW#PL?NuyuCC8oUPbI^ipn>{$9{R>472p4<lni8v|{$o&`+V
z^avSJ#@w72&^aqnkLiIhmQ0n|)J+w*#eJO~p778+Xd{RX7m>9XIxouEaOm~8t!Z%Y
zW>MJU-%`A_eHXrdmiue3qOAGB*g=(+^zOpx_ejy?JOI=&id?+(S**)?ZE?4B{suIA
zqVy=y&A)j8C>AR4u@{($zdZt~?IYE5vtkm;E_6JtW%&rzeonkF@kPZ=wk6_%mwC{4
z*Cd*)kYm)acp)+byp}MD3HmNg1bX^B$932aBkEkIBvq_3e>3Q9dXF69I9PQd%E$b2
zi2?5`R5GnVw2~Oahgu<q(Y?%H?>t>fZIwPdXj=CY90&;jGqh^O9NT$ZFM=U3U@*I?
zn;Ey)4EU6d;VI5*=7puWr5tJ;Ib$OUI)OKGx}CjHo-gKmm<U;FICm8oP<n_&?=I6E
zU!!mK5LKAws5UU5>izt3#i6hfaCNfo{t=4`n7m&(8gYXU$J@IE2b3Po@B#EQmyR#S
zftM0xY2R1@?q5J&3Y*}&5!4pb9g<U!3f^!Md~hSBRruLewk@XcdQgVEZ_m4SZ7pHL
zP&irc8UY7brG#wnc?R$ZtOr}<*G8vsk3BaRugZ>cJ#8ngJFN)ecE&vYgf)ClxisQf
zL-tpSr)xX3)4|uejP|1Nc0-1%05J00Dv~kx-Tt&V)=Z_v!Q8u0CDDu!*ADp0$9L!F
z%uVj9L0#N5g>M~~8!45+cflZz`y19U-I`o;n!D2-Y3c1L)LVk+2jF032Vj55Zw=rE
zx<7eIp`sbOhCm38gDBZQKAHpoFSym{!{0AI{vcrCyO!Z1(?2j~tDDzsU5>NwSy%jC
zq4m)`sMhYa_x`k>ZtT7w!%0Akqz>&%1XL7>;Pv$iiA`E4S4~dA^b72)t(k7#m-KW2
zgO4AEXVD<;E`D5|X6<_49<J3@vnh0V)pK57??5c+Ll1Nn(w=<R5qIl+2=g*k!15s_
z)EUSFhrINgYY`GT3h^DQ>v{B<ZO+#l@E|&Y2Cg-x7O1+u0yZTO(59^=6L~e?_cvaw
z6*n4SG~SqD{mQcZDx#<nq>cUMx%}3MD>7sX*(J>e>`Q_`q;xm4o<=IDH~C)zRcyin
z(Wtu{gvV<w98X^$PNsONfPRS%**#SPvEUxtH0R4!12#^Z8_GQjS7M){ud?lGMcWT_
z(=vm4b8RT6vrchWBH6!c7`5c#W#Z%UVFE*gFlX~-aPHb)AP`!?AAU}IdAIFUMy^n8
zw0&I%fi(ie??Hey%TBl0dN-~2iH?QN6%|l({TK=Vs{s0vL-Vv&MapF_$lkwsshJY8
zF+ov=4LbQzhrC@mxujYyIcbOPY|c+kr>{?tN%42Yp+dyrQ~E_Ujc^g@39uIC9vz*U
z6#x+`@=TD6MbSsQ_+@9gv+%dqn;b9a+p$<iEyg)ZHgXZDI+nWJ>_n~pRRV?1WcR;<
zhtwquaXg{kRYL2MZvjiMS7&W`YX&q;Wc(eMK~}_@aD)yP>&`JSQIGF%30wrk^KEoR
zWNcATy$wdpc>_7Z``-XD6zK{|f3@ai%CDD3P0+>kPU9WP7<9A!oB!xez9Uw#<PyoF
zF#A6vP^}l9N@3Xs!`R8x((*T`bQ$Nne3uR%8K}iQ(zNK+M`+=sX0r#-tA-X>!(FBU
zRwTfM=}q3fXm`B}8LKS3{9xr3!W3$<5Osws*$}@YCFe5^GvJV9D-e~Q7X`TP8*snc
zIM<2>vET@qqH>7`GG{w}sBJF+>K1?^7I+aDOgydB($n9_2WA3_BPMo7M(+4<@26KD
z=O>JqQDB!MB2L)Wx_2^jM*hzk>f%U@iqX%1@e&A`ANHzHpElm{It9rAyb8g#HLd%*
zgzZ9%L-p-!BBik#^KC_p(@!16%-Ph9WJ#h~`@Z@tCszQ8Wb?N+i*gF4?Vg;REH2lV
zZDoceW}TlUA*UYpzyei#8!unkU2-ksheZ!0EF+E@Kyg0H(>H2mizMeVeNCnKWTw}e
zVlqC93{CkY`*2Wk07uR*tL2@C{=DIjp_fgW9YKhTTy@>=18=C3=w8<2Gd5*T8yH^#
z>)RD_U@gf?0+h#Vpgee7I{|zocl@pC2a?Bx!Myv9$xumdC;W|1qD{zpP5pP}rQa2Y
zoM-LWVXYKmG^IFxC(z}OZ<jS$?MO}La5FSJRzRSx9)U1L4D$>x44%YjJVQBv$+oPi
zER$037xM0A2V{o-=*Q|Kj0W4ADy?S;Q*v|pAKAW4oUrg>#mzN}ZQ7;cCUkca$F80h
zLjPsy?q!(+dtpF1tHDn}o5%oBN>U!*YU8=um&UCnnki3ayxpPN;f|GO=A42&IWL+J
zm@<SuZV!uxgJV`(R7G9y(XZc${KG<jueDR>=3gL+d<*6=p7r~&-GLS4p8m^Jd0XRp
z+$Y*vL-1F+J?ySJ;T|Df$Priw4Ej2OX84Y8{a;D}D>J*0_)4DTfDEUg_Nv9$?j`hP
zpq9pii4gfIZG3*cSJI7_14g0Zs~54A%4Ej%#w4<$><jo$cQ3D)D@hpaOREEkdjY!k
z^6_F}HrAI_Pt@XL`maZA`|I?6m595$tgCb5SXH;Xtvi(l<6-c<QJ3lkR3@-N7(`;?
zb%H1}*h|b1Houbeh1EQ?x{-7^e|R@tmVH@7`_iwHR8+H&9&+?+9tAKfikH3({es&o
zPimH`?^$c<3zPD>ExD{98VPj7G)r@Voz+NtJ)cSi5Tmm4q-&kmuD@xElYz^t#k|UZ
z(T!){2mZ1m^o>-)v`>b>_h4hz2<|T+=1n!7b!&a1K+J{7*>=Orq36!8bk#6l#sTsE
zVkcDy=_Mde{2cx60+0sw2?3(SNt`MV#sMv1gD$OtDZ!2^MyamvA$zqipLZLW&RaF5
z2bDCJcQ_IGR|@Udz7)@QiUnll<@1|}5~S~sDmJFTleb3ab5>2dcahl;fIG2oDk={%
zc3!k_t+@oAQWs*p16<_@E)fHs(siTc0yrViU3ARj1L%r(OfPJ#^nm|gnacuy0<Pqt
zSHNNC>z;zrvJNMHq|q{PtMA>9OIhHFg}78N5&(Y}MyZ82z`b8yRSW|LVRc!i06!9W
z;$r<jDPw@p;Iz~8Unyf>^g-=!0YGb=v+KArjii-bl(=lxqzAc^@j?HY6}QD0(W8}Q
zPv*4w$3e6%mmT0!P4Vn6v{&gxcq_@zfS=z~b~s_QvNyfoua#=}4O{qt%^>m+xaGGP
z;IzZeWEIz26W+^TF$nn5{8+hNJM84UY~{z3mrsy?RX0dx!MQqjkY?zXbNg*KA>l4;
z#Y9E*)YgD%CHbW^;5X`Z0M^Wd97_36Q)7ZU+jOVp;nq@Ugzb^vl}|s#dW`HwtVDq9
zo^Uo(%1ap_Jt-D>p4Ww`Ua(=_Dpc#r9Q)?hvFE$n>o85H`+2Lh9E<z>frGm}D_h81
zXN_Ow2V01{Qmnl7^jsmhtL)LGC!7NH;dd#w+AtoukpW>Dpx#5#>gdxW2})SJ)a=<K
zpOCB52lQC6G^VBDy>D(RHV#sEdl%;NeOG4#bzKse%Zr=Efdl@-JV6Q-2@pH}t$M+A
zxzmLGOPNztt3MAT<uLawl6CA{5;2WTWz;$e$LFay0&=FE@#g0OIHTscp=@V_7(5_+
zNzcGhUYxEA=pN7C4BfbcI>|(mILvro48OxxWN!-Euia<=P#5yG=3e>1V1foea5PPo
z;$Tn(gt82>W&fv862B(Dl=Lx8ixANWcvct#yeSWOlR&Y?U(yLlJz2(^;wT`6qK~N$
znG`b)9?u?$LoNCX3a{%opSP*;8H&M9S)v8a`8MQXZziYx`^-PX#du+w+4a1*1{$A}
z8XZUo&|_(H-rJ*2jzwYCQ;0b)Ca%9IqG&xd-TmFMwOk8Y-aTlCsCDy9`W)vC9uN1w
z`_dX69#WvvnofJ{UWu0=9wu3bN`OCw)@Li8j#_toJg)Q))0E16lVAPkV^|LXQvnoY
zQ*8$dI)nZ$>DbT3#{s9wD%CCh-~=C80?H=^FHTHnSue8rfduho9sBEF*9Adp;2T=!
zmTR-gHOO8*x7x_?)@gDOgrvw`6-YW3RLZ%H?p*0vI{KR>nAbdXJ#uRN-YN6I3G=Cm
zp%4Vsw7pj=#l>|^*f(qKtB-iMa~Z;Z&eohpn<VF%FvE+?dX-%VJ-UP-Mb7z}$)Aaa
z9XLhXRF^u*-8hfWS^3z!IHAT-14FetPCAdsm+CVPp$L~pgXwn6+123QFRu+*TWjrX
z0CV#Jb3*}h@zlU~?_j3K=W-Y_VhNDRqiTun<s;jsm0HzPtMQ_Z4=-KI)a04NWG<<H
z_=w^FMv4MP?f^zIb6v-LEb7rJvyvo|;Jme8g!^N(I*;kW6Y|J~WIPa&8)Yr5p?HR$
zEKO5B*JtnFY}SbaeTbss59^1I?}97r0W%6Ws=#b(oP*ad1i|fse{gbdP_R>BFM=Gp
zejm|Ke^YuM02QjjON@bn0yWq>yT)%Anqqr_crE%o(vS3k{IdjfvvGgvkh|67*Xzx?
z%i3cj+=n<|A@>XD^W+{(^(sm3+fT<meYTfIV6MlpPn)6+oE}U7h4;~?j1CtE?BRaV
zVmcv%U$eC+X3bN?SZEqsp;%i*O9MfPY6F3R-96-SKs}(5xIKs~3dhk?a$e?OVbXXL
zUh(?BshS9Yz8aeXMcF%R?eNvF!{2G!oT^qlab|GovF*Q7eJ}{T4bYjV!}*U{h~i%#
zt^VpXp_c-#pnq=4x`whJzjnfgF1-DpYQ_Ob&3gc4h@l47n+`5m;XK)v3U1md+Y+0S
zTeU2MPf)mc{+fRZUD$kGT^axs`lD*;1$Ce#LW_D9lH6+N0A_d!YQH-_@Lq<0*x1T1
z<{BOJSVVNfM>OJp$_^JWnU4ac0%RxC=J`?^xPsFr<?PP27w4wi@#O{U1wj_wc6&Ap
zO;ts{9{M-tfvzYW0UFc&B11pTAv)&vLNKsR4<mid+5&D`2eF4BXz4c?3ru_eS%v*S
zpK;(n7xw~YoN`<lm;`)Hcu`MS(*#%^f;)V)A55;MA}4VxaXq%>HvzmYn+~X0PiU%W
zK|rpn{>$}qmk9R@(~EHYSMg=&FiTVN$olM;;t-S%8k*<S|LxewVieF}!O`_w5E~gY
za-;^fmZt6j#r%sp>4mG|#`HhHze#|6*)Bh>EUK$%76XDj8GO1#{{8W{a*PK?ire;|
zYydiAUQ|>Q_|fC&Ta!L8jvzP8m)(1iaJ)mm`^kSHYnHg(zqx>P-!ChH>-!@I*VPvP
z85iRpy=3(SoJ`-WATmsVf#%w4%~}Z<=5D5g!T(O$hU5`<?1nJoWl$?z5RmEkjoRt%
zc?-OP9`xS}7XL0}{jUpz|NFwfJF0;@z5}3~{(K}lxfbwo4Ln9_wY67?9k;;+{{RU(
z|2+~&Kn?*C0FJGb{}MC-2~L3ou>VP51SFtmL)?i90f?$}fWYxIVk+=i^XL-oJ~!Ps
z<;8+ns^3C6IUp3*ckOpzDtIr&%j$F=1T%*U?^J$<K5_C}ptgg+E3pg&q~;EKchHmm
zFtaY6DV9{NzQDVd*}d8T=!*9Pa%IWg&9)k^?)rd*JhywLXH*@(F`hQif!1;KKcsd-
zR1tJ(Q|haMcjB?Yck>_AN(BnK`8)t&o|GXwD+078&)ma1-N&tK0UwL9^G!=ycG}I)
zpOd#;thNb2o!`{NUOuX;JU_D5j${CZ5(!ZB%>;rQ>NN8UpLHT`-5z_aSvxIS`S^wm
z1et=qs>PY#y=UV*RhiMuP}>H9<bLa9{yYyy(}nJJ1bw4t=6vRpfw*-sn<c`sCykz>
zExVdH6r4aW`THvwpS-#+A~{CJuvhf_aTqJ~ZcS}_Jop9N|G1$LrH2*6O?}yJMZ1%*
zDBLsq6`d5(*`x=k<^(X{?A6{bn}B+)3t(K4IaQNuw|&QeY&xVCvB(~I`4*zL5^T=1
zE(q0n+kL0@7oIEL8}U}nppZUS@C~Rp2uh8}{5@T{-i20UUO`Z68Gu!E%>6Z00-TM?
zuZLyHU?RM%KT(Fo&`^m}x9RJ#2?=ghZ8g#gu9O|INVK%fHF2P^F={rT+f(-W3c}9?
zx>?<^UyZ7yHvom&@6V}E6}6Vt<s9F+li73$(+_`Un#zt##^AiUy16C|#hvn5?!p2n
zD#`6mmSpEg_gAjo%vu7z!T;o7ZD!LKrfe%sn-RA?Vq}QB!K8WXg>+ZQuP5%7vG|^u
z*VKD8`UQWP5b7c;sH#}?bG@`zSbqn4g7sI83EyZYbQNmnFVoz@PcW*N`c@F)`?FSQ
zIGH9OP*#pwR+2kTXvAZ4)~euUdi<Lex!g-}L06+gd^u@11-%C#zzO}8!TAwb$*RXS
zIM@%gz5$D9#AjDp&6O;W&ic+UPk)zDAl$;}uBm1r%p_|n?*p;{<mh*7HSBh)<T@Wz
zl(1j9-QRXX!Qjr4d&L&#GMLCapUwV42>EcM7n3bTZ!p+{?b5WVM1H>ZFcMi-{Y8Ij
zSu1;dXaFd1@_z*``OoATtF#9WulND3lJS(6Z^b<dbLACu{LYaBS0rORci2me0Q4dH
zc3RNSKSs;B`%eBB6xld+LJ$?lsJCDEBwvS14=&UMIlkaKRlQeBfppO4$db3fY)i(=
zo!pM5`u6LyUg-?TKymkfx{sokd*tAk@`E}17m;0daCW~x{(;M<5(28XKw~#czNL>Z
z<<tDEl{Fsi@ptVcvYP9DZi)d{?J*$UW!zBx`&U2)3=lpigR*L1V>(YA9G$;jtM+bt
zyR$5R{v6_*$KHtl?lir{9=Y2oi7hzcOUgPC;E#a&<+Y@F9xW`1Nj|C*K)BtvcS7&2
z56^J}Rcd`p!LDloSfyrX|DOR)fB__*0RzY%A@1T-y-nZspU4=^nj3=p6Rr<C0eKi!
zFW}V_+si#~{Fndf5@M=H5!jJy{{L$FqqAZPclC0U-v-_RZjGZcL0!D-AEn%C(m(Mn
zwTt1bD**xSplA12b;n(3WDeq1Td?=0{{Hkd!18g6-i`7k^(DTz-rZXr`JQHqsbH|N
zm^OyS9i<svUw6;f*BL&`)v>3-Z8|5DSy$SYvXnsMu|A?rh+;(!1xXNgr3q`RcAbsC
zcipt)BjS(8=Aj#tb_^hSpqvkGfOZ0BM);A&jbU$6k<`S$#kR&OEI53lw^BH_K76<+
zr{aHT{>_E(ncth0!j)AY=YcFCM*6@+vHR_(k!ZrmgOkrlwCcn5DxOED8<ZB>m?Y}z
zm~ig&vMTP~c9EUso(P9Be?I&~Mx4Z@@SlpGCOJ}B-tKmB4uK%YrD;~onE?){o7+=N
z(E3#1a{5D%%nMF>&GM9OGdQNi+Z1FA*lP9Q-a__>tamwK*h9!&)w?su+BN^S{BT%}
z!{ZoP)%@BMsNFV>G)OdNBuwg300(za$v-#)H#NlCrZs@4Ioe&5k}Wd#wZZ<DFlSWh
zwn=-k`kC9+qD7@>Dm{rm`itARRW67|A4agRe{8Kd^X!xDHKOAk=EZC_q&*(^eggAW
z7q8Ma`R>JYUz`u2%r59j$A@>+c+fv2K%G$bHf4b7IMVpYH%hOswpXqMA;q7*${JJM
zeXn$L+9`ug-_!+w3Yy!n9)IJBsDcef_M^IjWu<UIPrIeRP#u9ng*618eq8Cf;|;94
zKiu!K-mh?*R2gPX0|wg?qLi4|NhPljk-YKV@j+sMem>RpEq-H^jV7gkRqs>oOHIaO
z_DAM_oNz<s^*<VczG9p2W;4d69wf-zx9T-3*1CIO+GM^IC(=(vmN9ywFV#9v;5s?P
zy`Hu$o{4c|8I^-g4vHg%DeL21hh#MNe>Sldf1`4M&a6(t^0NxiF%-^P`MkK)vg^L%
z)!}7R2wk@$Ctz?Hae@1VC_h(x;!`vFS3{WUj<(sZ72{i{JZJfJ3)mQbxwd0jr?w`~
z`NR3(EcP6IeiQPZ@llM>lN3qBo$>FdONU%eW6W0o2(gFQI%jXp^@C$KbRbHj0&{um
zVTxfL#kvE)@G!}SE=2X_J;8uw=TiFg-clTuryq};CxpElKyB=Ude`@5oe0F$w-V3m
zdL+}BCLZRJ4;M8sIX<TF(+O(YVbHXUp^D_o#Wv?P9lnOtGf_+Gsm^S#tqje8RsKlH
z{Qb{lW&g=@Fj8K{Q;$O=M66(j=7Ssf850)VBg-O41FsE?gdTLEp>%a-)8I;S_pR@y
z3pkJ3z;coaka2{tr`F~Q!Zf&_LiF9kt2^T?1OMeT8jhk@L|{C*(rjGN1ZE;b*3KXX
zZPI`Pc^gL34wK({NLCdC2x}fD^%-0L7*d;f4nNB(WseunPe;;Za_Yr-e7>#7X0`av
z{I*`>+t2HW6{>Nr{}zcLb!~sy)LbSo!;=-+b-UNrdLM%QHBFjgf`j4=+!5IDbtJSB
zXfi(0o+RW~d->MZJIiIDU+mrUb9KiDb%zHX@$iUZ_hTfz!vD26(*UQr>Z!I;*M7JM
z(<%%rDkXY#<2$c;&Wz$M>$Lo_%Lk|TNsUCHy9Jn|tH*!qkdD_l#k#rkbP!lxMV>bR
zLL}UuzxkXh3p+TQ-i(jc@!U<ocDKi}mAFWE6mZXd9*Vxw8zX3_COLht^t#c;q~J)&
z80hG7iU~dYjpw>$kA6C>L7G)Cfc8aya8Y@w{RgOap^@B9V>E}zs;4Cc?=yt8KL&_m
z7UCTxsrQkCMxyuPW$v#RA;c1<%%Q8IwRKOnvSc<<yw@553BAwSesX>7?}_TA2<MZ-
zk53@g$N_uNJ-^@T^SS;GTLh-3`+8^SE5X{tlT%la0-jL$18yD?ouA*UlJ5ruhQ5bk
z5!}o3-nM{Q%cVGp*L$xg_`q$`f!OGxoqs(qrMULYPm=!>_F(fkEyveaYC+7qwKD@Q
z)~}=YIzZ78PMbHJYVC7b?~*k?lu~%2DL2iM{;1Kt*28=fqZ@|Lnhf-v5|QZf@Pm^t
zz?>FX`+a_JcO*}g=b4bo1$tVd$BSXph+o1C%-?oy`@aTBRbhb$Fx1N{fx4*mvt%x0
z=IG2ZA$9`+t&&H3-zi$j8+*acE15q69mWC?d4ot)FnD%d!)(z)vVU`)7xT*K#3EEW
z$5iMHW$108$=kBBmcdjYK6b}DQlI6s>BYhKkg1v-uAx0rxGa|cU*n`FfX3ndFRQN5
zSJo5+q@k>DSv7vq0fM?XKrB+#kQWe3{#L9YsOi9Nr(i*6UBN_Z+7}1V&ekluFK7TP
zRW$cCOoHs;kY6BDnq2;l)$aOiPhtNXy2Q0dem=drqm)QNrhVWD)(qse&&&-_>Gjv=
zXV83<+L7|HGHC~bId4(r;x(oclSo<XxA>0ZUt`HnJa-!krS;t9ZLJacXYk);v24KL
zf78R<KixgWRe-_Q=qveYt%IE$wHXtyD}Sdk3v3`apHJF0Kc)ah_3l8J92r~w<)zLN
zQw`K`8u>kQQxds>gAA$NXs?jZZq@@$kMjTT%ryVBtv7{Qlt#LIm{XQd-}*P6YIgD1
zaBeDcDdHUG55E3qu*_UQXaMh|_QiCKuX_A@A375&`&6W9qODs6rA6vQ4T-Qtq`(E+
z<A&YlxU$Kfwy1)8;*?gn+XVmsYF*7_b~Xtw=9z2(_lF1lM`%_$N9k$Ki)M*NDC(xJ
zOlHyB5SX(BY<&OLQ#EJdoJWOwt=JNaFF3v9<)ya<^g{mq*nC8`Yu1Z}qO%_ZRfa;5
zQqdvOa<b-q7AleW6{dFcq{}CCZ>426H%&k;3Y#}-7e5!F*x?(jRRARQv946!yyA1~
zRHXQZ@zpDr;XyO`chTdevK;Xfbr*GTvONv`k;32qsUQEcyA#8?c{cjE@-Xe{vsM04
z%DwjU`xRirJaOEW54NP-SUJ@Krloxt`$*q<6~tt87w>xMAx;DI079hw&YebXEzJy?
zIJ3zv=`U7XH;*}Aocwn_R<(E@DBR@>sfCE)e0z~kdPjM1bFo4$0Sp?ePcgJ?>)~)3
ze9HwxFx*I5#SP+(L$AL|(p22y8TqBc)Rw||PfTp=72-;wqyQxRQ`Ha*G{xPAKDco@
zqiVSz`dnewKLm7J=shCIdq&{&EbFu;U!42Sy3hLOoG<%SN@3z)lZ(uM$9KP0uUr#W
zK*GJlY1JLhnGAv)4G|DWH9Xmu?_v98HdkdOT6GbGG|fKcOkN5%2n`>|88gRyI*@{;
zL&8t7Vy3gdh9&~mS$a_n$hLR;9Pes8UdG~Q4Ya}Q_9OAl>0*MxG5tuVrE2ZbM~DCo
zy{b*Stt)P66#(D>p1JH0=1=e15a#|<ll%J3ej58$7-j9aRrZ*R`;T;hV-mc8!n*_N
zoI35^i_0EM!$M!PV*|!c>@S}87m>N(9TjT^+woNHo1~YzF(D1zynoYc5j?hUUaI;V
zP&BkQ$CU#0FAk`Gfu%`68M-0t|E|P_`Z@x&FAr!d2Eppq=;kuvB2F)0g4O<7DP7fe
zZ7s$V=^!XQn0i<j7*bfzwIaiAJN(?Xvu^un3~S7<<H^eXA|Sh?H}w?%l4p%fLZCG&
zFM$-qFN$1v%6x_*=O7z4Mg}_zC4a8f^!bQCU$oNGw?^%fe{BRj6vH+1cgs3=TX0ty
zjb5}8)l&29_Z#sRp^LRYz`VQUCCu1<Zx-vlAKD#Cu0du)VBG_QC@$134F!YK#IyxI
zsH8{M!vz}=p~y5hKMV19Exnljx>u0sjpTeg%w_BGi@v6Ndp$pGjN>D`QX^6W^e8Py
zS$+x)LOndtPDt0q@a)T5P7KgBnXJg|;>@oq`7_i8wr=I~xT9|Os+d+9*~58DLxno;
z<x%s@CFVoo)5(0-Tq&Y&MriHhN73kXsmliWL!g0#xmd)ef?xm7aLrWv-1it67+A9f
zY*owx`!O+(ytd5vo(w5Ukn^h1jlU~<HF-R1e4Y)QwU|2gzx`zTD;1dPjn~<ngsq%}
zW^Ut2J~(?c@;=SubvLKKLRLC2M@+xDb`IDea<pQHO_k}(4kPb%7M({Z1aFX^ncXVl
zq3*g&j`g9q^hdb`E`*@->mNEh(~~Z6fWU-dq9>4$tMPvbd+UHGgYJKHDM1tk=}=lq
zKtz!4mJk66fh7d#?pjn(8YBfIl}_niL^?$}7DNQ3rCGM_;QM~R_jm98<Nmd~&pz|a
z%$YN1<~j5EoReP7MZ_BY_%+j0Y|r@mG85PeHM`xOc3WO92HEv0GiE-ocE}PCQQFww
z111{6qSlE_QCX33QdC27S%3HtaJ%hS=}$%qf9xjEwd+^KaWvtpu}j+C>{2|}jZGI)
zKLO2(1e%oz93WHRV8jrZ<&|o$hFNowKNS++`3k`QLb#jHJM1n=!>L`tuy2-|PG8y`
zzCRDoHPpz2rK79nz=4hG|5;Aqdl@Jff}Pn1nJ4!^8BbkFG?!8)On1ciU76&R$+a`g
zi1MymbG#_-hHhr9XU(2I<2i6zxd0EEKX6uUf>;mh(m<0IKs@9nuuisA0LR(?TsQ<5
ztiXl0z@1ev1@8Fg=K>cB!5y3yzyTJXv%@vUUHdT#IKc>hf|U^*p^d<RBdQRDP{s#u
z*qdOZvwm3|c*8PrpytaxnwJ<l#U$7rh_-%D-|?s?7{)#gQfBthg4YI9(6Uo=u+a$s
z^_T<#*Ur-^vy+6MnZdj5Ky>w6l>vW_`QcY=fNB_yo7G3+{K_evL1^TIBBjfi&q2X_
zPcMJ2KyQ5kUbADqNE6?wma~+Ati4k2y^;`caAg)$`gODNe{+B8f!v?$xa7-7&OhO-
zU~J~QVJQya*Du#*k;|W*uoSz?pHTHn|J#n>XE5y;&-W8Oz(pT$M5ZxgCQ<?W4SV)`
z_Y8WA4->od{f}TQKyxMHkp1_zWf@tXV1L8lYZe_Cq(J;JPJ$S|#70HDSF<@c{I?5-
zDT)o#D{$M=Vem&8*oL0@+LQKl8g1&_g-9#ndk<{*gw))XW4Fs&`I)ma{s(GmuJ5?o
z`TdVhlX1cmy!~S;<{lgt70=4bwZF^B;O%PqNx3m1<28R-0JgTHw6)aZiFaBGA*9<m
zwXffaUR(6@cMaX|2SJG`gl@0zu^^Me^<Y82cMT))mU65nj||r;*jy~ikGZHr?<63n
z%RjSd{i_<vsq_gZ<gZ&1yY~H0)r-s_(db2^XNk1h2~Vg{d!*GIaay|p0wF`C*|_3w
zTa~<V)1y|R0F|rgTe1`SJ3hJ%!^_i&nxH&E8wg1X8Lo&O>PUG!6X28g)K`ua3KgXd
zvw-gE5Hzt!rnd2n46q`Pf@Njuhnh=I;Od1fWre?P%1BLxf1tcQ>g|zct+xvj5W6^;
zf_D4kEiD)DrtmWGVL)ir?1RUNZ)(Y7u}1g!{Jzax>--f|!<mywITzBng<-yoLq>V9
zQkAgm`lJ19`{D${Ew7`q=^+qOQY`lHajBj<N1N?N2jRi2@#~`!p5_LK|LWdev79z1
z3zG7!9!%rQPbepmA52AA8b<plXBq#`k%awlwzplXQ)W0FHb9Z&b+By8pDmp`@6bX_
z&MjGUxAs3eU%TgOT%q`g<W?Oz-Qv%T<ToE%jYQ9+Jw>Q1g}3R4Bh{Og%uUw-f^r?9
zZgIp#5n9>#cTBNbHthXj&gYBCl8U*8Lp3@71&0cqBxVdnxGrqm2xZtE27A@U?N%Zd
zav(}mr>0v>a1U$PKLG0@8;T$+THZ$QV#LHn>?wn-IW2upkhGCtB6^{l6CV{w;z_ib
zWOhhJlK%c~cK#rFA_QP7Apr9+>uY$Uw`NSf3*ELU3*B?u(Y}*_R_`j2tvC8x<$>QO
z`zAjd{`wCfAjJeo+aJ0PY&@eVff6V%?VtuemB|`29jZP#2@W1)SAA&-G4Yv5^yaWb
zE*#w(%E^?Bl1zH?^7Xgc&yrv6Z^Rcodn6-i@gql;qZ*k+Dkps(ZN2RG3!?rR&Bbfl
za_%WBm2!Q)XCKzVjM|UCm$-K8oi6M>==5+HtjAyXMSw0^WA20V`}`-wMrgtA0T}vi
zk853k^}7d>iCdFR5(KQ)zV%4e%b*Gww4@NP%^}6%z~%Tc51%L+ri1sB^B<Q3-T#qx
z)S!IIX+bw6sCa!Boo5h`(0~kcKMjxkqlTB1D^%U{Ar32(Ibxz0WuGDYI<AvPec>2e
zW;CjZBf!oO|7Z7f6iM#bc5;t0EMPT3_Lenq3%Q(~*1n&{0~T9AY1-Y}hZFW5Ze01>
z_04g*jOW`D%DeJ{35>b#Zvm4JM}7FC!qj-&#BX7Hu644>>}zo9v0cDY;u~*zCkS{^
z%#S^=t7q8$<>gx)YF))}v2x6{bE6Nm%E51HxkIRDji|P)XmHm&4w-2+G4zz~o6USa
z&5xK;Ab8a+rkipjp#NMRFKFZlPO39P1&Z*P5<fNGqJzQrjnzZ9q5DEmL7i}dIe$a`
z;bAsBo29|A8-Rg=LbY1nlmqmyWkFr3bMA<GOfpabW2a+7V_+g!b;oj2{)CL0`3}`^
zIywA!lbl>lE<MT<9gWooA`rSx`zu!VVmasT6rTSVaoMxv--^C-ur!&fq_6iW8)346
zaBXpKK>vLw4x1C=A4Yn{2dPlwsS$jWWp$r{%Lt;+WL?7@o}8ww*PR&y2w4&i8(WN5
z9iFqiER-pznQCB^1SWv45sLQk3%4NYr|0BwUZ>%A68*nmc-mOT!;`yTCv&hZo^?vS
zB|M=|w6scj@$fA~kTc$ZzdGhD5QE>+E&$23&N25B4{)PNG?4+Y=<434sv>2`z3!hg
zflDa&Al^6bA+?lvn&(*iSpo>jw5CtS#gVfr)sx3S5(Qu~`~Z`|8cYV64MM=y0$4XH
zB|)bvUScCq0r^6Pcj$r8#nX+s&k_*w^7Qp%%vd8?<dVV@Kqo|X$dFDF^}|r@Ig85V
z>u8~BQv4^^ujB0gG8Nw8!A(`^l1q!%E1yL$KtkV%g>1KtePdN$;z*6S7jqHaH4o2?
z5BJw4A9;OlU}-HgDGvtU{V-=~BqjdQ$pdGQAIDKkeg32zDHQq)qs=1+DZhg&p4qC@
z$f;jwhCpr}%%DQtQaLsr7F~z{DDQJ3{3h(lUE*jITt*fX^8P_>sD;+k=pxHld-(F<
z_b@Hij~99oL^xi)PLweB7SeHcHS-eprt0hdnjWIM2Y`3MqpES5oHvk3OKpF%gA<Rp
z{;_6~9*u`eJdSKxs@k48dlN1WyYYLrB2-00ZMF}rE7_fYby%Nblio(Y5a5omosZkW
zhft~XI3@h=z={cyb{Ss|>^)NN&>mcrIC89d<m9(N4i2rDlZ&u#48avww+5h>9cx?4
zqDtQ~rxQWAl~%J5ufiF05rg=;UHut^H_24@5=A|AAPGubzADOpLQ<%IVm4y}u>aU4
zYhxAM4AKP{`_ONCc&`o{iXOk;j8?=peOHa+9gW|?>(}_95H6W|RH|f#@(e!TU+(&|
z@*EFv$f9)lmzu5Zs0nk~@1rN^d2l`2GHs8$)~{zO*fu@<&nP9tr?*9@hnb>FzX;K8
zkw@cf#E@g>BdJ#i9DIW?Q&F9zge0NfPiM_idZ6$0U>!VR-}KBZ@cEO*Z(9_PfAu||
z$6@0URpbTomKlL<eth}1){A<E_s(BxhMv82`~8<IN@M9>7y%$)v5fG{(SP3#8V(a{
zI8S=FnjY|rOXNX*OZ2@Jk(3f)#W7Ep_Wv>*R-Pj)N15>oSs?x&PhYBiMsK|4++SES
zo@4jF)p6MNA*|}h{Vl;Oj=0w{G#koFntWfr5Juww%Q<J1z<T})2g1!npYaGV1VyC+
zk7+`=EGeSE%!;*cEh}7!r;+cE&szRb$jGAcrdRVF8k0Y{YS#2}Nb`q!gaa@g;=puR
z=C$SI1nr^Rt+q-^8r*=tX|a?kou%bsLMY|;gRDR7HoX8y)$U=lMIx?hTOzjznyYJ8
zzyVPQ?S1kY?HjPQ1WeF*XO+&7%ZkXGzsa8gElr(8<6AMD4p_zuU>Svk_^qvpz)A=f
z1qah0z~CW{SRR&_Q*)zndZY!?%yEwEz(P_~&ZHj$)<>aLD8$I{4Z^@%B#c>@{)x`f
z7hK3hVvgtX&9g=m|7WSGobM{_S?EdBe0ig*3Exwy`#k-u<O}*k5Bl>euMN6CBffE_
z`|9IDfCq1`fBoMKj~88F{ZCI=v~!=-8NC&7H4~4lH1q21N#*Ge7f00l9v%+IRE%Ai
zhA4;~=$6}OG;J$A#P1h;namNg=-uUY#RMkw&$@{TS}~Nw#Bv&;tJt)$M=bbjMB^M>
z0{MZOngVfA*42-o$n}@ckC<)@WQ^s}u|THfK`5nft$-D433c83fTP8Q*l=WhFrhfm
zKOd4spXr1+E!2M5xEEE4*?~MYyK14R=EvBKobzzPuQn~;<+`@GN@e{CK1li(%K?mh
z+>@m$GbrFA=HNSRBYtEVeOBdCz8h1CP2O~8jb47_1K+JJkicU&r3%%}t32B_K{pqO
z?fN~Fi@56?@K_o018ibK)sXSpv4sI^_wbtcD{sXd%57gNSeFdVn(}Z9)tb}2k$+}e
zZ??K6+p`bxu^)sxI83L`L<JH<S~>*WuT{%uAiq#PuaBGH{?dAb6rkT)0O`<6oC`Yb
zg{U=T=_|sAD4OrDjg7>iPeXP(9Lrn=GJTfnA)oTP%%n$lW><`9f?W_}n>>IiemJLO
zLG+~|=YEv6UTiG((yUETpP(b-Cy#@&p6`XY3wP>`SLpax?{k5EP8w-3avGg?ocLv#
zcb8N=&jBQnT#Eioht9t<yWYWn;V|9=BU-tt8Fi?kK4C5s9d`5DAlAf}7(#<y>J5=4
z;7y!vka|9BOO)^n^c(-O-&c;<eku`(rdl4r$+>WmqW5G%S~3q%SvHT|FIF}Jdp7Kz
zAp{~9f_|kcT>oAdus_4oy~ldG<bAMl#pr~|VW*PJ!q-6J{z*}wG!22*R8Wl!#)11=
z$+J0mJ<$Sjym_D14OZ2&8TAZLhVv8S<L2E~$JE$0qqkG{8j|zxS>H$4Z;ct!Yt-Cf
zG~CEEpzfIuQBe4wK|fZJhP`%GH-`KO=palNYq`+7@t#NV;k9zqOHP)3B$n@b&K}3)
zd#3f#s_pM)kh}S3;z*{a&5&fUcAw<##Iul;rQ1l>pB&}DmM)gz5UugZMF#W4|LyuA
z8{OogXsXq}uB(gQyG1TTqw*3LQXsb0-LM?%LI#%l_nJSdWU9stFIBh4d7AX=rJ<}R
z+Nr!iR6=(yf!<`Js~e|?%CQqwdTsB)8vy})a*n2<ePHVLE$=std`TK&Hz(~p-`_YK
zbN?wIN@&5BVF=$JTLx^O0fUP8a*A62xsB9yLWtk$qhPpHBwWT<#_EEycRnP5-Rqz7
z$3z5Ro31baBlXxj*SD~$fla-?*Gb>61X=%yJgu@bj0A1lJ`o6Ft#;H~m6lpc`OXIB
zu@#WxxxP=EYvb!%KG<sscC|eB(Ui8fkJ;8_<sIrc4mVK$HWiS0FGlQ1#sO+X)f~oT
z>YjT-`>q~lc^Az$8ok3`j66@N7gEcIv4W)?m|nT{@~;9ntaw^3YMC=l7;JO^!}w8%
z^jxenHx1E91RVwg*!YkJDMmyb2e8H?z#5NE4?%Yn=CAs)L3e6qN}yy0VpH7EL4}dY
zA{<tAqH+}u8~m=xc*}D4_2NJ(f}+M+x%d$)NeDeBm>Q!bh^j=exmnH6mOXu~8wcqU
zv9o#}rpaW6IdJdKA(gIZ#d`oE8L;>pX<cKzI)nupQLcs`VFCKf5Bj@qTc$h+OKzlA
zo6n%UTDB>;VVCD-V>t<>n#K~P{}ud5tNew>)jC26r*IET`}?=-`{D2m-{8Mjmu2G;
zDEZ{gSmo|K-P1l#BvV!r0)5)4lm?NTHq8-;IToIkP4ko$ebi3<lHcl9fGR`GeIIiD
z%ZUu$EQO`EkdiVY6NM#s<WFtxzc&f;ddc+iH+}-)Ti9FGL0ER!Q+@YR_U{+hP;`SJ
zav|N&FIZmZ_Coc&u4=Gde)bAs5Z^-xNnX)^1FzI)L1p(uI(0C1((dCfCN&ycw}b<K
z6Vu1VUm%ps+fgkZA*5x0y(Z2kRCTxK_Dan}9*G^To<T`fy^U}aNUBWQ_bdIe`bQn*
zR4Q$5X`f$R{H)U1@HDvb%R(ig5a!Phu)Z?JIR~DeY;}Z-Nhi8*^~kU-fTZ<|?N=Wb
zrB^n+SBi0HqK1C)`pXx5T80N{vgp_j0MG`I@$FOTvR>NNFt^D)@l~lIww(}9vqlMm
z*VN0W(Le2s&Cd!D29c7Pln*%)?gTr;XMqfE7H@{4YnO%2>@hLPtt-WKf-D(dmFF?D
zXw54i-2eF0)?{6)1DpZ90NL#wDg9M+Y7yJVP+8@zbLf#4W*73=-(Rw~$-zWRVABgV
zBP)n|{9a3&D@nWOkiBAU_o3=DN8Tz$koED%4Do2svtzs6n?9}?e-Ga1JTOmLy?K0w
zsMMM2Q|vEVfXDeGb?(Zoee+c6vm29#`L@F=TdwU^YHY~O3AQptXQ}bZL++4sGJnQ?
z1p#!nvy|<oB?&YVd~Fx9lNoC9I@A7?j~jSu<Y=w+CinZ<#yJmA$<ZIqRo*=1$#KC+
zY^=eYoF>~nlgjD{{ryjE1R4#>_(t|hYrSHZo1e@6RVlQpA-k0iYce4@c(@>wN?6T-
zb>l3V4jzC&dt9G$o!BUKVZI?!TOkn27DRqoN>Gk-+{~&_r|a`Gu9NWuokp1S(IInn
z7f8C|*ZCZC$3R-MV`Os`Vf`s|?B$e`@6&gA0DtQe?Cd+vBQju1px^v?<Y)wsJF=|-
zwOEma`azuYyH^{$Ff_qO1;;YAth-i@)Z$wb;%yB+xZp~U4s(WecD+X-o#!ogwkbhA
zU5ww4-{KPX$CKOyu>8u0V0I5ShWsRB$>41Ps=#PU$kO5vLCYU|v#m$<1h)!OTC-fo
z9S8LXy?*}tVt6Ms>GBBOsRgtBAq{uzq~OEpC@i=n%|lf+zEmOpsdY=Rm1F}7qR~3H
z^hV0Xl-{t=TTQ?nrkNeDa3!TuLHbo1#158vzYwZNiY5;gF2Fndk;|WY7b`+P+cj=D
zDl{@q1~`OqJKT}d=f`U;D?M>u6Eq}V)SJ2Oxv?*n+biuY9$HZ<_}2SXxMm`Z)&sXl
z$USQLWAn7i)f@{q-M2h@{|Z0qJ;-DqDt{(aIo}>Ubw47N%7Jm#Ohn>t@BO|Zc5m(N
zqQa(>rNWa5LiirrD~|4}1zPRI%|XXmFBBIM)q_v_J1z4C_?DZSRX(?am?uym1SQ$4
z=evYpj(vCT6%ZwVb#Bp6F{)U4ZQc>Fg~qxlc-{Fc2OT``Ig*lmB7~A6;+7ERnAlwo
zEy*(pb@E=?_hQ-f8x98<QFM0m_yh4p@MRo$X3b7wLxzOQ)j@K_S9k9-!1ReA<V?)v
zE`PjGX(M{W?f{s5ZT!p^HA9rZJeOi>y|Q4!=3`h8{g?of5W4HW1${%Mb?)z2l@TnG
zVPC4%2wO|9Xck&4-Zgca_YWTeS+oy7+f|{~%$Kh^2n0>uscz-XYS@RhU|Yp$h9a9n
zGb2CqKU6J6OpMHiXFI((SsDYO))wI)MOPMhnY(^GHy6)|_nNvO;-=+KFVvVyc6+8C
zzMqZguhsYI3%%uE{~A=_x0YdBPLdF$6cnFo*@-{OELAKY`K`7wmk+6Zm+5{zbJWmG
ztsKS1zVCeAem2Q1_lT2L1rj=gT2&+gvo}O%1=G*OX9jW9Ygw+^o?@MQ`8Wm-oMeDF
zo~Gx;2EbB3^2OPdQK_*WUhKGzoR0f5Uda@ptzOvNYffPo_^tm#O7MEudCOka#O&rN
z&IG>S-Y9lGfx&ENko+M?5dD(uZO)WfL+jQ~2YTok^*z}@r1$ol;LXaJD-a_}skhq>
zJMI^NRj)2U2)WN?k_Ml1b=F4lX*R-6{E=f=US*kVZ%YUHFs<H=uUq>$zAU=dE1&Mx
zfJ2fa)u5V8h728_A(fM*l{ZI)Ea(2&S(NG#>+0JS&JWw<L=jl;ks(+|ahK`_nVPC~
z#a(qtmFj#IMPZ}*t6=|8#Mk}~&5ZL3ZjkAHebYdH6ewTxtH(G7kvpU8xinz;z#+=7
z7p;HyF8#M;8EMjM$L7VG5c(L_b4>nha(p>O*YX!fhL12<mdc5@9Z{OfK*NrLwr<?^
zEq#6RHLq|&thAUBkRkAm(|DZ$v3wp0^({5S{P#;1_J6+Mz!$*RE3McDUs4NO9d2)z
zr-EBgzQJ4`PGvbf&j9D<ghkU20Vm@%v*|kkk7ZbWMKl=?9P7PeQ?cM<+ONRH)VEZm
zcPRD~@apRT7Dt2MGueN4N>2ahj%Sa+Pm@)B!G9mmo^SVp>aHMvAeZ;Ck~rY`CYv^^
zKZ5#BjluxVl?T8}WdOYN+4XIQU5=KrJG~yu%WmMuRP`!U@-1jlGjQoMeQPnH-Z`I9
zDQ?|@SZuq7g5RyVz&;Z+V6QwXFRQ-_&VrtUKjgq41i)`U368~GOHM{h{B&J(hNbl$
z%xu`=rh;s)U-U^VOTOAzKb>f%y|L|Jjh;HF_5L*^4bCeuzjS7{)0<PQ`rvH7Z<Kv*
z<Hf*q6-P{Z8*#qqdl_gY!8Dy#%dOJ>cgnbwpe!c#{En(OHh~D1Ni&gl&*f#>z~%s6
z?Eb~o7%In{UF0dx`O(RB(33~nn4aJTQ9P$x1+xcLeoe<DG;`k9?_+yzh&VRt1fR%2
zCHOs=M;fOuRJW;hmuJ4#w7c8_hXC`<`>vKRhzfC|9mlN;$~HUaw7M^5C_2w+B`3=<
zRlyxTChNjl2aVo)v70tuFFNA57q-`dPzJJ4Sl&7PuMbvVdIsvB`X9FKOwHX9sM)@M
z9~=HIqki#kY?BeTD?pb2teq0Nx2e~z`3hD(;jE_<d#7@L+ilML5ix*M?}2lYALqjt
zgv^p5IhpNe>7}*O`Tdn|K>fm#<u<XHg_EOe+XyJ<S!}%(93b&m{$EXSTd~=mk~Mf4
z*wkP7?Z2ho>6Sx{_OX5KR?<1{OO;t~1!t)AmS>cK81DfwHiL5`|C=7G{hHnl@1l1k
zuE)T}6-VYNt;g<}j3ns{uI8J#zw>x9oCN9;;9c0Z&D$&8yzDOBmAi&v>B>`w4Qbr}
zI(jMG_5&utmn8T3MWd}_ErOx%22Wem0awWbAQBzkM%9x#2?BXqTA-up9j0ptLiJ9C
zPl%tEw^J4=-JCx2u6C+o3<C!U03AJ4t|cS<^t@aAX~u1w2KAgbIUOz^NOGa&SXOWP
zJ-c<-HcG;@VP-@g920;OE`CCzD%<O`4>?`J`uRrUU<FbC+Z8fB;hYjE>&WBZ6c3&+
z&v1e^$%8gIfHvjlaqJfgY!@;ye}ciQjF>fQR-w&ot#OcEcz>Slu43(y^jbF^Mw$*C
zIMzw&8DG4=Z2`uL1dP=#I3HuaRuqc)wT7yZH+E#A!YxfWo{G=E^Vm5zto)Dsf!6GP
zJjVn#>lj=AJS~AkXVgPCHfVtO^MJ<P02((7j?yj4yCwPJkM?q&Q=#1o`xa$&;yNq`
zT`2YyjeXF3{}mXs!*qz)MDtmEt@Vqyze-fQ5Aqk;wonpA4Krj42m?LIGfXh7&|9xY
z)$8QT(An7D!su0|-_s?X;f@QF2eIi^Fd6=VI2h;uEf?m>8OhTJ)bGDwy8rA;-C4bq
zD0teXL?^)0q}S2Ia{<~+vKglhCNQyyhO6bGA-?S)uI(@z=*wQu`VW?76=y^mwX4uQ
zgX;hEm&sw8wD)3kW8?Je&{@v3%{M9w8QR|{gT5oW|CzcRK<B;yojd3pksOiMTMxI6
z75Y2A%4ch2SQdI4=ix#Oln|c|_Zpaikj7_oy3NPgJdHYLE>hfm9`s<cTn+#!7=TRx
zzZSO6p|gfGr18{j|NLI_?CX=-X~wwq*C)Y<MWCvMz?NMS+3si!#w4?aC_UF2e?K!d
zYW`iLHoZ;YX=~ZKDosndyLf^VF@yyIbBO=qu-JBy<>$JPgcoXgb|42$+Ad$8&&r`f
zsT4fYHXO4Z6CSe`l+BW?9<<X2QK6+a5f7`%%>L9Y*Sv^+bg)@D24WfBCzMPAklM{z
z$6Bqn#*z(co~r5jtYt5$b;wwJl#~8txp%(}Tb;FS-#JQOmHb5rw#Asr9RFH^qy1N7
zryK9g=B`@1>U0FU5WSZRZ^7h$=>2rj1nH|XH>yhAFY&P!A&4A_mBR760$x+^l6JE=
zJ)}uHIH;bng}5g^$wy4kr<smmc+sYV??@g{ZHN=zxVUGmpVX1LNt|x&UF^`-+YJc^
zAKqu`Z>(+Fh|XBo2q5Esmr3uBU7+zcG~2D2rG|W%-3`Y+w8n2Ef>ckhm6_@EKpvY3
zvwv32%{$+nGQIEbvYmxDWa=Ys22~`s7#ZJ)cCt-<H63a1JLNne3aR@Z)TX^f$DwMN
z2|o!(;00!#avt@(f=gG0jD3RO-E%h}820rrK59S&X*6GK#%a9-3;%v-GZ~#h`<pAv
zSJ8V6s)>*nuZxnHm!@XQ%^tpFD!+N~x&mbIQJ$7GJVG!WwUlM6d9+H~%Rf&^TE7C}
zFd>R)c>oC|)O=I6cd<9x3*q}HuK1V#afKY@#EtLsC#B}p*(<u7D$zK$H29AR>WMpa
zfX$S?n3IN*qA%dlSNU7~|K)p$S)sWi+wa#={;A~Md(>ZN22uW_krwGao_r7Drs(Yu
zc{`mfe=wE?mu}gJ8QaR(Y$%ltUXl$8%A#Xe&?_$gsVg`#vweCo7Mwv}R;|e1i?ckO
zRLE`R-QM09=ja^ZxTC1e!Hy4kC_u|1q2eJq?nTsukGnIkzWU<U&nkY1hYO2p5+qb;
zDtn0__r;syTc3Jhr%7%3mBNgOE!l|g8+)jR$dva&845NxmOGX=lD~l}Rt|a^@IWFU
z%GJR3qfL%I=ILf8brAU3?l9EjJG^1bld;I>h0_Uuy6vd539Esi*MJQn)D-Y;BRco}
zJPU6~-TByjtvl%*`o3_a3>WIGB{)AVv&d>SIo%w`I8DX-h^k#yBCcr7C*YWX4Ty;O
z3e<uByP0=&3-K(AsOZGC6WpPrSqK0`gA_7`X5SQ#p6BF%jEfMLs>eD!G0(wEvcT{C
z3Qha%U;L0xEr;x%=F%F;PUO_mCg=@KS^kS6L1;8*wf&&pC<;R=GdJX86HYNn#VeTD
z%@~(+mHv(pb^@_>rFyT_x>Q;gg>Tr|#V@!R>k0*MWPt#Mljip$0~2l84S0~oDequ1
z=|S2I`=uaP;zT@Hk;K>QO7`2grxrIts(?Vx$A8J5ed?5)KC_yWB_D_FBO6btiJLz!
z5H%Btgb$jC=D;OG0vu@xRbp^;XO?6DNKtf*9B|4^!fQ=}&bMzL^<<SJq`lwo%rg6M
zDnFB)M7J$V{H-}P&RM>lz=U`&Wpul`lNw@IE}q+RMS0|k?g1FWy}ybzHx+&tdCFq2
z;`{-J3QETa+;HvywqMG&!J3>-2urzK<bVZu2KA!~L>r029c~|djhPY(7)J%dPB%<0
zT&8Wc#oNClilXxef2h@O=u3!&mB^#9NgzZ9e(X2NivYKnotGxO@zJJ_3b+jPm6kDM
zH*jr2?7gu0%#04O$g1QZg5L?_$vbLF-#?4@2`pP4CW~~{Dg1J~>$WE<531`S(rMb|
zV_HvC8G6EV<3+TdIR1SK-{}IUH^sT%R^%%m;fQQM|BC$6in9U2N%nO(->PJwZGGu7
zJgbxC;FC*CphWar#aC=C7t$HuDkY0*+#rJ73&NE9VEd-7ULB`YhjiZ9xO!GdW5G!B
z>uzl3{_O->ai)bo_z=^gaivO7PtBd>()Em!Qyz@`mP|R1emcdf?6{T|7zE~Jc0lIv
z`r%h0n?Z4G*Sm{q#e-Zkol6^Dd+X|jb(%?152f2V5TDMH_2}=Sq`K|KOluW7GWt9b
zktZ5Hd_}icob}>_(%9>9Q}Ce7IP>e?+6)DQ2Uci6kG&k^<)z(XGDuT>W%>rE+v#`J
z#KJ{(A|iCt(6b^|5fYHn6EA)Y8_)N%csFZKM$A<@cYp76r99NQm5Ln#>zQ@f5{=+R
zorz@9;Hq`fW!bv7Pw6`;S0lbt@rHDt>-ejNO)XBDr8LNk1cKll2@){tXA|Oy4=<MR
zLS22=bcdy?BF`G6>F*CkR}S3}*G(g0dJ+SHG!`StFCQEXncm-9n~;XzKfBtT<9l+k
zmi~&k$Ip)m*nysSIvmgb(^`<fKo-QO54}0|oPZ7eac}L-90Zl<EBXFfQy&Xi$4$u3
zG5*2g^wFt-Gov(o2xM>X@jJ47jb#ZL>H`$&;xDRC(bE)Bfa@+in%RCuqLrr+Lx)p$
zbvWFr9E?g|(o4ISb2=a)DFqehws4MOc}C%9d5WyuODt{)LB49feA5iH|5GimZ=3_I
zYsf4#llG22Y<EcyrZ}D+By%J+u)P$6-Y3w^Cc6h$ApM`*Uh5)gorsv+e#wzP889-f
zOE(<}(N%(PS2IZGs7jDFwF<O&3^f~mmuUv=jG@69GtwM25A7T74bcY5khldL8&<yD
z7c`{F<Ix|VJ!WPS!X_;(Ft!7}O+3RGnaNdMS3{zVQo3U8F<J;YtzJEpN}Y@ubuq%;
z{P#k~<v+I7QU{IOSPf)0)RN?$X5dm~W(QjL->2P7JAGp?#Kc^ua=WGMRsq(Q<l9;*
z>=yAeD$6GNkGbUIO>~xTxY_fsXSL0)$49ak^XQjQtim?|zVFiw@ZL4RA4Wi*TY2r8
zJ;jhhUD8ZqEFhf#I#9!8Ok`GUTuJ54YmO9US#1Tj&T{}#+nv|y@K}qWI;O-tTJ#d7
z1@6RiTZT&fm%BIsKq8`${{y}?P`9W554HvPu+De@;PnE$dGaSLp3Pi5^)1bk_AZhz
z@tg7j?}+b5O56ed>Qknn7Qm9-7BRJ#n917WUQv+LM3gjy0-|8C*YuS_z@j`V=K(ZV
z_Hmetak1nS&3%Ny%{*;>3$Ukp5bTCZ+bd-sCAelsGo7{7@9A&@e2^S#C<5B2D!C!s
z9KyA@ZFX!|?~&#X&Eqb5Po|`~Gux){RTJ5@<UdFD8B?H?B{9L&m)7N<ZL_684MqHV
z7xg;n;Fx<p<QrWX|F7VB?So1aSYZ3z{-^uUHy~xic-Ic}b}NePd-T|3osC8zZ>jLo
zZ@C3mZfo!VCXe^9in)$KiS%!2dw2hh`?9n5Nb~browHThYvseu<{XCLvu;w*4kP3U
z&k$PoUt;*f^Zr6(L`fXOXg+9k#7Cnd{GuK|wc|SxLN@L6>qh*MA8$!^YkYe33<xb8
zDVvDEytR~X_+ZyD-P<21y!eG7jW2c`JmKyx^3m&VOjp<rtqK%QqHzH{njsX~gzskr
zAqOGBTj*~hX0ILxTsVvw*-3H6E4bz(7X;b3In}lWNzOxvV$Ns801_~{-JqG|)>$;m
z3;6wu3*{$2pd76zYH^xXb)mxxBG#oUoh;Y{t70ZB`UTBPtcRKw^|$4aFQ>^Y74Z8%
zQ8x4kRVoL(Dd6Rzp(^a_l;GP0OxK@n+QQFpHJ>xSWB%98m?+So>jxo^yT*kQ!c*bl
zY!?1uM+c|fNz>2|sn{)A6s_828s$Acil1Aw^8Fzc|0yp9%6kdC1?3ZF1o3}iw4-mB
zPMq)wui7^&$J`gS+;}`osbd0THMuCW+#%+>gw-|3KDc6vu_BohjOhrm)VPSY_Jy;Z
z<$qYHBJsztMQjO5NC}PhEnF6}1jV45m)NH|ekM7>rVC~A8Yo>bhK+kuFb;tsZHu;c
zf!{m4P^OrIrvDAgif`n~sKc_^ZB~T{6#%qY(rFvx6+<|Q!fCV|6n>u*)AOYj`rcP}
zcsEVi9PXiXLhCNwh4c%|SKk)Yd<;8@W`O@E^{M}(8>Sex|1^=}^EqwLUP$=ZkDu<K
zpsG2XB>#fXy^hy%V`z@jyGi1*b2dyx25cY<GyhoY6~f98im)9+JTOo-t<a@nv1BA8
z2{)!k5^C_ItM1sa&#we9fF0!iBS`ApDku{eOgid!4`2j%1#rKOGExm7^Z8+r1LlF-
z$>pGvexJGQ@Zoc_SmkuMeCQ8o+mQhgr`luKt{uoLK;CrG10>^rd~zvFt502aXNG7)
z{>mH4*k4&y+}uEpj_MO;2C)A}m1{GOv5M*NuJk5_Cl}Ga9Z|VTcpXql;DEXyFoe@7
zobttYguLI`OM?r-m<G|*8G5(>^+NecK4iJ-wwA8}0scSXmO;Rf%ps~m_isMVABKkK
z9@FjzQOidX2Elzq5e9D_p3utM!Yo1SazDfEfX1BH67+r=hF<SRtyvI01ggq<e11(b
z$CKwjihun)#2Dov<RlM5w!JRIvi0v=stQH&v0(-R!zMj2sp)uG6#2%jHy09s4$m4}
z4q~E6zV-Qp7C#7{5L{(Cb}EE0h$S(-oOgzIf-$8QzVHXbyN3Vifc=xf@gLC37$(ln
zEoDCYfY2NR=4a1hNJU&r*$sA9)Kn5s$4mFvJid?NZX4i=c?CDy1M^1`L`*>T0FcWO
zFaLea?$161ksHE-r=`Hh3u%!tz?-vit*>_nH~+aPkOy27-i=*>W)hIn&xJwfc;MBF
z?Oq>%0ze?F-MJ3dWiyrkHTvr+cXHlny^|G{OeQX&e8@yHif6av?<zbdtfZR>%sr#~
zpUP6iao&6?`kblWVf8;mmV3e54KE<MoVCFqz2oqAE$f69x=|MI)7WdHvsU*z8-5#%
zf;#dq>tJjtbMeK4m^^3<#!zGj)L8Ul6KFcG$i~xY5<L4?gYlnAjTxVZklbJ`zT!7E
z3aE@S(}x!IcA&2J@AgVtG=6V!mp`VN%7ZsLX{$#Rs(kzVY|WXDvbBDuT!aC@gu$G9
ziJLf{6*N!$gs-S1H93<M%z*DTEdbr=x{iN4-r3{I2g<Qg>^$;er{g=Y46=h|5Yg>$
zT(dyjs>}WR*8AY<g=4eq9lZ#R`e(m~YWdyPSj9N6ne{E9GG>-9{G7job?`S>2Op8`
zO8U5KgdDKpe|r+4%hQFiOe3n?$=_HsuZXl22$&U}d3+ULEpo{>eyxgGHvjY`@L)Q8
zH#1Pr={$YW5T`BFc!crFF%#hic}isW^2PI9g?L5kimaA*03(=UVk~-ivu^kg!t<jh
z{zuJ>=Amdz$u2!WI4gJ=QWwBl9o%Nl-3y`#Q+Q|XTW9egAAGXCw#LJUYT4fGu@e*B
z^GO*_f+6uG(t|6rhs%@P3}((wqWo8wXV|ysy=$5rF<e%AD90KQilY&0a5fFjtQ1RY
zeTXB1S>bah(PntGpSY4F>?76(;6Zp<!?K1tr@Kwc7&SrZIp$B<x?B@pGZ(Ie+m$Vd
z5;{D{+p_3FUn@(H6Fl548$Cqxec;3R?xS^j?+3BI6*yZEe;`s<)DxzhM*Q0Qy|S1N
zw&2>I7n()r7=M*4&7Wr5aB+Y%=2=OEh)T#lAkMv?7@A6y7UqYV1O$Agf&G%l?=ar|
zrbtnWtcM(-VMo8AHh5Vv)iUT9iS+E&X;>17nP4t*lf!=KJ^m|JKM18A=Gx?|2a=?a
zhx$+Sq-CX4Rl?ZP7iZ2LUi%+bRflS;&@msxNEk2HV;63C8wMkT_SzoN_NRmfi<e1g
z)Z~7a2xSxd*qstKg=Q1a;=(zA)`lJEjuj^<gSJX*`A!+5PC#nR)<PBIJ!k7eGknN7
zxz=9@QD@ru0=3)sLSh>wB1i&tO2(sz(Ii+8k=KK+^WvA21HURymIXlUl!Q_|V;qtQ
z(&j0{wpJk!$*Z>Ku(9w{?t!r^?{o+D86kv)vV9Zmye+~j|F`gq$$IQ_LNCKL+hN!E
zjTHsRP}bGgYHeSbAV#~x0&bCbpp`zsZ?FIH?3VhZeK#M}rIOp~K($n~F2mK?W=43V
z8tlvqqQQ}%sEX@CwFP2=x-pdfGLAatc_$UoU?{G8SKvg|5e8gS$lpv5NvVgbR>?PL
zl68E{fX{_)QSpaQN*BIF^R$t(lkVRfVVh~C^L>ZlZ8o3}Z-8J5p7<IV-!zQl95*K-
zxxy3gfivtiY;|>E%)%4;!nhwiFF@I%{LA<~X29_&jVm5x_-dpzXPRJc5@t^q1C?G;
ztPiS7g&Mg!>6?d`KNy>kr2rED3c3MeOO;xL2Y>hyy<i3LqRQb=#gpArARiYB?)vof
z4eG=naj__173y^S4bdV4HC0PL+CoO8MKgp0*|qML@n8+jMmt~vDZZt~NB`4UZ_wD5
zCQK82RY<cW$?Jzn=xasJcaOK7D*`dWesQ-4z>CVFRHW|(zcC5vZy?$|`%f%-A4rDS
zptadm^BdXjLjP@@b}{gskmAL!49Fn3+S$$nG_rI~2lAeFJ|>37Q;Le?e%YYzPS=)_
zTLqbcGhCVwh7~EKp|KnnN+@_J03Do#En7G-D`M;Yon#H$J(wTUyorwY1Eb*sMnef<
zkh3!}ySU3(O0dI9G@_(M&Kcib?{TXOXmUrWws!waIkS^tgEkYT^*U0M{c_ID0=2&G
zZ8$Zx78t(tbKAs}>jVgyFGerF4=BbJFkzyB$NclxQen}CTd`%?oIle)1eT~&@_{%W
zZ$L0$q1m5-u2uH<M3Q*70`amUdsGk_2HT|dty{BOzDo-YFXS|xQlg`>Ajr@x>*|Y<
zsV&0#R$gPphx%kh{mZu58wOob5=hE0Dy#-e_cANR8_dX3VY=|5&dL+iqf%f3zbBQZ
z2uOYuK|%OtuO>9!bUPW0lCW3oKqA*PNOYxER!)8o>0D969{MD+gu{8se+hnj2vZ!g
zfKgM7FMmu|S6q1L`4*K@&=qX9?1|~DWoF)B+LuSAznO;<KH|Jw1CB;Gqc};k|J0h;
z5_?}!w_`k&OQUB&@|8xwZ+-r2c#9P)gYn4xz0!w@u~vL*kA0i^70b((4{sLb)Ocu-
zl5k3Em$CIpw2uC%8Sf5lW>L6BLHVHF23+or1CC+GyJ#zK_IS?d4du(iyW)6P;7i$2
zGA2)Z-giOQNDj{0gSWm&O;roeF6-ncbB~9nD9kVCX4ne!Ck&e-$#d7>8lSRo_~KiT
zav=~+hZHM+_;&x%)n8<d%VhV_+q-=69O3X=BnOWi>33XRMm`&Z-d3T~Va6<cUUeY9
z(w`+^5T7L@B8QjPr4sozV`D&XI^<$Lt+!uz5=uCVO0jN(SLJLFP<C>j4fUK|8-+`y
z^^mZxKv}KP)U)PcFJR-<hiAJ-b%BHSj*`y1+_{x-oWvM0*Wt6|qK|N^PAR_YCJ+}a
zTj;jn>hNgXwqtV<L!1dlcRQt-@yVCR;dpmQ0<hHK$goA`fE`(}nFU9Q``Shr^_#NS
zI4b9cDny(!8t%qT#9_)$;;O6r+q<sBL_k@%DH2W%zd!WbS`*^`Z@Y=tLN31WN0#5!
z|GLg!xCZ|q%HwdBpBi1T2G7^$Rv&^L+2rgWD|ADQ%<2p)-^T|O5}`UiCZoQ^Ia@bw
zpS9&Jxcf`lIdfI8H}Za4+i2-n*o*vBo8#T4)4wXYVLy{hT!H!O$k+V?e#H+_VoRRB
z|7)QD3Mu9L<eJsO8<3iZ&39X>qFTk+ICY$dd}W4TxRPAO;l~`L)wd_4Vt-k#?QfqQ
zotEe{qgfQqVDx<O3y<^|(1Z8&`S^oKKBdZ9x$g>YN3{5r@EGBltfL~AMuY}#Maca5
z&~T#Tm&bXKn-FPSR9DdGLB}8DYFsv6+ct8w(HwI$zJMuhKixe??_Rv_+piAq*;`}0
z&l{4L8^*F*Rc&v6cziOK=6Dy@;Jt~sUG@4&c;+LyA=t{LfaHdh$3bF2-sDefaH98B
zAsFBNdrH?ssZ~&u^&9!w_FrQJ<E6840hp!|n&Zr!&71MViD=16xQ{m8eF3;<c1MUT
zh*;M>qyu@3%UJO)x?pbPd-hWH!9|NhYl^cTZVma#w`%v6*gkEKAIx7#cR|+Oj6e8R
z(DMv>g)X>N@A=SznbKpJ!K)GIN%9dbbsc08J#w?B^CV6ABm5?Ok&AtOfYM`G%y}&N
z%`f(uh3hKCM5d&KO%liGXvHuAChESZVaZahsD*%#{h<vlk+C$ciq%(fsKS-!8_1~k
zkG^ezZ&U30f(Uwh1j&<cC7hl`rac#hVb?Ci3G2|bPD%MbH|tHW^W&(C6vR!i+d1J8
zc-38YeM*>jsAR3P=>4>z(~II&qMdBNvlHtLs^KKA@>M`(N*RNj7O_30PQ@1JgY%?g
zP1KMMd`!|jnC^T*%Gr9VemkPiAI{y2;;W{IU0mS)$}-;>3-Tj;|5vb+4o1YyXejp>
zM*V7J8N$6G$ZLn!guDisfu?#a-DSTMC<Q$~ZkN-JV*a@O(xowYFwlj0B8I}FM6A;w
zcLSPkhnZa4P`<g`RmtNTh+UN0EzF3II5;%Kl@Aa+nnLew#1BL~cifvZ$iMALMn?~S
z(&kBpHDrT{YPD7^2>D;nPQ|@;PINu9_&4^J|HfX(9JvLbu+(D0vx1aAobS;cD?qtQ
zV`}f$<m}Dt(s%Zm?`0OPpofl{Z!TYBD>}#eUkvZk^!|X`g2^DWdFZ)xfS=lXeu_D6
zMpdXb`*XT22}T`Y2Z5zX5W*g&uGw!^J*Y;Oee}TQzovPe35U30Y$E0NW~D+-4;){0
zhe_cM(SL?8;Mj0C0NQAMNYboN_mlVgQPr@_G7Y_85c&?mV{7!8KlaydR8EW3%x^rY
z7tZ@_*p><aJJ^~tXt`~@O8a>feu(tcnff|$2yN1;`EyRIG7T3q!SZQ`d(@#DeQtj(
zHl*9__kz-;tDm(7;um)Fi>!7pLjRsivkHwO(>D5C&K{46L=?bA{<i2zd+*Y_oM*mz
z+xisf?~6A0q1rjEMGSmV%Y_KM`O?p#4Yb8!y7GK)GvW6^cbtNb4+fcfW|QuOEFGhX
zrwz!OsYu<3{vZvl7PPsl+HuZXpBG=Mo$%NCymWnDKwW2Titd_38p>lAA63wn%7aE%
zYkBP6ned<hs;L%kWP**34hSC?NZ)(jq8)X$`O9|5D=w+F2aVjaSicU;1z%_ZOzQwN
zlsE7#8UZ8&=VCA9d2<vZ6mw>H>nctG7$4z^&{S+GekOd2=Tgz=n~>30D&gf{jg6!N
zM;2gO%8L_vBs*Aqyh?m&oCYDE@Ac+%_@L3c>h_OaIz~8)H`X9gmY`@2Zjt$7LAr3w
z$_`m2Mr~z}6qMMaR%w0Fa>j4Q7}y(S{S3EUg(J1xgetb}>3fzLsr+h#UhPFizgp-t
zmxrYSx#4vULcOo_5j$UT!REi(t|FhBSReAY$8{6vDF_hZn=(k_N|&w~r2E{PI?v11
z2i4v*sMh-RT;MHG*b?$6!-31uOWf>GO`mg>7d34s{zTISG|(SWa#@+wDu&v`9M2kU
zaDxvftYgKGsc_WN<6J}c5LeuM1RDo7MMSK1vJr;gw@!iI3YQBdj?aem@O`5(p>yg>
zjD>1u!BUux)H(Bb=i0uCM!GiB{nH#ZFbreA@*+>Kej#9NwRJtsqOrV(aZCge;5fhn
zY1IbD|MvJn?=r+<&DH(-&%$isXPV0T>f*3*`D<MxP)HM&l&qud?$0o(8jCYp#-9%3
zM^#?YpwjU;8wOd$EEqLzwC(ki6sIMN%x?B=C<Q-Gxky2&O~d9OK?xP+9iyYIY+9Q}
zPheY2a6hI1b|MKN0cXZkqo^L?C1{?|YLXs>WKpth3|zx<O|VwXXG)yl!}`KT$<sk(
z^v%n~R{?Y#k%U7?XMK>Y_WgCOaeLUq?0dm4h+#}Ntblffl>d6YbtT?^CeXcbT#9<0
zgMvYgKY{a8zq8W+F%#Wjp$MWeWZd=8g_0vLHe~m9PgmPd{R#fYWpsGJ!!~j*0I$_P
z@NV2UfA}q+fpuXu5BgF|W_H)+O;Y>BL{E`<*TLwJ@WJMk%V*k=o(q$bf!OY$UEQ>q
zJ)X3zA(8rL8vn%hbp%S%gsp*J;C`N95l3G0^D~B+J^y(L>iCwn)E<&%DiXJPFt1v)
zuJOm%^}W6l6A9&BA_7)!J*0v<tkmh~%EISdgd#t!@(?V%gdD8?1vO1wc4>eU!wd(;
zzZn{|<%4^-AsZhbyq(+{m~rcJNHf5YUI#;J+Xf$=j_Poi-T!d7v`uV&dJKOWb706?
zj<%U;4jNxQBd$Cfh>$75R76^%l7lr0z{*8mN4|(A0=t~n_3ygwPT8q*<d}hG`1t|f
zpQrAje5zycL}!NT`;&1*WOUTPBp+Qi)`2>YccCp$lqbrhcrD)!DVRX2TZcBh8_gHv
zBeONm$kJ;0FVB*S(^i0TMQ0LoNQfKsjF<HurfeC&t0X!KXe_i7Og4>q&xfQ-@U;^-
z!{K5d&-nWMU|_KcTJgcGG;5PCnvwMY%ViY<58Yj}Sli#v#!0a}2n=m^5QNH(ZTn`%
z7-eCGgJe$*Hg;#A&s((<$Q~;vAEmW=-zUFZk1u=WE5`vpJVs@LMb$Gsrt^c8W4oZ=
zMK+hB0FlM1E94K7_PQrroU1>bqON+j9Slem*rds;p@u}YxM92`2G#y39^DAefECe!
z#=zpWU!boaNI8KOnQTf?k?dp%UGaj=esRtWILdaZ^nadaZ3z1_KPs_Q6^t?b9yt#b
zYtv7l;Nlg&{@=64{o|^8>1gGZHYiUoYUm!L`QLMqp6N<!OM_!J4s`U382CMYOv>vN
zIDzx-I4z^!)Hb}<_M>Op7wAro5e++Yssr~%)z9^>zjBFI)~o2i1ihZcjJ&1;zZr2d
zRk)cq2kkF_3}X#|dC;{S-N(mq>Ofhq5$sWmT8M>w^`ljohj!S%M(QaSM`b>GeYu)G
zo!rYyjm}$xKjBRVdr!C3XY{+|Zy+k4QG<Wx$gFn_0=zDa!ob`GuV8wA$lBkAABChm
zSXvhQA~|7t%R03Buu)DRS{E2A<tzM<{}?N?yVCx<cxm`}cX*G{*G%Z#1iy!VJtuno
z^lCWHfV{M3gwZ95^!<ro@;{vsz0{eK;+OF{f0G0oDG!@|9+csX2m~Z)e|~LVt3Ix(
z1g?U-;l>89xNO)v@jCR`mu+W^=6PdUJlOn7^tF`E%y^ubSNDq{#WHS#Try$fNBj5R
zrQ$-6Q!|p;vc5czrVsbh#)h>fWl`rMtPA(R0ffPEu$6s`@!Fb|wes=On>P%E0oV~d
zGVzEfWaV1x>%(SAePCiQjv4ORp!6-2k5`ZU_Eyg_b}DGVPI1E(<NM5C{7q@{)TfQ*
zkKYrf-Z_LiKj12KLAT5XrXX%dTi=Uwx(cZGhiA+~E;(h4?R)x?IDi>Ef`c#8;EVh8
zK34UIVTL_s5B~ofe7XXq-wM!$9hkQlAR6ar1cAHC#|S=s>m7r;mUo9quUS4bT}76!
z04G*?+73lvorHCfmGo6lK=dFjGjQkMh@J<<e4@#`l}i;*?*&eNZYmVs>e%)LPFBaP
z`i1f-j@DGZrxdM)!f~69e&FhwO=kVYi;WuNs?8u{0+4@|o-kgQ|M2;YTk5MEhU~r4
zZ%xCiN~L<I0$f({=B>yU5D;MNe#ogqa?0Sx5B-bu&9+BBML_V<+Y#4F%;(xoBM871
z!(9+<G*7B^5YhftNULftXmSsDX$LELe7su&$!s#rGn=Ory$##9Fd-xp#|*=&mr=7#
zPTreLp+UTC1D(r|+uM^>TOlCad7<D81RSQp+UAi}tq$8w|G^XOY2cey>C%=W46O6{
z5)C=}K7|&Zi=DV{@vnKO&6}kRSHx4R^Cg~feBp{vEh@ynaE#GoE?QBXGzK9$Z-ajf
zIU-Z(`lQvX0#8_a?ZKbLy0j(WY2T>__&%=cM*X}C9u`VH;FyR9STx3o*X^R>%Vf0M
zInDcu5eBq(1$CB^l<>T)<G@AfWC$drT<1m&n}7I`ZjAJVzM&i}_W2}N=?o{R4%NP^
z!4^;TDju|8Ts;Z@D(BrYJni0R92IJ#a&yA%>n8!R%iCt}z;n+y#yzgEi*N|YoyE35
z7!&)2chyVZd<T%v08ePBd4}-zZ4K^D`jP|dV2^~p_S-S`xn7;pw-$6HsHG`}6z7E{
z2PK8y&io~y=D>I3?63Jfq8@4I(5>^ZcVTc}ce}Hk{l{Ku($wci*!1kv(hVvTxL110
z;2nFxs}Q>Zbcrm#8#M=0i|o@5FMg#DdYm#;1ThFqK&<N)rS{|qz!l;D=Ba8;^dk|P
zt!Tv=<;XMes;NaGv+iB{s666`sOcNSRDM1E#xSy~?VT}H$pK*@g%wuDX;SW}&&$uJ
z6LKq<AJ$YrWy0`pO-p?(r}EhzYN`*QY=cPO!tfP9@IJG~@3mAyMP`0=f4qFiNfi|&
zHwC>P5KayPBu+tOKZk6P_A4~@syG(2M#hC~-~-R`^5o09EAE<O@%t_Dglh83XNNYy
z4#fxu(Rj%z&Clcj@$zZ>D*C86gISm1;l{C`s>0$Fu3VoH9};A?VMo?7t3A4VHX<{s
ziuX9_2ipm?$fS(JVVvZY*%#Vc5K9adpoMt(p-QU?>T&~{^@o|7!^;Khs)i4_;;{I6
z6tld0b$`Zx%mqSQ!;4&T5Sfy3*aL-kzr1Uc#QW<zc=JS8MP-4Fgw=zhv*tG}$@R%h
z<O|>OOCPcw$&+K-07ZI;Xo6!UqPZ8*q?e_q9V(#NJ_}Bf(@D7%?i>ZQ_lm`?96t%a
z!=cU%f&A&G>Z~E(rB_v(XTo$`AWJ#reW%3benut!HKyrwln4e;G3iZKSHNP)E`97f
z9=fsJGK2a`2dU=UG!VR-e_O_M_3nv}hYiOjI3Hn~A5vD61nK%Tf0u6PUp2YqWteqM
z<`ATw_zWrZLlrD{$hit`{lLK96W=R7yPlTL!$|`9sW56GTZn(fzRlRsv5@pu%Uf+#
z1qiEq)bWje)z^^>4$LBdd$YE7q{|JRZ(%&iPu~~rh?dL?w??_Rh#iXFR9Yj>t}G)o
zPOIbfhu*ptSlqxBI~VNIe&JZkdO!)0yD|If`4^bongHdB>ZCrZL1n8+&%h~F1f=j*
zouzCmJj&ZaS%(IH=4!`Nf(nb}HQi|H==S@+2z$%0sG{~?cn=+-G>V9%bc29&cej*)
zNOyxUgecwJ(v7r~gmj89ba!{d3}^d1@Bf_lI$zEg=3=v1v-Zk+-TN1A{y0y2r)a8_
zM#TVk&xQFxKc3FS7)j8j5o_bKA~#FB3douG@bm6emdg$k#O#^kD$Tt{CZmh(A@Egh
zD?Dh3&KC+eF@BLjjFtIp!ub66yYN-ys_-~Sa6eknx3Urn$|3Oq2HQZ=o_>m-Mf`Bs
zSOp8%^s{B{@7d6RA3W05+P7V7@YI@p;kcWvzzPl^r>M~WkKc)&Z{@N+DH5Noy2Rhc
zg$ze|K!)94bYJxCKZK3b<@vaKZp+>uQa}{%%;U^(FTbOM4em9(pOsIyhc7g@JRpSu
zuqztk?VTIxyg}|d$%NM-jjTt-AOoplIC3;gGA?YGKW283rosj&;R{3n5HV4_50Z<7
zQVmo3I67>TmEgIw`m`1}?DMF=PVQ`c2}V8U5sD~UGi7Rn6H$0p2oiu3Op4zj1k1j}
z`a!AUomr-n5cnZ=wdUOmaJU_m>TTzN334r;ai$fjtNQ(LH-?Vexl1ZEKv7*o>Rk;e
zJnK0=gxySD{t49|d5X4uvnLn;s4cB!0W+A4wXH0Y0qErd=cv~&o2IsP<bKO!uE7bc
zh<(<}Zhn1O>7DK^64@r_Z&i{W_ti#r+*Up<2@ANG_^D(_WF@neX$>s`24hufb-$M^
zB+5$KVF(;{aPVlxu)AjOaE<FTqxFl6j3WK;XX?DmvZGq61hE@WWn0RA74B;v10CT;
zBo{408iAWnu5xwIWMAzTxgiqn3d#ro_mEKhC+jfb${{31*$^%-<EdkdHhTpSg!A+R
zugKc`UBsVaY;dhK<X)~kmtgZp+Hk6J*;~XX(Z^poHN?gRR_rnjx!pv46{n9c(=xr$
z%;t>t@m_H|O#akYLd9&~$sH@XZpd$95U@Qc!{}MGzAiTO%{r3DG%E8lI$|5WW_H|J
zoMp}R@7&Y4i<3!(-tA@$KERA0+pfp45q}?spr5Ti?^oXC%pqH!s{^6q11(Br(e(VE
z1+NmOKN13-qKBQ<%{f=o85$0vtj@#|xxrNUI$~7Xo&u8V)86xxv~jeTU!-qfmI4*#
zo)uenB@zcQ{h!#2;sFm=jZn@<*9oDwPQPU?cO8%KBhbKI^%!;=I1P=14D1*#{VExY
zBqfV*lVkH_kpTSlVasJ2yfe7DA`+;fNPJA(YMRfaQ=!nu^|6ZMcZi3^tf&VO^HYTb
zzeI(~laaB7<qPC7=nZZ1w}<_?lPSZ?^t;vrb2+S>CtiQ&x!i=R!u@aFx|K2k!1F4E
zmTzf%-f(-ma4vL9VM$}Rr+s~2#qZkcRN=#Mp3Y-Nc6j@T-|2oUvo~NtL+?bK;QSyo
zcF#Ndns@)8A0?wp_^O5%9EIdlm(qr?LA9;rDUXrFN0EkB{UguqhqCND<j)&6ODVf>
znGpvNR93wIY}=y-3GgxFJw~LkcBqs*=|R72QfZs}WQ?=^Hyi0mu<Wr4Wl9-d-)Cqq
z_?X^~LPy7SLMp<iL{-l||89V1$}IcKAcC%1pq9QHB9=Igi(1EJzkV7Wf8r-X{!{gi
zbGfSa+b6ftEYj`*5r+R1M++9$`x%M`c675Ni{I%@yHMtp!~SM=>vem_`s3Bb59ll@
zn3|lEa4~Na_JA`amNt0TS6XKZ@gOB5E~HeT)}018ug~ExUYjF!ITbn=U$ZaW`Hnpz
z%6;E`eB!z7A(Z`i4{g7QW@dxuDV%G7y8>lb)s!3emEqnMO$SBfwyWDj`O&P#@1GY%
zOx|}ISX<UK9Lw3AYFpXlx{bb;k9QWw9WIEu&jZ_s_vB|zP>bemcwh7N{``{p=e?mu
zX}86aJ?BCCc38{1ojWbbmA~1QJG&|zDP^l>zeLvahDC&aW<Bs0Eh7?_UoKg+-tlH;
zpES;CAa)*4PN3?>SKpF7{HE{Cj4$uvm+Rm5>?>>Cm%g`D!CCunK`j5LAm1UL9T9l$
zP#_m^d&iN^kNZTa#*VgQt|<6%!EH&4wR)CD5cm|-;8WmiS^rEquENh97V!mfXRWU~
zHaM3=k@^tVe;Gm0l$gQY1c4B|1kHuVVEEeNbHZ(rh_z}4JqdIlzEX1#`3a1c8N8(b
z)gfwUckJXt<=1DH8w*T}Y3d2L7LtxbKOYV)W59P05f(6ZR=8YVk%&|NwS@t@&bqq=
z+d{KhAJT{Kd`|$3urkS1D9jU%S#BqEj8Fg@hwv-S-+L|^u;06VXp8Kc@G1=sD?bvy
z`NaU<S#Ny^mbpDa@xRL~A{~a&qs2i1e~q)1CGO}GS=YK>JTI~BZxeEd+xMFF?e@Ju
z!fXd3|8yps@9+J;CnuyP%E%gP!$3W7YhGW<+O2K$PN90+uza;@KMU%As<veo$|v0R
z@pvA{^9778DSZ-gm|Dy7cm!J|z6)2{8`>P$L>eshd+*zM7H11KgiP7n@u}$0cFS|h
z%7e|8bM*+$M~ts8j9v=1^RaLDAyS8QxWE_B2@6#vVEfYrQ$}7Oo?vWQqeR79f8T#u
zOZ;7t4x+|-GU4?$p$wcjrp#?Dl)S~@i#ctR=Dnmg8(mP4EJOkN7aTW~;3GT*AK^k@
zsho-9-S43=7Cn08Kkv_@n#p&EzNtoWK6alTN*#L*)Nz1foT|(fnza$zV`8Ea(u7qo
z6sKJkQXx2lq&IZ1(;)IJXeKt_lJq^ASm@oR+D}vPp(#rW>^xv)i%wtOUFTb&fbDD|
zOWh{&JE(~?ZgF0*R=asoYt~8saDFfGnC_!~;8CfBm$pfT(F=)wg4p#~7V_q@_nV(`
z-<f~Vj2`mhcuxqPUwVBuW>|=-%V2Fbe9$D)XBGc$VzM3Iix0RL5$S6kCPrP<`gY;v
zvLs|IQYz(MUfqA&+dAz2@9KH34`M>|+r#^+$B8<|oyvE0`s?N7sVed;l;9bMSOxBi
z0O5a+CNDvhAjnv|gFbFALa*IHcZG*zkH^Pp=n~umaozIxxGn-7Cryg}nKe*n^G;@g
zFDd)Cwf-@rqx>5d-e2c};OOpv(4bf7g!+>&tQFr__x^r(eje$SdQRPE&H`dROR8(<
zvnoRmdK>rFlXra${gt*``R;23dnMqYx?P*0`vtd<B=h99`DpZNK)Te(Ks54T00X+f
zRf$iteWkfWvK0Sb!<aznKfWjqwhLLT%-L&)fl~bljJf0Q$Io2nr_FtoTAEo#s58Nt
z^Yt0M<8lIe^J<72^MKLs*7Xrd8g~!hoVn4``$Fc3SY?n#(v=PEv)667i#xa+ZV6!<
z_*FJPS}NeaFBEV%ZJF(%>7kv8kIk99r8d2gH2znxVXC#=%mTK#UpyduTzoZsJU5}$
zeYUWl{&LYE>wfF~mFpqivdKSi7%DV+nTseqce}l3y1VuFRoa#NEEmr|SYF`$@->20
zH=%8`i6l>Iw(-ykn*4F@7@=_z<2LWpds^k9d```qc`g>K2s(OTo`<gdEO$_b^N<$F
zyaP}BQ+?~kyZ`B#>*b@;icS#J1R67ey>?jnpJS?FkGl@M{mxxSi%hZ&Glf-EiMz#m
z>IHZhJRE&}<V__<SNZY?eu#KdYP6jLzP{bJT3c{M7Kr6`vcE&i&G-{ugxD8UH8gjn
zNTy^mWbFEB4*^Ztz%m`D<pX*@U0{;DmJY^Sw0501=%5fT-TwGD1e5@A=X+NEv_DF)
zT>v<-YJWL+D}w|&%hWUY`)oI?Jyg5|<C#8FP=VBc`tIBoI-K)uUF6_w*502$uFtmS
zJCr$VoX+--duDk3I0^vhXM!4MXcj;Y?&8W?R8=ub^hO{HsFv?n^dK9Ps|*HNZ@NLq
zfcu1&+u^J*xJCeTAMdoku$~AluW$LWmn5SBjtV?%xn$K{c8i2q)`|yj9hg3RtlujI
z1$KU+%Fa&+V&DZ1A<?-jF3wgn-k1BxUyxM8YZ?nwq1SHqTon1OCXquK{<XHj<8dLF
zp9z&p^}oCtXn0Ri_X&2(MzJnosOh1_qGzO+W3Sm##RlXc$wjcb3*jMeNG+vC;(+pT
z{Yx8JdyJzy$Kigj<ZGyXC(Ce#8(p2tus?^qEz)}RF6BJ0Bt#d3iBjBgm$SiBmA=_z
z?73MxJ$Z!iAl10O7|KApTh-h}*o+ZFy8m8M%wB>CGWR|?O;vLsLztBdZ9W#J?%Jiu
z8t-NgVAtZsRN9s0)JfY11|!2LH2$?3VY&V{BO@(3M4v2ti|;`uLGEWsH+72D)uswi
zC|AkU48xG8rJ+drva@nOfvh!rt6TabtzL~CYqtV9%{JtD`kOpqr+g|TjD&PhFa7Mt
z@1qQ$aCWx(oy@6{X93<w35$-Cvy^RBgp#P8!Uxvb3hvUL31h8D34D<pLQSJY6lQ7l
zutaHy*4pI$-wbEl13$4%;x5#l;(1yIEolf(PbTBK1P+Mq;cr&TIv&Hhe(Kl-DKdeT
zSllK{W}+`V5#LpJan9U`{i^v|=TOl$YacZo`_A&B%*huAyHklfq22JBk5&pEy2Nu-
zTvqaVj+KL>W5f-o!pW_bi;1Skv;jaGL<JZjZogoeGx(H01y4?kcg{B<)ib)OX6{W)
zruUo95==jk%CSUl&1E|{*)WMpXNy}%RwaQq#Z_5*wt@X=TINNAcQMk1|L}0{JCr+G
zy&E7a7XgguZ!HVF#?IIvJtGu^ce2q_w-c<#hw{Dli$k@(E=I0K?ux(AO90}WnYh-u
zO-KBddV~S&7op~^Vkd<XIPj3^h^3Tkp{6Dq<#zr<8%gS9^_2b;x8}+nJ)khP$+I;s
z&9ti@=(44<kfhdUB_HMCAnr5fq5^3JF$<<0L`iU{e>liTMgFBk<6FKAT3p)Y#h%5q
zZ*S!MayJ+yb996b<3aVuDhE`8qs9GKoL9y<I2&hi?&VfLk4V|JfBuz+8K?6KqO-`-
zr!v~KIKwEeF#7GwStm6P2+-qr|Dhl#Jbc7CvlbgTk%S70k+=tl+-0dw?^siIqiyT`
z(=9S?e20q-aqPmbO{N4yUti8QdrZx&UnJWo9x(b`kJJ|mB<3ogB%}BL<`E(UM3tHC
zG^|hn`ns$vtdnkuc`u+s89iUXd>$BS_E}{Zm9h-&VQwWd;rY#dQ};o+yyHC?i<BUy
zv6nwp%~$SFT|zgC_eTZK#q62g2s&g&wc?#9w%@eiik3|XVgiNTTb0);i@Z;jnL`W+
zo8CknR23HebQ+s5Rg2J=&T4Bq8chQy`J7;klk<D~qXxUdU!i$5+09p79bXK_W?Q&>
zL-%JU-Sm@Rg*lC$8a>xLkRP2`sPeKe@9Eg>YY^QM+)sBko)*%08g&~hc2-Q@r5=~6
z%s<6B30cB27OeT2EiR3jJ-m*2*7<wBL}U=}EW$!M{)k*M(8Z*VYOMgHYW&AnOoNza
z2DbNPs5e7FgL&2=s1)k_s+Opdml)$TS)t_}Xc$wre}X*s%ZGV*<7a^y6&J=RZAoUV
z*HRQl?O(+LN>NTn?Qh=#IhR)CUkGxGe&QN?)gCSMcImU`p(q(MMJ326b%kRvPa8zV
zk&C}5N^`&N*2p|F+YBMWqj)y;gq4ISf`Sa+0k`#en)_Jor@k=Lw<lB&n`%6*MApu6
zxRmo>Y$-<=M6}5vH;K~|3H+E+)L%-Zl`e>7P*y|%Rz4vjAf#Na>P-+R+Q<Tlw-|9`
zjGV!JCY2*tS|lSlN7UKgD(B{ptFo{aM=zOfuPxqy$}gU#VN&;`9{pJ`8@Ulz@dC<G
zru+{!bGyh;cc-8?C~|z#M4%{~^v&+U`D9RpR}S>j#Q$!8D(e~>pcg-*2K-;2%4VYx
zJ@+gfYrMw+fWo7*Q+t2)4THM2H!GrN)inQ9-2a}N5dorD?+%2|s6btZ%CKwWwDJ!}
zF6`52C$aNETEHL`sv2581=fkGBai~ok*7vg1Fc2fDhSQxN>T>siW&q)f+#}6!qZcS
z&KN^K@k2%xt=yW?Apl>@x&9eTfb$`yrD?c178af-J}4!WL$y}2(x#AvzA6R)@#}N%
z-BoteBVJlJm27=0XIbyOD!CP4I?SHoFfTlK<Wjajc2;SW<EX7vG5Oe4X>lk-)qB`t
zm-aO^m3l?KV}ixd!!`AkdtL9-`1V#>qdV#k3;DE(0sWVkE1}iYbVW7W%r!{L%56WJ
ztUS0d=<yEisRBop`RnWLc&|IHFvs{lZM>hzJiq`{$>ruU>Pq~^Tr_m;avpTMwo*n|
zT5PJ+)FD4y_8CHuYIHFDBb10Rw&NFTw6SyRtmC#kYeTx*Hc_>IlfiV(3cE)D(fGYD
z$&k(5$l!NQRWmFHe!=4#N}s;-3khk7^D7fc$MeqO0y%tXTPU)|;Rgc+Uf6knL-0LL
zfNjtUN_q`L=L=9@QD!1DN@?VW)TCxid<KR+K`yG^n93(?0n03wPYMU0aK)!yP%F|-
zZS-XX*dpwg6{IN=6^hF=6g^D!Rhz*_PxD~=(QLR#68-H*8y}V<3S00;>_JEQnU6Bh
zdk^w!^~W5n7DrHWGZ}4c6ze2#(s1qfUU`9V=^;ql9utp#m}3v_9gMyB8?&}&lgNSJ
zvuoJd`DOwT^$r5q@IrvC?&0$qEaIwp-^t@5i}ti7-yte1Wq`nQohSquk{~^13t~kv
zjJ>QTQHSyJJn;pA(v_XHHzXkYjXakM)IXFNQ{4T`O2Ga+^)1lB{BZI&<P~J2Z|!a4
z5gPDu_N?6hLHBE<C1UbHnzXE*MskHt#L0$Zkbj@!O4dY332+R4X)`N?`aJ%8md&5V
z@VMOl>>bs5%nQP{-VGE2!uJH*cf;`R`?Zi4>nMhLr0aWa2Wj{xbss(q4rXl0C_kk$
zm0-2s(x|X#NRR>mu2srGYEVt`DB<4-;h;6BNuuu8HwmA?6a9WUoS?kT2@#F77#Ia_
zluF12MAI}L^1J9e<aMR=P=J1CdAGl<#&MEBM!K6z3k^@wlQL1j|4jD9USzx^1BE2$
zQxVzY0A{ALuw)!5{A(;PlEOl|Ti)%RtO$pW0-||)INpw<XbH=@mZNXh3lkmXGaxHZ
z#x(}1maxplcYP><jv)5%GYr6SoOYU2UD@kUa%Ne*(79v;#RBLkbwou+a-^)*ud%zd
zX6%;>#Sq38@D9TUr_~Sq1`LYda>MU}zLbbZicCZS^10m{#hwgb20Ld)f*kz`s;Rdd
zi!o(uP>J+d?cE{3O34Y0Je~|njG4mBLS2hx(V!&do4HOjB}@xyx<xI1wh3ZzzE(;i
zZ2=u`w$Zo$gf)`})EFu`1V(Hx-4QXU5o0bGQa}JDrZgLTKIBplpI?=g9xJ`D{p&hh
zWf~KWG=dzy_hEM{m)1z~)SzKIN&=V8ku1cq!yp7R%>$dI5#K!4wMdgrR4#!QFpMEU
zP6^o(>f%xCLY=L~)&OQ3;zFtd%|BbessAo>6P^ngH=$FC;VyB3;U<%`za|ALF+d@X
z41~<Knql>BGT0a=n*CZ3s4kgrwx9Vk@zvhuJml%`u730i-zKA*Y3vYJApxX<SMf5(
zUw>ohM2#A)>_#zgWf7;e73@z{cBna#HAd0K##1emwxsHe6RxY{BI^>dl%d18CHUiN
z7#1;OK1~R+QL128g~?0CVE@g)f7=wZR=m{**Ywg>$=iJKDVIzxD<O76v?dN1DU-TF
zNswAI07o|xlPCqCwvGfjlkljfe4Ed=R^(`L#EE-5)eokU17M-RXGaIr92#en8f=K9
zCHKy1g`-%&Wf$?wHBnQ;h*`mZUxf_dl=1FSF6;gqDd39Y?H7&>`C|EY2am!-{1?l3
z35~VHsC_lHws@>+RNhk9+r`hD{!~M^ESvNc0&k|i<+O^SSiL=3W%HoA9lwz?r>7X5
zg%HOK$;p3-5g?&!0lmc2Jf2lr1^kt*sr@5R_JU3k)%slq8bJ0l9GN4Ob$cyl!glS8
z5+K@^hGTs*kQw6;zF1yNrP!*}ywX~R4G4P<O~5w+(T74!3u%-_jm=zKg2NCrC3H4w
zMv#75yr1b;Yb;{xV}70T{KFmV+($7kz+B>uFU?lT`M}Jf!&naA-g-b-U_b2QXg){g
zH#y*+YB>epn9QZmnZeiAc=bN-2#*H>IG|E^%iBMRIqG&EAj9)-q{>ADJ_NFl&}^#{
z=pM-dfC<l-GDFl2{zZsu01WkLK>;(69Vgx~IL=b;3k-j(p$XT&eL)67ANi3MLRTfU
z-c`ZluovbAThrdyU7qotIyItDXwG^~@EBz*1GSY8bKERGNIvA*-i2#f2(tXd)_R;i
zQZUVExT^NYeDR)3z}+tl?aRtY4MZ_l=~`3?Ok{)A9-a&=#+GwhV^|&J3&G?R(~SIB
z)ID<aUO7zgJht)OA_~Bkd%G)hq#giJSxa7_0Ifvs8!LuD+BwZS3We9?N?NLNH}ub@
z2|%za&g~#0qbXQjKDD9r6a_bT_Q90^P{h^DdMzZ-6TG3PplWQeyd@S+*lmXf<XUqd
zb>>;>W-jZdDC8;XxljNOt*~8Uqz_+X(h6b;G%{uNxPMROe5Lxnpy2k+#S0(she~B#
z9%zeJC$4_DZF@r%QX;3~7IZ@M-lG=FKNVw~IV>w}4@sYfj=?~Jk&Yj)i+R$N5U^Zo
zGXfu0W;HNgBRr4n_z6*A1gX?jQ6<>Eua`>G<bYvZb*?dQ_p-PMlzE!(Ida!z`f7EH
zWnOrS6&<U3j8sH;`jYSe@G#D;qA6iagvfhn#c}xfMrQQy_(b;sOpVW@rlfyTy9zuF
zwCG}iF|96o*uNl>k+6AVtF43=<4VDz{AcarckNGcuY8)dGC&sq=p&mmqtoYuaq+pe
zb0?ZC0i;#o{zFzAMsd+nm+bjCvk8L-GUS+gG(d6^0BY<2=IE?Nqb&xTc2hR=H&4S3
z4NZB^n;50HxEaWI`sc@6_LaWuqyEk}j$k_9*yB4oo;v4t5fWI4-m=$S97pA|vrF}n
zgH1$a#l57KtpRlhFd{{j&emY%^QU?XS#&CE*pK-ru&PuuoH!pwO)p|*UI_9L(^$Bb
z;v1wB^#qxNkR+^iREjMcg;JypRZ9rUke#erUB@00!H?mI7-xS1XE{JLd;(J;Xk)u!
zV+JUQ^-fbiB9XBR7=vA@IpWy#*h7H5X<V=Lq95+|W+r#J88I)Bf%mR-HP>qSe6+S`
z8#4)*1)`y<K|{|LdIA!1Kblp4Tchu&5<jok8+<7_ag_hDxLwfCrIdhTnlTxSK3GwL
zDQM*(lxdgN_@7ytZAL$+{erxpP~_*4-?YXC_rvfBr9cXScG~&EIwrXW3Pwe3K{0l?
z9+o;2<G;-Vqi8(wsPv;cJ+yUx(hxw8KL{Bg#Qcp3P`n#N)#udPfn8MTV(iUSw>tSR
zq!(ctUK1t{o^&eY`q$6{E7T%_;X+7!LYEf_Kh8vzI!|?lU&K40ri6+rF$7{n*6KrM
zZ2%yL=6wXxuw+{rAj+_&%)6y1)HTCN<Wt!F&P(!QxbHB-8J>0Sevqz9_`+SNWnreh
zo_8=Y&n0Ku>e27Ig)m|$Z;k%$-cT{<^anR5i3ID%2V`InPn|u$jjo2dbaRzM{^r4q
zU+l=WfpP3JQ{BDV_TE;>%I!08W<ad#<WGfie*Yc@v6`hDmA_~cj+|2sb&nd<%PXG{
z)e{%tEb7($f=}mc`-(7IUU-geG}S|{&S1&=>b()@L{vUr-txD%%Q}W151d-`+Xm)I
z=_pd-{O<PyO_CmRgew?XSYqNvCPBCg{jZKEt#H1T^vfxK$tjBighflw6OXfDL>n(-
zAYBRSd7AHkk~vWV*sFBYyBDST`l@>Q-0EMGWU%sj)chCbeAJA-z2v4;q-F&j9c+*Q
zTG_X`Twk!YT=r*4;w&$29r<>xy{`*KDdij*gfdHC)7)*=LO>oKF>KVq4U$7a-15TF
zGRZp)Pl#4#fQhPro<h_f4G$@eThKWfD<5ef8f`$Y(Au&I6~wa;`uC)Ik$kdDVVfGL
zRt?yfatd=cm%4a;?Di<RH1QxSlElFyFzk&<<teNWMp3nfDP6yv1Cr24oQ;%Yr~<lT
zt)n|U^C^H+ff!LQqhZwB=L%2IVRhh1*)IWtQE7!F&9~A;2&v-?M^prD3g0tmz9r70
zUBV)8T;srF?GE6>#r`fy|7}Qva<*R=&4FDbv*c4?8P}$U(}8xR45PC;Wng?!I?~gq
zXGZwu3tYM>Sd+yRBt0K|t;3x7hXemU+f{DT-Yvy97~JnLNFi>Re>eBn5QeE>2=VVt
z`zk}4pI3?uy!CW`mSmSn;^lU|7lx;IJoT~%P2R=Q%ZYn{VQdQt=pdGJdFNzPYagi1
zrnjr$(U5`xNgf52W7js6ORcp^7u-s8FWecP*FU!5(Nv%?Vr<!?E-di0m)BBo9(b!&
zyzOh^>>YP1-?!?WSVH@bwcG-wHbV3nETL4aeT)}{CuLAT0=}LoG6PMch?q2zMgR*8
zou79|td==ap*y%y*#qT&+w0c1vDU|$0=!=gLQZ~5>8`!CN~~FMWvuC!KXG7vx_}Be
z(w2*ds%kymlz|X;wHqXsh>JBn+okW9OWl6L#dXGn%DU`-fmO?CDkDZ6hHt!}_+Etr
zZ%KSZop8NP`Q-*<3YZ4Y41c605VA;b9x|c>6&;Db+gsKnu9^6;X7&WFqV!7}O~@$6
zmeogoZ2bBe{T2J^A8X?3!f#&=WyR{)(;QerkqmGfn`o$9gUtR#am9sCAT8(B`VjuN
zI`ooEQ~(>QMzvMq&+iroskcN|5k#BBxZ6YZUfnH5^n-2*OsVxIjjoyG0*StZ5k<i*
zLX0)aE@Q5r{R}m6)D0tPa`-HS-_XgD1eBWMR~uq{NzfRHo{Npcph&@FCkQxe)is$6
zCDety!P8u2EoHcBvts<(`;;LW*=n4{$^~^za#RVAiGavOi>am4f>Hq2KlBF{kGT1h
zwHLZk%|5%iqnZNZ8Jp?pG`uFI&VNCOJnaIS=4@AjL-fO&{>1Sd{@qe+*&jHei%5WO
zXh;^s`SpT=NnpxIs<I$XL2Knar~~Iq(kQKSGy|%-M+6VQvF*EtXLvd&W3Ct{7g<;c
z;s5wzke{|1G(WCD4H)gxx@?7bRb$5=hF}lWV~%h30oq+El%gHme0M95v|tYOxadv&
zCPghaGXI6+93KIK9sTimxyqG^gADb8eblll>E=MG*y%&BzDc=i-$D2K4}UI35Kr&V
zTzWb~m-r4--9-JTQL*5{YBV7{x;f%Gj2}7Xdp>5TfH|eet@nl)6hFxT3|4f$SmrVu
z2nq)aiqug7d(DD3oD`1-JFlpyIfqQBUFx(rjsybC;6|1u(Arni<CkWv4qs3fvnMiD
zzSLD#IBb^t?#!8+&1@fHKj8e=S&~sJ#XGE(ycN46fKUd$QD>ox5_<KB)PDF*oPn{s
zzg}UbU}u5ON9H?Gf%a^jX=|m;US+AOgQ9!KSj?8ec9sPR&br(yRkQGkb)TW=A9NV%
z!|%o#Ed)qfyxB;%DtD;>3VNero=M4zc>yYLm8=4Qu)N!;T+1MGgtN8|y}QfTc<lzQ
zg?N0H>o^&T;l3wTFIrGzY(~N%iYN*doV@%$OZKxuhxa1DTp2%+nX}Z>4}u2O(`^JA
z)U|kjtQwRepGs%!d->!V40w9mjLdM_^$|u4@Hi2&)w4uZTVNgS@%se5D#=j(8$67j
zP}6+n#0nYCaaNWp!V;rNb@Sef)$8IWy^g^zp2K9qn=eom=Z?>SlqlQ($oJDK<r2C(
zrc_=4cREg6O;o$)3T9GG^5T+5!=F%o3el`B!p0XduN4*+@>?+C=?QMSC)emHmZT&)
zx|4st$e|5`VZi1UNQesYNz&wBzl9CpD6`VJB^Dk95+h-8>maOJ*&}ynlM*o|nL{9~
zwo`<-?D@0Ggdj#e3HQ@TSd$hL274H%MG$vI;7Jtpn%1l4$8^0SXmiA_S3GiNn|(Lx
z5u6!ckMfK~sGrwCOJ(T`f9{<StZTCzi|?MFms<6wOs?MRB#JZHN5VAJ{<IRcFU;;j
zDGAmkY{$Ci#Pwg##IBv{jTqu={d$TU;!47SKc$-_2D*QX>C@_702n1!Zvg+g`e7Q;
z;ZN>P2V~#r<@XW<DBWEuS&CbwJeb6M)N?0`;=FmDjqE+yRR%;qpfW6y8l3kt-_wC4
z44)%`T8FhOAqbP%g@dC(p+nYJfznrG=SYQ3ZYt)zle-wx*oc0JTII)vKyFI99$&+M
zp?$n}Z<3F9S0R`j72<ri5{RAt3M2XLJ8v6Qb#ngN#Ddxk*>Z&_r9b1Eb2YYWG)4JN
zp!bM)pe?04c8;K_#0E-fbNNTSc~rt5W*7DqCCq()jO}Rwz@cZn#C-fO29u)bypilo
zdDADEq>E@5CsZ)Yt2hz!+Gr-u966tFb7oS|L|Za4Tp!STD=yx(WjYC0mW)(|A)BD8
z`O|eWiZO8Ui1a?VRbrd+>QDd#YE^}r%FW!z=*h2t!2<YVvGr&4@5$1`1ZZGvia`(l
z&YEK`@rJTi+};YlkrYZV<4DYw5Ygw;`Cbi*`kqQa4n3)W9*SB{NDg~%i1QaN{nSyy
zfnS6qhwlqPERD_o7~oB<+!m1NTj0nAm4}^QcQ0N8v(%@RJH|(`2#;Tg6HsM&zzyjp
zlx0`RAo6(lK=v{~j|@+TuZhQxE5{0C)O$PLoK$WXdNPLP1*?JipA^6QV)8x<Fma@^
zfUkK}Kp#P@dx+72LJ5X*Ng7E66n#le#4w4<daa8++|m-QmDPRq)Eq<O=_yYBYK11(
zD&9jclL$i%@)S;%AAG%5eZppP(7qFaBBQ2h{cCQb(~bl<!6p*EtB`|o0@DkP-rsgS
zmmWmTZ=(LF!xDXFMFP^VKf{coLO2-C%3G7DxyFwSiW=Tg^^E6f1f}>9Ma3j)5<>u*
z)V$O9K{e5ZPde<FSro=iuLkP)asB1E%PHwpFMaUldkEQaAm5JF1Af-xya@c@l|}%p
zeDh(Hb>{t~P>6$Dd%H0u+Jvq~Hqy|H)S*)8sd1ATuK~unDI*1V1$&pVJZ23a=Kzuh
zvKF2n3#d&TU|?i9_1m~ove???hm@Mkmrs0UTs)n(Gn1lCOdGwn7yz!`gg#|*JgLJ^
zkGV)6@U%xL^K6m!=Ry#D7-3I>>Mn7in1FQ1r{=>oV$p!h1!8d&rAu$7r(^1PkZxOk
zp&l7Ee3meI!kbuoHS$(iXo9q|qLLG5FelB}V3Uy4>@UKr=E9Pey?J;lA1`%|7Ogd^
zJjvri4U_quSKP<b&it+r{qIv+H%p4XBW7!#MCG_)m>;mo#R31#o-N%>O1fV5RLL@H
zBb0LrKd1DG44}X=jX*B6q4*OXaGl#M;cD<MRvi0K4pXY55qS*1w5YK;e4KMTe2Bs!
z+xvG`Q7Zlm65{@EujU0)U)11(9A7hDGTih+h}l`n!L>UR*fINFLAizlexqK_T2X&Y
z=Ow1xe`h_zI>@T2)`wPekA(i#{~*-T6FNhsCx;^bF;Z2@Y3t3tZ@7jjWj9J{=-VP6
zhI|ypWDBBdLq*7dj*<rzDrDyvwb5l@ai_vdn?(Ji(yZiPJC^2`S{<N>aXje6h0M<@
zWh1D?ut_FF%Z5fTHIXUHrJQE%ODn$V8sfd1E8}g1rP9i-O-h@OGWhZu%%{vIZmFws
z=-1c+=y7&tKYcgz|I~Rhl@OXRw!M&bmY-83dd|J)WRHdVw{m`$!5u{v7a0H$X>Y!W
z@B#=S)phdIbVz|^*Qc)EXCbylVd3sdAU;S8ws=+X=iV)`&Ou7ub+XMO&p*`V{+ICx
z=-e(eFgE-Y@Fak9SH}5lSW+2;q~b~$Kxr^zn;G~A@F12-rkFrXw|0v?2P<<Pk7}(`
zG{A4iLr+KC-Xz%dH^VRN)1vRDA_TF^P@uMDB#TXLpd$YqNo+Y^PWy1RMU%q+M_McA
z6w!F2N0U!srs3UD<)D-4QB%(XNMJomYjB%oDMU@`<uiGO9r<e>ZpU!>^cORgDCIPE
z7tyM`-@t9ibDgXqa#Wd34%Tp_^xMVrrBIMz$A+Otq*R8U`1)74Hg)`2UPs!70WR%s
z`5U1?9)9_qmLoKwI55FhoJK6Js9Ib&C1Qz+#82!L_K8QH{-ghtHMx090+KpAOyWE2
zooR%CCkb6{qWb32a$^b800Z>^xk+<M7k9d5BSw@nL_rEuh$D0<Y(e*eP?RBUW1+6u
z(`<a{7XkkJ?5sKl>fTZXuhmN*>-xJyOd>28&J_IBVL^D@#m&LDtD+wJQFmwXU_?u0
z^S0EUa^v4&;w(JJ62>yZ&{G2Dw^Kqo!n7CT-a_)HzsokVYZX(f!=eU4n|c>C%&lmK
zw8P#7Mt7+gsZ1=&7^kVSM$zz-yayLNMafCqNow~RpO-NhtfkUXEcRSXKMz?PmZ-<#
z_R33;iH|g2yv}WX%43P60BSniA@LC_gzPf$+02v+y>0dlu(;B#L;bN_^62Z@ZXB6X
zqN|?3k9+AIR<^+@kT!ot#1EHd)j}^0`Po4uh)E7GvGm8Ona9QzC!T2k$(!n?<9jD=
z)g9`|*h-Y~HMes6FDZl8jzSK*nWli3LFK53OeZ3=ZIGM5S#3j5kGnG8)R~O%{9|Vp
zp!{CO;7gbx8<x&YV%N*H(YDq+q!xO7^zNl7tGjBdrKGqdw;xi2K@!%KpPg!P)y4m+
zK9#hYQIL%xx_-kfuAGw~W!H=cD7Gc~AF5+5=#>VN3<+0h7=$en4aS6p$gR;{Q+YmR
z_@T*)!}6VJS=SRF&b9KOOOQGU!EVK13r;H5pwg5o&K#xPDF_d|_)@iB(JUaLHVMh<
zlCei?${-BE<qFzNXvtwVl~C+du_p#@G4FPX3NuJYTUxDup=tK>$o)n-(*CITH?^VV
z1GaLvh6&P$6Mi_VOu8YeCPjf7$<4}x7;5LQ$#crCeaE0F2JpOtGpJRP@wgXW%i`ih
z=|8y>@Uc)~f5OiYhQ7`m==!6Wub^%)YPiJAoBn53!cP|mev~y4&Zz^84jtC1e8TFe
zPv-0Mt|dM=iLYH+U9itq`%;PE+jto<!B4dgK1j|m?U;y}nH1Zz=;G_O6$msdPt4<p
zQxtFdENC5%$?499eQ<jAJx9?@o8R=aMRca)qGC~nZ*1&hnojIMHT9A4C#gW9@gX0>
z_9?@}g0Q0OX}luinvBL?Nd+o3qC=i}n<X`!mm~5%I6uR5a<%YLZy1=xzlffYPd(|0
z%?A~7{6-!PAj65&3RlVn*U!<n=j=qyWo+iaXy|g=b<T-7`l(`V^?a{=2VN>D7OT}V
z4FC(Um!-5uC{OxhU4cM34BU_!y67>}XYMG#N#eKZn<}D?g?<4k`0s->(iDwv*2jTF
z485BPGeriC+e~BTPKDJrrrAi$Z==HUmO!qER;wXx@{f892$EW98M8XEiHvJ~t?2E)
zQf_U2@Oz3<jxFFh*i6rRzhe&&8ceE8tv6B`vWw6TXx6xlN1sOV>|^4<B+j>z5X2Pm
zf@hIS!YJUX0<*oFr8^TQu^c2{XxzgI;@6f+1t!}F?t7jqT=bYoUF6m9?(HdGs(M76
zU#n}rP`QB8`_2EBh_+)5ANV5Z_v#<NYM$be6=3-v)$&*RAo3HY30i?7bQnO3&-6!~
zzt*59=L1{*U(o0CvR&cdbiG69jmU#ojUDQV;c7%vAVJ9hKQ63L@|a?9zt*kDn${Li
zzgxlR_Zc<K<dmRZc7=e}*x6b=r@qo?UXM?UsaTX|X$z>nKzy8sNgvKn1#?GM;X$2F
zI$A2xB@_Awiu$~-5}SGA(pjjkAK)@F((ZBb(b?%Lv|keZKT_cbqQ|URULD=AOl#|>
z5qpM<R~`{V=4EF2pqRSOf(0ACr}WZBZau#K$Z$a6ua^DMQe8i?Hl?~rt9@mdf>Dk3
zj^<AWhuXL8gx1<i)bs6xKWs09IjkE%af$ib;rA;B_9Js?yiHr1pW*EM#7W!L^gf3T
zN1AOzncw?MCVK-ddoT2DG!Z7wg^v?7S|CU5l-H-WIF&y;A<h<*eOpyIrmd=&ukue?
zZPqw^s1ksUK7wNHVjx;e8}wqW;8&>!HJWWkx*(G{|M*0L`w!FqRb)>BwI=^bv>*P@
z1y*M8LZ+*Z68yE5#6hQw(`@7>eCvq)@-gZ(`FLUxb`=8S$htcTVdV;*9a@Iw1z6F5
zL5`N|!nH+zjA-<7>w0B%JhmFi+14YX!Z`1E8kQ%L$e!!PD}3LnKXS4LeXPY0Ww`s@
zUIm^;QqX{v3XHhv<MI8BQj(KvneDsm>vO&;&;7^kf!UrjKcdc!W!#*;W%A7m2jQaI
zlA-g^XJap3a{lr4Sj-}kL7WO8+8yMif#%@VFZJ0eeI+*f@j?!uqCQjG_FYruOLo>G
zDPhCyC#Cn;pX73(FUEI3@afOvv5?-F$J+(><wPNMe$wNb6W{RiShI;&LTDv4mo;&^
z0)1C8sVKllS~ZIErRY$oU#nC7X-u6LX<>>X^D!?W`)x9|1_S;5eqW1@yRg^G2IWP;
z3Y{fOIC1~`)1dP&p#x0U&PS)Cq{Qpv9!EuPi|oc(Kca}dv$CSM{?)}oE;suxXj(sz
zdXKmWAnMh11z+d^f!y=%=gHX~a-g4Mz5x8>KGUJ1+-bFQ&575ai%?P{BR&)8D?*%{
zUtTOPm&Qg-8uXs|ZFUi&n?nm6!h{*FxuS3;7DU_(>wQ|3q(9$m`oWAw`Ip9%7Im?S
zUsU<-iy$++S~l4}ZpZ5sDFR(~<2kS4FG4O)D!^~o#eenypFcG?0Pcsgt1j|$ce=*f
zoax`-Ib;wIk5@ZIBlgGIfFZ~CcfzbK)ve1h!6lCx0~6%rJL|7!iyRsmPDjqk9A+yq
z1w9XcYpnK5XxKsWf;|4?$ZB_VA1^5a?Rt<SDffE{tTc#-yc&~2qtuGB15KtViQ6{2
zlC&3PQI4kz=TliuM`s&4&XQp7T!UiJy`Wtf8!GDXkk?j!2hs~4{SxzJJVNJ(-?)T*
z_>yPXvRz>q9pbb$H}<YUw)r8Pvaub>{Wg3hs$IAHW`2p*Ul@9O353}_$^C6i+4RuU
zxoZ662u{@3ggb~}3@|IaZu<;!w|z>bh*<2G-EGsu%50iIbr4Y2)XP>X=Z++&s(nxF
zf=$*98c<h~w1?=@!=IlFO*h&7Pw%DQBk}`auaj|yq9NXG${yXPlG2X@w<DlKB65^6
z?RbOn@^q1)vnw%LzBw;TFdg<8;v-&v_8fbnF#l!awL}nW_v!5XrNDO6qto$cgy7|j
z+3p#etUa{n;EZG~s@<~t2K)P%v3=X9>C2#<6B3H#_UC*L;hk;msu|ch2UUSrqX|1_
zV%6XE3BOuh+Ko}HEK^78a1<km{!T9gq8DtEZqUxUlDPlWdvP-K-c%e!hB~<{XN%_?
z^`SG_9^S2S)a{&tQ?;I&+udXyN<xB!QL+0<MGmdo7BmH0gu`|4H{b(QF(N(J@vlZN
z!8^ykN~+*}znStvjC!F(Mg01sD>AVt<h$-Ss!zNY(2m;#51!d%>v#nn4>{F|0Na1<
z3QLOj%Ts6%`z;BwD3s&if+Wg?9BhB9V+6b*NhZ41Vr0*vl9v<X#zXxGq6%lqt!fX@
zSTtt0W6W)C4`F7Ia)VmktIPkNy36!Q7qJt2*5a!1;Adi&V=#+M279hYBd&|&+(eCR
zN5_O{Z~quxEf;`}tEgVk8gK|5M%uzjLq}aZ{61;N!>{L26(W|sF2_#yI~qzJo#D(g
z4`Tl4h`^0264T^%z~iBZy4RTF?qQP*Tl!z+rNGLgib9>h%7?iS4<ZH~{xaSBJlI@E
zz{c~M`((DzVE?7e_mPcd``n4+YCdA^>^oo-AF(C8g{dwYe@v2m>$dhQLlXr3E-YLZ
zky_sqy$6=~L|p0gG*7l-2*0Cr*g><Dz|44Onw9eM<LCL99hMr3V-@0nhmxo!Z+{#H
ziCgqvO@#~r*st58jM0C9DlYb*!bl=Z>=DJY2h@Q>whmS(<me_`GNPRVth#lp0NEn$
zy9c7K4dW*OT&jA)n0~b2<vSI7@APKV_qK;MeskdJbg1D2)6)6dK~ap@-2HErQ~pzB
z#Ux3v7uNie>%dKLZtIuGrt17yC@>tzrY4UT&8;@M8hm{apZ^L9_sy6~YsI9%{O|ZC
z&3r#JXul)))eZK8(|fB@xo`V4YQJjUCTumJogEw>vzt{h0*E!-bvAH(@b?9d<NTYR
ziU=v-k1?45Jb2AOOTt)VUqtXR6^`^wpn*i#FR_LVU-R*f=$Z>f^O{6H-5P9IMg`N7
zBQ`sz?mzcl>a}2z9@Y8iNT0blOCv>gv}f`0kgYG-flq#^q<xI~XVb|j<?HAab4`~g
z8K9gi2@<g|*5>MbtoIVNpq0u9YOfVGNqeZ6`z_N(R6AeyO}J=wd&Z^MONpHm9gKJ=
z2XH~srwskhr?apW{j1gJ;Y6UO_*bsjWmV3>_BVfUj#+7-!r(n0<(OgcdP7jLow26`
z-}*k*Nr5Q><-#DQ2JIv{9g{SnSdHxl86ec_vSCE=f_@UWz`N3<GpS3v@{hClQ%5V!
z4EAOJAzMEyG<e~ZBtn<@?x9D<qwuXD_5uCZfp!ewF5JARy~b(u%HRKBG4l*9BW>P=
z{B=jq^-v^_SwKVuyv|b<{*nsZXNr_i!PZKp?JTq(2er8PRj>0R&6}{19oNm8$x#1@
zjSk^Voew|n2rAZL1v@XIc=dU00TQH6SP3w-JMg&5xVKI(>^TGF+5dO11%{lGgbG7b
zcar*I+r?8J!XY{B6asLqiI{LIkl^C5pr<j4vR;|R2{W8M<|L=9dNm`o2}&BwaBZSr
zyJ<}KS6uZ4?iu6J)!>jzKK{4Oq%7q8r61qFb=A?rsfW+G`#eG)6LJKOyxp-PTl?j6
zL33vSz$vA6$(sX2EUbQg8SzJhji7)v2I)Wavi1nXFJxeGltI+#VQ*%JWuoz8VRy6r
zxFEP<Hn!v1!--t_jEV6P^0{Ni13S{48^(kHJousV&EWaw*>i!yg$b5v3Cp7_P(;co
z`;@+w^0NJCn{BZw9?!VhP~qh(0M_0W^OW>|YTNTkE(xqHA6Q$gN%&3c?DyqkSoZJG
z2gEOek&GzzYu~Xt2&t9>lohErnAvZ62Hr51w1;9jqd~d>-<?L{xrb|!q1GKryF7AU
zqjW)HJ6BsDo3k5TBRBrDe4;w-SA_^5sKDug<%<}U<_$AIm;yU&8y*Y1-=8zz3S4{o
z?hC4fLfia48NF5UeY_ObD68+e_cp}yy`Ka(u)M;!%yLeYQmEJOuYlxZpp^zD3@&9Z
z_XHf579dcKN%i{W!=2)zS9eoF9=On`Ji_hglS%N7KikW5VEw@NK-`YY6RK8RVJ|n5
zS51WT)w}K2LIjE6V=}}WaEAD9(^t(BjYzhZV%$~}vn<LexcOe&*Ty&zAAa7Gzknl3
zl8-Or8|SH`rUM-pv)cUxWX?N`{TC48KQDFqUqMa4sU?x!ZtFU<-v4jb_kgp$|9Iwv
z_``s4mckKhGh%MR&9|{p`0=jm&|Cfpo%*PFchAL7v}d46Wb2HvQgrw@yGUix{$>rH
zR{g<udT5l^BfE6PuAUOyJMIo)9pH|g@>UC6bTyN@!JlQI5l2`+^XpEKjRk$YY0F&P
zi|MvEx+kMacR9-z$#Blc9YNYhfcCbjAwItzr7vT^J;Pg;v4i+CdB$1s{o?~>40f$1
zue;Cu`L+>lt;HmPOM6QZANdV-?7VS^Ap)xjT*;n8op#QXqwV#`Zm~NyjGy}>#QkKx
z^7_+4Q!AbcvTrU|X79JyrQVI4XVmYQS0PB~Yj69EvZ|oxeZCV%#U+gbUlC$@o1_~Y
zeOx;d7~uXfRq&iI1Q9$@h*f$YJ{-pmgTtc!yL-@KmLqNyrQ%e*caE2-8xMX8C|KUE
z`nC%r8@+a?&!i!__shgyx(=iVz^+-JR<OC2|JQS>rj!eirq@mqXitI~sbrUafVQEt
zxy`bew$RNXeVe<3Lw5(>53#2QeSJu`)$?r@Mo$b8|JI`J|L!Xi5$${zxBH9DqzxP)
zPob1457=Np_2;;}=Q|(z_X9SwUGhy4`(&o;8VmVHY{5HEq4QOrtpuxp(Efwyi!txd
zt&f|?#_ieIeHK9m0e?S9{NbVs(Su4ca00k+>^gBiJH~?M_76#tJZ=@bAlquh7b^d~
zA$w;is|s5+07Pu~IXj^oPB*`#_?<+89rq1ZhZ_fOkdblv?b*%iBEKf4?7{H2s7Chc
z2tg#145f6w$F3eS#shbAs$OF<a2=g_F8&P+Q67R<Pr&&!wWc~mBtC0w;#I-=mi6;P
z8kv6Kk#=Dp9*6ek4qP<OE+F>}+XO|G_r8cz%4IU-V{_?$gFy}}4N4e1xP}G{t>)N4
z>Et)6*XJ~ZR08sHA$HqLRg&+5ox#;-rqr)8Tp=+`SMK7LDU|v@4Tk*3IPvo}N&T??
z>S6jO$G*di=!JvQm2T;M8HGZi=Jm8SNQ#EO-#O={12^CF*rU=%tM6mW8H#SuL+R!+
zG_F8y_z;`bQ=F(N1R9zs)WuL1J?X6-e{-4e)pE8%szgw3eLDo{&+-EC-|P^piGRuw
z|I~*KFaJx_nL7n9j2xE>SF~6ko@DQjfE+BWWmOx{qU#7e%<fmdU%y{zu0JZ}89>G^
zMhAZn&)5S=K2y|HlV99)D#VN`F~N)97CJ?J!9JQ>*Zc2>z|=SJuRK|>NbrM8na2z~
zaE9vJRWN}!+k7q|`S;PP&IW$X5@;z_4t}{)DIR#yh45*P5%}x<y579wVu`ymDDtyt
z=m8_{M>e*5@&7Xp`_D0T<^Mak{&N!h&xNi3=Y_TZ`;NQ6hV?d}-0}>EDNEZZ9gh2=
z)_utEMW_+$?rtT+%QxCmS;XtE@a?Ijmv57nw1#*sy3E#Zf-XsSo>yN*rY;#`_x80!
z9eaI$L}fjCp)%t8tNVG`=3GCz6!eq56E<r$JnoR%7@lQ$d~4N6tFvn<{Nf;`cdE##
zdc9#if1;W_x6GSlWPh?{svN&ueYwZlch2xqsQ$q&+e7){H07|}rz_=Q(bxC#j-Nq#
zIfkjwaKXhvHHh&!^%UdoNPn_2GI?SjQdr+jZnzKHQ%UBeS+<kQteV0Mm&eaW_Er2@
z91>H#h1bs;p|X9Q)XD9y7#xLnp9Lwl`xzZ;LI6=)*Hoqs$<H949bWRF82z02H&RGU
zV*=BWX}#cK<vRw1X|~9u!qOM3)26KK_T!fc^}Q6mA@u@@B!>cy`;%O`$@O;8H<D~B
zEz6IWXBZ!r=Y@_%{2r5qjS%R`7Kli%0Um$a>6z2f+pn*^$qf)&IvE5jpU;A`9zBh(
zLRy)O5ARll{Je$Qa%x_j_mmGA0=!^i_1LtY|FH7z>b>x!!fUr#)`)944)>Gw)TQMi
zWP+a_gH;FfBvH!>8$TlPY#v<&lVlGvf9f>3&rN&31CBKOj#{t2UN?*T{9^{Y9ZwtI
z*ZLtgNCe66su;HpZ+b0`9#721SdQO1-qKxz1m?7Zt$3tX;{EKSlKn#Kk)g4<2HL9S
zj3}h3g5lZCP~kGPqDhbHxpa4(Hv7H({U^)`$9%uC(|tZIb|fF}UpKF&RURK+UZ3;Z
znsv_wH(h?sP8JSK{N=jLn)%gt?fSajbC@DkzN1mZ7yT*uEs4k@gc&N((0(opJs&9Y
znWgrJ^7*}iVFD2)XtGj$3qJCMC&@NiCW(8j+GYJmr7lMlhR(psVc&XFlLcn#K62mm
z*ut?#$<61HPH@x)o+3Dr2j`YwMRN%M1r=^8vYoA?=w`Cx?wvUN6^eZGlk^J#&z@hc
zrp71jQ|H~!3wnz)D+tEsuk{Pp_DYOXn*PL1KXwiAyq<sD6v$e>Psn>jO%m>7gP(4a
zJZ{t+DCM_<@7owU)Nd6|sW5U+?)UGUiA7B{?~f%T3{Rj#0r}8|ZnN1~dMTHYQ#ZHC
z4J$HT_}1Qh=G%NS#juX;?AHw4(H=ul%-{>lDZX}gft;Y;-@Xh-raTb`m1)|Iloy*>
z0Y%+ctqW(&SJ!_p{R}gmV3YGjpZZve$qwOCTuaMBdkSMV4uZ)0&#0KDm4vw7+3(%O
z8r=~;c+Nd}%uYIY(Ap5v$a43yCAu*f>q!#4Sx%sPsMw7ZxjBFq5<I$iJuGJ>wS`{r
zW?yV#E;2Ppey^U|Ifpx$#hMjO&^w+jy?v)4`fSN;Z+}xomGpJ-d7j=UZ&XW;`C_s)
z)8t8dCv^)@pdhS8mqody%&%;o74o1+j;h^i+vbphMfNg}wD;a;)@$Txi@CrXaP%$m
zZ00|QMW*1kH&q!Qyf8lYs-h>Q6a$I#^FF_B>u-gmx3CvZ)Zo+5!|B)X+`jCGqyNR$
zS3p&{t?ho4l+p;&oq|%*At^{BAd-S0AV_ztWx%GpQ$awwyOEM^1nJI235(`V_CDv_
z|DOMj!5E7fYtC=YZ^k>{c%I`im~QmEx1)u#NmR4gpmDlxfHbCS+-F}`Wat1@MkTx3
z{PNzU7H80N)1k7M??j2xM!8^(GVK;oVA#W;fq}4(Jk=}14qy0}uU0jZ5H;k@sl`WS
zb}6ShBD1`t$uWb+A!G%%Kid08eQk|Dz{HydL(p=_&Bet;MeO1Cv}i~gTS5k5!(K;T
zcd4$Ldmh|m_#W}OHLMKwrC%P}ig+Wnknbe3bHG&4dj~r_EA>G&PV#8+X^`Chg_z~%
z`i!@;H&{1D3T@;%cp0KuGiA;r>gKWS={yh<tmoelF@!_Um;J2^`E3KJmJW}qQE8Hw
zUl4t%Tq|D3TzCY5q1{!f&wu{{&g0=q)sd~;>JEF*AbQbv;G*Pg@|V!fb*Ww}Dc|c{
zF>!gA_zz44NpX1({K2ryJ@d#1u)}(_X5{l`<5RMA$!qbPN8XEgmz#EyhQ|k2#jqZy
z#aR%~pK`bsJ(JLNoPB&c>ofHzB6MIM#}d|jCpWy%RmMe9n$XL}CR-Q!(%31vUi=pX
z*({#a?yBACJ8V;U>~5T1?Wg|Xmn@#U4IcERa;A|i4-CE_fbF;;Svc*!l;GwxZ)i5w
z+tbQG2FfGWCr?gZIdqKSi0?e&osrad(`k17{`bCw*)Hsn`($+!TwHD7Lc#Wi*{#XE
zA*=F?>AvC6`-JlzpIRFV&ajf6)dOMAnd11ZBa>8}uOCxmH=eL&r;;U~KcO*&0V>q1
zv5WjsBSQC<oON6J7u_TpS#`nV6M&2P&OH*=pZYrN%U9wIo^hK47I&7)aKvXG4;xFf
zSKM~q^5RZs=gLQnx8GXNR$dP~%#Qi#U#kQL^2DOp?LGNcM_o$9@k{L&1ZO$KOF~zm
zy(g%{{RH(7eavkqRl(zH74=(5$|grKZN>^Oz$>byudUcBm7?bxC_oirk?)R)zgje3
z7j?`48ywNBH_-)lR3>H0jpD4G6Ft0eU~l03z@xV`+7!>$x+n6^vh|ywZq2C<Yd3J_
zy`&au$r`1hRERVueLQDeN#pN2i?@)_9l?%^0C1JhLXH$=grO3yv#F`kOn9?as>vO8
zS7~Le*FuShh6PnQv)Y4$%aO=%s}GOH3`{!6yv~n&P$YcLI7Fo3LY)_s3wc|TNq58;
z!bs)MQ`GL{-z=Vw?7%a+r(R;JVC)bIK?Ibmky|rd@3N*rFzRx8*V`K-!G`8Z{p^*!
z`&VhNs@a4(**>EVOM|vhG3O1p3$;Fwt;UV4MF-&*Yy~3m7hJXvwzpL_N9snGxDDt!
zx!H>C<79nA4e1?ubN{L%`@R!b`5GK*Bi@bP#t!iLU)9H2W!v|zWm20&iT7t_f_#Mu
zf4aklyXop+F|K=8jn~?#9~eV%k5W0-qocFKd9WpZJ%2x2+QHpdX_#x${FMSyCqH{l
zHX=W<S47)4v2`|{*%@{Hj<l|uNdwo?_60zHVXKZuY<Gw+cjgWX?cHc@W1LBFIMV9&
z{h4@mQ_gB)zG7Fb8)-hyGdGU|d3$9GHS<<`amBey*=*G)UAS}k@UMAa9h8gkDh{w-
z*%~zNH29iZ7)b7VtY7^;vd+YYzI`p8x3$HAhBV7-4KOYOD17!9#c@tOC;JCv@{^&G
z*|T6hlqXn$`hMKJf%D<B>EAFGJS)|~DEJ>AUHUZp;5=c!sU8rzzV3?IK|=E$4R3u?
zsWMwia31XKZIHj6ldNVt-4>C&x=e_$6QRKmrg7wSGnw!}>tr={5lfHNuS-$8UUF};
zpRZP1D6{&6$Xq_sHcorcFQqrvlYGVV3CGpWwDqjk9N|YOI>T4}eo%KXNw3=%_*LFj
zOV^@JY=6yrUshy(Zy+RYH65An3Z~I=-2E!G%abNwv+U~v5w7$6o2%V(Y{CgE^AIF5
z=-AuV5T2jisqx6_AjuCrlUkVg>jBocvdvCC#e3V8qk#KbjhW}}@qYSXIqV+Bj<Vqd
zO^)cg&If2@SYQBzlHVO2ERXj$;@#VLaw-v(3BT+fSb5xVA0W8t%Bngjs_o^jCX1`c
zLCYyb%N=LFXP*5JRafNwDrd+`?+?1erp7%z<=-Gi4=K07tejKN;li=M8Y^Jc>*W>Y
zON*$bzEc=hIw2%}j&bJeNVCk;efF(8Hri~56xKYsH$X+rr2s*k6~h|^XG*XNsaNV4
zqT7Tg?{kXXm>tZQyR9FMDL4hqpmzPth9dbtl<XfLP1yW?BFqd=c_u;;I7wGlZ!L0d
z1;~q*TWS;<jUPtmY&LR7QczJ%^ni03*Rgj#=9qFj^djaWyMR9^Ok*?t2tb}=J4>*a
z{JEi46N*T%)Z|wlR+Zr#;OOEWX~*aeVfo_sOgtme0;0E1v9Ttwa?-~gP!ncqPZ?52
zsEsLA)>|tVrxvCiTu+d{?TWNnkIpcbs2Cm#7dLoMmuMs<La~1n_b<4C+q=yz%cd*f
zexCOER&OnSrY)}FHon#o2SAp88CH56<Yk8epKS_V>m85`bohD)B$FxjG_|@Ac`700
zNg}Sgwk9d#eWmr*TFdG0Hg0Pj_$LX2Y>O1@t-q740?s={(=9?J@FY=?|4JD^ixf?l
z)M%F9HuAYwAQ~juezi)4vexH6As?`&m@*WgZZ>=GJ*4El%%$U*sz#KL$ioH(pAkBR
zi>%2rrb1wLOsL&^bmdTCd|RA{$WsKxMD+g@XMy4nP)zOkcX1Rj7i}h7Tx&A?Q+x|B
z5dezW|8H?1C?;b3r#KN5`-5Vxe~NF-6^j3#VxIr|ZL5D5ub+K0Q~Zal`9G#XFK}P_
z&z<YmR+#_a8JxgOTf_ne_G&Ky=(ue!({GWtDQ~oH3Bxc<@(VWsv(kNd{H-CDvn7@v
ze2BKh{*#J%2EKqsfJX<OdivV^#Ik1ZA0)~D)l2e!cN_iR8JYhh!<KT$uyPsvmKS|K
zFssPStC4N*s25?~9BmO(S-`Hl*3?|lJ?y*bBB98xl;6L@FHrMyg2y5nz~ugWFu;4t
zn$dcP;`LIgC8F`6Ns1o$A_Ms1w|{?eRI|#S0Y#>&?6ZRfh}F3L=E%R^QI;}i&0j6E
z-?OLMutWHgfmO8=(Do7tPd{oMU{zeTVc!-`lNOyQkIDL{v<sBt{Zq=mYPjaW<W}N0
zPLfdScOm5G5yF!X8t4X9ut1fL+XlvY!`4;9*4#V0n_R?`g~H53`07EOKEUHVOQvwa
zHRz)e#w41~6st>Iutb7b=g=unVpcBwtI*~(Hmd_VaR|@9tM7v9S-;MhY8$9pv3E>G
zs~zAxYvrGbU-pQ3>f5H81Hwi?A@lsx)e+mz0aolaa}-XY5A4}3Ldzke_59oaJeY28
zirPq@pANYC|7YUd@*2JO{jUtw|IR>g0w)Myb++|s;042E>m#O`KLytE@8ziia9dwJ
zuz3Pj_qF@P6Tn4on+IG54&5&~%fXa$?OMi3PyyU@Vok5(K%J%Ae1O1t(#84rt^lA(
zrtyG!;Xm8NZASmUbRz$$@xL-U{<{V<fHA*qL$2F({f8oZq<V&0sKYq-wo&Je&5rT<
zhpky_9U3Q&QI9c%lStai$F)Oj7lEirY;(YaI2EsU>_{LcE@(pkE|kqfG87^3=gaee
zIZ?qi2QM$n4Mv#_)XVXwv2?)(H!i9H*|L|iS{C((m|J-`sxpyByx0D99rJ`pJZQ(B
z=H;x(`k7jK3vSygSAw969Xy}T%;@>q*(?fN?P6BF2>)WtP+}_9BexG@z4+<j;8O@*
zeet6{yggO5ya7^veARG?_4COa@{{EJc?~lBrT+l2<vs5Ns-~&Yr|@8}fuzTO=F)ez
z!|KN7-_JckuCRH1TO2=*YORN0F6+N<lH<eOxI#)4rql02$_>@D#>H3-W%DSw4I#}R
zBsyULV-EVYV8isf&*~bN?vFQ(8uHkpc|3wNgVF$kQ@x=5bEYpj7fPCUz*3a|I^vQ~
z16s(MJ-h#9+3dDLnYtSNlz&JYx3hJkXp|}|3SvV?HxvkaOyYbOxaBZcqdecrW95g!
zfPix%<z;*#xy}#E_1}+VmZXf*UDC)<{C9t5BCe1}1r@YPjUmmiB|6j3e3kzN$HEaR
zPsZyKFZlLiqk(fhqF){a0{>N$S!5(Y-6|!y);ze0KY6j8_Z!^8yU1_WPg^T$V5V0w
z_Xfy#Ad{x;U@zs}9EP%4fHG-<IJ2TFw%N+IOI`On#l6W+!q{m2CTW1n034dW3FAa6
z1)C6a{OCP(n(N_{EEBBF@l0rQpSDQP5kx7WU(d{mnh@5dgBv#}BhO#>aQF$-cS9|<
z<4r<#W*>ZO^zTr7n6!H1HjX>t`t*I`V8yTFsd{iI%jxTghUXT!zoCXKd-xBtlSnT+
z-lM`6(`geMs>M~|D;xUdJ}{%$jv}Q$yw^{Il;~|`U6w4ot3}n)GSP?2-f;fK=Lb+e
zVD~<KxGy`GVte8-;Rm|GcDbrMJ_ge$+-+TIN6`ooMbID4|H!V3Tvz3Y<ET#qiMCdc
z3LX5yEk}dYkW<pckbNsf{HLmy4;d-A?S3|7>SL<RU7ffU3g@bRTnL^WVSty8`)ji@
zeHWR(wlWHA-p^ql$EjJA$S{NZakE>ZrFfvjh`sISY9lMTDO1ZM<IfvPDIiEF^3P;k
zf+fwgk(2tdetw5+&K}M_!I<t+_Lt{X?d_&KxcqO7iXGkw(n_~_oq{<hiEWPmL^xGh
zgtRxjBCdLrN-xyi*MP^23B313-&OCeWmL>1T6(*Ilp#aT1G*fAGp?2|TYG~dKR6cx
z`tOT<CMf$}@;N9$wgFQJ1#-8oBD27(nDEX}6D~FNKYEsE>>_D}R^WU#dFH=m8uU$~
z|0ds1D+3-z@l9#MSpS3-O`6p1I2q;TdRglO6aT?;b5hSL)<A<5<tRtGa=p**a%TC>
zT~>Z%q!V|QJJDvY%DRnXUU<SL9vGpN4lgSj@+YKAH{Hzf#|J&nqw%TU);c~QNXbOJ
zy@?@0flip4#eW}=W1J0%TcqY_+ZQ#ZFTGrI<iT;zlBB|r2Gf4TsPcXEknyQkTh0}Q
zq#GPpuL&ry0u}bd!)E!a8?c~=KnOb7??J>gup<+OY@0Y+P|-Ih>j&mu`4cc1A|_LO
z@d}C-#4m-T0=M^k-NQD>Kde8$L~L=t;4ljr>N+K!NgN)aFvVQD`9q_10jPpJUto+h
zvOwzoDauh#?>DYI>tI?Dcewd=WQgMPj*WoxO%3^Ve_dRid>2%_YZQVtj@#{%1ha9@
z<)ouxWy|&wCj+tR1z4Qo2g%zyZ>5}Si;`b(<0wZtm;?!qZ{G9jNARt-9i3DyI~at-
z5d(z5EdVPtAp#tG$;9}&s@`yGUrZI@pRmiskvAd{a%_K@sPypFQ|>;x3|22~-rv(N
zA3xF#f+n)nvBLY)$iAvzi`8Ff>V~C-yRDY^lx(LMo@SmzuM553*3=3|?uUnl)**>L
zYgHW|?(`bG&(BWhA;Mg0cJKXN?&CZMWj1U`;=ZG~B-QK|V|V0vApLOAUbybCyZ)-_
z?R&7?*2{hE=SYH*)Q)KNsG)Az!S-no9%!{uOAhd2U0KR25E87ANes8#hx{J79wv6o
zTm9;<cLNc7eSe%TCMX%d>k9+qXGgY7y94i7#w4@7x8nhEfTNALZZ;!7);rxcY;u{W
z#ZDi|dOTc{rEiVC-(PeaN|#y;d_0J2anq6k4qgIr__4>^YWYK_(n$+R8nlN_<I>)k
z=BS?ss*Phx;!bg4xWiA6)QO(9wM}EeyuB;a1PW!Vli>FTKvRG+IJHjR^-)-Xo6!al
zai+Vg@Kqfkjm|wYYWA{>VdONNoA1Z&=r(wSGxx)ooIxyx4#IcOpU=$u>u0sFPlJ~Y
z$^Kb^YrE332aLx&*9@3T^D<_F9zWx>6yfQOfVFtkr)N{cd^zq7L`Py*$nMw2nWIe*
z9e{+R0H_uBQpxIZjD2Fqc4`0Tuf*8=UXSmk{l5RUWzZ;Ws&0aWF7kr^=Bt2+m@yt?
z<8}wCNas@)O#vMDPjfWUzc43_S24TPb|*5ewfIVm;@bP}z`Pr1$hvm5Bs7lXeA@c8
zB=trIiwk4Hy36R8a82rpf;KfEKossn1}$8RG>h5Yhl$=zSMVJ3^XBJl3Abd%^seWG
zhLp-<Q-mK~eh_dKp?>CBE*XA;4gDGF4s`ZxN+D`_ox?NkOhD(>bj4I7_?VDdK!}__
zH-#`Ot4AiFdB8Y|CZ!PoNt}K)7SuKi?6(5%vp}Zq{?FNQR}o>RZ6jDB_eXFBb>J@8
zE6Z>m(_Ay)ObDYv%iEp>YLJQY@v>s{`o_0mt<1ZZfjAL7@~vPUf?<97Ntob<;mt-P
zYbTVBh$F_<ezqCO6WP0eX)+nh4M`c_BkhhMsZIFYfXVOfD~vKEUmj}^`Z8=$6P1&o
zrR$2uagQ{B*l1=p%)We7xg+NcbMb1-jTx<q6%CpmR2&e(Ao#warDdzH86TXYD2Dm$
zqgOmM=PMQ#{DCiHdG*5aXiULeQle~J)=fJu3LPpVgiQQ!Ap(Dxr^H?P1k=cEzH&5G
zmSLqJgJku=V@wnL`>hZ<r-;OSE!ILzzddZx*qHv$+L`SG2#$8h*v`qIhA4lhqWRoP
zmlt~c^|#76`Nzp^@i#PNrs#T-E+7arpr^pX5rjJ{;;Pd+yW_(!QK20ri@M4>OY$G&
zTT+)Wu}Ao=4LpbVS9P`s2(v(GcsKTvwxRwJWW&J1KClGv$!Y9i#yAnRDVn6WtJl1S
zDoqP|W$9b`Td*EdWw~1M%bU|Yvbtu>Z?2~_DUKF@iDA;kBK0LBbB!hk{UQCd>;SLx
zU-|3<wL;9b-+2{VP_|f)n#Z)};lW`F^?`^y;m=PXbbt<>a1Uq#s)P;(aGKE-1E0k7
z8gx9SqZKDp3F_>qVp(T^q!Qb~2&7XJ`pXdIk^>NGOS!D=@t;>q89<!y&()|iN-`vn
zFmT6WHE3Td2>ivq&7ljmV82q&qDO)mvNtd3#!1IMy?d54w0oyAje;J>jGWPx?)vIo
zMdSP#;XS|i#VgGMeqN}wOOumM0d=Tv@KS;jLg?an4OGMikG+2R7zCg+CHch+X#cUg
z7JPvT1x0>((^C6V1ZN|2SbKTf5JfZ<<!ob^>3A=8C8LLl9+M{RY8W}FxIbMdw%l;z
z-9($*^}|%T`##C6wp!%OhjKKBvMcVD>ssuRlpjpp10C1D>NuF0UkQ`Q#i2o@&-htB
zIsm-n&jb}pz7cdtGrX2$C)_z(eql?}k{OrQxF3q<SolU@6Nc5!{Xj6HVURF7Rii?m
z5M~CIUKc@a_e}1(&|P~Q0mmY)G55!PoM(@Gul|gwf9Q+Mpkt8<$hsR((EZNj^su38
z{)b--LoouOW0J8odZ}+|1fvCzY}~Bi4@f(q@0}qNT_Th8eryPrtx_dhhMPk<gKEK`
z_=0odD18gvKzLW%rBw!zt~Ri|es~o!Gp!14HDPNCGhwDi8%h^eyIwp20^H#PuQ3nN
zzq;dD3n?m_Z7EV>etK%(rG#3>@D+lSJ*9WYffQ-t=#aB!ZoEDy2U;ZZ&IGby$#3Q7
zr(7zZW3-KQ81IUlN@OFQWL>U8zT&l~;}0`I@Th?I@B4++Xdxk!9x4cq@sZS%jx!*)
zEO58@dT9q%hgv06>`;p3lD;Ncb{=8~)u$$?DbW_p$!GQ-8T#+2-q}&S1D)qRH~i*{
z-9~R8ox?=dsO-7w>07rxIeB)%?qk<HHd>6>F5cM&rc1wy<c*>_L2L-Rn~P^s_Y{pZ
z<0L_ZkL_{N?0Gj89tgo0-kQ|5<FxxarS3c0NUKV;vpmya`+`Yvg}T(sn+Al|sz*U`
zru?`V&>hQe!;wEzOgM`MF;R!ZMfK6QLEdKLo?|vFc3HKPuE-f}wy3AvQdJ^*ZXyxR
zVr$Y6Mr6)OchG0{_7Dweb_cp^9v+C!;Hy4?pbnBAg1c}>uR}r$%TsG9wA2x#?JqXl
zn@0Cgkdc9?5(&p0PI>42FwMFJ6HVbA7u3&-)B?&w#hp6qW0nRs;n9CCq(Dgako@D4
zb3F%gh=4>lBG`z<FoLou>15X`UgzSvf(vKAGHw24j&9-Ge6V`uy1VL8ZuxNmddv$9
zh=5AhrET-V77v2%H>AmoS)ri3GRA?PwPL~hEUjN4X|Jroa6jC4l#oB~?TP_o2tOES
z(h!#mU&n=h?a9(pIb?)a^ge*dzeymE$AW%P5O}bcB<U^#vPH6ty}gs-;CiBj1Rlqb
zj~N)lOe*Z`Ry13t%3d~RV;l1?ch|f`BksOj_68u5{vvM@6F3rIPCxsF6R)riwZDFD
zFa`uE+R!j0=OfLq%jKj{RR2GZQA|Eh>(`^XGNnEv^2QP?LR#s+|I7*1b0&J2*wq?1
z^RYWUDn?u8E5BTo*dsg*Pt#WcGg~HShLITuQr;X@0+{7v5FFhmoY;y$Qsm@l!bsr4
zntzl8xq<@)#NcbNn)63ze56xYN)ZsARv)N1d%mIW*mM<r?rDPuzn9(DdWL&L>#Dbi
z3OVPoZ<@bDYtZVCe$ry|$SX<@+I#F2&!|}8d3i<-Juafmt*m61!z_R1l}V`;Ha*ah
zovI7Mp)Hx!f==p;5#K5jc!Ge~4i34G-D8Gn+xRm3n+16GlYjBb)7YgQO?aU}5((Ov
zZ>UZ4#7w)i{~;XJPaXG3YW5>9s%j_Q-`0`dDxrW{_UeUhb<}>@<c9>{9AWpcw|gb?
z>NAF2KM*GG=*IWTu|{*Jo_u;AujciJs=3+dihk|_f9pIq$xG6(A{wj@Co#Im!U!_t
z_jd+ywIqONq=;hh7`$(JoxLluGWC`#FVV;`Jv69WDn0e;B@x|AjUX(>KKK9#yp;be
zV4dWzn)nHA1TZCkmr6?zCk<`e?N(YBd>j2np(oW&a(i%I2Kh1?RfvqzWslD-QC&Bo
z?LJ;)j@|46fLLt7zlvFGXfD!yizc)fSr4n-ZlPE$F(0)lCi%;6<BJ0?c1eF?tY~^=
zFAiC%Sg(9qW3m>iyZIBMSc{TBUm|$&z#s|{+!VXc?ub>?VN-#gr-~pc&VJvmx(;ap
zr&+=3&;d9gXEl`9)$%J)P>y}JvwlV4PRkrnhkML=R;3UPS&(PoK@~$gNU^1oWuCLf
zJ;cOOE!kH%aCDye&F6EXgRj-zdGcFghKmwx19{b>F}-qric9v=t9*?nAFpY;s#FZ7
zNX4gDELn#QkI@<>POmxbp6d5cty?iCoaA5>uiH9t29e0g&;8!_+RN2|zgOZ8fuLff
zLdxg5CeQly-zeN~`Wl;g^~F2ResQlGd`257l?UN2m>4^1h%0Y_apllBI-*y%A};yM
zw2)*k<+~AqP1TfN7LR&kO>8HV1MmmyKV|caG1e^4xw4>@4HdhYV<quDGDYwHLNV%w
zQs7*BHdkD1L?oQx%&+)p@Kq0OqFENMiLDay!lhA!>B1(E2l|p_L8(G-M&c9F-16bn
z?Yl=`+$U6s@bvP?Yz((6`HJRxCY7kAtA3i0^DCC#Q{||d$S+X=wrt?th}Lg9e7%;j
zc6M)~f}lSy@O4TC9B-B|=q|sYeCWns7dLk$LlsK-vp@xp8+7B5ex-7XXdqe1h*pGE
z7^#WxjhaTS?}U@>T-1hbXJ1=ROYq1PFzvF`<tHtM)k%okQSf*<PyE_-M$YsQk~wk&
zI_G$L8zLtaBMwmBb{}1xS?fx%^A6%Z_YzP~3DCGwfi<Qruj`PY{Gw+890nV4R#R~g
zGoB8golI(x(1j0{P9-)nl_X0_>^3N9M>l7tB0VKUFF43hO_VE#$J5hN8}?FOyydf?
zx+4_x=SLCHfLI=L4TvNjziQrVtQNW(L1DPlL%?r7u#pqOqa@L3ydZV?fa^NwtT^X2
z&w+wh|KBlo_ViEYS3lH^(QT7zWf44|QMpz@x;|7K_B)SevWFd~{zMort8LM}99EE_
zU^RT`>|>@=sE?7t`{Dj!`at<t18y=yWz+NS>mpUVLYG%m3z)OKEDd7mgZ+(uK*B$W
zNYx<gH8bOH!PIWf)b}y?LTVB|>Q?_=%@G_e!ozi!{l23i(wr#JQ10}JChUHluNY@=
zt?->(nCl#E|JEHDj!UX%Np-!~D-Bq5B(R1-){8nA9@HXje_dnTdUoP89&jxtnVbqc
zD03mc;L!Ai8RGw0Mfg{AGoFsVm%Z{%Q?Ttdc$7i<wb5cPNl;sVv#l2OCZ&7SYsbC{
zz{C~1XU_Rpht;^j10NGR?kx^_Jb=Y%=mmL;ZMVJ1p2+>+U2=Z0PW`O=0plN@YxF!n
z0ucfjF;7G1^J7=!u9_cB>Cxr7{u|%Qxye}t4AfH#UGr{U9_&Ny+!_u7`9P6U&9nN{
zY)Q3)$#wCqIqHSA{F$pWEp@>cFgHQSq=tgNYW7ImAFz1;Oh!$3scY)&A5W@ZraqD}
zMeQO!5-%F9!$EfTgn6|kf8xlCuhBKVDE$dWiFz9073ucbpPAp!oOK%y57lA>3iOAC
zBR^ZFRnQE}f0~>-Q%=u7C#Sn7{`QE#_Q6*i!nQdIh>S_DFhk-!YRku?A7{(HxktP4
zE8}>@cqM-^J;Xiu%%be36z+)*)BEymq%ivn7dLH+_|xyGCb&6f!p|7xoND9Twf1SQ
zsr)V%ufqo@Bf>ggsYJPknE0je@X{_9FUEl_4wZ>%?gdSTI#TJHL-nXR(%?avfwH4{
z4z}?P%2?nyC#+Dv&~qmJ#>@wYpu^{ib<RXKqk>U!n7`ugN2252S*a{X4HKeOxUAK~
z6Q|xWm7Z72739QahH`G>>VA0rI-l}-kq#OL1E%n!U0p;b`*!N_pF%<H=30t*_B?r<
zf!b5buFPi*uzL^8UU-Kzk9|0$<iHbt!`ShLs#Ly49meQTW-w)uq~yr+S#j!EVIXAA
z^IQEEX1&Th#)8~s*>P)AAH*irl;o1n2R*LvG|UDrN9EkK86@lqb2E({N3(fU1n;<j
z8rS}^RAQT<vOZ6Wcv5~n-c2nOwI?F_$%yUu2gSPRMsC@&+MMe#n!OQI`beg(SJ990
zGeRxA`i%q-xxIH?qNWYCUuIq>N}xcPrYy?p3c&dIZp_-$T5Zg*GWnU?I7LVPD=Amq
zLdjHXTww9KbDS3k2UR$9tqVai%<=2}AduwT(|q0md;_b>r)v>;E>-2PZa=DFMTxim
zeO@w!25#e?zjNOg)mz){e%f9KeuI;E55M?>bf|4!GN@!%ugM4OM-#5KIv}&r78A|I
z2{2ySyak7n_UM7=TH0P|o-wgN;NF>HzACU11yOZf{I&Vp`3G#~3=rU2u7!)<Y#tZn
zN+K?ECPnA?Pr6cX{&<odbY9mSr5jb7kNu)`yB^(^7filb9)NkKQvCff8?5038c-|N
zy8QqU=czZK^j4!!t@$s<$p3gsUjA1GwK2#z+b&X4;9G5Ff))_gnfcfXYP;J&Zq#`*
zaK?ipEa-f_n-O|h=sW3R<)+Q+#Cq+50^nj9+DltpKH-9!UWn|#owJ-LXtCBWnRO9q
zBb)@)CDfHxv)cHqsiBplBvh1Vzq2$Q$E{z@O3dLFZM>R^yi>H{`LnOat0$0Wqy(7n
zE~(e;n6bJ`5NaXg?xIji?!d&{^Tk|)B-Y!Az|%y`UnY_HCK03D_PHp?Xks&i;p3>p
zi${JrHxKk{C$Ry20m-#z&2(Li!J9%{L2tGr#&-q~*9yzWzASv+Udy=Jb_HBUF8<%+
z4bOGIe}w<qXz0Y)H-NQ~j=D{4$B@|STuT{d=A%HAsgt!-&m9RH-`&-v)i8v_S?Z=&
zziZu@em19jHSoUav&d5XKo?_y+FXS&Uh2?Q?)liv*<EdGi<7L47gdb-*;==c3nMqH
zljIX!7%ZgvoW;G0wGdYqXS-Nv%42?V%<ZhsKIqig%uQV4vClV8YR|Np?IjwG4%s;P
z+J`k8c5Qn)2|hWrfX!k&Hj8IHUs+EaTy~0R75RPPae3}}GOR97W$R;(Y$t~zsD_&g
z^#170vfmm^TW*@k)qOU6R^(in9LgP+1|QyP+;@oZ1}MvmfUlZ&0Gpf*Nd&Ej`H7_A
zUVbp;TFg%k+6=$72SB_!wTM$(Pg=)N$H&)_?SkM)x6!pTvebE!@Bxh=h~dCgQ3E|9
zbk4zU+TcP%?sA7Jk*x&><+CoT`shY^ofZcOU-C09^>?US^KhWYHP|ds7q>!l&YO}i
z@4Cvc%=StIO&ed&dKl&)uyZ$d472x8-R%Tz%dXW^i;!c-a?J${_pTh`(i_{&X!|Vu
zX$Rg(8^YT+6zaL$P;8uE6HNV4YS7rta&jFh@k?Dnz7?h9R4|&6c^4u>=)f|qbado<
zT(C)__){QMLSvRa6bwgGaY@<APYuZAL;jN`;6629sI`p%;L2oY?oZ&44lX=gCm<+e
z-|bxdjAmOih+)*?>!^EPeCOo4IjWS;<&Ps8``bIVnUCssT*&g_BRLTXW9IHwCP7DD
zisqa~BVY6u87RYyaj%g|nDF<qv(G)b_WlIU0b?E6D*xeiWtA#jH>E6KTin0l^0d5L
zj~rD5pi!!fAO>o+q@8p@PWgN1pgI#KM6+35e&^}_&+Xaev!!*|ddU`x38tFJyX$3C
zI<t+*zbx4$3F`?~Sw#DDimPd#%5Sd=*87%nnuG>(ES1jAR#PaXkEam<8+hO=A!u{s
zi?5m6VedP`Lq<5y_$hXRd(2(v<zhgzz2-o~aPR;=!D^>602x8Cr&n!N`9ORA%x4@0
zzL7x1BUqGI$yylrM{kk+*1+C&Q(n{PHMy?gZ}aS@6r=q_UrVEl2HTq_D&CFxknWwN
z@F;AdOo_8>1_$Jy6nYp+MXtctpkKt8W3uN3j*^9ez$E_X3Wo83^;*!)xS|6k*f6bt
zkGYN!dnkoHL8XZqdx|M<NceRW8p#g!FZVRN!%Nf{4AORi1PY4pk6Vdvf6(Pk(8V^D
z+a5ft2)@eAjc)H|jL=+|xhsbX%}LM>dm{p(wo{#dPOqdc<C2YOvC$O~PH5!U6(jPZ
z5*PV4BnCQEr-?H14WRoq<;jp@3@T*LBw|HANtjxLl}rpn7(1$c=fHC)G^_`&$<6nz
zV2hm*UKb?zy%bxeb&~`r=IhnDP){EBKUWKFqNu~1ym@3~d8AwJiUQp^QI|4!`)yYH
zEKqJy@dX`_xFN)DFv_Cyox3&0rNc6cgFC9z6Q`ZGin#Ofp}&#@W|dgt_5|x`R8ZYp
zRK`~Vw&N=5Ig-uz)cTv+NulqL$W(76_%1zsJLmMD)b+XSG~yS|X^E2=Zq*GxfZQwR
z&MD8`--P{z;Hgnie7WsShYh)BOGE--KQ4Xn{0I5f{nSuRKKDWQIiNA^d*X}e=>Gbx
z*wq|Mxt-5vE6sRLCSUY*Fkfn|F=M{Cn*>h4b`W@g#3vGQvI!si;}f^{7+EYB5V^Qg
zmE}o<hv<gyXq3;bCv8=2@{rD!H#PG<<5uj>a6Re$m&DFd*Cn3eYoFQOu}&%#Oiw(T
zN`D(0*+9_P58BP`L<ugiQHsz3$Ee@iKhb_2pZ`D;+CN{uBUMibb%(W^c|<;z)4%s<
zA^Scl{`&8uC6tFAS3?R)XXmsRjl3%Xg~~*M)gyn<&D&i}rVT68+PXb5>9}61Kj`h2
z`P<md`2Rb_=mC8uQLO>zFGODdDfQiNroctx;H?#K<X^iGWdVl!<b$_?AjNVS699ZN
z+UzO?9sq;6H!OE_tLW8Fp}BMuTn#R+FwvW1jalvd2VEDV+cEdS34F`h85^>EwRs%h
z5$FI;*l<w4|L^*00_^`!{p|`N#O0(s2otcT+EXj>(?})wcLSlzSJ+iUW21{TN5+)E
zZ)C)wL9)?E=`%R0ZNXZx?mD>U|7|QeGXGDx3$*MGJKm=KX$LwC1|9AS%^45ws44vf
zKOwRkB$6ipR}2U)%q4y2Hm(t2B2{Sy{DyEmCjNcc|C_($Z|ai2$L+sQ|5;rykfOk~
z0LPvgY?{+}_RIh<VEWEuW^j(_L$1G)l>d&Ye@98<mOHK0Wtev#{<qW10c;`v_SDV3
z$^Q)Gm>)N%1*5>nhby93<lhnZ%-}iyAGezS<=^r@Gp@>RX0+>1U3CBc=hnsIpMNkx
z{C@VN;c=8b^^Lz*&P`qSPSLCVZ_0ndUO`R?C!S}7rt=4bwGlUYPsiWqBpN}!?IA}*
zUN2$v*=`rJn(rI7PuFJ}n};MX?d(zR79ySkI9w%J_M~@nFIA>;8Y%ZuueTqU1EKXD
zBE0lE-;ia3`49EYnBS#t5iRw7&)l7R+>oU7((5ZfI$oaT{iCAgbSLCB@6G;TZP_6A
z;AH>!oLKs^22H(o@Ngm>J4F;!&VMzJIa#pLHusfwkxw2N2R(FdT&x}RY&_4^#TePT
z?M>Hnnu|BWDZ+oE>k+o}W?r_vn*hyI%upp4>Ko~K<koWltZ%iE`wf<A3sf+B4PCV_
zDOE81$^ZSdIbJBf!t-Rvm=7Y%&%wTWG(ukyn_?`nl^3#onywytS~Hf?jpihpfX=3n
zmL#(vSHT%vA=1AC9DHSAmZ#p<2w45rSrw#Lv-(Vv!QzAbp~TiJju@^2wdVI2kkN)3
zqwspk)gB_aFh~+_rBaU?%f$VdXZ+3FWV(~*94xDI`Y`e&NhW_AN0nAKZNB+#YV9$Y
z7}H5-8@1=TXh4h-6rz33D`R}TC@`b_{e{7xqyzO$RD(rsGF^Y@j2IG^rzP-L5Q%WH
z5bLqzxAPk7<ka{qnre*2$?;R;bP04iLEf(3(w8;`sTPvQzw-%cQ#hQz-7t&@rMxvg
zGI;dMU`Qd;ICT4633I9RPW09G3UK6mU!ahVPAtZQwEKe&rKoD2)L-jI)7D|Sh&In6
zCXKH~8v!DNLZ2H(&15pm8uDtrzK#$60G?So-v~jYgIZfYS3jq}9WH^fA)-?2D{{&j
z`BF4^V|nQ0W;VBhtnw;wexSWuIJ<6(0kGj4lL9=7@W-;2Jg<c(4~pec_QcAgGX!T8
zxHE)@oiU6wzz@qBP;*VK1L)gO({GoV#$sVuSOiTnqW}(6;D}N&Y2v$Jxc2PEV+3nJ
zVf)f59_i{re|PY2nv?0PHxg6LMcnoI7IBX01Q(8HV>6;+#-vy#rTGj6%T?^ig$70k
z-<3IG(~>ylwX&{U$)EFUeP>%9{%v=EjK@+X-HdwK&+)(#^XajB$SfFDqks7|G+ZF-
ztp!mR#;2YL;}>(giQjk%u{pa};18DeV3c%Z-92FW*07{`=B%MDN_gQqId6~~^^s2z
zIiOOXE+Ki`%r5*SZ}wRX>wfF|y+8U0Fz#Dr^;@Z0+^KiO7~LL5qgmUy-g)Rk_@L$4
zce|~$T2e*`<}HmJ9=8FMKSc44Oqh)q!a6=zvI~9Y;d@G^r&Xdn#ao43{>JUOE675^
zZ|V+~*TBKr0R=)OaoeKMYb2Pcd+0j8hc)&91#OIWd-U#eps%cnXy~4-N2U3GG+`~=
z9aZ>F3*vs`6Et&tN!js3H3{(gYG(EetTtqP^B^il=D3CWs2){yn!)WFP$_;IZ>l}-
z=Nf?3WXqu_MDb=WI>M6}ugKg(_OM+-i|$L?*r!zn1A*8jAFY%?GkwQcHy#i<K}lcK
z638<18^uKFxavkd)Llql8t+8;p+d%~$indi<5VDaNufS*iNhaEu9aH9>~_!x7U)w;
z)J~~g`?Qy2U(kg&(4mkQXy1kSZ;XKe0nH<WYd0<hU6ad$L+-D&m+Q~k;k9JCG>+K4
zrye^$I$p+rT2hf!T;S~gqIy4GTsg_C5qBX%1>t$^a-hC5?2{PmqPsxa!GF;puZ;%b
zG0l4KL2&%i(@XwQbV!wH)*dirf-Bt@RA=Flo1Am+`gx$$+Ty0&1K?x>a=+j8c$dLa
z4FUO-^I(hcuv!>Oh<5o$YA9H<<9p2r+O{DC1jzS=@@*`B*vKl*2PF(07%ae)cHp}z
zH=|d*Q$K7C23|A@1@7~N5~$hh^T99kc7DqX*?SoZYBQ=B-t(k6NNC%Z*7yt&6qcwF
zZ<*rC{%rIS7r}%cH;JxWrw%gJwxBys9@#~pqUlhp3~;{c=Ov-l4lVS5g|@fseRoJJ
zGm%AKy|PZs_yOC3vvN-Qd39Uw)oY|zO>tcMqa1YmF~!@}zYk`iwxL}jPJ@Z<m8j%D
z3Sfa`45Kmq3V?{g2(@f%p?|=Z*Y$emCgsVG7TP|`?KNXa66b?Ftwq!*V3dspLYDM)
zKVN|PcW@uma$B4*RFt;ii(6<%kx0N3#R}Fh+X&o?MiylV8cJ#fQVt5l`n@I%W|ojZ
z@!EG!?}P3)hXQVavyG%L+QP^5?TDeLQs8OrbfXKl>?CBbf@0X{&<HQy+=$eJAfZ{E
zmZ%5ue`4gwKbXELEFa=*aB3PfUctHk-3?;c>aw1zti_MuGik#ycU)0VIX$grB&r)#
zbBBXV*OElFX6TtdMadiu%05uvQoPpYzgEjV3O!nc_HiR=ny;Je?Swmu*5^%FtcMpq
z{npsvJWyKU{!{t!SqA&-j8U~K!8aocho~6;n%OxUcJ~&vU4H79c8`ZX-|D`c`s%sG
zca@kiYRVqS@SrDB<|n=T6C84>YJyK=&A&)Xx^f|aaBAdb(E9a^_$F=8ML{l0m&54e
z-dlK@G&(PMndoG~t9cMar}?#olU@A>)n+pd=u8kSqvqLBd1gBd4ae9Aq_s$^0pwY^
ziTvlMUz$cGKVm~AY*DYPwXhH;7Kpy|+C5c~g%xzEhzvJCBmnyQ3kQM-h_mRp+d2MX
zzU{`q^hSyZ8Zu<W(p`w9`Eq_a_Md((WKwQ!0(@*OPWDl87$Me&P8y;+zSHt_CFiPZ
zvOXAa*~q(?Q6I5&wkqr8yVga?gg2b&0zXIG<-qHoH@qKf?D!|cEVhNHcKb{ai+$9V
zfEWz|zB6r{)Kama8+x!czXw}0g7k)mZ~vE=gv(jav<YtNny6&Pp)KRt!bLzBip5Tb
zz=MtniVk5T2!1V4@e%c#dn-?l6csSs<WiaVe;tpj>wKMT5Kx|`3uYY`zt>#x3Y$qM
z_p5@m*7NZ)&Rn9G3}A=$r%&Bp{WJ@~Jx@Q^k+^5E!qo{ca$y)j&Zl5DRe{+A^BtNI
zMrn9FCrl~U9$bF2i6cZPN*nDZe0Z_#4JQ1Z^Gk$qq&fy2wU1|b8{i8uHhy!QO<_+<
zW?Bnahz+P0Tz?%sBzjxYGDJZ^&ivP!WYIJ*!%l77oOFly_o9$xsO>FElYDn!PHCZ6
z=PJuw@Vq{DDkeCfhy0#puL^DM71|tVU2ZkVkm59qpuOD4xsJusLjJsVahftb9u+`a
zjvh4hnh)rM!tsIOu{I!*us>_C|2m%2r15#qh4{%_sy!31oWgU?#~38=qVA_P0q+v>
zIci|S)iz6Q+08*1-CW0jBhBf!_F4j1r&!jD2F=DA;~CaXAt&iYWy-hiw)>Y$gnhz;
z$$9LD?NXCRgD!nZm?o+Xz7m=Fx%*1^CSTLfb?KG=QadS*?nUJNX1R8<SitrmxqC5p
z^$wuoZECa-=}yhHJId3hTp5$WiSbwn-yW*zn3=w6X^Gz`9+>FN8Akdt1-5UXSmX6e
zJ}d3D8ljS7Yhf3TLx)a@)R1Q#MV?r0L|e*{wP0WP)t#bqUA->w((r?Bolb;lV)}Xf
z(&#eSth#}yvQMXm2Z_OU<;u4UttCBBm=wZ)*G=%F8R9kfwG;*!>zGb>_>^zc>gzpu
z`^{U^aPZ`3)Ifni?yYeYwWdi#qf(^ce6oJzWt3F^#ksNZvhq%}p`b`TAQ1Z08NMD%
zG2ZaI*}aTZiN)ya1Hu{!7&7Wyu9vpvr;Fr=pzX69AjSS*=ZI^ux<ta&JxJ!1j!x?C
zOoA{Y68DaShzusgY&yLgqt3q8&6wzwlMu!mJ*hSD=xbn~#i;e`bH8cGRX~!}MZh#;
z7W#dEOH;+sIMCngNnX;Cj$jhMI1g87ndTo~^tt-|4z-N2G=bQv3rmyDy$&|6eKSO@
z>A3%O77h2#i!mS<Rx8mdUHxeO{1vAm>d=19;}Ck%bln41861;JwN>xap7&McIhg6a
zJ4Jc(XqUazNw8RbzGgAmSigc^wW~?0lb_eS7j^l*Q?P%6CI0#66S&xfZ4{lC9&2;)
zgCIw5+uF*L#93|0s-`>_3%Bv`QbFr1Fg?w-C@X<n4C-lF=ia8z?JCPa+Tp7Dl`c3N
zg>De9UV_hG*B|~)pI&QHg84(++g#%s2bxR6fA}Tt_MhyVyini}9lj@M{ra|@i{F(+
zpq+!pPamdl8>qR~pEYpR-E9CGT+thFDIB<QSZ_W83fsN?|DAOkhJXuD;T~NK{sU(A
z_dlP2!}))56duj|?TXG7Kq@aI;7y|Yn3uim^VlDau?OHe%AWnvA$WRdG0REnX0)?I
z0>|bcP+Q{d7<rL%m-34qlFoyfF?>FT46R~!t?;{d;usE?mK45ys9A(kdfyx!$mD=W
zB8i@K?<2mBq_SJ;Le;2_)yNUH7XKGdu(MuTk(emt!Iigg%ImEYvN2!Fc<(P9_F}O<
zD-*K7rTcPO#t<#?W2a~f@YBe(KX))^jIIO2y2Wk&9v)TC5r^(f_O7`sQn3-})WfT8
zbeRO>>aZ6W?dDRY?f(b;Tub1asWP+GR+<B*22KY4jSsudIX0AE99%pr#NRt9l4Pg|
zaz2IgZzCAWQVug#BTJIF>UtHsOJe1BTV)8D!nf#AH9uw-lPdINvMkD>$4%-Y3B*uT
z>bwZB2mFSE0^%7O<bP1G*gxIMZm@J9S$Krc5uVq&JA^TO7a%Qow4<j55%ljTrQvAe
z2mtb=gShGqRg)*Xh`=0?)vg}GM+{Ol1?-}213aBti=Y0g#(YOaWh(Db<FnFVpCfEO
zrNqFpA1}DM$ch;w8<iT&Xs%%=2XFAbCs}*9hVh#)seCViSG&w&@L!X6IRsHUHaYDk
z#3z#wFM@;!VIFWXgHf5U?WHL%r?W=@2bra~IO#%QwMeQ|8Ae<1mqP-Traqf&t+2|w
zF7WC$vhae%9Qz|3Z59&SBrV?pG1Ps|;+zLYT0Nq6ek?P248*x5je+pPa{)1|+Wpu!
zW$$|C0_7rmkIi(9Da_h=n1P;Ma_M?akwg{+9uy$D+d=g4j0gTV5nGtOwKaB6lr|jj
zgV|b*hJIxa1+`X*a7rHo(mkP%@gJd|)hxoo1i+tbL`ikMdSx1dq^$V+H&+TnJ@=pS
z+LY>JO#`ws4U*${C-nbKs)myZ#0AN?5@8FcUW842)n9-c&g`zP2LJHX!=Q)Pqz_jU
zXwlp`+4|Zn4_PR0X~F<x@aDTnalc&sG#+M+mMQj}s;b>J8rL9Rd5xLtr1k1IzsU`A
za(+cp>CdpRqCzopytX;jmNCH}-U6<ZGR6?ODaE(dY4am>$=Fx}@WYyZKvM?M-O}2<
zE59S<XJ#JxkxenXjBnb)GJH_lBXaFU^PLZ`6;xHtUB-h7;L%!--oKwV^x`4zku9QK
zxP0@3ZTrZEN8eQN(}IVa^*hCwgD~vsylz=0o3^YK6@~Y<!{P<m2B$&1wRY3W$sr=y
zF?sb{3crng4~eVqXTl#+erTa#FUY}$iU=Aj(J>(9&zLXhAgM5}fm%Hm^OA!B2yhF)
zG2XoF?w47_Qf>D)nCV0LS<VXp{@ESw!1-j=*n{mkzC@*>ShNMR$)Ujcb50fgG~lr%
z96f-FB~B|(>l1K5r?YtOdl!04EP;cmc^^gS$5i1frBp^g3o0~-=Chs#4F<$rxAID+
zN6u2H)1A|XP!tvLN+ynM8n8g$dGgrqK<<lpf#Rt4bO*_0wyNk0pLFT)&=&$yrZ{|e
z*~$!Nb^y19)}mqzLl_nS=Pm)XX&=80;Xny3l*Lk1SYP-(E%J%F{>1<X!HcP+#?_et
z2bvgGIa@dcIV3yTd=+?rKVZWi3_%ucGBFAeH`6S;gVQJ?kC*=E?+tct2vTlS`o#dh
z%Zjq6lp$8UBq*@^m4P^)Ets61Si1Qci|K1G0-cPz4)m%kZE-gGjY*D+`8_NC;>f1r
zFp+HM+hL!*+3`n){O<GlAIx9|1b{onVpgU{JfQ4ZwpJN2oh=x%7x!HDR7V;V=(MaY
z7O3=#?m<|imP0>u7o`phOOu6t)H;Tb^bN4+WXqq1L$$<*wt=e58kCN%!PJYLzu$_7
z#=T7lbY!w}%I^OFIHZzvgLeQ%XS?wF6ojD@H<|z#cqm@jjg2ZpN{nx_b?97~9<dY_
zjb$enQ>niZZqA~@c+(|of*#`VG)b$Cg-nyG-#)0|YY!XlaFxDEE$*RdX|(OLY~mK(
zxu!?>i?WV|WCjMUgh83tjv9JHM@8Jw=>nG;G9C?b7_dr~MHeVCYR>VqXTVM#Nr5^v
zxCnDwN<9TovLemO0i&zvNmh3-dHhH6mOM*6@$cC{_>WQ9RE6_Xrqga^S<Z<^unV^C
zcl_iATor4xpWeOt!XLGxJRkVXJ$9?$K#3`OMe%`Rit;UynSZY=gN>9Glf`oll8BO@
z7%UOE#u_Y`9YyS!;krM8wllo$FX1+R<u+2KAwb;*NbuhLHo$5zMr1-U@_-W!o;}NG
z4V3&iQhjU6tWt+8l@BH241XW+V^AYE6~V-5Fn5cFUIq*$O_d&Lu|>oPV507K>ZiV^
zhb*vi^(cgS0A{%ypUpjMf`<}^IyuP@P=Rf@u5goL(PhZLQG;6aUn}6vVW^V;RnF5x
z`B^8M)+7~A2!d$k{Izy0q#R^*QojGF1q`Sy%?yB<iu21a4pc^y5bO+VCQ;`1cUBZo
z@<OZ~JWYge(dakdk%8N?>#P`hi}G0hgY}duY;|%{&CzdOVTEkdi1A+!Us&o~?LQ=q
z3<}_qeon|=Fjs;JnXn|eND5c7;jo3}*(>*$gppAMlj8$4@Mz0Xadl#7p8=HfRnl!q
zYo-V#I*Y}BR0e!KY|v1H7vM93hqqy{=J3|FHv~;ZS(!Bub$>hCjAbJZEJ2aL5p~?r
zp<Gf$_UL_QiWbec-N>C}VT=%DdOoY&IM;4?%(y+@b)Y4=I1@)jNyit6()|hzkc&ak
z)DwtKov(}qWvrlUIJYW*`e$_>2ll;TCdHPe?_5w#%5z$b78DE}=!?1FQrfpID|xk_
zp^?=^wZN4~&doMvxU9l3NUP04Dl8QBZd@|FQRlSh$P~&boL6#Z?_qRpzki?(p$n`R
z;<!E4!1nkmfbG$`iiuc~QqpLhQ6=Kb_U)&77crytwePzL3%e2un7=FJjkI_K74A|(
zGEm9#Ap{9h$F@zgr(!2p%6>=f`u4C`H+o%8Z;bFEYD6kJBx{Lo9W~i(F&j3B$`-0_
zLhp#$_krY<`<JJyED$)C-~|1i0@w}rXVsKr4~z8N+Vb=0i6cv}5fifz$|{Sx$=4_V
z4LDHolWip?#aS1FmI9GyW4BOr9*LA}Af$L(jami(jinST$ia32)(%_~9a?zBR7rs1
zu6kFULfemmjujc~#9iU|xDCwURShzzuTAZ##!%+uDj_TCW8xIeYZDbH-StnQ3DRut
zq(|#1I~pWqKc1*G1SF1c{86-Mkiq9~ecZZebHQv+QNmi{v11>18UoHj4I`Z31(x!l
zw@*!8O8GgNM~*yu@QQ{#<h}w*60<#<DQ${alpx*^MXu&jLI~N6{>Lb`PcJDTxFZv1
zr~Ttz_gJ~jiw#KSV<wxYMGz$$DZCn0-M@xe?&)a{a&QYrsexCSCGU?DZzQg0iGd<G
zs~$vpXRH8^j-?-MhAz!5$u;@DFRt*5=`s(x4LKrkm?SBf-r^I!0?cAxP%$8Hjv4r~
zIa)~l1Dmw=;kLmO2(T66ac`$%x9$}_MiFF*QTdGPK*wJ`EK5KIC|K~if5klD4CIJf
z&sF~##Vh|=CQ{>27sqe;=9Xd!lYttyg`|k1>rKM~onsmrZp7RA$9@Vc9}lte>6ni_
z3`x?G1*i;Y8<_Gs^Od3kLw-2M<(8{^kx~!u7}E)C7Ui9EEEm1{Q|G7~Ygn7_*_a46
z{uw9NHtTGm()2eS-F9dO*wytOYoVrl6WibL?a_{T$L_(Y2H&22_0I3?8+k|49J`=3
ziitplYKVIHp8Mr`i<HOSzh6m|78Laz#b$||vE^$U+f}z-*7x9KLoCGz&)|`Ol*gIE
z+5Hfm14nXBVsA-**@5QqixR4r1DCe%7uoiM%!hQC6D_%`pR?i?&sKbj1#@gS>#o~)
z=B~?Xk+r!|L_NpR=X#DBd)>mSNy^%M-<7K+vuadFn<Di99a+dIsKxP#meq{H4{RDY
z4@I{-IYLgu55Bo$1SPz&f3ATS@TEjruKfcLABtl1GMpSpAgqbI?8s=ZWgQI~Vcy^{
z#|BLt454o!yp}O9en<S`g5a?M8xQD^t&Jos0aGcPOw4@*VLy*xnbriy-<cZwIa;xU
zX5`1!Ge5tL)Mi+TrId?}3e=I7rNu2?te8x?T_U=Oyp<k9?fc-_^H{-fhjPzoBRz@1
zCf@{{Sz6Kfan10UXnU*cZdgWn6klk3X97;3i-;73Yj_P~Oa@8)*5cj|H<VwDRV_q0
z1*gn^&HGzQxnHJzZYoMag;eUIDfZ=+*_pA;Ue;rAgpA;(RFOdYn$C!5Ceq#v$F`6)
z@~<Npcla4sI}zMQy$(HuU){|c@~9Fw-X>D>u=Yt0w7nC#B2ZSX%h&OWtKX{qcF!oP
zKJWij_3iOYxAEWK9jsw$&YMbe%rP@oDr(MhxE(i)78<csIw;niMk5(T&Z}E;iVbsU
zAy$i=DP$D7Bc&ut4%IDrzWtu(^*pcVFVX9DeXqmk`W)Za=dC)H-OLa)OjrLW|Ks4J
zDdN!v;7nDlDeD?iaER9o1M(jXA@#?&+YM77u67=Kfysb{zdRMr#pXTJF1*oVF5?tc
zhRuAno2T;WfAi@iKC;k0i2#(=RCIc}QKQ<xw@3v3&{NFK0V}JOE~8+zw2NKXcF3s9
zvGg)>x;EX@=eo<LPV-(4PemUAoH=^iw*1Cf=^#Y5;rC;b!@e$JuJ*Ck{d)xlj=D@g
z2aVgeyp;CV3lBvfY;yfEdTw9LAIS*?cbflt1Y8Ktr0a0@XHbNwRilpYCdlvi6>R>$
zbT<_WN`L5Xl;wAx2~IJ~lLGmSn=C-)oScga0PEmp;N2_2i78N(6@`DMD}N5r@jmp7
z<$CY4A4sSxmQvk)Hql;-5jX+ustbMf^2rZ&e|!1<*{bBc7cL$csdx6T6zQ*qBKI}g
z-pX{l{VvPATAkwEg$YQ0jncdE61}(h+zeS}8K=~N`ODFwULtiSh_S6WdXeKPS3#w&
zf2>k=ihb8dp&0gDd-@RUg2#M#cza;n56Y&ucDo{j|M}2g8~PH1mZD*`6kiJ-*WNmN
z!uq}O!vJZGUavjMcAzOT)KHC+3jymS;9i{Ke+C6{UZ;saR1oDmADYzsiFWD<XzspT
z{@a!)9CKLsB8^bIKQ}i_aV)`DS-32#nAl${#ecE^4t&eG2R_0()&7TWl9gwC@7@nR
z=OTMg)sIirB}*@dQ;?ItvZlRZ?>2)JC>IXys|)+%nTQjOJ5S0PU9djcrvd@ED+8lL
zULO4={onw#w=O9?^T71qc!(BFT)X3Q9r|{6bHbsosf%s%PM|voxE2M=?JY)u^@q2U
zAWxwAnGi-wrhb-2?8q6P&8`_oEAj3BA3cr~JFMt+(_bf|?NW*z?;%Xr4Yp|*Rv1A6
z^Vw<#eaQ()qvHhVxGWDGPUy8tE^_j8g=s1+H0jg6z15o{XQv<fe~dXG6K*B8Ugt%J
z-;Djc4lw#6#mJdRJ<(8#>kn?`|9ceL66Fgbxp>DaDWF^tdjgyI2_ue+6XaK43P4I(
zziS?DaxhPeJ3IF8Z<qQ@d(@!^eSd$NkJqWu`DLa3tv$z}zld(h%}=zgBE-92Kl`gz
zi*+;nA^38-{D@ZnHO+`YE2c9I<&jdhKZ8=HdHkc+KARVgo@#?*<2&D<b@BWsl;hXn
zbz4F9iCL1i`}pmJ(sY7z_mgFixOVIJ<Tofid&S*ma9YZ@<ZbzcPPJjD36$QovVD+9
z>%hIKieB+6pH+5-aOgVn$PA(lQTb45UdRLbE3iT`-l4aW{b9_mwg1}b79NzKu|&%#
zxI^NcWQS@C8vVB<*y{b_cAodOIw|^Vfp;`5JJuBJS9W`JX@YFFqx7ur`>eqok6fgn
zNPf5BHo2j`23=iMe+U?vA@xrMzUCD2{z=g~^emCGAGGuG#H}mIulllX5+r|dv#$?t
zPRq4d*!|(D-xat2!(~#|oJFTRIA9gw?T||L{nk47{oH7i>Qv~Y5T<3mUs3!ldcu1O
zX&P|G)E5kT?Ckmx#Or@WYv{7&BmXeBq^BQ){&)C_`k`BaPCjn38ey*GVQuP<WTe0Z
zg#M+@Q<8nk-SP&p?~{2MM>*qtjFQ;iTi?6V%1#X77A>v~UD|VCZ|6tHPi6149pQl9
zb?2D7rnyd)|C?K-HDbtiZlds}>yN+3DX)iad)+nw`QNW0D?uugh|B<DPL^*+mv)_l
zk6U!U2PIKrX;o_eDa~;>y~c=lj4roVcBQK%i4Wesx3LR6l^E*<-u<cSeYW=bQ`OD~
zm>;TpDp5OV-hPG^nqEl{#Wpd9e!n$U|M3PQpMWeQu0Z&BT5I@_Ew-fr8f4pJwCk%+
zj3K~^6KuI79KYYJ*rR#=sT7T!+Y0w;Iq`52*ms9>;HEtg=&?<xMQK&tBl~FC_RXli
zj^IU8qa6=6sCHF>(2;UcQAOjJ(v4eJra4QfsPCTSkrDkusD9c*@utx+8|A5Y<0)S6
zFfO-X2AaF@((X1LvX4ai0VS3eB`P*Yxd-xV`c9~3*+(Yp|LE?A4zx7i_RTg?{A-;u
zdNyLaHoCs=)>ofA(leXr{Nc0FzK7FL7s!IB_tj(kG1)V|LQoxvmf)BL9;4yHfioYf
zxwT=Az@sy@w4LsWi<x^8T}r#3(|S;kWZIU;us-w`HsEX1u&hPVCAp!j$4ivSywh0`
zzSJ(g5ym}F;}7KbU3ObmY;w92kHB6n@I>M$-%@|@zRu13)CBcj^i=hy75V)a$UF1y
zTHFNjU&8|bW)LjGkCnS1`6zusvL5mXIYBnu(S6p}>HtUXG#n87s?&-oRp7%n(S=4n
zfe(62ym-}jpcBPz=1~PVZa48MbxrGa$o;ET{{$X75!lSXxpRV?O#}6VvL*OE@SEIN
zGtlNYZfrGkdXW^P5clmrE30H`(|O;}9$G>3rwYW8CVtY5x1cYk&v-v}SVB)~X3YK1
zY-rb;KUul(!2yd4Hsyme3u^qI;q!CfRey@T-+h=ICU=4Sjor*3J_mPmK0CIi`|!$x
zr=XUa>NzZ#UTK{mL&_hhHi2H#s>1^B%XVdoP`B|l`AH%;dtINFmn0Km?o2hqCf#3k
zfhQ?=Uv034{0GGGj_&6$3ih1!owu)^AZz_Os{UnY1nsEfalurznpN*%NzX(R|Iy|9
zp0?u)yn>H=7kDz@DaIpSvT~`yuY?J*gb7Yf*yZA8d|X&S14kFNkjA_hc;-v$Lk?+?
z&HT+a#8=?&tuB8=0+O}9?_?w`<n=IUn;28uoA@_nLF^AHMtWL`H=hkIKuT0_##g5e
z?3!8JuQq<(S4jD;e}N2B!nOscQajp$?p7%OIqwype>0jH<}-rp<Fun!3diEo%tob)
zgrgmn@2fu%Pp#9&8`P>6cy-4b`5|Q3MSTf$XB(Xty5e=~9N$vL<KO&d#!Hh9@7UJE
z!h2)$?RvOr<;JIq3p{7y@kagu);SY&sL`KkhwB#m!17Y0=rjhLpMTER7SV#dAW`RX
zeM7g*LPVr6kj@Nr^}bI&lF&ia(@ZS5F01HIgBLGeA4j!>-1U6ddYJrq<vO^#+_5-_
z&I?&%Th~yN8mjDaOnm0x82HJ2+T=5Exs3v5<pK};EvwmJsz^TFe=%kd^S}s3&vC_e
zDSrX&y79CWYp2(^3%HH1Xx&l1a%Hi9tiAd}$yyX8;CS6be$u@OvacB}XraWPADaO#
zJ>kOpYThdu)a+ddv9cA(B}Z6lFnbOQ>#pMOkA4aKv(mpwED3T7{O1B$uAJPe4&lWr
z?H;5LXBFg5R(~pY8{roq3lrD9Se5pex3kKufDwLk!v!0Mys7H{)F&L=C>JC_@e<b1
zabjURq7|H#XPE*kgXa&P;4`I<;5`~Lf?~GZ4K58eRY%LGLntOhp^;D&F3KyIyvF?Z
z;&}P<Pt|In!<P2xwXvnK@scdsHZAB;RxY<+Z7cNti}#Y|)4tm=Ig-kr`O=&Y9b_gX
z_ka(-V}h3Gn-okyRm|A`d+=iD3EvB3e_|n^Fs}-u$TCC}SUh|1c&%<4i*d0ktjYnD
z79Ie$<=4d>$In6soPt|vcdwSz>IVx)O$tA^r)M^Qx=7y~FxLWl$s_>-LxRmAYF53r
zdI7g*_e&V@kUCo7==fP*sToijiQHTTLMnGrhOrjf&Dyj`=dD0#kqp5b2)zD%emC+<
z#$kr&AwP^+k&zCzKgn@0zy?7|kC|X!aeUh9=q&64ZxS5l>-h<?^hf`GnSx~Aa{5$t
zN>JCs*EH4%;tLlQQ>#$pfj^?iOnt$)-tWbqX%E7CBH>C_2}W%(nAVsPxgb!Rxx$C-
zo`Yg4DVVMvgMl|kE=ZW{+RE~aycqBDrh>{(bJ%X9(?Tn{8*7yscwvJkUq8yQ_j9Yt
z9i#hJQ6Qjda_sf8Z8K;ccIfB-xwrRdzrb)Tdg+gtsMR3Lw>5}DB1)(NnxrM6ZY;5x
zLGAdQ>y)5+_5*nSuS#e5&AekoDD(Q(F0U73$$byyT|-`vFp`!HK<!2>RsE{x-o*cR
z<t-?g?y6OwdMNVmXMyJc6kbEb$Wu++ZNv}fRnK0$8=n$v*+yG`SN-2_zezsv$ZK*N
zQ2x<Ad=8;fHWo)#grWu0)xPmb<SJDy@9-Y>b^yF-6{-h8yZRCUOF^*NYvCeZJdJ`d
z=A>a9%GhWoq;Q0lUh&|FbcFxpGue-#+W&#Zx}vd(9Y{2@79wQP^CT@T$@!$pY;+|p
zC=b|tLE`=8Qc|;l*1`nYWU<mfom7dkh57O4qoo~!45R2HagZu=qCgzPN<9x=0D$mY
zx$ptEJ<1`WQaZAfD%FN0!AQnYrWAK6ICanm4;m$iW!qup<%giIhU2lqbuT8k;6<4W
za{oa$>E-_>PslERD+&cNJuNSQio5BsBrMuD%?80%FTEPP1m%;xp-8KIWKHm0h`&i_
zBVSjZ)CV4d1E^;hNz&Wcs1QI{KKgLQi#e~VhVzGEx(M5F<9t=XMvj&KigWGXP2=UV
zbJaccWX*tvYh-ZuyyY}dwo7!PWPn)};2;eiiCs|Eq0=j%YFCVp9)zj%)3??fVL?z7
zwM7}pDnHv4)z5PPK<3F+sNqE(D0ElT#jJ31fdud}e!)RoxA3GAApB7A>7|DsMGOGV
zb%fmg3M#1?(6-UU98j9<VwhE7;i6|i<(I$eJ65ts=PuBpl`-Pvbi`^MZ-t;tTI>21
z00ULY2%+zUu~wnS5;Ui;IGr{bPO}pHh2rO`-Sr2z$6Kv%T&eA_1TZn3AYVQHe$sD>
zT{3nJ9wftet{;$rB)Bf(bs_h0P84*Vo)43L!StZProh1%$>C_3i2duXaua_Y1ibl2
zo-@R(6gOz<+gJP{j*%_NBMbCYcr#%5_z8sTDQ=c7*+eG^Y1ShcbHQDN6QB|73}-zU
z{aT9~iSoVlE5>Sq9FTc12+x-)M1-p+>W!55X(I@Q3M?Z=7A|2^FhQ|Ts9LV_l9Y4o
z-1`u-K(b-j>s48xH1{immpHzkggE&YUw|(QQVl8y82K+{HGh@Nv5Z4qTsf~O(@!mn
zA<T8W?{LUlJNNSVn+n8k+^~}g*M>8k)W9S;2}MZhv)Uteb<B=am)=*)B+S}l@OkmW
zu3fyD+5{({e1ua~fe1%U0n-($4>LBU-}t*)#4z_n*bqDTgEA5l5ph%{9!-$1@-Qd-
z1-BEX53*{Gys#xp>Oh$n1R7p#HVA>@Y!G=gu~vO#V1!lX*B&s!R#D}uew9I%>vdM0
zy*#-%E%{(U9j3}1&8sh9To6!}oLV8Y!mEp3-kk94^hK}U&q8W=%G&VAPMMV`-|f}e
z+3LFa$f~_^9?V$ExM9(0NGrO7gH|XSm-QJ3ikGSL5A57$48O!}yxxCV*m+~he`E5s
z`$VZc>IrbOR2S%;ph=SEHyA-eT2{ASK@Imk*%;Vt7D%}YdfD{261Dv7HHnfqbI`)I
zOtswZm=&w+I&k5jU#^}M__-G@^AA)a7_@Bl)@}1wZp8rDGRdX}!LNM+2GZ6+7U4gq
z3v(@BZh0t==DlhpndG0j;~#bCsdHwO0-BJ`_~SH*D6*herkOklc)dE_!{d1{<hm5B
zBuuQUcm6dYu1Xc7J{NlDKj!24h2qYSz8wXh8vb4X?{QqkHCKlU6$&h=>Vu>|Qyz%f
z<u4!*j^7WutBZnKbb;=we*^wh`G{dMiK~f01v}v-mZH4!O);hNwgy)5dd}(cwfc=t
zLC8h+j-PAacQjhDCeUxrtt}rphyywlDYB&FuPw2O>0v@?k&NuqN(T11Yla*)wOC$V
z>@$~LngdESKUONpX$!!5kz5fjw8>1&<Er{q`QFeGC%v!}N0p{ss1zZu9atZI-mrTS
zP-y<t@Zi*srJW&o`fHMjNBR8d>Cqznc)x<ZT)s^^vr1){AU;lf5BfF9>pYAA^xwL5
zaI$*05_f7~iX51UqO8=fTos;w!+J`pg=h7%7Pgy^CLf&qdFQX+>qmZdUf!p8_|kHt
z=;!vi8^3mJ_~%r_Fv)yGO$%?u%K)AgKeBUy8Cp9C2&r3M38H&_%(x};tuUs6RqEL6
zTgHFCUmQ0<We&m-$el1HTtJm7j*(_(XHx20)*5wl)C3qRo5-F!e-ZmN`ttg(f(x_;
z_sX>ZtC;)a568d!jC!;n*nv1Y($9&xw%Gnq?WK1u$v=mhLw7K;@8=-w>O=4j(#Wme
zauc*vG%iNU%QQ6{(dVr5S*M<k15ECx;w7t`G9aA}f6><dz;{bON2&YX#(zH-A75JE
z^Z2rRIAqKA9eXy`PaQe9&>;A;i)}#!zEr#}fK(5AxLzE>yoSl)MhY0}Kv7U$D$rVt
zPG8hap;Ca5tk=>x%9y^Vt<dClR-Yf^pMSl%4BtK(vXj}{#(Ddrgh|B<m#3cZ*jPAn
z@O!|G?K^h9ee;|7=P!2}U3Pg(_rYn0jib^BFOH_cjevwyy`_%Z2uu*E3(%?g6Zqf*
z4b8G4ly-Ijq~3tT1SXxQ8RCa4n!1o}{z#4-SJi_cjXt>8@ci=3!Hu~c|IK~a`Z%`n
zP0YI=p^w%CcaD62cI4-g4J#bWjxQy&Iia?E1EO6yv#1&A+JS5@?!s)jf<F{2ei$21
z!zPs<Zsf0i`-Vd`E>&}1LbHN^{vN%x(xi?=1aCf9hqJj^zm^FXL#>zbx6yIGzC4bb
zbw9Q7^wg25O6dVuXWCcyjnx&GIOf{v$CnJT_-oLp6=-MLZaVK)$lo$ip@7uP0Rh9i
z)nJRws;p<%>G9rPx&bXW%3sp5d-MTC!!4=I^-aai)}rB-k@?l@%Byd+>xx&#0Iw4!
zNtNR#;)~bnFaP|p=XV>}+WyYtxS@s{Z%-F*sg(P9<?`?UPW?E$@!|6J!zhh8hhad!
z#nR602|jf2L=}P}8`#IVIJoP1B_gHy!-zj`_{nD-mc>b$oiSZ%fMdiYIhcx*oo_hq
z-tM#gRiik)_MuUnf$X+d0)R5k8F5LTIri(npS^K^ugz`zh(<jAuhFy&_`2uU&pFkN
z<=^#>|5ku25(ZD_M#Yjr?-L27h6=ddA(>zgZr!=}rMpi<;X8rB;@cW^V8E$nsr+D_
z+OQr%NZr|#2`y->GWNHtL>+?pv+Z&Z0MC7zjdz<=nxp%pzA_&Fy7zr!^~mL4uMa-n
z*na0o+uq-6tXfbVggo95KmT&)_s?nH-^*nku91cee+Db9JH|<`hw6Mo!3kxovcl^K
z9I+<nRRU1kRNpS2vh@mUqKQy6(l4ulJNregeD-&jvpeY57-3%+W_HX7eKD&BGmZ07
z3udTYPml|$dfXjLo!_7T_ibhFz~f(rM-FTZ?I_q`PK`Xwx;)?e;neT-wcL##t6CdB
zs$(dYoo>KxBY=slU>6CwJH2{k0{bGaMW?`r`P_R!Wy7EH5yh2YOwKTgI#adn1LR_`
zk}d0Ft&@;O7?8!o)2B}g`e<0Y#R0g*$p#IE2x-d=iko`=<>372^Nn|-&o8g{emL@@
z%`CPh=7xsmuK;j1(?<?oUd_F6XX(AxH>Cm@e1dFwJcDIg;<)I=M;PqJ$)<dGSIzuT
zvv02OQ{PKwI6qU=1=>Tue#020!OyBeT%3~!o#n|a0s{gs7!3!_R@Y`R8iYr1=ITlC
zzuLW5`IrA*yR)&l_IPc4^vzQ5+MD0AE6d~mc`Q<FlV5^ulmGrT^X5?;IEN#P(`yV;
zu+!I~3b!dAO)8?YZx|}1*`!6(@G_PvkD5M1Y!jn$$+oUDjbLO|J;F(!o>9j4nXhjO
z`;R};E9)bsu|r@8^cdr!X}<CcPPvqKzwE%O7aphgc(t?P&5zmld*Ybu-f=&FbUwcL
z>(HA62@aM{fB!7GXMp_i8WjG3-#=C=Om_T{m^&N2Ys0fUi+%VriS|&7tv}D+K0Ijf
z#HBpAojvyI`HtMaD!3^-DnXuI8DP?S{_>2Hb9U7zP21<?s)9O;B|$-^8LSbGK35{1
zSC+FTWkUFgqhHFgLRud~MMD=B_uFL0<#!uvAkoB*%fFf~|GiNKil=bLow%oawgge(
zA189_le2F~-xyV(+p26GG>0aC0hQ8@jrF<9T_!(%uKWH5rRMjqQrGSJS9WHW=IBt&
zIuDoTx&k3??k_m^?Qz&Jp_B2n{ZaFhDIcbca2-nD=T3H$`)prFS%PBgbHCyoY*G1-
zyjNnf7&#ds){q8!(v&BG@|+<WVphc3vn%L4|AHMWoq~h!FK;|QwKnzh!rvReI)5+D
znQXjYfBx(1SI0}=#}~Ox_oqjr_5A-m8+l3Lj5q>67qJZ4*^tfI|LTU)`)@uL){iGX
zrJaw}b7jXhk+)1LXtNWgrCze4(6l$d`3E0uhy({WzCSZrpPhgH>&V8s*`vQzdM4Kl
zd9isUnIH-*pK)6bhOmwvqh<H%-x1%8moddnAqTvr{bjHs3p9x`SNcE|t$bxsFD&>O
zmF)hef-)y%#0p)Kfmc4rjg*DV&B&LHg+as&!4U|qhtZ&_756OndH<J<AIob853CnI
zzI?g2^WMSVy&s-8tttNd^Yq+S+MT#dOv!&^qtvM)y)E5DXh$AILjySd&^Ygg2k=e4
zC~#qV^MCIt$M16vD><#7Y5uR17?8y3Kl$de%Ub;ElllE8-;Asu25tOzQQQP*4!`H#
zc>MP9dZ+u3^*O~og6WfX>_e6!UPWkdsq|Z^JVsw@`MeI_2NqfTwsLiY?yuvGG<5}B
zw<LIqKepS*!A$@=cc5@c5#NEl2kj$4`vzKuix^_V7^E!<QaDCSGVJH%MZ-j{x<KJf
z^t*e%R+UfAZMn4e)#}ZGxEB|0Z1fB69Q-=<OMLa}^EeAZ?uWBqe!V>S2)rk(s015J
zNdE0=`OQdeu-TV84v<H{(oxnHshc2M=HDqiRTLwolt^pu(tf5a_)a|fZ*D#5;N?rx
zpy`<3_$4^?YiV?JW995b3c4Z|qL30gsMqZM{fL?;smxJB(y>aO3LRvUN_~mJ2^zr$
z8+<^aRlFgq;gZG@IZ3gs1<XOQo5NlE$;Q_-XCY8tP&mSQpsH8qLQ>vx%LC?bB|nAF
zFFv7PU-;N}ZR+wb1uKdPi33IX<pa!&S(O@Bo33A@G@QtWXfj}CjMz6N<C;w&0nWPV
zjEiYTC7XOK#YKndjn6wSHR`HD?$ZjnQiN2LE6Nb)<A_r~r_7$EsuhOh9=KQSqs1z>
zHz)MF$us4)i@}85K=RvQgZR%n{2F;9@j#gmgJ8miLj5r|fXAE^FEn1{L=>x}`klD>
z0O6VxjNBxD(ZDK5IQ|Wa!)%pi_+w|n3shbxl9H0eiDjVSZ#QZ-h7YhtQ}<kTTK#mg
zEVoh`j%QJf(?#sy>km|cZ6%xVg=)w;-#wGTWo<lVwP~s0RhLE3<uZg8AIh{=E7^89
zC_}vvNE%QAW880m+pf|v8mmilOArPN)Op|8&NLteVdToq6XhjL$ZkZ8DP9xs;AH@<
zp+EKXuw@@Bay(`5RzF{Gd|=x${i|AY?3r$D<<AVfy;i-T{^r4UQX+!$$YGO$Pkab;
z7Zz@iThSngEJLOoGa+eVahg=faG3CSdSMKv!|eV@%k=;OL&P-2V1sy4L%m39sL7U0
zd6m2N_i1c)F?LeILCa<8qw7#lx>9Df3K`gTMN<(yWAyY=<*nS@BFbI2U}IZ{SI5Cf
z6G7n&w?O-E+7I%_ZOxmQ@(#hnyA&ZH8z(`=AN1<Pa712lY}HKYa9#wQSPm49JuUNs
zBy`!}Kv3k~lljhgcABA{xh7!th-$6l17l?P3PlEYM+Z~!asV8#8LmqhqcKD_!pTyH
zq~oC!zbY^SP~8L!;=uzcjUk1aWX{+t)sLN!Pw<Zj?>zCCC*`pWW$P8#!9iQ%R%qnx
zcfy4FE>`lIv#-+MIA;6&16JN6U%x#jWmEx5fh6UP*-W~QnF$XgqRrJE%H`1%*{Px9
zK%tu73=+-uG*lOKD?99x^2b04j&s?u5~eZ^)J<xh-at9JhM-8-((!?Mia#+kiW6lJ
zph3X~<fu_7#B}|eY&eJQ9HdoPBjz`Ylt{dJ`~6??GsgQKz8=5FtV1?NL8{Ns&ppSj
z_V~1<zMaZ*o&?&>ICp>VHaB>1Ga@;|-`cbwrL*#ZsxOsjvYR`^--$jQkkYr0`cjs~
zQ1__vy-(FuD&q>NcHZ8WPx#!?IC55$dCd_N+U%&Nkqt<y?uBC~lTs0{yyb(XFbT<k
zg{~6zxik8ZlqD(CCE0(^<9vrUNOt!>T)<;i>UscD0>$&=89A&(Kgg;Q$}bHAf#-#I
zsmqya7RQja*ly_=UmlF4!6-+|iZ=Wsy-aFO=B#|GR;|iadxE}c?fPVbV%_>MgO&?g
zrVuS$paHZzFBP9DiVnxP-{<a>u~`gyy|H6Uuut?&h^r1;!Xz_mhDj#vFi;%(J~xk+
z9#KvlGUTZwdf3^!IJ|1%#by-yV;@A{nr>s+*a&F_{#$_{`H}u!@7a7>)m|{HSF%T9
zliKJ8x~z=jI^L$YuZEwI-%`(24N8gbl}WnId|$Hsm<j|5J&b#NQgvXHP6&3$YXTV9
zKqW=4<p@&Q*GdG5D4->(?p<)u_EGFRN3fD+Xc(3u2zRLh29}F=YsV!*u-B<7`Pp~R
zzfo_7N8&(lrI(N|151XqMd;{>nElzu)F6Jw98lmqpa0YQsYM4;7}d*LzAY6Hdj^+x
zQzO0-!Az)BAXtad?Gt@c?P1v{AbU16J6ORyt?I25TQzw2`YlyZBn8;8f-M}Muo3w9
z;p)9bl?qR<m^aN#;ly3-2mr!hFR~c&h4$u2M)i8scN&EXVCDvi(=MtS4^@B!g8?+5
zy+TH$t0d0gbO7>BiQl00Im0dCgZJ-1H$^00h0v_oX9drKp!dd=5;VLsh2yexhv6a(
z(lV-?h#usbHcZ*TAb9b%hH)rsfKpExFOe70vI|58L0ig$lBw^oDkJ?p>ZPil;hrx!
z=-`w|vc^RW){YlneidEzLGpU^3wk#+3-z(R%%P8Qca+f=S1T<X-!CD34bdtY{gZuv
z3ftWze%O7I4<*Fo@6#Mt(Q1%hO>{k7yHdrHuP?%As6An!+%o*H61DLqYW@v0Mj#_N
zPIo8FK(gwE#QQUF=O@Bmue-l_v5JRYNl*23+M+eQ%AE>m-JS9y@%a0Pi4n!zsL|}J
zC>#PEDnwS!)DjrsLFaymdI*?y!2K&w9cwlIaNZYgP~hrUCDp}H`RETM`oPrj^M1EH
zS8v8E0~DL&DuA?~iW6N&@W}Py^2n00;XZ1bAGYRX{;WZi&4_W^a^+SJ@1+m|)^-@_
zG1opof!*kO_wZ~<9OV@J{`ASL+UsG1!%l@o${ud1$_XTRFkQuM5l<%qeJPs;M&!CG
zC1Tb+XtC^BdHHZ>1WN{gk-VfwCz9Ij3cHQezV?yuLC`$?&DlXr@{;D+FNw_t5E?WF
zj8MhM&3Y&&gEC*@fOpd#Ky1J3S{_5pS=44}NLog!It`Hn{E$@_jaIyQq3&v(!8Aq#
zomd&*Fx$?SSW<{L^ebC$Vv$+GAPFvy3igDnLKONb?Yg&qgT|K%=~hxpj~rxZ>&XKQ
zACyNevQni*J*(Tkn3ooK*Tx7kN6xS|bvi$2C`*Og<8JD!JE%x`$SqUlmMejFTW@+F
z!|E<d5x?`%<BJXDslQPPgfmzu{mSaqw3K$en-CF8#~V6@(`cisfoV{C3s^+{j*{Is
z;GinYag?5Wko(b^-Kno;%YzW1d8jmx{QFj5eJmcA*N(5|jTjymiUt~a@nF8g5b4>S
zClY^Jg<7+<E~X%SP<~aTeHrD;dIXP-7}Bt&JqOU=Hlk!)UMZD>#gX+q(qu?T>nD-)
z{CF1YS{dHX@5bOe1t~cnMfr5PiZLT2n|9^by)l}^D2(WCLEVDp%X@ed3PHV#_^e~7
z@K-rY!sNx)UaO3nu*7P@K<3^ed1xJTIEALc%kgh8MR{o7CAI#bx3kt#<AVd_nDRuE
z^wKhwIwpC1t}(H)vgm3z21j7up7l@LxyuDXaP>5fsT!aEN0Q)+zV@~@kHJbdS9nR8
zySu_&*Q3aeFdF{xy`Z(lZ&n_XEMck5mgWS5N)mfcSEj#*4MNV~@R}hP6@LOr&))^n
z)q2yvu09iROr*V<Lw2zeb&5Wo<_5}q?J~leouygNd|X)hw5to>+0UnT6jvgYg5e&z
zcx7lFK_Rc?<KB~SR`jjp4G9t_sbm01t%Wb<M?0~Vw7HSvM71uTCA?T(^GZ4?p&X;I
ztMm7!$<h&*DqmqG3HVB&k2sP`t?_+_I}6N6a_KA7{ugtRr%R;|uvA()9ze>%HIq6h
zuS^~wSkBKM#;)i&ECczP9Lo}4;*)_@Xz?!r0;51#a&;V`PJeW9Lv+X{xZYiXrdEP=
zftxEKVn#u+lsoZ8DvLqDcHs*)9X|u9;YOd+a&K=#d$@U$k`}3MZj~4)yJCiTh%C5u
zEZSPzOcqg`8bA(hIRg5$n)OdZU#(}`^C8|<qcUnEO8IrU1Qg5SFI*4y_9XVEr0Whb
zkW~+C_0WQs$JWjZ)jmpLcDJ`FSsg+`*iKcdpa#0DR)2)#1-n=^zFcv$GLhA~oWi<l
zEE^?tW`a356Aq#}of{vimX}fbp^o)T012Q6)0NvQ9Z-J8=`_K~!c9KBSWQrFRDuWu
zFtKUB|71b<b%%fk)QdTZ+;Wi>EmL+||G<dbayo;xylvhx?lP}Pz2m3ywc)bgK9k`Z
zS=ZR|q%hIL+F1D~$~Jxtu1K85vBSfT8gdCPa>%4*YFZe?CNEv-NsIyvg|q5m(5%Z>
zpp5usO%X3PKJ)l{J2-BY-^x~RFGfyQlxKihT1%NG5pTt&IR*#zo)EE3ua$Q!_s}aM
z;)}6@!t`-!0}abk!g{EPvqG~e{kBH<b@<;;&6W(foY^V~)B~8UfV-E&6<GHax(00k
ziPLii0)J2D(ni*fnr@=V&7SKF90l1^z4Dwp=#+YgrNGxt=kKF!?3a^KwnYqGm$axR
zWn6FlnEjd1KKB(?3f`-aQ%hG*8pxwbSdQ{)?Pk099Tt&jumU;*g5H*RBb@ShQfu7y
z23nXJzk2A3`L+_g;=O31VA8*#e(clHK#=FGfkw0IcS%Pq-}IjwsXw_E+VO&9F-9vH
z`!O-*t*tIhITn4$B!s-Qt)Dm2YYPU_!DYV)SlxPmjEDSPO_a1|CA$?~hX*S2W;LP|
zxSLL#$*5`km<`%=hNnXp$-~mzUHI`MmA`_~fOgiu4dzJ~sxTuG3xy~1Yg5L&S(=q2
z$4y>646O~7-a6{{GKG0PK-YE}ryP>*azese855j-0Lt1Im-UD+1e#c*inf+!fTz#{
z08YUG+O2d`%wQ2|Sjj!pp~ZkSkR^iR?2L|w)4_z*iN_=^g$kCR8MFp4*_kk<ciR=0
zqNZV-sIszeVHN5r9N>fAO0daIX({hTpE>1Zs!8IA3mz7ijge0n^6oa*hC|pD%YYbo
zvWz~X`qnf*u;AEAhlH8o(aqx1u<<e(i42iuzH5fOmNx}_QtIkK3Txyo5a)lkm*xmh
zsu$w#%Sf}c=A+GTyd@j=A?HhLHe`Yb%9);FmM`0Y+9Pu#F3Vufi|y)6VK8uT+;B@W
zRRFX&>6p7ZK!S}Fd|ZVz^F)<UKsD2|?VC&=CiykT8Yzua2zt#_xp<n~rs*H_I{6-W
z)uwZT<SjMPYPdo*|NfgRUKH=6fPWgia9M57CipT>MIK6W7`PtR%_MW^aC{;aP8THr
z%4#3U-Cgh?^~`SK0~pCfr&y1rLhd@fq$lD@g)R5I_$Eocl)zx$R*~7|P^nagB=D&Y
z15kfAxgau(#=zQlfFpMdW$TC^hE~K%Lk6Ipe7INDDB9o9B25>a9*oK)8-shi-?)%Z
z+g3NcFhQB=OtpmwmKyo_cE|CWTC1!AQ#L>%ZV3*@l_-ZVK?O2+YX}%qg6UHXv}U-^
z)!%~|dOZNsWR}48c!KLy3!z)f;X|Ue{7r;inR_3Ki|p@*zb5JW90g8%(Np*L&@vZF
z5(u->Nz=Q&a$}|WrdtNyed{XwsXyG3m73b!#e?MQ$kL`7AzL7>VMG)ZE?;sLuFws%
zQSukcfe6~1!;%*aRo($nw?|~ro^oPpPv4c7C-(wxn=G~=!2l{>Jqi6_9ZD-1{h?&B
z@|MGiC$ZE3{>nEf>4ZStei^R`*DlU0g7EWcIal=vfXo#Y))<XuUZyIq0TiliZ&=st
zJS?EmA{c=ZlEC-E7b~9S4An}eO0@#GqLJO#ip+?Crt9+|WBh<E03p=GggEG>B`(Tf
zOokiRa6402UMj2=-Z+%xcAs$L#XG2s#YroMJsvXflp#KA4r8?*BG|=Ppcc_oscltP
z!Qd@aikQ)!6J4@Xu|i+{c^_Zd+yyZVrVkz@CWeL%)8+g3ofM&Pm`P+i9v+irr0W9)
z`-zo&+TWMMPsSuNfSMKFj8s<Biz{eYf)i%wD7m)<#4V^BcA#0I!!1t2bPX{*D+$I6
z#c*>g5P9RWZ~?<Fp(+=7Ke{*d$%yM<u{jidlP)7(W}ywXS*PC2kO%16pl_hW1qkhm
zl&v98Gz_%r&O$qiiA}p6*O{<}uEelB`p&&NIP<Iah393^q?T!>77s(g0+(_NZ;;K+
zg(fFRV-$+6sj%R?t98p9c=Ms5tqhifr7|1|rg79gW-Cw(vXB-m1lRFssXb=yoS!|>
z#D+H??QfgHYE#1grC?x13o=1;WfjP&YC!{XUIN^@TpM`(P5HW-lWS5o?!v+quvi@#
z2x4ne#%TGB5COwA@%(+%3&Z+KRiye8eWe@07E-vPAs{sbe>>r<c3X@%1%i_gdgo=q
z*%Wz3LwO6JDk5O6LldB27|T0sb3{Y1fT%Y2D1lVYP6`-<H099OgcPr3SH+4UC*p2s
zIfgoDSTtV>lyX7zNCn0^1%ZYr6|$mXPkX^gRZ$c}kVE=M(jxgQJ=}vLcz{VUoJD69
zV;8d3+ZAK;)X&f#1L+}={t|KA>+DapCE158P_q>(PG6x68lyy2Y%pX~4wmdBt#)SN
z<V;hVL{sRh<P>y$gahd{Ld#GE(ksL^7D?%?eu5D<YLn8d;@wRKcgO4n+Kx*_koGqA
z;!ZLISCeQYwod@~@qm(v(09)kARC2O7J@qjVf~Ev1J(24W1E+YwpZ<BX$CPdgGZIn
zHeCb>Yb>?~T!ID1xYtK3cx37h*B4ph2zgozprB4R2{x>qpDG4eLuYf3C!hh^3sWIO
z+>77FzM^+q*RITFoIg~Y)1D&*ba`n-f&q;o`&Be?5JpOO+f2PzW*Hy2sc@j^r)#_d
z(qouu|HRvK9L&{Z;W(hTgSu^qjS1Hs{g{SRjF(Aw>nsn|eE#s7h%)C1)5K$SfTEnz
zBw`1w2D!C7Q1=#PT#(`j(KI^`C9tIv<meD0$)4ft-o<tXQ!G}_1MKv4|CGzt02I2Y
zc@MhgW3u_)o=W|v3>;22ol&S-J|jGNQJRh30!^O1HcXid2C)$KlDy<6JUVLYtng&R
zg<%`8bb`kQv06?0;<i_*mM^1sLs(*JKfg=it{P?Rb8_(0({rUGbCSa*)ONH~`eZQ0
zj6YAV8m;*9X493O`;CPDV+MkgNuZPIt!B7ID>dfapVfI1g+D{%z7AwDR7E!{W~3Z;
znGko?QEf@q32Kncnaf1?(huQ~D6|-jO%^k(t5j#nN;FhqyeK^ATiF3FgpFgh0h`O=
z!gXHE$O#PPnc<y}?TmZd&UV}*!z2sA0sSoy@RVt-ZD^R2I9(HBm7#i#M2tFjYJVZs
zMCkBIn#N!8fzj;XI+d7INCCszxM=$clP59AiV<14<3#VMQh6hyk@>C$&rW{7<5fxe
z;zJOif&|r}<Ymj#R1JP?ZES`IB!sxTI&5_<gB!>;=Ey~r9$xMdJJehsL01=+=|aEq
z5O8U`ZahgPc~guM8)-kHnVEID9S}%thz!j#3c+#o=Da<#;-91Uy!$V=dqavgE%WkZ
zJ`$H8P-*w&w-NhGfiRk(28fud=;uO*TP%+$ysY=yP(T++m?V?L2cv&#OZ~D>t9ROF
z_gV)n>Elw7Pi!g8B240lA&YUB3X&*0!=L~N3rg&u#GJ+wtCOnKa#R5cDIU?7a^FZ3
znDm0x6T~lAxoW<YG27iu0|QPN5h2aRxSvx~`cHJZTEBONN~^_Mt`rIIlg_jAVNw%D
zIPg$cswdWbYlc67SE(fl0fJ0t1oDM;l4&;Zvd+dtJfjRCCx<yEY7J^&Za_l9MV9yq
zjUE_*;3Jd5^u<?+%X)01xnMCr;Ca(FN%gdlmJm}L&nV0-pNYm^qM2i!$-9>$FwYqf
zJ1Yha&SJQ_mvU9Ns^x+~JMtEu6kZ!Isk6)3`ou<-#OY72G&eFKR@ZQ!XgV&*F#NQu
zkbzH>whX@0Y#(HjZ%ujb0)c%rcGX*HYUK9_h?&LMTw^FSDEz6{NIy(7pX4OgtJBl7
z>pxB;k+w+V5O6SFQy<`i{Y6b`71GU~^YXWBb<khcG^6ozl$p}R-2~=hw&~Z<NY!N?
z$oMEVV$1=y05V7MDf)Jq{t$X#MAg<tk%78`m_bttpmc>Of?j)lxP-vCsBbp=z~-d4
zHco3l6@*rRR615~8^`C6FHNFAe2?fQ@>bAEfh3h06i_2C004O!gF|!Fx)|RRSF!Rf
zq?d|s7-f3{3tD~P>eRkhh`?(r^jMYk@m3TukroR#$M-ET^?{a$TPy5AGJt$X{hOhw
zkkE_$W?}{%gsJ6HRmM-l0>dHwe6_0FNFmKJcUH=RmFi-svD+R8QHo~;wG4OBB!49`
zufKqnjQ+i%X$Ifc+Tt%@_|xF2ZiY8B6XZ3tQmpzgjZj*FGt!gj{&XOvm`L-FoSO-y
z$QGu);-ub%XC9)2O<2&8XD9G(N@UoR<3eC0ZN!B&eG<+jJwM%>?$Hf@vhBhl0btN+
zta!ay-Y;#|Q%kUL;7lf8tzI>l_FAsc_np5SKA)j+(-fXbCqU69NV{|qCTarsDs$0o
zn9NTUw=1Pym6icSBgQa#kBXcU!0vNkqcj&@QPcjNQ*Ids^426>6{^oyBC4W0&hw?-
zmhJ|7=Z?!RbBk-lE!Iv*zX<aH^HOS(v}ASe<Eo})wKoV-7NP~}g)Ko{gUpI~dnb9z
zeCPVN8rcP?AcMRJZwW)Ar#xeNgg+K%T34Ki^qGq`=VZ*k*GN^HwO<Nh`2sTYAlh%<
zewf0sn_1)rDyn6x#YQ)O%mx#$g+pg2pp)k6Qd6$s{L!C4-Jfx2gitVj>9a%)^eX*S
z>Oh&(P`96zA`xr2Qx^2w?x6;S$V_M<;p`D>m2u0;-ONSeHIi`eGZ}hCtkiB3Ehbru
z1_pO}t`73*x>r&|=B07es@&WmLsvVBx&WmHfadh*Pvw~KqCO~4IU@7)O1g)Jx`G0!
z!)FwQJ4P=Vv#&15uP~JDOpAf$Db=;Tb4rI;yZQHPvd&MaKj?mc_w-1ATOdW(O^2RE
zPmDopUjd+YQUjWkI?Yk!f2Ny;p_AXdye;LcHU(aPr?y{!z_+qcUdwqADLpi0qQLAX
zZ>eARC`rL)#QX2LHs!B>&)&XqWS9wgD>Yn)+6x*WDWLs!gtV(MpHz+r$AO_BM170r
zQW0<dE?kA%1(h)43pn*KO;$Nb0Y#GD7FD9549qkdOU2}cnypbFtiDasS?R%cH=qC-
zi&Gdd!-m27w01Y)mD`d5%fd<EZp=(9#`FvXtjL4{_>$3=b6<i-<Xr781DtL=?i1Pg
zY<F2Aq;RM$N?|BH0Rq0k*TUhZ6y`sHJI9zTg4bIu5d{n2Y+oW91u-cR0J;wJlCfy0
zSbLj00X}+dr`Oi)RLI#N47i$DK&~V-Euso{J>V;MJH$Nf=^K8feOTh<jEq}ow1uI#
z4U?{cNkU#9N*3=O0+Q$oEc`aW!g1G`c*n>yI*=%W^f4)T2npze+Zm7Z73_o}0=wIf
zz5C(0_l@yUgD$nh$@bo0(oj#r3<Y0>Ld{7x0hzbKC{t`w%|A<r9lva!uEE7X6o#K+
z>z*I3kP;d}TZUVPNdgJ@g9#DCZAdyXSq|pbaGgM3a&~A{7@5foXQyBeDJ6K=#b6;6
zGn;<dWv``g`?$x1G!fDbEzdHNsS{C-hi2gjDVrck-7zW-F-%|zZ~)|6wT)Q#$@p7=
zp{gQ<WE_T+iX1uJi>HZ_HDP@Wk{rEaUZ<rs;(T<f&;d)t$NI-IAr9Sm2I&fXFnxfP
z+J#P+UMpqu|8)VRNpfg368AjtACp^qWhDt}fMit@KnL3)`STK3I?2-h%9M6uaL!%{
z!S2Lk3@OjGeC8T&<(rKxmgqI>35)Md_XPol!%u1Eny{ddO%~J}QZ^-a{FR&WA0<_}
zbyO2{UY!Wjibfk~RF3qrTyep|9AK((C4@4kBZd*1D4bS?2nx8b^c2TFWmtup>0~>E
zqolI|nQ40)bhz?XDZ<={?6%noL@VQB1_O0BmMojEJPn|o9P*QWM^3D|K;H4b*Y#Wb
zGM1)?c~${IIKi6BU!fQKlxt$8Ni44FY(@IGf@>LIC2l(ebjHY(j1FSP*ffbtSSXX+
z`}uAKh_8{Ogw4F?dKAW9zm<#mN90R1x#25}3Xt$Z4eqKMYjIdqK@An}xWo!4;%%RK
zmgl_UqwF$280v9IM3bodXmwt9D7klnf=#}T*u~VT;_jpx`#G9Pb}>INXit4$A|3<>
z*<Fe9MU=1fR0e$AcM`J913(XLfJyc~$>$=A-!m~=K%0^pFEJXJEBcNY;H!<(Brg{}
zycF!I;()Tx(4do-yktorsG<l&lh#2!dqbEQF?{Nf!ZW>92fTTyuSrOJ^b*wC$C5GP
z+M`U12#3nCqn8vS{K2xMv`N%cz@v(q6Oyd9=#%POMn&dJER}8f%b?h?rmIzf&}_6N
zYQA94NZXz!a8=LuF6?K{GCtfM;r!dA0K3c0f|we$f)I#&Cj=q*wWUN8gox+%nSIzU
zRjf<U4nhN9x5@0OU(@9N<IDfXZU_7mfCqEa&;Na|%&Ud$HhF+IXda6aYG1f^tPTcC
z-h@nt%Mo6j)AH(v<$;px*d3Gb7JHT|?+x6?g$@iuAwC(1<lNvT1r5XUSb2!<-%v0$
zBBhrEJOJ0IeD<{I)`XyBXckGmsawYYpl3vH6-8^_3tMV67(!CGY4Bb5QQWT~dR%H@
z)z-Yzv_e04Izv4vW}AW?@){Co17InyOl(Ldgcr1UZmw#;NMnHL@lWA>)^kzGnBTeW
zXRAfXtzW%*Kl$%DbJ5ghepPLK8*As>w}av7lGP$pF`pVHkmQYXe1>U{z2)dkQ}dz9
z&vzk4g(~DoR#2(*eOi6pWxgj#4lbxwy-443OBKSG!pA>|0cn%RWPO@P4Pq#p0gXtJ
z$}La_Wk|}cz$=h#1uu_xF2hH%Z88aEURBtm<pgwDeVkP%h_;^8{7xezv7J8(Q>CX%
zvNbe<lm^b`&TYH*Pv@#a<Wm=8uw-z%-)mz=!SDKairB&Ct0r3x4GbHA&2TP~Q4q~O
z2;IgMlMwi@%6WiQr`A=elDJOoZ(~h$djZa#Fi)knw@^|)z6dBJ$v)6Tdld%fL(30I
zY6cQi<s(@fbnQu?Ql+ksL5qykPN(sMrFRL};tqOc&NV_R+ixv9JE!%~hmzG)(pQSo
zTq-o}R8R6HU{({b?{_htuB8)_qHh1}k1Ok9&$J?g-pQnLRReNz_kKUV9OPx3&X{Ui
zE4W-wdYP<-)8JHrse&BgkvRu8*7M7y3g&h6ol6z_Ui*7P^5AeC&;bM^CG()cyjtb`
z*P4bbX(+eFa(P2V>7e1F0vQ#>qezwV5m`4pRzWu0kI{aPX3PbWWUGARb%$zRBGI}&
zZ8k??{*mumSH3~GfrSa#=dTYxN~Gn31*LR<ET8%j?2=`e&rl~}z$!}lK+CQtP^6i~
zhN9e1ILqt+)#PZsC>7e`B$%`xZh7hOg)B>xw9@$TJ9GDl;(dj*d)SxW_j_U9I70w_
zOBK0Byi}2r?qO~ZgDaSCMl(pB06<6tVb(#PpBNNOKkzNx<f;n!o<fiB8V*Ml(p54e
z%92UpK4nyIF!~E~J2{#aq(_vNjRJG;_rtmbplD0f<YAhM>UX+@AG19<;fxvM<sMqG
z@AZEp$ovi#jRon!zW%hmzDFC2rVkFTDp;lJE>`w2OTz#N3NucfS`BeHrR?ooNMi@C
z(1@hJI8~>bF`vG?ICbo4uA3Ynq%oGxg}{-DZ+I2vQb=pe=8$B7o!U^%Q19TVfRz)e
z%II;ybWR0JVwutjmX^3fE(lWaU|5S^N6he_|5HwfB$lf9v!H$qQ^Y_DO0gL5&{Fxz
z8!;jQiK>~4Atjy1&PaKHMQ+@wVqeNqSL?@rra#N1ODtU-uuTLp=%P8oG<?jQqwI8G
z7ScQ0l2M9IKnYj%qi~GIPYV<c7Yts6Rjl@1I`#LJSNcSO(Qf>X9(v4s;)J2erHyV7
zfg%mXXI9I??4+jA9<%xRvfv{ilEXs1@~*qJ=^!4&!GTBCvV!|8RgT9zd)U=Zht|@A
zEKd(Al?{2H2su}qGFb|S>R_KAKaHYT@=<ypST$AxpRlC0cnY>H#HD_|_V3>5hO?_{
zTbncs9g;y5x(qH+nymq*T7bfstVvG?fpX9?#XHUN-gjm#C>sq-*lxjD=hnQa?WIgX
z<)4azzQ1PrI&}{y37=?EO71tM5jfVe-ivIq&H23+pBv-B?5>6eb&rWVoEZ;fsn>9&
zc-_o+XPgy3UY+DkKf2c213dpsGI<3e7u-By5`wE>8o^8+n<h3H6nym&SUxON)ymWd
zCHmbpmg+Tv#Hfb5sVi&HrJL5vf?@hzZ_N2U>Cv{r0U;f}IYlFeE-b_EZ<--jKCIBb
zZGH_qvzTc=Je;idl~;zKG@lXN-Ye%YOI&T{n!@=pN^()=(0Ya2sjU$PR>jndn6V#^
zd;Dk;5Gx097s|{x#`<GJd)8$gLXTzj4${@#i7sIf_foaJ4|8_veLqvTSu5UE=y>Xk
zsWL~e5X`h^bn<3Ob08EUs-AmqwDF5z1_C-8XdCnENf-^wln)B`o#p#JmS%rtuYKuS
zul#py*NN&gwfdwMQn?B*wjwsMHx<mcccFfV5kZ7IN~2^5#?_w}gsXYMCw+EBBcR~p
zCNpfl2i@5O%<PA~1_9=uR_snXbkOtqXr29rdW`&(u`cDRFgN-5(SBJ!zEygrp<;h)
zY2&AVB!ujO<Of`c760(E7b=`$W0O_ri3-WWS!Sz8sgDr%Rw)n(6PI_6J^rxr?}ZaO
z=|;pt#KKvHXQr=S+<WrAqJ-Kg$}_U9L;5w)ATZqq65!;GNu9#6^fV&}vpnRG_&d^f
z^-Hd5fW?^+4!8}qN~P47CJriO78g_~@n{f9KbXf5sSk9wvlyZTQ1~jqClxnB{@UZ~
teRL&B-ntuamwJfY2O=Eahp&K$nIRXp_mk}+3R?yjG(0hQ@eP<A_+RvYFjD{k

literal 0
HcmV?d00001

diff --git a/apps/remix/app/routes/_authenticated+/o.$orgUrl.settings._layout.tsx b/apps/remix/app/routes/_authenticated+/o.$orgUrl.settings._layout.tsx
index 87326a5fa..1ef247147 100644
--- a/apps/remix/app/routes/_authenticated+/o.$orgUrl.settings._layout.tsx
+++ b/apps/remix/app/routes/_authenticated+/o.$orgUrl.settings._layout.tsx
@@ -6,6 +6,7 @@ import {
   GroupIcon,
   MailboxIcon,
   Settings2Icon,
+  ShieldCheckIcon,
   Users2Icon,
 } from 'lucide-react';
 import { FaUsers } from 'react-icons/fa6';
@@ -77,6 +78,11 @@ export default function SettingsLayout() {
       label: t`Groups`,
       icon: GroupIcon,
     },
+    {
+      path: `/o/${organisation.url}/settings/sso`,
+      label: t`SSO`,
+      icon: ShieldCheckIcon,
+    },
     {
       path: `/o/${organisation.url}/settings/billing`,
       label: t`Billing`,
@@ -94,6 +100,13 @@ export default function SettingsLayout() {
       return false;
     }
 
+    if (
+      (!isBillingEnabled || !organisation.organisationClaim.flags.authenticationPortal) &&
+      route.path.includes('/sso')
+    ) {
+      return false;
+    }
+
     return true;
   });
 
diff --git a/apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx b/apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
new file mode 100644
index 000000000..db6b7c38d
--- /dev/null
+++ b/apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
@@ -0,0 +1,432 @@
+import { zodResolver } from '@hookform/resolvers/zod';
+import { msg } from '@lingui/core/macro';
+import { Trans, useLingui } from '@lingui/react/macro';
+import { OrganisationMemberRole } from '@prisma/client';
+import { useForm } from 'react-hook-form';
+import { z } from 'zod';
+
+import { useCurrentOrganisation } from '@documenso/lib/client-only/providers/organisation';
+import { ORGANISATION_MEMBER_ROLE_HIERARCHY } from '@documenso/lib/constants/organisations';
+import { ORGANISATION_MEMBER_ROLE_MAP } from '@documenso/lib/constants/organisations-translations';
+import {
+  formatOrganisationCallbackUrl,
+  formatOrganisationLoginUrl,
+} from '@documenso/lib/utils/organisation-authentication-portal';
+import { trpc } from '@documenso/trpc/react';
+import { domainRegex } from '@documenso/trpc/server/enterprise-router/create-organisation-email-domain.types';
+import type { TGetOrganisationAuthenticationPortalResponse } from '@documenso/trpc/server/enterprise-router/get-organisation-authentication-portal.types';
+import { ZUpdateOrganisationAuthenticationPortalRequestSchema } from '@documenso/trpc/server/enterprise-router/update-organisation-authentication-portal.types';
+import { CopyTextButton } from '@documenso/ui/components/common/copy-text-button';
+import { Alert, AlertDescription } from '@documenso/ui/primitives/alert';
+import { Button } from '@documenso/ui/primitives/button';
+import {
+  Form,
+  FormControl,
+  FormField,
+  FormItem,
+  FormLabel,
+  FormMessage,
+} from '@documenso/ui/primitives/form/form';
+import { Input } from '@documenso/ui/primitives/input';
+import { Label } from '@documenso/ui/primitives/label';
+import {
+  Select,
+  SelectContent,
+  SelectItem,
+  SelectTrigger,
+  SelectValue,
+} from '@documenso/ui/primitives/select';
+import { SpinnerBox } from '@documenso/ui/primitives/spinner';
+import { Switch } from '@documenso/ui/primitives/switch';
+import { Textarea } from '@documenso/ui/primitives/textarea';
+import { useToast } from '@documenso/ui/primitives/use-toast';
+
+import { SettingsHeader } from '~/components/general/settings-header';
+import { appMetaTags } from '~/utils/meta';
+
+const ZProviderFormSchema = ZUpdateOrganisationAuthenticationPortalRequestSchema.shape.data
+  .pick({
+    enabled: true,
+    wellKnownUrl: true,
+    clientId: true,
+    autoProvisionUsers: true,
+    defaultOrganisationRole: true,
+  })
+  .extend({
+    clientSecret: z.string().nullable(),
+    allowedDomains: z.string().refine(
+      (value) => {
+        const domains = value.split(' ').filter(Boolean);
+
+        return domains.every((domain) => domainRegex.test(domain));
+      },
+      {
+        message: msg`Invalid domains`.id,
+      },
+    ),
+  });
+
+type TProviderFormSchema = z.infer<typeof ZProviderFormSchema>;
+
+export function meta() {
+  return appMetaTags('Organisation SSO Portal');
+}
+
+export default function OrganisationSettingSSOLoginPage() {
+  const { t } = useLingui();
+  const organisation = useCurrentOrganisation();
+
+  const { data: authenticationPortal, isLoading: isLoadingAuthenticationPortal } =
+    trpc.enterprise.organisation.authenticationPortal.get.useQuery({
+      organisationId: organisation.id,
+    });
+
+  if (isLoadingAuthenticationPortal || !authenticationPortal) {
+    return <SpinnerBox className="py-32" />;
+  }
+
+  return (
+    <div className="max-w-2xl">
+      <SettingsHeader
+        title={t`Organisation SSO Portal`}
+        subtitle={t`Manage a custom SSO login portal for your organisation.`}
+      />
+
+      <SSOProviderForm authenticationPortal={authenticationPortal} />
+    </div>
+  );
+}
+
+type SSOProviderFormProps = {
+  authenticationPortal: TGetOrganisationAuthenticationPortalResponse;
+};
+
+const SSOProviderForm = ({ authenticationPortal }: SSOProviderFormProps) => {
+  const { t } = useLingui();
+  const { toast } = useToast();
+
+  const organisation = useCurrentOrganisation();
+
+  const { mutateAsync: updateOrganisationAuthenticationPortal } =
+    trpc.enterprise.organisation.authenticationPortal.update.useMutation();
+
+  const form = useForm<TProviderFormSchema>({
+    resolver: zodResolver(ZProviderFormSchema),
+    defaultValues: {
+      enabled: authenticationPortal.enabled,
+      clientId: authenticationPortal.clientId,
+      clientSecret: authenticationPortal.clientSecretProvided ? null : '',
+      wellKnownUrl: authenticationPortal.wellKnownUrl,
+      autoProvisionUsers: authenticationPortal.autoProvisionUsers,
+      defaultOrganisationRole: authenticationPortal.defaultOrganisationRole,
+      allowedDomains: authenticationPortal.allowedDomains.join(' '),
+    },
+  });
+
+  const onSubmit = async (values: TProviderFormSchema) => {
+    const { enabled, clientId, clientSecret, wellKnownUrl } = values;
+
+    if (enabled && !clientId) {
+      form.setError('clientId', {
+        message: t`Client ID is required`,
+      });
+
+      return;
+    }
+
+    if (enabled && clientSecret === '') {
+      form.setError('clientSecret', {
+        message: t`Client secret is required`,
+      });
+
+      return;
+    }
+
+    if (enabled && !wellKnownUrl) {
+      form.setError('wellKnownUrl', {
+        message: t`Well-known URL is required`,
+      });
+
+      return;
+    }
+
+    try {
+      await updateOrganisationAuthenticationPortal({
+        organisationId: organisation.id,
+        data: {
+          enabled,
+          clientId,
+          clientSecret: values.clientSecret ?? undefined,
+          wellKnownUrl,
+          autoProvisionUsers: values.autoProvisionUsers,
+          defaultOrganisationRole: values.defaultOrganisationRole,
+          allowedDomains: values.allowedDomains.split(' ').filter(Boolean),
+        },
+      });
+
+      toast({
+        title: t`Success`,
+        description: t`Provider has been updated successfully`,
+        duration: 5000,
+      });
+    } catch (err) {
+      console.error(err);
+
+      toast({
+        title: t`An error occurred`,
+        description: t`We couldn't update the provider. Please try again.`,
+        variant: 'destructive',
+      });
+    }
+  };
+
+  const isSsoEnabled = form.watch('enabled');
+
+  return (
+    <Form {...form}>
+      <form onSubmit={form.handleSubmit(onSubmit)}>
+        <fieldset disabled={form.formState.isSubmitting} className="space-y-6">
+          <div className="space-y-2">
+            <Label>
+              <Trans>Organisation authentication portal URL</Trans>
+            </Label>
+
+            <div className="relative">
+              <Input
+                className="pr-12"
+                disabled
+                value={formatOrganisationLoginUrl(organisation.url)}
+              />
+              <div className="absolute bottom-0 right-2 top-0 flex items-center justify-center">
+                <CopyTextButton
+                  value={formatOrganisationLoginUrl(organisation.url)}
+                  onCopySuccess={() => toast({ title: t`Copied to clipboard` })}
+                />
+              </div>
+            </div>
+
+            <p className="text-muted-foreground text-xs">
+              <Trans>This is the URL which users will use to sign in to your organisation.</Trans>
+            </p>
+          </div>
+
+          <div className="space-y-2">
+            <Label>
+              <Trans>Redirect URI</Trans>
+            </Label>
+
+            <div className="relative">
+              <Input
+                className="pr-12"
+                disabled
+                value={formatOrganisationCallbackUrl(organisation.url)}
+              />
+              <div className="absolute bottom-0 right-2 top-0 flex items-center justify-center">
+                <CopyTextButton
+                  value={formatOrganisationCallbackUrl(organisation.url)}
+                  onCopySuccess={() => toast({ title: t`Copied to clipboard` })}
+                />
+              </div>
+            </div>
+
+            <p className="text-muted-foreground text-xs">
+              <Trans>Add this URL to your provider's allowed redirect URIs</Trans>
+            </p>
+          </div>
+
+          <div className="space-y-2">
+            <Label>
+              <Trans>Required scopes</Trans>
+            </Label>
+
+            <Input className="pr-12" disabled value={`openid profile email`} />
+
+            <p className="text-muted-foreground text-xs">
+              <Trans>This is the required scopes you must set in your provider's settings</Trans>
+            </p>
+          </div>
+
+          <FormField
+            control={form.control}
+            name="wellKnownUrl"
+            render={({ field }) => (
+              <FormItem>
+                <FormLabel required={isSsoEnabled}>
+                  <Trans>Issuer URL</Trans>
+                </FormLabel>
+                <FormControl>
+                  <Input
+                    placeholder={'https://your-provider.com/.well-known/openid-configuration'}
+                    {...field}
+                  />
+                </FormControl>
+
+                {!form.formState.errors.wellKnownUrl && (
+                  <p className="text-muted-foreground text-xs">
+                    <Trans>The OpenID discovery endpoint URL for your provider</Trans>
+                  </p>
+                )}
+                <FormMessage />
+              </FormItem>
+            )}
+          />
+
+          <div className="grid grid-cols-1 gap-4 md:grid-cols-2">
+            <FormField
+              control={form.control}
+              name="clientId"
+              render={({ field }) => (
+                <FormItem>
+                  <FormLabel required={isSsoEnabled}>
+                    <Trans>Client ID</Trans>
+                  </FormLabel>
+                  <FormControl>
+                    <Input id="client-id" {...field} />
+                  </FormControl>
+                  <FormMessage />
+                </FormItem>
+              )}
+            />
+
+            <FormField
+              control={form.control}
+              name="clientSecret"
+              render={({ field }) => (
+                <FormItem>
+                  <FormLabel required={isSsoEnabled}>
+                    <Trans>Client Secret</Trans>
+                  </FormLabel>
+                  <FormControl>
+                    <Input
+                      id="client-secret"
+                      type="password"
+                      {...field}
+                      value={field.value === null ? '**********************' : field.value}
+                    />
+                  </FormControl>
+                  <FormMessage />
+                </FormItem>
+              )}
+            />
+          </div>
+
+          <FormField
+            control={form.control}
+            name="defaultOrganisationRole"
+            render={({ field }) => (
+              <FormItem>
+                <FormLabel>
+                  <Trans>Default Organisation Role for New Users</Trans>
+                </FormLabel>
+                <FormControl>
+                  <Select value={field.value} onValueChange={field.onChange}>
+                    <SelectTrigger>
+                      <SelectValue placeholder={t`Select default role`} />
+                    </SelectTrigger>
+                    <SelectContent>
+                      {ORGANISATION_MEMBER_ROLE_HIERARCHY[OrganisationMemberRole.MANAGER].map(
+                        (role) => (
+                          <SelectItem key={role} value={role}>
+                            {t(ORGANISATION_MEMBER_ROLE_MAP[role])}
+                          </SelectItem>
+                        ),
+                      )}
+                    </SelectContent>
+                  </Select>
+                </FormControl>
+                <FormMessage />
+              </FormItem>
+            )}
+          />
+
+          <FormField
+            control={form.control}
+            name="allowedDomains"
+            render={({ field }) => (
+              <FormItem>
+                <FormLabel>
+                  <Trans>Allowed Email Domains</Trans>
+                </FormLabel>
+                <FormControl>
+                  <Textarea
+                    {...field}
+                    placeholder={t`your-domain.com another-domain.com`}
+                    className="min-h-[80px]"
+                  />
+                </FormControl>
+
+                {!form.formState.errors.allowedDomains && (
+                  <p className="text-muted-foreground text-xs">
+                    <Trans>
+                      Space-separated list of domains. Leave empty to allow all domains.
+                    </Trans>
+                  </p>
+                )}
+
+                <FormMessage />
+              </FormItem>
+            )}
+          />
+
+          {/* Todo: This is just dummy toggle, we need to decide what this does first. */}
+          {/* <FormField
+            control={form.control}
+            name="autoProvisionUsers"
+            render={({ field }) => (
+              <FormItem className="flex items-center justify-between rounded-lg border px-4 py-3">
+                <div className="space-y-0.5">
+                  <FormLabel>
+                    <Trans>Auto-provision Users</Trans>
+                  </FormLabel>
+                  <p className="text-muted-foreground text-sm">
+                    <Trans>Automatically create accounts for new users on first login</Trans>
+                  </p>
+                </div>
+                <FormControl>
+                  <Switch checked={field.value} onCheckedChange={field.onChange} />
+                </FormControl>
+                <FormMessage />
+              </FormItem>
+            )}
+          /> */}
+
+          <FormField
+            control={form.control}
+            name="enabled"
+            render={({ field }) => (
+              <FormItem className="flex items-center justify-between rounded-lg border px-4 py-3">
+                <div className="space-y-0.5">
+                  <FormLabel>
+                    <Trans>Enable SSO portal</Trans>
+                  </FormLabel>
+                  <p className="text-muted-foreground text-sm">
+                    <Trans>Whether to enable the SSO portal for your organisation</Trans>
+                  </p>
+                </div>
+                <FormControl>
+                  <Switch checked={field.value} onCheckedChange={field.onChange} />
+                </FormControl>
+                <FormMessage />
+              </FormItem>
+            )}
+          />
+
+          <Alert variant="warning">
+            <AlertDescription>
+              <Trans>
+                Please note that anyone who signs in through your portal will be added to your
+                organisation as a member.
+              </Trans>
+            </AlertDescription>
+          </Alert>
+
+          <div className="flex justify-end gap-2">
+            <Button loading={form.formState.isSubmitting} type="submit">
+              <Trans>Update</Trans>
+            </Button>
+          </div>
+        </fieldset>
+      </form>
+    </Form>
+  );
+};
diff --git a/apps/remix/app/routes/_authenticated+/settings+/security._index.tsx b/apps/remix/app/routes/_authenticated+/settings+/security._index.tsx
index eacaaf4fc..5d878d971 100644
--- a/apps/remix/app/routes/_authenticated+/settings+/security._index.tsx
+++ b/apps/remix/app/routes/_authenticated+/settings+/security._index.tsx
@@ -192,6 +192,27 @@ export default function SettingsSecurity({ loaderData }: Route.ComponentProps) {
           </Link>
         </Button>
       </Alert>
+
+      <Alert
+        className="mt-6 flex flex-col justify-between p-6 sm:flex-row sm:items-center"
+        variant="neutral"
+      >
+        <div className="mb-4 mr-4 sm:mb-0">
+          <AlertTitle>
+            <Trans>Linked Accounts</Trans>
+          </AlertTitle>
+
+          <AlertDescription className="mr-2">
+            <Trans>View and manage all login methods linked to your account.</Trans>
+          </AlertDescription>
+        </div>
+
+        <Button asChild variant="outline" className="bg-background">
+          <Link to="/settings/security/linked-accounts">
+            <Trans>Manage linked accounts</Trans>
+          </Link>
+        </Button>
+      </Alert>
     </div>
   );
 }
diff --git a/apps/remix/app/routes/_authenticated+/settings+/security.linked-accounts.tsx b/apps/remix/app/routes/_authenticated+/settings+/security.linked-accounts.tsx
new file mode 100644
index 000000000..1c9c57914
--- /dev/null
+++ b/apps/remix/app/routes/_authenticated+/settings+/security.linked-accounts.tsx
@@ -0,0 +1,179 @@
+import { useMemo, useState } from 'react';
+
+import { useLingui } from '@lingui/react/macro';
+import { Trans } from '@lingui/react/macro';
+import { useQuery } from '@tanstack/react-query';
+import { DateTime } from 'luxon';
+
+import { authClient } from '@documenso/auth/client';
+import { Button } from '@documenso/ui/primitives/button';
+import type { DataTableColumnDef } from '@documenso/ui/primitives/data-table';
+import { DataTable } from '@documenso/ui/primitives/data-table';
+import {
+  Dialog,
+  DialogContent,
+  DialogDescription,
+  DialogFooter,
+  DialogHeader,
+  DialogTitle,
+  DialogTrigger,
+} from '@documenso/ui/primitives/dialog';
+import { Skeleton } from '@documenso/ui/primitives/skeleton';
+import { TableCell } from '@documenso/ui/primitives/table';
+import { useToast } from '@documenso/ui/primitives/use-toast';
+
+import { SettingsHeader } from '~/components/general/settings-header';
+import { appMetaTags } from '~/utils/meta';
+
+export function meta() {
+  return appMetaTags('Linked Accounts');
+}
+
+export default function SettingsSecurityLinkedAccounts() {
+  const { t } = useLingui();
+
+  const { data, isLoading, isLoadingError, refetch } = useQuery({
+    queryKey: ['linked-accounts'],
+    queryFn: async () => await authClient.account.getMany(),
+  });
+
+  const results = data?.accounts ?? [];
+
+  const columns = useMemo(() => {
+    return [
+      {
+        header: t`Provider`,
+        accessorKey: 'provider',
+        cell: ({ row }) => row.original.provider,
+      },
+      {
+        header: t`Linked At`,
+        accessorKey: 'createdAt',
+        cell: ({ row }) =>
+          row.original.createdAt
+            ? DateTime.fromJSDate(row.original.createdAt).toRelative()
+            : t`Unknown`,
+      },
+      {
+        id: 'actions',
+        cell: ({ row }) => (
+          <AccountUnlinkDialog
+            accountId={row.original.id}
+            provider={row.original.provider}
+            onSuccess={refetch}
+          />
+        ),
+      },
+    ] satisfies DataTableColumnDef<(typeof results)[number]>[];
+  }, []);
+
+  return (
+    <div>
+      <SettingsHeader
+        title={t`Linked Accounts`}
+        subtitle={t`View and manage all login methods linked to your account.`}
+      />
+
+      <div className="mt-4">
+        <DataTable
+          columns={columns}
+          data={results}
+          hasFilters={false}
+          error={{
+            enable: isLoadingError,
+          }}
+          skeleton={{
+            enable: isLoading,
+            rows: 3,
+            component: (
+              <>
+                <TableCell>
+                  <Skeleton className="h-4 w-40 rounded-full" />
+                </TableCell>
+                <TableCell>
+                  <Skeleton className="h-4 w-24 rounded-full" />
+                </TableCell>
+                <TableCell>
+                  <Skeleton className="h-8 w-16 rounded" />
+                </TableCell>
+              </>
+            ),
+          }}
+        />
+      </div>
+    </div>
+  );
+}
+
+type AccountUnlinkDialogProps = {
+  accountId: string;
+  provider: string;
+  onSuccess: () => Promise<unknown>;
+};
+
+const AccountUnlinkDialog = ({ accountId, onSuccess, provider }: AccountUnlinkDialogProps) => {
+  const { toast } = useToast();
+  const { t } = useLingui();
+
+  const [isLoading, setIsLoading] = useState(false);
+  const [open, setOpen] = useState(false);
+
+  const handleRevoke = async () => {
+    setIsLoading(true);
+
+    try {
+      await authClient.account.delete(accountId);
+
+      await onSuccess();
+
+      toast({
+        title: t`Account unlinked`,
+      });
+    } catch (error) {
+      console.error(error);
+
+      toast({
+        title: t`Error`,
+        description: t`Failed to unlink account`,
+        variant: 'destructive',
+      });
+    }
+
+    setIsLoading(false);
+  };
+
+  return (
+    <Dialog open={open} onOpenChange={(value) => !isLoading && setOpen(value)}>
+      <DialogTrigger asChild>
+        <Button variant="destructive" size="sm">
+          <Trans>Unlink</Trans>
+        </Button>
+      </DialogTrigger>
+
+      <DialogContent position="center">
+        <DialogHeader>
+          <DialogTitle>
+            <Trans>Are you sure?</Trans>
+          </DialogTitle>
+
+          <DialogDescription className="mt-4">
+            <Trans>
+              You are about to remove the <span className="font-semibold">{provider}</span> login
+              method from your account.
+            </Trans>
+          </DialogDescription>
+        </DialogHeader>
+
+        <DialogFooter>
+          <Button type="button" variant="secondary" onClick={() => setOpen(false)}>
+            <Trans>Cancel</Trans>
+          </Button>
+
+          <Button variant="destructive" loading={isLoading} onClick={handleRevoke}>
+            <Trans>Unlink</Trans>
+          </Button>
+        </DialogFooter>
+      </DialogContent>
+    </Dialog>
+  );
+};
diff --git a/apps/remix/app/routes/_unauthenticated+/o.$orgUrl.signin.tsx b/apps/remix/app/routes/_unauthenticated+/o.$orgUrl.signin.tsx
new file mode 100644
index 000000000..1a1e26350
--- /dev/null
+++ b/apps/remix/app/routes/_unauthenticated+/o.$orgUrl.signin.tsx
@@ -0,0 +1,218 @@
+import { useState } from 'react';
+
+import { msg } from '@lingui/core/macro';
+import { Trans, useLingui } from '@lingui/react/macro';
+import { MailsIcon } from 'lucide-react';
+import { Link, redirect, useSearchParams } from 'react-router';
+
+import { authClient } from '@documenso/auth/client';
+import { getOptionalSession } from '@documenso/auth/server/lib/utils/get-session';
+import { AppError, AppErrorCode } from '@documenso/lib/errors/app-error';
+import { prisma } from '@documenso/prisma';
+import { Button } from '@documenso/ui/primitives/button';
+import { Checkbox } from '@documenso/ui/primitives/checkbox';
+import { useToast } from '@documenso/ui/primitives/use-toast';
+
+import { GenericErrorLayout } from '~/components/general/generic-error-layout';
+import { appMetaTags } from '~/utils/meta';
+
+import type { Route } from './+types/o.$orgUrl.signin';
+
+export function meta() {
+  return appMetaTags('Sign In');
+}
+
+export function ErrorBoundary() {
+  return (
+    <GenericErrorLayout
+      errorCode={404}
+      errorCodeMap={{
+        404: {
+          heading: msg`Authentication Portal Not Found`,
+          subHeading: msg`404 Not Found`,
+          message: msg`The organisation authentication portal does not exist, or is not configured`,
+        },
+      }}
+      primaryButton={
+        <Button asChild>
+          <Link to={`/`}>
+            <Trans>Go back</Trans>
+          </Link>
+        </Button>
+      }
+      secondaryButton={null}
+    />
+  );
+}
+
+export async function loader({ request, params }: Route.LoaderArgs) {
+  const { isAuthenticated, user } = await getOptionalSession(request);
+
+  const orgUrl = params.orgUrl;
+
+  const organisation = await prisma.organisation.findFirst({
+    where: {
+      url: orgUrl,
+    },
+    select: {
+      name: true,
+      organisationClaim: true,
+      organisationAuthenticationPortal: {
+        select: {
+          enabled: true,
+        },
+      },
+      members: {
+        select: {
+          userId: true,
+        },
+      },
+    },
+  });
+
+  if (
+    !organisation ||
+    !organisation.organisationAuthenticationPortal.enabled ||
+    !organisation.organisationClaim.flags.authenticationPortal
+  ) {
+    throw new AppError(AppErrorCode.NOT_FOUND, {
+      message: 'Organisation not found',
+    });
+  }
+
+  // Redirect to organisation if already signed in and a member of the organisation.
+  if (isAuthenticated && user && organisation.members.find((member) => member.userId === user.id)) {
+    throw redirect(`/o/${orgUrl}`);
+  }
+
+  return {
+    organisationName: organisation.name,
+    orgUrl,
+  };
+}
+
+export default function OrganisationSignIn({ loaderData }: Route.ComponentProps) {
+  const [searchParams] = useSearchParams();
+
+  const { organisationName, orgUrl } = loaderData;
+
+  const { t } = useLingui();
+  const { toast } = useToast();
+
+  const [isSubmitting, setIsSubmitting] = useState(false);
+  const [isConfirmationChecked, setIsConfirmationChecked] = useState(false);
+
+  const action = searchParams.get('action');
+
+  const onSignInWithOIDCClick = async () => {
+    setIsSubmitting(true);
+
+    try {
+      await authClient.oidc.org.signIn({
+        orgUrl,
+      });
+    } catch (err) {
+      toast({
+        title: t`An unknown error occurred`,
+        description: t`We encountered an unknown error while attempting to sign you In. Please try again later.`,
+        variant: 'destructive',
+      });
+    }
+
+    setIsSubmitting(false);
+  };
+
+  if (action === 'verification-required') {
+    return (
+      <div className="w-screen max-w-lg px-4">
+        <div className="flex items-start">
+          <div className="mr-4 mt-1 hidden md:block">
+            <MailsIcon className="text-primary h-10 w-10" strokeWidth={2} />
+          </div>
+          <div className="">
+            <h2 className="text-2xl font-bold md:text-4xl">
+              <Trans>Confirmation email sent</Trans>
+            </h2>
+
+            <p className="text-muted-foreground mt-4">
+              <Trans>
+                To gain access to your account, please confirm your email address by clicking on the
+                confirmation link from your inbox.
+              </Trans>
+            </p>
+
+            <div className="mt-4 flex items-center gap-x-2">
+              <Button asChild>
+                <Link to={`/o/${orgUrl}/signin`} replace>
+                  <Trans>Return</Trans>
+                </Link>
+              </Button>
+            </div>
+          </div>
+        </div>
+      </div>
+    );
+  }
+
+  return (
+    <div className="w-screen max-w-lg px-4">
+      <div className="border-border dark:bg-background z-10 rounded-xl border bg-neutral-100 p-6">
+        <h1 className="text-2xl font-semibold">
+          <Trans>Welcome to {organisationName}</Trans>
+        </h1>
+
+        <p className="text-muted-foreground mt-2 text-sm">
+          <Trans>Sign in to your account</Trans>
+        </p>
+
+        <hr className="-mx-6 my-4" />
+
+        <div className="mb-4 flex items-center gap-x-2">
+          <Checkbox
+            id={`flag-3rd-party-service`}
+            checked={isConfirmationChecked}
+            onCheckedChange={(checked) =>
+              setIsConfirmationChecked(checked === 'indeterminate' ? false : checked)
+            }
+          />
+
+          <label
+            className="text-muted-foreground ml-2 flex flex-row items-center text-sm"
+            htmlFor={`flag-3rd-party-service`}
+          >
+            <Trans>
+              I understand that I am providing my credentials to a 3rd party service configured by
+              this organisation
+            </Trans>
+          </label>
+        </div>
+
+        <Button
+          type="button"
+          size="lg"
+          variant="outline"
+          className="bg-background w-full"
+          loading={isSubmitting}
+          disabled={!isConfirmationChecked}
+          onClick={onSignInWithOIDCClick}
+        >
+          <Trans>Sign In</Trans>
+        </Button>
+
+        <div className="relative mt-2 flex items-center justify-center gap-x-4 py-2 text-xs uppercase">
+          <div className="bg-border h-px flex-1" />
+          <span className="text-muted-foreground bg-transparent">
+            <Trans>OR</Trans>
+          </span>
+          <div className="bg-border h-px flex-1" />
+        </div>
+
+        <div className="text-muted-foreground mt-1 flex items-center justify-center text-xs">
+          <Link to="/signin">
+            <Trans>Return to Documenso sign in page here</Trans>
+          </Link>
+        </div>
+      </div>
+    </div>
+  );
+}
diff --git a/apps/remix/app/routes/_unauthenticated+/organisation.sso.confirmation.$token.tsx b/apps/remix/app/routes/_unauthenticated+/organisation.sso.confirmation.$token.tsx
new file mode 100644
index 000000000..ac6869c89
--- /dev/null
+++ b/apps/remix/app/routes/_unauthenticated+/organisation.sso.confirmation.$token.tsx
@@ -0,0 +1,333 @@
+import { useState } from 'react';
+
+import { msg } from '@lingui/core/macro';
+import { Trans } from '@lingui/react/macro';
+import { AlertTriangle, Building2, Database, Eye, Settings, UserCircle2 } from 'lucide-react';
+import { data, isRouteErrorResponse } from 'react-router';
+import { useNavigate } from 'react-router';
+import { match } from 'ts-pattern';
+
+import { ORGANISATION_ACCOUNT_LINK_VERIFICATION_TOKEN_IDENTIFIER } from '@documenso/lib/constants/organisations';
+import { ZOrganisationAccountLinkMetadataSchema } from '@documenso/lib/types/organisation';
+import { formatAvatarUrl } from '@documenso/lib/utils/avatars';
+import { formatOrganisationLoginPath } from '@documenso/lib/utils/organisation-authentication-portal';
+import { extractInitials } from '@documenso/lib/utils/recipient-formatter';
+import { prisma } from '@documenso/prisma';
+import { trpc } from '@documenso/trpc/react';
+import { Alert, AlertDescription } from '@documenso/ui/primitives/alert';
+import { AvatarWithText } from '@documenso/ui/primitives/avatar';
+import { Badge } from '@documenso/ui/primitives/badge';
+import { Button } from '@documenso/ui/primitives/button';
+import {
+  Card,
+  CardContent,
+  CardDescription,
+  CardFooter,
+  CardHeader,
+  CardTitle,
+} from '@documenso/ui/primitives/card';
+import { Checkbox } from '@documenso/ui/primitives/checkbox';
+import { Separator } from '@documenso/ui/primitives/separator';
+import { useToast } from '@documenso/ui/primitives/use-toast';
+
+import { GenericErrorLayout, defaultErrorCodeMap } from '~/components/general/generic-error-layout';
+
+import type { Route } from './+types/organisation.sso.confirmation.$token';
+
+export function ErrorBoundary({ error }: Route.ErrorBoundaryProps) {
+  const errorCode = isRouteErrorResponse(error) ? error.data.type : 500;
+
+  const errorMap = match(errorCode)
+    .with('invalid-token', () => ({
+      subHeading: msg`400 Error`,
+      heading: msg`Invalid Token`,
+      message: msg`The token is invalid or has expired.`,
+    }))
+    .otherwise(() => defaultErrorCodeMap[500]);
+
+  return (
+    <GenericErrorLayout errorCode={500} errorCodeMap={{ 500: errorMap }} secondaryButton={null} />
+  );
+}
+
+export async function loader({ params }: Route.LoaderArgs) {
+  const { token } = params;
+
+  if (!token) {
+    throw data({
+      type: 'invalid-token',
+    });
+  }
+
+  const verificationToken = await prisma.verificationToken.findFirst({
+    where: {
+      token,
+      identifier: ORGANISATION_ACCOUNT_LINK_VERIFICATION_TOKEN_IDENTIFIER,
+    },
+    include: {
+      user: {
+        select: {
+          name: true,
+          email: true,
+          avatarImageId: true,
+        },
+      },
+    },
+  });
+
+  if (!verificationToken || verificationToken.expires < new Date()) {
+    throw data({
+      type: 'invalid-token',
+    });
+  }
+
+  const metadata = ZOrganisationAccountLinkMetadataSchema.safeParse(verificationToken.metadata);
+
+  if (!metadata.success) {
+    throw data({
+      type: 'invalid-token',
+    });
+  }
+
+  const organisation = await prisma.organisation.findFirst({
+    where: {
+      id: metadata.data.organisationId,
+    },
+    select: {
+      name: true,
+      url: true,
+      avatarImageId: true,
+    },
+  });
+
+  if (!organisation) {
+    throw data({
+      type: 'invalid-token',
+    });
+  }
+
+  return {
+    token,
+    type: metadata.data.type,
+    user: {
+      name: verificationToken.user.name,
+      email: verificationToken.user.email,
+      avatar: verificationToken.user.avatarImageId,
+    },
+    organisation: {
+      name: organisation.name,
+      url: organisation.url,
+      avatar: organisation.avatarImageId,
+    },
+  } as const;
+}
+
+export default function OrganisationSsoConfirmationTokenPage({ loaderData }: Route.ComponentProps) {
+  const { token, type, user, organisation } = loaderData;
+
+  const { toast } = useToast();
+  const navigate = useNavigate();
+
+  const [isConfirmationChecked, setIsConfirmationChecked] = useState(false);
+
+  const { mutate: declineLinkOrganisationAccount, isPending: isDeclining } =
+    trpc.enterprise.organisation.authenticationPortal.declineLinkAccount.useMutation({
+      onSuccess: async () => {
+        await navigate('/');
+
+        toast({
+          title: 'Account link declined',
+        });
+      },
+      onError: (error) => {
+        toast({
+          title: 'Error declining account link',
+          description: error.message,
+        });
+      },
+    });
+
+  const { mutate: linkOrganisationAccount, isPending: isLinking } =
+    trpc.enterprise.organisation.authenticationPortal.linkAccount.useMutation({
+      onSuccess: async () => {
+        await navigate(formatOrganisationLoginPath(organisation.url));
+
+        toast({
+          title: 'Account linked successfully',
+        });
+      },
+      onError: (error) => {
+        toast({
+          title: 'Error linking account',
+          description: error.message,
+        });
+      },
+    });
+
+  return (
+    <div>
+      <Card className="w-full max-w-2xl border">
+        <CardHeader>
+          <CardTitle>
+            {type === 'link' ? (
+              <Trans>Account Linking Request</Trans>
+            ) : (
+              <Trans>Account Creation Request</Trans>
+            )}
+          </CardTitle>
+          <CardDescription>
+            {type === 'link' ? (
+              <Trans>
+                An organisation wants to link your account. Please review the details below.
+              </Trans>
+            ) : (
+              <Trans>
+                An organisation wants to create an account for you. Please review the details below.
+              </Trans>
+            )}
+          </CardDescription>
+        </CardHeader>
+
+        <CardContent className="space-y-6">
+          {/* Current User Section */}
+          <div className="space-y-3">
+            <h3 className="text-muted-foreground flex items-center gap-2 font-semibold">
+              <UserCircle2 className="h-4 w-4" />
+              <Trans>Your Account</Trans>
+            </h3>
+            <div className="bg-muted/50 flex items-center justify-between gap-3 rounded-lg p-3">
+              <AvatarWithText
+                avatarSrc={formatAvatarUrl(user.avatar)}
+                avatarFallback={extractInitials(user.name || user.email)}
+                primaryText={user.name}
+                secondaryText={user.email}
+              />
+
+              <Badge variant="secondary">
+                <Trans>Account</Trans>
+              </Badge>
+            </div>
+          </div>
+
+          <Separator />
+
+          {/* Organisation Section */}
+          <div className="space-y-3">
+            <h3 className="text-muted-foreground flex items-center gap-2 font-semibold">
+              <Building2 className="h-4 w-4" />
+              <Trans>Requesting Organisation</Trans>
+            </h3>
+            <div className="bg-muted/50 flex items-center justify-between gap-3 rounded-lg p-3">
+              <AvatarWithText
+                avatarSrc={formatAvatarUrl(organisation.avatar)}
+                avatarFallback={extractInitials(organisation.name)}
+                primaryText={organisation.name}
+                secondaryText={`/o/${organisation.url}`}
+              />
+
+              <Badge variant="secondary">
+                <Trans>Organisation</Trans>
+              </Badge>
+            </div>
+          </div>
+
+          <Separator />
+
+          {/* Warnings Section */}
+          <div className="space-y-3">
+            <h3 className="text-muted-foreground flex items-center gap-2 font-semibold">
+              <AlertTriangle className="h-4 w-4" />
+              <Trans>Important: What This Means</Trans>
+            </h3>
+            <div className="space-y-3 rounded-lg border p-4">
+              <p className="text-sm font-medium">
+                <Trans>
+                  By accepting this request, you grant {organisation.name} the following
+                  permissions:
+                </Trans>
+              </p>
+              <ul className="space-y-2 text-sm">
+                <li className="flex items-start gap-2">
+                  <Eye className="mt-0.5 h-4 w-4 flex-shrink-0" />
+                  <span>
+                    <Trans>
+                      <span className="text-muted-foreground font-semibold">
+                        Full account access:
+                      </span>{' '}
+                      View all your profile information, settings, and activity
+                    </Trans>
+                  </span>
+                </li>
+                <li className="flex items-start gap-2">
+                  <Settings className="mt-0.5 h-4 w-4 flex-shrink-0" />
+                  <span>
+                    <Trans>
+                      <span className="text-muted-foreground font-semibold">
+                        Account management:
+                      </span>{' '}
+                      Modify your account settings, permissions, and preferences
+                    </Trans>
+                  </span>
+                </li>
+                <li className="flex items-start gap-2">
+                  <Database className="mt-0.5 h-4 w-4 flex-shrink-0" />
+                  <span>
+                    <Trans>
+                      <span className="text-muted-foreground font-semibold">Data access:</span>{' '}
+                      Access all data associated with your account
+                    </Trans>
+                  </span>
+                </li>
+              </ul>
+
+              <Alert variant="warning" className="mt-3">
+                <AlertDescription>
+                  <Trans>
+                    This organisation will have administrative control over your account. You can
+                    revoke this access later, but they will retain access to any data they've
+                    already collected.
+                  </Trans>
+                </AlertDescription>
+              </Alert>
+            </div>
+          </div>
+
+          <div className="mb-4 flex items-center gap-x-2">
+            <Checkbox
+              id={`accept-conditions`}
+              checked={isConfirmationChecked}
+              onCheckedChange={(checked) =>
+                setIsConfirmationChecked(checked === 'indeterminate' ? false : checked)
+              }
+            />
+
+            <label
+              className="text-muted-foreground ml-2 flex flex-row items-center text-sm"
+              htmlFor={`accept-conditions`}
+            >
+              <Trans>I agree to link my account with this organization</Trans>
+            </label>
+          </div>
+        </CardContent>
+
+        <CardFooter className="flex justify-end gap-3">
+          <Button
+            variant="outline"
+            disabled={isDeclining || isLinking}
+            onClick={() => declineLinkOrganisationAccount({ token })}
+          >
+            <Trans>Decline</Trans>
+          </Button>
+
+          <Button
+            disabled={!isConfirmationChecked || isDeclining || isLinking}
+            loading={isLinking}
+            onClick={() => linkOrganisationAccount({ token })}
+          >
+            <Trans>Accept & Link Account</Trans>
+          </Button>
+        </CardFooter>
+      </Card>
+    </div>
+  );
+}
diff --git a/apps/remix/public/static/building-2.png b/apps/remix/public/static/building-2.png
new file mode 100644
index 0000000000000000000000000000000000000000..f9c7266e66b801d37a93d45250441d47df8150df
GIT binary patch
literal 297
zcmV+^0oMMBP)<h;3K|Lk000e1NJLTq000;O000;W1^@s6;CDUv0002+Nkl<ZNK0d6
zpfO;?VZH=VybFlkfLNS>8(sqCcL8x35WhfIi_3x)K!xEXdTu39eFU)<ya6f{24Z_4
zK19GGkeUNP4ALV?tOfs}3UT=m-5i|iaT$QFVL#AB2Q*Vbu6Bfq4Sov<#W%%1Al3qq
zI+SEf?KnVo2sqhN+X9ezD9ILP0j``&ZZd_(3CsXoIhSe{pyyml^8tnr&<&)!1;i#(
zSdfzJ1DabvYFR|G4`^-y#X<BMXo3h*1w%=F;0!cp53B+rl+g&e9G^TW^F|^U6}><K
vS8UZDiMD`B)15#JY6QF_wkROc4uo<5zKmTN6uGVr00000NkvXXu0mjfj~HpU

literal 0
HcmV?d00001

diff --git a/packages/auth/client/index.ts b/packages/auth/client/index.ts
index e99573af6..5acf23c4c 100644
--- a/packages/auth/client/index.ts
+++ b/packages/auth/client/index.ts
@@ -7,6 +7,7 @@ import { AppError } from '@documenso/lib/errors/app-error';
 
 import type { AuthAppType } from '../server';
 import type { SessionValidationResult } from '../server/lib/session/session';
+import type { PartialAccount } from '../server/lib/utils/get-accounts';
 import type { ActiveSession } from '../server/lib/utils/get-session';
 import { handleSignInRedirect } from '../server/lib/utils/redirect';
 import type {
@@ -96,6 +97,25 @@ export class AuthClient {
     }
   }
 
+  public account = {
+    getMany: async () => {
+      const response = await this.client['accounts'].$get();
+
+      await this.handleError(response);
+
+      const result = await response.json();
+
+      return superjson.deserialize<{ accounts: PartialAccount[] }>(result);
+    },
+    delete: async (accountId: string) => {
+      const response = await this.client['account'][':accountId'].$delete({
+        param: { accountId },
+      });
+
+      await this.handleError(response);
+    },
+  };
+
   public emailPassword = {
     signIn: async (data: Omit<TEmailPasswordSignin, 'csrfToken'> & { csrfToken?: string }) => {
       let csrfToken = data.csrfToken;
@@ -214,6 +234,22 @@ export class AuthClient {
         window.location.href = data.redirectUrl;
       }
     },
+    org: {
+      signIn: async ({ orgUrl }: { orgUrl: string }) => {
+        const response = await this.client['oauth'].authorize.oidc.org[':orgUrl'].$post({
+          param: { orgUrl },
+        });
+
+        await this.handleError(response);
+
+        const data = await response.json();
+
+        // Redirect to external OIDC provider URL.
+        if (data.redirectUrl) {
+          window.location.href = data.redirectUrl;
+        }
+      },
+    },
   };
 }
 
diff --git a/packages/auth/server/index.ts b/packages/auth/server/index.ts
index 5f85d5b2a..1bdc40ee3 100644
--- a/packages/auth/server/index.ts
+++ b/packages/auth/server/index.ts
@@ -7,6 +7,7 @@ import { AppError, AppErrorCode } from '@documenso/lib/errors/app-error';
 import { extractRequestMetadata } from '@documenso/lib/universal/extract-request-metadata';
 
 import { setCsrfCookie } from './lib/session/session-cookies';
+import { accountRoute } from './routes/account';
 import { callbackRoute } from './routes/callback';
 import { emailPasswordRoute } from './routes/email-password';
 import { oauthRoute } from './routes/oauth';
@@ -43,6 +44,7 @@ export const auth = new Hono<HonoAuthContext>()
   })
   .route('/', sessionRoute)
   .route('/', signOutRoute)
+  .route('/', accountRoute)
   .route('/callback', callbackRoute)
   .route('/oauth', oauthRoute)
   .route('/email-password', emailPasswordRoute)
diff --git a/packages/auth/server/lib/utils/delete-account-provider.ts b/packages/auth/server/lib/utils/delete-account-provider.ts
new file mode 100644
index 000000000..c1aebb2b6
--- /dev/null
+++ b/packages/auth/server/lib/utils/delete-account-provider.ts
@@ -0,0 +1,37 @@
+import { UserSecurityAuditLogType } from '@prisma/client';
+import type { Context } from 'hono';
+
+import { ORGANISATION_USER_ACCOUNT_TYPE } from '@documenso/lib/constants/organisations';
+import { prisma } from '@documenso/prisma';
+
+import { getSession } from './get-session';
+
+export const deleteAccountProvider = async (c: Context, accountId: string): Promise<void> => {
+  const { user } = await getSession(c);
+
+  const requestMeta = c.get('requestMetadata');
+
+  await prisma.$transaction(async (tx) => {
+    const deletedAccountProvider = await tx.account.delete({
+      where: {
+        id: accountId,
+        userId: user.id,
+      },
+      select: {
+        type: true,
+      },
+    });
+
+    await tx.userSecurityAuditLog.create({
+      data: {
+        userId: user.id,
+        ipAddress: requestMeta.ipAddress,
+        userAgent: requestMeta.userAgent,
+        type:
+          deletedAccountProvider.type === ORGANISATION_USER_ACCOUNT_TYPE
+            ? UserSecurityAuditLogType.ORGANISATION_SSO_UNLINK
+            : UserSecurityAuditLogType.ACCOUNT_SSO_UNLINK,
+      },
+    });
+  });
+};
diff --git a/packages/auth/server/lib/utils/get-accounts.ts b/packages/auth/server/lib/utils/get-accounts.ts
new file mode 100644
index 000000000..072196ac6
--- /dev/null
+++ b/packages/auth/server/lib/utils/get-accounts.ts
@@ -0,0 +1,32 @@
+import type { Context } from 'hono';
+
+import { prisma } from '@documenso/prisma';
+
+import { getSession } from './get-session';
+
+export type PartialAccount = {
+  id: string;
+  userId: number;
+  type: string;
+  provider: string;
+  providerAccountId: string;
+  createdAt: Date;
+};
+
+export const getAccounts = async (c: Context | Request): Promise<PartialAccount[]> => {
+  const { user } = await getSession(c);
+
+  return await prisma.account.findMany({
+    where: {
+      userId: user.id,
+    },
+    select: {
+      id: true,
+      userId: true,
+      type: true,
+      provider: true,
+      providerAccountId: true,
+      createdAt: true,
+    },
+  });
+};
diff --git a/packages/auth/server/lib/utils/handle-oauth-callback-url.ts b/packages/auth/server/lib/utils/handle-oauth-callback-url.ts
index 15fc1f7fa..34a3aa4fe 100644
--- a/packages/auth/server/lib/utils/handle-oauth-callback-url.ts
+++ b/packages/auth/server/lib/utils/handle-oauth-callback-url.ts
@@ -20,70 +20,10 @@ type HandleOAuthCallbackUrlOptions = {
 export const handleOAuthCallbackUrl = async (options: HandleOAuthCallbackUrlOptions) => {
   const { c, clientOptions } = options;
 
-  if (!clientOptions.clientId || !clientOptions.clientSecret) {
-    throw new AppError(AppErrorCode.NOT_SETUP);
-  }
-
-  const { token_endpoint } = await getOpenIdConfiguration(clientOptions.wellKnownUrl, {
-    requiredScopes: clientOptions.scope,
-  });
-
-  const oAuthClient = new OAuth2Client(
-    clientOptions.clientId,
-    clientOptions.clientSecret,
-    clientOptions.redirectUrl,
-  );
-
   const requestMeta = c.get('requestMetadata');
 
-  const code = c.req.query('code');
-  const state = c.req.query('state');
-
-  const storedState = deleteCookie(c, `${clientOptions.id}_oauth_state`);
-  const storedCodeVerifier = deleteCookie(c, `${clientOptions.id}_code_verifier`);
-  const storedRedirectPath = deleteCookie(c, `${clientOptions.id}_redirect_path`) ?? '';
-
-  if (!code || !storedState || state !== storedState || !storedCodeVerifier) {
-    throw new AppError(AppErrorCode.INVALID_REQUEST, {
-      message: 'Invalid or missing state',
-    });
-  }
-
-  // eslint-disable-next-line prefer-const
-  let [redirectState, redirectPath] = storedRedirectPath.split(' ');
-
-  if (redirectState !== storedState || !redirectPath) {
-    redirectPath = '/';
-  }
-
-  const tokens = await oAuthClient.validateAuthorizationCode(
-    token_endpoint,
-    code,
-    storedCodeVerifier,
-  );
-
-  const accessToken = tokens.accessToken();
-  const accessTokenExpiresAt = tokens.accessTokenExpiresAt();
-  const idToken = tokens.idToken();
-
-  // eslint-disable-next-line @typescript-eslint/consistent-type-assertions
-  const claims = decodeIdToken(tokens.idToken()) as Record<string, unknown>;
-
-  const email = claims.email;
-  const name = claims.name;
-  const sub = claims.sub;
-
-  if (typeof email !== 'string' || typeof name !== 'string' || typeof sub !== 'string') {
-    throw new AppError(AuthenticationErrorCode.InvalidRequest, {
-      message: 'Invalid claims',
-    });
-  }
-
-  if (claims.email_verified !== true && !clientOptions.bypassEmailVerification) {
-    throw new AppError(AuthenticationErrorCode.UnverifiedEmail, {
-      message: 'Account email is not verified',
-    });
-  }
+  const { email, name, sub, accessToken, accessTokenExpiresAt, idToken, redirectPath } =
+    await validateOauth({ c, clientOptions });
 
   // Find the account if possible.
   const existingAccount = await prisma.account.findFirst({
@@ -199,3 +139,92 @@ export const handleOAuthCallbackUrl = async (options: HandleOAuthCallbackUrlOpti
 
   return c.redirect(redirectPath, 302);
 };
+
+export const validateOauth = async (options: HandleOAuthCallbackUrlOptions) => {
+  const { c, clientOptions } = options;
+
+  if (!clientOptions.clientId || !clientOptions.clientSecret) {
+    throw new AppError(AppErrorCode.NOT_SETUP);
+  }
+
+  const { token_endpoint } = await getOpenIdConfiguration(clientOptions.wellKnownUrl, {
+    requiredScopes: clientOptions.scope,
+  });
+
+  const oAuthClient = new OAuth2Client(
+    clientOptions.clientId,
+    clientOptions.clientSecret,
+    clientOptions.redirectUrl,
+  );
+
+  const code = c.req.query('code');
+  const state = c.req.query('state');
+
+  const storedState = deleteCookie(c, `${clientOptions.id}_oauth_state`);
+  const storedCodeVerifier = deleteCookie(c, `${clientOptions.id}_code_verifier`);
+  const storedRedirectPath = deleteCookie(c, `${clientOptions.id}_redirect_path`) ?? '';
+
+  if (!code || !storedState || state !== storedState || !storedCodeVerifier) {
+    throw new AppError(AppErrorCode.INVALID_REQUEST, {
+      message: 'Invalid or missing state',
+    });
+  }
+
+  // eslint-disable-next-line prefer-const
+  let [redirectState, redirectPath] = storedRedirectPath.split(' ');
+
+  if (redirectState !== storedState || !redirectPath) {
+    redirectPath = '/';
+  }
+
+  const tokens = await oAuthClient.validateAuthorizationCode(
+    token_endpoint,
+    code,
+    storedCodeVerifier,
+  );
+
+  const accessToken = tokens.accessToken();
+  const accessTokenExpiresAt = tokens.accessTokenExpiresAt();
+  const idToken = tokens.idToken();
+
+  // eslint-disable-next-line @typescript-eslint/consistent-type-assertions
+  const claims = decodeIdToken(tokens.idToken()) as Record<string, unknown>;
+
+  const email = claims.email;
+  const name = claims.name;
+  const sub = claims.sub;
+
+  if (typeof email !== 'string') {
+    throw new AppError(AuthenticationErrorCode.InvalidRequest, {
+      message: 'Missing email',
+    });
+  }
+
+  if (typeof name !== 'string') {
+    throw new AppError(AuthenticationErrorCode.InvalidRequest, {
+      message: 'Missing name',
+    });
+  }
+
+  if (typeof sub !== 'string') {
+    throw new AppError(AuthenticationErrorCode.InvalidRequest, {
+      message: 'Missing sub claim',
+    });
+  }
+
+  if (claims.email_verified !== true && !clientOptions.bypassEmailVerification) {
+    throw new AppError(AuthenticationErrorCode.UnverifiedEmail, {
+      message: 'Account email is not verified',
+    });
+  }
+
+  return {
+    email,
+    name,
+    sub,
+    accessToken,
+    accessTokenExpiresAt,
+    idToken,
+    redirectPath,
+  };
+};
diff --git a/packages/auth/server/lib/utils/handle-oauth-organisation-callback-url.ts b/packages/auth/server/lib/utils/handle-oauth-organisation-callback-url.ts
new file mode 100644
index 000000000..d8cae91f0
--- /dev/null
+++ b/packages/auth/server/lib/utils/handle-oauth-organisation-callback-url.ts
@@ -0,0 +1,99 @@
+import type { Context } from 'hono';
+
+import { sendOrganisationAccountLinkConfirmationEmail } from '@documenso/ee/server-only/lib/send-organisation-account-link-confirmation-email';
+import { AppError } from '@documenso/lib/errors/app-error';
+import { onCreateUserHook } from '@documenso/lib/server-only/user/create-user';
+import { formatOrganisationLoginUrl } from '@documenso/lib/utils/organisation-authentication-portal';
+import { prisma } from '@documenso/prisma';
+
+import { AuthenticationErrorCode } from '../errors/error-codes';
+import { onAuthorize } from './authorizer';
+import { validateOauth } from './handle-oauth-callback-url';
+import { getOrganisationAuthenticationPortalOptions } from './organisation-portal';
+
+type HandleOAuthOrganisationCallbackUrlOptions = {
+  c: Context;
+  orgUrl: string;
+};
+
+export const handleOAuthOrganisationCallbackUrl = async (
+  options: HandleOAuthOrganisationCallbackUrlOptions,
+) => {
+  const { c, orgUrl } = options;
+
+  const { organisation, clientOptions } = await getOrganisationAuthenticationPortalOptions({
+    type: 'url',
+    organisationUrl: orgUrl,
+  });
+
+  const { email, name, sub, accessToken, accessTokenExpiresAt, idToken } = await validateOauth({
+    c,
+    clientOptions: {
+      ...clientOptions,
+      bypassEmailVerification: true, // Bypass for organisation OIDC because we manually verify the email.
+    },
+  });
+
+  const allowedDomains = organisation.organisationAuthenticationPortal.allowedDomains;
+
+  if (allowedDomains.length > 0 && !allowedDomains.some((domain) => email.endsWith(`@${domain}`))) {
+    throw new AppError(AuthenticationErrorCode.InvalidRequest, {
+      message: 'Email domain not allowed',
+    });
+  }
+
+  // Find the account if possible.
+  const existingAccount = await prisma.account.findFirst({
+    where: {
+      provider: clientOptions.id,
+      providerAccountId: sub,
+    },
+    include: {
+      user: true,
+    },
+  });
+
+  // Directly log in user if account already exists.
+  if (existingAccount) {
+    await onAuthorize({ userId: existingAccount.user.id }, c);
+
+    return c.redirect(`/o/${orgUrl}`, 302);
+  }
+
+  let userToLink = await prisma.user.findFirst({
+    where: {
+      email,
+    },
+  });
+
+  // Handle new user.
+  if (!userToLink) {
+    userToLink = await prisma.user.create({
+      data: {
+        email: email,
+        name: name,
+        emailVerified: null, // Do not verify email.
+      },
+    });
+
+    await onCreateUserHook(userToLink).catch((err) => {
+      // Todo: (RR7) Add logging.
+      console.error(err);
+    });
+  }
+
+  await sendOrganisationAccountLinkConfirmationEmail({
+    type: userToLink.emailVerified ? 'link' : 'create',
+    userId: userToLink.id,
+    organisationId: organisation.id,
+    organisationName: organisation.name,
+    oauthConfig: {
+      accessToken,
+      idToken,
+      providerAccountId: sub,
+      expiresAt: Math.floor(accessTokenExpiresAt.getTime() / 1000),
+    },
+  });
+
+  return c.redirect(`${formatOrganisationLoginUrl(orgUrl)}?action=verification-required`, 302);
+};
diff --git a/packages/auth/server/lib/utils/organisation-portal.ts b/packages/auth/server/lib/utils/organisation-portal.ts
new file mode 100644
index 000000000..a00c1d507
--- /dev/null
+++ b/packages/auth/server/lib/utils/organisation-portal.ts
@@ -0,0 +1,94 @@
+import { IS_BILLING_ENABLED } from '@documenso/lib/constants/app';
+import { DOCUMENSO_ENCRYPTION_KEY } from '@documenso/lib/constants/crypto';
+import { AppError, AppErrorCode } from '@documenso/lib/errors/app-error';
+import { symmetricDecrypt } from '@documenso/lib/universal/crypto';
+import { formatOrganisationCallbackUrl } from '@documenso/lib/utils/organisation-authentication-portal';
+import { prisma } from '@documenso/prisma';
+
+type GetOrganisationAuthenticationPortalOptions =
+  | {
+      type: 'url';
+      organisationUrl: string;
+    }
+  | {
+      type: 'id';
+      organisationId: string;
+    };
+
+export const getOrganisationAuthenticationPortalOptions = async (
+  options: GetOrganisationAuthenticationPortalOptions,
+) => {
+  const organisation = await prisma.organisation.findFirst({
+    where:
+      options.type === 'url'
+        ? {
+            url: options.organisationUrl,
+          }
+        : {
+            id: options.organisationId,
+          },
+    include: {
+      organisationClaim: true,
+      organisationAuthenticationPortal: true,
+      groups: true,
+    },
+  });
+
+  if (!organisation) {
+    throw new AppError(AppErrorCode.NOT_FOUND, {
+      message: 'Organisation not found',
+    });
+  }
+
+  if (!IS_BILLING_ENABLED()) {
+    throw new AppError(AppErrorCode.NOT_SETUP, {
+      message: 'Billing is not enabled',
+    });
+  }
+
+  if (
+    !organisation.organisationClaim.flags.authenticationPortal ||
+    !organisation.organisationAuthenticationPortal.enabled
+  ) {
+    throw new AppError(AppErrorCode.NOT_SETUP, {
+      message: 'Authentication portal is not enabled for this organisation',
+    });
+  }
+
+  const {
+    clientId,
+    clientSecret: encryptedClientSecret,
+    wellKnownUrl,
+  } = organisation.organisationAuthenticationPortal;
+
+  if (!clientId || !encryptedClientSecret || !wellKnownUrl) {
+    throw new AppError(AppErrorCode.NOT_SETUP, {
+      message: 'Authentication portal is not configured for this organisation',
+    });
+  }
+
+  if (!DOCUMENSO_ENCRYPTION_KEY) {
+    throw new AppError(AppErrorCode.NOT_SETUP, {
+      message: 'Encryption key is not set',
+    });
+  }
+
+  const clientSecret = Buffer.from(
+    symmetricDecrypt({ key: DOCUMENSO_ENCRYPTION_KEY, data: encryptedClientSecret }),
+  ).toString('utf-8');
+
+  return {
+    organisation,
+    clientId,
+    clientSecret,
+    wellKnownUrl,
+    clientOptions: {
+      id: organisation.id,
+      scope: ['openid', 'email', 'profile'],
+      clientId,
+      clientSecret,
+      redirectUrl: formatOrganisationCallbackUrl(organisation.url),
+      wellKnownUrl,
+    },
+  };
+};
diff --git a/packages/auth/server/routes/account.ts b/packages/auth/server/routes/account.ts
new file mode 100644
index 000000000..049c9c069
--- /dev/null
+++ b/packages/auth/server/routes/account.ts
@@ -0,0 +1,25 @@
+import { Hono } from 'hono';
+import superjson from 'superjson';
+
+import { deleteAccountProvider } from '../lib/utils/delete-account-provider';
+import { getAccounts } from '../lib/utils/get-accounts';
+
+export const accountRoute = new Hono()
+  /**
+   * Get all linked accounts.
+   */
+  .get('/accounts', async (c) => {
+    const accounts = await getAccounts(c);
+
+    return c.json(superjson.serialize({ accounts }));
+  })
+  /**
+   * Delete an account linking method.
+   */
+  .delete('/account/:accountId', async (c) => {
+    const accountId = c.req.param('accountId');
+
+    await deleteAccountProvider(c, accountId);
+
+    return c.json({ success: true });
+  });
diff --git a/packages/auth/server/routes/callback.ts b/packages/auth/server/routes/callback.ts
index 809f96f5a..d19309796 100644
--- a/packages/auth/server/routes/callback.ts
+++ b/packages/auth/server/routes/callback.ts
@@ -1,7 +1,10 @@
 import { Hono } from 'hono';
 
+import { AppError } from '@documenso/lib/errors/app-error';
+
 import { GoogleAuthOptions, OidcAuthOptions } from '../config';
 import { handleOAuthCallbackUrl } from '../lib/utils/handle-oauth-callback-url';
+import { handleOAuthOrganisationCallbackUrl } from '../lib/utils/handle-oauth-organisation-callback-url';
 import type { HonoAuthContext } from '../types/context';
 
 /**
@@ -14,6 +17,31 @@ export const callbackRoute = new Hono<HonoAuthContext>()
    */
   .get('/oidc', async (c) => handleOAuthCallbackUrl({ c, clientOptions: OidcAuthOptions }))
 
+  /**
+   * Organisation OIDC callback verification.
+   */
+  .get('/oidc/org/:orgUrl', async (c) => {
+    const orgUrl = c.req.param('orgUrl');
+
+    try {
+      return await handleOAuthOrganisationCallbackUrl({
+        c,
+        orgUrl,
+      });
+    } catch (err) {
+      console.error(err);
+
+      if (err instanceof Error) {
+        throw new AppError(err.name, {
+          message: err.message,
+          statusCode: 500,
+        });
+      }
+
+      throw err;
+    }
+  })
+
   /**
    * Google callback verification.
    */
diff --git a/packages/auth/server/routes/email-password.ts b/packages/auth/server/routes/email-password.ts
index 2353cfd41..b43d9f9a5 100644
--- a/packages/auth/server/routes/email-password.ts
+++ b/packages/auth/server/routes/email-password.ts
@@ -16,7 +16,7 @@ import { validateTwoFactorAuthentication } from '@documenso/lib/server-only/2fa/
 import { viewBackupCodes } from '@documenso/lib/server-only/2fa/view-backup-codes';
 import { createUser } from '@documenso/lib/server-only/user/create-user';
 import { forgotPassword } from '@documenso/lib/server-only/user/forgot-password';
-import { getMostRecentVerificationTokenByUserId } from '@documenso/lib/server-only/user/get-most-recent-verification-token-by-user-id';
+import { getMostRecentEmailVerificationToken } from '@documenso/lib/server-only/user/get-most-recent-email-verification-token';
 import { resetPassword } from '@documenso/lib/server-only/user/reset-password';
 import { updatePassword } from '@documenso/lib/server-only/user/update-password';
 import { verifyEmail } from '@documenso/lib/server-only/user/verify-email';
@@ -105,7 +105,7 @@ export const emailPasswordRoute = new Hono<HonoAuthContext>()
     }
 
     if (!user.emailVerified) {
-      const mostRecentToken = await getMostRecentVerificationTokenByUserId({
+      const mostRecentToken = await getMostRecentEmailVerificationToken({
         userId: user.id,
       });
 
diff --git a/packages/auth/server/routes/oauth.ts b/packages/auth/server/routes/oauth.ts
index 0eed4fba1..4a8346ba9 100644
--- a/packages/auth/server/routes/oauth.ts
+++ b/packages/auth/server/routes/oauth.ts
@@ -4,6 +4,7 @@ import { z } from 'zod';
 
 import { GoogleAuthOptions, OidcAuthOptions } from '../config';
 import { handleOAuthAuthorizeUrl } from '../lib/utils/handle-oauth-authorize-url';
+import { getOrganisationAuthenticationPortalOptions } from '../lib/utils/organisation-portal';
 import type { HonoAuthContext } from '../types/context';
 
 const ZOAuthAuthorizeSchema = z.object({
@@ -34,4 +35,20 @@ export const oauthRoute = new Hono<HonoAuthContext>()
       clientOptions: OidcAuthOptions,
       redirectPath,
     });
+  })
+  /**
+   * Organisation OIDC authorize endpoint.
+   */
+  .post('/authorize/oidc/org/:orgUrl', async (c) => {
+    const orgUrl = c.req.param('orgUrl');
+
+    const { clientOptions } = await getOrganisationAuthenticationPortalOptions({
+      type: 'url',
+      organisationUrl: orgUrl,
+    });
+
+    return await handleOAuthAuthorizeUrl({
+      c,
+      clientOptions,
+    });
   });
diff --git a/packages/ee/server-only/lib/link-organisation-account.ts b/packages/ee/server-only/lib/link-organisation-account.ts
new file mode 100644
index 000000000..29e296a0c
--- /dev/null
+++ b/packages/ee/server-only/lib/link-organisation-account.ts
@@ -0,0 +1,163 @@
+import { UserSecurityAuditLogType } from '@prisma/client';
+
+import { getOrganisationAuthenticationPortalOptions } from '@documenso/auth/server/lib/utils/organisation-portal';
+import { IS_BILLING_ENABLED } from '@documenso/lib/constants/app';
+import {
+  ORGANISATION_ACCOUNT_LINK_VERIFICATION_TOKEN_IDENTIFIER,
+  ORGANISATION_USER_ACCOUNT_TYPE,
+} from '@documenso/lib/constants/organisations';
+import { AppError, AppErrorCode } from '@documenso/lib/errors/app-error';
+import { addUserToOrganisation } from '@documenso/lib/server-only/organisation/accept-organisation-invitation';
+import { ZOrganisationAccountLinkMetadataSchema } from '@documenso/lib/types/organisation';
+import type { RequestMetadata } from '@documenso/lib/universal/extract-request-metadata';
+import { prisma } from '@documenso/prisma';
+
+export interface LinkOrganisationAccountOptions {
+  token: string;
+  requestMeta: RequestMetadata;
+}
+
+export const linkOrganisationAccount = async ({
+  token,
+  requestMeta,
+}: LinkOrganisationAccountOptions) => {
+  if (!IS_BILLING_ENABLED()) {
+    throw new AppError(AppErrorCode.INVALID_REQUEST, {
+      message: 'Billing is not enabled',
+    });
+  }
+
+  // Delete the token since it contains unnecessary sensitive data.
+  const verificationToken = await prisma.verificationToken.delete({
+    where: {
+      token,
+      identifier: ORGANISATION_ACCOUNT_LINK_VERIFICATION_TOKEN_IDENTIFIER,
+    },
+    include: {
+      user: {
+        select: {
+          id: true,
+          emailVerified: true,
+          accounts: {
+            select: {
+              provider: true,
+              providerAccountId: true,
+            },
+          },
+        },
+      },
+    },
+  });
+
+  if (!verificationToken) {
+    throw new AppError(AppErrorCode.INVALID_REQUEST, {
+      message: 'Verification token not found, used or expired',
+    });
+  }
+
+  if (verificationToken.completed) {
+    throw new AppError('ALREADY_USED');
+  }
+
+  if (verificationToken.expires < new Date()) {
+    throw new AppError(AppErrorCode.INVALID_REQUEST, {
+      message: 'Verification token not found, used or expired',
+    });
+  }
+
+  const tokenMetadata = ZOrganisationAccountLinkMetadataSchema.safeParse(
+    verificationToken.metadata,
+  );
+
+  if (!tokenMetadata.success) {
+    console.error('Invalid token metadata', tokenMetadata.error);
+
+    throw new AppError(AppErrorCode.INVALID_REQUEST, {
+      message: 'Verification token not found, used or expired',
+    });
+  }
+
+  const user = verificationToken.user;
+
+  const { clientOptions, organisation } = await getOrganisationAuthenticationPortalOptions({
+    type: 'id',
+    organisationId: tokenMetadata.data.organisationId,
+  });
+
+  const organisationMember = await prisma.organisationMember.findFirst({
+    where: {
+      userId: user.id,
+      organisationId: tokenMetadata.data.organisationId,
+    },
+  });
+
+  const oauthConfig = tokenMetadata.data.oauthConfig;
+
+  const userAlreadyLinked = user.accounts.find(
+    (account) =>
+      account.provider === clientOptions.id &&
+      account.providerAccountId === oauthConfig.providerAccountId,
+  );
+
+  if (organisationMember && userAlreadyLinked) {
+    return;
+  }
+
+  await prisma.$transaction(
+    async (tx) => {
+      // Link the user if not linked yet.
+      if (!userAlreadyLinked) {
+        await tx.account.create({
+          data: {
+            type: ORGANISATION_USER_ACCOUNT_TYPE,
+            provider: clientOptions.id,
+            providerAccountId: oauthConfig.providerAccountId,
+            access_token: oauthConfig.accessToken,
+            expires_at: oauthConfig.expiresAt,
+            token_type: 'Bearer',
+            id_token: oauthConfig.idToken,
+            userId: user.id,
+          },
+        });
+
+        // Log link event.
+        await tx.userSecurityAuditLog.create({
+          data: {
+            userId: user.id,
+            ipAddress: requestMeta.ipAddress,
+            userAgent: requestMeta.userAgent,
+            type: UserSecurityAuditLogType.ORGANISATION_SSO_LINK,
+          },
+        });
+
+        // If account already exists in an unverified state, remove the password to ensure
+        // they cannot sign in using that method since we cannot confirm the password
+        // was set by the user.
+        if (!user.emailVerified) {
+          await tx.user.update({
+            where: {
+              id: user.id,
+            },
+            data: {
+              emailVerified: new Date(),
+              password: null,
+              // Todo: (RR7) Will need to update the "password" account after the migration.
+            },
+          });
+        }
+      }
+
+      // Only add the user to the organisation if they are not already a member.
+      if (!organisationMember) {
+        await addUserToOrganisation({
+          userId: user.id,
+          organisationId: tokenMetadata.data.organisationId,
+          organisationGroups: organisation.groups,
+          organisationMemberRole:
+            organisation.organisationAuthenticationPortal.defaultOrganisationRole,
+        });
+      }
+    },
+    { timeout: 30_000 },
+  );
+};
diff --git a/packages/ee/server-only/lib/send-organisation-account-link-confirmation-email.ts b/packages/ee/server-only/lib/send-organisation-account-link-confirmation-email.ts
new file mode 100644
index 000000000..bbc262075
--- /dev/null
+++ b/packages/ee/server-only/lib/send-organisation-account-link-confirmation-email.ts
@@ -0,0 +1,119 @@
+import { createElement } from 'react';
+
+import { msg } from '@lingui/core/macro';
+import crypto from 'crypto';
+import { DateTime } from 'luxon';
+
+import { mailer } from '@documenso/email/mailer';
+import { OrganisationAccountLinkConfirmationTemplate } from '@documenso/email/templates/organisation-account-link-confirmation';
+import { getI18nInstance } from '@documenso/lib/client-only/providers/i18n-server';
+import { NEXT_PUBLIC_WEBAPP_URL } from '@documenso/lib/constants/app';
+import { DOCUMENSO_INTERNAL_EMAIL } from '@documenso/lib/constants/email';
+import { ORGANISATION_ACCOUNT_LINK_VERIFICATION_TOKEN_IDENTIFIER } from '@documenso/lib/constants/organisations';
+import { AppError, AppErrorCode } from '@documenso/lib/errors/app-error';
+import { getEmailContext } from '@documenso/lib/server-only/email/get-email-context';
+import type { TOrganisationAccountLinkMetadata } from '@documenso/lib/types/organisation';
+import { renderEmailWithI18N } from '@documenso/lib/utils/render-email-with-i18n';
+import { prisma } from '@documenso/prisma';
+
+export type SendOrganisationAccountLinkConfirmationEmailProps = TOrganisationAccountLinkMetadata & {
+  organisationName: string;
+};
+
+export const sendOrganisationAccountLinkConfirmationEmail = async ({
+  type,
+  userId,
+  organisationId,
+  organisationName,
+  oauthConfig,
+}: SendOrganisationAccountLinkConfirmationEmailProps) => {
+  const user = await prisma.user.findFirst({
+    where: {
+      id: userId,
+    },
+    include: {
+      verificationTokens: {
+        where: {
+          identifier: ORGANISATION_ACCOUNT_LINK_VERIFICATION_TOKEN_IDENTIFIER,
+        },
+        orderBy: {
+          createdAt: 'desc',
+        },
+        take: 1,
+      },
+    },
+  });
+
+  if (!user) {
+    throw new AppError(AppErrorCode.NOT_FOUND, {
+      message: 'User not found',
+    });
+  }
+
+  const [previousVerificationToken] = user.verificationTokens;
+
+  // If we've sent a token in the last 5 minutes, don't send another one
+  if (
+    previousVerificationToken?.createdAt &&
+    DateTime.fromJSDate(previousVerificationToken.createdAt).diffNow('minutes').minutes > -5
+  ) {
+    return;
+  }
+
+  const token = crypto.randomBytes(20).toString('hex');
+
+  const createdToken = await prisma.verificationToken.create({
+    data: {
+      identifier: ORGANISATION_ACCOUNT_LINK_VERIFICATION_TOKEN_IDENTIFIER,
+      token,
+      expires: DateTime.now().plus({ minutes: 30 }).toJSDate(),
+      metadata: {
+        type,
+        userId,
+        organisationId,
+        oauthConfig,
+      } satisfies TOrganisationAccountLinkMetadata,
+      userId,
+    },
+  });
+
+  const { emailLanguage } = await getEmailContext({
+    emailType: 'INTERNAL',
+    source: {
+      type: 'organisation',
+      organisationId,
+    },
+    meta: null,
+  });
+
+  const assetBaseUrl = NEXT_PUBLIC_WEBAPP_URL() || 'http://localhost:3000';
+  const confirmationLink = `${assetBaseUrl}/organisation/sso/confirmation/${createdToken.token}`;
+
+  const confirmationTemplate = createElement(OrganisationAccountLinkConfirmationTemplate, {
+    type,
+    assetBaseUrl,
+    confirmationLink,
+    organisationName,
+  });
+
+  const [html, text] = await Promise.all([
+    renderEmailWithI18N(confirmationTemplate, { lang: emailLanguage }),
+    renderEmailWithI18N(confirmationTemplate, { lang: emailLanguage, plainText: true }),
+  ]);
+
+  const i18n = await getI18nInstance(emailLanguage);
+
+  return mailer.sendMail({
+    to: {
+      address: user.email,
+      name: user.name || '',
+    },
+    from: DOCUMENSO_INTERNAL_EMAIL,
+    subject:
+      type === 'create'
+        ? i18n._(msg`Account creation request`)
+        : i18n._(msg`Account linking request`),
+    html,
+    text,
+  });
+};
diff --git a/packages/email/static/building-2.png b/packages/email/static/building-2.png
new file mode 100644
index 0000000000000000000000000000000000000000..f9c7266e66b801d37a93d45250441d47df8150df
GIT binary patch
literal 297
zcmV+^0oMMBP)<h;3K|Lk000e1NJLTq000;O000;W1^@s6;CDUv0002+Nkl<ZNK0d6
zpfO;?VZH=VybFlkfLNS>8(sqCcL8x35WhfIi_3x)K!xEXdTu39eFU)<ya6f{24Z_4
zK19GGkeUNP4ALV?tOfs}3UT=m-5i|iaT$QFVL#AB2Q*Vbu6Bfq4Sov<#W%%1Al3qq
zI+SEf?KnVo2sqhN+X9ezD9ILP0j``&ZZd_(3CsXoIhSe{pyyml^8tnr&<&)!1;i#(
zSdfzJ1DabvYFR|G4`^-y#X<BMXo3h*1w%=F;0!cp53B+rl+g&e9G^TW^F|^U6}><K
vS8UZDiMD`B)15#JY6QF_wkROc4uo<5zKmTN6uGVr00000NkvXXu0mjfj~HpU

literal 0
HcmV?d00001

diff --git a/packages/email/templates/organisation-account-link-confirmation.tsx b/packages/email/templates/organisation-account-link-confirmation.tsx
new file mode 100644
index 000000000..7b275dfb6
--- /dev/null
+++ b/packages/email/templates/organisation-account-link-confirmation.tsx
@@ -0,0 +1,145 @@
+import { msg } from '@lingui/core/macro';
+import { useLingui } from '@lingui/react';
+import { Trans } from '@lingui/react/macro';
+
+import {
+  Body,
+  Button,
+  Container,
+  Head,
+  Hr,
+  Html,
+  Img,
+  Preview,
+  Section,
+  Text,
+} from '../components';
+import { useBranding } from '../providers/branding';
+import { TemplateFooter } from '../template-components/template-footer';
+import TemplateImage from '../template-components/template-image';
+
+type OrganisationAccountLinkConfirmationTemplateProps = {
+  type: 'create' | 'link';
+  confirmationLink: string;
+  organisationName: string;
+  assetBaseUrl: string;
+};
+
+export const OrganisationAccountLinkConfirmationTemplate = ({
+  type = 'link',
+  confirmationLink = '<CONFIRMATION_LINK>',
+  organisationName = '<ORGANISATION_NAME>',
+  assetBaseUrl = 'http://localhost:3002',
+}: OrganisationAccountLinkConfirmationTemplateProps) => {
+  const { _ } = useLingui();
+  const branding = useBranding();
+
+  const previewText =
+    type === 'create'
+      ? msg`A request has been made to create an account for you`
+      : msg`A request has been made to link your Documenso account`;
+
+  return (
+    <Html>
+      <Head />
+      <Preview>{_(previewText)}</Preview>
+      <Body className="mx-auto my-auto font-sans">
+        <Section className="bg-white">
+          <Container className="mx-auto mb-2 mt-8 max-w-xl rounded-lg border border-solid border-slate-200 px-2 pt-2 backdrop-blur-sm">
+            {branding.brandingEnabled && branding.brandingLogo ? (
+              <Img src={branding.brandingLogo} alt="Branding Logo" className="mb-4 h-6 p-2" />
+            ) : (
+              <TemplateImage
+                assetBaseUrl={assetBaseUrl}
+                className="mb-4 h-6 p-2"
+                staticAsset="logo.png"
+              />
+            )}
+
+            <Section>
+              <TemplateImage
+                className="mx-auto h-12 w-12"
+                assetBaseUrl={assetBaseUrl}
+                staticAsset="building-2.png"
+              />
+            </Section>
+
+            <Section className="p-2 text-slate-500">
+              <Text className="text-center text-lg font-medium text-black">
+                {type === 'create' ? (
+                  <Trans>Account creation request</Trans>
+                ) : (
+                  <Trans>Link your Documenso account</Trans>
+                )}
+              </Text>
+
+              <Text className="text-center text-base">
+                {type === 'create' ? (
+                  <Trans>
+                    <span className="font-bold">{organisationName}</span> has requested to create an
+                    account on your behalf.
+                  </Trans>
+                ) : (
+                  <Trans>
+                    <span className="font-bold">{organisationName}</span> has requested to link your
+                    current Documenso account to their organisation.
+                  </Trans>
+                )}
+              </Text>
+
+              {/* Placeholder text if we want to have the warning in the email as well. */}
+              {/* <Section className="mt-6">
+                <Text className="my-0 text-sm">
+                  <Trans>
+                    By accepting this request, you will be granting{' '}
+                    <strong>{organisationName}</strong> full access to:
+                  </Trans>
+                </Text>
+
+                <ul className="mb-0 mt-2">
+                  <li className="text-sm">
+                    <Trans>Your account, and everything associated with it</Trans>
+                  </li>
+                  <li className="mt-1 text-sm">
+                    <Trans>Something something something</Trans>
+                  </li>
+                  <li className="mt-1 text-sm">
+                    <Trans>Something something something</Trans>
+                  </li>
+                </ul>
+
+                <Text className="mt-2 text-sm">
+                  <Trans>
+                    You can unlink your account at any time in your security settings on Documenso{' '}
+                    <Link href={`${assetBaseUrl}/settings/security/linked-accounts`}>here.</Link>
+                  </Trans>
+                </Text>
+              </Section> */}
+
+              <Section className="mb-6 mt-8 text-center">
+                <Button
+                  className="bg-documenso-500 inline-flex items-center justify-center rounded-lg px-6 py-3 text-center text-sm font-medium text-black no-underline"
+                  href={confirmationLink}
+                >
+                  <Trans>Review request</Trans>
+                </Button>
+              </Section>
+            </Section>
+
+            <Text className="text-center text-xs text-slate-500">
+              <Trans>Link expires in 30 minutes.</Trans>
+            </Text>
+          </Container>
+
+          <Hr className="mx-auto mt-12 max-w-xl" />
+
+          <Container className="mx-auto max-w-xl">
+            <TemplateFooter isDocument={false} />
+          </Container>
+        </Section>
+      </Body>
+    </Html>
+  );
+};
+
+export default OrganisationAccountLinkConfirmationTemplate;
diff --git a/packages/lib/constants/auth.ts b/packages/lib/constants/auth.ts
index 38e1c3998..4f78f78b0 100644
--- a/packages/lib/constants/auth.ts
+++ b/packages/lib/constants/auth.ts
@@ -23,6 +23,9 @@ export const OIDC_PROVIDER_LABEL = env('NEXT_PRIVATE_OIDC_PROVIDER_LABEL');
 
 export const USER_SECURITY_AUDIT_LOG_MAP: Record<string, string> = {
   ACCOUNT_SSO_LINK: 'Linked account to SSO',
+  ACCOUNT_SSO_UNLINK: 'Unlinked account from SSO',
+  ORGANISATION_SSO_LINK: 'Linked account to organisation',
+  ORGANISATION_SSO_UNLINK: 'Unlinked account from organisation',
   ACCOUNT_PROFILE_UPDATE: 'Profile updated',
   AUTH_2FA_DISABLE: '2FA Disabled',
   AUTH_2FA_ENABLE: '2FA Enabled',
diff --git a/packages/lib/constants/email.ts b/packages/lib/constants/email.ts
index 3eb597ce1..1d6a7dc07 100644
--- a/packages/lib/constants/email.ts
+++ b/packages/lib/constants/email.ts
@@ -16,3 +16,5 @@ export const EMAIL_VERIFICATION_STATE = {
   EXPIRED: 'EXPIRED',
   ALREADY_VERIFIED: 'ALREADY_VERIFIED',
 } as const;
+
+export const USER_SIGNUP_VERIFICATION_TOKEN_IDENTIFIER = 'confirmation-email';
diff --git a/packages/lib/constants/organisations.ts b/packages/lib/constants/organisations.ts
index cd5bdb43b..0c758ba97 100644
--- a/packages/lib/constants/organisations.ts
+++ b/packages/lib/constants/organisations.ts
@@ -126,3 +126,7 @@ export const PROTECTED_ORGANISATION_URLS = [
 export const isOrganisationUrlProtected = (url: string) => {
   return PROTECTED_ORGANISATION_URLS.some((protectedUrl) => url.startsWith(`/${protectedUrl}`));
 };
+
+export const ORGANISATION_ACCOUNT_LINK_VERIFICATION_TOKEN_IDENTIFIER = 'organisation-account-link';
+
+export const ORGANISATION_USER_ACCOUNT_TYPE = 'org-oidc';
diff --git a/packages/lib/server-only/auth/send-confirmation-email.ts b/packages/lib/server-only/auth/send-confirmation-email.ts
index 5e91f4b4c..55dfd2f10 100644
--- a/packages/lib/server-only/auth/send-confirmation-email.ts
+++ b/packages/lib/server-only/auth/send-confirmation-email.ts
@@ -8,7 +8,10 @@ import { prisma } from '@documenso/prisma';
 
 import { getI18nInstance } from '../../client-only/providers/i18n-server';
 import { NEXT_PUBLIC_WEBAPP_URL } from '../../constants/app';
-import { env } from '../../utils/env';
+import {
+  DOCUMENSO_INTERNAL_EMAIL,
+  USER_SIGNUP_VERIFICATION_TOKEN_IDENTIFIER,
+} from '../../constants/email';
 import { renderEmailWithI18N } from '../../utils/render-email-with-i18n';
 
 export interface SendConfirmationEmailProps {
@@ -16,15 +19,15 @@ export interface SendConfirmationEmailProps {
 }
 
 export const sendConfirmationEmail = async ({ userId }: SendConfirmationEmailProps) => {
-  const NEXT_PRIVATE_SMTP_FROM_NAME = env('NEXT_PRIVATE_SMTP_FROM_NAME');
-  const NEXT_PRIVATE_SMTP_FROM_ADDRESS = env('NEXT_PRIVATE_SMTP_FROM_ADDRESS');
-
   const user = await prisma.user.findFirstOrThrow({
     where: {
       id: userId,
     },
     include: {
       verificationTokens: {
+        where: {
+          identifier: USER_SIGNUP_VERIFICATION_TOKEN_IDENTIFIER,
+        },
         orderBy: {
           createdAt: 'desc',
         },
@@ -41,8 +44,6 @@ export const sendConfirmationEmail = async ({ userId }: SendConfirmationEmailPro
 
   const assetBaseUrl = NEXT_PUBLIC_WEBAPP_URL() || 'http://localhost:3000';
   const confirmationLink = `${assetBaseUrl}/verify-email/${verificationToken.token}`;
-  const senderName = NEXT_PRIVATE_SMTP_FROM_NAME || 'Documenso';
-  const senderAddress = NEXT_PRIVATE_SMTP_FROM_ADDRESS || 'noreply@documenso.com';
 
   const confirmationTemplate = createElement(ConfirmEmailTemplate, {
     assetBaseUrl,
@@ -61,10 +62,7 @@ export const sendConfirmationEmail = async ({ userId }: SendConfirmationEmailPro
       address: user.email,
       name: user.name || '',
     },
-    from: {
-      name: senderName,
-      address: senderAddress,
-    },
+    from: DOCUMENSO_INTERNAL_EMAIL,
     subject: i18n._(msg`Please confirm your email`),
     html,
     text,
diff --git a/packages/lib/server-only/organisation/accept-organisation-invitation.ts b/packages/lib/server-only/organisation/accept-organisation-invitation.ts
index 653731470..26133ba89 100644
--- a/packages/lib/server-only/organisation/accept-organisation-invitation.ts
+++ b/packages/lib/server-only/organisation/accept-organisation-invitation.ts
@@ -1,3 +1,4 @@
+import type { OrganisationGroup, OrganisationMemberRole } from '@prisma/client';
 import { OrganisationGroupType, OrganisationMemberInviteStatus } from '@prisma/client';
 
 import { prisma } from '@documenso/prisma';
@@ -23,11 +24,7 @@ export const acceptOrganisationInvitation = async ({
     include: {
       organisation: {
         include: {
-          groups: {
-            include: {
-              teamGroups: true,
-            },
-          },
+          groups: true,
         },
       },
     },
@@ -45,6 +42,9 @@ export const acceptOrganisationInvitation = async ({
     where: {
       email: organisationMemberInvite.email,
     },
+    select: {
+      id: true,
+    },
   });
 
   if (!user) {
@@ -55,10 +55,49 @@ export const acceptOrganisationInvitation = async ({
 
   const { organisation } = organisationMemberInvite;
 
-  const organisationGroupToUse = organisation.groups.find(
+  const isUserPartOfOrganisation = await prisma.organisationMember.findFirst({
+    where: {
+      userId: user.id,
+      organisationId: organisation.id,
+    },
+  });
+
+  if (isUserPartOfOrganisation) {
+    return;
+  }
+
+  await addUserToOrganisation({
+    userId: user.id,
+    organisationId: organisation.id,
+    organisationGroups: organisation.groups,
+    organisationMemberRole: organisationMemberInvite.organisationRole,
+  });
+
+  await prisma.organisationMemberInvite.update({
+    where: {
+      id: organisationMemberInvite.id,
+    },
+    data: {
+      status: OrganisationMemberInviteStatus.ACCEPTED,
+    },
+  });
+};
+
+export const addUserToOrganisation = async ({
+  userId,
+  organisationId,
+  organisationGroups,
+  organisationMemberRole,
+}: {
+  userId: number;
+  organisationId: string;
+  organisationGroups: OrganisationGroup[];
+  organisationMemberRole: OrganisationMemberRole;
+}) => {
+  const organisationGroupToUse = organisationGroups.find(
     (group) =>
       group.type === OrganisationGroupType.INTERNAL_ORGANISATION &&
-      group.organisationRole === organisationMemberInvite.organisationRole,
+      group.organisationRole === organisationMemberRole,
   );
 
   if (!organisationGroupToUse) {
@@ -72,8 +111,8 @@ export const acceptOrganisationInvitation = async ({
       await tx.organisationMember.create({
         data: {
           id: generateDatabaseId('member'),
-          userId: user.id,
-          organisationId: organisation.id,
+          userId,
+          organisationId,
           organisationGroupMembers: {
             create: {
               id: generateDatabaseId('group_member'),
@@ -83,20 +122,11 @@ export const acceptOrganisationInvitation = async ({
         },
       });
 
-      await tx.organisationMemberInvite.update({
-        where: {
-          id: organisationMemberInvite.id,
-        },
-        data: {
-          status: OrganisationMemberInviteStatus.ACCEPTED,
-        },
-      });
-
       await jobs.triggerJob({
         name: 'send.organisation-member-joined.email',
         payload: {
-          organisationId: organisation.id,
-          memberUserId: user.id,
+          organisationId,
+          memberUserId: userId,
         },
       });
     },
diff --git a/packages/lib/server-only/organisation/create-organisation.ts b/packages/lib/server-only/organisation/create-organisation.ts
index 32f6510d9..3cdcbafe4 100644
--- a/packages/lib/server-only/organisation/create-organisation.ts
+++ b/packages/lib/server-only/organisation/create-organisation.ts
@@ -75,6 +75,16 @@ export const createOrganisation = async ({
       },
     });
 
+    const organisationAuthenticationPortal = await tx.organisationAuthenticationPortal.create({
+      data: {
+        id: generateDatabaseId('org_sso'),
+        enabled: false,
+        clientId: '',
+        clientSecret: '',
+        wellKnownUrl: '',
+      },
+    });
+
     const orgIdAndUrl = prefixedId('org');
 
     const organisation = await tx.organisation
@@ -87,6 +97,7 @@ export const createOrganisation = async ({
           ownerUserId: userId,
           organisationGlobalSettingsId: organisationSetting.id,
           organisationClaimId: organisationClaim.id,
+          organisationAuthenticationPortalId: organisationAuthenticationPortal.id,
           groups: {
             create: ORGANISATION_INTERNAL_GROUPS.map((group) => ({
               ...group,
diff --git a/packages/lib/server-only/user/generate-confirmation-token.ts b/packages/lib/server-only/user/generate-confirmation-token.ts
deleted file mode 100644
index 5676890ec..000000000
--- a/packages/lib/server-only/user/generate-confirmation-token.ts
+++ /dev/null
@@ -1,41 +0,0 @@
-import crypto from 'crypto';
-
-import { prisma } from '@documenso/prisma';
-
-import { ONE_HOUR } from '../../constants/time';
-import { sendConfirmationEmail } from '../auth/send-confirmation-email';
-
-const IDENTIFIER = 'confirmation-email';
-
-export const generateConfirmationToken = async ({ email }: { email: string }) => {
-  const token = crypto.randomBytes(20).toString('hex');
-
-  const user = await prisma.user.findFirst({
-    where: {
-      email: email,
-    },
-  });
-
-  if (!user) {
-    throw new Error('User not found');
-  }
-
-  const createdToken = await prisma.verificationToken.create({
-    data: {
-      identifier: IDENTIFIER,
-      token: token,
-      expires: new Date(Date.now() + ONE_HOUR),
-      user: {
-        connect: {
-          id: user.id,
-        },
-      },
-    },
-  });
-
-  if (!createdToken) {
-    throw new Error(`Failed to create the verification token`);
-  }
-
-  return sendConfirmationEmail({ userId: user.id });
-};
diff --git a/packages/lib/server-only/user/get-most-recent-email-verification-token.ts b/packages/lib/server-only/user/get-most-recent-email-verification-token.ts
new file mode 100644
index 000000000..c43276a34
--- /dev/null
+++ b/packages/lib/server-only/user/get-most-recent-email-verification-token.ts
@@ -0,0 +1,21 @@
+import { prisma } from '@documenso/prisma';
+
+import { USER_SIGNUP_VERIFICATION_TOKEN_IDENTIFIER } from '../../constants/email';
+
+export type getMostRecentEmailVerificationTokenOptions = {
+  userId: number;
+};
+
+export const getMostRecentEmailVerificationToken = async ({
+  userId,
+}: getMostRecentEmailVerificationTokenOptions) => {
+  return await prisma.verificationToken.findFirst({
+    where: {
+      userId,
+      identifier: USER_SIGNUP_VERIFICATION_TOKEN_IDENTIFIER,
+    },
+    orderBy: {
+      createdAt: 'desc',
+    },
+  });
+};
diff --git a/packages/lib/server-only/user/get-most-recent-verification-token-by-user-id.ts b/packages/lib/server-only/user/get-most-recent-verification-token-by-user-id.ts
deleted file mode 100644
index d9adc4498..000000000
--- a/packages/lib/server-only/user/get-most-recent-verification-token-by-user-id.ts
+++ /dev/null
@@ -1,18 +0,0 @@
-import { prisma } from '@documenso/prisma';
-
-export type GetMostRecentVerificationTokenByUserIdOptions = {
-  userId: number;
-};
-
-export const getMostRecentVerificationTokenByUserId = async ({
-  userId,
-}: GetMostRecentVerificationTokenByUserIdOptions) => {
-  return await prisma.verificationToken.findFirst({
-    where: {
-      userId,
-    },
-    orderBy: {
-      createdAt: 'desc',
-    },
-  });
-};
diff --git a/packages/lib/server-only/user/send-confirmation-token.ts b/packages/lib/server-only/user/send-confirmation-token.ts
index d2bc0a3aa..43e6887c9 100644
--- a/packages/lib/server-only/user/send-confirmation-token.ts
+++ b/packages/lib/server-only/user/send-confirmation-token.ts
@@ -3,11 +3,10 @@ import { DateTime } from 'luxon';
 
 import { prisma } from '@documenso/prisma';
 
+import { USER_SIGNUP_VERIFICATION_TOKEN_IDENTIFIER } from '../../constants/email';
 import { ONE_HOUR } from '../../constants/time';
 import { sendConfirmationEmail } from '../auth/send-confirmation-email';
-import { getMostRecentVerificationTokenByUserId } from './get-most-recent-verification-token-by-user-id';
-
-const IDENTIFIER = 'confirmation-email';
+import { getMostRecentEmailVerificationToken } from './get-most-recent-email-verification-token';
 
 type SendConfirmationTokenOptions = { email: string; force?: boolean };
 
@@ -31,7 +30,7 @@ export const sendConfirmationToken = async ({
     throw new Error('Email verified');
   }
 
-  const mostRecentToken = await getMostRecentVerificationTokenByUserId({ userId: user.id });
+  const mostRecentToken = await getMostRecentEmailVerificationToken({ userId: user.id });
 
   // If we've sent a token in the last 5 minutes, don't send another one
   if (
@@ -44,7 +43,7 @@ export const sendConfirmationToken = async ({
 
   const createdToken = await prisma.verificationToken.create({
     data: {
-      identifier: IDENTIFIER,
+      identifier: USER_SIGNUP_VERIFICATION_TOKEN_IDENTIFIER,
       token: token,
       expires: new Date(Date.now() + ONE_HOUR),
       user: {
diff --git a/packages/lib/server-only/user/verify-email.ts b/packages/lib/server-only/user/verify-email.ts
index 1b3a44e71..760cf29c9 100644
--- a/packages/lib/server-only/user/verify-email.ts
+++ b/packages/lib/server-only/user/verify-email.ts
@@ -2,7 +2,10 @@ import { DateTime } from 'luxon';
 
 import { prisma } from '@documenso/prisma';
 
-import { EMAIL_VERIFICATION_STATE } from '../../constants/email';
+import {
+  EMAIL_VERIFICATION_STATE,
+  USER_SIGNUP_VERIFICATION_TOKEN_IDENTIFIER,
+} from '../../constants/email';
 import { jobsClient } from '../../jobs/client';
 
 export type VerifyEmailProps = {
@@ -22,6 +25,7 @@ export const verifyEmail = async ({ token }: VerifyEmailProps) => {
     },
     where: {
       token,
+      identifier: USER_SIGNUP_VERIFICATION_TOKEN_IDENTIFIER,
     },
   });
 
diff --git a/packages/lib/types/organisation.ts b/packages/lib/types/organisation.ts
index 64f7306bf..28002dc86 100644
--- a/packages/lib/types/organisation.ts
+++ b/packages/lib/types/organisation.ts
@@ -1,4 +1,4 @@
-import type { z } from 'zod';
+import { z } from 'zod';
 
 import OrganisationClaimSchema from '@documenso/prisma/generated/zod/modelSchema/OrganisationClaimSchema';
 import { OrganisationSchema } from '@documenso/prisma/generated/zod/modelSchema/OrganisationSchema';
@@ -43,3 +43,19 @@ export const ZOrganisationLiteSchema = OrganisationSchema.pick({
  * A version of the organisation response schema when returning multiple organisations at once from a single API endpoint.
  */
 export const ZOrganisationManySchema = ZOrganisationLiteSchema;
+
+export const ZOrganisationAccountLinkMetadataSchema = z.object({
+  type: z.enum(['link', 'create']),
+  userId: z.number(),
+  organisationId: z.string(),
+  oauthConfig: z.object({
+    providerAccountId: z.string(),
+    accessToken: z.string(),
+    expiresAt: z.number(),
+    idToken: z.string(),
+  }),
+});
+
+export type TOrganisationAccountLinkMetadata = z.infer<
+  typeof ZOrganisationAccountLinkMetadataSchema
+>;
diff --git a/packages/lib/types/subscription.ts b/packages/lib/types/subscription.ts
index 0d17fea06..ea740b3e6 100644
--- a/packages/lib/types/subscription.ts
+++ b/packages/lib/types/subscription.ts
@@ -28,6 +28,8 @@ export const ZClaimFlagsSchema = z.object({
   embedSigningWhiteLabel: z.boolean().optional(),
 
   cfr21: z.boolean().optional(),
+
+  authenticationPortal: z.boolean().optional(),
 });
 
 export type TClaimFlags = z.infer<typeof ZClaimFlagsSchema>;
@@ -76,6 +78,10 @@ export const SUBSCRIPTION_CLAIM_FEATURE_FLAGS: Record<
     key: 'cfr21',
     label: '21 CFR',
   },
+  authenticationPortal: {
+    key: 'authenticationPortal',
+    label: 'Authentication portal',
+  },
 };
 
 export enum INTERNAL_CLAIM_ID {
@@ -157,6 +163,7 @@ export const internalClaims: InternalClaims = {
       embedSigning: true,
       embedSigningWhiteLabel: true,
       cfr21: true,
+      authenticationPortal: true,
     },
   },
   [INTERNAL_CLAIM_ID.EARLY_ADOPTER]: {
diff --git a/packages/lib/universal/id.ts b/packages/lib/universal/id.ts
index a6fb55ad5..d56d923fd 100644
--- a/packages/lib/universal/id.ts
+++ b/packages/lib/universal/id.ts
@@ -16,6 +16,7 @@ type DatabaseIdPrefix =
   | 'org_email'
   | 'org_claim'
   | 'org_group'
+  | 'org_sso'
   | 'org_setting'
   | 'member'
   | 'member_invite'
diff --git a/packages/lib/utils/organisation-authentication-portal.ts b/packages/lib/utils/organisation-authentication-portal.ts
new file mode 100644
index 000000000..69836b628
--- /dev/null
+++ b/packages/lib/utils/organisation-authentication-portal.ts
@@ -0,0 +1,13 @@
+import { NEXT_PUBLIC_WEBAPP_URL } from '../constants/app';
+
+export const formatOrganisationLoginUrl = (organisationUrl: string) => {
+  return NEXT_PUBLIC_WEBAPP_URL() + formatOrganisationLoginPath(organisationUrl);
+};
+
+export const formatOrganisationLoginPath = (organisationUrl: string) => {
+  return `/o/${organisationUrl}/signin`;
+};
+
+export const formatOrganisationCallbackUrl = (organisationUrl: string) => {
+  return `${NEXT_PUBLIC_WEBAPP_URL()}/api/auth/callback/oidc/org/${organisationUrl}`;
+};
diff --git a/packages/prisma/migrations/20250807011918_add_organisation_sso_portal/migration.sql b/packages/prisma/migrations/20250807011918_add_organisation_sso_portal/migration.sql
new file mode 100644
index 000000000..52c4bbd6f
--- /dev/null
+++ b/packages/prisma/migrations/20250807011918_add_organisation_sso_portal/migration.sql
@@ -0,0 +1,75 @@
+/*
+  Warnings:
+
+  - A unique constraint covering the columns `[organisationAuthenticationPortalId]` on the table `Organisation` will be added. If there are existing duplicate values, this will fail.
+  - Added the required column `organisationAuthenticationPortalId` to the `Organisation` table without a default value. This is not possible if the table is not empty.
+
+*/
+-- AlterEnum
+-- This migration adds more than one value to an enum.
+-- With PostgreSQL versions 11 and earlier, this is not possible
+-- in a single migration. This can be worked around by creating
+-- multiple migrations, each migration adding only one value to
+-- the enum.
+
+
+ALTER TYPE "UserSecurityAuditLogType" ADD VALUE 'ACCOUNT_SSO_UNLINK';
+ALTER TYPE "UserSecurityAuditLogType" ADD VALUE 'ORGANISATION_SSO_LINK';
+ALTER TYPE "UserSecurityAuditLogType" ADD VALUE 'ORGANISATION_SSO_UNLINK';
+
+-- AlterTable
+ALTER TABLE "Account" ADD COLUMN     "createdAt" TIMESTAMP(3) NOT NULL DEFAULT CURRENT_TIMESTAMP;
+
+-- [CUSTOM_CHANGE] This is supposed to be NOT NULL but we reapply it at the end.
+ALTER TABLE "Organisation" ADD COLUMN     "organisationAuthenticationPortalId" TEXT;
+
+-- AlterTable
+ALTER TABLE "VerificationToken" ADD COLUMN     "metadata" JSONB;
+
+-- CreateTable
+CREATE TABLE "OrganisationAuthenticationPortal" (
+    "id" TEXT NOT NULL,
+    "enabled" BOOLEAN NOT NULL DEFAULT false,
+    "clientId" TEXT NOT NULL DEFAULT '',
+    "clientSecret" TEXT NOT NULL DEFAULT '',
+    "wellKnownUrl" TEXT NOT NULL DEFAULT '',
+    "defaultOrganisationRole" "OrganisationMemberRole" NOT NULL DEFAULT 'MEMBER',
+    "autoProvisionUsers" BOOLEAN NOT NULL DEFAULT true,
+    "allowedDomains" TEXT[] DEFAULT ARRAY[]::TEXT[],
+    "organisationId" TEXT, -- [CUSTOM_CHANGE] This is a temporary column for migration purposes.
+
+    CONSTRAINT "OrganisationAuthenticationPortal_pkey" PRIMARY KEY ("id")
+);
+
+-- [CUSTOM_CHANGE] Create default OrganisationAuthenticationPortal for all organisations
+INSERT INTO "OrganisationAuthenticationPortal" ("id", "enabled", "clientId", "clientSecret", "wellKnownUrl", "defaultOrganisationRole", "autoProvisionUsers", "allowedDomains", "organisationId")
+SELECT
+  generate_prefix_id('org_sso'),
+  false,
+  '',
+  '',
+  '',
+  'MEMBER',
+  true,
+  ARRAY[]::TEXT[],
+  o."id"
+FROM "Organisation" o
+WHERE o."organisationAuthenticationPortalId" IS NULL;
+
+-- [CUSTOM_CHANGE] Update organisations with their corresponding organisationAuthenticationPortalId
+UPDATE "Organisation" o
+SET "organisationAuthenticationPortalId" = oap."id"
+FROM "OrganisationAuthenticationPortal" oap
+WHERE oap."organisationId" = o."id" AND o."organisationAuthenticationPortalId" IS NULL;
+
+-- CreateIndex
+CREATE UNIQUE INDEX "Organisation_organisationAuthenticationPortalId_key" ON "Organisation"("organisationAuthenticationPortalId");
+
+-- AddForeignKey
+ALTER TABLE "Organisation" ADD CONSTRAINT "Organisation_organisationAuthenticationPortalId_fkey" FOREIGN KEY ("organisationAuthenticationPortalId") REFERENCES "OrganisationAuthenticationPortal"("id") ON DELETE RESTRICT ON UPDATE CASCADE;
+
+-- [CUSTOM_CHANGE] Reapply NOT NULL constraint.
+ALTER TABLE "Organisation" ALTER COLUMN "organisationAuthenticationPortalId" SET NOT NULL;
+
+-- [CUSTOM_CHANGE] Drop temporary column.
+ALTER TABLE "OrganisationAuthenticationPortal" DROP COLUMN "organisationId";
\ No newline at end of file
diff --git a/packages/prisma/schema.prisma b/packages/prisma/schema.prisma
index 14eb7f626..8337ab754 100644
--- a/packages/prisma/schema.prisma
+++ b/packages/prisma/schema.prisma
@@ -90,6 +90,9 @@ model TeamProfile {
 enum UserSecurityAuditLogType {
   ACCOUNT_PROFILE_UPDATE
   ACCOUNT_SSO_LINK
+  ACCOUNT_SSO_UNLINK
+  ORGANISATION_SSO_LINK
+  ORGANISATION_SSO_UNLINK
   AUTH_2FA_DISABLE
   AUTH_2FA_ENABLE
   PASSKEY_CREATED
@@ -157,6 +160,7 @@ model VerificationToken {
   completed   Boolean  @default(false)
   expires     DateTime
   createdAt   DateTime @default(now())
+  metadata    Json?
   userId      Int
   user        User     @relation(fields: [userId], references: [id], onDelete: Cascade)
 }
@@ -277,13 +281,15 @@ model OrganisationClaim {
 }
 
 model Account {
-  id                String  @id @default(cuid())
+  id                String   @id @default(cuid())
+  // When this record was created, unrelated to anything passed back by the provider.
+  createdAt         DateTime @default(now())
   userId            Int
   type              String
   provider          String
   providerAccountId String
-  refresh_token     String? @db.Text
-  access_token      String? @db.Text
+  refresh_token     String?  @db.Text
+  access_token      String?  @db.Text
   expires_at        Int?
   // Some providers return created_at so we need to make it optional
   created_at        Int?
@@ -291,7 +297,7 @@ model Account {
   ext_expires_in    Int?
   token_type        String?
   scope             String?
-  id_token          String? @db.Text
+  id_token          String?  @db.Text
   session_state     String?
   password          String?
 
@@ -632,6 +638,9 @@ model Organisation {
 
   organisationGlobalSettingsId String                     @unique
   organisationGlobalSettings   OrganisationGlobalSettings @relation(fields: [organisationGlobalSettingsId], references: [id])
+
+  organisationAuthenticationPortalId String                           @unique
+  organisationAuthenticationPortal   OrganisationAuthenticationPortal @relation(fields: [organisationAuthenticationPortalId], references: [id])
 }
 
 model OrganisationMember {
@@ -1026,3 +1035,18 @@ model OrganisationEmail {
   organisationGlobalSettings OrganisationGlobalSettings[]
   teamGlobalSettings         TeamGlobalSettings[]
 }
+
+model OrganisationAuthenticationPortal {
+  id           String        @id
+  organisation Organisation?
+
+  enabled Boolean @default(false)
+
+  clientId     String @default("")
+  clientSecret String @default("")
+  wellKnownUrl String @default("")
+
+  defaultOrganisationRole OrganisationMemberRole @default(MEMBER)
+  autoProvisionUsers      Boolean                @default(true)
+  allowedDomains          String[]               @default([])
+}
diff --git a/packages/prisma/seed/organisations.ts b/packages/prisma/seed/organisations.ts
index 89ece9960..c2c3a6c7c 100644
--- a/packages/prisma/seed/organisations.ts
+++ b/packages/prisma/seed/organisations.ts
@@ -1,10 +1,8 @@
 import type { OrganisationMemberRole, OrganisationType } from '@prisma/client';
-import { OrganisationMemberInviteStatus, type User } from '@prisma/client';
-import { nanoid } from 'nanoid';
+import { OrganisationGroupType, type User } from '@prisma/client';
 
 import { hashSync } from '@documenso/lib/server-only/auth/hash';
-import { acceptOrganisationInvitation } from '@documenso/lib/server-only/organisation/accept-organisation-invitation';
-import { prefixedId } from '@documenso/lib/universal/id';
+import { addUserToOrganisation } from '@documenso/lib/server-only/organisation/accept-organisation-invitation';
 
 import { prisma } from '..';
 import { seedTestEmail } from './users';
@@ -27,6 +25,13 @@ export const seedOrganisationMembers = async ({
 
   const createdMembers: User[] = [];
 
+  const organisationGroups = await prisma.organisationGroup.findMany({
+    where: {
+      organisationId,
+      type: OrganisationGroupType.INTERNAL_ORGANISATION,
+    },
+  });
+
   for (const member of members) {
     const email = member.email ?? seedTestEmail();
 
@@ -53,33 +58,15 @@ export const seedOrganisationMembers = async ({
       email: newUser.email,
       organisationRole: member.organisationRole,
     });
+
+    await addUserToOrganisation({
+      userId: newUser.id,
+      organisationId,
+      organisationGroups,
+      organisationMemberRole: member.organisationRole,
+    });
   }
 
-  await prisma.organisationMemberInvite.createMany({
-    data: membersToInvite.map((invite) => ({
-      id: prefixedId('member_invite'),
-      email: invite.email,
-      organisationId,
-      organisationRole: invite.organisationRole,
-      token: nanoid(32),
-    })),
-  });
-
-  const invites = await prisma.organisationMemberInvite.findMany({
-    where: {
-      organisationId,
-      status: OrganisationMemberInviteStatus.PENDING,
-    },
-  });
-
-  await Promise.all(
-    invites.map(async (invite) => {
-      await acceptOrganisationInvitation({
-        token: invite.token,
-      });
-    }),
-  );
-
   return createdMembers;
 };
 
diff --git a/packages/trpc/server/enterprise-router/create-organisation-email-domain.types.ts b/packages/trpc/server/enterprise-router/create-organisation-email-domain.types.ts
index 3dcb3fc3b..cac774c63 100644
--- a/packages/trpc/server/enterprise-router/create-organisation-email-domain.types.ts
+++ b/packages/trpc/server/enterprise-router/create-organisation-email-domain.types.ts
@@ -2,7 +2,7 @@ import { z } from 'zod';
 
 import { ZEmailDomainSchema } from '@documenso/lib/types/email-domain';
 
-const domainRegex =
+export const domainRegex =
   /^(?!https?:\/\/)(?!www\.)([a-zA-Z0-9]([a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?\.)+[a-zA-Z]{2,}$/;
 
 export const ZDomainSchema = z
diff --git a/packages/trpc/server/enterprise-router/decline-link-organisation-account.ts b/packages/trpc/server/enterprise-router/decline-link-organisation-account.ts
new file mode 100644
index 000000000..a8f4884c4
--- /dev/null
+++ b/packages/trpc/server/enterprise-router/decline-link-organisation-account.ts
@@ -0,0 +1,25 @@
+import { ORGANISATION_ACCOUNT_LINK_VERIFICATION_TOKEN_IDENTIFIER } from '@documenso/lib/constants/organisations';
+import { prisma } from '@documenso/prisma';
+
+import { procedure } from '../trpc';
+import {
+  ZDeclineLinkOrganisationAccountRequestSchema,
+  ZDeclineLinkOrganisationAccountResponseSchema,
+} from './decline-link-organisation-account.types';
+
+/**
+ * Unauthenicated procedure, do not copy paste.
+ */
+export const declineLinkOrganisationAccountRoute = procedure
+  .input(ZDeclineLinkOrganisationAccountRequestSchema)
+  .output(ZDeclineLinkOrganisationAccountResponseSchema)
+  .mutation(async ({ input }) => {
+    const { token } = input;
+
+    await prisma.verificationToken.delete({
+      where: {
+        token,
+        identifier: ORGANISATION_ACCOUNT_LINK_VERIFICATION_TOKEN_IDENTIFIER,
+      },
+    });
+  });
diff --git a/packages/trpc/server/enterprise-router/decline-link-organisation-account.types.ts b/packages/trpc/server/enterprise-router/decline-link-organisation-account.types.ts
new file mode 100644
index 000000000..8ae08f615
--- /dev/null
+++ b/packages/trpc/server/enterprise-router/decline-link-organisation-account.types.ts
@@ -0,0 +1,11 @@
+import { z } from 'zod';
+
+export const ZDeclineLinkOrganisationAccountRequestSchema = z.object({
+  token: z.string(),
+});
+
+export const ZDeclineLinkOrganisationAccountResponseSchema = z.void();
+
+export type TDeclineLinkOrganisationAccountRequest = z.infer<
+  typeof ZDeclineLinkOrganisationAccountRequestSchema
+>;
diff --git a/packages/trpc/server/enterprise-router/get-organisation-authentication-portal.ts b/packages/trpc/server/enterprise-router/get-organisation-authentication-portal.ts
new file mode 100644
index 000000000..a57887a44
--- /dev/null
+++ b/packages/trpc/server/enterprise-router/get-organisation-authentication-portal.ts
@@ -0,0 +1,84 @@
+import { ORGANISATION_MEMBER_ROLE_PERMISSIONS_MAP } from '@documenso/lib/constants/organisations';
+import { AppError, AppErrorCode } from '@documenso/lib/errors/app-error';
+import { buildOrganisationWhereQuery } from '@documenso/lib/utils/organisations';
+import { prisma } from '@documenso/prisma';
+
+import { authenticatedProcedure } from '../trpc';
+import {
+  ZGetOrganisationAuthenticationPortalRequestSchema,
+  ZGetOrganisationAuthenticationPortalResponseSchema,
+} from './get-organisation-authentication-portal.types';
+
+export const getOrganisationAuthenticationPortalRoute = authenticatedProcedure
+  .input(ZGetOrganisationAuthenticationPortalRequestSchema)
+  .output(ZGetOrganisationAuthenticationPortalResponseSchema)
+  .query(async ({ input, ctx }) => {
+    const { organisationId } = input;
+
+    ctx.logger.info({
+      input: {
+        organisationId,
+      },
+    });
+
+    return await getOrganisationAuthenticationPortal({
+      userId: ctx.user.id,
+      organisationId,
+    });
+  });
+
+type GetOrganisationAuthenticationPortalOptions = {
+  userId: number;
+  organisationId: string;
+};
+
+export const getOrganisationAuthenticationPortal = async ({
+  userId,
+  organisationId,
+}: GetOrganisationAuthenticationPortalOptions) => {
+  const organisation = await prisma.organisation.findFirst({
+    where: buildOrganisationWhereQuery({
+      organisationId,
+      userId,
+      roles: ORGANISATION_MEMBER_ROLE_PERMISSIONS_MAP['MANAGE_ORGANISATION'],
+    }),
+    include: {
+      organisationClaim: true,
+      organisationAuthenticationPortal: {
+        select: {
+          defaultOrganisationRole: true,
+          enabled: true,
+          clientId: true,
+          wellKnownUrl: true,
+          autoProvisionUsers: true,
+          allowedDomains: true,
+          clientSecret: true,
+        },
+      },
+    },
+  });
+
+  if (!organisation) {
+    throw new AppError(AppErrorCode.NOT_FOUND, {
+      message: 'Organisation not found',
+    });
+  }
+
+  if (!organisation.organisationClaim.flags.authenticationPortal) {
+    throw new AppError(AppErrorCode.NOT_FOUND, {
+      message: 'Authentication portal not found',
+    });
+  }
+
+  const portal = organisation.organisationAuthenticationPortal;
+
+  return {
+    defaultOrganisationRole: portal.defaultOrganisationRole,
+    enabled: portal.enabled,
+    clientId: portal.clientId,
+    wellKnownUrl: portal.wellKnownUrl,
+    autoProvisionUsers: portal.autoProvisionUsers,
+    allowedDomains: portal.allowedDomains,
+    clientSecretProvided: Boolean(portal.clientSecret),
+  };
+};
diff --git a/packages/trpc/server/enterprise-router/get-organisation-authentication-portal.types.ts b/packages/trpc/server/enterprise-router/get-organisation-authentication-portal.types.ts
new file mode 100644
index 000000000..b4565ca0d
--- /dev/null
+++ b/packages/trpc/server/enterprise-router/get-organisation-authentication-portal.types.ts
@@ -0,0 +1,28 @@
+import { z } from 'zod';
+
+import { OrganisationAuthenticationPortalSchema } from '@documenso/prisma/generated/zod/modelSchema/OrganisationAuthenticationPortalSchema';
+
+export const ZGetOrganisationAuthenticationPortalRequestSchema = z.object({
+  organisationId: z.string(),
+});
+
+export const ZGetOrganisationAuthenticationPortalResponseSchema =
+  OrganisationAuthenticationPortalSchema.pick({
+    defaultOrganisationRole: true,
+    enabled: true,
+    clientId: true,
+    wellKnownUrl: true,
+    autoProvisionUsers: true,
+    allowedDomains: true,
+  }).extend({
+    /**
+     * Whether we have the client secret in the database.
+     *
+     * Do not expose the actual client secret.
+     */
+    clientSecretProvided: z.boolean(),
+  });
+
+export type TGetOrganisationAuthenticationPortalResponse = z.infer<
+  typeof ZGetOrganisationAuthenticationPortalResponseSchema
+>;
diff --git a/packages/trpc/server/enterprise-router/link-organisation-account.ts b/packages/trpc/server/enterprise-router/link-organisation-account.ts
new file mode 100644
index 000000000..84619859f
--- /dev/null
+++ b/packages/trpc/server/enterprise-router/link-organisation-account.ts
@@ -0,0 +1,22 @@
+import { linkOrganisationAccount } from '@documenso/ee/server-only/lib/link-organisation-account';
+
+import { procedure } from '../trpc';
+import {
+  ZLinkOrganisationAccountRequestSchema,
+  ZLinkOrganisationAccountResponseSchema,
+} from './link-organisation-account.types';
+
+/**
+ * Unauthenicated procedure, do not copy paste.
+ */
+export const linkOrganisationAccountRoute = procedure
+  .input(ZLinkOrganisationAccountRequestSchema)
+  .output(ZLinkOrganisationAccountResponseSchema)
+  .mutation(async ({ input, ctx }) => {
+    const { token } = input;
+
+    await linkOrganisationAccount({
+      token,
+      requestMeta: ctx.metadata.requestMetadata,
+    });
+  });
diff --git a/packages/trpc/server/enterprise-router/link-organisation-account.types.ts b/packages/trpc/server/enterprise-router/link-organisation-account.types.ts
new file mode 100644
index 000000000..d39e99144
--- /dev/null
+++ b/packages/trpc/server/enterprise-router/link-organisation-account.types.ts
@@ -0,0 +1,9 @@
+import { z } from 'zod';
+
+export const ZLinkOrganisationAccountRequestSchema = z.object({
+  token: z.string(),
+});
+
+export const ZLinkOrganisationAccountResponseSchema = z.void();
+
+export type TLinkOrganisationAccountRequest = z.infer<typeof ZLinkOrganisationAccountRequestSchema>;
diff --git a/packages/trpc/server/enterprise-router/router.ts b/packages/trpc/server/enterprise-router/router.ts
index 3fcac5708..85b1c7b5e 100644
--- a/packages/trpc/server/enterprise-router/router.ts
+++ b/packages/trpc/server/enterprise-router/router.ts
@@ -2,15 +2,19 @@ import { router } from '../trpc';
 import { createOrganisationEmailRoute } from './create-organisation-email';
 import { createOrganisationEmailDomainRoute } from './create-organisation-email-domain';
 import { createSubscriptionRoute } from './create-subscription';
+import { declineLinkOrganisationAccountRoute } from './decline-link-organisation-account';
 import { deleteOrganisationEmailRoute } from './delete-organisation-email';
 import { deleteOrganisationEmailDomainRoute } from './delete-organisation-email-domain';
 import { findOrganisationEmailDomainsRoute } from './find-organisation-email-domain';
 import { findOrganisationEmailsRoute } from './find-organisation-emails';
 import { getInvoicesRoute } from './get-invoices';
+import { getOrganisationAuthenticationPortalRoute } from './get-organisation-authentication-portal';
 import { getOrganisationEmailDomainRoute } from './get-organisation-email-domain';
 import { getPlansRoute } from './get-plans';
 import { getSubscriptionRoute } from './get-subscription';
+import { linkOrganisationAccountRoute } from './link-organisation-account';
 import { manageSubscriptionRoute } from './manage-subscription';
+import { updateOrganisationAuthenticationPortalRoute } from './update-organisation-authentication-portal';
 import { updateOrganisationEmailRoute } from './update-organisation-email';
 import { verifyOrganisationEmailDomainRoute } from './verify-organisation-email-domain';
 
@@ -29,6 +33,12 @@ export const enterpriseRouter = router({
       delete: deleteOrganisationEmailDomainRoute,
       verify: verifyOrganisationEmailDomainRoute,
     },
+    authenticationPortal: {
+      get: getOrganisationAuthenticationPortalRoute,
+      update: updateOrganisationAuthenticationPortalRoute,
+      linkAccount: linkOrganisationAccountRoute,
+      declineLinkAccount: declineLinkOrganisationAccountRoute,
+    },
   },
   billing: {
     plans: {
diff --git a/packages/trpc/server/enterprise-router/update-organisation-authentication-portal.ts b/packages/trpc/server/enterprise-router/update-organisation-authentication-portal.ts
new file mode 100644
index 000000000..8d8842c37
--- /dev/null
+++ b/packages/trpc/server/enterprise-router/update-organisation-authentication-portal.ts
@@ -0,0 +1,109 @@
+import { IS_BILLING_ENABLED } from '@documenso/lib/constants/app';
+import { DOCUMENSO_ENCRYPTION_KEY } from '@documenso/lib/constants/crypto';
+import { ORGANISATION_MEMBER_ROLE_PERMISSIONS_MAP } from '@documenso/lib/constants/organisations';
+import { AppError, AppErrorCode } from '@documenso/lib/errors/app-error';
+import { symmetricEncrypt } from '@documenso/lib/universal/crypto';
+import { buildOrganisationWhereQuery } from '@documenso/lib/utils/organisations';
+import { prisma } from '@documenso/prisma';
+
+import { authenticatedProcedure } from '../trpc';
+import {
+  ZUpdateOrganisationAuthenticationPortalRequestSchema,
+  ZUpdateOrganisationAuthenticationPortalResponseSchema,
+} from './update-organisation-authentication-portal.types';
+
+export const updateOrganisationAuthenticationPortalRoute = authenticatedProcedure
+  .input(ZUpdateOrganisationAuthenticationPortalRequestSchema)
+  .output(ZUpdateOrganisationAuthenticationPortalResponseSchema)
+  .mutation(async ({ input, ctx }) => {
+    const { organisationId, data } = input;
+    const { user } = ctx;
+
+    ctx.logger.info({
+      input: {
+        organisationId,
+      },
+    });
+
+    if (!IS_BILLING_ENABLED()) {
+      throw new AppError(AppErrorCode.INVALID_REQUEST, {
+        message: 'Billing is not enabled',
+      });
+    }
+
+    const organisation = await prisma.organisation.findFirst({
+      where: buildOrganisationWhereQuery({
+        organisationId,
+        userId: user.id,
+        roles: ORGANISATION_MEMBER_ROLE_PERMISSIONS_MAP['MANAGE_ORGANISATION'],
+      }),
+      include: {
+        organisationAuthenticationPortal: true,
+        organisationClaim: true,
+      },
+    });
+
+    if (!organisation) {
+      throw new AppError(AppErrorCode.UNAUTHORIZED);
+    }
+
+    if (!organisation.organisationClaim.flags.authenticationPortal) {
+      throw new AppError(AppErrorCode.INVALID_REQUEST, {
+        message: 'Authentication portal is not allowed for this organisation',
+      });
+    }
+
+    const {
+      defaultOrganisationRole,
+      enabled,
+      clientId,
+      clientSecret,
+      wellKnownUrl,
+      autoProvisionUsers,
+      allowedDomains,
+    } = data;
+
+    if (
+      enabled &&
+      (!wellKnownUrl ||
+        !clientId ||
+        (!clientSecret && !organisation.organisationAuthenticationPortal.clientSecret))
+    ) {
+      throw new AppError(AppErrorCode.INVALID_BODY, {
+        message:
+          'Client ID, client secret, and well known URL are required when authentication portal is enabled',
+      });
+    }
+
+    // Allow empty string to be passed in to remove the client secret from the database.
+    let encryptedClientSecret: string | undefined = clientSecret;
+
+    // Encrypt the secret if it is provided.
+    if (clientSecret) {
+      const encryptionKey = DOCUMENSO_ENCRYPTION_KEY;
+
+      if (!encryptionKey) {
+        throw new Error('Missing DOCUMENSO_ENCRYPTION_KEY');
+      }
+
+      encryptedClientSecret = symmetricEncrypt({
+        key: encryptionKey,
+        data: clientSecret,
+      });
+    }
+
+    await prisma.organisationAuthenticationPortal.update({
+      where: {
+        id: organisation.organisationAuthenticationPortal.id,
+      },
+      data: {
+        defaultOrganisationRole,
+        enabled,
+        clientId,
+        clientSecret: encryptedClientSecret,
+        wellKnownUrl,
+        autoProvisionUsers,
+        allowedDomains,
+      },
+    });
+  });
diff --git a/packages/trpc/server/enterprise-router/update-organisation-authentication-portal.types.ts b/packages/trpc/server/enterprise-router/update-organisation-authentication-portal.types.ts
new file mode 100644
index 000000000..ebe5858ee
--- /dev/null
+++ b/packages/trpc/server/enterprise-router/update-organisation-authentication-portal.types.ts
@@ -0,0 +1,24 @@
+import { z } from 'zod';
+
+import OrganisationMemberRoleSchema from '@documenso/prisma/generated/zod/inputTypeSchemas/OrganisationMemberRoleSchema';
+
+import { domainRegex } from './create-organisation-email-domain.types';
+
+export const ZUpdateOrganisationAuthenticationPortalRequestSchema = z.object({
+  organisationId: z.string(),
+  data: z.object({
+    defaultOrganisationRole: OrganisationMemberRoleSchema,
+    enabled: z.boolean(),
+    clientId: z.string(),
+    clientSecret: z.string().optional(),
+    wellKnownUrl: z.union([z.string().url(), z.literal('')]),
+    autoProvisionUsers: z.boolean(),
+    allowedDomains: z.array(z.string().regex(domainRegex)),
+  }),
+});
+
+export const ZUpdateOrganisationAuthenticationPortalResponseSchema = z.void();
+
+export type TUpdateOrganisationAuthenticationPortalRequest = z.infer<
+  typeof ZUpdateOrganisationAuthenticationPortalRequestSchema
+>;
diff --git a/packages/trpc/server/organisation-router/delete-organisation.ts b/packages/trpc/server/organisation-router/delete-organisation.ts
index edf7952d4..f20fede2d 100644
--- a/packages/trpc/server/organisation-router/delete-organisation.ts
+++ b/packages/trpc/server/organisation-router/delete-organisation.ts
@@ -1,4 +1,7 @@
-import { ORGANISATION_MEMBER_ROLE_PERMISSIONS_MAP } from '@documenso/lib/constants/organisations';
+import {
+  ORGANISATION_MEMBER_ROLE_PERMISSIONS_MAP,
+  ORGANISATION_USER_ACCOUNT_TYPE,
+} from '@documenso/lib/constants/organisations';
 import { AppError, AppErrorCode } from '@documenso/lib/errors/app-error';
 import { buildOrganisationWhereQuery } from '@documenso/lib/utils/organisations';
 import { prisma } from '@documenso/prisma';
@@ -37,9 +40,18 @@ export const deleteOrganisationRoute = authenticatedProcedure
       });
     }
 
-    await prisma.organisation.delete({
-      where: {
-        id: organisation.id,
-      },
+    await prisma.$transaction(async (tx) => {
+      await tx.account.deleteMany({
+        where: {
+          type: ORGANISATION_USER_ACCOUNT_TYPE,
+          provider: organisation.id,
+        },
+      });
+
+      await tx.organisation.delete({
+        where: {
+          id: organisation.id,
+        },
+      });
     });
   });

From 4550bca3d3eb5b3f9f88d7e5412cda6ab5cbd43f Mon Sep 17 00:00:00 2001
From: samuel-cglg <124675162+samuel-cglg@users.noreply.github.com>
Date: Tue, 9 Sep 2025 09:14:44 +0200
Subject: [PATCH 20/47] fix: signature pad translation (#2007)

---
 packages/ui/primitives/signature-pad/signature-pad.tsx | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/packages/ui/primitives/signature-pad/signature-pad.tsx b/packages/ui/primitives/signature-pad/signature-pad.tsx
index 20fbb1aad..20df8d0e1 100644
--- a/packages/ui/primitives/signature-pad/signature-pad.tsx
+++ b/packages/ui/primitives/signature-pad/signature-pad.tsx
@@ -3,6 +3,7 @@ import { useState } from 'react';
 
 import { KeyboardIcon, UploadCloudIcon } from 'lucide-react';
 import { match } from 'ts-pattern';
+import { Trans } from '@lingui/react/macro';
 
 import { DocumentSignatureType } from '@documenso/lib/constants/document';
 import { isBase64Image } from '@documenso/lib/constants/signatures';
@@ -146,21 +147,21 @@ export const SignaturePad = ({
         {drawSignatureEnabled && (
           <TabsTrigger value="draw">
             <SignatureIcon className="mr-2 size-4" />
-            Draw
+            <Trans>Draw</Trans>
           </TabsTrigger>
         )}
 
         {typedSignatureEnabled && (
           <TabsTrigger value="text">
             <KeyboardIcon className="mr-2 size-4" />
-            Type
+            <Trans>Type</Trans>
           </TabsTrigger>
         )}
 
         {uploadSignatureEnabled && (
           <TabsTrigger value="image">
             <UploadCloudIcon className="mr-2 size-4" />
-            Upload
+            <Trans>Upload</Trans>
           </TabsTrigger>
         )}
       </TabsList>

From 93a3809f6a16335344b50b9d3d94d49d6de67b05 Mon Sep 17 00:00:00 2001
From: Ephraim Duncan <55143799+ephraimduncan@users.noreply.github.com>
Date: Tue, 9 Sep 2025 07:52:03 +0000
Subject: [PATCH 21/47] fix: add maxLength limits to document input fields
 (#1988)

---
 packages/trpc/server/document-router/schema.ts   |  3 +++
 packages/trpc/server/recipient-router/schema.ts  | 16 ++++++++--------
 packages/trpc/server/template-router/schema.ts   |  8 ++++----
 .../ui/primitives/document-flow/add-settings.tsx |  1 +
 .../ui/primitives/document-flow/add-signers.tsx  |  2 ++
 .../ui/primitives/document-flow/add-subject.tsx  | 10 +++++++---
 .../add-template-placeholder-recipients.tsx      |  2 ++
 .../template-flow/add-template-settings.tsx      | 11 ++++++-----
 8 files changed, 33 insertions(+), 20 deletions(-)

diff --git a/packages/trpc/server/document-router/schema.ts b/packages/trpc/server/document-router/schema.ts
index f362bf1a1..c6f76bf0d 100644
--- a/packages/trpc/server/document-router/schema.ts
+++ b/packages/trpc/server/document-router/schema.ts
@@ -28,6 +28,7 @@ export const ZDocumentTitleSchema = z
 export const ZDocumentExternalIdSchema = z
   .string()
   .trim()
+  .max(255)
   .describe('The external ID of the document.');
 
 export const ZDocumentVisibilitySchema = z
@@ -65,10 +66,12 @@ export const ZDocumentMetaLanguageSchema = z
 
 export const ZDocumentMetaSubjectSchema = z
   .string()
+  .max(254)
   .describe('The subject of the email that will be sent to the recipients.');
 
 export const ZDocumentMetaMessageSchema = z
   .string()
+  .max(5000)
   .describe('The message of the email that will be sent to the recipients.');
 
 export const ZDocumentMetaDistributionMethodSchema = z
diff --git a/packages/trpc/server/recipient-router/schema.ts b/packages/trpc/server/recipient-router/schema.ts
index e7344a9da..dbc25a497 100644
--- a/packages/trpc/server/recipient-router/schema.ts
+++ b/packages/trpc/server/recipient-router/schema.ts
@@ -23,8 +23,8 @@ export const ZGetRecipientResponseSchema = ZRecipientSchema;
  * pass along required details.
  */
 export const ZCreateRecipientSchema = z.object({
-  email: z.string().toLowerCase().email().min(1),
-  name: z.string(),
+  email: z.string().toLowerCase().email().min(1).max(254),
+  name: z.string().max(255),
   role: z.nativeEnum(RecipientRole),
   signingOrder: z.number().optional(),
   accessAuth: z.array(ZRecipientAccessAuthTypesSchema).optional().default([]),
@@ -33,8 +33,8 @@ export const ZCreateRecipientSchema = z.object({
 
 export const ZUpdateRecipientSchema = z.object({
   id: z.number().describe('The ID of the recipient to update.'),
-  email: z.string().toLowerCase().email().min(1).optional(),
-  name: z.string().optional(),
+  email: z.string().toLowerCase().email().min(1).max(254).optional(),
+  name: z.string().max(255).optional(),
   role: z.nativeEnum(RecipientRole).optional(),
   signingOrder: z.number().optional(),
   accessAuth: z.array(ZRecipientAccessAuthTypesSchema).optional().default([]),
@@ -103,8 +103,8 @@ export const ZSetDocumentRecipientsRequestSchema = z
     recipients: z.array(
       z.object({
         nativeId: z.number().optional(),
-        email: z.string().toLowerCase().email().min(1),
-        name: z.string(),
+        email: z.string().toLowerCase().email().min(1).max(254),
+        name: z.string().max(255),
         role: z.nativeEnum(RecipientRole),
         signingOrder: z.number().optional(),
         actionAuth: z.array(ZRecipientActionAuthTypesSchema).optional().default([]),
@@ -229,8 +229,8 @@ export const ZCompleteDocumentWithTokenMutationSchema = z.object({
   authOptions: ZRecipientActionAuthSchema.optional(),
   nextSigner: z
     .object({
-      email: z.string().email(),
-      name: z.string().min(1),
+      email: z.string().email().max(254),
+      name: z.string().min(1).max(255),
     })
     .optional(),
 });
diff --git a/packages/trpc/server/template-router/schema.ts b/packages/trpc/server/template-router/schema.ts
index c1100b99e..452ade10c 100644
--- a/packages/trpc/server/template-router/schema.ts
+++ b/packages/trpc/server/template-router/schema.ts
@@ -83,8 +83,8 @@ export const ZCreateTemplateMutationSchema = z.object({
 });
 
 export const ZCreateDocumentFromDirectTemplateRequestSchema = z.object({
-  directRecipientName: z.string().optional(),
-  directRecipientEmail: z.string().email(),
+  directRecipientName: z.string().max(255).optional(),
+  directRecipientEmail: z.string().email().max(254),
   directTemplateToken: z.string().min(1),
   directTemplateExternalId: z.string().optional(),
   signedFieldValues: z.array(ZSignFieldWithTokenMutationSchema),
@@ -97,8 +97,8 @@ export const ZCreateDocumentFromTemplateRequestSchema = z.object({
     .array(
       z.object({
         id: z.number().describe('The ID of the recipient in the template.'),
-        email: z.string().email(),
-        name: z.string().optional(),
+        email: z.string().email().max(254),
+        name: z.string().max(255).optional(),
       }),
     )
     .describe('The information of the recipients to create the document with.')
diff --git a/packages/ui/primitives/document-flow/add-settings.tsx b/packages/ui/primitives/document-flow/add-settings.tsx
index 3d1789e31..a96fe4e42 100644
--- a/packages/ui/primitives/document-flow/add-settings.tsx
+++ b/packages/ui/primitives/document-flow/add-settings.tsx
@@ -221,6 +221,7 @@ export const AddSettingsFormPartial = ({
                       className="bg-background"
                       {...field}
                       disabled={document.status !== DocumentStatus.DRAFT || field.disabled}
+                      maxLength={255}
                       onBlur={handleAutoSave}
                     />
                   </FormControl>
diff --git a/packages/ui/primitives/document-flow/add-signers.tsx b/packages/ui/primitives/document-flow/add-signers.tsx
index a57c87167..cf592f448 100644
--- a/packages/ui/primitives/document-flow/add-signers.tsx
+++ b/packages/ui/primitives/document-flow/add-signers.tsx
@@ -690,6 +690,7 @@ export const AddSignersFormPartial = ({
                                         }
                                         data-testid="signer-email-input"
                                         onKeyDown={onKeyDown}
+                                        maxLength={254}
                                         onBlur={handleAutoSave}
                                       />
                                     </FormControl>
@@ -728,6 +729,7 @@ export const AddSignersFormPartial = ({
                                           !canRecipientBeModified(signer.nativeId)
                                         }
                                         onKeyDown={onKeyDown}
+                                        maxLength={255}
                                         onBlur={handleAutoSave}
                                       />
                                     </FormControl>
diff --git a/packages/ui/primitives/document-flow/add-subject.tsx b/packages/ui/primitives/document-flow/add-subject.tsx
index 82f6f11d5..c687dcfa1 100644
--- a/packages/ui/primitives/document-flow/add-subject.tsx
+++ b/packages/ui/primitives/document-flow/add-subject.tsx
@@ -262,7 +262,7 @@ export const AddSubjectFormPartial = ({
                           </FormLabel>
 
                           <FormControl>
-                            <Input {...field} />
+                            <Input {...field} maxLength={254} />
                           </FormControl>
 
                           <FormMessage />
@@ -300,7 +300,7 @@ export const AddSubjectFormPartial = ({
                           </FormLabel>
 
                           <FormControl>
-                            <Input {...field} />
+                            <Input {...field} maxLength={255} />
                           </FormControl>
                           <FormMessage />
                         </FormItem>
@@ -326,7 +326,11 @@ export const AddSubjectFormPartial = ({
                           </FormLabel>
 
                           <FormControl>
-                            <Textarea className="bg-background mt-2 h-16 resize-none" {...field} />
+                            <Textarea
+                              className="bg-background mt-2 h-16 resize-none"
+                              {...field}
+                              maxLength={5000}
+                            />
                           </FormControl>
                           <FormMessage />
                         </FormItem>
diff --git a/packages/ui/primitives/template-flow/add-template-placeholder-recipients.tsx b/packages/ui/primitives/template-flow/add-template-placeholder-recipients.tsx
index 70f42b990..7d0899574 100644
--- a/packages/ui/primitives/template-flow/add-template-placeholder-recipients.tsx
+++ b/packages/ui/primitives/template-flow/add-template-placeholder-recipients.tsx
@@ -627,6 +627,7 @@ export const AddTemplatePlaceholderRecipientsFormPartial = ({
                                           signers[index].email === user?.email ||
                                           isSignerDirectRecipient(signer)
                                         }
+                                        maxLength={254}
                                         onBlur={handleAutoSave}
                                         data-testid="placeholder-recipient-email-input"
                                       />
@@ -663,6 +664,7 @@ export const AddTemplatePlaceholderRecipientsFormPartial = ({
                                           signers[index].email === user?.email ||
                                           isSignerDirectRecipient(signer)
                                         }
+                                        maxLength={255}
                                         onBlur={handleAutoSave}
                                         data-testid="placeholder-recipient-name-input"
                                       />
diff --git a/packages/ui/primitives/template-flow/add-template-settings.tsx b/packages/ui/primitives/template-flow/add-template-settings.tsx
index 374e31a69..83cbc80c2 100644
--- a/packages/ui/primitives/template-flow/add-template-settings.tsx
+++ b/packages/ui/primitives/template-flow/add-template-settings.tsx
@@ -216,7 +216,7 @@ export const AddTemplateSettingsFormPartial = ({
                   </FormLabel>
 
                   <FormControl>
-                    <Input className="bg-background" {...field} onBlur={handleAutoSave} />
+                    <Input className="bg-background" {...field} maxLength={255} onBlur={handleAutoSave} />
                   </FormControl>
                   <FormMessage />
                 </FormItem>
@@ -519,7 +519,7 @@ export const AddTemplateSettingsFormPartial = ({
                             </FormLabel>
 
                             <FormControl>
-                              <Input {...field} />
+                              <Input {...field} maxLength={254} />
                             </FormControl>
 
                             <FormMessage />
@@ -539,7 +539,7 @@ export const AddTemplateSettingsFormPartial = ({
                             </FormLabel>
 
                             <FormControl>
-                              <Input {...field} onBlur={handleAutoSave} />
+                              <Input {...field} maxLength={254} onBlur={handleAutoSave} />
                             </FormControl>
 
                             <FormMessage />
@@ -569,6 +569,7 @@ export const AddTemplateSettingsFormPartial = ({
                               <Textarea
                                 className="bg-background h-16 resize-none"
                                 {...field}
+                                maxLength={5000}
                                 onBlur={handleAutoSave}
                               />
                             </FormControl>
@@ -623,7 +624,7 @@ export const AddTemplateSettingsFormPartial = ({
                           </FormLabel>
 
                           <FormControl>
-                            <Input className="bg-background" {...field} onBlur={handleAutoSave} />
+                            <Input className="bg-background" {...field} maxLength={255} onBlur={handleAutoSave} />
                           </FormControl>
 
                           <FormMessage />
@@ -714,7 +715,7 @@ export const AddTemplateSettingsFormPartial = ({
                           </FormLabel>
 
                           <FormControl>
-                            <Input className="bg-background" {...field} onBlur={handleAutoSave} />
+                            <Input className="bg-background" {...field} maxLength={255} onBlur={handleAutoSave} />
                           </FormControl>
 
                           <FormMessage />

From 7c8e93b53e8c8756f2379a4e445e7cdec4da4e5d Mon Sep 17 00:00:00 2001
From: Catalin Pit <me+github@catalins.tech>
Date: Tue, 9 Sep 2025 13:57:26 +0300
Subject: [PATCH 22/47] feat: implement recipients autosuggestions (#1923)

---
 .../recipient/get-recipient-suggestions.ts    | 108 ++++++++++++++++++
 .../find-recipient-suggestions.ts             |  34 ++++++
 .../find-recipient-suggestions.types.ts       |  22 ++++
 .../trpc/server/recipient-router/router.ts    |   5 +
 .../recipient-autocomplete-input.tsx          | 106 +++++++++++++++++
 packages/ui/primitives/command.tsx            |  22 ++++
 .../primitives/document-flow/add-signers.tsx  |  59 ++++++++--
 packages/ui/primitives/popover.tsx            |   4 +-
 8 files changed, 349 insertions(+), 11 deletions(-)
 create mode 100644 packages/lib/server-only/recipient/get-recipient-suggestions.ts
 create mode 100644 packages/trpc/server/recipient-router/find-recipient-suggestions.ts
 create mode 100644 packages/trpc/server/recipient-router/find-recipient-suggestions.types.ts
 create mode 100644 packages/ui/components/recipient/recipient-autocomplete-input.tsx

diff --git a/packages/lib/server-only/recipient/get-recipient-suggestions.ts b/packages/lib/server-only/recipient/get-recipient-suggestions.ts
new file mode 100644
index 000000000..9ffd64c29
--- /dev/null
+++ b/packages/lib/server-only/recipient/get-recipient-suggestions.ts
@@ -0,0 +1,108 @@
+import { Prisma } from '@prisma/client';
+
+import { buildTeamWhereQuery } from '@documenso/lib/utils/teams';
+import { prisma } from '@documenso/prisma';
+
+export type GetRecipientSuggestionsOptions = {
+  userId: number;
+  teamId?: number;
+  query: string;
+};
+
+export const getRecipientSuggestions = async ({
+  userId,
+  teamId,
+  query,
+}: GetRecipientSuggestionsOptions) => {
+  const trimmedQuery = query.trim();
+
+  const nameEmailFilter = trimmedQuery
+    ? {
+        OR: [
+          {
+            name: {
+              contains: trimmedQuery,
+              mode: Prisma.QueryMode.insensitive,
+            },
+          },
+          {
+            email: {
+              contains: trimmedQuery,
+              mode: Prisma.QueryMode.insensitive,
+            },
+          },
+        ],
+      }
+    : {};
+
+  const recipients = await prisma.recipient.findMany({
+    where: {
+      document: {
+        team: buildTeamWhereQuery({ teamId, userId }),
+      },
+      ...nameEmailFilter,
+    },
+    select: {
+      name: true,
+      email: true,
+      document: {
+        select: {
+          createdAt: true,
+        },
+      },
+    },
+    distinct: ['email'],
+    orderBy: {
+      document: {
+        createdAt: 'desc',
+      },
+    },
+    take: 5,
+  });
+
+  if (teamId) {
+    const teamMembers = await prisma.organisationMember.findMany({
+      where: {
+        user: {
+          ...nameEmailFilter,
+          NOT: { id: userId },
+        },
+        organisationGroupMembers: {
+          some: {
+            group: {
+              teamGroups: {
+                some: { teamId },
+              },
+            },
+          },
+        },
+      },
+      include: {
+        user: {
+          select: {
+            email: true,
+            name: true,
+          },
+        },
+      },
+      take: 5,
+    });
+
+    const uniqueTeamMember = teamMembers.find(
+      (member) => !recipients.some((r) => r.email === member.user.email),
+    );
+
+    if (uniqueTeamMember) {
+      const teamMemberSuggestion = {
+        email: uniqueTeamMember.user.email,
+        name: uniqueTeamMember.user.name,
+      };
+
+      const allSuggestions = [...recipients.slice(0, 4), teamMemberSuggestion];
+
+      return allSuggestions;
+    }
+  }
+
+  return recipients;
+};
diff --git a/packages/trpc/server/recipient-router/find-recipient-suggestions.ts b/packages/trpc/server/recipient-router/find-recipient-suggestions.ts
new file mode 100644
index 000000000..34a33b667
--- /dev/null
+++ b/packages/trpc/server/recipient-router/find-recipient-suggestions.ts
@@ -0,0 +1,34 @@
+import { getRecipientSuggestions } from '@documenso/lib/server-only/recipient/get-recipient-suggestions';
+
+import { authenticatedProcedure } from '../trpc';
+import {
+  ZGetRecipientSuggestionsRequestSchema,
+  ZGetRecipientSuggestionsResponseSchema,
+} from './find-recipient-suggestions.types';
+
+/**
+ * @private
+ */
+export const findRecipientSuggestionsRoute = authenticatedProcedure
+  .input(ZGetRecipientSuggestionsRequestSchema)
+  .output(ZGetRecipientSuggestionsResponseSchema)
+  .query(async ({ input, ctx }) => {
+    const { teamId, user } = ctx;
+    const { query } = input;
+
+    ctx.logger.info({
+      input: {
+        query,
+      },
+    });
+
+    const suggestions = await getRecipientSuggestions({
+      userId: user.id,
+      teamId,
+      query,
+    });
+
+    return {
+      results: suggestions,
+    };
+  });
diff --git a/packages/trpc/server/recipient-router/find-recipient-suggestions.types.ts b/packages/trpc/server/recipient-router/find-recipient-suggestions.types.ts
new file mode 100644
index 000000000..e6c91a815
--- /dev/null
+++ b/packages/trpc/server/recipient-router/find-recipient-suggestions.types.ts
@@ -0,0 +1,22 @@
+import { z } from 'zod';
+
+export const ZGetRecipientSuggestionsRequestSchema = z.object({
+  query: z.string().default(''),
+});
+
+export const ZGetRecipientSuggestionsResponseSchema = z.object({
+  results: z.array(
+    z.object({
+      name: z.string().nullable(),
+      email: z.string().email(),
+    }),
+  ),
+});
+
+export type TGetRecipientSuggestionsRequestSchema = z.infer<
+  typeof ZGetRecipientSuggestionsRequestSchema
+>;
+
+export type TGetRecipientSuggestionsResponseSchema = z.infer<
+  typeof ZGetRecipientSuggestionsResponseSchema
+>;
diff --git a/packages/trpc/server/recipient-router/router.ts b/packages/trpc/server/recipient-router/router.ts
index dc66306e7..876e21942 100644
--- a/packages/trpc/server/recipient-router/router.ts
+++ b/packages/trpc/server/recipient-router/router.ts
@@ -12,6 +12,7 @@ import { updateTemplateRecipients } from '@documenso/lib/server-only/recipient/u
 
 import { ZGenericSuccessResponse, ZSuccessResponseSchema } from '../document-router/schema';
 import { authenticatedProcedure, procedure, router } from '../trpc';
+import { findRecipientSuggestionsRoute } from './find-recipient-suggestions';
 import {
   ZCompleteDocumentWithTokenMutationSchema,
   ZCreateDocumentRecipientRequestSchema,
@@ -42,6 +43,10 @@ import {
 } from './schema';
 
 export const recipientRouter = router({
+  suggestions: {
+    find: findRecipientSuggestionsRoute,
+  },
+
   /**
    * @public
    */
diff --git a/packages/ui/components/recipient/recipient-autocomplete-input.tsx b/packages/ui/components/recipient/recipient-autocomplete-input.tsx
new file mode 100644
index 000000000..ec7190e47
--- /dev/null
+++ b/packages/ui/components/recipient/recipient-autocomplete-input.tsx
@@ -0,0 +1,106 @@
+import React, { useRef, useState } from 'react';
+
+import { Trans } from '@lingui/react/macro';
+import { PopoverAnchor } from '@radix-ui/react-popover';
+
+import { Popover, PopoverContent } from '@documenso/ui/primitives/popover';
+
+import { Command, CommandGroup, CommandItem } from '../../primitives/command';
+import { Input } from '../../primitives/input';
+
+export type RecipientAutoCompleteOption = {
+  email: string;
+  name: string | null;
+};
+
+type RecipientAutoCompleteInputProps = {
+  type: 'email' | 'text';
+  value: string;
+  placeholder?: string;
+  disabled?: boolean;
+  loading?: boolean;
+  options: RecipientAutoCompleteOption[];
+  onSelect: (option: RecipientAutoCompleteOption) => void;
+  onSearchQueryChange: (query: string) => void;
+};
+
+type CombinedProps = RecipientAutoCompleteInputProps &
+  Omit<React.InputHTMLAttributes<HTMLInputElement>, keyof RecipientAutoCompleteInputProps>;
+
+export const RecipientAutoCompleteInput = ({
+  value,
+  placeholder,
+  disabled,
+  loading,
+  onSearchQueryChange,
+  onSelect,
+  options = [],
+  onChange: _onChange,
+  ...props
+}: CombinedProps) => {
+  const [isOpen, setIsOpen] = useState(false);
+
+  const inputRef = useRef<HTMLInputElement>(null);
+
+  const onValueChange = (value: string) => {
+    setIsOpen(!!value.length);
+    onSearchQueryChange(value);
+  };
+
+  const handleSelectItem = (option: RecipientAutoCompleteOption) => {
+    setIsOpen(false);
+    onSelect(option);
+  };
+
+  return (
+    <Command>
+      <Popover open={isOpen} onOpenChange={setIsOpen}>
+        <PopoverAnchor asChild>
+          <Input
+            ref={inputRef}
+            className="w-full"
+            placeholder={placeholder}
+            value={value}
+            disabled={disabled}
+            onChange={(e) => onValueChange(e.target.value)}
+            {...props}
+          />
+        </PopoverAnchor>
+
+        <PopoverContent
+          align="start"
+          className="w-full p-0"
+          onOpenAutoFocus={(e) => {
+            e.preventDefault();
+          }}
+        >
+          {/* Not using <CommandEmpty /> here due to some weird behaviour */}
+          {options.length === 0 && (
+            <div className="px-2 py-1.5 text-sm">
+              {loading ? (
+                <Trans>Loading suggestions...</Trans>
+              ) : (
+                <Trans>No suggestions found</Trans>
+              )}
+            </div>
+          )}
+
+          {options.length > 0 && (
+            <CommandGroup className="max-h-[250px] overflow-y-auto">
+              {options.map((option, index) => (
+                <CommandItem
+                  key={`${index}-${option.email}`}
+                  value={`${option.email}`}
+                  className="cursor-pointer"
+                  onSelect={() => handleSelectItem(option)}
+                >
+                  {option.name} ({option.email})
+                </CommandItem>
+              ))}
+            </CommandGroup>
+          )}
+        </PopoverContent>
+      </Popover>
+    </Command>
+  );
+};
diff --git a/packages/ui/primitives/command.tsx b/packages/ui/primitives/command.tsx
index 983ec474c..2cee1fe0c 100644
--- a/packages/ui/primitives/command.tsx
+++ b/packages/ui/primitives/command.tsx
@@ -65,6 +65,27 @@ const CommandInput = React.forwardRef<
 
 CommandInput.displayName = CommandPrimitive.Input.displayName;
 
+const CommandTextInput = React.forwardRef<
+  React.ElementRef<typeof CommandPrimitive.Input>,
+  React.ComponentPropsWithoutRef<typeof CommandPrimitive.Input>
+>(({ className, ...props }, ref) => (
+  <div cmdk-input-wrapper="">
+    <CommandPrimitive.Input
+      ref={ref}
+      className={cn(
+        'bg-background border-input ring-offset-background placeholder:text-muted-foreground/40 focus-visible:ring-ring flex h-10 w-full rounded-md border px-3 py-2 text-sm file:border-0 file:bg-transparent file:text-sm file:font-medium focus-visible:outline-none focus-visible:ring-2 focus-visible:ring-offset-2 disabled:cursor-not-allowed disabled:opacity-50',
+        className,
+        {
+          'ring-2 !ring-red-500 transition-all': props['aria-invalid'],
+        },
+      )}
+      {...props}
+    />
+  </div>
+));
+
+CommandTextInput.displayName = CommandPrimitive.Input.displayName;
+
 const CommandList = React.forwardRef<
   React.ElementRef<typeof CommandPrimitive.List>,
   React.ComponentPropsWithoutRef<typeof CommandPrimitive.List>
@@ -147,6 +168,7 @@ export {
   Command,
   CommandDialog,
   CommandInput,
+  CommandTextInput,
   CommandList,
   CommandEmpty,
   CommandGroup,
diff --git a/packages/ui/primitives/document-flow/add-signers.tsx b/packages/ui/primitives/document-flow/add-signers.tsx
index cf592f448..43caa8fe1 100644
--- a/packages/ui/primitives/document-flow/add-signers.tsx
+++ b/packages/ui/primitives/document-flow/add-signers.tsx
@@ -1,4 +1,4 @@
-import React, { useCallback, useId, useMemo, useRef, useState } from 'react';
+import { useCallback, useId, useMemo, useRef, useState } from 'react';
 
 import type { DropResult, SensorAPI } from '@hello-pangea/dnd';
 import { DragDropContext, Draggable, Droppable } from '@hello-pangea/dnd';
@@ -15,11 +15,13 @@ import { prop, sortBy } from 'remeda';
 
 import { useLimits } from '@documenso/ee/server-only/limits/provider/client';
 import { useAutoSave } from '@documenso/lib/client-only/hooks/use-autosave';
+import { useDebouncedValue } from '@documenso/lib/client-only/hooks/use-debounced-value';
 import { useCurrentOrganisation } from '@documenso/lib/client-only/providers/organisation';
 import { useSession } from '@documenso/lib/client-only/providers/session';
 import { ZRecipientAuthOptionsSchema } from '@documenso/lib/types/document-auth';
 import { nanoid } from '@documenso/lib/universal/id';
 import { canRecipientBeModified as utilCanRecipientBeModified } from '@documenso/lib/utils/recipients';
+import { trpc } from '@documenso/trpc/react';
 import { AnimateGenericFadeInOut } from '@documenso/ui/components/animate/animate-generic-fade-in-out';
 import { RecipientActionAuthSelect } from '@documenso/ui/components/recipient/recipient-action-auth-select';
 import { RecipientRoleSelect } from '@documenso/ui/components/recipient/recipient-role-select';
@@ -29,6 +31,8 @@ import {
   DocumentReadOnlyFields,
   mapFieldsWithRecipients,
 } from '../../components/document/document-read-only-fields';
+import type { RecipientAutoCompleteOption } from '../../components/recipient/recipient-autocomplete-input';
+import { RecipientAutoCompleteInput } from '../../components/recipient/recipient-autocomplete-input';
 import { Button } from '../button';
 import { Checkbox } from '../checkbox';
 import { Form, FormControl, FormField, FormItem, FormLabel, FormMessage } from '../form/form';
@@ -75,6 +79,10 @@ export const AddSignersFormPartial = ({
   const { remaining } = useLimits();
   const { user } = useSession();
 
+  const [recipientSearchQuery, setRecipientSearchQuery] = useState('');
+
+  const debouncedRecipientSearchQuery = useDebouncedValue(recipientSearchQuery, 500);
+
   const initialId = useId();
   const $sensorApi = useRef<SensorAPI | null>(null);
 
@@ -82,6 +90,17 @@ export const AddSignersFormPartial = ({
 
   const organisation = useCurrentOrganisation();
 
+  const { data: recipientSuggestionsData, isLoading } = trpc.recipient.suggestions.find.useQuery(
+    {
+      query: debouncedRecipientSearchQuery,
+    },
+    {
+      enabled: debouncedRecipientSearchQuery.length > 1,
+    },
+  );
+
+  const recipientSuggestions = recipientSuggestionsData?.results || [];
+
   const defaultRecipients = [
     {
       formId: initialId,
@@ -286,10 +305,12 @@ export const AddSignersFormPartial = ({
     }
   };
 
-  const onKeyDown = (event: React.KeyboardEvent<HTMLInputElement>) => {
-    if (event.key === 'Enter' && event.target instanceof HTMLInputElement) {
-      onAddSigner();
-    }
+  const handleRecipientAutoCompleteSelect = (
+    index: number,
+    suggestion: RecipientAutoCompleteOption,
+  ) => {
+    setValue(`signers.${index}.email`, suggestion.email);
+    setValue(`signers.${index}.name`, suggestion.name || '');
   };
 
   const onDragEnd = useCallback(
@@ -679,17 +700,26 @@ export const AddSignersFormPartial = ({
                                     )}
 
                                     <FormControl>
-                                      <Input
+                                      <RecipientAutoCompleteInput
                                         type="email"
                                         placeholder={_(msg`Email`)}
-                                        {...field}
+                                        value={field.value}
                                         disabled={
                                           snapshot.isDragging ||
                                           isSubmitting ||
                                           !canRecipientBeModified(signer.nativeId)
                                         }
+                                        options={recipientSuggestions}
+                                        onSelect={(suggestion) =>
+                                          handleRecipientAutoCompleteSelect(index, suggestion)
+                                        }
+                                        onSearchQueryChange={(query) => {
+                                          console.log('onSearchQueryChange', query);
+                                          field.onChange(query);
+                                          setRecipientSearchQuery(query);
+                                        }}
+                                        loading={isLoading}
                                         data-testid="signer-email-input"
-                                        onKeyDown={onKeyDown}
                                         maxLength={254}
                                         onBlur={handleAutoSave}
                                       />
@@ -720,7 +750,8 @@ export const AddSignersFormPartial = ({
                                     )}
 
                                     <FormControl>
-                                      <Input
+                                      <RecipientAutoCompleteInput
+                                        type="text"
                                         placeholder={_(msg`Name`)}
                                         {...field}
                                         disabled={
@@ -728,7 +759,15 @@ export const AddSignersFormPartial = ({
                                           isSubmitting ||
                                           !canRecipientBeModified(signer.nativeId)
                                         }
-                                        onKeyDown={onKeyDown}
+                                        options={recipientSuggestions}
+                                        onSelect={(suggestion) =>
+                                          handleRecipientAutoCompleteSelect(index, suggestion)
+                                        }
+                                        onSearchQueryChange={(query) => {
+                                          field.onChange(query);
+                                          setRecipientSearchQuery(query);
+                                        }}
+                                        loading={isLoading}
                                         maxLength={255}
                                         onBlur={handleAutoSave}
                                       />
diff --git a/packages/ui/primitives/popover.tsx b/packages/ui/primitives/popover.tsx
index 906206e4b..f84c3f4b2 100644
--- a/packages/ui/primitives/popover.tsx
+++ b/packages/ui/primitives/popover.tsx
@@ -8,6 +8,8 @@ const Popover = PopoverPrimitive.Root;
 
 const PopoverTrigger = PopoverPrimitive.Trigger;
 
+const PopoverAnchor = PopoverPrimitive.Anchor;
+
 const PopoverContent = React.forwardRef<
   React.ElementRef<typeof PopoverPrimitive.Content>,
   React.ComponentPropsWithoutRef<typeof PopoverPrimitive.Content>
@@ -91,4 +93,4 @@ const PopoverHover = ({ trigger, children, contentProps, side = 'top' }: Popover
   );
 };
 
-export { Popover, PopoverTrigger, PopoverContent, PopoverHover };
+export { Popover, PopoverTrigger, PopoverAnchor, PopoverContent, PopoverHover };

From 2c0d4f87895f12bca349bd7af170a6ef63e64272 Mon Sep 17 00:00:00 2001
From: Ephraim Duncan <55143799+ephraimduncan@users.noreply.github.com>
Date: Tue, 9 Sep 2025 11:26:42 +0000
Subject: [PATCH 23/47] chore: self hosting docs update and certificate issues
 (#1847)

---
 SIGNING.md                                    |  19 ++-
 .../pages/developers/self-hosting/how-to.mdx  |  87 +++++++++-
 .../app/routes/api+/certificate-status.ts     |  20 +++
 apps/remix/app/routes/api+/health.ts          |  59 +++++--
 docker/Dockerfile                             |   2 +-
 docker/README.md                              | 149 +++++++++++++++---
 docker/production/compose.yml                 |   2 +-
 docker/start.sh                               |  26 ++-
 packages/lib/server-only/cert/cert-status.ts  |  21 +++
 packages/signing/transports/local-cert.ts     |  23 ++-
 10 files changed, 352 insertions(+), 56 deletions(-)
 create mode 100644 apps/remix/app/routes/api+/certificate-status.ts
 create mode 100644 packages/lib/server-only/cert/cert-status.ts

diff --git a/SIGNING.md b/SIGNING.md
index 3eb94fbfb..cb719ffb8 100644
--- a/SIGNING.md
+++ b/SIGNING.md
@@ -10,13 +10,24 @@ For the digital signature of your documents you need a signing certificate in .p
 
    `openssl req -new -x509 -key private.key -out certificate.crt -days 365`
 
-   This will prompt you to enter some information, such as the Common Name (CN) for the certificate. Make sure you enter the correct information. The -days parameter sets the number of days for which the certificate is valid.
+   This will prompt you to enter some information, such as the Common Name (CN) for the certificate. Make sure you enter the correct information. The `-days` parameter sets the number of days for which the certificate is valid.
 
-3. Combine the private key and the self-signed certificate to create the p12 certificate. You can run the following command to do this:
+3. Combine the private key and the self-signed certificate to create the p12 certificate. You can run the following commands to do this:
 
-   `openssl pkcs12 -export -out certificate.p12 -inkey private.key -in certificate.crt`
+   ```bash
+   # Set certificate password securely (won't appear in command history)
+   read -s -p "Enter certificate password: " CERT_PASS
+   echo
+   
+   # Create the p12 certificate using the environment variable
+   openssl pkcs12 -export -out certificate.p12 -inkey private.key -in certificate.crt \
+       -password env:CERT_PASS \
+       -keypbe PBE-SHA1-3DES \
+       -certpbe PBE-SHA1-3DES \
+       -macalg sha1
+   ```
 
-4. You will be prompted to enter a password for the p12 file. Choose a strong password and remember it, as you will need it to use the certificate (**can be empty for dev certificates**)
+4. **IMPORTANT**: A certificate password is required to prevent signing failures. Make sure to use a strong password (minimum 4 characters) when prompted. Certificates without passwords will cause "Failed to get private key bags" errors during document signing.
 
 5. Place the certificate `/apps/remix/resources/certificate.p12` (If the path does not exist, it needs to be created)
 
diff --git a/apps/documentation/pages/developers/self-hosting/how-to.mdx b/apps/documentation/pages/developers/self-hosting/how-to.mdx
index 08797e801..cdc5a2c22 100644
--- a/apps/documentation/pages/developers/self-hosting/how-to.mdx
+++ b/apps/documentation/pages/developers/self-hosting/how-to.mdx
@@ -119,16 +119,89 @@ NEXT_PRIVATE_SMTP_USERNAME="<your-username>"
 NEXT_PRIVATE_SMTP_PASSWORD="<your-password>"
 ```
 
-### Update the Volume Binding
+### Set Up Your Signing Certificate
 
-The `cert.p12` file is required to sign and encrypt documents, so you must provide your key file. Update the volume binding in the `compose.yml` file to point to your key file:
+<Callout type="warning">
+  This is the most common source of issues for self-hosters. Please follow these steps carefully.
+</Callout>
 
-```yaml
-volumes:
-  - /path/to/your/keyfile.p12:/opt/documenso/cert.p12
-```
+The `cert.p12` file is required to sign and encrypt documents. You have three options:
 
-After updating the volume binding, save the `compose.yml` file and run the following command to start the containers:
+#### Option A: Generate Certificate Inside Container (Recommended)
+
+This method avoids file permission issues by creating the certificate directly inside the Docker container:
+
+1. Start your containers:
+
+   ```bash
+   docker-compose up -d
+   ```
+
+2. Set certificate password securely and generate certificate inside the container:
+
+   ```bash
+   # Set certificate password securely (won't appear in command history)
+   read -s -p "Enter certificate password: " CERT_PASS
+   echo
+
+   # Generate certificate inside container using environment variable
+   docker exec -e CERT_PASS="$CERT_PASS" -it documenso-production-documenso-1 bash -c "
+     openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
+       -keyout /tmp/private.key \
+       -out /tmp/certificate.crt \
+       -subj '/C=US/ST=State/L=City/O=Organization/CN=localhost' && \
+     openssl pkcs12 -export -out /app/certs/cert.p12 \
+       -inkey /tmp/private.key -in /tmp/certificate.crt \
+       -passout env:CERT_PASS && \
+     rm /tmp/private.key /tmp/certificate.crt
+   "
+   ```
+
+3. Add the certificate passphrase to your `.env` file:
+
+   ```bash
+   NEXT_PRIVATE_SIGNING_PASSPHRASE="your_password_here"
+   ```
+
+4. Restart the container to apply changes:
+   ```bash
+   docker-compose restart documenso
+   ```
+
+#### Option B: Use an Existing Certificate File
+
+If you have an existing `.p12` certificate file:
+
+1. **Place your certificate file** in an accessible location on your host system
+2. **Set proper permissions:**
+
+   ```bash
+   # Make sure the certificate is readable
+   chmod 644 /path/to/your/cert.p12
+
+   # For Docker, ensure proper ownership
+   chown 1001:1001 /path/to/your/cert.p12
+   ```
+
+3. **Update the volume binding** in the `compose.yml` file:
+
+   ```yaml
+   volumes:
+     - /path/to/your/cert.p12:/opt/documenso/cert.p12:ro
+   ```
+
+4. **Add certificate configuration** to your `.env` file:
+   ```bash
+   NEXT_PRIVATE_SIGNING_LOCAL_FILE_PATH=/opt/documenso/cert.p12
+   NEXT_PRIVATE_SIGNING_PASSPHRASE=your_certificate_password
+   ```
+
+<Callout type="warning">
+  Your certificate MUST have a password. Certificates without passwords will cause "Failed to get
+  private key bags" errors.
+</Callout>
+
+After setting up your certificate, save the `compose.yml` file and run the following command to start the containers:
 
 ```bash
 docker-compose --env-file ./.env up -d
diff --git a/apps/remix/app/routes/api+/certificate-status.ts b/apps/remix/app/routes/api+/certificate-status.ts
new file mode 100644
index 000000000..eb8ae6cfd
--- /dev/null
+++ b/apps/remix/app/routes/api+/certificate-status.ts
@@ -0,0 +1,20 @@
+import { getCertificateStatus } from '@documenso/lib/server-only/cert/cert-status';
+
+export const loader = () => {
+  try {
+    const certStatus = getCertificateStatus();
+
+    return Response.json({
+      isAvailable: certStatus.isAvailable,
+      timestamp: new Date().toISOString(),
+    });
+  } catch {
+    return Response.json(
+      {
+        isAvailable: false,
+        timestamp: new Date().toISOString(),
+      },
+      { status: 500 },
+    );
+  }
+};
diff --git a/apps/remix/app/routes/api+/health.ts b/apps/remix/app/routes/api+/health.ts
index 9783157e9..1ebdfbadb 100644
--- a/apps/remix/app/routes/api+/health.ts
+++ b/apps/remix/app/routes/api+/health.ts
@@ -1,22 +1,47 @@
+import { getCertificateStatus } from '@documenso/lib/server-only/cert/cert-status';
 import { prisma } from '@documenso/prisma';
 
-export async function loader() {
+type CheckStatus = 'ok' | 'warning' | 'error';
+
+export const loader = async () => {
+  const checks: {
+    database: { status: CheckStatus };
+    certificate: { status: CheckStatus };
+  } = {
+    database: { status: 'ok' },
+    certificate: { status: 'ok' },
+  };
+
+  let overallStatus: CheckStatus = 'ok';
+
   try {
     await prisma.$queryRaw`SELECT 1`;
-
-    return Response.json({
-      status: 'ok',
-      message: 'All systems operational',
-    });
-  } catch (err) {
-    console.error(err);
-
-    return Response.json(
-      {
-        status: 'error',
-        message: err instanceof Error ? err.message : 'Unknown error',
-      },
-      { status: 500 },
-    );
+  } catch {
+    checks.database = { status: 'error' };
+    overallStatus = 'error';
   }
-}
+
+  try {
+    const certStatus = getCertificateStatus();
+    if (certStatus.isAvailable) {
+      checks.certificate = { status: 'ok' };
+    } else {
+      checks.certificate = { status: 'warning' };
+      if (overallStatus === 'ok') {
+        overallStatus = 'warning';
+      }
+    }
+  } catch {
+    checks.certificate = { status: 'error' };
+    overallStatus = 'error';
+  }
+
+  return Response.json(
+    {
+      status: overallStatus,
+      timestamp: new Date().toISOString(),
+      checks,
+    },
+    { status: overallStatus === 'error' ? 500 : 200 },
+  );
+};
diff --git a/docker/Dockerfile b/docker/Dockerfile
index 2d83cbcb2..4905c7d18 100644
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -109,7 +109,7 @@ COPY --from=installer --chown=nodejs:nodejs /app/packages/prisma/migrations ./pa
 RUN npx prisma generate --schema ./packages/prisma/schema.prisma
 
 
-# Get the start script from docker/start.sh
+# Get the start script from docker/
 COPY --chown=nodejs:nodejs ./docker/start.sh /app/apps/remix/start.sh
 
 WORKDIR /app/apps/remix
diff --git a/docker/README.md b/docker/README.md
index 9c4f049b7..087fb895b 100644
--- a/docker/README.md
+++ b/docker/README.md
@@ -18,27 +18,66 @@ This setup includes a PostgreSQL database and the Documenso application. You wil
 3. Create a `.env` file in the same directory and add your SMTP details as well as a few extra environment variables, following the example below:
 
 ```
+# Generate random secrets (you can use: openssl rand -hex 32)
 NEXTAUTH_SECRET="<your-secret>"
 NEXT_PRIVATE_ENCRYPTION_KEY="<your-key>"
 NEXT_PRIVATE_ENCRYPTION_SECONDARY_KEY="<your-secondary-key>"
+
+# Your application URL
 NEXT_PUBLIC_WEBAPP_URL="<your-url>"
+
+# SMTP Configuration
 NEXT_PRIVATE_SMTP_TRANSPORT="smtp-auth"
 NEXT_PRIVATE_SMTP_HOST="<your-host>"
 NEXT_PRIVATE_SMTP_PORT=<your-port>
 NEXT_PRIVATE_SMTP_USERNAME="<your-username>"
 NEXT_PRIVATE_SMTP_PASSWORD="<your-password>"
+NEXT_PRIVATE_SMTP_FROM_NAME="<your-from-name>"
+NEXT_PRIVATE_SMTP_FROM_ADDRESS="<your-from-email>"
+
+# Certificate passphrase (required)
+NEXT_PRIVATE_SIGNING_PASSPHRASE="<your-certificate-password>"
 ```
 
-4. Update the volume binding for the cert file in the `compose.yml` file to point to your own key file:
+4. Set up your signing certificate. You have three options:
 
-Since the `cert.p12` file is required for signing and encrypting documents, you will need to provide your own key file. Update the volume binding in the `compose.yml` file to point to your key file:
+   **Option A: Generate Certificate Inside Container (Recommended)**
+   
+   Start your containers first, then generate a self-signed certificate:
+   ```bash
+   # Start containers
+   docker-compose up -d
+   
+   # Set certificate password securely (won't appear in command history)
+   read -s -p "Enter certificate password: " CERT_PASS
+   echo
+   
+   # Generate certificate inside container using environment variable
+   docker exec -e CERT_PASS="$CERT_PASS" -it documenso-production-documenso-1 bash -c "
+     openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
+       -keyout /tmp/private.key \
+       -out /tmp/certificate.crt \
+       -subj '/C=US/ST=State/L=City/O=Organization/CN=localhost' && \
+     openssl pkcs12 -export -out /app/certs/cert.p12 \
+       -inkey /tmp/private.key -in /tmp/certificate.crt \
+       -passout env:CERT_PASS && \
+     rm /tmp/private.key /tmp/certificate.crt
+   "
+   
+   # Restart container
+   docker-compose restart documenso
+   ```
+   
+   **Option B: Use Existing Certificate**
+   
+   If you have an existing `.p12` certificate, update the volume binding in `compose.yml`:
+   ```yaml
+   volumes:
+     - /path/to/your/cert.p12:/opt/documenso/cert.p12:ro
+   ```
+   
 
-```yaml
-volumes:
-  - /path/to/your/keyfile.p12:/opt/documenso/cert.p12
-```
-
-1. Run the following command to start the containers:
+5. Run the following command to start the containers:
 
 ```
 docker-compose --env-file ./.env up -d
@@ -46,7 +85,7 @@ docker-compose --env-file ./.env up -d
 
 This will start the PostgreSQL database and the Documenso application containers.
 
-5. Access the Documenso application by visiting `http://localhost:3000` in your web browser.
+6. Access the Documenso application by visiting `http://localhost:3000` in your web browser.
 
 ## Option 2: Standalone Docker Container
 
@@ -69,27 +108,93 @@ docker pull ghcr.io/documenso/documenso
 ```
 docker run -d \
   -p 3000:3000 \
-  -e NEXTAUTH_SECRET="<your-nextauth-secret>"
-  -e NEXT_PRIVATE_ENCRYPTION_KEY="<your-next-private-encryption-key>"
-  -e NEXT_PRIVATE_ENCRYPTION_SECONDARY_KEY="<your-next-private-encryption-secondary-key>"
-  -e NEXT_PUBLIC_WEBAPP_URL="<your-next-public-webapp-url>"
-  -e NEXT_PRIVATE_INTERNAL_WEBAPP_URL="http://localhost:3000"
-  -e NEXT_PRIVATE_DATABASE_URL="<your-next-private-database-url>"
-  -e NEXT_PRIVATE_DIRECT_DATABASE_URL="<your-next-private-database-url>"
-  -e NEXT_PRIVATE_SMTP_TRANSPORT="<your-next-private-smtp-transport>"
-  -e NEXT_PRIVATE_SMTP_FROM_NAME="<your-next-private-smtp-from-name>"
-  -e NEXT_PRIVATE_SMTP_FROM_ADDRESS="<your-next-private-smtp-from-address>"
-  -v /path/to/your/keyfile.p12:/opt/documenso/cert.p12
+  -e NEXTAUTH_SECRET="<your-nextauth-secret>" \
+  -e NEXT_PRIVATE_ENCRYPTION_KEY="<your-next-private-encryption-key>" \
+  -e NEXT_PRIVATE_ENCRYPTION_SECONDARY_KEY="<your-next-private-encryption-secondary-key>" \
+  -e NEXT_PUBLIC_WEBAPP_URL="<your-next-public-webapp-url>" \
+  -e NEXT_PRIVATE_INTERNAL_WEBAPP_URL="http://localhost:3000" \
+  -e NEXT_PRIVATE_DATABASE_URL="<your-next-private-database-url>" \
+  -e NEXT_PRIVATE_DIRECT_DATABASE_URL="<your-next-private-database-url>" \
+  -e NEXT_PRIVATE_SMTP_TRANSPORT="<your-next-private-smtp-transport>" \
+  -e NEXT_PRIVATE_SMTP_FROM_NAME="<your-next-private-smtp-from-name>" \
+  -e NEXT_PRIVATE_SMTP_FROM_ADDRESS="<your-next-private-smtp-from-address>" \
+  -e NEXT_PRIVATE_SIGNING_PASSPHRASE="<your-certificate-password>" \
+  -v /path/to/your/cert.p12:/opt/documenso/cert.p12:ro \
   documenso/documenso
 ```
 
 Replace the placeholders with your actual database and SMTP details.
 
-1. Access the Documenso application by visiting the URL you provided in the `NEXT_PUBLIC_WEBAPP_URL` environment variable in your web browser.
+3. Access the Documenso application by visiting the URL you provided in the `NEXT_PUBLIC_WEBAPP_URL` environment variable in your web browser.
 
 ## Success
 
-You have now successfully set up Documenso using Docker. You can start organizing and managing your documents efficiently. If you encounter any issues or have further questions, please refer to the official Documenso documentation or seek assistance from the community.
+You have now successfully set up Documenso using Docker. You can start organizing and managing your documents efficiently.
+
+## Troubleshooting
+
+### Certificate Permission Issues
+
+If you encounter errors related to certificate access, here are common solutions:
+
+#### Error: "Failed to read signing certificate"
+
+1. **Check file exists:**
+
+   ```bash
+   ls -la /path/to/your/cert.p12
+   ```
+
+2. **Fix permissions:**
+
+   ```bash
+   chmod 644 /path/to/your/cert.p12
+   chown 1001:1001 /path/to/your/cert.p12
+   ```
+
+3. **Verify Docker mount:**
+   ```bash
+   docker exec -it <container_name> ls -la /opt/documenso/cert.p12
+   ```
+
+
+### Container Logs
+
+Check application logs for detailed error information:
+
+```bash
+# For Docker Compose
+docker-compose logs -f documenso
+
+# For standalone container
+docker logs -f <container_name>
+```
+
+### Health Checks
+
+Check the status of your Documenso instance:
+
+```bash
+# Basic health check (database + certificate)
+curl http://localhost:3000/api/health
+
+# Detailed certificate status
+curl http://localhost:3000/api/certificate-status
+```
+
+The health endpoint will show:
+
+- `status: "ok"` - Everything working properly
+- `status: "warning"` - App running but certificate issues
+- `status: "error"` - Critical issues (database down, etc.)
+
+### Common Issues
+
+1. **Port already in use:** Change the port mapping in compose.yml or your docker run command
+2. **Database connection issues:** Ensure your database is running and accessible
+3. **SMTP errors:** Verify your email server settings in the .env file
+
+If you encounter any issues or have further questions, please refer to the official Documenso documentation or seek assistance from the community.
 
 ## Advanced Configuration
 
diff --git a/docker/production/compose.yml b/docker/production/compose.yml
index 54ec19fa2..09a825f69 100644
--- a/docker/production/compose.yml
+++ b/docker/production/compose.yml
@@ -63,7 +63,7 @@ services:
     ports:
       - ${PORT:-3000}:${PORT:-3000}
     volumes:
-      - /opt/documenso/cert.p12:/opt/documenso/cert.p12
+      - /opt/documenso/cert.p12:/opt/documenso/cert.p12:ro
 
 volumes:
   database:
diff --git a/docker/start.sh b/docker/start.sh
index 54c9ba6d0..56b225e14 100755
--- a/docker/start.sh
+++ b/docker/start.sh
@@ -1,7 +1,31 @@
 #!/bin/sh
 
-set -x
+# 🚀 Starting Documenso...
+printf "🚀 Starting Documenso...\n\n"
 
+# 🔐 Check certificate configuration
+printf "🔐 Checking certificate configuration...\n"
+
+CERT_PATH="${NEXT_PRIVATE_SIGNING_LOCAL_FILE_PATH:-/opt/documenso/cert.p12}"
+
+if [ -f "$CERT_PATH" ] && [ -r "$CERT_PATH" ]; then
+    printf "✅ Certificate file found and readable - document signing is ready!\n"
+else
+    printf "⚠️  Certificate not found or not readable\n"
+    printf "💡 Tip: Documenso will still start, but document signing will be unavailable\n"
+    printf "🔧 Check: http://localhost:3000/api/certificate-status for detailed status\n"
+fi
+
+printf "\n📚 Useful Links:\n"
+printf "📖 Documentation: https://docs.documenso.com\n"
+printf "🐳 Self-hosting guide: https://docs.documenso.com/developers/self-hosting\n"
+printf "🔐 Certificate setup: https://docs.documenso.com/developers/self-hosting/signing-certificate\n"
+printf "🏥 Health check: http://localhost:3000/api/health\n"
+printf "📊 Certificate status: http://localhost:3000/api/certificate-status\n"
+printf "👥 Community: https://github.com/documenso/documenso\n\n"
+
+printf "🗄️  Running database migrations...\n"
 npx prisma migrate deploy --schema ../../packages/prisma/schema.prisma
 
+printf "🌟 Starting Documenso server...\n"
 HOSTNAME=0.0.0.0 node build/server/main.js
diff --git a/packages/lib/server-only/cert/cert-status.ts b/packages/lib/server-only/cert/cert-status.ts
new file mode 100644
index 000000000..cf5387dcd
--- /dev/null
+++ b/packages/lib/server-only/cert/cert-status.ts
@@ -0,0 +1,21 @@
+import * as fs from 'node:fs';
+
+import { env } from '@documenso/lib/utils/env';
+
+export type CertificateStatus = {
+  isAvailable: boolean;
+};
+
+export const getCertificateStatus = (): CertificateStatus => {
+  const defaultPath =
+    env('NODE_ENV') === 'production' ? '/opt/documenso/cert.p12' : './example/cert.p12';
+  const filePath = env('NEXT_PRIVATE_SIGNING_LOCAL_FILE_PATH') || defaultPath;
+
+  try {
+    fs.accessSync(filePath, fs.constants.F_OK | fs.constants.R_OK);
+    const stats = fs.statSync(filePath);
+    return { isAvailable: stats.size > 0 };
+  } catch {
+    return { isAvailable: false };
+  }
+};
diff --git a/packages/signing/transports/local-cert.ts b/packages/signing/transports/local-cert.ts
index b90fc15ea..5f7890904 100644
--- a/packages/signing/transports/local-cert.ts
+++ b/packages/signing/transports/local-cert.ts
@@ -1,5 +1,6 @@
-import fs from 'node:fs';
+import * as fs from 'node:fs';
 
+import { getCertificateStatus } from '@documenso/lib/server-only/cert/cert-status';
 import { env } from '@documenso/lib/utils/env';
 import { signWithP12 } from '@documenso/pdf-sign';
 
@@ -22,12 +23,23 @@ export const signWithLocalCert = async ({ pdf }: SignWithLocalCertOptions) => {
 
   const signatureLength = byteRange[2] - byteRange[1];
 
+  const certStatus = getCertificateStatus();
+
+  if (!certStatus.isAvailable) {
+    console.error('Certificate error: Certificate not available for document signing');
+    throw new Error('Document signing failed: Certificate not available');
+  }
+
   let cert: Buffer | null = null;
 
   const localFileContents = env('NEXT_PRIVATE_SIGNING_LOCAL_FILE_CONTENTS');
 
   if (localFileContents) {
-    cert = Buffer.from(localFileContents, 'base64');
+    try {
+      cert = Buffer.from(localFileContents, 'base64');
+    } catch {
+      throw new Error('Failed to decode certificate contents');
+    }
   }
 
   if (!cert) {
@@ -42,7 +54,12 @@ export const signWithLocalCert = async ({ pdf }: SignWithLocalCertOptions) => {
       certPath = env('NEXT_PRIVATE_SIGNING_LOCAL_FILE_PATH') || './example/cert.p12';
     }
 
-    cert = Buffer.from(fs.readFileSync(certPath));
+    try {
+      cert = Buffer.from(fs.readFileSync(certPath));
+    } catch {
+      console.error('Certificate error: Failed to read certificate file');
+      throw new Error('Document signing failed: Certificate file not accessible');
+    }
   }
 
   const signature = signWithP12({

From a3005f86169e0ef9261429ed3526d4d3362564ba Mon Sep 17 00:00:00 2001
From: Maximilian Schwerin <post@mschwerin.de>
Date: Wed, 10 Sep 2025 14:55:56 +0200
Subject: [PATCH 24/47] fix: Include NEXT_PRIVATE_SMTP_UNSAFE_IGNORE_TLS in
 docker compose file. (#2022)

---
 docker/production/compose.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/docker/production/compose.yml b/docker/production/compose.yml
index 09a825f69..c4622ca9f 100644
--- a/docker/production/compose.yml
+++ b/docker/production/compose.yml
@@ -46,6 +46,7 @@ services:
       - NEXT_PRIVATE_SMTP_APIKEY_USER=${NEXT_PRIVATE_SMTP_APIKEY_USER}
       - NEXT_PRIVATE_SMTP_APIKEY=${NEXT_PRIVATE_SMTP_APIKEY}
       - NEXT_PRIVATE_SMTP_SECURE=${NEXT_PRIVATE_SMTP_SECURE}
+      - NEXT_PRIVATE_SMTP_UNSAFE_IGNORE_TLS=${NEXT_PRIVATE_SMTP_UNSAFE_IGNORE_TLS}
       - NEXT_PRIVATE_SMTP_FROM_NAME=${NEXT_PRIVATE_SMTP_FROM_NAME:?err}
       - NEXT_PRIVATE_SMTP_FROM_ADDRESS=${NEXT_PRIVATE_SMTP_FROM_ADDRESS:?err}
       - NEXT_PRIVATE_SMTP_SERVICE=${NEXT_PRIVATE_SMTP_SERVICE}

From 2ecfdbdde581b1c9f6a73b8487bd9b4b7cdf1ce1 Mon Sep 17 00:00:00 2001
From: Lucas Smith <me@lucasjamessmith.me>
Date: Fri, 12 Sep 2025 23:02:59 +1000
Subject: [PATCH 25/47] v1.12.3

---
 apps/remix/package.json | 2 +-
 package-lock.json       | 6 +++---
 package.json            | 2 +-
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/apps/remix/package.json b/apps/remix/package.json
index a97fff5f3..f7fd8db0e 100644
--- a/apps/remix/package.json
+++ b/apps/remix/package.json
@@ -101,5 +101,5 @@
     "vite-plugin-babel-macros": "^1.0.6",
     "vite-tsconfig-paths": "^5.1.4"
   },
-  "version": "1.12.2-rc.6"
+  "version": "1.12.3"
 }
diff --git a/package-lock.json b/package-lock.json
index 647e4c43c..889ed935e 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,12 +1,12 @@
 {
   "name": "@documenso/root",
-  "version": "1.12.2-rc.6",
+  "version": "1.12.3",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "@documenso/root",
-      "version": "1.12.2-rc.6",
+      "version": "1.12.3",
       "workspaces": [
         "apps/*",
         "packages/*"
@@ -89,7 +89,7 @@
     },
     "apps/remix": {
       "name": "@documenso/remix",
-      "version": "1.12.2-rc.6",
+      "version": "1.12.3",
       "dependencies": {
         "@documenso/api": "*",
         "@documenso/assets": "*",
diff --git a/package.json b/package.json
index 9e6654c0e..24b8237a1 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "private": true,
-  "version": "1.12.2-rc.6",
+  "version": "1.12.3",
   "scripts": {
     "build": "turbo run build",
     "dev": "turbo run dev --filter=@documenso/remix",

From 32ce573de402310b64e5ddd62b9571990c8989cb Mon Sep 17 00:00:00 2001
From: Lucas Smith <me@lucasjamessmith.me>
Date: Sat, 13 Sep 2025 18:07:39 +1000
Subject: [PATCH 26/47] fix: incorrect certificate health logic (#2028)

---
 apps/remix/app/routes/api+/health.ts         |  2 ++
 packages/lib/server-only/cert/cert-status.ts | 15 +++++++++++----
 2 files changed, 13 insertions(+), 4 deletions(-)

diff --git a/apps/remix/app/routes/api+/health.ts b/apps/remix/app/routes/api+/health.ts
index 1ebdfbadb..c43ac1478 100644
--- a/apps/remix/app/routes/api+/health.ts
+++ b/apps/remix/app/routes/api+/health.ts
@@ -23,10 +23,12 @@ export const loader = async () => {
 
   try {
     const certStatus = getCertificateStatus();
+
     if (certStatus.isAvailable) {
       checks.certificate = { status: 'ok' };
     } else {
       checks.certificate = { status: 'warning' };
+
       if (overallStatus === 'ok') {
         overallStatus = 'warning';
       }
diff --git a/packages/lib/server-only/cert/cert-status.ts b/packages/lib/server-only/cert/cert-status.ts
index cf5387dcd..ad0e336bd 100644
--- a/packages/lib/server-only/cert/cert-status.ts
+++ b/packages/lib/server-only/cert/cert-status.ts
@@ -2,18 +2,25 @@ import * as fs from 'node:fs';
 
 import { env } from '@documenso/lib/utils/env';
 
-export type CertificateStatus = {
-  isAvailable: boolean;
-};
+export const getCertificateStatus = () => {
+  if (env('NEXT_PRIVATE_SIGNING_TRANSPORT') !== 'local') {
+    return { isAvailable: true };
+  }
+
+  if (env('NEXT_PRIVATE_SIGNING_LOCAL_FILE_CONTENTS')) {
+    return { isAvailable: true };
+  }
 
-export const getCertificateStatus = (): CertificateStatus => {
   const defaultPath =
     env('NODE_ENV') === 'production' ? '/opt/documenso/cert.p12' : './example/cert.p12';
+
   const filePath = env('NEXT_PRIVATE_SIGNING_LOCAL_FILE_PATH') || defaultPath;
 
   try {
     fs.accessSync(filePath, fs.constants.F_OK | fs.constants.R_OK);
+
     const stats = fs.statSync(filePath);
+
     return { isAvailable: stats.size > 0 };
   } catch {
     return { isAvailable: false };

From ed4dfc9b554305e429f38e3bb19a409f1fe031fd Mon Sep 17 00:00:00 2001
From: Lucas Smith <me@lucasjamessmith.me>
Date: Sat, 13 Sep 2025 18:08:55 +1000
Subject: [PATCH 27/47] v1.12.4

---
 apps/remix/package.json | 2 +-
 package-lock.json       | 6 +++---
 package.json            | 2 +-
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/apps/remix/package.json b/apps/remix/package.json
index f7fd8db0e..c902bd18a 100644
--- a/apps/remix/package.json
+++ b/apps/remix/package.json
@@ -101,5 +101,5 @@
     "vite-plugin-babel-macros": "^1.0.6",
     "vite-tsconfig-paths": "^5.1.4"
   },
-  "version": "1.12.3"
+  "version": "1.12.4"
 }
diff --git a/package-lock.json b/package-lock.json
index 889ed935e..b5fbc09c7 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,12 +1,12 @@
 {
   "name": "@documenso/root",
-  "version": "1.12.3",
+  "version": "1.12.4",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "@documenso/root",
-      "version": "1.12.3",
+      "version": "1.12.4",
       "workspaces": [
         "apps/*",
         "packages/*"
@@ -89,7 +89,7 @@
     },
     "apps/remix": {
       "name": "@documenso/remix",
-      "version": "1.12.3",
+      "version": "1.12.4",
       "dependencies": {
         "@documenso/api": "*",
         "@documenso/assets": "*",
diff --git a/package.json b/package.json
index 24b8237a1..f976fcda0 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "private": true,
-  "version": "1.12.3",
+  "version": "1.12.4",
   "scripts": {
     "build": "turbo run build",
     "dev": "turbo run dev --filter=@documenso/remix",

From 3c646d9475dbd2a0a7e5ceb1b2aff419e05b0852 Mon Sep 17 00:00:00 2001
From: Lucas Smith <me@lucasjamessmith.me>
Date: Tue, 23 Sep 2025 17:13:52 +1000
Subject: [PATCH 28/47] feat: remove email requirement for recipients (#2040)

---
 .../dialogs/template-use-dialog.tsx           |  71 +---
 .../general/document/document-edit-form.tsx   |  24 +-
 .../components/general/folder/folder-card.tsx |   2 +-
 .../general/template/template-edit-form.tsx   |   8 +-
 packages/api/v1/schema.ts                     |   5 +-
 .../autosave-fields-step.spec.ts              |  12 +-
 .../autosave-settings-step.spec.ts            |   2 +-
 .../autosave-signers-step.spec.ts             |  21 +-
 .../autosave-subject-step.spec.ts             |   2 +-
 .../duplicate-recipients-simple.spec.ts       |  56 +++
 .../duplicate-recipients.spec.ts              | 355 ++++++++++++++++++
 .../document-flow/stepper-component.spec.ts   |   1 +
 .../e2e/folders/team-account-folders.spec.ts  |  37 +-
 .../duplicate-recipients.spec.ts              | 283 ++++++++++++++
 .../template-autosave-fields-step.spec.ts     |  12 +-
 .../template-autosave-settings-step.spec.ts   |   2 +-
 .../template-autosave-signers-step.spec.ts    |   2 +-
 packages/app-tests/playwright.config.ts       |   4 +-
 .../lib/client-only/hooks/use-autosave.ts     |  59 ++-
 .../field/set-fields-for-document.ts          |  11 +-
 .../field/set-fields-for-template.ts          |   7 +-
 .../recipient/create-document-recipients.ts   |  14 -
 .../recipient/create-template-recipients.ts   |  14 -
 .../recipient/set-document-recipients.ts      |   8 +-
 .../recipient/set-template-recipients.ts      |   8 +-
 .../recipient/update-document-recipients.ts   |  11 -
 .../recipient/update-template-recipients.ts   |  11 -
 .../create-document-from-template-legacy.ts   |  68 +++-
 .../template/create-document-from-template.ts |   9 +-
 .../migration.sql                             |   5 +
 packages/prisma/schema.prisma                 |   2 -
 .../create-document-temporary.types.ts        |   7 -
 .../create-embedding-document.types.ts        |   7 -
 .../update-embedding-document.types.ts        |  51 ++-
 packages/trpc/server/field-router/router.ts   |   2 +
 packages/trpc/server/field-router/schema.ts   |   2 +
 .../trpc/server/recipient-router/schema.ts    | 145 ++-----
 .../trpc/server/template-router/schema.ts     |   7 +-
 .../document/document-read-only-fields.tsx    |   1 +
 packages/ui/components/field/field.tsx        |  10 +-
 .../primitives/document-flow/add-fields.tsx   |  13 +-
 .../document-flow/add-fields.types.ts         |   1 +
 .../primitives/document-flow/add-signers.tsx  |  45 ++-
 .../document-flow/add-signers.types.ts        |  46 +--
 .../primitives/document-flow/field-item.tsx   |   2 +
 packages/ui/primitives/document-flow/types.ts |  22 +-
 .../template-flow/add-template-fields.tsx     |  21 +-
 .../add-template-fields.types.ts              |   2 +-
 .../add-template-placeholder-recipients.tsx   |  45 ++-
 ...d-template-placeholder-recipients.types.ts |  11 -
 50 files changed, 1133 insertions(+), 433 deletions(-)
 create mode 100644 packages/app-tests/e2e/document-flow/duplicate-recipients-simple.spec.ts
 create mode 100644 packages/app-tests/e2e/document-flow/duplicate-recipients.spec.ts
 create mode 100644 packages/app-tests/e2e/templates-flow/duplicate-recipients.spec.ts
 create mode 100644 packages/prisma/migrations/20250917042725_remove_recipient_unique_email_constraints/migration.sql

diff --git a/apps/remix/app/components/dialogs/template-use-dialog.tsx b/apps/remix/app/components/dialogs/template-use-dialog.tsx
index 3d4e7ba61..f5822b2f9 100644
--- a/apps/remix/app/components/dialogs/template-use-dialog.tsx
+++ b/apps/remix/app/components/dialogs/template-use-dialog.tsx
@@ -15,7 +15,6 @@ import { APP_DOCUMENT_UPLOAD_SIZE_LIMIT } from '@documenso/lib/constants/app';
 import {
   TEMPLATE_RECIPIENT_EMAIL_PLACEHOLDER_REGEX,
   TEMPLATE_RECIPIENT_NAME_PLACEHOLDER_REGEX,
-  isTemplateRecipientEmailPlaceholder,
 } from '@documenso/lib/constants/template';
 import { AppError } from '@documenso/lib/errors/app-error';
 import { putPdfFile } from '@documenso/lib/universal/upload/put-file';
@@ -46,50 +45,22 @@ import { Tooltip, TooltipContent, TooltipTrigger } from '@documenso/ui/primitive
 import type { Toast } from '@documenso/ui/primitives/use-toast';
 import { useToast } from '@documenso/ui/primitives/use-toast';
 
-const ZAddRecipientsForNewDocumentSchema = z
-  .object({
-    distributeDocument: z.boolean(),
-    useCustomDocument: z.boolean().default(false),
-    customDocumentData: z
-      .any()
-      .refine((data) => data instanceof File || data === undefined)
-      .optional(),
-    recipients: z.array(
-      z.object({
-        id: z.number(),
-        email: z.string().email(),
-        name: z.string(),
-        signingOrder: z.number().optional(),
-      }),
-    ),
-  })
-  // Display exactly which rows are duplicates.
-  .superRefine((items, ctx) => {
-    const uniqueEmails = new Map<string, number>();
-
-    for (const [index, recipients] of items.recipients.entries()) {
-      const email = recipients.email.toLowerCase();
-
-      const firstFoundIndex = uniqueEmails.get(email);
-
-      if (firstFoundIndex === undefined) {
-        uniqueEmails.set(email, index);
-        continue;
-      }
-
-      ctx.addIssue({
-        code: z.ZodIssueCode.custom,
-        message: 'Emails must be unique',
-        path: ['recipients', index, 'email'],
-      });
-
-      ctx.addIssue({
-        code: z.ZodIssueCode.custom,
-        message: 'Emails must be unique',
-        path: ['recipients', firstFoundIndex, 'email'],
-      });
-    }
-  });
+const ZAddRecipientsForNewDocumentSchema = z.object({
+  distributeDocument: z.boolean(),
+  useCustomDocument: z.boolean().default(false),
+  customDocumentData: z
+    .any()
+    .refine((data) => data instanceof File || data === undefined)
+    .optional(),
+  recipients: z.array(
+    z.object({
+      id: z.number(),
+      email: z.string().email(),
+      name: z.string(),
+      signingOrder: z.number().optional(),
+    }),
+  ),
+});
 
 type TAddRecipientsForNewDocumentSchema = z.infer<typeof ZAddRecipientsForNewDocumentSchema>;
 
@@ -278,14 +249,7 @@ export function TemplateUseDialog({
                           )}
 
                           <FormControl>
-                            <Input
-                              {...field}
-                              placeholder={
-                                isTemplateRecipientEmailPlaceholder(field.value)
-                                  ? ''
-                                  : _(msg`Email`)
-                              }
-                            />
+                            <Input {...field} aria-label="Email" placeholder={_(msg`Email`)} />
                           </FormControl>
                           <FormMessage />
                         </FormItem>
@@ -306,6 +270,7 @@ export function TemplateUseDialog({
                           <FormControl>
                             <Input
                               {...field}
+                              aria-label="Name"
                               placeholder={recipients[index].name || _(msg`Name`)}
                             />
                           </FormControl>
diff --git a/apps/remix/app/components/general/document/document-edit-form.tsx b/apps/remix/app/components/general/document/document-edit-form.tsx
index e8ffa5fe5..023a20a8b 100644
--- a/apps/remix/app/components/general/document/document-edit-form.tsx
+++ b/apps/remix/app/components/general/document/document-edit-form.tsx
@@ -239,7 +239,27 @@ export const DocumentEditForm = ({
 
   const onAddSignersFormAutoSave = async (data: TAddSignersFormSchema) => {
     try {
-      await saveSignersData(data);
+      // For autosave, we need to return the recipients response for form state sync
+      const [, recipientsResponse] = await Promise.all([
+        updateDocument({
+          documentId: document.id,
+          meta: {
+            allowDictateNextSigner: data.allowDictateNextSigner,
+            signingOrder: data.signingOrder,
+          },
+        }),
+
+        setRecipients({
+          documentId: document.id,
+          recipients: data.signers.map((signer) => ({
+            ...signer,
+            // Explicitly set to null to indicate we want to remove auth if required.
+            actionAuth: signer.actionAuth ?? [],
+          })),
+        }),
+      ]);
+
+      return recipientsResponse;
     } catch (err) {
       console.error(err);
 
@@ -248,6 +268,8 @@ export const DocumentEditForm = ({
         description: _(msg`An error occurred while adding signers.`),
         variant: 'destructive',
       });
+
+      throw err; // Re-throw so the autosave hook can handle the error
     }
   };
 
diff --git a/apps/remix/app/components/general/folder/folder-card.tsx b/apps/remix/app/components/general/folder/folder-card.tsx
index a8d2d3bac..db88ebb7f 100644
--- a/apps/remix/app/components/general/folder/folder-card.tsx
+++ b/apps/remix/app/components/general/folder/folder-card.tsx
@@ -54,7 +54,7 @@ export const FolderCard = ({
   };
 
   return (
-    <Link to={formatPath()} key={folder.id}>
+    <Link to={formatPath()} data-folder-id={folder.id} data-folder-name={folder.name}>
       <Card className="hover:bg-muted/50 border-border h-full border transition-all">
         <CardContent className="p-4">
           <div className="flex min-w-0 items-center gap-3">
diff --git a/apps/remix/app/components/general/template/template-edit-form.tsx b/apps/remix/app/components/general/template/template-edit-form.tsx
index 17d7a45a1..41002b54e 100644
--- a/apps/remix/app/components/general/template/template-edit-form.tsx
+++ b/apps/remix/app/components/general/template/template-edit-form.tsx
@@ -182,7 +182,7 @@ export const TemplateEditForm = ({
   };
 
   const saveTemplatePlaceholderData = async (data: TAddTemplatePlacholderRecipientsFormSchema) => {
-    return Promise.all([
+    const [, recipients] = await Promise.all([
       updateTemplateSettings({
         templateId: template.id,
         meta: {
@@ -196,6 +196,8 @@ export const TemplateEditForm = ({
         recipients: data.signers,
       }),
     ]);
+
+    return recipients;
   };
 
   const onAddTemplatePlaceholderFormSubmit = async (
@@ -218,7 +220,7 @@ export const TemplateEditForm = ({
     data: TAddTemplatePlacholderRecipientsFormSchema,
   ) => {
     try {
-      await saveTemplatePlaceholderData(data);
+      return await saveTemplatePlaceholderData(data);
     } catch (err) {
       console.error(err);
 
@@ -227,6 +229,8 @@ export const TemplateEditForm = ({
         description: _(msg`An error occurred while auto-saving the template placeholders.`),
         variant: 'destructive',
       });
+
+      throw err;
     }
   };
 
diff --git a/packages/api/v1/schema.ts b/packages/api/v1/schema.ts
index b8e31bfe0..5b4b33f7b 100644
--- a/packages/api/v1/schema.ts
+++ b/packages/api/v1/schema.ts
@@ -310,12 +310,11 @@ export const ZGenerateDocumentFromTemplateMutationSchema = z.object({
     )
     .refine(
       (schema) => {
-        const emails = schema.map((signer) => signer.email.toLowerCase());
         const ids = schema.map((signer) => signer.id);
 
-        return new Set(emails).size === emails.length && new Set(ids).size === ids.length;
+        return new Set(ids).size === ids.length;
       },
-      { message: 'Recipient IDs and emails must be unique' },
+      { message: 'Recipient IDs must be unique' },
     ),
   meta: z
     .object({
diff --git a/packages/app-tests/e2e/document-flow/autosave-fields-step.spec.ts b/packages/app-tests/e2e/document-flow/autosave-fields-step.spec.ts
index 247f87319..73859de20 100644
--- a/packages/app-tests/e2e/document-flow/autosave-fields-step.spec.ts
+++ b/packages/app-tests/e2e/document-flow/autosave-fields-step.spec.ts
@@ -33,7 +33,7 @@ const setupDocumentAndNavigateToFieldsStep = async (page: Page) => {
 };
 
 const triggerAutosave = async (page: Page) => {
-  await page.locator('#document-flow-form-container').click();
+  await page.locator('body').click({ position: { x: 0, y: 0 } });
   await page.locator('#document-flow-form-container').blur();
 
   await page.waitForTimeout(5000);
@@ -70,7 +70,7 @@ test.describe('AutoSave Fields Step', () => {
 
     await triggerAutosave(page);
 
-    await page.getByRole('combobox').click();
+    await page.getByRole('combobox').first().click();
     await page.getByRole('option', { name: 'Recipient 2 (recipient2@documenso.com)' }).click();
 
     await page.getByRole('button', { name: 'Signature' }).click();
@@ -127,7 +127,7 @@ test.describe('AutoSave Fields Step', () => {
 
     await triggerAutosave(page);
 
-    await page.getByRole('combobox').click();
+    await page.getByRole('combobox').first().click();
     await page.getByRole('option', { name: 'Recipient 2 (recipient2@documenso.com)' }).click();
 
     await page.getByRole('button', { name: 'Signature' }).click();
@@ -140,7 +140,7 @@ test.describe('AutoSave Fields Step', () => {
 
     await triggerAutosave(page);
 
-    await page.getByRole('combobox').click();
+    await page.getByRole('combobox').first().click();
     await page.getByRole('option', { name: 'Recipient 1 (recipient1@documenso.com)' }).click();
 
     await page.getByText('Text').nth(1).click();
@@ -191,7 +191,7 @@ test.describe('AutoSave Fields Step', () => {
 
     await triggerAutosave(page);
 
-    await page.getByRole('combobox').click();
+    await page.getByRole('combobox').first().click();
     await page.getByRole('option', { name: 'Recipient 2 (recipient2@documenso.com)' }).click();
 
     await page.getByRole('button', { name: 'Signature' }).click();
@@ -204,7 +204,7 @@ test.describe('AutoSave Fields Step', () => {
 
     await triggerAutosave(page);
 
-    await page.getByRole('combobox').click();
+    await page.getByRole('combobox').first().click();
     await page.getByRole('option', { name: 'Recipient 1 (recipient1@documenso.com)' }).click();
 
     await page.getByText('Signature').nth(1).click();
diff --git a/packages/app-tests/e2e/document-flow/autosave-settings-step.spec.ts b/packages/app-tests/e2e/document-flow/autosave-settings-step.spec.ts
index e34f2c104..bd999b79b 100644
--- a/packages/app-tests/e2e/document-flow/autosave-settings-step.spec.ts
+++ b/packages/app-tests/e2e/document-flow/autosave-settings-step.spec.ts
@@ -24,7 +24,7 @@ const setupDocument = async (page: Page) => {
 };
 
 const triggerAutosave = async (page: Page) => {
-  await page.locator('#document-flow-form-container').click();
+  await page.locator('body').click({ position: { x: 0, y: 0 } });
   await page.locator('#document-flow-form-container').blur();
 
   await page.waitForTimeout(5000);
diff --git a/packages/app-tests/e2e/document-flow/autosave-signers-step.spec.ts b/packages/app-tests/e2e/document-flow/autosave-signers-step.spec.ts
index e4d255750..49836bfb7 100644
--- a/packages/app-tests/e2e/document-flow/autosave-signers-step.spec.ts
+++ b/packages/app-tests/e2e/document-flow/autosave-signers-step.spec.ts
@@ -26,7 +26,7 @@ const setupDocumentAndNavigateToSignersStep = async (page: Page) => {
 };
 
 const triggerAutosave = async (page: Page) => {
-  await page.locator('#document-flow-form-container').click();
+  await page.locator('body').click({ position: { x: 0, y: 0 } });
   await page.locator('#document-flow-form-container').blur();
 
   await page.waitForTimeout(5000);
@@ -92,7 +92,7 @@ test.describe('AutoSave Signers Step', () => {
 
     await triggerAutosave(page);
 
-    await page.getByRole('combobox').click();
+    await page.getByRole('combobox').first().click();
     await page.getByRole('option', { name: 'Receives copy' }).click();
 
     await triggerAutosave(page);
@@ -160,9 +160,20 @@ test.describe('AutoSave Signers Step', () => {
       expect(retrievedDocumentData.documentMeta?.signingOrder).toBe('SEQUENTIAL');
       expect(retrievedDocumentData.documentMeta?.allowDictateNextSigner).toBe(true);
       expect(retrievedRecipients.length).toBe(3);
-      expect(retrievedRecipients[0].signingOrder).toBe(2);
-      expect(retrievedRecipients[1].signingOrder).toBe(3);
-      expect(retrievedRecipients[2].signingOrder).toBe(1);
+
+      const firstRecipient = retrievedRecipients.find(
+        (r) => r.email === 'recipient1@documenso.com',
+      );
+      const secondRecipient = retrievedRecipients.find(
+        (r) => r.email === 'recipient2@documenso.com',
+      );
+      const thirdRecipient = retrievedRecipients.find(
+        (r) => r.email === 'recipient3@documenso.com',
+      );
+
+      expect(firstRecipient?.signingOrder).toBe(2);
+      expect(secondRecipient?.signingOrder).toBe(3);
+      expect(thirdRecipient?.signingOrder).toBe(1);
     }).toPass();
   });
 });
diff --git a/packages/app-tests/e2e/document-flow/autosave-subject-step.spec.ts b/packages/app-tests/e2e/document-flow/autosave-subject-step.spec.ts
index 270a31d8e..3ba3ee5d9 100644
--- a/packages/app-tests/e2e/document-flow/autosave-subject-step.spec.ts
+++ b/packages/app-tests/e2e/document-flow/autosave-subject-step.spec.ts
@@ -42,7 +42,7 @@ export const setupDocumentAndNavigateToSubjectStep = async (page: Page) => {
 };
 
 export const triggerAutosave = async (page: Page) => {
-  await page.locator('#document-flow-form-container').click();
+  await page.locator('body').click({ position: { x: 0, y: 0 } });
   await page.locator('#document-flow-form-container').blur();
 
   await page.waitForTimeout(5000);
diff --git a/packages/app-tests/e2e/document-flow/duplicate-recipients-simple.spec.ts b/packages/app-tests/e2e/document-flow/duplicate-recipients-simple.spec.ts
new file mode 100644
index 000000000..02674af1d
--- /dev/null
+++ b/packages/app-tests/e2e/document-flow/duplicate-recipients-simple.spec.ts
@@ -0,0 +1,56 @@
+import { expect, test } from '@playwright/test';
+
+import { seedBlankDocument } from '@documenso/prisma/seed/documents';
+import { seedUser } from '@documenso/prisma/seed/users';
+
+import { apiSignin } from '../fixtures/authentication';
+
+test('[DOCUMENT_FLOW]: Simple duplicate recipients test', async ({ page }) => {
+  const { user, team } = await seedUser();
+  const document = await seedBlankDocument(user, team.id);
+
+  await apiSignin({
+    page,
+    email: user.email,
+    redirectPath: `/t/${team.url}/documents/${document.id}/edit`,
+  });
+
+  // Step 1: Settings - Continue with defaults
+  await page.getByRole('button', { name: 'Continue' }).click();
+  await expect(page.getByRole('heading', { name: 'Add Signers' })).toBeVisible();
+
+  // Step 2: Add duplicate recipients
+  await page.getByPlaceholder('Email').fill('duplicate@example.com');
+  await page.getByPlaceholder('Name').fill('Duplicate 1');
+
+  await page.getByRole('button', { name: 'Add Signer' }).click();
+  await page.getByLabel('Email').nth(1).fill('duplicate@example.com');
+  await page.getByLabel('Name').nth(1).fill('Duplicate 2');
+
+  // Continue to fields
+  await page.getByRole('button', { name: 'Continue' }).click();
+  await expect(page.getByRole('heading', { name: 'Add Fields' })).toBeVisible();
+
+  // Step 3: Add fields
+  await page.getByRole('button', { name: 'Signature' }).click();
+  await page.locator('canvas').click({ position: { x: 100, y: 100 } });
+
+  await page.getByRole('combobox').first().click();
+
+  // Switch to second duplicate and add field
+  await page.getByText('Duplicate 2 (duplicate@example.com)').first().click();
+  await page.getByRole('button', { name: 'Signature' }).click();
+  await page.locator('canvas').click({ position: { x: 200, y: 100 } });
+
+  // Continue to send
+  await page.getByRole('button', { name: 'Continue' }).click();
+  await expect(page.getByRole('heading', { name: 'Distribute Document' })).toBeVisible();
+
+  // Send document
+  await page.waitForTimeout(2500);
+  await page.getByRole('button', { name: 'Send' }).click();
+
+  await page.waitForURL(new RegExp(`/t/${team.url}/documents/\\d+`));
+
+  await expect(page.getByRole('link', { name: document.title })).toBeVisible();
+});
diff --git a/packages/app-tests/e2e/document-flow/duplicate-recipients.spec.ts b/packages/app-tests/e2e/document-flow/duplicate-recipients.spec.ts
new file mode 100644
index 000000000..0f23d6ac7
--- /dev/null
+++ b/packages/app-tests/e2e/document-flow/duplicate-recipients.spec.ts
@@ -0,0 +1,355 @@
+import { type Page, expect, test } from '@playwright/test';
+import type { Document, Team } from '@prisma/client';
+
+import { PDF_VIEWER_PAGE_SELECTOR } from '@documenso/lib/constants/pdf-viewer';
+import { prisma } from '@documenso/prisma';
+import { seedBlankDocument } from '@documenso/prisma/seed/documents';
+import { seedUser } from '@documenso/prisma/seed/users';
+
+import { apiSignin } from '../fixtures/authentication';
+import { signSignaturePad } from '../fixtures/signature';
+
+/**
+ * Test helper to complete the document creation flow with duplicate recipients
+ */
+const completeDocumentFlowWithDuplicateRecipients = async (options: {
+  page: Page;
+  team: Team;
+  document: Document;
+}) => {
+  const { page, team, document } = options;
+
+  // Step 1: Settings - Continue with defaults
+  await page.getByRole('button', { name: 'Continue' }).click();
+  await expect(page.getByRole('heading', { name: 'Add Signers' })).toBeVisible();
+
+  // Step 2: Add duplicate recipients
+  await page.getByPlaceholder('Email').fill('duplicate@example.com');
+  await page.getByPlaceholder('Name').fill('Duplicate Recipient 1');
+
+  // Add second signer with same email
+  await page.getByRole('button', { name: 'Add Signer' }).click();
+  await page.getByLabel('Email').nth(1).fill('duplicate@example.com');
+  await page.getByLabel('Name').nth(1).fill('Duplicate Recipient 2');
+
+  // Add third signer with different email for comparison
+  await page.getByRole('button', { name: 'Add Signer' }).click();
+  await page.getByLabel('Email').nth(2).fill('unique@example.com');
+  await page.getByLabel('Name').nth(2).fill('Unique Recipient');
+
+  // Continue to fields
+  await page.getByRole('button', { name: 'Continue' }).click();
+  await expect(page.getByRole('heading', { name: 'Add Fields' })).toBeVisible();
+
+  // Step 3: Add fields for each recipient
+  // Add signature field for first duplicate recipient
+  await page.getByRole('button', { name: 'Signature' }).click();
+  await page.locator('canvas').click({ position: { x: 100, y: 100 } });
+
+  await page.getByText('Duplicate Recipient 1 (duplicate@example.com)').click();
+
+  // Switch to second duplicate recipient and add their field
+  await page.getByText('Duplicate Recipient 2 (duplicate@example.com)').click();
+  await page.getByRole('button', { name: 'Signature' }).click();
+  await page.locator('canvas').click({ position: { x: 200, y: 100 } });
+
+  await page.getByText('Duplicate Recipient 2 (duplicate@example.com)').click();
+
+  // Switch to unique recipient and add their field
+  await page.getByText('Unique Recipient (unique@example.com)').click();
+  await page.getByRole('button', { name: 'Signature' }).click();
+  await page.locator('canvas').click({ position: { x: 300, y: 100 } });
+
+  // Continue to subject
+  await page.getByRole('button', { name: 'Continue' }).click();
+  await expect(page.getByRole('heading', { name: 'Distribute Document' })).toBeVisible();
+
+  // Step 4: Complete with subject and send
+  await page.waitForTimeout(2500);
+  await page.getByRole('button', { name: 'Send' }).click();
+
+  // Wait for send confirmation
+  await page.waitForURL(new RegExp(`/t/${team.url}/documents/\\d+`));
+
+  await expect(page.getByRole('link', { name: document.title })).toBeVisible();
+};
+
+test.describe('[DOCUMENT_FLOW]: Duplicate Recipients', () => {
+  test('should allow creating document with duplicate recipient emails', async ({ page }) => {
+    const { user, team } = await seedUser();
+
+    const document = await seedBlankDocument(user, team.id);
+
+    await apiSignin({
+      page,
+      email: user.email,
+      redirectPath: `/t/${team.url}/documents/${document.id}/edit`,
+    });
+
+    // Complete the flow
+    await completeDocumentFlowWithDuplicateRecipients({
+      page,
+      team,
+      document,
+    });
+
+    // Verify document was created successfully
+    await expect(page).toHaveURL(new RegExp(`/t/${team.url}/documents`));
+  });
+
+  test('should allow adding duplicate recipient after saving document initially', async ({
+    page,
+  }) => {
+    const { user, team } = await seedUser();
+    const document = await seedBlankDocument(user, team.id);
+
+    await apiSignin({
+      page,
+      email: user.email,
+      redirectPath: `/t/${team.url}/documents/${document.id}/edit`,
+    });
+
+    // Step 1: Settings - Continue with defaults
+    await page.getByRole('button', { name: 'Continue' }).click();
+    await expect(page.getByRole('heading', { name: 'Add Signers' })).toBeVisible();
+
+    // Step 2: Add initial recipient
+    await page.getByPlaceholder('Email').fill('test@example.com');
+    await page.getByPlaceholder('Name').fill('Test Recipient');
+
+    // Continue to fields and add a field
+    await page.getByRole('button', { name: 'Continue' }).click();
+    await expect(page.getByRole('heading', { name: 'Add Fields' })).toBeVisible();
+
+    await page.getByRole('button', { name: 'Signature' }).click();
+    await page.locator('canvas').click({ position: { x: 100, y: 100 } });
+
+    // Save the document by going to subject
+    await page.getByRole('button', { name: 'Continue' }).click();
+    await expect(page.getByRole('heading', { name: 'Distribute Document' })).toBeVisible();
+
+    // Navigate back to signers to add duplicate
+    await page.getByRole('button', { name: 'Go Back' }).click();
+    await page.getByRole('button', { name: 'Go Back' }).click();
+    await expect(page.getByRole('heading', { name: 'Add Signers' })).toBeVisible();
+
+    // Add duplicate recipient
+    await page.getByRole('button', { name: 'Add Signer' }).click();
+    await page.getByLabel('Email').nth(1).fill('test@example.com');
+    await page.getByLabel('Name').nth(1).fill('Test Recipient Duplicate');
+
+    // Continue and add field for duplicate
+    await page.getByRole('button', { name: 'Continue' }).click();
+    await expect(page.getByRole('heading', { name: 'Add Fields' })).toBeVisible();
+
+    await page.waitForTimeout(1000);
+
+    // Switch to duplicate recipient and add field
+    await page.getByRole('combobox').first().click();
+    await page.getByText('Test Recipient Duplicate (test@example.com)').first().click();
+
+    await page.getByRole('button', { name: 'Signature' }).click();
+    await page.locator('canvas').click({ position: { x: 200, y: 100 } });
+
+    // Complete the flow
+    await page.getByRole('button', { name: 'Continue' }).click();
+    await expect(page.getByRole('heading', { name: 'Distribute Document' })).toBeVisible();
+    await page.waitForTimeout(2500);
+    await page.getByRole('button', { name: 'Send' }).click();
+
+    await page.waitForURL(new RegExp(`/t/${team.url}/documents/\\d+`));
+
+    await expect(page.getByRole('link', { name: document.title })).toBeVisible();
+  });
+
+  test('should isolate fields per recipient token even with duplicate emails', async ({
+    page,
+    context,
+  }) => {
+    const { user, team } = await seedUser();
+
+    const document = await seedBlankDocument(user, team.id);
+
+    await apiSignin({
+      page,
+      email: user.email,
+      redirectPath: `/t/${team.url}/documents/${document.id}/edit`,
+    });
+
+    // Complete the document flow
+    await completeDocumentFlowWithDuplicateRecipients({
+      page,
+      team,
+      document,
+    });
+
+    // Navigate to documents list and get the document
+    await expect(page).toHaveURL(new RegExp(`/t/${team.url}/documents`));
+
+    const recipients = await prisma.recipient.findMany({
+      where: {
+        documentId: document.id,
+      },
+    });
+
+    expect(recipients).toHaveLength(3);
+
+    const tokens = recipients.map((r) => r.token);
+
+    expect(new Set(tokens).size).toBe(3); // All tokens should be unique
+
+    // Test each signing experience in separate browser contexts
+    for (const recipient of recipients) {
+      // Navigate to signing URL
+      await page.goto(`/sign/${recipient.token}`, {
+        waitUntil: 'networkidle',
+      });
+
+      await page.waitForSelector(PDF_VIEWER_PAGE_SELECTOR);
+
+      // Verify only one signature field is visible for this recipient
+      expect(
+        await page.locator(`[data-field-type="SIGNATURE"]:not([data-readonly="true"])`).all(),
+      ).toHaveLength(1);
+
+      // Verify recipient name is correct
+      await expect(page.getByLabel('Full Name')).toHaveValue(recipient.name);
+
+      // Sign the document
+      await signSignaturePad(page);
+
+      await page
+        .locator('[data-field-type="SIGNATURE"]:not([data-readonly="true"])')
+        .first()
+        .click();
+
+      await page.getByRole('button', { name: 'Complete' }).click();
+      await page.getByRole('button', { name: 'Sign' }).click();
+
+      // Verify completion
+      await page.waitForURL(`/sign/${recipient?.token}/complete`);
+      await expect(page.getByText('Document Signed')).toBeVisible();
+    }
+  });
+
+  test('should handle duplicate recipient workflow with different field types', async ({
+    page,
+  }) => {
+    const { user, team } = await seedUser();
+    const document = await seedBlankDocument(user, team.id);
+
+    await apiSignin({
+      page,
+      email: user.email,
+      redirectPath: `/t/${team.url}/documents/${document.id}/edit`,
+    });
+
+    // Step 1: Settings
+    await page.getByRole('button', { name: 'Continue' }).click();
+
+    // Step 2: Add duplicate recipients with different roles
+    await page.getByPlaceholder('Email').fill('signer@example.com');
+    await page.getByPlaceholder('Name').fill('Signer Role');
+
+    await page.getByRole('button', { name: 'Add Signer' }).click();
+    await page.getByLabel('Email').nth(1).fill('signer@example.com');
+    await page.getByLabel('Name').nth(1).fill('Approver Role');
+
+    // Change second recipient role if role selector is available
+    const roleDropdown = page.getByLabel('Role').nth(1);
+
+    if (await roleDropdown.isVisible()) {
+      await roleDropdown.click();
+      await page.getByText('Approver').click();
+    }
+
+    // Step 3: Add different field types for each duplicate
+    await page.getByRole('button', { name: 'Continue' }).click();
+
+    // Add signature for first recipient
+    await page.getByRole('button', { name: 'Signature' }).click();
+    await page.locator('canvas').click({ position: { x: 100, y: 100 } });
+
+    // Add name field for second recipient
+    await page.getByRole('combobox').first().click();
+
+    await page.getByText('Approver Role (signer@example.com)').first().click();
+    await page.getByRole('button', { name: 'Name' }).click();
+    await page.locator('canvas').click({ position: { x: 200, y: 100 } });
+
+    // Add date field for second recipient
+    await page.getByRole('button', { name: 'Date' }).click();
+    await page.locator('canvas').click({ position: { x: 200, y: 150 } });
+
+    // Complete the document
+    await page.getByRole('button', { name: 'Continue' }).click();
+
+    await page.getByRole('button', { name: 'Send' }).click();
+
+    await page.waitForURL(new RegExp(`/t/${team.url}/documents/\\d+`));
+
+    await expect(page.getByRole('link', { name: document.title })).toBeVisible();
+  });
+
+  test('should preserve field assignments when editing document with duplicates', async ({
+    page,
+  }) => {
+    const { user, team } = await seedUser();
+    const document = await seedBlankDocument(user, team.id);
+
+    await apiSignin({
+      page,
+      email: user.email,
+      redirectPath: `/t/${team.url}/documents/${document.id}/edit`,
+    });
+
+    // Create document with duplicates and fields
+    await completeDocumentFlowWithDuplicateRecipients({
+      page,
+      team,
+      document,
+    });
+
+    // Navigate back to edit the document
+    await page.goto(`/t/${team.url}/documents/${document.id}/edit`);
+
+    // Go to fields step
+    await page.getByRole('button', { name: 'Continue' }).click(); // Settings
+    await page.getByRole('button', { name: 'Continue' }).click(); // Signers
+
+    // Verify fields are assigned to correct recipients
+    await expect(page.getByRole('heading', { name: 'Add Fields' })).toBeVisible();
+
+    // Click on first duplicate recipient
+    await page.getByText('Duplicate Recipient 1 (duplicate@example.com)').click();
+
+    // Verify their field is visible and can be selected
+    const firstRecipientFields = await page
+      .locator(`[data-field-type="SIGNATURE"]:not(:disabled)`)
+      .all();
+    expect(firstRecipientFields.length).toBeGreaterThan(0);
+
+    // Switch to second duplicate recipient
+    await page.getByText('Duplicate Recipient 2 (duplicate@example.com)').click();
+
+    // Verify they have their own field
+    const secondRecipientFields = await page
+      .locator(`[data-field-type="SIGNATURE"]:not(:disabled)`)
+      .all();
+    expect(secondRecipientFields.length).toBeGreaterThan(0);
+
+    // Add another field to the second duplicate
+    await page.getByRole('button', { name: 'Name' }).click();
+    await page.locator('canvas').click({ position: { x: 250, y: 150 } });
+
+    // Save changes
+    await page.getByRole('button', { name: 'Continue' }).click();
+    await expect(page.getByRole('heading', { name: 'Distribute Document' })).toBeVisible();
+    await page.waitForTimeout(2500);
+    await page.getByRole('button', { name: 'Send' }).click();
+
+    await page.waitForURL(new RegExp(`/t/${team.url}/documents/\\d+`));
+
+    await expect(page.getByRole('link', { name: document.title })).toBeVisible();
+  });
+});
diff --git a/packages/app-tests/e2e/document-flow/stepper-component.spec.ts b/packages/app-tests/e2e/document-flow/stepper-component.spec.ts
index 1e1a70288..06251175e 100644
--- a/packages/app-tests/e2e/document-flow/stepper-component.spec.ts
+++ b/packages/app-tests/e2e/document-flow/stepper-component.spec.ts
@@ -573,6 +573,7 @@ test('[DOCUMENT_FLOW]: should be able to create and sign a document with 3 recip
         y: 100 * i,
       },
     });
+
     await page.getByText(`User ${i} (user${i}@example.com)`).click();
   }
 
diff --git a/packages/app-tests/e2e/folders/team-account-folders.spec.ts b/packages/app-tests/e2e/folders/team-account-folders.spec.ts
index 71649be8d..281848adb 100644
--- a/packages/app-tests/e2e/folders/team-account-folders.spec.ts
+++ b/packages/app-tests/e2e/folders/team-account-folders.spec.ts
@@ -277,13 +277,13 @@ test('[TEAMS]: document folder and its contents can be deleted', async ({ page }
 
   await page.goto(`/t/${team.url}/documents`);
 
-  await expect(page.locator('div').filter({ hasText: folder.name })).not.toBeVisible();
+  await expect(page.locator(`[data-folder-id="${folder.id}"]`)).not.toBeVisible();
   await expect(page.getByText(proposal.title)).not.toBeVisible();
 
   await page.goto(`/t/${team.url}/documents/f/${folder.id}`);
 
   await expect(page.getByText(report.title)).not.toBeVisible();
-  await expect(page.locator('div').filter({ hasText: reportsFolder.name })).not.toBeVisible();
+  await expect(page.locator(`[data-folder-id="${reportsFolder.id}"]`)).not.toBeVisible();
 });
 
 test('[TEAMS]: create folder button is visible on templates page', async ({ page }) => {
@@ -318,9 +318,7 @@ test('[TEAMS]: can create a template folder', async ({ page }) => {
   await expect(page.getByText('Team template folder')).toBeVisible();
 
   await page.goto(`/t/${team.url}/templates`);
-  await expect(
-    page.locator('div').filter({ hasText: 'Team template folder' }).nth(3),
-  ).toBeVisible();
+  await expect(page.locator(`[data-folder-name="Team template folder"]`)).toBeVisible();
 });
 
 test('[TEAMS]: can create a template subfolder inside a template folder', async ({ page }) => {
@@ -374,11 +372,8 @@ test('[TEAMS]: can create a template inside a template folder', async ({ page })
 
   await page.getByRole('button', { name: 'New Template' }).click();
 
-  await page
-    .locator('div')
-    .filter({ hasText: /^Upload Template DocumentDrag & drop your PDF here\.$/ })
-    .nth(2)
-    .click();
+  await page.getByText('Upload Template Document').click();
+
   await page.locator('input[type="file"]').nth(0).waitFor({ state: 'attached' });
 
   await page
@@ -537,7 +532,7 @@ test('[TEAMS]: template folder can be moved to another template folder', async (
   await expect(page.getByText('Team Contract Templates')).toBeVisible();
 });
 
-test('[TEAMS]: template folder and its contents can be deleted', async ({ page }) => {
+test('[TEAMS]: template folder can be deleted', async ({ page }) => {
   const { team, teamOwner } = await seedTeamDocuments();
 
   const folder = await seedBlankFolder(teamOwner, team.id, {
@@ -585,13 +580,16 @@ test('[TEAMS]: template folder and its contents can be deleted', async ({ page }
 
   await page.goto(`/t/${team.url}/templates`);
 
-  await expect(page.locator('div').filter({ hasText: folder.name })).not.toBeVisible();
-  await expect(page.getByText(template.title)).not.toBeVisible();
+  await page.waitForTimeout(1000);
+
+  // !: This is no longer the case, when deleting a folder its contents will be moved to the root folder.
+  // await expect(page.locator(`[data-folder-id="${folder.id}"]`)).not.toBeVisible();
+  // await expect(page.getByText(template.title)).not.toBeVisible();
 
   await page.goto(`/t/${team.url}/templates/f/${folder.id}`);
 
   await expect(page.getByText(reportTemplate.title)).not.toBeVisible();
-  await expect(page.locator('div').filter({ hasText: subfolder.name })).not.toBeVisible();
+  await expect(page.locator(`[data-folder-id="${subfolder.id}"]`)).not.toBeVisible();
 });
 
 test('[TEAMS]: can navigate between template folders', async ({ page }) => {
@@ -843,10 +841,15 @@ test('[TEAMS]: documents inherit folder visibility', async ({ page }) => {
 
   await page.getByText('Admin Only Folder').click();
 
-  const fileInput = page.locator('input[type="file"]').nth(1);
-  await fileInput.waitFor({ state: 'attached' });
+  await page.waitForURL(new RegExp(`/t/${team.url}/documents/f/.+`));
 
-  await fileInput.setInputFiles(
+  // Upload document.
+  const [fileChooser] = await Promise.all([
+    page.waitForEvent('filechooser'),
+    page.getByRole('button', { name: 'Upload Document' }).click(),
+  ]);
+
+  await fileChooser.setFiles(
     path.join(__dirname, '../../../assets/documenso-supporter-pledge.pdf'),
   );
 
diff --git a/packages/app-tests/e2e/templates-flow/duplicate-recipients.spec.ts b/packages/app-tests/e2e/templates-flow/duplicate-recipients.spec.ts
new file mode 100644
index 000000000..98056ab82
--- /dev/null
+++ b/packages/app-tests/e2e/templates-flow/duplicate-recipients.spec.ts
@@ -0,0 +1,283 @@
+import { type Page, expect, test } from '@playwright/test';
+import type { Team, Template } from '@prisma/client';
+
+import { PDF_VIEWER_PAGE_SELECTOR } from '@documenso/lib/constants/pdf-viewer';
+import { prisma } from '@documenso/prisma';
+import { seedBlankTemplate } from '@documenso/prisma/seed/templates';
+import { seedUser } from '@documenso/prisma/seed/users';
+
+import { apiSignin } from '../fixtures/authentication';
+
+/**
+ * Test helper to complete template creation with duplicate recipients
+ */
+const completeTemplateFlowWithDuplicateRecipients = async (options: {
+  page: Page;
+  team: Team;
+  template: Template;
+}) => {
+  const { page, team, template } = options;
+  // Step 1: Settings - Continue with defaults
+  await page.getByRole('button', { name: 'Continue' }).click();
+  await expect(page.getByRole('heading', { name: 'Add Placeholders' })).toBeVisible();
+
+  // Step 2: Add duplicate recipients with real emails for testing
+  await page.getByPlaceholder('Email').fill('duplicate@example.com');
+  await page.getByPlaceholder('Name').fill('First Instance');
+
+  // Add second signer with same email
+  await page.getByRole('button', { name: 'Add Placeholder Recipient' }).click();
+  await page.getByPlaceholder('Email').nth(1).fill('duplicate@example.com');
+  await page.getByPlaceholder('Name').nth(1).fill('Second Instance');
+
+  // Add third signer with different email
+  await page.getByRole('button', { name: 'Add Placeholder Recipient' }).click();
+  await page.getByPlaceholder('Email').nth(2).fill('unique@example.com');
+  await page.getByPlaceholder('Name').nth(2).fill('Different Recipient');
+
+  // Continue to fields
+  await page.getByRole('button', { name: 'Continue' }).click();
+  await expect(page.getByRole('heading', { name: 'Add Fields' })).toBeVisible();
+
+  // Step 3: Add fields for each recipient instance
+  // Add signature field for first instance
+  await page.getByRole('button', { name: 'Signature' }).click();
+  await page.locator('canvas').click({ position: { x: 100, y: 100 } });
+
+  // Switch to second instance and add their field
+  await page.getByRole('combobox').first().click();
+  await page.getByText('Second Instance').first().click();
+  await page.getByRole('button', { name: 'Signature' }).click();
+  await page.locator('canvas').click({ position: { x: 200, y: 100 } });
+
+  // Switch to different recipient and add their field
+  await page.getByRole('combobox').first().click();
+  await page.getByText('Different Recipient').first().click();
+  await page.getByRole('button', { name: 'Name' }).click();
+  await page.locator('canvas').click({ position: { x: 300, y: 100 } });
+
+  // Save template
+  await page.getByRole('button', { name: 'Save Template' }).click();
+
+  // Wait for creation confirmation
+  await page.waitForURL(`/t/${team.url}/templates`);
+  await expect(page.getByRole('link', { name: template.title })).toBeVisible();
+};
+
+test.describe('[TEMPLATE_FLOW]: Duplicate Recipients', () => {
+  test('should allow creating template with duplicate recipient emails', async ({ page }) => {
+    const { user, team } = await seedUser();
+
+    const template = await seedBlankTemplate(user, team.id);
+
+    await apiSignin({
+      page,
+      email: user.email,
+      redirectPath: `/t/${team.url}/templates/${template.id}/edit`,
+    });
+
+    // Complete the template flow
+    await completeTemplateFlowWithDuplicateRecipients({ page, team, template });
+
+    // Verify template was created successfully
+    await expect(page).toHaveURL(`/t/${team.url}/templates`);
+  });
+
+  test('should create document from template with duplicate recipients using same email', async ({
+    page,
+    context,
+  }) => {
+    const { user, team } = await seedUser();
+
+    const template = await seedBlankTemplate(user, team.id);
+
+    await apiSignin({
+      page,
+      email: user.email,
+      redirectPath: `/t/${team.url}/templates/${template.id}/edit`,
+    });
+
+    // Complete template creation
+    await completeTemplateFlowWithDuplicateRecipients({ page, team, template });
+
+    // Navigate to template and create document
+    await page.goto(`/t/${team.url}/templates`);
+
+    await page
+      .getByRole('row', { name: template.title })
+      .getByRole('button', { name: 'Use Template' })
+      .click();
+
+    // Fill recipient information with same email for both instances
+    await expect(page.getByRole('heading', { name: 'Create document' })).toBeVisible();
+
+    // Set same email for both recipient instances
+    const emailInputs = await page.locator('[aria-label="Email"]').all();
+    const nameInputs = await page.locator('[aria-label="Name"]').all();
+
+    // First instance
+    await emailInputs[0].fill('same@example.com');
+    await nameInputs[0].fill('John Doe - Role 1');
+
+    // Second instance (same email)
+    await emailInputs[1].fill('same@example.com');
+    await nameInputs[1].fill('John Doe - Role 2');
+
+    // Different recipient
+    await emailInputs[2].fill('different@example.com');
+    await nameInputs[2].fill('Jane Smith');
+
+    await page.getByLabel('Send document').click();
+
+    // Create document
+    await page.getByRole('button', { name: 'Create and send' }).click();
+    await page.waitForURL(new RegExp(`/t/${team.url}/documents/\\d+`));
+
+    // Get the document ID from URL for database queries
+    const url = page.url();
+    const documentIdMatch = url.match(/\/documents\/(\d+)/);
+
+    const documentId = documentIdMatch ? parseInt(documentIdMatch[1]) : null;
+
+    expect(documentId).not.toBeNull();
+
+    // Get recipients directly from database
+    const recipients = await prisma.recipient.findMany({
+      where: {
+        documentId: documentId!,
+      },
+    });
+
+    expect(recipients).toHaveLength(3);
+
+    // Verify all tokens are unique
+    const tokens = recipients.map((r) => r.token);
+    expect(new Set(tokens).size).toBe(3);
+
+    // Test signing experience for duplicate email recipients
+    const duplicateRecipients = recipients.filter((r) => r.email === 'same@example.com');
+    expect(duplicateRecipients).toHaveLength(2);
+
+    for (const recipient of duplicateRecipients) {
+      // Navigate to signing URL
+      await page.goto(`/sign/${recipient.token}`, {
+        waitUntil: 'networkidle',
+      });
+
+      await page.waitForSelector(PDF_VIEWER_PAGE_SELECTOR);
+
+      // Verify correct recipient name is shown
+      await expect(page.getByLabel('Full Name')).toHaveValue(recipient.name);
+
+      // Verify only one signature field is visible for this recipient
+      expect(
+        await page.locator(`[data-field-type="SIGNATURE"]:not([data-readonly="true"])`).all(),
+      ).toHaveLength(1);
+    }
+  });
+
+  test('should handle template with different types of duplicate emails', async ({ page }) => {
+    const { user, team } = await seedUser();
+
+    const template = await seedBlankTemplate(user, team.id);
+
+    await apiSignin({
+      page,
+      email: user.email,
+      redirectPath: `/t/${team.url}/templates/${template.id}/edit`,
+    });
+
+    // Step 1: Settings
+    await page.getByRole('button', { name: 'Continue' }).click();
+
+    // Step 2: Add multiple recipients with duplicate emails
+    await page.getByPlaceholder('Email').fill('duplicate@example.com');
+    await page.getByPlaceholder('Name').fill('Duplicate Recipient 1');
+
+    await page.getByRole('button', { name: 'Add Placeholder Recipient' }).click();
+    await page.getByPlaceholder('Email').nth(1).fill('duplicate@example.com');
+    await page.getByPlaceholder('Name').nth(1).fill('Duplicate Recipient 2');
+
+    await page.getByRole('button', { name: 'Add Placeholder Recipient' }).click();
+    await page.getByPlaceholder('Email').nth(2).fill('different@example.com');
+    await page.getByPlaceholder('Name').nth(2).fill('Different Recipient');
+
+    // Continue and add fields
+    await page.getByRole('button', { name: 'Continue' }).click();
+
+    // Add fields for each recipient
+    await page.getByRole('button', { name: 'Signature' }).click();
+    await page.locator('canvas').click({ position: { x: 100, y: 100 } });
+
+    await page.getByRole('combobox').first().click();
+    await page.getByText('Duplicate Recipient 2').first().click();
+    await page.getByRole('button', { name: 'Date' }).click();
+    await page.locator('canvas').click({ position: { x: 200, y: 100 } });
+
+    await page.getByRole('combobox').first().click();
+    await page.getByText('Different Recipient').first().click();
+    await page.getByRole('button', { name: 'Name' }).click();
+    await page.locator('canvas').click({ position: { x: 100, y: 200 } });
+
+    // Save template
+    await page.getByRole('button', { name: 'Save Template' }).click();
+
+    await page.waitForURL(`/t/${team.url}/templates`);
+
+    await expect(page.getByRole('link', { name: template.title })).toBeVisible();
+  });
+
+  test('should validate field assignments per recipient in template editing', async ({ page }) => {
+    const { user, team } = await seedUser();
+
+    const template = await seedBlankTemplate(user, team.id);
+
+    await apiSignin({
+      page,
+      email: user.email,
+      redirectPath: `/t/${team.url}/templates/${template.id}/edit`,
+    });
+
+    // Create template with duplicates
+    await completeTemplateFlowWithDuplicateRecipients({ page, team, template });
+
+    // Navigate back to edit the template
+    await page.goto(`/t/${team.url}/templates/${template.id}/edit`);
+
+    // Go to fields step
+    await page.getByRole('button', { name: 'Continue' }).click(); // Settings
+    await page.getByRole('button', { name: 'Continue' }).click(); // Signers
+
+    await expect(page.getByRole('heading', { name: 'Add Fields' })).toBeVisible();
+
+    // Verify fields are correctly assigned to each recipient instance
+    await page.getByRole('combobox').first().click();
+    await page.getByRole('option', { name: 'First Instance' }).first().click();
+    let visibleFields = await page.locator(`[data-field-type="SIGNATURE"]:not(:disabled)`).all();
+    expect(visibleFields.length).toBeGreaterThan(0);
+
+    await page.getByRole('combobox').first().click();
+    await page.getByRole('option', { name: 'Second Instance' }).first().click();
+    visibleFields = await page.locator(`[data-field-type="SIGNATURE"]:not(:disabled)`).all();
+    expect(visibleFields.length).toBeGreaterThan(0);
+
+    await page.getByRole('combobox').first().click();
+    await page.getByRole('option', { name: 'Different Recipient' }).first().click();
+    const nameFields = await page.locator(`[data-field-type="NAME"]:not(:disabled)`).all();
+    expect(nameFields.length).toBeGreaterThan(0);
+
+    // Add additional field to verify proper assignment
+    await page.getByRole('combobox').first().click();
+    await page.getByRole('option', { name: 'First Instance' }).first().click();
+    await page.getByRole('button', { name: 'Name' }).click();
+    await page.locator('canvas').click({ position: { x: 100, y: 300 } });
+
+    await page.waitForTimeout(2500);
+
+    // Save changes
+    await page.getByRole('button', { name: 'Save Template' }).click();
+
+    await page.waitForURL(`/t/${team.url}/templates`);
+    await expect(page.getByRole('link', { name: template.title })).toBeVisible();
+  });
+});
diff --git a/packages/app-tests/e2e/templates-flow/template-autosave-fields-step.spec.ts b/packages/app-tests/e2e/templates-flow/template-autosave-fields-step.spec.ts
index 5a167340a..0680d3e40 100644
--- a/packages/app-tests/e2e/templates-flow/template-autosave-fields-step.spec.ts
+++ b/packages/app-tests/e2e/templates-flow/template-autosave-fields-step.spec.ts
@@ -33,7 +33,7 @@ const setupTemplateAndNavigateToFieldsStep = async (page: Page) => {
 };
 
 const triggerAutosave = async (page: Page) => {
-  await page.locator('#document-flow-form-container').click();
+  await page.locator('body').click({ position: { x: 0, y: 0 } });
   await page.locator('#document-flow-form-container').blur();
 
   await page.waitForTimeout(5000);
@@ -70,7 +70,7 @@ test.describe('AutoSave Fields Step', () => {
 
     await triggerAutosave(page);
 
-    await page.getByRole('combobox').click();
+    await page.getByRole('combobox').first().click();
     await page.getByRole('option', { name: 'Recipient 2 (recipient2@documenso.com)' }).click();
 
     await page.getByRole('button', { name: 'Signature' }).click();
@@ -129,7 +129,7 @@ test.describe('AutoSave Fields Step', () => {
 
     await triggerAutosave(page);
 
-    await page.getByRole('combobox').click();
+    await page.getByRole('combobox').first().click();
     await page.getByRole('option', { name: 'Recipient 2 (recipient2@documenso.com)' }).click();
 
     await page.getByRole('button', { name: 'Signature' }).click();
@@ -142,7 +142,7 @@ test.describe('AutoSave Fields Step', () => {
 
     await triggerAutosave(page);
 
-    await page.getByRole('combobox').click();
+    await page.getByRole('combobox').first().click();
     await page.getByRole('option', { name: 'Recipient 1 (recipient1@documenso.com)' }).click();
 
     await page.getByText('Text').nth(1).click();
@@ -195,7 +195,7 @@ test.describe('AutoSave Fields Step', () => {
 
     await triggerAutosave(page);
 
-    await page.getByRole('combobox').click();
+    await page.getByRole('combobox').first().click();
     await page.getByRole('option', { name: 'Recipient 2 (recipient2@documenso.com)' }).click();
 
     await page.getByRole('button', { name: 'Signature' }).click();
@@ -208,7 +208,7 @@ test.describe('AutoSave Fields Step', () => {
 
     await triggerAutosave(page);
 
-    await page.getByRole('combobox').click();
+    await page.getByRole('combobox').first().click();
     await page.getByRole('option', { name: 'Recipient 1 (recipient1@documenso.com)' }).click();
 
     await page.getByText('Signature').nth(1).click();
diff --git a/packages/app-tests/e2e/templates-flow/template-autosave-settings-step.spec.ts b/packages/app-tests/e2e/templates-flow/template-autosave-settings-step.spec.ts
index af12e7290..620fb93db 100644
--- a/packages/app-tests/e2e/templates-flow/template-autosave-settings-step.spec.ts
+++ b/packages/app-tests/e2e/templates-flow/template-autosave-settings-step.spec.ts
@@ -23,7 +23,7 @@ const setupTemplate = async (page: Page) => {
 };
 
 const triggerAutosave = async (page: Page) => {
-  await page.locator('#document-flow-form-container').click();
+  await page.locator('body').click({ position: { x: 0, y: 0 } });
   await page.locator('#document-flow-form-container').blur();
 
   await page.waitForTimeout(5000);
diff --git a/packages/app-tests/e2e/templates-flow/template-autosave-signers-step.spec.ts b/packages/app-tests/e2e/templates-flow/template-autosave-signers-step.spec.ts
index f5bd07e94..943b6834f 100644
--- a/packages/app-tests/e2e/templates-flow/template-autosave-signers-step.spec.ts
+++ b/packages/app-tests/e2e/templates-flow/template-autosave-signers-step.spec.ts
@@ -26,7 +26,7 @@ const setupTemplateAndNavigateToSignersStep = async (page: Page) => {
 };
 
 const triggerAutosave = async (page: Page) => {
-  await page.locator('#document-flow-form-container').click();
+  await page.locator('body').click({ position: { x: 0, y: 0 } });
   await page.locator('#document-flow-form-container').blur();
 
   await page.waitForTimeout(5000);
diff --git a/packages/app-tests/playwright.config.ts b/packages/app-tests/playwright.config.ts
index 3536e340d..4373c7b93 100644
--- a/packages/app-tests/playwright.config.ts
+++ b/packages/app-tests/playwright.config.ts
@@ -17,7 +17,7 @@ export default defineConfig({
   testDir: './e2e',
   /* Run tests in files in parallel */
   fullyParallel: false,
-  workers: 4,
+  workers: 2,
   maxFailures: process.env.CI ? 1 : undefined,
   /* Fail the build on CI if you accidentally left test.only in the source code. */
   forbidOnly: !!process.env.CI,
@@ -33,7 +33,7 @@ export default defineConfig({
     /* Collect trace when retrying the failed test. See https://playwright.dev/docs/trace-viewer */
     trace: 'on',
 
-    video: 'retain-on-failure',
+    video: 'on-first-retry',
 
     /* Add explicit timeouts for actions */
     actionTimeout: 15_000,
diff --git a/packages/lib/client-only/hooks/use-autosave.ts b/packages/lib/client-only/hooks/use-autosave.ts
index 5c9b3db62..025c285d5 100644
--- a/packages/lib/client-only/hooks/use-autosave.ts
+++ b/packages/lib/client-only/hooks/use-autosave.ts
@@ -1,23 +1,56 @@
 import { useCallback, useEffect, useRef } from 'react';
 
-export const useAutoSave = <T>(onSave: (data: T) => Promise<void>) => {
-  const saveTimeoutRef = useRef<NodeJS.Timeout>();
+type SaveRequest<T, R> = {
+  data: T;
+  onResponse?: (response: R) => void;
+};
 
-  const saveFormData = async (data: T) => {
-    try {
-      await onSave(data);
-    } catch (error) {
-      console.error('Auto-save failed:', error);
+export const useAutoSave = <T, R = void>(
+  onSave: (data: T) => Promise<R>,
+  options: { delay?: number } = {},
+) => {
+  const { delay = 2000 } = options;
+
+  const saveTimeoutRef = useRef<NodeJS.Timeout>();
+  const saveQueueRef = useRef<SaveRequest<T, R>[]>([]);
+  const isProcessingRef = useRef(false);
+
+  const processQueue = async () => {
+    if (isProcessingRef.current || saveQueueRef.current.length === 0) {
+      return;
     }
+
+    isProcessingRef.current = true;
+
+    while (saveQueueRef.current.length > 0) {
+      const request = saveQueueRef.current.shift()!;
+
+      try {
+        const response = await onSave(request.data);
+        request.onResponse?.(response);
+      } catch (error) {
+        console.error('Auto-save failed:', error);
+      }
+    }
+
+    isProcessingRef.current = false;
   };
 
-  const scheduleSave = useCallback((data: T) => {
-    if (saveTimeoutRef.current) {
-      clearTimeout(saveTimeoutRef.current);
-    }
+  const saveFormData = async (data: T, onResponse?: (response: R) => void) => {
+    saveQueueRef.current.push({ data, onResponse });
+    await processQueue();
+  };
 
-    saveTimeoutRef.current = setTimeout(() => void saveFormData(data), 2000);
-  }, []);
+  const scheduleSave = useCallback(
+    (data: T, onResponse?: (response: R) => void) => {
+      if (saveTimeoutRef.current) {
+        clearTimeout(saveTimeoutRef.current);
+      }
+
+      saveTimeoutRef.current = setTimeout(() => void saveFormData(data, onResponse), delay);
+    },
+    [delay],
+  );
 
   useEffect(() => {
     return () => {
diff --git a/packages/lib/server-only/field/set-fields-for-document.ts b/packages/lib/server-only/field/set-fields-for-document.ts
index 7ec75796a..497f01078 100644
--- a/packages/lib/server-only/field/set-fields-for-document.ts
+++ b/packages/lib/server-only/field/set-fields-for-document.ts
@@ -84,9 +84,7 @@ export const setFieldsForDocument = async ({
   const linkedFields = fields.map((field) => {
     const existing = existingFields.find((existingField) => existingField.id === field.id);
 
-    const recipient = document.recipients.find(
-      (recipient) => recipient.email.toLowerCase() === field.signerEmail.toLowerCase(),
-    );
+    const recipient = document.recipients.find((recipient) => recipient.id === field.recipientId);
 
     // Each field MUST have a recipient associated with it.
     if (!recipient) {
@@ -226,10 +224,8 @@ export const setFieldsForDocument = async ({
             },
             recipient: {
               connect: {
-                documentId_email: {
-                  documentId,
-                  email: fieldSignerEmail,
-                },
+                id: field.recipientId,
+                documentId,
               },
             },
           },
@@ -330,6 +326,7 @@ type FieldData = {
   id?: number | null;
   type: FieldType;
   signerEmail: string;
+  recipientId: number;
   pageNumber: number;
   pageX: number;
   pageY: number;
diff --git a/packages/lib/server-only/field/set-fields-for-template.ts b/packages/lib/server-only/field/set-fields-for-template.ts
index 285e26e69..a116c6275 100644
--- a/packages/lib/server-only/field/set-fields-for-template.ts
+++ b/packages/lib/server-only/field/set-fields-for-template.ts
@@ -26,6 +26,7 @@ export type SetFieldsForTemplateOptions = {
     id?: number | null;
     type: FieldType;
     signerEmail: string;
+    recipientId: number;
     pageNumber: number;
     pageX: number;
     pageY: number;
@@ -169,10 +170,8 @@ export const setFieldsForTemplate = async ({
           },
           recipient: {
             connect: {
-              templateId_email: {
-                templateId,
-                email: field.signerEmail.toLowerCase(),
-              },
+              id: field.recipientId,
+              templateId,
             },
           },
         },
diff --git a/packages/lib/server-only/recipient/create-document-recipients.ts b/packages/lib/server-only/recipient/create-document-recipients.ts
index cf584a874..4baac9f1c 100644
--- a/packages/lib/server-only/recipient/create-document-recipients.ts
+++ b/packages/lib/server-only/recipient/create-document-recipients.ts
@@ -85,20 +85,6 @@ export const createDocumentRecipients = async ({
     email: recipient.email.toLowerCase(),
   }));
 
-  const duplicateRecipients = normalizedRecipients.filter((newRecipient) => {
-    const existingRecipient = document.recipients.find(
-      (existingRecipient) => existingRecipient.email === newRecipient.email,
-    );
-
-    return existingRecipient !== undefined;
-  });
-
-  if (duplicateRecipients.length > 0) {
-    throw new AppError(AppErrorCode.INVALID_REQUEST, {
-      message: `Duplicate recipient(s) found for ${duplicateRecipients.map((recipient) => recipient.email).join(', ')}`,
-    });
-  }
-
   const createdRecipients = await prisma.$transaction(async (tx) => {
     return await Promise.all(
       normalizedRecipients.map(async (recipient) => {
diff --git a/packages/lib/server-only/recipient/create-template-recipients.ts b/packages/lib/server-only/recipient/create-template-recipients.ts
index 34d61ef66..1621e87b7 100644
--- a/packages/lib/server-only/recipient/create-template-recipients.ts
+++ b/packages/lib/server-only/recipient/create-template-recipients.ts
@@ -71,20 +71,6 @@ export const createTemplateRecipients = async ({
     email: recipient.email.toLowerCase(),
   }));
 
-  const duplicateRecipients = normalizedRecipients.filter((newRecipient) => {
-    const existingRecipient = template.recipients.find(
-      (existingRecipient) => existingRecipient.email === newRecipient.email,
-    );
-
-    return existingRecipient !== undefined;
-  });
-
-  if (duplicateRecipients.length > 0) {
-    throw new AppError(AppErrorCode.INVALID_REQUEST, {
-      message: `Duplicate recipient(s) found for ${duplicateRecipients.map((recipient) => recipient.email).join(', ')}`,
-    });
-  }
-
   const createdRecipients = await prisma.$transaction(async (tx) => {
     return await Promise.all(
       normalizedRecipients.map(async (recipient) => {
diff --git a/packages/lib/server-only/recipient/set-document-recipients.ts b/packages/lib/server-only/recipient/set-document-recipients.ts
index bfdbca552..fd9ba5730 100644
--- a/packages/lib/server-only/recipient/set-document-recipients.ts
+++ b/packages/lib/server-only/recipient/set-document-recipients.ts
@@ -122,16 +122,12 @@ export const setDocumentRecipients = async ({
 
   const removedRecipients = existingRecipients.filter(
     (existingRecipient) =>
-      !normalizedRecipients.find(
-        (recipient) =>
-          recipient.id === existingRecipient.id || recipient.email === existingRecipient.email,
-      ),
+      !normalizedRecipients.find((recipient) => recipient.id === existingRecipient.id),
   );
 
   const linkedRecipients = normalizedRecipients.map((recipient) => {
     const existing = existingRecipients.find(
-      (existingRecipient) =>
-        existingRecipient.id === recipient.id || existingRecipient.email === recipient.email,
+      (existingRecipient) => existingRecipient.id === recipient.id,
     );
 
     const canPersistedRecipientBeModified =
diff --git a/packages/lib/server-only/recipient/set-template-recipients.ts b/packages/lib/server-only/recipient/set-template-recipients.ts
index f09968585..955ff94f1 100644
--- a/packages/lib/server-only/recipient/set-template-recipients.ts
+++ b/packages/lib/server-only/recipient/set-template-recipients.ts
@@ -94,10 +94,7 @@ export const setTemplateRecipients = async ({
 
   const removedRecipients = existingRecipients.filter(
     (existingRecipient) =>
-      !normalizedRecipients.find(
-        (recipient) =>
-          recipient.id === existingRecipient.id || recipient.email === existingRecipient.email,
-      ),
+      !normalizedRecipients.find((recipient) => recipient.id === existingRecipient.id),
   );
 
   if (template.directLink !== null) {
@@ -124,8 +121,7 @@ export const setTemplateRecipients = async ({
 
   const linkedRecipients = normalizedRecipients.map((recipient) => {
     const existing = existingRecipients.find(
-      (existingRecipient) =>
-        existingRecipient.id === recipient.id || existingRecipient.email === recipient.email,
+      (existingRecipient) => existingRecipient.id === recipient.id,
     );
 
     return {
diff --git a/packages/lib/server-only/recipient/update-document-recipients.ts b/packages/lib/server-only/recipient/update-document-recipients.ts
index 639c968f1..6372f56a2 100644
--- a/packages/lib/server-only/recipient/update-document-recipients.ts
+++ b/packages/lib/server-only/recipient/update-document-recipients.ts
@@ -91,17 +91,6 @@ export const updateDocumentRecipients = async ({
       });
     }
 
-    const duplicateRecipientWithSameEmail = document.recipients.find(
-      (existingRecipient) =>
-        existingRecipient.email === recipient.email && existingRecipient.id !== recipient.id,
-    );
-
-    if (duplicateRecipientWithSameEmail) {
-      throw new AppError(AppErrorCode.INVALID_REQUEST, {
-        message: `Duplicate recipient with the same email found: ${duplicateRecipientWithSameEmail.email}`,
-      });
-    }
-
     if (!canRecipientBeModified(originalRecipient, document.fields)) {
       throw new AppError(AppErrorCode.INVALID_REQUEST, {
         message: 'Cannot modify a recipient who has already interacted with the document',
diff --git a/packages/lib/server-only/recipient/update-template-recipients.ts b/packages/lib/server-only/recipient/update-template-recipients.ts
index 5867e85ab..aca4520f8 100644
--- a/packages/lib/server-only/recipient/update-template-recipients.ts
+++ b/packages/lib/server-only/recipient/update-template-recipients.ts
@@ -80,17 +80,6 @@ export const updateTemplateRecipients = async ({
       });
     }
 
-    const duplicateRecipientWithSameEmail = template.recipients.find(
-      (existingRecipient) =>
-        existingRecipient.email === recipient.email && existingRecipient.id !== recipient.id,
-    );
-
-    if (duplicateRecipientWithSameEmail) {
-      throw new AppError(AppErrorCode.INVALID_REQUEST, {
-        message: `Duplicate recipient with the same email found: ${duplicateRecipientWithSameEmail.email}`,
-      });
-    }
-
     return {
       originalRecipient,
       recipientUpdateData: recipient,
diff --git a/packages/lib/server-only/template/create-document-from-template-legacy.ts b/packages/lib/server-only/template/create-document-from-template-legacy.ts
index e0a20f55e..6bc83c667 100644
--- a/packages/lib/server-only/template/create-document-from-template-legacy.ts
+++ b/packages/lib/server-only/template/create-document-from-template-legacy.ts
@@ -19,6 +19,8 @@ export type CreateDocumentFromTemplateLegacyOptions = {
   }[];
 };
 
+// !TODO: Make this work
+
 /**
  * Legacy server function for /api/v1
  */
@@ -58,6 +60,15 @@ export const createDocumentFromTemplateLegacy = async ({
     },
   });
 
+  const recipientsToCreate = template.recipients.map((recipient) => ({
+    id: recipient.id,
+    email: recipient.email,
+    name: recipient.name,
+    role: recipient.role,
+    signingOrder: recipient.signingOrder,
+    token: nanoid(),
+  }));
+
   const document = await prisma.document.create({
     data: {
       qrToken: prefixedId('qr'),
@@ -70,12 +81,12 @@ export const createDocumentFromTemplateLegacy = async ({
       documentDataId: documentData.id,
       useLegacyFieldInsertion: template.useLegacyFieldInsertion ?? false,
       recipients: {
-        create: template.recipients.map((recipient) => ({
+        create: recipientsToCreate.map((recipient) => ({
           email: recipient.email,
           name: recipient.name,
           role: recipient.role,
           signingOrder: recipient.signingOrder,
-          token: nanoid(),
+          token: recipient.token,
         })),
       },
       documentMeta: {
@@ -95,9 +106,11 @@ export const createDocumentFromTemplateLegacy = async ({
 
   await prisma.field.createMany({
     data: template.fields.map((field) => {
-      const recipient = template.recipients.find((recipient) => recipient.id === field.recipientId);
+      const recipient = recipientsToCreate.find((recipient) => recipient.id === field.recipientId);
 
-      const documentRecipient = document.recipients.find((doc) => doc.email === recipient?.email);
+      const documentRecipient = document.recipients.find(
+        (documentRecipient) => documentRecipient.token === recipient?.token,
+      );
 
       if (!documentRecipient) {
         throw new Error('Recipient not found.');
@@ -118,28 +131,32 @@ export const createDocumentFromTemplateLegacy = async ({
     }),
   });
 
+  // Replicate the old logic, get by index and create if we exceed the number of existing recipients.
   if (recipients && recipients.length > 0) {
-    document.recipients = await Promise.all(
+    await Promise.all(
       recipients.map(async (recipient, index) => {
         const existingRecipient = document.recipients.at(index);
 
-        return await prisma.recipient.upsert({
-          where: {
-            documentId_email: {
+        if (existingRecipient) {
+          return await prisma.recipient.update({
+            where: {
+              id: existingRecipient.id,
               documentId: document.id,
-              email: existingRecipient?.email ?? recipient.email,
             },
-          },
-          update: {
-            name: recipient.name,
-            email: recipient.email,
-            role: recipient.role,
-            signingOrder: recipient.signingOrder,
-          },
-          create: {
+            data: {
+              name: recipient.name,
+              email: recipient.email,
+              role: recipient.role,
+              signingOrder: recipient.signingOrder,
+            },
+          });
+        }
+
+        return await prisma.recipient.create({
+          data: {
             documentId: document.id,
-            email: recipient.email,
             name: recipient.name,
+            email: recipient.email,
             role: recipient.role,
             signingOrder: recipient.signingOrder,
             token: nanoid(),
@@ -149,5 +166,18 @@ export const createDocumentFromTemplateLegacy = async ({
     );
   }
 
-  return document;
+  // Gross but we need to do the additional fetch since we mutate above.
+  const updatedRecipients = await prisma.recipient.findMany({
+    where: {
+      documentId: document.id,
+    },
+    orderBy: {
+      id: 'asc',
+    },
+  });
+
+  return {
+    ...document,
+    recipients: updatedRecipients,
+  };
 };
diff --git a/packages/lib/server-only/template/create-document-from-template.ts b/packages/lib/server-only/template/create-document-from-template.ts
index b6ee8b222..e7a1011c3 100644
--- a/packages/lib/server-only/template/create-document-from-template.ts
+++ b/packages/lib/server-only/template/create-document-from-template.ts
@@ -53,7 +53,7 @@ import { triggerWebhook } from '../webhooks/trigger/trigger-webhook';
 
 type FinalRecipient = Pick<
   Recipient,
-  'name' | 'email' | 'role' | 'authOptions' | 'signingOrder'
+  'name' | 'email' | 'role' | 'authOptions' | 'signingOrder' | 'token'
 > & {
   templateRecipientId: number;
   fields: Field[];
@@ -350,6 +350,7 @@ export const createDocumentFromTemplate = async ({
       role: templateRecipient.role,
       signingOrder: foundRecipient?.signingOrder ?? templateRecipient.signingOrder,
       authOptions: templateRecipient.authOptions,
+      token: nanoid(),
     };
   });
 
@@ -441,7 +442,7 @@ export const createDocumentFromTemplate = async ({
                     ? SigningStatus.SIGNED
                     : SigningStatus.NOT_SIGNED,
                 signingOrder: recipient.signingOrder,
-                token: nanoid(),
+                token: recipient.token,
               };
             }),
           },
@@ -500,8 +501,8 @@ export const createDocumentFromTemplate = async ({
       }
     }
 
-    Object.values(finalRecipients).forEach(({ email, fields }) => {
-      const recipient = document.recipients.find((recipient) => recipient.email === email);
+    Object.values(finalRecipients).forEach(({ token, fields }) => {
+      const recipient = document.recipients.find((recipient) => recipient.token === token);
 
       if (!recipient) {
         throw new Error('Recipient not found.');
diff --git a/packages/prisma/migrations/20250917042725_remove_recipient_unique_email_constraints/migration.sql b/packages/prisma/migrations/20250917042725_remove_recipient_unique_email_constraints/migration.sql
new file mode 100644
index 000000000..a6773703f
--- /dev/null
+++ b/packages/prisma/migrations/20250917042725_remove_recipient_unique_email_constraints/migration.sql
@@ -0,0 +1,5 @@
+-- DropIndex
+DROP INDEX "Recipient_documentId_email_key";
+
+-- DropIndex
+DROP INDEX "Recipient_templateId_email_key";
diff --git a/packages/prisma/schema.prisma b/packages/prisma/schema.prisma
index 8337ab754..49e247cb7 100644
--- a/packages/prisma/schema.prisma
+++ b/packages/prisma/schema.prisma
@@ -527,8 +527,6 @@ model Recipient {
   fields            Field[]
   signatures        Signature[]
 
-  @@unique([documentId, email])
-  @@unique([templateId, email])
   @@index([documentId])
   @@index([templateId])
   @@index([token])
diff --git a/packages/trpc/server/document-router/create-document-temporary.types.ts b/packages/trpc/server/document-router/create-document-temporary.types.ts
index 858b3835a..f7c15ee42 100644
--- a/packages/trpc/server/document-router/create-document-temporary.types.ts
+++ b/packages/trpc/server/document-router/create-document-temporary.types.ts
@@ -78,14 +78,7 @@ export const ZCreateDocumentTemporaryRequestSchema = z.object({
           .optional(),
       }),
     )
-    .refine(
-      (recipients) => {
-        const emails = recipients.map((recipient) => recipient.email);
 
-        return new Set(emails).size === emails.length;
-      },
-      { message: 'Recipients must have unique emails' },
-    )
     .optional(),
   meta: z
     .object({
diff --git a/packages/trpc/server/embedding-router/create-embedding-document.types.ts b/packages/trpc/server/embedding-router/create-embedding-document.types.ts
index 662136c17..40547d77b 100644
--- a/packages/trpc/server/embedding-router/create-embedding-document.types.ts
+++ b/packages/trpc/server/embedding-router/create-embedding-document.types.ts
@@ -47,14 +47,7 @@ export const ZCreateEmbeddingDocumentRequestSchema = z.object({
           .optional(),
       }),
     )
-    .refine(
-      (recipients) => {
-        const emails = recipients.map((recipient) => recipient.email);
 
-        return new Set(emails).size === emails.length;
-      },
-      { message: 'Recipients must have unique emails' },
-    )
     .optional(),
   meta: z
     .object({
diff --git a/packages/trpc/server/embedding-router/update-embedding-document.types.ts b/packages/trpc/server/embedding-router/update-embedding-document.types.ts
index 183ede703..c7521e91b 100644
--- a/packages/trpc/server/embedding-router/update-embedding-document.types.ts
+++ b/packages/trpc/server/embedding-router/update-embedding-document.types.ts
@@ -30,36 +30,27 @@ export const ZUpdateEmbeddingDocumentRequestSchema = z.object({
   documentId: z.number(),
   title: ZDocumentTitleSchema,
   externalId: ZDocumentExternalIdSchema.optional(),
-  recipients: z
-    .array(
-      z.object({
-        id: z.number().optional(),
-        email: z.string().toLowerCase().email().min(1),
-        name: z.string(),
-        role: z.nativeEnum(RecipientRole),
-        signingOrder: z.number().optional(),
-        fields: ZFieldAndMetaSchema.and(
-          z.object({
-            id: z.number().optional(),
-            pageNumber: ZFieldPageNumberSchema,
-            pageX: ZFieldPageXSchema,
-            pageY: ZFieldPageYSchema,
-            width: ZFieldWidthSchema,
-            height: ZFieldHeightSchema,
-          }),
-        )
-          .array()
-          .optional(),
-      }),
-    )
-    .refine(
-      (recipients) => {
-        const emails = recipients.map((recipient) => recipient.email);
-
-        return new Set(emails).size === emails.length;
-      },
-      { message: 'Recipients must have unique emails' },
-    ),
+  recipients: z.array(
+    z.object({
+      id: z.number().optional(),
+      email: z.string().toLowerCase().email().min(1),
+      name: z.string(),
+      role: z.nativeEnum(RecipientRole),
+      signingOrder: z.number().optional(),
+      fields: ZFieldAndMetaSchema.and(
+        z.object({
+          id: z.number().optional(),
+          pageNumber: ZFieldPageNumberSchema,
+          pageX: ZFieldPageXSchema,
+          pageY: ZFieldPageYSchema,
+          width: ZFieldWidthSchema,
+          height: ZFieldHeightSchema,
+        }),
+      )
+        .array()
+        .optional(),
+    }),
+  ),
   meta: z
     .object({
       subject: ZDocumentMetaSubjectSchema.optional(),
diff --git a/packages/trpc/server/field-router/router.ts b/packages/trpc/server/field-router/router.ts
index 1e022749c..462635544 100644
--- a/packages/trpc/server/field-router/router.ts
+++ b/packages/trpc/server/field-router/router.ts
@@ -274,6 +274,7 @@ export const fieldRouter = router({
         fields: fields.map((field) => ({
           id: field.nativeId,
           signerEmail: field.signerEmail,
+          recipientId: field.recipientId,
           type: field.type,
           pageNumber: field.pageNumber,
           pageX: field.pageX,
@@ -513,6 +514,7 @@ export const fieldRouter = router({
         fields: fields.map((field) => ({
           id: field.nativeId,
           signerEmail: field.signerEmail,
+          recipientId: field.recipientId,
           type: field.type,
           pageNumber: field.pageNumber,
           pageX: field.pageX,
diff --git a/packages/trpc/server/field-router/schema.ts b/packages/trpc/server/field-router/schema.ts
index fcb26e0f2..89912f5d8 100644
--- a/packages/trpc/server/field-router/schema.ts
+++ b/packages/trpc/server/field-router/schema.ts
@@ -114,6 +114,7 @@ export const ZSetDocumentFieldsRequestSchema = z.object({
       nativeId: z.number().optional(),
       type: z.nativeEnum(FieldType),
       signerEmail: z.string().min(1),
+      recipientId: z.number().min(1),
       pageNumber: z.number().min(1),
       pageX: z.number().min(0),
       pageY: z.number().min(0),
@@ -136,6 +137,7 @@ export const ZSetFieldsForTemplateRequestSchema = z.object({
       nativeId: z.number().optional(),
       type: z.nativeEnum(FieldType),
       signerEmail: z.string().min(1),
+      recipientId: z.number().min(1),
       pageNumber: z.number().min(1),
       pageX: z.number().min(0),
       pageY: z.number().min(0),
diff --git a/packages/trpc/server/recipient-router/schema.ts b/packages/trpc/server/recipient-router/schema.ts
index dbc25a497..2aa0f15c0 100644
--- a/packages/trpc/server/recipient-router/schema.ts
+++ b/packages/trpc/server/recipient-router/schema.ts
@@ -50,16 +50,7 @@ export const ZCreateDocumentRecipientResponseSchema = ZRecipientLiteSchema;
 
 export const ZCreateDocumentRecipientsRequestSchema = z.object({
   documentId: z.number(),
-  recipients: z.array(ZCreateRecipientSchema).refine(
-    (recipients) => {
-      const emails = recipients.map((recipient) => recipient.email.toLowerCase());
-
-      return new Set(emails).size === emails.length;
-    },
-    {
-      message: 'Recipients must have unique emails',
-    },
-  ),
+  recipients: z.array(ZCreateRecipientSchema),
 });
 
 export const ZCreateDocumentRecipientsResponseSchema = z.object({
@@ -75,18 +66,7 @@ export const ZUpdateDocumentRecipientResponseSchema = ZRecipientSchema;
 
 export const ZUpdateDocumentRecipientsRequestSchema = z.object({
   documentId: z.number(),
-  recipients: z.array(ZUpdateRecipientSchema).refine(
-    (recipients) => {
-      const emails = recipients
-        .filter((recipient) => recipient.email !== undefined)
-        .map((recipient) => recipient.email?.toLowerCase());
-
-      return new Set(emails).size === emails.length;
-    },
-    {
-      message: 'Recipients must have unique emails',
-    },
-  ),
+  recipients: z.array(ZUpdateRecipientSchema),
 });
 
 export const ZUpdateDocumentRecipientsResponseSchema = z.object({
@@ -97,29 +77,19 @@ export const ZDeleteDocumentRecipientRequestSchema = z.object({
   recipientId: z.number(),
 });
 
-export const ZSetDocumentRecipientsRequestSchema = z
-  .object({
-    documentId: z.number(),
-    recipients: z.array(
-      z.object({
-        nativeId: z.number().optional(),
-        email: z.string().toLowerCase().email().min(1).max(254),
-        name: z.string().max(255),
-        role: z.nativeEnum(RecipientRole),
-        signingOrder: z.number().optional(),
-        actionAuth: z.array(ZRecipientActionAuthTypesSchema).optional().default([]),
-      }),
-    ),
-  })
-  .refine(
-    (schema) => {
-      const emails = schema.recipients.map((recipient) => recipient.email.toLowerCase());
-
-      return new Set(emails).size === emails.length;
-    },
-    // Dirty hack to handle errors when .root is populated for an array type
-    { message: 'Recipients must have unique emails', path: ['recipients__root'] },
-  );
+export const ZSetDocumentRecipientsRequestSchema = z.object({
+  documentId: z.number(),
+  recipients: z.array(
+    z.object({
+      nativeId: z.number().optional(),
+      email: z.string().toLowerCase().email().min(1).max(254),
+      name: z.string().max(255),
+      role: z.nativeEnum(RecipientRole),
+      signingOrder: z.number().optional(),
+      actionAuth: z.array(ZRecipientActionAuthTypesSchema).optional().default([]),
+    }),
+  ),
+});
 
 export const ZSetDocumentRecipientsResponseSchema = z.object({
   recipients: ZRecipientLiteSchema.array(),
@@ -134,16 +104,7 @@ export const ZCreateTemplateRecipientResponseSchema = ZRecipientLiteSchema;
 
 export const ZCreateTemplateRecipientsRequestSchema = z.object({
   templateId: z.number(),
-  recipients: z.array(ZCreateRecipientSchema).refine(
-    (recipients) => {
-      const emails = recipients.map((recipient) => recipient.email);
-
-      return new Set(emails).size === emails.length;
-    },
-    {
-      message: 'Recipients must have unique emails',
-    },
-  ),
+  recipients: z.array(ZCreateRecipientSchema),
 });
 
 export const ZCreateTemplateRecipientsResponseSchema = z.object({
@@ -159,18 +120,7 @@ export const ZUpdateTemplateRecipientResponseSchema = ZRecipientSchema;
 
 export const ZUpdateTemplateRecipientsRequestSchema = z.object({
   templateId: z.number(),
-  recipients: z.array(ZUpdateRecipientSchema).refine(
-    (recipients) => {
-      const emails = recipients
-        .filter((recipient) => recipient.email !== undefined)
-        .map((recipient) => recipient.email);
-
-      return new Set(emails).size === emails.length;
-    },
-    {
-      message: 'Recipients must have unique emails',
-    },
-  ),
+  recipients: z.array(ZUpdateRecipientSchema),
 });
 
 export const ZUpdateTemplateRecipientsResponseSchema = z.object({
@@ -181,43 +131,30 @@ export const ZDeleteTemplateRecipientRequestSchema = z.object({
   recipientId: z.number(),
 });
 
-export const ZSetTemplateRecipientsRequestSchema = z
-  .object({
-    templateId: z.number(),
-    recipients: z.array(
-      z.object({
-        nativeId: z.number().optional(),
-        email: z
-          .string()
-          .toLowerCase()
-          .refine(
-            (email) => {
-              return (
-                isTemplateRecipientEmailPlaceholder(email) ||
-                z.string().email().safeParse(email).success
-              );
-            },
-            { message: 'Please enter a valid email address' },
-          ),
-        name: z.string(),
-        role: z.nativeEnum(RecipientRole),
-        signingOrder: z.number().optional(),
-        actionAuth: z.array(ZRecipientActionAuthTypesSchema).optional().default([]),
-      }),
-    ),
-  })
-  .refine(
-    (schema) => {
-      // Filter out placeholder emails and only check uniqueness for actual emails
-      const nonPlaceholderEmails = schema.recipients
-        .map((recipient) => recipient.email)
-        .filter((email) => !isTemplateRecipientEmailPlaceholder(email));
-
-      return new Set(nonPlaceholderEmails).size === nonPlaceholderEmails.length;
-    },
-    // Dirty hack to handle errors when .root is populated for an array type
-    { message: 'Recipients must have unique emails', path: ['recipients__root'] },
-  );
+export const ZSetTemplateRecipientsRequestSchema = z.object({
+  templateId: z.number(),
+  recipients: z.array(
+    z.object({
+      nativeId: z.number().optional(),
+      email: z
+        .string()
+        .toLowerCase()
+        .refine(
+          (email) => {
+            return (
+              isTemplateRecipientEmailPlaceholder(email) ||
+              z.string().email().safeParse(email).success
+            );
+          },
+          { message: 'Please enter a valid email address' },
+        ),
+      name: z.string(),
+      role: z.nativeEnum(RecipientRole),
+      signingOrder: z.number().optional(),
+      actionAuth: z.array(ZRecipientActionAuthTypesSchema).optional().default([]),
+    }),
+  ),
+});
 
 export const ZSetTemplateRecipientsResponseSchema = z.object({
   recipients: ZRecipientLiteSchema.array(),
diff --git a/packages/trpc/server/template-router/schema.ts b/packages/trpc/server/template-router/schema.ts
index 452ade10c..a00717f33 100644
--- a/packages/trpc/server/template-router/schema.ts
+++ b/packages/trpc/server/template-router/schema.ts
@@ -101,12 +101,7 @@ export const ZCreateDocumentFromTemplateRequestSchema = z.object({
         name: z.string().max(255).optional(),
       }),
     )
-    .describe('The information of the recipients to create the document with.')
-    .refine((recipients) => {
-      const emails = recipients.map((signer) => signer.email);
-
-      return new Set(emails).size === emails.length;
-    }, 'Recipients must have unique emails'),
+    .describe('The information of the recipients to create the document with.'),
   distributeDocument: z
     .boolean()
     .describe('Whether to create the document as pending and distribute it to recipients.')
diff --git a/packages/ui/components/document/document-read-only-fields.tsx b/packages/ui/components/document/document-read-only-fields.tsx
index d1c96f8a9..4ea0d6c89 100644
--- a/packages/ui/components/document/document-read-only-fields.tsx
+++ b/packages/ui/components/document/document-read-only-fields.tsx
@@ -105,6 +105,7 @@ export const DocumentReadOnlyFields = ({
             <FieldRootContainer
               field={field}
               key={field.id}
+              readonly={true}
               color={
                 showRecipientColors
                   ? getRecipientColorStyles(
diff --git a/packages/ui/components/field/field.tsx b/packages/ui/components/field/field.tsx
index e28e7b0c5..2886230b3 100644
--- a/packages/ui/components/field/field.tsx
+++ b/packages/ui/components/field/field.tsx
@@ -70,9 +70,16 @@ export type FieldRootContainerProps = {
   color?: RecipientColorStyles;
   children: React.ReactNode;
   className?: string;
+  readonly?: boolean;
 };
 
-export function FieldRootContainer({ field, children, color, className }: FieldRootContainerProps) {
+export function FieldRootContainer({
+  field,
+  children,
+  color,
+  className,
+  readonly,
+}: FieldRootContainerProps) {
   const [isValidating, setIsValidating] = useState(false);
   const ref = React.useRef<HTMLDivElement>(null);
 
@@ -103,6 +110,7 @@ export function FieldRootContainer({ field, children, color, className }: FieldR
         ref={ref}
         data-field-type={field.type}
         data-inserted={field.inserted ? 'true' : 'false'}
+        data-readonly={readonly ? 'true' : 'false'}
         className={cn(
           'field--FieldRootContainer field-card-container dark-mode-disabled group relative z-20 flex h-full w-full items-center rounded-[2px] bg-white/90 ring-2 ring-gray-200 transition-all',
           color?.base,
diff --git a/packages/ui/primitives/document-flow/add-fields.tsx b/packages/ui/primitives/document-flow/add-fields.tsx
index 820696e0e..eef021fe0 100644
--- a/packages/ui/primitives/document-flow/add-fields.tsx
+++ b/packages/ui/primitives/document-flow/add-fields.tsx
@@ -1,5 +1,6 @@
 import { useCallback, useEffect, useMemo, useRef, useState } from 'react';
 
+import { zodResolver } from '@hookform/resolvers/zod';
 import { msg } from '@lingui/core/macro';
 import { useLingui } from '@lingui/react';
 import { Trans } from '@lingui/react/macro';
@@ -46,7 +47,7 @@ import { Form } from '../form/form';
 import { RecipientSelector } from '../recipient-selector';
 import { useStep } from '../stepper';
 import { useToast } from '../use-toast';
-import type { TAddFieldsFormSchema } from './add-fields.types';
+import { type TAddFieldsFormSchema, ZAddFieldsFormSchema } from './add-fields.types';
 import {
   DocumentFlowFormContainerActions,
   DocumentFlowFormContainerContent,
@@ -75,6 +76,7 @@ export type FieldFormType = {
   pageWidth: number;
   pageHeight: number;
   signerEmail: string;
+  recipientId: number;
   fieldMeta?: FieldMeta;
 };
 
@@ -127,9 +129,11 @@ export const AddFieldsFormPartial = ({
         pageHeight: Number(field.height),
         signerEmail:
           recipients.find((recipient) => recipient.id === field.recipientId)?.email ?? '',
+        recipientId: field.recipientId,
         fieldMeta: field.fieldMeta ? ZFieldMetaSchema.parse(field.fieldMeta) : undefined,
       })),
     },
+    resolver: zodResolver(ZAddFieldsFormSchema),
   });
 
   useHotkeys(['ctrl+c', 'meta+c'], (evt) => onFieldCopy(evt));
@@ -323,6 +327,7 @@ export const AddFieldsFormPartial = ({
 
       const field = {
         formId: nanoid(12),
+        nativeId: undefined,
         type: selectedField,
         pageNumber,
         pageX,
@@ -330,6 +335,7 @@ export const AddFieldsFormPartial = ({
         pageWidth: fieldPageWidth,
         pageHeight: fieldPageHeight,
         signerEmail: selectedSigner.email,
+        recipientId: selectedSigner.id,
         fieldMeta: undefined,
       };
 
@@ -414,6 +420,7 @@ export const AddFieldsFormPartial = ({
             nativeId: undefined,
             formId: nanoid(12),
             signerEmail: selectedSigner?.email ?? lastActiveField.signerEmail,
+            recipientId: selectedSigner?.id ?? lastActiveField.recipientId,
             pageX: lastActiveField.pageX + 3,
             pageY: lastActiveField.pageY + 3,
           };
@@ -438,6 +445,7 @@ export const AddFieldsFormPartial = ({
               nativeId: undefined,
               formId: nanoid(12),
               signerEmail: selectedSigner?.email ?? lastActiveField.signerEmail,
+              recipientId: selectedSigner?.id ?? lastActiveField.recipientId,
               pageNumber,
             };
 
@@ -470,6 +478,7 @@ export const AddFieldsFormPartial = ({
           nativeId: undefined,
           formId: nanoid(12),
           signerEmail: selectedSigner?.email ?? copiedField.signerEmail,
+          recipientId: selectedSigner?.id ?? copiedField.recipientId,
           pageX: copiedField.pageX + 3,
           pageY: copiedField.pageY + 3,
         });
@@ -663,7 +672,7 @@ export const AddFieldsFormPartial = ({
 
               {isDocumentPdfLoaded &&
                 localFields.map((field, index) => {
-                  const recipientIndex = recipients.findIndex((r) => r.email === field.signerEmail);
+                  const recipientIndex = recipients.findIndex((r) => r.id === field.recipientId);
                   const hasFieldError =
                     emptyCheckboxFields.find((f) => f.formId === field.formId) ||
                     emptyRadioFields.find((f) => f.formId === field.formId) ||
diff --git a/packages/ui/primitives/document-flow/add-fields.types.ts b/packages/ui/primitives/document-flow/add-fields.types.ts
index 6ec2fade3..7e1a4a170 100644
--- a/packages/ui/primitives/document-flow/add-fields.types.ts
+++ b/packages/ui/primitives/document-flow/add-fields.types.ts
@@ -10,6 +10,7 @@ export const ZAddFieldsFormSchema = z.object({
       nativeId: z.number().optional(),
       type: z.nativeEnum(FieldType),
       signerEmail: z.string().min(1),
+      recipientId: z.number().min(1),
       pageNumber: z.number().min(1),
       pageX: z.number().min(0),
       pageY: z.number().min(0),
diff --git a/packages/ui/primitives/document-flow/add-signers.tsx b/packages/ui/primitives/document-flow/add-signers.tsx
index 43caa8fe1..bd86d8ea5 100644
--- a/packages/ui/primitives/document-flow/add-signers.tsx
+++ b/packages/ui/primitives/document-flow/add-signers.tsx
@@ -53,6 +53,10 @@ import {
 import { SigningOrderConfirmation } from './signing-order-confirmation';
 import type { DocumentFlowStep } from './types';
 
+type AutoSaveResponse = {
+  recipients: Recipient[];
+};
+
 export type AddSignersFormProps = {
   documentFlow: DocumentFlowStep;
   recipients: Recipient[];
@@ -60,7 +64,7 @@ export type AddSignersFormProps = {
   signingOrder?: DocumentSigningOrder | null;
   allowDictateNextSigner?: boolean;
   onSubmit: (_data: TAddSignersFormSchema) => void;
-  onAutoSave: (_data: TAddSignersFormSchema) => Promise<void>;
+  onAutoSave: (_data: TAddSignersFormSchema) => Promise<AutoSaveResponse>;
   isDocumentPdfLoaded: boolean;
 };
 
@@ -208,7 +212,44 @@ export const AddSignersFormPartial = ({
 
     const formData = form.getValues();
 
-    scheduleSave(formData);
+    scheduleSave(formData, (response) => {
+      // Sync the response recipients back to form state to prevent duplicates
+      if (response?.recipients) {
+        const currentSigners = form.getValues('signers');
+        const updatedSigners = currentSigners.map((signer) => {
+          // Find the matching recipient from the response using nativeId
+          const matchingRecipient = response.recipients.find(
+            (recipient) => recipient.id === signer.nativeId,
+          );
+
+          if (matchingRecipient) {
+            // Update the signer with the server-returned data, especially the ID
+            return {
+              ...signer,
+              nativeId: matchingRecipient.id,
+            };
+          }
+
+          // For new signers without nativeId, match by email and update with server ID
+          if (!signer.nativeId) {
+            const newRecipient = response.recipients.find(
+              (recipient) => recipient.email === signer.email,
+            );
+            if (newRecipient) {
+              return {
+                ...signer,
+                nativeId: newRecipient.id,
+              };
+            }
+          }
+
+          return signer;
+        });
+
+        // Update the form state with the synced data
+        form.setValue('signers', updatedSigners, { shouldValidate: false });
+      }
+    });
   };
 
   const emptySignerIndex = watchedSigners.findIndex((signer) => !signer.name && !signer.email);
diff --git a/packages/ui/primitives/document-flow/add-signers.types.ts b/packages/ui/primitives/document-flow/add-signers.types.ts
index 05e6fea73..ec56c253b 100644
--- a/packages/ui/primitives/document-flow/add-signers.types.ts
+++ b/packages/ui/primitives/document-flow/add-signers.types.ts
@@ -4,33 +4,23 @@ import { z } from 'zod';
 
 import { ZRecipientActionAuthTypesSchema } from '@documenso/lib/types/document-auth';
 
-export const ZAddSignersFormSchema = z
-  .object({
-    signers: z.array(
-      z.object({
-        formId: z.string().min(1),
-        nativeId: z.number().optional(),
-        email: z
-          .string()
-          .email({ message: msg`Invalid email`.id })
-          .min(1),
-        name: z.string(),
-        role: z.nativeEnum(RecipientRole),
-        signingOrder: z.number().optional(),
-        actionAuth: z.array(ZRecipientActionAuthTypesSchema).optional().default([]),
-      }),
-    ),
-    signingOrder: z.nativeEnum(DocumentSigningOrder),
-    allowDictateNextSigner: z.boolean().default(false),
-  })
-  .refine(
-    (schema) => {
-      const emails = schema.signers.map((signer) => signer.email.toLowerCase());
-
-      return new Set(emails).size === emails.length;
-    },
-    // Dirty hack to handle errors when .root is populated for an array type
-    { message: msg`Signers must have unique emails`.id, path: ['signers__root'] },
-  );
+export const ZAddSignersFormSchema = z.object({
+  signers: z.array(
+    z.object({
+      formId: z.string().min(1),
+      nativeId: z.number().optional(),
+      email: z
+        .string()
+        .email({ message: msg`Invalid email`.id })
+        .min(1),
+      name: z.string(),
+      role: z.nativeEnum(RecipientRole),
+      signingOrder: z.number().optional(),
+      actionAuth: z.array(ZRecipientActionAuthTypesSchema).optional().default([]),
+    }),
+  ),
+  signingOrder: z.nativeEnum(DocumentSigningOrder),
+  allowDictateNextSigner: z.boolean().default(false),
+});
 
 export type TAddSignersFormSchema = z.infer<typeof ZAddSignersFormSchema>;
diff --git a/packages/ui/primitives/document-flow/field-item.tsx b/packages/ui/primitives/document-flow/field-item.tsx
index da09ed471..40c2684da 100644
--- a/packages/ui/primitives/document-flow/field-item.tsx
+++ b/packages/ui/primitives/document-flow/field-item.tsx
@@ -299,6 +299,8 @@ export const FieldItem = ({
         }}
         ref={$el}
         data-field-id={field.nativeId}
+        data-field-type={field.type}
+        data-recipient-id={field.recipientId}
       >
         <FieldContent field={field} />
 
diff --git a/packages/ui/primitives/document-flow/types.ts b/packages/ui/primitives/document-flow/types.ts
index 2e57f0ff0..1551ed72c 100644
--- a/packages/ui/primitives/document-flow/types.ts
+++ b/packages/ui/primitives/document-flow/types.ts
@@ -8,19 +8,14 @@ import { ZFieldMetaSchema } from '@documenso/lib/types/field-meta';
 export const ZDocumentFlowFormSchema = z.object({
   title: z.string().min(1),
 
-  signers: z
-    .array(
-      z.object({
-        formId: z.string().min(1),
-        nativeId: z.number().optional(),
-        email: z.string().min(1).email(),
-        name: z.string(),
-      }),
-    )
-    .refine((signers) => {
-      const emails = signers.map((signer) => signer.email);
-      return new Set(emails).size === emails.length;
-    }, 'Signers must have unique emails'),
+  signers: z.array(
+    z.object({
+      formId: z.string().min(1),
+      nativeId: z.number().optional(),
+      email: z.string().min(1).email(),
+      name: z.string(),
+    }),
+  ),
 
   fields: z.array(
     z.object({
@@ -28,6 +23,7 @@ export const ZDocumentFlowFormSchema = z.object({
       nativeId: z.number().optional(),
       type: z.nativeEnum(FieldType),
       signerEmail: z.string().min(1).optional(),
+      recipientId: z.number().min(1),
       pageNumber: z.number().min(1),
       pageX: z.number().min(0),
       pageY: z.number().min(0),
diff --git a/packages/ui/primitives/template-flow/add-template-fields.tsx b/packages/ui/primitives/template-flow/add-template-fields.tsx
index b6471bc61..7db417036 100644
--- a/packages/ui/primitives/template-flow/add-template-fields.tsx
+++ b/packages/ui/primitives/template-flow/add-template-fields.tsx
@@ -1,5 +1,6 @@
 import { useCallback, useEffect, useMemo, useRef, useState } from 'react';
 
+import { zodResolver } from '@hookform/resolvers/zod';
 import { msg } from '@lingui/core/macro';
 import { useLingui } from '@lingui/react';
 import { Trans } from '@lingui/react/macro';
@@ -61,7 +62,10 @@ import type { FieldFormType } from '../document-flow/add-fields';
 import { FieldAdvancedSettings } from '../document-flow/field-item-advanced-settings';
 import { Form } from '../form/form';
 import { useStep } from '../stepper';
-import type { TAddTemplateFieldsFormSchema } from './add-template-fields.types';
+import {
+  type TAddTemplateFieldsFormSchema,
+  ZAddTemplateFieldsFormSchema,
+} from './add-template-fields.types';
 
 const MIN_HEIGHT_PX = 12;
 const MIN_WIDTH_PX = 36;
@@ -112,7 +116,7 @@ export const AddTemplateFieldsFormPartial = ({
         pageY: Number(field.positionY),
         pageWidth: Number(field.width),
         pageHeight: Number(field.height),
-        signerId: field.recipientId ?? -1,
+        recipientId: field.recipientId ?? -1,
         signerEmail:
           recipients.find((recipient) => recipient.id === field.recipientId)?.email ?? '',
         signerToken:
@@ -120,6 +124,7 @@ export const AddTemplateFieldsFormPartial = ({
         fieldMeta: field.fieldMeta ? ZFieldMetaSchema.parse(field.fieldMeta) : undefined,
       })),
     },
+    resolver: zodResolver(ZAddTemplateFieldsFormSchema),
   });
 
   const onFormSubmit = form.handleSubmit(onSubmit);
@@ -170,7 +175,7 @@ export const AddTemplateFieldsFormPartial = ({
             nativeId: undefined,
             formId: nanoid(12),
             signerEmail: selectedSigner?.email ?? lastActiveField.signerEmail,
-            signerId: selectedSigner?.id ?? lastActiveField.signerId,
+            recipientId: selectedSigner?.id ?? lastActiveField.recipientId,
             signerToken: selectedSigner?.token ?? lastActiveField.signerToken,
             pageX: lastActiveField.pageX + 3,
             pageY: lastActiveField.pageY + 3,
@@ -197,7 +202,7 @@ export const AddTemplateFieldsFormPartial = ({
               nativeId: undefined,
               formId: nanoid(12),
               signerEmail: selectedSigner?.email ?? lastActiveField.signerEmail,
-              signerId: selectedSigner?.id ?? lastActiveField.signerId,
+              recipientId: selectedSigner?.id ?? lastActiveField.recipientId,
               signerToken: selectedSigner?.token ?? lastActiveField.signerToken,
               pageNumber,
             };
@@ -240,7 +245,7 @@ export const AddTemplateFieldsFormPartial = ({
           formId: nanoid(12),
           nativeId: undefined,
           signerEmail: selectedSigner?.email ?? copiedField.signerEmail,
-          signerId: selectedSigner?.id ?? copiedField.signerId,
+          recipientId: selectedSigner?.id ?? copiedField.recipientId,
           signerToken: selectedSigner?.token ?? copiedField.signerToken,
           pageX: copiedField.pageX + 3,
           pageY: copiedField.pageY + 3,
@@ -371,7 +376,7 @@ export const AddTemplateFieldsFormPartial = ({
         pageWidth: fieldPageWidth,
         pageHeight: fieldPageHeight,
         signerEmail: selectedSigner.email,
-        signerId: selectedSigner.id,
+        recipientId: selectedSigner.id,
         signerToken: selectedSigner.token ?? '',
         fieldMeta: undefined,
       };
@@ -597,14 +602,14 @@ export const AddTemplateFieldsFormPartial = ({
               )}
 
               {localFields.map((field, index) => {
-                const recipientIndex = recipients.findIndex((r) => r.email === field.signerEmail);
+                const recipientIndex = recipients.findIndex((r) => r.id === field.recipientId);
 
                 return (
                   <FieldItem
                     key={index}
                     recipientIndex={recipientIndex === -1 ? 0 : recipientIndex}
                     field={field}
-                    disabled={selectedSigner?.email !== field.signerEmail}
+                    disabled={selectedSigner?.id !== field.recipientId}
                     minHeight={MIN_HEIGHT_PX}
                     minWidth={MIN_WIDTH_PX}
                     defaultHeight={DEFAULT_HEIGHT_PX}
diff --git a/packages/ui/primitives/template-flow/add-template-fields.types.ts b/packages/ui/primitives/template-flow/add-template-fields.types.ts
index 61686f52c..95be1bb13 100644
--- a/packages/ui/primitives/template-flow/add-template-fields.types.ts
+++ b/packages/ui/primitives/template-flow/add-template-fields.types.ts
@@ -10,8 +10,8 @@ export const ZAddTemplateFieldsFormSchema = z.object({
       nativeId: z.number().optional(),
       type: z.nativeEnum(FieldType),
       signerEmail: z.string().min(1),
+      recipientId: z.number().min(1),
       signerToken: z.string(),
-      signerId: z.number().optional(),
       pageNumber: z.number().min(1),
       pageX: z.number().min(0),
       pageY: z.number().min(0),
diff --git a/packages/ui/primitives/template-flow/add-template-placeholder-recipients.tsx b/packages/ui/primitives/template-flow/add-template-placeholder-recipients.tsx
index 7d0899574..d96e5fca9 100644
--- a/packages/ui/primitives/template-flow/add-template-placeholder-recipients.tsx
+++ b/packages/ui/primitives/template-flow/add-template-placeholder-recipients.tsx
@@ -48,6 +48,10 @@ import { Tooltip, TooltipContent, TooltipTrigger } from '../tooltip';
 import type { TAddTemplatePlacholderRecipientsFormSchema } from './add-template-placeholder-recipients.types';
 import { ZAddTemplatePlacholderRecipientsFormSchema } from './add-template-placeholder-recipients.types';
 
+type AutoSaveResponse = {
+  recipients: Recipient[];
+};
+
 export type AddTemplatePlaceholderRecipientsFormProps = {
   documentFlow: DocumentFlowStep;
   recipients: Recipient[];
@@ -56,7 +60,7 @@ export type AddTemplatePlaceholderRecipientsFormProps = {
   allowDictateNextSigner?: boolean;
   templateDirectLink?: TemplateDirectLink | null;
   onSubmit: (_data: TAddTemplatePlacholderRecipientsFormSchema) => void;
-  onAutoSave: (_data: TAddTemplatePlacholderRecipientsFormSchema) => Promise<void>;
+  onAutoSave: (_data: TAddTemplatePlacholderRecipientsFormSchema) => Promise<AutoSaveResponse>;
   isDocumentPdfLoaded: boolean;
 };
 
@@ -146,7 +150,44 @@ export const AddTemplatePlaceholderRecipientsFormPartial = ({
 
     const formData = form.getValues();
 
-    scheduleSave(formData);
+    scheduleSave(formData, (response) => {
+      // Sync the response recipients back to form state to prevent duplicates
+      if (response?.recipients) {
+        const currentSigners = form.getValues('signers');
+        const updatedSigners = currentSigners.map((signer) => {
+          // Find the matching recipient from the response using nativeId
+          const matchingRecipient = response.recipients.find(
+            (recipient) => recipient.id === signer.nativeId,
+          );
+
+          if (matchingRecipient) {
+            // Update the signer with the server-returned data, especially the ID
+            return {
+              ...signer,
+              nativeId: matchingRecipient.id,
+            };
+          }
+
+          // For new signers without nativeId, match by email and update with server ID
+          if (!signer.nativeId) {
+            const newRecipient = response.recipients.find(
+              (recipient) => recipient.email === signer.email,
+            );
+            if (newRecipient) {
+              return {
+                ...signer,
+                nativeId: newRecipient.id,
+              };
+            }
+          }
+
+          return signer;
+        });
+
+        // Update the form state with the synced data
+        form.setValue('signers', updatedSigners, { shouldValidate: false });
+      }
+    });
   };
 
   // useEffect(() => {
diff --git a/packages/ui/primitives/template-flow/add-template-placeholder-recipients.types.ts b/packages/ui/primitives/template-flow/add-template-placeholder-recipients.types.ts
index 187f99e57..538f3cef1 100644
--- a/packages/ui/primitives/template-flow/add-template-placeholder-recipients.types.ts
+++ b/packages/ui/primitives/template-flow/add-template-placeholder-recipients.types.ts
@@ -1,7 +1,6 @@
 import { DocumentSigningOrder, RecipientRole } from '@prisma/client';
 import { z } from 'zod';
 
-import { TEMPLATE_RECIPIENT_EMAIL_PLACEHOLDER_REGEX } from '@documenso/lib/constants/template';
 import { ZRecipientActionAuthTypesSchema } from '@documenso/lib/types/document-auth';
 
 export const ZAddTemplatePlacholderRecipientsFormSchema = z
@@ -20,17 +19,7 @@ export const ZAddTemplatePlacholderRecipientsFormSchema = z
     signingOrder: z.nativeEnum(DocumentSigningOrder),
     allowDictateNextSigner: z.boolean().default(false),
   })
-  .refine(
-    (schema) => {
-      const nonPlaceholderEmails = schema.signers
-        .map((signer) => signer.email.toLowerCase())
-        .filter((email) => !TEMPLATE_RECIPIENT_EMAIL_PLACEHOLDER_REGEX.test(email));
 
-      return new Set(nonPlaceholderEmails).size === nonPlaceholderEmails.length;
-    },
-    // Dirty hack to handle errors when .root is populated for an array type
-    { message: 'Signers must have unique emails', path: ['signers__root'] },
-  )
   .refine(
     /*
       Since placeholder emails are empty, we need to check that the names are unique.

From 197d17ed7ba8ce4f484a35aed68a98ca13c97f61 Mon Sep 17 00:00:00 2001
From: Lucas Smith <me@lucasjamessmith.me>
Date: Tue, 23 Sep 2025 21:00:48 +1000
Subject: [PATCH 29/47] v1.12.5

---
 apps/remix/package.json | 2 +-
 package-lock.json       | 6 +++---
 package.json            | 2 +-
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/apps/remix/package.json b/apps/remix/package.json
index c902bd18a..a500e6076 100644
--- a/apps/remix/package.json
+++ b/apps/remix/package.json
@@ -101,5 +101,5 @@
     "vite-plugin-babel-macros": "^1.0.6",
     "vite-tsconfig-paths": "^5.1.4"
   },
-  "version": "1.12.4"
+  "version": "1.12.5"
 }
diff --git a/package-lock.json b/package-lock.json
index b5fbc09c7..efdc4e43e 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,12 +1,12 @@
 {
   "name": "@documenso/root",
-  "version": "1.12.4",
+  "version": "1.12.5",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "@documenso/root",
-      "version": "1.12.4",
+      "version": "1.12.5",
       "workspaces": [
         "apps/*",
         "packages/*"
@@ -89,7 +89,7 @@
     },
     "apps/remix": {
       "name": "@documenso/remix",
-      "version": "1.12.4",
+      "version": "1.12.5",
       "dependencies": {
         "@documenso/api": "*",
         "@documenso/assets": "*",
diff --git a/package.json b/package.json
index f976fcda0..6a09e4d24 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "private": true,
-  "version": "1.12.4",
+  "version": "1.12.5",
   "scripts": {
     "build": "turbo run build",
     "dev": "turbo run dev --filter=@documenso/remix",

From 53f29daf506e4b29f9579a5181bce82a38bc9c1b Mon Sep 17 00:00:00 2001
From: Catalin Pit <catalinpit@gmail.com>
Date: Wed, 24 Sep 2025 14:46:04 +0300
Subject: [PATCH 30/47] fix: allow dates with and without time (#2038)

---
 packages/lib/constants/date-formats.ts | 92 +++++++++++++++++---------
 1 file changed, 59 insertions(+), 33 deletions(-)

diff --git a/packages/lib/constants/date-formats.ts b/packages/lib/constants/date-formats.ts
index 95a254705..a02030a45 100644
--- a/packages/lib/constants/date-formats.ts
+++ b/packages/lib/constants/date-formats.ts
@@ -2,19 +2,23 @@ import { DateTime } from 'luxon';
 
 import { DEFAULT_DOCUMENT_TIME_ZONE } from './time-zones';
 
-export const DEFAULT_DOCUMENT_DATE_FORMAT = 'yyyy-MM-dd hh:mm a';
+export const DEFAULT_DOCUMENT_DATE_FORMAT = 'yyyy-MM-dd HH:mm';
 
 export const VALID_DATE_FORMAT_VALUES = [
   DEFAULT_DOCUMENT_DATE_FORMAT,
   'yyyy-MM-dd',
-  'dd/MM/yyyy hh:mm a',
-  'MM/dd/yyyy hh:mm a',
+  'dd/MM/yyyy',
+  'MM/dd/yyyy',
+  'dd.MM.yyyy',
+  'yy-MM-dd',
+  'MMMM dd, yyyy',
+  'EEEE, MMMM dd, yyyy',
+  'dd/MM/yyyy HH:mm',
+  'MM/dd/yyyy HH:mm',
   'dd.MM.yyyy HH:mm',
-  'yyyy-MM-dd HH:mm',
-  'yy-MM-dd hh:mm a',
-  'yyyy-MM-dd HH:mm:ss',
-  'MMMM dd, yyyy hh:mm a',
-  'EEEE, MMMM dd, yyyy hh:mm a',
+  'yy-MM-dd HH:mm',
+  'MMMM dd, yyyy HH:mm',
+  'EEEE, MMMM dd, yyyy HH:mm',
   "yyyy-MM-dd'T'HH:mm:ss.SSSXXX",
 ] as const;
 
@@ -22,10 +26,47 @@ export type ValidDateFormat = (typeof VALID_DATE_FORMAT_VALUES)[number];
 
 export const DATE_FORMATS = [
   {
-    key: 'yyyy-MM-dd_hh:mm_a',
-    label: 'YYYY-MM-DD HH:mm a',
+    key: 'yyyy-MM-dd_HH:mm',
+    label: 'YYYY-MM-DD HH:mm',
     value: DEFAULT_DOCUMENT_DATE_FORMAT,
   },
+  {
+    key: 'DDMMYYYY_TIME',
+    label: 'DD/MM/YYYY HH:mm',
+    value: 'dd/MM/yyyy HH:mm',
+  },
+  {
+    key: 'MMDDYYYY_TIME',
+    label: 'MM/DD/YYYY HH:mm',
+    value: 'MM/dd/yyyy HH:mm',
+  },
+  {
+    key: 'DDMMYYYYHHMM',
+    label: 'DD.MM.YYYY HH:mm',
+    value: 'dd.MM.yyyy HH:mm',
+  },
+
+  {
+    key: 'YYMMDD_TIME',
+    label: 'YY-MM-DD HH:mm',
+    value: 'yy-MM-dd HH:mm',
+  },
+
+  {
+    key: 'MonthDateYear_TIME',
+    label: 'Month Date, Year HH:mm',
+    value: 'MMMM dd, yyyy HH:mm',
+  },
+  {
+    key: 'DayMonthYear_TIME',
+    label: 'Day, Month Year HH:mm',
+    value: 'EEEE, MMMM dd, yyyy HH:mm',
+  },
+  {
+    key: 'ISO8601',
+    label: 'ISO 8601',
+    value: "yyyy-MM-dd'T'HH:mm:ss.SSSXXX",
+  },
   {
     key: 'YYYYMMDD',
     label: 'YYYY-MM-DD',
@@ -34,47 +75,32 @@ export const DATE_FORMATS = [
   {
     key: 'DDMMYYYY',
     label: 'DD/MM/YYYY',
-    value: 'dd/MM/yyyy hh:mm a',
+    value: 'dd/MM/yyyy',
   },
   {
     key: 'MMDDYYYY',
     label: 'MM/DD/YYYY',
-    value: 'MM/dd/yyyy hh:mm a',
+    value: 'MM/dd/yyyy',
   },
   {
-    key: 'DDMMYYYYHHMM',
-    label: 'DD.MM.YYYY HH:mm',
-    value: 'dd.MM.yyyy HH:mm',
-  },
-  {
-    key: 'YYYYMMDDHHmm',
-    label: 'YYYY-MM-DD HH:mm',
-    value: 'yyyy-MM-dd HH:mm',
+    key: 'DDMMYYYY_DOT',
+    label: 'DD.MM.YYYY',
+    value: 'dd.MM.yyyy',
   },
   {
     key: 'YYMMDD',
     label: 'YY-MM-DD',
-    value: 'yy-MM-dd hh:mm a',
-  },
-  {
-    key: 'YYYYMMDDhhmmss',
-    label: 'YYYY-MM-DD HH:mm:ss',
-    value: 'yyyy-MM-dd HH:mm:ss',
+    value: 'yy-MM-dd',
   },
   {
     key: 'MonthDateYear',
     label: 'Month Date, Year',
-    value: 'MMMM dd, yyyy hh:mm a',
+    value: 'MMMM dd, yyyy',
   },
   {
     key: 'DayMonthYear',
     label: 'Day, Month Year',
-    value: 'EEEE, MMMM dd, yyyy hh:mm a',
-  },
-  {
-    key: 'ISO8601',
-    label: 'ISO 8601',
-    value: "yyyy-MM-dd'T'HH:mm:ss.SSSXXX",
+    value: 'EEEE, MMMM dd, yyyy',
   },
 ] satisfies {
   key: string;

From 8590502338b64c37b3b06b8a2ca0ba96d8a711aa Mon Sep 17 00:00:00 2001
From: Catalin Pit <catalinpit@gmail.com>
Date: Wed, 24 Sep 2025 16:06:41 +0300
Subject: [PATCH 31/47] fix: file upload error messages (#2041)

---
 .../document/document-drop-zone-wrapper.tsx   | 50 ++++++++++++++++---
 .../template/template-drop-zone-wrapper.tsx   | 50 ++++++++++++++++---
 2 files changed, 87 insertions(+), 13 deletions(-)

diff --git a/apps/remix/app/components/general/document/document-drop-zone-wrapper.tsx b/apps/remix/app/components/general/document/document-drop-zone-wrapper.tsx
index e5fe18636..84b1dfc4a 100644
--- a/apps/remix/app/components/general/document/document-drop-zone-wrapper.tsx
+++ b/apps/remix/app/components/general/document/document-drop-zone-wrapper.tsx
@@ -4,7 +4,7 @@ import { msg } from '@lingui/core/macro';
 import { useLingui } from '@lingui/react';
 import { Trans } from '@lingui/react/macro';
 import { Loader } from 'lucide-react';
-import { useDropzone } from 'react-dropzone';
+import { ErrorCode, type FileRejection, useDropzone } from 'react-dropzone';
 import { Link, useNavigate, useParams } from 'react-router';
 import { match } from 'ts-pattern';
 
@@ -108,15 +108,51 @@ export const DocumentDropZoneWrapper = ({ children, className }: DocumentDropZon
     }
   };
 
-  const onFileDropRejected = () => {
+  const onFileDropRejected = (fileRejections: FileRejection[]) => {
+    if (!fileRejections.length) {
+      return;
+    }
+
+    // Since users can only upload only one file (no multi-upload), we only handle the first file rejection
+    const { file, errors } = fileRejections[0];
+
+    if (!errors.length) {
+      return;
+    }
+
+    const errorNodes = errors.map((error, index) => (
+      <span key={index} className="block">
+        {match(error.code)
+          .with(ErrorCode.FileTooLarge, () => (
+            <Trans>File is larger than {APP_DOCUMENT_UPLOAD_SIZE_LIMIT}MB</Trans>
+          ))
+          .with(ErrorCode.FileInvalidType, () => <Trans>Only PDF files are allowed</Trans>)
+          .with(ErrorCode.FileTooSmall, () => <Trans>File is too small</Trans>)
+          .with(ErrorCode.TooManyFiles, () => (
+            <Trans>Only one file can be uploaded at a time</Trans>
+          ))
+          .otherwise(() => (
+            <Trans>Unknown error</Trans>
+          ))}
+      </span>
+    ));
+
+    const description = (
+      <>
+        <span className="font-medium">
+          {file.name} <Trans>couldn't be uploaded:</Trans>
+        </span>
+        {errorNodes}
+      </>
+    );
+
     toast({
-      title: _(msg`Your document failed to upload.`),
-      description: _(msg`File cannot be larger than ${APP_DOCUMENT_UPLOAD_SIZE_LIMIT}MB`),
+      title: _(msg`Upload failed`),
+      description,
       duration: 5000,
       variant: 'destructive',
     });
   };
-
   const { getRootProps, getInputProps, isDragActive } = useDropzone({
     accept: {
       'application/pdf': ['.pdf'],
@@ -129,8 +165,8 @@ export const DocumentDropZoneWrapper = ({ children, className }: DocumentDropZon
         void onFileDrop(acceptedFile);
       }
     },
-    onDropRejected: () => {
-      void onFileDropRejected();
+    onDropRejected: (fileRejections) => {
+      onFileDropRejected(fileRejections);
     },
     noClick: true,
     noDragEventsBubbling: true,
diff --git a/apps/remix/app/components/general/template/template-drop-zone-wrapper.tsx b/apps/remix/app/components/general/template/template-drop-zone-wrapper.tsx
index 0d9c3fc9e..dbca5a8ea 100644
--- a/apps/remix/app/components/general/template/template-drop-zone-wrapper.tsx
+++ b/apps/remix/app/components/general/template/template-drop-zone-wrapper.tsx
@@ -4,8 +4,9 @@ import { msg } from '@lingui/core/macro';
 import { useLingui } from '@lingui/react';
 import { Trans } from '@lingui/react/macro';
 import { Loader } from 'lucide-react';
-import { useDropzone } from 'react-dropzone';
+import { ErrorCode, type FileRejection, useDropzone } from 'react-dropzone';
 import { useNavigate, useParams } from 'react-router';
+import { match } from 'ts-pattern';
 
 import { APP_DOCUMENT_UPLOAD_SIZE_LIMIT } from '@documenso/lib/constants/app';
 import { megabytesToBytes } from '@documenso/lib/universal/unit-convertions';
@@ -67,10 +68,47 @@ export const TemplateDropZoneWrapper = ({ children, className }: TemplateDropZon
     }
   };
 
-  const onFileDropRejected = () => {
+  const onFileDropRejected = (fileRejections: FileRejection[]) => {
+    if (!fileRejections.length) {
+      return;
+    }
+
+    // Since users can only upload only one file (no multi-upload), we only handle the first file rejection
+    const { file, errors } = fileRejections[0];
+
+    if (!errors.length) {
+      return;
+    }
+
+    const errorNodes = errors.map((error, index) => (
+      <span key={index} className="block">
+        {match(error.code)
+          .with(ErrorCode.FileTooLarge, () => (
+            <Trans>File is larger than {APP_DOCUMENT_UPLOAD_SIZE_LIMIT}MB</Trans>
+          ))
+          .with(ErrorCode.FileInvalidType, () => <Trans>Only PDF files are allowed</Trans>)
+          .with(ErrorCode.FileTooSmall, () => <Trans>File is too small</Trans>)
+          .with(ErrorCode.TooManyFiles, () => (
+            <Trans>Only one file can be uploaded at a time</Trans>
+          ))
+          .otherwise(() => (
+            <Trans>Unknown error</Trans>
+          ))}
+      </span>
+    ));
+
+    const description = (
+      <>
+        <span className="font-medium">
+          {file.name} <Trans>couldn't be uploaded:</Trans>
+        </span>
+        {errorNodes}
+      </>
+    );
+
     toast({
-      title: _(msg`Your template failed to upload.`),
-      description: _(msg`File cannot be larger than ${APP_DOCUMENT_UPLOAD_SIZE_LIMIT}MB`),
+      title: _(msg`Upload failed`),
+      description,
       duration: 5000,
       variant: 'destructive',
     });
@@ -88,8 +126,8 @@ export const TemplateDropZoneWrapper = ({ children, className }: TemplateDropZon
         void onFileDrop(acceptedFile);
       }
     },
-    onDropRejected: () => {
-      void onFileDropRejected();
+    onDropRejected: (fileRejections) => {
+      onFileDropRejected(fileRejections);
     },
     noClick: true,
     noDragEventsBubbling: true,

From b9b3ddfb982a9fd3bd5890d2312a56ca2fc8c8eb Mon Sep 17 00:00:00 2001
From: Catalin Pit <catalinpit@gmail.com>
Date: Thu, 25 Sep 2025 09:55:31 +0300
Subject: [PATCH 32/47] chore: update tests to use new date formats (#2045)

## Description

Update the tests to use the new date formats form this PR
https://github.com/documenso/documenso/pull/2038.
---
 .../e2e/document-flow/stepper-component.spec.ts      |  2 +-
 .../organisation-team-preferences.spec.ts            | 12 ++++++------
 .../templates/create-document-from-template.spec.ts  | 12 ++++++------
 3 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/packages/app-tests/e2e/document-flow/stepper-component.spec.ts b/packages/app-tests/e2e/document-flow/stepper-component.spec.ts
index 06251175e..59d80d1b6 100644
--- a/packages/app-tests/e2e/document-flow/stepper-component.spec.ts
+++ b/packages/app-tests/e2e/document-flow/stepper-component.spec.ts
@@ -504,7 +504,7 @@ test('[DOCUMENT_FLOW]: should be able to sign a document with custom date', asyn
     },
   });
 
-  const insertedDate = DateTime.fromFormat(field?.customText ?? '', 'yyyy-MM-dd hh:mm a');
+  const insertedDate = DateTime.fromFormat(field?.customText ?? '', 'yyyy-MM-dd HH:mm');
 
   expect(Math.abs(insertedDate.diff(now).minutes)).toBeLessThanOrEqual(1);
 
diff --git a/packages/app-tests/e2e/organisations/organisation-team-preferences.spec.ts b/packages/app-tests/e2e/organisations/organisation-team-preferences.spec.ts
index 90cb6ae34..c946062ec 100644
--- a/packages/app-tests/e2e/organisations/organisation-team-preferences.spec.ts
+++ b/packages/app-tests/e2e/organisations/organisation-team-preferences.spec.ts
@@ -30,8 +30,8 @@ test('[ORGANISATIONS]: manage document preferences', async ({ page }) => {
   await page.getByRole('option', { name: 'Australia/Perth' }).click();
 
   // Set default date
-  await page.getByRole('combobox').filter({ hasText: 'yyyy-MM-dd hh:mm a' }).click();
-  await page.getByRole('option', { name: 'DD/MM/YYYY' }).click();
+  await page.getByRole('combobox').filter({ hasText: 'yyyy-MM-dd HH:mm' }).click();
+  await page.getByRole('option', { name: 'DD/MM/YYYY', exact: true }).click();
 
   await page.getByTestId('signature-types-trigger').click();
   await page.getByRole('option', { name: 'Draw' }).click();
@@ -51,7 +51,7 @@ test('[ORGANISATIONS]: manage document preferences', async ({ page }) => {
   expect(teamSettings.documentVisibility).toEqual(DocumentVisibility.MANAGER_AND_ABOVE);
   expect(teamSettings.documentLanguage).toEqual('de');
   expect(teamSettings.documentTimezone).toEqual('Australia/Perth');
-  expect(teamSettings.documentDateFormat).toEqual('dd/MM/yyyy hh:mm a');
+  expect(teamSettings.documentDateFormat).toEqual('dd/MM/yyyy');
   expect(teamSettings.includeSenderDetails).toEqual(false);
   expect(teamSettings.includeSigningCertificate).toEqual(false);
   expect(teamSettings.typedSignatureEnabled).toEqual(true);
@@ -72,7 +72,7 @@ test('[ORGANISATIONS]: manage document preferences', async ({ page }) => {
 
   // Override team date format settings
   await page.getByTestId('document-date-format-trigger').click();
-  await page.getByRole('option', { name: 'MM/DD/YYYY' }).click();
+  await page.getByRole('option', { name: 'MM/DD/YYYY', exact: true }).click();
 
   await page.getByRole('button', { name: 'Update' }).first().click();
   await expect(page.getByText('Your document preferences have been updated').first()).toBeVisible();
@@ -85,7 +85,7 @@ test('[ORGANISATIONS]: manage document preferences', async ({ page }) => {
   expect(updatedTeamSettings.documentVisibility).toEqual(DocumentVisibility.EVERYONE);
   expect(updatedTeamSettings.documentLanguage).toEqual('pl');
   expect(updatedTeamSettings.documentTimezone).toEqual('Europe/London');
-  expect(updatedTeamSettings.documentDateFormat).toEqual('MM/dd/yyyy hh:mm a');
+  expect(updatedTeamSettings.documentDateFormat).toEqual('MM/dd/yyyy');
   expect(updatedTeamSettings.includeSenderDetails).toEqual(false);
   expect(updatedTeamSettings.includeSigningCertificate).toEqual(false);
   expect(updatedTeamSettings.typedSignatureEnabled).toEqual(true);
@@ -108,7 +108,7 @@ test('[ORGANISATIONS]: manage document preferences', async ({ page }) => {
   expect(documentMeta.drawSignatureEnabled).toEqual(false);
   expect(documentMeta.language).toEqual('pl');
   expect(documentMeta.timezone).toEqual('Europe/London');
-  expect(documentMeta.dateFormat).toEqual('MM/dd/yyyy hh:mm a');
+  expect(documentMeta.dateFormat).toEqual('MM/dd/yyyy');
 });
 
 test('[ORGANISATIONS]: manage branding preferences', async ({ page }) => {
diff --git a/packages/app-tests/e2e/templates/create-document-from-template.spec.ts b/packages/app-tests/e2e/templates/create-document-from-template.spec.ts
index 1db744603..acafc9274 100644
--- a/packages/app-tests/e2e/templates/create-document-from-template.spec.ts
+++ b/packages/app-tests/e2e/templates/create-document-from-template.spec.ts
@@ -47,8 +47,8 @@ test('[TEMPLATE]: should create a document from a template', async ({ page }) =>
 
   // Set advanced options.
   await page.getByRole('button', { name: 'Advanced Options' }).click();
-  await page.locator('button').filter({ hasText: 'YYYY-MM-DD HH:mm a' }).click();
-  await page.getByLabel('DD/MM/YYYY').click();
+  await page.locator('button').filter({ hasText: 'YYYY-MM-DD HH:mm' }).click();
+  await page.getByLabel('DD/MM/YYYY HH:mm').click();
 
   await page.locator('.time-zone-field').click();
   await page.getByRole('option', { name: 'Etc/UTC' }).click();
@@ -96,7 +96,7 @@ test('[TEMPLATE]: should create a document from a template', async ({ page }) =>
   expect(document.title).toEqual('TEMPLATE_TITLE');
   expect(documentAuth.documentAuthOption.globalAccessAuth).toContain('ACCOUNT');
 
-  expect(document.documentMeta?.dateFormat).toEqual('dd/MM/yyyy hh:mm a');
+  expect(document.documentMeta?.dateFormat).toEqual('dd/MM/yyyy HH:mm');
   expect(document.documentMeta?.message).toEqual('MESSAGE');
   expect(document.documentMeta?.redirectUrl).toEqual('https://documenso.com');
   expect(document.documentMeta?.subject).toEqual('SUBJECT');
@@ -150,8 +150,8 @@ test('[TEMPLATE]: should create a team document from a team template', async ({
 
   // Set advanced options.
   await page.getByRole('button', { name: 'Advanced Options' }).click();
-  await page.locator('button').filter({ hasText: 'YYYY-MM-DD HH:mm a' }).click();
-  await page.getByLabel('DD/MM/YYYY').click();
+  await page.locator('button').filter({ hasText: 'YYYY-MM-DD HH:mm' }).click();
+  await page.getByLabel('DD/MM/YYYY HH:mm').click();
 
   await page.locator('.time-zone-field').click();
   await page.getByRole('option', { name: 'Etc/UTC' }).click();
@@ -200,7 +200,7 @@ test('[TEMPLATE]: should create a team document from a team template', async ({
 
   expect(document.title).toEqual('TEMPLATE_TITLE');
   expect(documentAuth.documentAuthOption.globalAccessAuth).toContain('ACCOUNT');
-  expect(document.documentMeta?.dateFormat).toEqual('dd/MM/yyyy hh:mm a');
+  expect(document.documentMeta?.dateFormat).toEqual('dd/MM/yyyy HH:mm');
   expect(document.documentMeta?.message).toEqual('MESSAGE');
   expect(document.documentMeta?.redirectUrl).toEqual('https://documenso.com');
   expect(document.documentMeta?.subject).toEqual('SUBJECT');

From cfceebd78ff7c433ab911ad7abc06831d1dd9788 Mon Sep 17 00:00:00 2001
From: Lucas Smith <me@lucasjamessmith.me>
Date: Thu, 25 Sep 2025 17:13:47 +1000
Subject: [PATCH 33/47] feat: change organisation owner in admin panel (#2047)

Allows changing the owner of an organisation within the admin panel,
useful for support requests to change ownership from a testing account
to the main admin account.

<img width="890" height="431" alt="image"
src="https://github.com/user-attachments/assets/475bbbdd-0f26-4f74-aacf-3e793366551d"
/>
---
 .../admin+/organisations.$id.tsx              |  37 ++
 .../promote-member-to-owner.spec.ts           | 435 ++++++++++++++++++
 packages/app-tests/playwright.config.ts       |   2 +-
 .../admin-router/promote-member-to-owner.ts   | 124 +++++
 .../promote-member-to-owner.types.ts          |  11 +
 packages/trpc/server/admin-router/router.ts   |   4 +
 packages/ui/primitives/badge.tsx              |   4 +-
 7 files changed, 615 insertions(+), 2 deletions(-)
 create mode 100644 packages/app-tests/e2e/admin/organisations/promote-member-to-owner.spec.ts
 create mode 100644 packages/trpc/server/admin-router/promote-member-to-owner.ts
 create mode 100644 packages/trpc/server/admin-router/promote-member-to-owner.types.ts

diff --git a/apps/remix/app/routes/_authenticated+/admin+/organisations.$id.tsx b/apps/remix/app/routes/_authenticated+/admin+/organisations.$id.tsx
index 0a93d2d66..5aa188895 100644
--- a/apps/remix/app/routes/_authenticated+/admin+/organisations.$id.tsx
+++ b/apps/remix/app/routes/_authenticated+/admin+/organisations.$id.tsx
@@ -71,6 +71,23 @@ export default function OrganisationGroupSettingsPage({ params }: Route.Componen
       },
     });
 
+  const { mutateAsync: promoteToOwner, isPending: isPromotingToOwner } =
+    trpc.admin.organisationMember.promoteToOwner.useMutation({
+      onSuccess: () => {
+        toast({
+          title: t`Success`,
+          description: t`Member promoted to owner successfully`,
+        });
+      },
+      onError: () => {
+        toast({
+          title: t`Error`,
+          description: t`We couldn't promote the member to owner. Please try again.`,
+          variant: 'destructive',
+        });
+      },
+    });
+
   const teamsColumns = useMemo(() => {
     return [
       {
@@ -101,6 +118,26 @@ export default function OrganisationGroupSettingsPage({ params }: Route.Componen
           <Link to={`/admin/users/${row.original.user.id}`}>{row.original.user.email}</Link>
         ),
       },
+      {
+        header: t`Actions`,
+        cell: ({ row }) => (
+          <div className="flex justify-end space-x-2">
+            <Button
+              variant="outline"
+              disabled={row.original.userId === organisation?.ownerUserId}
+              loading={isPromotingToOwner}
+              onClick={async () =>
+                promoteToOwner({
+                  organisationId,
+                  userId: row.original.userId,
+                })
+              }
+            >
+              <Trans>Promote to owner</Trans>
+            </Button>
+          </div>
+        ),
+      },
     ] satisfies DataTableColumnDef<TGetAdminOrganisationResponse['members'][number]>[];
   }, [organisation]);
 
diff --git a/packages/app-tests/e2e/admin/organisations/promote-member-to-owner.spec.ts b/packages/app-tests/e2e/admin/organisations/promote-member-to-owner.spec.ts
new file mode 100644
index 000000000..86edeac2b
--- /dev/null
+++ b/packages/app-tests/e2e/admin/organisations/promote-member-to-owner.spec.ts
@@ -0,0 +1,435 @@
+import { expect, test } from '@playwright/test';
+
+import { nanoid } from '@documenso/lib/universal/id';
+import { seedOrganisationMembers } from '@documenso/prisma/seed/organisations';
+import { seedUser } from '@documenso/prisma/seed/users';
+
+import { apiSignin } from '../../fixtures/authentication';
+
+test('[ADMIN]: promote member to owner', async ({ page }) => {
+  // Create an admin user who can access the admin panel
+  const { user: adminUser } = await seedUser({
+    isAdmin: true,
+  });
+
+  // Create an organisation owner
+  const { user: ownerUser, organisation } = await seedUser({
+    isPersonalOrganisation: false,
+  });
+
+  // Create organisation members with different roles
+  const memberEmail = `member-${nanoid()}@test.documenso.com`;
+  const managerEmail = `manager-${nanoid()}@test.documenso.com`;
+  const adminMemberEmail = `admin-member-${nanoid()}@test.documenso.com`;
+
+  const [memberUser, managerUser, adminMemberUser] = await seedOrganisationMembers({
+    members: [
+      {
+        email: memberEmail,
+        name: 'Test Member',
+        organisationRole: 'MEMBER',
+      },
+      {
+        email: managerEmail,
+        name: 'Test Manager',
+        organisationRole: 'MANAGER',
+      },
+      {
+        email: adminMemberEmail,
+        name: 'Test Admin Member',
+        organisationRole: 'ADMIN',
+      },
+    ],
+    organisationId: organisation.id,
+  });
+
+  // Sign in as admin and navigate to the organisation admin page
+  await apiSignin({
+    page,
+    email: adminUser.email,
+    redirectPath: `/admin/organisations/${organisation.id}`,
+  });
+
+  // Verify we're on the admin organisation page
+  await expect(page.getByText(`Manage organisation`)).toBeVisible();
+
+  await expect(page.getByLabel('Organisation Name')).toHaveValue(organisation.name);
+
+  // Check that the organisation members table shows the correct roles
+  const ownerRow = page.getByRole('row', { name: ownerUser.email });
+
+  await expect(ownerRow).toBeVisible();
+  await expect(ownerRow.getByRole('status').filter({ hasText: 'Owner' })).toBeVisible();
+
+  await expect(page.getByRole('row', { name: memberUser.email })).toBeVisible();
+  await expect(page.getByRole('row', { name: adminMemberUser.email })).toBeVisible();
+  await expect(page.getByRole('row', { name: managerUser.email })).toBeVisible();
+
+  // Test promoting a MEMBER to owner
+  const memberRow = page.getByRole('row', { name: memberUser.email });
+
+  // Find and click the "Promote to owner" button for the member
+  const promoteButton = memberRow.getByRole('button', { name: 'Promote to owner' });
+  await expect(promoteButton).toBeVisible();
+  await expect(promoteButton).not.toBeDisabled();
+
+  await promoteButton.click();
+
+  // Verify success toast appears
+  await expect(page.getByText('Member promoted to owner successfully').first()).toBeVisible();
+
+  // Reload the page to see the changes
+  await page.reload();
+
+  // Verify that the member is now the owner
+  const newOwnerRow = page.getByRole('row', { name: memberUser.email });
+  await expect(newOwnerRow.getByRole('status').filter({ hasText: 'Owner' })).toBeVisible();
+
+  // Verify that the previous owner is no longer marked as owner
+  const previousOwnerRow = page.getByRole('row', { name: ownerUser.email });
+  await expect(previousOwnerRow.getByRole('status').filter({ hasText: 'Owner' })).not.toBeVisible();
+
+  // Verify that the promote button is now disabled for the new owner
+  const newOwnerPromoteButton = newOwnerRow.getByRole('button', { name: 'Promote to owner' });
+  await expect(newOwnerPromoteButton).toBeDisabled();
+
+  // Test that we can't promote the current owner (button should be disabled)
+  await expect(newOwnerPromoteButton).toHaveAttribute('disabled');
+});
+
+test('[ADMIN]: promote manager to owner', async ({ page }) => {
+  // Create an admin user who can access the admin panel
+  const { user: adminUser } = await seedUser({
+    isAdmin: true,
+  });
+
+  // Create an organisation with owner and manager
+  const { organisation } = await seedUser({
+    isPersonalOrganisation: false,
+  });
+
+  const managerEmail = `manager-${nanoid()}@test.documenso.com`;
+
+  const [managerUser] = await seedOrganisationMembers({
+    members: [
+      {
+        email: managerEmail,
+        name: 'Test Manager',
+        organisationRole: 'MANAGER',
+      },
+    ],
+    organisationId: organisation.id,
+  });
+
+  // Sign in as admin
+  await apiSignin({
+    page,
+    email: adminUser.email,
+    redirectPath: `/admin/organisations/${organisation.id}`,
+  });
+
+  // Promote the manager to owner
+  const managerRow = page.getByRole('row', { name: managerUser.email });
+  const promoteButton = managerRow.getByRole('button', { name: 'Promote to owner' });
+
+  await promoteButton.click();
+  await expect(page.getByText('Member promoted to owner successfully').first()).toBeVisible();
+
+  // Reload and verify the change
+  await page.reload();
+  await expect(managerRow.getByRole('status').filter({ hasText: 'Owner' })).toBeVisible();
+});
+
+test('[ADMIN]: promote admin member to owner', async ({ page }) => {
+  // Create an admin user who can access the admin panel
+  const { user: adminUser } = await seedUser({
+    isAdmin: true,
+  });
+
+  // Create an organisation with owner and admin member
+  const { organisation } = await seedUser({
+    isPersonalOrganisation: false,
+  });
+
+  const adminMemberEmail = `admin-member-${nanoid()}@test.documenso.com`;
+
+  const [adminMemberUser] = await seedOrganisationMembers({
+    members: [
+      {
+        email: adminMemberEmail,
+        name: 'Test Admin Member',
+        organisationRole: 'ADMIN',
+      },
+    ],
+    organisationId: organisation.id,
+  });
+
+  // Sign in as admin
+  await apiSignin({
+    page,
+    email: adminUser.email,
+    redirectPath: `/admin/organisations/${organisation.id}`,
+  });
+
+  // Promote the admin member to owner
+  const adminMemberRow = page.getByRole('row', { name: adminMemberUser.email });
+  const promoteButton = adminMemberRow.getByRole('button', { name: 'Promote to owner' });
+
+  await promoteButton.click();
+
+  await expect(page.getByText('Member promoted to owner successfully').first()).toBeVisible({
+    timeout: 10_000,
+  });
+
+  // Reload and verify the change
+  await page.reload();
+  await expect(adminMemberRow.getByRole('status').filter({ hasText: 'Owner' })).toBeVisible();
+});
+
+test('[ADMIN]: cannot promote non-existent user', async ({ page }) => {
+  // Create an admin user
+  const { user: adminUser } = await seedUser({
+    isAdmin: true,
+  });
+
+  // Create an organisation
+  const { organisation } = await seedUser({
+    isPersonalOrganisation: false,
+  });
+
+  // Sign in as admin
+  await apiSignin({
+    page,
+    email: adminUser.email,
+    redirectPath: `/admin/organisations/${organisation.id}`,
+  });
+
+  // Try to manually call the API with invalid data - this should be handled by the UI validation
+  // In a real scenario, the promote button wouldn't be available for non-existent users
+  // But we can test that the API properly handles invalid requests
+
+  // For now, just verify that non-existent users don't show up in the members table
+  await expect(page.getByRole('row', { name: 'Non Existent User' })).not.toBeVisible();
+});
+
+test('[ADMIN]: verify role hierarchy after promotion', async ({ page }) => {
+  // Create an admin user
+  const { user: adminUser } = await seedUser({
+    isAdmin: true,
+  });
+
+  // Create organisation with a member
+  const { organisation } = await seedUser({
+    isPersonalOrganisation: false,
+  });
+
+  const memberEmail = `member-${nanoid()}@test.documenso.com`;
+
+  const [memberUser] = await seedOrganisationMembers({
+    members: [
+      {
+        email: memberEmail,
+        name: 'Test Member',
+        organisationRole: 'MEMBER',
+      },
+    ],
+    organisationId: organisation.id,
+  });
+
+  // Sign in as admin
+  await apiSignin({
+    page,
+    email: adminUser.email,
+    redirectPath: `/admin/organisations/${organisation.id}`,
+  });
+
+  // Before promotion - verify member has MEMBER role
+  let memberRow = page.getByRole('row', { name: memberUser.email });
+  await expect(memberRow).toBeVisible();
+  await expect(memberRow.getByRole('status').filter({ hasText: 'Owner' })).not.toBeVisible();
+
+  // Promote member to owner
+  const promoteButton = memberRow.getByRole('button', { name: 'Promote to owner' });
+  await promoteButton.click();
+  await expect(page.getByText('Member promoted to owner successfully').first()).toBeVisible({
+    timeout: 10_000,
+  });
+
+  // Reload page to see updated state
+  await page.reload();
+
+  // After promotion - verify member is now owner and has admin permissions
+  memberRow = page.getByRole('row', { name: memberUser.email });
+  await expect(memberRow.getByRole('status').filter({ hasText: 'Owner' })).toBeVisible();
+
+  // Verify the promote button is now disabled for the new owner
+  const newOwnerPromoteButton = memberRow.getByRole('button', { name: 'Promote to owner' });
+  await expect(newOwnerPromoteButton).toBeDisabled();
+
+  // Sign in as the newly promoted user to verify they have owner permissions
+  await apiSignin({
+    page,
+    email: memberUser.email,
+    redirectPath: `/o/${organisation.url}/settings/general`,
+  });
+
+  // Verify they can access organisation settings (owner permission)
+  await expect(page.getByText('Organisation Settings')).toBeVisible();
+  await expect(page.getByRole('button', { name: 'Delete' })).toBeVisible();
+});
+
+test('[ADMIN]: error handling for invalid organisation', async ({ page }) => {
+  // Create an admin user
+  const { user: adminUser } = await seedUser({
+    isAdmin: true,
+  });
+
+  // Sign in as admin and try to access non-existent organisation
+  await apiSignin({
+    page,
+    email: adminUser.email,
+    redirectPath: `/admin/organisations/non-existent-org-id`,
+  });
+
+  // Should show 404 error
+  await expect(page.getByRole('heading', { name: 'Organisation not found' })).toBeVisible({
+    timeout: 10_000,
+  });
+});
+
+test('[ADMIN]: multiple promotions in sequence', async ({ page }) => {
+  // Create an admin user
+  const { user: adminUser } = await seedUser({
+    isAdmin: true,
+  });
+
+  // Create organisation with multiple members
+  const { organisation } = await seedUser({
+    isPersonalOrganisation: false,
+  });
+
+  const member1Email = `member1-${nanoid()}@test.documenso.com`;
+  const member2Email = `member2-${nanoid()}@test.documenso.com`;
+
+  const [member1User, member2User] = await seedOrganisationMembers({
+    members: [
+      {
+        email: member1Email,
+        name: 'Test Member 1',
+        organisationRole: 'MEMBER',
+      },
+      {
+        email: member2Email,
+        name: 'Test Member 2',
+        organisationRole: 'MANAGER',
+      },
+    ],
+    organisationId: organisation.id,
+  });
+
+  // Sign in as admin
+  await apiSignin({
+    page,
+    email: adminUser.email,
+    redirectPath: `/admin/organisations/${organisation.id}`,
+  });
+
+  // First promotion: Member 1 becomes owner
+  let member1Row = page.getByRole('row', { name: member1User.email });
+  let promoteButton1 = member1Row.getByRole('button', { name: 'Promote to owner' });
+  await promoteButton1.click();
+  await expect(page.getByText('Member promoted to owner successfully').first()).toBeVisible({
+    timeout: 10_000,
+  });
+
+  await page.reload();
+
+  // Verify Member 1 is now owner and button is disabled
+  member1Row = page.getByRole('row', { name: member1User.email });
+  await expect(member1Row.getByRole('status').filter({ hasText: 'Owner' })).toBeVisible();
+  promoteButton1 = member1Row.getByRole('button', { name: 'Promote to owner' });
+  await expect(promoteButton1).toBeDisabled();
+
+  // Second promotion: Member 2 becomes the new owner
+  const member2Row = page.getByRole('row', { name: member2User.email });
+  const promoteButton2 = member2Row.getByRole('button', { name: 'Promote to owner' });
+  await expect(promoteButton2).not.toBeDisabled();
+  await promoteButton2.click();
+  await expect(page.getByText('Member promoted to owner successfully').first()).toBeVisible({
+    timeout: 10_000,
+  });
+
+  await page.reload();
+
+  // Verify Member 2 is now owner and Member 1 is no longer owner
+  await expect(member2Row.getByRole('status').filter({ hasText: 'Owner' })).toBeVisible();
+  await expect(member1Row.getByRole('status').filter({ hasText: 'Owner' })).not.toBeVisible();
+
+  // Verify Member 1's promote button is now enabled again
+  const newPromoteButton1 = member1Row.getByRole('button', { name: 'Promote to owner' });
+  await expect(newPromoteButton1).not.toBeDisabled();
+});
+
+test('[ADMIN]: verify organisation access after ownership change', async ({ page }) => {
+  // Create admin user
+  const { user: adminUser } = await seedUser({
+    isAdmin: true,
+  });
+
+  // Create organisation with owner and member
+  const { user: originalOwner, organisation } = await seedUser({
+    isPersonalOrganisation: false,
+  });
+
+  const memberEmail = `member-${nanoid()}@test.documenso.com`;
+
+  const [memberUser] = await seedOrganisationMembers({
+    members: [
+      {
+        email: memberEmail,
+        name: 'Test Member',
+        organisationRole: 'MEMBER',
+      },
+    ],
+    organisationId: organisation.id,
+  });
+
+  // Sign in as admin and promote member to owner
+  await apiSignin({
+    page,
+    email: adminUser.email,
+    redirectPath: `/admin/organisations/${organisation.id}`,
+  });
+
+  const memberRow = page.getByRole('row', { name: memberUser.email });
+  const promoteButton = memberRow.getByRole('button', { name: 'Promote to owner' });
+  await promoteButton.click();
+  await expect(page.getByText('Member promoted to owner successfully').first()).toBeVisible({
+    timeout: 10_000,
+  });
+
+  // Test that the new owner can access organisation settings
+  await apiSignin({
+    page,
+    email: memberUser.email,
+    redirectPath: `/o/${organisation.url}/settings/general`,
+  });
+
+  // Should be able to access organisation settings
+  await expect(page.getByText('Organisation Settings')).toBeVisible();
+  await expect(page.getByLabel('Organisation Name*')).toBeVisible();
+  await expect(page.getByRole('button', { name: 'Update organisation' })).toBeVisible();
+
+  // Should have delete permissions
+  await expect(page.getByRole('button', { name: 'Delete' })).toBeVisible();
+
+  // Test that the original owner no longer has owner-level access
+  await apiSignin({
+    page,
+    email: originalOwner.email,
+    redirectPath: `/o/${organisation.url}/settings/general`,
+  });
+
+  // Should still be able to access settings (as they should now be an admin)
+  await expect(page.getByText('Organisation Settings')).toBeVisible();
+});
diff --git a/packages/app-tests/playwright.config.ts b/packages/app-tests/playwright.config.ts
index 4373c7b93..53a4aa51a 100644
--- a/packages/app-tests/playwright.config.ts
+++ b/packages/app-tests/playwright.config.ts
@@ -48,7 +48,7 @@ export default defineConfig({
       name: 'chromium',
       use: {
         ...devices['Desktop Chrome'],
-        viewport: { width: 1920, height: 1080 },
+        viewport: { width: 1920, height: 1200 },
       },
     },
 
diff --git a/packages/trpc/server/admin-router/promote-member-to-owner.ts b/packages/trpc/server/admin-router/promote-member-to-owner.ts
new file mode 100644
index 000000000..fbe01efef
--- /dev/null
+++ b/packages/trpc/server/admin-router/promote-member-to-owner.ts
@@ -0,0 +1,124 @@
+import { OrganisationGroupType, OrganisationMemberRole } from '@prisma/client';
+
+import { AppError, AppErrorCode } from '@documenso/lib/errors/app-error';
+import { generateDatabaseId } from '@documenso/lib/universal/id';
+import { getHighestOrganisationRoleInGroup } from '@documenso/lib/utils/organisations';
+import { prisma } from '@documenso/prisma';
+
+import { adminProcedure } from '../trpc';
+import {
+  ZPromoteMemberToOwnerRequestSchema,
+  ZPromoteMemberToOwnerResponseSchema,
+} from './promote-member-to-owner.types';
+
+export const promoteMemberToOwnerRoute = adminProcedure
+  .input(ZPromoteMemberToOwnerRequestSchema)
+  .output(ZPromoteMemberToOwnerResponseSchema)
+  .mutation(async ({ input, ctx }) => {
+    const { organisationId, userId } = input;
+
+    ctx.logger.info({
+      input: {
+        organisationId,
+        userId,
+      },
+    });
+
+    // First, verify the organisation exists and get member details with groups
+    const organisation = await prisma.organisation.findUnique({
+      where: {
+        id: organisationId,
+      },
+      include: {
+        groups: {
+          where: {
+            type: OrganisationGroupType.INTERNAL_ORGANISATION,
+          },
+        },
+        members: {
+          where: {
+            userId,
+          },
+          include: {
+            organisationGroupMembers: {
+              include: {
+                group: true,
+              },
+            },
+          },
+        },
+      },
+    });
+
+    if (!organisation) {
+      throw new AppError(AppErrorCode.NOT_FOUND, {
+        message: 'Organisation not found',
+      });
+    }
+
+    // Verify the user is a member of the organisation
+    const [member] = organisation.members;
+
+    if (!member) {
+      throw new AppError(AppErrorCode.NOT_FOUND, {
+        message: 'User is not a member of this organisation',
+      });
+    }
+
+    // Verify the user is not already the owner
+    if (organisation.ownerUserId === userId) {
+      throw new AppError(AppErrorCode.INVALID_REQUEST, {
+        message: 'User is already the owner of this organisation',
+      });
+    }
+
+    // Get current organisation role
+    const currentOrganisationRole = getHighestOrganisationRoleInGroup(
+      member.organisationGroupMembers.flatMap((member) => member.group),
+    );
+
+    // Find the current and target organisation groups
+    const currentMemberGroup = organisation.groups.find(
+      (group) => group.organisationRole === currentOrganisationRole,
+    );
+
+    const adminGroup = organisation.groups.find(
+      (group) => group.organisationRole === OrganisationMemberRole.ADMIN,
+    );
+
+    if (!currentMemberGroup) {
+      throw new AppError(AppErrorCode.UNKNOWN_ERROR, {
+        message: 'Current member group not found',
+      });
+    }
+
+    if (!adminGroup) {
+      throw new AppError(AppErrorCode.UNKNOWN_ERROR, {
+        message: 'Admin group not found',
+      });
+    }
+
+    // Update the organisation owner and member role in a transaction
+    await prisma.$transaction(async (tx) => {
+      // Update the organisation to set the new owner
+      await tx.organisation.update({
+        where: {
+          id: organisationId,
+        },
+        data: {
+          ownerUserId: userId,
+        },
+      });
+
+      // Only update role if the user is not already an admin then add them to the admin group
+      if (currentOrganisationRole !== OrganisationMemberRole.ADMIN) {
+        await tx.organisationGroupMember.create({
+          data: {
+            id: generateDatabaseId('group_member'),
+            organisationMemberId: member.id,
+            groupId: adminGroup.id,
+          },
+        });
+      }
+    });
+  });
diff --git a/packages/trpc/server/admin-router/promote-member-to-owner.types.ts b/packages/trpc/server/admin-router/promote-member-to-owner.types.ts
new file mode 100644
index 000000000..353c80cdd
--- /dev/null
+++ b/packages/trpc/server/admin-router/promote-member-to-owner.types.ts
@@ -0,0 +1,11 @@
+import { z } from 'zod';
+
+export const ZPromoteMemberToOwnerRequestSchema = z.object({
+  organisationId: z.string().min(1),
+  userId: z.number().min(1),
+});
+
+export const ZPromoteMemberToOwnerResponseSchema = z.void();
+
+export type TPromoteMemberToOwnerRequest = z.infer<typeof ZPromoteMemberToOwnerRequestSchema>;
+export type TPromoteMemberToOwnerResponse = z.infer<typeof ZPromoteMemberToOwnerResponseSchema>;
diff --git a/packages/trpc/server/admin-router/router.ts b/packages/trpc/server/admin-router/router.ts
index f8d472a79..541542097 100644
--- a/packages/trpc/server/admin-router/router.ts
+++ b/packages/trpc/server/admin-router/router.ts
@@ -12,6 +12,7 @@ import { findDocumentsRoute } from './find-documents';
 import { findSubscriptionClaimsRoute } from './find-subscription-claims';
 import { getAdminOrganisationRoute } from './get-admin-organisation';
 import { getUserRoute } from './get-user';
+import { promoteMemberToOwnerRoute } from './promote-member-to-owner';
 import { resealDocumentRoute } from './reseal-document';
 import { resetTwoFactorRoute } from './reset-two-factor-authentication';
 import { updateAdminOrganisationRoute } from './update-admin-organisation';
@@ -27,6 +28,9 @@ export const adminRouter = router({
     create: createAdminOrganisationRoute,
     update: updateAdminOrganisationRoute,
   },
+  organisationMember: {
+    promoteToOwner: promoteMemberToOwnerRoute,
+  },
   claims: {
     find: findSubscriptionClaimsRoute,
     create: createSubscriptionClaimRoute,
diff --git a/packages/ui/primitives/badge.tsx b/packages/ui/primitives/badge.tsx
index 57418dab6..58e1990f7 100644
--- a/packages/ui/primitives/badge.tsx
+++ b/packages/ui/primitives/badge.tsx
@@ -39,7 +39,9 @@ export interface BadgeProps
     VariantProps<typeof badgeVariants> {}
 
 function Badge({ className, variant, size, ...props }: BadgeProps) {
-  return <div className={cn(badgeVariants({ variant, size }), className)} {...props} />;
+  return (
+    <div role="status" className={cn(badgeVariants({ variant, size }), className)} {...props} />
+  );
 }
 
 export { Badge, badgeVariants };

From b8fc47b719c3a34bd10faa454b464dcf938d019a Mon Sep 17 00:00:00 2001
From: Lucas Smith <me@lucasjamessmith.me>
Date: Thu, 25 Sep 2025 22:10:20 +1000
Subject: [PATCH 34/47] v1.12.6

---
 apps/remix/package.json | 2 +-
 package-lock.json       | 6 +++---
 package.json            | 2 +-
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/apps/remix/package.json b/apps/remix/package.json
index a500e6076..1c5f91860 100644
--- a/apps/remix/package.json
+++ b/apps/remix/package.json
@@ -101,5 +101,5 @@
     "vite-plugin-babel-macros": "^1.0.6",
     "vite-tsconfig-paths": "^5.1.4"
   },
-  "version": "1.12.5"
+  "version": "1.12.6"
 }
diff --git a/package-lock.json b/package-lock.json
index efdc4e43e..1a647e8e8 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,12 +1,12 @@
 {
   "name": "@documenso/root",
-  "version": "1.12.5",
+  "version": "1.12.6",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "@documenso/root",
-      "version": "1.12.5",
+      "version": "1.12.6",
       "workspaces": [
         "apps/*",
         "packages/*"
@@ -89,7 +89,7 @@
     },
     "apps/remix": {
       "name": "@documenso/remix",
-      "version": "1.12.5",
+      "version": "1.12.6",
       "dependencies": {
         "@documenso/api": "*",
         "@documenso/assets": "*",
diff --git a/package.json b/package.json
index 6a09e4d24..1ff870149 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "private": true,
-  "version": "1.12.5",
+  "version": "1.12.6",
   "scripts": {
     "build": "turbo run build",
     "dev": "turbo run dev --filter=@documenso/remix",

From 3de1ea0a025107f40432a7a3a989df51b3a5e718 Mon Sep 17 00:00:00 2001
From: Catalin Pit <catalinpit@gmail.com>
Date: Thu, 25 Sep 2025 15:23:07 +0300
Subject: [PATCH 35/47] feat: resend dialog improvements (#2034)

The checkboxes were difficult to see and the "Send reminder" button
wasn't disabled when no recipients were selected. This PR disables the
sending button when there's no selected recipient and improves the
checkboxes visibility.
---
 .../dialogs/document-resend-dialog.tsx          | 17 ++++++++++++++---
 .../ui/primitives/document-flow/add-signers.tsx |  1 -
 2 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/apps/remix/app/components/dialogs/document-resend-dialog.tsx b/apps/remix/app/components/dialogs/document-resend-dialog.tsx
index e1a97ecc1..d93f29e84 100644
--- a/apps/remix/app/components/dialogs/document-resend-dialog.tsx
+++ b/apps/remix/app/components/dialogs/document-resend-dialog.tsx
@@ -6,7 +6,7 @@ import { useLingui } from '@lingui/react';
 import { Trans } from '@lingui/react/macro';
 import { type Recipient, SigningStatus } from '@prisma/client';
 import { History } from 'lucide-react';
-import { useForm } from 'react-hook-form';
+import { useForm, useWatch } from 'react-hook-form';
 import * as z from 'zod';
 
 import { useSession } from '@documenso/lib/client-only/providers/session';
@@ -85,6 +85,11 @@ export const DocumentResendDialog = ({ document, recipients }: DocumentResendDia
     formState: { isSubmitting },
   } = form;
 
+  const selectedRecipients = useWatch({
+    control: form.control,
+    name: 'recipients',
+  });
+
   const onFormSubmit = async ({ recipients }: TResendDocumentFormSchema) => {
     try {
       await resendDocument({ documentId: document.id, recipients });
@@ -151,7 +156,7 @@ export const DocumentResendDialog = ({ document, recipients }: DocumentResendDia
 
                       <FormControl>
                         <Checkbox
-                          className="h-5 w-5 rounded-full"
+                          className="h-5 w-5 rounded-full border border-neutral-400"
                           value={recipient.id}
                           checked={value.includes(recipient.id)}
                           onCheckedChange={(checked: boolean) =>
@@ -182,7 +187,13 @@ export const DocumentResendDialog = ({ document, recipients }: DocumentResendDia
               </Button>
             </DialogClose>
 
-            <Button className="flex-1" loading={isSubmitting} type="submit" form={FORM_ID}>
+            <Button
+              className="flex-1"
+              loading={isSubmitting}
+              type="submit"
+              form={FORM_ID}
+              disabled={isSubmitting || selectedRecipients.length === 0}
+            >
               <Trans>Send reminder</Trans>
             </Button>
           </div>
diff --git a/packages/ui/primitives/document-flow/add-signers.tsx b/packages/ui/primitives/document-flow/add-signers.tsx
index bd86d8ea5..2010775c4 100644
--- a/packages/ui/primitives/document-flow/add-signers.tsx
+++ b/packages/ui/primitives/document-flow/add-signers.tsx
@@ -755,7 +755,6 @@ export const AddSignersFormPartial = ({
                                           handleRecipientAutoCompleteSelect(index, suggestion)
                                         }
                                         onSearchQueryChange={(query) => {
-                                          console.log('onSearchQueryChange', query);
                                           field.onChange(query);
                                           setRecipientSearchQuery(query);
                                         }}

From 68b4305b6a7621ed3991360c2eb7c703f93ca678 Mon Sep 17 00:00:00 2001
From: Catalin Pit <catalinpit@gmail.com>
Date: Thu, 25 Sep 2025 15:40:00 +0300
Subject: [PATCH 36/47] feat: add max file size for uploaded documents (#2044)

---
 .../pages/users/documents/sending-documents.mdx              | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/apps/documentation/pages/users/documents/sending-documents.mdx b/apps/documentation/pages/users/documents/sending-documents.mdx
index 19d012bc3..bf4d7c394 100644
--- a/apps/documentation/pages/users/documents/sending-documents.mdx
+++ b/apps/documentation/pages/users/documents/sending-documents.mdx
@@ -18,6 +18,11 @@ The guide assumes you have a Documenso account. If you don't, you can create a f
 
 Navigate to the [Documenso dashboard](https://app.documenso.com/documents) and click on the "Add a document" button. Select the document you want to upload and wait for the upload to complete.
 
+<Callout type="info">
+  The maximum file size for uploaded documents is 150MB in production. In staging, the limit is
+  50MB.
+</Callout>
+
 ![Documenso dashboard](/document-signing/documenso-documents-dashboard.webp)
 
 After the upload is complete, you will be redirected to the document's page. You can configure the document's settings and add recipients and fields here.

From f3305ac306a57d6031bde66383137f977a489063 Mon Sep 17 00:00:00 2001
From: Catalin Pit <catalinpit@gmail.com>
Date: Thu, 25 Sep 2025 15:41:17 +0300
Subject: [PATCH 37/47] feat: show branding logo on signing page (#2031)

If the team has the branding enabled & a logo uploaded, it'll show on
the document signing page view.
---
 .../document-signing/document-signing-page-view.tsx       | 8 ++++++++
 .../lib/server-only/document/get-document-by-token.ts     | 6 ++++++
 2 files changed, 14 insertions(+)

diff --git a/apps/remix/app/components/general/document-signing/document-signing-page-view.tsx b/apps/remix/app/components/general/document-signing/document-signing-page-view.tsx
index 626a5195f..a396973e7 100644
--- a/apps/remix/app/components/general/document-signing/document-signing-page-view.tsx
+++ b/apps/remix/app/components/general/document-signing/document-signing-page-view.tsx
@@ -160,6 +160,14 @@ export const DocumentSigningPageView = ({
   return (
     <DocumentSigningRecipientProvider recipient={recipient} targetSigner={targetSigner}>
       <div className="mx-auto w-full max-w-screen-xl sm:px-6">
+        {document.team.teamGlobalSettings.brandingEnabled &&
+          document.team.teamGlobalSettings.brandingLogo && (
+            <img
+              src={`/api/branding/logo/team/${document.teamId}`}
+              alt={`${document.team.name}'s Logo`}
+              className="mb-4 h-12 w-12 md:mb-2"
+            />
+          )}
         <h1
           className="block max-w-[20rem] truncate text-2xl font-semibold sm:mt-4 md:max-w-[30rem] md:text-3xl"
           title={document.title}
diff --git a/packages/lib/server-only/document/get-document-by-token.ts b/packages/lib/server-only/document/get-document-by-token.ts
index e062a7824..d2f18f56e 100644
--- a/packages/lib/server-only/document/get-document-by-token.ts
+++ b/packages/lib/server-only/document/get-document-by-token.ts
@@ -91,6 +91,12 @@ export const getDocumentAndSenderByToken = async ({
         select: {
           name: true,
           teamEmail: true,
+          teamGlobalSettings: {
+            select: {
+              brandingEnabled: true,
+              brandingLogo: true,
+            },
+          },
         },
       },
     },

From 681540b5017c1cc2af9348ca5659fe352865fe2a Mon Sep 17 00:00:00 2001
From: Lucas Smith <me@lucasjamessmith.me>
Date: Fri, 26 Sep 2025 09:56:46 +1000
Subject: [PATCH 38/47] fix: add removed date formats (#2049)

Add date formats that were removed in a prior pull request causing
issues with certain API requests.
---
 .../document-flow/stepper-component.spec.ts   |  2 +-
 .../organisation-team-preferences.spec.ts     |  2 +-
 .../create-document-from-template.spec.ts     |  8 +--
 packages/lib/constants/date-formats.ts        | 50 +++++++++++++++++--
 4 files changed, 51 insertions(+), 11 deletions(-)

diff --git a/packages/app-tests/e2e/document-flow/stepper-component.spec.ts b/packages/app-tests/e2e/document-flow/stepper-component.spec.ts
index 59d80d1b6..06251175e 100644
--- a/packages/app-tests/e2e/document-flow/stepper-component.spec.ts
+++ b/packages/app-tests/e2e/document-flow/stepper-component.spec.ts
@@ -504,7 +504,7 @@ test('[DOCUMENT_FLOW]: should be able to sign a document with custom date', asyn
     },
   });
 
-  const insertedDate = DateTime.fromFormat(field?.customText ?? '', 'yyyy-MM-dd HH:mm');
+  const insertedDate = DateTime.fromFormat(field?.customText ?? '', 'yyyy-MM-dd hh:mm a');
 
   expect(Math.abs(insertedDate.diff(now).minutes)).toBeLessThanOrEqual(1);
 
diff --git a/packages/app-tests/e2e/organisations/organisation-team-preferences.spec.ts b/packages/app-tests/e2e/organisations/organisation-team-preferences.spec.ts
index c946062ec..f577ab3e1 100644
--- a/packages/app-tests/e2e/organisations/organisation-team-preferences.spec.ts
+++ b/packages/app-tests/e2e/organisations/organisation-team-preferences.spec.ts
@@ -30,7 +30,7 @@ test('[ORGANISATIONS]: manage document preferences', async ({ page }) => {
   await page.getByRole('option', { name: 'Australia/Perth' }).click();
 
   // Set default date
-  await page.getByRole('combobox').filter({ hasText: 'yyyy-MM-dd HH:mm' }).click();
+  await page.getByRole('combobox').filter({ hasText: 'yyyy-MM-dd hh:mm AM/PM' }).click();
   await page.getByRole('option', { name: 'DD/MM/YYYY', exact: true }).click();
 
   await page.getByTestId('signature-types-trigger').click();
diff --git a/packages/app-tests/e2e/templates/create-document-from-template.spec.ts b/packages/app-tests/e2e/templates/create-document-from-template.spec.ts
index acafc9274..df5d1aa87 100644
--- a/packages/app-tests/e2e/templates/create-document-from-template.spec.ts
+++ b/packages/app-tests/e2e/templates/create-document-from-template.spec.ts
@@ -47,8 +47,8 @@ test('[TEMPLATE]: should create a document from a template', async ({ page }) =>
 
   // Set advanced options.
   await page.getByRole('button', { name: 'Advanced Options' }).click();
-  await page.locator('button').filter({ hasText: 'YYYY-MM-DD HH:mm' }).click();
-  await page.getByLabel('DD/MM/YYYY HH:mm').click();
+  await page.locator('button').filter({ hasText: 'YYYY-MM-DD hh:mm AM/PM' }).click();
+  await page.getByLabel('DD/MM/YYYY HH:mm', { exact: true }).click();
 
   await page.locator('.time-zone-field').click();
   await page.getByRole('option', { name: 'Etc/UTC' }).click();
@@ -150,8 +150,8 @@ test('[TEMPLATE]: should create a team document from a team template', async ({
 
   // Set advanced options.
   await page.getByRole('button', { name: 'Advanced Options' }).click();
-  await page.locator('button').filter({ hasText: 'YYYY-MM-DD HH:mm' }).click();
-  await page.getByLabel('DD/MM/YYYY HH:mm').click();
+  await page.locator('button').filter({ hasText: 'YYYY-MM-DD hh:mm AM/PM' }).click();
+  await page.getByLabel('DD/MM/YYYY HH:mm', { exact: true }).click();
 
   await page.locator('.time-zone-field').click();
   await page.getByRole('option', { name: 'Etc/UTC' }).click();
diff --git a/packages/lib/constants/date-formats.ts b/packages/lib/constants/date-formats.ts
index a02030a45..1f9b75929 100644
--- a/packages/lib/constants/date-formats.ts
+++ b/packages/lib/constants/date-formats.ts
@@ -2,22 +2,29 @@ import { DateTime } from 'luxon';
 
 import { DEFAULT_DOCUMENT_TIME_ZONE } from './time-zones';
 
-export const DEFAULT_DOCUMENT_DATE_FORMAT = 'yyyy-MM-dd HH:mm';
+export const DEFAULT_DOCUMENT_DATE_FORMAT = 'yyyy-MM-dd hh:mm a';
 
 export const VALID_DATE_FORMAT_VALUES = [
   DEFAULT_DOCUMENT_DATE_FORMAT,
   'yyyy-MM-dd',
   'dd/MM/yyyy',
   'MM/dd/yyyy',
-  'dd.MM.yyyy',
   'yy-MM-dd',
   'MMMM dd, yyyy',
   'EEEE, MMMM dd, yyyy',
+  'dd/MM/yyyy hh:mm a',
   'dd/MM/yyyy HH:mm',
+  'MM/dd/yyyy hh:mm a',
   'MM/dd/yyyy HH:mm',
+  'dd.MM.yyyy',
   'dd.MM.yyyy HH:mm',
+  'yyyy-MM-dd HH:mm',
+  'yy-MM-dd hh:mm a',
   'yy-MM-dd HH:mm',
+  'yyyy-MM-dd HH:mm:ss',
+  'MMMM dd, yyyy hh:mm a',
   'MMMM dd, yyyy HH:mm',
+  'EEEE, MMMM dd, yyyy hh:mm a',
   'EEEE, MMMM dd, yyyy HH:mm',
   "yyyy-MM-dd'T'HH:mm:ss.SSSXXX",
 ] as const;
@@ -25,43 +32,76 @@ export const VALID_DATE_FORMAT_VALUES = [
 export type ValidDateFormat = (typeof VALID_DATE_FORMAT_VALUES)[number];
 
 export const DATE_FORMATS = [
+  {
+    key: 'yyyy-MM-dd_HH:mm_12H',
+    label: 'YYYY-MM-DD hh:mm AM/PM',
+    value: DEFAULT_DOCUMENT_DATE_FORMAT,
+  },
   {
     key: 'yyyy-MM-dd_HH:mm',
     label: 'YYYY-MM-DD HH:mm',
-    value: DEFAULT_DOCUMENT_DATE_FORMAT,
+    value: 'yyyy-MM-dd HH:mm',
   },
   {
     key: 'DDMMYYYY_TIME',
     label: 'DD/MM/YYYY HH:mm',
     value: 'dd/MM/yyyy HH:mm',
   },
+  {
+    key: 'DDMMYYYY_TIME_12H',
+    label: 'DD/MM/YYYY HH:mm AM/PM',
+    value: 'dd/MM/yyyy hh:mm a',
+  },
   {
     key: 'MMDDYYYY_TIME',
     label: 'MM/DD/YYYY HH:mm',
     value: 'MM/dd/yyyy HH:mm',
   },
+  {
+    key: 'MMDDYYYY_TIME_12H',
+    label: 'MM/DD/YYYY HH:mm AM/PM',
+    value: 'MM/dd/yyyy hh:mm a',
+  },
   {
     key: 'DDMMYYYYHHMM',
     label: 'DD.MM.YYYY HH:mm',
     value: 'dd.MM.yyyy HH:mm',
   },
-
   {
     key: 'YYMMDD_TIME',
     label: 'YY-MM-DD HH:mm',
     value: 'yy-MM-dd HH:mm',
   },
-
+  {
+    key: 'YYMMDD_TIME_12H',
+    label: 'YY-MM-DD HH:mm AM/PM',
+    value: 'yy-MM-dd hh:mm a',
+  },
+  {
+    key: 'YYYY_MM_DD_HH_MM_SS',
+    label: 'YYYY-MM-DD HH:mm:ss',
+    value: 'yyyy-MM-dd HH:mm:ss',
+  },
   {
     key: 'MonthDateYear_TIME',
     label: 'Month Date, Year HH:mm',
     value: 'MMMM dd, yyyy HH:mm',
   },
+  {
+    key: 'MonthDateYear_TIME_12H',
+    label: 'Month Date, Year HH:mm AM/PM',
+    value: 'MMMM dd, yyyy hh:mm a',
+  },
   {
     key: 'DayMonthYear_TIME',
     label: 'Day, Month Year HH:mm',
     value: 'EEEE, MMMM dd, yyyy HH:mm',
   },
+  {
+    key: 'DayMonthYear_TIME_12H',
+    label: 'Day, Month Year HH:mm AM/PM',
+    value: 'EEEE, MMMM dd, yyyy hh:mm a',
+  },
   {
     key: 'ISO8601',
     label: 'ISO 8601',

From 2aa391f91739c6cefa6edc13b18c15d584bf8d07 Mon Sep 17 00:00:00 2001
From: Mythie <me@lucasjamessmith.me>
Date: Fri, 26 Sep 2025 09:57:34 +1000
Subject: [PATCH 39/47] v1.12.7

---
 apps/remix/package.json | 2 +-
 package-lock.json       | 6 +++---
 package.json            | 2 +-
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/apps/remix/package.json b/apps/remix/package.json
index 1c5f91860..6d15b52a7 100644
--- a/apps/remix/package.json
+++ b/apps/remix/package.json
@@ -101,5 +101,5 @@
     "vite-plugin-babel-macros": "^1.0.6",
     "vite-tsconfig-paths": "^5.1.4"
   },
-  "version": "1.12.6"
+  "version": "1.12.7"
 }
diff --git a/package-lock.json b/package-lock.json
index 1a647e8e8..38c13e749 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,12 +1,12 @@
 {
   "name": "@documenso/root",
-  "version": "1.12.6",
+  "version": "1.12.7",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "@documenso/root",
-      "version": "1.12.6",
+      "version": "1.12.7",
       "workspaces": [
         "apps/*",
         "packages/*"
@@ -89,7 +89,7 @@
     },
     "apps/remix": {
       "name": "@documenso/remix",
-      "version": "1.12.6",
+      "version": "1.12.7",
       "dependencies": {
         "@documenso/api": "*",
         "@documenso/assets": "*",
diff --git a/package.json b/package.json
index 1ff870149..6c5cc0ad6 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "private": true,
-  "version": "1.12.6",
+  "version": "1.12.7",
   "scripts": {
     "build": "turbo run build",
     "dev": "turbo run dev --filter=@documenso/remix",

From c7d21c65871b56a1e241da656199967b3fcd9675 Mon Sep 17 00:00:00 2001
From: Catalin Pit <catalinpit@gmail.com>
Date: Mon, 29 Sep 2025 10:11:00 +0300
Subject: [PATCH 40/47] fix: update personal organisation email settings
 (#2048)

---
 .../forms/document-preferences-form.tsx       |  7 ++--
 .../update-organisation-settings.ts           | 15 +++++++++
 .../team-router/update-team-settings.ts       | 32 +++++++++++++++++++
 3 files changed, 52 insertions(+), 2 deletions(-)

diff --git a/apps/remix/app/components/forms/document-preferences-form.tsx b/apps/remix/app/components/forms/document-preferences-form.tsx
index eb3c64e06..38d01e252 100644
--- a/apps/remix/app/components/forms/document-preferences-form.tsx
+++ b/apps/remix/app/components/forms/document-preferences-form.tsx
@@ -3,10 +3,11 @@ import { msg } from '@lingui/core/macro';
 import { useLingui } from '@lingui/react/macro';
 import { Trans } from '@lingui/react/macro';
 import type { TeamGlobalSettings } from '@prisma/client';
-import { DocumentVisibility } from '@prisma/client';
+import { DocumentVisibility, OrganisationType } from '@prisma/client';
 import { useForm } from 'react-hook-form';
 import { z } from 'zod';
 
+import { useCurrentOrganisation } from '@documenso/lib/client-only/providers/organisation';
 import { useSession } from '@documenso/lib/client-only/providers/session';
 import { DATE_FORMATS } from '@documenso/lib/constants/date-formats';
 import { DOCUMENT_SIGNATURE_TYPES, DocumentSignatureType } from '@documenso/lib/constants/document';
@@ -86,8 +87,10 @@ export const DocumentPreferencesForm = ({
 }: DocumentPreferencesFormProps) => {
   const { t } = useLingui();
   const { user, organisations } = useSession();
+  const currentOrganisation = useCurrentOrganisation();
 
   const isPersonalLayoutMode = isPersonalLayout(organisations);
+  const isPersonalOrganisation = currentOrganisation.type === OrganisationType.PERSONAL;
 
   const placeholderEmail = user.email ?? 'user@example.com';
 
@@ -331,7 +334,7 @@ export const DocumentPreferencesForm = ({
             )}
           />
 
-          {!isPersonalLayoutMode && (
+          {!isPersonalLayoutMode && !isPersonalOrganisation && (
             <FormField
               control={form.control}
               name="includeSenderDetails"
diff --git a/packages/trpc/server/organisation-router/update-organisation-settings.ts b/packages/trpc/server/organisation-router/update-organisation-settings.ts
index 08c4dceb1..661fbf950 100644
--- a/packages/trpc/server/organisation-router/update-organisation-settings.ts
+++ b/packages/trpc/server/organisation-router/update-organisation-settings.ts
@@ -1,3 +1,5 @@
+import { OrganisationType } from '@prisma/client';
+
 import { ORGANISATION_MEMBER_ROLE_PERMISSIONS_MAP } from '@documenso/lib/constants/organisations';
 import { AppError, AppErrorCode } from '@documenso/lib/errors/app-error';
 import { buildOrganisationWhereQuery } from '@documenso/lib/utils/organisations';
@@ -104,6 +106,19 @@ export const updateOrganisationSettingsRoute = authenticatedProcedure
       });
     }
 
+    const isPersonalOrganisation = organisation.type === OrganisationType.PERSONAL;
+    const currentIncludeSenderDetails =
+      organisation.organisationGlobalSettings.includeSenderDetails;
+
+    const isChangingIncludeSenderDetails =
+      includeSenderDetails !== undefined && includeSenderDetails !== currentIncludeSenderDetails;
+
+    if (isPersonalOrganisation && isChangingIncludeSenderDetails) {
+      throw new AppError(AppErrorCode.INVALID_BODY, {
+        message: 'Personal organisations cannot update the sender details',
+      });
+    }
+
     await prisma.organisation.update({
       where: {
         id: organisationId,
diff --git a/packages/trpc/server/team-router/update-team-settings.ts b/packages/trpc/server/team-router/update-team-settings.ts
index f3805366c..57a9329e0 100644
--- a/packages/trpc/server/team-router/update-team-settings.ts
+++ b/packages/trpc/server/team-router/update-team-settings.ts
@@ -1,7 +1,10 @@
 import { Prisma } from '@prisma/client';
+import { OrganisationType } from '@prisma/client';
 
+import { ORGANISATION_MEMBER_ROLE_PERMISSIONS_MAP } from '@documenso/lib/constants/organisations';
 import { TEAM_MEMBER_ROLE_PERMISSIONS_MAP } from '@documenso/lib/constants/teams';
 import { AppError, AppErrorCode } from '@documenso/lib/errors/app-error';
+import { buildOrganisationWhereQuery } from '@documenso/lib/utils/organisations';
 import { buildTeamWhereQuery } from '@documenso/lib/utils/teams';
 import { prisma } from '@documenso/prisma';
 
@@ -97,6 +100,35 @@ export const updateTeamSettingsRoute = authenticatedProcedure
       }
     }
 
+    const organisation = await prisma.organisation.findFirst({
+      where: buildOrganisationWhereQuery({
+        organisationId: team.organisationId,
+        userId: user.id,
+        roles: ORGANISATION_MEMBER_ROLE_PERMISSIONS_MAP['MANAGE_ORGANISATION'],
+      }),
+      select: {
+        type: true,
+        organisationGlobalSettings: {
+          select: {
+            includeSenderDetails: true,
+          },
+        },
+      },
+    });
+
+    const isPersonalOrganisation = organisation?.type === OrganisationType.PERSONAL;
+    const currentIncludeSenderDetails =
+      organisation?.organisationGlobalSettings.includeSenderDetails;
+
+    const isChangingIncludeSenderDetails =
+      includeSenderDetails !== undefined && includeSenderDetails !== currentIncludeSenderDetails;
+
+    if (isPersonalOrganisation && isChangingIncludeSenderDetails) {
+      throw new AppError(AppErrorCode.INVALID_BODY, {
+        message: 'Personal teams cannot update the sender details',
+      });
+    }
+
     await prisma.team.update({
       where: {
         id: teamId,

From 577691214b1fd709823f1e21e776e46c1613860d Mon Sep 17 00:00:00 2001
From: Lucas Smith <me@lucasjamessmith.me>
Date: Mon, 29 Sep 2025 23:22:36 +1000
Subject: [PATCH 41/47] fix: add viewed call for embedded signing (#2055)

Adds the missing `viewedDocument` method call for embedded signing.

I believe this had previously been added but was lost as the result of a
merge conflict being resolved.
---
 apps/remix/app/routes/embed+/_v0+/sign.$url.tsx | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/apps/remix/app/routes/embed+/_v0+/sign.$url.tsx b/apps/remix/app/routes/embed+/_v0+/sign.$url.tsx
index 88c3b7745..668ca417d 100644
--- a/apps/remix/app/routes/embed+/_v0+/sign.$url.tsx
+++ b/apps/remix/app/routes/embed+/_v0+/sign.$url.tsx
@@ -1,10 +1,12 @@
 import { RecipientRole } from '@prisma/client';
 import { data } from 'react-router';
+import { getOptionalLoaderContext } from 'server/utils/get-loader-session';
 import { match } from 'ts-pattern';
 
 import { getOptionalSession } from '@documenso/auth/server/lib/utils/get-session';
 import { IS_BILLING_ENABLED } from '@documenso/lib/constants/app';
 import { getDocumentAndSenderByToken } from '@documenso/lib/server-only/document/get-document-by-token';
+import { viewedDocument } from '@documenso/lib/server-only/document/viewed-document';
 import { getCompletedFieldsForToken } from '@documenso/lib/server-only/field/get-completed-fields-for-token';
 import { getFieldsForToken } from '@documenso/lib/server-only/field/get-fields-for-token';
 import { getOrganisationClaimByTeamId } from '@documenso/lib/server-only/organisation/get-organisation-claims';
@@ -23,6 +25,8 @@ import { superLoaderJson, useSuperLoaderData } from '~/utils/super-json-loader';
 import type { Route } from './+types/sign.$url';
 
 export async function loader({ params, request }: Route.LoaderArgs) {
+  const { requestMetadata } = getOptionalLoaderContext();
+
   if (!params.url) {
     throw new Response('Not found', { status: 404 });
   }
@@ -102,6 +106,12 @@ export async function loader({ params, request }: Route.LoaderArgs) {
     );
   }
 
+  await viewedDocument({
+    token,
+    requestMetadata,
+    recipientAccessAuth: derivedRecipientAccessAuth,
+  });
+
   const allRecipients =
     recipient.role === RecipientRole.ASSISTANT
       ? await getRecipientsForAssistant({

From a5eaa8ad47cc934d727a08be1aa4029921d2614b Mon Sep 17 00:00:00 2001
From: Lucas Smith <me@lucasjamessmith.me>
Date: Mon, 29 Sep 2025 23:22:59 +1000
Subject: [PATCH 42/47] v1.12.8

---
 apps/remix/package.json | 2 +-
 package-lock.json       | 6 +++---
 package.json            | 2 +-
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/apps/remix/package.json b/apps/remix/package.json
index 6d15b52a7..45798c977 100644
--- a/apps/remix/package.json
+++ b/apps/remix/package.json
@@ -101,5 +101,5 @@
     "vite-plugin-babel-macros": "^1.0.6",
     "vite-tsconfig-paths": "^5.1.4"
   },
-  "version": "1.12.7"
+  "version": "1.12.8"
 }
diff --git a/package-lock.json b/package-lock.json
index 38c13e749..44b76a80c 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,12 +1,12 @@
 {
   "name": "@documenso/root",
-  "version": "1.12.7",
+  "version": "1.12.8",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "@documenso/root",
-      "version": "1.12.7",
+      "version": "1.12.8",
       "workspaces": [
         "apps/*",
         "packages/*"
@@ -89,7 +89,7 @@
     },
     "apps/remix": {
       "name": "@documenso/remix",
-      "version": "1.12.7",
+      "version": "1.12.8",
       "dependencies": {
         "@documenso/api": "*",
         "@documenso/assets": "*",
diff --git a/package.json b/package.json
index 6c5cc0ad6..ea07e5c79 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "private": true,
-  "version": "1.12.7",
+  "version": "1.12.8",
   "scripts": {
     "build": "turbo run build",
     "dev": "turbo run dev --filter=@documenso/remix",

From 34673172710b6018a0065e1ffe08f51ce3b19efa Mon Sep 17 00:00:00 2001
From: David Nguyen <davidngu28@gmail.com>
Date: Thu, 2 Oct 2025 13:20:30 +1000
Subject: [PATCH 43/47] chore: extract translations (#2056)

## Description

Extract translations to be translated
---
 packages/lib/translations/de/web.po | 744 ++++++++++++++++++++++++---
 packages/lib/translations/en/web.po | 651 +++++++++++++++++++++--
 packages/lib/translations/es/web.po | 747 ++++++++++++++++++++++++---
 packages/lib/translations/fr/web.po | 744 ++++++++++++++++++++++++---
 packages/lib/translations/it/web.po | 766 ++++++++++++++++++++++++----
 packages/lib/translations/pl/web.po | 744 ++++++++++++++++++++++++---
 6 files changed, 3945 insertions(+), 451 deletions(-)

diff --git a/packages/lib/translations/de/web.po b/packages/lib/translations/de/web.po
index 1f8b34d28..b3a8af9e0 100644
--- a/packages/lib/translations/de/web.po
+++ b/packages/lib/translations/de/web.po
@@ -414,14 +414,30 @@ msgstr "{visibleRows, plural, one {Eine # Ergebnis wird angezeigt.} other {# Erg
 msgid "<0>\"{0}\"</0>is no longer available to sign"
 msgstr "<0>\"{0}\"</0> steht nicht mehr zur Unterschrift zur Verfügung"
 
+#: packages/email/templates/organisation-account-link-confirmation.tsx
+msgid "<0>{organisationName}</0> has requested to create an account on your behalf."
+msgstr ""
+
+#: packages/email/templates/organisation-account-link-confirmation.tsx
+msgid "<0>{organisationName}</0> has requested to link your current Documenso account to their organisation."
+msgstr ""
+
 #: packages/email/templates/confirm-team-email.tsx
 msgid "<0>{teamName}</0> has requested to use your email address for their team on Documenso."
 msgstr "<0>{teamName}</0> hat angefragt, Ihre E-Mail-Adresse für ihr Team bei Documenso zu verwenden."
 
+#: apps/remix/app/routes/_unauthenticated+/organisation.sso.confirmation.$token.tsx
+msgid "<0>Account management:</0> Modify your account settings, permissions, and preferences"
+msgstr ""
+
 #: apps/remix/app/components/dialogs/template-use-dialog.tsx
 msgid "<0>Click to upload</0> or drag and drop"
 msgstr "<0>Klicken Sie hier, um hochzuladen</0> oder ziehen Sie die Datei per Drag & Drop"
 
+#: apps/remix/app/routes/_unauthenticated+/organisation.sso.confirmation.$token.tsx
+msgid "<0>Data access:</0> Access all data associated with your account"
+msgstr ""
+
 #: packages/ui/components/document/document-signature-settings-tooltip.tsx
 msgid "<0>Drawn</0> - A signature that is drawn using a mouse or stylus."
 msgstr "<0>Gezeichnet</0> - Eine Signatur, die mit einer Maus oder einem Stift gezeichnet wird."
@@ -430,6 +446,10 @@ msgstr "<0>Gezeichnet</0> - Eine Signatur, die mit einer Maus oder einem Stift g
 msgid "<0>Email</0> - The recipient will be emailed the document to sign, approve, etc."
 msgstr "<0>E-Mail</0> - Der Empfänger erhält das Dokument zur Unterschrift, Genehmigung usw."
 
+#: apps/remix/app/routes/_unauthenticated+/organisation.sso.confirmation.$token.tsx
+msgid "<0>Full account access:</0> View all your profile information, settings, and activity"
+msgstr ""
+
 #: packages/ui/components/recipient/recipient-action-auth-select.tsx
 msgid "<0>Inherit authentication method</0> - Use the global action signing authentication method configured in the \"General Settings\" step"
 msgstr "<0>Authentifizierungsmethode erben</0> - Verwenden Sie die in den \"Allgemeinen Einstellungen\" konfigurierte globale Aktionssignatur-Authentifizierungsmethode"
@@ -517,10 +537,18 @@ msgstr "12 Monate"
 msgid "2FA"
 msgstr "2FA"
 
+#: apps/remix/app/components/dialogs/admin-user-reset-two-factor-dialog.tsx
+msgid "2FA Reset"
+msgstr ""
+
 #: apps/remix/app/components/forms/token.tsx
 msgid "3 months"
 msgstr "3 Monate"
 
+#: apps/remix/app/routes/_unauthenticated+/organisation.sso.confirmation.$token.tsx
+msgid "400 Error"
+msgstr ""
+
 #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings._layout.tsx
 #: apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings._layout.tsx
 msgid "401 Unauthorized"
@@ -534,6 +562,10 @@ msgstr "404 E-Mail-Domain nicht gefunden"
 msgid "404 not found"
 msgstr "404 nicht gefunden"
 
+#: apps/remix/app/routes/_unauthenticated+/o.$orgUrl.signin.tsx
+msgid "404 Not Found"
+msgstr ""
+
 #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.groups.$id.tsx
 msgid "404 Organisation group not found"
 msgstr "404 Organisationsgruppe nicht gefunden"
@@ -597,16 +629,19 @@ msgid "A draft document will be created"
 msgstr "Ein Entwurf wird erstellt"
 
 #: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
 msgid "A field was added"
-msgstr "Ein Feld wurde hinzugefügt"
+msgstr ""
 
 #: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
 msgid "A field was removed"
-msgstr "Ein Feld wurde entfernt"
+msgstr ""
 
 #: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
 msgid "A field was updated"
-msgstr "Ein Feld wurde aktualisiert"
+msgstr ""
 
 #: apps/remix/app/routes/_unauthenticated+/articles.signature-disclosure.tsx
 msgid "A means to print or download documents for your records"
@@ -646,16 +681,27 @@ msgid "A password reset email has been sent, if you have an account you should s
 msgstr "Eine E-Mail zum Zurücksetzen des Passworts wurde gesendet, wenn du ein Konto hast, solltest du sie in Kürze in deinem Posteingang sehen."
 
 #: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
 msgid "A recipient was added"
-msgstr "Ein Empfänger wurde hinzugefügt"
+msgstr ""
 
 #: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
 msgid "A recipient was removed"
-msgstr "Ein Empfänger wurde entfernt"
+msgstr ""
 
 #: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
 msgid "A recipient was updated"
-msgstr "Ein Empfänger wurde aktualisiert"
+msgstr ""
+
+#: packages/email/templates/organisation-account-link-confirmation.tsx
+msgid "A request has been made to create an account for you"
+msgstr ""
+
+#: packages/email/templates/organisation-account-link-confirmation.tsx
+msgid "A request has been made to link your Documenso account"
+msgstr ""
 
 #. placeholder {0}: team.name
 #: packages/lib/server-only/team/create-team-email-verification.ts
@@ -706,6 +752,10 @@ msgstr "Eine Bestätigungs-E-Mail wird an die angegebene E-Mail-Adresse gesendet
 msgid "Accept"
 msgstr "Akzeptieren"
 
+#: apps/remix/app/routes/_unauthenticated+/organisation.sso.confirmation.$token.tsx
+msgid "Accept & Link Account"
+msgstr ""
+
 #: packages/email/templates/organisation-invite.tsx
 msgid "Accept invitation to join an organisation on Documenso"
 msgstr "Einladung annehmen, um einer Organisation auf Documenso beizutreten"
@@ -726,6 +776,7 @@ msgstr "Zugriff deaktiviert"
 msgid "Access enabled"
 msgstr "Zugang aktiviert"
 
+#: apps/remix/app/routes/_unauthenticated+/organisation.sso.confirmation.$token.tsx
 #: apps/remix/app/components/general/org-menu-switcher.tsx
 #: apps/remix/app/components/general/document-signing/document-signing-auth-dialog.tsx
 msgid "Account"
@@ -735,6 +786,14 @@ msgstr "Konto"
 msgid "Account Authentication"
 msgstr "Kontowauthentifizierung"
 
+#: packages/email/templates/organisation-account-link-confirmation.tsx
+msgid "Account creation request"
+msgstr ""
+
+#: apps/remix/app/routes/_unauthenticated+/organisation.sso.confirmation.$token.tsx
+msgid "Account Creation Request"
+msgstr ""
+
 #: apps/remix/app/components/dialogs/admin-user-delete-dialog.tsx
 #: apps/remix/app/components/dialogs/account-delete-dialog.tsx
 msgid "Account deleted"
@@ -748,10 +807,18 @@ msgstr "Konto deaktiviert"
 msgid "Account enabled"
 msgstr "Konto aktiviert"
 
+#: apps/remix/app/routes/_unauthenticated+/organisation.sso.confirmation.$token.tsx
+msgid "Account Linking Request"
+msgstr ""
+
 #: apps/remix/app/routes/_internal+/[__htmltopdf]+/certificate.tsx
 msgid "Account Re-Authentication"
 msgstr "Kontowiederauthentifizierung"
 
+#: apps/remix/app/routes/_authenticated+/settings+/security.linked-accounts.tsx
+msgid "Account unlinked"
+msgstr ""
+
 #: apps/remix/app/routes/_unauthenticated+/articles.signature-disclosure.tsx
 msgid "Acknowledgment"
 msgstr "Bestätigung"
@@ -766,6 +833,7 @@ msgstr "Aktion"
 
 #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.email-domains.$id.tsx
 #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.email-domains.$id.tsx
+#: apps/remix/app/routes/_authenticated+/admin+/organisations.$id.tsx
 #: apps/remix/app/components/tables/templates-table.tsx
 #: apps/remix/app/components/tables/team-members-table.tsx
 #: apps/remix/app/components/tables/team-members-table.tsx
@@ -804,6 +872,10 @@ msgstr "Aktive Abonnements"
 msgid "Add"
 msgstr "Hinzufügen"
 
+#: packages/ui/primitives/document-flow/add-signers.tsx
+msgid "Add 2 or more signers to enable signing order."
+msgstr ""
+
 #: apps/remix/app/components/dialogs/organisation-email-domain-create-dialog.tsx
 msgid "Add a custom domain to send emails on behalf of your organisation. We'll generate DKIM records that you need to add to your DNS provider."
 msgstr "Fügen Sie eine benutzerdefinierte Domain hinzu, um E-Mails im Namen Ihrer Organisation zu senden. Wir generieren DKIM-Einträge, die Sie Ihrem DNS-Anbieter hinzufügen müssen."
@@ -961,6 +1033,10 @@ msgstr "Fügen Sie die Empfänger hinzu, um das Dokument zu erstellen"
 msgid "Add these DNS records to verify your domain ownership"
 msgstr "Fügen Sie diese DNS-Einträge hinzu, um den Besitz Ihrer Domain zu verifizieren"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "Add this URL to your provider's allowed redirect URIs"
+msgstr ""
+
 #: apps/remix/app/components/forms/branding-preferences-form.tsx
 msgid "Additional brand information to display at the bottom of emails"
 msgstr "Zusätzliche Markeninformationen, die am Ende von E-Mails angezeigt werden sollen"
@@ -1078,6 +1154,10 @@ msgstr "Erlauben Sie den Dokumentempfängern, direkt an diese E-Mail-Adresse zu
 msgid "Allow signers to dictate next signer"
 msgstr "Unterzeichner können nächsten Unterzeichner bestimmen"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "Allowed Email Domains"
+msgstr ""
+
 #: apps/remix/app/components/embed/authoring/configure-document-advanced-settings.tsx
 #: packages/ui/primitives/template-flow/add-template-settings.tsx
 #: packages/ui/primitives/document-flow/add-settings.tsx
@@ -1120,6 +1200,7 @@ msgstr "Eine E-Mail mit einer Einladung wird an jedes Mitglied gesendet."
 msgid "An email with this address already exists."
 msgstr "Eine E-Mail mit dieser Adresse existiert bereits."
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
 #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.groups.$id.tsx
 #: apps/remix/app/routes/_authenticated+/admin+/organisations.$id.tsx
 #: apps/remix/app/routes/_authenticated+/admin+/organisations.$id.tsx
@@ -1139,6 +1220,7 @@ msgstr "Ein Fehler ist aufgetreten beim Hinzufügen von Feldern."
 
 #: apps/remix/app/components/general/template/template-edit-form.tsx
 #: apps/remix/app/components/general/document/document-edit-form.tsx
+#: apps/remix/app/components/general/document/document-edit-form.tsx
 msgid "An error occurred while adding signers."
 msgstr "Ein Fehler ist aufgetreten, während Unterzeichner hinzugefügt wurden."
 
@@ -1146,6 +1228,30 @@ msgstr "Ein Fehler ist aufgetreten, während Unterzeichner hinzugefügt wurden."
 msgid "An error occurred while adding the fields."
 msgstr "Ein Fehler ist aufgetreten, während die Felder hinzugefügt wurden."
 
+#: apps/remix/app/components/general/document/document-edit-form.tsx
+msgid "An error occurred while auto-saving the document settings."
+msgstr ""
+
+#: apps/remix/app/components/general/document/document-edit-form.tsx
+msgid "An error occurred while auto-saving the fields."
+msgstr ""
+
+#: apps/remix/app/components/general/document/document-edit-form.tsx
+msgid "An error occurred while auto-saving the subject form."
+msgstr ""
+
+#: apps/remix/app/components/general/template/template-edit-form.tsx
+msgid "An error occurred while auto-saving the template fields."
+msgstr ""
+
+#: apps/remix/app/components/general/template/template-edit-form.tsx
+msgid "An error occurred while auto-saving the template placeholders."
+msgstr ""
+
+#: apps/remix/app/components/general/template/template-edit-form.tsx
+msgid "An error occurred while auto-saving the template settings."
+msgstr ""
+
 #: apps/remix/app/components/general/document-signing/document-signing-auto-sign.tsx
 msgid "An error occurred while auto-signing the document, some fields may not be signed. Please review and manually sign any remaining fields."
 msgstr "Beim automatischen Signieren des Dokuments ist ein Fehler aufgetreten, einige Felder wurden möglicherweise nicht signiert. Bitte überprüfen Sie und signieren Sie alle verbleibenden Felder manuell."
@@ -1224,6 +1330,10 @@ msgstr "Beim Entfernen der Auswahl ist ein Fehler aufgetreten."
 msgid "An error occurred while removing the signature."
 msgstr "Ein Fehler ist aufgetreten, während die Unterschrift entfernt wurde."
 
+#: apps/remix/app/components/dialogs/admin-user-reset-two-factor-dialog.tsx
+msgid "An error occurred while resetting two factor authentication for the user."
+msgstr ""
+
 #: apps/remix/app/components/general/document/document-edit-form.tsx
 msgid "An error occurred while sending the document."
 msgstr "Ein Fehler ist aufgetreten, während das Dokument gesendet wurde."
@@ -1281,10 +1391,23 @@ msgstr "Ein Fehler ist aufgetreten, während dein Profil aktualisiert wurde."
 msgid "An error occurred while uploading your document."
 msgstr "Ein Fehler ist aufgetreten, während dein Dokument hochgeladen wurde."
 
+#: apps/remix/app/components/forms/support-ticket-form.tsx
+msgid "An error occurred. Please try again later."
+msgstr ""
+
+#: apps/remix/app/routes/_unauthenticated+/organisation.sso.confirmation.$token.tsx
+msgid "An organisation wants to create an account for you. Please review the details below."
+msgstr ""
+
+#: apps/remix/app/routes/_unauthenticated+/organisation.sso.confirmation.$token.tsx
+msgid "An organisation wants to link your account. Please review the details below."
+msgstr ""
+
 #: apps/remix/app/components/general/generic-error-layout.tsx
 msgid "An unexpected error occurred."
 msgstr "Ein unerwarteter Fehler ist aufgetreten."
 
+#: apps/remix/app/routes/_unauthenticated+/o.$orgUrl.signin.tsx
 #: apps/remix/app/routes/_authenticated+/admin+/site-settings.tsx
 #: apps/remix/app/components/general/app-command-menu.tsx
 #: apps/remix/app/components/forms/team-update-form.tsx
@@ -1364,37 +1487,48 @@ msgstr "API-Token"
 msgid "App Version"
 msgstr "App-Version"
 
+#: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role action verb"
+msgid "Approve"
+msgstr ""
+
 #: apps/remix/app/components/tables/inbox-table.tsx
 #: apps/remix/app/components/tables/documents-table-action-dropdown.tsx
 #: apps/remix/app/components/tables/documents-table-action-button.tsx
 #: apps/remix/app/components/general/document-signing/document-signing-complete-dialog.tsx
 #: apps/remix/app/components/general/document-signing/document-signing-complete-dialog.tsx
 #: apps/remix/app/components/general/document/document-page-view-button.tsx
-#: packages/lib/constants/recipient-roles.ts
 msgid "Approve"
 msgstr "Genehmigen"
 
-#: apps/remix/app/components/general/document-signing/document-signing-form.tsx
+#: apps/remix/app/components/general/document-signing/document-signing-page-view.tsx
 #: packages/email/template-components/template-document-invite.tsx
 msgid "Approve Document"
 msgstr "Dokument genehmigen"
 
-#: apps/remix/app/components/general/document/document-page-view-recipients.tsx
 #: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role actioned"
+msgid "Approved"
+msgstr ""
+
+#: apps/remix/app/components/general/document/document-page-view-recipients.tsx
 msgid "Approved"
 msgstr "Genehmigt"
 
 #: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role name"
 msgid "Approver"
-msgstr "Genehmiger"
+msgstr ""
 
 #: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role plural name"
 msgid "Approvers"
-msgstr "Genehmigende"
+msgstr ""
 
 #: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role progressive verb"
 msgid "Approving"
-msgstr "Genehmigung"
+msgstr ""
 
 #: apps/remix/app/components/dialogs/assistant-confirmation-dialog.tsx
 msgid "Are you sure you want to complete the document? This action cannot be undone. Please ensure that you have completed prefilling all relevant fields before proceeding."
@@ -1428,6 +1562,7 @@ msgstr "Sind Sie sicher, dass Sie diese Organisation löschen möchten?"
 msgid "Are you sure you wish to delete this team?"
 msgstr "Bist du dir sicher, dass du dieses Team löschen möchtest?"
 
+#: apps/remix/app/routes/_authenticated+/settings+/security.linked-accounts.tsx
 #: apps/remix/app/components/general/teams/team-email-usage.tsx
 #: apps/remix/app/components/dialogs/template-direct-link-dialog.tsx
 #: apps/remix/app/components/dialogs/team-member-delete-dialog.tsx
@@ -1450,10 +1585,11 @@ msgid "Assigned Teams"
 msgstr "Zugewiesene Teams"
 
 #: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role action verb"
 msgid "Assist"
-msgstr "Hilfe"
+msgstr ""
 
-#: apps/remix/app/components/general/document-signing/document-signing-form.tsx
+#: apps/remix/app/components/general/document-signing/document-signing-page-view.tsx
 #: packages/email/template-components/template-document-invite.tsx
 msgid "Assist Document"
 msgstr "Dokumentassistenz"
@@ -1463,29 +1599,36 @@ msgid "Assist with signing"
 msgstr "Unterstützung beim Unterschreiben"
 
 #: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role name"
 msgid "Assistant"
-msgstr "Assistent"
+msgstr ""
 
 #: packages/ui/components/recipient/recipient-role-select.tsx
 msgid "Assistant role is only available when the document is in sequential signing mode."
 msgstr "Die Rolle des Assistenten ist nur verfügbar, wenn das Dokument im sequentiellen Unterschriftsmodus ist."
 
 #: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role plural name"
 msgid "Assistants"
-msgstr "Assistenten"
+msgstr ""
 
 #: apps/remix/app/components/embed/multisign/multi-sign-document-list.tsx
 msgid "Assistants and Copy roles are currently not compatible with the multi-sign experience."
 msgstr "Assistenten- und Kopierollen sind derzeit nicht mit der Multi-Signatur-Erfahrung kompatibel."
 
-#: apps/remix/app/components/general/document/document-page-view-recipients.tsx
 #: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role actioned"
+msgid "Assisted"
+msgstr ""
+
+#: apps/remix/app/components/general/document/document-page-view-recipients.tsx
 msgid "Assisted"
 msgstr "Unterstützt"
 
 #: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role progressive verb"
 msgid "Assisting"
-msgstr "Unterstützend"
+msgstr ""
 
 #: apps/remix/app/components/forms/document-preferences-form.tsx
 #: packages/ui/primitives/template-flow/add-template-settings.types.tsx
@@ -1510,6 +1653,10 @@ msgstr "Protokolle"
 msgid "Authentication Level"
 msgstr "Authentifizierungsstufe"
 
+#: apps/remix/app/routes/_unauthenticated+/o.$orgUrl.signin.tsx
+msgid "Authentication Portal Not Found"
+msgstr ""
+
 #: apps/remix/app/components/general/document-signing/document-signing-auth-page.tsx
 #: apps/remix/app/components/general/direct-template/direct-template-signing-auth-page.tsx
 msgid "Authentication required"
@@ -1640,6 +1787,11 @@ msgstr "Massenversand per CSV"
 msgid "by <0>{senderName}</0>"
 msgstr "von <0>{senderName}</0>"
 
+#. placeholder {0}: organisation.name
+#: apps/remix/app/routes/_unauthenticated+/organisation.sso.confirmation.$token.tsx
+msgid "By accepting this request, you grant {0} the following permissions:"
+msgstr ""
+
 #: packages/email/templates/confirm-team-email.tsx
 msgid "By accepting this request, you will be granting <0>{teamName}</0> access to:"
 msgstr "Durch die Annahme dieser Anfrage gewähren Sie <0>{teamName}</0> Zugriff auf:"
@@ -1672,6 +1824,7 @@ msgstr "Durch die Verwendung der elektronischen Unterschriftsfunktion stimmen Si
 msgid "Can prepare"
 msgstr "Kann vorbereiten"
 
+#: apps/remix/app/routes/_authenticated+/settings+/security.linked-accounts.tsx
 #: apps/remix/app/components/tables/settings-security-passkey-table-actions.tsx
 #: apps/remix/app/components/tables/settings-security-passkey-table-actions.tsx
 #: apps/remix/app/components/general/teams/team-email-usage.tsx
@@ -1763,21 +1916,29 @@ msgid "Cannot remove signer"
 msgstr "Unterzeichner kann nicht entfernt werden"
 
 #: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role name"
 msgid "Cc"
-msgstr "Cc"
+msgstr ""
 
 #: packages/lib/constants/recipient-roles.ts
-#: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role action verb"
 msgid "CC"
-msgstr "CC"
+msgstr ""
 
 #: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role progressive verb"
+msgid "CC"
+msgstr ""
+
+#: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role actioned"
 msgid "CC'd"
-msgstr "CC'd"
+msgstr ""
 
 #: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role plural name"
 msgid "Ccers"
-msgstr "Kohlenstoffkopierer"
+msgstr ""
 
 #: packages/ui/primitives/document-flow/field-items-advanced-settings/text-field.tsx
 msgid "Character Limit"
@@ -1872,10 +2033,27 @@ msgstr "Klicken Sie, um den Signatur-Link zu kopieren, um ihn an den Empfänger
 msgid "Click to insert field"
 msgstr "Klicken, um das Feld auszufüllen"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "Client ID"
+msgstr ""
+
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "Client ID is required"
+msgstr ""
+
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "Client Secret"
+msgstr ""
+
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "Client secret is required"
+msgstr ""
+
 #: apps/remix/app/components/general/billing-plans.tsx
 #: apps/remix/app/components/general/document-signing/document-signing-auth-passkey.tsx
 #: apps/remix/app/components/general/document-signing/document-signing-auth-2fa.tsx
 #: apps/remix/app/components/general/document/document-recipient-link-copy-dialog.tsx
+#: apps/remix/app/components/forms/support-ticket-form.tsx
 #: apps/remix/app/components/forms/2fa/view-recovery-codes-dialog.tsx
 #: apps/remix/app/components/forms/2fa/enable-authenticator-app-dialog.tsx
 #: apps/remix/app/components/dialogs/template-use-dialog.tsx
@@ -1902,6 +2080,8 @@ msgstr "Vergleichen Sie alle Pläne und Funktionen im Detail"
 #: apps/remix/app/components/general/document-signing/document-signing-complete-dialog.tsx
 #: apps/remix/app/components/forms/signup.tsx
 #: apps/remix/app/components/embed/embed-document-signing-page.tsx
+#: apps/remix/app/components/embed/embed-document-signing-page.tsx
+#: apps/remix/app/components/embed/embed-direct-template-client-page.tsx
 #: apps/remix/app/components/embed/embed-direct-template-client-page.tsx
 #: apps/remix/app/components/embed/multisign/multi-sign-document-signing-view.tsx
 msgid "Complete"
@@ -1923,9 +2103,9 @@ msgstr "Dokument abschließen"
 msgid "Complete Signing"
 msgstr "Unterzeichnung abschließen"
 
-#: apps/remix/app/components/general/document-signing/document-signing-form.tsx
-msgid "Complete the fields for the following signers. Once reviewed, they will inform you if any modifications are needed."
-msgstr "Füllen Sie die Felder für die folgenden Unterzeichner aus. Nach der Überprüfung werden sie Sie informieren, ob Änderungen erforderlich sind."
+#: apps/remix/app/components/general/document-signing/document-signing-page-view.tsx
+msgid "Complete the fields for the following signers."
+msgstr ""
 
 #: apps/remix/app/components/general/document-signing/document-signing-complete-dialog.tsx
 #: apps/remix/app/components/general/document-signing/document-signing-complete-dialog.tsx
@@ -2045,6 +2225,7 @@ msgstr "Bestätigung der Löschung"
 msgid "Confirm email"
 msgstr "E-Mail bestätigen"
 
+#: apps/remix/app/routes/_unauthenticated+/o.$orgUrl.signin.tsx
 #: apps/remix/app/components/forms/send-confirmation-email.tsx
 msgid "Confirmation email sent"
 msgstr "Bestätigungs-E-Mail gesendet"
@@ -2061,6 +2242,10 @@ msgstr "Kontaktinformationen"
 msgid "Contact sales here"
 msgstr "Vertrieb hier kontaktieren"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.support.tsx
+msgid "Contact us"
+msgstr ""
+
 #: apps/remix/app/routes/_authenticated+/admin+/site-settings.tsx
 msgid "Content"
 msgstr "Inhalt"
@@ -2141,6 +2326,8 @@ msgstr "Bestimmt, welche Signaturen beim Unterschreiben eines Dokuments verwende
 msgid "Copied"
 msgstr "Kopiert"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
 #: apps/remix/app/components/tables/settings-public-profile-templates-table.tsx
 #: apps/remix/app/components/general/avatar-with-recipient.tsx
 #: apps/remix/app/components/general/template/template-direct-link-badge.tsx
@@ -2182,6 +2369,11 @@ msgstr "Signierlinks kopieren"
 msgid "Copy token"
 msgstr "Token kopieren"
 
+#: apps/remix/app/components/general/template/template-drop-zone-wrapper.tsx
+#: apps/remix/app/components/general/document/document-drop-zone-wrapper.tsx
+msgid "couldn't be uploaded:"
+msgstr ""
+
 #: apps/remix/app/routes/_profile+/_layout.tsx
 #: apps/remix/app/components/dialogs/webhook-create-dialog.tsx
 #: apps/remix/app/components/dialogs/organisation-group-create-dialog.tsx
@@ -2208,6 +2400,10 @@ msgstr "Erstellen Sie eine neue E-Mail-Adresse für Ihre Organisation mit der Do
 msgid "Create a new organisation with {planName} plan. Keep your current organisation on it's current plan"
 msgstr "Erstellen Sie eine neue Organisation mit dem {planName} Plan. Behalten Sie Ihre aktuelle Organisation auf dem aktuellen Plan"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.support.tsx
+msgid "Create a support ticket"
+msgstr ""
+
 #: apps/remix/app/components/dialogs/team-create-dialog.tsx
 msgid "Create a team to collaborate with your team members."
 msgstr "Ein Team erstellen, um mit Ihren Teammitgliedern zusammenzuarbeiten."
@@ -2466,6 +2662,7 @@ msgstr "Erstellungsdatum"
 msgid "Date Format"
 msgstr "Datumsformat"
 
+#: apps/remix/app/routes/_unauthenticated+/organisation.sso.confirmation.$token.tsx
 #: apps/remix/app/components/general/organisations/organisation-invitations.tsx
 #: packages/email/templates/organisation-invite.tsx
 msgid "Decline"
@@ -2491,6 +2688,10 @@ msgstr "Standard-E-Mail"
 msgid "Default Email Settings"
 msgstr "Standard-E-Mail-Einstellungen"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "Default Organisation Role for New Users"
+msgstr ""
+
 #: apps/remix/app/components/forms/document-preferences-form.tsx
 msgid "Default Signature Settings"
 msgstr "Standard-Signatureinstellungen"
@@ -2752,6 +2953,10 @@ msgstr "Das Deaktivieren der direkten Link-Signatur verhindert, dass jemand auf
 msgid "Disabling the user results in the user not being able to use the account. It also disables all the related contents such as subscription, webhooks, teams, and API keys."
 msgstr "Das Deaktivieren des Benutzers führt dazu, dass der Benutzer das Konto nicht mehr nutzen kann. Es werden auch alle zugehörigen Inhalte wie Abonnements, Webhooks, Teams und API-Schlüssel deaktiviert."
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.support.tsx
+msgid "Discord"
+msgstr ""
+
 #: apps/remix/app/components/dialogs/organisation-email-update-dialog.tsx
 #: apps/remix/app/components/dialogs/organisation-email-create-dialog.tsx
 msgid "Display Name"
@@ -2820,8 +3025,9 @@ msgid "Document access"
 msgstr "Dokumentenzugriff"
 
 #: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
 msgid "Document access auth updated"
-msgstr "Die Authentifizierung für den Dokumentenzugriff wurde aktualisiert"
+msgstr ""
 
 #: apps/remix/app/components/general/document/document-status.tsx
 msgid "Document All"
@@ -2837,9 +3043,13 @@ msgstr "Dokument genehmigt"
 msgid "Document Cancelled"
 msgstr "Dokument storniert"
 
+#: packages/lib/utils/document-audit-logs.ts
+#: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
+msgid "Document completed"
+msgstr ""
+
 #: apps/remix/app/components/general/document/document-status.tsx
-#: packages/lib/utils/document-audit-logs.ts
-#: packages/lib/utils/document-audit-logs.ts
 msgid "Document completed"
 msgstr "Dokument abgeschlossen"
 
@@ -2852,8 +3062,12 @@ msgstr "E-Mail zum Abschluss des Dokuments"
 msgid "Document Completed!"
 msgstr "Dokument abgeschlossen!"
 
-#: apps/remix/app/components/dialogs/template-use-dialog.tsx
 #: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
+msgid "Document created"
+msgstr ""
+
+#: apps/remix/app/components/dialogs/template-use-dialog.tsx
 msgid "Document created"
 msgstr "Dokument erstellt"
 
@@ -2879,10 +3093,14 @@ msgstr "Dokument erstellt mit einem <0>direkten Link</0>"
 msgid "Document Creation"
 msgstr "Dokumenterstellung"
 
+#: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
+msgid "Document deleted"
+msgstr ""
+
 #: apps/remix/app/routes/_authenticated+/t.$teamUrl+/documents.$id._index.tsx
 #: apps/remix/app/components/dialogs/document-delete-dialog.tsx
 #: apps/remix/app/components/dialogs/admin-document-delete-dialog.tsx
-#: packages/lib/utils/document-audit-logs.ts
 msgid "Document deleted"
 msgstr "Dokument gelöscht"
 
@@ -2908,8 +3126,9 @@ msgid "Document Duplicated"
 msgstr "Dokument dupliziert"
 
 #: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
 msgid "Document external ID updated"
-msgstr "Externe ID des Dokuments aktualisiert"
+msgstr ""
 
 #: apps/remix/app/components/general/document/document-certificate-qr-view.tsx
 msgid "Document found in your account"
@@ -2945,16 +3164,18 @@ msgid "Document moved"
 msgstr "Dokument verschoben"
 
 #: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
 msgid "Document moved to team"
-msgstr "Dokument ins Team verschoben"
+msgstr ""
 
 #: apps/remix/app/routes/_recipient+/sign.$token+/complete.tsx
 msgid "Document no longer available to sign"
 msgstr "Dokument steht nicht mehr zur Unterschrift zur Verfügung"
 
 #: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
 msgid "Document opened"
-msgstr "Dokument geöffnet"
+msgstr ""
 
 #: apps/remix/app/components/general/document/document-status.tsx
 msgid "Document pending"
@@ -2993,8 +3214,12 @@ msgstr "Dokument Abgelehnt"
 msgid "Document resealed"
 msgstr "Dokument wieder versiegelt"
 
-#: apps/remix/app/components/general/document/document-edit-form.tsx
 #: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
+msgid "Document sent"
+msgstr ""
+
+#: apps/remix/app/components/general/document/document-edit-form.tsx
 msgid "Document sent"
 msgstr "Dokument gesendet"
 
@@ -3003,8 +3228,9 @@ msgid "Document Signed"
 msgstr "Dokument signiert"
 
 #: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
 msgid "Document signing auth updated"
-msgstr "Dokument unterzeichnen Authentifizierung aktualisiert"
+msgstr ""
 
 #: apps/remix/app/components/dialogs/document-delete-dialog.tsx
 msgid "Document signing process will be cancelled"
@@ -3019,12 +3245,14 @@ msgid "Document title"
 msgstr "Dokumenttitel"
 
 #: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
 msgid "Document title updated"
-msgstr "Dokumenttitel aktualisiert"
+msgstr ""
 
 #: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
 msgid "Document updated"
-msgstr "Dokument aktualisiert"
+msgstr ""
 
 #: apps/remix/app/routes/embed+/v1+/authoring+/document.edit.$id.tsx
 msgid "Document updated successfully"
@@ -3040,21 +3268,27 @@ msgid "Document uploaded"
 msgstr "Dokument hochgeladen"
 
 #: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
 msgid "Document viewed"
-msgstr "Dokument angezeigt"
+msgstr ""
 
 #: apps/remix/app/routes/_recipient+/sign.$token+/complete.tsx
 msgid "Document Viewed"
 msgstr "Dokument angesehen"
 
 #: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
 msgid "Document visibility updated"
-msgstr "Sichtbarkeit des Dokuments aktualisiert"
+msgstr ""
 
 #: apps/remix/app/components/dialogs/document-delete-dialog.tsx
 msgid "Document will be permanently deleted"
 msgstr "Dokument wird dauerhaft gelöscht"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.support.tsx
+msgid "Documentation"
+msgstr ""
+
 #: apps/remix/app/routes/_profile+/p.$url.tsx
 #: apps/remix/app/routes/_authenticated+/t.$teamUrl+/documents._index.tsx
 #: apps/remix/app/routes/_authenticated+/t.$teamUrl+/documents.$id.edit.tsx
@@ -3165,6 +3399,11 @@ msgid "Drag and drop your PDF file here"
 msgstr "Ziehen Sie Ihre PDF-Datei hierher"
 
 #: packages/lib/constants/document.ts
+msgctxt "Draw signatute type"
+msgid "Draw"
+msgstr ""
+
+#: packages/ui/primitives/signature-pad/signature-pad.tsx
 msgid "Draw"
 msgstr "Zeichnen"
 
@@ -3411,6 +3650,10 @@ msgstr "Direktlink-Signierung aktivieren"
 msgid "Enable signing order"
 msgstr "Aktiviere die Signaturreihenfolge"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "Enable SSO portal"
+msgstr ""
+
 #: apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.webhooks._index.tsx
 #: apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.webhooks.$id.tsx
 #: apps/remix/app/routes/_authenticated+/admin+/site-settings.tsx
@@ -3475,13 +3718,18 @@ msgstr "Unternehmen"
 #: apps/remix/app/routes/embed+/v1+/authoring+/document.edit.$id.tsx
 #: apps/remix/app/routes/embed+/v1+/authoring+/document.edit.$id.tsx
 #: apps/remix/app/routes/_authenticated+/settings+/security.sessions.tsx
+#: apps/remix/app/routes/_authenticated+/settings+/security.linked-accounts.tsx
 #: apps/remix/app/routes/_authenticated+/admin+/users.$id.tsx
 #: apps/remix/app/routes/_authenticated+/admin+/organisations.$id.tsx
+#: apps/remix/app/routes/_authenticated+/admin+/organisations.$id.tsx
 #: apps/remix/app/routes/_authenticated+/admin+/documents.$id.tsx
 #: apps/remix/app/components/general/verify-email-banner.tsx
 #: apps/remix/app/components/general/template/template-edit-form.tsx
 #: apps/remix/app/components/general/template/template-edit-form.tsx
 #: apps/remix/app/components/general/template/template-edit-form.tsx
+#: apps/remix/app/components/general/template/template-edit-form.tsx
+#: apps/remix/app/components/general/template/template-edit-form.tsx
+#: apps/remix/app/components/general/template/template-edit-form.tsx
 #: apps/remix/app/components/general/document-signing/document-signing-text-field.tsx
 #: apps/remix/app/components/general/document-signing/document-signing-text-field.tsx
 #: apps/remix/app/components/general/document-signing/document-signing-signature-field.tsx
@@ -3510,6 +3758,10 @@ msgstr "Unternehmen"
 #: apps/remix/app/components/general/document/document-edit-form.tsx
 #: apps/remix/app/components/general/document/document-edit-form.tsx
 #: apps/remix/app/components/general/document/document-edit-form.tsx
+#: apps/remix/app/components/general/document/document-edit-form.tsx
+#: apps/remix/app/components/general/document/document-edit-form.tsx
+#: apps/remix/app/components/general/document/document-edit-form.tsx
+#: apps/remix/app/components/general/document/document-edit-form.tsx
 #: apps/remix/app/components/general/document/document-drop-zone-wrapper.tsx
 #: apps/remix/app/components/embed/multisign/multi-sign-document-signing-view.tsx
 #: apps/remix/app/components/dialogs/webhook-create-dialog.tsx
@@ -3521,6 +3773,7 @@ msgstr "Unternehmen"
 #: apps/remix/app/components/dialogs/document-move-to-folder-dialog.tsx
 #: apps/remix/app/components/dialogs/document-move-to-folder-dialog.tsx
 #: apps/remix/app/components/dialogs/document-move-to-folder-dialog.tsx
+#: apps/remix/app/components/dialogs/admin-user-reset-two-factor-dialog.tsx
 #: apps/remix/app/components/dialogs/admin-user-enable-dialog.tsx
 #: apps/remix/app/components/dialogs/admin-user-disable-dialog.tsx
 #: apps/remix/app/components/dialogs/admin-user-delete-dialog.tsx
@@ -3579,6 +3832,10 @@ msgstr "Ordner konnte nicht erstellt werden"
 msgid "Failed to create subscription claim."
 msgstr "Fehler beim Erstellen des Abonnementsanspruchs."
 
+#: apps/remix/app/components/forms/support-ticket-form.tsx
+msgid "Failed to create support ticket"
+msgstr ""
+
 #: apps/remix/app/components/dialogs/folder-delete-dialog.tsx
 msgid "Failed to delete folder"
 msgstr "Ordner konnte nicht gelöscht werden"
@@ -3611,6 +3868,10 @@ msgstr "Einstellungen konnten nicht gespeichert werden."
 msgid "Failed to sign out all sessions"
 msgstr "Fehler beim Abmelden aller Sitzungen"
 
+#: apps/remix/app/routes/_authenticated+/settings+/security.linked-accounts.tsx
+msgid "Failed to unlink account"
+msgstr ""
+
 #: apps/remix/app/routes/embed+/v1+/authoring+/document.edit.$id.tsx
 msgid "Failed to update document"
 msgstr "Dokument konnte nicht aktualisiert werden"
@@ -3669,16 +3930,19 @@ msgid "Field placeholder"
 msgstr "Feldplatzhalter"
 
 #: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
 msgid "Field prefilled by assistant"
-msgstr "Feld vorab ausgefüllt durch Assistenten"
+msgstr ""
 
 #: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
 msgid "Field signed"
-msgstr "Feld unterschrieben"
+msgstr ""
 
 #: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
 msgid "Field unsigned"
-msgstr "Feld nicht unterschrieben"
+msgstr ""
 
 #: apps/remix/app/components/tables/admin-document-recipient-item-table.tsx
 msgid "Fields"
@@ -3688,13 +3952,21 @@ msgstr "Felder"
 msgid "Fields updated"
 msgstr "Felder aktualisiert"
 
-#: apps/remix/app/components/general/template/template-drop-zone-wrapper.tsx
 #: apps/remix/app/components/general/document/document-upload.tsx
-#: apps/remix/app/components/general/document/document-drop-zone-wrapper.tsx
 #: apps/remix/app/components/embed/authoring/configure-document-upload.tsx
 msgid "File cannot be larger than {APP_DOCUMENT_UPLOAD_SIZE_LIMIT}MB"
 msgstr "Die Datei darf nicht größer als {APP_DOCUMENT_UPLOAD_SIZE_LIMIT} MB sein"
 
+#: apps/remix/app/components/general/template/template-drop-zone-wrapper.tsx
+#: apps/remix/app/components/general/document/document-drop-zone-wrapper.tsx
+msgid "File is larger than {APP_DOCUMENT_UPLOAD_SIZE_LIMIT}MB"
+msgstr ""
+
+#: apps/remix/app/components/general/template/template-drop-zone-wrapper.tsx
+#: apps/remix/app/components/general/document/document-drop-zone-wrapper.tsx
+msgid "File is too small"
+msgstr ""
+
 #: apps/remix/app/components/dialogs/template-use-dialog.tsx
 msgid "File size exceeds the limit of {APP_DOCUMENT_UPLOAD_SIZE_LIMIT} MB"
 msgstr "Dateigröße überschreitet das Limit von {APP_DOCUMENT_UPLOAD_SIZE_LIMIT} MB"
@@ -3810,6 +4082,7 @@ msgstr "Links generieren"
 msgid "Global recipient action authentication"
 msgstr "Globale Empfängerauthentifizierung"
 
+#: apps/remix/app/routes/_unauthenticated+/o.$orgUrl.signin.tsx
 #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.groups.$id.tsx
 #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.email-domains.$id.tsx
 #: apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.webhooks.$id.tsx
@@ -4000,6 +4273,10 @@ msgstr "Startseite (kein Ordner)"
 msgid "Horizontal"
 msgstr "Horizontal"
 
+#: apps/remix/app/routes/_unauthenticated+/organisation.sso.confirmation.$token.tsx
+msgid "I agree to link my account with this organization"
+msgstr ""
+
 #: packages/lib/constants/recipient-roles.ts
 msgid "I am a signer of this document"
 msgstr "Ich bin ein Unterzeichner dieses Dokuments"
@@ -4024,6 +4301,10 @@ msgstr "Ich bin verpflichtet, eine Kopie dieses Dokuments zu erhalten"
 msgid "I am the owner of this document"
 msgstr "Ich bin der Besitzer dieses Dokuments"
 
+#: apps/remix/app/routes/_unauthenticated+/o.$orgUrl.signin.tsx
+msgid "I understand that I am providing my credentials to a 3rd party service configured by this organisation"
+msgstr ""
+
 #: apps/remix/app/components/dialogs/webhook-delete-dialog.tsx
 #: apps/remix/app/components/dialogs/token-delete-dialog.tsx
 msgid "I'm sure! Delete it"
@@ -4053,6 +4334,10 @@ msgstr "Wenn Sie den Bestätigungslink nicht in Ihrem Posteingang finden, könne
 msgid "If your authenticator app does not support QR codes, you can use the following code instead:"
 msgstr "Wenn Ihre Authenticator-App keine QR-Codes unterstützt, können Sie stattdessen den folgenden Code verwenden:"
 
+#: apps/remix/app/routes/_unauthenticated+/organisation.sso.confirmation.$token.tsx
+msgid "Important: What This Means"
+msgstr ""
+
 #: apps/remix/app/components/general/app-nav-mobile.tsx
 #: apps/remix/app/components/general/app-nav-mobile.tsx
 #: apps/remix/app/components/general/document/document-status.tsx
@@ -4120,6 +4405,10 @@ msgstr "Instanzstatistiken"
 msgid "Invalid code. Please try again."
 msgstr "Ungültiger Code. Bitte versuchen Sie es erneut."
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "Invalid domains"
+msgstr ""
+
 #: packages/ui/primitives/document-flow/add-signers.types.ts
 msgid "Invalid email"
 msgstr "Ungültige E-Mail"
@@ -4133,6 +4422,10 @@ msgstr "Ungültiger Link"
 msgid "Invalid token"
 msgstr "Ungültiges Token"
 
+#: apps/remix/app/routes/_unauthenticated+/organisation.sso.confirmation.$token.tsx
+msgid "Invalid Token"
+msgstr ""
+
 #: apps/remix/app/components/forms/reset-password.tsx
 msgid "Invalid token provided. Please try again."
 msgstr "Ungültiges Token bereitgestellt. Bitte versuchen Sie es erneut."
@@ -4192,6 +4485,10 @@ msgstr "Rechnung"
 msgid "IP Address"
 msgstr "IP-Adresse"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "Issuer URL"
+msgstr ""
+
 #: apps/remix/app/routes/_unauthenticated+/articles.signature-disclosure.tsx
 msgid "It is crucial to keep your contact information, especially your email address, up to date with us. Please notify us immediately of any changes to ensure that you continue to receive all necessary communications."
 msgstr "Es ist entscheidend, dass Sie Ihre Kontaktinformationen, insbesondere Ihre E-Mail-Adresse, aktuell halten. Bitte informieren Sie uns sofort über Änderungen, damit Sie weiterhin alle notwendigen Mitteilungen erhalten."
@@ -4225,6 +4522,10 @@ msgstr "Es ist derzeit nicht deine Reihe zu unterschreiben. Du erhältst eine E-
 msgid "Join {organisationName} on Documenso"
 msgstr "Tritt {organisationName} auf Documenso bei"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.support.tsx
+msgid "Join our community on <0>Discord</0> for community support and discussion."
+msgstr ""
+
 #. placeholder {0}: DateTime.fromJSDate(team.createdAt).toRelative({ style: 'short' })
 #: apps/remix/app/routes/_authenticated+/dashboard.tsx
 msgid "Joined {0}"
@@ -4319,10 +4620,27 @@ msgstr "Möchten Sie Ihr eigenes öffentliches Profil mit Vereinbarungen haben?"
 msgid "Link expires in 1 hour."
 msgstr "Link läuft in 1 Stunde ab."
 
+#: packages/email/templates/organisation-account-link-confirmation.tsx
+msgid "Link expires in 30 minutes."
+msgstr ""
+
 #: apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.public-profile.tsx
 msgid "Link template"
 msgstr "Vorlage verlinken"
 
+#: packages/email/templates/organisation-account-link-confirmation.tsx
+msgid "Link your Documenso account"
+msgstr ""
+
+#: apps/remix/app/routes/_authenticated+/settings+/security.linked-accounts.tsx
+#: apps/remix/app/routes/_authenticated+/settings+/security._index.tsx
+msgid "Linked Accounts"
+msgstr ""
+
+#: apps/remix/app/routes/_authenticated+/settings+/security.linked-accounts.tsx
+msgid "Linked At"
+msgstr ""
+
 #: apps/remix/app/components/general/document/document-edit-form.tsx
 msgid "Links Generated"
 msgstr "Links generiert"
@@ -4347,6 +4665,10 @@ msgstr "Lade Dokument..."
 msgid "Loading Document..."
 msgstr "Dokument wird geladen..."
 
+#: packages/ui/components/recipient/recipient-autocomplete-input.tsx
+msgid "Loading suggestions..."
+msgstr ""
+
 #: apps/remix/app/components/general/document/document-page-view-recent-activity.tsx
 msgid "Loading..."
 msgstr "Wird geladen..."
@@ -4372,6 +4694,10 @@ msgstr "Verwalten"
 msgid "Manage {0}'s profile"
 msgstr "Verwalten Sie das Profil von {0}"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "Manage a custom SSO login portal for your organisation."
+msgstr ""
+
 #: apps/remix/app/routes/_authenticated+/settings+/organisations.tsx
 msgid "Manage all organisations you are currently associated with."
 msgstr "Verwalten Sie alle Organisationen, mit denen Sie derzeit verbunden sind."
@@ -4404,6 +4730,10 @@ msgstr "Direktlink verwalten"
 msgid "Manage documents"
 msgstr "Dokumente verwalten"
 
+#: apps/remix/app/routes/_authenticated+/settings+/security._index.tsx
+msgid "Manage linked accounts"
+msgstr ""
+
 #: apps/remix/app/routes/_authenticated+/admin+/organisations.$id.tsx
 msgid "Manage organisation"
 msgstr "Organisation verwalten"
@@ -4539,6 +4869,10 @@ msgstr "Mitglied"
 msgid "Member Count"
 msgstr "Mitgliederanzahl"
 
+#: apps/remix/app/routes/_authenticated+/admin+/organisations.$id.tsx
+msgid "Member promoted to owner successfully"
+msgstr ""
+
 #: apps/remix/app/components/tables/organisation-members-table.tsx
 msgid "Member Since"
 msgstr "Mitglied seit"
@@ -4554,6 +4888,7 @@ msgstr "Mitglied seit"
 msgid "Members"
 msgstr "Mitglieder"
 
+#: apps/remix/app/components/forms/support-ticket-form.tsx
 #: packages/ui/primitives/template-flow/add-template-settings.tsx
 #: packages/ui/primitives/document-flow/add-subject.tsx
 msgid "Message"
@@ -4789,6 +5124,10 @@ msgstr "Kein Unterschriftsfeld gefunden"
 msgid "No Stripe customer attached"
 msgstr "Kein Stripe-Kunde angehängt"
 
+#: packages/ui/components/recipient/recipient-autocomplete-input.tsx
+msgid "No suggestions found"
+msgstr ""
+
 #: apps/remix/app/components/tables/team-groups-table.tsx
 msgid "No team groups found"
 msgstr "Keine Teamgruppen gefunden"
@@ -4919,6 +5258,16 @@ msgstr "Nur Administratoren können auf das Dokument zugreifen und es anzeigen"
 msgid "Only managers and above can access and view the document"
 msgstr "Nur Manager und darüber können auf das Dokument zugreifen und es anzeigen"
 
+#: apps/remix/app/components/general/template/template-drop-zone-wrapper.tsx
+#: apps/remix/app/components/general/document/document-drop-zone-wrapper.tsx
+msgid "Only one file can be uploaded at a time"
+msgstr ""
+
+#: apps/remix/app/components/general/template/template-drop-zone-wrapper.tsx
+#: apps/remix/app/components/general/document/document-drop-zone-wrapper.tsx
+msgid "Only PDF files are allowed"
+msgstr ""
+
 #: apps/remix/app/routes/_profile+/_layout.tsx
 #: apps/remix/app/components/general/generic-error-layout.tsx
 #: apps/remix/app/components/general/generic-error-layout.tsx
@@ -4934,10 +5283,15 @@ msgstr "Geöffnet"
 msgid "Or"
 msgstr "Oder"
 
+#: apps/remix/app/routes/_unauthenticated+/o.$orgUrl.signin.tsx
+msgid "OR"
+msgstr ""
+
 #: apps/remix/app/components/forms/signin.tsx
 msgid "Or continue with"
 msgstr "Oder fahren Sie fort mit"
 
+#: apps/remix/app/routes/_unauthenticated+/organisation.sso.confirmation.$token.tsx
 #: apps/remix/app/components/tables/user-organisations-table.tsx
 #: apps/remix/app/components/tables/admin-organisations-table.tsx
 msgid "Organisation"
@@ -4947,6 +5301,10 @@ msgstr "Organisation"
 msgid "Organisation Admin"
 msgstr "Organisationsadministrator"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "Organisation authentication portal URL"
+msgstr ""
+
 #: apps/remix/app/components/dialogs/admin-organisation-create-dialog.tsx
 msgid "Organisation created"
 msgstr "Organisation erstellt"
@@ -5017,6 +5375,10 @@ msgstr "Organisationseinstellungen"
 msgid "Organisation Settings"
 msgstr "Organisationseinstellungen"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "Organisation SSO Portal"
+msgstr ""
+
 #: apps/remix/app/routes/_authenticated+/admin+/organisations.$id.tsx
 msgid "Organisation Teams"
 msgstr "Organisationsteams"
@@ -5309,9 +5671,13 @@ msgstr "Bitte geben Sie einen aussagekräftigen Namen für Ihr Token ein. Dies w
 msgid "Please enter a valid name."
 msgstr "Bitte geben Sie einen gültigen Namen ein."
 
-#: apps/remix/app/components/general/document-signing/document-signing-form.tsx
-msgid "Please mark as viewed to complete"
-msgstr "Bitte als angesehen markieren, um abzuschließen"
+#: apps/remix/app/components/general/document-signing/document-signing-page-view.tsx
+msgid "Please mark as viewed to complete."
+msgstr ""
+
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "Please note that anyone who signs in through your portal will be added to your organisation as a member."
+msgstr ""
 
 #: apps/remix/app/components/dialogs/template-direct-link-dialog.tsx
 msgid "Please note that proceeding will remove direct linking recipient and turn it into a placeholder."
@@ -5349,11 +5715,11 @@ msgstr "Bitte geben Sie ein Token von der Authentifizierungs-App oder einen Back
 msgid "Please provide a token from your authenticator, or a backup code."
 msgstr "Bitte geben Sie ein Token von Ihrem Authentifizierer oder einen Backup-Code an."
 
-#: apps/remix/app/components/general/document-signing/document-signing-form.tsx
+#: apps/remix/app/components/general/document-signing/document-signing-page-view.tsx
 msgid "Please review the document before approving."
 msgstr "Bitte überprüfen Sie das Dokument, bevor Sie es genehmigen."
 
-#: apps/remix/app/components/general/document-signing/document-signing-form.tsx
+#: apps/remix/app/components/general/document-signing/document-signing-page-view.tsx
 msgid "Please review the document before signing."
 msgstr "Bitte überprüfen Sie das Dokument vor der Unterzeichnung."
 
@@ -5449,6 +5815,18 @@ msgstr "Profil aktualisiert"
 msgid "Progress"
 msgstr "Fortschritt"
 
+#: apps/remix/app/routes/_authenticated+/admin+/organisations.$id.tsx
+msgid "Promote to owner"
+msgstr ""
+
+#: apps/remix/app/routes/_authenticated+/settings+/security.linked-accounts.tsx
+msgid "Provider"
+msgstr ""
+
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "Provider has been updated successfully"
+msgstr ""
+
 #: apps/remix/app/components/tables/templates-table.tsx
 #: apps/remix/app/components/general/template/template-type.tsx
 msgid "Public"
@@ -5485,6 +5863,10 @@ msgstr "Radio-Werte"
 msgid "Read only"
 msgstr "Nur lesen"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.support.tsx
+msgid "Read our documentation to get started with Documenso."
+msgstr ""
+
 #: apps/remix/app/components/general/document-signing/document-signing-disclosure.tsx
 msgid "Read the full <0>signature disclosure</0>."
 msgstr "Lesen Sie die vollständige <0>Offenlegung der Unterschrift</0>."
@@ -5601,6 +5983,10 @@ msgstr "Wiederherstellungscodes"
 msgid "Red"
 msgstr "Rot"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "Redirect URI"
+msgstr ""
+
 #: apps/remix/app/components/embed/authoring/configure-document-advanced-settings.tsx
 #: packages/ui/primitives/template-flow/add-template-settings.tsx
 #: packages/ui/primitives/document-flow/add-settings.tsx
@@ -5714,6 +6100,10 @@ msgstr "Auf E-Mail antworten"
 msgid "Reply To Email"
 msgstr "Antworten auf E-Mail"
 
+#: apps/remix/app/routes/_unauthenticated+/organisation.sso.confirmation.$token.tsx
+msgid "Requesting Organisation"
+msgstr ""
+
 #: packages/ui/primitives/document-flow/field-items-advanced-settings/text-field.tsx
 #: packages/ui/primitives/document-flow/field-items-advanced-settings/radio-field.tsx
 #: packages/ui/primitives/document-flow/field-items-advanced-settings/number-field.tsx
@@ -5722,6 +6112,10 @@ msgstr "Antworten auf E-Mail"
 msgid "Required field"
 msgstr "Pflichtfeld"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "Required scopes"
+msgstr ""
+
 #: apps/remix/app/routes/_authenticated+/admin+/documents.$id.tsx
 msgid "Reseal document"
 msgstr "Dokument wieder versiegeln"
@@ -5746,6 +6140,11 @@ msgstr "Bestätigung erneut senden"
 msgid "Reset"
 msgstr "Zurücksetzen"
 
+#: apps/remix/app/components/dialogs/admin-user-reset-two-factor-dialog.tsx
+#: apps/remix/app/components/dialogs/admin-user-reset-two-factor-dialog.tsx
+msgid "Reset 2FA"
+msgstr ""
+
 #: apps/remix/app/components/forms/forgot-password.tsx
 msgid "Reset email sent"
 msgstr "Zurücksetzungs-E-Mail gesendet"
@@ -5757,6 +6156,14 @@ msgstr "Zurücksetzungs-E-Mail gesendet"
 msgid "Reset Password"
 msgstr "Passwort zurücksetzen"
 
+#: apps/remix/app/components/dialogs/admin-user-reset-two-factor-dialog.tsx
+msgid "Reset the users two factor authentication. This action is irreversible and will disable two factor authentication for the user."
+msgstr ""
+
+#: apps/remix/app/components/dialogs/admin-user-reset-two-factor-dialog.tsx
+msgid "Reset Two Factor Authentication"
+msgstr ""
+
 #: apps/remix/app/components/forms/reset-password.tsx
 msgid "Resetting Password..."
 msgstr "Passwort wird zurückgesetzt..."
@@ -5788,9 +6195,14 @@ msgstr "Wiederholen"
 #: apps/remix/app/routes/_unauthenticated+/team.verify.email.$token.tsx
 #: apps/remix/app/routes/_unauthenticated+/organisation.invite.$token.tsx
 #: apps/remix/app/routes/_unauthenticated+/organisation.decline.$token.tsx
+#: apps/remix/app/routes/_unauthenticated+/o.$orgUrl.signin.tsx
 msgid "Return"
 msgstr "Zurück"
 
+#: apps/remix/app/routes/_unauthenticated+/o.$orgUrl.signin.tsx
+msgid "Return to Documenso sign in page here"
+msgstr ""
+
 #: apps/remix/app/routes/_unauthenticated+/organisation.decline.$token.tsx
 msgid "Return to Home"
 msgstr "Zurück zur Startseite"
@@ -5800,6 +6212,10 @@ msgstr "Zurück zur Startseite"
 msgid "Return to sign in"
 msgstr "Zurück zur Anmeldung"
 
+#: packages/email/templates/organisation-account-link-confirmation.tsx
+msgid "Review request"
+msgstr ""
+
 #: apps/remix/app/routes/_authenticated+/settings+/security.sessions.tsx
 #: apps/remix/app/components/general/teams/team-email-usage.tsx
 msgid "Revoke"
@@ -5974,6 +6390,10 @@ msgstr "Authentifizierungsmethoden auswählen"
 msgid "Select default option"
 msgstr "Standardoption auswählen"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "Select default role"
+msgstr ""
+
 #: packages/ui/primitives/document-flow/field-items-advanced-settings/checkbox-field.tsx
 msgid "Select direction"
 msgstr "Richtung auswählen"
@@ -6189,6 +6609,11 @@ msgstr "Erweiterte Einstellungen anzeigen"
 msgid "Show templates in your public profile for your audience to sign and get started quickly"
 msgstr "Vorlagen in Ihrem öffentlichen Profil anzeigen, damit Ihre Zielgruppe unterschreiben und schnell loslegen kann"
 
+#: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role action verb"
+msgid "Sign"
+msgstr ""
+
 #: apps/remix/app/routes/_profile+/p.$url.tsx
 #: apps/remix/app/components/tables/inbox-table.tsx
 #: apps/remix/app/components/tables/documents-table-action-dropdown.tsx
@@ -6202,7 +6627,6 @@ msgstr "Vorlagen in Ihrem öffentlichen Profil anzeigen, damit Ihre Zielgruppe u
 #: apps/remix/app/components/general/document-signing/document-signing-auth-password.tsx
 #: apps/remix/app/components/general/document-signing/document-signing-auth-2fa.tsx
 #: apps/remix/app/components/general/document/document-page-view-button.tsx
-#: packages/lib/constants/recipient-roles.ts
 msgid "Sign"
 msgstr "Unterschreiben"
 
@@ -6224,7 +6648,7 @@ msgstr "Unterzeichnen als<0>{0} <1>({1})</1></0>"
 msgid "Sign document"
 msgstr "Dokument unterschreiben"
 
-#: apps/remix/app/components/general/document-signing/document-signing-form.tsx
+#: apps/remix/app/components/general/document-signing/document-signing-page-view.tsx
 #: packages/email/template-components/template-document-invite.tsx
 msgid "Sign Document"
 msgstr "Dokument signieren"
@@ -6242,6 +6666,7 @@ msgstr "Unterzeichnen-Feld"
 msgid "Sign Here"
 msgstr "Hier unterzeichnen"
 
+#: apps/remix/app/routes/_unauthenticated+/o.$orgUrl.signin.tsx
 #: apps/remix/app/components/forms/signin.tsx
 #: apps/remix/app/components/forms/signin.tsx
 #: packages/email/template-components/template-reset-password.tsx
@@ -6249,6 +6674,7 @@ msgid "Sign In"
 msgstr "Anmelden"
 
 #: apps/remix/app/routes/_unauthenticated+/signin.tsx
+#: apps/remix/app/routes/_unauthenticated+/o.$orgUrl.signin.tsx
 #: apps/remix/app/components/general/document-signing/document-signing-auth-dialog.tsx
 msgid "Sign in to your account"
 msgstr "Melden Sie sich bei Ihrem Konto an"
@@ -6316,32 +6742,35 @@ msgstr "Gesammelte Unterschriften"
 msgid "Signatures will appear once the document has been completed"
 msgstr "Unterschriften erscheinen, sobald das Dokument abgeschlossen ist"
 
+#: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role actioned"
+msgid "Signed"
+msgstr ""
+
 #: apps/remix/app/routes/_internal+/[__htmltopdf]+/certificate.tsx
 #: apps/remix/app/components/general/document/document-page-view-recipients.tsx
 #: packages/ui/components/document/document-read-only-fields.tsx
-#: packages/lib/constants/recipient-roles.ts
 msgid "Signed"
 msgstr "Unterzeichnet"
 
 #: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role name"
 msgid "Signer"
-msgstr "Unterzeichner"
+msgstr ""
 
 #: apps/remix/app/routes/_internal+/[__htmltopdf]+/certificate.tsx
 msgid "Signer Events"
 msgstr "Signer-Ereignisse"
 
 #: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role plural name"
 msgid "Signers"
-msgstr "Unterzeichner"
-
-#: packages/ui/primitives/document-flow/add-signers.types.ts
-msgid "Signers must have unique emails"
-msgstr "Unterzeichner müssen eindeutige E-Mails haben"
+msgstr ""
 
 #: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role progressive verb"
 msgid "Signing"
-msgstr "Unterzeichnung"
+msgstr ""
 
 #: apps/remix/app/routes/_internal+/[__htmltopdf]+/certificate.tsx
 msgid "Signing Certificate"
@@ -6512,6 +6941,14 @@ msgstr "Entschuldigung, wir konnten das Zertifikat nicht herunterladen. Bitte ve
 msgid "Source"
 msgstr "Quelle"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "Space-separated list of domains. Leave empty to allow all domains."
+msgstr ""
+
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings._layout.tsx
+msgid "SSO"
+msgstr ""
+
 #: apps/remix/app/routes/_authenticated+/admin+/_layout.tsx
 msgid "Stats"
 msgstr "Statistiken"
@@ -6543,6 +6980,7 @@ msgstr "Stripe-Kunde erfolgreich erstellt"
 msgid "Stripe Customer ID"
 msgstr "Stripe-Kunden-ID"
 
+#: apps/remix/app/components/forms/support-ticket-form.tsx
 #: packages/ui/primitives/document-flow/add-subject.tsx
 msgid "Subject"
 msgstr "Betreff"
@@ -6552,6 +6990,10 @@ msgstr "Betreff"
 msgid "Subject <0>(Optional)</0>"
 msgstr "Betreff <0>(Optional)</0>"
 
+#: apps/remix/app/components/forms/support-ticket-form.tsx
+msgid "Submit"
+msgstr ""
+
 #: apps/remix/app/components/general/billing-plans.tsx
 #: apps/remix/app/components/general/billing-plans.tsx
 #: apps/remix/app/components/general/billing-plans.tsx
@@ -6585,10 +7027,12 @@ msgstr "Abonnement ungültig"
 
 #: apps/remix/app/routes/embed+/v1+/authoring+/template.edit.$id.tsx
 #: apps/remix/app/routes/embed+/v1+/authoring+/document.edit.$id.tsx
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
 #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.groups.$id.tsx
 #: apps/remix/app/routes/_authenticated+/admin+/organisations.$id.tsx
 #: apps/remix/app/routes/_authenticated+/admin+/organisations.$id.tsx
 #: apps/remix/app/routes/_authenticated+/admin+/organisations.$id.tsx
+#: apps/remix/app/routes/_authenticated+/admin+/organisations.$id.tsx
 #: apps/remix/app/routes/_authenticated+/admin+/documents.$id.tsx
 #: apps/remix/app/components/tables/settings-security-passkey-table-actions.tsx
 #: apps/remix/app/components/tables/settings-security-passkey-table-actions.tsx
@@ -6646,6 +7090,15 @@ msgstr "Erfolgreich erstellt: {successCount}"
 msgid "Summary:"
 msgstr "Zusammenfassung:"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.support.tsx
+#: apps/remix/app/components/general/org-menu-switcher.tsx
+msgid "Support"
+msgstr ""
+
+#: apps/remix/app/components/forms/support-ticket-form.tsx
+msgid "Support ticket created"
+msgstr ""
+
 #: apps/remix/app/components/tables/organisation-email-domains-table.tsx
 msgid "Sync"
 msgstr "Synchronisieren"
@@ -7009,7 +7462,8 @@ msgid "The email address which will show up in the \"Reply To\" field in emails"
 msgstr "Die E-Mail-Adresse, die im \"Antwort an\"-Feld in E-Mails angezeigt wird"
 
 #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.email-domains.$id.tsx
-msgid "The email domain you are looking for may have been removed, renamed or may have never\n"
+msgid ""
+"The email domain you are looking for may have been removed, renamed or may have never\n"
 "                    existed."
 msgstr "Die gesuchte E-Mail-Domain wurde möglicherweise entfernt, umbenannt oder hat möglicherweise nie existiert."
 
@@ -7050,12 +7504,21 @@ msgstr "Die folgenden Fehler sind aufgetreten:"
 msgid "The following team has been deleted. You will no longer be able to access this team and its documents"
 msgstr "Das folgende Team wurde gelöscht. Sie können nicht mehr auf dieses Team und seine Dokumente zugreifen."
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "The OpenID discovery endpoint URL for your provider"
+msgstr ""
+
+#: apps/remix/app/routes/_unauthenticated+/o.$orgUrl.signin.tsx
+msgid "The organisation authentication portal does not exist, or is not configured"
+msgstr ""
+
 #: apps/remix/app/components/dialogs/organisation-email-create-dialog.tsx
 msgid "The organisation email has been created successfully."
 msgstr "Die E-Mail der Organisation wurde erfolgreich erstellt."
 
 #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.groups.$id.tsx
-msgid "The organisation group you are looking for may have been removed, renamed or may have never\n"
+msgid ""
+"The organisation group you are looking for may have been removed, renamed or may have never\n"
 "                    existed."
 msgstr "Die Organisationsgruppe, nach der Sie suchen, wurde möglicherweise entfernt, umbenannt oder hat möglicherweise nie existiert."
 
@@ -7064,12 +7527,14 @@ msgid "The organisation role that will be applied to all members in this group."
 msgstr "Die Organisationsrolle, die auf alle Mitglieder in dieser Gruppe angewendet wird."
 
 #: apps/remix/app/routes/_authenticated+/admin+/organisations.$id.tsx
-msgid "The organisation you are looking for may have been removed, renamed or may have never\n"
+msgid ""
+"The organisation you are looking for may have been removed, renamed or may have never\n"
 "                    existed."
 msgstr "Die Organisation, nach der Sie suchen, wurde möglicherweise entfernt, umbenannt oder hat möglicherweise nie existiert."
 
 #: apps/remix/app/routes/_authenticated+/_layout.tsx
-msgid "The organisation you are looking for may have been removed, renamed or may have never\n"
+msgid ""
+"The organisation you are looking for may have been removed, renamed or may have never\n"
 "                  existed."
 msgstr "Die Organisation, nach der Sie suchen, wurde möglicherweise entfernt, umbenannt oder hat möglicherweise nie existiert."
 
@@ -7158,12 +7623,14 @@ msgid "The team email <0>{teamEmail}</0> has been removed from the following tea
 msgstr "Die Team-E-Mail <0>{teamEmail}</0> wurde aus dem folgenden Team entfernt"
 
 #: apps/remix/app/routes/_authenticated+/_layout.tsx
-msgid "The team you are looking for may have been removed, renamed or may have never\n"
+msgid ""
+"The team you are looking for may have been removed, renamed or may have never\n"
 "                  existed."
 msgstr "Das Team, das Sie suchen, wurde möglicherweise entfernt, umbenannt oder hat möglicherweise nie existiert."
 
 #: apps/remix/app/routes/_authenticated+/t.$teamUrl+/_layout.tsx
-msgid "The team you are looking for may have been removed, renamed or may have never\n"
+msgid ""
+"The team you are looking for may have been removed, renamed or may have never\n"
 "                existed."
 msgstr "Das Team, das Sie suchen, könnte entfernt, umbenannt oder nie existiert haben."
 
@@ -7179,6 +7646,10 @@ msgstr "Die Vorlage wird von Ihrem Profil entfernt"
 msgid "The test webhook has been successfully sent to your endpoint."
 msgstr "Das Test-Webhook wurde erfolgreich an Ihren Endpunkt gesendet."
 
+#: apps/remix/app/routes/_unauthenticated+/organisation.sso.confirmation.$token.tsx
+msgid "The token is invalid or has expired."
+msgstr ""
+
 #: apps/remix/app/components/forms/token.tsx
 msgid "The token was copied to your clipboard."
 msgstr "Der Token wurde in die Zwischenablage kopiert."
@@ -7205,10 +7676,15 @@ msgid "The URL for Documenso to send webhook events to."
 msgstr "Die URL für Documenso, um Webhook-Ereignisse zu senden."
 
 #: apps/remix/app/routes/_authenticated+/admin+/users.$id.tsx
-msgid "The user you are looking for may have been removed, renamed or may have never\n"
+msgid ""
+"The user you are looking for may have been removed, renamed or may have never\n"
 "                    existed."
 msgstr "Der Benutzer, nach dem Sie suchen, wurde möglicherweise entfernt, umbenannt oder hat möglicherweise nie existiert."
 
+#: apps/remix/app/components/dialogs/admin-user-reset-two-factor-dialog.tsx
+msgid "The user's two factor authentication has been reset successfully."
+msgstr ""
+
 #: apps/remix/app/components/dialogs/webhook-delete-dialog.tsx
 msgid "The webhook has been successfully deleted."
 msgstr "Das Webhook wurde erfolgreich gelöscht."
@@ -7222,7 +7698,8 @@ msgid "The webhook was successfully created."
 msgstr "Der Webhook wurde erfolgreich erstellt."
 
 #: apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.webhooks.$id.tsx
-msgid "The webhook you are looking for may have been removed, renamed or may have never\n"
+msgid ""
+"The webhook you are looking for may have been removed, renamed or may have never\n"
 "                    existed."
 msgstr "Das gesuchte Webhook wurde möglicherweise entfernt, umbenannt oder hat möglicherweise nie existiert."
 
@@ -7258,6 +7735,10 @@ msgstr "Dieses Konto wurde deaktiviert. Bitte kontaktieren Sie den Support."
 msgid "This account has not been verified. Please verify your account before signing in."
 msgstr "Dieses Konto wurde nicht verifiziert. Bitte verifizieren Sie Ihr Konto, bevor Sie sich anmelden."
 
+#: apps/remix/app/components/dialogs/admin-user-reset-two-factor-dialog.tsx
+msgid "This action is irreversible. Please ensure you have informed the user before proceeding."
+msgstr ""
+
 #: apps/remix/app/components/dialogs/admin-user-delete-dialog.tsx
 #: apps/remix/app/components/dialogs/admin-document-delete-dialog.tsx
 #: apps/remix/app/components/dialogs/account-delete-dialog.tsx
@@ -7376,10 +7857,22 @@ msgstr "So wird das Dokument die Empfänger erreichen, sobald es zum Unterschrei
 msgid "This is the claim that this organisation was initially created with. Any feature flag changes to this claim will be backported into this organisation."
 msgstr "Dies ist der Anspruch, mit dem diese Organisation ursprünglich erstellt wurde. Alle Änderungen an Funktionsflags für diesen Anspruch werden in diese Organisation übernommen."
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "This is the required scopes you must set in your provider's settings"
+msgstr ""
+
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "This is the URL which users will use to sign in to your organisation."
+msgstr ""
+
 #: apps/remix/app/routes/_unauthenticated+/team.verify.email.$token.tsx
 msgid "This link is invalid or has expired. Please contact your team to resend a verification."
 msgstr "Dieser Link ist ungültig oder abgelaufen. Bitte kontaktieren Sie Ihr Team, um eine neue Bestätigungsanfrage zu senden."
 
+#: apps/remix/app/routes/_unauthenticated+/organisation.sso.confirmation.$token.tsx
+msgid "This organisation will have administrative control over your account. You can revoke this access later, but they will retain access to any data they've already collected."
+msgstr ""
+
 #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.general.tsx
 msgid "This organisation, and any associated data will be permanently deleted."
 msgstr "Diese Organisation und alle damit verbundenen Daten werden dauerhaft gelöscht."
@@ -7499,9 +7992,10 @@ msgstr "Um Mitglieder zu einem Team hinzufügen zu können, müssen Sie sie zuer
 msgid "To change the email you must remove and add a new email address."
 msgstr "Um die E-Mail zu ändern, müssen Sie die aktuelle entfernen und eine neue hinzufügen."
 
+#. placeholder {0}: user.email
 #. placeholder {0}: userToEnable.email
 #. placeholder {0}: userToDisable.email
-#. placeholder {0}: user.email
+#: apps/remix/app/components/dialogs/admin-user-reset-two-factor-dialog.tsx
 #: apps/remix/app/components/dialogs/admin-user-enable-dialog.tsx
 #: apps/remix/app/components/dialogs/admin-user-disable-dialog.tsx
 #: apps/remix/app/components/dialogs/admin-user-delete-dialog.tsx
@@ -7517,6 +8011,7 @@ msgid "To enable two-factor authentication, scan the following QR code using you
 msgstr "Um die Zwei-Faktor-Authentifizierung zu aktivieren, scannen Sie den folgenden QR-Code mit Ihrer Authentifizierungs-App."
 
 #: apps/remix/app/routes/_unauthenticated+/unverified-account.tsx
+#: apps/remix/app/routes/_unauthenticated+/o.$orgUrl.signin.tsx
 msgid "To gain access to your account, please confirm your email address by clicking on the confirmation link from your inbox."
 msgstr "Um Zugang zu Ihrem Konto zu erhalten, bestätigen Sie bitte Ihre E-Mail-Adresse, indem Sie auf den Bestätigungslink in Ihrem Posteingang klicken."
 
@@ -7633,9 +8128,14 @@ msgstr "Die Zwei-Faktor-Authentifizierung wurde für Ihr Konto deaktiviert. Sie
 msgid "Two-Factor Re-Authentication"
 msgstr "Zwei-Faktor-Wiederauthentifizierung"
 
+#: packages/lib/constants/document.ts
+msgctxt "Type signatute type"
+msgid "Type"
+msgstr ""
+
 #: apps/remix/app/components/tables/templates-table.tsx
 #: apps/remix/app/components/tables/admin-document-recipient-item-table.tsx
-#: packages/lib/constants/document.ts
+#: packages/ui/primitives/signature-pad/signature-pad.tsx
 msgid "Type"
 msgstr "Typ"
 
@@ -7749,9 +8249,15 @@ msgstr "Unvollendet"
 #: apps/remix/app/routes/_authenticated+/settings+/security.sessions.tsx
 #: apps/remix/app/routes/_authenticated+/settings+/security.sessions.tsx
 #: apps/remix/app/routes/_authenticated+/settings+/security.sessions.tsx
+#: apps/remix/app/routes/_authenticated+/settings+/security.linked-accounts.tsx
 msgid "Unknown"
 msgstr "Unbekannt"
 
+#: apps/remix/app/components/general/template/template-drop-zone-wrapper.tsx
+#: apps/remix/app/components/general/document/document-drop-zone-wrapper.tsx
+msgid "Unknown error"
+msgstr ""
+
 #: apps/remix/app/components/tables/admin-claims-table.tsx
 msgid "Unlimited"
 msgstr "Unbegrenzt"
@@ -7760,6 +8266,11 @@ msgstr "Unbegrenzt"
 msgid "Unlimited documents, API and more"
 msgstr "Unbegrenzte Dokumente, API und mehr"
 
+#: apps/remix/app/routes/_authenticated+/settings+/security.linked-accounts.tsx
+#: apps/remix/app/routes/_authenticated+/settings+/security.linked-accounts.tsx
+msgid "Unlink"
+msgstr ""
+
 #: apps/remix/app/components/general/folder/folder-card.tsx
 msgid "Unpin"
 msgstr "Lösen"
@@ -7768,6 +8279,7 @@ msgstr "Lösen"
 msgid "Untitled Group"
 msgstr "Unbetitelte Gruppe"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
 #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.groups.$id.tsx
 #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.email-domains.$id.tsx
 #: apps/remix/app/routes/_authenticated+/admin+/organisations.$id.tsx
@@ -7907,6 +8419,11 @@ msgid "Upgrade your plan to upload more documents"
 msgstr "Aktualisieren Sie Ihren Tarif, um mehr Dokumente hochzuladen"
 
 #: packages/lib/constants/document.ts
+msgctxt "Upload signatute type"
+msgid "Upload"
+msgstr ""
+
+#: packages/ui/primitives/signature-pad/signature-pad.tsx
 msgid "Upload"
 msgstr "Hochladen"
 
@@ -7940,6 +8457,11 @@ msgstr "Benutzerdefiniertes Dokument hochladen"
 msgid "Upload Document"
 msgstr "Dokument hochladen"
 
+#: apps/remix/app/components/general/template/template-drop-zone-wrapper.tsx
+#: apps/remix/app/components/general/document/document-drop-zone-wrapper.tsx
+msgid "Upload failed"
+msgstr ""
+
 #: packages/ui/primitives/signature-pad/signature-pad-upload.tsx
 msgid "Upload Signature"
 msgstr "Signatur hochladen"
@@ -8021,6 +8543,7 @@ msgstr "Benutzer hat kein Passwort."
 msgid "User not found"
 msgstr "Benutzer nicht gefunden"
 
+#: apps/remix/app/components/dialogs/admin-user-reset-two-factor-dialog.tsx
 #: apps/remix/app/components/dialogs/admin-user-enable-dialog.tsx
 #: apps/remix/app/components/dialogs/admin-user-disable-dialog.tsx
 #: apps/remix/app/components/dialogs/admin-user-delete-dialog.tsx
@@ -8094,6 +8617,11 @@ msgstr "Überprüfen Sie Ihre Team-E-Mail-Adresse"
 msgid "Vertical"
 msgstr "Vertikal"
 
+#: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role action verb"
+msgid "View"
+msgstr ""
+
 #: apps/remix/app/components/tables/organisation-billing-invoices-table.tsx
 #: apps/remix/app/components/tables/inbox-table.tsx
 #: apps/remix/app/components/tables/inbox-table.tsx
@@ -8103,7 +8631,6 @@ msgstr "Vertikal"
 #: apps/remix/app/components/general/document/document-page-view-button.tsx
 #: apps/remix/app/components/forms/2fa/view-recovery-codes-dialog.tsx
 #: apps/remix/app/components/embed/multisign/multi-sign-document-list.tsx
-#: packages/lib/constants/recipient-roles.ts
 msgid "View"
 msgstr "Betrachten"
 
@@ -8136,6 +8663,11 @@ msgstr "Sehen Sie sich alle Sicherheitsaktivitäten in Ihrem Konto an."
 msgid "View and manage all active sessions for your account."
 msgstr "Alle aktiven Sitzungen Ihres Kontos anzeigen und verwalten."
 
+#: apps/remix/app/routes/_authenticated+/settings+/security.linked-accounts.tsx
+#: apps/remix/app/routes/_authenticated+/settings+/security._index.tsx
+msgid "View and manage all login methods linked to your account."
+msgstr ""
+
 #: apps/remix/app/components/forms/2fa/view-recovery-codes-dialog.tsx
 msgid "View Codes"
 msgstr "Codes ansehen"
@@ -8148,7 +8680,7 @@ msgstr "DNS-Datensätze anzeigen"
 msgid "View document"
 msgstr "Dokument anzeigen"
 
-#: apps/remix/app/components/general/document-signing/document-signing-form.tsx
+#: apps/remix/app/components/general/document-signing/document-signing-page-view.tsx
 #: packages/ui/primitives/document-flow/add-subject.tsx
 #: packages/ui/primitives/document-flow/add-subject.tsx
 #: packages/ui/primitives/document-flow/add-subject.tsx
@@ -8198,24 +8730,31 @@ msgstr "Teams ansehen"
 msgid "View the DNS records for this email domain"
 msgstr "DNS-Datensätze für diese E-Mail-Domain anzeigen"
 
+#: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role actioned"
+msgid "Viewed"
+msgstr ""
+
 #: apps/remix/app/routes/_internal+/[__htmltopdf]+/certificate.tsx
 #: apps/remix/app/components/general/document/document-page-view-recipients.tsx
 #: apps/remix/app/components/embed/multisign/multi-sign-document-list.tsx
-#: packages/lib/constants/recipient-roles.ts
 msgid "Viewed"
 msgstr "Betrachtet"
 
 #: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role name"
 msgid "Viewer"
-msgstr "Betrachter"
+msgstr ""
 
 #: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role plural name"
 msgid "Viewers"
-msgstr "Betrachter"
+msgstr ""
 
 #: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role progressive verb"
 msgid "Viewing"
-msgstr "Betrachten"
+msgstr ""
 
 #: apps/remix/app/components/dialogs/folder-update-dialog.tsx
 msgid "Visibility"
@@ -8276,6 +8815,10 @@ msgstr "Wir können diesen Schlüssel im Moment nicht aktualisieren. Bitte versu
 msgid "We couldn't create a Stripe customer. Please try again."
 msgstr "Wir konnten keinen Stripe-Kunden erstellen. Bitte versuchen Sie es erneut."
 
+#: apps/remix/app/routes/_authenticated+/admin+/organisations.$id.tsx
+msgid "We couldn't promote the member to owner. Please try again."
+msgstr ""
+
 #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.groups.$id.tsx
 msgid "We couldn't update the group. Please try again."
 msgstr "Wir konnten die Gruppe nicht aktualisieren. Bitte versuchen Sie es erneut."
@@ -8285,6 +8828,10 @@ msgstr "Wir konnten die Gruppe nicht aktualisieren. Bitte versuchen Sie es erneu
 msgid "We couldn't update the organisation. Please try again."
 msgstr "Wir konnten die Organisation nicht aktualisieren. Bitte versuchen Sie es erneut."
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "We couldn't update the provider. Please try again."
+msgstr ""
+
 #: apps/remix/app/components/dialogs/organisation-email-create-dialog.tsx
 msgid "We encountered an error while creating the email. Please try again later."
 msgstr "Wir haben beim Erstellen der E-Mail einen Fehler festgestellt. Bitte versuchen Sie es später noch einmal."
@@ -8393,6 +8940,7 @@ msgstr "Wir sind auf einen unbekannten Fehler gestoßen, während wir versucht h
 msgid "We encountered an unknown error while attempting to revoke access. Please try again or contact support."
 msgstr "Wir sind auf einen unbekannten Fehler gestoßen, während wir versucht haben, den Zugriff zu widerrufen. Bitte versuchen Sie es später oder kontaktieren Sie den Support."
 
+#: apps/remix/app/routes/_unauthenticated+/o.$orgUrl.signin.tsx
 #: apps/remix/app/components/forms/signin.tsx
 #: apps/remix/app/components/forms/signin.tsx
 msgid "We encountered an unknown error while attempting to sign you In. Please try again later."
@@ -8528,6 +9076,10 @@ msgstr "Wir werden Unterzeichnungslinks für Sie erstellen, die Sie an die Empf
 msgid "We won't send anything to notify recipients."
 msgstr "Wir werden nichts senden, um die Empfänger zu benachrichtigen."
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.support.tsx
+msgid "We'll get back to you as soon as possible via email."
+msgstr ""
+
 #: apps/remix/app/routes/_authenticated+/t.$teamUrl+/templates._index.tsx
 #: apps/remix/app/components/tables/documents-table-empty-state.tsx
 msgid "We're all empty"
@@ -8585,10 +9137,18 @@ msgstr "Willkommen zurück, wir freuen uns, Sie zu haben."
 msgid "Welcome back! Here's an overview of your account."
 msgstr "Willkommen zurück! Hier ist ein Überblick über Ihr Konto."
 
+#: apps/remix/app/routes/_unauthenticated+/o.$orgUrl.signin.tsx
+msgid "Welcome to {organisationName}"
+msgstr ""
+
 #: packages/email/template-components/template-confirmation-email.tsx
 msgid "Welcome to Documenso!"
 msgstr "Willkommen bei Documenso!"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "Well-known URL is required"
+msgstr ""
+
 #: apps/remix/app/routes/_recipient+/sign.$token+/waiting.tsx
 msgid "Were you trying to edit this document instead?"
 msgstr "Hast du stattdessen versucht, dieses Dokument zu bearbeiten?"
@@ -8615,6 +9175,10 @@ msgstr "Wenn Sie ein Dokument unterschreiben, können wir die folgenden Felder a
 msgid "When you use our platform to affix your electronic signature to documents, you are consenting to do so under the Electronic Signatures in Global and National Commerce Act (E-Sign Act) and other applicable laws. This action indicates your agreement to use electronic means to sign documents and receive notifications."
 msgstr "Wenn Sie unsere Plattform nutzen, um Ihre elektronische Unterschrift auf Dokumente anzubringen, stimmen Sie zu, dies unter dem Gesetz über elektronische Unterschriften im globalen und nationalen Handel (E-Sign-Gesetz) und anderen anwendbaren Gesetzen zu tun. Diese Handlung zeigt Ihre Zustimmung zur Verwendung elektronischer Mittel zum Unterzeichnen von Dokumenten und zum Empfang von Benachrichtigungen an."
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "Whether to enable the SSO portal for your organisation"
+msgstr ""
+
 #: apps/remix/app/routes/_profile+/p.$url.tsx
 msgid "While waiting for them to do so you can create your own Documenso account and get started with document signing right away."
 msgstr "Während Sie darauf warten, können Sie Ihr eigenes Documenso-Konto erstellen und sofort mit der Dokumentenunterzeichnung beginnen."
@@ -8682,6 +9246,10 @@ msgstr "Sie verlassen gleich die folgende Organisation."
 msgid "You are about to remove default access to this team for all organisation members. Any members not explicitly added to this team will no longer have access."
 msgstr "Sie sind dabei, den Standardzugriff auf dieses Team für alle Organisationsmitglieder zu entfernen. Alle Mitglieder, die diesem Team nicht ausdrücklich hinzugefügt wurden, haben keinen Zugriff mehr."
 
+#: apps/remix/app/routes/_authenticated+/settings+/security.linked-accounts.tsx
+msgid "You are about to remove the <0>{provider}</0> login method from your account."
+msgstr ""
+
 #. placeholder {0}: organisation.name
 #: apps/remix/app/components/dialogs/organisation-email-domain-delete-dialog.tsx
 msgid "You are about to remove the email domain <0>{emailDomain}</0> from <1>{0}</1>. All emails associated with this domain will be deleted."
@@ -8768,6 +9336,10 @@ msgstr "Sie sind nicht berechtigt, diesen Benutzer zu deaktivieren."
 msgid "You are not authorized to enable this user."
 msgstr "Sie sind nicht berechtigt, diesen Benutzer zu aktivieren."
 
+#: apps/remix/app/components/dialogs/admin-user-reset-two-factor-dialog.tsx
+msgid "You are not authorized to reset two factor authentcation for this user."
+msgstr ""
+
 #: packages/email/template-components/template-confirmation-email.tsx
 msgid "You can also copy and paste this link into your browser: {confirmationLink} (link expires in 1 hour)"
 msgstr "Du kannst diesen Link auch kopieren und in deinen Browser einfügen: {confirmationLink} (Link läuft in 1 Stunde ab)"
@@ -9058,6 +9630,10 @@ msgstr "Sie müssen bei der Anmeldung jetzt einen Code von Ihrer Authenticator-A
 msgid "You will receive an Email copy of the signed document once everyone has signed."
 msgstr "Sie erhalten eine E-Mail-Kopie des unterzeichneten Dokuments, sobald alle unterschrieben haben."
 
+#: apps/remix/app/routes/_unauthenticated+/organisation.sso.confirmation.$token.tsx
+msgid "Your Account"
+msgstr ""
+
 #: apps/remix/app/components/dialogs/account-delete-dialog.tsx
 msgid "Your account has been deleted successfully."
 msgstr "Ihr Konto wurde erfolgreich gelöscht."
@@ -9091,6 +9667,10 @@ msgstr "Ihre Massenversandoperation für Vorlage \"{templateName}\" ist abgeschl
 msgid "Your current {currentProductName} plan is past due. Please update your payment information."
 msgstr "Ihr aktueller {currentProductName} Plan ist überfällig. Bitte aktualisieren Sie Ihre Zahlungsinformationen."
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.support.tsx
+msgid "Your current plan includes the following support channels:"
+msgstr ""
+
 #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.billing.tsx
 msgid "Your current plan is inactive."
 msgstr "Ihr aktueller Plan ist inaktiv."
@@ -9104,7 +9684,6 @@ msgid "Your direct signing templates"
 msgstr "Ihre direkten Unterzeichnungsvorlagen"
 
 #: apps/remix/app/components/general/document/document-upload.tsx
-#: apps/remix/app/components/general/document/document-drop-zone-wrapper.tsx
 #: apps/remix/app/components/embed/authoring/configure-document-upload.tsx
 msgid "Your document failed to upload."
 msgstr "Ihr Dokument konnte nicht hochgeladen werden."
@@ -9237,6 +9816,10 @@ msgstr "Ihr Wiederherstellungscode wurde in die Zwischenablage kopiert."
 msgid "Your recovery codes are listed below. Please store them in a safe place."
 msgstr "Ihre Wiederherstellungscodes sind unten aufgeführt. Bitte bewahren Sie sie an einem sicheren Ort auf."
 
+#: apps/remix/app/components/forms/support-ticket-form.tsx
+msgid "Your support request has been submitted. We'll get back to you soon!"
+msgstr ""
+
 #: apps/remix/app/components/dialogs/team-create-dialog.tsx
 msgid "Your team has been created."
 msgstr "Ihr Team wurde erstellt."
@@ -9249,10 +9832,6 @@ msgstr "Ihr Team wurde erfolgreich gelöscht."
 msgid "Your team has been successfully updated."
 msgstr "Ihr Team wurde erfolgreich aktualisiert."
 
-#: apps/remix/app/components/general/template/template-drop-zone-wrapper.tsx
-msgid "Your template failed to upload."
-msgstr "Ihre Vorlage konnte nicht hochgeladen werden."
-
 #: apps/remix/app/routes/embed+/v1+/authoring_.completed.create.tsx
 msgid "Your template has been created successfully"
 msgstr "Ihre Vorlage wurde erfolgreich erstellt"
@@ -9289,3 +9868,6 @@ msgstr "Ihr Token wurde erfolgreich erstellt! Stellen Sie sicher, dass Sie es ko
 msgid "Your tokens will be shown here once you create them."
 msgstr "Ihre Tokens werden hier angezeigt, sobald Sie sie erstellt haben."
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "your-domain.com another-domain.com"
+msgstr ""
diff --git a/packages/lib/translations/en/web.po b/packages/lib/translations/en/web.po
index fbba21fd0..bf2b40730 100644
--- a/packages/lib/translations/en/web.po
+++ b/packages/lib/translations/en/web.po
@@ -409,14 +409,30 @@ msgstr "{visibleRows, plural, one {Showing # result.} other {Showing # results.}
 msgid "<0>\"{0}\"</0>is no longer available to sign"
 msgstr "<0>\"{0}\"</0>is no longer available to sign"
 
+#: packages/email/templates/organisation-account-link-confirmation.tsx
+msgid "<0>{organisationName}</0> has requested to create an account on your behalf."
+msgstr "<0>{organisationName}</0> has requested to create an account on your behalf."
+
+#: packages/email/templates/organisation-account-link-confirmation.tsx
+msgid "<0>{organisationName}</0> has requested to link your current Documenso account to their organisation."
+msgstr "<0>{organisationName}</0> has requested to link your current Documenso account to their organisation."
+
 #: packages/email/templates/confirm-team-email.tsx
 msgid "<0>{teamName}</0> has requested to use your email address for their team on Documenso."
 msgstr "<0>{teamName}</0> has requested to use your email address for their team on Documenso."
 
+#: apps/remix/app/routes/_unauthenticated+/organisation.sso.confirmation.$token.tsx
+msgid "<0>Account management:</0> Modify your account settings, permissions, and preferences"
+msgstr "<0>Account management:</0> Modify your account settings, permissions, and preferences"
+
 #: apps/remix/app/components/dialogs/template-use-dialog.tsx
 msgid "<0>Click to upload</0> or drag and drop"
 msgstr "<0>Click to upload</0> or drag and drop"
 
+#: apps/remix/app/routes/_unauthenticated+/organisation.sso.confirmation.$token.tsx
+msgid "<0>Data access:</0> Access all data associated with your account"
+msgstr "<0>Data access:</0> Access all data associated with your account"
+
 #: packages/ui/components/document/document-signature-settings-tooltip.tsx
 msgid "<0>Drawn</0> - A signature that is drawn using a mouse or stylus."
 msgstr "<0>Drawn</0> - A signature that is drawn using a mouse or stylus."
@@ -425,6 +441,10 @@ msgstr "<0>Drawn</0> - A signature that is drawn using a mouse or stylus."
 msgid "<0>Email</0> - The recipient will be emailed the document to sign, approve, etc."
 msgstr "<0>Email</0> - The recipient will be emailed the document to sign, approve, etc."
 
+#: apps/remix/app/routes/_unauthenticated+/organisation.sso.confirmation.$token.tsx
+msgid "<0>Full account access:</0> View all your profile information, settings, and activity"
+msgstr "<0>Full account access:</0> View all your profile information, settings, and activity"
+
 #: packages/ui/components/recipient/recipient-action-auth-select.tsx
 msgid "<0>Inherit authentication method</0> - Use the global action signing authentication method configured in the \"General Settings\" step"
 msgstr "<0>Inherit authentication method</0> - Use the global action signing authentication method configured in the \"General Settings\" step"
@@ -512,10 +532,18 @@ msgstr "12 months"
 msgid "2FA"
 msgstr "2FA"
 
+#: apps/remix/app/components/dialogs/admin-user-reset-two-factor-dialog.tsx
+msgid "2FA Reset"
+msgstr "2FA Reset"
+
 #: apps/remix/app/components/forms/token.tsx
 msgid "3 months"
 msgstr "3 months"
 
+#: apps/remix/app/routes/_unauthenticated+/organisation.sso.confirmation.$token.tsx
+msgid "400 Error"
+msgstr "400 Error"
+
 #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings._layout.tsx
 #: apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings._layout.tsx
 msgid "401 Unauthorized"
@@ -529,6 +557,10 @@ msgstr "404 Email domain not found"
 msgid "404 not found"
 msgstr "404 not found"
 
+#: apps/remix/app/routes/_unauthenticated+/o.$orgUrl.signin.tsx
+msgid "404 Not Found"
+msgstr "404 Not Found"
+
 #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.groups.$id.tsx
 msgid "404 Organisation group not found"
 msgstr "404 Organisation group not found"
@@ -592,14 +624,17 @@ msgid "A draft document will be created"
 msgstr "A draft document will be created"
 
 #: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
 msgid "A field was added"
 msgstr "A field was added"
 
 #: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
 msgid "A field was removed"
 msgstr "A field was removed"
 
 #: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
 msgid "A field was updated"
 msgstr "A field was updated"
 
@@ -641,17 +676,28 @@ msgid "A password reset email has been sent, if you have an account you should s
 msgstr "A password reset email has been sent, if you have an account you should see it in your inbox shortly."
 
 #: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
 msgid "A recipient was added"
 msgstr "A recipient was added"
 
 #: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
 msgid "A recipient was removed"
 msgstr "A recipient was removed"
 
 #: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
 msgid "A recipient was updated"
 msgstr "A recipient was updated"
 
+#: packages/email/templates/organisation-account-link-confirmation.tsx
+msgid "A request has been made to create an account for you"
+msgstr "A request has been made to create an account for you"
+
+#: packages/email/templates/organisation-account-link-confirmation.tsx
+msgid "A request has been made to link your Documenso account"
+msgstr "A request has been made to link your Documenso account"
+
 #. placeholder {0}: team.name
 #: packages/lib/server-only/team/create-team-email-verification.ts
 msgid "A request to use your email has been initiated by {0} on Documenso"
@@ -701,6 +747,10 @@ msgstr "A verification email will be sent to the provided email."
 msgid "Accept"
 msgstr "Accept"
 
+#: apps/remix/app/routes/_unauthenticated+/organisation.sso.confirmation.$token.tsx
+msgid "Accept & Link Account"
+msgstr "Accept & Link Account"
+
 #: packages/email/templates/organisation-invite.tsx
 msgid "Accept invitation to join an organisation on Documenso"
 msgstr "Accept invitation to join an organisation on Documenso"
@@ -721,6 +771,7 @@ msgstr "Access disabled"
 msgid "Access enabled"
 msgstr "Access enabled"
 
+#: apps/remix/app/routes/_unauthenticated+/organisation.sso.confirmation.$token.tsx
 #: apps/remix/app/components/general/org-menu-switcher.tsx
 #: apps/remix/app/components/general/document-signing/document-signing-auth-dialog.tsx
 msgid "Account"
@@ -730,6 +781,14 @@ msgstr "Account"
 msgid "Account Authentication"
 msgstr "Account Authentication"
 
+#: packages/email/templates/organisation-account-link-confirmation.tsx
+msgid "Account creation request"
+msgstr "Account creation request"
+
+#: apps/remix/app/routes/_unauthenticated+/organisation.sso.confirmation.$token.tsx
+msgid "Account Creation Request"
+msgstr "Account Creation Request"
+
 #: apps/remix/app/components/dialogs/admin-user-delete-dialog.tsx
 #: apps/remix/app/components/dialogs/account-delete-dialog.tsx
 msgid "Account deleted"
@@ -743,10 +802,18 @@ msgstr "Account disabled"
 msgid "Account enabled"
 msgstr "Account enabled"
 
+#: apps/remix/app/routes/_unauthenticated+/organisation.sso.confirmation.$token.tsx
+msgid "Account Linking Request"
+msgstr "Account Linking Request"
+
 #: apps/remix/app/routes/_internal+/[__htmltopdf]+/certificate.tsx
 msgid "Account Re-Authentication"
 msgstr "Account Re-Authentication"
 
+#: apps/remix/app/routes/_authenticated+/settings+/security.linked-accounts.tsx
+msgid "Account unlinked"
+msgstr "Account unlinked"
+
 #: apps/remix/app/routes/_unauthenticated+/articles.signature-disclosure.tsx
 msgid "Acknowledgment"
 msgstr "Acknowledgment"
@@ -761,6 +828,7 @@ msgstr "Action"
 
 #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.email-domains.$id.tsx
 #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.email-domains.$id.tsx
+#: apps/remix/app/routes/_authenticated+/admin+/organisations.$id.tsx
 #: apps/remix/app/components/tables/templates-table.tsx
 #: apps/remix/app/components/tables/team-members-table.tsx
 #: apps/remix/app/components/tables/team-members-table.tsx
@@ -799,6 +867,10 @@ msgstr "Active Subscriptions"
 msgid "Add"
 msgstr "Add"
 
+#: packages/ui/primitives/document-flow/add-signers.tsx
+msgid "Add 2 or more signers to enable signing order."
+msgstr "Add 2 or more signers to enable signing order."
+
 #: apps/remix/app/components/dialogs/organisation-email-domain-create-dialog.tsx
 msgid "Add a custom domain to send emails on behalf of your organisation. We'll generate DKIM records that you need to add to your DNS provider."
 msgstr "Add a custom domain to send emails on behalf of your organisation. We'll generate DKIM records that you need to add to your DNS provider."
@@ -956,6 +1028,10 @@ msgstr "Add the recipients to create the document with"
 msgid "Add these DNS records to verify your domain ownership"
 msgstr "Add these DNS records to verify your domain ownership"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "Add this URL to your provider's allowed redirect URIs"
+msgstr "Add this URL to your provider's allowed redirect URIs"
+
 #: apps/remix/app/components/forms/branding-preferences-form.tsx
 msgid "Additional brand information to display at the bottom of emails"
 msgstr "Additional brand information to display at the bottom of emails"
@@ -1073,6 +1149,10 @@ msgstr "Allow document recipients to reply directly to this email address"
 msgid "Allow signers to dictate next signer"
 msgstr "Allow signers to dictate next signer"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "Allowed Email Domains"
+msgstr "Allowed Email Domains"
+
 #: apps/remix/app/components/embed/authoring/configure-document-advanced-settings.tsx
 #: packages/ui/primitives/template-flow/add-template-settings.tsx
 #: packages/ui/primitives/document-flow/add-settings.tsx
@@ -1115,6 +1195,7 @@ msgstr "An email containing an invitation will be sent to each member."
 msgid "An email with this address already exists."
 msgstr "An email with this address already exists."
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
 #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.groups.$id.tsx
 #: apps/remix/app/routes/_authenticated+/admin+/organisations.$id.tsx
 #: apps/remix/app/routes/_authenticated+/admin+/organisations.$id.tsx
@@ -1134,6 +1215,7 @@ msgstr "An error occurred while adding fields."
 
 #: apps/remix/app/components/general/template/template-edit-form.tsx
 #: apps/remix/app/components/general/document/document-edit-form.tsx
+#: apps/remix/app/components/general/document/document-edit-form.tsx
 msgid "An error occurred while adding signers."
 msgstr "An error occurred while adding signers."
 
@@ -1141,6 +1223,30 @@ msgstr "An error occurred while adding signers."
 msgid "An error occurred while adding the fields."
 msgstr "An error occurred while adding the fields."
 
+#: apps/remix/app/components/general/document/document-edit-form.tsx
+msgid "An error occurred while auto-saving the document settings."
+msgstr "An error occurred while auto-saving the document settings."
+
+#: apps/remix/app/components/general/document/document-edit-form.tsx
+msgid "An error occurred while auto-saving the fields."
+msgstr "An error occurred while auto-saving the fields."
+
+#: apps/remix/app/components/general/document/document-edit-form.tsx
+msgid "An error occurred while auto-saving the subject form."
+msgstr "An error occurred while auto-saving the subject form."
+
+#: apps/remix/app/components/general/template/template-edit-form.tsx
+msgid "An error occurred while auto-saving the template fields."
+msgstr "An error occurred while auto-saving the template fields."
+
+#: apps/remix/app/components/general/template/template-edit-form.tsx
+msgid "An error occurred while auto-saving the template placeholders."
+msgstr "An error occurred while auto-saving the template placeholders."
+
+#: apps/remix/app/components/general/template/template-edit-form.tsx
+msgid "An error occurred while auto-saving the template settings."
+msgstr "An error occurred while auto-saving the template settings."
+
 #: apps/remix/app/components/general/document-signing/document-signing-auto-sign.tsx
 msgid "An error occurred while auto-signing the document, some fields may not be signed. Please review and manually sign any remaining fields."
 msgstr "An error occurred while auto-signing the document, some fields may not be signed. Please review and manually sign any remaining fields."
@@ -1219,6 +1325,10 @@ msgstr "An error occurred while removing the selection."
 msgid "An error occurred while removing the signature."
 msgstr "An error occurred while removing the signature."
 
+#: apps/remix/app/components/dialogs/admin-user-reset-two-factor-dialog.tsx
+msgid "An error occurred while resetting two factor authentication for the user."
+msgstr "An error occurred while resetting two factor authentication for the user."
+
 #: apps/remix/app/components/general/document/document-edit-form.tsx
 msgid "An error occurred while sending the document."
 msgstr "An error occurred while sending the document."
@@ -1276,10 +1386,23 @@ msgstr "An error occurred while updating your profile."
 msgid "An error occurred while uploading your document."
 msgstr "An error occurred while uploading your document."
 
+#: apps/remix/app/components/forms/support-ticket-form.tsx
+msgid "An error occurred. Please try again later."
+msgstr "An error occurred. Please try again later."
+
+#: apps/remix/app/routes/_unauthenticated+/organisation.sso.confirmation.$token.tsx
+msgid "An organisation wants to create an account for you. Please review the details below."
+msgstr "An organisation wants to create an account for you. Please review the details below."
+
+#: apps/remix/app/routes/_unauthenticated+/organisation.sso.confirmation.$token.tsx
+msgid "An organisation wants to link your account. Please review the details below."
+msgstr "An organisation wants to link your account. Please review the details below."
+
 #: apps/remix/app/components/general/generic-error-layout.tsx
 msgid "An unexpected error occurred."
 msgstr "An unexpected error occurred."
 
+#: apps/remix/app/routes/_unauthenticated+/o.$orgUrl.signin.tsx
 #: apps/remix/app/routes/_authenticated+/admin+/site-settings.tsx
 #: apps/remix/app/components/general/app-command-menu.tsx
 #: apps/remix/app/components/forms/team-update-form.tsx
@@ -1359,35 +1482,46 @@ msgstr "API Tokens"
 msgid "App Version"
 msgstr "App Version"
 
+#: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role action verb"
+msgid "Approve"
+msgstr "Approve"
+
 #: apps/remix/app/components/tables/inbox-table.tsx
 #: apps/remix/app/components/tables/documents-table-action-dropdown.tsx
 #: apps/remix/app/components/tables/documents-table-action-button.tsx
 #: apps/remix/app/components/general/document-signing/document-signing-complete-dialog.tsx
 #: apps/remix/app/components/general/document-signing/document-signing-complete-dialog.tsx
 #: apps/remix/app/components/general/document/document-page-view-button.tsx
-#: packages/lib/constants/recipient-roles.ts
 msgid "Approve"
 msgstr "Approve"
 
-#: apps/remix/app/components/general/document-signing/document-signing-form.tsx
+#: apps/remix/app/components/general/document-signing/document-signing-page-view.tsx
 #: packages/email/template-components/template-document-invite.tsx
 msgid "Approve Document"
 msgstr "Approve Document"
 
-#: apps/remix/app/components/general/document/document-page-view-recipients.tsx
 #: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role actioned"
+msgid "Approved"
+msgstr "Approved"
+
+#: apps/remix/app/components/general/document/document-page-view-recipients.tsx
 msgid "Approved"
 msgstr "Approved"
 
 #: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role name"
 msgid "Approver"
 msgstr "Approver"
 
 #: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role plural name"
 msgid "Approvers"
 msgstr "Approvers"
 
 #: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role progressive verb"
 msgid "Approving"
 msgstr "Approving"
 
@@ -1423,6 +1557,7 @@ msgstr "Are you sure you wish to delete this organisation?"
 msgid "Are you sure you wish to delete this team?"
 msgstr "Are you sure you wish to delete this team?"
 
+#: apps/remix/app/routes/_authenticated+/settings+/security.linked-accounts.tsx
 #: apps/remix/app/components/general/teams/team-email-usage.tsx
 #: apps/remix/app/components/dialogs/template-direct-link-dialog.tsx
 #: apps/remix/app/components/dialogs/team-member-delete-dialog.tsx
@@ -1445,10 +1580,11 @@ msgid "Assigned Teams"
 msgstr "Assigned Teams"
 
 #: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role action verb"
 msgid "Assist"
 msgstr "Assist"
 
-#: apps/remix/app/components/general/document-signing/document-signing-form.tsx
+#: apps/remix/app/components/general/document-signing/document-signing-page-view.tsx
 #: packages/email/template-components/template-document-invite.tsx
 msgid "Assist Document"
 msgstr "Assist Document"
@@ -1458,6 +1594,7 @@ msgid "Assist with signing"
 msgstr "Assist with signing"
 
 #: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role name"
 msgid "Assistant"
 msgstr "Assistant"
 
@@ -1466,6 +1603,7 @@ msgid "Assistant role is only available when the document is in sequential signi
 msgstr "Assistant role is only available when the document is in sequential signing mode."
 
 #: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role plural name"
 msgid "Assistants"
 msgstr "Assistants"
 
@@ -1473,12 +1611,17 @@ msgstr "Assistants"
 msgid "Assistants and Copy roles are currently not compatible with the multi-sign experience."
 msgstr "Assistants and Copy roles are currently not compatible with the multi-sign experience."
 
-#: apps/remix/app/components/general/document/document-page-view-recipients.tsx
 #: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role actioned"
+msgid "Assisted"
+msgstr "Assisted"
+
+#: apps/remix/app/components/general/document/document-page-view-recipients.tsx
 msgid "Assisted"
 msgstr "Assisted"
 
 #: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role progressive verb"
 msgid "Assisting"
 msgstr "Assisting"
 
@@ -1505,6 +1648,10 @@ msgstr "Audit Logs"
 msgid "Authentication Level"
 msgstr "Authentication Level"
 
+#: apps/remix/app/routes/_unauthenticated+/o.$orgUrl.signin.tsx
+msgid "Authentication Portal Not Found"
+msgstr "Authentication Portal Not Found"
+
 #: apps/remix/app/components/general/document-signing/document-signing-auth-page.tsx
 #: apps/remix/app/components/general/direct-template/direct-template-signing-auth-page.tsx
 msgid "Authentication required"
@@ -1635,6 +1782,11 @@ msgstr "Bulk Send via CSV"
 msgid "by <0>{senderName}</0>"
 msgstr "by <0>{senderName}</0>"
 
+#. placeholder {0}: organisation.name
+#: apps/remix/app/routes/_unauthenticated+/organisation.sso.confirmation.$token.tsx
+msgid "By accepting this request, you grant {0} the following permissions:"
+msgstr "By accepting this request, you grant {0} the following permissions:"
+
 #: packages/email/templates/confirm-team-email.tsx
 msgid "By accepting this request, you will be granting <0>{teamName}</0> access to:"
 msgstr "By accepting this request, you will be granting <0>{teamName}</0> access to:"
@@ -1667,6 +1819,7 @@ msgstr "By using the electronic signature feature, you are consenting to conduct
 msgid "Can prepare"
 msgstr "Can prepare"
 
+#: apps/remix/app/routes/_authenticated+/settings+/security.linked-accounts.tsx
 #: apps/remix/app/components/tables/settings-security-passkey-table-actions.tsx
 #: apps/remix/app/components/tables/settings-security-passkey-table-actions.tsx
 #: apps/remix/app/components/general/teams/team-email-usage.tsx
@@ -1758,19 +1911,27 @@ msgid "Cannot remove signer"
 msgstr "Cannot remove signer"
 
 #: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role name"
 msgid "Cc"
 msgstr "Cc"
 
 #: packages/lib/constants/recipient-roles.ts
-#: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role action verb"
 msgid "CC"
 msgstr "CC"
 
 #: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role progressive verb"
+msgid "CC"
+msgstr "CC"
+
+#: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role actioned"
 msgid "CC'd"
 msgstr "CC'd"
 
 #: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role plural name"
 msgid "Ccers"
 msgstr "Ccers"
 
@@ -1867,10 +2028,27 @@ msgstr "Click to copy signing link for sending to recipient"
 msgid "Click to insert field"
 msgstr "Click to insert field"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "Client ID"
+msgstr "Client ID"
+
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "Client ID is required"
+msgstr "Client ID is required"
+
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "Client Secret"
+msgstr "Client Secret"
+
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "Client secret is required"
+msgstr "Client secret is required"
+
 #: apps/remix/app/components/general/billing-plans.tsx
 #: apps/remix/app/components/general/document-signing/document-signing-auth-passkey.tsx
 #: apps/remix/app/components/general/document-signing/document-signing-auth-2fa.tsx
 #: apps/remix/app/components/general/document/document-recipient-link-copy-dialog.tsx
+#: apps/remix/app/components/forms/support-ticket-form.tsx
 #: apps/remix/app/components/forms/2fa/view-recovery-codes-dialog.tsx
 #: apps/remix/app/components/forms/2fa/enable-authenticator-app-dialog.tsx
 #: apps/remix/app/components/dialogs/template-use-dialog.tsx
@@ -1897,6 +2075,8 @@ msgstr "Compare all plans and features in detail"
 #: apps/remix/app/components/general/document-signing/document-signing-complete-dialog.tsx
 #: apps/remix/app/components/forms/signup.tsx
 #: apps/remix/app/components/embed/embed-document-signing-page.tsx
+#: apps/remix/app/components/embed/embed-document-signing-page.tsx
+#: apps/remix/app/components/embed/embed-direct-template-client-page.tsx
 #: apps/remix/app/components/embed/embed-direct-template-client-page.tsx
 #: apps/remix/app/components/embed/multisign/multi-sign-document-signing-view.tsx
 msgid "Complete"
@@ -1918,9 +2098,9 @@ msgstr "Complete Document"
 msgid "Complete Signing"
 msgstr "Complete Signing"
 
-#: apps/remix/app/components/general/document-signing/document-signing-form.tsx
-msgid "Complete the fields for the following signers. Once reviewed, they will inform you if any modifications are needed."
-msgstr "Complete the fields for the following signers. Once reviewed, they will inform you if any modifications are needed."
+#: apps/remix/app/components/general/document-signing/document-signing-page-view.tsx
+msgid "Complete the fields for the following signers."
+msgstr "Complete the fields for the following signers."
 
 #: apps/remix/app/components/general/document-signing/document-signing-complete-dialog.tsx
 #: apps/remix/app/components/general/document-signing/document-signing-complete-dialog.tsx
@@ -2040,6 +2220,7 @@ msgstr "Confirm Deletion"
 msgid "Confirm email"
 msgstr "Confirm email"
 
+#: apps/remix/app/routes/_unauthenticated+/o.$orgUrl.signin.tsx
 #: apps/remix/app/components/forms/send-confirmation-email.tsx
 msgid "Confirmation email sent"
 msgstr "Confirmation email sent"
@@ -2056,6 +2237,10 @@ msgstr "Contact Information"
 msgid "Contact sales here"
 msgstr "Contact sales here"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.support.tsx
+msgid "Contact us"
+msgstr "Contact us"
+
 #: apps/remix/app/routes/_authenticated+/admin+/site-settings.tsx
 msgid "Content"
 msgstr "Content"
@@ -2136,6 +2321,8 @@ msgstr "Controls which signatures are allowed to be used when signing a document
 msgid "Copied"
 msgstr "Copied"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
 #: apps/remix/app/components/tables/settings-public-profile-templates-table.tsx
 #: apps/remix/app/components/general/avatar-with-recipient.tsx
 #: apps/remix/app/components/general/template/template-direct-link-badge.tsx
@@ -2177,6 +2364,11 @@ msgstr "Copy Signing Links"
 msgid "Copy token"
 msgstr "Copy token"
 
+#: apps/remix/app/components/general/template/template-drop-zone-wrapper.tsx
+#: apps/remix/app/components/general/document/document-drop-zone-wrapper.tsx
+msgid "couldn't be uploaded:"
+msgstr "couldn't be uploaded:"
+
 #: apps/remix/app/routes/_profile+/_layout.tsx
 #: apps/remix/app/components/dialogs/webhook-create-dialog.tsx
 #: apps/remix/app/components/dialogs/organisation-group-create-dialog.tsx
@@ -2203,6 +2395,10 @@ msgstr "Create a new email address for your organisation using the domain <0>{0}
 msgid "Create a new organisation with {planName} plan. Keep your current organisation on it's current plan"
 msgstr "Create a new organisation with {planName} plan. Keep your current organisation on it's current plan"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.support.tsx
+msgid "Create a support ticket"
+msgstr "Create a support ticket"
+
 #: apps/remix/app/components/dialogs/team-create-dialog.tsx
 msgid "Create a team to collaborate with your team members."
 msgstr "Create a team to collaborate with your team members."
@@ -2461,6 +2657,7 @@ msgstr "Date created"
 msgid "Date Format"
 msgstr "Date Format"
 
+#: apps/remix/app/routes/_unauthenticated+/organisation.sso.confirmation.$token.tsx
 #: apps/remix/app/components/general/organisations/organisation-invitations.tsx
 #: packages/email/templates/organisation-invite.tsx
 msgid "Decline"
@@ -2486,6 +2683,10 @@ msgstr "Default Email"
 msgid "Default Email Settings"
 msgstr "Default Email Settings"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "Default Organisation Role for New Users"
+msgstr "Default Organisation Role for New Users"
+
 #: apps/remix/app/components/forms/document-preferences-form.tsx
 msgid "Default Signature Settings"
 msgstr "Default Signature Settings"
@@ -2747,6 +2948,10 @@ msgstr "Disabling direct link signing will prevent anyone from accessing the lin
 msgid "Disabling the user results in the user not being able to use the account. It also disables all the related contents such as subscription, webhooks, teams, and API keys."
 msgstr "Disabling the user results in the user not being able to use the account. It also disables all the related contents such as subscription, webhooks, teams, and API keys."
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.support.tsx
+msgid "Discord"
+msgstr "Discord"
+
 #: apps/remix/app/components/dialogs/organisation-email-update-dialog.tsx
 #: apps/remix/app/components/dialogs/organisation-email-create-dialog.tsx
 msgid "Display Name"
@@ -2815,6 +3020,7 @@ msgid "Document access"
 msgstr "Document access"
 
 #: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
 msgid "Document access auth updated"
 msgstr "Document access auth updated"
 
@@ -2832,9 +3038,13 @@ msgstr "Document Approved"
 msgid "Document Cancelled"
 msgstr "Document Cancelled"
 
+#: packages/lib/utils/document-audit-logs.ts
+#: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
+msgid "Document completed"
+msgstr "Document completed"
+
 #: apps/remix/app/components/general/document/document-status.tsx
-#: packages/lib/utils/document-audit-logs.ts
-#: packages/lib/utils/document-audit-logs.ts
 msgid "Document completed"
 msgstr "Document completed"
 
@@ -2847,8 +3057,12 @@ msgstr "Document completed email"
 msgid "Document Completed!"
 msgstr "Document Completed!"
 
-#: apps/remix/app/components/dialogs/template-use-dialog.tsx
 #: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
+msgid "Document created"
+msgstr "Document created"
+
+#: apps/remix/app/components/dialogs/template-use-dialog.tsx
 msgid "Document created"
 msgstr "Document created"
 
@@ -2874,10 +3088,14 @@ msgstr "Document created using a <0>direct link</0>"
 msgid "Document Creation"
 msgstr "Document Creation"
 
+#: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
+msgid "Document deleted"
+msgstr "Document deleted"
+
 #: apps/remix/app/routes/_authenticated+/t.$teamUrl+/documents.$id._index.tsx
 #: apps/remix/app/components/dialogs/document-delete-dialog.tsx
 #: apps/remix/app/components/dialogs/admin-document-delete-dialog.tsx
-#: packages/lib/utils/document-audit-logs.ts
 msgid "Document deleted"
 msgstr "Document deleted"
 
@@ -2903,6 +3121,7 @@ msgid "Document Duplicated"
 msgstr "Document Duplicated"
 
 #: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
 msgid "Document external ID updated"
 msgstr "Document external ID updated"
 
@@ -2940,6 +3159,7 @@ msgid "Document moved"
 msgstr "Document moved"
 
 #: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
 msgid "Document moved to team"
 msgstr "Document moved to team"
 
@@ -2948,6 +3168,7 @@ msgid "Document no longer available to sign"
 msgstr "Document no longer available to sign"
 
 #: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
 msgid "Document opened"
 msgstr "Document opened"
 
@@ -2988,8 +3209,12 @@ msgstr "Document Rejected"
 msgid "Document resealed"
 msgstr "Document resealed"
 
-#: apps/remix/app/components/general/document/document-edit-form.tsx
 #: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
+msgid "Document sent"
+msgstr "Document sent"
+
+#: apps/remix/app/components/general/document/document-edit-form.tsx
 msgid "Document sent"
 msgstr "Document sent"
 
@@ -2998,6 +3223,7 @@ msgid "Document Signed"
 msgstr "Document Signed"
 
 #: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
 msgid "Document signing auth updated"
 msgstr "Document signing auth updated"
 
@@ -3014,10 +3240,12 @@ msgid "Document title"
 msgstr "Document title"
 
 #: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
 msgid "Document title updated"
 msgstr "Document title updated"
 
 #: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
 msgid "Document updated"
 msgstr "Document updated"
 
@@ -3035,6 +3263,7 @@ msgid "Document uploaded"
 msgstr "Document uploaded"
 
 #: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
 msgid "Document viewed"
 msgstr "Document viewed"
 
@@ -3043,6 +3272,7 @@ msgid "Document Viewed"
 msgstr "Document Viewed"
 
 #: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
 msgid "Document visibility updated"
 msgstr "Document visibility updated"
 
@@ -3050,6 +3280,10 @@ msgstr "Document visibility updated"
 msgid "Document will be permanently deleted"
 msgstr "Document will be permanently deleted"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.support.tsx
+msgid "Documentation"
+msgstr "Documentation"
+
 #: apps/remix/app/routes/_profile+/p.$url.tsx
 #: apps/remix/app/routes/_authenticated+/t.$teamUrl+/documents._index.tsx
 #: apps/remix/app/routes/_authenticated+/t.$teamUrl+/documents.$id.edit.tsx
@@ -3160,6 +3394,11 @@ msgid "Drag and drop your PDF file here"
 msgstr "Drag and drop your PDF file here"
 
 #: packages/lib/constants/document.ts
+msgctxt "Draw signatute type"
+msgid "Draw"
+msgstr "Draw"
+
+#: packages/ui/primitives/signature-pad/signature-pad.tsx
 msgid "Draw"
 msgstr "Draw"
 
@@ -3406,6 +3645,10 @@ msgstr "Enable Direct Link Signing"
 msgid "Enable signing order"
 msgstr "Enable signing order"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "Enable SSO portal"
+msgstr "Enable SSO portal"
+
 #: apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.webhooks._index.tsx
 #: apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.webhooks.$id.tsx
 #: apps/remix/app/routes/_authenticated+/admin+/site-settings.tsx
@@ -3470,13 +3713,18 @@ msgstr "Enterprise"
 #: apps/remix/app/routes/embed+/v1+/authoring+/document.edit.$id.tsx
 #: apps/remix/app/routes/embed+/v1+/authoring+/document.edit.$id.tsx
 #: apps/remix/app/routes/_authenticated+/settings+/security.sessions.tsx
+#: apps/remix/app/routes/_authenticated+/settings+/security.linked-accounts.tsx
 #: apps/remix/app/routes/_authenticated+/admin+/users.$id.tsx
 #: apps/remix/app/routes/_authenticated+/admin+/organisations.$id.tsx
+#: apps/remix/app/routes/_authenticated+/admin+/organisations.$id.tsx
 #: apps/remix/app/routes/_authenticated+/admin+/documents.$id.tsx
 #: apps/remix/app/components/general/verify-email-banner.tsx
 #: apps/remix/app/components/general/template/template-edit-form.tsx
 #: apps/remix/app/components/general/template/template-edit-form.tsx
 #: apps/remix/app/components/general/template/template-edit-form.tsx
+#: apps/remix/app/components/general/template/template-edit-form.tsx
+#: apps/remix/app/components/general/template/template-edit-form.tsx
+#: apps/remix/app/components/general/template/template-edit-form.tsx
 #: apps/remix/app/components/general/document-signing/document-signing-text-field.tsx
 #: apps/remix/app/components/general/document-signing/document-signing-text-field.tsx
 #: apps/remix/app/components/general/document-signing/document-signing-signature-field.tsx
@@ -3505,6 +3753,10 @@ msgstr "Enterprise"
 #: apps/remix/app/components/general/document/document-edit-form.tsx
 #: apps/remix/app/components/general/document/document-edit-form.tsx
 #: apps/remix/app/components/general/document/document-edit-form.tsx
+#: apps/remix/app/components/general/document/document-edit-form.tsx
+#: apps/remix/app/components/general/document/document-edit-form.tsx
+#: apps/remix/app/components/general/document/document-edit-form.tsx
+#: apps/remix/app/components/general/document/document-edit-form.tsx
 #: apps/remix/app/components/general/document/document-drop-zone-wrapper.tsx
 #: apps/remix/app/components/embed/multisign/multi-sign-document-signing-view.tsx
 #: apps/remix/app/components/dialogs/webhook-create-dialog.tsx
@@ -3516,6 +3768,7 @@ msgstr "Enterprise"
 #: apps/remix/app/components/dialogs/document-move-to-folder-dialog.tsx
 #: apps/remix/app/components/dialogs/document-move-to-folder-dialog.tsx
 #: apps/remix/app/components/dialogs/document-move-to-folder-dialog.tsx
+#: apps/remix/app/components/dialogs/admin-user-reset-two-factor-dialog.tsx
 #: apps/remix/app/components/dialogs/admin-user-enable-dialog.tsx
 #: apps/remix/app/components/dialogs/admin-user-disable-dialog.tsx
 #: apps/remix/app/components/dialogs/admin-user-delete-dialog.tsx
@@ -3574,6 +3827,10 @@ msgstr "Failed to create folder"
 msgid "Failed to create subscription claim."
 msgstr "Failed to create subscription claim."
 
+#: apps/remix/app/components/forms/support-ticket-form.tsx
+msgid "Failed to create support ticket"
+msgstr "Failed to create support ticket"
+
 #: apps/remix/app/components/dialogs/folder-delete-dialog.tsx
 msgid "Failed to delete folder"
 msgstr "Failed to delete folder"
@@ -3606,6 +3863,10 @@ msgstr "Failed to save settings."
 msgid "Failed to sign out all sessions"
 msgstr "Failed to sign out all sessions"
 
+#: apps/remix/app/routes/_authenticated+/settings+/security.linked-accounts.tsx
+msgid "Failed to unlink account"
+msgstr "Failed to unlink account"
+
 #: apps/remix/app/routes/embed+/v1+/authoring+/document.edit.$id.tsx
 msgid "Failed to update document"
 msgstr "Failed to update document"
@@ -3664,14 +3925,17 @@ msgid "Field placeholder"
 msgstr "Field placeholder"
 
 #: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
 msgid "Field prefilled by assistant"
 msgstr "Field prefilled by assistant"
 
 #: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
 msgid "Field signed"
 msgstr "Field signed"
 
 #: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
 msgid "Field unsigned"
 msgstr "Field unsigned"
 
@@ -3683,13 +3947,21 @@ msgstr "Fields"
 msgid "Fields updated"
 msgstr "Fields updated"
 
-#: apps/remix/app/components/general/template/template-drop-zone-wrapper.tsx
 #: apps/remix/app/components/general/document/document-upload.tsx
-#: apps/remix/app/components/general/document/document-drop-zone-wrapper.tsx
 #: apps/remix/app/components/embed/authoring/configure-document-upload.tsx
 msgid "File cannot be larger than {APP_DOCUMENT_UPLOAD_SIZE_LIMIT}MB"
 msgstr "File cannot be larger than {APP_DOCUMENT_UPLOAD_SIZE_LIMIT}MB"
 
+#: apps/remix/app/components/general/template/template-drop-zone-wrapper.tsx
+#: apps/remix/app/components/general/document/document-drop-zone-wrapper.tsx
+msgid "File is larger than {APP_DOCUMENT_UPLOAD_SIZE_LIMIT}MB"
+msgstr "File is larger than {APP_DOCUMENT_UPLOAD_SIZE_LIMIT}MB"
+
+#: apps/remix/app/components/general/template/template-drop-zone-wrapper.tsx
+#: apps/remix/app/components/general/document/document-drop-zone-wrapper.tsx
+msgid "File is too small"
+msgstr "File is too small"
+
 #: apps/remix/app/components/dialogs/template-use-dialog.tsx
 msgid "File size exceeds the limit of {APP_DOCUMENT_UPLOAD_SIZE_LIMIT} MB"
 msgstr "File size exceeds the limit of {APP_DOCUMENT_UPLOAD_SIZE_LIMIT} MB"
@@ -3805,6 +4077,7 @@ msgstr "Generate Links"
 msgid "Global recipient action authentication"
 msgstr "Global recipient action authentication"
 
+#: apps/remix/app/routes/_unauthenticated+/o.$orgUrl.signin.tsx
 #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.groups.$id.tsx
 #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.email-domains.$id.tsx
 #: apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.webhooks.$id.tsx
@@ -3995,6 +4268,10 @@ msgstr "Home (No Folder)"
 msgid "Horizontal"
 msgstr "Horizontal"
 
+#: apps/remix/app/routes/_unauthenticated+/organisation.sso.confirmation.$token.tsx
+msgid "I agree to link my account with this organization"
+msgstr "I agree to link my account with this organization"
+
 #: packages/lib/constants/recipient-roles.ts
 msgid "I am a signer of this document"
 msgstr "I am a signer of this document"
@@ -4019,6 +4296,10 @@ msgstr "I am required to receive a copy of this document"
 msgid "I am the owner of this document"
 msgstr "I am the owner of this document"
 
+#: apps/remix/app/routes/_unauthenticated+/o.$orgUrl.signin.tsx
+msgid "I understand that I am providing my credentials to a 3rd party service configured by this organisation"
+msgstr "I understand that I am providing my credentials to a 3rd party service configured by this organisation"
+
 #: apps/remix/app/components/dialogs/webhook-delete-dialog.tsx
 #: apps/remix/app/components/dialogs/token-delete-dialog.tsx
 msgid "I'm sure! Delete it"
@@ -4048,6 +4329,10 @@ msgstr "If you don't find the confirmation link in your inbox, you can request a
 msgid "If your authenticator app does not support QR codes, you can use the following code instead:"
 msgstr "If your authenticator app does not support QR codes, you can use the following code instead:"
 
+#: apps/remix/app/routes/_unauthenticated+/organisation.sso.confirmation.$token.tsx
+msgid "Important: What This Means"
+msgstr "Important: What This Means"
+
 #: apps/remix/app/components/general/app-nav-mobile.tsx
 #: apps/remix/app/components/general/app-nav-mobile.tsx
 #: apps/remix/app/components/general/document/document-status.tsx
@@ -4115,6 +4400,10 @@ msgstr "Instance Stats"
 msgid "Invalid code. Please try again."
 msgstr "Invalid code. Please try again."
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "Invalid domains"
+msgstr "Invalid domains"
+
 #: packages/ui/primitives/document-flow/add-signers.types.ts
 msgid "Invalid email"
 msgstr "Invalid email"
@@ -4128,6 +4417,10 @@ msgstr "Invalid link"
 msgid "Invalid token"
 msgstr "Invalid token"
 
+#: apps/remix/app/routes/_unauthenticated+/organisation.sso.confirmation.$token.tsx
+msgid "Invalid Token"
+msgstr "Invalid Token"
+
 #: apps/remix/app/components/forms/reset-password.tsx
 msgid "Invalid token provided. Please try again."
 msgstr "Invalid token provided. Please try again."
@@ -4187,6 +4480,10 @@ msgstr "Invoice"
 msgid "IP Address"
 msgstr "IP Address"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "Issuer URL"
+msgstr "Issuer URL"
+
 #: apps/remix/app/routes/_unauthenticated+/articles.signature-disclosure.tsx
 msgid "It is crucial to keep your contact information, especially your email address, up to date with us. Please notify us immediately of any changes to ensure that you continue to receive all necessary communications."
 msgstr "It is crucial to keep your contact information, especially your email address, up to date with us. Please notify us immediately of any changes to ensure that you continue to receive all necessary communications."
@@ -4220,6 +4517,10 @@ msgstr "It's currently not your turn to sign. You will receive an email with ins
 msgid "Join {organisationName} on Documenso"
 msgstr "Join {organisationName} on Documenso"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.support.tsx
+msgid "Join our community on <0>Discord</0> for community support and discussion."
+msgstr "Join our community on <0>Discord</0> for community support and discussion."
+
 #. placeholder {0}: DateTime.fromJSDate(team.createdAt).toRelative({ style: 'short' })
 #: apps/remix/app/routes/_authenticated+/dashboard.tsx
 msgid "Joined {0}"
@@ -4314,10 +4615,27 @@ msgstr "Like to have your own public profile with agreements?"
 msgid "Link expires in 1 hour."
 msgstr "Link expires in 1 hour."
 
+#: packages/email/templates/organisation-account-link-confirmation.tsx
+msgid "Link expires in 30 minutes."
+msgstr "Link expires in 30 minutes."
+
 #: apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.public-profile.tsx
 msgid "Link template"
 msgstr "Link template"
 
+#: packages/email/templates/organisation-account-link-confirmation.tsx
+msgid "Link your Documenso account"
+msgstr "Link your Documenso account"
+
+#: apps/remix/app/routes/_authenticated+/settings+/security.linked-accounts.tsx
+#: apps/remix/app/routes/_authenticated+/settings+/security._index.tsx
+msgid "Linked Accounts"
+msgstr "Linked Accounts"
+
+#: apps/remix/app/routes/_authenticated+/settings+/security.linked-accounts.tsx
+msgid "Linked At"
+msgstr "Linked At"
+
 #: apps/remix/app/components/general/document/document-edit-form.tsx
 msgid "Links Generated"
 msgstr "Links Generated"
@@ -4342,6 +4660,10 @@ msgstr "Loading document..."
 msgid "Loading Document..."
 msgstr "Loading Document..."
 
+#: packages/ui/components/recipient/recipient-autocomplete-input.tsx
+msgid "Loading suggestions..."
+msgstr "Loading suggestions..."
+
 #: apps/remix/app/components/general/document/document-page-view-recent-activity.tsx
 msgid "Loading..."
 msgstr "Loading..."
@@ -4367,6 +4689,10 @@ msgstr "Manage"
 msgid "Manage {0}'s profile"
 msgstr "Manage {0}'s profile"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "Manage a custom SSO login portal for your organisation."
+msgstr "Manage a custom SSO login portal for your organisation."
+
 #: apps/remix/app/routes/_authenticated+/settings+/organisations.tsx
 msgid "Manage all organisations you are currently associated with."
 msgstr "Manage all organisations you are currently associated with."
@@ -4399,6 +4725,10 @@ msgstr "Manage Direct Link"
 msgid "Manage documents"
 msgstr "Manage documents"
 
+#: apps/remix/app/routes/_authenticated+/settings+/security._index.tsx
+msgid "Manage linked accounts"
+msgstr "Manage linked accounts"
+
 #: apps/remix/app/routes/_authenticated+/admin+/organisations.$id.tsx
 msgid "Manage organisation"
 msgstr "Manage organisation"
@@ -4534,6 +4864,10 @@ msgstr "Member"
 msgid "Member Count"
 msgstr "Member Count"
 
+#: apps/remix/app/routes/_authenticated+/admin+/organisations.$id.tsx
+msgid "Member promoted to owner successfully"
+msgstr "Member promoted to owner successfully"
+
 #: apps/remix/app/components/tables/organisation-members-table.tsx
 msgid "Member Since"
 msgstr "Member Since"
@@ -4549,6 +4883,7 @@ msgstr "Member Since"
 msgid "Members"
 msgstr "Members"
 
+#: apps/remix/app/components/forms/support-ticket-form.tsx
 #: packages/ui/primitives/template-flow/add-template-settings.tsx
 #: packages/ui/primitives/document-flow/add-subject.tsx
 msgid "Message"
@@ -4784,6 +5119,10 @@ msgstr "No signature field found"
 msgid "No Stripe customer attached"
 msgstr "No Stripe customer attached"
 
+#: packages/ui/components/recipient/recipient-autocomplete-input.tsx
+msgid "No suggestions found"
+msgstr "No suggestions found"
+
 #: apps/remix/app/components/tables/team-groups-table.tsx
 msgid "No team groups found"
 msgstr "No team groups found"
@@ -4914,6 +5253,16 @@ msgstr "Only admins can access and view the document"
 msgid "Only managers and above can access and view the document"
 msgstr "Only managers and above can access and view the document"
 
+#: apps/remix/app/components/general/template/template-drop-zone-wrapper.tsx
+#: apps/remix/app/components/general/document/document-drop-zone-wrapper.tsx
+msgid "Only one file can be uploaded at a time"
+msgstr "Only one file can be uploaded at a time"
+
+#: apps/remix/app/components/general/template/template-drop-zone-wrapper.tsx
+#: apps/remix/app/components/general/document/document-drop-zone-wrapper.tsx
+msgid "Only PDF files are allowed"
+msgstr "Only PDF files are allowed"
+
 #: apps/remix/app/routes/_profile+/_layout.tsx
 #: apps/remix/app/components/general/generic-error-layout.tsx
 #: apps/remix/app/components/general/generic-error-layout.tsx
@@ -4929,10 +5278,15 @@ msgstr "Opened"
 msgid "Or"
 msgstr "Or"
 
+#: apps/remix/app/routes/_unauthenticated+/o.$orgUrl.signin.tsx
+msgid "OR"
+msgstr "OR"
+
 #: apps/remix/app/components/forms/signin.tsx
 msgid "Or continue with"
 msgstr "Or continue with"
 
+#: apps/remix/app/routes/_unauthenticated+/organisation.sso.confirmation.$token.tsx
 #: apps/remix/app/components/tables/user-organisations-table.tsx
 #: apps/remix/app/components/tables/admin-organisations-table.tsx
 msgid "Organisation"
@@ -4942,6 +5296,10 @@ msgstr "Organisation"
 msgid "Organisation Admin"
 msgstr "Organisation Admin"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "Organisation authentication portal URL"
+msgstr "Organisation authentication portal URL"
+
 #: apps/remix/app/components/dialogs/admin-organisation-create-dialog.tsx
 msgid "Organisation created"
 msgstr "Organisation created"
@@ -5012,6 +5370,10 @@ msgstr "Organisation settings"
 msgid "Organisation Settings"
 msgstr "Organisation Settings"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "Organisation SSO Portal"
+msgstr "Organisation SSO Portal"
+
 #: apps/remix/app/routes/_authenticated+/admin+/organisations.$id.tsx
 msgid "Organisation Teams"
 msgstr "Organisation Teams"
@@ -5304,9 +5666,13 @@ msgstr "Please enter a meaningful name for your token. This will help you identi
 msgid "Please enter a valid name."
 msgstr "Please enter a valid name."
 
-#: apps/remix/app/components/general/document-signing/document-signing-form.tsx
-msgid "Please mark as viewed to complete"
-msgstr "Please mark as viewed to complete"
+#: apps/remix/app/components/general/document-signing/document-signing-page-view.tsx
+msgid "Please mark as viewed to complete."
+msgstr "Please mark as viewed to complete."
+
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "Please note that anyone who signs in through your portal will be added to your organisation as a member."
+msgstr "Please note that anyone who signs in through your portal will be added to your organisation as a member."
 
 #: apps/remix/app/components/dialogs/template-direct-link-dialog.tsx
 msgid "Please note that proceeding will remove direct linking recipient and turn it into a placeholder."
@@ -5344,11 +5710,11 @@ msgstr "Please provide a token from the authenticator, or a backup code. If you
 msgid "Please provide a token from your authenticator, or a backup code."
 msgstr "Please provide a token from your authenticator, or a backup code."
 
-#: apps/remix/app/components/general/document-signing/document-signing-form.tsx
+#: apps/remix/app/components/general/document-signing/document-signing-page-view.tsx
 msgid "Please review the document before approving."
 msgstr "Please review the document before approving."
 
-#: apps/remix/app/components/general/document-signing/document-signing-form.tsx
+#: apps/remix/app/components/general/document-signing/document-signing-page-view.tsx
 msgid "Please review the document before signing."
 msgstr "Please review the document before signing."
 
@@ -5444,6 +5810,18 @@ msgstr "Profile updated"
 msgid "Progress"
 msgstr "Progress"
 
+#: apps/remix/app/routes/_authenticated+/admin+/organisations.$id.tsx
+msgid "Promote to owner"
+msgstr "Promote to owner"
+
+#: apps/remix/app/routes/_authenticated+/settings+/security.linked-accounts.tsx
+msgid "Provider"
+msgstr "Provider"
+
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "Provider has been updated successfully"
+msgstr "Provider has been updated successfully"
+
 #: apps/remix/app/components/tables/templates-table.tsx
 #: apps/remix/app/components/general/template/template-type.tsx
 msgid "Public"
@@ -5480,6 +5858,10 @@ msgstr "Radio values"
 msgid "Read only"
 msgstr "Read only"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.support.tsx
+msgid "Read our documentation to get started with Documenso."
+msgstr "Read our documentation to get started with Documenso."
+
 #: apps/remix/app/components/general/document-signing/document-signing-disclosure.tsx
 msgid "Read the full <0>signature disclosure</0>."
 msgstr "Read the full <0>signature disclosure</0>."
@@ -5596,6 +5978,10 @@ msgstr "Recovery codes"
 msgid "Red"
 msgstr "Red"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "Redirect URI"
+msgstr "Redirect URI"
+
 #: apps/remix/app/components/embed/authoring/configure-document-advanced-settings.tsx
 #: packages/ui/primitives/template-flow/add-template-settings.tsx
 #: packages/ui/primitives/document-flow/add-settings.tsx
@@ -5709,6 +6095,10 @@ msgstr "Reply to email"
 msgid "Reply To Email"
 msgstr "Reply To Email"
 
+#: apps/remix/app/routes/_unauthenticated+/organisation.sso.confirmation.$token.tsx
+msgid "Requesting Organisation"
+msgstr "Requesting Organisation"
+
 #: packages/ui/primitives/document-flow/field-items-advanced-settings/text-field.tsx
 #: packages/ui/primitives/document-flow/field-items-advanced-settings/radio-field.tsx
 #: packages/ui/primitives/document-flow/field-items-advanced-settings/number-field.tsx
@@ -5717,6 +6107,10 @@ msgstr "Reply To Email"
 msgid "Required field"
 msgstr "Required field"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "Required scopes"
+msgstr "Required scopes"
+
 #: apps/remix/app/routes/_authenticated+/admin+/documents.$id.tsx
 msgid "Reseal document"
 msgstr "Reseal document"
@@ -5741,6 +6135,11 @@ msgstr "Resend verification"
 msgid "Reset"
 msgstr "Reset"
 
+#: apps/remix/app/components/dialogs/admin-user-reset-two-factor-dialog.tsx
+#: apps/remix/app/components/dialogs/admin-user-reset-two-factor-dialog.tsx
+msgid "Reset 2FA"
+msgstr "Reset 2FA"
+
 #: apps/remix/app/components/forms/forgot-password.tsx
 msgid "Reset email sent"
 msgstr "Reset email sent"
@@ -5752,6 +6151,14 @@ msgstr "Reset email sent"
 msgid "Reset Password"
 msgstr "Reset Password"
 
+#: apps/remix/app/components/dialogs/admin-user-reset-two-factor-dialog.tsx
+msgid "Reset the users two factor authentication. This action is irreversible and will disable two factor authentication for the user."
+msgstr "Reset the users two factor authentication. This action is irreversible and will disable two factor authentication for the user."
+
+#: apps/remix/app/components/dialogs/admin-user-reset-two-factor-dialog.tsx
+msgid "Reset Two Factor Authentication"
+msgstr "Reset Two Factor Authentication"
+
 #: apps/remix/app/components/forms/reset-password.tsx
 msgid "Resetting Password..."
 msgstr "Resetting Password..."
@@ -5783,9 +6190,14 @@ msgstr "Retry"
 #: apps/remix/app/routes/_unauthenticated+/team.verify.email.$token.tsx
 #: apps/remix/app/routes/_unauthenticated+/organisation.invite.$token.tsx
 #: apps/remix/app/routes/_unauthenticated+/organisation.decline.$token.tsx
+#: apps/remix/app/routes/_unauthenticated+/o.$orgUrl.signin.tsx
 msgid "Return"
 msgstr "Return"
 
+#: apps/remix/app/routes/_unauthenticated+/o.$orgUrl.signin.tsx
+msgid "Return to Documenso sign in page here"
+msgstr "Return to Documenso sign in page here"
+
 #: apps/remix/app/routes/_unauthenticated+/organisation.decline.$token.tsx
 msgid "Return to Home"
 msgstr "Return to Home"
@@ -5795,6 +6207,10 @@ msgstr "Return to Home"
 msgid "Return to sign in"
 msgstr "Return to sign in"
 
+#: packages/email/templates/organisation-account-link-confirmation.tsx
+msgid "Review request"
+msgstr "Review request"
+
 #: apps/remix/app/routes/_authenticated+/settings+/security.sessions.tsx
 #: apps/remix/app/components/general/teams/team-email-usage.tsx
 msgid "Revoke"
@@ -5969,6 +6385,10 @@ msgstr "Select authentication methods"
 msgid "Select default option"
 msgstr "Select default option"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "Select default role"
+msgstr "Select default role"
+
 #: packages/ui/primitives/document-flow/field-items-advanced-settings/checkbox-field.tsx
 msgid "Select direction"
 msgstr "Select direction"
@@ -6184,6 +6604,11 @@ msgstr "Show advanced settings"
 msgid "Show templates in your public profile for your audience to sign and get started quickly"
 msgstr "Show templates in your public profile for your audience to sign and get started quickly"
 
+#: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role action verb"
+msgid "Sign"
+msgstr "Sign"
+
 #: apps/remix/app/routes/_profile+/p.$url.tsx
 #: apps/remix/app/components/tables/inbox-table.tsx
 #: apps/remix/app/components/tables/documents-table-action-dropdown.tsx
@@ -6197,7 +6622,6 @@ msgstr "Show templates in your public profile for your audience to sign and get
 #: apps/remix/app/components/general/document-signing/document-signing-auth-password.tsx
 #: apps/remix/app/components/general/document-signing/document-signing-auth-2fa.tsx
 #: apps/remix/app/components/general/document/document-page-view-button.tsx
-#: packages/lib/constants/recipient-roles.ts
 msgid "Sign"
 msgstr "Sign"
 
@@ -6219,7 +6643,7 @@ msgstr "Sign as<0>{0} <1>({1})</1></0>"
 msgid "Sign document"
 msgstr "Sign document"
 
-#: apps/remix/app/components/general/document-signing/document-signing-form.tsx
+#: apps/remix/app/components/general/document-signing/document-signing-page-view.tsx
 #: packages/email/template-components/template-document-invite.tsx
 msgid "Sign Document"
 msgstr "Sign Document"
@@ -6237,6 +6661,7 @@ msgstr "Sign field"
 msgid "Sign Here"
 msgstr "Sign Here"
 
+#: apps/remix/app/routes/_unauthenticated+/o.$orgUrl.signin.tsx
 #: apps/remix/app/components/forms/signin.tsx
 #: apps/remix/app/components/forms/signin.tsx
 #: packages/email/template-components/template-reset-password.tsx
@@ -6244,6 +6669,7 @@ msgid "Sign In"
 msgstr "Sign In"
 
 #: apps/remix/app/routes/_unauthenticated+/signin.tsx
+#: apps/remix/app/routes/_unauthenticated+/o.$orgUrl.signin.tsx
 #: apps/remix/app/components/general/document-signing/document-signing-auth-dialog.tsx
 msgid "Sign in to your account"
 msgstr "Sign in to your account"
@@ -6311,14 +6737,19 @@ msgstr "Signatures Collected"
 msgid "Signatures will appear once the document has been completed"
 msgstr "Signatures will appear once the document has been completed"
 
+#: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role actioned"
+msgid "Signed"
+msgstr "Signed"
+
 #: apps/remix/app/routes/_internal+/[__htmltopdf]+/certificate.tsx
 #: apps/remix/app/components/general/document/document-page-view-recipients.tsx
 #: packages/ui/components/document/document-read-only-fields.tsx
-#: packages/lib/constants/recipient-roles.ts
 msgid "Signed"
 msgstr "Signed"
 
 #: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role name"
 msgid "Signer"
 msgstr "Signer"
 
@@ -6327,14 +6758,12 @@ msgid "Signer Events"
 msgstr "Signer Events"
 
 #: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role plural name"
 msgid "Signers"
 msgstr "Signers"
 
-#: packages/ui/primitives/document-flow/add-signers.types.ts
-msgid "Signers must have unique emails"
-msgstr "Signers must have unique emails"
-
 #: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role progressive verb"
 msgid "Signing"
 msgstr "Signing"
 
@@ -6507,6 +6936,14 @@ msgstr "Sorry, we were unable to download the certificate. Please try again late
 msgid "Source"
 msgstr "Source"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "Space-separated list of domains. Leave empty to allow all domains."
+msgstr "Space-separated list of domains. Leave empty to allow all domains."
+
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings._layout.tsx
+msgid "SSO"
+msgstr "SSO"
+
 #: apps/remix/app/routes/_authenticated+/admin+/_layout.tsx
 msgid "Stats"
 msgstr "Stats"
@@ -6538,6 +6975,7 @@ msgstr "Stripe customer created successfully"
 msgid "Stripe Customer ID"
 msgstr "Stripe Customer ID"
 
+#: apps/remix/app/components/forms/support-ticket-form.tsx
 #: packages/ui/primitives/document-flow/add-subject.tsx
 msgid "Subject"
 msgstr "Subject"
@@ -6547,6 +6985,10 @@ msgstr "Subject"
 msgid "Subject <0>(Optional)</0>"
 msgstr "Subject <0>(Optional)</0>"
 
+#: apps/remix/app/components/forms/support-ticket-form.tsx
+msgid "Submit"
+msgstr "Submit"
+
 #: apps/remix/app/components/general/billing-plans.tsx
 #: apps/remix/app/components/general/billing-plans.tsx
 #: apps/remix/app/components/general/billing-plans.tsx
@@ -6580,10 +7022,12 @@ msgstr "Subscription invalid"
 
 #: apps/remix/app/routes/embed+/v1+/authoring+/template.edit.$id.tsx
 #: apps/remix/app/routes/embed+/v1+/authoring+/document.edit.$id.tsx
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
 #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.groups.$id.tsx
 #: apps/remix/app/routes/_authenticated+/admin+/organisations.$id.tsx
 #: apps/remix/app/routes/_authenticated+/admin+/organisations.$id.tsx
 #: apps/remix/app/routes/_authenticated+/admin+/organisations.$id.tsx
+#: apps/remix/app/routes/_authenticated+/admin+/organisations.$id.tsx
 #: apps/remix/app/routes/_authenticated+/admin+/documents.$id.tsx
 #: apps/remix/app/components/tables/settings-security-passkey-table-actions.tsx
 #: apps/remix/app/components/tables/settings-security-passkey-table-actions.tsx
@@ -6641,6 +7085,15 @@ msgstr "Successfully created: {successCount}"
 msgid "Summary:"
 msgstr "Summary:"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.support.tsx
+#: apps/remix/app/components/general/org-menu-switcher.tsx
+msgid "Support"
+msgstr "Support"
+
+#: apps/remix/app/components/forms/support-ticket-form.tsx
+msgid "Support ticket created"
+msgstr "Support ticket created"
+
 #: apps/remix/app/components/tables/organisation-email-domains-table.tsx
 msgid "Sync"
 msgstr "Sync"
@@ -7048,6 +7501,14 @@ msgstr "The following errors occurred:"
 msgid "The following team has been deleted. You will no longer be able to access this team and its documents"
 msgstr "The following team has been deleted. You will no longer be able to access this team and its documents"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "The OpenID discovery endpoint URL for your provider"
+msgstr "The OpenID discovery endpoint URL for your provider"
+
+#: apps/remix/app/routes/_unauthenticated+/o.$orgUrl.signin.tsx
+msgid "The organisation authentication portal does not exist, or is not configured"
+msgstr "The organisation authentication portal does not exist, or is not configured"
+
 #: apps/remix/app/components/dialogs/organisation-email-create-dialog.tsx
 msgid "The organisation email has been created successfully."
 msgstr "The organisation email has been created successfully."
@@ -7192,6 +7653,10 @@ msgstr "The template will be removed from your profile"
 msgid "The test webhook has been successfully sent to your endpoint."
 msgstr "The test webhook has been successfully sent to your endpoint."
 
+#: apps/remix/app/routes/_unauthenticated+/organisation.sso.confirmation.$token.tsx
+msgid "The token is invalid or has expired."
+msgstr "The token is invalid or has expired."
+
 #: apps/remix/app/components/forms/token.tsx
 msgid "The token was copied to your clipboard."
 msgstr "The token was copied to your clipboard."
@@ -7225,6 +7690,10 @@ msgstr ""
 "The user you are looking for may have been removed, renamed or may have never\n"
 "                    existed."
 
+#: apps/remix/app/components/dialogs/admin-user-reset-two-factor-dialog.tsx
+msgid "The user's two factor authentication has been reset successfully."
+msgstr "The user's two factor authentication has been reset successfully."
+
 #: apps/remix/app/components/dialogs/webhook-delete-dialog.tsx
 msgid "The webhook has been successfully deleted."
 msgstr "The webhook has been successfully deleted."
@@ -7277,6 +7746,10 @@ msgstr "This account has been disabled. Please contact support."
 msgid "This account has not been verified. Please verify your account before signing in."
 msgstr "This account has not been verified. Please verify your account before signing in."
 
+#: apps/remix/app/components/dialogs/admin-user-reset-two-factor-dialog.tsx
+msgid "This action is irreversible. Please ensure you have informed the user before proceeding."
+msgstr "This action is irreversible. Please ensure you have informed the user before proceeding."
+
 #: apps/remix/app/components/dialogs/admin-user-delete-dialog.tsx
 #: apps/remix/app/components/dialogs/admin-document-delete-dialog.tsx
 #: apps/remix/app/components/dialogs/account-delete-dialog.tsx
@@ -7395,10 +7868,22 @@ msgstr "This is how the document will reach the recipients once the document is
 msgid "This is the claim that this organisation was initially created with. Any feature flag changes to this claim will be backported into this organisation."
 msgstr "This is the claim that this organisation was initially created with. Any feature flag changes to this claim will be backported into this organisation."
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "This is the required scopes you must set in your provider's settings"
+msgstr "This is the required scopes you must set in your provider's settings"
+
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "This is the URL which users will use to sign in to your organisation."
+msgstr "This is the URL which users will use to sign in to your organisation."
+
 #: apps/remix/app/routes/_unauthenticated+/team.verify.email.$token.tsx
 msgid "This link is invalid or has expired. Please contact your team to resend a verification."
 msgstr "This link is invalid or has expired. Please contact your team to resend a verification."
 
+#: apps/remix/app/routes/_unauthenticated+/organisation.sso.confirmation.$token.tsx
+msgid "This organisation will have administrative control over your account. You can revoke this access later, but they will retain access to any data they've already collected."
+msgstr "This organisation will have administrative control over your account. You can revoke this access later, but they will retain access to any data they've already collected."
+
 #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.general.tsx
 msgid "This organisation, and any associated data will be permanently deleted."
 msgstr "This organisation, and any associated data will be permanently deleted."
@@ -7518,9 +8003,10 @@ msgstr "To be able to add members to a team, you must first add them to the orga
 msgid "To change the email you must remove and add a new email address."
 msgstr "To change the email you must remove and add a new email address."
 
+#. placeholder {0}: user.email
 #. placeholder {0}: userToEnable.email
 #. placeholder {0}: userToDisable.email
-#. placeholder {0}: user.email
+#: apps/remix/app/components/dialogs/admin-user-reset-two-factor-dialog.tsx
 #: apps/remix/app/components/dialogs/admin-user-enable-dialog.tsx
 #: apps/remix/app/components/dialogs/admin-user-disable-dialog.tsx
 #: apps/remix/app/components/dialogs/admin-user-delete-dialog.tsx
@@ -7536,6 +8022,7 @@ msgid "To enable two-factor authentication, scan the following QR code using you
 msgstr "To enable two-factor authentication, scan the following QR code using your authenticator app."
 
 #: apps/remix/app/routes/_unauthenticated+/unverified-account.tsx
+#: apps/remix/app/routes/_unauthenticated+/o.$orgUrl.signin.tsx
 msgid "To gain access to your account, please confirm your email address by clicking on the confirmation link from your inbox."
 msgstr "To gain access to your account, please confirm your email address by clicking on the confirmation link from your inbox."
 
@@ -7652,9 +8139,14 @@ msgstr "Two-factor authentication has been disabled for your account. You will n
 msgid "Two-Factor Re-Authentication"
 msgstr "Two-Factor Re-Authentication"
 
+#: packages/lib/constants/document.ts
+msgctxt "Type signatute type"
+msgid "Type"
+msgstr "Type"
+
 #: apps/remix/app/components/tables/templates-table.tsx
 #: apps/remix/app/components/tables/admin-document-recipient-item-table.tsx
-#: packages/lib/constants/document.ts
+#: packages/ui/primitives/signature-pad/signature-pad.tsx
 msgid "Type"
 msgstr "Type"
 
@@ -7768,9 +8260,15 @@ msgstr "Uncompleted"
 #: apps/remix/app/routes/_authenticated+/settings+/security.sessions.tsx
 #: apps/remix/app/routes/_authenticated+/settings+/security.sessions.tsx
 #: apps/remix/app/routes/_authenticated+/settings+/security.sessions.tsx
+#: apps/remix/app/routes/_authenticated+/settings+/security.linked-accounts.tsx
 msgid "Unknown"
 msgstr "Unknown"
 
+#: apps/remix/app/components/general/template/template-drop-zone-wrapper.tsx
+#: apps/remix/app/components/general/document/document-drop-zone-wrapper.tsx
+msgid "Unknown error"
+msgstr "Unknown error"
+
 #: apps/remix/app/components/tables/admin-claims-table.tsx
 msgid "Unlimited"
 msgstr "Unlimited"
@@ -7779,6 +8277,11 @@ msgstr "Unlimited"
 msgid "Unlimited documents, API and more"
 msgstr "Unlimited documents, API and more"
 
+#: apps/remix/app/routes/_authenticated+/settings+/security.linked-accounts.tsx
+#: apps/remix/app/routes/_authenticated+/settings+/security.linked-accounts.tsx
+msgid "Unlink"
+msgstr "Unlink"
+
 #: apps/remix/app/components/general/folder/folder-card.tsx
 msgid "Unpin"
 msgstr "Unpin"
@@ -7787,6 +8290,7 @@ msgstr "Unpin"
 msgid "Untitled Group"
 msgstr "Untitled Group"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
 #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.groups.$id.tsx
 #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.email-domains.$id.tsx
 #: apps/remix/app/routes/_authenticated+/admin+/organisations.$id.tsx
@@ -7926,6 +8430,11 @@ msgid "Upgrade your plan to upload more documents"
 msgstr "Upgrade your plan to upload more documents"
 
 #: packages/lib/constants/document.ts
+msgctxt "Upload signatute type"
+msgid "Upload"
+msgstr "Upload"
+
+#: packages/ui/primitives/signature-pad/signature-pad.tsx
 msgid "Upload"
 msgstr "Upload"
 
@@ -7959,6 +8468,11 @@ msgstr "Upload custom document"
 msgid "Upload Document"
 msgstr "Upload Document"
 
+#: apps/remix/app/components/general/template/template-drop-zone-wrapper.tsx
+#: apps/remix/app/components/general/document/document-drop-zone-wrapper.tsx
+msgid "Upload failed"
+msgstr "Upload failed"
+
 #: packages/ui/primitives/signature-pad/signature-pad-upload.tsx
 msgid "Upload Signature"
 msgstr "Upload Signature"
@@ -8040,6 +8554,7 @@ msgstr "User has no password."
 msgid "User not found"
 msgstr "User not found"
 
+#: apps/remix/app/components/dialogs/admin-user-reset-two-factor-dialog.tsx
 #: apps/remix/app/components/dialogs/admin-user-enable-dialog.tsx
 #: apps/remix/app/components/dialogs/admin-user-disable-dialog.tsx
 #: apps/remix/app/components/dialogs/admin-user-delete-dialog.tsx
@@ -8113,6 +8628,11 @@ msgstr "Verify your team email address"
 msgid "Vertical"
 msgstr "Vertical"
 
+#: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role action verb"
+msgid "View"
+msgstr "View"
+
 #: apps/remix/app/components/tables/organisation-billing-invoices-table.tsx
 #: apps/remix/app/components/tables/inbox-table.tsx
 #: apps/remix/app/components/tables/inbox-table.tsx
@@ -8122,7 +8642,6 @@ msgstr "Vertical"
 #: apps/remix/app/components/general/document/document-page-view-button.tsx
 #: apps/remix/app/components/forms/2fa/view-recovery-codes-dialog.tsx
 #: apps/remix/app/components/embed/multisign/multi-sign-document-list.tsx
-#: packages/lib/constants/recipient-roles.ts
 msgid "View"
 msgstr "View"
 
@@ -8155,6 +8674,11 @@ msgstr "View all security activity related to your account."
 msgid "View and manage all active sessions for your account."
 msgstr "View and manage all active sessions for your account."
 
+#: apps/remix/app/routes/_authenticated+/settings+/security.linked-accounts.tsx
+#: apps/remix/app/routes/_authenticated+/settings+/security._index.tsx
+msgid "View and manage all login methods linked to your account."
+msgstr "View and manage all login methods linked to your account."
+
 #: apps/remix/app/components/forms/2fa/view-recovery-codes-dialog.tsx
 msgid "View Codes"
 msgstr "View Codes"
@@ -8167,7 +8691,7 @@ msgstr "View DNS Records"
 msgid "View document"
 msgstr "View document"
 
-#: apps/remix/app/components/general/document-signing/document-signing-form.tsx
+#: apps/remix/app/components/general/document-signing/document-signing-page-view.tsx
 #: packages/ui/primitives/document-flow/add-subject.tsx
 #: packages/ui/primitives/document-flow/add-subject.tsx
 #: packages/ui/primitives/document-flow/add-subject.tsx
@@ -8217,22 +8741,29 @@ msgstr "View teams"
 msgid "View the DNS records for this email domain"
 msgstr "View the DNS records for this email domain"
 
+#: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role actioned"
+msgid "Viewed"
+msgstr "Viewed"
+
 #: apps/remix/app/routes/_internal+/[__htmltopdf]+/certificate.tsx
 #: apps/remix/app/components/general/document/document-page-view-recipients.tsx
 #: apps/remix/app/components/embed/multisign/multi-sign-document-list.tsx
-#: packages/lib/constants/recipient-roles.ts
 msgid "Viewed"
 msgstr "Viewed"
 
 #: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role name"
 msgid "Viewer"
 msgstr "Viewer"
 
 #: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role plural name"
 msgid "Viewers"
 msgstr "Viewers"
 
 #: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role progressive verb"
 msgid "Viewing"
 msgstr "Viewing"
 
@@ -8295,6 +8826,10 @@ msgstr "We are unable to update this passkey at the moment. Please try again lat
 msgid "We couldn't create a Stripe customer. Please try again."
 msgstr "We couldn't create a Stripe customer. Please try again."
 
+#: apps/remix/app/routes/_authenticated+/admin+/organisations.$id.tsx
+msgid "We couldn't promote the member to owner. Please try again."
+msgstr "We couldn't promote the member to owner. Please try again."
+
 #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.groups.$id.tsx
 msgid "We couldn't update the group. Please try again."
 msgstr "We couldn't update the group. Please try again."
@@ -8304,6 +8839,10 @@ msgstr "We couldn't update the group. Please try again."
 msgid "We couldn't update the organisation. Please try again."
 msgstr "We couldn't update the organisation. Please try again."
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "We couldn't update the provider. Please try again."
+msgstr "We couldn't update the provider. Please try again."
+
 #: apps/remix/app/components/dialogs/organisation-email-create-dialog.tsx
 msgid "We encountered an error while creating the email. Please try again later."
 msgstr "We encountered an error while creating the email. Please try again later."
@@ -8412,6 +8951,7 @@ msgstr "We encountered an unknown error while attempting to reset your password.
 msgid "We encountered an unknown error while attempting to revoke access. Please try again or contact support."
 msgstr "We encountered an unknown error while attempting to revoke access. Please try again or contact support."
 
+#: apps/remix/app/routes/_unauthenticated+/o.$orgUrl.signin.tsx
 #: apps/remix/app/components/forms/signin.tsx
 #: apps/remix/app/components/forms/signin.tsx
 msgid "We encountered an unknown error while attempting to sign you In. Please try again later."
@@ -8547,6 +9087,10 @@ msgstr "We will generate signing links for you, which you can send to the recipi
 msgid "We won't send anything to notify recipients."
 msgstr "We won't send anything to notify recipients."
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.support.tsx
+msgid "We'll get back to you as soon as possible via email."
+msgstr "We'll get back to you as soon as possible via email."
+
 #: apps/remix/app/routes/_authenticated+/t.$teamUrl+/templates._index.tsx
 #: apps/remix/app/components/tables/documents-table-empty-state.tsx
 msgid "We're all empty"
@@ -8604,10 +9148,18 @@ msgstr "Welcome back, we are lucky to have you."
 msgid "Welcome back! Here's an overview of your account."
 msgstr "Welcome back! Here's an overview of your account."
 
+#: apps/remix/app/routes/_unauthenticated+/o.$orgUrl.signin.tsx
+msgid "Welcome to {organisationName}"
+msgstr "Welcome to {organisationName}"
+
 #: packages/email/template-components/template-confirmation-email.tsx
 msgid "Welcome to Documenso!"
 msgstr "Welcome to Documenso!"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "Well-known URL is required"
+msgstr "Well-known URL is required"
+
 #: apps/remix/app/routes/_recipient+/sign.$token+/waiting.tsx
 msgid "Were you trying to edit this document instead?"
 msgstr "Were you trying to edit this document instead?"
@@ -8634,6 +9186,10 @@ msgstr "When you sign a document, we can automatically fill in and sign the foll
 msgid "When you use our platform to affix your electronic signature to documents, you are consenting to do so under the Electronic Signatures in Global and National Commerce Act (E-Sign Act) and other applicable laws. This action indicates your agreement to use electronic means to sign documents and receive notifications."
 msgstr "When you use our platform to affix your electronic signature to documents, you are consenting to do so under the Electronic Signatures in Global and National Commerce Act (E-Sign Act) and other applicable laws. This action indicates your agreement to use electronic means to sign documents and receive notifications."
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "Whether to enable the SSO portal for your organisation"
+msgstr "Whether to enable the SSO portal for your organisation"
+
 #: apps/remix/app/routes/_profile+/p.$url.tsx
 msgid "While waiting for them to do so you can create your own Documenso account and get started with document signing right away."
 msgstr "While waiting for them to do so you can create your own Documenso account and get started with document signing right away."
@@ -8701,6 +9257,10 @@ msgstr "You are about to leave the following organisation."
 msgid "You are about to remove default access to this team for all organisation members. Any members not explicitly added to this team will no longer have access."
 msgstr "You are about to remove default access to this team for all organisation members. Any members not explicitly added to this team will no longer have access."
 
+#: apps/remix/app/routes/_authenticated+/settings+/security.linked-accounts.tsx
+msgid "You are about to remove the <0>{provider}</0> login method from your account."
+msgstr "You are about to remove the <0>{provider}</0> login method from your account."
+
 #. placeholder {0}: organisation.name
 #: apps/remix/app/components/dialogs/organisation-email-domain-delete-dialog.tsx
 msgid "You are about to remove the email domain <0>{emailDomain}</0> from <1>{0}</1>. All emails associated with this domain will be deleted."
@@ -8787,6 +9347,10 @@ msgstr "You are not authorized to disable this user."
 msgid "You are not authorized to enable this user."
 msgstr "You are not authorized to enable this user."
 
+#: apps/remix/app/components/dialogs/admin-user-reset-two-factor-dialog.tsx
+msgid "You are not authorized to reset two factor authentcation for this user."
+msgstr "You are not authorized to reset two factor authentcation for this user."
+
 #: packages/email/template-components/template-confirmation-email.tsx
 msgid "You can also copy and paste this link into your browser: {confirmationLink} (link expires in 1 hour)"
 msgstr "You can also copy and paste this link into your browser: {confirmationLink} (link expires in 1 hour)"
@@ -9077,6 +9641,10 @@ msgstr "You will now be required to enter a code from your authenticator app whe
 msgid "You will receive an Email copy of the signed document once everyone has signed."
 msgstr "You will receive an Email copy of the signed document once everyone has signed."
 
+#: apps/remix/app/routes/_unauthenticated+/organisation.sso.confirmation.$token.tsx
+msgid "Your Account"
+msgstr "Your Account"
+
 #: apps/remix/app/components/dialogs/account-delete-dialog.tsx
 msgid "Your account has been deleted successfully."
 msgstr "Your account has been deleted successfully."
@@ -9110,6 +9678,10 @@ msgstr "Your bulk send operation for template \"{templateName}\" has completed."
 msgid "Your current {currentProductName} plan is past due. Please update your payment information."
 msgstr "Your current {currentProductName} plan is past due. Please update your payment information."
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.support.tsx
+msgid "Your current plan includes the following support channels:"
+msgstr "Your current plan includes the following support channels:"
+
 #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.billing.tsx
 msgid "Your current plan is inactive."
 msgstr "Your current plan is inactive."
@@ -9123,7 +9695,6 @@ msgid "Your direct signing templates"
 msgstr "Your direct signing templates"
 
 #: apps/remix/app/components/general/document/document-upload.tsx
-#: apps/remix/app/components/general/document/document-drop-zone-wrapper.tsx
 #: apps/remix/app/components/embed/authoring/configure-document-upload.tsx
 msgid "Your document failed to upload."
 msgstr "Your document failed to upload."
@@ -9256,6 +9827,10 @@ msgstr "Your recovery code has been copied to your clipboard."
 msgid "Your recovery codes are listed below. Please store them in a safe place."
 msgstr "Your recovery codes are listed below. Please store them in a safe place."
 
+#: apps/remix/app/components/forms/support-ticket-form.tsx
+msgid "Your support request has been submitted. We'll get back to you soon!"
+msgstr "Your support request has been submitted. We'll get back to you soon!"
+
 #: apps/remix/app/components/dialogs/team-create-dialog.tsx
 msgid "Your team has been created."
 msgstr "Your team has been created."
@@ -9268,10 +9843,6 @@ msgstr "Your team has been successfully deleted."
 msgid "Your team has been successfully updated."
 msgstr "Your team has been successfully updated."
 
-#: apps/remix/app/components/general/template/template-drop-zone-wrapper.tsx
-msgid "Your template failed to upload."
-msgstr "Your template failed to upload."
-
 #: apps/remix/app/routes/embed+/v1+/authoring_.completed.create.tsx
 msgid "Your template has been created successfully"
 msgstr "Your template has been created successfully"
@@ -9307,3 +9878,7 @@ msgstr "Your token was created successfully! Make sure to copy it because you wo
 #: apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.tokens.tsx
 msgid "Your tokens will be shown here once you create them."
 msgstr "Your tokens will be shown here once you create them."
+
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "your-domain.com another-domain.com"
+msgstr "your-domain.com another-domain.com"
diff --git a/packages/lib/translations/es/web.po b/packages/lib/translations/es/web.po
index 1d23791d2..a2520c175 100644
--- a/packages/lib/translations/es/web.po
+++ b/packages/lib/translations/es/web.po
@@ -414,14 +414,30 @@ msgstr "{visibleRows, plural, one {Mostrando # resultado.} other {Mostrando # re
 msgid "<0>\"{0}\"</0>is no longer available to sign"
 msgstr "<0>\"{0}\"</0> ya no está disponible para firmar"
 
+#: packages/email/templates/organisation-account-link-confirmation.tsx
+msgid "<0>{organisationName}</0> has requested to create an account on your behalf."
+msgstr ""
+
+#: packages/email/templates/organisation-account-link-confirmation.tsx
+msgid "<0>{organisationName}</0> has requested to link your current Documenso account to their organisation."
+msgstr ""
+
 #: packages/email/templates/confirm-team-email.tsx
 msgid "<0>{teamName}</0> has requested to use your email address for their team on Documenso."
 msgstr "<0>{teamName}</0> ha solicitado usar tu dirección de correo electrónico para su equipo en Documenso."
 
+#: apps/remix/app/routes/_unauthenticated+/organisation.sso.confirmation.$token.tsx
+msgid "<0>Account management:</0> Modify your account settings, permissions, and preferences"
+msgstr ""
+
 #: apps/remix/app/components/dialogs/template-use-dialog.tsx
 msgid "<0>Click to upload</0> or drag and drop"
 msgstr "<0>Haga clic para subir</0> o arrastre y suelte"
 
+#: apps/remix/app/routes/_unauthenticated+/organisation.sso.confirmation.$token.tsx
+msgid "<0>Data access:</0> Access all data associated with your account"
+msgstr ""
+
 #: packages/ui/components/document/document-signature-settings-tooltip.tsx
 msgid "<0>Drawn</0> - A signature that is drawn using a mouse or stylus."
 msgstr "<0>Dibujado</0> - Una firma que se dibuja usando un ratón o un lápiz óptico."
@@ -430,6 +446,10 @@ msgstr "<0>Dibujado</0> - Una firma que se dibuja usando un ratón o un lápiz 
 msgid "<0>Email</0> - The recipient will be emailed the document to sign, approve, etc."
 msgstr "<0>Correo electrónico</0> - Al destinatario se le enviará el documento para firmar, aprobar, etc."
 
+#: apps/remix/app/routes/_unauthenticated+/organisation.sso.confirmation.$token.tsx
+msgid "<0>Full account access:</0> View all your profile information, settings, and activity"
+msgstr ""
+
 #: packages/ui/components/recipient/recipient-action-auth-select.tsx
 msgid "<0>Inherit authentication method</0> - Use the global action signing authentication method configured in the \"General Settings\" step"
 msgstr "<0>Heredar método de autenticación</0> - Use el método de autenticación de firma de acción global configurado en el paso \"Configuración General\""
@@ -517,10 +537,18 @@ msgstr "12 meses"
 msgid "2FA"
 msgstr "2FA"
 
+#: apps/remix/app/components/dialogs/admin-user-reset-two-factor-dialog.tsx
+msgid "2FA Reset"
+msgstr ""
+
 #: apps/remix/app/components/forms/token.tsx
 msgid "3 months"
 msgstr "3 meses"
 
+#: apps/remix/app/routes/_unauthenticated+/organisation.sso.confirmation.$token.tsx
+msgid "400 Error"
+msgstr ""
+
 #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings._layout.tsx
 #: apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings._layout.tsx
 msgid "401 Unauthorized"
@@ -534,6 +562,10 @@ msgstr "404 Dominio de correo electrónico no encontrado"
 msgid "404 not found"
 msgstr "404 no encontrado"
 
+#: apps/remix/app/routes/_unauthenticated+/o.$orgUrl.signin.tsx
+msgid "404 Not Found"
+msgstr ""
+
 #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.groups.$id.tsx
 msgid "404 Organisation group not found"
 msgstr "404 Grupo de organización no encontrado"
@@ -597,16 +629,19 @@ msgid "A draft document will be created"
 msgstr "Se creará un documento borrador"
 
 #: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
 msgid "A field was added"
-msgstr "Se añadió un campo"
+msgstr ""
 
 #: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
 msgid "A field was removed"
-msgstr "Se eliminó un campo"
+msgstr ""
 
 #: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
 msgid "A field was updated"
-msgstr "Se actualizó un campo"
+msgstr ""
 
 #: apps/remix/app/routes/_unauthenticated+/articles.signature-disclosure.tsx
 msgid "A means to print or download documents for your records"
@@ -646,16 +681,27 @@ msgid "A password reset email has been sent, if you have an account you should s
 msgstr "Se ha enviado un correo electrónico para restablecer la contraseña, si tienes una cuenta deberías verlo en tu bandeja de entrada en breve."
 
 #: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
 msgid "A recipient was added"
-msgstr "Se añadió un destinatario"
+msgstr ""
 
 #: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
 msgid "A recipient was removed"
-msgstr "Se eliminó un destinatario"
+msgstr ""
 
 #: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
 msgid "A recipient was updated"
-msgstr "Se actualizó un destinatario"
+msgstr ""
+
+#: packages/email/templates/organisation-account-link-confirmation.tsx
+msgid "A request has been made to create an account for you"
+msgstr ""
+
+#: packages/email/templates/organisation-account-link-confirmation.tsx
+msgid "A request has been made to link your Documenso account"
+msgstr ""
 
 #. placeholder {0}: team.name
 #: packages/lib/server-only/team/create-team-email-verification.ts
@@ -706,6 +752,10 @@ msgstr "Se enviará un correo electrónico de verificación a la dirección prop
 msgid "Accept"
 msgstr "Aceptar"
 
+#: apps/remix/app/routes/_unauthenticated+/organisation.sso.confirmation.$token.tsx
+msgid "Accept & Link Account"
+msgstr ""
+
 #: packages/email/templates/organisation-invite.tsx
 msgid "Accept invitation to join an organisation on Documenso"
 msgstr "Aceptar invitación para unirse a una organización en Documenso"
@@ -726,6 +776,7 @@ msgstr "Acceso deshabilitado"
 msgid "Access enabled"
 msgstr "Acceso habilitado"
 
+#: apps/remix/app/routes/_unauthenticated+/organisation.sso.confirmation.$token.tsx
 #: apps/remix/app/components/general/org-menu-switcher.tsx
 #: apps/remix/app/components/general/document-signing/document-signing-auth-dialog.tsx
 msgid "Account"
@@ -735,6 +786,14 @@ msgstr "Cuenta"
 msgid "Account Authentication"
 msgstr "Autenticación de Cuenta"
 
+#: packages/email/templates/organisation-account-link-confirmation.tsx
+msgid "Account creation request"
+msgstr ""
+
+#: apps/remix/app/routes/_unauthenticated+/organisation.sso.confirmation.$token.tsx
+msgid "Account Creation Request"
+msgstr ""
+
 #: apps/remix/app/components/dialogs/admin-user-delete-dialog.tsx
 #: apps/remix/app/components/dialogs/account-delete-dialog.tsx
 msgid "Account deleted"
@@ -748,10 +807,18 @@ msgstr "Cuenta deshabilitada"
 msgid "Account enabled"
 msgstr "Cuenta habilitada"
 
+#: apps/remix/app/routes/_unauthenticated+/organisation.sso.confirmation.$token.tsx
+msgid "Account Linking Request"
+msgstr ""
+
 #: apps/remix/app/routes/_internal+/[__htmltopdf]+/certificate.tsx
 msgid "Account Re-Authentication"
 msgstr "Re-autenticación de Cuenta"
 
+#: apps/remix/app/routes/_authenticated+/settings+/security.linked-accounts.tsx
+msgid "Account unlinked"
+msgstr ""
+
 #: apps/remix/app/routes/_unauthenticated+/articles.signature-disclosure.tsx
 msgid "Acknowledgment"
 msgstr "Reconocimiento"
@@ -766,6 +833,7 @@ msgstr "Acción"
 
 #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.email-domains.$id.tsx
 #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.email-domains.$id.tsx
+#: apps/remix/app/routes/_authenticated+/admin+/organisations.$id.tsx
 #: apps/remix/app/components/tables/templates-table.tsx
 #: apps/remix/app/components/tables/team-members-table.tsx
 #: apps/remix/app/components/tables/team-members-table.tsx
@@ -804,6 +872,10 @@ msgstr "Suscripciones Activas"
 msgid "Add"
 msgstr "Agregar"
 
+#: packages/ui/primitives/document-flow/add-signers.tsx
+msgid "Add 2 or more signers to enable signing order."
+msgstr ""
+
 #: apps/remix/app/components/dialogs/organisation-email-domain-create-dialog.tsx
 msgid "Add a custom domain to send emails on behalf of your organisation. We'll generate DKIM records that you need to add to your DNS provider."
 msgstr "Agrega un dominio personalizado para enviar correos electrónicos en nombre de tu organización. Generaremos registros DKIM que necesitarás añadir a tu proveedor de DNS."
@@ -961,6 +1033,10 @@ msgstr "Agrega los destinatarios con los que crear el documento"
 msgid "Add these DNS records to verify your domain ownership"
 msgstr "Añade estos registros DNS para verificar la propiedad de tu dominio"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "Add this URL to your provider's allowed redirect URIs"
+msgstr ""
+
 #: apps/remix/app/components/forms/branding-preferences-form.tsx
 msgid "Additional brand information to display at the bottom of emails"
 msgstr "Información adicional de la marca para mostrar al final de los correos electrónicos"
@@ -1078,6 +1154,10 @@ msgstr "Permitir que los destinatarios del documento respondan directamente a es
 msgid "Allow signers to dictate next signer"
 msgstr "Permitir a los firmantes dictar al siguiente firmante"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "Allowed Email Domains"
+msgstr ""
+
 #: apps/remix/app/components/embed/authoring/configure-document-advanced-settings.tsx
 #: packages/ui/primitives/template-flow/add-template-settings.tsx
 #: packages/ui/primitives/document-flow/add-settings.tsx
@@ -1120,6 +1200,7 @@ msgstr "Un correo electrónico que contiene una invitación se enviará a cada m
 msgid "An email with this address already exists."
 msgstr "Ya existe un correo electrónico con esta dirección."
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
 #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.groups.$id.tsx
 #: apps/remix/app/routes/_authenticated+/admin+/organisations.$id.tsx
 #: apps/remix/app/routes/_authenticated+/admin+/organisations.$id.tsx
@@ -1139,6 +1220,7 @@ msgstr "Ocurrió un error al agregar campos."
 
 #: apps/remix/app/components/general/template/template-edit-form.tsx
 #: apps/remix/app/components/general/document/document-edit-form.tsx
+#: apps/remix/app/components/general/document/document-edit-form.tsx
 msgid "An error occurred while adding signers."
 msgstr "Ocurrió un error al agregar firmantes."
 
@@ -1146,6 +1228,30 @@ msgstr "Ocurrió un error al agregar firmantes."
 msgid "An error occurred while adding the fields."
 msgstr "Ocurrió un error al agregar los campos."
 
+#: apps/remix/app/components/general/document/document-edit-form.tsx
+msgid "An error occurred while auto-saving the document settings."
+msgstr ""
+
+#: apps/remix/app/components/general/document/document-edit-form.tsx
+msgid "An error occurred while auto-saving the fields."
+msgstr ""
+
+#: apps/remix/app/components/general/document/document-edit-form.tsx
+msgid "An error occurred while auto-saving the subject form."
+msgstr ""
+
+#: apps/remix/app/components/general/template/template-edit-form.tsx
+msgid "An error occurred while auto-saving the template fields."
+msgstr ""
+
+#: apps/remix/app/components/general/template/template-edit-form.tsx
+msgid "An error occurred while auto-saving the template placeholders."
+msgstr ""
+
+#: apps/remix/app/components/general/template/template-edit-form.tsx
+msgid "An error occurred while auto-saving the template settings."
+msgstr ""
+
 #: apps/remix/app/components/general/document-signing/document-signing-auto-sign.tsx
 msgid "An error occurred while auto-signing the document, some fields may not be signed. Please review and manually sign any remaining fields."
 msgstr "Se produjo un error al firmar automáticamente el documento, es posible que algunos campos no estén firmados. Por favor, revise y firme manualmente cualquier campo restante."
@@ -1224,6 +1330,10 @@ msgstr "Ocurrió un error al eliminar la selección."
 msgid "An error occurred while removing the signature."
 msgstr "Ocurrió un error al eliminar la firma."
 
+#: apps/remix/app/components/dialogs/admin-user-reset-two-factor-dialog.tsx
+msgid "An error occurred while resetting two factor authentication for the user."
+msgstr ""
+
 #: apps/remix/app/components/general/document/document-edit-form.tsx
 msgid "An error occurred while sending the document."
 msgstr "Ocurrió un error al enviar el documento."
@@ -1281,10 +1391,23 @@ msgstr "Ocurrió un error al actualizar tu perfil."
 msgid "An error occurred while uploading your document."
 msgstr "Ocurrió un error al subir tu documento."
 
+#: apps/remix/app/components/forms/support-ticket-form.tsx
+msgid "An error occurred. Please try again later."
+msgstr ""
+
+#: apps/remix/app/routes/_unauthenticated+/organisation.sso.confirmation.$token.tsx
+msgid "An organisation wants to create an account for you. Please review the details below."
+msgstr ""
+
+#: apps/remix/app/routes/_unauthenticated+/organisation.sso.confirmation.$token.tsx
+msgid "An organisation wants to link your account. Please review the details below."
+msgstr ""
+
 #: apps/remix/app/components/general/generic-error-layout.tsx
 msgid "An unexpected error occurred."
 msgstr "Ocurrió un error inesperado."
 
+#: apps/remix/app/routes/_unauthenticated+/o.$orgUrl.signin.tsx
 #: apps/remix/app/routes/_authenticated+/admin+/site-settings.tsx
 #: apps/remix/app/components/general/app-command-menu.tsx
 #: apps/remix/app/components/forms/team-update-form.tsx
@@ -1364,37 +1487,48 @@ msgstr "Tokens de API"
 msgid "App Version"
 msgstr "Versión de la Aplicación"
 
+#: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role action verb"
+msgid "Approve"
+msgstr ""
+
 #: apps/remix/app/components/tables/inbox-table.tsx
 #: apps/remix/app/components/tables/documents-table-action-dropdown.tsx
 #: apps/remix/app/components/tables/documents-table-action-button.tsx
 #: apps/remix/app/components/general/document-signing/document-signing-complete-dialog.tsx
 #: apps/remix/app/components/general/document-signing/document-signing-complete-dialog.tsx
 #: apps/remix/app/components/general/document/document-page-view-button.tsx
-#: packages/lib/constants/recipient-roles.ts
 msgid "Approve"
 msgstr "Aprobar"
 
-#: apps/remix/app/components/general/document-signing/document-signing-form.tsx
+#: apps/remix/app/components/general/document-signing/document-signing-page-view.tsx
 #: packages/email/template-components/template-document-invite.tsx
 msgid "Approve Document"
 msgstr "Aprobar Documento"
 
-#: apps/remix/app/components/general/document/document-page-view-recipients.tsx
 #: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role actioned"
+msgid "Approved"
+msgstr ""
+
+#: apps/remix/app/components/general/document/document-page-view-recipients.tsx
 msgid "Approved"
 msgstr "Aprobado"
 
 #: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role name"
 msgid "Approver"
-msgstr "Aprobador"
+msgstr ""
 
 #: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role plural name"
 msgid "Approvers"
-msgstr "Aprobadores"
+msgstr ""
 
 #: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role progressive verb"
 msgid "Approving"
-msgstr "Aprobando"
+msgstr ""
 
 #: apps/remix/app/components/dialogs/assistant-confirmation-dialog.tsx
 msgid "Are you sure you want to complete the document? This action cannot be undone. Please ensure that you have completed prefilling all relevant fields before proceeding."
@@ -1428,6 +1562,7 @@ msgstr "¿Está seguro de que desea eliminar esta organización?"
 msgid "Are you sure you wish to delete this team?"
 msgstr "¿Estás seguro de que deseas eliminar este equipo?"
 
+#: apps/remix/app/routes/_authenticated+/settings+/security.linked-accounts.tsx
 #: apps/remix/app/components/general/teams/team-email-usage.tsx
 #: apps/remix/app/components/dialogs/template-direct-link-dialog.tsx
 #: apps/remix/app/components/dialogs/team-member-delete-dialog.tsx
@@ -1450,10 +1585,11 @@ msgid "Assigned Teams"
 msgstr "Equipos asignados"
 
 #: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role action verb"
 msgid "Assist"
-msgstr "Asistir"
+msgstr ""
 
-#: apps/remix/app/components/general/document-signing/document-signing-form.tsx
+#: apps/remix/app/components/general/document-signing/document-signing-page-view.tsx
 #: packages/email/template-components/template-document-invite.tsx
 msgid "Assist Document"
 msgstr "Asistir Documento"
@@ -1463,29 +1599,36 @@ msgid "Assist with signing"
 msgstr "Asistir con la firma"
 
 #: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role name"
 msgid "Assistant"
-msgstr "Asistente"
+msgstr ""
 
 #: packages/ui/components/recipient/recipient-role-select.tsx
 msgid "Assistant role is only available when the document is in sequential signing mode."
 msgstr "El rol de asistente solo está disponible cuando el documento está en modo de firma secuencial."
 
 #: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role plural name"
 msgid "Assistants"
-msgstr "Asistentes"
+msgstr ""
 
 #: apps/remix/app/components/embed/multisign/multi-sign-document-list.tsx
 msgid "Assistants and Copy roles are currently not compatible with the multi-sign experience."
 msgstr "Los roles de asistentes y copias actualmente no son compatibles con la experiencia de firmar múltiple."
 
-#: apps/remix/app/components/general/document/document-page-view-recipients.tsx
 #: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role actioned"
+msgid "Assisted"
+msgstr ""
+
+#: apps/remix/app/components/general/document/document-page-view-recipients.tsx
 msgid "Assisted"
 msgstr "Asistido"
 
 #: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role progressive verb"
 msgid "Assisting"
-msgstr "Asistiendo"
+msgstr ""
 
 #: apps/remix/app/components/forms/document-preferences-form.tsx
 #: packages/ui/primitives/template-flow/add-template-settings.types.tsx
@@ -1510,6 +1653,10 @@ msgstr "Registros de Auditoría"
 msgid "Authentication Level"
 msgstr "Nivel de Autenticación"
 
+#: apps/remix/app/routes/_unauthenticated+/o.$orgUrl.signin.tsx
+msgid "Authentication Portal Not Found"
+msgstr ""
+
 #: apps/remix/app/components/general/document-signing/document-signing-auth-page.tsx
 #: apps/remix/app/components/general/direct-template/direct-template-signing-auth-page.tsx
 msgid "Authentication required"
@@ -1640,6 +1787,11 @@ msgstr "Envío Masivo vía CSV"
 msgid "by <0>{senderName}</0>"
 msgstr "por <0>{senderName}</0>"
 
+#. placeholder {0}: organisation.name
+#: apps/remix/app/routes/_unauthenticated+/organisation.sso.confirmation.$token.tsx
+msgid "By accepting this request, you grant {0} the following permissions:"
+msgstr ""
+
 #: packages/email/templates/confirm-team-email.tsx
 msgid "By accepting this request, you will be granting <0>{teamName}</0> access to:"
 msgstr "Al aceptar esta solicitud, estarás concediendo a <0>{teamName}</0> acceso a:"
@@ -1672,6 +1824,7 @@ msgstr "Al utilizar la función de firma electrónica, usted está consintiendo
 msgid "Can prepare"
 msgstr "Puede preparar"
 
+#: apps/remix/app/routes/_authenticated+/settings+/security.linked-accounts.tsx
 #: apps/remix/app/components/tables/settings-security-passkey-table-actions.tsx
 #: apps/remix/app/components/tables/settings-security-passkey-table-actions.tsx
 #: apps/remix/app/components/general/teams/team-email-usage.tsx
@@ -1763,21 +1916,29 @@ msgid "Cannot remove signer"
 msgstr "No se puede eliminar el firmante"
 
 #: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role name"
 msgid "Cc"
-msgstr "Copia visible"
+msgstr ""
 
 #: packages/lib/constants/recipient-roles.ts
-#: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role action verb"
 msgid "CC"
-msgstr "COPIA VISIBLE"
+msgstr ""
 
 #: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role progressive verb"
+msgid "CC"
+msgstr ""
+
+#: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role actioned"
 msgid "CC'd"
-msgstr "Con copia"
+msgstr ""
 
 #: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role plural name"
 msgid "Ccers"
-msgstr "Firmantes"
+msgstr ""
 
 #: packages/ui/primitives/document-flow/field-items-advanced-settings/text-field.tsx
 msgid "Character Limit"
@@ -1872,10 +2033,27 @@ msgstr "Haga clic para copiar el enlace de firma para enviar al destinatario"
 msgid "Click to insert field"
 msgstr "Haga clic para insertar campo"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "Client ID"
+msgstr ""
+
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "Client ID is required"
+msgstr ""
+
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "Client Secret"
+msgstr ""
+
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "Client secret is required"
+msgstr ""
+
 #: apps/remix/app/components/general/billing-plans.tsx
 #: apps/remix/app/components/general/document-signing/document-signing-auth-passkey.tsx
 #: apps/remix/app/components/general/document-signing/document-signing-auth-2fa.tsx
 #: apps/remix/app/components/general/document/document-recipient-link-copy-dialog.tsx
+#: apps/remix/app/components/forms/support-ticket-form.tsx
 #: apps/remix/app/components/forms/2fa/view-recovery-codes-dialog.tsx
 #: apps/remix/app/components/forms/2fa/enable-authenticator-app-dialog.tsx
 #: apps/remix/app/components/dialogs/template-use-dialog.tsx
@@ -1902,6 +2080,8 @@ msgstr "Compara todos los planes y características en detalle"
 #: apps/remix/app/components/general/document-signing/document-signing-complete-dialog.tsx
 #: apps/remix/app/components/forms/signup.tsx
 #: apps/remix/app/components/embed/embed-document-signing-page.tsx
+#: apps/remix/app/components/embed/embed-document-signing-page.tsx
+#: apps/remix/app/components/embed/embed-direct-template-client-page.tsx
 #: apps/remix/app/components/embed/embed-direct-template-client-page.tsx
 #: apps/remix/app/components/embed/multisign/multi-sign-document-signing-view.tsx
 msgid "Complete"
@@ -1923,9 +2103,9 @@ msgstr "Documento Completo"
 msgid "Complete Signing"
 msgstr "Completar Firmado"
 
-#: apps/remix/app/components/general/document-signing/document-signing-form.tsx
-msgid "Complete the fields for the following signers. Once reviewed, they will inform you if any modifications are needed."
-msgstr "Completa los campos para los siguientes firmantes. Una vez revisados, te informarán si se necesitan modificaciones."
+#: apps/remix/app/components/general/document-signing/document-signing-page-view.tsx
+msgid "Complete the fields for the following signers."
+msgstr ""
 
 #: apps/remix/app/components/general/document-signing/document-signing-complete-dialog.tsx
 #: apps/remix/app/components/general/document-signing/document-signing-complete-dialog.tsx
@@ -2045,6 +2225,7 @@ msgstr "Confirmar Eliminación"
 msgid "Confirm email"
 msgstr "Confirmar correo electrónico"
 
+#: apps/remix/app/routes/_unauthenticated+/o.$orgUrl.signin.tsx
 #: apps/remix/app/components/forms/send-confirmation-email.tsx
 msgid "Confirmation email sent"
 msgstr "Correo electrónico de confirmación enviado"
@@ -2061,6 +2242,10 @@ msgstr "Información de Contacto"
 msgid "Contact sales here"
 msgstr "Contactar ventas aquí"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.support.tsx
+msgid "Contact us"
+msgstr ""
+
 #: apps/remix/app/routes/_authenticated+/admin+/site-settings.tsx
 msgid "Content"
 msgstr "Contenido"
@@ -2141,6 +2326,8 @@ msgstr "Controla qué firmas están permitidas al firmar un documento."
 msgid "Copied"
 msgstr "Copiado"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
 #: apps/remix/app/components/tables/settings-public-profile-templates-table.tsx
 #: apps/remix/app/components/general/avatar-with-recipient.tsx
 #: apps/remix/app/components/general/template/template-direct-link-badge.tsx
@@ -2182,6 +2369,11 @@ msgstr "Copiar enlaces de firma"
 msgid "Copy token"
 msgstr "Copiar token"
 
+#: apps/remix/app/components/general/template/template-drop-zone-wrapper.tsx
+#: apps/remix/app/components/general/document/document-drop-zone-wrapper.tsx
+msgid "couldn't be uploaded:"
+msgstr ""
+
 #: apps/remix/app/routes/_profile+/_layout.tsx
 #: apps/remix/app/components/dialogs/webhook-create-dialog.tsx
 #: apps/remix/app/components/dialogs/organisation-group-create-dialog.tsx
@@ -2208,6 +2400,10 @@ msgstr "Crea una nueva dirección de correo electrónico para tu organización u
 msgid "Create a new organisation with {planName} plan. Keep your current organisation on it's current plan"
 msgstr "Crea una nueva organización con el plan {planName}. Mantén tu organización actual en su plan actual"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.support.tsx
+msgid "Create a support ticket"
+msgstr ""
+
 #: apps/remix/app/components/dialogs/team-create-dialog.tsx
 msgid "Create a team to collaborate with your team members."
 msgstr "Crea un equipo para colaborar con los miembros de tu equipo."
@@ -2466,6 +2662,7 @@ msgstr "Fecha de creación"
 msgid "Date Format"
 msgstr "Formato de fecha"
 
+#: apps/remix/app/routes/_unauthenticated+/organisation.sso.confirmation.$token.tsx
 #: apps/remix/app/components/general/organisations/organisation-invitations.tsx
 #: packages/email/templates/organisation-invite.tsx
 msgid "Decline"
@@ -2491,6 +2688,10 @@ msgstr "Correo predeterminado"
 msgid "Default Email Settings"
 msgstr "Configuración de correo predeterminada"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "Default Organisation Role for New Users"
+msgstr ""
+
 #: apps/remix/app/components/forms/document-preferences-form.tsx
 msgid "Default Signature Settings"
 msgstr "Configuraciones de Firma por Defecto"
@@ -2752,6 +2953,10 @@ msgstr "Deshabilitar la firma de enlace directo evitará que cualquiera acceda a
 msgid "Disabling the user results in the user not being able to use the account. It also disables all the related contents such as subscription, webhooks, teams, and API keys."
 msgstr "Deshabilitar al usuario implica que no podrá usar la cuenta. También desactiva todos los contenidos relacionados como suscripciones, webhooks, equipos y claves API."
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.support.tsx
+msgid "Discord"
+msgstr ""
+
 #: apps/remix/app/components/dialogs/organisation-email-update-dialog.tsx
 #: apps/remix/app/components/dialogs/organisation-email-create-dialog.tsx
 msgid "Display Name"
@@ -2820,8 +3025,9 @@ msgid "Document access"
 msgstr "Acceso al documento"
 
 #: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
 msgid "Document access auth updated"
-msgstr "Se actualizó la autenticación de acceso al documento"
+msgstr ""
 
 #: apps/remix/app/components/general/document/document-status.tsx
 msgid "Document All"
@@ -2837,9 +3043,13 @@ msgstr "Documento Aprobado"
 msgid "Document Cancelled"
 msgstr "Documento cancelado"
 
+#: packages/lib/utils/document-audit-logs.ts
+#: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
+msgid "Document completed"
+msgstr ""
+
 #: apps/remix/app/components/general/document/document-status.tsx
-#: packages/lib/utils/document-audit-logs.ts
-#: packages/lib/utils/document-audit-logs.ts
 msgid "Document completed"
 msgstr "Documento completado"
 
@@ -2852,8 +3062,12 @@ msgstr "Correo electrónico de documento completado"
 msgid "Document Completed!"
 msgstr "¡Documento completado!"
 
-#: apps/remix/app/components/dialogs/template-use-dialog.tsx
 #: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
+msgid "Document created"
+msgstr ""
+
+#: apps/remix/app/components/dialogs/template-use-dialog.tsx
 msgid "Document created"
 msgstr "Documento creado"
 
@@ -2879,10 +3093,14 @@ msgstr "Documento creado usando un <0>enlace directo</0>"
 msgid "Document Creation"
 msgstr "Creación de documento"
 
+#: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
+msgid "Document deleted"
+msgstr ""
+
 #: apps/remix/app/routes/_authenticated+/t.$teamUrl+/documents.$id._index.tsx
 #: apps/remix/app/components/dialogs/document-delete-dialog.tsx
 #: apps/remix/app/components/dialogs/admin-document-delete-dialog.tsx
-#: packages/lib/utils/document-audit-logs.ts
 msgid "Document deleted"
 msgstr "Documento eliminado"
 
@@ -2908,8 +3126,9 @@ msgid "Document Duplicated"
 msgstr "Documento duplicado"
 
 #: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
 msgid "Document external ID updated"
-msgstr "ID externo del documento actualizado"
+msgstr ""
 
 #: apps/remix/app/components/general/document/document-certificate-qr-view.tsx
 msgid "Document found in your account"
@@ -2945,16 +3164,18 @@ msgid "Document moved"
 msgstr "Documento movido"
 
 #: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
 msgid "Document moved to team"
-msgstr "Documento movido al equipo"
+msgstr ""
 
 #: apps/remix/app/routes/_recipient+/sign.$token+/complete.tsx
 msgid "Document no longer available to sign"
 msgstr "El documento ya no está disponible para firmar"
 
 #: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
 msgid "Document opened"
-msgstr "Documento abierto"
+msgstr ""
 
 #: apps/remix/app/components/general/document/document-status.tsx
 msgid "Document pending"
@@ -2993,8 +3214,12 @@ msgstr "Documento Rechazado"
 msgid "Document resealed"
 msgstr "Documento sellado nuevamente"
 
-#: apps/remix/app/components/general/document/document-edit-form.tsx
 #: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
+msgid "Document sent"
+msgstr ""
+
+#: apps/remix/app/components/general/document/document-edit-form.tsx
 msgid "Document sent"
 msgstr "Documento enviado"
 
@@ -3003,8 +3228,9 @@ msgid "Document Signed"
 msgstr "Documento firmado"
 
 #: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
 msgid "Document signing auth updated"
-msgstr "Se actualizó la autenticación de firma del documento"
+msgstr ""
 
 #: apps/remix/app/components/dialogs/document-delete-dialog.tsx
 msgid "Document signing process will be cancelled"
@@ -3019,12 +3245,14 @@ msgid "Document title"
 msgstr "Título del documento"
 
 #: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
 msgid "Document title updated"
-msgstr "Título del documento actualizado"
+msgstr ""
 
 #: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
 msgid "Document updated"
-msgstr "Documento actualizado"
+msgstr ""
 
 #: apps/remix/app/routes/embed+/v1+/authoring+/document.edit.$id.tsx
 msgid "Document updated successfully"
@@ -3040,21 +3268,27 @@ msgid "Document uploaded"
 msgstr "Documento subido"
 
 #: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
 msgid "Document viewed"
-msgstr "Documento visto"
+msgstr ""
 
 #: apps/remix/app/routes/_recipient+/sign.$token+/complete.tsx
 msgid "Document Viewed"
 msgstr "Documento visto"
 
 #: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
 msgid "Document visibility updated"
-msgstr "Visibilidad del documento actualizada"
+msgstr ""
 
 #: apps/remix/app/components/dialogs/document-delete-dialog.tsx
 msgid "Document will be permanently deleted"
 msgstr "El documento será eliminado permanentemente"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.support.tsx
+msgid "Documentation"
+msgstr ""
+
 #: apps/remix/app/routes/_profile+/p.$url.tsx
 #: apps/remix/app/routes/_authenticated+/t.$teamUrl+/documents._index.tsx
 #: apps/remix/app/routes/_authenticated+/t.$teamUrl+/documents.$id.edit.tsx
@@ -3165,6 +3399,11 @@ msgid "Drag and drop your PDF file here"
 msgstr "Arrastra y suelta tu archivo PDF aquí"
 
 #: packages/lib/constants/document.ts
+msgctxt "Draw signatute type"
+msgid "Draw"
+msgstr ""
+
+#: packages/ui/primitives/signature-pad/signature-pad.tsx
 msgid "Draw"
 msgstr "Dibujar"
 
@@ -3411,6 +3650,10 @@ msgstr "Habilitar firma de enlace directo"
 msgid "Enable signing order"
 msgstr "Habilitar orden de firma"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "Enable SSO portal"
+msgstr ""
+
 #: apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.webhooks._index.tsx
 #: apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.webhooks.$id.tsx
 #: apps/remix/app/routes/_authenticated+/admin+/site-settings.tsx
@@ -3475,13 +3718,18 @@ msgstr "Enterprise"
 #: apps/remix/app/routes/embed+/v1+/authoring+/document.edit.$id.tsx
 #: apps/remix/app/routes/embed+/v1+/authoring+/document.edit.$id.tsx
 #: apps/remix/app/routes/_authenticated+/settings+/security.sessions.tsx
+#: apps/remix/app/routes/_authenticated+/settings+/security.linked-accounts.tsx
 #: apps/remix/app/routes/_authenticated+/admin+/users.$id.tsx
 #: apps/remix/app/routes/_authenticated+/admin+/organisations.$id.tsx
+#: apps/remix/app/routes/_authenticated+/admin+/organisations.$id.tsx
 #: apps/remix/app/routes/_authenticated+/admin+/documents.$id.tsx
 #: apps/remix/app/components/general/verify-email-banner.tsx
 #: apps/remix/app/components/general/template/template-edit-form.tsx
 #: apps/remix/app/components/general/template/template-edit-form.tsx
 #: apps/remix/app/components/general/template/template-edit-form.tsx
+#: apps/remix/app/components/general/template/template-edit-form.tsx
+#: apps/remix/app/components/general/template/template-edit-form.tsx
+#: apps/remix/app/components/general/template/template-edit-form.tsx
 #: apps/remix/app/components/general/document-signing/document-signing-text-field.tsx
 #: apps/remix/app/components/general/document-signing/document-signing-text-field.tsx
 #: apps/remix/app/components/general/document-signing/document-signing-signature-field.tsx
@@ -3510,6 +3758,10 @@ msgstr "Enterprise"
 #: apps/remix/app/components/general/document/document-edit-form.tsx
 #: apps/remix/app/components/general/document/document-edit-form.tsx
 #: apps/remix/app/components/general/document/document-edit-form.tsx
+#: apps/remix/app/components/general/document/document-edit-form.tsx
+#: apps/remix/app/components/general/document/document-edit-form.tsx
+#: apps/remix/app/components/general/document/document-edit-form.tsx
+#: apps/remix/app/components/general/document/document-edit-form.tsx
 #: apps/remix/app/components/general/document/document-drop-zone-wrapper.tsx
 #: apps/remix/app/components/embed/multisign/multi-sign-document-signing-view.tsx
 #: apps/remix/app/components/dialogs/webhook-create-dialog.tsx
@@ -3521,6 +3773,7 @@ msgstr "Enterprise"
 #: apps/remix/app/components/dialogs/document-move-to-folder-dialog.tsx
 #: apps/remix/app/components/dialogs/document-move-to-folder-dialog.tsx
 #: apps/remix/app/components/dialogs/document-move-to-folder-dialog.tsx
+#: apps/remix/app/components/dialogs/admin-user-reset-two-factor-dialog.tsx
 #: apps/remix/app/components/dialogs/admin-user-enable-dialog.tsx
 #: apps/remix/app/components/dialogs/admin-user-disable-dialog.tsx
 #: apps/remix/app/components/dialogs/admin-user-delete-dialog.tsx
@@ -3579,6 +3832,10 @@ msgstr "No se pudo crear la carpeta"
 msgid "Failed to create subscription claim."
 msgstr "Error al crear reclamación de suscripción."
 
+#: apps/remix/app/components/forms/support-ticket-form.tsx
+msgid "Failed to create support ticket"
+msgstr ""
+
 #: apps/remix/app/components/dialogs/folder-delete-dialog.tsx
 msgid "Failed to delete folder"
 msgstr "Error al eliminar la carpeta"
@@ -3611,6 +3868,10 @@ msgstr "Fallo al guardar configuraciones."
 msgid "Failed to sign out all sessions"
 msgstr "Error al cerrar sesión en todas las sesiones"
 
+#: apps/remix/app/routes/_authenticated+/settings+/security.linked-accounts.tsx
+msgid "Failed to unlink account"
+msgstr ""
+
 #: apps/remix/app/routes/embed+/v1+/authoring+/document.edit.$id.tsx
 msgid "Failed to update document"
 msgstr "No se pudo actualizar el documento"
@@ -3669,16 +3930,19 @@ msgid "Field placeholder"
 msgstr "Marcador de posición de campo"
 
 #: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
 msgid "Field prefilled by assistant"
-msgstr "Campo rellenado por el asistente"
+msgstr ""
 
 #: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
 msgid "Field signed"
-msgstr "Campo firmado"
+msgstr ""
 
 #: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
 msgid "Field unsigned"
-msgstr "Campo no firmado"
+msgstr ""
 
 #: apps/remix/app/components/tables/admin-document-recipient-item-table.tsx
 msgid "Fields"
@@ -3688,13 +3952,21 @@ msgstr "Campos"
 msgid "Fields updated"
 msgstr "Campos actualizados"
 
-#: apps/remix/app/components/general/template/template-drop-zone-wrapper.tsx
 #: apps/remix/app/components/general/document/document-upload.tsx
-#: apps/remix/app/components/general/document/document-drop-zone-wrapper.tsx
 #: apps/remix/app/components/embed/authoring/configure-document-upload.tsx
 msgid "File cannot be larger than {APP_DOCUMENT_UPLOAD_SIZE_LIMIT}MB"
 msgstr "El archivo no puede ser mayor a {APP_DOCUMENT_UPLOAD_SIZE_LIMIT}MB"
 
+#: apps/remix/app/components/general/template/template-drop-zone-wrapper.tsx
+#: apps/remix/app/components/general/document/document-drop-zone-wrapper.tsx
+msgid "File is larger than {APP_DOCUMENT_UPLOAD_SIZE_LIMIT}MB"
+msgstr ""
+
+#: apps/remix/app/components/general/template/template-drop-zone-wrapper.tsx
+#: apps/remix/app/components/general/document/document-drop-zone-wrapper.tsx
+msgid "File is too small"
+msgstr ""
+
 #: apps/remix/app/components/dialogs/template-use-dialog.tsx
 msgid "File size exceeds the limit of {APP_DOCUMENT_UPLOAD_SIZE_LIMIT} MB"
 msgstr "El tamaño del archivo excede el límite de {APP_DOCUMENT_UPLOAD_SIZE_LIMIT} MB"
@@ -3810,6 +4082,7 @@ msgstr "Generar enlaces"
 msgid "Global recipient action authentication"
 msgstr "Autenticación de acción de destinatario global"
 
+#: apps/remix/app/routes/_unauthenticated+/o.$orgUrl.signin.tsx
 #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.groups.$id.tsx
 #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.email-domains.$id.tsx
 #: apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.webhooks.$id.tsx
@@ -4000,6 +4273,10 @@ msgstr "Inicio (Sin Carpeta)"
 msgid "Horizontal"
 msgstr "Horizontal"
 
+#: apps/remix/app/routes/_unauthenticated+/organisation.sso.confirmation.$token.tsx
+msgid "I agree to link my account with this organization"
+msgstr ""
+
 #: packages/lib/constants/recipient-roles.ts
 msgid "I am a signer of this document"
 msgstr "Soy un firmante de este documento"
@@ -4024,6 +4301,10 @@ msgstr "Se me requiere recibir una copia de este documento"
 msgid "I am the owner of this document"
 msgstr "Soy el propietario de este documento"
 
+#: apps/remix/app/routes/_unauthenticated+/o.$orgUrl.signin.tsx
+msgid "I understand that I am providing my credentials to a 3rd party service configured by this organisation"
+msgstr ""
+
 #: apps/remix/app/components/dialogs/webhook-delete-dialog.tsx
 #: apps/remix/app/components/dialogs/token-delete-dialog.tsx
 msgid "I'm sure! Delete it"
@@ -4053,6 +4334,10 @@ msgstr "Si no encuentras el enlace de confirmación en tu bandeja de entrada, pu
 msgid "If your authenticator app does not support QR codes, you can use the following code instead:"
 msgstr "Si tu aplicación de autenticación no admite códigos QR, puedes usar el siguiente código en su lugar:"
 
+#: apps/remix/app/routes/_unauthenticated+/organisation.sso.confirmation.$token.tsx
+msgid "Important: What This Means"
+msgstr ""
+
 #: apps/remix/app/components/general/app-nav-mobile.tsx
 #: apps/remix/app/components/general/app-nav-mobile.tsx
 #: apps/remix/app/components/general/document/document-status.tsx
@@ -4120,6 +4405,10 @@ msgstr "Estadísticas de instancia"
 msgid "Invalid code. Please try again."
 msgstr "Código inválido. Por favor, intenta nuevamente."
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "Invalid domains"
+msgstr ""
+
 #: packages/ui/primitives/document-flow/add-signers.types.ts
 msgid "Invalid email"
 msgstr "Email inválido"
@@ -4133,6 +4422,10 @@ msgstr "Enlace inválido"
 msgid "Invalid token"
 msgstr "Token inválido"
 
+#: apps/remix/app/routes/_unauthenticated+/organisation.sso.confirmation.$token.tsx
+msgid "Invalid Token"
+msgstr ""
+
 #: apps/remix/app/components/forms/reset-password.tsx
 msgid "Invalid token provided. Please try again."
 msgstr "Token inválido proporcionado. Por favor, inténtelo nuevamente."
@@ -4192,6 +4485,10 @@ msgstr "Factura"
 msgid "IP Address"
 msgstr "Dirección IP"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "Issuer URL"
+msgstr ""
+
 #: apps/remix/app/routes/_unauthenticated+/articles.signature-disclosure.tsx
 msgid "It is crucial to keep your contact information, especially your email address, up to date with us. Please notify us immediately of any changes to ensure that you continue to receive all necessary communications."
 msgstr "Es crucial mantener su información de contacto, especialmente su dirección de correo electrónico, actual con nosotros. Por favor, notifíquenos inmediatamente sobre cualquier cambio para asegurarse de seguir recibiendo todas las comunicaciones necesarias."
@@ -4225,6 +4522,10 @@ msgstr "Actualmente no es tu turno para firmar. Recibirás un correo electrónic
 msgid "Join {organisationName} on Documenso"
 msgstr "Únete a {organisationName} en Documenso"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.support.tsx
+msgid "Join our community on <0>Discord</0> for community support and discussion."
+msgstr ""
+
 #. placeholder {0}: DateTime.fromJSDate(team.createdAt).toRelative({ style: 'short' })
 #: apps/remix/app/routes/_authenticated+/dashboard.tsx
 msgid "Joined {0}"
@@ -4319,10 +4620,27 @@ msgstr "¿Te gustaría tener tu propio perfil público con acuerdos?"
 msgid "Link expires in 1 hour."
 msgstr "El enlace expira en 1 hora."
 
+#: packages/email/templates/organisation-account-link-confirmation.tsx
+msgid "Link expires in 30 minutes."
+msgstr ""
+
 #: apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.public-profile.tsx
 msgid "Link template"
 msgstr "Enlace de plantilla"
 
+#: packages/email/templates/organisation-account-link-confirmation.tsx
+msgid "Link your Documenso account"
+msgstr ""
+
+#: apps/remix/app/routes/_authenticated+/settings+/security.linked-accounts.tsx
+#: apps/remix/app/routes/_authenticated+/settings+/security._index.tsx
+msgid "Linked Accounts"
+msgstr ""
+
+#: apps/remix/app/routes/_authenticated+/settings+/security.linked-accounts.tsx
+msgid "Linked At"
+msgstr ""
+
 #: apps/remix/app/components/general/document/document-edit-form.tsx
 msgid "Links Generated"
 msgstr "Enlaces generados"
@@ -4347,6 +4665,10 @@ msgstr "Cargando documento..."
 msgid "Loading Document..."
 msgstr "Cargando Documento..."
 
+#: packages/ui/components/recipient/recipient-autocomplete-input.tsx
+msgid "Loading suggestions..."
+msgstr ""
+
 #: apps/remix/app/components/general/document/document-page-view-recent-activity.tsx
 msgid "Loading..."
 msgstr "Cargando..."
@@ -4372,6 +4694,10 @@ msgstr "Gestionar"
 msgid "Manage {0}'s profile"
 msgstr "Gestionar el perfil de {0}"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "Manage a custom SSO login portal for your organisation."
+msgstr ""
+
 #: apps/remix/app/routes/_authenticated+/settings+/organisations.tsx
 msgid "Manage all organisations you are currently associated with."
 msgstr "Gestiona todas las organizaciones con las que estás actualmente asociado."
@@ -4404,6 +4730,10 @@ msgstr "Gestionar enlace directo"
 msgid "Manage documents"
 msgstr "Gestionar documentos"
 
+#: apps/remix/app/routes/_authenticated+/settings+/security._index.tsx
+msgid "Manage linked accounts"
+msgstr ""
+
 #: apps/remix/app/routes/_authenticated+/admin+/organisations.$id.tsx
 msgid "Manage organisation"
 msgstr "Administrar organización"
@@ -4539,6 +4869,10 @@ msgstr "Miembro"
 msgid "Member Count"
 msgstr "Conteo de Miembros"
 
+#: apps/remix/app/routes/_authenticated+/admin+/organisations.$id.tsx
+msgid "Member promoted to owner successfully"
+msgstr ""
+
 #: apps/remix/app/components/tables/organisation-members-table.tsx
 msgid "Member Since"
 msgstr "Miembro desde"
@@ -4554,6 +4888,7 @@ msgstr "Miembro desde"
 msgid "Members"
 msgstr "Miembros"
 
+#: apps/remix/app/components/forms/support-ticket-form.tsx
 #: packages/ui/primitives/template-flow/add-template-settings.tsx
 #: packages/ui/primitives/document-flow/add-subject.tsx
 msgid "Message"
@@ -4789,6 +5124,10 @@ msgstr "No se encontró campo de firma"
 msgid "No Stripe customer attached"
 msgstr "No hay cliente de Stripe adjunto"
 
+#: packages/ui/components/recipient/recipient-autocomplete-input.tsx
+msgid "No suggestions found"
+msgstr ""
+
 #: apps/remix/app/components/tables/team-groups-table.tsx
 msgid "No team groups found"
 msgstr "No se encontraron grupos de equipo"
@@ -4919,6 +5258,16 @@ msgstr "Solo los administradores pueden acceder y ver el documento"
 msgid "Only managers and above can access and view the document"
 msgstr "Solo los gerentes y superiores pueden acceder y ver el documento"
 
+#: apps/remix/app/components/general/template/template-drop-zone-wrapper.tsx
+#: apps/remix/app/components/general/document/document-drop-zone-wrapper.tsx
+msgid "Only one file can be uploaded at a time"
+msgstr ""
+
+#: apps/remix/app/components/general/template/template-drop-zone-wrapper.tsx
+#: apps/remix/app/components/general/document/document-drop-zone-wrapper.tsx
+msgid "Only PDF files are allowed"
+msgstr ""
+
 #: apps/remix/app/routes/_profile+/_layout.tsx
 #: apps/remix/app/components/general/generic-error-layout.tsx
 #: apps/remix/app/components/general/generic-error-layout.tsx
@@ -4934,10 +5283,15 @@ msgstr "Abierto"
 msgid "Or"
 msgstr "O"
 
+#: apps/remix/app/routes/_unauthenticated+/o.$orgUrl.signin.tsx
+msgid "OR"
+msgstr ""
+
 #: apps/remix/app/components/forms/signin.tsx
 msgid "Or continue with"
 msgstr "O continúa con"
 
+#: apps/remix/app/routes/_unauthenticated+/organisation.sso.confirmation.$token.tsx
 #: apps/remix/app/components/tables/user-organisations-table.tsx
 #: apps/remix/app/components/tables/admin-organisations-table.tsx
 msgid "Organisation"
@@ -4947,6 +5301,10 @@ msgstr "Organización"
 msgid "Organisation Admin"
 msgstr "Administrador de Organización"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "Organisation authentication portal URL"
+msgstr ""
+
 #: apps/remix/app/components/dialogs/admin-organisation-create-dialog.tsx
 msgid "Organisation created"
 msgstr "Organización creada"
@@ -5017,6 +5375,10 @@ msgstr "Ajustes de organización"
 msgid "Organisation Settings"
 msgstr "Configuraciones de la Organización"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "Organisation SSO Portal"
+msgstr ""
+
 #: apps/remix/app/routes/_authenticated+/admin+/organisations.$id.tsx
 msgid "Organisation Teams"
 msgstr "Equipos de Organización"
@@ -5309,9 +5671,13 @@ msgstr "Por favor, ingresa un nombre significativo para tu token. Esto te ayudar
 msgid "Please enter a valid name."
 msgstr "Por favor, introduce un nombre válido."
 
-#: apps/remix/app/components/general/document-signing/document-signing-form.tsx
-msgid "Please mark as viewed to complete"
-msgstr "Por favor, marca como visto para completar"
+#: apps/remix/app/components/general/document-signing/document-signing-page-view.tsx
+msgid "Please mark as viewed to complete."
+msgstr ""
+
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "Please note that anyone who signs in through your portal will be added to your organisation as a member."
+msgstr ""
 
 #: apps/remix/app/components/dialogs/template-direct-link-dialog.tsx
 msgid "Please note that proceeding will remove direct linking recipient and turn it into a placeholder."
@@ -5349,11 +5715,11 @@ msgstr "Por favor, proporciona un token del autenticador o un código de respald
 msgid "Please provide a token from your authenticator, or a backup code."
 msgstr "Por favor, proporciona un token de tu autenticador, o un código de respaldo."
 
-#: apps/remix/app/components/general/document-signing/document-signing-form.tsx
+#: apps/remix/app/components/general/document-signing/document-signing-page-view.tsx
 msgid "Please review the document before approving."
 msgstr "Por favor, revise el documento antes de aprobarlo."
 
-#: apps/remix/app/components/general/document-signing/document-signing-form.tsx
+#: apps/remix/app/components/general/document-signing/document-signing-page-view.tsx
 msgid "Please review the document before signing."
 msgstr "Por favor, revise el documento antes de firmar."
 
@@ -5449,6 +5815,18 @@ msgstr "Perfil actualizado"
 msgid "Progress"
 msgstr "Progreso"
 
+#: apps/remix/app/routes/_authenticated+/admin+/organisations.$id.tsx
+msgid "Promote to owner"
+msgstr ""
+
+#: apps/remix/app/routes/_authenticated+/settings+/security.linked-accounts.tsx
+msgid "Provider"
+msgstr ""
+
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "Provider has been updated successfully"
+msgstr ""
+
 #: apps/remix/app/components/tables/templates-table.tsx
 #: apps/remix/app/components/general/template/template-type.tsx
 msgid "Public"
@@ -5485,6 +5863,10 @@ msgstr "Valores de radio"
 msgid "Read only"
 msgstr "Solo lectura"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.support.tsx
+msgid "Read our documentation to get started with Documenso."
+msgstr ""
+
 #: apps/remix/app/components/general/document-signing/document-signing-disclosure.tsx
 msgid "Read the full <0>signature disclosure</0>."
 msgstr "Lea la <0>divulgación de firma</0> completa."
@@ -5601,6 +5983,10 @@ msgstr "Códigos de recuperación"
 msgid "Red"
 msgstr "Rojo"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "Redirect URI"
+msgstr ""
+
 #: apps/remix/app/components/embed/authoring/configure-document-advanced-settings.tsx
 #: packages/ui/primitives/template-flow/add-template-settings.tsx
 #: packages/ui/primitives/document-flow/add-settings.tsx
@@ -5714,6 +6100,10 @@ msgstr "Responder al correo"
 msgid "Reply To Email"
 msgstr "Responder al correo"
 
+#: apps/remix/app/routes/_unauthenticated+/organisation.sso.confirmation.$token.tsx
+msgid "Requesting Organisation"
+msgstr ""
+
 #: packages/ui/primitives/document-flow/field-items-advanced-settings/text-field.tsx
 #: packages/ui/primitives/document-flow/field-items-advanced-settings/radio-field.tsx
 #: packages/ui/primitives/document-flow/field-items-advanced-settings/number-field.tsx
@@ -5722,6 +6112,10 @@ msgstr "Responder al correo"
 msgid "Required field"
 msgstr "Campo obligatorio"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "Required scopes"
+msgstr ""
+
 #: apps/remix/app/routes/_authenticated+/admin+/documents.$id.tsx
 msgid "Reseal document"
 msgstr "Re-sellar documento"
@@ -5746,6 +6140,11 @@ msgstr "Reenviar verificación"
 msgid "Reset"
 msgstr "Restablecer"
 
+#: apps/remix/app/components/dialogs/admin-user-reset-two-factor-dialog.tsx
+#: apps/remix/app/components/dialogs/admin-user-reset-two-factor-dialog.tsx
+msgid "Reset 2FA"
+msgstr ""
+
 #: apps/remix/app/components/forms/forgot-password.tsx
 msgid "Reset email sent"
 msgstr "Correo de restablecimiento enviado"
@@ -5757,6 +6156,14 @@ msgstr "Correo de restablecimiento enviado"
 msgid "Reset Password"
 msgstr "Restablecer contraseña"
 
+#: apps/remix/app/components/dialogs/admin-user-reset-two-factor-dialog.tsx
+msgid "Reset the users two factor authentication. This action is irreversible and will disable two factor authentication for the user."
+msgstr ""
+
+#: apps/remix/app/components/dialogs/admin-user-reset-two-factor-dialog.tsx
+msgid "Reset Two Factor Authentication"
+msgstr ""
+
 #: apps/remix/app/components/forms/reset-password.tsx
 msgid "Resetting Password..."
 msgstr "Restableciendo contraseña..."
@@ -5788,9 +6195,14 @@ msgstr "Reintentar"
 #: apps/remix/app/routes/_unauthenticated+/team.verify.email.$token.tsx
 #: apps/remix/app/routes/_unauthenticated+/organisation.invite.$token.tsx
 #: apps/remix/app/routes/_unauthenticated+/organisation.decline.$token.tsx
+#: apps/remix/app/routes/_unauthenticated+/o.$orgUrl.signin.tsx
 msgid "Return"
 msgstr "Regresar"
 
+#: apps/remix/app/routes/_unauthenticated+/o.$orgUrl.signin.tsx
+msgid "Return to Documenso sign in page here"
+msgstr ""
+
 #: apps/remix/app/routes/_unauthenticated+/organisation.decline.$token.tsx
 msgid "Return to Home"
 msgstr "Regresar a la página de inicio"
@@ -5800,6 +6212,10 @@ msgstr "Regresar a la página de inicio"
 msgid "Return to sign in"
 msgstr "Regresar para iniciar sesión"
 
+#: packages/email/templates/organisation-account-link-confirmation.tsx
+msgid "Review request"
+msgstr ""
+
 #: apps/remix/app/routes/_authenticated+/settings+/security.sessions.tsx
 #: apps/remix/app/components/general/teams/team-email-usage.tsx
 msgid "Revoke"
@@ -5974,6 +6390,10 @@ msgstr "Seleccionar métodos de autenticación"
 msgid "Select default option"
 msgstr "Seleccionar opción predeterminada"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "Select default role"
+msgstr ""
+
 #: packages/ui/primitives/document-flow/field-items-advanced-settings/checkbox-field.tsx
 msgid "Select direction"
 msgstr "Seleccione dirección"
@@ -6189,6 +6609,11 @@ msgstr "Mostrar configuraciones avanzadas"
 msgid "Show templates in your public profile for your audience to sign and get started quickly"
 msgstr "Mostrar plantillas en tu perfil público para que tu audiencia firme y comience rápidamente"
 
+#: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role action verb"
+msgid "Sign"
+msgstr ""
+
 #: apps/remix/app/routes/_profile+/p.$url.tsx
 #: apps/remix/app/components/tables/inbox-table.tsx
 #: apps/remix/app/components/tables/documents-table-action-dropdown.tsx
@@ -6202,7 +6627,6 @@ msgstr "Mostrar plantillas en tu perfil público para que tu audiencia firme y c
 #: apps/remix/app/components/general/document-signing/document-signing-auth-password.tsx
 #: apps/remix/app/components/general/document-signing/document-signing-auth-2fa.tsx
 #: apps/remix/app/components/general/document/document-page-view-button.tsx
-#: packages/lib/constants/recipient-roles.ts
 msgid "Sign"
 msgstr "Firmar"
 
@@ -6224,7 +6648,7 @@ msgstr "Firmar como<0>{0} <1>({1})</1></0>"
 msgid "Sign document"
 msgstr "Firmar documento"
 
-#: apps/remix/app/components/general/document-signing/document-signing-form.tsx
+#: apps/remix/app/components/general/document-signing/document-signing-page-view.tsx
 #: packages/email/template-components/template-document-invite.tsx
 msgid "Sign Document"
 msgstr "Firmar Documento"
@@ -6242,6 +6666,7 @@ msgstr "Campo de firma"
 msgid "Sign Here"
 msgstr "Firmar aquí"
 
+#: apps/remix/app/routes/_unauthenticated+/o.$orgUrl.signin.tsx
 #: apps/remix/app/components/forms/signin.tsx
 #: apps/remix/app/components/forms/signin.tsx
 #: packages/email/template-components/template-reset-password.tsx
@@ -6249,6 +6674,7 @@ msgid "Sign In"
 msgstr "Iniciar sesión"
 
 #: apps/remix/app/routes/_unauthenticated+/signin.tsx
+#: apps/remix/app/routes/_unauthenticated+/o.$orgUrl.signin.tsx
 #: apps/remix/app/components/general/document-signing/document-signing-auth-dialog.tsx
 msgid "Sign in to your account"
 msgstr "Inicia sesión en tu cuenta"
@@ -6316,32 +6742,35 @@ msgstr "Firmas recolectadas"
 msgid "Signatures will appear once the document has been completed"
 msgstr "Las firmas aparecerán una vez que el documento se haya completado"
 
+#: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role actioned"
+msgid "Signed"
+msgstr ""
+
 #: apps/remix/app/routes/_internal+/[__htmltopdf]+/certificate.tsx
 #: apps/remix/app/components/general/document/document-page-view-recipients.tsx
 #: packages/ui/components/document/document-read-only-fields.tsx
-#: packages/lib/constants/recipient-roles.ts
 msgid "Signed"
 msgstr "Firmado"
 
 #: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role name"
 msgid "Signer"
-msgstr "Firmante"
+msgstr ""
 
 #: apps/remix/app/routes/_internal+/[__htmltopdf]+/certificate.tsx
 msgid "Signer Events"
 msgstr "Eventos del Firmante"
 
 #: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role plural name"
 msgid "Signers"
-msgstr "Firmantes"
-
-#: packages/ui/primitives/document-flow/add-signers.types.ts
-msgid "Signers must have unique emails"
-msgstr "Los firmantes deben tener correos electrónicos únicos"
+msgstr ""
 
 #: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role progressive verb"
 msgid "Signing"
-msgstr "Firmando"
+msgstr ""
 
 #: apps/remix/app/routes/_internal+/[__htmltopdf]+/certificate.tsx
 msgid "Signing Certificate"
@@ -6512,6 +6941,14 @@ msgstr "Lo sentimos, no pudimos descargar el certificado. Por favor, intenta de
 msgid "Source"
 msgstr "Fuente"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "Space-separated list of domains. Leave empty to allow all domains."
+msgstr ""
+
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings._layout.tsx
+msgid "SSO"
+msgstr ""
+
 #: apps/remix/app/routes/_authenticated+/admin+/_layout.tsx
 msgid "Stats"
 msgstr "Estadísticas"
@@ -6543,6 +6980,7 @@ msgstr "Cliente de Stripe creado con éxito"
 msgid "Stripe Customer ID"
 msgstr "ID de Cliente de Stripe"
 
+#: apps/remix/app/components/forms/support-ticket-form.tsx
 #: packages/ui/primitives/document-flow/add-subject.tsx
 msgid "Subject"
 msgstr "Asunto"
@@ -6552,6 +6990,10 @@ msgstr "Asunto"
 msgid "Subject <0>(Optional)</0>"
 msgstr "Asunto <0>(Opcional)</0>"
 
+#: apps/remix/app/components/forms/support-ticket-form.tsx
+msgid "Submit"
+msgstr ""
+
 #: apps/remix/app/components/general/billing-plans.tsx
 #: apps/remix/app/components/general/billing-plans.tsx
 #: apps/remix/app/components/general/billing-plans.tsx
@@ -6585,10 +7027,12 @@ msgstr "Suscripción inválida"
 
 #: apps/remix/app/routes/embed+/v1+/authoring+/template.edit.$id.tsx
 #: apps/remix/app/routes/embed+/v1+/authoring+/document.edit.$id.tsx
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
 #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.groups.$id.tsx
 #: apps/remix/app/routes/_authenticated+/admin+/organisations.$id.tsx
 #: apps/remix/app/routes/_authenticated+/admin+/organisations.$id.tsx
 #: apps/remix/app/routes/_authenticated+/admin+/organisations.$id.tsx
+#: apps/remix/app/routes/_authenticated+/admin+/organisations.$id.tsx
 #: apps/remix/app/routes/_authenticated+/admin+/documents.$id.tsx
 #: apps/remix/app/components/tables/settings-security-passkey-table-actions.tsx
 #: apps/remix/app/components/tables/settings-security-passkey-table-actions.tsx
@@ -6646,6 +7090,15 @@ msgstr "Creado con éxito: {successCount}"
 msgid "Summary:"
 msgstr "Resumen:"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.support.tsx
+#: apps/remix/app/components/general/org-menu-switcher.tsx
+msgid "Support"
+msgstr ""
+
+#: apps/remix/app/components/forms/support-ticket-form.tsx
+msgid "Support ticket created"
+msgstr ""
+
 #: apps/remix/app/components/tables/organisation-email-domains-table.tsx
 msgid "Sync"
 msgstr "Sincronizar"
@@ -7009,7 +7462,8 @@ msgid "The email address which will show up in the \"Reply To\" field in emails"
 msgstr "La dirección de correo que aparecerá en el campo \"Responder a\" en los correos electrónicos"
 
 #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.email-domains.$id.tsx
-msgid "The email domain you are looking for may have been removed, renamed or may have never\n"
+msgid ""
+"The email domain you are looking for may have been removed, renamed or may have never\n"
 "                    existed."
 msgstr "El dominio de correo electrónico que estás buscando puede haber sido eliminado, renombrado o puede que nunca haya existido."
 
@@ -7050,12 +7504,21 @@ msgstr "Se produjeron los siguientes errores:"
 msgid "The following team has been deleted. You will no longer be able to access this team and its documents"
 msgstr "El siguiente equipo ha sido eliminado. Ya no podrá acceder a este equipo y sus documentos"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "The OpenID discovery endpoint URL for your provider"
+msgstr ""
+
+#: apps/remix/app/routes/_unauthenticated+/o.$orgUrl.signin.tsx
+msgid "The organisation authentication portal does not exist, or is not configured"
+msgstr ""
+
 #: apps/remix/app/components/dialogs/organisation-email-create-dialog.tsx
 msgid "The organisation email has been created successfully."
 msgstr "El correo electrónico de la organización se ha creado con éxito."
 
 #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.groups.$id.tsx
-msgid "The organisation group you are looking for may have been removed, renamed or may have never\n"
+msgid ""
+"The organisation group you are looking for may have been removed, renamed or may have never\n"
 "                    existed."
 msgstr "El grupo de organización que está buscando puede haber sido eliminado, renombrado o puede que nunca haya existido."
 
@@ -7064,12 +7527,14 @@ msgid "The organisation role that will be applied to all members in this group."
 msgstr "El rol de organización que se aplicará a todos los miembros de este grupo."
 
 #: apps/remix/app/routes/_authenticated+/admin+/organisations.$id.tsx
-msgid "The organisation you are looking for may have been removed, renamed or may have never\n"
+msgid ""
+"The organisation you are looking for may have been removed, renamed or may have never\n"
 "                    existed."
 msgstr "La organización que está buscando puede haber sido eliminada, renombrada o puede que nunca haya existido."
 
 #: apps/remix/app/routes/_authenticated+/_layout.tsx
-msgid "The organisation you are looking for may have been removed, renamed or may have never\n"
+msgid ""
+"The organisation you are looking for may have been removed, renamed or may have never\n"
 "                  existed."
 msgstr "La organización que está buscando puede haber sido eliminada, renombrada o puede que nunca haya existido."
 
@@ -7158,14 +7623,17 @@ msgid "The team email <0>{teamEmail}</0> has been removed from the following tea
 msgstr "El correo electrónico del equipo <0>{teamEmail}</0> ha sido eliminado del siguiente equipo"
 
 #: apps/remix/app/routes/_authenticated+/_layout.tsx
-msgid "The team you are looking for may have been removed, renamed or may have never\n"
+msgid ""
+"The team you are looking for may have been removed, renamed or may have never\n"
 "                  existed."
 msgstr "El equipo que está buscando puede haber sido eliminado, renombrado o puede que nunca haya existido."
 
 #: apps/remix/app/routes/_authenticated+/t.$teamUrl+/_layout.tsx
-msgid "The team you are looking for may have been removed, renamed or may have never\n"
+msgid ""
+"The team you are looking for may have been removed, renamed or may have never\n"
 "                existed."
-msgstr "El equipo que buscas puede haber sido eliminado, renombrado o quizás nunca\n"
+msgstr ""
+"El equipo que buscas puede haber sido eliminado, renombrado o quizás nunca\n"
 "                existió."
 
 #: apps/remix/app/components/dialogs/template-move-to-folder-dialog.tsx
@@ -7180,6 +7648,10 @@ msgstr "La plantilla será eliminada de tu perfil"
 msgid "The test webhook has been successfully sent to your endpoint."
 msgstr "El webhook de prueba se ha enviado exitosamente a tu terminal."
 
+#: apps/remix/app/routes/_unauthenticated+/organisation.sso.confirmation.$token.tsx
+msgid "The token is invalid or has expired."
+msgstr ""
+
 #: apps/remix/app/components/forms/token.tsx
 msgid "The token was copied to your clipboard."
 msgstr "El token fue copiado a tu portapapeles."
@@ -7206,10 +7678,15 @@ msgid "The URL for Documenso to send webhook events to."
 msgstr "La URL para Documenso para enviar eventos de webhook."
 
 #: apps/remix/app/routes/_authenticated+/admin+/users.$id.tsx
-msgid "The user you are looking for may have been removed, renamed or may have never\n"
+msgid ""
+"The user you are looking for may have been removed, renamed or may have never\n"
 "                    existed."
 msgstr "El usuario que está buscando puede haber sido eliminado, renombrado o puede que nunca haya existido."
 
+#: apps/remix/app/components/dialogs/admin-user-reset-two-factor-dialog.tsx
+msgid "The user's two factor authentication has been reset successfully."
+msgstr ""
+
 #: apps/remix/app/components/dialogs/webhook-delete-dialog.tsx
 msgid "The webhook has been successfully deleted."
 msgstr "El webhook ha sido eliminado con éxito."
@@ -7223,7 +7700,8 @@ msgid "The webhook was successfully created."
 msgstr "El webhook fue creado con éxito."
 
 #: apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.webhooks.$id.tsx
-msgid "The webhook you are looking for may have been removed, renamed or may have never\n"
+msgid ""
+"The webhook you are looking for may have been removed, renamed or may have never\n"
 "                    existed."
 msgstr "El webhook que buscas puede haber sido eliminado, renombrado o puede que nunca haya existido."
 
@@ -7259,6 +7737,10 @@ msgstr "Esta cuenta ha sido deshabilitada. Por favor, contacta con soporte."
 msgid "This account has not been verified. Please verify your account before signing in."
 msgstr "Esta cuenta no ha sido verificada. Por favor, verifica tu cuenta antes de iniciar sesión."
 
+#: apps/remix/app/components/dialogs/admin-user-reset-two-factor-dialog.tsx
+msgid "This action is irreversible. Please ensure you have informed the user before proceeding."
+msgstr ""
+
 #: apps/remix/app/components/dialogs/admin-user-delete-dialog.tsx
 #: apps/remix/app/components/dialogs/admin-document-delete-dialog.tsx
 #: apps/remix/app/components/dialogs/account-delete-dialog.tsx
@@ -7377,10 +7859,22 @@ msgstr "Así es como el documento llegará a los destinatarios una vez que esté
 msgid "This is the claim that this organisation was initially created with. Any feature flag changes to this claim will be backported into this organisation."
 msgstr "Esta es la reclamo con la que se creó inicialmente esta organización. Cualquier cambio en la bandera de características de esta reclamo se retroalimentará en esta organización."
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "This is the required scopes you must set in your provider's settings"
+msgstr ""
+
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "This is the URL which users will use to sign in to your organisation."
+msgstr ""
+
 #: apps/remix/app/routes/_unauthenticated+/team.verify.email.$token.tsx
 msgid "This link is invalid or has expired. Please contact your team to resend a verification."
 msgstr "Este enlace es inválido o ha expirado. Por favor, contacta a tu equipo para reenviar una verificación."
 
+#: apps/remix/app/routes/_unauthenticated+/organisation.sso.confirmation.$token.tsx
+msgid "This organisation will have administrative control over your account. You can revoke this access later, but they will retain access to any data they've already collected."
+msgstr ""
+
 #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.general.tsx
 msgid "This organisation, and any associated data will be permanently deleted."
 msgstr "Esta organización y cualquier dato asociado serán eliminados permanentemente."
@@ -7500,9 +7994,10 @@ msgstr "Para poder añadir miembros a un equipo, primero debes añadirlos a la o
 msgid "To change the email you must remove and add a new email address."
 msgstr "Para cambiar el correo electrónico debes eliminar y añadir una nueva dirección de correo electrónico."
 
+#. placeholder {0}: user.email
 #. placeholder {0}: userToEnable.email
 #. placeholder {0}: userToDisable.email
-#. placeholder {0}: user.email
+#: apps/remix/app/components/dialogs/admin-user-reset-two-factor-dialog.tsx
 #: apps/remix/app/components/dialogs/admin-user-enable-dialog.tsx
 #: apps/remix/app/components/dialogs/admin-user-disable-dialog.tsx
 #: apps/remix/app/components/dialogs/admin-user-delete-dialog.tsx
@@ -7518,6 +8013,7 @@ msgid "To enable two-factor authentication, scan the following QR code using you
 msgstr "Para habilitar la autenticación de dos factores, escanea el siguiente código QR usando tu aplicación de autenticador."
 
 #: apps/remix/app/routes/_unauthenticated+/unverified-account.tsx
+#: apps/remix/app/routes/_unauthenticated+/o.$orgUrl.signin.tsx
 msgid "To gain access to your account, please confirm your email address by clicking on the confirmation link from your inbox."
 msgstr "Para acceder a tu cuenta, por favor confirma tu dirección de correo electrónico haciendo clic en el enlace de confirmación de tu bandeja de entrada."
 
@@ -7634,9 +8130,14 @@ msgstr "La autenticación de dos factores ha sido desactivada para tu cuenta. Ya
 msgid "Two-Factor Re-Authentication"
 msgstr "Re-autenticación de Doble Factor"
 
+#: packages/lib/constants/document.ts
+msgctxt "Type signatute type"
+msgid "Type"
+msgstr ""
+
 #: apps/remix/app/components/tables/templates-table.tsx
 #: apps/remix/app/components/tables/admin-document-recipient-item-table.tsx
-#: packages/lib/constants/document.ts
+#: packages/ui/primitives/signature-pad/signature-pad.tsx
 msgid "Type"
 msgstr "Tipo"
 
@@ -7750,9 +8251,15 @@ msgstr "Incompleto"
 #: apps/remix/app/routes/_authenticated+/settings+/security.sessions.tsx
 #: apps/remix/app/routes/_authenticated+/settings+/security.sessions.tsx
 #: apps/remix/app/routes/_authenticated+/settings+/security.sessions.tsx
+#: apps/remix/app/routes/_authenticated+/settings+/security.linked-accounts.tsx
 msgid "Unknown"
 msgstr "Desconocido"
 
+#: apps/remix/app/components/general/template/template-drop-zone-wrapper.tsx
+#: apps/remix/app/components/general/document/document-drop-zone-wrapper.tsx
+msgid "Unknown error"
+msgstr ""
+
 #: apps/remix/app/components/tables/admin-claims-table.tsx
 msgid "Unlimited"
 msgstr "Ilimitado"
@@ -7761,6 +8268,11 @@ msgstr "Ilimitado"
 msgid "Unlimited documents, API and more"
 msgstr "Documentos ilimitados, API y más"
 
+#: apps/remix/app/routes/_authenticated+/settings+/security.linked-accounts.tsx
+#: apps/remix/app/routes/_authenticated+/settings+/security.linked-accounts.tsx
+msgid "Unlink"
+msgstr ""
+
 #: apps/remix/app/components/general/folder/folder-card.tsx
 msgid "Unpin"
 msgstr "Desanclar"
@@ -7769,6 +8281,7 @@ msgstr "Desanclar"
 msgid "Untitled Group"
 msgstr "Grupo sin título"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
 #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.groups.$id.tsx
 #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.email-domains.$id.tsx
 #: apps/remix/app/routes/_authenticated+/admin+/organisations.$id.tsx
@@ -7908,6 +8421,11 @@ msgid "Upgrade your plan to upload more documents"
 msgstr "Actualiza tu plan para cargar más documentos"
 
 #: packages/lib/constants/document.ts
+msgctxt "Upload signatute type"
+msgid "Upload"
+msgstr ""
+
+#: packages/ui/primitives/signature-pad/signature-pad.tsx
 msgid "Upload"
 msgstr "Subir"
 
@@ -7941,6 +8459,11 @@ msgstr "Subir documento personalizado"
 msgid "Upload Document"
 msgstr "Cargar Documento"
 
+#: apps/remix/app/components/general/template/template-drop-zone-wrapper.tsx
+#: apps/remix/app/components/general/document/document-drop-zone-wrapper.tsx
+msgid "Upload failed"
+msgstr ""
+
 #: packages/ui/primitives/signature-pad/signature-pad-upload.tsx
 msgid "Upload Signature"
 msgstr "Subir firma"
@@ -8022,6 +8545,7 @@ msgstr "El usuario no tiene contraseña."
 msgid "User not found"
 msgstr "Usuario no encontrado"
 
+#: apps/remix/app/components/dialogs/admin-user-reset-two-factor-dialog.tsx
 #: apps/remix/app/components/dialogs/admin-user-enable-dialog.tsx
 #: apps/remix/app/components/dialogs/admin-user-disable-dialog.tsx
 #: apps/remix/app/components/dialogs/admin-user-delete-dialog.tsx
@@ -8095,6 +8619,11 @@ msgstr "Verifica tu dirección de correo electrónico del equipo"
 msgid "Vertical"
 msgstr "Vertical"
 
+#: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role action verb"
+msgid "View"
+msgstr ""
+
 #: apps/remix/app/components/tables/organisation-billing-invoices-table.tsx
 #: apps/remix/app/components/tables/inbox-table.tsx
 #: apps/remix/app/components/tables/inbox-table.tsx
@@ -8104,7 +8633,6 @@ msgstr "Vertical"
 #: apps/remix/app/components/general/document/document-page-view-button.tsx
 #: apps/remix/app/components/forms/2fa/view-recovery-codes-dialog.tsx
 #: apps/remix/app/components/embed/multisign/multi-sign-document-list.tsx
-#: packages/lib/constants/recipient-roles.ts
 msgid "View"
 msgstr "Ver"
 
@@ -8137,6 +8665,11 @@ msgstr "Ver toda la actividad de seguridad relacionada con tu cuenta."
 msgid "View and manage all active sessions for your account."
 msgstr "Ver y gestionar todas las sesiones activas de tu cuenta."
 
+#: apps/remix/app/routes/_authenticated+/settings+/security.linked-accounts.tsx
+#: apps/remix/app/routes/_authenticated+/settings+/security._index.tsx
+msgid "View and manage all login methods linked to your account."
+msgstr ""
+
 #: apps/remix/app/components/forms/2fa/view-recovery-codes-dialog.tsx
 msgid "View Codes"
 msgstr "Ver Códigos"
@@ -8149,7 +8682,7 @@ msgstr "Ver registros DNS"
 msgid "View document"
 msgstr "Ver documento"
 
-#: apps/remix/app/components/general/document-signing/document-signing-form.tsx
+#: apps/remix/app/components/general/document-signing/document-signing-page-view.tsx
 #: packages/ui/primitives/document-flow/add-subject.tsx
 #: packages/ui/primitives/document-flow/add-subject.tsx
 #: packages/ui/primitives/document-flow/add-subject.tsx
@@ -8199,24 +8732,31 @@ msgstr "Ver equipos"
 msgid "View the DNS records for this email domain"
 msgstr "Ver los registros DNS para este dominio de correo electrónico"
 
+#: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role actioned"
+msgid "Viewed"
+msgstr ""
+
 #: apps/remix/app/routes/_internal+/[__htmltopdf]+/certificate.tsx
 #: apps/remix/app/components/general/document/document-page-view-recipients.tsx
 #: apps/remix/app/components/embed/multisign/multi-sign-document-list.tsx
-#: packages/lib/constants/recipient-roles.ts
 msgid "Viewed"
 msgstr "Visto"
 
 #: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role name"
 msgid "Viewer"
-msgstr "Visor"
+msgstr ""
 
 #: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role plural name"
 msgid "Viewers"
-msgstr "Espectadores"
+msgstr ""
 
 #: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role progressive verb"
 msgid "Viewing"
-msgstr "Viendo"
+msgstr ""
 
 #: apps/remix/app/components/dialogs/folder-update-dialog.tsx
 msgid "Visibility"
@@ -8277,6 +8817,10 @@ msgstr "No podemos actualizar esta clave de acceso en este momento. Por favor, i
 msgid "We couldn't create a Stripe customer. Please try again."
 msgstr "No pudimos crear un cliente de Stripe. Por favor, intente nuevamente."
 
+#: apps/remix/app/routes/_authenticated+/admin+/organisations.$id.tsx
+msgid "We couldn't promote the member to owner. Please try again."
+msgstr ""
+
 #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.groups.$id.tsx
 msgid "We couldn't update the group. Please try again."
 msgstr "No pudimos actualizar el grupo. Por favor, intente nuevamente."
@@ -8286,6 +8830,10 @@ msgstr "No pudimos actualizar el grupo. Por favor, intente nuevamente."
 msgid "We couldn't update the organisation. Please try again."
 msgstr "No pudimos actualizar la organización. Por favor, intente nuevamente."
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "We couldn't update the provider. Please try again."
+msgstr ""
+
 #: apps/remix/app/components/dialogs/organisation-email-create-dialog.tsx
 msgid "We encountered an error while creating the email. Please try again later."
 msgstr "Encontramos un error mientras creábamos el correo. Por favor, inténtalo de nuevo más tarde."
@@ -8394,6 +8942,7 @@ msgstr "Encontramos un error desconocido al intentar restablecer tu contraseña.
 msgid "We encountered an unknown error while attempting to revoke access. Please try again or contact support."
 msgstr "Encontramos un error desconocido al intentar revocar el acceso. Por favor, inténtalo de nuevo o contacta con soporte."
 
+#: apps/remix/app/routes/_unauthenticated+/o.$orgUrl.signin.tsx
 #: apps/remix/app/components/forms/signin.tsx
 #: apps/remix/app/components/forms/signin.tsx
 msgid "We encountered an unknown error while attempting to sign you In. Please try again later."
@@ -8529,6 +9078,10 @@ msgstr "Generaremos enlaces de firma para ti, que podrás enviar a los destinata
 msgid "We won't send anything to notify recipients."
 msgstr "No enviaremos nada para notificar a los destinatarios."
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.support.tsx
+msgid "We'll get back to you as soon as possible via email."
+msgstr ""
+
 #: apps/remix/app/routes/_authenticated+/t.$teamUrl+/templates._index.tsx
 #: apps/remix/app/components/tables/documents-table-empty-state.tsx
 msgid "We're all empty"
@@ -8586,10 +9139,18 @@ msgstr "Bienvenido de nuevo, somos afortunados de tenerte."
 msgid "Welcome back! Here's an overview of your account."
 msgstr "¡Bienvenido de nuevo! Aquí tienes un resumen de tu cuenta."
 
+#: apps/remix/app/routes/_unauthenticated+/o.$orgUrl.signin.tsx
+msgid "Welcome to {organisationName}"
+msgstr ""
+
 #: packages/email/template-components/template-confirmation-email.tsx
 msgid "Welcome to Documenso!"
 msgstr "¡Bienvenido a Documenso!"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "Well-known URL is required"
+msgstr ""
+
 #: apps/remix/app/routes/_recipient+/sign.$token+/waiting.tsx
 msgid "Were you trying to edit this document instead?"
 msgstr "¿Estabas intentando editar este documento en su lugar?"
@@ -8616,6 +9177,10 @@ msgstr "Cuando firme un documento, podemos completar y firmar automáticamente l
 msgid "When you use our platform to affix your electronic signature to documents, you are consenting to do so under the Electronic Signatures in Global and National Commerce Act (E-Sign Act) and other applicable laws. This action indicates your agreement to use electronic means to sign documents and receive notifications."
 msgstr "Cuando utilice nuestra plataforma para colocar su firma electrónica en documentos, está consintiendo hacerlo bajo la Ley de Firmas Electrónicas en el Comercio Global y Nacional (Ley E-Sign) y otras leyes aplicables. Esta acción indica su aceptación de usar medios electrónicos para firmar documentos y recibir notificaciones."
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "Whether to enable the SSO portal for your organisation"
+msgstr ""
+
 #: apps/remix/app/routes/_profile+/p.$url.tsx
 msgid "While waiting for them to do so you can create your own Documenso account and get started with document signing right away."
 msgstr "Mientras esperas a que ellos lo hagan, puedes crear tu propia cuenta de Documenso y comenzar a firmar documentos de inmediato."
@@ -8683,6 +9248,10 @@ msgstr "Estás a punto de dejar la siguiente organización."
 msgid "You are about to remove default access to this team for all organisation members. Any members not explicitly added to this team will no longer have access."
 msgstr "Estás a punto de eliminar el acceso predeterminado a este equipo para todos los miembros de la organización. Cualquier miembro no agregado explícitamente a este equipo, ya no tendrá acceso."
 
+#: apps/remix/app/routes/_authenticated+/settings+/security.linked-accounts.tsx
+msgid "You are about to remove the <0>{provider}</0> login method from your account."
+msgstr ""
+
 #. placeholder {0}: organisation.name
 #: apps/remix/app/components/dialogs/organisation-email-domain-delete-dialog.tsx
 msgid "You are about to remove the email domain <0>{emailDomain}</0> from <1>{0}</1>. All emails associated with this domain will be deleted."
@@ -8769,6 +9338,10 @@ msgstr "No estás autorizado para deshabilitar a este usuario."
 msgid "You are not authorized to enable this user."
 msgstr "No estás autorizado para habilitar a este usuario."
 
+#: apps/remix/app/components/dialogs/admin-user-reset-two-factor-dialog.tsx
+msgid "You are not authorized to reset two factor authentcation for this user."
+msgstr ""
+
 #: packages/email/template-components/template-confirmation-email.tsx
 msgid "You can also copy and paste this link into your browser: {confirmationLink} (link expires in 1 hour)"
 msgstr "También puedes copiar y pegar este enlace en tu navegador: {confirmationLink} (el enlace expira en 1 hora)"
@@ -9059,6 +9632,10 @@ msgstr "Ahora se te pedirá que ingreses un código de tu aplicación de autenti
 msgid "You will receive an Email copy of the signed document once everyone has signed."
 msgstr "Recibirás una copia por correo electrónico del documento firmado una vez que todos hayan firmado."
 
+#: apps/remix/app/routes/_unauthenticated+/organisation.sso.confirmation.$token.tsx
+msgid "Your Account"
+msgstr ""
+
 #: apps/remix/app/components/dialogs/account-delete-dialog.tsx
 msgid "Your account has been deleted successfully."
 msgstr "Tu cuenta ha sido eliminada con éxito."
@@ -9092,6 +9669,10 @@ msgstr "Tu operación de envío masivo para la plantilla \"{templateName}\" ha s
 msgid "Your current {currentProductName} plan is past due. Please update your payment information."
 msgstr "Tu plan actual {currentProductName} está vencido. Por favor, actualiza tu información de pago."
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.support.tsx
+msgid "Your current plan includes the following support channels:"
+msgstr ""
+
 #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.billing.tsx
 msgid "Your current plan is inactive."
 msgstr "Tu plan actual está inactivo."
@@ -9105,7 +9686,6 @@ msgid "Your direct signing templates"
 msgstr "Tus {0} plantillas de firma directa"
 
 #: apps/remix/app/components/general/document/document-upload.tsx
-#: apps/remix/app/components/general/document/document-drop-zone-wrapper.tsx
 #: apps/remix/app/components/embed/authoring/configure-document-upload.tsx
 msgid "Your document failed to upload."
 msgstr "Tu documento no se pudo cargar."
@@ -9238,6 +9818,10 @@ msgstr "Tu código de recuperación ha sido copiado en tu portapapeles."
 msgid "Your recovery codes are listed below. Please store them in a safe place."
 msgstr "Tus códigos de recuperación se enumeran a continuación. Por favor, guárdalos en un lugar seguro."
 
+#: apps/remix/app/components/forms/support-ticket-form.tsx
+msgid "Your support request has been submitted. We'll get back to you soon!"
+msgstr ""
+
 #: apps/remix/app/components/dialogs/team-create-dialog.tsx
 msgid "Your team has been created."
 msgstr "Tu equipo ha sido creado."
@@ -9250,10 +9834,6 @@ msgstr "Tu equipo ha sido eliminado con éxito."
 msgid "Your team has been successfully updated."
 msgstr "Tu equipo ha sido actualizado con éxito."
 
-#: apps/remix/app/components/general/template/template-drop-zone-wrapper.tsx
-msgid "Your template failed to upload."
-msgstr "Tu plantilla no se pudo cargar."
-
 #: apps/remix/app/routes/embed+/v1+/authoring_.completed.create.tsx
 msgid "Your template has been created successfully"
 msgstr "Tu plantilla se ha creado exitosamente"
@@ -9290,3 +9870,6 @@ msgstr "¡Tu token se creó con éxito! ¡Asegúrate de copiarlo porque no podr
 msgid "Your tokens will be shown here once you create them."
 msgstr "Tus tokens se mostrarán aquí una vez que los crees."
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "your-domain.com another-domain.com"
+msgstr ""
diff --git a/packages/lib/translations/fr/web.po b/packages/lib/translations/fr/web.po
index 44ff6c056..f8baf3af8 100644
--- a/packages/lib/translations/fr/web.po
+++ b/packages/lib/translations/fr/web.po
@@ -414,14 +414,30 @@ msgstr "{visibleRows, plural, one {Affichage de # résultat.} other {Affichage d
 msgid "<0>\"{0}\"</0>is no longer available to sign"
 msgstr "<0>\"{0}\"</0> n'est plus disponible pour signer"
 
+#: packages/email/templates/organisation-account-link-confirmation.tsx
+msgid "<0>{organisationName}</0> has requested to create an account on your behalf."
+msgstr ""
+
+#: packages/email/templates/organisation-account-link-confirmation.tsx
+msgid "<0>{organisationName}</0> has requested to link your current Documenso account to their organisation."
+msgstr ""
+
 #: packages/email/templates/confirm-team-email.tsx
 msgid "<0>{teamName}</0> has requested to use your email address for their team on Documenso."
 msgstr "<0>{teamName}</0> a demandé à utiliser votre adresse e-mail pour leur équipe sur Documenso."
 
+#: apps/remix/app/routes/_unauthenticated+/organisation.sso.confirmation.$token.tsx
+msgid "<0>Account management:</0> Modify your account settings, permissions, and preferences"
+msgstr ""
+
 #: apps/remix/app/components/dialogs/template-use-dialog.tsx
 msgid "<0>Click to upload</0> or drag and drop"
 msgstr "<0>Cliquez pour importer</0> ou faites glisser et déposez"
 
+#: apps/remix/app/routes/_unauthenticated+/organisation.sso.confirmation.$token.tsx
+msgid "<0>Data access:</0> Access all data associated with your account"
+msgstr ""
+
 #: packages/ui/components/document/document-signature-settings-tooltip.tsx
 msgid "<0>Drawn</0> - A signature that is drawn using a mouse or stylus."
 msgstr "<0>Dessinée</0> - Une signature dessinée en utilisant une souris ou un stylet."
@@ -430,6 +446,10 @@ msgstr "<0>Dessinée</0> - Une signature dessinée en utilisant une souris ou un
 msgid "<0>Email</0> - The recipient will be emailed the document to sign, approve, etc."
 msgstr "<0>Email</0> - Le destinataire recevra le document par e-mail pour signer, approuver, etc."
 
+#: apps/remix/app/routes/_unauthenticated+/organisation.sso.confirmation.$token.tsx
+msgid "<0>Full account access:</0> View all your profile information, settings, and activity"
+msgstr ""
+
 #: packages/ui/components/recipient/recipient-action-auth-select.tsx
 msgid "<0>Inherit authentication method</0> - Use the global action signing authentication method configured in the \"General Settings\" step"
 msgstr "<0>Hériter de la méthode d'authentification</0> - Utilisez la méthode globale d'authentification de signature d'action configurée dans l'étape \"Paramètres généraux\""
@@ -517,10 +537,18 @@ msgstr "12 mois"
 msgid "2FA"
 msgstr "2FA"
 
+#: apps/remix/app/components/dialogs/admin-user-reset-two-factor-dialog.tsx
+msgid "2FA Reset"
+msgstr ""
+
 #: apps/remix/app/components/forms/token.tsx
 msgid "3 months"
 msgstr "3 mois"
 
+#: apps/remix/app/routes/_unauthenticated+/organisation.sso.confirmation.$token.tsx
+msgid "400 Error"
+msgstr ""
+
 #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings._layout.tsx
 #: apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings._layout.tsx
 msgid "401 Unauthorized"
@@ -534,6 +562,10 @@ msgstr "404 Domaine email introuvable"
 msgid "404 not found"
 msgstr "404 non trouvé"
 
+#: apps/remix/app/routes/_unauthenticated+/o.$orgUrl.signin.tsx
+msgid "404 Not Found"
+msgstr ""
+
 #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.groups.$id.tsx
 msgid "404 Organisation group not found"
 msgstr "404 Groupe d'organisation non trouvé"
@@ -597,16 +629,19 @@ msgid "A draft document will be created"
 msgstr "Un document brouillon sera créé"
 
 #: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
 msgid "A field was added"
-msgstr "Un champ a été ajouté"
+msgstr ""
 
 #: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
 msgid "A field was removed"
-msgstr "Un champ a été supprimé"
+msgstr ""
 
 #: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
 msgid "A field was updated"
-msgstr "Un champ a été mis à jour"
+msgstr ""
 
 #: apps/remix/app/routes/_unauthenticated+/articles.signature-disclosure.tsx
 msgid "A means to print or download documents for your records"
@@ -646,16 +681,27 @@ msgid "A password reset email has been sent, if you have an account you should s
 msgstr "Un e-mail de réinitialisation de mot de passe a été envoyé, si vous avez un compte vous devriez le voir dans votre boîte de réception sous peu."
 
 #: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
 msgid "A recipient was added"
-msgstr "Un destinataire a été ajouté"
+msgstr ""
 
 #: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
 msgid "A recipient was removed"
-msgstr "Un destinataire a été supprimé"
+msgstr ""
 
 #: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
 msgid "A recipient was updated"
-msgstr "Un destinataire a été mis à jour"
+msgstr ""
+
+#: packages/email/templates/organisation-account-link-confirmation.tsx
+msgid "A request has been made to create an account for you"
+msgstr ""
+
+#: packages/email/templates/organisation-account-link-confirmation.tsx
+msgid "A request has been made to link your Documenso account"
+msgstr ""
 
 #. placeholder {0}: team.name
 #: packages/lib/server-only/team/create-team-email-verification.ts
@@ -706,6 +752,10 @@ msgstr "Un e-mail de vérification sera envoyé à l'adresse e-mail fournie."
 msgid "Accept"
 msgstr "Accepter"
 
+#: apps/remix/app/routes/_unauthenticated+/organisation.sso.confirmation.$token.tsx
+msgid "Accept & Link Account"
+msgstr ""
+
 #: packages/email/templates/organisation-invite.tsx
 msgid "Accept invitation to join an organisation on Documenso"
 msgstr "Accepter l'invitation à rejoindre une organisation sur Documenso"
@@ -726,6 +776,7 @@ msgstr "Accès désactivé"
 msgid "Access enabled"
 msgstr "Accès activé"
 
+#: apps/remix/app/routes/_unauthenticated+/organisation.sso.confirmation.$token.tsx
 #: apps/remix/app/components/general/org-menu-switcher.tsx
 #: apps/remix/app/components/general/document-signing/document-signing-auth-dialog.tsx
 msgid "Account"
@@ -735,6 +786,14 @@ msgstr "Compte"
 msgid "Account Authentication"
 msgstr "Authentification de compte"
 
+#: packages/email/templates/organisation-account-link-confirmation.tsx
+msgid "Account creation request"
+msgstr ""
+
+#: apps/remix/app/routes/_unauthenticated+/organisation.sso.confirmation.$token.tsx
+msgid "Account Creation Request"
+msgstr ""
+
 #: apps/remix/app/components/dialogs/admin-user-delete-dialog.tsx
 #: apps/remix/app/components/dialogs/account-delete-dialog.tsx
 msgid "Account deleted"
@@ -748,10 +807,18 @@ msgstr "Compte désactivé"
 msgid "Account enabled"
 msgstr "Compte activé"
 
+#: apps/remix/app/routes/_unauthenticated+/organisation.sso.confirmation.$token.tsx
+msgid "Account Linking Request"
+msgstr ""
+
 #: apps/remix/app/routes/_internal+/[__htmltopdf]+/certificate.tsx
 msgid "Account Re-Authentication"
 msgstr "Ré-authentification de compte"
 
+#: apps/remix/app/routes/_authenticated+/settings+/security.linked-accounts.tsx
+msgid "Account unlinked"
+msgstr ""
+
 #: apps/remix/app/routes/_unauthenticated+/articles.signature-disclosure.tsx
 msgid "Acknowledgment"
 msgstr "Reconnaissance"
@@ -766,6 +833,7 @@ msgstr "Action"
 
 #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.email-domains.$id.tsx
 #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.email-domains.$id.tsx
+#: apps/remix/app/routes/_authenticated+/admin+/organisations.$id.tsx
 #: apps/remix/app/components/tables/templates-table.tsx
 #: apps/remix/app/components/tables/team-members-table.tsx
 #: apps/remix/app/components/tables/team-members-table.tsx
@@ -804,6 +872,10 @@ msgstr "Abonnements actifs"
 msgid "Add"
 msgstr "Ajouter"
 
+#: packages/ui/primitives/document-flow/add-signers.tsx
+msgid "Add 2 or more signers to enable signing order."
+msgstr ""
+
 #: apps/remix/app/components/dialogs/organisation-email-domain-create-dialog.tsx
 msgid "Add a custom domain to send emails on behalf of your organisation. We'll generate DKIM records that you need to add to your DNS provider."
 msgstr "Ajoutez un domaine personnalisé pour envoyer des emails au nom de votre organisation. Nous générerons des enregistrements DKIM que vous devrez ajouter à votre fournisseur DNS."
@@ -961,6 +1033,10 @@ msgstr "Ajouter les destinataires pour créer le document avec"
 msgid "Add these DNS records to verify your domain ownership"
 msgstr "Ajoutez ces enregistrements DNS pour vérifier la propriété de votre domaine"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "Add this URL to your provider's allowed redirect URIs"
+msgstr ""
+
 #: apps/remix/app/components/forms/branding-preferences-form.tsx
 msgid "Additional brand information to display at the bottom of emails"
 msgstr "Informations supplémentaires sur la marque à afficher en bas des e-mails"
@@ -1078,6 +1154,10 @@ msgstr "Autoriser les destinataires du document à répondre directement à cett
 msgid "Allow signers to dictate next signer"
 msgstr "Permettre aux signataires de désigner le prochain signataire"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "Allowed Email Domains"
+msgstr ""
+
 #: apps/remix/app/components/embed/authoring/configure-document-advanced-settings.tsx
 #: packages/ui/primitives/template-flow/add-template-settings.tsx
 #: packages/ui/primitives/document-flow/add-settings.tsx
@@ -1120,6 +1200,7 @@ msgstr "Un e-mail contenant une invitation sera envoyé à chaque membre."
 msgid "An email with this address already exists."
 msgstr "Un email avec cette adresse existe déjà."
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
 #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.groups.$id.tsx
 #: apps/remix/app/routes/_authenticated+/admin+/organisations.$id.tsx
 #: apps/remix/app/routes/_authenticated+/admin+/organisations.$id.tsx
@@ -1139,6 +1220,7 @@ msgstr "Une erreur est survenue lors de l'ajout des champs."
 
 #: apps/remix/app/components/general/template/template-edit-form.tsx
 #: apps/remix/app/components/general/document/document-edit-form.tsx
+#: apps/remix/app/components/general/document/document-edit-form.tsx
 msgid "An error occurred while adding signers."
 msgstr "Une erreur est survenue lors de l'ajout de signataires."
 
@@ -1146,6 +1228,30 @@ msgstr "Une erreur est survenue lors de l'ajout de signataires."
 msgid "An error occurred while adding the fields."
 msgstr "Une erreur est survenue lors de l'ajout des champs."
 
+#: apps/remix/app/components/general/document/document-edit-form.tsx
+msgid "An error occurred while auto-saving the document settings."
+msgstr ""
+
+#: apps/remix/app/components/general/document/document-edit-form.tsx
+msgid "An error occurred while auto-saving the fields."
+msgstr ""
+
+#: apps/remix/app/components/general/document/document-edit-form.tsx
+msgid "An error occurred while auto-saving the subject form."
+msgstr ""
+
+#: apps/remix/app/components/general/template/template-edit-form.tsx
+msgid "An error occurred while auto-saving the template fields."
+msgstr ""
+
+#: apps/remix/app/components/general/template/template-edit-form.tsx
+msgid "An error occurred while auto-saving the template placeholders."
+msgstr ""
+
+#: apps/remix/app/components/general/template/template-edit-form.tsx
+msgid "An error occurred while auto-saving the template settings."
+msgstr ""
+
 #: apps/remix/app/components/general/document-signing/document-signing-auto-sign.tsx
 msgid "An error occurred while auto-signing the document, some fields may not be signed. Please review and manually sign any remaining fields."
 msgstr "Une erreur est survenue lors de la signature automatique du document, certains champs peuvent ne pas être signés. Veuillez vérifier et signer manuellement tous les champs restants."
@@ -1224,6 +1330,10 @@ msgstr "Une erreur s'est produite lors de la suppression de la sélection."
 msgid "An error occurred while removing the signature."
 msgstr "Une erreur est survenue lors de la suppression de la signature."
 
+#: apps/remix/app/components/dialogs/admin-user-reset-two-factor-dialog.tsx
+msgid "An error occurred while resetting two factor authentication for the user."
+msgstr ""
+
 #: apps/remix/app/components/general/document/document-edit-form.tsx
 msgid "An error occurred while sending the document."
 msgstr "Une erreur est survenue lors de l'envoi du document."
@@ -1281,10 +1391,23 @@ msgstr "Une erreur est survenue lors de la mise à jour de votre profil."
 msgid "An error occurred while uploading your document."
 msgstr "Une erreur est survenue lors de l'importation de votre document."
 
+#: apps/remix/app/components/forms/support-ticket-form.tsx
+msgid "An error occurred. Please try again later."
+msgstr ""
+
+#: apps/remix/app/routes/_unauthenticated+/organisation.sso.confirmation.$token.tsx
+msgid "An organisation wants to create an account for you. Please review the details below."
+msgstr ""
+
+#: apps/remix/app/routes/_unauthenticated+/organisation.sso.confirmation.$token.tsx
+msgid "An organisation wants to link your account. Please review the details below."
+msgstr ""
+
 #: apps/remix/app/components/general/generic-error-layout.tsx
 msgid "An unexpected error occurred."
 msgstr "Une erreur inattendue est survenue."
 
+#: apps/remix/app/routes/_unauthenticated+/o.$orgUrl.signin.tsx
 #: apps/remix/app/routes/_authenticated+/admin+/site-settings.tsx
 #: apps/remix/app/components/general/app-command-menu.tsx
 #: apps/remix/app/components/forms/team-update-form.tsx
@@ -1364,37 +1487,48 @@ msgstr "Tokens API"
 msgid "App Version"
 msgstr "Version de l'application"
 
+#: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role action verb"
+msgid "Approve"
+msgstr ""
+
 #: apps/remix/app/components/tables/inbox-table.tsx
 #: apps/remix/app/components/tables/documents-table-action-dropdown.tsx
 #: apps/remix/app/components/tables/documents-table-action-button.tsx
 #: apps/remix/app/components/general/document-signing/document-signing-complete-dialog.tsx
 #: apps/remix/app/components/general/document-signing/document-signing-complete-dialog.tsx
 #: apps/remix/app/components/general/document/document-page-view-button.tsx
-#: packages/lib/constants/recipient-roles.ts
 msgid "Approve"
 msgstr "Approuver"
 
-#: apps/remix/app/components/general/document-signing/document-signing-form.tsx
+#: apps/remix/app/components/general/document-signing/document-signing-page-view.tsx
 #: packages/email/template-components/template-document-invite.tsx
 msgid "Approve Document"
 msgstr "Approuver le document"
 
-#: apps/remix/app/components/general/document/document-page-view-recipients.tsx
 #: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role actioned"
+msgid "Approved"
+msgstr ""
+
+#: apps/remix/app/components/general/document/document-page-view-recipients.tsx
 msgid "Approved"
 msgstr "Approuvé"
 
 #: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role name"
 msgid "Approver"
-msgstr "Approuveur"
+msgstr ""
 
 #: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role plural name"
 msgid "Approvers"
-msgstr "Approuveurs"
+msgstr ""
 
 #: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role progressive verb"
 msgid "Approving"
-msgstr "Approval en cours"
+msgstr ""
 
 #: apps/remix/app/components/dialogs/assistant-confirmation-dialog.tsx
 msgid "Are you sure you want to complete the document? This action cannot be undone. Please ensure that you have completed prefilling all relevant fields before proceeding."
@@ -1428,6 +1562,7 @@ msgstr "Êtes-vous sûr de vouloir supprimer cette organisation?"
 msgid "Are you sure you wish to delete this team?"
 msgstr "Êtes-vous sûr de vouloir supprimer cette équipe ?"
 
+#: apps/remix/app/routes/_authenticated+/settings+/security.linked-accounts.tsx
 #: apps/remix/app/components/general/teams/team-email-usage.tsx
 #: apps/remix/app/components/dialogs/template-direct-link-dialog.tsx
 #: apps/remix/app/components/dialogs/team-member-delete-dialog.tsx
@@ -1450,10 +1585,11 @@ msgid "Assigned Teams"
 msgstr "Équipes assignées"
 
 #: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role action verb"
 msgid "Assist"
-msgstr "Aider"
+msgstr ""
 
-#: apps/remix/app/components/general/document-signing/document-signing-form.tsx
+#: apps/remix/app/components/general/document-signing/document-signing-page-view.tsx
 #: packages/email/template-components/template-document-invite.tsx
 msgid "Assist Document"
 msgstr "Assister le Document"
@@ -1463,29 +1599,36 @@ msgid "Assist with signing"
 msgstr "Aider à la signature"
 
 #: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role name"
 msgid "Assistant"
-msgstr "\"\""
+msgstr ""
 
 #: packages/ui/components/recipient/recipient-role-select.tsx
 msgid "Assistant role is only available when the document is in sequential signing mode."
 msgstr "Le rôle d'assistant est uniquement disponible lorsque le document est en mode de signature séquentielle."
 
 #: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role plural name"
 msgid "Assistants"
-msgstr "\"\""
+msgstr ""
 
 #: apps/remix/app/components/embed/multisign/multi-sign-document-list.tsx
 msgid "Assistants and Copy roles are currently not compatible with the multi-sign experience."
 msgstr "Les rôles d'assistant et de copie ne sont actuellement pas compatibles avec l'expérience multi-sign."
 
-#: apps/remix/app/components/general/document/document-page-view-recipients.tsx
 #: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role actioned"
+msgid "Assisted"
+msgstr ""
+
+#: apps/remix/app/components/general/document/document-page-view-recipients.tsx
 msgid "Assisted"
 msgstr "Assisté"
 
 #: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role progressive verb"
 msgid "Assisting"
-msgstr "En assistance"
+msgstr ""
 
 #: apps/remix/app/components/forms/document-preferences-form.tsx
 #: packages/ui/primitives/template-flow/add-template-settings.types.tsx
@@ -1510,6 +1653,10 @@ msgstr "Journaux de vérification"
 msgid "Authentication Level"
 msgstr "Niveau d'authentification"
 
+#: apps/remix/app/routes/_unauthenticated+/o.$orgUrl.signin.tsx
+msgid "Authentication Portal Not Found"
+msgstr ""
+
 #: apps/remix/app/components/general/document-signing/document-signing-auth-page.tsx
 #: apps/remix/app/components/general/direct-template/direct-template-signing-auth-page.tsx
 msgid "Authentication required"
@@ -1640,6 +1787,11 @@ msgstr "Envoi en masse via CSV"
 msgid "by <0>{senderName}</0>"
 msgstr "par <0>{senderName}</0>"
 
+#. placeholder {0}: organisation.name
+#: apps/remix/app/routes/_unauthenticated+/organisation.sso.confirmation.$token.tsx
+msgid "By accepting this request, you grant {0} the following permissions:"
+msgstr ""
+
 #: packages/email/templates/confirm-team-email.tsx
 msgid "By accepting this request, you will be granting <0>{teamName}</0> access to:"
 msgstr "En acceptant cette demande, vous accorderez à <0>{teamName}</0> l'accès à :"
@@ -1672,6 +1824,7 @@ msgstr "En utilisant la fonctionnalité de signature électronique, vous consent
 msgid "Can prepare"
 msgstr "Peut préparer"
 
+#: apps/remix/app/routes/_authenticated+/settings+/security.linked-accounts.tsx
 #: apps/remix/app/components/tables/settings-security-passkey-table-actions.tsx
 #: apps/remix/app/components/tables/settings-security-passkey-table-actions.tsx
 #: apps/remix/app/components/general/teams/team-email-usage.tsx
@@ -1763,21 +1916,29 @@ msgid "Cannot remove signer"
 msgstr "Impossible de supprimer le signataire"
 
 #: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role name"
 msgid "Cc"
-msgstr "Cc"
+msgstr ""
 
 #: packages/lib/constants/recipient-roles.ts
-#: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role action verb"
 msgid "CC"
-msgstr "CC"
+msgstr ""
 
 #: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role progressive verb"
+msgid "CC"
+msgstr ""
+
+#: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role actioned"
 msgid "CC'd"
-msgstr "CC'd"
+msgstr ""
 
 #: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role plural name"
 msgid "Ccers"
-msgstr "Copie Carboneurs"
+msgstr ""
 
 #: packages/ui/primitives/document-flow/field-items-advanced-settings/text-field.tsx
 msgid "Character Limit"
@@ -1872,10 +2033,27 @@ msgstr "Cliquez pour copier le lien de signature à envoyer au destinataire"
 msgid "Click to insert field"
 msgstr "Cliquez pour insérer un champ"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "Client ID"
+msgstr ""
+
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "Client ID is required"
+msgstr ""
+
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "Client Secret"
+msgstr ""
+
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "Client secret is required"
+msgstr ""
+
 #: apps/remix/app/components/general/billing-plans.tsx
 #: apps/remix/app/components/general/document-signing/document-signing-auth-passkey.tsx
 #: apps/remix/app/components/general/document-signing/document-signing-auth-2fa.tsx
 #: apps/remix/app/components/general/document/document-recipient-link-copy-dialog.tsx
+#: apps/remix/app/components/forms/support-ticket-form.tsx
 #: apps/remix/app/components/forms/2fa/view-recovery-codes-dialog.tsx
 #: apps/remix/app/components/forms/2fa/enable-authenticator-app-dialog.tsx
 #: apps/remix/app/components/dialogs/template-use-dialog.tsx
@@ -1902,6 +2080,8 @@ msgstr "Comparez tous les plans et fonctionnalités en détail"
 #: apps/remix/app/components/general/document-signing/document-signing-complete-dialog.tsx
 #: apps/remix/app/components/forms/signup.tsx
 #: apps/remix/app/components/embed/embed-document-signing-page.tsx
+#: apps/remix/app/components/embed/embed-document-signing-page.tsx
+#: apps/remix/app/components/embed/embed-direct-template-client-page.tsx
 #: apps/remix/app/components/embed/embed-direct-template-client-page.tsx
 #: apps/remix/app/components/embed/multisign/multi-sign-document-signing-view.tsx
 msgid "Complete"
@@ -1923,9 +2103,9 @@ msgstr "Compléter le Document"
 msgid "Complete Signing"
 msgstr "Compléter la signature"
 
-#: apps/remix/app/components/general/document-signing/document-signing-form.tsx
-msgid "Complete the fields for the following signers. Once reviewed, they will inform you if any modifications are needed."
-msgstr "Complétez les champs pour les signataires suivants. Une fois vérifiés, ils vous informeront si des modifications sont nécessaires."
+#: apps/remix/app/components/general/document-signing/document-signing-page-view.tsx
+msgid "Complete the fields for the following signers."
+msgstr ""
 
 #: apps/remix/app/components/general/document-signing/document-signing-complete-dialog.tsx
 #: apps/remix/app/components/general/document-signing/document-signing-complete-dialog.tsx
@@ -2045,6 +2225,7 @@ msgstr "Confirmer la suppression"
 msgid "Confirm email"
 msgstr "Confirmer l'email"
 
+#: apps/remix/app/routes/_unauthenticated+/o.$orgUrl.signin.tsx
 #: apps/remix/app/components/forms/send-confirmation-email.tsx
 msgid "Confirmation email sent"
 msgstr "Email de confirmation envoyé"
@@ -2061,6 +2242,10 @@ msgstr "Coordonnées"
 msgid "Contact sales here"
 msgstr "Contactez le service commercial ici"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.support.tsx
+msgid "Contact us"
+msgstr ""
+
 #: apps/remix/app/routes/_authenticated+/admin+/site-settings.tsx
 msgid "Content"
 msgstr "Contenu"
@@ -2141,6 +2326,8 @@ msgstr "Contrôle quelles signatures sont autorisées lors de la signature d'un
 msgid "Copied"
 msgstr "Copié"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
 #: apps/remix/app/components/tables/settings-public-profile-templates-table.tsx
 #: apps/remix/app/components/general/avatar-with-recipient.tsx
 #: apps/remix/app/components/general/template/template-direct-link-badge.tsx
@@ -2182,6 +2369,11 @@ msgstr "Copier les liens de signature"
 msgid "Copy token"
 msgstr "Copier le token"
 
+#: apps/remix/app/components/general/template/template-drop-zone-wrapper.tsx
+#: apps/remix/app/components/general/document/document-drop-zone-wrapper.tsx
+msgid "couldn't be uploaded:"
+msgstr ""
+
 #: apps/remix/app/routes/_profile+/_layout.tsx
 #: apps/remix/app/components/dialogs/webhook-create-dialog.tsx
 #: apps/remix/app/components/dialogs/organisation-group-create-dialog.tsx
@@ -2208,6 +2400,10 @@ msgstr "Créez une nouvelle adresse e-mail pour votre organisation en utilisant
 msgid "Create a new organisation with {planName} plan. Keep your current organisation on it's current plan"
 msgstr "Créez une nouvelle organisation avec le plan {planName}. Conservez votre organisation actuelle sur son plan en cours"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.support.tsx
+msgid "Create a support ticket"
+msgstr ""
+
 #: apps/remix/app/components/dialogs/team-create-dialog.tsx
 msgid "Create a team to collaborate with your team members."
 msgstr "Créer une équipe pour collaborer avec vos membres."
@@ -2466,6 +2662,7 @@ msgstr "Date de création"
 msgid "Date Format"
 msgstr "Format de date"
 
+#: apps/remix/app/routes/_unauthenticated+/organisation.sso.confirmation.$token.tsx
 #: apps/remix/app/components/general/organisations/organisation-invitations.tsx
 #: packages/email/templates/organisation-invite.tsx
 msgid "Decline"
@@ -2491,6 +2688,10 @@ msgstr "E-mail par défaut"
 msgid "Default Email Settings"
 msgstr "Paramètres d'e-mail par défaut"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "Default Organisation Role for New Users"
+msgstr ""
+
 #: apps/remix/app/components/forms/document-preferences-form.tsx
 msgid "Default Signature Settings"
 msgstr "Paramètres de Signature par Défaut"
@@ -2752,6 +2953,10 @@ msgstr "Désactiver la signature de lien direct empêchera quiconque d'accéder
 msgid "Disabling the user results in the user not being able to use the account. It also disables all the related contents such as subscription, webhooks, teams, and API keys."
 msgstr "Désactiver l'utilisateur a pour résultat que l'utilisateur ne peut pas utiliser le compte. Cela désactive également tous les contenus associés tels que l'abonnement, les webhooks, les équipes et les clés API."
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.support.tsx
+msgid "Discord"
+msgstr ""
+
 #: apps/remix/app/components/dialogs/organisation-email-update-dialog.tsx
 #: apps/remix/app/components/dialogs/organisation-email-create-dialog.tsx
 msgid "Display Name"
@@ -2820,8 +3025,9 @@ msgid "Document access"
 msgstr "Accès au document"
 
 #: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
 msgid "Document access auth updated"
-msgstr "L'authentification d'accès au document a été mise à jour"
+msgstr ""
 
 #: apps/remix/app/components/general/document/document-status.tsx
 msgid "Document All"
@@ -2837,9 +3043,13 @@ msgstr "Document Approuvé"
 msgid "Document Cancelled"
 msgstr "Document Annulé"
 
+#: packages/lib/utils/document-audit-logs.ts
+#: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
+msgid "Document completed"
+msgstr ""
+
 #: apps/remix/app/components/general/document/document-status.tsx
-#: packages/lib/utils/document-audit-logs.ts
-#: packages/lib/utils/document-audit-logs.ts
 msgid "Document completed"
 msgstr "Document terminé"
 
@@ -2852,8 +3062,12 @@ msgstr "E-mail de document complété"
 msgid "Document Completed!"
 msgstr "Document Complété !"
 
-#: apps/remix/app/components/dialogs/template-use-dialog.tsx
 #: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
+msgid "Document created"
+msgstr ""
+
+#: apps/remix/app/components/dialogs/template-use-dialog.tsx
 msgid "Document created"
 msgstr "Document créé"
 
@@ -2879,10 +3093,14 @@ msgstr "Document créé en utilisant un <0>lien direct</0>"
 msgid "Document Creation"
 msgstr "Création de document"
 
+#: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
+msgid "Document deleted"
+msgstr ""
+
 #: apps/remix/app/routes/_authenticated+/t.$teamUrl+/documents.$id._index.tsx
 #: apps/remix/app/components/dialogs/document-delete-dialog.tsx
 #: apps/remix/app/components/dialogs/admin-document-delete-dialog.tsx
-#: packages/lib/utils/document-audit-logs.ts
 msgid "Document deleted"
 msgstr "Document supprimé"
 
@@ -2908,8 +3126,9 @@ msgid "Document Duplicated"
 msgstr "Document dupliqué"
 
 #: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
 msgid "Document external ID updated"
-msgstr "ID externe du document mis à jour"
+msgstr ""
 
 #: apps/remix/app/components/general/document/document-certificate-qr-view.tsx
 msgid "Document found in your account"
@@ -2945,16 +3164,18 @@ msgid "Document moved"
 msgstr "Document déplacé"
 
 #: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
 msgid "Document moved to team"
-msgstr "Document déplacé vers l'équipe"
+msgstr ""
 
 #: apps/remix/app/routes/_recipient+/sign.$token+/complete.tsx
 msgid "Document no longer available to sign"
 msgstr "Document non disponible pour signature"
 
 #: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
 msgid "Document opened"
-msgstr "Document ouvert"
+msgstr ""
 
 #: apps/remix/app/components/general/document/document-status.tsx
 msgid "Document pending"
@@ -2993,8 +3214,12 @@ msgstr "Document Rejeté"
 msgid "Document resealed"
 msgstr "Document resealé"
 
-#: apps/remix/app/components/general/document/document-edit-form.tsx
 #: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
+msgid "Document sent"
+msgstr ""
+
+#: apps/remix/app/components/general/document/document-edit-form.tsx
 msgid "Document sent"
 msgstr "Document envoyé"
 
@@ -3003,8 +3228,9 @@ msgid "Document Signed"
 msgstr "Document signé"
 
 #: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
 msgid "Document signing auth updated"
-msgstr "Authentification de signature de document mise à jour"
+msgstr ""
 
 #: apps/remix/app/components/dialogs/document-delete-dialog.tsx
 msgid "Document signing process will be cancelled"
@@ -3019,12 +3245,14 @@ msgid "Document title"
 msgstr "Titre du document"
 
 #: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
 msgid "Document title updated"
-msgstr "Titre du document mis à jour"
+msgstr ""
 
 #: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
 msgid "Document updated"
-msgstr "Document mis à jour"
+msgstr ""
 
 #: apps/remix/app/routes/embed+/v1+/authoring+/document.edit.$id.tsx
 msgid "Document updated successfully"
@@ -3040,21 +3268,27 @@ msgid "Document uploaded"
 msgstr "Document importé"
 
 #: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
 msgid "Document viewed"
-msgstr "Document consulté"
+msgstr ""
 
 #: apps/remix/app/routes/_recipient+/sign.$token+/complete.tsx
 msgid "Document Viewed"
 msgstr "Document consulté"
 
 #: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
 msgid "Document visibility updated"
-msgstr "Visibilité du document mise à jour"
+msgstr ""
 
 #: apps/remix/app/components/dialogs/document-delete-dialog.tsx
 msgid "Document will be permanently deleted"
 msgstr "Le document sera supprimé de manière permanente"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.support.tsx
+msgid "Documentation"
+msgstr ""
+
 #: apps/remix/app/routes/_profile+/p.$url.tsx
 #: apps/remix/app/routes/_authenticated+/t.$teamUrl+/documents._index.tsx
 #: apps/remix/app/routes/_authenticated+/t.$teamUrl+/documents.$id.edit.tsx
@@ -3165,6 +3399,11 @@ msgid "Drag and drop your PDF file here"
 msgstr "Faites glisser et déposez votre fichier PDF ici"
 
 #: packages/lib/constants/document.ts
+msgctxt "Draw signatute type"
+msgid "Draw"
+msgstr ""
+
+#: packages/ui/primitives/signature-pad/signature-pad.tsx
 msgid "Draw"
 msgstr "Dessiner"
 
@@ -3411,6 +3650,10 @@ msgstr "Activer la signature de lien direct"
 msgid "Enable signing order"
 msgstr "Activer l'ordre de signature"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "Enable SSO portal"
+msgstr ""
+
 #: apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.webhooks._index.tsx
 #: apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.webhooks.$id.tsx
 #: apps/remix/app/routes/_authenticated+/admin+/site-settings.tsx
@@ -3475,13 +3718,18 @@ msgstr "Entreprise"
 #: apps/remix/app/routes/embed+/v1+/authoring+/document.edit.$id.tsx
 #: apps/remix/app/routes/embed+/v1+/authoring+/document.edit.$id.tsx
 #: apps/remix/app/routes/_authenticated+/settings+/security.sessions.tsx
+#: apps/remix/app/routes/_authenticated+/settings+/security.linked-accounts.tsx
 #: apps/remix/app/routes/_authenticated+/admin+/users.$id.tsx
 #: apps/remix/app/routes/_authenticated+/admin+/organisations.$id.tsx
+#: apps/remix/app/routes/_authenticated+/admin+/organisations.$id.tsx
 #: apps/remix/app/routes/_authenticated+/admin+/documents.$id.tsx
 #: apps/remix/app/components/general/verify-email-banner.tsx
 #: apps/remix/app/components/general/template/template-edit-form.tsx
 #: apps/remix/app/components/general/template/template-edit-form.tsx
 #: apps/remix/app/components/general/template/template-edit-form.tsx
+#: apps/remix/app/components/general/template/template-edit-form.tsx
+#: apps/remix/app/components/general/template/template-edit-form.tsx
+#: apps/remix/app/components/general/template/template-edit-form.tsx
 #: apps/remix/app/components/general/document-signing/document-signing-text-field.tsx
 #: apps/remix/app/components/general/document-signing/document-signing-text-field.tsx
 #: apps/remix/app/components/general/document-signing/document-signing-signature-field.tsx
@@ -3510,6 +3758,10 @@ msgstr "Entreprise"
 #: apps/remix/app/components/general/document/document-edit-form.tsx
 #: apps/remix/app/components/general/document/document-edit-form.tsx
 #: apps/remix/app/components/general/document/document-edit-form.tsx
+#: apps/remix/app/components/general/document/document-edit-form.tsx
+#: apps/remix/app/components/general/document/document-edit-form.tsx
+#: apps/remix/app/components/general/document/document-edit-form.tsx
+#: apps/remix/app/components/general/document/document-edit-form.tsx
 #: apps/remix/app/components/general/document/document-drop-zone-wrapper.tsx
 #: apps/remix/app/components/embed/multisign/multi-sign-document-signing-view.tsx
 #: apps/remix/app/components/dialogs/webhook-create-dialog.tsx
@@ -3521,6 +3773,7 @@ msgstr "Entreprise"
 #: apps/remix/app/components/dialogs/document-move-to-folder-dialog.tsx
 #: apps/remix/app/components/dialogs/document-move-to-folder-dialog.tsx
 #: apps/remix/app/components/dialogs/document-move-to-folder-dialog.tsx
+#: apps/remix/app/components/dialogs/admin-user-reset-two-factor-dialog.tsx
 #: apps/remix/app/components/dialogs/admin-user-enable-dialog.tsx
 #: apps/remix/app/components/dialogs/admin-user-disable-dialog.tsx
 #: apps/remix/app/components/dialogs/admin-user-delete-dialog.tsx
@@ -3579,6 +3832,10 @@ msgstr "Échec de la création du dossier"
 msgid "Failed to create subscription claim."
 msgstr "Échec de la création de la réclamation d'abonnement."
 
+#: apps/remix/app/components/forms/support-ticket-form.tsx
+msgid "Failed to create support ticket"
+msgstr ""
+
 #: apps/remix/app/components/dialogs/folder-delete-dialog.tsx
 msgid "Failed to delete folder"
 msgstr "Échec de la suppression du dossier"
@@ -3611,6 +3868,10 @@ msgstr "Échec de l'enregistrement des paramètres."
 msgid "Failed to sign out all sessions"
 msgstr "Impossible de se déconnecter de toutes les sessions"
 
+#: apps/remix/app/routes/_authenticated+/settings+/security.linked-accounts.tsx
+msgid "Failed to unlink account"
+msgstr ""
+
 #: apps/remix/app/routes/embed+/v1+/authoring+/document.edit.$id.tsx
 msgid "Failed to update document"
 msgstr "Échec de la mise à jour du document"
@@ -3669,16 +3930,19 @@ msgid "Field placeholder"
 msgstr "Espace réservé du champ"
 
 #: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
 msgid "Field prefilled by assistant"
-msgstr "Champ pré-rempli par l'assistant"
+msgstr ""
 
 #: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
 msgid "Field signed"
-msgstr "Champ signé"
+msgstr ""
 
 #: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
 msgid "Field unsigned"
-msgstr "Champ non signé"
+msgstr ""
 
 #: apps/remix/app/components/tables/admin-document-recipient-item-table.tsx
 msgid "Fields"
@@ -3688,13 +3952,21 @@ msgstr "Champs"
 msgid "Fields updated"
 msgstr "Champs mis à jour"
 
-#: apps/remix/app/components/general/template/template-drop-zone-wrapper.tsx
 #: apps/remix/app/components/general/document/document-upload.tsx
-#: apps/remix/app/components/general/document/document-drop-zone-wrapper.tsx
 #: apps/remix/app/components/embed/authoring/configure-document-upload.tsx
 msgid "File cannot be larger than {APP_DOCUMENT_UPLOAD_SIZE_LIMIT}MB"
 msgstr "Le fichier ne peut pas dépasser {APP_DOCUMENT_UPLOAD_SIZE_LIMIT} Mo"
 
+#: apps/remix/app/components/general/template/template-drop-zone-wrapper.tsx
+#: apps/remix/app/components/general/document/document-drop-zone-wrapper.tsx
+msgid "File is larger than {APP_DOCUMENT_UPLOAD_SIZE_LIMIT}MB"
+msgstr ""
+
+#: apps/remix/app/components/general/template/template-drop-zone-wrapper.tsx
+#: apps/remix/app/components/general/document/document-drop-zone-wrapper.tsx
+msgid "File is too small"
+msgstr ""
+
 #: apps/remix/app/components/dialogs/template-use-dialog.tsx
 msgid "File size exceeds the limit of {APP_DOCUMENT_UPLOAD_SIZE_LIMIT} MB"
 msgstr "La taille du fichier dépasse la limite de {APP_DOCUMENT_UPLOAD_SIZE_LIMIT} MB"
@@ -3810,6 +4082,7 @@ msgstr "Générer des liens"
 msgid "Global recipient action authentication"
 msgstr "Authentification d'action de destinataire globale"
 
+#: apps/remix/app/routes/_unauthenticated+/o.$orgUrl.signin.tsx
 #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.groups.$id.tsx
 #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.email-domains.$id.tsx
 #: apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.webhooks.$id.tsx
@@ -4000,6 +4273,10 @@ msgstr "Accueil (Pas de Dossier)"
 msgid "Horizontal"
 msgstr "Horizontal"
 
+#: apps/remix/app/routes/_unauthenticated+/organisation.sso.confirmation.$token.tsx
+msgid "I agree to link my account with this organization"
+msgstr ""
+
 #: packages/lib/constants/recipient-roles.ts
 msgid "I am a signer of this document"
 msgstr "Je suis un signataire de ce document"
@@ -4024,6 +4301,10 @@ msgstr "Je dois recevoir une copie de ce document"
 msgid "I am the owner of this document"
 msgstr "Je suis le propriétaire de ce document"
 
+#: apps/remix/app/routes/_unauthenticated+/o.$orgUrl.signin.tsx
+msgid "I understand that I am providing my credentials to a 3rd party service configured by this organisation"
+msgstr ""
+
 #: apps/remix/app/components/dialogs/webhook-delete-dialog.tsx
 #: apps/remix/app/components/dialogs/token-delete-dialog.tsx
 msgid "I'm sure! Delete it"
@@ -4053,6 +4334,10 @@ msgstr "Si vous ne trouvez pas le lien de confirmation dans votre boîte de réc
 msgid "If your authenticator app does not support QR codes, you can use the following code instead:"
 msgstr "Si votre application d'authentification ne prend pas en charge les codes QR, vous pouvez utiliser le code suivant à la place :"
 
+#: apps/remix/app/routes/_unauthenticated+/organisation.sso.confirmation.$token.tsx
+msgid "Important: What This Means"
+msgstr ""
+
 #: apps/remix/app/components/general/app-nav-mobile.tsx
 #: apps/remix/app/components/general/app-nav-mobile.tsx
 #: apps/remix/app/components/general/document/document-status.tsx
@@ -4120,6 +4405,10 @@ msgstr "Statistiques de l'instance"
 msgid "Invalid code. Please try again."
 msgstr "Code invalide. Veuillez réessayer."
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "Invalid domains"
+msgstr ""
+
 #: packages/ui/primitives/document-flow/add-signers.types.ts
 msgid "Invalid email"
 msgstr "Email invalide"
@@ -4133,6 +4422,10 @@ msgstr "Lien invalide"
 msgid "Invalid token"
 msgstr "Token invalide"
 
+#: apps/remix/app/routes/_unauthenticated+/organisation.sso.confirmation.$token.tsx
+msgid "Invalid Token"
+msgstr ""
+
 #: apps/remix/app/components/forms/reset-password.tsx
 msgid "Invalid token provided. Please try again."
 msgstr "Le token fourni est invalide. Veuillez réessayer."
@@ -4192,6 +4485,10 @@ msgstr "Facture"
 msgid "IP Address"
 msgstr "Adresse IP"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "Issuer URL"
+msgstr ""
+
 #: apps/remix/app/routes/_unauthenticated+/articles.signature-disclosure.tsx
 msgid "It is crucial to keep your contact information, especially your email address, up to date with us. Please notify us immediately of any changes to ensure that you continue to receive all necessary communications."
 msgstr "Il est crucial de maintenir vos coordonnées, en particulier votre adresse e-mail, à jour avec nous. Veuillez nous informer immédiatement de tout changement pour vous assurer que vous continuez à recevoir toutes les communications nécessaires."
@@ -4225,6 +4522,10 @@ msgstr "Ce n'est actuellement pas votre tour de signer. Vous recevrez un e-mail
 msgid "Join {organisationName} on Documenso"
 msgstr "Rejoindre {organisationName} sur Documenso"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.support.tsx
+msgid "Join our community on <0>Discord</0> for community support and discussion."
+msgstr ""
+
 #. placeholder {0}: DateTime.fromJSDate(team.createdAt).toRelative({ style: 'short' })
 #: apps/remix/app/routes/_authenticated+/dashboard.tsx
 msgid "Joined {0}"
@@ -4319,10 +4620,27 @@ msgstr "Vous voulez avoir votre propre profil public avec des accords ?"
 msgid "Link expires in 1 hour."
 msgstr "Le lien expire dans 1 heure."
 
+#: packages/email/templates/organisation-account-link-confirmation.tsx
+msgid "Link expires in 30 minutes."
+msgstr ""
+
 #: apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.public-profile.tsx
 msgid "Link template"
 msgstr "Modèle de lien"
 
+#: packages/email/templates/organisation-account-link-confirmation.tsx
+msgid "Link your Documenso account"
+msgstr ""
+
+#: apps/remix/app/routes/_authenticated+/settings+/security.linked-accounts.tsx
+#: apps/remix/app/routes/_authenticated+/settings+/security._index.tsx
+msgid "Linked Accounts"
+msgstr ""
+
+#: apps/remix/app/routes/_authenticated+/settings+/security.linked-accounts.tsx
+msgid "Linked At"
+msgstr ""
+
 #: apps/remix/app/components/general/document/document-edit-form.tsx
 msgid "Links Generated"
 msgstr "Liens générés"
@@ -4347,6 +4665,10 @@ msgstr "Chargement du document..."
 msgid "Loading Document..."
 msgstr "Chargement du Document..."
 
+#: packages/ui/components/recipient/recipient-autocomplete-input.tsx
+msgid "Loading suggestions..."
+msgstr ""
+
 #: apps/remix/app/components/general/document/document-page-view-recent-activity.tsx
 msgid "Loading..."
 msgstr "Chargement..."
@@ -4372,6 +4694,10 @@ msgstr "Gérer"
 msgid "Manage {0}'s profile"
 msgstr "Gérer le profil de {0}"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "Manage a custom SSO login portal for your organisation."
+msgstr ""
+
 #: apps/remix/app/routes/_authenticated+/settings+/organisations.tsx
 msgid "Manage all organisations you are currently associated with."
 msgstr "Gérez toutes les organisations avec lesquelles vous êtes actuellement associé."
@@ -4404,6 +4730,10 @@ msgstr "Gérer le lien direct"
 msgid "Manage documents"
 msgstr "Gérer les documents"
 
+#: apps/remix/app/routes/_authenticated+/settings+/security._index.tsx
+msgid "Manage linked accounts"
+msgstr ""
+
 #: apps/remix/app/routes/_authenticated+/admin+/organisations.$id.tsx
 msgid "Manage organisation"
 msgstr "Gérer l'organisation"
@@ -4539,6 +4869,10 @@ msgstr "Membre"
 msgid "Member Count"
 msgstr "Nombre de membres"
 
+#: apps/remix/app/routes/_authenticated+/admin+/organisations.$id.tsx
+msgid "Member promoted to owner successfully"
+msgstr ""
+
 #: apps/remix/app/components/tables/organisation-members-table.tsx
 msgid "Member Since"
 msgstr "Membre depuis"
@@ -4554,6 +4888,7 @@ msgstr "Membre depuis"
 msgid "Members"
 msgstr "Membres"
 
+#: apps/remix/app/components/forms/support-ticket-form.tsx
 #: packages/ui/primitives/template-flow/add-template-settings.tsx
 #: packages/ui/primitives/document-flow/add-subject.tsx
 msgid "Message"
@@ -4789,6 +5124,10 @@ msgstr "Aucun champ de signature trouvé"
 msgid "No Stripe customer attached"
 msgstr "Aucun client Stripe attaché"
 
+#: packages/ui/components/recipient/recipient-autocomplete-input.tsx
+msgid "No suggestions found"
+msgstr ""
+
 #: apps/remix/app/components/tables/team-groups-table.tsx
 msgid "No team groups found"
 msgstr "Aucun groupe d'équipes trouvé"
@@ -4919,6 +5258,16 @@ msgstr "Seules les administrateurs peuvent accéder et voir le document"
 msgid "Only managers and above can access and view the document"
 msgstr "Seuls les responsables et au-dessus peuvent accéder et voir le document"
 
+#: apps/remix/app/components/general/template/template-drop-zone-wrapper.tsx
+#: apps/remix/app/components/general/document/document-drop-zone-wrapper.tsx
+msgid "Only one file can be uploaded at a time"
+msgstr ""
+
+#: apps/remix/app/components/general/template/template-drop-zone-wrapper.tsx
+#: apps/remix/app/components/general/document/document-drop-zone-wrapper.tsx
+msgid "Only PDF files are allowed"
+msgstr ""
+
 #: apps/remix/app/routes/_profile+/_layout.tsx
 #: apps/remix/app/components/general/generic-error-layout.tsx
 #: apps/remix/app/components/general/generic-error-layout.tsx
@@ -4934,10 +5283,15 @@ msgstr "Ouvert"
 msgid "Or"
 msgstr "Ou"
 
+#: apps/remix/app/routes/_unauthenticated+/o.$orgUrl.signin.tsx
+msgid "OR"
+msgstr ""
+
 #: apps/remix/app/components/forms/signin.tsx
 msgid "Or continue with"
 msgstr "Ou continuez avec"
 
+#: apps/remix/app/routes/_unauthenticated+/organisation.sso.confirmation.$token.tsx
 #: apps/remix/app/components/tables/user-organisations-table.tsx
 #: apps/remix/app/components/tables/admin-organisations-table.tsx
 msgid "Organisation"
@@ -4947,6 +5301,10 @@ msgstr "Organisation"
 msgid "Organisation Admin"
 msgstr "Administrateur de l'organisation"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "Organisation authentication portal URL"
+msgstr ""
+
 #: apps/remix/app/components/dialogs/admin-organisation-create-dialog.tsx
 msgid "Organisation created"
 msgstr "Organisation créée"
@@ -5017,6 +5375,10 @@ msgstr "Paramètres de l'organisation"
 msgid "Organisation Settings"
 msgstr "Paramètres de l'organisation"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "Organisation SSO Portal"
+msgstr ""
+
 #: apps/remix/app/routes/_authenticated+/admin+/organisations.$id.tsx
 msgid "Organisation Teams"
 msgstr "Équipes de l'organisation"
@@ -5309,9 +5671,13 @@ msgstr "Veuillez entrer un nom significatif pour votre token. Cela vous aidera 
 msgid "Please enter a valid name."
 msgstr "Veuiillez entrer un nom valide."
 
-#: apps/remix/app/components/general/document-signing/document-signing-form.tsx
-msgid "Please mark as viewed to complete"
-msgstr "Veuillez marquer comme vu pour terminer"
+#: apps/remix/app/components/general/document-signing/document-signing-page-view.tsx
+msgid "Please mark as viewed to complete."
+msgstr ""
+
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "Please note that anyone who signs in through your portal will be added to your organisation as a member."
+msgstr ""
 
 #: apps/remix/app/components/dialogs/template-direct-link-dialog.tsx
 msgid "Please note that proceeding will remove direct linking recipient and turn it into a placeholder."
@@ -5349,11 +5715,11 @@ msgstr "Veuillez fournir un token de l'authentificateur, ou un code de secours.
 msgid "Please provide a token from your authenticator, or a backup code."
 msgstr "Veuillez fournir un token de votre authentificateur, ou un code de secours."
 
-#: apps/remix/app/components/general/document-signing/document-signing-form.tsx
+#: apps/remix/app/components/general/document-signing/document-signing-page-view.tsx
 msgid "Please review the document before approving."
 msgstr "Veuillez examiner le document avant d'approuver."
 
-#: apps/remix/app/components/general/document-signing/document-signing-form.tsx
+#: apps/remix/app/components/general/document-signing/document-signing-page-view.tsx
 msgid "Please review the document before signing."
 msgstr "Veuillez examiner le document avant de signer."
 
@@ -5449,6 +5815,18 @@ msgstr "Profil mis à jour"
 msgid "Progress"
 msgstr "Progrès"
 
+#: apps/remix/app/routes/_authenticated+/admin+/organisations.$id.tsx
+msgid "Promote to owner"
+msgstr ""
+
+#: apps/remix/app/routes/_authenticated+/settings+/security.linked-accounts.tsx
+msgid "Provider"
+msgstr ""
+
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "Provider has been updated successfully"
+msgstr ""
+
 #: apps/remix/app/components/tables/templates-table.tsx
 #: apps/remix/app/components/general/template/template-type.tsx
 msgid "Public"
@@ -5485,6 +5863,10 @@ msgstr "Valeurs radio"
 msgid "Read only"
 msgstr "Lecture seule"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.support.tsx
+msgid "Read our documentation to get started with Documenso."
+msgstr ""
+
 #: apps/remix/app/components/general/document-signing/document-signing-disclosure.tsx
 msgid "Read the full <0>signature disclosure</0>."
 msgstr "Lisez l'intégralité de la <0>divulgation de signature</0>."
@@ -5601,6 +5983,10 @@ msgstr "Codes de récupération"
 msgid "Red"
 msgstr "Rouge"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "Redirect URI"
+msgstr ""
+
 #: apps/remix/app/components/embed/authoring/configure-document-advanced-settings.tsx
 #: packages/ui/primitives/template-flow/add-template-settings.tsx
 #: packages/ui/primitives/document-flow/add-settings.tsx
@@ -5714,6 +6100,10 @@ msgstr "Répondre à l'e-mail"
 msgid "Reply To Email"
 msgstr "Répondre à l'e-mail"
 
+#: apps/remix/app/routes/_unauthenticated+/organisation.sso.confirmation.$token.tsx
+msgid "Requesting Organisation"
+msgstr ""
+
 #: packages/ui/primitives/document-flow/field-items-advanced-settings/text-field.tsx
 #: packages/ui/primitives/document-flow/field-items-advanced-settings/radio-field.tsx
 #: packages/ui/primitives/document-flow/field-items-advanced-settings/number-field.tsx
@@ -5722,6 +6112,10 @@ msgstr "Répondre à l'e-mail"
 msgid "Required field"
 msgstr "Champ requis"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "Required scopes"
+msgstr ""
+
 #: apps/remix/app/routes/_authenticated+/admin+/documents.$id.tsx
 msgid "Reseal document"
 msgstr "Rescellage du document"
@@ -5746,6 +6140,11 @@ msgstr "Renvoyer la vérification"
 msgid "Reset"
 msgstr "Réinitialiser"
 
+#: apps/remix/app/components/dialogs/admin-user-reset-two-factor-dialog.tsx
+#: apps/remix/app/components/dialogs/admin-user-reset-two-factor-dialog.tsx
+msgid "Reset 2FA"
+msgstr ""
+
 #: apps/remix/app/components/forms/forgot-password.tsx
 msgid "Reset email sent"
 msgstr "E-mail de réinitialisation envoyé"
@@ -5757,6 +6156,14 @@ msgstr "E-mail de réinitialisation envoyé"
 msgid "Reset Password"
 msgstr "Réinitialiser le mot de passe"
 
+#: apps/remix/app/components/dialogs/admin-user-reset-two-factor-dialog.tsx
+msgid "Reset the users two factor authentication. This action is irreversible and will disable two factor authentication for the user."
+msgstr ""
+
+#: apps/remix/app/components/dialogs/admin-user-reset-two-factor-dialog.tsx
+msgid "Reset Two Factor Authentication"
+msgstr ""
+
 #: apps/remix/app/components/forms/reset-password.tsx
 msgid "Resetting Password..."
 msgstr "Réinitialisation du mot de passe..."
@@ -5788,9 +6195,14 @@ msgstr "Réessayer"
 #: apps/remix/app/routes/_unauthenticated+/team.verify.email.$token.tsx
 #: apps/remix/app/routes/_unauthenticated+/organisation.invite.$token.tsx
 #: apps/remix/app/routes/_unauthenticated+/organisation.decline.$token.tsx
+#: apps/remix/app/routes/_unauthenticated+/o.$orgUrl.signin.tsx
 msgid "Return"
 msgstr "Retour"
 
+#: apps/remix/app/routes/_unauthenticated+/o.$orgUrl.signin.tsx
+msgid "Return to Documenso sign in page here"
+msgstr ""
+
 #: apps/remix/app/routes/_unauthenticated+/organisation.decline.$token.tsx
 msgid "Return to Home"
 msgstr "Retour à l'accueil"
@@ -5800,6 +6212,10 @@ msgstr "Retour à l'accueil"
 msgid "Return to sign in"
 msgstr "Retour à la connexion"
 
+#: packages/email/templates/organisation-account-link-confirmation.tsx
+msgid "Review request"
+msgstr ""
+
 #: apps/remix/app/routes/_authenticated+/settings+/security.sessions.tsx
 #: apps/remix/app/components/general/teams/team-email-usage.tsx
 msgid "Revoke"
@@ -5974,6 +6390,10 @@ msgstr "Sélectionnez les méthodes d'authentification"
 msgid "Select default option"
 msgstr "Sélectionner l'option par défaut"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "Select default role"
+msgstr ""
+
 #: packages/ui/primitives/document-flow/field-items-advanced-settings/checkbox-field.tsx
 msgid "Select direction"
 msgstr "Sélectionner la direction"
@@ -6189,6 +6609,11 @@ msgstr "Afficher les paramètres avancés"
 msgid "Show templates in your public profile for your audience to sign and get started quickly"
 msgstr "Afficher des modèles dans votre profil public pour que votre audience puisse signer et commencer rapidement"
 
+#: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role action verb"
+msgid "Sign"
+msgstr ""
+
 #: apps/remix/app/routes/_profile+/p.$url.tsx
 #: apps/remix/app/components/tables/inbox-table.tsx
 #: apps/remix/app/components/tables/documents-table-action-dropdown.tsx
@@ -6202,7 +6627,6 @@ msgstr "Afficher des modèles dans votre profil public pour que votre audience p
 #: apps/remix/app/components/general/document-signing/document-signing-auth-password.tsx
 #: apps/remix/app/components/general/document-signing/document-signing-auth-2fa.tsx
 #: apps/remix/app/components/general/document/document-page-view-button.tsx
-#: packages/lib/constants/recipient-roles.ts
 msgid "Sign"
 msgstr "Signer"
 
@@ -6224,7 +6648,7 @@ msgstr "Signer comme<0>{0} <1>({1})</1></0>"
 msgid "Sign document"
 msgstr "Signer le document"
 
-#: apps/remix/app/components/general/document-signing/document-signing-form.tsx
+#: apps/remix/app/components/general/document-signing/document-signing-page-view.tsx
 #: packages/email/template-components/template-document-invite.tsx
 msgid "Sign Document"
 msgstr "Signer le document"
@@ -6242,6 +6666,7 @@ msgstr "Champ de signature"
 msgid "Sign Here"
 msgstr "Signer ici"
 
+#: apps/remix/app/routes/_unauthenticated+/o.$orgUrl.signin.tsx
 #: apps/remix/app/components/forms/signin.tsx
 #: apps/remix/app/components/forms/signin.tsx
 #: packages/email/template-components/template-reset-password.tsx
@@ -6249,6 +6674,7 @@ msgid "Sign In"
 msgstr "Se connecter"
 
 #: apps/remix/app/routes/_unauthenticated+/signin.tsx
+#: apps/remix/app/routes/_unauthenticated+/o.$orgUrl.signin.tsx
 #: apps/remix/app/components/general/document-signing/document-signing-auth-dialog.tsx
 msgid "Sign in to your account"
 msgstr "Connectez-vous à votre compte"
@@ -6316,32 +6742,35 @@ msgstr "Signatures collectées"
 msgid "Signatures will appear once the document has been completed"
 msgstr "Les signatures apparaîtront une fois le document complété"
 
+#: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role actioned"
+msgid "Signed"
+msgstr ""
+
 #: apps/remix/app/routes/_internal+/[__htmltopdf]+/certificate.tsx
 #: apps/remix/app/components/general/document/document-page-view-recipients.tsx
 #: packages/ui/components/document/document-read-only-fields.tsx
-#: packages/lib/constants/recipient-roles.ts
 msgid "Signed"
 msgstr "Signé"
 
 #: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role name"
 msgid "Signer"
-msgstr "Signataire"
+msgstr ""
 
 #: apps/remix/app/routes/_internal+/[__htmltopdf]+/certificate.tsx
 msgid "Signer Events"
 msgstr "Événements de signataire"
 
 #: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role plural name"
 msgid "Signers"
-msgstr "Signataires"
-
-#: packages/ui/primitives/document-flow/add-signers.types.ts
-msgid "Signers must have unique emails"
-msgstr "Les signataires doivent avoir des e-mails uniques"
+msgstr ""
 
 #: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role progressive verb"
 msgid "Signing"
-msgstr "Signature en cours"
+msgstr ""
 
 #: apps/remix/app/routes/_internal+/[__htmltopdf]+/certificate.tsx
 msgid "Signing Certificate"
@@ -6512,6 +6941,14 @@ msgstr "Désolé, nous n'avons pas pu télécharger le certificat. Veuillez rée
 msgid "Source"
 msgstr "Source"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "Space-separated list of domains. Leave empty to allow all domains."
+msgstr ""
+
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings._layout.tsx
+msgid "SSO"
+msgstr ""
+
 #: apps/remix/app/routes/_authenticated+/admin+/_layout.tsx
 msgid "Stats"
 msgstr "Statistiques"
@@ -6543,6 +6980,7 @@ msgstr "Le client Stripe a été créé avec succès"
 msgid "Stripe Customer ID"
 msgstr "ID client Stripe"
 
+#: apps/remix/app/components/forms/support-ticket-form.tsx
 #: packages/ui/primitives/document-flow/add-subject.tsx
 msgid "Subject"
 msgstr "Sujet"
@@ -6552,6 +6990,10 @@ msgstr "Sujet"
 msgid "Subject <0>(Optional)</0>"
 msgstr "Objet <0>(Optionnel)</0>"
 
+#: apps/remix/app/components/forms/support-ticket-form.tsx
+msgid "Submit"
+msgstr ""
+
 #: apps/remix/app/components/general/billing-plans.tsx
 #: apps/remix/app/components/general/billing-plans.tsx
 #: apps/remix/app/components/general/billing-plans.tsx
@@ -6585,10 +7027,12 @@ msgstr "Abonnement non valide"
 
 #: apps/remix/app/routes/embed+/v1+/authoring+/template.edit.$id.tsx
 #: apps/remix/app/routes/embed+/v1+/authoring+/document.edit.$id.tsx
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
 #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.groups.$id.tsx
 #: apps/remix/app/routes/_authenticated+/admin+/organisations.$id.tsx
 #: apps/remix/app/routes/_authenticated+/admin+/organisations.$id.tsx
 #: apps/remix/app/routes/_authenticated+/admin+/organisations.$id.tsx
+#: apps/remix/app/routes/_authenticated+/admin+/organisations.$id.tsx
 #: apps/remix/app/routes/_authenticated+/admin+/documents.$id.tsx
 #: apps/remix/app/components/tables/settings-security-passkey-table-actions.tsx
 #: apps/remix/app/components/tables/settings-security-passkey-table-actions.tsx
@@ -6646,6 +7090,15 @@ msgstr "Créés avec succès : {successCount}"
 msgid "Summary:"
 msgstr "Résumé :"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.support.tsx
+#: apps/remix/app/components/general/org-menu-switcher.tsx
+msgid "Support"
+msgstr ""
+
+#: apps/remix/app/components/forms/support-ticket-form.tsx
+msgid "Support ticket created"
+msgstr ""
+
 #: apps/remix/app/components/tables/organisation-email-domains-table.tsx
 msgid "Sync"
 msgstr "Synchronisation"
@@ -7009,7 +7462,8 @@ msgid "The email address which will show up in the \"Reply To\" field in emails"
 msgstr "L'adresse e-mail qui apparaîtra dans le champ \"Répondre à\" dans les courriels"
 
 #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.email-domains.$id.tsx
-msgid "The email domain you are looking for may have been removed, renamed or may have never\n"
+msgid ""
+"The email domain you are looking for may have been removed, renamed or may have never\n"
 "                    existed."
 msgstr "Le domaine de messagerie que vous recherchez a peut-être été supprimé, renommé ou n'a peut-être jamais existé."
 
@@ -7050,12 +7504,21 @@ msgstr "Les erreurs suivantes se sont produites :"
 msgid "The following team has been deleted. You will no longer be able to access this team and its documents"
 msgstr "L'équipe suivante a été supprimée. Vous ne pourrez plus accéder à cette équipe et à ses documents"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "The OpenID discovery endpoint URL for your provider"
+msgstr ""
+
+#: apps/remix/app/routes/_unauthenticated+/o.$orgUrl.signin.tsx
+msgid "The organisation authentication portal does not exist, or is not configured"
+msgstr ""
+
 #: apps/remix/app/components/dialogs/organisation-email-create-dialog.tsx
 msgid "The organisation email has been created successfully."
 msgstr "L'e-mail de l'organisation a été créé avec succès."
 
 #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.groups.$id.tsx
-msgid "The organisation group you are looking for may have been removed, renamed or may have never\n"
+msgid ""
+"The organisation group you are looking for may have been removed, renamed or may have never\n"
 "                    existed."
 msgstr "Le groupe d'organisation que vous cherchez peut avoir été supprimé, renommé ou n'a peut-être jamais existé."
 
@@ -7064,12 +7527,14 @@ msgid "The organisation role that will be applied to all members in this group."
 msgstr "Le rôle d'organisation qui sera appliqué à tous les membres de ce groupe."
 
 #: apps/remix/app/routes/_authenticated+/admin+/organisations.$id.tsx
-msgid "The organisation you are looking for may have been removed, renamed or may have never\n"
+msgid ""
+"The organisation you are looking for may have been removed, renamed or may have never\n"
 "                    existed."
 msgstr "L'organisation que vous cherchez peut avoir été supprimée, renommée ou n'a peut-être jamais existé."
 
 #: apps/remix/app/routes/_authenticated+/_layout.tsx
-msgid "The organisation you are looking for may have been removed, renamed or may have never\n"
+msgid ""
+"The organisation you are looking for may have been removed, renamed or may have never\n"
 "                  existed."
 msgstr "L'organisation que vous cherchez peut avoir été supprimée, renommée ou n'a peut-être jamais existé."
 
@@ -7158,12 +7623,14 @@ msgid "The team email <0>{teamEmail}</0> has been removed from the following tea
 msgstr "L'email d'équipe <0>{teamEmail}</0> a été supprimé de l'équipe suivante"
 
 #: apps/remix/app/routes/_authenticated+/_layout.tsx
-msgid "The team you are looking for may have been removed, renamed or may have never\n"
+msgid ""
+"The team you are looking for may have been removed, renamed or may have never\n"
 "                  existed."
 msgstr "L'équipe que vous cherchez peut avoir été supprimée, renommée ou n'a peut-être jamais existé."
 
 #: apps/remix/app/routes/_authenticated+/t.$teamUrl+/_layout.tsx
-msgid "The team you are looking for may have been removed, renamed or may have never\n"
+msgid ""
+"The team you are looking for may have been removed, renamed or may have never\n"
 "                existed."
 msgstr "L'équipe que vous cherchez a peut-être été supprimée, renommée ou n'a peut-être jamais existé."
 
@@ -7179,6 +7646,10 @@ msgstr "Le modèle sera retiré de votre profil"
 msgid "The test webhook has been successfully sent to your endpoint."
 msgstr "Le webhook de test a été envoyé avec succès vers votre point de terminaison."
 
+#: apps/remix/app/routes/_unauthenticated+/organisation.sso.confirmation.$token.tsx
+msgid "The token is invalid or has expired."
+msgstr ""
+
 #: apps/remix/app/components/forms/token.tsx
 msgid "The token was copied to your clipboard."
 msgstr "Le token a été copié dans votre presse-papiers."
@@ -7205,10 +7676,15 @@ msgid "The URL for Documenso to send webhook events to."
 msgstr "L'URL pour Documenso pour envoyer des événements webhook."
 
 #: apps/remix/app/routes/_authenticated+/admin+/users.$id.tsx
-msgid "The user you are looking for may have been removed, renamed or may have never\n"
+msgid ""
+"The user you are looking for may have been removed, renamed or may have never\n"
 "                    existed."
 msgstr "L'utilisateur que vous cherchez peut avoir été supprimé, renommé ou n'a peut-être jamais existé."
 
+#: apps/remix/app/components/dialogs/admin-user-reset-two-factor-dialog.tsx
+msgid "The user's two factor authentication has been reset successfully."
+msgstr ""
+
 #: apps/remix/app/components/dialogs/webhook-delete-dialog.tsx
 msgid "The webhook has been successfully deleted."
 msgstr "Le webhook a été supprimé avec succès."
@@ -7222,7 +7698,8 @@ msgid "The webhook was successfully created."
 msgstr "Le webhook a été créé avec succès."
 
 #: apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.webhooks.$id.tsx
-msgid "The webhook you are looking for may have been removed, renamed or may have never\n"
+msgid ""
+"The webhook you are looking for may have been removed, renamed or may have never\n"
 "                    existed."
 msgstr "Le webhook que vous recherchez a peut-être été supprimé, renommé ou n'a peut-être jamais existé."
 
@@ -7258,6 +7735,10 @@ msgstr "Ce compte a été désactivé. Veuillez contacter le support."
 msgid "This account has not been verified. Please verify your account before signing in."
 msgstr "Ce compte n'a pas été vérifié. Veuillez vérifier votre compte avant de vous connecter."
 
+#: apps/remix/app/components/dialogs/admin-user-reset-two-factor-dialog.tsx
+msgid "This action is irreversible. Please ensure you have informed the user before proceeding."
+msgstr ""
+
 #: apps/remix/app/components/dialogs/admin-user-delete-dialog.tsx
 #: apps/remix/app/components/dialogs/admin-document-delete-dialog.tsx
 #: apps/remix/app/components/dialogs/account-delete-dialog.tsx
@@ -7376,10 +7857,22 @@ msgstr "Voici comment le document atteindra les destinataires une fois qu'il ser
 msgid "This is the claim that this organisation was initially created with. Any feature flag changes to this claim will be backported into this organisation."
 msgstr "Il s'agit de la réclamation avec laquelle cette organisation a initialement été créée. Tout changement de drapeau de fonctionnalité à cette revendication sera rétroporté dans cette organisation."
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "This is the required scopes you must set in your provider's settings"
+msgstr ""
+
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "This is the URL which users will use to sign in to your organisation."
+msgstr ""
+
 #: apps/remix/app/routes/_unauthenticated+/team.verify.email.$token.tsx
 msgid "This link is invalid or has expired. Please contact your team to resend a verification."
 msgstr "Ce lien est invalide ou a expiré. Veuillez contacter votre équipe pour renvoyer une vérification."
 
+#: apps/remix/app/routes/_unauthenticated+/organisation.sso.confirmation.$token.tsx
+msgid "This organisation will have administrative control over your account. You can revoke this access later, but they will retain access to any data they've already collected."
+msgstr ""
+
 #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.general.tsx
 msgid "This organisation, and any associated data will be permanently deleted."
 msgstr "Cette organisation, ainsi que toutes les données associées, seront définitivement supprimées."
@@ -7499,9 +7992,10 @@ msgstr "Pour pouvoir ajouter des membres à une équipe, vous devez d'abord les
 msgid "To change the email you must remove and add a new email address."
 msgstr "Pour changer l'e-mail, vous devez supprimer et ajouter une nouvelle adresse e-mail."
 
+#. placeholder {0}: user.email
 #. placeholder {0}: userToEnable.email
 #. placeholder {0}: userToDisable.email
-#. placeholder {0}: user.email
+#: apps/remix/app/components/dialogs/admin-user-reset-two-factor-dialog.tsx
 #: apps/remix/app/components/dialogs/admin-user-enable-dialog.tsx
 #: apps/remix/app/components/dialogs/admin-user-disable-dialog.tsx
 #: apps/remix/app/components/dialogs/admin-user-delete-dialog.tsx
@@ -7517,6 +8011,7 @@ msgid "To enable two-factor authentication, scan the following QR code using you
 msgstr "Pour activer l'authentification à deux facteurs, scannez le code QR suivant à l'aide de votre application d'authentification."
 
 #: apps/remix/app/routes/_unauthenticated+/unverified-account.tsx
+#: apps/remix/app/routes/_unauthenticated+/o.$orgUrl.signin.tsx
 msgid "To gain access to your account, please confirm your email address by clicking on the confirmation link from your inbox."
 msgstr "Pour accéder à votre compte, veuillez confirmer votre adresse e-mail en cliquant sur le lien de confirmation dans votre boîte de réception."
 
@@ -7633,9 +8128,14 @@ msgstr "L'authentification à deux facteurs a été désactivée pour votre comp
 msgid "Two-Factor Re-Authentication"
 msgstr "Ré-authentification à deux facteurs"
 
+#: packages/lib/constants/document.ts
+msgctxt "Type signatute type"
+msgid "Type"
+msgstr ""
+
 #: apps/remix/app/components/tables/templates-table.tsx
 #: apps/remix/app/components/tables/admin-document-recipient-item-table.tsx
-#: packages/lib/constants/document.ts
+#: packages/ui/primitives/signature-pad/signature-pad.tsx
 msgid "Type"
 msgstr "Type"
 
@@ -7749,9 +8249,15 @@ msgstr "Non complet"
 #: apps/remix/app/routes/_authenticated+/settings+/security.sessions.tsx
 #: apps/remix/app/routes/_authenticated+/settings+/security.sessions.tsx
 #: apps/remix/app/routes/_authenticated+/settings+/security.sessions.tsx
+#: apps/remix/app/routes/_authenticated+/settings+/security.linked-accounts.tsx
 msgid "Unknown"
 msgstr "Inconnu"
 
+#: apps/remix/app/components/general/template/template-drop-zone-wrapper.tsx
+#: apps/remix/app/components/general/document/document-drop-zone-wrapper.tsx
+msgid "Unknown error"
+msgstr ""
+
 #: apps/remix/app/components/tables/admin-claims-table.tsx
 msgid "Unlimited"
 msgstr "Illimité"
@@ -7760,6 +8266,11 @@ msgstr "Illimité"
 msgid "Unlimited documents, API and more"
 msgstr "Documents illimités, API et plus"
 
+#: apps/remix/app/routes/_authenticated+/settings+/security.linked-accounts.tsx
+#: apps/remix/app/routes/_authenticated+/settings+/security.linked-accounts.tsx
+msgid "Unlink"
+msgstr ""
+
 #: apps/remix/app/components/general/folder/folder-card.tsx
 msgid "Unpin"
 msgstr "Détacher"
@@ -7768,6 +8279,7 @@ msgstr "Détacher"
 msgid "Untitled Group"
 msgstr "Groupe sans titre"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
 #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.groups.$id.tsx
 #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.email-domains.$id.tsx
 #: apps/remix/app/routes/_authenticated+/admin+/organisations.$id.tsx
@@ -7907,6 +8419,11 @@ msgid "Upgrade your plan to upload more documents"
 msgstr "Mettez à niveau votre plan pour importer plus de documents"
 
 #: packages/lib/constants/document.ts
+msgctxt "Upload signatute type"
+msgid "Upload"
+msgstr ""
+
+#: packages/ui/primitives/signature-pad/signature-pad.tsx
 msgid "Upload"
 msgstr "Importer"
 
@@ -7940,6 +8457,11 @@ msgstr "Importer un document personnalisé"
 msgid "Upload Document"
 msgstr "Importer le document"
 
+#: apps/remix/app/components/general/template/template-drop-zone-wrapper.tsx
+#: apps/remix/app/components/general/document/document-drop-zone-wrapper.tsx
+msgid "Upload failed"
+msgstr ""
+
 #: packages/ui/primitives/signature-pad/signature-pad-upload.tsx
 msgid "Upload Signature"
 msgstr "Importer une signature"
@@ -8021,6 +8543,7 @@ msgstr "L'utilisateur n'a pas de mot de passe."
 msgid "User not found"
 msgstr "Utilisateur non trouvé"
 
+#: apps/remix/app/components/dialogs/admin-user-reset-two-factor-dialog.tsx
 #: apps/remix/app/components/dialogs/admin-user-enable-dialog.tsx
 #: apps/remix/app/components/dialogs/admin-user-disable-dialog.tsx
 #: apps/remix/app/components/dialogs/admin-user-delete-dialog.tsx
@@ -8094,6 +8617,11 @@ msgstr "Vérifiez votre adresse e-mail d'équipe"
 msgid "Vertical"
 msgstr "Vertical"
 
+#: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role action verb"
+msgid "View"
+msgstr ""
+
 #: apps/remix/app/components/tables/organisation-billing-invoices-table.tsx
 #: apps/remix/app/components/tables/inbox-table.tsx
 #: apps/remix/app/components/tables/inbox-table.tsx
@@ -8103,7 +8631,6 @@ msgstr "Vertical"
 #: apps/remix/app/components/general/document/document-page-view-button.tsx
 #: apps/remix/app/components/forms/2fa/view-recovery-codes-dialog.tsx
 #: apps/remix/app/components/embed/multisign/multi-sign-document-list.tsx
-#: packages/lib/constants/recipient-roles.ts
 msgid "View"
 msgstr "Voir"
 
@@ -8136,6 +8663,11 @@ msgstr "Voir toute l'activité de sécurité liée à votre compte."
 msgid "View and manage all active sessions for your account."
 msgstr "Afficher et gérer toutes les sessions actives de votre compte."
 
+#: apps/remix/app/routes/_authenticated+/settings+/security.linked-accounts.tsx
+#: apps/remix/app/routes/_authenticated+/settings+/security._index.tsx
+msgid "View and manage all login methods linked to your account."
+msgstr ""
+
 #: apps/remix/app/components/forms/2fa/view-recovery-codes-dialog.tsx
 msgid "View Codes"
 msgstr "Voir les codes"
@@ -8148,7 +8680,7 @@ msgstr "Voir les enregistrements DNS"
 msgid "View document"
 msgstr "Voir le document"
 
-#: apps/remix/app/components/general/document-signing/document-signing-form.tsx
+#: apps/remix/app/components/general/document-signing/document-signing-page-view.tsx
 #: packages/ui/primitives/document-flow/add-subject.tsx
 #: packages/ui/primitives/document-flow/add-subject.tsx
 #: packages/ui/primitives/document-flow/add-subject.tsx
@@ -8198,24 +8730,31 @@ msgstr "Voir les équipes"
 msgid "View the DNS records for this email domain"
 msgstr "Voir les enregistrements DNS pour ce domaine de messagerie"
 
+#: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role actioned"
+msgid "Viewed"
+msgstr ""
+
 #: apps/remix/app/routes/_internal+/[__htmltopdf]+/certificate.tsx
 #: apps/remix/app/components/general/document/document-page-view-recipients.tsx
 #: apps/remix/app/components/embed/multisign/multi-sign-document-list.tsx
-#: packages/lib/constants/recipient-roles.ts
 msgid "Viewed"
 msgstr "Vu"
 
 #: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role name"
 msgid "Viewer"
-msgstr "Lecteur"
+msgstr ""
 
 #: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role plural name"
 msgid "Viewers"
-msgstr "Lecteurs"
+msgstr ""
 
 #: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role progressive verb"
 msgid "Viewing"
-msgstr "Consultation"
+msgstr ""
 
 #: apps/remix/app/components/dialogs/folder-update-dialog.tsx
 msgid "Visibility"
@@ -8276,6 +8815,10 @@ msgstr "Nous ne pouvons pas mettre à jour cette clé de passkey pour le moment.
 msgid "We couldn't create a Stripe customer. Please try again."
 msgstr "Nous n'avons pas pu créer un client Stripe. Veuillez réessayer."
 
+#: apps/remix/app/routes/_authenticated+/admin+/organisations.$id.tsx
+msgid "We couldn't promote the member to owner. Please try again."
+msgstr ""
+
 #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.groups.$id.tsx
 msgid "We couldn't update the group. Please try again."
 msgstr "Nous n'avons pas pu mettre à jour le groupe. Veuillez réessayer."
@@ -8285,6 +8828,10 @@ msgstr "Nous n'avons pas pu mettre à jour le groupe. Veuillez réessayer."
 msgid "We couldn't update the organisation. Please try again."
 msgstr "Nous n'avons pas pu mettre à jour l'organisation. Veuillez réessayer."
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "We couldn't update the provider. Please try again."
+msgstr ""
+
 #: apps/remix/app/components/dialogs/organisation-email-create-dialog.tsx
 msgid "We encountered an error while creating the email. Please try again later."
 msgstr "Nous avons rencontré une erreur lors de la création de l'e-mail. Veuillez réessayer plus tard."
@@ -8393,6 +8940,7 @@ msgstr "Une erreur inconnue s'est produite lors de la réinitialisation de votre
 msgid "We encountered an unknown error while attempting to revoke access. Please try again or contact support."
 msgstr "Une erreur inconnue s'est produite lors de la révocation de l'accès. Veuillez réessayer ou contacter le support."
 
+#: apps/remix/app/routes/_unauthenticated+/o.$orgUrl.signin.tsx
 #: apps/remix/app/components/forms/signin.tsx
 #: apps/remix/app/components/forms/signin.tsx
 msgid "We encountered an unknown error while attempting to sign you In. Please try again later."
@@ -8528,6 +9076,10 @@ msgstr "Nous allons générer des liens de signature pour vous, que vous pouvez
 msgid "We won't send anything to notify recipients."
 msgstr "Nous n'enverrons rien pour notifier les destinataires."
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.support.tsx
+msgid "We'll get back to you as soon as possible via email."
+msgstr ""
+
 #: apps/remix/app/routes/_authenticated+/t.$teamUrl+/templates._index.tsx
 #: apps/remix/app/components/tables/documents-table-empty-state.tsx
 msgid "We're all empty"
@@ -8585,10 +9137,18 @@ msgstr "Contentieux, nous avons de la chance de vous avoir."
 msgid "Welcome back! Here's an overview of your account."
 msgstr "Bon retour ! Voici un aperçu de votre compte."
 
+#: apps/remix/app/routes/_unauthenticated+/o.$orgUrl.signin.tsx
+msgid "Welcome to {organisationName}"
+msgstr ""
+
 #: packages/email/template-components/template-confirmation-email.tsx
 msgid "Welcome to Documenso!"
 msgstr "Bienvenue sur Documenso !"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "Well-known URL is required"
+msgstr ""
+
 #: apps/remix/app/routes/_recipient+/sign.$token+/waiting.tsx
 msgid "Were you trying to edit this document instead?"
 msgstr "Essayiez-vous d'éditer ce document à la place ?"
@@ -8615,6 +9175,10 @@ msgstr "Lorsque vous signez un document, nous pouvons automatiquement remplir et
 msgid "When you use our platform to affix your electronic signature to documents, you are consenting to do so under the Electronic Signatures in Global and National Commerce Act (E-Sign Act) and other applicable laws. This action indicates your agreement to use electronic means to sign documents and receive notifications."
 msgstr "Lorsque vous utilisez notre plateforme pour apposer votre signature électronique sur des documents, vous consentez à le faire conformément à la loi sur les signatures électroniques dans le commerce mondial et national (E-Sign Act) et aux autres lois applicables. Cette action indique votre accord à utiliser des moyens électroniques pour signer des documents et recevoir des notifications."
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "Whether to enable the SSO portal for your organisation"
+msgstr ""
+
 #: apps/remix/app/routes/_profile+/p.$url.tsx
 msgid "While waiting for them to do so you can create your own Documenso account and get started with document signing right away."
 msgstr "En attendant qu'ils le fassent, vous pouvez créer votre propre compte Documenso et commencer à signer des documents dès maintenant."
@@ -8682,6 +9246,10 @@ msgstr "Vous êtes sur le point de quitter l'organisation suivante."
 msgid "You are about to remove default access to this team for all organisation members. Any members not explicitly added to this team will no longer have access."
 msgstr "Vous êtes sur le point de supprimer l'accès par défaut à cette équipe pour tous les membres de l'organisation. Tous les membres non ajoutés explicitement à cette équipe ne pourront plus y accéder."
 
+#: apps/remix/app/routes/_authenticated+/settings+/security.linked-accounts.tsx
+msgid "You are about to remove the <0>{provider}</0> login method from your account."
+msgstr ""
+
 #. placeholder {0}: organisation.name
 #: apps/remix/app/components/dialogs/organisation-email-domain-delete-dialog.tsx
 msgid "You are about to remove the email domain <0>{emailDomain}</0> from <1>{0}</1>. All emails associated with this domain will be deleted."
@@ -8768,6 +9336,10 @@ msgstr "Vous n'êtes pas autorisé à désactiver cet utilisateur."
 msgid "You are not authorized to enable this user."
 msgstr "Vous n'êtes pas autorisé à activer cet utilisateur."
 
+#: apps/remix/app/components/dialogs/admin-user-reset-two-factor-dialog.tsx
+msgid "You are not authorized to reset two factor authentcation for this user."
+msgstr ""
+
 #: packages/email/template-components/template-confirmation-email.tsx
 msgid "You can also copy and paste this link into your browser: {confirmationLink} (link expires in 1 hour)"
 msgstr "Vous pouvez également copier et coller ce lien dans votre navigateur : {confirmationLink} (le lien expire dans 1 heure)"
@@ -9058,6 +9630,10 @@ msgstr "Vous devrez maintenant entrer un code de votre application d'authentific
 msgid "You will receive an Email copy of the signed document once everyone has signed."
 msgstr "Vous recevrez une copie par e-mail du document signé une fois que tout le monde aura signé."
 
+#: apps/remix/app/routes/_unauthenticated+/organisation.sso.confirmation.$token.tsx
+msgid "Your Account"
+msgstr ""
+
 #: apps/remix/app/components/dialogs/account-delete-dialog.tsx
 msgid "Your account has been deleted successfully."
 msgstr "Votre compte a été supprimé avec succès."
@@ -9091,6 +9667,10 @@ msgstr "Votre envoi groupé pour le modèle \"{templateName}\" est terminé."
 msgid "Your current {currentProductName} plan is past due. Please update your payment information."
 msgstr "Votre plan actuel {currentProductName} est arrivé à échéance. Veuillez mettre à jour vos informations de paiement."
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.support.tsx
+msgid "Your current plan includes the following support channels:"
+msgstr ""
+
 #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.billing.tsx
 msgid "Your current plan is inactive."
 msgstr "Votre plan actuel est inactif."
@@ -9104,7 +9684,6 @@ msgid "Your direct signing templates"
 msgstr "Vos modèles de signature directe"
 
 #: apps/remix/app/components/general/document/document-upload.tsx
-#: apps/remix/app/components/general/document/document-drop-zone-wrapper.tsx
 #: apps/remix/app/components/embed/authoring/configure-document-upload.tsx
 msgid "Your document failed to upload."
 msgstr "L'importation de votre document a échoué."
@@ -9237,6 +9816,10 @@ msgstr "Votre code de récupération a été copié dans votre presse-papiers."
 msgid "Your recovery codes are listed below. Please store them in a safe place."
 msgstr "Vos codes de récupération sont listés ci-dessous. Veuillez les conserver dans un endroit sûr."
 
+#: apps/remix/app/components/forms/support-ticket-form.tsx
+msgid "Your support request has been submitted. We'll get back to you soon!"
+msgstr ""
+
 #: apps/remix/app/components/dialogs/team-create-dialog.tsx
 msgid "Your team has been created."
 msgstr "Votre équipe a été créée."
@@ -9249,10 +9832,6 @@ msgstr "Votre équipe a été supprimée avec succès."
 msgid "Your team has been successfully updated."
 msgstr "Votre équipe a été mise à jour avec succès."
 
-#: apps/remix/app/components/general/template/template-drop-zone-wrapper.tsx
-msgid "Your template failed to upload."
-msgstr "Votre modèle n'a pas pu être téléchargé."
-
 #: apps/remix/app/routes/embed+/v1+/authoring_.completed.create.tsx
 msgid "Your template has been created successfully"
 msgstr "Votre modèle a été créé avec succès"
@@ -9289,3 +9868,6 @@ msgstr "Votre token a été créé avec succès ! Assurez-vous de le copier car
 msgid "Your tokens will be shown here once you create them."
 msgstr "Vos tokens seront affichés ici une fois que vous les aurez créés."
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "your-domain.com another-domain.com"
+msgstr ""
diff --git a/packages/lib/translations/it/web.po b/packages/lib/translations/it/web.po
index e35aa8476..35d82a4a4 100644
--- a/packages/lib/translations/it/web.po
+++ b/packages/lib/translations/it/web.po
@@ -414,14 +414,30 @@ msgstr "{visibleRows, plural, one {Visualizzazione di # risultato.} other {Visua
 msgid "<0>\"{0}\"</0>is no longer available to sign"
 msgstr "<0>\"{0}\"</0>non è più disponibile per la firma"
 
+#: packages/email/templates/organisation-account-link-confirmation.tsx
+msgid "<0>{organisationName}</0> has requested to create an account on your behalf."
+msgstr ""
+
+#: packages/email/templates/organisation-account-link-confirmation.tsx
+msgid "<0>{organisationName}</0> has requested to link your current Documenso account to their organisation."
+msgstr ""
+
 #: packages/email/templates/confirm-team-email.tsx
 msgid "<0>{teamName}</0> has requested to use your email address for their team on Documenso."
 msgstr "<0>{teamName}</0> ha richiesto di utilizzare il tuo indirizzo email per il loro team su Documenso."
 
+#: apps/remix/app/routes/_unauthenticated+/organisation.sso.confirmation.$token.tsx
+msgid "<0>Account management:</0> Modify your account settings, permissions, and preferences"
+msgstr ""
+
 #: apps/remix/app/components/dialogs/template-use-dialog.tsx
 msgid "<0>Click to upload</0> or drag and drop"
 msgstr "<0>Fai clic per caricare</0> o trascina e rilascia"
 
+#: apps/remix/app/routes/_unauthenticated+/organisation.sso.confirmation.$token.tsx
+msgid "<0>Data access:</0> Access all data associated with your account"
+msgstr ""
+
 #: packages/ui/components/document/document-signature-settings-tooltip.tsx
 msgid "<0>Drawn</0> - A signature that is drawn using a mouse or stylus."
 msgstr "<0>Disegnata</0> - Una firma disegnata con un mouse o uno stilo."
@@ -430,6 +446,10 @@ msgstr "<0>Disegnata</0> - Una firma disegnata con un mouse o uno stilo."
 msgid "<0>Email</0> - The recipient will be emailed the document to sign, approve, etc."
 msgstr "<0>Email</0> - Al destinatario verrà inviato il documento tramite email per firmare, approvare, ecc."
 
+#: apps/remix/app/routes/_unauthenticated+/organisation.sso.confirmation.$token.tsx
+msgid "<0>Full account access:</0> View all your profile information, settings, and activity"
+msgstr ""
+
 #: packages/ui/components/recipient/recipient-action-auth-select.tsx
 msgid "<0>Inherit authentication method</0> - Use the global action signing authentication method configured in the \"General Settings\" step"
 msgstr "<0>Eredita metodo di autenticazione</0> - Usa il metodo globale di autenticazione della firma configurato nel passaggio \"Impostazioni generali\""
@@ -517,10 +537,18 @@ msgstr "{VAR_PLURAL, select, one {1 mese} other {12 mesi}}"
 msgid "2FA"
 msgstr "2FA"
 
+#: apps/remix/app/components/dialogs/admin-user-reset-two-factor-dialog.tsx
+msgid "2FA Reset"
+msgstr ""
+
 #: apps/remix/app/components/forms/token.tsx
 msgid "3 months"
 msgstr "{VAR_PLURAL, select, one {1 mese} other {3 mesi}}"
 
+#: apps/remix/app/routes/_unauthenticated+/organisation.sso.confirmation.$token.tsx
+msgid "400 Error"
+msgstr ""
+
 #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings._layout.tsx
 #: apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings._layout.tsx
 msgid "401 Unauthorized"
@@ -534,6 +562,10 @@ msgstr "404 Dominio email non trovato"
 msgid "404 not found"
 msgstr "404 non trovato"
 
+#: apps/remix/app/routes/_unauthenticated+/o.$orgUrl.signin.tsx
+msgid "404 Not Found"
+msgstr ""
+
 #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.groups.$id.tsx
 msgid "404 Organisation group not found"
 msgstr "404 Gruppo organizzazione non trovato"
@@ -597,16 +629,19 @@ msgid "A draft document will be created"
 msgstr "Verrà creato un documento bozza"
 
 #: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
 msgid "A field was added"
-msgstr "Un campo è stato aggiunto"
+msgstr ""
 
 #: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
 msgid "A field was removed"
-msgstr "Un campo è stato rimosso"
+msgstr ""
 
 #: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
 msgid "A field was updated"
-msgstr "Un campo è stato aggiornato"
+msgstr ""
 
 #: apps/remix/app/routes/_unauthenticated+/articles.signature-disclosure.tsx
 msgid "A means to print or download documents for your records"
@@ -646,16 +681,27 @@ msgid "A password reset email has been sent, if you have an account you should s
 msgstr "È stata inviata un'e-mail per il reset della password; se hai un account dovresti vederla nella tua casella di posta a breve."
 
 #: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
 msgid "A recipient was added"
-msgstr "Un destinatario è stato aggiunto"
+msgstr ""
 
 #: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
 msgid "A recipient was removed"
-msgstr "Un destinatario è stato rimosso"
+msgstr ""
 
 #: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
 msgid "A recipient was updated"
-msgstr "Un destinatario è stato aggiornato"
+msgstr ""
+
+#: packages/email/templates/organisation-account-link-confirmation.tsx
+msgid "A request has been made to create an account for you"
+msgstr ""
+
+#: packages/email/templates/organisation-account-link-confirmation.tsx
+msgid "A request has been made to link your Documenso account"
+msgstr ""
 
 #. placeholder {0}: team.name
 #: packages/lib/server-only/team/create-team-email-verification.ts
@@ -706,6 +752,10 @@ msgstr "Un'email di verifica sarà inviata all'email fornita."
 msgid "Accept"
 msgstr "Accetta"
 
+#: apps/remix/app/routes/_unauthenticated+/organisation.sso.confirmation.$token.tsx
+msgid "Accept & Link Account"
+msgstr ""
+
 #: packages/email/templates/organisation-invite.tsx
 msgid "Accept invitation to join an organisation on Documenso"
 msgstr "Accetta l'invito a unirti a un'organizzazione su Documenso"
@@ -726,6 +776,7 @@ msgstr "Accesso disabilitato"
 msgid "Access enabled"
 msgstr "Accesso abilitato"
 
+#: apps/remix/app/routes/_unauthenticated+/organisation.sso.confirmation.$token.tsx
 #: apps/remix/app/components/general/org-menu-switcher.tsx
 #: apps/remix/app/components/general/document-signing/document-signing-auth-dialog.tsx
 msgid "Account"
@@ -735,6 +786,14 @@ msgstr "Account"
 msgid "Account Authentication"
 msgstr "Autenticazione dell'account"
 
+#: packages/email/templates/organisation-account-link-confirmation.tsx
+msgid "Account creation request"
+msgstr ""
+
+#: apps/remix/app/routes/_unauthenticated+/organisation.sso.confirmation.$token.tsx
+msgid "Account Creation Request"
+msgstr ""
+
 #: apps/remix/app/components/dialogs/admin-user-delete-dialog.tsx
 #: apps/remix/app/components/dialogs/account-delete-dialog.tsx
 msgid "Account deleted"
@@ -748,10 +807,18 @@ msgstr "Account disabilitato"
 msgid "Account enabled"
 msgstr "Account abilitato"
 
+#: apps/remix/app/routes/_unauthenticated+/organisation.sso.confirmation.$token.tsx
+msgid "Account Linking Request"
+msgstr ""
+
 #: apps/remix/app/routes/_internal+/[__htmltopdf]+/certificate.tsx
 msgid "Account Re-Authentication"
 msgstr "Ri-autenticazione dell'account"
 
+#: apps/remix/app/routes/_authenticated+/settings+/security.linked-accounts.tsx
+msgid "Account unlinked"
+msgstr ""
+
 #: apps/remix/app/routes/_unauthenticated+/articles.signature-disclosure.tsx
 msgid "Acknowledgment"
 msgstr "Riconoscimento"
@@ -766,6 +833,7 @@ msgstr "Azione"
 
 #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.email-domains.$id.tsx
 #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.email-domains.$id.tsx
+#: apps/remix/app/routes/_authenticated+/admin+/organisations.$id.tsx
 #: apps/remix/app/components/tables/templates-table.tsx
 #: apps/remix/app/components/tables/team-members-table.tsx
 #: apps/remix/app/components/tables/team-members-table.tsx
@@ -804,6 +872,10 @@ msgstr "Abbonamenti attivi"
 msgid "Add"
 msgstr "Aggiungi"
 
+#: packages/ui/primitives/document-flow/add-signers.tsx
+msgid "Add 2 or more signers to enable signing order."
+msgstr ""
+
 #: apps/remix/app/components/dialogs/organisation-email-domain-create-dialog.tsx
 msgid "Add a custom domain to send emails on behalf of your organisation. We'll generate DKIM records that you need to add to your DNS provider."
 msgstr "Aggiungi un dominio personalizzato per inviare email per conto della tua organizzazione. Genereremo record DKIM che devi aggiungere al tuo provider DNS."
@@ -961,6 +1033,10 @@ msgstr "Aggiungi i destinatari con cui creare il documento"
 msgid "Add these DNS records to verify your domain ownership"
 msgstr "Aggiungi questi record DNS per verificare la proprietà del tuo dominio"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "Add this URL to your provider's allowed redirect URIs"
+msgstr ""
+
 #: apps/remix/app/components/forms/branding-preferences-form.tsx
 msgid "Additional brand information to display at the bottom of emails"
 msgstr "Informazioni aggiuntive sul marchio da mostrare in fondo alle email"
@@ -1078,6 +1154,10 @@ msgstr "Consenti ai destinatari del documento di rispondere direttamente a quest
 msgid "Allow signers to dictate next signer"
 msgstr "Permetti ai firmatari di scegliere il prossimo firmatario"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "Allowed Email Domains"
+msgstr ""
+
 #: apps/remix/app/components/embed/authoring/configure-document-advanced-settings.tsx
 #: packages/ui/primitives/template-flow/add-template-settings.tsx
 #: packages/ui/primitives/document-flow/add-settings.tsx
@@ -1120,6 +1200,7 @@ msgstr "Verrà inviato un'email contenente un invito a ciascun membro."
 msgid "An email with this address already exists."
 msgstr "Una email con questo indirizzo esiste già."
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
 #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.groups.$id.tsx
 #: apps/remix/app/routes/_authenticated+/admin+/organisations.$id.tsx
 #: apps/remix/app/routes/_authenticated+/admin+/organisations.$id.tsx
@@ -1139,6 +1220,7 @@ msgstr "Si è verificato un errore durante l'aggiunta dei campi."
 
 #: apps/remix/app/components/general/template/template-edit-form.tsx
 #: apps/remix/app/components/general/document/document-edit-form.tsx
+#: apps/remix/app/components/general/document/document-edit-form.tsx
 msgid "An error occurred while adding signers."
 msgstr "Si è verificato un errore durante l'aggiunta di firmatari."
 
@@ -1146,6 +1228,30 @@ msgstr "Si è verificato un errore durante l'aggiunta di firmatari."
 msgid "An error occurred while adding the fields."
 msgstr "Si è verificato un errore durante l'aggiunta dei campi."
 
+#: apps/remix/app/components/general/document/document-edit-form.tsx
+msgid "An error occurred while auto-saving the document settings."
+msgstr ""
+
+#: apps/remix/app/components/general/document/document-edit-form.tsx
+msgid "An error occurred while auto-saving the fields."
+msgstr ""
+
+#: apps/remix/app/components/general/document/document-edit-form.tsx
+msgid "An error occurred while auto-saving the subject form."
+msgstr ""
+
+#: apps/remix/app/components/general/template/template-edit-form.tsx
+msgid "An error occurred while auto-saving the template fields."
+msgstr ""
+
+#: apps/remix/app/components/general/template/template-edit-form.tsx
+msgid "An error occurred while auto-saving the template placeholders."
+msgstr ""
+
+#: apps/remix/app/components/general/template/template-edit-form.tsx
+msgid "An error occurred while auto-saving the template settings."
+msgstr ""
+
 #: apps/remix/app/components/general/document-signing/document-signing-auto-sign.tsx
 msgid "An error occurred while auto-signing the document, some fields may not be signed. Please review and manually sign any remaining fields."
 msgstr "Si è verificato un errore durante la firma automatica del documento, alcuni campi potrebbero non essere firmati. Si prega di controllare e firmare manualmente eventuali campi rimanenti."
@@ -1224,6 +1330,10 @@ msgstr "Si è verificato un errore durante la rimozione della selezione."
 msgid "An error occurred while removing the signature."
 msgstr "Si è verificato un errore durante la rimozione della firma."
 
+#: apps/remix/app/components/dialogs/admin-user-reset-two-factor-dialog.tsx
+msgid "An error occurred while resetting two factor authentication for the user."
+msgstr ""
+
 #: apps/remix/app/components/general/document/document-edit-form.tsx
 msgid "An error occurred while sending the document."
 msgstr "Si è verificato un errore durante l'invio del documento."
@@ -1281,10 +1391,23 @@ msgstr "Si è verificato un errore durante l'aggiornamento del tuo profilo."
 msgid "An error occurred while uploading your document."
 msgstr "Si è verificato un errore durante il caricamento del tuo documento."
 
+#: apps/remix/app/components/forms/support-ticket-form.tsx
+msgid "An error occurred. Please try again later."
+msgstr ""
+
+#: apps/remix/app/routes/_unauthenticated+/organisation.sso.confirmation.$token.tsx
+msgid "An organisation wants to create an account for you. Please review the details below."
+msgstr ""
+
+#: apps/remix/app/routes/_unauthenticated+/organisation.sso.confirmation.$token.tsx
+msgid "An organisation wants to link your account. Please review the details below."
+msgstr ""
+
 #: apps/remix/app/components/general/generic-error-layout.tsx
 msgid "An unexpected error occurred."
 msgstr "Si è verificato un errore inaspettato."
 
+#: apps/remix/app/routes/_unauthenticated+/o.$orgUrl.signin.tsx
 #: apps/remix/app/routes/_authenticated+/admin+/site-settings.tsx
 #: apps/remix/app/components/general/app-command-menu.tsx
 #: apps/remix/app/components/forms/team-update-form.tsx
@@ -1364,37 +1487,48 @@ msgstr "Token API"
 msgid "App Version"
 msgstr "Versione dell'app"
 
+#: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role action verb"
+msgid "Approve"
+msgstr ""
+
 #: apps/remix/app/components/tables/inbox-table.tsx
 #: apps/remix/app/components/tables/documents-table-action-dropdown.tsx
 #: apps/remix/app/components/tables/documents-table-action-button.tsx
 #: apps/remix/app/components/general/document-signing/document-signing-complete-dialog.tsx
 #: apps/remix/app/components/general/document-signing/document-signing-complete-dialog.tsx
 #: apps/remix/app/components/general/document/document-page-view-button.tsx
-#: packages/lib/constants/recipient-roles.ts
 msgid "Approve"
 msgstr "Approvare"
 
-#: apps/remix/app/components/general/document-signing/document-signing-form.tsx
+#: apps/remix/app/components/general/document-signing/document-signing-page-view.tsx
 #: packages/email/template-components/template-document-invite.tsx
 msgid "Approve Document"
 msgstr "Approva Documento"
 
-#: apps/remix/app/components/general/document/document-page-view-recipients.tsx
 #: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role actioned"
+msgid "Approved"
+msgstr ""
+
+#: apps/remix/app/components/general/document/document-page-view-recipients.tsx
 msgid "Approved"
 msgstr "Approvato"
 
 #: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role name"
 msgid "Approver"
-msgstr "Approvante"
+msgstr ""
 
 #: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role plural name"
 msgid "Approvers"
-msgstr "Approvanti"
+msgstr ""
 
 #: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role progressive verb"
 msgid "Approving"
-msgstr "Approvazione in corso"
+msgstr ""
 
 #: apps/remix/app/components/dialogs/assistant-confirmation-dialog.tsx
 msgid "Are you sure you want to complete the document? This action cannot be undone. Please ensure that you have completed prefilling all relevant fields before proceeding."
@@ -1428,6 +1562,7 @@ msgstr "Sei sicuro di voler eliminare questa organizzazione?"
 msgid "Are you sure you wish to delete this team?"
 msgstr "Sei sicuro di voler eliminare questo team?"
 
+#: apps/remix/app/routes/_authenticated+/settings+/security.linked-accounts.tsx
 #: apps/remix/app/components/general/teams/team-email-usage.tsx
 #: apps/remix/app/components/dialogs/template-direct-link-dialog.tsx
 #: apps/remix/app/components/dialogs/team-member-delete-dialog.tsx
@@ -1450,10 +1585,11 @@ msgid "Assigned Teams"
 msgstr "Team Assegnati"
 
 #: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role action verb"
 msgid "Assist"
-msgstr "Assisti"
+msgstr ""
 
-#: apps/remix/app/components/general/document-signing/document-signing-form.tsx
+#: apps/remix/app/components/general/document-signing/document-signing-page-view.tsx
 #: packages/email/template-components/template-document-invite.tsx
 msgid "Assist Document"
 msgstr "Assisti il Documento"
@@ -1463,29 +1599,36 @@ msgid "Assist with signing"
 msgstr "Assisti nella firma"
 
 #: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role name"
 msgid "Assistant"
-msgstr "Assistente"
+msgstr ""
 
 #: packages/ui/components/recipient/recipient-role-select.tsx
 msgid "Assistant role is only available when the document is in sequential signing mode."
 msgstr "Il ruolo di assistente è disponibile solo quando il documento è in modalità firma sequenziale."
 
 #: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role plural name"
 msgid "Assistants"
-msgstr "Assistenti"
+msgstr ""
 
 #: apps/remix/app/components/embed/multisign/multi-sign-document-list.tsx
 msgid "Assistants and Copy roles are currently not compatible with the multi-sign experience."
 msgstr "I ruoli Assistenti e Copia non sono attualmente compatibili con l'esperienza multi-firma."
 
-#: apps/remix/app/components/general/document/document-page-view-recipients.tsx
 #: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role actioned"
+msgid "Assisted"
+msgstr ""
+
+#: apps/remix/app/components/general/document/document-page-view-recipients.tsx
 msgid "Assisted"
 msgstr "Assistenza"
 
 #: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role progressive verb"
 msgid "Assisting"
-msgstr "Assistenza in corso"
+msgstr ""
 
 #: apps/remix/app/components/forms/document-preferences-form.tsx
 #: packages/ui/primitives/template-flow/add-template-settings.types.tsx
@@ -1510,6 +1653,10 @@ msgstr "Registri di Audit"
 msgid "Authentication Level"
 msgstr "Livello di Autenticazione"
 
+#: apps/remix/app/routes/_unauthenticated+/o.$orgUrl.signin.tsx
+msgid "Authentication Portal Not Found"
+msgstr ""
+
 #: apps/remix/app/components/general/document-signing/document-signing-auth-page.tsx
 #: apps/remix/app/components/general/direct-template/direct-template-signing-auth-page.tsx
 msgid "Authentication required"
@@ -1640,6 +1787,11 @@ msgstr "Invio Massivo via CSV"
 msgid "by <0>{senderName}</0>"
 msgstr "da <0>{senderName}</0>"
 
+#. placeholder {0}: organisation.name
+#: apps/remix/app/routes/_unauthenticated+/organisation.sso.confirmation.$token.tsx
+msgid "By accepting this request, you grant {0} the following permissions:"
+msgstr ""
+
 #: packages/email/templates/confirm-team-email.tsx
 msgid "By accepting this request, you will be granting <0>{teamName}</0> access to:"
 msgstr "Accettando questa richiesta, concederai l'accesso a <0>{teamName}</0> a:"
@@ -1672,6 +1824,7 @@ msgstr "Utilizzando la funzione di firma elettronica, acconsenti a effettuare tr
 msgid "Can prepare"
 msgstr "Può preparare"
 
+#: apps/remix/app/routes/_authenticated+/settings+/security.linked-accounts.tsx
 #: apps/remix/app/components/tables/settings-security-passkey-table-actions.tsx
 #: apps/remix/app/components/tables/settings-security-passkey-table-actions.tsx
 #: apps/remix/app/components/general/teams/team-email-usage.tsx
@@ -1763,19 +1916,27 @@ msgid "Cannot remove signer"
 msgstr "Impossibile rimuovere il firmatario"
 
 #: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role name"
 msgid "Cc"
-msgstr "Cc"
+msgstr ""
 
 #: packages/lib/constants/recipient-roles.ts
-#: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role action verb"
 msgid "CC"
-msgstr "CC"
+msgstr ""
 
 #: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role progressive verb"
+msgid "CC"
+msgstr ""
+
+#: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role actioned"
 msgid "CC'd"
-msgstr "CC'd"
+msgstr ""
 
 #: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role plural name"
 msgid "Ccers"
 msgstr ""
 
@@ -1872,10 +2033,27 @@ msgstr "Clicca per copiare il link di firma da inviare al destinatario"
 msgid "Click to insert field"
 msgstr "Clicca per inserire il campo"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "Client ID"
+msgstr ""
+
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "Client ID is required"
+msgstr ""
+
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "Client Secret"
+msgstr ""
+
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "Client secret is required"
+msgstr ""
+
 #: apps/remix/app/components/general/billing-plans.tsx
 #: apps/remix/app/components/general/document-signing/document-signing-auth-passkey.tsx
 #: apps/remix/app/components/general/document-signing/document-signing-auth-2fa.tsx
 #: apps/remix/app/components/general/document/document-recipient-link-copy-dialog.tsx
+#: apps/remix/app/components/forms/support-ticket-form.tsx
 #: apps/remix/app/components/forms/2fa/view-recovery-codes-dialog.tsx
 #: apps/remix/app/components/forms/2fa/enable-authenticator-app-dialog.tsx
 #: apps/remix/app/components/dialogs/template-use-dialog.tsx
@@ -1902,6 +2080,8 @@ msgstr "Confronta tutti i piani e le caratteristiche in dettaglio"
 #: apps/remix/app/components/general/document-signing/document-signing-complete-dialog.tsx
 #: apps/remix/app/components/forms/signup.tsx
 #: apps/remix/app/components/embed/embed-document-signing-page.tsx
+#: apps/remix/app/components/embed/embed-document-signing-page.tsx
+#: apps/remix/app/components/embed/embed-direct-template-client-page.tsx
 #: apps/remix/app/components/embed/embed-direct-template-client-page.tsx
 #: apps/remix/app/components/embed/multisign/multi-sign-document-signing-view.tsx
 msgid "Complete"
@@ -1923,9 +2103,9 @@ msgstr "Completa Documento"
 msgid "Complete Signing"
 msgstr "Completa la Firma"
 
-#: apps/remix/app/components/general/document-signing/document-signing-form.tsx
-msgid "Complete the fields for the following signers. Once reviewed, they will inform you if any modifications are needed."
-msgstr "Completa i campi per i seguenti firmatari. Una volta esaminati, ti informeranno se sono necessarie modifiche."
+#: apps/remix/app/components/general/document-signing/document-signing-page-view.tsx
+msgid "Complete the fields for the following signers."
+msgstr ""
 
 #: apps/remix/app/components/general/document-signing/document-signing-complete-dialog.tsx
 #: apps/remix/app/components/general/document-signing/document-signing-complete-dialog.tsx
@@ -2045,6 +2225,7 @@ msgstr "Conferma eliminazione"
 msgid "Confirm email"
 msgstr "Conferma email"
 
+#: apps/remix/app/routes/_unauthenticated+/o.$orgUrl.signin.tsx
 #: apps/remix/app/components/forms/send-confirmation-email.tsx
 msgid "Confirmation email sent"
 msgstr "Email di conferma inviato"
@@ -2061,6 +2242,10 @@ msgstr "Informazioni di contatto"
 msgid "Contact sales here"
 msgstr "Contatta le vendite qui"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.support.tsx
+msgid "Contact us"
+msgstr ""
+
 #: apps/remix/app/routes/_authenticated+/admin+/site-settings.tsx
 msgid "Content"
 msgstr "Contenuto"
@@ -2141,6 +2326,8 @@ msgstr "Controlla quali firme sono consentite per firmare un documento."
 msgid "Copied"
 msgstr "Copiato"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
 #: apps/remix/app/components/tables/settings-public-profile-templates-table.tsx
 #: apps/remix/app/components/general/avatar-with-recipient.tsx
 #: apps/remix/app/components/general/template/template-direct-link-badge.tsx
@@ -2182,6 +2369,11 @@ msgstr "Copia link di firma"
 msgid "Copy token"
 msgstr "Copia il token"
 
+#: apps/remix/app/components/general/template/template-drop-zone-wrapper.tsx
+#: apps/remix/app/components/general/document/document-drop-zone-wrapper.tsx
+msgid "couldn't be uploaded:"
+msgstr ""
+
 #: apps/remix/app/routes/_profile+/_layout.tsx
 #: apps/remix/app/components/dialogs/webhook-create-dialog.tsx
 #: apps/remix/app/components/dialogs/organisation-group-create-dialog.tsx
@@ -2208,6 +2400,10 @@ msgstr "Crea un nuovo indirizzo email per la tua organizzazione utilizzando il d
 msgid "Create a new organisation with {planName} plan. Keep your current organisation on it's current plan"
 msgstr "Crea una nuova organizzazione con il piano {planName}. Mantieni la tua organizzazione attuale sul suo piano attuale"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.support.tsx
+msgid "Create a support ticket"
+msgstr ""
+
 #: apps/remix/app/components/dialogs/team-create-dialog.tsx
 msgid "Create a team to collaborate with your team members."
 msgstr "Crea un team per collaborare con i membri del tuo team."
@@ -2466,6 +2662,7 @@ msgstr "Data di creazione"
 msgid "Date Format"
 msgstr "Formato data"
 
+#: apps/remix/app/routes/_unauthenticated+/organisation.sso.confirmation.$token.tsx
 #: apps/remix/app/components/general/organisations/organisation-invitations.tsx
 #: packages/email/templates/organisation-invite.tsx
 msgid "Decline"
@@ -2491,6 +2688,10 @@ msgstr "Email Predefinita"
 msgid "Default Email Settings"
 msgstr "Impostazioni Email Predefinite"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "Default Organisation Role for New Users"
+msgstr ""
+
 #: apps/remix/app/components/forms/document-preferences-form.tsx
 msgid "Default Signature Settings"
 msgstr "Impostazioni predefinite della firma"
@@ -2752,6 +2953,10 @@ msgstr "Disabilitare la firma del collegamento diretto impedirà a chiunque di a
 msgid "Disabling the user results in the user not being able to use the account. It also disables all the related contents such as subscription, webhooks, teams, and API keys."
 msgstr "Disabilitare l'utente porta all'impossibilità per l'utente di usare l'account. Disabilita anche tutti i contenuti correlati come abbonamento, webhook, team e chiavi API."
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.support.tsx
+msgid "Discord"
+msgstr ""
+
 #: apps/remix/app/components/dialogs/organisation-email-update-dialog.tsx
 #: apps/remix/app/components/dialogs/organisation-email-create-dialog.tsx
 msgid "Display Name"
@@ -2820,8 +3025,9 @@ msgid "Document access"
 msgstr "Accesso al documento"
 
 #: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
 msgid "Document access auth updated"
-msgstr "Autenticazione di accesso al documento aggiornata"
+msgstr ""
 
 #: apps/remix/app/components/general/document/document-status.tsx
 msgid "Document All"
@@ -2837,9 +3043,13 @@ msgstr "Documento Approvato"
 msgid "Document Cancelled"
 msgstr "Documento Annullato"
 
+#: packages/lib/utils/document-audit-logs.ts
+#: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
+msgid "Document completed"
+msgstr ""
+
 #: apps/remix/app/components/general/document/document-status.tsx
-#: packages/lib/utils/document-audit-logs.ts
-#: packages/lib/utils/document-audit-logs.ts
 msgid "Document completed"
 msgstr "Documento completato"
 
@@ -2852,8 +3062,12 @@ msgstr "Email documento completato"
 msgid "Document Completed!"
 msgstr "Documento completato!"
 
-#: apps/remix/app/components/dialogs/template-use-dialog.tsx
 #: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
+msgid "Document created"
+msgstr ""
+
+#: apps/remix/app/components/dialogs/template-use-dialog.tsx
 msgid "Document created"
 msgstr "Documento creato"
 
@@ -2879,10 +3093,14 @@ msgstr "Documento creato usando un <0>link diretto</0>"
 msgid "Document Creation"
 msgstr "Creazione del documento"
 
+#: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
+msgid "Document deleted"
+msgstr ""
+
 #: apps/remix/app/routes/_authenticated+/t.$teamUrl+/documents.$id._index.tsx
 #: apps/remix/app/components/dialogs/document-delete-dialog.tsx
 #: apps/remix/app/components/dialogs/admin-document-delete-dialog.tsx
-#: packages/lib/utils/document-audit-logs.ts
 msgid "Document deleted"
 msgstr "Documento eliminato"
 
@@ -2908,8 +3126,9 @@ msgid "Document Duplicated"
 msgstr "Documento Duplicato"
 
 #: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
 msgid "Document external ID updated"
-msgstr "ID esterno del documento aggiornato"
+msgstr ""
 
 #: apps/remix/app/components/general/document/document-certificate-qr-view.tsx
 msgid "Document found in your account"
@@ -2945,16 +3164,18 @@ msgid "Document moved"
 msgstr "Documento spostato"
 
 #: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
 msgid "Document moved to team"
-msgstr "Documento spostato al team"
+msgstr ""
 
 #: apps/remix/app/routes/_recipient+/sign.$token+/complete.tsx
 msgid "Document no longer available to sign"
 msgstr "Documento non più disponibile per la firma"
 
 #: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
 msgid "Document opened"
-msgstr "Documento aperto"
+msgstr ""
 
 #: apps/remix/app/components/general/document/document-status.tsx
 msgid "Document pending"
@@ -2993,8 +3214,12 @@ msgstr "Documento Rifiutato"
 msgid "Document resealed"
 msgstr "Documento risigillato"
 
-#: apps/remix/app/components/general/document/document-edit-form.tsx
 #: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
+msgid "Document sent"
+msgstr ""
+
+#: apps/remix/app/components/general/document/document-edit-form.tsx
 msgid "Document sent"
 msgstr "Documento inviato"
 
@@ -3003,8 +3228,9 @@ msgid "Document Signed"
 msgstr "Documento firmato"
 
 #: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
 msgid "Document signing auth updated"
-msgstr "Autenticazione firma documento aggiornata"
+msgstr ""
 
 #: apps/remix/app/components/dialogs/document-delete-dialog.tsx
 msgid "Document signing process will be cancelled"
@@ -3019,12 +3245,14 @@ msgid "Document title"
 msgstr "Titolo del documento"
 
 #: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
 msgid "Document title updated"
-msgstr "Titolo documento aggiornato"
+msgstr ""
 
 #: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
 msgid "Document updated"
-msgstr "Documento aggiornato"
+msgstr ""
 
 #: apps/remix/app/routes/embed+/v1+/authoring+/document.edit.$id.tsx
 msgid "Document updated successfully"
@@ -3040,21 +3268,27 @@ msgid "Document uploaded"
 msgstr "Documento caricato"
 
 #: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
 msgid "Document viewed"
-msgstr "Documento visualizzato"
+msgstr ""
 
 #: apps/remix/app/routes/_recipient+/sign.$token+/complete.tsx
 msgid "Document Viewed"
 msgstr "Documento visualizzato"
 
 #: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
 msgid "Document visibility updated"
-msgstr "Visibilità del documento aggiornata"
+msgstr ""
 
 #: apps/remix/app/components/dialogs/document-delete-dialog.tsx
 msgid "Document will be permanently deleted"
 msgstr "Il documento sarà eliminato definitivamente"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.support.tsx
+msgid "Documentation"
+msgstr ""
+
 #: apps/remix/app/routes/_profile+/p.$url.tsx
 #: apps/remix/app/routes/_authenticated+/t.$teamUrl+/documents._index.tsx
 #: apps/remix/app/routes/_authenticated+/t.$teamUrl+/documents.$id.edit.tsx
@@ -3165,6 +3399,11 @@ msgid "Drag and drop your PDF file here"
 msgstr "Trascina qui il tuo file PDF"
 
 #: packages/lib/constants/document.ts
+msgctxt "Draw signatute type"
+msgid "Draw"
+msgstr ""
+
+#: packages/ui/primitives/signature-pad/signature-pad.tsx
 msgid "Draw"
 msgstr "Disegno"
 
@@ -3411,6 +3650,10 @@ msgstr "Abilita la firma di link diretto"
 msgid "Enable signing order"
 msgstr "Abilita ordine di firma"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "Enable SSO portal"
+msgstr ""
+
 #: apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.webhooks._index.tsx
 #: apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.webhooks.$id.tsx
 #: apps/remix/app/routes/_authenticated+/admin+/site-settings.tsx
@@ -3475,13 +3718,18 @@ msgstr "Impresa"
 #: apps/remix/app/routes/embed+/v1+/authoring+/document.edit.$id.tsx
 #: apps/remix/app/routes/embed+/v1+/authoring+/document.edit.$id.tsx
 #: apps/remix/app/routes/_authenticated+/settings+/security.sessions.tsx
+#: apps/remix/app/routes/_authenticated+/settings+/security.linked-accounts.tsx
 #: apps/remix/app/routes/_authenticated+/admin+/users.$id.tsx
 #: apps/remix/app/routes/_authenticated+/admin+/organisations.$id.tsx
+#: apps/remix/app/routes/_authenticated+/admin+/organisations.$id.tsx
 #: apps/remix/app/routes/_authenticated+/admin+/documents.$id.tsx
 #: apps/remix/app/components/general/verify-email-banner.tsx
 #: apps/remix/app/components/general/template/template-edit-form.tsx
 #: apps/remix/app/components/general/template/template-edit-form.tsx
 #: apps/remix/app/components/general/template/template-edit-form.tsx
+#: apps/remix/app/components/general/template/template-edit-form.tsx
+#: apps/remix/app/components/general/template/template-edit-form.tsx
+#: apps/remix/app/components/general/template/template-edit-form.tsx
 #: apps/remix/app/components/general/document-signing/document-signing-text-field.tsx
 #: apps/remix/app/components/general/document-signing/document-signing-text-field.tsx
 #: apps/remix/app/components/general/document-signing/document-signing-signature-field.tsx
@@ -3510,6 +3758,10 @@ msgstr "Impresa"
 #: apps/remix/app/components/general/document/document-edit-form.tsx
 #: apps/remix/app/components/general/document/document-edit-form.tsx
 #: apps/remix/app/components/general/document/document-edit-form.tsx
+#: apps/remix/app/components/general/document/document-edit-form.tsx
+#: apps/remix/app/components/general/document/document-edit-form.tsx
+#: apps/remix/app/components/general/document/document-edit-form.tsx
+#: apps/remix/app/components/general/document/document-edit-form.tsx
 #: apps/remix/app/components/general/document/document-drop-zone-wrapper.tsx
 #: apps/remix/app/components/embed/multisign/multi-sign-document-signing-view.tsx
 #: apps/remix/app/components/dialogs/webhook-create-dialog.tsx
@@ -3521,6 +3773,7 @@ msgstr "Impresa"
 #: apps/remix/app/components/dialogs/document-move-to-folder-dialog.tsx
 #: apps/remix/app/components/dialogs/document-move-to-folder-dialog.tsx
 #: apps/remix/app/components/dialogs/document-move-to-folder-dialog.tsx
+#: apps/remix/app/components/dialogs/admin-user-reset-two-factor-dialog.tsx
 #: apps/remix/app/components/dialogs/admin-user-enable-dialog.tsx
 #: apps/remix/app/components/dialogs/admin-user-disable-dialog.tsx
 #: apps/remix/app/components/dialogs/admin-user-delete-dialog.tsx
@@ -3579,6 +3832,10 @@ msgstr "Creazione cartella fallita"
 msgid "Failed to create subscription claim."
 msgstr "Creazione della richiesta di abbonamento non riuscita."
 
+#: apps/remix/app/components/forms/support-ticket-form.tsx
+msgid "Failed to create support ticket"
+msgstr ""
+
 #: apps/remix/app/components/dialogs/folder-delete-dialog.tsx
 msgid "Failed to delete folder"
 msgstr "Impossibile eliminare la cartella"
@@ -3611,6 +3868,10 @@ msgstr "Impossibile salvare le impostazioni."
 msgid "Failed to sign out all sessions"
 msgstr "Non è stato possibile disconnettere tutte le sessioni"
 
+#: apps/remix/app/routes/_authenticated+/settings+/security.linked-accounts.tsx
+msgid "Failed to unlink account"
+msgstr ""
+
 #: apps/remix/app/routes/embed+/v1+/authoring+/document.edit.$id.tsx
 msgid "Failed to update document"
 msgstr "Aggiornamento documento fallito"
@@ -3669,16 +3930,19 @@ msgid "Field placeholder"
 msgstr "Segnaposto del campo"
 
 #: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
 msgid "Field prefilled by assistant"
-msgstr "Campo precompilato dall'assistente"
+msgstr ""
 
 #: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
 msgid "Field signed"
-msgstr "Campo firmato"
+msgstr ""
 
 #: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
 msgid "Field unsigned"
-msgstr "Campo non firmato"
+msgstr ""
 
 #: apps/remix/app/components/tables/admin-document-recipient-item-table.tsx
 msgid "Fields"
@@ -3688,13 +3952,21 @@ msgstr "Campi"
 msgid "Fields updated"
 msgstr "Campi aggiornati"
 
-#: apps/remix/app/components/general/template/template-drop-zone-wrapper.tsx
 #: apps/remix/app/components/general/document/document-upload.tsx
-#: apps/remix/app/components/general/document/document-drop-zone-wrapper.tsx
 #: apps/remix/app/components/embed/authoring/configure-document-upload.tsx
 msgid "File cannot be larger than {APP_DOCUMENT_UPLOAD_SIZE_LIMIT}MB"
 msgstr "Il file non può essere più grande di {APP_DOCUMENT_UPLOAD_SIZE_LIMIT} MB"
 
+#: apps/remix/app/components/general/template/template-drop-zone-wrapper.tsx
+#: apps/remix/app/components/general/document/document-drop-zone-wrapper.tsx
+msgid "File is larger than {APP_DOCUMENT_UPLOAD_SIZE_LIMIT}MB"
+msgstr ""
+
+#: apps/remix/app/components/general/template/template-drop-zone-wrapper.tsx
+#: apps/remix/app/components/general/document/document-drop-zone-wrapper.tsx
+msgid "File is too small"
+msgstr ""
+
 #: apps/remix/app/components/dialogs/template-use-dialog.tsx
 msgid "File size exceeds the limit of {APP_DOCUMENT_UPLOAD_SIZE_LIMIT} MB"
 msgstr "La dimensione del file supera il limite di {APP_DOCUMENT_UPLOAD_SIZE_LIMIT} MB"
@@ -3810,6 +4082,7 @@ msgstr "Genera link"
 msgid "Global recipient action authentication"
 msgstr "Autenticazione globale del destinatario"
 
+#: apps/remix/app/routes/_unauthenticated+/o.$orgUrl.signin.tsx
 #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.groups.$id.tsx
 #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.email-domains.$id.tsx
 #: apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.webhooks.$id.tsx
@@ -4000,6 +4273,10 @@ msgstr "Home (Nessuna Cartella)"
 msgid "Horizontal"
 msgstr "Orizzontale"
 
+#: apps/remix/app/routes/_unauthenticated+/organisation.sso.confirmation.$token.tsx
+msgid "I agree to link my account with this organization"
+msgstr ""
+
 #: packages/lib/constants/recipient-roles.ts
 msgid "I am a signer of this document"
 msgstr "Sono un firmatario di questo documento"
@@ -4024,6 +4301,10 @@ msgstr "Sono tenuto a ricevere una copia di questo documento"
 msgid "I am the owner of this document"
 msgstr "Sono il proprietario di questo documento"
 
+#: apps/remix/app/routes/_unauthenticated+/o.$orgUrl.signin.tsx
+msgid "I understand that I am providing my credentials to a 3rd party service configured by this organisation"
+msgstr ""
+
 #: apps/remix/app/components/dialogs/webhook-delete-dialog.tsx
 #: apps/remix/app/components/dialogs/token-delete-dialog.tsx
 msgid "I'm sure! Delete it"
@@ -4053,6 +4334,10 @@ msgstr "Se non trovi il link di conferma nella tua casella di posta, puoi richie
 msgid "If your authenticator app does not support QR codes, you can use the following code instead:"
 msgstr "Se la tua app autenticatrice non supporta i codici QR, puoi usare il seguente codice:"
 
+#: apps/remix/app/routes/_unauthenticated+/organisation.sso.confirmation.$token.tsx
+msgid "Important: What This Means"
+msgstr ""
+
 #: apps/remix/app/components/general/app-nav-mobile.tsx
 #: apps/remix/app/components/general/app-nav-mobile.tsx
 #: apps/remix/app/components/general/document/document-status.tsx
@@ -4120,6 +4405,10 @@ msgstr "Statistiche istanze"
 msgid "Invalid code. Please try again."
 msgstr "Codice non valido. Riprova."
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "Invalid domains"
+msgstr ""
+
 #: packages/ui/primitives/document-flow/add-signers.types.ts
 msgid "Invalid email"
 msgstr "Email non valida"
@@ -4133,6 +4422,10 @@ msgstr "Link non valido"
 msgid "Invalid token"
 msgstr "Token non valido"
 
+#: apps/remix/app/routes/_unauthenticated+/organisation.sso.confirmation.$token.tsx
+msgid "Invalid Token"
+msgstr ""
+
 #: apps/remix/app/components/forms/reset-password.tsx
 msgid "Invalid token provided. Please try again."
 msgstr "Token non valido fornito. Per favore riprova."
@@ -4192,6 +4485,10 @@ msgstr "Fattura"
 msgid "IP Address"
 msgstr "Indirizzo IP"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "Issuer URL"
+msgstr ""
+
 #: apps/remix/app/routes/_unauthenticated+/articles.signature-disclosure.tsx
 msgid "It is crucial to keep your contact information, especially your email address, up to date with us. Please notify us immediately of any changes to ensure that you continue to receive all necessary communications."
 msgstr "È fondamentale mantenere aggiornate le tue informazioni di contatto, in particolare il tuo indirizzo email. Ti preghiamo di notificarci immediatamente qualsiasi modifica per assicurarti di continuare a ricevere tutte le comunicazioni necessarie."
@@ -4225,6 +4522,10 @@ msgstr "Al momento, non è il tuo turno di firmare. Riceverai un'email con le is
 msgid "Join {organisationName} on Documenso"
 msgstr "Unisciti a {organisationName} su Documenso"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.support.tsx
+msgid "Join our community on <0>Discord</0> for community support and discussion."
+msgstr ""
+
 #. placeholder {0}: DateTime.fromJSDate(team.createdAt).toRelative({ style: 'short' })
 #: apps/remix/app/routes/_authenticated+/dashboard.tsx
 msgid "Joined {0}"
@@ -4319,10 +4620,27 @@ msgstr "Ti piacerebbe avere il tuo profilo pubblico con accordi?"
 msgid "Link expires in 1 hour."
 msgstr "Il link scade tra 1 ora."
 
+#: packages/email/templates/organisation-account-link-confirmation.tsx
+msgid "Link expires in 30 minutes."
+msgstr ""
+
 #: apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.public-profile.tsx
 msgid "Link template"
 msgstr "Collega modello"
 
+#: packages/email/templates/organisation-account-link-confirmation.tsx
+msgid "Link your Documenso account"
+msgstr ""
+
+#: apps/remix/app/routes/_authenticated+/settings+/security.linked-accounts.tsx
+#: apps/remix/app/routes/_authenticated+/settings+/security._index.tsx
+msgid "Linked Accounts"
+msgstr ""
+
+#: apps/remix/app/routes/_authenticated+/settings+/security.linked-accounts.tsx
+msgid "Linked At"
+msgstr ""
+
 #: apps/remix/app/components/general/document/document-edit-form.tsx
 msgid "Links Generated"
 msgstr "Link Generati"
@@ -4347,6 +4665,10 @@ msgstr "Caricamento del documento..."
 msgid "Loading Document..."
 msgstr "Caricamento Documento..."
 
+#: packages/ui/components/recipient/recipient-autocomplete-input.tsx
+msgid "Loading suggestions..."
+msgstr ""
+
 #: apps/remix/app/components/general/document/document-page-view-recent-activity.tsx
 msgid "Loading..."
 msgstr "Caricamento in corso..."
@@ -4372,6 +4694,10 @@ msgstr "Gestisci"
 msgid "Manage {0}'s profile"
 msgstr "Gestisci il profilo di {0}"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "Manage a custom SSO login portal for your organisation."
+msgstr ""
+
 #: apps/remix/app/routes/_authenticated+/settings+/organisations.tsx
 msgid "Manage all organisations you are currently associated with."
 msgstr "Gestisci tutte le organizzazioni con cui sei attualmente associato."
@@ -4404,6 +4730,10 @@ msgstr "Gestisci Link Diretto"
 msgid "Manage documents"
 msgstr "Gestisci documenti"
 
+#: apps/remix/app/routes/_authenticated+/settings+/security._index.tsx
+msgid "Manage linked accounts"
+msgstr ""
+
 #: apps/remix/app/routes/_authenticated+/admin+/organisations.$id.tsx
 msgid "Manage organisation"
 msgstr "Gestisci l'organizzazione"
@@ -4539,6 +4869,10 @@ msgstr "Membro"
 msgid "Member Count"
 msgstr "Conteggio membri"
 
+#: apps/remix/app/routes/_authenticated+/admin+/organisations.$id.tsx
+msgid "Member promoted to owner successfully"
+msgstr ""
+
 #: apps/remix/app/components/tables/organisation-members-table.tsx
 msgid "Member Since"
 msgstr "Membro dal"
@@ -4554,6 +4888,7 @@ msgstr "Membro dal"
 msgid "Members"
 msgstr "Membri"
 
+#: apps/remix/app/components/forms/support-ticket-form.tsx
 #: packages/ui/primitives/template-flow/add-template-settings.tsx
 #: packages/ui/primitives/document-flow/add-subject.tsx
 msgid "Message"
@@ -4789,6 +5124,10 @@ msgstr "Nessun campo di firma trovato"
 msgid "No Stripe customer attached"
 msgstr "Nessun cliente Stripe collegato"
 
+#: packages/ui/components/recipient/recipient-autocomplete-input.tsx
+msgid "No suggestions found"
+msgstr ""
+
 #: apps/remix/app/components/tables/team-groups-table.tsx
 msgid "No team groups found"
 msgstr "Nessun gruppo di team trovato"
@@ -4919,6 +5258,16 @@ msgstr "Solo gli amministratori possono accedere e visualizzare il documento"
 msgid "Only managers and above can access and view the document"
 msgstr "Solo i manager e superiori possono accedere e visualizzare il documento"
 
+#: apps/remix/app/components/general/template/template-drop-zone-wrapper.tsx
+#: apps/remix/app/components/general/document/document-drop-zone-wrapper.tsx
+msgid "Only one file can be uploaded at a time"
+msgstr ""
+
+#: apps/remix/app/components/general/template/template-drop-zone-wrapper.tsx
+#: apps/remix/app/components/general/document/document-drop-zone-wrapper.tsx
+msgid "Only PDF files are allowed"
+msgstr ""
+
 #: apps/remix/app/routes/_profile+/_layout.tsx
 #: apps/remix/app/components/general/generic-error-layout.tsx
 #: apps/remix/app/components/general/generic-error-layout.tsx
@@ -4934,10 +5283,15 @@ msgstr "Aperto"
 msgid "Or"
 msgstr "Oppure"
 
+#: apps/remix/app/routes/_unauthenticated+/o.$orgUrl.signin.tsx
+msgid "OR"
+msgstr ""
+
 #: apps/remix/app/components/forms/signin.tsx
 msgid "Or continue with"
 msgstr "Oppure continua con"
 
+#: apps/remix/app/routes/_unauthenticated+/organisation.sso.confirmation.$token.tsx
 #: apps/remix/app/components/tables/user-organisations-table.tsx
 #: apps/remix/app/components/tables/admin-organisations-table.tsx
 msgid "Organisation"
@@ -4947,6 +5301,10 @@ msgstr "Organizzazione"
 msgid "Organisation Admin"
 msgstr "Amministratore dell'organizzazione"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "Organisation authentication portal URL"
+msgstr ""
+
 #: apps/remix/app/components/dialogs/admin-organisation-create-dialog.tsx
 msgid "Organisation created"
 msgstr "Organizzazione creata"
@@ -5017,6 +5375,10 @@ msgstr "Impostazioni dell'organizzazione"
 msgid "Organisation Settings"
 msgstr "Impostazioni dell'organizzazione"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "Organisation SSO Portal"
+msgstr ""
+
 #: apps/remix/app/routes/_authenticated+/admin+/organisations.$id.tsx
 msgid "Organisation Teams"
 msgstr "Team dell'organizzazione"
@@ -5309,9 +5671,13 @@ msgstr "Si prega di inserire un nome significativo per il proprio token. Questo
 msgid "Please enter a valid name."
 msgstr "Per favore inserisci un nome valido."
 
-#: apps/remix/app/components/general/document-signing/document-signing-form.tsx
-msgid "Please mark as viewed to complete"
-msgstr "Si prega di segnare come visualizzato per completare"
+#: apps/remix/app/components/general/document-signing/document-signing-page-view.tsx
+msgid "Please mark as viewed to complete."
+msgstr ""
+
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "Please note that anyone who signs in through your portal will be added to your organisation as a member."
+msgstr ""
 
 #: apps/remix/app/components/dialogs/template-direct-link-dialog.tsx
 msgid "Please note that proceeding will remove direct linking recipient and turn it into a placeholder."
@@ -5349,11 +5715,11 @@ msgstr "Si prega di fornire un token dal tuo autenticatore, o un codice di backu
 msgid "Please provide a token from your authenticator, or a backup code."
 msgstr "Si prega di fornire un token dal tuo autenticatore, o un codice di backup."
 
-#: apps/remix/app/components/general/document-signing/document-signing-form.tsx
+#: apps/remix/app/components/general/document-signing/document-signing-page-view.tsx
 msgid "Please review the document before approving."
 msgstr "Per favore, esamina il documento prima di approvarlo."
 
-#: apps/remix/app/components/general/document-signing/document-signing-form.tsx
+#: apps/remix/app/components/general/document-signing/document-signing-page-view.tsx
 msgid "Please review the document before signing."
 msgstr "Rivedi il documento prima di firmare."
 
@@ -5449,6 +5815,18 @@ msgstr "Profilo aggiornato"
 msgid "Progress"
 msgstr "Progresso"
 
+#: apps/remix/app/routes/_authenticated+/admin+/organisations.$id.tsx
+msgid "Promote to owner"
+msgstr ""
+
+#: apps/remix/app/routes/_authenticated+/settings+/security.linked-accounts.tsx
+msgid "Provider"
+msgstr ""
+
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "Provider has been updated successfully"
+msgstr ""
+
 #: apps/remix/app/components/tables/templates-table.tsx
 #: apps/remix/app/components/general/template/template-type.tsx
 msgid "Public"
@@ -5485,6 +5863,10 @@ msgstr "Valori radio"
 msgid "Read only"
 msgstr "Sola lettura"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.support.tsx
+msgid "Read our documentation to get started with Documenso."
+msgstr ""
+
 #: apps/remix/app/components/general/document-signing/document-signing-disclosure.tsx
 msgid "Read the full <0>signature disclosure</0>."
 msgstr "Leggi l'intera <0>divulgazione della firma</0>."
@@ -5601,6 +5983,10 @@ msgstr "Codici di recupero"
 msgid "Red"
 msgstr "Rosso"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "Redirect URI"
+msgstr ""
+
 #: apps/remix/app/components/embed/authoring/configure-document-advanced-settings.tsx
 #: packages/ui/primitives/template-flow/add-template-settings.tsx
 #: packages/ui/primitives/document-flow/add-settings.tsx
@@ -5714,6 +6100,10 @@ msgstr "Rispondi all'email"
 msgid "Reply To Email"
 msgstr "Rispondi a Email"
 
+#: apps/remix/app/routes/_unauthenticated+/organisation.sso.confirmation.$token.tsx
+msgid "Requesting Organisation"
+msgstr ""
+
 #: packages/ui/primitives/document-flow/field-items-advanced-settings/text-field.tsx
 #: packages/ui/primitives/document-flow/field-items-advanced-settings/radio-field.tsx
 #: packages/ui/primitives/document-flow/field-items-advanced-settings/number-field.tsx
@@ -5722,6 +6112,10 @@ msgstr "Rispondi a Email"
 msgid "Required field"
 msgstr "Campo richiesto"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "Required scopes"
+msgstr ""
+
 #: apps/remix/app/routes/_authenticated+/admin+/documents.$id.tsx
 msgid "Reseal document"
 msgstr "Risigilla documento"
@@ -5746,6 +6140,11 @@ msgstr "Reinvia verifica"
 msgid "Reset"
 msgstr "Ripristina"
 
+#: apps/remix/app/components/dialogs/admin-user-reset-two-factor-dialog.tsx
+#: apps/remix/app/components/dialogs/admin-user-reset-two-factor-dialog.tsx
+msgid "Reset 2FA"
+msgstr ""
+
 #: apps/remix/app/components/forms/forgot-password.tsx
 msgid "Reset email sent"
 msgstr "Email di reset inviato"
@@ -5757,6 +6156,14 @@ msgstr "Email di reset inviato"
 msgid "Reset Password"
 msgstr "Reimposta password"
 
+#: apps/remix/app/components/dialogs/admin-user-reset-two-factor-dialog.tsx
+msgid "Reset the users two factor authentication. This action is irreversible and will disable two factor authentication for the user."
+msgstr ""
+
+#: apps/remix/app/components/dialogs/admin-user-reset-two-factor-dialog.tsx
+msgid "Reset Two Factor Authentication"
+msgstr ""
+
 #: apps/remix/app/components/forms/reset-password.tsx
 msgid "Resetting Password..."
 msgstr "Reimpostazione della password..."
@@ -5788,9 +6195,14 @@ msgstr "Riprova"
 #: apps/remix/app/routes/_unauthenticated+/team.verify.email.$token.tsx
 #: apps/remix/app/routes/_unauthenticated+/organisation.invite.$token.tsx
 #: apps/remix/app/routes/_unauthenticated+/organisation.decline.$token.tsx
+#: apps/remix/app/routes/_unauthenticated+/o.$orgUrl.signin.tsx
 msgid "Return"
 msgstr "Ritorna"
 
+#: apps/remix/app/routes/_unauthenticated+/o.$orgUrl.signin.tsx
+msgid "Return to Documenso sign in page here"
+msgstr ""
+
 #: apps/remix/app/routes/_unauthenticated+/organisation.decline.$token.tsx
 msgid "Return to Home"
 msgstr "Torna alla home"
@@ -5800,6 +6212,10 @@ msgstr "Torna alla home"
 msgid "Return to sign in"
 msgstr "Torna a accedere"
 
+#: packages/email/templates/organisation-account-link-confirmation.tsx
+msgid "Review request"
+msgstr ""
+
 #: apps/remix/app/routes/_authenticated+/settings+/security.sessions.tsx
 #: apps/remix/app/components/general/teams/team-email-usage.tsx
 msgid "Revoke"
@@ -5974,6 +6390,10 @@ msgstr "Seleziona i metodi di autenticazione"
 msgid "Select default option"
 msgstr "Seleziona opzione predefinita"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "Select default role"
+msgstr ""
+
 #: packages/ui/primitives/document-flow/field-items-advanced-settings/checkbox-field.tsx
 msgid "Select direction"
 msgstr "Seleziona la direzione"
@@ -6189,6 +6609,11 @@ msgstr "Mostra impostazioni avanzate"
 msgid "Show templates in your public profile for your audience to sign and get started quickly"
 msgstr "Mostra modelli nel tuo profilo pubblico per il tuo pubblico da firmare e iniziare rapidamente"
 
+#: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role action verb"
+msgid "Sign"
+msgstr ""
+
 #: apps/remix/app/routes/_profile+/p.$url.tsx
 #: apps/remix/app/components/tables/inbox-table.tsx
 #: apps/remix/app/components/tables/documents-table-action-dropdown.tsx
@@ -6202,7 +6627,6 @@ msgstr "Mostra modelli nel tuo profilo pubblico per il tuo pubblico da firmare e
 #: apps/remix/app/components/general/document-signing/document-signing-auth-password.tsx
 #: apps/remix/app/components/general/document-signing/document-signing-auth-2fa.tsx
 #: apps/remix/app/components/general/document/document-page-view-button.tsx
-#: packages/lib/constants/recipient-roles.ts
 msgid "Sign"
 msgstr "Firma"
 
@@ -6224,7 +6648,7 @@ msgstr "Firma come<0>{0} <1>({1})</1></0>"
 msgid "Sign document"
 msgstr "Firma il documento"
 
-#: apps/remix/app/components/general/document-signing/document-signing-form.tsx
+#: apps/remix/app/components/general/document-signing/document-signing-page-view.tsx
 #: packages/email/template-components/template-document-invite.tsx
 msgid "Sign Document"
 msgstr "Firma documento"
@@ -6242,6 +6666,7 @@ msgstr "Campo di firma"
 msgid "Sign Here"
 msgstr "Firma qui"
 
+#: apps/remix/app/routes/_unauthenticated+/o.$orgUrl.signin.tsx
 #: apps/remix/app/components/forms/signin.tsx
 #: apps/remix/app/components/forms/signin.tsx
 #: packages/email/template-components/template-reset-password.tsx
@@ -6249,6 +6674,7 @@ msgid "Sign In"
 msgstr "Accedi"
 
 #: apps/remix/app/routes/_unauthenticated+/signin.tsx
+#: apps/remix/app/routes/_unauthenticated+/o.$orgUrl.signin.tsx
 #: apps/remix/app/components/general/document-signing/document-signing-auth-dialog.tsx
 msgid "Sign in to your account"
 msgstr "Accedi al tuo account"
@@ -6316,32 +6742,35 @@ msgstr "Firme raccolte"
 msgid "Signatures will appear once the document has been completed"
 msgstr "Le firme appariranno una volta completato il documento"
 
+#: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role actioned"
+msgid "Signed"
+msgstr ""
+
 #: apps/remix/app/routes/_internal+/[__htmltopdf]+/certificate.tsx
 #: apps/remix/app/components/general/document/document-page-view-recipients.tsx
 #: packages/ui/components/document/document-read-only-fields.tsx
-#: packages/lib/constants/recipient-roles.ts
 msgid "Signed"
 msgstr "Firmato"
 
 #: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role name"
 msgid "Signer"
-msgstr "Firmatario"
+msgstr ""
 
 #: apps/remix/app/routes/_internal+/[__htmltopdf]+/certificate.tsx
 msgid "Signer Events"
 msgstr "Eventi del Firmatario"
 
 #: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role plural name"
 msgid "Signers"
-msgstr "Firmatari"
-
-#: packages/ui/primitives/document-flow/add-signers.types.ts
-msgid "Signers must have unique emails"
-msgstr "I firmatari devono avere email uniche"
+msgstr ""
 
 #: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role progressive verb"
 msgid "Signing"
-msgstr "Firma"
+msgstr ""
 
 #: apps/remix/app/routes/_internal+/[__htmltopdf]+/certificate.tsx
 msgid "Signing Certificate"
@@ -6512,6 +6941,14 @@ msgstr "Siamo spiacenti, non siamo riusciti a scaricare il certificato. Riprova
 msgid "Source"
 msgstr "Fonte"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "Space-separated list of domains. Leave empty to allow all domains."
+msgstr ""
+
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings._layout.tsx
+msgid "SSO"
+msgstr ""
+
 #: apps/remix/app/routes/_authenticated+/admin+/_layout.tsx
 msgid "Stats"
 msgstr "Statistiche"
@@ -6543,6 +6980,7 @@ msgstr "Cliente Stripe creato con successo"
 msgid "Stripe Customer ID"
 msgstr "ID cliente di Stripe"
 
+#: apps/remix/app/components/forms/support-ticket-form.tsx
 #: packages/ui/primitives/document-flow/add-subject.tsx
 msgid "Subject"
 msgstr "Soggetto"
@@ -6552,6 +6990,10 @@ msgstr "Soggetto"
 msgid "Subject <0>(Optional)</0>"
 msgstr "Oggetto <0>(Opzionale)</0>"
 
+#: apps/remix/app/components/forms/support-ticket-form.tsx
+msgid "Submit"
+msgstr ""
+
 #: apps/remix/app/components/general/billing-plans.tsx
 #: apps/remix/app/components/general/billing-plans.tsx
 #: apps/remix/app/components/general/billing-plans.tsx
@@ -6585,10 +7027,12 @@ msgstr "Abbonamento non valido"
 
 #: apps/remix/app/routes/embed+/v1+/authoring+/template.edit.$id.tsx
 #: apps/remix/app/routes/embed+/v1+/authoring+/document.edit.$id.tsx
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
 #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.groups.$id.tsx
 #: apps/remix/app/routes/_authenticated+/admin+/organisations.$id.tsx
 #: apps/remix/app/routes/_authenticated+/admin+/organisations.$id.tsx
 #: apps/remix/app/routes/_authenticated+/admin+/organisations.$id.tsx
+#: apps/remix/app/routes/_authenticated+/admin+/organisations.$id.tsx
 #: apps/remix/app/routes/_authenticated+/admin+/documents.$id.tsx
 #: apps/remix/app/components/tables/settings-security-passkey-table-actions.tsx
 #: apps/remix/app/components/tables/settings-security-passkey-table-actions.tsx
@@ -6646,6 +7090,15 @@ msgstr "Creati con successo: {successCount}"
 msgid "Summary:"
 msgstr "Sommario:"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.support.tsx
+#: apps/remix/app/components/general/org-menu-switcher.tsx
+msgid "Support"
+msgstr ""
+
+#: apps/remix/app/components/forms/support-ticket-form.tsx
+msgid "Support ticket created"
+msgstr ""
+
 #: apps/remix/app/components/tables/organisation-email-domains-table.tsx
 msgid "Sync"
 msgstr "Sincronizza"
@@ -7009,9 +7462,11 @@ msgid "The email address which will show up in the \"Reply To\" field in emails"
 msgstr "L'indirizzo email che verrà visualizzato nel campo \"Rispondi a\" nelle email"
 
 #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.email-domains.$id.tsx
-msgid "The email domain you are looking for may have been removed, renamed or may have never\n"
+msgid ""
+"The email domain you are looking for may have been removed, renamed or may have never\n"
 "                    existed."
-msgstr "Il dominio email che stai cercando potrebbe essere stato rimosso, rinominato o potrebbe non essere mai\n"
+msgstr ""
+"Il dominio email che stai cercando potrebbe essere stato rimosso, rinominato o potrebbe non essere mai\n"
 "esistito."
 
 #: apps/remix/app/components/forms/signin.tsx
@@ -7051,14 +7506,24 @@ msgstr "Si sono verificati i seguenti errori:"
 msgid "The following team has been deleted. You will no longer be able to access this team and its documents"
 msgstr "Il seguente team è stato eliminato. Non potrai più accedere a questo team e ai suoi documenti"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "The OpenID discovery endpoint URL for your provider"
+msgstr ""
+
+#: apps/remix/app/routes/_unauthenticated+/o.$orgUrl.signin.tsx
+msgid "The organisation authentication portal does not exist, or is not configured"
+msgstr ""
+
 #: apps/remix/app/components/dialogs/organisation-email-create-dialog.tsx
 msgid "The organisation email has been created successfully."
 msgstr "L'email dell'organizzazione è stata creata con successo."
 
 #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.groups.$id.tsx
-msgid "The organisation group you are looking for may have been removed, renamed or may have never\n"
+msgid ""
+"The organisation group you are looking for may have been removed, renamed or may have never\n"
 "                    existed."
-msgstr "Il gruppo organizzativo che cerchi potrebbe essere stato rimosso, rinominato o potrebbe non essere mai\n"
+msgstr ""
+"Il gruppo organizzativo che cerchi potrebbe essere stato rimosso, rinominato o potrebbe non essere mai\n"
 "                    esistito."
 
 #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.groups.$id.tsx
@@ -7066,15 +7531,19 @@ msgid "The organisation role that will be applied to all members in this group."
 msgstr "Il ruolo organizzativo che verrà applicato a tutti i membri in questo gruppo."
 
 #: apps/remix/app/routes/_authenticated+/admin+/organisations.$id.tsx
-msgid "The organisation you are looking for may have been removed, renamed or may have never\n"
+msgid ""
+"The organisation you are looking for may have been removed, renamed or may have never\n"
 "                    existed."
-msgstr "L'organizzazione che cerchi potrebbe essere stata rimossa, rinominata o potrebbe non essere mai\n"
+msgstr ""
+"L'organizzazione che cerchi potrebbe essere stata rimossa, rinominata o potrebbe non essere mai\n"
 "                    esistita."
 
 #: apps/remix/app/routes/_authenticated+/_layout.tsx
-msgid "The organisation you are looking for may have been removed, renamed or may have never\n"
+msgid ""
+"The organisation you are looking for may have been removed, renamed or may have never\n"
 "                  existed."
-msgstr "L'organizzazione che cerchi potrebbe essere stata rimossa, rinominata o potrebbe non essere mai\n"
+msgstr ""
+"L'organizzazione che cerchi potrebbe essere stata rimossa, rinominata o potrebbe non essere mai\n"
 "                  esistita."
 
 #: apps/remix/app/components/general/generic-error-layout.tsx
@@ -7162,15 +7631,19 @@ msgid "The team email <0>{teamEmail}</0> has been removed from the following tea
 msgstr "L'email del team <0>{teamEmail}</0> è stata rimossa dal seguente team"
 
 #: apps/remix/app/routes/_authenticated+/_layout.tsx
-msgid "The team you are looking for may have been removed, renamed or may have never\n"
+msgid ""
+"The team you are looking for may have been removed, renamed or may have never\n"
 "                  existed."
-msgstr "Il team che cerchi potrebbe essere stato rimosso, rinominato o potrebbe non essere mai\n"
+msgstr ""
+"Il team che cerchi potrebbe essere stato rimosso, rinominato o potrebbe non essere mai\n"
 "                  esistito."
 
 #: apps/remix/app/routes/_authenticated+/t.$teamUrl+/_layout.tsx
-msgid "The team you are looking for may have been removed, renamed or may have never\n"
+msgid ""
+"The team you are looking for may have been removed, renamed or may have never\n"
 "                existed."
-msgstr "La squadra che stai cercando potrebbe essere stata rimossa, rinominata o potrebbe non essere mai\n"
+msgstr ""
+"La squadra che stai cercando potrebbe essere stata rimossa, rinominata o potrebbe non essere mai\n"
 "                esistita."
 
 #: apps/remix/app/components/dialogs/template-move-to-folder-dialog.tsx
@@ -7185,6 +7658,10 @@ msgstr "Il modello sarà rimosso dal tuo profilo"
 msgid "The test webhook has been successfully sent to your endpoint."
 msgstr "Il test del webhook è stato inviato con successo al tuo endpoint."
 
+#: apps/remix/app/routes/_unauthenticated+/organisation.sso.confirmation.$token.tsx
+msgid "The token is invalid or has expired."
+msgstr ""
+
 #: apps/remix/app/components/forms/token.tsx
 msgid "The token was copied to your clipboard."
 msgstr "Il token è stato copiato negli appunti."
@@ -7211,11 +7688,17 @@ msgid "The URL for Documenso to send webhook events to."
 msgstr "L'URL per Documenso per inviare eventi webhook."
 
 #: apps/remix/app/routes/_authenticated+/admin+/users.$id.tsx
-msgid "The user you are looking for may have been removed, renamed or may have never\n"
+msgid ""
+"The user you are looking for may have been removed, renamed or may have never\n"
 "                    existed."
-msgstr "L'utente che cerchi potrebbe essere stato rimosso, rinominato o potrebbe non essere mai\n"
+msgstr ""
+"L'utente che cerchi potrebbe essere stato rimosso, rinominato o potrebbe non essere mai\n"
 "                    esistito."
 
+#: apps/remix/app/components/dialogs/admin-user-reset-two-factor-dialog.tsx
+msgid "The user's two factor authentication has been reset successfully."
+msgstr ""
+
 #: apps/remix/app/components/dialogs/webhook-delete-dialog.tsx
 msgid "The webhook has been successfully deleted."
 msgstr "Il webhook è stato eliminato con successo."
@@ -7229,9 +7712,11 @@ msgid "The webhook was successfully created."
 msgstr "Il webhook è stato creato con successo."
 
 #: apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.webhooks.$id.tsx
-msgid "The webhook you are looking for may have been removed, renamed or may have never\n"
+msgid ""
+"The webhook you are looking for may have been removed, renamed or may have never\n"
 "                    existed."
-msgstr "Il webhook che stai cercando potrebbe essere stato rimosso, rinominato o potrebbe non\n"
+msgstr ""
+"Il webhook che stai cercando potrebbe essere stato rimosso, rinominato o potrebbe non\n"
 "esistito mai."
 
 #: apps/remix/app/components/tables/documents-table-empty-state.tsx
@@ -7266,6 +7751,10 @@ msgstr "Questo account è stato disabilitato. Contatta il supporto."
 msgid "This account has not been verified. Please verify your account before signing in."
 msgstr "Questo account non è stato verificato. Verifica il tuo account prima di accedere."
 
+#: apps/remix/app/components/dialogs/admin-user-reset-two-factor-dialog.tsx
+msgid "This action is irreversible. Please ensure you have informed the user before proceeding."
+msgstr ""
+
 #: apps/remix/app/components/dialogs/admin-user-delete-dialog.tsx
 #: apps/remix/app/components/dialogs/admin-document-delete-dialog.tsx
 #: apps/remix/app/components/dialogs/account-delete-dialog.tsx
@@ -7384,10 +7873,22 @@ msgstr "È così che il documento raggiungerà i destinatari una volta pronto pe
 msgid "This is the claim that this organisation was initially created with. Any feature flag changes to this claim will be backported into this organisation."
 msgstr "Questo è il reclamo con cui questa organizzazione è stata inizialmente creata. Qualunque cambiamento agli indicatori delle funzionalità di questo reclamo sarà retroportato in questa organizzazione."
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "This is the required scopes you must set in your provider's settings"
+msgstr ""
+
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "This is the URL which users will use to sign in to your organisation."
+msgstr ""
+
 #: apps/remix/app/routes/_unauthenticated+/team.verify.email.$token.tsx
 msgid "This link is invalid or has expired. Please contact your team to resend a verification."
 msgstr "Questo link è invalido o è scaduto. Si prega di contattare il tuo team per inviare nuovamente una verifica."
 
+#: apps/remix/app/routes/_unauthenticated+/organisation.sso.confirmation.$token.tsx
+msgid "This organisation will have administrative control over your account. You can revoke this access later, but they will retain access to any data they've already collected."
+msgstr ""
+
 #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.general.tsx
 msgid "This organisation, and any associated data will be permanently deleted."
 msgstr "Questa organizzazione e tutti i dati associati saranno cancellati in modo permanente."
@@ -7507,9 +8008,10 @@ msgstr "Per poter aggiungere membri a un team, devi prima aggiungerli all'organi
 msgid "To change the email you must remove and add a new email address."
 msgstr "Per cambiare la email devi rimuovere e aggiungere un nuovo indirizzo email."
 
+#. placeholder {0}: user.email
 #. placeholder {0}: userToEnable.email
 #. placeholder {0}: userToDisable.email
-#. placeholder {0}: user.email
+#: apps/remix/app/components/dialogs/admin-user-reset-two-factor-dialog.tsx
 #: apps/remix/app/components/dialogs/admin-user-enable-dialog.tsx
 #: apps/remix/app/components/dialogs/admin-user-disable-dialog.tsx
 #: apps/remix/app/components/dialogs/admin-user-delete-dialog.tsx
@@ -7525,6 +8027,7 @@ msgid "To enable two-factor authentication, scan the following QR code using you
 msgstr "Per abilitare l'autenticazione a due fattori, scansiona il seguente codice QR utilizzando la tua app di autenticazione."
 
 #: apps/remix/app/routes/_unauthenticated+/unverified-account.tsx
+#: apps/remix/app/routes/_unauthenticated+/o.$orgUrl.signin.tsx
 msgid "To gain access to your account, please confirm your email address by clicking on the confirmation link from your inbox."
 msgstr "Per accedere al tuo account, conferma il tuo indirizzo email facendo clic sul link di conferma dalla tua casella di posta."
 
@@ -7641,9 +8144,14 @@ msgstr "L'autenticazione a due fattori è stata disattivata per il tuo account.
 msgid "Two-Factor Re-Authentication"
 msgstr "Ri-autenticazione a due fattori"
 
+#: packages/lib/constants/document.ts
+msgctxt "Type signatute type"
+msgid "Type"
+msgstr ""
+
 #: apps/remix/app/components/tables/templates-table.tsx
 #: apps/remix/app/components/tables/admin-document-recipient-item-table.tsx
-#: packages/lib/constants/document.ts
+#: packages/ui/primitives/signature-pad/signature-pad.tsx
 msgid "Type"
 msgstr "Tipo"
 
@@ -7757,9 +8265,15 @@ msgstr "Incompleto"
 #: apps/remix/app/routes/_authenticated+/settings+/security.sessions.tsx
 #: apps/remix/app/routes/_authenticated+/settings+/security.sessions.tsx
 #: apps/remix/app/routes/_authenticated+/settings+/security.sessions.tsx
+#: apps/remix/app/routes/_authenticated+/settings+/security.linked-accounts.tsx
 msgid "Unknown"
 msgstr "Sconosciuto"
 
+#: apps/remix/app/components/general/template/template-drop-zone-wrapper.tsx
+#: apps/remix/app/components/general/document/document-drop-zone-wrapper.tsx
+msgid "Unknown error"
+msgstr ""
+
 #: apps/remix/app/components/tables/admin-claims-table.tsx
 msgid "Unlimited"
 msgstr "Illimitato"
@@ -7768,6 +8282,11 @@ msgstr "Illimitato"
 msgid "Unlimited documents, API and more"
 msgstr "Documenti illimitati, API e altro"
 
+#: apps/remix/app/routes/_authenticated+/settings+/security.linked-accounts.tsx
+#: apps/remix/app/routes/_authenticated+/settings+/security.linked-accounts.tsx
+msgid "Unlink"
+msgstr ""
+
 #: apps/remix/app/components/general/folder/folder-card.tsx
 msgid "Unpin"
 msgstr "Rimuovi"
@@ -7776,6 +8295,7 @@ msgstr "Rimuovi"
 msgid "Untitled Group"
 msgstr "Gruppo senza nome"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
 #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.groups.$id.tsx
 #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.email-domains.$id.tsx
 #: apps/remix/app/routes/_authenticated+/admin+/organisations.$id.tsx
@@ -7915,6 +8435,11 @@ msgid "Upgrade your plan to upload more documents"
 msgstr "Aggiorna il tuo piano per caricare più documenti"
 
 #: packages/lib/constants/document.ts
+msgctxt "Upload signatute type"
+msgid "Upload"
+msgstr ""
+
+#: packages/ui/primitives/signature-pad/signature-pad.tsx
 msgid "Upload"
 msgstr "Carica"
 
@@ -7948,6 +8473,11 @@ msgstr "Carica documento personalizzato"
 msgid "Upload Document"
 msgstr "Carica documento"
 
+#: apps/remix/app/components/general/template/template-drop-zone-wrapper.tsx
+#: apps/remix/app/components/general/document/document-drop-zone-wrapper.tsx
+msgid "Upload failed"
+msgstr ""
+
 #: packages/ui/primitives/signature-pad/signature-pad-upload.tsx
 msgid "Upload Signature"
 msgstr "Carica Firma"
@@ -8029,6 +8559,7 @@ msgstr "L'utente non ha password."
 msgid "User not found"
 msgstr "Utente non trovato"
 
+#: apps/remix/app/components/dialogs/admin-user-reset-two-factor-dialog.tsx
 #: apps/remix/app/components/dialogs/admin-user-enable-dialog.tsx
 #: apps/remix/app/components/dialogs/admin-user-disable-dialog.tsx
 #: apps/remix/app/components/dialogs/admin-user-delete-dialog.tsx
@@ -8102,6 +8633,11 @@ msgstr "Verifica il tuo indirizzo email del team"
 msgid "Vertical"
 msgstr "Verticale"
 
+#: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role action verb"
+msgid "View"
+msgstr ""
+
 #: apps/remix/app/components/tables/organisation-billing-invoices-table.tsx
 #: apps/remix/app/components/tables/inbox-table.tsx
 #: apps/remix/app/components/tables/inbox-table.tsx
@@ -8111,7 +8647,6 @@ msgstr "Verticale"
 #: apps/remix/app/components/general/document/document-page-view-button.tsx
 #: apps/remix/app/components/forms/2fa/view-recovery-codes-dialog.tsx
 #: apps/remix/app/components/embed/multisign/multi-sign-document-list.tsx
-#: packages/lib/constants/recipient-roles.ts
 msgid "View"
 msgstr "Visualizza"
 
@@ -8144,6 +8679,11 @@ msgstr "Visualizza tutte le attività di sicurezza relative al tuo account."
 msgid "View and manage all active sessions for your account."
 msgstr "Visualizza e gestisci tutte le sessioni attive per il tuo account."
 
+#: apps/remix/app/routes/_authenticated+/settings+/security.linked-accounts.tsx
+#: apps/remix/app/routes/_authenticated+/settings+/security._index.tsx
+msgid "View and manage all login methods linked to your account."
+msgstr ""
+
 #: apps/remix/app/components/forms/2fa/view-recovery-codes-dialog.tsx
 msgid "View Codes"
 msgstr "Visualizza Codici"
@@ -8156,7 +8696,7 @@ msgstr "Visualizza Record DNS"
 msgid "View document"
 msgstr "Visualizza documento"
 
-#: apps/remix/app/components/general/document-signing/document-signing-form.tsx
+#: apps/remix/app/components/general/document-signing/document-signing-page-view.tsx
 #: packages/ui/primitives/document-flow/add-subject.tsx
 #: packages/ui/primitives/document-flow/add-subject.tsx
 #: packages/ui/primitives/document-flow/add-subject.tsx
@@ -8206,24 +8746,31 @@ msgstr "Visualizza squadre"
 msgid "View the DNS records for this email domain"
 msgstr "Visualizza i record DNS per questo dominio email"
 
+#: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role actioned"
+msgid "Viewed"
+msgstr ""
+
 #: apps/remix/app/routes/_internal+/[__htmltopdf]+/certificate.tsx
 #: apps/remix/app/components/general/document/document-page-view-recipients.tsx
 #: apps/remix/app/components/embed/multisign/multi-sign-document-list.tsx
-#: packages/lib/constants/recipient-roles.ts
 msgid "Viewed"
 msgstr "Visualizzato"
 
 #: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role name"
 msgid "Viewer"
-msgstr "Visualizzatore"
+msgstr ""
 
 #: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role plural name"
 msgid "Viewers"
-msgstr "Visualizzatori"
+msgstr ""
 
 #: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role progressive verb"
 msgid "Viewing"
-msgstr "Visualizzazione"
+msgstr ""
 
 #: apps/remix/app/components/dialogs/folder-update-dialog.tsx
 msgid "Visibility"
@@ -8284,6 +8831,10 @@ msgstr "Non siamo in grado di aggiornare questa chiave d'accesso al momento. Per
 msgid "We couldn't create a Stripe customer. Please try again."
 msgstr "Non siamo riusciti a creare un cliente di Stripe. Si prega di riprovare."
 
+#: apps/remix/app/routes/_authenticated+/admin+/organisations.$id.tsx
+msgid "We couldn't promote the member to owner. Please try again."
+msgstr ""
+
 #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.groups.$id.tsx
 msgid "We couldn't update the group. Please try again."
 msgstr "Non siamo riusciti ad aggiornare il gruppo. Si prega di riprovare."
@@ -8293,6 +8844,10 @@ msgstr "Non siamo riusciti ad aggiornare il gruppo. Si prega di riprovare."
 msgid "We couldn't update the organisation. Please try again."
 msgstr "Non siamo riusciti ad aggiornare l'organizzazione. Si prega di riprovare."
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "We couldn't update the provider. Please try again."
+msgstr ""
+
 #: apps/remix/app/components/dialogs/organisation-email-create-dialog.tsx
 msgid "We encountered an error while creating the email. Please try again later."
 msgstr "Abbiamo riscontrato un errore durante la creazione dell'email. Riprovare più tardi."
@@ -8401,6 +8956,7 @@ msgstr "Abbiamo riscontrato un errore sconosciuto durante il tentativo di reimpo
 msgid "We encountered an unknown error while attempting to revoke access. Please try again or contact support."
 msgstr "Abbiamo riscontrato un errore sconosciuto durante il tentativo di revocare l'accesso. Si prega di riprovare o contattare il supporto."
 
+#: apps/remix/app/routes/_unauthenticated+/o.$orgUrl.signin.tsx
 #: apps/remix/app/components/forms/signin.tsx
 #: apps/remix/app/components/forms/signin.tsx
 msgid "We encountered an unknown error while attempting to sign you In. Please try again later."
@@ -8536,6 +9092,10 @@ msgstr "Genereremo link di firma per te, che potrai inviare ai destinatari trami
 msgid "We won't send anything to notify recipients."
 msgstr "Non invieremo nulla per notificare i destinatari."
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.support.tsx
+msgid "We'll get back to you as soon as possible via email."
+msgstr ""
+
 #: apps/remix/app/routes/_authenticated+/t.$teamUrl+/templates._index.tsx
 #: apps/remix/app/components/tables/documents-table-empty-state.tsx
 msgid "We're all empty"
@@ -8593,10 +9153,18 @@ msgstr "Bentornato, siamo fortunati ad averti."
 msgid "Welcome back! Here's an overview of your account."
 msgstr "Bentornato! Ecco una panoramica del tuo account."
 
+#: apps/remix/app/routes/_unauthenticated+/o.$orgUrl.signin.tsx
+msgid "Welcome to {organisationName}"
+msgstr ""
+
 #: packages/email/template-components/template-confirmation-email.tsx
 msgid "Welcome to Documenso!"
 msgstr "Benvenuto su Documenso!"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "Well-known URL is required"
+msgstr ""
+
 #: apps/remix/app/routes/_recipient+/sign.$token+/waiting.tsx
 msgid "Were you trying to edit this document instead?"
 msgstr "Stavi provando a modificare questo documento invece?"
@@ -8623,6 +9191,10 @@ msgstr "Quando firmi un documento, possiamo automaticamente compilare e firmare
 msgid "When you use our platform to affix your electronic signature to documents, you are consenting to do so under the Electronic Signatures in Global and National Commerce Act (E-Sign Act) and other applicable laws. This action indicates your agreement to use electronic means to sign documents and receive notifications."
 msgstr "Quando utilizzi la nostra piattaforma per apporre la tua firma elettronica sui documenti, acconsenti a farlo ai sensi della Legge sulle firme elettroniche nel commercio globale e nazionale (E-Sign Act) e altre leggi applicabili. Questa azione indica il tuo consenso a utilizzare mezzi elettronici per firmare documenti e ricevere notifiche."
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "Whether to enable the SSO portal for your organisation"
+msgstr ""
+
 #: apps/remix/app/routes/_profile+/p.$url.tsx
 msgid "While waiting for them to do so you can create your own Documenso account and get started with document signing right away."
 msgstr "Mentre aspetti che lo facciano, puoi creare il tuo account Documenso e iniziare a firmare documenti subito."
@@ -8690,6 +9262,10 @@ msgstr "Stai per lasciare l'organizzazione seguente."
 msgid "You are about to remove default access to this team for all organisation members. Any members not explicitly added to this team will no longer have access."
 msgstr "Stai per rimuovere l'accesso predefinito a questo team per tutti i membri dell'organizzazione. Qualsiasi membro non esplicitamente aggiunto a questo team non avrà più accesso."
 
+#: apps/remix/app/routes/_authenticated+/settings+/security.linked-accounts.tsx
+msgid "You are about to remove the <0>{provider}</0> login method from your account."
+msgstr ""
+
 #. placeholder {0}: organisation.name
 #: apps/remix/app/components/dialogs/organisation-email-domain-delete-dialog.tsx
 msgid "You are about to remove the email domain <0>{emailDomain}</0> from <1>{0}</1>. All emails associated with this domain will be deleted."
@@ -8776,6 +9352,10 @@ msgstr "Non sei autorizzato a disabilitare questo utente."
 msgid "You are not authorized to enable this user."
 msgstr "Non sei autorizzato ad abilitare questo utente."
 
+#: apps/remix/app/components/dialogs/admin-user-reset-two-factor-dialog.tsx
+msgid "You are not authorized to reset two factor authentcation for this user."
+msgstr ""
+
 #: packages/email/template-components/template-confirmation-email.tsx
 msgid "You can also copy and paste this link into your browser: {confirmationLink} (link expires in 1 hour)"
 msgstr "Puoi anche copiare e incollare questo link nel tuo browser: {confirmationLink} (il link scade tra 1 ora)"
@@ -9066,6 +9646,10 @@ msgstr "Ora ti verrà richiesto di inserire un codice dalla tua app di autentica
 msgid "You will receive an Email copy of the signed document once everyone has signed."
 msgstr "Riceverai una copia del documento firmato via email una volta che tutti hanno firmato."
 
+#: apps/remix/app/routes/_unauthenticated+/organisation.sso.confirmation.$token.tsx
+msgid "Your Account"
+msgstr ""
+
 #: apps/remix/app/components/dialogs/account-delete-dialog.tsx
 msgid "Your account has been deleted successfully."
 msgstr "Il tuo account è stato eliminato con successo."
@@ -9099,6 +9683,10 @@ msgstr "La tua operazione di invio massivo per il modello \"{templateName}\" è
 msgid "Your current {currentProductName} plan is past due. Please update your payment information."
 msgstr "Il tuo attuale piano {currentProductName} è scaduto. Si prega di aggiornare le informazioni di pagamento."
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.support.tsx
+msgid "Your current plan includes the following support channels:"
+msgstr ""
+
 #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.billing.tsx
 msgid "Your current plan is inactive."
 msgstr "Il tuo attuale piano è inattivo."
@@ -9112,7 +9700,6 @@ msgid "Your direct signing templates"
 msgstr "I tuoi modelli di firma diretta"
 
 #: apps/remix/app/components/general/document/document-upload.tsx
-#: apps/remix/app/components/general/document/document-drop-zone-wrapper.tsx
 #: apps/remix/app/components/embed/authoring/configure-document-upload.tsx
 msgid "Your document failed to upload."
 msgstr "Il tuo documento non è stato caricato."
@@ -9245,6 +9832,10 @@ msgstr "Il tuo codice di recupero è stato copiato negli appunti."
 msgid "Your recovery codes are listed below. Please store them in a safe place."
 msgstr "I tuoi codici di recupero sono elencati di seguito. Si prega di conservarli in un luogo sicuro."
 
+#: apps/remix/app/components/forms/support-ticket-form.tsx
+msgid "Your support request has been submitted. We'll get back to you soon!"
+msgstr ""
+
 #: apps/remix/app/components/dialogs/team-create-dialog.tsx
 msgid "Your team has been created."
 msgstr "Il tuo team è stato creato."
@@ -9257,10 +9848,6 @@ msgstr "Il tuo team è stato eliminato correttamente."
 msgid "Your team has been successfully updated."
 msgstr "Il tuo team è stato aggiornato correttamente."
 
-#: apps/remix/app/components/general/template/template-drop-zone-wrapper.tsx
-msgid "Your template failed to upload."
-msgstr "Il tuo modello non è riuscito a caricarsi."
-
 #: apps/remix/app/routes/embed+/v1+/authoring_.completed.create.tsx
 msgid "Your template has been created successfully"
 msgstr "Il tuo modello è stato creato con successo"
@@ -9297,3 +9884,6 @@ msgstr "Il tuo token è stato creato con successo! Assicurati di copiarlo perch
 msgid "Your tokens will be shown here once you create them."
 msgstr "I tuoi token verranno mostrati qui una volta creati."
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "your-domain.com another-domain.com"
+msgstr ""
diff --git a/packages/lib/translations/pl/web.po b/packages/lib/translations/pl/web.po
index 939058488..dec7686c1 100644
--- a/packages/lib/translations/pl/web.po
+++ b/packages/lib/translations/pl/web.po
@@ -414,14 +414,30 @@ msgstr "{visibleRows, plural, one {Wyświetlanie # wyniku.} other {Wyświetlanie
 msgid "<0>\"{0}\"</0>is no longer available to sign"
 msgstr "<0>\"{0}\"</0>nie jest już dostępny do podpisu"
 
+#: packages/email/templates/organisation-account-link-confirmation.tsx
+msgid "<0>{organisationName}</0> has requested to create an account on your behalf."
+msgstr ""
+
+#: packages/email/templates/organisation-account-link-confirmation.tsx
+msgid "<0>{organisationName}</0> has requested to link your current Documenso account to their organisation."
+msgstr ""
+
 #: packages/email/templates/confirm-team-email.tsx
 msgid "<0>{teamName}</0> has requested to use your email address for their team on Documenso."
 msgstr "Zespół <0>{teamName}</0> poprosił o możliwość używania Twojego adresu e-mail w zespole Documenso."
 
+#: apps/remix/app/routes/_unauthenticated+/organisation.sso.confirmation.$token.tsx
+msgid "<0>Account management:</0> Modify your account settings, permissions, and preferences"
+msgstr ""
+
 #: apps/remix/app/components/dialogs/template-use-dialog.tsx
 msgid "<0>Click to upload</0> or drag and drop"
 msgstr "<0>Kliknij, aby przesłać</0> lub przeciągnij i upuść"
 
+#: apps/remix/app/routes/_unauthenticated+/organisation.sso.confirmation.$token.tsx
+msgid "<0>Data access:</0> Access all data associated with your account"
+msgstr ""
+
 #: packages/ui/components/document/document-signature-settings-tooltip.tsx
 msgid "<0>Drawn</0> - A signature that is drawn using a mouse or stylus."
 msgstr "<0>Rysowany</0> – Podpis narysowany za pomocą myszy lub pióra."
@@ -430,6 +446,10 @@ msgstr "<0>Rysowany</0> – Podpis narysowany za pomocą myszy lub pióra."
 msgid "<0>Email</0> - The recipient will be emailed the document to sign, approve, etc."
 msgstr "<0>Adres e-mail</0> – Odbiorca otrzyma wiadomość z dokumentem do podpisania, zatwierdzenia itp."
 
+#: apps/remix/app/routes/_unauthenticated+/organisation.sso.confirmation.$token.tsx
+msgid "<0>Full account access:</0> View all your profile information, settings, and activity"
+msgstr ""
+
 #: packages/ui/components/recipient/recipient-action-auth-select.tsx
 msgid "<0>Inherit authentication method</0> - Use the global action signing authentication method configured in the \"General Settings\" step"
 msgstr "<0>Przechwyć metodę uwierzytelniania</0> - Użyj globalnej metody uwierzytelniania podpisywania akcji skonfigurowanej w kroku \"Ustawienia ogólne\""
@@ -517,10 +537,18 @@ msgstr "12 miesięcy"
 msgid "2FA"
 msgstr "2FA"
 
+#: apps/remix/app/components/dialogs/admin-user-reset-two-factor-dialog.tsx
+msgid "2FA Reset"
+msgstr ""
+
 #: apps/remix/app/components/forms/token.tsx
 msgid "3 months"
 msgstr "3 miesiące"
 
+#: apps/remix/app/routes/_unauthenticated+/organisation.sso.confirmation.$token.tsx
+msgid "400 Error"
+msgstr ""
+
 #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings._layout.tsx
 #: apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings._layout.tsx
 msgid "401 Unauthorized"
@@ -534,6 +562,10 @@ msgstr "404: Domena nie została znaleziona"
 msgid "404 not found"
 msgstr "404: Strona nie została znaleziona"
 
+#: apps/remix/app/routes/_unauthenticated+/o.$orgUrl.signin.tsx
+msgid "404 Not Found"
+msgstr ""
+
 #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.groups.$id.tsx
 msgid "404 Organisation group not found"
 msgstr "404: Grupa organizacji nie została znaleziona"
@@ -597,16 +629,19 @@ msgid "A draft document will be created"
 msgstr "Zostanie utworzony szkic dokumentu"
 
 #: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
 msgid "A field was added"
-msgstr "Dodano pole"
+msgstr ""
 
 #: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
 msgid "A field was removed"
-msgstr "Usunięto pole"
+msgstr ""
 
 #: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
 msgid "A field was updated"
-msgstr "Zaktualizowano pole"
+msgstr ""
 
 #: apps/remix/app/routes/_unauthenticated+/articles.signature-disclosure.tsx
 msgid "A means to print or download documents for your records"
@@ -646,16 +681,27 @@ msgid "A password reset email has been sent, if you have an account you should s
 msgstr "E-mail z linkiem do resetowania hasła został wysłany. Jeśli masz konto, powinieneś go niedługo zobaczyć w skrzynce odbiorczej."
 
 #: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
 msgid "A recipient was added"
-msgstr "Dodano odbiorcę"
+msgstr ""
 
 #: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
 msgid "A recipient was removed"
-msgstr "Usunięto odbiorcę"
+msgstr ""
 
 #: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
 msgid "A recipient was updated"
-msgstr "Zaktualizowano odbiorcę"
+msgstr ""
+
+#: packages/email/templates/organisation-account-link-confirmation.tsx
+msgid "A request has been made to create an account for you"
+msgstr ""
+
+#: packages/email/templates/organisation-account-link-confirmation.tsx
+msgid "A request has been made to link your Documenso account"
+msgstr ""
 
 #. placeholder {0}: team.name
 #: packages/lib/server-only/team/create-team-email-verification.ts
@@ -706,6 +752,10 @@ msgstr "E-mail weryfikacyjny zostanie wysłany na podany adres e-mail."
 msgid "Accept"
 msgstr "Zaakceptuj"
 
+#: apps/remix/app/routes/_unauthenticated+/organisation.sso.confirmation.$token.tsx
+msgid "Accept & Link Account"
+msgstr ""
+
 #: packages/email/templates/organisation-invite.tsx
 msgid "Accept invitation to join an organisation on Documenso"
 msgstr "Akceptuj zaproszenie do przyłączenia się do organizacji na Documenso"
@@ -726,6 +776,7 @@ msgstr "Dostęp zablokowany"
 msgid "Access enabled"
 msgstr "Dostęp włączony"
 
+#: apps/remix/app/routes/_unauthenticated+/organisation.sso.confirmation.$token.tsx
 #: apps/remix/app/components/general/org-menu-switcher.tsx
 #: apps/remix/app/components/general/document-signing/document-signing-auth-dialog.tsx
 msgid "Account"
@@ -735,6 +786,14 @@ msgstr "Konto"
 msgid "Account Authentication"
 msgstr "Uwierzytelnianie konta"
 
+#: packages/email/templates/organisation-account-link-confirmation.tsx
+msgid "Account creation request"
+msgstr ""
+
+#: apps/remix/app/routes/_unauthenticated+/organisation.sso.confirmation.$token.tsx
+msgid "Account Creation Request"
+msgstr ""
+
 #: apps/remix/app/components/dialogs/admin-user-delete-dialog.tsx
 #: apps/remix/app/components/dialogs/account-delete-dialog.tsx
 msgid "Account deleted"
@@ -748,10 +807,18 @@ msgstr "Konto zostało wyłączone"
 msgid "Account enabled"
 msgstr "Konto zostało włączone"
 
+#: apps/remix/app/routes/_unauthenticated+/organisation.sso.confirmation.$token.tsx
+msgid "Account Linking Request"
+msgstr ""
+
 #: apps/remix/app/routes/_internal+/[__htmltopdf]+/certificate.tsx
 msgid "Account Re-Authentication"
 msgstr "Ponowna Autoryzacja Konta"
 
+#: apps/remix/app/routes/_authenticated+/settings+/security.linked-accounts.tsx
+msgid "Account unlinked"
+msgstr ""
+
 #: apps/remix/app/routes/_unauthenticated+/articles.signature-disclosure.tsx
 msgid "Acknowledgment"
 msgstr "Potwierdzenie"
@@ -766,6 +833,7 @@ msgstr "Akcja"
 
 #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.email-domains.$id.tsx
 #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.email-domains.$id.tsx
+#: apps/remix/app/routes/_authenticated+/admin+/organisations.$id.tsx
 #: apps/remix/app/components/tables/templates-table.tsx
 #: apps/remix/app/components/tables/team-members-table.tsx
 #: apps/remix/app/components/tables/team-members-table.tsx
@@ -804,6 +872,10 @@ msgstr "Aktywne subskrypcje"
 msgid "Add"
 msgstr "Dodaj"
 
+#: packages/ui/primitives/document-flow/add-signers.tsx
+msgid "Add 2 or more signers to enable signing order."
+msgstr ""
+
 #: apps/remix/app/components/dialogs/organisation-email-domain-create-dialog.tsx
 msgid "Add a custom domain to send emails on behalf of your organisation. We'll generate DKIM records that you need to add to your DNS provider."
 msgstr "Dodaj niestandardową domenę, aby wysyłać wiadomości w imieniu swojej organizacji. Wygenerujemy rekordy DKIM, które musisz dodać do dostawcy DNS."
@@ -961,6 +1033,10 @@ msgstr "Dodaj odbiorców, aby utworzyć dokument"
 msgid "Add these DNS records to verify your domain ownership"
 msgstr "Dodaj te rekordy DNS, aby zweryfikować własność domeny"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "Add this URL to your provider's allowed redirect URIs"
+msgstr ""
+
 #: apps/remix/app/components/forms/branding-preferences-form.tsx
 msgid "Additional brand information to display at the bottom of emails"
 msgstr "Dodatkowe informacje o marce do wyświetlenia na dole wiadomości e-mail"
@@ -1078,6 +1154,10 @@ msgstr "Odpowiadanie odbiorcom dokumentu bezpośrednio na ten adres e-mail"
 msgid "Allow signers to dictate next signer"
 msgstr "Zezwalaj podpisującym wskazać następnego podpisującego"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "Allowed Email Domains"
+msgstr ""
+
 #: apps/remix/app/components/embed/authoring/configure-document-advanced-settings.tsx
 #: packages/ui/primitives/template-flow/add-template-settings.tsx
 #: packages/ui/primitives/document-flow/add-settings.tsx
@@ -1120,6 +1200,7 @@ msgstr "E-mail zawierający zaproszenie zostanie wysłany do każdego członka."
 msgid "An email with this address already exists."
 msgstr "Ten adres e-mail już istnieje."
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
 #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.groups.$id.tsx
 #: apps/remix/app/routes/_authenticated+/admin+/organisations.$id.tsx
 #: apps/remix/app/routes/_authenticated+/admin+/organisations.$id.tsx
@@ -1139,6 +1220,7 @@ msgstr "Wystąpił błąd podczas dodawania pól."
 
 #: apps/remix/app/components/general/template/template-edit-form.tsx
 #: apps/remix/app/components/general/document/document-edit-form.tsx
+#: apps/remix/app/components/general/document/document-edit-form.tsx
 msgid "An error occurred while adding signers."
 msgstr "Wystąpił błąd podczas dodawania podpisujących."
 
@@ -1146,6 +1228,30 @@ msgstr "Wystąpił błąd podczas dodawania podpisujących."
 msgid "An error occurred while adding the fields."
 msgstr "Wystąpił błąd podczas dodawania pól."
 
+#: apps/remix/app/components/general/document/document-edit-form.tsx
+msgid "An error occurred while auto-saving the document settings."
+msgstr ""
+
+#: apps/remix/app/components/general/document/document-edit-form.tsx
+msgid "An error occurred while auto-saving the fields."
+msgstr ""
+
+#: apps/remix/app/components/general/document/document-edit-form.tsx
+msgid "An error occurred while auto-saving the subject form."
+msgstr ""
+
+#: apps/remix/app/components/general/template/template-edit-form.tsx
+msgid "An error occurred while auto-saving the template fields."
+msgstr ""
+
+#: apps/remix/app/components/general/template/template-edit-form.tsx
+msgid "An error occurred while auto-saving the template placeholders."
+msgstr ""
+
+#: apps/remix/app/components/general/template/template-edit-form.tsx
+msgid "An error occurred while auto-saving the template settings."
+msgstr ""
+
 #: apps/remix/app/components/general/document-signing/document-signing-auto-sign.tsx
 msgid "An error occurred while auto-signing the document, some fields may not be signed. Please review and manually sign any remaining fields."
 msgstr "Wystąpił błąd podczas automatycznego podpisywania dokumentu, niektóre pola mogą nie być podpisane. Proszę sprawdzić i ręcznie podpisać wszystkie pozostałe pola."
@@ -1224,6 +1330,10 @@ msgstr "Wystąpił błąd podczas usuwania wyboru."
 msgid "An error occurred while removing the signature."
 msgstr "Wystąpił błąd podczas usuwania podpisu."
 
+#: apps/remix/app/components/dialogs/admin-user-reset-two-factor-dialog.tsx
+msgid "An error occurred while resetting two factor authentication for the user."
+msgstr ""
+
 #: apps/remix/app/components/general/document/document-edit-form.tsx
 msgid "An error occurred while sending the document."
 msgstr "Wystąpił błąd podczas wysyłania dokumentu."
@@ -1281,10 +1391,23 @@ msgstr "Wystąpił błąd podczas aktualizowania profilu."
 msgid "An error occurred while uploading your document."
 msgstr "Wystąpił błąd podczas przesyłania dokumentu."
 
+#: apps/remix/app/components/forms/support-ticket-form.tsx
+msgid "An error occurred. Please try again later."
+msgstr ""
+
+#: apps/remix/app/routes/_unauthenticated+/organisation.sso.confirmation.$token.tsx
+msgid "An organisation wants to create an account for you. Please review the details below."
+msgstr ""
+
+#: apps/remix/app/routes/_unauthenticated+/organisation.sso.confirmation.$token.tsx
+msgid "An organisation wants to link your account. Please review the details below."
+msgstr ""
+
 #: apps/remix/app/components/general/generic-error-layout.tsx
 msgid "An unexpected error occurred."
 msgstr "Wystąpił nieoczekiwany błąd."
 
+#: apps/remix/app/routes/_unauthenticated+/o.$orgUrl.signin.tsx
 #: apps/remix/app/routes/_authenticated+/admin+/site-settings.tsx
 #: apps/remix/app/components/general/app-command-menu.tsx
 #: apps/remix/app/components/forms/team-update-form.tsx
@@ -1364,37 +1487,48 @@ msgstr "Tokeny API"
 msgid "App Version"
 msgstr "Wersja aplikacji"
 
+#: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role action verb"
+msgid "Approve"
+msgstr ""
+
 #: apps/remix/app/components/tables/inbox-table.tsx
 #: apps/remix/app/components/tables/documents-table-action-dropdown.tsx
 #: apps/remix/app/components/tables/documents-table-action-button.tsx
 #: apps/remix/app/components/general/document-signing/document-signing-complete-dialog.tsx
 #: apps/remix/app/components/general/document-signing/document-signing-complete-dialog.tsx
 #: apps/remix/app/components/general/document/document-page-view-button.tsx
-#: packages/lib/constants/recipient-roles.ts
 msgid "Approve"
 msgstr "Zatwierdź"
 
-#: apps/remix/app/components/general/document-signing/document-signing-form.tsx
+#: apps/remix/app/components/general/document-signing/document-signing-page-view.tsx
 #: packages/email/template-components/template-document-invite.tsx
 msgid "Approve Document"
 msgstr "Zatwierdź dokument"
 
-#: apps/remix/app/components/general/document/document-page-view-recipients.tsx
 #: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role actioned"
+msgid "Approved"
+msgstr ""
+
+#: apps/remix/app/components/general/document/document-page-view-recipients.tsx
 msgid "Approved"
 msgstr "Zatwierdził"
 
 #: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role name"
 msgid "Approver"
-msgstr "Zatwierdzający"
+msgstr ""
 
 #: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role plural name"
 msgid "Approvers"
-msgstr "Zatwierdzający"
+msgstr ""
 
 #: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role progressive verb"
 msgid "Approving"
-msgstr "Zatwierdzanie"
+msgstr ""
 
 #: apps/remix/app/components/dialogs/assistant-confirmation-dialog.tsx
 msgid "Are you sure you want to complete the document? This action cannot be undone. Please ensure that you have completed prefilling all relevant fields before proceeding."
@@ -1428,6 +1562,7 @@ msgstr "Czy na pewno chcesz usunąć tę organizację?"
 msgid "Are you sure you wish to delete this team?"
 msgstr "Czy na pewno chcesz usunąć ten zespół?"
 
+#: apps/remix/app/routes/_authenticated+/settings+/security.linked-accounts.tsx
 #: apps/remix/app/components/general/teams/team-email-usage.tsx
 #: apps/remix/app/components/dialogs/template-direct-link-dialog.tsx
 #: apps/remix/app/components/dialogs/team-member-delete-dialog.tsx
@@ -1450,10 +1585,11 @@ msgid "Assigned Teams"
 msgstr "Przydzielone zespoły"
 
 #: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role action verb"
 msgid "Assist"
-msgstr "Przygotuj"
+msgstr ""
 
-#: apps/remix/app/components/general/document-signing/document-signing-form.tsx
+#: apps/remix/app/components/general/document-signing/document-signing-page-view.tsx
 #: packages/email/template-components/template-document-invite.tsx
 msgid "Assist Document"
 msgstr "Asysta dokumentu"
@@ -1463,29 +1599,36 @@ msgid "Assist with signing"
 msgstr "Pomoc w podpisywaniu"
 
 #: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role name"
 msgid "Assistant"
-msgstr "Przygotowujący"
+msgstr ""
 
 #: packages/ui/components/recipient/recipient-role-select.tsx
 msgid "Assistant role is only available when the document is in sequential signing mode."
 msgstr "Rola asystenta jest dostępna tylko w trybie sekwencyjnego podpisywania dokumentów."
 
 #: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role plural name"
 msgid "Assistants"
-msgstr "Przygotowujący"
+msgstr ""
 
 #: apps/remix/app/components/embed/multisign/multi-sign-document-list.tsx
 msgid "Assistants and Copy roles are currently not compatible with the multi-sign experience."
 msgstr "Asystenci i role Kopii są obecnie niekompatybilne z doświadczeniem multi-sign."
 
-#: apps/remix/app/components/general/document/document-page-view-recipients.tsx
 #: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role actioned"
+msgid "Assisted"
+msgstr ""
+
+#: apps/remix/app/components/general/document/document-page-view-recipients.tsx
 msgid "Assisted"
 msgstr "Przygotował"
 
 #: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role progressive verb"
 msgid "Assisting"
-msgstr "Przygotowuje"
+msgstr ""
 
 #: apps/remix/app/components/forms/document-preferences-form.tsx
 #: packages/ui/primitives/template-flow/add-template-settings.types.tsx
@@ -1510,6 +1653,10 @@ msgstr "Logi"
 msgid "Authentication Level"
 msgstr "Poziom autoryzacji"
 
+#: apps/remix/app/routes/_unauthenticated+/o.$orgUrl.signin.tsx
+msgid "Authentication Portal Not Found"
+msgstr ""
+
 #: apps/remix/app/components/general/document-signing/document-signing-auth-page.tsx
 #: apps/remix/app/components/general/direct-template/direct-template-signing-auth-page.tsx
 msgid "Authentication required"
@@ -1640,6 +1787,11 @@ msgstr "Zbiorcza wysyłka przez CSV"
 msgid "by <0>{senderName}</0>"
 msgstr "przez <0>{senderName}</0>"
 
+#. placeholder {0}: organisation.name
+#: apps/remix/app/routes/_unauthenticated+/organisation.sso.confirmation.$token.tsx
+msgid "By accepting this request, you grant {0} the following permissions:"
+msgstr ""
+
 #: packages/email/templates/confirm-team-email.tsx
 msgid "By accepting this request, you will be granting <0>{teamName}</0> access to:"
 msgstr "Akceptując prośbę, umożliwisz zespołowi <0>{teamName}</0> na:"
@@ -1672,6 +1824,7 @@ msgstr "Korzystając z funkcji podpisu elektronicznego, wyrażasz zgodę na prze
 msgid "Can prepare"
 msgstr "Może przygotować"
 
+#: apps/remix/app/routes/_authenticated+/settings+/security.linked-accounts.tsx
 #: apps/remix/app/components/tables/settings-security-passkey-table-actions.tsx
 #: apps/remix/app/components/tables/settings-security-passkey-table-actions.tsx
 #: apps/remix/app/components/general/teams/team-email-usage.tsx
@@ -1763,21 +1916,29 @@ msgid "Cannot remove signer"
 msgstr "Nie można usunąć podpisującego"
 
 #: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role name"
 msgid "Cc"
-msgstr "Odbierający kopię"
+msgstr ""
 
 #: packages/lib/constants/recipient-roles.ts
-#: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role action verb"
 msgid "CC"
-msgstr "Odbierz kopię"
+msgstr ""
 
 #: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role progressive verb"
+msgid "CC"
+msgstr ""
+
+#: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role actioned"
 msgid "CC'd"
-msgstr "CC'd"
+msgstr ""
 
 #: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role plural name"
 msgid "Ccers"
-msgstr "Odbierający kopię"
+msgstr ""
 
 #: packages/ui/primitives/document-flow/field-items-advanced-settings/text-field.tsx
 msgid "Character Limit"
@@ -1872,10 +2033,27 @@ msgstr "Kliknij, aby skopiować link podpisu do wysłania do odbiorcy"
 msgid "Click to insert field"
 msgstr "Kliknij, aby wstawić pole"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "Client ID"
+msgstr ""
+
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "Client ID is required"
+msgstr ""
+
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "Client Secret"
+msgstr ""
+
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "Client secret is required"
+msgstr ""
+
 #: apps/remix/app/components/general/billing-plans.tsx
 #: apps/remix/app/components/general/document-signing/document-signing-auth-passkey.tsx
 #: apps/remix/app/components/general/document-signing/document-signing-auth-2fa.tsx
 #: apps/remix/app/components/general/document/document-recipient-link-copy-dialog.tsx
+#: apps/remix/app/components/forms/support-ticket-form.tsx
 #: apps/remix/app/components/forms/2fa/view-recovery-codes-dialog.tsx
 #: apps/remix/app/components/forms/2fa/enable-authenticator-app-dialog.tsx
 #: apps/remix/app/components/dialogs/template-use-dialog.tsx
@@ -1902,6 +2080,8 @@ msgstr "Porównaj szczegóły wszystkich planów i funkcji"
 #: apps/remix/app/components/general/document-signing/document-signing-complete-dialog.tsx
 #: apps/remix/app/components/forms/signup.tsx
 #: apps/remix/app/components/embed/embed-document-signing-page.tsx
+#: apps/remix/app/components/embed/embed-document-signing-page.tsx
+#: apps/remix/app/components/embed/embed-direct-template-client-page.tsx
 #: apps/remix/app/components/embed/embed-direct-template-client-page.tsx
 #: apps/remix/app/components/embed/multisign/multi-sign-document-signing-view.tsx
 msgid "Complete"
@@ -1923,9 +2103,9 @@ msgstr "Zakończ dokument"
 msgid "Complete Signing"
 msgstr "Zakończ podpisywanie"
 
-#: apps/remix/app/components/general/document-signing/document-signing-form.tsx
-msgid "Complete the fields for the following signers. Once reviewed, they will inform you if any modifications are needed."
-msgstr "Wypełnij pola dla następujących sygnatariuszy. Po przeglądzie poinformują Cię, czy są potrzebne jakiekolwiek modyfikacje."
+#: apps/remix/app/components/general/document-signing/document-signing-page-view.tsx
+msgid "Complete the fields for the following signers."
+msgstr ""
 
 #: apps/remix/app/components/general/document-signing/document-signing-complete-dialog.tsx
 #: apps/remix/app/components/general/document-signing/document-signing-complete-dialog.tsx
@@ -2045,6 +2225,7 @@ msgstr "Potwierdź usunięcie"
 msgid "Confirm email"
 msgstr "Potwierdź adres e-mail"
 
+#: apps/remix/app/routes/_unauthenticated+/o.$orgUrl.signin.tsx
 #: apps/remix/app/components/forms/send-confirmation-email.tsx
 msgid "Confirmation email sent"
 msgstr "E-mail potwierdzający został wysłany"
@@ -2061,6 +2242,10 @@ msgstr "Informacje kontaktowe"
 msgid "Contact sales here"
 msgstr "Skontaktuj się z działem sprzedaży tutaj"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.support.tsx
+msgid "Contact us"
+msgstr ""
+
 #: apps/remix/app/routes/_authenticated+/admin+/site-settings.tsx
 msgid "Content"
 msgstr "Treść"
@@ -2141,6 +2326,8 @@ msgstr "Kontroluje, które podpisy są dozwolone do użycia podczas podpisywania
 msgid "Copied"
 msgstr "Skopiowano"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
 #: apps/remix/app/components/tables/settings-public-profile-templates-table.tsx
 #: apps/remix/app/components/general/avatar-with-recipient.tsx
 #: apps/remix/app/components/general/template/template-direct-link-badge.tsx
@@ -2182,6 +2369,11 @@ msgstr "Kopiuj linki do podpisania"
 msgid "Copy token"
 msgstr "Kopiuj token"
 
+#: apps/remix/app/components/general/template/template-drop-zone-wrapper.tsx
+#: apps/remix/app/components/general/document/document-drop-zone-wrapper.tsx
+msgid "couldn't be uploaded:"
+msgstr ""
+
 #: apps/remix/app/routes/_profile+/_layout.tsx
 #: apps/remix/app/components/dialogs/webhook-create-dialog.tsx
 #: apps/remix/app/components/dialogs/organisation-group-create-dialog.tsx
@@ -2208,6 +2400,10 @@ msgstr "Utwórz nowy adres e-mail dla swojej organizacji używając domeny <0>{0
 msgid "Create a new organisation with {planName} plan. Keep your current organisation on it's current plan"
 msgstr "Utwórz nową organizację z planem {planName}. Pozostaw swoją obecną organizację na jej obecnym planie"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.support.tsx
+msgid "Create a support ticket"
+msgstr ""
+
 #: apps/remix/app/components/dialogs/team-create-dialog.tsx
 msgid "Create a team to collaborate with your team members."
 msgstr "Utwórz zespół, aby współpracować z członkami zespołu."
@@ -2466,6 +2662,7 @@ msgstr "Data utworzenia"
 msgid "Date Format"
 msgstr "Format daty"
 
+#: apps/remix/app/routes/_unauthenticated+/organisation.sso.confirmation.$token.tsx
 #: apps/remix/app/components/general/organisations/organisation-invitations.tsx
 #: packages/email/templates/organisation-invite.tsx
 msgid "Decline"
@@ -2491,6 +2688,10 @@ msgstr "Domyślny adres e-mail"
 msgid "Default Email Settings"
 msgstr "Domyślne ustawienia adresu e-mail"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "Default Organisation Role for New Users"
+msgstr ""
+
 #: apps/remix/app/components/forms/document-preferences-form.tsx
 msgid "Default Signature Settings"
 msgstr "Domyślne rodzaje dozwolonych podpisów"
@@ -2752,6 +2953,10 @@ msgstr "Wyłączenie podpisywania za pomocą linku bezpośredniego uniemożliwi
 msgid "Disabling the user results in the user not being able to use the account. It also disables all the related contents such as subscription, webhooks, teams, and API keys."
 msgstr "Wyłączenie użytkownika uniemożliwia korzystanie z konta oraz dezaktywuje powiązane elementy takie jak subskrypcje, webhooki, zespoły i klucze API."
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.support.tsx
+msgid "Discord"
+msgstr ""
+
 #: apps/remix/app/components/dialogs/organisation-email-update-dialog.tsx
 #: apps/remix/app/components/dialogs/organisation-email-create-dialog.tsx
 msgid "Display Name"
@@ -2820,8 +3025,9 @@ msgid "Document access"
 msgstr "Dostęp do dokumentu"
 
 #: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
 msgid "Document access auth updated"
-msgstr "Zaktualizowano autoryzację dostępu do dokumentu"
+msgstr ""
 
 #: apps/remix/app/components/general/document/document-status.tsx
 msgid "Document All"
@@ -2837,9 +3043,13 @@ msgstr "Dokument zatwierdzony"
 msgid "Document Cancelled"
 msgstr "Dokument anulowany"
 
+#: packages/lib/utils/document-audit-logs.ts
+#: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
+msgid "Document completed"
+msgstr ""
+
 #: apps/remix/app/components/general/document/document-status.tsx
-#: packages/lib/utils/document-audit-logs.ts
-#: packages/lib/utils/document-audit-logs.ts
 msgid "Document completed"
 msgstr "Zakończono dokument"
 
@@ -2852,8 +3062,12 @@ msgstr "Wiadomość potwierdzająca zakończenie"
 msgid "Document Completed!"
 msgstr "Dokument Zakończony!"
 
-#: apps/remix/app/components/dialogs/template-use-dialog.tsx
 #: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
+msgid "Document created"
+msgstr ""
+
+#: apps/remix/app/components/dialogs/template-use-dialog.tsx
 msgid "Document created"
 msgstr "Utworzono dokument"
 
@@ -2879,10 +3093,14 @@ msgstr "Dokument utworzony za pomocą <0>bezpośredniego linku</0>"
 msgid "Document Creation"
 msgstr "Tworzenie dokumentu"
 
+#: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
+msgid "Document deleted"
+msgstr ""
+
 #: apps/remix/app/routes/_authenticated+/t.$teamUrl+/documents.$id._index.tsx
 #: apps/remix/app/components/dialogs/document-delete-dialog.tsx
 #: apps/remix/app/components/dialogs/admin-document-delete-dialog.tsx
-#: packages/lib/utils/document-audit-logs.ts
 msgid "Document deleted"
 msgstr "Usunięto dokument"
 
@@ -2908,8 +3126,9 @@ msgid "Document Duplicated"
 msgstr "Dokument zduplikowany"
 
 #: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
 msgid "Document external ID updated"
-msgstr "Zaktualizowano identyfikator zewnętrzny dokumentu"
+msgstr ""
 
 #: apps/remix/app/components/general/document/document-certificate-qr-view.tsx
 msgid "Document found in your account"
@@ -2945,16 +3164,18 @@ msgid "Document moved"
 msgstr "Dokument przeniesiony"
 
 #: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
 msgid "Document moved to team"
-msgstr "Przeniesiono dokument do zespołu"
+msgstr ""
 
 #: apps/remix/app/routes/_recipient+/sign.$token+/complete.tsx
 msgid "Document no longer available to sign"
 msgstr "Dokument nie jest już dostępny do podpisania"
 
 #: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
 msgid "Document opened"
-msgstr "Otwarto dokument"
+msgstr ""
 
 #: apps/remix/app/components/general/document/document-status.tsx
 msgid "Document pending"
@@ -2993,8 +3214,12 @@ msgstr "Dokument odrzucone"
 msgid "Document resealed"
 msgstr "Dokument ponownie zaplombowany"
 
-#: apps/remix/app/components/general/document/document-edit-form.tsx
 #: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
+msgid "Document sent"
+msgstr ""
+
+#: apps/remix/app/components/general/document/document-edit-form.tsx
 msgid "Document sent"
 msgstr "Wysłano dokument"
 
@@ -3003,8 +3228,9 @@ msgid "Document Signed"
 msgstr "Dokument podpisany"
 
 #: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
 msgid "Document signing auth updated"
-msgstr "Zaktualizowano autoryzację podpisu dokumentu"
+msgstr ""
 
 #: apps/remix/app/components/dialogs/document-delete-dialog.tsx
 msgid "Document signing process will be cancelled"
@@ -3019,12 +3245,14 @@ msgid "Document title"
 msgstr "Tytuł dokumentu"
 
 #: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
 msgid "Document title updated"
-msgstr "Zaktualizowano tytuł dokumentu"
+msgstr ""
 
 #: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
 msgid "Document updated"
-msgstr "Zaktualizowano dokument"
+msgstr ""
 
 #: apps/remix/app/routes/embed+/v1+/authoring+/document.edit.$id.tsx
 msgid "Document updated successfully"
@@ -3040,21 +3268,27 @@ msgid "Document uploaded"
 msgstr "Przesłano dokument"
 
 #: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
 msgid "Document viewed"
-msgstr "Dokument został wyświetlony"
+msgstr ""
 
 #: apps/remix/app/routes/_recipient+/sign.$token+/complete.tsx
 msgid "Document Viewed"
 msgstr "Dokument został wyświetlony"
 
 #: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
 msgid "Document visibility updated"
-msgstr "Zaktualizowano widoczność dokumentu"
+msgstr ""
 
 #: apps/remix/app/components/dialogs/document-delete-dialog.tsx
 msgid "Document will be permanently deleted"
 msgstr "Dokument zostanie trwale usunięty"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.support.tsx
+msgid "Documentation"
+msgstr ""
+
 #: apps/remix/app/routes/_profile+/p.$url.tsx
 #: apps/remix/app/routes/_authenticated+/t.$teamUrl+/documents._index.tsx
 #: apps/remix/app/routes/_authenticated+/t.$teamUrl+/documents.$id.edit.tsx
@@ -3165,6 +3399,11 @@ msgid "Drag and drop your PDF file here"
 msgstr "Przeciągnij i upuść swój plik PDF tutaj"
 
 #: packages/lib/constants/document.ts
+msgctxt "Draw signatute type"
+msgid "Draw"
+msgstr ""
+
+#: packages/ui/primitives/signature-pad/signature-pad.tsx
 msgid "Draw"
 msgstr "Rysowany"
 
@@ -3411,6 +3650,10 @@ msgstr "Włącz podpisywanie linku bezpośredniego"
 msgid "Enable signing order"
 msgstr "Włącz kolejność podpisów"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "Enable SSO portal"
+msgstr ""
+
 #: apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.webhooks._index.tsx
 #: apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.webhooks.$id.tsx
 #: apps/remix/app/routes/_authenticated+/admin+/site-settings.tsx
@@ -3475,13 +3718,18 @@ msgstr "Enterprise"
 #: apps/remix/app/routes/embed+/v1+/authoring+/document.edit.$id.tsx
 #: apps/remix/app/routes/embed+/v1+/authoring+/document.edit.$id.tsx
 #: apps/remix/app/routes/_authenticated+/settings+/security.sessions.tsx
+#: apps/remix/app/routes/_authenticated+/settings+/security.linked-accounts.tsx
 #: apps/remix/app/routes/_authenticated+/admin+/users.$id.tsx
 #: apps/remix/app/routes/_authenticated+/admin+/organisations.$id.tsx
+#: apps/remix/app/routes/_authenticated+/admin+/organisations.$id.tsx
 #: apps/remix/app/routes/_authenticated+/admin+/documents.$id.tsx
 #: apps/remix/app/components/general/verify-email-banner.tsx
 #: apps/remix/app/components/general/template/template-edit-form.tsx
 #: apps/remix/app/components/general/template/template-edit-form.tsx
 #: apps/remix/app/components/general/template/template-edit-form.tsx
+#: apps/remix/app/components/general/template/template-edit-form.tsx
+#: apps/remix/app/components/general/template/template-edit-form.tsx
+#: apps/remix/app/components/general/template/template-edit-form.tsx
 #: apps/remix/app/components/general/document-signing/document-signing-text-field.tsx
 #: apps/remix/app/components/general/document-signing/document-signing-text-field.tsx
 #: apps/remix/app/components/general/document-signing/document-signing-signature-field.tsx
@@ -3510,6 +3758,10 @@ msgstr "Enterprise"
 #: apps/remix/app/components/general/document/document-edit-form.tsx
 #: apps/remix/app/components/general/document/document-edit-form.tsx
 #: apps/remix/app/components/general/document/document-edit-form.tsx
+#: apps/remix/app/components/general/document/document-edit-form.tsx
+#: apps/remix/app/components/general/document/document-edit-form.tsx
+#: apps/remix/app/components/general/document/document-edit-form.tsx
+#: apps/remix/app/components/general/document/document-edit-form.tsx
 #: apps/remix/app/components/general/document/document-drop-zone-wrapper.tsx
 #: apps/remix/app/components/embed/multisign/multi-sign-document-signing-view.tsx
 #: apps/remix/app/components/dialogs/webhook-create-dialog.tsx
@@ -3521,6 +3773,7 @@ msgstr "Enterprise"
 #: apps/remix/app/components/dialogs/document-move-to-folder-dialog.tsx
 #: apps/remix/app/components/dialogs/document-move-to-folder-dialog.tsx
 #: apps/remix/app/components/dialogs/document-move-to-folder-dialog.tsx
+#: apps/remix/app/components/dialogs/admin-user-reset-two-factor-dialog.tsx
 #: apps/remix/app/components/dialogs/admin-user-enable-dialog.tsx
 #: apps/remix/app/components/dialogs/admin-user-disable-dialog.tsx
 #: apps/remix/app/components/dialogs/admin-user-delete-dialog.tsx
@@ -3579,6 +3832,10 @@ msgstr "Nie udało się utworzyć folderu"
 msgid "Failed to create subscription claim."
 msgstr "Nie udało się utworzyć roszczenia subskrypcyjnego."
 
+#: apps/remix/app/components/forms/support-ticket-form.tsx
+msgid "Failed to create support ticket"
+msgstr ""
+
 #: apps/remix/app/components/dialogs/folder-delete-dialog.tsx
 msgid "Failed to delete folder"
 msgstr "Nie udało się usunąć folderu"
@@ -3611,6 +3868,10 @@ msgstr "Nie udało się zapisać ustawień."
 msgid "Failed to sign out all sessions"
 msgstr "Nie udało się wylogować ze wszystkich sesji"
 
+#: apps/remix/app/routes/_authenticated+/settings+/security.linked-accounts.tsx
+msgid "Failed to unlink account"
+msgstr ""
+
 #: apps/remix/app/routes/embed+/v1+/authoring+/document.edit.$id.tsx
 msgid "Failed to update document"
 msgstr "Nie udało się zaktualizować dokumentu"
@@ -3669,16 +3930,19 @@ msgid "Field placeholder"
 msgstr "Tekst zastępczy pola"
 
 #: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
 msgid "Field prefilled by assistant"
-msgstr "Wstępnie wypełniono pole przez asystenta"
+msgstr ""
 
 #: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
 msgid "Field signed"
-msgstr "Podpisano pole"
+msgstr ""
 
 #: packages/lib/utils/document-audit-logs.ts
+msgctxt "Audit log format"
 msgid "Field unsigned"
-msgstr "Niepodpisano pole"
+msgstr ""
 
 #: apps/remix/app/components/tables/admin-document-recipient-item-table.tsx
 msgid "Fields"
@@ -3688,13 +3952,21 @@ msgstr "Pola"
 msgid "Fields updated"
 msgstr "Pola zaktualizowane"
 
-#: apps/remix/app/components/general/template/template-drop-zone-wrapper.tsx
 #: apps/remix/app/components/general/document/document-upload.tsx
-#: apps/remix/app/components/general/document/document-drop-zone-wrapper.tsx
 #: apps/remix/app/components/embed/authoring/configure-document-upload.tsx
 msgid "File cannot be larger than {APP_DOCUMENT_UPLOAD_SIZE_LIMIT}MB"
 msgstr "Plik nie może mieć większej wielkości niż {APP_DOCUMENT_UPLOAD_SIZE_LIMIT}MB"
 
+#: apps/remix/app/components/general/template/template-drop-zone-wrapper.tsx
+#: apps/remix/app/components/general/document/document-drop-zone-wrapper.tsx
+msgid "File is larger than {APP_DOCUMENT_UPLOAD_SIZE_LIMIT}MB"
+msgstr ""
+
+#: apps/remix/app/components/general/template/template-drop-zone-wrapper.tsx
+#: apps/remix/app/components/general/document/document-drop-zone-wrapper.tsx
+msgid "File is too small"
+msgstr ""
+
 #: apps/remix/app/components/dialogs/template-use-dialog.tsx
 msgid "File size exceeds the limit of {APP_DOCUMENT_UPLOAD_SIZE_LIMIT} MB"
 msgstr "Rozmiar pliku przekracza limit {APP_DOCUMENT_UPLOAD_SIZE_LIMIT} MB"
@@ -3810,6 +4082,7 @@ msgstr "Generuj linki"
 msgid "Global recipient action authentication"
 msgstr "Globalne uwierzytelnianie akcji odbiorcy"
 
+#: apps/remix/app/routes/_unauthenticated+/o.$orgUrl.signin.tsx
 #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.groups.$id.tsx
 #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.email-domains.$id.tsx
 #: apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.webhooks.$id.tsx
@@ -4000,6 +4273,10 @@ msgstr "Strona główna (brak folderu)"
 msgid "Horizontal"
 msgstr "Poziomo"
 
+#: apps/remix/app/routes/_unauthenticated+/organisation.sso.confirmation.$token.tsx
+msgid "I agree to link my account with this organization"
+msgstr ""
+
 #: packages/lib/constants/recipient-roles.ts
 msgid "I am a signer of this document"
 msgstr "Podpisuję dokument"
@@ -4024,6 +4301,10 @@ msgstr "Muszę otrzymać kopię dokumentu"
 msgid "I am the owner of this document"
 msgstr "Jestem właścicielem tego dokumentu"
 
+#: apps/remix/app/routes/_unauthenticated+/o.$orgUrl.signin.tsx
+msgid "I understand that I am providing my credentials to a 3rd party service configured by this organisation"
+msgstr ""
+
 #: apps/remix/app/components/dialogs/webhook-delete-dialog.tsx
 #: apps/remix/app/components/dialogs/token-delete-dialog.tsx
 msgid "I'm sure! Delete it"
@@ -4053,6 +4334,10 @@ msgstr "Jeśli nie znajdziesz linku potwierdzającego w swojej skrzynce odbiorcz
 msgid "If your authenticator app does not support QR codes, you can use the following code instead:"
 msgstr "Jeśli Twoja aplikacja uwierzytelniająca nie obsługuje kodów QR, możesz użyć poniższego kodu:"
 
+#: apps/remix/app/routes/_unauthenticated+/organisation.sso.confirmation.$token.tsx
+msgid "Important: What This Means"
+msgstr ""
+
 #: apps/remix/app/components/general/app-nav-mobile.tsx
 #: apps/remix/app/components/general/app-nav-mobile.tsx
 #: apps/remix/app/components/general/document/document-status.tsx
@@ -4120,6 +4405,10 @@ msgstr "Statystyki instancji"
 msgid "Invalid code. Please try again."
 msgstr "Kod jest nieprawidłowy. Spróbuj ponownie."
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "Invalid domains"
+msgstr ""
+
 #: packages/ui/primitives/document-flow/add-signers.types.ts
 msgid "Invalid email"
 msgstr "Adres e-mail jest nieprawidłowy"
@@ -4133,6 +4422,10 @@ msgstr "Link jest nieprawidłowy"
 msgid "Invalid token"
 msgstr "Token jest nieprawidłowy"
 
+#: apps/remix/app/routes/_unauthenticated+/organisation.sso.confirmation.$token.tsx
+msgid "Invalid Token"
+msgstr ""
+
 #: apps/remix/app/components/forms/reset-password.tsx
 msgid "Invalid token provided. Please try again."
 msgstr "Podano nieprawidłowy token. Spróbuj ponownie."
@@ -4192,6 +4485,10 @@ msgstr "Faktura"
 msgid "IP Address"
 msgstr "Adres IP"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "Issuer URL"
+msgstr ""
+
 #: apps/remix/app/routes/_unauthenticated+/articles.signature-disclosure.tsx
 msgid "It is crucial to keep your contact information, especially your email address, up to date with us. Please notify us immediately of any changes to ensure that you continue to receive all necessary communications."
 msgstr "Konieczne jest, aby mieć aktualne informacje kontaktowe, szczególnie swój adres e-mail. Proszę niezwłocznie powiadomić nas o wszelkich zmianach, aby zapewnić ciągłość wszystkich niezbędnych komunikacji."
@@ -4225,6 +4522,10 @@ msgstr "Obecnie nie jest Twój czas na podpisanie dokumentu. Otrzymasz e-mail z
 msgid "Join {organisationName} on Documenso"
 msgstr "Dołącz do {organisationName} na Documenso"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.support.tsx
+msgid "Join our community on <0>Discord</0> for community support and discussion."
+msgstr ""
+
 #. placeholder {0}: DateTime.fromJSDate(team.createdAt).toRelative({ style: 'short' })
 #: apps/remix/app/routes/_authenticated+/dashboard.tsx
 msgid "Joined {0}"
@@ -4319,10 +4620,27 @@ msgstr "Czy chcesz mieć własny publiczny profil z umowami?"
 msgid "Link expires in 1 hour."
 msgstr "Link wygaśnie za 1 godzinę."
 
+#: packages/email/templates/organisation-account-link-confirmation.tsx
+msgid "Link expires in 30 minutes."
+msgstr ""
+
 #: apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.public-profile.tsx
 msgid "Link template"
 msgstr "Szablon linku"
 
+#: packages/email/templates/organisation-account-link-confirmation.tsx
+msgid "Link your Documenso account"
+msgstr ""
+
+#: apps/remix/app/routes/_authenticated+/settings+/security.linked-accounts.tsx
+#: apps/remix/app/routes/_authenticated+/settings+/security._index.tsx
+msgid "Linked Accounts"
+msgstr ""
+
+#: apps/remix/app/routes/_authenticated+/settings+/security.linked-accounts.tsx
+msgid "Linked At"
+msgstr ""
+
 #: apps/remix/app/components/general/document/document-edit-form.tsx
 msgid "Links Generated"
 msgstr "Wygenerowane linki"
@@ -4347,6 +4665,10 @@ msgstr "Ładowanie dokumentu..."
 msgid "Loading Document..."
 msgstr "Ładowanie dokumentu..."
 
+#: packages/ui/components/recipient/recipient-autocomplete-input.tsx
+msgid "Loading suggestions..."
+msgstr ""
+
 #: apps/remix/app/components/general/document/document-page-view-recent-activity.tsx
 msgid "Loading..."
 msgstr "Ładowanie..."
@@ -4372,6 +4694,10 @@ msgstr "Zarządzaj"
 msgid "Manage {0}'s profile"
 msgstr "Zarządzaj profilem {0}"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "Manage a custom SSO login portal for your organisation."
+msgstr ""
+
 #: apps/remix/app/routes/_authenticated+/settings+/organisations.tsx
 msgid "Manage all organisations you are currently associated with."
 msgstr "Zarządzaj wszystkimi swoimi organizacjami."
@@ -4404,6 +4730,10 @@ msgstr "Zarządzaj Bezpośrednim Linkiem"
 msgid "Manage documents"
 msgstr "Zarządzaj dokumentami"
 
+#: apps/remix/app/routes/_authenticated+/settings+/security._index.tsx
+msgid "Manage linked accounts"
+msgstr ""
+
 #: apps/remix/app/routes/_authenticated+/admin+/organisations.$id.tsx
 msgid "Manage organisation"
 msgstr "Zarządzaj organizacją"
@@ -4539,6 +4869,10 @@ msgstr "Członek"
 msgid "Member Count"
 msgstr "Ilość członków"
 
+#: apps/remix/app/routes/_authenticated+/admin+/organisations.$id.tsx
+msgid "Member promoted to owner successfully"
+msgstr ""
+
 #: apps/remix/app/components/tables/organisation-members-table.tsx
 msgid "Member Since"
 msgstr "Data dołączenia"
@@ -4554,6 +4888,7 @@ msgstr "Data dołączenia"
 msgid "Members"
 msgstr "Członkowie"
 
+#: apps/remix/app/components/forms/support-ticket-form.tsx
 #: packages/ui/primitives/template-flow/add-template-settings.tsx
 #: packages/ui/primitives/document-flow/add-subject.tsx
 msgid "Message"
@@ -4789,6 +5124,10 @@ msgstr "Nie znaleziono pola podpisu"
 msgid "No Stripe customer attached"
 msgstr "Brak powiązanego klienta Stripe"
 
+#: packages/ui/components/recipient/recipient-autocomplete-input.tsx
+msgid "No suggestions found"
+msgstr ""
+
 #: apps/remix/app/components/tables/team-groups-table.tsx
 msgid "No team groups found"
 msgstr "Nie znaleziono grupy zespołu"
@@ -4919,6 +5258,16 @@ msgstr "Tylko administratorzy mogą uzyskać dostęp do dokumentu i go wyświetl
 msgid "Only managers and above can access and view the document"
 msgstr "Tylko menedżerowie i wyżej mogą uzyskać dostęp do dokumentu i go wyświetlić"
 
+#: apps/remix/app/components/general/template/template-drop-zone-wrapper.tsx
+#: apps/remix/app/components/general/document/document-drop-zone-wrapper.tsx
+msgid "Only one file can be uploaded at a time"
+msgstr ""
+
+#: apps/remix/app/components/general/template/template-drop-zone-wrapper.tsx
+#: apps/remix/app/components/general/document/document-drop-zone-wrapper.tsx
+msgid "Only PDF files are allowed"
+msgstr ""
+
 #: apps/remix/app/routes/_profile+/_layout.tsx
 #: apps/remix/app/components/general/generic-error-layout.tsx
 #: apps/remix/app/components/general/generic-error-layout.tsx
@@ -4934,10 +5283,15 @@ msgstr "Otwarto"
 msgid "Or"
 msgstr "Lub"
 
+#: apps/remix/app/routes/_unauthenticated+/o.$orgUrl.signin.tsx
+msgid "OR"
+msgstr ""
+
 #: apps/remix/app/components/forms/signin.tsx
 msgid "Or continue with"
 msgstr "Lub kontynuuj z"
 
+#: apps/remix/app/routes/_unauthenticated+/organisation.sso.confirmation.$token.tsx
 #: apps/remix/app/components/tables/user-organisations-table.tsx
 #: apps/remix/app/components/tables/admin-organisations-table.tsx
 msgid "Organisation"
@@ -4947,6 +5301,10 @@ msgstr "Organizacja"
 msgid "Organisation Admin"
 msgstr "Administrator organizacji"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "Organisation authentication portal URL"
+msgstr ""
+
 #: apps/remix/app/components/dialogs/admin-organisation-create-dialog.tsx
 msgid "Organisation created"
 msgstr "Organizacja została utworzona"
@@ -5017,6 +5375,10 @@ msgstr "Ustawienia organizacji"
 msgid "Organisation Settings"
 msgstr "Ustawienia organizacji"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "Organisation SSO Portal"
+msgstr ""
+
 #: apps/remix/app/routes/_authenticated+/admin+/organisations.$id.tsx
 msgid "Organisation Teams"
 msgstr "Zespoły w organizacji"
@@ -5309,9 +5671,13 @@ msgstr "Wpisz nazwę tokena. Pomoże to później w jego identyfikacji."
 msgid "Please enter a valid name."
 msgstr "Wpisz prawdłową nazwę."
 
-#: apps/remix/app/components/general/document-signing/document-signing-form.tsx
-msgid "Please mark as viewed to complete"
-msgstr "Proszę zaznaczyć jako obejrzane, aby zakończyć"
+#: apps/remix/app/components/general/document-signing/document-signing-page-view.tsx
+msgid "Please mark as viewed to complete."
+msgstr ""
+
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "Please note that anyone who signs in through your portal will be added to your organisation as a member."
+msgstr ""
 
 #: apps/remix/app/components/dialogs/template-direct-link-dialog.tsx
 msgid "Please note that proceeding will remove direct linking recipient and turn it into a placeholder."
@@ -5349,11 +5715,11 @@ msgstr "Proszę podać token z aplikacji uwierzytelniającej lub kod zapasowy. J
 msgid "Please provide a token from your authenticator, or a backup code."
 msgstr "Proszę podać token z Twojego uwierzytelniacza lub kod zapasowy."
 
-#: apps/remix/app/components/general/document-signing/document-signing-form.tsx
+#: apps/remix/app/components/general/document-signing/document-signing-page-view.tsx
 msgid "Please review the document before approving."
 msgstr "Przejrzyj dokument przed zatwierdzeniem."
 
-#: apps/remix/app/components/general/document-signing/document-signing-form.tsx
+#: apps/remix/app/components/general/document-signing/document-signing-page-view.tsx
 msgid "Please review the document before signing."
 msgstr "Proszę przejrzeć dokument przed podpisaniem."
 
@@ -5449,6 +5815,18 @@ msgstr "Profil zaktualizowano"
 msgid "Progress"
 msgstr "Postęp"
 
+#: apps/remix/app/routes/_authenticated+/admin+/organisations.$id.tsx
+msgid "Promote to owner"
+msgstr ""
+
+#: apps/remix/app/routes/_authenticated+/settings+/security.linked-accounts.tsx
+msgid "Provider"
+msgstr ""
+
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "Provider has been updated successfully"
+msgstr ""
+
 #: apps/remix/app/components/tables/templates-table.tsx
 #: apps/remix/app/components/general/template/template-type.tsx
 msgid "Public"
@@ -5485,6 +5863,10 @@ msgstr "Wartości radiowe"
 msgid "Read only"
 msgstr "Tylko do odczytu"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.support.tsx
+msgid "Read our documentation to get started with Documenso."
+msgstr ""
+
 #: apps/remix/app/components/general/document-signing/document-signing-disclosure.tsx
 msgid "Read the full <0>signature disclosure</0>."
 msgstr "Przeczytaj pełne <0>ujawnienie podpisu</0>."
@@ -5601,6 +5983,10 @@ msgstr "Kody odzyskiwania"
 msgid "Red"
 msgstr "Czerwony"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "Redirect URI"
+msgstr ""
+
 #: apps/remix/app/components/embed/authoring/configure-document-advanced-settings.tsx
 #: packages/ui/primitives/template-flow/add-template-settings.tsx
 #: packages/ui/primitives/document-flow/add-settings.tsx
@@ -5714,6 +6100,10 @@ msgstr "Odpowiedz na adres"
 msgid "Reply To Email"
 msgstr "Odpowiedz na adres"
 
+#: apps/remix/app/routes/_unauthenticated+/organisation.sso.confirmation.$token.tsx
+msgid "Requesting Organisation"
+msgstr ""
+
 #: packages/ui/primitives/document-flow/field-items-advanced-settings/text-field.tsx
 #: packages/ui/primitives/document-flow/field-items-advanced-settings/radio-field.tsx
 #: packages/ui/primitives/document-flow/field-items-advanced-settings/number-field.tsx
@@ -5722,6 +6112,10 @@ msgstr "Odpowiedz na adres"
 msgid "Required field"
 msgstr "Wymagane pole"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "Required scopes"
+msgstr ""
+
 #: apps/remix/app/routes/_authenticated+/admin+/documents.$id.tsx
 msgid "Reseal document"
 msgstr "Zapieczętuj ponownie dokument"
@@ -5746,6 +6140,11 @@ msgstr "Wyślij ponownie weryfikację"
 msgid "Reset"
 msgstr "Resetuj"
 
+#: apps/remix/app/components/dialogs/admin-user-reset-two-factor-dialog.tsx
+#: apps/remix/app/components/dialogs/admin-user-reset-two-factor-dialog.tsx
+msgid "Reset 2FA"
+msgstr ""
+
 #: apps/remix/app/components/forms/forgot-password.tsx
 msgid "Reset email sent"
 msgstr "Wysłano e-mail z resetowaniem"
@@ -5757,6 +6156,14 @@ msgstr "Wysłano e-mail z resetowaniem"
 msgid "Reset Password"
 msgstr "Zresetuj hasło"
 
+#: apps/remix/app/components/dialogs/admin-user-reset-two-factor-dialog.tsx
+msgid "Reset the users two factor authentication. This action is irreversible and will disable two factor authentication for the user."
+msgstr ""
+
+#: apps/remix/app/components/dialogs/admin-user-reset-two-factor-dialog.tsx
+msgid "Reset Two Factor Authentication"
+msgstr ""
+
 #: apps/remix/app/components/forms/reset-password.tsx
 msgid "Resetting Password..."
 msgstr "Resetowanie hasła..."
@@ -5788,9 +6195,14 @@ msgstr "Spróbuj ponownie"
 #: apps/remix/app/routes/_unauthenticated+/team.verify.email.$token.tsx
 #: apps/remix/app/routes/_unauthenticated+/organisation.invite.$token.tsx
 #: apps/remix/app/routes/_unauthenticated+/organisation.decline.$token.tsx
+#: apps/remix/app/routes/_unauthenticated+/o.$orgUrl.signin.tsx
 msgid "Return"
 msgstr "Zwróć"
 
+#: apps/remix/app/routes/_unauthenticated+/o.$orgUrl.signin.tsx
+msgid "Return to Documenso sign in page here"
+msgstr ""
+
 #: apps/remix/app/routes/_unauthenticated+/organisation.decline.$token.tsx
 msgid "Return to Home"
 msgstr "Powrót do strony głównej"
@@ -5800,6 +6212,10 @@ msgstr "Powrót do strony głównej"
 msgid "Return to sign in"
 msgstr "Powrót do logowania"
 
+#: packages/email/templates/organisation-account-link-confirmation.tsx
+msgid "Review request"
+msgstr ""
+
 #: apps/remix/app/routes/_authenticated+/settings+/security.sessions.tsx
 #: apps/remix/app/components/general/teams/team-email-usage.tsx
 msgid "Revoke"
@@ -5974,6 +6390,10 @@ msgstr "Wybierz metody uwierzytelniania"
 msgid "Select default option"
 msgstr "Wybierz domyślną opcję"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "Select default role"
+msgstr ""
+
 #: packages/ui/primitives/document-flow/field-items-advanced-settings/checkbox-field.tsx
 msgid "Select direction"
 msgstr "Wybierz kierunek"
@@ -6189,6 +6609,11 @@ msgstr "Pokaż ustawienia zaawansowane"
 msgid "Show templates in your public profile for your audience to sign and get started quickly"
 msgstr "Pokaż szablony w profilu publicznym, aby szybko podpisać dokument"
 
+#: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role action verb"
+msgid "Sign"
+msgstr ""
+
 #: apps/remix/app/routes/_profile+/p.$url.tsx
 #: apps/remix/app/components/tables/inbox-table.tsx
 #: apps/remix/app/components/tables/documents-table-action-dropdown.tsx
@@ -6202,7 +6627,6 @@ msgstr "Pokaż szablony w profilu publicznym, aby szybko podpisać dokument"
 #: apps/remix/app/components/general/document-signing/document-signing-auth-password.tsx
 #: apps/remix/app/components/general/document-signing/document-signing-auth-2fa.tsx
 #: apps/remix/app/components/general/document/document-page-view-button.tsx
-#: packages/lib/constants/recipient-roles.ts
 msgid "Sign"
 msgstr "Podpisz"
 
@@ -6224,7 +6648,7 @@ msgstr "Podpisz jako<0>{0} <1>({1})</1></0>"
 msgid "Sign document"
 msgstr "Podpisz dokument"
 
-#: apps/remix/app/components/general/document-signing/document-signing-form.tsx
+#: apps/remix/app/components/general/document-signing/document-signing-page-view.tsx
 #: packages/email/template-components/template-document-invite.tsx
 msgid "Sign Document"
 msgstr "Podpisz dokument"
@@ -6242,6 +6666,7 @@ msgstr "Pole podpisu"
 msgid "Sign Here"
 msgstr "Podpisz tutaj"
 
+#: apps/remix/app/routes/_unauthenticated+/o.$orgUrl.signin.tsx
 #: apps/remix/app/components/forms/signin.tsx
 #: apps/remix/app/components/forms/signin.tsx
 #: packages/email/template-components/template-reset-password.tsx
@@ -6249,6 +6674,7 @@ msgid "Sign In"
 msgstr "Zaloguj się"
 
 #: apps/remix/app/routes/_unauthenticated+/signin.tsx
+#: apps/remix/app/routes/_unauthenticated+/o.$orgUrl.signin.tsx
 #: apps/remix/app/components/general/document-signing/document-signing-auth-dialog.tsx
 msgid "Sign in to your account"
 msgstr "Zaloguj się na swoje konto"
@@ -6316,32 +6742,35 @@ msgstr "Zebrane podpisy"
 msgid "Signatures will appear once the document has been completed"
 msgstr "Podpisy pojawią się po ukończeniu dokumentu"
 
+#: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role actioned"
+msgid "Signed"
+msgstr ""
+
 #: apps/remix/app/routes/_internal+/[__htmltopdf]+/certificate.tsx
 #: apps/remix/app/components/general/document/document-page-view-recipients.tsx
 #: packages/ui/components/document/document-read-only-fields.tsx
-#: packages/lib/constants/recipient-roles.ts
 msgid "Signed"
 msgstr "Podpisał"
 
 #: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role name"
 msgid "Signer"
-msgstr "Podpisujący"
+msgstr ""
 
 #: apps/remix/app/routes/_internal+/[__htmltopdf]+/certificate.tsx
 msgid "Signer Events"
 msgstr "Zdarzenia podpisujących"
 
 #: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role plural name"
 msgid "Signers"
-msgstr "Podpisujący"
-
-#: packages/ui/primitives/document-flow/add-signers.types.ts
-msgid "Signers must have unique emails"
-msgstr "Podpisujący muszą mieć unikalne emaile"
+msgstr ""
 
 #: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role progressive verb"
 msgid "Signing"
-msgstr "Podpisywanie"
+msgstr ""
 
 #: apps/remix/app/routes/_internal+/[__htmltopdf]+/certificate.tsx
 msgid "Signing Certificate"
@@ -6512,6 +6941,14 @@ msgstr "Przepraszamy, nie mogliśmy pobrać certyfikatu. Proszę spróbować pon
 msgid "Source"
 msgstr "Źródło"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "Space-separated list of domains. Leave empty to allow all domains."
+msgstr ""
+
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings._layout.tsx
+msgid "SSO"
+msgstr ""
+
 #: apps/remix/app/routes/_authenticated+/admin+/_layout.tsx
 msgid "Stats"
 msgstr "Statystyki"
@@ -6543,6 +6980,7 @@ msgstr "Klient Stripe został utworzony"
 msgid "Stripe Customer ID"
 msgstr "Identyfikator klienta Stripe"
 
+#: apps/remix/app/components/forms/support-ticket-form.tsx
 #: packages/ui/primitives/document-flow/add-subject.tsx
 msgid "Subject"
 msgstr "Temat"
@@ -6552,6 +6990,10 @@ msgstr "Temat"
 msgid "Subject <0>(Optional)</0>"
 msgstr "Temat <0>(opcjonalnie)</0>"
 
+#: apps/remix/app/components/forms/support-ticket-form.tsx
+msgid "Submit"
+msgstr ""
+
 #: apps/remix/app/components/general/billing-plans.tsx
 #: apps/remix/app/components/general/billing-plans.tsx
 #: apps/remix/app/components/general/billing-plans.tsx
@@ -6585,10 +7027,12 @@ msgstr "Subskrypcja nieważna"
 
 #: apps/remix/app/routes/embed+/v1+/authoring+/template.edit.$id.tsx
 #: apps/remix/app/routes/embed+/v1+/authoring+/document.edit.$id.tsx
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
 #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.groups.$id.tsx
 #: apps/remix/app/routes/_authenticated+/admin+/organisations.$id.tsx
 #: apps/remix/app/routes/_authenticated+/admin+/organisations.$id.tsx
 #: apps/remix/app/routes/_authenticated+/admin+/organisations.$id.tsx
+#: apps/remix/app/routes/_authenticated+/admin+/organisations.$id.tsx
 #: apps/remix/app/routes/_authenticated+/admin+/documents.$id.tsx
 #: apps/remix/app/components/tables/settings-security-passkey-table-actions.tsx
 #: apps/remix/app/components/tables/settings-security-passkey-table-actions.tsx
@@ -6646,6 +7090,15 @@ msgstr "Pomyślnie utworzono: {successCount}"
 msgid "Summary:"
 msgstr "Podsumowanie:"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.support.tsx
+#: apps/remix/app/components/general/org-menu-switcher.tsx
+msgid "Support"
+msgstr ""
+
+#: apps/remix/app/components/forms/support-ticket-form.tsx
+msgid "Support ticket created"
+msgstr ""
+
 #: apps/remix/app/components/tables/organisation-email-domains-table.tsx
 msgid "Sync"
 msgstr "Synchronizuj"
@@ -7009,7 +7462,8 @@ msgid "The email address which will show up in the \"Reply To\" field in emails"
 msgstr "Adres e-mail, który pojawi się w polu \"Odpowiedź do\" w wiadomościach e-mail"
 
 #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.email-domains.$id.tsx
-msgid "The email domain you are looking for may have been removed, renamed or may have never\n"
+msgid ""
+"The email domain you are looking for may have been removed, renamed or may have never\n"
 "                    existed."
 msgstr "Domena e-mail, której szukasz mogła zostać usunięta, przechrzczona lub nigdy nie istniała."
 
@@ -7050,12 +7504,21 @@ msgstr "Wystąpiły następujące błędy:"
 msgid "The following team has been deleted. You will no longer be able to access this team and its documents"
 msgstr "Poniższy zespół został usunięty. Nie będziesz mógł już uzyskać dostępu do tego zespołu i jego dokumentów."
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "The OpenID discovery endpoint URL for your provider"
+msgstr ""
+
+#: apps/remix/app/routes/_unauthenticated+/o.$orgUrl.signin.tsx
+msgid "The organisation authentication portal does not exist, or is not configured"
+msgstr ""
+
 #: apps/remix/app/components/dialogs/organisation-email-create-dialog.tsx
 msgid "The organisation email has been created successfully."
 msgstr "Organizacyjny adres e-mail został pomyślnie utworzony."
 
 #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.groups.$id.tsx
-msgid "The organisation group you are looking for may have been removed, renamed or may have never\n"
+msgid ""
+"The organisation group you are looking for may have been removed, renamed or may have never\n"
 "                    existed."
 msgstr "Grupa organizacji, której szukasz, mogła zostać usunięta, zmieniona nazwa lub mogła nigdy nie istnieć."
 
@@ -7064,12 +7527,14 @@ msgid "The organisation role that will be applied to all members in this group."
 msgstr "Rola organizacji, która zostanie zastosowana do wszystkich członków tej grupy."
 
 #: apps/remix/app/routes/_authenticated+/admin+/organisations.$id.tsx
-msgid "The organisation you are looking for may have been removed, renamed or may have never\n"
+msgid ""
+"The organisation you are looking for may have been removed, renamed or may have never\n"
 "                    existed."
 msgstr "Organizacja, której szukasz, mogła zostać usunięta, zmieniona nazwa lub mogła nigdy nie istnieć."
 
 #: apps/remix/app/routes/_authenticated+/_layout.tsx
-msgid "The organisation you are looking for may have been removed, renamed or may have never\n"
+msgid ""
+"The organisation you are looking for may have been removed, renamed or may have never\n"
 "                  existed."
 msgstr "Organizacja, której szukasz, mogła zostać usunięta, zmieniona nazwa lub mogła nigdy nie istnieć."
 
@@ -7158,12 +7623,14 @@ msgid "The team email <0>{teamEmail}</0> has been removed from the following tea
 msgstr "Email zespołowy <0>{teamEmail}</0> został usunięty z następującego zespołu"
 
 #: apps/remix/app/routes/_authenticated+/_layout.tsx
-msgid "The team you are looking for may have been removed, renamed or may have never\n"
+msgid ""
+"The team you are looking for may have been removed, renamed or may have never\n"
 "                  existed."
 msgstr "Zespół, którego szukasz, mógł zostać usunięty, zmienić nazwę lub mógł nigdy nie istnieć."
 
 #: apps/remix/app/routes/_authenticated+/t.$teamUrl+/_layout.tsx
-msgid "The team you are looking for may have been removed, renamed or may have never\n"
+msgid ""
+"The team you are looking for may have been removed, renamed or may have never\n"
 "                existed."
 msgstr "Zespół, którego szukasz, mógł zostać usunięty, zmieniony na, albo nigdy nie istniał."
 
@@ -7179,6 +7646,10 @@ msgstr "Szablon zostanie usunięty z Twojego profilu"
 msgid "The test webhook has been successfully sent to your endpoint."
 msgstr "Testowy webhook został pomyślnie wysłany na twój punkt końcowy."
 
+#: apps/remix/app/routes/_unauthenticated+/organisation.sso.confirmation.$token.tsx
+msgid "The token is invalid or has expired."
+msgstr ""
+
 #: apps/remix/app/components/forms/token.tsx
 msgid "The token was copied to your clipboard."
 msgstr "Token został skopiowany do schowka."
@@ -7205,10 +7676,15 @@ msgid "The URL for Documenso to send webhook events to."
 msgstr "URL dla Documenso do wysyłania zdarzeń webhook."
 
 #: apps/remix/app/routes/_authenticated+/admin+/users.$id.tsx
-msgid "The user you are looking for may have been removed, renamed or may have never\n"
+msgid ""
+"The user you are looking for may have been removed, renamed or may have never\n"
 "                    existed."
 msgstr "Użytkownik, którego szukasz, mógł zostać usunięty, zmieniony nazwę lub mógł nigdy nie istnieć."
 
+#: apps/remix/app/components/dialogs/admin-user-reset-two-factor-dialog.tsx
+msgid "The user's two factor authentication has been reset successfully."
+msgstr ""
+
 #: apps/remix/app/components/dialogs/webhook-delete-dialog.tsx
 msgid "The webhook has been successfully deleted."
 msgstr "Webhook został pomyślnie usunięty."
@@ -7222,7 +7698,8 @@ msgid "The webhook was successfully created."
 msgstr "Webhook został pomyślnie utworzony."
 
 #: apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.webhooks.$id.tsx
-msgid "The webhook you are looking for may have been removed, renamed or may have never\n"
+msgid ""
+"The webhook you are looking for may have been removed, renamed or may have never\n"
 "                    existed."
 msgstr "Webhook, którego szukasz, mógł zostać usunięty, przechrzczony lub nigdy nie istniał."
 
@@ -7258,6 +7735,10 @@ msgstr "To konto zostało zablokowane. Skontaktuj się z pomocą techniczną."
 msgid "This account has not been verified. Please verify your account before signing in."
 msgstr "To konto nie zostało zweryfikowane. Proszę zweryfikuj konto przed zalogowaniem."
 
+#: apps/remix/app/components/dialogs/admin-user-reset-two-factor-dialog.tsx
+msgid "This action is irreversible. Please ensure you have informed the user before proceeding."
+msgstr ""
+
 #: apps/remix/app/components/dialogs/admin-user-delete-dialog.tsx
 #: apps/remix/app/components/dialogs/admin-document-delete-dialog.tsx
 #: apps/remix/app/components/dialogs/account-delete-dialog.tsx
@@ -7376,10 +7857,22 @@ msgstr "W ten sposób dokument dotrze do odbiorców, gdy tylko dokument będzie
 msgid "This is the claim that this organisation was initially created with. Any feature flag changes to this claim will be backported into this organisation."
 msgstr "To jest roszczenie, z którym pierwotnie została utworzona ta organizacja. Wszelkie zmiany flag funkcji w tym roszczeniu zostaną przeniesione do tej organizacji."
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "This is the required scopes you must set in your provider's settings"
+msgstr ""
+
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "This is the URL which users will use to sign in to your organisation."
+msgstr ""
+
 #: apps/remix/app/routes/_unauthenticated+/team.verify.email.$token.tsx
 msgid "This link is invalid or has expired. Please contact your team to resend a verification."
 msgstr "Ten link jest nieprawidłowy lub wygasł. Proszę skontaktować się ze swoim zespołem, aby ponownie wysłać weryfikację."
 
+#: apps/remix/app/routes/_unauthenticated+/organisation.sso.confirmation.$token.tsx
+msgid "This organisation will have administrative control over your account. You can revoke this access later, but they will retain access to any data they've already collected."
+msgstr ""
+
 #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.general.tsx
 msgid "This organisation, and any associated data will be permanently deleted."
 msgstr "Ta organizacja oraz wszelkie powiązane dane zostaną trwale usunięte."
@@ -7499,9 +7992,10 @@ msgstr "Aby móc dodać członków do zespołu, musisz najpierw dodać ich do or
 msgid "To change the email you must remove and add a new email address."
 msgstr "Aby zmienić e-mail, musisz usunąć i dodać nowy adres e-mail."
 
+#. placeholder {0}: user.email
 #. placeholder {0}: userToEnable.email
 #. placeholder {0}: userToDisable.email
-#. placeholder {0}: user.email
+#: apps/remix/app/components/dialogs/admin-user-reset-two-factor-dialog.tsx
 #: apps/remix/app/components/dialogs/admin-user-enable-dialog.tsx
 #: apps/remix/app/components/dialogs/admin-user-disable-dialog.tsx
 #: apps/remix/app/components/dialogs/admin-user-delete-dialog.tsx
@@ -7517,6 +8011,7 @@ msgid "To enable two-factor authentication, scan the following QR code using you
 msgstr "Aby włączyć uwierzytelnianie dwuetapowe, zeskanuj poniższy kod QR za pomocą swojej aplikacji uwierzytelniającej."
 
 #: apps/remix/app/routes/_unauthenticated+/unverified-account.tsx
+#: apps/remix/app/routes/_unauthenticated+/o.$orgUrl.signin.tsx
 msgid "To gain access to your account, please confirm your email address by clicking on the confirmation link from your inbox."
 msgstr "Aby uzyskać dostęp do swojego konta, proszę potwierdzić swój adres e-mail, klikając na link potwierdzający w swojej skrzynce odbiorczej."
 
@@ -7633,9 +8128,14 @@ msgstr "Uwierzytelnianie dwuetapowe zostało wyłączone dla Twojego konta. Nie
 msgid "Two-Factor Re-Authentication"
 msgstr "Ponowna autoryzacja za pomocą dwuetapowej weryfikacji"
 
+#: packages/lib/constants/document.ts
+msgctxt "Type signatute type"
+msgid "Type"
+msgstr ""
+
 #: apps/remix/app/components/tables/templates-table.tsx
 #: apps/remix/app/components/tables/admin-document-recipient-item-table.tsx
-#: packages/lib/constants/document.ts
+#: packages/ui/primitives/signature-pad/signature-pad.tsx
 msgid "Type"
 msgstr "Typ"
 
@@ -7749,9 +8249,15 @@ msgstr "Niezakończony"
 #: apps/remix/app/routes/_authenticated+/settings+/security.sessions.tsx
 #: apps/remix/app/routes/_authenticated+/settings+/security.sessions.tsx
 #: apps/remix/app/routes/_authenticated+/settings+/security.sessions.tsx
+#: apps/remix/app/routes/_authenticated+/settings+/security.linked-accounts.tsx
 msgid "Unknown"
 msgstr "Nieznany"
 
+#: apps/remix/app/components/general/template/template-drop-zone-wrapper.tsx
+#: apps/remix/app/components/general/document/document-drop-zone-wrapper.tsx
+msgid "Unknown error"
+msgstr ""
+
 #: apps/remix/app/components/tables/admin-claims-table.tsx
 msgid "Unlimited"
 msgstr "Nieograniczone"
@@ -7760,6 +8266,11 @@ msgstr "Nieograniczone"
 msgid "Unlimited documents, API and more"
 msgstr "Nieograniczone dokumenty, API i więcej"
 
+#: apps/remix/app/routes/_authenticated+/settings+/security.linked-accounts.tsx
+#: apps/remix/app/routes/_authenticated+/settings+/security.linked-accounts.tsx
+msgid "Unlink"
+msgstr ""
+
 #: apps/remix/app/components/general/folder/folder-card.tsx
 msgid "Unpin"
 msgstr "Odepnij"
@@ -7768,6 +8279,7 @@ msgstr "Odepnij"
 msgid "Untitled Group"
 msgstr "Grupa bez nazwy"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
 #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.groups.$id.tsx
 #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.email-domains.$id.tsx
 #: apps/remix/app/routes/_authenticated+/admin+/organisations.$id.tsx
@@ -7907,6 +8419,11 @@ msgid "Upgrade your plan to upload more documents"
 msgstr "Zaktualizuj swój plan, aby przesłać więcej dokumentów"
 
 #: packages/lib/constants/document.ts
+msgctxt "Upload signatute type"
+msgid "Upload"
+msgstr ""
+
+#: packages/ui/primitives/signature-pad/signature-pad.tsx
 msgid "Upload"
 msgstr "Przesłany"
 
@@ -7940,6 +8457,11 @@ msgstr "Prześlij niestandardowy dokument"
 msgid "Upload Document"
 msgstr "Prześlij dokument"
 
+#: apps/remix/app/components/general/template/template-drop-zone-wrapper.tsx
+#: apps/remix/app/components/general/document/document-drop-zone-wrapper.tsx
+msgid "Upload failed"
+msgstr ""
+
 #: packages/ui/primitives/signature-pad/signature-pad-upload.tsx
 msgid "Upload Signature"
 msgstr "Prześlij podpis"
@@ -8021,6 +8543,7 @@ msgstr "Użytkownik nie ma hasła."
 msgid "User not found"
 msgstr "Użytkownik nie znaleziony"
 
+#: apps/remix/app/components/dialogs/admin-user-reset-two-factor-dialog.tsx
 #: apps/remix/app/components/dialogs/admin-user-enable-dialog.tsx
 #: apps/remix/app/components/dialogs/admin-user-disable-dialog.tsx
 #: apps/remix/app/components/dialogs/admin-user-delete-dialog.tsx
@@ -8094,6 +8617,11 @@ msgstr "Zweryfikuj adres e-mail zespołu"
 msgid "Vertical"
 msgstr "Pionowo"
 
+#: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role action verb"
+msgid "View"
+msgstr ""
+
 #: apps/remix/app/components/tables/organisation-billing-invoices-table.tsx
 #: apps/remix/app/components/tables/inbox-table.tsx
 #: apps/remix/app/components/tables/inbox-table.tsx
@@ -8103,7 +8631,6 @@ msgstr "Pionowo"
 #: apps/remix/app/components/general/document/document-page-view-button.tsx
 #: apps/remix/app/components/forms/2fa/view-recovery-codes-dialog.tsx
 #: apps/remix/app/components/embed/multisign/multi-sign-document-list.tsx
-#: packages/lib/constants/recipient-roles.ts
 msgid "View"
 msgstr "Widok"
 
@@ -8136,6 +8663,11 @@ msgstr "Wyświetl wszystkie aktywności związane z bezpieczeństwem twojego kon
 msgid "View and manage all active sessions for your account."
 msgstr "Przeglądaj i zarządzaj wszystkimi aktywnymi sesjami swojego konta."
 
+#: apps/remix/app/routes/_authenticated+/settings+/security.linked-accounts.tsx
+#: apps/remix/app/routes/_authenticated+/settings+/security._index.tsx
+msgid "View and manage all login methods linked to your account."
+msgstr ""
+
 #: apps/remix/app/components/forms/2fa/view-recovery-codes-dialog.tsx
 msgid "View Codes"
 msgstr "Wyświetl kody"
@@ -8148,7 +8680,7 @@ msgstr "Zobacz rekordy DNS"
 msgid "View document"
 msgstr "Zobacz dokument"
 
-#: apps/remix/app/components/general/document-signing/document-signing-form.tsx
+#: apps/remix/app/components/general/document-signing/document-signing-page-view.tsx
 #: packages/ui/primitives/document-flow/add-subject.tsx
 #: packages/ui/primitives/document-flow/add-subject.tsx
 #: packages/ui/primitives/document-flow/add-subject.tsx
@@ -8198,24 +8730,31 @@ msgstr "Wyświetl zespoły"
 msgid "View the DNS records for this email domain"
 msgstr "Zobacz rekordy DNS dla tej domeny e-mail"
 
+#: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role actioned"
+msgid "Viewed"
+msgstr ""
+
 #: apps/remix/app/routes/_internal+/[__htmltopdf]+/certificate.tsx
 #: apps/remix/app/components/general/document/document-page-view-recipients.tsx
 #: apps/remix/app/components/embed/multisign/multi-sign-document-list.tsx
-#: packages/lib/constants/recipient-roles.ts
 msgid "Viewed"
 msgstr "Wyświetlono"
 
 #: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role name"
 msgid "Viewer"
-msgstr "Użytkownik widoku"
+msgstr ""
 
 #: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role plural name"
 msgid "Viewers"
-msgstr "Widokowcy"
+msgstr ""
 
 #: packages/lib/constants/recipient-roles.ts
+msgctxt "Recipient role progressive verb"
 msgid "Viewing"
-msgstr "Wyświetlanie"
+msgstr ""
 
 #: apps/remix/app/components/dialogs/folder-update-dialog.tsx
 msgid "Visibility"
@@ -8276,6 +8815,10 @@ msgstr "Nie możemy zaktualizować tego klucza zabezpieczeń w tej chwili. Prosz
 msgid "We couldn't create a Stripe customer. Please try again."
 msgstr "Nie udało nam się utworzyć klienta Stripe. Spróbuj ponownie."
 
+#: apps/remix/app/routes/_authenticated+/admin+/organisations.$id.tsx
+msgid "We couldn't promote the member to owner. Please try again."
+msgstr ""
+
 #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.groups.$id.tsx
 msgid "We couldn't update the group. Please try again."
 msgstr "Nie udało nam się zaktualizować grupy. Spróbuj ponownie."
@@ -8285,6 +8828,10 @@ msgstr "Nie udało nam się zaktualizować grupy. Spróbuj ponownie."
 msgid "We couldn't update the organisation. Please try again."
 msgstr "Nie udało nam się zaktualizować organizacji. Spróbuj ponownie."
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "We couldn't update the provider. Please try again."
+msgstr ""
+
 #: apps/remix/app/components/dialogs/organisation-email-create-dialog.tsx
 msgid "We encountered an error while creating the email. Please try again later."
 msgstr "Wystąpił błąd podczas tworzenia e-maila. Proszę spróbować ponownie później."
@@ -8393,6 +8940,7 @@ msgstr "Natknęliśmy się na nieznany błąd podczas próby zresetowania hasła
 msgid "We encountered an unknown error while attempting to revoke access. Please try again or contact support."
 msgstr "Natknęliśmy się na nieznany błąd podczas próby odwołania dostępu. Proszę spróbuj ponownie lub skontaktuj się z pomocą techniczną."
 
+#: apps/remix/app/routes/_unauthenticated+/o.$orgUrl.signin.tsx
 #: apps/remix/app/components/forms/signin.tsx
 #: apps/remix/app/components/forms/signin.tsx
 msgid "We encountered an unknown error while attempting to sign you In. Please try again later."
@@ -8528,6 +9076,10 @@ msgstr "Wygenerujemy dla Ciebie linki do podpisania, które możesz wysłać do
 msgid "We won't send anything to notify recipients."
 msgstr "Nie wyślemy nic, aby powiadomić odbiorców."
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.support.tsx
+msgid "We'll get back to you as soon as possible via email."
+msgstr ""
+
 #: apps/remix/app/routes/_authenticated+/t.$teamUrl+/templates._index.tsx
 #: apps/remix/app/components/tables/documents-table-empty-state.tsx
 msgid "We're all empty"
@@ -8585,10 +9137,18 @@ msgstr "Witaj ponownie. Mamy szczęście, że Cię mamy."
 msgid "Welcome back! Here's an overview of your account."
 msgstr "Witamy z powrotem! Oto przegląd twojego konta."
 
+#: apps/remix/app/routes/_unauthenticated+/o.$orgUrl.signin.tsx
+msgid "Welcome to {organisationName}"
+msgstr ""
+
 #: packages/email/template-components/template-confirmation-email.tsx
 msgid "Welcome to Documenso!"
 msgstr "Witaj w Documenso!"
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "Well-known URL is required"
+msgstr ""
+
 #: apps/remix/app/routes/_recipient+/sign.$token+/waiting.tsx
 msgid "Were you trying to edit this document instead?"
 msgstr "Czy próbowałeś raczej edytować ten dokument?"
@@ -8615,6 +9175,10 @@ msgstr "Gdy podpisujesz dokument, możemy automatycznie wypełnić i podpisać n
 msgid "When you use our platform to affix your electronic signature to documents, you are consenting to do so under the Electronic Signatures in Global and National Commerce Act (E-Sign Act) and other applicable laws. This action indicates your agreement to use electronic means to sign documents and receive notifications."
 msgstr "Kiedy korzystasz z naszej platformy, aby przyczepić swój podpis elektroniczny do dokumentów, wyrażasz zgodę na dokonanie tego zgodnie z Ustawą o podpisach elektronicznych w handlu globalnym i krajowym (Ustawa E-Sign) oraz innymi obowiązującymi przepisami. Ta czynność wskazuje na twoją zgodę na korzystanie z elektronicznych środków do podpisywania dokumentów i otrzymywania powiadomień."
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "Whether to enable the SSO portal for your organisation"
+msgstr ""
+
 #: apps/remix/app/routes/_profile+/p.$url.tsx
 msgid "While waiting for them to do so you can create your own Documenso account and get started with document signing right away."
 msgstr "Czekając na ich działania możesz utworzyć własne konto Documenso i od razu rozpocząć podpisywanie dokumentów."
@@ -8682,6 +9246,10 @@ msgstr "Masz zamiar opuścić następującą organizację."
 msgid "You are about to remove default access to this team for all organisation members. Any members not explicitly added to this team will no longer have access."
 msgstr "Masz zamiar usunąć domyślny dostęp do tego zespołu dla wszystkich członków organizacji. Każdy członek nie dodany odrębnie do tego zespołu nie będzie miał już dostępu."
 
+#: apps/remix/app/routes/_authenticated+/settings+/security.linked-accounts.tsx
+msgid "You are about to remove the <0>{provider}</0> login method from your account."
+msgstr ""
+
 #. placeholder {0}: organisation.name
 #: apps/remix/app/components/dialogs/organisation-email-domain-delete-dialog.tsx
 msgid "You are about to remove the email domain <0>{emailDomain}</0> from <1>{0}</1>. All emails associated with this domain will be deleted."
@@ -8768,6 +9336,10 @@ msgstr "Nie masz uprawnień, aby wyłączyć tego użytkownika."
 msgid "You are not authorized to enable this user."
 msgstr "Nie masz uprawnień, aby włączyć tego użytkownika."
 
+#: apps/remix/app/components/dialogs/admin-user-reset-two-factor-dialog.tsx
+msgid "You are not authorized to reset two factor authentcation for this user."
+msgstr ""
+
 #: packages/email/template-components/template-confirmation-email.tsx
 msgid "You can also copy and paste this link into your browser: {confirmationLink} (link expires in 1 hour)"
 msgstr "Możesz także skopiować i wkleić ten link do przeglądarki: {confirmationLink} (link wygasa za 1 godzinę)"
@@ -9058,6 +9630,10 @@ msgstr "Będziesz teraz zobowiązany do wpisania kodu z aplikacji uwierzytelniaj
 msgid "You will receive an Email copy of the signed document once everyone has signed."
 msgstr "Otrzymasz kopię e-maila podpisanego dokumentu, gdy wszyscy podpiszą."
 
+#: apps/remix/app/routes/_unauthenticated+/organisation.sso.confirmation.$token.tsx
+msgid "Your Account"
+msgstr ""
+
 #: apps/remix/app/components/dialogs/account-delete-dialog.tsx
 msgid "Your account has been deleted successfully."
 msgstr "Konto zostało usunięte."
@@ -9091,6 +9667,10 @@ msgstr "Twoja operacja masowej wysyłki dla szablonu \"{templateName}\" została
 msgid "Your current {currentProductName} plan is past due. Please update your payment information."
 msgstr "Twój plan {currentProductName} jest nieopłacony. Zaktualizuj informacje płatnicze."
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.support.tsx
+msgid "Your current plan includes the following support channels:"
+msgstr ""
+
 #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.billing.tsx
 msgid "Your current plan is inactive."
 msgstr "Obecny plan jest nieaktywny."
@@ -9104,7 +9684,6 @@ msgid "Your direct signing templates"
 msgstr "Twoje bezpośrednie szablony podpisu"
 
 #: apps/remix/app/components/general/document/document-upload.tsx
-#: apps/remix/app/components/general/document/document-drop-zone-wrapper.tsx
 #: apps/remix/app/components/embed/authoring/configure-document-upload.tsx
 msgid "Your document failed to upload."
 msgstr "Twój dokument nie udało się załadować."
@@ -9237,6 +9816,10 @@ msgstr "Twój kod odzyskiwania został skopiowany do schowka."
 msgid "Your recovery codes are listed below. Please store them in a safe place."
 msgstr "Twoje kody odzyskiwania są wymienione poniżej. Proszę przechowywać je w bezpiecznym miejscu."
 
+#: apps/remix/app/components/forms/support-ticket-form.tsx
+msgid "Your support request has been submitted. We'll get back to you soon!"
+msgstr ""
+
 #: apps/remix/app/components/dialogs/team-create-dialog.tsx
 msgid "Your team has been created."
 msgstr "Zespół został utworzony."
@@ -9249,10 +9832,6 @@ msgstr "Zespół został usunięty."
 msgid "Your team has been successfully updated."
 msgstr "Zespół został zaktualizowany."
 
-#: apps/remix/app/components/general/template/template-drop-zone-wrapper.tsx
-msgid "Your template failed to upload."
-msgstr "Twój szablon nie został przesłany."
-
 #: apps/remix/app/routes/embed+/v1+/authoring_.completed.create.tsx
 msgid "Your template has been created successfully"
 msgstr "Szablon został utworzony"
@@ -9289,3 +9868,6 @@ msgstr "Twój token został pomyślnie utworzony! Upewnij się, że go skopiujes
 msgid "Your tokens will be shown here once you create them."
 msgstr "Twoje tokeny będą tutaj wyświetlane po ich utworzeniu."
 
+#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
+msgid "your-domain.com another-domain.com"
+msgstr ""

From 995bc9c362ccbc45c89517e0b4208836a3649e8e Mon Sep 17 00:00:00 2001
From: Lucas Smith <me@lucasjamessmith.me>
Date: Mon, 6 Oct 2025 16:17:54 +1100
Subject: [PATCH 44/47] feat: support 2fa for document completion (#2063)

Adds support for 2FA when completing a document, also adds support for
using email for 2FA when no authenticator has been associated with the
account.
---
 .gitignore                                    |   5 +-
 .../direct-template-signing-form.tsx          |   4 +-
 .../document-signing/access-auth-2fa-form.tsx | 312 +++++++++++++
 .../document-signing-complete-dialog.tsx      | 431 ++++++++++--------
 .../document-signing-form.tsx                 |  31 +-
 .../document-signing-page-view.tsx            |  29 +-
 .../_internal+/[__htmltopdf]+/certificate.tsx |   1 +
 .../routes/_recipient+/d.$token+/_index.tsx   |  10 +-
 .../_recipient+/sign.$token+/_index.tsx       |  17 +-
 .../app/routes/embed+/_v0+/direct.$url.tsx    |  10 +-
 .../app/routes/embed+/_v0+/sign.$url.tsx      |  10 +-
 .../template-access-auth-2fa.tsx              |  60 +++
 packages/email/templates/access-auth-2fa.tsx  |  77 ++++
 packages/lib/errors/app-error.ts              |   2 +
 .../lib/server-only/2fa/email/constants.ts    |   1 +
 .../generate-2fa-credentials-from-email.ts    |  38 ++
 .../email/generate-2fa-token-from-email.ts    |  23 +
 .../2fa/email/send-2fa-token-email.ts         | 124 +++++
 .../email/validate-2fa-token-from-email.ts    |  37 ++
 .../document/complete-document-with-token.ts  |  70 ++-
 .../document/is-recipient-authorized.ts       |  58 ++-
 .../document/validate-field-auth.ts           |   2 +-
 .../create-document-from-direct-template.ts   |   2 +
 packages/lib/types/document-audit-logs.ts     |  44 ++
 packages/lib/types/document-auth.ts           |  11 +-
 packages/lib/utils/document-audit-logs.ts     |  30 ++
 .../access-auth-request-2fa-email.ts          |  94 ++++
 .../access-auth-request-2fa-email.types.ts    |  17 +
 .../trpc/server/document-router/router.ts     |   5 +
 .../trpc/server/recipient-router/router.ts    |   3 +-
 .../trpc/server/recipient-router/schema.ts    |   2 +
 31 files changed, 1300 insertions(+), 260 deletions(-)
 create mode 100644 apps/remix/app/components/general/document-signing/access-auth-2fa-form.tsx
 create mode 100644 packages/email/template-components/template-access-auth-2fa.tsx
 create mode 100644 packages/email/templates/access-auth-2fa.tsx
 create mode 100644 packages/lib/server-only/2fa/email/constants.ts
 create mode 100644 packages/lib/server-only/2fa/email/generate-2fa-credentials-from-email.ts
 create mode 100644 packages/lib/server-only/2fa/email/generate-2fa-token-from-email.ts
 create mode 100644 packages/lib/server-only/2fa/email/send-2fa-token-email.ts
 create mode 100644 packages/lib/server-only/2fa/email/validate-2fa-token-from-email.ts
 create mode 100644 packages/trpc/server/document-router/access-auth-request-2fa-email.ts
 create mode 100644 packages/trpc/server/document-router/access-auth-request-2fa-email.types.ts

diff --git a/.gitignore b/.gitignore
index f31f951a7..9e622a76f 100644
--- a/.gitignore
+++ b/.gitignore
@@ -56,4 +56,7 @@ logs.json
 
 # claude
 .claude
-CLAUDE.md
\ No newline at end of file
+CLAUDE.md
+
+# agents
+.specs
diff --git a/apps/remix/app/components/general/direct-template/direct-template-signing-form.tsx b/apps/remix/app/components/general/direct-template/direct-template-signing-form.tsx
index 8f78ae754..fedea33c0 100644
--- a/apps/remix/app/components/general/direct-template/direct-template-signing-form.tsx
+++ b/apps/remix/app/components/general/direct-template/direct-template-signing-form.tsx
@@ -417,11 +417,11 @@ export const DirectTemplateSigningForm = ({
 
           <DocumentSigningCompleteDialog
             isSubmitting={isSubmitting}
-            onSignatureComplete={handleSubmit}
+            onSignatureComplete={async () => handleSubmit()}
             documentTitle={template.title}
             fields={localFields}
             fieldsValidated={fieldsValidated}
-            role={directRecipient.role}
+            recipient={directRecipient}
           />
         </div>
       </DocumentFlowFormContainerFooter>
diff --git a/apps/remix/app/components/general/document-signing/access-auth-2fa-form.tsx b/apps/remix/app/components/general/document-signing/access-auth-2fa-form.tsx
new file mode 100644
index 000000000..57891e877
--- /dev/null
+++ b/apps/remix/app/components/general/document-signing/access-auth-2fa-form.tsx
@@ -0,0 +1,312 @@
+import { useEffect, useState } from 'react';
+
+import { zodResolver } from '@hookform/resolvers/zod';
+import { msg } from '@lingui/core/macro';
+import { useLingui } from '@lingui/react';
+import { Trans } from '@lingui/react/macro';
+import { ArrowLeftIcon, KeyIcon, MailIcon } from 'lucide-react';
+import { DateTime } from 'luxon';
+import { useForm } from 'react-hook-form';
+import { z } from 'zod';
+
+import type { TRecipientAccessAuth } from '@documenso/lib/types/document-auth';
+import { trpc } from '@documenso/trpc/react';
+import { cn } from '@documenso/ui/lib/utils';
+import { Alert } from '@documenso/ui/primitives/alert';
+import { Button } from '@documenso/ui/primitives/button';
+import { Form, FormField, FormItem } from '@documenso/ui/primitives/form/form';
+import { PinInput, PinInputGroup, PinInputSlot } from '@documenso/ui/primitives/pin-input';
+import { useToast } from '@documenso/ui/primitives/use-toast';
+
+import { useRequiredDocumentSigningAuthContext } from './document-signing-auth-provider';
+
+type FormStep = 'method-selection' | 'code-input';
+type TwoFactorMethod = 'email' | 'authenticator';
+
+const ZAccessAuth2FAFormSchema = z.object({
+  token: z.string().length(6, { message: 'Token must be 6 characters long' }),
+});
+
+type TAccessAuth2FAFormSchema = z.infer<typeof ZAccessAuth2FAFormSchema>;
+
+export type AccessAuth2FAFormProps = {
+  onSubmit: (accessAuthOptions: TRecipientAccessAuth) => void;
+  token: string;
+  error?: string | null;
+};
+
+export const AccessAuth2FAForm = ({ onSubmit, token, error }: AccessAuth2FAFormProps) => {
+  const [step, setStep] = useState<FormStep>('method-selection');
+  const [selectedMethod, setSelectedMethod] = useState<TwoFactorMethod | null>(null);
+
+  const [expiresAt, setExpiresAt] = useState<Date | null>(null);
+  const [millisecondsRemaining, setMillisecondsRemaining] = useState<number | null>(null);
+
+  const { _ } = useLingui();
+  const { toast } = useToast();
+
+  const { user } = useRequiredDocumentSigningAuthContext();
+
+  const { mutateAsync: request2FAEmail, isPending: isRequesting2FAEmail } =
+    trpc.document.accessAuth.request2FAEmail.useMutation();
+
+  const form = useForm({
+    resolver: zodResolver(ZAccessAuth2FAFormSchema),
+    defaultValues: {
+      token: '',
+    },
+  });
+
+  const hasAuthenticatorEnabled = user?.twoFactorEnabled === true;
+
+  const onMethodSelect = async (method: TwoFactorMethod) => {
+    setSelectedMethod(method);
+
+    if (method === 'email') {
+      try {
+        const result = await request2FAEmail({
+          token: token,
+        });
+
+        setExpiresAt(result.expiresAt);
+        setMillisecondsRemaining(result.expiresAt.valueOf() - Date.now());
+
+        setStep('code-input');
+      } catch (error) {
+        toast({
+          title: _(msg`An error occurred`),
+          description: _(
+            msg`We encountered an unknown error while attempting to request the two-factor authentication code. Please try again later.`,
+          ),
+          variant: 'destructive',
+        });
+
+        return;
+      }
+    }
+
+    setStep('code-input');
+  };
+
+  const onFormSubmit = (data: TAccessAuth2FAFormSchema) => {
+    if (!selectedMethod) {
+      return;
+    }
+
+    // Prepare the auth options for the completion attempt
+    const accessAuthOptions: TRecipientAccessAuth = {
+      type: 'TWO_FACTOR_AUTH',
+      token: data.token, // Just the user's code - backend will validate using method type
+      method: selectedMethod,
+    };
+
+    onSubmit(accessAuthOptions);
+  };
+
+  const onGoBack = () => {
+    setStep('method-selection');
+    setSelectedMethod(null);
+    setExpiresAt(null);
+    setMillisecondsRemaining(null);
+  };
+
+  const onResendEmail = async () => {
+    if (selectedMethod !== 'email') {
+      return;
+    }
+
+    try {
+      const result = await request2FAEmail({
+        token: token,
+      });
+
+      setExpiresAt(result.expiresAt);
+      setMillisecondsRemaining(result.expiresAt.valueOf() - Date.now());
+    } catch (error) {
+      toast({
+        title: _(msg`An error occurred`),
+        description: _(
+          msg`We encountered an unknown error while attempting to request the two-factor authentication code. Please try again later.`,
+        ),
+        variant: 'destructive',
+      });
+    }
+  };
+
+  useEffect(() => {
+    const interval = setInterval(() => {
+      if (expiresAt) {
+        setMillisecondsRemaining(expiresAt.valueOf() - Date.now());
+      }
+    }, 1000);
+
+    return () => clearInterval(interval);
+  }, [expiresAt]);
+
+  return (
+    <div className="py-4">
+      {step === 'method-selection' && (
+        <div className="space-y-4">
+          <div>
+            <h3 className="text-lg font-semibold">
+              <Trans>Choose verification method</Trans>
+            </h3>
+            <p className="text-muted-foreground text-sm">
+              <Trans>Please select how you'd like to receive your verification code.</Trans>
+            </p>
+          </div>
+
+          {error && (
+            <Alert variant="destructive" padding="tight" className="text-sm">
+              {error}
+            </Alert>
+          )}
+
+          <div className="space-y-3">
+            <Button
+              type="button"
+              variant="outline"
+              className="flex h-auto w-full justify-start gap-3 p-4"
+              onClick={async () => onMethodSelect('email')}
+              disabled={isRequesting2FAEmail}
+            >
+              <MailIcon className="h-5 w-5" />
+              <div className="text-left">
+                <div className="font-medium">
+                  <Trans>Email verification</Trans>
+                </div>
+                <div className="text-muted-foreground text-sm">
+                  <Trans>We'll send a 6-digit code to your email</Trans>
+                </div>
+              </div>
+            </Button>
+
+            {hasAuthenticatorEnabled && (
+              <Button
+                type="button"
+                variant="outline"
+                className="flex h-auto w-full justify-start gap-3 p-4"
+                onClick={async () => onMethodSelect('authenticator')}
+                disabled={isRequesting2FAEmail}
+              >
+                <KeyIcon className="h-5 w-5" />
+                <div className="text-left">
+                  <div className="font-medium">
+                    <Trans>Authenticator app</Trans>
+                  </div>
+                  <div className="text-muted-foreground text-sm">
+                    <Trans>Use your authenticator app to generate a code</Trans>
+                  </div>
+                </div>
+              </Button>
+            )}
+          </div>
+        </div>
+      )}
+
+      {step === 'code-input' && (
+        <div className="space-y-4">
+          <div className="flex items-center gap-2">
+            <Button type="button" variant="ghost" size="sm" onClick={onGoBack}>
+              <ArrowLeftIcon className="h-4 w-4" />
+            </Button>
+
+            <h3 className="text-lg font-semibold">
+              <Trans>Enter verification code</Trans>
+            </h3>
+          </div>
+
+          <div className="text-muted-foreground text-sm">
+            {selectedMethod === 'email' ? (
+              <Trans>
+                We've sent a 6-digit verification code to your email. Please enter it below to
+                complete the document.
+              </Trans>
+            ) : (
+              <Trans>
+                Please open your authenticator app and enter the 6-digit code for this document.
+              </Trans>
+            )}
+          </div>
+
+          <Form {...form}>
+            <form
+              id="access-auth-2fa-form"
+              className="space-y-4"
+              onSubmit={form.handleSubmit(onFormSubmit)}
+            >
+              <fieldset disabled={isRequesting2FAEmail || form.formState.isSubmitting}>
+                <FormField
+                  control={form.control}
+                  name="token"
+                  render={({ field }) => (
+                    <FormItem className="flex-1 items-center justify-center">
+                      <PinInput
+                        {...field}
+                        maxLength={6}
+                        autoFocus
+                        inputMode="numeric"
+                        pattern="^\d+$"
+                        aria-label="2FA code"
+                        containerClassName="h-12 justify-center"
+                      >
+                        <PinInputGroup>
+                          <PinInputSlot className="h-12 w-12 text-lg" index={0} />
+                          <PinInputSlot className="h-12 w-12 text-lg" index={1} />
+                          <PinInputSlot className="h-12 w-12 text-lg" index={2} />
+                          <PinInputSlot className="h-12 w-12 text-lg" index={3} />
+                          <PinInputSlot className="h-12 w-12 text-lg" index={4} />
+                          <PinInputSlot className="h-12 w-12 text-lg" index={5} />
+                        </PinInputGroup>
+                      </PinInput>
+
+                      {expiresAt && millisecondsRemaining !== null && (
+                        <div
+                          className={cn('text-muted-foreground mt-2 text-center text-sm', {
+                            'text-destructive': millisecondsRemaining <= 0,
+                          })}
+                        >
+                          <Trans>
+                            Expires in{' '}
+                            {DateTime.fromMillis(Math.max(millisecondsRemaining, 0)).toFormat(
+                              'mm:ss',
+                            )}
+                          </Trans>
+                        </div>
+                      )}
+                    </FormItem>
+                  )}
+                />
+
+                <div className="mt-4 space-y-2">
+                  <Button
+                    type="submit"
+                    form="access-auth-2fa-form"
+                    className="w-full"
+                    disabled={!form.formState.isValid}
+                    loading={isRequesting2FAEmail || form.formState.isSubmitting}
+                  >
+                    <Trans>Verify & Complete</Trans>
+                  </Button>
+
+                  {selectedMethod === 'email' && (
+                    <Button
+                      type="button"
+                      variant="ghost"
+                      size="sm"
+                      className="w-full"
+                      onClick={onResendEmail}
+                      loading={isRequesting2FAEmail}
+                    >
+                      <Trans>Resend code</Trans>
+                    </Button>
+                  )}
+                </div>
+              </fieldset>
+            </form>
+          </Form>
+        </div>
+      )}
+    </div>
+  );
+};
diff --git a/apps/remix/app/components/general/document-signing/document-signing-complete-dialog.tsx b/apps/remix/app/components/general/document-signing/document-signing-complete-dialog.tsx
index 65503b965..7f0f06e5a 100644
--- a/apps/remix/app/components/general/document-signing/document-signing-complete-dialog.tsx
+++ b/apps/remix/app/components/general/document-signing/document-signing-complete-dialog.tsx
@@ -2,12 +2,17 @@ import { useMemo, useState } from 'react';
 
 import { zodResolver } from '@hookform/resolvers/zod';
 import { Trans } from '@lingui/react/macro';
-import type { Field } from '@prisma/client';
+import type { Field, Recipient } from '@prisma/client';
 import { RecipientRole } from '@prisma/client';
 import { useForm } from 'react-hook-form';
 import { match } from 'ts-pattern';
 import { z } from 'zod';
 
+import { AppError, AppErrorCode } from '@documenso/lib/errors/app-error';
+import {
+  type TRecipientAccessAuth,
+  ZDocumentAccessAuthSchema,
+} from '@documenso/lib/types/document-auth';
 import { fieldsContainUnsignedRequiredField } from '@documenso/lib/utils/advanced-fields-helpers';
 import { Button } from '@documenso/ui/primitives/button';
 import {
@@ -27,15 +32,21 @@ import {
 } from '@documenso/ui/primitives/form/form';
 import { Input } from '@documenso/ui/primitives/input';
 
+import { AccessAuth2FAForm } from '~/components/general/document-signing/access-auth-2fa-form';
 import { DocumentSigningDisclosure } from '~/components/general/document-signing/document-signing-disclosure';
 
+import { useRequiredDocumentSigningAuthContext } from './document-signing-auth-provider';
+
 export type DocumentSigningCompleteDialogProps = {
   isSubmitting: boolean;
   documentTitle: string;
   fields: Field[];
   fieldsValidated: () => void | Promise<void>;
-  onSignatureComplete: (nextSigner?: { name: string; email: string }) => void | Promise<void>;
-  role: RecipientRole;
+  onSignatureComplete: (
+    nextSigner?: { name: string; email: string },
+    accessAuthOptions?: TRecipientAccessAuth,
+  ) => void | Promise<void>;
+  recipient: Pick<Recipient, 'name' | 'email' | 'role' | 'token'>;
   disabled?: boolean;
   allowDictateNextSigner?: boolean;
   defaultNextSigner?: {
@@ -47,6 +58,7 @@ export type DocumentSigningCompleteDialogProps = {
 const ZNextSignerFormSchema = z.object({
   name: z.string().min(1, 'Name is required'),
   email: z.string().email('Invalid email address'),
+  accessAuthOptions: ZDocumentAccessAuthSchema.optional(),
 });
 
 type TNextSignerFormSchema = z.infer<typeof ZNextSignerFormSchema>;
@@ -57,7 +69,7 @@ export const DocumentSigningCompleteDialog = ({
   fields,
   fieldsValidated,
   onSignatureComplete,
-  role,
+  recipient,
   disabled = false,
   allowDictateNextSigner = false,
   defaultNextSigner,
@@ -65,6 +77,11 @@ export const DocumentSigningCompleteDialog = ({
   const [showDialog, setShowDialog] = useState(false);
   const [isEditingNextSigner, setIsEditingNextSigner] = useState(false);
 
+  const [showTwoFactorForm, setShowTwoFactorForm] = useState(false);
+  const [twoFactorValidationError, setTwoFactorValidationError] = useState<string | null>(null);
+
+  const { derivedRecipientAccessAuth, user } = useRequiredDocumentSigningAuthContext();
+
   const form = useForm<TNextSignerFormSchema>({
     resolver: allowDictateNextSigner ? zodResolver(ZNextSignerFormSchema) : undefined,
     defaultValues: {
@@ -75,6 +92,11 @@ export const DocumentSigningCompleteDialog = ({
 
   const isComplete = useMemo(() => !fieldsContainUnsignedRequiredField(fields), [fields]);
 
+  const completionRequires2FA = useMemo(
+    () => derivedRecipientAccessAuth.includes('TWO_FACTOR_AUTH'),
+    [derivedRecipientAccessAuth],
+  );
+
   const handleOpenChange = (open: boolean) => {
     if (form.formState.isSubmitting || !isComplete) {
       return;
@@ -93,16 +115,43 @@ export const DocumentSigningCompleteDialog = ({
 
   const onFormSubmit = async (data: TNextSignerFormSchema) => {
     try {
-      if (allowDictateNextSigner && data.name && data.email) {
-        await onSignatureComplete({ name: data.name, email: data.email });
-      } else {
-        await onSignatureComplete();
+      // Check if 2FA is required
+      if (completionRequires2FA && !data.accessAuthOptions) {
+        setShowTwoFactorForm(true);
+        return;
       }
+
+      const nextSigner =
+        allowDictateNextSigner && data.name && data.email
+          ? { name: data.name, email: data.email }
+          : undefined;
+
+      await onSignatureComplete(nextSigner, data.accessAuthOptions);
     } catch (error) {
-      console.error('Error completing signature:', error);
+      const err = AppError.parseError(error);
+
+      if (AppErrorCode.TWO_FACTOR_AUTH_FAILED === err.code) {
+        // This was a 2FA validation failure - show the 2FA dialog again with error
+        form.setValue('accessAuthOptions', undefined);
+
+        setTwoFactorValidationError('Invalid verification code. Please try again.');
+        setShowTwoFactorForm(true);
+
+        return;
+      }
     }
   };
 
+  const onTwoFactorFormSubmit = (validatedAuthOptions: TRecipientAccessAuth) => {
+    form.setValue('accessAuthOptions', validatedAuthOptions);
+
+    setShowTwoFactorForm(false);
+    setTwoFactorValidationError(null);
+
+    // Now trigger the form submission with auth options
+    void form.handleSubmit(onFormSubmit)();
+  };
+
   const isNextSignerValid = !allowDictateNextSigner || (form.watch('name') && form.watch('email'));
 
   return (
@@ -116,7 +165,7 @@ export const DocumentSigningCompleteDialog = ({
           loading={isSubmitting}
           disabled={disabled}
         >
-          {match({ isComplete, role })
+          {match({ isComplete, role: recipient.role })
             .with({ isComplete: false }, () => <Trans>Next field</Trans>)
             .with({ isComplete: true, role: RecipientRole.APPROVER }, () => <Trans>Approve</Trans>)
             .with({ isComplete: true, role: RecipientRole.VIEWER }, () => (
@@ -128,184 +177,194 @@ export const DocumentSigningCompleteDialog = ({
       </DialogTrigger>
 
       <DialogContent>
-        <Form {...form}>
-          <form onSubmit={form.handleSubmit(onFormSubmit)}>
-            <fieldset disabled={form.formState.isSubmitting} className="border-none p-0">
-              <DialogTitle>
-                <div className="text-foreground text-xl font-semibold">
-                  {match(role)
-                    .with(RecipientRole.VIEWER, () => <Trans>Complete Viewing</Trans>)
-                    .with(RecipientRole.SIGNER, () => <Trans>Complete Signing</Trans>)
-                    .with(RecipientRole.APPROVER, () => <Trans>Complete Approval</Trans>)
-                    .with(RecipientRole.CC, () => <Trans>Complete Viewing</Trans>)
-                    .with(RecipientRole.ASSISTANT, () => <Trans>Complete Assisting</Trans>)
-                    .exhaustive()}
-                </div>
-              </DialogTitle>
-
-              <div className="text-muted-foreground max-w-[50ch]">
-                {match(role)
-                  .with(RecipientRole.VIEWER, () => (
-                    <span>
-                      <Trans>
-                        <span className="inline-flex flex-wrap">
-                          You are about to complete viewing "
-                          <span className="inline-block max-w-[11rem] truncate align-baseline">
-                            {documentTitle}
-                          </span>
-                          ".
-                        </span>
-                        <br /> Are you sure?
-                      </Trans>
-                    </span>
-                  ))
-                  .with(RecipientRole.SIGNER, () => (
-                    <span>
-                      <Trans>
-                        <span className="inline-flex flex-wrap">
-                          You are about to complete signing "
-                          <span className="inline-block max-w-[11rem] truncate align-baseline">
-                            {documentTitle}
-                          </span>
-                          ".
-                        </span>
-                        <br /> Are you sure?
-                      </Trans>
-                    </span>
-                  ))
-                  .with(RecipientRole.APPROVER, () => (
-                    <span>
-                      <Trans>
-                        <span className="inline-flex flex-wrap">
-                          You are about to complete approving{' '}
-                          <span className="inline-block max-w-[11rem] truncate align-baseline">
-                            "{documentTitle}"
-                          </span>
-                          .
-                        </span>
-                        <br /> Are you sure?
-                      </Trans>
-                    </span>
-                  ))
-                  .otherwise(() => (
-                    <span>
-                      <Trans>
-                        <span className="inline-flex flex-wrap">
-                          You are about to complete viewing "
-                          <span className="inline-block max-w-[11rem] truncate align-baseline">
-                            {documentTitle}
-                          </span>
-                          ".
-                        </span>
-                        <br /> Are you sure?
-                      </Trans>
-                    </span>
-                  ))}
-              </div>
-
-              {allowDictateNextSigner && (
-                <div className="mt-4 flex flex-col gap-4">
-                  {!isEditingNextSigner && (
-                    <div>
-                      <p className="text-muted-foreground text-sm">
-                        The next recipient to sign this document will be{' '}
-                        <span className="font-semibold">{form.watch('name')}</span> (
-                        <span className="font-semibold">{form.watch('email')}</span>).
-                      </p>
-
-                      <Button
-                        type="button"
-                        className="mt-2"
-                        variant="outline"
-                        size="sm"
-                        onClick={() => setIsEditingNextSigner((prev) => !prev)}
-                      >
-                        <Trans>Update Recipient</Trans>
-                      </Button>
-                    </div>
-                  )}
-
-                  {isEditingNextSigner && (
-                    <div className="flex flex-col gap-4 md:flex-row">
-                      <FormField
-                        control={form.control}
-                        name="name"
-                        render={({ field }) => (
-                          <FormItem className="flex-1">
-                            <FormLabel>
-                              <Trans>Name</Trans>
-                            </FormLabel>
-                            <FormControl>
-                              <Input
-                                {...field}
-                                className="mt-2"
-                                placeholder="Enter the next signer's name"
-                              />
-                            </FormControl>
-
-                            <FormMessage />
-                          </FormItem>
-                        )}
-                      />
-
-                      <FormField
-                        control={form.control}
-                        name="email"
-                        render={({ field }) => (
-                          <FormItem className="flex-1">
-                            <FormLabel>
-                              <Trans>Email</Trans>
-                            </FormLabel>
-                            <FormControl>
-                              <Input
-                                {...field}
-                                type="email"
-                                className="mt-2"
-                                placeholder="Enter the next signer's email"
-                              />
-                            </FormControl>
-                            <FormMessage />
-                          </FormItem>
-                        )}
-                      />
-                    </div>
-                  )}
-                </div>
-              )}
-
-              <DocumentSigningDisclosure className="mt-4" />
-
-              <DialogFooter className="mt-4">
-                <div className="flex w-full flex-1 flex-nowrap gap-4">
-                  <Button
-                    type="button"
-                    className="flex-1"
-                    variant="secondary"
-                    onClick={() => setShowDialog(false)}
-                    disabled={form.formState.isSubmitting}
-                  >
-                    <Trans>Cancel</Trans>
-                  </Button>
-
-                  <Button
-                    type="submit"
-                    className="flex-1"
-                    disabled={!isComplete || !isNextSignerValid}
-                    loading={form.formState.isSubmitting}
-                  >
-                    {match(role)
-                      .with(RecipientRole.VIEWER, () => <Trans>Mark as Viewed</Trans>)
-                      .with(RecipientRole.SIGNER, () => <Trans>Sign</Trans>)
-                      .with(RecipientRole.APPROVER, () => <Trans>Approve</Trans>)
-                      .with(RecipientRole.CC, () => <Trans>Mark as Viewed</Trans>)
-                      .with(RecipientRole.ASSISTANT, () => <Trans>Complete</Trans>)
+        {!showTwoFactorForm && (
+          <Form {...form}>
+            <form onSubmit={form.handleSubmit(onFormSubmit)}>
+              <fieldset disabled={form.formState.isSubmitting} className="border-none p-0">
+                <DialogTitle>
+                  <div className="text-foreground text-xl font-semibold">
+                    {match(recipient.role)
+                      .with(RecipientRole.VIEWER, () => <Trans>Complete Viewing</Trans>)
+                      .with(RecipientRole.SIGNER, () => <Trans>Complete Signing</Trans>)
+                      .with(RecipientRole.APPROVER, () => <Trans>Complete Approval</Trans>)
+                      .with(RecipientRole.CC, () => <Trans>Complete Viewing</Trans>)
+                      .with(RecipientRole.ASSISTANT, () => <Trans>Complete Assisting</Trans>)
                       .exhaustive()}
-                  </Button>
+                  </div>
+                </DialogTitle>
+
+                <div className="text-muted-foreground max-w-[50ch]">
+                  {match(recipient.role)
+                    .with(RecipientRole.VIEWER, () => (
+                      <span>
+                        <Trans>
+                          <span className="inline-flex flex-wrap">
+                            You are about to complete viewing "
+                            <span className="inline-block max-w-[11rem] truncate align-baseline">
+                              {documentTitle}
+                            </span>
+                            ".
+                          </span>
+                          <br /> Are you sure?
+                        </Trans>
+                      </span>
+                    ))
+                    .with(RecipientRole.SIGNER, () => (
+                      <span>
+                        <Trans>
+                          <span className="inline-flex flex-wrap">
+                            You are about to complete signing "
+                            <span className="inline-block max-w-[11rem] truncate align-baseline">
+                              {documentTitle}
+                            </span>
+                            ".
+                          </span>
+                          <br /> Are you sure?
+                        </Trans>
+                      </span>
+                    ))
+                    .with(RecipientRole.APPROVER, () => (
+                      <span>
+                        <Trans>
+                          <span className="inline-flex flex-wrap">
+                            You are about to complete approving{' '}
+                            <span className="inline-block max-w-[11rem] truncate align-baseline">
+                              "{documentTitle}"
+                            </span>
+                            .
+                          </span>
+                          <br /> Are you sure?
+                        </Trans>
+                      </span>
+                    ))
+                    .otherwise(() => (
+                      <span>
+                        <Trans>
+                          <span className="inline-flex flex-wrap">
+                            You are about to complete viewing "
+                            <span className="inline-block max-w-[11rem] truncate align-baseline">
+                              {documentTitle}
+                            </span>
+                            ".
+                          </span>
+                          <br /> Are you sure?
+                        </Trans>
+                      </span>
+                    ))}
                 </div>
-              </DialogFooter>
-            </fieldset>
-          </form>
-        </Form>
+
+                {allowDictateNextSigner && (
+                  <div className="mt-4 flex flex-col gap-4">
+                    {!isEditingNextSigner && (
+                      <div>
+                        <p className="text-muted-foreground text-sm">
+                          The next recipient to sign this document will be{' '}
+                          <span className="font-semibold">{form.watch('name')}</span> (
+                          <span className="font-semibold">{form.watch('email')}</span>).
+                        </p>
+
+                        <Button
+                          type="button"
+                          className="mt-2"
+                          variant="outline"
+                          size="sm"
+                          onClick={() => setIsEditingNextSigner((prev) => !prev)}
+                        >
+                          <Trans>Update Recipient</Trans>
+                        </Button>
+                      </div>
+                    )}
+
+                    {isEditingNextSigner && (
+                      <div className="flex flex-col gap-4 md:flex-row">
+                        <FormField
+                          control={form.control}
+                          name="name"
+                          render={({ field }) => (
+                            <FormItem className="flex-1">
+                              <FormLabel>
+                                <Trans>Name</Trans>
+                              </FormLabel>
+                              <FormControl>
+                                <Input
+                                  {...field}
+                                  className="mt-2"
+                                  placeholder="Enter the next signer's name"
+                                />
+                              </FormControl>
+
+                              <FormMessage />
+                            </FormItem>
+                          )}
+                        />
+
+                        <FormField
+                          control={form.control}
+                          name="email"
+                          render={({ field }) => (
+                            <FormItem className="flex-1">
+                              <FormLabel>
+                                <Trans>Email</Trans>
+                              </FormLabel>
+                              <FormControl>
+                                <Input
+                                  {...field}
+                                  type="email"
+                                  className="mt-2"
+                                  placeholder="Enter the next signer's email"
+                                />
+                              </FormControl>
+                              <FormMessage />
+                            </FormItem>
+                          )}
+                        />
+                      </div>
+                    )}
+                  </div>
+                )}
+
+                <DocumentSigningDisclosure className="mt-4" />
+
+                <DialogFooter className="mt-4">
+                  <div className="flex w-full flex-1 flex-nowrap gap-4">
+                    <Button
+                      type="button"
+                      className="flex-1"
+                      variant="secondary"
+                      onClick={() => setShowDialog(false)}
+                      disabled={form.formState.isSubmitting}
+                    >
+                      <Trans>Cancel</Trans>
+                    </Button>
+
+                    <Button
+                      type="submit"
+                      className="flex-1"
+                      disabled={!isComplete || !isNextSignerValid}
+                      loading={form.formState.isSubmitting}
+                    >
+                      {match(recipient.role)
+                        .with(RecipientRole.VIEWER, () => <Trans>Mark as Viewed</Trans>)
+                        .with(RecipientRole.SIGNER, () => <Trans>Sign</Trans>)
+                        .with(RecipientRole.APPROVER, () => <Trans>Approve</Trans>)
+                        .with(RecipientRole.CC, () => <Trans>Mark as Viewed</Trans>)
+                        .with(RecipientRole.ASSISTANT, () => <Trans>Complete</Trans>)
+                        .exhaustive()}
+                    </Button>
+                  </div>
+                </DialogFooter>
+              </fieldset>
+            </form>
+          </Form>
+        )}
+
+        {showTwoFactorForm && (
+          <AccessAuth2FAForm
+            token={recipient.token}
+            error={twoFactorValidationError}
+            onSubmit={onTwoFactorFormSubmit}
+          />
+        )}
       </DialogContent>
     </Dialog>
   );
diff --git a/apps/remix/app/components/general/document-signing/document-signing-form.tsx b/apps/remix/app/components/general/document-signing/document-signing-form.tsx
index b2b58aa3b..dcc947645 100644
--- a/apps/remix/app/components/general/document-signing/document-signing-form.tsx
+++ b/apps/remix/app/components/general/document-signing/document-signing-form.tsx
@@ -8,7 +8,7 @@ import { Controller, useForm } from 'react-hook-form';
 import { useNavigate } from 'react-router';
 
 import type { DocumentAndSender } from '@documenso/lib/server-only/document/get-document-by-token';
-import type { TRecipientActionAuth } from '@documenso/lib/types/document-auth';
+import type { TRecipientAccessAuth } from '@documenso/lib/types/document-auth';
 import { isFieldUnsignedAndRequired } from '@documenso/lib/utils/advanced-fields-helpers';
 import { sortFieldsByPosition } from '@documenso/lib/utils/fields';
 import type { RecipientWithFields } from '@documenso/prisma/types/recipient-with-fields';
@@ -34,10 +34,10 @@ export type DocumentSigningFormProps = {
   isRecipientsTurn: boolean;
   allRecipients?: RecipientWithFields[];
   setSelectedSignerId?: (id: number | null) => void;
-  completeDocument: (
-    authOptions?: TRecipientActionAuth,
-    nextSigner?: { email: string; name: string },
-  ) => Promise<void>;
+  completeDocument: (options: {
+    accessAuthOptions?: TRecipientAccessAuth;
+    nextSigner?: { email: string; name: string };
+  }) => Promise<void>;
   isSubmitting: boolean;
   fieldsValidated: () => void;
   nextRecipient?: RecipientWithFields;
@@ -105,7 +105,7 @@ export const DocumentSigningForm = ({
     setIsAssistantSubmitting(true);
 
     try {
-      await completeDocument(undefined, nextSigner);
+      await completeDocument({ nextSigner });
     } catch (err) {
       toast({
         title: 'Error',
@@ -149,10 +149,10 @@ export const DocumentSigningForm = ({
                     documentTitle={document.title}
                     fields={fields}
                     fieldsValidated={localFieldsValidated}
-                    onSignatureComplete={async (nextSigner) => {
-                      await completeDocument(undefined, nextSigner);
-                    }}
-                    role={recipient.role}
+                    onSignatureComplete={async (nextSigner, accessAuthOptions) =>
+                      completeDocument({ nextSigner, accessAuthOptions })
+                    }
+                    recipient={recipient}
                     allowDictateNextSigner={document.documentMeta?.allowDictateNextSigner}
                     defaultNextSigner={
                       nextRecipient
@@ -309,10 +309,13 @@ export const DocumentSigningForm = ({
                   fields={fields}
                   fieldsValidated={localFieldsValidated}
                   disabled={!isRecipientsTurn}
-                  onSignatureComplete={async (nextSigner) => {
-                    await completeDocument(undefined, nextSigner);
-                  }}
-                  role={recipient.role}
+                  onSignatureComplete={async (nextSigner, accessAuthOptions) =>
+                    completeDocument({
+                      accessAuthOptions,
+                      nextSigner,
+                    })
+                  }
+                  recipient={recipient}
                   allowDictateNextSigner={
                     nextRecipient && document.documentMeta?.allowDictateNextSigner
                   }
diff --git a/apps/remix/app/components/general/document-signing/document-signing-page-view.tsx b/apps/remix/app/components/general/document-signing/document-signing-page-view.tsx
index a396973e7..6c06cdf44 100644
--- a/apps/remix/app/components/general/document-signing/document-signing-page-view.tsx
+++ b/apps/remix/app/components/general/document-signing/document-signing-page-view.tsx
@@ -12,7 +12,7 @@ import { DEFAULT_DOCUMENT_DATE_FORMAT } from '@documenso/lib/constants/date-form
 import { PDF_VIEWER_PAGE_SELECTOR } from '@documenso/lib/constants/pdf-viewer';
 import { DEFAULT_DOCUMENT_TIME_ZONE } from '@documenso/lib/constants/time-zones';
 import type { DocumentAndSender } from '@documenso/lib/server-only/document/get-document-by-token';
-import type { TRecipientActionAuth } from '@documenso/lib/types/document-auth';
+import type { TRecipientAccessAuth } from '@documenso/lib/types/document-auth';
 import {
   ZCheckboxFieldMeta,
   ZDropdownFieldMeta,
@@ -46,6 +46,7 @@ import { DocumentSigningRejectDialog } from '~/components/general/document-signi
 import { DocumentSigningSignatureField } from '~/components/general/document-signing/document-signing-signature-field';
 import { DocumentSigningTextField } from '~/components/general/document-signing/document-signing-text-field';
 
+import { useRequiredDocumentSigningAuthContext } from './document-signing-auth-provider';
 import { DocumentSigningCompleteDialog } from './document-signing-complete-dialog';
 import { DocumentSigningRecipientProvider } from './document-signing-recipient-provider';
 
@@ -70,6 +71,12 @@ export const DocumentSigningPageView = ({
 }: DocumentSigningPageViewProps) => {
   const { documentData, documentMeta } = document;
 
+  const { derivedRecipientAccessAuth, user: authUser } = useRequiredDocumentSigningAuthContext();
+
+  const hasAuthenticator = authUser?.twoFactorEnabled
+    ? authUser.twoFactorEnabled && authUser.email === recipient.email
+    : false;
+
   const navigate = useNavigate();
   const analytics = useAnalytics();
 
@@ -94,14 +101,16 @@ export const DocumentSigningPageView = ({
     validateFieldsInserted(fieldsRequiringValidation);
   };
 
-  const completeDocument = async (
-    authOptions?: TRecipientActionAuth,
-    nextSigner?: { email: string; name: string },
-  ) => {
+  const completeDocument = async (options: {
+    accessAuthOptions?: TRecipientAccessAuth;
+    nextSigner?: { email: string; name: string };
+  }) => {
+    const { accessAuthOptions, nextSigner } = options;
+
     const payload = {
       token: recipient.token,
       documentId: document.id,
-      authOptions,
+      accessAuthOptions,
       ...(nextSigner?.email && nextSigner?.name ? { nextSigner } : {}),
     };
 
@@ -265,10 +274,10 @@ export const DocumentSigningPageView = ({
                           fields={fields}
                           fieldsValidated={fieldsValidated}
                           disabled={!isRecipientsTurn}
-                          onSignatureComplete={async (nextSigner) => {
-                            await completeDocument(undefined, nextSigner);
-                          }}
-                          role={recipient.role}
+                          onSignatureComplete={async (nextSigner) =>
+                            completeDocument({ nextSigner })
+                          }
+                          recipient={recipient}
                           allowDictateNextSigner={
                             nextRecipient && documentMeta?.allowDictateNextSigner
                           }
diff --git a/apps/remix/app/routes/_internal+/[__htmltopdf]+/certificate.tsx b/apps/remix/app/routes/_internal+/[__htmltopdf]+/certificate.tsx
index c415a0e13..ff14ccd32 100644
--- a/apps/remix/app/routes/_internal+/[__htmltopdf]+/certificate.tsx
+++ b/apps/remix/app/routes/_internal+/[__htmltopdf]+/certificate.tsx
@@ -151,6 +151,7 @@ export default function SigningCertificate({ loaderData }: Route.ComponentProps)
 
       authLevel = match(accessAuthMethod)
         .with('ACCOUNT', () => _(msg`Account Authentication`))
+        .with('TWO_FACTOR_AUTH', () => _(msg`Two-Factor Authentication`))
         .with(undefined, () => _(msg`Email`))
         .exhaustive();
     }
diff --git a/apps/remix/app/routes/_recipient+/d.$token+/_index.tsx b/apps/remix/app/routes/_recipient+/d.$token+/_index.tsx
index ee37e5d0b..f7e495477 100644
--- a/apps/remix/app/routes/_recipient+/d.$token+/_index.tsx
+++ b/apps/remix/app/routes/_recipient+/d.$token+/_index.tsx
@@ -47,10 +47,12 @@ export async function loader({ params, request }: Route.LoaderArgs) {
   });
 
   // Ensure typesafety when we add more options.
-  const isAccessAuthValid = match(derivedRecipientAccessAuth.at(0))
-    .with(DocumentAccessAuth.ACCOUNT, () => Boolean(session.user))
-    .with(undefined, () => true)
-    .exhaustive();
+  const isAccessAuthValid = derivedRecipientAccessAuth.every((auth) =>
+    match(auth)
+      .with(DocumentAccessAuth.ACCOUNT, () => Boolean(session.user))
+      .with(DocumentAccessAuth.TWO_FACTOR_AUTH, () => true)
+      .exhaustive(),
+  );
 
   if (!isAccessAuthValid) {
     return superLoaderJson({
diff --git a/apps/remix/app/routes/_recipient+/sign.$token+/_index.tsx b/apps/remix/app/routes/_recipient+/sign.$token+/_index.tsx
index d9c8b9c4c..06d3018cc 100644
--- a/apps/remix/app/routes/_recipient+/sign.$token+/_index.tsx
+++ b/apps/remix/app/routes/_recipient+/sign.$token+/_index.tsx
@@ -3,12 +3,12 @@ import { DocumentSigningOrder, DocumentStatus, RecipientRole, SigningStatus } fr
 import { Clock8 } from 'lucide-react';
 import { Link, redirect } from 'react-router';
 import { getOptionalLoaderContext } from 'server/utils/get-loader-session';
+import { match } from 'ts-pattern';
 
 import signingCelebration from '@documenso/assets/images/signing-celebration.png';
 import { getOptionalSession } from '@documenso/auth/server/lib/utils/get-session';
 import { useOptionalSession } from '@documenso/lib/client-only/providers/session';
 import { getDocumentAndSenderByToken } from '@documenso/lib/server-only/document/get-document-by-token';
-import { isRecipientAuthorized } from '@documenso/lib/server-only/document/is-recipient-authorized';
 import { viewedDocument } from '@documenso/lib/server-only/document/viewed-document';
 import { getCompletedFieldsForToken } from '@documenso/lib/server-only/field/get-completed-fields-for-token';
 import { getFieldsForToken } from '@documenso/lib/server-only/field/get-fields-for-token';
@@ -19,6 +19,7 @@ import { getRecipientSignatures } from '@documenso/lib/server-only/recipient/get
 import { getRecipientsForAssistant } from '@documenso/lib/server-only/recipient/get-recipients-for-assistant';
 import { getTeamSettings } from '@documenso/lib/server-only/team/get-team-settings';
 import { getUserByEmail } from '@documenso/lib/server-only/user/get-user-by-email';
+import { DocumentAccessAuth } from '@documenso/lib/types/document-auth';
 import { extractDocumentAuthMethods } from '@documenso/lib/utils/document-auth';
 import { SigningCard3D } from '@documenso/ui/components/signing-card';
 
@@ -98,16 +99,16 @@ export async function loader({ params, request }: Route.LoaderArgs) {
     recipientAuth: recipient.authOptions,
   });
 
-  const isDocumentAccessValid = await isRecipientAuthorized({
-    type: 'ACCESS',
-    documentAuthOptions: document.authOptions,
-    recipient,
-    userId: user?.id,
-  });
+  const isAccessAuthValid = derivedRecipientAccessAuth.every((accesssAuth) =>
+    match(accesssAuth)
+      .with(DocumentAccessAuth.ACCOUNT, () => user && user.email === recipient.email)
+      .with(DocumentAccessAuth.TWO_FACTOR_AUTH, () => true) // Allow without account requirement
+      .exhaustive(),
+  );
 
   let recipientHasAccount: boolean | null = null;
 
-  if (!isDocumentAccessValid) {
+  if (!isAccessAuthValid) {
     recipientHasAccount = await getUserByEmail({ email: recipient.email })
       .then((user) => !!user)
       .catch(() => false);
diff --git a/apps/remix/app/routes/embed+/_v0+/direct.$url.tsx b/apps/remix/app/routes/embed+/_v0+/direct.$url.tsx
index 5c3d1d916..4c61d9cea 100644
--- a/apps/remix/app/routes/embed+/_v0+/direct.$url.tsx
+++ b/apps/remix/app/routes/embed+/_v0+/direct.$url.tsx
@@ -58,10 +58,12 @@ export async function loader({ params, request }: Route.LoaderArgs) {
     documentAuth: template.authOptions,
   });
 
-  const isAccessAuthValid = match(derivedRecipientAccessAuth.at(0))
-    .with(DocumentAccessAuth.ACCOUNT, () => !!user)
-    .with(undefined, () => true)
-    .exhaustive();
+  const isAccessAuthValid = derivedRecipientAccessAuth.every((auth) =>
+    match(auth)
+      .with(DocumentAccessAuth.ACCOUNT, () => !!user)
+      .with(DocumentAccessAuth.TWO_FACTOR_AUTH, () => false) // Not supported for direct links
+      .exhaustive(),
+  );
 
   if (!isAccessAuthValid) {
     throw data(
diff --git a/apps/remix/app/routes/embed+/_v0+/sign.$url.tsx b/apps/remix/app/routes/embed+/_v0+/sign.$url.tsx
index 668ca417d..c4eb156b4 100644
--- a/apps/remix/app/routes/embed+/_v0+/sign.$url.tsx
+++ b/apps/remix/app/routes/embed+/_v0+/sign.$url.tsx
@@ -75,10 +75,12 @@ export async function loader({ params, request }: Route.LoaderArgs) {
     documentAuth: document.authOptions,
   });
 
-  const isAccessAuthValid = match(derivedRecipientAccessAuth.at(0))
-    .with(DocumentAccessAuth.ACCOUNT, () => user && user.email === recipient.email)
-    .with(undefined, () => true)
-    .exhaustive();
+  const isAccessAuthValid = derivedRecipientAccessAuth.every((accesssAuth) =>
+    match(accesssAuth)
+      .with(DocumentAccessAuth.ACCOUNT, () => user && user.email === recipient.email)
+      .with(DocumentAccessAuth.TWO_FACTOR_AUTH, () => true) // Allow without account requirement
+      .exhaustive(),
+  );
 
   if (!isAccessAuthValid) {
     throw data(
diff --git a/packages/email/template-components/template-access-auth-2fa.tsx b/packages/email/template-components/template-access-auth-2fa.tsx
new file mode 100644
index 000000000..edaa4df7e
--- /dev/null
+++ b/packages/email/template-components/template-access-auth-2fa.tsx
@@ -0,0 +1,60 @@
+import { Trans } from '@lingui/react/macro';
+
+import { Heading, Img, Section, Text } from '../components';
+
+export type TemplateAccessAuth2FAProps = {
+  documentTitle: string;
+  code: string;
+  userEmail: string;
+  userName: string;
+  expiresInMinutes: number;
+  assetBaseUrl?: string;
+};
+
+export const TemplateAccessAuth2FA = ({
+  documentTitle,
+  code,
+  userName,
+  expiresInMinutes,
+  assetBaseUrl = 'http://localhost:3002',
+}: TemplateAccessAuth2FAProps) => {
+  const getAssetUrl = (path: string) => {
+    return new URL(path, assetBaseUrl).toString();
+  };
+
+  return (
+    <div>
+      <Img src={getAssetUrl('/static/document.png')} alt="Document" className="mx-auto h-12 w-12" />
+
+      <Section className="mt-8">
+        <Heading className="text-center text-lg font-semibold text-slate-900">
+          <Trans>Verification Code Required</Trans>
+        </Heading>
+
+        <Text className="mt-2 text-center text-slate-700">
+          <Trans>
+            Hi {userName}, you need to enter a verification code to complete the document "
+            {documentTitle}".
+          </Trans>
+        </Text>
+
+        <Section className="mt-6 rounded-lg bg-slate-50 p-6 text-center">
+          <Text className="mb-2 text-sm font-medium text-slate-600">
+            <Trans>Your verification code:</Trans>
+          </Text>
+          <Text className="text-2xl font-bold tracking-wider text-slate-900">{code}</Text>
+        </Section>
+
+        <Text className="mt-4 text-center text-sm text-slate-600">
+          <Trans>This code will expire in {expiresInMinutes} minutes.</Trans>
+        </Text>
+
+        <Text className="mt-4 text-center text-sm text-slate-500">
+          <Trans>
+            If you didn't request this verification code, you can safely ignore this email.
+          </Trans>
+        </Text>
+      </Section>
+    </div>
+  );
+};
diff --git a/packages/email/templates/access-auth-2fa.tsx b/packages/email/templates/access-auth-2fa.tsx
new file mode 100644
index 000000000..a635da3cb
--- /dev/null
+++ b/packages/email/templates/access-auth-2fa.tsx
@@ -0,0 +1,77 @@
+import { msg } from '@lingui/core/macro';
+import { useLingui } from '@lingui/react';
+
+import { Body, Container, Head, Html, Img, Preview, Section } from '../components';
+import { useBranding } from '../providers/branding';
+import { TemplateAccessAuth2FA } from '../template-components/template-access-auth-2fa';
+import { TemplateFooter } from '../template-components/template-footer';
+
+export type AccessAuth2FAEmailTemplateProps = {
+  documentTitle: string;
+  code: string;
+  userEmail: string;
+  userName: string;
+  expiresInMinutes: number;
+  assetBaseUrl?: string;
+};
+
+export const AccessAuth2FAEmailTemplate = ({
+  documentTitle,
+  code,
+  userEmail,
+  userName,
+  expiresInMinutes,
+  assetBaseUrl = 'http://localhost:3002',
+}: AccessAuth2FAEmailTemplateProps) => {
+  const { _ } = useLingui();
+
+  const branding = useBranding();
+
+  const previewText = msg`Your verification code is ${code}`;
+
+  const getAssetUrl = (path: string) => {
+    return new URL(path, assetBaseUrl).toString();
+  };
+
+  return (
+    <Html>
+      <Head />
+      <Preview>{_(previewText)}</Preview>
+
+      <Body className="mx-auto my-auto bg-white font-sans">
+        <Section>
+          <Container className="mx-auto mb-2 mt-8 max-w-xl rounded-lg border border-solid border-slate-200 p-4 backdrop-blur-sm">
+            <Section>
+              {branding.brandingEnabled && branding.brandingLogo ? (
+                <Img src={branding.brandingLogo} alt="Branding Logo" className="mb-4 h-6" />
+              ) : (
+                <Img
+                  src={getAssetUrl('/static/logo.png')}
+                  alt="Documenso Logo"
+                  className="mb-4 h-6"
+                />
+              )}
+
+              <TemplateAccessAuth2FA
+                documentTitle={documentTitle}
+                code={code}
+                userEmail={userEmail}
+                userName={userName}
+                expiresInMinutes={expiresInMinutes}
+                assetBaseUrl={assetBaseUrl}
+              />
+            </Section>
+          </Container>
+
+          <div className="mx-auto mt-12 max-w-xl" />
+
+          <Container className="mx-auto max-w-xl">
+            <TemplateFooter isDocument={false} />
+          </Container>
+        </Section>
+      </Body>
+    </Html>
+  );
+};
+
+export default AccessAuth2FAEmailTemplate;
diff --git a/packages/lib/errors/app-error.ts b/packages/lib/errors/app-error.ts
index ad78e3417..ee82bcd91 100644
--- a/packages/lib/errors/app-error.ts
+++ b/packages/lib/errors/app-error.ts
@@ -17,6 +17,7 @@ export enum AppErrorCode {
   'RETRY_EXCEPTION' = 'RETRY_EXCEPTION',
   'SCHEMA_FAILED' = 'SCHEMA_FAILED',
   'TOO_MANY_REQUESTS' = 'TOO_MANY_REQUESTS',
+  'TWO_FACTOR_AUTH_FAILED' = 'TWO_FACTOR_AUTH_FAILED',
 }
 
 export const genericErrorCodeToTrpcErrorCodeMap: Record<string, { code: string; status: number }> =
@@ -32,6 +33,7 @@ export const genericErrorCodeToTrpcErrorCodeMap: Record<string, { code: string;
     [AppErrorCode.RETRY_EXCEPTION]: { code: 'INTERNAL_SERVER_ERROR', status: 500 },
     [AppErrorCode.SCHEMA_FAILED]: { code: 'INTERNAL_SERVER_ERROR', status: 500 },
     [AppErrorCode.TOO_MANY_REQUESTS]: { code: 'TOO_MANY_REQUESTS', status: 429 },
+    [AppErrorCode.TWO_FACTOR_AUTH_FAILED]: { code: 'UNAUTHORIZED', status: 401 },
   };
 
 export const ZAppErrorJsonSchema = z.object({
diff --git a/packages/lib/server-only/2fa/email/constants.ts b/packages/lib/server-only/2fa/email/constants.ts
new file mode 100644
index 000000000..2727fbe10
--- /dev/null
+++ b/packages/lib/server-only/2fa/email/constants.ts
@@ -0,0 +1 @@
+export const TWO_FACTOR_EMAIL_EXPIRATION_MINUTES = 5;
diff --git a/packages/lib/server-only/2fa/email/generate-2fa-credentials-from-email.ts b/packages/lib/server-only/2fa/email/generate-2fa-credentials-from-email.ts
new file mode 100644
index 000000000..d379f854c
--- /dev/null
+++ b/packages/lib/server-only/2fa/email/generate-2fa-credentials-from-email.ts
@@ -0,0 +1,38 @@
+import { hmac } from '@noble/hashes/hmac';
+import { sha256 } from '@noble/hashes/sha256';
+import { createTOTPKeyURI } from 'oslo/otp';
+
+import { DOCUMENSO_ENCRYPTION_KEY } from '../../../constants/crypto';
+
+const ISSUER = 'Documenso Email 2FA';
+
+export type GenerateTwoFactorCredentialsFromEmailOptions = {
+  documentId: number;
+  email: string;
+};
+
+/**
+ * Generate an encrypted token containing a 6-digit 2FA code for email verification.
+ *
+ * @param options - The options for generating the token
+ * @returns Object containing the token and the 6-digit code
+ */
+export const generateTwoFactorCredentialsFromEmail = ({
+  documentId,
+  email,
+}: GenerateTwoFactorCredentialsFromEmailOptions) => {
+  if (!DOCUMENSO_ENCRYPTION_KEY) {
+    throw new Error('Missing DOCUMENSO_ENCRYPTION_KEY');
+  }
+
+  const identity = `email-2fa|v1|email:${email}|id:${documentId}`;
+
+  const secret = hmac(sha256, DOCUMENSO_ENCRYPTION_KEY, identity);
+
+  const uri = createTOTPKeyURI(ISSUER, email, secret);
+
+  return {
+    uri,
+    secret,
+  };
+};
diff --git a/packages/lib/server-only/2fa/email/generate-2fa-token-from-email.ts b/packages/lib/server-only/2fa/email/generate-2fa-token-from-email.ts
new file mode 100644
index 000000000..9e5328291
--- /dev/null
+++ b/packages/lib/server-only/2fa/email/generate-2fa-token-from-email.ts
@@ -0,0 +1,23 @@
+import { generateHOTP } from 'oslo/otp';
+
+import { generateTwoFactorCredentialsFromEmail } from './generate-2fa-credentials-from-email';
+
+export type GenerateTwoFactorTokenFromEmailOptions = {
+  documentId: number;
+  email: string;
+  period?: number;
+};
+
+export const generateTwoFactorTokenFromEmail = async ({
+  email,
+  documentId,
+  period = 30_000,
+}: GenerateTwoFactorTokenFromEmailOptions) => {
+  const { secret } = generateTwoFactorCredentialsFromEmail({ email, documentId });
+
+  const counter = Math.floor(Date.now() / period);
+
+  const token = await generateHOTP(secret, counter);
+
+  return token;
+};
diff --git a/packages/lib/server-only/2fa/email/send-2fa-token-email.ts b/packages/lib/server-only/2fa/email/send-2fa-token-email.ts
new file mode 100644
index 000000000..64e52ab5c
--- /dev/null
+++ b/packages/lib/server-only/2fa/email/send-2fa-token-email.ts
@@ -0,0 +1,124 @@
+import { createElement } from 'react';
+
+import { msg } from '@lingui/core/macro';
+
+import { mailer } from '@documenso/email/mailer';
+import { AccessAuth2FAEmailTemplate } from '@documenso/email/templates/access-auth-2fa';
+import { prisma } from '@documenso/prisma';
+
+import { getI18nInstance } from '../../../client-only/providers/i18n-server';
+import { NEXT_PUBLIC_WEBAPP_URL } from '../../../constants/app';
+import { AppError, AppErrorCode } from '../../../errors/app-error';
+import { DOCUMENT_AUDIT_LOG_TYPE } from '../../../types/document-audit-logs';
+import { createDocumentAuditLogData } from '../../../utils/document-audit-logs';
+import { renderEmailWithI18N } from '../../../utils/render-email-with-i18n';
+import { getEmailContext } from '../../email/get-email-context';
+import { TWO_FACTOR_EMAIL_EXPIRATION_MINUTES } from './constants';
+import { generateTwoFactorTokenFromEmail } from './generate-2fa-token-from-email';
+
+export type Send2FATokenEmailOptions = {
+  token: string;
+  documentId: number;
+};
+
+export const send2FATokenEmail = async ({ token, documentId }: Send2FATokenEmailOptions) => {
+  const document = await prisma.document.findFirst({
+    where: {
+      id: documentId,
+      recipients: {
+        some: {
+          token,
+        },
+      },
+    },
+    include: {
+      recipients: {
+        where: {
+          token,
+        },
+      },
+      documentMeta: true,
+      team: {
+        select: {
+          teamEmail: true,
+          name: true,
+        },
+      },
+    },
+  });
+
+  if (!document) {
+    throw new AppError(AppErrorCode.NOT_FOUND, {
+      message: 'Document not found',
+    });
+  }
+
+  const [recipient] = document.recipients;
+
+  if (!recipient) {
+    throw new AppError(AppErrorCode.NOT_FOUND, {
+      message: 'Recipient not found',
+    });
+  }
+
+  const twoFactorTokenToken = await generateTwoFactorTokenFromEmail({
+    documentId,
+    email: recipient.email,
+  });
+
+  const { branding, emailLanguage, senderEmail, replyToEmail } = await getEmailContext({
+    emailType: 'RECIPIENT',
+    source: {
+      type: 'team',
+      teamId: document.teamId,
+    },
+    meta: document.documentMeta,
+  });
+
+  const i18n = await getI18nInstance(emailLanguage);
+
+  const subject = i18n._(msg`Your two-factor authentication code`);
+
+  const template = createElement(AccessAuth2FAEmailTemplate, {
+    documentTitle: document.title,
+    userName: recipient.name,
+    userEmail: recipient.email,
+    code: twoFactorTokenToken,
+    expiresInMinutes: TWO_FACTOR_EMAIL_EXPIRATION_MINUTES,
+    assetBaseUrl: NEXT_PUBLIC_WEBAPP_URL(),
+  });
+
+  const [html, text] = await Promise.all([
+    renderEmailWithI18N(template, { lang: emailLanguage, branding }),
+    renderEmailWithI18N(template, { lang: emailLanguage, branding, plainText: true }),
+  ]);
+
+  await prisma.$transaction(
+    async (tx) => {
+      await mailer.sendMail({
+        to: {
+          address: recipient.email,
+          name: recipient.name,
+        },
+        from: senderEmail,
+        replyTo: replyToEmail,
+        subject,
+        html,
+        text,
+      });
+
+      await tx.documentAuditLog.create({
+        data: createDocumentAuditLogData({
+          type: DOCUMENT_AUDIT_LOG_TYPE.DOCUMENT_ACCESS_AUTH_2FA_REQUESTED,
+          documentId: document.id,
+          data: {
+            recipientEmail: recipient.email,
+            recipientName: recipient.name,
+            recipientId: recipient.id,
+          },
+        }),
+      });
+    },
+    { timeout: 30_000 },
+  );
+};
diff --git a/packages/lib/server-only/2fa/email/validate-2fa-token-from-email.ts b/packages/lib/server-only/2fa/email/validate-2fa-token-from-email.ts
new file mode 100644
index 000000000..c278812ea
--- /dev/null
+++ b/packages/lib/server-only/2fa/email/validate-2fa-token-from-email.ts
@@ -0,0 +1,37 @@
+import { generateHOTP } from 'oslo/otp';
+
+import { generateTwoFactorCredentialsFromEmail } from './generate-2fa-credentials-from-email';
+
+export type ValidateTwoFactorTokenFromEmailOptions = {
+  documentId: number;
+  email: string;
+  code: string;
+  period?: number;
+  window?: number;
+};
+
+export const validateTwoFactorTokenFromEmail = async ({
+  documentId,
+  email,
+  code,
+  period = 30_000,
+  window = 1,
+}: ValidateTwoFactorTokenFromEmailOptions) => {
+  const { secret } = generateTwoFactorCredentialsFromEmail({ email, documentId });
+
+  let now = Date.now();
+
+  for (let i = 0; i < window; i++) {
+    const counter = Math.floor(now / period);
+
+    const hotp = await generateHOTP(secret, counter);
+
+    if (code === hotp) {
+      return true;
+    }
+
+    now -= period;
+  }
+
+  return false;
+};
diff --git a/packages/lib/server-only/document/complete-document-with-token.ts b/packages/lib/server-only/document/complete-document-with-token.ts
index 92d304c2f..b143b2645 100644
--- a/packages/lib/server-only/document/complete-document-with-token.ts
+++ b/packages/lib/server-only/document/complete-document-with-token.ts
@@ -18,7 +18,8 @@ import { prisma } from '@documenso/prisma';
 
 import { AppError, AppErrorCode } from '../../errors/app-error';
 import { jobs } from '../../jobs/client';
-import type { TRecipientActionAuth } from '../../types/document-auth';
+import type { TRecipientAccessAuth, TRecipientActionAuth } from '../../types/document-auth';
+import { DocumentAuth } from '../../types/document-auth';
 import {
   ZWebhookDocumentSchema,
   mapDocumentToWebhookDocumentPayload,
@@ -26,6 +27,7 @@ import {
 import { extractDocumentAuthMethods } from '../../utils/document-auth';
 import { getIsRecipientsTurnToSign } from '../recipient/get-is-recipient-turn';
 import { triggerWebhook } from '../webhooks/trigger/trigger-webhook';
+import { isRecipientAuthorized } from './is-recipient-authorized';
 import { sendPendingEmail } from './send-pending-email';
 
 export type CompleteDocumentWithTokenOptions = {
@@ -33,6 +35,7 @@ export type CompleteDocumentWithTokenOptions = {
   documentId: number;
   userId?: number;
   authOptions?: TRecipientActionAuth;
+  accessAuthOptions?: TRecipientAccessAuth;
   requestMetadata?: RequestMetadata;
   nextSigner?: {
     email: string;
@@ -64,6 +67,8 @@ const getDocument = async ({ token, documentId }: CompleteDocumentWithTokenOptio
 export const completeDocumentWithToken = async ({
   token,
   documentId,
+  userId,
+  accessAuthOptions,
   requestMetadata,
   nextSigner,
 }: CompleteDocumentWithTokenOptions) => {
@@ -111,24 +116,57 @@ export const completeDocumentWithToken = async ({
     throw new Error(`Recipient ${recipient.id} has unsigned fields`);
   }
 
-  // Document reauth for completing documents is currently not required.
+  // Check ACCESS AUTH 2FA validation during document completion
+  const { derivedRecipientAccessAuth } = extractDocumentAuthMethods({
+    documentAuth: document.authOptions,
+    recipientAuth: recipient.authOptions,
+  });
 
-  // const { derivedRecipientActionAuth } = extractDocumentAuthMethods({
-  //   documentAuth: document.authOptions,
-  //   recipientAuth: recipient.authOptions,
-  // });
+  if (derivedRecipientAccessAuth.includes(DocumentAuth.TWO_FACTOR_AUTH)) {
+    if (!accessAuthOptions) {
+      throw new AppError(AppErrorCode.UNAUTHORIZED, {
+        message: 'Access authentication required',
+      });
+    }
 
-  // const isValid = await isRecipientAuthorized({
-  //   type: 'ACTION',
-  //   document: document,
-  //   recipient: recipient,
-  //   userId,
-  //   authOptions,
-  // });
+    const isValid = await isRecipientAuthorized({
+      type: 'ACCESS_2FA',
+      documentAuthOptions: document.authOptions,
+      recipient: recipient,
+      userId, // Can be undefined for non-account recipients
+      authOptions: accessAuthOptions,
+    });
 
-  // if (!isValid) {
-  //   throw new AppError(AppErrorCode.UNAUTHORIZED, 'Invalid authentication values');
-  // }
+    if (!isValid) {
+      await prisma.documentAuditLog.create({
+        data: createDocumentAuditLogData({
+          type: DOCUMENT_AUDIT_LOG_TYPE.DOCUMENT_ACCESS_AUTH_2FA_FAILED,
+          documentId: document.id,
+          data: {
+            recipientId: recipient.id,
+            recipientName: recipient.name,
+            recipientEmail: recipient.email,
+          },
+        }),
+      });
+
+      throw new AppError(AppErrorCode.TWO_FACTOR_AUTH_FAILED, {
+        message: 'Invalid 2FA authentication',
+      });
+    }
+
+    await prisma.documentAuditLog.create({
+      data: createDocumentAuditLogData({
+        type: DOCUMENT_AUDIT_LOG_TYPE.DOCUMENT_ACCESS_AUTH_2FA_VALIDATED,
+        documentId: document.id,
+        data: {
+          recipientId: recipient.id,
+          recipientName: recipient.name,
+          recipientEmail: recipient.email,
+        },
+      }),
+    });
+  }
 
   await prisma.$transaction(async (tx) => {
     await tx.recipient.update({
diff --git a/packages/lib/server-only/document/is-recipient-authorized.ts b/packages/lib/server-only/document/is-recipient-authorized.ts
index 873b087e1..c8d54d2a4 100644
--- a/packages/lib/server-only/document/is-recipient-authorized.ts
+++ b/packages/lib/server-only/document/is-recipient-authorized.ts
@@ -4,6 +4,7 @@ import { match } from 'ts-pattern';
 
 import { prisma } from '@documenso/prisma';
 
+import { validateTwoFactorTokenFromEmail } from '../2fa/email/validate-2fa-token-from-email';
 import { verifyTwoFactorAuthenticationToken } from '../2fa/verify-2fa-token';
 import { verifyPassword } from '../2fa/verify-password';
 import { AppError, AppErrorCode } from '../../errors/app-error';
@@ -14,9 +15,10 @@ import { getAuthenticatorOptions } from '../../utils/authenticator';
 import { extractDocumentAuthMethods } from '../../utils/document-auth';
 
 type IsRecipientAuthorizedOptions = {
-  type: 'ACCESS' | 'ACTION';
+  // !: Probably find a better name than 'ACCESS_2FA' if requirements change.
+  type: 'ACCESS' | 'ACCESS_2FA' | 'ACTION';
   documentAuthOptions: Document['authOptions'];
-  recipient: Pick<Recipient, 'authOptions' | 'email'>;
+  recipient: Pick<Recipient, 'authOptions' | 'email' | 'documentId'>;
 
   /**
    * The ID of the user who initiated the request.
@@ -61,8 +63,11 @@ export const isRecipientAuthorized = async ({
     recipientAuth: recipient.authOptions,
   });
 
-  const authMethods: TDocumentAuth[] =
-    type === 'ACCESS' ? derivedRecipientAccessAuth : derivedRecipientActionAuth;
+  const authMethods: TDocumentAuth[] = match(type)
+    .with('ACCESS', () => derivedRecipientAccessAuth)
+    .with('ACCESS_2FA', () => derivedRecipientAccessAuth)
+    .with('ACTION', () => derivedRecipientActionAuth)
+    .exhaustive();
 
   // Early true return when auth is not required.
   if (
@@ -72,6 +77,11 @@ export const isRecipientAuthorized = async ({
     return true;
   }
 
+  // Early true return for ACCESS auth if all methods are 2FA since validation happens in ACCESS_2FA.
+  if (type === 'ACCESS' && authMethods.every((method) => method === DocumentAuth.TWO_FACTOR_AUTH)) {
+    return true;
+  }
+
   // Create auth options when none are passed for account.
   if (!authOptions && authMethods.some((method) => method === DocumentAuth.ACCOUNT)) {
     authOptions = {
@@ -80,12 +90,16 @@ export const isRecipientAuthorized = async ({
   }
 
   // Authentication required does not match provided method.
-  if (!authOptions || !authMethods.includes(authOptions.type) || !userId) {
+  if (!authOptions || !authMethods.includes(authOptions.type)) {
     return false;
   }
 
   return await match(authOptions)
     .with({ type: DocumentAuth.ACCOUNT }, async () => {
+      if (!userId) {
+        return false;
+      }
+
       const recipientUser = await getUserByEmail(recipient.email);
 
       if (!recipientUser) {
@@ -95,13 +109,40 @@ export const isRecipientAuthorized = async ({
       return recipientUser.id === userId;
     })
     .with({ type: DocumentAuth.PASSKEY }, async ({ authenticationResponse, tokenReference }) => {
+      if (!userId) {
+        return false;
+      }
+
       return await isPasskeyAuthValid({
         userId,
         authenticationResponse,
         tokenReference,
       });
     })
-    .with({ type: DocumentAuth.TWO_FACTOR_AUTH }, async ({ token }) => {
+    .with({ type: DocumentAuth.TWO_FACTOR_AUTH }, async ({ token, method }) => {
+      if (type === 'ACCESS') {
+        return true;
+      }
+
+      if (type === 'ACCESS_2FA' && method === 'email') {
+        if (!recipient.documentId) {
+          throw new AppError(AppErrorCode.NOT_FOUND, {
+            message: 'Document ID is required for email 2FA verification',
+          });
+        }
+
+        return await validateTwoFactorTokenFromEmail({
+          documentId: recipient.documentId,
+          email: recipient.email,
+          code: token,
+          window: 10, // 5 minutes worth of tokens
+        });
+      }
+
+      if (!userId) {
+        return false;
+      }
+
       const user = await prisma.user.findFirst({
         where: {
           id: userId,
@@ -115,6 +156,7 @@ export const isRecipientAuthorized = async ({
         });
       }
 
+      // For ACTION auth or authenticator method, use TOTP
       return await verifyTwoFactorAuthenticationToken({
         user,
         totpCode: token,
@@ -122,6 +164,10 @@ export const isRecipientAuthorized = async ({
       });
     })
     .with({ type: DocumentAuth.PASSWORD }, async ({ password }) => {
+      if (!userId) {
+        return false;
+      }
+
       return await verifyPassword({
         userId,
         password,
diff --git a/packages/lib/server-only/document/validate-field-auth.ts b/packages/lib/server-only/document/validate-field-auth.ts
index 8dfc0ab48..cbb9bf55f 100644
--- a/packages/lib/server-only/document/validate-field-auth.ts
+++ b/packages/lib/server-only/document/validate-field-auth.ts
@@ -7,7 +7,7 @@ import { isRecipientAuthorized } from './is-recipient-authorized';
 
 export type ValidateFieldAuthOptions = {
   documentAuthOptions: Document['authOptions'];
-  recipient: Pick<Recipient, 'authOptions' | 'email'>;
+  recipient: Pick<Recipient, 'authOptions' | 'email' | 'documentId'>;
   field: Field;
   userId?: number;
   authOptions?: TRecipientActionAuth;
diff --git a/packages/lib/server-only/template/create-document-from-direct-template.ts b/packages/lib/server-only/template/create-document-from-direct-template.ts
index a7afd8a1a..b223dd49f 100644
--- a/packages/lib/server-only/template/create-document-from-direct-template.ts
+++ b/packages/lib/server-only/template/create-document-from-direct-template.ts
@@ -159,6 +159,7 @@ export const createDocumentFromDirectTemplate = async ({
   // Ensure typesafety when we add more options.
   const isAccessAuthValid = match(derivedRecipientAccessAuth.at(0))
     .with(DocumentAccessAuth.ACCOUNT, () => user && user?.email === directRecipientEmail)
+    .with(DocumentAccessAuth.TWO_FACTOR_AUTH, () => false) // Not supported for direct templates
     .with(undefined, () => true)
     .exhaustive();
 
@@ -205,6 +206,7 @@ export const createDocumentFromDirectTemplate = async ({
         recipient: {
           authOptions: directTemplateRecipient.authOptions,
           email: directRecipientEmail,
+          documentId: template.id,
         },
         field: templateField,
         userId: user?.id,
diff --git a/packages/lib/types/document-audit-logs.ts b/packages/lib/types/document-audit-logs.ts
index e11f9b31b..c604686de 100644
--- a/packages/lib/types/document-audit-logs.ts
+++ b/packages/lib/types/document-audit-logs.ts
@@ -40,6 +40,11 @@ export const ZDocumentAuditLogTypeSchema = z.enum([
   'DOCUMENT_TITLE_UPDATED', // When the document title is updated.
   'DOCUMENT_EXTERNAL_ID_UPDATED', // When the document external ID is updated.
   'DOCUMENT_MOVED_TO_TEAM', // When the document is moved to a team.
+
+  // ACCESS AUTH 2FA events.
+  'DOCUMENT_ACCESS_AUTH_2FA_REQUESTED', // When ACCESS AUTH 2FA is requested.
+  'DOCUMENT_ACCESS_AUTH_2FA_VALIDATED', // When ACCESS AUTH 2FA is successfully validated.
+  'DOCUMENT_ACCESS_AUTH_2FA_FAILED', // When ACCESS AUTH 2FA validation fails.
 ]);
 
 export const ZDocumentAuditLogEmailTypeSchema = z.enum([
@@ -487,6 +492,42 @@ export const ZDocumentAuditLogEventDocumentRecipientRejectedSchema = z.object({
   }),
 });
 
+/**
+ * Event: Document recipient requested a 2FA token.
+ */
+export const ZDocumentAuditLogEventDocumentRecipientRequested2FAEmailSchema = z.object({
+  type: z.literal(DOCUMENT_AUDIT_LOG_TYPE.DOCUMENT_ACCESS_AUTH_2FA_REQUESTED),
+  data: z.object({
+    recipientEmail: z.string(),
+    recipientName: z.string(),
+    recipientId: z.number(),
+  }),
+});
+
+/**
+ * Event: Document recipient validated a 2FA token.
+ */
+export const ZDocumentAuditLogEventDocumentRecipientValidated2FAEmailSchema = z.object({
+  type: z.literal(DOCUMENT_AUDIT_LOG_TYPE.DOCUMENT_ACCESS_AUTH_2FA_VALIDATED),
+  data: z.object({
+    recipientEmail: z.string(),
+    recipientName: z.string(),
+    recipientId: z.number(),
+  }),
+});
+
+/**
+ * Event: Document recipient failed to validate a 2FA token.
+ */
+export const ZDocumentAuditLogEventDocumentRecipientFailed2FAEmailSchema = z.object({
+  type: z.literal(DOCUMENT_AUDIT_LOG_TYPE.DOCUMENT_ACCESS_AUTH_2FA_FAILED),
+  data: z.object({
+    recipientEmail: z.string(),
+    recipientName: z.string(),
+    recipientId: z.number(),
+  }),
+});
+
 /**
  * Event: Document sent.
  */
@@ -627,6 +668,9 @@ export const ZDocumentAuditLogSchema = ZDocumentAuditLogBaseSchema.and(
     ZDocumentAuditLogEventDocumentViewedSchema,
     ZDocumentAuditLogEventDocumentRecipientCompleteSchema,
     ZDocumentAuditLogEventDocumentRecipientRejectedSchema,
+    ZDocumentAuditLogEventDocumentRecipientRequested2FAEmailSchema,
+    ZDocumentAuditLogEventDocumentRecipientValidated2FAEmailSchema,
+    ZDocumentAuditLogEventDocumentRecipientFailed2FAEmailSchema,
     ZDocumentAuditLogEventDocumentSentSchema,
     ZDocumentAuditLogEventDocumentTitleUpdatedSchema,
     ZDocumentAuditLogEventDocumentExternalIdUpdatedSchema,
diff --git a/packages/lib/types/document-auth.ts b/packages/lib/types/document-auth.ts
index 493e14374..af28da615 100644
--- a/packages/lib/types/document-auth.ts
+++ b/packages/lib/types/document-auth.ts
@@ -37,6 +37,7 @@ const ZDocumentAuthPasswordSchema = z.object({
 const ZDocumentAuth2FASchema = z.object({
   type: z.literal(DocumentAuth.TWO_FACTOR_AUTH),
   token: z.string().min(4).max(10),
+  method: z.enum(['email', 'authenticator']).default('authenticator').optional(),
 });
 
 /**
@@ -55,9 +56,12 @@ export const ZDocumentAuthMethodsSchema = z.discriminatedUnion('type', [
  *
  * Must keep these two in sync.
  */
-export const ZDocumentAccessAuthSchema = z.discriminatedUnion('type', [ZDocumentAuthAccountSchema]);
+export const ZDocumentAccessAuthSchema = z.discriminatedUnion('type', [
+  ZDocumentAuthAccountSchema,
+  ZDocumentAuth2FASchema,
+]);
 export const ZDocumentAccessAuthTypesSchema = z
-  .enum([DocumentAuth.ACCOUNT])
+  .enum([DocumentAuth.ACCOUNT, DocumentAuth.TWO_FACTOR_AUTH])
   .describe('The type of authentication required for the recipient to access the document.');
 
 /**
@@ -89,9 +93,10 @@ export const ZDocumentActionAuthTypesSchema = z
  */
 export const ZRecipientAccessAuthSchema = z.discriminatedUnion('type', [
   ZDocumentAuthAccountSchema,
+  ZDocumentAuth2FASchema,
 ]);
 export const ZRecipientAccessAuthTypesSchema = z
-  .enum([DocumentAuth.ACCOUNT])
+  .enum([DocumentAuth.ACCOUNT, DocumentAuth.TWO_FACTOR_AUTH])
   .describe('The type of authentication required for the recipient to access the document.');
 
 /**
diff --git a/packages/lib/utils/document-audit-logs.ts b/packages/lib/utils/document-audit-logs.ts
index fe4c43e1d..f5a14478e 100644
--- a/packages/lib/utils/document-audit-logs.ts
+++ b/packages/lib/utils/document-audit-logs.ts
@@ -476,6 +476,36 @@ export const formatDocumentAuditLogAction = (
         identified: result,
       };
     })
+    .with({ type: DOCUMENT_AUDIT_LOG_TYPE.DOCUMENT_ACCESS_AUTH_2FA_REQUESTED }, ({ data }) => {
+      const userName = prefix || _(msg`Recipient`);
+
+      const result = msg`${userName} requested a 2FA token for the document`;
+
+      return {
+        anonymous: result,
+        identified: result,
+      };
+    })
+    .with({ type: DOCUMENT_AUDIT_LOG_TYPE.DOCUMENT_ACCESS_AUTH_2FA_VALIDATED }, ({ data }) => {
+      const userName = prefix || _(msg`Recipient`);
+
+      const result = msg`${userName} validated a 2FA token for the document`;
+
+      return {
+        anonymous: result,
+        identified: result,
+      };
+    })
+    .with({ type: DOCUMENT_AUDIT_LOG_TYPE.DOCUMENT_ACCESS_AUTH_2FA_FAILED }, ({ data }) => {
+      const userName = prefix || _(msg`Recipient`);
+
+      const result = msg`${userName} failed to validate a 2FA token for the document`;
+
+      return {
+        anonymous: result,
+        identified: result,
+      };
+    })
     .with({ type: DOCUMENT_AUDIT_LOG_TYPE.EMAIL_SENT }, ({ data }) => ({
       anonymous: data.isResending ? msg`Email resent` : msg`Email sent`,
       identified: data.isResending
diff --git a/packages/trpc/server/document-router/access-auth-request-2fa-email.ts b/packages/trpc/server/document-router/access-auth-request-2fa-email.ts
new file mode 100644
index 000000000..849636a0f
--- /dev/null
+++ b/packages/trpc/server/document-router/access-auth-request-2fa-email.ts
@@ -0,0 +1,94 @@
+import { TRPCError } from '@trpc/server';
+import { DateTime } from 'luxon';
+
+import { TWO_FACTOR_EMAIL_EXPIRATION_MINUTES } from '@documenso/lib/server-only/2fa/email/constants';
+import { send2FATokenEmail } from '@documenso/lib/server-only/2fa/email/send-2fa-token-email';
+import { DocumentAuth } from '@documenso/lib/types/document-auth';
+import { extractDocumentAuthMethods } from '@documenso/lib/utils/document-auth';
+import { prisma } from '@documenso/prisma';
+
+import { procedure } from '../trpc';
+import {
+  ZAccessAuthRequest2FAEmailRequestSchema,
+  ZAccessAuthRequest2FAEmailResponseSchema,
+} from './access-auth-request-2fa-email.types';
+
+export const accessAuthRequest2FAEmailRoute = procedure
+  .input(ZAccessAuthRequest2FAEmailRequestSchema)
+  .output(ZAccessAuthRequest2FAEmailResponseSchema)
+  .mutation(async ({ input, ctx }) => {
+    try {
+      const { token } = input;
+
+      const user = ctx.user;
+
+      // Get document and recipient by token
+      const document = await prisma.document.findFirst({
+        where: {
+          recipients: {
+            some: {
+              token,
+            },
+          },
+        },
+        include: {
+          recipients: {
+            where: {
+              token,
+            },
+          },
+        },
+      });
+
+      if (!document) {
+        throw new TRPCError({
+          code: 'NOT_FOUND',
+          message: 'Document not found',
+        });
+      }
+
+      const [recipient] = document.recipients;
+
+      const { derivedRecipientAccessAuth } = extractDocumentAuthMethods({
+        documentAuth: document.authOptions,
+        recipientAuth: recipient.authOptions,
+      });
+
+      if (!derivedRecipientAccessAuth.includes(DocumentAuth.TWO_FACTOR_AUTH)) {
+        throw new TRPCError({
+          code: 'BAD_REQUEST',
+          message: '2FA is not required for this document',
+        });
+      }
+
+      // if (user && recipient.email !== user.email) {
+      //   throw new TRPCError({
+      //     code: 'UNAUTHORIZED',
+      //     message: 'User does not match recipient',
+      //   });
+      // }
+
+      const expiresAt = DateTime.now().plus({ minutes: TWO_FACTOR_EMAIL_EXPIRATION_MINUTES });
+
+      await send2FATokenEmail({
+        token,
+        documentId: document.id,
+      });
+
+      return {
+        success: true,
+        expiresAt: expiresAt.toJSDate(),
+      };
+    } catch (error) {
+      console.error('Error sending access auth 2FA email:', error);
+
+      if (error instanceof TRPCError) {
+        throw error;
+      }
+
+      throw new TRPCError({
+        code: 'INTERNAL_SERVER_ERROR',
+        message: 'Failed to send 2FA email',
+      });
+    }
+  });
diff --git a/packages/trpc/server/document-router/access-auth-request-2fa-email.types.ts b/packages/trpc/server/document-router/access-auth-request-2fa-email.types.ts
new file mode 100644
index 000000000..a60e8b991
--- /dev/null
+++ b/packages/trpc/server/document-router/access-auth-request-2fa-email.types.ts
@@ -0,0 +1,17 @@
+import { z } from 'zod';
+
+export const ZAccessAuthRequest2FAEmailRequestSchema = z.object({
+  token: z.string().min(1),
+});
+
+export const ZAccessAuthRequest2FAEmailResponseSchema = z.object({
+  success: z.boolean(),
+  expiresAt: z.date(),
+});
+
+export type TAccessAuthRequest2FAEmailRequest = z.infer<
+  typeof ZAccessAuthRequest2FAEmailRequestSchema
+>;
+export type TAccessAuthRequest2FAEmailResponse = z.infer<
+  typeof ZAccessAuthRequest2FAEmailResponseSchema
+>;
diff --git a/packages/trpc/server/document-router/router.ts b/packages/trpc/server/document-router/router.ts
index da5b8e769..8e2e453bd 100644
--- a/packages/trpc/server/document-router/router.ts
+++ b/packages/trpc/server/document-router/router.ts
@@ -1,4 +1,5 @@
 import { router } from '../trpc';
+import { accessAuthRequest2FAEmailRoute } from './access-auth-request-2fa-email';
 import { createDocumentRoute } from './create-document';
 import { createDocumentTemporaryRoute } from './create-document-temporary';
 import { deleteDocumentRoute } from './delete-document';
@@ -38,6 +39,10 @@ export const documentRouter = router({
   getDocumentByToken: getDocumentByTokenRoute,
   findDocumentsInternal: findDocumentsInternalRoute,
 
+  accessAuth: router({
+    request2FAEmail: accessAuthRequest2FAEmailRoute,
+  }),
+
   auditLog: {
     find: findDocumentAuditLogsRoute,
     download: downloadDocumentAuditLogsRoute,
diff --git a/packages/trpc/server/recipient-router/router.ts b/packages/trpc/server/recipient-router/router.ts
index 876e21942..401251b27 100644
--- a/packages/trpc/server/recipient-router/router.ts
+++ b/packages/trpc/server/recipient-router/router.ts
@@ -525,7 +525,7 @@ export const recipientRouter = router({
   completeDocumentWithToken: procedure
     .input(ZCompleteDocumentWithTokenMutationSchema)
     .mutation(async ({ input, ctx }) => {
-      const { token, documentId, authOptions, nextSigner } = input;
+      const { token, documentId, authOptions, accessAuthOptions, nextSigner } = input;
 
       ctx.logger.info({
         input: {
@@ -537,6 +537,7 @@ export const recipientRouter = router({
         token,
         documentId,
         authOptions,
+        accessAuthOptions,
         nextSigner,
         userId: ctx.user?.id,
         requestMetadata: ctx.metadata.requestMetadata,
diff --git a/packages/trpc/server/recipient-router/schema.ts b/packages/trpc/server/recipient-router/schema.ts
index 2aa0f15c0..2307cd6cb 100644
--- a/packages/trpc/server/recipient-router/schema.ts
+++ b/packages/trpc/server/recipient-router/schema.ts
@@ -3,6 +3,7 @@ import { z } from 'zod';
 
 import { isTemplateRecipientEmailPlaceholder } from '@documenso/lib/constants/template';
 import {
+  ZRecipientAccessAuthSchema,
   ZRecipientAccessAuthTypesSchema,
   ZRecipientActionAuthSchema,
   ZRecipientActionAuthTypesSchema,
@@ -164,6 +165,7 @@ export const ZCompleteDocumentWithTokenMutationSchema = z.object({
   token: z.string(),
   documentId: z.number(),
   authOptions: ZRecipientActionAuthSchema.optional(),
+  accessAuthOptions: ZRecipientAccessAuthSchema.optional(),
   nextSigner: z
     .object({
       email: z.string().email().max(254),

From 399f91de73863d30baa063f71a107531b6293497 Mon Sep 17 00:00:00 2001
From: samuel-cglg <124675162+samuel-cglg@users.noreply.github.com>
Date: Mon, 6 Oct 2025 07:19:16 +0200
Subject: [PATCH 45/47] feat: improve invite email (#2030)

Improve the email sent to invite a user to approve/sign/assist/view a
document.
The current links "Reject Document" / "Sign Document" confuse some users
as they think the document will be rejected/signed just by clicking on
these buttons.
This change makes it more clear that they will have a chance to view the
document before they can reject/sign.
---
 .../template-document-invite.tsx              | 23 ++++---------------
 1 file changed, 4 insertions(+), 19 deletions(-)

diff --git a/packages/email/template-components/template-document-invite.tsx b/packages/email/template-components/template-document-invite.tsx
index 2c52bf441..5fec7e624 100644
--- a/packages/email/template-components/template-document-invite.tsx
+++ b/packages/email/template-components/template-document-invite.tsx
@@ -1,5 +1,3 @@
-import { useMemo } from 'react';
-
 import { useLingui } from '@lingui/react';
 import { Trans } from '@lingui/react/macro';
 import { OrganisationType, RecipientRole } from '@prisma/client';
@@ -38,12 +36,6 @@ export const TemplateDocumentInvite = ({
 
   const { actionVerb } = RECIPIENT_ROLES_DESCRIPTION[role];
 
-  const rejectDocumentLink = useMemo(() => {
-    const url = new URL(signDocumentLink);
-    url.searchParams.set('reject', 'true');
-    return url.toString();
-  }, [signDocumentLink]);
-
   return (
     <>
       <TemplateDocumentImage className="mt-6" assetBaseUrl={assetBaseUrl} />
@@ -99,22 +91,15 @@ export const TemplateDocumentInvite = ({
 
         <Section className="mb-6 mt-8 text-center">
           <Button
-            className="mr-4 inline-flex items-center justify-center rounded-lg bg-red-500 px-6 py-3 text-center text-sm font-medium text-black no-underline"
-            href={rejectDocumentLink}
-          >
-            <Trans>Reject Document</Trans>
-          </Button>
-
-          <Button
-            className="bg-documenso-500 inline-flex items-center justify-center rounded-lg px-6 py-3 text-center text-sm font-medium text-black no-underline"
+            className="bg-documenso-500 text-sbase inline-flex items-center justify-center rounded-lg px-6 py-3 text-center font-medium text-black no-underline"
             href={signDocumentLink}
           >
             {match(role)
-              .with(RecipientRole.SIGNER, () => <Trans>Sign Document</Trans>)
+              .with(RecipientRole.SIGNER, () => <Trans>View Document to sign</Trans>)
               .with(RecipientRole.VIEWER, () => <Trans>View Document</Trans>)
-              .with(RecipientRole.APPROVER, () => <Trans>Approve Document</Trans>)
+              .with(RecipientRole.APPROVER, () => <Trans>View Document to approve</Trans>)
               .with(RecipientRole.CC, () => '')
-              .with(RecipientRole.ASSISTANT, () => <Trans>Assist Document</Trans>)
+              .with(RecipientRole.ASSISTANT, () => <Trans>View Document to assist</Trans>)
               .exhaustive()}
           </Button>
         </Section>

From a902bec96db93b1b0fbbfdb95e77812a2663afe2 Mon Sep 17 00:00:00 2001
From: Lucas Smith <me@lucasjamessmith.me>
Date: Tue, 7 Oct 2025 17:06:28 +1100
Subject: [PATCH 46/47] fix: use select account prompt for sso oidc (#2065)

Use the `select_account` prompt for SSO OIDC to avoid constantly asking
for credentials to be entered with a client has an existing session with
the SSO provider.
---
 .../server/lib/utils/handle-oauth-authorize-url.ts    | 11 ++++++++---
 packages/auth/server/routes/oauth.ts                  |  1 +
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/packages/auth/server/lib/utils/handle-oauth-authorize-url.ts b/packages/auth/server/lib/utils/handle-oauth-authorize-url.ts
index 6c2df1a07..d0fa72d1d 100644
--- a/packages/auth/server/lib/utils/handle-oauth-authorize-url.ts
+++ b/packages/auth/server/lib/utils/handle-oauth-authorize-url.ts
@@ -23,12 +23,17 @@ type HandleOAuthAuthorizeUrlOptions = {
    * Optional redirect path to redirect the user somewhere on the app after authorization.
    */
   redirectPath?: string;
+
+  /**
+   * Optional prompt to pass to the authorization endpoint.
+   */
+  prompt?: 'login' | 'consent' | 'select_account';
 };
 
 const oauthCookieMaxAge = 60 * 10; // 10 minutes.
 
 export const handleOAuthAuthorizeUrl = async (options: HandleOAuthAuthorizeUrlOptions) => {
-  const { c, clientOptions, redirectPath } = options;
+  const { c, clientOptions, redirectPath, prompt = 'login' } = options;
 
   if (!clientOptions.clientId || !clientOptions.clientSecret) {
     throw new AppError(AppErrorCode.NOT_SETUP);
@@ -57,8 +62,8 @@ export const handleOAuthAuthorizeUrl = async (options: HandleOAuthAuthorizeUrlOp
     scopes,
   );
 
-  // Allow user to select account during login.
-  url.searchParams.append('prompt', 'login');
+  // Pass the prompt to the authorization endpoint.
+  url.searchParams.append('prompt', prompt);
 
   setCookie(c, `${clientOptions.id}_oauth_state`, state, {
     ...sessionCookieOptions,
diff --git a/packages/auth/server/routes/oauth.ts b/packages/auth/server/routes/oauth.ts
index 4a8346ba9..9ac0f89fc 100644
--- a/packages/auth/server/routes/oauth.ts
+++ b/packages/auth/server/routes/oauth.ts
@@ -50,5 +50,6 @@ export const oauthRoute = new Hono<HonoAuthContext>()
     return await handleOAuthAuthorizeUrl({
       c,
       clientOptions,
+      prompt: 'select_account',
     });
   });

From 26f65dbdd7ace6866e8075c862b05f88545284eb Mon Sep 17 00:00:00 2001
From: Lucas Smith <me@lucasjamessmith.me>
Date: Tue, 7 Oct 2025 17:07:11 +1100
Subject: [PATCH 47/47] v1.12.9

---
 apps/remix/package.json | 2 +-
 package-lock.json       | 6 +++---
 package.json            | 2 +-
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/apps/remix/package.json b/apps/remix/package.json
index 45798c977..90b46e6d5 100644
--- a/apps/remix/package.json
+++ b/apps/remix/package.json
@@ -101,5 +101,5 @@
     "vite-plugin-babel-macros": "^1.0.6",
     "vite-tsconfig-paths": "^5.1.4"
   },
-  "version": "1.12.8"
+  "version": "1.12.9"
 }
diff --git a/package-lock.json b/package-lock.json
index 44b76a80c..31bf07f1d 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,12 +1,12 @@
 {
   "name": "@documenso/root",
-  "version": "1.12.8",
+  "version": "1.12.9",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "@documenso/root",
-      "version": "1.12.8",
+      "version": "1.12.9",
       "workspaces": [
         "apps/*",
         "packages/*"
@@ -89,7 +89,7 @@
     },
     "apps/remix": {
       "name": "@documenso/remix",
-      "version": "1.12.8",
+      "version": "1.12.9",
       "dependencies": {
         "@documenso/api": "*",
         "@documenso/assets": "*",
diff --git a/package.json b/package.json
index ea07e5c79..d7d688970 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "private": true,
-  "version": "1.12.8",
+  "version": "1.12.9",
   "scripts": {
     "build": "turbo run build",
     "dev": "turbo run dev --filter=@documenso/remix",