From 6f35342a83958256abd5af7bf49d235475cecf63 Mon Sep 17 00:00:00 2001
From: Catalin Pit <me+github@catalins.tech>
Date: Tue, 19 Aug 2025 06:09:05 +0300
Subject: [PATCH 01/17] feat: reset user 2fa from admin panel (#1943)

---
 .../admin-user-reset-two-factor-dialog.tsx    | 159 ++++++++++++++++++
 .../_authenticated+/admin+/users.$id.tsx      |   6 +-
 .../reset-two-factor-authentication.ts        |  50 ++++++
 .../reset-two-factor-authentication.types.ts  |  10 ++
 packages/trpc/server/admin-router/router.ts   |   4 +
 5 files changed, 227 insertions(+), 2 deletions(-)
 create mode 100644 apps/remix/app/components/dialogs/admin-user-reset-two-factor-dialog.tsx
 create mode 100644 packages/trpc/server/admin-router/reset-two-factor-authentication.ts
 create mode 100644 packages/trpc/server/admin-router/reset-two-factor-authentication.types.ts

diff --git a/apps/remix/app/components/dialogs/admin-user-reset-two-factor-dialog.tsx b/apps/remix/app/components/dialogs/admin-user-reset-two-factor-dialog.tsx
new file mode 100644
index 000000000..f95657d9f
--- /dev/null
+++ b/apps/remix/app/components/dialogs/admin-user-reset-two-factor-dialog.tsx
@@ -0,0 +1,159 @@
+import { useState } from 'react';
+
+import { msg } from '@lingui/core/macro';
+import { useLingui } from '@lingui/react';
+import { Trans } from '@lingui/react/macro';
+import type { User } from '@prisma/client';
+import { useRevalidator } from 'react-router';
+import { match } from 'ts-pattern';
+
+import { AppError, AppErrorCode } from '@documenso/lib/errors/app-error';
+import { trpc } from '@documenso/trpc/react';
+import { Alert, AlertDescription, AlertTitle } from '@documenso/ui/primitives/alert';
+import { Button } from '@documenso/ui/primitives/button';
+import {
+  Dialog,
+  DialogContent,
+  DialogDescription,
+  DialogFooter,
+  DialogHeader,
+  DialogTitle,
+  DialogTrigger,
+} from '@documenso/ui/primitives/dialog';
+import { Input } from '@documenso/ui/primitives/input';
+import { useToast } from '@documenso/ui/primitives/use-toast';
+
+export type AdminUserResetTwoFactorDialogProps = {
+  className?: string;
+  user: User;
+};
+
+export const AdminUserResetTwoFactorDialog = ({
+  className,
+  user,
+}: AdminUserResetTwoFactorDialogProps) => {
+  const { _ } = useLingui();
+  const { toast } = useToast();
+  const { revalidate } = useRevalidator();
+  const [email, setEmail] = useState('');
+  const [open, setOpen] = useState(false);
+
+  const { mutateAsync: resetTwoFactor, isPending: isResettingTwoFactor } =
+    trpc.admin.user.resetTwoFactor.useMutation();
+
+  const onResetTwoFactor = async () => {
+    try {
+      await resetTwoFactor({
+        userId: user.id,
+      });
+
+      toast({
+        title: _(msg`2FA Reset`),
+        description: _(msg`The user's two factor authentication has been reset successfully.`),
+        duration: 5000,
+      });
+
+      await revalidate();
+      setOpen(false);
+    } catch (err) {
+      const error = AppError.parseError(err);
+
+      const errorMessage = match(error.code)
+        .with(AppErrorCode.NOT_FOUND, () => msg`User not found.`)
+        .with(
+          AppErrorCode.UNAUTHORIZED,
+          () => msg`You are not authorized to reset two factor authentcation for this user.`,
+        )
+        .otherwise(
+          () => msg`An error occurred while resetting two factor authentication for the user.`,
+        );
+
+      toast({
+        title: _(msg`Error`),
+        description: _(errorMessage),
+        variant: 'destructive',
+        duration: 7500,
+      });
+    }
+  };
+
+  const handleOpenChange = (newOpen: boolean) => {
+    setOpen(newOpen);
+
+    if (!newOpen) {
+      setEmail('');
+    }
+  };
+
+  return (
+    <div className={className}>
+      <Alert
+        className="flex flex-col items-center justify-between gap-4 p-6 md:flex-row"
+        variant="neutral"
+      >
+        <div>
+          <AlertTitle>Reset Two Factor Authentication</AlertTitle>
+          <AlertDescription className="mr-2">
+            <Trans>
+              Reset the users two factor authentication. This action is irreversible and will
+              disable two factor authentication for the user.
+            </Trans>
+          </AlertDescription>
+        </div>
+
+        <div className="flex-shrink-0">
+          <Dialog open={open} onOpenChange={handleOpenChange}>
+            <DialogTrigger asChild>
+              <Button variant="destructive">
+                <Trans>Reset 2FA</Trans>
+              </Button>
+            </DialogTrigger>
+
+            <DialogContent>
+              <DialogHeader className="space-y-4">
+                <DialogTitle>
+                  <Trans>Reset Two Factor Authentication</Trans>
+                </DialogTitle>
+              </DialogHeader>
+
+              <Alert variant="destructive">
+                <AlertDescription className="selection:bg-red-100">
+                  <Trans>
+                    This action is irreversible. Please ensure you have informed the user before
+                    proceeding.
+                  </Trans>
+                </AlertDescription>
+              </Alert>
+
+              <div>
+                <DialogDescription>
+                  <Trans>
+                    To confirm, please enter the accounts email address <br />({user.email}).
+                  </Trans>
+                </DialogDescription>
+
+                <Input
+                  className="mt-2"
+                  type="email"
+                  value={email}
+                  onChange={(e) => setEmail(e.target.value)}
+                />
+              </div>
+
+              <DialogFooter>
+                <Button
+                  variant="destructive"
+                  disabled={email !== user.email}
+                  onClick={onResetTwoFactor}
+                  loading={isResettingTwoFactor}
+                >
+                  <Trans>Reset 2FA</Trans>
+                </Button>
+              </DialogFooter>
+            </DialogContent>
+          </Dialog>
+        </div>
+      </Alert>
+    </div>
+  );
+};
diff --git a/apps/remix/app/routes/_authenticated+/admin+/users.$id.tsx b/apps/remix/app/routes/_authenticated+/admin+/users.$id.tsx
index fb05128a6..458553dae 100644
--- a/apps/remix/app/routes/_authenticated+/admin+/users.$id.tsx
+++ b/apps/remix/app/routes/_authenticated+/admin+/users.$id.tsx
@@ -27,6 +27,7 @@ import { AdminOrganisationCreateDialog } from '~/components/dialogs/admin-organi
 import { AdminUserDeleteDialog } from '~/components/dialogs/admin-user-delete-dialog';
 import { AdminUserDisableDialog } from '~/components/dialogs/admin-user-disable-dialog';
 import { AdminUserEnableDialog } from '~/components/dialogs/admin-user-enable-dialog';
+import { AdminUserResetTwoFactorDialog } from '~/components/dialogs/admin-user-reset-two-factor-dialog';
 import { GenericErrorLayout } from '~/components/general/generic-error-layout';
 import { AdminOrganisationsTable } from '~/components/tables/admin-organisations-table';
 
@@ -219,10 +220,11 @@ const AdminUserPage = ({ user }: { user: User }) => {
         />
       </div>
 
-      <div className="mt-16 flex flex-col items-center gap-4">
-        {user && <AdminUserDeleteDialog user={user} />}
+      <div className="mt-16 flex flex-col gap-4">
+        {user && user.twoFactorEnabled && <AdminUserResetTwoFactorDialog user={user} />}
         {user && user.disabled && <AdminUserEnableDialog userToEnable={user} />}
         {user && !user.disabled && <AdminUserDisableDialog userToDisable={user} />}
+        {user && <AdminUserDeleteDialog user={user} />}
       </div>
     </div>
   );
diff --git a/packages/trpc/server/admin-router/reset-two-factor-authentication.ts b/packages/trpc/server/admin-router/reset-two-factor-authentication.ts
new file mode 100644
index 000000000..ffacebe22
--- /dev/null
+++ b/packages/trpc/server/admin-router/reset-two-factor-authentication.ts
@@ -0,0 +1,50 @@
+import { AppError, AppErrorCode } from '@documenso/lib/errors/app-error';
+import { prisma } from '@documenso/prisma';
+
+import { adminProcedure } from '../trpc';
+import {
+  ZResetTwoFactorRequestSchema,
+  ZResetTwoFactorResponseSchema,
+} from './reset-two-factor-authentication.types';
+
+export const resetTwoFactorRoute = adminProcedure
+  .input(ZResetTwoFactorRequestSchema)
+  .output(ZResetTwoFactorResponseSchema)
+  .mutation(async ({ input, ctx }) => {
+    const { userId } = input;
+
+    ctx.logger.info({
+      input: {
+        userId,
+      },
+    });
+
+    return await resetTwoFactor({ userId });
+  });
+
+export type ResetTwoFactorOptions = {
+  userId: number;
+};
+
+export const resetTwoFactor = async ({ userId }: ResetTwoFactorOptions) => {
+  const user = await prisma.user.findFirst({
+    where: {
+      id: userId,
+    },
+  });
+
+  if (!user) {
+    throw new AppError(AppErrorCode.NOT_FOUND, { message: 'User not found' });
+  }
+
+  await prisma.user.update({
+    where: {
+      id: user.id,
+    },
+    data: {
+      twoFactorEnabled: false,
+      twoFactorBackupCodes: null,
+      twoFactorSecret: null,
+    },
+  });
+};
diff --git a/packages/trpc/server/admin-router/reset-two-factor-authentication.types.ts b/packages/trpc/server/admin-router/reset-two-factor-authentication.types.ts
new file mode 100644
index 000000000..497d36ef7
--- /dev/null
+++ b/packages/trpc/server/admin-router/reset-two-factor-authentication.types.ts
@@ -0,0 +1,10 @@
+import { z } from 'zod';
+
+export const ZResetTwoFactorRequestSchema = z.object({
+  userId: z.number(),
+});
+
+export const ZResetTwoFactorResponseSchema = z.void();
+
+export type TResetTwoFactorRequest = z.infer<typeof ZResetTwoFactorRequestSchema>;
+export type TResetTwoFactorResponse = z.infer<typeof ZResetTwoFactorResponseSchema>;
diff --git a/packages/trpc/server/admin-router/router.ts b/packages/trpc/server/admin-router/router.ts
index aca1a03d6..3487a3d21 100644
--- a/packages/trpc/server/admin-router/router.ts
+++ b/packages/trpc/server/admin-router/router.ts
@@ -21,6 +21,7 @@ import { deleteSubscriptionClaimRoute } from './delete-subscription-claim';
 import { findAdminOrganisationsRoute } from './find-admin-organisations';
 import { findSubscriptionClaimsRoute } from './find-subscription-claims';
 import { getAdminOrganisationRoute } from './get-admin-organisation';
+import { resetTwoFactorRoute } from './reset-two-factor-authentication';
 import {
   ZAdminDeleteDocumentMutationSchema,
   ZAdminDeleteUserMutationSchema,
@@ -51,6 +52,9 @@ export const adminRouter = router({
   stripe: {
     createCustomer: createStripeCustomerRoute,
   },
+  user: {
+    resetTwoFactor: resetTwoFactorRoute,
+  },
 
   // Todo: migrate old routes
   findDocuments: adminProcedure.input(ZAdminFindDocumentsQuerySchema).query(async ({ input }) => {

From 231ef9c27e1bd07668d9b0db07129e416d437ac1 Mon Sep 17 00:00:00 2001
From: Catalin Pit <me+github@catalins.tech>
Date: Tue, 19 Aug 2025 13:59:03 +0300
Subject: [PATCH 02/17] chore: add support option (#1853)

---
 .env.example                                  |   2 +
 .../components/forms/support-ticket-form.tsx  | 138 ++++++++++++++++++
 .../components/general/org-menu-switcher.tsx  |  13 ++
 .../_authenticated+/o.$orgUrl.support.tsx     | 125 ++++++++++++++++
 package-lock.json                             |  54 ++++++-
 packages/lib/package.json                     |   1 +
 packages/lib/plain/client.ts                  |   7 +
 .../server-only/user/submit-support-ticket.ts |  72 +++++++++
 packages/trpc/server/profile-router/router.ts |  27 ++++
 packages/trpc/server/profile-router/schema.ts |   9 ++
 turbo.json                                    |   1 +
 11 files changed, 445 insertions(+), 4 deletions(-)
 create mode 100644 apps/remix/app/components/forms/support-ticket-form.tsx
 create mode 100644 apps/remix/app/routes/_authenticated+/o.$orgUrl.support.tsx
 create mode 100644 packages/lib/plain/client.ts
 create mode 100644 packages/lib/server-only/user/submit-support-ticket.ts

diff --git a/.env.example b/.env.example
index 87ad09a63..7b8872b69 100644
--- a/.env.example
+++ b/.env.example
@@ -136,3 +136,5 @@ E2E_TEST_AUTHENTICATE_USER_PASSWORD="test_Password123"
 # OPTIONAL: The file to save the logger output to. Will disable stdout if provided.
 NEXT_PRIVATE_LOGGER_FILE_PATH=
 
+# [[PLAIN SUPPORT]]
+NEXT_PRIVATE_PLAIN_API_KEY=
diff --git a/apps/remix/app/components/forms/support-ticket-form.tsx b/apps/remix/app/components/forms/support-ticket-form.tsx
new file mode 100644
index 000000000..e80f12d21
--- /dev/null
+++ b/apps/remix/app/components/forms/support-ticket-form.tsx
@@ -0,0 +1,138 @@
+import { zodResolver } from '@hookform/resolvers/zod';
+import { Trans, useLingui } from '@lingui/react/macro';
+import { useForm } from 'react-hook-form';
+import { z } from 'zod';
+
+import { trpc } from '@documenso/trpc/react';
+import { Button } from '@documenso/ui/primitives/button';
+import {
+  Form,
+  FormControl,
+  FormField,
+  FormItem,
+  FormLabel,
+  FormMessage,
+} from '@documenso/ui/primitives/form/form';
+import { Input } from '@documenso/ui/primitives/input';
+import { Textarea } from '@documenso/ui/primitives/textarea';
+import { useToast } from '@documenso/ui/primitives/use-toast';
+
+const ZSupportTicketSchema = z.object({
+  subject: z.string().min(3, 'Subject is required'),
+  message: z.string().min(10, 'Message must be at least 10 characters'),
+});
+
+type TSupportTicket = z.infer<typeof ZSupportTicketSchema>;
+
+export type SupportTicketFormProps = {
+  organisationId: string;
+  teamId?: string | null;
+  onSuccess?: () => void;
+  onClose?: () => void;
+};
+
+export const SupportTicketForm = ({
+  organisationId,
+  teamId,
+  onSuccess,
+  onClose,
+}: SupportTicketFormProps) => {
+  const { t } = useLingui();
+  const { toast } = useToast();
+
+  const { mutateAsync: submitSupportTicket, isPending } =
+    trpc.profile.submitSupportTicket.useMutation();
+
+  const form = useForm<TSupportTicket>({
+    resolver: zodResolver(ZSupportTicketSchema),
+    defaultValues: {
+      subject: '',
+      message: '',
+    },
+  });
+
+  const isLoading = form.formState.isLoading || isPending;
+
+  const onSubmit = async (data: TSupportTicket) => {
+    const { subject, message } = data;
+
+    try {
+      await submitSupportTicket({
+        subject,
+        message,
+        organisationId,
+        teamId,
+      });
+
+      toast({
+        title: t`Support ticket created`,
+        description: t`Your support request has been submitted. We'll get back to you soon!`,
+      });
+
+      if (onSuccess) {
+        onSuccess();
+      }
+
+      form.reset();
+    } catch (err) {
+      toast({
+        title: t`Failed to create support ticket`,
+        description: t`An error occurred. Please try again later.`,
+        variant: 'destructive',
+      });
+    }
+  };
+
+  return (
+    <>
+      <Form {...form}>
+        <form onSubmit={form.handleSubmit(onSubmit)}>
+          <fieldset disabled={isLoading} className="flex flex-col gap-4">
+            <FormField
+              control={form.control}
+              name="subject"
+              render={({ field }) => (
+                <FormItem>
+                  <FormLabel required>
+                    <Trans>Subject</Trans>
+                  </FormLabel>
+                  <FormControl>
+                    <Input {...field} />
+                  </FormControl>
+                  <FormMessage />
+                </FormItem>
+              )}
+            />
+
+            <FormField
+              control={form.control}
+              name="message"
+              render={({ field }) => (
+                <FormItem>
+                  <FormLabel required>
+                    <Trans>Message</Trans>
+                  </FormLabel>
+                  <FormControl>
+                    <Textarea rows={5} {...field} />
+                  </FormControl>
+                  <FormMessage />
+                </FormItem>
+              )}
+            />
+
+            <div className="mt-2 flex flex-row gap-2">
+              <Button type="submit" size="sm" loading={isLoading}>
+                <Trans>Submit</Trans>
+              </Button>
+              {onClose && (
+                <Button variant="outline" size="sm" type="button" onClick={onClose}>
+                  <Trans>Close</Trans>
+                </Button>
+              )}
+            </div>
+          </fieldset>
+        </form>
+      </Form>
+    </>
+  );
+};
diff --git a/apps/remix/app/components/general/org-menu-switcher.tsx b/apps/remix/app/components/general/org-menu-switcher.tsx
index 5ba8dcea4..c6c7c0040 100644
--- a/apps/remix/app/components/general/org-menu-switcher.tsx
+++ b/apps/remix/app/components/general/org-menu-switcher.tsx
@@ -321,6 +321,19 @@ export const OrgMenuSwitcher = () => {
                 <Trans>Language</Trans>
               </DropdownMenuItem>
 
+              {currentOrganisation && (
+                <DropdownMenuItem className="text-muted-foreground px-4 py-2" asChild>
+                  <Link
+                    to={{
+                      pathname: `/o/${currentOrganisation.url}/support`,
+                      search: currentTeam ? `?team=${currentTeam.id}` : '',
+                    }}
+                  >
+                    <Trans>Support</Trans>
+                  </Link>
+                </DropdownMenuItem>
+              )}
+
               <DropdownMenuItem
                 className="text-muted-foreground hover:!text-muted-foreground px-4 py-2"
                 onSelect={async () => authClient.signOut()}
diff --git a/apps/remix/app/routes/_authenticated+/o.$orgUrl.support.tsx b/apps/remix/app/routes/_authenticated+/o.$orgUrl.support.tsx
new file mode 100644
index 000000000..dc27400d3
--- /dev/null
+++ b/apps/remix/app/routes/_authenticated+/o.$orgUrl.support.tsx
@@ -0,0 +1,125 @@
+import { useState } from 'react';
+
+import { Trans } from '@lingui/react/macro';
+import { BookIcon, HelpCircleIcon, Link2Icon } from 'lucide-react';
+import { Link, useSearchParams } from 'react-router';
+
+import { useCurrentOrganisation } from '@documenso/lib/client-only/providers/organisation';
+import { useSession } from '@documenso/lib/client-only/providers/session';
+import { IS_BILLING_ENABLED } from '@documenso/lib/constants/app';
+import { Button } from '@documenso/ui/primitives/button';
+
+import { SupportTicketForm } from '~/components/forms/support-ticket-form';
+import { appMetaTags } from '~/utils/meta';
+
+export function meta() {
+  return appMetaTags('Support');
+}
+
+export default function SupportPage() {
+  const [showForm, setShowForm] = useState(false);
+  const { user } = useSession();
+  const organisation = useCurrentOrganisation();
+
+  const [searchParams] = useSearchParams();
+
+  const teamId = searchParams.get('team');
+
+  const subscriptionStatus = organisation.subscription?.status;
+
+  const handleSuccess = () => {
+    setShowForm(false);
+  };
+
+  const handleCloseForm = () => {
+    setShowForm(false);
+  };
+
+  return (
+    <div className="mx-auto w-full max-w-screen-xl px-4 md:px-8">
+      <div className="mb-8">
+        <h1 className="flex flex-row items-center gap-2 text-3xl font-bold">
+          <HelpCircleIcon className="text-muted-foreground h-8 w-8" />
+          <Trans>Support</Trans>
+        </h1>
+
+        <p className="text-muted-foreground mt-2">
+          <Trans>Your current plan includes the following support channels:</Trans>
+        </p>
+
+        <div className="mt-6 flex flex-col gap-4">
+          <div className="rounded-lg border p-4">
+            <h2 className="flex items-center gap-2 text-lg font-bold">
+              <BookIcon className="text-muted-foreground h-5 w-5" />
+              <Link
+                to="https://docs.documenso.com"
+                target="_blank"
+                rel="noopener noreferrer"
+                className="hover:underline"
+              >
+                <Trans>Documentation</Trans>
+              </Link>
+            </h2>
+            <p className="text-muted-foreground mt-1">
+              <Trans>Read our documentation to get started with Documenso.</Trans>
+            </p>
+          </div>
+          <div className="rounded-lg border p-4">
+            <h2 className="flex items-center gap-2 text-lg font-bold">
+              <Link2Icon className="text-muted-foreground h-5 w-5" />
+              <Link
+                to="https://documen.so/discord"
+                target="_blank"
+                rel="noopener noreferrer"
+                className="hover:underline"
+              >
+                <Trans>Discord</Trans>
+              </Link>
+            </h2>
+            <p className="text-muted-foreground mt-1">
+              <Trans>
+                Join our community on{' '}
+                <Link
+                  to="https://documen.so/discord"
+                  target="_blank"
+                  rel="noopener noreferrer"
+                  className="hover:underline"
+                >
+                  Discord
+                </Link>{' '}
+                for community support and discussion.
+              </Trans>
+            </p>
+          </div>
+          {organisation && IS_BILLING_ENABLED() && subscriptionStatus && (
+            <>
+              <div className="rounded-lg border p-4">
+                <h2 className="flex items-center gap-2 text-lg font-bold">
+                  <Link2Icon className="text-muted-foreground h-5 w-5" />
+                  <Trans>Contact us</Trans>
+                </h2>
+                <p className="text-muted-foreground mt-1">
+                  <Trans>We'll get back to you as soon as possible via email.</Trans>
+                </p>
+                <div className="mt-4">
+                  {!showForm ? (
+                    <Button variant="outline" size="sm" onClick={() => setShowForm(true)}>
+                      <Trans>Create a support ticket</Trans>
+                    </Button>
+                  ) : (
+                    <SupportTicketForm
+                      organisationId={organisation.id}
+                      teamId={teamId}
+                      onSuccess={handleSuccess}
+                      onClose={handleCloseForm}
+                    />
+                  )}
+                </div>
+              </div>
+            </>
+          )}
+        </div>
+      </div>
+    </div>
+  );
+}
diff --git a/package-lock.json b/package-lock.json
index e8455705d..7b2d0ed69 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -3522,6 +3522,15 @@
       "integrity": "sha512-MDWhGtE+eHw5JW7lq4qhc5yRLS11ERl1c7Z6Xd0a58DozHES6EnNNwUWbMiG4J9Cgj053Bhk8zvlhFYKVhULwg==",
       "license": "MIT"
     },
+    "node_modules/@graphql-typed-document-node/core": {
+      "version": "3.2.0",
+      "resolved": "https://registry.npmjs.org/@graphql-typed-document-node/core/-/core-3.2.0.tgz",
+      "integrity": "sha512-mB9oAsNCm9aM3/SOv4YtBMqZbYj10R7dkq8byBqxGY/ncFwhf2oQzMV+LCRlWoDSEBJ3COiR1yeDvMtsoOsuFQ==",
+      "license": "MIT",
+      "peerDependencies": {
+        "graphql": "^0.8.0 || ^0.9.0 || ^0.10.0 || ^0.11.0 || ^0.12.0 || ^0.13.0 || ^14.0.0 || ^15.0.0 || ^16.0.0 || ^17.0.0"
+      }
+    },
     "node_modules/@grpc/grpc-js": {
       "version": "1.13.3",
       "resolved": "https://registry.npmjs.org/@grpc/grpc-js/-/grpc-js-1.13.3.tgz",
@@ -11826,6 +11835,20 @@
         "url": "https://github.com/sponsors/tannerlinsley"
       }
     },
+    "node_modules/@team-plain/typescript-sdk": {
+      "version": "5.9.0",
+      "resolved": "https://registry.npmjs.org/@team-plain/typescript-sdk/-/typescript-sdk-5.9.0.tgz",
+      "integrity": "sha512-AHSXyt1kDt74m9YKZBCRCd6cQjB8QjUNr9cehtR2QHzZ/8yXJPzawPJDqOQ3ms5KvwuYrBx2qT3e6C/zrQ5UtA==",
+      "license": "MIT",
+      "dependencies": {
+        "@graphql-typed-document-node/core": "^3.2.0",
+        "ajv": "^8.12.0",
+        "ajv-formats": "^2.1.1",
+        "graphql": "^16.6.0",
+        "lodash.get": "^4.4.2",
+        "zod": "3.22.4"
+      }
+    },
     "node_modules/@theguild/remark-mermaid": {
       "version": "0.0.5",
       "resolved": "https://registry.npmjs.org/@theguild/remark-mermaid/-/remark-mermaid-0.0.5.tgz",
@@ -13235,7 +13258,6 @@
       "version": "8.17.1",
       "resolved": "https://registry.npmjs.org/ajv/-/ajv-8.17.1.tgz",
       "integrity": "sha512-B/gBuNg5SiMTrPkC+A2+cW0RszwxYmn6VYxB/inlBStS5nx6xHIt/ehKRhIMhqusl7a8LjQoZnjCs5vhwxOQ1g==",
-      "dev": true,
       "license": "MIT",
       "dependencies": {
         "fast-deep-equal": "^3.1.3",
@@ -13248,6 +13270,23 @@
         "url": "https://github.com/sponsors/epoberezkin"
       }
     },
+    "node_modules/ajv-formats": {
+      "version": "2.1.1",
+      "resolved": "https://registry.npmjs.org/ajv-formats/-/ajv-formats-2.1.1.tgz",
+      "integrity": "sha512-Wx0Kx52hxE7C18hkMEggYlEifqWZtYaRgouJor+WMdPnQyEK13vgEWyVNup7SoeeoLMsr4kf5h6dOW11I15MUA==",
+      "license": "MIT",
+      "dependencies": {
+        "ajv": "^8.0.0"
+      },
+      "peerDependencies": {
+        "ajv": "^8.0.0"
+      },
+      "peerDependenciesMeta": {
+        "ajv": {
+          "optional": true
+        }
+      }
+    },
     "node_modules/ansi-escapes": {
       "version": "4.3.2",
       "resolved": "https://registry.npmjs.org/ansi-escapes/-/ansi-escapes-4.3.2.tgz",
@@ -18771,7 +18810,6 @@
       "version": "3.0.6",
       "resolved": "https://registry.npmjs.org/fast-uri/-/fast-uri-3.0.6.tgz",
       "integrity": "sha512-Atfo14OibSv5wAp4VWNsFYE1AchQRTv9cBGWET4pZWHzYshFSS9NQI6I57rdKn9croWVMbYFbLhJ+yJvmZIIHw==",
-      "dev": true,
       "funding": [
         {
           "type": "github",
@@ -19847,6 +19885,15 @@
       "integrity": "sha512-EtKwoO6kxCL9WO5xipiHTZlSzBm7WLT627TqC/uVRd0HKmq8NXyebnNYxDoBi7wt8eTWrUrKXCOVaFq9x1kgag==",
       "license": "MIT"
     },
+    "node_modules/graphql": {
+      "version": "16.11.0",
+      "resolved": "https://registry.npmjs.org/graphql/-/graphql-16.11.0.tgz",
+      "integrity": "sha512-mS1lbMsxgQj6hge1XZ6p7GPhbrtFwUFYi3wRzXAC/FmYnyXMTvvI3td3rjmQ2u8ewXueaSvRPWaEcgVVOT9Jnw==",
+      "license": "MIT",
+      "engines": {
+        "node": "^12.22.0 || ^14.16.0 || ^16.0.0 || >=17.0.0"
+      }
+    },
     "node_modules/gray-matter": {
       "version": "4.0.3",
       "resolved": "https://registry.npmjs.org/gray-matter/-/gray-matter-4.0.3.tgz",
@@ -22329,7 +22376,6 @@
       "version": "1.0.0",
       "resolved": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-1.0.0.tgz",
       "integrity": "sha512-NM8/P9n3XjXhIZn1lLhkFaACTOURQXjWhV4BA/RnOv8xvgqtqpAX9IO4mRQxSx1Rlo4tqzeqb0sOlruaOy3dug==",
-      "dev": true,
       "license": "MIT"
     },
     "node_modules/json-stable-stringify-without-jsonify": {
@@ -30570,7 +30616,6 @@
       "version": "2.0.2",
       "resolved": "https://registry.npmjs.org/require-from-string/-/require-from-string-2.0.2.tgz",
       "integrity": "sha512-Xf0nWe6RseziFMu+Ap9biiUbmplq6S9/p+7w7YXP/JBHhrUDDUhwa+vANyubuqfZWTveU//DYVGsDG7RKL/vEw==",
-      "dev": true,
       "license": "MIT",
       "engines": {
         "node": ">=0.10.0"
@@ -36583,6 +36628,7 @@
         "@pdf-lib/fontkit": "^1.1.1",
         "@scure/base": "^1.1.3",
         "@sindresorhus/slugify": "^2.2.1",
+        "@team-plain/typescript-sdk": "^5.9.0",
         "@vvo/tzdb": "^6.117.0",
         "csv-parse": "^5.6.0",
         "inngest": "^3.19.13",
diff --git a/packages/lib/package.json b/packages/lib/package.json
index 374793db8..f422ec2f9 100644
--- a/packages/lib/package.json
+++ b/packages/lib/package.json
@@ -33,6 +33,7 @@
     "@pdf-lib/fontkit": "^1.1.1",
     "@scure/base": "^1.1.3",
     "@sindresorhus/slugify": "^2.2.1",
+    "@team-plain/typescript-sdk": "^5.9.0",
     "@vvo/tzdb": "^6.117.0",
     "csv-parse": "^5.6.0",
     "inngest": "^3.19.13",
diff --git a/packages/lib/plain/client.ts b/packages/lib/plain/client.ts
new file mode 100644
index 000000000..4def9d8b4
--- /dev/null
+++ b/packages/lib/plain/client.ts
@@ -0,0 +1,7 @@
+import { PlainClient } from '@team-plain/typescript-sdk';
+
+import { env } from '@documenso/lib/utils/env';
+
+export const plainClient = new PlainClient({
+  apiKey: env('NEXT_PRIVATE_PLAIN_API_KEY') ?? '',
+});
diff --git a/packages/lib/server-only/user/submit-support-ticket.ts b/packages/lib/server-only/user/submit-support-ticket.ts
new file mode 100644
index 000000000..91c55800d
--- /dev/null
+++ b/packages/lib/server-only/user/submit-support-ticket.ts
@@ -0,0 +1,72 @@
+import { plainClient } from '@documenso/lib/plain/client';
+import { prisma } from '@documenso/prisma';
+
+import { AppError, AppErrorCode } from '../../errors/app-error';
+import { buildOrganisationWhereQuery } from '../../utils/organisations';
+import { getTeamById } from '../team/get-team';
+
+type SubmitSupportTicketOptions = {
+  subject: string;
+  message: string;
+  userId: number;
+  organisationId: string;
+  teamId?: number | null;
+};
+
+export const submitSupportTicket = async ({
+  subject,
+  message,
+  userId,
+  organisationId,
+  teamId,
+}: SubmitSupportTicketOptions) => {
+  const user = await prisma.user.findFirst({
+    where: {
+      id: userId,
+    },
+  });
+
+  if (!user) {
+    throw new AppError(AppErrorCode.NOT_FOUND, {
+      message: 'User not found',
+    });
+  }
+
+  const organisation = await prisma.organisation.findFirst({
+    where: buildOrganisationWhereQuery({
+      organisationId,
+      userId,
+    }),
+  });
+
+  if (!organisation) {
+    throw new AppError(AppErrorCode.NOT_FOUND, {
+      message: 'Organisation not found',
+    });
+  }
+
+  const team = teamId
+    ? await getTeamById({
+        userId,
+        teamId,
+      })
+    : null;
+
+  const customMessage = `
+Organisation: ${organisation.name} (${organisation.id})
+Team: ${team ? `${team.name} (${team.id})` : 'No team provided'}
+
+${message}`;
+
+  const res = await plainClient.createThread({
+    title: subject,
+    customerIdentifier: { emailAddress: user.email },
+    components: [{ componentText: { text: customMessage } }],
+  });
+
+  if (res.error) {
+    throw new Error(res.error.message);
+  }
+
+  return res;
+};
diff --git a/packages/trpc/server/profile-router/router.ts b/packages/trpc/server/profile-router/router.ts
index 927409817..60b7c1323 100644
--- a/packages/trpc/server/profile-router/router.ts
+++ b/packages/trpc/server/profile-router/router.ts
@@ -1,8 +1,10 @@
+import { AppError, AppErrorCode } from '@documenso/lib/errors/app-error';
 import type { SetAvatarImageOptions } from '@documenso/lib/server-only/profile/set-avatar-image';
 import { setAvatarImage } from '@documenso/lib/server-only/profile/set-avatar-image';
 import { deleteUser } from '@documenso/lib/server-only/user/delete-user';
 import { findUserSecurityAuditLogs } from '@documenso/lib/server-only/user/find-user-security-audit-logs';
 import { getUserById } from '@documenso/lib/server-only/user/get-user-by-id';
+import { submitSupportTicket } from '@documenso/lib/server-only/user/submit-support-ticket';
 import { updateProfile } from '@documenso/lib/server-only/user/update-profile';
 
 import { adminProcedure, authenticatedProcedure, router } from '../trpc';
@@ -10,6 +12,7 @@ import {
   ZFindUserSecurityAuditLogsSchema,
   ZRetrieveUserByIdQuerySchema,
   ZSetProfileImageMutationSchema,
+  ZSubmitSupportTicketMutationSchema,
   ZUpdateProfileMutationSchema,
 } from './schema';
 
@@ -91,4 +94,28 @@ export const profileRouter = router({
         requestMetadata: ctx.metadata,
       });
     }),
+
+  submitSupportTicket: authenticatedProcedure
+    .input(ZSubmitSupportTicketMutationSchema)
+    .mutation(async ({ input, ctx }) => {
+      const { subject, message, organisationId, teamId } = input;
+
+      const userId = ctx.user.id;
+
+      const parsedTeamId = teamId ? Number(teamId) : null;
+
+      if (Number.isNaN(parsedTeamId)) {
+        throw new AppError(AppErrorCode.INVALID_BODY, {
+          message: 'Invalid team ID provided',
+        });
+      }
+
+      return await submitSupportTicket({
+        subject,
+        message,
+        userId,
+        organisationId,
+        teamId: parsedTeamId,
+      });
+    }),
 });
diff --git a/packages/trpc/server/profile-router/schema.ts b/packages/trpc/server/profile-router/schema.ts
index 490ea8a8c..e1db5dd78 100644
--- a/packages/trpc/server/profile-router/schema.ts
+++ b/packages/trpc/server/profile-router/schema.ts
@@ -27,3 +27,12 @@ export const ZSetProfileImageMutationSchema = z.object({
 });
 
 export type TSetProfileImageMutationSchema = z.infer<typeof ZSetProfileImageMutationSchema>;
+
+export const ZSubmitSupportTicketMutationSchema = z.object({
+  organisationId: z.string(),
+  teamId: z.string().min(1).nullish(),
+  subject: z.string().min(3, 'Subject is required'),
+  message: z.string().min(10, 'Message must be at least 10 characters'),
+});
+
+export type TSupportTicketRequest = z.infer<typeof ZSubmitSupportTicketMutationSchema>;
diff --git a/turbo.json b/turbo.json
index 77c668b35..d767b4612 100644
--- a/turbo.json
+++ b/turbo.json
@@ -47,6 +47,7 @@
     "NEXT_PUBLIC_POSTHOG_KEY",
     "NEXT_PUBLIC_FEATURE_BILLING_ENABLED",
     "NEXT_PUBLIC_DISABLE_SIGNUP",
+    "NEXT_PRIVATE_PLAIN_API_KEY",
     "NEXT_PUBLIC_DOCUMENT_SIZE_UPLOAD_LIMIT",
     "NEXT_PRIVATE_DATABASE_URL",
     "NEXT_PRIVATE_DIRECT_DATABASE_URL",

From 1cb9de8083853ab4a591729834358b8d1d5617b5 Mon Sep 17 00:00:00 2001
From: Ephraim Duncan <55143799+ephraimduncan@users.noreply.github.com>
Date: Fri, 22 Aug 2025 02:20:41 +0000
Subject: [PATCH 03/17] chore: remove 'use client' directives (#1979)

---
 README.md                                                       | 2 +-
 .../app/components/general/admin-monthly-active-user-charts.tsx | 2 --
 packages/ui/primitives/multiselect.tsx                          | 2 --
 3 files changed, 1 insertion(+), 5 deletions(-)

diff --git a/README.md b/README.md
index f44b88c2a..aa423aa2b 100644
--- a/README.md
+++ b/README.md
@@ -308,7 +308,7 @@ The Web UI can be found at http://localhost:9000, while the SMTP port will be on
 
 ### Support IPv6
 
-If you are deploying to a cluster that uses only IPv6, You can use a custom command to pass a parameter to the Next.js start command
+If you are deploying to a cluster that uses only IPv6, You can use a custom command to pass a parameter to the Remix start command
 
 For local docker run
 
diff --git a/apps/remix/app/components/general/admin-monthly-active-user-charts.tsx b/apps/remix/app/components/general/admin-monthly-active-user-charts.tsx
index 048d9599c..c6f137c3d 100644
--- a/apps/remix/app/components/general/admin-monthly-active-user-charts.tsx
+++ b/apps/remix/app/components/general/admin-monthly-active-user-charts.tsx
@@ -1,5 +1,3 @@
-'use client';
-
 import { DateTime } from 'luxon';
 import type { TooltipProps } from 'recharts';
 import { Bar, BarChart, ResponsiveContainer, Tooltip, XAxis, YAxis } from 'recharts';
diff --git a/packages/ui/primitives/multiselect.tsx b/packages/ui/primitives/multiselect.tsx
index 3e8f0ffea..196e0a351 100644
--- a/packages/ui/primitives/multiselect.tsx
+++ b/packages/ui/primitives/multiselect.tsx
@@ -1,5 +1,3 @@
-'use client';
-
 import * as React from 'react';
 import { useEffect } from 'react';
 

From 80e452afa2e9310c6d629db5c2bb6e96fb35d621 Mon Sep 17 00:00:00 2001
From: Lucas Smith <me@lucasjamessmith.me>
Date: Fri, 22 Aug 2025 22:50:41 +1000
Subject: [PATCH 04/17] fix: get accurate pdf page size (#1980)

Handles edge cases with PDF media boxes and crop boxes, deals with
certain documents that had been uploaded with weird combos of sizings.
---
 .../pdf/add-rejection-stamp-to-pdf.ts          |  3 ++-
 packages/lib/server-only/pdf/get-page-size.ts  | 18 ++++++++++++++++++
 .../lib/server-only/pdf/insert-field-in-pdf.ts |  3 ++-
 .../pdf/legacy-insert-field-in-pdf.ts          |  3 ++-
 4 files changed, 24 insertions(+), 3 deletions(-)
 create mode 100644 packages/lib/server-only/pdf/get-page-size.ts

diff --git a/packages/lib/server-only/pdf/add-rejection-stamp-to-pdf.ts b/packages/lib/server-only/pdf/add-rejection-stamp-to-pdf.ts
index fe4853a5b..c0f2b123a 100644
--- a/packages/lib/server-only/pdf/add-rejection-stamp-to-pdf.ts
+++ b/packages/lib/server-only/pdf/add-rejection-stamp-to-pdf.ts
@@ -3,6 +3,7 @@ import type { PDFDocument } from 'pdf-lib';
 import { TextAlignment, rgb, setFontAndSize } from 'pdf-lib';
 
 import { NEXT_PUBLIC_WEBAPP_URL } from '../../constants/app';
+import { getPageSize } from './get-page-size';
 
 /**
  * Adds a rejection stamp to each page of a PDF document.
@@ -27,7 +28,7 @@ export async function addRejectionStampToPdf(
 
   for (let i = 0; i < pages.length; i++) {
     const page = pages[i];
-    const { width, height } = page.getSize();
+    const { width, height } = getPageSize(page);
 
     // Draw the "REJECTED" text
     const rejectedTitleText = 'DOCUMENT REJECTED';
diff --git a/packages/lib/server-only/pdf/get-page-size.ts b/packages/lib/server-only/pdf/get-page-size.ts
new file mode 100644
index 000000000..76c5babf7
--- /dev/null
+++ b/packages/lib/server-only/pdf/get-page-size.ts
@@ -0,0 +1,18 @@
+import type { PDFPage } from 'pdf-lib';
+
+/**
+ * Gets the effective page size for PDF operations.
+ *
+ * Uses CropBox by default to handle rare cases where MediaBox is larger than CropBox.
+ * Falls back to MediaBox when it's smaller than CropBox, following typical PDF reader behavior.
+ */
+export const getPageSize = (page: PDFPage) => {
+  const cropBox = page.getCropBox();
+  const mediaBox = page.getMediaBox();
+
+  if (mediaBox.width < cropBox.width || mediaBox.height < cropBox.height) {
+    return mediaBox;
+  }
+
+  return cropBox;
+};
diff --git a/packages/lib/server-only/pdf/insert-field-in-pdf.ts b/packages/lib/server-only/pdf/insert-field-in-pdf.ts
index fe0a5749a..9b2b8183b 100644
--- a/packages/lib/server-only/pdf/insert-field-in-pdf.ts
+++ b/packages/lib/server-only/pdf/insert-field-in-pdf.ts
@@ -33,6 +33,7 @@ import {
   ZRadioFieldMeta,
   ZTextFieldMeta,
 } from '../../types/field-meta';
+import { getPageSize } from './get-page-size';
 
 export const insertFieldInPDF = async (pdf: PDFDocument, field: FieldWithSignature) => {
   const [fontCaveat, fontNoto] = await Promise.all([
@@ -77,7 +78,7 @@ export const insertFieldInPDF = async (pdf: PDFDocument, field: FieldWithSignatu
 
   const isPageRotatedToLandscape = pageRotationInDegrees === 90 || pageRotationInDegrees === 270;
 
-  let { width: pageWidth, height: pageHeight } = page.getSize();
+  let { width: pageWidth, height: pageHeight } = getPageSize(page);
 
   // PDFs can have pages that are rotated, which are correctly rendered in the frontend.
   // However when we load the PDF in the backend, the rotation is applied.
diff --git a/packages/lib/server-only/pdf/legacy-insert-field-in-pdf.ts b/packages/lib/server-only/pdf/legacy-insert-field-in-pdf.ts
index ba351092c..86ceea65f 100644
--- a/packages/lib/server-only/pdf/legacy-insert-field-in-pdf.ts
+++ b/packages/lib/server-only/pdf/legacy-insert-field-in-pdf.ts
@@ -26,6 +26,7 @@ import {
   ZRadioFieldMeta,
   ZTextFieldMeta,
 } from '../../types/field-meta';
+import { getPageSize } from './get-page-size';
 
 export const legacy_insertFieldInPDF = async (pdf: PDFDocument, field: FieldWithSignature) => {
   const [fontCaveat, fontNoto] = await Promise.all([
@@ -63,7 +64,7 @@ export const legacy_insertFieldInPDF = async (pdf: PDFDocument, field: FieldWith
 
   const isPageRotatedToLandscape = pageRotationInDegrees === 90 || pageRotationInDegrees === 270;
 
-  let { width: pageWidth, height: pageHeight } = page.getSize();
+  let { width: pageWidth, height: pageHeight } = getPageSize(page);
 
   // PDFs can have pages that are rotated, which are correctly rendered in the frontend.
   // However when we load the PDF in the backend, the rotation is applied.

From 17b36ac8e4b9de577669e005e888312ffec5d6cc Mon Sep 17 00:00:00 2001
From: Catalin Pit <me+github@catalins.tech>
Date: Fri, 22 Aug 2025 16:28:04 +0300
Subject: [PATCH 05/17] feat: sync organization name with stripe (#1974)

---
 .../server/organisation-router/update-organisation.ts | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/packages/trpc/server/organisation-router/update-organisation.ts b/packages/trpc/server/organisation-router/update-organisation.ts
index bc71b9de0..73f2445c8 100644
--- a/packages/trpc/server/organisation-router/update-organisation.ts
+++ b/packages/trpc/server/organisation-router/update-organisation.ts
@@ -1,5 +1,6 @@
 import { ORGANISATION_MEMBER_ROLE_PERMISSIONS_MAP } from '@documenso/lib/constants/organisations';
 import { AppError, AppErrorCode } from '@documenso/lib/errors/app-error';
+import { stripe } from '@documenso/lib/server-only/stripe';
 import { buildOrganisationWhereQuery } from '@documenso/lib/utils/organisations';
 import { prisma } from '@documenso/prisma';
 
@@ -38,7 +39,7 @@ export const updateOrganisationRoute = authenticatedProcedure
       });
     }
 
-    await prisma.organisation.update({
+    const updatedOrganisation = await prisma.organisation.update({
       where: {
         id: organisationId,
       },
@@ -47,4 +48,12 @@ export const updateOrganisationRoute = authenticatedProcedure
         url: data.url,
       },
     });
+
+    if (updatedOrganisation.customerId) {
+      await stripe.customers.update(updatedOrganisation.customerId, {
+        metadata: {
+          organisationName: data.name,
+        },
+      });
+    }
   });

From 67501b45cf58c7ce9046cb049881d349a86b9807 Mon Sep 17 00:00:00 2001
From: Catalin Pit <me+github@catalins.tech>
Date: Fri, 22 Aug 2025 17:12:17 +0300
Subject: [PATCH 06/17] feat: create document in a specific folder (#1965)

---
 packages/api/v1/implementation.ts             |  2 ++
 packages/api/v1/schema.ts                     | 12 +++++++++++
 .../document/create-document-v2.ts            | 21 ++++++++++++++++++-
 .../template/create-document-from-template.ts | 20 ++++++++++++++++++
 .../trpc/server/document-router/router.ts     |  2 ++
 .../trpc/server/document-router/schema.ts     |  6 ++++++
 .../trpc/server/template-router/router.ts     | 11 ++++++++--
 .../trpc/server/template-router/schema.ts     |  6 ++++++
 8 files changed, 77 insertions(+), 3 deletions(-)

diff --git a/packages/api/v1/implementation.ts b/packages/api/v1/implementation.ts
index e8afd9af4..e9fcbf4d8 100644
--- a/packages/api/v1/implementation.ts
+++ b/packages/api/v1/implementation.ts
@@ -330,6 +330,7 @@ export const ApiContractV1Implementation = tsr.router(ApiContractV1, {
         userId: user.id,
         teamId: team?.id,
         formValues: body.formValues,
+        folderId: body.folderId,
         documentDataId: documentData.id,
         requestMetadata: metadata,
       });
@@ -736,6 +737,7 @@ export const ApiContractV1Implementation = tsr.router(ApiContractV1, {
           teamId: team?.id,
           recipients: body.recipients,
           prefillFields: body.prefillFields,
+          folderId: body.folderId,
           override: {
             title: body.title,
             ...body.meta,
diff --git a/packages/api/v1/schema.ts b/packages/api/v1/schema.ts
index 81f1b7a79..c33120ae3 100644
--- a/packages/api/v1/schema.ts
+++ b/packages/api/v1/schema.ts
@@ -136,6 +136,12 @@ export type TUploadDocumentSuccessfulSchema = z.infer<typeof ZUploadDocumentSucc
 export const ZCreateDocumentMutationSchema = z.object({
   title: z.string().min(1),
   externalId: z.string().nullish(),
+  folderId: z
+    .string()
+    .describe(
+      'The ID of the folder to create the document in. If not provided, the document will be created in the root folder.',
+    )
+    .optional(),
   recipients: z.array(
     z.object({
       name: z.string().min(1),
@@ -287,6 +293,12 @@ export type TCreateDocumentFromTemplateMutationResponseSchema = z.infer<
 export const ZGenerateDocumentFromTemplateMutationSchema = z.object({
   title: z.string().optional(),
   externalId: z.string().optional(),
+  folderId: z
+    .string()
+    .describe(
+      'The ID of the folder to create the document in. If not provided, the document will be created in the root folder.',
+    )
+    .optional(),
   recipients: z
     .array(
       z.object({
diff --git a/packages/lib/server-only/document/create-document-v2.ts b/packages/lib/server-only/document/create-document-v2.ts
index a381fd238..4a23d67c7 100644
--- a/packages/lib/server-only/document/create-document-v2.ts
+++ b/packages/lib/server-only/document/create-document-v2.ts
@@ -1,6 +1,7 @@
 import type { DocumentVisibility, TemplateMeta } from '@prisma/client';
 import {
   DocumentSource,
+  FolderType,
   RecipientRole,
   SendStatus,
   SigningStatus,
@@ -45,6 +46,7 @@ export type CreateDocumentOptions = {
     globalActionAuth?: TDocumentActionAuthTypes[];
     formValues?: TDocumentFormValues;
     recipients: TCreateDocumentV2Request['recipients'];
+    folderId?: string;
   };
   meta?: Partial<Omit<TemplateMeta, 'id' | 'templateId'>>;
   requestMetadata: ApiRequestMetadata;
@@ -59,7 +61,7 @@ export const createDocumentV2 = async ({
   meta,
   requestMetadata,
 }: CreateDocumentOptions) => {
-  const { title, formValues } = data;
+  const { title, formValues, folderId } = data;
 
   const team = await prisma.team.findFirst({
     where: buildTeamWhereQuery({ teamId, userId }),
@@ -78,6 +80,22 @@ export const createDocumentV2 = async ({
     });
   }
 
+  if (folderId) {
+    const folder = await prisma.folder.findUnique({
+      where: {
+        id: folderId,
+        type: FolderType.DOCUMENT,
+        team: buildTeamWhereQuery({ teamId, userId }),
+      },
+    });
+
+    if (!folder) {
+      throw new AppError(AppErrorCode.NOT_FOUND, {
+        message: 'Folder not found',
+      });
+    }
+  }
+
   const settings = await getTeamSettings({
     userId,
     teamId,
@@ -164,6 +182,7 @@ export const createDocumentV2 = async ({
         teamId,
         authOptions,
         visibility,
+        folderId,
         formValues,
         source: DocumentSource.DOCUMENT,
         documentMeta: {
diff --git a/packages/lib/server-only/template/create-document-from-template.ts b/packages/lib/server-only/template/create-document-from-template.ts
index 35946a155..b6ee8b222 100644
--- a/packages/lib/server-only/template/create-document-from-template.ts
+++ b/packages/lib/server-only/template/create-document-from-template.ts
@@ -2,6 +2,7 @@ import type { DocumentDistributionMethod, DocumentSigningOrder } from '@prisma/c
 import {
   DocumentSource,
   type Field,
+  FolderType,
   type Recipient,
   RecipientRole,
   SendStatus,
@@ -69,6 +70,7 @@ export type CreateDocumentFromTemplateOptions = {
     email: string;
     signingOrder?: number | null;
   }[];
+  folderId?: string;
   prefillFields?: TFieldMetaPrefillFieldsSchema[];
   customDocumentDataId?: string;
 
@@ -274,6 +276,7 @@ export const createDocumentFromTemplate = async ({
   customDocumentDataId,
   override,
   requestMetadata,
+  folderId,
   prefillFields,
 }: CreateDocumentFromTemplateOptions) => {
   const template = await prisma.template.findUnique({
@@ -298,6 +301,22 @@ export const createDocumentFromTemplate = async ({
     });
   }
 
+  if (folderId) {
+    const folder = await prisma.folder.findUnique({
+      where: {
+        id: folderId,
+        type: FolderType.DOCUMENT,
+        team: buildTeamWhereQuery({ teamId, userId }),
+      },
+    });
+
+    if (!folder) {
+      throw new AppError(AppErrorCode.NOT_FOUND, {
+        message: 'Folder not found',
+      });
+    }
+  }
+
   const settings = await getTeamSettings({
     userId,
     teamId,
@@ -368,6 +387,7 @@ export const createDocumentFromTemplate = async ({
         externalId: externalId || template.externalId,
         templateId: template.id,
         userId,
+        folderId,
         teamId: template.teamId,
         title: override?.title || template.title,
         documentDataId: documentData.id,
diff --git a/packages/trpc/server/document-router/router.ts b/packages/trpc/server/document-router/router.ts
index e6da221ac..8d3cc8020 100644
--- a/packages/trpc/server/document-router/router.ts
+++ b/packages/trpc/server/document-router/router.ts
@@ -284,6 +284,7 @@ export const documentRouter = router({
         globalActionAuth,
         recipients,
         meta,
+        folderId,
       } = input;
 
       const { remaining } = await getServerLimits({ userId: user.id, teamId });
@@ -316,6 +317,7 @@ export const documentRouter = router({
           globalAccessAuth,
           globalActionAuth,
           recipients,
+          folderId,
         },
         meta,
         requestMetadata: ctx.metadata,
diff --git a/packages/trpc/server/document-router/schema.ts b/packages/trpc/server/document-router/schema.ts
index 36eca0e26..22425a2f4 100644
--- a/packages/trpc/server/document-router/schema.ts
+++ b/packages/trpc/server/document-router/schema.ts
@@ -209,6 +209,12 @@ export const ZCreateDocumentV2RequestSchema = z.object({
   globalAccessAuth: z.array(ZDocumentAccessAuthTypesSchema).optional(),
   globalActionAuth: z.array(ZDocumentActionAuthTypesSchema).optional(),
   formValues: ZDocumentFormValuesSchema.optional(),
+  folderId: z
+    .string()
+    .describe(
+      'The ID of the folder to create the document in. If not provided, the document will be created in the root folder.',
+    )
+    .optional(),
   recipients: z
     .array(
       ZCreateRecipientSchema.extend({
diff --git a/packages/trpc/server/template-router/router.ts b/packages/trpc/server/template-router/router.ts
index c52f78223..a9041ad3e 100644
--- a/packages/trpc/server/template-router/router.ts
+++ b/packages/trpc/server/template-router/router.ts
@@ -339,8 +339,14 @@ export const templateRouter = router({
     .output(ZCreateDocumentFromTemplateResponseSchema)
     .mutation(async ({ ctx, input }) => {
       const { teamId } = ctx;
-      const { templateId, recipients, distributeDocument, customDocumentDataId, prefillFields } =
-        input;
+      const {
+        templateId,
+        recipients,
+        distributeDocument,
+        customDocumentDataId,
+        prefillFields,
+        folderId,
+      } = input;
 
       ctx.logger.info({
         input: {
@@ -361,6 +367,7 @@ export const templateRouter = router({
         recipients,
         customDocumentDataId,
         requestMetadata: ctx.metadata,
+        folderId,
         prefillFields,
       });
 
diff --git a/packages/trpc/server/template-router/schema.ts b/packages/trpc/server/template-router/schema.ts
index 31284ac58..c1100b99e 100644
--- a/packages/trpc/server/template-router/schema.ts
+++ b/packages/trpc/server/template-router/schema.ts
@@ -117,6 +117,12 @@ export const ZCreateDocumentFromTemplateRequestSchema = z.object({
       'The data ID of an alternative PDF to use when creating the document. If not provided, the PDF attached to the template will be used.',
     )
     .optional(),
+  folderId: z
+    .string()
+    .describe(
+      'The ID of the folder to create the document in. If not provided, the document will be created in the root folder.',
+    )
+    .optional(),
   prefillFields: z
     .array(ZFieldMetaPrefillFieldsSchema)
     .describe(

From adefac81e269e5296ed2d63f7d7e40b7191ca3a6 Mon Sep 17 00:00:00 2001
From: Ephraim Duncan <55143799+ephraimduncan@users.noreply.github.com>
Date: Sun, 24 Aug 2025 06:48:30 +0000
Subject: [PATCH 07/17] fix: outdated docs (#1985)

---
 README.md                                                   | 4 +---
 SIGNING.md                                                  | 2 +-
 .../developers/contributing/contributing-translations.mdx   | 2 +-
 apps/documentation/pages/developers/self-hosting/how-to.mdx | 6 +++---
 docker/testing/compose.yml                                  | 2 +-
 render.yaml                                                 | 2 +-
 6 files changed, 8 insertions(+), 10 deletions(-)

diff --git a/README.md b/README.md
index aa423aa2b..185d9839e 100644
--- a/README.md
+++ b/README.md
@@ -214,8 +214,6 @@ For detailed instructions on how to configure and run the Docker container, plea
 
 We support a variety of deployment methods, and are actively working on adding more. Stay tuned for updates!
 
-> Please note that the below deployment methods are for v0.9, we will update these to v1.0 once it has been released.
-
 ### Fetch, configure, and build
 
 First, clone the code from Github:
@@ -258,7 +256,7 @@ npm run start
 
 This will start the server on `localhost:3000`. For now, any reverse proxy can then do the frontend and SSL termination.
 
-> If you want to run with another port than 3000, you can start the application with `next -p <ANY PORT>` from the `apps/web` folder.
+> If you want to run with another port than 3000, you can start the application with `next -p <ANY PORT>` from the `apps/remix` folder.
 
 ### Run as a service
 
diff --git a/SIGNING.md b/SIGNING.md
index d8f664cee..3eb94fbfb 100644
--- a/SIGNING.md
+++ b/SIGNING.md
@@ -18,7 +18,7 @@ For the digital signature of your documents you need a signing certificate in .p
 
 4. You will be prompted to enter a password for the p12 file. Choose a strong password and remember it, as you will need it to use the certificate (**can be empty for dev certificates**)
 
-5. Place the certificate `/apps/web/resources/certificate.p12` (If the path does not exist, it needs to be created)
+5. Place the certificate `/apps/remix/resources/certificate.p12` (If the path does not exist, it needs to be created)
 
 ## Docker
 
diff --git a/apps/documentation/pages/developers/contributing/contributing-translations.mdx b/apps/documentation/pages/developers/contributing/contributing-translations.mdx
index e313a4dc1..b8ffbb362 100644
--- a/apps/documentation/pages/developers/contributing/contributing-translations.mdx
+++ b/apps/documentation/pages/developers/contributing/contributing-translations.mdx
@@ -25,7 +25,7 @@ The translation files are organized into folders represented by their respective
 Each PO file contains translations which look like this:
 
 ```po
-#: apps/web/src/app/(signing)/sign/[token]/no-longer-available.tsx:61
+#: apps/remix/app/(signing)/sign/[token]/no-longer-available.tsx:61
 msgid "Want to send slick signing links like this one? <0>Check out Documenso.</0>"
 msgstr "Möchten Sie auffällige Signatur-Links wie diesen senden? <0>Überprüfen Sie Documenso.</0>"
 ```
diff --git a/apps/documentation/pages/developers/self-hosting/how-to.mdx b/apps/documentation/pages/developers/self-hosting/how-to.mdx
index 4025ce6d0..08797e801 100644
--- a/apps/documentation/pages/developers/self-hosting/how-to.mdx
+++ b/apps/documentation/pages/developers/self-hosting/how-to.mdx
@@ -54,7 +54,7 @@ Install the project dependencies as follows:
 
 ```bash
 npm i
-npm run build:web
+npm run build
 npm run prisma:migrate-deploy
 ```
 
@@ -69,7 +69,7 @@ npm run start
 This will start the server on `localhost:3000`. Any reverse proxy can handle the front end and SSL termination.
 
 <Callout type="info">
- If you want to run with another port than `3000`, you can start the application with `next -p <ANY PORT>` from the `apps/web` folder.
+ If you want to run with another port than `3000`, you can start the application with `next -p <ANY PORT>` from the `apps/remix` folder.
 </Callout>
 
 </Steps>
@@ -249,7 +249,7 @@ After=network.target
 Environment=PATH=/path/to/your/node/binaries
 Type=simple
 User=www-data
-WorkingDirectory=/var/www/documenso/apps/web
+WorkingDirectory=/var/www/documenso/apps/remix
 ExecStart=/usr/bin/next start -p 3500
 TimeoutSec=15
 Restart=always
diff --git a/docker/testing/compose.yml b/docker/testing/compose.yml
index 28ec055c1..110e9da6b 100644
--- a/docker/testing/compose.yml
+++ b/docker/testing/compose.yml
@@ -51,4 +51,4 @@ services:
     ports:
       - 3000:3000
     volumes:
-      - ../../apps/web/example/cert.p12:/opt/documenso/cert.p12
+      - ../../apps/remix/example/cert.p12:/opt/documenso/cert.p12
diff --git a/render.yaml b/render.yaml
index 07a90f0b1..a3d7d2a8f 100644
--- a/render.yaml
+++ b/render.yaml
@@ -4,7 +4,7 @@ services:
     name: documenso-app
     plan: free
     buildCommand: npm i && npm run build
-    startCommand: npx prisma migrate deploy --schema packages/prisma/schema.prisma && npx turbo run start --filter=@documenso/web
+    startCommand: npx prisma migrate deploy --schema packages/prisma/schema.prisma && npx turbo run start --filter=@documenso/remix
     healthCheckPath: /api/health
 
     envVars:

From d7e5a9eec7cacb307817d609ddeece0838d0c3ec Mon Sep 17 00:00:00 2001
From: David Nguyen <davidngu28@gmail.com>
Date: Mon, 25 Aug 2025 08:23:12 +1000
Subject: [PATCH 08/17] fix: refactor document router (#1990)

---
 .../dialogs/document-delete-dialog.tsx        |   2 +-
 .../dialogs/document-duplicate-dialog.tsx     |   5 +-
 .../dialogs/document-resend-dialog.tsx        |   2 +-
 .../components/general/app-command-menu.tsx   |   2 +-
 .../document-audit-log-download-button.tsx    |   2 +-
 .../document/document-drop-zone-wrapper.tsx   |   2 +-
 .../general/document/document-edit-form.tsx   |  50 +-
 .../document/document-page-view-button.tsx    |   2 +-
 .../document/document-page-view-dropdown.tsx  |   4 +-
 .../document-page-view-recent-activity.tsx    |   2 +-
 .../general/document/document-upload.tsx      |   2 +-
 .../general/legacy-field-warning-popover.tsx  |   2 +-
 .../template-page-view-documents-table.tsx    |   2 +-
 .../template-page-view-recent-activity.tsx    |   2 +-
 .../components/tables/document-logs-table.tsx |   2 +-
 .../tables/documents-table-action-button.tsx  |   2 +-
 .../documents-table-action-dropdown.tsx       |   4 +-
 .../app/components/tables/documents-table.tsx |   2 +-
 .../app/components/tables/inbox-table.tsx     |   5 +-
 .../t.$teamUrl+/documents._index.tsx          |   6 +-
 .../lib/utils/handle-oauth-callback-url.ts    |   6 +-
 .../send-document-cancelled-emails.handler.ts |   8 +-
 ...rganisation-member-joined-email.handler.ts |  16 +-
 ...-organisation-member-left-email.handler.ts |  13 +-
 .../send-recipient-signed-email.handler.ts    |   8 +-
 .../emails/send-rejection-emails.handler.ts   |   8 +-
 .../document/create-document-v2.ts            |   4 +-
 .../server-only/document/find-documents.ts    |   7 +-
 .../document/get-document-by-token.ts         |  17 +-
 .../get-document-with-details-by-id.ts        |   3 -
 .../document/reject-document-with-token.ts    |   8 +-
 .../document/send-completed-email.ts          |   8 +-
 .../server-only/document/send-delete-email.ts |   8 +-
 .../document/super-delete-document.ts         |   8 +-
 .../create-document-from-direct-template.ts   |   8 +-
 .../lib/server-only/user/reset-password.ts    |   9 +-
 packages/lib/server-only/user/verify-email.ts |   8 +-
 .../mask-recipient-tokens-for-document.ts     |   2 +-
 .../create-document-temporary.ts              |  81 ++
 .../create-document-temporary.types.ts        | 120 +++
 .../server/document-router/create-document.ts |  47 ++
 .../document-router/create-document.types.ts  |  27 +
 .../server/document-router/delete-document.ts |  35 +
 .../document-router/delete-document.types.ts  |  22 +
 .../document-router/distribute-document.ts    |  50 ++
 .../distribute-document.types.ts              |  48 ++
 .../download-document-audit-logs.ts           |  47 ++
 .../download-document-audit-logs.types.ts     |  16 +
 .../download-document-certificate.ts          |  46 ++
 .../download-document-certificate.types.ts    |  16 +
 .../document-router/download-document.ts      |  16 +-
 .../download-document.types.ts                |  32 +
 .../document-router/duplicate-document.ts     |  29 +
 .../duplicate-document.types.ts               |  23 +
 .../find-document-audit-logs.ts               |  41 +
 .../find-document-audit-logs.types.ts         |  20 +
 .../find-documents-internal.ts                |  74 ++
 .../find-documents-internal.types.ts          |  29 +
 .../server/document-router/find-documents.ts  |  43 ++
 .../document-router/find-documents.types.ts   |  42 +
 .../document-router/get-document-by-token.ts  |  43 ++
 .../get-document-by-token.types.ts            |  14 +
 .../server/document-router/get-document.ts    |  29 +
 .../document-router/get-document.types.ts     |  24 +
 .../document-router/redistribute-document.ts  |  35 +
 .../redistribute-document.types.ts            |  28 +
 .../trpc/server/document-router/router.ts     | 722 +-----------------
 .../trpc/server/document-router/schema.ts     | 287 +------
 .../server/document-router/search-document.ts |  21 +
 .../document-router/search-document.types.ts  |  16 +
 .../create-organisation-group.ts              |   8 +-
 71 files changed, 1310 insertions(+), 1072 deletions(-)
 create mode 100644 packages/trpc/server/document-router/create-document-temporary.ts
 create mode 100644 packages/trpc/server/document-router/create-document-temporary.types.ts
 create mode 100644 packages/trpc/server/document-router/create-document.ts
 create mode 100644 packages/trpc/server/document-router/create-document.types.ts
 create mode 100644 packages/trpc/server/document-router/delete-document.ts
 create mode 100644 packages/trpc/server/document-router/delete-document.types.ts
 create mode 100644 packages/trpc/server/document-router/distribute-document.ts
 create mode 100644 packages/trpc/server/document-router/distribute-document.types.ts
 create mode 100644 packages/trpc/server/document-router/download-document-audit-logs.ts
 create mode 100644 packages/trpc/server/document-router/download-document-audit-logs.types.ts
 create mode 100644 packages/trpc/server/document-router/download-document-certificate.ts
 create mode 100644 packages/trpc/server/document-router/download-document-certificate.types.ts
 create mode 100644 packages/trpc/server/document-router/download-document.types.ts
 create mode 100644 packages/trpc/server/document-router/duplicate-document.ts
 create mode 100644 packages/trpc/server/document-router/duplicate-document.types.ts
 create mode 100644 packages/trpc/server/document-router/find-document-audit-logs.ts
 create mode 100644 packages/trpc/server/document-router/find-document-audit-logs.types.ts
 create mode 100644 packages/trpc/server/document-router/find-documents-internal.ts
 create mode 100644 packages/trpc/server/document-router/find-documents-internal.types.ts
 create mode 100644 packages/trpc/server/document-router/find-documents.ts
 create mode 100644 packages/trpc/server/document-router/find-documents.types.ts
 create mode 100644 packages/trpc/server/document-router/get-document-by-token.ts
 create mode 100644 packages/trpc/server/document-router/get-document-by-token.types.ts
 create mode 100644 packages/trpc/server/document-router/get-document.ts
 create mode 100644 packages/trpc/server/document-router/get-document.types.ts
 create mode 100644 packages/trpc/server/document-router/redistribute-document.ts
 create mode 100644 packages/trpc/server/document-router/redistribute-document.types.ts
 create mode 100644 packages/trpc/server/document-router/search-document.ts
 create mode 100644 packages/trpc/server/document-router/search-document.types.ts

diff --git a/apps/remix/app/components/dialogs/document-delete-dialog.tsx b/apps/remix/app/components/dialogs/document-delete-dialog.tsx
index 746ef1570..a802387ef 100644
--- a/apps/remix/app/components/dialogs/document-delete-dialog.tsx
+++ b/apps/remix/app/components/dialogs/document-delete-dialog.tsx
@@ -49,7 +49,7 @@ export const DocumentDeleteDialog = ({
   const [inputValue, setInputValue] = useState('');
   const [isDeleteEnabled, setIsDeleteEnabled] = useState(status === DocumentStatus.DRAFT);
 
-  const { mutateAsync: deleteDocument, isPending } = trpcReact.document.deleteDocument.useMutation({
+  const { mutateAsync: deleteDocument, isPending } = trpcReact.document.delete.useMutation({
     onSuccess: async () => {
       void refreshLimits();
 
diff --git a/apps/remix/app/components/dialogs/document-duplicate-dialog.tsx b/apps/remix/app/components/dialogs/document-duplicate-dialog.tsx
index bb87f99dc..57146ed9f 100644
--- a/apps/remix/app/components/dialogs/document-duplicate-dialog.tsx
+++ b/apps/remix/app/components/dialogs/document-duplicate-dialog.tsx
@@ -36,11 +36,12 @@ export const DocumentDuplicateDialog = ({
 
   const team = useCurrentTeam();
 
-  const { data: document, isLoading } = trpcReact.document.getDocumentById.useQuery(
+  const { data: document, isLoading } = trpcReact.document.get.useQuery(
     {
       documentId: id,
     },
     {
+      queryHash: `document-duplicate-dialog-${id}`,
       enabled: open === true,
     },
   );
@@ -55,7 +56,7 @@ export const DocumentDuplicateDialog = ({
   const documentsPath = formatDocumentsPath(team.url);
 
   const { mutateAsync: duplicateDocument, isPending: isDuplicateLoading } =
-    trpcReact.document.duplicateDocument.useMutation({
+    trpcReact.document.duplicate.useMutation({
       onSuccess: async ({ documentId }) => {
         toast({
           title: _(msg`Document Duplicated`),
diff --git a/apps/remix/app/components/dialogs/document-resend-dialog.tsx b/apps/remix/app/components/dialogs/document-resend-dialog.tsx
index b3dc69503..e1a97ecc1 100644
--- a/apps/remix/app/components/dialogs/document-resend-dialog.tsx
+++ b/apps/remix/app/components/dialogs/document-resend-dialog.tsx
@@ -71,7 +71,7 @@ export const DocumentResendDialog = ({ document, recipients }: DocumentResendDia
     document.status !== 'PENDING' ||
     !recipients.some((r) => r.signingStatus === SigningStatus.NOT_SIGNED);
 
-  const { mutateAsync: resendDocument } = trpcReact.document.resendDocument.useMutation();
+  const { mutateAsync: resendDocument } = trpcReact.document.redistribute.useMutation();
 
   const form = useForm<TResendDocumentFormSchema>({
     resolver: zodResolver(ZResendDocumentFormSchema),
diff --git a/apps/remix/app/components/general/app-command-menu.tsx b/apps/remix/app/components/general/app-command-menu.tsx
index 9e9724d2e..2305bc6af 100644
--- a/apps/remix/app/components/general/app-command-menu.tsx
+++ b/apps/remix/app/components/general/app-command-menu.tsx
@@ -64,7 +64,7 @@ export function AppCommandMenu({ open, onOpenChange }: AppCommandMenuProps) {
   const [pages, setPages] = useState<string[]>([]);
 
   const { data: searchDocumentsData, isPending: isSearchingDocuments } =
-    trpcReact.document.searchDocuments.useQuery(
+    trpcReact.document.search.useQuery(
       {
         query: search,
       },
diff --git a/apps/remix/app/components/general/document/document-audit-log-download-button.tsx b/apps/remix/app/components/general/document/document-audit-log-download-button.tsx
index fb531eb37..77e90eff8 100644
--- a/apps/remix/app/components/general/document/document-audit-log-download-button.tsx
+++ b/apps/remix/app/components/general/document/document-audit-log-download-button.tsx
@@ -21,7 +21,7 @@ export const DocumentAuditLogDownloadButton = ({
   const { _ } = useLingui();
 
   const { mutateAsync: downloadAuditLogs, isPending } =
-    trpc.document.downloadAuditLogs.useMutation();
+    trpc.document.auditLog.download.useMutation();
 
   const onDownloadAuditLogsClick = async () => {
     try {
diff --git a/apps/remix/app/components/general/document/document-drop-zone-wrapper.tsx b/apps/remix/app/components/general/document/document-drop-zone-wrapper.tsx
index 16a52194e..e5fe18636 100644
--- a/apps/remix/app/components/general/document/document-drop-zone-wrapper.tsx
+++ b/apps/remix/app/components/general/document/document-drop-zone-wrapper.tsx
@@ -49,7 +49,7 @@ export const DocumentDropZoneWrapper = ({ children, className }: DocumentDropZon
 
   const { quota, remaining, refreshLimits } = useLimits();
 
-  const { mutateAsync: createDocument } = trpc.document.createDocument.useMutation();
+  const { mutateAsync: createDocument } = trpc.document.create.useMutation();
 
   const isUploadDisabled = remaining.documents === 0 || !user.emailVerified;
 
diff --git a/apps/remix/app/components/general/document/document-edit-form.tsx b/apps/remix/app/components/general/document/document-edit-form.tsx
index e03744164..df73d92b6 100644
--- a/apps/remix/app/components/general/document/document-edit-form.tsx
+++ b/apps/remix/app/components/general/document/document-edit-form.tsx
@@ -59,23 +59,22 @@ export const DocumentEditForm = ({
 
   const utils = trpc.useUtils();
 
-  const { data: document, refetch: refetchDocument } =
-    trpc.document.getDocumentWithDetailsById.useQuery(
-      {
-        documentId: initialDocument.id,
-      },
-      {
-        initialData: initialDocument,
-        ...SKIP_QUERY_BATCH_META,
-      },
-    );
+  const { data: document, refetch: refetchDocument } = trpc.document.get.useQuery(
+    {
+      documentId: initialDocument.id,
+    },
+    {
+      initialData: initialDocument,
+      ...SKIP_QUERY_BATCH_META,
+    },
+  );
 
   const { recipients, fields } = document;
 
-  const { mutateAsync: updateDocument } = trpc.document.updateDocument.useMutation({
+  const { mutateAsync: updateDocument } = trpc.document.update.useMutation({
     ...DO_NOT_INVALIDATE_QUERY_ON_MUTATION,
     onSuccess: (newData) => {
-      utils.document.getDocumentWithDetailsById.setData(
+      utils.document.get.setData(
         {
           documentId: initialDocument.id,
         },
@@ -84,23 +83,10 @@ export const DocumentEditForm = ({
     },
   });
 
-  const { mutateAsync: setSigningOrderForDocument } =
-    trpc.document.setSigningOrderForDocument.useMutation({
-      ...DO_NOT_INVALIDATE_QUERY_ON_MUTATION,
-      onSuccess: (newData) => {
-        utils.document.getDocumentWithDetailsById.setData(
-          {
-            documentId: initialDocument.id,
-          },
-          (oldData) => ({ ...(oldData || initialDocument), ...newData, id: Number(newData.id) }),
-        );
-      },
-    });
-
   const { mutateAsync: addFields } = trpc.field.addFields.useMutation({
     ...DO_NOT_INVALIDATE_QUERY_ON_MUTATION,
     onSuccess: ({ fields: newFields }) => {
-      utils.document.getDocumentWithDetailsById.setData(
+      utils.document.get.setData(
         {
           documentId: initialDocument.id,
         },
@@ -112,7 +98,7 @@ export const DocumentEditForm = ({
   const { mutateAsync: setRecipients } = trpc.recipient.setDocumentRecipients.useMutation({
     ...DO_NOT_INVALIDATE_QUERY_ON_MUTATION,
     onSuccess: ({ recipients: newRecipients }) => {
-      utils.document.getDocumentWithDetailsById.setData(
+      utils.document.get.setData(
         {
           documentId: initialDocument.id,
         },
@@ -121,10 +107,10 @@ export const DocumentEditForm = ({
     },
   });
 
-  const { mutateAsync: sendDocument } = trpc.document.sendDocument.useMutation({
+  const { mutateAsync: sendDocument } = trpc.document.distribute.useMutation({
     ...DO_NOT_INVALIDATE_QUERY_ON_MUTATION,
     onSuccess: (newData) => {
-      utils.document.getDocumentWithDetailsById.setData(
+      utils.document.get.setData(
         {
           documentId: initialDocument.id,
         },
@@ -216,15 +202,11 @@ export const DocumentEditForm = ({
   const onAddSignersFormSubmit = async (data: TAddSignersFormSchema) => {
     try {
       await Promise.all([
-        setSigningOrderForDocument({
-          documentId: document.id,
-          signingOrder: data.signingOrder,
-        }),
-
         updateDocument({
           documentId: document.id,
           meta: {
             allowDictateNextSigner: data.allowDictateNextSigner,
+            signingOrder: data.signingOrder,
           },
         }),
 
diff --git a/apps/remix/app/components/general/document/document-page-view-button.tsx b/apps/remix/app/components/general/document/document-page-view-button.tsx
index 55f6d85c2..e5fea4d2b 100644
--- a/apps/remix/app/components/general/document/document-page-view-button.tsx
+++ b/apps/remix/app/components/general/document/document-page-view-button.tsx
@@ -42,7 +42,7 @@ export const DocumentPageViewButton = ({ document }: DocumentPageViewButtonProps
 
   const onDownloadClick = async () => {
     try {
-      const documentWithData = await trpcClient.document.getDocumentById.query(
+      const documentWithData = await trpcClient.document.get.query(
         {
           documentId: document.id,
         },
diff --git a/apps/remix/app/components/general/document/document-page-view-dropdown.tsx b/apps/remix/app/components/general/document/document-page-view-dropdown.tsx
index c4043de3a..326c7553c 100644
--- a/apps/remix/app/components/general/document/document-page-view-dropdown.tsx
+++ b/apps/remix/app/components/general/document/document-page-view-dropdown.tsx
@@ -71,7 +71,7 @@ export const DocumentPageViewDropdown = ({ document }: DocumentPageViewDropdownP
 
   const onDownloadClick = async () => {
     try {
-      const documentWithData = await trpcClient.document.getDocumentById.query(
+      const documentWithData = await trpcClient.document.get.query(
         {
           documentId: document.id,
         },
@@ -100,7 +100,7 @@ export const DocumentPageViewDropdown = ({ document }: DocumentPageViewDropdownP
 
   const onDownloadOriginalClick = async () => {
     try {
-      const documentWithData = await trpcClient.document.getDocumentById.query(
+      const documentWithData = await trpcClient.document.get.query(
         {
           documentId: document.id,
         },
diff --git a/apps/remix/app/components/general/document/document-page-view-recent-activity.tsx b/apps/remix/app/components/general/document/document-page-view-recent-activity.tsx
index 10beae93b..abeeacbc4 100644
--- a/apps/remix/app/components/general/document/document-page-view-recent-activity.tsx
+++ b/apps/remix/app/components/general/document/document-page-view-recent-activity.tsx
@@ -32,7 +32,7 @@ export const DocumentPageViewRecentActivity = ({
     hasNextPage,
     fetchNextPage,
     isFetchingNextPage,
-  } = trpc.document.findDocumentAuditLogs.useInfiniteQuery(
+  } = trpc.document.auditLog.find.useInfiniteQuery(
     {
       documentId,
       filterForRecentActivity: true,
diff --git a/apps/remix/app/components/general/document/document-upload.tsx b/apps/remix/app/components/general/document/document-upload.tsx
index c21fcc5f0..b86a12ecc 100644
--- a/apps/remix/app/components/general/document/document-upload.tsx
+++ b/apps/remix/app/components/general/document/document-upload.tsx
@@ -52,7 +52,7 @@ export const DocumentUploadDropzone = ({ className }: DocumentUploadDropzoneProp
 
   const [isLoading, setIsLoading] = useState(false);
 
-  const { mutateAsync: createDocument } = trpc.document.createDocument.useMutation();
+  const { mutateAsync: createDocument } = trpc.document.create.useMutation();
 
   const disabledMessage = useMemo(() => {
     if (organisation.subscription && remaining.documents === 0) {
diff --git a/apps/remix/app/components/general/legacy-field-warning-popover.tsx b/apps/remix/app/components/general/legacy-field-warning-popover.tsx
index 6bd489c27..3165b1be7 100644
--- a/apps/remix/app/components/general/legacy-field-warning-popover.tsx
+++ b/apps/remix/app/components/general/legacy-field-warning-popover.tsx
@@ -28,7 +28,7 @@ export const LegacyFieldWarningPopover = ({
   const { mutateAsync: updateTemplate, isPending: isUpdatingTemplate } =
     trpc.template.updateTemplate.useMutation();
   const { mutateAsync: updateDocument, isPending: isUpdatingDocument } =
-    trpc.document.updateDocument.useMutation();
+    trpc.document.update.useMutation();
 
   const onUpdateFieldsClick = async () => {
     if (type === 'document') {
diff --git a/apps/remix/app/components/general/template/template-page-view-documents-table.tsx b/apps/remix/app/components/general/template/template-page-view-documents-table.tsx
index bef9189d5..6072a8846 100644
--- a/apps/remix/app/components/general/template/template-page-view-documents-table.tsx
+++ b/apps/remix/app/components/general/template/template-page-view-documents-table.tsx
@@ -67,7 +67,7 @@ export const TemplatePageViewDocumentsTable = ({
     Object.fromEntries(searchParams ?? []),
   );
 
-  const { data, isLoading, isLoadingError } = trpc.document.findDocuments.useQuery(
+  const { data, isLoading, isLoadingError } = trpc.document.find.useQuery(
     {
       templateId,
       page: parsedSearchParams.page,
diff --git a/apps/remix/app/components/general/template/template-page-view-recent-activity.tsx b/apps/remix/app/components/general/template/template-page-view-recent-activity.tsx
index e0f3f67c9..9b39a27a8 100644
--- a/apps/remix/app/components/general/template/template-page-view-recent-activity.tsx
+++ b/apps/remix/app/components/general/template/template-page-view-recent-activity.tsx
@@ -18,7 +18,7 @@ export const TemplatePageViewRecentActivity = ({
   templateId,
   documentRootPath,
 }: TemplatePageViewRecentActivityProps) => {
-  const { data, isLoading, isLoadingError, refetch } = trpc.document.findDocuments.useQuery({
+  const { data, isLoading, isLoadingError, refetch } = trpc.document.find.useQuery({
     templateId,
     orderByColumn: 'createdAt',
     orderByDirection: 'asc',
diff --git a/apps/remix/app/components/tables/document-logs-table.tsx b/apps/remix/app/components/tables/document-logs-table.tsx
index 8cdae26d5..a042c6a44 100644
--- a/apps/remix/app/components/tables/document-logs-table.tsx
+++ b/apps/remix/app/components/tables/document-logs-table.tsx
@@ -34,7 +34,7 @@ export const DocumentLogsTable = ({ documentId }: DocumentLogsTableProps) => {
 
   const parsedSearchParams = ZUrlSearchParamsSchema.parse(Object.fromEntries(searchParams ?? []));
 
-  const { data, isLoading, isLoadingError } = trpc.document.findDocumentAuditLogs.useQuery(
+  const { data, isLoading, isLoadingError } = trpc.document.auditLog.find.useQuery(
     {
       documentId,
       page: parsedSearchParams.page,
diff --git a/apps/remix/app/components/tables/documents-table-action-button.tsx b/apps/remix/app/components/tables/documents-table-action-button.tsx
index 1333ca912..c1d68c133 100644
--- a/apps/remix/app/components/tables/documents-table-action-button.tsx
+++ b/apps/remix/app/components/tables/documents-table-action-button.tsx
@@ -45,7 +45,7 @@ export const DocumentsTableActionButton = ({ row }: DocumentsTableActionButtonPr
   const onDownloadClick = async () => {
     try {
       const document = !recipient
-        ? await trpcClient.document.getDocumentById.query(
+        ? await trpcClient.document.get.query(
             {
               documentId: row.id,
             },
diff --git a/apps/remix/app/components/tables/documents-table-action-dropdown.tsx b/apps/remix/app/components/tables/documents-table-action-dropdown.tsx
index 1186afb18..8114c6cc1 100644
--- a/apps/remix/app/components/tables/documents-table-action-dropdown.tsx
+++ b/apps/remix/app/components/tables/documents-table-action-dropdown.tsx
@@ -77,7 +77,7 @@ export const DocumentsTableActionDropdown = ({
   const onDownloadClick = async () => {
     try {
       const document = !recipient
-        ? await trpcClient.document.getDocumentById.query({
+        ? await trpcClient.document.get.query({
             documentId: row.id,
           })
         : await trpcClient.document.getDocumentByToken.query({
@@ -103,7 +103,7 @@ export const DocumentsTableActionDropdown = ({
   const onDownloadOriginalClick = async () => {
     try {
       const document = !recipient
-        ? await trpcClient.document.getDocumentById.query({
+        ? await trpcClient.document.get.query({
             documentId: row.id,
           })
         : await trpcClient.document.getDocumentByToken.query({
diff --git a/apps/remix/app/components/tables/documents-table.tsx b/apps/remix/app/components/tables/documents-table.tsx
index fa5be7d2d..a003f4d0d 100644
--- a/apps/remix/app/components/tables/documents-table.tsx
+++ b/apps/remix/app/components/tables/documents-table.tsx
@@ -11,7 +11,7 @@ import { useUpdateSearchParams } from '@documenso/lib/client-only/hooks/use-upda
 import { useSession } from '@documenso/lib/client-only/providers/session';
 import { isDocumentCompleted } from '@documenso/lib/utils/document';
 import { formatDocumentsPath } from '@documenso/lib/utils/teams';
-import type { TFindDocumentsResponse } from '@documenso/trpc/server/document-router/schema';
+import type { TFindDocumentsResponse } from '@documenso/trpc/server/document-router/find-documents.types';
 import type { DataTableColumnDef } from '@documenso/ui/primitives/data-table';
 import { DataTable } from '@documenso/ui/primitives/data-table';
 import { DataTablePagination } from '@documenso/ui/primitives/data-table-pagination';
diff --git a/apps/remix/app/components/tables/inbox-table.tsx b/apps/remix/app/components/tables/inbox-table.tsx
index 45f837c17..f2d138e0d 100644
--- a/apps/remix/app/components/tables/inbox-table.tsx
+++ b/apps/remix/app/components/tables/inbox-table.tsx
@@ -17,7 +17,6 @@ import { isDocumentCompleted } from '@documenso/lib/utils/document';
 import { trpc as trpcClient } from '@documenso/trpc/client';
 import { trpc } from '@documenso/trpc/react';
 import type { TFindInboxResponse } from '@documenso/trpc/server/document-router/find-inbox.types';
-import type { TFindDocumentsResponse } from '@documenso/trpc/server/document-router/schema';
 import { Button } from '@documenso/ui/primitives/button';
 import type { DataTableColumnDef } from '@documenso/ui/primitives/data-table';
 import { DataTable } from '@documenso/ui/primitives/data-table';
@@ -32,12 +31,12 @@ import { useOptionalCurrentTeam } from '~/providers/team';
 import { StackAvatarsWithTooltip } from '../general/stack-avatars-with-tooltip';
 
 export type DocumentsTableProps = {
-  data?: TFindDocumentsResponse;
+  data?: TFindInboxResponse;
   isLoading?: boolean;
   isLoadingError?: boolean;
 };
 
-type DocumentsTableRow = TFindDocumentsResponse['data'][number];
+type DocumentsTableRow = TFindInboxResponse['data'][number];
 
 export const InboxTable = () => {
   const { _, i18n } = useLingui();
diff --git a/apps/remix/app/routes/_authenticated+/t.$teamUrl+/documents._index.tsx b/apps/remix/app/routes/_authenticated+/t.$teamUrl+/documents._index.tsx
index 02ae85896..eac87bae7 100644
--- a/apps/remix/app/routes/_authenticated+/t.$teamUrl+/documents._index.tsx
+++ b/apps/remix/app/routes/_authenticated+/t.$teamUrl+/documents._index.tsx
@@ -12,10 +12,8 @@ import { parseToIntegerArray } from '@documenso/lib/utils/params';
 import { formatDocumentsPath } from '@documenso/lib/utils/teams';
 import { ExtendedDocumentStatus } from '@documenso/prisma/types/extended-document-status';
 import { trpc } from '@documenso/trpc/react';
-import {
-  type TFindDocumentsInternalResponse,
-  ZFindDocumentsInternalRequestSchema,
-} from '@documenso/trpc/server/document-router/schema';
+import type { TFindDocumentsInternalResponse } from '@documenso/trpc/server/document-router/find-documents-internal.types';
+import { ZFindDocumentsInternalRequestSchema } from '@documenso/trpc/server/document-router/find-documents-internal.types';
 import { Avatar, AvatarFallback, AvatarImage } from '@documenso/ui/primitives/avatar';
 import { Tabs, TabsList, TabsTrigger } from '@documenso/ui/primitives/tabs';
 
diff --git a/packages/auth/server/lib/utils/handle-oauth-callback-url.ts b/packages/auth/server/lib/utils/handle-oauth-callback-url.ts
index 76ec6a607..96967cc4e 100644
--- a/packages/auth/server/lib/utils/handle-oauth-callback-url.ts
+++ b/packages/auth/server/lib/utils/handle-oauth-callback-url.ts
@@ -92,7 +92,11 @@ export const handleOAuthCallbackUrl = async (options: HandleOAuthCallbackUrlOpti
       providerAccountId: sub,
     },
     include: {
-      user: true,
+      user: {
+        select: {
+          id: true,
+        },
+      },
     },
   });
 
diff --git a/packages/lib/jobs/definitions/emails/send-document-cancelled-emails.handler.ts b/packages/lib/jobs/definitions/emails/send-document-cancelled-emails.handler.ts
index 5140c95ee..c17d7fc48 100644
--- a/packages/lib/jobs/definitions/emails/send-document-cancelled-emails.handler.ts
+++ b/packages/lib/jobs/definitions/emails/send-document-cancelled-emails.handler.ts
@@ -29,7 +29,13 @@ export const run = async ({
       id: documentId,
     },
     include: {
-      user: true,
+      user: {
+        select: {
+          id: true,
+          email: true,
+          name: true,
+        },
+      },
       documentMeta: true,
       recipients: true,
       team: {
diff --git a/packages/lib/jobs/definitions/emails/send-organisation-member-joined-email.handler.ts b/packages/lib/jobs/definitions/emails/send-organisation-member-joined-email.handler.ts
index 444ce2985..db8ac2980 100644
--- a/packages/lib/jobs/definitions/emails/send-organisation-member-joined-email.handler.ts
+++ b/packages/lib/jobs/definitions/emails/send-organisation-member-joined-email.handler.ts
@@ -39,7 +39,13 @@ export const run = async ({
           },
         },
         include: {
-          user: true,
+          user: {
+            select: {
+              id: true,
+              email: true,
+              name: true,
+            },
+          },
         },
       },
     },
@@ -51,7 +57,13 @@ export const run = async ({
       organisationId: payload.organisationId,
     },
     include: {
-      user: true,
+      user: {
+        select: {
+          id: true,
+          email: true,
+          name: true,
+        },
+      },
     },
   });
 
diff --git a/packages/lib/jobs/definitions/emails/send-organisation-member-left-email.handler.ts b/packages/lib/jobs/definitions/emails/send-organisation-member-left-email.handler.ts
index 2bfc88aef..babfc7396 100644
--- a/packages/lib/jobs/definitions/emails/send-organisation-member-left-email.handler.ts
+++ b/packages/lib/jobs/definitions/emails/send-organisation-member-left-email.handler.ts
@@ -39,7 +39,13 @@ export const run = async ({
           },
         },
         include: {
-          user: true,
+          user: {
+            select: {
+              id: true,
+              email: true,
+              name: true,
+            },
+          },
         },
       },
     },
@@ -49,6 +55,11 @@ export const run = async ({
     where: {
       id: payload.memberUserId,
     },
+    select: {
+      id: true,
+      email: true,
+      name: true,
+    },
   });
 
   const { branding, emailLanguage, senderEmail } = await getEmailContext({
diff --git a/packages/lib/jobs/definitions/emails/send-recipient-signed-email.handler.ts b/packages/lib/jobs/definitions/emails/send-recipient-signed-email.handler.ts
index 8912362d7..7f201f0ef 100644
--- a/packages/lib/jobs/definitions/emails/send-recipient-signed-email.handler.ts
+++ b/packages/lib/jobs/definitions/emails/send-recipient-signed-email.handler.ts
@@ -38,7 +38,13 @@ export const run = async ({
           id: recipientId,
         },
       },
-      user: true,
+      user: {
+        select: {
+          id: true,
+          email: true,
+          name: true,
+        },
+      },
       documentMeta: true,
     },
   });
diff --git a/packages/lib/jobs/definitions/emails/send-rejection-emails.handler.ts b/packages/lib/jobs/definitions/emails/send-rejection-emails.handler.ts
index d69304a12..f162ca134 100644
--- a/packages/lib/jobs/definitions/emails/send-rejection-emails.handler.ts
+++ b/packages/lib/jobs/definitions/emails/send-rejection-emails.handler.ts
@@ -33,7 +33,13 @@ export const run = async ({
         id: documentId,
       },
       include: {
-        user: true,
+        user: {
+          select: {
+            id: true,
+            email: true,
+            name: true,
+          },
+        },
         documentMeta: true,
         team: {
           select: {
diff --git a/packages/lib/server-only/document/create-document-v2.ts b/packages/lib/server-only/document/create-document-v2.ts
index 4a23d67c7..4fe6103d8 100644
--- a/packages/lib/server-only/document/create-document-v2.ts
+++ b/packages/lib/server-only/document/create-document-v2.ts
@@ -15,7 +15,7 @@ import type { ApiRequestMetadata } from '@documenso/lib/universal/extract-reques
 import { nanoid, prefixedId } from '@documenso/lib/universal/id';
 import { createDocumentAuditLogData } from '@documenso/lib/utils/document-audit-logs';
 import { prisma } from '@documenso/prisma';
-import type { TCreateDocumentV2Request } from '@documenso/trpc/server/document-router/schema';
+import type { TCreateDocumentTemporaryRequest } from '@documenso/trpc/server/document-router/create-document-temporary.types';
 
 import type { TDocumentAccessAuthTypes, TDocumentActionAuthTypes } from '../../types/document-auth';
 import type { TDocumentFormValues } from '../../types/document-form-values';
@@ -45,7 +45,7 @@ export type CreateDocumentOptions = {
     globalAccessAuth?: TDocumentAccessAuthTypes[];
     globalActionAuth?: TDocumentActionAuthTypes[];
     formValues?: TDocumentFormValues;
-    recipients: TCreateDocumentV2Request['recipients'];
+    recipients: TCreateDocumentTemporaryRequest['recipients'];
     folderId?: string;
   };
   meta?: Partial<Omit<TemplateMeta, 'id' | 'templateId'>>;
diff --git a/packages/lib/server-only/document/find-documents.ts b/packages/lib/server-only/document/find-documents.ts
index e6b2bde42..97dd07582 100644
--- a/packages/lib/server-only/document/find-documents.ts
+++ b/packages/lib/server-only/document/find-documents.ts
@@ -49,6 +49,11 @@ export const findDocuments = async ({
     where: {
       id: userId,
     },
+    select: {
+      id: true,
+      email: true,
+      name: true,
+    },
   });
 
   let team = null;
@@ -267,7 +272,7 @@ export const findDocuments = async ({
 
 const findDocumentsFilter = (
   status: ExtendedDocumentStatus,
-  user: User,
+  user: Pick<User, 'id' | 'email' | 'name'>,
   folderId?: string | null,
 ) => {
   return match<ExtendedDocumentStatus, Prisma.DocumentWhereInput>(status)
diff --git a/packages/lib/server-only/document/get-document-by-token.ts b/packages/lib/server-only/document/get-document-by-token.ts
index b91427328..e062a7824 100644
--- a/packages/lib/server-only/document/get-document-by-token.ts
+++ b/packages/lib/server-only/document/get-document-by-token.ts
@@ -73,7 +73,13 @@ export const getDocumentAndSenderByToken = async ({
       },
     },
     include: {
-      user: true,
+      user: {
+        select: {
+          id: true,
+          email: true,
+          name: true,
+        },
+      },
       documentData: true,
       documentMeta: true,
       recipients: {
@@ -90,9 +96,6 @@ export const getDocumentAndSenderByToken = async ({
     },
   });
 
-  // eslint-disable-next-line no-unused-vars, @typescript-eslint/no-unused-vars
-  const { password: _password, ...user } = result.user;
-
   const recipient = result.recipients[0];
 
   // Sanity check, should not be possible.
@@ -120,7 +123,11 @@ export const getDocumentAndSenderByToken = async ({
 
   return {
     ...result,
-    user,
+    user: {
+      id: result.user.id,
+      email: result.user.email,
+      name: result.user.name,
+    },
   };
 };
 
diff --git a/packages/lib/server-only/document/get-document-with-details-by-id.ts b/packages/lib/server-only/document/get-document-with-details-by-id.ts
index a889c410b..2a93156a7 100644
--- a/packages/lib/server-only/document/get-document-with-details-by-id.ts
+++ b/packages/lib/server-only/document/get-document-with-details-by-id.ts
@@ -7,14 +7,12 @@ export type GetDocumentWithDetailsByIdOptions = {
   documentId: number;
   userId: number;
   teamId: number;
-  folderId?: string;
 };
 
 export const getDocumentWithDetailsById = async ({
   documentId,
   userId,
   teamId,
-  folderId,
 }: GetDocumentWithDetailsByIdOptions) => {
   const { documentWhereInput } = await getDocumentWhereInput({
     documentId,
@@ -25,7 +23,6 @@ export const getDocumentWithDetailsById = async ({
   const document = await prisma.document.findFirst({
     where: {
       ...documentWhereInput,
-      folderId,
     },
     include: {
       documentData: true,
diff --git a/packages/lib/server-only/document/reject-document-with-token.ts b/packages/lib/server-only/document/reject-document-with-token.ts
index f0c5764ef..2de1d0e81 100644
--- a/packages/lib/server-only/document/reject-document-with-token.ts
+++ b/packages/lib/server-only/document/reject-document-with-token.ts
@@ -28,13 +28,7 @@ export async function rejectDocumentWithToken({
       documentId,
     },
     include: {
-      document: {
-        include: {
-          user: true,
-          recipients: true,
-          documentMeta: true,
-        },
-      },
+      document: true,
     },
   });
 
diff --git a/packages/lib/server-only/document/send-completed-email.ts b/packages/lib/server-only/document/send-completed-email.ts
index b4392f891..b5e5ba256 100644
--- a/packages/lib/server-only/document/send-completed-email.ts
+++ b/packages/lib/server-only/document/send-completed-email.ts
@@ -33,7 +33,13 @@ export const sendCompletedEmail = async ({ documentId, requestMetadata }: SendDo
       documentData: true,
       documentMeta: true,
       recipients: true,
-      user: true,
+      user: {
+        select: {
+          id: true,
+          email: true,
+          name: true,
+        },
+      },
       team: {
         select: {
           id: true,
diff --git a/packages/lib/server-only/document/send-delete-email.ts b/packages/lib/server-only/document/send-delete-email.ts
index 8d786ff0b..e76ac636b 100644
--- a/packages/lib/server-only/document/send-delete-email.ts
+++ b/packages/lib/server-only/document/send-delete-email.ts
@@ -24,7 +24,13 @@ export const sendDeleteEmail = async ({ documentId, reason }: SendDeleteEmailOpt
       id: documentId,
     },
     include: {
-      user: true,
+      user: {
+        select: {
+          id: true,
+          email: true,
+          name: true,
+        },
+      },
       documentMeta: true,
     },
   });
diff --git a/packages/lib/server-only/document/super-delete-document.ts b/packages/lib/server-only/document/super-delete-document.ts
index 87ab1a98f..ab6321c5e 100644
--- a/packages/lib/server-only/document/super-delete-document.ts
+++ b/packages/lib/server-only/document/super-delete-document.ts
@@ -30,7 +30,13 @@ export const superDeleteDocument = async ({ id, requestMetadata }: SuperDeleteDo
     include: {
       recipients: true,
       documentMeta: true,
-      user: true,
+      user: {
+        select: {
+          id: true,
+          email: true,
+          name: true,
+        },
+      },
     },
   });
 
diff --git a/packages/lib/server-only/template/create-document-from-direct-template.ts b/packages/lib/server-only/template/create-document-from-direct-template.ts
index bed997aab..a7afd8a1a 100644
--- a/packages/lib/server-only/template/create-document-from-direct-template.ts
+++ b/packages/lib/server-only/template/create-document-from-direct-template.ts
@@ -105,7 +105,13 @@ export const createDocumentFromDirectTemplate = async ({
       directLink: true,
       templateDocumentData: true,
       templateMeta: true,
-      user: true,
+      user: {
+        select: {
+          id: true,
+          email: true,
+          name: true,
+        },
+      },
     },
   });
 
diff --git a/packages/lib/server-only/user/reset-password.ts b/packages/lib/server-only/user/reset-password.ts
index e01555cce..99d796e7b 100644
--- a/packages/lib/server-only/user/reset-password.ts
+++ b/packages/lib/server-only/user/reset-password.ts
@@ -24,7 +24,14 @@ export const resetPassword = async ({ token, password, requestMetadata }: ResetP
       token,
     },
     include: {
-      user: true,
+      user: {
+        select: {
+          id: true,
+          email: true,
+          name: true,
+          password: true,
+        },
+      },
     },
   });
 
diff --git a/packages/lib/server-only/user/verify-email.ts b/packages/lib/server-only/user/verify-email.ts
index 5285b9476..1b3a44e71 100644
--- a/packages/lib/server-only/user/verify-email.ts
+++ b/packages/lib/server-only/user/verify-email.ts
@@ -12,7 +12,13 @@ export type VerifyEmailProps = {
 export const verifyEmail = async ({ token }: VerifyEmailProps) => {
   const verificationToken = await prisma.verificationToken.findFirst({
     include: {
-      user: true,
+      user: {
+        select: {
+          id: true,
+          email: true,
+          name: true,
+        },
+      },
     },
     where: {
       token,
diff --git a/packages/lib/utils/mask-recipient-tokens-for-document.ts b/packages/lib/utils/mask-recipient-tokens-for-document.ts
index c0eff4588..ddadb4f3f 100644
--- a/packages/lib/utils/mask-recipient-tokens-for-document.ts
+++ b/packages/lib/utils/mask-recipient-tokens-for-document.ts
@@ -4,7 +4,7 @@ import type { DocumentWithRecipients } from '@documenso/prisma/types/document-wi
 
 export type MaskRecipientTokensForDocumentOptions<T extends DocumentWithRecipients> = {
   document: T;
-  user?: User;
+  user?: Pick<User, 'id' | 'email' | 'name'>;
   token?: string;
 };
 
diff --git a/packages/trpc/server/document-router/create-document-temporary.ts b/packages/trpc/server/document-router/create-document-temporary.ts
new file mode 100644
index 000000000..fdc64f1d6
--- /dev/null
+++ b/packages/trpc/server/document-router/create-document-temporary.ts
@@ -0,0 +1,81 @@
+import { DocumentDataType } from '@prisma/client';
+
+import { getServerLimits } from '@documenso/ee/server-only/limits/server';
+import { AppError, AppErrorCode } from '@documenso/lib/errors/app-error';
+import { createDocumentData } from '@documenso/lib/server-only/document-data/create-document-data';
+import { createDocumentV2 } from '@documenso/lib/server-only/document/create-document-v2';
+import { getPresignPostUrl } from '@documenso/lib/universal/upload/server-actions';
+
+import { authenticatedProcedure } from '../trpc';
+import {
+  ZCreateDocumentTemporaryRequestSchema,
+  ZCreateDocumentTemporaryResponseSchema,
+  createDocumentTemporaryMeta,
+} from './create-document-temporary.types';
+
+/**
+ * Temporariy endpoint for V2 Beta until we allow passthrough documents on create.
+ *
+ * @public
+ * @deprecated
+ */
+export const createDocumentTemporaryRoute = authenticatedProcedure
+  .meta(createDocumentTemporaryMeta)
+  .input(ZCreateDocumentTemporaryRequestSchema)
+  .output(ZCreateDocumentTemporaryResponseSchema)
+  .mutation(async ({ input, ctx }) => {
+    const { teamId, user } = ctx;
+
+    const {
+      title,
+      externalId,
+      visibility,
+      globalAccessAuth,
+      globalActionAuth,
+      recipients,
+      meta,
+      folderId,
+    } = input;
+
+    const { remaining } = await getServerLimits({ userId: user.id, teamId });
+
+    if (remaining.documents <= 0) {
+      throw new AppError(AppErrorCode.LIMIT_EXCEEDED, {
+        message: 'You have reached your document limit for this month. Please upgrade your plan.',
+        statusCode: 400,
+      });
+    }
+
+    const fileName = title.endsWith('.pdf') ? title : `${title}.pdf`;
+
+    const { url, key } = await getPresignPostUrl(fileName, 'application/pdf');
+
+    const documentData = await createDocumentData({
+      data: key,
+      type: DocumentDataType.S3_PATH,
+    });
+
+    const createdDocument = await createDocumentV2({
+      userId: ctx.user.id,
+      teamId,
+      documentDataId: documentData.id,
+      normalizePdf: false, // Not normalizing because of presigned URL.
+      data: {
+        title,
+        externalId,
+        visibility,
+        globalAccessAuth,
+        globalActionAuth,
+        recipients,
+        folderId,
+      },
+      meta,
+      requestMetadata: ctx.metadata,
+    });
+
+    return {
+      document: createdDocument,
+      folder: createdDocument.folder, // Todo: Remove this prior to api-v2 release.
+      uploadUrl: url,
+    };
+  });
diff --git a/packages/trpc/server/document-router/create-document-temporary.types.ts b/packages/trpc/server/document-router/create-document-temporary.types.ts
new file mode 100644
index 000000000..858b3835a
--- /dev/null
+++ b/packages/trpc/server/document-router/create-document-temporary.types.ts
@@ -0,0 +1,120 @@
+import { DocumentSigningOrder } from '@prisma/client';
+import { z } from 'zod';
+
+import { ZDocumentSchema } from '@documenso/lib/types/document';
+import {
+  ZDocumentAccessAuthTypesSchema,
+  ZDocumentActionAuthTypesSchema,
+} from '@documenso/lib/types/document-auth';
+import { ZDocumentEmailSettingsSchema } from '@documenso/lib/types/document-email';
+import { ZDocumentFormValuesSchema } from '@documenso/lib/types/document-form-values';
+import {
+  ZFieldHeightSchema,
+  ZFieldPageNumberSchema,
+  ZFieldPageXSchema,
+  ZFieldPageYSchema,
+  ZFieldWidthSchema,
+} from '@documenso/lib/types/field';
+import { ZFieldAndMetaSchema } from '@documenso/lib/types/field-meta';
+
+import { ZCreateRecipientSchema } from '../recipient-router/schema';
+import type { TrpcRouteMeta } from '../trpc';
+import {
+  ZDocumentExternalIdSchema,
+  ZDocumentMetaDateFormatSchema,
+  ZDocumentMetaDistributionMethodSchema,
+  ZDocumentMetaDrawSignatureEnabledSchema,
+  ZDocumentMetaLanguageSchema,
+  ZDocumentMetaMessageSchema,
+  ZDocumentMetaRedirectUrlSchema,
+  ZDocumentMetaSubjectSchema,
+  ZDocumentMetaTimezoneSchema,
+  ZDocumentMetaTypedSignatureEnabledSchema,
+  ZDocumentMetaUploadSignatureEnabledSchema,
+  ZDocumentTitleSchema,
+  ZDocumentVisibilitySchema,
+} from './schema';
+
+/**
+ * Temporariy endpoint for V2 Beta until we allow passthrough documents on create.
+ */
+export const createDocumentTemporaryMeta: TrpcRouteMeta = {
+  openapi: {
+    method: 'POST',
+    path: '/document/create/beta',
+    summary: 'Create document',
+    description:
+      'You will need to upload the PDF to the provided URL returned. Note: Once V2 API is released, this will be removed since we will allow direct uploads, instead of using an upload URL.',
+    tags: ['Document'],
+  },
+};
+
+export const ZCreateDocumentTemporaryRequestSchema = z.object({
+  title: ZDocumentTitleSchema,
+  externalId: ZDocumentExternalIdSchema.optional(),
+  visibility: ZDocumentVisibilitySchema.optional(),
+  globalAccessAuth: z.array(ZDocumentAccessAuthTypesSchema).optional(),
+  globalActionAuth: z.array(ZDocumentActionAuthTypesSchema).optional(),
+  formValues: ZDocumentFormValuesSchema.optional(),
+  folderId: z
+    .string()
+    .describe(
+      'The ID of the folder to create the document in. If not provided, the document will be created in the root folder.',
+    )
+    .optional(),
+  recipients: z
+    .array(
+      ZCreateRecipientSchema.extend({
+        fields: ZFieldAndMetaSchema.and(
+          z.object({
+            pageNumber: ZFieldPageNumberSchema,
+            pageX: ZFieldPageXSchema,
+            pageY: ZFieldPageYSchema,
+            width: ZFieldWidthSchema,
+            height: ZFieldHeightSchema,
+          }),
+        )
+          .array()
+          .optional(),
+      }),
+    )
+    .refine(
+      (recipients) => {
+        const emails = recipients.map((recipient) => recipient.email);
+
+        return new Set(emails).size === emails.length;
+      },
+      { message: 'Recipients must have unique emails' },
+    )
+    .optional(),
+  meta: z
+    .object({
+      subject: ZDocumentMetaSubjectSchema.optional(),
+      message: ZDocumentMetaMessageSchema.optional(),
+      timezone: ZDocumentMetaTimezoneSchema.optional(),
+      dateFormat: ZDocumentMetaDateFormatSchema.optional(),
+      distributionMethod: ZDocumentMetaDistributionMethodSchema.optional(),
+      signingOrder: z.nativeEnum(DocumentSigningOrder).optional(),
+      redirectUrl: ZDocumentMetaRedirectUrlSchema.optional(),
+      language: ZDocumentMetaLanguageSchema.optional(),
+      typedSignatureEnabled: ZDocumentMetaTypedSignatureEnabledSchema.optional(),
+      drawSignatureEnabled: ZDocumentMetaDrawSignatureEnabledSchema.optional(),
+      uploadSignatureEnabled: ZDocumentMetaUploadSignatureEnabledSchema.optional(),
+      emailSettings: ZDocumentEmailSettingsSchema.optional(),
+    })
+    .optional(),
+});
+
+export const ZCreateDocumentTemporaryResponseSchema = z.object({
+  document: ZDocumentSchema,
+  uploadUrl: z
+    .string()
+    .describe(
+      'The URL to upload the document PDF to. Use a PUT request with the file via form-data',
+    ),
+});
+
+export type TCreateDocumentTemporaryRequest = z.infer<typeof ZCreateDocumentTemporaryRequestSchema>;
+export type TCreateDocumentTemporaryResponse = z.infer<
+  typeof ZCreateDocumentTemporaryResponseSchema
+>;
diff --git a/packages/trpc/server/document-router/create-document.ts b/packages/trpc/server/document-router/create-document.ts
new file mode 100644
index 000000000..bf66f93d3
--- /dev/null
+++ b/packages/trpc/server/document-router/create-document.ts
@@ -0,0 +1,47 @@
+import { getServerLimits } from '@documenso/ee/server-only/limits/server';
+import { AppError, AppErrorCode } from '@documenso/lib/errors/app-error';
+import { createDocument } from '@documenso/lib/server-only/document/create-document';
+
+import { authenticatedProcedure } from '../trpc';
+import {
+  ZCreateDocumentRequestSchema,
+  ZCreateDocumentResponseSchema,
+} from './create-document.types';
+
+export const createDocumentRoute = authenticatedProcedure
+  .input(ZCreateDocumentRequestSchema)
+  .output(ZCreateDocumentResponseSchema)
+  .mutation(async ({ input, ctx }) => {
+    const { user, teamId } = ctx;
+    const { title, documentDataId, timezone, folderId } = input;
+
+    ctx.logger.info({
+      input: {
+        folderId,
+      },
+    });
+
+    const { remaining } = await getServerLimits({ userId: user.id, teamId });
+
+    if (remaining.documents <= 0) {
+      throw new AppError(AppErrorCode.LIMIT_EXCEEDED, {
+        message: 'You have reached your document limit for this month. Please upgrade your plan.',
+        statusCode: 400,
+      });
+    }
+
+    const document = await createDocument({
+      userId: user.id,
+      teamId,
+      title,
+      documentDataId,
+      normalizePdf: true,
+      userTimezone: timezone,
+      requestMetadata: ctx.metadata,
+      folderId,
+    });
+
+    return {
+      id: document.id,
+    };
+  });
diff --git a/packages/trpc/server/document-router/create-document.types.ts b/packages/trpc/server/document-router/create-document.types.ts
new file mode 100644
index 000000000..4dfc89dce
--- /dev/null
+++ b/packages/trpc/server/document-router/create-document.types.ts
@@ -0,0 +1,27 @@
+import { z } from 'zod';
+
+import { ZDocumentMetaTimezoneSchema, ZDocumentTitleSchema } from './schema';
+
+// Currently not in use until we allow passthrough documents on create.
+// export const createDocumentMeta: TrpcRouteMeta = {
+//   openapi: {
+//     method: 'POST',
+//     path: '/document/create',
+//     summary: 'Create document',
+//     tags: ['Document'],
+//   },
+// };
+
+export const ZCreateDocumentRequestSchema = z.object({
+  title: ZDocumentTitleSchema,
+  documentDataId: z.string().min(1),
+  timezone: ZDocumentMetaTimezoneSchema.optional(),
+  folderId: z.string().describe('The ID of the folder to create the document in').optional(),
+});
+
+export const ZCreateDocumentResponseSchema = z.object({
+  id: z.number(),
+});
+
+export type TCreateDocumentRequest = z.infer<typeof ZCreateDocumentRequestSchema>;
+export type TCreateDocumentResponse = z.infer<typeof ZCreateDocumentResponseSchema>;
diff --git a/packages/trpc/server/document-router/delete-document.ts b/packages/trpc/server/document-router/delete-document.ts
new file mode 100644
index 000000000..659ff0394
--- /dev/null
+++ b/packages/trpc/server/document-router/delete-document.ts
@@ -0,0 +1,35 @@
+import { deleteDocument } from '@documenso/lib/server-only/document/delete-document';
+
+import { authenticatedProcedure } from '../trpc';
+import {
+  ZDeleteDocumentRequestSchema,
+  ZDeleteDocumentResponseSchema,
+  deleteDocumentMeta,
+} from './delete-document.types';
+import { ZGenericSuccessResponse } from './schema';
+
+export const deleteDocumentRoute = authenticatedProcedure
+  .meta(deleteDocumentMeta)
+  .input(ZDeleteDocumentRequestSchema)
+  .output(ZDeleteDocumentResponseSchema)
+  .mutation(async ({ input, ctx }) => {
+    const { teamId } = ctx;
+    const { documentId } = input;
+
+    ctx.logger.info({
+      input: {
+        documentId,
+      },
+    });
+
+    const userId = ctx.user.id;
+
+    await deleteDocument({
+      id: documentId,
+      userId,
+      teamId,
+      requestMetadata: ctx.metadata,
+    });
+
+    return ZGenericSuccessResponse;
+  });
diff --git a/packages/trpc/server/document-router/delete-document.types.ts b/packages/trpc/server/document-router/delete-document.types.ts
new file mode 100644
index 000000000..72c7a711d
--- /dev/null
+++ b/packages/trpc/server/document-router/delete-document.types.ts
@@ -0,0 +1,22 @@
+import { z } from 'zod';
+
+import type { TrpcRouteMeta } from '../trpc';
+import { ZSuccessResponseSchema } from './schema';
+
+export const deleteDocumentMeta: TrpcRouteMeta = {
+  openapi: {
+    method: 'POST',
+    path: '/document/delete',
+    summary: 'Delete document',
+    tags: ['Document'],
+  },
+};
+
+export const ZDeleteDocumentRequestSchema = z.object({
+  documentId: z.number(),
+});
+
+export const ZDeleteDocumentResponseSchema = ZSuccessResponseSchema;
+
+export type TDeleteDocumentRequest = z.infer<typeof ZDeleteDocumentRequestSchema>;
+export type TDeleteDocumentResponse = z.infer<typeof ZDeleteDocumentResponseSchema>;
diff --git a/packages/trpc/server/document-router/distribute-document.ts b/packages/trpc/server/document-router/distribute-document.ts
new file mode 100644
index 000000000..00fe8ef92
--- /dev/null
+++ b/packages/trpc/server/document-router/distribute-document.ts
@@ -0,0 +1,50 @@
+import { upsertDocumentMeta } from '@documenso/lib/server-only/document-meta/upsert-document-meta';
+import { sendDocument } from '@documenso/lib/server-only/document/send-document';
+
+import { authenticatedProcedure } from '../trpc';
+import {
+  ZDistributeDocumentRequestSchema,
+  ZDistributeDocumentResponseSchema,
+  distributeDocumentMeta,
+} from './distribute-document.types';
+
+export const distributeDocumentRoute = authenticatedProcedure
+  .meta(distributeDocumentMeta)
+  .input(ZDistributeDocumentRequestSchema)
+  .output(ZDistributeDocumentResponseSchema)
+  .mutation(async ({ input, ctx }) => {
+    const { teamId } = ctx;
+    const { documentId, meta = {} } = input;
+
+    ctx.logger.info({
+      input: {
+        documentId,
+      },
+    });
+
+    if (Object.values(meta).length > 0) {
+      await upsertDocumentMeta({
+        userId: ctx.user.id,
+        teamId,
+        documentId,
+        subject: meta.subject,
+        message: meta.message,
+        dateFormat: meta.dateFormat,
+        timezone: meta.timezone,
+        redirectUrl: meta.redirectUrl,
+        distributionMethod: meta.distributionMethod,
+        emailSettings: meta.emailSettings,
+        language: meta.language,
+        emailId: meta.emailId,
+        emailReplyTo: meta.emailReplyTo,
+        requestMetadata: ctx.metadata,
+      });
+    }
+
+    return await sendDocument({
+      userId: ctx.user.id,
+      documentId,
+      teamId,
+      requestMetadata: ctx.metadata,
+    });
+  });
diff --git a/packages/trpc/server/document-router/distribute-document.types.ts b/packages/trpc/server/document-router/distribute-document.types.ts
new file mode 100644
index 000000000..41bf23eb2
--- /dev/null
+++ b/packages/trpc/server/document-router/distribute-document.types.ts
@@ -0,0 +1,48 @@
+import { z } from 'zod';
+
+import { ZDocumentLiteSchema } from '@documenso/lib/types/document';
+import { ZDocumentEmailSettingsSchema } from '@documenso/lib/types/document-email';
+
+import type { TrpcRouteMeta } from '../trpc';
+import {
+  ZDocumentMetaDateFormatSchema,
+  ZDocumentMetaDistributionMethodSchema,
+  ZDocumentMetaLanguageSchema,
+  ZDocumentMetaMessageSchema,
+  ZDocumentMetaRedirectUrlSchema,
+  ZDocumentMetaSubjectSchema,
+  ZDocumentMetaTimezoneSchema,
+} from './schema';
+
+export const distributeDocumentMeta: TrpcRouteMeta = {
+  openapi: {
+    method: 'POST',
+    path: '/document/distribute',
+    summary: 'Distribute document',
+    description: 'Send the document out to recipients based on your distribution method',
+    tags: ['Document'],
+  },
+};
+
+export const ZDistributeDocumentRequestSchema = z.object({
+  documentId: z.number().describe('The ID of the document to send.'),
+  meta: z
+    .object({
+      subject: ZDocumentMetaSubjectSchema.optional(),
+      message: ZDocumentMetaMessageSchema.optional(),
+      timezone: ZDocumentMetaTimezoneSchema.optional(),
+      dateFormat: ZDocumentMetaDateFormatSchema.optional(),
+      distributionMethod: ZDocumentMetaDistributionMethodSchema.optional(),
+      redirectUrl: ZDocumentMetaRedirectUrlSchema.optional(),
+      language: ZDocumentMetaLanguageSchema.optional(),
+      emailId: z.string().nullish(),
+      emailReplyTo: z.string().email().nullish(),
+      emailSettings: ZDocumentEmailSettingsSchema.optional(),
+    })
+    .optional(),
+});
+
+export const ZDistributeDocumentResponseSchema = ZDocumentLiteSchema;
+
+export type TDistributeDocumentRequest = z.infer<typeof ZDistributeDocumentRequestSchema>;
+export type TDistributeDocumentResponse = z.infer<typeof ZDistributeDocumentResponseSchema>;
diff --git a/packages/trpc/server/document-router/download-document-audit-logs.ts b/packages/trpc/server/document-router/download-document-audit-logs.ts
new file mode 100644
index 000000000..af84c43e0
--- /dev/null
+++ b/packages/trpc/server/document-router/download-document-audit-logs.ts
@@ -0,0 +1,47 @@
+import { DateTime } from 'luxon';
+
+import { NEXT_PUBLIC_WEBAPP_URL } from '@documenso/lib/constants/app';
+import { AppError, AppErrorCode } from '@documenso/lib/errors/app-error';
+import { encryptSecondaryData } from '@documenso/lib/server-only/crypto/encrypt';
+import { getDocumentById } from '@documenso/lib/server-only/document/get-document-by-id';
+
+import { authenticatedProcedure } from '../trpc';
+import {
+  ZDownloadDocumentAuditLogsRequestSchema,
+  ZDownloadDocumentAuditLogsResponseSchema,
+} from './download-document-audit-logs.types';
+
+export const downloadDocumentAuditLogsRoute = authenticatedProcedure
+  .input(ZDownloadDocumentAuditLogsRequestSchema)
+  .output(ZDownloadDocumentAuditLogsResponseSchema)
+  .mutation(async ({ input, ctx }) => {
+    const { teamId } = ctx;
+    const { documentId } = input;
+
+    ctx.logger.info({
+      input: {
+        documentId,
+      },
+    });
+
+    const document = await getDocumentById({
+      documentId,
+      userId: ctx.user.id,
+      teamId,
+    }).catch(() => null);
+
+    if (!document || (teamId && document.teamId !== teamId)) {
+      throw new AppError(AppErrorCode.UNAUTHORIZED, {
+        message: 'You do not have access to this document.',
+      });
+    }
+
+    const encrypted = encryptSecondaryData({
+      data: document.id.toString(),
+      expiresAt: DateTime.now().plus({ minutes: 5 }).toJSDate().valueOf(),
+    });
+
+    return {
+      url: `${NEXT_PUBLIC_WEBAPP_URL()}/__htmltopdf/audit-log?d=${encrypted}`,
+    };
+  });
diff --git a/packages/trpc/server/document-router/download-document-audit-logs.types.ts b/packages/trpc/server/document-router/download-document-audit-logs.types.ts
new file mode 100644
index 000000000..b4cc209c2
--- /dev/null
+++ b/packages/trpc/server/document-router/download-document-audit-logs.types.ts
@@ -0,0 +1,16 @@
+import { z } from 'zod';
+
+export const ZDownloadDocumentAuditLogsRequestSchema = z.object({
+  documentId: z.number(),
+});
+
+export const ZDownloadDocumentAuditLogsResponseSchema = z.object({
+  url: z.string(),
+});
+
+export type TDownloadDocumentAuditLogsRequest = z.infer<
+  typeof ZDownloadDocumentAuditLogsRequestSchema
+>;
+export type TDownloadDocumentAuditLogsResponse = z.infer<
+  typeof ZDownloadDocumentAuditLogsResponseSchema
+>;
diff --git a/packages/trpc/server/document-router/download-document-certificate.ts b/packages/trpc/server/document-router/download-document-certificate.ts
new file mode 100644
index 000000000..b59eafbf0
--- /dev/null
+++ b/packages/trpc/server/document-router/download-document-certificate.ts
@@ -0,0 +1,46 @@
+import { DateTime } from 'luxon';
+
+import { NEXT_PUBLIC_WEBAPP_URL } from '@documenso/lib/constants/app';
+import { AppError } from '@documenso/lib/errors/app-error';
+import { encryptSecondaryData } from '@documenso/lib/server-only/crypto/encrypt';
+import { getDocumentById } from '@documenso/lib/server-only/document/get-document-by-id';
+import { isDocumentCompleted } from '@documenso/lib/utils/document';
+
+import { authenticatedProcedure } from '../trpc';
+import {
+  ZDownloadDocumentCertificateRequestSchema,
+  ZDownloadDocumentCertificateResponseSchema,
+} from './download-document-certificate.types';
+
+export const downloadDocumentCertificateRoute = authenticatedProcedure
+  .input(ZDownloadDocumentCertificateRequestSchema)
+  .output(ZDownloadDocumentCertificateResponseSchema)
+  .mutation(async ({ input, ctx }) => {
+    const { teamId } = ctx;
+    const { documentId } = input;
+
+    ctx.logger.info({
+      input: {
+        documentId,
+      },
+    });
+
+    const document = await getDocumentById({
+      documentId,
+      userId: ctx.user.id,
+      teamId,
+    });
+
+    if (!isDocumentCompleted(document.status)) {
+      throw new AppError('DOCUMENT_NOT_COMPLETE');
+    }
+
+    const encrypted = encryptSecondaryData({
+      data: document.id.toString(),
+      expiresAt: DateTime.now().plus({ minutes: 5 }).toJSDate().valueOf(),
+    });
+
+    return {
+      url: `${NEXT_PUBLIC_WEBAPP_URL()}/__htmltopdf/certificate?d=${encrypted}`,
+    };
+  });
diff --git a/packages/trpc/server/document-router/download-document-certificate.types.ts b/packages/trpc/server/document-router/download-document-certificate.types.ts
new file mode 100644
index 000000000..df81f1cad
--- /dev/null
+++ b/packages/trpc/server/document-router/download-document-certificate.types.ts
@@ -0,0 +1,16 @@
+import { z } from 'zod';
+
+export const ZDownloadDocumentCertificateRequestSchema = z.object({
+  documentId: z.number(),
+});
+
+export const ZDownloadDocumentCertificateResponseSchema = z.object({
+  url: z.string(),
+});
+
+export type TDownloadDocumentCertificateRequest = z.infer<
+  typeof ZDownloadDocumentCertificateRequestSchema
+>;
+export type TDownloadDocumentCertificateResponse = z.infer<
+  typeof ZDownloadDocumentCertificateResponseSchema
+>;
diff --git a/packages/trpc/server/document-router/download-document.ts b/packages/trpc/server/document-router/download-document.ts
index 84b75265c..a0cbbf104 100644
--- a/packages/trpc/server/document-router/download-document.ts
+++ b/packages/trpc/server/document-router/download-document.ts
@@ -6,18 +6,14 @@ import { getPresignGetUrl } from '@documenso/lib/universal/upload/server-actions
 import { isDocumentCompleted } from '@documenso/lib/utils/document';
 
 import { authenticatedProcedure } from '../trpc';
-import { ZDownloadDocumentRequestSchema, ZDownloadDocumentResponseSchema } from './schema';
+import {
+  ZDownloadDocumentRequestSchema,
+  ZDownloadDocumentResponseSchema,
+  downloadDocumentMeta,
+} from './download-document.types';
 
 export const downloadDocumentRoute = authenticatedProcedure
-  .meta({
-    openapi: {
-      method: 'GET',
-      path: '/document/{documentId}/download-beta',
-      summary: 'Download document (beta)',
-      description: 'Get a pre-signed download URL for the original or signed version of a document',
-      tags: ['Document'],
-    },
-  })
+  .meta(downloadDocumentMeta)
   .input(ZDownloadDocumentRequestSchema)
   .output(ZDownloadDocumentResponseSchema)
   .query(async ({ input, ctx }) => {
diff --git a/packages/trpc/server/document-router/download-document.types.ts b/packages/trpc/server/document-router/download-document.types.ts
new file mode 100644
index 000000000..be4f454f8
--- /dev/null
+++ b/packages/trpc/server/document-router/download-document.types.ts
@@ -0,0 +1,32 @@
+import { z } from 'zod';
+
+import type { TrpcRouteMeta } from '../trpc';
+
+export const downloadDocumentMeta: TrpcRouteMeta = {
+  openapi: {
+    method: 'GET',
+    path: '/document/{documentId}/download-beta',
+    summary: 'Download document (beta)',
+    description: 'Get a pre-signed download URL for the original or signed version of a document',
+    tags: ['Document'],
+  },
+};
+
+export const ZDownloadDocumentRequestSchema = z.object({
+  documentId: z.number().describe('The ID of the document to download.'),
+  version: z
+    .enum(['original', 'signed'])
+    .describe(
+      'The version of the document to download. "signed" returns the completed document with signatures, "original" returns the original uploaded document.',
+    )
+    .default('signed'),
+});
+
+export const ZDownloadDocumentResponseSchema = z.object({
+  downloadUrl: z.string().describe('Pre-signed URL for downloading the PDF file'),
+  filename: z.string().describe('The filename of the PDF file'),
+  contentType: z.string().describe('MIME type of the file'),
+});
+
+export type TDownloadDocumentRequest = z.infer<typeof ZDownloadDocumentRequestSchema>;
+export type TDownloadDocumentResponse = z.infer<typeof ZDownloadDocumentResponseSchema>;
diff --git a/packages/trpc/server/document-router/duplicate-document.ts b/packages/trpc/server/document-router/duplicate-document.ts
new file mode 100644
index 000000000..be8f29d03
--- /dev/null
+++ b/packages/trpc/server/document-router/duplicate-document.ts
@@ -0,0 +1,29 @@
+import { duplicateDocument } from '@documenso/lib/server-only/document/duplicate-document-by-id';
+
+import { authenticatedProcedure } from '../trpc';
+import {
+  ZDuplicateDocumentRequestSchema,
+  ZDuplicateDocumentResponseSchema,
+  duplicateDocumentMeta,
+} from './duplicate-document.types';
+
+export const duplicateDocumentRoute = authenticatedProcedure
+  .meta(duplicateDocumentMeta)
+  .input(ZDuplicateDocumentRequestSchema)
+  .output(ZDuplicateDocumentResponseSchema)
+  .mutation(async ({ input, ctx }) => {
+    const { teamId, user } = ctx;
+    const { documentId } = input;
+
+    ctx.logger.info({
+      input: {
+        documentId,
+      },
+    });
+
+    return await duplicateDocument({
+      userId: user.id,
+      teamId,
+      documentId,
+    });
+  });
diff --git a/packages/trpc/server/document-router/duplicate-document.types.ts b/packages/trpc/server/document-router/duplicate-document.types.ts
new file mode 100644
index 000000000..e77bccc73
--- /dev/null
+++ b/packages/trpc/server/document-router/duplicate-document.types.ts
@@ -0,0 +1,23 @@
+import { z } from 'zod';
+
+import type { TrpcRouteMeta } from '../trpc';
+
+export const duplicateDocumentMeta: TrpcRouteMeta = {
+  openapi: {
+    method: 'POST',
+    path: '/document/duplicate',
+    summary: 'Duplicate document',
+    tags: ['Document'],
+  },
+};
+
+export const ZDuplicateDocumentRequestSchema = z.object({
+  documentId: z.number(),
+});
+
+export const ZDuplicateDocumentResponseSchema = z.object({
+  documentId: z.number(),
+});
+
+export type TDuplicateDocumentRequest = z.infer<typeof ZDuplicateDocumentRequestSchema>;
+export type TDuplicateDocumentResponse = z.infer<typeof ZDuplicateDocumentResponseSchema>;
diff --git a/packages/trpc/server/document-router/find-document-audit-logs.ts b/packages/trpc/server/document-router/find-document-audit-logs.ts
new file mode 100644
index 000000000..17de388a3
--- /dev/null
+++ b/packages/trpc/server/document-router/find-document-audit-logs.ts
@@ -0,0 +1,41 @@
+import { findDocumentAuditLogs } from '@documenso/lib/server-only/document/find-document-audit-logs';
+
+import { authenticatedProcedure } from '../trpc';
+import {
+  ZFindDocumentAuditLogsRequestSchema,
+  ZFindDocumentAuditLogsResponseSchema,
+} from './find-document-audit-logs.types';
+
+export const findDocumentAuditLogsRoute = authenticatedProcedure
+  .input(ZFindDocumentAuditLogsRequestSchema)
+  .output(ZFindDocumentAuditLogsResponseSchema)
+  .query(async ({ input, ctx }) => {
+    const { teamId } = ctx;
+
+    const {
+      page,
+      perPage,
+      documentId,
+      cursor,
+      filterForRecentActivity,
+      orderByColumn,
+      orderByDirection,
+    } = input;
+
+    ctx.logger.info({
+      input: {
+        documentId,
+      },
+    });
+
+    return await findDocumentAuditLogs({
+      userId: ctx.user.id,
+      teamId,
+      page,
+      perPage,
+      documentId,
+      cursor,
+      filterForRecentActivity,
+      orderBy: orderByColumn ? { column: orderByColumn, direction: orderByDirection } : undefined,
+    });
+  });
diff --git a/packages/trpc/server/document-router/find-document-audit-logs.types.ts b/packages/trpc/server/document-router/find-document-audit-logs.types.ts
new file mode 100644
index 000000000..6e8991667
--- /dev/null
+++ b/packages/trpc/server/document-router/find-document-audit-logs.types.ts
@@ -0,0 +1,20 @@
+import { z } from 'zod';
+
+import { ZDocumentAuditLogSchema } from '@documenso/lib/types/document-audit-logs';
+import { ZFindResultResponse, ZFindSearchParamsSchema } from '@documenso/lib/types/search-params';
+
+export const ZFindDocumentAuditLogsRequestSchema = ZFindSearchParamsSchema.extend({
+  documentId: z.number().min(1),
+  cursor: z.string().optional(),
+  filterForRecentActivity: z.boolean().optional(),
+  orderByColumn: z.enum(['createdAt', 'type']).optional(),
+  orderByDirection: z.enum(['asc', 'desc']).default('desc'),
+});
+
+export const ZFindDocumentAuditLogsResponseSchema = ZFindResultResponse.extend({
+  data: ZDocumentAuditLogSchema.array(),
+  nextCursor: z.string().optional(),
+});
+
+export type TFindDocumentAuditLogsRequest = z.infer<typeof ZFindDocumentAuditLogsRequestSchema>;
+export type TFindDocumentAuditLogsResponse = z.infer<typeof ZFindDocumentAuditLogsResponseSchema>;
diff --git a/packages/trpc/server/document-router/find-documents-internal.ts b/packages/trpc/server/document-router/find-documents-internal.ts
new file mode 100644
index 000000000..47748771b
--- /dev/null
+++ b/packages/trpc/server/document-router/find-documents-internal.ts
@@ -0,0 +1,74 @@
+import { findDocuments } from '@documenso/lib/server-only/document/find-documents';
+import type { GetStatsInput } from '@documenso/lib/server-only/document/get-stats';
+import { getStats } from '@documenso/lib/server-only/document/get-stats';
+import { getTeamById } from '@documenso/lib/server-only/team/get-team';
+
+import { authenticatedProcedure } from '../trpc';
+import {
+  ZFindDocumentsInternalRequestSchema,
+  ZFindDocumentsInternalResponseSchema,
+} from './find-documents-internal.types';
+
+export const findDocumentsInternalRoute = authenticatedProcedure
+  .input(ZFindDocumentsInternalRequestSchema)
+  .output(ZFindDocumentsInternalResponseSchema)
+  .query(async ({ input, ctx }) => {
+    const { user, teamId } = ctx;
+
+    const {
+      query,
+      templateId,
+      page,
+      perPage,
+      orderByDirection,
+      orderByColumn,
+      source,
+      status,
+      period,
+      senderIds,
+      folderId,
+    } = input;
+
+    const getStatOptions: GetStatsInput = {
+      user,
+      period,
+      search: query,
+      folderId,
+    };
+
+    if (teamId) {
+      const team = await getTeamById({ userId: user.id, teamId });
+
+      getStatOptions.team = {
+        teamId: team.id,
+        teamEmail: team.teamEmail?.email,
+        senderIds,
+        currentTeamMemberRole: team.currentTeamRole,
+        currentUserEmail: user.email,
+        userId: user.id,
+      };
+    }
+
+    const [stats, documents] = await Promise.all([
+      getStats(getStatOptions),
+      findDocuments({
+        userId: user.id,
+        teamId,
+        query,
+        templateId,
+        page,
+        perPage,
+        source,
+        status,
+        period,
+        senderIds,
+        folderId,
+        orderBy: orderByColumn ? { column: orderByColumn, direction: orderByDirection } : undefined,
+      }),
+    ]);
+
+    return {
+      ...documents,
+      stats,
+    };
+  });
diff --git a/packages/trpc/server/document-router/find-documents-internal.types.ts b/packages/trpc/server/document-router/find-documents-internal.types.ts
new file mode 100644
index 000000000..16e8edb66
--- /dev/null
+++ b/packages/trpc/server/document-router/find-documents-internal.types.ts
@@ -0,0 +1,29 @@
+import { z } from 'zod';
+
+import { ZDocumentManySchema } from '@documenso/lib/types/document';
+import { ZFindResultResponse } from '@documenso/lib/types/search-params';
+import { ExtendedDocumentStatus } from '@documenso/prisma/types/extended-document-status';
+
+import { ZFindDocumentsRequestSchema } from './find-documents.types';
+
+export const ZFindDocumentsInternalRequestSchema = ZFindDocumentsRequestSchema.extend({
+  period: z.enum(['7d', '14d', '30d']).optional(),
+  senderIds: z.array(z.number()).optional(),
+  status: z.nativeEnum(ExtendedDocumentStatus).optional(),
+  folderId: z.string().optional(),
+});
+
+export const ZFindDocumentsInternalResponseSchema = ZFindResultResponse.extend({
+  data: ZDocumentManySchema.array(),
+  stats: z.object({
+    [ExtendedDocumentStatus.DRAFT]: z.number(),
+    [ExtendedDocumentStatus.PENDING]: z.number(),
+    [ExtendedDocumentStatus.COMPLETED]: z.number(),
+    [ExtendedDocumentStatus.REJECTED]: z.number(),
+    [ExtendedDocumentStatus.INBOX]: z.number(),
+    [ExtendedDocumentStatus.ALL]: z.number(),
+  }),
+});
+
+export type TFindDocumentsInternalRequest = z.infer<typeof ZFindDocumentsInternalRequestSchema>;
+export type TFindDocumentsInternalResponse = z.infer<typeof ZFindDocumentsInternalResponseSchema>;
diff --git a/packages/trpc/server/document-router/find-documents.ts b/packages/trpc/server/document-router/find-documents.ts
new file mode 100644
index 000000000..71684b326
--- /dev/null
+++ b/packages/trpc/server/document-router/find-documents.ts
@@ -0,0 +1,43 @@
+import { findDocuments } from '@documenso/lib/server-only/document/find-documents';
+
+import { authenticatedProcedure } from '../trpc';
+import {
+  ZFindDocumentsMeta,
+  ZFindDocumentsRequestSchema,
+  ZFindDocumentsResponseSchema,
+} from './find-documents.types';
+
+export const findDocumentsRoute = authenticatedProcedure
+  .meta(ZFindDocumentsMeta)
+  .input(ZFindDocumentsRequestSchema)
+  .output(ZFindDocumentsResponseSchema)
+  .query(async ({ input, ctx }) => {
+    const { user, teamId } = ctx;
+
+    const {
+      query,
+      templateId,
+      page,
+      perPage,
+      orderByDirection,
+      orderByColumn,
+      source,
+      status,
+      folderId,
+    } = input;
+
+    const documents = await findDocuments({
+      userId: user.id,
+      teamId,
+      templateId,
+      query,
+      source,
+      status,
+      page,
+      perPage,
+      folderId,
+      orderBy: orderByColumn ? { column: orderByColumn, direction: orderByDirection } : undefined,
+    });
+
+    return documents;
+  });
diff --git a/packages/trpc/server/document-router/find-documents.types.ts b/packages/trpc/server/document-router/find-documents.types.ts
new file mode 100644
index 000000000..dafb047b6
--- /dev/null
+++ b/packages/trpc/server/document-router/find-documents.types.ts
@@ -0,0 +1,42 @@
+import { DocumentSource, DocumentStatus } from '@prisma/client';
+import { z } from 'zod';
+
+import { ZDocumentManySchema } from '@documenso/lib/types/document';
+import { ZFindResultResponse, ZFindSearchParamsSchema } from '@documenso/lib/types/search-params';
+
+import type { TrpcRouteMeta } from '../trpc';
+
+export const ZFindDocumentsMeta: TrpcRouteMeta = {
+  openapi: {
+    method: 'GET',
+    path: '/document',
+    summary: 'Find documents',
+    description: 'Find documents based on a search criteria',
+    tags: ['Document'],
+  },
+};
+
+export const ZFindDocumentsRequestSchema = ZFindSearchParamsSchema.extend({
+  templateId: z
+    .number()
+    .describe('Filter documents by the template ID used to create it.')
+    .optional(),
+  source: z
+    .nativeEnum(DocumentSource)
+    .describe('Filter documents by how it was created.')
+    .optional(),
+  status: z
+    .nativeEnum(DocumentStatus)
+    .describe('Filter documents by the current status')
+    .optional(),
+  folderId: z.string().describe('Filter documents by folder ID').optional(),
+  orderByColumn: z.enum(['createdAt']).optional(),
+  orderByDirection: z.enum(['asc', 'desc']).describe('').default('desc'),
+});
+
+export const ZFindDocumentsResponseSchema = ZFindResultResponse.extend({
+  data: ZDocumentManySchema.array(),
+});
+
+export type TFindDocumentsRequest = z.infer<typeof ZFindDocumentsRequestSchema>;
+export type TFindDocumentsResponse = z.infer<typeof ZFindDocumentsResponseSchema>;
diff --git a/packages/trpc/server/document-router/get-document-by-token.ts b/packages/trpc/server/document-router/get-document-by-token.ts
new file mode 100644
index 000000000..b640f6946
--- /dev/null
+++ b/packages/trpc/server/document-router/get-document-by-token.ts
@@ -0,0 +1,43 @@
+import { AppError, AppErrorCode } from '@documenso/lib/errors/app-error';
+import { prisma } from '@documenso/prisma';
+
+import { authenticatedProcedure } from '../trpc';
+import {
+  ZGetDocumentByTokenRequestSchema,
+  ZGetDocumentByTokenResponseSchema,
+} from './get-document-by-token.types';
+
+export const getDocumentByTokenRoute = authenticatedProcedure
+  .input(ZGetDocumentByTokenRequestSchema)
+  .output(ZGetDocumentByTokenResponseSchema)
+  .query(async ({ input, ctx }) => {
+    const { token } = input;
+
+    const document = await prisma.document.findFirst({
+      where: {
+        recipients: {
+          some: {
+            token,
+            email: ctx.user.email,
+          },
+        },
+      },
+      include: {
+        documentData: true,
+      },
+    });
+
+    if (!document) {
+      throw new AppError(AppErrorCode.NOT_FOUND, {
+        message: 'Document not found',
+      });
+    }
+
+    ctx.logger.info({
+      documentId: document.id,
+    });
+
+    return {
+      documentData: document.documentData,
+    };
+  });
diff --git a/packages/trpc/server/document-router/get-document-by-token.types.ts b/packages/trpc/server/document-router/get-document-by-token.types.ts
new file mode 100644
index 000000000..34f79c620
--- /dev/null
+++ b/packages/trpc/server/document-router/get-document-by-token.types.ts
@@ -0,0 +1,14 @@
+import { z } from 'zod';
+
+import DocumentDataSchema from '@documenso/prisma/generated/zod/modelSchema/DocumentDataSchema';
+
+export const ZGetDocumentByTokenRequestSchema = z.object({
+  token: z.string().min(1),
+});
+
+export const ZGetDocumentByTokenResponseSchema = z.object({
+  documentData: DocumentDataSchema,
+});
+
+export type TGetDocumentByTokenRequest = z.infer<typeof ZGetDocumentByTokenRequestSchema>;
+export type TGetDocumentByTokenResponse = z.infer<typeof ZGetDocumentByTokenResponseSchema>;
diff --git a/packages/trpc/server/document-router/get-document.ts b/packages/trpc/server/document-router/get-document.ts
new file mode 100644
index 000000000..4dad5291f
--- /dev/null
+++ b/packages/trpc/server/document-router/get-document.ts
@@ -0,0 +1,29 @@
+import { getDocumentWithDetailsById } from '@documenso/lib/server-only/document/get-document-with-details-by-id';
+
+import { authenticatedProcedure } from '../trpc';
+import {
+  ZGetDocumentRequestSchema,
+  ZGetDocumentResponseSchema,
+  getDocumentMeta,
+} from './get-document.types';
+
+export const getDocumentRoute = authenticatedProcedure
+  .meta(getDocumentMeta)
+  .input(ZGetDocumentRequestSchema)
+  .output(ZGetDocumentResponseSchema)
+  .query(async ({ input, ctx }) => {
+    const { teamId, user } = ctx;
+    const { documentId } = input;
+
+    ctx.logger.info({
+      input: {
+        documentId,
+      },
+    });
+
+    return await getDocumentWithDetailsById({
+      userId: user.id,
+      teamId,
+      documentId,
+    });
+  });
diff --git a/packages/trpc/server/document-router/get-document.types.ts b/packages/trpc/server/document-router/get-document.types.ts
new file mode 100644
index 000000000..08072f021
--- /dev/null
+++ b/packages/trpc/server/document-router/get-document.types.ts
@@ -0,0 +1,24 @@
+import { z } from 'zod';
+
+import { ZDocumentSchema } from '@documenso/lib/types/document';
+
+import type { TrpcRouteMeta } from '../trpc';
+
+export const getDocumentMeta: TrpcRouteMeta = {
+  openapi: {
+    method: 'GET',
+    path: '/document/{documentId}',
+    summary: 'Get document',
+    description: 'Returns a document given an ID',
+    tags: ['Document'],
+  },
+};
+
+export const ZGetDocumentRequestSchema = z.object({
+  documentId: z.number(),
+});
+
+export const ZGetDocumentResponseSchema = ZDocumentSchema;
+
+export type TGetDocumentRequest = z.infer<typeof ZGetDocumentRequestSchema>;
+export type TGetDocumentResponse = z.infer<typeof ZGetDocumentResponseSchema>;
diff --git a/packages/trpc/server/document-router/redistribute-document.ts b/packages/trpc/server/document-router/redistribute-document.ts
new file mode 100644
index 000000000..6bc06e189
--- /dev/null
+++ b/packages/trpc/server/document-router/redistribute-document.ts
@@ -0,0 +1,35 @@
+import { resendDocument } from '@documenso/lib/server-only/document/resend-document';
+
+import { authenticatedProcedure } from '../trpc';
+import {
+  ZRedistributeDocumentRequestSchema,
+  ZRedistributeDocumentResponseSchema,
+  redistributeDocumentMeta,
+} from './redistribute-document.types';
+import { ZGenericSuccessResponse } from './schema';
+
+export const redistributeDocumentRoute = authenticatedProcedure
+  .meta(redistributeDocumentMeta)
+  .input(ZRedistributeDocumentRequestSchema)
+  .output(ZRedistributeDocumentResponseSchema)
+  .mutation(async ({ input, ctx }) => {
+    const { teamId } = ctx;
+    const { documentId, recipients } = input;
+
+    ctx.logger.info({
+      input: {
+        documentId,
+        recipients,
+      },
+    });
+
+    await resendDocument({
+      userId: ctx.user.id,
+      teamId,
+      documentId,
+      recipients,
+      requestMetadata: ctx.metadata,
+    });
+
+    return ZGenericSuccessResponse;
+  });
diff --git a/packages/trpc/server/document-router/redistribute-document.types.ts b/packages/trpc/server/document-router/redistribute-document.types.ts
new file mode 100644
index 000000000..6444b6fe5
--- /dev/null
+++ b/packages/trpc/server/document-router/redistribute-document.types.ts
@@ -0,0 +1,28 @@
+import { z } from 'zod';
+
+import type { TrpcRouteMeta } from '../trpc';
+import { ZSuccessResponseSchema } from './schema';
+
+export const redistributeDocumentMeta: TrpcRouteMeta = {
+  openapi: {
+    method: 'POST',
+    path: '/document/redistribute',
+    summary: 'Redistribute document',
+    description:
+      'Redistribute the document to the provided recipients who have not actioned the document. Will use the distribution method set in the document',
+    tags: ['Document'],
+  },
+};
+
+export const ZRedistributeDocumentRequestSchema = z.object({
+  documentId: z.number(),
+  recipients: z
+    .array(z.number())
+    .min(1)
+    .describe('The IDs of the recipients to redistribute the document to.'),
+});
+
+export const ZRedistributeDocumentResponseSchema = ZSuccessResponseSchema;
+
+export type TRedistributeDocumentRequest = z.infer<typeof ZRedistributeDocumentRequestSchema>;
+export type TRedistributeDocumentResponse = z.infer<typeof ZRedistributeDocumentResponseSchema>;
diff --git a/packages/trpc/server/document-router/router.ts b/packages/trpc/server/document-router/router.ts
index 8d3cc8020..da5b8e769 100644
--- a/packages/trpc/server/document-router/router.ts
+++ b/packages/trpc/server/document-router/router.ts
@@ -1,691 +1,49 @@
-import { DocumentDataType } from '@prisma/client';
-import { DateTime } from 'luxon';
-
-import { getServerLimits } from '@documenso/ee/server-only/limits/server';
-import { NEXT_PUBLIC_WEBAPP_URL } from '@documenso/lib/constants/app';
-import { AppError, AppErrorCode } from '@documenso/lib/errors/app-error';
-import { encryptSecondaryData } from '@documenso/lib/server-only/crypto/encrypt';
-import { createDocumentData } from '@documenso/lib/server-only/document-data/create-document-data';
-import { upsertDocumentMeta } from '@documenso/lib/server-only/document-meta/upsert-document-meta';
-import { createDocument } from '@documenso/lib/server-only/document/create-document';
-import { createDocumentV2 } from '@documenso/lib/server-only/document/create-document-v2';
-import { deleteDocument } from '@documenso/lib/server-only/document/delete-document';
-import { duplicateDocument } from '@documenso/lib/server-only/document/duplicate-document-by-id';
-import { findDocumentAuditLogs } from '@documenso/lib/server-only/document/find-document-audit-logs';
-import { findDocuments } from '@documenso/lib/server-only/document/find-documents';
-import { getDocumentById } from '@documenso/lib/server-only/document/get-document-by-id';
-import { getDocumentAndSenderByToken } from '@documenso/lib/server-only/document/get-document-by-token';
-import { getDocumentWithDetailsById } from '@documenso/lib/server-only/document/get-document-with-details-by-id';
-import type { GetStatsInput } from '@documenso/lib/server-only/document/get-stats';
-import { getStats } from '@documenso/lib/server-only/document/get-stats';
-import { resendDocument } from '@documenso/lib/server-only/document/resend-document';
-import { searchDocumentsWithKeyword } from '@documenso/lib/server-only/document/search-documents-with-keyword';
-import { sendDocument } from '@documenso/lib/server-only/document/send-document';
-import { getTeamById } from '@documenso/lib/server-only/team/get-team';
-import { getPresignPostUrl } from '@documenso/lib/universal/upload/server-actions';
-import { isDocumentCompleted } from '@documenso/lib/utils/document';
-
-import { authenticatedProcedure, procedure, router } from '../trpc';
+import { router } from '../trpc';
+import { createDocumentRoute } from './create-document';
+import { createDocumentTemporaryRoute } from './create-document-temporary';
+import { deleteDocumentRoute } from './delete-document';
+import { distributeDocumentRoute } from './distribute-document';
 import { downloadDocumentRoute } from './download-document';
+import { downloadDocumentAuditLogsRoute } from './download-document-audit-logs';
+import { downloadDocumentCertificateRoute } from './download-document-certificate';
+import { duplicateDocumentRoute } from './duplicate-document';
+import { findDocumentAuditLogsRoute } from './find-document-audit-logs';
+import { findDocumentsRoute } from './find-documents';
+import { findDocumentsInternalRoute } from './find-documents-internal';
 import { findInboxRoute } from './find-inbox';
+import { getDocumentRoute } from './get-document';
+import { getDocumentByTokenRoute } from './get-document-by-token';
 import { getInboxCountRoute } from './get-inbox-count';
-import {
-  ZCreateDocumentRequestSchema,
-  ZCreateDocumentV2RequestSchema,
-  ZCreateDocumentV2ResponseSchema,
-  ZDeleteDocumentMutationSchema,
-  ZDistributeDocumentRequestSchema,
-  ZDistributeDocumentResponseSchema,
-  ZDownloadAuditLogsMutationSchema,
-  ZDownloadCertificateMutationSchema,
-  ZDuplicateDocumentRequestSchema,
-  ZDuplicateDocumentResponseSchema,
-  ZFindDocumentAuditLogsQuerySchema,
-  ZFindDocumentsInternalRequestSchema,
-  ZFindDocumentsInternalResponseSchema,
-  ZFindDocumentsRequestSchema,
-  ZFindDocumentsResponseSchema,
-  ZGenericSuccessResponse,
-  ZGetDocumentByIdQuerySchema,
-  ZGetDocumentByTokenQuerySchema,
-  ZGetDocumentWithDetailsByIdRequestSchema,
-  ZGetDocumentWithDetailsByIdResponseSchema,
-  ZResendDocumentMutationSchema,
-  ZSearchDocumentsMutationSchema,
-  ZSetSigningOrderForDocumentMutationSchema,
-  ZSuccessResponseSchema,
-} from './schema';
+import { redistributeDocumentRoute } from './redistribute-document';
+import { searchDocumentRoute } from './search-document';
 import { updateDocumentRoute } from './update-document';
 
 export const documentRouter = router({
-  inbox: {
+  get: getDocumentRoute,
+  find: findDocumentsRoute,
+  create: createDocumentRoute,
+  update: updateDocumentRoute,
+  delete: deleteDocumentRoute,
+  duplicate: duplicateDocumentRoute,
+  downloadCertificate: downloadDocumentCertificateRoute,
+  distribute: distributeDocumentRoute,
+  redistribute: redistributeDocumentRoute,
+  search: searchDocumentRoute,
+
+  // Temporary v2 beta routes to be removed once V2 is fully released.
+  download: downloadDocumentRoute,
+  createDocumentTemporary: createDocumentTemporaryRoute,
+
+  // Internal document routes for custom frontend requests.
+  getDocumentByToken: getDocumentByTokenRoute,
+  findDocumentsInternal: findDocumentsInternalRoute,
+
+  auditLog: {
+    find: findDocumentAuditLogsRoute,
+    download: downloadDocumentAuditLogsRoute,
+  },
+  inbox: router({
     find: findInboxRoute,
     getCount: getInboxCountRoute,
-  },
-  updateDocument: updateDocumentRoute,
-  downloadDocument: downloadDocumentRoute,
-
-  /**
-   * @private
-   */
-  getDocumentById: authenticatedProcedure
-    .input(ZGetDocumentByIdQuerySchema)
-    .query(async ({ input, ctx }) => {
-      const { teamId } = ctx;
-      const { documentId } = input;
-
-      ctx.logger.info({
-        input: {
-          documentId,
-        },
-      });
-
-      return await getDocumentById({
-        userId: ctx.user.id,
-        teamId,
-        documentId,
-      });
-    }),
-
-  /**
-   * @private
-   */
-  getDocumentByToken: procedure
-    .input(ZGetDocumentByTokenQuerySchema)
-    .query(async ({ input, ctx }) => {
-      const { token } = input;
-
-      return await getDocumentAndSenderByToken({
-        token,
-        userId: ctx.user?.id,
-      });
-    }),
-
-  /**
-   * @public
-   */
-  findDocuments: authenticatedProcedure
-    .meta({
-      openapi: {
-        method: 'GET',
-        path: '/document',
-        summary: 'Find documents',
-        description: 'Find documents based on a search criteria',
-        tags: ['Document'],
-      },
-    })
-    .input(ZFindDocumentsRequestSchema)
-    .output(ZFindDocumentsResponseSchema)
-    .query(async ({ input, ctx }) => {
-      const { user, teamId } = ctx;
-
-      const {
-        query,
-        templateId,
-        page,
-        perPage,
-        orderByDirection,
-        orderByColumn,
-        source,
-        status,
-        folderId,
-      } = input;
-
-      const documents = await findDocuments({
-        userId: user.id,
-        teamId,
-        templateId,
-        query,
-        source,
-        status,
-        page,
-        perPage,
-        folderId,
-        orderBy: orderByColumn ? { column: orderByColumn, direction: orderByDirection } : undefined,
-      });
-
-      return documents;
-    }),
-
-  /**
-   * Internal endpoint for /documents page to additionally return getStats.
-   *
-   * @private
-   */
-  findDocumentsInternal: authenticatedProcedure
-    .input(ZFindDocumentsInternalRequestSchema)
-    .output(ZFindDocumentsInternalResponseSchema)
-    .query(async ({ input, ctx }) => {
-      const { user, teamId } = ctx;
-
-      const {
-        query,
-        templateId,
-        page,
-        perPage,
-        orderByDirection,
-        orderByColumn,
-        source,
-        status,
-        period,
-        senderIds,
-        folderId,
-      } = input;
-
-      const getStatOptions: GetStatsInput = {
-        user,
-        period,
-        search: query,
-        folderId,
-      };
-
-      if (teamId) {
-        const team = await getTeamById({ userId: user.id, teamId });
-
-        getStatOptions.team = {
-          teamId: team.id,
-          teamEmail: team.teamEmail?.email,
-          senderIds,
-          currentTeamMemberRole: team.currentTeamRole,
-          currentUserEmail: user.email,
-          userId: user.id,
-        };
-      }
-
-      const [stats, documents] = await Promise.all([
-        getStats(getStatOptions),
-        findDocuments({
-          userId: user.id,
-          teamId,
-          query,
-          templateId,
-          page,
-          perPage,
-          source,
-          status,
-          period,
-          senderIds,
-          folderId,
-          orderBy: orderByColumn
-            ? { column: orderByColumn, direction: orderByDirection }
-            : undefined,
-        }),
-      ]);
-
-      return {
-        ...documents,
-        stats,
-      };
-    }),
-
-  /**
-   * @public
-   *
-   * Todo: Refactor to getDocumentById.
-   */
-  getDocumentWithDetailsById: authenticatedProcedure
-    .meta({
-      openapi: {
-        method: 'GET',
-        path: '/document/{documentId}',
-        summary: 'Get document',
-        description: 'Returns a document given an ID',
-        tags: ['Document'],
-      },
-    })
-    .input(ZGetDocumentWithDetailsByIdRequestSchema)
-    .output(ZGetDocumentWithDetailsByIdResponseSchema)
-    .query(async ({ input, ctx }) => {
-      const { teamId, user } = ctx;
-      const { documentId, folderId } = input;
-
-      ctx.logger.info({
-        input: {
-          documentId,
-          folderId,
-        },
-      });
-
-      return await getDocumentWithDetailsById({
-        userId: user.id,
-        teamId,
-        documentId,
-        folderId,
-      });
-    }),
-
-  /**
-   * Temporariy endpoint for V2 Beta until we allow passthrough documents on create.
-   *
-   * @public
-   * @deprecated
-   */
-  createDocumentTemporary: authenticatedProcedure
-    .meta({
-      openapi: {
-        method: 'POST',
-        path: '/document/create/beta',
-        summary: 'Create document',
-        description:
-          'You will need to upload the PDF to the provided URL returned. Note: Once V2 API is released, this will be removed since we will allow direct uploads, instead of using an upload URL.',
-        tags: ['Document'],
-      },
-    })
-    .input(ZCreateDocumentV2RequestSchema)
-    .output(ZCreateDocumentV2ResponseSchema)
-    .mutation(async ({ input, ctx }) => {
-      const { teamId, user } = ctx;
-
-      const {
-        title,
-        externalId,
-        visibility,
-        globalAccessAuth,
-        globalActionAuth,
-        recipients,
-        meta,
-        folderId,
-      } = input;
-
-      const { remaining } = await getServerLimits({ userId: user.id, teamId });
-
-      if (remaining.documents <= 0) {
-        throw new AppError(AppErrorCode.LIMIT_EXCEEDED, {
-          message: 'You have reached your document limit for this month. Please upgrade your plan.',
-          statusCode: 400,
-        });
-      }
-
-      const fileName = title.endsWith('.pdf') ? title : `${title}.pdf`;
-
-      const { url, key } = await getPresignPostUrl(fileName, 'application/pdf');
-
-      const documentData = await createDocumentData({
-        data: key,
-        type: DocumentDataType.S3_PATH,
-      });
-
-      const createdDocument = await createDocumentV2({
-        userId: ctx.user.id,
-        teamId,
-        documentDataId: documentData.id,
-        normalizePdf: false, // Not normalizing because of presigned URL.
-        data: {
-          title,
-          externalId,
-          visibility,
-          globalAccessAuth,
-          globalActionAuth,
-          recipients,
-          folderId,
-        },
-        meta,
-        requestMetadata: ctx.metadata,
-      });
-
-      return {
-        document: createdDocument,
-        folder: createdDocument.folder, // Todo: Remove this prior to api-v2 release.
-        uploadUrl: url,
-      };
-    }),
-
-  /**
-   * Wait until RR7 so we can passthrough documents.
-   *
-   * @private
-   */
-  createDocument: authenticatedProcedure
-    // .meta({
-    //   openapi: {
-    //     method: 'POST',
-    //     path: '/document/create',
-    //     summary: 'Create document',
-    //     tags: ['Document'],
-    //   },
-    // })
-    .input(ZCreateDocumentRequestSchema)
-    .mutation(async ({ input, ctx }) => {
-      const { user, teamId } = ctx;
-      const { title, documentDataId, timezone, folderId } = input;
-
-      ctx.logger.info({
-        input: {
-          folderId,
-        },
-      });
-
-      const { remaining } = await getServerLimits({ userId: user.id, teamId });
-
-      if (remaining.documents <= 0) {
-        throw new AppError(AppErrorCode.LIMIT_EXCEEDED, {
-          message: 'You have reached your document limit for this month. Please upgrade your plan.',
-          statusCode: 400,
-        });
-      }
-
-      return await createDocument({
-        userId: user.id,
-        teamId,
-        title,
-        documentDataId,
-        normalizePdf: true,
-        userTimezone: timezone,
-        requestMetadata: ctx.metadata,
-        folderId,
-      });
-    }),
-
-  /**
-   * @public
-   */
-  deleteDocument: authenticatedProcedure
-    .meta({
-      openapi: {
-        method: 'POST',
-        path: '/document/delete',
-        summary: 'Delete document',
-        tags: ['Document'],
-      },
-    })
-    .input(ZDeleteDocumentMutationSchema)
-    .output(ZSuccessResponseSchema)
-    .mutation(async ({ input, ctx }) => {
-      const { teamId } = ctx;
-      const { documentId } = input;
-
-      ctx.logger.info({
-        input: {
-          documentId,
-        },
-      });
-
-      const userId = ctx.user.id;
-
-      await deleteDocument({
-        id: documentId,
-        userId,
-        teamId,
-        requestMetadata: ctx.metadata,
-      });
-
-      return ZGenericSuccessResponse;
-    }),
-
-  /**
-   * @private
-   *
-   * Todo: Remove and use `updateDocument` endpoint instead.
-   */
-  setSigningOrderForDocument: authenticatedProcedure
-    .input(ZSetSigningOrderForDocumentMutationSchema)
-    .mutation(async ({ input, ctx }) => {
-      const { teamId } = ctx;
-      const { documentId, signingOrder } = input;
-
-      ctx.logger.info({
-        input: {
-          documentId,
-          signingOrder,
-        },
-      });
-
-      return await upsertDocumentMeta({
-        userId: ctx.user.id,
-        teamId,
-        documentId,
-        signingOrder,
-        requestMetadata: ctx.metadata,
-      });
-    }),
-
-  /**
-   * @public
-   *
-   * Todo: Refactor to distributeDocument.
-   * Todo: Rework before releasing API.
-   */
-  sendDocument: authenticatedProcedure
-    .meta({
-      openapi: {
-        method: 'POST',
-        path: '/document/distribute',
-        summary: 'Distribute document',
-        description: 'Send the document out to recipients based on your distribution method',
-        tags: ['Document'],
-      },
-    })
-    .input(ZDistributeDocumentRequestSchema)
-    .output(ZDistributeDocumentResponseSchema)
-    .mutation(async ({ input, ctx }) => {
-      const { teamId } = ctx;
-      const { documentId, meta = {} } = input;
-
-      ctx.logger.info({
-        input: {
-          documentId,
-        },
-      });
-
-      if (Object.values(meta).length > 0) {
-        await upsertDocumentMeta({
-          userId: ctx.user.id,
-          teamId,
-          documentId,
-          subject: meta.subject,
-          message: meta.message,
-          dateFormat: meta.dateFormat,
-          timezone: meta.timezone,
-          redirectUrl: meta.redirectUrl,
-          distributionMethod: meta.distributionMethod,
-          emailSettings: meta.emailSettings,
-          language: meta.language,
-          emailId: meta.emailId,
-          emailReplyTo: meta.emailReplyTo,
-          requestMetadata: ctx.metadata,
-        });
-      }
-
-      return await sendDocument({
-        userId: ctx.user.id,
-        documentId,
-        teamId,
-        requestMetadata: ctx.metadata,
-      });
-    }),
-
-  /**
-   * @public
-   *
-   * Todo: Refactor to redistributeDocument.
-   */
-  resendDocument: authenticatedProcedure
-    .meta({
-      openapi: {
-        method: 'POST',
-        path: '/document/redistribute',
-        summary: 'Redistribute document',
-        description:
-          'Redistribute the document to the provided recipients who have not actioned the document. Will use the distribution method set in the document',
-        tags: ['Document'],
-      },
-    })
-    .input(ZResendDocumentMutationSchema)
-    .output(ZSuccessResponseSchema)
-    .mutation(async ({ input, ctx }) => {
-      const { teamId } = ctx;
-      const { documentId, recipients } = input;
-
-      ctx.logger.info({
-        input: {
-          documentId,
-          recipients,
-        },
-      });
-
-      await resendDocument({
-        userId: ctx.user.id,
-        teamId,
-        documentId,
-        recipients,
-        requestMetadata: ctx.metadata,
-      });
-
-      return ZGenericSuccessResponse;
-    }),
-
-  /**
-   * @public
-   */
-  duplicateDocument: authenticatedProcedure
-    .meta({
-      openapi: {
-        method: 'POST',
-        path: '/document/duplicate',
-        summary: 'Duplicate document',
-        tags: ['Document'],
-      },
-    })
-    .input(ZDuplicateDocumentRequestSchema)
-    .output(ZDuplicateDocumentResponseSchema)
-    .mutation(async ({ input, ctx }) => {
-      const { teamId, user } = ctx;
-      const { documentId } = input;
-
-      ctx.logger.info({
-        input: {
-          documentId,
-        },
-      });
-
-      return await duplicateDocument({
-        userId: user.id,
-        teamId,
-        documentId,
-      });
-    }),
-
-  /**
-   * @private
-   */
-  searchDocuments: authenticatedProcedure
-    .input(ZSearchDocumentsMutationSchema)
-    .query(async ({ input, ctx }) => {
-      const { query } = input;
-
-      const documents = await searchDocumentsWithKeyword({
-        query,
-        userId: ctx.user.id,
-      });
-
-      return documents;
-    }),
-
-  /**
-   * @private
-   */
-  findDocumentAuditLogs: authenticatedProcedure
-    .input(ZFindDocumentAuditLogsQuerySchema)
-    .query(async ({ input, ctx }) => {
-      const { teamId } = ctx;
-
-      const {
-        page,
-        perPage,
-        documentId,
-        cursor,
-        filterForRecentActivity,
-        orderByColumn,
-        orderByDirection,
-      } = input;
-
-      ctx.logger.info({
-        input: {
-          documentId,
-        },
-      });
-
-      return await findDocumentAuditLogs({
-        userId: ctx.user.id,
-        teamId,
-        page,
-        perPage,
-        documentId,
-        cursor,
-        filterForRecentActivity,
-        orderBy: orderByColumn ? { column: orderByColumn, direction: orderByDirection } : undefined,
-      });
-    }),
-
-  /**
-   * @private
-   */
-  downloadAuditLogs: authenticatedProcedure
-    .input(ZDownloadAuditLogsMutationSchema)
-    .mutation(async ({ input, ctx }) => {
-      const { teamId } = ctx;
-      const { documentId } = input;
-
-      ctx.logger.info({
-        input: {
-          documentId,
-        },
-      });
-
-      const document = await getDocumentById({
-        documentId,
-        userId: ctx.user.id,
-        teamId,
-      }).catch(() => null);
-
-      if (!document || (teamId && document.teamId !== teamId)) {
-        throw new AppError(AppErrorCode.UNAUTHORIZED, {
-          message: 'You do not have access to this document.',
-        });
-      }
-
-      const encrypted = encryptSecondaryData({
-        data: document.id.toString(),
-        expiresAt: DateTime.now().plus({ minutes: 5 }).toJSDate().valueOf(),
-      });
-
-      return {
-        url: `${NEXT_PUBLIC_WEBAPP_URL()}/__htmltopdf/audit-log?d=${encrypted}`,
-      };
-    }),
-
-  /**
-   * @private
-   */
-  downloadCertificate: authenticatedProcedure
-    .input(ZDownloadCertificateMutationSchema)
-    .mutation(async ({ input, ctx }) => {
-      const { teamId } = ctx;
-      const { documentId } = input;
-
-      ctx.logger.info({
-        input: {
-          documentId,
-        },
-      });
-
-      const document = await getDocumentById({
-        documentId,
-        userId: ctx.user.id,
-        teamId,
-      });
-
-      if (!isDocumentCompleted(document.status)) {
-        throw new AppError('DOCUMENT_NOT_COMPLETE');
-      }
-
-      const encrypted = encryptSecondaryData({
-        data: document.id.toString(),
-        expiresAt: DateTime.now().plus({ minutes: 5 }).toJSDate().valueOf(),
-      });
-
-      return {
-        url: `${NEXT_PUBLIC_WEBAPP_URL()}/__htmltopdf/certificate?d=${encrypted}`,
-      };
-    }),
+  }),
 });
diff --git a/packages/trpc/server/document-router/schema.ts b/packages/trpc/server/document-router/schema.ts
index 22425a2f4..f362bf1a1 100644
--- a/packages/trpc/server/document-router/schema.ts
+++ b/packages/trpc/server/document-router/schema.ts
@@ -1,39 +1,9 @@
-import {
-  DocumentDistributionMethod,
-  DocumentSigningOrder,
-  DocumentSource,
-  DocumentStatus,
-  DocumentVisibility,
-  FieldType,
-} from '@prisma/client';
+import { DocumentDistributionMethod, DocumentVisibility } from '@prisma/client';
 import { z } from 'zod';
 
 import { VALID_DATE_FORMAT_VALUES } from '@documenso/lib/constants/date-formats';
 import { SUPPORTED_LANGUAGE_CODES } from '@documenso/lib/constants/i18n';
-import {
-  ZDocumentLiteSchema,
-  ZDocumentManySchema,
-  ZDocumentSchema,
-} from '@documenso/lib/types/document';
-import {
-  ZDocumentAccessAuthTypesSchema,
-  ZDocumentActionAuthTypesSchema,
-} from '@documenso/lib/types/document-auth';
-import { ZDocumentEmailSettingsSchema } from '@documenso/lib/types/document-email';
-import { ZDocumentFormValuesSchema } from '@documenso/lib/types/document-form-values';
-import {
-  ZFieldHeightSchema,
-  ZFieldPageNumberSchema,
-  ZFieldPageXSchema,
-  ZFieldPageYSchema,
-  ZFieldWidthSchema,
-} from '@documenso/lib/types/field';
-import { ZFieldAndMetaSchema } from '@documenso/lib/types/field-meta';
-import { ZFindResultResponse, ZFindSearchParamsSchema } from '@documenso/lib/types/search-params';
 import { isValidRedirectUrl } from '@documenso/lib/utils/is-valid-redirect-url';
-import { ExtendedDocumentStatus } from '@documenso/prisma/types/extended-document-status';
-
-import { ZCreateRecipientSchema } from '../recipient-router/schema';
 
 /**
  * Required for empty responses since we currently can't 201 requests for our openapi setup.
@@ -116,258 +86,3 @@ export const ZDocumentMetaDrawSignatureEnabledSchema = z
 export const ZDocumentMetaUploadSignatureEnabledSchema = z
   .boolean()
   .describe('Whether to allow recipients to sign using an uploaded signature.');
-
-export const ZFindDocumentsRequestSchema = ZFindSearchParamsSchema.extend({
-  templateId: z
-    .number()
-    .describe('Filter documents by the template ID used to create it.')
-    .optional(),
-  source: z
-    .nativeEnum(DocumentSource)
-    .describe('Filter documents by how it was created.')
-    .optional(),
-  status: z
-    .nativeEnum(DocumentStatus)
-    .describe('Filter documents by the current status')
-    .optional(),
-  folderId: z.string().describe('Filter documents by folder ID').optional(),
-  orderByColumn: z.enum(['createdAt']).optional(),
-  orderByDirection: z.enum(['asc', 'desc']).describe('').default('desc'),
-});
-
-export const ZFindDocumentsResponseSchema = ZFindResultResponse.extend({
-  data: ZDocumentManySchema.array(),
-});
-
-export type TFindDocumentsResponse = z.infer<typeof ZFindDocumentsResponseSchema>;
-
-export const ZFindDocumentsInternalRequestSchema = ZFindDocumentsRequestSchema.extend({
-  period: z.enum(['7d', '14d', '30d']).optional(),
-  senderIds: z.array(z.number()).optional(),
-  status: z.nativeEnum(ExtendedDocumentStatus).optional(),
-  folderId: z.string().optional(),
-});
-
-export const ZFindDocumentsInternalResponseSchema = ZFindResultResponse.extend({
-  data: ZDocumentManySchema.array(),
-  stats: z.object({
-    [ExtendedDocumentStatus.DRAFT]: z.number(),
-    [ExtendedDocumentStatus.PENDING]: z.number(),
-    [ExtendedDocumentStatus.COMPLETED]: z.number(),
-    [ExtendedDocumentStatus.REJECTED]: z.number(),
-    [ExtendedDocumentStatus.INBOX]: z.number(),
-    [ExtendedDocumentStatus.ALL]: z.number(),
-  }),
-});
-
-export type TFindDocumentsInternalResponse = z.infer<typeof ZFindDocumentsInternalResponseSchema>;
-
-export const ZFindDocumentAuditLogsQuerySchema = ZFindSearchParamsSchema.extend({
-  documentId: z.number().min(1),
-  cursor: z.string().optional(),
-  filterForRecentActivity: z.boolean().optional(),
-  orderByColumn: z.enum(['createdAt', 'type']).optional(),
-  orderByDirection: z.enum(['asc', 'desc']).default('desc'),
-});
-
-export const ZGetDocumentByIdQuerySchema = z.object({
-  documentId: z.number(),
-});
-
-export const ZDuplicateDocumentRequestSchema = z.object({
-  documentId: z.number(),
-});
-
-export const ZDuplicateDocumentResponseSchema = z.object({
-  documentId: z.number(),
-});
-
-export const ZGetDocumentByTokenQuerySchema = z.object({
-  token: z.string().min(1),
-});
-
-export type TGetDocumentByTokenQuerySchema = z.infer<typeof ZGetDocumentByTokenQuerySchema>;
-
-export const ZGetDocumentWithDetailsByIdRequestSchema = z.object({
-  documentId: z.number(),
-  folderId: z.string().describe('Filter documents by folder ID').optional(),
-});
-
-export const ZGetDocumentWithDetailsByIdResponseSchema = ZDocumentSchema;
-
-export const ZCreateDocumentRequestSchema = z.object({
-  title: ZDocumentTitleSchema,
-  documentDataId: z.string().min(1),
-  timezone: ZDocumentMetaTimezoneSchema.optional(),
-  folderId: z.string().describe('The ID of the folder to create the document in').optional(),
-});
-
-export const ZCreateDocumentV2RequestSchema = z.object({
-  title: ZDocumentTitleSchema,
-  externalId: ZDocumentExternalIdSchema.optional(),
-  visibility: ZDocumentVisibilitySchema.optional(),
-  globalAccessAuth: z.array(ZDocumentAccessAuthTypesSchema).optional(),
-  globalActionAuth: z.array(ZDocumentActionAuthTypesSchema).optional(),
-  formValues: ZDocumentFormValuesSchema.optional(),
-  folderId: z
-    .string()
-    .describe(
-      'The ID of the folder to create the document in. If not provided, the document will be created in the root folder.',
-    )
-    .optional(),
-  recipients: z
-    .array(
-      ZCreateRecipientSchema.extend({
-        fields: ZFieldAndMetaSchema.and(
-          z.object({
-            pageNumber: ZFieldPageNumberSchema,
-            pageX: ZFieldPageXSchema,
-            pageY: ZFieldPageYSchema,
-            width: ZFieldWidthSchema,
-            height: ZFieldHeightSchema,
-          }),
-        )
-          .array()
-          .optional(),
-      }),
-    )
-    .refine(
-      (recipients) => {
-        const emails = recipients.map((recipient) => recipient.email);
-
-        return new Set(emails).size === emails.length;
-      },
-      { message: 'Recipients must have unique emails' },
-    )
-    .optional(),
-  meta: z
-    .object({
-      subject: ZDocumentMetaSubjectSchema.optional(),
-      message: ZDocumentMetaMessageSchema.optional(),
-      timezone: ZDocumentMetaTimezoneSchema.optional(),
-      dateFormat: ZDocumentMetaDateFormatSchema.optional(),
-      distributionMethod: ZDocumentMetaDistributionMethodSchema.optional(),
-      signingOrder: z.nativeEnum(DocumentSigningOrder).optional(),
-      redirectUrl: ZDocumentMetaRedirectUrlSchema.optional(),
-      language: ZDocumentMetaLanguageSchema.optional(),
-      typedSignatureEnabled: ZDocumentMetaTypedSignatureEnabledSchema.optional(),
-      drawSignatureEnabled: ZDocumentMetaDrawSignatureEnabledSchema.optional(),
-      uploadSignatureEnabled: ZDocumentMetaUploadSignatureEnabledSchema.optional(),
-      emailSettings: ZDocumentEmailSettingsSchema.optional(),
-    })
-    .optional(),
-});
-
-export type TCreateDocumentV2Request = z.infer<typeof ZCreateDocumentV2RequestSchema>;
-
-export const ZCreateDocumentV2ResponseSchema = z.object({
-  document: ZDocumentSchema,
-  uploadUrl: z
-    .string()
-    .describe(
-      'The URL to upload the document PDF to. Use a PUT request with the file via form-data',
-    ),
-});
-
-export const ZSetFieldsForDocumentMutationSchema = z.object({
-  documentId: z.number(),
-  fields: z.array(
-    z.object({
-      id: z.number().nullish(),
-      type: z.nativeEnum(FieldType),
-      signerEmail: z.string().min(1),
-      pageNumber: z.number().min(1),
-      pageX: z.number().min(0),
-      pageY: z.number().min(0),
-      pageWidth: z.number().min(0),
-      pageHeight: z.number().min(0),
-    }),
-  ),
-});
-
-export type TSetFieldsForDocumentMutationSchema = z.infer<
-  typeof ZSetFieldsForDocumentMutationSchema
->;
-
-export const ZDistributeDocumentRequestSchema = z.object({
-  documentId: z.number().describe('The ID of the document to send.'),
-  meta: z
-    .object({
-      subject: ZDocumentMetaSubjectSchema.optional(),
-      message: ZDocumentMetaMessageSchema.optional(),
-      timezone: ZDocumentMetaTimezoneSchema.optional(),
-      dateFormat: ZDocumentMetaDateFormatSchema.optional(),
-      distributionMethod: ZDocumentMetaDistributionMethodSchema.optional(),
-      redirectUrl: ZDocumentMetaRedirectUrlSchema.optional(),
-      language: ZDocumentMetaLanguageSchema.optional(),
-      emailId: z.string().nullish(),
-      emailReplyTo: z.string().email().nullish(),
-      emailSettings: ZDocumentEmailSettingsSchema.optional(),
-    })
-    .optional(),
-});
-
-export const ZDistributeDocumentResponseSchema = ZDocumentLiteSchema;
-
-export const ZSetPasswordForDocumentMutationSchema = z.object({
-  documentId: z.number(),
-  password: z.string(),
-});
-
-export type TSetPasswordForDocumentMutationSchema = z.infer<
-  typeof ZSetPasswordForDocumentMutationSchema
->;
-
-export const ZSetSigningOrderForDocumentMutationSchema = z.object({
-  documentId: z.number(),
-  signingOrder: z.nativeEnum(DocumentSigningOrder),
-});
-
-export type TSetSigningOrderForDocumentMutationSchema = z.infer<
-  typeof ZSetSigningOrderForDocumentMutationSchema
->;
-
-export const ZResendDocumentMutationSchema = z.object({
-  documentId: z.number(),
-  recipients: z
-    .array(z.number())
-    .min(1)
-    .describe('The IDs of the recipients to redistribute the document to.'),
-});
-
-export const ZDeleteDocumentMutationSchema = z.object({
-  documentId: z.number(),
-});
-
-export type TDeleteDocumentMutationSchema = z.infer<typeof ZDeleteDocumentMutationSchema>;
-
-export const ZSearchDocumentsMutationSchema = z.object({
-  query: z.string(),
-});
-
-export const ZDownloadAuditLogsMutationSchema = z.object({
-  documentId: z.number(),
-});
-
-export const ZDownloadCertificateMutationSchema = z.object({
-  documentId: z.number(),
-});
-
-export const ZDownloadDocumentRequestSchema = z.object({
-  documentId: z.number().describe('The ID of the document to download.'),
-  version: z
-    .enum(['original', 'signed'])
-    .describe(
-      'The version of the document to download. "signed" returns the completed document with signatures, "original" returns the original uploaded document.',
-    )
-    .default('signed'),
-});
-
-export const ZDownloadDocumentResponseSchema = z.object({
-  downloadUrl: z.string().describe('Pre-signed URL for downloading the PDF file'),
-  filename: z.string().describe('The filename of the PDF file'),
-  contentType: z.string().describe('MIME type of the file'),
-});
-
-export type TDownloadDocumentRequest = z.infer<typeof ZDownloadDocumentRequestSchema>;
-export type TDownloadDocumentResponse = z.infer<typeof ZDownloadDocumentResponseSchema>;
diff --git a/packages/trpc/server/document-router/search-document.ts b/packages/trpc/server/document-router/search-document.ts
new file mode 100644
index 000000000..4acd3be69
--- /dev/null
+++ b/packages/trpc/server/document-router/search-document.ts
@@ -0,0 +1,21 @@
+import { searchDocumentsWithKeyword } from '@documenso/lib/server-only/document/search-documents-with-keyword';
+
+import { authenticatedProcedure } from '../trpc';
+import {
+  ZSearchDocumentRequestSchema,
+  ZSearchDocumentResponseSchema,
+} from './search-document.types';
+
+export const searchDocumentRoute = authenticatedProcedure
+  .input(ZSearchDocumentRequestSchema)
+  .output(ZSearchDocumentResponseSchema)
+  .query(async ({ input, ctx }) => {
+    const { query } = input;
+
+    const documents = await searchDocumentsWithKeyword({
+      query,
+      userId: ctx.user.id,
+    });
+
+    return documents;
+  });
diff --git a/packages/trpc/server/document-router/search-document.types.ts b/packages/trpc/server/document-router/search-document.types.ts
new file mode 100644
index 000000000..5a6903066
--- /dev/null
+++ b/packages/trpc/server/document-router/search-document.types.ts
@@ -0,0 +1,16 @@
+import { z } from 'zod';
+
+export const ZSearchDocumentRequestSchema = z.object({
+  query: z.string(),
+});
+
+export const ZSearchDocumentResponseSchema = z
+  .object({
+    title: z.string(),
+    path: z.string(),
+    value: z.string(),
+  })
+  .array();
+
+export type TSearchDocumentRequest = z.infer<typeof ZSearchDocumentRequestSchema>;
+export type TSearchDocumentResponse = z.infer<typeof ZSearchDocumentResponseSchema>;
diff --git a/packages/trpc/server/organisation-router/create-organisation-group.ts b/packages/trpc/server/organisation-router/create-organisation-group.ts
index b2dc3cde9..db87c8378 100644
--- a/packages/trpc/server/organisation-router/create-organisation-group.ts
+++ b/packages/trpc/server/organisation-router/create-organisation-group.ts
@@ -40,7 +40,13 @@ export const createOrganisationGroupRoute = authenticatedProcedure
         groups: true,
         members: {
           include: {
-            user: true,
+            user: {
+              select: {
+                id: true,
+                email: true,
+                name: true,
+              },
+            },
           },
         },
       },

From 5a5bfe6e3427c19db8b4888d6a93a6ef8333a225 Mon Sep 17 00:00:00 2001
From: David Nguyen <davidngu28@gmail.com>
Date: Mon, 25 Aug 2025 08:23:48 +1000
Subject: [PATCH 09/17] fix: refactor admin router (#1982)

---
 .../dialogs/admin-document-delete-dialog.tsx  |   2 +-
 .../dialogs/admin-user-delete-dialog.tsx      |   2 +-
 .../dialogs/admin-user-disable-dialog.tsx     |   2 +-
 .../dialogs/admin-user-enable-dialog.tsx      |   2 +-
 .../admin-document-recipient-item-table.tsx   |   2 +-
 .../_authenticated+/admin+/documents.$id.tsx  |   2 +-
 .../admin+/documents._index.tsx               |   2 +-
 .../_authenticated+/admin+/users.$id.tsx      |   6 +-
 packages/lib/server-only/admin/update-user.ts |   2 +-
 .../server/admin-router/delete-document.ts    |  28 +++
 .../admin-router/delete-document.types.ts     |  11 +
 .../trpc/server/admin-router/delete-user.ts   |  19 ++
 .../server/admin-router/delete-user.types.ts  |  10 +
 .../trpc/server/admin-router/disable-user.ts  |  29 +++
 .../server/admin-router/disable-user.types.ts |  10 +
 .../trpc/server/admin-router/enable-user.ts   |  29 +++
 .../server/admin-router/enable-user.types.ts  |  10 +
 .../server/admin-router/find-documents.ts     |  13 ++
 .../admin-router/find-documents.types.ts      |  17 ++
 .../server/admin-router/reseal-document.ts    |  28 +++
 .../admin-router/reseal-document.types.ts     |  10 +
 packages/trpc/server/admin-router/router.ts   | 200 ++----------------
 packages/trpc/server/admin-router/schema.ts   |  67 ------
 .../server/admin-router/update-recipient.ts   |  22 ++
 .../admin-router/update-recipient.types.ts    |  12 ++
 .../admin-router/update-site-setting.ts       |  27 +++
 .../admin-router/update-site-setting.types.ts |  10 +
 .../trpc/server/admin-router/update-user.ts   |  20 ++
 .../server/admin-router/update-user.types.ts  |  14 ++
 29 files changed, 353 insertions(+), 255 deletions(-)
 create mode 100644 packages/trpc/server/admin-router/delete-document.ts
 create mode 100644 packages/trpc/server/admin-router/delete-document.types.ts
 create mode 100644 packages/trpc/server/admin-router/delete-user.ts
 create mode 100644 packages/trpc/server/admin-router/delete-user.types.ts
 create mode 100644 packages/trpc/server/admin-router/disable-user.ts
 create mode 100644 packages/trpc/server/admin-router/disable-user.types.ts
 create mode 100644 packages/trpc/server/admin-router/enable-user.ts
 create mode 100644 packages/trpc/server/admin-router/enable-user.types.ts
 create mode 100644 packages/trpc/server/admin-router/find-documents.ts
 create mode 100644 packages/trpc/server/admin-router/find-documents.types.ts
 create mode 100644 packages/trpc/server/admin-router/reseal-document.ts
 create mode 100644 packages/trpc/server/admin-router/reseal-document.types.ts
 delete mode 100644 packages/trpc/server/admin-router/schema.ts
 create mode 100644 packages/trpc/server/admin-router/update-recipient.ts
 create mode 100644 packages/trpc/server/admin-router/update-recipient.types.ts
 create mode 100644 packages/trpc/server/admin-router/update-site-setting.ts
 create mode 100644 packages/trpc/server/admin-router/update-site-setting.types.ts
 create mode 100644 packages/trpc/server/admin-router/update-user.ts
 create mode 100644 packages/trpc/server/admin-router/update-user.types.ts

diff --git a/apps/remix/app/components/dialogs/admin-document-delete-dialog.tsx b/apps/remix/app/components/dialogs/admin-document-delete-dialog.tsx
index 26692fedb..9f82d8551 100644
--- a/apps/remix/app/components/dialogs/admin-document-delete-dialog.tsx
+++ b/apps/remix/app/components/dialogs/admin-document-delete-dialog.tsx
@@ -34,7 +34,7 @@ export const AdminDocumentDeleteDialog = ({ document }: AdminDocumentDeleteDialo
   const [reason, setReason] = useState('');
 
   const { mutateAsync: deleteDocument, isPending: isDeletingDocument } =
-    trpc.admin.deleteDocument.useMutation();
+    trpc.admin.document.delete.useMutation();
 
   const handleDeleteDocument = async () => {
     try {
diff --git a/apps/remix/app/components/dialogs/admin-user-delete-dialog.tsx b/apps/remix/app/components/dialogs/admin-user-delete-dialog.tsx
index 58ffa9c85..d2f0cf8b7 100644
--- a/apps/remix/app/components/dialogs/admin-user-delete-dialog.tsx
+++ b/apps/remix/app/components/dialogs/admin-user-delete-dialog.tsx
@@ -35,7 +35,7 @@ export const AdminUserDeleteDialog = ({ className, user }: AdminUserDeleteDialog
   const [email, setEmail] = useState('');
 
   const { mutateAsync: deleteUser, isPending: isDeletingUser } =
-    trpc.admin.deleteUser.useMutation();
+    trpc.admin.user.delete.useMutation();
 
   const onDeleteAccount = async () => {
     try {
diff --git a/apps/remix/app/components/dialogs/admin-user-disable-dialog.tsx b/apps/remix/app/components/dialogs/admin-user-disable-dialog.tsx
index ee42931a9..5d995ccdf 100644
--- a/apps/remix/app/components/dialogs/admin-user-disable-dialog.tsx
+++ b/apps/remix/app/components/dialogs/admin-user-disable-dialog.tsx
@@ -37,7 +37,7 @@ export const AdminUserDisableDialog = ({
   const [email, setEmail] = useState('');
 
   const { mutateAsync: disableUser, isPending: isDisablingUser } =
-    trpc.admin.disableUser.useMutation();
+    trpc.admin.user.disable.useMutation();
 
   const onDisableAccount = async () => {
     try {
diff --git a/apps/remix/app/components/dialogs/admin-user-enable-dialog.tsx b/apps/remix/app/components/dialogs/admin-user-enable-dialog.tsx
index 1718c9e97..702b2d73b 100644
--- a/apps/remix/app/components/dialogs/admin-user-enable-dialog.tsx
+++ b/apps/remix/app/components/dialogs/admin-user-enable-dialog.tsx
@@ -34,7 +34,7 @@ export const AdminUserEnableDialog = ({ className, userToEnable }: AdminUserEnab
   const [email, setEmail] = useState('');
 
   const { mutateAsync: enableUser, isPending: isEnablingUser } =
-    trpc.admin.enableUser.useMutation();
+    trpc.admin.user.enable.useMutation();
 
   const onEnableAccount = async () => {
     try {
diff --git a/apps/remix/app/components/tables/admin-document-recipient-item-table.tsx b/apps/remix/app/components/tables/admin-document-recipient-item-table.tsx
index 58e25b179..89a9366b1 100644
--- a/apps/remix/app/components/tables/admin-document-recipient-item-table.tsx
+++ b/apps/remix/app/components/tables/admin-document-recipient-item-table.tsx
@@ -52,7 +52,7 @@ export const AdminDocumentRecipientItemTable = ({ recipient }: RecipientItemProp
     },
   });
 
-  const { mutateAsync: updateRecipient } = trpc.admin.updateRecipient.useMutation();
+  const { mutateAsync: updateRecipient } = trpc.admin.recipient.update.useMutation();
 
   const columns = useMemo(() => {
     return [
diff --git a/apps/remix/app/routes/_authenticated+/admin+/documents.$id.tsx b/apps/remix/app/routes/_authenticated+/admin+/documents.$id.tsx
index db1b4d0e8..623ac0938 100644
--- a/apps/remix/app/routes/_authenticated+/admin+/documents.$id.tsx
+++ b/apps/remix/app/routes/_authenticated+/admin+/documents.$id.tsx
@@ -48,7 +48,7 @@ export default function AdminDocumentDetailsPage({ loaderData }: Route.Component
   const { toast } = useToast();
 
   const { mutate: resealDocument, isPending: isResealDocumentLoading } =
-    trpc.admin.resealDocument.useMutation({
+    trpc.admin.document.reseal.useMutation({
       onSuccess: () => {
         toast({
           title: _(msg`Success`),
diff --git a/apps/remix/app/routes/_authenticated+/admin+/documents._index.tsx b/apps/remix/app/routes/_authenticated+/admin+/documents._index.tsx
index 35640b28e..27b7509f2 100644
--- a/apps/remix/app/routes/_authenticated+/admin+/documents._index.tsx
+++ b/apps/remix/app/routes/_authenticated+/admin+/documents._index.tsx
@@ -33,7 +33,7 @@ export default function AdminDocumentsPage() {
   const perPage = searchParams?.get?.('perPage') ? Number(searchParams.get('perPage')) : undefined;
 
   const { data: findDocumentsData, isPending: isFindDocumentsLoading } =
-    trpc.admin.findDocuments.useQuery(
+    trpc.admin.document.find.useQuery(
       {
         query: debouncedTerm,
         page: page || 1,
diff --git a/apps/remix/app/routes/_authenticated+/admin+/users.$id.tsx b/apps/remix/app/routes/_authenticated+/admin+/users.$id.tsx
index 458553dae..9242d3dd5 100644
--- a/apps/remix/app/routes/_authenticated+/admin+/users.$id.tsx
+++ b/apps/remix/app/routes/_authenticated+/admin+/users.$id.tsx
@@ -9,7 +9,7 @@ import { Link } from 'react-router';
 import type { z } from 'zod';
 
 import { trpc } from '@documenso/trpc/react';
-import { ZAdminUpdateProfileMutationSchema } from '@documenso/trpc/server/admin-router/schema';
+import { ZUpdateUserRequestSchema } from '@documenso/trpc/server/admin-router/update-user.types';
 import { Button } from '@documenso/ui/primitives/button';
 import {
   Form,
@@ -33,7 +33,7 @@ import { AdminOrganisationsTable } from '~/components/tables/admin-organisations
 
 import { MultiSelectRoleCombobox } from '../../../components/general/multiselect-role-combobox';
 
-const ZUserFormSchema = ZAdminUpdateProfileMutationSchema.omit({ id: true });
+const ZUserFormSchema = ZUpdateUserRequestSchema.omit({ id: true });
 
 type TUserFormSchema = z.infer<typeof ZUserFormSchema>;
 
@@ -85,7 +85,7 @@ const AdminUserPage = ({ user }: { user: User }) => {
 
   const roles = user.roles ?? [];
 
-  const { mutateAsync: updateUserMutation } = trpc.admin.updateUser.useMutation();
+  const { mutateAsync: updateUserMutation } = trpc.admin.user.update.useMutation();
 
   const form = useForm<TUserFormSchema>({
     resolver: zodResolver(ZUserFormSchema),
diff --git a/packages/lib/server-only/admin/update-user.ts b/packages/lib/server-only/admin/update-user.ts
index 6ee176803..c600fe863 100644
--- a/packages/lib/server-only/admin/update-user.ts
+++ b/packages/lib/server-only/admin/update-user.ts
@@ -16,7 +16,7 @@ export const updateUser = async ({ id, name, email, roles }: UpdateUserOptions)
     },
   });
 
-  return await prisma.user.update({
+  await prisma.user.update({
     where: {
       id,
     },
diff --git a/packages/trpc/server/admin-router/delete-document.ts b/packages/trpc/server/admin-router/delete-document.ts
new file mode 100644
index 000000000..70fc96591
--- /dev/null
+++ b/packages/trpc/server/admin-router/delete-document.ts
@@ -0,0 +1,28 @@
+import { sendDeleteEmail } from '@documenso/lib/server-only/document/send-delete-email';
+import { superDeleteDocument } from '@documenso/lib/server-only/document/super-delete-document';
+
+import { adminProcedure } from '../trpc';
+import {
+  ZDeleteDocumentRequestSchema,
+  ZDeleteDocumentResponseSchema,
+} from './delete-document.types';
+
+export const deleteDocumentRoute = adminProcedure
+  .input(ZDeleteDocumentRequestSchema)
+  .output(ZDeleteDocumentResponseSchema)
+  .mutation(async ({ ctx, input }) => {
+    const { id, reason } = input;
+
+    ctx.logger.info({
+      input: {
+        id,
+      },
+    });
+
+    await sendDeleteEmail({ documentId: id, reason });
+
+    await superDeleteDocument({
+      id,
+      requestMetadata: ctx.metadata.requestMetadata,
+    });
+  });
diff --git a/packages/trpc/server/admin-router/delete-document.types.ts b/packages/trpc/server/admin-router/delete-document.types.ts
new file mode 100644
index 000000000..58ff6ff35
--- /dev/null
+++ b/packages/trpc/server/admin-router/delete-document.types.ts
@@ -0,0 +1,11 @@
+import { z } from 'zod';
+
+export const ZDeleteDocumentRequestSchema = z.object({
+  id: z.number().min(1),
+  reason: z.string(),
+});
+
+export const ZDeleteDocumentResponseSchema = z.void();
+
+export type TDeleteDocumentRequest = z.infer<typeof ZDeleteDocumentRequestSchema>;
+export type TDeleteDocumentResponse = z.infer<typeof ZDeleteDocumentResponseSchema>;
diff --git a/packages/trpc/server/admin-router/delete-user.ts b/packages/trpc/server/admin-router/delete-user.ts
new file mode 100644
index 000000000..c78fdd651
--- /dev/null
+++ b/packages/trpc/server/admin-router/delete-user.ts
@@ -0,0 +1,19 @@
+import { deleteUser } from '@documenso/lib/server-only/user/delete-user';
+
+import { adminProcedure } from '../trpc';
+import { ZDeleteUserRequestSchema, ZDeleteUserResponseSchema } from './delete-user.types';
+
+export const deleteUserRoute = adminProcedure
+  .input(ZDeleteUserRequestSchema)
+  .output(ZDeleteUserResponseSchema)
+  .mutation(async ({ input, ctx }) => {
+    const { id } = input;
+
+    ctx.logger.info({
+      input: {
+        id,
+      },
+    });
+
+    await deleteUser({ id });
+  });
diff --git a/packages/trpc/server/admin-router/delete-user.types.ts b/packages/trpc/server/admin-router/delete-user.types.ts
new file mode 100644
index 000000000..b2d01f91b
--- /dev/null
+++ b/packages/trpc/server/admin-router/delete-user.types.ts
@@ -0,0 +1,10 @@
+import { z } from 'zod';
+
+export const ZDeleteUserRequestSchema = z.object({
+  id: z.number().min(1),
+});
+
+export const ZDeleteUserResponseSchema = z.void();
+
+export type TDeleteUserRequest = z.infer<typeof ZDeleteUserRequestSchema>;
+export type TDeleteUserResponse = z.infer<typeof ZDeleteUserResponseSchema>;
diff --git a/packages/trpc/server/admin-router/disable-user.ts b/packages/trpc/server/admin-router/disable-user.ts
new file mode 100644
index 000000000..9a2a1a854
--- /dev/null
+++ b/packages/trpc/server/admin-router/disable-user.ts
@@ -0,0 +1,29 @@
+import { AppError, AppErrorCode } from '@documenso/lib/errors/app-error';
+import { disableUser } from '@documenso/lib/server-only/user/disable-user';
+import { getUserById } from '@documenso/lib/server-only/user/get-user-by-id';
+
+import { adminProcedure } from '../trpc';
+import { ZDisableUserRequestSchema, ZDisableUserResponseSchema } from './disable-user.types';
+
+export const disableUserRoute = adminProcedure
+  .input(ZDisableUserRequestSchema)
+  .output(ZDisableUserResponseSchema)
+  .mutation(async ({ input, ctx }) => {
+    const { id } = input;
+
+    ctx.logger.info({
+      input: {
+        id,
+      },
+    });
+
+    const user = await getUserById({ id }).catch(() => null);
+
+    if (!user) {
+      throw new AppError(AppErrorCode.NOT_FOUND, {
+        message: 'User not found',
+      });
+    }
+
+    await disableUser({ id });
+  });
diff --git a/packages/trpc/server/admin-router/disable-user.types.ts b/packages/trpc/server/admin-router/disable-user.types.ts
new file mode 100644
index 000000000..51d26a3d8
--- /dev/null
+++ b/packages/trpc/server/admin-router/disable-user.types.ts
@@ -0,0 +1,10 @@
+import { z } from 'zod';
+
+export const ZDisableUserRequestSchema = z.object({
+  id: z.number().min(1),
+});
+
+export const ZDisableUserResponseSchema = z.void();
+
+export type TDisableUserRequest = z.infer<typeof ZDisableUserRequestSchema>;
+export type TDisableUserResponse = z.infer<typeof ZDisableUserResponseSchema>;
diff --git a/packages/trpc/server/admin-router/enable-user.ts b/packages/trpc/server/admin-router/enable-user.ts
new file mode 100644
index 000000000..171e3bf8a
--- /dev/null
+++ b/packages/trpc/server/admin-router/enable-user.ts
@@ -0,0 +1,29 @@
+import { AppError, AppErrorCode } from '@documenso/lib/errors/app-error';
+import { enableUser } from '@documenso/lib/server-only/user/enable-user';
+import { getUserById } from '@documenso/lib/server-only/user/get-user-by-id';
+
+import { adminProcedure } from '../trpc';
+import { ZEnableUserRequestSchema, ZEnableUserResponseSchema } from './enable-user.types';
+
+export const enableUserRoute = adminProcedure
+  .input(ZEnableUserRequestSchema)
+  .output(ZEnableUserResponseSchema)
+  .mutation(async ({ input, ctx }) => {
+    const { id } = input;
+
+    ctx.logger.info({
+      input: {
+        id,
+      },
+    });
+
+    const user = await getUserById({ id }).catch(() => null);
+
+    if (!user) {
+      throw new AppError(AppErrorCode.NOT_FOUND, {
+        message: 'User not found',
+      });
+    }
+
+    await enableUser({ id });
+  });
diff --git a/packages/trpc/server/admin-router/enable-user.types.ts b/packages/trpc/server/admin-router/enable-user.types.ts
new file mode 100644
index 000000000..5e44cb18e
--- /dev/null
+++ b/packages/trpc/server/admin-router/enable-user.types.ts
@@ -0,0 +1,10 @@
+import { z } from 'zod';
+
+export const ZEnableUserRequestSchema = z.object({
+  id: z.number().min(1),
+});
+
+export const ZEnableUserResponseSchema = z.void();
+
+export type TEnableUserRequest = z.infer<typeof ZEnableUserRequestSchema>;
+export type TEnableUserResponse = z.infer<typeof ZEnableUserResponseSchema>;
diff --git a/packages/trpc/server/admin-router/find-documents.ts b/packages/trpc/server/admin-router/find-documents.ts
new file mode 100644
index 000000000..7ce96c1f5
--- /dev/null
+++ b/packages/trpc/server/admin-router/find-documents.ts
@@ -0,0 +1,13 @@
+import { findDocuments } from '@documenso/lib/server-only/admin/get-all-documents';
+
+import { adminProcedure } from '../trpc';
+import { ZFindDocumentsRequestSchema, ZFindDocumentsResponseSchema } from './find-documents.types';
+
+export const findDocumentsRoute = adminProcedure
+  .input(ZFindDocumentsRequestSchema)
+  .output(ZFindDocumentsResponseSchema)
+  .query(async ({ input }) => {
+    const { query, page, perPage } = input;
+
+    return await findDocuments({ query, page, perPage });
+  });
diff --git a/packages/trpc/server/admin-router/find-documents.types.ts b/packages/trpc/server/admin-router/find-documents.types.ts
new file mode 100644
index 000000000..b6fc4e864
--- /dev/null
+++ b/packages/trpc/server/admin-router/find-documents.types.ts
@@ -0,0 +1,17 @@
+import { z } from 'zod';
+
+import { ZDocumentManySchema } from '@documenso/lib/types/document';
+import { ZFindResultResponse, ZFindSearchParamsSchema } from '@documenso/lib/types/search-params';
+
+export const ZFindDocumentsRequestSchema = ZFindSearchParamsSchema.extend({
+  perPage: z.number().optional().default(20),
+});
+
+export const ZFindDocumentsResponseSchema = ZFindResultResponse.extend({
+  data: ZDocumentManySchema.omit({
+    team: true,
+  }).array(),
+});
+
+export type TFindDocumentsRequest = z.infer<typeof ZFindDocumentsRequestSchema>;
+export type TFindDocumentsResponse = z.infer<typeof ZFindDocumentsResponseSchema>;
diff --git a/packages/trpc/server/admin-router/reseal-document.ts b/packages/trpc/server/admin-router/reseal-document.ts
new file mode 100644
index 000000000..7436d29c7
--- /dev/null
+++ b/packages/trpc/server/admin-router/reseal-document.ts
@@ -0,0 +1,28 @@
+import { getEntireDocument } from '@documenso/lib/server-only/admin/get-entire-document';
+import { sealDocument } from '@documenso/lib/server-only/document/seal-document';
+import { isDocumentCompleted } from '@documenso/lib/utils/document';
+
+import { adminProcedure } from '../trpc';
+import {
+  ZResealDocumentRequestSchema,
+  ZResealDocumentResponseSchema,
+} from './reseal-document.types';
+
+export const resealDocumentRoute = adminProcedure
+  .input(ZResealDocumentRequestSchema)
+  .output(ZResealDocumentResponseSchema)
+  .mutation(async ({ input, ctx }) => {
+    const { id } = input;
+
+    ctx.logger.info({
+      input: {
+        id,
+      },
+    });
+
+    const document = await getEntireDocument({ id });
+
+    const isResealing = isDocumentCompleted(document.status);
+
+    await sealDocument({ documentId: id, isResealing });
+  });
diff --git a/packages/trpc/server/admin-router/reseal-document.types.ts b/packages/trpc/server/admin-router/reseal-document.types.ts
new file mode 100644
index 000000000..e33c2dc5c
--- /dev/null
+++ b/packages/trpc/server/admin-router/reseal-document.types.ts
@@ -0,0 +1,10 @@
+import { z } from 'zod';
+
+export const ZResealDocumentRequestSchema = z.object({
+  id: z.number().min(1),
+});
+
+export const ZResealDocumentResponseSchema = z.void();
+
+export type TResealDocumentRequest = z.infer<typeof ZResealDocumentRequestSchema>;
+export type TResealDocumentResponse = z.infer<typeof ZResealDocumentResponseSchema>;
diff --git a/packages/trpc/server/admin-router/router.ts b/packages/trpc/server/admin-router/router.ts
index 3487a3d21..7c6f1558b 100644
--- a/packages/trpc/server/admin-router/router.ts
+++ b/packages/trpc/server/admin-router/router.ts
@@ -1,40 +1,23 @@
-import { AppError, AppErrorCode } from '@documenso/lib/errors/app-error';
-import { findDocuments } from '@documenso/lib/server-only/admin/get-all-documents';
-import { getEntireDocument } from '@documenso/lib/server-only/admin/get-entire-document';
-import { updateRecipient } from '@documenso/lib/server-only/admin/update-recipient';
-import { updateUser } from '@documenso/lib/server-only/admin/update-user';
-import { sealDocument } from '@documenso/lib/server-only/document/seal-document';
-import { sendDeleteEmail } from '@documenso/lib/server-only/document/send-delete-email';
-import { superDeleteDocument } from '@documenso/lib/server-only/document/super-delete-document';
-import { upsertSiteSetting } from '@documenso/lib/server-only/site-settings/upsert-site-setting';
-import { deleteUser } from '@documenso/lib/server-only/user/delete-user';
-import { disableUser } from '@documenso/lib/server-only/user/disable-user';
-import { enableUser } from '@documenso/lib/server-only/user/enable-user';
-import { getUserById } from '@documenso/lib/server-only/user/get-user-by-id';
-import { isDocumentCompleted } from '@documenso/lib/utils/document';
-
-import { adminProcedure, router } from '../trpc';
+import { router } from '../trpc';
 import { createAdminOrganisationRoute } from './create-admin-organisation';
 import { createStripeCustomerRoute } from './create-stripe-customer';
 import { createSubscriptionClaimRoute } from './create-subscription-claim';
+import { deleteDocumentRoute } from './delete-document';
 import { deleteSubscriptionClaimRoute } from './delete-subscription-claim';
+import { deleteUserRoute } from './delete-user';
+import { disableUserRoute } from './disable-user';
+import { enableUserRoute } from './enable-user';
 import { findAdminOrganisationsRoute } from './find-admin-organisations';
+import { findDocumentsRoute } from './find-documents';
 import { findSubscriptionClaimsRoute } from './find-subscription-claims';
 import { getAdminOrganisationRoute } from './get-admin-organisation';
+import { resealDocumentRoute } from './reseal-document';
 import { resetTwoFactorRoute } from './reset-two-factor-authentication';
-import {
-  ZAdminDeleteDocumentMutationSchema,
-  ZAdminDeleteUserMutationSchema,
-  ZAdminDisableUserMutationSchema,
-  ZAdminEnableUserMutationSchema,
-  ZAdminFindDocumentsQuerySchema,
-  ZAdminResealDocumentMutationSchema,
-  ZAdminUpdateProfileMutationSchema,
-  ZAdminUpdateRecipientMutationSchema,
-  ZAdminUpdateSiteSettingMutationSchema,
-} from './schema';
 import { updateAdminOrganisationRoute } from './update-admin-organisation';
+import { updateRecipientRoute } from './update-recipient';
+import { updateSiteSettingRoute } from './update-site-setting';
 import { updateSubscriptionClaimRoute } from './update-subscription-claim';
+import { updateUserRoute } from './update-user';
 
 export const adminRouter = router({
   organisation: {
@@ -53,156 +36,19 @@ export const adminRouter = router({
     createCustomer: createStripeCustomerRoute,
   },
   user: {
+    update: updateUserRoute,
+    delete: deleteUserRoute,
+    enable: enableUserRoute,
+    disable: disableUserRoute,
     resetTwoFactor: resetTwoFactorRoute,
   },
-
-  // Todo: migrate old routes
-  findDocuments: adminProcedure.input(ZAdminFindDocumentsQuerySchema).query(async ({ input }) => {
-    const { query, page, perPage } = input;
-
-    return await findDocuments({ query, page, perPage });
-  }),
-
-  updateUser: adminProcedure
-    .input(ZAdminUpdateProfileMutationSchema)
-    .mutation(async ({ input, ctx }) => {
-      const { id, name, email, roles } = input;
-
-      ctx.logger.info({
-        input: {
-          id,
-          roles,
-        },
-      });
-
-      return await updateUser({ id, name, email, roles });
-    }),
-
-  updateRecipient: adminProcedure
-    .input(ZAdminUpdateRecipientMutationSchema)
-    .mutation(async ({ input, ctx }) => {
-      const { id, name, email } = input;
-
-      ctx.logger.info({
-        input: {
-          id,
-        },
-      });
-
-      return await updateRecipient({ id, name, email });
-    }),
-
-  updateSiteSetting: adminProcedure
-    .input(ZAdminUpdateSiteSettingMutationSchema)
-    .mutation(async ({ ctx, input }) => {
-      const { id, enabled, data } = input;
-
-      ctx.logger.info({
-        input: {
-          id,
-        },
-      });
-
-      return await upsertSiteSetting({
-        id,
-        enabled,
-        data,
-        userId: ctx.user.id,
-      });
-    }),
-
-  resealDocument: adminProcedure
-    .input(ZAdminResealDocumentMutationSchema)
-    .mutation(async ({ input, ctx }) => {
-      const { id } = input;
-
-      ctx.logger.info({
-        input: {
-          id,
-        },
-      });
-
-      const document = await getEntireDocument({ id });
-
-      const isResealing = isDocumentCompleted(document.status);
-
-      return await sealDocument({ documentId: id, isResealing });
-    }),
-
-  enableUser: adminProcedure
-    .input(ZAdminEnableUserMutationSchema)
-    .mutation(async ({ input, ctx }) => {
-      const { id } = input;
-
-      ctx.logger.info({
-        input: {
-          id,
-        },
-      });
-
-      const user = await getUserById({ id }).catch(() => null);
-
-      if (!user) {
-        throw new AppError(AppErrorCode.NOT_FOUND, {
-          message: 'User not found',
-        });
-      }
-
-      return await enableUser({ id });
-    }),
-
-  disableUser: adminProcedure
-    .input(ZAdminDisableUserMutationSchema)
-    .mutation(async ({ input, ctx }) => {
-      const { id } = input;
-
-      ctx.logger.info({
-        input: {
-          id,
-        },
-      });
-
-      const user = await getUserById({ id }).catch(() => null);
-
-      if (!user) {
-        throw new AppError(AppErrorCode.NOT_FOUND, {
-          message: 'User not found',
-        });
-      }
-
-      return await disableUser({ id });
-    }),
-
-  deleteUser: adminProcedure
-    .input(ZAdminDeleteUserMutationSchema)
-    .mutation(async ({ input, ctx }) => {
-      const { id } = input;
-
-      ctx.logger.info({
-        input: {
-          id,
-        },
-      });
-
-      return await deleteUser({ id });
-    }),
-
-  deleteDocument: adminProcedure
-    .input(ZAdminDeleteDocumentMutationSchema)
-    .mutation(async ({ ctx, input }) => {
-      const { id, reason } = input;
-
-      ctx.logger.info({
-        input: {
-          id,
-        },
-      });
-
-      await sendDeleteEmail({ documentId: id, reason });
-
-      return await superDeleteDocument({
-        id,
-        requestMetadata: ctx.metadata.requestMetadata,
-      });
-    }),
+  document: {
+    find: findDocumentsRoute,
+    delete: deleteDocumentRoute,
+    reseal: resealDocumentRoute,
+  },
+  recipient: {
+    update: updateRecipientRoute,
+  },
+  updateSiteSetting: updateSiteSettingRoute,
 });
diff --git a/packages/trpc/server/admin-router/schema.ts b/packages/trpc/server/admin-router/schema.ts
deleted file mode 100644
index 6fc7f5df5..000000000
--- a/packages/trpc/server/admin-router/schema.ts
+++ /dev/null
@@ -1,67 +0,0 @@
-import { Role } from '@prisma/client';
-import z from 'zod';
-
-import { ZSiteSettingSchema } from '@documenso/lib/server-only/site-settings/schema';
-import { ZFindSearchParamsSchema } from '@documenso/lib/types/search-params';
-
-export const ZAdminFindDocumentsQuerySchema = ZFindSearchParamsSchema.extend({
-  perPage: z.number().optional().default(20),
-});
-
-export type TAdminFindDocumentsQuerySchema = z.infer<typeof ZAdminFindDocumentsQuerySchema>;
-
-export const ZAdminUpdateProfileMutationSchema = z.object({
-  id: z.number().min(1),
-  name: z.string().nullish(),
-  email: z.string().email().optional(),
-  roles: z.array(z.nativeEnum(Role)).optional(),
-});
-
-export type TAdminUpdateProfileMutationSchema = z.infer<typeof ZAdminUpdateProfileMutationSchema>;
-
-export const ZAdminUpdateRecipientMutationSchema = z.object({
-  id: z.number().min(1),
-  name: z.string().optional(),
-  email: z.string().email().optional(),
-});
-
-export type TAdminUpdateRecipientMutationSchema = z.infer<
-  typeof ZAdminUpdateRecipientMutationSchema
->;
-
-export const ZAdminUpdateSiteSettingMutationSchema = ZSiteSettingSchema;
-
-export type TAdminUpdateSiteSettingMutationSchema = z.infer<
-  typeof ZAdminUpdateSiteSettingMutationSchema
->;
-
-export const ZAdminResealDocumentMutationSchema = z.object({
-  id: z.number().min(1),
-});
-
-export type TAdminResealDocumentMutationSchema = z.infer<typeof ZAdminResealDocumentMutationSchema>;
-
-export const ZAdminDeleteUserMutationSchema = z.object({
-  id: z.number().min(1),
-});
-
-export type TAdminDeleteUserMutationSchema = z.infer<typeof ZAdminDeleteUserMutationSchema>;
-
-export const ZAdminEnableUserMutationSchema = z.object({
-  id: z.number().min(1),
-});
-
-export type TAdminEnableUserMutationSchema = z.infer<typeof ZAdminEnableUserMutationSchema>;
-
-export const ZAdminDisableUserMutationSchema = z.object({
-  id: z.number().min(1),
-});
-
-export type TAdminDisableUserMutationSchema = z.infer<typeof ZAdminDisableUserMutationSchema>;
-
-export const ZAdminDeleteDocumentMutationSchema = z.object({
-  id: z.number().min(1),
-  reason: z.string(),
-});
-
-export type TAdminDeleteDocomentMutationSchema = z.infer<typeof ZAdminDeleteDocumentMutationSchema>;
diff --git a/packages/trpc/server/admin-router/update-recipient.ts b/packages/trpc/server/admin-router/update-recipient.ts
new file mode 100644
index 000000000..1fc286af2
--- /dev/null
+++ b/packages/trpc/server/admin-router/update-recipient.ts
@@ -0,0 +1,22 @@
+import { updateRecipient } from '@documenso/lib/server-only/admin/update-recipient';
+
+import { adminProcedure } from '../trpc';
+import {
+  ZUpdateRecipientRequestSchema,
+  ZUpdateRecipientResponseSchema,
+} from './update-recipient.types';
+
+export const updateRecipientRoute = adminProcedure
+  .input(ZUpdateRecipientRequestSchema)
+  .output(ZUpdateRecipientResponseSchema)
+  .mutation(async ({ input, ctx }) => {
+    const { id, name, email } = input;
+
+    ctx.logger.info({
+      input: {
+        id,
+      },
+    });
+
+    await updateRecipient({ id, name, email });
+  });
diff --git a/packages/trpc/server/admin-router/update-recipient.types.ts b/packages/trpc/server/admin-router/update-recipient.types.ts
new file mode 100644
index 000000000..7b9bc4008
--- /dev/null
+++ b/packages/trpc/server/admin-router/update-recipient.types.ts
@@ -0,0 +1,12 @@
+import { z } from 'zod';
+
+export const ZUpdateRecipientRequestSchema = z.object({
+  id: z.number().min(1),
+  name: z.string().optional(),
+  email: z.string().email().optional(),
+});
+
+export const ZUpdateRecipientResponseSchema = z.void();
+
+export type TUpdateRecipientRequest = z.infer<typeof ZUpdateRecipientRequestSchema>;
+export type TUpdateRecipientResponse = z.infer<typeof ZUpdateRecipientResponseSchema>;
diff --git a/packages/trpc/server/admin-router/update-site-setting.ts b/packages/trpc/server/admin-router/update-site-setting.ts
new file mode 100644
index 000000000..1b0ff971a
--- /dev/null
+++ b/packages/trpc/server/admin-router/update-site-setting.ts
@@ -0,0 +1,27 @@
+import { upsertSiteSetting } from '@documenso/lib/server-only/site-settings/upsert-site-setting';
+
+import { adminProcedure } from '../trpc';
+import {
+  ZUpdateSiteSettingRequestSchema,
+  ZUpdateSiteSettingResponseSchema,
+} from './update-site-setting.types';
+
+export const updateSiteSettingRoute = adminProcedure
+  .input(ZUpdateSiteSettingRequestSchema)
+  .output(ZUpdateSiteSettingResponseSchema)
+  .mutation(async ({ ctx, input }) => {
+    const { id, enabled, data } = input;
+
+    ctx.logger.info({
+      input: {
+        id,
+      },
+    });
+
+    await upsertSiteSetting({
+      id,
+      enabled,
+      data,
+      userId: ctx.user.id,
+    });
+  });
diff --git a/packages/trpc/server/admin-router/update-site-setting.types.ts b/packages/trpc/server/admin-router/update-site-setting.types.ts
new file mode 100644
index 000000000..bd8638b3e
--- /dev/null
+++ b/packages/trpc/server/admin-router/update-site-setting.types.ts
@@ -0,0 +1,10 @@
+import { z } from 'zod';
+
+import { ZSiteSettingSchema } from '@documenso/lib/server-only/site-settings/schema';
+
+export const ZUpdateSiteSettingRequestSchema = ZSiteSettingSchema;
+
+export const ZUpdateSiteSettingResponseSchema = z.void();
+
+export type TUpdateSiteSettingRequest = z.infer<typeof ZUpdateSiteSettingRequestSchema>;
+export type TUpdateSiteSettingResponse = z.infer<typeof ZUpdateSiteSettingResponseSchema>;
diff --git a/packages/trpc/server/admin-router/update-user.ts b/packages/trpc/server/admin-router/update-user.ts
new file mode 100644
index 000000000..d04a7f80e
--- /dev/null
+++ b/packages/trpc/server/admin-router/update-user.ts
@@ -0,0 +1,20 @@
+import { updateUser } from '@documenso/lib/server-only/admin/update-user';
+
+import { adminProcedure } from '../trpc';
+import { ZUpdateUserRequestSchema, ZUpdateUserResponseSchema } from './update-user.types';
+
+export const updateUserRoute = adminProcedure
+  .input(ZUpdateUserRequestSchema)
+  .output(ZUpdateUserResponseSchema)
+  .mutation(async ({ input, ctx }) => {
+    const { id, name, email, roles } = input;
+
+    ctx.logger.info({
+      input: {
+        id,
+        roles,
+      },
+    });
+
+    await updateUser({ id, name, email, roles });
+  });
diff --git a/packages/trpc/server/admin-router/update-user.types.ts b/packages/trpc/server/admin-router/update-user.types.ts
new file mode 100644
index 000000000..f4650fca4
--- /dev/null
+++ b/packages/trpc/server/admin-router/update-user.types.ts
@@ -0,0 +1,14 @@
+import { Role } from '@prisma/client';
+import { z } from 'zod';
+
+export const ZUpdateUserRequestSchema = z.object({
+  id: z.number().min(1),
+  name: z.string().nullish(),
+  email: z.string().email().optional(),
+  roles: z.array(z.nativeEnum(Role)).optional(),
+});
+
+export const ZUpdateUserResponseSchema = z.void();
+
+export type TUpdateUserRequest = z.infer<typeof ZUpdateUserRequestSchema>;
+export type TUpdateUserResponse = z.infer<typeof ZUpdateUserResponseSchema>;

From 49fabeb0ec47e1f3dc6c5dc7d2bae3f0ab0b0a5d Mon Sep 17 00:00:00 2001
From: David Nguyen <davidngu28@gmail.com>
Date: Mon, 25 Aug 2025 08:24:32 +1000
Subject: [PATCH 10/17] fix: refactor auth router (#1983)

---
 .../dialogs/passkey-create-dialog.tsx         |   4 +-
 apps/remix/app/components/forms/signin.tsx    |   2 +-
 .../document-signing-auth-passkey.tsx         |   2 +-
 .../document-signing-auth-provider.tsx        |   2 +-
 ...ettings-security-passkey-table-actions.tsx |   4 +-
 .../settings-security-passkey-table.tsx       |   2 +-
 .../create-passkey-authentication-options.ts  |  17 +++
 ...te-passkey-authentication-options.types.ts |  19 +++
 .../create-passkey-registration-options.ts    |  16 +++
 ...eate-passkey-registration-options.types.ts |  12 ++
 .../create-passkey-signin-options.ts          |  24 ++++
 .../create-passkey-signin-options.types.ts    |  15 +++
 .../trpc/server/auth-router/create-passkey.ts |  21 +++
 .../auth-router/create-passkey.types.ts       |  13 ++
 .../trpc/server/auth-router/delete-passkey.ts |  23 ++++
 .../auth-router/delete-passkey.types.ts       |  10 ++
 .../trpc/server/auth-router/find-passkeys.ts  |  18 +++
 .../server/auth-router/find-passkeys.types.ts |  33 +++++
 packages/trpc/server/auth-router/router.ts    | 125 +++---------------
 packages/trpc/server/auth-router/schema.ts    |  50 -------
 .../trpc/server/auth-router/update-passkey.ts |  24 ++++
 .../auth-router/update-passkey.types.ts       |  11 ++
 22 files changed, 280 insertions(+), 167 deletions(-)
 create mode 100644 packages/trpc/server/auth-router/create-passkey-authentication-options.ts
 create mode 100644 packages/trpc/server/auth-router/create-passkey-authentication-options.types.ts
 create mode 100644 packages/trpc/server/auth-router/create-passkey-registration-options.ts
 create mode 100644 packages/trpc/server/auth-router/create-passkey-registration-options.types.ts
 create mode 100644 packages/trpc/server/auth-router/create-passkey-signin-options.ts
 create mode 100644 packages/trpc/server/auth-router/create-passkey-signin-options.types.ts
 create mode 100644 packages/trpc/server/auth-router/create-passkey.ts
 create mode 100644 packages/trpc/server/auth-router/create-passkey.types.ts
 create mode 100644 packages/trpc/server/auth-router/delete-passkey.ts
 create mode 100644 packages/trpc/server/auth-router/delete-passkey.types.ts
 create mode 100644 packages/trpc/server/auth-router/find-passkeys.ts
 create mode 100644 packages/trpc/server/auth-router/find-passkeys.types.ts
 create mode 100644 packages/trpc/server/auth-router/update-passkey.ts
 create mode 100644 packages/trpc/server/auth-router/update-passkey.types.ts

diff --git a/apps/remix/app/components/dialogs/passkey-create-dialog.tsx b/apps/remix/app/components/dialogs/passkey-create-dialog.tsx
index 6a21895d3..8bfcbe3e5 100644
--- a/apps/remix/app/components/dialogs/passkey-create-dialog.tsx
+++ b/apps/remix/app/components/dialogs/passkey-create-dialog.tsx
@@ -65,9 +65,9 @@ export const PasskeyCreateDialog = ({ trigger, onSuccess, ...props }: PasskeyCre
   });
 
   const { mutateAsync: createPasskeyRegistrationOptions, isPending } =
-    trpc.auth.createPasskeyRegistrationOptions.useMutation();
+    trpc.auth.passkey.createRegistrationOptions.useMutation();
 
-  const { mutateAsync: createPasskey } = trpc.auth.createPasskey.useMutation();
+  const { mutateAsync: createPasskey } = trpc.auth.passkey.create.useMutation();
 
   const onFormSubmit = async ({ passkeyName }: TCreatePasskeyFormSchema) => {
     setFormError(null);
diff --git a/apps/remix/app/components/forms/signin.tsx b/apps/remix/app/components/forms/signin.tsx
index 2d7f9dffe..a9b7000ea 100644
--- a/apps/remix/app/components/forms/signin.tsx
+++ b/apps/remix/app/components/forms/signin.tsx
@@ -114,7 +114,7 @@ export const SignInForm = ({
   }, [returnTo]);
 
   const { mutateAsync: createPasskeySigninOptions } =
-    trpc.auth.createPasskeySigninOptions.useMutation();
+    trpc.auth.passkey.createSigninOptions.useMutation();
 
   const form = useForm<TSignInFormSchema>({
     values: {
diff --git a/apps/remix/app/components/general/document-signing/document-signing-auth-passkey.tsx b/apps/remix/app/components/general/document-signing/document-signing-auth-passkey.tsx
index 22e641713..930738c74 100644
--- a/apps/remix/app/components/general/document-signing/document-signing-auth-passkey.tsx
+++ b/apps/remix/app/components/general/document-signing/document-signing-auth-passkey.tsx
@@ -77,7 +77,7 @@ export const DocumentSigningAuthPasskey = ({
   });
 
   const { mutateAsync: createPasskeyAuthenticationOptions } =
-    trpc.auth.createPasskeyAuthenticationOptions.useMutation();
+    trpc.auth.passkey.createAuthenticationOptions.useMutation();
 
   const [formErrorCode, setFormErrorCode] = useState<string | null>(null);
 
diff --git a/apps/remix/app/components/general/document-signing/document-signing-auth-provider.tsx b/apps/remix/app/components/general/document-signing/document-signing-auth-provider.tsx
index 42e5ffd5b..c3b1be53e 100644
--- a/apps/remix/app/components/general/document-signing/document-signing-auth-provider.tsx
+++ b/apps/remix/app/components/general/document-signing/document-signing-auth-provider.tsx
@@ -93,7 +93,7 @@ export const DocumentSigningAuthProvider = ({
     [documentAuthOptions, recipient],
   );
 
-  const passkeyQuery = trpc.auth.findPasskeys.useQuery(
+  const passkeyQuery = trpc.auth.passkey.find.useQuery(
     {
       perPage: MAXIMUM_PASSKEYS,
     },
diff --git a/apps/remix/app/components/tables/settings-security-passkey-table-actions.tsx b/apps/remix/app/components/tables/settings-security-passkey-table-actions.tsx
index e86800149..835bebf55 100644
--- a/apps/remix/app/components/tables/settings-security-passkey-table-actions.tsx
+++ b/apps/remix/app/components/tables/settings-security-passkey-table-actions.tsx
@@ -62,7 +62,7 @@ export const SettingsSecurityPasskeyTableActions = ({
   });
 
   const { mutateAsync: updatePasskey, isPending: isUpdatingPasskey } =
-    trpc.auth.updatePasskey.useMutation({
+    trpc.auth.passkey.update.useMutation({
       onSuccess: () => {
         toast({
           title: _(msg`Success`),
@@ -84,7 +84,7 @@ export const SettingsSecurityPasskeyTableActions = ({
     });
 
   const { mutateAsync: deletePasskey, isPending: isDeletingPasskey } =
-    trpc.auth.deletePasskey.useMutation({
+    trpc.auth.passkey.delete.useMutation({
       onSuccess: () => {
         toast({
           title: _(msg`Success`),
diff --git a/apps/remix/app/components/tables/settings-security-passkey-table.tsx b/apps/remix/app/components/tables/settings-security-passkey-table.tsx
index 3d202900a..b2fe09621 100644
--- a/apps/remix/app/components/tables/settings-security-passkey-table.tsx
+++ b/apps/remix/app/components/tables/settings-security-passkey-table.tsx
@@ -26,7 +26,7 @@ export const SettingsSecurityPasskeyTable = () => {
 
   const parsedSearchParams = ZUrlSearchParamsSchema.parse(Object.fromEntries(searchParams ?? []));
 
-  const { data, isLoading, isLoadingError } = trpc.auth.findPasskeys.useQuery(
+  const { data, isLoading, isLoadingError } = trpc.auth.passkey.find.useQuery(
     {
       page: parsedSearchParams.page,
       perPage: parsedSearchParams.perPage,
diff --git a/packages/trpc/server/auth-router/create-passkey-authentication-options.ts b/packages/trpc/server/auth-router/create-passkey-authentication-options.ts
new file mode 100644
index 000000000..6b507f7ca
--- /dev/null
+++ b/packages/trpc/server/auth-router/create-passkey-authentication-options.ts
@@ -0,0 +1,17 @@
+import { createPasskeyAuthenticationOptions } from '@documenso/lib/server-only/auth/create-passkey-authentication-options';
+
+import { authenticatedProcedure } from '../trpc';
+import {
+  ZCreatePasskeyAuthenticationOptionsRequestSchema,
+  ZCreatePasskeyAuthenticationOptionsResponseSchema,
+} from './create-passkey-authentication-options.types';
+
+export const createPasskeyAuthenticationOptionsRoute = authenticatedProcedure
+  .input(ZCreatePasskeyAuthenticationOptionsRequestSchema)
+  .output(ZCreatePasskeyAuthenticationOptionsResponseSchema)
+  .mutation(async ({ ctx, input }) => {
+    return await createPasskeyAuthenticationOptions({
+      userId: ctx.user.id,
+      preferredPasskeyId: input?.preferredPasskeyId,
+    });
+  });
diff --git a/packages/trpc/server/auth-router/create-passkey-authentication-options.types.ts b/packages/trpc/server/auth-router/create-passkey-authentication-options.types.ts
new file mode 100644
index 000000000..a9ae6ad12
--- /dev/null
+++ b/packages/trpc/server/auth-router/create-passkey-authentication-options.types.ts
@@ -0,0 +1,19 @@
+import { z } from 'zod';
+
+export const ZCreatePasskeyAuthenticationOptionsRequestSchema = z
+  .object({
+    preferredPasskeyId: z.string().optional(),
+  })
+  .optional();
+
+export const ZCreatePasskeyAuthenticationOptionsResponseSchema = z.object({
+  tokenReference: z.string(),
+  options: z.any(), // PublicKeyCredentialRequestOptions type
+});
+
+export type TCreatePasskeyAuthenticationOptionsRequest = z.infer<
+  typeof ZCreatePasskeyAuthenticationOptionsRequestSchema
+>;
+export type TCreatePasskeyAuthenticationOptionsResponse = z.infer<
+  typeof ZCreatePasskeyAuthenticationOptionsResponseSchema
+>;
diff --git a/packages/trpc/server/auth-router/create-passkey-registration-options.ts b/packages/trpc/server/auth-router/create-passkey-registration-options.ts
new file mode 100644
index 000000000..969da6d98
--- /dev/null
+++ b/packages/trpc/server/auth-router/create-passkey-registration-options.ts
@@ -0,0 +1,16 @@
+import { createPasskeyRegistrationOptions } from '@documenso/lib/server-only/auth/create-passkey-registration-options';
+
+import { authenticatedProcedure } from '../trpc';
+import {
+  ZCreatePasskeyRegistrationOptionsRequestSchema,
+  ZCreatePasskeyRegistrationOptionsResponseSchema,
+} from './create-passkey-registration-options.types';
+
+export const createPasskeyRegistrationOptionsRoute = authenticatedProcedure
+  .input(ZCreatePasskeyRegistrationOptionsRequestSchema)
+  .output(ZCreatePasskeyRegistrationOptionsResponseSchema)
+  .mutation(async ({ ctx }) => {
+    return await createPasskeyRegistrationOptions({
+      userId: ctx.user.id,
+    });
+  });
diff --git a/packages/trpc/server/auth-router/create-passkey-registration-options.types.ts b/packages/trpc/server/auth-router/create-passkey-registration-options.types.ts
new file mode 100644
index 000000000..317201d3c
--- /dev/null
+++ b/packages/trpc/server/auth-router/create-passkey-registration-options.types.ts
@@ -0,0 +1,12 @@
+import { z } from 'zod';
+
+export const ZCreatePasskeyRegistrationOptionsRequestSchema = z.void();
+
+export const ZCreatePasskeyRegistrationOptionsResponseSchema = z.any(); // PublicKeyCredentialCreationOptions type
+
+export type TCreatePasskeyRegistrationOptionsRequest = z.infer<
+  typeof ZCreatePasskeyRegistrationOptionsRequestSchema
+>;
+export type TCreatePasskeyRegistrationOptionsResponse = z.infer<
+  typeof ZCreatePasskeyRegistrationOptionsResponseSchema
+>;
diff --git a/packages/trpc/server/auth-router/create-passkey-signin-options.ts b/packages/trpc/server/auth-router/create-passkey-signin-options.ts
new file mode 100644
index 000000000..924db1821
--- /dev/null
+++ b/packages/trpc/server/auth-router/create-passkey-signin-options.ts
@@ -0,0 +1,24 @@
+import { createPasskeySigninOptions } from '@documenso/lib/server-only/auth/create-passkey-signin-options';
+import { nanoid } from '@documenso/lib/universal/id';
+
+import { procedure } from '../trpc';
+import {
+  ZCreatePasskeySigninOptionsRequestSchema,
+  ZCreatePasskeySigninOptionsResponseSchema,
+} from './create-passkey-signin-options.types';
+
+export const createPasskeySigninOptionsRoute = procedure
+  .input(ZCreatePasskeySigninOptionsRequestSchema)
+  .output(ZCreatePasskeySigninOptionsResponseSchema)
+  .mutation(async () => {
+    const sessionIdToken = nanoid(16);
+
+    const [sessionId] = decodeURI(sessionIdToken).split('|');
+
+    const options = await createPasskeySigninOptions({ sessionId });
+
+    return {
+      options,
+      sessionId,
+    };
+  });
diff --git a/packages/trpc/server/auth-router/create-passkey-signin-options.types.ts b/packages/trpc/server/auth-router/create-passkey-signin-options.types.ts
new file mode 100644
index 000000000..38585372a
--- /dev/null
+++ b/packages/trpc/server/auth-router/create-passkey-signin-options.types.ts
@@ -0,0 +1,15 @@
+import { z } from 'zod';
+
+export const ZCreatePasskeySigninOptionsRequestSchema = z.void();
+
+export const ZCreatePasskeySigninOptionsResponseSchema = z.object({
+  options: z.any(), // PublicKeyCredentialRequestOptions type
+  sessionId: z.string(),
+});
+
+export type TCreatePasskeySigninOptionsRequest = z.infer<
+  typeof ZCreatePasskeySigninOptionsRequestSchema
+>;
+export type TCreatePasskeySigninOptionsResponse = z.infer<
+  typeof ZCreatePasskeySigninOptionsResponseSchema
+>;
diff --git a/packages/trpc/server/auth-router/create-passkey.ts b/packages/trpc/server/auth-router/create-passkey.ts
new file mode 100644
index 000000000..42b97b45b
--- /dev/null
+++ b/packages/trpc/server/auth-router/create-passkey.ts
@@ -0,0 +1,21 @@
+import type { RegistrationResponseJSON } from '@simplewebauthn/types';
+
+import { createPasskey } from '@documenso/lib/server-only/auth/create-passkey';
+
+import { authenticatedProcedure } from '../trpc';
+import { ZCreatePasskeyRequestSchema, ZCreatePasskeyResponseSchema } from './create-passkey.types';
+
+export const createPasskeyRoute = authenticatedProcedure
+  .input(ZCreatePasskeyRequestSchema)
+  .output(ZCreatePasskeyResponseSchema)
+  .mutation(async ({ ctx, input }) => {
+    // eslint-disable-next-line @typescript-eslint/consistent-type-assertions
+    const verificationResponse = input.verificationResponse as RegistrationResponseJSON;
+
+    return await createPasskey({
+      userId: ctx.user.id,
+      verificationResponse,
+      passkeyName: input.passkeyName,
+      requestMetadata: ctx.metadata.requestMetadata,
+    });
+  });
diff --git a/packages/trpc/server/auth-router/create-passkey.types.ts b/packages/trpc/server/auth-router/create-passkey.types.ts
new file mode 100644
index 000000000..06abf1793
--- /dev/null
+++ b/packages/trpc/server/auth-router/create-passkey.types.ts
@@ -0,0 +1,13 @@
+import { z } from 'zod';
+
+import { ZRegistrationResponseJSONSchema } from '@documenso/lib/types/webauthn';
+
+export const ZCreatePasskeyRequestSchema = z.object({
+  passkeyName: z.string().trim().min(1),
+  verificationResponse: ZRegistrationResponseJSONSchema,
+});
+
+export const ZCreatePasskeyResponseSchema = z.void();
+
+export type TCreatePasskeyRequest = z.infer<typeof ZCreatePasskeyRequestSchema>;
+export type TCreatePasskeyResponse = z.infer<typeof ZCreatePasskeyResponseSchema>;
diff --git a/packages/trpc/server/auth-router/delete-passkey.ts b/packages/trpc/server/auth-router/delete-passkey.ts
new file mode 100644
index 000000000..af1cdc6b7
--- /dev/null
+++ b/packages/trpc/server/auth-router/delete-passkey.ts
@@ -0,0 +1,23 @@
+import { deletePasskey } from '@documenso/lib/server-only/auth/delete-passkey';
+
+import { authenticatedProcedure } from '../trpc';
+import { ZDeletePasskeyRequestSchema, ZDeletePasskeyResponseSchema } from './delete-passkey.types';
+
+export const deletePasskeyRoute = authenticatedProcedure
+  .input(ZDeletePasskeyRequestSchema)
+  .output(ZDeletePasskeyResponseSchema)
+  .mutation(async ({ ctx, input }) => {
+    const { passkeyId } = input;
+
+    ctx.logger.info({
+      input: {
+        passkeyId,
+      },
+    });
+
+    await deletePasskey({
+      userId: ctx.user.id,
+      passkeyId,
+      requestMetadata: ctx.metadata.requestMetadata,
+    });
+  });
diff --git a/packages/trpc/server/auth-router/delete-passkey.types.ts b/packages/trpc/server/auth-router/delete-passkey.types.ts
new file mode 100644
index 000000000..7cfc4eacf
--- /dev/null
+++ b/packages/trpc/server/auth-router/delete-passkey.types.ts
@@ -0,0 +1,10 @@
+import { z } from 'zod';
+
+export const ZDeletePasskeyRequestSchema = z.object({
+  passkeyId: z.string().trim().min(1),
+});
+
+export const ZDeletePasskeyResponseSchema = z.void();
+
+export type TDeletePasskeyRequest = z.infer<typeof ZDeletePasskeyRequestSchema>;
+export type TDeletePasskeyResponse = z.infer<typeof ZDeletePasskeyResponseSchema>;
diff --git a/packages/trpc/server/auth-router/find-passkeys.ts b/packages/trpc/server/auth-router/find-passkeys.ts
new file mode 100644
index 000000000..ff7e5be79
--- /dev/null
+++ b/packages/trpc/server/auth-router/find-passkeys.ts
@@ -0,0 +1,18 @@
+import { findPasskeys } from '@documenso/lib/server-only/auth/find-passkeys';
+
+import { authenticatedProcedure } from '../trpc';
+import { ZFindPasskeysRequestSchema, ZFindPasskeysResponseSchema } from './find-passkeys.types';
+
+export const findPasskeysRoute = authenticatedProcedure
+  .input(ZFindPasskeysRequestSchema)
+  .output(ZFindPasskeysResponseSchema)
+  .query(async ({ input, ctx }) => {
+    const { page, perPage, orderBy } = input;
+
+    return await findPasskeys({
+      page,
+      perPage,
+      orderBy,
+      userId: ctx.user.id,
+    });
+  });
diff --git a/packages/trpc/server/auth-router/find-passkeys.types.ts b/packages/trpc/server/auth-router/find-passkeys.types.ts
new file mode 100644
index 000000000..1982f430e
--- /dev/null
+++ b/packages/trpc/server/auth-router/find-passkeys.types.ts
@@ -0,0 +1,33 @@
+import { z } from 'zod';
+
+import { ZFindResultResponse, ZFindSearchParamsSchema } from '@documenso/lib/types/search-params';
+import PasskeySchema from '@documenso/prisma/generated/zod/modelSchema/PasskeySchema';
+
+export const ZFindPasskeysRequestSchema = ZFindSearchParamsSchema.extend({
+  orderBy: z
+    .object({
+      column: z.enum(['createdAt', 'updatedAt', 'name']),
+      direction: z.enum(['asc', 'desc']),
+    })
+    .optional(),
+});
+
+export const ZFindPasskeysResponseSchema = ZFindResultResponse.extend({
+  data: z.array(
+    PasskeySchema.pick({
+      id: true,
+      userId: true,
+      name: true,
+      createdAt: true,
+      updatedAt: true,
+      lastUsedAt: true,
+      counter: true,
+      credentialDeviceType: true,
+      credentialBackedUp: true,
+      transports: true,
+    }),
+  ),
+});
+
+export type TFindPasskeysRequest = z.infer<typeof ZFindPasskeysRequestSchema>;
+export type TFindPasskeysResponse = z.infer<typeof ZFindPasskeysResponseSchema>;
diff --git a/packages/trpc/server/auth-router/router.ts b/packages/trpc/server/auth-router/router.ts
index 2eb54d1e6..5fc4b2c99 100644
--- a/packages/trpc/server/auth-router/router.ts
+++ b/packages/trpc/server/auth-router/router.ts
@@ -1,113 +1,20 @@
-import type { RegistrationResponseJSON } from '@simplewebauthn/types';
-
-import { createPasskey } from '@documenso/lib/server-only/auth/create-passkey';
-import { createPasskeyAuthenticationOptions } from '@documenso/lib/server-only/auth/create-passkey-authentication-options';
-import { createPasskeyRegistrationOptions } from '@documenso/lib/server-only/auth/create-passkey-registration-options';
-import { createPasskeySigninOptions } from '@documenso/lib/server-only/auth/create-passkey-signin-options';
-import { deletePasskey } from '@documenso/lib/server-only/auth/delete-passkey';
-import { findPasskeys } from '@documenso/lib/server-only/auth/find-passkeys';
-import { updatePasskey } from '@documenso/lib/server-only/auth/update-passkey';
-import { nanoid } from '@documenso/lib/universal/id';
-
-import { authenticatedProcedure, procedure, router } from '../trpc';
-import {
-  ZCreatePasskeyAuthenticationOptionsMutationSchema,
-  ZCreatePasskeyMutationSchema,
-  ZDeletePasskeyMutationSchema,
-  ZFindPasskeysQuerySchema,
-  ZUpdatePasskeyMutationSchema,
-} from './schema';
+import { router } from '../trpc';
+import { createPasskeyRoute } from './create-passkey';
+import { createPasskeyAuthenticationOptionsRoute } from './create-passkey-authentication-options';
+import { createPasskeyRegistrationOptionsRoute } from './create-passkey-registration-options';
+import { createPasskeySigninOptionsRoute } from './create-passkey-signin-options';
+import { deletePasskeyRoute } from './delete-passkey';
+import { findPasskeysRoute } from './find-passkeys';
+import { updatePasskeyRoute } from './update-passkey';
 
 export const authRouter = router({
-  createPasskey: authenticatedProcedure
-    .input(ZCreatePasskeyMutationSchema)
-    .mutation(async ({ ctx, input }) => {
-      // eslint-disable-next-line @typescript-eslint/consistent-type-assertions
-      const verificationResponse = input.verificationResponse as RegistrationResponseJSON;
-
-      return await createPasskey({
-        userId: ctx.user.id,
-        verificationResponse,
-        passkeyName: input.passkeyName,
-        requestMetadata: ctx.metadata.requestMetadata,
-      });
-    }),
-
-  createPasskeyAuthenticationOptions: authenticatedProcedure
-    .input(ZCreatePasskeyAuthenticationOptionsMutationSchema)
-    .mutation(async ({ ctx, input }) => {
-      return await createPasskeyAuthenticationOptions({
-        userId: ctx.user.id,
-        preferredPasskeyId: input?.preferredPasskeyId,
-      });
-    }),
-
-  createPasskeyRegistrationOptions: authenticatedProcedure.mutation(async ({ ctx }) => {
-    return await createPasskeyRegistrationOptions({
-      userId: ctx.user.id,
-    });
+  passkey: router({
+    create: createPasskeyRoute,
+    createAuthenticationOptions: createPasskeyAuthenticationOptionsRoute,
+    createRegistrationOptions: createPasskeyRegistrationOptionsRoute,
+    createSigninOptions: createPasskeySigninOptionsRoute,
+    delete: deletePasskeyRoute,
+    find: findPasskeysRoute,
+    update: updatePasskeyRoute,
   }),
-
-  createPasskeySigninOptions: procedure.mutation(async () => {
-    const sessionIdToken = nanoid(16);
-
-    const [sessionId] = decodeURI(sessionIdToken).split('|');
-
-    const options = await createPasskeySigninOptions({ sessionId });
-
-    return {
-      options,
-      sessionId,
-    };
-  }),
-
-  deletePasskey: authenticatedProcedure
-    .input(ZDeletePasskeyMutationSchema)
-    .mutation(async ({ ctx, input }) => {
-      const { passkeyId } = input;
-
-      ctx.logger.info({
-        input: {
-          passkeyId,
-        },
-      });
-
-      await deletePasskey({
-        userId: ctx.user.id,
-        passkeyId,
-        requestMetadata: ctx.metadata.requestMetadata,
-      });
-    }),
-
-  findPasskeys: authenticatedProcedure
-    .input(ZFindPasskeysQuerySchema)
-    .query(async ({ input, ctx }) => {
-      const { page, perPage, orderBy } = input;
-
-      return await findPasskeys({
-        page,
-        perPage,
-        orderBy,
-        userId: ctx.user.id,
-      });
-    }),
-
-  updatePasskey: authenticatedProcedure
-    .input(ZUpdatePasskeyMutationSchema)
-    .mutation(async ({ ctx, input }) => {
-      const { passkeyId, name } = input;
-
-      ctx.logger.info({
-        input: {
-          passkeyId,
-        },
-      });
-
-      await updatePasskey({
-        userId: ctx.user.id,
-        passkeyId,
-        name,
-        requestMetadata: ctx.metadata.requestMetadata,
-      });
-    }),
 });
diff --git a/packages/trpc/server/auth-router/schema.ts b/packages/trpc/server/auth-router/schema.ts
index 55ea2167d..91c8d5d4e 100644
--- a/packages/trpc/server/auth-router/schema.ts
+++ b/packages/trpc/server/auth-router/schema.ts
@@ -1,8 +1,5 @@
 import { z } from 'zod';
 
-import { ZFindSearchParamsSchema } from '@documenso/lib/types/search-params';
-import { ZRegistrationResponseJSONSchema } from '@documenso/lib/types/webauthn';
-
 export const ZCurrentPasswordSchema = z
   .string()
   .min(6, { message: 'Must be at least 6 characters in length' })
@@ -24,50 +21,3 @@ export const ZPasswordSchema = z
   .refine((value) => value.length > 25 || /[`~<>?,./!@#$%^&*()\-_"'+=|{}[\];:\\]/.test(value), {
     message: 'One special character is required',
   });
-
-export const ZSignUpMutationSchema = z.object({
-  name: z.string().min(1),
-  email: z.string().email(),
-  password: ZPasswordSchema,
-  signature: z.string().nullish(),
-  url: z
-    .string()
-    .trim()
-    .toLowerCase()
-    .min(1)
-    .regex(/^[a-z0-9-]+$/, {
-      message: 'Username can only container alphanumeric characters and dashes.',
-    })
-    .optional(),
-});
-
-export const ZCreatePasskeyMutationSchema = z.object({
-  passkeyName: z.string().trim().min(1),
-  verificationResponse: ZRegistrationResponseJSONSchema,
-});
-
-export const ZCreatePasskeyAuthenticationOptionsMutationSchema = z
-  .object({
-    preferredPasskeyId: z.string().optional(),
-  })
-  .optional();
-
-export const ZDeletePasskeyMutationSchema = z.object({
-  passkeyId: z.string().trim().min(1),
-});
-
-export const ZUpdatePasskeyMutationSchema = z.object({
-  passkeyId: z.string().trim().min(1),
-  name: z.string().trim().min(1),
-});
-
-export const ZFindPasskeysQuerySchema = ZFindSearchParamsSchema.extend({
-  orderBy: z
-    .object({
-      column: z.enum(['createdAt', 'updatedAt', 'name']),
-      direction: z.enum(['asc', 'desc']),
-    })
-    .optional(),
-});
-
-export type TSignUpMutationSchema = z.infer<typeof ZSignUpMutationSchema>;
diff --git a/packages/trpc/server/auth-router/update-passkey.ts b/packages/trpc/server/auth-router/update-passkey.ts
new file mode 100644
index 000000000..eeec06653
--- /dev/null
+++ b/packages/trpc/server/auth-router/update-passkey.ts
@@ -0,0 +1,24 @@
+import { updatePasskey } from '@documenso/lib/server-only/auth/update-passkey';
+
+import { authenticatedProcedure } from '../trpc';
+import { ZUpdatePasskeyRequestSchema, ZUpdatePasskeyResponseSchema } from './update-passkey.types';
+
+export const updatePasskeyRoute = authenticatedProcedure
+  .input(ZUpdatePasskeyRequestSchema)
+  .output(ZUpdatePasskeyResponseSchema)
+  .mutation(async ({ ctx, input }) => {
+    const { passkeyId, name } = input;
+
+    ctx.logger.info({
+      input: {
+        passkeyId,
+      },
+    });
+
+    await updatePasskey({
+      userId: ctx.user.id,
+      passkeyId,
+      name,
+      requestMetadata: ctx.metadata.requestMetadata,
+    });
+  });
diff --git a/packages/trpc/server/auth-router/update-passkey.types.ts b/packages/trpc/server/auth-router/update-passkey.types.ts
new file mode 100644
index 000000000..e898234da
--- /dev/null
+++ b/packages/trpc/server/auth-router/update-passkey.types.ts
@@ -0,0 +1,11 @@
+import { z } from 'zod';
+
+export const ZUpdatePasskeyRequestSchema = z.object({
+  passkeyId: z.string().trim().min(1),
+  name: z.string().trim().min(1),
+});
+
+export const ZUpdatePasskeyResponseSchema = z.void();
+
+export type TUpdatePasskeyRequest = z.infer<typeof ZUpdatePasskeyRequestSchema>;
+export type TUpdatePasskeyResponse = z.infer<typeof ZUpdatePasskeyResponseSchema>;

From b8d07fd1a640de56010ed9f0afd59a8f473f4929 Mon Sep 17 00:00:00 2001
From: David Nguyen <davidngu28@gmail.com>
Date: Mon, 25 Aug 2025 08:25:01 +1000
Subject: [PATCH 11/17] fix: refactor token router (#1981)

---
 .../dialogs/token-delete-dialog.tsx           |  2 +-
 apps/remix/app/components/forms/token.tsx     |  6 +--
 .../t.$teamUrl+/settings.tokens.tsx           |  2 +-
 .../public-api/delete-api-token-by-id.ts      |  2 +-
 .../api-token-router/create-api-token.ts      | 27 ++++++++++
 .../create-api-token.types.ts                 | 12 +++++
 .../api-token-router/delete-api-token.ts      | 27 ++++++++++
 .../delete-api-token.types.ts                 |  8 +++
 .../server/api-token-router/get-api-tokens.ts | 19 +++++++
 .../api-token-router/get-api-tokens.types.ts  | 16 ++++++
 .../trpc/server/api-token-router/router.ts    | 54 +++----------------
 .../trpc/server/api-token-router/schema.ts    | 16 ------
 12 files changed, 122 insertions(+), 69 deletions(-)
 create mode 100644 packages/trpc/server/api-token-router/create-api-token.ts
 create mode 100644 packages/trpc/server/api-token-router/create-api-token.types.ts
 create mode 100644 packages/trpc/server/api-token-router/delete-api-token.ts
 create mode 100644 packages/trpc/server/api-token-router/delete-api-token.types.ts
 create mode 100644 packages/trpc/server/api-token-router/get-api-tokens.ts
 create mode 100644 packages/trpc/server/api-token-router/get-api-tokens.types.ts
 delete mode 100644 packages/trpc/server/api-token-router/schema.ts

diff --git a/apps/remix/app/components/dialogs/token-delete-dialog.tsx b/apps/remix/app/components/dialogs/token-delete-dialog.tsx
index aa557132b..bd20c2377 100644
--- a/apps/remix/app/components/dialogs/token-delete-dialog.tsx
+++ b/apps/remix/app/components/dialogs/token-delete-dialog.tsx
@@ -56,7 +56,7 @@ export default function TokenDeleteDialog({ token, onDelete, children }: TokenDe
 
   type TDeleteTokenByIdMutationSchema = z.infer<typeof ZTokenDeleteDialogSchema>;
 
-  const { mutateAsync: deleteTokenMutation } = trpc.apiToken.deleteTokenById.useMutation({
+  const { mutateAsync: deleteTokenMutation } = trpc.apiToken.delete.useMutation({
     onSuccess() {
       onDelete?.();
     },
diff --git a/apps/remix/app/components/forms/token.tsx b/apps/remix/app/components/forms/token.tsx
index 13b7da0b1..1b8e4f3e3 100644
--- a/apps/remix/app/components/forms/token.tsx
+++ b/apps/remix/app/components/forms/token.tsx
@@ -13,7 +13,7 @@ import type { z } from 'zod';
 import { useCopyToClipboard } from '@documenso/lib/client-only/hooks/use-copy-to-clipboard';
 import { AppError, AppErrorCode } from '@documenso/lib/errors/app-error';
 import { trpc } from '@documenso/trpc/react';
-import { ZCreateTokenMutationSchema } from '@documenso/trpc/server/api-token-router/schema';
+import { ZCreateApiTokenRequestSchema } from '@documenso/trpc/server/api-token-router/create-api-token.types';
 import { cn } from '@documenso/ui/lib/utils';
 import { Button } from '@documenso/ui/primitives/button';
 import { Card, CardContent } from '@documenso/ui/primitives/card';
@@ -47,7 +47,7 @@ export const EXPIRATION_DATES = {
   ONE_YEAR: msg`12 months`,
 } as const;
 
-const ZCreateTokenFormSchema = ZCreateTokenMutationSchema.pick({
+const ZCreateTokenFormSchema = ZCreateApiTokenRequestSchema.pick({
   tokenName: true,
   expirationDate: true,
 });
@@ -75,7 +75,7 @@ export const ApiTokenForm = ({ className, tokens }: ApiTokenFormProps) => {
   const [newlyCreatedToken, setNewlyCreatedToken] = useState<NewlyCreatedToken | null>();
   const [noExpirationDate, setNoExpirationDate] = useState(false);
 
-  const { mutateAsync: createTokenMutation } = trpc.apiToken.createToken.useMutation({
+  const { mutateAsync: createTokenMutation } = trpc.apiToken.create.useMutation({
     onSuccess(data) {
       setNewlyCreatedToken(data);
     },
diff --git a/apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.tokens.tsx b/apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.tokens.tsx
index 1d5f86bd5..584a71197 100644
--- a/apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.tokens.tsx
+++ b/apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.tokens.tsx
@@ -21,7 +21,7 @@ export function meta() {
 export default function ApiTokensPage() {
   const { i18n } = useLingui();
 
-  const { data: tokens } = trpc.apiToken.getTokens.useQuery();
+  const { data: tokens } = trpc.apiToken.getMany.useQuery();
 
   const team = useOptionalCurrentTeam();
 
diff --git a/packages/lib/server-only/public-api/delete-api-token-by-id.ts b/packages/lib/server-only/public-api/delete-api-token-by-id.ts
index 751b08c4f..b7723dfd7 100644
--- a/packages/lib/server-only/public-api/delete-api-token-by-id.ts
+++ b/packages/lib/server-only/public-api/delete-api-token-by-id.ts
@@ -25,7 +25,7 @@ export const deleteTokenById = async ({ id, userId, teamId }: DeleteTokenByIdOpt
     });
   }
 
-  return await prisma.apiToken.delete({
+  await prisma.apiToken.delete({
     where: {
       id,
       teamId,
diff --git a/packages/trpc/server/api-token-router/create-api-token.ts b/packages/trpc/server/api-token-router/create-api-token.ts
new file mode 100644
index 000000000..6b8e665f8
--- /dev/null
+++ b/packages/trpc/server/api-token-router/create-api-token.ts
@@ -0,0 +1,27 @@
+import { createApiToken } from '@documenso/lib/server-only/public-api/create-api-token';
+
+import { authenticatedProcedure } from '../trpc';
+import {
+  ZCreateApiTokenRequestSchema,
+  ZCreateApiTokenResponseSchema,
+} from './create-api-token.types';
+
+export const createApiTokenRoute = authenticatedProcedure
+  .input(ZCreateApiTokenRequestSchema)
+  .output(ZCreateApiTokenResponseSchema)
+  .mutation(async ({ input, ctx }) => {
+    const { tokenName, teamId, expirationDate } = input;
+
+    ctx.logger.info({
+      input: {
+        teamId,
+      },
+    });
+
+    return await createApiToken({
+      userId: ctx.user.id,
+      teamId,
+      tokenName,
+      expiresIn: expirationDate,
+    });
+  });
diff --git a/packages/trpc/server/api-token-router/create-api-token.types.ts b/packages/trpc/server/api-token-router/create-api-token.types.ts
new file mode 100644
index 000000000..c73c65833
--- /dev/null
+++ b/packages/trpc/server/api-token-router/create-api-token.types.ts
@@ -0,0 +1,12 @@
+import { z } from 'zod';
+
+export const ZCreateApiTokenRequestSchema = z.object({
+  teamId: z.number(),
+  tokenName: z.string().min(3, { message: 'The token name should be 3 characters or longer' }),
+  expirationDate: z.string().nullable(),
+});
+
+export const ZCreateApiTokenResponseSchema = z.object({
+  id: z.number(),
+  token: z.string(),
+});
diff --git a/packages/trpc/server/api-token-router/delete-api-token.ts b/packages/trpc/server/api-token-router/delete-api-token.ts
new file mode 100644
index 000000000..45fcc2dee
--- /dev/null
+++ b/packages/trpc/server/api-token-router/delete-api-token.ts
@@ -0,0 +1,27 @@
+import { deleteTokenById } from '@documenso/lib/server-only/public-api/delete-api-token-by-id';
+
+import { authenticatedProcedure } from '../trpc';
+import {
+  ZDeleteApiTokenRequestSchema,
+  ZDeleteApiTokenResponseSchema,
+} from './delete-api-token.types';
+
+export const deleteApiTokenRoute = authenticatedProcedure
+  .input(ZDeleteApiTokenRequestSchema)
+  .output(ZDeleteApiTokenResponseSchema)
+  .mutation(async ({ input, ctx }) => {
+    const { id, teamId } = input;
+
+    ctx.logger.info({
+      input: {
+        id,
+        teamId,
+      },
+    });
+
+    await deleteTokenById({
+      id,
+      teamId,
+      userId: ctx.user.id,
+    });
+  });
diff --git a/packages/trpc/server/api-token-router/delete-api-token.types.ts b/packages/trpc/server/api-token-router/delete-api-token.types.ts
new file mode 100644
index 000000000..7cf235fae
--- /dev/null
+++ b/packages/trpc/server/api-token-router/delete-api-token.types.ts
@@ -0,0 +1,8 @@
+import { z } from 'zod';
+
+export const ZDeleteApiTokenRequestSchema = z.object({
+  id: z.number().min(1),
+  teamId: z.number(),
+});
+
+export const ZDeleteApiTokenResponseSchema = z.void();
diff --git a/packages/trpc/server/api-token-router/get-api-tokens.ts b/packages/trpc/server/api-token-router/get-api-tokens.ts
new file mode 100644
index 000000000..4473c8d42
--- /dev/null
+++ b/packages/trpc/server/api-token-router/get-api-tokens.ts
@@ -0,0 +1,19 @@
+import { getApiTokens } from '@documenso/lib/server-only/public-api/get-api-tokens';
+
+import { authenticatedProcedure } from '../trpc';
+import { ZGetApiTokensRequestSchema, ZGetApiTokensResponseSchema } from './get-api-tokens.types';
+
+export const getApiTokensRoute = authenticatedProcedure
+  .input(ZGetApiTokensRequestSchema)
+  .output(ZGetApiTokensResponseSchema)
+  .query(async ({ ctx }) => {
+    const { teamId } = ctx;
+
+    ctx.logger.info({
+      input: {
+        teamId,
+      },
+    });
+
+    return await getApiTokens({ userId: ctx.user.id, teamId });
+  });
diff --git a/packages/trpc/server/api-token-router/get-api-tokens.types.ts b/packages/trpc/server/api-token-router/get-api-tokens.types.ts
new file mode 100644
index 000000000..9e380bf9d
--- /dev/null
+++ b/packages/trpc/server/api-token-router/get-api-tokens.types.ts
@@ -0,0 +1,16 @@
+import { z } from 'zod';
+
+import ApiTokenSchema from '@documenso/prisma/generated/zod/modelSchema/ApiTokenSchema';
+
+export const ZGetApiTokensRequestSchema = z.void();
+
+export const ZGetApiTokensResponseSchema = z.array(
+  ApiTokenSchema.pick({
+    id: true,
+    name: true,
+    createdAt: true,
+    expires: true,
+  }),
+);
+
+export type TGetApiTokensResponse = z.infer<typeof ZGetApiTokensResponseSchema>;
diff --git a/packages/trpc/server/api-token-router/router.ts b/packages/trpc/server/api-token-router/router.ts
index f1439060c..8a17d5b66 100644
--- a/packages/trpc/server/api-token-router/router.ts
+++ b/packages/trpc/server/api-token-router/router.ts
@@ -1,50 +1,10 @@
-import { createApiToken } from '@documenso/lib/server-only/public-api/create-api-token';
-import { deleteTokenById } from '@documenso/lib/server-only/public-api/delete-api-token-by-id';
-import { getApiTokens } from '@documenso/lib/server-only/public-api/get-api-tokens';
-
-import { authenticatedProcedure, router } from '../trpc';
-import { ZCreateTokenMutationSchema, ZDeleteTokenByIdMutationSchema } from './schema';
+import { router } from '../trpc';
+import { createApiTokenRoute } from './create-api-token';
+import { deleteApiTokenRoute } from './delete-api-token';
+import { getApiTokensRoute } from './get-api-tokens';
 
 export const apiTokenRouter = router({
-  getTokens: authenticatedProcedure.query(async ({ ctx }) => {
-    return await getApiTokens({ userId: ctx.user.id, teamId: ctx.teamId });
-  }),
-
-  createToken: authenticatedProcedure
-    .input(ZCreateTokenMutationSchema)
-    .mutation(async ({ input, ctx }) => {
-      const { tokenName, teamId, expirationDate } = input;
-
-      ctx.logger.info({
-        input: {
-          teamId,
-        },
-      });
-
-      return await createApiToken({
-        userId: ctx.user.id,
-        teamId,
-        tokenName,
-        expiresIn: expirationDate,
-      });
-    }),
-
-  deleteTokenById: authenticatedProcedure
-    .input(ZDeleteTokenByIdMutationSchema)
-    .mutation(async ({ input, ctx }) => {
-      const { id, teamId } = input;
-
-      ctx.logger.info({
-        input: {
-          id,
-          teamId,
-        },
-      });
-
-      return await deleteTokenById({
-        id,
-        teamId,
-        userId: ctx.user.id,
-      });
-    }),
+  create: createApiTokenRoute,
+  getMany: getApiTokensRoute,
+  delete: deleteApiTokenRoute,
 });
diff --git a/packages/trpc/server/api-token-router/schema.ts b/packages/trpc/server/api-token-router/schema.ts
deleted file mode 100644
index 85c41d956..000000000
--- a/packages/trpc/server/api-token-router/schema.ts
+++ /dev/null
@@ -1,16 +0,0 @@
-import { z } from 'zod';
-
-export const ZCreateTokenMutationSchema = z.object({
-  teamId: z.number(),
-  tokenName: z.string().min(3, { message: 'The token name should be 3 characters or longer' }),
-  expirationDate: z.string().nullable(),
-});
-
-export type TCreateTokenMutationSchema = z.infer<typeof ZCreateTokenMutationSchema>;
-
-export const ZDeleteTokenByIdMutationSchema = z.object({
-  id: z.number().min(1),
-  teamId: z.number(),
-});
-
-export type TDeleteTokenByIdMutationSchema = z.infer<typeof ZDeleteTokenByIdMutationSchema>;

From fe4d3ed1fdc702ec2629dc1092c194f434a3f619 Mon Sep 17 00:00:00 2001
From: Lucas Smith <me@lucasjamessmith.me>
Date: Mon, 25 Aug 2025 09:48:04 +1000
Subject: [PATCH 12/17] v1.12.2-rc.5

---
 apps/remix/package.json | 2 +-
 package-lock.json       | 6 +++---
 package.json            | 2 +-
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/apps/remix/package.json b/apps/remix/package.json
index a0c20d515..728f4ec26 100644
--- a/apps/remix/package.json
+++ b/apps/remix/package.json
@@ -101,5 +101,5 @@
     "vite-plugin-babel-macros": "^1.0.6",
     "vite-tsconfig-paths": "^5.1.4"
   },
-  "version": "1.12.2-rc.4"
+  "version": "1.12.2-rc.5"
 }
diff --git a/package-lock.json b/package-lock.json
index 7b2d0ed69..28385e051 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,12 +1,12 @@
 {
   "name": "@documenso/root",
-  "version": "1.12.2-rc.4",
+  "version": "1.12.2-rc.5",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "@documenso/root",
-      "version": "1.12.2-rc.4",
+      "version": "1.12.2-rc.5",
       "workspaces": [
         "apps/*",
         "packages/*"
@@ -89,7 +89,7 @@
     },
     "apps/remix": {
       "name": "@documenso/remix",
-      "version": "1.12.2-rc.4",
+      "version": "1.12.2-rc.5",
       "dependencies": {
         "@documenso/api": "*",
         "@documenso/assets": "*",
diff --git a/package.json b/package.json
index 1f1a39496..86efef735 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "private": true,
-  "version": "1.12.2-rc.4",
+  "version": "1.12.2-rc.5",
   "scripts": {
     "build": "turbo run build",
     "dev": "turbo run dev --filter=@documenso/remix",

From dbf10e5b7b30c8bbbedca026d51752e211b339fd Mon Sep 17 00:00:00 2001
From: David Nguyen <davidngu28@gmail.com>
Date: Mon, 25 Aug 2025 11:32:15 +1000
Subject: [PATCH 13/17] chore: add agents file (#1991)

---
 AGENTS.md | 57 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 57 insertions(+)
 create mode 100644 AGENTS.md

diff --git a/AGENTS.md b/AGENTS.md
new file mode 100644
index 000000000..b6fba867d
--- /dev/null
+++ b/AGENTS.md
@@ -0,0 +1,57 @@
+# Agent Guidelines for Documenso
+
+## Build/Test/Lint Commands
+
+- `npm run build` - Build all packages
+- `npm run lint` - Lint all packages
+- `npm run lint:fix` - Auto-fix linting issues
+- `npm run test:e2e` - Run E2E tests with Playwright
+- `npm run test:dev -w @documenso/app-tests` - Run single E2E test in dev mode
+- `npm run test-ui:dev -w @documenso/app-tests` - Run E2E tests with UI
+- `npm run format` - Format code with Prettier
+- `npm run dev` - Start development server for Remix app
+
+## Code Style Guidelines
+
+- Use TypeScript for all code; prefer `type` over `interface`
+- Use functional components with `const Component = () => {}`
+- Never use classes; prefer functional/declarative patterns
+- Use descriptive variable names with auxiliary verbs (isLoading, hasError)
+- Directory names: lowercase with dashes (auth-wizard)
+- Use named exports for components
+- Never use 'use client' directive
+- Never use 1-line if statements
+- Structure files: exported component, subcomponents, helpers, static content, types
+
+## Error Handling & Validation
+
+- Use custom AppError class when throwing errors
+- When catching errors on the frontend use `const error = AppError.parse(error)` to get the error code
+- Use early returns and guard clauses
+- Use Zod for form validation and react-hook-form for forms
+- Use error boundaries for unexpected errors
+
+## UI & Styling
+
+- Use Shadcn UI, Radix, and Tailwind CSS with mobile-first approach
+- Use `<Form>` `<FormItem>` elements with fieldset having `:disabled` attribute when loading
+- Use Lucide icons with longhand names (HomeIcon vs Home)
+
+## TRPC Routes
+
+- Each route in own file: `routers/teams/create-team.ts`
+- Associated types file: `routers/teams/create-team.types.ts`
+- Request/response schemas: `Z[RouteName]RequestSchema`, `Z[RouteName]ResponseSchema`
+- Only use GET and POST methods in OpenAPI meta
+- Deconstruct input argument on its own line
+- Prefer route names such as get/getMany/find/create/update/delete
+- "create" routes request schema should have the ID and data in the top level
+- "update" routes request schema should have the ID in the top level and the data in a nested "data" object
+
+## Translations & Remix
+
+- Use `<Trans>string</Trans>` for JSX translations from `@lingui/react/macro`
+- Use `t\`string\`` macro for TypeScript translations
+- Use `(params: Route.Params)` and `(loaderData: Route.LoaderData)` for routes
+- Directly return data from loaders, don't use `json()`
+- Use `superLoaderJson` when sending complex data through loaders such as dates or prisma decimals

From 7eb882aea8ff51f3f75ff44dac6b378a6ca3e27e Mon Sep 17 00:00:00 2001
From: David Nguyen <davidngu28@gmail.com>
Date: Mon, 25 Aug 2025 20:59:37 +1000
Subject: [PATCH 14/17] fix: email domain sender logic (#1993)

---
 packages/lib/server-only/email/get-email-context.ts | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/packages/lib/server-only/email/get-email-context.ts b/packages/lib/server-only/email/get-email-context.ts
index 2dcf909fe..a9f924980 100644
--- a/packages/lib/server-only/email/get-email-context.ts
+++ b/packages/lib/server-only/email/get-email-context.ts
@@ -1,3 +1,5 @@
+import { P, match } from 'ts-pattern';
+
 import type { BrandingSettings } from '@documenso/email/providers/branding';
 import { prisma } from '@documenso/prisma';
 import type {
@@ -104,7 +106,12 @@ export const getEmailContext = async (
   }
 
   const replyToEmail = meta?.emailReplyTo || emailContext.settings.emailReplyTo || undefined;
-  const senderEmailId = meta?.emailId === null ? null : emailContext.settings.emailId;
+
+  const senderEmailId = match(meta?.emailId)
+    .with(P.string, (emailId) => emailId) // Explicit string means to use the provided email ID.
+    .with(undefined, () => emailContext.settings.emailId) // Undefined means to use the inherited email ID.
+    .with(null, () => null) // Explicit null means to use the Documenso email.
+    .exhaustive();
 
   const foundSenderEmail = emailContext.allowedEmails.find((email) => email.id === senderEmailId);
 

From 44f5da95b3a4eae28f635ab3bf25f37ee0a51df1 Mon Sep 17 00:00:00 2001
From: David Nguyen <davidngu28@gmail.com>
Date: Mon, 25 Aug 2025 21:00:35 +1000
Subject: [PATCH 15/17] chore: refactor routes (#1992)

---
 .../dialogs/admin-user-delete-dialog.tsx      |  4 ++--
 .../dialogs/admin-user-disable-dialog.tsx     |  4 ++--
 .../dialogs/admin-user-enable-dialog.tsx      |  4 ++--
 .../admin-user-reset-two-factor-dialog.tsx    |  4 ++--
 .../_authenticated+/admin+/users.$id.tsx      |  6 +++---
 .../organisation.invite.$token.tsx            |  3 +++
 .../lib/utils/handle-oauth-callback-url.ts    |  4 ++++
 .../emails/send-signing-email.handler.ts      |  5 +++++
 packages/lib/server-only/admin/update-user.ts |  6 ------
 .../lib/server-only/user/get-user-by-id.ts    | 20 +++++++++++++++++-
 .../lib/server-only/user/update-profile.ts    |  4 ++--
 packages/trpc/server/admin-router/get-user.ts | 19 +++++++++++++++++
 .../server/admin-router/get-user.types.ts     | 21 +++++++++++++++++++
 packages/trpc/server/admin-router/router.ts   |  2 ++
 packages/trpc/server/profile-router/router.ts | 20 +++---------------
 packages/trpc/server/profile-router/schema.ts |  6 ------
 16 files changed, 89 insertions(+), 43 deletions(-)
 create mode 100644 packages/trpc/server/admin-router/get-user.ts
 create mode 100644 packages/trpc/server/admin-router/get-user.types.ts

diff --git a/apps/remix/app/components/dialogs/admin-user-delete-dialog.tsx b/apps/remix/app/components/dialogs/admin-user-delete-dialog.tsx
index d2f0cf8b7..157cc5284 100644
--- a/apps/remix/app/components/dialogs/admin-user-delete-dialog.tsx
+++ b/apps/remix/app/components/dialogs/admin-user-delete-dialog.tsx
@@ -3,12 +3,12 @@ import { useState } from 'react';
 import { msg } from '@lingui/core/macro';
 import { useLingui } from '@lingui/react';
 import { Trans } from '@lingui/react/macro';
-import type { User } from '@prisma/client';
 import { useNavigate } from 'react-router';
 import { match } from 'ts-pattern';
 
 import { AppError, AppErrorCode } from '@documenso/lib/errors/app-error';
 import { trpc } from '@documenso/trpc/react';
+import type { TGetUserResponse } from '@documenso/trpc/server/admin-router/get-user.types';
 import { Alert, AlertDescription, AlertTitle } from '@documenso/ui/primitives/alert';
 import { Button } from '@documenso/ui/primitives/button';
 import {
@@ -25,7 +25,7 @@ import { useToast } from '@documenso/ui/primitives/use-toast';
 
 export type AdminUserDeleteDialogProps = {
   className?: string;
-  user: User;
+  user: TGetUserResponse;
 };
 
 export const AdminUserDeleteDialog = ({ className, user }: AdminUserDeleteDialogProps) => {
diff --git a/apps/remix/app/components/dialogs/admin-user-disable-dialog.tsx b/apps/remix/app/components/dialogs/admin-user-disable-dialog.tsx
index 5d995ccdf..347532a19 100644
--- a/apps/remix/app/components/dialogs/admin-user-disable-dialog.tsx
+++ b/apps/remix/app/components/dialogs/admin-user-disable-dialog.tsx
@@ -3,11 +3,11 @@ import { useState } from 'react';
 import { msg } from '@lingui/core/macro';
 import { useLingui } from '@lingui/react';
 import { Trans } from '@lingui/react/macro';
-import type { User } from '@prisma/client';
 import { match } from 'ts-pattern';
 
 import { AppError, AppErrorCode } from '@documenso/lib/errors/app-error';
 import { trpc } from '@documenso/trpc/react';
+import type { TGetUserResponse } from '@documenso/trpc/server/admin-router/get-user.types';
 import { Alert, AlertDescription, AlertTitle } from '@documenso/ui/primitives/alert';
 import { Button } from '@documenso/ui/primitives/button';
 import {
@@ -24,7 +24,7 @@ import { useToast } from '@documenso/ui/primitives/use-toast';
 
 export type AdminUserDisableDialogProps = {
   className?: string;
-  userToDisable: User;
+  userToDisable: TGetUserResponse;
 };
 
 export const AdminUserDisableDialog = ({
diff --git a/apps/remix/app/components/dialogs/admin-user-enable-dialog.tsx b/apps/remix/app/components/dialogs/admin-user-enable-dialog.tsx
index 702b2d73b..64f9aa72d 100644
--- a/apps/remix/app/components/dialogs/admin-user-enable-dialog.tsx
+++ b/apps/remix/app/components/dialogs/admin-user-enable-dialog.tsx
@@ -3,11 +3,11 @@ import { useState } from 'react';
 import { msg } from '@lingui/core/macro';
 import { useLingui } from '@lingui/react';
 import { Trans } from '@lingui/react/macro';
-import type { User } from '@prisma/client';
 import { match } from 'ts-pattern';
 
 import { AppError, AppErrorCode } from '@documenso/lib/errors/app-error';
 import { trpc } from '@documenso/trpc/react';
+import type { TGetUserResponse } from '@documenso/trpc/server/admin-router/get-user.types';
 import { Alert, AlertDescription, AlertTitle } from '@documenso/ui/primitives/alert';
 import { Button } from '@documenso/ui/primitives/button';
 import {
@@ -24,7 +24,7 @@ import { useToast } from '@documenso/ui/primitives/use-toast';
 
 export type AdminUserEnableDialogProps = {
   className?: string;
-  userToEnable: User;
+  userToEnable: TGetUserResponse;
 };
 
 export const AdminUserEnableDialog = ({ className, userToEnable }: AdminUserEnableDialogProps) => {
diff --git a/apps/remix/app/components/dialogs/admin-user-reset-two-factor-dialog.tsx b/apps/remix/app/components/dialogs/admin-user-reset-two-factor-dialog.tsx
index f95657d9f..59372ecc9 100644
--- a/apps/remix/app/components/dialogs/admin-user-reset-two-factor-dialog.tsx
+++ b/apps/remix/app/components/dialogs/admin-user-reset-two-factor-dialog.tsx
@@ -3,12 +3,12 @@ import { useState } from 'react';
 import { msg } from '@lingui/core/macro';
 import { useLingui } from '@lingui/react';
 import { Trans } from '@lingui/react/macro';
-import type { User } from '@prisma/client';
 import { useRevalidator } from 'react-router';
 import { match } from 'ts-pattern';
 
 import { AppError, AppErrorCode } from '@documenso/lib/errors/app-error';
 import { trpc } from '@documenso/trpc/react';
+import type { TGetUserResponse } from '@documenso/trpc/server/admin-router/get-user.types';
 import { Alert, AlertDescription, AlertTitle } from '@documenso/ui/primitives/alert';
 import { Button } from '@documenso/ui/primitives/button';
 import {
@@ -25,7 +25,7 @@ import { useToast } from '@documenso/ui/primitives/use-toast';
 
 export type AdminUserResetTwoFactorDialogProps = {
   className?: string;
-  user: User;
+  user: TGetUserResponse;
 };
 
 export const AdminUserResetTwoFactorDialog = ({
diff --git a/apps/remix/app/routes/_authenticated+/admin+/users.$id.tsx b/apps/remix/app/routes/_authenticated+/admin+/users.$id.tsx
index 9242d3dd5..3cd0f5853 100644
--- a/apps/remix/app/routes/_authenticated+/admin+/users.$id.tsx
+++ b/apps/remix/app/routes/_authenticated+/admin+/users.$id.tsx
@@ -2,13 +2,13 @@ import { zodResolver } from '@hookform/resolvers/zod';
 import { msg } from '@lingui/core/macro';
 import { useLingui } from '@lingui/react';
 import { Trans } from '@lingui/react/macro';
-import type { User } from '@prisma/client';
 import { useForm } from 'react-hook-form';
 import { useRevalidator } from 'react-router';
 import { Link } from 'react-router';
 import type { z } from 'zod';
 
 import { trpc } from '@documenso/trpc/react';
+import type { TGetUserResponse } from '@documenso/trpc/server/admin-router/get-user.types';
 import { ZUpdateUserRequestSchema } from '@documenso/trpc/server/admin-router/update-user.types';
 import { Button } from '@documenso/ui/primitives/button';
 import {
@@ -38,7 +38,7 @@ const ZUserFormSchema = ZUpdateUserRequestSchema.omit({ id: true });
 type TUserFormSchema = z.infer<typeof ZUserFormSchema>;
 
 export default function UserPage({ params }: { params: { id: number } }) {
-  const { data: user, isLoading: isLoadingUser } = trpc.profile.getUser.useQuery(
+  const { data: user, isLoading: isLoadingUser } = trpc.admin.user.get.useQuery(
     {
       id: Number(params.id),
     },
@@ -78,7 +78,7 @@ export default function UserPage({ params }: { params: { id: number } }) {
   return <AdminUserPage user={user} />;
 }
 
-const AdminUserPage = ({ user }: { user: User }) => {
+const AdminUserPage = ({ user }: { user: TGetUserResponse }) => {
   const { _ } = useLingui();
   const { toast } = useToast();
   const { revalidate } = useRevalidator();
diff --git a/apps/remix/app/routes/_unauthenticated+/organisation.invite.$token.tsx b/apps/remix/app/routes/_unauthenticated+/organisation.invite.$token.tsx
index 5fa253ca3..39acc2194 100644
--- a/apps/remix/app/routes/_unauthenticated+/organisation.invite.$token.tsx
+++ b/apps/remix/app/routes/_unauthenticated+/organisation.invite.$token.tsx
@@ -45,6 +45,9 @@ export async function loader({ params, request }: Route.LoaderArgs) {
         mode: 'insensitive',
       },
     },
+    select: {
+      id: true,
+    },
   });
 
   // Directly convert the team member invite to a team member if they already have an account.
diff --git a/packages/auth/server/lib/utils/handle-oauth-callback-url.ts b/packages/auth/server/lib/utils/handle-oauth-callback-url.ts
index 96967cc4e..15fc1f7fa 100644
--- a/packages/auth/server/lib/utils/handle-oauth-callback-url.ts
+++ b/packages/auth/server/lib/utils/handle-oauth-callback-url.ts
@@ -111,6 +111,10 @@ export const handleOAuthCallbackUrl = async (options: HandleOAuthCallbackUrlOpti
     where: {
       email: email,
     },
+    select: {
+      id: true,
+      emailVerified: true,
+    },
   });
 
   // Handle existing user but no account.
diff --git a/packages/lib/jobs/definitions/emails/send-signing-email.handler.ts b/packages/lib/jobs/definitions/emails/send-signing-email.handler.ts
index 7bdee4ab9..7d62ed1d2 100644
--- a/packages/lib/jobs/definitions/emails/send-signing-email.handler.ts
+++ b/packages/lib/jobs/definitions/emails/send-signing-email.handler.ts
@@ -42,6 +42,11 @@ export const run = async ({
       where: {
         id: userId,
       },
+      select: {
+        id: true,
+        email: true,
+        name: true,
+      },
     }),
     prisma.document.findFirstOrThrow({
       where: {
diff --git a/packages/lib/server-only/admin/update-user.ts b/packages/lib/server-only/admin/update-user.ts
index c600fe863..cc9dcb80d 100644
--- a/packages/lib/server-only/admin/update-user.ts
+++ b/packages/lib/server-only/admin/update-user.ts
@@ -10,12 +10,6 @@ export type UpdateUserOptions = {
 };
 
 export const updateUser = async ({ id, name, email, roles }: UpdateUserOptions) => {
-  await prisma.user.findFirstOrThrow({
-    where: {
-      id,
-    },
-  });
-
   await prisma.user.update({
     where: {
       id,
diff --git a/packages/lib/server-only/user/get-user-by-id.ts b/packages/lib/server-only/user/get-user-by-id.ts
index a01447206..26e0fcc7b 100644
--- a/packages/lib/server-only/user/get-user-by-id.ts
+++ b/packages/lib/server-only/user/get-user-by-id.ts
@@ -1,13 +1,31 @@
 import { prisma } from '@documenso/prisma';
 
+import { AppError, AppErrorCode } from '../../errors/app-error';
+
 export interface GetUserByIdOptions {
   id: number;
 }
 
 export const getUserById = async ({ id }: GetUserByIdOptions) => {
-  return await prisma.user.findFirstOrThrow({
+  const user = await prisma.user.findFirst({
     where: {
       id,
     },
+    select: {
+      id: true,
+      name: true,
+      email: true,
+      emailVerified: true,
+      roles: true,
+      disabled: true,
+      twoFactorEnabled: true,
+      signature: true,
+    },
   });
+
+  if (!user) {
+    throw new AppError(AppErrorCode.NOT_FOUND);
+  }
+
+  return user;
 };
diff --git a/packages/lib/server-only/user/update-profile.ts b/packages/lib/server-only/user/update-profile.ts
index b156a06af..766a09e3e 100644
--- a/packages/lib/server-only/user/update-profile.ts
+++ b/packages/lib/server-only/user/update-profile.ts
@@ -24,7 +24,7 @@ export const updateProfile = async ({
     },
   });
 
-  return await prisma.$transaction(async (tx) => {
+  await prisma.$transaction(async (tx) => {
     await tx.userSecurityAuditLog.create({
       data: {
         userId,
@@ -34,7 +34,7 @@ export const updateProfile = async ({
       },
     });
 
-    return await tx.user.update({
+    await tx.user.update({
       where: {
         id: userId,
       },
diff --git a/packages/trpc/server/admin-router/get-user.ts b/packages/trpc/server/admin-router/get-user.ts
new file mode 100644
index 000000000..c60fd6b21
--- /dev/null
+++ b/packages/trpc/server/admin-router/get-user.ts
@@ -0,0 +1,19 @@
+import { getUserById } from '@documenso/lib/server-only/user/get-user-by-id';
+
+import { adminProcedure } from '../trpc';
+import { ZGetUserRequestSchema, ZGetUserResponseSchema } from './get-user.types';
+
+export const getUserRoute = adminProcedure
+  .input(ZGetUserRequestSchema)
+  .output(ZGetUserResponseSchema)
+  .query(async ({ input, ctx }) => {
+    const { id } = input;
+
+    ctx.logger.info({
+      input: {
+        id,
+      },
+    });
+
+    return await getUserById({ id });
+  });
diff --git a/packages/trpc/server/admin-router/get-user.types.ts b/packages/trpc/server/admin-router/get-user.types.ts
new file mode 100644
index 000000000..fe4ebac5e
--- /dev/null
+++ b/packages/trpc/server/admin-router/get-user.types.ts
@@ -0,0 +1,21 @@
+import { z } from 'zod';
+
+import UserSchema from '@documenso/prisma/generated/zod/modelSchema/UserSchema';
+
+export const ZGetUserRequestSchema = z.object({
+  id: z.number().min(1),
+});
+
+export const ZGetUserResponseSchema = UserSchema.pick({
+  id: true,
+  name: true,
+  email: true,
+  emailVerified: true,
+  roles: true,
+  disabled: true,
+  twoFactorEnabled: true,
+  signature: true,
+});
+
+export type TGetUserRequest = z.infer<typeof ZGetUserRequestSchema>;
+export type TGetUserResponse = z.infer<typeof ZGetUserResponseSchema>;
diff --git a/packages/trpc/server/admin-router/router.ts b/packages/trpc/server/admin-router/router.ts
index 7c6f1558b..f8d472a79 100644
--- a/packages/trpc/server/admin-router/router.ts
+++ b/packages/trpc/server/admin-router/router.ts
@@ -11,6 +11,7 @@ import { findAdminOrganisationsRoute } from './find-admin-organisations';
 import { findDocumentsRoute } from './find-documents';
 import { findSubscriptionClaimsRoute } from './find-subscription-claims';
 import { getAdminOrganisationRoute } from './get-admin-organisation';
+import { getUserRoute } from './get-user';
 import { resealDocumentRoute } from './reseal-document';
 import { resetTwoFactorRoute } from './reset-two-factor-authentication';
 import { updateAdminOrganisationRoute } from './update-admin-organisation';
@@ -36,6 +37,7 @@ export const adminRouter = router({
     createCustomer: createStripeCustomerRoute,
   },
   user: {
+    get: getUserRoute,
     update: updateUserRoute,
     delete: deleteUserRoute,
     enable: enableUserRoute,
diff --git a/packages/trpc/server/profile-router/router.ts b/packages/trpc/server/profile-router/router.ts
index 60b7c1323..3f903eb49 100644
--- a/packages/trpc/server/profile-router/router.ts
+++ b/packages/trpc/server/profile-router/router.ts
@@ -3,14 +3,12 @@ import type { SetAvatarImageOptions } from '@documenso/lib/server-only/profile/s
 import { setAvatarImage } from '@documenso/lib/server-only/profile/set-avatar-image';
 import { deleteUser } from '@documenso/lib/server-only/user/delete-user';
 import { findUserSecurityAuditLogs } from '@documenso/lib/server-only/user/find-user-security-audit-logs';
-import { getUserById } from '@documenso/lib/server-only/user/get-user-by-id';
 import { submitSupportTicket } from '@documenso/lib/server-only/user/submit-support-ticket';
 import { updateProfile } from '@documenso/lib/server-only/user/update-profile';
 
-import { adminProcedure, authenticatedProcedure, router } from '../trpc';
+import { authenticatedProcedure, router } from '../trpc';
 import {
   ZFindUserSecurityAuditLogsSchema,
-  ZRetrieveUserByIdQuerySchema,
   ZSetProfileImageMutationSchema,
   ZSubmitSupportTicketMutationSchema,
   ZUpdateProfileMutationSchema,
@@ -26,24 +24,12 @@ export const profileRouter = router({
       });
     }),
 
-  getUser: adminProcedure.input(ZRetrieveUserByIdQuerySchema).query(async ({ input, ctx }) => {
-    const { id } = input;
-
-    ctx.logger.info({
-      input: {
-        id,
-      },
-    });
-
-    return await getUserById({ id });
-  }),
-
   updateProfile: authenticatedProcedure
     .input(ZUpdateProfileMutationSchema)
     .mutation(async ({ input, ctx }) => {
       const { name, signature } = input;
 
-      return await updateProfile({
+      await updateProfile({
         userId: ctx.user.id,
         name,
         signature,
@@ -52,7 +38,7 @@ export const profileRouter = router({
     }),
 
   deleteAccount: authenticatedProcedure.mutation(async ({ ctx }) => {
-    return await deleteUser({
+    await deleteUser({
       id: ctx.user.id,
     });
   }),
diff --git a/packages/trpc/server/profile-router/schema.ts b/packages/trpc/server/profile-router/schema.ts
index e1db5dd78..2d6a85dc3 100644
--- a/packages/trpc/server/profile-router/schema.ts
+++ b/packages/trpc/server/profile-router/schema.ts
@@ -7,12 +7,6 @@ export const ZFindUserSecurityAuditLogsSchema = z.object({
 
 export type TFindUserSecurityAuditLogsSchema = z.infer<typeof ZFindUserSecurityAuditLogsSchema>;
 
-export const ZRetrieveUserByIdQuerySchema = z.object({
-  id: z.number().min(1),
-});
-
-export type TRetrieveUserByIdQuerySchema = z.infer<typeof ZRetrieveUserByIdQuerySchema>;
-
 export const ZUpdateProfileMutationSchema = z.object({
   name: z.string().min(1),
   signature: z.string(),

From 4012022f5562f0e133a43765fa3300546b5bf459 Mon Sep 17 00:00:00 2001
From: Lucas Smith <me@lucasjamessmith.me>
Date: Tue, 26 Aug 2025 11:08:43 +1000
Subject: [PATCH 16/17] fix: element visible race condition (#1996)

On larger documents we could accidentally start trying to render fields
while not all pages of the PDF have loaded due to us checking for a
single page existing. This would cause an error to be thrown, hard
locking those documents.

This change resolves this by grabbing the highest page number from the
given fields and using it for the visibility check instead.
---
 .../components/embed/authoring/configure-fields-view.tsx    | 6 +++++-
 .../components/embed/embed-direct-template-client-page.tsx  | 6 +++++-
 apps/remix/app/components/embed/embed-document-fields.tsx   | 4 +++-
 .../app/components/embed/embed-document-signing-page.tsx    | 6 +++++-
 .../embed/multisign/multi-sign-document-signing-view.tsx    | 6 +++++-
 .../direct-template/direct-template-signing-form.tsx        | 6 +++++-
 .../general/document-signing/document-signing-page-view.tsx | 6 +++++-
 .../_authenticated+/t.$teamUrl+/documents.$id._index.tsx    | 1 +
 .../ui/components/document/document-read-only-fields.tsx    | 4 +++-
 9 files changed, 37 insertions(+), 8 deletions(-)

diff --git a/apps/remix/app/components/embed/authoring/configure-fields-view.tsx b/apps/remix/app/components/embed/authoring/configure-fields-view.tsx
index 60b732a76..21faee750 100644
--- a/apps/remix/app/components/embed/authoring/configure-fields-view.tsx
+++ b/apps/remix/app/components/embed/authoring/configure-fields-view.tsx
@@ -172,6 +172,8 @@ export const ConfigureFieldsView = ({
     name: 'fields',
   });
 
+  const highestPageNumber = Math.max(...localFields.map((field) => field.pageNumber));
+
   const onFieldCopy = useCallback(
     (event?: KeyboardEvent | null, options?: { duplicate?: boolean; duplicateAll?: boolean }) => {
       const { duplicate = false, duplicateAll = false } = options ?? {};
@@ -540,7 +542,9 @@ export const ConfigureFieldsView = ({
                 <div>
                   <PDFViewer documentData={normalizedDocumentData} />
 
-                  <ElementVisible target={PDF_VIEWER_PAGE_SELECTOR}>
+                  <ElementVisible
+                    target={`${PDF_VIEWER_PAGE_SELECTOR}[data-page-number="${highestPageNumber}"]`}
+                  >
                     {localFields.map((field, index) => {
                       const recipientIndex = recipients.findIndex(
                         (r) => r.id === field.recipientId,
diff --git a/apps/remix/app/components/embed/embed-direct-template-client-page.tsx b/apps/remix/app/components/embed/embed-direct-template-client-page.tsx
index 09f6a91d2..8b883a36b 100644
--- a/apps/remix/app/components/embed/embed-direct-template-client-page.tsx
+++ b/apps/remix/app/components/embed/embed-direct-template-client-page.tsx
@@ -91,6 +91,8 @@ export const EmbedDirectTemplateClientPage = ({
     localFields.filter((field) => field.inserted),
   ];
 
+  const highestPendingPageNumber = Math.max(...pendingFields.map((field) => field.page));
+
   const hasSignatureField = localFields.some((field) => field.type === FieldType.SIGNATURE);
 
   const { mutateAsync: createDocumentFromDirectTemplate, isPending: isSubmitting } =
@@ -442,7 +444,9 @@ export const EmbedDirectTemplateClientPage = ({
           </div>
         </div>
 
-        <ElementVisible target={PDF_VIEWER_PAGE_SELECTOR}>
+        <ElementVisible
+          target={`${PDF_VIEWER_PAGE_SELECTOR}[data-page-number="${highestPendingPageNumber}"]`}
+        >
           {showPendingFieldTooltip && pendingFields.length > 0 && (
             <FieldToolTip key={pendingFields[0].id} field={pendingFields[0]} color="warning">
               <Trans>Click to insert field</Trans>
diff --git a/apps/remix/app/components/embed/embed-document-fields.tsx b/apps/remix/app/components/embed/embed-document-fields.tsx
index 561fdf4cb..ea14b3f1f 100644
--- a/apps/remix/app/components/embed/embed-document-fields.tsx
+++ b/apps/remix/app/components/embed/embed-document-fields.tsx
@@ -50,8 +50,10 @@ export const EmbedDocumentFields = ({
   onSignField,
   onUnsignField,
 }: EmbedDocumentFieldsProps) => {
+  const highestPageNumber = Math.max(...fields.map((field) => field.page));
+
   return (
-    <ElementVisible target={PDF_VIEWER_PAGE_SELECTOR}>
+    <ElementVisible target={`${PDF_VIEWER_PAGE_SELECTOR}[data-page-number="${highestPageNumber}"]`}>
       {fields.map((field) =>
         match(field.type)
           .with(FieldType.SIGNATURE, () => (
diff --git a/apps/remix/app/components/embed/embed-document-signing-page.tsx b/apps/remix/app/components/embed/embed-document-signing-page.tsx
index ef2eedc1c..d7d8a0713 100644
--- a/apps/remix/app/components/embed/embed-document-signing-page.tsx
+++ b/apps/remix/app/components/embed/embed-document-signing-page.tsx
@@ -106,6 +106,8 @@ export const EmbedSignDocumentClientPage = ({
     fields.filter((field) => field.inserted),
   ];
 
+  const highestPendingPageNumber = Math.max(...pendingFields.map((field) => field.page));
+
   const { mutateAsync: completeDocumentWithToken, isPending: isSubmitting } =
     trpc.recipient.completeDocumentWithToken.useMutation();
 
@@ -465,7 +467,9 @@ export const EmbedSignDocumentClientPage = ({
             </div>
           </div>
 
-          <ElementVisible target={PDF_VIEWER_PAGE_SELECTOR}>
+          <ElementVisible
+            target={`${PDF_VIEWER_PAGE_SELECTOR}[data-page-number="${highestPendingPageNumber}"]`}
+          >
             {showPendingFieldTooltip && pendingFields.length > 0 && (
               <FieldToolTip key={pendingFields[0].id} field={pendingFields[0]} color="warning">
                 <Trans>Click to insert field</Trans>
diff --git a/apps/remix/app/components/embed/multisign/multi-sign-document-signing-view.tsx b/apps/remix/app/components/embed/multisign/multi-sign-document-signing-view.tsx
index 37abdcce3..5867a1a2a 100644
--- a/apps/remix/app/components/embed/multisign/multi-sign-document-signing-view.tsx
+++ b/apps/remix/app/components/embed/multisign/multi-sign-document-signing-view.tsx
@@ -92,6 +92,8 @@ export const MultiSignDocumentSigningView = ({
       [],
   ];
 
+  const highestPendingPageNumber = Math.max(...pendingFields.map((field) => field.page));
+
   const uninsertedFields = document?.fields.filter((field) => !field.inserted) ?? [];
 
   const onSignField = async (payload: TSignFieldWithTokenMutationSchema) => {
@@ -357,7 +359,9 @@ export const MultiSignDocumentSigningView = ({
               </div>
 
               {hasDocumentLoaded && (
-                <ElementVisible target={PDF_VIEWER_PAGE_SELECTOR}>
+                <ElementVisible
+                  target={`${PDF_VIEWER_PAGE_SELECTOR}[data-page-number="${highestPendingPageNumber}"]`}
+                >
                   {showPendingFieldTooltip && pendingFields.length > 0 && (
                     <FieldToolTip
                       key={pendingFields[0].id}
diff --git a/apps/remix/app/components/general/direct-template/direct-template-signing-form.tsx b/apps/remix/app/components/general/direct-template/direct-template-signing-form.tsx
index da38f51c4..8f78ae754 100644
--- a/apps/remix/app/components/general/direct-template/direct-template-signing-form.tsx
+++ b/apps/remix/app/components/general/direct-template/direct-template-signing-form.tsx
@@ -79,6 +79,8 @@ export const DirectTemplateSigningForm = ({
   const [validateUninsertedFields, setValidateUninsertedFields] = useState(false);
   const [isSubmitting, setIsSubmitting] = useState(false);
 
+  const highestPageNumber = Math.max(...localFields.map((field) => field.page));
+
   const fieldsRequiringValidation = useMemo(() => {
     return localFields.filter((field) => isFieldUnsignedAndRequired(field));
   }, [localFields]);
@@ -221,7 +223,9 @@ export const DirectTemplateSigningForm = ({
       <DocumentFlowFormContainerHeader title={flowStep.title} description={flowStep.description} />
 
       <DocumentFlowFormContainerContent>
-        <ElementVisible target={PDF_VIEWER_PAGE_SELECTOR}>
+        <ElementVisible
+          target={`${PDF_VIEWER_PAGE_SELECTOR}[data-page-number="${highestPageNumber}"]`}
+        >
           {validateUninsertedFields && uninsertedFields[0] && (
             <FieldToolTip key={uninsertedFields[0].id} field={uninsertedFields[0]} color="warning">
               <Trans>Click to insert field</Trans>
diff --git a/apps/remix/app/components/general/document-signing/document-signing-page-view.tsx b/apps/remix/app/components/general/document-signing/document-signing-page-view.tsx
index a1bf3d24e..cbbdc7926 100644
--- a/apps/remix/app/components/general/document-signing/document-signing-page-view.tsx
+++ b/apps/remix/app/components/general/document-signing/document-signing-page-view.tsx
@@ -78,6 +78,8 @@ export const DocumentSigningPageView = ({
   const targetSigner =
     recipient.role === RecipientRole.ASSISTANT && selectedSigner ? selectedSigner : null;
 
+  const highestPageNumber = Math.max(...fields.map((field) => field.page));
+
   return (
     <DocumentSigningRecipientProvider recipient={recipient} targetSigner={targetSigner}>
       <div className="mx-auto w-full max-w-screen-xl sm:px-6">
@@ -224,7 +226,9 @@ export const DocumentSigningPageView = ({
           <DocumentSigningAutoSign recipient={recipient} fields={fields} />
         )}
 
-        <ElementVisible target={PDF_VIEWER_PAGE_SELECTOR}>
+        <ElementVisible
+          target={`${PDF_VIEWER_PAGE_SELECTOR}[data-page-number="${highestPageNumber}"]`}
+        >
           {fields
             .filter(
               (field) =>
diff --git a/apps/remix/app/routes/_authenticated+/t.$teamUrl+/documents.$id._index.tsx b/apps/remix/app/routes/_authenticated+/t.$teamUrl+/documents.$id._index.tsx
index 75592696c..84c9c6883 100644
--- a/apps/remix/app/routes/_authenticated+/t.$teamUrl+/documents.$id._index.tsx
+++ b/apps/remix/app/routes/_authenticated+/t.$teamUrl+/documents.$id._index.tsx
@@ -67,6 +67,7 @@ export async function loader({ params, request }: Route.LoaderArgs) {
   const documentVisibility = document?.visibility;
   const currentTeamMemberRole = team.currentTeamRole;
   const isRecipient = document?.recipients.find((recipient) => recipient.email === user.email);
+
   let canAccessDocument = true;
 
   if (!isRecipient && document?.userId !== user.id) {
diff --git a/packages/ui/components/document/document-read-only-fields.tsx b/packages/ui/components/document/document-read-only-fields.tsx
index 0786357d1..d1c96f8a9 100644
--- a/packages/ui/components/document/document-read-only-fields.tsx
+++ b/packages/ui/components/document/document-read-only-fields.tsx
@@ -95,8 +95,10 @@ export const DocumentReadOnlyFields = ({
     setHiddenFieldIds((prev) => ({ ...prev, [fieldId]: true }));
   };
 
+  const highestPageNumber = Math.max(...fields.map((field) => field.page));
+
   return (
-    <ElementVisible target={PDF_VIEWER_PAGE_SELECTOR}>
+    <ElementVisible target={`${PDF_VIEWER_PAGE_SELECTOR}[data-page-number="${highestPageNumber}"]`}>
       {fields.map(
         (field) =>
           !hiddenFieldIds[field.secondaryId] && (

From 184ebdedf1051b99ab9da83d57faf541c81dad77 Mon Sep 17 00:00:00 2001
From: Lucas Smith <me@lucasjamessmith.me>
Date: Tue, 26 Aug 2025 11:17:43 +1000
Subject: [PATCH 17/17] v1.12.2-rc.6

---
 apps/remix/package.json | 2 +-
 package-lock.json       | 6 +++---
 package.json            | 2 +-
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/apps/remix/package.json b/apps/remix/package.json
index 728f4ec26..a97fff5f3 100644
--- a/apps/remix/package.json
+++ b/apps/remix/package.json
@@ -101,5 +101,5 @@
     "vite-plugin-babel-macros": "^1.0.6",
     "vite-tsconfig-paths": "^5.1.4"
   },
-  "version": "1.12.2-rc.5"
+  "version": "1.12.2-rc.6"
 }
diff --git a/package-lock.json b/package-lock.json
index 28385e051..647e4c43c 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,12 +1,12 @@
 {
   "name": "@documenso/root",
-  "version": "1.12.2-rc.5",
+  "version": "1.12.2-rc.6",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "@documenso/root",
-      "version": "1.12.2-rc.5",
+      "version": "1.12.2-rc.6",
       "workspaces": [
         "apps/*",
         "packages/*"
@@ -89,7 +89,7 @@
     },
     "apps/remix": {
       "name": "@documenso/remix",
-      "version": "1.12.2-rc.5",
+      "version": "1.12.2-rc.6",
       "dependencies": {
         "@documenso/api": "*",
         "@documenso/assets": "*",
diff --git a/package.json b/package.json
index 86efef735..9e6654c0e 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "private": true,
-  "version": "1.12.2-rc.5",
+  "version": "1.12.2-rc.6",
   "scripts": {
     "build": "turbo run build",
     "dev": "turbo run dev --filter=@documenso/remix",