chore: merge main, resolve biome formatting conflicts

Merge origin/main into feat/document-file-conversion. Conflicts were format-only (Tailwind class ordering, single-line vs multi-line) plus two semantic merges: - files.helpers.ts: combine main's pending-PDF download path with the branch's original-source-file (DOCX/PNG/JPEG) download path - download-pdf.ts: combine main's versionToFilenameSuffix helper with the branch's server-provided Content-Disposition filename support
fix: broken merge in team-account-folders E2E test
2026-06-22 20:32:07 +10:00 · 2026-05-12 11:28:47 +00:00 · 2026-04-20 10:48:49 +00:00 · 2026-04-20 10:11:35 +00:00 · 2026-01-15 12:42:36 +00:00 · 2026-01-06 20:48:27 +00:00
211 changed files with 3781 additions and 13082 deletions
@@ -1,289 +0,0 @@
---
-date: 2026-02-02
-title: Support For External 2fa Codes
---
-
-## Objective
-
-Enable organizations to enforce a second factor for document signing while keeping delivery fully external (for example customer-owned SMS), with strong recipient/session binding and auditable controls.
-
-## Problem Context
-
- Many legacy organizations still rely on SMS for second-factor delivery.
- Their users cannot realistically migrate to authenticator apps or passkeys yet.
- Operating first-party SMS infrastructure in Documenso is costly, risky, and outside core scope.
- Customers need an API-first integration path that fits existing notification infrastructure and compliance controls.
-
-## Proposed Solution
-
-Introduce external 2FA codes for signing:
-
-1. A trusted backend service requests a one-time signing token via API.
-2. The customer delivers that token to the signer through their own existing channel (for example SMS).
-3. The signer enters the token in the signing flow.
-4. Documenso validates the submitted token, then issues a short-lived session-bound verification proof.
-5. Signature completion is allowed only when the proof is present and valid for that recipient signing session.
-
-## Decisions Captured In Interview
-
- Enforcement scope: template-level default with per-recipient override.
- Issuer trust boundary: scoped machine API keys with explicit permission.
- Token lifecycle: newest token immediately revokes prior active token for same recipient/document.
- Brute-force control: token-scoped hard attempt cap.
- Security defaults: TTL 10 minutes, max 5 attempts.
- Verification unlock: session-bound proof (not global recipient unlock).
- Issuance contract: idempotent-ish reissue behavior with explicit structured denial reasons.
- Audit privacy: never log token/code material; log identifiers and reason codes only.
- Missing token at signing time: block with actionable state.
- Rollback behavior: feature-flag off for new sessions only.
- Resend/recovery in v1: support-owned reissue guidance only (no signer self-serve trigger).
- Workspace policy controls in v1: no per-workspace TTL/attempt overrides.
- Session proof TTL in v1: 10 minutes.
-
-## Scope
-
-### In Scope
-
- API endpoint to issue short-lived signing 2FA tokens for eligible recipients.
- Secure storage/verification mechanism (hashed token + expiry + attempt tracking).
- Signing UI step to collect token before signature submission.
- Standard operating flow: token is generated via API and entered by the recipient in the UI.
- Verification endpoint/path integrated into signing completion checks.
- Audit logging for token issuance and verification attempts.
- Template policy defaults with per-recipient override support.
- Session-bound verification proof issuance after successful code validation.
- Feature-flagged rollout controls at workspace/organization scope.
-
-### Out of Scope
-
- Native SMS sending/providers inside Documenso.
- New authenticator/passkey implementation.
- Cross-channel delivery guarantees (owned by customer infrastructure).
- UI-only token generation as the primary flow in this phase.
- Fully configurable TTL/attempt policy per workspace in v1.
- Customer callback/webhook resend orchestration in v1.
- Signer-triggered self-serve reissue controls in v1.
-
-## Functional Requirements
-
- Token is recipient-bound and document/session-bound.
- Token cannot be shared across recipients or recipient roles.
- A recipient token only authorizes signature actions for that same recipient identity.
- If the same human is represented by multiple recipient records, each recipient record still requires its own token.
- Token has strict TTL of 10 minutes and single-use semantics.
- Token verification fails on expiry, mismatch, too many attempts, or reuse.
- Endpoint access is restricted to scoped API clients with explicit issuance permission.
- Clear, localized user errors for invalid/expired tokens.
- Max 5 verification attempts per token; on cap reached, token becomes unusable and signer must use a newly issued token.
- Issuing a new token revokes any existing active token for the same recipient/document pair.
- Successful verification creates a short-lived session-bound proof; only that session can complete signature.
- If 2FA is required but no valid token has been issued yet, signing must be blocked with actionable guidance.
-
-## Non-Functional Requirements
-
- Verification and consumption path must be atomic and race-safe under concurrent requests.
- Error responses must use stable machine-readable reason codes for customer integrations.
- p95 verification latency should remain within existing signing guardrail budget (target: <= 300 ms server-side).
- Security controls and audit logging must not expose token/code values in logs, traces, or analytics payloads.
-
-## Policy Model
-
- Default requirement is configured at template/workflow level.
- Sender can override requirement per recipient before send.
- Effective policy is materialized on recipient/document at send time to avoid template drift during in-flight signing.
- Feature flag gates enforcement by workspace/organization for rollout and rollback.
-
-## API Contract
-
-### Token Issuance Endpoint
-
- Auth: scoped API key with dedicated permission (for example `signing_2fa:issue`).
- Input: recipient/document context and optional idempotency metadata.
- Behavior:
-  - Eligible recipient: always issues a fresh token and revokes prior active token.
-  - Ineligible/forbidden state: returns structured 4xx with explicit reason code.
-  - Never returns previously generated plaintext token; token is visible exactly once at issuance.
- Output:
-  - Plaintext token (single response only).
-  - Metadata for integration handling (expiresAt, ttlSeconds, attemptLimit, issuedAt).
-
-### Verification Endpoint
-
- Input: token submission from signing UI bound to current signing session context.
- Behavior:
-  - Valid token: atomically consumes token and issues session-bound verification proof.
-  - Invalid token: increments attempts and returns reason code.
-  - Expired/revoked/consumed/capped: returns denial reason without revealing sensitive internals.
- Output:
-  - Success: verification state for current session.
-  - Failure: localized user-safe message + machine reason code.
-
-### Resend/Reissue Behavior (v1)
-
- No signer-triggered callback/webhook or self-serve reissue endpoint in v1.
- If token is missing/expired/revoked/capped, signer sees actionable guidance to contact sender/support.
- Reissue remains an API-key-initiated operation from trusted customer backend only.
-
-### Suggested Reason Codes
-
- `TWO_FA_NOT_REQUIRED`
- `TWO_FA_NOT_ISSUED`
- `TWO_FA_TOKEN_INVALID`
- `TWO_FA_TOKEN_EXPIRED`
- `TWO_FA_TOKEN_REVOKED`
- `TWO_FA_TOKEN_CONSUMED`
- `TWO_FA_ATTEMPT_LIMIT_REACHED`
- `TWO_FA_ISSUER_FORBIDDEN`
- `TWO_FA_RECIPIENT_INELIGIBLE`
-
-## Data Model
-
-Create `signing_two_factor_tokens` (name indicative):
-
- `id`
- `recipientId`
- `documentId`
- `tokenHash`
- `tokenSalt` (or use KDF settings sufficient to avoid raw-secret recovery)
- `expiresAt`
- `consumedAt` nullable
- `revokedAt` nullable
- `attempts` default 0
- `attemptLimit` default 5
- `issuedByApiKeyId` (or actor reference)
- `createdAt`
-
-Optional companion table/entity for session proof:
-
- `signing_session_2fa_proofs`
- `sessionId`
- `recipientId`
- `documentId`
- `verifiedAt`
- `expiresAt`
-
-Constraints and indexes:
-
- Index on (`recipientId`, `documentId`, `expiresAt`).
- At most one active token per (`recipientId`, `documentId`) enforced by transactional revoke-on-issue.
- Guard against lost-update on attempts and consume via row lock or atomic update conditions.
-
-## Signing UX
-
- Insert 2FA code step before signature commit when effective policy requires it.
- UX states:
-  - Waiting for code input.
-  - Invalid code (remaining attempts shown where safe).
-  - Expired/revoked/attempt cap reached with clear next-step copy.
-  - Not issued yet state with actionable guidance.
- Recovery copy in v1 must direct signer to sender/support (no in-product resend action).
- Localization required for all user-facing errors.
- Accessibility: input labeling, error announcement, keyboard submission, mobile-friendly numeric entry.
- Session-bound proof behavior must be transparent to user (no global unlock across devices/tabs).
-
-## Security Requirements
-
- Never persist plaintext token; store salted hash only.
- Rate-limit issuance and verification attempts.
- Invalidate previous active token immediately when a new token is issued.
- Emit security/audit events with actor, recipient, document, timestamp, and reason codes.
- Prevent token leakage in logs, telemetry, and error payloads.
- Use constant-time comparison and hardened random token generation.
- Enforce short proof lifetime for verified session to reduce replay window.
- Set proof TTL to 10 minutes in v1.
-
-## Observability And Audit
-
-Emit events for:
-
- `2fa_token_issued`
- `2fa_token_issue_denied`
- `2fa_token_verify_succeeded`
- `2fa_token_verify_failed`
- `2fa_token_consumed`
- `2fa_token_revoked`
-
-Event fields:
-
- `workspaceId`, `documentId`, `recipientId`
- `actorType` (api_key, signer_session, system)
- `actorId` (where applicable)
- `reasonCode`
- `ipHash`, `userAgentHash` (if available)
- `timestamp`
-
-Metrics and alerts:
-
- Issuance success/failure rates.
- Verification success/failure rate split by reason code.
- Attempt-limit-hit rate.
- p95 verification latency.
- Alert on unusual spikes in invalid attempts per recipient/document/workspace.
-
-## Implementation Plan
-
-1. Domain model
-   - Add signing 2FA token entity/table and session-proof persistence.
-2. Token issuance API
-   - Add authenticated route for scoped API keys; issue fresh token, revoke prior active.
-3. Verification logic
-   - Validate token state, increment attempts atomically, consume on success, mint session proof.
-4. Signing flow integration
-   - Add UI token prompt and backend guard requiring valid session proof.
-5. Observability
-   - Add reason-coded events and dashboards/alerts.
-6. Controls
-   - Add rate limits, attempt cap (5), revoke-on-reissue, and feature flag checks.
-7. Testing
-   - Unit tests for generation/verification edge cases.
-   - Integration tests for API and signing flow.
-   - Concurrency tests for double-submit and parallel verification.
-
-## Testing Matrix
-
- Token issuance for eligible/ineligible recipients.
- Reissue revokes previous token immediately.
- Verification success path creates session-bound proof.
- Verification fails on mismatch, expiry, revoked, consumed, cap reached.
- Attempt counter increments correctly under concurrent requests.
- Signature blocked when proof absent or expired.
- Recipient A token rejected for recipient B (including same human/multiple recipient records).
- Feature flag off: new sessions bypass external 2FA requirement.
- Audit events emitted with expected reason codes and no token material.
-
-## Acceptance Criteria
-
- External system can request a token for an eligible signer through API.
- Signer cannot complete signing without valid token when policy requires 2FA.
- A token issued for recipient A is always rejected for recipient B, including when both recipients map to the same underlying person.
- Valid token allows signing exactly once within TTL.
- Expired/reused/invalid tokens are rejected with clear errors.
- No Documenso-owned SMS infrastructure is introduced.
- Audit trail captures issuance and verification outcomes.
- Default policy can be set at template level with per-recipient override at send time.
- New token issuance revokes prior active token for same recipient/document.
- Max 5 failed attempts per token is enforced.
- Successful verification unlocks only the active signing session.
- If no token has been issued yet, signer is blocked with actionable guidance.
-
-## Rollout Strategy
-
- Ship behind feature flag (workspace-level or organization-level).
- Enable first for pilot customers in regulated domains.
- Monitor verification failure rates and support feedback.
- Gradually expand availability once stable.
- Rollback path: disable flag for new sessions only; preserve already verified in-flight sessions.
-
-## Risks and Mitigations
-
- Brute-force attempts -> enforce attempt caps, lockouts, and rate limits.
- Delivery delays in customer SMS systems -> allow controlled token re-issue.
- Support burden from expiry confusion -> clear UX copy and resend guidance.
- Concurrency race on consume/attempt updates -> use transactional atomic updates and dedicated tests.
- Misconfigured API clients -> explicit permission scopes and structured denial reasons.
- Forensic gaps vs privacy over-collection -> reason-coded audits with hashed network metadata only.
-
-## Open Questions
-
- None for v1 scope.
- v1.1 exploration candidate: customer-controlled signer-triggered callback/reissue flow with abuse protections.
@@ -211,17 +211,3 @@ NEXT_PRIVATE_LOGGER_FILE_PATH=

 # [[PLAIN SUPPORT]]
 NEXT_PRIVATE_PLAIN_API_KEY=
-
-# [[DOCUMENT CONVERSION]]
-# OPTIONAL: Base URL of a Gotenberg-compatible service used to convert uploaded
-# DOCX files to PDF on the server. When unset, DOCX uploads are disabled and
-# only PDF is accepted. The dev docker compose exposes Gotenberg on port 3005.
-# NEXT_PRIVATE_DOCUMENT_CONVERSION_URL="http://localhost:3005"
-# OPTIONAL: Per-request timeout in milliseconds for the conversion service.
-# Defaults to 30000 (30s) if unset.
-# NEXT_PRIVATE_DOCUMENT_CONVERSION_TIMEOUT_MS=30000
-# OPTIONAL: HTTP Basic auth credentials for the conversion service. Set both
-# when the service is started with `--api-enable-basic-auth` (the dev compose
-# does this; the matching values there are `documenso` / `password`).
-# NEXT_PRIVATE_DOCUMENT_CONVERSION_USERNAME=documenso
-# NEXT_PRIVATE_DOCUMENT_CONVERSION_PASSWORD=password
@@ -1,4 +1,4 @@
-name: 'Setup node'
+name: 'Setup node and cache node_modules'
 inputs:
  node_version:
    required: false
@@ -16,7 +16,25 @@ runs:
      shell: bash
      run: corepack enable npm

+    - name: Cache npm
+      uses: actions/cache@v3
+      with:
+        path: ~/.npm
+        key: npm-${{ hashFiles('package-lock.json') }}
+        restore-keys: npm-
+
+    - name: Cache node_modules
+      uses: actions/cache@v3
+      id: cache-node-modules
+      with:
+        path: |
+          node_modules
+          packages/*/node_modules
+          apps/*/node_modules
+        key: modules-${{ hashFiles('package-lock.json') }}
+
    - name: Install dependencies
+      if: steps.cache-node-modules.outputs.cache-hit != 'true'
      shell: bash
      run: |
        npm ci --no-audit
@@ -1,8 +1,19 @@
 name: Install playwright binaries
-description: 'Install playwright'
+description: 'Install playwright, cache and restore if necessary'
 runs:
  using: 'composite'
  steps:
+    - name: Cache playwright
+      id: cache-playwright
+      uses: actions/cache@v3
+      with:
+        path: |
+          ~/.cache/ms-playwright
+          ${{ github.workspace }}/node_modules/playwright
+        key: playwright-${{ hashFiles('**/package-lock.json') }}
+        restore-keys: playwright-
+
    - name: Install playwright
+      if: steps.cache-playwright.outputs.cache-hit != 'true'
      run: npx playwright install --with-deps
      shell: bash
@@ -41,6 +41,14 @@ jobs:
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3

+      - name: Cache Docker layers
+        uses: actions/cache@v4
+        with:
+          path: /tmp/.buildx-cache
+          key: ${{ runner.os }}-buildx-${{ github.sha }}
+          restore-keys: |
+            ${{ runner.os }}-buildx-
+
      - name: Build Docker Image
        uses: docker/build-push-action@v5
        with:
@@ -48,3 +56,13 @@ jobs:
          context: .
          file: ./docker/Dockerfile
          tags: documenso-${{ github.sha }}
+          cache-from: type=local,src=/tmp/.buildx-cache
+          cache-to: type=local,dest=/tmp/.buildx-cache-new,mode=max
+
+      - # Temp fix
+        # https://github.com/docker/build-push-action/issues/252
+        # https://github.com/moby/buildkit/issues/1896
+        name: Move cache
+        run: |
+          rm -rf /tmp/.buildx-cache
+          mv /tmp/.buildx-cache-new /tmp/.buildx-cache
@@ -20,6 +20,7 @@ jobs:
        uses: actions/setup-node@v4
        with:
          node-version: '18'
+          cache: npm

      - name: Install Octokit
        run: npm install @octokit/rest@18
@@ -1,7 +1,7 @@
 name: 'PR Labeler'

 on:
-  - pull_request
+  - pull_request_target

 concurrency:
  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
@@ -20,6 +20,7 @@ jobs:
        uses: actions/setup-node@v4
        with:
          node-version: '18'
+          cache: npm

      - name: Install Octokit
        run: npm install @octokit/rest@18
@@ -1,7 +1,7 @@
 name: 'Validate PR Name'

 on:
-  pull_request:
+  pull_request_target:
    types:
      - opened
      - reopened
@@ -9,10 +9,6 @@ If you plan to contribute to Documenso, please take a moment to feel awesome ✨
 - Consider the results from the discussion on the issue
 - Accept the [Contributor License Agreement](https://documen.so/cla) to ensure we can accept your contributions.

-## English only PRs and Issues
-
-Please write all issues, pull requests, and related comments in English so maintainers and the wider contributor community can follow the discussion.
-
 ## Taking issues

 Before taking an issue, ensure that:
@@ -11,8 +11,6 @@
    ·
    <a href="https://documenso.com">Website</a>
    ·
-    <a href="https://docs.documenso.com">Documentation</a>
-    ·
    <a href="https://github.com/documenso/documenso/issues">Issues</a>
    ·
    <a href="https://documen.so/live">Upcoming Releases</a>
@@ -148,7 +146,45 @@ npm run d

 ### Manual Setup

-Follow the [manual setup guide](https://docs.documenso.com/docs/developers/local-development/manual) to configure Documenso on your local machine.
+Follow these steps to setup Documenso on your local machine:
+
+1. [Fork this repository](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/working-with-forks/about-forks) to your GitHub account.
+
+After forking the repository, clone it to your local device by using the following command:
+
+```sh
+git clone https://github.com/<your-username>/documenso
+```
+
+2. Run `npm i` in the root directory
+
+3. Create your `.env` from the `.env.example`. You can use `cp .env.example .env` to get started with our handpicked defaults.
+
+4. Set the following environment variables:
+
+   - NEXTAUTH_SECRET
+   - NEXT_PUBLIC_WEBAPP_URL
+   - NEXT_PRIVATE_DATABASE_URL
+   - NEXT_PRIVATE_DIRECT_DATABASE_URL
+   - NEXT_PRIVATE_SMTP_FROM_NAME
+   - NEXT_PRIVATE_SMTP_FROM_ADDRESS
+
+5. Create the database schema by running `npm run prisma:migrate-dev`
+
+6. Run `npm run translate:compile` in the root directory to compile lingui
+
+7. Run `npm run dev` in the root directory to start
+
+8. Register a new user at http://localhost:3000/signup
+
+---
+
+- Optional: Seed the database using `npm run prisma:seed -w @documenso/prisma` to create a test user and document.
+- Optional: Create your own signing certificate.
+  - To generate your own using these steps and a Linux Terminal or Windows Subsystem for Linux (WSL), see **[Create your own signing certificate](./SIGNING.md)**.
+- Optional: Configure job provider for document reminders.
+  - The default local job provider does not support scheduled jobs required for document reminders.
+  - To enable reminders, set `NEXT_PRIVATE_JOBS_PROVIDER=inngest` and provide `NEXT_PRIVATE_INNGEST_EVENT_KEY` in your `.env` file.

 ### Run in Gitpod

@@ -168,44 +204,138 @@ If you're a visual learner and prefer to watch a video walkthrough of setting up

 ## Docker

-We provide official Docker images on [DockerHub](https://hub.docker.com/r/documenso/documenso) and [GitHub Container Registry](https://ghcr.io/documenso/documenso).
+We provide a Docker container for Documenso, which is published on both DockerHub and GitHub Container Registry.

-For setup instructions, see the [Docker Deployment](https://docs.documenso.com/docs/self-hosting/deployment/docker) and [Docker Compose](https://docs.documenso.com/docs/self-hosting/deployment/docker-compose) guides.
+- DockerHub: [https://hub.docker.com/r/documenso/documenso](https://hub.docker.com/r/documenso/documenso)
+- GitHub Container Registry: [https://ghcr.io/documenso/documenso](https://ghcr.io/documenso/documenso)
+
+You can pull the Docker image from either of these registries and run it with your preferred container hosting provider.
+
+Please note that you will need to provide environment variables for connecting to the database, mailserver, and so forth.
+
+For detailed instructions on how to configure and run the Docker container, please refer to the [Docker README](./docker/README.md) in the `docker` directory.

 ## Self Hosting

-We support a variety of deployment methods including Docker, Docker Compose, Railway, Kubernetes, and manual deployment.
+We support a variety of deployment methods, and are actively working on adding more. Stay tuned for updates!

-For full instructions, requirements, and configuration details, see the [Self Hosting documentation](https://docs.documenso.com/docs/self-hosting).
+### Fetch, configure, and build

-### One-Click Deploys
+First, clone the code from Github:

-#### Railway
+```
+git clone https://github.com/documenso/documenso.git
+```
+
+Then, inside the `documenso` folder, copy the example env file:
+
+```
+cp .env.example .env
+```
+
+The following environment variables must be set:
+
+- `NEXTAUTH_SECRET`
+- `NEXT_PUBLIC_WEBAPP_URL`
+- `NEXT_PRIVATE_DATABASE_URL`
+- `NEXT_PRIVATE_DIRECT_DATABASE_URL`
+- `NEXT_PRIVATE_SMTP_FROM_NAME`
+- `NEXT_PRIVATE_SMTP_FROM_ADDRESS`
+
+> If you are using a reverse proxy in front of Documenso, don't forget to provide the public URL for the `NEXT_PUBLIC_WEBAPP_URL` variable!
+
+Now you can install the dependencies and build it:
+
+```
+npm i
+npm run build
+npm run prisma:migrate-deploy
+```
+
+Finally, you can start it with:
+
+```
+cd apps/remix
+npm run start
+```
+
+This will start the server on `localhost:3000`. For now, any reverse proxy can then do the frontend and SSL termination.
+
+> If you want to run with another port than 3000, you can start the application with `next -p <ANY PORT>` from the `apps/remix` folder.
+
+### Run as a service
+
+You can use a systemd service file to run the app. Here is a simple example of the service running on port 3500 (using 3000 by default):
+
+```bash
+[Unit]
+Description=documenso
+After=network.target
+
+[Service]
+Environment=PATH=/path/to/your/node/binaries
+Type=simple
+User=www-data
+WorkingDirectory=/var/www/documenso/apps/remix
+ExecStart=/usr/bin/next start -p 3500
+TimeoutSec=15
+Restart=always
+
+[Install]
+WantedBy=multi-user.target
+```
+
+### Railway

 [![Deploy on Railway](https://railway.app/button.svg)](https://railway.app/template/bG6D4p)

-#### Render
+### Render

 [![Deploy to Render](https://render.com/images/deploy-to-render-button.svg)](https://render.com/deploy?repo=https://github.com/documenso/documenso)

-#### Koyeb
+### Koyeb

 [![Deploy to Koyeb](https://www.koyeb.com/static/images/deploy/button.svg)](https://app.koyeb.com/deploy?type=git&repository=github.com/documenso/documenso&branch=main&name=documenso-app&builder=dockerfile&dockerfile=/docker/Dockerfile)

-#### Elestio
+## Elestio

 [![Deploy on Elestio](https://elest.io/images/logos/deploy-to-elestio-btn.png)](https://elest.io/open-source/documenso)

 ## Troubleshooting

-For troubleshooting self-hosted deployments, see the [Troubleshooting guide](https://docs.documenso.com/docs/self-hosting/maintenance/troubleshooting) and [Tips & Common Pitfalls](https://docs.documenso.com/docs/self-hosting/getting-started/tips).
-
 ### I'm not receiving any emails when using the developer quickstart.

 When using the developer quickstart, an [Inbucket](https://inbucket.org/) server will be spun up in a docker container that will store all outgoing emails locally for you to view.

 The Web UI can be found at http://localhost:9000, while the SMTP port will be on localhost:2500.

+### Support IPv6
+
+If you are deploying to a cluster that uses only IPv6, You can use a custom command to pass a parameter to the Remix start command
+
+For local docker run
+
+```bash
+docker run -it documenso:latest npm run start -- -H ::
+```
+
+For k8s or docker-compose
+
+```yaml
+containers:
+  - name: documenso
+    image: documenso:latest
+    imagePullPolicy: IfNotPresent
+    command:
+      - npm
+    args:
+      - run
+      - start
+      - --
+      - -H
+      - '::'
+```
+
 ### I can't see environment variables in my package scripts.

 Wrap your package script with the `with:env` script like such:
@@ -12,7 +12,7 @@ import { Callout } from 'fumadocs-ui/components/callout';
 | 21 CFR Part 11 | Compliant (Enterprise) |
 | SOC 2          | Compliant              |
 | ISO 27001      | Planned                |
-| HIPAA          | Compliant (Enterprise) |
+| HIPAA          | Planned                |

 ## 21 CFR Part 11

@@ -97,12 +97,12 @@ Documenso implements digital signatures with the following characteristics:
 - **Timestamps**: RFC 3161 timestamps can be applied to signatures
 - **Signature visualization**: Signed documents include visual signature representations

-For specific implementation details and configuration options, refer to the [signing certificates](/docs/concepts/signing-certificates) documentation.
+For specific implementation details and configuration options, refer to the [signing certificates](/signing-certificates/overview) documentation.

 Self-hosted deployments can configure their own signing certificates and timestamp authorities to meet specific compliance requirements.

 ## Related

- [E-Sign Compliance](/docs/compliance/esign) - Legal frameworks for electronic signatures
- [Signing Certificates](/docs/concepts/signing-certificates) - Certificate configuration
- [Signing Workflow](/docs/concepts/signing-workflow) - Document activity and audit trail
+- [Legal Validity](/compliance/legal-validity) - Legal frameworks for electronic signatures
+- [Signing Certificates Overview](/signing-certificates/overview) - Certificate configuration
+- [Audit Log](/features/audit-log) - Document activity tracking
@@ -167,5 +167,5 @@ To enable sequential signing:

 ## Related

- [Add Recipients](/docs/users/documents/add-recipients) - How to add recipients to a document
- [Field Types](/docs/concepts/field-types) - Learn about the different field types you can assign to recipients
+- [Add Recipients](/users/documents/add-recipients) - How to add recipients to a document
+- [Field Types](/concepts/field-types) - Learn about the different field types you can assign to recipients
@@ -1,45 +0,0 @@
---
-title: Common Errors
-description: A comprehensive troubleshooting matrix for Documenso API and Webhook integration errors.
---
-
-This guide provides a comprehensive troubleshooting matrix for the standard error codes returned by the Documenso API. Use this reference to diagnose and resolve integration issues related to envelopes, recipients, and webhooks.
-
-## Application Error Codes
-
-| Error Code | Description | Recommended Action |
-| :--- | :--- | :--- |
-| `ALREADY_EXISTS` | The resource you are attempting to create already exists. | Verify if the entity (e.g., user, envelope, webhook) has already been instantiated. Use a `PUT` or `PATCH` request to update the existing resource instead of `POST`. |
-| `EXPIRED_CODE` | The provided access code or token has expired. | Generate a new access code or request a new invitation link before retrying the request. |
-| `INVALID_BODY` | The request payload is malformed. | Inspect your JSON payload structure. Ensure it strictly adheres to the expected schema and that no required fields are missing. |
-| `INVALID_REQUEST` | The overall request is malformed or invalid. | Review your API call parameters, including the URL, query parameters, and headers. Correct the request syntax. |
-| `RECIPIENT_EXPIRED` | The signing link or recipient access has expired. | Generate and resend a new invitation to the affected recipient. |
-| `LIMIT_EXCEEDED` | Your account usage quota has been exceeded. | Check your current plan limits. Upgrade your subscription or wait until your billing cycle renews. |
-| `NOT_FOUND` | The requested resource could not be found (404). | Verify the resource ID (envelope, document, webhook) passed in the URL. Ensure the resource has not been deleted. |
-| `NOT_IMPLEMENTED` | The requested feature is not currently supported by the server. | Consult the API documentation to verify available methods. Do not use this endpoint at this time. |
-| `NOT_SETUP` | The required configuration for this action is incomplete. | Access your account or integration settings and complete the necessary configuration before retrying. |
-| `INVALID_CAPTCHA` | Security token (Captcha) validation failed. | Ensure the Captcha token is correctly generated on the client side and transmitted without alteration in your request. |
-| `UNAUTHORIZED` | Missing or invalid authentication (401). | Verify that your API key is correct, active, and properly formatted in the `Authorization` header (e.g., `Bearer <YOUR_API_KEY>`). |
-| `FORBIDDEN` | Access to the resource is denied (403). | Ensure your API key or user account has the necessary permissions and roles to execute this specific action. |
-| `UNKNOWN_ERROR` | An unexpected internal server error occurred (500). | Retry the request later. If the issue persists, contact technical support with your request payload and the timestamp of the incident. |
-| `RETRY_EXCEPTION` | The operation failed temporarily but can be retried. | Implement an automatic retry logic in your integration, ideally using an exponential backoff strategy. |
-| `SCHEMA_FAILED` | Strict data schema validation failed. | Verify that the data types sent (string, number, boolean) exactly match the OpenAPI specification. |
-| `TOO_MANY_REQUESTS` | Rate limit exceeded (429). | Reduce the frequency of your API calls. Implement rate-limiting handling based on the response headers. |
-| `TWO_FACTOR_AUTH_FAILED` | Two-factor authentication (2FA) failed. | Verify the provided 2FA code. Ensure it was entered correctly and has not expired. |
-| `WEBHOOK_INVALID_REQUEST` | The webhook-related request is invalid. | Check your receiving endpoint configuration. Ensure the URL is correct and that your server accepts `POST` requests from Documenso. |
-
-## Envelope State Errors
-
-The following errors occur when attempting to perform actions on an envelope that are incompatible with its current state.
-
-| Error Code | Description | Recommended Action |
-| :--- | :--- | :--- |
-| `ENVELOPE_DRAFT` | The action cannot be performed because the envelope is still in a draft state. | Finalize the envelope configuration and transition it to the `PENDING` (sent) state before attempting this operation. |
-| `ENVELOPE_COMPLETED` | The action cannot be performed because the envelope is already completed. | No further modifications (e.g., adding signers, modifying documents) can be made to an envelope once the signing process is finished. |
-| `ENVELOPE_REJECTED` | The action cannot be performed because the envelope was rejected by a recipient. | The signing flow is permanently halted. Create a new envelope if you wish to resubmit the document. |
-| `ENVELOPE_LEGACY` | The action cannot be performed because the envelope uses an obsolete format. | This envelope was created with a legacy version of the system. Recreate the envelope using the current API version to interact with it. |
-
-## See Also
-
- [Documents API](/docs/developers/api/documents)
- [Webhooks](/docs/developers/webhooks)
@@ -1,14 +1,4 @@
 {
  "title": "API Reference",
-  "pages": [
-    "documents",
-    "recipients",
-    "fields",
-    "templates",
-    "teams",
-    "rate-limits",
-    "versioning",
-    "developer-mode",
-    "common-errors"
-  ]
+  "pages": ["documents", "recipients", "fields", "templates", "teams", "rate-limits", "versioning", "developer-mode"]
 }
@@ -1,24 +1,24 @@
 ---
-title: Editor
+title: Authoring
 description: Embed document, template, and envelope creation directly in your application.
 ---

 import { Callout } from 'fumadocs-ui/components/callout';

-In addition to embedding signing, Documenso supports embedded editor. It allows your users to create and edit documents, templates, and envelopes without leaving your application.
+In addition to embedding signing, Documenso supports embedded authoring. It allows your users to create and edit documents, templates, and envelopes without leaving your application.

 <Callout type="warn">
-  Embedded editor is included with [Enterprise](https://documen.so/enterprise-cta) plans. It is
+  Embedded authoring is included with [Enterprise](https://documen.so/enterprise-cta) plans. It is
  also available as a paid add-on for the [Platform Plan](https://documen.so/platform-cta-pricing).
  Contact sales for access.
 </Callout>

 ## Versions

-Embedded editor is available in two versions:
+Embedded authoring is available in two versions:

- **[V1 Editor](/docs/developers/embedding/editor/v1)** — Works with V1 Documents and Templates.
- **[V2 Editor](/docs/developers/embedding/editor/v2)** — Works with Envelopes, which are the unified model for documents and templates.
+- **[V1 Authoring](/docs/developers/embedding/authoring/v1)** — Works with V1 Documents and Templates.
+- **[V2 Authoring](/docs/developers/embedding/authoring/v2)** — Works with Envelopes, which are the unified model for documents and templates.

 ### Comparison

@@ -32,7 +32,7 @@ Embedded editor is available in two versions:

 ## Presign Tokens

-Before using any editor component, obtain a presign token from your backend:
+Before using any authoring component, obtain a presign token from your backend:

 ```
 POST /api/v2/embedding/create-presign-token
@@ -50,7 +50,7 @@ See the [API documentation](https://openapi.documenso.com/reference#tag/embeddin

 ## Next Steps

- [V1 Editor](/docs/developers/embedding/editor/v1) — Create and edit documents and templates using V1 components
- [V2 Editor](/docs/developers/embedding/editor/v2) — Create and edit envelopes using V2 components
+- [V1 Authoring](/docs/developers/embedding/authoring/v1) — Create and edit documents and templates using V1 components
+- [V2 Authoring](/docs/developers/embedding/authoring/v2) — Create and edit envelopes using V2 components
 - [CSS Variables](/docs/developers/embedding/css-variables) — Customize the appearance of embedded components
 - [SDKs](/docs/developers/embedding/sdks) — Framework-specific SDK documentation
@@ -1,4 +1,4 @@
 {
-  "title": "Editor",
+  "title": "Authoring",
  "pages": ["v1", "v2"]
 }
@@ -1,21 +1,21 @@
 ---
-title: V1 Editor
+title: V1 Authoring
 description: Embed V1 document and template creation directly in your application.
 ---

 import { Callout } from 'fumadocs-ui/components/callout';

-V1 editor components allow your users to create and edit documents and templates using the V1 Documents and Templates API without leaving your application.
+V1 authoring components allow your users to create and edit documents and templates using the V1 Documents and Templates API without leaving your application.

 <Callout type="warn">
-  Embedded editor is included with [Enterprise](https://documen.so/enterprise-cta) plans. It is
+  Embedded authoring is included with [Enterprise](https://documen.so/enterprise-cta) plans. It is
  also available as a paid add-on for the [Platform Plan](https://documen.so/platform-cta-pricing).
  Contact sales for access.
 </Callout>

 ## Components

-The SDK provides four V1 editor components:
+The SDK provides four V1 authoring components:

 | Component               | Purpose                 |
 | ----------------------- | ----------------------- |
@@ -29,7 +29,7 @@ The SDK provides four V1 editor components:

 ## Presign Tokens

-All editor components require a **presign token** for authentication. See the [Editor overview](/docs/developers/embedding/editor) for details on obtaining presign tokens.
+All authoring components require a **presign token** for authentication. See the [Authoring overview](/docs/developers/embedding/authoring) for details on obtaining presign tokens.


 <Callout type="warn">
@@ -131,7 +131,7 @@ const TemplateEditor = ({ presignToken, templateId }) => {

 ## Props

-### All Editor Components
+### All Authoring Components

 | Prop               | Type      | Required | Description                                              |
 | ------------------ | --------- | -------- | -------------------------------------------------------- |
@@ -143,7 +143,7 @@ const TemplateEditor = ({ presignToken, templateId }) => {
 | `darkModeDisabled` | `boolean` | No       | Disable dark mode (Platform Plan)                        |
 | `language`         | `string`  | No       | Set the UI language. See [Supported Languages](https://github.com/documenso/documenso/tree/main/packages/lib/constants/locales.ts) |
 | `className`        | `string`  | No       | CSS class for the iframe                                 |
-| `features`         | `object`  | No       | Feature toggles for the editor experience                |
+| `features`         | `object`  | No       | Feature toggles for the authoring experience             |

 ### Update Components Only

@@ -157,7 +157,7 @@ const TemplateEditor = ({ presignToken, templateId }) => {

 ## Feature Toggles

-Customize what options are available in the editor experience:
+Customize what options are available in the authoring experience:

 ```jsx
 <EmbedCreateDocumentV1
@@ -294,7 +294,7 @@ Pass extra props to the iframe for testing experimental features:
 ## See Also

 - [Embedding Overview](/docs/developers/embedding) - Signing embed concepts and props
- [V2 Editor](/docs/developers/embedding/editor/v2) - V2 envelope editor
+- [V2 Authoring](/docs/developers/embedding/authoring/v2) - V2 envelope authoring
 - [CSS Variables](/docs/developers/embedding/css-variables) - Customize appearance
 - [Documents API](/docs/developers/api/documents) - Create documents via API
 - [Templates API](/docs/developers/api/templates) - Create templates via API
@@ -1,21 +1,21 @@
 ---
-title: V2 Editor
+title: V2 Authoring
 description: Embed envelope creation and editing directly in your application.
 ---

 import { Callout } from 'fumadocs-ui/components/callout';

-V2 editor components allow your users to create and edit envelopes without leaving your application. Envelopes are the unified model for documents and templates in the V2 API.
+V2 authoring components allow your users to create and edit envelopes without leaving your application. Envelopes are the unified model for documents and templates in the V2 API.

 <Callout type="warn">
-  Embedded editor is included with [Enterprise](https://documen.so/enterprise-cta) plans. It is
+  Embedded authoring is included with [Enterprise](https://documen.so/enterprise-cta) plans. It is
  also available as a paid add-on for the [Platform Plan](https://documen.so/platform-cta-pricing).
  Contact sales for access.
 </Callout>

 ## Components

-The SDK provides two V2 editor components:
+The SDK provides two V2 authoring components:

 | Component              | Purpose                  |
 | ---------------------- | ------------------------ |
@@ -26,7 +26,7 @@ The SDK provides two V2 editor components:

 ## Presign Tokens

-All editor components require a **presign token** for authentication. See the [Editor overview](/docs/developers/embedding/editor) for details on obtaining presign tokens.
+All authoring components require a **presign token** for authentication. See the [Authoring overview](/docs/developers/embedding/authoring) for details on obtaining presign tokens.

 <Callout type="warn">
  A presigned token is NOT an API token
@@ -100,7 +100,7 @@ const EnvelopeEditor = ({ presignToken, envelopeId }) => {

 ## Props

-### All V2 Editor Components
+### All V2 Authoring Components

 | Prop             | Type      | Required | Description                                              |
 | ---------------- | --------- | -------- | -------------------------------------------------------- |
@@ -113,7 +113,7 @@ const EnvelopeEditor = ({ presignToken, envelopeId }) => {
 | `language`       | `string`  | No       | Set the UI language. See [Supported Languages](https://github.com/documenso/documenso/tree/main/packages/lib/constants/locales.ts) |
 | `className`      | `string`  | No       | CSS class for the iframe                                 |
 | `user`           | `object`  | No       | Current user info. When provided, enables the "Add Myself" button in the recipients list. Object with optional `email` and `name` fields |
-| `features`       | `object`  | No       | Feature toggles for the editor experience                |
+| `features`       | `object`  | No       | Feature toggles for the authoring experience             |

 ### Create Component Only

@@ -132,7 +132,7 @@ const EnvelopeEditor = ({ presignToken, envelopeId }) => {

 ## Feature Toggles

-V2 editor provides rich, structured feature toggles organized into sections. Pass a partial configuration to customize the editor experience — any omitted fields will use their defaults.
+V2 authoring provides rich, structured feature toggles organized into sections. Pass a partial configuration to customize the authoring experience — any omitted fields will use their defaults.

 ```jsx
 <EmbedCreateEnvelope
@@ -160,7 +160,7 @@ V2 editor provides rich, structured feature toggles organized into sections. Pas

 ### General

-Controls the overall editor flow and UI:
+Controls the overall authoring flow and UI:

 | Property                        | Type      | Default | Description                                      |
 | ------------------------------- | --------- | ------- | ------------------------------------------------ |
@@ -188,7 +188,7 @@ Controls envelope configuration options. Set to `null` to hide envelope settings

 ### Actions

-Controls available actions during editing:
+Controls available actions during authoring:

 | Property           | Type      | Default | Description              |
 | ------------------ | --------- | ------- | ------------------------ |
@@ -221,7 +221,7 @@ Controls recipient configuration options. Set to `null` to prevent any recipient

 ### Disabling Steps

-You can also disable entire steps of the editor flow. This allows you to skip steps that are not relevant to your use case:
+You can also disable entire steps of the authoring flow. This allows you to skip steps that are not relevant to your use case:

 ```jsx
 <EmbedCreateEnvelope
@@ -338,7 +338,7 @@ const EnvelopeManager = ({ presignToken }) => {

 ## See Also

- [Editor Overview](/docs/developers/embedding/editor) - V1 vs V2 comparison and presign tokens
- [V1 Editor](/docs/developers/embedding/editor/v1) - V1 document and template editor
+- [Authoring Overview](/docs/developers/embedding/authoring) - V1 vs V2 comparison and presign tokens
+- [V1 Authoring](/docs/developers/embedding/authoring/v1) - V1 document and template authoring
 - [Embedding Overview](/docs/developers/embedding) - Signing embed concepts and props
 - [CSS Variables](/docs/developers/embedding/css-variables) - Customize appearance
@@ -6,14 +6,14 @@ description: Embed document signing experiences directly in your application usi
 import { Callout } from 'fumadocs-ui/components/callout';
 import { Step, Steps } from 'fumadocs-ui/components/steps';

-## Embedded Signing vs Embedded Editor
+## Embedded Signing vs Embedded Authoring

 Documenso offers two types of embedding:

 - **Embedded Signing** lets you embed the signing experience in your application. Your users sign documents without leaving your site. Available on Teams Plan and above.
- **Embedded Editor** lets you embed document and template _creation and editing_ in your application. This is an [Enterprise](/docs/policies/enterprise-edition) feature (also available as a Platform Plan add-on). See the [Editor](/docs/developers/embedding/editor) guide.
+- **Embedded Authoring** lets you embed document and template _creation and editing_ in your application. This is an [Enterprise](/docs/policies/enterprise-edition) feature (also available as a Platform Plan add-on). See the [Authoring](/docs/developers/embedding/authoring) guide.

-This page covers **embedded signing**. If you need your users to create or edit documents inside your app, see [Editor](/docs/developers/embedding/editor).
+This page covers **embedded signing**. If you need your users to create or edit documents inside your app, see [Authoring](/docs/developers/embedding/authoring).

 ---

@@ -229,9 +229,9 @@ Receives an object with:
    href="/docs/developers/embedding/css-variables"
  />
  <Card
-    title="Editor"
+    title="Authoring"
    description="Embed document and template creation."
-    href="/docs/developers/embedding/editor"
+    href="/docs/developers/embedding/authoring"
  />
 </Cards>

@@ -1,4 +1,4 @@
 {
  "title": "Embedding",
-  "pages": ["sdks", "direct-links", "css-variables", "editor"]
+  "pages": ["sdks", "direct-links", "css-variables", "authoring"]
 }
@@ -89,4 +89,4 @@ export class SigningComponent {

 - [Embedding Overview](/docs/developers/embedding) - Props reference and concepts
 - [CSS Variables](/docs/developers/embedding/css-variables) - Customize appearance
- [Editor](/docs/developers/embedding/editor) - Embed document creation
+- [Authoring](/docs/developers/embedding/authoring) - Embed document creation
@@ -93,4 +93,4 @@ See [CSS Variables](/docs/developers/embedding/css-variables) for all available

 - [Embedding Overview](/docs/developers/embedding) - Props reference and concepts
 - [CSS Variables](/docs/developers/embedding/css-variables) - Customize appearance
- [Editor](/docs/developers/embedding/editor) - Embed document creation
+- [Authoring](/docs/developers/embedding/authoring) - Embed document creation
@@ -133,4 +133,4 @@ const DocumentSigning = ({ token }: { token: string }) => {

 - [Embedding Overview](/docs/developers/embedding) - Props reference and concepts
 - [CSS Variables](/docs/developers/embedding/css-variables) - Customize appearance
- [Editor](/docs/developers/embedding/editor) - Embed document creation
+- [Authoring](/docs/developers/embedding/authoring) - Embed document creation
@@ -93,4 +93,4 @@ See [CSS Variables](/docs/developers/embedding/css-variables) for all available

 - [Embedding Overview](/docs/developers/embedding) - Props reference and concepts
 - [CSS Variables](/docs/developers/embedding/css-variables) - Customize appearance
- [Editor](/docs/developers/embedding/editor) - Embed document creation
+- [Authoring](/docs/developers/embedding/authoring) - Embed document creation
@@ -101,4 +101,4 @@ See [CSS Variables](/docs/developers/embedding/css-variables) for all available

 - [Embedding Overview](/docs/developers/embedding) - Props reference and concepts
 - [CSS Variables](/docs/developers/embedding/css-variables) - Customize appearance
- [Editor](/docs/developers/embedding/editor) - Embed document creation
+- [Authoring](/docs/developers/embedding/authoring) - Embed document creation
@@ -104,4 +104,4 @@ See [CSS Variables](/docs/developers/embedding/css-variables) for all available

 - [Embedding Overview](/docs/developers/embedding) - Props reference and concepts
 - [CSS Variables](/docs/developers/embedding/css-variables) - Customize appearance
- [Editor](/docs/developers/embedding/editor) - Embed document creation
+- [Authoring](/docs/developers/embedding/authoring) - Embed document creation
@@ -73,14 +73,14 @@ Include the token in the `Authorization` header of your HTTP requests.
 ### cURL

 ```bash
-curl https://app.documenso.com/api/v2/document \
+curl https://app.documenso.com/api/v2/documents \
  -H "Authorization: api_xxxxxxxxxxxxxxxx"
 ```

 ### JavaScript / TypeScript

 ```typescript
-const response = await fetch('https://app.documenso.com/api/v2/document', {
+const response = await fetch('https://app.documenso.com/api/v2/documents', {
  method: 'GET',
  headers: {
    Authorization: 'api_xxxxxxxxxxxxxxxx',
@@ -83,15 +83,6 @@ npm run prisma:seed -w @documenso/prisma

 </Step>

-<Step>
-### Optional: configure job provider
-
-The default local job provider does not support scheduled jobs required for document reminders.
-
-See the [Background Jobs](/docs/self-hosting/configuration/background-jobs) page for more information.
-
-</Step>
-
 <Step>
 ### Start the application

@@ -114,20 +105,6 @@ Access the Documenso application by visiting `http://localhost:3000` in your web
  certificate](/docs/developers/local-development/signing-certificate)**.
 </Callout>

-## Running Scripts with Environment Variables
-
-If a package script does not automatically load your `.env` and `.env.local` files, wrap it with the `with:env` script:
-
-```bash
-npm run with:env -- npm run myscript
-```
-
-The same works for `npx` when running bin scripts:
-
-```bash
-npm run with:env -- npx myscript
-```
-
 ## See Also

 - [Developer Quickstart](/docs/developers/local-development/quickstart) - Quick Docker-based setup
@@ -53,8 +53,8 @@ The Enterprise Edition is required when you:
    - Document Action Reauthentication (Passkeys and 2FA)
    - 21 CFR Part 11 Compliance
    - Email Domains (custom sender addresses)
-    - Embed Editor
-    - Embed Editor White Label
+    - Embed Authoring
+    - Embed Authoring White Label
    - Custom signing certificates
    - Priority feature requests

@@ -19,19 +19,16 @@ Use the limitless plans as much as you like. They are meant to offer a lot. Plea

 ### Do

- Use team or platform plans to run your workflows, even with significant volume, as long as it aligns with the plan’s intended purpose.
- Experiment and automate freely within the plan features.
- If volume grows beyond what’s sustainable on your plan, we’ll reach out to discuss an upgrade.
- Assume that extreme usage will lead to us contacting you. You can scale up—or scale back. It’s about finding the right fit.
+- Sign as many documents as you need with the individual plan for your single business or organisation
+- Use the API and automation tools to automate your signing workflows
+- Experiment with plans and integrations while testing what you want to build

 ### Don't
- Use an individual account's API to power a platform or product.
- Run a large company signing thousands of documents per day on a small team plan.
- Expect enterprise-level support on a fair support plan (i.e. business edition).
- Use a team plan to power an external platform or commercial product or platform beyond moderate testing.
- Expect a platform plan to support enterprise-level volumes indefinitely without a conversation.
- Don’t expect the platform plan to cover enterprise-scale volume or support. If you reach that point, we’ll reach out to guide you to the right fit.
- Don’t overthink this – if you’re building something valuable, we want to see you succeed. If we need to talk, we will.
+
+- Use an individual account API to power a platform or product
+- Run a large company signing thousands of documents per day on a small team plan
+- Expect enterprise-level support on a fair support plan
+- Overthink this policy — if you are a paying customer, we want you to win

 ## Rate Limits

@@ -1,5 +1,5 @@
 ---
-title: AI Recipient & Field Detection
+title: AI Recipient & Field Detection (Self-hosting)
 description: Configure Google Vertex AI so Documenso can detect recipients and fields automatically.
 ---

@@ -1,408 +0,0 @@
---
-title: Document Conversion
-description: Enable DOCX uploads on a self-hosted Documenso instance by running a Gotenberg sidecar that converts Word documents to PDF.
---
-
-import { Accordion, Accordions } from 'fumadocs-ui/components/accordion';
-import { Callout } from 'fumadocs-ui/components/callout';
-import { Step, Steps } from 'fumadocs-ui/components/steps';
-import { Tab, Tabs } from 'fumadocs-ui/components/tabs';
-
-## Overview
-
-Documenso can accept `.docx` uploads in addition to PDFs. When a user uploads a Word document, the Documenso server sends it to a [Gotenberg](https://gotenberg.dev) service which uses LibreOffice to convert it to PDF. The converted PDF is what gets stored, signed, and downloaded. The original DOCX is discarded.
-
-This feature is **opt-in for self-hosted instances**. When the conversion service is not configured, DOCX uploads are rejected in the UI and only PDFs are accepted.
-
-| Property                | Value                                                                |
-| ----------------------- | -------------------------------------------------------------------- |
-| Conversion engine       | [Gotenberg](https://gotenberg.dev) + LibreOffice                     |
-| Input format            | `.docx` (Office Open XML Word documents)                             |
-| Output format           | PDF                                                                  |
-| Network requirement     | Documenso must reach the Gotenberg HTTP API                          |
-| Default request timeout | 30 seconds per file                                                  |
-| Failure handling        | An internal circuit breaker opens for 30 seconds after a failure |
-
-<Callout type="info">
-  Only `.docx` is accepted. Legacy `.doc`, `.odt`, `.rtf`, and other LibreOffice-supported formats
-  are rejected at the upload step even when Gotenberg is configured.
-</Callout>
-
---
-
-## Requirements
-
- A running Gotenberg 8 instance with the LibreOffice module (`gotenberg/gotenberg:8-libreoffice` or newer).
- Network reachability from the Documenso container to the Gotenberg HTTP API.
- A version of Documenso that includes the document conversion feature.
-
-## Build the Gotenberg Image
-
-The upstream `gotenberg/gotenberg:8-libreoffice` image works out of the box, but it ships only **metric-compatible font substitutes** (Carlito for Calibri, Liberation for Arial/Times/Courier). Layout widths are preserved but documents will look noticeably different from Word.
-
-For better fidelity, especially for non-Latin scripts, build a derived image that adds Microsoft Core Fonts and additional language fonts. The Documenso repository ships a reference Dockerfile at [`docker/development/Dockerfile.gotenberg`](https://github.com/documenso/documenso/blob/main/docker/development/Dockerfile.gotenberg) that you can use as a starting point:
-
-```dockerfile
-FROM gotenberg/gotenberg:8-libreoffice
-
-USER root
-
-RUN echo "deb http://deb.debian.org/debian trixie contrib non-free" \
-      > /etc/apt/sources.list.d/contrib.list \
-    && echo "ttf-mscorefonts-installer msttcorefonts/accepted-mscorefonts-eula select true" \
-      | debconf-set-selections \
-    && apt-get update -qq \
-    && DEBIAN_FRONTEND=noninteractive apt-get install -y -qq --no-install-recommends \
-        ca-certificates \
-        ttf-mscorefonts-installer \
-        fonts-symbola \
-        fonts-noto-extra \
-        fonts-hosny-amiri \
-        fonts-thai-tlwg \
-        fonts-sil-padauk \
-        fonts-sarai \
-        fonts-samyak-taml \
-        culmus \
-        libfribidi0 \
-        libharfbuzz0b \
-    && fc-cache -f \
-    && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
-
-USER gotenberg
-```
-
-<Callout type="warn">
-  `ttf-mscorefonts-installer` accepts the Microsoft Core Fonts EULA on your behalf via debconf. By
-  installing this image you are agreeing to those licence terms. Review them before publishing the
-  image.
-</Callout>
-
-Build and publish the image to a registry you control:
-
-```bash
-docker build -t registry.example.com/documenso/gotenberg:8 \
-  -f Dockerfile.gotenberg .
-docker push registry.example.com/documenso/gotenberg:8
-```
-
-If you do not need extra fonts, skip the build step entirely and reference `gotenberg/gotenberg:8-libreoffice` directly in the next section.
-
-## Deploy the Service
-
-The Gotenberg service should run **alongside** your Documenso container, not exposed to the public internet. The conversion service has no built-in authorisation beyond HTTP Basic auth, so it should sit on a private network or behind your existing reverse proxy.
-
-<Tabs items={['Docker Compose', 'Kubernetes', 'External Instance']}>
-<Tab value="Docker Compose">
-
-Add a `gotenberg` service to the `compose.yml` you use for Documenso:
-
-```yaml
-services:
-  gotenberg:
-    image: registry.example.com/documenso/gotenberg:8
-    # Or use upstream directly:
-    # image: gotenberg/gotenberg:8-libreoffice
-    restart: unless-stopped
-    environment:
-      GOTENBERG_API_BASIC_AUTH_USERNAME: ${GOTENBERG_USERNAME}
-      GOTENBERG_API_BASIC_AUTH_PASSWORD: ${GOTENBERG_PASSWORD}
-    command:
-      - gotenberg
-      - --api-enable-basic-auth
-      - --libreoffice-deny-private-ips
-      - --api-timeout=500s
-      - --libreoffice-auto-start
-      - --libreoffice-start-timeout=300s
-      - --pdfengines-disable-routes
-      - --webhook-disable
-    healthcheck:
-      test: ['CMD', 'curl', '-fsS', 'http://localhost:3000/health']
-      interval: 10s
-      timeout: 5s
-      retries: 5
-      start_period: 20s
-
-  documenso:
-    # existing config
-    environment:
-      NEXT_PRIVATE_DOCUMENT_CONVERSION_URL: http://gotenberg:3000
-      NEXT_PRIVATE_DOCUMENT_CONVERSION_USERNAME: ${GOTENBERG_USERNAME}
-      NEXT_PRIVATE_DOCUMENT_CONVERSION_PASSWORD: ${GOTENBERG_PASSWORD}
-    depends_on:
-      gotenberg:
-        condition: service_healthy
-```
-
-Do **not** publish Gotenberg's port (`3000`) to the host. Documenso reaches it over the internal Docker network using the service name (`http://gotenberg:3000`).
-
-</Tab>
-<Tab value="Kubernetes">
-
-Create a Deployment, Service, and Secret. Example manifests:
-
-```yaml
-apiVersion: v1
-kind: Secret
-metadata:
-  name: gotenberg-auth
-  namespace: documenso
-stringData:
-  username: documenso
-  password: replace-me-with-a-strong-password
---
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: gotenberg
-  namespace: documenso
-spec:
-  replicas: 1
-  selector:
-    matchLabels: { app: gotenberg }
-  template:
-    metadata:
-      labels: { app: gotenberg }
-    spec:
-      containers:
-        - name: gotenberg
-          image: registry.example.com/documenso/gotenberg:8
-          args:
-            - gotenberg
-            - --api-enable-basic-auth
-            - --libreoffice-deny-private-ips
-            - --api-timeout=500s
-            - --libreoffice-auto-start
-            - --libreoffice-start-timeout=300s
-            - --pdfengines-disable-routes
-            - --webhook-disable
-          env:
-            - name: GOTENBERG_API_BASIC_AUTH_USERNAME
-              valueFrom: { secretKeyRef: { name: gotenberg-auth, key: username } }
-            - name: GOTENBERG_API_BASIC_AUTH_PASSWORD
-              valueFrom: { secretKeyRef: { name: gotenberg-auth, key: password } }
-          ports:
-            - containerPort: 3000
-          readinessProbe:
-            httpGet: { path: /health, port: 3000 }
-          livenessProbe:
-            httpGet: { path: /health, port: 3000 }
-            initialDelaySeconds: 30
---
-apiVersion: v1
-kind: Service
-metadata:
-  name: gotenberg
-  namespace: documenso
-spec:
-  selector: { app: gotenberg }
-  ports:
-    - port: 3000
-      targetPort: 3000
-```
-
-Then reference the in-cluster URL from Documenso's environment:
-
-```
-NEXT_PRIVATE_DOCUMENT_CONVERSION_URL=http://gotenberg.documenso.svc.cluster.local:3000
-NEXT_PRIVATE_DOCUMENT_CONVERSION_USERNAME=documenso
-NEXT_PRIVATE_DOCUMENT_CONVERSION_PASSWORD=replace-me-with-a-strong-password
-```
-
-</Tab>
-<Tab value="External Instance">
-
-Documenso does not have to colocate with Gotenberg. You can point it at any reachable Gotenberg deployment: a managed instance, a shared internal service, or a Gotenberg-compatible API.
-
-```bash
-NEXT_PRIVATE_DOCUMENT_CONVERSION_URL=https://gotenberg.internal.example.com
-NEXT_PRIVATE_DOCUMENT_CONVERSION_USERNAME=documenso
-NEXT_PRIVATE_DOCUMENT_CONVERSION_PASSWORD=replace-me-with-a-strong-password
-```
-
-The remote instance must:
-
- Expose the LibreOffice route `/forms/libreoffice/convert`.
- Be reachable from the Documenso container with low enough latency that the 30 second per-request timeout is comfortable.
- Be on a private network or require authentication. Uploaded documents are sent to it as multipart form data and may contain sensitive content.
-
-</Tab>
-</Tabs>
-
-## Recommended Gotenberg Flags
-
-The flags in the examples above are not arbitrary. Each one matters for a production deployment.
-
-| Flag                              | Why it matters                                                                                                                                                                                                                                                       |
-| --------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| `--api-enable-basic-auth`         | Requires HTTP Basic credentials on every API route. Without this, anyone with network access to the container can convert arbitrary documents.                                                                                                                       |
-| `--libreoffice-deny-private-ips`  | Rejects any outbound fetch LibreOffice tries to make to private, loopback, link-local, or cloud-metadata addresses while processing a document. Mitigates SSRF via malicious `.docx` files that embed `TargetMode="External"` references. Requires Gotenberg 8.32.0. |
-| `--api-timeout=500s`              | Server-side request ceiling. Documenso aborts at 30 s by default, so this is a safety net for very large documents.                                                                                                                                                  |
-| `--libreoffice-auto-start`        | Starts LibreOffice at container boot so the first request is not slow.                                                                                                                                                                                               |
-| `--libreoffice-start-timeout=300s`| Allows LibreOffice up to 5 minutes to come up under load.                                                                                                                                                                                                            |
-| `--pdfengines-disable-routes`     | Disables the PDF engines routes Documenso does not use. Shrinks the attack surface.                                                                                                                                                                                  |
-| `--webhook-disable`               | Disables webhook callbacks. Documenso uses synchronous requests only.                                                                                                                                                                                                |
-
-## Configure Documenso
-
-Set the following environment variables on the Documenso container and restart it.
-
-### Required
-
-| Variable                              | Description                                                            |
-| ------------------------------------- | ---------------------------------------------------------------------- |
-| `NEXT_PRIVATE_DOCUMENT_CONVERSION_URL`| Base URL of the Gotenberg service (e.g., `http://gotenberg:3000`). Leave unset to disable the feature. |
-
-### Optional
-
-| Variable                                    | Default | Description                                                                                  |
-| ------------------------------------------- | ------- | -------------------------------------------------------------------------------------------- |
-| `NEXT_PRIVATE_DOCUMENT_CONVERSION_USERNAME` |         | HTTP Basic auth username. Set when Gotenberg runs with `--api-enable-basic-auth`.            |
-| `NEXT_PRIVATE_DOCUMENT_CONVERSION_PASSWORD` |         | HTTP Basic auth password. Set together with the username.                                    |
-| `NEXT_PRIVATE_DOCUMENT_CONVERSION_TIMEOUT_MS`| `30000` | Per-request timeout in milliseconds. Increase for very large documents.                      |
-
-<Callout type="info">
-  When `NEXT_PRIVATE_DOCUMENT_CONVERSION_URL` is set, the public flag
-  `NEXT_PUBLIC_DOCUMENT_CONVERSION_ENABLED` is derived automatically on server start. You do not
-  need to set it yourself, and setting it manually has no effect.
-</Callout>
-
-### Example `.env` Snippet
-
-```bash
-# Document conversion (DOCX -> PDF)
-NEXT_PRIVATE_DOCUMENT_CONVERSION_URL=http://gotenberg:3000
-NEXT_PRIVATE_DOCUMENT_CONVERSION_USERNAME=documenso
-NEXT_PRIVATE_DOCUMENT_CONVERSION_PASSWORD=replace-me-with-a-strong-password
-# NEXT_PRIVATE_DOCUMENT_CONVERSION_TIMEOUT_MS=60000
-```
-
-## Verify the Setup
-
-{/* prettier-ignore */}
-<Steps>
-<Step>
-### Restart the Documenso container
-
-Restart so the new environment variables are picked up.
-
-</Step>
-<Step>
-### Confirm Gotenberg is healthy
-
-From a shell inside the Documenso container or another container on the same network:
-
-```bash
-curl -fsS http://gotenberg:3000/health
-```
-
-The endpoint is exempt from basic auth and should return `200 OK`.
-
-</Step>
-<Step>
-### Upload a test DOCX
-
-In the Documenso web UI, open **Documents** and try uploading a small `.docx` file. The upload dropzone should accept it, and after a few seconds the editor should open with the converted PDF.
-
-</Step>
-<Step>
-### Check the server logs
-
-Successful conversions log a `document_conversion_attempt` event with `result: "success"`, the duration, and the file size. Failures log the same event with `result: "error"` and an error code (`CONVERSION_SERVICE_UNAVAILABLE`, `CONVERSION_FAILED`, or `UNSUPPORTED_FILE_TYPE`).
-
-</Step>
-</Steps>
-
-## Security Considerations
-
- **Treat the conversion service as untrusted internal infrastructure.** Documents pass through Gotenberg in plain form. Run it on a private network and require HTTP Basic auth.
- **Run with `--libreoffice-deny-private-ips`.** Without this flag, a malicious `.docx` can trigger LibreOffice to fetch URLs from your internal network (SSRF).
- **Disable unused routes.** `--pdfengines-disable-routes` and `--webhook-disable` reduce attack surface. Documenso only uses the LibreOffice convert route.
- **Do not expose Gotenberg to the public internet.** Even with basic auth, this is a document-processing service with a non-trivial CPU and memory footprint; exposing it invites abuse.
- **Rotate credentials.** Rotating the basic auth secret is a config change in both Gotenberg and Documenso, followed by a restart of each.
-
-## Resource Sizing
-
-Conversion is CPU- and memory-bound on LibreOffice. As a starting point:
-
-| Workload                      | Suggested resources                  |
-| ----------------------------- | ------------------------------------ |
-| Light (a few DOCX per minute) | 1 vCPU, 1 GB RAM                     |
-| Moderate (sustained uploads)  | 2 vCPU, 2 GB RAM                     |
-| Heavy / multi-tenant          | Horizontally scale Gotenberg replicas behind a load balancer |
-
-Gotenberg is stateless. Each container handles one or more concurrent requests independently. Scale horizontally rather than vertically once a single replica is saturated.
-
-## Troubleshooting
-
-<Accordions type="multiple">
-  <Accordion title="DOCX uploads are rejected with 'Only PDF and DOCX files are allowed'">
-    The Documenso server does not see `NEXT_PRIVATE_DOCUMENT_CONVERSION_URL`. Check the value is set
-    on the running container (`docker exec documenso printenv | grep DOCUMENT_CONVERSION`) and
-    restart after changing it.
-  </Accordion>
-
-  <Accordion title="Uploads fail with 'Document conversion service is currently unavailable'">
-    Documenso could not reach Gotenberg. Verify:
-
-    - The URL in `NEXT_PRIVATE_DOCUMENT_CONVERSION_URL` is resolvable from the Documenso container
-      (use the Docker service name or in-cluster DNS, not `localhost`).
-    - Gotenberg's `/health` endpoint returns `200`.
-    - Basic auth credentials match between the two services.
-
-    After repeated failures, an internal circuit breaker opens for 30 seconds. Subsequent uploads
-    will fail fast during that window; this is intentional and self-recovers.
-
-  </Accordion>
-
-  <Accordion title="Uploads fail with 'Failed to convert document to PDF'">
-    Gotenberg was reachable but returned a non-2xx response. Check the Gotenberg container logs:
-
-    ```bash
-    docker compose logs -f gotenberg
-    ```
-
-    Common causes: corrupted `.docx` file, exotic embedded objects LibreOffice cannot render, or a
-    file that genuinely exceeded the conversion timeout. Increase
-    `NEXT_PRIVATE_DOCUMENT_CONVERSION_TIMEOUT_MS` for very large documents.
-
-  </Accordion>
-
-  <Accordion title="Converted PDFs look different from the Word document">
-    LibreOffice is not byte-identical to Microsoft Word. Layout, font metrics, and complex elements
-    (Charts, SmartArt, ActiveX controls) may differ. To improve fidelity:
-
-    - Use the custom Dockerfile in this guide to install Microsoft Core Fonts and additional
-      language fonts.
-    - Make sure any custom fonts referenced by your documents are installed in the Gotenberg image.
-    - For pixel-perfect output, ask users to export to PDF from Word before uploading.
-
-  </Accordion>
-
-  <Accordion title="Form controls in the DOCX appear blank or missing">
-    Documenso disables Gotenberg's `exportFormFields` flag during conversion. Word content controls
-    (`<w:sdt>`) become static graphics in the output PDF, which prevents Documenso's later
-    flattening step from making them invisible. This is intentional. Use Documenso fields
-    (signature, text, date, etc.) for anything that needs to be filled in by signers.
-  </Accordion>
-
-  <Accordion title="Conversion is slow on the first request">
-    LibreOffice starts lazily by default. Pass `--libreoffice-auto-start` to Gotenberg so it warms
-    up at container boot. Allow up to a minute on first start before considering the service
-    unhealthy.
-  </Accordion>
-
-  <Accordion title="The circuit breaker keeps opening">
-    Repeated failures open an in-process circuit breaker for 30 seconds. If you see this in
-    production, the underlying problem is the Gotenberg service. Check its logs, resource usage,
-    and connectivity. The breaker is per-process and resets on restart.
-  </Accordion>
-</Accordions>
-
---
-
-## See Also
-
- [Upload Documents (User Guide)](/docs/users/documents/upload) - End-user view of DOCX uploads
- [Environment Variables](/docs/self-hosting/configuration/environment) - Full configuration reference
- [Docker Compose Deployment](/docs/self-hosting/deployment/docker-compose) - Compose-based deployment patterns
- [Gotenberg Documentation](https://gotenberg.dev/docs/getting-started/introduction) - Upstream Gotenberg docs
@@ -1,6 +1,6 @@
 ---
 title: Advanced
-description: Optional configuration for OAuth providers, AI features, document conversion, and other advanced settings.
+description: Optional configuration for OAuth providers, AI features, and other advanced settings.
 ---

 <Cards>
@@ -14,9 +14,4 @@ description: Optional configuration for OAuth providers, AI features, document c
    description="Enable AI-powered recipient and field detection."
    href="/docs/self-hosting/configuration/advanced/ai-features"
  />
-  <Card
-    title="Document Conversion"
-    description="Accept DOCX uploads by running a Gotenberg sidecar that converts Word documents to PDF."
-    href="/docs/self-hosting/configuration/advanced/document-conversion"
-  />
 </Cards>
@@ -1,4 +1,4 @@
 {
  "title": "Advanced",
-  "pages": ["oauth-providers", "document-conversion", "ai-features"]
+  "pages": ["oauth-providers", "ai-features"]
 }
@@ -244,7 +244,7 @@ You can control who is allowed to create accounts on your instance with the foll
 - **`NEXT_PUBLIC_DISABLE_GOOGLE_SIGNUP`**, **`NEXT_PUBLIC_DISABLE_MICROSOFT_SIGNUP`**, **`NEXT_PUBLIC_DISABLE_OIDC_SIGNUP`**: Set to `true` to block brand-new account creation through the matching SSO provider. Existing users with the provider already linked can still sign in, and existing users can still link the provider to their account. `NEXT_PUBLIC_DISABLE_OIDC_SIGNUP` also blocks new-account creation through the organisation authentication portal.
 - **`NEXT_PRIVATE_ALLOWED_SIGNUP_DOMAINS`**: Restrict signups to specific email domains. When set, only users whose email address matches one of the listed domains can create an account. Leave empty to allow all domains.

-Sign-in for existing users is never affected, only the creation of brand-new accounts.
+Sign-in for existing users is never affected — only the creation of brand-new accounts.

 Both the master switch and the domain allowlist apply to email/password registration and OAuth (Google, Microsoft, OIDC). If a user attempts to sign up via OAuth with a disallowed domain, they are redirected to the sign-in page with an error.

@@ -279,23 +279,6 @@ AI features must also be enabled in organisation/team settings after configurati

 ---

-## Document Conversion
-
-Documenso can accept `.docx` uploads by sending them to a [Gotenberg](https://gotenberg.dev) service that converts them to PDF. When `NEXT_PRIVATE_DOCUMENT_CONVERSION_URL` is unset, DOCX uploads are rejected and only PDFs are accepted.
-
-| Variable                                      | Description                                                                                       | Default |
-| --------------------------------------------- | ------------------------------------------------------------------------------------------------- | ------- |
-| `NEXT_PRIVATE_DOCUMENT_CONVERSION_URL`        | Base URL of the Gotenberg service (e.g., `http://gotenberg:3000`). Unset disables the feature.    |         |
-| `NEXT_PRIVATE_DOCUMENT_CONVERSION_USERNAME`   | HTTP Basic auth username. Required when Gotenberg runs with `--api-enable-basic-auth`.            |         |
-| `NEXT_PRIVATE_DOCUMENT_CONVERSION_PASSWORD`   | HTTP Basic auth password. Set together with the username.                                         |         |
-| `NEXT_PRIVATE_DOCUMENT_CONVERSION_TIMEOUT_MS` | Per-request timeout in milliseconds. Increase for very large documents.                           | `30000` |
-
-The public flag `NEXT_PUBLIC_DOCUMENT_CONVERSION_ENABLED` is derived automatically from `NEXT_PRIVATE_DOCUMENT_CONVERSION_URL` on server start. Do not set it manually.
-
-For setup, image-build instructions, and security recommendations, see [Document Conversion](/docs/self-hosting/configuration/advanced/document-conversion).
-
---
-
 ## Background Jobs

 Documenso supports multiple background job providers for processing emails, documents, webhooks, and scheduled tasks.
@@ -359,7 +342,7 @@ Telemetry collects only: app version, installation ID, and node ID. No personal

 ## Enterprise Features

-These variables require an active [Enterprise Edition](/docs/policies/enterprise-edition) license. Obtain a license key from [license.documenso.com](https://license.documenso.com) and set it below to unlock enterprise features such as SSO, embed editor, and 21 CFR Part 11 compliance.
+These variables require an active [Enterprise Edition](/docs/policies/enterprise-edition) license. Obtain a license key from [license.documenso.com](https://license.documenso.com) and set it below to unlock enterprise features such as SSO, embed authoring, and 21 CFR Part 11 compliance.

 | Variable                             | Description                                      |
 | ------------------------------------ | ------------------------------------------------ |
@@ -1,6 +1,6 @@
 ---
 title: Storage Configuration
-description: Configure file storage for uploaded documents and signed PDFs using database storage (default), S3-compatible object storage, or Azure Blob Storage.
+description: Configure file storage for uploaded documents and signed PDFs using database storage (default) or S3-compatible object storage.
 ---

 import { Accordion, Accordions } from 'fumadocs-ui/components/accordion';
@@ -10,11 +10,10 @@ import { Tab, Tabs } from 'fumadocs-ui/components/tabs';

 ## Storage Options

-| Backend      | Best For                                | Scalability | Configuration |
-| ------------ | --------------------------------------- | ----------- | ------------- |
-| `database`   | Small deployments, simplicity           | Limited     | None required |
-| `s3`         | Production, large files, backups        | High        | Required      |
-| `azure-blob` | Production on Azure, native Blob access | High        | Required      |
+| Backend    | Best For                         | Scalability | Configuration |
+| ---------- | -------------------------------- | ----------- | ------------- |
+| `database` | Small deployments, simplicity    | Limited     | None required |
+| `s3`       | Production, large files, backups | High        | Required      |

 Select the storage backend with the `NEXT_PUBLIC_UPLOAD_TRANSPORT` environment variable:

@@ -24,9 +23,6 @@ NEXT_PUBLIC_UPLOAD_TRANSPORT=database

 # S3-compatible storage
 NEXT_PUBLIC_UPLOAD_TRANSPORT=s3
-
-# Azure Blob Storage (native)
-NEXT_PUBLIC_UPLOAD_TRANSPORT=azure-blob
 ```

 ---
@@ -287,111 +283,6 @@ NEXT_PRIVATE_UPLOAD_REGION=us-east-1

 ---

-## Azure Blob Storage
-
-Azure Blob Storage is supported as a native transport (not S3-compatible). Documenso uses the official `@azure/storage-blob` SDK and signs SAS URLs with the Storage Account key for browser uploads and downloads.
-
-### Required Variables
-
-| Variable                                | Description                                       |
-| --------------------------------------- | ------------------------------------------------- |
-| `NEXT_PUBLIC_UPLOAD_TRANSPORT`          | Set to `azure-blob`                               |
-| `NEXT_PRIVATE_UPLOAD_AZURE_ACCOUNT_NAME` | Azure Storage Account name                        |
-| `NEXT_PRIVATE_UPLOAD_AZURE_ACCOUNT_KEY`  | Azure Storage Account access key                  |
-| `NEXT_PRIVATE_UPLOAD_AZURE_CONTAINER`    | Container name where uploads are stored          |
-
-### Optional Variables
-
-| Variable                            | Description                                                                                                                  | Default                                       |
-| ----------------------------------- | ---------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------- |
-| `NEXT_PRIVATE_UPLOAD_AZURE_ENDPOINT` | Custom Blob endpoint URL. Useful for local development against Azurite (for example `http://127.0.0.1:10000`).               | `https://<account>.blob.core.windows.net`     |
-
-### Azure Setup
-
-{/* prettier-ignore */}
-<Steps>
-<Step>
-### Create a Storage Account and Container
-
-Create a Storage Account in the Azure Portal or via the Azure CLI, then create a container inside it:
-
-```bash
-az storage account create \
-  --name yourstorageaccount \
-  --resource-group your-rg \
-  --location eastus \
-  --sku Standard_LRS
-
-az storage container create \
-  --name documenso-documents \
-  --account-name yourstorageaccount
-```
-
-</Step>
-<Step>
-### Configure CORS on the container
-
-The browser uploads documents directly to Azure Blob using a SAS URL, and downloads them the same way, so the Storage Account needs CORS rules that allow your application origin:
-
-```bash
-az storage cors add \
-  --services b \
-  --methods GET PUT \
-  --origins https://your-documenso-domain.com \
-  --allowed-headers "Content-Type" "x-ms-blob-type" "Authorization" \
-  --exposed-headers "*" \
-  --max-age 3600 \
-  --account-name yourstorageaccount
-```
-
-</Step>
-<Step>
-### Configure Environment Variables
-
-```bash
-NEXT_PUBLIC_UPLOAD_TRANSPORT=azure-blob
-NEXT_PRIVATE_UPLOAD_AZURE_ACCOUNT_NAME=yourstorageaccount
-NEXT_PRIVATE_UPLOAD_AZURE_ACCOUNT_KEY=your-account-key
-NEXT_PRIVATE_UPLOAD_AZURE_CONTAINER=documenso-documents
-```
-
-</Step>
-</Steps>
-
-### Local Development with Azurite
-
-Azurite is the official Azure Storage emulator. It supports the Blob REST API with account-key authentication.
-
-```bash
-docker run -d --name azurite \
-  -p 10000:10000 -p 10001:10001 -p 10002:10002 \
-  mcr.microsoft.com/azure-storage/azurite
-```
-
-Create the container against the well-known development account:
-
-```bash
-az storage container create \
-  --name documenso-documents \
-  --connection-string "DefaultEndpointsProtocol=http;AccountName=devstoreaccount1;AccountKey=Eby8vdM02xNOcqFlqUwJPLlmEtlCDXJ1OUzFT50uSRZ6IFsuFq2UVErCz4I6tq/K1SZFPTOtr/KBHBeksoGMGw==;BlobEndpoint=http://127.0.0.1:10000/devstoreaccount1;"
-```
-
-Configure environment variables to point at the emulator:
-
-```bash
-NEXT_PUBLIC_UPLOAD_TRANSPORT=azure-blob
-NEXT_PRIVATE_UPLOAD_AZURE_ACCOUNT_NAME=devstoreaccount1
-NEXT_PRIVATE_UPLOAD_AZURE_ACCOUNT_KEY=Eby8vdM02xNOcqFlqUwJPLlmEtlCDXJ1OUzFT50uSRZ6IFsuFq2UVErCz4I6tq/K1SZFPTOtr/KBHBeksoGMGw==
-NEXT_PRIVATE_UPLOAD_AZURE_CONTAINER=documenso-documents
-NEXT_PRIVATE_UPLOAD_AZURE_ENDPOINT=http://127.0.0.1:10000
-```
-
-<Callout type="info">
-  The Azurite key shown above is the public well-known development key, published by Microsoft for emulator use. Never reuse it in production.
-</Callout>
-
---
-
 ## CloudFront CDN (Optional)

 Use Amazon CloudFront to serve documents with lower latency and reduced S3 costs. CloudFront integration uses signed URLs for secure access.
@@ -26,14 +26,8 @@ docker --version

 ## Pulling the Docker Image

-The Documenso image is available on both DockerHub and GitHub Container Registry:
-
 ```bash
-# DockerHub
 docker pull documenso/documenso:latest
-
-# GitHub Container Registry
-docker pull ghcr.io/documenso/documenso:latest
 ```

 ### Available Tags
@@ -202,14 +196,6 @@ Documenso provides health check endpoints for monitoring:
 | `/api/health`             | Checks database connectivity and certificate status            |
 | `/api/certificate-status` | Returns whether a signing certificate is configured and usable |

-Both endpoints return a JSON response with a `status` field:
-
-| Status      | Meaning                                                              |
-| ----------- | -------------------------------------------------------------------- |
-| `"ok"`      | Everything is working properly                                       |
-| `"warning"` | Application is running but there are certificate issues              |
-| `"error"`   | Critical issues (database unreachable, missing configuration, etc.)  |
-
 ### Docker Health Check

 Add a health check to your container:
@@ -3,8 +3,6 @@ title: Getting Started
 description: Requirements and quick start guide for self-hosting Documenso.
 ---

-import { Callout } from 'fumadocs-ui/components/callout';
-
 <Cards>
  <Card
    title="Requirements"
@@ -17,11 +15,3 @@ import { Callout } from 'fumadocs-ui/components/callout';
    href="/docs/self-hosting/getting-started/quick-start"
  />
 </Cards>
-
-<Callout type="error">
-  **You must generate a signing certificate.** Documenso does not ship with one. Without a
-  certificate, the application starts normally but document signing will fail on completion with
-  errors.
-
-  Please see all the [requirements](/docs/self-hosting/getting-started/requirements) before proceeding.
-</Callout>
@@ -7,29 +7,14 @@ import { Callout } from 'fumadocs-ui/components/callout';

 ## What You Need

-Documenso requires the following items and external services:
+Documenso requires the following external services:

 | Service       | Purpose                      | Minimum Version |
 | ------------- | ---------------------------- | --------------- |
-| Signing certificate | Digital signature for documents | N/A             |
 | PostgreSQL    | Primary database             | 14+             |
 | SMTP server   | Sending emails to recipients | Any             |
 | Reverse proxy | SSL termination, routing     | Any             |

-
-### Signing Certificate
-
-<Callout type="error">
-  Documenso does not ship with a signing certificate. Without one, the application starts normally
-  but all document signing will fail. You must generate or provide a `.p12` certificate before going
-  to production.
-</Callout>
-
-Every completed document is digitally signed using an X.509 certificate. You can generate a self-signed certificate for free or use one from a Certificate Authority (CA).
-
- [Generate a local certificate](/docs/self-hosting/configuration/signing-certificate/local) — step-by-step instructions to create a `.p12` certificate
- [All certificate options](/docs/self-hosting/configuration/signing-certificate) — self-signed, CA-issued, and Google Cloud HSM
-
 ### PostgreSQL Database

 Documenso uses PostgreSQL for all data storage including documents, users, and audit logs. You cannot use MySQL, SQLite, or other databases.
@@ -154,34 +154,6 @@ See [Background Jobs Configuration](/docs/self-hosting/configuration/background-

 ---

-## IPv6-Only Deployments
-
-If you are deploying to an environment that uses only IPv6, set the `HOST` environment variable to `::` so the application binds to all IPv6 addresses:
-
-**Docker:**
-
-```bash
-docker run -it -e HOST=:: documenso/documenso:latest npm run start
-```
-
-**Kubernetes or Docker Compose:**
-
-```yaml
-containers:
-  - name: documenso
-    image: documenso/documenso:latest
-    command:
-      - npm
-    args:
-      - run
-      - start
-    env:
-      - name: HOST
-        value: '::'
-```
-
---
-
 ## Docker File Permissions

 The Documenso container runs as a non-root user (UID 1001). If you mount files into the container (certificates, configuration), ensure they're readable:
@@ -3,8 +3,6 @@ title: Self-Hosting
 description: Deploy and manage your own Documenso instance for complete control over your data, compliance, and customization.
 ---

-import { Callout } from 'fumadocs-ui/components/callout';
-
 ## Getting Started

 <Cards>
@@ -20,13 +18,6 @@ import { Callout } from 'fumadocs-ui/components/callout';
  />
 </Cards>

-<Callout type="error">
-  **You must generate a signing certificate.** Documenso does not ship with one. Without a
-  certificate, the application starts normally but document signing will fail.
-
-  Please see all the [requirements](/docs/self-hosting/getting-started/requirements) before proceeding.
-</Callout>
-
 ---

 ## Deployment Options
@@ -131,7 +122,7 @@ See the [Quick Start guide](/docs/self-hosting/getting-started/quick-start) for

 ## Enterprise Edition

-Self-hosted Documenso includes full core functionality under the AGPL-3.0 license. If you need enterprise features such as SSO, embed editor white label, or 21 CFR Part 11 compliance, you can activate them with a license key.
+Self-hosted Documenso includes full core functionality under the AGPL-3.0 license. If you need enterprise features such as SSO, embed authoring white label, or 21 CFR Part 11 compliance, you can activate them with a license key.

 See [Enterprise Edition](/docs/policies/enterprise-edition) for details and [Licenses](/docs/policies/licenses) for a comparison.

@@ -11,41 +11,16 @@ import { Step, Steps } from 'fumadocs-ui/components/steps';

 | Limitation              | Value                               |
 | ----------------------- | ----------------------------------- |
-| Supported formats       | PDF, DOCX                           |
+| Supported format        | PDF only                            |
 | Maximum file size       | 50MB (configurable for self-hosted) |
 | Encrypted PDFs          | Not supported                       |
 | Password-protected PDFs | Not supported                       |
-| Legacy `.doc` files     | Not supported (convert to DOCX)     |

 <Callout type="warn">
  Documenso does not support password-protected or encrypted PDF files. Remove encryption before
  uploading.
 </Callout>

-## Supported Formats
-
-Documenso accepts two file formats:
-
- **PDF** (`.pdf`): used as-is. **Recommended.**
- **Word** (`.docx`): converted to PDF on the server during upload. The converted PDF is what recipients sign.
-
-Other formats (`.doc`, `.odt`, `.rtf`, images) are not supported. Convert them to PDF or DOCX before uploading.
-
-<Callout type="warn">
-  **Upload a PDF whenever you can.** DOCX files are converted to PDF using LibreOffice, which is not
-  byte-identical to Microsoft Word. Spacing, line breaks, fonts, and complex elements (tables,
-  charts, headers, footers) can shift in the converted PDF. For the final document to look exactly
-  the way you designed it, export to PDF from Word, Google Docs, or Pages and upload the PDF
-  directly.
-</Callout>
-
-<Callout type="info">
-  DOCX support requires the document conversion service. It is enabled on
-  [documenso.com](https://app.documenso.com). Self-hosted instances must
-  [configure it](/docs/self-hosting/configuration/advanced/document-conversion) before DOCX uploads
-  are accepted.
-</Callout>
-
 ## Upload Methods

 ![Documents dashboard](/document-signing/documenso-documents-dashboard.webp)
@@ -63,15 +38,15 @@ You can upload documents in two ways:

  </Step>
  <Step>
-    ### Drag and drop your file
+    ### Drag and drop your PDF

-    Drag a PDF or DOCX file from your computer and drop it anywhere on the page.
+    Drag a PDF file from your computer and drop it anywhere on the page.

  </Step>
  <Step>
    ### Wait for the upload to complete

-    The document will process and the editor will open when ready. DOCX files take a few extra seconds while they are converted to PDF.
+    The document will process and the editor will open when ready.

  </Step>
 </Steps>
@@ -95,7 +70,7 @@ You can upload documents in two ways:
  <Step>
    ### Select your file

-    Choose a PDF or DOCX file from your computer.
+    Choose a PDF file from your computer.

  </Step>
  <Step>
@@ -106,32 +81,16 @@ You can upload documents in two ways:
  </Step>
 </Steps>

-## DOCX Conversion
-
-We always recommend uploading a PDF rather than a DOCX. If you have the original document open in Word, Google Docs, or Pages, export to PDF from there and upload the PDF. The result is guaranteed to match what you see on screen.
-
-If you do upload a `.docx` file, Documenso converts it to PDF before adding it to the envelope. The original `.docx` is discarded. Only the converted PDF is stored, signed, and downloaded.
-
-Things to keep in mind when uploading DOCX:
-
- **The converted PDF will not be pixel-identical to your Word document.** Conversion uses LibreOffice, which renders most documents faithfully but differs from Microsoft Word in subtle ways. Spacing, font metrics, line breaks, and complex layout features can shift.
- **Always review the converted PDF before adding fields or sending.** Open the document in the editor and scroll through every page to confirm it looks the way you expect.
- **Form controls are flattened.** Word content controls (drop-downs, date pickers, checkboxes) become static text or graphics. Use Documenso fields for anything that needs to be filled in.
- **Fonts not installed on the server fall back to substitutes.** On documenso.com, common fonts (Calibri, Arial, Times New Roman, etc.) are installed. On self-hosted instances, font fidelity depends on the operator's setup.
- **Tracked changes and comments are preserved as they appear in Word.** Accept or reject changes and remove comments before uploading if you do not want them in the final document.
-
-If the converted PDF does not match what you expect, export the document to PDF from Word, Google Docs, or another tool and upload the PDF directly.
-
 ## Uploading Multiple Documents

-You can upload multiple files at once to create a single envelope containing multiple documents. The number of files you can upload per envelope depends on your plan.
+You can upload multiple PDF files at once to create a single envelope containing multiple documents. The number of files you can upload per envelope depends on your plan.

 To upload multiple files:

- Select multiple PDF or DOCX files when using the file picker, or
- Drag and drop multiple files at once
+- Select multiple PDF files when using the file picker, or
+- Drag and drop multiple PDF files at once

-You can mix PDF and DOCX files in the same upload. All files become part of the same envelope and share the same recipients and signing workflow.
+All files in the same upload become part of the same envelope and share the same recipients and signing workflow.

 <Callout type="info">
  If you need separate signing workflows for each document, upload them individually.
@@ -155,37 +114,15 @@ The document remains in `Draft` status until you send it. You can close the edit
  <Accordion title="File is larger than 50MB">
    Reduce the file size before uploading:

-    - Compress images within the document
+    - Compress images within the PDF
    - Remove unnecessary pages
-    - Use a PDF compression tool (for PDFs) or save with images downsampled (for DOCX)
+    - Use a PDF compression tool

  </Accordion>

-<Accordion title="Only PDF and DOCX files are allowed">
-  Documenso accepts PDF and DOCX. For other formats (`.doc`, `.odt`, `.rtf`, etc.), export to PDF
-  from your editor (Word, Google Docs, Pages) and upload the PDF.
-
-If you are self-hosted and DOCX is rejected, the [document conversion
-service](/docs/self-hosting/configuration/advanced/document-conversion) is not configured on your
-instance.
-
-</Accordion>
-
-<Accordion title="DOCX upload fails with a conversion error">
-  The document conversion service was reachable but could not convert the file. Common causes:
-
- The `.docx` file is corrupted. Open it in Word, save a new copy, and try again.
- The file uses very unusual fonts or embedded objects that LibreOffice cannot render.
- The file is unusually large or complex and exceeded the conversion timeout.
-
-If the problem persists, export the document to PDF from Word and upload the PDF directly.
-
-</Accordion>
-
-<Accordion title="DOCX upload fails with 'conversion service unavailable'">
-  The document conversion service is down or temporarily unreachable. Try again in a minute. If you
-  self-host, check the [document conversion
-  service](/docs/self-hosting/configuration/advanced/document-conversion) logs.
+<Accordion title="Only PDF files are allowed">
+  Convert your document to PDF before uploading. Most applications (Word, Google Docs, etc.) can
+  export to PDF format.
 </Accordion>

 <Accordion title="You cannot upload encrypted PDFs">
@@ -296,27 +296,12 @@ const config = {
      },
      {
        source: '/developers/embedding/authoring',
-        destination: '/docs/developers/embedding/editor',
-        permanent: true,
-      },
-      {
-        source: '/developers/embedding/authoring/:path*',
-        destination: '/docs/developers/embedding/editor/:path*',
+        destination: '/docs/developers/embedding/authoring',
        permanent: true,
      },
      {
        source: '/developers/embedded-authoring',
-        destination: '/docs/developers/embedding/editor',
-        permanent: true,
-      },
-      {
-        source: '/docs/developers/embedding/authoring',
-        destination: '/docs/developers/embedding/editor',
-        permanent: true,
-      },
-      {
-        source: '/docs/developers/embedding/authoring/:path*',
-        destination: '/docs/developers/embedding/editor/:path*',
+        destination: '/docs/developers/embedding/authoring',
        permanent: true,
      },

@@ -16,7 +16,7 @@
    "fumadocs-ui": "16.5.0",
    "lucide-react": "^0.563.0",
    "mermaid": "^11.12.2",
-    "next": "16.2.6",
+    "next": "16.2.4",
    "next-plausible": "^3.12.5",
    "next-themes": "^0.4.6",
    "react": "^19.2.4",
@@ -29,7 +29,7 @@
    "@types/node": "^25.1.0",
    "@types/react": "^19.2.10",
    "@types/react-dom": "^19.2.3",
-    "postcss": "^8.5.14",
+    "postcss": "^8.5.6",
    "tailwindcss": "^4.1.18",
    "typescript": "^5.9.3"
  }
@@ -12,7 +12,7 @@
  "dependencies": {
    "@documenso/prisma": "*",
    "luxon": "^3.7.2",
-    "next": "16.2.6"
+    "next": "16.2.4"
  },
  "devDependencies": {
    "@types/node": "^20",
@@ -1,188 +0,0 @@
-import { AppError } from '@documenso/lib/errors/app-error';
-import { trpc } from '@documenso/trpc/react';
-import { Alert, AlertDescription } from '@documenso/ui/primitives/alert';
-import { Button } from '@documenso/ui/primitives/button';
-import { Checkbox } from '@documenso/ui/primitives/checkbox';
-import {
-  Dialog,
-  DialogContent,
-  DialogDescription,
-  DialogFooter,
-  DialogHeader,
-  DialogTitle,
-  DialogTrigger,
-} from '@documenso/ui/primitives/dialog';
-import { Form, FormControl, FormField, FormItem, FormLabel, FormMessage } from '@documenso/ui/primitives/form/form';
-import { Input } from '@documenso/ui/primitives/input';
-import { useToast } from '@documenso/ui/primitives/use-toast';
-import { zodResolver } from '@hookform/resolvers/zod';
-import { Trans, useLingui } from '@lingui/react/macro';
-import { useEffect, useState } from 'react';
-import { useForm } from 'react-hook-form';
-import { z } from 'zod';
-
-export type AdminOrganisationDeleteDialogProps = {
-  organisationId: string;
-  organisationName: string;
-  trigger?: React.ReactNode;
-};
-
-export const AdminOrganisationDeleteDialog = ({
-  organisationId,
-  organisationName,
-  trigger,
-}: AdminOrganisationDeleteDialogProps) => {
-  const [open, setOpen] = useState(false);
-
-  const { t } = useLingui();
-  const { toast } = useToast();
-
-  const deleteMessage = t`delete ${organisationName}`;
-
-  const ZAdminDeleteOrganisationFormSchema = z.object({
-    organisationName: z.literal(deleteMessage, {
-      errorMap: () => ({ message: t`You must enter '${deleteMessage}' to proceed` }),
-    }),
-    sendEmailToOwner: z.boolean(),
-  });
-
-  type TAdminDeleteOrganisationFormSchema = z.infer<typeof ZAdminDeleteOrganisationFormSchema>;
-
-  const form = useForm<TAdminDeleteOrganisationFormSchema>({
-    resolver: zodResolver(ZAdminDeleteOrganisationFormSchema),
-    defaultValues: {
-      organisationName: '',
-      sendEmailToOwner: true,
-    },
-  });
-
-  const { mutateAsync: deleteOrganisation } = trpc.admin.organisation.delete.useMutation();
-
-  const onFormSubmit = async (values: TAdminDeleteOrganisationFormSchema) => {
-    try {
-      await deleteOrganisation({
-        organisationId,
-        organisationName,
-        sendEmailToOwner: values.sendEmailToOwner,
-      });
-
-      toast({
-        title: t`Deletion scheduled`,
-        description: t`The organisation will be deleted in the background. Documents will be orphaned, not deleted.`,
-        duration: 7500,
-      });
-
-      setOpen(false);
-    } catch (err) {
-      const error = AppError.parseError(err);
-      console.error(error);
-
-      toast({
-        title: t`An error occurred`,
-        description: t`We encountered an error while attempting to delete this organisation. Please try again later.`,
-        variant: 'destructive',
-        duration: 10000,
-      });
-    }
-  };
-
-  useEffect(() => {
-    if (!open) {
-      form.reset();
-    }
-  }, [open, form]);
-
-  return (
-    <Dialog open={open} onOpenChange={(value) => !form.formState.isSubmitting && setOpen(value)}>
-      <DialogTrigger asChild>
-        {trigger ?? (
-          <Button variant="destructive">
-            <Trans>Delete</Trans>
-          </Button>
-        )}
-      </DialogTrigger>
-
-      <DialogContent position="center">
-        <DialogHeader>
-          <DialogTitle>
-            <Trans>Delete organisation</Trans>
-          </DialogTitle>
-
-          <DialogDescription>
-            <Trans>
-              You are about to delete <span className="font-semibold">{organisationName}</span>. This action is not
-              reversible. All teams will be removed and all documents will be orphaned to the deleted-account service
-              account.
-            </Trans>
-          </DialogDescription>
-        </DialogHeader>
-
-        <Alert variant="destructive">
-          <AlertDescription>
-            <Trans>
-              The deletion will run in the background, and can take up to a few minutes to complete. Do not re-run this
-              deletion.
-            </Trans>
-          </AlertDescription>
-        </Alert>
-
-        <Form {...form}>
-          <form onSubmit={form.handleSubmit(onFormSubmit)}>
-            <fieldset className="flex h-full flex-col space-y-4" disabled={form.formState.isSubmitting}>
-              <FormField
-                control={form.control}
-                name="organisationName"
-                render={({ field }) => (
-                  <FormItem>
-                    <FormLabel>
-                      <Trans>
-                        Confirm by typing <span className="text-destructive">{deleteMessage}</span>
-                      </Trans>
-                    </FormLabel>
-                    <FormControl>
-                      <Input className="bg-background" {...field} />
-                    </FormControl>
-                    <FormMessage />
-                  </FormItem>
-                )}
-              />
-
-              <FormField
-                control={form.control}
-                name="sendEmailToOwner"
-                render={({ field }) => (
-                  <FormItem className="flex flex-row items-start space-x-3 space-y-0">
-                    <FormControl>
-                      <Checkbox
-                        id="admin-delete-organisation-send-email"
-                        checked={field.value}
-                        onCheckedChange={field.onChange}
-                      />
-                    </FormControl>
-
-                    <label
-                      htmlFor="admin-delete-organisation-send-email"
-                      className="font-normal text-muted-foreground text-sm leading-snug"
-                    >
-                      <Trans>Email the organisation owner to notify them of the deletion.</Trans>
-                    </label>
-                  </FormItem>
-                )}
-              />
-
-              <DialogFooter>
-                <Button type="button" variant="secondary" onClick={() => setOpen(false)}>
-                  <Trans>Cancel</Trans>
-                </Button>
-
-                <Button type="submit" variant="destructive" loading={form.formState.isSubmitting}>
-                  <Trans>Delete</Trans>
-                </Button>
-              </DialogFooter>
-            </fieldset>
-          </form>
-        </Form>
-      </DialogContent>
-    </Dialog>
-  );
-};
@@ -1,152 +0,0 @@
-import { AppError } from '@documenso/lib/errors/app-error';
-import { trpc } from '@documenso/trpc/react';
-import { ZCreateUserRequestSchema } from '@documenso/trpc/server/admin-router/create-user.types';
-import { Button } from '@documenso/ui/primitives/button';
-import {
-  Dialog,
-  DialogContent,
-  DialogDescription,
-  DialogFooter,
-  DialogHeader,
-  DialogTitle,
-  DialogTrigger,
-} from '@documenso/ui/primitives/dialog';
-import { Form, FormControl, FormField, FormItem, FormLabel, FormMessage } from '@documenso/ui/primitives/form/form';
-import { Input } from '@documenso/ui/primitives/input';
-import { useToast } from '@documenso/ui/primitives/use-toast';
-import { zodResolver } from '@hookform/resolvers/zod';
-import { Trans, useLingui } from '@lingui/react/macro';
-import type * as DialogPrimitive from '@radix-ui/react-dialog';
-import { useEffect, useState } from 'react';
-import { useForm } from 'react-hook-form';
-import { useNavigate } from 'react-router';
-import type { z } from 'zod';
-
-export type AdminUserCreateDialogProps = {
-  trigger?: React.ReactNode;
-} & Omit<DialogPrimitive.DialogProps, 'children'>;
-
-const ZFormSchema = ZCreateUserRequestSchema;
-
-type TFormSchema = z.infer<typeof ZFormSchema>;
-
-export const AdminUserCreateDialog = ({ trigger, ...props }: AdminUserCreateDialogProps) => {
-  const { t } = useLingui();
-  const { toast } = useToast();
-
-  const [open, setOpen] = useState(false);
-
-  const navigate = useNavigate();
-
-  const form = useForm<TFormSchema>({
-    resolver: zodResolver(ZFormSchema),
-    defaultValues: {
-      email: '',
-      name: '',
-    },
-  });
-
-  const { mutateAsync: createUser } = trpc.admin.user.create.useMutation();
-
-  const onFormSubmit = async (data: TFormSchema) => {
-    try {
-      const result = await createUser(data);
-
-      await navigate(`/admin/users/${result.userId}`);
-
-      setOpen(false);
-
-      toast({
-        title: t`Success`,
-        description: t`User created and welcome email sent`,
-        duration: 5000,
-      });
-    } catch (err) {
-      const error = AppError.parseError(err);
-
-      console.error(error);
-
-      toast({
-        title: t`An error occurred`,
-        description: error.message || t`We encountered an error while creating the user. Please try again later.`,
-        variant: 'destructive',
-      });
-    }
-  };
-
-  useEffect(() => {
-    form.reset();
-  }, [open, form]);
-
-  return (
-    <Dialog {...props} open={open} onOpenChange={(value) => !form.formState.isSubmitting && setOpen(value)}>
-      <DialogTrigger onClick={(e) => e.stopPropagation()} asChild={true}>
-        {trigger ?? (
-          <Button className="flex-shrink-0" variant="secondary">
-            <Trans>Create User</Trans>
-          </Button>
-        )}
-      </DialogTrigger>
-
-      <DialogContent position="center">
-        <DialogHeader>
-          <DialogTitle>
-            <Trans>Create User</Trans>
-          </DialogTitle>
-
-          <DialogDescription>
-            <Trans>Create a new user. A welcome email will be sent with a link to set their password.</Trans>
-          </DialogDescription>
-        </DialogHeader>
-
-        <Form {...form}>
-          <form onSubmit={form.handleSubmit(onFormSubmit)}>
-            <fieldset className="flex h-full flex-col space-y-4" disabled={form.formState.isSubmitting}>
-              <FormField
-                control={form.control}
-                name="email"
-                render={({ field }) => (
-                  <FormItem>
-                    <FormLabel required>
-                      <Trans>Email</Trans>
-                    </FormLabel>
-                    <FormControl>
-                      <Input {...field} type="email" />
-                    </FormControl>
-                    <FormMessage />
-                  </FormItem>
-                )}
-              />
-
-              <FormField
-                control={form.control}
-                name="name"
-                render={({ field }) => (
-                  <FormItem>
-                    <FormLabel required>
-                      <Trans>Name</Trans>
-                    </FormLabel>
-                    <FormControl>
-                      <Input {...field} />
-                    </FormControl>
-                    <FormMessage />
-                  </FormItem>
-                )}
-              />
-
-              <DialogFooter>
-                <Button type="button" variant="secondary" onClick={() => setOpen(false)}>
-                  <Trans>Cancel</Trans>
-                </Button>
-
-                <Button type="submit" data-testid="dialog-create-user-button" loading={form.formState.isSubmitting}>
-                  <Trans>Create</Trans>
-                </Button>
-              </DialogFooter>
-            </fieldset>
-          </form>
-        </Form>
-      </DialogContent>
-    </Dialog>
-  );
-};
@@ -14,10 +14,10 @@ export const DateRangeFilter = ({ currentRange }: DateRangeFilterProps) => {
  const [isPending, startTransition] = useTransition();
  const updateSearchParams = useUpdateSearchParams();

-  const handleRangeChange = (value: DateRange) => {
+  const handleRangeChange = (value: string) => {
    startTransition(() => {
      updateSearchParams({
-        dateRange: value,
+        dateRange: value as DateRange,
        page: 1,
      });
    });
@@ -512,7 +512,7 @@ export function BrandingPreferencesForm({
                        <FormItem className="flex-1">
                          <FormControl>
                            <Textarea
-                              placeholder={`/* Write CSS targeting your signing pages. Selectors are scoped automatically. */
+                              placeholder={t`/* Write CSS targeting your signing pages. Selectors are scoped automatically. */
 .my-button {
  background: red;
 }`}
@@ -116,12 +116,11 @@ export const EditorFieldDropdownForm = ({
    }

    const newValues = [...currentValues];
-    const removedValue = currentValues[index].value;
    newValues.splice(index, 1);

    form.setValue('values', newValues);

-    if (form.getValues('defaultValue') === removedValue) {
+    if (form.getValues('defaultValue') === newValues[index].value) {
      form.setValue('defaultValue', undefined);
    }
  };
@@ -89,6 +89,7 @@ export const SignInForm = ({
  const turnstileSiteKey = env('NEXT_PUBLIC_TURNSTILE_SITE_KEY');
  const turnstileRef = useRef<TurnstileInstance>(null);
  const twoFactorTurnstileRef = useRef<TurnstileInstance>(null);
+  const [captchaToken, setCaptchaToken] = useState<string | null>(null);

  const [isPasskeyLoading, setIsPasskeyLoading] = useState(false);

@@ -196,31 +197,13 @@ export const SignInForm = ({
  };

  const onFormSubmit = async ({ email, password, totpCode, backupCode }: TSignInFormSchema) => {
-    const $turnstile = isTwoFactorAuthenticationDialogOpen ? twoFactorTurnstileRef.current : turnstileRef.current;
-
    try {
-      let token: string | undefined;
-
-      if (turnstileSiteKey) {
-        token = await $turnstile?.getResponsePromise(3000).catch((_err) => undefined);
-
-        if (!token) {
-          toast({
-            title: _(msg`Human verification required`),
-            description: _(msg`Please complete the CAPTCHA challenge before signing in.`),
-            variant: 'destructive',
-          });
-
-          return;
-        }
-      }
-
      await authClient.emailPassword.signIn({
        email,
        password,
        totpCode,
        backupCode,
-        captchaToken: token ?? undefined,
+        captchaToken: captchaToken ?? undefined,
        redirectPath,
      });
    } catch (err) {
@@ -231,6 +214,10 @@ export const SignInForm = ({
      if (error.code === 'TWO_FACTOR_MISSING_CREDENTIALS') {
        setIsTwoFactorAuthenticationDialogOpen(true);

+        // Turnstile tokens are single-use. Clear the consumed one so the
+        // dialog's fresh widget mounts cleanly and the dialog can't be
+        // submitted with the stale token before a new one is issued.
+        setCaptchaToken(null);
        return;
      }

@@ -260,7 +247,8 @@ export const SignInForm = ({
        variant: 'destructive',
      });

-      $turnstile?.reset();
+      turnstileRef.current?.reset();
+      setCaptchaToken(null);
    }
  };

@@ -370,9 +358,11 @@ export const SignInForm = ({
            <Turnstile
              ref={turnstileRef}
              siteKey={turnstileSiteKey}
+              onSuccess={setCaptchaToken}
+              onExpire={() => setCaptchaToken(null)}
              options={{
                size: 'flexible',
-                appearance: 'always',
+                appearance: 'interaction-only',
              }}
            />
          )}
@@ -509,9 +499,11 @@ export const SignInForm = ({
                  <Turnstile
                    ref={twoFactorTurnstileRef}
                    siteKey={turnstileSiteKey}
+                    onSuccess={setCaptchaToken}
+                    onExpire={() => setCaptchaToken(null)}
                    options={{
                      size: 'flexible',
-                      appearance: 'always',
+                      appearance: 'interaction-only',
                    }}
                  />
                </div>
@@ -526,7 +518,7 @@ export const SignInForm = ({
                  )}
                </Button>

-                <Button type="submit" loading={isSubmitting}>
+                <Button type="submit" loading={isSubmitting} disabled={Boolean(turnstileSiteKey) && !captchaToken}>
                  {isSubmitting ? <Trans>Signing in...</Trans> : <Trans>Sign In</Trans>}
                </Button>
              </DialogFooter>
@@ -20,7 +20,7 @@ import { useLingui } from '@lingui/react';
 import { Trans } from '@lingui/react/macro';
 import type { TurnstileInstance } from '@marsidev/react-turnstile';
 import { Turnstile } from '@marsidev/react-turnstile';
-import { useEffect, useRef } from 'react';
+import { useEffect, useRef, useState } from 'react';
 import { useForm } from 'react-hook-form';
 import { FaIdCardClip } from 'react-icons/fa6';
 import { FcGoogle } from 'react-icons/fc';
@@ -86,6 +86,8 @@ export const SignUpForm = ({
  const turnstileSiteKey = env('NEXT_PUBLIC_TURNSTILE_SITE_KEY');
  const turnstileRef = useRef<TurnstileInstance>(null);

+  const [captchaToken, setCaptchaToken] = useState<string | null>(null);
+
  const hasSocialAuthEnabled = isGoogleSignupEnabled || isMicrosoftSignupEnabled || isOidcSignupEnabled;

  const form = useForm<TSignUpFormSchema>({
@@ -103,28 +105,12 @@ export const SignUpForm = ({

  const onFormSubmit = async ({ name, email, password, signature }: TSignUpFormSchema) => {
    try {
-      let token: string | undefined;
-
-      if (turnstileSiteKey) {
-        token = await turnstileRef.current?.getResponsePromise(3000).catch((_err) => undefined);
-
-        if (!token) {
-          toast({
-            title: _(msg`Human verification required`),
-            description: _(msg`Please complete the CAPTCHA challenge before signing in.`),
-            variant: 'destructive',
-          });
-
-          return;
-        }
-      }
-
      await authClient.emailPassword.signUp({
        name,
        email,
        password,
        signature,
-        captchaToken: token ?? undefined,
+        captchaToken: captchaToken ?? undefined,
      });

      await navigate(returnTo ? returnTo : '/unverified-account');
@@ -154,6 +140,7 @@ export const SignUpForm = ({
      });

      turnstileRef.current?.reset();
+      setCaptchaToken(null);
    }
  };

@@ -329,9 +316,11 @@ export const SignUpForm = ({
                <Turnstile
                  ref={turnstileRef}
                  siteKey={turnstileSiteKey}
+                  onSuccess={setCaptchaToken}
+                  onExpire={() => setCaptchaToken(null)}
                  options={{
                    size: 'flexible',
-                    appearance: 'always',
+                    appearance: 'interaction-only',
                  }}
                />
              )}
@@ -1,7 +1,6 @@
 import { authClient } from '@documenso/auth/client';
 import { useAnalytics } from '@documenso/lib/client-only/hooks/use-analytics';
 import { AppError } from '@documenso/lib/errors/app-error';
-import { env } from '@documenso/lib/utils/env';
 import { zEmail } from '@documenso/lib/utils/zod';
 import { ZPasswordSchema } from '@documenso/trpc/server/auth-router/schema';
 import { Button } from '@documenso/ui/primitives/button';
@@ -13,9 +12,6 @@ import { zodResolver } from '@hookform/resolvers/zod';
 import { msg } from '@lingui/core/macro';
 import { useLingui } from '@lingui/react';
 import { Trans } from '@lingui/react/macro';
-import type { TurnstileInstance } from '@marsidev/react-turnstile';
-import { Turnstile } from '@marsidev/react-turnstile';
-import { useRef } from 'react';
 import { useForm } from 'react-hook-form';
 import { useNavigate } from 'react-router';
 import { z } from 'zod';
@@ -54,9 +50,6 @@ export const ClaimAccount = ({ defaultName, defaultEmail }: ClaimAccountProps) =
  const analytics = useAnalytics();
  const navigate = useNavigate();

-  const turnstileSiteKey = env('NEXT_PUBLIC_TURNSTILE_SITE_KEY');
-  const turnstileRef = useRef<TurnstileInstance>(null);
-
  const form = useForm<TClaimAccountFormSchema>({
    values: {
      name: defaultName ?? '',
@@ -68,28 +61,7 @@ export const ClaimAccount = ({ defaultName, defaultEmail }: ClaimAccountProps) =

  const onFormSubmit = async ({ name, email, password }: TClaimAccountFormSchema) => {
    try {
-      let token: string | undefined;
-
-      if (turnstileSiteKey) {
-        token = await turnstileRef.current?.getResponsePromise(3000).catch((_err) => undefined);
-
-        if (!token) {
-          toast({
-            title: _(msg`Human verification required`),
-            description: _(msg`Please complete the CAPTCHA challenge before signing in.`),
-            variant: 'destructive',
-          });
-
-          return;
-        }
-      }
-
-      await authClient.emailPassword.signUp({
-        name,
-        email,
-        password,
-        captchaToken: token ?? undefined,
-      });
+      await authClient.emailPassword.signUp({ name, email, password });

      await navigate(`/unverified-account`);

@@ -115,8 +87,6 @@ export const ClaimAccount = ({ defaultName, defaultEmail }: ClaimAccountProps) =
        description: _(errorMessage),
        variant: 'destructive',
      });
-
-      turnstileRef.current?.reset();
    }
  };

@@ -171,19 +141,6 @@ export const ClaimAccount = ({ defaultName, defaultEmail }: ClaimAccountProps) =
              )}
            />

-            {turnstileSiteKey && (
-              <div className="mt-4">
-                <Turnstile
-                  ref={turnstileRef}
-                  siteKey={turnstileSiteKey}
-                  options={{
-                    size: 'flexible',
-                    appearance: 'always',
-                  }}
-                />
-              </div>
-            )}
-
            <Button type="submit" className="mt-6 w-full" loading={form.formState.isSubmitting}>
              <Trans>Claim account</Trans>
            </Button>
@@ -13,7 +13,6 @@ import { match, P } from 'ts-pattern';

 import { DocumentSigningAuth2FA } from './document-signing-auth-2fa';
 import { DocumentSigningAuthAccount } from './document-signing-auth-account';
-import { DocumentSigningAuthExternal2FA } from './document-signing-auth-external-2fa';
 import { DocumentSigningAuthPasskey } from './document-signing-auth-passkey';
 import { DocumentSigningAuthPassword } from './document-signing-auth-password';
 import { useRequiredDocumentSigningAuthContext } from './document-signing-auth-provider';
@@ -59,8 +58,15 @@ export const DocumentSigningAuthDialog = ({
      return;
    }

+    // Reset selected auth type when dialog closes
    if (!value) {
-      setSelectedAuthType(validAuthTypes.length === 1 ? validAuthTypes[0] : null);
+      setSelectedAuthType(() => {
+        if (validAuthTypes.length === 1) {
+          return validAuthTypes[0];
+        }
+
+        return null;
+      });
    }

    onOpenChange(value);
@@ -117,7 +123,6 @@ export const DocumentSigningAuthDialog = ({
                        .with(DocumentAuth.ACCOUNT, () => <Trans>Account</Trans>)
                        .with(DocumentAuth.PASSKEY, () => <Trans>Passkey</Trans>)
                        .with(DocumentAuth.TWO_FACTOR_AUTH, () => <Trans>2FA</Trans>)
-                        .with(DocumentAuth.EXTERNAL_TWO_FACTOR_AUTH, () => <Trans>Verification code</Trans>)
                        .with(DocumentAuth.PASSWORD, () => <Trans>Password</Trans>)
                        .exhaustive()}
                    </div>
@@ -127,9 +132,6 @@ export const DocumentSigningAuthDialog = ({
                        .with(DocumentAuth.ACCOUNT, () => <Trans>Sign in to your account</Trans>)
                        .with(DocumentAuth.PASSKEY, () => <Trans>Use your passkey for authentication</Trans>)
                        .with(DocumentAuth.TWO_FACTOR_AUTH, () => <Trans>Enter your 2FA code</Trans>)
-                        .with(DocumentAuth.EXTERNAL_TWO_FACTOR_AUTH, () => (
-                          <Trans>Enter the verification code provided to you</Trans>
-                        ))
                        .with(DocumentAuth.PASSWORD, () => <Trans>Enter your password</Trans>)
                        .exhaustive()}
                    </div>
@@ -167,13 +169,6 @@ export const DocumentSigningAuthDialog = ({
                onReauthFormSubmit={onReauthFormSubmit}
              />
            ))
-            .with({ documentAuthType: DocumentAuth.EXTERNAL_TWO_FACTOR_AUTH }, () => (
-              <DocumentSigningAuthExternal2FA
-                open={open}
-                onOpenChange={onOpenChange}
-                onReauthFormSubmit={onReauthFormSubmit}
-              />
-            ))
            .with({ documentAuthType: DocumentAuth.EXPLICIT_NONE }, () => null)
            .exhaustive()}
      </DialogContent>
@@ -1,223 +0,0 @@
-import { useEffect, useState } from 'react';
-
-import { zodResolver } from '@hookform/resolvers/zod';
-import { Trans } from '@lingui/react/macro';
-import { useForm } from 'react-hook-form';
-import { z } from 'zod';
-
-import { SIGNING_2FA_VERIFY_REASON_CODES } from '@documenso/lib/constants/document-auth';
-import { AppError } from '@documenso/lib/errors/app-error';
-import { DocumentAuth, type TRecipientActionAuth } from '@documenso/lib/types/document-auth';
-import { trpc } from '@documenso/trpc/react';
-import { Alert, AlertDescription, AlertTitle } from '@documenso/ui/primitives/alert';
-import { Button } from '@documenso/ui/primitives/button';
-import { DialogFooter } from '@documenso/ui/primitives/dialog';
-import {
-  Form,
-  FormControl,
-  FormField,
-  FormItem,
-  FormLabel,
-  FormMessage,
-} from '@documenso/ui/primitives/form/form';
-import { PinInput, PinInputGroup, PinInputSlot } from '@documenso/ui/primitives/pin-input';
-
-import { useRequiredDocumentSigningAuthContext } from './document-signing-auth-provider';
-
-export type DocumentSigningAuthExternal2FAProps = {
-  open: boolean;
-  onOpenChange: (value: boolean) => void;
-  onReauthFormSubmit: (values?: TRecipientActionAuth) => Promise<void> | void;
-};
-
-const ZExternal2FAFormSchema = z.object({
-  code: z
-    .string()
-    .length(6, { message: 'Code must be exactly 6 digits' })
-    .regex(/^\d{6}$/, { message: 'Code must contain only digits' }),
-});
-
-type TExternal2FAFormSchema = z.infer<typeof ZExternal2FAFormSchema>;
-
-export const DocumentSigningAuthExternal2FA = ({
-  onReauthFormSubmit,
-  open,
-  onOpenChange,
-}: DocumentSigningAuthExternal2FAProps) => {
-  const { recipient, isCurrentlyAuthenticating, setIsCurrentlyAuthenticating } =
-    useRequiredDocumentSigningAuthContext();
-
-  const [formError, setFormError] = useState<string | null>(null);
-
-  const statusQuery = trpc.envelope.signing2fa.getStatus.useQuery(
-    { token: recipient.token },
-    { enabled: open },
-  );
-
-  const verifyMutation = trpc.envelope.signing2fa.verify.useMutation();
-
-  const form = useForm<TExternal2FAFormSchema>({
-    resolver: zodResolver(ZExternal2FAFormSchema),
-    defaultValues: {
-      code: '',
-    },
-  });
-
-  const onFormSubmit = async ({ code }: TExternal2FAFormSchema) => {
-    try {
-      setIsCurrentlyAuthenticating(true);
-      setFormError(null);
-
-      await verifyMutation.mutateAsync({
-        token: recipient.token,
-        code,
-      });
-
-      await onReauthFormSubmit({
-        type: DocumentAuth.EXTERNAL_TWO_FACTOR_AUTH,
-      });
-
-      onOpenChange(false);
-    } catch (err) {
-      const error = AppError.parseError(err);
-
-      if (error.message === SIGNING_2FA_VERIFY_REASON_CODES.TWO_FA_ATTEMPT_LIMIT_REACHED) {
-        setFormError('Too many failed attempts. Please request a new code.');
-      } else if (error.message === SIGNING_2FA_VERIFY_REASON_CODES.TWO_FA_TOKEN_EXPIRED) {
-        setFormError('The code has expired. Please request a new code.');
-      } else if (error.message === SIGNING_2FA_VERIFY_REASON_CODES.TWO_FA_NOT_ISSUED) {
-        setFormError('No code has been issued yet. Please contact the document sender.');
-      } else {
-        setFormError('Invalid code. Please try again.');
-      }
-
-      await statusQuery.refetch();
-      form.reset({ code: '' });
-    } finally {
-      setIsCurrentlyAuthenticating(false);
-    }
-  };
-
-  useEffect(() => {
-    form.reset({ code: '' });
-    setFormError(null);
-    // eslint-disable-next-line react-hooks/exhaustive-deps
-  }, [open]);
-
-  const attemptsRemaining = statusQuery.data?.attemptsRemaining ?? null;
-  const hasActiveToken = statusQuery.data?.hasActiveToken ?? false;
-  const hasValidProof = statusQuery.data?.hasValidProof ?? false;
-
-  if (hasValidProof) {
-    return (
-      <div className="space-y-4">
-        <Alert>
-          <AlertDescription>
-            <Trans>Your identity has already been verified. You can proceed to sign.</Trans>
-          </AlertDescription>
-        </Alert>
-        <DialogFooter>
-          <Button
-            type="button"
-            onClick={async () => {
-              await onReauthFormSubmit({
-                type: DocumentAuth.EXTERNAL_TWO_FACTOR_AUTH,
-              });
-              onOpenChange(false);
-            }}
-          >
-            <Trans>Continue</Trans>
-          </Button>
-        </DialogFooter>
-      </div>
-    );
-  }
-
-  if (!hasActiveToken && !statusQuery.isLoading) {
-    return (
-      <div className="space-y-4">
-        <Alert variant="warning">
-          <AlertTitle>
-            <Trans>Verification code required</Trans>
-          </AlertTitle>
-          <AlertDescription>
-            <Trans>
-              A verification code is required to sign this document. Please contact the document
-              sender to request your code.
-            </Trans>
-          </AlertDescription>
-        </Alert>
-        <DialogFooter>
-          <Button type="button" variant="secondary" onClick={() => onOpenChange(false)}>
-            <Trans>Close</Trans>
-          </Button>
-        </DialogFooter>
-      </div>
-    );
-  }
-
-  return (
-    <Form {...form}>
-      <form onSubmit={form.handleSubmit(onFormSubmit)}>
-        <fieldset disabled={isCurrentlyAuthenticating}>
-          <div className="space-y-4">
-            <p className="text-sm text-muted-foreground">
-              <Trans>Enter the 6-digit verification code that was provided to you.</Trans>
-            </p>
-
-            <FormField
-              control={form.control}
-              name="code"
-              render={({ field }) => (
-                <FormItem>
-                  <FormLabel required>
-                    <Trans>Verification code</Trans>
-                  </FormLabel>
-
-                  <FormControl>
-                    <PinInput {...field} value={field.value ?? ''} maxLength={6}>
-                      {Array(6)
-                        .fill(null)
-                        .map((_, i) => (
-                          <PinInputGroup key={i}>
-                            <PinInputSlot index={i} />
-                          </PinInputGroup>
-                        ))}
-                    </PinInput>
-                  </FormControl>
-
-                  <FormMessage />
-                </FormItem>
-              )}
-            />
-
-            {attemptsRemaining !== null && attemptsRemaining > 0 && (
-              <p className="text-xs text-muted-foreground">
-                <Trans>{attemptsRemaining} attempts remaining</Trans>
-              </p>
-            )}
-
-            {formError && (
-              <Alert variant="destructive">
-                <AlertTitle>
-                  <Trans>Verification failed</Trans>
-                </AlertTitle>
-                <AlertDescription>{formError}</AlertDescription>
-              </Alert>
-            )}
-
-            <DialogFooter>
-              <Button type="button" variant="secondary" onClick={() => onOpenChange(false)}>
-                <Trans>Cancel</Trans>
-              </Button>
-
-              <Button type="submit" loading={isCurrentlyAuthenticating}>
-                <Trans>Verify</Trans>
-              </Button>
-            </DialogFooter>
-          </div>
-        </fieldset>
-      </form>
-    </Form>
-  );
-};
@@ -61,13 +61,13 @@ export const useRequiredDocumentSigningAuthContext = () => {
  return context;
 };

-export type DocumentSigningAuthProviderProps = {
+export interface DocumentSigningAuthProviderProps {
  documentAuthOptions: Envelope['authOptions'];
  recipient: SigningAuthRecipient;
  isDirectTemplate?: boolean;
  user?: SessionUser | null;
  children: React.ReactNode;
-};
+}

 export const DocumentSigningAuthProvider = ({
  documentAuthOptions: initialDocumentAuthOptions,
@@ -169,12 +169,12 @@ export const DocumentSigningAuthProvider = ({
    // eslint-disable-next-line react-hooks/exhaustive-deps
  }, [passkeyData.passkeys]);

-  const authMethodsRequiringLogin = derivedRecipientActionAuth?.filter(
-    (method) => method !== DocumentAuth.EXPLICIT_NONE && method !== DocumentAuth.EXTERNAL_TWO_FACTOR_AUTH,
-  );
-
+  // Assume that a user must be logged in for any auth requirements.
  const isAuthRedirectRequired = Boolean(
-    authMethodsRequiringLogin && authMethodsRequiringLogin.length > 0 && user?.email !== recipient.email,
+    derivedRecipientActionAuth &&
+      derivedRecipientActionAuth.length > 0 &&
+      !derivedRecipientActionAuth.includes(DocumentAuth.EXPLICIT_NONE) &&
+      user?.email !== recipient.email,
  );

  const refetchPasskeys = async () => {
@@ -106,12 +106,8 @@ export const DocumentSigningAutoSign = ({ recipient, fields }: DocumentSigningAu
          }))
          .with(undefined, () => undefined)
          .with(
-            P.union(
-              DocumentAuth.PASSKEY,
-              DocumentAuth.TWO_FACTOR_AUTH,
-              DocumentAuth.EXTERNAL_TWO_FACTOR_AUTH,
-              DocumentAuth.PASSWORD,
-            ),
+            P.union(DocumentAuth.PASSKEY, DocumentAuth.TWO_FACTOR_AUTH, DocumentAuth.PASSWORD),
+            // This is a bit dirty, but the sentinel value used here is incredibly short-lived.
            () => 'NOT_SUPPORTED' as const,
          )
          .exhaustive();
@@ -97,7 +97,7 @@ export const DocumentSigningMobileWidget = () => {
                  layoutId="document-signing-mobile-widget-progress-bar"
                  className="absolute inset-y-0 left-0 bg-primary"
                  style={{
-                    width: `${requiredRecipientFields.length === 0 ? 100 : 100 - (100 / requiredRecipientFields.length) * (recipientFieldsRemaining.length ?? 0)}%`,
+                    width: `${100 - (100 / requiredRecipientFields.length) * (recipientFieldsRemaining.length ?? 0)}%`,
                  }}
                />
              </div>
@@ -142,7 +142,7 @@ export const DocumentSigningPageViewV1 = ({
      return undefined;
    }

-    const sortedRecipients = [...allRecipients].sort((a, b) => {
+    const sortedRecipients = allRecipients.sort((a, b) => {
      // Sort by signingOrder first (nulls last), then by id
      if (a.signingOrder === null && b.signingOrder === null) {
        return a.id - b.id;
@@ -150,7 +150,7 @@ export const DocumentSigningPageViewV2 = () => {
                  layoutId="document-flow-container-step"
                  className="absolute inset-y-0 left-0 bg-primary"
                  style={{
-                    width: `${requiredRecipientFields.length === 0 ? 100 : 100 - (100 / requiredRecipientFields.length) * (recipientFieldsRemaining.length ?? 0)}%`,
+                    width: `${100 - (100 / requiredRecipientFields.length) * (recipientFieldsRemaining.length ?? 0)}%`,
                  }}
                />
              </div>
@@ -294,7 +294,7 @@ export const EnvelopeSigningProvider = ({
      return null;
    }

-    const sortedRecipients = [...envelope.recipients].sort((a, b) => {
+    const sortedRecipients = envelope.recipients.sort((a, b) => {
      // Sort by signingOrder first (nulls last), then by id
      if (a.signingOrder === null && b.signingOrder === null) {
        return a.id - b.id;
@@ -140,15 +140,6 @@ export const DocumentUploadButtonLegacy = ({ className, type }: DocumentUploadBu
          'ENVELOPE_ITEM_LIMIT_EXCEEDED',
          () => msg`You have reached the limit of the number of files per envelope.`,
        )
-        .with('UNSUPPORTED_FILE_TYPE', () => msg`This file type isn't supported. Please upload a PDF or Word document.`)
-        .with(
-          'CONVERSION_SERVICE_UNAVAILABLE',
-          () => msg`Document conversion is temporarily unavailable. Please try again shortly or upload a PDF.`,
-        )
-        .with(
-          'CONVERSION_FAILED',
-          () => msg`We couldn't convert this file. Please check it's a valid Word document or upload a PDF instead.`,
-        )
        .otherwise(() => msg`An error occurred while uploading your document.`);

      toast({
@@ -334,6 +334,8 @@ export const EnvelopeSignerPageRenderer = ({ pageData }: { pageData: PageRenderD
                fieldGroup.add(loadingSpinnerGroup);
                await signField(field.id, payload);
              }
+
+              loadingSpinnerGroup.destroy();
            })
            .finally(() => {
              loadingSpinnerGroup.destroy();
@@ -3,8 +3,8 @@ import { useAnalytics } from '@documenso/lib/client-only/hooks/use-analytics';
 import { useCurrentOrganisation } from '@documenso/lib/client-only/providers/organisation';
 import { useSession } from '@documenso/lib/client-only/providers/session';
 import { APP_DOCUMENT_UPLOAD_SIZE_LIMIT, IS_BILLING_ENABLED } from '@documenso/lib/constants/app';
-import { getAllowedUploadMimeTypes } from '@documenso/lib/constants/document-conversion';
 import { DEFAULT_DOCUMENT_TIME_ZONE, TIME_ZONES } from '@documenso/lib/constants/time-zones';
+import { ALLOWED_UPLOAD_MIME_TYPES } from '@documenso/lib/constants/upload';
 import { AppError, AppErrorCode } from '@documenso/lib/errors/app-error';
 import { megabytesToBytes } from '@documenso/lib/universal/unit-convertions';
 import { formatDocumentsPath, formatTemplatesPath } from '@documenso/lib/utils/teams';
@@ -116,14 +116,11 @@ export const EnvelopeDropZoneWrapper = ({ children, type, className }: EnvelopeD
          () => t`You have reached your document limit for this month. Please upgrade your plan.`,
        )
        .with('ENVELOPE_ITEM_LIMIT_EXCEEDED', () => t`You have reached the limit of the number of files per envelope.`)
-        .with('UNSUPPORTED_FILE_TYPE', () => t`This file type isn't supported. Please upload a PDF or Word document.`)
+        .with('CONVERSION_SERVICE_UNAVAILABLE', () => t`File conversion is not available. Please upload a PDF file.`)
+        .with('CONVERSION_FAILED', () => t`Failed to convert file. Please try uploading a PDF instead.`)
        .with(
-          'CONVERSION_SERVICE_UNAVAILABLE',
-          () => t`Document conversion is temporarily unavailable. Please try again shortly or upload a PDF.`,
-        )
-        .with(
-          'CONVERSION_FAILED',
-          () => t`We couldn't convert this file. Please check it's a valid Word document or upload a PDF instead.`,
+          'UNSUPPORTED_FILE_TYPE',
+          () => t`This file type is not supported. Please upload a PDF, Word document, or image.`,
        )
        .otherwise(() => t`An error occurred during upload.`);

@@ -168,7 +165,7 @@ export const EnvelopeDropZoneWrapper = ({ children, type, className }: EnvelopeD
    });
  };
  const { getRootProps, getInputProps, isDragActive } = useDropzone({
-    accept: getAllowedUploadMimeTypes(),
+    accept: ALLOWED_UPLOAD_MIME_TYPES,
    multiple: true,
    maxSize: megabytesToBytes(APP_DOCUMENT_UPLOAD_SIZE_LIMIT),
    maxFiles: maximumEnvelopeItemCount,
@@ -114,20 +114,23 @@ export const EnvelopeUploadButton = ({ className, type, folderId }: EnvelopeUplo

      const errorMessage = match(error.code)
        .with('INVALID_DOCUMENT_FILE', () => t`You cannot upload encrypted PDFs.`)
+        .with(
+          'UNSUPPORTED_FILE_TYPE',
+          () => t`This file type is not supported. Please upload a PDF, DOCX, JPEG, or PNG file.`,
+        )
+        .with(
+          'CONVERSION_SERVICE_UNAVAILABLE',
+          () => t`File conversion is temporarily unavailable. Please upload a PDF file instead.`,
+        )
+        .with(
+          'CONVERSION_FAILED',
+          () => t`Failed to convert the file to PDF. Please try again or upload a PDF file instead.`,
+        )
        .with(
          AppErrorCode.LIMIT_EXCEEDED,
          () => t`You have reached your document limit for this month. Please upgrade your plan.`,
        )
        .with('ENVELOPE_ITEM_LIMIT_EXCEEDED', () => t`You have reached the limit of the number of files per envelope.`)
-        .with('UNSUPPORTED_FILE_TYPE', () => t`This file type isn't supported. Please upload a PDF or Word document.`)
-        .with(
-          'CONVERSION_SERVICE_UNAVAILABLE',
-          () => t`Document conversion is temporarily unavailable. Please try again shortly or upload a PDF.`,
-        )
-        .with(
-          'CONVERSION_FAILED',
-          () => t`We couldn't convert this file. Please check it's a valid Word document or upload a PDF instead.`,
-        )
        .otherwise(() => t`An error occurred while uploading your document.`);

      toast({
@@ -25,7 +25,7 @@ export const CardMetric = ({ icon: Icon, title, value, className, children }: Ca
            </div>
          )}

-          <h3 className="mb-2 flex items-end font-medium text-sm leading-tight">{title}</h3>
+          <h3 className="mb-2 flex items-end font-medium text-primary-forground text-sm leading-tight">{title}</h3>
        </div>

        {children || (
@@ -238,7 +238,7 @@ export const AdminOrganisationsTable = ({
        }}
      >
        {(table) =>
-          !hidePaginationUntilOverflow || table.getPageCount() > 1 ? (
+          !hidePaginationUntilOverflow || 1 > table.getPageCount() ? (
            <DataTablePagination additionalInformation="VisibleCount" table={table} />
          ) : null
        }
@@ -37,7 +37,6 @@ import { Link, useNavigate } from 'react-router';
 import { match } from 'ts-pattern';
 import type { z } from 'zod';

-import { AdminOrganisationDeleteDialog } from '~/components/dialogs/admin-organisation-delete-dialog';
 import { AdminOrganisationMemberDeleteDialog } from '~/components/dialogs/admin-organisation-member-delete-dialog';
 import { AdminOrganisationMemberUpdateDialog } from '~/components/dialogs/admin-organisation-member-update-dialog';
 import { DetailsCard, DetailsValue } from '~/components/general/admin-details';
@@ -65,14 +64,9 @@ export default function OrganisationGroupSettingsPage({ params, loaderData }: Ro

  const organisationId = params.id;

-  const { data: organisation, isLoading: isLoadingOrganisation } = trpc.admin.organisation.get.useQuery(
-    {
-      organisationId,
-    },
-    {
-      retry: false,
-    },
-  );
+  const { data: organisation, isLoading: isLoadingOrganisation } = trpc.admin.organisation.get.useQuery({
+    organisationId,
+  });

  const { mutateAsync: createStripeCustomer, isPending: isCreatingStripeCustomer } =
    trpc.admin.stripe.createCustomer.useMutation({
@@ -404,31 +398,6 @@ export default function OrganisationGroupSettingsPage({ params, loaderData }: Ro
          </div>
        </div>
      </div>
-
-      <SettingsHeader
-        title={t`Danger Zone`}
-        subtitle={t`Irreversible actions for this organisation`}
-        className="mt-16"
-      />
-
-      <Alert className="my-6 flex flex-col justify-between p-6 sm:flex-row sm:items-center" variant="destructive">
-        <div className="mb-4 sm:mb-0">
-          <AlertTitle>
-            <Trans>Delete organisation</Trans>
-          </AlertTitle>
-
-          <AlertDescription className="mr-2">
-            <Trans>
-              Permanently delete this organisation. Documents will be orphaned (not deleted) so they remain accessible
-              via the deleted-account service account.
-            </Trans>
-          </AlertDescription>
-        </div>
-
-        <div>
-          <AdminOrganisationDeleteDialog organisationId={organisation.id} organisationName={organisation.name} />
-        </div>
-      </Alert>
    </div>
  );
 }
@@ -1,7 +1,6 @@
 import { findUsers } from '@documenso/lib/server-only/user/get-all-users';
 import { Trans } from '@lingui/react/macro';

-import { AdminUserCreateDialog } from '~/components/dialogs/admin-user-create-dialog';
 import { AdminDashboardUsersTable } from '~/components/tables/admin-dashboard-users-table';

 import type { Route } from './+types/users._index';
@@ -28,13 +27,9 @@ export default function AdminManageUsersPage({ loaderData }: Route.ComponentProp

  return (
    <div>
-      <div className="mb-6 flex items-center justify-between">
-        <h2 className="font-semibold text-4xl">
-          <Trans>Manage users</Trans>
-        </h2>
-
-        <AdminUserCreateDialog />
-      </div>
+      <h2 className="font-semibold text-4xl">
+        <Trans>Manage users</Trans>
+      </h2>

      <AdminDashboardUsersTable users={users} totalPages={totalPages} page={page} perPage={perPage} />
    </div>
@@ -150,7 +150,6 @@ export default function SigningCertificate({ loaderData }: Route.ComponentProps)
    let authLevel = match(actionAuthMethod)
      .with('ACCOUNT', () => _(msg`Account Re-Authentication`))
      .with('TWO_FACTOR_AUTH', () => _(msg`Two-Factor Re-Authentication`))
-      .with('EXTERNAL_TWO_FACTOR_AUTH', () => _(msg`External Two-Factor Re-Authentication`))
      .with('PASSWORD', () => _(msg`Password Re-Authentication`))
      .with('PASSKEY', () => _(msg`Passkey Re-Authentication`))
      .with('EXPLICIT_NONE', () => _(msg`Email`))
@@ -40,6 +40,6 @@ export const handleInitialsFieldClick = async (

  return {
    type: FieldType.INITIALS,
-    value: initialsToInsert,
+    value: initials,
  };
 };
@@ -106,5 +106,5 @@
    "vite-plugin-babel-macros": "^1.0.6",
    "vite-tsconfig-paths": "^5.1.4"
  },
-  "version": "2.11.0"
+  "version": "2.10.1"
 }
@@ -1,3 +1,4 @@
+import { getFileExtensionForMimeType } from '@documenso/lib/constants/upload';
 import { AppError, AppErrorCode } from '@documenso/lib/errors/app-error';
 import { generatePartialSignedPdf } from '@documenso/lib/server-only/pdf/generate-partial-signed-pdf';
 import { getTeamById } from '@documenso/lib/server-only/team/get-team';
@@ -24,6 +25,8 @@ type DocumentDataInput = {
  type: DocumentDataType;
  data: string;
  initialData: string;
+  originalData?: string | null;
+  originalMimeType?: string | null;
 };

 type EnvelopeForPendingDownload = {
@@ -84,7 +87,19 @@ const handleStaticFileRequest = async ({
  isDownload,
  context: c,
 }: StaticFileRequestOptions) => {
-  const documentDataToUse = version === 'signed' ? documentData.data : documentData.initialData;
+  const shouldServeOriginalSourceFile =
+    version === 'original' &&
+    documentData.originalData &&
+    documentData.originalMimeType &&
+    documentData.originalMimeType !== 'application/pdf';
+
+  const documentDataToUse = shouldServeOriginalSourceFile
+    ? documentData.originalData!
+    : version === 'signed'
+      ? documentData.data
+      : documentData.initialData;
+
+  const contentType = shouldServeOriginalSourceFile ? documentData.originalMimeType! : 'application/pdf';

  const etag = Buffer.from(sha256(documentDataToUse)).toString('hex');

@@ -105,7 +120,7 @@ const handleStaticFileRequest = async ({
    return c.json({ error: 'File not found' }, 404);
  }

-  c.header('Content-Type', 'application/pdf');
+  c.header('Content-Type', contentType);
  c.header('ETag', etag);

  if (!isDownload) {
@@ -117,10 +132,17 @@ const handleStaticFileRequest = async ({
  }

  if (isDownload) {
-    // Generate filename following the pattern from envelope-download-dialog.tsx
-    const baseTitle = title.replace(/\.pdf$/, '');
-    const suffix = version === 'signed' ? '_signed.pdf' : '.pdf';
-    const filename = `${baseTitle}${suffix}`;
+    const baseTitle = title.replace(/\.[^/.]+$/, '');
+
+    let filename: string;
+    if (version === 'signed') {
+      filename = `${baseTitle}_signed.pdf`;
+    } else if (shouldServeOriginalSourceFile) {
+      const extension = getFileExtensionForMimeType(documentData.originalMimeType!);
+      filename = `${baseTitle}${extension}`;
+    } else {
+      filename = `${baseTitle}.pdf`;
+    }

    c.header('Content-Disposition', contentDisposition(filename));

@@ -46,7 +46,7 @@ export const filesRoute = new Hono<HonoEnv>()
        return c.json({ error: 'File too large' }, 400);
      }

-      const result = await putNormalizedPdfFileServerSide(file);
+      const result = await putNormalizedPdfFileServerSide({ file });

      return c.json(result);
    } catch (error) {
@@ -1,8 +1,261 @@
 # Docker Setup for Documenso

-For full instructions on running Documenso with Docker, see the official documentation:
+The following guide will walk you through setting up Documenso using Docker. You can choose between a production setup using Docker Compose or a standalone container.

- [Docker Deployment](https://docs.documenso.com/docs/self-hosting/deployment/docker) — Standalone container with an external database
- [Docker Compose Deployment](https://docs.documenso.com/docs/self-hosting/deployment/docker-compose) — Production setup with PostgreSQL included
- [Environment Variables](https://docs.documenso.com/docs/self-hosting/configuration/environment) — Full configuration reference
- [Signing Certificate](https://docs.documenso.com/docs/self-hosting/configuration/signing-certificate) — Set up document signing
+## Prerequisites
+
+Before you begin, ensure that you have the following installed:
+
+- Docker
+- Docker Compose (if using the Docker Compose setup)
+
+## Option 1: Production Docker Compose Setup
+
+This setup includes a PostgreSQL database and the Documenso application. You will need to provide your own SMTP details via environment variables.
+
+1. Download the Docker Compose file from the Documenso repository: [compose.yml](https://raw.githubusercontent.com/documenso/documenso/release/docker/production/compose.yml)
+2. Navigate to the directory containing the `compose.yml` file.
+3. Create a `.env` file in the same directory and add your SMTP details as well as a few extra environment variables, following the example below:
+
+```
+# Generate random secrets (you can use: openssl rand -hex 32)
+NEXTAUTH_SECRET="<your-secret>"
+NEXT_PRIVATE_ENCRYPTION_KEY="<your-key>"
+NEXT_PRIVATE_ENCRYPTION_SECONDARY_KEY="<your-secondary-key>"
+
+# Your application URL
+NEXT_PUBLIC_WEBAPP_URL="<your-url>"
+
+# SMTP Configuration
+NEXT_PRIVATE_SMTP_TRANSPORT="smtp-auth"
+NEXT_PRIVATE_SMTP_HOST="<your-host>"
+NEXT_PRIVATE_SMTP_PORT=<your-port>
+NEXT_PRIVATE_SMTP_USERNAME="<your-username>"
+NEXT_PRIVATE_SMTP_PASSWORD="<your-password>"
+NEXT_PRIVATE_SMTP_FROM_NAME="<your-from-name>"
+NEXT_PRIVATE_SMTP_FROM_ADDRESS="<your-from-email>"
+
+# Certificate passphrase (required)
+NEXT_PRIVATE_SIGNING_PASSPHRASE="<your-certificate-password>"
+```
+
+4. Set up your signing certificate. You have three options:
+
+   **Option A: Generate Certificate Inside Container (Recommended)**
+
+   Start your containers first, then generate a self-signed certificate:
+
+   ```bash
+   # Start containers
+   docker-compose up -d
+
+   # Set certificate password securely (won't appear in command history)
+   read -s -p "Enter certificate password: " CERT_PASS
+   echo
+
+   # Generate certificate inside container using environment variable
+   docker exec -e CERT_PASS="$CERT_PASS" -it documenso-production-documenso-1 bash -c "
+     openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
+       -keyout /tmp/private.key \
+       -out /tmp/certificate.crt \
+       -subj '/C=US/ST=State/L=City/O=Organization/CN=localhost' && \
+     openssl pkcs12 -export -out /app/certs/cert.p12 \
+       -inkey /tmp/private.key -in /tmp/certificate.crt \
+       -passout env:CERT_PASS && \
+     rm /tmp/private.key /tmp/certificate.crt
+   "
+
+   # Restart container
+   docker-compose restart documenso
+   ```
+
+   **Option B: Use Existing Certificate**
+
+   If you have an existing `.p12` certificate, update the volume binding in `compose.yml`:
+
+   ```yaml
+   volumes:
+     - /path/to/your/cert.p12:/opt/documenso/cert.p12:ro
+   ```
+
+5. Run the following command to start the containers:
+
+```
+docker-compose --env-file ./.env up -d
+```
+
+This will start the PostgreSQL database and the Documenso application containers.
+
+6. Access the Documenso application by visiting `http://localhost:3000` in your web browser.
+
+## Option 2: Standalone Docker Container
+
+If you prefer to host the Documenso application on your container provider of choice, you can use the pre-built Docker image from DockerHub or GitHub's Package Registry. Note that you will need to provide your own database and SMTP host.
+
+1. Pull the Documenso Docker image:
+
+```
+docker pull documenso/documenso
+```
+
+Or, if using GitHub's Package Registry:
+
+```
+docker pull ghcr.io/documenso/documenso
+```
+
+2. Run the Docker container, providing the necessary environment variables for your database and SMTP host:
+
+```
+docker run -d \
+  -p 3000:3000 \
+  -e NEXTAUTH_SECRET="<your-nextauth-secret>" \
+  -e NEXT_PRIVATE_ENCRYPTION_KEY="<your-next-private-encryption-key>" \
+  -e NEXT_PRIVATE_ENCRYPTION_SECONDARY_KEY="<your-next-private-encryption-secondary-key>" \
+  -e NEXT_PUBLIC_WEBAPP_URL="<your-next-public-webapp-url>" \
+  -e NEXT_PRIVATE_INTERNAL_WEBAPP_URL="http://localhost:3000" \
+  -e NEXT_PRIVATE_DATABASE_URL="<your-next-private-database-url>" \
+  -e NEXT_PRIVATE_DIRECT_DATABASE_URL="<your-next-private-database-url>" \
+  -e NEXT_PRIVATE_SMTP_TRANSPORT="<your-next-private-smtp-transport>" \
+  -e NEXT_PRIVATE_SMTP_FROM_NAME="<your-next-private-smtp-from-name>" \
+  -e NEXT_PRIVATE_SMTP_FROM_ADDRESS="<your-next-private-smtp-from-address>" \
+  -e NEXT_PRIVATE_SIGNING_PASSPHRASE="<your-certificate-password>" \
+  -v /path/to/your/cert.p12:/opt/documenso/cert.p12:ro \
+  documenso/documenso
+```
+
+Replace the placeholders with your actual database and SMTP details.
+
+3. Access the Documenso application by visiting the URL you provided in the `NEXT_PUBLIC_WEBAPP_URL` environment variable in your web browser.
+
+## Success
+
+You have now successfully set up Documenso using Docker. You can start organizing and managing your documents efficiently.
+
+## Troubleshooting
+
+### Certificate Permission Issues
+
+If you encounter errors related to certificate access, here are common solutions:
+
+#### Error: "Failed to read signing certificate"
+
+1. **Check file exists:**
+
+   ```bash
+   ls -la /path/to/your/cert.p12
+   ```
+
+2. **Fix permissions:**
+
+   ```bash
+   chmod 644 /path/to/your/cert.p12
+   chown 1001:1001 /path/to/your/cert.p12
+   ```
+
+3. **Verify Docker mount:**
+   ```bash
+   docker exec -it <container_name> ls -la /opt/documenso/cert.p12
+   ```
+
+### Container Logs
+
+Check application logs for detailed error information:
+
+```bash
+# For Docker Compose
+docker-compose logs -f documenso
+
+# For standalone container
+docker logs -f <container_name>
+```
+
+### Health Checks
+
+Check the status of your Documenso instance:
+
+```bash
+# Basic health check (database + certificate)
+curl http://localhost:3000/api/health
+
+# Detailed certificate status
+curl http://localhost:3000/api/certificate-status
+```
+
+The health endpoint will show:
+
+- `status: "ok"` - Everything working properly
+- `status: "warning"` - App running but certificate issues
+- `status: "error"` - Critical issues (database down, etc.)
+
+### Common Issues
+
+1. **Port already in use:** Change the port mapping in compose.yml or your docker run command
+2. **Database connection issues:** Ensure your database is running and accessible
+3. **SMTP errors:** Verify your email server settings in the .env file
+
+If you encounter any issues or have further questions, please refer to the official Documenso documentation or seek assistance from the community.
+
+## Advanced Configuration
+
+The environment variables listed above are a subset of those that are available for configuring Documenso. For a complete list of environment variables and their descriptions, refer to the table below:
+
+Here's a markdown table documenting all the provided environment variables:
+
+| Variable                                                       | Description                                                                                         |
+| -------------------------------------------------------------- | --------------------------------------------------------------------------------------------------- |
+| `PORT`                                                         | The port to run the Documenso application on, defaults to `3000`.                                   |
+| `NEXTAUTH_SECRET`                                              | The secret key used by NextAuth.js for encryption and signing.                                      |
+| `NEXT_PRIVATE_ENCRYPTION_KEY`                                  | The primary encryption key for symmetric encryption and decryption (at least 32 characters).        |
+| `NEXT_PRIVATE_ENCRYPTION_SECONDARY_KEY`                        | The secondary encryption key for symmetric encryption and decryption (at least 32 characters).      |
+| `NEXT_PRIVATE_GOOGLE_CLIENT_ID`                                | The Google client ID for Google authentication (optional).                                          |
+| `NEXT_PRIVATE_GOOGLE_CLIENT_SECRET`                            | The Google client secret for Google authentication (optional).                                      |
+| `NEXT_PUBLIC_WEBAPP_URL`                                       | The URL for the web application.                                                                    |
+| `NEXT_PRIVATE_DATABASE_URL`                                    | The URL for the primary database connection (with connection pooling).                              |
+| `NEXT_PRIVATE_DIRECT_DATABASE_URL`                             | The URL for the direct database connection (without connection pooling).                            |
+| `NEXT_PRIVATE_SIGNING_TRANSPORT`                               | The signing transport to use. Available options: local (default), gcloud-hsm                        |
+| `NEXT_PRIVATE_SIGNING_PASSPHRASE`                              | The passphrase for the key file.                                                                    |
+| `NEXT_PRIVATE_SIGNING_LOCAL_FILE_CONTENTS`                     | The base64-encoded contents of the key file, will be used instead of file path.                     |
+| `NEXT_PRIVATE_SIGNING_LOCAL_FILE_PATH`                         | The path to the key file, default `/opt/documenso/cert.p12`.                                        |
+| `NEXT_PRIVATE_SIGNING_GCLOUD_HSM_KEY_PATH`                     | The Google Cloud HSM key path for the gcloud-hsm signing transport.                                 |
+| `NEXT_PRIVATE_SIGNING_GCLOUD_HSM_PUBLIC_CRT_FILE_PATH`         | The path to the Google Cloud HSM public certificate file for the gcloud-hsm transport.              |
+| `NEXT_PRIVATE_SIGNING_GCLOUD_HSM_PUBLIC_CRT_FILE_CONTENTS`     | The base64-encoded Google Cloud HSM public certificate for the gcloud-hsm transport.                |
+| `NEXT_PRIVATE_SIGNING_GCLOUD_APPLICATION_CREDENTIALS_CONTENTS` | The base64-encoded Google Cloud Credentials for the gcloud-hsm transport.                           |
+| `NEXT_PRIVATE_SIGNING_GCLOUD_HSM_CERT_CHAIN_FILE_PATH`         | The path to the certificate chain file for the gcloud-hsm transport.                                |
+| `NEXT_PRIVATE_SIGNING_GCLOUD_HSM_CERT_CHAIN_CONTENTS`          | The base64-encoded certificate chain for the gcloud-hsm transport.                                  |
+| `NEXT_PRIVATE_SIGNING_GCLOUD_HSM_SECRET_MANAGER_CERT_PATH`     | The Google Secret Manager path to retrieve the certificate for the gcloud-hsm transport.            |
+| `NEXT_PRIVATE_SIGNING_TIMESTAMP_AUTHORITY`                     | Comma-separated list of timestamp authority URLs for PDF signing (enables LTV).                     |
+| `NEXT_PUBLIC_SIGNING_CONTACT_INFO`                             | Contact info to embed in PDF signatures. Defaults to the webapp URL.                                |
+| `NEXT_PRIVATE_USE_LEGACY_SIGNING_SUBFILTER`                    | Set to "true" to use legacy adbe.pkcs7.detached subfilter instead of ETSI.CAdES.detached.           |
+| `NEXT_PUBLIC_UPLOAD_TRANSPORT`                                 | The transport to use for file uploads (database or s3).                                             |
+| `NEXT_PRIVATE_UPLOAD_ENDPOINT`                                 | The endpoint for the S3 storage transport (for third-party S3-compatible providers).                |
+| `NEXT_PRIVATE_UPLOAD_FORCE_PATH_STYLE`                         | Whether to force path-style URLs for the S3 storage transport.                                      |
+| `NEXT_PRIVATE_UPLOAD_REGION`                                   | The region for the S3 storage transport (defaults to us-east-1).                                    |
+| `NEXT_PRIVATE_UPLOAD_BUCKET`                                   | The bucket to use for the S3 storage transport.                                                     |
+| `NEXT_PRIVATE_UPLOAD_ACCESS_KEY_ID`                            | The access key ID for the S3 storage transport.                                                     |
+| `NEXT_PRIVATE_UPLOAD_SECRET_ACCESS_KEY`                        | The secret access key for the S3 storage transport.                                                 |
+| `NEXT_PRIVATE_SMTP_TRANSPORT`                                  | The transport to use for sending emails (smtp-auth, smtp-api, resend, or mailchannels).             |
+| `NEXT_PRIVATE_SMTP_HOST`                                       | The host for the SMTP server for SMTP transports.                                                   |
+| `NEXT_PRIVATE_SMTP_PORT`                                       | The port for the SMTP server for SMTP transports.                                                   |
+| `NEXT_PRIVATE_SMTP_USERNAME`                                   | The username for the SMTP server for the `smtp-auth` transport.                                     |
+| `NEXT_PRIVATE_SMTP_PASSWORD`                                   | The password for the SMTP server for the `smtp-auth` transport.                                     |
+| `NEXT_PRIVATE_SMTP_APIKEY_USER`                                | The API key user for the SMTP server for the `smtp-api` transport.                                  |
+| `NEXT_PRIVATE_SMTP_APIKEY`                                     | The API key for the SMTP server for the `smtp-api` transport.                                       |
+| `NEXT_PRIVATE_SMTP_SECURE`                                     | Whether to force the use of TLS for the SMTP server for SMTP transports.                            |
+| `NEXT_PRIVATE_SMTP_UNSAFE_IGNORE_TLS`                          | If true, then no TLS will be used (even if STARTTLS is supported)                                   |
+| `NEXT_PRIVATE_SMTP_FROM_ADDRESS`                               | The email address for the "from" address.                                                           |
+| `NEXT_PRIVATE_SMTP_FROM_NAME`                                  | The sender name for the "from" address.                                                             |
+| `NEXT_PRIVATE_RESEND_API_KEY`                                  | The API key for Resend.com for the `resend` transport.                                              |
+| `NEXT_PRIVATE_MAILCHANNELS_API_KEY`                            | The optional API key for MailChannels (if using a proxy) for the `mailchannels` transport.          |
+| `NEXT_PRIVATE_MAILCHANNELS_ENDPOINT`                           | The optional endpoint for the MailChannels API (if using a proxy) for the `mailchannels` transport. |
+| `NEXT_PRIVATE_MAILCHANNELS_DKIM_DOMAIN`                        | The domain for DKIM signing with MailChannels for the `mailchannels` transport.                     |
+| `NEXT_PRIVATE_MAILCHANNELS_DKIM_SELECTOR`                      | The selector for DKIM signing with MailChannels for the `mailchannels` transport.                   |
+| `NEXT_PRIVATE_MAILCHANNELS_DKIM_PRIVATE_KEY`                   | The private key for DKIM signing with MailChannels for the `mailchannels` transport.                |
+| `NEXT_PUBLIC_DOCUMENT_SIZE_UPLOAD_LIMIT`                       | The maximum document upload limit displayed to the user (in MB).                                    |
+| `NEXT_PUBLIC_POSTHOG_KEY`                                      | The optional PostHog key for analytics and feature flags.                                           |
+| `NEXT_PUBLIC_DISABLE_SIGNUP`                                   | Master switch. Set to `true` to disable all signup methods (incl. organisation OIDC portal).        |
+| `NEXT_PUBLIC_DISABLE_EMAIL_PASSWORD_SIGNUP`                    | Set to `true` to disable email/password signup only. SSO signup is unaffected.                      |
+| `NEXT_PUBLIC_DISABLE_GOOGLE_SIGNUP`                            | Set to `true` to block new accounts via Google. Existing Google-linked users can still sign in.     |
+| `NEXT_PUBLIC_DISABLE_MICROSOFT_SIGNUP`                         | Set to `true` to block new accounts via Microsoft. Existing linked users can still sign in.         |
+| `NEXT_PUBLIC_DISABLE_OIDC_SIGNUP`                              | Set to `true` to block new accounts via OIDC (incl. organisation portal). Existing users unaffected.|
+| `NEXT_PRIVATE_ALLOWED_SIGNUP_DOMAINS`                          | Comma-separated list of email domains allowed to sign up (e.g., `example.com,acme.org`).            |
@@ -1,36 +0,0 @@
-FROM gotenberg/gotenberg:8-libreoffice
-
-# Install Microsoft Core Fonts (Arial, Times New Roman, Courier New, Verdana,
-# Georgia, Comic Sans MS, Trebuchet MS, Impact, Andale Mono, Webdings) so that
-# LibreOffice can render typical Word documents faithfully. The default image
-# only ships metric-compatible substitutes (Carlito for Calibri, Liberation for
-# Arial/Times/Courier) which preserve layout widths but look noticeably wrong.
-#
-# `ttf-mscorefonts-installer` lives in the non-free repo and requires accepting
-# the Microsoft EULA, which we do non-interactively via debconf-set-selections.
-USER root
-
-RUN echo "deb http://deb.debian.org/debian trixie contrib non-free" \
-      > /etc/apt/sources.list.d/contrib.list \
-    && echo "ttf-mscorefonts-installer msttcorefonts/accepted-mscorefonts-eula select true" \
-      | debconf-set-selections \
-    && apt-get update -qq \
-    && DEBIAN_FRONTEND=noninteractive apt-get install -y -qq --no-install-recommends \
-        ca-certificates \
-        wget \
-        unzip \
-        culmus \
-        ttf-mscorefonts-installer \
-        fonts-symbola \
-        fonts-noto-extra \
-        fonts-hosny-amiri \
-        fonts-thai-tlwg \
-        fonts-sil-padauk \
-        fonts-sarai \
-        fonts-samyak-taml \
-        libfribidi0 \
-        libharfbuzz0b \
-    && fc-cache -f \
-    && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
-
-USER gotenberg
@@ -49,50 +49,13 @@ services:
    command: -c 'mkdir -p /data/documenso && minio server /data --console-address ":9001" --address ":9002"'

  gotenberg:
-    build:
-      context: .
-      dockerfile: Dockerfile.gotenberg
-    image: documenso-dev-gotenberg:latest
+    image: gotenberg/gotenberg:8
    container_name: gotenberg
-    restart: unless-stopped
    ports:
-      - 3005:3000
-    environment:
-      # Basic auth credentials Gotenberg checks when `--api-enable-basic-auth`
-      # is passed. Dev defaults are non-secret — match
-      # `NEXT_PRIVATE_DOCUMENT_CONVERSION_USERNAME` / `_PASSWORD` in `.env`.
-      GOTENBERG_API_BASIC_AUTH_USERNAME: documenso
-      GOTENBERG_API_BASIC_AUTH_PASSWORD: password
+      - 3001:3000
    command:
-      - gotenberg
-      # Require basic auth on every API route — prevents anyone with network
-      # access to the container from invoking conversions.
-      - --api-enable-basic-auth
-      # SSRF defence in depth: reject any outbound fetch LibreOffice tries to
-      # make to a private/loopback/link-local/cloud-metadata address while
-      # processing an uploaded document. Mitigates CVE-2026-42591 (malicious
-      # docx files embedding `TargetMode="External"` references to internal
-      # services). Added in Gotenberg 8.32.0.
-      - --libreoffice-deny-private-ips
-      # Generous server-side timeout; the Node client aborts at 30 s by
-      # default, so this is just a safety net.
-      - --api-timeout=500s
-      # Pre-warm LibreOffice at boot so the first request isn't cold.
-      - --libreoffice-auto-start
-      - --libreoffice-start-timeout=300s
-      # Disable surfaces we don't use to shrink the attack surface.
-      - --pdfengines-disable-routes
-      - --webhook-disable
-      # Verbose logs for the dev compose only.
-      - --log-level=debug
-    healthcheck:
-      # `/health` is exempt from `--api-enable-basic-auth` so the check
-      # doesn't need to authenticate.
-      test: ['CMD', 'curl', '-fsS', 'http://localhost:3000/health']
-      interval: 10s
-      timeout: 5s
-      retries: 5
-      start_period: 20s
+      - 'gotenberg'
+      - '--api-timeout=30s'

 volumes:
  minio:
@@ -5,7 +5,7 @@
    "apps/*",
    "packages/*"
  ],
-  "version": "2.11.0",
+  "version": "2.10.1",
  "scripts": {
    "postinstall": "patch-package",
    "build": "turbo run build",
@@ -88,7 +88,7 @@
  "dependencies": {
    "@ai-sdk/google-vertex": "3.0.81",
    "@documenso/prisma": "*",
-    "@libpdf/core": "^0.3.6",
+    "@libpdf/core": "^0.3.3",
    "@lingui/conf": "^5.6.0",
    "@lingui/core": "^5.6.0",
    "@prisma/extension-read-replicas": "^0.4.1",
@@ -814,9 +814,11 @@ export const ApiContractV1Implementation = tsr.router(ApiContractV1, {
      });

      const newDocumentData = await putNormalizedPdfFileServerSide({
-        name: fileName,
-        type: 'application/pdf',
-        arrayBuffer: async () => Promise.resolve(prefilled),
+        file: {
+          name: fileName,
+          type: 'application/pdf',
+          arrayBuffer: async () => Promise.resolve(prefilled),
+        },
      });

      await prisma.envelopeItem.update({
@@ -1,574 +0,0 @@
-import { prisma } from '@documenso/prisma';
-import { BackgroundJobStatus, DocumentStatus, EnvelopeType, Role } from '@documenso/prisma/client';
-import { seedBlankDocument } from '@documenso/prisma/seed/documents';
-import { seedOrganisationMembers } from '@documenso/prisma/seed/organisations';
-import { seedUser } from '@documenso/prisma/seed/users';
-import { expect, test } from '@playwright/test';
-
-import { apiSignin, apiSignout } from '../../fixtures/authentication';
-
-/**
- * Helper that polls until the `admin.organisation.delete` background job for the
- * supplied organisation has finished (status COMPLETED). Returns the org id.
- */
-const waitForOrganisationDeletionJob = async (organisationId: string) => {
-  await expect
-    .poll(
-      async () => {
-        const job = await prisma.backgroundJob.findFirst({
-          where: {
-            jobId: 'internal.admin-delete-organisation',
-            // payload is JSON; match the organisationId field.
-            payload: {
-              path: ['organisationId'],
-              equals: organisationId,
-            },
-          },
-          orderBy: { submittedAt: 'desc' },
-        });
-
-        return job?.status ?? null;
-      },
-      {
-        message: `Background deletion job for organisation ${organisationId} did not complete in time`,
-        timeout: 30_000,
-        intervals: [250, 500, 1000],
-      },
-    )
-    .toBe(BackgroundJobStatus.COMPLETED);
-};
-
-const waitForOrganisationToBeGone = async (organisationId: string) => {
-  await expect
-    .poll(
-      async () => {
-        const org = await prisma.organisation.findUnique({
-          where: { id: organisationId },
-          select: { id: true },
-        });
-
-        return org === null;
-      },
-      {
-        message: `Organisation ${organisationId} was not removed`,
-        timeout: 30_000,
-        intervals: [250, 500, 1000],
-      },
-    )
-    .toBe(true);
-};
-
-test.describe.configure({ mode: 'parallel' });
-
-// ─── Happy path ──────────────────────────────────────────────────────────────
-
-test('[ADMIN][DELETE_ORG]: admin can delete an organisation via the dialog', async ({ page }) => {
-  const { user: adminUser } = await seedUser({ isAdmin: true });
-  const { organisation } = await seedUser({ isPersonalOrganisation: false });
-
-  await apiSignin({
-    page,
-    email: adminUser.email,
-    redirectPath: `/admin/organisations/${organisation.id}`,
-  });
-
-  await expect(page.getByRole('heading', { name: 'Danger Zone' })).toBeVisible();
-
-  // Open the dialog
-  await page.getByRole('button', { name: 'Delete' }).first().click();
-
-  const dialog = page.getByRole('dialog');
-  await expect(dialog).toBeVisible();
-
-  // The Delete submit button is initially enabled but submission should fail
-  // until the confirmation text matches. Type it now.
-  await dialog.getByRole('textbox').fill(`delete ${organisation.name}`);
-
-  // The "send email to owner" checkbox should be checked by default.
-  const emailCheckbox = dialog.getByRole('checkbox');
-  await expect(emailCheckbox).toBeChecked();
-
-  await dialog.getByRole('button', { name: 'Delete', exact: true }).click();
-
-  // Dialog closes on success
-  await expect(dialog).not.toBeVisible({ timeout: 10_000 });
-
-  // Background job completes and the org is removed
-  await waitForOrganisationDeletionJob(organisation.id);
-  await waitForOrganisationToBeGone(organisation.id);
-});
-
-// ─── Confirmation text validation ────────────────────────────────────────────
-
-test('[ADMIN][DELETE_ORG]: typing the wrong confirmation text prevents deletion', async ({ page }) => {
-  const { user: adminUser } = await seedUser({ isAdmin: true });
-  const { organisation } = await seedUser({ isPersonalOrganisation: false });
-
-  await apiSignin({
-    page,
-    email: adminUser.email,
-    redirectPath: `/admin/organisations/${organisation.id}`,
-  });
-
-  await page.getByRole('button', { name: 'Delete' }).first().click();
-
-  const dialog = page.getByRole('dialog');
-  await expect(dialog).toBeVisible();
-
-  // Type something that does NOT match.
-  await dialog.getByRole('textbox').fill('delete wrong-name');
-
-  await dialog.getByRole('button', { name: 'Delete', exact: true }).click();
-
-  // Validation message should appear and the dialog should stay open.
-  await expect(dialog.getByText(/You must enter/)).toBeVisible();
-  await expect(dialog).toBeVisible();
-
-  // Org is still there.
-  const stillExists = await prisma.organisation.findUnique({ where: { id: organisation.id } });
-  expect(stillExists).not.toBeNull();
-});
-
-test('[ADMIN][DELETE_ORG]: empty confirmation text prevents deletion', async ({ page }) => {
-  const { user: adminUser } = await seedUser({ isAdmin: true });
-  const { organisation } = await seedUser({ isPersonalOrganisation: false });
-
-  await apiSignin({
-    page,
-    email: adminUser.email,
-    redirectPath: `/admin/organisations/${organisation.id}`,
-  });
-
-  await page.getByRole('button', { name: 'Delete' }).first().click();
-
-  const dialog = page.getByRole('dialog');
-  await dialog.getByRole('button', { name: 'Delete', exact: true }).click();
-
-  await expect(dialog.getByText(/You must enter/)).toBeVisible();
-  await expect(dialog).toBeVisible();
-
-  const stillExists = await prisma.organisation.findUnique({ where: { id: organisation.id } });
-  expect(stillExists).not.toBeNull();
-});
-
-// ─── Cancel ──────────────────────────────────────────────────────────────────
-
-test('[ADMIN][DELETE_ORG]: clicking Cancel closes the dialog without deleting', async ({ page }) => {
-  const { user: adminUser } = await seedUser({ isAdmin: true });
-  const { organisation } = await seedUser({ isPersonalOrganisation: false });
-
-  await apiSignin({
-    page,
-    email: adminUser.email,
-    redirectPath: `/admin/organisations/${organisation.id}`,
-  });
-
-  await page.getByRole('button', { name: 'Delete' }).first().click();
-
-  const dialog = page.getByRole('dialog');
-  await expect(dialog).toBeVisible();
-
-  // Fill in the correct text but cancel anyway.
-  await dialog.getByRole('textbox').fill(`delete ${organisation.name}`);
-  await dialog.getByRole('button', { name: 'Cancel' }).click();
-
-  await expect(dialog).not.toBeVisible();
-
-  // Org still there.
-  const stillExists = await prisma.organisation.findUnique({ where: { id: organisation.id } });
-  expect(stillExists).not.toBeNull();
-});
-
-// ─── Email checkbox ──────────────────────────────────────────────────────────
-
-test('[ADMIN][DELETE_ORG]: email checkbox can be unchecked, payload reflects choice', async ({ page }) => {
-  const { user: adminUser } = await seedUser({ isAdmin: true });
-  const { organisation } = await seedUser({ isPersonalOrganisation: false });
-
-  await apiSignin({
-    page,
-    email: adminUser.email,
-    redirectPath: `/admin/organisations/${organisation.id}`,
-  });
-
-  await page.getByRole('button', { name: 'Delete' }).first().click();
-
-  const dialog = page.getByRole('dialog');
-  const emailCheckbox = dialog.getByRole('checkbox');
-
-  // Default is checked.
-  await expect(emailCheckbox).toBeChecked();
-
-  // Uncheck it.
-  await emailCheckbox.click();
-  await expect(emailCheckbox).not.toBeChecked();
-
-  await dialog.getByRole('textbox').fill(`delete ${organisation.name}`);
-  await dialog.getByRole('button', { name: 'Delete', exact: true }).click();
-
-  await expect(dialog).not.toBeVisible({ timeout: 10_000 });
-
-  // Verify the enqueued job payload has sendEmailToOwner=false.
-  await expect
-    .poll(
-      async () => {
-        const job = await prisma.backgroundJob.findFirst({
-          where: {
-            jobId: 'internal.admin-delete-organisation',
-            payload: { path: ['organisationId'], equals: organisation.id },
-          },
-        });
-
-        if (!job) {
-          return null;
-        }
-
-        const payload = job.payload as { sendEmailToOwner?: boolean };
-        return payload.sendEmailToOwner;
-      },
-      { timeout: 15_000 },
-    )
-    .toBe(false);
-
-  await waitForOrganisationDeletionJob(organisation.id);
-  await waitForOrganisationToBeGone(organisation.id);
-});
-
-// ─── Documents are orphaned, not deleted ─────────────────────────────────────
-
-test('[ADMIN][DELETE_ORG]: envelopes authored by owner and members are orphaned, drafts are removed', async ({
-  page,
-}) => {
-  const { user: adminUser } = await seedUser({ isAdmin: true });
-  const { user: owner, organisation, team } = await seedUser({ isPersonalOrganisation: false });
-
-  // Add two organisation members who will author their own envelopes.
-  const [memberUser, managerUser] = await seedOrganisationMembers({
-    organisationId: organisation.id,
-    members: [{ organisationRole: 'MEMBER' }, { organisationRole: 'MANAGER' }],
-  });
-
-  // ── Owner-authored envelopes ──────────────────────────────────────────────
-  const ownerCompleted = await seedBlankDocument(owner, team.id, { key: 'owner-completed' });
-  await prisma.envelope.update({
-    where: { id: ownerCompleted.id },
-    data: { status: DocumentStatus.COMPLETED },
-  });
-
-  const ownerPending = await seedBlankDocument(owner, team.id, { key: 'owner-pending' });
-  await prisma.envelope.update({
-    where: { id: ownerPending.id },
-    data: { status: DocumentStatus.PENDING },
-  });
-
-  const ownerDraft = await seedBlankDocument(owner, team.id, { key: 'owner-draft' });
-
-  // ── Member-authored envelopes ─────────────────────────────────────────────
-  const memberCompleted = await seedBlankDocument(memberUser, team.id, { key: 'member-completed' });
-  await prisma.envelope.update({
-    where: { id: memberCompleted.id },
-    data: { status: DocumentStatus.COMPLETED },
-  });
-
-  const memberPending = await seedBlankDocument(memberUser, team.id, { key: 'member-pending' });
-  await prisma.envelope.update({
-    where: { id: memberPending.id },
-    data: { status: DocumentStatus.PENDING },
-  });
-
-  const memberDraft = await seedBlankDocument(memberUser, team.id, { key: 'member-draft' });
-
-  // ── Manager-authored envelope (third author for good measure) ─────────────
-  const managerRejected = await seedBlankDocument(managerUser, team.id, { key: 'manager-rejected' });
-  await prisma.envelope.update({
-    where: { id: managerRejected.id },
-    data: { status: DocumentStatus.REJECTED },
-  });
-
-  // Sanity check: before deletion all 7 envelopes belong to the team and
-  // retain their original authors.
-  const beforeCount = await prisma.envelope.count({ where: { teamId: team.id } });
-  expect(beforeCount).toBe(7);
-
-  // ── Trigger the deletion via the admin UI ─────────────────────────────────
-  await apiSignin({
-    page,
-    email: adminUser.email,
-    redirectPath: `/admin/organisations/${organisation.id}`,
-  });
-
-  await page.getByRole('button', { name: 'Delete' }).first().click();
-  const dialog = page.getByRole('dialog');
-  await dialog.getByRole('textbox').fill(`delete ${organisation.name}`);
-  await dialog.getByRole('button', { name: 'Delete', exact: true }).click();
-  await expect(dialog).not.toBeVisible({ timeout: 10_000 });
-
-  await waitForOrganisationDeletionJob(organisation.id);
-  await waitForOrganisationToBeGone(organisation.id);
-
-  // The deleted-account service account is where orphaned envelopes land.
-  const deletedAccount = await prisma.user.findFirstOrThrow({
-    where: { email: { startsWith: 'deleted-account@' } },
-    select: { id: true, ownedOrganisations: { select: { teams: { select: { id: true } } } } },
-  });
-  const deletedAccountTeamId = deletedAccount.ownedOrganisations[0].teams[0].id;
-
-  // ── Owner-authored envelopes ──────────────────────────────────────────────
-  // Completed/pending: orphaned (reparented to service account + deletedAt set).
-  for (const original of [ownerCompleted, ownerPending]) {
-    const after = await prisma.envelope.findUnique({
-      where: { id: original.id },
-      select: { id: true, teamId: true, userId: true, deletedAt: true },
-    });
-    expect(after, `owner envelope ${original.id} should survive as orphan`).not.toBeNull();
-    expect(after?.teamId).toBe(deletedAccountTeamId);
-    expect(after?.userId).toBe(deletedAccount.id);
-    expect(after?.deletedAt).not.toBeNull();
-  }
-
-  // Draft: hard-deleted because orphan only re-parents PENDING/REJECTED/COMPLETED.
-  const ownerDraftAfter = await prisma.envelope.findUnique({
-    where: { id: ownerDraft.id },
-    select: { id: true },
-  });
-  expect(ownerDraftAfter, 'owner draft should be hard-deleted').toBeNull();
-
-  // ── Member-authored envelopes (the critical case) ─────────────────────────
-  // The orphan logic filters by teamId only — NOT by userId — so member-authored
-  // envelopes must be orphaned just like the owner's.
-  for (const original of [memberCompleted, memberPending]) {
-    const after = await prisma.envelope.findUnique({
-      where: { id: original.id },
-      select: { id: true, teamId: true, userId: true, deletedAt: true },
-    });
-    expect(after, `member envelope ${original.id} should survive as orphan`).not.toBeNull();
-    expect(after?.teamId).toBe(deletedAccountTeamId);
-    expect(after?.userId).toBe(deletedAccount.id);
-    expect(after?.deletedAt).not.toBeNull();
-  }
-
-  const memberDraftAfter = await prisma.envelope.findUnique({
-    where: { id: memberDraft.id },
-    select: { id: true },
-  });
-  expect(memberDraftAfter, 'member draft should be hard-deleted').toBeNull();
-
-  // ── Manager-authored rejected envelope: also orphaned ─────────────────────
-  const managerRejectedAfter = await prisma.envelope.findUnique({
-    where: { id: managerRejected.id },
-    select: { id: true, teamId: true, userId: true, deletedAt: true },
-  });
-  expect(managerRejectedAfter).not.toBeNull();
-  expect(managerRejectedAfter?.teamId).toBe(deletedAccountTeamId);
-  expect(managerRejectedAfter?.userId).toBe(deletedAccount.id);
-
-  // ── Original team is gone, member users still exist ───────────────────────
-  const teamAfter = await prisma.team.findUnique({ where: { id: team.id } });
-  expect(teamAfter).toBeNull();
-
-  // No envelope should reference the now-deleted team.
-  const orphanedToOldTeam = await prisma.envelope.count({ where: { teamId: team.id } });
-  expect(orphanedToOldTeam).toBe(0);
-
-  // The owner and members survive — only the org is deleted, not the users.
-  const ownerAfter = await prisma.user.findUnique({ where: { id: owner.id } });
-  const memberAfter = await prisma.user.findUnique({ where: { id: memberUser.id } });
-  const managerAfter = await prisma.user.findUnique({ where: { id: managerUser.id } });
-  expect(ownerAfter).not.toBeNull();
-  expect(memberAfter).not.toBeNull();
-  expect(managerAfter).not.toBeNull();
-});
-
-// ─── Owner can no longer access the deleted organisation ─────────────────────
-
-test('[ADMIN][DELETE_ORG]: the original owner loses access after deletion', async ({ page }) => {
-  const { user: adminUser } = await seedUser({ isAdmin: true });
-  const { user: owner, organisation } = await seedUser({ isPersonalOrganisation: false });
-
-  await apiSignin({
-    page,
-    email: adminUser.email,
-    redirectPath: `/admin/organisations/${organisation.id}`,
-  });
-
-  await page.getByRole('button', { name: 'Delete' }).first().click();
-  const dialog = page.getByRole('dialog');
-  await dialog.getByRole('textbox').fill(`delete ${organisation.name}`);
-  await dialog.getByRole('button', { name: 'Delete', exact: true }).click();
-  await expect(dialog).not.toBeVisible({ timeout: 10_000 });
-
-  await waitForOrganisationDeletionJob(organisation.id);
-  await waitForOrganisationToBeGone(organisation.id);
-
-  // Sign in as the original owner and confirm they can no longer reach the
-  // organisation settings page.
-  await apiSignout({ page });
-
-  await apiSignin({
-    page,
-    email: owner.email,
-    redirectPath: `/o/${organisation.url}/settings/general`,
-  });
-
-  // They should NOT see the organisation settings heading for this org.
-  await expect(page.getByText('Organisation Settings')).not.toBeVisible();
-});
-
-// ─── Access control: UI ──────────────────────────────────────────────────────
-
-test('[ADMIN][DELETE_ORG]: non-admin user cannot access /admin/organisations/$id', async ({ page }) => {
-  const { user: nonAdminUser } = await seedUser({ isAdmin: false });
-  const { organisation } = await seedUser({ isPersonalOrganisation: false });
-
-  await apiSignin({
-    page,
-    email: nonAdminUser.email,
-    redirectPath: `/admin/organisations/${organisation.id}`,
-  });
-
-  // The admin layout loader redirects non-admins to "/". They must not see the
-  // admin panel or any Delete affordance.
-  await expect(page.getByRole('heading', { name: 'Admin Panel' })).not.toBeVisible();
-  await expect(page.getByRole('heading', { name: 'Danger Zone' })).not.toBeVisible();
-  await expect(page.getByRole('button', { name: 'Delete' })).not.toBeVisible();
-
-  // The org must still exist.
-  const stillExists = await prisma.organisation.findUnique({ where: { id: organisation.id } });
-  expect(stillExists).not.toBeNull();
-});
-
-test('[ADMIN][DELETE_ORG]: unauthenticated user cannot access /admin/organisations/$id', async ({ page }) => {
-  const { organisation } = await seedUser({ isPersonalOrganisation: false });
-
-  // No apiSignin call. Navigate directly.
-  await page.goto(`/admin/organisations/${organisation.id}`);
-
-  // Unauthenticated requests should be redirected away from any /admin/* route.
-  await expect(page).not.toHaveURL(new RegExp(`/admin/organisations/${organisation.id}`));
-  await expect(page.getByRole('heading', { name: 'Danger Zone' })).not.toBeVisible();
-
-  const stillExists = await prisma.organisation.findUnique({ where: { id: organisation.id } });
-  expect(stillExists).not.toBeNull();
-});
-
-// ─── Belt-and-braces: organisation owner (without admin role) can't use it ──
-
-test('[ADMIN][DELETE_ORG]: an organisation owner without admin role cannot reach the admin delete UI', async ({
-  page,
-}) => {
-  const { user: owner, organisation } = await seedUser({ isPersonalOrganisation: false });
-
-  // Confirm the owner is NOT an admin (sanity check on the seed).
-  expect(owner.roles).not.toContain(Role.ADMIN);
-
-  await apiSignin({
-    page,
-    email: owner.email,
-    redirectPath: `/admin/organisations/${organisation.id}`,
-  });
-
-  await expect(page.getByRole('heading', { name: 'Danger Zone' })).not.toBeVisible();
-  await expect(page.getByRole('button', { name: 'Delete' })).not.toBeVisible();
-
-  const stillExists = await prisma.organisation.findUnique({ where: { id: organisation.id } });
-  expect(stillExists).not.toBeNull();
-});
-
-// ─── Org with multiple members triggers email to the OWNER only ─────────────
-
-test('[ADMIN][DELETE_ORG]: job payload targets the organisation owner for the email notification', async ({ page }) => {
-  const { user: adminUser } = await seedUser({ isAdmin: true });
-  const { user: owner, organisation } = await seedUser({ isPersonalOrganisation: false });
-
-  await seedOrganisationMembers({
-    organisationId: organisation.id,
-    members: [{ organisationRole: 'MEMBER' }, { organisationRole: 'ADMIN' }, { organisationRole: 'MANAGER' }],
-  });
-
-  await apiSignin({
-    page,
-    email: adminUser.email,
-    redirectPath: `/admin/organisations/${organisation.id}`,
-  });
-
-  await page.getByRole('button', { name: 'Delete' }).first().click();
-  const dialog = page.getByRole('dialog');
-  await dialog.getByRole('textbox').fill(`delete ${organisation.name}`);
-  await dialog.getByRole('button', { name: 'Delete', exact: true }).click();
-  await expect(dialog).not.toBeVisible({ timeout: 10_000 });
-
-  // The job payload should record the admin who requested the delete and
-  // sendEmailToOwner=true. (Verifying the actual email send is out of scope
-  // for this test; we verify the payload only.)
-  await expect
-    .poll(
-      async () => {
-        const job = await prisma.backgroundJob.findFirst({
-          where: {
-            jobId: 'internal.admin-delete-organisation',
-            payload: { path: ['organisationId'], equals: organisation.id },
-          },
-        });
-
-        if (!job) {
-          return null;
-        }
-
-        const payload = job.payload as {
-          sendEmailToOwner?: boolean;
-          requestedByUserId?: number;
-        };
-
-        return payload;
-      },
-      { timeout: 15_000 },
-    )
-    .toMatchObject({
-      sendEmailToOwner: true,
-      requestedByUserId: adminUser.id,
-    });
-
-  await waitForOrganisationDeletionJob(organisation.id);
-  await waitForOrganisationToBeGone(organisation.id);
-
-  // Owner user record itself is NOT deleted — only the org.
-  const ownerStillExists = await prisma.user.findUnique({ where: { id: owner.id } });
-  expect(ownerStillExists).not.toBeNull();
-});
-
-// ─── EnvelopeType.TEMPLATE is also cleaned up via orphan flow ───────────────
-
-test('[ADMIN][DELETE_ORG]: template envelopes are removed (not orphaned)', async ({ page }) => {
-  const { user: adminUser } = await seedUser({ isAdmin: true });
-  const { user: owner, organisation, team } = await seedUser({ isPersonalOrganisation: false });
-
-  // Create a TEMPLATE envelope. orphanEnvelopes only re-parents DOCUMENT
-  // envelopes; templates fall into the "deleteMany" path.
-  const draftDoc = await seedBlankDocument(owner, team.id, { key: 'tmpl' });
-  await prisma.envelope.update({
-    where: { id: draftDoc.id },
-    data: { type: EnvelopeType.TEMPLATE },
-  });
-
-  await apiSignin({
-    page,
-    email: adminUser.email,
-    redirectPath: `/admin/organisations/${organisation.id}`,
-  });
-
-  await page.getByRole('button', { name: 'Delete' }).first().click();
-  const dialog = page.getByRole('dialog');
-  await dialog.getByRole('textbox').fill(`delete ${organisation.name}`);
-  await dialog.getByRole('button', { name: 'Delete', exact: true }).click();
-  await expect(dialog).not.toBeVisible({ timeout: 10_000 });
-
-  await waitForOrganisationDeletionJob(organisation.id);
-  await waitForOrganisationToBeGone(organisation.id);
-
-  const templateAfter = await prisma.envelope.findUnique({
-    where: { id: draftDoc.id },
-    select: { id: true },
-  });
-
-  expect(templateAfter).toBeNull();
-});
@@ -1,387 +0,0 @@
-import { prisma } from '@documenso/prisma';
-import { seedTestEmail, seedUser } from '@documenso/prisma/seed/users';
-import { expect, test } from '@playwright/test';
-
-import { apiSignin } from '../../fixtures/authentication';
-
-test.describe.configure({ mode: 'parallel' });
-
-/**
- * Fill in the create-user dialog and submit it.
- * Assumes the dialog trigger is already visible on the page.
- */
-const submitCreateUserDialog = async ({
-  page,
-  email,
-  name,
-}: {
-  page: import('@playwright/test').Page;
-  email: string;
-  name: string;
-}) => {
-  await page.getByRole('button', { name: 'Create User' }).first().click();
-
-  const dialog = page.getByRole('dialog');
-  await expect(dialog).toBeVisible();
-
-  await dialog.getByLabel('Email').fill(email);
-  await dialog.getByLabel('Name').fill(name);
-
-  await dialog.getByTestId('dialog-create-user-button').click();
-};
-
-// ─── Happy path ──────────────────────────────────────────────────────────────
-
-test('[ADMIN][CREATE_USER]: admin can create a new user via the dialog', async ({ page }) => {
-  const { user: adminUser } = await seedUser({ isAdmin: true });
-
-  const newUserEmail = seedTestEmail();
-  const newUserName = 'New Created User';
-
-  await apiSignin({
-    page,
-    email: adminUser.email,
-    redirectPath: '/admin/users',
-  });
-
-  await expect(page.getByRole('heading', { name: 'Manage users' })).toBeVisible();
-
-  await submitCreateUserDialog({ page, email: newUserEmail, name: newUserName });
-
-  // After success the dialog closes and we navigate to /admin/users/:id.
-  await expect(page).toHaveURL(/\/admin\/users\/\d+$/, { timeout: 10_000 });
-
-  // The user-detail page renders the user's name in the heading.
-  await expect(page.getByRole('heading', { name: `Manage ${newUserName}'s profile` })).toBeVisible();
-
-  // The user exists in the database.
-  const created = await prisma.user.findUnique({
-    where: { email: newUserEmail.toLowerCase() },
-  });
-
-  expect(created).not.toBeNull();
-  expect(created?.name).toBe(newUserName);
-});
-
-// ─── emailVerified is set + password is null for admin-created users ────────
-
-test('[ADMIN][CREATE_USER]: a newly created user has emailVerified set and no password', async ({ page }) => {
-  const { user: adminUser } = await seedUser({ isAdmin: true });
-
-  const newUserEmail = seedTestEmail();
-
-  await apiSignin({
-    page,
-    email: adminUser.email,
-    redirectPath: '/admin/users',
-  });
-
-  await submitCreateUserDialog({
-    page,
-    email: newUserEmail,
-    name: 'Pending Password User',
-  });
-
-  // Wait for redirect to confirm the request finished.
-  await expect(page).toHaveURL(/\/admin\/users\/\d+$/, { timeout: 10_000 });
-
-  // Admin-created users start with:
-  //  - emailVerified set (the admin vouches for the email)
-  //  - password null (user must set it via the welcome email reset link)
-  // The "password=null" state hard-blocks login at email-password.ts:101,
-  // forcing the user through the reset-link flow before they can sign in.
-  const created = await prisma.user.findUnique({
-    where: { email: newUserEmail.toLowerCase() },
-    select: { id: true, emailVerified: true, password: true },
-  });
-
-  expect(created, 'user should exist in the database').not.toBeNull();
-  expect(
-    created?.emailVerified,
-    'admin-created user should have emailVerified set — admin vouches for the email',
-  ).not.toBeNull();
-  expect(
-    created?.password,
-    'admin-created user must have password=null — they must set one via the welcome reset link',
-  ).toBeNull();
-});
-
-// ─── Welcome email side effect: a PasswordResetToken is issued ───────────────
-
-test('[ADMIN][CREATE_USER]: creating a user issues a PasswordResetToken valid for ~24 hours', async ({ page }) => {
-  const { user: adminUser } = await seedUser({ isAdmin: true });
-  const newUserEmail = seedTestEmail();
-
-  await apiSignin({
-    page,
-    email: adminUser.email,
-    redirectPath: '/admin/users',
-  });
-
-  const beforeCreation = Date.now();
-
-  await submitCreateUserDialog({
-    page,
-    email: newUserEmail,
-    name: 'Token Recipient',
-  });
-
-  await expect(page).toHaveURL(/\/admin\/users\/\d+$/, { timeout: 10_000 });
-
-  const created = await prisma.user.findUniqueOrThrow({
-    where: { email: newUserEmail.toLowerCase() },
-    select: { id: true },
-  });
-
-  // The PasswordResetToken is created by an async background job
-  // (send.admin.user.created.email), so poll until it shows up.
-  await expect
-    .poll(
-      async () => {
-        const found = await prisma.passwordResetToken.findFirst({
-          where: { userId: created.id },
-        });
-        return found === null ? null : 'found';
-      },
-      {
-        message: `PasswordResetToken for user ${created.id} was not created by the welcome-email job in time`,
-        timeout: 30_000,
-        intervals: [250, 500, 1000],
-      },
-    )
-    .toBe('found');
-
-  // Now that we know it exists, fetch it with strict types.
-  const token = await prisma.passwordResetToken.findFirstOrThrow({
-    where: { userId: created.id },
-  });
-
-  // Token should be ~24h in the future (allow a generous fudge window).
-  const expiry = token.expiry.getTime();
-  const expectedExpiry = beforeCreation + 24 * 60 * 60 * 1000;
-  const driftMs = Math.abs(expiry - expectedExpiry);
-
-  // Allow up to 5 minutes of drift (test setup, db round-trips, clock skew,
-  // plus job scheduling delay).
-  expect(driftMs, `token expiry should be ~24h from now, drift was ${driftMs}ms`).toBeLessThan(5 * 60 * 1000);
-
-  // The token value should be a non-trivial hex string.
-  expect(token.token.length).toBeGreaterThanOrEqual(32);
-  expect(token.token).toMatch(/^[a-f0-9]+$/);
-});
-
-// ─── Duplicate email is rejected ─────────────────────────────────────────────
-
-test('[ADMIN][CREATE_USER]: creating a user with an email that already exists is rejected', async ({ page }) => {
-  const { user: adminUser } = await seedUser({ isAdmin: true });
-
-  // Seed an existing user whose email we'll collide with.
-  const { user: existingUser } = await seedUser({ isPersonalOrganisation: true });
-
-  await apiSignin({
-    page,
-    email: adminUser.email,
-    redirectPath: '/admin/users',
-  });
-
-  await submitCreateUserDialog({
-    page,
-    email: existingUser.email,
-    name: 'Collision Attempt',
-  });
-
-  // The dialog should stay open OR an error toast should surface. Either way
-  // we must NOT navigate to a new user detail page.
-  await page.waitForTimeout(1000);
-  await expect(page).not.toHaveURL(/\/admin\/users\/\d+$/);
-
-  // The existing user record must not have been mutated by the attempt.
-  const stillExisting = await prisma.user.findUnique({
-    where: { email: existingUser.email },
-    select: { id: true, name: true, emailVerified: true },
-  });
-
-  expect(stillExisting?.id).toBe(existingUser.id);
-  expect(stillExisting?.name).toBe(existingUser.name);
-  // The seeded user was verified — make sure the failed create didn't
-  // somehow flip the flag.
-  expect(stillExisting?.emailVerified).not.toBeNull();
-
-  // Count of users with this email must still be 1.
-  const matching = await prisma.user.count({
-    where: { email: existingUser.email },
-  });
-  expect(matching).toBe(1);
-});
-
-// ─── Validation: empty form ──────────────────────────────────────────────────
-
-test('[ADMIN][CREATE_USER]: submitting an empty form shows validation errors and does not create a user', async ({
-  page,
-}) => {
-  const { user: adminUser } = await seedUser({ isAdmin: true });
-
-  await apiSignin({
-    page,
-    email: adminUser.email,
-    redirectPath: '/admin/users',
-  });
-
-  await page.getByRole('button', { name: 'Create User' }).first().click();
-
-  const dialog = page.getByRole('dialog');
-  await expect(dialog).toBeVisible();
-
-  // Submit without filling anything.
-  await dialog.getByTestId('dialog-create-user-button').click();
-
-  // Validation errors are surfaced for both required fields. Their presence
-  // proves react-hook-form's zodResolver blocked the submit before the
-  // mutation ran, so no DB write could have happened.
-  await expect(dialog.getByLabel('Email')).toHaveAttribute('aria-invalid', 'true');
-  await expect(dialog.getByLabel('Name')).toHaveAttribute('aria-invalid', 'true');
-
-  // Dialog stays open and we must not have navigated to a user detail page.
-  await expect(dialog).toBeVisible();
-  await expect(page).not.toHaveURL(/\/admin\/users\/\d+$/);
-});
-
-// ─── Validation: malformed email ─────────────────────────────────────────────
-
-test('[ADMIN][CREATE_USER]: a malformed email is rejected client-side', async ({ page }) => {
-  const { user: adminUser } = await seedUser({ isAdmin: true });
-
-  await apiSignin({
-    page,
-    email: adminUser.email,
-    redirectPath: '/admin/users',
-  });
-
-  await page.getByRole('button', { name: 'Create User' }).first().click();
-
-  const dialog = page.getByRole('dialog');
-  await expect(dialog).toBeVisible();
-
-  const emailInput = dialog.getByLabel('Email');
-
-  await emailInput.fill('not-an-email');
-  await dialog.getByLabel('Name').fill('Some Name');
-
-  // The Email input is rendered with type="email" and the form does not set
-  // noValidate, so the browser's native HTML5 constraint validation rejects
-  // the malformed value and blocks the submit event from ever firing. (As a
-  // result react-hook-form's zodResolver never runs and `aria-invalid` is
-  // not flipped to true — the browser is the layer doing the rejection.) We
-  // assert directly on the input's ValidityState to prove the value is
-  // recognised as invalid client-side.
-  await expect(emailInput).toHaveJSProperty('validity.valid', false);
-
-  await dialog.getByTestId('dialog-create-user-button').click();
-
-  // Dialog stays open and we must not have navigated.
-  await expect(dialog).toBeVisible();
-  await expect(page).not.toHaveURL(/\/admin\/users\/\d+$/);
-
-  // The bogus email is definitely not present in the DB — a targeted check
-  // on a specific row, not a global count, so it's safe to run in parallel.
-  const bogus = await prisma.user.findFirst({
-    where: { email: 'not-an-email' },
-  });
-  expect(bogus).toBeNull();
-});
-
-// ─── Cancel button closes dialog without creating ───────────────────────────
-
-test('[ADMIN][CREATE_USER]: clicking Cancel closes the dialog and does not create a user', async ({ page }) => {
-  const { user: adminUser } = await seedUser({ isAdmin: true });
-
-  await apiSignin({
-    page,
-    email: adminUser.email,
-    redirectPath: '/admin/users',
-  });
-
-  const newUserEmail = seedTestEmail();
-
-  await page.getByRole('button', { name: 'Create User' }).first().click();
-
-  const dialog = page.getByRole('dialog');
-  await expect(dialog).toBeVisible();
-
-  // Fill in valid data but cancel anyway.
-  await dialog.getByLabel('Email').fill(newUserEmail);
-  await dialog.getByLabel('Name').fill('Cancelled User');
-
-  await dialog.getByRole('button', { name: 'Cancel' }).click();
-
-  await expect(dialog).not.toBeVisible();
-
-  // No user was created with that email.
-  const created = await prisma.user.findUnique({
-    where: { email: newUserEmail.toLowerCase() },
-  });
-  expect(created).toBeNull();
-});
-
-// ─── Email is lowercased when stored ─────────────────────────────────────────
-
-test('[ADMIN][CREATE_USER]: email entered with mixed case is normalised to lowercase', async ({ page }) => {
-  const { user: adminUser } = await seedUser({ isAdmin: true });
-
-  // Build a known mixed-case email.
-  const rawEmail = seedTestEmail();
-  const mixedCaseEmail = rawEmail.replace(/^./, (c) => c.toUpperCase());
-
-  await apiSignin({
-    page,
-    email: adminUser.email,
-    redirectPath: '/admin/users',
-  });
-
-  await submitCreateUserDialog({
-    page,
-    email: mixedCaseEmail,
-    name: 'Mixed Case Email User',
-  });
-
-  await expect(page).toHaveURL(/\/admin\/users\/\d+$/, { timeout: 10_000 });
-
-  // Look up by lowercased form — that's the canonical storage.
-  const created = await prisma.user.findUnique({
-    where: { email: rawEmail.toLowerCase() },
-    select: { id: true, email: true, emailVerified: true },
-  });
-
-  expect(created).not.toBeNull();
-  expect(created?.email).toBe(rawEmail.toLowerCase());
-  // Verified — admin vouches for the email. Case normalisation must not
-  // affect verification state.
-  expect(created?.emailVerified).not.toBeNull();
-});
-
-// ─── Access control: non-admin cannot see the Create User affordance ────────
-
-test('[ADMIN][CREATE_USER]: non-admin user redirected away from /admin/users and cannot see Create User button', async ({
-  page,
-}) => {
-  const { user: nonAdminUser } = await seedUser({ isAdmin: false });
-
-  await apiSignin({
-    page,
-    email: nonAdminUser.email,
-    redirectPath: '/admin/users',
-  });
-
-  // Non-admins are redirected away from /admin/*; the admin heading must not
-  // be visible.
-  await expect(page.getByRole('heading', { name: 'Manage users' })).not.toBeVisible();
-  await expect(page.getByRole('button', { name: 'Create User' })).not.toBeVisible();
-});
-
-test('[ADMIN][CREATE_USER]: unauthenticated user cannot access /admin/users', async ({ page }) => {
-  // No apiSignin — just navigate directly.
-  await page.goto('/admin/users');
-
-  await expect(page).not.toHaveURL(/\/admin\/users$/);
-  await expect(page.getByRole('button', { name: 'Create User' })).not.toBeVisible();
-});
@@ -1,252 +0,0 @@
-import { NEXT_PUBLIC_WEBAPP_URL } from '@documenso/lib/constants/app';
-import { prisma } from '@documenso/prisma';
-import { seedUser } from '@documenso/prisma/seed/users';
-import type { Page } from '@playwright/test';
-import { expect, test } from '@playwright/test';
-
-import { apiSignin } from '../../../fixtures/authentication';
-
-const WEBAPP_BASE_URL = NEXT_PUBLIC_WEBAPP_URL();
-
-test.describe.configure({ mode: 'parallel' });
-
-const callDeleteOrganisation = async (
-  page: Page,
-  input: {
-    organisationId: string;
-    organisationName: string;
-    sendEmailToOwner: boolean;
-  },
-) => {
-  return await page.context().request.post(`${WEBAPP_BASE_URL}/api/trpc/admin.organisation.delete`, {
-    headers: { 'content-type': 'application/json' },
-    data: JSON.stringify({ json: input }),
-  });
-};
-
-// ─── Access control ──────────────────────────────────────────────────────────
-
-test('[ADMIN][TRPC][DELETE_ORG]: unauthenticated request is rejected with 401', async ({ page }) => {
-  const { organisation } = await seedUser({ isPersonalOrganisation: false });
-
-  // No sign-in.
-  const res = await callDeleteOrganisation(page, {
-    organisationId: organisation.id,
-    organisationName: organisation.name,
-    sendEmailToOwner: true,
-  });
-
-  expect(res.ok()).toBeFalsy();
-  expect(res.status()).toBe(401);
-
-  // Org must still exist.
-  const stillExists = await prisma.organisation.findUnique({ where: { id: organisation.id } });
-  expect(stillExists).not.toBeNull();
-
-  // No deletion job must have been enqueued.
-  const job = await prisma.backgroundJob.findFirst({
-    where: {
-      jobId: 'internal.admin-delete-organisation',
-      payload: { path: ['organisationId'], equals: organisation.id },
-    },
-  });
-  expect(job).toBeNull();
-});
-
-test('[ADMIN][TRPC][DELETE_ORG]: non-admin authenticated user is rejected with 401', async ({ page }) => {
-  const { user: nonAdminUser } = await seedUser({ isAdmin: false });
-  const { organisation } = await seedUser({ isPersonalOrganisation: false });
-
-  await apiSignin({ page, email: nonAdminUser.email });
-
-  const res = await callDeleteOrganisation(page, {
-    organisationId: organisation.id,
-    organisationName: organisation.name,
-    sendEmailToOwner: true,
-  });
-
-  expect(res.ok()).toBeFalsy();
-  expect(res.status()).toBe(401);
-
-  const stillExists = await prisma.organisation.findUnique({ where: { id: organisation.id } });
-  expect(stillExists).not.toBeNull();
-
-  const job = await prisma.backgroundJob.findFirst({
-    where: {
-      jobId: 'internal.admin-delete-organisation',
-      payload: { path: ['organisationId'], equals: organisation.id },
-    },
-  });
-  expect(job).toBeNull();
-});
-
-test('[ADMIN][TRPC][DELETE_ORG]: organisation owner (non-admin) cannot delete their own org via admin route', async ({
-  page,
-}) => {
-  // Owners can delete via the regular organisation.delete endpoint, but the
-  // ADMIN endpoint must reject them too.
-  const { user: owner, organisation } = await seedUser({ isPersonalOrganisation: false });
-
-  await apiSignin({ page, email: owner.email });
-
-  const res = await callDeleteOrganisation(page, {
-    organisationId: organisation.id,
-    organisationName: organisation.name,
-    sendEmailToOwner: true,
-  });
-
-  expect(res.ok()).toBeFalsy();
-  expect(res.status()).toBe(401);
-
-  const stillExists = await prisma.organisation.findUnique({ where: { id: organisation.id } });
-  expect(stillExists).not.toBeNull();
-});
-
-// ─── Validation ──────────────────────────────────────────────────────────────
-
-test('[ADMIN][TRPC][DELETE_ORG]: admin call with mismatched name is rejected and org is preserved', async ({
-  page,
-}) => {
-  const { user: adminUser } = await seedUser({ isAdmin: true });
-  const { organisation } = await seedUser({ isPersonalOrganisation: false });
-
-  await apiSignin({ page, email: adminUser.email });
-
-  const res = await callDeleteOrganisation(page, {
-    organisationId: organisation.id,
-    organisationName: `${organisation.name}-WRONG`,
-    sendEmailToOwner: true,
-  });
-
-  expect(res.ok()).toBeFalsy();
-
-  // Body should contain INVALID_REQUEST error.
-  const body = await res.text();
-  expect(body).toContain('does not match');
-
-  const stillExists = await prisma.organisation.findUnique({ where: { id: organisation.id } });
-  expect(stillExists).not.toBeNull();
-
-  // Most importantly: no job has been enqueued for this org.
-  const job = await prisma.backgroundJob.findFirst({
-    where: {
-      jobId: 'internal.admin-delete-organisation',
-      payload: { path: ['organisationId'], equals: organisation.id },
-    },
-  });
-  expect(job).toBeNull();
-});
-
-test('[ADMIN][TRPC][DELETE_ORG]: admin call against non-existent organisation returns NOT_FOUND', async ({ page }) => {
-  const { user: adminUser } = await seedUser({ isAdmin: true });
-
-  await apiSignin({ page, email: adminUser.email });
-
-  const res = await callDeleteOrganisation(page, {
-    organisationId: 'org_does-not-exist-1234567890',
-    organisationName: 'Anything',
-    sendEmailToOwner: true,
-  });
-
-  expect(res.ok()).toBeFalsy();
-
-  const body = await res.text();
-  expect(body).toContain('Organisation not found');
-});
-
-test('[ADMIN][TRPC][DELETE_ORG]: zod schema rejects malformed input', async ({ page }) => {
-  const { user: adminUser } = await seedUser({ isAdmin: true });
-
-  await apiSignin({ page, email: adminUser.email });
-
-  // Missing organisationName and sendEmailToOwner.
-  const res = await page.context().request.post(`${WEBAPP_BASE_URL}/api/trpc/admin.organisation.delete`, {
-    headers: { 'content-type': 'application/json' },
-    data: JSON.stringify({ json: { organisationId: 'whatever' } }),
-  });
-
-  expect(res.ok()).toBeFalsy();
-  // Zod validation failures surface as 400 from tRPC.
-  expect([400, 422]).toContain(res.status());
-});
-
-// ─── Happy path via tRPC (admin) ────────────────────────────────────────────
-
-test('[ADMIN][TRPC][DELETE_ORG]: admin can delete via the tRPC endpoint directly', async ({ page }) => {
-  const { user: adminUser } = await seedUser({ isAdmin: true });
-  const { organisation } = await seedUser({ isPersonalOrganisation: false });
-
-  await apiSignin({ page, email: adminUser.email });
-
-  const res = await callDeleteOrganisation(page, {
-    organisationId: organisation.id,
-    organisationName: organisation.name,
-    sendEmailToOwner: false,
-  });
-
-  expect(res.ok()).toBeTruthy();
-
-  // Background job should be enqueued; wait for it to complete then verify
-  // the org is gone.
-  await expect
-    .poll(
-      async () => {
-        const job = await prisma.backgroundJob.findFirst({
-          where: {
-            jobId: 'internal.admin-delete-organisation',
-            payload: { path: ['organisationId'], equals: organisation.id },
-          },
-        });
-
-        return job?.status ?? null;
-      },
-      { timeout: 30_000, intervals: [250, 500, 1000] },
-    )
-    .toBe('COMPLETED');
-
-  const org = await prisma.organisation.findUnique({ where: { id: organisation.id } });
-  expect(org).toBeNull();
-});
-
-// ─── Idempotency: calling delete twice does not throw ───────────────────────
-
-test('[ADMIN][TRPC][DELETE_ORG]: a second delete call after deletion is harmless (NOT_FOUND or no-op)', async ({
-  page,
-}) => {
-  const { user: adminUser } = await seedUser({ isAdmin: true });
-  const { organisation } = await seedUser({ isPersonalOrganisation: false });
-
-  await apiSignin({ page, email: adminUser.email });
-
-  // First call succeeds.
-  const first = await callDeleteOrganisation(page, {
-    organisationId: organisation.id,
-    organisationName: organisation.name,
-    sendEmailToOwner: false,
-  });
-  expect(first.ok()).toBeTruthy();
-
-  // Wait for the deletion to actually happen.
-  await expect
-    .poll(
-      async () => {
-        const org = await prisma.organisation.findUnique({ where: { id: organisation.id } });
-        return org === null;
-      },
-      { timeout: 30_000, intervals: [250, 500, 1000] },
-    )
-    .toBe(true);
-
-  // Second call: the org no longer exists, so the route should fail with
-  // NOT_FOUND. It must NOT 500.
-  const second = await callDeleteOrganisation(page, {
-    organisationId: organisation.id,
-    organisationName: organisation.name,
-    sendEmailToOwner: false,
-  });
-  expect(second.ok()).toBeFalsy();
-  expect(second.status()).not.toBe(500);
-
-  const body = await second.text();
-  expect(body).toContain('Organisation not found');
-});
@@ -1,5 +1,4 @@
 import { NEXT_PUBLIC_WEBAPP_URL } from '@documenso/lib/constants/app';
-import { FIELD_SIGNATURE_META_DEFAULT_VALUES } from '@documenso/lib/types/field-meta';
 import { createDocumentAuthOptions } from '@documenso/lib/utils/document-auth';
 import { mapSecondaryIdToTemplateId } from '@documenso/lib/utils/envelope';
 import { formatDirectTemplatePath } from '@documenso/lib/utils/templates';
@@ -8,11 +7,10 @@ import { seedTeam } from '@documenso/prisma/seed/teams';
 import { seedDirectTemplate, seedTemplate } from '@documenso/prisma/seed/templates';
 import { seedTestEmail, seedUser } from '@documenso/prisma/seed/users';
 import { expect, test } from '@playwright/test';
-import { DocumentSigningOrder, FieldType, RecipientRole } from '@prisma/client';
+import { DocumentSigningOrder, RecipientRole } from '@prisma/client';
 import { customAlphabet } from 'nanoid';

 import { apiSignin } from '../fixtures/authentication';
-import { signSignaturePad } from '../fixtures/signature';

 // Duped from `packages/lib/utils/teams.ts` due to errors when importing that file.
 const formatDocumentsPath = (teamUrl: string) => `/t/${teamUrl}/documents`;
@@ -20,47 +18,6 @@ const formatTemplatesPath = (teamUrl: string) => `/t/${teamUrl}/templates`;

 const nanoid = customAlphabet('1234567890abcdef', 10);

-const expectSigningRequestJobForRecipient = async (recipientId: number) => {
-  const job = await prisma.backgroundJob.findFirst({
-    where: {
-      jobId: 'send.signing.requested.email',
-      payload: {
-        path: ['recipientId'],
-        equals: recipientId,
-      },
-    },
-  });
-
-  expect(job).not.toBeNull();
-};
-
-const seedSignatureFieldForRecipient = async (options: {
-  envelopeId: string;
-  recipientId: number;
-  positionY: number;
-}) => {
-  const envelopeItem = await prisma.envelopeItem.findFirstOrThrow({
-    where: { envelopeId: options.envelopeId },
-  });
-
-  return await prisma.field.create({
-    data: {
-      envelopeId: options.envelopeId,
-      envelopeItemId: envelopeItem.id,
-      recipientId: options.recipientId,
-      type: FieldType.SIGNATURE,
-      page: 1,
-      positionX: 5,
-      positionY: options.positionY,
-      width: 20,
-      height: 5,
-      customText: '',
-      inserted: false,
-      fieldMeta: FIELD_SIGNATURE_META_DEFAULT_VALUES,
-    },
-  });
-};
-
 test('[DIRECT_TEMPLATES]: create direct link for template', async ({ page }) => {
  const { team, owner, organisation } = await seedTeam({
    createTeamMembers: 1,
@@ -299,24 +256,11 @@ test('[DIRECT_TEMPLATES]: V1 use direct template link with 2 recipients with nex
    },
  });

-  const directTemplateRecipient = template.recipients[0];
-
-  if (!directTemplateRecipient) {
-    throw new Error('Expected direct template recipient to exist');
-  }
-
-  // All SIGNER recipients need a signature field for sendDocument to dispatch emails.
-  const directSignatureField = await seedSignatureFieldForRecipient({
-    envelopeId: template.id,
-    recipientId: directTemplateRecipient.id,
-    positionY: 10,
-  });
-
  const originalName = 'Signer 2';
  const originalSecondSignerEmail = seedTestEmail();

  // Add another signer
-  const secondRecipient = await prisma.recipient.create({
+  await prisma.recipient.create({
    data: {
      signingOrder: 2,
      envelopeId: template.id,
@@ -327,12 +271,6 @@ test('[DIRECT_TEMPLATES]: V1 use direct template link with 2 recipients with nex
    },
  });

-  await seedSignatureFieldForRecipient({
-    envelopeId: template.id,
-    recipientId: secondRecipient.id,
-    positionY: 20,
-  });
-
  // Check that the direct template link is accessible.
  await page.goto(formatDirectTemplatePath(template.directLink?.token || ''));
  await expect(page.getByRole('heading', { name: 'General' })).toBeVisible();
@@ -341,12 +279,6 @@ test('[DIRECT_TEMPLATES]: V1 use direct template link with 2 recipients with nex
  await page.getByPlaceholder('recipient@documenso.com').fill(seedTestEmail());

  await page.getByRole('button', { name: 'Continue' }).click();
-
-  // Sign the direct template recipient's signature field via the UI.
-  await signSignaturePad(page);
-  await page.locator(`#field-${directSignatureField.id}`).getByRole('button').click();
-  await expect(page.locator(`#field-${directSignatureField.id}`)).toHaveAttribute('data-inserted', 'true');
-
  await page.getByRole('button', { name: 'Complete' }).click();

  await expect(page.getByText('Next Recipient Name')).toBeVisible();
@@ -377,15 +309,8 @@ test('[DIRECT_TEMPLATES]: V1 use direct template link with 2 recipients with nex

  const updatedSecondRecipient = createdEnvelopeRecipients.find((recipient) => recipient.signingOrder === 2);

-  expect(updatedSecondRecipient).toBeDefined();
-
-  if (!updatedSecondRecipient) {
-    throw new Error('Expected second recipient to exist');
-  }
-
-  expect(updatedSecondRecipient.name).toBe(newName);
-  expect(updatedSecondRecipient.email).toBe(newSecondSignerEmail);
-  await expectSigningRequestJobForRecipient(updatedSecondRecipient.id);
+  expect(updatedSecondRecipient?.name).toBe(newName);
+  expect(updatedSecondRecipient?.email).toBe(newSecondSignerEmail);
 });

 test('[DIRECT_TEMPLATES]: V2 use direct template link with 2 recipients with next signer dictation', async ({
@@ -413,24 +338,11 @@ test('[DIRECT_TEMPLATES]: V2 use direct template link with 2 recipients with nex
    },
  });

-  const directTemplateRecipient = template.recipients[0];
-
-  if (!directTemplateRecipient) {
-    throw new Error('Expected direct template recipient to exist');
-  }
-
-  // All SIGNER recipients need a signature field for sendDocument to dispatch emails.
-  const directSignatureField = await seedSignatureFieldForRecipient({
-    envelopeId: template.id,
-    recipientId: directTemplateRecipient.id,
-    positionY: 10,
-  });
-
  const originalName = 'Signer 2';
  const originalSecondSignerEmail = seedTestEmail();

  // Add another signer
-  const secondRecipient = await prisma.recipient.create({
+  await prisma.recipient.create({
    data: {
      signingOrder: 2,
      envelopeId: template.id,
@@ -441,39 +353,10 @@ test('[DIRECT_TEMPLATES]: V2 use direct template link with 2 recipients with nex
    },
  });

-  await seedSignatureFieldForRecipient({
-    envelopeId: template.id,
-    recipientId: secondRecipient.id,
-    positionY: 20,
-  });
-
  // Check that the direct template link is accessible.
  await page.goto(formatDirectTemplatePath(template.directLink?.token || ''));
  await expect(page.getByRole('heading', { name: 'Team direct template link 1' })).toBeVisible();
-
-  // Wait for the PDF and the Konva canvas overlay to be ready.
-  await expect(page.locator('img[data-page-number]').first()).toBeVisible({ timeout: 30_000 });
-  const canvas = page.locator('.konva-container canvas').first();
-  await expect(canvas).toBeVisible({ timeout: 30_000 });
-
-  // Sign the direct template recipient's signature field via the canvas-based V2 UI.
-  await signSignaturePad(page);
-
-  const canvasBox = await canvas.boundingBox();
-
-  if (!canvasBox) {
-    throw new Error('Canvas bounding box not found');
-  }
-
-  const x =
-    (Number(directSignatureField.positionX) / 100) * canvasBox.width +
-    ((Number(directSignatureField.width) / 100) * canvasBox.width) / 2;
-  const y =
-    (Number(directSignatureField.positionY) / 100) * canvasBox.height +
-    ((Number(directSignatureField.height) / 100) * canvasBox.height) / 2;
-
-  await canvas.click({ position: { x, y } });
-  await expect(page.getByText('0 Fields Remaining').first()).toBeVisible({ timeout: 10_000 });
+  await page.waitForTimeout(100);

  await page.getByRole('button', { name: 'Complete' }).click();

@@ -511,13 +394,6 @@ test('[DIRECT_TEMPLATES]: V2 use direct template link with 2 recipients with nex

  const updatedSecondRecipient = createdEnvelopeRecipients.find((recipient) => recipient.signingOrder === 2);

-  expect(updatedSecondRecipient).toBeDefined();
-
-  if (!updatedSecondRecipient) {
-    throw new Error('Expected second recipient to exist');
-  }
-
-  expect(updatedSecondRecipient.name).toBe(newName);
-  expect(updatedSecondRecipient.email).toBe(newSecondSignerEmail);
-  await expectSigningRequestJobForRecipient(updatedSecondRecipient.id);
+  expect(updatedSecondRecipient?.name).toBe(newName);
+  expect(updatedSecondRecipient?.email).toBe(newSecondSignerEmail);
 });
@@ -41,7 +41,7 @@ export default defineConfig({
  /* Shared settings for all the projects below. See https://playwright.dev/docs/api/class-testoptions. */
  use: {
    /* Base URL to use in actions like `await page.goto('/')`. */
-    baseURL: process.env.NEXT_PUBLIC_WEBAPP_URL || 'http://localhost:3000',
+    baseURL: 'http://localhost:3000',

    /* Collect trace when retrying the failed test. See https://playwright.dev/docs/trace-viewer */
    trace: 'retain-on-failure',
@@ -1,57 +0,0 @@
-import { Trans } from '@lingui/react/macro';
-
-import { Button, Link, Section, Text } from '../components';
-import { TemplateDocumentImage } from './template-document-image';
-
-export type TemplateAdminUserCreatedProps = {
-  resetPasswordLink: string;
-  assetBaseUrl: string;
-};
-
-export const TemplateAdminUserCreated = ({ resetPasswordLink, assetBaseUrl }: TemplateAdminUserCreatedProps) => {
-  return (
-    <>
-      <TemplateDocumentImage className="mt-6" assetBaseUrl={assetBaseUrl} />
-
-      <Section className="flex-row items-center justify-center">
-        <Text className="mx-auto mb-0 max-w-[80%] text-center font-semibold text-lg text-primary">
-          <Trans>Welcome to Documenso!</Trans>
-        </Text>
-
-        <Text className="my-1 text-center text-base text-slate-400">
-          <Trans>An administrator has created a Documenso account for you.</Trans>
-        </Text>
-
-        <Text className="my-1 text-center text-base text-slate-400">
-          <Trans>To get started, please set your password by clicking the button below:</Trans>
-        </Text>
-
-        <Section className="mt-8 mb-6 text-center">
-          <Button
-            className="inline-flex items-center justify-center rounded-lg bg-documenso-500 px-6 py-3 text-center font-medium text-black text-sm no-underline"
-            href={resetPasswordLink}
-          >
-            <Trans>Set Password</Trans>
-          </Button>
-          <Text className="mt-8 text-center text-slate-400 text-sm italic">
-            <Trans>
-              You can also copy and paste this link into your browser: {resetPasswordLink} (link expires in 24 hours)
-            </Trans>
-          </Text>
-        </Section>
-
-        <Section className="mt-8">
-          <Text className="text-center text-slate-400 text-sm">
-            <Trans>
-              If you didn't expect this account or have any questions, please{' '}
-              <Link href="mailto:support@documenso.com" className="text-documenso-500">
-                contact support
-              </Link>
-              .
-            </Trans>
-          </Text>
-        </Section>
-      </Section>
-    </>
-  );
-};
@@ -1,45 +0,0 @@
-import { msg } from '@lingui/core/macro';
-import { useLingui } from '@lingui/react';
-
-import { Body, Container, Head, Html, Img, Preview, Section } from '../components';
-import type { TemplateAdminUserCreatedProps } from '../template-components/template-admin-user-created';
-import { TemplateAdminUserCreated } from '../template-components/template-admin-user-created';
-import { TemplateFooter } from '../template-components/template-footer';
-
-export const AdminUserCreatedTemplate = ({
-  resetPasswordLink,
-  assetBaseUrl = 'http://localhost:3002',
-}: TemplateAdminUserCreatedProps) => {
-  const { _ } = useLingui();
-
-  const previewText = msg`Set your password for Documenso`;
-
-  const getAssetUrl = (path: string) => {
-    return new URL(path, assetBaseUrl).toString();
-  };
-
-  return (
-    <Html>
-      <Head />
-      <Preview>{_(previewText)}</Preview>
-      <Body className="mx-auto my-auto bg-white font-sans">
-        <Section>
-          <Container className="mx-auto mt-8 mb-2 max-w-xl rounded-lg border border-slate-200 border-solid p-4 backdrop-blur-sm">
-            <Section>
-              <Img src={getAssetUrl('/static/logo.png')} alt="Documenso Logo" className="mb-4 h-6" />
-
-              <TemplateAdminUserCreated resetPasswordLink={resetPasswordLink} assetBaseUrl={assetBaseUrl} />
-            </Section>
-          </Container>
-          <div className="mx-auto mt-12 max-w-xl" />
-
-          <Container className="mx-auto max-w-xl">
-            <TemplateFooter isDocument={false} />
-          </Container>
-        </Section>
-      </Body>
-    </Html>
-  );
-};
-
-export default AdminUserCreatedTemplate;
@@ -1,75 +0,0 @@
-import { msg } from '@lingui/core/macro';
-import { useLingui } from '@lingui/react';
-
-import { Body, Container, Head, Hr, Html, Img, Preview, Section, Text } from '../components';
-import { useBranding } from '../providers/branding';
-import { TemplateFooter } from '../template-components/template-footer';
-import TemplateImage from '../template-components/template-image';
-
-export type OrganisationDeleteEmailProps = {
-  assetBaseUrl: string;
-  organisationName: string;
-  /**
-   * Whether the deletion was performed by an administrator (as opposed to the owner).
-   * Slightly changes the wording in the email.
-   */
-  deletedByAdmin?: boolean;
-};
-
-export const OrganisationDeleteEmailTemplate = ({
-  assetBaseUrl = 'http://localhost:3002',
-  organisationName = 'Organisation Name Placeholder',
-  deletedByAdmin = false,
-}: OrganisationDeleteEmailProps) => {
-  const { _ } = useLingui();
-  const branding = useBranding();
-
-  const previewText = msg`Your organisation has been deleted`;
-
-  const title = msg`Your organisation has been deleted`;
-
-  const description = deletedByAdmin
-    ? msg`The following organisation has been deleted by an administrator. You and your members will no longer be able to access this organisation, its teams, or its associated data.`
-    : msg`The following organisation has been deleted. You and your members will no longer be able to access this organisation, its teams, or its associated data.`;
-
-  return (
-    <Html>
-      <Head />
-      <Preview>{_(previewText)}</Preview>
-
-      <Body className="mx-auto my-auto font-sans">
-        <Section className="bg-white text-slate-500">
-          <Container className="mx-auto mt-8 mb-2 max-w-xl rounded-lg border border-slate-200 border-solid p-2 backdrop-blur-sm">
-            {branding.brandingEnabled && branding.brandingLogo ? (
-              <Img src={branding.brandingLogo} alt="Branding Logo" className="mb-4 h-6 p-2" />
-            ) : (
-              <TemplateImage assetBaseUrl={assetBaseUrl} className="mb-4 h-6 p-2" staticAsset="logo.png" />
-            )}
-
-            <Section>
-              <TemplateImage className="mx-auto" assetBaseUrl={assetBaseUrl} staticAsset="delete-team.png" />
-            </Section>
-
-            <Section className="p-2 text-slate-500">
-              <Text className="text-center font-medium text-black text-lg">{_(title)}</Text>
-
-              <Text className="my-1 text-center text-base">{_(description)}</Text>
-
-              <div className="mx-auto my-2 w-fit rounded-lg bg-gray-50 px-4 py-2 font-medium text-base text-slate-600">
-                {organisationName}
-              </div>
-            </Section>
-          </Container>
-
-          <Hr className="mx-auto mt-12 max-w-xl" />
-
-          <Container className="mx-auto max-w-xl">
-            <TemplateFooter isDocument={false} />
-          </Container>
-        </Section>
-      </Body>
-    </Html>
-  );
-};
-
-export default OrganisationDeleteEmailTemplate;
@@ -13,7 +13,7 @@ type DownloadPDFProps = {
  /**
   * Specifies which version of the document to download.
   * 'signed': Downloads the signed version (default).
-   * 'original': Downloads the original version.
+   * 'original': Downloads the original version (may be DOCX, PNG, JPEG if converted).
   * 'pending': Downloads the original document with currently-inserted fields burned in.
   *            Only valid while the envelope is in PENDING status. Not supported via
   *            recipient token.
@@ -21,6 +21,29 @@ type DownloadPDFProps = {
  version?: DocumentVersion;
 };

+const getFilenameFromContentDisposition = (header: string | null): string | null => {
+  if (!header) {
+    return null;
+  }
+
+  const filenameStarMatch = header.match(/filename\*=(?:UTF-8''|utf-8'')([^;]+)/i);
+  if (filenameStarMatch) {
+    return decodeURIComponent(filenameStarMatch[1]);
+  }
+
+  const filenameMatch = header.match(/filename="([^"]+)"/);
+  if (filenameMatch) {
+    return filenameMatch[1];
+  }
+
+  const filenameNoQuotesMatch = header.match(/filename=([^;\s]+)/);
+  if (filenameNoQuotesMatch) {
+    return filenameNoQuotesMatch[1];
+  }
+
+  return null;
+};
+
 const versionToFilenameSuffix = (version: DocumentVersion): string => {
  switch (version) {
    case 'signed':
@@ -40,12 +63,22 @@ export const downloadPDF = async ({ envelopeItem, token, fileName, version = 'si
    version,
  });

-  const blob = await fetch(downloadUrl).then(async (res) => await res.blob());
+  const response = await fetch(downloadUrl);
+  const blob = await response.blob();

-  const baseTitle = (fileName ?? 'document').replace(/\.pdf$/, '');
+  const contentDisposition = response.headers.get('Content-Disposition');
+  const serverFilename = getFilenameFromContentDisposition(contentDisposition);
+
+  let filename: string;
+  if (serverFilename) {
+    filename = serverFilename;
+  } else {
+    const baseTitle = (fileName ?? 'document').replace(/\.[^/.]+$/, '');
+    filename = `${baseTitle}${versionToFilenameSuffix(version)}`;
+  }

  downloadFile({
-    filename: `${baseTitle}${versionToFilenameSuffix(version)}`,
+    filename,
    data: blob,
  });
 };
@@ -14,7 +14,6 @@ export const ZNameSchema = z
  .string()
  .trim()
  .min(3, { message: 'Please enter a valid name.' })
-  .max(255, { message: 'Name cannot be more than 255 characters.' })
  .refine((value) => !URL_PATTERN.test(value), {
    message: 'Name cannot contain URLs.',
  });
@@ -26,21 +26,8 @@ export const DOCUMENT_AUTH_TYPES: Record<string, DocumentAuthTypeData> = {
    key: DocumentAuth.PASSWORD,
    value: msg`Require password`,
  },
-  [DocumentAuth.EXTERNAL_TWO_FACTOR_AUTH]: {
-    key: DocumentAuth.EXTERNAL_TWO_FACTOR_AUTH,
-    value: msg`Require external 2FA`,
-  },
  [DocumentAuth.EXPLICIT_NONE]: {
    key: DocumentAuth.EXPLICIT_NONE,
    value: msg`None (Overrides global settings)`,
  },
 } satisfies Record<TDocumentAuth, DocumentAuthTypeData>;
-
-export const SIGNING_2FA_VERIFY_REASON_CODES = {
-  TWO_FA_TOKEN_INVALID: 'TWO_FA_TOKEN_INVALID',
-  TWO_FA_TOKEN_EXPIRED: 'TWO_FA_TOKEN_EXPIRED',
-  TWO_FA_TOKEN_REVOKED: 'TWO_FA_TOKEN_REVOKED',
-  TWO_FA_TOKEN_CONSUMED: 'TWO_FA_TOKEN_CONSUMED',
-  TWO_FA_ATTEMPT_LIMIT_REACHED: 'TWO_FA_ATTEMPT_LIMIT_REACHED',
-  TWO_FA_NOT_ISSUED: 'TWO_FA_NOT_ISSUED',
-} as const;
@@ -1,90 +0,0 @@
-import { env } from '@documenso/lib/utils/env';
-
-export const DOCUMENT_CONVERSION_MIME_TYPE_DOCX =
-  'application/vnd.openxmlformats-officedocument.wordprocessingml.document';
-
-const DEFAULT_DOCUMENT_CONVERSION_TIMEOUT_MS = 30_000;
-
-/**
- * Returns whether the document conversion feature is enabled.
- *
- * Platform-aware:
- * - On the server, checks the private URL is configured.
- * - On the client, reads the derived public flag injected via `window.__ENV__`.
- */
-export const IS_DOCUMENT_CONVERSION_ENABLED = (): boolean => {
-  if (typeof window === 'undefined') {
-    return !!env('NEXT_PRIVATE_DOCUMENT_CONVERSION_URL');
-  }
-
-  return env('NEXT_PUBLIC_DOCUMENT_CONVERSION_ENABLED') === 'true';
-};
-
-/**
- * Returns the configured conversion service base URL as supplied via env, or
- * `undefined` if not configured.
- *
- * Server-side only.
- */
-export const DOCUMENT_CONVERSION_URL = (): string | undefined => {
-  return env('NEXT_PRIVATE_DOCUMENT_CONVERSION_URL');
-};
-
-/**
- * Returns HTTP Basic auth credentials for the conversion service, or
- * `undefined` if either env var is missing. When Gotenberg is started with
- * `--api-enable-basic-auth`, every request must carry these credentials.
- *
- * Server-side only.
- */
-export const DOCUMENT_CONVERSION_AUTH = (): { username: string; password: string } | undefined => {
-  const username = env('NEXT_PRIVATE_DOCUMENT_CONVERSION_USERNAME');
-  const password = env('NEXT_PRIVATE_DOCUMENT_CONVERSION_PASSWORD');
-
-  if (!username || !password) {
-    return undefined;
-  }
-
-  return { username, password };
-};
-
-/**
- * Returns the per-request timeout for conversion calls in milliseconds.
- *
- * Falls back to a 30 second default when the env value is missing or
- * unparseable.
- */
-export const DOCUMENT_CONVERSION_TIMEOUT_MS = (): number => {
-  const raw = env('NEXT_PRIVATE_DOCUMENT_CONVERSION_TIMEOUT_MS');
-
-  if (!raw) {
-    return DEFAULT_DOCUMENT_CONVERSION_TIMEOUT_MS;
-  }
-
-  const parsed = parseInt(raw, 10);
-
-  if (Number.isNaN(parsed) || parsed <= 0) {
-    return DEFAULT_DOCUMENT_CONVERSION_TIMEOUT_MS;
-  }
-
-  return parsed;
-};
-
-/**
- * Returns the mime type -> extensions map that should be passed to the
- * dropzone `accept` config and used for server-side validation.
- *
- * Always includes PDF; only includes DOCX when the conversion feature is
- * enabled.
- */
-export const getAllowedUploadMimeTypes = (): Record<string, string[]> => {
-  const base: Record<string, string[]> = {
-    'application/pdf': ['.pdf'],
-  };
-
-  if (IS_DOCUMENT_CONVERSION_ENABLED()) {
-    base[DOCUMENT_CONVERSION_MIME_TYPE_DOCX] = ['.docx'];
-  }
-
-  return base;
-};
@@ -0,0 +1,23 @@
+import { env } from '@documenso/lib/utils/env';
+
+export const ALLOWED_UPLOAD_MIME_TYPES: Record<string, string[]> = {
+  'application/pdf': ['.pdf'],
+  'application/vnd.openxmlformats-officedocument.wordprocessingml.document': ['.docx'],
+  'image/jpeg': ['.jpg', '.jpeg'],
+  'image/png': ['.png'],
+};
+
+export const isAllowedMimeType = (mimeType: string): boolean =>
+  mimeType in ALLOWED_UPLOAD_MIME_TYPES;
+
+export const getGotenbergUrl = (): string | undefined => env('NEXT_PRIVATE_GOTENBERG_URL');
+
+export const getGotenbergTimeout = (): number => {
+  const timeout = env('NEXT_PRIVATE_GOTENBERG_TIMEOUT');
+  return timeout ? parseInt(timeout, 10) : 30_000;
+};
+
+export const getFileExtensionForMimeType = (mimeType: string): string => {
+  const extensions = ALLOWED_UPLOAD_MIME_TYPES[mimeType];
+  return extensions?.[0] ?? '.pdf';
+};
@@ -1,8 +1,6 @@
 import { JobClient } from './client/client';
-import { SEND_ADMIN_USER_CREATED_EMAIL_JOB_DEFINITION } from './definitions/emails/send-admin-user-created-email';
 import { SEND_CONFIRMATION_EMAIL_JOB_DEFINITION } from './definitions/emails/send-confirmation-email';
 import { SEND_DOCUMENT_CANCELLED_EMAILS_JOB_DEFINITION } from './definitions/emails/send-document-cancelled-emails';
-import { SEND_DOCUMENT_COMPLETED_EMAILS_JOB_DEFINITION } from './definitions/emails/send-document-completed-emails';
 import { SEND_DOCUMENT_CREATED_FROM_DIRECT_TEMPLATE_EMAIL_JOB_DEFINITION } from './definitions/emails/send-document-created-from-direct-template-email';
 import { SEND_ORGANISATION_MEMBER_JOINED_EMAIL_JOB_DEFINITION } from './definitions/emails/send-organisation-member-joined-email';
 import { SEND_ORGANISATION_MEMBER_LEFT_EMAIL_JOB_DEFINITION } from './definitions/emails/send-organisation-member-left-email';
@@ -12,10 +10,8 @@ import { SEND_RECIPIENT_SIGNED_EMAIL_JOB_DEFINITION } from './definitions/emails
 import { SEND_SIGNING_REJECTION_EMAILS_JOB_DEFINITION } from './definitions/emails/send-rejection-emails';
 import { SEND_SIGNING_EMAIL_JOB_DEFINITION } from './definitions/emails/send-signing-email';
 import { SEND_TEAM_DELETED_EMAIL_JOB_DEFINITION } from './definitions/emails/send-team-deleted-email';
-import { ADMIN_DELETE_ORGANISATION_JOB_DEFINITION } from './definitions/internal/admin-delete-organisation';
 import { BACKPORT_SUBSCRIPTION_CLAIM_JOB_DEFINITION } from './definitions/internal/backport-subscription-claims';
 import { BULK_SEND_TEMPLATE_JOB_DEFINITION } from './definitions/internal/bulk-send-template';
-import { CANCEL_ORGANISATION_SUBSCRIPTION_JOB_DEFINITION } from './definitions/internal/cancel-organisation-subscription';
 import { CLEANUP_RATE_LIMITS_JOB_DEFINITION } from './definitions/internal/cleanup-rate-limits';
 import { EXECUTE_WEBHOOK_JOB_DEFINITION } from './definitions/internal/execute-webhook';
 import { EXPIRE_RECIPIENTS_SWEEP_JOB_DEFINITION } from './definitions/internal/expire-recipients-sweep';
@@ -31,7 +27,6 @@ import { SYNC_EMAIL_DOMAINS_JOB_DEFINITION } from './definitions/internal/sync-e
 * triggering jobs.
 */
 export const jobsClient = new JobClient([
-  SEND_ADMIN_USER_CREATED_EMAIL_JOB_DEFINITION,
  SEND_SIGNING_EMAIL_JOB_DEFINITION,
  SEND_CONFIRMATION_EMAIL_JOB_DEFINITION,
  SEND_ORGANISATION_MEMBER_JOINED_EMAIL_JOB_DEFINITION,
@@ -42,7 +37,6 @@ export const jobsClient = new JobClient([
  SEND_PASSWORD_RESET_SUCCESS_EMAIL_JOB_DEFINITION,
  SEND_SIGNING_REJECTION_EMAILS_JOB_DEFINITION,
  SEND_RECIPIENT_SIGNED_EMAIL_JOB_DEFINITION,
-  SEND_DOCUMENT_COMPLETED_EMAILS_JOB_DEFINITION,
  SEND_DOCUMENT_CANCELLED_EMAILS_JOB_DEFINITION,
  SEND_DOCUMENT_CREATED_FROM_DIRECT_TEMPLATE_EMAIL_JOB_DEFINITION,
  SEND_OWNER_RECIPIENT_EXPIRED_EMAIL_JOB_DEFINITION,
@@ -55,8 +49,6 @@ export const jobsClient = new JobClient([
  PROCESS_SIGNING_REMINDER_JOB_DEFINITION,
  CLEANUP_RATE_LIMITS_JOB_DEFINITION,
  SYNC_EMAIL_DOMAINS_JOB_DEFINITION,
-  ADMIN_DELETE_ORGANISATION_JOB_DEFINITION,
-  CANCEL_ORGANISATION_SUBSCRIPTION_JOB_DEFINITION,
 ] as const);

 export const jobs = jobsClient;
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
ephraimduncan	f3f5903760	chore: merge main, resolve biome formatting conflicts Merge origin/main into feat/document-file-conversion. Conflicts were format-only (Tailwind class ordering, single-line vs multi-line) plus two semantic merges: - files.helpers.ts: combine main's pending-PDF download path with the branch's original-source-file (DOCX/PNG/JPEG) download path - download-pdf.ts: combine main's versionToFilenameSuffix helper with the branch's server-provided Content-Disposition filename support	2026-05-12 11:28:47 +00:00
ephraimduncan	f153a7c437	fix: broken merge in team-account-folders E2E test The merge of main into feat/document-file-conversion silently produced a bad hybrid for 'can create a template inside a template folder': main (#2303) replaced the click+setInputFiles flow with fileChooser.setFiles, while this branch only touched .nth(0) within that same block. Git kept both, leaving an obsolete click on 'Upload Template Document'. Apply main's final form.	2026-04-20 10:48:49 +00:00
ephraimduncan	f9cb8d84ed	Merge branch 'main' into feat/document-file-conversion Resolved conflicts: - create-document-data.ts: merged initialData + originalData/originalMimeType - files.helpers.ts: kept both imports - envelope-drop-zone-wrapper.tsx: adopted buildDropzoneRejectionDescription - create-envelope-items.ts: adopted UNSAFE_createEnvelopeItems - create-envelope.ts: integrated convertToPdfIfNeeded into createEnvelopeRouteCaller Extended putPdfFileServerSide to accept { initialData, originalData, originalMimeType } options; updated seal-document.handler call site.	2026-04-20 10:11:35 +00:00
ephraimduncan	cc67454513	fix: merge conflicts	2026-01-15 12:42:36 +00:00
Ephraim Duncan	665a0d0ea0	Merge branch 'main' into feat/document-file-conversion	2026-01-06 20:48:27 +00:00
ephraimduncan	02ff8df09b	chore: remove tests - temp	2026-01-01 23:04:26 +00:00
ephraimduncan	d4bee4aed1	fix: tests	2026-01-01 22:46:35 +00:00
ephraimduncan	f4cfa71379	fix: tests	2026-01-01 10:44:55 +00:00
ephraimduncan	b1763e422c	fix: tests	2026-01-01 10:13:34 +00:00
ephraimduncan	64e0695811	fix: translations	2025-12-30 20:10:08 +00:00
ephraimduncan	8a4205d808	fix: build errors	2025-12-30 19:57:01 +00:00
ephraimduncan	74db3d7a1c	feat: add document file conversion	2025-12-30 19:24:23 +00:00
ephraimduncan	3976531045	chore: fix merge conflicts	2025-12-29 20:02:51 +00:00
Ephraim Atta-Duncan	7a499270be	feat: document file conversion	2025-12-15 11:58:42 +00:00