v2.6.1

fix: simplify openapi field schemas to fix SDK generation (#2503 )
fix(i18n): mark strings inside div for translation (#2514 )
2026-06-22 12:22:14 +10:00 · 2026-02-18 21:57:10 +11:00 · 2026-02-18 17:07:46 +11:00 · 2026-02-18 13:50:42 +11:00 · 2026-02-18 13:35:04 +11:00 · 2026-02-17 11:31:37 +11:00
107 changed files with 10811 additions and 2984 deletions
@@ -0,0 +1,168 @@
+---
+date: 2026-02-11
+title: Cert Page Width Mismatch
+---
+
+## Problem
+
+Certificate and audit log pages are generated with hardcoded A4 dimensions (`PDF_SIZE_A4_72PPI`: 595×842) regardless of the actual document page sizes. When the source document uses a different page size (e.g., Letter, Legal, or custom dimensions), the certificate/audit log pages end up with a different width than the document pages. This causes problems with courts that expect uniform page dimensions throughout a PDF.
+
+**Both width and height must match** the last page of the document so the entire PDF prints uniformly.
+
+**Root cause**: In `seal-document.handler.ts` (lines 186-187), the certificate payload always uses:
+
+```ts
+pageWidth: PDF_SIZE_A4_72PPI.width,  // 595
+pageHeight: PDF_SIZE_A4_72PPI.height, // 842
+```
+
+These hardcoded values flow into `generateCertificatePdf`, `generateAuditLogPdf`, `renderCertificate`, and `renderAuditLogs` — all of which use `pageWidth`/`pageHeight` to set Konva stage dimensions and layout content.
+
+## Key Files
+
+| File                                                                    | Role                                                                                  |
+| ----------------------------------------------------------------------- | ------------------------------------------------------------------------------------- |
+| `packages/lib/jobs/definitions/internal/seal-document.handler.ts`       | Orchestrates sealing; passes page dimensions to cert/audit generators                 |
+| `packages/lib/constants/pdf.ts`                                         | Defines `PDF_SIZE_A4_72PPI` (595×842)                                                 |
+| `packages/lib/server-only/pdf/generate-certificate-pdf.ts`              | Generates certificate PDF; accepts `pageWidth`/`pageHeight`                           |
+| `packages/lib/server-only/pdf/generate-audit-log-pdf.ts`                | Generates audit log PDF; accepts `pageWidth`/`pageHeight`                             |
+| `packages/lib/server-only/pdf/render-certificate.ts`                    | Renders certificate pages via Konva; uses `pageWidth`/`pageHeight` for stage + layout |
+| `packages/lib/server-only/pdf/render-audit-logs.ts`                     | Renders audit log pages via Konva; uses `pageWidth`/`pageHeight` for stage + layout   |
+| `packages/lib/server-only/pdf/get-page-size.ts`                         | Existing utility — extend with `@libpdf/core` version                                 |
+| `packages/trpc/server/document-router/download-document-certificate.ts` | Standalone certificate download (also hardcodes A4)                                   |
+| `packages/trpc/server/document-router/download-document-audit-logs.ts`  | Standalone audit log download (also hardcodes A4)                                     |
+
+## Architecture
+
+### Current Flow
+
+1. **One cert PDF + one audit log PDF** generated per envelope with hardcoded A4 dims
+2. Both appended to **every** envelope item (document) via `decorateAndSignPdf` → `pdfDoc.copyPagesFrom()`
+3. The audit log is envelope-level (all recipients, all events across all docs) — one per envelope, not per document
+
+### Multi-Document Envelopes
+
+- V1 envelopes: single document only
+- V2 envelopes: support multiple documents (envelope items)
+- Each envelope item gets both cert + audit log pages appended to it
+- If documents have different page sizes → need size-matched cert/audit for each
+
+### Reading Page Dimensions (`@libpdf/core` only)
+
+Use `@libpdf/core`'s `PDF` class — NOT `@cantoo/pdf-lib`:
+
+```ts
+const pdfDoc = await PDF.load(pdfData);
+const lastPage = pdfDoc.getPage(pdfDoc.getPageCount() - 1);
+const { width, height } = lastPage; // e.g. 612, 792 for Letter
+```
+
+Already used this way in `seal-document.handler.ts` lines 403-410 for V2 field insertion.
+"Last page" = last page of the original document, before cert/audit pages are appended.
+
+### Content Layout Adaptation
+
+Both renderers already handle variable dimensions gracefully:
+
+- **Width**: `render-certificate.ts:713` / `render-audit-logs.ts:588` — `Math.min(pageWidth - minimumMargin * 2, contentMaxWidth)` with `contentMaxWidth = 768`. Wider pages get more margin, narrower pages tighter margins.
+- **Height**: Both renderers paginate content into pages using `groupRowsIntoPages()` which respects `pageHeight` via `maxTableHeight = pageHeight - pageTopMargin - pageBottomMargin`. Shorter pages just mean more pages; taller pages fit more rows per page.
+
+### Playwright PDF Path — Out of Scope
+
+The `NEXT_PRIVATE_USE_PLAYWRIGHT_PDF` toggle enables a deprecated Playwright-based PDF generation path (`get-certificate-pdf.ts`, `get-audit-logs-pdf.ts`) that also hardcodes `format: 'A4'` in `page.pdf()`. This path is **not being updated** as part of this fix:
+
+- Both files are marked `@deprecated`
+- The Konva-based path is the default and recommended path
+- The Playwright path is behind a feature flag and will be removed
+
+No changes needed. Add a code comment noting the A4 limitation if the Playwright path is ever re-enabled.
+
+## Plan
+
+### 1. Extend `get-page-size.ts` with `@libpdf/core` utility
+
+Add a `getLastPageDimensions` function to the existing `packages/lib/server-only/pdf/get-page-size.ts` file. This consolidates page-size logic in one place (the file already has the legacy `@cantoo/pdf-lib` version).
+
+```ts
+export const getLastPageDimensions = (pdfDoc: PDF): { width: number; height: number } => {
+  const lastPage = pdfDoc.getPage(pdfDoc.getPageCount() - 1);
+  const width = Math.round(lastPage.width);
+  const height = Math.round(lastPage.height);
+
+  if (width < MIN_CERT_PAGE_WIDTH || height < MIN_CERT_PAGE_HEIGHT) {
+    return { width: PDF_SIZE_A4_72PPI.width, height: PDF_SIZE_A4_72PPI.height };
+  }
+
+  return { width, height };
+};
+```
+
+**Dimension rounding**: `Math.round()` both width and height. PDF points at 72ppi are typically whole numbers; rounding avoids spurious float-precision mismatches (e.g., 612.0 vs 612.00001) that would cause unnecessary duplicate cert/audit PDF generation.
+
+**Minimum page dimensions**: Enforce a minimum threshold (e.g., 300pt for both width and height). If either dimension falls below the minimum, fall back to A4 (595×842). The certificate and audit log renderers have headers, table rows, margins, and QR codes that require a minimum viable area.
+
+### 2. Read last page dimensions from each envelope item's PDF
+
+In `seal-document.handler.ts`, before generating cert/audit PDFs:
+
+- For each `envelopeItem`, load the PDF and read the **last page's width and height** using `getLastPageDimensions`
+- Use `PDF.load()` then pass the loaded doc to the utility
+
+**Resealing consideration**: When `isResealing` is true, envelope items are remapped to use `initialData` (lines 152-158) before this point. Page-size extraction must operate on the same data source that `decorateAndSignPdf` will use. Since the `envelopeItems` array is already remapped by the time we read dimensions, reading from `envelopeItem.documentData` will naturally give the correct (initial) data. No special handling needed beyond ensuring the dimension read happens **after** the resealing remap.
+
+### 3. Generate cert/audit PDFs per unique page size
+
+Current flow generates one cert + one audit log doc per envelope. Change to:
+
+1. Collect `{ width, height }` of the last page for each envelope item
+2. Deduplicate by `"${width}x${height}"` key (using the already-rounded integers)
+3. For each unique size, generate cert PDF and audit log PDF with those dimensions
+4. Store in a `Map<string, { certificateDoc, auditLogDoc }>` keyed by `"${width}x${height}"`
+
+For the common single-document case, this is one generation — same perf as today.
+
+### 4. Thread the correct docs into `decorateAndSignPdf`
+
+In the envelope item loop, look up the item's last-page dimensions in the map and pass the matching cert/audit docs. Signature of `decorateAndSignPdf` doesn't change — it still receives a single `certificateDoc` and `auditLogDoc`, just the right ones per item.
+
+### 5. Update standalone download routes
+
+`download-document-certificate.ts` and `download-document-audit-logs.ts` also hardcode A4:
+
+- Both routes have `documentId` which maps to a specific envelope item
+- Fetch **that specific document's** PDF data, load it, read last page width + height via `getLastPageDimensions`
+- Pass `{ pageWidth, pageHeight }` to the generator
+- This ensures the standalone download matches the dimensions the user would see in the sealed PDF for that document
+
+### 6. Edge cases
+
+| Scenario                                | Behavior                                                                                    |
+| --------------------------------------- | ------------------------------------------------------------------------------------------- |
+| Mixed page sizes within one PDF         | Use last page's dimensions (per spec)                                                       |
+| Page dimensions below minimum threshold | Fall back to A4 (595×842)                                                                   |
+| Landscape pages                         | width/height just swap roles; renderers adapt via `Math.min()` capping. No special handling |
+| Fallback if page dims unreadable        | Default to A4 (595×842)                                                                     |
+| Resealing                               | Dimensions read after `initialData` remap — correct source automatically                    |
+| Playwright PDF path enabled             | Remains A4 — out of scope, deprecated                                                       |
+| Single-doc envelope (most common)       | One generation, same perf as today                                                          |
+| Multi-doc envelope, same page sizes     | Dedup key matches → one generation                                                          |
+| Multi-doc envelope, different sizes     | One generation per unique size                                                              |
+
+### 7. Tests
+
+- Add assertion-based E2E test (no visual regression / reference images needed)
+- Seal a Letter-size (612×792) PDF through the full flow
+- Load the sealed output and assert all pages (document + cert + audit) have matching width/height
+- Can be added to `envelope-alignment.spec.ts` or as a new focused test
+
+## Implementation Steps
+
+1. **Extend `get-page-size.ts`** — add `getLastPageDimensions(pdfDoc: PDF): { width: number; height: number }` using `@libpdf/core`, with `Math.round()` and minimum dimension enforcement
+2. **In `seal-document.handler.ts`**:
+   a. After the resealing remap (line ~159), load each envelope item's PDF via `PDF.load()` and collect last page `{ width, height }` using `getLastPageDimensions`
+   b. Deduplicate by `"${width}x${height}"` key
+   c. Generate cert/audit PDFs per unique size (parallel via `Promise.all`)
+   d. In envelope item loop, look up matching cert/audit doc by size key
+3. **Fix `download-document-certificate.ts`** — load the specific document's PDF, read last page dims via `getLastPageDimensions`, pass to generator
+4. **Fix `download-document-audit-logs.ts`** — same as above, using the specific `documentId`'s PDF
+5. **Add E2E test** — assertion-based test with a Letter-size document verifying all page dimensions match after sealing
@@ -13,6 +13,7 @@ export default {
    title: 'API & Integration Guides',
  },
  'public-api': 'Public API',
-  embedding: 'Embedding',
+  embedding: 'Embedded Signing',
+  'embedded-authoring': 'Embedded Authoring',
  webhooks: 'Webhooks',
 };
@@ -1,12 +1,25 @@
 ---
-title: Authoring
+title: Embedded Authoring
 description: Learn how to use embedded authoring to create documents and templates in your application
 ---

+import { Callout } from 'nextra/components';
+
+<Callout type="info">
+  The embedded authoring feature is an enterprise only feature. Please contact us if you are
+  interested in using it.
+</Callout>
+
 # Embedded Authoring

 In addition to embedding signing experiences, Documenso now supports embedded authoring, allowing you to integrate document and template creation and editing directly within your application.

+## Embedded Signing vs Embedded Authoring
+
+Embedded signing allows you to embed your Documenso documents into your application for signing. Your users will be able to sign the document directly in your application.
+
+Embedded authoring allows you to integrate Documenso's document and template creation and editing into your application. You will be able to create and edit documents and templates directly in your application.
+
 ## How Embedded Authoring Works

 The embedded authoring feature enables your users to create and edit documents and templates without leaving your application. This process works through secure presign tokens that authenticate the embedding session and manage permissions.
@@ -7,5 +7,4 @@ export default {
  preact: 'Preact Integration',
  angular: 'Angular Integration',
  'css-variables': 'CSS Variables',
-  authoring: 'Authoring',
 };
@@ -3,10 +3,16 @@ title: Get Started
 description: Learn how to use embedding to bring signing to your own website or application
 ---

-# Embedding
+# Embedded Signing

 Our embedding feature lets you integrate our document signing experience into your own application or website. Whether you're building with React, Preact, Vue, Svelte, Solid, Angular, or using generalized web components, this guide will help you get started with embedding Documenso.

+## Embedded Signing vs Embedded Authoring
+
+Embedded signing allows you to embed your Documenso documents into your application for signing. Your users will be able to sign the document directly in your application.
+
+Embedded authoring allows you to integrate Documenso's document and template creation and editing into your application. You will be able to create and edit documents and templates directly in your application.
+
 ## Availability

 Embedding is currently available for all users on a **Teams Plan** and above, as well as **Early Adopter's** within a team (Early Adopters can create a team for free).
@@ -116,9 +116,11 @@ export function AssistantConfirmationDialog({
                    {!isEditingNextSigner && (
                      <div>
                        <p className="text-muted-foreground text-sm">
-                          The next recipient to sign this document will be{' '}
-                          <span className="font-semibold">{form.watch('name')}</span> (
-                          <span className="font-semibold">{form.watch('email')}</span>).
+                          <Trans>
+                            The next recipient to sign this document will be{' '}
+                            <span className="font-semibold">{form.watch('name')}</span> (
+                            <span className="font-semibold">{form.watch('email')}</span>).
+                          </Trans>
                        </p>

                        <Button
@@ -258,10 +258,10 @@ export const EnvelopeDistributeDialog = ({
                >
                  <TabsList className="w-full">
                    <TabsTrigger className="w-full" value={DocumentDistributionMethod.EMAIL}>
-                      Email
+                      <Trans>Email</Trans>
                    </TabsTrigger>
                    <TabsTrigger className="w-full" value={DocumentDistributionMethod.NONE}>
-                      None
+                      <Trans>None</Trans>
                    </TabsTrigger>
                  </TabsList>
                </Tabs>
@@ -149,7 +149,12 @@ export const EnvelopesBulkDeleteDialog = ({
        </Alert>

        <DialogFooter>
-          <Button type="button" variant="secondary" disabled={isPending}>
+          <Button
+            type="button"
+            variant="secondary"
+            onClick={() => onOpenChange(false)}
+            disabled={isPending}
+          >
            <Trans>Cancel</Trans>
          </Button>

@@ -77,7 +77,7 @@ export const OrganisationGroupDeleteDialog = ({
          </DialogTitle>

          <DialogDescription className="mt-4">
-            <Trans>
+            <Trans context="Removing group from organisation">
              You are about to remove the following group from{' '}
              <span className="font-semibold">{organisation.name}</span>.
            </Trans>
@@ -127,7 +127,11 @@ export const TeamCreateDialog = ({ trigger, onCreated, ...props }: TeamCreateDia
  };

  const mapTextToUrl = (text: string) => {
-    return text.toLowerCase().replace(/\s+/g, '-');
+    return text
+      .normalize('NFD')
+      .replace(/[\u0300-\u036f]/g, '')
+      .toLowerCase()
+      .replace(/\s+/g, '-');
  };

  const dialogState = useMemo(() => {
@@ -260,7 +264,7 @@ export const TeamCreateDialog = ({ trigger, onCreated, ...props }: TeamCreateDia
                        <Input className="bg-background" {...field} />
                      </FormControl>
                      {!form.formState.errors.teamUrl && (
-                        <span className="text-foreground/50 text-xs font-normal">
+                        <span className="text-xs font-normal text-foreground/50">
                          {field.value ? (
                            `${NEXT_PUBLIC_WEBAPP_URL()}/t/${field.value}`
                          ) : (
@@ -288,7 +292,7 @@ export const TeamCreateDialog = ({ trigger, onCreated, ...props }: TeamCreateDia
                          />

                          <label
-                            className="text-muted-foreground ml-2 text-sm"
+                            className="ml-2 text-sm text-muted-foreground"
                            htmlFor="inherit-members"
                          >
                            <Trans>Allow all organisation members to access this team</Trans>
@@ -81,7 +81,7 @@ export const TeamGroupDeleteDialog = ({
          </DialogTitle>

          <DialogDescription className="mt-4">
-            <Trans>
+            <Trans context="Removing group from team">
              You are about to remove the following group from{' '}
              <span className="font-semibold">{team.name}</span>.
            </Trans>
@@ -1,3 +1,4 @@
+import { Trans } from '@lingui/react/macro';
 import { Loader } from 'lucide-react';

 export const EmbedClientLoading = () => {
@@ -5,7 +6,9 @@ export const EmbedClientLoading = () => {
    <div className="bg-background fixed left-0 top-0 z-[9999] flex h-full w-full items-center justify-center">
      <Loader className="mr-2 h-4 w-4 animate-spin" />

-      <span>Loading...</span>
+      <span>
+        <Trans>Loading...</Trans>
+      </span>
    </div>
  );
 };
@@ -499,7 +499,9 @@ export const EmbedDirectTemplateClientPage = ({

      {!hidePoweredBy && (
        <div className="fixed bottom-0 left-0 z-40 rounded-tr bg-primary px-2 py-1 text-xs font-medium text-primary-foreground opacity-60 hover:opacity-100">
-          <span>Powered by</span>
+          <span>
+            <Trans>Powered by</Trans>
+          </span>
          <BrandingLogo className="ml-2 inline-block h-[14px]" />
        </div>
      )}
@@ -510,7 +510,9 @@ export const EmbedSignDocumentV1ClientPage = ({

        {!hidePoweredBy && (
          <div className="fixed bottom-0 left-0 z-40 rounded-tr bg-primary px-2 py-1 text-xs font-medium text-primary-foreground opacity-60 hover:opacity-100">
-            <span>Powered by</span>
+            <span>
+              <Trans>Powered by</Trans>
+            </span>
            <BrandingLogo className="ml-2 inline-block h-[14px]" />
          </div>
        )}
@@ -1,6 +1,7 @@
 import { useEffect, useLayoutEffect, useState } from 'react';

 import { useLingui } from '@lingui/react';
+import { EnvelopeType } from '@prisma/client';

 import { mapSecondaryIdToDocumentId } from '@documenso/lib/utils/envelope';

@@ -25,7 +26,7 @@ export const EmbedSignDocumentV2ClientPage = ({
 }: EmbedSignDocumentV2ClientPageProps) => {
  const { _ } = useLingui();

-  const { envelope, recipient, envelopeData, setFullName, fullName } =
+  const { envelope, recipient, envelopeData, setFullName, setEmail, fullName } =
    useRequiredEnvelopeSigningContext();

  const { isCompleted, isRejected, recipientSignature } = envelopeData;
@@ -35,6 +36,7 @@ export const EmbedSignDocumentV2ClientPage = ({
  const [hasFinishedInit, setHasFinishedInit] = useState(false);
  const [allowDocumentRejection, setAllowDocumentRejection] = useState(false);
  const [isNameLocked, setIsNameLocked] = useState(false);
+  const [isEmailLocked, setIsEmailLocked] = useState(envelope.type === EnvelopeType.DOCUMENT);

  const onDocumentCompleted = (data: {
    token: string;
@@ -132,6 +134,17 @@ export const EmbedSignDocumentV2ClientPage = ({
      // Since a recipient can be provided a name we can lock it without requiring
      // a to be provided by the parent application, unlike direct templates.
      setIsNameLocked(!!data.lockName);
+
+      if (envelope.type === EnvelopeType.TEMPLATE) {
+        if (!isCompleted && data.email) {
+          setEmail(data.email);
+        }
+
+        if (data.email) {
+          setIsEmailLocked(!!data.lockEmail);
+        }
+      }
+
      setAllowDocumentRejection(!!data.allowDocumentRejection);

      if (data.darkModeDisabled) {
@@ -213,6 +226,7 @@ export const EmbedSignDocumentV2ClientPage = ({
  return (
    <EmbedSigningProvider
      isNameLocked={isNameLocked}
+      isEmailLocked={isEmailLocked}
      hidePoweredBy={hidePoweredBy}
      allowDocumentRejection={allowDocumentRejection}
      onDocumentCompleted={onDocumentCompleted}
@@ -124,7 +124,9 @@ export const AppNavMobile = ({ isMenuOpen, onMenuOpenChange }: AppNavMobileProps
          </div>

          <p className="text-muted-foreground text-sm">
-            © {new Date().getFullYear()} Documenso, Inc. <br /> All rights reserved.
+            © {new Date().getFullYear()} Documenso, Inc.
+            <br />
+            <Trans>All rights reserved.</Trans>
          </p>
        </div>
      </SheetContent>
@@ -118,7 +118,9 @@ export const BillingPlans = ({ plans }: BillingPlansProps) => {

                {price.product.features && price.product.features.length > 0 && (
                  <div className="mt-4 text-muted-foreground">
-                    <div className="text-sm font-medium">Includes:</div>
+                    <div className="text-sm font-medium">
+                      <Trans>Includes:</Trans>
+                    </div>

                    <ul className="mt-1 divide-y text-sm">
                      {price.product.features.map((feature, index) => (
@@ -4,6 +4,7 @@ import { zodResolver } from '@hookform/resolvers/zod';
 import { Trans } from '@lingui/react/macro';
 import { RecipientRole } from '@prisma/client';
 import { useForm } from 'react-hook-form';
+import { match } from 'ts-pattern';
 import { z } from 'zod';

 import { AppError } from '@documenso/lib/errors/app-error';
@@ -27,7 +28,6 @@ import { useRequiredDocumentSigningAuthContext } from './document-signing-auth-p

 export type DocumentSigningAuth2FAProps = {
  actionTarget?: 'FIELD' | 'DOCUMENT';
-  actionVerb?: string;
  open: boolean;
  onOpenChange: (value: boolean) => void;
  onReauthFormSubmit: (values?: TRecipientActionAuth) => Promise<void> | void;
@@ -44,7 +44,6 @@ type T2FAAuthFormSchema = z.infer<typeof Z2FAAuthFormSchema>;

 export const DocumentSigningAuth2FA = ({
  actionTarget = 'FIELD',
-  actionVerb = 'sign',
  onReauthFormSubmit,
  open,
  onOpenChange,
@@ -101,14 +100,39 @@ export const DocumentSigningAuth2FA = ({
        <Alert variant="warning">
          <AlertDescription>
            <p>
-              {recipient.role === RecipientRole.VIEWER && actionTarget === 'DOCUMENT' ? (
-                <Trans>You need to setup 2FA to mark this document as viewed.</Trans>
-              ) : (
-                // Todo: Translate
-                `You need to setup 2FA to ${actionVerb.toLowerCase()} this ${actionTarget.toLowerCase()}.`
-              )}
+              {match({ role: recipient.role, actionTarget })
+                .with({ role: RecipientRole.SIGNER, actionTarget: 'FIELD' }, () => (
+                  <Trans>You need to setup 2FA to sign this field.</Trans>
+                ))
+                .with({ role: RecipientRole.SIGNER, actionTarget: 'DOCUMENT' }, () => (
+                  <Trans>You need to setup 2FA to sign this document.</Trans>
+                ))
+                .with({ role: RecipientRole.APPROVER, actionTarget: 'FIELD' }, () => (
+                  <Trans>You need to setup 2FA to approve this field.</Trans>
+                ))
+                .with({ role: RecipientRole.APPROVER, actionTarget: 'DOCUMENT' }, () => (
+                  <Trans>You need to setup 2FA to approve this document.</Trans>
+                ))
+                .with({ role: RecipientRole.VIEWER, actionTarget: 'FIELD' }, () => (
+                  <Trans>You need to setup 2FA to view this field.</Trans>
+                ))
+                .with({ role: RecipientRole.VIEWER, actionTarget: 'DOCUMENT' }, () => (
+                  <Trans>You need to setup 2FA to mark this document as viewed.</Trans>
+                ))
+                .with({ role: RecipientRole.CC, actionTarget: 'FIELD' }, () => (
+                  <Trans>You need to setup 2FA to view this field.</Trans>
+                ))
+                .with({ role: RecipientRole.CC, actionTarget: 'DOCUMENT' }, () => (
+                  <Trans>You need to setup 2FA to view this document.</Trans>
+                ))
+                .with({ role: RecipientRole.ASSISTANT, actionTarget: 'FIELD' }, () => (
+                  <Trans>You need to setup 2FA to assist with this field.</Trans>
+                ))
+                .with({ role: RecipientRole.ASSISTANT, actionTarget: 'DOCUMENT' }, () => (
+                  <Trans>You need to setup 2FA to assist with this document.</Trans>
+                ))
+                .exhaustive()}
            </p>
-
            <p className="mt-2">
              <Trans>
                By enabling 2FA, you will be required to enter a code from your authenticator app
@@ -138,7 +162,9 @@ export const DocumentSigningAuth2FA = ({
              name="token"
              render={({ field }) => (
                <FormItem>
-                  <FormLabel required>2FA token</FormLabel>
+                  <FormLabel required>
+                    <Trans>2FA token</Trans>
+                  </FormLabel>

                  <FormControl>
                    <PinInput {...field} value={field.value ?? ''} maxLength={6}>
@@ -2,6 +2,7 @@ import { useState } from 'react';

 import { Trans, useLingui } from '@lingui/react/macro';
 import { RecipientRole } from '@prisma/client';
+import { match } from 'ts-pattern';

 import { authClient } from '@documenso/auth/client';
 import { Alert, AlertDescription } from '@documenso/ui/primitives/alert';
@@ -13,13 +14,11 @@ import { useRequiredDocumentSigningAuthContext } from './document-signing-auth-p

 export type DocumentSigningAuthAccountProps = {
  actionTarget?: 'FIELD' | 'DOCUMENT';
-  actionVerb?: string;
  onOpenChange: (value: boolean) => void;
 };

 export const DocumentSigningAuthAccount = ({
  actionTarget = 'FIELD',
-  actionVerb = 'sign',
  onOpenChange,
 }: DocumentSigningAuthAccountProps) => {
  const { recipient, isDirectTemplate } = useRequiredDocumentSigningAuthContext();
@@ -55,32 +54,110 @@ export const DocumentSigningAuthAccount = ({
    <fieldset disabled={isSigningOut} className="space-y-4">
      <Alert variant="warning">
        <AlertDescription>
-          {actionTarget === 'DOCUMENT' && recipient.role === RecipientRole.VIEWER ? (
-            <span>
-              {isDirectTemplate ? (
-                <Trans>To mark this document as viewed, you need to be logged in.</Trans>
-              ) : (
-                <Trans>
-                  To mark this document as viewed, you need to be logged in as{' '}
-                  <strong>{recipient.email}</strong>
-                </Trans>
-              )}
-            </span>
-          ) : (
-            <span>
-              {isDirectTemplate ? (
-                <Trans>
-                  To {actionVerb.toLowerCase()} this {actionTarget.toLowerCase()}, you need to be
-                  logged in.
-                </Trans>
-              ) : (
-                <Trans>
-                  To {actionVerb.toLowerCase()} this {actionTarget.toLowerCase()}, you need to be
-                  logged in as <strong>{recipient.email}</strong>
-                </Trans>
-              )}
-            </span>
-          )}
+          <span>
+            {match({ role: recipient.role, actionTarget })
+              .with({ role: RecipientRole.SIGNER, actionTarget: 'FIELD' }, () =>
+                isDirectTemplate ? (
+                  <Trans>To sign this field, you need to be logged in.</Trans>
+                ) : (
+                  <Trans>
+                    To sign this field, you need to be logged in as{' '}
+                    <strong>{recipient.email}</strong>
+                  </Trans>
+                ),
+              )
+              .with({ role: RecipientRole.SIGNER, actionTarget: 'DOCUMENT' }, () =>
+                isDirectTemplate ? (
+                  <Trans>To sign this document, you need to be logged in.</Trans>
+                ) : (
+                  <Trans>
+                    To sign this document, you need to be logged in as{' '}
+                    <strong>{recipient.email}</strong>
+                  </Trans>
+                ),
+              )
+              .with({ role: RecipientRole.APPROVER, actionTarget: 'FIELD' }, () =>
+                isDirectTemplate ? (
+                  <Trans>To approve this field, you need to be logged in.</Trans>
+                ) : (
+                  <Trans>
+                    To approve this field, you need to be logged in as{' '}
+                    <strong>{recipient.email}</strong>
+                  </Trans>
+                ),
+              )
+              .with({ role: RecipientRole.APPROVER, actionTarget: 'DOCUMENT' }, () =>
+                isDirectTemplate ? (
+                  <Trans>To approve this document, you need to be logged in.</Trans>
+                ) : (
+                  <Trans>
+                    To approve this document, you need to be logged in as{' '}
+                    <strong>{recipient.email}</strong>
+                  </Trans>
+                ),
+              )
+              .with({ role: RecipientRole.VIEWER, actionTarget: 'FIELD' }, () =>
+                isDirectTemplate ? (
+                  <Trans>To view this field, you need to be logged in.</Trans>
+                ) : (
+                  <Trans>
+                    To view this field, you need to be logged in as{' '}
+                    <strong>{recipient.email}</strong>
+                  </Trans>
+                ),
+              )
+              .with({ role: RecipientRole.VIEWER, actionTarget: 'DOCUMENT' }, () =>
+                isDirectTemplate ? (
+                  <Trans>To mark this document as viewed, you need to be logged in.</Trans>
+                ) : (
+                  <Trans>
+                    To mark this document as viewed, you need to be logged in as{' '}
+                    <strong>{recipient.email}</strong>
+                  </Trans>
+                ),
+              )
+              .with({ role: RecipientRole.CC, actionTarget: 'FIELD' }, () =>
+                isDirectTemplate ? (
+                  <Trans>To view this field, you need to be logged in.</Trans>
+                ) : (
+                  <Trans>
+                    To view this field, you need to be logged in as{' '}
+                    <strong>{recipient.email}</strong>
+                  </Trans>
+                ),
+              )
+              .with({ role: RecipientRole.CC, actionTarget: 'DOCUMENT' }, () =>
+                isDirectTemplate ? (
+                  <Trans>To view this document, you need to be logged in.</Trans>
+                ) : (
+                  <Trans>
+                    To view this document, you need to be logged in as{' '}
+                    <strong>{recipient.email}</strong>
+                  </Trans>
+                ),
+              )
+              .with({ role: RecipientRole.ASSISTANT, actionTarget: 'FIELD' }, () =>
+                isDirectTemplate ? (
+                  <Trans>To assist with this field, you need to be logged in.</Trans>
+                ) : (
+                  <Trans>
+                    To assist with this field, you need to be logged in as{' '}
+                    <strong>{recipient.email}</strong>
+                  </Trans>
+                ),
+              )
+              .with({ role: RecipientRole.ASSISTANT, actionTarget: 'DOCUMENT' }, () =>
+                isDirectTemplate ? (
+                  <Trans>To assist with this document, you need to be logged in.</Trans>
+                ) : (
+                  <Trans>
+                    To assist with this document, you need to be logged in as{' '}
+                    <strong>{recipient.email}</strong>
+                  </Trans>
+                ),
+              )
+              .exhaustive()}
+          </span>
        </AlertDescription>
      </Alert>

@@ -8,6 +8,7 @@ import { RecipientRole } from '@prisma/client';
 import { browserSupportsWebAuthn, startAuthentication } from '@simplewebauthn/browser';
 import { Loader } from 'lucide-react';
 import { useForm } from 'react-hook-form';
+import { match } from 'ts-pattern';
 import { z } from 'zod';

 import { AppError } from '@documenso/lib/errors/app-error';
@@ -38,7 +39,6 @@ import { useRequiredDocumentSigningAuthContext } from './document-signing-auth-p

 export type DocumentSigningAuthPasskeyProps = {
  actionTarget?: 'FIELD' | 'DOCUMENT';
-  actionVerb?: string;
  open: boolean;
  onOpenChange: (value: boolean) => void;
  onReauthFormSubmit: (values?: TRecipientActionAuth) => Promise<void> | void;
@@ -52,7 +52,6 @@ type TPasskeyAuthFormSchema = z.infer<typeof ZPasskeyAuthFormSchema>;

 export const DocumentSigningAuthPasskey = ({
  actionTarget = 'FIELD',
-  actionVerb = 'sign',
  onReauthFormSubmit,
  open,
  onOpenChange,
@@ -128,9 +127,62 @@ export const DocumentSigningAuthPasskey = ({
      <div className="space-y-4">
        <Alert variant="warning">
          <AlertDescription>
-            {/* Todo: Translate */}
-            Your browser does not support passkeys, which is required to {actionVerb.toLowerCase()}{' '}
-            this {actionTarget.toLowerCase()}.
+            {match({ role: recipient.role, actionTarget })
+              .with({ role: RecipientRole.SIGNER, actionTarget: 'FIELD' }, () => (
+                <Trans>
+                  Your browser does not support passkeys, which is required to sign this field.
+                </Trans>
+              ))
+              .with({ role: RecipientRole.SIGNER, actionTarget: 'DOCUMENT' }, () => (
+                <Trans>
+                  Your browser does not support passkeys, which is required to sign this document.
+                </Trans>
+              ))
+              .with({ role: RecipientRole.APPROVER, actionTarget: 'FIELD' }, () => (
+                <Trans>
+                  Your browser does not support passkeys, which is required to approve this field.
+                </Trans>
+              ))
+              .with({ role: RecipientRole.APPROVER, actionTarget: 'DOCUMENT' }, () => (
+                <Trans>
+                  Your browser does not support passkeys, which is required to approve this
+                  document.
+                </Trans>
+              ))
+              .with({ role: RecipientRole.VIEWER, actionTarget: 'FIELD' }, () => (
+                <Trans>
+                  Your browser does not support passkeys, which is required to view this field.
+                </Trans>
+              ))
+              .with({ role: RecipientRole.VIEWER, actionTarget: 'DOCUMENT' }, () => (
+                <Trans>
+                  Your browser does not support passkeys, which is required to mark this document as
+                  viewed.
+                </Trans>
+              ))
+              .with({ role: RecipientRole.CC, actionTarget: 'FIELD' }, () => (
+                <Trans>
+                  Your browser does not support passkeys, which is required to view this field.
+                </Trans>
+              ))
+              .with({ role: RecipientRole.CC, actionTarget: 'DOCUMENT' }, () => (
+                <Trans>
+                  Your browser does not support passkeys, which is required to view this document.
+                </Trans>
+              ))
+              .with({ role: RecipientRole.ASSISTANT, actionTarget: 'FIELD' }, () => (
+                <Trans>
+                  Your browser does not support passkeys, which is required to assist with this
+                  field.
+                </Trans>
+              ))
+              .with({ role: RecipientRole.ASSISTANT, actionTarget: 'DOCUMENT' }, () => (
+                <Trans>
+                  Your browser does not support passkeys, which is required to assist with this
+                  document.
+                </Trans>
+              ))
+              .exhaustive()}
          </AlertDescription>
        </Alert>

@@ -178,10 +230,38 @@ export const DocumentSigningAuthPasskey = ({
      <div className="space-y-4">
        <Alert variant="warning">
          <AlertDescription>
-            {/* Todo: Translate */}
-            {recipient.role === RecipientRole.VIEWER && actionTarget === 'DOCUMENT'
-              ? 'You need to setup a passkey to mark this document as viewed.'
-              : `You need to setup a passkey to ${actionVerb.toLowerCase()} this ${actionTarget.toLowerCase()}.`}
+            {match({ role: recipient.role, actionTarget })
+              .with({ role: RecipientRole.SIGNER, actionTarget: 'FIELD' }, () => (
+                <Trans>You need to setup a passkey to sign this field.</Trans>
+              ))
+              .with({ role: RecipientRole.SIGNER, actionTarget: 'DOCUMENT' }, () => (
+                <Trans>You need to setup a passkey to sign this document.</Trans>
+              ))
+              .with({ role: RecipientRole.APPROVER, actionTarget: 'FIELD' }, () => (
+                <Trans>You need to setup a passkey to approve this field.</Trans>
+              ))
+              .with({ role: RecipientRole.APPROVER, actionTarget: 'DOCUMENT' }, () => (
+                <Trans>You need to setup a passkey to approve this document.</Trans>
+              ))
+              .with({ role: RecipientRole.VIEWER, actionTarget: 'FIELD' }, () => (
+                <Trans>You need to setup a passkey to view this field.</Trans>
+              ))
+              .with({ role: RecipientRole.VIEWER, actionTarget: 'DOCUMENT' }, () => (
+                <Trans>You need to setup a passkey to mark this document as viewed.</Trans>
+              ))
+              .with({ role: RecipientRole.CC, actionTarget: 'FIELD' }, () => (
+                <Trans>You need to setup a passkey to view this field.</Trans>
+              ))
+              .with({ role: RecipientRole.CC, actionTarget: 'DOCUMENT' }, () => (
+                <Trans>You need to setup a passkey to view this document.</Trans>
+              ))
+              .with({ role: RecipientRole.ASSISTANT, actionTarget: 'FIELD' }, () => (
+                <Trans>You need to setup a passkey to assist with this field.</Trans>
+              ))
+              .with({ role: RecipientRole.ASSISTANT, actionTarget: 'DOCUMENT' }, () => (
+                <Trans>You need to setup a passkey to assist with this document.</Trans>
+              ))
+              .exhaustive()}
          </AlertDescription>
        </Alert>

@@ -213,7 +293,9 @@ export const DocumentSigningAuthPasskey = ({
              name="passkeyId"
              render={({ field }) => (
                <FormItem>
-                  <FormLabel required>Passkey</FormLabel>
+                  <FormLabel required>
+                    <Trans>Passkey</Trans>
+                  </FormLabel>

                  <FormControl>
                    <Select {...field} onValueChange={field.onChange}>
@@ -241,20 +323,24 @@ export const DocumentSigningAuthPasskey = ({

            {formErrorCode && (
              <Alert variant="destructive">
-                <AlertTitle>Unauthorized</AlertTitle>
+                <AlertTitle>
+                  <Trans>Unauthorized</Trans>
+                </AlertTitle>
                <AlertDescription>
-                  We were unable to verify your details. Please try again or contact support
+                  <Trans>
+                    We were unable to verify your details. Please try again or contact support
+                  </Trans>
                </AlertDescription>
              </Alert>
            )}

            <DialogFooter>
              <Button type="button" variant="secondary" onClick={() => onOpenChange(false)}>
-                Cancel
+                <Trans>Cancel</Trans>
              </Button>

              <Button type="submit" loading={isCurrentlyAuthenticating}>
-                Sign
+                <Trans>Sign</Trans>
              </Button>
            </DialogFooter>
          </div>
@@ -23,8 +23,6 @@ import { Input } from '@documenso/ui/primitives/input';
 import { useRequiredDocumentSigningAuthContext } from './document-signing-auth-provider';

 export type DocumentSigningAuthPasswordProps = {
-  actionTarget?: 'FIELD' | 'DOCUMENT';
-  actionVerb?: string;
  open: boolean;
  onOpenChange: (value: boolean) => void;
  onReauthFormSubmit: (values?: TRecipientActionAuth) => Promise<void> | void;
@@ -40,8 +38,6 @@ const ZPasswordAuthFormSchema = z.object({
 type TPasswordAuthFormSchema = z.infer<typeof ZPasswordAuthFormSchema>;

 export const DocumentSigningAuthPassword = ({
-  actionTarget = 'FIELD',
-  actionVerb = 'sign',
  onReauthFormSubmit,
  open,
  onOpenChange,
@@ -162,7 +162,9 @@ export const DocumentSigningAutoSign = ({ recipient, fields }: DocumentSigningAu
    <Dialog open={open} onOpenChange={setOpen}>
      <DialogContent>
        <DialogHeader>
-          <DialogTitle>Automatically sign fields</DialogTitle>
+          <DialogTitle>
+            <Trans>Automatically sign fields</Trans>
+          </DialogTitle>
        </DialogHeader>

        <div className="text-muted-foreground max-w-[50ch]">
@@ -122,7 +122,9 @@ export const DocumentSigningMobileWidget = () => {

              {!hidePoweredBy && (
                <div className="mt-2 inline-block rounded bg-primary px-2 py-1 text-xs font-medium text-primary-foreground opacity-60 hover:opacity-100 lg:hidden">
-                  <span>Powered by</span>
+                  <span>
+                    <Trans>Powered by</Trans>
+                  </span>
                  <BrandingLogo className="ml-2 inline-block h-[14px]" />
                </div>
              )}
@@ -252,7 +252,9 @@ export const DocumentSigningPageViewV2 = () => {
                  target="_blank"
                  className="fixed bottom-0 right-0 z-40 hidden cursor-pointer rounded-tl bg-primary px-2 py-1 text-xs font-medium text-primary-foreground opacity-60 hover:opacity-100 lg:block"
                >
-                  <span>Powered by</span>
+                  <span>
+                    <Trans>Powered by</Trans>
+                  </span>
                  <BrandingLogo className="ml-2 inline-block h-[14px]" />
                </a>
              )}
@@ -434,15 +434,31 @@ export default function EnvelopeEditorFieldsPageRenderer() {
      renderFieldOnLayer(field);
    });

+    // Reconcile selection state with live field nodes after flush/sync updates.
+    const liveSelectedFieldGroups = selectedKonvaFieldGroups.filter((fieldGroup) => {
+      if (!fieldGroup.getStage() || !fieldGroup.getParent()) {
+        return false;
+      }
+
+      return localPageFields.some((field) => field.formId === fieldGroup.id());
+    });
+
+    if (liveSelectedFieldGroups.length !== selectedKonvaFieldGroups.length) {
+      setSelectedFields(liveSelectedFieldGroups);
+    }
+
    // Rerender the transformer
    interactiveTransformer.current?.forceUpdate();

    pageLayer.current.batchDraw();
-  }, [localPageFields]);
+  }, [localPageFields, selectedKonvaFieldGroups]);

  const setSelectedFields = (nodes: Konva.Node[]) => {
    // eslint-disable-next-line @typescript-eslint/consistent-type-assertions
-    const fieldGroups = nodes.filter((node) => node.hasName('field-group')) as Konva.Group[];
+    const fieldGroups = nodes.filter(
+      (node) =>
+        node.hasName('field-group') && Boolean(node.getStage()) && Boolean(node.getParent()),
+    ) as Konva.Group[];

    interactiveTransformer.current?.nodes(fieldGroups);
    setSelectedKonvaFieldGroups(fieldGroups);
@@ -674,6 +690,10 @@ const FieldActionButtons = ({
      selectedFieldFormId.includes(field.formId),
    );

+    if (fields.length === 0) {
+      return null;
+    }
+
    const recipient = envelope.recipients.find(
      (recipient) => recipient.id === fields[0].recipientId,
    );
@@ -689,7 +709,7 @@ const FieldActionButtons = ({
    }

    return null;
-  }, [editorFields.localFields]);
+  }, [editorFields.localFields, envelope.recipients, selectedFieldFormId]);

  return (
    <div className="flex flex-col items-center" {...props}>
@@ -296,19 +296,31 @@ export const EnvelopeEditorFieldsPage = () => {

                      <div className="space-y-2 rounded-md border border-border bg-muted/50 p-3 text-sm text-foreground">
                        <p>
-                          <span className="min-w-12 text-muted-foreground">Pos X:&nbsp;</span>
+                          <span className="min-w-12 text-muted-foreground">
+                            <Trans>Pos X:</Trans>
+                          </span>
+                          &nbsp;
                          {selectedField.positionX.toFixed(2)}
                        </p>
                        <p>
-                          <span className="min-w-12 text-muted-foreground">Pos Y:&nbsp;</span>
+                          <span className="min-w-12 text-muted-foreground">
+                            <Trans>Pos Y:</Trans>
+                          </span>
+                          &nbsp;
                          {selectedField.positionY.toFixed(2)}
                        </p>
                        <p>
-                          <span className="min-w-12 text-muted-foreground">Width:&nbsp;</span>
+                          <span className="min-w-12 text-muted-foreground">
+                            <Trans>Width:</Trans>
+                          </span>
+                          &nbsp;
                          {selectedField.width.toFixed(2)}
                        </p>
                        <p>
-                          <span className="min-w-12 text-muted-foreground">Height:&nbsp;</span>
+                          <span className="min-w-12 text-muted-foreground">
+                            <Trans>Height:</Trans>
+                          </span>
+                          &nbsp;
                          {selectedField.height.toFixed(2)}
                        </p>
                      </div>
@@ -51,7 +51,7 @@ export const UserProfileSkeleton = ({ className, user, rows = 2 }: UserProfileSk
      <div className="mt-8 w-full">
        <div className="dark:divide-foreground/30 dark:border-foreground/30 divide-y-2 divide-neutral-200 overflow-hidden rounded-lg border-2 border-neutral-200">
          <div className="text-muted-foreground dark:bg-foreground/20 bg-neutral-50 p-4 font-medium">
-            Documents
+            <Trans>Documents</Trans>
          </div>

          {Array(rows)
@@ -1,5 +1,6 @@
 import { msg } from '@lingui/core/macro';
 import { useLingui } from '@lingui/react';
+import { Trans } from '@lingui/react/macro';
 import { WebhookTriggerEvents } from '@prisma/client';

 import { toFriendlyWebhookEventName } from '@documenso/lib/universal/webhook/to-friendly-webhook-event-name';
@@ -41,7 +42,11 @@ export const WebhookMultiSelectCombobox = ({
      placeholder={_(msg`Select triggers`)}
      hideClearAllButton
      hidePlaceholderWhenSelected
-      emptyIndicator={<p className="text-center text-sm">No triggers available</p>}
+      emptyIndicator={
+        <p className="text-center text-sm">
+          <Trans>No triggers available</Trans>
+        </p>
+      }
    />
  );
 };
@@ -96,7 +96,9 @@ export const AdminDocumentLogsTable = ({ envelopeId }: AdminDocumentLogsTablePro
              )}
            </div>
          ) : (
-            <p>N/A</p>
+            <p>
+              <Trans>N/A</Trans>
+            </p>
          ),
      },
      {
@@ -0,0 +1,146 @@
+import { useMemo } from 'react';
+
+import { useLingui } from '@lingui/react';
+import { useLingui as useLinguiMacro } from '@lingui/react/macro';
+import { Link, useSearchParams } from 'react-router';
+
+import { useUpdateSearchParams } from '@documenso/lib/client-only/hooks/use-update-search-params';
+import { TEAM_MEMBER_ROLE_MAP } from '@documenso/lib/constants/teams-translations';
+import { ZUrlSearchParamsSchema } from '@documenso/lib/types/search-params';
+import type { TeamMemberRole } from '@documenso/prisma/generated/types';
+import { trpc } from '@documenso/trpc/react';
+import { Badge } from '@documenso/ui/primitives/badge';
+import type { DataTableColumnDef } from '@documenso/ui/primitives/data-table';
+import { DataTable } from '@documenso/ui/primitives/data-table';
+import { DataTablePagination } from '@documenso/ui/primitives/data-table-pagination';
+import { HoverCard, HoverCardContent, HoverCardTrigger } from '@documenso/ui/primitives/hover-card';
+import { Skeleton } from '@documenso/ui/primitives/skeleton';
+import { TableCell } from '@documenso/ui/primitives/table';
+
+type AdminUserTeamsTableProps = {
+  userId: number;
+};
+
+export const AdminUserTeamsTable = ({ userId }: AdminUserTeamsTableProps) => {
+  const { i18n } = useLingui();
+  const { t } = useLinguiMacro();
+
+  const [searchParams] = useSearchParams();
+  const updateSearchParams = useUpdateSearchParams();
+
+  const parsedSearchParams = ZUrlSearchParamsSchema.parse(Object.fromEntries(searchParams ?? []));
+
+  const { data, isLoading, isLoadingError } = trpc.admin.user.findTeams.useQuery({
+    userId,
+    query: parsedSearchParams.query,
+    page: parsedSearchParams.page,
+    perPage: parsedSearchParams.perPage,
+  });
+
+  const onPaginationChange = (page: number, perPage: number) => {
+    updateSearchParams({
+      page,
+      perPage,
+    });
+  };
+
+  const results = data ?? {
+    data: [],
+    perPage: 10,
+    currentPage: 1,
+    totalPages: 1,
+  };
+
+  const columns = useMemo(() => {
+    return [
+      {
+        header: t`Team`,
+        accessorKey: 'name',
+        cell: ({ row }) => (
+          <HoverCard>
+            <HoverCardTrigger className="cursor-default underline decoration-dotted underline-offset-4">
+              {row.original.name}
+            </HoverCardTrigger>
+            <HoverCardContent
+              className="w-auto font-mono text-xs text-muted-foreground"
+              align="start"
+            >
+              <dl className="grid grid-cols-[auto_1fr] gap-x-3 gap-y-1">
+                <dt>id</dt>
+                <dd>{row.original.id}</dd>
+                <dt>url</dt>
+                <dd>{row.original.url}</dd>
+              </dl>
+            </HoverCardContent>
+          </HoverCard>
+        ),
+      },
+      {
+        header: t`Organisation`,
+        accessorKey: 'organisation',
+        cell: ({ row }) => (
+          <Link
+            to={`/admin/organisations/${row.original.organisation.id}`}
+            className="hover:underline"
+          >
+            {row.original.organisation.name}
+          </Link>
+        ),
+      },
+      {
+        header: t`Role`,
+        accessorKey: 'teamRole',
+        cell: ({ row }) => (
+          <Badge variant="neutral">
+            {i18n._(TEAM_MEMBER_ROLE_MAP[row.original.teamRole as TeamMemberRole])}
+          </Badge>
+        ),
+      },
+      {
+        header: t`Created At`,
+        accessorKey: 'createdAt',
+        cell: ({ row }) => i18n.date(row.original.createdAt),
+      },
+    ] satisfies DataTableColumnDef<(typeof results)['data'][number]>[];
+  }, []);
+
+  return (
+    <DataTable
+      columns={columns}
+      data={results.data}
+      perPage={results.perPage}
+      currentPage={results.currentPage}
+      totalPages={results.totalPages}
+      onPaginationChange={onPaginationChange}
+      error={{
+        enable: isLoadingError,
+      }}
+      skeleton={{
+        enable: isLoading,
+        rows: 3,
+        component: (
+          <>
+            <TableCell className="py-4 pr-4">
+              <Skeleton className="h-4 w-20 rounded-full" />
+            </TableCell>
+            <TableCell>
+              <Skeleton className="h-4 w-20 rounded-full" />
+            </TableCell>
+            <TableCell>
+              <Skeleton className="h-4 w-12 rounded-full" />
+            </TableCell>
+            <TableCell>
+              <Skeleton className="h-4 w-16 rounded-full" />
+            </TableCell>
+          </>
+        ),
+      }}
+    >
+      {(table) =>
+        table.getPageCount() > 1 ? (
+          <DataTablePagination additionalInformation="VisibleCount" table={table} />
+        ) : null
+      }
+    </DataTable>
+  );
+};
@@ -2,6 +2,7 @@ import { useMemo } from 'react';

 import { msg } from '@lingui/core/macro';
 import { useLingui } from '@lingui/react';
+import { Trans } from '@lingui/react/macro';
 import { DateTime } from 'luxon';
 import type { DateTimeFormatOptions } from 'luxon';
 import { useSearchParams } from 'react-router';
@@ -88,7 +89,9 @@ export const DocumentLogsTable = ({ documentId, userId }: DocumentLogsTableProps
              )}
            </div>
          ) : (
-            <p>N/A</p>
+            <p>
+              <Trans>N/A</Trans>
+            </p>
          ),
      },
      {
@@ -24,7 +24,7 @@ export const EnvelopesTableBulkActionBar = ({
  }

  return (
-    <div className="fixed bottom-4 left-1/2 z-50 flex -translate-x-1/2 items-center gap-x-4 rounded-lg border border-border bg-widget px-4 py-3 shadow-lg">
+    <div className="fixed bottom-4 left-1/2 z-50 flex -translate-x-1/2 items-center gap-x-4 rounded-lg border border-border bg-background px-4 py-3 shadow-lg">
      <span className="text-sm font-medium">
        <Trans>{selectedCount} selected</Trans>
      </span>
@@ -36,13 +36,7 @@ export const EnvelopesTableBulkActionBar = ({
        <Trans>Move to Folder</Trans>
      </Button>

-      <Button
-        type="button"
-        variant="outline"
-        size="sm"
-        onClick={onDeleteClick}
-        className="text-destructive hover:text-destructive"
-      >
+      <Button type="button" variant="destructive" size="sm" onClick={onDeleteClick}>
        <Trash2Icon className="mr-2 h-4 w-4" />
        <Trans>Delete</Trans>
      </Button>
@@ -107,7 +107,11 @@ export default function OrganisationGroupSettingsPage({
        cell: ({ row }) => (
          <div className="flex items-center gap-2">
            <Link to={`/admin/users/${row.original.user.id}`}>{row.original.user.name}</Link>
-            {row.original.user.id === organisation?.ownerUserId && <Badge>Owner</Badge>}
+            {row.original.user.id === organisation?.ownerUserId && (
+              <Badge>
+                <Trans>Owner</Trans>
+              </Badge>
+            )}
          </div>
        ),
      },
@@ -208,7 +212,9 @@ export default function OrganisationGroupSettingsPage({
                {SUBSCRIPTION_STATUS_MAP[organisation.subscription.status]} subscription found
              </span>
            ) : (
-              <span>No subscription found</span>
+              <span>
+                <Trans>No subscription found</Trans>
+              </span>
            )}
          </AlertDescription>
        </div>
@@ -10,6 +10,12 @@ import type { z } from 'zod';
 import { trpc } from '@documenso/trpc/react';
 import type { TGetUserResponse } from '@documenso/trpc/server/admin-router/get-user.types';
 import { ZUpdateUserRequestSchema } from '@documenso/trpc/server/admin-router/update-user.types';
+import {
+  Accordion,
+  AccordionContent,
+  AccordionItem,
+  AccordionTrigger,
+} from '@documenso/ui/primitives/accordion';
 import { Button } from '@documenso/ui/primitives/button';
 import {
  Form,
@@ -30,6 +36,7 @@ import { AdminUserEnableDialog } from '~/components/dialogs/admin-user-enable-di
 import { AdminUserResetTwoFactorDialog } from '~/components/dialogs/admin-user-reset-two-factor-dialog';
 import { GenericErrorLayout } from '~/components/general/generic-error-layout';
 import { AdminOrganisationsTable } from '~/components/tables/admin-organisations-table';
+import { AdminUserTeamsTable } from '~/components/tables/admin-user-teams-table';

 import { MultiSelectRoleCombobox } from '../../../components/general/multiselect-role-combobox';

@@ -197,7 +204,7 @@ const AdminUserPage = ({ user }: { user: TGetUserResponse }) => {
            <h3 className="text-lg font-semibold leading-none tracking-tight">
              <Trans>User Organisations</Trans>
            </h3>
-            <p className="text-muted-foreground mt-1.5 text-sm">
+            <p className="mt-1.5 text-sm text-muted-foreground">
              <Trans>Organisations that the user is a member of.</Trans>
            </p>
          </div>
@@ -219,6 +226,28 @@ const AdminUserPage = ({ user }: { user: TGetUserResponse }) => {
        />
      </div>

+      <hr className="my-8" />
+
+      <Accordion type="single" collapsible>
+        <AccordionItem value="team-memberships" className="border-b-0">
+          <AccordionTrigger className="py-0">
+            <div className="text-left">
+              <h3 className="text-lg font-semibold leading-none tracking-tight">
+                <Trans>Team Memberships</Trans>
+              </h3>
+              <p className="mt-1.5 text-sm font-normal text-muted-foreground">
+                <Trans>Teams that this user is a member of and their roles.</Trans>
+              </p>
+            </div>
+          </AccordionTrigger>
+          <AccordionContent>
+            <div className="mt-4">
+              <AdminUserTeamsTable userId={user.id} />
+            </div>
+          </AccordionContent>
+        </AccordionItem>
+      </Accordion>
+
      <div className="mt-16 flex flex-col gap-4">
        {user && user.twoFactorEnabled && <AdminUserResetTwoFactorDialog user={user} />}
        {user && user.disabled && <AdminUserEnableDialog userToEnable={user} />}
@@ -7,6 +7,7 @@ import { useParams, useSearchParams } from 'react-router';
 import { Link } from 'react-router';
 import { z } from 'zod';

+import { useSessionStorage } from '@documenso/lib/client-only/hooks/use-session-storage';
 import { useCurrentOrganisation } from '@documenso/lib/client-only/providers/organisation';
 import { formatAvatarUrl } from '@documenso/lib/utils/avatars';
 import { parseToIntegerArray } from '@documenso/lib/utils/params';
@@ -58,7 +59,10 @@ export default function DocumentsPage() {
  const [isMovingDocument, setIsMovingDocument] = useState(false);
  const [documentToMove, setDocumentToMove] = useState<number | null>(null);

-  const [rowSelection, setRowSelection] = useState<RowSelectionState>({});
+  const [rowSelection, setRowSelection] = useSessionStorage<RowSelectionState>(
+    'documents-bulk-selection',
+    {},
+  );
  const [isBulkMoveDialogOpen, setIsBulkMoveDialogOpen] = useState(false);
  const [isBulkDeleteDialogOpen, setIsBulkDeleteDialogOpen] = useState(false);

@@ -121,11 +125,6 @@ export default function DocumentsPage() {
    }
  }, [data?.stats]);

-  // Clear selection when navigation or filters change
-  useEffect(() => {
-    setRowSelection({});
-  }, [folderId, findDocumentSearchParams]);
-
  return (
    <EnvelopeDropZoneWrapper type={EnvelopeType.DOCUMENT}>
      <div className="mx-auto w-full max-w-screen-xl px-4 md:px-8">
@@ -66,7 +66,9 @@ export default function DocumentsFoldersPage() {
            onClick={() => navigateToFolder(null)}
          >
            <HomeIcon className="h-4 w-4" />
-            <span>Home</span>
+            <span>
+              <Trans>Home</Trans>
+            </span>
          </Button>
        </div>

@@ -207,7 +207,9 @@ export default function PublicProfilePage({ loaderData }: Route.ComponentProps)
            directTemplates={enabledPrivateDirectTemplates}
            trigger={
              <Button variant="outline">
-                <Trans>Link template</Trans>
+                <Trans context="Action button to link template to public profile">
+                  Link template
+                </Trans>
              </Button>
            }
          />
@@ -1,10 +1,11 @@
-import { useEffect, useMemo, useState } from 'react';
+import { useMemo, useState } from 'react';

 import { Trans } from '@lingui/react/macro';
 import { EnvelopeType } from '@prisma/client';
 import { Bird } from 'lucide-react';
 import { useParams, useSearchParams } from 'react-router';

+import { useSessionStorage } from '@documenso/lib/client-only/hooks/use-session-storage';
 import { FolderType } from '@documenso/lib/types/folder-type';
 import { formatAvatarUrl } from '@documenso/lib/utils/avatars';
 import { formatDocumentsPath, formatTemplatesPath } from '@documenso/lib/utils/teams';
@@ -34,7 +35,10 @@ export default function TemplatesPage() {
  const page = Number(searchParams.get('page')) || 1;
  const perPage = Number(searchParams.get('perPage')) || 10;

-  const [rowSelection, setRowSelection] = useState<RowSelectionState>({});
+  const [rowSelection, setRowSelection] = useSessionStorage<RowSelectionState>(
+    'templates-bulk-selection',
+    {},
+  );
  const [isBulkMoveDialogOpen, setIsBulkMoveDialogOpen] = useState(false);
  const [isBulkDeleteDialogOpen, setIsBulkDeleteDialogOpen] = useState(false);

@@ -51,11 +55,6 @@ export default function TemplatesPage() {
    folderId,
  });

-  // Clear selection when navigation or filters change
-  useEffect(() => {
-    setRowSelection({});
-  }, [folderId, page, perPage]);
-
  return (
    <EnvelopeDropZoneWrapper type={EnvelopeType.TEMPLATE}>
      <div className="mx-auto max-w-screen-xl px-4 md:px-8">
@@ -66,7 +66,9 @@ export default function TemplatesFoldersPage() {
            onClick={() => navigateToFolder(null)}
          >
            <HomeIcon className="h-4 w-4" />
-            <span>Home</span>
+            <span>
+              <Trans>Home</Trans>
+            </span>
          </Button>
        </div>

@@ -1,3 +1,4 @@
+import { Trans } from '@lingui/react/macro';
 import { Outlet, isRouteErrorResponse, useRouteError } from 'react-router';

 import {
@@ -89,5 +90,9 @@ export function ErrorBoundary({ loaderData }: Route.ErrorBoundaryProps) {
    }
  }

-  return <div>Not Found</div>;
+  return (
+    <div>
+      <Trans>Not Found</Trans>
+    </div>
+  );
 }
@@ -1,5 +1,6 @@
 import { useLayoutEffect } from 'react';

+import { Trans } from '@lingui/react/macro';
 import { Outlet, useLoaderData } from 'react-router';

 import { verifyEmbeddingPresignToken } from '@documenso/lib/server-only/embedding-presign/verify-embedding-presign-token';
@@ -75,7 +76,11 @@ export default function AuthoringLayout() {
  }, []);

  if (!hasValidToken) {
-    return <div>Invalid embedding presign token provided</div>;
+    return (
+      <div>
+        <Trans>Invalid embedding presign token provided</Trans>
+      </div>
+    );
  }

  return (
@@ -1,5 +1,6 @@
 import { useEffect, useLayoutEffect, useState } from 'react';

+import { Trans } from '@lingui/react/macro';
 import { SigningStatus } from '@prisma/client';
 import { useRevalidator } from 'react-router';

@@ -283,7 +284,9 @@ export default function MultisignPage() {

        {!hidePoweredBy && (
          <div className="bg-primary text-primary-foreground fixed bottom-0 left-0 z-40 rounded-tr px-2 py-1 text-xs font-medium opacity-60 hover:opacity-100">
-            <span>Powered by</span>
+            <span>
+              <Trans>Powered by</Trans>
+            </span>
            <BrandingLogo className="ml-2 inline-block h-[14px]" />
          </div>
        )}
@@ -298,7 +301,9 @@ export default function MultisignPage() {

      {!hidePoweredBy && (
        <div className="bg-primary text-primary-foreground fixed bottom-0 left-0 z-40 rounded-tr px-2 py-1 text-xs font-medium opacity-60 hover:opacity-100">
-          <span>Powered by</span>
+          <span>
+            <Trans>Powered by</Trans>
+          </span>
          <BrandingLogo className="ml-2 inline-block h-[14px]" />
        </div>
      )}
@@ -106,5 +106,5 @@
    "vite-plugin-babel-macros": "^1.0.6",
    "vite-tsconfig-paths": "^5.1.4"
  },
-  "version": "2.6.0"
+  "version": "2.6.1"
 }
@@ -12,6 +12,8 @@ import { API_V2_BETA_URL, API_V2_URL } from '@documenso/lib/constants/app';
 import { jobsClient } from '@documenso/lib/jobs/client';
 import { LicenseClient } from '@documenso/lib/server-only/license/license-client';
 import { TelemetryClient } from '@documenso/lib/server-only/telemetry/telemetry-client';
+import { migrateDeletedAccountServiceAccount } from '@documenso/lib/server-only/user/service-accounts/deleted-account';
+import { migrateLegacyServiceAccount } from '@documenso/lib/server-only/user/service-accounts/legacy-service-account';
 import { getIpAddress } from '@documenso/lib/universal/get-ip-address';
 import { env } from '@documenso/lib/utils/env';
 import { logger } from '@documenso/lib/utils/logger';
@@ -144,4 +146,7 @@ if (env('NODE_ENV') !== 'development') {
 // Start license client to verify license on startup.
 void LicenseClient.start();

+void migrateDeletedAccountServiceAccount();
+void migrateLegacyServiceAccount();
+
 export default app;
@@ -0,0 +1,51 @@
+%PDF-1.7
+%âãÏÓ
+1 0 obj
+<<
+/Type /Pages
+/Kids [4 0 R]
+/Count 1
+>>
+endobj
+2 0 obj
+<<
+/Type /Catalog
+/Pages 1 0 R
+>>
+endobj
+3 0 obj
+<<
+/Title (Untitled)
+/Author (Unknown)
+/Creator (@libpdf/core)
+/Producer (@libpdf/core)
+/CreationDate (D:20260211083727Z)
+/ModDate (D:20260211083727Z)
+>>
+endobj
+4 0 obj
+<<
+/Type /Page
+/MediaBox [0 0 595 842]
+/Resources <<
+>>
+/Parent 1 0 R
+>>
+endobj
+xref
+0 5
+0000000000 65535 f
+0000000015 00000 n
+0000000072 00000 n
+0000000121 00000 n
+0000000290 00000 n
+trailer
+<<
+/Size 5
+/Root 2 0 R
+/Info 3 0 R
+/ID [<B051F100F1EED01A592FC6119F589603> <B051F100F1EED01A592FC6119F589603>]
+>>
+startxref
+378
+%%EOF
@@ -0,0 +1,51 @@
+%PDF-1.7
+%âãÏÓ
+1 0 obj
+<<
+/Type /Pages
+/Kids [4 0 R]
+/Count 1
+>>
+endobj
+2 0 obj
+<<
+/Type /Catalog
+/Pages 1 0 R
+>>
+endobj
+3 0 obj
+<<
+/Title (Untitled)
+/Author (Unknown)
+/Creator (@libpdf/core)
+/Producer (@libpdf/core)
+/CreationDate (D:20260211081729Z)
+/ModDate (D:20260211081729Z)
+>>
+endobj
+4 0 obj
+<<
+/Type /Page
+/MediaBox [0 0 612 792]
+/Resources <<
+>>
+/Parent 1 0 R
+>>
+endobj
+xref
+0 5
+0000000000 65535 f
+0000000015 00000 n
+0000000072 00000 n
+0000000121 00000 n
+0000000290 00000 n
+trailer
+<<
+/Size 5
+/Root 2 0 R
+/Info 3 0 R
+/ID [<94A5FB5DCF5A94AD8C472C493420962C> <94A5FB5DCF5A94AD8C472C493420962C>]
+>>
+startxref
+378
+%%EOF
@@ -0,0 +1,51 @@
+%PDF-1.7
+%âãÏÓ
+1 0 obj
+<<
+/Type /Pages
+/Kids [4 0 R]
+/Count 1
+>>
+endobj
+2 0 obj
+<<
+/Type /Catalog
+/Pages 1 0 R
+>>
+endobj
+3 0 obj
+<<
+/Title (Untitled)
+/Author (Unknown)
+/Creator (@libpdf/core)
+/Producer (@libpdf/core)
+/CreationDate (D:20260211084535Z)
+/ModDate (D:20260211084535Z)
+>>
+endobj
+4 0 obj
+<<
+/Type /Page
+/MediaBox [0 0 1224 792]
+/Resources <<
+>>
+/Parent 1 0 R
+>>
+endobj
+xref
+0 5
+0000000000 65535 f
+0000000015 00000 n
+0000000072 00000 n
+0000000121 00000 n
+0000000290 00000 n
+trailer
+<<
+/Size 5
+/Root 2 0 R
+/Info 3 0 R
+/ID [<694452F2208AC8E3DD2D2488544F9F0C> <694452F2208AC8E3DD2D2488544F9F0C>]
+>>
+startxref
+379
+%%EOF
@@ -1,12 +1,12 @@
 {
  "name": "@documenso/root",
-  "version": "2.6.0",
+  "version": "2.6.1",
  "lockfileVersion": 3,
  "requires": true,
  "packages": {
    "": {
      "name": "@documenso/root",
-      "version": "2.6.0",
+      "version": "2.6.1",
      "hasInstallScript": true,
      "workspaces": [
        "apps/*",
@@ -108,7 +108,7 @@
    },
    "apps/remix": {
      "name": "@documenso/remix",
-      "version": "2.6.0",
+      "version": "2.6.1",
      "dependencies": {
        "@cantoo/pdf-lib": "^2.5.3",
        "@documenso/api": "*",
@@ -5,7 +5,7 @@
    "apps/*",
    "packages/*"
  ],
-  "version": "2.6.0",
+  "version": "2.6.1",
  "scripts": {
    "postinstall": "patch-package",
    "build": "turbo run build",
@@ -106,10 +106,10 @@ test.describe('AutoSave Subject Step', () => {
    const { user, document, team } = await setupDocumentAndNavigateToSubjectStep(page);

    // Toggle some email settings checkboxes (randomly - some checked, some unchecked)
-    await page.getByText('Send recipient signed email').click();
-    await page.getByText('Send recipient removed email').click();
-    await page.getByText('Send document completed email', { exact: true }).click();
-    await page.getByText('Send document deleted email').click();
+    await page.getByText('Email the owner when a recipient signs').click();
+    await page.getByText("Email recipients when they're removed from a pending document").click();
+    await page.getByText('Email recipients when the document is completed', { exact: true }).click();
+    await page.getByText('Email recipients when a pending document is deleted').click();

    await triggerAutosave(page);

@@ -126,26 +126,30 @@ test.describe('AutoSave Subject Step', () => {

      const emailSettings = retrievedDocumentData.documentMeta?.emailSettings;

-      await expect(page.getByText('Send recipient signed email')).toBeChecked({
+      await expect(page.getByText('Email the owner when a recipient signs')).toBeChecked({
        checked: emailSettings?.recipientSigned,
      });
-      await expect(page.getByText('Send recipient removed email')).toBeChecked({
+      await expect(
+        page.getByText("Email recipients when they're removed from a pending document"),
+      ).toBeChecked({
        checked: emailSettings?.recipientRemoved,
      });
-      await expect(page.getByText('Send document completed email', { exact: true })).toBeChecked({
+      await expect(
+        page.getByText('Email recipients when the document is completed', { exact: true }),
+      ).toBeChecked({
        checked: emailSettings?.documentCompleted,
      });
-      await expect(page.getByText('Send document deleted email')).toBeChecked({
+      await expect(page.getByText('Email recipients when a pending document is deleted')).toBeChecked({
        checked: emailSettings?.documentDeleted,
      });

-      await expect(page.getByText('Send recipient signing request email')).toBeChecked({
+      await expect(page.getByText('Email recipients with a signing request')).toBeChecked({
        checked: emailSettings?.recipientSigningRequest,
      });
-      await expect(page.getByText('Send document pending email')).toBeChecked({
+      await expect(page.getByText('Email the signer if the document is still pending')).toBeChecked({
        checked: emailSettings?.documentPending,
      });
-      await expect(page.getByText('Send document completed email to the owner')).toBeChecked({
+      await expect(page.getByText('Email the owner when the document is completed')).toBeChecked({
        checked: emailSettings?.ownerDocumentCompleted,
      });
    }).toPass();
@@ -161,10 +165,10 @@ test.describe('AutoSave Subject Step', () => {
    await page.getByRole('textbox', { name: 'Subject (Optional)' }).fill(subject);
    await page.getByRole('textbox', { name: 'Message (Optional)' }).fill(message);

-    await page.getByText('Send recipient signed email').click();
-    await page.getByText('Send recipient removed email').click();
-    await page.getByText('Send document completed email', { exact: true }).click();
-    await page.getByText('Send document deleted email').click();
+    await page.getByText('Email the owner when a recipient signs').click();
+    await page.getByText("Email recipients when they're removed from a pending document").click();
+    await page.getByText('Email recipients when the document is completed', { exact: true }).click();
+    await page.getByText('Email recipients when a pending document is deleted').click();

    await triggerAutosave(page);

@@ -190,26 +194,30 @@ test.describe('AutoSave Subject Step', () => {
        retrievedDocumentData.documentMeta?.message ?? '',
      );

-      await expect(page.getByText('Send recipient signed email')).toBeChecked({
+      await expect(page.getByText('Email the owner when a recipient signs')).toBeChecked({
        checked: retrievedDocumentData.documentMeta?.emailSettings?.recipientSigned,
      });
-      await expect(page.getByText('Send recipient removed email')).toBeChecked({
+      await expect(
+        page.getByText("Email recipients when they're removed from a pending document"),
+      ).toBeChecked({
        checked: retrievedDocumentData.documentMeta?.emailSettings?.recipientRemoved,
      });
-      await expect(page.getByText('Send document completed email', { exact: true })).toBeChecked({
+      await expect(
+        page.getByText('Email recipients when the document is completed', { exact: true }),
+      ).toBeChecked({
        checked: retrievedDocumentData.documentMeta?.emailSettings?.documentCompleted,
      });
-      await expect(page.getByText('Send document deleted email')).toBeChecked({
+      await expect(page.getByText('Email recipients when a pending document is deleted')).toBeChecked({
        checked: retrievedDocumentData.documentMeta?.emailSettings?.documentDeleted,
      });

-      await expect(page.getByText('Send recipient signing request email')).toBeChecked({
+      await expect(page.getByText('Email recipients with a signing request')).toBeChecked({
        checked: retrievedDocumentData.documentMeta?.emailSettings?.recipientSigningRequest,
      });
-      await expect(page.getByText('Send document pending email')).toBeChecked({
+      await expect(page.getByText('Email the signer if the document is still pending')).toBeChecked({
        checked: retrievedDocumentData.documentMeta?.emailSettings?.documentPending,
      });
-      await expect(page.getByText('Send document completed email to the owner')).toBeChecked({
+      await expect(page.getByText('Email the owner when the document is completed')).toBeChecked({
        checked: retrievedDocumentData.documentMeta?.emailSettings?.ownerDocumentCompleted,
      });
    }).toPass();
@@ -0,0 +1,218 @@
+import { type APIRequestContext, type Page, expect, test } from '@playwright/test';
+import { DocumentStatus, EnvelopeType, FieldType } from '@prisma/client';
+import fs from 'node:fs';
+import path from 'node:path';
+import * as pdfjsLib from 'pdfjs-dist/legacy/build/pdf.mjs';
+
+import { getEnvelopeItemPdfUrl } from '@documenso/lib/utils/envelope-download';
+import { prisma } from '@documenso/prisma';
+import { seedUser } from '@documenso/prisma/seed/users';
+
+import { NEXT_PUBLIC_WEBAPP_URL } from '../../../lib/constants/app';
+import { createApiToken } from '../../../lib/server-only/public-api/create-api-token';
+import { RecipientRole } from '../../../prisma/generated/types';
+import type {
+  TCreateEnvelopePayload,
+  TCreateEnvelopeResponse,
+} from '../../../trpc/server/envelope-router/create-envelope.types';
+import type { TDistributeEnvelopeRequest } from '../../../trpc/server/envelope-router/distribute-envelope.types';
+import { apiSignin } from '../fixtures/authentication';
+
+const WEBAPP_BASE_URL = NEXT_PUBLIC_WEBAPP_URL();
+const baseUrl = `${WEBAPP_BASE_URL}/api/v2`;
+
+test.describe.configure({ mode: 'parallel', timeout: 60000 });
+
+const signAndVerifyPageDimensions = async ({
+  page,
+  request,
+  pdfFile,
+  identifier,
+  title,
+  expectedWidth,
+  expectedHeight,
+}: {
+  page: Page;
+  request: APIRequestContext;
+  pdfFile: string;
+  identifier: string;
+  title: string;
+  expectedWidth: number;
+  expectedHeight: number;
+}) => {
+  const { user, team } = await seedUser();
+
+  const { token } = await createApiToken({
+    userId: user.id,
+    teamId: team.id,
+    tokenName: 'test',
+    expiresIn: null,
+  });
+
+  const pdfBuffer = fs.readFileSync(path.join(__dirname, `../../../../assets/${pdfFile}`));
+
+  const formData = new FormData();
+
+  const createEnvelopePayload: TCreateEnvelopePayload = {
+    type: EnvelopeType.DOCUMENT,
+    title,
+    recipients: [
+      {
+        email: user.email,
+        name: user.name || '',
+        role: RecipientRole.SIGNER,
+        fields: [
+          {
+            identifier,
+            type: FieldType.SIGNATURE,
+            fieldMeta: { type: 'signature' },
+            page: 1,
+            positionX: 10,
+            positionY: 10,
+            width: 40,
+            height: 10,
+          },
+        ],
+      },
+    ],
+  };
+
+  formData.append('payload', JSON.stringify(createEnvelopePayload));
+  formData.append('files', new File([pdfBuffer], identifier, { type: 'application/pdf' }));
+
+  const createResponse = await request.post(`${baseUrl}/envelope/create`, {
+    headers: { Authorization: `Bearer ${token}` },
+    multipart: formData,
+  });
+
+  expect(createResponse.ok()).toBeTruthy();
+
+  const { id: envelopeId }: TCreateEnvelopeResponse = await createResponse.json();
+
+  const envelope = await prisma.envelope.findUniqueOrThrow({
+    where: { id: envelopeId },
+    include: { recipients: true },
+  });
+
+  const distributeResponse = await request.post(`${baseUrl}/envelope/distribute`, {
+    headers: { Authorization: `Bearer ${token}` },
+    data: { envelopeId: envelope.id } satisfies TDistributeEnvelopeRequest,
+  });
+
+  expect(distributeResponse.ok()).toBeTruthy();
+
+  // Pre-insert all fields via Prisma so we can skip the UI field interaction.
+  const fields = await prisma.field.findMany({
+    where: { envelopeId: envelope.id, inserted: false },
+  });
+
+  for (const field of fields) {
+    await prisma.field.update({
+      where: { id: field.id },
+      data: {
+        inserted: true,
+        signature: {
+          create: {
+            recipientId: envelope.recipients[0].id,
+            typedSignature: 'Test Signature',
+          },
+        },
+      },
+    });
+  }
+
+  const recipientToken = envelope.recipients[0].token;
+  const signUrl = `/sign/${recipientToken}`;
+
+  await apiSignin({
+    page,
+    email: user.email,
+    redirectPath: signUrl,
+  });
+
+  await expect(page.getByRole('heading', { name: 'Sign Document' })).toBeVisible();
+
+  await page.getByRole('button', { name: 'Complete' }).click();
+  await page.getByRole('button', { name: 'Sign' }).click();
+  await page.waitForURL(`${signUrl}/complete`);
+
+  await expect(async () => {
+    const { status } = await prisma.envelope.findFirstOrThrow({
+      where: { id: envelope.id },
+    });
+
+    expect(status).toBe(DocumentStatus.COMPLETED);
+  }).toPass({ timeout: 10000 });
+
+  const completedEnvelope = await prisma.envelope.findFirstOrThrow({
+    where: { id: envelope.id },
+    include: {
+      envelopeItems: {
+        orderBy: { order: 'asc' },
+        include: { documentData: true },
+      },
+    },
+  });
+
+  for (const item of completedEnvelope.envelopeItems) {
+    const documentUrl = getEnvelopeItemPdfUrl({
+      type: 'download',
+      envelopeItem: item,
+      token: recipientToken,
+      version: 'signed',
+    });
+
+    const pdfData = await fetch(documentUrl).then(async (res) => await res.arrayBuffer());
+    const loadingTask = pdfjsLib.getDocument({ data: new Uint8Array(pdfData) });
+    const pdf = await loadingTask.promise;
+
+    expect(pdf.numPages).toBeGreaterThan(1);
+
+    for (let i = 1; i <= pdf.numPages; i++) {
+      const pdfPage = await pdf.getPage(i);
+      const viewport = pdfPage.getViewport({ scale: 1 });
+
+      expect(Math.round(viewport.width)).toBe(expectedWidth);
+      expect(Math.round(viewport.height)).toBe(expectedHeight);
+    }
+  }
+};
+
+test('cert and audit log pages match letter page dimensions', async ({ page, request }) => {
+  await signAndVerifyPageDimensions({
+    page,
+    request,
+    pdfFile: 'letter-size.pdf',
+    identifier: 'letter-doc',
+    title: 'Letter Size Dimension Test',
+    expectedWidth: 612,
+    expectedHeight: 792,
+  });
+});
+
+test('cert and audit log pages match A4 page dimensions', async ({ page, request }) => {
+  await signAndVerifyPageDimensions({
+    page,
+    request,
+    pdfFile: 'a4-size.pdf',
+    identifier: 'a4-doc',
+    title: 'A4 Size Dimension Test',
+    expectedWidth: 595,
+    expectedHeight: 842,
+  });
+});
+
+test('cert and audit log pages match tabloid landscape page dimensions', async ({
+  page,
+  request,
+}) => {
+  await signAndVerifyPageDimensions({
+    page,
+    request,
+    pdfFile: 'tabloid-landscape.pdf',
+    identifier: 'tabloid-doc',
+    title: 'Tabloid Landscape Dimension Test',
+    expectedWidth: 1224,
+    expectedHeight: 792,
+  });
+});
@@ -298,18 +298,34 @@ test('field placement visual regression', async ({ page, request }, testInfo) =>
 *
 * DON'T COMMIT THIS WITHOUT THE "SKIP" COMMAND.
 */
-test.skip('download envelope images', async ({ page }) => {
+test.skip('download envelope images', async ({ page, request }) => {
  const { user, team } = await seedUser();

+  const { token: apiToken } = await createApiToken({
+    userId: user.id,
+    teamId: team.id,
+    tokenName: 'test',
+    expiresIn: null,
+  });
+
  const envelope = await seedAlignmentTestDocument({
    userId: user.id,
    teamId: team.id,
    recipientName: user.name || '',
    recipientEmail: user.email,
    insertFields: true,
-    status: DocumentStatus.PENDING,
+    status: DocumentStatus.DRAFT,
  });

+  const distributeEnvelopeRequest = await request.post(`${baseUrl}/envelope/distribute`, {
+    headers: { Authorization: `Bearer ${apiToken}` },
+    data: {
+      envelopeId: envelope.id,
+    } satisfies TDistributeEnvelopeRequest,
+  });
+
+  expect(distributeEnvelopeRequest.ok()).toBeTruthy();
+
  const token = envelope.recipients[0].token;

  const signUrl = `/sign/${token}`;
@@ -205,9 +205,13 @@ test('[ORGANISATIONS]: manage email preferences', async ({ page }) => {
  await page.getByRole('textbox', { name: 'Reply to email' }).fill('organisation@documenso.com');

  // Update email document settings by enabling/disabling some checkboxes
-  await page.getByRole('checkbox', { name: 'Send recipient signed email' }).uncheck();
-  await page.getByRole('checkbox', { name: 'Send document pending email' }).uncheck();
-  await page.getByRole('checkbox', { name: 'Send document deleted email' }).uncheck();
+  await page.getByRole('checkbox', { name: 'Email the owner when a recipient signs' }).uncheck();
+  await page
+    .getByRole('checkbox', { name: 'Email the signer if the document is still pending' })
+    .uncheck();
+  await page
+    .getByRole('checkbox', { name: 'Email recipients when a pending document is deleted' })
+    .uncheck();

  await page.getByRole('button', { name: 'Update' }).first().click();
  await expect(page.getByText('Your email preferences have been updated').first()).toBeVisible();
@@ -240,12 +244,14 @@ test('[ORGANISATIONS]: manage email preferences', async ({ page }) => {
  await page.getByRole('option', { name: 'Override organisation settings' }).click();

  // Update some email settings
-  await page.getByRole('checkbox', { name: 'Send recipient signing request email' }).uncheck();
  await page
-    .getByRole('checkbox', { name: 'Send document completed email', exact: true })
+    .getByRole('checkbox', { name: 'Email recipients with a signing request' })
    .uncheck();
  await page
-    .getByRole('checkbox', { name: 'Send document completed email to the owner' })
+    .getByRole('checkbox', { name: 'Email recipients when the document is completed', exact: true })
+    .uncheck();
+  await page
+    .getByRole('checkbox', { name: 'Email the owner when the document is completed' })
    .uncheck();

  await page.getByRole('button', { name: 'Update' }).first().click();
@@ -5,6 +5,8 @@ import { deleteCookie } from 'hono/cookie';

 import { AppError, AppErrorCode } from '@documenso/lib/errors/app-error';
 import { onCreateUserHook } from '@documenso/lib/server-only/user/create-user';
+import { deletedServiceAccountEmail } from '@documenso/lib/server-only/user/service-accounts/deleted-account';
+import { legacyServiceAccountEmail } from '@documenso/lib/server-only/user/service-accounts/legacy-service-account';
 import { isValidReturnTo, normalizeReturnTo } from '@documenso/lib/utils/is-valid-return-to';
 import { prisma } from '@documenso/prisma';

@@ -26,6 +28,13 @@ export const handleOAuthCallbackUrl = async (options: HandleOAuthCallbackUrlOpti
  const { email, name, sub, accessToken, accessTokenExpiresAt, idToken, redirectPath } =
    await validateOauth({ c, clientOptions });

+  if (
+    email.toLowerCase() === legacyServiceAccountEmail() ||
+    email.toLowerCase() === deletedServiceAccountEmail()
+  ) {
+    return c.text('FORBIDDEN', 403);
+  }
+
  // Find the account if possible.
  const existingAccount = await prisma.account.findFirst({
    where: {
@@ -17,7 +17,10 @@ import { viewBackupCodes } from '@documenso/lib/server-only/2fa/view-backup-code
 import { createUser } from '@documenso/lib/server-only/user/create-user';
 import { forgotPassword } from '@documenso/lib/server-only/user/forgot-password';
 import { getMostRecentEmailVerificationToken } from '@documenso/lib/server-only/user/get-most-recent-email-verification-token';
+import { getUserByResetToken } from '@documenso/lib/server-only/user/get-user-by-reset-token';
 import { resetPassword } from '@documenso/lib/server-only/user/reset-password';
+import { deletedServiceAccountEmail } from '@documenso/lib/server-only/user/service-accounts/deleted-account';
+import { legacyServiceAccountEmail } from '@documenso/lib/server-only/user/service-accounts/legacy-service-account';
 import { updatePassword } from '@documenso/lib/server-only/user/update-password';
 import { verifyEmail } from '@documenso/lib/server-only/user/verify-email';
 import { env } from '@documenso/lib/utils/env';
@@ -57,6 +60,13 @@ export const emailPasswordRoute = new Hono<HonoAuthContext>()
      });
    }

+    if (
+      email.toLowerCase() === legacyServiceAccountEmail() ||
+      email.toLowerCase() === deletedServiceAccountEmail()
+    ) {
+      return c.text('FORBIDDEN', 403);
+    }
+
    const user = await prisma.user.findFirst({
      where: {
        email: email.toLowerCase(),
@@ -241,6 +251,13 @@ export const emailPasswordRoute = new Hono<HonoAuthContext>()
  .post('/forgot-password', sValidator('json', ZForgotPasswordSchema), async (c) => {
    const { email } = c.req.valid('json');

+    if (
+      email.toLowerCase() === legacyServiceAccountEmail() ||
+      email.toLowerCase() === deletedServiceAccountEmail()
+    ) {
+      return c.text('FORBIDDEN', 403);
+    }
+
    await forgotPassword({
      email,
    });
@@ -253,6 +270,15 @@ export const emailPasswordRoute = new Hono<HonoAuthContext>()
  .post('/reset-password', sValidator('json', ZResetPasswordSchema), async (c) => {
    const { token, password } = c.req.valid('json');

+    const user = await getUserByResetToken({ token });
+
+    if (
+      user.email.toLowerCase() === legacyServiceAccountEmail() ||
+      user.email.toLowerCase() === deletedServiceAccountEmail()
+    ) {
+      return c.text('FORBIDDEN', 403);
+    }
+
    const requestMetadata = c.get('requestMetadata');

    const { userId } = await resetPassword({
@@ -5,6 +5,8 @@ import { isoBase64URL } from '@simplewebauthn/server/helpers';
 import { Hono } from 'hono';

 import { AppError, AppErrorCode } from '@documenso/lib/errors/app-error';
+import { deletedServiceAccountEmail } from '@documenso/lib/server-only/user/service-accounts/deleted-account';
+import { legacyServiceAccountEmail } from '@documenso/lib/server-only/user/service-accounts/legacy-service-account';
 import type { TAuthenticationResponseJSONSchema } from '@documenso/lib/types/webauthn';
 import { ZAuthenticationResponseJSONSchema } from '@documenso/lib/types/webauthn';
 import { getAuthenticatorOptions } from '@documenso/lib/utils/authenticator';
@@ -74,6 +76,13 @@ export const passkeyRoute = new Hono<HonoAuthContext>()

    const user = passkey.user;

+    if (
+      user.email.toLowerCase() === legacyServiceAccountEmail() ||
+      user.email.toLowerCase() === deletedServiceAccountEmail()
+    ) {
+      return c.text('FORBIDDEN', 403);
+    }
+
    const { rpId, origin } = getAuthenticatorOptions();

    const verification = await verifyAuthenticationResponse({
@@ -1,19 +1,89 @@
 import { SubscriptionStatus } from '@prisma/client';

+import { createOrganisationClaimUpsertData } from '@documenso/lib/server-only/organisation/create-organisation';
 import type { Stripe } from '@documenso/lib/server-only/stripe';
+import { INTERNAL_CLAIM_ID, internalClaims } from '@documenso/lib/types/subscription';
 import { prisma } from '@documenso/prisma';

+import { extractStripeClaimId } from './on-subscription-updated';
+
 export type OnSubscriptionDeletedOptions = {
  subscription: Stripe.Subscription;
 };

 export const onSubscriptionDeleted = async ({ subscription }: OnSubscriptionDeletedOptions) => {
-  await prisma.subscription.update({
+  const existingSubscription = await prisma.subscription.findUnique({
    where: {
      planId: subscription.id,
    },
+    include: {
+      organisation: {
+        include: {
+          organisationClaim: true,
+        },
+      },
+    },
+  });
+
+  // If the subscription doesn't exist, we don't need to do anything.
+  if (!existingSubscription) {
+    return;
+  }
+
+  const subscriptionClaimId = await extractClaimIdFromStripeSubscription(subscription);
+
+  // Individuals get their subscription deleted so they can return to the
+  // free plan.
+  if (subscriptionClaimId === INTERNAL_CLAIM_ID.INDIVIDUAL) {
+    await prisma.$transaction(async (tx) => {
+      await tx.subscription.delete({
+        where: {
+          id: existingSubscription.id,
+        },
+      });
+
+      await tx.organisationClaim.update({
+        where: {
+          id: existingSubscription.organisation.organisationClaim.id,
+        },
+        data: {
+          originalSubscriptionClaimId: INTERNAL_CLAIM_ID.FREE,
+          ...createOrganisationClaimUpsertData(internalClaims[INTERNAL_CLAIM_ID.FREE]),
+        },
+      });
+    });
+
+    return;
+  }
+
+  // For all other cases, mark the subscription as inactive since
+  // they should still have a "Personal" account.
+  await prisma.subscription.update({
+    where: {
+      id: existingSubscription.id,
+    },
    data: {
      status: SubscriptionStatus.INACTIVE,
    },
  });
 };
+
+/**
+ * Extracts the claim ID from the Stripe subscription.
+ *
+ * Returns `null` if no claim ID found.
+ */
+const extractClaimIdFromStripeSubscription = async (subscription: Stripe.Subscription) => {
+  const deletedItem = subscription.items.data[0];
+
+  if (!deletedItem) {
+    return null;
+  }
+
+  try {
+    return await extractStripeClaimId(deletedItem.price);
+  } catch (error) {
+    console.error(error);
+    return null;
+  }
+};
@@ -0,0 +1,69 @@
+import * as React from 'react';
+import type { Dispatch, SetStateAction } from 'react';
+
+function dispatchStorageEvent(key: string, newValue: string | null) {
+  window.dispatchEvent(new StorageEvent('storage', { key, newValue }));
+}
+
+const setSessionStorageItem = <T>(key: string, value: T) => {
+  const stringifiedValue = JSON.stringify(value);
+  window.sessionStorage.setItem(key, stringifiedValue);
+  dispatchStorageEvent(key, stringifiedValue);
+};
+
+const removeSessionStorageItem = (key: string) => {
+  window.sessionStorage.removeItem(key);
+  dispatchStorageEvent(key, null);
+};
+
+const getSessionStorageItem = (key: string) => {
+  return window.sessionStorage.getItem(key);
+};
+
+const useSessionStorageSubscribe = (callback: (event: StorageEvent) => void) => {
+  window.addEventListener('storage', callback);
+  return () => window.removeEventListener('storage', callback);
+};
+
+export function useSessionStorage<T>(
+  key: string,
+  initialValue: T,
+): [T, Dispatch<SetStateAction<T>>] {
+  const serializedInitialValue = JSON.stringify(initialValue);
+
+  const getSnapshot = () => getSessionStorageItem(key);
+  const getServerSnapshot = () => serializedInitialValue;
+
+  const store = React.useSyncExternalStore(
+    useSessionStorageSubscribe,
+    getSnapshot,
+    getServerSnapshot,
+  );
+
+  const setState: Dispatch<SetStateAction<T>> = React.useCallback(
+    (v) => {
+      try {
+        const prevValue = store ? JSON.parse(store) : initialValue;
+        // @ts-expect-error - SetStateAction function check is safe at runtime
+        const nextState = typeof v === 'function' ? v(prevValue) : v;
+
+        if (nextState === undefined || nextState === null) {
+          removeSessionStorageItem(key);
+        } else {
+          setSessionStorageItem(key, nextState);
+        }
+      } catch (e) {
+        console.warn(e);
+      }
+    },
+    [key, store, initialValue],
+  );
+
+  React.useEffect(() => {
+    if (getSessionStorageItem(key) === null && typeof initialValue !== 'undefined') {
+      setSessionStorageItem(key, initialValue);
+    }
+  }, [key, initialValue]);
+
+  return [store ? JSON.parse(store) : initialValue, setState];
+}
@@ -8,8 +8,6 @@ export const DOCUMENSO_INTERNAL_EMAIL = {
  address: FROM_ADDRESS,
 };

-export const SERVICE_USER_EMAIL = 'serviceaccount@documenso.com';
-
 export const EMAIL_VERIFICATION_STATE = {
  NOT_FOUND: 'NOT_FOUND',
  VERIFIED: 'VERIFIED',
@@ -15,11 +15,11 @@ import { groupBy } from 'remeda';
 import { addRejectionStampToPdf } from '@documenso/lib/server-only/pdf/add-rejection-stamp-to-pdf';
 import { generateAuditLogPdf } from '@documenso/lib/server-only/pdf/generate-audit-log-pdf';
 import { generateCertificatePdf } from '@documenso/lib/server-only/pdf/generate-certificate-pdf';
+import { getLastPageDimensions } from '@documenso/lib/server-only/pdf/get-page-size';
 import { prisma } from '@documenso/prisma';
 import { signPdf } from '@documenso/signing';

 import { NEXT_PRIVATE_USE_PLAYWRIGHT_PDF } from '../../../constants/app';
-import { PDF_SIZE_A4_72PPI } from '../../../constants/pdf';
 import { AppError, AppErrorCode } from '../../../errors/app-error';
 import { sendCompletedEmail } from '../../../server-only/document/send-completed-email';
 import { getAuditLogsPdf } from '../../../server-only/htmltopdf/get-audit-logs-pdf';
@@ -29,7 +29,10 @@ import { insertFieldInPDFV2 } from '../../../server-only/pdf/insert-field-in-pdf
 import { legacy_insertFieldInPDF } from '../../../server-only/pdf/legacy-insert-field-in-pdf';
 import { getTeamSettings } from '../../../server-only/team/get-team-settings';
 import { triggerWebhook } from '../../../server-only/webhooks/trigger/trigger-webhook';
-import { DOCUMENT_AUDIT_LOG_TYPE } from '../../../types/document-audit-logs';
+import {
+  DOCUMENT_AUDIT_LOG_TYPE,
+  type TDocumentAuditLog,
+} from '../../../types/document-audit-logs';
 import {
  ZWebhookDocumentSchema,
  mapEnvelopeToWebhookDocumentPayload,
@@ -169,56 +172,38 @@ export const run = async ({
      });
    }

-    let certificateDoc: PDF | null = null;
-    let auditLogDoc: PDF | null = null;
+    // eslint-disable-next-line @typescript-eslint/consistent-type-assertions
+    const envelopeCompletedAuditLog = createDocumentAuditLogData({
+      type: DOCUMENT_AUDIT_LOG_TYPE.DOCUMENT_COMPLETED,
+      envelopeId: envelope.id,
+      requestMetadata,
+      user: null,
+      data: {
+        transactionId: nanoid(),
+        ...(isRejected ? { isRejected: true, rejectionReason: rejectionReason } : {}),
+      },
+    });

-    if (settings.includeSigningCertificate || settings.includeAuditLog) {
-      const certificatePayload = {
-        envelope,
-        recipients: envelope.recipients, // Need to use the recipients from envelope which contains ALL recipients.
-        fields,
-        language: envelope.documentMeta.language,
-        envelopeOwner: {
-          email: envelope.user.email,
-          name: envelope.user.name || '',
-        },
-        envelopeItems: envelopeItems.map((item) => item.title),
-        pageWidth: PDF_SIZE_A4_72PPI.width,
-        pageHeight: PDF_SIZE_A4_72PPI.height,
-      };
+    const finalEnvelopeStatus = isRejected ? DocumentStatus.REJECTED : DocumentStatus.COMPLETED;

-      // Use Playwright-based PDF generation if enabled, otherwise use Konva-based generation.
-      // This is a temporary toggle while we validate the Konva-based approach.
-      const usePlaywrightPdf = NEXT_PRIVATE_USE_PLAYWRIGHT_PDF();
+    // Pre-fetch all PDF data so we can read dimensions and pass it
+    // to decorateAndSignPdf without fetching again.
+    const prefetchedItems = await Promise.all(
+      envelopeItems.map(async (envelopeItem) => {
+        const pdfData = await getFileServerSide(envelopeItem.documentData);

-      const makeCertificatePdf = async () =>
-        usePlaywrightPdf
-          ? getCertificatePdf({
-              documentId,
-              language: envelope.documentMeta.language,
-            }).then(async (buffer) => PDF.load(buffer))
-          : generateCertificatePdf(certificatePayload);
+        return { envelopeItem, pdfData };
+      }),
+    );

-      const makeAuditLogPdf = async () =>
-        usePlaywrightPdf
-          ? getAuditLogsPdf({
-              documentId,
-              language: envelope.documentMeta.language,
-            }).then(async (buffer) => PDF.load(buffer))
-          : generateAuditLogPdf(certificatePayload);
+    const usePlaywrightPdf = NEXT_PRIVATE_USE_PLAYWRIGHT_PDF();

-      const [createdCertificatePdf, createdAuditLogPdf] = await Promise.all([
-        settings.includeSigningCertificate ? makeCertificatePdf() : null,
-        settings.includeAuditLog ? makeAuditLogPdf() : null,
-      ]);
-
-      certificateDoc = createdCertificatePdf;
-      auditLogDoc = createdAuditLogPdf;
-    }
+    const needsCertificate = settings.includeSigningCertificate;
+    const needsAuditLog = settings.includeAuditLog;

    const newDocumentData: Array<{ oldDocumentDataId: string; newDocumentDataId: string }> = [];

-    for (const envelopeItem of envelopeItems) {
+    for (const { envelopeItem, pdfData } of prefetchedItems) {
      const envelopeItemFields = envelope.envelopeItems.find(
        (item) => item.id === envelopeItem.id,
      )?.field;
@@ -227,12 +212,70 @@ export const run = async ({
        throw new Error(`Envelope item fields not found for envelope item ${envelopeItem.id}`);
      }

+      let certificateDoc: PDF | null = null;
+      let auditLogDoc: PDF | null = null;
+
+      if (needsCertificate || needsAuditLog) {
+        const pdfDoc = await PDF.load(pdfData);
+
+        const { width: pageWidth, height: pageHeight } = getLastPageDimensions(pdfDoc);
+
+        const additionalAuditLogs = [
+          // eslint-disable-next-line @typescript-eslint/consistent-type-assertions
+          {
+            ...envelopeCompletedAuditLog,
+            id: '',
+            createdAt: new Date(),
+          } as TDocumentAuditLog,
+        ];
+
+        const certificatePayload = {
+          envelope: {
+            ...envelope,
+            status: finalEnvelopeStatus,
+          },
+          recipients: envelope.recipients,
+          fields,
+          language: envelope.documentMeta.language,
+          envelopeOwner: {
+            email: envelope.user.email,
+            name: envelope.user.name || '',
+          },
+          envelopeItems: envelopeItems.map((item) => item.title),
+          pageWidth,
+          pageHeight,
+          additionalAuditLogs,
+        };
+
+        const makeCertificatePdf = async () =>
+          usePlaywrightPdf
+            ? getCertificatePdf({
+                documentId,
+                language: envelope.documentMeta.language,
+              }).then(async (buffer) => PDF.load(buffer))
+            : generateCertificatePdf(certificatePayload);
+
+        const makeAuditLogPdf = async () =>
+          usePlaywrightPdf
+            ? getAuditLogsPdf({
+                documentId,
+                language: envelope.documentMeta.language,
+              }).then(async (buffer) => PDF.load(buffer))
+            : generateAuditLogPdf(certificatePayload);
+
+        [certificateDoc, auditLogDoc] = await Promise.all([
+          needsCertificate ? makeCertificatePdf() : null,
+          needsAuditLog ? makeAuditLogPdf() : null,
+        ]);
+      }
+
      const result = await decorateAndSignPdf({
        envelope,
        envelopeItem,
        envelopeItemFields,
        isRejected,
        rejectionReason,
+        pdfData,
        certificateDoc,
        auditLogDoc,
      });
@@ -263,22 +306,13 @@ export const run = async ({
          id: envelope.id,
        },
        data: {
-          status: isRejected ? DocumentStatus.REJECTED : DocumentStatus.COMPLETED,
+          status: finalEnvelopeStatus,
          completedAt: new Date(),
        },
      });

      await tx.documentAuditLog.create({
-        data: createDocumentAuditLogData({
-          type: DOCUMENT_AUDIT_LOG_TYPE.DOCUMENT_COMPLETED,
-          envelopeId: envelope.id,
-          requestMetadata,
-          user: null,
-          data: {
-            transactionId: nanoid(),
-            ...(isRejected ? { isRejected: true, rejectionReason: rejectionReason } : {}),
-          },
-        }),
+        data: envelopeCompletedAuditLog,
      });
    });

@@ -330,12 +364,13 @@ type DecorateAndSignPdfOptions = {
  envelopeItemFields: Field[];
  isRejected: boolean;
  rejectionReason: string;
+  pdfData: Uint8Array;
  certificateDoc: PDF | null;
  auditLogDoc: PDF | null;
 };

 /**
- * Fetch, normalize, flatten and insert fields into a PDF document.
+ * Normalize, flatten and insert fields into a PDF document.
 */
 const decorateAndSignPdf = async ({
  envelope,
@@ -343,11 +378,10 @@ const decorateAndSignPdf = async ({
  envelopeItemFields,
  isRejected,
  rejectionReason,
+  pdfData,
  certificateDoc,
  auditLogDoc,
 }: DecorateAndSignPdfOptions) => {
-  const pdfData = await getFileServerSide(envelopeItem.documentData);
-
  let pdfDoc = await PDF.load(pdfData);

  // Normalize and flatten layers that could cause issues with the signature
@@ -388,6 +422,10 @@ const decorateAndSignPdf = async ({
      }
    }

+    // Should never run into issues with this flatten since all
+    // arcoFields are created by pdf-lib itself.
+    legacy_pdfLibDoc.getForm().flatten();
+
    await pdfDoc.reload(await legacy_pdfLibDoc.save());
  }

@@ -1,7 +1,7 @@
 import { PDF, rgb } from '@libpdf/core';
 import type { FieldType, Recipient } from '@prisma/client';

-import { type TFieldAndMeta, ZFieldAndMetaSchema } from '@documenso/lib/types/field-meta';
+import { type TFieldAndMeta, ZEnvelopeFieldAndMetaSchema } from '@documenso/lib/types/field-meta';

 import { parseFieldMetaFromPlaceholder, parseFieldTypeFromPlaceholder } from './helpers';

@@ -117,7 +117,7 @@ export const extractPlaceholdersFromPDF = async (pdf: Buffer): Promise<Placehold

      const parsedFieldMeta = parseFieldMetaFromPlaceholder(rawFieldMeta, fieldType);

-      const fieldAndMeta: TFieldAndMeta = ZFieldAndMetaSchema.parse({
+      const fieldAndMeta: TFieldAndMeta = ZEnvelopeFieldAndMetaSchema.parse({
        type: fieldType,
        fieldMeta: parsedFieldMeta,
      });
@@ -1,6 +1,7 @@
 import { PDF } from '@libpdf/core';
 import { i18n } from '@lingui/core';

+import { type TDocumentAuditLog } from '@documenso/lib/types/document-audit-logs';
 import { prisma } from '@documenso/prisma';

 import { ZSupportedLanguageCodeSchema } from '../../constants/i18n';
@@ -12,15 +13,24 @@ import { renderAuditLogs } from './render-audit-logs';

 type GenerateAuditLogPdfOptions = GenerateCertificatePdfOptions & {
  envelopeItems: string[];
+  additionalAuditLogs?: TDocumentAuditLog[];
 };

 export const generateAuditLogPdf = async (options: GenerateAuditLogPdfOptions) => {
-  const { envelope, envelopeOwner, envelopeItems, recipients, language, pageWidth, pageHeight } =
-    options;
+  const {
+    envelope,
+    envelopeOwner,
+    envelopeItems,
+    recipients,
+    language,
+    pageWidth,
+    pageHeight,
+    additionalAuditLogs = [],
+  } = options;

  const documentLanguage = ZSupportedLanguageCodeSchema.parse(language);

-  const [organisationClaim, auditLogs, messages] = await Promise.all([
+  const [organisationClaim, partialAuditLogs, messages] = await Promise.all([
    getOrganisationClaimByTeamId({ teamId: envelope.teamId }),
    getAuditLogs(envelope.id),
    getTranslations(documentLanguage),
@@ -31,6 +41,8 @@ export const generateAuditLogPdf = async (options: GenerateAuditLogPdfOptions) =
    messages,
  });

+  const auditLogs: TDocumentAuditLog[] = [...additionalAuditLogs, ...partialAuditLogs];
+
  const auditLogPages = await renderAuditLogs({
    envelope,
    envelopeOwner,
@@ -16,7 +16,14 @@ import { getOrganisationClaimByTeamId } from '../organisation/get-organisation-c
 import { renderCertificate } from './render-certificate';

 export type GenerateCertificatePdfOptions = {
-  envelope: Envelope & {
+  /**
+   * Note: completedAt is not included since it's not real at this point in time.
+   *
+   * If we actually need it here in the future, we will need to preserve the
+   * completedAt value and pass it to the final `envelope.update` function when
+   * the document is initially sealed.
+   */
+  envelope: Omit<Envelope, 'completedAt'> & {
    documentMeta: DocumentMeta;
  };
  envelopeOwner: {
@@ -1,4 +1,10 @@
 import type { PDFPage } from '@cantoo/pdf-lib';
+import type { PDF } from '@libpdf/core';
+
+import { PDF_SIZE_A4_72PPI } from '../../constants/pdf';
+
+const MIN_CERT_PAGE_WIDTH = 300;
+const MIN_CERT_PAGE_HEIGHT = 300;

 /**
 * Gets the effective page size for PDF operations.
@@ -16,3 +22,20 @@ export const getPageSize = (page: PDFPage) => {

  return cropBox;
 };
+
+export const getLastPageDimensions = (pdfDoc: PDF): { width: number; height: number } => {
+  const lastPage = pdfDoc.getPage(pdfDoc.getPageCount() - 1);
+
+  if (!lastPage) {
+    return PDF_SIZE_A4_72PPI;
+  }
+
+  const width = Math.round(lastPage.width);
+  const height = Math.round(lastPage.height);
+
+  if (width < MIN_CERT_PAGE_WIDTH || height < MIN_CERT_PAGE_HEIGHT) {
+    return PDF_SIZE_A4_72PPI;
+  }
+
+  return { width, height };
+};
@@ -30,7 +30,7 @@ export type AuditLogRecipient = {
 };

 type GenerateAuditLogsOptions = {
-  envelope: Envelope & {
+  envelope: Omit<Envelope, 'completedAt'> & {
    documentMeta: DocumentMeta;
  };
  envelopeItems: string[];
@@ -168,7 +168,7 @@ const renderVerticalLabelAndText = (options: RenderVerticalLabelAndTextOptions)
 };

 type RenderOverviewCardOptions = {
-  envelope: Envelope & {
+  envelope: Omit<Envelope, 'completedAt'> & {
    documentMeta: DocumentMeta;
  };
  envelopeItems: string[];
@@ -78,6 +78,7 @@ const getDevice = (userAgent?: string | null): string => {
 const textMutedForegroundLight = '#929DAE';
 const textForeground = '#000';
 const textMutedForeground = '#64748B';
+const textRejectedRed = '#dc2626';
 const textBase = 10;
 const textSm = 9;
 const textXs = 8;
@@ -97,6 +98,8 @@ type RenderLabelAndTextOptions = {
  text: string;
  width: number;
  y?: number;
+  labelFill?: string;
+  valueFill?: string;
 };

 const renderLabelAndText = (options: RenderLabelAndTextOptions) => {
@@ -106,13 +109,16 @@ const renderLabelAndText = (options: RenderLabelAndTextOptions) => {
    y,
  });

+  const labelFill = options.labelFill ?? textMutedForeground;
+  const valueFill = options.valueFill ?? textMutedForeground;
+
  const label = new Konva.Text({
    x: 0,
    y: 0,
    text: `${options.label}: `,
    fontStyle: fontMedium,
    fontFamily: 'Inter',
-    fill: textMutedForeground,
+    fill: labelFill,
    fontSize: textSm,
  });

@@ -124,7 +130,7 @@ const renderLabelAndText = (options: RenderLabelAndTextOptions) => {
    width: width - label.width(),
    fontFamily: 'Inter',
    text: options.text,
-    fill: textMutedForeground,
+    fill: valueFill,
    wrap: 'char',
    fontSize: textSm,
  });
@@ -269,6 +275,8 @@ const renderColumnTwo = (options: RenderColumnOptions) => {

  const columnWidth = width - columnPadding;

+  const isRejected = Boolean(recipient.logs.rejected);
+
  if (recipient.signatureField?.secondaryId) {
    // Signature container with green border
    const signatureContainer = new Konva.Group({ x: 0, y: 0 });
@@ -313,7 +321,10 @@ const renderColumnTwo = (options: RenderColumnOptions) => {
      signatureContainer.add(typedSig);
    }

-    column.add(signatureContainer);
+    // Do not add the signature container for rejected recipients.
+    if (!isRejected) {
+      column.add(signatureContainer);
+    }

    const signatureHeight = Math.max(signatureContainer.getClientRect().height, minSignatureHeight);

@@ -342,7 +353,7 @@ const renderColumnTwo = (options: RenderColumnOptions) => {
    // Signature ID
    const sigIdLabel = new Konva.Text({
      x: 0,
-      y: signatureHeight + 10,
+      y: isRejected ? 0 : signatureHeight + 10,
      text: `${i18n._(msg`Signature ID`)}:`,
      fill: textMutedForeground,
      width: columnWidth,
@@ -376,9 +387,11 @@ const renderColumnTwo = (options: RenderColumnOptions) => {
    column.add(naText);
  }

+  const relevantLog = isRejected ? recipient.logs.rejected : recipient.logs.completed;
+
  const ipLabelAndText = renderLabelAndText({
    label: i18n._(msg`IP Address`),
-    text: recipient.logs.completed?.ipAddress ?? i18n._(msg`Unknown`),
+    text: relevantLog?.ipAddress ?? i18n._(msg`Unknown`),
    width,
    y: column.getClientRect().height + 6,
  });
@@ -386,7 +399,7 @@ const renderColumnTwo = (options: RenderColumnOptions) => {

  const deviceLabelAndText = renderLabelAndText({
    label: i18n._(msg`Device`),
-    text: getDevice(recipient.logs.completed?.userAgent),
+    text: getDevice(relevantLog?.userAgent),
    width,
    y: column.getClientRect().height + 6,
  });
@@ -400,7 +413,14 @@ const renderColumnThree = (options: RenderColumnOptions) => {

  const column = new Konva.Group();

-  const itemsToRender = [
+  type DetailItem = {
+    label: string;
+    value: string;
+    labelFill?: string;
+    valueFill?: string;
+  };
+
+  const itemsToRender: DetailItem[] = [
    {
      label: i18n._(msg`Sent`),
      value: recipient.logs.emailed
@@ -429,6 +449,8 @@ const renderColumnThree = (options: RenderColumnOptions) => {
      value: DateTime.fromJSDate(recipient.logs.rejected.createdAt)
        .setLocale(APP_I18N_OPTIONS.defaultLocale)
        .toFormat('yyyy-MM-dd hh:mm:ss a (ZZZZ)'),
+      labelFill: textRejectedRed,
+      valueFill: textRejectedRed,
    });
  } else {
    itemsToRender.push({
@@ -459,6 +481,8 @@ const renderColumnThree = (options: RenderColumnOptions) => {
      text: item.value,
      width,
      y: column.getClientRect().height + (index === 0 ? 0 : 8),
+      labelFill: item.labelFill,
+      valueFill: item.valueFill,
    });
    column.add(labelAndText);
  }
@@ -551,6 +551,7 @@ export const createDocumentFromTemplate = async ({
        visibility: template.visibility || settings.documentVisibility,
        useLegacyFieldInsertion: template.useLegacyFieldInsertion ?? false,
        documentMetaId: documentMeta.id,
+        formValues: formValues ?? undefined,
        recipients: {
          createMany: {
            data: allFinalRecipients.map((recipient) => {
@@ -0,0 +1,24 @@
+import { prisma } from '@documenso/prisma';
+
+import { AppError, AppErrorCode } from '../../errors/app-error';
+
+export interface GetUserByResetTokenOptions {
+  token: string;
+}
+
+export const getUserByResetToken = async ({ token }: GetUserByResetTokenOptions) => {
+  const result = await prisma.passwordResetToken.findFirst({
+    where: {
+      token,
+    },
+    include: {
+      user: true,
+    },
+  });
+
+  if (!result || !result.user) {
+    throw new AppError(AppErrorCode.NOT_FOUND);
+  }
+
+  return result.user;
+};
@@ -1,9 +1,27 @@
 import { prisma } from '@documenso/prisma';

+const LEGACY_DELETED_ACCOUNT_EMAIL = 'deleted-account@documenso.com';
+
+export const deletedServiceAccountEmail = () => {
+  try {
+    // eslint-disable-next-line turbo/no-undeclared-env-vars
+    if (process.env.NEXT_PRIVATE_DELETED_SERVICE_ACCOUNT_EMAIL) {
+      // eslint-disable-next-line turbo/no-undeclared-env-vars
+      return process.env.NEXT_PRIVATE_DELETED_SERVICE_ACCOUNT_EMAIL;
+    }
+
+    const { hostname } = new URL(process.env.NEXT_PUBLIC_WEBAPP_URL || 'http://localhost:3000');
+
+    return `deleted-account@${hostname}`;
+  } catch (error) {
+    return LEGACY_DELETED_ACCOUNT_EMAIL;
+  }
+};
+
 export const deletedAccountServiceAccount = async () => {
  const serviceAccount = await prisma.user.findFirst({
    where: {
-      email: 'deleted-account@documenso.com',
+      email: deletedServiceAccountEmail(),
    },
    select: {
      id: true,
@@ -29,3 +47,20 @@ export const deletedAccountServiceAccount = async () => {

  return serviceAccount;
 };
+
+export const migrateDeletedAccountServiceAccount = async () => {
+  if (deletedServiceAccountEmail() !== LEGACY_DELETED_ACCOUNT_EMAIL) {
+    console.log(
+      `Migrating deleted account service account to new email: ${deletedServiceAccountEmail()}`,
+    );
+
+    await prisma.user.updateMany({
+      where: {
+        email: LEGACY_DELETED_ACCOUNT_EMAIL,
+      },
+      data: {
+        email: deletedServiceAccountEmail(),
+      },
+    });
+  }
+};
@@ -0,0 +1,34 @@
+import { prisma } from '@documenso/prisma';
+
+const LEGACY_SERVICE_ACCOUNT_EMAIL = 'serviceaccount@documenso.com';
+
+export const legacyServiceAccountEmail = () => {
+  try {
+    // eslint-disable-next-line turbo/no-undeclared-env-vars
+    if (process.env.NEXT_PRIVATE_LEGACY_SERVICE_ACCOUNT_EMAIL) {
+      // eslint-disable-next-line turbo/no-undeclared-env-vars
+      return process.env.NEXT_PRIVATE_LEGACY_SERVICE_ACCOUNT_EMAIL;
+    }
+
+    const { hostname } = new URL(process.env.NEXT_PUBLIC_WEBAPP_URL || 'http://localhost:3000');
+
+    return `serviceaccount@${hostname}`;
+  } catch (error) {
+    return LEGACY_SERVICE_ACCOUNT_EMAIL;
+  }
+};
+
+export const migrateLegacyServiceAccount = async () => {
+  if (legacyServiceAccountEmail() !== LEGACY_SERVICE_ACCOUNT_EMAIL) {
+    console.log(`Migrating legacy service account to new email: ${legacyServiceAccountEmail()}`);
+
+    await prisma.user.updateMany({
+      where: {
+        email: LEGACY_SERVICE_ACCOUNT_EMAIL,
+      },
+      data: {
+        email: legacyServiceAccountEmail(),
+      },
+    });
+  }
+};
@@ -20,6 +20,12 @@ export const submitSupportTicket = async ({
  organisationId,
  teamId,
 }: SubmitSupportTicketOptions) => {
+  if (!plainClient) {
+    throw new AppError(AppErrorCode.NOT_SETUP, {
+      message: 'Support ticket system is not configured',
+    });
+  }
+
  const user = await prisma.user.findFirst({
    where: {
      id: userId,
@@ -52,6 +58,29 @@ export const submitSupportTicket = async ({
      })
    : null;

+  // Ensure the customer exists in Plain before creating a thread
+  const plainCustomer = await plainClient.upsertCustomer({
+    identifier: {
+      emailAddress: user.email,
+    },
+    onCreate: {
+      // If the user doesn't have a name, default to their email
+      fullName: user.name || user.email,
+      email: {
+        email: user.email,
+        isVerified: !!user.emailVerified,
+      },
+    },
+    // No need to update the customer if it already exists
+    onUpdate: {},
+  });
+
+  if (plainCustomer.error) {
+    throw new AppError(AppErrorCode.UNKNOWN_ERROR, {
+      message: `Failed to create customer in support system: ${plainCustomer.error.message}`,
+    });
+  }
+
  const customMessage = `
 Organisation: ${organisation.name} (${organisation.id})
 Team: ${team ? `${team.name} (${team.id})` : 'No team provided'}
@@ -60,12 +89,14 @@ ${message}`;

  const res = await plainClient.createThread({
    title: subject,
-    customerIdentifier: { emailAddress: user.email },
+    customerIdentifier: { customerId: plainCustomer.data.customer.id },
    components: [{ componentText: { text: customMessage } }],
  });

  if (res.error) {
-    throw new Error(res.error.message);
+    throw new AppError(AppErrorCode.UNKNOWN_ERROR, {
+      message: `Failed to create support ticket: ${res.error.message}`,
+    });
  }

  return res;
@@ -294,8 +294,10 @@ export const formatDocumentAuditLogAction = (
  auditLog: TDocumentAuditLog,
  userId?: number,
 ) => {
-  const prefix =
-    userId === auditLog.userId ? i18n._(msg`You`) : auditLog.name || auditLog.email || '';
+  const isCurrentUser = userId === auditLog.userId;
+  const user = auditLog.name || auditLog.email || '';
+
+  const prefix = isCurrentUser ? i18n._(msg`You`) : user || '';

  const description = match(auditLog)
    .with({ type: DOCUMENT_AUDIT_LOG_TYPE.FIELD_CREATED }, () => ({
@@ -303,245 +305,295 @@ export const formatDocumentAuditLogAction = (
        message: `A field was added`,
        context: `Audit log format`,
      }),
-      identified: msg`${prefix} added a field`,
+      you: msg`You added a field`,
+      user: msg`${user} added a field`,
    }))
    .with({ type: DOCUMENT_AUDIT_LOG_TYPE.FIELD_DELETED }, () => ({
      anonymous: msg({
        message: `A field was removed`,
        context: `Audit log format`,
      }),
-      identified: msg`${prefix} removed a field`,
+      you: msg`You removed a field`,
+      user: msg`${user} removed a field`,
    }))
    .with({ type: DOCUMENT_AUDIT_LOG_TYPE.FIELD_UPDATED }, () => ({
      anonymous: msg({
        message: `A field was updated`,
        context: `Audit log format`,
      }),
-      identified: msg`${prefix} updated a field`,
+      you: msg`You updated a field`,
+      user: msg`${user} updated a field`,
    }))
    .with({ type: DOCUMENT_AUDIT_LOG_TYPE.RECIPIENT_CREATED }, () => ({
      anonymous: msg({
        message: `A recipient was added`,
        context: `Audit log format`,
      }),
-      identified: msg`${prefix} added a recipient`,
+      you: msg`You added a recipient`,
+      user: msg`${user} added a recipient`,
    }))
    .with({ type: DOCUMENT_AUDIT_LOG_TYPE.RECIPIENT_DELETED }, () => ({
      anonymous: msg({
        message: `A recipient was removed`,
        context: `Audit log format`,
      }),
-      identified: msg`${prefix} removed a recipient`,
+      you: msg`You removed a recipient`,
+      user: msg`${user} removed a recipient`,
    }))
    .with({ type: DOCUMENT_AUDIT_LOG_TYPE.RECIPIENT_UPDATED }, () => ({
      anonymous: msg({
        message: `A recipient was updated`,
        context: `Audit log format`,
      }),
-      identified: msg`${prefix} updated a recipient`,
+      you: msg`You updated a recipient`,
+      user: msg`${user} updated a recipient`,
    }))
    .with({ type: DOCUMENT_AUDIT_LOG_TYPE.DOCUMENT_CREATED }, () => ({
      anonymous: msg({
        message: `Document created`,
        context: `Audit log format`,
      }),
-      identified: msg`${prefix} created the document`,
+      you: msg`You created the document`,
+      user: msg`${user} created the document`,
    }))
    .with({ type: DOCUMENT_AUDIT_LOG_TYPE.DOCUMENT_DELETED }, () => ({
      anonymous: msg({
        message: `Document deleted`,
        context: `Audit log format`,
      }),
-      identified: msg`${prefix} deleted the document`,
+      you: msg`You deleted the document`,
+      user: msg`${user} deleted the document`,
    }))
    .with({ type: DOCUMENT_AUDIT_LOG_TYPE.DOCUMENT_FIELDS_AUTO_INSERTED }, () => ({
      anonymous: msg({
        message: `System auto inserted fields`,
        context: `Audit log format`,
      }),
-      identified: msg`System auto inserted fields`,
+      you: msg({
+        message: `System auto inserted fields`,
+        context: `Audit log format`,
+      }),
+      user: msg({
+        message: `System auto inserted fields`,
+        context: `Audit log format`,
+      }),
    }))
    .with({ type: DOCUMENT_AUDIT_LOG_TYPE.DOCUMENT_FIELD_INSERTED }, () => ({
      anonymous: msg({
        message: `Field signed`,
        context: `Audit log format`,
      }),
-      identified: msg`${prefix} signed a field`,
+      you: msg`You signed a field`,
+      user: msg`${user} signed a field`,
    }))
    .with({ type: DOCUMENT_AUDIT_LOG_TYPE.DOCUMENT_FIELD_UNINSERTED }, () => ({
      anonymous: msg({
        message: `Field unsigned`,
        context: `Audit log format`,
      }),
-      identified: msg`${prefix} unsigned a field`,
+      you: msg`You unsigned a field`,
+      user: msg`${user} unsigned a field`,
    }))
    .with({ type: DOCUMENT_AUDIT_LOG_TYPE.DOCUMENT_FIELD_PREFILLED }, () => ({
      anonymous: msg({
        message: `Field prefilled by assistant`,
        context: `Audit log format`,
      }),
-      identified: msg`${prefix} prefilled a field`,
+      you: msg`You prefilled a field`,
+      user: msg`${user} prefilled a field`,
    }))
    .with({ type: DOCUMENT_AUDIT_LOG_TYPE.DOCUMENT_VISIBILITY_UPDATED }, () => ({
      anonymous: msg({
        message: `Document visibility updated`,
        context: `Audit log format`,
      }),
-      identified: msg`${prefix} updated the document visibility`,
+      you: msg`You updated the document visibility`,
+      user: msg`${user} updated the document visibility`,
    }))
    .with({ type: DOCUMENT_AUDIT_LOG_TYPE.DOCUMENT_GLOBAL_AUTH_ACCESS_UPDATED }, () => ({
      anonymous: msg({
        message: `Document access auth updated`,
        context: `Audit log format`,
      }),
-      identified: msg`${prefix} updated the document access auth requirements`,
+      you: msg`You updated the document access auth requirements`,
+      user: msg`${user} updated the document access auth requirements`,
    }))
    .with({ type: DOCUMENT_AUDIT_LOG_TYPE.DOCUMENT_GLOBAL_AUTH_ACTION_UPDATED }, () => ({
      anonymous: msg({
        message: `Document signing auth updated`,
        context: `Audit log format`,
      }),
-      identified: msg`${prefix} updated the document signing auth requirements`,
+      you: msg`You updated the document signing auth requirements`,
+      user: msg`${user} updated the document signing auth requirements`,
    }))
    .with({ type: DOCUMENT_AUDIT_LOG_TYPE.DOCUMENT_META_UPDATED }, () => ({
      anonymous: msg({
        message: `Document updated`,
        context: `Audit log format`,
      }),
-      identified: msg`${prefix} updated the document`,
+      you: msg`You updated the document`,
+      user: msg`${user} updated the document`,
    }))
    .with({ type: DOCUMENT_AUDIT_LOG_TYPE.DOCUMENT_OPENED }, () => ({
      anonymous: msg({
        message: `Document opened`,
        context: `Audit log format`,
      }),
-      identified: msg`${prefix} opened the document`,
+      you: msg`You opened the document`,
+      user: msg`${user} opened the document`,
    }))
    .with({ type: DOCUMENT_AUDIT_LOG_TYPE.DOCUMENT_VIEWED }, () => ({
      anonymous: msg({
        message: `Document viewed`,
        context: `Audit log format`,
      }),
-      identified: msg`${prefix} viewed the document`,
+      you: msg`You viewed the document`,
+      user: msg`${user} viewed the document`,
    }))
    .with({ type: DOCUMENT_AUDIT_LOG_TYPE.DOCUMENT_TITLE_UPDATED }, () => ({
      anonymous: msg({
        message: `Document title updated`,
        context: `Audit log format`,
      }),
-      identified: msg`${prefix} updated the document title`,
+      you: msg`You updated the document title`,
+      user: msg`${user} updated the document title`,
    }))
    .with({ type: DOCUMENT_AUDIT_LOG_TYPE.DOCUMENT_EXTERNAL_ID_UPDATED }, () => ({
      anonymous: msg({
        message: `Document external ID updated`,
        context: `Audit log format`,
      }),
-      identified: msg`${prefix} updated the document external ID`,
+      you: msg`You updated the document external ID`,
+      user: msg`${user} updated the document external ID`,
    }))
    .with({ type: DOCUMENT_AUDIT_LOG_TYPE.DOCUMENT_SENT }, () => ({
      anonymous: msg({
        message: `Document sent`,
        context: `Audit log format`,
      }),
-      identified: msg`${prefix} sent the document`,
+      you: msg`You sent the document`,
+      user: msg`${user} sent the document`,
    }))
    .with({ type: DOCUMENT_AUDIT_LOG_TYPE.DOCUMENT_MOVED_TO_TEAM }, () => ({
      anonymous: msg({
        message: `Document moved to team`,
        context: `Audit log format`,
      }),
-      identified: msg`${prefix} moved the document to team`,
+      you: msg`You moved the document to team`,
+      user: msg`${user} moved the document to team`,
    }))
    .with({ type: DOCUMENT_AUDIT_LOG_TYPE.DOCUMENT_RECIPIENT_COMPLETED }, ({ data }) => {
-      const userName = prefix || i18n._(msg`Recipient`);
-
-      const result = match(data.recipientRole)
-        .with(RecipientRole.SIGNER, () => msg`${userName} signed the document`)
-        .with(RecipientRole.VIEWER, () => msg`${userName} viewed the document`)
-        .with(RecipientRole.APPROVER, () => msg`${userName} approved the document`)
-        .with(RecipientRole.CC, () => msg`${userName} CC'd the document`)
-        .otherwise(() => msg`${userName} completed their task`);
-
-      return {
-        anonymous: result,
-        identified: result,
-      };
+      return match(data.recipientRole)
+        .with(RecipientRole.SIGNER, () => ({
+          anonymous: msg`Recipient signed the document`,
+          you: msg`You signed the document`,
+          user: msg`${user} signed the document`,
+        }))
+        .with(RecipientRole.VIEWER, () => ({
+          anonymous: msg`Recipient viewed the document`,
+          you: msg`You viewed the document`,
+          user: msg`${user} viewed the document`,
+        }))
+        .with(RecipientRole.APPROVER, () => ({
+          anonymous: msg`Recipient approved the document`,
+          you: msg`You approved the document`,
+          user: msg`${user} approved the document`,
+        }))
+        .with(RecipientRole.CC, () => ({
+          anonymous: msg`Recipient CC'd the document`,
+          you: msg`You CC'd the document`,
+          user: msg`${user} CC'd the document`,
+        }))
+        .otherwise(() => ({
+          anonymous: msg`Recipient completed their task`,
+          you: msg`You completed your task`,
+          user: msg`${user} completed their task`,
+        }));
    })
-    .with({ type: DOCUMENT_AUDIT_LOG_TYPE.DOCUMENT_RECIPIENT_REJECTED }, ({ data }) => {
-      const userName = prefix || i18n._(msg`Recipient`);
-
-      const result = msg`${userName} rejected the document`;
-
-      return {
-        anonymous: result,
-        identified: result,
-      };
-    })
-    .with({ type: DOCUMENT_AUDIT_LOG_TYPE.DOCUMENT_ACCESS_AUTH_2FA_REQUESTED }, ({ data }) => {
-      const userName = prefix || i18n._(msg`Recipient`);
-
-      const result = msg`${userName} requested a 2FA token for the document`;
-
-      return {
-        anonymous: result,
-        identified: result,
-      };
-    })
-    .with({ type: DOCUMENT_AUDIT_LOG_TYPE.DOCUMENT_ACCESS_AUTH_2FA_VALIDATED }, ({ data }) => {
-      const userName = prefix || i18n._(msg`Recipient`);
-
-      const result = msg`${userName} validated a 2FA token for the document`;
-
-      return {
-        anonymous: result,
-        identified: result,
-      };
-    })
-    .with({ type: DOCUMENT_AUDIT_LOG_TYPE.DOCUMENT_ACCESS_AUTH_2FA_FAILED }, ({ data }) => {
-      const userName = prefix || i18n._(msg`Recipient`);
-
-      const result = msg`${userName} failed to validate a 2FA token for the document`;
-
-      return {
-        anonymous: result,
-        identified: result,
-      };
-    })
-    .with({ type: DOCUMENT_AUDIT_LOG_TYPE.EMAIL_SENT }, ({ data }) => ({
-      anonymous: data.isResending ? msg`Email resent` : msg`Email sent`,
-      identified: data.isResending
-        ? msg`${prefix} resent an email to ${data.recipientEmail}`
-        : msg`${prefix} sent an email to ${data.recipientEmail}`,
+    .with({ type: DOCUMENT_AUDIT_LOG_TYPE.DOCUMENT_RECIPIENT_REJECTED }, () => ({
+      anonymous: msg`Recipient rejected the document`,
+      you: msg`You rejected the document`,
+      user: msg`${user} rejected the document`,
    }))
+    .with({ type: DOCUMENT_AUDIT_LOG_TYPE.DOCUMENT_ACCESS_AUTH_2FA_REQUESTED }, () => ({
+      anonymous: msg`Recipient requested a 2FA token for the document`,
+      you: msg`You requested a 2FA token for the document`,
+      user: msg`${user} requested a 2FA token for the document`,
+    }))
+    .with({ type: DOCUMENT_AUDIT_LOG_TYPE.DOCUMENT_ACCESS_AUTH_2FA_VALIDATED }, () => ({
+      anonymous: msg`Recipient validated a 2FA token for the document`,
+      you: msg`You validated a 2FA token for the document`,
+      user: msg`${user} validated a 2FA token for the document`,
+    }))
+    .with({ type: DOCUMENT_AUDIT_LOG_TYPE.DOCUMENT_ACCESS_AUTH_2FA_FAILED }, () => ({
+      anonymous: msg`Recipient failed to validate a 2FA token for the document`,
+      you: msg`You failed to validate a 2FA token for the document`,
+      user: msg`${user} failed to validate a 2FA token for the document`,
+    }))
+    .with({ type: DOCUMENT_AUDIT_LOG_TYPE.EMAIL_SENT }, ({ data }) => {
+      if (data.isResending) {
+        return {
+          anonymous: msg({
+            message: `Email resent`,
+            context: `Audit log format`,
+          }),
+          you: msg`You resent an email to ${data.recipientEmail}`,
+          user: msg`${user} resent an email to ${data.recipientEmail}`,
+        };
+      }
+      return {
+        anonymous: msg({
+          message: `Email sent`,
+          context: `Audit log format`,
+        }),
+        you: msg`You sent an email to ${data.recipientEmail}`,
+        user: msg`${user} sent an email to ${data.recipientEmail}`,
+      };
+    })
    .with({ type: DOCUMENT_AUDIT_LOG_TYPE.DOCUMENT_COMPLETED }, () => ({
-      anonymous: msg({
-        message: `Document completed`,
-        context: `Audit log format`,
-      }),
-      identified: msg({
-        message: `Document completed`,
-        context: `Audit log format`,
-      }),
+      anonymous: msg({ message: `Document completed`, context: `Audit log format` }),
+      you: msg({ message: `Document completed`, context: `Audit log format` }),
+      user: msg({ message: `Document completed`, context: `Audit log format` }),
    }))
    .with({ type: DOCUMENT_AUDIT_LOG_TYPE.ENVELOPE_ITEM_CREATED }, ({ data }) => ({
-      anonymous: msg`Envelope item created`,
-      identified: msg`${prefix} created an envelope item with title ${data.envelopeItemTitle}`,
-    }))
-    .with({ type: DOCUMENT_AUDIT_LOG_TYPE.ENVELOPE_ITEM_DELETED }, ({ data }) => ({
-      anonymous: msg`Envelope item deleted`,
-      identified: msg`${prefix} deleted an envelope item with title ${data.envelopeItemTitle}`,
-    }))
-    .with({ type: DOCUMENT_AUDIT_LOG_TYPE.DOCUMENT_DELEGATED_OWNER_CREATED }, ({ data }) => ({
      anonymous: msg({
-        message: `Document ownership delegated`,
+        message: `Envelope item created`,
        context: `Audit log format`,
      }),
-      identified: msg`The document ownership was delegated to ${data.delegatedOwnerName || data.delegatedOwnerEmail} on behalf of ${data.teamName}`,
+      you: msg`You created an envelope item with title ${data.envelopeItemTitle}`,
+      user: msg`${user} created an envelope item with title ${data.envelopeItemTitle}`,
    }))
+    .with({ type: DOCUMENT_AUDIT_LOG_TYPE.ENVELOPE_ITEM_DELETED }, ({ data }) => ({
+      anonymous: msg({
+        message: `Envelope item deleted`,
+        context: `Audit log format`,
+      }),
+      you: msg`You deleted an envelope item with title ${data.envelopeItemTitle}`,
+      user: msg`${user} deleted an envelope item with title ${data.envelopeItemTitle}`,
+    }))
+    .with({ type: DOCUMENT_AUDIT_LOG_TYPE.DOCUMENT_DELEGATED_OWNER_CREATED }, ({ data }) => {
+      const message = msg({
+        message: `The document ownership was delegated to ${data.delegatedOwnerName || data.delegatedOwnerEmail} on behalf of ${data.teamName}`,
+        context: `Audit log format`,
+      });
+      return {
+        anonymous: message,
+        you: message,
+        user: message,
+      };
+    })
    .exhaustive();

+  let selectedDescription = description.anonymous;
+
+  if (isCurrentUser) {
+    selectedDescription = description.you;
+  } else if (user) {
+    selectedDescription = description.user;
+  }
+
  return {
    prefix,
-    description: i18n._(prefix ? description.identified : description.anonymous),
+    description: i18n._(selectedDescription),
  };
 };
@@ -0,0 +1,107 @@
+import { Prisma } from '@prisma/client';
+
+import type { FindResultResponse } from '@documenso/lib/types/search-params';
+import { getHighestTeamRoleInGroup } from '@documenso/lib/utils/teams';
+import { prisma } from '@documenso/prisma';
+
+import { adminProcedure } from '../trpc';
+import { ZFindUserTeamsRequestSchema, ZFindUserTeamsResponseSchema } from './find-user-teams.types';
+
+export const findUserTeamsRoute = adminProcedure
+  .input(ZFindUserTeamsRequestSchema)
+  .output(ZFindUserTeamsResponseSchema)
+  .query(async ({ input }) => {
+    const { userId, query, page, perPage } = input;
+
+    return await findUserTeams({
+      userId,
+      query,
+      page,
+      perPage,
+    });
+  });
+
+type FindUserTeamsOptions = {
+  userId: number;
+  query?: string;
+  page?: number;
+  perPage?: number;
+};
+
+const findUserTeams = async ({ userId, query, page = 1, perPage = 10 }: FindUserTeamsOptions) => {
+  const whereClause: Prisma.TeamWhereInput = {
+    teamGroups: {
+      some: {
+        organisationGroup: {
+          organisationGroupMembers: {
+            some: {
+              organisationMember: {
+                userId,
+              },
+            },
+          },
+        },
+      },
+    },
+  };
+
+  if (query && query.length > 0) {
+    whereClause.name = {
+      contains: query,
+      mode: Prisma.QueryMode.insensitive,
+    };
+  }
+
+  const [data, count] = await Promise.all([
+    prisma.team.findMany({
+      where: whereClause,
+      skip: Math.max(page - 1, 0) * perPage,
+      take: perPage,
+      orderBy: {
+        createdAt: 'desc',
+      },
+      include: {
+        organisation: {
+          select: {
+            id: true,
+            name: true,
+            url: true,
+          },
+        },
+        teamGroups: {
+          where: {
+            organisationGroup: {
+              organisationGroupMembers: {
+                some: {
+                  organisationMember: {
+                    userId,
+                  },
+                },
+              },
+            },
+          },
+        },
+      },
+    }),
+    prisma.team.count({
+      where: whereClause,
+    }),
+  ]);
+
+  const mappedData = data.map((team) => ({
+    id: team.id,
+    name: team.name,
+    url: team.url,
+    createdAt: team.createdAt,
+    teamRole: getHighestTeamRoleInGroup(team.teamGroups),
+    organisation: team.organisation,
+  }));
+
+  return {
+    data: mappedData,
+    count,
+    currentPage: Math.max(page, 1),
+    perPage,
+    totalPages: Math.ceil(count / perPage),
+  } satisfies FindResultResponse<typeof mappedData>;
+};
@@ -0,0 +1,31 @@
+import { z } from 'zod';
+
+import { ZFindResultResponse, ZFindSearchParamsSchema } from '@documenso/lib/types/search-params';
+import { TeamMemberRoleSchema } from '@documenso/prisma/generated/zod/inputTypeSchemas/TeamMemberRoleSchema';
+import OrganisationSchema from '@documenso/prisma/generated/zod/modelSchema/OrganisationSchema';
+import TeamSchema from '@documenso/prisma/generated/zod/modelSchema/TeamSchema';
+
+export const ZFindUserTeamsRequestSchema = ZFindSearchParamsSchema.extend({
+  userId: z.number(),
+});
+
+export const ZFindUserTeamsResponseSchema = ZFindResultResponse.extend({
+  data: TeamSchema.pick({
+    id: true,
+    name: true,
+    url: true,
+    createdAt: true,
+  })
+    .extend({
+      teamRole: TeamMemberRoleSchema,
+      organisation: OrganisationSchema.pick({
+        id: true,
+        name: true,
+        url: true,
+      }),
+    })
+    .array(),
+});
+
+export type TFindUserTeamsRequest = z.infer<typeof ZFindUserTeamsRequestSchema>;
+export type TFindUserTeamsResponse = z.infer<typeof ZFindUserTeamsResponseSchema>;
@@ -12,6 +12,7 @@ import { findDocumentAuditLogsRoute } from './find-document-audit-logs';
 import { findDocumentJobsRoute } from './find-document-jobs';
 import { findDocumentsRoute } from './find-documents';
 import { findSubscriptionClaimsRoute } from './find-subscription-claims';
+import { findUserTeamsRoute } from './find-user-teams';
 import { getAdminOrganisationRoute } from './get-admin-organisation';
 import { getUserRoute } from './get-user';
 import { promoteMemberToOwnerRoute } from './promote-member-to-owner';
@@ -55,6 +56,7 @@ export const adminRouter = router({
    enable: enableUserRoute,
    disable: disableUserRoute,
    resetTwoFactor: resetTwoFactorRoute,
+    findTeams: findUserTeamsRoute,
  },
  document: {
    find: findDocumentsRoute,
@@ -37,7 +37,7 @@ const ZCreateFieldBaseSchema = ZEnvelopeFieldAndMetaSchema.and(
 /**
 * Position a field using explicit percentage-based coordinates.
 */
-const ZCoordinatePositionSchema = z.object({
+export const ZCoordinatePositionSchema = z.object({
  page: ZFieldPageNumberSchema,
  positionX: ZClampedFieldPositionXSchema,
  positionY: ZClampedFieldPositionYSchema,
@@ -52,7 +52,7 @@ const ZCoordinatePositionSchema = z.object({
 * placed at the bounding box of that match. Width and height can optionally be
 * overridden; when omitted the dimensions of the placeholder text are used.
 */
-const ZPlaceholderPositionSchema = z.object({
+export const ZPlaceholderPositionSchema = z.object({
  placeholder: z
    .string()
    .describe(
@@ -72,9 +72,10 @@ const ZPlaceholderPositionSchema = z.object({
    ),
 });

-const ZCreateFieldSchema = ZCreateFieldBaseSchema.and(
-  z.union([ZCoordinatePositionSchema, ZPlaceholderPositionSchema]),
-);
+const ZCreateFieldSchema = z.union([
+  ZCreateFieldBaseSchema.and(ZCoordinatePositionSchema),
+  ZCreateFieldBaseSchema.and(ZPlaceholderPositionSchema),
+]);

 export const ZCreateEnvelopeFieldsRequestSchema = z.object({
  envelopeId: z.string(),
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Lucas Smith	f3ec8ddc57	v2.6.1	2026-02-18 21:57:10 +11:00
Lucas Smith	9a66d0ebf6	fix: simplify openapi field schemas to fix SDK generation (#2503 )	2026-02-18 17:07:46 +11:00
Konrad	29622d3151	fix(i18n): mark strings inside div for translation (#2514 )	2026-02-18 13:50:42 +11:00
Lucas Smith	5de2527e54	fix: v2 embed direct templates not reading email/lockEmail from hash params (#2509 )	2026-02-18 13:35:04 +11:00
Lucas Smith	6fcf0a638c	chore: add translations (#2507 )	2026-02-17 11:31:37 +11:00
Louis Liu	ff9e6acb7a	fix(ui): clarify email settings labels (#2448 )	2026-02-16 17:00:24 +11:00
Lucas Smith	a60c6a90ab	chore: add translations (#2504 )	2026-02-16 16:10:43 +11:00
github-actions[bot]	f35c19d098	chore: extract translations (#2458 )	2026-02-16 14:34:33 +11:00
McMek590	cf8e21bf35	fix: create full sentences for document-signing-auth files (#2451 )	2026-02-16 13:30:36 +11:00
Jahangir Babar	3f7c4df1b1	fix: strip diacritics from team URL slug generation (#2489 )	2026-02-16 12:36:14 +11:00
Konrad	ca199e7885	fix(i18n): mark span strings for translation (#2494 )	2026-02-16 12:07:53 +11:00
Konrad	435d61ea57	fix(i18n): mark badge string for translation (#2495 )	2026-02-16 11:58:03 +11:00
Konrad	34f14ba69a	fix(i18n): mark tabs trigger strings for translation (#2496 )	2026-02-16 11:57:44 +11:00
Konrad	51916cd3f0	fix(i18n): mark DialogTitle string for translation (#2497 )	2026-02-16 11:57:23 +11:00
Konrad	f158305499	fix(i18n): mark paragraph strings for translation (#2498 )	2026-02-16 11:57:03 +11:00
Lucas Smith	2e3d22c856	fix: use instance-specific emails for service accounts (#2502 )	2026-02-16 11:52:19 +11:00
Ephraim Duncan	d66c330d46	fix: match cert and audit log page dimensions to source document (#2473 )	2026-02-12 18:25:11 +11:00
David Nguyen	9bcb240895	fix: revert canceled individual subscriptions to free claim (#2483 ) ## Description Resolves an issue where individual plan customers who cancel are not correctly put down to the free plan. To resolve this, we delete the subscription on the stripe subscription delete webhook. Since the customerId is stored on the organisation they can still access their old invoices.	2026-02-12 17:44:33 +11:00
David Nguyen	066e6bc847	fix: envelope editor flush race condition (#2482 ) ## Description Fixes a race condition in the envelope editor when opening "Send Document" immediately after moving/resizing a selected field Replication 1. Move or resize a field (do not blur the selector/quickbar that appears when a field is selected) 2. Directly click the "Send Document" dialog 3. Error appears Note: Step 2 needs to happen relatively fast after step 1 since this is a race against the flush debouncer --------- Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>	2026-02-12 16:32:26 +11:00
David Nguyen	0d65693d55	fix: highlight rejected certificate text (#2478 ) ## Description - Update the rejected certificate so that is it more clear on who rejected the document. - Updated the audit log generation so that the completed audit log is included ### Before <img width="681" height="597" alt="image" src="https://github.com/user-attachments/assets/3dab41c1-c86f-4555-8d50-3d9245be65d5" /> ### After Note that the order of the recipient is different in this case <img width="818" height="769" alt="image" src="https://github.com/user-attachments/assets/71f0ac12-5859-47b4-8980-2420ef949d18" /> --------- Co-authored-by: Copilot <198982749+Copilot@users.noreply.github.com> Co-authored-by: Lucas Smith <me@lucasjamessmith.me>	2026-02-12 16:06:43 +11:00
Lucas Smith	e3dee5e565	fix: auto placement field meta (#2480 )	2026-02-12 14:20:52 +11:00
Catalin Pit	f1c91c4951	fix: bulk actions improvements (#2440 )	2026-02-10 20:13:03 +11:00
Lucas Smith	a5ef1d23e6	feat: add team memberships section to admin user detail page (#2457 )	2026-02-09 17:35:22 +11:00
github-actions[bot]	d91414697d	chore: extract translations (#2429 )	2026-02-09 17:30:46 +11:00
Konrad	e222a872d2	fix(i18n): rewrite audit log messages to support correct grammar (#2455 )	2026-02-09 13:20:12 +11:00
Ephraim Duncan	e3b0087be6	feat: create plain customer (#2442 ) Co-authored-by: Catalin Pit <catalinpit@gmail.com>	2026-02-09 11:24:45 +11:00
Konrad	da89ce7c9a	fix(i18n): add localization context to dialog messages (#2452 )	2026-02-09 10:52:50 +11:00
Konrad	b762561f11	chore(i18n): add context to ambiguous message (#2454 )	2026-02-09 10:52:00 +11:00
Catalin Pit	9b190ef582	docs: add info callout for enterprise-only embedded authoring (#2443 )	2026-02-04 12:41:46 +11:00
Lucas Smith	1669216a91	fix: flatten pdf-lib form fields before sealing document (#2441 ) - Fixes checkbox fields not displaying correctly in sealed documents by calling `flatten()` on the pdf-lib form before saving	2026-02-03 14:24:23 +11:00
Lucas Smith	594a0f0c3f	fix: store formValues in database when creating document from template (#2437 )	2026-02-02 11:36:06 +11:00