feat: add formdata endpoints for documents,envelopes,templates

Adds the missing endpoints for documents, envelopes and templates supporting file uploads in a singular request. Also updates frontend components that would use the prior hidden endpoints.
feat: allow multipart requests for public api
2025-11-10 04:22:32 +10:00 · 2025-11-03 15:07:15 +11:00 · 2025-11-02 23:26:43 +11:00
34 changed files with 1414 additions and 356 deletions
--- a/apps/remix/app/components/dialogs/template-create-dialog.tsx
+++ b/apps/remix/app/components/dialogs/template-create-dialog.tsx
@ -7,9 +7,9 @@ import { FilePlus, Loader } from 'lucide-react';
 import { useNavigate } from 'react-router';

 import { useSession } from '@documenso/lib/client-only/providers/session';
-import { putPdfFile } from '@documenso/lib/universal/upload/put-file';
 import { formatTemplatesPath } from '@documenso/lib/utils/teams';
 import { trpc } from '@documenso/trpc/react';
+import type { TCreateTemplatePayloadSchema } from '@documenso/trpc/server/template-router/schema';
 import { Button } from '@documenso/ui/primitives/button';
 import {
  Dialog,
@ -54,13 +54,17 @@ export const TemplateCreateDialog = ({ folderId }: TemplateCreateDialogProps) =>
    setIsUploadingFile(true);

    try {
-      const response = await putPdfFile(file);
-
-      const { legacyTemplateId: id } = await createTemplate({
+      const payload = {
        title: file.name,
-        templateDocumentDataId: response.id,
        folderId: folderId,
-      });
+      } satisfies TCreateTemplatePayloadSchema;
+
+      const formData = new FormData();
+
+      formData.append('payload', JSON.stringify(payload));
+      formData.append('file', file);
+
+      const { envelopeId: id } = await createTemplate(formData);

      toast({
        title: _(msg`Template document uploaded`),
--- a/apps/remix/app/components/general/document/document-drop-zone-wrapper.tsx
+++ b/apps/remix/app/components/general/document/document-drop-zone-wrapper.tsx
@ -16,9 +16,9 @@ import { APP_DOCUMENT_UPLOAD_SIZE_LIMIT, IS_BILLING_ENABLED } from '@documenso/l
 import { DEFAULT_DOCUMENT_TIME_ZONE, TIME_ZONES } from '@documenso/lib/constants/time-zones';
 import { AppError, AppErrorCode } from '@documenso/lib/errors/app-error';
 import { megabytesToBytes } from '@documenso/lib/universal/unit-convertions';
-import { putPdfFile } from '@documenso/lib/universal/upload/put-file';
 import { formatDocumentsPath } from '@documenso/lib/utils/teams';
 import { trpc } from '@documenso/trpc/react';
+import type { TCreateDocumentPayloadSchema } from '@documenso/trpc/server/document-router/create-document.types';
 import { cn } from '@documenso/ui/lib/utils';
 import { useToast } from '@documenso/ui/primitives/use-toast';

@ -62,14 +62,18 @@ export const DocumentDropZoneWrapper = ({ children, className }: DocumentDropZon
    try {
      setIsLoading(true);

-      const response = await putPdfFile(file);
-
-      const { legacyDocumentId: id } = await createDocument({
+      const payload = {
        title: file.name,
-        documentDataId: response.id,
-        timezone: userTimezone, // Note: When migrating to v2 document upload remember to pass this through as a 'userTimezone' field.
+        timezone: userTimezone,
        folderId: folderId ?? undefined,
-      });
+      } satisfies TCreateDocumentPayloadSchema;
+
+      const formData = new FormData();
+
+      formData.append('payload', JSON.stringify(payload));
+      formData.append('file', file);
+
+      const { envelopeId: id } = await createDocument(formData);

      void refreshLimits();

--- a/apps/remix/app/components/general/document/document-upload-button.tsx
+++ b/apps/remix/app/components/general/document/document-upload-button.tsx
@ -13,9 +13,9 @@ import { useSession } from '@documenso/lib/client-only/providers/session';
 import { APP_DOCUMENT_UPLOAD_SIZE_LIMIT } from '@documenso/lib/constants/app';
 import { DEFAULT_DOCUMENT_TIME_ZONE, TIME_ZONES } from '@documenso/lib/constants/time-zones';
 import { AppError, AppErrorCode } from '@documenso/lib/errors/app-error';
-import { putPdfFile } from '@documenso/lib/universal/upload/put-file';
 import { formatDocumentsPath } from '@documenso/lib/utils/teams';
 import { trpc } from '@documenso/trpc/react';
+import type { TCreateDocumentPayloadSchema } from '@documenso/trpc/server/document-router/create-document.types';
 import { cn } from '@documenso/ui/lib/utils';
 import { DocumentDropzone } from '@documenso/ui/primitives/document-upload';
 import {
@ -73,14 +73,18 @@ export const DocumentUploadButton = ({ className }: DocumentUploadButtonProps) =
    try {
      setIsLoading(true);

-      const response = await putPdfFile(file);
-
-      const { legacyDocumentId: id } = await createDocument({
+      const payload = {
        title: file.name,
-        documentDataId: response.id,
        timezone: userTimezone,
        folderId: folderId ?? undefined,
-      });
+      } satisfies TCreateDocumentPayloadSchema;
+
+      const formData = new FormData();
+
+      formData.append('payload', JSON.stringify(payload));
+      formData.append('file', file);
+
+      const { envelopeId: id } = await createDocument(formData);

      void refreshLimits();

--- a/apps/remix/app/components/general/document/envelope-upload-button.tsx
+++ b/apps/remix/app/components/general/document/envelope-upload-button.tsx
@ -14,9 +14,9 @@ import { useSession } from '@documenso/lib/client-only/providers/session';
 import { APP_DOCUMENT_UPLOAD_SIZE_LIMIT } from '@documenso/lib/constants/app';
 import { TIME_ZONES } from '@documenso/lib/constants/time-zones';
 import { AppError, AppErrorCode } from '@documenso/lib/errors/app-error';
-import { putPdfFile } from '@documenso/lib/universal/upload/put-file';
 import { formatDocumentsPath, formatTemplatesPath } from '@documenso/lib/utils/teams';
 import { trpc } from '@documenso/trpc/react';
+import type { TCreateEnvelopePayload } from '@documenso/trpc/server/envelope-router/create-envelope.types';
 import { cn } from '@documenso/ui/lib/utils';
 import { DocumentDropzone } from '@documenso/ui/primitives/document-upload';
 import {
@ -78,35 +78,24 @@ export const EnvelopeUploadButton = ({ className, type, folderId }: EnvelopeUplo
    try {
      setIsLoading(true);

-      const result = await Promise.all(
-        files.map(async (file) => {
-          try {
-            const response = await putPdfFile(file);
-
-            return {
-              title: file.name,
-              documentDataId: response.id,
-            };
-          } catch (err) {
-            console.error(err);
-            throw new Error('Failed to upload document');
-          }
-        }),
-      );
-
-      const envelopeItemsToCreate = result.filter(
-        (item): item is { title: string; documentDataId: string } => item !== undefined,
-      );
-
-      const { id } = await createEnvelope({
+      const payload = {
        folderId,
        type,
        title: files[0].name,
-        items: envelopeItemsToCreate,
        meta: {
          timezone: userTimezone,
        },
-      }).catch((error) => {
+      } satisfies TCreateEnvelopePayload;
+
+      const formData = new FormData();
+
+      formData.append('payload', JSON.stringify(payload));
+
+      for (const file of files) {
+        formData.append('files', file);
+      }
+
+      const { id } = await createEnvelope(formData).catch((error) => {
        console.error(error);

        throw error;
--- a/apps/remix/app/components/general/template/template-drop-zone-wrapper.tsx
+++ b/apps/remix/app/components/general/template/template-drop-zone-wrapper.tsx
@ -10,9 +10,9 @@ import { match } from 'ts-pattern';

 import { APP_DOCUMENT_UPLOAD_SIZE_LIMIT } from '@documenso/lib/constants/app';
 import { megabytesToBytes } from '@documenso/lib/universal/unit-convertions';
-import { putPdfFile } from '@documenso/lib/universal/upload/put-file';
 import { formatTemplatesPath } from '@documenso/lib/utils/teams';
 import { trpc } from '@documenso/trpc/react';
+import type { TCreateTemplatePayloadSchema } from '@documenso/trpc/server/template-router/schema';
 import { cn } from '@documenso/ui/lib/utils';
 import { useToast } from '@documenso/ui/primitives/use-toast';

@ -40,13 +40,17 @@ export const TemplateDropZoneWrapper = ({ children, className }: TemplateDropZon
    try {
      setIsLoading(true);

-      const documentData = await putPdfFile(file);
-
-      const { legacyTemplateId: id } = await createTemplate({
+      const payload = {
        title: file.name,
-        templateDocumentDataId: documentData.id,
        folderId: folderId ?? undefined,
-      });
+      } satisfies TCreateTemplatePayloadSchema;
+
+      const formData = new FormData();
+
+      formData.append('payload', JSON.stringify(payload));
+      formData.append('file', file);
+
+      const { envelopeId: id } = await createTemplate(formData);

      toast({
        title: _(msg`Template uploaded`),
--- a/apps/remix/server/trpc/hono-trpc-open-api.ts
+++ b/apps/remix/server/trpc/hono-trpc-open-api.ts
@ -1,10 +1,10 @@
 import type { Context } from 'hono';
-import { createOpenApiFetchHandler } from 'trpc-to-openapi';

 import { API_V2_BETA_URL } from '@documenso/lib/constants/app';
 import { AppError, genericErrorCodeToTrpcErrorCodeMap } from '@documenso/lib/errors/app-error';
 import { createTrpcContext } from '@documenso/trpc/server/context';
 import { appRouter } from '@documenso/trpc/server/router';
+import { createOpenApiFetchHandler } from '@documenso/trpc/utils/openapi-fetch-handler';
 import { handleTrpcRouterError } from '@documenso/trpc/utils/trpc-error-handler';

 export const openApiTrpcServerHandler = async (c: Context) => {
--- a/package-lock.json
+++ b/package-lock.json
--- a/package.json
+++ b/package.json
@ -44,7 +44,7 @@
    "@commitlint/cli": "^17.7.1",
    "@commitlint/config-conventional": "^17.7.0",
    "@lingui/cli": "^5.2.0",
-    "@prisma/client": "^6.8.2",
+    "@prisma/client": "^6.18.0",
    "dotenv": "^16.5.0",
    "dotenv-cli": "^8.0.0",
    "eslint": "^8.40.0",
@ -54,11 +54,21 @@
    "nodemailer": "^6.10.1",
    "playwright": "1.52.0",
    "prettier": "^3.3.3",
-    "prisma": "^6.8.2",
+    "prisma": "^6.18.0",
    "prisma-extension-kysely": "^3.0.0",
    "prisma-kysely": "^1.8.0",
    "rimraf": "^5.0.1",
    "turbo": "^1.9.3",
+    "@trpc/client": "11.7.0",
+    "@trpc/react-query": "11.7.0",
+    "@trpc/server": "11.7.0",
+    "superjson": "^2.2.5",
+    "trpc-to-openapi": "2.4.0",
+    "zod-openapi": "^4.2.4",
+    "@ts-rest/core": "^3.52.1",
+    "@ts-rest/open-api": "^3.52.1",
+    "@ts-rest/serverless": "^3.52.1",
+    "zod-prisma-types": "3.3.5",
    "vite": "^6.3.5"
  },
  "name": "@documenso/root",
@ -76,12 +86,12 @@
    "mupdf": "^1.0.0",
    "react": "^18",
    "typescript": "5.6.2",
-    "zod": "3.24.1"
+    "zod": "^3.25.76"
  },
  "overrides": {
-    "zod": "3.24.1"
+    "zod": "^3.25.76"
  },
  "trigger.dev": {
    "endpointId": "documenso-app"
  }
-}
+}
--- a/packages/api/package.json
+++ b/packages/api/package.json
@ -17,14 +17,14 @@
  "dependencies": {
    "@documenso/lib": "*",
    "@documenso/prisma": "*",
-    "@ts-rest/core": "^3.30.5",
-    "@ts-rest/open-api": "^3.33.0",
-    "@ts-rest/serverless": "^3.30.5",
+    "@ts-rest/core": "^3.52.0",
+    "@ts-rest/open-api": "^3.52.0",
+    "@ts-rest/serverless": "^3.52.0",
    "@types/swagger-ui-react": "^5.18.0",
    "luxon": "^3.4.0",
-    "superjson": "^1.13.1",
+    "superjson": "^2.2.5",
    "swagger-ui-react": "^5.21.0",
    "ts-pattern": "^5.0.5",
-    "zod": "3.24.1"
+    "zod": "^3.25.76"
  }
 }
--- a/packages/auth/package.json
+++ b/packages/auth/package.json
@ -20,6 +20,6 @@
    "luxon": "^3.5.0",
    "nanoid": "^5.1.5",
    "ts-pattern": "^5.0.5",
-    "zod": "3.24.1"
+    "zod": "^3.25.76"
  }
 }
--- a/packages/ee/package.json
+++ b/packages/ee/package.json
@ -19,6 +19,6 @@
    "micro": "^10.0.1",
    "react": "^18",
    "ts-pattern": "^5.0.5",
-    "zod": "3.24.1"
+    "zod": "^3.25.76"
  }
 }
--- a/packages/lib/package.json
+++ b/packages/lib/package.json
@ -55,11 +55,11 @@
    "skia-canvas": "^3.0.8",
    "stripe": "^12.7.0",
    "ts-pattern": "^5.0.5",
-    "zod": "3.24.1"
+    "zod": "^3.25.76"
  },
  "devDependencies": {
    "@playwright/browser-chromium": "1.52.0",
    "@types/luxon": "^3.3.1",
    "@types/pg": "^8.11.4"
  }
-}
+}
--- a/packages/lib/server-only/envelope/create-envelope.ts
+++ b/packages/lib/server-only/envelope/create-envelope.ts
@ -16,11 +16,16 @@ import type { ApiRequestMetadata } from '@documenso/lib/universal/extract-reques
 import { nanoid, prefixedId } from '@documenso/lib/universal/id';
 import { createDocumentAuditLogData } from '@documenso/lib/utils/document-audit-logs';
 import { prisma } from '@documenso/prisma';
-import type { TCreateEnvelopeRequest } from '@documenso/trpc/server/envelope-router/create-envelope.types';

-import type { TDocumentAccessAuthTypes, TDocumentActionAuthTypes } from '../../types/document-auth';
+import type {
+  TDocumentAccessAuthTypes,
+  TDocumentActionAuthTypes,
+  TRecipientAccessAuthTypes,
+  TRecipientActionAuthTypes,
+} from '../../types/document-auth';
 import type { TDocumentFormValues } from '../../types/document-form-values';
 import type { TEnvelopeAttachmentType } from '../../types/envelope-attachment';
+import type { TFieldAndMeta } from '../../types/field-meta';
 import {
  ZWebhookDocumentSchema,
  mapEnvelopeToWebhookDocumentPayload,
@ -34,6 +39,25 @@ import { incrementDocumentId, incrementTemplateId } from '../envelope/increment-
 import { getTeamSettings } from '../team/get-team-settings';
 import { triggerWebhook } from '../webhooks/trigger/trigger-webhook';

+type CreateEnvelopeRecipientFieldOptions = TFieldAndMeta & {
+  documentDataId: string;
+  page: number;
+  positionX: number;
+  positionY: number;
+  width: number;
+  height: number;
+};
+
+type CreateEnvelopeRecipientOptions = {
+  email: string;
+  name: string;
+  role: RecipientRole;
+  signingOrder?: number;
+  accessAuth?: TRecipientAccessAuthTypes[];
+  actionAuth?: TRecipientActionAuthTypes[];
+  fields?: CreateEnvelopeRecipientFieldOptions[];
+};
+
 export type CreateEnvelopeOptions = {
  userId: number;
  teamId: number;
@ -56,7 +80,7 @@ export type CreateEnvelopeOptions = {
    visibility?: DocumentVisibility;
    globalAccessAuth?: TDocumentAccessAuthTypes[];
    globalActionAuth?: TDocumentActionAuthTypes[];
-    recipients?: TCreateEnvelopeRequest['recipients'];
+    recipients?: CreateEnvelopeRecipientOptions[];
    folderId?: string;
  };
  attachments?: Array<{
--- a/packages/lib/server-only/pdf/normalize-pdf.ts
+++ b/packages/lib/server-only/pdf/normalize-pdf.ts
@ -1,13 +1,22 @@
 import { PDFDocument } from '@cantoo/pdf-lib';

+import { AppError } from '../../errors/app-error';
 import { flattenAnnotations } from './flatten-annotations';
 import { flattenForm, removeOptionalContentGroups } from './flatten-form';

 export const normalizePdf = async (pdf: Buffer) => {
-  const pdfDoc = await PDFDocument.load(pdf).catch(() => null);
+  const pdfDoc = await PDFDocument.load(pdf).catch((e) => {
+    console.error(`PDF normalization error: ${e.message}`);

-  if (!pdfDoc) {
-    return pdf;
+    throw new AppError('INVALID_DOCUMENT_FILE', {
+      message: 'The document is not a valid PDF',
+    });
+  });
+
+  if (pdfDoc.isEncrypted) {
+    throw new AppError('INVALID_DOCUMENT_FILE', {
+      message: 'The document is encrypted',
+    });
  }

  removeOptionalContentGroups(pdfDoc);
--- a/packages/lib/universal/upload/put-file.server.ts
+++ b/packages/lib/universal/upload/put-file.server.ts
@ -7,6 +7,7 @@ import { env } from '@documenso/lib/utils/env';

 import { AppError } from '../../errors/app-error';
 import { createDocumentData } from '../../server-only/document-data/create-document-data';
+import { normalizePdf } from '../../server-only/pdf/normalize-pdf';
 import { uploadS3File } from './server-actions';

 type File = {
@ -43,6 +44,28 @@ export const putPdfFileServerSide = async (file: File) => {
  return await createDocumentData({ type, data });
 };

+/**
+ * Uploads a pdf file and normalizes it.
+ */
+export const putNormalizedPdfFileServerSide = async (file: File) => {
+  const buffer = Buffer.from(await file.arrayBuffer());
+
+  const normalized = await normalizePdf(buffer);
+
+  const fileName = file.name.endsWith('.pdf') ? file.name : `${file.name}.pdf`;
+
+  const documentData = await putFileServerSide({
+    name: fileName,
+    type: 'application/pdf',
+    arrayBuffer: async () => Promise.resolve(normalized),
+  });
+
+  return await createDocumentData({
+    type: documentData.type,
+    data: documentData.data,
+  });
+};
+
 /**
 * Uploads a file to the appropriate storage location.
 */
--- a/packages/prisma/package.json
+++ b/packages/prisma/package.json
@ -21,14 +21,14 @@
    "seed": "tsx ./seed-database.ts"
  },
  "dependencies": {
-    "@prisma/client": "^6.8.2",
+    "@prisma/client": "^6.18.0",
    "kysely": "0.26.3",
-    "prisma": "^6.8.2",
+    "prisma": "^6.18.0",
    "prisma-extension-kysely": "^3.0.0",
    "prisma-kysely": "^1.8.0",
-    "prisma-json-types-generator": "^3.2.2",
+    "prisma-json-types-generator": "^3.6.2",
    "ts-pattern": "^5.0.6",
-    "zod-prisma-types": "3.2.4"
+    "zod-prisma-types": "3.3.5"
  },
  "devDependencies": {
    "dotenv": "^16.5.0",
--- a/packages/prisma/schema.prisma
+++ b/packages/prisma/schema.prisma
@ -134,8 +134,8 @@ model Passkey {
  createdAt            DateTime  @default(now())
  updatedAt            DateTime  @default(now())
  lastUsedAt           DateTime?
-  credentialId         Bytes
-  credentialPublicKey  Bytes
+  credentialId         Bytes /// @zod.custom.use(z.instanceof(Uint8Array))
+  credentialPublicKey  Bytes /// @zod.custom.use(z.instanceof(Uint8Array))
  counter              BigInt
  credentialDeviceType String
  credentialBackedUp   Boolean
--- a/packages/trpc/client/index.ts
+++ b/packages/trpc/client/index.ts
@ -1,17 +1,23 @@
-import { createTRPCClient, httpBatchLink, httpLink, splitLink } from '@trpc/client';
-import SuperJSON from 'superjson';
+import {
+  createTRPCClient,
+  httpBatchLink,
+  httpLink,
+  isNonJsonSerializable,
+  splitLink,
+} from '@trpc/client';

 import { getBaseUrl } from '@documenso/lib/universal/get-base-url';

 import type { AppRouter } from '../server/router';
+import { dataTransformer } from '../utils/data-transformer';

 export const trpc = createTRPCClient<AppRouter>({
  links: [
    splitLink({
-      condition: (op) => op.context.skipBatch === true,
+      condition: (op) => op.context.skipBatch === true || isNonJsonSerializable(op.input),
      true: httpLink({
        url: `${getBaseUrl()}/api/trpc`,
-        transformer: SuperJSON,
+        transformer: dataTransformer,
        headers: (opts) => {
          if (typeof opts.op.context.teamId === 'string') {
            return {
@ -24,7 +30,7 @@ export const trpc = createTRPCClient<AppRouter>({
      }),
      false: httpBatchLink({
        url: `${getBaseUrl()}/api/trpc`,
-        transformer: SuperJSON,
+        transformer: dataTransformer,
        headers: (opts) => {
          const operationWithTeamId = opts.opList.find(
            (op) => op.context.teamId && typeof op.context.teamId === 'string',
--- a/packages/trpc/package.json
+++ b/packages/trpc/package.json
@ -12,15 +12,21 @@
  "dependencies": {
    "@documenso/lib": "*",
    "@documenso/prisma": "*",
-    "@tanstack/react-query": "5.59.15",
-    "@trpc/client": "11.0.0-rc.648",
-    "@trpc/react-query": "11.0.0-rc.648",
-    "@trpc/server": "11.0.0-rc.648",
-    "@ts-rest/core": "^3.30.5",
+    "@tanstack/react-query": "5.90.5",
+    "@trpc/client": "11.7.0",
+    "@trpc/react-query": "11.7.0",
+    "@trpc/server": "11.7.0",
+    "@ts-rest/core": "^3.52.0",
+    "formidable": "^3.5.4",
    "luxon": "^3.4.0",
-    "superjson": "^1.13.1",
-    "trpc-to-openapi": "2.0.4",
+    "superjson": "^2.2.5",
+    "trpc-to-openapi": "2.4.0",
    "ts-pattern": "^5.0.5",
-    "zod": "3.24.1"
+    "zod": "^3.25.76",
+    "zod-form-data": "^2.0.8",
+    "zod-openapi": "^4.2.4"
+  },
+  "devDependencies": {
+    "@types/formidable": "^3.4.6"
  }
 }
--- a/packages/trpc/react/index.tsx
+++ b/packages/trpc/react/index.tsx
@ -1,13 +1,13 @@
 import { useMemo, useState } from 'react';

 import { QueryClient, QueryClientProvider } from '@tanstack/react-query';
-import { httpBatchLink, httpLink, splitLink } from '@trpc/client';
+import { httpBatchLink, httpLink, isNonJsonSerializable, splitLink } from '@trpc/client';
 import { createTRPCReact } from '@trpc/react-query';
-import SuperJSON from 'superjson';

 import { getBaseUrl } from '@documenso/lib/universal/get-base-url';

 import type { AppRouter } from '../server/router';
+import { dataTransformer } from '../utils/data-transformer';

 export { getQueryKey } from '@trpc/react-query';

@ -44,16 +44,16 @@ export function TrpcProvider({ children, headers }: TrpcProviderProps) {
      trpc.createClient({
        links: [
          splitLink({
-            condition: (op) => op.context.skipBatch === true,
+            condition: (op) => op.context.skipBatch === true || isNonJsonSerializable(op.input),
            true: httpLink({
              url: `${getBaseUrl()}/api/trpc`,
              headers,
-              transformer: SuperJSON,
+              transformer: dataTransformer,
            }),
            false: httpBatchLink({
              url: `${getBaseUrl()}/api/trpc`,
              headers,
-              transformer: SuperJSON,
+              transformer: dataTransformer,
            }),
          }),
        ],
--- a/packages/trpc/server/document-router/create-document-formdata.ts
+++ b/packages/trpc/server/document-router/create-document-formdata.ts
@ -0,0 +1,136 @@
+import { EnvelopeType } from '@prisma/client';
+
+import { getServerLimits } from '@documenso/ee/server-only/limits/server';
+import { AppError, AppErrorCode } from '@documenso/lib/errors/app-error';
+import { createEnvelope } from '@documenso/lib/server-only/envelope/create-envelope';
+import { putPdfFileServerSide } from '@documenso/lib/universal/upload/put-file.server';
+import { mapSecondaryIdToDocumentId } from '@documenso/lib/utils/envelope';
+import { prisma } from '@documenso/prisma';
+
+import { authenticatedProcedure } from '../trpc';
+import {
+  ZCreateDocumentFormDataRequestSchema,
+  ZCreateDocumentFormDataResponseSchema,
+  createDocumentFormDataMeta,
+} from './create-document-formdata.types';
+
+/**
+ * Temporary endpoint for V2 Beta until we allow passthrough documents on create.
+ *
+ * @public
+ */
+export const createDocumentFormDataRoute = authenticatedProcedure
+  .meta(createDocumentFormDataMeta)
+  .input(ZCreateDocumentFormDataRequestSchema)
+  .output(ZCreateDocumentFormDataResponseSchema)
+  .mutation(async ({ input, ctx }) => {
+    const { teamId, user } = ctx;
+
+    const { payload, file } = input;
+
+    const {
+      title,
+      externalId,
+      visibility,
+      globalAccessAuth,
+      globalActionAuth,
+      recipients,
+      meta,
+      folderId,
+      attachments,
+    } = payload;
+
+    const { remaining } = await getServerLimits({ userId: user.id, teamId });
+
+    if (remaining.documents <= 0) {
+      throw new AppError(AppErrorCode.LIMIT_EXCEEDED, {
+        message: 'You have reached your document limit for this month. Please upgrade your plan.',
+        statusCode: 400,
+      });
+    }
+
+    const documentData = await putPdfFileServerSide(file);
+
+    const createdEnvelope = await createEnvelope({
+      userId: ctx.user.id,
+      teamId,
+      normalizePdf: false, // Not normalizing because of presigned URL.
+      internalVersion: 1,
+      data: {
+        type: EnvelopeType.DOCUMENT,
+        title,
+        externalId,
+        visibility,
+        globalAccessAuth,
+        globalActionAuth,
+        recipients: (recipients || []).map((recipient) => ({
+          ...recipient,
+          fields: (recipient.fields || []).map((field) => ({
+            ...field,
+            page: field.pageNumber,
+            positionX: field.pageX,
+            positionY: field.pageY,
+            documentDataId: documentData.id,
+          })),
+        })),
+        folderId,
+        envelopeItems: [
+          {
+            // If you ever allow more than 1 in this endpoint, make sure to use `maximumEnvelopeItemCount` to limit it.
+            documentDataId: documentData.id,
+          },
+        ],
+      },
+      attachments,
+      meta: {
+        ...meta,
+        emailSettings: meta?.emailSettings ?? undefined,
+      },
+      requestMetadata: ctx.metadata,
+    });
+
+    const envelopeItems = await prisma.envelopeItem.findMany({
+      where: {
+        envelopeId: createdEnvelope.id,
+      },
+      include: {
+        documentData: true,
+      },
+    });
+
+    const legacyDocumentId = mapSecondaryIdToDocumentId(createdEnvelope.secondaryId);
+
+    const firstDocumentData = envelopeItems[0].documentData;
+
+    if (!firstDocumentData) {
+      throw new Error('Document data not found');
+    }
+
+    return {
+      document: {
+        ...createdEnvelope,
+        envelopeId: createdEnvelope.id,
+        documentDataId: firstDocumentData.id,
+        documentData: {
+          ...firstDocumentData,
+          envelopeItemId: envelopeItems[0].id,
+        },
+        documentMeta: {
+          ...createdEnvelope.documentMeta,
+          documentId: legacyDocumentId,
+        },
+        id: legacyDocumentId,
+        fields: createdEnvelope.fields.map((field) => ({
+          ...field,
+          documentId: legacyDocumentId,
+          templateId: null,
+        })),
+        recipients: createdEnvelope.recipients.map((recipient) => ({
+          ...recipient,
+          documentId: legacyDocumentId,
+          templateId: null,
+        })),
+      },
+      folder: createdEnvelope.folder, // Todo: Remove this prior to api-v2 release.
+    };
+  });
--- a/packages/trpc/server/document-router/create-document-formdata.types.ts
+++ b/packages/trpc/server/document-router/create-document-formdata.types.ts
@ -0,0 +1,97 @@
+import { z } from 'zod';
+import { zfd } from 'zod-form-data';
+
+import { ZDocumentSchema } from '@documenso/lib/types/document';
+import {
+  ZDocumentAccessAuthTypesSchema,
+  ZDocumentActionAuthTypesSchema,
+} from '@documenso/lib/types/document-auth';
+import { ZDocumentFormValuesSchema } from '@documenso/lib/types/document-form-values';
+import { ZDocumentMetaCreateSchema } from '@documenso/lib/types/document-meta';
+import { ZEnvelopeAttachmentTypeSchema } from '@documenso/lib/types/envelope-attachment';
+import {
+  ZFieldHeightSchema,
+  ZFieldPageNumberSchema,
+  ZFieldPageXSchema,
+  ZFieldPageYSchema,
+  ZFieldWidthSchema,
+} from '@documenso/lib/types/field';
+import { ZFieldAndMetaSchema } from '@documenso/lib/types/field-meta';
+
+import { zodFormData } from '../../utils/zod-form-data';
+import { ZCreateRecipientSchema } from '../recipient-router/schema';
+import type { TrpcRouteMeta } from '../trpc';
+import {
+  ZDocumentExternalIdSchema,
+  ZDocumentTitleSchema,
+  ZDocumentVisibilitySchema,
+} from './schema';
+
+export const createDocumentFormDataMeta: TrpcRouteMeta = {
+  openapi: {
+    method: 'POST',
+    path: '/document/create/formdata',
+    contentTypes: ['multipart/form-data'],
+    summary: 'Create document',
+    description: 'Create a document using form data.',
+    tags: ['Document'],
+  },
+};
+
+const ZCreateDocumentFormDataPayloadRequestSchema = z.object({
+  title: ZDocumentTitleSchema,
+  externalId: ZDocumentExternalIdSchema.optional(),
+  visibility: ZDocumentVisibilitySchema.optional(),
+  globalAccessAuth: z.array(ZDocumentAccessAuthTypesSchema).optional(),
+  globalActionAuth: z.array(ZDocumentActionAuthTypesSchema).optional(),
+  formValues: ZDocumentFormValuesSchema.optional(),
+  folderId: z
+    .string()
+    .describe(
+      'The ID of the folder to create the document in. If not provided, the document will be created in the root folder.',
+    )
+    .optional(),
+  recipients: z
+    .array(
+      ZCreateRecipientSchema.extend({
+        fields: ZFieldAndMetaSchema.and(
+          z.object({
+            pageNumber: ZFieldPageNumberSchema,
+            pageX: ZFieldPageXSchema,
+            pageY: ZFieldPageYSchema,
+            width: ZFieldWidthSchema,
+            height: ZFieldHeightSchema,
+          }),
+        )
+          .array()
+          .optional(),
+      }),
+    )
+
+    .optional(),
+  attachments: z
+    .array(
+      z.object({
+        label: z.string().min(1, 'Label is required'),
+        data: z.string().url('Must be a valid URL'),
+        type: ZEnvelopeAttachmentTypeSchema.optional().default('link'),
+      }),
+    )
+    .optional(),
+  meta: ZDocumentMetaCreateSchema.optional(),
+});
+
+// !: Can't use zfd.formData() here because it receives `undefined`
+// !: somewhere in the pipeline of our openapi schema generation and throws
+// !: an error.
+export const ZCreateDocumentFormDataRequestSchema = zodFormData({
+  payload: zfd.json(ZCreateDocumentFormDataPayloadRequestSchema),
+  file: zfd.file(),
+});
+
+export const ZCreateDocumentFormDataResponseSchema = z.object({
+  document: ZDocumentSchema,
+});
+
+export type TCreateDocumentFormDataRequest = z.infer<typeof ZCreateDocumentFormDataRequestSchema>;
+export type TCreateDocumentFormDataResponse = z.infer<typeof ZCreateDocumentFormDataResponseSchema>;
--- a/packages/trpc/server/document-router/create-document.ts
+++ b/packages/trpc/server/document-router/create-document.ts
@ -3,6 +3,7 @@ import { EnvelopeType } from '@prisma/client';
 import { getServerLimits } from '@documenso/ee/server-only/limits/server';
 import { AppError, AppErrorCode } from '@documenso/lib/errors/app-error';
 import { createEnvelope } from '@documenso/lib/server-only/envelope/create-envelope';
+import { putNormalizedPdfFileServerSide } from '@documenso/lib/universal/upload/put-file.server';
 import { mapSecondaryIdToDocumentId } from '@documenso/lib/utils/envelope';

 import { authenticatedProcedure } from '../trpc';
@ -16,7 +17,12 @@ export const createDocumentRoute = authenticatedProcedure
  .output(ZCreateDocumentResponseSchema)
  .mutation(async ({ input, ctx }) => {
    const { user, teamId } = ctx;
-    const { title, documentDataId, timezone, folderId, attachments } = input;
+
+    const { payload, file } = input;
+
+    const { title, timezone, folderId, attachments } = payload;
+
+    const { id: documentDataId } = await putNormalizedPdfFileServerSide(file);

    ctx.logger.info({
      input: {
@ -55,6 +61,7 @@ export const createDocumentRoute = authenticatedProcedure
    });

    return {
+      envelopeId: document.id,
      legacyDocumentId: mapSecondaryIdToDocumentId(document.secondaryId),
    };
  });
--- a/packages/trpc/server/document-router/create-document.types.ts
+++ b/packages/trpc/server/document-router/create-document.types.ts
@ -1,23 +1,27 @@
 import { z } from 'zod';
+import { zfd } from 'zod-form-data';

 import { ZDocumentMetaTimezoneSchema } from '@documenso/lib/types/document-meta';
 import { ZEnvelopeAttachmentTypeSchema } from '@documenso/lib/types/envelope-attachment';

+import { zodFormData } from '../../utils/zod-form-data';
+import type { TrpcRouteMeta } from '../trpc';
 import { ZDocumentTitleSchema } from './schema';

 // Currently not in use until we allow passthrough documents on create.
-// export const createDocumentMeta: TrpcRouteMeta = {
-//   openapi: {
-//     method: 'POST',
-//     path: '/document/create',
-//     summary: 'Create document',
-//     tags: ['Document'],
-//   },
-// };
+export const createDocumentMeta: TrpcRouteMeta = {
+  openapi: {
+    method: 'POST',
+    path: '/document/create',
+    contentTypes: ['multipart/form-data'],
+    summary: 'Create document',
+    description: 'Create a document using form data.',
+    tags: ['Document'],
+  },
+};

-export const ZCreateDocumentRequestSchema = z.object({
+export const ZCreateDocumentPayloadSchema = z.object({
  title: ZDocumentTitleSchema,
-  documentDataId: z.string().min(1),
  timezone: ZDocumentMetaTimezoneSchema.optional(),
  folderId: z.string().describe('The ID of the folder to create the document in').optional(),
  attachments: z
@ -31,9 +35,16 @@ export const ZCreateDocumentRequestSchema = z.object({
    .optional(),
 });

+export const ZCreateDocumentRequestSchema = zodFormData({
+  payload: zfd.json(ZCreateDocumentPayloadSchema),
+  file: zfd.file(),
+});
+
 export const ZCreateDocumentResponseSchema = z.object({
+  envelopeId: z.string(),
  legacyDocumentId: z.number(),
 });

+export type TCreateDocumentPayloadSchema = z.infer<typeof ZCreateDocumentPayloadSchema>;
 export type TCreateDocumentRequest = z.infer<typeof ZCreateDocumentRequestSchema>;
 export type TCreateDocumentResponse = z.infer<typeof ZCreateDocumentResponseSchema>;
--- a/packages/trpc/server/document-router/router.ts
+++ b/packages/trpc/server/document-router/router.ts
@ -5,6 +5,7 @@ import { deleteAttachmentRoute } from './attachment/delete-attachment';
 import { findAttachmentsRoute } from './attachment/find-attachments';
 import { updateAttachmentRoute } from './attachment/update-attachment';
 import { createDocumentRoute } from './create-document';
+import { createDocumentFormDataRoute } from './create-document-formdata';
 import { createDocumentTemporaryRoute } from './create-document-temporary';
 import { deleteDocumentRoute } from './delete-document';
 import { distributeDocumentRoute } from './distribute-document';
@ -40,6 +41,7 @@ export const documentRouter = router({
  // Temporary v2 beta routes to be removed once V2 is fully released.
  download: downloadDocumentRoute,
  createDocumentTemporary: createDocumentTemporaryRoute,
+  createDocumentFormData: createDocumentFormDataRoute,

  // Internal document routes for custom frontend requests.
  getDocumentByToken: getDocumentByTokenRoute,
--- a/packages/trpc/server/envelope-router/create-envelope.ts
+++ b/packages/trpc/server/envelope-router/create-envelope.ts
@ -1,6 +1,7 @@
 import { getServerLimits } from '@documenso/ee/server-only/limits/server';
 import { AppError, AppErrorCode } from '@documenso/lib/errors/app-error';
 import { createEnvelope } from '@documenso/lib/server-only/envelope/create-envelope';
+import { putNormalizedPdfFileServerSide } from '@documenso/lib/universal/upload/put-file.server';

 import { authenticatedProcedure } from '../trpc';
 import {
@ -13,6 +14,9 @@ export const createEnvelopeRoute = authenticatedProcedure
  .output(ZCreateEnvelopeResponseSchema)
  .mutation(async ({ input, ctx }) => {
    const { user, teamId } = ctx;
+
+    const { payload, files } = input;
+
    const {
      title,
      type,
@ -22,10 +26,9 @@ export const createEnvelopeRoute = authenticatedProcedure
      globalActionAuth,
      recipients,
      folderId,
-      items,
      meta,
      attachments,
-    } = input;
+    } = payload;

    ctx.logger.info({
      input: {
@ -45,13 +48,62 @@ export const createEnvelopeRoute = authenticatedProcedure
      });
    }

-    if (items.length > maximumEnvelopeItemCount) {
+    if (files.length > maximumEnvelopeItemCount) {
      throw new AppError('ENVELOPE_ITEM_LIMIT_EXCEEDED', {
        message: `You cannot upload more than ${maximumEnvelopeItemCount} envelope items per envelope`,
        statusCode: 400,
      });
    }

+    // For each file, stream to s3 and create the document data.
+    const envelopeItems = await Promise.all(
+      files.map(async (file) => {
+        const { id: documentDataId } = await putNormalizedPdfFileServerSide(file);
+
+        return {
+          title: file.name,
+          documentDataId,
+        };
+      }),
+    );
+
+    const recipientsToCreate = recipients?.map((recipient) => ({
+      email: recipient.email,
+      name: recipient.name,
+      role: recipient.role,
+      signingOrder: recipient.signingOrder,
+      accessAuth: recipient.accessAuth,
+      actionAuth: recipient.actionAuth,
+      fields: recipient.fields?.map((field) => {
+        let documentDataId: string | undefined = undefined;
+
+        if (typeof field.identifier === 'string') {
+          documentDataId = envelopeItems.find(
+            (item) => item.title === field.identifier,
+          )?.documentDataId;
+        }
+
+        if (typeof field.identifier === 'number') {
+          documentDataId = envelopeItems.at(field.identifier)?.documentDataId;
+        }
+
+        if (field.identifier === undefined) {
+          documentDataId = envelopeItems[0]?.documentDataId;
+        }
+
+        if (!documentDataId) {
+          throw new AppError(AppErrorCode.NOT_FOUND, {
+            message: 'Document data not found',
+          });
+        }
+
+        return {
+          ...field,
+          documentDataId,
+        };
+      }),
+    }));
+
    const envelope = await createEnvelope({
      userId: user.id,
      teamId,
@ -63,9 +115,9 @@ export const createEnvelopeRoute = authenticatedProcedure
        visibility,
        globalAccessAuth,
        globalActionAuth,
-        recipients,
+        recipients: recipientsToCreate,
        folderId,
-        envelopeItems: items,
+        envelopeItems,
      },
      attachments,
      meta,
--- a/packages/trpc/server/envelope-router/create-envelope.types.ts
+++ b/packages/trpc/server/envelope-router/create-envelope.types.ts
@ -1,5 +1,6 @@
 import { EnvelopeType } from '@prisma/client';
 import { z } from 'zod';
+import { zfd } from 'zod-form-data';

 import {
  ZDocumentAccessAuthTypesSchema,
@ -17,24 +18,28 @@ import {
 } from '@documenso/lib/types/field';
 import { ZFieldAndMetaSchema } from '@documenso/lib/types/field-meta';

+import { zodFormData } from '../../utils/zod-form-data';
 import {
  ZDocumentExternalIdSchema,
  ZDocumentTitleSchema,
  ZDocumentVisibilitySchema,
 } from '../document-router/schema';
 import { ZCreateRecipientSchema } from '../recipient-router/schema';
+import type { TrpcRouteMeta } from '../trpc';

 // Currently not in use until we allow passthrough documents on create.
-// export const createEnvelopeMeta: TrpcRouteMeta = {
-//   openapi: {
-//     method: 'POST',
-//     path: '/envelope/create',
-//     summary: 'Create envelope',
-//     tags: ['Envelope'],
-//   },
-// };
+export const createEnvelopeMeta: TrpcRouteMeta = {
+  openapi: {
+    method: 'POST',
+    path: '/envelope/create',
+    contentTypes: ['multipart/form-data'],
+    summary: 'Create envelope',
+    description: 'Create a envelope using form data.',
+    tags: ['Envelope'],
+  },
+};

-export const ZCreateEnvelopeRequestSchema = z.object({
+export const ZCreateEnvelopePayloadSchema = z.object({
  title: ZDocumentTitleSchema,
  type: z.nativeEnum(EnvelopeType),
  externalId: ZDocumentExternalIdSchema.optional(),
@ -42,12 +47,6 @@ export const ZCreateEnvelopeRequestSchema = z.object({
  globalAccessAuth: z.array(ZDocumentAccessAuthTypesSchema).optional(),
  globalActionAuth: z.array(ZDocumentActionAuthTypesSchema).optional(),
  formValues: ZDocumentFormValuesSchema.optional(),
-  items: z
-    .object({
-      title: ZDocumentTitleSchema.optional(),
-      documentDataId: z.string(),
-    })
-    .array(),
  folderId: z
    .string()
    .describe(
@ -59,11 +58,12 @@ export const ZCreateEnvelopeRequestSchema = z.object({
      ZCreateRecipientSchema.extend({
        fields: ZFieldAndMetaSchema.and(
          z.object({
-            documentDataId: z
-              .string()
+            identifier: z
+              .union([z.string(), z.number()])
              .describe(
-                'The ID of the document data to create the field on. If empty, the first document data will be used.',
-              ),
+                'Either the filename or the index of the file that was uploaded to attach the field to.',
+              )
+              .optional(),
            page: ZFieldPageNumberSchema,
            positionX: ZFieldPageXSchema,
            positionY: ZFieldPageYSchema,
@ -88,9 +88,15 @@ export const ZCreateEnvelopeRequestSchema = z.object({
    .optional(),
 });

+export const ZCreateEnvelopeRequestSchema = zodFormData({
+  payload: zfd.json(ZCreateEnvelopePayloadSchema),
+  files: zfd.repeatableOfType(zfd.file()),
+});
+
 export const ZCreateEnvelopeResponseSchema = z.object({
  id: z.string(),
 });

+export type TCreateEnvelopePayload = z.infer<typeof ZCreateEnvelopePayloadSchema>;
 export type TCreateEnvelopeRequest = z.infer<typeof ZCreateEnvelopeRequestSchema>;
 export type TCreateEnvelopeResponse = z.infer<typeof ZCreateEnvelopeResponseSchema>;
--- a/packages/trpc/server/template-router/router.ts
+++ b/packages/trpc/server/template-router/router.ts
@ -21,6 +21,7 @@ import { deleteTemplateDirectLink } from '@documenso/lib/server-only/template/de
 import { findTemplates } from '@documenso/lib/server-only/template/find-templates';
 import { getTemplateById } from '@documenso/lib/server-only/template/get-template-by-id';
 import { toggleTemplateDirectLink } from '@documenso/lib/server-only/template/toggle-template-direct-link';
+import { putNormalizedPdfFileServerSide } from '@documenso/lib/universal/upload/put-file.server';
 import { getPresignPostUrl } from '@documenso/lib/universal/upload/server-actions';
 import { mapSecondaryIdToTemplateId } from '@documenso/lib/utils/envelope';
 import { mapFieldToLegacyField } from '@documenso/lib/utils/fields';
@ -159,20 +160,27 @@ export const templateRouter = router({
   * @private
   */
  createTemplate: authenticatedProcedure
-    // .meta({ // Note before releasing this to public, update the response schema to be correct.
-    //   openapi: {
-    //     method: 'POST',
-    //     path: '/template/create',
-    //     summary: 'Create template',
-    //     description: 'Create a new template',
-    //     tags: ['Template'],
-    //   },
-    // })
+    .meta({
+      // Note before releasing this to public, update the response schema to be correct.
+      openapi: {
+        method: 'POST',
+        path: '/template/create',
+        contentTypes: ['multipart/form-data'],
+        summary: 'Create template',
+        description: 'Create a new template',
+        tags: ['Template'],
+      },
+    })
    .input(ZCreateTemplateMutationSchema)
    .output(ZCreateTemplateResponseSchema)
    .mutation(async ({ input, ctx }) => {
      const { teamId } = ctx;
-      const { title, templateDocumentDataId, folderId } = input;
+
+      const { payload, file } = input;
+
+      const { title, folderId } = payload;
+
+      const { id: templateDocumentDataId } = await putNormalizedPdfFileServerSide(file);

      ctx.logger.info({
        input: {
@ -198,6 +206,7 @@ export const templateRouter = router({
      });

      return {
+        envelopeId: envelope.id,
        legacyTemplateId: mapSecondaryIdToTemplateId(envelope.secondaryId),
      };
    }),
--- a/packages/trpc/server/template-router/schema.ts
+++ b/packages/trpc/server/template-router/schema.ts
@ -1,5 +1,6 @@
 import { DocumentSigningOrder, DocumentVisibility, TemplateType } from '@prisma/client';
 import { z } from 'zod';
+import { zfd } from 'zod-form-data';

 import { ZDocumentSchema } from '@documenso/lib/types/document';
 import {
@ -29,6 +30,7 @@ import {
 } from '@documenso/lib/types/template';
 import { LegacyTemplateDirectLinkSchema } from '@documenso/prisma/types/template-legacy-schema';

+import { zodFormData } from '../../utils/zod-form-data';
 import { ZSignFieldWithTokenMutationSchema } from '../field-router/schema';

 export const MAX_TEMPLATE_PUBLIC_TITLE_LENGTH = 50;
@ -77,12 +79,16 @@ export const ZTemplateMetaUpsertSchema = z.object({
  allowDictateNextSigner: z.boolean().optional(),
 });

-export const ZCreateTemplateMutationSchema = z.object({
+export const ZCreateTemplatePayloadSchema = z.object({
  title: z.string().min(1).trim(),
-  templateDocumentDataId: z.string().min(1),
  folderId: z.string().optional(),
 });

+export const ZCreateTemplateMutationSchema = zodFormData({
+  payload: zfd.json(ZCreateTemplatePayloadSchema),
+  file: zfd.file(),
+});
+
 export const ZCreateDocumentFromDirectTemplateRequestSchema = z.object({
  directRecipientName: z.string().max(255).optional(),
  directRecipientEmail: z.string().email().max(254),
@ -218,6 +224,7 @@ export const ZCreateTemplateV2ResponseSchema = z.object({
 });

 export const ZCreateTemplateResponseSchema = z.object({
+  envelopeId: z.string(),
  legacyTemplateId: z.number(),
 });

@ -267,6 +274,7 @@ export const ZBulkSendTemplateMutationSchema = z.object({
  sendImmediately: z.boolean(),
 });

+export type TCreateTemplatePayloadSchema = z.infer<typeof ZCreateTemplatePayloadSchema>;
 export type TCreateTemplateMutationSchema = z.infer<typeof ZCreateTemplateMutationSchema>;
 export type TDuplicateTemplateMutationSchema = z.infer<typeof ZDuplicateTemplateMutationSchema>;
 export type TDeleteTemplateMutationSchema = z.infer<typeof ZDeleteTemplateMutationSchema>;
--- a/packages/trpc/server/trpc.ts
+++ b/packages/trpc/server/trpc.ts
@ -1,5 +1,4 @@
 import { TRPCError, initTRPC } from '@trpc/server';
-import SuperJSON from 'superjson';
 import type { AnyZodObject } from 'zod';

 import { AppError, genericErrorCodeToTrpcErrorCodeMap } from '@documenso/lib/errors/app-error';
@ -9,6 +8,7 @@ import type { ApiRequestMetadata } from '@documenso/lib/universal/extract-reques
 import { alphaid } from '@documenso/lib/universal/id';
 import { isAdmin } from '@documenso/lib/utils/is-admin';

+import { dataTransformer } from '../utils/data-transformer';
 import type { TrpcContext } from './context';

 // Can't import type from trpc-to-openapi because it breaks build, not sure why.
@ -35,7 +35,7 @@ const t = initTRPC
  .meta<TrpcRouteMeta>()
  .context<TrpcContext>()
  .create({
-    transformer: SuperJSON,
+    transformer: dataTransformer,
    errorFormatter(opts) {
      const { shape, error } = opts;

--- a/packages/trpc/utils/data-transformer.ts
+++ b/packages/trpc/utils/data-transformer.ts
@ -0,0 +1,17 @@
+import type { DataTransformer } from '@trpc/server';
+import SuperJSON from 'superjson';
+
+export const dataTransformer: DataTransformer = {
+  // eslint-disable-next-line @typescript-eslint/no-explicit-any
+  serialize: (data: any) => {
+    if (data instanceof FormData) {
+      return data;
+    }
+
+    return SuperJSON.serialize(data);
+  },
+  // eslint-disable-next-line @typescript-eslint/no-explicit-any
+  deserialize: (data: any) => {
+    return SuperJSON.deserialize(data);
+  },
+};
--- a/packages/trpc/utils/openapi-fetch-handler.ts
+++ b/packages/trpc/utils/openapi-fetch-handler.ts
@ -0,0 +1,202 @@
+import { TRPCError } from '@trpc/server';
+import type { FetchHandlerOptions } from '@trpc/server/adapters/fetch';
+import type { ServerResponse } from 'node:http';
+import { type OpenApiRouter, createOpenApiNodeHttpHandler } from 'trpc-to-openapi';
+
+const CONTENT_TYPE_JSON = 'application/json';
+const CONTENT_TYPE_URLENCODED = 'application/x-www-form-urlencoded';
+const CONTENT_TYPE_MULTIPART = 'multipart/form-data';
+
+const getUrlEncodedBody = async (req: Request) => {
+  const params = new URLSearchParams(await req.text());
+
+  const data: Record<string, unknown> = {};
+
+  for (const key of params.keys()) {
+    data[key] = params.getAll(key);
+  }
+
+  return data;
+};
+
+const getMultipartBody = async (req: Request) => {
+  const formData = await req.formData();
+
+  const data: Record<string, unknown> = {};
+
+  for (const key of formData.keys()) {
+    const values = formData.getAll(key);
+
+    // Return array for multiple values, single value otherwise (matches URL-encoded behavior)
+    data[key] = values.length > 1 ? values : values[0];
+  }
+
+  return data;
+};
+/**
+ * Parses the request body based on its content type.
+ *
+ * Handles JSON, URL-encoded, and multipart/form-data requests.
+ * For multipart requests, converts FormData to a plain object (similar to URL-encoded)
+ * so it can be validated by tRPC schemas. The content-type header is rewritten
+ * later to prevent downstream parsing issues.
+ */
+const getRequestBody = async (req: Request) => {
+  try {
+    const contentType = req.headers.get('content-type') || '';
+
+    if (contentType.includes(CONTENT_TYPE_JSON)) {
+      return {
+        isValid: true,
+        // Use JSON.parse instead of req.json() because req.json() does not throw on invalid JSON
+        data: JSON.parse(await req.text()),
+      };
+    }
+
+    if (contentType.includes(CONTENT_TYPE_URLENCODED)) {
+      return {
+        isValid: true,
+        data: await getUrlEncodedBody(req),
+      };
+    }
+
+    // Handle multipart/form-data by parsing as FormData and converting to a plain object.
+    // This mirrors how URL-encoded data is structured, allowing tRPC to validate it normally.
+    // The content-type header is rewritten to application/json later via the request proxy
+    // because createOpenApiNodeHttpHandler aborts on any bodied request that isn't application/json.
+    if (contentType.includes(CONTENT_TYPE_MULTIPART)) {
+      return {
+        isValid: true,
+        data: await getMultipartBody(req),
+      };
+    }
+
+    return {
+      isValid: true,
+      data: req.body,
+    };
+  } catch (err) {
+    return {
+      isValid: false,
+      cause: err,
+    };
+  }
+};
+
+/**
+ * Creates a proxy around the original Request that intercepts property access
+ * to transform the request for compatibility with the Node HTTP handler.
+ *
+ * Key transformations:
+ * - Parses and provides the body as a plain object (handles multipart/form-data conversion)
+ * - Rewrites content-type header for multipart requests to application/json
+ *   (required because createOpenApiNodeHttpHandler aborts on non-JSON bodied requests)
+ */
+const createRequestProxy = async (req: Request, url?: string) => {
+  const body = await getRequestBody(req);
+
+  const originalContentType = req.headers.get('content-type') || '';
+
+  const isMultipart = originalContentType.includes(CONTENT_TYPE_MULTIPART);
+
+  return new Proxy(req, {
+    get: (target, prop) => {
+      switch (prop) {
+        case 'url':
+          return url ?? target.url;
+
+        case 'body': {
+          if (!body.isValid) {
+            throw new TRPCError({
+              code: 'PARSE_ERROR',
+              message: 'Failed to parse request body',
+              cause: body.cause,
+            });
+          }
+
+          return body.data;
+        }
+
+        case 'headers': {
+          const headers = new Headers(target.headers);
+
+          // Rewrite content-type header for multipart requests to application/json.
+          // This is necessary because `createOpenApiNodeHttpHandler` aborts on any bodied
+          // request that isn't application/json. Since we've already parsed the multipart
+          // data into a plain object above, this is safe to do.
+          if (isMultipart) {
+            headers.set('content-type', CONTENT_TYPE_JSON);
+          }
+
+          return headers;
+        }
+
+        default:
+          // eslint-disable-next-line @typescript-eslint/consistent-type-assertions, @typescript-eslint/no-explicit-any
+          return (target as unknown as Record<string | number | symbol, unknown>)[prop];
+      }
+    },
+  });
+};
+
+export type CreateOpenApiFetchHandlerOptions<TRouter extends OpenApiRouter> = Omit<
+  FetchHandlerOptions<TRouter>,
+  'batching'
+> & {
+  req: Request;
+  endpoint: `/${string}`;
+};
+
+export const createOpenApiFetchHandler = async <TRouter extends OpenApiRouter>(
+  opts: CreateOpenApiFetchHandlerOptions<TRouter>,
+): Promise<Response> => {
+  const resHeaders = new Headers();
+  const url = new URL(opts.req.url.replace(opts.endpoint, ''));
+  const req: Request = await createRequestProxy(opts.req, url.toString());
+
+  // @ts-expect-error Inherited from original fetch handler in `trpc-to-openapi`
+  const openApiHttpHandler = createOpenApiNodeHttpHandler(opts);
+
+  return new Promise<Response>((resolve) => {
+    let statusCode: number;
+
+    // Create a mock ServerResponse object that bridges Node HTTP APIs with Fetch API Response.
+    // This allows the Node HTTP handler to work with Fetch API Request objects.
+    // eslint-disable-next-line @typescript-eslint/consistent-type-assertions
+    const res = {
+      setHeader: (key: string, value: string | readonly string[]) => {
+        if (typeof value === 'string') {
+          resHeaders.set(key, value);
+        } else {
+          for (const v of value) {
+            resHeaders.append(key, v);
+          }
+        }
+      },
+      get statusCode() {
+        return statusCode;
+      },
+      set statusCode(code: number) {
+        statusCode = code;
+      },
+      end: (body: string) => {
+        resolve(
+          new Response(body, {
+            headers: resHeaders,
+            status: statusCode,
+          }),
+        );
+      },
+    } as ServerResponse;
+
+    // Type assertions are necessary here for interop between Fetch API Request/Response
+    // and Node HTTP IncomingMessage/ServerResponse types.
+    // eslint-disable-next-line @typescript-eslint/consistent-type-assertions
+    const nodeReq = req as unknown as Parameters<typeof openApiHttpHandler>[0];
+
+    // eslint-disable-next-line @typescript-eslint/consistent-type-assertions
+    const nodeRes = res as unknown as Parameters<typeof openApiHttpHandler>[1];
+
+    void openApiHttpHandler(nodeReq, nodeRes);
+  });
+};
--- a/packages/trpc/utils/zod-form-data.ts
+++ b/packages/trpc/utils/zod-form-data.ts
@ -0,0 +1,32 @@
+import type { ZodRawShape } from 'zod';
+import z from 'zod';
+
+/**
+ * This helper takes the place of the `z.object` at the root of your schema.
+ * It wraps your schema in a `z.preprocess` that extracts all the data out of a `FormData`
+ * and transforms it into a regular object.
+ * If the `FormData` contains multiple entries with the same field name,
+ * it will automatically turn that field into an array.
+ *
+ * This is used instead of `zfd.formData()` because it receives `undefined`
+ * somewhere in the pipeline of our openapi schema generation and throws
+ * an error. This provides the same functionality as `zfd.formData()` but
+ * can be considered somewhat safer.
+ */
+export const zodFormData = <T extends ZodRawShape>(schema: T) => {
+  return z.preprocess((data) => {
+    if (data instanceof FormData) {
+      const formData: Record<string, unknown> = {};
+
+      for (const key of data.keys()) {
+        const values = data.getAll(key);
+
+        formData[key] = values.length > 1 ? values : values[0];
+      }
+
+      return formData;
+    }
+
+    return data;
+  }, z.object(schema));
+};
--- a/packages/ui/package.json
+++ b/packages/ui/package.json
@ -78,6 +78,6 @@
    "tailwind-merge": "^1.12.0",
    "tailwindcss-animate": "^1.0.5",
    "ts-pattern": "^5.0.5",
-    "zod": "3.24.1"
+    "zod": "^3.25.76"
  }
 }