Initial plan

Co-authored-by: Catalin Pit <catalinpit@gmail.com>

.agents/plans/bold-emerald-earth-pdf-placeholder-field-positioning.md

@@ -0,0 +1,161 @@
+---
+date: 2026-01-28
+title: Pdf Placeholder Field Positioning
+---
+
+## Overview
+
+This feature enables automatic field placement in PDFs using placeholder text, eliminating the need for manual coordinate-based positioning. It supports two complementary workflows:
+
+1. **Automatic detection on upload** - PDFs containing structured placeholders like `{{signature, r1}}` have fields created automatically when uploaded
+2. **API placeholder positioning** - Developers can reference any text in a PDF to position fields instead of calculating coordinates
+
+## Goals
+
+- Allow users to prepare documents in Word/Google Docs with placeholders that become signature fields
+- Reduce friction for document preparation workflows
+- Provide API developers with a simpler alternative to coordinate-based field positioning
+- Support documents with repeated placeholders (e.g., initials on every page)
+
+## Placeholder Format (Automatic Detection)
+
+```
+{{FIELD_TYPE, RECIPIENT, option1=value1, option2=value2}}
+```
+
+### Components
+
+- **FIELD_TYPE** (required): One of `signature`, `initials`, `name`, `email`, `date`, `text`, `number`, `radio`, `checkbox`, `dropdown`
+- **RECIPIENT** (required): `r1`, `r2`, `r3`, etc. - identifies which recipient the field belongs to
+- **OPTIONS** (optional): Key-value pairs like `required=true`, `fontSize=14`, `readOnly=true`
+
+### Examples
+
+- `{{signature, r1}}` - Signature field for first recipient
+- `{{text, r1, required=true, label=Company Name}}` - Required text field with label
+- `{{number, r2, minValue=0, maxValue=100}}` - Number field with validation
+
+### Behavior
+
+- Placeholders without recipient identifiers (e.g., `{{signature}}`) are skipped during automatic detection - reserved for API use
+- Invalid field types are silently skipped
+- Placeholder text is covered with white rectangles after field creation
+
+## API Placeholder Positioning
+
+The `/api/v2/envelope/field/create-many` endpoint accepts `placeholder` as an alternative to coordinates:
+
+```json
+{
+  "recipientId": 123,
+  "type": "SIGNATURE",
+  "placeholder": "{{signature}}"
+}
+```
+
+### Parameters
+
+| Parameter     | Type    | Description                                  |
+| ------------- | ------- | -------------------------------------------- |
+| `placeholder` | string  | Text to search for in the PDF                |
+| `width`       | number  | Optional override (percentage)               |
+| `height`      | number  | Optional override (percentage)               |
+| `matchAll`    | boolean | When true, creates fields at ALL occurrences |
+
+### matchAll Behavior
+
+- Default (`false`): Only first occurrence gets a field
+- `true`: Creates a field at every occurrence of the placeholder text
+
+This is useful for documents requiring initials on every page.
+
+## Implementation Components
+
+### Core Functions
+
+- `extractPlaceholdersFromPDF()` - Scans PDF for `{{...}}` patterns with recipient identifiers
+- `removePlaceholdersFromPDF()` - Covers placeholder text with white rectangles
+- `whiteoutRegions()` - Low-level helper for drawing white boxes on PDF pages
+- `parseFieldTypeFromPlaceholder()` - Converts placeholder field type to FieldType enum
+- `parseFieldMetaFromPlaceholder()` - Parses options into fieldMeta format
+
+### Integration Points
+
+1. **Upload flow** (`create-envelope.ts`, `create-envelope-items.ts`)
+   - Extract placeholders at upload time (before saving to storage)
+   - Pass placeholders in-memory to envelope creation
+   - Create placeholder recipients if none provided
+   - Create fields within the same transaction
+
+2. **API field creation** (`create-envelope-fields.ts`)
+   - Accept `placeholder` as alternative to coordinates
+   - Search PDF for placeholder text
+   - Resolve position from bounding box
+   - Support `matchAll` for multiple occurrences
+
+### Field Meta Parsing
+
+The following properties are explicitly parsed:
+
+- `required`, `readOnly` → boolean
+- `fontSize`, `minValue`, `maxValue`, `characterLimit` → number
+- Other properties pass through as strings
+
+Note: Signature fields do not support fieldMeta options.
+
+## Testing
+
+### E2E Tests
+
+**UI Tests** (`e2e/auto-placing-fields/`):
+
+- Single recipient placeholder detection
+- Multiple recipient placeholder detection
+- Field configuration from placeholder options
+- Skipping placeholders without recipient identifiers
+- Skipping invalid field types
+
+**API Tests** (`e2e/api/v2/placeholder-fields-api.spec.ts`):
+
+- Placeholder-based field positioning
+- Width/height overrides
+- Error on placeholder not found
+- Mixed coordinate and placeholder positioning
+- First occurrence only (default)
+- All occurrences with `matchAll: true`
+
+## Documentation
+
+### User Documentation
+
+`/users/documents/pdf-placeholders` - Explains:
+
+- Placeholder format and syntax
+- Supported field types
+- Recipient identifiers
+- Available options per field type
+- Troubleshooting
+
+### Developer Documentation
+
+`/developers/public-api/reference` - Documents:
+
+- Coordinate-based positioning (existing)
+- Placeholder-based positioning (new)
+- matchAll parameter
+- Mixing both methods
+
+## Edge Cases Handled
+
+1. **No placeholders found** - Original PDF returned unchanged
+2. **Placeholder not found (API)** - Returns error with placeholder text
+3. **Multiple occurrences** - First only by default, all with `matchAll: true`
+4. **No recipient identifier** - Skipped during auto-detection, works for API
+5. **Invalid field type** - Skipped during auto-detection
+6. **Signature field with options** - Options ignored (signature doesn't support fieldMeta)
+
+## Future Considerations
+
+- Support for placeholder text styles (bold, underline) to indicate field properties
+- Template-level placeholder mapping for reusable configurations
+- Placeholder validation in document editor before sending

.env.example

@@ -1,3 +1,6 @@
+# The license key to enable enterprise features for self hosters
+NEXT_PRIVATE_DOCUMENSO_LICENSE_KEY=
+
 # [[AUTH]]
 NEXTAUTH_SECRET="secret"
 

.github/workflows/publish.yml

@@ -3,6 +3,12 @@ name: Publish Docker
 on:
   push:
     branches: ['release']
+  workflow_dispatch:
+    inputs:
+      tag:
+        description: 'Git tag to build and publish (e.g., v1.0.0)'
+        required: true
+        type: string
 
 jobs:
   build_and_publish_platform_containers:
@@ -18,6 +24,7 @@ jobs:
     steps:
       - uses: actions/checkout@v4
         with:
+          ref: ${{ inputs.tag || github.ref }}
           fetch-tags: true
 
       - name: Login to DockerHub
@@ -38,8 +45,11 @@ jobs:
           BUILD_PLATFORM: ${{ matrix.os == 'warp-ubuntu-latest-arm64-4x' && 'arm64' || 'amd64' }}
           NEXT_PRIVATE_TELEMETRY_KEY: ${{ secrets.NEXT_PRIVATE_TELEMETRY_KEY }}
           NEXT_PRIVATE_TELEMETRY_HOST: ${{ secrets.NEXT_PRIVATE_TELEMETRY_HOST }}
+          APP_VERSION: ${{ inputs.tag || '' }}
         run: |
-          APP_VERSION="$(git name-rev --tags --name-only $(git rev-parse HEAD) | head -n 1 | sed 's/\^0//')"
+          if [ -z "$APP_VERSION" ]; then
+            APP_VERSION="$(git name-rev --tags --name-only $(git rev-parse HEAD) | head -n 1 | sed 's/\^0//')"
+          fi
           GIT_SHA="$(git rev-parse HEAD)"
 
           docker build \
@@ -65,47 +75,6 @@ jobs:
         env:
           BUILD_PLATFORM: ${{ matrix.os == 'warp-ubuntu-latest-arm64-4x' && 'arm64' || 'amd64' }}
 
-      - name: Build the chromium docker image
-        env:
-          BUILD_PLATFORM: ${{ matrix.os == 'warp-ubuntu-latest-arm64-4x' && 'arm64' || 'amd64' }}
-        run: |
-          APP_VERSION="$(git name-rev --tags --name-only $(git rev-parse HEAD) | head -n 1 | sed 's/\^0//')"
-          GIT_SHA="$(git rev-parse HEAD)"
-
-          docker build \
-            -f ./docker/Dockerfile.chromium \
-            --progress=plain \
-            --build-arg TAG="$GIT_SHA" \
-            -t "documenso/documenso-$BUILD_PLATFORM:latest-chromium" \
-            -t "documenso/documenso-$BUILD_PLATFORM:$GIT_SHA-chromium" \
-            -t "documenso/documenso-$BUILD_PLATFORM:$APP_VERSION-chromium" \
-            -t "ghcr.io/documenso/documenso-$BUILD_PLATFORM:latest-chromium" \
-            -t "ghcr.io/documenso/documenso-$BUILD_PLATFORM:$GIT_SHA-chromium" \
-            -t "ghcr.io/documenso/documenso-$BUILD_PLATFORM:$APP_VERSION-chromium" \
-            .
-
-      - name: Push the chromium docker image to DockerHub
-        env:
-          BUILD_PLATFORM: ${{ matrix.os == 'warp-ubuntu-latest-arm64-4x' && 'arm64' || 'amd64' }}
-        run: |
-          APP_VERSION="$(git name-rev --tags --name-only $(git rev-parse HEAD) | head -n 1 | sed 's/\^0//')"
-          GIT_SHA="$(git rev-parse HEAD)"
-
-          docker push "documenso/documenso-$BUILD_PLATFORM:latest-chromium"
-          docker push "documenso/documenso-$BUILD_PLATFORM:$GIT_SHA-chromium"
-          docker push "documenso/documenso-$BUILD_PLATFORM:$APP_VERSION-chromium" \
-
-      - name: Push the chromium docker image to GitHub Container Registry
-        env:
-          BUILD_PLATFORM: ${{ matrix.os == 'warp-ubuntu-latest-arm64-4x' && 'arm64' || 'amd64' }}
-        run: |
-          APP_VERSION="$(git name-rev --tags --name-only $(git rev-parse HEAD) | head -n 1 | sed 's/\^0//')"
-          GIT_SHA="$(git rev-parse HEAD)"
-
-          docker push "ghcr.io/documenso/documenso-$BUILD_PLATFORM:latest-chromium"
-          docker push "ghcr.io/documenso/documenso-$BUILD_PLATFORM:$GIT_SHA-chromium"
-          docker push "ghcr.io/documenso/documenso-$BUILD_PLATFORM:$APP_VERSION-chromium"
-
   create_and_publish_manifest:
     name: Create and publish manifest
     runs-on: ubuntu-latest
@@ -114,6 +83,7 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v4
         with:
+          ref: ${{ inputs.tag || github.ref }}
           fetch-tags: true
 
       - name: Login to DockerHub
@@ -130,8 +100,12 @@ jobs:
           password: ${{ secrets.GH_TOKEN }}
 
       - name: Create and push DockerHub manifest
+        env:
+          APP_VERSION: ${{ inputs.tag || '' }}
         run: |
-          APP_VERSION="$(git name-rev --tags --name-only $(git rev-parse HEAD) | head -n 1 | sed 's/\^0//')"
+          if [ -z "$APP_VERSION" ]; then
+            APP_VERSION="$(git name-rev --tags --name-only $(git rev-parse HEAD) | head -n 1 | sed 's/\^0//')"
+          fi
           GIT_SHA="$(git rev-parse HEAD)"
 
           # Check if the version is stable (no rc or beta in the version)
@@ -166,46 +140,13 @@ jobs:
           docker manifest push documenso/documenso:$GIT_SHA
           docker manifest push documenso/documenso:$APP_VERSION
 
-      - name: Create and push DockerHub chromium manifest
-        run: |
-          APP_VERSION="$(git name-rev --tags --name-only $(git rev-parse HEAD) | head -n 1 | sed 's/\^0//')"
-          GIT_SHA="$(git rev-parse HEAD)"
-
-          # Check if the version is stable (no rc or beta in the version)
-          if [[ "$APP_VERSION" =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
-            docker manifest create \
-              documenso/documenso:latest-chromium \
-              --amend documenso/documenso-amd64:latest-chromium \
-              --amend documenso/documenso-arm64:latest-chromium
-
-            docker manifest push documenso/documenso:latest-chromium
-          fi
-
-          if [[ "$APP_VERSION" =~ ^v[0-9]+\.[0-9]+\.[0-9]+-rc\.[0-9]+$ ]]; then
-            docker manifest create \
-              documenso/documenso:rc-chromium \
-              --amend documenso/documenso-amd64:rc-chromium \
-              --amend documenso/documenso-arm64:rc-chromium
-
-            docker manifest push documenso/documenso:rc-chromium
-          fi
-
-          docker manifest create \
-            documenso/documenso:$GIT_SHA-chromium \
-            --amend documenso/documenso-amd64:$GIT_SHA-chromium \
-            --amend documenso/documenso-arm64:$GIT_SHA-chromium
-
-          docker manifest create \
-            documenso/documenso:$APP_VERSION-chromium \
-            --amend documenso/documenso-amd64:$APP_VERSION-chromium \
-            --amend documenso/documenso-arm64:$APP_VERSION-chromium
-
-          docker manifest push documenso/documenso:$GIT_SHA-chromium
-          docker manifest push documenso/documenso:$APP_VERSION-chromium
-
       - name: Create and push Github Container Registry manifest
+        env:
+          APP_VERSION: ${{ inputs.tag || '' }}
         run: |
-          APP_VERSION="$(git name-rev --tags --name-only $(git rev-parse HEAD) | head -n 1 | sed 's/\^0//')"
+          if [ -z "$APP_VERSION" ]; then
+            APP_VERSION="$(git name-rev --tags --name-only $(git rev-parse HEAD) | head -n 1 | sed 's/\^0//')"
+          fi
           GIT_SHA="$(git rev-parse HEAD)"
 
           # Check if the version is stable (no rc or beta in the version)
@@ -239,40 +180,3 @@ jobs:
 
           docker manifest push ghcr.io/documenso/documenso:$GIT_SHA
           docker manifest push ghcr.io/documenso/documenso:$APP_VERSION
-
-      - name: Create and push Github Container Registry chromium manifest
-        run: |
-          APP_VERSION="$(git name-rev --tags --name-only $(git rev-parse HEAD) | head -n 1 | sed 's/\^0//')"
-          GIT_SHA="$(git rev-parse HEAD)"
-
-          # Check if the version is stable (no rc or beta in the version)
-          if [[ "$APP_VERSION" =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
-            docker manifest create \
-              ghcr.io/documenso/documenso:latest-chromium \
-              --amend ghcr.io/documenso/documenso-amd64:latest-chromium \
-              --amend ghcr.io/documenso/documenso-arm64:latest-chromium
-
-            docker manifest push ghcr.io/documenso/documenso:latest-chromium
-          fi
-
-          if [[ "$APP_VERSION" =~ ^v[0-9]+\.[0-9]+\.[0-9]+-rc\.[0-9]+$ ]]; then
-            docker manifest create \
-              ghcr.io/documenso/documenso:rc-chromium \
-              --amend ghcr.io/documenso/documenso-amd64:rc-chromium \
-              --amend ghcr.io/documenso/documenso-arm64:rc-chromium
-
-            docker manifest push ghcr.io/documenso/documenso:rc-chromium
-          fi
-
-          docker manifest create \
-            ghcr.io/documenso/documenso:$GIT_SHA-chromium \
-            --amend ghcr.io/documenso/documenso-amd64:$GIT_SHA-chromium \
-            --amend ghcr.io/documenso/documenso-arm64:$GIT_SHA-chromium
-
-          docker manifest create \
-            ghcr.io/documenso/documenso:$APP_VERSION-chromium \
-            --amend ghcr.io/documenso/documenso-amd64:$APP_VERSION-chromium \
-            --amend ghcr.io/documenso/documenso-arm64:$APP_VERSION-chromium
-
-          docker manifest push ghcr.io/documenso/documenso:$GIT_SHA-chromium
-          docker manifest push ghcr.io/documenso/documenso:$APP_VERSION-chromium

.gitignore

@@ -63,3 +63,7 @@ CLAUDE.md
 
 # scripts
 scripts/output*
+
+# license
+.documenso-license.json
+.documenso-license-backup.json

apps/documentation/pages/developers/_meta.js

@@ -13,6 +13,7 @@ export default {
     title: 'API & Integration Guides',
   },
   'public-api': 'Public API',
-  embedding: 'Embedding',
+  embedding: 'Embedded Signing',
+  'embedded-authoring': 'Embedded Authoring',
   webhooks: 'Webhooks',
 };

apps/documentation/pages/developers/embedded-authoring.mdx

@@ -1,12 +1,25 @@
 ---
-title: Authoring
+title: Embedded Authoring
 description: Learn how to use embedded authoring to create documents and templates in your application
 ---
 
+import { Callout } from 'nextra/components';
+
+<Callout type="info">
+  The embedded authoring feature is an enterprise only feature. Please contact us if you are
+  interested in using it.
+</Callout>
+
 # Embedded Authoring
 
 In addition to embedding signing experiences, Documenso now supports embedded authoring, allowing you to integrate document and template creation and editing directly within your application.
 
+## Embedded Signing vs Embedded Authoring
+
+Embedded signing allows you to embed your Documenso documents into your application for signing. Your users will be able to sign the document directly in your application.
+
+Embedded authoring allows you to integrate Documenso's document and template creation and editing into your application. You will be able to create and edit documents and templates directly in your application.
+
 ## How Embedded Authoring Works
 
 The embedded authoring feature enables your users to create and edit documents and templates without leaving your application. This process works through secure presign tokens that authenticate the embedding session and manage permissions.

apps/documentation/pages/developers/embedding/_meta.js

@@ -7,5 +7,4 @@ export default {
   preact: 'Preact Integration',
   angular: 'Angular Integration',
   'css-variables': 'CSS Variables',
-  authoring: 'Authoring',
 };

apps/documentation/pages/developers/embedding/index.mdx

@@ -3,10 +3,16 @@ title: Get Started
 description: Learn how to use embedding to bring signing to your own website or application
 ---
 
-# Embedding
+# Embedded Signing
 
 Our embedding feature lets you integrate our document signing experience into your own application or website. Whether you're building with React, Preact, Vue, Svelte, Solid, Angular, or using generalized web components, this guide will help you get started with embedding Documenso.
 
+## Embedded Signing vs Embedded Authoring
+
+Embedded signing allows you to embed your Documenso documents into your application for signing. Your users will be able to sign the document directly in your application.
+
+Embedded authoring allows you to integrate Documenso's document and template creation and editing into your application. You will be able to create and edit documents and templates directly in your application.
+
 ## Availability
 
 Embedding is currently available for all users on a **Teams Plan** and above, as well as **Early Adopter's** within a team (Early Adopters can create a team for free).

apps/documentation/pages/developers/public-api/index.mdx

@@ -31,9 +31,18 @@ Our new API V2 supports the following typed SDKs:
 
 ## API V1 - Deprecated
 
-Check out the [API V1 documentation](https://app.documenso.com/api/v1/openapi) for details about the API endpoints, request parameters, response formats, and authentication methods.
+<Callout type="warning">
+  <strong>API V1 is deprecated.</strong>
+  <br />
+  The V1 API will continue to be supported for the foreseeable future, but it is limited to
+  <strong>Legacy Documents</strong> (Documents created using the old non-envelope editor).
 
-📖 [Documentation](https://documen.so/api-v2-docs)
+  <strong>Important:</strong> To work with the new <strong>Envelope</strong> document system, you
+  must use the
+  <strong> V2 API</strong>.
+</Callout>
+
+Check out the [API V1 documentation](https://app.documenso.com/api/v1/openapi) for details about the API endpoints, request parameters, response formats, and authentication methods.
 
 ## Availability
 

apps/documentation/pages/developers/public-api/reference.mdx

@@ -316,6 +316,8 @@ Before adding fields to an envelope, you will need the following details:
 
 See the [Get Envelope](#get-envelope) section for more details on how to retrieve these details.
 
+### Coordinate-Based Positioning
+
 The following is an example of a request which creates 2 new fields on the first page of the envelope.
 
 Note that width, height, positionX and positionY are percentage numbers between 0 and 100, which scale the field relative to the size of the PDF.
@@ -360,6 +362,95 @@ curl https://app.documenso.com/api/v2/envelope/field/create-many \
   }'
 ```
 
+### Placeholder-Based Positioning
+
+Instead of specifying exact coordinates, you can position fields using placeholder text in the PDF. The API will search for the text and place the field at that location.
+
+This is useful when:
+
+- You have PDFs with designated placeholder text (e.g., `{{signature}}`, `[SIGN HERE]`)
+- You want field positions to adapt to document content changes
+- You're working with templated documents generated from other systems
+
+```sh
+curl https://app.documenso.com/api/v2/envelope/field/create-many \
+  --request POST \
+  --header 'Authorization: api_xxxxxxxxxxxxxx' \
+  --header 'Content-Type: application/json' \
+  --data '{
+    "envelopeId": "envelope_xxxxxxxxxx",
+    "data": [
+      {
+        "recipientId": recipient_id_here,
+        "type": "SIGNATURE",
+        "placeholder": "{{signature}}"
+      },
+      {
+        "recipientId": recipient_id_here,
+        "type": "NAME",
+        "placeholder": "{{name}}",
+        "width": 30,
+        "height": 5
+      }
+    ]
+  }'
+```
+
+#### Placeholder Parameters
+
+| Parameter     | Type    | Required | Description                                                                                                      |
+| ------------- | ------- | -------- | ---------------------------------------------------------------------------------------------------------------- |
+| `placeholder` | string  | Yes      | Text to search for in the PDF. The field is placed at the location of this text.                                 |
+| `width`       | number  | No       | Override the field width (percentage). If omitted, uses the placeholder text width.                              |
+| `height`      | number  | No       | Override the field height (percentage). If omitted, uses the placeholder text height.                            |
+| `matchAll`    | boolean | No       | When `true`, creates a field at every occurrence of the placeholder. Default is `false` (first occurrence only). |
+
+<Callout type="info">
+  The placeholder text is automatically covered with a white rectangle after field creation, so it
+  won't appear in the final signed document.
+</Callout>
+
+#### Multiple Occurrences
+
+If your PDF contains the same placeholder text multiple times (e.g., initials on every page), use `matchAll: true` to create fields at all occurrences:
+
+```json
+{
+  "recipientId": 123,
+  "type": "INITIALS",
+  "placeholder": "{{initials}}",
+  "matchAll": true
+}
+```
+
+This will create one INITIALS field for each occurrence of `{{initials}}` in the PDF.
+
+#### Mixing Positioning Methods
+
+You can combine coordinate-based and placeholder-based positioning in the same request:
+
+```json
+{
+  "envelopeId": "envelope_xxxxxxxxxx",
+  "data": [
+    {
+      "recipientId": 123,
+      "type": "SIGNATURE",
+      "placeholder": "{{signature}}"
+    },
+    {
+      "recipientId": 123,
+      "type": "DATE",
+      "page": 1,
+      "positionX": 70,
+      "positionY": 85,
+      "width": 20,
+      "height": 3
+    }
+  ]
+}
+```
+
 Field meta allows you to further configure fields, for example it will allow you to add multiple items for checkboxes or radios.
 
 A successful request will return a JSON response with the newly added fields.

apps/documentation/pages/developers/webhooks.mdx

@@ -544,7 +544,7 @@ Example payload for the `document.rejected` event:
 }
 ```
 
-Example payload for the `document.rejected` event:
+Example payload for the `document.cancelled` event:
 
 ```json
 {

apps/documentation/pages/users/documents/_meta.js

@@ -3,6 +3,7 @@ export default {
   'document-preferences': 'Document Preferences',
   'document-visibility': 'Document Visibility',
   fields: 'Document Fields',
+  'pdf-placeholders': 'PDF Placeholders',
   'email-preferences': 'Email Preferences',
   'ai-detection': 'AI Recipient & Field Detection',
   'default-recipients': 'Default Recipients',

apps/documentation/pages/users/documents/pdf-placeholders.mdx

@@ -0,0 +1,179 @@
+---
+title: PDF Placeholders
+description: Learn how to use placeholder text in your PDFs for automatic field placement in Documenso.
+---
+
+import { Callout } from 'nextra/components';
+
+# PDF Placeholders
+
+Documenso can automatically detect placeholder text in your PDF documents and create fields at those locations. This allows you to prepare documents in your preferred editing tool (Word, Google Docs, etc.) with placeholders that become signature fields when uploaded.
+
+## How It Works
+
+When you upload a PDF, Documenso scans for text matching the placeholder pattern `{{...}}`. Each placeholder can specify:
+
+1. **Field type** - What kind of field to create (signature, name, email, etc.)
+2. **Recipient** - Which signer the field belongs to (r1, r2, etc.)
+3. **Options** - Additional settings like required, read-only, font size, etc.
+
+The placeholder text is automatically hidden after fields are created, so your final document looks clean.
+
+## Placeholder Format
+
+The basic format is:
+
+```
+{{FIELD_TYPE, RECIPIENT, option1=value1, option2=value2}}
+```
+
+### Examples
+
+| Placeholder                   | Description                         |
+| ----------------------------- | ----------------------------------- |
+| `{{signature, r1}}`           | Signature field for recipient 1     |
+| `{{name, r1}}`                | Name field for recipient 1          |
+| `{{email, r2}}`               | Email field for recipient 2         |
+| `{{date, r1}}`                | Date field for recipient 1          |
+| `{{text, r1, required=true}}` | Required text field for recipient 1 |
+| `{{initials, r1}}`            | Initials field for recipient 1      |
+
+## Supported Field Types
+
+The following field types are supported in placeholders:
+
+| Field Type | Placeholder Value |
+| ---------- | ----------------- |
+| Signature  | `signature`       |
+| Initials   | `initials`        |
+| Name       | `name`            |
+| Email      | `email`           |
+| Date       | `date`            |
+| Text       | `text`            |
+| Number     | `number`          |
+| Radio      | `radio`           |
+| Checkbox   | `checkbox`        |
+| Dropdown   | `dropdown`        |
+
+<Callout type="info">
+  Field types are case-insensitive. `{{ SIGNATURE, r1 }}` and `{{ signature, r1 }}` are equivalent.
+</Callout>
+
+## Recipient Identifiers
+
+Recipients are identified using `r1`, `r2`, `r3`, etc. The number corresponds to the order in which recipients are created:
+
+- `r1` - First recipient
+- `r2` - Second recipient
+- `r3` - Third recipient
+
+When you upload a PDF with placeholders, Documenso will:
+
+1. Create placeholder recipients for each unique identifier found (e.g., `r1`, `r2`)
+2. You can then update these with real email addresses before sending
+
+<Callout type="warning">
+  Placeholders without a recipient identifier (e.g., `{{ signature }}` without `r1`) are reserved
+  for API use and will not create fields during upload.
+</Callout>
+
+## Field Options
+
+You can customize fields by adding options after the recipient identifier:
+
+### Common Options
+
+| Option      | Values                    | Description                                |
+| ----------- | ------------------------- | ------------------------------------------ |
+| `required`  | `true`, `false`           | Whether the field must be filled           |
+| `readOnly`  | `true`, `false`           | Whether the field is pre-filled and locked |
+| `fontSize`  | Number (e.g., `12`)       | Font size in points                        |
+| `textAlign` | `left`, `center`, `right` | Horizontal text alignment                  |
+
+### Text Field Options
+
+| Option           | Values | Description                           |
+| ---------------- | ------ | ------------------------------------- |
+| `label`          | Text   | Label shown in the field              |
+| `placeholder`    | Text   | Placeholder text shown before signing |
+| `text`           | Text   | Pre-filled text value                 |
+| `characterLimit` | Number | Maximum characters allowed            |
+
+### Number Field Options
+
+| Option         | Values        | Description           |
+| -------------- | ------------- | --------------------- |
+| `value`        | Number        | Pre-filled value      |
+| `minValue`     | Number        | Minimum allowed value |
+| `maxValue`     | Number        | Maximum allowed value |
+| `numberFormat` | Format string | Number display format |
+
+### Examples with Options
+
+```
+{{text, r1, required=true, label=Company Name}}
+{{number, r1, minValue=0, maxValue=100, value=50}}
+{{name, r1, fontSize=14}}
+{{text, r2, readOnly=true, text=Contract #12345}}
+```
+
+<Callout type="info">
+  Signature and Free Signature fields do not support additional options beyond the field type and
+  recipient.
+</Callout>
+
+## Multiple Recipients Example
+
+Here's how a document might look with placeholders for two signers:
+
+```
+AGREEMENT
+
+Party A Signature: {{signature, r1}}
+Party A Name: {{name, r1}}
+Party A Date: {{date, r1}}
+
+Party B Signature: {{signature, r2}}
+Party B Name: {{name, r2}}
+Party B Date: {{date, r2}}
+```
+
+When uploaded, this creates:
+
+- 3 fields assigned to recipient 1 (Party A)
+- 3 fields assigned to recipient 2 (Party B)
+- 2 placeholder recipients that you can update with real email addresses
+
+## Tips for Creating Documents
+
+1. **Use a readable font** - Placeholders need to be readable by the PDF parser. Standard fonts like Arial, Helvetica, or Times New Roman work best.
+
+2. **Don't split placeholders** - Ensure the entire placeholder text `{{...}}` is on a single line and not broken across text boxes.
+
+3. **Size matters** - The field will be sized to match the placeholder text width. Use spaces or longer placeholder text if you need wider fields.
+
+4. **Test with a draft** - Upload your document as a draft first to verify fields are detected correctly before sending.
+
+<Callout type="info">
+  Placeholder detection happens automatically when you upload a PDF. You can review and adjust the
+  created fields in the document editor before sending.
+</Callout>
+
+## Troubleshooting
+
+### Placeholders Not Detected
+
+- Ensure placeholders use double curly braces: `{{...}}`
+- Check that the placeholder includes a recipient identifier (e.g., `r1`)
+- Verify the field type is spelled correctly
+- Try using a standard font in your source document
+
+### Wrong Field Position
+
+- The field is placed at the exact location of the placeholder text
+- If the position seems off, check that your PDF wasn't scaled or reformatted when exported
+
+### Placeholder Text Still Visible
+
+- Placeholder text is covered with a white rectangle after field creation
+- If you see the text, try re-uploading the document

apps/documentation/pages/users/fair-use.mdx

@@ -7,28 +7,41 @@ import { Callout } from 'nextra/components';
 
 # Fair Use Policy
 
-We offer our plans without any limits on volume because we want our users and customers to make the most of their accounts. Estimating volume is incredibly hard, especially for shorter intervals like a quarter. We are not interested in selling volume packages our customers end up not using.
+We like to overdeliver, but we cannot overcommit.
 
-This is why the individual plan and the team plan do not include a limit on signing or API volume. If you are a customer of these [plans](https://documen.so/pricing), we ask you to abide by this fair use policy:
+Our plans are designed to be generous and flexible without forcing customers into rigid volume limits they may never use. At the same time, estimating usage at scale is hard, especially over short periods. This fair use policy exists to keep plans sustainable while allowing us to add more value wherever possible without overformalizing restrictions.
+
+We offer our plans without any limits on volume because we want users and customers to make the most of their accounts. Estimating volume is incredibly hard, especially for shorter intervals like a quarter. We are not interested in selling volume packages our customers end up not using.
+
+This is why our plans not include a limit on signing or API volume. If you are a customer of these plans, we ask you to abide by this fair use policy.
 
 ### Spirit of the Plan
 
-Use the limitless accounts as much as you like (they are meant to offer a lot) while respecting the spirit and intended scope of the account.
+Use the limitless plans as much as you like. They are meant to offer a lot. Please respect the spirit and intended scope of the account.
 
 <Callout type="info">
-  What happens if I violate this policy? We will ask you to upgrade to a fitting plan or custom
-  pricing. We won’t block your account without reaching out. You can [message
-  us](mailto:support@documenso.com) for questions.
+  What happens if I go beyond the scope of this policy? We will ask you to upgrade to a fitting plan
+  or custom pricing. We will not block your account without reaching out. You can message us for
+  questions.
 </Callout>
 
+### Fair Support
+
+We believe in fair support as much as fair usage.
+
+Fair support includes reasonable and within reason application level help for self hosted users. We will help you get unstuck and point you in the right direction when issues come up. Support is provided in good faith and within reasonable time and effort limits. We are not your operations team and cannot take responsibility for running, monitoring, or maintaining your infrastructure.
+
+If you are unsure whether something falls within fair use or fair support, reach out. We are happy to talk it through.
+
 ### DO
 
-- Sign as many documents as you need with the individual plan for your single business or organization you are part of
-- Use the API and automation tools to automate all your signing workflows
-- Experiment with the plans and integrations, testing what you want to build
+- Sign as many documents as you need with the individual plan for your single business or organization
+- Use the API and automation tools to automate your signing workflows
+- Experiment with plans and integrations while testing what you want to build
 
 ### DON'T
 
-- Use the individual account's API to power a platform
-- Run a huge company, signing thousands of documents per day on a two-user team plan using the API
-- Let this policy make you overthink. If you are a paying customer, we want you to win
+- Use an individual account API to power a platform or product
+- Run a large company signing thousands of documents per day on a small team plan
+- Expect enterprise level support for fair support plan
+- Overthink this policy. If you are a paying customer, we want you to win

apps/documentation/pages/users/licenses/enterprise-edition.mdx

@@ -7,20 +7,51 @@ import { Callout } from 'nextra/components';
 
 # Enterprise Edition
 
-The Documenso Enterprise Edition is our license for self-hosters that need the full range of support and compliance. Everything in the EE folder and all features listed [here](https://github.com/documenso/documenso/blob/main/packages/ee/FEATURES) can be used after acquiring a paid license.
-
-## Includes
-
-- Self-Host Documenso in any context.
-- Premium Support via Slack, Discord and Email.
-- Flexible Licensing (e.g. MIT) for deeper custom integration (if needed).
-- Access to all Enterprise-grade compliance and administration features.
-
-## Limitations
-
-The Enterprise Edition currently has no limitations except custom contract terms.
-
 <Callout type="info">
   The Enterprise Edition requires a paid subscription. [Contact us for a
   quote](https://documen.so/enterprise).
 </Callout>
+
+The Documenso Enterprise Edition is our license for self-hosters that need the full range of support and compliance.
+
+The following features are included in the Enterprise Edition:
+
+{/* Keep this synced with the packages/ee/FEATURES file */}
+
+- The Stripe Billing Module
+- Organisation Authentication Portal
+- Document Action Reauthentication (Passkeys and 2FA)
+- 21 CFR
+- Email domains
+- Embed authoring
+- Embed authoring white label
+
+In addition, you will receive:
+
+- Premium Support via Slack, Discord and Email.
+- Flexible Licensing (e.g. MIT) for deeper custom integration (if needed).
+- Access to Enterprise-grade compliance and administration features.
+- Permission to self-Host Documenso in any context.
+
+The Enterprise Edition currently has no limitations except custom contract terms.
+
+## Getting a License
+
+To acquire an Enterprise Edition license, please [contact our sales team](https://documen.so/enterprise) for a quote. Our team will work with you to understand your requirements and provide a license that fits your needs.
+
+## Using Your License
+
+Once you have acquired an Enterprise Edition license:
+
+1. Access your license key at [license.documenso.com](https://license.documenso.com)
+2. Set the `NEXT_PRIVATE_DOCUMENSO_LICENSE_KEY` environment variable in your Documenso instance with your license key
+
+```bash
+NEXT_PRIVATE_DOCUMENSO_LICENSE_KEY="your-license-key-here"
+```
+
+3. You can verify your license status in the Admin Panel under the Stats section.
+
+![Admin License Status](/images/admin-license-status.webp)
+
+Your license will be verified on startup and periodically to ensure continued access to Enterprise features.

apps/remix/app/components/dialogs/claim-create-dialog.tsx

@@ -3,6 +3,7 @@ import { useState } from 'react';
 import { Trans, useLingui } from '@lingui/react/macro';
 import type { z } from 'zod';
 
+import type { TLicenseClaim } from '@documenso/lib/types/license';
 import { generateDefaultSubscriptionClaim } from '@documenso/lib/utils/organisations-claims';
 import { trpc } from '@documenso/trpc/react';
 import type { ZCreateSubscriptionClaimRequestSchema } from '@documenso/trpc/server/admin-router/create-subscription-claim.types';
@@ -22,7 +23,11 @@ import { SubscriptionClaimForm } from '../forms/subscription-claim-form';
 
 export type CreateClaimFormValues = z.infer<typeof ZCreateSubscriptionClaimRequestSchema>;
 
-export const ClaimCreateDialog = () => {
+type ClaimCreateDialogProps = {
+  licenseFlags?: TLicenseClaim;
+};
+
+export const ClaimCreateDialog = ({ licenseFlags }: ClaimCreateDialogProps) => {
   const { t } = useLingui();
   const { toast } = useToast();
 
@@ -67,6 +72,7 @@ export const ClaimCreateDialog = () => {
             ...generateDefaultSubscriptionClaim(),
           }}
           onFormSubmit={createClaim}
+          licenseFlags={licenseFlags}
           formSubmitTrigger={
             <DialogFooter>
               <Button

apps/remix/app/components/dialogs/claim-update-dialog.tsx

@@ -2,6 +2,7 @@ import { useState } from 'react';
 
 import { Trans, useLingui } from '@lingui/react/macro';
 
+import type { TLicenseClaim } from '@documenso/lib/types/license';
 import { trpc } from '@documenso/trpc/react';
 import type { TFindSubscriptionClaimsResponse } from '@documenso/trpc/server/admin-router/find-subscription-claims.types';
 import { Button } from '@documenso/ui/primitives/button';
@@ -21,9 +22,10 @@ import { SubscriptionClaimForm } from '../forms/subscription-claim-form';
 export type ClaimUpdateDialogProps = {
   claim: TFindSubscriptionClaimsResponse['data'][number];
   trigger: React.ReactNode;
+  licenseFlags?: TLicenseClaim;
 };
 
-export const ClaimUpdateDialog = ({ claim, trigger }: ClaimUpdateDialogProps) => {
+export const ClaimUpdateDialog = ({ claim, trigger, licenseFlags }: ClaimUpdateDialogProps) => {
   const { t } = useLingui();
   const { toast } = useToast();
 
@@ -69,6 +71,7 @@ export const ClaimUpdateDialog = ({ claim, trigger }: ClaimUpdateDialogProps) =>
               data,
             })
           }
+          licenseFlags={licenseFlags}
           formSubmitTrigger={
             <DialogFooter>
               <Button

apps/remix/app/components/dialogs/envelopes-bulk-delete-dialog.tsx

@@ -0,0 +1,175 @@
+import { plural } from '@lingui/core/macro';
+import { Plural, useLingui } from '@lingui/react/macro';
+import { Trans } from '@lingui/react/macro';
+import { EnvelopeType } from '@prisma/client';
+import type * as DialogPrimitive from '@radix-ui/react-dialog';
+
+import { trpc } from '@documenso/trpc/react';
+import { Alert, AlertDescription } from '@documenso/ui/primitives/alert';
+import { Button } from '@documenso/ui/primitives/button';
+import {
+  Dialog,
+  DialogContent,
+  DialogDescription,
+  DialogFooter,
+  DialogHeader,
+  DialogTitle,
+} from '@documenso/ui/primitives/dialog';
+import { useToast } from '@documenso/ui/primitives/use-toast';
+
+export type EnvelopesBulkDeleteDialogProps = {
+  envelopeIds: string[];
+  envelopeType: EnvelopeType;
+  open: boolean;
+  onOpenChange: (open: boolean) => void;
+  onSuccess?: () => void;
+} & Omit<DialogPrimitive.DialogProps, 'children'>;
+
+export const EnvelopesBulkDeleteDialog = ({
+  envelopeIds,
+  envelopeType,
+  open,
+  onOpenChange,
+  onSuccess,
+  ...props
+}: EnvelopesBulkDeleteDialogProps) => {
+  const { t } = useLingui();
+  const { toast } = useToast();
+
+  const trpcUtils = trpc.useUtils();
+
+  const isDocument = envelopeType === EnvelopeType.DOCUMENT;
+
+  const { mutateAsync: bulkDeleteEnvelopes, isPending } = trpc.envelope.bulk.delete.useMutation({
+    onSuccess: async (result) => {
+      // Invalidate the appropriate query based on envelope type.
+      if (isDocument) {
+        await trpcUtils.document.findDocumentsInternal.invalidate();
+      } else {
+        await trpcUtils.template.findTemplates.invalidate();
+      }
+
+      if (result.failedIds.length > 0) {
+        toast({
+          title: isDocument ? t`Documents partially deleted` : t`Templates partially deleted`,
+          description: t`${plural(result.deletedCount, {
+            one: '# item deleted.',
+            other: '# items deleted.',
+          })} ${plural(result.failedIds.length, {
+            one: '# item could not be deleted.',
+            other: '# items could not be deleted.',
+          })}`,
+          variant: 'destructive',
+        });
+      } else {
+        toast({
+          title: isDocument ? t`Documents deleted` : t`Templates deleted`,
+          description: plural(result.deletedCount, {
+            one: '# item has been deleted.',
+            other: '# items have been deleted.',
+          }),
+          variant: 'default',
+        });
+      }
+
+      onSuccess?.();
+      onOpenChange(false);
+    },
+    onError: () => {
+      toast({
+        title: t`Error`,
+        description: t`An error occurred while deleting the items.`,
+        variant: 'destructive',
+      });
+    },
+  });
+
+  return (
+    <Dialog {...props} open={open} onOpenChange={onOpenChange}>
+      <DialogContent>
+        <DialogHeader>
+          <DialogTitle>
+            {isDocument ? <Trans>Delete Documents</Trans> : <Trans>Delete Templates</Trans>}
+          </DialogTitle>
+
+          <DialogDescription>
+            {isDocument ? (
+              <Plural
+                value={envelopeIds.length}
+                one="You are about to delete the selected document."
+                other="You are about to delete # documents."
+              />
+            ) : (
+              <Plural
+                value={envelopeIds.length}
+                one="You are about to delete the selected template."
+                other="You are about to delete # templates."
+              />
+            )}
+          </DialogDescription>
+        </DialogHeader>
+
+        <Alert variant="warning">
+          <AlertDescription>
+            <p>
+              <Trans>
+                Please note that this action is <strong>irreversible</strong>.
+              </Trans>
+            </p>
+
+            <p className="mt-1">
+              <Trans>Once confirmed, the following will occur:</Trans>
+            </p>
+
+            <ul className="mt-0.5 list-inside list-disc">
+              {isDocument ? (
+                <>
+                  <li>
+                    <Trans>Selected documents will be permanently deleted</Trans>
+                  </li>
+                  <li>
+                    <Trans>Pending documents will have their signing process cancelled</Trans>
+                  </li>
+                  <li>
+                    <Trans>All recipients will be notified</Trans>
+                  </li>
+                </>
+              ) : (
+                <>
+                  <li>
+                    <Trans>Selected templates will be permanently deleted</Trans>
+                  </li>
+                  <li>
+                    <Trans>Direct links associated with templates will be removed</Trans>
+                  </li>
+                </>
+              )}
+            </ul>
+          </AlertDescription>
+        </Alert>
+
+        <DialogFooter>
+          <Button
+            type="button"
+            variant="secondary"
+            onClick={() => onOpenChange(false)}
+            disabled={isPending}
+          >
+            <Trans>Cancel</Trans>
+          </Button>
+
+          <Button
+            onClick={(e) => {
+              e.preventDefault();
+              void bulkDeleteEnvelopes({ envelopeIds });
+            }}
+            loading={isPending}
+            variant="destructive"
+          >
+            <Trans>Delete</Trans>
+          </Button>
+        </DialogFooter>
+      </DialogContent>
+    </Dialog>
+  );
+};

apps/remix/app/components/dialogs/envelopes-bulk-move-dialog.tsx

@@ -0,0 +1,256 @@
+import { useEffect, useState } from 'react';
+
+import { zodResolver } from '@hookform/resolvers/zod';
+import { Plural, useLingui } from '@lingui/react/macro';
+import { Trans } from '@lingui/react/macro';
+import { EnvelopeType } from '@prisma/client';
+import type * as DialogPrimitive from '@radix-ui/react-dialog';
+import { FolderIcon, HomeIcon, Loader2, Search } from 'lucide-react';
+import { useForm } from 'react-hook-form';
+import { match } from 'ts-pattern';
+import { z } from 'zod';
+
+import { AppError, AppErrorCode } from '@documenso/lib/errors/app-error';
+import { trpc } from '@documenso/trpc/react';
+import { Button } from '@documenso/ui/primitives/button';
+import {
+  Dialog,
+  DialogContent,
+  DialogDescription,
+  DialogFooter,
+  DialogHeader,
+  DialogTitle,
+} from '@documenso/ui/primitives/dialog';
+import {
+  Form,
+  FormControl,
+  FormField,
+  FormItem,
+  FormLabel,
+  FormMessage,
+} from '@documenso/ui/primitives/form/form';
+import { Input } from '@documenso/ui/primitives/input';
+import { useToast } from '@documenso/ui/primitives/use-toast';
+
+export type EnvelopesBulkMoveDialogProps = {
+  envelopeIds: string[];
+  envelopeType: EnvelopeType;
+  open: boolean;
+  onOpenChange: (open: boolean) => void;
+  currentFolderId?: string;
+  onSuccess?: () => void;
+} & Omit<DialogPrimitive.DialogProps, 'children'>;
+
+const ZBulkMoveFormSchema = z.object({
+  folderId: z.string().nullable(),
+});
+
+type TBulkMoveFormSchema = z.infer<typeof ZBulkMoveFormSchema>;
+
+export const EnvelopesBulkMoveDialog = ({
+  envelopeIds,
+  envelopeType,
+  open,
+  onOpenChange,
+  currentFolderId,
+  onSuccess,
+  ...props
+}: EnvelopesBulkMoveDialogProps) => {
+  const { t } = useLingui();
+  const { toast } = useToast();
+
+  const [searchTerm, setSearchTerm] = useState('');
+
+  const form = useForm<TBulkMoveFormSchema>({
+    resolver: zodResolver(ZBulkMoveFormSchema),
+    defaultValues: {
+      folderId: currentFolderId ?? null,
+    },
+  });
+
+  const isDocument = envelopeType === EnvelopeType.DOCUMENT;
+
+  const { data: folders, isLoading: isFoldersLoading } = trpc.folder.findFoldersInternal.useQuery(
+    {
+      parentId: currentFolderId,
+      type: envelopeType,
+    },
+    {
+      enabled: open,
+    },
+  );
+
+  const { mutateAsync: bulkMoveEnvelopes } = trpc.envelope.bulk.move.useMutation();
+
+  const trpcUtils = trpc.useUtils();
+
+  useEffect(() => {
+    if (open) {
+      setSearchTerm('');
+
+      form.reset({
+        folderId: currentFolderId,
+      });
+    }
+  }, [open, currentFolderId]);
+
+  const onSubmit = async (data: TBulkMoveFormSchema) => {
+    try {
+      await bulkMoveEnvelopes({
+        envelopeIds,
+        folderId: data.folderId,
+        envelopeType,
+      });
+
+      // Invalidate the appropriate query based on envelope type.
+      if (isDocument) {
+        await trpcUtils.document.findDocumentsInternal.invalidate();
+      } else {
+        await trpcUtils.template.findTemplates.invalidate();
+      }
+
+      toast({
+        description: t`Selected items have been moved.`,
+      });
+
+      onSuccess?.();
+      onOpenChange(false);
+    } catch (err) {
+      const error = AppError.parseError(err);
+
+      const errorMessage = match(error.code)
+        .with(
+          AppErrorCode.NOT_FOUND,
+          () => t`The folder you are trying to move the items to does not exist.`,
+        )
+        .with(AppErrorCode.UNAUTHORIZED, () => t`You are not allowed to move these items.`)
+        .with(AppErrorCode.INVALID_BODY, () => t`All items must be of the same type.`)
+        .otherwise(() => t`An error occurred while moving the items.`);
+
+      toast({
+        description: errorMessage,
+        variant: 'destructive',
+      });
+    }
+  };
+
+  const filteredFolders = folders?.data.filter((folder) =>
+    folder.name.toLowerCase().includes(searchTerm.toLowerCase()),
+  );
+
+  return (
+    <Dialog {...props} open={open} onOpenChange={onOpenChange}>
+      <DialogContent>
+        <DialogHeader>
+          <DialogTitle>
+            {isDocument ? (
+              <Trans>Move Documents to Folder</Trans>
+            ) : (
+              <Trans>Move Templates to Folder</Trans>
+            )}
+          </DialogTitle>
+
+          <DialogDescription>
+            {isDocument ? (
+              <Plural
+                value={envelopeIds.length}
+                one="Select a folder to move the selected document to."
+                other="Select a folder to move the # selected documents to."
+              />
+            ) : (
+              <Plural
+                value={envelopeIds.length}
+                one="Select a folder to move the selected template to."
+                other="Select a folder to move the # selected templates to."
+              />
+            )}
+          </DialogDescription>
+        </DialogHeader>
+
+        <div className="relative">
+          <Search className="absolute left-2 top-3 h-4 w-4 text-muted-foreground" />
+          <Input
+            placeholder={t`Search folders...`}
+            value={searchTerm}
+            onChange={(e) => setSearchTerm(e.target.value)}
+            className="pl-8"
+          />
+        </div>
+
+        <Form {...form}>
+          <form onSubmit={form.handleSubmit(onSubmit)} className="flex flex-col gap-y-4">
+            <FormField
+              control={form.control}
+              name="folderId"
+              render={({ field }) => (
+                <FormItem>
+                  <FormLabel>
+                    <Trans>Folder</Trans>
+                  </FormLabel>
+
+                  <FormControl>
+                    <div className="max-h-96 space-y-2 overflow-y-auto">
+                      {isFoldersLoading ? (
+                        <div className="flex h-10 items-center justify-center">
+                          <Loader2 className="h-4 w-4 animate-spin" />
+                        </div>
+                      ) : (
+                        <>
+                          <Button
+                            type="button"
+                            variant={field.value === null ? 'default' : 'outline'}
+                            className="w-full justify-start"
+                            onClick={() => field.onChange(null)}
+                            disabled={currentFolderId === undefined}
+                          >
+                            <HomeIcon className="mr-2 h-4 w-4" />
+                            <Trans>Home (No Folder)</Trans>
+                          </Button>
+
+                          {filteredFolders?.map((folder) => (
+                            <Button
+                              key={folder.id}
+                              type="button"
+                              variant={field.value === folder.id ? 'default' : 'outline'}
+                              className="w-full justify-start"
+                              onClick={() => field.onChange(folder.id)}
+                              disabled={currentFolderId === folder.id}
+                            >
+                              <FolderIcon className="mr-2 h-4 w-4" />
+                              {folder.name}
+                            </Button>
+                          ))}
+
+                          {searchTerm && filteredFolders?.length === 0 && (
+                            <div className="px-2 py-2 text-center text-sm text-muted-foreground">
+                              <Trans>No folders found</Trans>
+                            </div>
+                          )}
+                        </>
+                      )}
+                    </div>
+                  </FormControl>
+                  <FormMessage />
+                </FormItem>
+              )}
+            />
+
+            <DialogFooter>
+              <Button type="button" variant="secondary" onClick={() => onOpenChange(false)}>
+                <Trans>Cancel</Trans>
+              </Button>
+
+              <Button
+                type="submit"
+                disabled={isFoldersLoading || form.formState.isSubmitting}
+                loading={form.formState.isSubmitting}
+              >
+                <Trans>Move</Trans>
+              </Button>
+            </DialogFooter>
+          </form>
+        </Form>
+      </DialogContent>
+    </Dialog>
+  );
+};

apps/remix/app/components/dialogs/organisation-group-delete-dialog.tsx

@@ -77,7 +77,7 @@ export const OrganisationGroupDeleteDialog = ({
           </DialogTitle>
 
           <DialogDescription className="mt-4">
-            <Trans>
+            <Trans context="Removing group from organisation">
               You are about to remove the following group from{' '}
               <span className="font-semibold">{organisation.name}</span>.
             </Trans>

apps/remix/app/components/dialogs/team-group-delete-dialog.tsx

@@ -81,7 +81,7 @@ export const TeamGroupDeleteDialog = ({
           </DialogTitle>
 
           <DialogDescription className="mt-4">
-            <Trans>
+            <Trans context="Removing group from team">
               You are about to remove the following group from{' '}
               <span className="font-semibold">{team.name}</span>.
             </Trans>

apps/remix/app/components/dialogs/team-member-create-dialog.tsx

@@ -1,10 +1,10 @@
-import { useEffect, useMemo, useState } from 'react';
+import { useEffect, useMemo, useRef, useState } from 'react';
 
 import { zodResolver } from '@hookform/resolvers/zod';
 import { Trans, useLingui } from '@lingui/react/macro';
 import { TeamMemberRole } from '@prisma/client';
 import type * as DialogPrimitive from '@radix-ui/react-dialog';
-import { InfoIcon } from 'lucide-react';
+import { InfoIcon, UserPlusIcon } from 'lucide-react';
 import { useForm } from 'react-hook-form';
 import { Link } from 'react-router';
 import { match } from 'ts-pattern';
@@ -13,6 +13,7 @@ import { z } from 'zod';
 import { TEAM_MEMBER_ROLE_HIERARCHY } from '@documenso/lib/constants/teams';
 import { TEAM_MEMBER_ROLE_MAP } from '@documenso/lib/constants/teams-translations';
 import { trpc } from '@documenso/trpc/react';
+import { Alert, AlertDescription } from '@documenso/ui/primitives/alert';
 import { Button } from '@documenso/ui/primitives/button';
 import {
   Dialog,
@@ -44,6 +45,7 @@ import {
 import { Tooltip, TooltipContent, TooltipTrigger } from '@documenso/ui/primitives/tooltip';
 import { useToast } from '@documenso/ui/primitives/use-toast';
 
+import { OrganisationMemberInviteDialog } from '~/components/dialogs/organisation-member-invite-dialog';
 import { useCurrentTeam } from '~/providers/team';
 
 export type TeamMemberCreateDialogProps = {
@@ -64,11 +66,14 @@ type TAddTeamMembersFormSchema = z.infer<typeof ZAddTeamMembersFormSchema>;
 export const TeamMemberCreateDialog = ({ trigger, ...props }: TeamMemberCreateDialogProps) => {
   const [open, setOpen] = useState(false);
   const [step, setStep] = useState<'SELECT' | 'MEMBERS'>('SELECT');
+  const [inviteDialogOpen, setInviteDialogOpen] = useState(false);
+  const prevInviteDialogOpenRef = useRef(false);
 
   const { t } = useLingui();
   const { toast } = useToast();
 
   const team = useCurrentTeam();
+  const utils = trpc.useUtils();
 
   const form = useForm<TAddTeamMembersFormSchema>({
     resolver: zodResolver(ZAddTeamMembersFormSchema),
@@ -96,7 +101,29 @@ export const TeamMemberCreateDialog = ({ trigger, ...props }: TeamMemberCreateDi
     );
   }, [organisationMemberQuery, teamMemberQuery]);
 
+  const hasNoAvailableMembers =
+    !organisationMemberQuery.isLoading && avaliableOrganisationMembers.length === 0;
+
   const onFormSubmit = async ({ members }: TAddTeamMembersFormSchema) => {
+    if (members.length === 0) {
+      if (hasNoAvailableMembers) {
+        setInviteDialogOpen(true);
+        return;
+      }
+
+      // Don't show error if on SELECT step - the disabled Next button already communicates this
+      if (step === 'SELECT') {
+        return;
+      }
+
+      toast({
+        title: t`No members selected`,
+        description: t`Please select at least one member to add to the team.`,
+        variant: 'destructive',
+      });
+      return;
+    }
+
     try {
       await createTeamMembers({
         teamId: team.id,
@@ -123,9 +150,20 @@ export const TeamMemberCreateDialog = ({ trigger, ...props }: TeamMemberCreateDi
     if (!open) {
       form.reset();
       setStep('SELECT');
+      setInviteDialogOpen(false);
     }
   }, [open, form]);
 
+  // Invalidate queries when invite dialog closes (transitions from true to false) to refresh available members
+  useEffect(() => {
+    if (prevInviteDialogOpenRef.current && !inviteDialogOpen) {
+      void utils.organisation.member.find.invalidate({
+        organisationId: team.organisationId,
+      });
+    }
+    prevInviteDialogOpenRef.current = inviteDialogOpen;
+  }, [inviteDialogOpen, utils, team.organisationId]);
+
   return (
     <Dialog
       {...props}
@@ -134,9 +172,11 @@ export const TeamMemberCreateDialog = ({ trigger, ...props }: TeamMemberCreateDi
       // Since it would be annoying to redo the whole process.
     >
       <DialogTrigger onClick={(e) => e.stopPropagation()} asChild>
-        <Button variant="secondary" onClick={() => setOpen(true)}>
-          <Trans>Add members</Trans>
-        </Button>
+        {trigger ?? (
+          <Button variant="secondary" onClick={() => setOpen(true)}>
+            <Trans>Add members</Trans>
+          </Button>
+        )}
       </DialogTrigger>
 
       <DialogContent hideClose={true} position="center">
@@ -149,7 +189,7 @@ export const TeamMemberCreateDialog = ({ trigger, ...props }: TeamMemberCreateDi
                   <TooltipTrigger asChild>
                     <InfoIcon className="mx-2 h-4 w-4" />
                   </TooltipTrigger>
-                  <TooltipContent className="text-muted-foreground z-[99999] max-w-xs">
+                  <TooltipContent className="z-[99999] max-w-xs text-muted-foreground">
                     <Trans>
                       To be able to add members to a team, you must first add them to the
                       organisation. For more information, please see the{' '}
@@ -186,7 +226,18 @@ export const TeamMemberCreateDialog = ({ trigger, ...props }: TeamMemberCreateDi
           .exhaustive()}
 
         <Form {...form}>
-          <form onSubmit={form.handleSubmit(onFormSubmit)}>
+          <form
+            onSubmit={form.handleSubmit(onFormSubmit)}
+            onKeyDown={(e) => {
+              if (e.key === 'Enter' && form.getValues('members').length === 0) {
+                e.preventDefault();
+                if (hasNoAvailableMembers) {
+                  setInviteDialogOpen(true);
+                }
+                // Don't show toast - the disabled Next button already communicates this
+              }
+            }}
+          >
             <fieldset disabled={form.formState.isSubmitting}>
               {step === 'SELECT' && (
                 <>
@@ -194,46 +245,102 @@ export const TeamMemberCreateDialog = ({ trigger, ...props }: TeamMemberCreateDi
                     control={form.control}
                     name="members"
                     render={({ field }) => (
-                      <FormItem>
+                      <FormItem className="space-y-2">
                         <FormLabel>
                           <Trans>Members</Trans>
                         </FormLabel>
 
                         <FormControl>
-                          <MultiSelectCombobox
-                            options={avaliableOrganisationMembers.map((member) => ({
-                              label: member.name,
-                              value: member.id,
-                            }))}
-                            loading={organisationMemberQuery.isLoading}
-                            selectedValues={field.value.map(
-                              (member) => member.organisationMemberId,
-                            )}
-                            onChange={(value) => {
-                              field.onChange(
-                                value.map((organisationMemberId) => ({
-                                  organisationMemberId,
-                                  teamRole:
-                                    field.value.find(
-                                      (member) =>
-                                        member.organisationMemberId === organisationMemberId,
-                                    )?.teamRole || TeamMemberRole.MEMBER,
-                                })),
-                              );
-                            }}
-                            className="bg-background w-full"
-                            emptySelectionPlaceholder={t`Select members`}
-                          />
+                          {hasNoAvailableMembers ? (
+                            <div className="flex flex-col items-center justify-center rounded-lg border border-dashed border-muted-foreground/25 bg-muted/30 px-6 py-12 text-center">
+                              <div className="mb-4 flex h-12 w-12 items-center justify-center rounded-full bg-muted">
+                                <UserPlusIcon className="h-6 w-6 text-muted-foreground" />
+                              </div>
+                              <h3 className="mb-2 text-sm font-semibold">
+                                <Trans>No organisation members available</Trans>
+                              </h3>
+                              <p className="mb-6 max-w-sm text-sm text-muted-foreground">
+                                <Trans>
+                                  To add members to this team, you must first add them to the
+                                  organisation.
+                                </Trans>
+                              </p>
+                              <OrganisationMemberInviteDialog
+                                open={inviteDialogOpen}
+                                onOpenChange={setInviteDialogOpen}
+                                trigger={
+                                  <Button type="button" variant="default">
+                                    <UserPlusIcon className="mr-2 h-4 w-4" />
+                                    <Trans>Invite organisation members</Trans>
+                                  </Button>
+                                }
+                              />
+                            </div>
+                          ) : (
+                            <MultiSelectCombobox
+                              options={avaliableOrganisationMembers.map((member) => ({
+                                label: member.name,
+                                value: member.id,
+                              }))}
+                              loading={organisationMemberQuery.isLoading}
+                              selectedValues={field.value.map(
+                                (member) => member.organisationMemberId,
+                              )}
+                              onChange={(value) => {
+                                field.onChange(
+                                  value.map((organisationMemberId) => ({
+                                    organisationMemberId,
+                                    teamRole:
+                                      field.value.find(
+                                        (member) =>
+                                          member.organisationMemberId === organisationMemberId,
+                                      )?.teamRole || TeamMemberRole.MEMBER,
+                                  })),
+                                );
+                              }}
+                              className="w-full bg-background"
+                              emptySelectionPlaceholder={t`Select members`}
+                            />
+                          )}
                         </FormControl>
 
-                        <FormDescription>
-                          <Trans>Select members to add to this team</Trans>
-                        </FormDescription>
+                        {!hasNoAvailableMembers && (
+                          <>
+                            <FormDescription>
+                              <Trans>Select members to add to this team</Trans>
+                            </FormDescription>
+
+                            <Alert
+                              variant="neutral"
+                              className="mt-2 flex items-center gap-2 space-y-0"
+                            >
+                              <div>
+                                <UserPlusIcon className="h-5 w-5 text-muted-foreground" />
+                              </div>
+                              <AlertDescription className="mt-0 flex-1">
+                                <Trans>Can't find someone?</Trans>{' '}
+                                <OrganisationMemberInviteDialog
+                                  open={inviteDialogOpen}
+                                  onOpenChange={setInviteDialogOpen}
+                                  trigger={
+                                    <Button
+                                      type="button"
+                                      variant="link"
+                                      className="h-auto p-0 text-sm font-medium text-documenso-700 hover:text-documenso-600"
+                                    >
+                                      <Trans>Invite them to the organisation first</Trans>
+                                    </Button>
+                                  }
+                                />
+                              </AlertDescription>
+                            </Alert>
+                          </>
+                        )}
                       </FormItem>
                     )}
                   />
 
-                  <DialogFooter>
+                  <DialogFooter className="mt-4">
                     <Button type="button" variant="secondary" onClick={() => setOpen(false)}>
                       <Trans>Cancel</Trans>
                     </Button>

apps/remix/app/components/forms/signup.tsx

@@ -402,7 +402,7 @@ export const SignUpForm = ({
               size="lg"
               className="mt-6 w-full"
             >
-              <Trans>Complete</Trans>
+              <Trans>Create account</Trans>
             </Button>
           </form>
         </Form>

apps/remix/app/components/forms/subscription-claim-form.tsx

@@ -2,10 +2,13 @@ import { zodResolver } from '@hookform/resolvers/zod';
 import { Trans, useLingui } from '@lingui/react/macro';
 import type { SubscriptionClaim } from '@prisma/client';
 import { useForm } from 'react-hook-form';
+import { Link } from 'react-router';
 import type { z } from 'zod';
 
+import type { TLicenseClaim } from '@documenso/lib/types/license';
 import { SUBSCRIPTION_CLAIM_FEATURE_FLAGS } from '@documenso/lib/types/subscription';
 import { ZCreateSubscriptionClaimRequestSchema } from '@documenso/trpc/server/admin-router/create-subscription-claim.types';
+import { Alert, AlertDescription } from '@documenso/ui/primitives/alert';
 import { Checkbox } from '@documenso/ui/primitives/checkbox';
 import {
   Form,
@@ -24,15 +27,22 @@ type SubscriptionClaimFormProps = {
   subscriptionClaim: Omit<SubscriptionClaim, 'id' | 'createdAt' | 'updatedAt'>;
   onFormSubmit: (data: SubscriptionClaimFormValues) => Promise<void>;
   formSubmitTrigger?: React.ReactNode;
+  licenseFlags?: TLicenseClaim;
 };
 
 export const SubscriptionClaimForm = ({
   subscriptionClaim,
   onFormSubmit,
   formSubmitTrigger,
+  licenseFlags,
 }: SubscriptionClaimFormProps) => {
   const { t } = useLingui();
 
+  const hasRestrictedEnterpriseFeatures = Object.values(SUBSCRIPTION_CLAIM_FEATURE_FLAGS).some(
+    // eslint-disable-next-line @typescript-eslint/consistent-type-assertions
+    (flag) => flag.isEnterprise && !licenseFlags?.[flag.key as keyof TLicenseClaim],
+  );
+
   const form = useForm<SubscriptionClaimFormValues>({
     resolver: zodResolver(ZCreateSubscriptionClaimRequestSchema),
     defaultValues: {
@@ -142,34 +152,59 @@ export const SubscriptionClaimForm = ({
             </FormLabel>
 
             <div className="mt-2 space-y-2 rounded-md border p-4">
-              {Object.values(SUBSCRIPTION_CLAIM_FEATURE_FLAGS).map(({ key, label }) => (
-                <FormField
-                  key={key}
-                  control={form.control}
-                  name={`flags.${key}`}
-                  render={({ field }) => (
-                    <FormItem className="flex items-center space-x-2">
-                      <FormControl>
-                        <div className="flex items-center">
-                          <Checkbox
-                            id={`flag-${key}`}
-                            checked={field.value}
-                            onCheckedChange={field.onChange}
-                          />
+              {Object.values(SUBSCRIPTION_CLAIM_FEATURE_FLAGS).map(
+                ({ key, label, isEnterprise }) => {
+                  const isRestrictedFeature =
+                    isEnterprise && !licenseFlags?.[key as keyof TLicenseClaim]; // eslint-disable-line @typescript-eslint/consistent-type-assertions
 
-                          <label
-                            className="text-muted-foreground ml-2 flex flex-row items-center text-sm"
-                            htmlFor={`flag-${key}`}
-                          >
-                            {label}
-                          </label>
-                        </div>
-                      </FormControl>
-                    </FormItem>
-                  )}
-                />
-              ))}
+                  return (
+                    <FormField
+                      key={key}
+                      control={form.control}
+                      name={`flags.${key}`}
+                      render={({ field }) => (
+                        <FormItem className="flex items-center space-x-2">
+                          <FormControl>
+                            <div className="flex items-center">
+                              <Checkbox
+                                id={`flag-${key}`}
+                                checked={field.value}
+                                onCheckedChange={field.onChange}
+                                disabled={isRestrictedFeature && !field.value} // Allow disabling of restricted features.
+                              />
+
+                              <label
+                                className="ml-2 flex flex-row items-center text-sm text-muted-foreground"
+                                htmlFor={`flag-${key}`}
+                              >
+                                {label}
+                                {isRestrictedFeature && ' ¹'}
+                              </label>
+                            </div>
+                          </FormControl>
+                        </FormItem>
+                      )}
+                    />
+                  );
+                },
+              )}
             </div>
+
+            {hasRestrictedEnterpriseFeatures && (
+              <Alert variant="neutral" className="mt-4">
+                <AlertDescription>
+                  <span>¹&nbsp;</span>
+                  <Trans>Your current license does not include these features.</Trans>{' '}
+                  <Link
+                    to="https://docs.documenso.com/users/licenses/enterprise-edition"
+                    target="_blank"
+                    className="text-foreground underline hover:opacity-80"
+                  >
+                    <Trans>Learn more</Trans>
+                  </Link>
+                </AlertDescription>
+              </Alert>
+            )}
           </div>
 
           {formSubmitTrigger}

apps/remix/app/components/general/admin-license-card.tsx

@@ -0,0 +1,212 @@
+import { Trans, useLingui } from '@lingui/react/macro';
+import {
+  ArrowRightIcon,
+  CheckCircle2Icon,
+  KeyRoundIcon,
+  Loader2Icon,
+  RefreshCwIcon,
+  XCircleIcon,
+} from 'lucide-react';
+import { DateTime } from 'luxon';
+import { Link, useRevalidator } from 'react-router';
+import { match } from 'ts-pattern';
+
+import type { TCachedLicense } from '@documenso/lib/types/license';
+import { SUBSCRIPTION_CLAIM_FEATURE_FLAGS } from '@documenso/lib/types/subscription';
+import { trpc } from '@documenso/trpc/react';
+import { Badge } from '@documenso/ui/primitives/badge';
+import { Button } from '@documenso/ui/primitives/button';
+import {
+  Tooltip,
+  TooltipContent,
+  TooltipProvider,
+  TooltipTrigger,
+} from '@documenso/ui/primitives/tooltip';
+import { useToast } from '@documenso/ui/primitives/use-toast';
+
+import { CardMetric } from './metric-card';
+
+type AdminLicenseCardProps = {
+  licenseData: TCachedLicense | null;
+};
+
+export const AdminLicenseCard = ({ licenseData }: AdminLicenseCardProps) => {
+  const { t, i18n } = useLingui();
+
+  const { license } = licenseData || {};
+
+  if (!license) {
+    return (
+      <div className="relative">
+        <div className="absolute right-3 top-3 z-10">
+          <AdminLicenseResyncButton />
+        </div>
+        <CardMetric icon={KeyRoundIcon} title={t`License`} className="h-fit max-h-fit">
+          <div className="mt-1 flex items-center justify-center gap-2">
+            <div className="flex h-10 w-10 shrink-0 items-center justify-center rounded-lg border border-dashed border-muted-foreground/30 bg-muted/50">
+              <KeyRoundIcon className="h-5 w-5 text-muted-foreground/50" />
+            </div>
+
+            <div className="flex flex-col gap-0.5">
+              {licenseData?.requestedLicenseKey ? (
+                <>
+                  <p className="text-sm font-medium text-destructive">
+                    <Trans>Invalid License Key</Trans>
+                  </p>
+                  <p className="text-xs text-muted-foreground">{licenseData.requestedLicenseKey}</p>
+                </>
+              ) : (
+                <p className="text-sm font-medium text-muted-foreground">
+                  <Trans>No License Configured</Trans>
+                </p>
+              )}
+
+              <Link
+                to="https://docs.documenso.com/users/licenses/enterprise-edition"
+                target="_blank"
+                className="flex flex-row items-center text-xs text-muted-foreground hover:text-muted-foreground/80"
+              >
+                <Trans>Learn more</Trans> <ArrowRightIcon className="h-3 w-3" />
+              </Link>
+            </div>
+          </div>
+        </CardMetric>
+      </div>
+    );
+  }
+
+  const enabledFlags = Object.entries(license.flags).filter(([, enabled]) => enabled);
+
+  return (
+    <div className="relative max-w-full overflow-hidden rounded-lg border border-border bg-background px-4 pb-6 pt-4 shadow shadow-transparent duration-200 hover:shadow-border/80">
+      <div className="absolute right-3 top-3">
+        <AdminLicenseResyncButton />
+      </div>
+
+      <div className="flex items-start gap-2">
+        <div className="h-4 w-4">
+          <KeyRoundIcon className="h-4 w-4 text-muted-foreground" />
+        </div>
+
+        <h3 className="text-primary-forground mb-2 flex items-end text-sm font-medium leading-tight">
+          <Trans>Documenso License</Trans>
+        </h3>
+
+        {match(license.status)
+          .with('ACTIVE', () => (
+            <Badge variant="default" size="small">
+              <CheckCircle2Icon className="mr-1 h-3 w-3" />
+              <Trans context="Subscription status">Active</Trans>
+            </Badge>
+          ))
+          .with('PAST_DUE', () => (
+            <Badge variant="warning" size="small">
+              <XCircleIcon className="mr-1 h-3 w-3" />
+              <Trans context="Subscription status">Past Due</Trans>
+            </Badge>
+          ))
+          .with('EXPIRED', () => (
+            <Badge variant="destructive" size="small">
+              <XCircleIcon className="mr-1 h-3 w-3" />
+              <Trans context="Subscription status">Expired</Trans>
+            </Badge>
+          ))
+          .otherwise(() => null)}
+      </div>
+
+      <div className="mt-4 grid grid-cols-2 gap-4">
+        <div>
+          <p className="text-sm font-medium text-foreground">
+            <Trans>License</Trans>
+          </p>
+          <p className="mt-0.5 text-xs text-muted-foreground">{license.name}</p>
+        </div>
+
+        <div>
+          <p className="text-sm font-medium text-foreground">
+            <Trans>Expires</Trans>
+          </p>
+          <p className="mt-0.5 text-xs text-muted-foreground">
+            {i18n.date(license.periodEnd, DateTime.DATE_MED)}
+          </p>
+        </div>
+
+        <div>
+          <p className="text-sm font-medium text-foreground">
+            <Trans>License Key</Trans>
+          </p>
+          <p className="mt-0.5 text-xs text-muted-foreground">{license.licenseKey}</p>
+        </div>
+
+        <div>
+          <p className="text-sm font-medium text-foreground">
+            <Trans>Features</Trans>
+          </p>
+          <p className="mt-0.5 text-xs text-muted-foreground">
+            {enabledFlags.length > 0 ? (
+              enabledFlags
+                .map(
+                  ([flag]) =>
+                    SUBSCRIPTION_CLAIM_FEATURE_FLAGS[
+                      // eslint-disable-next-line @typescript-eslint/consistent-type-assertions
+                      flag as keyof typeof SUBSCRIPTION_CLAIM_FEATURE_FLAGS
+                    ]?.label || flag,
+                )
+                .join(', ')
+            ) : (
+              <Trans>No features enabled</Trans>
+            )}
+          </p>
+        </div>
+      </div>
+    </div>
+  );
+};
+
+const AdminLicenseResyncButton = () => {
+  const { t } = useLingui();
+  const { toast } = useToast();
+  const { revalidate } = useRevalidator();
+
+  const { mutate: resyncLicense, isPending: isResyncingLicense } =
+    trpc.admin.license.resync.useMutation({
+      onSuccess: async () => {
+        toast({
+          title: t`License synced`,
+        });
+
+        await revalidate();
+      },
+      onError: () => {
+        toast({
+          title: t`Failed to sync license`,
+          variant: 'destructive',
+        });
+      },
+    });
+
+  return (
+    <TooltipProvider>
+      <Tooltip>
+        <TooltipTrigger asChild>
+          <Button
+            variant="ghost"
+            size="sm"
+            className="h-8 w-8 p-0"
+            disabled={isResyncingLicense}
+            onClick={() => resyncLicense()}
+          >
+            {isResyncingLicense ? (
+              <Loader2Icon className="h-4 w-4 animate-spin" />
+            ) : (
+              <RefreshCwIcon className="h-4 w-4" />
+            )}
+          </Button>
+        </TooltipTrigger>
+        <TooltipContent>
+          <Trans>Sync license from server</Trans>
+        </TooltipContent>
+      </Tooltip>
+    </TooltipProvider>
+  );
+};

apps/remix/app/components/general/admin-license-status-banner.tsx

@@ -0,0 +1,78 @@
+import { Trans } from '@lingui/react/macro';
+import { AlertTriangleIcon, KeyRoundIcon } from 'lucide-react';
+import { Link } from 'react-router';
+import { match } from 'ts-pattern';
+
+import type { TCachedLicense } from '@documenso/lib/types/license';
+import { cn } from '@documenso/ui/lib/utils';
+import { Button } from '@documenso/ui/primitives/button';
+
+export type AdminLicenseStatusBannerProps = {
+  license: TCachedLicense | null;
+};
+
+export const AdminLicenseStatusBanner = ({ license }: AdminLicenseStatusBannerProps) => {
+  const licenseStatus = license?.derivedStatus;
+
+  if (!license || licenseStatus === 'ACTIVE' || licenseStatus === 'NOT_FOUND') {
+    return null;
+  }
+
+  return (
+    <div
+      className={cn('mb-8 rounded-lg bg-yellow-200 text-yellow-900 dark:bg-yellow-400', {
+        'bg-destructive text-destructive-foreground':
+          licenseStatus === 'EXPIRED' || licenseStatus === 'UNAUTHORIZED',
+      })}
+    >
+      <div className="flex items-center justify-between gap-x-4 px-4 py-3 text-sm font-medium">
+        <div className="flex items-center">
+          <AlertTriangleIcon className="mr-2.5 h-5 w-5" />
+
+          {match(licenseStatus)
+            .with('PAST_DUE', () => (
+              <Trans>
+                License Payment Overdue - Please update your payment to avoid service disruptions.
+              </Trans>
+            ))
+            .with('EXPIRED', () => (
+              <Trans>
+                License Expired - Please renew your license to continue using enterprise features.
+              </Trans>
+            ))
+            .with('UNAUTHORIZED', () =>
+              license ? (
+                <Trans>
+                  Invalid License Type - Your Documenso instance is using features that are not part
+                  of your license.
+                </Trans>
+              ) : (
+                <Trans>
+                  Missing License - Your Documenso instance is using features that require a
+                  license.
+                </Trans>
+              ),
+            )
+            .otherwise(() => null)}
+        </div>
+
+        <Button
+          variant="outline"
+          size="sm"
+          className={cn({
+            'border-yellow-900/30 text-yellow-900 hover:bg-yellow-100 dark:hover:bg-yellow-500':
+              licenseStatus === 'PAST_DUE',
+            'border-destructive-foreground/30 text-destructive-foreground hover:bg-destructive/80':
+              licenseStatus === 'EXPIRED' || licenseStatus === 'UNAUTHORIZED',
+          })}
+          asChild
+        >
+          <Link to="https://docs.documenso.com/users/licenses/enterprise-edition" target="_blank">
+            <KeyRoundIcon className="mr-1.5 h-4 w-4" />
+            <Trans>See Documentation</Trans>
+          </Link>
+        </Button>
+      </div>
+    </div>
+  );
+};

apps/remix/app/components/general/default-recipients-multiselect-combobox.tsx

@@ -1,10 +1,13 @@
 import { msg } from '@lingui/core/macro';
 import { useLingui } from '@lingui/react';
+import { Trans, useLingui as useLinguiMacro } from '@lingui/react/macro';
 import { RecipientRole } from '@prisma/client';
 
 import type { TDefaultRecipient } from '@documenso/lib/types/default-recipients';
+import { isRecipientEmailValidForSending } from '@documenso/lib/utils/recipients';
 import { trpc } from '@documenso/trpc/react';
 import { MultiSelect, type Option } from '@documenso/ui/primitives/multiselect';
+import { useToast } from '@documenso/ui/primitives/use-toast';
 
 type DefaultRecipientsMultiSelectComboboxProps = {
   listValues: TDefaultRecipient[];
@@ -20,6 +23,8 @@ export const DefaultRecipientsMultiSelectCombobox = ({
   organisationId,
 }: DefaultRecipientsMultiSelectComboboxProps) => {
   const { _ } = useLingui();
+  const { t } = useLinguiMacro();
+  const { toast } = useToast();
 
   const { data: organisationData, isLoading: isLoadingOrganisation } =
     trpc.organisation.member.find.useQuery(
@@ -60,31 +65,56 @@ export const DefaultRecipientsMultiSelectCombobox = ({
   }));
 
   const onSelectionChange = (selected: Option[]) => {
-    const updatedRecipients = selected.map((option) => {
-      const existingRecipient = listValues.find((r) => r.email === option.value);
-      const member = members?.find((m) => m.email === option.value);
+    const invalidEmails = selected.filter(
+      (option) => !isRecipientEmailValidForSending({ email: option.value }),
+    );
 
-      return {
-        email: option.value,
-        name: member?.name || option.value,
-        role: existingRecipient?.role ?? RecipientRole.CC,
-      };
-    });
+    if (invalidEmails.length > 0) {
+      toast({
+        title: t`Invalid email`,
+        description: t`"${invalidEmails[0].value}" is not a valid email address.`,
+        variant: 'destructive',
+      });
+    }
+
+    const updatedRecipients = selected
+      .filter((option) => !invalidEmails.includes(option))
+      .map((option) => {
+        const existingRecipient = listValues.find((r) => r.email === option.value);
+        const member = members?.find((m) => m.email === option.value);
+
+        return {
+          email: option.value,
+          name: member?.name || option.value,
+          role: existingRecipient?.role ?? RecipientRole.CC,
+        };
+      });
 
     onChange(updatedRecipients);
   };
 
   return (
     <MultiSelect
-      commandProps={{ label: _(msg`Select recipients`) }}
+      commandProps={{ label: _(msg`Select or add recipients`) }}
       options={options}
       value={value}
       onChange={onSelectionChange}
-      placeholder={_(msg`Select recipients`)}
+      placeholder={_(msg`Select or enter email address`)}
       hideClearAllButton
       hidePlaceholderWhenSelected
-      loadingIndicator={isLoading ? <p className="text-center text-sm">Loading...</p> : undefined}
-      emptyIndicator={<p className="text-center text-sm">No members found</p>}
+      creatable
+      loadingIndicator={
+        isLoading ? (
+          <p className="text-center text-sm">
+            <Trans>Loading...</Trans>
+          </p>
+        ) : undefined
+      }
+      emptyIndicator={
+        <p className="text-center text-sm">
+          <Trans>Type an email address to add a recipient</Trans>
+        </p>
+      }
     />
   );
 };

apps/remix/app/components/general/document/document-audit-log-download-button.tsx

@@ -3,6 +3,8 @@ import { useLingui } from '@lingui/react';
 import { Trans } from '@lingui/react/macro';
 import { DownloadIcon } from 'lucide-react';
 
+import { downloadFile } from '@documenso/lib/client-only/download-file';
+import { base64 } from '@documenso/lib/universal/base64';
 import { trpc } from '@documenso/trpc/react';
 import { cn } from '@documenso/ui/lib/utils';
 import { Button } from '@documenso/ui/primitives/button';
@@ -25,36 +27,15 @@ export const DocumentAuditLogDownloadButton = ({
 
   const onDownloadAuditLogsClick = async () => {
     try {
-      const { url } = await downloadAuditLogs({ documentId });
+      const { data, envelopeTitle } = await downloadAuditLogs({ documentId });
 
-      const iframe = Object.assign(document.createElement('iframe'), {
-        src: url,
+      const buffer = new Uint8Array(base64.decode(data));
+      const blob = new Blob([buffer], { type: 'application/pdf' });
+
+      downloadFile({
+        data: blob,
+        filename: `${envelopeTitle} - Audit Logs.pdf`,
       });
-
-      Object.assign(iframe.style, {
-        position: 'fixed',
-        top: '0',
-        left: '0',
-        width: '0',
-        height: '0',
-      });
-
-      const onLoaded = () => {
-        if (iframe.contentDocument?.readyState === 'complete') {
-          iframe.contentWindow?.print();
-
-          iframe.contentWindow?.addEventListener('afterprint', () => {
-            document.body.removeChild(iframe);
-          });
-        }
-      };
-
-      // When the iframe has loaded, print the iframe and remove it from the dom
-      iframe.addEventListener('load', onLoaded);
-
-      document.body.appendChild(iframe);
-
-      onLoaded();
     } catch (error) {
       console.error(error);
 

apps/remix/app/components/general/document/document-certificate-download-button.tsx

@@ -4,6 +4,8 @@ import { Trans } from '@lingui/react/macro';
 import type { DocumentStatus } from '@prisma/client';
 import { DownloadIcon } from 'lucide-react';
 
+import { downloadFile } from '@documenso/lib/client-only/download-file';
+import { base64 } from '@documenso/lib/universal/base64';
 import { isDocumentCompleted } from '@documenso/lib/utils/document';
 import { trpc } from '@documenso/trpc/react';
 import { cn } from '@documenso/ui/lib/utils';
@@ -29,36 +31,15 @@ export const DocumentCertificateDownloadButton = ({
 
   const onDownloadCertificatesClick = async () => {
     try {
-      const { url } = await downloadCertificate({ documentId });
+      const { data, envelopeTitle } = await downloadCertificate({ documentId });
 
-      const iframe = Object.assign(document.createElement('iframe'), {
-        src: url,
+      const buffer = new Uint8Array(base64.decode(data));
+      const blob = new Blob([buffer], { type: 'application/pdf' });
+
+      downloadFile({
+        data: blob,
+        filename: `${envelopeTitle} - Certificate.pdf`,
       });
-
-      Object.assign(iframe.style, {
-        position: 'fixed',
-        top: '0',
-        left: '0',
-        width: '0',
-        height: '0',
-      });
-
-      const onLoaded = () => {
-        if (iframe.contentDocument?.readyState === 'complete') {
-          iframe.contentWindow?.print();
-
-          iframe.contentWindow?.addEventListener('afterprint', () => {
-            document.body.removeChild(iframe);
-          });
-        }
-      };
-
-      // When the iframe has loaded, print the iframe and remove it from the dom
-      iframe.addEventListener('load', onLoaded);
-
-      document.body.appendChild(iframe);
-
-      onLoaded();
     } catch (error) {
       console.error(error);
 

apps/remix/app/components/general/envelope-editor/envelope-editor-recipient-form.tsx

@@ -594,8 +594,12 @@ export const EnvelopeEditorRecipientForm = () => {
     <Card backdropBlur={false} className="border">
       <CardHeader className="flex flex-row justify-between">
         <div>
-          <CardTitle>Recipients</CardTitle>
-          <CardDescription className="mt-1.5">Add recipients to your document</CardDescription>
+          <CardTitle>
+            <Trans>Recipients</Trans>
+          </CardTitle>
+          <CardDescription className="mt-1.5">
+            <Trans>Add recipients to your document</Trans>
+          </CardDescription>
         </div>
 
         <div className="flex flex-row items-center space-x-2">

apps/remix/app/components/general/metric-card.tsx

@@ -5,15 +5,16 @@ import { cn } from '@documenso/ui/lib/utils';
 export type CardMetricProps = {
   icon?: LucideIcon;
   title: string;
-  value: string | number;
+  value?: string | number;
   className?: string;
+  children?: React.ReactNode;
 };
 
-export const CardMetric = ({ icon: Icon, title, value, className }: CardMetricProps) => {
+export const CardMetric = ({ icon: Icon, title, value, className, children }: CardMetricProps) => {
   return (
     <div
       className={cn(
-        'border-border bg-background hover:shadow-border/80 h-32 max-h-32 max-w-full overflow-hidden rounded-lg border shadow shadow-transparent duration-200',
+        'h-32 max-h-32 max-w-full overflow-hidden rounded-lg border border-border bg-background shadow shadow-transparent duration-200 hover:shadow-border/80',
         className,
       )}
     >
@@ -21,7 +22,7 @@ export const CardMetric = ({ icon: Icon, title, value, className }: CardMetricPr
         <div className="flex items-start">
           {Icon && (
             <div className="mr-2 h-4 w-4">
-              <Icon className="text-muted-foreground h-4 w-4" />
+              <Icon className="h-4 w-4 text-muted-foreground" />
             </div>
           )}
 
@@ -30,9 +31,11 @@ export const CardMetric = ({ icon: Icon, title, value, className }: CardMetricPr
           </h3>
         </div>
 
-        <p className="text-foreground mt-auto text-4xl font-semibold leading-8">
-          {typeof value === 'number' ? value.toLocaleString('en-US') : value}
-        </p>
+        {children || (
+          <p className="mt-auto text-4xl font-semibold leading-8 text-foreground">
+            {typeof value === 'number' ? value.toLocaleString('en-US') : value}
+          </p>
+        )}
       </div>
     </div>
   );

apps/remix/app/components/tables/admin-claims-table.tsx

@@ -6,6 +6,7 @@ import { EditIcon, MoreHorizontalIcon, Trash2Icon } from 'lucide-react';
 import { Link, useSearchParams } from 'react-router';
 
 import { useUpdateSearchParams } from '@documenso/lib/client-only/hooks/use-update-search-params';
+import type { TLicenseClaim } from '@documenso/lib/types/license';
 import { ZUrlSearchParamsSchema } from '@documenso/lib/types/search-params';
 import { SUBSCRIPTION_CLAIM_FEATURE_FLAGS } from '@documenso/lib/types/subscription';
 import { trpc } from '@documenso/trpc/react';
@@ -27,7 +28,11 @@ import { useToast } from '@documenso/ui/primitives/use-toast';
 import { ClaimDeleteDialog } from '../dialogs/claim-delete-dialog';
 import { ClaimUpdateDialog } from '../dialogs/claim-update-dialog';
 
-export const AdminClaimsTable = () => {
+type AdminClaimsTableProps = {
+  licenseFlags?: TLicenseClaim;
+};
+
+export const AdminClaimsTable = ({ licenseFlags }: AdminClaimsTableProps) => {
   const { t } = useLingui();
   const { toast } = useToast();
 
@@ -97,11 +102,11 @@ export const AdminClaimsTable = () => {
           );
 
           if (flags.length === 0) {
-            return <p className="text-muted-foreground text-xs">{t`None`}</p>;
+            return <p className="text-xs text-muted-foreground">{t`None`}</p>;
           }
 
           return (
-            <ul className="text-muted-foreground list-disc space-y-1 text-xs">
+            <ul className="list-disc space-y-1 text-xs text-muted-foreground">
               {flags.map(({ key, label }) => (
                 <li key={key}>{label}</li>
               ))}
@@ -114,7 +119,7 @@ export const AdminClaimsTable = () => {
         cell: ({ row }) => (
           <DropdownMenu>
             <DropdownMenuTrigger>
-              <MoreHorizontalIcon className="text-muted-foreground h-5 w-5" />
+              <MoreHorizontalIcon className="h-5 w-5 text-muted-foreground" />
             </DropdownMenuTrigger>
 
             <DropdownMenuContent className="w-52" align="start" forceMount>
@@ -124,6 +129,7 @@ export const AdminClaimsTable = () => {
 
               <ClaimUpdateDialog
                 claim={row.original}
+                licenseFlags={licenseFlags}
                 trigger={
                   <DropdownMenuItem asChild onSelect={(e) => e.preventDefault()}>
                     <div>

apps/remix/app/components/tables/admin-user-teams-table.tsx

@@ -0,0 +1,146 @@
+import { useMemo } from 'react';
+
+import { useLingui } from '@lingui/react';
+import { useLingui as useLinguiMacro } from '@lingui/react/macro';
+import { Link, useSearchParams } from 'react-router';
+
+import { useUpdateSearchParams } from '@documenso/lib/client-only/hooks/use-update-search-params';
+import { TEAM_MEMBER_ROLE_MAP } from '@documenso/lib/constants/teams-translations';
+import { ZUrlSearchParamsSchema } from '@documenso/lib/types/search-params';
+import type { TeamMemberRole } from '@documenso/prisma/generated/types';
+import { trpc } from '@documenso/trpc/react';
+import { Badge } from '@documenso/ui/primitives/badge';
+import type { DataTableColumnDef } from '@documenso/ui/primitives/data-table';
+import { DataTable } from '@documenso/ui/primitives/data-table';
+import { DataTablePagination } from '@documenso/ui/primitives/data-table-pagination';
+import { HoverCard, HoverCardContent, HoverCardTrigger } from '@documenso/ui/primitives/hover-card';
+import { Skeleton } from '@documenso/ui/primitives/skeleton';
+import { TableCell } from '@documenso/ui/primitives/table';
+
+type AdminUserTeamsTableProps = {
+  userId: number;
+};
+
+export const AdminUserTeamsTable = ({ userId }: AdminUserTeamsTableProps) => {
+  const { i18n } = useLingui();
+  const { t } = useLinguiMacro();
+
+  const [searchParams] = useSearchParams();
+  const updateSearchParams = useUpdateSearchParams();
+
+  const parsedSearchParams = ZUrlSearchParamsSchema.parse(Object.fromEntries(searchParams ?? []));
+
+  const { data, isLoading, isLoadingError } = trpc.admin.user.findTeams.useQuery({
+    userId,
+    query: parsedSearchParams.query,
+    page: parsedSearchParams.page,
+    perPage: parsedSearchParams.perPage,
+  });
+
+  const onPaginationChange = (page: number, perPage: number) => {
+    updateSearchParams({
+      page,
+      perPage,
+    });
+  };
+
+  const results = data ?? {
+    data: [],
+    perPage: 10,
+    currentPage: 1,
+    totalPages: 1,
+  };
+
+  const columns = useMemo(() => {
+    return [
+      {
+        header: t`Team`,
+        accessorKey: 'name',
+        cell: ({ row }) => (
+          <HoverCard>
+            <HoverCardTrigger className="cursor-default underline decoration-dotted underline-offset-4">
+              {row.original.name}
+            </HoverCardTrigger>
+            <HoverCardContent
+              className="w-auto font-mono text-xs text-muted-foreground"
+              align="start"
+            >
+              <dl className="grid grid-cols-[auto_1fr] gap-x-3 gap-y-1">
+                <dt>id</dt>
+                <dd>{row.original.id}</dd>
+                <dt>url</dt>
+                <dd>{row.original.url}</dd>
+              </dl>
+            </HoverCardContent>
+          </HoverCard>
+        ),
+      },
+      {
+        header: t`Organisation`,
+        accessorKey: 'organisation',
+        cell: ({ row }) => (
+          <Link
+            to={`/admin/organisations/${row.original.organisation.id}`}
+            className="hover:underline"
+          >
+            {row.original.organisation.name}
+          </Link>
+        ),
+      },
+      {
+        header: t`Role`,
+        accessorKey: 'teamRole',
+        cell: ({ row }) => (
+          <Badge variant="neutral">
+            {i18n._(TEAM_MEMBER_ROLE_MAP[row.original.teamRole as TeamMemberRole])}
+          </Badge>
+        ),
+      },
+      {
+        header: t`Created At`,
+        accessorKey: 'createdAt',
+        cell: ({ row }) => i18n.date(row.original.createdAt),
+      },
+    ] satisfies DataTableColumnDef<(typeof results)['data'][number]>[];
+  }, []);
+
+  return (
+    <DataTable
+      columns={columns}
+      data={results.data}
+      perPage={results.perPage}
+      currentPage={results.currentPage}
+      totalPages={results.totalPages}
+      onPaginationChange={onPaginationChange}
+      error={{
+        enable: isLoadingError,
+      }}
+      skeleton={{
+        enable: isLoading,
+        rows: 3,
+        component: (
+          <>
+            <TableCell className="py-4 pr-4">
+              <Skeleton className="h-4 w-20 rounded-full" />
+            </TableCell>
+            <TableCell>
+              <Skeleton className="h-4 w-20 rounded-full" />
+            </TableCell>
+            <TableCell>
+              <Skeleton className="h-4 w-12 rounded-full" />
+            </TableCell>
+            <TableCell>
+              <Skeleton className="h-4 w-16 rounded-full" />
+            </TableCell>
+          </>
+        ),
+      }}
+    >
+      {(table) =>
+        table.getPageCount() > 1 ? (
+          <DataTablePagination additionalInformation="VisibleCount" table={table} />
+        ) : null
+      }
+    </DataTable>
+  );
+};

apps/remix/app/components/tables/documents-table.tsx

@@ -12,7 +12,8 @@ import { useSession } from '@documenso/lib/client-only/providers/session';
 import { isDocumentCompleted } from '@documenso/lib/utils/document';
 import { formatDocumentsPath } from '@documenso/lib/utils/teams';
 import type { TFindDocumentsResponse } from '@documenso/trpc/server/document-router/find-documents.types';
-import type { DataTableColumnDef } from '@documenso/ui/primitives/data-table';
+import { Checkbox } from '@documenso/ui/primitives/checkbox';
+import type { DataTableColumnDef, RowSelectionState } from '@documenso/ui/primitives/data-table';
 import { DataTable } from '@documenso/ui/primitives/data-table';
 import { DataTablePagination } from '@documenso/ui/primitives/data-table-pagination';
 import { Skeleton } from '@documenso/ui/primitives/skeleton';
@@ -30,6 +31,9 @@ export type DocumentsTableProps = {
   isLoading?: boolean;
   isLoadingError?: boolean;
   onMoveDocument?: (documentId: number) => void;
+  enableSelection?: boolean;
+  rowSelection?: RowSelectionState;
+  onRowSelectionChange?: (selection: RowSelectionState) => void;
 };
 
 type DocumentsTableRow = TFindDocumentsResponse['data'][number];
@@ -39,6 +43,9 @@ export const DocumentsTable = ({
   isLoading,
   isLoadingError,
   onMoveDocument,
+  enableSelection,
+  rowSelection,
+  onRowSelectionChange,
 }: DocumentsTableProps) => {
   const { _, i18n } = useLingui();
 
@@ -48,7 +55,34 @@ export const DocumentsTable = ({
   const updateSearchParams = useUpdateSearchParams();
 
   const columns = useMemo(() => {
-    return [
+    const cols: DataTableColumnDef<DocumentsTableRow>[] = [];
+
+    if (enableSelection) {
+      cols.push({
+        id: 'select',
+        header: ({ table }) => (
+          <Checkbox
+            checked={table.getIsAllPageRowsSelected()}
+            onCheckedChange={(value) => table.toggleAllPageRowsSelected(!!value)}
+            aria-label={_(msg`Select all`)}
+            onClick={(e) => e.stopPropagation()}
+          />
+        ),
+        cell: ({ row }) => (
+          <Checkbox
+            checked={row.getIsSelected()}
+            onCheckedChange={(value) => row.toggleSelected(!!value)}
+            aria-label={_(msg`Select row`)}
+            onClick={(e) => e.stopPropagation()}
+          />
+        ),
+        enableSorting: false,
+        enableHiding: false,
+        size: 40,
+      });
+    }
+
+    cols.push(
       {
         header: _(msg`Created`),
         accessorKey: 'createdAt',
@@ -93,8 +127,10 @@ export const DocumentsTable = ({
             </div>
           ),
       },
-    ] satisfies DataTableColumnDef<DocumentsTableRow>[];
-  }, [team, onMoveDocument]);
+    );
+
+    return cols;
+  }, [team, onMoveDocument, enableSelection]);
 
   const onPaginationChange = (page: number, perPage: number) => {
     startTransition(() => {
@@ -132,6 +168,11 @@ export const DocumentsTable = ({
           rows: 5,
           component: (
             <>
+              {enableSelection && (
+                <TableCell>
+                  <Skeleton className="h-4 w-4 rounded" />
+                </TableCell>
+              )}
               <TableCell>
                 <Skeleton className="h-4 w-40 rounded-full" />
               </TableCell>
@@ -152,13 +193,17 @@ export const DocumentsTable = ({
             </>
           ),
         }}
+        enableRowSelection={enableSelection}
+        rowSelection={rowSelection}
+        onRowSelectionChange={onRowSelectionChange}
+        getRowId={(row) => row.envelopeId}
       >
         {(table) => <DataTablePagination additionalInformation="VisibleCount" table={table} />}
       </DataTable>
 
       {isPending && (
-        <div className="bg-background/50 absolute inset-0 flex items-center justify-center">
-          <Loader className="text-muted-foreground h-8 w-8 animate-spin" />
+        <div className="absolute inset-0 flex items-center justify-center bg-background/50">
+          <Loader className="h-8 w-8 animate-spin text-muted-foreground" />
         </div>
       )}
     </div>

apps/remix/app/components/tables/envelopes-table-bulk-action-bar.tsx

@@ -0,0 +1,49 @@
+import { useLingui } from '@lingui/react/macro';
+import { Trans } from '@lingui/react/macro';
+import { FolderInputIcon, Trash2Icon, XIcon } from 'lucide-react';
+
+import { Button } from '@documenso/ui/primitives/button';
+
+export type EnvelopesTableBulkActionBarProps = {
+  selectedCount: number;
+  onMoveClick: () => void;
+  onDeleteClick: () => void;
+  onClearSelection: () => void;
+};
+
+export const EnvelopesTableBulkActionBar = ({
+  selectedCount,
+  onMoveClick,
+  onDeleteClick,
+  onClearSelection,
+}: EnvelopesTableBulkActionBarProps) => {
+  const { t } = useLingui();
+
+  if (selectedCount === 0) {
+    return null;
+  }
+
+  return (
+    <div className="fixed bottom-4 left-1/2 z-50 flex -translate-x-1/2 items-center gap-x-4 rounded-lg border border-border bg-background px-4 py-3 shadow-lg">
+      <span className="text-sm font-medium">
+        <Trans>{selectedCount} selected</Trans>
+      </span>
+
+      <div className="h-6 w-px bg-border" />
+
+      <Button type="button" variant="outline" size="sm" onClick={onMoveClick}>
+        <FolderInputIcon className="mr-2 h-4 w-4" />
+        <Trans>Move to Folder</Trans>
+      </Button>
+
+      <Button type="button" variant="destructive" size="sm" onClick={onDeleteClick}>
+        <Trash2Icon className="mr-2 h-4 w-4" />
+        <Trans>Delete</Trans>
+      </Button>
+
+      <Button variant="ghost" size="sm" onClick={onClearSelection} aria-label={t`Clear selection`}>
+        <XIcon className="h-4 w-4" />
+      </Button>
+    </div>
+  );
+};

apps/remix/app/components/tables/templates-table.tsx

@@ -12,7 +12,8 @@ import { useCurrentOrganisation } from '@documenso/lib/client-only/providers/org
 import { formatTemplatesPath } from '@documenso/lib/utils/teams';
 import type { TFindTemplatesResponse } from '@documenso/trpc/server/template-router/schema';
 import { Alert, AlertDescription, AlertTitle } from '@documenso/ui/primitives/alert';
-import type { DataTableColumnDef } from '@documenso/ui/primitives/data-table';
+import { Checkbox } from '@documenso/ui/primitives/checkbox';
+import type { DataTableColumnDef, RowSelectionState } from '@documenso/ui/primitives/data-table';
 import { DataTable } from '@documenso/ui/primitives/data-table';
 import { DataTablePagination } from '@documenso/ui/primitives/data-table-pagination';
 import { Skeleton } from '@documenso/ui/primitives/skeleton';
@@ -32,6 +33,9 @@ type TemplatesTableProps = {
   isLoadingError?: boolean;
   documentRootPath: string;
   templateRootPath: string;
+  enableSelection?: boolean;
+  rowSelection?: RowSelectionState;
+  onRowSelectionChange?: (selection: RowSelectionState) => void;
 };
 
 type TemplatesTableRow = TFindTemplatesResponse['data'][number];
@@ -42,6 +46,9 @@ export const TemplatesTable = ({
   isLoadingError,
   documentRootPath,
   templateRootPath,
+  enableSelection,
+  rowSelection,
+  onRowSelectionChange,
 }: TemplatesTableProps) => {
   const { _, i18n } = useLingui();
   const { remaining } = useLimits();
@@ -60,7 +67,34 @@ export const TemplatesTable = ({
   };
 
   const columns = useMemo(() => {
-    return [
+    const cols: DataTableColumnDef<TemplatesTableRow>[] = [];
+
+    if (enableSelection) {
+      cols.push({
+        id: 'select',
+        header: ({ table }) => (
+          <Checkbox
+            checked={table.getIsAllPageRowsSelected()}
+            onCheckedChange={(value) => table.toggleAllPageRowsSelected(!!value)}
+            aria-label={_(msg`Select all`)}
+            onClick={(e) => e.stopPropagation()}
+          />
+        ),
+        cell: ({ row }) => (
+          <Checkbox
+            checked={row.getIsSelected()}
+            onCheckedChange={(value) => row.toggleSelected(!!value)}
+            aria-label={_(msg`Select row`)}
+            onClick={(e) => e.stopPropagation()}
+          />
+        ),
+        enableSorting: false,
+        enableHiding: false,
+        size: 40,
+      });
+    }
+
+    cols.push(
       {
         header: _(msg`Created`),
         accessorKey: 'createdAt',
@@ -86,8 +120,8 @@ export const TemplatesTable = ({
                 <InfoIcon className="mx-2 h-4 w-4" />
               </TooltipTrigger>
 
-              <TooltipContent className="text-foreground max-w-md space-y-2 !p-0">
-                <ul className="text-muted-foreground space-y-0.5 divide-y [&>li]:p-4">
+              <TooltipContent className="max-w-md space-y-2 !p-0 text-foreground">
+                <ul className="space-y-0.5 divide-y text-muted-foreground [&>li]:p-4">
                   <li>
                     <h2 className="mb-2 flex flex-row items-center font-semibold">
                       <Globe2Icon className="mr-2 h-5 w-5 text-green-500 dark:text-green-300" />
@@ -176,8 +210,10 @@ export const TemplatesTable = ({
           );
         },
       },
-    ] satisfies DataTableColumnDef<TemplatesTableRow>[];
-  }, [documentRootPath, team?.id, templateRootPath]);
+    );
+
+    return cols;
+  }, [documentRootPath, team?.id, templateRootPath, enableSelection]);
 
   const onPaginationChange = (page: number, perPage: number) => {
     startTransition(() => {
@@ -224,6 +260,10 @@ export const TemplatesTable = ({
         currentPage={results.currentPage}
         totalPages={results.totalPages}
         onPaginationChange={onPaginationChange}
+        enableRowSelection={enableSelection}
+        rowSelection={rowSelection}
+        onRowSelectionChange={onRowSelectionChange}
+        getRowId={(row) => row.envelopeId}
         error={{
           enable: isLoadingError || false,
         }}
@@ -232,6 +272,11 @@ export const TemplatesTable = ({
           rows: 5,
           component: (
             <>
+              {enableSelection && (
+                <TableCell className="w-10">
+                  <Skeleton className="h-4 w-4 rounded" />
+                </TableCell>
+              )}
               <TableCell>
                 <Skeleton className="h-4 w-40 rounded-full" />
               </TableCell>

apps/remix/app/root.tsx

@@ -7,7 +7,6 @@ import {
   data,
   isRouteErrorResponse,
   useLoaderData,
-  useLocation,
 } from 'react-router';
 import { PreventFlashOnWrongTheme, ThemeProvider, useTheme } from 'remix-themes';
 
@@ -87,8 +86,6 @@ export async function loader({ request }: Route.LoaderArgs) {
 export function Layout({ children }: { children: React.ReactNode }) {
   const { theme } = useLoaderData<typeof loader>() || {};
 
-  const location = useLocation();
-
   return (
     <ThemeProvider specifiedTheme={theme} themeAction="/api/theme">
       <LayoutContent>{children}</LayoutContent>
@@ -129,6 +126,18 @@ export function LayoutContent({ children }: { children: React.ReactNode }) {
         <script>0</script>
       </head>
       <body>
+        {/* Global license banner currently disabled. Need to wait until after a few releases. */}
+        {/* {licenseStatus === '?' && (
+          <div className="bg-destructive text-destructive-foreground">
+            <div className="mx-auto flex h-auto max-w-screen-xl items-center justify-center px-4 py-3 text-sm font-medium">
+              <div className="flex items-center">
+                <AlertTriangleIcon className="mr-2 h-4 w-4" />
+                <Trans>This is an expired license instance of Documenso</Trans>
+              </div>
+            </div>
+          </div>
+        )} */}
+
         <SessionProvider initialSession={session}>
           <TooltipProvider>
             <TrpcProvider>

apps/remix/app/routes/_authenticated+/admin+/_layout.tsx

@@ -11,25 +11,37 @@ import {
 import { Link, Outlet, redirect, useLocation } from 'react-router';
 
 import { getSession } from '@documenso/auth/server/lib/utils/get-session';
+import { LicenseClient } from '@documenso/lib/server-only/license/license-client';
 import { isAdmin } from '@documenso/lib/utils/is-admin';
 import { cn } from '@documenso/ui/lib/utils';
 import { Button } from '@documenso/ui/primitives/button';
 
+import { AdminLicenseStatusBanner } from '~/components/general/admin-license-status-banner';
+
 import type { Route } from './+types/_layout';
 
 export async function loader({ request }: Route.LoaderArgs) {
   const { user } = await getSession(request);
 
+  const license = await LicenseClient.getInstance()?.getCachedLicense();
+
   if (!user || !isAdmin(user)) {
     throw redirect('/');
   }
+
+  return {
+    license: license || null,
+  };
 }
 
-export default function AdminLayout() {
+export default function AdminLayout({ loaderData }: Route.ComponentProps) {
+  const { license } = loaderData;
   const { pathname } = useLocation();
 
   return (
     <div className="mx-auto w-full max-w-screen-xl px-4 md:px-8">
+      <AdminLicenseStatusBanner license={license} />
+
       <h1 className="text-4xl font-semibold">
         <Trans>Admin Panel</Trans>
       </h1>

apps/remix/app/routes/_authenticated+/admin+/claims.tsx

@@ -4,13 +4,26 @@ import { useLingui } from '@lingui/react/macro';
 import { useLocation, useSearchParams } from 'react-router';
 
 import { useDebouncedValue } from '@documenso/lib/client-only/hooks/use-debounced-value';
+import { LicenseClient } from '@documenso/lib/server-only/license/license-client';
 import { Input } from '@documenso/ui/primitives/input';
 
 import { ClaimCreateDialog } from '~/components/dialogs/claim-create-dialog';
 import { SettingsHeader } from '~/components/general/settings-header';
 import { AdminClaimsTable } from '~/components/tables/admin-claims-table';
 
-export default function Claims() {
+import type { Route } from './+types/claims';
+
+export async function loader() {
+  const licenseData = await LicenseClient.getInstance()?.getCachedLicense();
+
+  return {
+    licenseFlags: licenseData?.license?.flags,
+  };
+}
+
+export default function Claims({ loaderData }: Route.ComponentProps) {
+  const { licenseFlags } = loaderData;
+
   const { t } = useLingui();
 
   const [searchParams, setSearchParams] = useSearchParams();
@@ -47,7 +60,7 @@ export default function Claims() {
         subtitle={t`Manage all subscription claims`}
         hideDivider
       >
-        <ClaimCreateDialog />
+        <ClaimCreateDialog licenseFlags={licenseFlags} />
       </SettingsHeader>
 
       <div className="mt-4">
@@ -58,7 +71,7 @@ export default function Claims() {
           className="mb-4"
         />
 
-        <AdminClaimsTable />
+        <AdminClaimsTable licenseFlags={licenseFlags} />
       </div>
     </div>
   );

apps/remix/app/routes/_authenticated+/admin+/organisations.$id.tsx

@@ -12,6 +12,8 @@ import type { z } from 'zod';
 import { NEXT_PUBLIC_WEBAPP_URL } from '@documenso/lib/constants/app';
 import { SUBSCRIPTION_STATUS_MAP } from '@documenso/lib/constants/billing';
 import { AppError } from '@documenso/lib/errors/app-error';
+import { LicenseClient } from '@documenso/lib/server-only/license/license-client';
+import type { TLicenseClaim } from '@documenso/lib/types/license';
 import { SUBSCRIPTION_CLAIM_FEATURE_FLAGS } from '@documenso/lib/types/subscription';
 import { trpc } from '@documenso/trpc/react';
 import type { TGetAdminOrganisationResponse } from '@documenso/trpc/server/admin-router/get-admin-organisation.types';
@@ -40,7 +42,20 @@ import { SettingsHeader } from '~/components/general/settings-header';
 
 import type { Route } from './+types/organisations.$id';
 
-export default function OrganisationGroupSettingsPage({ params }: Route.ComponentProps) {
+export async function loader() {
+  const licenseData = await LicenseClient.getInstance()?.getCachedLicense();
+
+  return {
+    licenseFlags: licenseData?.license?.flags,
+  };
+}
+
+export default function OrganisationGroupSettingsPage({
+  params,
+  loaderData,
+}: Route.ComponentProps) {
+  const { licenseFlags } = loaderData;
+
   const { t } = useLingui();
   const { toast } = useToast();
 
@@ -129,7 +144,7 @@ export default function OrganisationGroupSettingsPage({ params }: Route.Componen
   if (isLoadingOrganisation) {
     return (
       <div className="flex items-center justify-center rounded-lg py-32">
-        <Loader className="text-muted-foreground h-6 w-6 animate-spin" />
+        <Loader className="h-6 w-6 animate-spin text-muted-foreground" />
       </div>
     );
   }
@@ -239,7 +254,7 @@ export default function OrganisationGroupSettingsPage({ params }: Route.Componen
         )}
       </Alert>
 
-      <OrganisationAdminForm organisation={organisation} />
+      <OrganisationAdminForm organisation={organisation} licenseFlags={licenseFlags} />
 
       <div className="mt-16 space-y-10">
         <div>
@@ -278,6 +293,7 @@ type TUpdateGenericOrganisationDataFormSchema = z.infer<
 
 type OrganisationAdminFormOptions = {
   organisation: TGetAdminOrganisationResponse;
+  licenseFlags?: TLicenseClaim;
 };
 
 const GenericOrganisationAdminForm = ({ organisation }: OrganisationAdminFormOptions) => {
@@ -349,7 +365,7 @@ const GenericOrganisationAdminForm = ({ organisation }: OrganisationAdminFormOpt
                 <Input {...field} />
               </FormControl>
               {!form.formState.errors.url && (
-                <span className="text-foreground/50 text-xs font-normal">
+                <span className="text-xs font-normal text-foreground/50">
                   {field.value ? (
                     `${NEXT_PUBLIC_WEBAPP_URL()}/o/${field.value}`
                   ) : (
@@ -381,12 +397,17 @@ const ZUpdateOrganisationBillingFormSchema = ZUpdateAdminOrganisationRequestSche
 
 type TUpdateOrganisationBillingFormSchema = z.infer<typeof ZUpdateOrganisationBillingFormSchema>;
 
-const OrganisationAdminForm = ({ organisation }: OrganisationAdminFormOptions) => {
+const OrganisationAdminForm = ({ organisation, licenseFlags }: OrganisationAdminFormOptions) => {
   const { toast } = useToast();
   const { t } = useLingui();
 
   const { mutateAsync: updateOrganisation } = trpc.admin.organisation.update.useMutation();
 
+  const hasRestrictedEnterpriseFeatures = Object.values(SUBSCRIPTION_CLAIM_FEATURE_FLAGS).some(
+    // eslint-disable-next-line @typescript-eslint/consistent-type-assertions
+    (flag) => flag.isEnterprise && !licenseFlags?.[flag.key as keyof TLicenseClaim],
+  );
+
   const form = useForm<TUpdateOrganisationBillingFormSchema>({
     resolver: zodResolver(ZUpdateOrganisationBillingFormSchema),
     defaultValues: {
@@ -440,7 +461,7 @@ const OrganisationAdminForm = ({ organisation }: OrganisationAdminFormOptions) =
                     <InfoIcon className="mx-2 h-4 w-4" />
                   </TooltipTrigger>
 
-                  <TooltipContent className="text-foreground max-w-md space-y-2 p-4">
+                  <TooltipContent className="max-w-md space-y-2 p-4 text-foreground">
                     <h2>
                       <strong>
                         <Trans>Inherited subscription claim</Trans>
@@ -493,7 +514,7 @@ const OrganisationAdminForm = ({ organisation }: OrganisationAdminFormOptions) =
                 <Link
                   target="_blank"
                   to={`https://dashboard.stripe.com/customers/${field.value}`}
-                  className="text-foreground/50 text-xs font-normal"
+                  className="text-xs font-normal text-foreground/50"
                 >
                   {`https://dashboard.stripe.com/customers/${field.value}`}
                 </Link>
@@ -582,34 +603,57 @@ const OrganisationAdminForm = ({ organisation }: OrganisationAdminFormOptions) =
           </FormLabel>
 
           <div className="mt-2 space-y-2 rounded-md border p-4">
-            {Object.values(SUBSCRIPTION_CLAIM_FEATURE_FLAGS).map(({ key, label }) => (
-              <FormField
-                key={key}
-                control={form.control}
-                name={`claims.flags.${key}`}
-                render={({ field }) => (
-                  <FormItem className="flex items-center space-x-2">
-                    <FormControl>
-                      <div className="flex items-center">
-                        <Checkbox
-                          id={`flag-${key}`}
-                          checked={field.value}
-                          onCheckedChange={field.onChange}
-                        />
+            {Object.values(SUBSCRIPTION_CLAIM_FEATURE_FLAGS).map(({ key, label, isEnterprise }) => {
+              const isRestrictedFeature =
+                isEnterprise && !licenseFlags?.[key as keyof TLicenseClaim]; // eslint-disable-line @typescript-eslint/consistent-type-assertions
 
-                        <label
-                          className="text-muted-foreground ml-2 flex flex-row items-center text-sm"
-                          htmlFor={`flag-${key}`}
-                        >
-                          {label}
-                        </label>
-                      </div>
-                    </FormControl>
-                  </FormItem>
-                )}
-              />
-            ))}
+              return (
+                <FormField
+                  key={key}
+                  control={form.control}
+                  name={`claims.flags.${key}`}
+                  render={({ field }) => (
+                    <FormItem className="flex items-center space-x-2">
+                      <FormControl>
+                        <div className="flex items-center">
+                          <Checkbox
+                            id={`flag-${key}`}
+                            checked={field.value}
+                            onCheckedChange={field.onChange}
+                            disabled={isRestrictedFeature && !field.value} // Allow disabling of restricted features.
+                          />
+
+                          <label
+                            className="ml-2 flex flex-row items-center text-sm text-muted-foreground"
+                            htmlFor={`flag-${key}`}
+                          >
+                            {label}
+                            {isRestrictedFeature && ' ¹'}
+                          </label>
+                        </div>
+                      </FormControl>
+                    </FormItem>
+                  )}
+                />
+              );
+            })}
           </div>
+
+          {hasRestrictedEnterpriseFeatures && (
+            <Alert variant="neutral" className="mt-4">
+              <AlertDescription>
+                <span>¹&nbsp;</span>
+                <Trans>Your current license does not include these features.</Trans>{' '}
+                <Link
+                  to="https://docs.documenso.com/users/licenses/enterprise-edition"
+                  target="_blank"
+                  className="text-foreground underline hover:opacity-80"
+                >
+                  <Trans>Learn more</Trans>
+                </Link>
+              </AlertDescription>
+            </Alert>
+          )}
         </div>
 
         <div className="flex justify-end">

apps/remix/app/routes/_authenticated+/admin+/stats.tsx

@@ -23,8 +23,10 @@ import {
   getUserWithSignedDocumentMonthlyGrowth,
   getUsersCount,
 } from '@documenso/lib/server-only/admin/get-users-stats';
+import { LicenseClient } from '@documenso/lib/server-only/license/license-client';
 import { getSignerConversionMonthly } from '@documenso/lib/server-only/user/get-signer-conversion';
 
+import { AdminLicenseCard } from '~/components/general/admin-license-card';
 import { MonthlyActiveUsersChart } from '~/components/general/admin-monthly-active-user-charts';
 import { AdminStatsSignerConversionChart } from '~/components/general/admin-stats-signer-conversion-chart';
 import { AdminStatsUsersWithDocumentsChart } from '~/components/general/admin-stats-users-with-documents';
@@ -42,6 +44,7 @@ export async function loader() {
     signerConversionMonthly,
     monthlyUsersWithDocuments,
     monthlyActiveUsers,
+    licenseData,
   ] = await Promise.all([
     getUsersCount(),
     getOrganisationsWithSubscriptionsCount(),
@@ -50,6 +53,7 @@ export async function loader() {
     getSignerConversionMonthly(),
     getUserWithSignedDocumentMonthlyGrowth(),
     getMonthlyActiveUsers(),
+    LicenseClient.getInstance()?.getCachedLicense(),
   ]);
 
   return {
@@ -60,6 +64,7 @@ export async function loader() {
     signerConversionMonthly,
     monthlyUsersWithDocuments,
     monthlyActiveUsers,
+    licenseData: licenseData || null,
   };
 }
 
@@ -74,6 +79,7 @@ export default function AdminStatsPage({ loaderData }: Route.ComponentProps) {
     signerConversionMonthly,
     monthlyUsersWithDocuments,
     monthlyActiveUsers,
+    licenseData,
   } = loaderData;
 
   return (
@@ -94,6 +100,10 @@ export default function AdminStatsPage({ loaderData }: Route.ComponentProps) {
         <CardMetric icon={FileCog} title={_(msg`App Version`)} value={`v${version}`} />
       </div>
 
+      <div className="mb-8 mt-4">
+        <AdminLicenseCard licenseData={licenseData} />
+      </div>
+
       <div className="mt-16 gap-8">
         <div>
           <h3 className="text-3xl font-semibold">

apps/remix/app/routes/_authenticated+/admin+/users.$id.tsx

@@ -10,6 +10,12 @@ import type { z } from 'zod';
 import { trpc } from '@documenso/trpc/react';
 import type { TGetUserResponse } from '@documenso/trpc/server/admin-router/get-user.types';
 import { ZUpdateUserRequestSchema } from '@documenso/trpc/server/admin-router/update-user.types';
+import {
+  Accordion,
+  AccordionContent,
+  AccordionItem,
+  AccordionTrigger,
+} from '@documenso/ui/primitives/accordion';
 import { Button } from '@documenso/ui/primitives/button';
 import {
   Form,
@@ -30,6 +36,7 @@ import { AdminUserEnableDialog } from '~/components/dialogs/admin-user-enable-di
 import { AdminUserResetTwoFactorDialog } from '~/components/dialogs/admin-user-reset-two-factor-dialog';
 import { GenericErrorLayout } from '~/components/general/generic-error-layout';
 import { AdminOrganisationsTable } from '~/components/tables/admin-organisations-table';
+import { AdminUserTeamsTable } from '~/components/tables/admin-user-teams-table';
 
 import { MultiSelectRoleCombobox } from '../../../components/general/multiselect-role-combobox';
 
@@ -197,7 +204,7 @@ const AdminUserPage = ({ user }: { user: TGetUserResponse }) => {
             <h3 className="text-lg font-semibold leading-none tracking-tight">
               <Trans>User Organisations</Trans>
             </h3>
-            <p className="text-muted-foreground mt-1.5 text-sm">
+            <p className="mt-1.5 text-sm text-muted-foreground">
               <Trans>Organisations that the user is a member of.</Trans>
             </p>
           </div>
@@ -219,6 +226,28 @@ const AdminUserPage = ({ user }: { user: TGetUserResponse }) => {
         />
       </div>
 
+      <hr className="my-8" />
+
+      <Accordion type="single" collapsible>
+        <AccordionItem value="team-memberships" className="border-b-0">
+          <AccordionTrigger className="py-0">
+            <div className="text-left">
+              <h3 className="text-lg font-semibold leading-none tracking-tight">
+                <Trans>Team Memberships</Trans>
+              </h3>
+              <p className="mt-1.5 text-sm font-normal text-muted-foreground">
+                <Trans>Teams that this user is a member of and their roles.</Trans>
+              </p>
+            </div>
+          </AccordionTrigger>
+          <AccordionContent>
+            <div className="mt-4">
+              <AdminUserTeamsTable userId={user.id} />
+            </div>
+          </AccordionContent>
+        </AccordionItem>
+      </Accordion>
+
       <div className="mt-16 flex flex-col gap-4">
         {user && user.twoFactorEnabled && <AdminUserResetTwoFactorDialog user={user} />}
         {user && user.disabled && <AdminUserEnableDialog userToEnable={user} />}

apps/remix/app/routes/_authenticated+/t.$teamUrl+/documents.$id.logs.tsx

@@ -179,7 +179,9 @@ export default function DocumentsLogsPage({ loaderData }: Route.ComponentProps)
           ))}
 
           <div className="text-sm text-foreground">
-            <h3 className="font-semibold">Recipients</h3>
+            <h3 className="font-semibold">
+              <Trans>Recipients</Trans>
+            </h3>
             <ul className="list-inside list-disc text-muted-foreground">
               {recipients.map((recipient) => (
                 <li key={`recipient-${recipient.id}`}>

apps/remix/app/routes/_authenticated+/t.$teamUrl+/documents._index.tsx

@@ -7,6 +7,7 @@ import { useParams, useSearchParams } from 'react-router';
 import { Link } from 'react-router';
 import { z } from 'zod';
 
+import { useSessionStorage } from '@documenso/lib/client-only/hooks/use-session-storage';
 import { useCurrentOrganisation } from '@documenso/lib/client-only/providers/organisation';
 import { formatAvatarUrl } from '@documenso/lib/utils/avatars';
 import { parseToIntegerArray } from '@documenso/lib/utils/params';
@@ -16,9 +17,12 @@ import { trpc } from '@documenso/trpc/react';
 import type { TFindDocumentsInternalResponse } from '@documenso/trpc/server/document-router/find-documents-internal.types';
 import { ZFindDocumentsInternalRequestSchema } from '@documenso/trpc/server/document-router/find-documents-internal.types';
 import { Avatar, AvatarFallback, AvatarImage } from '@documenso/ui/primitives/avatar';
+import type { RowSelectionState } from '@documenso/ui/primitives/data-table';
 import { Tabs, TabsList, TabsTrigger } from '@documenso/ui/primitives/tabs';
 
 import { DocumentMoveToFolderDialog } from '~/components/dialogs/document-move-to-folder-dialog';
+import { EnvelopesBulkDeleteDialog } from '~/components/dialogs/envelopes-bulk-delete-dialog';
+import { EnvelopesBulkMoveDialog } from '~/components/dialogs/envelopes-bulk-move-dialog';
 import { DocumentSearch } from '~/components/general/document/document-search';
 import { DocumentStatus } from '~/components/general/document/document-status';
 import { EnvelopeDropZoneWrapper } from '~/components/general/envelope/envelope-drop-zone-wrapper';
@@ -27,6 +31,7 @@ import { PeriodSelector } from '~/components/general/period-selector';
 import { DocumentsTable } from '~/components/tables/documents-table';
 import { DocumentsTableEmptyState } from '~/components/tables/documents-table-empty-state';
 import { DocumentsTableSenderFilter } from '~/components/tables/documents-table-sender-filter';
+import { EnvelopesTableBulkActionBar } from '~/components/tables/envelopes-table-bulk-action-bar';
 import { useCurrentTeam } from '~/providers/team';
 import { appMetaTags } from '~/utils/meta';
 
@@ -54,6 +59,17 @@ export default function DocumentsPage() {
   const [isMovingDocument, setIsMovingDocument] = useState(false);
   const [documentToMove, setDocumentToMove] = useState<number | null>(null);
 
+  const [rowSelection, setRowSelection] = useSessionStorage<RowSelectionState>(
+    'documents-bulk-selection',
+    {},
+  );
+  const [isBulkMoveDialogOpen, setIsBulkMoveDialogOpen] = useState(false);
+  const [isBulkDeleteDialogOpen, setIsBulkDeleteDialogOpen] = useState(false);
+
+  const selectedEnvelopeIds = useMemo(() => {
+    return Object.keys(rowSelection).filter((id) => rowSelection[id]);
+  }, [rowSelection]);
+
   const [stats, setStats] = useState<TFindDocumentsInternalResponse['stats']>({
     [ExtendedDocumentStatus.DRAFT]: 0,
     [ExtendedDocumentStatus.PENDING]: 0,
@@ -116,9 +132,9 @@ export default function DocumentsPage() {
 
         <div className="mt-8 flex flex-wrap items-center justify-between gap-x-4 gap-y-8">
           <div className="flex flex-row items-center">
-            <Avatar className="dark:border-border mr-3 h-12 w-12 border-2 border-solid border-white">
+            <Avatar className="mr-3 h-12 w-12 border-2 border-solid border-white dark:border-border">
               {team.avatarImageId && <AvatarImage src={formatAvatarUrl(team.avatarImageId)} />}
-              <AvatarFallback className="text-muted-foreground text-xs">
+              <AvatarFallback className="text-xs text-muted-foreground">
                 {team.name.slice(0, 1)}
               </AvatarFallback>
             </Avatar>
@@ -148,7 +164,7 @@ export default function DocumentsPage() {
                   .map((value) => (
                     <TabsTrigger
                       key={value}
-                      className="hover:text-foreground min-w-[60px]"
+                      className="min-w-[60px] hover:text-foreground"
                       value={value}
                       asChild
                     >
@@ -190,6 +206,9 @@ export default function DocumentsPage() {
                   setDocumentToMove(documentId);
                   setIsMovingDocument(true);
                 }}
+                enableSelection
+                rowSelection={rowSelection}
+                onRowSelectionChange={setRowSelection}
               />
             )}
           </div>
@@ -209,6 +228,30 @@ export default function DocumentsPage() {
             }}
           />
         )}
+
+        <EnvelopesTableBulkActionBar
+          selectedCount={selectedEnvelopeIds.length}
+          onMoveClick={() => setIsBulkMoveDialogOpen(true)}
+          onDeleteClick={() => setIsBulkDeleteDialogOpen(true)}
+          onClearSelection={() => setRowSelection({})}
+        />
+
+        <EnvelopesBulkMoveDialog
+          envelopeIds={selectedEnvelopeIds}
+          envelopeType={EnvelopeType.DOCUMENT}
+          open={isBulkMoveDialogOpen}
+          currentFolderId={folderId}
+          onOpenChange={setIsBulkMoveDialogOpen}
+          onSuccess={() => setRowSelection({})}
+        />
+
+        <EnvelopesBulkDeleteDialog
+          envelopeIds={selectedEnvelopeIds}
+          envelopeType={EnvelopeType.DOCUMENT}
+          open={isBulkDeleteDialogOpen}
+          onOpenChange={setIsBulkDeleteDialogOpen}
+          onSuccess={() => setRowSelection({})}
+        />
       </div>
     </EnvelopeDropZoneWrapper>
   );

apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.public-profile.tsx

@@ -207,7 +207,9 @@ export default function PublicProfilePage({ loaderData }: Route.ComponentProps)
             directTemplates={enabledPrivateDirectTemplates}
             trigger={
               <Button variant="outline">
-                <Trans>Link template</Trans>
+                <Trans context="Action button to link template to public profile">
+                  Link template
+                </Trans>
               </Button>
             }
           />

apps/remix/app/routes/_authenticated+/t.$teamUrl+/templates._index.tsx

@@ -1,16 +1,23 @@
+import { useMemo, useState } from 'react';
+
 import { Trans } from '@lingui/react/macro';
 import { EnvelopeType } from '@prisma/client';
 import { Bird } from 'lucide-react';
 import { useParams, useSearchParams } from 'react-router';
 
+import { useSessionStorage } from '@documenso/lib/client-only/hooks/use-session-storage';
 import { FolderType } from '@documenso/lib/types/folder-type';
 import { formatAvatarUrl } from '@documenso/lib/utils/avatars';
 import { formatDocumentsPath, formatTemplatesPath } from '@documenso/lib/utils/teams';
 import { trpc } from '@documenso/trpc/react';
 import { Avatar, AvatarFallback, AvatarImage } from '@documenso/ui/primitives/avatar';
+import type { RowSelectionState } from '@documenso/ui/primitives/data-table';
 
+import { EnvelopesBulkDeleteDialog } from '~/components/dialogs/envelopes-bulk-delete-dialog';
+import { EnvelopesBulkMoveDialog } from '~/components/dialogs/envelopes-bulk-move-dialog';
 import { EnvelopeDropZoneWrapper } from '~/components/general/envelope/envelope-drop-zone-wrapper';
 import { FolderGrid } from '~/components/general/folder/folder-grid';
+import { EnvelopesTableBulkActionBar } from '~/components/tables/envelopes-table-bulk-action-bar';
 import { TemplatesTable } from '~/components/tables/templates-table';
 import { useCurrentTeam } from '~/providers/team';
 import { appMetaTags } from '~/utils/meta';
@@ -28,6 +35,17 @@ export default function TemplatesPage() {
   const page = Number(searchParams.get('page')) || 1;
   const perPage = Number(searchParams.get('perPage')) || 10;
 
+  const [rowSelection, setRowSelection] = useSessionStorage<RowSelectionState>(
+    'templates-bulk-selection',
+    {},
+  );
+  const [isBulkMoveDialogOpen, setIsBulkMoveDialogOpen] = useState(false);
+  const [isBulkDeleteDialogOpen, setIsBulkDeleteDialogOpen] = useState(false);
+
+  const selectedEnvelopeIds = useMemo(() => {
+    return Object.keys(rowSelection).filter((id) => rowSelection[id]);
+  }, [rowSelection]);
+
   const documentRootPath = formatDocumentsPath(team.url);
   const templateRootPath = formatTemplatesPath(team.url);
 
@@ -44,9 +62,9 @@ export default function TemplatesPage() {
 
         <div className="mt-8">
           <div className="flex flex-row items-center">
-            <Avatar className="dark:border-border mr-3 h-12 w-12 border-2 border-solid border-white">
+            <Avatar className="mr-3 h-12 w-12 border-2 border-solid border-white dark:border-border">
               {team.avatarImageId && <AvatarImage src={formatAvatarUrl(team.avatarImageId)} />}
-              <AvatarFallback className="text-muted-foreground text-xs">
+              <AvatarFallback className="text-xs text-muted-foreground">
                 {team.name.slice(0, 1)}
               </AvatarFallback>
             </Avatar>
@@ -58,7 +76,7 @@ export default function TemplatesPage() {
 
           <div className="mt-8">
             {data && data.count === 0 ? (
-              <div className="text-muted-foreground/60 flex h-96 flex-col items-center justify-center gap-y-4">
+              <div className="flex h-96 flex-col items-center justify-center gap-y-4 text-muted-foreground/60">
                 <Bird className="h-12 w-12" strokeWidth={1.5} />
 
                 <div className="text-center">
@@ -81,10 +99,37 @@ export default function TemplatesPage() {
                 isLoadingError={isLoadingError}
                 documentRootPath={documentRootPath}
                 templateRootPath={templateRootPath}
+                enableSelection
+                rowSelection={rowSelection}
+                onRowSelectionChange={setRowSelection}
               />
             )}
           </div>
         </div>
+
+        <EnvelopesTableBulkActionBar
+          selectedCount={selectedEnvelopeIds.length}
+          onMoveClick={() => setIsBulkMoveDialogOpen(true)}
+          onDeleteClick={() => setIsBulkDeleteDialogOpen(true)}
+          onClearSelection={() => setRowSelection({})}
+        />
+
+        <EnvelopesBulkMoveDialog
+          envelopeIds={selectedEnvelopeIds}
+          envelopeType={EnvelopeType.TEMPLATE}
+          open={isBulkMoveDialogOpen}
+          currentFolderId={folderId}
+          onOpenChange={setIsBulkMoveDialogOpen}
+          onSuccess={() => setRowSelection({})}
+        />
+
+        <EnvelopesBulkDeleteDialog
+          envelopeIds={selectedEnvelopeIds}
+          envelopeType={EnvelopeType.TEMPLATE}
+          open={isBulkDeleteDialogOpen}
+          onOpenChange={setIsBulkDeleteDialogOpen}
+          onSuccess={() => setRowSelection({})}
+        />
       </div>
     </EnvelopeDropZoneWrapper>
   );

apps/remix/app/routes/_internal+/[__htmltopdf]+/certificate.tsx

@@ -1,5 +1,6 @@
 import { msg } from '@lingui/core/macro';
 import { useLingui } from '@lingui/react';
+import { Trans } from '@lingui/react/macro';
 import { EnvelopeType, FieldType, SigningStatus } from '@prisma/client';
 import { DateTime } from 'luxon';
 import { redirect } from 'react-router';
@@ -290,7 +291,9 @@ export default function SigningCertificate({ loaderData }: Route.ComponentProps)
                           </p>
                         </>
                       ) : (
-                        <p className="text-muted-foreground">N/A</p>
+                        <p className="text-muted-foreground">
+                          <Trans>N/A</Trans>
+                        </p>
                       )}
 
                       <p className="mt-2 text-sm text-muted-foreground print:text-xs">

apps/remix/package.json

@@ -106,5 +106,5 @@
     "vite-plugin-babel-macros": "^1.0.6",
     "vite-tsconfig-paths": "^5.1.4"
   },
-  "version": "2.5.0"
+  "version": "2.6.0"
 }

apps/remix/server/main.js

@@ -17,7 +17,7 @@ server.use(
   serveStatic({
     root: 'build/client',
     onFound: (path, c) => {
-      if (path.startsWith('./build/client/assets')) {
+      if (path.startsWith('build/client/assets')) {
         // Hard cache assets with hashed file names.
         c.header('Cache-Control', 'public, immutable, max-age=31536000');
       } else {

apps/remix/server/router.ts

@@ -10,6 +10,7 @@ import { tsRestHonoApp } from '@documenso/api/hono';
 import { auth } from '@documenso/auth/server';
 import { API_V2_BETA_URL, API_V2_URL } from '@documenso/lib/constants/app';
 import { jobsClient } from '@documenso/lib/jobs/client';
+import { LicenseClient } from '@documenso/lib/server-only/license/license-client';
 import { TelemetryClient } from '@documenso/lib/server-only/telemetry/telemetry-client';
 import { getIpAddress } from '@documenso/lib/universal/get-ip-address';
 import { env } from '@documenso/lib/utils/env';
@@ -140,4 +141,7 @@ if (env('NODE_ENV') !== 'development') {
   void TelemetryClient.start();
 }
 
+// Start license client to verify license on startup.
+void LicenseClient.start();
+
 export default app;

docker/start.sh

@@ -11,7 +11,7 @@ CERT_PATH="${NEXT_PRIVATE_SIGNING_LOCAL_FILE_PATH:-/opt/documenso/cert.p12}"
 if [ -f "$CERT_PATH" ] && [ -r "$CERT_PATH" ]; then
     printf "✅ Certificate file found and readable - document signing is ready!\n"
 else
-    printf "⚠️  Certificate not found or not readable\n"
+    printf "⚠️ Certificate not found or not readable\n"
     printf "💡 Tip: Documenso will still start, but document signing will be unavailable\n"
     printf "🔧 Check: http://localhost:3000/api/certificate-status for detailed status\n"
 fi

package-lock.json

@@ -1,12 +1,12 @@
 {
   "name": "@documenso/root",
-  "version": "2.5.0",
+  "version": "2.6.0",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "@documenso/root",
-      "version": "2.5.0",
+      "version": "2.6.0",
       "hasInstallScript": true,
       "workspaces": [
         "apps/*",
@@ -15,11 +15,10 @@
       "dependencies": {
         "@ai-sdk/google-vertex": "3.0.81",
         "@documenso/prisma": "*",
-        "@libpdf/core": "^0.2.2",
+        "@libpdf/core": "^0.2.5",
         "@lingui/conf": "^5.6.0",
         "@lingui/core": "^5.6.0",
         "ai": "^5.0.104",
-        "inngest-cli": "^1.13.7",
         "luxon": "^3.7.2",
         "patch-package": "^8.0.1",
         "posthog-node": "4.18.0",
@@ -42,6 +41,7 @@
         "dotenv-cli": "^11.0.0",
         "eslint": "^8.57.0",
         "husky": "^9.1.7",
+        "inngest-cli": "^1.16.1",
         "lint-staged": "^16.2.7",
         "nanoid": "^5.1.6",
         "nodemailer": "^7.0.10",
@@ -53,11 +53,10 @@
         "prisma": "^6.19.0",
         "prisma-extension-kysely": "^3.0.0",
         "prisma-json-types-generator": "^3.6.2",
-        "prisma-kysely": "^2.2.1",
+        "prisma-kysely": "^2.3.0",
         "rimraf": "^6.1.2",
         "superjson": "^2.2.5",
         "syncpack": "^14.0.0-alpha.27",
-        "trpc-to-openapi": "2.4.0",
         "turbo": "^1.13.4",
         "vite": "^7.2.4",
         "vite-plugin-static-copy": "^3.1.4",
@@ -109,7 +108,7 @@
     },
     "apps/remix": {
       "name": "@documenso/remix",
-      "version": "2.5.0",
+      "version": "2.6.0",
       "dependencies": {
         "@cantoo/pdf-lib": "^2.5.3",
         "@documenso/api": "*",
@@ -4026,6 +4025,19 @@
         "url": "https://github.com/chalk/strip-ansi?sponsor=1"
       }
     },
+    "node_modules/@isaacs/fs-minipass": {
+      "version": "4.0.1",
+      "resolved": "https://registry.npmjs.org/@isaacs/fs-minipass/-/fs-minipass-4.0.1.tgz",
+      "integrity": "sha512-wgm9Ehl2jpeqP3zw/7mo3kRHFp5MEDhqAdwy1fTGkHAwnkGOVsgpvQhL8B5n1qlb01jV3n/bI0ZfZp5lWA1k4w==",
+      "dev": true,
+      "license": "ISC",
+      "dependencies": {
+        "minipass": "^7.0.4"
+      },
+      "engines": {
+        "node": ">=18.0.0"
+      }
+    },
     "node_modules/@jest/schemas": {
       "version": "29.6.3",
       "resolved": "https://registry.npmjs.org/@jest/schemas/-/schemas-29.6.3.tgz",
@@ -4155,9 +4167,9 @@
       "license": "MIT"
     },
     "node_modules/@libpdf/core": {
-      "version": "0.2.2",
-      "resolved": "https://registry.npmjs.org/@libpdf/core/-/core-0.2.2.tgz",
-      "integrity": "sha512-qxYHUirZc4YSxTYkUVtLHqM9ypC9iKPOpHYfpDIUYAZyDGgcHh4SOwhkInHY/Q51TBajXRv6ZZd9fjSPvoQZnw==",
+      "version": "0.2.5",
+      "resolved": "https://registry.npmjs.org/@libpdf/core/-/core-0.2.5.tgz",
+      "integrity": "sha512-+oTpNRkEdL1kVmeJr6qz2wf0yqJx5FmUVN2u0kDuX81wvxyzYOlMjmFD8qbbJqyYiNZp0J7IAcW6VsZr+MW1Uw==",
       "license": "MIT",
       "dependencies": {
         "@noble/ciphers": "^2.1.1",
@@ -17745,6 +17757,7 @@
       "version": "0.5.16",
       "resolved": "https://registry.npmjs.org/adm-zip/-/adm-zip-0.5.16.tgz",
       "integrity": "sha512-TGw5yVi4saajsSEgz25grObGHEUaDrniwvA2qwSC060KfqGPdglhvPMA2lPIoxs3PQIItj2iag35fONcQqgUaQ==",
+      "dev": true,
       "license": "MIT",
       "engines": {
         "node": ">=12.0"
@@ -18988,12 +19001,13 @@
       }
     },
     "node_modules/chownr": {
-      "version": "2.0.0",
-      "resolved": "https://registry.npmjs.org/chownr/-/chownr-2.0.0.tgz",
-      "integrity": "sha512-bIomtDF5KGpdogkLd9VspvFzk9KfpyyGlS8YFVZl7TGPBHL5snIOnxeshwVgPteQ9b4Eydl+pVbIyE1DcvCWgQ==",
-      "license": "ISC",
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/chownr/-/chownr-3.0.0.tgz",
+      "integrity": "sha512-+IxzY9BZOQd/XuYPRmrvEVjF/nqj5kgT4kEq7VofrDoM1MxoRjEWkrCC3EtLi59TVawxTAn+orJwFQcrqEN1+g==",
+      "dev": true,
+      "license": "BlueOak-1.0.0",
       "engines": {
-        "node": ">=10"
+        "node": ">=18"
       }
     },
     "node_modules/ci-info": {
@@ -23886,36 +23900,6 @@
         "node": ">=14.14"
       }
     },
-    "node_modules/fs-minipass": {
-      "version": "2.1.0",
-      "resolved": "https://registry.npmjs.org/fs-minipass/-/fs-minipass-2.1.0.tgz",
-      "integrity": "sha512-V/JgOLFCS+R6Vcq0slCuaeWEdNC3ouDlJMNIsacH2VtALiu9mV4LPrHc5cDl8k5aw6J8jwgWWpiTo5RYhmIzvg==",
-      "license": "ISC",
-      "dependencies": {
-        "minipass": "^3.0.0"
-      },
-      "engines": {
-        "node": ">= 8"
-      }
-    },
-    "node_modules/fs-minipass/node_modules/minipass": {
-      "version": "3.3.6",
-      "resolved": "https://registry.npmjs.org/minipass/-/minipass-3.3.6.tgz",
-      "integrity": "sha512-DxiNidxSEK+tHG6zOIklvNOwm3hvCrbUrdtzY74U6HKTJxvIDfOUL5W5P2Ghd3DTkhhKPYGqeNUIh5qcM4YBfw==",
-      "license": "ISC",
-      "dependencies": {
-        "yallist": "^4.0.0"
-      },
-      "engines": {
-        "node": ">=8"
-      }
-    },
-    "node_modules/fs-minipass/node_modules/yallist": {
-      "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/yallist/-/yallist-4.0.0.tgz",
-      "integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==",
-      "license": "ISC"
-    },
     "node_modules/fs.realpath": {
       "version": "1.0.0",
       "resolved": "https://registry.npmjs.org/fs.realpath/-/fs.realpath-1.0.0.tgz",
@@ -24650,19 +24634,19 @@
       }
     },
     "node_modules/h3": {
-      "version": "1.15.1",
-      "resolved": "https://registry.npmjs.org/h3/-/h3-1.15.1.tgz",
-      "integrity": "sha512-+ORaOBttdUm1E2Uu/obAyCguiI7MbBvsLTndc3gyK3zU+SYLoZXlyCP9Xgy0gikkGufFLTZXCXD6+4BsufnmHA==",
+      "version": "1.15.5",
+      "resolved": "https://registry.npmjs.org/h3/-/h3-1.15.5.tgz",
+      "integrity": "sha512-xEyq3rSl+dhGX2Lm0+eFQIAzlDN6Fs0EcC4f7BNUmzaRX/PTzeuM+Tr2lHB8FoXggsQIeXLj8EDVgs5ywxyxmg==",
       "license": "MIT",
       "dependencies": {
         "cookie-es": "^1.2.2",
-        "crossws": "^0.3.3",
+        "crossws": "^0.3.5",
         "defu": "^6.1.4",
-        "destr": "^2.0.3",
+        "destr": "^2.0.5",
         "iron-webcrypto": "^1.2.1",
-        "node-mock-http": "^1.0.0",
+        "node-mock-http": "^1.0.4",
         "radix3": "^1.1.2",
-        "ufo": "^1.5.4",
+        "ufo": "^1.6.3",
         "uncrypto": "^0.1.3"
       }
     },
@@ -25494,16 +25478,17 @@
       }
     },
     "node_modules/inngest-cli": {
-      "version": "1.13.7",
-      "resolved": "https://registry.npmjs.org/inngest-cli/-/inngest-cli-1.13.7.tgz",
-      "integrity": "sha512-u3gbUsjsTHfh5quKE3C3sw/NENFPjiWG602SNZya0Eto44U9KGVT0nHp9UoZF5qiG7X83fJqqNEjDKN4FB9JaQ==",
+      "version": "1.16.1",
+      "resolved": "https://registry.npmjs.org/inngest-cli/-/inngest-cli-1.16.1.tgz",
+      "integrity": "sha512-B5Z2vgidh6HM7HVsQFZSffJpnTKB0Rm20NDL1qOjBtF8ZZgun+mJNjUYAcqOU4l8SVVEG0nfPnphsWPLZHXdsA==",
+      "dev": true,
       "hasInstallScript": true,
       "license": "SEE LICENSE IN LICENSE.md",
       "dependencies": {
         "adm-zip": "^0.5.10",
         "debug": "^4.3.4",
         "node-fetch": "^2.6.7",
-        "tar": "^6.2.1"
+        "tar": "^7.5.3"
       },
       "bin": {
         "inngest": "bin/inngest",
@@ -27877,9 +27862,9 @@
       }
     },
     "node_modules/mermaid": {
-      "version": "11.12.1",
-      "resolved": "https://registry.npmjs.org/mermaid/-/mermaid-11.12.1.tgz",
-      "integrity": "sha512-UlIZrRariB11TY1RtTgUWp65tphtBv4CSq7vyS2ZZ2TgoMjs2nloq+wFqxiwcxlhHUvs7DPGgMjs2aeQxz5h9g==",
+      "version": "11.12.2",
+      "resolved": "https://registry.npmjs.org/mermaid/-/mermaid-11.12.2.tgz",
+      "integrity": "sha512-n34QPDPEKmaeCG4WDMGy0OT6PSyxKCfy2pJgShP+Qow2KLrvWjclwbc3yXfSIf4BanqWEhQEpngWwNp/XhZt6w==",
       "license": "MIT",
       "dependencies": {
         "@braintree/sanitize-url": "^7.1.1",
@@ -28800,54 +28785,24 @@
       }
     },
     "node_modules/minizlib": {
-      "version": "2.1.2",
-      "resolved": "https://registry.npmjs.org/minizlib/-/minizlib-2.1.2.tgz",
-      "integrity": "sha512-bAxsR8BVfj60DWXHE3u30oHzfl4G7khkSuPW+qvpd7jFRHm7dLxOjUk1EHACJ/hxLY8phGJ0YhYHZo7jil7Qdg==",
+      "version": "3.1.0",
+      "resolved": "https://registry.npmjs.org/minizlib/-/minizlib-3.1.0.tgz",
+      "integrity": "sha512-KZxYo1BUkWD2TVFLr0MQoM8vUUigWD3LlD83a/75BqC+4qE0Hb1Vo5v1FgcfaNXvfXzr+5EhQ6ing/CaBijTlw==",
+      "dev": true,
       "license": "MIT",
       "dependencies": {
-        "minipass": "^3.0.0",
-        "yallist": "^4.0.0"
+        "minipass": "^7.1.2"
       },
       "engines": {
-        "node": ">= 8"
+        "node": ">= 18"
       }
     },
-    "node_modules/minizlib/node_modules/minipass": {
-      "version": "3.3.6",
-      "resolved": "https://registry.npmjs.org/minipass/-/minipass-3.3.6.tgz",
-      "integrity": "sha512-DxiNidxSEK+tHG6zOIklvNOwm3hvCrbUrdtzY74U6HKTJxvIDfOUL5W5P2Ghd3DTkhhKPYGqeNUIh5qcM4YBfw==",
-      "license": "ISC",
-      "dependencies": {
-        "yallist": "^4.0.0"
-      },
-      "engines": {
-        "node": ">=8"
-      }
-    },
-    "node_modules/minizlib/node_modules/yallist": {
-      "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/yallist/-/yallist-4.0.0.tgz",
-      "integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==",
-      "license": "ISC"
-    },
     "node_modules/mj-context-menu": {
       "version": "0.6.1",
       "resolved": "https://registry.npmjs.org/mj-context-menu/-/mj-context-menu-0.6.1.tgz",
       "integrity": "sha512-7NO5s6n10TIV96d4g2uDpG7ZDpIhMh0QNfGdJw/W47JswFcosz457wqz/b5sAKvl12sxINGFCn80NZHKwxQEXA==",
       "license": "Apache-2.0"
     },
-    "node_modules/mkdirp": {
-      "version": "1.0.4",
-      "resolved": "https://registry.npmjs.org/mkdirp/-/mkdirp-1.0.4.tgz",
-      "integrity": "sha512-vVqVZQyf3WLx2Shd0qJ9xuvqgAyKPLAiqITEtqW0oIUjzo3PePDd6fW9iFz30ef7Ysp/oiWqbhszeGWW2T6Gzw==",
-      "license": "MIT",
-      "bin": {
-        "mkdirp": "bin/cmd.js"
-      },
-      "engines": {
-        "node": ">=10"
-      }
-    },
     "node_modules/mlly": {
       "version": "1.8.0",
       "resolved": "https://registry.npmjs.org/mlly/-/mlly-1.8.0.tgz",
@@ -29478,9 +29433,9 @@
       }
     },
     "node_modules/node-mock-http": {
-      "version": "1.0.3",
-      "resolved": "https://registry.npmjs.org/node-mock-http/-/node-mock-http-1.0.3.tgz",
-      "integrity": "sha512-jN8dK25fsfnMrVsEhluUTPkBFY+6ybu7jSB1n+ri/vOGjJxU8J9CZhpSGkHXSkFjtUhbmoncG/YG9ta5Ludqog==",
+      "version": "1.0.4",
+      "resolved": "https://registry.npmjs.org/node-mock-http/-/node-mock-http-1.0.4.tgz",
+      "integrity": "sha512-8DY+kFsDkNXy1sJglUfuODx1/opAGJGyrTuFqEoN90oRc2Vk0ZbD4K2qmKXBBEhZQzdKHIVfEJpDU8Ak2NJEvQ==",
       "license": "MIT"
     },
     "node_modules/node-releases": {
@@ -31389,51 +31344,22 @@
       }
     },
     "node_modules/prisma-kysely": {
-      "version": "2.2.1",
-      "resolved": "https://registry.npmjs.org/prisma-kysely/-/prisma-kysely-2.2.1.tgz",
-      "integrity": "sha512-hxue1/ZzyBJ8qx6bSBNUjF+A+tl78PM5Sg/wIAIph9hxwdiGcWTr8JPQveva4zvA57bwRJhAJjDvdy8MK4UNuA==",
+      "version": "2.3.0",
+      "resolved": "https://registry.npmjs.org/prisma-kysely/-/prisma-kysely-2.3.0.tgz",
+      "integrity": "sha512-/+VF2t2DlY+t/27hhyH5ULWxBAAsMBPgOo8Ltq7uXpBz49lUf4XuO1ff9HV0l7J3aDojG+YyczEvY0og9uRqsw==",
       "license": "MIT",
       "dependencies": {
-        "@mrleebo/prisma-ast": "^0.13.0",
-        "@prisma/generator-helper": "6.16.2",
-        "@prisma/internals": "6.16.2",
-        "typescript": "^5.9.2",
-        "zod": "^4.1.5"
+        "@mrleebo/prisma-ast": "^0.13.1",
+        "@prisma/generator-helper": "^6.2.0",
+        "@prisma/internals": "^6.2.0",
+        "typescript": "^5.9.3",
+        "zod": "^4.3.5"
       },
       "bin": {
         "prisma-kysely": "dist/bin.js"
       },
       "peerDependencies": {
-        "prisma": "~6.16"
-      }
-    },
-    "node_modules/prisma-kysely/node_modules/@prisma/debug": {
-      "version": "6.16.2",
-      "resolved": "https://registry.npmjs.org/@prisma/debug/-/debug-6.16.2.tgz",
-      "integrity": "sha512-bo4/gA/HVV6u8YK2uY6glhNsJ7r+k/i5iQ9ny/3q5bt9ijCj7WMPUwfTKPvtEgLP+/r26Z686ly11hhcLiQ8zA==",
-      "license": "Apache-2.0"
-    },
-    "node_modules/prisma-kysely/node_modules/@prisma/dmmf": {
-      "version": "6.16.2",
-      "resolved": "https://registry.npmjs.org/@prisma/dmmf/-/dmmf-6.16.2.tgz",
-      "integrity": "sha512-o9ztgdbj2KZXl6DL+oP56TTC0poTLPns9/MeU761b49E1IQ/fd0jwdov1bidlNOiwio8Nsou23xNrYE/db10aA==",
-      "license": "Apache-2.0"
-    },
-    "node_modules/prisma-kysely/node_modules/@prisma/generator": {
-      "version": "6.16.2",
-      "resolved": "https://registry.npmjs.org/@prisma/generator/-/generator-6.16.2.tgz",
-      "integrity": "sha512-7bwRmtMIgfe1rUynh1p9VlmYvEiidbRO6aBphPBS6YGEGSvNe8+QExbRpsqFlFBvIX76BhZCxuEj7ZwALMYRKQ==",
-      "license": "Apache-2.0"
-    },
-    "node_modules/prisma-kysely/node_modules/@prisma/generator-helper": {
-      "version": "6.16.2",
-      "resolved": "https://registry.npmjs.org/@prisma/generator-helper/-/generator-helper-6.16.2.tgz",
-      "integrity": "sha512-8tVnWM8ETJNrvI5CT9eKCW23+aPLNkidC+g9NJn7ghXm60Q7GGlLX5tmvn5dE8tXvs/FSX3MN7KNmNJpOr89Hw==",
-      "license": "Apache-2.0",
-      "dependencies": {
-        "@prisma/debug": "6.16.2",
-        "@prisma/dmmf": "6.16.2",
-        "@prisma/generator": "6.16.2"
+        "prisma": ">=6.2.0 <7.0.0"
       }
     },
     "node_modules/prismjs": {
@@ -34964,36 +34890,31 @@
       }
     },
     "node_modules/tar": {
-      "version": "6.2.1",
-      "resolved": "https://registry.npmjs.org/tar/-/tar-6.2.1.tgz",
-      "integrity": "sha512-DZ4yORTwrbTj/7MZYq2w+/ZFdI6OZ/f9SFHR+71gIVUZhOQPHzVCLpvRnPgyaMpfWxxk/4ONva3GQSyNIKRv6A==",
-      "license": "ISC",
+      "version": "7.5.6",
+      "resolved": "https://registry.npmjs.org/tar/-/tar-7.5.6.tgz",
+      "integrity": "sha512-xqUeu2JAIJpXyvskvU3uvQW8PAmHrtXp2KDuMJwQqW8Sqq0CaZBAQ+dKS3RBXVhU4wC5NjAdKrmh84241gO9cA==",
+      "dev": true,
+      "license": "BlueOak-1.0.0",
       "dependencies": {
-        "chownr": "^2.0.0",
-        "fs-minipass": "^2.0.0",
-        "minipass": "^5.0.0",
-        "minizlib": "^2.1.1",
-        "mkdirp": "^1.0.3",
-        "yallist": "^4.0.0"
+        "@isaacs/fs-minipass": "^4.0.0",
+        "chownr": "^3.0.0",
+        "minipass": "^7.1.2",
+        "minizlib": "^3.1.0",
+        "yallist": "^5.0.0"
       },
       "engines": {
-        "node": ">=10"
-      }
-    },
-    "node_modules/tar/node_modules/minipass": {
-      "version": "5.0.0",
-      "resolved": "https://registry.npmjs.org/minipass/-/minipass-5.0.0.tgz",
-      "integrity": "sha512-3FnjYuehv9k6ovOEbyOswadCDPX1piCfhV8ncmYtHOjuPwylVWsghTLo7rabjC3Rx5xD4HDx8Wm1xnMF7S5qFQ==",
-      "license": "ISC",
-      "engines": {
-        "node": ">=8"
+        "node": ">=18"
       }
     },
     "node_modules/tar/node_modules/yallist": {
-      "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/yallist/-/yallist-4.0.0.tgz",
-      "integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==",
-      "license": "ISC"
+      "version": "5.0.0",
+      "resolved": "https://registry.npmjs.org/yallist/-/yallist-5.0.0.tgz",
+      "integrity": "sha512-YgvUTfwqyc7UXVMrB+SImsVYSmTS8X/tSrtdNZMImM+n7+QTriRXyXim0mBrTXNeqzVF0KWGgHPeiyViFFrNDw==",
+      "dev": true,
+      "license": "BlueOak-1.0.0",
+      "engines": {
+        "node": ">=18"
+      }
     },
     "node_modules/teeny-request": {
       "version": "10.1.0",
@@ -35270,9 +35191,9 @@
       }
     },
     "node_modules/trpc-to-openapi": {
-      "version": "2.4.0",
-      "resolved": "https://registry.npmjs.org/trpc-to-openapi/-/trpc-to-openapi-2.4.0.tgz",
-      "integrity": "sha512-B6xrwOC3Ab0q1BWD/QbJzK4OUpCLoT02hAzshSUXEuIZGcJZkMG/OJ4/3gd20dyr8aI+CrFirpWKRIo7JmHbMQ==",
+      "version": "2.1.5",
+      "resolved": "https://registry.npmjs.org/trpc-to-openapi/-/trpc-to-openapi-2.1.5.tgz",
+      "integrity": "sha512-cX6AlrIBEK0FJe8XJ0wFCroXFqTRpF3J5v4vU5D0Tq7YI1vj8oOIY50iaJX4Gv1PZTA6Dm9DMF7R1MUtlPZ4dQ==",
       "license": "MIT",
       "workspaces": [
         ".",
@@ -35285,17 +35206,17 @@
         "examples/with-nuxtjs"
       ],
       "dependencies": {
-        "co-body": "6.2.0",
-        "h3": "1.15.1",
+        "co-body": "^6.1.0",
+        "h3": "^1.6.4",
         "openapi3-ts": "4.4.0"
       },
       "optionalDependencies": {
         "@rollup/rollup-linux-x64-gnu": "4.6.1"
       },
       "peerDependencies": {
-        "@trpc/server": "^11.1.0",
+        "@trpc/server": "^11.0.0-rc.648",
         "zod": "^3.23.8",
-        "zod-openapi": "4.2.4"
+        "zod-openapi": "^4.1.0"
       }
     },
     "node_modules/trpc-to-openapi/node_modules/@rollup/rollup-linux-x64-gnu": {
@@ -35729,9 +35650,9 @@
       }
     },
     "node_modules/ufo": {
-      "version": "1.6.1",
-      "resolved": "https://registry.npmjs.org/ufo/-/ufo-1.6.1.tgz",
-      "integrity": "sha512-9a4/uxlTWJ4+a5i0ooc1rU7C7YOw3wT+UGqdeNNHWnOF9qcMBgLRS+4IYUqbczewFx4mLEig6gawh7X6mFlEkA==",
+      "version": "1.6.3",
+      "resolved": "https://registry.npmjs.org/ufo/-/ufo-1.6.3.tgz",
+      "integrity": "sha512-yDJTmhydvl5lJzBmy/hyOAA0d+aqCBuwl818haVdYCRrWV84o7YyeVm4QlVHStqNrrJSTb6jKuFAVqAFsr+K3Q==",
       "license": "MIT"
     },
     "node_modules/uint8array-extras": {
@@ -37549,7 +37470,7 @@
         "prisma": "^6.19.0",
         "prisma-extension-kysely": "^3.0.0",
         "prisma-json-types-generator": "^3.6.2",
-        "prisma-kysely": "^2.2.1",
+        "prisma-kysely": "^2.3.0",
         "ts-pattern": "^5.9.0",
         "zod": "^3.25.76",
         "zod-prisma-types": "3.3.5"
@@ -37604,7 +37525,7 @@
         "formidable": "^3.5.4",
         "luxon": "^3.7.2",
         "superjson": "^2.2.5",
-        "trpc-to-openapi": "2.4.0",
+        "trpc-to-openapi": "^2.1.5",
         "ts-pattern": "^5.9.0",
         "zod": "^3.25.76",
         "zod-form-data": "^2.0.8",

package.json

@@ -5,7 +5,7 @@
     "apps/*",
     "packages/*"
   ],
-  "version": "2.5.0",
+  "version": "2.6.0",
   "scripts": {
     "postinstall": "patch-package",
     "build": "turbo run build",
@@ -61,6 +61,7 @@
     "dotenv-cli": "^11.0.0",
     "eslint": "^8.57.0",
     "husky": "^9.1.7",
+    "inngest-cli": "^1.16.1",
     "lint-staged": "^16.2.7",
     "nanoid": "^5.1.6",
     "nodemailer": "^7.0.10",
@@ -72,11 +73,10 @@
     "prisma": "^6.19.0",
     "prisma-extension-kysely": "^3.0.0",
     "prisma-json-types-generator": "^3.6.2",
-    "prisma-kysely": "^2.2.1",
+    "prisma-kysely": "^2.3.0",
     "rimraf": "^6.1.2",
     "superjson": "^2.2.5",
     "syncpack": "^14.0.0-alpha.27",
-    "trpc-to-openapi": "2.4.0",
     "turbo": "^1.13.4",
     "vite": "^7.2.4",
     "vite-plugin-static-copy": "^3.1.4",
@@ -86,11 +86,10 @@
   "dependencies": {
     "@ai-sdk/google-vertex": "3.0.81",
     "@documenso/prisma": "*",
-    "@libpdf/core": "^0.2.2",
+    "@libpdf/core": "^0.2.5",
     "@lingui/conf": "^5.6.0",
     "@lingui/core": "^5.6.0",
     "ai": "^5.0.104",
-    "inngest-cli": "^1.13.7",
     "luxon": "^3.7.2",
     "patch-package": "^8.0.1",
     "posthog-node": "4.18.0",

packages/api/v1/contract.ts

@@ -43,6 +43,9 @@ import {
 
 const c = initContract();
 
+const deprecatedDescription =
+  'This endpoint is deprecated, but will continue to be supported. For more details, see https://docs.documenso.com/developers/public-api.';
+
 export const ApiContractV1 = c.router(
   {
     getDocuments: {
@@ -55,6 +58,8 @@ export const ApiContractV1 = c.router(
         404: ZUnsuccessfulResponseSchema,
       },
       summary: 'Get all documents',
+      deprecated: true,
+      description: deprecatedDescription,
     },
 
     getDocument: {
@@ -66,6 +71,8 @@ export const ApiContractV1 = c.router(
         404: ZUnsuccessfulResponseSchema,
       },
       summary: 'Get a single document',
+      deprecated: true,
+      description: deprecatedDescription,
     },
 
     downloadSignedDocument: {
@@ -78,6 +85,8 @@ export const ApiContractV1 = c.router(
         404: ZUnsuccessfulResponseSchema,
       },
       summary: 'Download a signed document when the storage transport is S3',
+      deprecated: true,
+      description: deprecatedDescription,
     },
 
     createDocument: {
@@ -90,6 +99,8 @@ export const ApiContractV1 = c.router(
         404: ZUnsuccessfulResponseSchema,
       },
       summary: 'Upload a new document and get a presigned URL',
+      deprecated: true,
+      description: deprecatedDescription,
     },
 
     createTemplate: {
@@ -102,6 +113,8 @@ export const ApiContractV1 = c.router(
         404: ZUnsuccessfulResponseSchema,
       },
       summary: 'Create a new template and get a presigned URL',
+      deprecated: true,
+      description: deprecatedDescription,
     },
 
     deleteTemplate: {
@@ -114,6 +127,8 @@ export const ApiContractV1 = c.router(
         404: ZUnsuccessfulResponseSchema,
       },
       summary: 'Delete a template',
+      deprecated: true,
+      description: deprecatedDescription,
     },
 
     getTemplate: {
@@ -125,6 +140,8 @@ export const ApiContractV1 = c.router(
         404: ZUnsuccessfulResponseSchema,
       },
       summary: 'Get a single template',
+      deprecated: true,
+      description: deprecatedDescription,
     },
 
     getTemplates: {
@@ -137,6 +154,8 @@ export const ApiContractV1 = c.router(
         404: ZUnsuccessfulResponseSchema,
       },
       summary: 'Get all templates',
+      deprecated: true,
+      description: deprecatedDescription,
     },
 
     createDocumentFromTemplate: {
@@ -150,7 +169,7 @@ export const ApiContractV1 = c.router(
       },
       summary: 'Create a new document from an existing template',
       deprecated: true,
-      description: `This has been deprecated in favour of "/api/v1/templates/:templateId/generate-document". You may face unpredictable behavior using this endpoint as it is no longer maintained.`,
+      description: `${deprecatedDescription} \n\nIf you must use the V1 API, use "/api/v1/templates/:templateId/generate-document" instead.`,
     },
 
     generateDocumentFromTemplate: {
@@ -165,8 +184,8 @@ export const ApiContractV1 = c.router(
         500: ZUnsuccessfulResponseSchema,
       },
       summary: 'Create a new document from an existing template',
-      description:
-        'Create a new document from an existing template. Passing in values for title and meta will override the original values defined in the template. If you do not pass in values for recipients, it will use the values defined in the template.',
+      deprecated: true,
+      description: `${deprecatedDescription} \n\nCreate a new document from an existing template. Passing in values for title and meta will override the original values defined in the template. If you do not pass in values for recipients, it will use the values defined in the template.`,
     },
 
     sendDocument: {
@@ -181,9 +200,8 @@ export const ApiContractV1 = c.router(
         500: ZUnsuccessfulResponseSchema,
       },
       summary: 'Send a document for signing',
-      // I'm aware this should be in the variable itself, which it is, however it's difficult for users to find in our current UI.
-      description:
-        'Notes\n\n`sendEmail` - Whether to send an email to the recipients asking them to action the document. If you disable this, you will need to manually distribute the document to the recipients using the generated signing links. Defaults to true',
+      deprecated: true,
+      description: `${deprecatedDescription} \n\nNotes\n\nsendEmail - Whether to send an email to the recipients asking them to action the document. If you disable this, you will need to manually distribute the document to the recipients using the generated signing links. Defaults to true`,
     },
 
     resendDocument: {
@@ -198,6 +216,8 @@ export const ApiContractV1 = c.router(
         500: ZUnsuccessfulResponseSchema,
       },
       summary: 'Re-send a document for signing',
+      deprecated: true,
+      description: deprecatedDescription,
     },
 
     deleteDocument: {
@@ -210,6 +230,8 @@ export const ApiContractV1 = c.router(
         404: ZUnsuccessfulResponseSchema,
       },
       summary: 'Delete a document',
+      deprecated: true,
+      description: deprecatedDescription,
     },
 
     createRecipient: {
@@ -224,6 +246,8 @@ export const ApiContractV1 = c.router(
         500: ZUnsuccessfulResponseSchema,
       },
       summary: 'Create a recipient for a document',
+      deprecated: true,
+      description: deprecatedDescription,
     },
 
     updateRecipient: {
@@ -238,6 +262,8 @@ export const ApiContractV1 = c.router(
         500: ZUnsuccessfulResponseSchema,
       },
       summary: 'Update a recipient for a document',
+      deprecated: true,
+      description: deprecatedDescription,
     },
 
     deleteRecipient: {
@@ -252,6 +278,8 @@ export const ApiContractV1 = c.router(
         500: ZUnsuccessfulResponseSchema,
       },
       summary: 'Delete a recipient from a document',
+      deprecated: true,
+      description: deprecatedDescription,
     },
 
     createField: {
@@ -266,6 +294,8 @@ export const ApiContractV1 = c.router(
         500: ZUnsuccessfulResponseSchema,
       },
       summary: 'Create a field for a document',
+      deprecated: true,
+      description: deprecatedDescription,
     },
 
     updateField: {
@@ -280,6 +310,8 @@ export const ApiContractV1 = c.router(
         500: ZUnsuccessfulResponseSchema,
       },
       summary: 'Update a field for a document',
+      deprecated: true,
+      description: deprecatedDescription,
     },
 
     deleteField: {
@@ -294,6 +326,8 @@ export const ApiContractV1 = c.router(
         500: ZUnsuccessfulResponseSchema,
       },
       summary: 'Delete a field from a document',
+      deprecated: true,
+      description: deprecatedDescription,
     },
   },
   {

packages/api/v1/implementation.ts

@@ -796,6 +796,7 @@ export const ApiContractV1Implementation = tsr.router(ApiContractV1, {
           title: body.title,
         },
         attachments: body.attachments,
+        formValues: body.formValues,
         requestMetadata: metadata,
       });
 

packages/api/v1/openapi.ts

@@ -11,7 +11,8 @@ export const OpenAPIV1 = Object.assign(
       info: {
         title: 'Documenso API',
         version: '1.0.0',
-        description: 'The Documenso API for retrieving, creating, updating and deleting documents.',
+        description:
+          'API V1 is deprecated, but will continue to be supported. For more details, see https://docs.documenso.com/developers/public-api. \n\nThe Documenso API for retrieving, creating, updating and deleting documents.',
       },
       servers: [
         {

packages/app-tests/e2e/api/v2/placeholder-fields-api.spec.ts

@@ -0,0 +1,453 @@
+import { PDF, StandardFonts } from '@libpdf/core';
+import type { APIRequestContext } from '@playwright/test';
+import { expect, test } from '@playwright/test';
+import type { Team, User } from '@prisma/client';
+import fs from 'node:fs';
+import path from 'node:path';
+
+import { NEXT_PUBLIC_WEBAPP_URL } from '@documenso/lib/constants/app';
+import { createApiToken } from '@documenso/lib/server-only/public-api/create-api-token';
+import { prisma } from '@documenso/prisma';
+import { EnvelopeType, FieldType, RecipientRole } from '@documenso/prisma/client';
+import { seedUser } from '@documenso/prisma/seed/users';
+import type {
+  TCreateEnvelopePayload,
+  TCreateEnvelopeResponse,
+} from '@documenso/trpc/server/envelope-router/create-envelope.types';
+import type { TCreateEnvelopeRecipientsRequest } from '@documenso/trpc/server/envelope-router/envelope-recipients/create-envelope-recipients.types';
+import type { TGetEnvelopeResponse } from '@documenso/trpc/server/envelope-router/get-envelope.types';
+
+const WEBAPP_BASE_URL = NEXT_PUBLIC_WEBAPP_URL();
+const baseUrl = `${WEBAPP_BASE_URL}/api/v2-beta`;
+
+const FIXTURES_DIR = path.join(__dirname, '../../../../assets/fixtures/auto-placement');
+
+test.describe.configure({ mode: 'parallel' });
+
+test.describe('Placeholder-based field creation', () => {
+  let user: User, team: Team, token: string;
+
+  test.beforeEach(async () => {
+    ({ user, team } = await seedUser());
+    ({ token } = await createApiToken({
+      userId: user.id,
+      teamId: team.id,
+      tokenName: 'test',
+      expiresIn: null,
+    }));
+  });
+
+  const createEnvelopeWithPdf = async (
+    request: APIRequestContext,
+    pdfFilename: string,
+  ): Promise<TCreateEnvelopeResponse> => {
+    const pdfPath = path.join(FIXTURES_DIR, pdfFilename);
+    const pdfData = fs.readFileSync(pdfPath);
+
+    const formData = new FormData();
+
+    formData.append(
+      'payload',
+      JSON.stringify({
+        type: EnvelopeType.DOCUMENT,
+        title: 'Placeholder Fields Test',
+      } satisfies TCreateEnvelopePayload),
+    );
+
+    formData.append('files', new File([pdfData], pdfFilename, { type: 'application/pdf' }));
+
+    const res = await request.post(`${baseUrl}/envelope/create`, {
+      headers: { Authorization: `Bearer ${token}` },
+      multipart: formData,
+    });
+
+    expect(res.ok()).toBeTruthy();
+
+    return res.json();
+  };
+
+  const createEnvelopeItemsWithPdf = async (
+    request: APIRequestContext,
+    envelopeId: string,
+    pdfFilename: string,
+  ) => {
+    const pdfPath = path.join(FIXTURES_DIR, pdfFilename);
+    const pdfData = fs.readFileSync(pdfPath);
+
+    const formData = new FormData();
+
+    formData.append('payload', JSON.stringify({ envelopeId }));
+    formData.append('files', new File([pdfData], pdfFilename, { type: 'application/pdf' }));
+
+    const res = await request.post(`${baseUrl}/envelope/item/create-many`, {
+      headers: { Authorization: `Bearer ${token}` },
+      multipart: formData,
+    });
+
+    expect(res.ok()).toBeTruthy();
+
+    return res.json();
+  };
+
+  const addRecipient = async (request: APIRequestContext, envelopeId: string) => {
+    const payload: TCreateEnvelopeRecipientsRequest = {
+      envelopeId,
+      data: [
+        {
+          email: user.email,
+          name: user.name || '',
+          role: RecipientRole.SIGNER,
+          accessAuth: [],
+          actionAuth: [],
+        },
+      ],
+    };
+
+    const res = await request.post(`${baseUrl}/envelope/recipient/create-many`, {
+      headers: { Authorization: `Bearer ${token}` },
+      data: payload,
+    });
+
+    expect(res.ok()).toBeTruthy();
+  };
+
+  const addRecipients = async (
+    request: APIRequestContext,
+    envelopeId: string,
+    recipients: TCreateEnvelopeRecipientsRequest['data'],
+  ) => {
+    const payload: TCreateEnvelopeRecipientsRequest = {
+      envelopeId,
+      data: recipients,
+    };
+
+    const res = await request.post(`${baseUrl}/envelope/recipient/create-many`, {
+      headers: { Authorization: `Bearer ${token}` },
+      data: payload,
+    });
+
+    expect(res.ok()).toBeTruthy();
+  };
+
+  const getEnvelope = async (
+    request: APIRequestContext,
+    envelopeId: string,
+  ): Promise<TGetEnvelopeResponse> => {
+    const res = await request.get(`${baseUrl}/envelope/${envelopeId}`, {
+      headers: { Authorization: `Bearer ${token}` },
+    });
+
+    expect(res.ok()).toBeTruthy();
+
+    return res.json();
+  };
+
+  /**
+   * Create a PDF with the same placeholder appearing multiple times at different locations.
+   */
+  const createPdfWithDuplicatePlaceholders = async (): Promise<Buffer> => {
+    const pdf = PDF.create();
+    const page = pdf.addPage({ size: 'letter' });
+
+    // Draw the same placeholder text at three different Y positions.
+    page.drawText('{{initials}}', { x: 50, y: 700, font: StandardFonts.Helvetica, size: 12 });
+    page.drawText('{{initials}}', { x: 50, y: 500, font: StandardFonts.Helvetica, size: 12 });
+    page.drawText('{{initials}}', { x: 50, y: 300, font: StandardFonts.Helvetica, size: 12 });
+
+    const bytes = await pdf.save();
+
+    return Buffer.from(bytes);
+  };
+
+  const createEnvelopeWithPdfBuffer = async (
+    request: APIRequestContext,
+    pdfBuffer: Buffer,
+    filename: string,
+  ): Promise<TCreateEnvelopeResponse> => {
+    const formData = new FormData();
+
+    formData.append(
+      'payload',
+      JSON.stringify({
+        type: EnvelopeType.DOCUMENT,
+        title: 'Placeholder Fields Test',
+      } satisfies TCreateEnvelopePayload),
+    );
+
+    formData.append('files', new File([pdfBuffer], filename, { type: 'application/pdf' }));
+
+    const res = await request.post(`${baseUrl}/envelope/create`, {
+      headers: { Authorization: `Bearer ${token}` },
+      multipart: formData,
+    });
+
+    expect(res.ok()).toBeTruthy();
+
+    return res.json();
+  };
+
+  test('should create a field at a placeholder location', async ({ request }) => {
+    const envelope = await createEnvelopeWithPdf(request, 'no-recipient-placeholders.pdf');
+    await addRecipient(request, envelope.id);
+
+    const envelopeData = await getEnvelope(request, envelope.id);
+    const recipientId = envelopeData.recipients[0].id;
+
+    const createFieldsRes = await request.post(`${baseUrl}/envelope/field/create-many`, {
+      headers: { Authorization: `Bearer ${token}` },
+      data: {
+        envelopeId: envelope.id,
+        data: [
+          {
+            recipientId,
+            type: FieldType.SIGNATURE,
+            placeholder: '{{signature}}',
+          },
+        ],
+      },
+    });
+
+    expect(createFieldsRes.ok()).toBeTruthy();
+
+    const fields = await prisma.field.findMany({
+      where: { envelopeId: envelope.id },
+    });
+
+    expect(fields).toHaveLength(1);
+    expect(fields[0].type).toBe(FieldType.SIGNATURE);
+
+    // Verify the field has non-zero position/dimensions resolved from the placeholder.
+    expect(fields[0].positionX.toNumber()).toBeGreaterThan(0);
+    expect(fields[0].positionY.toNumber()).toBeGreaterThan(0);
+    expect(fields[0].width.toNumber()).toBeGreaterThan(0);
+    expect(fields[0].height.toNumber()).toBeGreaterThan(0);
+  });
+
+  test('should override width and height when provided', async ({ request }) => {
+    const envelope = await createEnvelopeWithPdf(request, 'no-recipient-placeholders.pdf');
+    await addRecipient(request, envelope.id);
+
+    const envelopeData = await getEnvelope(request, envelope.id);
+    const recipientId = envelopeData.recipients[0].id;
+
+    const createFieldsRes = await request.post(`${baseUrl}/envelope/field/create-many`, {
+      headers: { Authorization: `Bearer ${token}` },
+      data: {
+        envelopeId: envelope.id,
+        data: [
+          {
+            recipientId,
+            type: FieldType.NAME,
+            placeholder: '{{name}}',
+            width: 30,
+            height: 5,
+          },
+        ],
+      },
+    });
+
+    expect(createFieldsRes.ok()).toBeTruthy();
+
+    const fields = await prisma.field.findMany({
+      where: { envelopeId: envelope.id },
+    });
+
+    expect(fields).toHaveLength(1);
+    expect(fields[0].width.toNumber()).toBeCloseTo(30, 1);
+    expect(fields[0].height.toNumber()).toBeCloseTo(5, 1);
+  });
+
+  test('should fail when placeholder text is not found in the PDF', async ({ request }) => {
+    const envelope = await createEnvelopeWithPdf(request, 'no-recipient-placeholders.pdf');
+    await addRecipient(request, envelope.id);
+
+    const envelopeData = await getEnvelope(request, envelope.id);
+    const recipientId = envelopeData.recipients[0].id;
+
+    const createFieldsRes = await request.post(`${baseUrl}/envelope/field/create-many`, {
+      headers: { Authorization: `Bearer ${token}` },
+      data: {
+        envelopeId: envelope.id,
+        data: [
+          {
+            recipientId,
+            type: FieldType.TEXT,
+            placeholder: '{{nonexistent}}',
+          },
+        ],
+      },
+    });
+
+    expect(createFieldsRes.ok()).toBeFalsy();
+  });
+
+  test('should create fields using a mix of coordinate and placeholder positioning', async ({
+    request,
+  }) => {
+    const envelope = await createEnvelopeWithPdf(request, 'no-recipient-placeholders.pdf');
+    await addRecipient(request, envelope.id);
+
+    const envelopeData = await getEnvelope(request, envelope.id);
+    const recipientId = envelopeData.recipients[0].id;
+
+    const createFieldsRes = await request.post(`${baseUrl}/envelope/field/create-many`, {
+      headers: { Authorization: `Bearer ${token}` },
+      data: {
+        envelopeId: envelope.id,
+        data: [
+          {
+            recipientId,
+            type: FieldType.SIGNATURE,
+            placeholder: '{{signature}}',
+          },
+          {
+            recipientId,
+            type: FieldType.DATE,
+            page: 1,
+            positionX: 10,
+            positionY: 20,
+            width: 15,
+            height: 3,
+          },
+        ],
+      },
+    });
+
+    expect(createFieldsRes.ok()).toBeTruthy();
+
+    const fields = await prisma.field.findMany({
+      where: { envelopeId: envelope.id },
+      orderBy: { type: 'asc' },
+    });
+
+    expect(fields).toHaveLength(2);
+
+    const dateField = fields.find((f) => f.type === FieldType.DATE);
+    const signatureField = fields.find((f) => f.type === FieldType.SIGNATURE);
+
+    expect(dateField).toBeDefined();
+    expect(dateField!.positionX.toNumber()).toBeCloseTo(10, 1);
+    expect(dateField!.positionY.toNumber()).toBeCloseTo(20, 1);
+
+    expect(signatureField).toBeDefined();
+    expect(signatureField!.positionX.toNumber()).toBeGreaterThan(0);
+  });
+
+  test('should create a field only at first occurrence by default', async ({ request }) => {
+    const pdfBuffer = await createPdfWithDuplicatePlaceholders();
+    const envelope = await createEnvelopeWithPdfBuffer(request, pdfBuffer, 'duplicates.pdf');
+    await addRecipient(request, envelope.id);
+
+    const envelopeData = await getEnvelope(request, envelope.id);
+    const recipientId = envelopeData.recipients[0].id;
+
+    const createFieldsRes = await request.post(`${baseUrl}/envelope/field/create-many`, {
+      headers: { Authorization: `Bearer ${token}` },
+      data: {
+        envelopeId: envelope.id,
+        data: [
+          {
+            recipientId,
+            type: FieldType.INITIALS,
+            placeholder: '{{initials}}',
+          },
+        ],
+      },
+    });
+
+    expect(createFieldsRes.ok()).toBeTruthy();
+
+    const fields = await prisma.field.findMany({
+      where: { envelopeId: envelope.id },
+    });
+
+    // Should only create one field (first occurrence).
+    expect(fields).toHaveLength(1);
+    expect(fields[0].type).toBe(FieldType.INITIALS);
+  });
+
+  test('should create fields at all occurrences when matchAll is true', async ({ request }) => {
+    const pdfBuffer = await createPdfWithDuplicatePlaceholders();
+    const envelope = await createEnvelopeWithPdfBuffer(request, pdfBuffer, 'duplicates.pdf');
+    await addRecipient(request, envelope.id);
+
+    const envelopeData = await getEnvelope(request, envelope.id);
+    const recipientId = envelopeData.recipients[0].id;
+
+    const createFieldsRes = await request.post(`${baseUrl}/envelope/field/create-many`, {
+      headers: { Authorization: `Bearer ${token}` },
+      data: {
+        envelopeId: envelope.id,
+        data: [
+          {
+            recipientId,
+            type: FieldType.INITIALS,
+            placeholder: '{{initials}}',
+            matchAll: true,
+          },
+        ],
+      },
+    });
+
+    expect(createFieldsRes.ok()).toBeTruthy();
+
+    const fields = await prisma.field.findMany({
+      where: { envelopeId: envelope.id },
+      orderBy: { positionY: 'asc' },
+    });
+
+    // Should create three fields (one for each occurrence).
+    expect(fields).toHaveLength(3);
+
+    // All should be INITIALS type.
+    expect(fields.every((f) => f.type === FieldType.INITIALS)).toBe(true);
+
+    // Verify they're at different Y positions.
+    const yPositions = fields.map((f) => f.positionY.toNumber());
+    const uniqueYPositions = new Set(yPositions);
+
+    expect(uniqueYPositions.size).toBe(3);
+  });
+
+  test('should map placeholder recipients by signing order when adding items', async ({
+    request,
+  }) => {
+    const envelope = await createEnvelopeWithPdf(request, 'no-recipient-placeholders.pdf');
+
+    await addRecipients(request, envelope.id, [
+      {
+        email: 'second.recipient@documenso.com',
+        name: 'Second Recipient',
+        role: RecipientRole.SIGNER,
+        signingOrder: 2,
+        accessAuth: [],
+        actionAuth: [],
+      },
+      {
+        email: 'first.recipient@documenso.com',
+        name: 'First Recipient',
+        role: RecipientRole.SIGNER,
+        signingOrder: 1,
+        accessAuth: [],
+        actionAuth: [],
+      },
+    ]);
+
+    await createEnvelopeItemsWithPdf(request, envelope.id, 'project-proposal-single-recipient.pdf');
+
+    const recipients = await prisma.recipient.findMany({
+      where: { envelopeId: envelope.id },
+    });
+
+    const firstRecipient = recipients.find((recipient) => recipient.signingOrder === 1);
+
+    expect(firstRecipient).toBeDefined();
+
+    const fields = await prisma.field.findMany({
+      where: { envelopeId: envelope.id },
+    });
+
+    expect(fields.length).toBeGreaterThan(0);
+    expect(fields.every((field) => field.recipientId === firstRecipient!.id)).toBe(true);
+  });
+});

packages/app-tests/e2e/api/v2/test-unauthorized-api-access.spec.ts

@@ -4730,252 +4730,6 @@ test.describe('Document API V2', () => {
       });
     });
 
-    test.describe('Envelope item delete endpoint', () => {
-      test('should block unauthorized access to envelope item delete endpoint', async ({
-        request,
-      }) => {
-        const doc = await seedBlankDocument(userA, teamA.id);
-
-        const envelopeItem = await prisma.envelopeItem.findFirstOrThrow({
-          where: { envelopeId: doc.id },
-        });
-
-        const res = await request.post(`${WEBAPP_BASE_URL}/api/v2-beta/envelope/item/delete`, {
-          headers: { Authorization: `Bearer ${tokenB}` },
-          data: {
-            envelopeId: doc.id,
-            envelopeItemId: envelopeItem.id,
-          },
-        });
-
-        expect(res.ok()).toBeFalsy();
-        expect(res.status()).toBe(404);
-      });
-
-      test('should allow authorized access to envelope item delete endpoint', async ({
-        request,
-      }) => {
-        const doc = await seedBlankDocument(userA, teamA.id);
-
-        const envelopeItem = await prisma.envelopeItem.findFirstOrThrow({
-          where: { envelopeId: doc.id },
-        });
-
-        const res = await request.post(`${WEBAPP_BASE_URL}/api/v2-beta/envelope/item/delete`, {
-          headers: { Authorization: `Bearer ${tokenA}` },
-          data: {
-            envelopeId: doc.id,
-            envelopeItemId: envelopeItem.id,
-          },
-        });
-
-        expect(res.ok()).toBeTruthy();
-        expect(res.status()).toBe(200);
-      });
-    });
-
-    test.describe('Envelope attachment find endpoint', () => {
-      test('should block unauthorized access to envelope attachment find endpoint', async ({
-        request,
-      }) => {
-        const doc = await seedBlankDocument(userA, teamA.id);
-
-        const res = await request.get(
-          `${WEBAPP_BASE_URL}/api/v2-beta/envelope/attachment?envelopeId=${doc.id}`,
-          {
-            headers: { Authorization: `Bearer ${tokenB}` },
-          },
-        );
-
-        expect(res.ok()).toBeFalsy();
-        expect(res.status()).toBe(404);
-      });
-
-      test('should allow authorized access to envelope attachment find endpoint', async ({
-        request,
-      }) => {
-        const doc = await seedBlankDocument(userA, teamA.id);
-
-        const res = await request.get(
-          `${WEBAPP_BASE_URL}/api/v2-beta/envelope/attachment?envelopeId=${doc.id}`,
-          {
-            headers: { Authorization: `Bearer ${tokenA}` },
-          },
-        );
-
-        expect(res.ok()).toBeTruthy();
-        expect(res.status()).toBe(200);
-      });
-    });
-
-    test.describe('Envelope attachment create endpoint', () => {
-      test('should block unauthorized access to envelope attachment create endpoint', async ({
-        request,
-      }) => {
-        const doc = await seedBlankDocument(userA, teamA.id);
-
-        const res = await request.post(
-          `${WEBAPP_BASE_URL}/api/v2-beta/envelope/attachment/create`,
-          {
-            headers: { Authorization: `Bearer ${tokenB}` },
-            data: {
-              envelopeId: doc.id,
-              data: {
-                label: 'Test Attachment',
-                data: 'https://example.com/file.pdf',
-              },
-            },
-          },
-        );
-
-        expect(res.ok()).toBeFalsy();
-        expect(res.status()).toBe(404);
-      });
-
-      test('should allow authorized access to envelope attachment create endpoint', async ({
-        request,
-      }) => {
-        const doc = await seedBlankDocument(userA, teamA.id);
-
-        const res = await request.post(
-          `${WEBAPP_BASE_URL}/api/v2-beta/envelope/attachment/create`,
-          {
-            headers: { Authorization: `Bearer ${tokenA}` },
-            data: {
-              envelopeId: doc.id,
-              data: {
-                label: 'Test Attachment',
-                data: 'https://example.com/file.pdf',
-              },
-            },
-          },
-        );
-
-        expect(res.ok()).toBeTruthy();
-        expect(res.status()).toBe(200);
-      });
-    });
-
-    test.describe('Envelope attachment update endpoint', () => {
-      test('should block unauthorized access to envelope attachment update endpoint', async ({
-        request,
-      }) => {
-        const doc = await seedBlankDocument(userA, teamA.id);
-
-        const attachment = await prisma.envelopeAttachment.create({
-          data: {
-            envelopeId: doc.id,
-            type: 'link',
-            label: 'Original Label',
-            data: 'https://example.com/original.pdf',
-          },
-        });
-
-        const res = await request.post(
-          `${WEBAPP_BASE_URL}/api/v2-beta/envelope/attachment/update`,
-          {
-            headers: { Authorization: `Bearer ${tokenB}` },
-            data: {
-              id: attachment.id,
-              data: {
-                label: 'Updated Label',
-                data: 'https://example.com/updated.pdf',
-              },
-            },
-          },
-        );
-
-        expect(res.ok()).toBeFalsy();
-        expect(res.status()).toBe(404);
-      });
-
-      test('should allow authorized access to envelope attachment update endpoint', async ({
-        request,
-      }) => {
-        const doc = await seedBlankDocument(userA, teamA.id);
-
-        const attachment = await prisma.envelopeAttachment.create({
-          data: {
-            envelopeId: doc.id,
-            type: 'link',
-            label: 'Original Label',
-            data: 'https://example.com/original.pdf',
-          },
-        });
-
-        const res = await request.post(
-          `${WEBAPP_BASE_URL}/api/v2-beta/envelope/attachment/update`,
-          {
-            headers: { Authorization: `Bearer ${tokenA}` },
-            data: {
-              id: attachment.id,
-              data: {
-                label: 'Updated Label',
-                data: 'https://example.com/updated.pdf',
-              },
-            },
-          },
-        );
-
-        expect(res.ok()).toBeTruthy();
-        expect(res.status()).toBe(200);
-      });
-    });
-
-    test.describe('Envelope attachment delete endpoint', () => {
-      test('should block unauthorized access to envelope attachment delete endpoint', async ({
-        request,
-      }) => {
-        const doc = await seedBlankDocument(userA, teamA.id);
-
-        const attachment = await prisma.envelopeAttachment.create({
-          data: {
-            envelopeId: doc.id,
-            type: 'link',
-            label: 'Test Attachment',
-            data: 'https://example.com/file.pdf',
-          },
-        });
-
-        const res = await request.post(
-          `${WEBAPP_BASE_URL}/api/v2-beta/envelope/attachment/delete`,
-          {
-            headers: { Authorization: `Bearer ${tokenB}` },
-            data: { id: attachment.id },
-          },
-        );
-
-        expect(res.ok()).toBeFalsy();
-        expect(res.status()).toBe(404);
-      });
-
-      test('should allow authorized access to envelope attachment delete endpoint', async ({
-        request,
-      }) => {
-        const doc = await seedBlankDocument(userA, teamA.id);
-
-        const attachment = await prisma.envelopeAttachment.create({
-          data: {
-            envelopeId: doc.id,
-            type: 'link',
-            label: 'Test Attachment',
-            data: 'https://example.com/file.pdf',
-          },
-        });
-
-        const res = await request.post(
-          `${WEBAPP_BASE_URL}/api/v2-beta/envelope/attachment/delete`,
-          {
-            headers: { Authorization: `Bearer ${tokenA}` },
-            data: { id: attachment.id },
-          },
-        );
-
-        expect(res.ok()).toBeTruthy();
-        expect(res.status()).toBe(200);
-      });
-    });
-
     test.describe('Envelope audit logs endpoint', () => {
       test('should block unauthorized access to envelope audit logs endpoint', async ({
         request,

packages/app-tests/e2e/api/v2/unauthorized-api-access/api-access-envelope-attachments.spec.ts

@@ -0,0 +1,220 @@
+import { expect, test } from '@playwright/test';
+import type { Team, User } from '@prisma/client';
+
+import { NEXT_PUBLIC_WEBAPP_URL } from '@documenso/lib/constants/app';
+import { createApiToken } from '@documenso/lib/server-only/public-api/create-api-token';
+import { prisma } from '@documenso/prisma';
+import { seedBlankDocument } from '@documenso/prisma/seed/documents';
+import { seedUser } from '@documenso/prisma/seed/users';
+
+const WEBAPP_BASE_URL = NEXT_PUBLIC_WEBAPP_URL();
+
+test.describe.configure({
+  mode: 'parallel',
+});
+
+test.describe('Envelope Attachments API V2', () => {
+  let userA: User, teamA: Team, userB: User, teamB: Team, tokenA: string, tokenB: string;
+
+  test.beforeEach(async () => {
+    ({ user: userA, team: teamA } = await seedUser());
+    ({ token: tokenA } = await createApiToken({
+      userId: userA.id,
+      teamId: teamA.id,
+      tokenName: 'userA',
+      expiresIn: null,
+    }));
+
+    ({ user: userB, team: teamB } = await seedUser());
+    ({ token: tokenB } = await createApiToken({
+      userId: userB.id,
+      teamId: teamB.id,
+      tokenName: 'userB',
+      expiresIn: null,
+    }));
+  });
+
+  test.describe('Envelope attachment find endpoint', () => {
+    test('should block unauthorized access to envelope attachment find endpoint', async ({
+      request,
+    }) => {
+      const doc = await seedBlankDocument(userA, teamA.id);
+
+      const res = await request.get(
+        `${WEBAPP_BASE_URL}/api/v2-beta/envelope/attachment?envelopeId=${doc.id}`,
+        {
+          headers: { Authorization: `Bearer ${tokenB}` },
+        },
+      );
+
+      expect(res.ok()).toBeFalsy();
+      expect(res.status()).toBe(404);
+    });
+
+    test('should allow authorized access to envelope attachment find endpoint', async ({
+      request,
+    }) => {
+      const doc = await seedBlankDocument(userA, teamA.id);
+
+      const res = await request.get(
+        `${WEBAPP_BASE_URL}/api/v2-beta/envelope/attachment?envelopeId=${doc.id}`,
+        {
+          headers: { Authorization: `Bearer ${tokenA}` },
+        },
+      );
+
+      expect(res.ok()).toBeTruthy();
+      expect(res.status()).toBe(200);
+    });
+  });
+
+  test.describe('Envelope attachment create endpoint', () => {
+    test('should block unauthorized access to envelope attachment create endpoint', async ({
+      request,
+    }) => {
+      const doc = await seedBlankDocument(userA, teamA.id);
+
+      const res = await request.post(`${WEBAPP_BASE_URL}/api/v2-beta/envelope/attachment/create`, {
+        headers: { Authorization: `Bearer ${tokenB}` },
+        data: {
+          envelopeId: doc.id,
+          data: {
+            label: 'Test Attachment',
+            data: 'https://example.com/file.pdf',
+          },
+        },
+      });
+
+      expect(res.ok()).toBeFalsy();
+      expect(res.status()).toBe(404);
+    });
+
+    test('should allow authorized access to envelope attachment create endpoint', async ({
+      request,
+    }) => {
+      const doc = await seedBlankDocument(userA, teamA.id);
+
+      const res = await request.post(`${WEBAPP_BASE_URL}/api/v2-beta/envelope/attachment/create`, {
+        headers: { Authorization: `Bearer ${tokenA}` },
+        data: {
+          envelopeId: doc.id,
+          data: {
+            label: 'Test Attachment',
+            data: 'https://example.com/file.pdf',
+          },
+        },
+      });
+
+      expect(res.ok()).toBeTruthy();
+      expect(res.status()).toBe(200);
+    });
+  });
+
+  test.describe('Envelope attachment update endpoint', () => {
+    test('should block unauthorized access to envelope attachment update endpoint', async ({
+      request,
+    }) => {
+      const doc = await seedBlankDocument(userA, teamA.id);
+
+      const attachment = await prisma.envelopeAttachment.create({
+        data: {
+          envelopeId: doc.id,
+          type: 'link',
+          label: 'Original Label',
+          data: 'https://example.com/original.pdf',
+        },
+      });
+
+      const res = await request.post(`${WEBAPP_BASE_URL}/api/v2-beta/envelope/attachment/update`, {
+        headers: { Authorization: `Bearer ${tokenB}` },
+        data: {
+          id: attachment.id,
+          data: {
+            label: 'Updated Label',
+            data: 'https://example.com/updated.pdf',
+          },
+        },
+      });
+
+      expect(res.ok()).toBeFalsy();
+      expect(res.status()).toBe(404);
+    });
+
+    test('should allow authorized access to envelope attachment update endpoint', async ({
+      request,
+    }) => {
+      const doc = await seedBlankDocument(userA, teamA.id);
+
+      const attachment = await prisma.envelopeAttachment.create({
+        data: {
+          envelopeId: doc.id,
+          type: 'link',
+          label: 'Original Label',
+          data: 'https://example.com/original.pdf',
+        },
+      });
+
+      const res = await request.post(`${WEBAPP_BASE_URL}/api/v2-beta/envelope/attachment/update`, {
+        headers: { Authorization: `Bearer ${tokenA}` },
+        data: {
+          id: attachment.id,
+          data: {
+            label: 'Updated Label',
+            data: 'https://example.com/updated.pdf',
+          },
+        },
+      });
+
+      expect(res.ok()).toBeTruthy();
+      expect(res.status()).toBe(200);
+    });
+  });
+
+  test.describe('Envelope attachment delete endpoint', () => {
+    test('should block unauthorized access to envelope attachment delete endpoint', async ({
+      request,
+    }) => {
+      const doc = await seedBlankDocument(userA, teamA.id);
+
+      const attachment = await prisma.envelopeAttachment.create({
+        data: {
+          envelopeId: doc.id,
+          type: 'link',
+          label: 'Test Attachment',
+          data: 'https://example.com/file.pdf',
+        },
+      });
+
+      const res = await request.post(`${WEBAPP_BASE_URL}/api/v2-beta/envelope/attachment/delete`, {
+        headers: { Authorization: `Bearer ${tokenB}` },
+        data: { id: attachment.id },
+      });
+
+      expect(res.ok()).toBeFalsy();
+      expect(res.status()).toBe(404);
+    });
+
+    test('should allow authorized access to envelope attachment delete endpoint', async ({
+      request,
+    }) => {
+      const doc = await seedBlankDocument(userA, teamA.id);
+
+      const attachment = await prisma.envelopeAttachment.create({
+        data: {
+          envelopeId: doc.id,
+          type: 'link',
+          label: 'Test Attachment',
+          data: 'https://example.com/file.pdf',
+        },
+      });
+
+      const res = await request.post(`${WEBAPP_BASE_URL}/api/v2-beta/envelope/attachment/delete`, {
+        headers: { Authorization: `Bearer ${tokenA}` },
+        data: { id: attachment.id },
+      });
+
+      expect(res.ok()).toBeTruthy();
+      expect(res.status()).toBe(200);
+    });
+  });
+});

packages/app-tests/e2e/api/v2/unauthorized-api-access/api-access-envelope-bulk.spec.ts

@@ -0,0 +1,390 @@
+import { expect, test } from '@playwright/test';
+import type { Team, User } from '@prisma/client';
+import { EnvelopeType, FolderType } from '@prisma/client';
+
+import { NEXT_PUBLIC_WEBAPP_URL } from '@documenso/lib/constants/app';
+import { createApiToken } from '@documenso/lib/server-only/public-api/create-api-token';
+import { prisma } from '@documenso/prisma';
+import { seedBlankDocument } from '@documenso/prisma/seed/documents';
+import { seedBlankFolder } from '@documenso/prisma/seed/folders';
+import { seedUser } from '@documenso/prisma/seed/users';
+
+const WEBAPP_BASE_URL = NEXT_PUBLIC_WEBAPP_URL();
+
+test.describe.configure({
+  mode: 'parallel',
+});
+
+// Todo: Remove skip once the API endpoints are released.
+test.describe.skip('Envelope Bulk API V2', () => {
+  let userA: User, teamA: Team, userB: User, teamB: Team, tokenA: string, tokenB: string;
+
+  test.beforeEach(async () => {
+    ({ user: userA, team: teamA } = await seedUser());
+    ({ token: tokenA } = await createApiToken({
+      userId: userA.id,
+      teamId: teamA.id,
+      tokenName: 'userA',
+      expiresIn: null,
+    }));
+
+    ({ user: userB, team: teamB } = await seedUser());
+    ({ token: tokenB } = await createApiToken({
+      userId: userB.id,
+      teamId: teamB.id,
+      tokenName: 'userB',
+      expiresIn: null,
+    }));
+  });
+
+  test.describe('Envelope bulk move endpoint', () => {
+    test('should block unauthorized access to envelope bulk move endpoint', async ({ request }) => {
+      // Create a document owned by userA
+      const doc = await seedBlankDocument(userA, teamA.id);
+
+      // UserB tries to move userA's document
+      const res = await request.post(`${WEBAPP_BASE_URL}/api/v2-beta/envelope/bulk/move`, {
+        headers: { Authorization: `Bearer ${tokenB}` },
+        data: {
+          envelopeIds: [doc.id],
+          envelopeType: EnvelopeType.DOCUMENT,
+          folderId: null,
+        },
+      });
+
+      expect(res.ok()).toBeTruthy();
+      expect(res.status()).toBe(200);
+
+      const body = await res.json();
+      expect(body.movedCount).toBe(0);
+
+      // Verify in database that the document was not modified
+      const docInDb = await prisma.envelope.findFirst({
+        where: { id: doc.id },
+      });
+
+      expect(docInDb).not.toBeNull();
+      expect(docInDb?.folderId).toBeNull();
+    });
+
+    test('should block moving envelopes to unauthorized folder', async ({ request }) => {
+      // Create a document owned by userB
+      const doc = await seedBlankDocument(userB, teamB.id);
+
+      // Create a folder owned by userA
+      const folderA = await seedBlankFolder(userA, teamA.id, {
+        createFolderOptions: {
+          name: 'UserA Folder',
+          type: FolderType.DOCUMENT,
+        },
+      });
+
+      // UserB tries to move their document to userA's folder
+      const res = await request.post(`${WEBAPP_BASE_URL}/api/v2-beta/envelope/bulk/move`, {
+        headers: { Authorization: `Bearer ${tokenB}` },
+        data: {
+          envelopeIds: [doc.id],
+          envelopeType: EnvelopeType.DOCUMENT,
+          folderId: folderA.id,
+        },
+      });
+
+      expect(res.ok()).toBeFalsy();
+      expect(res.status()).toBe(404);
+
+      // Verify in database that the document was not modified
+      const docInDb = await prisma.envelope.findFirst({
+        where: { id: doc.id },
+      });
+
+      expect(docInDb).not.toBeNull();
+      expect(docInDb?.folderId).toBeNull();
+    });
+
+    test('should allow authorized access to envelope bulk move endpoint', async ({ request }) => {
+      // Create a document owned by userA
+      const doc = await seedBlankDocument(userA, teamA.id);
+
+      // Create a folder owned by userA
+      const folderA = await seedBlankFolder(userA, teamA.id, {
+        createFolderOptions: {
+          name: 'UserA Folder',
+          type: FolderType.DOCUMENT,
+        },
+      });
+
+      // UserA moves their own document to their own folder
+      const res = await request.post(`${WEBAPP_BASE_URL}/api/v2-beta/envelope/bulk/move`, {
+        headers: { Authorization: `Bearer ${tokenA}` },
+        data: {
+          envelopeIds: [doc.id],
+          envelopeType: EnvelopeType.DOCUMENT,
+          folderId: folderA.id,
+        },
+      });
+
+      expect(res.ok()).toBeTruthy();
+      expect(res.status()).toBe(200);
+
+      const body = await res.json();
+      expect(body.movedCount).toBe(1);
+
+      // Verify in database that the document was moved to the folder
+      const docInDb = await prisma.envelope.findFirst({
+        where: { id: doc.id },
+      });
+
+      expect(docInDb).not.toBeNull();
+      expect(docInDb?.folderId).toBe(folderA.id);
+    });
+
+    test('should only move authorized envelopes when given mixed array of envelope IDs', async ({
+      request,
+    }) => {
+      // Create documents owned by userA
+      const docA1 = await seedBlankDocument(userA, teamA.id);
+      const docA2 = await seedBlankDocument(userA, teamA.id);
+
+      // Create a document owned by userB
+      const docB = await seedBlankDocument(userB, teamB.id);
+
+      // Create a folder owned by userA
+      const folderA = await seedBlankFolder(userA, teamA.id, {
+        createFolderOptions: {
+          name: 'UserA Folder',
+          type: FolderType.DOCUMENT,
+        },
+      });
+
+      // UserA tries to move a mix of their own documents and userB's document
+      const res = await request.post(`${WEBAPP_BASE_URL}/api/v2-beta/envelope/bulk/move`, {
+        headers: { Authorization: `Bearer ${tokenA}` },
+        data: {
+          envelopeIds: [docA1.id, docB.id, docA2.id],
+          envelopeType: EnvelopeType.DOCUMENT,
+          folderId: folderA.id,
+        },
+      });
+
+      expect(res.ok()).toBeTruthy();
+      expect(res.status()).toBe(200);
+
+      const body = await res.json();
+      // Only userA's documents should be moved
+      expect(body.movedCount).toBe(2);
+
+      // Verify userA's documents were moved
+      const docA1InDb = await prisma.envelope.findFirst({
+        where: { id: docA1.id },
+      });
+      expect(docA1InDb).not.toBeNull();
+      expect(docA1InDb?.folderId).toBe(folderA.id);
+
+      const docA2InDb = await prisma.envelope.findFirst({
+        where: { id: docA2.id },
+      });
+      expect(docA2InDb).not.toBeNull();
+      expect(docA2InDb?.folderId).toBe(folderA.id);
+
+      // Verify userB's document was NOT moved
+      const docBInDb = await prisma.envelope.findFirst({
+        where: { id: docB.id },
+      });
+      expect(docBInDb).not.toBeNull();
+      expect(docBInDb?.folderId).toBeNull();
+    });
+
+    test('should move zero envelopes when all envelope IDs in array are unauthorized', async ({
+      request,
+    }) => {
+      // Create documents owned by userB
+      const docB1 = await seedBlankDocument(userB, teamB.id);
+      const docB2 = await seedBlankDocument(userB, teamB.id);
+
+      // Create a folder owned by userA
+      const folderA = await seedBlankFolder(userA, teamA.id, {
+        createFolderOptions: {
+          name: 'UserA Folder',
+          type: FolderType.DOCUMENT,
+        },
+      });
+
+      // UserA tries to move userB's documents
+      const res = await request.post(`${WEBAPP_BASE_URL}/api/v2-beta/envelope/bulk/move`, {
+        headers: { Authorization: `Bearer ${tokenA}` },
+        data: {
+          envelopeIds: [docB1.id, docB2.id],
+          envelopeType: EnvelopeType.DOCUMENT,
+          folderId: folderA.id,
+        },
+      });
+
+      expect(res.ok()).toBeTruthy();
+      expect(res.status()).toBe(200);
+
+      const body = await res.json();
+      expect(body.movedCount).toBe(0);
+
+      // Verify userB's documents were NOT moved
+      const docB1InDb = await prisma.envelope.findFirst({
+        where: { id: docB1.id },
+      });
+      expect(docB1InDb).not.toBeNull();
+      expect(docB1InDb?.folderId).toBeNull();
+
+      const docB2InDb = await prisma.envelope.findFirst({
+        where: { id: docB2.id },
+      });
+      expect(docB2InDb).not.toBeNull();
+      expect(docB2InDb?.folderId).toBeNull();
+    });
+  });
+
+  test.describe('Envelope bulk delete endpoint', () => {
+    test('should block unauthorized access to envelope bulk delete endpoint', async ({
+      request,
+    }) => {
+      // Create a document owned by userA
+      const doc = await seedBlankDocument(userA, teamA.id);
+
+      // UserB tries to delete userA's document
+      const res = await request.post(`${WEBAPP_BASE_URL}/api/v2-beta/envelope/bulk/delete`, {
+        headers: { Authorization: `Bearer ${tokenB}` },
+        data: {
+          envelopeIds: [doc.id],
+        },
+      });
+
+      expect(res.ok()).toBeTruthy();
+      expect(res.status()).toBe(200);
+
+      const body = await res.json();
+      expect(body.deletedCount).toBe(0);
+      // Unauthorized envelope ID should be in failedIds
+      expect(body.failedIds).toEqual([doc.id]);
+
+      // Verify in database that the document still exists
+      const docInDb = await prisma.envelope.findFirst({
+        where: { id: doc.id },
+      });
+
+      expect(docInDb).not.toBeNull();
+      expect(docInDb?.id).toBe(doc.id);
+      expect(docInDb?.deletedAt).toBeNull();
+    });
+
+    test('should allow authorized access to envelope bulk delete endpoint', async ({ request }) => {
+      // Create a document owned by userA
+      const doc = await seedBlankDocument(userA, teamA.id);
+
+      // UserA deletes their own document
+      const res = await request.post(`${WEBAPP_BASE_URL}/api/v2-beta/envelope/bulk/delete`, {
+        headers: { Authorization: `Bearer ${tokenA}` },
+        data: {
+          envelopeIds: [doc.id],
+        },
+      });
+
+      expect(res.ok()).toBeTruthy();
+      expect(res.status()).toBe(200);
+
+      const body = await res.json();
+      expect(body.deletedCount).toBe(1);
+      expect(body.failedIds).toEqual([]);
+
+      // Verify in database that the document no longer exists
+      const docInDb = await prisma.envelope.findFirst({
+        where: { id: doc.id },
+      });
+
+      expect(docInDb).toBeNull();
+    });
+
+    test('should only delete authorized envelopes when given mixed array of envelope IDs', async ({
+      request,
+    }) => {
+      // Create documents owned by userA
+      const docA1 = await seedBlankDocument(userA, teamA.id);
+      const docA2 = await seedBlankDocument(userA, teamA.id);
+
+      // Create a document owned by userB
+      const docB = await seedBlankDocument(userB, teamB.id);
+
+      // UserA tries to delete a mix of their own documents and userB's document
+      const res = await request.post(`${WEBAPP_BASE_URL}/api/v2-beta/envelope/bulk/delete`, {
+        headers: { Authorization: `Bearer ${tokenA}` },
+        data: {
+          envelopeIds: [docA1.id, docB.id, docA2.id],
+        },
+      });
+
+      expect(res.ok()).toBeTruthy();
+      expect(res.status()).toBe(200);
+
+      const body = await res.json();
+      // Only userA's documents should be deleted
+      expect(body.deletedCount).toBe(2);
+      // Unauthorized envelope ID (docB) should be in failedIds
+      expect(body.failedIds).toEqual([docB.id]);
+
+      // Verify userA's documents were deleted
+      const docA1InDb = await prisma.envelope.findFirst({
+        where: { id: docA1.id },
+      });
+      expect(docA1InDb).toBeNull();
+
+      const docA2InDb = await prisma.envelope.findFirst({
+        where: { id: docA2.id },
+      });
+      expect(docA2InDb).toBeNull();
+
+      // Verify userB's document was NOT deleted
+      const docBInDb = await prisma.envelope.findFirst({
+        where: { id: docB.id },
+      });
+      expect(docBInDb).not.toBeNull();
+      expect(docBInDb?.id).toBe(docB.id);
+      expect(docBInDb?.deletedAt).toBeNull();
+    });
+
+    test('should delete zero envelopes when all envelope IDs in array are unauthorized', async ({
+      request,
+    }) => {
+      // Create documents owned by userB
+      const docB1 = await seedBlankDocument(userB, teamB.id);
+      const docB2 = await seedBlankDocument(userB, teamB.id);
+
+      // UserA tries to delete userB's documents
+      const res = await request.post(`${WEBAPP_BASE_URL}/api/v2-beta/envelope/bulk/delete`, {
+        headers: { Authorization: `Bearer ${tokenA}` },
+        data: {
+          envelopeIds: [docB1.id, docB2.id],
+        },
+      });
+
+      expect(res.ok()).toBeTruthy();
+      expect(res.status()).toBe(200);
+
+      const body = await res.json();
+      expect(body.deletedCount).toBe(0);
+      // All unauthorized envelope IDs should be in failedIds
+      expect(body.failedIds).toEqual(expect.arrayContaining([docB1.id, docB2.id]));
+      expect(body.failedIds).toHaveLength(2);
+
+      // Verify userB's documents were NOT deleted
+      const docB1InDb = await prisma.envelope.findFirst({
+        where: { id: docB1.id },
+      });
+      expect(docB1InDb).not.toBeNull();
+      expect(docB1InDb?.id).toBe(docB1.id);
+      expect(docB1InDb?.deletedAt).toBeNull();
+
+      const docB2InDb = await prisma.envelope.findFirst({
+        where: { id: docB2.id },
+      });
+      expect(docB2InDb).not.toBeNull();
+      expect(docB2InDb?.id).toBe(docB2.id);
+      expect(docB2InDb?.deletedAt).toBeNull();
+    });
+  });
+});

packages/app-tests/e2e/auto-placing-fields/auto-place-fields-document.spec.ts

@@ -0,0 +1,307 @@
+import { type Page, expect, test } from '@playwright/test';
+import path from 'path';
+
+import { prisma } from '@documenso/prisma';
+import { RecipientRole } from '@documenso/prisma/client';
+import { seedUser } from '@documenso/prisma/seed/users';
+
+import { apiSignin } from '../fixtures/authentication';
+
+const FIXTURES_DIR = path.join(__dirname, '../../../assets/fixtures/auto-placement');
+
+const SINGLE_PLACEHOLDER_PDF_PATH = path.join(
+  FIXTURES_DIR,
+  'project-proposal-single-recipient.pdf',
+);
+
+const MULTIPLE_PLACEHOLDER_PDF_PATH = path.join(
+  FIXTURES_DIR,
+  'project-proposal-multiple-fields-and-recipients.pdf',
+);
+
+const NO_RECIPIENT_PDF_PATH = path.join(FIXTURES_DIR, 'no-recipient-placeholders.pdf');
+
+const INVALID_FIELD_TYPE_PDF_PATH = path.join(FIXTURES_DIR, 'invalid-field-type.pdf');
+
+const FIELD_TYPE_ONLY_PDF_PATH = path.join(FIXTURES_DIR, 'field-type-only.pdf');
+
+const setTeamDefaultRecipients = async (
+  teamId: number,
+  defaultRecipients: Array<{ email: string; name: string; role: RecipientRole }>,
+) => {
+  const teamSettings = await prisma.teamGlobalSettings.findFirstOrThrow({
+    where: {
+      team: {
+        id: teamId,
+      },
+    },
+  });
+
+  await prisma.teamGlobalSettings.update({
+    where: {
+      id: teamSettings.id,
+    },
+    data: {
+      defaultRecipients,
+    },
+  });
+};
+
+const setupUserAndSignIn = async (page: Page) => {
+  const { user, team } = await seedUser();
+
+  await apiSignin({
+    page,
+    email: user.email,
+    redirectPath: `/t/${team.url}/documents`,
+  });
+
+  return { user, team };
+};
+
+const uploadPdf = async (page: Page, team: { url: string }, pdfPath: string) => {
+  const [fileChooser] = await Promise.all([
+    page.waitForEvent('filechooser'),
+    page
+      .locator('input[type=file]')
+      .nth(1)
+      .evaluate((e) => {
+        if (e instanceof HTMLInputElement) {
+          e.click();
+        }
+      }),
+  ]);
+
+  await fileChooser.setFiles(pdfPath);
+
+  // Wait for redirect to v2 envelope editor.
+  await page.waitForURL(new RegExp(`/t/${team.url}/documents/envelope_.*`));
+
+  // Extract envelope ID from URL.
+  const urlParts = page.url().split('/');
+  const envelopeId = urlParts.find((part) => part.startsWith('envelope_'));
+
+  if (!envelopeId) {
+    throw new Error('Could not extract envelope ID from URL');
+  }
+
+  return envelopeId;
+};
+
+test.describe('PDF Placeholders with single recipient', () => {
+  test('[AUTO_PLACING_FIELDS]: should create placeholder recipients even with default recipients', async ({
+    page,
+  }) => {
+    const { user, team } = await seedUser();
+
+    await setTeamDefaultRecipients(team.id, [
+      {
+        email: user.email,
+        name: user.name || user.email,
+        role: RecipientRole.CC,
+      },
+    ]);
+
+    await apiSignin({
+      page,
+      email: user.email,
+      redirectPath: `/t/${team.url}/documents`,
+    });
+
+    const envelopeId = await uploadPdf(page, team, SINGLE_PLACEHOLDER_PDF_PATH);
+
+    await expect(async () => {
+      const recipients = await prisma.recipient.findMany({
+        where: { envelopeId },
+      });
+
+      const placeholderRecipient = recipients.find(
+        (recipient) => recipient.email === 'recipient.1@documenso.com',
+      );
+
+      const defaultRecipient = recipients.find((recipient) => recipient.email === user.email);
+
+      expect(placeholderRecipient).toBeDefined();
+      expect(defaultRecipient).toBeDefined();
+
+      const fields = await prisma.field.findMany({
+        where: { envelopeId },
+      });
+
+      expect(fields.length).toBeGreaterThan(0);
+      expect(fields.every((field) => field.recipientId === placeholderRecipient!.id)).toBe(true);
+    }).toPass();
+  });
+
+  test('[AUTO_PLACING_FIELDS]: should automatically create recipients from PDF placeholders', async ({
+    page,
+  }) => {
+    const { team } = await setupUserAndSignIn(page);
+    await uploadPdf(page, team, SINGLE_PLACEHOLDER_PDF_PATH);
+
+    // V2 editor shows recipients on the upload page under "Recipients" heading.
+    await expect(page.getByRole('heading', { name: 'Recipients' })).toBeVisible();
+    await expect(page.getByTestId('signer-email-input').first()).toHaveValue(
+      'recipient.1@documenso.com',
+    );
+    await expect(page.getByLabel('Name').first()).toHaveValue('Recipient 1');
+  });
+
+  test('[AUTO_PLACING_FIELDS]: should automatically place fields from PDF placeholders', async ({
+    page,
+  }) => {
+    const { team } = await setupUserAndSignIn(page);
+    const envelopeId = await uploadPdf(page, team, SINGLE_PLACEHOLDER_PDF_PATH);
+
+    // V2 editor renders fields on a Konva canvas, so we verify via the database.
+    await expect(async () => {
+      const fields = await prisma.field.findMany({
+        where: { envelopeId },
+      });
+
+      const fieldTypes = fields.map((f) => f.type).sort();
+      expect(fieldTypes).toEqual(['EMAIL', 'NAME', 'SIGNATURE', 'TEXT'].sort());
+    }).toPass();
+  });
+
+  test('[AUTO_PLACING_FIELDS]: should automatically configure fields from PDF placeholders', async ({
+    page,
+  }) => {
+    const { team } = await setupUserAndSignIn(page);
+    const envelopeId = await uploadPdf(page, team, SINGLE_PLACEHOLDER_PDF_PATH);
+
+    // Verify field metadata was correctly parsed from the placeholder.
+    await expect(async () => {
+      const textField = await prisma.field.findFirst({
+        where: { envelopeId, type: 'TEXT' },
+      });
+
+      expect(textField).toBeDefined();
+      expect(textField!.fieldMeta).toBeDefined();
+
+      const meta = textField!.fieldMeta as Record<string, unknown>;
+      expect(meta.required).toBe(true);
+      expect(meta.textAlign).toBe('right');
+    }).toPass();
+  });
+});
+
+test.describe('PDF Placeholders with multiple recipients', () => {
+  test('[AUTO_PLACING_FIELDS]: should automatically create recipients from PDF placeholders', async ({
+    page,
+  }) => {
+    const { team } = await setupUserAndSignIn(page);
+    const envelopeId = await uploadPdf(page, team, MULTIPLE_PLACEHOLDER_PDF_PATH);
+
+    // V2 editor shows recipients on the upload page.
+    await expect(page.getByRole('heading', { name: 'Recipients' })).toBeVisible();
+
+    await expect(page.getByTestId('signer-email-input').first()).toHaveValue(
+      'recipient.1@documenso.com',
+    );
+
+    await expect(page.getByTestId('signer-email-input').nth(1)).toHaveValue(
+      'recipient.2@documenso.com',
+    );
+
+    await expect(page.getByTestId('signer-email-input').nth(2)).toHaveValue(
+      'recipient.3@documenso.com',
+    );
+
+    // Verify recipients via the database for name validation since the v2 editor
+    // only shows the "Name" label on the first recipient row.
+    await expect(async () => {
+      const recipients = await prisma.recipient.findMany({
+        where: { envelopeId },
+        orderBy: { signingOrder: 'asc' },
+      });
+
+      expect(recipients).toHaveLength(3);
+      expect(recipients[0].name).toBe('Recipient 1');
+      expect(recipients[1].name).toBe('Recipient 2');
+      expect(recipients[2].name).toBe('Recipient 3');
+    }).toPass();
+  });
+
+  test('[AUTO_PLACING_FIELDS]: should automatically create fields from PDF placeholders', async ({
+    page,
+  }) => {
+    const { team } = await setupUserAndSignIn(page);
+    const envelopeId = await uploadPdf(page, team, MULTIPLE_PLACEHOLDER_PDF_PATH);
+
+    // V2 editor renders fields on a Konva canvas, so we verify via the database.
+    await expect(async () => {
+      const fields = await prisma.field.findMany({
+        where: { envelopeId },
+      });
+
+      const fieldTypes = fields.map((f) => f.type).sort();
+      expect(fieldTypes).toEqual(
+        ['SIGNATURE', 'SIGNATURE', 'SIGNATURE', 'EMAIL', 'EMAIL', 'NAME', 'TEXT', 'NUMBER'].sort(),
+      );
+    }).toPass();
+  });
+});
+
+test.describe('PDF Placeholders without recipient identifier', () => {
+  test('[AUTO_PLACING_FIELDS]: should skip placeholders without a recipient identifier', async ({
+    page,
+  }) => {
+    const { team } = await setupUserAndSignIn(page);
+    const envelopeId = await uploadPdf(page, team, NO_RECIPIENT_PDF_PATH);
+
+    // Placeholders like {{signature}}, {{name}}, {{email}} have no recipient
+    // identifier and should be skipped entirely. No fields or auto-created
+    // recipients should exist.
+    await expect(async () => {
+      const fields = await prisma.field.findMany({
+        where: { envelopeId },
+      });
+
+      expect(fields).toHaveLength(0);
+    }).toPass();
+  });
+
+  test('[AUTO_PLACING_FIELDS]: should skip a bare field type placeholder', async ({ page }) => {
+    const { team } = await setupUserAndSignIn(page);
+    const envelopeId = await uploadPdf(page, team, FIELD_TYPE_ONLY_PDF_PATH);
+
+    await expect(async () => {
+      const fields = await prisma.field.findMany({
+        where: { envelopeId },
+      });
+
+      expect(fields).toHaveLength(0);
+    }).toPass();
+  });
+});
+
+test.describe('PDF Placeholders with invalid field types', () => {
+  test('[AUTO_PLACING_FIELDS]: should skip invalid field types and process valid ones', async ({
+    page,
+  }) => {
+    const { team } = await setupUserAndSignIn(page);
+    const envelopeId = await uploadPdf(page, team, INVALID_FIELD_TYPE_PDF_PATH);
+
+    // Only the valid placeholders (signature,r1 and email,r2) should create fields.
+    // The invalid ones (bogus,r1 and foobar,r2) should be skipped.
+    await expect(async () => {
+      const fields = await prisma.field.findMany({
+        where: { envelopeId },
+      });
+
+      const fieldTypes = fields.map((f) => f.type).sort();
+      expect(fieldTypes).toEqual(['EMAIL', 'SIGNATURE'].sort());
+    }).toPass();
+
+    // Both valid recipients should still be created.
+    await expect(async () => {
+      const recipients = await prisma.recipient.findMany({
+        where: { envelopeId },
+        orderBy: { signingOrder: 'asc' },
+      });
+
+      expect(recipients).toHaveLength(2);
+    }).toPass();
+  });
+});

packages/app-tests/e2e/documents/bulk-document-actions.spec.ts

@@ -0,0 +1,253 @@
+import { expect, test } from '@playwright/test';
+
+import { seedDraftDocument } from '@documenso/prisma/seed/documents';
+import { seedBlankFolder } from '@documenso/prisma/seed/folders';
+import { seedUser } from '@documenso/prisma/seed/users';
+
+import { apiSignin } from '../fixtures/authentication';
+import { expectToastTextToBeVisible } from '../fixtures/generic';
+
+test.describe.configure({ mode: 'parallel' });
+
+const seedBulkActionsTestRequirements = async () => {
+  const sender = await seedUser({ setTeamEmailAsOwner: true });
+
+  const [doc1, doc2, doc3] = await Promise.all([
+    seedDraftDocument(sender.user, sender.team.id, [], {
+      createDocumentOptions: { title: 'Bulk Test Doc 1' },
+    }),
+    seedDraftDocument(sender.user, sender.team.id, [], {
+      createDocumentOptions: { title: 'Bulk Test Doc 2' },
+    }),
+    seedDraftDocument(sender.user, sender.team.id, [], {
+      createDocumentOptions: { title: 'Bulk Test Doc 3' },
+    }),
+  ]);
+
+  const folder = await seedBlankFolder(sender.user, sender.team.id, {
+    createFolderOptions: {
+      name: 'Target Folder',
+      teamId: sender.team.id,
+    },
+  });
+
+  return {
+    sender,
+    documents: [doc1, doc2, doc3],
+    folder,
+  };
+};
+
+test('[BULK_ACTIONS]: can select multiple documents with checkboxes', async ({ page }) => {
+  const { sender } = await seedBulkActionsTestRequirements();
+
+  await apiSignin({
+    page,
+    email: sender.user.email,
+    redirectPath: `/t/${sender.team.url}/documents`,
+  });
+
+  await page.locator('tr', { hasText: 'Bulk Test Doc 1' }).getByRole('checkbox').click();
+  await expect(page.getByText('1 selected')).toBeVisible();
+
+  await page.locator('tr', { hasText: 'Bulk Test Doc 2' }).getByRole('checkbox').click();
+  await expect(page.getByText('2 selected')).toBeVisible();
+});
+
+test('[BULK_ACTIONS]: header checkbox selects all documents on page', async ({ page }) => {
+  const { sender, documents } = await seedBulkActionsTestRequirements();
+
+  await apiSignin({
+    page,
+    email: sender.user.email,
+    redirectPath: `/t/${sender.team.url}/documents`,
+  });
+
+  await page.locator('thead').getByRole('checkbox').click();
+
+  await expect(page.getByText(`${documents.length} selected`)).toBeVisible();
+});
+
+test('[BULK_ACTIONS]: can clear selection with X button', async ({ page }) => {
+  const { sender } = await seedBulkActionsTestRequirements();
+
+  await apiSignin({
+    page,
+    email: sender.user.email,
+    redirectPath: `/t/${sender.team.url}/documents`,
+  });
+
+  await page.locator('thead').getByRole('checkbox').click();
+  await expect(page.getByText(/\d+ selected/)).toBeVisible();
+
+  await page.getByLabel('Clear selection').click();
+
+  await expect(page.getByText(/\d+ selected/)).not.toBeVisible();
+});
+
+test('[BULK_ACTIONS]: can move multiple documents to a folder', async ({ page }) => {
+  const { sender, folder } = await seedBulkActionsTestRequirements();
+
+  await apiSignin({
+    page,
+    email: sender.user.email,
+    redirectPath: `/t/${sender.team.url}/documents`,
+  });
+
+  await page.locator('tr', { hasText: 'Bulk Test Doc 1' }).getByRole('checkbox').click();
+  await page.locator('tr', { hasText: 'Bulk Test Doc 2' }).getByRole('checkbox').click();
+  await page.getByRole('button', { name: 'Move to Folder' }).click();
+
+  await expect(page.getByRole('dialog')).toBeVisible();
+  await expect(page.getByText('Move Documents to Folder')).toBeVisible();
+
+  await page.getByRole('button', { name: folder.name }).click();
+  await page.getByRole('button', { name: 'Move' }).click();
+
+  await expectToastTextToBeVisible(page, 'Selected items have been moved.');
+
+  await page.goto(`/t/${sender.team.url}/documents/f/${folder.id}`);
+  await expect(page.getByRole('link', { name: 'Bulk Test Doc 1' })).toBeVisible();
+  await expect(page.getByRole('link', { name: 'Bulk Test Doc 2' })).toBeVisible();
+});
+
+test('[BULK_ACTIONS]: can delete multiple draft documents', async ({ page }) => {
+  const { sender } = await seedBulkActionsTestRequirements();
+
+  await apiSignin({
+    page,
+    email: sender.user.email,
+    redirectPath: `/t/${sender.team.url}/documents`,
+  });
+
+  await page.locator('tr', { hasText: 'Bulk Test Doc 1' }).getByRole('checkbox').click();
+  await page.locator('tr', { hasText: 'Bulk Test Doc 2' }).getByRole('checkbox').click();
+
+  await page.getByRole('button', { name: 'Delete' }).click();
+
+  await expect(page.getByRole('dialog')).toBeVisible();
+  await expect(page.getByText('Delete Documents')).toBeVisible();
+  await expect(page.getByText('You are about to delete 2 documents')).toBeVisible();
+  await expect(page.getByText('irreversible')).toBeVisible();
+
+  await page.getByRole('dialog').getByRole('button', { name: 'Delete' }).click();
+
+  await expectToastTextToBeVisible(page, 'Documents deleted');
+
+  await expect(page.getByRole('link', { name: 'Bulk Test Doc 1' })).not.toBeVisible();
+  await expect(page.getByRole('link', { name: 'Bulk Test Doc 2' })).not.toBeVisible();
+
+  await expect(page.getByRole('link', { name: 'Bulk Test Doc 3' })).toBeVisible();
+});
+
+test('[BULK_ACTIONS]: selection clears after successful move', async ({ page }) => {
+  const { sender, folder } = await seedBulkActionsTestRequirements();
+
+  await apiSignin({
+    page,
+    email: sender.user.email,
+    redirectPath: `/t/${sender.team.url}/documents`,
+  });
+
+  await page.locator('tr', { hasText: 'Bulk Test Doc 1' }).getByRole('checkbox').click();
+  await expect(page.getByText('1 selected')).toBeVisible();
+
+  await page.getByRole('button', { name: 'Move to Folder' }).click();
+  await page.getByRole('button', { name: folder.name }).click();
+  await page.getByRole('button', { name: 'Move' }).click();
+
+  await expectToastTextToBeVisible(page, 'Selected items have been moved.');
+  await expect(page.getByText(/\d+ selected/)).not.toBeVisible();
+});
+
+test('[BULK_ACTIONS]: selection clears after successful delete', async ({ page }) => {
+  const { sender } = await seedBulkActionsTestRequirements();
+
+  await apiSignin({
+    page,
+    email: sender.user.email,
+    redirectPath: `/t/${sender.team.url}/documents`,
+  });
+
+  await page.locator('tr', { hasText: 'Bulk Test Doc 1' }).getByRole('checkbox').click();
+  await expect(page.getByText('1 selected')).toBeVisible();
+
+  await page.getByRole('button', { name: 'Delete' }).click();
+  await page.getByRole('dialog').getByRole('button', { name: 'Delete' }).click();
+
+  await expectToastTextToBeVisible(page, 'Documents deleted');
+  await expect(page.getByText(/\d+ selected/)).not.toBeVisible();
+});
+
+test('[BULK_ACTIONS]: can search for folders in move dialog', async ({ page }) => {
+  const { sender, folder } = await seedBulkActionsTestRequirements();
+
+  const otherFolder = await seedBlankFolder(sender.user, sender.team.id, {
+    createFolderOptions: {
+      name: 'Other Folder',
+      teamId: sender.team.id,
+    },
+  });
+
+  await apiSignin({
+    page,
+    email: sender.user.email,
+    redirectPath: `/t/${sender.team.url}/documents`,
+  });
+
+  await page.locator('tr', { hasText: 'Bulk Test Doc 1' }).getByRole('checkbox').click();
+
+  await page.getByRole('button', { name: 'Move to Folder' }).click();
+  await expect(page.getByRole('dialog')).toBeVisible();
+
+  await expect(page.getByRole('button', { name: folder.name })).toBeVisible();
+  await expect(page.getByRole('button', { name: otherFolder.name })).toBeVisible();
+
+  await page.getByPlaceholder('Search folders...').fill('Target');
+  await expect(page.getByRole('button', { name: folder.name })).toBeVisible();
+  await expect(page.getByRole('button', { name: otherFolder.name })).not.toBeVisible();
+
+  await page.getByPlaceholder('Search folders...').fill('Other');
+  await expect(page.getByRole('button', { name: folder.name })).not.toBeVisible();
+  await expect(page.getByRole('button', { name: otherFolder.name })).toBeVisible();
+
+  await page.getByPlaceholder('Search folders...').fill('NonExistent');
+  await expect(page.getByText('No folders found')).toBeVisible();
+});
+
+test('[BULK_ACTIONS]: can move documents from folder to home (root)', async ({ page }) => {
+  const { sender, documents, folder } = await seedBulkActionsTestRequirements();
+
+  const { prisma } = await import('@documenso/prisma');
+
+  await prisma.envelope.updateMany({
+    where: { id: documents[0].id },
+    data: { folderId: folder.id },
+  });
+
+  await apiSignin({
+    page,
+    email: sender.user.email,
+    redirectPath: `/t/${sender.team.url}/documents/f/${folder.id}`,
+  });
+
+  await expect(page.getByRole('link', { name: 'Bulk Test Doc 1' })).toBeVisible();
+
+  await page.locator('tr', { hasText: 'Bulk Test Doc 1' }).getByRole('checkbox').click();
+  await expect(page.getByText('1 selected')).toBeVisible();
+
+  await page.getByRole('button', { name: 'Move to Folder' }).click();
+  await expect(page.getByRole('dialog')).toBeVisible();
+
+  await page.getByRole('button', { name: 'Home (No Folder)' }).click();
+
+  await page.getByRole('button', { name: 'Move' }).click();
+
+  await expectToastTextToBeVisible(page, 'Selected items have been moved.');
+
+  await page.goto(`/t/${sender.team.url}/documents`);
+  await expect(page.getByRole('link', { name: 'Bulk Test Doc 1' })).toBeVisible();
+
+  await page.goto(`/t/${sender.team.url}/documents/f/${folder.id}`);
+  await expect(page.getByRole('link', { name: 'Bulk Test Doc 1' })).not.toBeVisible();
+});

packages/app-tests/e2e/license/enterprise-feature-restrictions.spec.ts

@@ -0,0 +1,326 @@
+import { expect, test } from '@playwright/test';
+import fs from 'node:fs/promises';
+import path from 'node:path';
+
+import type { TCachedLicense, TLicenseClaim } from '@documenso/lib/types/license';
+import { seedUser } from '@documenso/prisma/seed/users';
+
+import { apiSignin } from '../fixtures/authentication';
+
+const LICENSE_FILE_NAME = '.documenso-license.json';
+const LICENSE_BACKUP_FILE_NAME = '.documenso-license-backup.json';
+
+/**
+ * Get the path to the license file.
+ *
+ * The server reads from process.cwd() which is apps/remix when the dev server runs.
+ * Tests run from packages/app-tests, so we need to go up to the root then into apps/remix.
+ */
+const getLicenseFilePath = () => {
+  // From packages/app-tests/e2e/license -> ../../../../apps/remix/.documenso-license.json
+  return path.join(__dirname, '../../../../apps/remix', LICENSE_FILE_NAME);
+};
+
+/**
+ * Get the path to the backup license file.
+ */
+const getBackupLicenseFilePath = () => {
+  return path.join(__dirname, '../../../../apps/remix', LICENSE_BACKUP_FILE_NAME);
+};
+
+/**
+ * Backup the existing license file if it exists.
+ */
+const backupLicenseFile = async () => {
+  const licensePath = getLicenseFilePath();
+  const backupPath = getBackupLicenseFilePath();
+
+  try {
+    await fs.access(licensePath);
+    await fs.rename(licensePath, backupPath);
+  } catch (e) {
+    // File doesn't exist, nothing to backup
+    console.log(e);
+  }
+};
+
+/**
+ * Restore the backup license file if it exists.
+ */
+const restoreLicenseFile = async () => {
+  const licensePath = getLicenseFilePath();
+  const backupPath = getBackupLicenseFilePath();
+
+  try {
+    await fs.access(backupPath);
+    await fs.rename(backupPath, licensePath);
+  } catch (e) {
+    // Backup doesn't exist, nothing to restore
+    console.log(e);
+  }
+};
+
+/**
+ * Write a license file with the given data.
+ * Pass null to delete the license file.
+ */
+const writeLicenseFile = async (data: TCachedLicense | null) => {
+  const licensePath = getLicenseFilePath();
+
+  if (data === null) {
+    await fs.unlink(licensePath).catch(() => {
+      // File doesn't exist, ignore
+    });
+  } else {
+    await fs.writeFile(licensePath, JSON.stringify(data, null, 2), 'utf-8');
+  }
+};
+
+/**
+ * Create a mock license object with the given flags.
+ */
+const createMockLicenseWithFlags = (flags: TLicenseClaim): TCachedLicense => {
+  return {
+    lastChecked: new Date().toISOString(),
+    license: {
+      status: 'ACTIVE',
+      createdAt: new Date(),
+      name: 'Test License',
+      periodEnd: new Date(Date.now() + 30 * 24 * 60 * 60 * 1000), // 30 days from now
+      cancelAtPeriodEnd: false,
+      licenseKey: 'test-license-key',
+      flags,
+    },
+    requestedLicenseKey: 'test-license-key',
+    derivedStatus: 'ACTIVE',
+    unauthorizedFlagUsage: false,
+  };
+};
+
+// Run tests serially to avoid race conditions with the license file
+test.describe.configure({ mode: 'serial' });
+
+// SKIPPING TEST UNTIL WE ADD A WAY TO OVERRIDE THE LICENSE FILE.
+test.describe.skip('Enterprise Feature Restrictions', () => {
+  test.beforeAll(async () => {
+    // Backup any existing license file before running tests
+    await backupLicenseFile();
+  });
+
+  test.afterAll(async () => {
+    // Restore the backup license file after all tests complete
+    await restoreLicenseFile();
+  });
+
+  test.beforeEach(async () => {
+    // Clean up license file before each test to ensure clean state
+    await writeLicenseFile(null);
+  });
+
+  test.afterEach(async () => {
+    // Clean up license file after each test
+    await writeLicenseFile(null);
+  });
+
+  test('[ADMIN CLAIMS]: shows restricted features with asterisk when no license', async ({
+    page,
+  }) => {
+    // Ensure no license file exists
+    await writeLicenseFile(null);
+
+    const { user: adminUser } = await seedUser({
+      isAdmin: true,
+    });
+
+    await apiSignin({
+      page,
+      email: adminUser.email,
+      redirectPath: '/admin/claims',
+    });
+
+    // Click Create claim button to open the dialog
+    await page.getByRole('button', { name: 'Create claim' }).click();
+
+    // Wait for dialog to open
+    await expect(page.getByRole('dialog')).toBeVisible();
+
+    // Check that enterprise features have asterisks (are restricted)
+    // These are the enterprise features that should be marked with *
+    await expect(page.getByText(/Email domains\s¹/)).toBeVisible();
+    await expect(page.getByText(/Embed authoring\s¹/)).toBeVisible();
+    await expect(page.getByText(/White label for embed authoring\s¹/)).toBeVisible();
+    await expect(page.getByText(/21 CFR\s¹/)).toBeVisible();
+    await expect(page.getByText(/Authentication portal\s¹/)).toBeVisible();
+
+    // Check that the alert is visible
+    await expect(
+      page.getByText('Your current license does not include these features.'),
+    ).toBeVisible();
+    await expect(page.getByRole('link', { name: 'Learn more' })).toBeVisible();
+
+    // Check that enterprise feature checkboxes are disabled
+    const emailDomainsCheckbox = page.locator('#flag-emailDomains');
+    await expect(emailDomainsCheckbox).toBeDisabled();
+
+    const cfr21Checkbox = page.locator('#flag-cfr21');
+    await expect(cfr21Checkbox).toBeDisabled();
+
+    const authPortalCheckbox = page.locator('#flag-authenticationPortal');
+    await expect(authPortalCheckbox).toBeDisabled();
+  });
+
+  test('[ADMIN CLAIMS]: no restrictions when license has all enterprise features', async ({
+    page,
+  }) => {
+    // Create a license with ALL enterprise features enabled
+    await writeLicenseFile(
+      createMockLicenseWithFlags({
+        emailDomains: true,
+        embedAuthoring: true,
+        embedAuthoringWhiteLabel: true,
+        cfr21: true,
+        authenticationPortal: true,
+        billing: true,
+      }),
+    );
+
+    const { user: adminUser } = await seedUser({
+      isAdmin: true,
+    });
+
+    await apiSignin({
+      page,
+      email: adminUser.email,
+      redirectPath: '/admin/claims',
+    });
+
+    // Click Create claim button to open the dialog
+    await page.getByRole('button', { name: 'Create claim' }).click();
+
+    // Wait for dialog to open
+    await expect(page.getByRole('dialog')).toBeVisible();
+
+    // Check that enterprise features do NOT have asterisks
+    // They should show without the * since the license covers them
+    await expect(page.getByText(/Email domains\s¹/)).not.toBeVisible();
+    await expect(page.getByText(/Embed authoring\s¹/)).not.toBeVisible();
+    await expect(page.getByText(/21 CFR\s¹/)).not.toBeVisible();
+    await expect(page.getByText(/Authentication portal\s¹/)).not.toBeVisible();
+
+    // The plain labels should be visible (without asterisks)
+    await expect(page.locator('label[for="flag-emailDomains"]')).toContainText('Email domains');
+    await expect(page.locator('label[for="flag-cfr21"]')).toContainText('21 CFR');
+
+    // The alert should NOT be visible
+    await expect(
+      page.getByText('Your current license does not include these features.'),
+    ).not.toBeVisible();
+
+    // Check that enterprise feature checkboxes are enabled
+    const emailDomainsCheckbox = page.locator('#flag-emailDomains');
+    await expect(emailDomainsCheckbox).toBeEnabled();
+
+    const cfr21Checkbox = page.locator('#flag-cfr21');
+    await expect(cfr21Checkbox).toBeEnabled();
+
+    const authPortalCheckbox = page.locator('#flag-authenticationPortal');
+    await expect(authPortalCheckbox).toBeEnabled();
+  });
+
+  test('[ADMIN CLAIMS]: only unlicensed features show asterisk with partial license', async ({
+    page,
+  }) => {
+    // Create a license with SOME enterprise features (emailDomains and cfr21)
+    await writeLicenseFile(
+      createMockLicenseWithFlags({
+        emailDomains: true,
+        cfr21: true,
+        // embedAuthoring, embedAuthoringWhiteLabel, authenticationPortal are NOT included
+      }),
+    );
+
+    const { user: adminUser } = await seedUser({
+      isAdmin: true,
+    });
+
+    await apiSignin({
+      page,
+      email: adminUser.email,
+      redirectPath: '/admin/claims',
+    });
+
+    // Click Create claim button to open the dialog
+    await page.getByRole('button', { name: 'Create claim' }).click();
+
+    // Wait for dialog to open
+    await expect(page.getByRole('dialog')).toBeVisible();
+
+    // Features NOT in license should have asterisks
+    await expect(page.getByText(/Embed authoring\s¹/)).toBeVisible();
+    await expect(page.getByText(/White label for embed authoring\s¹/)).toBeVisible();
+    await expect(page.getByText(/Authentication portal\s¹/)).toBeVisible();
+
+    // Features IN license should NOT have asterisks
+    await expect(page.getByText(/Email domains\s¹/)).not.toBeVisible();
+    await expect(page.getByText(/21 CFR\s¹/)).not.toBeVisible();
+
+    // The plain labels for licensed features should be visible
+    await expect(page.locator('label[for="flag-emailDomains"]')).toContainText('Email domains');
+    await expect(page.locator('label[for="flag-cfr21"]')).toContainText('21 CFR');
+
+    // Alert should be visible since some features are restricted
+    await expect(
+      page.getByText('Your current license does not include these features.'),
+    ).toBeVisible();
+
+    // Licensed features should be enabled
+    const emailDomainsCheckbox = page.locator('#flag-emailDomains');
+    await expect(emailDomainsCheckbox).toBeEnabled();
+
+    const cfr21Checkbox = page.locator('#flag-cfr21');
+    await expect(cfr21Checkbox).toBeEnabled();
+
+    // Unlicensed features should be disabled
+    const embedAuthoringCheckbox = page.locator('#flag-embedAuthoring');
+    await expect(embedAuthoringCheckbox).toBeDisabled();
+
+    const authPortalCheckbox = page.locator('#flag-authenticationPortal');
+    await expect(authPortalCheckbox).toBeDisabled();
+  });
+
+  test('[ADMIN CLAIMS]: non-enterprise features are always enabled', async ({ page }) => {
+    // Ensure no license file exists
+    await writeLicenseFile(null);
+
+    const { user: adminUser } = await seedUser({
+      isAdmin: true,
+    });
+
+    await apiSignin({
+      page,
+      email: adminUser.email,
+      redirectPath: '/admin/claims',
+    });
+
+    // Click Create claim button to open the dialog
+    await page.getByRole('button', { name: 'Create claim' }).click();
+
+    // Wait for dialog to open
+    await expect(page.getByRole('dialog')).toBeVisible();
+
+    // Non-enterprise features should NOT have asterisks
+    await expect(page.getByText(/Unlimited documents\s¹/)).not.toBeVisible();
+    await expect(page.getByText(/Branding\s¹/)).not.toBeVisible();
+    await expect(page.getByText(/Embed signing\s¹/)).not.toBeVisible();
+
+    // Non-enterprise features should always be enabled
+    const unlimitedDocsCheckbox = page.locator('#flag-unlimitedDocuments');
+    await expect(unlimitedDocsCheckbox).toBeEnabled();
+
+    const brandingCheckbox = page.locator('#flag-allowCustomBranding');
+    await expect(brandingCheckbox).toBeEnabled();
+
+    const embedSigningCheckbox = page.locator('#flag-embedSigning');
+    await expect(embedSigningCheckbox).toBeEnabled();
+  });
+});

packages/app-tests/e2e/license/license-status-banner.spec.ts

@@ -0,0 +1,392 @@
+import { expect, test } from '@playwright/test';
+import fs from 'node:fs/promises';
+import path from 'node:path';
+
+import type { TCachedLicense } from '@documenso/lib/types/license';
+import { seedUser } from '@documenso/prisma/seed/users';
+
+import { apiSignin } from '../fixtures/authentication';
+
+const LICENSE_FILE_NAME = '.documenso-license.json';
+const LICENSE_BACKUP_FILE_NAME = '.documenso-license-backup.json';
+
+/**
+ * Get the path to the license file.
+ *
+ * The server reads from process.cwd() which is apps/remix when the dev server runs.
+ * Tests run from packages/app-tests, so we need to go up to the root then into apps/remix.
+ */
+const getLicenseFilePath = () => {
+  // From packages/app-tests/e2e/license -> ../../../../apps/remix/.documenso-license.json
+  return path.join(__dirname, '../../../../apps/remix', LICENSE_FILE_NAME);
+};
+
+/**
+ * Get the path to the backup license file.
+ */
+const getBackupLicenseFilePath = () => {
+  return path.join(__dirname, '../../../../apps/remix', LICENSE_BACKUP_FILE_NAME);
+};
+
+/**
+ * Backup the existing license file if it exists.
+ */
+const backupLicenseFile = async () => {
+  const licensePath = getLicenseFilePath();
+  const backupPath = getBackupLicenseFilePath();
+
+  try {
+    await fs.access(licensePath);
+    await fs.rename(licensePath, backupPath);
+  } catch (e) {
+    // File doesn't exist, nothing to backup
+    console.log(e);
+  }
+};
+
+/**
+ * Restore the backup license file if it exists.
+ */
+const restoreLicenseFile = async () => {
+  const licensePath = getLicenseFilePath();
+  const backupPath = getBackupLicenseFilePath();
+
+  try {
+    await fs.access(backupPath);
+    await fs.rename(backupPath, licensePath);
+  } catch (e) {
+    // Backup doesn't exist, nothing to restore
+    console.log(e);
+  }
+};
+
+/**
+ * Write a license file with the given data.
+ * Pass null to delete the license file.
+ */
+const writeLicenseFile = async (data: TCachedLicense | null) => {
+  const licensePath = getLicenseFilePath();
+
+  if (data === null) {
+    await fs.unlink(licensePath).catch(() => {
+      // File doesn't exist, ignore
+    });
+  } else {
+    await fs.writeFile(licensePath, JSON.stringify(data, null, 2), 'utf-8');
+  }
+};
+
+/**
+ * Create a mock license object with the given status and unauthorized flag.
+ */
+const createMockLicense = (
+  status: 'ACTIVE' | 'EXPIRED' | 'PAST_DUE',
+  unauthorizedFlagUsage: boolean,
+): TCachedLicense => {
+  return {
+    lastChecked: new Date().toISOString(),
+    license: {
+      status,
+      createdAt: new Date(),
+      name: 'Test License',
+      periodEnd: new Date(Date.now() + 30 * 24 * 60 * 60 * 1000), // 30 days from now
+      cancelAtPeriodEnd: false,
+      licenseKey: 'test-license-key',
+      flags: {},
+    },
+    requestedLicenseKey: 'test-license-key',
+    derivedStatus: unauthorizedFlagUsage ? 'UNAUTHORIZED' : status,
+    unauthorizedFlagUsage,
+  };
+};
+
+/**
+ * Create a mock license object with no license data (only unauthorized flag).
+ */
+const createMockUnauthorizedWithoutLicense = (): TCachedLicense => {
+  return {
+    lastChecked: new Date().toISOString(),
+    license: null,
+    unauthorizedFlagUsage: true,
+    derivedStatus: 'UNAUTHORIZED',
+  };
+};
+
+// Run tests serially to avoid race conditions with the license file
+test.describe.configure({ mode: 'serial' });
+
+// SKIPPING TEST UNTIL WE ADD A WAY TO OVERRIDE THE LICENSE FILE.
+test.describe.skip('License Status Banner', () => {
+  test.beforeAll(async () => {
+    // Backup any existing license file before running tests
+    await backupLicenseFile();
+  });
+
+  test.afterAll(async () => {
+    // Restore the backup license file after all tests complete
+    await restoreLicenseFile();
+  });
+
+  test.beforeEach(async () => {
+    // Clean up license file before each test to ensure clean state
+    await writeLicenseFile(null);
+  });
+
+  test.afterEach(async () => {
+    // Clean up license file after each test
+    await writeLicenseFile(null);
+  });
+
+  test('[ADMIN]: no banner when license file is missing', async ({ page }) => {
+    // Ensure no license file exists BEFORE any page loads
+    await writeLicenseFile(null);
+
+    const { user: adminUser } = await seedUser({
+      isAdmin: true,
+    });
+
+    // Navigate to admin page - license is read during page load
+    await apiSignin({
+      page,
+      email: adminUser.email,
+      redirectPath: '/admin',
+    });
+
+    // Verify we're on the admin page
+    await expect(page.getByRole('heading', { name: 'Admin Panel' })).toBeVisible();
+
+    // Global banner should not be visible (no license file)
+    await expect(
+      page.getByText('This is an expired license instance of Documenso'),
+    ).not.toBeVisible();
+
+    // Admin banner messages should not be visible (no license file means no banner)
+    await expect(page.getByText('License payment overdue')).not.toBeVisible();
+    await expect(page.getByText('License expired')).not.toBeVisible();
+    await expect(page.getByText('Invalid License Type')).not.toBeVisible();
+    await expect(page.getByText('Missing License')).not.toBeVisible();
+  });
+
+  test('[ADMIN]: no banner when license is ACTIVE', async ({ page }) => {
+    // Create an ACTIVE license BEFORE any page loads
+    await writeLicenseFile(createMockLicense('ACTIVE', false));
+
+    const { user: adminUser } = await seedUser({
+      isAdmin: true,
+    });
+
+    // Navigate to admin page - license is read during page load
+    await apiSignin({
+      page,
+      email: adminUser.email,
+      redirectPath: '/admin',
+    });
+
+    // Verify we're on the admin page
+    await expect(page.getByRole('heading', { name: 'Admin Panel' })).toBeVisible();
+
+    // Global banner should not be visible (license is ACTIVE)
+    await expect(
+      page.getByText('This is an expired license instance of Documenso'),
+    ).not.toBeVisible();
+
+    // Admin banner messages should not be visible (license is ACTIVE)
+    await expect(page.getByText('License payment overdue')).not.toBeVisible();
+    await expect(page.getByText('License expired')).not.toBeVisible();
+    await expect(page.getByText('Invalid License Type')).not.toBeVisible();
+  });
+
+  test('[ADMIN]: admin banner shows PAST_DUE warning', async ({ page }) => {
+    // Create a PAST_DUE license BEFORE any page loads
+    await writeLicenseFile(createMockLicense('PAST_DUE', false));
+
+    const { user: adminUser } = await seedUser({
+      isAdmin: true,
+    });
+
+    // Navigate to admin page - license is read during page load
+    await apiSignin({
+      page,
+      email: adminUser.email,
+      redirectPath: '/admin',
+    });
+
+    // Verify we're on the admin page
+    await expect(page.getByRole('heading', { name: 'Admin Panel' })).toBeVisible();
+
+    // Global banner should NOT be visible (only shows for EXPIRED + unauthorized)
+    await expect(
+      page.getByText('This is an expired license instance of Documenso'),
+    ).not.toBeVisible();
+
+    // Admin banner should show PAST_DUE message
+    await expect(page.getByText('License payment overdue')).toBeVisible();
+    await expect(
+      page.getByText('Please update your payment to avoid service disruptions.'),
+    ).toBeVisible();
+
+    // Should have the "See Documentation" link
+    await expect(page.getByRole('link', { name: 'See Documentation' })).toBeVisible();
+  });
+
+  test('[ADMIN]: admin banner shows EXPIRED error', async ({ page }) => {
+    // Create an EXPIRED license WITHOUT unauthorized usage BEFORE any page loads
+    await writeLicenseFile(createMockLicense('EXPIRED', false));
+
+    const { user: adminUser } = await seedUser({
+      isAdmin: true,
+    });
+
+    // Navigate to admin page - license is read during page load
+    await apiSignin({
+      page,
+      email: adminUser.email,
+      redirectPath: '/admin',
+    });
+
+    // Verify we're on the admin page
+    await expect(page.getByRole('heading', { name: 'Admin Panel' })).toBeVisible();
+
+    // Global banner should NOT be visible (requires BOTH expired AND unauthorized)
+    await expect(
+      page.getByText('This is an expired license instance of Documenso'),
+    ).not.toBeVisible();
+
+    // Admin banner should show EXPIRED message
+    await expect(page.getByText('License expired')).toBeVisible();
+    await expect(
+      page.getByText('Please renew your license to continue using enterprise features.'),
+    ).toBeVisible();
+
+    // Should have the "See Documentation" link
+    await expect(page.getByRole('link', { name: 'See Documentation' })).toBeVisible();
+  });
+
+  test.skip('[ADMIN]: global banner shows when EXPIRED with unauthorized usage', async ({
+    page,
+  }) => {
+    // Create an EXPIRED license WITH unauthorized usage BEFORE any page loads
+    await writeLicenseFile(createMockLicense('EXPIRED', true));
+
+    const { user: adminUser } = await seedUser({
+      isAdmin: true,
+    });
+
+    // Navigate to admin page - license is read during page load
+    await apiSignin({
+      page,
+      email: adminUser.email,
+      redirectPath: '/admin',
+    });
+
+    // Verify we're on the admin page
+    await expect(page.getByRole('heading', { name: 'Admin Panel' })).toBeVisible();
+
+    // Global banner SHOULD be visible (EXPIRED + unauthorized)
+    await expect(page.getByText('This is an expired license instance of Documenso')).toBeVisible();
+
+    // Admin banner should show UNAUTHORIZED message (takes precedence over EXPIRED)
+    await expect(page.getByText('Invalid License Type')).toBeVisible();
+    await expect(
+      page.getByText(
+        'Your Documenso instance is using features that are not part of your license.',
+      ),
+    ).toBeVisible();
+  });
+
+  test('[ADMIN]: admin banner shows UNAUTHORIZED when flags are misused with license', async ({
+    page,
+  }) => {
+    // Create an ACTIVE license but WITH unauthorized flag usage BEFORE any page loads
+    await writeLicenseFile(createMockLicense('ACTIVE', true));
+
+    const { user: adminUser } = await seedUser({
+      isAdmin: true,
+    });
+
+    // Navigate to admin page - license is read during page load
+    await apiSignin({
+      page,
+      email: adminUser.email,
+      redirectPath: '/admin',
+    });
+
+    // Verify we're on the admin page
+    await expect(page.getByRole('heading', { name: 'Admin Panel' })).toBeVisible();
+
+    // Global banner should NOT be visible (requires EXPIRED status)
+    await expect(
+      page.getByText('This is an expired license instance of Documenso'),
+    ).not.toBeVisible();
+
+    // Admin banner should show UNAUTHORIZED message
+    await expect(page.getByText('Invalid License Type')).toBeVisible();
+    await expect(
+      page.getByText(
+        'Your Documenso instance is using features that are not part of your license.',
+      ),
+    ).toBeVisible();
+
+    // Should have the "See Documentation" link
+    await expect(page.getByRole('link', { name: 'See Documentation' })).toBeVisible();
+  });
+
+  test('[ADMIN]: admin banner shows Invalid License Type when unauthorized without license data', async ({
+    page,
+  }) => {
+    // Create a license file with unauthorized flag but no license data BEFORE any page loads
+    // Note: Even without license data, the banner shows "Invalid License Type" because the
+    // license file exists (just with license: null). The "Missing License" message would only
+    // show if the entire license prop was null, which doesn't happen with a valid file.
+    await writeLicenseFile(createMockUnauthorizedWithoutLicense());
+
+    const { user: adminUser } = await seedUser({
+      isAdmin: true,
+    });
+
+    // Navigate to admin page - license is read during page load
+    await apiSignin({
+      page,
+      email: adminUser.email,
+      redirectPath: '/admin',
+    });
+
+    // Verify we're on the admin page
+    await expect(page.getByRole('heading', { name: 'Admin Panel' })).toBeVisible();
+
+    // Global banner should NOT be visible (no EXPIRED status, only unauthorized flag)
+    await expect(
+      page.getByText('This is an expired license instance of Documenso'),
+    ).not.toBeVisible();
+
+    // Admin banner should show Invalid License Type message (unauthorized flag is set)
+    await expect(page.getByText('Invalid License Type')).toBeVisible();
+    await expect(
+      page.getByText(
+        'Your Documenso instance is using features that are not part of your license.',
+      ),
+    ).toBeVisible();
+
+    // Should have the "See Documentation" link
+    await expect(page.getByRole('link', { name: 'See Documentation' })).toBeVisible();
+  });
+
+  test.skip('[ADMIN]: global banner visible on non-admin pages when EXPIRED with unauthorized', async ({
+    page,
+  }) => {
+    // Create an EXPIRED license WITH unauthorized usage BEFORE any page loads
+    await writeLicenseFile(createMockLicense('EXPIRED', true));
+
+    const { user } = await seedUser();
+
+    // Navigate to documents page - license is read during page load
+    await apiSignin({
+      page,
+      email: user.email,
+      redirectPath: '/documents',
+    });
+
+    // Global banner SHOULD be visible on any authenticated page (EXPIRED + unauthorized)
+    await expect(page.getByText('This is an expired license instance of Documenso')).toBeVisible();
+  });
+});

packages/app-tests/e2e/templates/bulk-template-actions.spec.ts

@@ -0,0 +1,256 @@
+import { expect, test } from '@playwright/test';
+
+import { FolderType } from '@documenso/prisma/client';
+import { seedBlankFolder } from '@documenso/prisma/seed/folders';
+import { seedBlankTemplate } from '@documenso/prisma/seed/templates';
+import { seedUser } from '@documenso/prisma/seed/users';
+
+import { apiSignin } from '../fixtures/authentication';
+import { expectToastTextToBeVisible } from '../fixtures/generic';
+
+test.describe.configure({ mode: 'parallel' });
+
+const seedBulkActionsTestRequirements = async () => {
+  const sender = await seedUser({ setTeamEmailAsOwner: true });
+
+  const [template1, template2, template3] = await Promise.all([
+    seedBlankTemplate(sender.user, sender.team.id, {
+      createTemplateOptions: { title: 'Bulk Test Template 1' },
+    }),
+    seedBlankTemplate(sender.user, sender.team.id, {
+      createTemplateOptions: { title: 'Bulk Test Template 2' },
+    }),
+    seedBlankTemplate(sender.user, sender.team.id, {
+      createTemplateOptions: { title: 'Bulk Test Template 3' },
+    }),
+  ]);
+
+  const folder = await seedBlankFolder(sender.user, sender.team.id, {
+    createFolderOptions: {
+      name: 'Target Template Folder',
+      teamId: sender.team.id,
+      type: FolderType.TEMPLATE,
+    },
+  });
+
+  return {
+    sender,
+    templates: [template1, template2, template3],
+    folder,
+  };
+};
+
+test('[BULK_ACTIONS]: can select multiple templates with checkboxes', async ({ page }) => {
+  const { sender } = await seedBulkActionsTestRequirements();
+
+  await apiSignin({
+    page,
+    email: sender.user.email,
+    redirectPath: `/t/${sender.team.url}/templates`,
+  });
+
+  await page.locator('tr', { hasText: 'Bulk Test Template 1' }).getByRole('checkbox').click();
+  await expect(page.getByText('1 selected')).toBeVisible();
+
+  await page.locator('tr', { hasText: 'Bulk Test Template 2' }).getByRole('checkbox').click();
+  await expect(page.getByText('2 selected')).toBeVisible();
+});
+
+test('[BULK_ACTIONS]: header checkbox selects all templates on page', async ({ page }) => {
+  const { sender, templates } = await seedBulkActionsTestRequirements();
+
+  await apiSignin({
+    page,
+    email: sender.user.email,
+    redirectPath: `/t/${sender.team.url}/templates`,
+  });
+
+  await page.locator('thead').getByRole('checkbox').click();
+
+  await expect(page.getByText(`${templates.length} selected`)).toBeVisible();
+});
+
+test('[BULK_ACTIONS]: can clear selection with X button', async ({ page }) => {
+  const { sender } = await seedBulkActionsTestRequirements();
+
+  await apiSignin({
+    page,
+    email: sender.user.email,
+    redirectPath: `/t/${sender.team.url}/templates`,
+  });
+
+  await page.locator('thead').getByRole('checkbox').click();
+  await expect(page.getByText(/\d+ selected/)).toBeVisible();
+
+  await page.getByLabel('Clear selection').click();
+
+  await expect(page.getByText(/\d+ selected/)).not.toBeVisible();
+});
+
+test('[BULK_ACTIONS]: can move multiple templates to a folder', async ({ page }) => {
+  const { sender, folder } = await seedBulkActionsTestRequirements();
+
+  await apiSignin({
+    page,
+    email: sender.user.email,
+    redirectPath: `/t/${sender.team.url}/templates`,
+  });
+
+  await page.locator('tr', { hasText: 'Bulk Test Template 1' }).getByRole('checkbox').click();
+  await page.locator('tr', { hasText: 'Bulk Test Template 2' }).getByRole('checkbox').click();
+  await page.getByRole('button', { name: 'Move to Folder' }).click();
+
+  await expect(page.getByRole('dialog')).toBeVisible();
+  await expect(page.getByText('Move Templates to Folder')).toBeVisible();
+
+  await page.getByRole('button', { name: folder.name }).click();
+  await page.getByRole('button', { name: 'Move' }).click();
+
+  await expectToastTextToBeVisible(page, 'Selected items have been moved.');
+
+  await page.goto(`/t/${sender.team.url}/templates/f/${folder.id}`);
+  await expect(page.getByRole('link', { name: 'Bulk Test Template 1' })).toBeVisible();
+  await expect(page.getByRole('link', { name: 'Bulk Test Template 2' })).toBeVisible();
+});
+
+test('[BULK_ACTIONS]: can delete multiple templates', async ({ page }) => {
+  const { sender } = await seedBulkActionsTestRequirements();
+
+  await apiSignin({
+    page,
+    email: sender.user.email,
+    redirectPath: `/t/${sender.team.url}/templates`,
+  });
+
+  await page.locator('tr', { hasText: 'Bulk Test Template 1' }).getByRole('checkbox').click();
+  await page.locator('tr', { hasText: 'Bulk Test Template 2' }).getByRole('checkbox').click();
+
+  await page.getByRole('button', { name: 'Delete' }).click();
+
+  await expect(page.getByRole('dialog')).toBeVisible();
+  await expect(page.getByText('Delete Templates')).toBeVisible();
+  await expect(page.getByText('You are about to delete 2 templates')).toBeVisible();
+  await expect(page.getByText('irreversible')).toBeVisible();
+
+  await page.getByRole('dialog').getByRole('button', { name: 'Delete' }).click();
+
+  await expectToastTextToBeVisible(page, 'Templates deleted');
+
+  await expect(page.getByRole('link', { name: 'Bulk Test Template 1' })).not.toBeVisible();
+  await expect(page.getByRole('link', { name: 'Bulk Test Template 2' })).not.toBeVisible();
+
+  await expect(page.getByRole('link', { name: 'Bulk Test Template 3' })).toBeVisible();
+});
+
+test('[BULK_ACTIONS]: selection clears after successful move', async ({ page }) => {
+  const { sender, folder } = await seedBulkActionsTestRequirements();
+
+  await apiSignin({
+    page,
+    email: sender.user.email,
+    redirectPath: `/t/${sender.team.url}/templates`,
+  });
+
+  await page.locator('tr', { hasText: 'Bulk Test Template 1' }).getByRole('checkbox').click();
+  await expect(page.getByText('1 selected')).toBeVisible();
+
+  await page.getByRole('button', { name: 'Move to Folder' }).click();
+  await page.getByRole('button', { name: folder.name }).click();
+  await page.getByRole('button', { name: 'Move' }).click();
+
+  await expectToastTextToBeVisible(page, 'Selected items have been moved.');
+  await expect(page.getByText(/\d+ selected/)).not.toBeVisible();
+});
+
+test('[BULK_ACTIONS]: selection clears after successful delete', async ({ page }) => {
+  const { sender } = await seedBulkActionsTestRequirements();
+
+  await apiSignin({
+    page,
+    email: sender.user.email,
+    redirectPath: `/t/${sender.team.url}/templates`,
+  });
+
+  await page.locator('tr', { hasText: 'Bulk Test Template 1' }).getByRole('checkbox').click();
+  await expect(page.getByText('1 selected')).toBeVisible();
+
+  await page.getByRole('button', { name: 'Delete' }).click();
+  await page.getByRole('dialog').getByRole('button', { name: 'Delete' }).click();
+
+  await expectToastTextToBeVisible(page, 'Templates deleted');
+  await expect(page.getByText(/\d+ selected/)).not.toBeVisible();
+});
+
+test('[BULK_ACTIONS]: can search for folders in move dialog', async ({ page }) => {
+  const { sender, folder } = await seedBulkActionsTestRequirements();
+
+  const otherFolder = await seedBlankFolder(sender.user, sender.team.id, {
+    createFolderOptions: {
+      name: 'Other Template Folder',
+      teamId: sender.team.id,
+      type: FolderType.TEMPLATE,
+    },
+  });
+
+  await apiSignin({
+    page,
+    email: sender.user.email,
+    redirectPath: `/t/${sender.team.url}/templates`,
+  });
+
+  await page.locator('tr', { hasText: 'Bulk Test Template 1' }).getByRole('checkbox').click();
+
+  await page.getByRole('button', { name: 'Move to Folder' }).click();
+  await expect(page.getByRole('dialog')).toBeVisible();
+
+  await expect(page.getByRole('button', { name: folder.name })).toBeVisible();
+  await expect(page.getByRole('button', { name: otherFolder.name })).toBeVisible();
+
+  await page.getByPlaceholder('Search folders...').fill('Target');
+  await expect(page.getByRole('button', { name: folder.name })).toBeVisible();
+  await expect(page.getByRole('button', { name: otherFolder.name })).not.toBeVisible();
+
+  await page.getByPlaceholder('Search folders...').fill('Other');
+  await expect(page.getByRole('button', { name: folder.name })).not.toBeVisible();
+  await expect(page.getByRole('button', { name: otherFolder.name })).toBeVisible();
+
+  await page.getByPlaceholder('Search folders...').fill('NonExistent');
+  await expect(page.getByText('No folders found')).toBeVisible();
+});
+
+test('[BULK_ACTIONS]: can move templates from folder to home (root)', async ({ page }) => {
+  const { sender, templates, folder } = await seedBulkActionsTestRequirements();
+
+  const { prisma } = await import('@documenso/prisma');
+
+  await prisma.envelope.updateMany({
+    where: { id: templates[0].id },
+    data: { folderId: folder.id },
+  });
+
+  await apiSignin({
+    page,
+    email: sender.user.email,
+    redirectPath: `/t/${sender.team.url}/templates/f/${folder.id}`,
+  });
+
+  await expect(page.getByRole('link', { name: 'Bulk Test Template 1' })).toBeVisible();
+
+  await page.locator('tr', { hasText: 'Bulk Test Template 1' }).getByRole('checkbox').click();
+  await expect(page.getByText('1 selected')).toBeVisible();
+
+  await page.getByRole('button', { name: 'Move to Folder' }).click();
+  await expect(page.getByRole('dialog')).toBeVisible();
+
+  await page.getByRole('button', { name: 'Home (No Folder)' }).click();
+
+  await page.getByRole('button', { name: 'Move' }).click();
+
+  await expectToastTextToBeVisible(page, 'Selected items have been moved.');
+
+  await page.goto(`/t/${sender.team.url}/templates`);
+  await expect(page.getByRole('link', { name: 'Bulk Test Template 1' })).toBeVisible();
+
+  await page.goto(`/t/${sender.team.url}/templates/f/${folder.id}`);
+  await expect(page.getByRole('link', { name: 'Bulk Test Template 1' })).not.toBeVisible();
+});

packages/app-tests/e2e/user/auth-flow.spec.ts

@@ -23,7 +23,7 @@ test('[USER] can sign up with email and password', async ({ page }: { page: Page
 
   await signSignaturePad(page);
 
-  await page.getByRole('button', { name: 'Complete', exact: true }).click();
+  await page.getByRole('button', { name: 'Create account', exact: true }).click();
 
   await page.waitForURL('/unverified-account');
 

packages/app-tests/playwright.config.ts

@@ -83,10 +83,21 @@ export default defineConfig({
       testMatch: /e2e\/api\/.*\.spec\.ts/,
       workers: 10, // Limited by DB connections before it gets flakey.
     },
-    // Run UI Tests
+    // License tests that share a single license file - must run serially
+    {
+      name: 'license',
+      testMatch: /e2e\/license\/.*\.spec\.ts/,
+      use: {
+        ...devices['Desktop Chrome'],
+        viewport: { width: 1920, height: 1200 },
+      },
+      workers: 1, // Must run serially since they share a license file
+    },
+    // Run UI Tests (excluding license tests which have their own project)
     {
       name: 'ui',
       testMatch: /e2e\/(?!api\/).*\.spec\.ts/,
+      testIgnore: /e2e\/license\/.*\.spec\.ts/,
       use: {
         ...devices['Desktop Chrome'],
         viewport: { width: 1920, height: 1200 },

packages/auth/server/lib/utils/handle-oauth-authorize-url.ts

@@ -30,11 +30,17 @@ type HandleOAuthAuthorizeUrlOptions = {
   prompt?: 'none' | 'login' | 'consent' | 'select_account';
 };
 
+const isOidcPrompt = (value: unknown): value is HandleOAuthAuthorizeUrlOptions['prompt'] => {
+  return value === 'none' || value === 'login' || value === 'consent' || value === 'select_account';
+};
+
 const oauthCookieMaxAge = 60 * 10; // 10 minutes.
 
 export const handleOAuthAuthorizeUrl = async (options: HandleOAuthAuthorizeUrlOptions) => {
   const { c, clientOptions, redirectPath } = options;
 
+  let prompt = options.prompt ?? 'login';
+
   if (!clientOptions.clientId || !clientOptions.clientSecret) {
     throw new AppError(AppErrorCode.NOT_SETUP);
   }
@@ -63,12 +69,12 @@ export const handleOAuthAuthorizeUrl = async (options: HandleOAuthAuthorizeUrlOp
   );
 
   // Pass the prompt to the authorization endpoint.
-  if (process.env.NEXT_PRIVATE_OIDC_PROMPT !== '') {
-    const prompt = process.env.NEXT_PRIVATE_OIDC_PROMPT ?? 'login';
-
-    url.searchParams.append('prompt', prompt);
+  if (process.env.NEXT_PRIVATE_OIDC_PROMPT && isOidcPrompt(process.env.NEXT_PRIVATE_OIDC_PROMPT)) {
+    prompt = process.env.NEXT_PRIVATE_OIDC_PROMPT;
   }
 
+  url.searchParams.set('prompt', prompt);
+
   setCookie(c, `${clientOptions.id}_oauth_state`, state, {
     ...sessionCookieOptions,
     sameSite: 'lax',

packages/ee/FEATURES

@@ -2,6 +2,7 @@ This file lists all features currently licensed under the Documenso Enterprise E
 Copyright (c) 2023 Documenso, Inc
 
 - The Stripe Billing Module
+- Organisation Authentication Portal
 - Document Action Reauthentication (Passkeys and 2FA)
 - 21 CFR
 - Email domains

packages/ee/server-only/limits/server.ts

@@ -70,7 +70,7 @@ export const getServerLimits = async ({
   }
 
   // Early return for users with an expired subscription.
-  if (subscription && subscription.status !== SubscriptionStatus.ACTIVE) {
+  if (subscription && subscription.status === SubscriptionStatus.INACTIVE) {
     return {
       quota: INACTIVE_PLAN_LIMITS,
       remaining: INACTIVE_PLAN_LIMITS,

packages/lib/client-only/hooks/use-session-storage.ts

@@ -0,0 +1,69 @@
+import * as React from 'react';
+import type { Dispatch, SetStateAction } from 'react';
+
+function dispatchStorageEvent(key: string, newValue: string | null) {
+  window.dispatchEvent(new StorageEvent('storage', { key, newValue }));
+}
+
+const setSessionStorageItem = <T>(key: string, value: T) => {
+  const stringifiedValue = JSON.stringify(value);
+  window.sessionStorage.setItem(key, stringifiedValue);
+  dispatchStorageEvent(key, stringifiedValue);
+};
+
+const removeSessionStorageItem = (key: string) => {
+  window.sessionStorage.removeItem(key);
+  dispatchStorageEvent(key, null);
+};
+
+const getSessionStorageItem = (key: string) => {
+  return window.sessionStorage.getItem(key);
+};
+
+const useSessionStorageSubscribe = (callback: (event: StorageEvent) => void) => {
+  window.addEventListener('storage', callback);
+  return () => window.removeEventListener('storage', callback);
+};
+
+export function useSessionStorage<T>(
+  key: string,
+  initialValue: T,
+): [T, Dispatch<SetStateAction<T>>] {
+  const serializedInitialValue = JSON.stringify(initialValue);
+
+  const getSnapshot = () => getSessionStorageItem(key);
+  const getServerSnapshot = () => serializedInitialValue;
+
+  const store = React.useSyncExternalStore(
+    useSessionStorageSubscribe,
+    getSnapshot,
+    getServerSnapshot,
+  );
+
+  const setState: Dispatch<SetStateAction<T>> = React.useCallback(
+    (v) => {
+      try {
+        const prevValue = store ? JSON.parse(store) : initialValue;
+        // @ts-expect-error - SetStateAction function check is safe at runtime
+        const nextState = typeof v === 'function' ? v(prevValue) : v;
+
+        if (nextState === undefined || nextState === null) {
+          removeSessionStorageItem(key);
+        } else {
+          setSessionStorageItem(key, nextState);
+        }
+      } catch (e) {
+        console.warn(e);
+      }
+    },
+    [key, store, initialValue],
+  );
+
+  React.useEffect(() => {
+    if (getSessionStorageItem(key) === null && typeof initialValue !== 'undefined') {
+      setSessionStorageItem(key, initialValue);
+    }
+  }, [key, initialValue]);
+
+  return [store ? JSON.parse(store) : initialValue, setState];
+}

packages/lib/jobs/definitions/internal/seal-document.handler.ts

@@ -169,12 +169,28 @@ export const run = async ({
       });
     }
 
+    const envelopeCompletedAuditLog = createDocumentAuditLogData({
+      type: DOCUMENT_AUDIT_LOG_TYPE.DOCUMENT_COMPLETED,
+      envelopeId: envelope.id,
+      requestMetadata,
+      user: null,
+      data: {
+        transactionId: nanoid(),
+        ...(isRejected ? { isRejected: true, rejectionReason: rejectionReason } : {}),
+      },
+    });
+
+    const finalEnvelopeStatus = isRejected ? DocumentStatus.REJECTED : DocumentStatus.COMPLETED;
+
     let certificateDoc: PDF | null = null;
     let auditLogDoc: PDF | null = null;
 
     if (settings.includeSigningCertificate || settings.includeAuditLog) {
       const certificatePayload = {
-        envelope,
+        envelope: {
+          ...envelope,
+          status: finalEnvelopeStatus,
+        },
         recipients: envelope.recipients, // Need to use the recipients from envelope which contains ALL recipients.
         fields,
         language: envelope.documentMeta.language,
@@ -185,6 +201,7 @@ export const run = async ({
         envelopeItems: envelopeItems.map((item) => item.title),
         pageWidth: PDF_SIZE_A4_72PPI.width,
         pageHeight: PDF_SIZE_A4_72PPI.height,
+        envelopeCompletedAuditLog,
       };
 
       // Use Playwright-based PDF generation if enabled, otherwise use Konva-based generation.
@@ -263,22 +280,13 @@ export const run = async ({
           id: envelope.id,
         },
         data: {
-          status: isRejected ? DocumentStatus.REJECTED : DocumentStatus.COMPLETED,
+          status: finalEnvelopeStatus,
           completedAt: new Date(),
         },
       });
 
       await tx.documentAuditLog.create({
-        data: createDocumentAuditLogData({
-          type: DOCUMENT_AUDIT_LOG_TYPE.DOCUMENT_COMPLETED,
-          envelopeId: envelope.id,
-          requestMetadata,
-          user: null,
-          data: {
-            transactionId: nanoid(),
-            ...(isRejected ? { isRejected: true, rejectionReason: rejectionReason } : {}),
-          },
-        }),
+        data: envelopeCompletedAuditLog,
       });
     });
 
@@ -388,6 +396,10 @@ const decorateAndSignPdf = async ({
       }
     }
 
+    // Should never run into issues with this flatten since all
+    // arcoFields are created by pdf-lib itself.
+    legacy_pdfLibDoc.getForm().flatten();
+
     await pdfDoc.reload(await legacy_pdfLibDoc.save());
   }
 

packages/lib/server-only/envelope/create-envelope.ts

@@ -10,6 +10,9 @@ import {
 } from '@prisma/client';
 
 import { AppError, AppErrorCode } from '@documenso/lib/errors/app-error';
+import type { PlaceholderInfo } from '@documenso/lib/server-only/pdf/auto-place-fields';
+import { convertPlaceholdersToFieldInputs } from '@documenso/lib/server-only/pdf/auto-place-fields';
+import { findRecipientByPlaceholder } from '@documenso/lib/server-only/pdf/helpers';
 import { normalizePdf as makeNormalizedPdf } from '@documenso/lib/server-only/pdf/normalize-pdf';
 import { ZDefaultRecipientsSchema } from '@documenso/lib/types/default-recipients';
 import { DOCUMENT_AUDIT_LOG_TYPE } from '@documenso/lib/types/document-audit-logs';
@@ -68,7 +71,12 @@ export type CreateEnvelopeOptions = {
     type: EnvelopeType;
     title: string;
     externalId?: string;
-    envelopeItems: { title?: string; documentDataId: string; order?: number }[];
+    envelopeItems: {
+      title?: string;
+      documentDataId: string;
+      order?: number;
+      placeholders?: PlaceholderInfo[];
+    }[];
     formValues?: TDocumentFormValues;
 
     userTimezone?: string;
@@ -164,8 +172,7 @@ export const createEnvelope = async ({
     });
   }
 
-  let envelopeItems: { title?: string; documentDataId: string; order?: number }[] =
-    data.envelopeItems;
+  let envelopeItems = data.envelopeItems;
 
   // Todo: Envelopes - Remove
   if (normalizePdf) {
@@ -298,7 +305,7 @@ export const createEnvelope = async ({
   const delegatedOwner = await getValidatedDelegatedOwner();
   const envelopeOwnerId = delegatedOwner?.id ?? userId;
 
-  return await prisma.$transaction(async (tx) => {
+  const createdEnvelope = await prisma.$transaction(async (tx) => {
     const envelope = await tx.envelope.create({
       data: {
         id: prefixedId('envelope'),
@@ -423,6 +430,124 @@ export const createEnvelope = async ({
       }),
     );
 
+    // Create fields from PDF placeholders (extracted at upload time).
+    const itemsWithPlaceholders = envelopeItems.filter(
+      (item) => item.placeholders && item.placeholders.length > 0,
+    );
+
+    if (itemsWithPlaceholders.length > 0) {
+      // Collect all unique recipient placeholder references (e.g. "r1", "r2").
+      const allPlaceholders = itemsWithPlaceholders.flatMap((item) => item.placeholders ?? []);
+      const uniqueRecipientRefs = new Map<number, string>();
+
+      for (const p of allPlaceholders) {
+        const match = p.recipient.match(/^r(\d+)$/i);
+
+        if (match) {
+          const index = Number(match[1]);
+
+          if (!uniqueRecipientRefs.has(index)) {
+            uniqueRecipientRefs.set(index, `Recipient ${index}`);
+          }
+        }
+      }
+
+      // Fetch existing recipients (may have been created above from data.recipients or defaults).
+      let availableRecipients = await tx.recipient.findMany({
+        where: { envelopeId: envelope.id },
+        select: { id: true, email: true },
+      });
+
+      const shouldCreatePlaceholderRecipients =
+        (!data.recipients || data.recipients.length === 0) && uniqueRecipientRefs.size > 0;
+
+      // If recipients were not provided, create placeholder recipients even when defaults exist.
+      if (shouldCreatePlaceholderRecipients) {
+        const existingRecipientEmails = new Set(
+          availableRecipients.map((recipient) => recipient.email.toLowerCase()),
+        );
+
+        const placeholderRecipients = Array.from(
+          uniqueRecipientRefs.entries(),
+          ([recipientIndex, name]) => ({
+            envelopeId: envelope.id,
+            email: `recipient.${recipientIndex}@documenso.com`,
+            name,
+            role: RecipientRole.SIGNER,
+            signingOrder: recipientIndex,
+            token: nanoid(),
+            sendStatus: SendStatus.NOT_SENT,
+            signingStatus: SigningStatus.NOT_SIGNED,
+          }),
+        ).filter((recipient) => !existingRecipientEmails.has(recipient.email.toLowerCase()));
+
+        if (placeholderRecipients.length > 0) {
+          await tx.recipient.createMany({
+            data: placeholderRecipients,
+          });
+
+          // eslint-disable-next-line require-atomic-updates
+          availableRecipients = await tx.recipient.findMany({
+            where: { envelopeId: envelope.id },
+            select: { id: true, email: true },
+          });
+        }
+      }
+
+      for (const item of itemsWithPlaceholders) {
+        const envelopeItem = envelope.envelopeItems.find(
+          (ei) => ei.documentDataId === item.documentDataId,
+        );
+
+        if (!envelopeItem) {
+          continue;
+        }
+
+        const fieldsToCreate = convertPlaceholdersToFieldInputs(
+          item.placeholders ?? [],
+          (recipientPlaceholder, placeholder) =>
+            findRecipientByPlaceholder(
+              recipientPlaceholder,
+              placeholder,
+              data.recipients && data.recipients.length > 0
+                ? data.recipients.map((r) => {
+                    const found = availableRecipients.find((cr) => cr.email === r.email);
+
+                    if (!found) {
+                      throw new AppError(AppErrorCode.NOT_FOUND, {
+                        message: `Recipient not found for email: ${r.email}`,
+                      });
+                    }
+
+                    return found;
+                  })
+                : undefined,
+              availableRecipients,
+            ),
+          envelopeItem.id,
+        );
+
+        if (fieldsToCreate.length > 0) {
+          await tx.field.createMany({
+            data: fieldsToCreate.map((field) => ({
+              envelopeId: envelope.id,
+              envelopeItemId: envelopeItem.id,
+              recipientId: field.recipientId,
+              type: field.type,
+              page: field.page,
+              positionX: field.positionX,
+              positionY: field.positionY,
+              width: field.width,
+              height: field.height,
+              customText: '',
+              inserted: false,
+              fieldMeta: field.fieldMeta || undefined,
+            })),
+          });
+        }
+      }
+    }
+
     const createdEnvelope = await tx.envelope.findFirst({
       where: {
         id: envelope.id,
@@ -432,8 +557,12 @@ export const createEnvelope = async ({
         recipients: true,
         fields: true,
         folder: true,
-        envelopeItems: true,
         envelopeAttachments: true,
+        envelopeItems: {
+          include: {
+            documentData: true,
+          },
+        },
       },
     });
 
@@ -491,4 +620,6 @@ export const createEnvelope = async ({
 
     return createdEnvelope;
   });
+
+  return createdEnvelope;
 };

packages/lib/server-only/field/create-envelope-fields.ts

@@ -1,8 +1,11 @@
+import { PDF } from '@libpdf/core';
 import { EnvelopeType } from '@prisma/client';
 
 import { DOCUMENT_AUDIT_LOG_TYPE } from '@documenso/lib/types/document-audit-logs';
 import type { TFieldAndMeta } from '@documenso/lib/types/field-meta';
 import type { ApiRequestMetadata } from '@documenso/lib/universal/extract-request-metadata';
+import { getFileServerSide } from '@documenso/lib/universal/upload/get-file.server';
+import { putPdfFileServerSide } from '@documenso/lib/universal/upload/put-file.server';
 import { createDocumentAuditLogData } from '@documenso/lib/utils/document-audit-logs';
 import { prisma } from '@documenso/prisma';
 
@@ -11,30 +14,53 @@ import type { EnvelopeIdOptions } from '../../utils/envelope';
 import { mapFieldToLegacyField } from '../../utils/fields';
 import { canRecipientFieldsBeModified } from '../../utils/recipients';
 import { getEnvelopeWhereInput } from '../envelope/get-envelope-by-id';
+import { type BoundingBox, whiteoutRegions } from '../pdf/auto-place-fields';
+
+type CoordinatePosition = {
+  page: number;
+  positionX: number;
+  positionY: number;
+  width: number;
+  height: number;
+};
+
+type PlaceholderPosition = {
+  placeholder: string;
+  width?: number;
+  height?: number;
+  /**
+   * When true, creates a field at every occurrence of the placeholder in the PDF.
+   * When false or omitted, only the first occurrence is used.
+   */
+  matchAll?: boolean;
+};
+
+type FieldPosition = CoordinatePosition | PlaceholderPosition;
+
+export type CreateEnvelopeFieldInput = TFieldAndMeta & {
+  /**
+   * The ID of the item to insert the fields into.
+   *
+   * If blank, the first item will be used.
+   */
+  envelopeItemId?: string;
+
+  recipientId: number;
+} & FieldPosition;
 
 export interface CreateEnvelopeFieldsOptions {
   userId: number;
   teamId: number;
   id: EnvelopeIdOptions;
 
-  fields: (TFieldAndMeta & {
-    /**
-     * The ID of the item to insert the fields into.
-     *
-     * If blank, the first item will be used.
-     */
-    envelopeItemId?: string;
-
-    recipientId: number;
-    page: number;
-    positionX: number;
-    positionY: number;
-    width: number;
-    height: number;
-  })[];
+  fields: CreateEnvelopeFieldInput[];
   requestMetadata: ApiRequestMetadata;
 }
 
+const isPlaceholderPosition = (position: FieldPosition): position is PlaceholderPosition => {
+  return 'placeholder' in position;
+};
+
 export const createEnvelopeFields = async ({
   userId,
   teamId,
@@ -55,8 +81,8 @@ export const createEnvelopeFields = async ({
       recipients: true,
       fields: true,
       envelopeItems: {
-        select: {
-          id: true,
+        include: {
+          documentData: true,
         },
       },
     },
@@ -82,8 +108,33 @@ export const createEnvelopeFields = async ({
     });
   }
 
-  // Field validation.
-  const validatedFields = fields.map((field) => {
+  const hasPlaceholderFields = fields.some((field) => isPlaceholderPosition(field));
+
+  /*
+    Cache of loaded PDF documents keyed by envelope item ID.
+    Only loaded when at least one field uses placeholder positioning.
+    We keep the full PDF objects so we can both read text and draw white boxes
+    over resolved placeholders before saving back.
+  */
+  const pdfCache = new Map<string, PDF>();
+
+  if (hasPlaceholderFields) {
+    for (const item of envelope.envelopeItems) {
+      const bytes = await getFileServerSide(item.documentData);
+      const pdfDoc = await PDF.load(new Uint8Array(bytes));
+
+      pdfCache.set(item.id, pdfDoc);
+    }
+  }
+
+  /*
+    Collect placeholder bounding boxes that need to be whited out, grouped by
+    envelope item ID. Populated during field resolution below.
+  */
+  const placeholderWhiteouts = new Map<string, Array<{ pageIndex: number; bbox: BoundingBox }>>();
+
+  // Field validation and placeholder resolution.
+  const validatedFields = fields.flatMap((field) => {
     const recipient = envelope.recipients.find((recipient) => recipient.id === field.recipientId);
 
     // The item to attach the fields to MUST belong to the document.
@@ -111,10 +162,84 @@ export const createEnvelopeFields = async ({
       });
     }
 
+    const envelopeItemId = field.envelopeItemId || firstEnvelopeItem.id;
+
+    /*
+      Resolve field position(s). Placeholder fields are resolved by searching the
+      PDF text for the placeholder string and using its bounding box.
+      When matchAll is true, all occurrences produce fields.
+    */
+    if (isPlaceholderPosition(field)) {
+      const pdfDoc = pdfCache.get(envelopeItemId);
+
+      if (!pdfDoc) {
+        throw new AppError(AppErrorCode.NOT_FOUND, {
+          message: `Could not load PDF for envelope item ${envelopeItemId}`,
+        });
+      }
+
+      const matches = pdfDoc.findText(field.placeholder);
+
+      if (matches.length === 0) {
+        throw new AppError(AppErrorCode.INVALID_BODY, {
+          message: `Placeholder "${field.placeholder}" not found in PDF`,
+        });
+      }
+
+      const matchesToProcess = field.matchAll ? matches : [matches[0]];
+      const pages = pdfDoc.getPages();
+
+      return matchesToProcess.map((match) => {
+        const page = pages[match.pageIndex];
+
+        /*
+          Record this placeholder's bounding box for whiteout. The bbox is in
+          the original PDF coordinate system (points, bottom-left origin).
+        */
+        if (!placeholderWhiteouts.has(envelopeItemId)) {
+          placeholderWhiteouts.set(envelopeItemId, []);
+        }
+
+        placeholderWhiteouts.get(envelopeItemId)!.push({
+          pageIndex: match.pageIndex,
+          bbox: match.bbox,
+        });
+
+        /*
+          Convert point-based coordinates (bottom-left origin) to percentage-based
+          coordinates (top-left origin) matching the system's field coordinate format.
+        */
+        const topLeftY = page.height - match.bbox.y - match.bbox.height;
+
+        const widthPercent = field.width ?? (match.bbox.width / page.width) * 100;
+        const heightPercent = field.height ?? (match.bbox.height / page.height) * 100;
+
+        return {
+          type: field.type,
+          fieldMeta: field.fieldMeta,
+          recipientId: field.recipientId,
+          envelopeItemId,
+          recipientEmail: recipient.email,
+          page: match.pageIndex + 1,
+          positionX: (match.bbox.x / page.width) * 100,
+          positionY: (topLeftY / page.height) * 100,
+          width: widthPercent,
+          height: heightPercent,
+        };
+      });
+    }
+
     return {
-      ...field,
-      envelopeItemId: field.envelopeItemId || firstEnvelopeItem.id, // Fallback to first envelope item if no envelope item ID is provided.
+      type: field.type,
+      fieldMeta: field.fieldMeta,
+      recipientId: field.recipientId,
+      envelopeItemId,
       recipientEmail: recipient.email,
+      page: field.page,
+      positionX: field.positionX,
+      positionY: field.positionY,
+      width: field.width,
+      height: field.height,
     };
   });
 
@@ -162,6 +287,39 @@ export const createEnvelopeFields = async ({
     return newlyCreatedFields;
   });
 
+  /*
+    Draw white rectangles over each resolved placeholder in the PDF to hide the
+    placeholder text, then persist the modified PDFs back to document storage.
+  */
+  for (const [envelopeItemId, whiteouts] of placeholderWhiteouts) {
+    const pdfDoc = pdfCache.get(envelopeItemId);
+
+    if (!pdfDoc) {
+      continue;
+    }
+
+    whiteoutRegions(pdfDoc, whiteouts);
+
+    const modifiedPdfBytes = await pdfDoc.save();
+
+    const envelopeItem = envelope.envelopeItems.find((item) => item.id === envelopeItemId);
+
+    if (!envelopeItem) {
+      continue;
+    }
+
+    const newDocumentData = await putPdfFileServerSide({
+      name: 'document.pdf',
+      type: 'application/pdf',
+      arrayBuffer: async () => Promise.resolve(Buffer.from(modifiedPdfBytes)),
+    });
+
+    await prisma.envelopeItem.update({
+      where: { id: envelopeItemId },
+      data: { documentDataId: newDocumentData.id },
+    });
+  }
+
   return {
     fields: createdFields.map((field) => mapFieldToLegacyField(field, envelope)),
   };

packages/lib/server-only/folder/find-folders-internal.ts

@@ -66,12 +66,14 @@ export const findFoldersInternal = async ({
               where: {
                 type: EnvelopeType.DOCUMENT,
                 folderId: folder.id,
+                deletedAt: null,
               },
             }),
             prisma.envelope.count({
               where: {
                 type: EnvelopeType.TEMPLATE,
                 folderId: folder.id,
+                deletedAt: null,
               },
             }),
             prisma.folder.count({

packages/lib/server-only/license/license-client.ts

@@ -0,0 +1,245 @@
+import fs from 'node:fs/promises';
+import path from 'node:path';
+
+import { prisma } from '@documenso/prisma';
+
+import { IS_BILLING_ENABLED } from '../../constants/app';
+import type { TLicenseClaim } from '../../types/license';
+import {
+  LICENSE_FILE_NAME,
+  type TCachedLicense,
+  type TLicenseResponse,
+  ZCachedLicenseSchema,
+  ZLicenseResponseSchema,
+} from '../../types/license';
+import { SUBSCRIPTION_CLAIM_FEATURE_FLAGS } from '../../types/subscription';
+import { env } from '../../utils/env';
+
+const LICENSE_KEY = env('NEXT_PRIVATE_DOCUMENSO_LICENSE_KEY');
+const LICENSE_SERVER_URL =
+  env('INTERNAL_OVERRIDE_LICENSE_SERVER_URL') || 'https://license.documenso.com';
+
+declare global {
+  // eslint-disable-next-line no-var
+  var __documenso_license_client__: LicenseClient | undefined;
+}
+
+export class LicenseClient {
+  /**
+   * We cache the license in memory incase there is permission issues with
+   * retrieving the license from the local file system.
+   */
+  private cachedLicense: TCachedLicense | null = null;
+
+  private constructor() {}
+
+  /**
+   * Start the license client.
+   *
+   * This will ping the license server with the configured license key and store
+   * the response locally in a JSON file.
+   *
+   * Uses globalThis to store the singleton instance so that it's shared across
+   * different bundles (e.g. Hono and Remix) at runtime.
+   */
+  public static async start(): Promise<void> {
+    if (globalThis.__documenso_license_client__) {
+      return;
+    }
+
+    const instance = new LicenseClient();
+
+    globalThis.__documenso_license_client__ = instance;
+
+    try {
+      await instance.initialize();
+    } catch (err) {
+      // Do nothing.
+      console.error('[License] Failed to verify license:', err);
+    }
+  }
+
+  /**
+   * Get the current license client instance.
+   *
+   * Returns the shared instance from globalThis, ensuring both Hono and Remix
+   * bundles access the same instance.
+   */
+  public static getInstance(): LicenseClient | null {
+    return globalThis.__documenso_license_client__ ?? null;
+  }
+
+  public async getCachedLicense(): Promise<TCachedLicense | null> {
+    if (this.cachedLicense) {
+      return this.cachedLicense;
+    }
+
+    const localLicenseFile = await this.loadFromFile();
+
+    return localLicenseFile;
+  }
+
+  /**
+   * Force resync the license from the license server.
+   *
+   * This will re-ping the license server and update the cached license file.
+   */
+  public async resync(): Promise<void> {
+    await this.initialize();
+  }
+
+  private async initialize(): Promise<void> {
+    console.log('[License] Checking license with server...');
+
+    const cachedLicense = await this.loadFromFile();
+
+    if (cachedLicense) {
+      this.cachedLicense = cachedLicense;
+    }
+
+    let response: TLicenseResponse | null = null;
+
+    try {
+      response = await this.pingLicenseServer();
+    } catch (err) {
+      // If server is not responding, or erroring, use the cached license.
+      console.warn('[License] License server not responding, using cached license.');
+      console.error(err);
+      return;
+    }
+
+    const allowedFlags = response?.data?.flags || {};
+
+    // Check for unauthorized flag usage
+    const unauthorizedFlagUsage = await this.checkUnauthorizedFlagUsage(allowedFlags);
+
+    if (unauthorizedFlagUsage) {
+      console.warn('[License] Found unauthorized flag usage.');
+    }
+
+    let status: TCachedLicense['derivedStatus'] = 'NOT_FOUND';
+
+    if (response?.data?.status) {
+      status = response.data.status;
+    }
+
+    if (unauthorizedFlagUsage) {
+      status = 'UNAUTHORIZED';
+    }
+
+    const data: TCachedLicense = {
+      lastChecked: new Date().toISOString(),
+      license: response?.data || null,
+      requestedLicenseKey: LICENSE_KEY,
+      unauthorizedFlagUsage,
+      derivedStatus: status,
+    };
+
+    this.cachedLicense = data;
+    await this.saveToFile(data);
+
+    console.log('[License] License check completed successfully.');
+    console.log(`[License] Unauthorized Flag Usage: ${unauthorizedFlagUsage ? 'Yes' : 'No'}`);
+    console.log(`[License] Derived Status: ${status}`);
+    console.log(`[License] Status: ${response?.data?.status}`);
+    console.log(`[License] Flags: ${JSON.stringify(allowedFlags)}`);
+  }
+
+  /**
+   * Ping the license server to get the license response.
+   *
+   * If license not found returns null.
+   */
+  private async pingLicenseServer(): Promise<TLicenseResponse | null> {
+    if (!LICENSE_KEY) {
+      return null;
+    }
+
+    const endpoint = new URL('api/license', LICENSE_SERVER_URL).toString();
+
+    const response = await fetch(endpoint, {
+      method: 'POST',
+      headers: {
+        'Content-Type': 'application/json',
+      },
+      body: JSON.stringify({ license: LICENSE_KEY }),
+    });
+
+    if (!response.ok) {
+      throw new Error(`License server returned ${response.status}: ${response.statusText}`);
+    }
+
+    const data = await response.json();
+
+    return ZLicenseResponseSchema.parse(data);
+  }
+
+  private async saveToFile(data: TCachedLicense): Promise<void> {
+    const licenseFilePath = path.join(process.cwd(), LICENSE_FILE_NAME);
+
+    try {
+      await fs.writeFile(licenseFilePath, JSON.stringify(data, null, 2), 'utf-8');
+    } catch (error) {
+      console.error('[License] Failed to save license file:', error);
+    }
+  }
+
+  private async loadFromFile(): Promise<TCachedLicense | null> {
+    const licenseFilePath = path.join(process.cwd(), LICENSE_FILE_NAME);
+
+    try {
+      const fileContents = await fs.readFile(licenseFilePath, 'utf-8');
+
+      return ZCachedLicenseSchema.parse(JSON.parse(fileContents));
+    } catch {
+      return null;
+    }
+  }
+
+  /**
+   * Check if any organisation claims are using flags that are not permitted by the current license.
+   */
+  private async checkUnauthorizedFlagUsage(licenseFlags: Partial<TLicenseClaim>): Promise<boolean> {
+    // Get flags that are NOT permitted by the license by subtracting the allowed flags from the license flags.
+    const disallowedFlags = Object.values(SUBSCRIPTION_CLAIM_FEATURE_FLAGS).filter(
+      // eslint-disable-next-line @typescript-eslint/consistent-type-assertions
+      (flag) => flag.isEnterprise && !licenseFlags[flag.key as keyof TLicenseClaim],
+    );
+
+    let unauthorizedFlagUsage = false;
+
+    if (IS_BILLING_ENABLED() && !licenseFlags.billing) {
+      unauthorizedFlagUsage = true;
+    }
+
+    try {
+      const organisationWithUnauthorizedFlags = await prisma.organisationClaim.findFirst({
+        where: {
+          OR: disallowedFlags.map((flag) => ({
+            flags: {
+              path: [flag.key],
+              equals: true,
+            },
+          })),
+        },
+        select: {
+          id: true,
+          organisation: {
+            select: {
+              id: true,
+            },
+          },
+          flags: true,
+        },
+      });
+
+      if (organisationWithUnauthorizedFlags) {
+        unauthorizedFlagUsage = true;
+      }
+    } catch (error) {
+      console.error('[License] Failed to check unauthorized flag usage:', error);
+    }
+
+    return unauthorizedFlagUsage;
+  }
+}

packages/lib/server-only/pdf/auto-place-fields.ts

@@ -0,0 +1,237 @@
+import { PDF, rgb } from '@libpdf/core';
+import type { FieldType, Recipient } from '@prisma/client';
+
+import { type TFieldAndMeta, ZFieldAndMetaSchema } from '@documenso/lib/types/field-meta';
+
+import { parseFieldMetaFromPlaceholder, parseFieldTypeFromPlaceholder } from './helpers';
+
+const PLACEHOLDER_REGEX = /\{\{([^}]+)\}\}/g;
+const DEFAULT_FIELD_HEIGHT_PERCENT = 2;
+const MIN_HEIGHT_THRESHOLD = 0.01;
+
+export type BoundingBox = {
+  x: number;
+  y: number;
+  width: number;
+  height: number;
+};
+
+/**
+ * Draw white rectangles over specified regions in a loaded PDF document.
+ *
+ * Mutates the PDF in place. Coordinates use bottom-left origin (standard PDF coordinates).
+ */
+export const whiteoutRegions = (
+  pdfDoc: PDF,
+  regions: Array<{ pageIndex: number; bbox: BoundingBox }>,
+): void => {
+  const pages = pdfDoc.getPages();
+
+  for (const { pageIndex, bbox } of regions) {
+    const page = pages[pageIndex];
+
+    page.drawRectangle({
+      x: bbox.x,
+      y: bbox.y,
+      width: bbox.width,
+      height: bbox.height,
+      color: rgb(1, 1, 1),
+      borderColor: rgb(1, 1, 1),
+      borderWidth: 2,
+    });
+  }
+};
+
+export type PlaceholderInfo = {
+  placeholder: string;
+  recipient: string;
+  fieldAndMeta: TFieldAndMeta;
+  page: number;
+  x: number;
+  y: number;
+  width: number;
+  height: number;
+  pageWidth: number;
+  pageHeight: number;
+};
+
+export type FieldToCreate = TFieldAndMeta & {
+  envelopeItemId?: string;
+  recipientId: number;
+  page: number;
+  positionX: number;
+  positionY: number;
+  width: number;
+  height: number;
+};
+
+export const extractPlaceholdersFromPDF = async (pdf: Buffer): Promise<PlaceholderInfo[]> => {
+  const pdfDoc = await PDF.load(new Uint8Array(pdf));
+
+  const placeholders: PlaceholderInfo[] = [];
+
+  for (const page of pdfDoc.getPages()) {
+    const pageWidth = page.width;
+    const pageHeight = page.height;
+
+    const matches = page.findText(PLACEHOLDER_REGEX);
+
+    for (const match of matches) {
+      const placeholder = match.text;
+
+      /*
+        Extract the inner content from the placeholder match.
+        E.g. '{{SIGNATURE, r1, required=true}}' -> 'SIGNATURE, r1, required=true'
+      */
+      const innerMatch = placeholder.match(/^\{\{([^}]+)\}\}$/);
+
+      if (!innerMatch) {
+        continue;
+      }
+
+      const placeholderData = innerMatch[1].split(',').map((property) => property.trim());
+      const [fieldTypeString, recipientOrMeta, ...fieldMetaData] = placeholderData;
+
+      let fieldType: FieldType;
+
+      try {
+        fieldType = parseFieldTypeFromPlaceholder(fieldTypeString);
+      } catch {
+        // Skip placeholders with unrecognized field types.
+        continue;
+      }
+
+      /*
+        A recipient identifier (e.g. "r1", "R2") is required for auto-placement.
+        Placeholders without an explicit recipient like {{name}} are reserved for
+        future API use where callers can reference a placeholder by name with
+        optional dimensions instead of absolute coordinates.
+      */
+      if (!recipientOrMeta || !/^r\d+$/i.test(recipientOrMeta)) {
+        continue;
+      }
+
+      const recipient = recipientOrMeta;
+
+      const rawFieldMeta = Object.fromEntries(fieldMetaData.map((property) => property.split('=')));
+
+      const parsedFieldMeta = parseFieldMetaFromPlaceholder(rawFieldMeta, fieldType);
+
+      const fieldAndMeta: TFieldAndMeta = ZFieldAndMetaSchema.parse({
+        type: fieldType,
+        fieldMeta: parsedFieldMeta,
+      });
+
+      /*
+        LibPDF returns bbox in points with bottom-left origin.
+        Convert Y to top-left origin for consistency with the rest of the system.
+      */
+      const topLeftY = pageHeight - match.bbox.y - match.bbox.height;
+
+      placeholders.push({
+        placeholder,
+        recipient,
+        fieldAndMeta,
+        page: page.index + 1,
+        x: match.bbox.x,
+        y: topLeftY,
+        width: match.bbox.width,
+        height: match.bbox.height,
+        pageWidth,
+        pageHeight,
+      });
+    }
+  }
+
+  return placeholders;
+};
+
+/**
+ * Draw white rectangles over placeholder text in a PDF.
+ *
+ * Accepts optional pre-extracted placeholders to avoid re-parsing the PDF.
+ */
+export const removePlaceholdersFromPDF = async (
+  pdf: Buffer,
+  placeholders?: PlaceholderInfo[],
+): Promise<Buffer> => {
+  const resolved = placeholders ?? (await extractPlaceholdersFromPDF(pdf));
+
+  const pdfDoc = await PDF.load(new Uint8Array(pdf));
+  const pages = pdfDoc.getPages();
+
+  /*
+    Convert PlaceholderInfo[] to whiteout regions.
+    PlaceholderInfo uses top-left origin, but whiteoutRegions expects bottom-left.
+  */
+  const regions = resolved.map((p) => {
+    const page = pages[p.page - 1];
+    const bottomLeftY = page.height - p.y - p.height;
+
+    return {
+      pageIndex: p.page - 1,
+      bbox: { x: p.x, y: bottomLeftY, width: p.width, height: p.height },
+    };
+  });
+
+  whiteoutRegions(pdfDoc, regions);
+
+  const modifiedPdfBytes = await pdfDoc.save();
+
+  return Buffer.from(modifiedPdfBytes);
+};
+
+/**
+ * Extract placeholders from a PDF and remove them from the document.
+ *
+ * Returns the cleaned PDF buffer and the extracted placeholders. If no
+ * placeholders are found the original buffer is returned as-is.
+ */
+export const extractPdfPlaceholders = async (
+  pdf: Buffer,
+): Promise<{ cleanedPdf: Buffer; placeholders: PlaceholderInfo[] }> => {
+  const placeholders = await extractPlaceholdersFromPDF(pdf);
+
+  if (placeholders.length === 0) {
+    return { cleanedPdf: pdf, placeholders: [] };
+  }
+
+  const cleanedPdf = await removePlaceholdersFromPDF(pdf, placeholders);
+
+  return { cleanedPdf, placeholders };
+};
+
+/**
+ * Convert pre-extracted PlaceholderInfo[] to field creation inputs.
+ *
+ * Pure data transform — converts point-based coordinates to percentages and
+ * resolves recipient references via the provided callback. No DB calls.
+ */
+export const convertPlaceholdersToFieldInputs = (
+  placeholders: PlaceholderInfo[],
+  recipientResolver: (recipientPlaceholder: string, placeholder: string) => Pick<Recipient, 'id'>,
+  envelopeItemId?: string,
+): FieldToCreate[] => {
+  return placeholders.map((p) => {
+    const xPercent = (p.x / p.pageWidth) * 100;
+    const yPercent = (p.y / p.pageHeight) * 100;
+    const widthPercent = (p.width / p.pageWidth) * 100;
+    const heightPercent = (p.height / p.pageHeight) * 100;
+
+    const finalHeightPercent =
+      heightPercent > MIN_HEIGHT_THRESHOLD ? heightPercent : DEFAULT_FIELD_HEIGHT_PERCENT;
+
+    const recipient = recipientResolver(p.recipient, p.placeholder);
+
+    return {
+      ...p.fieldAndMeta,
+      envelopeItemId,
+      recipientId: recipient.id,
+      page: p.page,
+      positionX: xPercent,
+      positionY: yPercent,
+      width: widthPercent,
+      height: finalHeightPercent,
+    };
+  });
+};

packages/lib/server-only/pdf/generate-audit-log-pdf.ts

@@ -1,6 +1,7 @@
 import { PDF } from '@libpdf/core';
 import { i18n } from '@lingui/core';
 
+import { type TDocumentAuditLog } from '@documenso/lib/types/document-audit-logs';
 import { prisma } from '@documenso/prisma';
 
 import { ZSupportedLanguageCodeSchema } from '../../constants/i18n';
@@ -15,12 +16,20 @@ type GenerateAuditLogPdfOptions = GenerateCertificatePdfOptions & {
 };
 
 export const generateAuditLogPdf = async (options: GenerateAuditLogPdfOptions) => {
-  const { envelope, envelopeOwner, envelopeItems, recipients, language, pageWidth, pageHeight } =
-    options;
+  const {
+    envelope,
+    envelopeOwner,
+    envelopeItems,
+    recipients,
+    language,
+    pageWidth,
+    pageHeight,
+    envelopeCompletedAuditLog,
+  } = options;
 
   const documentLanguage = ZSupportedLanguageCodeSchema.parse(language);
 
-  const [organisationClaim, auditLogs, messages] = await Promise.all([
+  const [organisationClaim, partialAuditLogs, messages] = await Promise.all([
     getOrganisationClaimByTeamId({ teamId: envelope.teamId }),
     getAuditLogs(envelope.id),
     getTranslations(documentLanguage),
@@ -31,6 +40,17 @@ export const generateAuditLogPdf = async (options: GenerateAuditLogPdfOptions) =
     messages,
   });
 
+  const auditLogs: TDocumentAuditLog[] = [...partialAuditLogs];
+
+  if (envelopeCompletedAuditLog) {
+    // eslint-disable-next-line @typescript-eslint/consistent-type-assertions
+    auditLogs.unshift({
+      ...envelopeCompletedAuditLog,
+      id: '',
+      createdAt: new Date(),
+    } satisfies Omit<TDocumentAuditLog, 'type'> as TDocumentAuditLog);
+  }
+
   const auditLogPages = await renderAuditLogs({
     envelope,
     envelopeOwner,

packages/lib/server-only/pdf/generate-certificate-pdf.ts

@@ -7,6 +7,8 @@ import { FieldType } from '@prisma/client';
 import { prop, sortBy } from 'remeda';
 import { match } from 'ts-pattern';
 
+import type { CreateDocumentAuditLogDataResponse } from '@documenso/lib/utils/document-audit-logs';
+
 import { ZSupportedLanguageCodeSchema } from '../../constants/i18n';
 import type { TDocumentAuditLogBaseSchema } from '../../types/document-audit-logs';
 import { extractDocumentAuthMethods } from '../../utils/document-auth';
@@ -16,7 +18,14 @@ import { getOrganisationClaimByTeamId } from '../organisation/get-organisation-c
 import { renderCertificate } from './render-certificate';
 
 export type GenerateCertificatePdfOptions = {
-  envelope: Envelope & {
+  /**
+   * Note: completedAt is not included since it's not real at this point in time.
+   *
+   * If we actually need it here in the future, we will need to preserve the
+   * completedAt value and pass it to the final `envelope.update` function when
+   * the document is initially sealed.
+   */
+  envelope: Omit<Envelope, 'completedAt'> & {
     documentMeta: DocumentMeta;
   };
   envelopeOwner: {
@@ -30,6 +39,7 @@ export type GenerateCertificatePdfOptions = {
   language?: string;
   pageWidth: number;
   pageHeight: number;
+  envelopeCompletedAuditLog?: CreateDocumentAuditLogDataResponse;
 };
 
 export const generateCertificatePdf = async (options: GenerateCertificatePdfOptions) => {

packages/lib/server-only/pdf/helpers.ts

@@ -0,0 +1,152 @@
+import { FieldType } from '@prisma/client';
+import type { Recipient } from '@prisma/client';
+import { match } from 'ts-pattern';
+
+import { AppError, AppErrorCode } from '@documenso/lib/errors/app-error';
+
+type RecipientPlaceholderInfo = {
+  email: string;
+  name: string;
+  recipientIndex: number;
+};
+
+/*
+  Parse field type string to FieldType enum.
+  Normalizes the input (uppercase, trim) and validates it's a valid field type.
+  This ensures we handle case variations and whitespace, and provides clear error messages.
+*/
+export const parseFieldTypeFromPlaceholder = (fieldTypeString: string): FieldType => {
+  const normalizedType = fieldTypeString.toUpperCase().trim();
+
+  return match(normalizedType)
+    .with('SIGNATURE', () => FieldType.SIGNATURE)
+    .with('FREE_SIGNATURE', () => FieldType.FREE_SIGNATURE)
+    .with('INITIALS', () => FieldType.INITIALS)
+    .with('NAME', () => FieldType.NAME)
+    .with('EMAIL', () => FieldType.EMAIL)
+    .with('DATE', () => FieldType.DATE)
+    .with('TEXT', () => FieldType.TEXT)
+    .with('NUMBER', () => FieldType.NUMBER)
+    .with('RADIO', () => FieldType.RADIO)
+    .with('CHECKBOX', () => FieldType.CHECKBOX)
+    .with('DROPDOWN', () => FieldType.DROPDOWN)
+    .otherwise(() => {
+      throw new AppError(AppErrorCode.INVALID_BODY, {
+        message: `Invalid field type: ${fieldTypeString}`,
+      });
+    });
+};
+
+/*
+  Transform raw field metadata from placeholder format to schema format.
+  Users should provide properly capitalized property names (e.g., readOnly, fontSize, textAlign).
+  Converts string values to proper types (booleans, numbers).
+*/
+export const parseFieldMetaFromPlaceholder = (
+  rawFieldMeta: Record<string, string>,
+  fieldType: FieldType,
+): Record<string, unknown> | undefined => {
+  if (fieldType === FieldType.SIGNATURE || fieldType === FieldType.FREE_SIGNATURE) {
+    return;
+  }
+
+  if (Object.keys(rawFieldMeta).length === 0) {
+    return;
+  }
+
+  const fieldTypeString = String(fieldType).toLowerCase();
+
+  const parsedFieldMeta: Record<string, boolean | number | string> = {
+    type: fieldTypeString,
+  };
+
+  /*
+    rawFieldMeta is an object with string keys and string values.
+    It contains string values because the PDF parser returns the values as strings.
+
+    E.g. { 'required': 'true', 'fontSize': '12', 'maxValue': '100', 'minValue': '0', 'characterLimit': '100' }
+  */
+  const rawFieldMetaEntries = Object.entries(rawFieldMeta);
+
+  for (const [property, value] of rawFieldMetaEntries) {
+    if (property === 'readOnly' || property === 'required') {
+      parsedFieldMeta[property] = value === 'true';
+    } else if (
+      property === 'fontSize' ||
+      property === 'maxValue' ||
+      property === 'minValue' ||
+      property === 'characterLimit'
+    ) {
+      const numValue = Number(value);
+
+      if (!Number.isNaN(numValue)) {
+        parsedFieldMeta[property] = numValue;
+      }
+    } else {
+      parsedFieldMeta[property] = value;
+    }
+  }
+
+  return parsedFieldMeta;
+};
+
+const extractRecipientPlaceholder = (placeholder: string): RecipientPlaceholderInfo => {
+  const indexMatch = placeholder.match(/^r(\d+)$/i);
+
+  if (!indexMatch) {
+    throw new AppError(AppErrorCode.INVALID_BODY, {
+      message: `Invalid recipient placeholder format: ${placeholder}. Expected format: r1, r2, r3, etc.`,
+    });
+  }
+
+  const recipientIndex = Number(indexMatch[1]);
+
+  return {
+    email: `recipient.${recipientIndex}@documenso.com`,
+    name: `Recipient ${recipientIndex}`,
+    recipientIndex,
+  };
+};
+
+/*
+  Finds a recipient based on a placeholder reference.
+  If recipients array is provided, uses index-based matching (r1 -> recipients[0], etc.).
+  Otherwise, uses email-based matching from createdRecipients.
+*/
+export const findRecipientByPlaceholder = (
+  recipientPlaceholder: string,
+  placeholder: string,
+  recipients: Pick<Recipient, 'id' | 'email'>[] | undefined,
+  createdRecipients: Pick<Recipient, 'id' | 'email'>[],
+): Pick<Recipient, 'id' | 'email'> => {
+  if (recipients && recipients.length > 0) {
+    /*
+      Map placeholder by index: r1 -> recipients[0], r2 -> recipients[1], etc.
+      recipientIndex is 1-based, so we subtract 1 to get the array index.
+    */
+    const { recipientIndex } = extractRecipientPlaceholder(recipientPlaceholder);
+    const recipientArrayIndex = recipientIndex - 1;
+
+    if (recipientArrayIndex < 0 || recipientArrayIndex >= recipients.length) {
+      throw new AppError(AppErrorCode.INVALID_BODY, {
+        message: `Recipient placeholder ${recipientPlaceholder} (index ${recipientIndex}) is out of range. Provided ${recipients.length} recipient(s).`,
+      });
+    }
+
+    return recipients[recipientArrayIndex];
+  }
+
+  /*
+    Use email-based matching for placeholder recipients.
+  */
+  const { email } = extractRecipientPlaceholder(recipientPlaceholder);
+  const recipient = createdRecipients.find((r) => r.email === email);
+
+  if (!recipient) {
+    throw new AppError(AppErrorCode.INVALID_BODY, {
+      message: `Could not find recipient ID for placeholder: ${placeholder}`,
+    });
+  }
+
+  return recipient;
+};

packages/lib/server-only/pdf/normalize-pdf.ts

@@ -28,5 +28,7 @@ export const normalizePdf = async (pdf: Buffer, options: { flattenForm?: boolean
     pdfDoc.flattenAnnotations();
   }
 
-  return Buffer.from(await pdfDoc.save());
+  const normalizedPdfBytes = await pdfDoc.save();
+
+  return Buffer.from(normalizedPdfBytes);
 };

packages/lib/server-only/pdf/render-audit-logs.ts

@@ -30,7 +30,7 @@ export type AuditLogRecipient = {
 };
 
 type GenerateAuditLogsOptions = {
-  envelope: Envelope & {
+  envelope: Omit<Envelope, 'completedAt'> & {
     documentMeta: DocumentMeta;
   };
   envelopeItems: string[];
@@ -168,7 +168,7 @@ const renderVerticalLabelAndText = (options: RenderVerticalLabelAndTextOptions)
 };
 
 type RenderOverviewCardOptions = {
-  envelope: Envelope & {
+  envelope: Omit<Envelope, 'completedAt'> & {
     documentMeta: DocumentMeta;
   };
   envelopeItems: string[];

packages/lib/server-only/pdf/render-certificate.ts

@@ -78,6 +78,7 @@ const getDevice = (userAgent?: string | null): string => {
 const textMutedForegroundLight = '#929DAE';
 const textForeground = '#000';
 const textMutedForeground = '#64748B';
+const textRejectedRed = '#dc2626';
 const textBase = 10;
 const textSm = 9;
 const textXs = 8;
@@ -97,6 +98,8 @@ type RenderLabelAndTextOptions = {
   text: string;
   width: number;
   y?: number;
+  labelFill?: string;
+  valueFill?: string;
 };
 
 const renderLabelAndText = (options: RenderLabelAndTextOptions) => {
@@ -106,13 +109,16 @@ const renderLabelAndText = (options: RenderLabelAndTextOptions) => {
     y,
   });
 
+  const labelFill = options.labelFill ?? textMutedForeground;
+  const valueFill = options.valueFill ?? textMutedForeground;
+
   const label = new Konva.Text({
     x: 0,
     y: 0,
     text: `${options.label}: `,
     fontStyle: fontMedium,
     fontFamily: 'Inter',
-    fill: textMutedForeground,
+    fill: labelFill,
     fontSize: textSm,
   });
 
@@ -124,7 +130,7 @@ const renderLabelAndText = (options: RenderLabelAndTextOptions) => {
     width: width - label.width(),
     fontFamily: 'Inter',
     text: options.text,
-    fill: textMutedForeground,
+    fill: valueFill,
     wrap: 'char',
     fontSize: textSm,
   });
@@ -269,6 +275,8 @@ const renderColumnTwo = (options: RenderColumnOptions) => {
 
   const columnWidth = width - columnPadding;
 
+  const isRejected = Boolean(recipient.logs.rejected);
+
   if (recipient.signatureField?.secondaryId) {
     // Signature container with green border
     const signatureContainer = new Konva.Group({ x: 0, y: 0 });
@@ -313,7 +321,10 @@ const renderColumnTwo = (options: RenderColumnOptions) => {
       signatureContainer.add(typedSig);
     }
 
-    column.add(signatureContainer);
+    // Do not add the signature container for rejected recipients.
+    if (!isRejected) {
+      column.add(signatureContainer);
+    }
 
     const signatureHeight = Math.max(signatureContainer.getClientRect().height, minSignatureHeight);
 
@@ -342,7 +353,7 @@ const renderColumnTwo = (options: RenderColumnOptions) => {
     // Signature ID
     const sigIdLabel = new Konva.Text({
       x: 0,
-      y: signatureHeight + 10,
+      y: isRejected ? 0 : signatureHeight + 10,
       text: `${i18n._(msg`Signature ID`)}:`,
       fill: textMutedForeground,
       width: columnWidth,
@@ -376,9 +387,11 @@ const renderColumnTwo = (options: RenderColumnOptions) => {
     column.add(naText);
   }
 
+  const relevantLog = isRejected ? recipient.logs.rejected : recipient.logs.completed;
+
   const ipLabelAndText = renderLabelAndText({
     label: i18n._(msg`IP Address`),
-    text: recipient.logs.completed?.ipAddress ?? i18n._(msg`Unknown`),
+    text: relevantLog?.ipAddress ?? i18n._(msg`Unknown`),
     width,
     y: column.getClientRect().height + 6,
   });
@@ -386,7 +399,7 @@ const renderColumnTwo = (options: RenderColumnOptions) => {
 
   const deviceLabelAndText = renderLabelAndText({
     label: i18n._(msg`Device`),
-    text: getDevice(recipient.logs.completed?.userAgent),
+    text: getDevice(relevantLog?.userAgent),
     width,
     y: column.getClientRect().height + 6,
   });
@@ -400,7 +413,14 @@ const renderColumnThree = (options: RenderColumnOptions) => {
 
   const column = new Konva.Group();
 
-  const itemsToRender = [
+  type DetailItem = {
+    label: string;
+    value: string;
+    labelFill?: string;
+    valueFill?: string;
+  };
+
+  const itemsToRender: DetailItem[] = [
     {
       label: i18n._(msg`Sent`),
       value: recipient.logs.emailed
@@ -429,6 +449,8 @@ const renderColumnThree = (options: RenderColumnOptions) => {
       value: DateTime.fromJSDate(recipient.logs.rejected.createdAt)
         .setLocale(APP_I18N_OPTIONS.defaultLocale)
         .toFormat('yyyy-MM-dd hh:mm:ss a (ZZZZ)'),
+      labelFill: textRejectedRed,
+      valueFill: textRejectedRed,
     });
   } else {
     itemsToRender.push({
@@ -459,6 +481,8 @@ const renderColumnThree = (options: RenderColumnOptions) => {
       text: item.value,
       width,
       y: column.getClientRect().height + (index === 0 ? 0 : 8),
+      labelFill: item.labelFill,
+      valueFill: item.valueFill,
     });
     column.add(labelAndText);
   }

packages/lib/server-only/template/create-document-from-template.ts

@@ -551,6 +551,7 @@ export const createDocumentFromTemplate = async ({
         visibility: template.visibility || settings.documentVisibility,
         useLegacyFieldInsertion: template.useLegacyFieldInsertion ?? false,
         documentMetaId: documentMeta.id,
+        formValues: formValues ?? undefined,
         recipients: {
           createMany: {
             data: allFinalRecipients.map((recipient) => {

packages/lib/server-only/template/find-templates.ts

@@ -79,6 +79,7 @@ export const findTemplates = async ({
         },
       },
       skip: Math.max(page - 1, 0) * perPage,
+      take: perPage,
       orderBy: {
         createdAt: 'desc',
       },

packages/lib/server-only/user/submit-support-ticket.ts

@@ -20,6 +20,12 @@ export const submitSupportTicket = async ({
   organisationId,
   teamId,
 }: SubmitSupportTicketOptions) => {
+  if (!plainClient) {
+    throw new AppError(AppErrorCode.NOT_SETUP, {
+      message: 'Support ticket system is not configured',
+    });
+  }
+
   const user = await prisma.user.findFirst({
     where: {
       id: userId,
@@ -52,6 +58,29 @@ export const submitSupportTicket = async ({
       })
     : null;
 
+  // Ensure the customer exists in Plain before creating a thread
+  const plainCustomer = await plainClient.upsertCustomer({
+    identifier: {
+      emailAddress: user.email,
+    },
+    onCreate: {
+      // If the user doesn't have a name, default to their email
+      fullName: user.name || user.email,
+      email: {
+        email: user.email,
+        isVerified: !!user.emailVerified,
+      },
+    },
+    // No need to update the customer if it already exists
+    onUpdate: {},
+  });
+
+  if (plainCustomer.error) {
+    throw new AppError(AppErrorCode.UNKNOWN_ERROR, {
+      message: `Failed to create customer in support system: ${plainCustomer.error.message}`,
+    });
+  }
+
   const customMessage = `
 Organisation: ${organisation.name} (${organisation.id})
 Team: ${team ? `${team.name} (${team.id})` : 'No team provided'}
@@ -60,12 +89,14 @@ ${message}`;
 
   const res = await plainClient.createThread({
     title: subject,
-    customerIdentifier: { emailAddress: user.email },
+    customerIdentifier: { customerId: plainCustomer.data.customer.id },
     components: [{ componentText: { text: customMessage } }],
   });
 
   if (res.error) {
-    throw new Error(res.error.message);
+    throw new AppError(AppErrorCode.UNKNOWN_ERROR, {
+      message: `Failed to create support ticket: ${res.error.message}`,
+    });
   }
 
   return res;