2025-09-17 00:49:23 +00:00
1340 changed files with 12793 additions and 81855 deletions
--- a/.claude/settings.local.json
+++ b/.claude/settings.local.json
@ -1,18 +0,0 @@
 {
  "permissions": {
    "allow": [
      "Bash(chmod:*)",
      "Bash(mkdir:*)",
      "Bash(./gradlew:*)",
      "Bash(grep:*)",
      "Bash(cat:*)",
      "Bash(find:*)",
      "Bash(grep:*)",
      "Bash(rg:*)",
      "Bash(strings:*)",
      "Bash(pkill:*)",
      "Bash(true)"
    ],
    "deny": []
  }
 }
--- a/.devcontainer/devcontainer.json
+++ b/.devcontainer/devcontainer.json
@ -49,7 +49,7 @@
                "java.configuration.updateBuildConfiguration": "interactive",
                "java.format.enabled": true,
                "java.format.settings.profile": "GoogleStyle",
-                "java.format.settings.google.version": "1.28.0",
+                "java.format.settings.google.version": "1.25.2",
                "java.format.settings.google.extra": "--aosp --skip-sorting-imports --skip-javadoc-formatting",
                "java.saveActions.cleanup": true,
                "java.cleanup.actions": [
@ -79,17 +79,9 @@
                    ".venv*/",
                    ".vscode/",
                    "bin/",
                    "app/core/bin/",
                    "app/common/bin/",
                    "app/proprietary/bin/",
                    "build/",
                    "app/core/build/",
                    "app/common/build/",
                    "app/proprietary/build/",
                    "configs/",
                    "app/core/configs/",
                    "customFiles/",
                    "app/core/customFiles/",
                    "docs/",
                    "exampleYmlFiles",
                    "gradle/",
@ -101,9 +93,6 @@
                    ".git-blame-ignore-revs",
                    ".gitattributes",
                    ".gitignore",
                    "app/core/.gitignore",
                    "app/common/.gitignore",
                    "app/proprietary/.gitignore",
                    ".pre-commit-config.yaml"
                ],
                "java.signatureHelp.enabled": true,
@ -130,9 +119,7 @@
                "EditorConfig.EditorConfig", // EditorConfig support for maintaining consistent coding styles
                "ms-azuretools.vscode-docker", // Docker extension for Visual Studio Code
                "charliermarsh.ruff", // Ruff extension for Ruff language support
-                "github.vscode-github-actions", // GitHub Actions extension for Visual Studio Code
+                "github.vscode-github-actions" // GitHub Actions extension for Visual Studio Code
                "stylelint.vscode-stylelint", // Stylelint extension for CSS and SCSS linting
                "redhat.vscode-yaml" // YAML extension for Visual Studio Code
            ]
        }
    },
--- a/.editorconfig
+++ b/.editorconfig
@ -1,7 +1,6 @@
 root = true
 [*]
 charset = utf-8
 indent_style = space
 indent_size = 4
 end_of_line = lf
@ -27,20 +26,6 @@ trim_trailing_whitespace = false
 [*.js]
 indent_size = 2
-[*.css]
+[*.yaml]
 # CSS files typically use an indent size of 2 spaces for better readability and alignment with community standards.
 indent_size = 2
 [*.{yml,yaml}]
 # YAML files use an indent size of 2 spaces to maintain consistency with common YAML formatting practices.
 indent_size = 2
 insert_final_newline = false
 trim_trailing_whitespace = false
 [*.json]
 # JSON files use an indent size of 2 spaces, which is the standard for JSON formatting.
 indent_size = 2
 [*.jsonc]
 # JSONC (JSON with comments) files also follow the standard JSON formatting with an indent size of 2 spaces.
 indent_size = 2
--- a/.git-blame-ignore-revs
+++ b/.git-blame-ignore-revs
@ -1,9 +1,5 @@
 # Formatting
 5f771b785130154ed47952635b7acef371ffe0ec
 7fa5e130d99227c2202ebddfdd91348176ec0c7b
 14d4fbb2a36195eedb034785e5a5ff6a47f268c6
 ee8030c1c4148062cde15c49c67d04ef03930c55
 fcd41924f5f261febfa9d9a92994671f3ebc97d6
 # Normalize files
 55d4fda01b2f39f5b7d7b4fda5214bd7ff0fd5dd
--- a/.gitattributes
+++ b/.gitattributes
@ -1,10 +1,10 @@
 * text=auto eol=lf
 # Ignore all JavaScript files in a directory
-app/core/src/main/resources/static/pdfjs/* linguist-vendored
+src/main/resources/static/pdfjs/* linguist-vendored
-app/core/src/main/resources/static/pdfjs/** linguist-vendored
+src/main/resources/static/pdfjs/** linguist-vendored
-app/core/src/main/resources/static/pdfjs-legacy/* linguist-vendored
+src/main/resources/static/pdfjs-legacy/* linguist-vendored
-app/core/src/main/resources/static/pdfjs-legacy/** linguist-vendored
+src/main/resources/static/pdfjs-legacy/** linguist-vendored
-app/core/src/main/resources/static/css/bootstrap-icons.css linguist-vendored
+src/main/resources/static/css/bootstrap-icons.css linguist-vendored
-app/core/src/main/resources/static/css/bootstrap.min.css linguist-vendored
+src/main/resources/static/css/bootstrap.min.css linguist-vendored
-app/core/src/main/resources/static/css/fonts/* linguist-vendored
+src/main/resources/static/css/fonts/* linguist-vendored
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@ -1,21 +1,2 @@
-# All PRs must be approved by Frooodle or Ludy87
+# All PRs to V1 must be approved by Frooodle
-* @Frooodle @Ludy87 @jbrunton96 @ConnorYoh
+* @Frooodle @reecebrowne @Ludy87 @DarioGii @ConnorYoh
 # Backend
 /app/** @DarioGii @Frooodle @Ludy87 @jbrunton96 @ConnorYoh
 #V1 frontend
 /app/core/src/main/resources/static/** @reecebrowne @ConnorYoh @EthanHealy01 @jbrunton96 @Frooodle @Ludy87
 /app/core/src/main/resources/templates/** @reecebrowne @ConnorYoh @EthanHealy01 @jbrunton96 @Frooodle @Ludy87
 #V2 frontend
 /frontend/** @reecebrowne @ConnorYoh @EthanHealy01 @jbrunton96 @Frooodle
 #V2 docker
 /docker/backend/** @Frooodle @Ludy87 @DarioGii @Ludy87
 /docker/frontend/** @reecebrowne @ConnorYoh @EthanHealy01 @jbrunton96 @Frooodle @Ludy87
 /docker/compose/** @reecebrowne @ConnorYoh @EthanHealy01 @DarioGii @jbrunton96 @Frooodle @Ludy87
 #GHA (All users)
 /.github/** @reecebrowne @ConnorYoh @EthanHealy01 @DarioGii @jbrunton96 @Frooodle @Ludy87
--- a/.github/actions/setup-bot/action.yml
+++ b/.github/actions/setup-bot/action.yml
@ -1,33 +0,0 @@
 name: 'Setup GitHub App Bot'
 description: 'Generates a GitHub App Token and configures Git for a bot'
 inputs:
  app-id:
    description: 'GitHub App ID'
    required: True
  private-key:
    description: 'GitHub App Private Key'
    required: True
 outputs:
  token:
    description: 'Generated GitHub App Token'
    value: ${{ steps.generate-token.outputs.token }}
  committer:
    description: 'Committer string for Git'
    value: "${{ steps.generate-token.outputs.app-slug }}[bot] <${{ steps.generate-token.outputs.app-slug }}[bot]@users.noreply.github.com>"
  app-slug:
    description: 'GitHub App slug'
    value: ${{ steps.generate-token.outputs.app-slug }}
 runs:
  using: 'composite'
  steps:
    - name: Generate a GitHub App Token
      id: generate-token
      uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e # v2.0.6
      with:
        app-id: ${{ inputs.app-id }}
        private-key: ${{ inputs.private-key }}
    - name: Configure Git
      run: |
        git config --global user.name "${{ steps.generate-token.outputs.app-slug }}[bot]"
        git config --global user.email "${{ steps.generate-token.outputs.app-slug }}[bot]@users.noreply.github.com"
      shell: bash
--- a/.github/config/.files.yaml
+++ b/.github/config/.files.yaml
@ -1,38 +0,0 @@
 build: &build
  - build.gradle
  - app/(common|core|proprietary)/build.gradle
 app: &app
  - app/(common|core|proprietary)/src/main/java/**
 openapi: &openapi
  - build.gradle
  - app/(common|core|proprietary)/build.gradle
  - app/(common|core|proprietary)/src/main/java/**
 project: &project
  - app/(common|core|proprietary)/src/(main|test)/java/**
  - app/(common|core|proprietary)/build.gradle
  - 'app/(common|core|proprietary)/src/(main|test)/resources/**/!(messages_*.properties|*.md)*'
  - exampleYmlFiles/**
  - gradle/**
  - libs/**
  - testing/**
  - build.gradle
  - Dockerfile
  - Dockerfile.fat
  - Dockerfile.ultra-lite
  - gradle.properties
  - gradlew
  - gradlew.bat
  - launch4jConfig.xml
  - settings.gradle
  - frontend/**
  - docker/**
  - testing/**
 frontend: &frontend
  - frontend/**
  - .github/workflows/testdriver.yml
  - testing/**
  - docker/**
--- a/.github/config/repo_devs.json
+++ b/.github/config/repo_devs.json
@ -1,13 +0,0 @@
 {
  "repo_devs": [
    "Frooodle",
    "sf298",
    "Ludy87",
    "LaserKaspar",
    "sbplat",
    "reecebrowne",
    "DarioGii",
    "ConnorYoh",
    "EthanHealy01"
  ]
 }
--- a/.github/config/system-prompt.txt
+++ b/.github/config/system-prompt.txt
@ -1,13 +0,0 @@
 You are a professional software engineer specializing in reviewing pull request titles.
 Your job is to analyze a git diff and an existing PR title, then evaluate and improve the PR title.
 You must:
 - Always return valid JSON
 - Only return the JSON response (no Markdown, no formatting)
 - Use one of these conventional commit types at the beginning of the title: build, chore, ci, docs, feat, fix, perf, refactor, revert, style, test
 - Use lowercase only, no emojis, no trailing period
 - Ensure the title is between 5 and 72 printable ASCII characters
 - Never let spelling or grammar errors affect the rating
 - If the PR title is rated 6 or higher and only contains spelling or grammar mistakes, correct it - do not rephrase it
 - If the PR title is rated below 6, generate a new, better title based on the diff
--- a/.github/labeler-config-srvaroa.yml
+++ b/.github/labeler-config-srvaroa.yml
@ -1,162 +0,0 @@
 version: 1
 labels:
  - label: "Bugfix"
    title: '^fix(\([^)]*\))?:|^fix:.*'
  - label: "enhancement"
    title: '^feat(\([^)]*\))?:|^feat:.*'
  - label: "build"
    title: '^build(\([^)]*\))?:|^build:.*'
  - label: "chore"
    title: '^chore(\([^)]*\))?:|^chore:.*'
  - label: "ci"
    title: '^ci(\([^)]*\))?:|^ci:.*'
  - label: "ci"
    title: '^.*\(ci\):.*'
  - label: "perf"
    title: '^perf(\([^)]*\))?:|^perf:.*'
  - label: "refactor"
    title: '^refactor(\([^)]*\))?:|^refactor:.*'
  - label: "revert"
    title: '^revert(\([^)]*\))?:|^revert:.*'
  - label: "style"
    title: '^style(\([^)]*\))?:|^style:.*'
  - label: "Documentation"
    title: '^docs(\([^)]*\))?:|^docs:.*'
  - label: "Documentation"
    title: '^.*\(docs\):.*'
  - label: "dependencies"
    title: '^deps(\([^)]*\))?:|^deps:.*'
  - label: "dependencies"
    title: '^.*\(deps\):.*'
  - label: 'API'
    title: '.*openapi.*|.*swagger.*|.*api.*'
  - label: 'v2'
    base-branch: 'V2'
  - label: 'Translation'
    files:
      - 'app/core/src/main/resources/messages_[a-zA-Z_]{2}_[a-zA-Z_]{2,7}.properties'
      - 'scripts/ignore_translation.toml'
      - 'app/core/src/main/resources/templates/fragments/languages.html'
      - '.github/scripts/check_language_properties.py'
  - label: 'Front End'
    files:
      - 'app/core/src/main/resources/templates/.*'
      - 'app/proprietary/src/main/resources/templates/.*'
      - 'app/core/src/main/resources/static/.*'
      - 'app/proprietary/src/main/resources/static/.*'
      - 'app/core/src/main/java/stirling/software/SPDF/controller/web/.*'
      - 'app/core/src/main/java/stirling/software/SPDF/UI/.*'
      - 'app/proprietary/src/main/java/stirling/software/proprietary/security/controller/web/.*'
      - 'frontend/**'
  - label: 'Java'
    files:
      - 'app/common/src/main/java/.*.java'
      - 'app/proprietary/src/main/java/.*.java'
      - 'app/core/src/main/java/.*.java'
  - label: 'Back End'
    files:
      - 'app/core/src/main/java/stirling/software/SPDF/config/.*'
      - 'app/core/src/main/java/stirling/software/SPDF/controller/.*'
      - 'app/core/src/main/resources/settings.yml.template'
      - 'app/core/src/main/resources/application.properties'
      - 'app/core/src/main/resources/banner.txt'
      - 'app/core/src/main/resources/static/python/png_to_webp.py'
      - 'app/core/src/main/resources/static/python/split_photos.py'
      - 'app/core/src/main/resources/static/pipeline/defaultWebUIConfigs/**'
      - 'application.properties'
  - label: 'Security'
    files:
      - 'app/proprietary/src/main/java/stirling/software/proprietary/security/.*'
      - 'scripts/download-security-jar.sh'
      - '.github/workflows/dependency-review.yml'
      - '.github/workflows/scorecards.yml'
  - label: 'API'
    files:
      - 'app/core/src/main/java/stirling/software/SPDF/config/OpenApiConfig.java'
      - 'app/core/src/main/java/stirling/software/SPDF/controller/web/MetricsController.java'
      - 'app/core/src/main/java/stirling/software/SPDF/controller/api/.*'
      - 'app/core/src/main/java/stirling/software/SPDF/model/api/.*'
      - 'app/core/src/main/java/stirling/software/SPDF/service/ApiDocService.java'
      - 'app/proprietary/src/main/java/stirling/software/proprietary/security/controller/api/.*'
      - 'app/core/src/main/resources/static/python/png_to_webp.py'
      - 'app/core/src/main/resources/static/python/split_photos.py'
      - '.github/workflows/swagger.yml'
  - label: 'Documentation'
    files:
      - '.*.md'
      - 'scripts/counter_translation.py'
      - 'scripts/ignore_translation.toml'
  - label: 'Docker'
    files:
      - '.github/workflows/build.yml'
      - '.github/workflows/push-docker.yml'
      - 'Dockerfile'
      - 'Dockerfile.fat'
      - 'Dockerfile.ultra-lite'
      - 'exampleYmlFiles/.*.yml'
      - 'scripts/download-security-jar.sh'
      - 'scripts/init.sh'
      - 'scripts/init-without-ocr.sh'
      - 'scripts/installFonts.sh'
      - 'test.sh'
      - 'test2.sh'
      - 'docker/**'
  - label: 'Devtools'
    files:
      - '.devcontainer/.*'
      - 'Dockerfile.dev'
      - '.vscode/.*'
      - '.editorconfig'
      - '.pre-commit-config'
      - '.github/workflows/pre_commit.yml'
      - 'devGuide/.*'
      - 'devTools/.*'
  - label: 'Test'
    files:
      - 'app/common/src/test/.*'
      - 'app/proprietary/src/test/.*'
      - 'app/core/src/test/.*'
      - 'testing/.*'
      - '.github/workflows/scorecards.yml'
      - 'exampleYmlFiles/test_cicd.yml'
  - label: 'Github'
    files:
      - '.github/.*'
  - label: 'Gradle'
    files:
      - 'gradle/.*'
      - 'gradlew'
      - 'gradlew.bat'
      - 'settings.gradle'
      - 'build.gradle'
      - 'app/common/build.gradle'
      - 'app/proprietary/build.gradle'
      - 'app/core/build.gradle'
--- a/.github/labeler-config.yml
+++ b/.github/labeler-config.yml
@ -0,0 +1,83 @@
 Translation:
  - changed-files:
    - any-glob-to-any-file: 'src/main/resources/messages_*_*.properties'
    - any-glob-to-any-file: 'scripts/ignore_translation.toml'
    - any-glob-to-any-file: 'src/main/resources/templates/fragments/languages.html'
 Front End:
  - changed-files:
    - any-glob-to-any-file: 'src/main/resources/templates/**/*'
    - any-glob-to-any-file: 'src/main/resources/static/**/*'
    - any-glob-to-any-file: 'src/main/java/stirling/software/SPDF/controller/web/**'
    - any-glob-to-any-file: 'src/main/java/stirling/software/SPDF/UI/**/*'
 Java:
  - changed-files:
    - any-glob-to-any-file: 'src/main/java/**/*.java'
 Back End:
  - changed-files:
    - any-glob-to-any-file: 'src/main/java/stirling/software/SPDF/config/**/*'
    - any-glob-to-any-file: 'src/main/java/stirling/software/SPDF/controller/**/*'
    - any-glob-to-any-file: 'src/main/resources/settings.yml.template'
    - any-glob-to-any-file: 'src/main/resources/application.properties'
    - any-glob-to-any-file: 'src/main/resources/banner.txt'
    - any-glob-to-any-file: 'scripts/png_to_webp.py'
    - any-glob-to-any-file: 'split_photos.py'
 Security:
  - changed-files:
    - any-glob-to-any-file: 'src/main/java/stirling/software/SPDF/config/security/**/*'
    - any-glob-to-any-file: 'src/main/java/stirling/software/SPDF/model/provider/**/*'
    - any-glob-to-any-file: 'src/main/java/stirling/software/SPDF/model/AuthenticationType.java'
    - any-glob-to-any-file: 'src/main/java/stirling/software/SPDF/model/BackupNotFoundException.java'
    - any-glob-to-any-file: 'scripts/download-security-jar.sh'
    - any-glob-to-any-file: '.github/workflows/dependency-review.yml'
    - any-glob-to-any-file: '.github/workflows/scorecards.yml'
 API:
  - changed-files:
    - any-glob-to-any-file: 'src/main/java/stirling/software/SPDF/controller/web/MetricsController.java'
    - any-glob-to-any-file: 'src/main/java/stirling/software/SPDF/controller/api/**/*'
    - any-glob-to-any-file: 'scripts/png_to_webp.py'
    - any-glob-to-any-file: 'split_photos.py'
    - any-glob-to-any-file: '.github/workflows/swagger.yml'
 Documentation:
  - changed-files:
    - any-glob-to-any-file: '**/*.md'
    - any-glob-to-any-file: 'scripts/counter_translation.py'
    - any-glob-to-any-file: 'scripts/ignore_translation.toml'
 Docker:
  - changed-files:
    - any-glob-to-any-file: '.github/workflows/build.yml'
    - any-glob-to-any-file: '.github/workflows/push-docker.yml'
    - any-glob-to-any-file: 'Dockerfile'
    - any-glob-to-any-file: 'Dockerfile.fat'
    - any-glob-to-any-file: 'Dockerfile.ultra-lite'
    - any-glob-to-any-file: 'exampleYmlFiles/*.yml'
    - any-glob-to-any-file: 'scripts/download-security-jar.sh'
    - any-glob-to-any-file: 'scripts/init.sh'
    - any-glob-to-any-file: 'scripts/init-without-ocr.sh'
    - any-glob-to-any-file: 'scripts/installFonts.sh'
    - any-glob-to-any-file: 'test.sh'
    - any-glob-to-any-file: 'test2.sh'
 Devtools:
  - changed-files:
    - any-glob-to-any-file: '.devcontainer/**/*'
    - any-glob-to-any-file: 'Dockerfile.dev'
 Test:
  - changed-files:
    - any-glob-to-any-file: 'cucumber/**/*'
    - any-glob-to-any-file: 'src/test/**/*'
    - any-glob-to-any-file: 'src/testing/**/*'
    - any-glob-to-any-file: '.pre-commit-config'
    - any-glob-to-any-file: '.github/workflows/pre_commit.yml'
    - any-glob-to-any-file: '.github/workflows/scorecards.yml'
 Github:
  - changed-files:
    - any-glob-to-any-file: '.github/**/*'
--- a/.github/labels.yml
+++ b/.github/labels.yml
@ -42,7 +42,6 @@
 - name: "Front End"
  color: "BBD2F1"
  description: "Issues or pull requests related to front-end development"
  from_name: "frontend"
 - name: "github-actions"
  description: "Pull requests that update GitHub Actions code"
  color: "999999"
@ -78,12 +77,10 @@
 - name: "Translation"
  color: "9FABF9"
  from_name: "translation"
  description: "Issues or pull requests related to translation"
 - name: "upstream"
  color: "DEDEDE"
 - name: "v2"
  color: "FFFF00"
  description: "Issues or pull requests related to the v2 branch"
 - name: "wontfix"
  description: "This will not be worked on"
  color: "FFFFFF"
@ -114,73 +111,3 @@
 - name: "Devtools"
  color: "FF9E1F"
  description: "Development tools"
 - name: "Bugfix"
  color: "FF9E1F"
  description: "Pull requests that fix bugs"
 - name: "Gradle"
  color: "FF9E1F"
  description: "Pull requests that update Gradle code"
 - name: "build"
  color: "1E90FF"
  description: "Changes that affect the build system or external dependencies"
 - name: "chore"
  color: "FFD700"
  description: "Routine tasks or maintenance that don't modify src or test files"
 - name: "ci"
  color: "4682B4"
  description: "Changes to CI configuration files and scripts"
 - name: "perf"
  color: "FF69B4"
  description: "Changes that improve performance"
 - name: "refactor"
  color: "9932CC"
  description: "Code changes that neither fix a bug nor add a feature"
 - name: "revert"
  color: "DC143C"
  description: "Reverts a previous commit"
 - name: "style"
  color: "FFA500"
  description: "Changes that do not affect the meaning of the code (formatting, etc.)"
 - name: "admin"
  color: "195055"
 - name: "codex"
  color: "ededed"
  description: null
 - name: "Github"
  color: "0052CC"
 - name: "github_actions"
  color: "000000"
  description: "Pull requests that update GitHub Actions code"
 - name: "needs-changes"
  color: "A65A86"
 - name: "on-hold"
  color: "2526F9"
 - name: "python"
  color: "2b67c6"
  description: "Pull requests that update Python code"
 - name: "size:L"
  color: "eb9500"
  description: "This PR changes 100-499 lines ignoring generated files."
 - name: "size:M"
  color: "ebb800"
  description: "This PR changes 30-99 lines ignoring generated files."
 - name: "size:S"
  color: "77b800"
  description: "This PR changes 10-29 lines ignoring generated files."
 - name: "size:XL"
  color: "ff823f"
  description: "This PR changes 500-999 lines ignoring generated files."
 - name: "size:XS"
  color: "00ff00"
  description: "This PR changes 0-9 lines ignoring generated files."
 - name: "size:XXL"
  color: "ffb8b8"
  description: "This PR changes 1000+ lines ignoring generated files."
 - name: "to research"
  color: "FBCA04"
 - name: "pr-deployed"
  color: "00FF00"
  description: "Pull request has been deployed to a test environment"
 - name: "codex"
  color: "ededed"
  description: "chatgpt AI generated code"
--- a/.github/pull_request_template.md
+++ b/.github/pull_request_template.md
@ -1,6 +1,5 @@
 # Description of Changes
 <!--
 Please provide a summary of the changes, including:
 - What was changed
@ -8,7 +7,6 @@ Please provide a summary of the changes, including:
 - Any challenges encountered
 Closes #(issue_number)
 -->
 ---
@ -17,15 +15,15 @@ Closes #(issue_number)
 ### General
 - [ ] I have read the [Contribution Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md)
- [ ] I have read the [Stirling-PDF Developer Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md) (if applicable)
+- [ ] I have read the [Stirling-PDF Developer Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/DeveloperGuide.md) (if applicable)
- [ ] I have read the [How to add new languages to Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md) (if applicable)
+- [ ] I have read the [How to add new languages to Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/HowToAddNewLanguage.md) (if applicable)
 - [ ] I have performed a self-review of my own code
 - [ ] My changes generate no new warnings
 ### Documentation
 - [ ] I have updated relevant docs on [Stirling-PDF's doc repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/) (if functionality has heavily changed)
- [ ] I have read the section [Add New Translation Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md#add-new-translation-tags) (for new translation tags only)
+- [ ] I have read the section [Add New Translation Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/HowToAddNewLanguage.md#add-new-translation-tags) (for new translation tags only)
 ### UI Changes (if applicable)
@ -33,4 +31,4 @@ Closes #(issue_number)
 ### Testing (if applicable)
- [ ] I have tested my changes locally. Refer to the [Testing Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md#6-testing) for more details.
+- [ ] I have tested my changes locally. Refer to the [Testing Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/DeveloperGuide.md#6-testing) for more details.
--- a/.github/scripts/check_language_properties.py
+++ b/.github/scripts/check_language_properties.py
@ -196,9 +196,7 @@ def check_for_differences(reference_file, file_list, branch, actor):
    if len(file_list) == 1:
        file_arr = file_list[0].split()
-    base_dir = os.path.abspath(
+    base_dir = os.path.abspath(os.path.join(os.getcwd(), "src", "main", "resources"))
        os.path.join(os.getcwd(), "app", "core", "src", "main", "resources")
    )
    for file_path in file_arr:
        file_normpath = os.path.normpath(file_path)
@ -218,20 +216,10 @@ def check_for_differences(reference_file, file_list, branch, actor):
            or (
                # only local windows command
                not file_normpath.startswith(
-                    os.path.join(
+                    os.path.join("", "src", "main", "resources", "messages_")
                        "", "app", "core", "src", "main", "resources", "messages_"
                    )
                )
                and not file_normpath.startswith(
-                    os.path.join(
+                    os.path.join(os.getcwd(), "src", "main", "resources", "messages_")
                        os.getcwd(),
                        "app",
                        "core",
                        "src",
                        "main",
                        "resources",
                        "messages_",
                    )
                )
            )
            or not file_normpath.endswith(".properties")
@ -329,7 +317,7 @@ def check_for_differences(reference_file, file_list, branch, actor):
        report.append("## ❌ Overall Check Status: **_Failed_**")
        report.append("")
        report.append(
-            f"@{actor} please check your translation if it conforms to the standard. Follow the format of [messages_en_GB.properties](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/app/core/src/main/resources/messages_en_GB.properties)"
+            f"@{actor} please check your translation if it conforms to the standard. Follow the format of [messages_en_GB.properties](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/src/main/resources/messages_en_GB.properties)"
        )
    else:
        report.append("## ✅ Overall Check Status: **_Success_**")
@ -389,13 +377,7 @@ if __name__ == "__main__":
        else:
            file_list = glob.glob(
                os.path.join(
-                    os.getcwd(),
+                    os.getcwd(), "src", "main", "resources", "messages_*.properties"
                    "app",
                    "core",
                    "src",
                    "main",
                    "resources",
                    "messages_*.properties",
                )
            )
        update_missing_keys(args.reference_file, file_list)
--- a/.github/scripts/requirements_dev.in
+++ b/.github/scripts/requirements_dev.in
@ -1,8 +0,0 @@
 pip
 setuptools
 WeasyPrint
 pdf2image
 pillow
 unoserver
 opencv-python-headless
 pre-commit
--- a/.github/scripts/requirements_dev.txt
+++ b/.github/scripts/requirements_dev.txt
@ -1,638 +0,0 @@
 #
 # This file is autogenerated by pip-compile with Python 3.10
 # by the following command:
 #
 #    pip-compile --allow-unsafe --generate-hashes --output-file='.github\scripts\requirements_dev.txt' --strip-extras '.github\scripts\requirements_dev.in'
 #
 brotli==1.1.0 \
    --hash=sha256:03d20af184290887bdea3f0f78c4f737d126c74dc2f3ccadf07e54ceca3bf208 \
    --hash=sha256:0541e747cce78e24ea12d69176f6a7ddb690e62c425e01d31cc065e69ce55b48 \
    --hash=sha256:069a121ac97412d1fe506da790b3e69f52254b9df4eb665cd42460c837193354 \
    --hash=sha256:0737ddb3068957cf1b054899b0883830bb1fec522ec76b1098f9b6e0f02d9419 \
    --hash=sha256:0b63b949ff929fbc2d6d3ce0e924c9b93c9785d877a21a1b678877ffbbc4423a \
    --hash=sha256:0c6244521dda65ea562d5a69b9a26120769b7a9fb3db2fe9545935ed6735b128 \
    --hash=sha256:11d00ed0a83fa22d29bc6b64ef636c4552ebafcef57154b4ddd132f5638fbd1c \
    --hash=sha256:141bd4d93984070e097521ed07e2575b46f817d08f9fa42b16b9b5f27b5ac088 \
    --hash=sha256:19c116e796420b0cee3da1ccec3b764ed2952ccfcc298b55a10e5610ad7885f9 \
    --hash=sha256:1ab4fbee0b2d9098c74f3057b2bc055a8bd92ccf02f65944a241b4349229185a \
    --hash=sha256:1ae56aca0402a0f9a3431cddda62ad71666ca9d4dc3a10a142b9dce2e3c0cda3 \
    --hash=sha256:1b2c248cd517c222d89e74669a4adfa5577e06ab68771a529060cf5a156e9757 \
    --hash=sha256:1e9a65b5736232e7a7f91ff3d02277f11d339bf34099a56cdab6a8b3410a02b2 \
    --hash=sha256:224e57f6eac61cc449f498cc5f0e1725ba2071a3d4f48d5d9dffba42db196438 \
    --hash=sha256:22fc2a8549ffe699bfba2256ab2ed0421a7b8fadff114a3d201794e45a9ff578 \
    --hash=sha256:23032ae55523cc7bccb4f6a0bf368cd25ad9bcdcc1990b64a647e7bbcce9cb5b \
    --hash=sha256:2333e30a5e00fe0fe55903c8832e08ee9c3b1382aacf4db26664a16528d51b4b \
    --hash=sha256:2954c1c23f81c2eaf0b0717d9380bd348578a94161a65b3a2afc62c86467dd68 \
    --hash=sha256:2a24c50840d89ded6c9a8fdc7b6ed3692ed4e86f1c4a4a938e1e92def92933e0 \
    --hash=sha256:2de9d02f5bda03d27ede52e8cfe7b865b066fa49258cbab568720aa5be80a47d \
    --hash=sha256:2feb1d960f760a575dbc5ab3b1c00504b24caaf6986e2dc2b01c09c87866a943 \
    --hash=sha256:30924eb4c57903d5a7526b08ef4a584acc22ab1ffa085faceb521521d2de32dd \
    --hash=sha256:316cc9b17edf613ac76b1f1f305d2a748f1b976b033b049a6ecdfd5612c70409 \
    --hash=sha256:32d95b80260d79926f5fab3c41701dbb818fde1c9da590e77e571eefd14abe28 \
    --hash=sha256:38025d9f30cf4634f8309c6874ef871b841eb3c347e90b0851f63d1ded5212da \
    --hash=sha256:39da8adedf6942d76dc3e46653e52df937a3c4d6d18fdc94a7c29d263b1f5b50 \
    --hash=sha256:3c0ef38c7a7014ffac184db9e04debe495d317cc9c6fb10071f7fefd93100a4f \
    --hash=sha256:3d7954194c36e304e1523f55d7042c59dc53ec20dd4e9ea9d151f1b62b4415c0 \
    --hash=sha256:3ee8a80d67a4334482d9712b8e83ca6b1d9bc7e351931252ebef5d8f7335a547 \
    --hash=sha256:4093c631e96fdd49e0377a9c167bfd75b6d0bad2ace734c6eb20b348bc3ea180 \
    --hash=sha256:43395e90523f9c23a3d5bdf004733246fba087f2948f87ab28015f12359ca6a0 \
    --hash=sha256:43ce1b9935bfa1ede40028054d7f48b5469cd02733a365eec8a329ffd342915d \
    --hash=sha256:4410f84b33374409552ac9b6903507cdb31cd30d2501fc5ca13d18f73548444a \
    --hash=sha256:494994f807ba0b92092a163a0a283961369a65f6cbe01e8891132b7a320e61eb \
    --hash=sha256:4d4a848d1837973bf0f4b5e54e3bec977d99be36a7895c61abb659301b02c112 \
    --hash=sha256:4ed11165dd45ce798d99a136808a794a748d5dc38511303239d4e2363c0695dc \
    --hash=sha256:4f3607b129417e111e30637af1b56f24f7a49e64763253bbc275c75fa887d4b2 \
    --hash=sha256:510b5b1bfbe20e1a7b3baf5fed9e9451873559a976c1a78eebaa3b86c57b4265 \
    --hash=sha256:524f35912131cc2cabb00edfd8d573b07f2d9f21fa824bd3fb19725a9cf06327 \
    --hash=sha256:587ca6d3cef6e4e868102672d3bd9dc9698c309ba56d41c2b9c85bbb903cdb95 \
    --hash=sha256:58d4b711689366d4a03ac7957ab8c28890415e267f9b6589969e74b6e42225ec \
    --hash=sha256:5b3cc074004d968722f51e550b41a27be656ec48f8afaeeb45ebf65b561481dd \
    --hash=sha256:5dab0844f2cf82be357a0eb11a9087f70c5430b2c241493fc122bb6f2bb0917c \
    --hash=sha256:5e55da2c8724191e5b557f8e18943b1b4839b8efc3ef60d65985bcf6f587dd38 \
    --hash=sha256:5eeb539606f18a0b232d4ba45adccde4125592f3f636a6182b4a8a436548b914 \
    --hash=sha256:5f4d5ea15c9382135076d2fb28dde923352fe02951e66935a9efaac8f10e81b0 \
    --hash=sha256:5fb2ce4b8045c78ebbc7b8f3c15062e435d47e7393cc57c25115cfd49883747a \
    --hash=sha256:6172447e1b368dcbc458925e5ddaf9113477b0ed542df258d84fa28fc45ceea7 \
    --hash=sha256:6967ced6730aed543b8673008b5a391c3b1076d834ca438bbd70635c73775368 \
    --hash=sha256:6974f52a02321b36847cd19d1b8e381bf39939c21efd6ee2fc13a28b0d99348c \
    --hash=sha256:6c3020404e0b5eefd7c9485ccf8393cfb75ec38ce75586e046573c9dc29967a0 \
    --hash=sha256:6c6e0c425f22c1c719c42670d561ad682f7bfeeef918edea971a79ac5252437f \
    --hash=sha256:70051525001750221daa10907c77830bc889cb6d865cc0b813d9db7fefc21451 \
    --hash=sha256:7905193081db9bfa73b1219140b3d315831cbff0d8941f22da695832f0dd188f \
    --hash=sha256:7bc37c4d6b87fb1017ea28c9508b36bbcb0c3d18b4260fcdf08b200c74a6aee8 \
    --hash=sha256:7c4855522edb2e6ae7fdb58e07c3ba9111e7621a8956f481c68d5d979c93032e \
    --hash=sha256:7e4c4629ddad63006efa0ef968c8e4751c5868ff0b1c5c40f76524e894c50248 \
    --hash=sha256:7eedaa5d036d9336c95915035fb57422054014ebdeb6f3b42eac809928e40d0c \
    --hash=sha256:7f4bf76817c14aa98cc6697ac02f3972cb8c3da93e9ef16b9c66573a68014f91 \
    --hash=sha256:81de08ac11bcb85841e440c13611c00b67d3bf82698314928d0b676362546724 \
    --hash=sha256:832436e59afb93e1836081a20f324cb185836c617659b07b129141a8426973c7 \
    --hash=sha256:861bf317735688269936f755fa136a99d1ed526883859f86e41a5d43c61d8966 \
    --hash=sha256:87a3044c3a35055527ac75e419dfa9f4f3667a1e887ee80360589eb8c90aabb9 \
    --hash=sha256:890b5a14ce214389b2cc36ce82f3093f96f4cc730c1cffdbefff77a7c71f2a97 \
    --hash=sha256:89f4988c7203739d48c6f806f1e87a1d96e0806d44f0fba61dba81392c9e474d \
    --hash=sha256:8bf32b98b75c13ec7cf774164172683d6e7891088f6316e54425fde1efc276d5 \
    --hash=sha256:8dadd1314583ec0bf2d1379f7008ad627cd6336625d6679cf2f8e67081b83acf \
    --hash=sha256:901032ff242d479a0efa956d853d16875d42157f98951c0230f69e69f9c09bac \
    --hash=sha256:9011560a466d2eb3f5a6e4929cf4a09be405c64154e12df0dd72713f6500e32b \
    --hash=sha256:906bc3a79de8c4ae5b86d3d75a8b77e44404b0f4261714306e3ad248d8ab0951 \
    --hash=sha256:919e32f147ae93a09fe064d77d5ebf4e35502a8df75c29fb05788528e330fe74 \
    --hash=sha256:91d7cc2a76b5567591d12c01f019dd7afce6ba8cba6571187e21e2fc418ae648 \
    --hash=sha256:929811df5462e182b13920da56c6e0284af407d1de637d8e536c5cd00a7daf60 \
    --hash=sha256:949f3b7c29912693cee0afcf09acd6ebc04c57af949d9bf77d6101ebb61e388c \
    --hash=sha256:a090ca607cbb6a34b0391776f0cb48062081f5f60ddcce5d11838e67a01928d1 \
    --hash=sha256:a1fd8a29719ccce974d523580987b7f8229aeace506952fa9ce1d53a033873c8 \
    --hash=sha256:a37b8f0391212d29b3a91a799c8e4a2855e0576911cdfb2515487e30e322253d \
    --hash=sha256:a3daabb76a78f829cafc365531c972016e4aa8d5b4bf60660ad8ecee19df7ccc \
    --hash=sha256:a469274ad18dc0e4d316eefa616d1d0c2ff9da369af19fa6f3daa4f09671fd61 \
    --hash=sha256:a599669fd7c47233438a56936988a2478685e74854088ef5293802123b5b2460 \
    --hash=sha256:a743e5a28af5f70f9c080380a5f908d4d21d40e8f0e0c8901604d15cfa9ba751 \
    --hash=sha256:a77def80806c421b4b0af06f45d65a136e7ac0bdca3c09d9e2ea4e515367c7e9 \
    --hash=sha256:a7e53012d2853a07a4a79c00643832161a910674a893d296c9f1259859a289d2 \
    --hash=sha256:a93dde851926f4f2678e704fadeb39e16c35d8baebd5252c9fd94ce8ce68c4a0 \
    --hash=sha256:aac0411d20e345dc0920bdec5548e438e999ff68d77564d5e9463a7ca9d3e7b1 \
    --hash=sha256:ae15b066e5ad21366600ebec29a7ccbc86812ed267e4b28e860b8ca16a2bc474 \
    --hash=sha256:aea440a510e14e818e67bfc4027880e2fb500c2ccb20ab21c7a7c8b5b4703d75 \
    --hash=sha256:af6fa6817889314555aede9a919612b23739395ce767fe7fcbea9a80bf140fe5 \
    --hash=sha256:b760c65308ff1e462f65d69c12e4ae085cff3b332d894637f6273a12a482d09f \
    --hash=sha256:be36e3d172dc816333f33520154d708a2657ea63762ec16b62ece02ab5e4daf2 \
    --hash=sha256:c247dd99d39e0338a604f8c2b3bc7061d5c2e9e2ac7ba9cc1be5a69cb6cd832f \
    --hash=sha256:c5529b34c1c9d937168297f2c1fde7ebe9ebdd5e121297ff9c043bdb2ae3d6fb \
    --hash=sha256:c8146669223164fc87a7e3de9f81e9423c67a79d6b3447994dfb9c95da16e2d6 \
    --hash=sha256:c8fd5270e906eef71d4a8d19b7c6a43760c6abcfcc10c9101d14eb2357418de9 \
    --hash=sha256:ca63e1890ede90b2e4454f9a65135a4d387a4585ff8282bb72964fab893f2111 \
    --hash=sha256:caf9ee9a5775f3111642d33b86237b05808dafcd6268faa492250e9b78046eb2 \
    --hash=sha256:cb1dac1770878ade83f2ccdf7d25e494f05c9165f5246b46a621cc849341dc01 \
    --hash=sha256:cdad5b9014d83ca68c25d2e9444e28e967ef16e80f6b436918c700c117a85467 \
    --hash=sha256:cdbc1fc1bc0bff1cef838eafe581b55bfbffaed4ed0318b724d0b71d4d377619 \
    --hash=sha256:ceb64bbc6eac5a140ca649003756940f8d6a7c444a68af170b3187623b43bebf \
    --hash=sha256:d0c5516f0aed654134a2fc936325cc2e642f8a0e096d075209672eb321cff408 \
    --hash=sha256:d143fd47fad1db3d7c27a1b1d66162e855b5d50a89666af46e1679c496e8e579 \
    --hash=sha256:d192f0f30804e55db0d0e0a35d83a9fead0e9a359a9ed0285dbacea60cc10a84 \
    --hash=sha256:d2b35ca2c7f81d173d2fadc2f4f31e88cc5f7a39ae5b6db5513cf3383b0e0ec7 \
    --hash=sha256:d342778ef319e1026af243ed0a07c97acf3bad33b9f29e7ae6a1f68fd083e90c \
    --hash=sha256:d487f5432bf35b60ed625d7e1b448e2dc855422e87469e3f450aa5552b0eb284 \
    --hash=sha256:d7702622a8b40c49bffb46e1e3ba2e81268d5c04a34f460978c6b5517a34dd52 \
    --hash=sha256:db85ecf4e609a48f4b29055f1e144231b90edc90af7481aa731ba2d059226b1b \
    --hash=sha256:de6551e370ef19f8de1807d0a9aa2cdfdce2e85ce88b122fe9f6b2b076837e59 \
    --hash=sha256:e1140c64812cb9b06c922e77f1c26a75ec5e3f0fb2bf92cc8c58720dec276752 \
    --hash=sha256:e4fe605b917c70283db7dfe5ada75e04561479075761a0b3866c081d035b01c1 \
    --hash=sha256:e6a904cb26bfefc2f0a6f240bdf5233be78cd2488900a2f846f3c3ac8489ab80 \
    --hash=sha256:e79e6520141d792237c70bcd7a3b122d00f2613769ae0cb61c52e89fd3443839 \
    --hash=sha256:e84799f09591700a4154154cab9787452925578841a94321d5ee8fb9a9a328f0 \
    --hash=sha256:e93dfc1a1165e385cc8239fab7c036fb2cd8093728cbd85097b284d7b99249a2 \
    --hash=sha256:efa8b278894b14d6da122a72fefcebc28445f2d3f880ac59d46c90f4c13be9a3 \
    --hash=sha256:f0d8a7a6b5983c2496e364b969f0e526647a06b075d034f3297dc66f3b360c64 \
    --hash=sha256:f0db75f47be8b8abc8d9e31bc7aad0547ca26f24a54e6fd10231d623f183d089 \
    --hash=sha256:f296c40e23065d0d6650c4aefe7470d2a25fffda489bcc3eb66083f3ac9f6643 \
    --hash=sha256:f31859074d57b4639318523d6ffdca586ace54271a73ad23ad021acd807eb14b \
    --hash=sha256:f66b5337fa213f1da0d9000bc8dc0cb5b896b726eefd9c6046f699b169c41b9e \
    --hash=sha256:f733d788519c7e3e71f0855c96618720f5d3d60c3cb829d8bbb722dddce37985 \
    --hash=sha256:fce1473f3ccc4187f75b4690cfc922628aed4d3dd013d047f95a9b3919a86596 \
    --hash=sha256:fd5f17ff8f14003595ab414e45fce13d073e0762394f957182e69035c9f3d7c2 \
    --hash=sha256:fdc3ff3bfccdc6b9cc7c342c03aa2400683f0cb891d46e94b64a197910dc4064
    # via fonttools
 cffi==1.17.1 \
    --hash=sha256:045d61c734659cc045141be4bae381a41d89b741f795af1dd018bfb532fd0df8 \
    --hash=sha256:0984a4925a435b1da406122d4d7968dd861c1385afe3b45ba82b750f229811e2 \
    --hash=sha256:0e2b1fac190ae3ebfe37b979cc1ce69c81f4e4fe5746bb401dca63a9062cdaf1 \
    --hash=sha256:0f048dcf80db46f0098ccac01132761580d28e28bc0f78ae0d58048063317e15 \
    --hash=sha256:1257bdabf294dceb59f5e70c64a3e2f462c30c7ad68092d01bbbfb1c16b1ba36 \
    --hash=sha256:1c39c6016c32bc48dd54561950ebd6836e1670f2ae46128f67cf49e789c52824 \
    --hash=sha256:1d599671f396c4723d016dbddb72fe8e0397082b0a77a4fab8028923bec050e8 \
    --hash=sha256:28b16024becceed8c6dfbc75629e27788d8a3f9030691a1dbf9821a128b22c36 \
    --hash=sha256:2bb1a08b8008b281856e5971307cc386a8e9c5b625ac297e853d36da6efe9c17 \
    --hash=sha256:30c5e0cb5ae493c04c8b42916e52ca38079f1b235c2f8ae5f4527b963c401caf \
    --hash=sha256:31000ec67d4221a71bd3f67df918b1f88f676f1c3b535a7eb473255fdc0b83fc \
    --hash=sha256:386c8bf53c502fff58903061338ce4f4950cbdcb23e2902d86c0f722b786bbe3 \
    --hash=sha256:3edc8d958eb099c634dace3c7e16560ae474aa3803a5df240542b305d14e14ed \
    --hash=sha256:45398b671ac6d70e67da8e4224a065cec6a93541bb7aebe1b198a61b58c7b702 \
    --hash=sha256:46bf43160c1a35f7ec506d254e5c890f3c03648a4dbac12d624e4490a7046cd1 \
    --hash=sha256:4ceb10419a9adf4460ea14cfd6bc43d08701f0835e979bf821052f1805850fe8 \
    --hash=sha256:51392eae71afec0d0c8fb1a53b204dbb3bcabcb3c9b807eedf3e1e6ccf2de903 \
    --hash=sha256:5da5719280082ac6bd9aa7becb3938dc9f9cbd57fac7d2871717b1feb0902ab6 \
    --hash=sha256:610faea79c43e44c71e1ec53a554553fa22321b65fae24889706c0a84d4ad86d \
    --hash=sha256:636062ea65bd0195bc012fea9321aca499c0504409f413dc88af450b57ffd03b \
    --hash=sha256:6883e737d7d9e4899a8a695e00ec36bd4e5e4f18fabe0aca0efe0a4b44cdb13e \
    --hash=sha256:6b8b4a92e1c65048ff98cfe1f735ef8f1ceb72e3d5f0c25fdb12087a23da22be \
    --hash=sha256:6f17be4345073b0a7b8ea599688f692ac3ef23ce28e5df79c04de519dbc4912c \
    --hash=sha256:706510fe141c86a69c8ddc029c7910003a17353970cff3b904ff0686a5927683 \
    --hash=sha256:72e72408cad3d5419375fc87d289076ee319835bdfa2caad331e377589aebba9 \
    --hash=sha256:733e99bc2df47476e3848417c5a4540522f234dfd4ef3ab7fafdf555b082ec0c \
    --hash=sha256:7596d6620d3fa590f677e9ee430df2958d2d6d6de2feeae5b20e82c00b76fbf8 \
    --hash=sha256:78122be759c3f8a014ce010908ae03364d00a1f81ab5c7f4a7a5120607ea56e1 \
    --hash=sha256:805b4371bf7197c329fcb3ead37e710d1bca9da5d583f5073b799d5c5bd1eee4 \
    --hash=sha256:85a950a4ac9c359340d5963966e3e0a94a676bd6245a4b55bc43949eee26a655 \
    --hash=sha256:8f2cdc858323644ab277e9bb925ad72ae0e67f69e804f4898c070998d50b1a67 \
    --hash=sha256:9755e4345d1ec879e3849e62222a18c7174d65a6a92d5b346b1863912168b595 \
    --hash=sha256:98e3969bcff97cae1b2def8ba499ea3d6f31ddfdb7635374834cf89a1a08ecf0 \
    --hash=sha256:a08d7e755f8ed21095a310a693525137cfe756ce62d066e53f502a83dc550f65 \
    --hash=sha256:a1ed2dd2972641495a3ec98445e09766f077aee98a1c896dcb4ad0d303628e41 \
    --hash=sha256:a24ed04c8ffd54b0729c07cee15a81d964e6fee0e3d4d342a27b020d22959dc6 \
    --hash=sha256:a45e3c6913c5b87b3ff120dcdc03f6131fa0065027d0ed7ee6190736a74cd401 \
    --hash=sha256:a9b15d491f3ad5d692e11f6b71f7857e7835eb677955c00cc0aefcd0669adaf6 \
    --hash=sha256:ad9413ccdeda48c5afdae7e4fa2192157e991ff761e7ab8fdd8926f40b160cc3 \
    --hash=sha256:b2ab587605f4ba0bf81dc0cb08a41bd1c0a5906bd59243d56bad7668a6fc6c16 \
    --hash=sha256:b62ce867176a75d03a665bad002af8e6d54644fad99a3c70905c543130e39d93 \
    --hash=sha256:c03e868a0b3bc35839ba98e74211ed2b05d2119be4e8a0f224fba9384f1fe02e \
    --hash=sha256:c59d6e989d07460165cc5ad3c61f9fd8f1b4796eacbd81cee78957842b834af4 \
    --hash=sha256:c7eac2ef9b63c79431bc4b25f1cd649d7f061a28808cbc6c47b534bd789ef964 \
    --hash=sha256:c9c3d058ebabb74db66e431095118094d06abf53284d9c81f27300d0e0d8bc7c \
    --hash=sha256:ca74b8dbe6e8e8263c0ffd60277de77dcee6c837a3d0881d8c1ead7268c9e576 \
    --hash=sha256:caaf0640ef5f5517f49bc275eca1406b0ffa6aa184892812030f04c2abf589a0 \
    --hash=sha256:cdf5ce3acdfd1661132f2a9c19cac174758dc2352bfe37d98aa7512c6b7178b3 \
    --hash=sha256:d016c76bdd850f3c626af19b0542c9677ba156e4ee4fccfdd7848803533ef662 \
    --hash=sha256:d01b12eeeb4427d3110de311e1774046ad344f5b1a7403101878976ecd7a10f3 \
    --hash=sha256:d63afe322132c194cf832bfec0dc69a99fb9bb6bbd550f161a49e9e855cc78ff \
    --hash=sha256:da95af8214998d77a98cc14e3a3bd00aa191526343078b530ceb0bd710fb48a5 \
    --hash=sha256:dd398dbc6773384a17fe0d3e7eeb8d1a21c2200473ee6806bb5e6a8e62bb73dd \
    --hash=sha256:de2ea4b5833625383e464549fec1bc395c1bdeeb5f25c4a3a82b5a8c756ec22f \
    --hash=sha256:de55b766c7aa2e2a3092c51e0483d700341182f08e67c63630d5b6f200bb28e5 \
    --hash=sha256:df8b1c11f177bc2313ec4b2d46baec87a5f3e71fc8b45dab2ee7cae86d9aba14 \
    --hash=sha256:e03eab0a8677fa80d646b5ddece1cbeaf556c313dcfac435ba11f107ba117b5d \
    --hash=sha256:e221cf152cff04059d011ee126477f0d9588303eb57e88923578ace7baad17f9 \
    --hash=sha256:e31ae45bc2e29f6b2abd0de1cc3b9d5205aa847cafaecb8af1476a609a2f6eb7 \
    --hash=sha256:edae79245293e15384b51f88b00613ba9f7198016a5948b5dddf4917d4d26382 \
    --hash=sha256:f1e22e8c4419538cb197e4dd60acc919d7696e5ef98ee4da4e01d3f8cfa4cc5a \
    --hash=sha256:f3a2b4222ce6b60e2e8b337bb9596923045681d71e5a082783484d845390938e \
    --hash=sha256:f6a16c31041f09ead72d69f583767292f750d24913dadacf5756b966aacb3f1a \
    --hash=sha256:f75c7ab1f9e4aca5414ed4d8e5c0e303a34f4421f8a0d47a4d019ceff0ab6af4 \
    --hash=sha256:f79fc4fc25f1c8698ff97788206bb3c2598949bfe0fef03d299eb1b5356ada99 \
    --hash=sha256:f7f5baafcc48261359e14bcd6d9bff6d4b28d9103847c9e136694cb0501aef87 \
    --hash=sha256:fc48c783f9c87e60831201f2cce7f3b2e4846bf4d8728eabe54d60700b318a0b
    # via weasyprint
 cfgv==3.4.0 \
    --hash=sha256:b7265b1f29fd3316bfcd2b330d63d024f2bfd8bcb8b0272f8e19a504856c48f9 \
    --hash=sha256:e52591d4c5f5dead8e0f673fb16db7949d2cfb3f7da4582893288f0ded8fe560
    # via pre-commit
 cssselect2==0.8.0 \
    --hash=sha256:46fc70ebc41ced7a32cd42d58b1884d72ade23d21e5a4eaaf022401c13f0e76e \
    --hash=sha256:7674ffb954a3b46162392aee2a3a0aedb2e14ecf99fcc28644900f4e6e3e9d3a
    # via weasyprint
 distlib==0.4.0 \
    --hash=sha256:9659f7d87e46584a30b5780e43ac7a2143098441670ff0a49d5f9034c54a6c16 \
    --hash=sha256:feec40075be03a04501a973d81f633735b4b69f98b05450592310c0f401a4e0d
    # via virtualenv
 filelock==3.18.0 \
    --hash=sha256:adbc88eabb99d2fec8c9c1b229b171f18afa655400173ddc653d5d01501fb9f2 \
    --hash=sha256:c401f4f8377c4464e6db25fff06205fd89bdd83b65eb0488ed1b160f780e21de
    # via virtualenv
 fonttools==4.59.0 \
    --hash=sha256:052444a5d0151878e87e3e512a1aa1a0ab35ee4c28afde0a778e23b0ace4a7de \
    --hash=sha256:169b99a2553a227f7b5fea8d9ecd673aa258617f466b2abc6091fe4512a0dcd0 \
    --hash=sha256:209b75943d158f610b78320eacb5539aa9e920bee2c775445b2846c65d20e19d \
    --hash=sha256:21e606b2d38fed938dde871c5736822dd6bda7a4631b92e509a1f5cd1b90c5df \
    --hash=sha256:241313683afd3baacb32a6bd124d0bce7404bc5280e12e291bae1b9bba28711d \
    --hash=sha256:26731739daa23b872643f0e4072d5939960237d540c35c14e6a06d47d71ca8fe \
    --hash=sha256:2e7cf8044ce2598bb87e44ba1d2c6e45d7a8decf56055b92906dc53f67c76d64 \
    --hash=sha256:31003b6a10f70742a63126b80863ab48175fb8272a18ca0846c0482968f0588e \
    --hash=sha256:332bfe685d1ac58ca8d62b8d6c71c2e52a6c64bc218dc8f7825c9ea51385aa01 \
    --hash=sha256:37c377f7cb2ab2eca8a0b319c68146d34a339792f9420fca6cd49cf28d370705 \
    --hash=sha256:37e01c6ec0c98599778c2e688350d624fa4770fbd6144551bd5e032f1199171c \
    --hash=sha256:401b1941ce37e78b8fd119b419b617277c65ae9417742a63282257434fd68ea2 \
    --hash=sha256:4536f2695fe5c1ffb528d84a35a7d3967e5558d2af58b4775e7ab1449d65767b \
    --hash=sha256:4c908a7036f0f3677f8afa577bcd973e3e20ddd2f7c42a33208d18bee95cdb6f \
    --hash=sha256:51ab1ff33c19e336c02dee1e9fd1abd974a4ca3d8f7eef2a104d0816a241ce97 \
    --hash=sha256:524133c1be38445c5c0575eacea42dbd44374b310b1ffc4b60ff01d881fabb96 \
    --hash=sha256:57bb7e26928573ee7c6504f54c05860d867fd35e675769f3ce01b52af38d48e2 \
    --hash=sha256:60f6665579e909b618282f3c14fa0b80570fbf1ee0e67678b9a9d43aa5d67a37 \
    --hash=sha256:62224a9bb85b4b66d1b46d45cbe43d71cbf8f527d332b177e3b96191ffbc1e64 \
    --hash=sha256:6770d7da00f358183d8fd5c4615436189e4f683bdb6affb02cad3d221d7bb757 \
    --hash=sha256:6801aeddb6acb2c42eafa45bc1cb98ba236871ae6f33f31e984670b749a8e58e \
    --hash=sha256:70d6b3ceaa9cc5a6ac52884f3b3d9544e8e231e95b23f138bdb78e6d4dc0eae3 \
    --hash=sha256:78813b49d749e1bb4db1c57f2d4d7e6db22c253cb0a86ad819f5dc197710d4b2 \
    --hash=sha256:841b2186adce48903c0fef235421ae21549020eca942c1da773ac380b056ab3c \
    --hash=sha256:84fc186980231a287b28560d3123bd255d3c6b6659828c642b4cf961e2b923d0 \
    --hash=sha256:885bde7d26e5b40e15c47bd5def48b38cbd50830a65f98122a8fb90962af7cd1 \
    --hash=sha256:8b4309a2775e4feee7356e63b163969a215d663399cce1b3d3b65e7ec2d9680e \
    --hash=sha256:8d77f92438daeaddc05682f0f3dac90c5b9829bcac75b57e8ce09cb67786073c \
    --hash=sha256:902425f5afe28572d65d2bf9c33edd5265c612ff82c69e6f83ea13eafc0dcbea \
    --hash=sha256:9bcc1e77fbd1609198966ded6b2a9897bd6c6bcbd2287a2fc7d75f1a254179c5 \
    --hash=sha256:a408c3c51358c89b29cfa5317cf11518b7ce5de1717abb55c5ae2d2921027de6 \
    --hash=sha256:a9bf8adc9e1f3012edc8f09b08336272aec0c55bc677422273e21280db748f7c \
    --hash=sha256:b818db35879d2edf7f46c7e729c700a0bce03b61b9412f5a7118406687cb151d \
    --hash=sha256:b8974b2a266b54c96709bd5e239979cddfd2dbceed331aa567ea1d7c4a2202db \
    --hash=sha256:be392ec3529e2f57faa28709d60723a763904f71a2b63aabe14fee6648fe3b14 \
    --hash=sha256:d3972b13148c1d1fbc092b27678a33b3080d1ac0ca305742b0119b75f9e87e38 \
    --hash=sha256:d40dcf533ca481355aa7b682e9e079f766f35715defa4929aeb5597f9604272e \
    --hash=sha256:e93df708c69a193fc7987192f94df250f83f3851fda49413f02ba5dded639482 \
    --hash=sha256:efd7e6660674e234e29937bc1481dceb7e0336bfae75b856b4fb272b5093c5d4 \
    --hash=sha256:f9b3a78f69dcbd803cf2fb3f972779875b244c1115481dfbdd567b2c22b31f6b \
    --hash=sha256:fa39475eaccb98f9199eccfda4298abaf35ae0caec676ffc25b3a5e224044464 \
    --hash=sha256:fbce6dae41b692a5973d0f2158f782b9ad05babc2c2019a970a1094a23909b1b
    # via weasyprint
 identify==2.6.13 \
    --hash=sha256:60381139b3ae39447482ecc406944190f690d4a2997f2584062089848361b33b \
    --hash=sha256:da8d6c828e773620e13bfa86ea601c5a5310ba4bcd65edf378198b56a1f9fb32
    # via pre-commit
 nodeenv==1.9.1 \
    --hash=sha256:6ec12890a2dab7946721edbfbcd91f3319c6ccc9aec47be7c7e6b7011ee6645f \
    --hash=sha256:ba11c9782d29c27c70ffbdda2d7415098754709be8a7056d79a737cd901155c9
    # via pre-commit
 numpy==2.2.6 \
    --hash=sha256:038613e9fb8c72b0a41f025a7e4c3f0b7a1b5d768ece4796b674c8f3fe13efff \
    --hash=sha256:0678000bb9ac1475cd454c6b8c799206af8107e310843532b04d49649c717a47 \
    --hash=sha256:0811bb762109d9708cca4d0b13c4f67146e3c3b7cf8d34018c722adb2d957c84 \
    --hash=sha256:0b605b275d7bd0c640cad4e5d30fa701a8d59302e127e5f79138ad62762c3e3d \
    --hash=sha256:0bca768cd85ae743b2affdc762d617eddf3bcf8724435498a1e80132d04879e6 \
    --hash=sha256:1bc23a79bfabc5d056d106f9befb8d50c31ced2fbc70eedb8155aec74a45798f \
    --hash=sha256:287cc3162b6f01463ccd86be154f284d0893d2b3ed7292439ea97eafa8170e0b \
    --hash=sha256:37c0ca431f82cd5fa716eca9506aefcabc247fb27ba69c5062a6d3ade8cf8f49 \
    --hash=sha256:37e990a01ae6ec7fe7fa1c26c55ecb672dd98b19c3d0e1d1f326fa13cb38d163 \
    --hash=sha256:389d771b1623ec92636b0786bc4ae56abafad4a4c513d36a55dce14bd9ce8571 \
    --hash=sha256:3d70692235e759f260c3d837193090014aebdf026dfd167834bcba43e30c2a42 \
    --hash=sha256:41c5a21f4a04fa86436124d388f6ed60a9343a6f767fced1a8a71c3fbca038ff \
    --hash=sha256:481b49095335f8eed42e39e8041327c05b0f6f4780488f61286ed3c01368d491 \
    --hash=sha256:4eeaae00d789f66c7a25ac5f34b71a7035bb474e679f410e5e1a94deb24cf2d4 \
    --hash=sha256:55a4d33fa519660d69614a9fad433be87e5252f4b03850642f88993f7b2ca566 \
    --hash=sha256:5a6429d4be8ca66d889b7cf70f536a397dc45ba6faeb5f8c5427935d9592e9cf \
    --hash=sha256:5bd4fc3ac8926b3819797a7c0e2631eb889b4118a9898c84f585a54d475b7e40 \
    --hash=sha256:5beb72339d9d4fa36522fc63802f469b13cdbe4fdab4a288f0c441b74272ebfd \
    --hash=sha256:6031dd6dfecc0cf9f668681a37648373bddd6421fff6c66ec1624eed0180ee06 \
    --hash=sha256:71594f7c51a18e728451bb50cc60a3ce4e6538822731b2933209a1f3614e9282 \
    --hash=sha256:74d4531beb257d2c3f4b261bfb0fc09e0f9ebb8842d82a7b4209415896adc680 \
    --hash=sha256:7befc596a7dc9da8a337f79802ee8adb30a552a94f792b9c9d18c840055907db \
    --hash=sha256:894b3a42502226a1cac872f840030665f33326fc3dac8e57c607905773cdcde3 \
    --hash=sha256:8e41fd67c52b86603a91c1a505ebaef50b3314de0213461c7a6e99c9a3beff90 \
    --hash=sha256:8e9ace4a37db23421249ed236fdcdd457d671e25146786dfc96835cd951aa7c1 \
    --hash=sha256:8fc377d995680230e83241d8a96def29f204b5782f371c532579b4f20607a289 \
    --hash=sha256:9551a499bf125c1d4f9e250377c1ee2eddd02e01eac6644c080162c0c51778ab \
    --hash=sha256:b0544343a702fa80c95ad5d3d608ea3599dd54d4632df855e4c8d24eb6ecfa1c \
    --hash=sha256:b093dd74e50a8cba3e873868d9e93a85b78e0daf2e98c6797566ad8044e8363d \
    --hash=sha256:b412caa66f72040e6d268491a59f2c43bf03eb6c96dd8f0307829feb7fa2b6fb \
    --hash=sha256:b4f13750ce79751586ae2eb824ba7e1e8dba64784086c98cdbbcc6a42112ce0d \
    --hash=sha256:b64d8d4d17135e00c8e346e0a738deb17e754230d7e0810ac5012750bbd85a5a \
    --hash=sha256:ba10f8411898fc418a521833e014a77d3ca01c15b0c6cdcce6a0d2897e6dbbdf \
    --hash=sha256:bd48227a919f1bafbdda0583705e547892342c26fb127219d60a5c36882609d1 \
    --hash=sha256:c1f9540be57940698ed329904db803cf7a402f3fc200bfe599334c9bd84a40b2 \
    --hash=sha256:c820a93b0255bc360f53eca31a0e676fd1101f673dda8da93454a12e23fc5f7a \
    --hash=sha256:ce47521a4754c8f4593837384bd3424880629f718d87c5d44f8ed763edd63543 \
    --hash=sha256:d042d24c90c41b54fd506da306759e06e568864df8ec17ccc17e9e884634fd00 \
    --hash=sha256:de749064336d37e340f640b05f24e9e3dd678c57318c7289d222a8a2f543e90c \
    --hash=sha256:e1dda9c7e08dc141e0247a5b8f49cf05984955246a327d4c48bda16821947b2f \
    --hash=sha256:e29554e2bef54a90aa5cc07da6ce955accb83f21ab5de01a62c8478897b264fd \
    --hash=sha256:e3143e4451880bed956e706a3220b4e5cf6172ef05fcc397f6f36a550b1dd868 \
    --hash=sha256:e8213002e427c69c45a52bbd94163084025f533a55a59d6f9c5b820774ef3303 \
    --hash=sha256:efd28d4e9cd7d7a8d39074a4d44c63eda73401580c5c76acda2ce969e0a38e83 \
    --hash=sha256:f0fd6321b839904e15c46e0d257fdd101dd7f530fe03fd6359c1ea63738703f3 \
    --hash=sha256:f1372f041402e37e5e633e586f62aa53de2eac8d98cbfb822806ce4bbefcb74d \
    --hash=sha256:f2618db89be1b4e05f7a1a847a9c1c0abd63e63a1607d892dd54668dd92faf87 \
    --hash=sha256:f447e6acb680fd307f40d3da4852208af94afdfab89cf850986c3ca00562f4fa \
    --hash=sha256:f92729c95468a2f4f15e9bb94c432a9229d0d50de67304399627a943201baa2f \
    --hash=sha256:f9f1adb22318e121c5c69a09142811a201ef17ab257a1e66ca3025065b7f53ae \
    --hash=sha256:fc0c5673685c508a142ca65209b4e79ed6740a4ed6b2267dbba90f34b0b3cfda \
    --hash=sha256:fc7b73d02efb0e18c000e9ad8b83480dfcd5dfd11065997ed4c6747470ae8915 \
    --hash=sha256:fd83c01228a688733f1ded5201c678f0c53ecc1006ffbc404db9f7a899ac6249 \
    --hash=sha256:fe27749d33bb772c80dcd84ae7e8df2adc920ae8297400dabec45f0dedb3f6de \
    --hash=sha256:fee4236c876c4e8369388054d02d0e9bb84821feb1a64dd59e137e6511a551f8
    # via opencv-python-headless
 opencv-python-headless==4.12.0.88 \
    --hash=sha256:1e58d664809b3350c1123484dd441e1667cd7bed3086db1b9ea1b6f6cb20b50e \
    --hash=sha256:236c8df54a90f4d02076e6f9c1cc763d794542e886c576a6fee46ec8ff75a7a9 \
    --hash=sha256:365bb2e486b50feffc2d07a405b953a8f3e8eaa63865bc650034e5c71e7a5154 \
    --hash=sha256:86b413bdd6c6bf497832e346cd5371995de148e579b9774f8eba686dee3f5528 \
    --hash=sha256:aeb4b13ecb8b4a0beb2668ea07928160ea7c2cd2d9b5ef571bbee6bafe9cc8d0 \
    --hash=sha256:cfdc017ddf2e59b6c2f53bc12d74b6b0be7ded4ec59083ea70763921af2b6c09 \
    --hash=sha256:fde2cf5c51e4def5f2132d78e0c08f9c14783cd67356922182c6845b9af87dbd
    # via -r .github\scripts\requirements_dev.in
 pdf2image==1.17.0 \
    --hash=sha256:eaa959bc116b420dd7ec415fcae49b98100dda3dd18cd2fdfa86d09f112f6d57 \
    --hash=sha256:ecdd58d7afb810dffe21ef2b1bbc057ef434dabbac6c33778a38a3f7744a27e2
    # via -r .github\scripts\requirements_dev.in
 pillow==11.3.0 \
    --hash=sha256:023f6d2d11784a465f09fd09a34b150ea4672e85fb3d05931d89f373ab14abb2 \
    --hash=sha256:02a723e6bf909e7cea0dac1b0e0310be9d7650cd66222a5f1c571455c0a45214 \
    --hash=sha256:040a5b691b0713e1f6cbe222e0f4f74cd233421e105850ae3b3c0ceda520f42e \
    --hash=sha256:05f6ecbeff5005399bb48d198f098a9b4b6bdf27b8487c7f38ca16eeb070cd59 \
    --hash=sha256:068d9c39a2d1b358eb9f245ce7ab1b5c3246c7c8c7d9ba58cfa5b43146c06e50 \
    --hash=sha256:0743841cabd3dba6a83f38a92672cccbd69af56e3e91777b0ee7f4dba4385632 \
    --hash=sha256:092c80c76635f5ecb10f3f83d76716165c96f5229addbd1ec2bdbbda7d496e06 \
    --hash=sha256:0b275ff9b04df7b640c59ec5a3cb113eefd3795a8df80bac69646ef699c6981a \
    --hash=sha256:0bce5c4fd0921f99d2e858dc4d4d64193407e1b99478bc5cacecba2311abde51 \
    --hash=sha256:1019b04af07fc0163e2810167918cb5add8d74674b6267616021ab558dc98ced \
    --hash=sha256:106064daa23a745510dabce1d84f29137a37224831d88eb4ce94bb187b1d7e5f \
    --hash=sha256:118ca10c0d60b06d006be10a501fd6bbdfef559251ed31b794668ed569c87e12 \
    --hash=sha256:13f87d581e71d9189ab21fe0efb5a23e9f28552d5be6979e84001d3b8505abe8 \
    --hash=sha256:155658efb5e044669c08896c0c44231c5e9abcaadbc5cd3648df2f7c0b96b9a6 \
    --hash=sha256:1904e1264881f682f02b7f8167935cce37bc97db457f8e7849dc3a6a52b99580 \
    --hash=sha256:19d2ff547c75b8e3ff46f4d9ef969a06c30ab2d4263a9e287733aa8b2429ce8f \
    --hash=sha256:1a992e86b0dd7aeb1f053cd506508c0999d710a8f07b4c791c63843fc6a807ac \
    --hash=sha256:1b9c17fd4ace828b3003dfd1e30bff24863e0eb59b535e8f80194d9cc7ecf860 \
    --hash=sha256:1c627742b539bba4309df89171356fcb3cc5a9178355b2727d1b74a6cf155fbd \
    --hash=sha256:1cd110edf822773368b396281a2293aeb91c90a2db00d78ea43e7e861631b722 \
    --hash=sha256:1f85acb69adf2aaee8b7da124efebbdb959a104db34d3a2cb0f3793dbae422a8 \
    --hash=sha256:23cff760a9049c502721bdb743a7cb3e03365fafcdfc2ef9784610714166e5a4 \
    --hash=sha256:2465a69cf967b8b49ee1b96d76718cd98c4e925414ead59fdf75cf0fd07df673 \
    --hash=sha256:2a3117c06b8fb646639dce83694f2f9eac405472713fcb1ae887469c0d4f6788 \
    --hash=sha256:2aceea54f957dd4448264f9bf40875da0415c83eb85f55069d89c0ed436e3542 \
    --hash=sha256:2d6fcc902a24ac74495df63faad1884282239265c6839a0a6416d33faedfae7e \
    --hash=sha256:30807c931ff7c095620fe04448e2c2fc673fcbb1ffe2a7da3fb39613489b1ddd \
    --hash=sha256:30b7c02f3899d10f13d7a48163c8969e4e653f8b43416d23d13d1bbfdc93b9f8 \
    --hash=sha256:3828ee7586cd0b2091b6209e5ad53e20d0649bbe87164a459d0676e035e8f523 \
    --hash=sha256:3cee80663f29e3843b68199b9d6f4f54bd1d4a6b59bdd91bceefc51238bcb967 \
    --hash=sha256:3e184b2f26ff146363dd07bde8b711833d7b0202e27d13540bfe2e35a323a809 \
    --hash=sha256:41342b64afeba938edb034d122b2dda5db2139b9a4af999729ba8818e0056477 \
    --hash=sha256:41742638139424703b4d01665b807c6468e23e699e8e90cffefe291c5832b027 \
    --hash=sha256:4445fa62e15936a028672fd48c4c11a66d641d2c05726c7ec1f8ba6a572036ae \
    --hash=sha256:45dfc51ac5975b938e9809451c51734124e73b04d0f0ac621649821a63852e7b \
    --hash=sha256:465b9e8844e3c3519a983d58b80be3f668e2a7a5db97f2784e7079fbc9f9822c \
    --hash=sha256:48d254f8a4c776de343051023eb61ffe818299eeac478da55227d96e241de53f \
    --hash=sha256:4c834a3921375c48ee6b9624061076bc0a32a60b5532b322cc0ea64e639dd50e \
    --hash=sha256:4c96f993ab8c98460cd0c001447bff6194403e8b1d7e149ade5f00594918128b \
    --hash=sha256:504b6f59505f08ae014f724b6207ff6222662aab5cc9542577fb084ed0676ac7 \
    --hash=sha256:527b37216b6ac3a12d7838dc3bd75208ec57c1c6d11ef01902266a5a0c14fc27 \
    --hash=sha256:5418b53c0d59b3824d05e029669efa023bbef0f3e92e75ec8428f3799487f361 \
    --hash=sha256:59a03cdf019efbfeeed910bf79c7c93255c3d54bc45898ac2a4140071b02b4ae \
    --hash=sha256:5e05688ccef30ea69b9317a9ead994b93975104a677a36a8ed8106be9260aa6d \
    --hash=sha256:6359a3bc43f57d5b375d1ad54a0074318a0844d11b76abccf478c37c986d3cfc \
    --hash=sha256:643f189248837533073c405ec2f0bb250ba54598cf80e8c1e043381a60632f58 \
    --hash=sha256:65dc69160114cdd0ca0f35cb434633c75e8e7fad4cf855177a05bf38678f73ad \
    --hash=sha256:67172f2944ebba3d4a7b54f2e95c786a3a50c21b88456329314caaa28cda70f6 \
    --hash=sha256:676b2815362456b5b3216b4fd5bd89d362100dc6f4945154ff172e206a22c024 \
    --hash=sha256:6a418691000f2a418c9135a7cf0d797c1bb7d9a485e61fe8e7722845b95ef978 \
    --hash=sha256:6abdbfd3aea42be05702a8dd98832329c167ee84400a1d1f61ab11437f1717eb \
    --hash=sha256:6be31e3fc9a621e071bc17bb7de63b85cbe0bfae91bb0363c893cbe67247780d \
    --hash=sha256:7107195ddc914f656c7fc8e4a5e1c25f32e9236ea3ea860f257b0436011fddd0 \
    --hash=sha256:71f511f6b3b91dd543282477be45a033e4845a40278fa8dcdbfdb07109bf18f9 \
    --hash=sha256:7859a4cc7c9295f5838015d8cc0a9c215b77e43d07a25e460f35cf516df8626f \
    --hash=sha256:7966e38dcd0fa11ca390aed7c6f20454443581d758242023cf36fcb319b1a874 \
    --hash=sha256:79ea0d14d3ebad43ec77ad5272e6ff9bba5b679ef73375ea760261207fa8e0aa \
    --hash=sha256:7aee118e30a4cf54fdd873bd3a29de51e29105ab11f9aad8c32123f58c8f8081 \
    --hash=sha256:7b161756381f0918e05e7cb8a371fff367e807770f8fe92ecb20d905d0e1c149 \
    --hash=sha256:7c8ec7a017ad1bd562f93dbd8505763e688d388cde6e4a010ae1486916e713e6 \
    --hash=sha256:7d1aa4de119a0ecac0a34a9c8bde33f34022e2e8f99104e47a3ca392fd60e37d \
    --hash=sha256:7db51d222548ccfd274e4572fdbf3e810a5e66b00608862f947b163e613b67dd \
    --hash=sha256:819931d25e57b513242859ce1876c58c59dc31587847bf74cfe06b2e0cb22d2f \
    --hash=sha256:83e1b0161c9d148125083a35c1c5a89db5b7054834fd4387499e06552035236c \
    --hash=sha256:857844335c95bea93fb39e0fa2726b4d9d758850b34075a7e3ff4f4fa3aa3b31 \
    --hash=sha256:8797edc41f3e8536ae4b10897ee2f637235c94f27404cac7297f7b607dd0716e \
    --hash=sha256:8924748b688aa210d79883357d102cd64690e56b923a186f35a82cbc10f997db \
    --hash=sha256:89bd777bc6624fe4115e9fac3352c79ed60f3bb18651420635f26e643e3dd1f6 \
    --hash=sha256:8dc70ca24c110503e16918a658b869019126ecfe03109b754c402daff12b3d9f \
    --hash=sha256:91da1d88226663594e3f6b4b8c3c8d85bd504117d043740a8e0ec449087cc494 \
    --hash=sha256:921bd305b10e82b4d1f5e802b6850677f965d8394203d182f078873851dada69 \
    --hash=sha256:932c754c2d51ad2b2271fd01c3d121daaa35e27efae2a616f77bf164bc0b3e94 \
    --hash=sha256:93efb0b4de7e340d99057415c749175e24c8864302369e05914682ba642e5d77 \
    --hash=sha256:97afb3a00b65cc0804d1c7abddbf090a81eaac02768af58cbdcaaa0a931e0b6d \
    --hash=sha256:97f07ed9f56a3b9b5f49d3661dc9607484e85c67e27f3e8be2c7d28ca032fec7 \
    --hash=sha256:98a9afa7b9007c67ed84c57c9e0ad86a6000da96eaa638e4f8abe5b65ff83f0a \
    --hash=sha256:9ab6ae226de48019caa8074894544af5b53a117ccb9d3b3dcb2871464c829438 \
    --hash=sha256:9c412fddd1b77a75aa904615ebaa6001f169b26fd467b4be93aded278266b288 \
    --hash=sha256:a1bc6ba083b145187f648b667e05a2534ecc4b9f2784c2cbe3089e44868f2b9b \
    --hash=sha256:a418486160228f64dd9e9efcd132679b7a02a5f22c982c78b6fc7dab3fefb635 \
    --hash=sha256:a4d336baed65d50d37b88ca5b60c0fa9d81e3a87d4a7930d3880d1624d5b31f3 \
    --hash=sha256:a6444696fce635783440b7f7a9fc24b3ad10a9ea3f0ab66c5905be1c19ccf17d \
    --hash=sha256:a7bc6e6fd0395bc052f16b1a8670859964dbd7003bd0af2ff08342eb6e442cfe \
    --hash=sha256:b4b8f3efc8d530a1544e5962bd6b403d5f7fe8b9e08227c6b255f98ad82b4ba0 \
    --hash=sha256:b5f56c3f344f2ccaf0dd875d3e180f631dc60a51b314295a3e681fe8cf851fbe \
    --hash=sha256:be5463ac478b623b9dd3937afd7fb7ab3d79dd290a28e2b6df292dc75063eb8a \
    --hash=sha256:c37d8ba9411d6003bba9e518db0db0c58a680ab9fe5179f040b0463644bc9805 \
    --hash=sha256:c84d689db21a1c397d001aa08241044aa2069e7587b398c8cc63020390b1c1b8 \
    --hash=sha256:c96d333dcf42d01f47b37e0979b6bd73ec91eae18614864622d9b87bbd5bbf36 \
    --hash=sha256:cadc9e0ea0a2431124cde7e1697106471fc4c1da01530e679b2391c37d3fbb3a \
    --hash=sha256:cc3e831b563b3114baac7ec2ee86819eb03caa1a2cef0b481a5675b59c4fe23b \
    --hash=sha256:cd8ff254faf15591e724dc7c4ddb6bf4793efcbe13802a4ae3e863cd300b493e \
    --hash=sha256:d000f46e2917c705e9fb93a3606ee4a819d1e3aa7a9b442f6444f07e77cf5e25 \
    --hash=sha256:d9da3df5f9ea2a89b81bb6087177fb1f4d1c7146d583a3fe5c672c0d94e55e12 \
    --hash=sha256:e5c5858ad8ec655450a7c7df532e9842cf8df7cc349df7225c60d5d348c8aada \
    --hash=sha256:e67d793d180c9df62f1f40aee3accca4829d3794c95098887edc18af4b8b780c \
    --hash=sha256:ea944117a7974ae78059fcc1800e5d3295172bb97035c0c1d9345fca1419da71 \
    --hash=sha256:eb76541cba2f958032d79d143b98a3a6b3ea87f0959bbe256c0b5e416599fd5d \
    --hash=sha256:ec1ee50470b0d050984394423d96325b744d55c701a439d2bd66089bff963d3c \
    --hash=sha256:ee92f2fd10f4adc4b43d07ec5e779932b4eb3dbfbc34790ada5a6669bc095aa6 \
    --hash=sha256:f0f5d8f4a08090c6d6d578351a2b91acf519a54986c055af27e7a93feae6d3f1 \
    --hash=sha256:f1f182ebd2303acf8c380a54f615ec883322593320a9b00438eb842c1f37ae50 \
    --hash=sha256:f8a5827f84d973d8636e9dc5764af4f0cf2318d26744b3d902931701b0d46653 \
    --hash=sha256:f944255db153ebb2b19c51fe85dd99ef0ce494123f21b9db4877ffdfc5590c7c \
    --hash=sha256:fdae223722da47b024b867c1ea0be64e0df702c5e0a60e27daad39bf960dd1e4 \
    --hash=sha256:fe27fb049cdcca11f11a7bfda64043c37b30e6b91f10cb5bab275806c32f6ab3
    # via
    #   -r .github\scripts\requirements_dev.in
    #   pdf2image
    #   weasyprint
 platformdirs==4.3.8 \
    --hash=sha256:3d512d96e16bcb959a814c9f348431070822a6496326a4be0911c40b5a74c2bc \
    --hash=sha256:ff7059bb7eb1179e2685604f4aaf157cfd9535242bd23742eadc3c13542139b4
    # via virtualenv
 pre-commit==4.3.0 \
    --hash=sha256:2b0747ad7e6e967169136edffee14c16e148a778a54e4f967921aa1ebf2308d8 \
    --hash=sha256:499fe450cc9d42e9d58e606262795ecb64dd05438943c62b66f6a8673da30b16
    # via -r .github\scripts\requirements_dev.in
 pycparser==2.22 \
    --hash=sha256:491c8be9c040f5390f5bf44a5b07752bd07f56edf992381b05c701439eec10f6 \
    --hash=sha256:c3702b6d3dd8c7abc1afa565d7e63d53a1d0bd86cdc24edd75470f4de499cfcc
    # via cffi
 pydyf==0.11.0 \
    --hash=sha256:0aaf9e2ebbe786ec7a78ec3fbffa4cdcecde53fd6f563221d53c6bc1328848a3 \
    --hash=sha256:394dddf619cca9d0c55715e3c55ea121a9bf9cbc780cdc1201a2427917b86b64
    # via weasyprint
 pyphen==0.17.2 \
    --hash=sha256:3a07fb017cb2341e1d9ff31b8634efb1ae4dc4b130468c7c39dd3d32e7c3affd \
    --hash=sha256:f60647a9c9b30ec6c59910097af82bc5dd2d36576b918e44148d8b07ef3b4aa3
    # via weasyprint
 pyyaml==6.0.2 \
    --hash=sha256:01179a4a8559ab5de078078f37e5c1a30d76bb88519906844fd7bdea1b7729ff \
    --hash=sha256:0833f8694549e586547b576dcfaba4a6b55b9e96098b36cdc7ebefe667dfed48 \
    --hash=sha256:0a9a2848a5b7feac301353437eb7d5957887edbf81d56e903999a75a3d743086 \
    --hash=sha256:0b69e4ce7a131fe56b7e4d770c67429700908fc0752af059838b1cfb41960e4e \
    --hash=sha256:0ffe8360bab4910ef1b9e87fb812d8bc0a308b0d0eef8c8f44e0254ab3b07133 \
    --hash=sha256:11d8f3dd2b9c1207dcaf2ee0bbbfd5991f571186ec9cc78427ba5bd32afae4b5 \
    --hash=sha256:17e311b6c678207928d649faa7cb0d7b4c26a0ba73d41e99c4fff6b6c3276484 \
    --hash=sha256:1e2120ef853f59c7419231f3bf4e7021f1b936f6ebd222406c3b60212205d2ee \
    --hash=sha256:1f71ea527786de97d1a0cc0eacd1defc0985dcf6b3f17bb77dcfc8c34bec4dc5 \
    --hash=sha256:23502f431948090f597378482b4812b0caae32c22213aecf3b55325e049a6c68 \
    --hash=sha256:24471b829b3bf607e04e88d79542a9d48bb037c2267d7927a874e6c205ca7e9a \
    --hash=sha256:29717114e51c84ddfba879543fb232a6ed60086602313ca38cce623c1d62cfbf \
    --hash=sha256:2e99c6826ffa974fe6e27cdb5ed0021786b03fc98e5ee3c5bfe1fd5015f42b99 \
    --hash=sha256:39693e1f8320ae4f43943590b49779ffb98acb81f788220ea932a6b6c51004d8 \
    --hash=sha256:3ad2a3decf9aaba3d29c8f537ac4b243e36bef957511b4766cb0057d32b0be85 \
    --hash=sha256:3b1fdb9dc17f5a7677423d508ab4f243a726dea51fa5e70992e59a7411c89d19 \
    --hash=sha256:41e4e3953a79407c794916fa277a82531dd93aad34e29c2a514c2c0c5fe971cc \
    --hash=sha256:43fa96a3ca0d6b1812e01ced1044a003533c47f6ee8aca31724f78e93ccc089a \
    --hash=sha256:50187695423ffe49e2deacb8cd10510bc361faac997de9efef88badc3bb9e2d1 \
    --hash=sha256:5ac9328ec4831237bec75defaf839f7d4564be1e6b25ac710bd1a96321cc8317 \
    --hash=sha256:5d225db5a45f21e78dd9358e58a98702a0302f2659a3c6cd320564b75b86f47c \
    --hash=sha256:6395c297d42274772abc367baaa79683958044e5d3835486c16da75d2a694631 \
    --hash=sha256:688ba32a1cffef67fd2e9398a2efebaea461578b0923624778664cc1c914db5d \
    --hash=sha256:68ccc6023a3400877818152ad9a1033e3db8625d899c72eacb5a668902e4d652 \
    --hash=sha256:70b189594dbe54f75ab3a1acec5f1e3faa7e8cf2f1e08d9b561cb41b845f69d5 \
    --hash=sha256:797b4f722ffa07cc8d62053e4cff1486fa6dc094105d13fea7b1de7d8bf71c9e \
    --hash=sha256:7c36280e6fb8385e520936c3cb3b8042851904eba0e58d277dca80a5cfed590b \
    --hash=sha256:7e7401d0de89a9a855c839bc697c079a4af81cf878373abd7dc625847d25cbd8 \
    --hash=sha256:80bab7bfc629882493af4aa31a4cfa43a4c57c83813253626916b8c7ada83476 \
    --hash=sha256:82d09873e40955485746739bcb8b4586983670466c23382c19cffecbf1fd8706 \
    --hash=sha256:8388ee1976c416731879ac16da0aff3f63b286ffdd57cdeb95f3f2e085687563 \
    --hash=sha256:8824b5a04a04a047e72eea5cec3bc266db09e35de6bdfe34c9436ac5ee27d237 \
    --hash=sha256:8b9c7197f7cb2738065c481a0461e50ad02f18c78cd75775628afb4d7137fb3b \
    --hash=sha256:9056c1ecd25795207ad294bcf39f2db3d845767be0ea6e6a34d856f006006083 \
    --hash=sha256:936d68689298c36b53b29f23c6dbb74de12b4ac12ca6cfe0e047bedceea56180 \
    --hash=sha256:9b22676e8097e9e22e36d6b7bda33190d0d400f345f23d4065d48f4ca7ae0425 \
    --hash=sha256:a4d3091415f010369ae4ed1fc6b79def9416358877534caf6a0fdd2146c87a3e \
    --hash=sha256:a8786accb172bd8afb8be14490a16625cbc387036876ab6ba70912730faf8e1f \
    --hash=sha256:a9f8c2e67970f13b16084e04f134610fd1d374bf477b17ec1599185cf611d725 \
    --hash=sha256:bc2fa7c6b47d6bc618dd7fb02ef6fdedb1090ec036abab80d4681424b84c1183 \
    --hash=sha256:c70c95198c015b85feafc136515252a261a84561b7b1d51e3384e0655ddf25ab \
    --hash=sha256:cc1c1159b3d456576af7a3e4d1ba7e6924cb39de8f67111c735f6fc832082774 \
    --hash=sha256:ce826d6ef20b1bc864f0a68340c8b3287705cae2f8b4b1d932177dcc76721725 \
    --hash=sha256:d584d9ec91ad65861cc08d42e834324ef890a082e591037abe114850ff7bbc3e \
    --hash=sha256:d7fded462629cfa4b685c5416b949ebad6cec74af5e2d42905d41e257e0869f5 \
    --hash=sha256:d84a1718ee396f54f3a086ea0a66d8e552b2ab2017ef8b420e92edbc841c352d \
    --hash=sha256:d8e03406cac8513435335dbab54c0d385e4a49e4945d2909a581c83647ca0290 \
    --hash=sha256:e10ce637b18caea04431ce14fabcf5c64a1c61ec9c56b071a4b7ca131ca52d44 \
    --hash=sha256:ec031d5d2feb36d1d1a24380e4db6d43695f3748343d99434e6f5f9156aaa2ed \
    --hash=sha256:ef6107725bd54b262d6dedcc2af448a266975032bc85ef0172c5f059da6325b4 \
    --hash=sha256:efdca5630322a10774e8e98e1af481aad470dd62c3170801852d752aa7a783ba \
    --hash=sha256:f753120cb8181e736c57ef7636e83f31b9c0d1722c516f7e86cf15b7aa57ff12 \
    --hash=sha256:ff3824dc5261f50c9b0dfb3be22b4567a6f938ccce4587b38952d85fd9e9afe4
    # via pre-commit
 tinycss2==1.4.0 \
    --hash=sha256:10c0972f6fc0fbee87c3edb76549357415e94548c1ae10ebccdea16fb404a9b7 \
    --hash=sha256:3a49cf47b7675da0b15d0c6e1df8df4ebd96e9394bb905a5775adb0d884c5289
    # via
    #   cssselect2
    #   weasyprint
 tinyhtml5==2.0.0 \
    --hash=sha256:086f998833da24c300c414d9fe81d9b368fd04cb9d2596a008421cbc705fcfcc \
    --hash=sha256:13683277c5b176d070f82d099d977194b7a1e26815b016114f581a74bbfbf47e
    # via weasyprint
 unoserver==3.3.2 \
    --hash=sha256:1eeb7467cf6b56b8eff3b576e2d1b2b2ff4e0eb2052e995ac80a1456de300639 \
    --hash=sha256:87e144f903ee21951b2e06a97549450c13ed7eca5bcebad942d3352d4e882616
    # via -r .github\scripts\requirements_dev.in
 virtualenv==20.33.1 \
    --hash=sha256:07c19bc66c11acab6a5958b815cbcee30891cd1c2ccf53785a28651a0d8d8a67 \
    --hash=sha256:1b44478d9e261b3fb8baa5e74a0ca3bc0e05f21aa36167bf9cbf850e542765b8
    # via pre-commit
 weasyprint==66.0 \
    --hash=sha256:82b0783b726fcd318e2c977dcdddca76515b30044bc7a830cc4fbe717582a6d0 \
    --hash=sha256:da71dc87dc129ac9cffdc65e5477e90365ab9dbae45c744014ec1d06303dde40
    # via -r .github\scripts\requirements_dev.in
 webencodings==0.5.1 \
    --hash=sha256:a0af1213f3c2226497a97e2b3aa01a7e4bee4f403f95be16fc9acd2947514a78 \
    --hash=sha256:b36a1c245f2d304965eb4e0a82848379241dc04b865afcc4aab16748587e1923
    # via
    #   cssselect2
    #   tinycss2
    #   tinyhtml5
 zopfli==0.2.3.post1 \
    --hash=sha256:0aa5f90d6298bda02a95bc8dc8c3c19004d5a4e44bda00b67ca7431d857b4b54 \
    --hash=sha256:0cc20b02a9531559945324c38302fd4ba763311632d0ec8a1a0aa9c10ea363e6 \
    --hash=sha256:1d8cc06605519e82b16df090e17cb3990d1158861b2872c3117f1168777b81e4 \
    --hash=sha256:1f990634fd5c5c8ced8edddd8bd45fab565123b4194d6841e01811292650acae \
    --hash=sha256:2345e713260a350bea0b01a816a469ea356bc2d63d009a0d777691ecbbcf7493 \
    --hash=sha256:2768c877f76c8a0e7519b1c86c93757f3c01492ddde55751e9988afb7eff64e1 \
    --hash=sha256:29ea74e72ffa6e291b8c6f2504ce6c146b4fe990c724c1450eb8e4c27fd31431 \
    --hash=sha256:34a99592f3d9eb6f737616b5bd74b48a589fdb3cb59a01a50d636ea81d6af272 \
    --hash=sha256:3654bfc927bc478b1c3f3ff5056ed7b20a1a37fa108ca503256d0a699c03bbb1 \
    --hash=sha256:3657e416ffb8f31d9d3424af12122bb251befae109f2e271d87d825c92fc5b7b \
    --hash=sha256:37d011e92f7b9622742c905fdbed9920a1d0361df84142807ea2a528419dea7f \
    --hash=sha256:3827170de28faf144992d3d4dcf8f3998fe3c8a6a6f4a08f1d42c2ec6119d2bb \
    --hash=sha256:39e576f93576c5c223b41d9c780bbb91fd6db4babf3223d2a4fe7bf568e2b5a8 \
    --hash=sha256:3a89277ed5f8c0fb2d0b46d669aa0633123aa7381f1f6118c12f15e0fb48f8ca \
    --hash=sha256:3c163911f8bad94b3e1db0a572e7c28ba681a0c91d0002ea1e4fa9264c21ef17 \
    --hash=sha256:3f0197b6aa6eb3086ae9e66d6dd86c4d502b6c68b0ec490496348ae8c05ecaef \
    --hash=sha256:48dba9251060289101343110ab47c0756f66f809bb4d1ddbb6d5c7e7752115c5 \
    --hash=sha256:4915a41375bdee4db749ecd07d985a0486eb688a6619f713b7bf6fbfd145e960 \
    --hash=sha256:4c1226a7e2c7105ac31503a9bb97454743f55d88164d6d46bc138051b77f609b \
    --hash=sha256:4e50ffac74842c1c1018b9b73875a0d0a877c066ab06bf7cccbaa84af97e754f \
    --hash=sha256:518f1f4ed35dd69ce06b552f84e6d081f07c552b4c661c5312d950a0b764a58a \
    --hash=sha256:5aad740b4d4fcbaaae4887823925166ffd062db3b248b3f432198fc287381d1a \
    --hash=sha256:5f272186e03ad55e7af09ab78055535c201b1a0bcc2944edb1768298d9c483a4 \
    --hash=sha256:5fcfc0dc2761e4fcc15ad5d273b4d58c2e8e059d3214a7390d4d3c8e2aee644e \
    --hash=sha256:60db20f06c3d4c5934b16cfa62a2cc5c3f0686bffe0071ed7804d3c31ab1a04e \
    --hash=sha256:615a8ac9dda265e9cc38b2a76c3142e4a9f30fea4a79c85f670850783bc6feb4 \
    --hash=sha256:6482db9876c68faac2d20a96b566ffbf65ddaadd97b222e4e73641f4f8722fc4 \
    --hash=sha256:6617fb10f9e4393b331941861d73afb119cd847e88e4974bdbe8068ceef3f73f \
    --hash=sha256:676919fba7311125244eb0c4393679ac5fe856e5864a15d122bd815205369fa0 \
    --hash=sha256:6c2d2bc8129707e34c51f9352c4636ca313b52350bbb7e04637c46c1818a2a70 \
    --hash=sha256:71390dbd3fbf6ebea9a5d85ffed8c26ee1453ee09248e9b88486e30e0397b775 \
    --hash=sha256:716cdbfc57bfd3d3e31a58e6246e8190e6849b7dbb7c4ce39ef8bbf0edb8f6d5 \
    --hash=sha256:75a26a2307b10745a83b660c404416e984ee6fca515ec7f0765f69af3ce08072 \
    --hash=sha256:7be5cc6732eb7b4df17305d8a7b293223f934a31783a874a01164703bc1be6cd \
    --hash=sha256:7cce242b5df12b2b172489daf19c32e5577dd2fac659eb4b17f6a6efb446fd5c \
    --hash=sha256:81c341d9bb87a6dbbb0d45d6e272aca80c7c97b4b210f9b6e233bf8b87242f29 \
    --hash=sha256:89899641d4de97dbad8e0cde690040d078b6aea04066dacaab98e0b5a23573f2 \
    --hash=sha256:8d5ab297d660b75c159190ce6d73035502310e40fd35170aed7d1a1aea7ddd65 \
    --hash=sha256:8fbe5bcf10d01aab3513550f284c09fef32f342b36f56bfae2120a9c4d12c130 \
    --hash=sha256:91a2327a4d7e77471fa4fbb26991c6de4a738c6fc6a33e09bb25f56a870a4b7b \
    --hash=sha256:95a260cafd56b8fffa679918937401c80bb38e1681c448b988022e4c3610965d \
    --hash=sha256:96484dc0f48be1c5d7ae9f38ed1ce41e3675fd506b27c11a6607f14b49101e99 \
    --hash=sha256:9a6aec38a989bad7ddd1ef53f1265699e49e294d08231b5313d61293f3cd6237 \
    --hash=sha256:9ba214f4f45bec195ee8559651154d3ac2932470b9d91c5715fc29c013349f8c \
    --hash=sha256:9f4a7ec2770e6af05f5a02733fd3900f30a9cd58e5d6d3727e14c5bcd6e7d587 \
    --hash=sha256:a1cf720896d2ce998bc8e051d4b4ce0d8bec007aab6243102e8e1d22a0b2fb3f \
    --hash=sha256:a241a68581d34d67b40c425cce3d1fd211c092f99d9250947824ccba9f491949 \
    --hash=sha256:a53b18797cdef27e019db595d66c4b077325afe2fd62145953275f53d84ce40c \
    --hash=sha256:a82fc2dbebe6eb908b9c665e71496f8525c1bc4d2e3a7a7722ef2b128b6227c8 \
    --hash=sha256:a86eb88e06bd87e1fff31dac878965c26b0c26db59ddcf78bb0379a954b120de \
    --hash=sha256:aa588b21044f8a74e423d8c8a4c7fc9988501878aacced793467010039c50734 \
    --hash=sha256:b05296e8bc88c92e2b21e0a9bae4740c1551ee613c1d93a51fd28a7a0b2b6fbb \
    --hash=sha256:b0ec13f352ea5ae0fc91f98a48540512eed0767d0ec4f7f3cb92d92797983d18 \
    --hash=sha256:b3df42f52502438ee973042cc551877d24619fa1cd38ef7b7e9ac74200daca8b \
    --hash=sha256:b78008a69300d929ca2efeffec951b64a312e9a811e265ea4a907ab546d79fa6 \
    --hash=sha256:b9026a21b6d41eb0e2e63f5bc1242c3fcc43ecb770963cda99a4307863dac12e \
    --hash=sha256:bbe429fc50686bb2a2608a30843e36fbaa123462a5284f136c7d9e0145220bfd \
    --hash=sha256:bfa1eb759e07d8b7aa7a310a2bc535e127ee70addf90dc8d4b946b593c3e51a8 \
    --hash=sha256:c1e0ed5d84ffa2d677cc9582fc01e61dab2e7ef8b8996e055f0a76167b1b94df \
    --hash=sha256:c4278d1873ce6e803e5d4f8d702fd3026bd67fca744aa98881324d1157ddf748 \
    --hash=sha256:cac2b37ab21c2b36a10b685b1893ebd6b0f83ae26004838ac817680881576567 \
    --hash=sha256:cbe6df25807227519debd1a57ab236f5f6bad441500e85b13903e51f93a43214 \
    --hash=sha256:cd2c002f160502608dcc822ed2441a0f4509c52e86fcfd1a09e937278ed1ca14 \
    --hash=sha256:e0137dd64a493ba6a4be37405cfd6febe650a98cc1e9dca8f6b8c63b1db11b41 \
    --hash=sha256:e63d558847166543c2c9789e6f985400a520b7eacc4b99181668b2c3aeadd352 \
    --hash=sha256:eb45a34f23da4f8bc712b6376ca5396914b0b7c09adbb001dad964eb7f3132f8 \
    --hash=sha256:ecb7572df5372abce8073df078207d9d1749f20b8b136089916a4a0868d56051 \
    --hash=sha256:f12000a6accdd4bf0a3fa6eaa1b1c7a7bc80af0a2edf3f89d770d3dcce1d0e22 \
    --hash=sha256:f7d69c1a7168ad0e9cb864e8663acb232986a0c9c9cb9801f56bf6214f53a54d \
    --hash=sha256:f815fcc2b2a457977724bad97fb4854022980f51ce7b136925e336b530545ae1 \
    --hash=sha256:fc39f5c27f962ec8660d8d20c24762431131b5d8c672b44b0a54cf2b5bcde9b9
    # via fonttools
 # The following packages are considered to be unsafe in a requirements file:
 pip==25.2 \
    --hash=sha256:578283f006390f85bb6282dffb876454593d637f5d1be494b5202ce4877e71f2 \
    --hash=sha256:6d67a2b4e7f14d8b31b8b52648866fa717f45a1eb70e83002f4331d07e953717
    # via -r .github\scripts\requirements_dev.in
 setuptools==80.9.0 \
    --hash=sha256:062d34222ad13e0cc312a4c02d73f059e86a4acbfbdea8f8f76b28c99f306922 \
    --hash=sha256:f36b47402ecde768dbfafc46e8e4207b4360c654f1f3bb84475f0a28628fb19c
    # via -r .github\scripts\requirements_dev.in
--- a/.github/scripts/requirements_pre_commit.txt
+++ b/.github/scripts/requirements_pre_commit.txt
@ -2,35 +2,35 @@
 # This file is autogenerated by pip-compile with Python 3.10
 # by the following command:
 #
-#    pip-compile --generate-hashes --output-file='.github\scripts\requirements_pre_commit.txt' --strip-extras '.github\scripts\requirements_pre_commit.in'
+#    pip-compile --generate-hashes --output-file='.github\scripts\requirements_pre_commit.txt' '.github\scripts\requirements_pre_commit.in'
 #
 cfgv==3.4.0 \
    --hash=sha256:b7265b1f29fd3316bfcd2b330d63d024f2bfd8bcb8b0272f8e19a504856c48f9 \
    --hash=sha256:e52591d4c5f5dead8e0f673fb16db7949d2cfb3f7da4582893288f0ded8fe560
    # via pre-commit
-distlib==0.4.0 \
+distlib==0.3.9 \
-    --hash=sha256:9659f7d87e46584a30b5780e43ac7a2143098441670ff0a49d5f9034c54a6c16 \
+    --hash=sha256:47f8c22fd27c27e25a65601af709b38e4f0a45ea4fc2e710f65755fa8caaaf87 \
-    --hash=sha256:feec40075be03a04501a973d81f633735b4b69f98b05450592310c0f401a4e0d
+    --hash=sha256:a60f20dea646b8a33f3e7772f74dc0b2d0772d2837ee1342a00645c81edf9403
    # via virtualenv
-filelock==3.18.0 \
+filelock==3.16.1 \
-    --hash=sha256:adbc88eabb99d2fec8c9c1b229b171f18afa655400173ddc653d5d01501fb9f2 \
+    --hash=sha256:2082e5703d51fbf98ea75855d9d5527e33d8ff23099bec374a134febee6946b0 \
-    --hash=sha256:c401f4f8377c4464e6db25fff06205fd89bdd83b65eb0488ed1b160f780e21de
+    --hash=sha256:c249fbfcd5db47e5e2d6d62198e565475ee65e4831e2561c8e313fa7eb961435
    # via virtualenv
-identify==2.6.13 \
+identify==2.6.5 \
-    --hash=sha256:60381139b3ae39447482ecc406944190f690d4a2997f2584062089848361b33b \
+    --hash=sha256:14181a47091eb75b337af4c23078c9d09225cd4c48929f521f3bf16b09d02566 \
-    --hash=sha256:da8d6c828e773620e13bfa86ea601c5a5310ba4bcd65edf378198b56a1f9fb32
+    --hash=sha256:c10b33f250e5bba374fae86fb57f3adcebf1161bce7cdf92031915fd480c13bc
    # via pre-commit
 nodeenv==1.9.1 \
    --hash=sha256:6ec12890a2dab7946721edbfbcd91f3319c6ccc9aec47be7c7e6b7011ee6645f \
    --hash=sha256:ba11c9782d29c27c70ffbdda2d7415098754709be8a7056d79a737cd901155c9
    # via pre-commit
-platformdirs==4.3.8 \
+platformdirs==4.3.6 \
-    --hash=sha256:3d512d96e16bcb959a814c9f348431070822a6496326a4be0911c40b5a74c2bc \
+    --hash=sha256:357fb2acbc885b0419afd3ce3ed34564c13c9b95c89360cd9563f73aa5e2b907 \
-    --hash=sha256:ff7059bb7eb1179e2685604f4aaf157cfd9535242bd23742eadc3c13542139b4
+    --hash=sha256:73e575e1408ab8103900836b97580d5307456908a03e92031bab39e4554cc3fb
    # via virtualenv
-pre-commit==4.3.0 \
+pre-commit==4.0.1 \
-    --hash=sha256:2b0747ad7e6e967169136edffee14c16e148a778a54e4f967921aa1ebf2308d8 \
+    --hash=sha256:80905ac375958c0444c65e9cebebd948b3cdb518f335a091a670a89d652139d2 \
-    --hash=sha256:499fe450cc9d42e9d58e606262795ecb64dd05438943c62b66f6a8673da30b16
+    --hash=sha256:efde913840816312445dc98787724647c65473daefe420785f885e8ed9a06878
    # via -r .github\scripts\requirements_pre_commit.in
 pyyaml==6.0.2 \
    --hash=sha256:01179a4a8559ab5de078078f37e5c1a30d76bb88519906844fd7bdea1b7729ff \
@ -87,11 +87,7 @@ pyyaml==6.0.2 \
    --hash=sha256:f753120cb8181e736c57ef7636e83f31b9c0d1722c516f7e86cf15b7aa57ff12 \
    --hash=sha256:ff3824dc5261f50c9b0dfb3be22b4567a6f938ccce4587b38952d85fd9e9afe4
    # via pre-commit
-typing-extensions==4.14.1 \
+virtualenv==20.28.1 \
-    --hash=sha256:38b39f4aeeab64884ce9f74c94263ef78f3c22467c8724005483154c26648d36 \
+    --hash=sha256:412773c85d4dab0409b83ec36f7a6499e72eaf08c80e81e9576bca61831c71cb \
-    --hash=sha256:d1e1e3b58374dc93031d6eda2420a48ea44a36c2b4766a4fdeb3710755731d76
+    --hash=sha256:5d34ab240fdb5d21549b76f9e8ff3af28252f5499fb6d6f031adac4e5a8c5329
    # via virtualenv
 virtualenv==20.34.0 \
    --hash=sha256:341f5afa7eee943e4984a9207c025feedd768baff6753cd660c857ceb3e36026 \
    --hash=sha256:44815b2c9dee7ed86e387b842a84f20b93f7f417f95886ca1996a72a4138eb1a
    # via pre-commit
--- a/.github/scripts/requirements_sync_readme.txt
+++ b/.github/scripts/requirements_sync_readme.txt
@ -2,9 +2,9 @@
 # This file is autogenerated by pip-compile with Python 3.10
 # by the following command:
 #
-#    pip-compile --generate-hashes --output-file='.github\scripts\requirements_sync_readme.txt' --strip-extras '.github\scripts\requirements_sync_readme.in'
+#    pip-compile --generate-hashes --output-file='.github\scripts\requirements_sync_readme.txt' '.github\scripts\requirements_sync_readme.in'
 #
-tomlkit==0.13.3 \
+tomlkit==0.13.2 \
-    --hash=sha256:430cf247ee57df2b94ee3fbe588e71d362a941ebb545dec29b53961d61add2a1 \
+    --hash=sha256:7a974427f6e119197f670fbbbeae7bef749a6c14e793db934baefc1b5f03efde \
-    --hash=sha256:c89c649d79ee40629a9fda55f8ace8c6a1b42deb912b2a8fd8d942ddadb606b0
+    --hash=sha256:fff5fe59a87295b278abd31bec92c15d9bc4a06885ab12bcea52c71119392e79
    # via -r .github\scripts\requirements_sync_readme.in
--- a/.github/workflows/PR-Demo-Comment-with-react.yml
+++ b/.github/workflows/PR-Demo-Comment-with-react.yml
@ -1,357 +0,0 @@
 name: PR Deployment via Comment
 on:
  issue_comment:
    types: [created]
 permissions:
  contents: read
  pull-requests: read
 jobs:
  check-comment:
    runs-on: ubuntu-latest
    permissions:
      issues: write
    if: |
      github.event.issue.pull_request &&
      (
        contains(github.event.comment.body, 'prdeploy') ||
        contains(github.event.comment.body, 'deploypr')
      )
      &&
      (
        github.event.comment.user.login == 'frooodle' ||
        github.event.comment.user.login == 'sf298' ||
        github.event.comment.user.login == 'Ludy87' ||
        github.event.comment.user.login == 'LaserKaspar' ||
        github.event.comment.user.login == 'sbplat' ||
        github.event.comment.user.login == 'reecebrowne' ||
        github.event.comment.user.login == 'DarioGii' ||
        github.event.comment.user.login == 'EthanHealy01' ||
        github.event.comment.user.login == 'ConnorYoh'
      )
    outputs:
      pr_number: ${{ steps.get-pr.outputs.pr_number }}
      comment_id: ${{ github.event.comment.id }}
      disable_security: ${{ steps.check-security-flag.outputs.disable_security }}
      enable_pro: ${{ steps.check-pro-flag.outputs.enable_pro }}
      enable_enterprise: ${{ steps.check-pro-flag.outputs.enable_enterprise }}
    steps:
      - name: Harden Runner
        uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
        with:
          egress-policy: audit
      - name: Checkout PR
        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
      - name: Setup GitHub App Bot
        if: github.actor != 'dependabot[bot]'
        id: setup-bot
        uses: ./.github/actions/setup-bot
        continue-on-error: true
        with:
          app-id: ${{ secrets.GH_APP_ID }}
          private-key: ${{ secrets.GH_APP_PRIVATE_KEY }}
      - name: Get PR data
        id: get-pr
        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
        with:
          script: |
            const prNumber = context.payload.issue.number;
            console.log(`PR Number: ${prNumber}`);
            core.setOutput('pr_number', prNumber);
      - name: Check for security/login flag
        id: check-security-flag
        env:
          COMMENT_BODY: ${{ github.event.comment.body }}
        run: |
          if [[ "$COMMENT_BODY" == *"security"* ]] || [[ "$COMMENT_BODY" == *"login"* ]]; then
            echo "Security flags detected in comment"
            echo "disable_security=false" >> $GITHUB_OUTPUT
          else
            echo "No security flags detected in comment"
            echo "disable_security=true" >> $GITHUB_OUTPUT
          fi
      - name: Check for pro flag
        id: check-pro-flag
        env:
          COMMENT_BODY: ${{ github.event.comment.body }}
        run: |
          if [[ "$COMMENT_BODY" == *"pro"* ]] || [[ "$COMMENT_BODY" == *"premium"* ]]; then
            echo "pro flags detected in comment"
            echo "enable_pro=true" >> $GITHUB_OUTPUT
            echo "enable_enterprise=false" >> $GITHUB_OUTPUT
          elif [[ "$COMMENT_BODY" == *"enterprise"* ]]; then
            echo "enterprise flags detected in comment"
            echo "enable_enterprise=true" >> $GITHUB_OUTPUT
            echo "enable_pro=true" >> $GITHUB_OUTPUT
          else
            echo "No pro or enterprise flags detected in comment"
            echo "enable_pro=false" >> $GITHUB_OUTPUT
            echo "enable_enterprise=false" >> $GITHUB_OUTPUT
          fi
      - name: Add 'in_progress' reaction to comment
        id: add-eyes-reaction
        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
        with:
          github-token: ${{ steps.setup-bot.outputs.token }}
          script: |
            console.log(`Adding eyes reaction to comment ID: ${context.payload.comment.id}`);
            try {
              const { data: reaction } = await github.rest.reactions.createForIssueComment({
                owner: context.repo.owner,
                repo: context.repo.repo,
                comment_id: context.payload.comment.id,
                content: 'eyes'
              });
              console.log(`Added reaction with ID: ${reaction.id}`);
              return { success: true, id: reaction.id };
            } catch (error) {
              console.error(`Failed to add reaction: ${error.message}`);
              console.error(error);
              return { success: false, error: error.message };
            }
  deploy-pr:
    needs: check-comment
    runs-on: ubuntu-latest
    permissions:
      issues: write
      pull-requests: write
    steps:
      - name: Harden Runner
        uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
        with:
          egress-policy: audit
      - name: Checkout PR
        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
      - name: Setup GitHub App Bot
        if: github.actor != 'dependabot[bot]'
        id: setup-bot
        uses: ./.github/actions/setup-bot
        continue-on-error: true
        with:
          app-id: ${{ secrets.GH_APP_ID }}
          private-key: ${{ secrets.GH_APP_PRIVATE_KEY }}
      - name: Checkout PR
        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
        with:
          ref: refs/pull/${{ needs.check-comment.outputs.pr_number }}/merge
          token: ${{ steps.setup-bot.outputs.token }}
      - name: Set up JDK
        uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0
        with:
          java-version: "17"
          distribution: "temurin"
      - name: Run Gradle Command
        run: |
          if [ "${{ needs.check-comment.outputs.disable_security }}" == "true" ]; then
            export DISABLE_ADDITIONAL_FEATURES=true
          else
            export DISABLE_ADDITIONAL_FEATURES=false
          fi
          ./gradlew clean build
        env:
          STIRLING_PDF_DESKTOP_UI: false
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
      - name: Login to Docker Hub
        uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0
        with:
          username: ${{ secrets.DOCKER_HUB_USERNAME }}
          password: ${{ secrets.DOCKER_HUB_API }}
      - name: Build and push PR-specific image
        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
        with:
          context: .
          file: ./Dockerfile
          push: true
          tags: ${{ secrets.DOCKER_HUB_USERNAME }}/test:pr-${{ needs.check-comment.outputs.pr_number }}
          build-args: VERSION_TAG=alpha
          platforms: linux/amd64
      - name: Set up SSH
        run: |
          mkdir -p ~/.ssh/
          echo "${{ secrets.VPS_SSH_KEY }}" > ../private.key
          sudo chmod 600 ../private.key
      - name: Deploy to VPS
        id: deploy
        run: |
          # Set security settings based on flags
          if [ "${{ needs.check-comment.outputs.disable_security }}" == "false" ]; then
            DISABLE_ADDITIONAL_FEATURES="false"
            LOGIN_SECURITY="true"
            SECURITY_STATUS="🔒 Security Enabled"
          else
            DISABLE_ADDITIONAL_FEATURES="true"
            LOGIN_SECURITY="false"
            SECURITY_STATUS="Security Disabled"
          fi
          # Set pro/enterprise settings (enterprise implies pro)
          if [ "${{ needs.check-comment.outputs.enable_enterprise }}" == "true" ]; then
            PREMIUM_ENABLED="true"
            PREMIUM_KEY="${{ secrets.ENTERPRISE_KEY }}"
            PREMIUM_PROFEATURES_AUDIT_ENABLED="true"
          elif [ "${{ needs.check-comment.outputs.enable_pro }}" == "true" ]; then
            PREMIUM_ENABLED="true"
            PREMIUM_KEY="${{ secrets.PREMIUM_KEY }}"
            PREMIUM_PROFEATURES_AUDIT_ENABLED="true"
          else
            PREMIUM_ENABLED="false"
            PREMIUM_KEY=""
            PREMIUM_PROFEATURES_AUDIT_ENABLED="false"
          fi
          # First create the docker-compose content locally
          cat > docker-compose.yml << EOF
          version: '3.3'
          services:
            stirling-pdf:
              container_name: stirling-pdf-pr-${{ needs.check-comment.outputs.pr_number }}
              image: ${{ secrets.DOCKER_HUB_USERNAME }}/test:pr-${{ needs.check-comment.outputs.pr_number }}
              ports:
                - "${{ needs.check-comment.outputs.pr_number }}:8080"
              volumes:
                - /stirling/PR-${{ needs.check-comment.outputs.pr_number }}/data:/usr/share/tessdata:rw
                - /stirling/PR-${{ needs.check-comment.outputs.pr_number }}/config:/configs:rw
                - /stirling/PR-${{ needs.check-comment.outputs.pr_number }}/logs:/logs:rw
              environment:
                DISABLE_ADDITIONAL_FEATURES: "${DISABLE_ADDITIONAL_FEATURES}"
                SECURITY_ENABLELOGIN: "${LOGIN_SECURITY}"
                SYSTEM_DEFAULTLOCALE: en-GB
                UI_APPNAME: "Stirling-PDF PR#${{ needs.check-comment.outputs.pr_number }}"
                UI_HOMEDESCRIPTION: "PR#${{ needs.check-comment.outputs.pr_number }} for Stirling-PDF Latest"
                UI_APPNAMENAVBAR: "PR#${{ needs.check-comment.outputs.pr_number }}"
                SYSTEM_MAXFILESIZE: "100"
                METRICS_ENABLED: "true"
                SYSTEM_GOOGLEVISIBILITY: "false"
                PREMIUM_KEY:                         "${PREMIUM_KEY}"
                PREMIUM_ENABLED:                     "${PREMIUM_ENABLED}"
                PREMIUM_PROFEATURES_AUDIT_ENABLED:   "${PREMIUM_PROFEATURES_AUDIT_ENABLED}"
              restart: on-failure:5
          EOF
          # Then copy the file and execute commands
          scp -i ../private.key -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null docker-compose.yml ${{ secrets.VPS_USERNAME }}@${{ secrets.VPS_HOST }}:/tmp/docker-compose.yml
          ssh -i ../private.key -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -T ${{ secrets.VPS_USERNAME }}@${{ secrets.VPS_HOST }} << ENDSSH
            # Create PR-specific directories
            mkdir -p /stirling/PR-${{ needs.check-comment.outputs.pr_number }}/{data,config,logs}
            # Move docker-compose file to correct location
            mv /tmp/docker-compose.yml /stirling/PR-${{ needs.check-comment.outputs.pr_number }}/docker-compose.yml
            # Start or restart the container
            cd /stirling/PR-${{ needs.check-comment.outputs.pr_number }}
            docker-compose pull
            docker-compose up -d
          ENDSSH
          # Set output for use in PR comment
          echo "security_status=${SECURITY_STATUS}" >> $GITHUB_ENV
      - name: Add success reaction to comment
        if: success()
        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
        with:
          github-token: ${{ steps.setup-bot.outputs.token }}
          script: |
            console.log(`Adding rocket reaction to comment ID: ${{ needs.check-comment.outputs.comment_id }}`);
            try {
              const { data: reaction } = await github.rest.reactions.createForIssueComment({
                owner: context.repo.owner,
                repo: context.repo.repo,
                comment_id: ${{ needs.check-comment.outputs.comment_id }},
                content: 'rocket'
              });
              console.log(`Added rocket reaction with ID: ${reaction.id}`);
            } catch (error) {
              console.error(`Failed to add reaction: ${error.message}`);
              console.error(error);
            }
            // add label to PR
            const prNumber = ${{ needs.check-comment.outputs.pr_number }};
            try {
              await github.rest.issues.addLabels({
                owner: context.repo.owner,
                repo: context.repo.repo,
                issue_number: prNumber,
                labels: ['pr-deployed']
              });
              console.log(`Added 'pr-deployed' label to PR #${prNumber}`);
            } catch (error) {
              console.error(`Failed to add label to PR: ${error.message}`);
              console.error(error);
            }
      - name: Add failure reaction to comment
        if: failure()
        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
        with:
          github-token: ${{ steps.setup-bot.outputs.token }}
          script: |
            console.log(`Adding -1 reaction to comment ID: ${{ needs.check-comment.outputs.comment_id }}`);
            try {
              const { data: reaction } = await github.rest.reactions.createForIssueComment({
                owner: context.repo.owner,
                repo: context.repo.repo,
                comment_id: ${{ needs.check-comment.outputs.comment_id }},
                content: '-1'
              });
              console.log(`Added -1 reaction with ID: ${reaction.id}`);
            } catch (error) {
              console.error(`Failed to add reaction: ${error.message}`);
              console.error(error);
            }
      - name: Post deployment URL to PR
        if: success()
        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
        with:
          github-token: ${{ steps.setup-bot.outputs.token }}
          script: |
            const { GITHUB_REPOSITORY } = process.env;
            const [repoOwner, repoName] = GITHUB_REPOSITORY.split('/');
            const prNumber = ${{ needs.check-comment.outputs.pr_number }};
            const securityStatus = process.env.security_status || "Security Disabled";
            const deploymentUrl = `http://${{ secrets.VPS_HOST }}:${prNumber}`;
            const commentBody = `## 🚀 PR Test Deployment\n\n` +
                              `Your PR has been deployed for testing!\n\n` +
                              `🔗 **Test URL:** [${deploymentUrl}](${deploymentUrl})\n` +
                              `${securityStatus}\n\n` +
                              `This deployment will be automatically cleaned up when the PR is closed.\n\n`;
            await github.rest.issues.createComment({
              owner: repoOwner,
              repo: repoName,
              issue_number: prNumber,
              body: commentBody
            });
      - name: Cleanup temporary files
        if: always()
        run: |
          echo "Cleaning up temporary files..."
          rm -f ../private.key docker-compose.yml
          echo "Cleanup complete."
        continue-on-error: true
--- a/.github/workflows/PR-Demo-Comment.yml
+++ b/.github/workflows/PR-Demo-Comment.yml
@ -0,0 +1,203 @@
 name: PR Deployment via Comment
 on:
  issue_comment:
    types: [created]
 permissions:
  contents: read
 jobs:
  check-comment:
    runs-on: ubuntu-latest
    permissions:
      pull-requests: read
      issues: read
    if: |
      github.event.issue.pull_request &&
      (
      contains(github.event.comment.body, 'prdeploy') ||
      contains(github.event.comment.body, 'deploypr')
      )
      &&
      (
        github.event.comment.user.login == 'frooodle' ||
        github.event.comment.user.login == 'sf298' ||
        github.event.comment.user.login == 'Ludy87' ||
        github.event.comment.user.login == 'LaserKaspar' ||
        github.event.comment.user.login == 'sbplat' ||
        github.event.comment.user.login == 'reecebrowne' ||
        github.event.comment.user.login == 'DarioGii' ||
        github.event.comment.user.login == 'ConnorYoh'
      )
    outputs:
      pr_number: ${{ steps.get-pr.outputs.pr_number }}
      pr_repository: ${{ steps.get-pr-info.outputs.repository }}
      pr_ref: ${{ steps.get-pr-info.outputs.ref }}
    steps:
      - name: Harden Runner
        uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1
        with:
          egress-policy: audit
      - name: Get PR data
        id: get-pr
        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
        with:
          script: |
            const prNumber = context.payload.issue.number;
            console.log(`PR Number: ${prNumber}`);
            core.setOutput('pr_number', prNumber);
      - name: Get PR repository and ref
        id: get-pr-info
        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
        with:
          script: |
            const { owner, repo } = context.repo;
            const prNumber = context.payload.issue.number;
            const { data: pr } = await github.rest.pulls.get({
              owner,
              repo,
              pull_number: prNumber,
            });
            // For forks, use the full repository name, for internal PRs use the current repo
            const repository = pr.head.repo.fork ? pr.head.repo.full_name : `${owner}/${repo}`;
            console.log(`PR Repository: ${repository}`);
            console.log(`PR Branch: ${pr.head.ref}`);
            core.setOutput('repository', repository);
            core.setOutput('ref', pr.head.ref);
  deploy-pr:
    needs: check-comment
    runs-on: ubuntu-latest
    permissions:
      pull-requests: write
      issues: write
    steps:
      - name: Harden Runner
        uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1
        with:
          egress-policy: audit
      - name: Checkout PR
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          repository: ${{ needs.check-comment.outputs.pr_repository }}
          ref: ${{ needs.check-comment.outputs.pr_ref }}
          token: ${{ secrets.GITHUB_TOKEN }}
      - name: Set up JDK
        uses: actions/setup-java@3a4f6e1af504cf6a31855fa899c6aa5355ba6c12 # v4.7.0
        with:
          java-version: "17"
          distribution: "temurin"
      - name: Run Gradle Command
        run: ./gradlew clean build
        env:
          DOCKER_ENABLE_SECURITY: false
          STIRLING_PDF_DESKTOP_UI: false
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
      - name: Get version number
        id: versionNumber
        run: |
          VERSION=$(grep "^version =" build.gradle | awk -F'"' '{print $2}')
          echo "versionNumber=$VERSION" >> $GITHUB_OUTPUT
      - name: Login to Docker Hub
        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
        with:
          username: ${{ secrets.DOCKER_HUB_USERNAME }}
          password: ${{ secrets.DOCKER_HUB_API }}
      - name: Build and push PR-specific image
        uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0
        with:
          context: .
          file: ./Dockerfile
          push: true
          tags: ${{ secrets.DOCKER_HUB_USERNAME }}/test:pr-${{ needs.check-comment.outputs.pr_number }}
          build-args: VERSION_TAG=${{ steps.versionNumber.outputs.versionNumber }}
          platforms: linux/amd64
      - name: Set up SSH
        run: |
          mkdir -p ~/.ssh/
          echo "${{ secrets.VPS_SSH_KEY }}" > ../private.key
          sudo chmod 600 ../private.key
      - name: Deploy to VPS
        run: |
          # First create the docker-compose content locally
          cat > docker-compose.yml << 'EOF'
          version: '3.3'
          services:
            stirling-pdf:
              container_name: stirling-pdf-pr-${{ needs.check-comment.outputs.pr_number }}
              image: ${{ secrets.DOCKER_HUB_USERNAME }}/test:pr-${{ needs.check-comment.outputs.pr_number }}
              ports:
                - "${{ needs.check-comment.outputs.pr_number }}:8080"
              volumes:
                - /stirling/PR-${{ needs.check-comment.outputs.pr_number }}/data:/usr/share/tessdata:rw
                - /stirling/PR-${{ needs.check-comment.outputs.pr_number }}/config:/configs:rw
                - /stirling/PR-${{ needs.check-comment.outputs.pr_number }}/logs:/logs:rw
              environment:
                DOCKER_ENABLE_SECURITY: "false"
                SECURITY_ENABLELOGIN: "false"
                SYSTEM_DEFAULTLOCALE: en-GB
                UI_APPNAME: "Stirling-PDF PR#${{ needs.check-comment.outputs.pr_number }}"
                UI_HOMEDESCRIPTION: "PR#${{ needs.check-comment.outputs.pr_number }} for Stirling-PDF Latest"
                UI_APPNAMENAVBAR: "PR#${{ needs.check-comment.outputs.pr_number }}"
                SYSTEM_MAXFILESIZE: "100"
                METRICS_ENABLED: "true"
                SYSTEM_GOOGLEVISIBILITY: "false"
              restart: on-failure:5
          EOF
          # Then copy the file and execute commands
          scp -i ../private.key -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null docker-compose.yml ${{ secrets.VPS_USERNAME }}@${{ secrets.VPS_HOST }}:/tmp/docker-compose.yml
          ssh -i ../private.key -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -T ${{ secrets.VPS_USERNAME }}@${{ secrets.VPS_HOST }} << 'ENDSSH'
            # Create PR-specific directories
            mkdir -p /stirling/PR-${{ needs.check-comment.outputs.pr_number }}/{data,config,logs}
            # Move docker-compose file to correct location
            mv /tmp/docker-compose.yml /stirling/PR-${{ needs.check-comment.outputs.pr_number }}/docker-compose.yml
            # Start or restart the container
            cd /stirling/PR-${{ needs.check-comment.outputs.pr_number }}
            docker-compose pull
            docker-compose up -d
          ENDSSH
      - name: Post deployment URL to PR
        if: success()
        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
        with:
          script: |
            const { GITHUB_REPOSITORY } = process.env;
            const [repoOwner, repoName] = GITHUB_REPOSITORY.split('/');
            const prNumber = ${{ needs.check-comment.outputs.pr_number }};
            const deploymentUrl = `http://${{ secrets.VPS_HOST }}:${prNumber}`;
            const commentBody = `## 🚀 PR Test Deployment\n\n` +
                              `Your PR has been deployed for testing!\n\n` +
                              `🔗 **Test URL:** [${deploymentUrl}](${deploymentUrl})\n\n` +
                              `This deployment will be automatically cleaned up when the PR is closed.\n\n`;
            await github.rest.issues.createComment({
              owner: repoOwner,
              repo: repoName,
              issue_number: prNumber,
              body: commentBody
            });
--- a/.github/workflows/PR-Demo-cleanup.yml
+++ b/.github/workflows/PR-Demo-cleanup.yml
@ -1,7 +1,7 @@
 name: PR Deployment cleanup
 on:
-  pull_request_target:
+  pull_request:
    types: [opened, synchronize, reopened, closed]
 permissions:
@ -13,99 +13,25 @@ env:
 jobs:
  cleanup:
    if: github.event.action == 'closed'
    runs-on: ubuntu-latest
    permissions:
      contents: write
      pull-requests: write
-      issues: write
+    if: github.event.action == 'closed'
    steps:
      - name: Harden Runner
-        uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
+        uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1
        with:
          egress-policy: audit
      - name: Checkout PR
        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
      - name: Setup GitHub App Bot
        if: github.actor != 'dependabot[bot]'
        id: setup-bot
        uses: ./.github/actions/setup-bot
        continue-on-error: true
        with:
          app-id: ${{ secrets.GH_APP_ID }}
          private-key: ${{ secrets.GH_APP_PRIVATE_KEY }}
      - name: Remove 'pr-deployed' label if present
        id: remove-label-comment
        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
        with:
          github-token: ${{ steps.setup-bot.outputs.token }}
          script: |
            const prNumber = ${{ github.event.pull_request.number }};
            const owner = context.repo.owner;
            const repo = context.repo.repo;
            // Get all labels on the PR
            const { data: labels } = await github.rest.issues.listLabelsOnIssue({
              owner,
              repo,
              issue_number: prNumber
            });
            const hasLabel = labels.some(label => label.name === 'pr-deployed');
            if (hasLabel) {
              console.log("Label 'pr-deployed' found. Removing...");
              await github.rest.issues.removeLabel({
                owner,
                repo,
                issue_number: prNumber,
                name: 'pr-deployed'
              });
            } else {
              console.log("Label 'pr-deployed' not found. Nothing to do.");
            }
            // Find existing bot comments about the deployment
            const { data: comments } = await github.rest.issues.listComments({
              owner,
              repo,
              issue_number: prNumber
            });
            const deploymentComments = comments.filter(c =>
              c.body?.includes("## 🚀 PR Test Deployment") &&
              c.user?.type === "Bot"
            );
            if (deploymentComments.length > 0) {
              for (const comment of deploymentComments) {
                await github.rest.issues.deleteComment({
                  owner,
                  repo,
                  comment_id: comment.id
                });
                console.log(`Deleted deployment comment (ID: ${comment.id})`);
              }
            } else {
              console.log("No matching deployment comments found.");
            }
            // Set flag if either label or comment was present
            const hasDeploymentComment = deploymentComments.length > 0;
            core.setOutput('present', (hasLabel || hasDeploymentComment) ? 'true' : 'false');
      - name: Set up SSH
        if: steps.remove-label-comment.outputs.present == 'true'
        run: |
          mkdir -p ~/.ssh/
          echo "${{ secrets.VPS_SSH_KEY }}" > ../private.key
          sudo chmod 600 ../private.key
      - name: Cleanup PR deployment
        if: steps.remove-label-comment.outputs.present == 'true'
        id: cleanup
        run: |
          ssh -i ../private.key -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -T ${{ secrets.VPS_USERNAME }}@${{ secrets.VPS_HOST }} << 'ENDSSH'
@ -131,11 +57,3 @@ jobs:
              echo "NO_CLEANUP_NEEDED"
            fi
          ENDSSH
      - name: Cleanup temporary files
        if: always()
        run: |
          echo "Cleaning up temporary files..."
          rm -f ../private.key
          echo "Cleanup complete."
        continue-on-error: true
--- a/.github/workflows/ai_pr_title_review.yml
+++ b/.github/workflows/ai_pr_title_review.yml
@ -1,228 +0,0 @@
 name: AI - PR Title Review
 on:
  pull_request:
    types: [opened, edited]
    branches: [main]
 permissions:  # required for secure-repo hardening
  contents: read
 jobs:
  ai-title-review:
    permissions:
      contents: read
      pull-requests: write
      models: read
    runs-on: ubuntu-latest
    steps:
      - name: Harden Runner
        uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
        with:
          egress-policy: audit
      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
        with:
          fetch-depth: 0
      - name: Configure Git to suppress detached HEAD warning
        run: git config --global advice.detachedHead false
      - name: Setup GitHub App Bot
        if: github.actor != 'dependabot[bot]'
        id: setup-bot
        uses: ./.github/actions/setup-bot
        continue-on-error: true
        with:
          app-id: ${{ secrets.GH_APP_ID }}
          private-key: ${{ secrets.GH_APP_PRIVATE_KEY }}
      - name: Check if actor is repo developer
        id: actor
        run: |
          if [[ "${{ github.actor }}" == *"[bot]" ]]; then
            echo "PR opened by a bot – skipping AI title review."
            echo "is_repo_dev=false" >> $GITHUB_OUTPUT
            exit 0
          fi
          if [ ! -f .github/config/repo_devs.json ]; then
            echo "Error: .github/config/repo_devs.json not found" >&2
            exit 1
          fi
          # Validate JSON and extract repo_devs
          REPO_DEVS=$(jq -r '.repo_devs[]' .github/config/repo_devs.json 2>/dev/null || { echo "Error: Invalid JSON in repo_devs.json" >&2; exit 1; })
          # Convert developer list into Bash array
          mapfile -t DEVS_ARRAY <<< "$REPO_DEVS"
          if [[ " ${DEVS_ARRAY[*]} " == *" ${{ github.actor }} "* ]]; then
            echo "is_repo_dev=true" >> $GITHUB_OUTPUT
          else
            echo "is_repo_dev=false" >> $GITHUB_OUTPUT
          fi
      - name: Get PR diff
        if: steps.actor.outputs.is_repo_dev == 'true'
        id: get_diff
        run: |
          git fetch origin ${{ github.base_ref }}
          git diff origin/${{ github.base_ref }}...HEAD | head -n 10000 | grep -vP '[\x00-\x08\x0B\x0C\x0E-\x1F\x7F\x{202E}\x{200B}]' > pr.diff
          echo "diff<<EOF" >> $GITHUB_OUTPUT
          cat pr.diff >> $GITHUB_OUTPUT
          echo "EOF" >> $GITHUB_OUTPUT
      - name: Check and sanitize PR title
        if: steps.actor.outputs.is_repo_dev == 'true'
        id: sanitize_pr_title
        env:
          PR_TITLE_RAW: ${{ github.event.pull_request.title }}
        run: |
          # Sanitize PR title: max 72 characters, only printable characters
          PR_TITLE=$(echo "$PR_TITLE_RAW" | tr -d '\n\r' | head -c 72 | sed 's/[^[:print:]]//g')
          if [[ ${#PR_TITLE} -lt 5 ]]; then
            echo "PR title is too short. Must be at least 5 characters." >&2
          fi
          echo "pr_title=$PR_TITLE" >> $GITHUB_OUTPUT
      - name: AI PR Title Analysis
        if: steps.actor.outputs.is_repo_dev == 'true'
        id: ai-title-analysis
        uses: actions/ai-inference@b81b2afb8390ee6839b494a404766bef6493c7d9 # v1.2.8
        with:
          model: openai/gpt-4o
          system-prompt-file: ".github/config/system-prompt.txt"
          prompt: |
            Based on the following input data:
            {
              "diff": "${{ steps.get_diff.outputs.diff }}",
              "pr_title": "${{ steps.sanitize_pr_title.outputs.pr_title }}"
            }
            Respond ONLY with valid JSON in the format:
            {
              "improved_rating": <0-10>,
              "improved_ai_title_rating": <0-10>,
              "improved_title": "<ai generated title>"
            }
      - name: Validate and set SCRIPT_OUTPUT
        if: steps.actor.outputs.is_repo_dev == 'true'
        run: |
          cat <<EOF > ai_response.json
          ${{ steps.ai-title-analysis.outputs.response }}
          EOF
          # Validate JSON structure
          jq -e '
            (keys | sort) == ["improved_ai_title_rating", "improved_rating", "improved_title"] and
            (.improved_rating | type == "number" and . >= 0 and . <= 10) and
            (.improved_ai_title_rating | type == "number" and . >= 0 and . <= 10) and
            (.improved_title | type == "string")
          ' ai_response.json
          if [ $? -ne 0 ]; then
            echo "Invalid AI response format" >&2
            cat ai_response.json >&2
            exit 1
          fi
          # Parse JSON fields
          IMPROVED_RATING=$(jq -r '.improved_rating' ai_response.json)
          IMPROVED_TITLE=$(jq -r '.improved_title' ai_response.json)
          # Limit comment length to 1000 characters
          COMMENT=$(cat <<EOF
          ## 🤖 AI PR Title Suggestion
          **PR-Title Rating**: $IMPROVED_RATING/10
          ### ⬇️ Suggested Title (copy & paste):
          \`\`\`
          $IMPROVED_TITLE
          \`\`\`
          ---
          *Generated by GitHub Models AI*
          EOF
          )
          echo "$COMMENT" > /tmp/ai-title-comment.md
          # Log input and output to the GitHub Step Summary
          echo "### 🤖 AI PR Title Analysis" >> $GITHUB_STEP_SUMMARY
          echo "### Input PR Title" >> $GITHUB_STEP_SUMMARY
          echo '```bash' >> $GITHUB_STEP_SUMMARY
          echo "${{ steps.sanitize_pr_title.outputs.pr_title }}" >> $GITHUB_STEP_SUMMARY
          echo '```' >> $GITHUB_STEP_SUMMARY
          echo '### AI Response (raw JSON)' >> $GITHUB_STEP_SUMMARY
          echo '```json' >> $GITHUB_STEP_SUMMARY
          cat ai_response.json >> $GITHUB_STEP_SUMMARY
          echo '```' >> $GITHUB_STEP_SUMMARY
      - name: Post comment on PR if needed
        if: steps.actor.outputs.is_repo_dev == 'true'
        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
        continue-on-error: true
        with:
          github-token: ${{ steps.setup-bot.outputs.token }}
          script: |
            const fs = require('fs');
            const body = fs.readFileSync('/tmp/ai-title-comment.md', 'utf8');
            const { GITHUB_REPOSITORY } = process.env;
            const [owner, repo] = GITHUB_REPOSITORY.split('/');
            const issue_number = context.issue.number;
            const ratingMatch = body.match(/\*\*PR-Title Rating\*\*: (\d+)\/10/);
            const rating = ratingMatch ? parseInt(ratingMatch[1], 10) : null;
            const expectedActor = "${{ steps.setup-bot.outputs.app-slug }}[bot]";
            const comments = await github.rest.issues.listComments({ owner, repo, issue_number });
            const existing = comments.data.find(c =>
              c.user?.login === expectedActor &&
              c.body.includes("## 🤖 AI PR Title Suggestion")
            );
            if (rating === null) {
              console.log("No rating found in AI response – skipping.");
              return;
            }
            if (rating <= 5) {
              if (existing) {
                await github.rest.issues.updateComment({
                  owner, repo,
                  comment_id: existing.id,
                  body
                });
                console.log("Updated existing suggestion comment.");
              } else {
                await github.rest.issues.createComment({
                  owner, repo, issue_number,
                  body
                });
                console.log("Created new suggestion comment.");
              }
            } else {
              const praise = `## 🤖 AI PR Title Suggestion\n\nGreat job! The current PR title is clear and well-structured.\n\n✅ No suggestions needed.\n\n---\n*Generated by GitHub Models AI*`;
              if (existing) {
                await github.rest.issues.updateComment({
                  owner, repo,
                  comment_id: existing.id,
                  body: praise
                });
                console.log("Replaced suggestion with praise.");
              } else {
                console.log("Rating > 5 and no existing comment – skipping comment.");
              }
            }
      - name: is not repo dev
        if: steps.actor.outputs.is_repo_dev != 'true'
        run: |
          exit 0 # Skip the AI title review for non-repo developers
      - name: Clean up
        if: always()
        run: |
          rm -f pr.diff ai_response.json /tmp/ai-title-comment.md
          echo "Cleaned up temporary files."
        continue-on-error: true # Ensure cleanup runs even if previous steps fail
--- a/.github/workflows/auto-labeler.yml
+++ b/.github/workflows/auto-labeler.yml
@ -0,0 +1,27 @@
 name: "Pull Request Labeler"
 on:
  pull_request_target:
    types: [opened, synchronize]
 permissions:
  contents: read
 jobs:
  labeler:
    runs-on: ubuntu-latest
    permissions:
      pull-requests: write
    steps:
      - name: Harden Runner
        uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1
        with:
          egress-policy: audit
      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
      - name: Apply Labels
        uses: actions/labeler@8558fd74291d67161a8a78ce36a881fa63b766a9 # v5.0.0
        with:
          repo-token: ${{ secrets.GITHUB_TOKEN }}
          configuration-path: .github/labeler-config.yml
          sync-labels: true
--- a/.github/workflows/auto-labelerV2.yml
+++ b/.github/workflows/auto-labelerV2.yml
@ -1,35 +0,0 @@
 name: "Auto Pull Request Labeler V2"
 on:
  pull_request_target:
    types: [opened, synchronize]
 permissions:
  contents: read
 jobs:
  labeler:
    runs-on: ubuntu-latest
    permissions:
      pull-requests: write
    steps:
      - name: Harden Runner
        uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
        with:
          egress-policy: audit
      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
      - name: Setup GitHub App Bot
        id: setup-bot
        uses: ./.github/actions/setup-bot
        with:
          app-id: ${{ secrets.GH_APP_ID }}
          private-key: ${{ secrets.GH_APP_PRIVATE_KEY }}
      - uses: srvaroa/labeler@0a20eccb8c94a1ee0bed5f16859aece1c45c3e55 # v1.13.0
        with:
          config_path: .github/labeler-config-srvaroa.yml
          use_local_config: false
          fail_on_error: true
        env:
          GITHUB_TOKEN: "${{ steps.setup-bot.outputs.token }}"
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@ -1,46 +1,15 @@
-name: Build and Test Workflow
+name: Build repo
 on:
-  workflow_dispatch:
+  push:
-  # push:
+    branches: ["main"]
  #   branches: ["main"]
  pull_request:
    branches: ["main"]
 # cancel in-progress jobs if a new job is triggered
 # This is useful to avoid running multiple builds for the same branch if a new commit is pushed
 # or a pull request is updated.
 # It helps to save resources and time by ensuring that only the latest commit is built and tested
 # This is particularly useful for long-running jobs that may take a while to complete.
 # The `group` is set to a combination of the workflow name, event name, and branch name.
 # This ensures that jobs are grouped by the workflow and branch, allowing for cancellation of
 # in-progress jobs when a new commit is pushed to the same branch or a new pull request is opened.
 concurrency:
  group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.event.pull_request.number || github.ref_name || github.ref }}
  cancel-in-progress: true
 permissions:
  contents: read
 jobs:
  files-changed:
    name: detect what files changed
    runs-on: ubuntu-latest
    timeout-minutes: 3
    # Map a step output to a job output
    outputs:
      build: ${{ steps.changes.outputs.build }}
      app: ${{ steps.changes.outputs.app }}
      project: ${{ steps.changes.outputs.project }}
      openapi: ${{ steps.changes.outputs.openapi }}
    steps:
      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
      - name: Check for file changes
        uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
        id: changes
        with:
          filters: ".github/config/.files.yaml"
  build:
    runs-on: ubuntu-latest
@ -52,136 +21,64 @@ jobs:
      fail-fast: false
      matrix:
        jdk-version: [17, 21]
        spring-security: [true, false]
    steps:
      - name: Harden Runner
-        uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
+        uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1
        with:
          egress-policy: audit
      - name: Checkout repository
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
      - name: Set up JDK ${{ matrix.jdk-version }}
-        uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0
+        uses: actions/setup-java@3a4f6e1af504cf6a31855fa899c6aa5355ba6c12 # v4.7.0
        with:
          java-version: ${{ matrix.jdk-version }}
          distribution: "temurin"
-      - name: Setup Gradle
+      - name: Build with Gradle and no spring security
        uses: gradle/actions/setup-gradle@017a9effdb900e5b5b2fddfb590a105619dca3c3 # v4.4.2
        with:
          gradle-version: 8.14
      - name: Build with Gradle and spring security ${{ matrix.spring-security }}
        run: ./gradlew clean build
        env:
-          DISABLE_ADDITIONAL_FEATURES: ${{ matrix.spring-security }}
+          DOCKER_ENABLE_SECURITY: false
-      - name: Check Test Reports Exist
+      - name: Build with Gradle and with spring security
-        id: check-reports
+        run: ./gradlew clean build
-        if: always()
+        env:
-        run: |
+          DOCKER_ENABLE_SECURITY: true
          declare -a dirs=(
            "app/core/build/reports/tests/"
            "app/core/build/test-results/"
            "app/common/build/reports/tests/"
            "app/common/build/test-results/"
            "app/proprietary/build/reports/tests/"
            "app/proprietary/build/test-results/"
          )
          missing_reports=()
          for dir in "${dirs[@]}"; do
            if [ ! -d "$dir" ]; then
              missing_reports+=("$dir")
            fi
          done
          if [ ${#missing_reports[@]} -gt 0 ]; then
            echo "ERROR: The following required test report directories are missing:"
            printf '%s\n' "${missing_reports[@]}"
            exit 1
          fi
          echo "All required test report directories are present"
      - name: Upload Test Reports
        if: always()
        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
        with:
-          name: test-reports-jdk-${{ matrix.jdk-version }}-spring-security-${{ matrix.spring-security }}
+          name: test-reports-jdk-${{ matrix.jdk-version }}
          path: |
-            app/core/build/reports/tests/
+            build/reports/tests/
-            app/core/build/test-results/
+            build/test-results/
            app/core/build/reports/problems/
            app/common/build/reports/tests/
            app/common/build/test-results/
            app/common/build/reports/problems/
            app/proprietary/build/reports/tests/
            app/proprietary/build/test-results/
            app/proprietary/build/reports/problems/
            build/reports/problems/
          retention-days: 3
          if-no-files-found: warn
  check-generateOpenApiDocs:
    if: needs.files-changed.outputs.openapi == 'true'
    needs: [files-changed, build]
    runs-on: ubuntu-latest
    steps:
      - name: Harden Runner
        uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
        with:
          egress-policy: audit
      - name: Checkout repository
        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
      - name: Set up JDK 17
        uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0
        with:
          java-version: "17"
          distribution: "temurin"
      - name: Setup Gradle
        uses: gradle/actions/setup-gradle@017a9effdb900e5b5b2fddfb590a105619dca3c3 # v4.4.2
      - name: Generate OpenAPI documentation
        run: ./gradlew :stirling-pdf:generateOpenApiDocs
        env:
          DISABLE_ADDITIONAL_FEATURES: true
      - name: Upload OpenAPI Documentation
        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
        with:
          name: openapi-docs
          path: ./SwaggerDoc.json
  check-licence:
    if: needs.files-changed.outputs.build == 'true'
    needs: [files-changed, build]
    runs-on: ubuntu-latest
    steps:
      - name: Harden Runner
-        uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
+        uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1
        with:
          egress-policy: audit
      - name: Checkout repository
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
      - name: Set up JDK 17
-        uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0
+        uses: actions/setup-java@3a4f6e1af504cf6a31855fa899c6aa5355ba6c12 # v4.7.0
        with:
          java-version: "17"
-          distribution: "temurin"
+          distribution: "adopt"
-      - name: Check licenses for compatibility
+      - name: check the licenses for compatibility
        run: ./gradlew clean checkLicense
        env:
          DISABLE_ADDITIONAL_FEATURES: false
          STIRLING_PDF_DESKTOP_UI: true
-      - name: FAILED - Check licenses for compatibility
+      - name: FAILED - check the licenses for compatibility
        if: failure()
        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
        with:
@ -191,8 +88,6 @@ jobs:
          retention-days: 3
  docker-compose-tests:
    if: needs.files-changed.outputs.project == 'true'
    needs: files-changed
    # if: github.event_name == 'push' && github.ref == 'refs/heads/main' ||
    #     (github.event_name == 'pull_request' &&
    #     contains(github.event.pull_request.labels.*.name, 'licenses') == false &&
@ -211,33 +106,32 @@ jobs:
    steps:
      - name: Harden Runner
-        uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
+        uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1
        with:
          egress-policy: audit
      - name: Checkout Repository
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
      - name: Set up Java 17
-        uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0
+        uses: actions/setup-java@3a4f6e1af504cf6a31855fa899c6aa5355ba6c12 # v4.7.0
        with:
          java-version: "17"
-          distribution: "temurin"
+          distribution: "adopt"
      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
+        uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
      - name: Install Docker Compose
        run: |
-          sudo curl -SL "https://github.com/docker/compose/releases/download/v2.37.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
+          sudo curl -SL "https://github.com/docker/compose/releases/download/v2.32.4/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
          sudo chmod +x /usr/local/bin/docker-compose
      - name: Set up Python
-        uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
+        uses: actions/setup-python@8d9ed9ac5c53483de85588cdf95a591a75ab9f55 # v5.5.0
        with:
          python-version: "3.12"
          cache: 'pip' # caching pip dependencies
          cache-dependency-path: ./testing/cucumber/requirements.txt
      - name: Pip requirements
        run: |
@ -247,71 +141,4 @@ jobs:
        run: |
          chmod +x ./testing/test_webpages.sh
          chmod +x ./testing/test.sh
          chmod +x ./testing/test_disabledEndpoints.sh
          ./testing/test.sh
  test-build-docker-images:
    if: github.event_name == 'pull_request' && needs.files-changed.outputs.project == 'true'
    needs: [files-changed, build, check-generateOpenApiDocs, check-licence]
    runs-on: ubuntu-latest
    strategy:
      fail-fast: false
      matrix:
        docker-rev: ["Dockerfile", "Dockerfile.ultra-lite", "Dockerfile.fat"]
    steps:
      - name: Harden Runner
        uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
        with:
          egress-policy: audit
      - name: Checkout Repository
        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
      - name: Set up JDK 17
        uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0
        with:
          java-version: "17"
          distribution: "temurin"
      - name: Set up Gradle
        uses: gradle/actions/setup-gradle@017a9effdb900e5b5b2fddfb590a105619dca3c3 # v4.4.2
        with:
          gradle-version: 8.14
      - name: Build application
        run: ./gradlew clean build
        env:
          DISABLE_ADDITIONAL_FEATURES: true
          STIRLING_PDF_DESKTOP_UI: false
      - name: Set up QEMU
        uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0
      - name: Set up Docker Buildx
        id: buildx
        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
      - name: Build ${{ matrix.docker-rev }}
        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
        with:
          builder: ${{ steps.buildx.outputs.name }}
          context: .
          file: ./${{ matrix.docker-rev }}
          push: false
          cache-from: type=gha
          cache-to: type=gha,mode=max
          platforms: linux/amd64,linux/arm64/v8
          provenance: true
          sbom: true
      - name: Upload Reports
        if: always()
        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
        with:
          name: reports-docker-${{ matrix.docker-rev }}
          path: |
            build/reports/tests/
            build/test-results/
            build/reports/problems/
          retention-days: 3
          if-no-files-found: warn
--- a/.github/workflows/check_properties.yml
+++ b/.github/workflows/check_properties.yml
@ -4,19 +4,7 @@ on:
  pull_request_target:
    types: [opened, synchronize, reopened]
    paths:
-      - "app/core/src/main/resources/messages_*.properties"
+      - "src/main/resources/messages_*.properties"
 # cancel in-progress jobs if a new job is triggered
 # This is useful to avoid running multiple builds for the same branch if a new commit is pushed
 # or a pull request is updated.
 # It helps to save resources and time by ensuring that only the latest commit is built and tested
 # This is particularly useful for long-running jobs that may take a while to complete.
 # The `group` is set to a combination of the workflow name, event name, and branch name.
 # This ensures that jobs are grouped by the workflow and branch, allowing for cancellation of
 # in-progress jobs when a new commit is pushed to the same branch or a new pull request is opened.
 concurrency:
  group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.event.pull_request.number || github.ref_name || github.ref }}
  cancel-in-progress: true
 permissions:
  contents: read # Allow read access to repository content
@ -27,28 +15,25 @@ jobs:
    runs-on: ubuntu-latest
    permissions:
      issues: write # Allow posting comments on issues/PRs
-      pull-requests: write # Allow writing to pull requests
+      pull-requests: write
    steps:
      - name: Harden Runner
-        uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
+        uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1
        with:
          egress-policy: audit
      - name: Checkout main branch first
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-      - name: Setup GitHub App Bot
+      - name: Set up Python
-        id: setup-bot
+        uses: actions/setup-python@8d9ed9ac5c53483de85588cdf95a591a75ab9f55 # v5.5.0
        uses: ./.github/actions/setup-bot
        with:
-          app-id: ${{ secrets.GH_APP_ID }}
+          python-version: "3.12"
          private-key: ${{ secrets.GH_APP_PRIVATE_KEY }}
      - name: Get PR data
        id: get-pr-data
        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
        with:
          github-token: ${{ steps.setup-bot.outputs.token }}
          script: |
            const prNumber = context.payload.pull_request.number;
            const repoOwner = context.payload.repository.owner.login;
@ -69,30 +54,16 @@ jobs:
      - name: Fetch PR changed files
        id: fetch-pr-changes
        env:
-          GH_TOKEN: ${{ steps.setup-bot.outputs.token }}
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: |
          echo "Fetching PR changed files..."
          echo "Getting list of changed files from PR..."
-                   # Check if PR number exists
+          gh pr view ${{ steps.get-pr-data.outputs.pr_number }} --json files -q ".files[].path" | grep -E '^src/main/resources/messages_[a-zA-Z_]{2}_[a-zA-Z_]{2,7}\.properties$' > changed_files.txt # Filter only matching property files
            if [ -z "${{ steps.get-pr-data.outputs.pr_number }}" ]; then
              echo "Error: PR number is empty"
              exit 1
            fi
            # Get changed files and filter for properties files, handle case where no matches are found
            gh pr view ${{ steps.get-pr-data.outputs.pr_number }} --json files -q ".files[].path" | grep -E '^app/core/src/main/resources/messages_[a-zA-Z_]{2}_[a-zA-Z_]{2,7}\.properties$' > changed_files.txt || echo "No matching properties files found in PR"
            # Check if any files were found
            if [ ! -s changed_files.txt ]; then
              echo "No properties files changed in this PR"
              echo "Workflow will exit early as no relevant files to check"
              exit 0
            fi
            echo "Found $(wc -l < changed_files.txt) matching properties files"
      - name: Determine reference file test
        id: determine-file
        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
        with:
          github-token: ${{ steps.setup-bot.outputs.token }}
          script: |
            const fs = require("fs");
            const path = require("path");
@ -127,11 +98,8 @@ jobs:
            // Filter for relevant files based on the PR changes
            const changedFiles = files
-              .filter(file =>
+              .map(file => file.filename)
-                file.status !== "removed" &&
+              .filter(file => /^src\/main\/resources\/messages_[a-zA-Z_]{2}_[a-zA-Z_]{2,7}\.properties$/.test(file));
                /^app\/core\/src\/main\/resources\/messages_[a-zA-Z_]{2}_[a-zA-Z_]{2,7}\.properties$/.test(file.filename)
              )
              .map(file => file.filename);
            console.log("Changed files:", changedFiles);
@ -169,12 +137,12 @@ jobs:
            // Determine reference file
            let referenceFilePath;
-            if (changedFiles.includes("app/core/src/main/resources/messages_en_GB.properties")) {
+            if (changedFiles.includes("src/main/resources/messages_en_GB.properties")) {
              console.log("Using PR branch reference file.");
              const { data: fileContent } = await github.rest.repos.getContent({
                owner: prRepoOwner,
                repo: prRepoName,
-                path: "app/core/src/main/resources/messages_en_GB.properties",
+                path: "src/main/resources/messages_en_GB.properties",
                ref: branch,
              });
@ -186,7 +154,7 @@ jobs:
              const { data: fileContent } = await github.rest.repos.getContent({
                owner: repoOwner,
                repo: repoName,
-                path: "app/core/src/main/resources/messages_en_GB.properties",
+                path: "src/main/resources/messages_en_GB.properties",
                ref: "main",
              });
@ -236,7 +204,6 @@ jobs:
        if: env.SCRIPT_OUTPUT != ''
        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
        with:
          github-token: ${{ steps.setup-bot.outputs.token }}
          script: |
            const { GITHUB_REPOSITORY, SCRIPT_OUTPUT } = process.env;
            const [repoOwner, repoName] = GITHUB_REPOSITORY.split('/');
@ -252,7 +219,7 @@ jobs:
            const comment = comments.data.find(c => c.body.includes("## 🚀 Translation Verification Summary"));
            // Only update or create comments by the action user
-            const expectedActor = "${{ steps.setup-bot.outputs.app-slug }}[bot]";
+            const expectedActor = "github-actions[bot]";
            if (comment && comment.user.login === expectedActor) {
              // Update existing comment
@ -281,12 +248,3 @@ jobs:
        run: |
          echo "Failing the job because errors were detected."
          exit 1
      - name: Cleanup temporary files
        if: always()
        run: |
          echo "Cleaning up temporary files..."
          rm -rf pr-branch
          rm -f pr-branch-messages_en_GB.properties main-branch-messages_en_GB.properties changed_files.txt result.txt
          echo "Cleanup complete."
        continue-on-error: true # Ensure cleanup runs even if previous steps fail
--- a/.github/workflows/dependency-review.yml
+++ b/.github/workflows/dependency-review.yml
@ -17,11 +17,11 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Harden Runner
-        uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
+        uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1
        with:
          egress-policy: audit
      - name: "Checkout Repository"
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
      - name: "Dependency Review"
-        uses: actions/dependency-review-action@595b5aeba73380359d98a5e087f648dbb0edce1b # v4.7.3
+        uses: actions/dependency-review-action@ce3cf9537a52e8119d91fd484ab5b8a807627bf8 # v4.6.0
--- a/.github/workflows/licenses-update.yml
+++ b/.github/workflows/licenses-update.yml
@ -7,18 +7,6 @@ on:
    paths:
      - "build.gradle"
 # cancel in-progress jobs if a new job is triggered
 # This is useful to avoid running multiple builds for the same branch if a new commit is pushed
 # or a pull request is updated.
 # It helps to save resources and time by ensuring that only the latest commit is built and tested
 # This is particularly useful for long-running jobs that may take a while to complete.
 # The `group` is set to a combination of the workflow name, event name, and branch name.
 # This ensures that jobs are grouped by the workflow and branch, allowing for cancellation of
 # in-progress jobs when a new commit is pushed to the same branch or a new pull request is opened.
 concurrency:
  group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.ref_name || github.ref }}
  cancel-in-progress: true
 permissions:
  contents: read
@ -28,55 +16,54 @@ jobs:
    permissions:
      contents: write
      pull-requests: write
      repository-projects: write # Required for enabling automerge
    steps:
      - name: Harden Runner
-        uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
+        uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1
        with:
          egress-policy: audit
-      - name: Check out code
+      - name: Generate GitHub App Token
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        id: generate-token
-        with:
+        uses: actions/create-github-app-token@3ff1caaa28b64c9cc276ce0a02e2ff584f3900c5 # v2.0.2
          fetch-depth: 0
      - name: Setup GitHub App Bot
        id: setup-bot
        uses: ./.github/actions/setup-bot
        with:
          app-id: ${{ secrets.GH_APP_ID }}
          private-key: ${{ secrets.GH_APP_PRIVATE_KEY }}
      - name: Check out code
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
      - name: Set up JDK 17
-        uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0
+        uses: actions/setup-java@3a4f6e1af504cf6a31855fa899c6aa5355ba6c12 # v4.7.0
        with:
          java-version: "17"
-          distribution: "temurin"
+          distribution: "adopt"
-      - name: Setup Gradle
+      - uses: gradle/actions/setup-gradle@06832c7b30a0129d7fb559bcc6e43d26f6374244 # v4.3.1
        uses: gradle/actions/setup-gradle@017a9effdb900e5b5b2fddfb590a105619dca3c3 # v4.4.2
-      - name: Check licenses for compatibility
+      - name: check the licenses for compatibility
        run: ./gradlew clean checkLicense
        env:
          DISABLE_ADDITIONAL_FEATURES: false
          STIRLING_PDF_DESKTOP_UI: true
-      - name: Upload artifact on failure
+      - name: FAILED - check the licenses for compatibility
        if: failure()
        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
        with:
          name: dependencies-without-allowed-license.json
-          path: build/reports/dependency-license/dependencies-without-allowed-license.json
+          path: |
            build/reports/dependency-license/dependencies-without-allowed-license.json
          retention-days: 3
-      - name: Move and rename license file
+      - name: Move and Rename License File
        run: |
-          mv build/reports/dependency-license/index.json app/core/src/main/resources/static/3rdPartyLicenses.json
+          mv build/reports/dependency-license/index.json src/main/resources/static/3rdPartyLicenses.json
-      - name: Commit changes
+      - name: Set up git config
        run: |
-          git add app/core/src/main/resources/static/3rdPartyLicenses.json
+          git config --global user.name "stirlingbot[bot]"
          git config --global user.email "1113334+stirlingbot[bot]@users.noreply.github.com"
      - name: Run git add
        run: |
          git add src/main/resources/static/3rdPartyLicenses.json
          git diff --staged --quiet || echo "CHANGES_DETECTED=true" >> $GITHUB_ENV
      - name: Create Pull Request
@ -84,16 +71,16 @@ jobs:
        if: env.CHANGES_DETECTED == 'true'
        uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8
        with:
-          token: ${{ steps.setup-bot.outputs.token }}
+          token: ${{ steps.generate-token.outputs.token }}
          commit-message: "Update 3rd Party Licenses"
-          committer: ${{ steps.setup-bot.outputs.committer }}
+          committer: "stirlingbot[bot] <1113334+stirlingbot[bot]@users.noreply.github.com>"
-          author: ${{ steps.setup-bot.outputs.committer }}
+          author: "stirlingbot[bot] <1113334+stirlingbot[bot]@users.noreply.github.com>"
          signoff: true
          branch: update-3rd-party-licenses
          title: "Update 3rd Party Licenses"
          body: |
-            Auto-generated by ${{ steps.setup-bot.outputs.app-slug }}[bot]
+            Auto-generated by StirlingBot
-          labels: Licenses,github-actions
+          labels: licenses,github-actions
          draft: false
          delete-branch: true
          sign-commits: true
@ -102,4 +89,4 @@ jobs:
        if: steps.cpr.outputs.pull-request-operation == 'created'
        run: gh pr merge --squash --auto "${{ steps.cpr.outputs.pull-request-number }}"
        env:
-          GH_TOKEN: ${{ steps.setup-bot.outputs.token }}
+          GH_TOKEN: ${{ steps.generate-token.outputs.token }}
--- a/.github/workflows/manage-label.yml
+++ b/.github/workflows/manage-label.yml
@ -15,12 +15,12 @@ jobs:
      issues: write
    steps:
      - name: Harden Runner
-        uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
+        uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1
        with:
          egress-policy: audit
      - name: Check out the repository
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
      - name: Run Labeler
        uses: crazy-max/ghaction-github-labeler@24d110aa46a59976b8a7f35518cb7f14f434c916 # v5.3.0
--- a/.github/workflows/multiOSReleases.yml
+++ b/.github/workflows/multiOSReleases.yml
@ -2,11 +2,6 @@ name: Test Installers Build
 on:
  workflow_dispatch:
    inputs:
      test_mode:
        description: "Run in test mode (skip release step)"
        required: false
        default: "false"
  release:
    types: [created]
@ -21,72 +16,68 @@ jobs:
      versionMac: ${{ steps.versionNumberMac.outputs.versionNumberMac }}
    steps:
      - name: Harden Runner
-        uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
+        uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1
        with:
          egress-policy: audit
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-      - name: Set up JDK
+      # Get version number
        uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0
        with:
          distribution: 'temurin'
          java-version: '21'
      # ✅ Get version from Gradle
      - name: Get version number
        id: versionNumber
        run: |
-          VERSION=$(./gradlew printVersion --quiet | tail -1)
+          VERSION=$(grep "^version =" build.gradle | awk -F'"' '{print $2}')
          echo "versionNumber=$VERSION" >> $GITHUB_OUTPUT
      # ✅ Get Mac-specific version from Gradle
      - name: Get version number mac
        id: versionNumberMac
        run: |
-          VERSION_MAC=$(./gradlew printMacVersion --quiet | tail -1)
+          VERSION=$(grep "^version =" build.gradle | awk -F'"' '{print $2}')
-          echo "versionNumberMac=$VERSION_MAC" >> $GITHUB_OUTPUT
+          CURRENT_YEAR=$(date +'%Y')
          IFS='.' read -r -a VERSION_PARTS <<< "$VERSION"
          MAC_VERSION="$CURRENT_YEAR.${VERSION_PARTS[1]:-0}.${VERSION_PARTS[2]:-0}"
          echo "versionNumberMac=$MAC_VERSION" >> $GITHUB_OUTPUT
  build-portable:
    needs: read_versions
    runs-on: ubuntu-latest
    strategy:
      matrix:
-        disable_security: [true, false]
+        enable_security: [true, false]
        include:
-          - disable_security: false
+          - enable_security: true
            file_suffix: "-with-login"
-          - disable_security: true
+          - enable_security: false
            file_suffix: ""
    steps:
      - name: Harden Runner
-        uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
+        uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1
        with:
          egress-policy: audit
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
      - name: Set up JDK 21
-        uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0
+        uses: actions/setup-java@3a4f6e1af504cf6a31855fa899c6aa5355ba6c12 # v4.7.0
        with:
          java-version: "21"
          distribution: "temurin"
-      - uses: gradle/actions/setup-gradle@017a9effdb900e5b5b2fddfb590a105619dca3c3 # v4.4.2
+      - uses: gradle/actions/setup-gradle@06832c7b30a0129d7fb559bcc6e43d26f6374244 # v4.3.1
        with:
-          gradle-version: 8.14
+          gradle-version: 8.12
-      - name: Generate jar (Disable Security=${{ matrix.disable_security }})
+      - name: Generate jar (With Security=${{ matrix.enable_security }})
        run: ./gradlew clean createExe
        env:
-          DISABLE_ADDITIONAL_FEATURES: ${{ matrix.disable_security }}
+          DOCKER_ENABLE_SECURITY: ${{ matrix.enable_security }}
          STIRLING_PDF_DESKTOP_UI: false
      - name: Rename binaries
        run: |
          mkdir ./binaries
          mv ./build/launch4j/Stirling-PDF.exe ./binaries/win-Stirling-PDF-portable-Server${{ matrix.file_suffix }}.exe
-          mv ./app/core/build/libs/stirling-pdf-${{ needs.read_versions.outputs.version }}.jar ./binaries/Stirling-PDF${{ matrix.file_suffix }}.jar
+          mv ./build/libs/Stirling-PDF-${{ needs.read_versions.outputs.version }}.jar ./binaries/Stirling-PDF${{ matrix.file_suffix }}.jar
      - name: Upload build artifacts
        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
@ -102,20 +93,20 @@ jobs:
    runs-on: ubuntu-latest
    strategy:
      matrix:
-        disable_security: [true, false]
+        enable_security: [true, false]
        include:
-          - disable_security: false
+          - enable_security: true
            file_suffix: "with-login-"
-          - disable_security: true
+          - enable_security: false
            file_suffix: ""
    steps:
      - name: Harden Runner
-        uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
+        uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1
        with:
          egress-policy: audit
      - name: Download build artifacts
-        uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
+        uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e # v4.2.1
        with:
          name: stirling-${{ matrix.file_suffix }}binaries
@ -148,21 +139,21 @@ jobs:
      contents: write
    steps:
      - name: Harden Runner
-        uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
+        uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1
        with:
          egress-policy: audit
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
      - name: Set up JDK 21
-        uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0
+        uses: actions/setup-java@3a4f6e1af504cf6a31855fa899c6aa5355ba6c12 # v4.7.0
        with:
          java-version: "21"
          distribution: "temurin"
-      - uses: gradle/actions/setup-gradle@017a9effdb900e5b5b2fddfb590a105619dca3c3 # v4.4.2
+      - uses: gradle/actions/setup-gradle@06832c7b30a0129d7fb559bcc6e43d26f6374244 # v4.3.1
        with:
-          gradle-version: 8.14
+          gradle-version: 8.12
      # Install Windows dependencies
      - name: Install WiX Toolset
@ -175,39 +166,21 @@ jobs:
      - name: Build Installer
        run: ./gradlew build jpackage -x test --info
        env:
-          DISABLE_ADDITIONAL_FEATURES: true
+          DOCKER_ENABLE_SECURITY: false
          STIRLING_PDF_DESKTOP_UI: true
          BROWSER_OPEN: true
      - name: Set up JDK (x86_64)
        if: matrix.os == 'macos-latest'
        run: |
          curl -L -o jdk.tar.gz https://cdn.azul.com/zulu/bin/zulu17.56.15-ca-jdk17.0.14-macosx_x64.tar.gz
          mkdir -p zulu17
          tar -xzf jdk.tar.gz -C zulu17 --strip-components=1
          echo "JAVA_HOME=$PWD/zulu17" >> $GITHUB_ENV
          echo "$PWD/zulu17/bin" >> $GITHUB_PATH
      -   name: Verify JDK architecture
          if: matrix.os == 'macos-latest'
          run: file $JAVA_HOME/bin/java
      -   name: Build project and run jpackage (x86_64)
          if: matrix.os == 'macos-latest'
          run: arch -x86_64 ./gradlew jpackageMacX64
      # Rename and collect artifacts based on OS
      - name: Prepare artifacts
        id: prepare
        shell: bash
        run: |
          ls -lah ./build/jpackage/
          mkdir ./binaries
          if [ "${{ matrix.os }}" = "windows-latest" ]; then
-            mv "./build/jpackage/Stirling PDF-${{ needs.read_versions.outputs.version }}.exe" "./binaries/Stirling-PDF-win-installer.exe"
+            mv "./build/jpackage/Stirling-PDF-${{ needs.read_versions.outputs.version }}.exe" "./binaries/Stirling-PDF-win-installer.exe"
          elif [ "${{ matrix.os }}" = "macos-latest" ]; then
-            mv "./build/jpackage/Stirling PDF-${{ needs.read_versions.outputs.versionMac }}.dmg" "./binaries/Stirling-PDF-mac-installer.dmg"
+            mv "./build/jpackage/Stirling-PDF-${{ needs.read_versions.outputs.versionMac }}.dmg" "./binaries/Stirling-PDF-mac-installer.dmg"
-            mv "./build/jpackage/x86_64/Stirling PDF (x86_64)-${{ needs.read_versions.outputs.versionMac }}.dmg" "./binaries/Stirling-PDF-mac-x86_64-installer.dmg"
+            mv "./build/jpackage/Stirling-PDF-x86_64-${{ needs.read_versions.outputs.versionMac }}.dmg" "./binaries/Stirling-PDF-mac-x86_64-installer.dmg"
          else
            mv "./build/jpackage/stirling-pdf_${{ needs.read_versions.outputs.version }}-1_amd64.deb" "./binaries/Stirling-PDF-linux-installer.deb"
          fi
@ -238,12 +211,12 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Harden Runner
-        uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
+        uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1
        with:
          egress-policy: audit
      - name: Download build artifacts
-        uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
+        uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e # v4.2.1
        with:
          name: ${{ matrix.platform }}binaries
@ -252,7 +225,7 @@ jobs:
      - name: Install Cosign
        if: matrix.os == 'windows-latest'
-        uses: sigstore/cosign-installer@d58896d6a1865668819e1d91763c7751a165e159 # v3.9.2
+        uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.8.1
      - name: Generate key pair
        if: matrix.os == 'windows-latest'
@ -290,27 +263,25 @@ jobs:
          name: ${{ matrix.platform }}signed
          path: |
            ./Stirling-PDF-${{ matrix.platform }}installer.*
            ./Stirling-PDF-${{ matrix.platform }}x86_64-installer.*
            !cosign.*
  create-release:
    if: github.event_name != 'workflow_dispatch' || github.event.inputs.test_mode != 'true'
    needs: [read_versions, sign_verify, sign_verify-portable]
    runs-on: ubuntu-latest
    permissions:
      contents: write
    steps:
      - name: Harden Runner
-        uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
+        uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1
        with:
          egress-policy: audit
      - name: Download signed artifacts
-        uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
+        uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e # v4.2.1
      - name: Display structure of downloaded files
        run: ls -R
      - name: Upload binaries, attestations and signatures to Release and create GitHub Release
-        uses: softprops/action-gh-release@72f2c25fcb47643c292f7107632f7a47c1df5cd8 # v2.3.2
+        uses: softprops/action-gh-release@01570a1f39cb168c169c802c3bceb9e93fb10974 # v2.1.0
        with:
          tag_name: v${{ needs.read_versions.outputs.version }}
          generate_release_notes: true
--- a/.github/workflows/pre_commit.yml
+++ b/.github/workflows/pre_commit.yml
@ -2,9 +2,8 @@ name: Pre-commit
 on:
  workflow_dispatch:
-  push:
+  schedule:
-    branches:
+    - cron: "0 0 * * 1"
      - main
 permissions:
  contents: read
@ -17,63 +16,62 @@ jobs:
      pull-requests: write
    steps:
      - name: Harden Runner
-        uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
+        uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1
        with:
          egress-policy: audit
-      - name: Checkout repository
+      - name: Generate GitHub App Token
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        id: generate-token
-        with:
+        uses: actions/create-github-app-token@3ff1caaa28b64c9cc276ce0a02e2ff584f3900c5 # v2.0.2
          fetch-depth: 0
      - name: Setup GitHub App Bot
        id: setup-bot
        uses: ./.github/actions/setup-bot
        with:
          app-id: ${{ secrets.GH_APP_ID }}
          private-key: ${{ secrets.GH_APP_PRIVATE_KEY }}
      - name: Get GitHub App User ID
        id: get-user-id
        run: echo "user-id=$(gh api "/users/${{ steps.generate-token.outputs.app-slug }}[bot]" --jq .id)" >> $GITHUB_OUTPUT
        env:
          GH_TOKEN: ${{ steps.generate-token.outputs.token }}
      - id: committer
        run: |
          echo "string=${{ steps.generate-token.outputs.app-slug }}[bot] <${{ steps.get-user-id.outputs.user-id }}+${{ steps.generate-token.outputs.app-slug }}[bot]@users.noreply.github.com>"  >> "$GITHUB_OUTPUT"
      - name: Checkout repository
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          fetch-depth: 0
      - name: Set up Python
-        uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
+        uses: actions/setup-python@8d9ed9ac5c53483de85588cdf95a591a75ab9f55 # v5.5.0
        with:
          python-version: 3.12
          cache: 'pip' # caching pip dependencies
          cache-dependency-path: ./.github/scripts/requirements_pre_commit.txt
      - name: Run Pre-Commit Hooks
        run: |
          pip install --require-hashes -r ./.github/scripts/requirements_pre_commit.txt
      - run: pre-commit run --all-files -c .pre-commit-config.yaml
        continue-on-error: true
-
+      - name: Set up git config
-      - name: Set up JDK
+        run: |
-        uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0
+          git config --global user.name ${{ steps.generate-token.outputs.app-slug }}[bot]
-        with:
+          git config --global user.email "${{ steps.get-user-id.outputs.user-id }}+${{ steps.generate-token.outputs.app-slug }}[bot]@users.noreply.github.com"
          java-version: 17
          distribution: "temurin"
      - name: Build with Gradle
        run: ./gradlew clean build
      - name: git add
        run: |
          git add .
          git diff --staged --quiet || echo "CHANGES_DETECTED=true" >> $GITHUB_ENV
      - name: Create Pull Request
        if: env.CHANGES_DETECTED == 'true'
        uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8
        with:
-          token: ${{ steps.setup-bot.outputs.token }}
+          token: ${{ steps.generate-token.outputs.token }}
          commit-message: ":file_folder: pre-commit"
-          committer: ${{ steps.setup-bot.outputs.committer }}
+          committer: ${{ steps.committer.outputs.string }}
-          author: ${{ steps.setup-bot.outputs.committer }}
+          author: ${{ steps.committer.outputs.string }}
          signoff: true
          branch: pre-commit
-          title: "🤖 format everything with pre-commit by ${{ steps.setup-bot.outputs.app-slug }}"
+          title: "🤖 format everything with pre-commit by <${{ steps.generate-token.outputs.app-slug }}>"
          body: |
-            Auto-generated by [create-pull-request][1] with **${{ steps.setup-bot.outputs.app-slug }}**
+            Auto-generated by [create-pull-request][1] with **${{ steps.generate-token.outputs.app-slug }}**
            [1]: https://github.com/peter-evans/create-pull-request
          draft: false
--- a/.github/workflows/push-docker.yml
+++ b/.github/workflows/push-docker.yml
@ -7,18 +7,6 @@ on:
      - master
      - main
 # cancel in-progress jobs if a new job is triggered
 # This is useful to avoid running multiple builds for the same branch if a new commit is pushed
 # or a pull request is updated.
 # It helps to save resources and time by ensuring that only the latest commit is built and tested
 # This is particularly useful for long-running jobs that may take a while to complete.
 # The `group` is set to a combination of the workflow name, event name, and branch name.
 # This ensures that jobs are grouped by the workflow and branch, allowing for cancellation of
 # in-progress jobs when a new commit is pushed to the same branch or a new pull request is opened.
 concurrency:
  group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.ref_name || github.ref }}
  cancel-in-progress: true
 permissions:
  contents: read
@ -30,50 +18,50 @@ jobs:
      id-token: write
    steps:
      - name: Harden Runner
-        uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
+        uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1
        with:
          egress-policy: audit
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
      - name: Set up JDK 17
-        uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0
+        uses: actions/setup-java@3a4f6e1af504cf6a31855fa899c6aa5355ba6c12 # v4.7.0
        with:
          java-version: "17"
          distribution: "temurin"
-      - uses: gradle/actions/setup-gradle@017a9effdb900e5b5b2fddfb590a105619dca3c3 # v4.4.2
+      - uses: gradle/actions/setup-gradle@06832c7b30a0129d7fb559bcc6e43d26f6374244 # v4.3.1
        with:
-          gradle-version: 8.14
+          gradle-version: 8.12
      - name: Run Gradle Command
        run: ./gradlew clean build
        env:
-          DISABLE_ADDITIONAL_FEATURES: true
+          DOCKER_ENABLE_SECURITY: false
          STIRLING_PDF_DESKTOP_UI: false
      - name: Install cosign
        if: github.ref == 'refs/heads/master'
-        uses: sigstore/cosign-installer@d58896d6a1865668819e1d91763c7751a165e159 # v3.9.2
+        uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.8.1
        with:
          cosign-release: "v2.4.1"
      - name: Set up Docker Buildx
        id: buildx
-        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
+        uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
      - name: Get version number
        id: versionNumber
        run: echo "versionNumber=$(./gradlew printVersion --quiet | tail -1)" >> $GITHUB_OUTPUT
      - name: Login to Docker Hub
-        uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0
+        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
        with:
          username: ${{ secrets.DOCKER_HUB_USERNAME }}
          password: ${{ secrets.DOCKER_HUB_API }}
      - name: Login to GitHub Container Registry
-        uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0
+        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
@ -88,8 +76,7 @@ jobs:
      - name: Generate tags
        id: meta
-        uses: docker/metadata-action@c1e51972afc2121e065aed6d45c65596fe445f3f # v5.8.0
+        uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0
        if: github.ref != 'refs/heads/main'
        with:
          images: |
            ${{ secrets.DOCKER_HUB_USERNAME }}/s-pdf
@ -99,11 +86,11 @@ jobs:
          tags: |
            type=raw,value=${{ steps.versionNumber.outputs.versionNumber }},enable=${{ github.ref == 'refs/heads/master' }}
            type=raw,value=latest,enable=${{ github.ref == 'refs/heads/master' }}
            type=raw,value=alpha,enable=${{ github.ref == 'refs/heads/main' }}
      - name: Build and push main Dockerfile
        id: build-push-regular
-        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
+        uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0
        if: github.ref != 'refs/heads/main'
        with:
          builder: ${{ steps.buildx.outputs.name }}
          context: .
@ -134,7 +121,7 @@ jobs:
      - name: Generate tags ultra-lite
        id: meta2
-        uses: docker/metadata-action@c1e51972afc2121e065aed6d45c65596fe445f3f # v5.8.0
+        uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0
        if: github.ref != 'refs/heads/main'
        with:
          images: |
@ -148,7 +135,7 @@ jobs:
      - name: Build and push Dockerfile-ultra-lite
        id: build-push-lite
-        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
+        uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0
        if: github.ref != 'refs/heads/main'
        with:
          context: .
@ -165,7 +152,8 @@ jobs:
      - name: Generate tags fat
        id: meta3
-        uses: docker/metadata-action@c1e51972afc2121e065aed6d45c65596fe445f3f # v5.8.0
+        uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0
        if: github.ref != 'refs/heads/main'
        with:
          images: |
            ${{ secrets.DOCKER_HUB_USERNAME }}/s-pdf
@ -175,11 +163,11 @@ jobs:
          tags: |
            type=raw,value=${{ steps.versionNumber.outputs.versionNumber }}-fat,enable=${{ github.ref == 'refs/heads/master' }}
            type=raw,value=latest-fat,enable=${{ github.ref == 'refs/heads/master' }}
            type=raw,value=alpha,enable=${{ github.ref == 'refs/heads/main' }}
      - name: Build and push main Dockerfile fat
        id: build-push-fat
-        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
+        uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0
        if: github.ref != 'refs/heads/main'
        with:
          builder: ${{ steps.buildx.outputs.name }}
          context: .
--- a/.github/workflows/releaseArtifacts.yml
+++ b/.github/workflows/releaseArtifacts.yml
@ -13,36 +13,36 @@ jobs:
    runs-on: ubuntu-latest
    strategy:
      matrix:
-        disable_security: [true, false]
+        enable_security: [true, false]
        include:
-          - disable_security: false
+          - enable_security: true
            file_suffix: "-with-login"
-          - disable_security: true
+          - enable_security: false
            file_suffix: ""
    outputs:
      version: ${{ steps.versionNumber.outputs.versionNumber }}
    steps:
      - name: Harden Runner
-        uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
+        uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1
        with:
          egress-policy: audit
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
      - name: Set up JDK 17
-        uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0
+        uses: actions/setup-java@3a4f6e1af504cf6a31855fa899c6aa5355ba6c12 # v4.7.0
        with:
          java-version: "17"
          distribution: "temurin"
-      - uses: gradle/actions/setup-gradle@017a9effdb900e5b5b2fddfb590a105619dca3c3 # v4.4.2
+      - uses: gradle/actions/setup-gradle@06832c7b30a0129d7fb559bcc6e43d26f6374244 # v4.3.1
        with:
-          gradle-version: 8.14
+          gradle-version: 8.12
-      - name: Generate jar (Disable Security=${{ matrix.disable_security }})
+      - name: Generate jar (With Security=${{ matrix.enable_security }})
        run: ./gradlew clean createExe
        env:
-          DISABLE_ADDITIONAL_FEATURES: ${{ matrix.disable_security }}
+          DOCKER_ENABLE_SECURITY: ${{ matrix.enable_security }}
          STIRLING_PDF_DESKTOP_UI: false
      - name: Get version number
@ -75,27 +75,27 @@ jobs:
    runs-on: ubuntu-latest
    strategy:
      matrix:
-        disable_security: [true, false]
+        enable_security: [true, false]
        include:
-          - disable_security: false
+          - enable_security: true
            file_suffix: "-with-login"
-          - disable_security: true
+          - enable_security: false
            file_suffix: ""
    steps:
      - name: Harden Runner
-        uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
+        uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1
        with:
          egress-policy: audit
      - name: Download build artifacts
-        uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
+        uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e # v4.2.1
        with:
          name: binaries${{ matrix.file_suffix }}
      - name: Display structure of downloaded files
        run: ls -R
      - name: Install Cosign
-        uses: sigstore/cosign-installer@d58896d6a1865668819e1d91763c7751a165e159 # v3.9.2
+        uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.8.1
      - name: Generate key pair
        run: cosign generate-key-pair
@ -153,25 +153,25 @@ jobs:
      contents: write
    strategy:
      matrix:
-        disable_security: [true, false]
+        enable_security: [true, false]
        include:
-          - disable_security: false
+          - enable_security: true
            file_suffix: "-with-login"
-          - disable_security: true
+          - enable_security: false
            file_suffix: ""
    steps:
      - name: Harden Runner
-        uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
+        uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1
        with:
          egress-policy: audit
      - name: Download signed artifacts
-        uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
+        uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e # v4.2.1
        with:
          name: signed${{ matrix.file_suffix }}
      - name: Upload binaries, attestations and signatures to Release and create GitHub Release
-        uses: softprops/action-gh-release@72f2c25fcb47643c292f7107632f7a47c1df5cd8 # v2.3.2
+        uses: softprops/action-gh-release@01570a1f39cb168c169c802c3bceb9e93fb10974 # v2.1.0
        with:
          tag_name: v${{ needs.build.outputs.version }}
          generate_release_notes: true
--- a/.github/workflows/scorecards.yml
+++ b/.github/workflows/scorecards.yml
@ -34,17 +34,17 @@ jobs:
    steps:
      - name: Harden Runner
-        uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
+        uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1
        with:
          egress-policy: audit
      - name: "Checkout code"
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          persist-credentials: false
      - name: "Run analysis"
-        uses: ossf/scorecard-action@05b42c624433fc40578a4040d5cf5e36ddca8cde # v2.4.2
+        uses: ossf/scorecard-action@f49aabe0b5af0936a0987cfb85d86b75731b0186 # v2.4.1
        with:
          results_file: results.sarif
          results_format: sarif
@ -74,6 +74,6 @@ jobs:
      # Upload the results to GitHub's code scanning dashboard.
      - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@2d92b76c45b91eb80fc44c74ce3fce0ee94e8f9d # v3.29.5
+        uses: github/codeql-action/upload-sarif@45775bd8235c68ba998cffa5171334d58593da47 # v3.28.15
        with:
          sarif_file: results.sarif
--- a/.github/workflows/sonarqube.yml
+++ b/.github/workflows/sonarqube.yml
@ -9,18 +9,6 @@ on:
      - main
  workflow_dispatch:
 # cancel in-progress jobs if a new job is triggered
 # This is useful to avoid running multiple builds for the same branch if a new commit is pushed
 # or a pull request is updated.
 # It helps to save resources and time by ensuring that only the latest commit is built and tested
 # This is particularly useful for long-running jobs that may take a while to complete.
 # The `group` is set to a combination of the workflow name, event name, and branch name.
 # This ensures that jobs are grouped by the workflow and branch, allowing for cancellation of
 # in-progress jobs when a new commit is pushed to the same branch or a new pull request is opened.
 concurrency:
  group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.event.pull_request.number || github.ref_name || github.ref }}
  cancel-in-progress: true
 permissions:
  pull-requests: read
  actions: read
@ -30,22 +18,22 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Harden Runner
-        uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
+        uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1
        with:
          egress-policy: audit
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          fetch-depth: 0
      - name: Setup Gradle
-        uses: gradle/actions/setup-gradle@017a9effdb900e5b5b2fddfb590a105619dca3c3 # v4.4.2
+        uses: gradle/actions/setup-gradle@06832c7b30a0129d7fb559bcc6e43d26f6374244 # v4.3.1
      - name: Build and analyze with Gradle
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
-          DISABLE_ADDITIONAL_FEATURES: false
+          DOCKER_ENABLE_SECURITY: true
          STIRLING_PDF_DESKTOP_UI: true
        run: |
          ./gradlew clean build sonar \
--- a/.github/workflows/stale.yml
+++ b/.github/workflows/stale.yml
@ -16,7 +16,7 @@ jobs:
      pull-requests: write
    steps:
      - name: Harden Runner
-        uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
+        uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1
        with:
          egress-policy: audit
--- a/.github/workflows/swagger.yml
+++ b/.github/workflows/swagger.yml
@ -6,18 +6,6 @@ on:
    branches:
      - master
 # cancel in-progress jobs if a new job is triggered
 # This is useful to avoid running multiple builds for the same branch if a new commit is pushed
 # or a pull request is updated.
 # It helps to save resources and time by ensuring that only the latest commit is built and tested
 # This is particularly useful for long-running jobs that may take a while to complete.
 # The `group` is set to a combination of the workflow name, event name, and branch name.
 # This ensures that jobs are grouped by the workflow and branch, allowing for cancellation of
 # in-progress jobs when a new commit is pushed to the same branch or a new pull request is opened.
 concurrency:
  group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.ref_name || github.ref }}
  cancel-in-progress: true
 permissions:
  contents: read
@ -26,22 +14,22 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Harden Runner
-        uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
+        uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1
        with:
          egress-policy: audit
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
      - name: Set up JDK 17
-        uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0
+        uses: actions/setup-java@3a4f6e1af504cf6a31855fa899c6aa5355ba6c12 # v4.7.0
        with:
          java-version: "17"
          distribution: "temurin"
-      - uses: gradle/actions/setup-gradle@017a9effdb900e5b5b2fddfb590a105619dca3c3 # v4.4.2
+      - uses: gradle/actions/setup-gradle@06832c7b30a0129d7fb559bcc6e43d26f6374244 # v4.3.1
      - name: Generate Swagger documentation
-        run: ./gradlew :stirling-pdf:generateOpenApiDocs
+        run: ./gradlew generateOpenApiDocs
      - name: Upload Swagger Documentation to SwaggerHub
        run: ./gradlew swaggerhubUpload
--- a/.github/workflows/sync_files.yml
+++ b/.github/workflows/sync_files.yml
@ -8,57 +8,87 @@ on:
    paths:
      - "build.gradle"
      - "README.md"
-      - "app/core/src/main/resources/messages_*.properties"
+      - "src/main/resources/messages_*.properties"
-      - "app/core/src/main/resources/static/3rdPartyLicenses.json"
+      - "src/main/resources/static/3rdPartyLicenses.json"
      - "scripts/ignore_translation.toml"
 # cancel in-progress jobs if a new job is triggered
 # This is useful to avoid running multiple builds for the same branch if a new commit is pushed
 # or a pull request is updated.
 # It helps to save resources and time by ensuring that only the latest commit is built and tested
 # This is particularly useful for long-running jobs that may take a while to complete.
 # The `group` is set to a combination of the workflow name, event name, and branch name.
 # This ensures that jobs are grouped by the workflow and branch, allowing for cancellation of
 # in-progress jobs when a new commit is pushed to the same branch or a new pull request is opened.
 concurrency:
  group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.ref_name || github.ref }}
  cancel-in-progress: true
 permissions:
  contents: read
 jobs:
-  sync-files:
+  read_bot_entries:
    runs-on: ubuntu-latest
    outputs:
      userName: ${{ steps.get-user-id.outputs.user_name }}
      userEmail: ${{ steps.get-user-id.outputs.user_email }}
      committer: ${{ steps.committer.outputs.committer }}
    steps:
      - name: Harden Runner
-        uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
+        uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1
        with:
          egress-policy: audit
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - name: Generate GitHub App Token
-
+        id: generate-token
-      - name: Setup GitHub App Bot
+        uses: actions/create-github-app-token@3ff1caaa28b64c9cc276ce0a02e2ff584f3900c5 # v2.0.2
        id: setup-bot
        uses: ./.github/actions/setup-bot
        with:
          app-id: ${{ secrets.GH_APP_ID }}
          private-key: ${{ secrets.GH_APP_PRIVATE_KEY }}
      - name: Get GitHub App User ID
        id: get-user-id
        run: |
          USER_NAME="${{ steps.generate-token.outputs.app-slug }}[bot]"
          USER_ID=$(gh api "/users/$USER_NAME" --jq .id)
          USER_EMAIL="$USER_ID+$USER_NAME@users.noreply.github.com"
          echo "user_name=$USER_NAME" >> "$GITHUB_OUTPUT"
          echo "user_email=$USER_EMAIL" >> "$GITHUB_OUTPUT"
          echo "user-id=$USER_ID" >> "$GITHUB_OUTPUT"
        env:
          GH_TOKEN: ${{ steps.generate-token.outputs.token }}
      - id: committer
        run: |
          COMMITTER="${{ steps.get-user-id.outputs.user_name }} <${{ steps.get-user-id.outputs.user_email }}>"
          echo "committer=$COMMITTER" >> "$GITHUB_OUTPUT"
  sync-files:
    needs: ["read_bot_entries"]
    runs-on: ubuntu-latest
    steps:
      - name: Harden Runner
        uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1
        with:
          egress-policy: audit
      - name: Generate GitHub App Token
        id: generate-token
        uses: actions/create-github-app-token@3ff1caaa28b64c9cc276ce0a02e2ff584f3900c5 # v2.0.2
        with:
          app-id: ${{ vars.GH_APP_ID }}
          private-key: ${{ secrets.GH_APP_PRIVATE_KEY }}
      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
      - name: Set up Python
-        uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
+        uses: actions/setup-python@8d9ed9ac5c53483de85588cdf95a591a75ab9f55 # v5.5.0
        with:
          python-version: "3.12"
-          cache: "pip" # caching pip dependencies
+          cache: 'pip' # caching pip dependencies
      - name: Sync translation property files
        run: |
-          python .github/scripts/check_language_properties.py --reference-file "app/core/src/main/resources/messages_en_GB.properties" --branch main
+          python .github/scripts/check_language_properties.py --reference-file "src/main/resources/messages_en_GB.properties" --branch main
-      - name: Commit translation files
+      - name: Set up git config
        run: |
-          git add app/core/src/main/resources/messages_*.properties
+          git config --global user.name ${{ needs.read_bot_entries.outputs.userName }}
-          git diff --staged --quiet || git commit -m ":memo: Sync translation files" || echo "No changes detected"
+          git config --global user.email ${{ needs.read_bot_entries.outputs.userEmail }}
      - name: Run git add
        run: |
          git add src/main/resources/messages_*.properties
          git diff --staged --quiet || git commit -m ":memo: Sync translation files" || echo "no changes"
      - name: Install dependencies
        run: pip install --require-hashes -r ./.github/scripts/requirements_sync_readme.txt
@ -69,17 +99,16 @@ jobs:
      - name: Run git add
        run: |
-          git add README.md scripts/ignore_translation.toml
+          git add README.md
-          git diff --staged --quiet || git commit -m ":memo: Sync README.md & scripts/ignore_translation.toml" || echo "No changes detected"
+          git diff --staged --quiet || git commit -m ":memo: Sync README.md" || echo "no changes"
      - name: Create Pull Request
        if: always()
        uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8
        with:
-          token: ${{ steps.setup-bot.outputs.token }}
+          token: ${{ steps.generate-token.outputs.token }}
          commit-message: Update files
-          committer: ${{ steps.setup-bot.outputs.committer }}
+          committer: ${{ needs.read_bot_entries.outputs.committer }}
-          author: ${{ steps.setup-bot.outputs.committer }}
+          author: ${{ needs.read_bot_entries.outputs.committer }}
          signoff: true
          branch: sync_readme
          title: ":globe_with_meridians: Sync Translations + Update README Progress Table"
@ -113,4 +142,4 @@ jobs:
          sign-commits: true
          add-paths: |
            README.md
-            app/core/src/main/resources/messages_*.properties
+            src/main/resources/messages_*.properties
--- a/.github/workflows/testdriver.yml
+++ b/.github/workflows/testdriver.yml
@ -4,18 +4,6 @@ on:
  push:
    branches: ["master", "UITest", "testdriver"]
 # cancel in-progress jobs if a new job is triggered
 # This is useful to avoid running multiple builds for the same branch if a new commit is pushed
 # or a pull request is updated.
 # It helps to save resources and time by ensuring that only the latest commit is built and tested
 # This is particularly useful for long-running jobs that may take a while to complete.
 # The `group` is set to a combination of the workflow name, event name, and branch name.
 # This ensures that jobs are grouped by the workflow and branch, allowing for cancellation of
 # in-progress jobs when a new commit is pushed to the same branch or a new pull request is opened.
 concurrency:
  group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.ref_name || github.ref }}
  cancel-in-progress: true
 permissions:
  contents: read
@ -24,31 +12,26 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Harden Runner
-        uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
+        uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1
        with:
          egress-policy: audit
      - name: Checkout repository
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
      - name: Set up JDK
-        uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0
+        uses: actions/setup-java@3a4f6e1af504cf6a31855fa899c6aa5355ba6c12 # v4.7.0
        with:
          java-version: '17'
          distribution: 'temurin'
      - name: Setup Gradle
        uses: gradle/actions/setup-gradle@017a9effdb900e5b5b2fddfb590a105619dca3c3 # v4.4.2
        with:
          gradle-version: 8.14
      - name: Build with Gradle
        run: ./gradlew clean build
        env:
-          DISABLE_ADDITIONAL_FEATURES: true
+          DOCKER_ENABLE_SECURITY: false
      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
+        uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
      - name: Get version number
        id: versionNumber
@ -57,13 +40,13 @@ jobs:
          echo "versionNumber=$VERSION" >> $GITHUB_OUTPUT
      - name: Login to Docker Hub
-        uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0
+        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
        with:
          username: ${{ secrets.DOCKER_HUB_USERNAME }}
          password: ${{ secrets.DOCKER_HUB_API }}
      - name: Build and push test image
-        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
+        uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0
        with:
          context: .
          file: ./Dockerfile
@ -93,7 +76,7 @@ jobs:
                - /stirling/test-${{ github.sha }}/config:/configs:rw
                - /stirling/test-${{ github.sha }}/logs:/logs:rw
              environment:
-                DISABLE_ADDITIONAL_FEATURES: "true"
+                DOCKER_ENABLE_SECURITY: "false"
                SECURITY_ENABLELOGIN: "false"
                SYSTEM_DEFAULTLOCALE: en-GB
                UI_APPNAME: "Stirling-PDF Test"
@ -116,47 +99,23 @@ jobs:
            docker-compose up -d
          EOF
  files-changed:
    if: always()
    name: detect what files changed
    runs-on: ubuntu-latest
    timeout-minutes: 3
    outputs:
      frontend: ${{ steps.changes.outputs.frontend }}
    steps:
      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
      - name: Check for file changes
        uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
        id: changes
        with:
          filters: ".github/config/.files.yaml"
  test:
-    if: needs.files-changed.outputs.frontend == 'true'
+    needs: deploy
    needs: [deploy, files-changed]
    runs-on: ubuntu-latest
    steps:
      - name: Harden Runner
-        uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
+        uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1
        with:
          egress-policy: audit
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
      - name: Set up Node
        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          cache: 'npm'
          cache-dependency-path: frontend/package-lock.json
      - name: Run TestDriver.ai
        uses: testdriverai/action@f0d0f45fdd684db628baa843fe9313f3ca3a8aa8 #1.1.3
        with:
          key: ${{secrets.TESTDRIVER_API_KEY}}
          prerun: |
            cd frontend
            npm install
            npm run build
            npm install dashcam-chrome --save
@ -175,7 +134,7 @@ jobs:
    steps:
      - name: Harden Runner
-        uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
+        uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1
        with:
          egress-policy: audit
@ -186,7 +145,6 @@ jobs:
          sudo chmod 600 ../private.key
      - name: Cleanup deployment
        if: always()
        run: |
          ssh -i ../private.key -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null ${{ secrets.VPS_USERNAME }}@${{ secrets.VPS_HOST }} << EOF
            cd /stirling/test-${{ github.sha }}
@ -194,4 +152,3 @@ jobs:
            cd /stirling
            rm -rf test-${{ github.sha }}
          EOF
        continue-on-error: true # Ensure cleanup runs even if previous steps fail
--- a/.gitignore
+++ b/.gitignore
@ -13,7 +13,6 @@ local.properties
 .recommenders
 .classpath
 .project
 *.local.json
 version.properties
 #### Stirling-PDF Files ###
@ -124,13 +123,7 @@ SwaggerDoc.json
 *.tar.gz
 *.rar
 *.db
-build
+/build
 app/core/build
 app/common/build
 app/proprietary/build
 common/build
 proprietary/build
 stirling-pdf/build
 # Byte-compiled / optimized / DLL files
 __pycache__/
@ -200,6 +193,4 @@ id_ed25519.pub
 # node_modules
 node_modules/
-
+*.mjs
 # weasyPrint
 **/LOCAL_APPDATA_FONTCONFIG_CACHE/**
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@ -1,28 +1,28 @@
 repos:
  - repo: https://github.com/astral-sh/ruff-pre-commit
-    rev: v0.12.7
+    rev: v0.9.10
    hooks:
      - id: ruff
        args:
          - --fix
          - --line-length=127
-        files: ^((\.github/scripts|scripts|app/core/src/main/resources/static/python)/.+)?[^/]+\.py$
+        files: ^((\.github/scripts|scripts)/.+)?[^/]+\.py$
        exclude: (split_photos.py)
      - id: ruff-format
-        files: ^((\.github/scripts|scripts|app/core/src/main/resources/static/python)/.+)?[^/]+\.py$
+        files: ^((\.github/scripts|scripts)/.+)?[^/]+\.py$
        exclude: (split_photos.py)
  - repo: https://github.com/codespell-project/codespell
    rev: v2.4.1
    hooks:
      - id: codespell
        args:
-          - --ignore-words-list=thirdParty,tabEl,tabEls
+          - --ignore-words-list=
          - --skip="./.*,*.csv,*.json,*.ambr"
          - --quiet-level=2
        files: \.(html|css|js|py|md)$
-        exclude: (.vscode|.devcontainer|app/core/src/main/resources|app/proprietary/src/main/resources|Dockerfile|.*/pdfjs.*|.*/thirdParty.*|bootstrap.*|.*\.min\..*|.*diff\.js)
+        exclude: (.vscode|.devcontainer|src/main/resources|Dockerfile|.*/pdfjs.*|.*/thirdParty.*|bootstrap.*|.*\.min\..*|.*diff\.js)
  - repo: https://github.com/gitleaks/gitleaks
-    rev: v8.28.0
+    rev: v8.24.0
    hooks:
      - id: gitleaks
  - repo: https://github.com/pre-commit/pre-commit-hooks
@ -34,13 +34,3 @@ repos:
      - id: trailing-whitespace
        files: ^.*(\.js|\.java|\.py|\.yml)$
        exclude: ^(.*/pdfjs.*|.*/thirdParty.*|bootstrap.*|.*\.min\..*|.*diff\.js|\.github/workflows/.*$)
  # - repo: https://github.com/thibaudcolas/pre-commit-stylelint
  #   rev: v16.21.1
  #   hooks:
  #     - id: stylelint
  #       additional_dependencies:
  #         - stylelint@16.21.1
  #         - stylelint-config-standard@38.0.0
  #         - "@stylistic/stylelint-plugin@3.1.3"
  #       files: \.(css)$
  #       args: [--fix]
--- a/.vscode/extensions.json
+++ b/.vscode/extensions.json
@ -15,9 +15,6 @@
    "ms-azuretools.vscode-docker", // Docker extension for Visual Studio Code
    "GitHub.copilot", // GitHub Copilot AI pair programmer for Visual Studio Code
    "GitHub.vscode-pull-request-github", // GitHub Pull Requests extension for Visual Studio Code
-    "charliermarsh.ruff", // Ruff code formatter for Python to follow the Ruff Style Guide
+    "charliermarsh.ruff" // Ruff code formatter for Python to follow the Ruff Style Guide
    "yzhang.markdown-all-in-one", // Markdown All-in-One extension for enhanced Markdown editing
    "stylelint.vscode-stylelint", // Stylelint extension for CSS and SCSS linting
    "redhat.vscode-yaml", // YAML extension for Visual Studio Code
  ]
 }
--- a/.vscode/settings.json
+++ b/.vscode/settings.json
@ -2,46 +2,15 @@
  "editor.wordSegmenterLocales": "",
  "editor.guides.bracketPairs": "active",
  "editor.guides.bracketPairsHorizontal": "active",
  "editor.defaultFormatter": "EditorConfig.EditorConfig",
  "cSpell.enabled": false,
  "[feature]": {
    "editor.defaultFormatter": "alexkrechik.cucumberautocomplete"
  },
  "[java]": {
    "editor.defaultFormatter": "josevseb.google-java-format-for-vs-code"
  },
  "[jsonc]": {
    "editor.defaultFormatter": "vscode.json-language-features"
  },
  "[css]": {
    "editor.defaultFormatter": "stylelint.vscode-stylelint"
  },
  "[json]": {
    "editor.defaultFormatter": "vscode.json-language-features"
  },
  "[python]": {
    "editor.defaultFormatter": "ms-python.black-formatter"
  },
  "[gradle-kotlin-dsl]": {
    "editor.defaultFormatter": "vscjava.vscode-gradle"
  },
  "[markdown]": {
    "editor.defaultFormatter": "yzhang.markdown-all-in-one"
  },
  "[gradle-build]": {
    "editor.defaultFormatter": "vscjava.vscode-gradle"
  },
  "[gradle]": {
    "editor.defaultFormatter": "vscjava.vscode-gradle"
  },
  "[yaml]": {
    "editor.defaultFormatter": "redhat.vscode-yaml"
  },
  "java.compile.nullAnalysis.mode": "automatic",
  "java.configuration.updateBuildConfiguration": "interactive",
  "java.format.enabled": true,
  "java.format.settings.profile": "GoogleStyle",
-  "java.format.settings.google.version": "1.28.0",
+  "java.format.settings.google.version": "1.25.2",
  "java.format.settings.google.extra": "--aosp --skip-sorting-imports --skip-javadoc-formatting",
  // (DE) Aktiviert Kommentare im Java-Format.
  // (EN) Enables comments in Java formatting.
@ -80,17 +49,9 @@
    ".venv*/",
    ".vscode/",
    "bin/",
    "app/core/bin/",
    "app/common/bin/",
    "app/proprietary/bin/",
    "build/",
    "app/core/build/",
    "app/common/build/",
    "app/proprietary/build/",
    "configs/",
    "app/core/configs/",
    "customFiles/",
    "app/core/customFiles/",
    "docs/",
    "exampleYmlFiles",
    "gradle/",
@ -102,9 +63,6 @@
    ".git-blame-ignore-revs",
    ".gitattributes",
    ".gitignore",
    "app/core/.gitignore",
    "app/common/.gitignore",
    "app/proprietary/.gitignore",
    ".pre-commit-config.yaml",
  ],
  // Enables signature help in Java.
@ -122,22 +80,4 @@
  "spring.initializr.defaultLanguage": "Java",
  "spring.initializr.defaultGroupId": "stirling.software.SPDF",
  "spring.initializr.defaultArtifactId": "SPDF",
  "java.jdt.ls.lombokSupport.enabled": true,
  "html.format.wrapLineLength": 127,
  "html.format.enable": true,
  "html.format.indentInnerHtml": true,
  "html.format.unformatted": "script,style,textarea",
  "html.format.contentUnformatted": "pre,code",
  "html.format.extraLiners": "head,body,/html",
  "html.format.wrapAttributes": "force",
  "html.format.wrapAttributesIndentSize": 2,
  "html.format.indentHandlebars": true,
  "html.format.preserveNewLines": true,
  "html.format.maxPreserveNewLines": 2,
  "stylelint.configFile": "devTools/.stylelintrc.json",
  "java.project.sourcePaths": [
    "app/core/src/main/java",
    "app/common/src/main/java",
    "app/proprietary/src/main/java"
  ]
 }
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@ -25,7 +25,7 @@ Please make sure your Pull Request adheres to the following guidelines:
 ## Translations
-If you would like to add or modify a translation, please see [How to add new languages to Stirling-PDF](devGuide/HowToAddNewLanguage.md). Also, please create a Pull Request so others can use it!
+If you would like to add or modify a translation, please see [How to add new languages to Stirling-PDF](HowToAddNewLanguage.md). Also, please create a Pull Request so others can use it!
 ## Docs
@ -37,18 +37,7 @@ First, make sure you've read the section [Pull Requests](#pull-requests).
 If, at any point in time, you have a question, please feel free to ask in the same issue thread or in our [Discord](https://discord.gg/FJUSXUSYec).
-## Developer Documentation
+Developers should review our [Developer Guide](DeveloperGuide.md)
 For technical guides, setup instructions, and development resources, please see our [Developer Documentation](devGuide/) which includes:
 - [Developer Guide](devGuide/DeveloperGuide.md) - Main setup and architecture guide
 - [Exception Handling Guide](devGuide/EXCEPTION_HANDLING_GUIDE.md) - Error handling patterns and i18n
 - [Translation Guide](devGuide/HowToAddNewLanguage.md) - Adding new languages
 - And more in the [devGuide folder](devGuide/)
 For configuration and usage guides, see:
 - [Database Guide](DATABASE.md) - Database setup and configuration
 - [OCR Guide](HowToUseOCR.md) - OCR setup and configuration
 ## License
--- a/DATABASE.md
+++ b/DATABASE.md
@ -5,7 +5,7 @@
 The newly introduced feature enhances the application with robust database backup and import capabilities. This feature is designed to ensure data integrity and provide a straightforward way to manage database backups. Here's how it works:
 1. Automatic Backup Creation
-   - The system automatically creates a database backup on a configurable schedule (default: daily at midnight via `system.databaseBackup.cron`). This ensures that there is always a recent backup available, minimizing the risk of data loss.
+   - The system automatically creates a database backup every day at midnight. This ensures that there is always a recent backup available, minimizing the risk of data loss.
 2. Manual Backup Export
   - Admin actions that modify the user database trigger a manual export of the database. This keeps the backup up-to-date with the latest changes and provides an extra layer of data security.
 3. Importing Database Backups
--- a/devGuide/DeveloperGuide.md
+++ b/devGuide/DeveloperGuide.md
@ -55,7 +55,7 @@ Stirling-PDF uses Lombok to reduce boilerplate code. Some IDEs, like Eclipse, do
 Visit the [Lombok website](https://projectlombok.org/setup/) for installation instructions specific to your IDE.
 5. Add environment variable
-For local testing, you should generally be testing the full 'Security' version of Stirling PDF. To do this, you must add the environment flag DISABLE_ADDITIONAL_FEATURES=false to your system and/or IDE build/run step.
+For local testing, you should generally be testing the full 'Security' version of Stirling-PDF. To do this, you must add the environment flag DOCKER_ENABLE_SECURITY=true to your system and/or IDE build/run step.
 ## 4. Project Structure
@ -114,9 +114,9 @@ Stirling-PDF offers several Docker versions:
 Stirling-PDF provides several example Docker Compose files in the `exampleYmlFiles` directory, such as:
- `docker-compose-latest.yml`: Latest version without login and security features
+- `docker-compose-latest.yml`: Latest version without security features
- `docker-compose-latest-security.yml`: Latest version with login and security features enabled
+- `docker-compose-latest-security.yml`: Latest version with security features enabled
- `docker-compose-latest-fat-security.yml`: Fat version with login and security features enabled
+- `docker-compose-latest-fat-security.yml`: Fat version with security features enabled
 These files provide pre-configured setups for different scenarios. For example, here's a snippet from `docker-compose-latest-security.yml`:
@ -137,11 +137,11 @@ services:
    ports:
      - "8080:8080"
    volumes:
-      - ./stirling/latest/data:/usr/share/tessdata:rw
+      - /stirling/latest/data:/usr/share/tessdata:rw
-      - ./stirling/latest/config:/configs:rw
+      - /stirling/latest/config:/configs:rw
-      - ./stirling/latest/logs:/logs:rw
+      - /stirling/latest/logs:/logs:rw
    environment:
-      DISABLE_ADDITIONAL_FEATURES: "false"
+      DOCKER_ENABLE_SECURITY: "true"
      SECURITY_ENABLELOGIN: "true"
      PUID: 1002
      PGID: 1002
@ -153,7 +153,6 @@ services:
      SYSTEM_MAXFILESIZE: "100"
      METRICS_ENABLED: "true"
      SYSTEM_GOOGLEVISIBILITY: "true"
      SHOW_SURVEY: "true"
    restart: on-failure:5
 ```
@ -170,7 +169,7 @@ Stirling-PDF uses different Docker images for various configurations. The build
 1. Set the security environment variable:
   ```bash
-   export DISABLE_ADDITIONAL_FEATURES=true  # or false for to enable login and security features for builds
+   export DOCKER_ENABLE_SECURITY=false  # or true for security-enabled builds
   ```
 2. Build the project with Gradle:
@ -193,10 +192,10 @@ Stirling-PDF uses different Docker images for various configurations. The build
   docker build --no-cache --pull --build-arg VERSION_TAG=alpha -t stirlingtools/stirling-pdf:latest-ultra-lite -f ./Dockerfile.ultra-lite .
   ```
-   For the fat version (with login and security features enabled):
+   For the fat version (with security enabled):
   ```bash
-   export DISABLE_ADDITIONAL_FEATURES=false
+   export DOCKER_ENABLE_SECURITY=true
   docker build --no-cache --pull --build-arg VERSION_TAG=alpha -t stirlingtools/stirling-pdf:latest-fat -f ./Dockerfile.fat .
   ```
@ -272,7 +271,7 @@ Important notes:
 6. Push your changes to your fork.
 7. Submit a pull request to the main repository.
-8. See additional [contributing guidelines](../CONTRIBUTING.md).
+8. See additional [contributing guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md).
 When you raise a PR:
@ -295,7 +294,6 @@ Stirling-PDF can be customized through environment variables or a `settings.yml`
 - Security settings
 - UI customization
 - Endpoint management
 - Maximum DPI for PDF to image conversion (`system.maxDPI`)
 When using Docker, pass environment variables using the `-e` flag or in your `docker-compose.yml` file.
@ -333,7 +331,7 @@ Thymeleaf is a server-side Java HTML template engine. It is used in Stirling-PDF
 ### Thymeleaf overview
-In Stirling-PDF, Thymeleaf is used to create HTML templates that are rendered on the server side. These templates are located in the `app/core/src/main/resources/templates` directory. Thymeleaf templates use a combination of HTML and special Thymeleaf attributes to dynamically generate content.
+In Stirling-PDF, Thymeleaf is used to create HTML templates that are rendered on the server side. These templates are located in the `src/main/resources/templates` directory. Thymeleaf templates use a combination of HTML and special Thymeleaf attributes to dynamically generate content.
 Some examples of this are:
@ -385,7 +383,7 @@ This would generate n entries of tr for each person in exampleData
 ### Adding a New Feature to the Backend (API)
 1. **Create a New Controller:**
-   - Create a new Java class in the `app/core/src/main/java/stirling/software/SPDF/controller/api` directory.
+   - Create a new Java class in the `src/main/java/stirling/software/SPDF/controller/api` directory.
   - Annotate the class with `@RestController` and `@RequestMapping` to define the API endpoint.
   - Ensure to add API documentation annotations like `@Tag(name = "General", description = "General APIs")` and `@Operation(summary = "Crops a PDF document", description = "This operation takes an input PDF file and crops it according to the given coordinates. Input:PDF Output:PDF Type:SISO")`.
@ -412,7 +410,7 @@ This would generate n entries of tr for each person in exampleData
   ```
 2. **Define the Service Layer:** (Not required but often useful)
-   - Create a new service class in the `app/core/src/main/java/stirling/software/SPDF/service` directory.
+   - Create a new service class in the `src/main/java/stirling/software/SPDF/service` directory.
   - Implement the business logic for the new feature.
   ```java
@ -464,7 +462,7 @@ This would generate n entries of tr for each person in exampleData
 ### Adding a New Feature to the Frontend (UI)
 1. **Create a New Thymeleaf Template:**
-   - Create a new HTML file in the `app/core/src/main/resources/templates` directory.
+   - Create a new HTML file in the `src/main/resources/templates` directory.
   - Use Thymeleaf attributes to dynamically generate content.
   - Use `extract-page.html` as a base example for the HTML template, which is useful to ensure importing of the general layout, navbar, and footer.
@ -508,7 +506,7 @@ This would generate n entries of tr for each person in exampleData
   ```
 2. **Create a New Controller for the UI:**
-   - Create a new Java class in the `app/core/src/main/java/stirling/software/SPDF/controller/ui` directory.
+   - Create a new Java class in the `src/main/java/stirling/software/SPDF/controller/ui` directory.
   - Annotate the class with `@Controller` and `@RequestMapping` to define the UI endpoint.
   ```java
@ -538,11 +536,11 @@ This would generate n entries of tr for each person in exampleData
 3. **Update the Navigation Bar:**
   - Add a link to the new feature page in the navigation bar.
-   - Update the `app/core/src/main/resources/templates/fragments/navbar.html` file.
+   - Update the `src/main/resources/templates/fragments/navbar.html` file.
   ```html
   <li class="nav-item">
-       <a class="nav-link" th:href="@{'/new-feature'}">New Feature</a>
+       <a class="nav-link" th:href="@{/new-feature}">New Feature</a>
   </li>
   ```
@ -552,7 +550,7 @@ When adding a new feature or modifying existing ones in Stirling-PDF, you'll nee
 ### 1. Locate Existing Language Files
-Find the existing `messages.properties` files in the `app/core/src/main/resources` directory. You'll see files like:
+Find the existing `messages.properties` files in the `src/main/resources` directory. You'll see files like:
 - `messages.properties` (default, usually English)
 - `messages_en_GB.properties`
--- a/34
+++ b/34
@ -1,10 +1,12 @@
 # Main stage
-FROM alpine:3.22.1@sha256:4bcff63911fcb4448bd4fdacec207030997caf25e9bea4045fa6c8c44de311d1
+FROM alpine:3.21.3@sha256:a8560b36e8b8210634f77d9f7f9efd7ffa463e380b75e2e74aff4511df3ef88c
 # Copy necessary files
 COPY scripts /scripts
-COPY app/core/src/main/resources/static/fonts/*.ttf /usr/share/fonts/opentype/noto/
+COPY pipeline /pipeline
-COPY app/core/build/libs/*.jar app.jar
+COPY src/main/resources/static/fonts/*.ttf /usr/share/fonts/opentype/noto/
 #COPY src/main/resources/static/fonts/*.otf /usr/share/fonts/opentype/noto/
 COPY build/libs/*.jar app.jar
 ARG VERSION_TAG
@ -21,7 +23,7 @@ LABEL org.opencontainers.image.version="${VERSION_TAG}"
 LABEL org.opencontainers.image.keywords="PDF, manipulation, merge, split, convert, OCR, watermark"
 # Set Environment Variables
-ENV DISABLE_ADDITIONAL_FEATURES=true \
+ENV DOCKER_ENABLE_SECURITY=false \
    VERSION_TAG=$VERSION_TAG \
    JAVA_BASE_OPTS="-XX:+UnlockExperimentalVMOptions -XX:MaxRAMPercentage=75 -XX:InitiatingHeapOccupancyPercent=20 -XX:+G1PeriodicGCInvokesConcurrent -XX:G1PeriodicGCInterval=10000 -XX:+UseStringDeduplication -XX:G1PeriodicGCSystemLoadThreshold=70" \
    JAVA_CUSTOM_OPTS="" \
@ -32,11 +34,7 @@ ENV DISABLE_ADDITIONAL_FEATURES=true \
    PYTHONPATH=/usr/lib/libreoffice/program:/opt/venv/lib/python3.12/site-packages \
    UNO_PATH=/usr/lib/libreoffice/program \
    URE_BOOTSTRAP=file:///usr/lib/libreoffice/program/fundamentalrc \
-    PATH=$PATH:/opt/venv/bin \
+    PATH=$PATH:/opt/venv/bin
    STIRLING_TEMPFILES_DIRECTORY=/tmp/stirling-pdf \
    TMPDIR=/tmp/stirling-pdf \
    TEMP=/tmp/stirling-pdf \
    TMP=/tmp/stirling-pdf
 # JDK for app
@ -50,6 +48,7 @@ RUN echo "@main https://dl-cdn.alpinelinux.org/alpine/edge/main" | tee -a /etc/a
    tini \
    bash \
    curl \
    qpdf \
    shadow \
    su-exec \
    openssl \
@ -67,35 +66,30 @@ RUN echo "@main https://dl-cdn.alpinelinux.org/alpine/edge/main" | tee -a /etc/a
 	tesseract-ocr-data-deu \
 	tesseract-ocr-data-fra \
 	tesseract-ocr-data-por \
    unpaper \
    # CV
    py3-opencv \
    python3 \
    ocrmypdf \
    py3-pip \
    py3-pillow@testing \
-    py3-pdf2image@testing \
+    py3-pdf2image@testing && \
    # URW Base 35 fonts for better PDF rendering
    font-urw-base35 && \
    python3 -m venv /opt/venv && \
-    /opt/venv/bin/pip install --no-cache-dir --upgrade pip setuptools && \
+    /opt/venv/bin/pip install --upgrade pip && \
    /opt/venv/bin/pip install --no-cache-dir --upgrade unoserver weasyprint && \
    ln -s /usr/lib/libreoffice/program/uno.py /opt/venv/lib/python3.12/site-packages/ && \
    ln -s /usr/lib/libreoffice/program/unohelper.py /opt/venv/lib/python3.12/site-packages/ && \
    ln -s /usr/lib/libreoffice/program /opt/venv/lib/python3.12/site-packages/LibreOffice && \
    mv /usr/share/tessdata /usr/share/tessdata-original && \
-    mkdir -p $HOME /configs /logs /customFiles /pipeline/watchedFolders /pipeline/finishedFolders /tmp/stirling-pdf && \
+    mkdir -p $HOME /configs /logs /customFiles /pipeline/watchedFolders /pipeline/finishedFolders && \
    # Configure URW Base 35 fonts
    ln -s /usr/share/fontconfig/conf.avail/69-urw-*.conf /etc/fonts/conf.d/ && \
    fc-cache -f -v && \
    chmod +x /scripts/* && \
    chmod +x /scripts/init.sh && \
    # User permissions
    addgroup -S stirlingpdfgroup && adduser -S stirlingpdfuser -G stirlingpdfgroup && \
-    chown -R stirlingpdfuser:stirlingpdfgroup $HOME /scripts /usr/share/fonts/opentype/noto /configs /customFiles /pipeline /tmp/stirling-pdf && \
+    chown -R stirlingpdfuser:stirlingpdfgroup $HOME /scripts /usr/share/fonts/opentype/noto /configs /customFiles /pipeline && \
    chown stirlingpdfuser:stirlingpdfgroup /app.jar
 EXPOSE 8080/tcp
 # Set user and run command
 ENTRYPOINT ["tini", "--", "/scripts/init.sh"]
-CMD ["sh", "-c", "java -Dfile.encoding=UTF-8 -Djava.io.tmpdir=/tmp/stirling-pdf -jar /app.jar & /opt/venv/bin/unoserver --port 2003 --interface 127.0.0.1"]
+CMD ["sh", "-c", "java -Dfile.encoding=UTF-8 -jar /app.jar & /opt/venv/bin/unoserver --port 2003 --interface 127.0.0.1"]
--- a/Dockerfile.dev
+++ b/Dockerfile.dev
@ -1,7 +1,7 @@
 # dockerfile.dev
 # Basisimage: Gradle mit JDK 17 (Debian-basiert)
-FROM gradle:8.14-jdk17
+FROM gradle:8.13-jdk17
 # Als Root-Benutzer arbeiten, um benötigte Pakete zu installieren
 USER root
@ -19,7 +19,7 @@ RUN apt-get update && apt-get install -y \
 # settings.yml | tessdataDir: /usr/share/tesseract-ocr/5/tessdata
  tesseract-ocr \
  tesseract-ocr-eng \
-  fonts-terminus fonts-dejavu fonts-font-awesome fonts-noto fonts-noto-core fonts-noto-cjk fonts-noto-extra fonts-liberation fonts-linuxlibertine fonts-urw-base35 \
+  fonts-terminus fonts-dejavu fonts-font-awesome fonts-noto fonts-noto-core fonts-noto-cjk fonts-noto-extra fonts-liberation fonts-linuxlibertine \
  python3-uno \
  python3-venv \
 # ss -tln
@ -27,34 +27,28 @@ RUN apt-get update && apt-get install -y \
  && apt-get clean && rm -rf /var/lib/apt/lists/*
 # Setze die Environment Variable für setuptools
-ENV SETUPTOOLS_USE_DISTUTILS=local \
+ENV SETUPTOOLS_USE_DISTUTILS=local
    STIRLING_TEMPFILES_DIRECTORY=/tmp/stirling-pdf \
    TMPDIR=/tmp/stirling-pdf \
    TEMP=/tmp/stirling-pdf \
    TMP=/tmp/stirling-pdf
 # Installation der benötigten Python-Pakete
 COPY .github/scripts/requirements_dev.txt /tmp/requirements_dev.txt
 RUN python3 -m venv --system-site-packages /opt/venv \
  && . /opt/venv/bin/activate \
-  && pip install --no-cache-dir --require-hashes -r /tmp/requirements_dev.txt
+  && pip install --no-cache-dir WeasyPrint pdf2image pillow unoserver opencv-python-headless pre-commit
 # Füge den venv-Pfad zur globalen PATH-Variable hinzu, damit die Tools verfügbar sind
 ENV PATH="/opt/venv/bin:$PATH"
 COPY . /workspace
-RUN mkdir -p /tmp/stirling-pdf \
+RUN adduser --disabled-password --gecos '' devuser \
-  && fc-cache -f -v \
+  && chown -R devuser:devuser /home/devuser /workspace
  && adduser --disabled-password --gecos '' devuser \
  && chown -R devuser:devuser /home/devuser /workspace /tmp/stirling-pdf
 RUN echo "devuser ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/devuser \
  && chmod 0440 /etc/sudoers.d/devuser
 # Setze das Arbeitsverzeichnis (wird später per Bind-Mount überschrieben)
 WORKDIR /workspace
-RUN chmod +x /workspace/.devcontainer/git-init.sh /workspace/.devcontainer/init-setup.sh
+RUN chmod +x /workspace/.devcontainer/git-init.sh
 RUN sudo chmod +x /workspace/.devcontainer/init-setup.sh
 # Wechsel zum Nicht‑Root Benutzer
 USER devuser
--- a/Dockerfile.fat
+++ b/Dockerfile.fat
@ -1,13 +1,10 @@
 # Build the application
-FROM gradle:8.14-jdk21 AS build
+FROM gradle:8.13-jdk21 AS build
 COPY build.gradle .
 COPY settings.gradle .
 COPY gradlew .
 COPY gradle gradle/
 COPY app/core/build.gradle core/.
 COPY app/common/build.gradle common/.
 COPY app/proprietary/build.gradle proprietary/.
 RUN ./gradlew build -x spotlessApply -x spotlessCheck -x test -x sonarqube || return 0 
 # Set the working directory
@ -16,24 +13,24 @@ WORKDIR /app
 # Copy the entire project to the working directory
 COPY . .
-# Build the application with DISABLE_ADDITIONAL_FEATURES=false
+# Build the application with DOCKER_ENABLE_SECURITY=false
-RUN DISABLE_ADDITIONAL_FEATURES=false \
+RUN DOCKER_ENABLE_SECURITY=true \
    STIRLING_PDF_DESKTOP_UI=false \
    ./gradlew clean build -x spotlessApply -x spotlessCheck -x test -x sonarqube
 # Main stage
-FROM alpine:3.22.1@sha256:4bcff63911fcb4448bd4fdacec207030997caf25e9bea4045fa6c8c44de311d1
+FROM alpine:3.21.3@sha256:a8560b36e8b8210634f77d9f7f9efd7ffa463e380b75e2e74aff4511df3ef88c
 # Copy necessary files
 COPY scripts /scripts
-COPY app/core/src/main/resources/static/fonts/*.ttf /usr/share/fonts/opentype/noto/
+COPY pipeline /pipeline
-# first /app directory is for the build stage, second is for the final image
+COPY src/main/resources/static/fonts/*.ttf /usr/share/fonts/opentype/noto/
-COPY --from=build /app/app/core/build/libs/*.jar app.jar
+COPY --from=build /app/build/libs/*.jar app.jar
 ARG VERSION_TAG
 # Set Environment Variables
-ENV DISABLE_ADDITIONAL_FEATURES=true \
+ENV DOCKER_ENABLE_SECURITY=false \
    VERSION_TAG=$VERSION_TAG \
    JAVA_BASE_OPTS="-XX:+UnlockExperimentalVMOptions -XX:MaxRAMPercentage=75 -XX:InitiatingHeapOccupancyPercent=20 -XX:+G1PeriodicGCInvokesConcurrent -XX:G1PeriodicGCInterval=10000 -XX:+UseStringDeduplication -XX:G1PeriodicGCSystemLoadThreshold=70" \
    JAVA_CUSTOM_OPTS="" \
@ -46,11 +43,7 @@ ENV DISABLE_ADDITIONAL_FEATURES=true \
    PYTHONPATH=/usr/lib/libreoffice/program:/opt/venv/lib/python3.12/site-packages \
    UNO_PATH=/usr/lib/libreoffice/program \
    URE_BOOTSTRAP=file:///usr/lib/libreoffice/program/fundamentalrc \
-    PATH=$PATH:/opt/venv/bin \
+    PATH=$PATH:/opt/venv/bin
    STIRLING_TEMPFILES_DIRECTORY=/tmp/stirling-pdf \
    TMPDIR=/tmp/stirling-pdf \
    TEMP=/tmp/stirling-pdf \
    TMP=/tmp/stirling-pdf
 # JDK for app
@ -76,38 +69,36 @@ RUN echo "@main https://dl-cdn.alpinelinux.org/alpine/edge/main" | tee -a /etc/a
    # pdftohtml
    poppler-utils \
    # OCR MY PDF (unpaper for descew and other advanced featues)
    qpdf \
    tesseract-ocr-data-eng \
    tesseract-ocr-data-chi_sim \
 	tesseract-ocr-data-deu \
 	tesseract-ocr-data-fra \
 	tesseract-ocr-data-por \
-    unpaper \
+    font-terminus font-dejavu font-noto font-noto-cjk font-awesome font-noto-extra font-liberation font-linux-libertine \
    font-terminus font-dejavu font-noto font-noto-cjk font-awesome font-noto-extra font-liberation font-linux-libertine font-urw-base35 \
    # CV
    py3-opencv \
    python3 \
    ocrmypdf \
    py3-pip \
    py3-pillow@testing \
    py3-pdf2image@testing && \
    python3 -m venv /opt/venv && \
-    /opt/venv/bin/pip install --no-cache-dir --upgrade pip setuptools && \
+    /opt/venv/bin/pip install --upgrade pip && \
    /opt/venv/bin/pip install --no-cache-dir --upgrade unoserver weasyprint && \
    ln -s /usr/lib/libreoffice/program/uno.py /opt/venv/lib/python3.12/site-packages/ && \
    ln -s /usr/lib/libreoffice/program/unohelper.py /opt/venv/lib/python3.12/site-packages/ && \
    ln -s /usr/lib/libreoffice/program /opt/venv/lib/python3.12/site-packages/LibreOffice && \
    mv /usr/share/tessdata /usr/share/tessdata-original && \
-    mkdir -p $HOME /configs /logs /customFiles /pipeline/watchedFolders /pipeline/finishedFolders /tmp/stirling-pdf && \
+    mkdir -p $HOME /configs /logs /customFiles /pipeline/watchedFolders /pipeline/finishedFolders && \
    # Configure URW Base 35 fonts
    ln -s /usr/share/fontconfig/conf.avail/69-urw-*.conf /etc/fonts/conf.d/ && \
    fc-cache -f -v && \
    chmod +x /scripts/* && \
    chmod +x /scripts/init.sh && \
    # User permissions
    addgroup -S stirlingpdfgroup && adduser -S stirlingpdfuser -G stirlingpdfgroup && \
-    chown -R stirlingpdfuser:stirlingpdfgroup $HOME /scripts /usr/share/fonts/opentype/noto /configs /customFiles /pipeline /tmp/stirling-pdf && \
+    chown -R stirlingpdfuser:stirlingpdfgroup $HOME /scripts /usr/share/fonts/opentype/noto /configs /customFiles /pipeline && \
    chown stirlingpdfuser:stirlingpdfgroup /app.jar
 EXPOSE 8080/tcp
 # Set user and run command
 ENTRYPOINT ["tini", "--", "/scripts/init.sh"]
-CMD ["sh", "-c", "java -Dfile.encoding=UTF-8 -Djava.io.tmpdir=/tmp/stirling-pdf -jar /app.jar & /opt/venv/bin/unoserver --port 2003 --interface 127.0.0.1"]
+CMD ["sh", "-c", "java -Dfile.encoding=UTF-8 -jar /app.jar & /opt/venv/bin/unoserver --port 2003 --interface 127.0.0.1"]
--- a/Dockerfile.ultra-lite
+++ b/Dockerfile.ultra-lite
@ -1,27 +1,24 @@
 # use alpine
-FROM alpine:3.22.1@sha256:4bcff63911fcb4448bd4fdacec207030997caf25e9bea4045fa6c8c44de311d1
+FROM alpine:3.21.3@sha256:a8560b36e8b8210634f77d9f7f9efd7ffa463e380b75e2e74aff4511df3ef88c
 ARG VERSION_TAG
 # Set Environment Variables
-ENV DISABLE_ADDITIONAL_FEATURES=true \
+ENV DOCKER_ENABLE_SECURITY=false \
    HOME=/home/stirlingpdfuser \
    VERSION_TAG=$VERSION_TAG \
    JAVA_BASE_OPTS="-XX:+UnlockExperimentalVMOptions -XX:MaxRAMPercentage=75 -XX:InitiatingHeapOccupancyPercent=20 -XX:+G1PeriodicGCInvokesConcurrent -XX:G1PeriodicGCInterval=10000 -XX:+UseStringDeduplication -XX:G1PeriodicGCSystemLoadThreshold=70" \
    JAVA_CUSTOM_OPTS="" \
    PUID=1000 \
    PGID=1000 \
-    UMASK=022 \
+    UMASK=022
    STIRLING_TEMPFILES_DIRECTORY=/tmp/stirling-pdf \
    TMPDIR=/tmp/stirling-pdf \
    TEMP=/tmp/stirling-pdf \
    TMP=/tmp/stirling-pdf
 # Copy necessary files
 COPY scripts/download-security-jar.sh /scripts/download-security-jar.sh
 COPY scripts/init-without-ocr.sh /scripts/init-without-ocr.sh
 COPY scripts/installFonts.sh /scripts/installFonts.sh
-COPY app/core/build/libs/*.jar app.jar
+COPY pipeline /pipeline
 COPY build/libs/*.jar app.jar
 # Set up necessary directories and permissions
 RUN echo "@testing https://dl-cdn.alpinelinux.org/alpine/edge/main" | tee -a /etc/apk/repositories && \
@ -38,10 +35,10 @@ RUN echo "@testing https://dl-cdn.alpinelinux.org/alpine/edge/main" | tee -a /et
        su-exec \
        openjdk21-jre && \
    # User permissions
-    mkdir -p /configs /logs /customFiles /usr/share/fonts/opentype/noto /tmp/stirling-pdf /pipeline/watchedFolders /pipeline/finishedFolders && \
+    mkdir -p /configs /logs /customFiles /usr/share/fonts/opentype/noto && \
    chmod +x /scripts/*.sh && \
    addgroup -S stirlingpdfgroup && adduser -S stirlingpdfuser -G stirlingpdfgroup && \
-    chown -R stirlingpdfuser:stirlingpdfgroup $HOME /scripts /pipeline /configs /customFiles /tmp/stirling-pdf && \
+    chown -R stirlingpdfuser:stirlingpdfgroup $HOME /scripts  /configs /customFiles /pipeline && \
    chown stirlingpdfuser:stirlingpdfgroup /app.jar
 # Set environment variables
@ -51,4 +48,4 @@ EXPOSE 8080/tcp
 # Run the application
 ENTRYPOINT ["tini", "--", "/scripts/init-without-ocr.sh"]
-CMD ["java", "-Dfile.encoding=UTF-8", "-Djava.io.tmpdir=/tmp/stirling-pdf", "-jar", "/app.jar"]
+CMD ["java", "-Dfile.encoding=UTF-8", "-jar", "/app.jar"]
--- a/devGuide/HowToAddNewLanguage.md
+++ b/devGuide/HowToAddNewLanguage.md
@ -10,7 +10,7 @@ Fork Stirling-PDF and create a new branch out of `main`.
 Then add a reference to the language in the navbar by adding a new language entry to the dropdown:
- Edit the file: [languages.html](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/app/core/src/main/resources/templates/fragments/languages.html)
+- Edit the file: [languages.html](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/src/main/resources/templates/fragments/languages.html)
 For example, to add Polish, you would add:
@ -25,7 +25,7 @@ The `data-bs-language-code` is the code used to reference the file in the next s
 Start by copying the existing English property file:
- [messages_en_GB.properties](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/app/core/src/main/resources/messages_en_GB.properties)
+- [messages_en_GB.properties](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/src/main/resources/messages_en_GB.properties)
 Copy and rename it to `messages_{your data-bs-language-code here}.properties`. In the Polish example, you would set the name to `messages_pl_PL.properties`.
@ -61,16 +61,8 @@ Make sure to place the entry under the correct language section. This helps main
 #### Windows command
-```powershell
+```ps
-python .github/scripts/check_language_properties.py --reference-file app\core\src\main\resources\messages_en_GB.properties --branch "" --files app\core\src\main\resources\messages_pl_PL.properties
+python .github/scripts/check_language_properties.py --reference-file src\main\resources\messages_en_GB.properties --branch "" --files src\main\resources\messages_pl_PL.properties
-python .github/scripts/check_language_properties.py --reference-file app\core\src\main\resources\messages_en_GB.properties --branch "" --check-file app\core\src\main\resources\messages_pl_PL.properties
+python .github/scripts/check_language_properties.py --reference-file src\main\resources\messages_en_GB.properties --branch "" --check-file src\main\resources\messages_pl_PL.properties
 ```
 #### Linux command
 ```bash
 python3 .github/scripts/check_language_properties.py --reference-file app/core/src/main/resources/messages_en_GB.properties --branch "" --files app/core/src/main/resources/messages_pl_PL.properties
 python3 .github/scripts/check_language_properties.py --reference-file app/core/src/main/resources/messages_en_GB.properties --branch "" --check-file app/core/src/main/resources/messages_pl_PL.properties
 ```
--- a/9
+++ b/9
@ -1,13 +1,6 @@
 MIT License
-Copyright (c) 2025 Stirling PDF Inc.
+Copyright (c) 2024 Stirling Tools
 Portions of this software are licensed as follows:
 * All content that resides under the "app/proprietary/" directory of this repository,
 if that directory exists, is licensed under the license defined in "app/proprietary/LICENSE".
 * Content outside of the above mentioned directories or restrictions above is
 available under the MIT License as defined below.
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
--- a/README.md
+++ b/README.md
@ -29,7 +29,7 @@ All documentation available at [https://docs.stirlingpdf.com/](https://docs.stir
 - API for integration with external scripts
 - Optional Login and Authentication support (see [here](https://docs.stirlingpdf.com/Advanced%20Configuration/System%20and%20Security) for documentation)
 - Database Backup and Import (see [here](https://docs.stirlingpdf.com/Advanced%20Configuration/DATABASE) for documentation)
- Enterprise features like SSO (see [here](https://docs.stirlingpdf.com/Advanced%20Configuration/Single%20Sign-On%20Configuration) for documentation)
+- Enterprise features like SSO see [here](https://docs.stirlingpdf.com/Enterprise%20Edition)
 ## PDF Features
@ -112,63 +112,63 @@ Visit our comprehensive documentation at [docs.stirlingpdf.com](https://docs.sti
 ## Supported Languages
-Stirling-PDF currently supports 40 languages!
+Stirling-PDF currently supports 39 languages!
 | Language                                     | Progress                               |
 | -------------------------------------------- | -------------------------------------- |
-| Arabic (العربية) (ar_AR)                        | ![61%](https://geps.dev/progress/61)   |
+| Arabic (العربية) (ar_AR)                        | ![86%](https://geps.dev/progress/86)   |
-| Azerbaijani (Azərbaycan Dili) (az_AZ)        | ![62%](https://geps.dev/progress/62)   |
+| Azerbaijani (Azərbaycan Dili) (az_AZ)        | ![85%](https://geps.dev/progress/85)   |
-| Basque (Euskara) (eu_ES)                     | ![36%](https://geps.dev/progress/36)   |
+| Basque (Euskara) (eu_ES)                     | ![49%](https://geps.dev/progress/49)   |
-| Bulgarian (Български) (bg_BG)                | ![68%](https://geps.dev/progress/68)   |
+| Bulgarian (Български) (bg_BG)                | ![95%](https://geps.dev/progress/95)   |
-| Catalan (Català) (ca_CA)                     | ![67%](https://geps.dev/progress/67)   |
+| Catalan (Català) (ca_CA)                     | ![92%](https://geps.dev/progress/92)   |
-| Croatian (Hrvatski) (hr_HR)                  | ![60%](https://geps.dev/progress/60)   |
+| Croatian (Hrvatski) (hr_HR)                  | ![83%](https://geps.dev/progress/83)   |
-| Czech (Česky) (cs_CZ)                        | ![69%](https://geps.dev/progress/69)   |
+| Czech (Česky) (cs_CZ)                        | ![94%](https://geps.dev/progress/94)   |
-| Danish (Dansk) (da_DK)                       | ![61%](https://geps.dev/progress/61)   |
+| Danish (Dansk) (da_DK)                       | ![82%](https://geps.dev/progress/82)   |
-| Dutch (Nederlands) (nl_NL)                   | ![60%](https://geps.dev/progress/60)   |
+| Dutch (Nederlands) (nl_NL)                   | ![81%](https://geps.dev/progress/81)   |
 | English (English) (en_GB)                    | ![100%](https://geps.dev/progress/100) |
 | English (US) (en_US)                         | ![100%](https://geps.dev/progress/100) |
-| French (Français) (fr_FR)                    | ![88%](https://geps.dev/progress/88)   |
+| French (Français) (fr_FR)                    | ![94%](https://geps.dev/progress/94)   |
-| German (Deutsch) (de_DE)                     | ![97%](https://geps.dev/progress/97)   |
+| German (Deutsch) (de_DE)                     | ![96%](https://geps.dev/progress/96)   |
-| Greek (Ελληνικά) (el_GR)                     | ![67%](https://geps.dev/progress/67)   |
+| Greek (Ελληνικά) (el_GR)                     | ![93%](https://geps.dev/progress/93)   |
-| Hindi (हिंदी) (hi_IN)                          | ![67%](https://geps.dev/progress/67)   |
+| Hindi (हिंदी) (hi_IN)                          | ![94%](https://geps.dev/progress/94)   |
-| Hungarian (Magyar) (hu_HU)                   | ![99%](https://geps.dev/progress/99)   |
+| Hungarian (Magyar) (hu_HU)                   | ![91%](https://geps.dev/progress/91)   |
-| Indonesian (Bahasa Indonesia) (id_ID)        | ![62%](https://geps.dev/progress/62)   |
+| Indonesian (Bahasa Indonesia) (id_ID)        | ![83%](https://geps.dev/progress/83)   |
-| Irish (Gaeilge) (ga_IE)                      | ![68%](https://geps.dev/progress/68)   |
+| Irish (Gaeilge) (ga_IE)                      | ![94%](https://geps.dev/progress/94)   |
 | Italian (Italiano) (it_IT)                   | ![98%](https://geps.dev/progress/98)   |
-| Japanese (日本語) (ja_JP)                    | ![92%](https://geps.dev/progress/92)   |
+| Japanese (日本語) (ja_JP)                    | ![91%](https://geps.dev/progress/91)   |
-| Korean (한국어) (ko_KR)                      | ![67%](https://geps.dev/progress/67)   |
+| Korean (한국어) (ko_KR)                      | ![94%](https://geps.dev/progress/94)   |
-| Norwegian (Norsk) (no_NB)                    | ![66%](https://geps.dev/progress/66)   |
+| Norwegian (Norsk) (no_NB)                    | ![88%](https://geps.dev/progress/88)   |
-| Persian (فارسی) (fa_IR)                      | ![64%](https://geps.dev/progress/64)   |
+| Persian (فارسی) (fa_IR)                      | ![90%](https://geps.dev/progress/90)   |
-| Polish (Polski) (pl_PL)                      | ![72%](https://geps.dev/progress/72)   |
+| Polish (Polski) (pl_PL)                      | ![98%](https://geps.dev/progress/98)   |
-| Portuguese (Português) (pt_PT)               | ![68%](https://geps.dev/progress/68)   |
+| Portuguese (Português) (pt_PT)               | ![93%](https://geps.dev/progress/93)   |
-| Portuguese Brazilian (Português) (pt_BR)     | ![76%](https://geps.dev/progress/76)   |
+| Portuguese Brazilian (Português) (pt_BR)     | ![96%](https://geps.dev/progress/96)   |
-| Romanian (Română) (ro_RO)                    | ![57%](https://geps.dev/progress/57)   |
+| Romanian (Română) (ro_RO)                    | ![77%](https://geps.dev/progress/77)   |
-| Russian (Русский) (ru_RU)                    | ![88%](https://geps.dev/progress/88)   |
+| Russian (Русский) (ru_RU)                    | ![96%](https://geps.dev/progress/96)   |
-| Serbian Latin alphabet (Srpski) (sr_LATN_RS) | ![94%](https://geps.dev/progress/94)   |
+| Serbian Latin alphabet (Srpski) (sr_LATN_RS) | ![62%](https://geps.dev/progress/62)   |
-| Simplified Chinese (简体中文) (zh_CN)         | ![93%](https://geps.dev/progress/93)   |
+| Simplified Chinese (简体中文) (zh_CN)         | ![95%](https://geps.dev/progress/95)   |
-| Slovakian (Slovensky) (sk_SK)                | ![51%](https://geps.dev/progress/51)   |
+| Slovakian (Slovensky) (sk_SK)                | ![71%](https://geps.dev/progress/71)   |
-| Slovenian (Slovenščina) (sl_SI)              | ![71%](https://geps.dev/progress/71)   |
+| Slovenian (Slovenščina) (sl_SI)              | ![93%](https://geps.dev/progress/93)   |
-| Spanish (Español) (es_ES)                    | ![74%](https://geps.dev/progress/74)   |
+| Spanish (Español) (es_ES)                    | ![96%](https://geps.dev/progress/96)   |
-| Swedish (Svenska) (sv_SE)                    | ![65%](https://geps.dev/progress/65)   |
+| Swedish (Svenska) (sv_SE)                    | ![89%](https://geps.dev/progress/89)   |
-| Thai (ไทย) (th_TH)                           | ![59%](https://geps.dev/progress/59)   |
+| Thai (ไทย) (th_TH)                           | ![82%](https://geps.dev/progress/82)   |
-| Tibetan (བོད་ཡིག་) (bo_CN)                     | ![65%](https://geps.dev/progress/65) |
+| Tibetan (བོད་ཡིག་) (zh_BO)                     | ![91%](https://geps.dev/progress/91) |
-| Traditional Chinese (繁體中文) (zh_TW)        | ![99%](https://geps.dev/progress/99)   |
+| Traditional Chinese (繁體中文) (zh_TW)        | ![97%](https://geps.dev/progress/97)   |
-| Turkish (Türkçe) (tr_TR)                     | ![99%](https://geps.dev/progress/99)   |
+| Turkish (Türkçe) (tr_TR)                     | ![79%](https://geps.dev/progress/79)   |
-| Ukrainian (Українська) (uk_UA)               | ![70%](https://geps.dev/progress/70)   |
+| Ukrainian (Українська) (uk_UA)               | ![99%](https://geps.dev/progress/99)   |
-| Vietnamese (Tiếng Việt) (vi_VN)              | ![57%](https://geps.dev/progress/57)   |
+| Vietnamese (Tiếng Việt) (vi_VN)              | ![76%](https://geps.dev/progress/76)   |
-| Malayalam (മലയാളം) (ml_IN)              | ![73%](https://geps.dev/progress/73)   |
+
 ## Stirling PDF Enterprise
 Stirling PDF offers an Enterprise edition of its software. This is the same great software but with added features, support and comforts.
-Check out our [Enterprise docs](https://docs.stirlingpdf.com/Pro)
+Check out our [Enterprise docs](https://docs.stirlingpdf.com/Enterprise%20Edition)
 ## 🤝 Looking to contribute?
 Join our community:
 - [Contribution Guidelines](CONTRIBUTING.md)
- [Translation Guide (How to add custom languages)](devGuide/HowToAddNewLanguage.md)
+- [Translation Guide (How to add custom languages)](HowToAddNewLanguage.md)
 - [Developer Guide](devGuide/DeveloperGuide.md)
 - [Issue Tracker](https://github.com/Stirling-Tools/Stirling-PDF/issues)
 - [Discord Community](https://discord.gg/HYmhKj45pU)
 - [Developer Guide](DeveloperGuide.md)
--- a/devGuide/USERS.md
+++ b/devGuide/USERS.md
--- a/app/allowed-licenses.json
+++ b/app/allowed-licenses.json
@ -124,18 +124,10 @@
      "moduleName": ".*",
      "moduleLicense": "COMMON DEVELOPMENT AND DISTRIBUTION LICENSE (CDDL) Version 1.0"
    },
    {
      "moduleName": ".*",
      "moduleLicense": "Eclipse Public License 1.0"
    },
    {
      "moduleName": ".*",
      "moduleLicense": "Eclipse Public License - v 1.0"
    },
    {
      "moduleName": ".*",
      "moduleLicense": "Eclipse Public License v2.0"
    },
    {
      "moduleName": ".*",
      "moduleLicense": "Eclipse Public License v. 2.0"
--- a/app/common/.gitignore
+++ b/app/common/.gitignore
@ -1,196 +0,0 @@
 ### Eclipse ###
 .metadata
 bin/
 tmp/
 *.tmp
 *.bak
 *.exe
 *.swp
 *~.nib
 local.properties
 .settings/
 .loadpath
 .recommenders
 .classpath
 .project
 version.properties
 #### Stirling-PDF Files ###
 pipeline/watchedFolders/
 pipeline/finishedFolders/
 customFiles/
 configs/
 watchedFolders/
 clientWebUI/
 !cucumber/
 !cucumber/exampleFiles/
 !cucumber/exampleFiles/example_html.zip
 exampleYmlFiles/stirling/
 /testing/file_snapshots
 SwaggerDoc.json
 # Gradle
 .gradle
 .lock
 # External tool builders
 .externalToolBuilders/
 # Locally stored "Eclipse launch configurations"
 *.launch
 # PyDev specific (Python IDE for Eclipse)
 *.pydevproject
 # CDT-specific (C/C++ Development Tooling)
 .cproject
 # CDT- autotools
 .autotools
 # Java annotation processor (APT)
 .factorypath
 # PDT-specific (PHP Development Tools)
 .buildpath
 # sbteclipse plugin
 .target
 # Tern plugin
 .tern-project
 # TeXlipse plugin
 .texlipse
 # STS (Spring Tool Suite)
 .springBeans
 # Code Recommenders
 .recommenders/
 # Annotation Processing
 .apt_generated/
 .apt_generated_test/
 # Scala IDE specific (Scala & Java development for Eclipse)
 .cache-main
 .scala_dependencies
 .worksheet
 # Uncomment this line if you wish to ignore the project description file.
 # Typically, this file would be tracked if it contains build/dependency configurations:
 #.project
 ### Eclipse Patch ###
 # Spring Boot Tooling
 .sts4-cache/
 ### Git ###
 # Created by git for backups. To disable backups in Git:
 # $ git config --global mergetool.keepBackup false
 *.orig
 # Created by git when using merge tools for conflicts
 *.BACKUP.*
 *.BASE.*
 *.LOCAL.*
 *.REMOTE.*
 *_BACKUP_*.txt
 *_BASE_*.txt
 *_LOCAL_*.txt
 *_REMOTE_*.txt
 ### Java ###
 # Compiled class file
 *.class
 # Log file
 *.log
 # BlueJ files
 *.ctxt
 # Mobile Tools for Java (J2ME)
 .mtj.tmp/
 # Package Files #
 *.jar
 *.war
 *.nar
 *.ear
 *.zip
 *.tar.gz
 *.rar
 *.db
 /build
 /app/common/build/
 # Byte-compiled / optimized / DLL files
 __pycache__/
 *.py[cod]
 *.pyo
 # Virtual environments
 .env*
 .venv*
 env*/
 venv*/
 ENV/
 env.bak/
 venv.bak/
 # VS Code
 /.vscode/**/*
 !/.vscode/settings.json
 !/.vscode/extensions.json
 # IntelliJ IDEA
 .idea/
 *.iml
 out/
 # Ignore Mac DS_Store files
 .DS_Store
 **/.DS_Store
 # cucumber
 /cucumber/reports/**
 # Certs and Security Files
 *.p12
 *.pk8
 *.pem
 *.crt
 *.cer
 *.cert
 *.der
 *.key
 *.csr
 *.kdbx
 *.jks
 *.asc
 # SSH Keys
 *.pub
 *.priv
 id_rsa
 id_rsa.pub
 id_ecdsa
 id_ecdsa.pub
 id_ed25519
 id_ed25519.pub
 .ssh/
 *ssh
 # cache
 .cache
 .ruff_cache
 .mypy_cache
 .pytest_cache
 .ipynb_checkpoints
 **/jcef-bundle/
 # node_modules
 node_modules/
--- a/app/common/build.gradle
+++ b/app/common/build.gradle
@ -1,45 +0,0 @@
 // Configure bootRun to disable it or point to a main class
 bootRun {
    enabled = false
 }
 spotless {
    java {
        target 'src/**/java/**/*.java'
        googleJavaFormat(googleJavaFormatVersion).aosp().reorderImports(false)
        importOrder("java", "javax", "org", "com", "net", "io", "jakarta", "lombok", "me", "stirling")
        toggleOffOn()
        trimTrailingWhitespace()
        leadingTabsToSpaces()
        endWithNewline()
    }
    yaml {
        target '**/*.yml', '**/*.yaml'
        trimTrailingWhitespace()
        leadingTabsToSpaces()
        endWithNewline()
    }
    format 'gradle', {
        target '**/gradle/*.gradle', '**/*.gradle'
        trimTrailingWhitespace()
        leadingTabsToSpaces()
        endWithNewline()
    }
 }
 dependencies {
    api 'org.springframework.boot:spring-boot-starter-web'
    api 'org.springframework.boot:spring-boot-starter-aop'
    api 'org.springframework.boot:spring-boot-starter-thymeleaf'
    api 'com.googlecode.owasp-java-html-sanitizer:owasp-java-html-sanitizer:20240325.1'
    api 'com.fathzer:javaluator:3.0.6'
    api 'com.posthog.java:posthog:1.2.0'
    api 'org.apache.commons:commons-lang3:3.18.0'
    api 'com.drewnoakes:metadata-extractor:2.19.0' // Image metadata extractor
    api 'com.vladsch.flexmark:flexmark-html2md-converter:0.64.8'
    api "org.apache.pdfbox:pdfbox:$pdfboxVersion"
    api 'jakarta.servlet:jakarta.servlet-api:6.1.0'
    api 'org.snakeyaml:snakeyaml-engine:2.10'
    api "org.springdoc:springdoc-openapi-starter-webmvc-ui:2.8.12"
    api 'jakarta.mail:jakarta.mail-api:2.1.4'
    runtimeOnly 'org.eclipse.angus:angus-mail:2.0.4'
 }
--- a/app/common/src/main/java/stirling/software/common/annotations/AutoJobPostMapping.java
+++ b/app/common/src/main/java/stirling/software/common/annotations/AutoJobPostMapping.java
@ -1,79 +0,0 @@
 package stirling.software.common.annotations;
 import java.lang.annotation.*;
 import org.springframework.core.annotation.AliasFor;
 import org.springframework.http.MediaType;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
 /**
 * Shortcut for a POST endpoint that is executed through the Stirling "auto‑job" framework.
 *
 * <p>Behaviour notes:
 *
 * <ul>
 *   <li>The endpoint is registered with {@code POST} and, by default, consumes {@code
 *       multipart/form-data} unless you override {@link #consumes()}.
 *   <li>When the client supplies {@code ?async=true} the call is handed to {@link
 *       stirling.software.common.service.JobExecutorService JobExecutorService} where it may be
 *       queued, retried, tracked and subject to time‑outs. For synchronous (default) invocations
 *       these advanced options are ignored.
 *   <li>Progress information (see {@link #trackProgress()}) is stored in {@link
 *       stirling.software.common.service.TaskManager TaskManager} and can be polled via <code>
 *       GET /api/v1/general/job/{id}</code>.
 * </ul>
 *
 * <p>Unless stated otherwise an attribute only affects <em>async</em> execution.
 */
@Target(ElementType.METHOD)
@Retention(RetentionPolicy.RUNTIME)
@Documented
@RequestMapping(method = RequestMethod.POST)
 public @interface AutoJobPostMapping {
    /** Alias for {@link RequestMapping#value} – the path mapping of the endpoint. */
    @AliasFor(annotation = RequestMapping.class, attribute = "value")
    String[] value() default {};
    /** MIME types this endpoint accepts. Defaults to {@code multipart/form-data}. */
    @AliasFor(annotation = RequestMapping.class, attribute = "consumes")
    String[] consumes() default {MediaType.MULTIPART_FORM_DATA_VALUE};
    /**
     * Maximum execution time in milliseconds before the job is aborted. A negative value means "use
     * the application default".
     *
     * <p>Only honoured when {@code async=true}.
     */
    long timeout() default -1;
    /**
     * Total number of attempts (initial + retries). Must be at least&nbsp;1. Retries are executed
     * with exponential back‑off.
     *
     * <p>Only honoured when {@code async=true}.
     */
    int retryCount() default 1;
    /**
     * Record percentage / note updates so they can be retrieved via the REST status endpoint.
     *
     * <p>Only honoured when {@code async=true}.
     */
    boolean trackProgress() default true;
    /**
     * If {@code true} the job may be placed in a queue instead of being rejected when resources are
     * scarce.
     *
     * <p>Only honoured when {@code async=true}.
     */
    boolean queueable() default false;
    /**
     * Relative resource weight (1–100) used by the scheduler to prioritise / throttle jobs. Values
     * below 1 are clamped to&nbsp;1, values above 100 to&nbsp;100.
     */
    int resourceWeight() default 50;
 }
--- a/app/common/src/main/java/stirling/software/common/aop/AutoJobAspect.java
+++ b/app/common/src/main/java/stirling/software/common/aop/AutoJobAspect.java
@ -1,289 +0,0 @@
 package stirling.software.common.aop;
 import java.io.IOException;
 import java.time.Duration;
 import java.util.concurrent.CompletableFuture;
 import java.util.concurrent.TimeUnit;
 import java.util.concurrent.atomic.AtomicReference;
 import org.aspectj.lang.ProceedingJoinPoint;
 import org.aspectj.lang.annotation.*;
 import org.springframework.core.annotation.Order;
 import org.springframework.stereotype.Component;
 import org.springframework.web.multipart.MultipartFile;
 import jakarta.servlet.http.HttpServletRequest;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import stirling.software.common.annotations.AutoJobPostMapping;
 import stirling.software.common.model.api.PDFFile;
 import stirling.software.common.service.FileStorage;
 import stirling.software.common.service.JobExecutorService;
@Aspect
@Component
@RequiredArgsConstructor
@Slf4j
@Order(0) // Highest precedence - executes before audit aspects
 public class AutoJobAspect {
    private static final Duration RETRY_BASE_DELAY = Duration.ofMillis(100);
    private final JobExecutorService jobExecutorService;
    private final HttpServletRequest request;
    private final FileStorage fileStorage;
    @Around("@annotation(autoJobPostMapping)")
    public Object wrapWithJobExecution(
            ProceedingJoinPoint joinPoint, AutoJobPostMapping autoJobPostMapping) {
        // This aspect will run before any audit aspects due to @Order(0)
        // Extract parameters from the request and annotation
        boolean async = Boolean.parseBoolean(request.getParameter("async"));
        log.debug(
                "AutoJobAspect: Processing {} {} with async={}",
                request.getMethod(),
                request.getRequestURI(),
                async);
        long timeout = autoJobPostMapping.timeout();
        int retryCount = autoJobPostMapping.retryCount();
        boolean trackProgress = autoJobPostMapping.trackProgress();
        log.debug(
                "AutoJobPostMapping execution with async={}, timeout={}, retryCount={},"
                        + " trackProgress={}",
                async,
                timeout > 0 ? timeout : "default",
                retryCount,
                trackProgress);
        // Process arguments in-place to avoid type mismatch issues
        Object[] args = processArgsInPlace(joinPoint.getArgs(), async);
        // Extract queueable and resourceWeight parameters and validate
        boolean queueable = autoJobPostMapping.queueable();
        int resourceWeight = Math.max(1, Math.min(100, autoJobPostMapping.resourceWeight()));
        // Integrate with the JobExecutorService
        if (retryCount <= 1) {
            // No retries needed, simple execution
            return jobExecutorService.runJobGeneric(
                    async,
                    () -> {
                        try {
                            // Note: Progress tracking is handled in TaskManager/JobExecutorService
                            // The trackProgress flag controls whether detailed progress is stored
                            // for REST API queries, not WebSocket notifications
                            return joinPoint.proceed(args);
                        } catch (Throwable ex) {
                            log.error(
                                    "AutoJobAspect caught exception during job execution: {}",
                                    ex.getMessage(),
                                    ex);
                            throw new RuntimeException(ex);
                        }
                    },
                    timeout,
                    queueable,
                    resourceWeight);
        } else {
            // Use retry logic
            return executeWithRetries(
                    joinPoint,
                    args,
                    async,
                    timeout,
                    retryCount,
                    trackProgress,
                    queueable,
                    resourceWeight);
        }
    }
    private Object executeWithRetries(
            ProceedingJoinPoint joinPoint,
            Object[] args,
            boolean async,
            long timeout,
            int maxRetries,
            boolean trackProgress,
            boolean queueable,
            int resourceWeight) {
        // Keep jobId reference for progress tracking in TaskManager
        AtomicReference<String> jobIdRef = new AtomicReference<>();
        return jobExecutorService.runJobGeneric(
                async,
                () -> {
                    // Use iterative approach instead of recursion to avoid stack overflow
                    Throwable lastException = null;
                    // Attempt counter starts at 1 for first try
                    for (int currentAttempt = 1; currentAttempt <= maxRetries; currentAttempt++) {
                        try {
                            if (trackProgress && async) {
                                // Get jobId for progress tracking in TaskManager
                                // This enables REST API progress queries, not WebSocket
                                if (jobIdRef.get() == null) {
                                    jobIdRef.set(getJobIdFromContext());
                                }
                                String jobId = jobIdRef.get();
                                if (jobId != null) {
                                    log.debug(
                                            "Tracking progress for job {} (attempt {}/{})",
                                            jobId,
                                            currentAttempt,
                                            maxRetries);
                                    // Progress is tracked in TaskManager for REST API access
                                    // No WebSocket notifications sent here
                                }
                            }
                            // Attempt to execute the operation
                            return joinPoint.proceed(args);
                        } catch (Throwable ex) {
                            lastException = ex;
                            log.error(
                                    "AutoJobAspect caught exception during job execution (attempt"
                                            + " {}/{}): {}",
                                    currentAttempt,
                                    maxRetries,
                                    ex.getMessage(),
                                    ex);
                            // Check if we should retry
                            if (currentAttempt < maxRetries) {
                                log.info(
                                        "Retrying operation, attempt {}/{}",
                                        currentAttempt + 1,
                                        maxRetries);
                                if (trackProgress && async) {
                                    String jobId = jobIdRef.get();
                                    if (jobId != null) {
                                        log.debug(
                                                "Recording retry attempt for job {} in TaskManager",
                                                jobId);
                                        // Retry info is tracked in TaskManager for REST API access
                                    }
                                }
                                // Use non-blocking delay for all retry attempts to avoid blocking
                                // threads
                                // For sync jobs this avoids starving the tomcat thread pool under
                                // load
                                long delayMs = RETRY_BASE_DELAY.toMillis() * currentAttempt;
                                // Execute the retry after a delay through the JobExecutorService
                                // rather than blocking the current thread with sleep
                                CompletableFuture<Object> delayedRetry = new CompletableFuture<>();
                                // Use a delayed executor for non-blocking delay
                                CompletableFuture.delayedExecutor(delayMs, TimeUnit.MILLISECONDS)
                                        .execute(
                                                () -> {
                                                    // Continue the retry loop in the next iteration
                                                    // We can't return from here directly since
                                                    // we're in a Runnable
                                                    delayedRetry.complete(null);
                                                });
                                // Wait for the delay to complete before continuing
                                try {
                                    delayedRetry.join();
                                } catch (Exception e) {
                                    Thread.currentThread().interrupt();
                                    break;
                                }
                            } else {
                                // No more retries, we'll throw the exception after the loop
                                break;
                            }
                        }
                    }
                    // If we get here, all retries failed
                    if (lastException != null) {
                        throw new RuntimeException(
                                "Job failed after "
                                        + maxRetries
                                        + " attempts: "
                                        + lastException.getMessage(),
                                lastException);
                    }
                    // This should never happen if lastException is properly tracked
                    throw new RuntimeException("Job failed but no exception was recorded");
                },
                timeout,
                queueable,
                resourceWeight);
    }
    /**
     * Processes arguments in-place to handle file resolution and async file persistence. This
     * approach avoids type mismatch issues by modifying the original objects directly.
     *
     * @param originalArgs The original arguments
     * @param async Whether this is an async operation
     * @return The original array with processed arguments
     */
    private Object[] processArgsInPlace(Object[] originalArgs, boolean async) {
        if (originalArgs == null || originalArgs.length == 0) {
            return originalArgs;
        }
        // Process all arguments in-place
        for (int i = 0; i < originalArgs.length; i++) {
            Object arg = originalArgs[i];
            if (arg instanceof PDFFile pdfFile) {
                // Case 1: fileId is provided but no fileInput
                if (pdfFile.getFileInput() == null && pdfFile.getFileId() != null) {
                    try {
                        log.debug("Using fileId {} to get file content", pdfFile.getFileId());
                        MultipartFile file = fileStorage.retrieveFile(pdfFile.getFileId());
                        pdfFile.setFileInput(file);
                    } catch (Exception e) {
                        throw new RuntimeException(
                                "Failed to resolve file by ID: " + pdfFile.getFileId(), e);
                    }
                }
                // Case 2: For async requests, we need to make a copy of the MultipartFile
                else if (async && pdfFile.getFileInput() != null) {
                    try {
                        log.debug("Making persistent copy of uploaded file for async processing");
                        MultipartFile originalFile = pdfFile.getFileInput();
                        String fileId = fileStorage.storeFile(originalFile);
                        // Store the fileId for later reference
                        pdfFile.setFileId(fileId);
                        // Replace the original MultipartFile with our persistent copy
                        MultipartFile persistentFile = fileStorage.retrieveFile(fileId);
                        pdfFile.setFileInput(persistentFile);
                        log.debug("Created persistent file copy with fileId: {}", fileId);
                    } catch (IOException e) {
                        throw new RuntimeException(
                                "Failed to create persistent copy of uploaded file", e);
                    }
                }
            }
        }
        return originalArgs;
    }
    private String getJobIdFromContext() {
        try {
            return (String) request.getAttribute("jobId");
        } catch (Exception e) {
            log.debug("Could not retrieve job ID from context: {}", e.getMessage());
            return null;
        }
    }
 }
--- a/app/common/src/main/java/stirling/software/common/config/TempFileConfiguration.java
+++ b/app/common/src/main/java/stirling/software/common/config/TempFileConfiguration.java
@ -1,59 +0,0 @@
 package stirling.software.common.config;
 import java.nio.file.Files;
 import java.nio.file.Path;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import jakarta.annotation.PostConstruct;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import stirling.software.common.model.ApplicationProperties;
 import stirling.software.common.util.TempFileRegistry;
 /**
 * Configuration for the temporary file management system. Sets up the necessary beans and
 * configures system properties.
 */
@Slf4j
@Configuration
@RequiredArgsConstructor
 public class TempFileConfiguration {
    private final ApplicationProperties applicationProperties;
    /**
     * Create the TempFileRegistry bean.
     *
     * @return A new TempFileRegistry instance
     */
    @Bean
    public TempFileRegistry tempFileRegistry() {
        return new TempFileRegistry();
    }
    @PostConstruct
    public void initTempFileConfig() {
        try {
            ApplicationProperties.TempFileManagement tempFiles =
                    applicationProperties.getSystem().getTempFileManagement();
            String customTempDirectory = tempFiles.getBaseTmpDir();
            // Create the temp directory if it doesn't exist
            Path tempDir = Path.of(customTempDirectory);
            if (!Files.exists(tempDir)) {
                Files.createDirectories(tempDir);
                log.info("Created temporary directory: {}", tempDir);
            }
            log.debug("Temporary file configuration initialized");
            log.debug("Using temp directory: {}", customTempDirectory);
            log.debug("Temp file prefix: {}", tempFiles.getPrefix());
        } catch (Exception e) {
            log.error("Failed to initialize temporary file configuration", e);
        }
    }
 }
--- a/app/common/src/main/java/stirling/software/common/config/TempFileShutdownHook.java
+++ b/app/common/src/main/java/stirling/software/common/config/TempFileShutdownHook.java
@ -1,82 +0,0 @@
 package stirling.software.common.config;
 import java.io.IOException;
 import java.nio.file.Files;
 import java.nio.file.Path;
 import java.util.Set;
 import org.springframework.beans.factory.DisposableBean;
 import org.springframework.stereotype.Component;
 import lombok.extern.slf4j.Slf4j;
 import stirling.software.common.util.GeneralUtils;
 import stirling.software.common.util.TempFileRegistry;
 /**
 * Handles cleanup of temporary files on application shutdown. Implements Spring's DisposableBean
 * interface to ensure cleanup happens during normal application shutdown.
 */
@Slf4j
@Component
 public class TempFileShutdownHook implements DisposableBean {
    private final TempFileRegistry registry;
    public TempFileShutdownHook(TempFileRegistry registry) {
        this.registry = registry;
        // Register a JVM shutdown hook as a backup in case Spring's
        // DisposableBean mechanism doesn't trigger (e.g., during a crash)
        Runtime.getRuntime().addShutdownHook(new Thread(this::cleanupTempFiles));
    }
    /** Spring's DisposableBean interface method. Called during normal application shutdown. */
    @Override
    public void destroy() {
        log.info("Application shutting down, cleaning up temporary files");
        cleanupTempFiles();
    }
    /** Clean up all registered temporary files and directories. */
    private void cleanupTempFiles() {
        try {
            // Clean up all registered files
            Set<Path> files = registry.getAllRegisteredFiles();
            int deletedCount = 0;
            for (Path file : files) {
                try {
                    if (Files.exists(file)) {
                        Files.deleteIfExists(file);
                        deletedCount++;
                    }
                } catch (IOException e) {
                    log.warn("Failed to delete temp file during shutdown: {}", file, e);
                }
            }
            // Clean up all registered directories
            Set<Path> directories = registry.getTempDirectories();
            for (Path dir : directories) {
                try {
                    if (Files.exists(dir)) {
                        GeneralUtils.deleteDirectory(dir);
                        deletedCount++;
                    }
                } catch (IOException e) {
                    log.warn("Failed to delete temp directory during shutdown: {}", dir, e);
                }
            }
            log.info(
                    "Shutdown cleanup complete. Deleted {} temporary files/directories",
                    deletedCount);
            // Clear the registry
            registry.clear();
        } catch (Exception e) {
            log.error("Error during shutdown cleanup", e);
        }
    }
 }
--- a/app/common/src/main/java/stirling/software/common/model/api/PDFFile.java
+++ b/app/common/src/main/java/stirling/software/common/model/api/PDFFile.java
@ -1,26 +0,0 @@
 package stirling.software.common.model.api;
 import org.springframework.http.MediaType;
 import org.springframework.web.multipart.MultipartFile;
 import io.swagger.v3.oas.annotations.media.Schema;
 import lombok.Data;
 import lombok.EqualsAndHashCode;
 import lombok.NoArgsConstructor;
@Data
@NoArgsConstructor
@EqualsAndHashCode
 public class PDFFile {
    @Schema(
            description = "The input PDF file",
            contentMediaType = MediaType.APPLICATION_PDF_VALUE,
            format = "binary")
    private MultipartFile fileInput;
    @Schema(
            description = "File ID for server-side files (can be used instead of fileInput)",
            example = "a1b2c3d4-5678-90ab-cdef-ghijklmnopqr")
    private String fileId;
 }
--- a/app/common/src/main/java/stirling/software/common/model/api/converters/EmlToPdfRequest.java
+++ b/app/common/src/main/java/stirling/software/common/model/api/converters/EmlToPdfRequest.java
@ -1,41 +0,0 @@
 package stirling.software.common.model.api.converters;
 import io.swagger.v3.oas.annotations.media.Schema;
 import lombok.Data;
 import lombok.EqualsAndHashCode;
 import stirling.software.common.model.api.PDFFile;
@Data
@EqualsAndHashCode(callSuper = true)
 public class EmlToPdfRequest extends PDFFile {
    // fileInput is inherited from PDFFile
    @Schema(
            description = "Include email attachments in the PDF output",
            requiredMode = Schema.RequiredMode.NOT_REQUIRED,
            example = "false")
    private boolean includeAttachments = false;
    @Schema(
            description = "Maximum attachment size in MB to include (default 10MB, range: 1-100)",
            requiredMode = Schema.RequiredMode.NOT_REQUIRED,
            example = "10",
            minimum = "1",
            maximum = "100")
    private int maxAttachmentSizeMB = 10;
    @Schema(
            description = "Download HTML intermediate file instead of PDF",
            requiredMode = Schema.RequiredMode.NOT_REQUIRED,
            example = "false")
    private boolean downloadHtml = false;
    @Schema(
            description = "Include CC and BCC recipients in header (if available)",
            requiredMode = Schema.RequiredMode.NOT_REQUIRED,
            example = "true")
    private boolean includeAllRecipients = true;
 }
--- a/app/common/src/main/java/stirling/software/common/model/exception/UnsupportedClaimException.java
+++ b/app/common/src/main/java/stirling/software/common/model/exception/UnsupportedClaimException.java
@ -1,7 +0,0 @@
 package stirling.software.common.model.exception;
 public class UnsupportedClaimException extends RuntimeException {
    public UnsupportedClaimException(String message) {
        super(message);
    }
 }
--- a/app/common/src/main/java/stirling/software/common/model/job/JobProgress.java
+++ b/app/common/src/main/java/stirling/software/common/model/job/JobProgress.java
@ -1,15 +0,0 @@
 package stirling.software.common.model.job;
 import lombok.AllArgsConstructor;
 import lombok.Data;
 import lombok.NoArgsConstructor;
@Data
@NoArgsConstructor
@AllArgsConstructor
 public class JobProgress {
    private String jobId;
    private String status;
    private int percentComplete;
    private String message;
 }
--- a/app/common/src/main/java/stirling/software/common/model/job/JobResponse.java
+++ b/app/common/src/main/java/stirling/software/common/model/job/JobResponse.java
@ -1,14 +0,0 @@
 package stirling.software.common.model.job;
 import lombok.AllArgsConstructor;
 import lombok.Data;
 import lombok.NoArgsConstructor;
@Data
@NoArgsConstructor
@AllArgsConstructor
 public class JobResponse<T> {
    private boolean async;
    private String jobId;
    private T result;
 }
--- a/app/common/src/main/java/stirling/software/common/model/job/JobResult.java
+++ b/app/common/src/main/java/stirling/software/common/model/job/JobResult.java
@ -1,164 +0,0 @@
 package stirling.software.common.model.job;
 import java.time.LocalDateTime;
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.List;
 import java.util.concurrent.CopyOnWriteArrayList;
 import com.fasterxml.jackson.annotation.JsonIgnore;
 import lombok.AllArgsConstructor;
 import lombok.Builder;
 import lombok.Data;
 import lombok.NoArgsConstructor;
 /** Represents the result of a job execution. Used by the TaskManager to store job results. */
@Data
@Builder
@NoArgsConstructor
@AllArgsConstructor
 public class JobResult {
    /** The job ID */
    private String jobId;
    /** Flag indicating if the job is complete */
    private boolean complete;
    /** Error message if the job failed */
    private String error;
    /** List of result files for jobs that produce files */
    @JsonIgnore private List<ResultFile> resultFiles;
    /** Time when the job was created */
    private LocalDateTime createdAt;
    /** Time when the job was completed */
    private LocalDateTime completedAt;
    /** The actual result object, if not a file */
    private Object result;
    /**
     * Notes attached to this job for tracking purposes. Uses CopyOnWriteArrayList for thread safety
     * when notes are added concurrently.
     */
    private final List<String> notes = new CopyOnWriteArrayList<>();
    /**
     * Create a new JobResult with the given job ID
     *
     * @param jobId The job ID
     * @return A new JobResult
     */
    public static JobResult createNew(String jobId) {
        return JobResult.builder()
                .jobId(jobId)
                .complete(false)
                .createdAt(LocalDateTime.now())
                .build();
    }
    /**
     * Mark this job as complete with a general result
     *
     * @param result The result object
     */
    public void completeWithResult(Object result) {
        this.complete = true;
        this.result = result;
        this.completedAt = LocalDateTime.now();
    }
    /**
     * Mark this job as failed with an error message
     *
     * @param error The error message
     */
    public void failWithError(String error) {
        this.complete = true;
        this.error = error;
        this.completedAt = LocalDateTime.now();
    }
    /**
     * Mark this job as complete with multiple file results
     *
     * @param resultFiles The list of result files
     */
    public void completeWithFiles(List<ResultFile> resultFiles) {
        this.complete = true;
        this.resultFiles = new ArrayList<>(resultFiles);
        this.completedAt = LocalDateTime.now();
    }
    /**
     * Mark this job as complete with a single file result (convenience method)
     *
     * @param fileId The file ID of the result
     * @param fileName The file name
     * @param contentType The content type of the file
     * @param fileSize The size of the file in bytes
     */
    public void completeWithSingleFile(
            String fileId, String fileName, String contentType, long fileSize) {
        ResultFile resultFile =
                ResultFile.builder()
                        .fileId(fileId)
                        .fileName(fileName)
                        .contentType(contentType)
                        .fileSize(fileSize)
                        .build();
        completeWithFiles(List.of(resultFile));
    }
    /**
     * Check if this job has file results
     *
     * @return true if this job has file results, false otherwise
     */
    public boolean hasFiles() {
        return resultFiles != null && !resultFiles.isEmpty();
    }
    /**
     * Check if this job has multiple file results
     *
     * @return true if this job has multiple file results, false otherwise
     */
    public boolean hasMultipleFiles() {
        return resultFiles != null && resultFiles.size() > 1;
    }
    /**
     * Get all result files
     *
     * @return List of result files
     */
    public List<ResultFile> getAllResultFiles() {
        if (resultFiles != null && !resultFiles.isEmpty()) {
            return Collections.unmodifiableList(resultFiles);
        }
        return Collections.emptyList();
    }
    /**
     * Add a note to this job
     *
     * @param note The note to add
     */
    public void addNote(String note) {
        this.notes.add(note);
    }
    /**
     * Get all notes attached to this job
     *
     * @return An unmodifiable view of the notes list
     */
    public List<String> getNotes() {
        return Collections.unmodifiableList(notes);
    }
 }
--- a/app/common/src/main/java/stirling/software/common/model/job/JobStats.java
+++ b/app/common/src/main/java/stirling/software/common/model/job/JobStats.java
@ -1,43 +0,0 @@
 package stirling.software.common.model.job;
 import java.time.LocalDateTime;
 import lombok.AllArgsConstructor;
 import lombok.Builder;
 import lombok.Data;
 import lombok.NoArgsConstructor;
 /** Represents statistics about jobs in the system */
@Data
@Builder
@NoArgsConstructor
@AllArgsConstructor
 public class JobStats {
    /** Total number of jobs (active and completed) */
    private int totalJobs;
    /** Number of active (incomplete) jobs */
    private int activeJobs;
    /** Number of completed jobs */
    private int completedJobs;
    /** Number of failed jobs */
    private int failedJobs;
    /** Number of successful jobs */
    private int successfulJobs;
    /** Number of jobs with file results */
    private int fileResultJobs;
    /** The oldest active job's creation timestamp */
    private LocalDateTime oldestActiveJobTime;
    /** The newest active job's creation timestamp */
    private LocalDateTime newestActiveJobTime;
    /** The average processing time for completed jobs in milliseconds */
    private long averageProcessingTimeMs;
 }
--- a/app/common/src/main/java/stirling/software/common/model/job/ResultFile.java
+++ b/app/common/src/main/java/stirling/software/common/model/job/ResultFile.java
@ -1,26 +0,0 @@
 package stirling.software.common.model.job;
 import lombok.AllArgsConstructor;
 import lombok.Builder;
 import lombok.Data;
 import lombok.NoArgsConstructor;
 /** Represents a single file result from a job execution */
@Data
@Builder
@NoArgsConstructor
@AllArgsConstructor
 public class ResultFile {
    /** The file ID for accessing the file */
    private String fileId;
    /** The original file name */
    private String fileName;
    /** MIME type of the file */
    private String contentType;
    /** Size of the file in bytes */
    private long fileSize;
 }
--- a/app/common/src/main/java/stirling/software/common/service/FileOrUploadService.java
+++ b/app/common/src/main/java/stirling/software/common/service/FileOrUploadService.java
@ -1,78 +0,0 @@
 package stirling.software.common.service;
 import java.io.ByteArrayInputStream;
 import java.io.IOException;
 import java.nio.file.*;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.stereotype.Service;
 import org.springframework.web.multipart.MultipartFile;
 import lombok.RequiredArgsConstructor;
@Service
@RequiredArgsConstructor
 public class FileOrUploadService {
    @Value("${stirling.tempDir:/tmp/stirling-files}")
    private String tempDirPath;
    public Path resolveFilePath(String fileId) {
        return Path.of(tempDirPath).resolve(fileId);
    }
    public MultipartFile toMockMultipartFile(String name, byte[] data) throws IOException {
        return new CustomMultipartFile(name, data);
    }
    // Custom implementation of MultipartFile
    private static class CustomMultipartFile implements MultipartFile {
        private final String name;
        private final byte[] content;
        public CustomMultipartFile(String name, byte[] content) {
            this.name = name;
            this.content = content;
        }
        @Override
        public String getName() {
            return name;
        }
        @Override
        public String getOriginalFilename() {
            return name;
        }
        @Override
        public String getContentType() {
            return "application/pdf";
        }
        @Override
        public boolean isEmpty() {
            return content == null || content.length == 0;
        }
        @Override
        public long getSize() {
            return content.length;
        }
        @Override
        public byte[] getBytes() throws IOException {
            return content;
        }
        @Override
        public java.io.InputStream getInputStream() throws IOException {
            return new ByteArrayInputStream(content);
        }
        @Override
        public void transferTo(java.io.File dest) throws IOException, IllegalStateException {
            Files.write(dest.toPath(), content);
        }
    }
 }
--- a/app/common/src/main/java/stirling/software/common/service/FileStorage.java
+++ b/app/common/src/main/java/stirling/software/common/service/FileStorage.java
@ -1,184 +0,0 @@
 package stirling.software.common.service;
 import java.io.IOException;
 import java.nio.file.Files;
 import java.nio.file.Path;
 import java.util.UUID;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.stereotype.Service;
 import org.springframework.web.multipart.MultipartFile;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 /**
 * Service for storing and retrieving files with unique file IDs. Used by the AutoJobPostMapping
 * system to handle file references.
 */
@Service
@RequiredArgsConstructor
@Slf4j
 public class FileStorage {
    @Value("${stirling.tempDir:/tmp/stirling-files}")
    private String tempDirPath;
    private final FileOrUploadService fileOrUploadService;
    /**
     * Store a file and return its unique ID
     *
     * @param file The file to store
     * @return The unique ID assigned to the file
     * @throws IOException If there is an error storing the file
     */
    public String storeFile(MultipartFile file) throws IOException {
        String fileId = generateFileId();
        Path filePath = getFilePath(fileId);
        // Ensure the directory exists
        Files.createDirectories(filePath.getParent());
        // Transfer the file to the storage location
        file.transferTo(filePath.toFile());
        log.debug("Stored file with ID: {}", fileId);
        return fileId;
    }
    /**
     * Store a byte array as a file and return its unique ID
     *
     * @param bytes The byte array to store
     * @param originalName The original name of the file (for extension)
     * @return The unique ID assigned to the file
     * @throws IOException If there is an error storing the file
     */
    public String storeBytes(byte[] bytes, String originalName) throws IOException {
        String fileId = generateFileId();
        Path filePath = getFilePath(fileId);
        // Ensure the directory exists
        Files.createDirectories(filePath.getParent());
        // Write the bytes to the file
        Files.write(filePath, bytes);
        log.debug("Stored byte array with ID: {}", fileId);
        return fileId;
    }
    /**
     * Retrieve a file by its ID as a MultipartFile
     *
     * @param fileId The ID of the file to retrieve
     * @return The file as a MultipartFile
     * @throws IOException If the file doesn't exist or can't be read
     */
    public MultipartFile retrieveFile(String fileId) throws IOException {
        Path filePath = getFilePath(fileId);
        if (!Files.exists(filePath)) {
            throw new IOException("File not found with ID: " + fileId);
        }
        byte[] fileData = Files.readAllBytes(filePath);
        return fileOrUploadService.toMockMultipartFile(fileId, fileData);
    }
    /**
     * Retrieve a file by its ID as a byte array
     *
     * @param fileId The ID of the file to retrieve
     * @return The file as a byte array
     * @throws IOException If the file doesn't exist or can't be read
     */
    public byte[] retrieveBytes(String fileId) throws IOException {
        Path filePath = getFilePath(fileId);
        if (!Files.exists(filePath)) {
            throw new IOException("File not found with ID: " + fileId);
        }
        return Files.readAllBytes(filePath);
    }
    /**
     * Delete a file by its ID
     *
     * @param fileId The ID of the file to delete
     * @return true if the file was deleted, false otherwise
     */
    public boolean deleteFile(String fileId) {
        try {
            Path filePath = getFilePath(fileId);
            return Files.deleteIfExists(filePath);
        } catch (IOException e) {
            log.error("Error deleting file with ID: {}", fileId, e);
            return false;
        }
    }
    /**
     * Check if a file exists by its ID
     *
     * @param fileId The ID of the file to check
     * @return true if the file exists, false otherwise
     */
    public boolean fileExists(String fileId) {
        Path filePath = getFilePath(fileId);
        return Files.exists(filePath);
    }
    /**
     * Get the size of a file by its ID without loading the content into memory
     *
     * @param fileId The ID of the file
     * @return The size of the file in bytes
     * @throws IOException If the file doesn't exist or can't be read
     */
    public long getFileSize(String fileId) throws IOException {
        Path filePath = getFilePath(fileId);
        if (!Files.exists(filePath)) {
            throw new IOException("File not found with ID: " + fileId);
        }
        return Files.size(filePath);
    }
    /**
     * Get the path for a file ID
     *
     * @param fileId The ID of the file
     * @return The path to the file
     * @throws IllegalArgumentException if fileId contains path traversal characters or resolves
     *     outside base directory
     */
    private Path getFilePath(String fileId) {
        // Validate fileId to prevent path traversal
        if (fileId.contains("..") || fileId.contains("/") || fileId.contains("\\")) {
            throw new IllegalArgumentException("Invalid file ID");
        }
        Path basePath = Path.of(tempDirPath).normalize().toAbsolutePath();
        Path resolvedPath = basePath.resolve(fileId).normalize();
        // Ensure resolved path is within the base directory
        if (!resolvedPath.startsWith(basePath)) {
            throw new IllegalArgumentException("File ID resolves to an invalid path");
        }
        return resolvedPath;
    }
    /**
     * Generate a unique file ID
     *
     * @return A unique file ID
     */
    private String generateFileId() {
        return UUID.randomUUID().toString();
    }
 }
--- a/app/common/src/main/java/stirling/software/common/service/JobExecutorService.java
+++ b/app/common/src/main/java/stirling/software/common/service/JobExecutorService.java
@ -1,477 +0,0 @@
 package stirling.software.common.service;
 import java.io.IOException;
 import java.util.Map;
 import java.util.UUID;
 import java.util.concurrent.CompletableFuture;
 import java.util.concurrent.ExecutorService;
 import java.util.concurrent.TimeUnit;
 import java.util.concurrent.TimeoutException;
 import java.util.function.Supplier;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
 import org.springframework.stereotype.Service;
 import org.springframework.web.multipart.MultipartFile;
 import jakarta.servlet.http.HttpServletRequest;
 import lombok.extern.slf4j.Slf4j;
 import stirling.software.common.model.job.JobResponse;
 import stirling.software.common.util.ExecutorFactory;
 /** Service for executing jobs asynchronously or synchronously */
@Service
@Slf4j
 public class JobExecutorService {
    private final TaskManager taskManager;
    private final FileStorage fileStorage;
    private final HttpServletRequest request;
    private final ResourceMonitor resourceMonitor;
    private final JobQueue jobQueue;
    private final ExecutorService executor = ExecutorFactory.newVirtualOrCachedThreadExecutor();
    private final long effectiveTimeoutMs;
    public JobExecutorService(
            TaskManager taskManager,
            FileStorage fileStorage,
            HttpServletRequest request,
            ResourceMonitor resourceMonitor,
            JobQueue jobQueue,
            @Value("${spring.mvc.async.request-timeout:1200000}") long asyncRequestTimeoutMs,
            @Value("${server.servlet.session.timeout:30m}") String sessionTimeout) {
        this.taskManager = taskManager;
        this.fileStorage = fileStorage;
        this.request = request;
        this.resourceMonitor = resourceMonitor;
        this.jobQueue = jobQueue;
        // Parse session timeout and calculate effective timeout once during initialization
        long sessionTimeoutMs = parseSessionTimeout(sessionTimeout);
        this.effectiveTimeoutMs = Math.min(asyncRequestTimeoutMs, sessionTimeoutMs);
        log.debug(
                "Job executor configured with effective timeout of {} ms", this.effectiveTimeoutMs);
    }
    /**
     * Run a job either asynchronously or synchronously
     *
     * @param async Whether to run the job asynchronously
     * @param work The work to be done
     * @return The response
     */
    public ResponseEntity<?> runJobGeneric(boolean async, Supplier<Object> work) {
        return runJobGeneric(async, work, -1);
    }
    /**
     * Run a job either asynchronously or synchronously with a custom timeout
     *
     * @param async Whether to run the job asynchronously
     * @param work The work to be done
     * @param customTimeoutMs Custom timeout in milliseconds, or -1 to use the default
     * @return The response
     */
    public ResponseEntity<?> runJobGeneric(
            boolean async, Supplier<Object> work, long customTimeoutMs) {
        return runJobGeneric(async, work, customTimeoutMs, false, 50);
    }
    /**
     * Run a job either asynchronously or synchronously with custom parameters
     *
     * @param async Whether to run the job asynchronously
     * @param work The work to be done
     * @param customTimeoutMs Custom timeout in milliseconds, or -1 to use the default
     * @param queueable Whether this job can be queued when system resources are limited
     * @param resourceWeight The resource weight of this job (1-100)
     * @return The response
     */
    public ResponseEntity<?> runJobGeneric(
            boolean async,
            Supplier<Object> work,
            long customTimeoutMs,
            boolean queueable,
            int resourceWeight) {
        String jobId = UUID.randomUUID().toString();
        // Store the job ID in the request for potential use by other components
        if (request != null) {
            request.setAttribute("jobId", jobId);
            // Also track this job ID in the user's session for authorization purposes
            // This ensures users can only cancel their own jobs
            if (request.getSession() != null) {
                @SuppressWarnings("unchecked")
                java.util.Set<String> userJobIds =
                        (java.util.Set<String>) request.getSession().getAttribute("userJobIds");
                if (userJobIds == null) {
                    userJobIds = new java.util.concurrent.ConcurrentSkipListSet<>();
                    request.getSession().setAttribute("userJobIds", userJobIds);
                }
                userJobIds.add(jobId);
                log.debug("Added job ID {} to user session", jobId);
            }
        }
        // Determine which timeout to use
        long timeoutToUse = customTimeoutMs > 0 ? customTimeoutMs : effectiveTimeoutMs;
        log.debug(
                "Running job with ID: {}, async: {}, timeout: {}ms, queueable: {}, weight: {}",
                jobId,
                async,
                timeoutToUse,
                queueable,
                resourceWeight);
        // Check if we need to queue this job based on resource availability
        boolean shouldQueue =
                queueable
                        && async
                        && // Only async jobs can be queued
                        resourceMonitor.shouldQueueJob(resourceWeight);
        if (shouldQueue) {
            // Queue the job instead of executing immediately
            log.debug(
                    "Queueing job {} due to resource constraints (weight: {})",
                    jobId,
                    resourceWeight);
            taskManager.createTask(jobId);
            // Create a specialized wrapper that updates the TaskManager
            Supplier<Object> wrappedWork =
                    () -> {
                        try {
                            Object result = work.get();
                            processJobResult(jobId, result);
                            return result;
                        } catch (Exception e) {
                            log.error(
                                    "Error executing queued job {}: {}", jobId, e.getMessage(), e);
                            taskManager.setError(jobId, e.getMessage());
                            throw e;
                        }
                    };
            // Queue the job and get the future
            CompletableFuture<ResponseEntity<?>> future =
                    jobQueue.queueJob(jobId, resourceWeight, wrappedWork, timeoutToUse);
            // Return immediately with job ID
            return ResponseEntity.ok().body(new JobResponse<>(true, jobId, null));
        } else if (async) {
            taskManager.createTask(jobId);
            executor.execute(
                    () -> {
                        try {
                            log.debug(
                                    "Running async job {} with timeout {} ms", jobId, timeoutToUse);
                            // Execute with timeout
                            Object result = executeWithTimeout(() -> work.get(), timeoutToUse);
                            processJobResult(jobId, result);
                        } catch (TimeoutException te) {
                            log.error("Job {} timed out after {} ms", jobId, timeoutToUse);
                            taskManager.setError(jobId, "Job timed out");
                        } catch (Exception e) {
                            log.error("Error executing job {}: {}", jobId, e.getMessage(), e);
                            taskManager.setError(jobId, e.getMessage());
                        }
                    });
            return ResponseEntity.ok().body(new JobResponse<>(true, jobId, null));
        } else {
            try {
                log.debug("Running sync job with timeout {} ms", timeoutToUse);
                // Execute with timeout
                Object result = executeWithTimeout(() -> work.get(), timeoutToUse);
                // If the result is already a ResponseEntity, return it directly
                if (result instanceof ResponseEntity) {
                    return (ResponseEntity<?>) result;
                }
                // Process different result types
                return handleResultForSyncJob(result);
            } catch (TimeoutException te) {
                log.error("Synchronous job timed out after {} ms", timeoutToUse);
                return ResponseEntity.internalServerError()
                        .body(Map.of("error", "Job timed out after " + timeoutToUse + " ms"));
            } catch (Exception e) {
                log.error("Error executing synchronous job: {}", e.getMessage(), e);
                // Construct a JSON error response
                return ResponseEntity.internalServerError()
                        .body(Map.of("error", "Job failed: " + e.getMessage()));
            }
        }
    }
    /**
     * Process the result of an asynchronous job
     *
     * @param jobId The job ID
     * @param result The result
     */
    private void processJobResult(String jobId, Object result) {
        try {
            if (result instanceof byte[]) {
                // Store byte array directly to disk to avoid double memory consumption
                String fileId = fileStorage.storeBytes((byte[]) result, "result.pdf");
                taskManager.setFileResult(
                        jobId, fileId, "result.pdf", MediaType.APPLICATION_PDF_VALUE);
                log.debug("Stored byte[] result with fileId: {}", fileId);
                // Let the byte array get collected naturally in the next GC cycle
                // We don't need to force System.gc() which can be harmful
            } else if (result instanceof ResponseEntity) {
                ResponseEntity<?> response = (ResponseEntity<?>) result;
                Object body = response.getBody();
                if (body instanceof byte[]) {
                    // Extract filename from content-disposition header if available
                    String filename = "result.pdf";
                    String contentType = MediaType.APPLICATION_PDF_VALUE;
                    if (response.getHeaders().getContentDisposition() != null) {
                        String disposition =
                                response.getHeaders().getContentDisposition().toString();
                        if (disposition.contains("filename=")) {
                            filename =
                                    disposition.substring(
                                            disposition.indexOf("filename=") + 9,
                                            disposition.lastIndexOf("\""));
                        }
                    }
                    MediaType mediaType = response.getHeaders().getContentType();
                    if (mediaType != null) {
                        contentType = mediaType.toString();
                    }
                    // Store byte array directly to disk
                    String fileId = fileStorage.storeBytes((byte[]) body, filename);
                    taskManager.setFileResult(jobId, fileId, filename, contentType);
                    log.debug("Stored ResponseEntity<byte[]> result with fileId: {}", fileId);
                    // Let the GC handle the memory naturally
                } else {
                    // Check if the response body contains a fileId
                    if (body != null && body.toString().contains("fileId")) {
                        try {
                            // Try to extract fileId using reflection
                            java.lang.reflect.Method getFileId =
                                    body.getClass().getMethod("getFileId");
                            String fileId = (String) getFileId.invoke(body);
                            if (fileId != null && !fileId.isEmpty()) {
                                // Try to get filename and content type
                                String filename = "result.pdf";
                                String contentType = MediaType.APPLICATION_PDF_VALUE;
                                try {
                                    java.lang.reflect.Method getOriginalFileName =
                                            body.getClass().getMethod("getOriginalFilename");
                                    String origName = (String) getOriginalFileName.invoke(body);
                                    if (origName != null && !origName.isEmpty()) {
                                        filename = origName;
                                    }
                                } catch (Exception e) {
                                    log.debug(
                                            "Could not get original filename: {}", e.getMessage());
                                }
                                try {
                                    java.lang.reflect.Method getContentType =
                                            body.getClass().getMethod("getContentType");
                                    String ct = (String) getContentType.invoke(body);
                                    if (ct != null && !ct.isEmpty()) {
                                        contentType = ct;
                                    }
                                } catch (Exception e) {
                                    log.debug("Could not get content type: {}", e.getMessage());
                                }
                                taskManager.setFileResult(jobId, fileId, filename, contentType);
                                log.debug("Extracted fileId from response body: {}", fileId);
                                taskManager.setComplete(jobId);
                                return;
                            }
                        } catch (Exception e) {
                            log.debug(
                                    "Failed to extract fileId from response body: {}",
                                    e.getMessage());
                        }
                    }
                    // Store generic result
                    taskManager.setResult(jobId, body);
                }
            } else if (result instanceof MultipartFile file) {
                String fileId = fileStorage.storeFile(file);
                taskManager.setFileResult(
                        jobId, fileId, file.getOriginalFilename(), file.getContentType());
                log.debug("Stored MultipartFile result with fileId: {}", fileId);
            } else {
                // Check if result has a fileId field
                if (result != null) {
                    try {
                        // Try to extract fileId using reflection
                        java.lang.reflect.Method getFileId =
                                result.getClass().getMethod("getFileId");
                        String fileId = (String) getFileId.invoke(result);
                        if (fileId != null && !fileId.isEmpty()) {
                            // Try to get filename and content type
                            String filename = "result.pdf";
                            String contentType = MediaType.APPLICATION_PDF_VALUE;
                            try {
                                java.lang.reflect.Method getOriginalFileName =
                                        result.getClass().getMethod("getOriginalFilename");
                                String origName = (String) getOriginalFileName.invoke(result);
                                if (origName != null && !origName.isEmpty()) {
                                    filename = origName;
                                }
                            } catch (Exception e) {
                                log.debug("Could not get original filename: {}", e.getMessage());
                            }
                            try {
                                java.lang.reflect.Method getContentType =
                                        result.getClass().getMethod("getContentType");
                                String ct = (String) getContentType.invoke(result);
                                if (ct != null && !ct.isEmpty()) {
                                    contentType = ct;
                                }
                            } catch (Exception e) {
                                log.debug("Could not get content type: {}", e.getMessage());
                            }
                            taskManager.setFileResult(jobId, fileId, filename, contentType);
                            log.debug("Extracted fileId from result object: {}", fileId);
                            taskManager.setComplete(jobId);
                            return;
                        }
                    } catch (Exception e) {
                        log.debug(
                                "Failed to extract fileId from result object: {}", e.getMessage());
                    }
                }
                // Default case: store the result as is
                taskManager.setResult(jobId, result);
            }
            taskManager.setComplete(jobId);
        } catch (Exception e) {
            log.error("Error processing job result: {}", e.getMessage(), e);
            taskManager.setError(jobId, "Error processing result: " + e.getMessage());
        }
    }
    /**
     * Handle different result types for synchronous jobs
     *
     * @param result The result object
     * @return The appropriate ResponseEntity
     * @throws IOException If there is an error processing the result
     */
    private ResponseEntity<?> handleResultForSyncJob(Object result) throws IOException {
        if (result instanceof byte[]) {
            // Return byte array as PDF
            return ResponseEntity.ok()
                    .contentType(MediaType.APPLICATION_PDF)
                    .header(
                            HttpHeaders.CONTENT_DISPOSITION,
                            "form-data; name=\"attachment\"; filename=\"result.pdf\"")
                    .body(result);
        } else if (result instanceof MultipartFile file) {
            // Return MultipartFile content
            return ResponseEntity.ok()
                    .contentType(MediaType.parseMediaType(file.getContentType()))
                    .header(
                            HttpHeaders.CONTENT_DISPOSITION,
                            "form-data; name=\"attachment\"; filename=\""
                                    + file.getOriginalFilename()
                                    + "\"")
                    .body(file.getBytes());
        } else {
            // Default case: return as JSON
            return ResponseEntity.ok(result);
        }
    }
    /**
     * Parse session timeout string (e.g., "30m", "1h") to milliseconds
     *
     * @param timeout The timeout string
     * @return The timeout in milliseconds
     */
    private long parseSessionTimeout(String timeout) {
        if (timeout == null || timeout.isEmpty()) {
            return 30 * 60 * 1000; // Default: 30 minutes
        }
        try {
            String value = timeout.replaceAll("[^\\d.]", "");
            String unit = timeout.replaceAll("[\\d.]", "");
            double numericValue = Double.parseDouble(value);
            return switch (unit.toLowerCase()) {
                case "s" -> (long) (numericValue * 1000);
                case "m" -> (long) (numericValue * 60 * 1000);
                case "h" -> (long) (numericValue * 60 * 60 * 1000);
                case "d" -> (long) (numericValue * 24 * 60 * 60 * 1000);
                default -> (long) (numericValue * 60 * 1000); // Default to minutes
            };
        } catch (Exception e) {
            log.warn("Could not parse session timeout '{}', using default", timeout);
            return 30 * 60 * 1000; // Default: 30 minutes
        }
    }
    /**
     * Execute a supplier with a timeout
     *
     * @param supplier The supplier to execute
     * @param timeoutMs The timeout in milliseconds
     * @return The result from the supplier
     * @throws TimeoutException If the execution times out
     * @throws Exception If the supplier throws an exception
     */
    private <T> T executeWithTimeout(Supplier<T> supplier, long timeoutMs)
            throws TimeoutException, Exception {
        // Use the same executor as other async jobs for consistency
        // This ensures all operations run on the same thread pool
        java.util.concurrent.CompletableFuture<T> future =
                java.util.concurrent.CompletableFuture.supplyAsync(supplier, executor);
        try {
            return future.get(timeoutMs, TimeUnit.MILLISECONDS);
        } catch (java.util.concurrent.TimeoutException e) {
            future.cancel(true);
            throw new TimeoutException("Execution timed out after " + timeoutMs + " ms");
        } catch (java.util.concurrent.ExecutionException e) {
            throw (Exception) e.getCause();
        } catch (java.util.concurrent.CancellationException e) {
            throw new Exception("Execution was cancelled", e);
        } catch (InterruptedException e) {
            Thread.currentThread().interrupt();
            throw new Exception("Execution was interrupted", e);
        }
    }
 }
--- a/app/common/src/main/java/stirling/software/common/service/JobQueue.java
+++ b/app/common/src/main/java/stirling/software/common/service/JobQueue.java
@ -1,495 +0,0 @@
 package stirling.software.common.service;
 import java.time.Instant;
 import java.util.Map;
 import java.util.concurrent.*;
 import java.util.function.Supplier;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.SmartLifecycle;
 import org.springframework.http.ResponseEntity;
 import org.springframework.stereotype.Service;
 import lombok.AllArgsConstructor;
 import lombok.Data;
 import lombok.Getter;
 import lombok.extern.slf4j.Slf4j;
 import stirling.software.common.util.ExecutorFactory;
 import stirling.software.common.util.SpringContextHolder;
 /**
 * Manages a queue of jobs with dynamic sizing based on system resources. Used when system resources
 * are limited to prevent overloading.
 */
@Service
@Slf4j
 public class JobQueue implements SmartLifecycle {
    private volatile boolean running = false;
    private final ResourceMonitor resourceMonitor;
    @Value("${stirling.job.queue.base-capacity:10}")
    private int baseQueueCapacity = 10;
    @Value("${stirling.job.queue.min-capacity:2}")
    private int minQueueCapacity = 2;
    @Value("${stirling.job.queue.check-interval-ms:1000}")
    private long queueCheckIntervalMs = 1000;
    @Value("${stirling.job.queue.max-wait-time-ms:600000}")
    private long maxWaitTimeMs = 600000; // 10 minutes
    private volatile BlockingQueue<QueuedJob> jobQueue;
    private final Map<String, QueuedJob> jobMap = new ConcurrentHashMap<>();
    private final ScheduledExecutorService scheduler = Executors.newSingleThreadScheduledExecutor();
    private final ExecutorService jobExecutor = ExecutorFactory.newVirtualOrCachedThreadExecutor();
    private final Object queueLock = new Object(); // Lock for synchronizing queue operations
    private boolean shuttingDown = false;
    @Getter private int rejectedJobs = 0;
    @Getter private int totalQueuedJobs = 0;
    @Getter private int currentQueueSize = 0;
    /** Represents a job waiting in the queue. */
    @Data
    @AllArgsConstructor
    private static class QueuedJob {
        private final String jobId;
        private final int resourceWeight;
        private final Supplier<Object> work;
        private final long timeoutMs;
        private final Instant queuedAt;
        private CompletableFuture<ResponseEntity<?>> future;
        private volatile boolean cancelled = false;
    }
    public JobQueue(ResourceMonitor resourceMonitor) {
        this.resourceMonitor = resourceMonitor;
        // Initialize with dynamic capacity
        int capacity =
                resourceMonitor.calculateDynamicQueueCapacity(baseQueueCapacity, minQueueCapacity);
        this.jobQueue = new LinkedBlockingQueue<>(capacity);
    }
    // Remove @PostConstruct to let SmartLifecycle control startup
    private void initializeSchedulers() {
        log.debug(
                "Starting job queue with base capacity {}, min capacity {}",
                baseQueueCapacity,
                minQueueCapacity);
        // Periodically process the job queue
        scheduler.scheduleWithFixedDelay(
                this::processQueue, 0, queueCheckIntervalMs, TimeUnit.MILLISECONDS);
        // Periodically update queue capacity based on resource usage
        scheduler.scheduleWithFixedDelay(
                this::updateQueueCapacity,
                10000, // Initial delay
                30000, // 30 second interval
                TimeUnit.MILLISECONDS);
    }
    // Remove @PreDestroy to let SmartLifecycle control shutdown
    private void shutdownSchedulers() {
        log.info("Shutting down job queue");
        shuttingDown = true;
        // Complete any futures that are still waiting
        jobMap.forEach(
                (id, job) -> {
                    if (!job.future.isDone()) {
                        job.future.completeExceptionally(
                                new RuntimeException("Server shutting down, job cancelled"));
                    }
                });
        // Shutdown schedulers and wait for termination
        try {
            scheduler.shutdown();
            if (!scheduler.awaitTermination(5, TimeUnit.SECONDS)) {
                scheduler.shutdownNow();
            }
            jobExecutor.shutdown();
            if (!jobExecutor.awaitTermination(5, TimeUnit.SECONDS)) {
                jobExecutor.shutdownNow();
            }
        } catch (InterruptedException e) {
            Thread.currentThread().interrupt();
            scheduler.shutdownNow();
            jobExecutor.shutdownNow();
        }
        log.info(
                "Job queue shutdown complete. Stats: total={}, rejected={}",
                totalQueuedJobs,
                rejectedJobs);
    }
    // SmartLifecycle methods
    @Override
    public void start() {
        log.info("Starting JobQueue lifecycle");
        if (!running) {
            initializeSchedulers();
            running = true;
        }
    }
    @Override
    public void stop() {
        log.info("Stopping JobQueue lifecycle");
        shutdownSchedulers();
        running = false;
    }
    @Override
    public boolean isRunning() {
        return running;
    }
    @Override
    public int getPhase() {
        // Start earlier than most components, but shutdown later
        return 10;
    }
    @Override
    public boolean isAutoStartup() {
        return true;
    }
    /**
     * Queues a job for execution when resources permit.
     *
     * @param jobId The job ID
     * @param resourceWeight The resource weight of the job (1-100)
     * @param work The work to be done
     * @param timeoutMs The timeout in milliseconds
     * @return A CompletableFuture that will complete when the job is executed
     */
    public CompletableFuture<ResponseEntity<?>> queueJob(
            String jobId, int resourceWeight, Supplier<Object> work, long timeoutMs) {
        // Create a CompletableFuture to track this job's completion
        CompletableFuture<ResponseEntity<?>> future = new CompletableFuture<>();
        // Create the queued job
        QueuedJob job =
                new QueuedJob(jobId, resourceWeight, work, timeoutMs, Instant.now(), future, false);
        // Store in our map for lookup
        jobMap.put(jobId, job);
        // Update stats
        totalQueuedJobs++;
        // Synchronize access to the queue
        synchronized (queueLock) {
            currentQueueSize = jobQueue.size();
            // Try to add to the queue
            try {
                boolean added = jobQueue.offer(job, 5, TimeUnit.SECONDS);
                if (!added) {
                    log.warn("Queue full, rejecting job {}", jobId);
                    rejectedJobs++;
                    future.completeExceptionally(
                            new RuntimeException("Job queue full, please try again later"));
                    jobMap.remove(jobId);
                    return future;
                }
                log.debug(
                        "Job {} queued for execution (weight: {}, queue size: {})",
                        jobId,
                        resourceWeight,
                        jobQueue.size());
                return future;
            } catch (InterruptedException e) {
                Thread.currentThread().interrupt();
                future.completeExceptionally(new RuntimeException("Job queue interrupted"));
                jobMap.remove(jobId);
                return future;
            }
        }
    }
    /**
     * Gets the current capacity of the job queue.
     *
     * @return The current capacity
     */
    public int getQueueCapacity() {
        synchronized (queueLock) {
            return ((LinkedBlockingQueue<QueuedJob>) jobQueue).remainingCapacity()
                    + jobQueue.size();
        }
    }
    /** Updates the capacity of the job queue based on available system resources. */
    private void updateQueueCapacity() {
        try {
            // Calculate new capacity once and cache the result
            int newCapacity =
                    resourceMonitor.calculateDynamicQueueCapacity(
                            baseQueueCapacity, minQueueCapacity);
            int currentCapacity = getQueueCapacity();
            if (newCapacity != currentCapacity) {
                log.debug(
                        "Updating job queue capacity from {} to {}", currentCapacity, newCapacity);
                synchronized (queueLock) {
                    // Double-check that capacity still needs to be updated
                    // Use the cached currentCapacity to avoid calling getQueueCapacity() again
                    if (newCapacity != currentCapacity) {
                        // Create new queue with updated capacity
                        BlockingQueue<QueuedJob> newQueue = new LinkedBlockingQueue<>(newCapacity);
                        // Transfer jobs from old queue to new queue
                        jobQueue.drainTo(newQueue);
                        jobQueue = newQueue;
                        currentQueueSize = jobQueue.size();
                    }
                }
            }
        } catch (Exception e) {
            log.error("Error updating queue capacity: {}", e.getMessage(), e);
        }
    }
    /** Processes jobs in the queue, executing them when resources permit. */
    private void processQueue() {
        // Jobs to execute after releasing the lock
        java.util.List<QueuedJob> jobsToExecute = new java.util.ArrayList<>();
        // First synchronized block: poll jobs from the queue and prepare them for execution
        synchronized (queueLock) {
            if (shuttingDown || jobQueue.isEmpty()) {
                return;
            }
            try {
                // Get current resource status
                ResourceMonitor.ResourceStatus status = resourceMonitor.getCurrentStatus().get();
                // Check if we should execute any jobs
                boolean canExecuteJobs = (status != ResourceMonitor.ResourceStatus.CRITICAL);
                if (!canExecuteJobs) {
                    // Under critical load, don't execute any jobs
                    log.debug("System under critical load, delaying job execution");
                    return;
                }
                // Get jobs from the queue, up to a limit based on resource availability
                int jobsToProcess =
                        Math.max(
                                1,
                                switch (status) {
                                    case OK -> 3;
                                    case WARNING -> 1;
                                    case CRITICAL -> 0;
                                });
                for (int i = 0; i < jobsToProcess && !jobQueue.isEmpty(); i++) {
                    QueuedJob job = jobQueue.poll();
                    if (job == null) break;
                    // Check if it's been waiting too long
                    long waitTimeMs = Instant.now().toEpochMilli() - job.queuedAt.toEpochMilli();
                    if (waitTimeMs > maxWaitTimeMs) {
                        log.warn(
                                "Job {} exceeded maximum wait time ({} ms), executing anyway",
                                job.jobId,
                                waitTimeMs);
                        // Add a specific status to the job context that can be tracked
                        // This will be visible in the job status API
                        try {
                            TaskManager taskManager =
                                    SpringContextHolder.getBean(TaskManager.class);
                            if (taskManager != null) {
                                taskManager.addNote(
                                        job.jobId,
                                        "QUEUED_TIMEOUT: Job waited in queue for "
                                                + (waitTimeMs / 1000)
                                                + " seconds, exceeding the maximum wait time of "
                                                + (maxWaitTimeMs / 1000)
                                                + " seconds.");
                            }
                        } catch (Exception e) {
                            log.error(
                                    "Failed to add timeout note to job {}: {}",
                                    job.jobId,
                                    e.getMessage());
                        }
                    }
                    // Remove from our map
                    jobMap.remove(job.jobId);
                    currentQueueSize = jobQueue.size();
                    // Add to the list of jobs to execute outside the synchronized block
                    jobsToExecute.add(job);
                }
            } catch (Exception e) {
                log.error("Error processing job queue: {}", e.getMessage(), e);
            }
        }
        // Now execute the jobs outside the synchronized block to avoid holding the lock
        for (QueuedJob job : jobsToExecute) {
            executeJob(job);
        }
    }
    /**
     * Executes a job from the queue.
     *
     * @param job The job to execute
     */
    private void executeJob(QueuedJob job) {
        if (job.cancelled) {
            log.debug("Job {} was cancelled, not executing", job.jobId);
            return;
        }
        jobExecutor.execute(
                () -> {
                    log.debug("Executing queued job {} (queued at {})", job.jobId, job.queuedAt);
                    try {
                        // Execute with timeout
                        Object result = executeWithTimeout(job.work, job.timeoutMs);
                        // Process the result
                        if (result instanceof ResponseEntity) {
                            job.future.complete((ResponseEntity<?>) result);
                        } else {
                            job.future.complete(ResponseEntity.ok(result));
                        }
                    } catch (Exception e) {
                        log.error(
                                "Error executing queued job {}: {}", job.jobId, e.getMessage(), e);
                        job.future.completeExceptionally(e);
                    }
                });
    }
    /**
     * Execute a supplier with a timeout.
     *
     * @param supplier The supplier to execute
     * @param timeoutMs The timeout in milliseconds
     * @return The result from the supplier
     * @throws Exception If there is an execution error
     */
    private <T> T executeWithTimeout(Supplier<T> supplier, long timeoutMs) throws Exception {
        CompletableFuture<T> future = CompletableFuture.supplyAsync(supplier);
        try {
            if (timeoutMs <= 0) {
                // No timeout
                return future.join();
            } else {
                // With timeout
                return future.get(timeoutMs, TimeUnit.MILLISECONDS);
            }
        } catch (TimeoutException e) {
            future.cancel(true);
            throw new TimeoutException("Job timed out after " + timeoutMs + "ms");
        } catch (ExecutionException e) {
            throw (Exception) e.getCause();
        } catch (InterruptedException e) {
            Thread.currentThread().interrupt();
            throw new InterruptedException("Job was interrupted");
        }
    }
    /**
     * Checks if a job is queued.
     *
     * @param jobId The job ID
     * @return true if the job is queued
     */
    public boolean isJobQueued(String jobId) {
        return jobMap.containsKey(jobId);
    }
    /**
     * Gets the current position of a job in the queue.
     *
     * @param jobId The job ID
     * @return The position (0-based) or -1 if not found
     */
    public int getJobPosition(String jobId) {
        if (!jobMap.containsKey(jobId)) {
            return -1;
        }
        // Count positions
        int position = 0;
        for (QueuedJob job : jobQueue) {
            if (job.jobId.equals(jobId)) {
                return position;
            }
            position++;
        }
        // If we didn't find it in the queue but it's in the map,
        // it might be executing already
        return -1;
    }
    /**
     * Cancels a queued job.
     *
     * @param jobId The job ID
     * @return true if the job was cancelled, false if not found
     */
    public boolean cancelJob(String jobId) {
        QueuedJob job = jobMap.remove(jobId);
        if (job != null) {
            job.cancelled = true;
            job.future.completeExceptionally(new RuntimeException("Job cancelled by user"));
            // Try to remove from queue if it's still there
            jobQueue.remove(job);
            currentQueueSize = jobQueue.size();
            log.debug("Job {} cancelled", jobId);
            return true;
        }
        return false;
    }
    /**
     * Get queue statistics.
     *
     * @return A map containing queue statistics
     */
    public Map<String, Object> getQueueStats() {
        return Map.of(
                "queuedJobs", jobQueue.size(),
                "queueCapacity", getQueueCapacity(),
                "totalQueuedJobs", totalQueuedJobs,
                "rejectedJobs", rejectedJobs,
                "resourceStatus", resourceMonitor.getCurrentStatus().get().name());
    }
 }
--- a/app/common/src/main/java/stirling/software/common/service/ResourceMonitor.java
+++ b/app/common/src/main/java/stirling/software/common/service/ResourceMonitor.java
@ -1,279 +0,0 @@
 package stirling.software.common.service;
 import java.lang.management.ManagementFactory;
 import java.lang.management.MemoryMXBean;
 import java.lang.management.OperatingSystemMXBean;
 import java.time.Duration;
 import java.time.Instant;
 import java.util.concurrent.Executors;
 import java.util.concurrent.ScheduledExecutorService;
 import java.util.concurrent.TimeUnit;
 import java.util.concurrent.atomic.AtomicReference;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.stereotype.Service;
 import jakarta.annotation.PostConstruct;
 import jakarta.annotation.PreDestroy;
 import lombok.Getter;
 import lombok.extern.slf4j.Slf4j;
 /**
 * Monitors system resources (CPU, memory) to inform job scheduling decisions. Provides information
 * about available resources to prevent overloading the system.
 */
@Service
@Slf4j
 public class ResourceMonitor {
    @Value("${stirling.resource.memory.critical-threshold:0.9}")
    private double memoryCriticalThreshold = 0.9; // 90% usage is critical
    @Value("${stirling.resource.memory.high-threshold:0.75}")
    private double memoryHighThreshold = 0.75; // 75% usage is high
    @Value("${stirling.resource.cpu.critical-threshold:0.9}")
    private double cpuCriticalThreshold = 0.9; // 90% usage is critical
    @Value("${stirling.resource.cpu.high-threshold:0.75}")
    private double cpuHighThreshold = 0.75; // 75% usage is high
    @Value("${stirling.resource.monitor.interval-ms:60000}")
    private long monitorIntervalMs = 60000; // 60 seconds
    private final ScheduledExecutorService scheduler = Executors.newSingleThreadScheduledExecutor();
    private final MemoryMXBean memoryMXBean = ManagementFactory.getMemoryMXBean();
    private final OperatingSystemMXBean osMXBean = ManagementFactory.getOperatingSystemMXBean();
    @Getter
    private final AtomicReference<ResourceStatus> currentStatus =
            new AtomicReference<>(ResourceStatus.OK);
    @Getter
    private final AtomicReference<ResourceMetrics> latestMetrics =
            new AtomicReference<>(new ResourceMetrics());
    /** Represents the current status of system resources. */
    public enum ResourceStatus {
        /** Resources are available, normal operations can proceed */
        OK,
        /** Resources are under strain, consider queueing high-resource operations */
        WARNING,
        /** Resources are critically low, queue all operations */
        CRITICAL
    }
    /** Detailed metrics about system resources. */
    @Getter
    public static class ResourceMetrics {
        private final double cpuUsage;
        private final double memoryUsage;
        private final long freeMemoryBytes;
        private final long totalMemoryBytes;
        private final long maxMemoryBytes;
        private final Instant timestamp;
        public ResourceMetrics() {
            this(0, 0, 0, 0, 0, Instant.now());
        }
        public ResourceMetrics(
                double cpuUsage,
                double memoryUsage,
                long freeMemoryBytes,
                long totalMemoryBytes,
                long maxMemoryBytes,
                Instant timestamp) {
            this.cpuUsage = cpuUsage;
            this.memoryUsage = memoryUsage;
            this.freeMemoryBytes = freeMemoryBytes;
            this.totalMemoryBytes = totalMemoryBytes;
            this.maxMemoryBytes = maxMemoryBytes;
            this.timestamp = timestamp;
        }
        /**
         * Gets the age of these metrics.
         *
         * @return Duration since these metrics were collected
         */
        public Duration getAge() {
            return Duration.between(timestamp, Instant.now());
        }
        /**
         * Check if these metrics are stale (older than threshold).
         *
         * @param thresholdMs Staleness threshold in milliseconds
         * @return true if metrics are stale
         */
        public boolean isStale(long thresholdMs) {
            return getAge().toMillis() > thresholdMs;
        }
    }
    @PostConstruct
    public void initialize() {
        log.debug("Starting resource monitoring with interval of {}ms", monitorIntervalMs);
        scheduler.scheduleAtFixedRate(
                this::updateResourceMetrics, 0, monitorIntervalMs, TimeUnit.MILLISECONDS);
    }
    @PreDestroy
    public void shutdown() {
        log.info("Shutting down resource monitoring");
        scheduler.shutdownNow();
    }
    /** Updates the resource metrics by sampling current system state. */
    private void updateResourceMetrics() {
        try {
            // Get CPU usage
            double cpuUsage = osMXBean.getSystemLoadAverage() / osMXBean.getAvailableProcessors();
            if (cpuUsage < 0) cpuUsage = getAlternativeCpuLoad(); // Fallback if not available
            // Get memory usage
            long heapUsed = memoryMXBean.getHeapMemoryUsage().getUsed();
            long nonHeapUsed = memoryMXBean.getNonHeapMemoryUsage().getUsed();
            long totalUsed = heapUsed + nonHeapUsed;
            long maxMemory = Runtime.getRuntime().maxMemory();
            long totalMemory = Runtime.getRuntime().totalMemory();
            long freeMemory = Runtime.getRuntime().freeMemory();
            double memoryUsage = (double) totalUsed / maxMemory;
            // Create new metrics
            ResourceMetrics metrics =
                    new ResourceMetrics(
                            cpuUsage,
                            memoryUsage,
                            freeMemory,
                            totalMemory,
                            maxMemory,
                            Instant.now());
            latestMetrics.set(metrics);
            // Determine system status
            ResourceStatus newStatus;
            if (cpuUsage > cpuCriticalThreshold || memoryUsage > memoryCriticalThreshold) {
                newStatus = ResourceStatus.CRITICAL;
            } else if (cpuUsage > cpuHighThreshold || memoryUsage > memoryHighThreshold) {
                newStatus = ResourceStatus.WARNING;
            } else {
                newStatus = ResourceStatus.OK;
            }
            // Update status if it changed
            ResourceStatus oldStatus = currentStatus.getAndSet(newStatus);
            if (oldStatus != newStatus) {
                log.info("System resource status changed from {} to {}", oldStatus, newStatus);
                log.info(
                        "Current metrics - CPU: {}%, Memory: {}%, Free Memory: {} MB",
                        String.format("%.1f", cpuUsage * 100),
                        String.format("%.1f", memoryUsage * 100),
                        freeMemory / (1024 * 1024));
            }
        } catch (Exception e) {
            log.error("Error updating resource metrics: {}", e.getMessage(), e);
        }
    }
    /**
     * Alternative method to estimate CPU load if getSystemLoadAverage() is not available. This is a
     * fallback and less accurate than the official JMX method.
     *
     * @return Estimated CPU load as a value between 0.0 and 1.0
     */
    private double getAlternativeCpuLoad() {
        try {
            // Try to get CPU time if available through reflection
            // This is a fallback since we can't directly cast to platform-specific classes
            try {
                java.lang.reflect.Method m =
                        osMXBean.getClass().getDeclaredMethod("getProcessCpuLoad");
                m.setAccessible(true);
                return (double) m.invoke(osMXBean);
            } catch (Exception e) {
                // Try the older method
                try {
                    java.lang.reflect.Method m =
                            osMXBean.getClass().getDeclaredMethod("getSystemCpuLoad");
                    m.setAccessible(true);
                    return (double) m.invoke(osMXBean);
                } catch (Exception e2) {
                    log.trace(
                            "Could not get CPU load through reflection, assuming moderate load (0.5)");
                    return 0.5;
                }
            }
        } catch (Exception e) {
            log.trace("Could not get CPU load, assuming moderate load (0.5)");
            return 0.5; // Default to moderate load
        }
    }
    /**
     * Calculates the dynamic job queue capacity based on current resource usage.
     *
     * @param baseCapacity The base capacity when system is under minimal load
     * @param minCapacity The minimum capacity to maintain even under high load
     * @return The calculated job queue capacity
     */
    public int calculateDynamicQueueCapacity(int baseCapacity, int minCapacity) {
        ResourceMetrics metrics = latestMetrics.get();
        ResourceStatus status = currentStatus.get();
        // Simple linear reduction based on memory and CPU load
        double capacityFactor =
                switch (status) {
                    case OK -> 1.0;
                    case WARNING -> 0.6;
                    case CRITICAL -> 0.3;
                };
        // Apply additional reduction based on specific memory pressure
        if (metrics.memoryUsage > 0.8) {
            capacityFactor *= 0.5; // Further reduce capacity under memory pressure
        }
        // Calculate capacity with minimum safeguard
        int capacity = (int) Math.max(minCapacity, Math.ceil(baseCapacity * capacityFactor));
        log.debug(
                "Dynamic queue capacity: {} (base: {}, factor: {:.2f}, status: {})",
                capacity,
                baseCapacity,
                capacityFactor,
                status);
        return capacity;
    }
    /**
     * Checks if a job with the given weight can be executed immediately or should be queued based
     * on current resource availability.
     *
     * @param resourceWeight The resource weight of the job (1-100)
     * @return true if the job should be queued, false if it can run immediately
     */
    public boolean shouldQueueJob(int resourceWeight) {
        ResourceStatus status = currentStatus.get();
        // Always run lightweight jobs (weight < 20) unless critical
        if (resourceWeight < 20 && status != ResourceStatus.CRITICAL) {
            return false;
        }
        // Medium weight jobs run immediately if resources are OK
        if (resourceWeight < 60 && status == ResourceStatus.OK) {
            return false;
        }
        // Heavy jobs (weight >= 60) and any job during WARNING/CRITICAL should be queued
        return true;
    }
 }
--- a/app/common/src/main/java/stirling/software/common/service/SsrfProtectionService.java
+++ b/app/common/src/main/java/stirling/software/common/service/SsrfProtectionService.java
@ -1,267 +0,0 @@
 package stirling.software.common.service;
 import java.net.Inet4Address;
 import java.net.Inet6Address;
 import java.net.InetAddress;
 import java.net.URI;
 import java.net.UnknownHostException;
 import java.util.regex.Pattern;
 import org.springframework.stereotype.Service;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import stirling.software.common.model.ApplicationProperties;
@Service
@RequiredArgsConstructor
@Slf4j
 public class SsrfProtectionService {
    private final ApplicationProperties applicationProperties;
    private static final Pattern DATA_URL_PATTERN =
            Pattern.compile("^data:.*", Pattern.CASE_INSENSITIVE);
    private static final Pattern FRAGMENT_PATTERN = Pattern.compile("^#.*");
    public enum SsrfProtectionLevel {
        OFF, // No SSRF protection - allows all URLs
        MEDIUM, // Block internal networks but allow external URLs
        MAX // Block all external URLs - only data: and fragments
    }
    public boolean isUrlAllowed(String url) {
        ApplicationProperties.Html.UrlSecurity config =
                applicationProperties.getSystem().getHtml().getUrlSecurity();
        if (!config.isEnabled()) {
            return true;
        }
        if (url == null || url.trim().isEmpty()) {
            return false;
        }
        String trimmedUrl = url.trim();
        // Always allow data URLs and fragments
        if (DATA_URL_PATTERN.matcher(trimmedUrl).matches()
                || FRAGMENT_PATTERN.matcher(trimmedUrl).matches()) {
            return true;
        }
        SsrfProtectionLevel level = parseProtectionLevel(config.getLevel());
        return switch (level) {
            case OFF -> true;
            case MAX -> isMaxSecurityAllowed(trimmedUrl, config);
            case MEDIUM -> isMediumSecurityAllowed(trimmedUrl, config);
            default -> false;
        };
    }
    private SsrfProtectionLevel parseProtectionLevel(SsrfProtectionLevel level) {
        try {
            return SsrfProtectionLevel.valueOf(level.name());
        } catch (IllegalArgumentException e) {
            log.warn("Invalid SSRF protection level '{}', defaulting to MEDIUM", level);
            return SsrfProtectionLevel.MEDIUM;
        }
    }
    private boolean isMaxSecurityAllowed(
            String url, ApplicationProperties.Html.UrlSecurity config) {
        // MAX security: only allow explicitly whitelisted domains
        try {
            URI uri = new URI(url);
            String host = uri.getHost();
            if (host == null) {
                return false;
            }
            return config.getAllowedDomains().contains(host.toLowerCase());
        } catch (Exception e) {
            log.debug("Failed to parse URL for MAX security check: {}", url, e);
            return false;
        }
    }
    private boolean isMediumSecurityAllowed(
            String url, ApplicationProperties.Html.UrlSecurity config) {
        try {
            URI uri = new URI(url);
            String host = uri.getHost();
            if (host == null) {
                return false;
            }
            String hostLower = host.toLowerCase();
            // Check explicit blocked domains
            if (config.getBlockedDomains().contains(hostLower)) {
                log.debug("URL blocked by explicit domain blocklist: {}", url);
                return false;
            }
            // Check internal TLD patterns
            for (String tld : config.getInternalTlds()) {
                if (hostLower.endsWith(tld.toLowerCase())) {
                    log.debug("URL blocked by internal TLD pattern '{}': {}", tld, url);
                    return false;
                }
            }
            // If allowedDomains is specified, only allow those
            if (!config.getAllowedDomains().isEmpty()) {
                boolean isAllowed =
                        config.getAllowedDomains().stream()
                                .anyMatch(
                                        domain ->
                                                hostLower.equals(domain.toLowerCase())
                                                        || hostLower.endsWith(
                                                                "." + domain.toLowerCase()));
                if (!isAllowed) {
                    log.debug("URL not in allowed domains list: {}", url);
                    return false;
                }
            }
            // Resolve hostname to IP address for network-based checks
            try {
                InetAddress address = InetAddress.getByName(host);
                if (config.isBlockPrivateNetworks() && isPrivateAddress(address)) {
                    log.debug("URL blocked - private network address: {}", url);
                    return false;
                }
                if (config.isBlockLocalhost() && address.isLoopbackAddress()) {
                    log.debug("URL blocked - localhost address: {}", url);
                    return false;
                }
                if (config.isBlockLinkLocal() && address.isLinkLocalAddress()) {
                    log.debug("URL blocked - link-local address: {}", url);
                    return false;
                }
                if (config.isBlockCloudMetadata()
                        && isCloudMetadataAddress(address.getHostAddress())) {
                    log.debug("URL blocked - cloud metadata endpoint: {}", url);
                    return false;
                }
            } catch (UnknownHostException e) {
                log.debug("Failed to resolve hostname for SSRF check: {}", host, e);
                return false;
            }
            return true;
        } catch (Exception e) {
            log.debug("Failed to parse URL for MEDIUM security check: {}", url, e);
            return false;
        }
    }
    private boolean isPrivateAddress(InetAddress address) {
        if (address.isAnyLocalAddress() || address.isLoopbackAddress()) {
            return true;
        }
        if (address instanceof Inet4Address) {
            return isPrivateIPv4Range(address.getHostAddress());
        }
        if (address instanceof Inet6Address addr6) {
            if (addr6.isLinkLocalAddress() || addr6.isSiteLocalAddress()) {
                return true;
            }
            byte[] bytes = addr6.getAddress();
            if (isIpv4MappedAddress(bytes)) {
                String ipv4 =
                        (bytes[12] & 0xff)
                                + "."
                                + (bytes[13] & 0xff)
                                + "."
                                + (bytes[14] & 0xff)
                                + "."
                                + (bytes[15] & 0xff);
                return isPrivateIPv4Range(ipv4);
            }
            int firstByte = bytes[0] & 0xff;
            // Check for IPv6 unique local addresses (fc00::/7)
            if ((firstByte & 0xfe) == 0xfc) {
                return true;
            }
        }
        return false;
    }
    private boolean isIpv4MappedAddress(byte[] addr) {
        if (addr.length != 16) {
            return false;
        }
        for (int i = 0; i < 10; i++) {
            if (addr[i] != 0) {
                return false;
            }
        }
        // For IPv4-mapped IPv6 addresses, bytes 10 and 11 must be 0xff (i.e., address is
        // ::ffff:w.x.y.z)
        return addr[10] == (byte) 0xff && addr[11] == (byte) 0xff;
    }
    private boolean isPrivateIPv4Range(String ip) {
        // Includes RFC1918, loopback, link-local, and unspecified addresses
        return ip.startsWith("10.")
                || ip.startsWith("192.168.")
                || (ip.startsWith("172.") && isInRange172(ip))
                || ip.startsWith("169.254.")
                || ip.startsWith("127.")
                || "0.0.0.0".equals(ip);
    }
    private boolean isInRange172(String ip) {
        String[] parts = ip.split("\\.");
        if (parts.length >= 2) {
            try {
                int secondOctet = Integer.parseInt(parts[1]);
                return secondOctet >= 16 && secondOctet <= 31;
            } catch (NumberFormatException e) {
            }
        }
        return false;
    }
    private boolean isCloudMetadataAddress(String ip) {
        String normalizedIp = normalizeIpv4MappedAddress(ip);
        // Cloud metadata endpoints for AWS, GCP, Azure, Oracle Cloud, and IBM Cloud
        return normalizedIp.startsWith("169.254.169.254") // AWS/GCP/Azure
                || normalizedIp.startsWith("fd00:ec2::254") // AWS IPv6
                || normalizedIp.startsWith("169.254.169.253") // Oracle Cloud
                || normalizedIp.startsWith("169.254.169.250"); // IBM Cloud
    }
    private String normalizeIpv4MappedAddress(String ip) {
        if (ip == null) {
            return "";
        }
        if (ip.startsWith("::ffff:")) {
            return ip.substring(7);
        }
        int lastColon = ip.lastIndexOf(':');
        if (lastColon >= 0 && ip.indexOf('.') > lastColon) {
            return ip.substring(lastColon + 1);
        }
        return ip;
    }
 }
--- a/app/common/src/main/java/stirling/software/common/service/TaskManager.java
+++ b/app/common/src/main/java/stirling/software/common/service/TaskManager.java
@ -1,466 +0,0 @@
 package stirling.software.common.service;
 import java.io.ByteArrayInputStream;
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
 import java.time.LocalDateTime;
 import java.time.temporal.ChronoUnit;
 import java.util.ArrayList;
 import java.util.List;
 import java.util.Map;
 import java.util.concurrent.ConcurrentHashMap;
 import java.util.concurrent.Executors;
 import java.util.concurrent.ScheduledExecutorService;
 import java.util.concurrent.TimeUnit;
 import java.util.zip.ZipEntry;
 import java.util.zip.ZipInputStream;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.http.MediaType;
 import org.springframework.stereotype.Service;
 import org.springframework.web.multipart.MultipartFile;
 import io.github.pixee.security.ZipSecurity;
 import jakarta.annotation.PreDestroy;
 import lombok.extern.slf4j.Slf4j;
 import stirling.software.common.model.job.JobResult;
 import stirling.software.common.model.job.JobStats;
 import stirling.software.common.model.job.ResultFile;
 /** Manages async tasks and their results */
@Service
@Slf4j
 public class TaskManager {
    private final Map<String, JobResult> jobResults = new ConcurrentHashMap<>();
    @Value("${stirling.jobResultExpiryMinutes:30}")
    private int jobResultExpiryMinutes = 30;
    private final FileStorage fileStorage;
    private final ScheduledExecutorService cleanupExecutor =
            Executors.newSingleThreadScheduledExecutor();
    /** Initialize the task manager and start the cleanup scheduler */
    public TaskManager(FileStorage fileStorage) {
        this.fileStorage = fileStorage;
        // Schedule periodic cleanup of old job results
        cleanupExecutor.scheduleAtFixedRate(
                this::cleanupOldJobs,
                10, // Initial delay
                10, // Interval
                TimeUnit.MINUTES);
        log.debug(
                "Task manager initialized with job result expiry of {} minutes",
                jobResultExpiryMinutes);
    }
    /**
     * Create a new task with the given job ID
     *
     * @param jobId The job ID
     */
    public void createTask(String jobId) {
        jobResults.put(jobId, JobResult.createNew(jobId));
        log.debug("Created task with job ID: {}", jobId);
    }
    /**
     * Set the result of a task as a general object
     *
     * @param jobId The job ID
     * @param result The result object
     */
    public void setResult(String jobId, Object result) {
        JobResult jobResult = getOrCreateJobResult(jobId);
        jobResult.completeWithResult(result);
        log.debug("Set result for job ID: {}", jobId);
    }
    /**
     * Set the result of a task as a file
     *
     * @param jobId The job ID
     * @param fileId The file ID
     * @param originalFileName The original file name
     * @param contentType The content type of the file
     */
    public void setFileResult(
            String jobId, String fileId, String originalFileName, String contentType) {
        JobResult jobResult = getOrCreateJobResult(jobId);
        // Check if this is a ZIP file that should be extracted
        if (isZipFile(contentType, originalFileName)) {
            try {
                List<ResultFile> extractedFiles =
                        extractZipToIndividualFiles(fileId, originalFileName);
                if (!extractedFiles.isEmpty()) {
                    jobResult.completeWithFiles(extractedFiles);
                    log.debug(
                            "Set multiple file results for job ID: {} with {} files extracted from ZIP",
                            jobId,
                            extractedFiles.size());
                    return;
                }
            } catch (Exception e) {
                log.warn(
                        "Failed to extract ZIP file for job {}: {}. Falling back to single file result.",
                        jobId,
                        e.getMessage());
            }
        }
        // Handle as single file using new ResultFile approach
        try {
            long fileSize = fileStorage.getFileSize(fileId);
            jobResult.completeWithSingleFile(fileId, originalFileName, contentType, fileSize);
            log.debug("Set single file result for job ID: {} with file ID: {}", jobId, fileId);
        } catch (Exception e) {
            log.warn(
                    "Failed to get file size for job {}: {}. Using size 0.", jobId, e.getMessage());
            jobResult.completeWithSingleFile(fileId, originalFileName, contentType, 0);
        }
    }
    /**
     * Set the result of a task as multiple files
     *
     * @param jobId The job ID
     * @param resultFiles The list of result files
     */
    public void setMultipleFileResults(String jobId, List<ResultFile> resultFiles) {
        JobResult jobResult = getOrCreateJobResult(jobId);
        jobResult.completeWithFiles(resultFiles);
        log.debug(
                "Set multiple file results for job ID: {} with {} files",
                jobId,
                resultFiles.size());
    }
    /**
     * Set an error for a task
     *
     * @param jobId The job ID
     * @param error The error message
     */
    public void setError(String jobId, String error) {
        JobResult jobResult = getOrCreateJobResult(jobId);
        jobResult.failWithError(error);
        log.debug("Set error for job ID: {}: {}", jobId, error);
    }
    /**
     * Mark a task as complete
     *
     * @param jobId The job ID
     */
    public void setComplete(String jobId) {
        JobResult jobResult = getOrCreateJobResult(jobId);
        if (jobResult.getResult() == null
                && !jobResult.hasFiles()
                && jobResult.getError() == null) {
            // If no result or error has been set, mark it as complete with an empty result
            jobResult.completeWithResult("Task completed successfully");
        }
        log.debug("Marked job ID: {} as complete", jobId);
    }
    /**
     * Check if a task is complete
     *
     * @param jobId The job ID
     * @return true if the task is complete, false otherwise
     */
    public boolean isComplete(String jobId) {
        JobResult result = jobResults.get(jobId);
        return result != null && result.isComplete();
    }
    /**
     * Get the result of a task
     *
     * @param jobId The job ID
     * @return The result object, or null if the task doesn't exist or is not complete
     */
    public JobResult getJobResult(String jobId) {
        return jobResults.get(jobId);
    }
    /**
     * Add a note to a task. Notes are informational messages that can be attached to a job for
     * tracking purposes.
     *
     * @param jobId The job ID
     * @param note The note to add
     * @return true if the note was added successfully, false if the job doesn't exist
     */
    public boolean addNote(String jobId, String note) {
        JobResult jobResult = jobResults.get(jobId);
        if (jobResult != null) {
            jobResult.addNote(note);
            log.debug("Added note to job ID: {}: {}", jobId, note);
            return true;
        }
        log.warn("Attempted to add note to non-existent job ID: {}", jobId);
        return false;
    }
    /**
     * Get statistics about all jobs in the system
     *
     * @return Job statistics
     */
    public JobStats getJobStats() {
        int totalJobs = jobResults.size();
        int activeJobs = 0;
        int completedJobs = 0;
        int failedJobs = 0;
        int successfulJobs = 0;
        int fileResultJobs = 0;
        LocalDateTime oldestActiveJobTime = null;
        LocalDateTime newestActiveJobTime = null;
        long totalProcessingTimeMs = 0;
        for (JobResult result : jobResults.values()) {
            if (result.isComplete()) {
                completedJobs++;
                // Calculate processing time for completed jobs
                if (result.getCreatedAt() != null && result.getCompletedAt() != null) {
                    long processingTimeMs =
                            java.time.Duration.between(
                                            result.getCreatedAt(), result.getCompletedAt())
                                    .toMillis();
                    totalProcessingTimeMs += processingTimeMs;
                }
                if (result.getError() != null) {
                    failedJobs++;
                } else {
                    successfulJobs++;
                    if (result.hasFiles()) {
                        fileResultJobs++;
                    }
                }
            } else {
                activeJobs++;
                // Track oldest and newest active jobs
                if (result.getCreatedAt() != null) {
                    if (oldestActiveJobTime == null
                            || result.getCreatedAt().isBefore(oldestActiveJobTime)) {
                        oldestActiveJobTime = result.getCreatedAt();
                    }
                    if (newestActiveJobTime == null
                            || result.getCreatedAt().isAfter(newestActiveJobTime)) {
                        newestActiveJobTime = result.getCreatedAt();
                    }
                }
            }
        }
        // Calculate average processing time
        long averageProcessingTimeMs =
                completedJobs > 0 ? totalProcessingTimeMs / completedJobs : 0;
        return JobStats.builder()
                .totalJobs(totalJobs)
                .activeJobs(activeJobs)
                .completedJobs(completedJobs)
                .failedJobs(failedJobs)
                .successfulJobs(successfulJobs)
                .fileResultJobs(fileResultJobs)
                .oldestActiveJobTime(oldestActiveJobTime)
                .newestActiveJobTime(newestActiveJobTime)
                .averageProcessingTimeMs(averageProcessingTimeMs)
                .build();
    }
    /**
     * Get or create a job result
     *
     * @param jobId The job ID
     * @return The job result
     */
    private JobResult getOrCreateJobResult(String jobId) {
        return jobResults.computeIfAbsent(jobId, JobResult::createNew);
    }
    /** Clean up old completed job results */
    public void cleanupOldJobs() {
        LocalDateTime expiryThreshold =
                LocalDateTime.now().minus(jobResultExpiryMinutes, ChronoUnit.MINUTES);
        int removedCount = 0;
        try {
            for (Map.Entry<String, JobResult> entry : jobResults.entrySet()) {
                JobResult result = entry.getValue();
                // Remove completed jobs that are older than the expiry threshold
                if (result.isComplete()
                        && result.getCompletedAt() != null
                        && result.getCompletedAt().isBefore(expiryThreshold)) {
                    // Clean up file results
                    cleanupJobFiles(result, entry.getKey());
                    // Remove the job result
                    jobResults.remove(entry.getKey());
                    removedCount++;
                }
            }
            if (removedCount > 0) {
                log.info("Cleaned up {} expired job results", removedCount);
            }
        } catch (Exception e) {
            log.error("Error during job cleanup: {}", e.getMessage(), e);
        }
    }
    /** Shutdown the cleanup executor */
    @PreDestroy
    public void shutdown() {
        try {
            log.info("Shutting down job result cleanup executor");
            cleanupExecutor.shutdown();
            if (!cleanupExecutor.awaitTermination(5, TimeUnit.SECONDS)) {
                cleanupExecutor.shutdownNow();
            }
        } catch (InterruptedException e) {
            Thread.currentThread().interrupt();
            cleanupExecutor.shutdownNow();
        }
    }
    /** Check if a file is a ZIP file based on content type and filename */
    private boolean isZipFile(String contentType, String fileName) {
        if (contentType != null
                && (contentType.equals("application/zip")
                        || contentType.equals("application/x-zip-compressed"))) {
            return true;
        }
        if (fileName != null && fileName.toLowerCase().endsWith(".zip")) {
            return true;
        }
        return false;
    }
    /** Extract a ZIP file into individual files and store them */
    private List<ResultFile> extractZipToIndividualFiles(
            String zipFileId, String originalZipFileName) throws IOException {
        List<ResultFile> extractedFiles = new ArrayList<>();
        MultipartFile zipFile = fileStorage.retrieveFile(zipFileId);
        try (ZipInputStream zipIn =
                ZipSecurity.createHardenedInputStream(
                        new ByteArrayInputStream(zipFile.getBytes()))) {
            ZipEntry entry;
            while ((entry = zipIn.getNextEntry()) != null) {
                if (!entry.isDirectory()) {
                    // Use buffered reading for memory safety
                    ByteArrayOutputStream out = new ByteArrayOutputStream();
                    byte[] buffer = new byte[4096];
                    int bytesRead;
                    while ((bytesRead = zipIn.read(buffer)) != -1) {
                        out.write(buffer, 0, bytesRead);
                    }
                    byte[] fileContent = out.toByteArray();
                    String contentType = determineContentType(entry.getName());
                    String individualFileId = fileStorage.storeBytes(fileContent, entry.getName());
                    ResultFile resultFile =
                            ResultFile.builder()
                                    .fileId(individualFileId)
                                    .fileName(entry.getName())
                                    .contentType(contentType)
                                    .fileSize(fileContent.length)
                                    .build();
                    extractedFiles.add(resultFile);
                    log.debug(
                            "Extracted file: {} (size: {} bytes)",
                            entry.getName(),
                            fileContent.length);
                }
                zipIn.closeEntry();
            }
        }
        // Clean up the original ZIP file after extraction
        try {
            fileStorage.deleteFile(zipFileId);
            log.debug("Cleaned up original ZIP file: {}", zipFileId);
        } catch (Exception e) {
            log.warn("Failed to clean up original ZIP file {}: {}", zipFileId, e.getMessage());
        }
        return extractedFiles;
    }
    /** Determine content type based on file extension */
    private String determineContentType(String fileName) {
        if (fileName == null) {
            return MediaType.APPLICATION_OCTET_STREAM_VALUE;
        }
        String lowerName = fileName.toLowerCase();
        if (lowerName.endsWith(".pdf")) {
            return MediaType.APPLICATION_PDF_VALUE;
        } else if (lowerName.endsWith(".txt")) {
            return MediaType.TEXT_PLAIN_VALUE;
        } else if (lowerName.endsWith(".json")) {
            return MediaType.APPLICATION_JSON_VALUE;
        } else if (lowerName.endsWith(".xml")) {
            return MediaType.APPLICATION_XML_VALUE;
        } else if (lowerName.endsWith(".jpg") || lowerName.endsWith(".jpeg")) {
            return MediaType.IMAGE_JPEG_VALUE;
        } else if (lowerName.endsWith(".png")) {
            return MediaType.IMAGE_PNG_VALUE;
        } else {
            return MediaType.APPLICATION_OCTET_STREAM_VALUE;
        }
    }
    /** Clean up files associated with a job result */
    private void cleanupJobFiles(JobResult result, String jobId) {
        // Clean up all result files
        if (result.hasFiles()) {
            for (ResultFile resultFile : result.getAllResultFiles()) {
                try {
                    fileStorage.deleteFile(resultFile.getFileId());
                } catch (Exception e) {
                    log.warn(
                            "Failed to delete file {} for job {}: {}",
                            resultFile.getFileId(),
                            jobId,
                            e.getMessage());
                }
            }
        }
    }
    /** Find the ResultFile metadata for a given file ID by searching through all job results */
    public ResultFile findResultFileByFileId(String fileId) {
        for (JobResult jobResult : jobResults.values()) {
            if (jobResult.hasFiles()) {
                for (ResultFile resultFile : jobResult.getAllResultFiles()) {
                    if (fileId.equals(resultFile.getFileId())) {
                        return resultFile;
                    }
                }
            }
        }
        return null;
    }
 }
--- a/app/common/src/main/java/stirling/software/common/service/TempFileCleanupService.java
+++ b/app/common/src/main/java/stirling/software/common/service/TempFileCleanupService.java
@ -1,449 +0,0 @@
 package stirling.software.common.service;
 import java.io.IOException;
 import java.nio.file.Files;
 import java.nio.file.Path;
 import java.util.Arrays;
 import java.util.Set;
 import java.util.concurrent.TimeUnit;
 import java.util.concurrent.atomic.AtomicInteger;
 import java.util.function.Consumer;
 import java.util.function.Predicate;
 import java.util.stream.Stream;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.scheduling.annotation.Scheduled;
 import org.springframework.stereotype.Service;
 import jakarta.annotation.PostConstruct;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import stirling.software.common.model.ApplicationProperties;
 import stirling.software.common.util.GeneralUtils;
 import stirling.software.common.util.TempFileManager;
 import stirling.software.common.util.TempFileRegistry;
 /**
 * Service to periodically clean up temporary files. Runs scheduled tasks to delete old temp files
 * and directories.
 */
@Slf4j
@Service
@RequiredArgsConstructor
 public class TempFileCleanupService {
    private final TempFileRegistry registry;
    private final TempFileManager tempFileManager;
    private final ApplicationProperties applicationProperties;
    @Autowired
    @Qualifier("machineType")
    private String machineType;
    // Maximum recursion depth for directory traversal
    private static final int MAX_RECURSION_DEPTH = 5;
    // File patterns that identify our temp files
    private static final Predicate<String> IS_OUR_TEMP_FILE =
            fileName ->
                    fileName.startsWith("stirling-pdf-")
                            || fileName.startsWith("output_")
                            || fileName.startsWith("compressedPDF")
                            || fileName.startsWith("pdf-save-")
                            || fileName.startsWith("pdf-stream-")
                            || fileName.startsWith("PDFBox")
                            || fileName.startsWith("input_")
                            || fileName.startsWith("overlay-");
    // File patterns that identify common system temp files
    private static final Predicate<String> IS_SYSTEM_TEMP_FILE =
            fileName ->
                    fileName.matches("lu\\d+[a-z0-9]*\\.tmp")
                            || fileName.matches("ocr_process\\d+")
                            || (fileName.startsWith("tmp") && !fileName.contains("jetty"))
                            || fileName.startsWith("OSL_PIPE_")
                            || (fileName.endsWith(".tmp") && !fileName.contains("jetty"));
    // File patterns that should be excluded from cleanup
    private static final Predicate<String> SHOULD_SKIP =
            fileName ->
                    fileName.contains("jetty")
                            || fileName.startsWith("jetty-")
                            || "proc".equals(fileName)
                            || "sys".equals(fileName)
                            || "dev".equals(fileName)
                            || "hsperfdata_stirlingpdfuser".equals(fileName)
                            || fileName.startsWith("hsperfdata_")
                            || ".pdfbox.cache".equals(fileName);
    @PostConstruct
    public void init() {
        // Create necessary directories
        ensureDirectoriesExist();
        // Perform startup cleanup if enabled
        if (applicationProperties.getSystem().getTempFileManagement().isStartupCleanup()) {
            runStartupCleanup();
        }
    }
    /** Ensure that all required temp directories exist */
    private void ensureDirectoriesExist() {
        try {
            ApplicationProperties.TempFileManagement tempFiles =
                    applicationProperties.getSystem().getTempFileManagement();
            // Create the main temp directory
            String customTempDirectory = tempFiles.getBaseTmpDir();
            if (customTempDirectory != null && !customTempDirectory.isEmpty()) {
                Path tempDir = Path.of(customTempDirectory);
                if (!Files.exists(tempDir)) {
                    Files.createDirectories(tempDir);
                    log.info("Created temp directory: {}", tempDir);
                }
            }
            // Create LibreOffice temp directory
            String libreOfficeTempDir = tempFiles.getLibreofficeDir();
            if (libreOfficeTempDir != null && !libreOfficeTempDir.isEmpty()) {
                Path loTempDir = Path.of(libreOfficeTempDir);
                if (!Files.exists(loTempDir)) {
                    Files.createDirectories(loTempDir);
                    log.info("Created LibreOffice temp directory: {}", loTempDir);
                }
            }
        } catch (IOException e) {
            log.error("Error creating temp directories", e);
        }
    }
    /** Scheduled task to clean up old temporary files. Runs at the configured interval. */
    @Scheduled(
            fixedDelayString =
                    "#{applicationProperties.system.tempFileManagement.cleanupIntervalMinutes}",
            timeUnit = TimeUnit.MINUTES)
    public void scheduledCleanup() {
        log.info("Running scheduled temporary file cleanup");
        long maxAgeMillis = tempFileManager.getMaxAgeMillis();
        // Clean up registered temp files (managed by TempFileRegistry)
        int registeredDeletedCount = tempFileManager.cleanupOldTempFiles(maxAgeMillis);
        log.info("Cleaned up {} registered temporary files", registeredDeletedCount);
        // Clean up registered temp directories
        int directoriesDeletedCount = 0;
        for (Path directory : registry.getTempDirectories()) {
            try {
                if (Files.exists(directory)) {
                    GeneralUtils.deleteDirectory(directory);
                    directoriesDeletedCount++;
                    log.debug("Cleaned up temporary directory: {}", directory);
                }
            } catch (IOException e) {
                log.warn("Failed to clean up temporary directory: {}", directory, e);
            }
        }
        // Clean up PDFBox cache file
        cleanupPDFBoxCache();
        // Clean up unregistered temp files based on our cleanup strategy
        boolean containerMode = isContainerMode();
        int unregisteredDeletedCount = cleanupUnregisteredFiles(containerMode, true, maxAgeMillis);
        if (registeredDeletedCount > 0
                || unregisteredDeletedCount > 0
                || directoriesDeletedCount > 0) {
            log.info(
                    "Scheduled cleanup complete. Deleted {} registered files, {} unregistered files, {} directories",
                    registeredDeletedCount,
                    unregisteredDeletedCount,
                    directoriesDeletedCount);
        }
    }
    /**
     * Perform startup cleanup of stale temporary files from previous runs. This is especially
     * important in Docker environments where temp files persist between container restarts.
     */
    private void runStartupCleanup() {
        boolean containerMode = isContainerMode();
        log.info(
                "Running in {} mode, using {} cleanup strategy",
                machineType,
                containerMode ? "aggressive" : "conservative");
        // For startup cleanup, we use a longer timeout for non-container environments
        long maxAgeMillis = containerMode ? 0 : 24 * 60 * 60 * 1000; // 0 or 24 hours
        int totalDeletedCount = cleanupUnregisteredFiles(containerMode, false, maxAgeMillis);
        log.info(
                "Startup cleanup complete. Deleted {} temporary files/directories",
                totalDeletedCount);
    }
    /**
     * Clean up unregistered temporary files across all configured temp directories.
     *
     * @param containerMode Whether we're in container mode (more aggressive cleanup)
     * @param isScheduled Whether this is a scheduled cleanup or startup cleanup
     * @param maxAgeMillis Maximum age of files to clean in milliseconds
     * @return Number of files deleted
     */
    private int cleanupUnregisteredFiles(
            boolean containerMode, boolean isScheduled, long maxAgeMillis) {
        AtomicInteger totalDeletedCount = new AtomicInteger(0);
        try {
            ApplicationProperties.TempFileManagement tempFiles =
                    applicationProperties.getSystem().getTempFileManagement();
            Path[] dirsToScan;
            if (tempFiles.isCleanupSystemTemp()
                    && tempFiles.getSystemTempDir() != null
                    && !tempFiles.getSystemTempDir().isEmpty()) {
                Path systemTempPath = getSystemTempPath();
                dirsToScan =
                        new Path[] {
                            systemTempPath,
                            Path.of(tempFiles.getBaseTmpDir()),
                            Path.of(tempFiles.getLibreofficeDir())
                        };
            } else {
                dirsToScan =
                        new Path[] {
                            Path.of(tempFiles.getBaseTmpDir()),
                            Path.of(tempFiles.getLibreofficeDir())
                        };
            }
            // Process each directory
            Arrays.stream(dirsToScan)
                    .filter(Files::exists)
                    .forEach(
                            tempDir -> {
                                try {
                                    String phase = isScheduled ? "scheduled" : "startup";
                                    log.debug(
                                            "Scanning directory for {} cleanup: {}",
                                            phase,
                                            tempDir);
                                    AtomicInteger dirDeletedCount = new AtomicInteger(0);
                                    cleanupDirectoryStreaming(
                                            tempDir,
                                            containerMode,
                                            0,
                                            maxAgeMillis,
                                            isScheduled,
                                            path -> {
                                                dirDeletedCount.incrementAndGet();
                                                if (log.isDebugEnabled()) {
                                                    log.debug(
                                                            "Deleted temp file during {} cleanup: {}",
                                                            phase,
                                                            path);
                                                }
                                            });
                                    int count = dirDeletedCount.get();
                                    totalDeletedCount.addAndGet(count);
                                    if (count > 0) {
                                        log.info(
                                                "Cleaned up {} files/directories in {}",
                                                count,
                                                tempDir);
                                    }
                                } catch (IOException e) {
                                    log.error("Error during cleanup of directory: {}", tempDir, e);
                                }
                            });
        } catch (Exception e) {
            log.error("Error during cleanup of unregistered files", e);
        }
        return totalDeletedCount.get();
    }
    /** Get the system temp directory path based on configuration or system property. */
    private Path getSystemTempPath() {
        String systemTempDir =
                applicationProperties.getSystem().getTempFileManagement().getSystemTempDir();
        if (systemTempDir != null && !systemTempDir.isEmpty()) {
            return Path.of(systemTempDir);
        } else {
            return Path.of(System.getProperty("java.io.tmpdir"));
        }
    }
    /** Determine if we're running in a container environment. */
    private boolean isContainerMode() {
        return "Docker".equals(machineType) || "Kubernetes".equals(machineType);
    }
    /**
     * Recursively clean up a directory using a streaming approach to reduce memory usage.
     *
     * @param directory The directory to clean
     * @param containerMode Whether we're in container mode (more aggressive cleanup)
     * @param depth Current recursion depth
     * @param maxAgeMillis Maximum age of files to delete
     * @param isScheduled Whether this is a scheduled cleanup (vs startup)
     * @param onDeleteCallback Callback function when a file is deleted
     * @throws IOException If an I/O error occurs
     */
    private void cleanupDirectoryStreaming(
            Path directory,
            boolean containerMode,
            int depth,
            long maxAgeMillis,
            boolean isScheduled,
            Consumer<Path> onDeleteCallback)
            throws IOException {
        if (depth > MAX_RECURSION_DEPTH) {
            log.debug("Maximum directory recursion depth reached for: {}", directory);
            return;
        }
        java.util.List<Path> subdirectories = new java.util.ArrayList<>();
        try (Stream<Path> pathStream = Files.list(directory)) {
            pathStream.forEach(
                    path -> {
                        try {
                            String fileName = path.getFileName().toString();
                            if (SHOULD_SKIP.test(fileName)) {
                                return;
                            }
                            if (Files.isDirectory(path)) {
                                subdirectories.add(path);
                                return;
                            }
                            if (registry.contains(path.toFile())) {
                                return;
                            }
                            if (shouldDeleteFile(path, fileName, containerMode, maxAgeMillis)) {
                                try {
                                    Files.deleteIfExists(path);
                                    onDeleteCallback.accept(path);
                                } catch (IOException e) {
                                    if (e.getMessage() != null
                                            && e.getMessage()
                                                    .contains("being used by another process")) {
                                        log.debug("File locked, skipping delete: {}", path);
                                    } else {
                                        log.warn("Failed to delete temp file: {}", path, e);
                                    }
                                }
                            }
                        } catch (Exception e) {
                            log.warn("Error processing path: {}", path, e);
                        }
                    });
        }
        for (Path subdirectory : subdirectories) {
            try {
                cleanupDirectoryStreaming(
                        subdirectory,
                        containerMode,
                        depth + 1,
                        maxAgeMillis,
                        isScheduled,
                        onDeleteCallback);
            } catch (IOException e) {
                log.warn("Error processing subdirectory: {}", subdirectory, e);
            }
        }
    }
    /** Determine if a file should be deleted based on its name, age, and other criteria. */
    private boolean shouldDeleteFile(
            Path path, String fileName, boolean containerMode, long maxAgeMillis) {
        // First check if it matches our known temp file patterns
        boolean isOurTempFile = IS_OUR_TEMP_FILE.test(fileName);
        boolean isSystemTempFile = IS_SYSTEM_TEMP_FILE.test(fileName);
        // Normal operation - check against temp file patterns
        boolean shouldDelete = isOurTempFile || (containerMode && isSystemTempFile);
        // Get file info for age checks
        long lastModified = 0;
        long currentTime = System.currentTimeMillis();
        boolean isEmptyFile = false;
        try {
            lastModified = Files.getLastModifiedTime(path).toMillis();
            // Special case for zero-byte files - these are often corrupted temp files
            if (Files.size(path) == 0) {
                isEmptyFile = true;
                // For empty files, use a shorter timeout (5 minutes)
                // Delete empty files older than 5 minutes
                if ((currentTime - lastModified) > 5 * 60 * 1000) {
                    shouldDelete = true;
                }
            }
        } catch (IOException e) {
            log.debug("Could not check file info, skipping: {}", path);
        }
        // Check file age against maxAgeMillis only if it's not an empty file that we've already
        // decided to delete
        if (!isEmptyFile && shouldDelete && maxAgeMillis > 0) {
            // In normal mode, check age against maxAgeMillis
            shouldDelete = (currentTime - lastModified) > maxAgeMillis;
        }
        return shouldDelete;
    }
    /** Clean up LibreOffice temporary files. This method is called after LibreOffice operations. */
    public void cleanupLibreOfficeTempFiles() {
        // Cleanup known LibreOffice temp directories
        try {
            Set<Path> directories = registry.getTempDirectories();
            for (Path dir : directories) {
                if (dir.getFileName().toString().contains("libreoffice") && Files.exists(dir)) {
                    // For directories containing "libreoffice", delete all contents
                    // but keep the directory itself for future use
                    cleanupDirectoryStreaming(
                            dir,
                            isContainerMode(),
                            0,
                            0, // age doesn't matter for LibreOffice cleanup
                            false,
                            path -> log.debug("Cleaned up LibreOffice temp file: {}", path));
                    log.debug("Cleaned up LibreOffice temp directory contents: {}", dir);
                }
            }
        } catch (IOException e) {
            log.warn("Failed to clean up LibreOffice temp files", e);
        }
    }
    /**
     * Clean up PDFBox cache file from user home directory. This cache file can grow large and
     * should be periodically cleaned.
     */
    private void cleanupPDFBoxCache() {
        try {
            Path userHome = Path.of(System.getProperty("user.home"));
            Path pdfboxCache = userHome.resolve(".pdfbox.cache");
            if (Files.exists(pdfboxCache)) {
                Files.deleteIfExists(pdfboxCache);
                log.debug("Cleaned up PDFBox cache file: {}", pdfboxCache);
            }
        } catch (IOException e) {
            log.warn("Failed to clean up PDFBox cache file", e);
        }
    }
 }
--- a/app/common/src/main/java/stirling/software/common/util/ApplicationContextProvider.java
+++ b/app/common/src/main/java/stirling/software/common/util/ApplicationContextProvider.java
@ -1,76 +0,0 @@
 package stirling.software.common.util;
 import org.springframework.beans.BeansException;
 import org.springframework.context.ApplicationContext;
 import org.springframework.context.ApplicationContextAware;
 import org.springframework.stereotype.Component;
 /**
 * Helper class that provides access to the ApplicationContext. Useful for getting beans in classes
 * that are not managed by Spring.
 */
@Component
 public class ApplicationContextProvider implements ApplicationContextAware {
    private static ApplicationContext applicationContext;
    @Override
    public void setApplicationContext(ApplicationContext context) throws BeansException {
        applicationContext = context;
    }
    /**
     * Get a bean by class type.
     *
     * @param <T> The type of the bean
     * @param beanClass The class of the bean
     * @return The bean instance, or null if not found
     */
    public static <T> T getBean(Class<T> beanClass) {
        if (applicationContext == null) {
            return null;
        }
        try {
            return applicationContext.getBean(beanClass);
        } catch (BeansException e) {
            return null;
        }
    }
    /**
     * Get a bean by name and class type.
     *
     * @param <T> The type of the bean
     * @param name The name of the bean
     * @param beanClass The class of the bean
     * @return The bean instance, or null if not found
     */
    public static <T> T getBean(String name, Class<T> beanClass) {
        if (applicationContext == null) {
            return null;
        }
        try {
            return applicationContext.getBean(name, beanClass);
        } catch (BeansException e) {
            return null;
        }
    }
    /**
     * Check if a bean of the specified type exists.
     *
     * @param beanClass The class of the bean
     * @return true if the bean exists, false otherwise
     */
    public static boolean containsBean(Class<?> beanClass) {
        if (applicationContext == null) {
            return false;
        }
        try {
            applicationContext.getBean(beanClass);
            return true;
        } catch (BeansException e) {
            return false;
        }
    }
 }
--- a/app/common/src/main/java/stirling/software/common/util/AttachmentUtils.java
+++ b/app/common/src/main/java/stirling/software/common/util/AttachmentUtils.java
@ -1,50 +0,0 @@
 package stirling.software.common.util;
 import org.apache.pdfbox.cos.COSDictionary;
 import org.apache.pdfbox.cos.COSName;
 import org.apache.pdfbox.pdmodel.PDDocument;
 import org.apache.pdfbox.pdmodel.PDDocumentCatalog;
 import org.apache.pdfbox.pdmodel.PageMode;
 import lombok.extern.slf4j.Slf4j;
@Slf4j
 public class AttachmentUtils {
    /**
     * Sets the PDF catalog viewer preferences to display attachments in the viewer.
     *
     * @param document The <code>PDDocument</code> to modify.
     * @param pageMode The <code>PageMode</code> to set for the PDF viewer. <code>PageMode</code>
     *     values: <code>UseNone</code>, <code>UseOutlines</code>, <code>UseThumbs</code>, <code>
     *     FullScreen</code>, <code>UseOC</code>, <code>UseAttachments</code>.
     */
    public static void setCatalogViewerPreferences(PDDocument document, PageMode pageMode) {
        try {
            PDDocumentCatalog catalog = document.getDocumentCatalog();
            if (catalog != null) {
                COSDictionary catalogDict = catalog.getCOSObject();
                catalog.setPageMode(pageMode);
                catalogDict.setName(COSName.PAGE_MODE, pageMode.stringValue());
                COSDictionary viewerPrefs =
                        (COSDictionary) catalogDict.getDictionaryObject(COSName.VIEWER_PREFERENCES);
                if (viewerPrefs == null) {
                    viewerPrefs = new COSDictionary();
                    catalogDict.setItem(COSName.VIEWER_PREFERENCES, viewerPrefs);
                }
                viewerPrefs.setName(
                        COSName.getPDFName("NonFullScreenPageMode"), pageMode.stringValue());
                viewerPrefs.setBoolean(COSName.getPDFName("DisplayDocTitle"), true);
                log.info(
                        "Set PDF PageMode to UseAttachments to automatically show attachments pane");
            }
        } catch (Exception e) {
            log.error("Failed to set catalog viewer preferences for attachments", e);
        }
    }
 }
--- a/app/common/src/main/java/stirling/software/common/util/ChecksumUtils.java
+++ b/app/common/src/main/java/stirling/software/common/util/ChecksumUtils.java
@ -1,301 +0,0 @@
 package stirling.software.common.util;
 import java.io.IOException;
 import java.io.InputStream;
 import java.nio.ByteBuffer;
 import java.nio.ByteOrder;
 import java.nio.file.Files;
 import java.nio.file.Path;
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
 import java.util.Base64;
 import java.util.LinkedHashMap;
 import java.util.Locale;
 import java.util.Map;
 import java.util.zip.Adler32;
 import java.util.zip.CRC32;
 import java.util.zip.Checksum;
 import lombok.experimental.UtilityClass;
@UtilityClass
 public class ChecksumUtils {
    /** Shared buffer size for streaming I/O. */
    private static final int BUFFER_SIZE = 8192;
    /** Mask to extract the lower 32 bits of a long value (unsigned int). */
    private static final long UNSIGNED_32_BIT_MASK = 0xFFFFFFFFL;
    /**
     * Computes a checksum for the given file using the chosen algorithm and returns a lowercase hex
     * string.
     *
     * <p>For digest algorithms (e.g., SHA-256, SHA-1, MD5), this returns the digest as hex. For
     * 32-bit {@link Checksum} algorithms ("CRC32", "ADLER32"), this returns an 8-character
     * lowercase hex string of the unsigned 32-bit value.
     *
     * @param path file to read
     * @param algorithm algorithm name (case-insensitive). Special values: "CRC32", "ADLER32".
     * @return hex string of the checksum
     * @throws IOException if the file cannot be read
     */
    public static String checksum(Path path, String algorithm) throws IOException {
        try (InputStream is = Files.newInputStream(path)) {
            return checksum(is, algorithm);
        }
    }
    /**
     * Computes a checksum for the given stream using the chosen algorithm and returns a lowercase
     * hex string.
     *
     * <p><strong>Note:</strong> This method does <em>not</em> close the provided stream.
     *
     * @param is input stream (not closed by this method)
     * @param algorithm algorithm name (case-insensitive). Special values: "CRC32", "ADLER32".
     * @return hex string of the checksum
     * @throws IOException if reading from the stream fails
     */
    public static String checksum(InputStream is, String algorithm) throws IOException {
        switch (algorithm.toUpperCase(Locale.ROOT)) {
            case "CRC32":
                return checksumChecksum(is, new CRC32());
            case "ADLER32":
                return checksumChecksum(is, new Adler32());
            default:
                return toHex(checksumBytes(is, algorithm));
        }
    }
    /**
     * Computes a checksum for the given file using the chosen algorithm and returns a Base64
     * encoded string.
     *
     * <p>For digest algorithms this is the Base64 of the raw digest bytes. For 32-bit checksum
     * algorithms ("CRC32", "ADLER32"), this is the Base64 of the 4-byte big-endian unsigned value.
     *
     * @param path file to read
     * @param algorithm algorithm name (case-insensitive). Special values: "CRC32", "ADLER32".
     * @return Base64-encoded checksum bytes
     * @throws IOException if the file cannot be read
     */
    public static String checksumBase64(Path path, String algorithm) throws IOException {
        try (InputStream is = Files.newInputStream(path)) {
            return checksumBase64(is, algorithm);
        }
    }
    /**
     * Computes a checksum for the given stream using the chosen algorithm and returns a Base64
     * encoded string.
     *
     * <p><strong>Note:</strong> This method does <em>not</em> close the provided stream.
     *
     * @param is input stream (not closed by this method)
     * @param algorithm algorithm name (case-insensitive). Special values: "CRC32", "ADLER32".
     * @return Base64-encoded checksum bytes
     * @throws IOException if reading from the stream fails
     */
    public static String checksumBase64(InputStream is, String algorithm) throws IOException {
        switch (algorithm.toUpperCase(Locale.ROOT)) {
            case "CRC32":
                return Base64.getEncoder().encodeToString(checksumChecksumBytes(is, new CRC32()));
            case "ADLER32":
                return Base64.getEncoder().encodeToString(checksumChecksumBytes(is, new Adler32()));
            default:
                return Base64.getEncoder().encodeToString(checksumBytes(is, algorithm));
        }
    }
    /**
     * Computes multiple checksums for the given file in a single pass over the data.
     *
     * <p>Returns a map from algorithm name to lowercase hex string. Order of results follows the
     * order of the provided {@code algorithms}.
     *
     * @param path file to read
     * @param algorithms algorithm names (case-insensitive). Special: "CRC32", "ADLER32".
     * @return map of algorithm → hex string
     * @throws IOException if the file cannot be read
     */
    public static Map<String, String> checksums(Path path, String... algorithms)
            throws IOException {
        try (InputStream is = Files.newInputStream(path)) {
            return checksums(is, algorithms);
        }
    }
    /**
     * Computes multiple checksums for the given stream in a single pass over the data.
     *
     * <p><strong>Note:</strong> This method does <em>not</em> close the provided stream.
     *
     * @param is input stream (not closed by this method)
     * @param algorithms algorithm names (case-insensitive). Special: "CRC32", "ADLER32".
     * @return map of algorithm → hex string
     * @throws IOException if reading from the stream fails
     */
    public static Map<String, String> checksums(InputStream is, String... algorithms)
            throws IOException {
        // Use LinkedHashMap to preserve the order of requested algorithms in the result.
        Map<String, MessageDigest> digests = new LinkedHashMap<>();
        Map<String, Checksum> checksums = new LinkedHashMap<>();
        for (String algorithm : algorithms) {
            String key = algorithm; // keep original key for output
            switch (algorithm.toUpperCase(Locale.ROOT)) {
                case "CRC32":
                    checksums.put(key, new CRC32());
                    break;
                case "ADLER32":
                    checksums.put(key, new Adler32());
                    break;
                default:
                    try {
                        // For MessageDigest, pass the original name (case-insensitive per JCA)
                        digests.put(key, MessageDigest.getInstance(algorithm));
                    } catch (NoSuchAlgorithmException e) {
                        throw new IllegalStateException("Unsupported algorithm: " + algorithm, e);
                    }
            }
        }
        byte[] buffer = new byte[BUFFER_SIZE];
        int read;
        while ((read = is.read(buffer)) != -1) {
            for (MessageDigest digest : digests.values()) {
                digest.update(buffer, 0, read);
            }
            for (Checksum cs : checksums.values()) {
                cs.update(buffer, 0, read);
            }
        }
        Map<String, String> results = new LinkedHashMap<>();
        for (Map.Entry<String, MessageDigest> entry : digests.entrySet()) {
            results.put(entry.getKey(), toHex(entry.getValue().digest()));
        }
        for (Map.Entry<String, Checksum> entry : checksums.entrySet()) {
            // Keep value as long and mask to ensure unsigned hex formatting.
            long unsigned32 = entry.getValue().getValue() & UNSIGNED_32_BIT_MASK;
            results.put(entry.getKey(), String.format("%08x", unsigned32));
        }
        return results;
    }
    /**
     * Compares the checksum of a file with an expected hex string (case-insensitive).
     *
     * @param path file to read
     * @param algorithm algorithm name (case-insensitive). Special: "CRC32", "ADLER32".
     * @param expected expected hex string (case-insensitive)
     * @return {@code true} if they match, otherwise {@code false}
     * @throws IOException if the file cannot be read
     */
    public static boolean matches(Path path, String algorithm, String expected) throws IOException {
        try (InputStream is = Files.newInputStream(path)) {
            return matches(is, algorithm, expected);
        }
    }
    /**
     * Compares the checksum of a stream with an expected hex string (case-insensitive).
     *
     * <p><strong>Note:</strong> This method does <em>not</em> close the provided stream.
     *
     * @param is input stream (not closed by this method)
     * @param algorithm algorithm name (case-insensitive). Special: "CRC32", "ADLER32".
     * @param expected expected hex string (case-insensitive)
     * @return {@code true} if they match, otherwise {@code false}
     * @throws IOException if reading from the stream fails
     */
    public static boolean matches(InputStream is, String algorithm, String expected)
            throws IOException {
        return checksum(is, algorithm).equalsIgnoreCase(expected);
    }
    // ---------- Internal helpers ----------
    /**
     * Computes a MessageDigest over a stream and returns the raw digest bytes.
     *
     * @param is input stream (not closed)
     * @param algorithm JCA MessageDigest algorithm (e.g., "SHA-256")
     * @return raw digest bytes
     * @throws IOException if reading fails
     * @throws IllegalStateException if the algorithm is unsupported
     */
    private static byte[] checksumBytes(InputStream is, String algorithm) throws IOException {
        try {
            MessageDigest digest = MessageDigest.getInstance(algorithm);
            byte[] buffer = new byte[BUFFER_SIZE];
            int read;
            while ((read = is.read(buffer)) != -1) {
                digest.update(buffer, 0, read);
            }
            return digest.digest();
        } catch (NoSuchAlgorithmException e) {
            // Keep the message explicit to aid debugging
            throw new IllegalStateException("Unsupported algorithm: " + algorithm, e);
        }
    }
    /**
     * Computes a 32-bit {@link Checksum} over a stream and returns the lowercase 8-char hex of the
     * unsigned 32-bit value.
     *
     * @param is input stream (not closed)
     * @param checksum checksum implementation (CRC32, Adler32, etc.)
     * @return 8-character lowercase hex (big-endian representation)
     * @throws IOException if reading fails
     */
    private static String checksumChecksum(InputStream is, Checksum checksum) throws IOException {
        byte[] buffer = new byte[BUFFER_SIZE];
        int read;
        while ((read = is.read(buffer)) != -1) {
            checksum.update(buffer, 0, read);
        }
        // Keep as long and mask to ensure correct unsigned representation.
        long unsigned32 = checksum.getValue() & UNSIGNED_32_BIT_MASK;
        return String.format("%08x", unsigned32);
    }
    /**
     * Computes a 32-bit {@link Checksum} over a stream and returns the raw 4-byte big-endian
     * representation of the unsigned 32-bit value.
     *
     * <p>Cast to int already truncates to the lower 32 bits; the sign is irrelevant because we
     * serialize the bit pattern directly into 4 bytes.
     *
     * @param is input stream (not closed)
     * @param checksum checksum implementation (CRC32, Adler32, etc.)
     * @return 4 bytes (big-endian)
     * @throws IOException if reading fails
     */
    private static byte[] checksumChecksumBytes(InputStream is, Checksum checksum)
            throws IOException {
        byte[] buffer = new byte[BUFFER_SIZE];
        int read;
        while ((read = is.read(buffer)) != -1) {
            checksum.update(buffer, 0, read);
        }
        // Cast keeps only the lower 32 bits; mask is unnecessary here.
        int v = (int) checksum.getValue();
        return ByteBuffer.allocate(4).order(ByteOrder.BIG_ENDIAN).putInt(v).array();
    }
    /**
     * Converts bytes to a lowercase hex string.
     *
     * @param hash the byte array to convert
     * @return the lowercase hex string
     */
    private static String toHex(byte[] hash) {
        StringBuilder sb = new StringBuilder(hash.length * 2);
        for (byte b : hash) {
            sb.append(String.format("%02x", b));
        }
        return sb.toString();
    }
 }
--- a/app/common/src/main/java/stirling/software/common/util/CustomHtmlSanitizer.java
+++ b/app/common/src/main/java/stirling/software/common/util/CustomHtmlSanitizer.java
@ -1,69 +0,0 @@
 package stirling.software.common.util;
 import org.owasp.html.AttributePolicy;
 import org.owasp.html.HtmlPolicyBuilder;
 import org.owasp.html.PolicyFactory;
 import org.owasp.html.Sanitizers;
 import org.springframework.stereotype.Component;
 import stirling.software.common.model.ApplicationProperties;
 import stirling.software.common.service.SsrfProtectionService;
@Component
 public class CustomHtmlSanitizer {
    private final SsrfProtectionService ssrfProtectionService;
    private final ApplicationProperties applicationProperties;
    public CustomHtmlSanitizer(
            SsrfProtectionService ssrfProtectionService,
            ApplicationProperties applicationProperties) {
        this.ssrfProtectionService = ssrfProtectionService;
        this.applicationProperties = applicationProperties;
    }
    private final AttributePolicy SSRF_SAFE_URL_POLICY =
            new AttributePolicy() {
                @Override
                public String apply(String elementName, String attributeName, String value) {
                    if (value == null || value.trim().isEmpty()) {
                        return null;
                    }
                    String trimmedValue = value.trim();
                    // Use the SSRF protection service to validate the URL
                    if (ssrfProtectionService != null
                            && !ssrfProtectionService.isUrlAllowed(trimmedValue)) {
                        return null;
                    }
                    return trimmedValue;
                }
            };
    private final PolicyFactory SSRF_SAFE_IMAGES_POLICY =
            new HtmlPolicyBuilder()
                    .allowElements("img")
                    .allowAttributes("alt", "width", "height", "title")
                    .onElements("img")
                    .allowAttributes("src")
                    .matching(SSRF_SAFE_URL_POLICY)
                    .onElements("img")
                    .toFactory();
    private final PolicyFactory POLICY =
            Sanitizers.FORMATTING
                    .and(Sanitizers.BLOCKS)
                    .and(Sanitizers.STYLES)
                    .and(Sanitizers.LINKS)
                    .and(Sanitizers.TABLES)
                    .and(SSRF_SAFE_IMAGES_POLICY)
                    .and(new HtmlPolicyBuilder().disallowElements("noscript").toFactory());
    public String sanitize(String html) {
        boolean disableSanitize =
                Boolean.TRUE.equals(applicationProperties.getSystem().getDisableSanitize());
        return disableSanitize ? html : POLICY.sanitize(html);
    }
 }
--- a/app/common/src/main/java/stirling/software/common/util/EmlParser.java
+++ b/app/common/src/main/java/stirling/software/common/util/EmlParser.java
@ -1,654 +0,0 @@
 package stirling.software.common.util;
 import java.io.ByteArrayInputStream;
 import java.io.IOException;
 import java.io.InputStream;
 import java.lang.reflect.Constructor;
 import java.lang.reflect.Method;
 import java.nio.charset.StandardCharsets;
 import java.util.ArrayList;
 import java.util.Date;
 import java.util.List;
 import java.util.Properties;
 import java.util.regex.Pattern;
 import org.springframework.http.MediaType;
 import lombok.Data;
 import lombok.experimental.UtilityClass;
 import stirling.software.common.model.api.converters.EmlToPdfRequest;
@UtilityClass
 public class EmlParser {
    private static volatile Boolean jakartaMailAvailable = null;
    private static volatile Method mimeUtilityDecodeTextMethod = null;
    private static volatile boolean mimeUtilityChecked = false;
    private static final Pattern MIME_ENCODED_PATTERN =
            Pattern.compile("=\\?([^?]+)\\?([BbQq])\\?([^?]*)\\?=");
    private static final String DISPOSITION_ATTACHMENT = "attachment";
    private static final String TEXT_PLAIN = MediaType.TEXT_PLAIN_VALUE;
    private static final String TEXT_HTML = MediaType.TEXT_HTML_VALUE;
    private static final String MULTIPART_PREFIX = "multipart/";
    private static final String HEADER_CONTENT_TYPE = "content-type:";
    private static final String HEADER_CONTENT_DISPOSITION = "content-disposition:";
    private static final String HEADER_CONTENT_TRANSFER_ENCODING = "content-transfer-encoding:";
    private static final String HEADER_CONTENT_ID = "Content-ID";
    private static final String HEADER_SUBJECT = "Subject:";
    private static final String HEADER_FROM = "From:";
    private static final String HEADER_TO = "To:";
    private static final String HEADER_CC = "Cc:";
    private static final String HEADER_BCC = "Bcc:";
    private static final String HEADER_DATE = "Date:";
    private static synchronized boolean isJakartaMailAvailable() {
        if (jakartaMailAvailable == null) {
            try {
                Class.forName("jakarta.mail.internet.MimeMessage");
                Class.forName("jakarta.mail.Session");
                Class.forName("jakarta.mail.internet.MimeUtility");
                Class.forName("jakarta.mail.internet.MimePart");
                Class.forName("jakarta.mail.internet.MimeMultipart");
                Class.forName("jakarta.mail.Multipart");
                Class.forName("jakarta.mail.Part");
                jakartaMailAvailable = true;
            } catch (ClassNotFoundException e) {
                jakartaMailAvailable = false;
            }
        }
        return jakartaMailAvailable;
    }
    public static EmailContent extractEmailContent(
            byte[] emlBytes, EmlToPdfRequest request, CustomHtmlSanitizer customHtmlSanitizer)
            throws IOException {
        EmlProcessingUtils.validateEmlInput(emlBytes);
        if (isJakartaMailAvailable()) {
            return extractEmailContentAdvanced(emlBytes, request, customHtmlSanitizer);
        } else {
            return extractEmailContentBasic(emlBytes, customHtmlSanitizer);
        }
    }
    private static EmailContent extractEmailContentBasic(
            byte[] emlBytes, CustomHtmlSanitizer customHtmlSanitizer) {
        String emlContent = new String(emlBytes, StandardCharsets.UTF_8);
        EmailContent content = new EmailContent();
        content.setSubject(extractBasicHeader(emlContent, HEADER_SUBJECT));
        content.setFrom(extractBasicHeader(emlContent, HEADER_FROM));
        content.setTo(extractBasicHeader(emlContent, HEADER_TO));
        content.setCc(extractBasicHeader(emlContent, HEADER_CC));
        content.setBcc(extractBasicHeader(emlContent, HEADER_BCC));
        String dateStr = extractBasicHeader(emlContent, HEADER_DATE);
        if (!dateStr.isEmpty()) {
            content.setDateString(dateStr);
        }
        String htmlBody = extractHtmlBody(emlContent);
        if (htmlBody != null) {
            content.setHtmlBody(htmlBody);
        } else {
            String textBody = extractTextBody(emlContent);
            content.setTextBody(textBody != null ? textBody : "Email content could not be parsed");
        }
        content.getAttachments().addAll(extractAttachmentsBasic(emlContent));
        return content;
    }
    private static EmailContent extractEmailContentAdvanced(
            byte[] emlBytes, EmlToPdfRequest request, CustomHtmlSanitizer customHtmlSanitizer) {
        try {
            Class<?> sessionClass = Class.forName("jakarta.mail.Session");
            Class<?> mimeMessageClass = Class.forName("jakarta.mail.internet.MimeMessage");
            Method getDefaultInstance =
                    sessionClass.getMethod("getDefaultInstance", Properties.class);
            Object session = getDefaultInstance.invoke(null, new Properties());
            Class<?>[] constructorArgs = new Class<?>[] {sessionClass, InputStream.class};
            Constructor<?> mimeMessageConstructor =
                    mimeMessageClass.getConstructor(constructorArgs);
            Object message =
                    mimeMessageConstructor.newInstance(session, new ByteArrayInputStream(emlBytes));
            return extractFromMimeMessage(message, request, customHtmlSanitizer);
        } catch (ReflectiveOperationException e) {
            return extractEmailContentBasic(emlBytes, customHtmlSanitizer);
        }
    }
    private static EmailContent extractFromMimeMessage(
            Object message, EmlToPdfRequest request, CustomHtmlSanitizer customHtmlSanitizer) {
        EmailContent content = new EmailContent();
        try {
            Class<?> messageClass = message.getClass();
            Method getSubject = messageClass.getMethod("getSubject");
            String subject = (String) getSubject.invoke(message);
            content.setSubject(subject != null ? safeMimeDecode(subject) : "No Subject");
            Method getFrom = messageClass.getMethod("getFrom");
            Object[] fromAddresses = (Object[]) getFrom.invoke(message);
            content.setFrom(buildAddressString(fromAddresses));
            extractRecipients(message, messageClass, content);
            Method getSentDate = messageClass.getMethod("getSentDate");
            content.setDate((Date) getSentDate.invoke(message));
            Method getContent = messageClass.getMethod("getContent");
            Object messageContent = getContent.invoke(message);
            processMessageContent(message, messageContent, content, request, customHtmlSanitizer);
        } catch (ReflectiveOperationException | RuntimeException e) {
            content.setSubject("Email Conversion");
            content.setFrom("Unknown");
            content.setTo("Unknown");
            content.setCc("");
            content.setBcc("");
            content.setTextBody("Email content could not be parsed with advanced processing");
        }
        return content;
    }
    private static void extractRecipients(
            Object message, Class<?> messageClass, EmailContent content) {
        try {
            Method getRecipients =
                    messageClass.getMethod(
                            "getRecipients", Class.forName("jakarta.mail.Message$RecipientType"));
            Class<?> recipientTypeClass = Class.forName("jakarta.mail.Message$RecipientType");
            Object toType = recipientTypeClass.getField("TO").get(null);
            Object[] toRecipients = (Object[]) getRecipients.invoke(message, toType);
            content.setTo(buildAddressString(toRecipients));
            Object ccType = recipientTypeClass.getField("CC").get(null);
            Object[] ccRecipients = (Object[]) getRecipients.invoke(message, ccType);
            content.setCc(buildAddressString(ccRecipients));
            Object bccType = recipientTypeClass.getField("BCC").get(null);
            Object[] bccRecipients = (Object[]) getRecipients.invoke(message, bccType);
            content.setBcc(buildAddressString(bccRecipients));
        } catch (ReflectiveOperationException e) {
            try {
                Method getAllRecipients = messageClass.getMethod("getAllRecipients");
                Object[] recipients = (Object[]) getAllRecipients.invoke(message);
                content.setTo(buildAddressString(recipients));
                content.setCc("");
                content.setBcc("");
            } catch (ReflectiveOperationException ex) {
                content.setTo("");
                content.setCc("");
                content.setBcc("");
            }
        }
    }
    private static String buildAddressString(Object[] addresses) {
        if (addresses == null || addresses.length == 0) {
            return "";
        }
        StringBuilder builder = new StringBuilder();
        for (int i = 0; i < addresses.length; i++) {
            if (i > 0) builder.append(", ");
            builder.append(safeMimeDecode(addresses[i].toString()));
        }
        return builder.toString();
    }
    private static void processMessageContent(
            Object message,
            Object messageContent,
            EmailContent content,
            EmlToPdfRequest request,
            CustomHtmlSanitizer customHtmlSanitizer) {
        try {
            if (messageContent instanceof String stringContent) {
                Method getContentType = message.getClass().getMethod("getContentType");
                String contentType = (String) getContentType.invoke(message);
                if (contentType != null && contentType.toLowerCase().contains(TEXT_HTML)) {
                    content.setHtmlBody(stringContent);
                } else {
                    content.setTextBody(stringContent);
                }
            } else {
                Class<?> multipartClass = Class.forName("jakarta.mail.Multipart");
                if (multipartClass.isInstance(messageContent)) {
                    processMultipart(messageContent, content, request, customHtmlSanitizer, 0);
                }
            }
        } catch (ReflectiveOperationException | ClassCastException e) {
            content.setTextBody("Email content could not be parsed with advanced processing");
        }
    }
    private static void processMultipart(
            Object multipart,
            EmailContent content,
            EmlToPdfRequest request,
            CustomHtmlSanitizer customHtmlSanitizer,
            int depth) {
        final int MAX_MULTIPART_DEPTH = 10;
        if (depth > MAX_MULTIPART_DEPTH) {
            content.setHtmlBody("<div class=\"error\">Maximum multipart depth exceeded</div>");
            return;
        }
        try {
            Class<?> multipartClass = multipart.getClass();
            Method getCount = multipartClass.getMethod("getCount");
            int count = (Integer) getCount.invoke(multipart);
            Method getBodyPart = multipartClass.getMethod("getBodyPart", int.class);
            for (int i = 0; i < count; i++) {
                Object part = getBodyPart.invoke(multipart, i);
                processPart(part, content, request, customHtmlSanitizer, depth + 1);
            }
        } catch (ReflectiveOperationException | ClassCastException e) {
            content.setHtmlBody("<div class=\"error\">Error processing multipart content</div>");
        }
    }
    private static void processPart(
            Object part,
            EmailContent content,
            EmlToPdfRequest request,
            CustomHtmlSanitizer customHtmlSanitizer,
            int depth) {
        try {
            Class<?> partClass = part.getClass();
            Method isMimeType = partClass.getMethod("isMimeType", String.class);
            Method getContent = partClass.getMethod("getContent");
            Method getDisposition = partClass.getMethod("getDisposition");
            Method getFileName = partClass.getMethod("getFileName");
            Method getContentType = partClass.getMethod("getContentType");
            Method getHeader = partClass.getMethod("getHeader", String.class);
            Object disposition = getDisposition.invoke(part);
            String filename = (String) getFileName.invoke(part);
            String contentType = (String) getContentType.invoke(part);
            String normalizedDisposition =
                    disposition != null ? ((String) disposition).toLowerCase() : null;
            if ((Boolean) isMimeType.invoke(part, TEXT_PLAIN) && normalizedDisposition == null) {
                Object partContent = getContent.invoke(part);
                if (partContent instanceof String stringContent) {
                    content.setTextBody(stringContent);
                }
            } else if ((Boolean) isMimeType.invoke(part, TEXT_HTML)
                    && normalizedDisposition == null) {
                Object partContent = getContent.invoke(part);
                if (partContent instanceof String stringContent) {
                    String htmlBody =
                            customHtmlSanitizer != null
                                    ? customHtmlSanitizer.sanitize(stringContent)
                                    : stringContent;
                    content.setHtmlBody(htmlBody);
                }
            } else if ((normalizedDisposition != null
                            && normalizedDisposition.contains(DISPOSITION_ATTACHMENT))
                    || (filename != null && !filename.trim().isEmpty())) {
                processAttachment(
                        part, content, request, getHeader, getContent, filename, contentType);
            } else if ((Boolean) isMimeType.invoke(part, "multipart/*")) {
                Object multipartContent = getContent.invoke(part);
                if (multipartContent != null) {
                    Class<?> multipartClass = Class.forName("jakarta.mail.Multipart");
                    if (multipartClass.isInstance(multipartContent)) {
                        processMultipart(
                                multipartContent, content, request, customHtmlSanitizer, depth + 1);
                    }
                }
            }
        } catch (ReflectiveOperationException | RuntimeException e) {
            // Continue processing other parts if one fails
        }
    }
    private static void processAttachment(
            Object part,
            EmailContent content,
            EmlToPdfRequest request,
            Method getHeader,
            Method getContent,
            String filename,
            String contentType) {
        content.setAttachmentCount(content.getAttachmentCount() + 1);
        if (filename != null && !filename.trim().isEmpty()) {
            EmailAttachment attachment = new EmailAttachment();
            attachment.setFilename(safeMimeDecode(filename));
            attachment.setContentType(contentType);
            try {
                String[] contentIdHeaders = (String[]) getHeader.invoke(part, HEADER_CONTENT_ID);
                if (contentIdHeaders != null) {
                    for (String contentIdHeader : contentIdHeaders) {
                        if (contentIdHeader != null && !contentIdHeader.trim().isEmpty()) {
                            attachment.setEmbedded(true);
                            String contentId = contentIdHeader.trim().replaceAll("[<>]", "");
                            attachment.setContentId(contentId);
                            break;
                        }
                    }
                }
            } catch (ReflectiveOperationException e) {
            }
            if ((request != null && request.isIncludeAttachments()) || attachment.isEmbedded()) {
                extractAttachmentData(part, attachment, getContent, request);
            }
            content.getAttachments().add(attachment);
        }
    }
    private static void extractAttachmentData(
            Object part, EmailAttachment attachment, Method getContent, EmlToPdfRequest request) {
        try {
            Object attachmentContent = getContent.invoke(part);
            byte[] attachmentData = null;
            if (attachmentContent instanceof InputStream inputStream) {
                try (InputStream stream = inputStream) {
                    attachmentData = stream.readAllBytes();
                } catch (IOException e) {
                    if (attachment.isEmbedded()) {
                        attachmentData = new byte[0];
                    } else {
                        throw new RuntimeException(e);
                    }
                }
            } else if (attachmentContent instanceof byte[] byteArray) {
                attachmentData = byteArray;
            } else if (attachmentContent instanceof String stringContent) {
                attachmentData = stringContent.getBytes(StandardCharsets.UTF_8);
            }
            if (attachmentData != null) {
                long maxSizeMB = request != null ? request.getMaxAttachmentSizeMB() : 10L;
                long maxSizeBytes = maxSizeMB * 1024 * 1024;
                if (attachmentData.length <= maxSizeBytes || attachment.isEmbedded()) {
                    attachment.setData(attachmentData);
                    attachment.setSizeBytes(attachmentData.length);
                } else {
                    attachment.setSizeBytes(attachmentData.length);
                }
            }
        } catch (ReflectiveOperationException | RuntimeException e) {
            // Continue without attachment data
        }
    }
    private static String extractBasicHeader(String emlContent, String headerName) {
        try {
            String[] lines = emlContent.split("\r?\n");
            for (int i = 0; i < lines.length; i++) {
                String line = lines[i];
                if (line.toLowerCase().startsWith(headerName.toLowerCase())) {
                    StringBuilder value =
                            new StringBuilder(line.substring(headerName.length()).trim());
                    for (int j = i + 1; j < lines.length; j++) {
                        if (lines[j].startsWith(" ") || lines[j].startsWith("\t")) {
                            value.append(" ").append(lines[j].trim());
                        } else {
                            break;
                        }
                    }
                    return safeMimeDecode(value.toString());
                }
                if (line.trim().isEmpty()) break;
            }
        } catch (RuntimeException e) {
            // Ignore errors in header extraction
        }
        return "";
    }
    private static String extractHtmlBody(String emlContent) {
        try {
            String lowerContent = emlContent.toLowerCase();
            int htmlStart = lowerContent.indexOf(HEADER_CONTENT_TYPE + " " + TEXT_HTML);
            if (htmlStart == -1) return null;
            int bodyStart = emlContent.indexOf("\r\n\r\n", htmlStart);
            if (bodyStart == -1) bodyStart = emlContent.indexOf("\n\n", htmlStart);
            if (bodyStart == -1) return null;
            bodyStart += (emlContent.charAt(bodyStart + 1) == '\r') ? 4 : 2;
            int bodyEnd = findPartEnd(emlContent, bodyStart);
            return emlContent.substring(bodyStart, bodyEnd).trim();
        } catch (Exception e) {
            return null;
        }
    }
    private static String extractTextBody(String emlContent) {
        try {
            String lowerContent = emlContent.toLowerCase();
            int textStart = lowerContent.indexOf(HEADER_CONTENT_TYPE + " " + TEXT_PLAIN);
            if (textStart == -1) {
                int bodyStart = emlContent.indexOf("\r\n\r\n");
                if (bodyStart == -1) bodyStart = emlContent.indexOf("\n\n");
                if (bodyStart != -1) {
                    bodyStart += (emlContent.charAt(bodyStart + 1) == '\r') ? 4 : 2;
                    int bodyEnd = findPartEnd(emlContent, bodyStart);
                    return emlContent.substring(bodyStart, bodyEnd).trim();
                }
                return null;
            }
            int bodyStart = emlContent.indexOf("\r\n\r\n", textStart);
            if (bodyStart == -1) bodyStart = emlContent.indexOf("\n\n", textStart);
            if (bodyStart == -1) return null;
            bodyStart += (emlContent.charAt(bodyStart + 1) == '\r') ? 4 : 2;
            int bodyEnd = findPartEnd(emlContent, bodyStart);
            return emlContent.substring(bodyStart, bodyEnd).trim();
        } catch (RuntimeException e) {
            return null;
        }
    }
    private static int findPartEnd(String content, int start) {
        String[] lines = content.substring(start).split("\r?\n");
        StringBuilder result = new StringBuilder();
        for (String line : lines) {
            if (line.startsWith("--") && line.length() > 10) break;
            result.append(line).append("\n");
        }
        return start + result.length();
    }
    private static List<EmailAttachment> extractAttachmentsBasic(String emlContent) {
        List<EmailAttachment> attachments = new ArrayList<>();
        try {
            String[] lines = emlContent.split("\r?\n");
            boolean inHeaders = true;
            String currentContentType = "";
            String currentDisposition = "";
            String currentFilename = "";
            String currentEncoding = "";
            for (String line : lines) {
                String lowerLine = line.toLowerCase().trim();
                if (line.trim().isEmpty()) {
                    inHeaders = false;
                    if (isAttachment(currentDisposition, currentFilename, currentContentType)) {
                        EmailAttachment attachment = new EmailAttachment();
                        attachment.setFilename(currentFilename);
                        attachment.setContentType(currentContentType);
                        attachment.setTransferEncoding(currentEncoding);
                        attachments.add(attachment);
                    }
                    currentContentType = "";
                    currentDisposition = "";
                    currentFilename = "";
                    currentEncoding = "";
                    inHeaders = true;
                    continue;
                }
                if (!inHeaders) continue;
                if (lowerLine.startsWith(HEADER_CONTENT_TYPE)) {
                    currentContentType = line.substring(HEADER_CONTENT_TYPE.length()).trim();
                } else if (lowerLine.startsWith(HEADER_CONTENT_DISPOSITION)) {
                    currentDisposition = line.substring(HEADER_CONTENT_DISPOSITION.length()).trim();
                    currentFilename = extractFilenameFromDisposition(currentDisposition);
                } else if (lowerLine.startsWith(HEADER_CONTENT_TRANSFER_ENCODING)) {
                    currentEncoding =
                            line.substring(HEADER_CONTENT_TRANSFER_ENCODING.length()).trim();
                }
            }
        } catch (RuntimeException e) {
            // Continue with empty list
        }
        return attachments;
    }
    private static boolean isAttachment(String disposition, String filename, String contentType) {
        return (disposition.toLowerCase().contains(DISPOSITION_ATTACHMENT) && !filename.isEmpty())
                || (!filename.isEmpty() && !contentType.toLowerCase().startsWith("text/"))
                || (contentType.toLowerCase().contains("application/") && !filename.isEmpty());
    }
    private static String extractFilenameFromDisposition(String disposition) {
        if (disposition == null || !disposition.contains("filename=")) {
            return "";
        }
        // Handle filename*= (RFC 2231 encoded filename)
        if (disposition.toLowerCase().contains("filename*=")) {
            int filenameStarStart = disposition.toLowerCase().indexOf("filename*=") + 10;
            int filenameStarEnd = disposition.indexOf(";", filenameStarStart);
            if (filenameStarEnd == -1) filenameStarEnd = disposition.length();
            String extendedFilename =
                    disposition.substring(filenameStarStart, filenameStarEnd).trim();
            extendedFilename = extendedFilename.replaceAll("^\"|\"$", "");
            if (extendedFilename.contains("'")) {
                String[] parts = extendedFilename.split("'", 3);
                if (parts.length == 3) {
                    return EmlProcessingUtils.decodeUrlEncoded(parts[2]);
                }
            }
        }
        // Handle regular filename=
        int filenameStart = disposition.toLowerCase().indexOf("filename=") + 9;
        int filenameEnd = disposition.indexOf(";", filenameStart);
        if (filenameEnd == -1) filenameEnd = disposition.length();
        String filename = disposition.substring(filenameStart, filenameEnd).trim();
        filename = filename.replaceAll("^\"|\"$", "");
        return safeMimeDecode(filename);
    }
    public static String safeMimeDecode(String headerValue) {
        if (headerValue == null || headerValue.trim().isEmpty()) {
            return "";
        }
        if (!mimeUtilityChecked) {
            synchronized (EmlParser.class) {
                if (!mimeUtilityChecked) {
                    initializeMimeUtilityDecoding();
                }
            }
        }
        if (mimeUtilityDecodeTextMethod != null) {
            try {
                return (String) mimeUtilityDecodeTextMethod.invoke(null, headerValue.trim());
            } catch (ReflectiveOperationException | RuntimeException e) {
                // Fall through to custom implementation
            }
        }
        return EmlProcessingUtils.decodeMimeHeader(headerValue.trim());
    }
    private static void initializeMimeUtilityDecoding() {
        try {
            Class<?> mimeUtilityClass = Class.forName("jakarta.mail.internet.MimeUtility");
            mimeUtilityDecodeTextMethod = mimeUtilityClass.getMethod("decodeText", String.class);
        } catch (ClassNotFoundException | NoSuchMethodException e) {
            mimeUtilityDecodeTextMethod = null;
        }
        mimeUtilityChecked = true;
    }
    @Data
    public static class EmailContent {
        private String subject;
        private String from;
        private String to;
        private String cc;
        private String bcc;
        private Date date;
        private String dateString; // For basic parsing fallback
        private String htmlBody;
        private String textBody;
        private int attachmentCount;
        private List<EmailAttachment> attachments = new ArrayList<>();
        public void setHtmlBody(String htmlBody) {
            this.htmlBody = htmlBody != null ? htmlBody.replaceAll("\r", "") : null;
        }
        public void setTextBody(String textBody) {
            this.textBody = textBody != null ? textBody.replaceAll("\r", "") : null;
        }
    }
    @Data
    public static class EmailAttachment {
        private String filename;
        private String contentType;
        private byte[] data;
        private boolean embedded;
        private String embeddedFilename;
        private long sizeBytes;
        private String contentId;
        private String disposition;
        private String transferEncoding;
        public void setData(byte[] data) {
            this.data = data;
            if (data != null) {
                this.sizeBytes = data.length;
            }
        }
    }
 }
--- a/app/common/src/main/java/stirling/software/common/util/EmlProcessingUtils.java
+++ b/app/common/src/main/java/stirling/software/common/util/EmlProcessingUtils.java
@ -1,603 +0,0 @@
 package stirling.software.common.util;
 import java.nio.charset.Charset;
 import java.nio.charset.StandardCharsets;
 import java.util.Base64;
 import java.util.Locale;
 import java.util.Map;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 import org.springframework.http.MediaType;
 import lombok.experimental.UtilityClass;
 import stirling.software.common.model.api.converters.EmlToPdfRequest;
 import stirling.software.common.model.api.converters.HTMLToPdfRequest;
@UtilityClass
 public class EmlProcessingUtils {
    // Style constants
    private static final int DEFAULT_FONT_SIZE = 12;
    private static final String DEFAULT_FONT_FAMILY = "Helvetica, sans-serif";
    private static final float DEFAULT_LINE_HEIGHT = 1.4f;
    private static final String DEFAULT_ZOOM = "1.0";
    private static final String DEFAULT_TEXT_COLOR = "#202124";
    private static final String DEFAULT_BACKGROUND_COLOR = "#ffffff";
    private static final String DEFAULT_BORDER_COLOR = "#e8eaed";
    private static final String ATTACHMENT_BACKGROUND_COLOR = "#f9f9f9";
    private static final String ATTACHMENT_BORDER_COLOR = "#eeeeee";
    private static final int EML_CHECK_LENGTH = 8192;
    private static final int MIN_HEADER_COUNT_FOR_VALID_EML = 2;
    // MIME type detection
    private static final Map<String, String> EXTENSION_TO_MIME_TYPE =
            Map.of(
                    ".png", MediaType.IMAGE_PNG_VALUE,
                    ".jpg", MediaType.IMAGE_JPEG_VALUE,
                    ".jpeg", MediaType.IMAGE_JPEG_VALUE,
                    ".gif", MediaType.IMAGE_GIF_VALUE,
                    ".bmp", "image/bmp",
                    ".webp", "image/webp",
                    ".svg", "image/svg+xml",
                    ".ico", "image/x-icon",
                    ".tiff", "image/tiff",
                    ".tif", "image/tiff");
    public static void validateEmlInput(byte[] emlBytes) {
        if (emlBytes == null || emlBytes.length == 0) {
            throw new IllegalArgumentException("EML file is empty or null");
        }
        if (isInvalidEmlFormat(emlBytes)) {
            throw new IllegalArgumentException("Invalid EML file format");
        }
    }
    private static boolean isInvalidEmlFormat(byte[] emlBytes) {
        try {
            int checkLength = Math.min(emlBytes.length, EML_CHECK_LENGTH);
            String content;
            try {
                content = new String(emlBytes, 0, checkLength, StandardCharsets.UTF_8);
                if (content.contains("\uFFFD")) {
                    content = new String(emlBytes, 0, checkLength, StandardCharsets.ISO_8859_1);
                }
            } catch (Exception e) {
                content = new String(emlBytes, 0, checkLength, StandardCharsets.ISO_8859_1);
            }
            String lowerContent = content.toLowerCase(Locale.ROOT);
            boolean hasFrom =
                    lowerContent.contains("from:") || lowerContent.contains("return-path:");
            boolean hasSubject = lowerContent.contains("subject:");
            boolean hasMessageId = lowerContent.contains("message-id:");
            boolean hasDate = lowerContent.contains("date:");
            boolean hasTo =
                    lowerContent.contains("to:")
                            || lowerContent.contains("cc:")
                            || lowerContent.contains("bcc:");
            boolean hasMimeStructure =
                    lowerContent.contains("multipart/")
                            || lowerContent.contains(MediaType.TEXT_PLAIN_VALUE)
                            || lowerContent.contains(MediaType.TEXT_HTML_VALUE)
                            || lowerContent.contains("boundary=");
            int headerCount = 0;
            if (hasFrom) headerCount++;
            if (hasSubject) headerCount++;
            if (hasMessageId) headerCount++;
            if (hasDate) headerCount++;
            if (hasTo) headerCount++;
            return headerCount < MIN_HEADER_COUNT_FOR_VALID_EML && !hasMimeStructure;
        } catch (RuntimeException e) {
            return false;
        }
    }
    public static String generateEnhancedEmailHtml(
            EmlParser.EmailContent content,
            EmlToPdfRequest request,
            CustomHtmlSanitizer customHtmlSanitizer) {
        StringBuilder html = new StringBuilder();
        html.append(
                String.format(
                        """
                <!DOCTYPE html>
                <html lang="en"><head><meta charset="UTF-8">
                <title>%s</title>
                <style>
                """,
                        sanitizeText(content.getSubject(), customHtmlSanitizer)));
        appendEnhancedStyles(html);
        html.append(
                """
                </style>
                </head><body>
                """);
        html.append(
                String.format(
                        """
                <div class="email-container">
                <div class="email-header">
                <h1>%s</h1>
                <div class="email-meta">
                <div><strong>From:</strong> %s</div>
                <div><strong>To:</strong> %s</div>
                """,
                        sanitizeText(content.getSubject(), customHtmlSanitizer),
                        sanitizeText(content.getFrom(), customHtmlSanitizer),
                        sanitizeText(content.getTo(), customHtmlSanitizer)));
        if (content.getCc() != null && !content.getCc().trim().isEmpty()) {
            html.append(
                    String.format(
                            "<div><strong>CC:</strong> %s</div>\n",
                            sanitizeText(content.getCc(), customHtmlSanitizer)));
        }
        if (content.getBcc() != null && !content.getBcc().trim().isEmpty()) {
            html.append(
                    String.format(
                            "<div><strong>BCC:</strong> %s</div>\n",
                            sanitizeText(content.getBcc(), customHtmlSanitizer)));
        }
        if (content.getDate() != null) {
            html.append(
                    String.format(
                            "<div><strong>Date:</strong> %s</div>\n",
                            PdfAttachmentHandler.formatEmailDate(content.getDate())));
        } else if (content.getDateString() != null && !content.getDateString().trim().isEmpty()) {
            html.append(
                    String.format(
                            "<div><strong>Date:</strong> %s</div>\n",
                            sanitizeText(content.getDateString(), customHtmlSanitizer)));
        }
        html.append("</div></div>\n");
        html.append("<div class=\"email-body\">\n");
        if (content.getHtmlBody() != null && !content.getHtmlBody().trim().isEmpty()) {
            String processedHtml =
                    processEmailHtmlBody(content.getHtmlBody(), content, customHtmlSanitizer);
            html.append(processedHtml);
        } else if (content.getTextBody() != null && !content.getTextBody().trim().isEmpty()) {
            html.append(
                    String.format(
                            "<div class=\"text-body\">%s</div>",
                            convertTextToHtml(content.getTextBody(), customHtmlSanitizer)));
        } else {
            html.append("<div class=\"no-content\"><p><em>No content available</em></p></div>");
        }
        html.append("</div>\n");
        if (content.getAttachmentCount() > 0 || !content.getAttachments().isEmpty()) {
            appendAttachmentsSection(html, content, request, customHtmlSanitizer);
        }
        html.append("</div>\n</body></html>");
        return html.toString();
    }
    public static String processEmailHtmlBody(
            String htmlBody,
            EmlParser.EmailContent emailContent,
            CustomHtmlSanitizer customHtmlSanitizer) {
        if (htmlBody == null) return "";
        String processed =
                customHtmlSanitizer != null ? customHtmlSanitizer.sanitize(htmlBody) : htmlBody;
        processed = processed.replaceAll("(?i)\\s*position\\s*:\\s*fixed[^;]*;?", "");
        processed = processed.replaceAll("(?i)\\s*position\\s*:\\s*absolute[^;]*;?", "");
        if (emailContent != null && !emailContent.getAttachments().isEmpty()) {
            processed = PdfAttachmentHandler.processInlineImages(processed, emailContent);
        }
        return processed;
    }
    public static String convertTextToHtml(
            String textBody, CustomHtmlSanitizer customHtmlSanitizer) {
        if (textBody == null) return "";
        String html =
                customHtmlSanitizer != null
                        ? customHtmlSanitizer.sanitize(textBody)
                        : escapeHtml(textBody);
        html = html.replace("\r\n", "\n").replace("\r", "\n");
        html = html.replace("\n", "<br>\n");
        html =
                html.replaceAll(
                        "(https?://[\\w\\-._~:/?#\\[\\]@!$&'()*+,;=%]+)",
                        "<a href=\"$1\" style=\"color: #1a73e8; text-decoration: underline;\">$1</a>");
        html =
                html.replaceAll(
                        "([a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,63})",
                        "<a href=\"mailto:$1\" style=\"color: #1a73e8; text-decoration: underline;\">$1</a>");
        return html;
    }
    private static void appendEnhancedStyles(StringBuilder html) {
        String css =
                String.format(
                        """
                body {
                  font-family: %s;
                  font-size: %dpx;
                  line-height: %s;
                  color: %s;
                  margin: 0;
                  padding: 16px;
                  background-color: %s;
                }
                .email-container {
                  width: 100%%;
                  max-width: 100%%;
                  margin: 0 auto;
                }
                .email-header {
                  padding-bottom: 10px;
                  border-bottom: 1px solid %s;
                  margin-bottom: 10px;
                }
                .email-header h1 {
                  margin: 0 0 10px 0;
                  font-size: %dpx;
                  font-weight: bold;
                }
                .email-meta div {
                  margin-bottom: 2px;
                  font-size: %dpx;
                }
                .email-body {
                  word-wrap: break-word;
                }
                .attachment-section {
                  margin-top: 15px;
                  padding: 10px;
                  background-color: %s;
                  border: 1px solid %s;
                  border-radius: 3px;
                }
                .attachment-section h3 {
                  margin: 0 0 8px 0;
                  font-size: %dpx;
                }
                .attachment-item {
                  padding: 5px 0;
                }
                .attachment-icon {
                  margin-right: 5px;
                }
                .attachment-details, .attachment-type {
                  font-size: %dpx;
                  color: #555555;
                }
                .attachment-inclusion-note, .attachment-info-note {
                  margin-top: 8px;
                  padding: 6px;
                  font-size: %dpx;
                  border-radius: 3px;
                }
                .attachment-inclusion-note {
                  background-color: #e6ffed;
                  border: 1px solid #d4f7dc;
                  color: #006420;
                }
                .attachment-info-note {
                  background-color: #fff9e6;
                  border: 1px solid #fff0c2;
                  color: #664d00;
                }
                .attachment-link-container {
                  display: flex;
                  align-items: center;
                  padding: 8px;
                  background-color: #f8f9fa;
                  border: 1px solid #dee2e6;
                  border-radius: 4px;
                  margin: 4px 0;
                }
                .attachment-link-container:hover {
                  background-color: #e9ecef;
                }
                .attachment-note {
                  font-size: %dpx;
                  color: #6c757d;
                  font-style: italic;
                  margin-left: 8px;
                }
                .no-content {
                  padding: 20px;
                  text-align: center;
                  color: #666;
                  font-style: italic;
                }
                .text-body {
                  white-space: pre-wrap;
                }
                img {
                  max-width: 100%%;
                  height: auto;
                  display: block;
                }
                """,
                        DEFAULT_FONT_FAMILY,
                        DEFAULT_FONT_SIZE,
                        DEFAULT_LINE_HEIGHT,
                        DEFAULT_TEXT_COLOR,
                        DEFAULT_BACKGROUND_COLOR,
                        DEFAULT_BORDER_COLOR,
                        DEFAULT_FONT_SIZE + 4,
                        DEFAULT_FONT_SIZE - 1,
                        ATTACHMENT_BACKGROUND_COLOR,
                        ATTACHMENT_BORDER_COLOR,
                        DEFAULT_FONT_SIZE + 1,
                        DEFAULT_FONT_SIZE - 2,
                        DEFAULT_FONT_SIZE - 2,
                        DEFAULT_FONT_SIZE - 3);
        html.append(css);
    }
    private static void appendAttachmentsSection(
            StringBuilder html,
            EmlParser.EmailContent content,
            EmlToPdfRequest request,
            CustomHtmlSanitizer customHtmlSanitizer) {
        html.append("<div class=\"attachment-section\">\n");
        int displayedAttachmentCount =
                content.getAttachmentCount() > 0
                        ? content.getAttachmentCount()
                        : content.getAttachments().size();
        html.append("<h3>Attachments (").append(displayedAttachmentCount).append(")</h3>\n");
        if (!content.getAttachments().isEmpty()) {
            for (int i = 0; i < content.getAttachments().size(); i++) {
                EmlParser.EmailAttachment attachment = content.getAttachments().get(i);
                String embeddedFilename =
                        attachment.getFilename() != null
                                ? attachment.getFilename()
                                : ("attachment_" + i);
                attachment.setEmbeddedFilename(embeddedFilename);
                String sizeStr = GeneralUtils.formatBytes(attachment.getSizeBytes());
                String contentType =
                        attachment.getContentType() != null
                                        && !attachment.getContentType().isEmpty()
                                ? ", " + escapeHtml(attachment.getContentType())
                                : "";
                String attachmentId = "attachment_" + i;
                html.append(
                        String.format(
                                """
                        <div class="attachment-item" id="%s">
                        <span class="attachment-icon" data-filename="%s">@</span>
                        <span class="attachment-name">%s</span>
                        <span class="attachment-details">(%s%s)</span>
                        </div>
                        """,
                                attachmentId,
                                escapeHtml(embeddedFilename),
                                escapeHtml(EmlParser.safeMimeDecode(attachment.getFilename())),
                                sizeStr,
                                contentType));
            }
        }
        if (request != null && request.isIncludeAttachments()) {
            html.append(
                    """
                    <div class="attachment-info-note">
                    <p><em>Attachments are embedded in the file.</em></p>
                    </div>
                    """);
        } else {
            html.append(
                    """
                    <div class="attachment-info-note">
                    <p><em>Attachment information displayed - files not included in PDF.</em></p>
                    </div>
                    """);
        }
        html.append("</div>\n");
    }
    public static HTMLToPdfRequest createHtmlRequest(EmlToPdfRequest request) {
        HTMLToPdfRequest htmlRequest = new HTMLToPdfRequest();
        if (request != null) {
            htmlRequest.setFileInput(request.getFileInput());
        }
        htmlRequest.setZoom(Float.parseFloat(DEFAULT_ZOOM));
        return htmlRequest;
    }
    public static String detectMimeType(String filename, String existingMimeType) {
        if (existingMimeType != null && !existingMimeType.isEmpty()) {
            return existingMimeType;
        }
        if (filename != null) {
            String lowerFilename = filename.toLowerCase();
            for (Map.Entry<String, String> entry : EXTENSION_TO_MIME_TYPE.entrySet()) {
                if (lowerFilename.endsWith(entry.getKey())) {
                    return entry.getValue();
                }
            }
        }
        return MediaType.IMAGE_PNG_VALUE; // Default MIME type
    }
    public static String decodeUrlEncoded(String encoded) {
        try {
            return java.net.URLDecoder.decode(encoded, StandardCharsets.UTF_8);
        } catch (Exception e) {
            return encoded; // Return original if decoding fails
        }
    }
    public static String decodeMimeHeader(String encodedText) {
        if (encodedText == null || encodedText.trim().isEmpty()) {
            return encodedText;
        }
        try {
            StringBuilder result = new StringBuilder();
            Pattern concatenatedPattern =
                    Pattern.compile(
                            "(=\\?[^?]+\\?[BbQq]\\?[^?]*\\?=)(\\s*=\\?[^?]+\\?[BbQq]\\?[^?]*\\?=)+");
            Matcher concatenatedMatcher = concatenatedPattern.matcher(encodedText);
            String processedText =
                    concatenatedMatcher.replaceAll(
                            match -> match.group().replaceAll("\\s+(?==\\?)", ""));
            Pattern mimePattern = Pattern.compile("=\\?([^?]+)\\?([BbQq])\\?([^?]*)\\?=");
            Matcher matcher = mimePattern.matcher(processedText);
            int lastEnd = 0;
            while (matcher.find()) {
                result.append(processedText, lastEnd, matcher.start());
                String charset = matcher.group(1);
                String encoding = matcher.group(2).toUpperCase();
                String encodedValue = matcher.group(3);
                try {
                    String decodedValue =
                            switch (encoding) {
                                case "B" -> {
                                    String cleanBase64 = encodedValue.replaceAll("\\s", "");
                                    byte[] decodedBytes = Base64.getDecoder().decode(cleanBase64);
                                    Charset targetCharset;
                                    try {
                                        targetCharset = Charset.forName(charset);
                                    } catch (Exception e) {
                                        targetCharset = StandardCharsets.UTF_8;
                                    }
                                    yield new String(decodedBytes, targetCharset);
                                }
                                case "Q" -> decodeQuotedPrintable(encodedValue, charset);
                                default -> matcher.group(0); // Return original if unknown encoding
                            };
                    result.append(decodedValue);
                } catch (RuntimeException e) {
                    result.append(matcher.group(0)); // Keep original on decode error
                }
                lastEnd = matcher.end();
            }
            result.append(processedText.substring(lastEnd));
            return result.toString();
        } catch (Exception e) {
            return encodedText; // Return original on any parsing error
        }
    }
    private static String decodeQuotedPrintable(String encodedText, String charset) {
        StringBuilder result = new StringBuilder();
        for (int i = 0; i < encodedText.length(); i++) {
            char c = encodedText.charAt(i);
            switch (c) {
                case '=' -> {
                    if (i + 2 < encodedText.length()) {
                        String hex = encodedText.substring(i + 1, i + 3);
                        try {
                            int value = Integer.parseInt(hex, 16);
                            result.append((char) value);
                            i += 2;
                        } catch (NumberFormatException e) {
                            result.append(c);
                        }
                    } else if (i + 1 == encodedText.length()
                            || (i + 2 == encodedText.length()
                                    && encodedText.charAt(i + 1) == '\n')) {
                        if (i + 1 < encodedText.length() && encodedText.charAt(i + 1) == '\n') {
                            i++; // Skip the newline too
                        }
                    } else {
                        result.append(c);
                    }
                }
                case '_' -> result.append(' '); // Space encoding in Q encoding
                default -> result.append(c);
            }
        }
        byte[] bytes = result.toString().getBytes(StandardCharsets.ISO_8859_1);
        try {
            Charset targetCharset = Charset.forName(charset);
            return new String(bytes, targetCharset);
        } catch (Exception e) {
            try {
                return new String(bytes, StandardCharsets.UTF_8);
            } catch (Exception fallbackException) {
                return new String(bytes, StandardCharsets.ISO_8859_1);
            }
        }
    }
    public static String escapeHtml(String text) {
        if (text == null) return "";
        return text.replace("&", "&amp;")
                .replace("<", "&lt;")
                .replace(">", "&gt;")
                .replace("\"", "&quot;")
                .replace("'", "&#39;");
    }
    public static String sanitizeText(String text, CustomHtmlSanitizer customHtmlSanitizer) {
        if (customHtmlSanitizer != null) {
            return customHtmlSanitizer.sanitize(text);
        } else {
            return escapeHtml(text);
        }
    }
    public static String simplifyHtmlContent(String htmlContent) {
        String simplified = htmlContent.replaceAll("(?i)<script[^>]*>.*?</script>", "");
        simplified = simplified.replaceAll("(?i)<style[^>]*>.*?</style>", "");
        return simplified;
    }
 }
--- a/app/common/src/main/java/stirling/software/common/util/EmlToPdf.java
+++ b/app/common/src/main/java/stirling/software/common/util/EmlToPdf.java
@ -1,103 +0,0 @@
 package stirling.software.common.util;
 import java.io.IOException;
 import java.nio.charset.StandardCharsets;
 import lombok.experimental.UtilityClass;
 import stirling.software.common.model.api.converters.EmlToPdfRequest;
 import stirling.software.common.service.CustomPDFDocumentFactory;
@UtilityClass
 public class EmlToPdf {
    public static String convertEmlToHtml(byte[] emlBytes, EmlToPdfRequest request)
            throws IOException {
        EmlProcessingUtils.validateEmlInput(emlBytes);
        EmlParser.EmailContent emailContent =
                EmlParser.extractEmailContent(emlBytes, request, null);
        return EmlProcessingUtils.generateEnhancedEmailHtml(emailContent, request, null);
    }
    public static byte[] convertEmlToPdf(
            String weasyprintPath,
            EmlToPdfRequest request,
            byte[] emlBytes,
            String fileName,
            CustomPDFDocumentFactory pdfDocumentFactory,
            TempFileManager tempFileManager,
            CustomHtmlSanitizer customHtmlSanitizer)
            throws IOException, InterruptedException {
        EmlProcessingUtils.validateEmlInput(emlBytes);
        try {
            EmlParser.EmailContent emailContent =
                    EmlParser.extractEmailContent(emlBytes, request, customHtmlSanitizer);
            String htmlContent =
                    EmlProcessingUtils.generateEnhancedEmailHtml(
                            emailContent, request, customHtmlSanitizer);
            byte[] pdfBytes =
                    convertHtmlToPdf(
                            weasyprintPath,
                            request,
                            htmlContent,
                            tempFileManager,
                            customHtmlSanitizer);
            if (shouldAttachFiles(emailContent, request)) {
                pdfBytes =
                        PdfAttachmentHandler.attachFilesToPdf(
                                pdfBytes, emailContent.getAttachments(), pdfDocumentFactory);
            }
            return pdfBytes;
        } catch (IOException | InterruptedException e) {
            throw e;
        } catch (Exception e) {
            throw new IOException("Error converting EML to PDF", e);
        }
    }
    private static boolean shouldAttachFiles(
            EmlParser.EmailContent emailContent, EmlToPdfRequest request) {
        return emailContent != null
                && request != null
                && request.isIncludeAttachments()
                && !emailContent.getAttachments().isEmpty();
    }
    private static byte[] convertHtmlToPdf(
            String weasyprintPath,
            EmlToPdfRequest request,
            String htmlContent,
            TempFileManager tempFileManager,
            CustomHtmlSanitizer customHtmlSanitizer)
            throws IOException, InterruptedException {
        var htmlRequest = EmlProcessingUtils.createHtmlRequest(request);
        try {
            return FileToPdf.convertHtmlToPdf(
                    weasyprintPath,
                    htmlRequest,
                    htmlContent.getBytes(StandardCharsets.UTF_8),
                    "email.html",
                    tempFileManager,
                    customHtmlSanitizer);
        } catch (IOException | InterruptedException e) {
            String simplifiedHtml = EmlProcessingUtils.simplifyHtmlContent(htmlContent);
            return FileToPdf.convertHtmlToPdf(
                    weasyprintPath,
                    htmlRequest,
                    simplifiedHtml.getBytes(StandardCharsets.UTF_8),
                    "email.html",
                    tempFileManager,
                    customHtmlSanitizer);
        }
    }
 }
--- a/app/common/src/main/java/stirling/software/common/util/ExceptionUtils.java
+++ b/app/common/src/main/java/stirling/software/common/util/ExceptionUtils.java
@ -1,327 +0,0 @@
 package stirling.software.common.util;
 import java.io.IOException;
 import java.text.MessageFormat;
 import lombok.extern.slf4j.Slf4j;
 /**
 * Utility class for handling exceptions with internationalized error messages. Provides consistent
 * error handling and user-friendly messages across the application.
 */
@Slf4j
 public class ExceptionUtils {
    /**
     * Create an IOException with internationalized message for PDF corruption.
     *
     * @param cause the original exception
     * @return IOException with user-friendly message
     */
    public static IOException createPdfCorruptedException(Exception cause) {
        return createPdfCorruptedException(null, cause);
    }
    /**
     * Create an IOException with internationalized message for PDF corruption with context.
     *
     * @param context additional context (e.g., "during merge", "during image extraction")
     * @param cause the original exception
     * @return IOException with user-friendly message
     */
    public static IOException createPdfCorruptedException(String context, Exception cause) {
        String message;
        if (context != null && !context.isEmpty()) {
            message =
                    String.format(
                            "Error %s: PDF file appears to be corrupted or damaged. Please try using the 'Repair PDF' feature first to fix the file before proceeding with this operation.",
                            context);
        } else {
            message =
                    "PDF file appears to be corrupted or damaged. Please try using the 'Repair PDF' feature first to fix the file before proceeding with this operation.";
        }
        return new IOException(message, cause);
    }
    /**
     * Create an IOException with internationalized message for multiple corrupted PDFs.
     *
     * @param cause the original exception
     * @return IOException with user-friendly message
     */
    public static IOException createMultiplePdfCorruptedException(Exception cause) {
        String message =
                "One or more PDF files appear to be corrupted or damaged. Please try using the 'Repair PDF' feature on each file first before attempting to merge them.";
        return new IOException(message, cause);
    }
    /**
     * Create an IOException with internationalized message for PDF encryption issues.
     *
     * @param cause the original exception
     * @return IOException with user-friendly message
     */
    public static IOException createPdfEncryptionException(Exception cause) {
        String message =
                "The PDF appears to have corrupted encryption data. This can happen when the PDF was created with incompatible encryption methods. Please try using the 'Repair PDF' feature first, or contact the document creator for a new copy.";
        return new IOException(message, cause);
    }
    /**
     * Create an IOException with internationalized message for PDF password issues.
     *
     * @param cause the original exception
     * @return IOException with user-friendly message
     */
    public static IOException createPdfPasswordException(Exception cause) {
        String message =
                "The PDF Document is passworded and either the password was not provided or was incorrect";
        return new IOException(message, cause);
    }
    /**
     * Create an IOException with internationalized message for file processing errors.
     *
     * @param operation the operation being performed (e.g., "merge", "split", "convert")
     * @param cause the original exception
     * @return IOException with user-friendly message
     */
    public static IOException createFileProcessingException(String operation, Exception cause) {
        String message =
                String.format(
                        "An error occurred while processing the file during %s operation: %s",
                        operation, cause.getMessage());
        return new IOException(message, cause);
    }
    /**
     * Create a generic IOException with internationalized message.
     *
     * @param messageKey the i18n message key
     * @param defaultMessage the default message if i18n is not available
     * @param cause the original exception
     * @param args optional arguments for the message
     * @return IOException with user-friendly message
     */
    public static IOException createIOException(
            String messageKey, String defaultMessage, Exception cause, Object... args) {
        String message = MessageFormat.format(defaultMessage, args);
        return new IOException(message, cause);
    }
    /**
     * Create a generic RuntimeException with internationalized message.
     *
     * @param messageKey the i18n message key
     * @param defaultMessage the default message if i18n is not available
     * @param cause the original exception
     * @param args optional arguments for the message
     * @return RuntimeException with user-friendly message
     */
    public static RuntimeException createRuntimeException(
            String messageKey, String defaultMessage, Exception cause, Object... args) {
        String message = MessageFormat.format(defaultMessage, args);
        return new RuntimeException(message, cause);
    }
    /**
     * Create an IllegalArgumentException with internationalized message.
     *
     * @param messageKey the i18n message key
     * @param defaultMessage the default message if i18n is not available
     * @param args optional arguments for the message
     * @return IllegalArgumentException with user-friendly message
     */
    public static IllegalArgumentException createIllegalArgumentException(
            String messageKey, String defaultMessage, Object... args) {
        String message = MessageFormat.format(defaultMessage, args);
        return new IllegalArgumentException(message);
    }
    /** Create file validation exceptions. */
    public static IllegalArgumentException createHtmlFileRequiredException() {
        return createIllegalArgumentException(
                "error.fileFormatRequired", "File must be in {0} format", "HTML or ZIP");
    }
    public static IllegalArgumentException createPdfFileRequiredException() {
        return createIllegalArgumentException(
                "error.fileFormatRequired", "File must be in {0} format", "PDF");
    }
    public static IllegalArgumentException createInvalidPageSizeException(String size) {
        return createIllegalArgumentException(
                "error.invalidFormat", "Invalid {0} format: {1}", "page size", size);
    }
    /** Create OCR-related exceptions. */
    public static IOException createOcrLanguageRequiredException() {
        return createIOException(
                "error.optionsNotSpecified", "{0} options are not specified", null, "OCR language");
    }
    public static IOException createOcrInvalidLanguagesException() {
        return createIOException(
                "error.invalidFormat",
                "Invalid {0} format: {1}",
                null,
                "OCR languages",
                "none of the selected languages are valid");
    }
    public static IOException createOcrToolsUnavailableException() {
        return createIOException(
                "error.toolNotInstalled", "{0} is not installed", null, "OCR tools");
    }
    /** Create system requirement exceptions. */
    public static IOException createPythonRequiredForWebpException() {
        return createIOException(
                "error.toolRequired", "{0} is required for {1}", null, "Python", "WebP conversion");
    }
    /** Create file operation exceptions. */
    public static IOException createFileNotFoundException(String fileId) {
        return createIOException("error.fileNotFound", "File not found with ID: {0}", null, fileId);
    }
    public static RuntimeException createPdfaConversionFailedException() {
        return createRuntimeException(
                "error.conversionFailed", "{0} conversion failed", null, "PDF/A");
    }
    public static IllegalArgumentException createInvalidComparatorException() {
        return createIllegalArgumentException(
                "error.invalidFormat",
                "Invalid {0} format: {1}",
                "comparator",
                "only 'greater', 'equal', and 'less' are supported");
    }
    /** Create compression-related exceptions. */
    public static RuntimeException createMd5AlgorithmException(Exception cause) {
        return createRuntimeException(
                "error.algorithmNotAvailable", "{0} algorithm not available", cause, "MD5");
    }
    public static IllegalArgumentException createCompressionOptionsException() {
        return createIllegalArgumentException(
                "error.optionsNotSpecified",
                "{0} options are not specified",
                "compression (expected output size and optimize level)");
    }
    public static IOException createGhostscriptCompressionException() {
        return createIOException(
                "error.commandFailed", "{0} command failed", null, "Ghostscript compression");
    }
    public static IOException createGhostscriptCompressionException(Exception cause) {
        return createIOException(
                "error.commandFailed", "{0} command failed", cause, "Ghostscript compression");
    }
    public static IOException createQpdfCompressionException(Exception cause) {
        return createIOException("error.commandFailed", "{0} command failed", cause, "QPDF");
    }
    /**
     * Check if an exception indicates a corrupted PDF and wrap it with appropriate message.
     *
     * @param e the exception to check
     * @return the original exception if not PDF corruption, or a new IOException with user-friendly
     *     message
     */
    public static IOException handlePdfException(IOException e) {
        return handlePdfException(e, null);
    }
    /**
     * Check if an exception indicates a corrupted PDF and wrap it with appropriate message.
     *
     * @param e the exception to check
     * @param context additional context for the error
     * @return the original exception if not PDF corruption, or a new IOException with user-friendly
     *     message
     */
    public static IOException handlePdfException(IOException e, String context) {
        if (PdfErrorUtils.isCorruptedPdfError(e)) {
            return createPdfCorruptedException(context, e);
        }
        if (isEncryptionError(e)) {
            return createPdfEncryptionException(e);
        }
        if (isPasswordError(e)) {
            return createPdfPasswordException(e);
        }
        return e; // Return original exception if no specific handling needed
    }
    /**
     * Check if an exception indicates a PDF encryption/decryption error.
     *
     * @param e the exception to check
     * @return true if it's an encryption error, false otherwise
     */
    public static boolean isEncryptionError(IOException e) {
        String message = e.getMessage();
        if (message == null) return false;
        return message.contains("BadPaddingException")
                || message.contains("Given final block not properly padded")
                || message.contains("AES initialization vector not fully read")
                || message.contains("Failed to decrypt");
    }
    /**
     * Check if an exception indicates a PDF password error.
     *
     * @param e the exception to check
     * @return true if it's a password error, false otherwise
     */
    public static boolean isPasswordError(IOException e) {
        String message = e.getMessage();
        if (message == null) return false;
        return message.contains("password is incorrect")
                || message.contains("Password is not provided")
                || message.contains("PDF contains an encryption dictionary");
    }
    /**
     * Log an exception with appropriate level based on its type.
     *
     * @param operation the operation being performed
     * @param e the exception that occurred
     */
    public static void logException(String operation, Exception e) {
        if (PdfErrorUtils.isCorruptedPdfError(e)) {
            log.warn("PDF corruption detected during {}: {}", operation, e.getMessage());
        } else if (e instanceof IOException
                && (isEncryptionError((IOException) e) || isPasswordError((IOException) e))) {
            log.info("PDF security issue during {}: {}", operation, e.getMessage());
        } else {
            log.error("Unexpected error during {}", operation, e);
        }
    }
    /** Create common validation exceptions. */
    public static IllegalArgumentException createInvalidArgumentException(String argumentName) {
        return createIllegalArgumentException(
                "error.invalidArgument", "Invalid argument: {0}", argumentName);
    }
    public static IllegalArgumentException createInvalidArgumentException(
            String argumentName, String value) {
        return createIllegalArgumentException(
                "error.invalidFormat", "Invalid {0} format: {1}", argumentName, value);
    }
    public static IllegalArgumentException createNullArgumentException(String argumentName) {
        return createIllegalArgumentException(
                "error.argumentRequired", "{0} must not be null", argumentName);
    }
 }
--- a/app/common/src/main/java/stirling/software/common/util/ExecutorFactory.java
+++ b/app/common/src/main/java/stirling/software/common/util/ExecutorFactory.java
@ -1,31 +0,0 @@
 package stirling.software.common.util;
 import java.util.concurrent.ExecutorService;
 import java.util.concurrent.Executors;
 import lombok.extern.slf4j.Slf4j;
@Slf4j
 public class ExecutorFactory {
    /**
     * Creates an ExecutorService using virtual threads if available (Java 21+), or falls back to a
     * cached thread pool on older Java versions.
     */
    public static ExecutorService newVirtualOrCachedThreadExecutor() {
        try {
            ExecutorService executor =
                    (ExecutorService)
                            Executors.class
                                    .getMethod("newVirtualThreadPerTaskExecutor")
                                    .invoke(null);
            return executor;
        } catch (NoSuchMethodException e) {
            log.debug("Virtual threads not available; falling back to cached thread pool.");
        } catch (Exception e) {
            log.debug("Error initializing virtual thread executor: {}", e.getMessage(), e);
        }
        return Executors.newCachedThreadPool();
    }
 }
--- a/app/common/src/main/java/stirling/software/common/util/FileToPdf.java
+++ b/app/common/src/main/java/stirling/software/common/util/FileToPdf.java
@ -1,219 +0,0 @@
 package stirling.software.common.util;
 import java.io.*;
 import java.nio.charset.StandardCharsets;
 import java.nio.file.FileVisitResult;
 import java.nio.file.Files;
 import java.nio.file.Path;
 import java.nio.file.SimpleFileVisitor;
 import java.nio.file.attribute.BasicFileAttributes;
 import java.util.ArrayList;
 import java.util.List;
 import java.util.stream.Stream;
 import java.util.zip.ZipEntry;
 import java.util.zip.ZipInputStream;
 import java.util.zip.ZipOutputStream;
 import io.github.pixee.security.ZipSecurity;
 import stirling.software.common.model.api.converters.HTMLToPdfRequest;
 import stirling.software.common.util.ProcessExecutor.ProcessExecutorResult;
 public class FileToPdf {
    public static byte[] convertHtmlToPdf(
            String weasyprintPath,
            HTMLToPdfRequest request,
            byte[] fileBytes,
            String fileName,
            TempFileManager tempFileManager,
            CustomHtmlSanitizer customHtmlSanitizer)
            throws IOException, InterruptedException {
        try (TempFile tempOutputFile = new TempFile(tempFileManager, ".pdf")) {
            try (TempFile tempInputFile =
                    new TempFile(
                            tempFileManager,
                            fileName.toLowerCase().endsWith(".html") ? ".html" : ".zip")) {
                if (fileName.toLowerCase().endsWith(".html")) {
                    String sanitizedHtml =
                            sanitizeHtmlContent(
                                    new String(fileBytes, StandardCharsets.UTF_8),
                                    customHtmlSanitizer);
                    Files.write(
                            tempInputFile.getPath(),
                            sanitizedHtml.getBytes(StandardCharsets.UTF_8));
                } else if (fileName.toLowerCase().endsWith(".zip")) {
                    Files.write(tempInputFile.getPath(), fileBytes);
                    sanitizeHtmlFilesInZip(
                            tempInputFile.getPath(), tempFileManager, customHtmlSanitizer);
                } else {
                    throw ExceptionUtils.createHtmlFileRequiredException();
                }
                List<String> command = new ArrayList<>();
                command.add(weasyprintPath);
                command.add("-e");
                command.add("utf-8");
                command.add("-v");
                command.add("--pdf-forms");
                command.add(tempInputFile.getAbsolutePath());
                command.add(tempOutputFile.getAbsolutePath());
                ProcessExecutorResult returnCode =
                        ProcessExecutor.getInstance(ProcessExecutor.Processes.WEASYPRINT)
                                .runCommandWithOutputHandling(command);
                byte[] pdfBytes = Files.readAllBytes(tempOutputFile.getPath());
                try {
                    return pdfBytes;
                } catch (Exception e) {
                    pdfBytes = Files.readAllBytes(tempOutputFile.getPath());
                    if (pdfBytes.length < 1) {
                        throw e;
                    }
                    return pdfBytes;
                }
            } // tempInputFile auto-closed
        } // tempOutputFile auto-closed
    }
    private static String sanitizeHtmlContent(
            String htmlContent, CustomHtmlSanitizer customHtmlSanitizer) {
        return customHtmlSanitizer.sanitize(htmlContent);
    }
    private static void sanitizeHtmlFilesInZip(
            Path zipFilePath,
            TempFileManager tempFileManager,
            CustomHtmlSanitizer customHtmlSanitizer)
            throws IOException {
        try (TempDirectory tempUnzippedDir = new TempDirectory(tempFileManager)) {
            try (ZipInputStream zipIn =
                    ZipSecurity.createHardenedInputStream(
                            new ByteArrayInputStream(Files.readAllBytes(zipFilePath)))) {
                ZipEntry entry = zipIn.getNextEntry();
                while (entry != null) {
                    Path filePath =
                            tempUnzippedDir.getPath().resolve(sanitizeZipFilename(entry.getName()));
                    if (!entry.isDirectory()) {
                        Files.createDirectories(filePath.getParent());
                        if (entry.getName().toLowerCase().endsWith(".html")
                                || entry.getName().toLowerCase().endsWith(".htm")) {
                            String content =
                                    new String(zipIn.readAllBytes(), StandardCharsets.UTF_8);
                            String sanitizedContent =
                                    sanitizeHtmlContent(content, customHtmlSanitizer);
                            Files.write(
                                    filePath, sanitizedContent.getBytes(StandardCharsets.UTF_8));
                        } else {
                            Files.copy(zipIn, filePath);
                        }
                    }
                    zipIn.closeEntry();
                    entry = zipIn.getNextEntry();
                }
            }
            // Repack the sanitized files
            zipDirectory(tempUnzippedDir.getPath(), zipFilePath);
        } // tempUnzippedDir auto-cleaned
    }
    private static void zipDirectory(Path sourceDir, Path zipFilePath) throws IOException {
        try (ZipOutputStream zos =
                new ZipOutputStream(new FileOutputStream(zipFilePath.toFile()))) {
            try (Stream<Path> walk = Files.walk(sourceDir)) {
                walk.filter(path -> !Files.isDirectory(path))
                        .forEach(
                                path -> {
                                    ZipEntry zipEntry =
                                            new ZipEntry(sourceDir.relativize(path).toString());
                                    try {
                                        zos.putNextEntry(zipEntry);
                                        Files.copy(path, zos);
                                        zos.closeEntry();
                                    } catch (IOException e) {
                                        throw new UncheckedIOException(e);
                                    }
                                });
            }
        }
    }
    private static void deleteDirectory(Path dir) throws IOException {
        Files.walkFileTree(
                dir,
                new SimpleFileVisitor<Path>() {
                    @Override
                    public FileVisitResult visitFile(Path file, BasicFileAttributes attrs)
                            throws IOException {
                        Files.delete(file);
                        return FileVisitResult.CONTINUE;
                    }
                    @Override
                    public FileVisitResult postVisitDirectory(Path dir, IOException exc)
                            throws IOException {
                        Files.delete(dir);
                        return FileVisitResult.CONTINUE;
                    }
                });
    }
    private static Path unzipAndGetMainHtml(byte[] fileBytes) throws IOException {
        Path tempDirectory = Files.createTempDirectory("unzipped_");
        try (ZipInputStream zipIn =
                ZipSecurity.createHardenedInputStream(new ByteArrayInputStream(fileBytes))) {
            ZipEntry entry = zipIn.getNextEntry();
            while (entry != null) {
                Path filePath = tempDirectory.resolve(sanitizeZipFilename(entry.getName()));
                if (entry.isDirectory()) {
                    Files.createDirectories(filePath); // Explicitly create the directory structure
                } else {
                    Files.createDirectories(
                            filePath.getParent()); // Create parent directories if they don't exist
                    Files.copy(zipIn, filePath);
                }
                zipIn.closeEntry();
                entry = zipIn.getNextEntry();
            }
        }
        // Search for the main HTML file.
        try (Stream<Path> walk = Files.walk(tempDirectory)) {
            List<Path> htmlFiles = walk.filter(file -> file.toString().endsWith(".html")).toList();
            if (htmlFiles.isEmpty()) {
                throw new IOException("No HTML files found in the unzipped directory.");
            }
            // Prioritize 'index.html' if it exists, otherwise use the first .html file
            for (Path htmlFile : htmlFiles) {
                if ("index.html".equals(htmlFile.getFileName().toString())) {
                    return htmlFile;
                }
            }
            return htmlFiles.get(0);
        }
    }
    static String sanitizeZipFilename(String entryName) {
        if (entryName == null || entryName.trim().isEmpty()) {
            return "";
        }
        // Remove any drive letters (e.g., "C:\") and leading forward/backslashes
        entryName = entryName.replaceAll("^[a-zA-Z]:[\\\\/]+", "");
        entryName = entryName.replaceAll("^[\\\\/]+", "");
        // Recursively remove path traversal sequences
        while (entryName.contains("../") || entryName.contains("..\\")) {
            entryName = entryName.replace("../", "").replace("..\\", "");
        }
        // Normalize all backslashes to forward slashes
        entryName = entryName.replaceAll("\\\\", "/");
        return entryName;
    }
 }
--- a/app/common/src/main/java/stirling/software/common/util/PDFService.java
+++ b/app/common/src/main/java/stirling/software/common/util/PDFService.java
@ -1,35 +0,0 @@
 package stirling.software.common.util;
 import java.io.IOException;
 import java.util.List;
 import org.apache.pdfbox.multipdf.PDFMergerUtility;
 import org.apache.pdfbox.pdmodel.PDDocument;
 import org.springframework.stereotype.Service;
 import lombok.RequiredArgsConstructor;
 import stirling.software.common.service.CustomPDFDocumentFactory;
@Service
@RequiredArgsConstructor
 public class PDFService {
    private final CustomPDFDocumentFactory pdfDocumentFactory;
    /*
     * Merge multiple PDF documents into a single PDF document
     *
     * @param documents List of PDDocument to be merged
     * @return Merged PDDocument
     * @throws IOException If an error occurs during merging
     */
    public PDDocument mergeDocuments(List<PDDocument> documents) throws IOException {
        PDDocument merged = pdfDocumentFactory.createNewDocument();
        PDFMergerUtility merger = new PDFMergerUtility();
        for (PDDocument doc : documents) {
            merger.appendDocument(merged, doc);
        }
        return merged;
    }
 }
--- a/app/common/src/main/java/stirling/software/common/util/PdfAttachmentHandler.java
+++ b/app/common/src/main/java/stirling/software/common/util/PdfAttachmentHandler.java
@ -1,681 +0,0 @@
 package stirling.software.common.util;
 import static stirling.software.common.util.AttachmentUtils.setCatalogViewerPreferences;
 import java.io.ByteArrayInputStream;
 import java.io.ByteArrayOutputStream;
 import java.io.File;
 import java.io.FileOutputStream;
 import java.io.IOException;
 import java.io.InputStream;
 import java.text.SimpleDateFormat;
 import java.util.ArrayList;
 import java.util.Base64;
 import java.util.Date;
 import java.util.GregorianCalendar;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Locale;
 import java.util.Map;
 import java.util.Set;
 import java.util.TimeZone;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 import org.apache.pdfbox.pdmodel.PDDocument;
 import org.apache.pdfbox.pdmodel.PDDocumentCatalog;
 import org.apache.pdfbox.pdmodel.PDDocumentNameDictionary;
 import org.apache.pdfbox.pdmodel.PDEmbeddedFilesNameTreeNode;
 import org.apache.pdfbox.pdmodel.PDPage;
 import org.apache.pdfbox.pdmodel.PageMode;
 import org.apache.pdfbox.pdmodel.common.PDRectangle;
 import org.apache.pdfbox.pdmodel.common.filespecification.PDComplexFileSpecification;
 import org.apache.pdfbox.pdmodel.common.filespecification.PDEmbeddedFile;
 import org.apache.pdfbox.pdmodel.interactive.annotation.PDAnnotationFileAttachment;
 import org.apache.pdfbox.pdmodel.interactive.annotation.PDAppearanceDictionary;
 import org.apache.pdfbox.pdmodel.interactive.annotation.PDAppearanceStream;
 import org.apache.pdfbox.text.PDFTextStripper;
 import org.apache.pdfbox.text.TextPosition;
 import org.jetbrains.annotations.NotNull;
 import org.springframework.http.MediaType;
 import org.springframework.web.multipart.MultipartFile;
 import lombok.Data;
 import lombok.Getter;
 import lombok.experimental.UtilityClass;
 import stirling.software.common.service.CustomPDFDocumentFactory;
@UtilityClass
 public class PdfAttachmentHandler {
    // Note: This class is designed for EML attachments, not general PDF attachments.
    private static final String ATTACHMENT_MARKER = "@";
    private static final float ATTACHMENT_ICON_WIDTH = 12f;
    private static final float ATTACHMENT_ICON_HEIGHT = 14f;
    private static final float ANNOTATION_X_OFFSET = 2f;
    private static final float ANNOTATION_Y_OFFSET = 10f;
    public static byte[] attachFilesToPdf(
            byte[] pdfBytes,
            List<EmlParser.EmailAttachment> attachments,
            CustomPDFDocumentFactory pdfDocumentFactory)
            throws IOException {
        if (attachments == null || attachments.isEmpty()) {
            return pdfBytes;
        }
        try (PDDocument document = pdfDocumentFactory.load(pdfBytes);
                ByteArrayOutputStream outputStream = new ByteArrayOutputStream()) {
            List<MultipartFile> multipartAttachments = new ArrayList<>(attachments.size());
            for (int i = 0; i < attachments.size(); i++) {
                EmlParser.EmailAttachment attachment = attachments.get(i);
                if (attachment.getData() != null && attachment.getData().length > 0) {
                    String embeddedFilename =
                            attachment.getFilename() != null
                                    ? attachment.getFilename()
                                    : ("attachment_" + i);
                    attachment.setEmbeddedFilename(embeddedFilename);
                    multipartAttachments.add(createMultipartFile(attachment));
                }
            }
            if (!multipartAttachments.isEmpty()) {
                Map<Integer, String> indexToFilenameMap =
                        addAttachmentsToDocumentWithMapping(
                                document, multipartAttachments, attachments);
                setCatalogViewerPreferences(document, PageMode.USE_ATTACHMENTS);
                addAttachmentAnnotationsToDocumentWithMapping(
                        document, attachments, indexToFilenameMap);
            }
            document.save(outputStream);
            return outputStream.toByteArray();
        } catch (RuntimeException e) {
            throw new IOException(
                    "Invalid PDF structure or processing error: " + e.getMessage(), e);
        } catch (Exception e) {
            throw new IOException("Error attaching files to PDF: " + e.getMessage(), e);
        }
    }
    private static MultipartFile createMultipartFile(EmlParser.EmailAttachment attachment) {
        return new MultipartFile() {
            @Override
            public @NotNull String getName() {
                return "attachment";
            }
            @Override
            public String getOriginalFilename() {
                return attachment.getFilename() != null
                        ? attachment.getFilename()
                        : "attachment_" + System.currentTimeMillis();
            }
            @Override
            public String getContentType() {
                return attachment.getContentType() != null
                        ? attachment.getContentType()
                        : MediaType.APPLICATION_OCTET_STREAM_VALUE;
            }
            @Override
            public boolean isEmpty() {
                return attachment.getData() == null || attachment.getData().length == 0;
            }
            @Override
            public long getSize() {
                return attachment.getData() != null ? attachment.getData().length : 0;
            }
            @Override
            public byte @NotNull [] getBytes() {
                return attachment.getData() != null ? attachment.getData() : new byte[0];
            }
            @Override
            public @NotNull InputStream getInputStream() {
                byte[] data = attachment.getData();
                return new ByteArrayInputStream(data != null ? data : new byte[0]);
            }
            @Override
            public void transferTo(@NotNull File dest) throws IOException, IllegalStateException {
                try (FileOutputStream fos = new FileOutputStream(dest)) {
                    byte[] data = attachment.getData();
                    if (data != null) {
                        fos.write(data);
                    }
                }
            }
        };
    }
    private static String ensureUniqueFilename(String filename, Set<String> existingNames) {
        if (!existingNames.contains(filename)) {
            return filename;
        }
        String baseName;
        String extension = "";
        int lastDot = filename.lastIndexOf('.');
        if (lastDot > 0) {
            baseName = filename.substring(0, lastDot);
            extension = filename.substring(lastDot);
        } else {
            baseName = filename;
        }
        int counter = 1;
        String uniqueName;
        do {
            uniqueName = baseName + "_" + counter + extension;
            counter++;
        } while (existingNames.contains(uniqueName));
        return uniqueName;
    }
    private static @NotNull PDRectangle calculateAnnotationRectangle(
            PDPage page, float x, float y) {
        PDRectangle cropBox = page.getCropBox();
        // ISO 32000-1:2008 Section 8.3: PDF coordinate system transforms
        int rotation = page.getRotation();
        float pdfX = x;
        float pdfY = cropBox.getHeight() - y;
        switch (rotation) {
            case 90 -> {
                float temp = pdfX;
                pdfX = pdfY;
                pdfY = cropBox.getWidth() - temp;
            }
            case 180 -> {
                pdfX = cropBox.getWidth() - pdfX;
                pdfY = y;
            }
            case 270 -> {
                float temp = pdfX;
                pdfX = cropBox.getHeight() - pdfY;
                pdfY = temp;
            }
            default -> {}
        }
        float iconHeight = ATTACHMENT_ICON_HEIGHT;
        float paddingX = 2.0f;
        float paddingY = 2.0f;
        PDRectangle rect =
                new PDRectangle(
                        pdfX + ANNOTATION_X_OFFSET + paddingX,
                        pdfY - iconHeight + ANNOTATION_Y_OFFSET + paddingY,
                        ATTACHMENT_ICON_WIDTH,
                        iconHeight);
        PDRectangle mediaBox = page.getMediaBox();
        if (rect.getLowerLeftX() < mediaBox.getLowerLeftX()
                || rect.getLowerLeftY() < mediaBox.getLowerLeftY()
                || rect.getUpperRightX() > mediaBox.getUpperRightX()
                || rect.getUpperRightY() > mediaBox.getUpperRightY()) {
            float adjustedX =
                    Math.max(
                            mediaBox.getLowerLeftX(),
                            Math.min(
                                    rect.getLowerLeftX(),
                                    mediaBox.getUpperRightX() - rect.getWidth()));
            float adjustedY =
                    Math.max(
                            mediaBox.getLowerLeftY(),
                            Math.min(
                                    rect.getLowerLeftY(),
                                    mediaBox.getUpperRightY() - rect.getHeight()));
            rect = new PDRectangle(adjustedX, adjustedY, rect.getWidth(), rect.getHeight());
        }
        return rect;
    }
    public static String processInlineImages(
            String htmlContent, EmlParser.EmailContent emailContent) {
        if (htmlContent == null || emailContent == null) return htmlContent;
        Map<String, EmlParser.EmailAttachment> contentIdMap = new HashMap<>();
        for (EmlParser.EmailAttachment attachment : emailContent.getAttachments()) {
            if (attachment.isEmbedded()
                    && attachment.getContentId() != null
                    && attachment.getData() != null) {
                contentIdMap.put(attachment.getContentId(), attachment);
            }
        }
        if (contentIdMap.isEmpty()) return htmlContent;
        Pattern cidPattern =
                Pattern.compile(
                        "(?i)<img[^>]*\\ssrc\\s*=\\s*['\"]cid:([^'\"]+)['\"][^>]*>",
                        Pattern.CASE_INSENSITIVE);
        Matcher matcher = cidPattern.matcher(htmlContent);
        StringBuilder result = new StringBuilder();
        while (matcher.find()) {
            String contentId = matcher.group(1);
            EmlParser.EmailAttachment attachment = contentIdMap.get(contentId);
            if (attachment != null && attachment.getData() != null) {
                String mimeType =
                        EmlProcessingUtils.detectMimeType(
                                attachment.getFilename(), attachment.getContentType());
                String base64Data = Base64.getEncoder().encodeToString(attachment.getData());
                String dataUri = "data:" + mimeType + ";base64," + base64Data;
                String replacement =
                        matcher.group(0).replaceFirst("cid:" + Pattern.quote(contentId), dataUri);
                matcher.appendReplacement(result, Matcher.quoteReplacement(replacement));
            } else {
                matcher.appendReplacement(result, Matcher.quoteReplacement(matcher.group(0)));
            }
        }
        matcher.appendTail(result);
        return result.toString();
    }
    public static String formatEmailDate(Date date) {
        if (date == null) return "";
        SimpleDateFormat formatter =
                new SimpleDateFormat("EEE, MMM d, yyyy 'at' h:mm a z", Locale.ENGLISH);
        formatter.setTimeZone(TimeZone.getTimeZone("UTC"));
        return formatter.format(date);
    }
    @Data
    public static class MarkerPosition {
        private int pageIndex;
        private float x;
        private float y;
        private String character;
        private String filename;
        public MarkerPosition(int pageIndex, float x, float y, String character, String filename) {
            this.pageIndex = pageIndex;
            this.x = x;
            this.y = y;
            this.character = character;
            this.filename = filename;
        }
    }
    public static class AttachmentMarkerPositionFinder extends PDFTextStripper {
        @Getter private final List<MarkerPosition> positions = new ArrayList<>();
        private int currentPageIndex;
        protected boolean sortByPosition;
        private boolean isInAttachmentSection;
        private boolean attachmentSectionFound;
        private final StringBuilder currentText = new StringBuilder();
        private static final Pattern ATTACHMENT_SECTION_PATTERN =
                Pattern.compile("attachments\\s*\\(\\d+\\)", Pattern.CASE_INSENSITIVE);
        private static final Pattern FILENAME_PATTERN =
                Pattern.compile("@\\s*([^\\s\\(]+(?:\\.[a-zA-Z0-9]+)?)");
        public AttachmentMarkerPositionFinder() {
            super();
            this.currentPageIndex = 0;
            this.sortByPosition = false; // Disable sorting to preserve document order
            this.isInAttachmentSection = false;
            this.attachmentSectionFound = false;
        }
        @Override
        public String getText(PDDocument document) throws IOException {
            super.getText(document);
            if (sortByPosition) {
                positions.sort(
                        (a, b) -> {
                            int pageCompare = Integer.compare(a.getPageIndex(), b.getPageIndex());
                            if (pageCompare != 0) return pageCompare;
                            return Float.compare(
                                    b.getY(), a.getY()); // Descending Y per PDF coordinate system
                        });
            }
            return ""; // Return empty string as we only need positions
        }
        @Override
        protected void startPage(PDPage page) throws IOException {
            super.startPage(page);
        }
        @Override
        protected void endPage(PDPage page) throws IOException {
            currentPageIndex++;
            super.endPage(page);
        }
        @Override
        protected void writeString(String string, List<TextPosition> textPositions)
                throws IOException {
            String lowerString = string.toLowerCase();
            if (ATTACHMENT_SECTION_PATTERN.matcher(lowerString).find()) {
                isInAttachmentSection = true;
                attachmentSectionFound = true;
            }
            if (isInAttachmentSection
                    && (lowerString.contains("</body>")
                            || lowerString.contains("</html>")
                            || (attachmentSectionFound
                                    && lowerString.trim().isEmpty()
                                    && string.length() > 50))) {
                isInAttachmentSection = false;
            }
            if (isInAttachmentSection) {
                currentText.append(string);
                for (int i = 0; (i = string.indexOf(ATTACHMENT_MARKER, i)) != -1; i++) {
                    if (i < textPositions.size()) {
                        TextPosition textPosition = textPositions.get(i);
                        String filename = extractFilenameAfterMarker(string, i);
                        MarkerPosition position =
                                new MarkerPosition(
                                        currentPageIndex,
                                        textPosition.getXDirAdj(),
                                        textPosition.getYDirAdj(),
                                        ATTACHMENT_MARKER,
                                        filename);
                        positions.add(position);
                    }
                }
            }
            super.writeString(string, textPositions);
        }
        @Override
        public void setSortByPosition(boolean sortByPosition) {
            this.sortByPosition = sortByPosition;
        }
        private String extractFilenameAfterMarker(String text, int markerIndex) {
            String afterMarker = text.substring(markerIndex + 1);
            Matcher matcher = FILENAME_PATTERN.matcher("@" + afterMarker);
            if (matcher.find()) {
                return matcher.group(1);
            }
            String[] parts = afterMarker.split("[\\s\\(\\)]+");
            for (String part : parts) {
                part = part.trim();
                if (part.length() > 3 && part.contains(".")) {
                    return part;
                }
            }
            return null;
        }
    }
    private static Map<Integer, String> addAttachmentsToDocumentWithMapping(
            PDDocument document,
            List<MultipartFile> attachments,
            List<EmlParser.EmailAttachment> originalAttachments)
            throws IOException {
        PDDocumentCatalog catalog = document.getDocumentCatalog();
        if (catalog == null) {
            throw new IOException("PDF document catalog is not accessible");
        }
        PDDocumentNameDictionary documentNames = catalog.getNames();
        if (documentNames == null) {
            documentNames = new PDDocumentNameDictionary(catalog);
            catalog.setNames(documentNames);
        }
        PDEmbeddedFilesNameTreeNode embeddedFilesTree = documentNames.getEmbeddedFiles();
        if (embeddedFilesTree == null) {
            embeddedFilesTree = new PDEmbeddedFilesNameTreeNode();
            documentNames.setEmbeddedFiles(embeddedFilesTree);
        }
        Map<String, PDComplexFileSpecification> existingNames = embeddedFilesTree.getNames();
        if (existingNames == null) {
            existingNames = new HashMap<>();
        }
        Map<Integer, String> indexToFilenameMap = new HashMap<>();
        for (int i = 0; i < attachments.size(); i++) {
            MultipartFile attachment = attachments.get(i);
            String filename = attachment.getOriginalFilename();
            if (filename == null || filename.trim().isEmpty()) {
                filename = "attachment_" + i;
            }
            String normalizedFilename =
                    isAscii(filename)
                            ? filename
                            : java.text.Normalizer.normalize(
                                    filename, java.text.Normalizer.Form.NFC);
            String uniqueFilename =
                    ensureUniqueFilename(normalizedFilename, existingNames.keySet());
            indexToFilenameMap.put(i, uniqueFilename);
            PDEmbeddedFile embeddedFile = new PDEmbeddedFile(document, attachment.getInputStream());
            embeddedFile.setSize((int) attachment.getSize());
            GregorianCalendar currentTime = new GregorianCalendar();
            embeddedFile.setCreationDate(currentTime);
            embeddedFile.setModDate(currentTime);
            String contentType = attachment.getContentType();
            if (contentType != null && !contentType.trim().isEmpty()) {
                embeddedFile.setSubtype(contentType);
            }
            PDComplexFileSpecification fileSpecification = new PDComplexFileSpecification();
            fileSpecification.setFile(uniqueFilename);
            fileSpecification.setFileUnicode(uniqueFilename);
            fileSpecification.setEmbeddedFile(embeddedFile);
            fileSpecification.setEmbeddedFileUnicode(embeddedFile);
            existingNames.put(uniqueFilename, fileSpecification);
        }
        embeddedFilesTree.setNames(existingNames);
        documentNames.setEmbeddedFiles(embeddedFilesTree);
        catalog.setNames(documentNames);
        return indexToFilenameMap;
    }
    private static void addAttachmentAnnotationsToDocumentWithMapping(
            PDDocument document,
            List<EmlParser.EmailAttachment> attachments,
            Map<Integer, String> indexToFilenameMap)
            throws IOException {
        if (document.getNumberOfPages() == 0 || attachments == null || attachments.isEmpty()) {
            return;
        }
        AttachmentMarkerPositionFinder finder = new AttachmentMarkerPositionFinder();
        finder.setSortByPosition(false); // Keep document order to maintain pairing
        finder.getText(document);
        List<MarkerPosition> markerPositions = finder.getPositions();
        int annotationsToAdd = Math.min(markerPositions.size(), attachments.size());
        for (int i = 0; i < annotationsToAdd; i++) {
            MarkerPosition position = markerPositions.get(i);
            String filenameNearMarker = position.getFilename();
            EmlParser.EmailAttachment matchingAttachment =
                    findAttachmentByFilename(attachments, filenameNearMarker);
            if (matchingAttachment != null) {
                String embeddedFilename =
                        findEmbeddedFilenameForAttachment(matchingAttachment, indexToFilenameMap);
                if (embeddedFilename != null) {
                    PDPage page = document.getPage(position.getPageIndex());
                    addAttachmentAnnotationToPageWithMapping(
                            document,
                            page,
                            matchingAttachment,
                            embeddedFilename,
                            position.getX(),
                            position.getY(),
                            i);
                } else {
                    // No embedded filename found for attachment
                }
            } else {
                // No matching attachment found for filename near marker
            }
        }
    }
    private static EmlParser.EmailAttachment findAttachmentByFilename(
            List<EmlParser.EmailAttachment> attachments, String targetFilename) {
        if (targetFilename == null || targetFilename.trim().isEmpty()) {
            return null;
        }
        String normalizedTarget = normalizeFilename(targetFilename);
        // First try exact match
        for (EmlParser.EmailAttachment attachment : attachments) {
            if (attachment.getFilename() != null) {
                String normalizedAttachment = normalizeFilename(attachment.getFilename());
                if (normalizedAttachment.equals(normalizedTarget)) {
                    return attachment;
                }
            }
        }
        // Then try contains match
        for (EmlParser.EmailAttachment attachment : attachments) {
            if (attachment.getFilename() != null) {
                String normalizedAttachment = normalizeFilename(attachment.getFilename());
                if (normalizedAttachment.contains(normalizedTarget)
                        || normalizedTarget.contains(normalizedAttachment)) {
                    return attachment;
                }
            }
        }
        return null;
    }
    private static String findEmbeddedFilenameForAttachment(
            EmlParser.EmailAttachment attachment, Map<Integer, String> indexToFilenameMap) {
        String attachmentFilename = attachment.getFilename();
        if (attachmentFilename == null) {
            return null;
        }
        for (Map.Entry<Integer, String> entry : indexToFilenameMap.entrySet()) {
            String embeddedFilename = entry.getValue();
            if (embeddedFilename != null
                    && (embeddedFilename.equals(attachmentFilename)
                            || embeddedFilename.contains(attachmentFilename)
                            || attachmentFilename.contains(embeddedFilename))) {
                return embeddedFilename;
            }
        }
        return null;
    }
    private static String normalizeFilename(String filename) {
        if (filename == null) return "";
        return filename.toLowerCase()
                .trim()
                .replaceAll("\\s+", " ")
                .replaceAll("[^a-zA-Z0-9._-]", "");
    }
    private static void addAttachmentAnnotationToPageWithMapping(
            PDDocument document,
            PDPage page,
            EmlParser.EmailAttachment attachment,
            String embeddedFilename,
            float x,
            float y,
            int attachmentIndex)
            throws IOException {
        PDAnnotationFileAttachment fileAnnotation = new PDAnnotationFileAttachment();
        PDRectangle rect = calculateAnnotationRectangle(page, x, y);
        fileAnnotation.setRectangle(rect);
        fileAnnotation.setPrinted(false);
        fileAnnotation.setHidden(false);
        fileAnnotation.setNoView(false);
        fileAnnotation.setNoZoom(true);
        fileAnnotation.setNoRotate(true);
        try {
            PDAppearanceDictionary appearance = new PDAppearanceDictionary();
            PDAppearanceStream normalAppearance = new PDAppearanceStream(document);
            normalAppearance.setBBox(new PDRectangle(0, 0, rect.getWidth(), rect.getHeight()));
            appearance.setNormalAppearance(normalAppearance);
            fileAnnotation.setAppearance(appearance);
        } catch (RuntimeException e) {
            fileAnnotation.setAppearance(null);
        }
        PDEmbeddedFilesNameTreeNode efTree =
                document.getDocumentCatalog().getNames().getEmbeddedFiles();
        if (efTree != null) {
            Map<String, PDComplexFileSpecification> efMap = efTree.getNames();
            if (efMap != null) {
                PDComplexFileSpecification fileSpec = efMap.get(embeddedFilename);
                if (fileSpec != null) {
                    fileAnnotation.setFile(fileSpec);
                } else {
                    // Could not find embedded file
                }
            }
        }
        fileAnnotation.setContents(
                "Attachment " + (attachmentIndex + 1) + ": " + attachment.getFilename());
        fileAnnotation.setAnnotationName(
                "EmbeddedFile_" + attachmentIndex + "_" + embeddedFilename);
        page.getAnnotations().add(fileAnnotation);
    }
    private static boolean isAscii(String str) {
        if (str == null) return true;
        for (int i = 0; i < str.length(); i++) {
            if (str.charAt(i) > 127) {
                return false;
            }
        }
        return true;
    }
 }
--- a/app/common/src/main/java/stirling/software/common/util/PdfErrorUtils.java
+++ b/app/common/src/main/java/stirling/software/common/util/PdfErrorUtils.java
@ -1,55 +0,0 @@
 package stirling.software.common.util;
 import java.io.IOException;
 /** Utility class for detecting and handling PDF-related errors. */
 public class PdfErrorUtils {
    /**
     * Checks if an IOException indicates a corrupted PDF file.
     *
     * @param e the IOException to check
     * @return true if the error indicates PDF corruption, false otherwise
     */
    public static boolean isCorruptedPdfError(IOException e) {
        return isCorruptedPdfError(e.getMessage());
    }
    /**
     * Checks if any Exception indicates a corrupted PDF file.
     *
     * @param e the Exception to check
     * @return true if the error indicates PDF corruption, false otherwise
     */
    public static boolean isCorruptedPdfError(Exception e) {
        return isCorruptedPdfError(e.getMessage());
    }
    /**
     * Checks if an error message indicates a corrupted PDF file.
     *
     * @param message the error message to check
     * @return true if the message indicates PDF corruption, false otherwise
     */
    private static boolean isCorruptedPdfError(String message) {
        if (message == null) return false;
        // Check for common corruption indicators
        return message.contains("Missing root object specification")
                || message.contains("Header doesn't contain versioninfo")
                || message.contains("Expected trailer")
                || message.contains("Invalid PDF")
                || message.contains("Corrupted")
                || message.contains("damaged")
                || message.contains("Unknown dir object")
                || message.contains("Can't dereference COSObject")
                || message.contains("parseCOSString string should start with")
                || message.contains("ICCBased colorspace array must have a stream")
                || message.contains("1-based index not found")
                || message.contains("Invalid dictionary, found:")
                || message.contains("AES initialization vector not fully read")
                || message.contains("BadPaddingException")
                || message.contains("Given final block not properly padded")
                || message.contains("End-of-File, expected line");
    }
 }
--- a/app/common/src/main/java/stirling/software/common/util/SpringContextHolder.java
+++ b/app/common/src/main/java/stirling/software/common/util/SpringContextHolder.java
@ -1,82 +0,0 @@
 package stirling.software.common.util;
 import org.springframework.beans.BeansException;
 import org.springframework.context.ApplicationContext;
 import org.springframework.context.ApplicationContextAware;
 import org.springframework.stereotype.Component;
 import lombok.extern.slf4j.Slf4j;
 /**
 * Utility class to access Spring managed beans from non-Spring managed classes. This is especially
 * useful for classes that are instantiated by frameworks or created dynamically.
 */
@Component
@Slf4j
 public class SpringContextHolder implements ApplicationContextAware {
    private static ApplicationContext applicationContext;
    @Override
    public void setApplicationContext(ApplicationContext applicationContext) throws BeansException {
        SpringContextHolder.applicationContext = applicationContext;
        log.debug("Spring context holder initialized");
    }
    /**
     * Get a Spring bean by class type
     *
     * @param <T> The bean type
     * @param beanClass The bean class
     * @return The bean instance, or null if not found
     */
    public static <T> T getBean(Class<T> beanClass) {
        if (applicationContext == null) {
            log.warn(
                    "Application context not initialized when attempting to get bean of type {}",
                    beanClass.getName());
            return null;
        }
        try {
            return applicationContext.getBean(beanClass);
        } catch (BeansException e) {
            log.error("Error getting bean of type {}: {}", beanClass.getName(), e.getMessage());
            return null;
        }
    }
    /**
     * Get a Spring bean by name
     *
     * @param <T> The bean type
     * @param beanName The bean name
     * @return The bean instance, or null if not found
     */
    public static <T> T getBean(String beanName) {
        if (applicationContext == null) {
            log.warn(
                    "Application context not initialized when attempting to get bean '{}'",
                    beanName);
            return null;
        }
        try {
            @SuppressWarnings("unchecked")
            T bean = (T) applicationContext.getBean(beanName);
            return bean;
        } catch (BeansException e) {
            log.error("Error getting bean '{}': {}", beanName, e.getMessage());
            return null;
        }
    }
    /**
     * Check if the application context is initialized
     *
     * @return true if initialized, false otherwise
     */
    public static boolean isInitialized() {
        return applicationContext != null;
    }
 }
--- a/app/common/src/main/java/stirling/software/common/util/TempDirectory.java
+++ b/app/common/src/main/java/stirling/software/common/util/TempDirectory.java
@ -1,44 +0,0 @@
 package stirling.software.common.util;
 import java.io.IOException;
 import java.nio.file.Path;
 import lombok.extern.slf4j.Slf4j;
 /**
 * A wrapper class for a temporary directory that implements AutoCloseable. Can be used with
 * try-with-resources for automatic cleanup.
 */
@Slf4j
 public class TempDirectory implements AutoCloseable {
    private final TempFileManager manager;
    private final Path directory;
    public TempDirectory(TempFileManager manager) throws IOException {
        this.manager = manager;
        this.directory = manager.createTempDirectory();
    }
    public Path getPath() {
        return directory;
    }
    public String getAbsolutePath() {
        return directory.toAbsolutePath().toString();
    }
    public boolean exists() {
        return java.nio.file.Files.exists(directory);
    }
    @Override
    public void close() {
        manager.deleteTempDirectory(directory);
    }
    @Override
    public String toString() {
        return "TempDirectory{" + directory.toAbsolutePath() + "}";
    }
 }
--- a/app/common/src/main/java/stirling/software/common/util/TempFile.java
+++ b/app/common/src/main/java/stirling/software/common/util/TempFile.java
@ -1,46 +0,0 @@
 package stirling.software.common.util;
 import java.io.File;
 import java.io.IOException;
 import java.nio.file.Path;
 import lombok.Getter;
 import lombok.extern.slf4j.Slf4j;
 /**
 * A wrapper class for a temporary file that implements AutoCloseable. Can be used with
 * try-with-resources for automatic cleanup.
 */
@Slf4j
 public class TempFile implements AutoCloseable {
    private final TempFileManager manager;
    @Getter private final File file;
    public TempFile(TempFileManager manager, String suffix) throws IOException {
        this.manager = manager;
        this.file = manager.createTempFile(suffix);
    }
    public Path getPath() {
        return file.toPath();
    }
    public String getAbsolutePath() {
        return file.getAbsolutePath();
    }
    public boolean exists() {
        return file.exists();
    }
    @Override
    public void close() {
        manager.deleteTempFile(file);
    }
    @Override
    public String toString() {
        return "TempFile{" + file.getAbsolutePath() + "}";
    }
 }
--- a/app/common/src/main/java/stirling/software/common/util/TempFileManager.java
+++ b/app/common/src/main/java/stirling/software/common/util/TempFileManager.java
@ -1,249 +0,0 @@
 package stirling.software.common.util;
 import java.io.File;
 import java.io.IOException;
 import java.nio.file.Files;
 import java.nio.file.Path;
 import java.time.Duration;
 import java.util.Set;
 import java.util.UUID;
 import org.springframework.stereotype.Service;
 import org.springframework.web.multipart.MultipartFile;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import stirling.software.common.model.ApplicationProperties;
 /**
 * Service for managing temporary files in Stirling-PDF. Provides methods for creating, tracking,
 * and cleaning up temporary files.
 */
@Slf4j
@Service
@RequiredArgsConstructor
 public class TempFileManager {
    private final TempFileRegistry registry;
    private final ApplicationProperties applicationProperties;
    /**
     * Create a temporary file with the Stirling-PDF prefix. The file is automatically registered
     * with the registry.
     *
     * @param suffix The suffix for the temporary file
     * @return The created temporary file
     * @throws IOException If an I/O error occurs
     */
    public File createTempFile(String suffix) throws IOException {
        ApplicationProperties.TempFileManagement tempFiles =
                applicationProperties.getSystem().getTempFileManagement();
        Path tempFilePath;
        String customTempDirectory = tempFiles.getBaseTmpDir();
        if (customTempDirectory != null && !customTempDirectory.isEmpty()) {
            Path tempDir = Path.of(customTempDirectory);
            if (!Files.exists(tempDir)) {
                Files.createDirectories(tempDir);
            }
            tempFilePath = Files.createTempFile(tempDir, tempFiles.getPrefix(), suffix);
        } else {
            tempFilePath = Files.createTempFile(tempFiles.getPrefix(), suffix);
        }
        File tempFile = tempFilePath.toFile();
        return registry.register(tempFile);
    }
    /**
     * Create a temporary directory with the Stirling-PDF prefix. The directory is automatically
     * registered with the registry.
     *
     * @return The created temporary directory
     * @throws IOException If an I/O error occurs
     */
    public Path createTempDirectory() throws IOException {
        ApplicationProperties.TempFileManagement tempFiles =
                applicationProperties.getSystem().getTempFileManagement();
        Path tempDirPath;
        String customTempDirectory = tempFiles.getBaseTmpDir();
        if (customTempDirectory != null && !customTempDirectory.isEmpty()) {
            Path tempDir = Path.of(customTempDirectory);
            if (!Files.exists(tempDir)) {
                Files.createDirectories(tempDir);
            }
            tempDirPath = Files.createTempDirectory(tempDir, tempFiles.getPrefix());
        } else {
            tempDirPath = Files.createTempDirectory(tempFiles.getPrefix());
        }
        return registry.registerDirectory(tempDirPath);
    }
    /**
     * Convert a MultipartFile to a temporary File and register it. This is a wrapper around
     * GeneralUtils.convertMultipartFileToFile that ensures the created temp file is registered.
     *
     * @param multipartFile The MultipartFile to convert
     * @return The created temporary file
     * @throws IOException If an I/O error occurs
     */
    public File convertMultipartFileToFile(MultipartFile multipartFile) throws IOException {
        File tempFile = GeneralUtils.convertMultipartFileToFile(multipartFile);
        return registry.register(tempFile);
    }
    /**
     * Delete a temporary file and unregister it from the registry.
     *
     * @param file The file to delete
     * @return true if the file was deleted successfully, false otherwise
     */
    public boolean deleteTempFile(File file) {
        if (file != null && file.exists()) {
            boolean deleted = file.delete();
            if (deleted) {
                registry.unregister(file);
                log.debug("Deleted temp file: {}", file.getAbsolutePath());
            } else {
                log.warn("Failed to delete temp file: {}", file.getAbsolutePath());
            }
            return deleted;
        }
        return false;
    }
    /**
     * Delete a temporary file and unregister it from the registry.
     *
     * @param path The path to delete
     * @return true if the file was deleted successfully, false otherwise
     */
    public boolean deleteTempFile(Path path) {
        if (path != null) {
            try {
                boolean deleted = Files.deleteIfExists(path);
                if (deleted) {
                    registry.unregister(path);
                    log.debug("Deleted temp file: {}", path.toString());
                } else {
                    log.debug("Temp file already deleted or does not exist: {}", path.toString());
                }
                return deleted;
            } catch (IOException e) {
                log.warn("Failed to delete temp file: {}", path.toString(), e);
                return false;
            }
        }
        return false;
    }
    /**
     * Delete a temporary directory and all its contents.
     *
     * @param directory The directory to delete
     */
    public void deleteTempDirectory(Path directory) {
        if (directory != null && Files.isDirectory(directory)) {
            try {
                GeneralUtils.deleteDirectory(directory);
                log.debug("Deleted temp directory: {}", directory.toString());
            } catch (IOException e) {
                log.warn("Failed to delete temp directory: {}", directory.toString(), e);
            }
        }
    }
    /**
     * Register an existing file with the registry.
     *
     * @param file The file to register
     * @return The same file for method chaining
     */
    public File register(File file) {
        if (file != null && file.exists()) {
            return registry.register(file);
        }
        return file;
    }
    /**
     * Clean up old temporary files based on age.
     *
     * @param maxAgeMillis Maximum age in milliseconds for temp files
     * @return Number of files deleted
     */
    public int cleanupOldTempFiles(long maxAgeMillis) {
        int deletedCount = 0;
        // Get files older than max age
        Set<Path> oldFiles = registry.getFilesOlderThan(maxAgeMillis);
        // Delete each old file
        for (Path file : oldFiles) {
            if (deleteTempFile(file)) {
                deletedCount++;
            }
        }
        log.info("Cleaned up {} old temporary files", deletedCount);
        return deletedCount;
    }
    /**
     * Get the maximum age for temporary files in milliseconds.
     *
     * @return Maximum age in milliseconds
     */
    public long getMaxAgeMillis() {
        long maxAgeHours =
                applicationProperties.getSystem().getTempFileManagement().getMaxAgeHours();
        return Duration.ofHours(maxAgeHours).toMillis();
    }
    /**
     * Generate a unique temporary file name with the Stirling-PDF prefix.
     *
     * @param type Type identifier for the temp file
     * @param extension File extension (without the dot)
     * @return A unique temporary file name
     */
    public String generateTempFileName(String type, String extension) {
        String tempFilePrefix =
                applicationProperties.getSystem().getTempFileManagement().getPrefix();
        String uuid = UUID.randomUUID().toString().substring(0, 8);
        return tempFilePrefix + type + "-" + uuid + "." + extension;
    }
    /**
     * Register a known LibreOffice temporary directory. This is used when integrating with
     * LibreOffice for file conversions.
     *
     * @return The LibreOffice temp directory
     * @throws IOException If directory creation fails
     */
    public Path registerLibreOfficeTempDir() throws IOException {
        ApplicationProperties.TempFileManagement tempFiles =
                applicationProperties.getSystem().getTempFileManagement();
        Path loTempDir;
        String libreOfficeTempDir = tempFiles.getLibreofficeDir();
        String customTempDirectory = tempFiles.getBaseTmpDir();
        // First check if explicitly configured
        if (libreOfficeTempDir != null && !libreOfficeTempDir.isEmpty()) {
            loTempDir = Path.of(libreOfficeTempDir);
        }
        // Next check if we have a custom temp directory
        else if (customTempDirectory != null && !customTempDirectory.isEmpty()) {
            loTempDir = Path.of(customTempDirectory, "libreoffice");
        }
        // Fall back to system temp dir with our application prefix
        else {
            loTempDir = Path.of(System.getProperty("java.io.tmpdir"), "stirling-pdf-libreoffice");
        }
        if (!Files.exists(loTempDir)) {
            Files.createDirectories(loTempDir);
        }
        return registry.registerDirectory(loTempDir);
    }
 }
--- a/app/common/src/main/java/stirling/software/common/util/TempFileRegistry.java
+++ b/app/common/src/main/java/stirling/software/common/util/TempFileRegistry.java
@ -1,171 +0,0 @@
 package stirling.software.common.util;
 import java.io.File;
 import java.nio.file.Files;
 import java.nio.file.Path;
 import java.time.Instant;
 import java.util.Collections;
 import java.util.Map;
 import java.util.Set;
 import java.util.concurrent.ConcurrentHashMap;
 import java.util.concurrent.ConcurrentMap;
 import java.util.stream.Collectors;
 import org.springframework.stereotype.Component;
 import lombok.Getter;
 import lombok.extern.slf4j.Slf4j;
 /**
 * Central registry for tracking temporary files created by Stirling-PDF. Maintains a thread-safe
 * collection of paths with their creation timestamps.
 */
@Slf4j
@Component
 public class TempFileRegistry {
    private final ConcurrentMap<Path, Instant> registeredFiles = new ConcurrentHashMap<>();
    /**
     * -- GETTER -- Get all registered third-party temporary files.
     *
     * @return Set of third-party file paths
     */
    @Getter
    private final Set<Path> thirdPartyTempFiles =
            Collections.newSetFromMap(new ConcurrentHashMap<>());
    /**
     * -- GETTER -- Get all registered temporary directories.
     *
     * @return Set of temporary directory paths
     */
    @Getter
    private final Set<Path> tempDirectories = Collections.newSetFromMap(new ConcurrentHashMap<>());
    /**
     * Register a temporary file with the registry.
     *
     * @param file The temporary file to track
     * @return The same file for method chaining
     */
    public File register(File file) {
        if (file != null) {
            registeredFiles.put(file.toPath(), Instant.now());
            log.debug("Registered temp file: {}", file.getAbsolutePath());
        }
        return file;
    }
    /**
     * Register a temporary path with the registry.
     *
     * @param path The temporary path to track
     * @return The same path for method chaining
     */
    public Path register(Path path) {
        if (path != null) {
            registeredFiles.put(path, Instant.now());
            log.debug("Registered temp path: {}", path.toString());
        }
        return path;
    }
    /**
     * Register a temporary directory to be cleaned up.
     *
     * @param directory Directory to register
     * @return The same directory for method chaining
     */
    public Path registerDirectory(Path directory) {
        if (directory != null && Files.isDirectory(directory)) {
            tempDirectories.add(directory);
            log.debug("Registered temp directory: {}", directory.toString());
        }
        return directory;
    }
    /**
     * Register a third-party temporary file that requires special handling.
     *
     * @param file The third-party temp file
     * @return The same file for method chaining
     */
    public File registerThirdParty(File file) {
        if (file != null) {
            thirdPartyTempFiles.add(file.toPath());
            log.debug("Registered third-party temp file: {}", file.getAbsolutePath());
        }
        return file;
    }
    /**
     * Unregister a file from the registry.
     *
     * @param file The file to unregister
     */
    public void unregister(File file) {
        if (file != null) {
            registeredFiles.remove(file.toPath());
            thirdPartyTempFiles.remove(file.toPath());
            log.debug("Unregistered temp file: {}", file.getAbsolutePath());
        }
    }
    /**
     * Unregister a path from the registry.
     *
     * @param path The path to unregister
     */
    public void unregister(Path path) {
        if (path != null) {
            registeredFiles.remove(path);
            thirdPartyTempFiles.remove(path);
            log.debug("Unregistered temp path: {}", path.toString());
        }
    }
    /**
     * Get all registered temporary files.
     *
     * @return Set of registered file paths
     */
    public Set<Path> getAllRegisteredFiles() {
        return registeredFiles.keySet();
    }
    /**
     * Get temporary files older than the specified duration in milliseconds.
     *
     * @param maxAgeMillis Maximum age in milliseconds
     * @return Set of paths older than the specified age
     */
    public Set<Path> getFilesOlderThan(long maxAgeMillis) {
        Instant cutoffTime = Instant.now().minusMillis(maxAgeMillis);
        return registeredFiles.entrySet().stream()
                .filter(entry -> entry.getValue().isBefore(cutoffTime))
                .map(Map.Entry::getKey)
                .collect(Collectors.toSet());
    }
    /**
     * Check if a file is registered in the registry.
     *
     * @param file The file to check
     * @return True if the file is registered, false otherwise
     */
    public boolean contains(File file) {
        if (file == null) {
            return false;
        }
        Path path = file.toPath();
        return registeredFiles.containsKey(path) || thirdPartyTempFiles.contains(path);
    }
    /** Clear all registry data. */
    public void clear() {
        registeredFiles.clear();
        thirdPartyTempFiles.clear();
        tempDirectories.clear();
    }
 }
--- a/app/common/src/main/java/stirling/software/common/util/TempFileUtil.java
+++ b/app/common/src/main/java/stirling/software/common/util/TempFileUtil.java
@ -1,135 +0,0 @@
 package stirling.software.common.util;
 import java.io.File;
 import java.io.IOException;
 import java.nio.file.Files;
 import java.nio.file.Path;
 import java.util.ArrayList;
 import java.util.List;
 import java.util.function.Function;
 import lombok.extern.slf4j.Slf4j;
 /**
 * Utility class for handling temporary files with proper cleanup. Provides helper methods and
 * wrappers to ensure temp files are properly cleaned up.
 */
@Slf4j
 public class TempFileUtil {
    /**
     * A collection of temporary files that implements AutoCloseable. All files in the collection
     * are cleaned up when close() is called.
     */
    public static class TempFileCollection implements AutoCloseable {
        private final TempFileManager manager;
        private final List<File> tempFiles = new ArrayList<>();
        public TempFileCollection(TempFileManager manager) {
            this.manager = manager;
        }
        public File addTempFile(String suffix) throws IOException {
            File file = manager.createTempFile(suffix);
            tempFiles.add(file);
            return file;
        }
        public List<File> getFiles() {
            return new ArrayList<>(tempFiles);
        }
        @Override
        public void close() {
            for (File file : tempFiles) {
                manager.deleteTempFile(file);
            }
        }
    }
    /**
     * Execute a function with a temporary file, ensuring cleanup in a finally block.
     *
     * @param <R> The return type of the function
     * @param tempFileManager The temp file manager
     * @param suffix File suffix (e.g., ".pdf")
     * @param function The function to execute with the temp file
     * @return The result of the function
     * @throws IOException If an I/O error occurs
     */
    public static <R> R withTempFile(
            TempFileManager tempFileManager, String suffix, Function<File, R> function)
            throws IOException {
        File tempFile = tempFileManager.createTempFile(suffix);
        try {
            return function.apply(tempFile);
        } finally {
            tempFileManager.deleteTempFile(tempFile);
        }
    }
    /**
     * Execute a function with multiple temporary files, ensuring cleanup in a finally block.
     *
     * @param <R> The return type of the function
     * @param tempFileManager The temp file manager
     * @param count Number of temp files to create
     * @param suffix File suffix (e.g., ".pdf")
     * @param function The function to execute with the temp files
     * @return The result of the function
     * @throws IOException If an I/O error occurs
     */
    public static <R> R withMultipleTempFiles(
            TempFileManager tempFileManager,
            int count,
            String suffix,
            Function<List<File>, R> function)
            throws IOException {
        List<File> tempFiles = new ArrayList<>(count);
        try {
            for (int i = 0; i < count; i++) {
                tempFiles.add(tempFileManager.createTempFile(suffix));
            }
            return function.apply(tempFiles);
        } finally {
            for (File file : tempFiles) {
                tempFileManager.deleteTempFile(file);
            }
        }
    }
    /**
     * Safely delete a list of temporary files, logging any errors.
     *
     * @param files The list of files to delete
     */
    public static void safeDeleteFiles(List<Path> files) {
        if (files == null) return;
        for (Path file : files) {
            if (file == null) continue;
            try {
                Files.deleteIfExists(file);
                log.debug("Deleted temp file: {}", file);
            } catch (IOException e) {
                log.warn("Failed to delete temp file: {}", file, e);
            }
        }
    }
    /**
     * Register an already created temp file with the registry. Use this for files created outside
     * of TempFileManager.
     *
     * @param tempFileManager The temp file manager
     * @param file The file to register
     * @return The registered file
     */
    public static File registerExistingTempFile(TempFileManager tempFileManager, File file) {
        if (tempFileManager != null && file != null && file.exists()) {
            return tempFileManager.register(file);
        }
        return file;
    }
 }
--- a/app/common/src/main/java/stirling/software/common/util/ValidationUtil.java
+++ b/app/common/src/main/java/stirling/software/common/util/ValidationUtil.java
@ -1,14 +0,0 @@
 package stirling.software.common.util;
 import java.util.Collection;
 public class ValidationUtil {
    public static boolean isStringEmpty(String input) {
        return input == null || input.isBlank();
    }
    public static boolean isCollectionEmpty(Collection<String> input) {
        return input == null || input.isEmpty();
    }
 }
--- a/app/common/src/main/java/stirling/software/common/util/ValidationUtils.java
+++ b/app/common/src/main/java/stirling/software/common/util/ValidationUtils.java
@ -1,14 +0,0 @@
 package stirling.software.common.util;
 import java.util.Collection;
 public class ValidationUtils {
    public static boolean isStringEmpty(String input) {
        return input == null || input.isBlank();
    }
    public static boolean isCollectionEmpty(Collection<String> input) {
        return input == null || input.isEmpty();
    }
 }
--- a/app/common/src/main/java/stirling/software/common/util/WebResponseUtils.java
+++ b/app/common/src/main/java/stirling/software/common/util/WebResponseUtils.java
@ -1,128 +0,0 @@
 package stirling.software.common.util;
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
 import java.net.URLEncoder;
 import java.nio.charset.StandardCharsets;
 import java.nio.file.Files;
 import java.nio.file.Path;
 import org.apache.pdfbox.pdmodel.PDDocument;
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
 import org.springframework.web.multipart.MultipartFile;
 import org.springframework.web.servlet.mvc.method.annotation.StreamingResponseBody;
 import io.github.pixee.security.Filenames;
 import lombok.extern.slf4j.Slf4j;
@Slf4j
 public class WebResponseUtils {
    public static ResponseEntity<byte[]> baosToWebResponse(
            ByteArrayOutputStream baos, String docName) throws IOException {
        return WebResponseUtils.bytesToWebResponse(baos.toByteArray(), docName);
    }
    public static ResponseEntity<byte[]> baosToWebResponse(
            ByteArrayOutputStream baos, String docName, MediaType mediaType) throws IOException {
        return WebResponseUtils.bytesToWebResponse(baos.toByteArray(), docName, mediaType);
    }
    public static ResponseEntity<byte[]> multiPartFileToWebResponse(MultipartFile file)
            throws IOException {
        String fileName = Filenames.toSimpleFileName(file.getOriginalFilename());
        MediaType mediaType = MediaType.parseMediaType(file.getContentType());
        byte[] bytes = file.getBytes();
        return bytesToWebResponse(bytes, fileName, mediaType);
    }
    public static ResponseEntity<byte[]> bytesToWebResponse(
            byte[] bytes, String docName, MediaType mediaType) throws IOException {
        // Return the PDF as a response
        HttpHeaders headers = new HttpHeaders();
        headers.setContentType(mediaType);
        headers.setContentLength(bytes.length);
        String encodedDocName =
                URLEncoder.encode(docName, StandardCharsets.UTF_8).replaceAll("\\+", "%20");
        headers.setContentDispositionFormData("attachment", encodedDocName);
        return new ResponseEntity<>(bytes, headers, HttpStatus.OK);
    }
    public static ResponseEntity<byte[]> bytesToWebResponse(byte[] bytes, String docName)
            throws IOException {
        return bytesToWebResponse(bytes, docName, MediaType.APPLICATION_PDF);
    }
    public static ResponseEntity<byte[]> pdfDocToWebResponse(PDDocument document, String docName)
            throws IOException {
        // Open Byte Array and save document to it
        ByteArrayOutputStream baos = new ByteArrayOutputStream();
        document.save(baos);
        document.close();
        return baosToWebResponse(baos, docName);
    }
    /**
     * Convert a File to a web response (PDF default).
     *
     * @param outputTempFile The temporary file to be sent as a response.
     * @param docName The name of the document.
     * @return A ResponseEntity containing the file as a resource.
     */
    public static ResponseEntity<StreamingResponseBody> pdfFileToWebResponse(
            TempFile outputTempFile, String docName) throws IOException {
        return fileToWebResponse(outputTempFile, docName, MediaType.APPLICATION_PDF);
    }
    /**
     * Convert a File to a web response (ZIP default).
     *
     * @param outputTempFile The temporary file to be sent as a response.
     * @param docName The name of the document.
     * @return A ResponseEntity containing the file as a resource.
     */
    public static ResponseEntity<StreamingResponseBody> zipFileToWebResponse(
            TempFile outputTempFile, String docName) throws IOException {
        return fileToWebResponse(outputTempFile, docName, MediaType.APPLICATION_OCTET_STREAM);
    }
    /**
     * Convert a File to a web response with explicit media type (e.g., ZIP).
     *
     * @param outputTempFile The temporary file to be sent as a response.
     * @param docName The name of the document.
     * @param mediaType The content type to set on the response.
     * @return A ResponseEntity containing the file as a resource.
     */
    public static ResponseEntity<StreamingResponseBody> fileToWebResponse(
            TempFile outputTempFile, String docName, MediaType mediaType) throws IOException {
        Path path = outputTempFile.getFile().toPath().normalize();
        long len = Files.size(path);
        HttpHeaders headers = new HttpHeaders();
        headers.setContentType(mediaType);
        headers.setContentLength(len);
        headers.add(HttpHeaders.CONTENT_DISPOSITION, "attachment; filename=\"" + docName + "\"");
        StreamingResponseBody body =
                os -> {
                    try (os) {
                        Files.copy(path, os);
                        os.flush();
                    } finally {
                        outputTempFile.close();
                    }
                };
        return new ResponseEntity<>(body, headers, HttpStatus.OK);
    }
 }
--- a/Show More
+++ b/Show More