feat(database,Jwt): relocate backups and Jwt-keys to config/backup and add Enterprise cleanup endpoints (#4225 )

# Description of Changes - **What was changed** - Centralized installation paths: - Introduced `BACKUP_PATH`, `BACKUP_DB_PATH`, and `BACKUP_PRIVATE_KEY_PATH` in `InstallationPathConfig`; `getPrivateKeyPath()` now resolves to `backup/keys` and new `getBackupPath()` returns `backup/db`. - Removed old `PRIVATE_KEY_PATH` and switched all usages to the new locations. - Database service enhancements: - `DatabaseService` now uses `InstallationPathConfig.getBackupPath()` and includes a one-time migration to move existing backups from `config/db/backup` to `config/backup/db` (**@Deprecated(since = "2.0.0", forRemoval = true)**). - Added `deleteAllBackups()` and `deleteLastBackup()` methods and exposed them via a new Enterprise controller. - New Enterprise-only API: - Added `DatabaseControllerEnterprise` with: - `DELETE /api/v1/database/deleteAll` — delete all backup files. - `DELETE /api/v1/database/deleteLast` — delete the most recent backup. - Endpoints gated by `@EnterpriseEndpoint` and `@Conditional(H2SQLCondition.class)`. - Key persistence adjustments: - `KeyPersistenceService` now migrates keys from `config/db/keys` to `config/backup/keys` on startup (**@Deprecated(since = "2.0.0", forRemoval = true)**). - Miscellaneous refactors/fixes: - Switched driver resolution in `DatabaseConfig` to a switch expression. - Corrected HTTP status usage to `HttpStatus.SEE_OTHER`. - Removed constructor `runningEE` flag from `AccountWebController` and replaced EE checks with `@EnterpriseEndpoint`. - Minor test and annotation improvements (e.g., `@Deprecated(since = "0.45.0")`, method references, equals order). - **Why the change was made** - To standardize and future-proof storage locations for both backups and keys under a clear `config/backup` hierarchy. - To give Enterprise admins first-class, safe cleanup endpoints for managing backup retention without manual file operations. - To reduce conditional logic in controllers and rely on declarative EE gating. - To improve maintainability and correctness (status codes, switch expression, null-safety patterns). --- ## Checklist ### General - [x] I have read the [Contribution Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md) - [x] I have read the [Stirling-PDF Developer Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md) (if applicable) - [ ] I have read the [How to add new languages to Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md) (if applicable) - [x] I have performed a self-review of my own code - [x] My changes generate no new warnings ### Documentation - [ ] I have updated relevant docs on [Stirling-PDF's doc repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/) (if functionality has heavily changed) - [ ] I have read the section [Add New Translation Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md#add-new-translation-tags) (for new translation tags only) ### UI Changes (if applicable) - [ ] Screenshots or videos demonstrating the UI changes are attached (e.g., as comments or direct attachments in the PR) ### Testing (if applicable) - [ ] I have tested my changes locally. Refer to the [Testing Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md#6-testing) for more details. --------- Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
feat(ssrf): enhance private IP detection and IPv6 handling (#4191 )
2025-08-25 21:59:23 +00:00 · 2025-08-24 22:16:55 +01:00 · 2025-08-24 22:08:29 +01:00 · 2025-08-24 22:03:12 +01:00 · 2025-08-24 21:47:09 +01:00 · 2025-08-24 21:45:26 +01:00
1256 changed files with 26341 additions and 10211 deletions
--- a/.claude/settings.local.json
+++ b/.claude/settings.local.json
@ -5,7 +5,13 @@
      "Bash(mkdir:*)",
      "Bash(./gradlew:*)",
      "Bash(grep:*)",
-      "Bash(cat:*)"
+      "Bash(cat:*)",
+      "Bash(find:*)",
+      "Bash(grep:*)",
+      "Bash(rg:*)",
+      "Bash(strings:*)",
+      "Bash(pkill:*)",
+      "Bash(true)"
    ],
    "deny": []
  }
--- a/.devcontainer/devcontainer.json
+++ b/.devcontainer/devcontainer.json
@ -49,7 +49,7 @@
                "java.configuration.updateBuildConfiguration": "interactive",
                "java.format.enabled": true,
                "java.format.settings.profile": "GoogleStyle",
-                "java.format.settings.google.version": "1.26.0",
+                "java.format.settings.google.version": "1.28.0",
                "java.format.settings.google.extra": "--aosp --skip-sorting-imports --skip-javadoc-formatting",
                "java.saveActions.cleanup": true,
                "java.cleanup.actions": [
@ -79,9 +79,17 @@
                    ".venv*/",
                    ".vscode/",
                    "bin/",
+                    "app/core/bin/",
+                    "app/common/bin/",
+                    "app/proprietary/bin/",
                    "build/",
+                    "app/core/build/",
+                    "app/common/build/",
+                    "app/proprietary/build/",
                    "configs/",
+                    "app/core/configs/",
                    "customFiles/",
+                    "app/core/customFiles/",
                    "docs/",
                    "exampleYmlFiles",
                    "gradle/",
@ -93,6 +101,9 @@
                    ".git-blame-ignore-revs",
                    ".gitattributes",
                    ".gitignore",
+                    "app/core/.gitignore",
+                    "app/common/.gitignore",
+                    "app/proprietary/.gitignore",
                    ".pre-commit-config.yaml"
                ],
                "java.signatureHelp.enabled": true,
@ -119,7 +130,9 @@
                "EditorConfig.EditorConfig", // EditorConfig support for maintaining consistent coding styles
                "ms-azuretools.vscode-docker", // Docker extension for Visual Studio Code
                "charliermarsh.ruff", // Ruff extension for Ruff language support
-                "github.vscode-github-actions" // GitHub Actions extension for Visual Studio Code
+                "github.vscode-github-actions", // GitHub Actions extension for Visual Studio Code
+                "stylelint.vscode-stylelint", // Stylelint extension for CSS and SCSS linting
+                "redhat.vscode-yaml" // YAML extension for Visual Studio Code
            ]
        }
    },
--- a/.editorconfig
+++ b/.editorconfig
@ -31,18 +31,12 @@ indent_size = 2
 # CSS files typically use an indent size of 2 spaces for better readability and alignment with community standards.
 indent_size = 2

-[*.yaml]
+[*.{yml,yaml}]
 # YAML files use an indent size of 2 spaces to maintain consistency with common YAML formatting practices.
 indent_size = 2
 insert_final_newline = false
 trim_trailing_whitespace = false

-[*.yml]
-# YML files follow the same conventions as YAML files, using an indent size of 2 spaces.
-indent_size = 2
-insert_final_newline = false
-trim_trailing_whitespace = false
-
 [*.json]
 # JSON files use an indent size of 2 spaces, which is the standard for JSON formatting.
 indent_size = 2
--- a/.git-blame-ignore-revs
+++ b/.git-blame-ignore-revs
@ -1,5 +1,9 @@
 # Formatting
 5f771b785130154ed47952635b7acef371ffe0ec
+7fa5e130d99227c2202ebddfdd91348176ec0c7b
+14d4fbb2a36195eedb034785e5a5ff6a47f268c6
+ee8030c1c4148062cde15c49c67d04ef03930c55
+fcd41924f5f261febfa9d9a92994671f3ebc97d6

 # Normalize files
 55d4fda01b2f39f5b7d7b4fda5214bd7ff0fd5dd
--- a/.gitattributes
+++ b/.gitattributes
@ -1,10 +1,10 @@
 * text=auto eol=lf

 # Ignore all JavaScript files in a directory
-stirling-pdf/src/main/resources/static/pdfjs/* linguist-vendored
-stirling-pdf/src/main/resources/static/pdfjs/** linguist-vendored
-stirling-pdf/src/main/resources/static/pdfjs-legacy/* linguist-vendored
-stirling-pdf/src/main/resources/static/pdfjs-legacy/** linguist-vendored
-stirling-pdf/src/main/resources/static/css/bootstrap-icons.css linguist-vendored
-stirling-pdf/src/main/resources/static/css/bootstrap.min.css linguist-vendored
-stirling-pdf/src/main/resources/static/css/fonts/* linguist-vendored
+app/core/src/main/resources/static/pdfjs/* linguist-vendored
+app/core/src/main/resources/static/pdfjs/** linguist-vendored
+app/core/src/main/resources/static/pdfjs-legacy/* linguist-vendored
+app/core/src/main/resources/static/pdfjs-legacy/** linguist-vendored
+app/core/src/main/resources/static/css/bootstrap-icons.css linguist-vendored
+app/core/src/main/resources/static/css/bootstrap.min.css linguist-vendored
+app/core/src/main/resources/static/css/fonts/* linguist-vendored
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@ -1,2 +1,21 @@
-# All PRs to V1 must be approved by Frooodle
-* @Frooodle @reecebrowne @Ludy87 @DarioGii @ConnorYoh
+# All PRs must be approved by Frooodle or Ludy87
+* @Frooodle @Ludy87 @jbrunton96 @ConnorYoh
+
+# Backend
+/app/** @DarioGii @Frooodle @Ludy87 @jbrunton96 @ConnorYoh
+
+#V1 frontend
+/app/core/src/main/resources/static/** @reecebrowne @ConnorYoh @EthanHealy01 @jbrunton96 @Frooodle @Ludy87
+/app/core/src/main/resources/templates/** @reecebrowne @ConnorYoh @EthanHealy01 @jbrunton96 @Frooodle @Ludy87
+
+#V2 frontend
+/frontend/** @reecebrowne @ConnorYoh @EthanHealy01 @jbrunton96 @Frooodle
+
+#V2 docker
+/docker/backend/** @Frooodle @Ludy87 @DarioGii @Ludy87
+/docker/frontend/** @reecebrowne @ConnorYoh @EthanHealy01 @jbrunton96 @Frooodle @Ludy87
+/docker/compose/** @reecebrowne @ConnorYoh @EthanHealy01 @DarioGii @jbrunton96 @Frooodle @Ludy87
+
+
+#GHA (All users)
+/.github/** @reecebrowne @ConnorYoh @EthanHealy01 @DarioGii @jbrunton96 @Frooodle @Ludy87
--- a/.github/config/.files.yaml
+++ b/.github/config/.files.yaml
@ -0,0 +1,32 @@
+build: &build
+  - build.gradle
+  - app/(common|core|proprietary)/build.gradle
+
+app: &app
+  - app/(common|core|proprietary)/src/main/java/**
+
+openapi: &openapi
+  - build.gradle
+  - app/(common|core|proprietary)/build.gradle
+  - app/(common|core|proprietary)/src/main/java/**
+
+project: &project
+  - app/(common|core|proprietary)/src/(main|test)/java/**
+  - app/(common|core|proprietary)/build.gradle
+  - 'app/(common|core|proprietary)/src/(main|test)/resources/**/!(messages_*.properties|*.md)*'
+  - exampleYmlFiles/**
+  - gradle/**
+  - libs/**
+  - testing/**
+  - build.gradle
+  - Dockerfile
+  - Dockerfile.fat
+  - Dockerfile.ultra-lite
+  - gradle.properties
+  - gradlew
+  - gradlew.bat
+  - launch4jConfig.xml
+  - settings.gradle
+  - frontend/**
+  - docker/**
+  - testing/**
--- a/.github/config/repo_devs.json
+++ b/.github/config/repo_devs.json
@ -7,6 +7,7 @@
    "sbplat",
    "reecebrowne",
    "DarioGii",
-    "ConnorYoh"
+    "ConnorYoh",
+    "EthanHealy01"
  ]
 }
--- a/.github/labeler-config-srvaroa.yml
+++ b/.github/labeler-config-srvaroa.yml
@ -2,88 +2,106 @@ version: 1
 labels:

  - label: "Bugfix"
-    title: '^fix:.*'
+    title: '^fix(\([^)]*\))?:|^fix:.*'

  - label: "enhancement"
-    title: '^feat:.*'
+    title: '^feat(\([^)]*\))?:|^feat:.*'

  - label: "build"
-    title: '^build:.*'
+    title: '^build(\([^)]*\))?:|^build:.*'

  - label: "chore"
-    title: '^chore:.*'
+    title: '^chore(\([^)]*\))?:|^chore:.*'

  - label: "ci"
-    title: '^ci:.*'
+    title: '^ci(\([^)]*\))?:|^ci:.*'
+
+  - label: "ci"
+    title: '^.*\(ci\):.*'

  - label: "perf"
-    title: '^perf:.*'
+    title: '^perf(\([^)]*\))?:|^perf:.*'

  - label: "refactor"
-    title: '^refactor:.*'
+    title: '^refactor(\([^)]*\))?:|^refactor:.*'

  - label: "revert"
-    title: '^revert:.*'
+    title: '^revert(\([^)]*\))?:|^revert:.*'

  - label: "style"
-    title: '^style:.*'
+    title: '^style(\([^)]*\))?:|^style:.*'

  - label: "Documentation"
-    title: '^docs:.*'
+    title: '^docs(\([^)]*\))?:|^docs:.*'
+
+  - label: "Documentation"
+    title: '^.*\(docs\):.*'
+
+  - label: "dependencies"
+    title: '^deps(\([^)]*\))?:|^deps:.*'
+
+  - label: "dependencies"
+    title: '^.*\(deps\):.*'

  - label: 'API'
-    title: '.*openapi.*'
+    title: '.*openapi.*|.*swagger.*|.*api.*'
+
+  - label: 'v2'
+    base-branch: 'V2'

  - label: 'Translation'
    files:
-      - 'stirling-pdf/src/main/resources/messages_[a-zA-Z_]{2}_[a-zA-Z_]{2,7}.properties'
+      - 'app/core/src/main/resources/messages_[a-zA-Z_]{2}_[a-zA-Z_]{2,7}.properties'
      - 'scripts/ignore_translation.toml'
-      - 'stirling-pdf/src/main/resources/templates/fragments/languages.html'
+      - 'app/core/src/main/resources/templates/fragments/languages.html'
      - '.github/scripts/check_language_properties.py'

  - label: 'Front End'
    files:
-      - 'stirling-pdf/src/main/resources/templates/.*'
-      - 'proprietary/src/main/resources/templates/.*'
-      - 'stirling-pdf/src/main/resources/static/.*'
-      - 'proprietary/src/main/resources/static/.*'
-      - 'stirling-pdf/src/main/java/stirling/software/SPDF/controller/web/.*'
-      - 'stirling-pdf/src/main/java/stirling/software/SPDF/UI/.*'
-      - 'proprietary/src/main/java/stirling/software/proprietary/security/controller/web/.*'
+      - 'app/core/src/main/resources/templates/.*'
+      - 'app/proprietary/src/main/resources/templates/.*'
+      - 'app/core/src/main/resources/static/.*'
+      - 'app/proprietary/src/main/resources/static/.*'
+      - 'app/core/src/main/java/stirling/software/SPDF/controller/web/.*'
+      - 'app/core/src/main/java/stirling/software/SPDF/UI/.*'
+      - 'app/proprietary/src/main/java/stirling/software/proprietary/security/controller/web/.*'
+      - 'frontend/**'

  - label: 'Java'
    files:
-      - 'common/src/main/java/.*.java'
-      - 'proprietary/src/main/java/.*.java'
-      - 'stirling-pdf/src/main/java/.*.java'
+      - 'app/common/src/main/java/.*.java'
+      - 'app/proprietary/src/main/java/.*.java'
+      - 'app/core/src/main/java/.*.java'

  - label: 'Back End'
    files:
-      - 'stirling-pdf/src/main/java/stirling/software/SPDF/config/.*'
-      - 'stirling-pdf/src/main/java/stirling/software/SPDF/controller/.*'
-      - 'stirling-pdf/src/main/resources/settings.yml.template'
-      - 'stirling-pdf/src/main/resources/application.properties'
-      - 'stirling-pdf/src/main/resources/banner.txt'
-      - 'scripts/png_to_webp.py'
-      - 'split_photos.py'
+      - 'app/core/src/main/java/stirling/software/SPDF/config/.*'
+      - 'app/core/src/main/java/stirling/software/SPDF/controller/.*'
+      - 'app/core/src/main/resources/settings.yml.template'
+      - 'app/core/src/main/resources/application.properties'
+      - 'app/core/src/main/resources/banner.txt'
+      - 'app/core/src/main/resources/static/python/png_to_webp.py'
+      - 'app/core/src/main/resources/static/python/split_photos.py'
+      - 'app/core/src/main/resources/static/pipeline/defaultWebUIConfigs/**'
      - 'application.properties'

  - label: 'Security'
    files:
-      - 'proprietary/src/main/java/stirling/software/proprietary/security/.*'
+      - 'app/proprietary/src/main/java/stirling/software/proprietary/security/.*'
      - 'scripts/download-security-jar.sh'
      - '.github/workflows/dependency-review.yml'
      - '.github/workflows/scorecards.yml'

  - label: 'API'
    files:
-      - 'stirling-pdf/src/main/java/stirling/software/SPDF/config/OpenApiConfig.java'
-      - 'stirling-pdf/src/main/java/stirling/software/SPDF/controller/web/MetricsController.java'
-      - 'stirling-pdf/src/main/java/stirling/software/SPDF/controller/api/.*'
-      - 'stirling-pdf/src/main/java/stirling/software/SPDF/model/api/.*'
-      - 'proprietary/src/main/java/stirling/software/proprietary/security/controller/api/.*'
-      - 'scripts/png_to_webp.py'
-      - 'split_photos.py'
+      - 'app/core/src/main/java/stirling/software/SPDF/config/OpenApiConfig.java'
+      - 'app/core/src/main/java/stirling/software/SPDF/controller/web/MetricsController.java'
+      - 'app/core/src/main/java/stirling/software/SPDF/controller/api/.*'
+      - 'app/core/src/main/java/stirling/software/SPDF/model/api/.*'
+      - 'app/core/src/main/java/stirling/software/SPDF/service/ApiDocService.java'
+      - 'app/proprietary/src/main/java/stirling/software/proprietary/security/controller/api/.*'
+      - 'app/core/src/main/resources/static/python/png_to_webp.py'
+      - 'app/core/src/main/resources/static/python/split_photos.py'
      - '.github/workflows/swagger.yml'

  - label: 'Documentation'
@ -106,6 +124,7 @@ labels:
      - 'scripts/installFonts.sh'
      - 'test.sh'
      - 'test2.sh'
+      - 'docker/**'

  - label: 'Devtools'
    files:
@ -116,12 +135,13 @@ labels:
      - '.pre-commit-config'
      - '.github/workflows/pre_commit.yml'
      - 'devGuide/.*'
+      - 'devTools/.*'

  - label: 'Test'
    files:
-      - 'common/src/test/.*'
-      - 'proprietary/src/test/.*'
-      - 'stirling-pdf/src/test/.*'
+      - 'app/common/src/test/.*'
+      - 'app/proprietary/src/test/.*'
+      - 'app/core/src/test/.*'
      - 'testing/.*'
      - '.github/workflows/scorecards.yml'
      - 'exampleYmlFiles/test_cicd.yml'
@ -137,6 +157,6 @@ labels:
      - 'gradlew.bat'
      - 'settings.gradle'
      - 'build.gradle'
-      - 'common/build.gradle'
-      - 'proprietary/build.gradle'
-      - 'stirling-pdf/build.gradle'
+      - 'app/common/build.gradle'
+      - 'app/proprietary/build.gradle'
+      - 'app/core/build.gradle'
--- a/.github/labeler-config.yml
+++ b/.github/labeler-config.yml
@ -1,86 +0,0 @@
-Translation:
-  - changed-files:
-    - any-glob-to-any-file: 'stirling-pdf/src/main/resources/messages_*_*.properties'
-    - any-glob-to-any-file: 'scripts/ignore_translation.toml'
-    - any-glob-to-any-file: 'stirling-pdf/src/main/resources/templates/fragments/languages.html'
-
-Front End:
-  - changed-files:
-    - any-glob-to-any-file: 'stirling-pdf/src/main/resources/templates/**/*'
-    - any-glob-to-any-file: 'stirling-pdf/src/main/resources/static/**/*'
-    - any-glob-to-any-file: 'stirling-pdf/src/main/java/stirling/software/SPDF/controller/web/**'
-    - any-glob-to-any-file: 'stirling-pdf/src/main/java/stirling/software/SPDF/UI/**/*'
-
-Java:
-  - changed-files:
-    - any-glob-to-any-file: 'common/src/main/java/**/*.java'
-    - any-glob-to-any-file: 'proprietary/src/main/java/**/*.java'
-    - any-glob-to-any-file: 'stirling-pdf/src/main/java/**/*.java'
-
-Back End:
-  - changed-files:
-    - any-glob-to-any-file: 'stirling-pdf/src/main/java/stirling/software/SPDF/config/**/*'
-    - any-glob-to-any-file: 'stirling-pdf/src/main/java/stirling/software/SPDF/controller/**/*'
-    - any-glob-to-any-file: 'stirling-pdf/src/main/resources/settings.yml.template'
-    - any-glob-to-any-file: 'stirling-pdf/src/main/resources/application.properties'
-    - any-glob-to-any-file: 'stirling-pdf/src/main/resources/banner.txt'
-    - any-glob-to-any-file: 'scripts/png_to_webp.py'
-    - any-glob-to-any-file: 'split_photos.py'
-
-Security:
-  - changed-files:
-    - any-glob-to-any-file: 'proprietary/src/main/java/stirling/software/proprietary/security/**/*'
-    - any-glob-to-any-file: 'scripts/download-security-jar.sh'
-    - any-glob-to-any-file: '.github/workflows/dependency-review.yml'
-    - any-glob-to-any-file: '.github/workflows/scorecards.yml'
-
-API:
-  - changed-files:
-    - any-glob-to-any-file: 'stirling-pdf/src/main/java/stirling/software/SPDF/config/OpenApiConfig.java'
-    - any-glob-to-any-file: 'stirling-pdf/src/main/java/stirling/software/SPDF/controller/web/MetricsController.java'
-    - any-glob-to-any-file: 'stirling-pdf/src/main/java/stirling/software/SPDF/controller/api/**/*'
-    - any-glob-to-any-file: 'stirling-pdf/src/main/java/stirling/software/SPDF/model/api/**/*'
-    - any-glob-to-any-file: 'scripts/png_to_webp.py'
-    - any-glob-to-any-file: 'split_photos.py'
-    - any-glob-to-any-file: '.github/workflows/swagger.yml'
-
-Documentation:
-  - changed-files:
-    - any-glob-to-any-file: '**/*.md'
-    - any-glob-to-any-file: 'scripts/counter_translation.py'
-    - any-glob-to-any-file: 'scripts/ignore_translation.toml'
-
-Docker:
-  - changed-files:
-    - any-glob-to-any-file: '.github/workflows/build.yml'
-    - any-glob-to-any-file: '.github/workflows/push-docker.yml'
-    - any-glob-to-any-file: 'Dockerfile'
-    - any-glob-to-any-file: 'Dockerfile.fat'
-    - any-glob-to-any-file: 'Dockerfile.ultra-lite'
-    - any-glob-to-any-file: 'exampleYmlFiles/*.yml'
-    - any-glob-to-any-file: 'scripts/download-security-jar.sh'
-    - any-glob-to-any-file: 'scripts/init.sh'
-    - any-glob-to-any-file: 'scripts/init-without-ocr.sh'
-    - any-glob-to-any-file: 'scripts/installFonts.sh'
-    - any-glob-to-any-file: 'test.sh'
-    - any-glob-to-any-file: 'test2.sh'
-
-Devtools:
-  - changed-files:
-    - any-glob-to-any-file: '.devcontainer/**/*'
-    - any-glob-to-any-file: 'Dockerfile.dev'
-
-Test:
-  - changed-files:
-    - any-glob-to-any-file: 'cucumber/**/*'
-    - any-glob-to-any-file: 'common/src/test/**/*'
-    - any-glob-to-any-file: 'proprietary/src/test/**/*'
-    - any-glob-to-any-file: 'stirling-pdf/src/test/**/*'
-    - any-glob-to-any-file: 'src/testing/**/*'
-    - any-glob-to-any-file: '.pre-commit-config'
-    - any-glob-to-any-file: '.github/workflows/pre_commit.yml'
-    - any-glob-to-any-file: '.github/workflows/scorecards.yml'
-
-Github:
-  - changed-files:
-    - any-glob-to-any-file: '.github/**/*'
--- a/.github/labels.yml
+++ b/.github/labels.yml
@ -42,6 +42,7 @@
 - name: "Front End"
  color: "BBD2F1"
  description: "Issues or pull requests related to front-end development"
+  from_name: "frontend"
 - name: "github-actions"
  description: "Pull requests that update GitHub Actions code"
  color: "999999"
@ -77,10 +78,12 @@
 - name: "Translation"
  color: "9FABF9"
  from_name: "translation"
+  description: "Issues or pull requests related to translation"
 - name: "upstream"
  color: "DEDEDE"
 - name: "v2"
  color: "FFFF00"
+  description: "Issues or pull requests related to the v2 branch"
 - name: "wontfix"
  description: "This will not be worked on"
  color: "FFFFFF"
@ -175,3 +178,9 @@
  description: "This PR changes 1000+ lines ignoring generated files."
 - name: "to research"
  color: "FBCA04"
+- name: "pr-deployed"
+  color: "00FF00"
+  description: "Pull request has been deployed to a test environment"
+- name: "codex"
+  color: "ededed"
+  description: "chatgpt AI generated code"
--- a/.github/scripts/check_language_properties.py
+++ b/.github/scripts/check_language_properties.py
@ -197,7 +197,7 @@ def check_for_differences(reference_file, file_list, branch, actor):
    if len(file_list) == 1:
        file_arr = file_list[0].split()
    base_dir = os.path.abspath(
-        os.path.join(os.getcwd(), "stirling-pdf", "src", "main", "resources")
+        os.path.join(os.getcwd(), "app", "core", "src", "main", "resources")
    )

    for file_path in file_arr:
@ -219,13 +219,14 @@ def check_for_differences(reference_file, file_list, branch, actor):
                # only local windows command
                not file_normpath.startswith(
                    os.path.join(
-                        "", "stirling-pdf", "src", "main", "resources", "messages_"
+                        "", "app", "core", "src", "main", "resources", "messages_"
                    )
                )
                and not file_normpath.startswith(
                    os.path.join(
                        os.getcwd(),
-                        "stirling-pdf",
+                        "app",
+                        "core",
                        "src",
                        "main",
                        "resources",
@ -328,7 +329,7 @@ def check_for_differences(reference_file, file_list, branch, actor):
        report.append("## ❌ Overall Check Status: **_Failed_**")
        report.append("")
        report.append(
-            f"@{actor} please check your translation if it conforms to the standard. Follow the format of [messages_en_GB.properties](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/stirling-pdf/src/main/resources/messages_en_GB.properties)"
+            f"@{actor} please check your translation if it conforms to the standard. Follow the format of [messages_en_GB.properties](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/app/core/src/main/resources/messages_en_GB.properties)"
        )
    else:
        report.append("## ✅ Overall Check Status: **_Success_**")
@ -389,7 +390,8 @@ if __name__ == "__main__":
            file_list = glob.glob(
                os.path.join(
                    os.getcwd(),
-                    "stirling-pdf",
+                    "app",
+                    "core",
                    "src",
                    "main",
                    "resources",
--- a/.github/scripts/requirements_dev.in
+++ b/.github/scripts/requirements_dev.in
@ -0,0 +1,8 @@
+pip
+setuptools
+WeasyPrint
+pdf2image
+pillow
+unoserver
+opencv-python-headless
+pre-commit
--- a/.github/scripts/requirements_dev.txt
+++ b/.github/scripts/requirements_dev.txt
@ -0,0 +1,638 @@
+#
+# This file is autogenerated by pip-compile with Python 3.10
+# by the following command:
+#
+#    pip-compile --allow-unsafe --generate-hashes --output-file='.github\scripts\requirements_dev.txt' --strip-extras '.github\scripts\requirements_dev.in'
+#
+brotli==1.1.0 \
+    --hash=sha256:03d20af184290887bdea3f0f78c4f737d126c74dc2f3ccadf07e54ceca3bf208 \
+    --hash=sha256:0541e747cce78e24ea12d69176f6a7ddb690e62c425e01d31cc065e69ce55b48 \
+    --hash=sha256:069a121ac97412d1fe506da790b3e69f52254b9df4eb665cd42460c837193354 \
+    --hash=sha256:0737ddb3068957cf1b054899b0883830bb1fec522ec76b1098f9b6e0f02d9419 \
+    --hash=sha256:0b63b949ff929fbc2d6d3ce0e924c9b93c9785d877a21a1b678877ffbbc4423a \
+    --hash=sha256:0c6244521dda65ea562d5a69b9a26120769b7a9fb3db2fe9545935ed6735b128 \
+    --hash=sha256:11d00ed0a83fa22d29bc6b64ef636c4552ebafcef57154b4ddd132f5638fbd1c \
+    --hash=sha256:141bd4d93984070e097521ed07e2575b46f817d08f9fa42b16b9b5f27b5ac088 \
+    --hash=sha256:19c116e796420b0cee3da1ccec3b764ed2952ccfcc298b55a10e5610ad7885f9 \
+    --hash=sha256:1ab4fbee0b2d9098c74f3057b2bc055a8bd92ccf02f65944a241b4349229185a \
+    --hash=sha256:1ae56aca0402a0f9a3431cddda62ad71666ca9d4dc3a10a142b9dce2e3c0cda3 \
+    --hash=sha256:1b2c248cd517c222d89e74669a4adfa5577e06ab68771a529060cf5a156e9757 \
+    --hash=sha256:1e9a65b5736232e7a7f91ff3d02277f11d339bf34099a56cdab6a8b3410a02b2 \
+    --hash=sha256:224e57f6eac61cc449f498cc5f0e1725ba2071a3d4f48d5d9dffba42db196438 \
+    --hash=sha256:22fc2a8549ffe699bfba2256ab2ed0421a7b8fadff114a3d201794e45a9ff578 \
+    --hash=sha256:23032ae55523cc7bccb4f6a0bf368cd25ad9bcdcc1990b64a647e7bbcce9cb5b \
+    --hash=sha256:2333e30a5e00fe0fe55903c8832e08ee9c3b1382aacf4db26664a16528d51b4b \
+    --hash=sha256:2954c1c23f81c2eaf0b0717d9380bd348578a94161a65b3a2afc62c86467dd68 \
+    --hash=sha256:2a24c50840d89ded6c9a8fdc7b6ed3692ed4e86f1c4a4a938e1e92def92933e0 \
+    --hash=sha256:2de9d02f5bda03d27ede52e8cfe7b865b066fa49258cbab568720aa5be80a47d \
+    --hash=sha256:2feb1d960f760a575dbc5ab3b1c00504b24caaf6986e2dc2b01c09c87866a943 \
+    --hash=sha256:30924eb4c57903d5a7526b08ef4a584acc22ab1ffa085faceb521521d2de32dd \
+    --hash=sha256:316cc9b17edf613ac76b1f1f305d2a748f1b976b033b049a6ecdfd5612c70409 \
+    --hash=sha256:32d95b80260d79926f5fab3c41701dbb818fde1c9da590e77e571eefd14abe28 \
+    --hash=sha256:38025d9f30cf4634f8309c6874ef871b841eb3c347e90b0851f63d1ded5212da \
+    --hash=sha256:39da8adedf6942d76dc3e46653e52df937a3c4d6d18fdc94a7c29d263b1f5b50 \
+    --hash=sha256:3c0ef38c7a7014ffac184db9e04debe495d317cc9c6fb10071f7fefd93100a4f \
+    --hash=sha256:3d7954194c36e304e1523f55d7042c59dc53ec20dd4e9ea9d151f1b62b4415c0 \
+    --hash=sha256:3ee8a80d67a4334482d9712b8e83ca6b1d9bc7e351931252ebef5d8f7335a547 \
+    --hash=sha256:4093c631e96fdd49e0377a9c167bfd75b6d0bad2ace734c6eb20b348bc3ea180 \
+    --hash=sha256:43395e90523f9c23a3d5bdf004733246fba087f2948f87ab28015f12359ca6a0 \
+    --hash=sha256:43ce1b9935bfa1ede40028054d7f48b5469cd02733a365eec8a329ffd342915d \
+    --hash=sha256:4410f84b33374409552ac9b6903507cdb31cd30d2501fc5ca13d18f73548444a \
+    --hash=sha256:494994f807ba0b92092a163a0a283961369a65f6cbe01e8891132b7a320e61eb \
+    --hash=sha256:4d4a848d1837973bf0f4b5e54e3bec977d99be36a7895c61abb659301b02c112 \
+    --hash=sha256:4ed11165dd45ce798d99a136808a794a748d5dc38511303239d4e2363c0695dc \
+    --hash=sha256:4f3607b129417e111e30637af1b56f24f7a49e64763253bbc275c75fa887d4b2 \
+    --hash=sha256:510b5b1bfbe20e1a7b3baf5fed9e9451873559a976c1a78eebaa3b86c57b4265 \
+    --hash=sha256:524f35912131cc2cabb00edfd8d573b07f2d9f21fa824bd3fb19725a9cf06327 \
+    --hash=sha256:587ca6d3cef6e4e868102672d3bd9dc9698c309ba56d41c2b9c85bbb903cdb95 \
+    --hash=sha256:58d4b711689366d4a03ac7957ab8c28890415e267f9b6589969e74b6e42225ec \
+    --hash=sha256:5b3cc074004d968722f51e550b41a27be656ec48f8afaeeb45ebf65b561481dd \
+    --hash=sha256:5dab0844f2cf82be357a0eb11a9087f70c5430b2c241493fc122bb6f2bb0917c \
+    --hash=sha256:5e55da2c8724191e5b557f8e18943b1b4839b8efc3ef60d65985bcf6f587dd38 \
+    --hash=sha256:5eeb539606f18a0b232d4ba45adccde4125592f3f636a6182b4a8a436548b914 \
+    --hash=sha256:5f4d5ea15c9382135076d2fb28dde923352fe02951e66935a9efaac8f10e81b0 \
+    --hash=sha256:5fb2ce4b8045c78ebbc7b8f3c15062e435d47e7393cc57c25115cfd49883747a \
+    --hash=sha256:6172447e1b368dcbc458925e5ddaf9113477b0ed542df258d84fa28fc45ceea7 \
+    --hash=sha256:6967ced6730aed543b8673008b5a391c3b1076d834ca438bbd70635c73775368 \
+    --hash=sha256:6974f52a02321b36847cd19d1b8e381bf39939c21efd6ee2fc13a28b0d99348c \
+    --hash=sha256:6c3020404e0b5eefd7c9485ccf8393cfb75ec38ce75586e046573c9dc29967a0 \
+    --hash=sha256:6c6e0c425f22c1c719c42670d561ad682f7bfeeef918edea971a79ac5252437f \
+    --hash=sha256:70051525001750221daa10907c77830bc889cb6d865cc0b813d9db7fefc21451 \
+    --hash=sha256:7905193081db9bfa73b1219140b3d315831cbff0d8941f22da695832f0dd188f \
+    --hash=sha256:7bc37c4d6b87fb1017ea28c9508b36bbcb0c3d18b4260fcdf08b200c74a6aee8 \
+    --hash=sha256:7c4855522edb2e6ae7fdb58e07c3ba9111e7621a8956f481c68d5d979c93032e \
+    --hash=sha256:7e4c4629ddad63006efa0ef968c8e4751c5868ff0b1c5c40f76524e894c50248 \
+    --hash=sha256:7eedaa5d036d9336c95915035fb57422054014ebdeb6f3b42eac809928e40d0c \
+    --hash=sha256:7f4bf76817c14aa98cc6697ac02f3972cb8c3da93e9ef16b9c66573a68014f91 \
+    --hash=sha256:81de08ac11bcb85841e440c13611c00b67d3bf82698314928d0b676362546724 \
+    --hash=sha256:832436e59afb93e1836081a20f324cb185836c617659b07b129141a8426973c7 \
+    --hash=sha256:861bf317735688269936f755fa136a99d1ed526883859f86e41a5d43c61d8966 \
+    --hash=sha256:87a3044c3a35055527ac75e419dfa9f4f3667a1e887ee80360589eb8c90aabb9 \
+    --hash=sha256:890b5a14ce214389b2cc36ce82f3093f96f4cc730c1cffdbefff77a7c71f2a97 \
+    --hash=sha256:89f4988c7203739d48c6f806f1e87a1d96e0806d44f0fba61dba81392c9e474d \
+    --hash=sha256:8bf32b98b75c13ec7cf774164172683d6e7891088f6316e54425fde1efc276d5 \
+    --hash=sha256:8dadd1314583ec0bf2d1379f7008ad627cd6336625d6679cf2f8e67081b83acf \
+    --hash=sha256:901032ff242d479a0efa956d853d16875d42157f98951c0230f69e69f9c09bac \
+    --hash=sha256:9011560a466d2eb3f5a6e4929cf4a09be405c64154e12df0dd72713f6500e32b \
+    --hash=sha256:906bc3a79de8c4ae5b86d3d75a8b77e44404b0f4261714306e3ad248d8ab0951 \
+    --hash=sha256:919e32f147ae93a09fe064d77d5ebf4e35502a8df75c29fb05788528e330fe74 \
+    --hash=sha256:91d7cc2a76b5567591d12c01f019dd7afce6ba8cba6571187e21e2fc418ae648 \
+    --hash=sha256:929811df5462e182b13920da56c6e0284af407d1de637d8e536c5cd00a7daf60 \
+    --hash=sha256:949f3b7c29912693cee0afcf09acd6ebc04c57af949d9bf77d6101ebb61e388c \
+    --hash=sha256:a090ca607cbb6a34b0391776f0cb48062081f5f60ddcce5d11838e67a01928d1 \
+    --hash=sha256:a1fd8a29719ccce974d523580987b7f8229aeace506952fa9ce1d53a033873c8 \
+    --hash=sha256:a37b8f0391212d29b3a91a799c8e4a2855e0576911cdfb2515487e30e322253d \
+    --hash=sha256:a3daabb76a78f829cafc365531c972016e4aa8d5b4bf60660ad8ecee19df7ccc \
+    --hash=sha256:a469274ad18dc0e4d316eefa616d1d0c2ff9da369af19fa6f3daa4f09671fd61 \
+    --hash=sha256:a599669fd7c47233438a56936988a2478685e74854088ef5293802123b5b2460 \
+    --hash=sha256:a743e5a28af5f70f9c080380a5f908d4d21d40e8f0e0c8901604d15cfa9ba751 \
+    --hash=sha256:a77def80806c421b4b0af06f45d65a136e7ac0bdca3c09d9e2ea4e515367c7e9 \
+    --hash=sha256:a7e53012d2853a07a4a79c00643832161a910674a893d296c9f1259859a289d2 \
+    --hash=sha256:a93dde851926f4f2678e704fadeb39e16c35d8baebd5252c9fd94ce8ce68c4a0 \
+    --hash=sha256:aac0411d20e345dc0920bdec5548e438e999ff68d77564d5e9463a7ca9d3e7b1 \
+    --hash=sha256:ae15b066e5ad21366600ebec29a7ccbc86812ed267e4b28e860b8ca16a2bc474 \
+    --hash=sha256:aea440a510e14e818e67bfc4027880e2fb500c2ccb20ab21c7a7c8b5b4703d75 \
+    --hash=sha256:af6fa6817889314555aede9a919612b23739395ce767fe7fcbea9a80bf140fe5 \
+    --hash=sha256:b760c65308ff1e462f65d69c12e4ae085cff3b332d894637f6273a12a482d09f \
+    --hash=sha256:be36e3d172dc816333f33520154d708a2657ea63762ec16b62ece02ab5e4daf2 \
+    --hash=sha256:c247dd99d39e0338a604f8c2b3bc7061d5c2e9e2ac7ba9cc1be5a69cb6cd832f \
+    --hash=sha256:c5529b34c1c9d937168297f2c1fde7ebe9ebdd5e121297ff9c043bdb2ae3d6fb \
+    --hash=sha256:c8146669223164fc87a7e3de9f81e9423c67a79d6b3447994dfb9c95da16e2d6 \
+    --hash=sha256:c8fd5270e906eef71d4a8d19b7c6a43760c6abcfcc10c9101d14eb2357418de9 \
+    --hash=sha256:ca63e1890ede90b2e4454f9a65135a4d387a4585ff8282bb72964fab893f2111 \
+    --hash=sha256:caf9ee9a5775f3111642d33b86237b05808dafcd6268faa492250e9b78046eb2 \
+    --hash=sha256:cb1dac1770878ade83f2ccdf7d25e494f05c9165f5246b46a621cc849341dc01 \
+    --hash=sha256:cdad5b9014d83ca68c25d2e9444e28e967ef16e80f6b436918c700c117a85467 \
+    --hash=sha256:cdbc1fc1bc0bff1cef838eafe581b55bfbffaed4ed0318b724d0b71d4d377619 \
+    --hash=sha256:ceb64bbc6eac5a140ca649003756940f8d6a7c444a68af170b3187623b43bebf \
+    --hash=sha256:d0c5516f0aed654134a2fc936325cc2e642f8a0e096d075209672eb321cff408 \
+    --hash=sha256:d143fd47fad1db3d7c27a1b1d66162e855b5d50a89666af46e1679c496e8e579 \
+    --hash=sha256:d192f0f30804e55db0d0e0a35d83a9fead0e9a359a9ed0285dbacea60cc10a84 \
+    --hash=sha256:d2b35ca2c7f81d173d2fadc2f4f31e88cc5f7a39ae5b6db5513cf3383b0e0ec7 \
+    --hash=sha256:d342778ef319e1026af243ed0a07c97acf3bad33b9f29e7ae6a1f68fd083e90c \
+    --hash=sha256:d487f5432bf35b60ed625d7e1b448e2dc855422e87469e3f450aa5552b0eb284 \
+    --hash=sha256:d7702622a8b40c49bffb46e1e3ba2e81268d5c04a34f460978c6b5517a34dd52 \
+    --hash=sha256:db85ecf4e609a48f4b29055f1e144231b90edc90af7481aa731ba2d059226b1b \
+    --hash=sha256:de6551e370ef19f8de1807d0a9aa2cdfdce2e85ce88b122fe9f6b2b076837e59 \
+    --hash=sha256:e1140c64812cb9b06c922e77f1c26a75ec5e3f0fb2bf92cc8c58720dec276752 \
+    --hash=sha256:e4fe605b917c70283db7dfe5ada75e04561479075761a0b3866c081d035b01c1 \
+    --hash=sha256:e6a904cb26bfefc2f0a6f240bdf5233be78cd2488900a2f846f3c3ac8489ab80 \
+    --hash=sha256:e79e6520141d792237c70bcd7a3b122d00f2613769ae0cb61c52e89fd3443839 \
+    --hash=sha256:e84799f09591700a4154154cab9787452925578841a94321d5ee8fb9a9a328f0 \
+    --hash=sha256:e93dfc1a1165e385cc8239fab7c036fb2cd8093728cbd85097b284d7b99249a2 \
+    --hash=sha256:efa8b278894b14d6da122a72fefcebc28445f2d3f880ac59d46c90f4c13be9a3 \
+    --hash=sha256:f0d8a7a6b5983c2496e364b969f0e526647a06b075d034f3297dc66f3b360c64 \
+    --hash=sha256:f0db75f47be8b8abc8d9e31bc7aad0547ca26f24a54e6fd10231d623f183d089 \
+    --hash=sha256:f296c40e23065d0d6650c4aefe7470d2a25fffda489bcc3eb66083f3ac9f6643 \
+    --hash=sha256:f31859074d57b4639318523d6ffdca586ace54271a73ad23ad021acd807eb14b \
+    --hash=sha256:f66b5337fa213f1da0d9000bc8dc0cb5b896b726eefd9c6046f699b169c41b9e \
+    --hash=sha256:f733d788519c7e3e71f0855c96618720f5d3d60c3cb829d8bbb722dddce37985 \
+    --hash=sha256:fce1473f3ccc4187f75b4690cfc922628aed4d3dd013d047f95a9b3919a86596 \
+    --hash=sha256:fd5f17ff8f14003595ab414e45fce13d073e0762394f957182e69035c9f3d7c2 \
+    --hash=sha256:fdc3ff3bfccdc6b9cc7c342c03aa2400683f0cb891d46e94b64a197910dc4064
+    # via fonttools
+cffi==1.17.1 \
+    --hash=sha256:045d61c734659cc045141be4bae381a41d89b741f795af1dd018bfb532fd0df8 \
+    --hash=sha256:0984a4925a435b1da406122d4d7968dd861c1385afe3b45ba82b750f229811e2 \
+    --hash=sha256:0e2b1fac190ae3ebfe37b979cc1ce69c81f4e4fe5746bb401dca63a9062cdaf1 \
+    --hash=sha256:0f048dcf80db46f0098ccac01132761580d28e28bc0f78ae0d58048063317e15 \
+    --hash=sha256:1257bdabf294dceb59f5e70c64a3e2f462c30c7ad68092d01bbbfb1c16b1ba36 \
+    --hash=sha256:1c39c6016c32bc48dd54561950ebd6836e1670f2ae46128f67cf49e789c52824 \
+    --hash=sha256:1d599671f396c4723d016dbddb72fe8e0397082b0a77a4fab8028923bec050e8 \
+    --hash=sha256:28b16024becceed8c6dfbc75629e27788d8a3f9030691a1dbf9821a128b22c36 \
+    --hash=sha256:2bb1a08b8008b281856e5971307cc386a8e9c5b625ac297e853d36da6efe9c17 \
+    --hash=sha256:30c5e0cb5ae493c04c8b42916e52ca38079f1b235c2f8ae5f4527b963c401caf \
+    --hash=sha256:31000ec67d4221a71bd3f67df918b1f88f676f1c3b535a7eb473255fdc0b83fc \
+    --hash=sha256:386c8bf53c502fff58903061338ce4f4950cbdcb23e2902d86c0f722b786bbe3 \
+    --hash=sha256:3edc8d958eb099c634dace3c7e16560ae474aa3803a5df240542b305d14e14ed \
+    --hash=sha256:45398b671ac6d70e67da8e4224a065cec6a93541bb7aebe1b198a61b58c7b702 \
+    --hash=sha256:46bf43160c1a35f7ec506d254e5c890f3c03648a4dbac12d624e4490a7046cd1 \
+    --hash=sha256:4ceb10419a9adf4460ea14cfd6bc43d08701f0835e979bf821052f1805850fe8 \
+    --hash=sha256:51392eae71afec0d0c8fb1a53b204dbb3bcabcb3c9b807eedf3e1e6ccf2de903 \
+    --hash=sha256:5da5719280082ac6bd9aa7becb3938dc9f9cbd57fac7d2871717b1feb0902ab6 \
+    --hash=sha256:610faea79c43e44c71e1ec53a554553fa22321b65fae24889706c0a84d4ad86d \
+    --hash=sha256:636062ea65bd0195bc012fea9321aca499c0504409f413dc88af450b57ffd03b \
+    --hash=sha256:6883e737d7d9e4899a8a695e00ec36bd4e5e4f18fabe0aca0efe0a4b44cdb13e \
+    --hash=sha256:6b8b4a92e1c65048ff98cfe1f735ef8f1ceb72e3d5f0c25fdb12087a23da22be \
+    --hash=sha256:6f17be4345073b0a7b8ea599688f692ac3ef23ce28e5df79c04de519dbc4912c \
+    --hash=sha256:706510fe141c86a69c8ddc029c7910003a17353970cff3b904ff0686a5927683 \
+    --hash=sha256:72e72408cad3d5419375fc87d289076ee319835bdfa2caad331e377589aebba9 \
+    --hash=sha256:733e99bc2df47476e3848417c5a4540522f234dfd4ef3ab7fafdf555b082ec0c \
+    --hash=sha256:7596d6620d3fa590f677e9ee430df2958d2d6d6de2feeae5b20e82c00b76fbf8 \
+    --hash=sha256:78122be759c3f8a014ce010908ae03364d00a1f81ab5c7f4a7a5120607ea56e1 \
+    --hash=sha256:805b4371bf7197c329fcb3ead37e710d1bca9da5d583f5073b799d5c5bd1eee4 \
+    --hash=sha256:85a950a4ac9c359340d5963966e3e0a94a676bd6245a4b55bc43949eee26a655 \
+    --hash=sha256:8f2cdc858323644ab277e9bb925ad72ae0e67f69e804f4898c070998d50b1a67 \
+    --hash=sha256:9755e4345d1ec879e3849e62222a18c7174d65a6a92d5b346b1863912168b595 \
+    --hash=sha256:98e3969bcff97cae1b2def8ba499ea3d6f31ddfdb7635374834cf89a1a08ecf0 \
+    --hash=sha256:a08d7e755f8ed21095a310a693525137cfe756ce62d066e53f502a83dc550f65 \
+    --hash=sha256:a1ed2dd2972641495a3ec98445e09766f077aee98a1c896dcb4ad0d303628e41 \
+    --hash=sha256:a24ed04c8ffd54b0729c07cee15a81d964e6fee0e3d4d342a27b020d22959dc6 \
+    --hash=sha256:a45e3c6913c5b87b3ff120dcdc03f6131fa0065027d0ed7ee6190736a74cd401 \
+    --hash=sha256:a9b15d491f3ad5d692e11f6b71f7857e7835eb677955c00cc0aefcd0669adaf6 \
+    --hash=sha256:ad9413ccdeda48c5afdae7e4fa2192157e991ff761e7ab8fdd8926f40b160cc3 \
+    --hash=sha256:b2ab587605f4ba0bf81dc0cb08a41bd1c0a5906bd59243d56bad7668a6fc6c16 \
+    --hash=sha256:b62ce867176a75d03a665bad002af8e6d54644fad99a3c70905c543130e39d93 \
+    --hash=sha256:c03e868a0b3bc35839ba98e74211ed2b05d2119be4e8a0f224fba9384f1fe02e \
+    --hash=sha256:c59d6e989d07460165cc5ad3c61f9fd8f1b4796eacbd81cee78957842b834af4 \
+    --hash=sha256:c7eac2ef9b63c79431bc4b25f1cd649d7f061a28808cbc6c47b534bd789ef964 \
+    --hash=sha256:c9c3d058ebabb74db66e431095118094d06abf53284d9c81f27300d0e0d8bc7c \
+    --hash=sha256:ca74b8dbe6e8e8263c0ffd60277de77dcee6c837a3d0881d8c1ead7268c9e576 \
+    --hash=sha256:caaf0640ef5f5517f49bc275eca1406b0ffa6aa184892812030f04c2abf589a0 \
+    --hash=sha256:cdf5ce3acdfd1661132f2a9c19cac174758dc2352bfe37d98aa7512c6b7178b3 \
+    --hash=sha256:d016c76bdd850f3c626af19b0542c9677ba156e4ee4fccfdd7848803533ef662 \
+    --hash=sha256:d01b12eeeb4427d3110de311e1774046ad344f5b1a7403101878976ecd7a10f3 \
+    --hash=sha256:d63afe322132c194cf832bfec0dc69a99fb9bb6bbd550f161a49e9e855cc78ff \
+    --hash=sha256:da95af8214998d77a98cc14e3a3bd00aa191526343078b530ceb0bd710fb48a5 \
+    --hash=sha256:dd398dbc6773384a17fe0d3e7eeb8d1a21c2200473ee6806bb5e6a8e62bb73dd \
+    --hash=sha256:de2ea4b5833625383e464549fec1bc395c1bdeeb5f25c4a3a82b5a8c756ec22f \
+    --hash=sha256:de55b766c7aa2e2a3092c51e0483d700341182f08e67c63630d5b6f200bb28e5 \
+    --hash=sha256:df8b1c11f177bc2313ec4b2d46baec87a5f3e71fc8b45dab2ee7cae86d9aba14 \
+    --hash=sha256:e03eab0a8677fa80d646b5ddece1cbeaf556c313dcfac435ba11f107ba117b5d \
+    --hash=sha256:e221cf152cff04059d011ee126477f0d9588303eb57e88923578ace7baad17f9 \
+    --hash=sha256:e31ae45bc2e29f6b2abd0de1cc3b9d5205aa847cafaecb8af1476a609a2f6eb7 \
+    --hash=sha256:edae79245293e15384b51f88b00613ba9f7198016a5948b5dddf4917d4d26382 \
+    --hash=sha256:f1e22e8c4419538cb197e4dd60acc919d7696e5ef98ee4da4e01d3f8cfa4cc5a \
+    --hash=sha256:f3a2b4222ce6b60e2e8b337bb9596923045681d71e5a082783484d845390938e \
+    --hash=sha256:f6a16c31041f09ead72d69f583767292f750d24913dadacf5756b966aacb3f1a \
+    --hash=sha256:f75c7ab1f9e4aca5414ed4d8e5c0e303a34f4421f8a0d47a4d019ceff0ab6af4 \
+    --hash=sha256:f79fc4fc25f1c8698ff97788206bb3c2598949bfe0fef03d299eb1b5356ada99 \
+    --hash=sha256:f7f5baafcc48261359e14bcd6d9bff6d4b28d9103847c9e136694cb0501aef87 \
+    --hash=sha256:fc48c783f9c87e60831201f2cce7f3b2e4846bf4d8728eabe54d60700b318a0b
+    # via weasyprint
+cfgv==3.4.0 \
+    --hash=sha256:b7265b1f29fd3316bfcd2b330d63d024f2bfd8bcb8b0272f8e19a504856c48f9 \
+    --hash=sha256:e52591d4c5f5dead8e0f673fb16db7949d2cfb3f7da4582893288f0ded8fe560
+    # via pre-commit
+cssselect2==0.8.0 \
+    --hash=sha256:46fc70ebc41ced7a32cd42d58b1884d72ade23d21e5a4eaaf022401c13f0e76e \
+    --hash=sha256:7674ffb954a3b46162392aee2a3a0aedb2e14ecf99fcc28644900f4e6e3e9d3a
+    # via weasyprint
+distlib==0.4.0 \
+    --hash=sha256:9659f7d87e46584a30b5780e43ac7a2143098441670ff0a49d5f9034c54a6c16 \
+    --hash=sha256:feec40075be03a04501a973d81f633735b4b69f98b05450592310c0f401a4e0d
+    # via virtualenv
+filelock==3.18.0 \
+    --hash=sha256:adbc88eabb99d2fec8c9c1b229b171f18afa655400173ddc653d5d01501fb9f2 \
+    --hash=sha256:c401f4f8377c4464e6db25fff06205fd89bdd83b65eb0488ed1b160f780e21de
+    # via virtualenv
+fonttools==4.59.0 \
+    --hash=sha256:052444a5d0151878e87e3e512a1aa1a0ab35ee4c28afde0a778e23b0ace4a7de \
+    --hash=sha256:169b99a2553a227f7b5fea8d9ecd673aa258617f466b2abc6091fe4512a0dcd0 \
+    --hash=sha256:209b75943d158f610b78320eacb5539aa9e920bee2c775445b2846c65d20e19d \
+    --hash=sha256:21e606b2d38fed938dde871c5736822dd6bda7a4631b92e509a1f5cd1b90c5df \
+    --hash=sha256:241313683afd3baacb32a6bd124d0bce7404bc5280e12e291bae1b9bba28711d \
+    --hash=sha256:26731739daa23b872643f0e4072d5939960237d540c35c14e6a06d47d71ca8fe \
+    --hash=sha256:2e7cf8044ce2598bb87e44ba1d2c6e45d7a8decf56055b92906dc53f67c76d64 \
+    --hash=sha256:31003b6a10f70742a63126b80863ab48175fb8272a18ca0846c0482968f0588e \
+    --hash=sha256:332bfe685d1ac58ca8d62b8d6c71c2e52a6c64bc218dc8f7825c9ea51385aa01 \
+    --hash=sha256:37c377f7cb2ab2eca8a0b319c68146d34a339792f9420fca6cd49cf28d370705 \
+    --hash=sha256:37e01c6ec0c98599778c2e688350d624fa4770fbd6144551bd5e032f1199171c \
+    --hash=sha256:401b1941ce37e78b8fd119b419b617277c65ae9417742a63282257434fd68ea2 \
+    --hash=sha256:4536f2695fe5c1ffb528d84a35a7d3967e5558d2af58b4775e7ab1449d65767b \
+    --hash=sha256:4c908a7036f0f3677f8afa577bcd973e3e20ddd2f7c42a33208d18bee95cdb6f \
+    --hash=sha256:51ab1ff33c19e336c02dee1e9fd1abd974a4ca3d8f7eef2a104d0816a241ce97 \
+    --hash=sha256:524133c1be38445c5c0575eacea42dbd44374b310b1ffc4b60ff01d881fabb96 \
+    --hash=sha256:57bb7e26928573ee7c6504f54c05860d867fd35e675769f3ce01b52af38d48e2 \
+    --hash=sha256:60f6665579e909b618282f3c14fa0b80570fbf1ee0e67678b9a9d43aa5d67a37 \
+    --hash=sha256:62224a9bb85b4b66d1b46d45cbe43d71cbf8f527d332b177e3b96191ffbc1e64 \
+    --hash=sha256:6770d7da00f358183d8fd5c4615436189e4f683bdb6affb02cad3d221d7bb757 \
+    --hash=sha256:6801aeddb6acb2c42eafa45bc1cb98ba236871ae6f33f31e984670b749a8e58e \
+    --hash=sha256:70d6b3ceaa9cc5a6ac52884f3b3d9544e8e231e95b23f138bdb78e6d4dc0eae3 \
+    --hash=sha256:78813b49d749e1bb4db1c57f2d4d7e6db22c253cb0a86ad819f5dc197710d4b2 \
+    --hash=sha256:841b2186adce48903c0fef235421ae21549020eca942c1da773ac380b056ab3c \
+    --hash=sha256:84fc186980231a287b28560d3123bd255d3c6b6659828c642b4cf961e2b923d0 \
+    --hash=sha256:885bde7d26e5b40e15c47bd5def48b38cbd50830a65f98122a8fb90962af7cd1 \
+    --hash=sha256:8b4309a2775e4feee7356e63b163969a215d663399cce1b3d3b65e7ec2d9680e \
+    --hash=sha256:8d77f92438daeaddc05682f0f3dac90c5b9829bcac75b57e8ce09cb67786073c \
+    --hash=sha256:902425f5afe28572d65d2bf9c33edd5265c612ff82c69e6f83ea13eafc0dcbea \
+    --hash=sha256:9bcc1e77fbd1609198966ded6b2a9897bd6c6bcbd2287a2fc7d75f1a254179c5 \
+    --hash=sha256:a408c3c51358c89b29cfa5317cf11518b7ce5de1717abb55c5ae2d2921027de6 \
+    --hash=sha256:a9bf8adc9e1f3012edc8f09b08336272aec0c55bc677422273e21280db748f7c \
+    --hash=sha256:b818db35879d2edf7f46c7e729c700a0bce03b61b9412f5a7118406687cb151d \
+    --hash=sha256:b8974b2a266b54c96709bd5e239979cddfd2dbceed331aa567ea1d7c4a2202db \
+    --hash=sha256:be392ec3529e2f57faa28709d60723a763904f71a2b63aabe14fee6648fe3b14 \
+    --hash=sha256:d3972b13148c1d1fbc092b27678a33b3080d1ac0ca305742b0119b75f9e87e38 \
+    --hash=sha256:d40dcf533ca481355aa7b682e9e079f766f35715defa4929aeb5597f9604272e \
+    --hash=sha256:e93df708c69a193fc7987192f94df250f83f3851fda49413f02ba5dded639482 \
+    --hash=sha256:efd7e6660674e234e29937bc1481dceb7e0336bfae75b856b4fb272b5093c5d4 \
+    --hash=sha256:f9b3a78f69dcbd803cf2fb3f972779875b244c1115481dfbdd567b2c22b31f6b \
+    --hash=sha256:fa39475eaccb98f9199eccfda4298abaf35ae0caec676ffc25b3a5e224044464 \
+    --hash=sha256:fbce6dae41b692a5973d0f2158f782b9ad05babc2c2019a970a1094a23909b1b
+    # via weasyprint
+identify==2.6.13 \
+    --hash=sha256:60381139b3ae39447482ecc406944190f690d4a2997f2584062089848361b33b \
+    --hash=sha256:da8d6c828e773620e13bfa86ea601c5a5310ba4bcd65edf378198b56a1f9fb32
+    # via pre-commit
+nodeenv==1.9.1 \
+    --hash=sha256:6ec12890a2dab7946721edbfbcd91f3319c6ccc9aec47be7c7e6b7011ee6645f \
+    --hash=sha256:ba11c9782d29c27c70ffbdda2d7415098754709be8a7056d79a737cd901155c9
+    # via pre-commit
+numpy==2.2.6 \
+    --hash=sha256:038613e9fb8c72b0a41f025a7e4c3f0b7a1b5d768ece4796b674c8f3fe13efff \
+    --hash=sha256:0678000bb9ac1475cd454c6b8c799206af8107e310843532b04d49649c717a47 \
+    --hash=sha256:0811bb762109d9708cca4d0b13c4f67146e3c3b7cf8d34018c722adb2d957c84 \
+    --hash=sha256:0b605b275d7bd0c640cad4e5d30fa701a8d59302e127e5f79138ad62762c3e3d \
+    --hash=sha256:0bca768cd85ae743b2affdc762d617eddf3bcf8724435498a1e80132d04879e6 \
+    --hash=sha256:1bc23a79bfabc5d056d106f9befb8d50c31ced2fbc70eedb8155aec74a45798f \
+    --hash=sha256:287cc3162b6f01463ccd86be154f284d0893d2b3ed7292439ea97eafa8170e0b \
+    --hash=sha256:37c0ca431f82cd5fa716eca9506aefcabc247fb27ba69c5062a6d3ade8cf8f49 \
+    --hash=sha256:37e990a01ae6ec7fe7fa1c26c55ecb672dd98b19c3d0e1d1f326fa13cb38d163 \
+    --hash=sha256:389d771b1623ec92636b0786bc4ae56abafad4a4c513d36a55dce14bd9ce8571 \
+    --hash=sha256:3d70692235e759f260c3d837193090014aebdf026dfd167834bcba43e30c2a42 \
+    --hash=sha256:41c5a21f4a04fa86436124d388f6ed60a9343a6f767fced1a8a71c3fbca038ff \
+    --hash=sha256:481b49095335f8eed42e39e8041327c05b0f6f4780488f61286ed3c01368d491 \
+    --hash=sha256:4eeaae00d789f66c7a25ac5f34b71a7035bb474e679f410e5e1a94deb24cf2d4 \
+    --hash=sha256:55a4d33fa519660d69614a9fad433be87e5252f4b03850642f88993f7b2ca566 \
+    --hash=sha256:5a6429d4be8ca66d889b7cf70f536a397dc45ba6faeb5f8c5427935d9592e9cf \
+    --hash=sha256:5bd4fc3ac8926b3819797a7c0e2631eb889b4118a9898c84f585a54d475b7e40 \
+    --hash=sha256:5beb72339d9d4fa36522fc63802f469b13cdbe4fdab4a288f0c441b74272ebfd \
+    --hash=sha256:6031dd6dfecc0cf9f668681a37648373bddd6421fff6c66ec1624eed0180ee06 \
+    --hash=sha256:71594f7c51a18e728451bb50cc60a3ce4e6538822731b2933209a1f3614e9282 \
+    --hash=sha256:74d4531beb257d2c3f4b261bfb0fc09e0f9ebb8842d82a7b4209415896adc680 \
+    --hash=sha256:7befc596a7dc9da8a337f79802ee8adb30a552a94f792b9c9d18c840055907db \
+    --hash=sha256:894b3a42502226a1cac872f840030665f33326fc3dac8e57c607905773cdcde3 \
+    --hash=sha256:8e41fd67c52b86603a91c1a505ebaef50b3314de0213461c7a6e99c9a3beff90 \
+    --hash=sha256:8e9ace4a37db23421249ed236fdcdd457d671e25146786dfc96835cd951aa7c1 \
+    --hash=sha256:8fc377d995680230e83241d8a96def29f204b5782f371c532579b4f20607a289 \
+    --hash=sha256:9551a499bf125c1d4f9e250377c1ee2eddd02e01eac6644c080162c0c51778ab \
+    --hash=sha256:b0544343a702fa80c95ad5d3d608ea3599dd54d4632df855e4c8d24eb6ecfa1c \
+    --hash=sha256:b093dd74e50a8cba3e873868d9e93a85b78e0daf2e98c6797566ad8044e8363d \
+    --hash=sha256:b412caa66f72040e6d268491a59f2c43bf03eb6c96dd8f0307829feb7fa2b6fb \
+    --hash=sha256:b4f13750ce79751586ae2eb824ba7e1e8dba64784086c98cdbbcc6a42112ce0d \
+    --hash=sha256:b64d8d4d17135e00c8e346e0a738deb17e754230d7e0810ac5012750bbd85a5a \
+    --hash=sha256:ba10f8411898fc418a521833e014a77d3ca01c15b0c6cdcce6a0d2897e6dbbdf \
+    --hash=sha256:bd48227a919f1bafbdda0583705e547892342c26fb127219d60a5c36882609d1 \
+    --hash=sha256:c1f9540be57940698ed329904db803cf7a402f3fc200bfe599334c9bd84a40b2 \
+    --hash=sha256:c820a93b0255bc360f53eca31a0e676fd1101f673dda8da93454a12e23fc5f7a \
+    --hash=sha256:ce47521a4754c8f4593837384bd3424880629f718d87c5d44f8ed763edd63543 \
+    --hash=sha256:d042d24c90c41b54fd506da306759e06e568864df8ec17ccc17e9e884634fd00 \
+    --hash=sha256:de749064336d37e340f640b05f24e9e3dd678c57318c7289d222a8a2f543e90c \
+    --hash=sha256:e1dda9c7e08dc141e0247a5b8f49cf05984955246a327d4c48bda16821947b2f \
+    --hash=sha256:e29554e2bef54a90aa5cc07da6ce955accb83f21ab5de01a62c8478897b264fd \
+    --hash=sha256:e3143e4451880bed956e706a3220b4e5cf6172ef05fcc397f6f36a550b1dd868 \
+    --hash=sha256:e8213002e427c69c45a52bbd94163084025f533a55a59d6f9c5b820774ef3303 \
+    --hash=sha256:efd28d4e9cd7d7a8d39074a4d44c63eda73401580c5c76acda2ce969e0a38e83 \
+    --hash=sha256:f0fd6321b839904e15c46e0d257fdd101dd7f530fe03fd6359c1ea63738703f3 \
+    --hash=sha256:f1372f041402e37e5e633e586f62aa53de2eac8d98cbfb822806ce4bbefcb74d \
+    --hash=sha256:f2618db89be1b4e05f7a1a847a9c1c0abd63e63a1607d892dd54668dd92faf87 \
+    --hash=sha256:f447e6acb680fd307f40d3da4852208af94afdfab89cf850986c3ca00562f4fa \
+    --hash=sha256:f92729c95468a2f4f15e9bb94c432a9229d0d50de67304399627a943201baa2f \
+    --hash=sha256:f9f1adb22318e121c5c69a09142811a201ef17ab257a1e66ca3025065b7f53ae \
+    --hash=sha256:fc0c5673685c508a142ca65209b4e79ed6740a4ed6b2267dbba90f34b0b3cfda \
+    --hash=sha256:fc7b73d02efb0e18c000e9ad8b83480dfcd5dfd11065997ed4c6747470ae8915 \
+    --hash=sha256:fd83c01228a688733f1ded5201c678f0c53ecc1006ffbc404db9f7a899ac6249 \
+    --hash=sha256:fe27749d33bb772c80dcd84ae7e8df2adc920ae8297400dabec45f0dedb3f6de \
+    --hash=sha256:fee4236c876c4e8369388054d02d0e9bb84821feb1a64dd59e137e6511a551f8
+    # via opencv-python-headless
+opencv-python-headless==4.12.0.88 \
+    --hash=sha256:1e58d664809b3350c1123484dd441e1667cd7bed3086db1b9ea1b6f6cb20b50e \
+    --hash=sha256:236c8df54a90f4d02076e6f9c1cc763d794542e886c576a6fee46ec8ff75a7a9 \
+    --hash=sha256:365bb2e486b50feffc2d07a405b953a8f3e8eaa63865bc650034e5c71e7a5154 \
+    --hash=sha256:86b413bdd6c6bf497832e346cd5371995de148e579b9774f8eba686dee3f5528 \
+    --hash=sha256:aeb4b13ecb8b4a0beb2668ea07928160ea7c2cd2d9b5ef571bbee6bafe9cc8d0 \
+    --hash=sha256:cfdc017ddf2e59b6c2f53bc12d74b6b0be7ded4ec59083ea70763921af2b6c09 \
+    --hash=sha256:fde2cf5c51e4def5f2132d78e0c08f9c14783cd67356922182c6845b9af87dbd
+    # via -r .github\scripts\requirements_dev.in
+pdf2image==1.17.0 \
+    --hash=sha256:eaa959bc116b420dd7ec415fcae49b98100dda3dd18cd2fdfa86d09f112f6d57 \
+    --hash=sha256:ecdd58d7afb810dffe21ef2b1bbc057ef434dabbac6c33778a38a3f7744a27e2
+    # via -r .github\scripts\requirements_dev.in
+pillow==11.3.0 \
+    --hash=sha256:023f6d2d11784a465f09fd09a34b150ea4672e85fb3d05931d89f373ab14abb2 \
+    --hash=sha256:02a723e6bf909e7cea0dac1b0e0310be9d7650cd66222a5f1c571455c0a45214 \
+    --hash=sha256:040a5b691b0713e1f6cbe222e0f4f74cd233421e105850ae3b3c0ceda520f42e \
+    --hash=sha256:05f6ecbeff5005399bb48d198f098a9b4b6bdf27b8487c7f38ca16eeb070cd59 \
+    --hash=sha256:068d9c39a2d1b358eb9f245ce7ab1b5c3246c7c8c7d9ba58cfa5b43146c06e50 \
+    --hash=sha256:0743841cabd3dba6a83f38a92672cccbd69af56e3e91777b0ee7f4dba4385632 \
+    --hash=sha256:092c80c76635f5ecb10f3f83d76716165c96f5229addbd1ec2bdbbda7d496e06 \
+    --hash=sha256:0b275ff9b04df7b640c59ec5a3cb113eefd3795a8df80bac69646ef699c6981a \
+    --hash=sha256:0bce5c4fd0921f99d2e858dc4d4d64193407e1b99478bc5cacecba2311abde51 \
+    --hash=sha256:1019b04af07fc0163e2810167918cb5add8d74674b6267616021ab558dc98ced \
+    --hash=sha256:106064daa23a745510dabce1d84f29137a37224831d88eb4ce94bb187b1d7e5f \
+    --hash=sha256:118ca10c0d60b06d006be10a501fd6bbdfef559251ed31b794668ed569c87e12 \
+    --hash=sha256:13f87d581e71d9189ab21fe0efb5a23e9f28552d5be6979e84001d3b8505abe8 \
+    --hash=sha256:155658efb5e044669c08896c0c44231c5e9abcaadbc5cd3648df2f7c0b96b9a6 \
+    --hash=sha256:1904e1264881f682f02b7f8167935cce37bc97db457f8e7849dc3a6a52b99580 \
+    --hash=sha256:19d2ff547c75b8e3ff46f4d9ef969a06c30ab2d4263a9e287733aa8b2429ce8f \
+    --hash=sha256:1a992e86b0dd7aeb1f053cd506508c0999d710a8f07b4c791c63843fc6a807ac \
+    --hash=sha256:1b9c17fd4ace828b3003dfd1e30bff24863e0eb59b535e8f80194d9cc7ecf860 \
+    --hash=sha256:1c627742b539bba4309df89171356fcb3cc5a9178355b2727d1b74a6cf155fbd \
+    --hash=sha256:1cd110edf822773368b396281a2293aeb91c90a2db00d78ea43e7e861631b722 \
+    --hash=sha256:1f85acb69adf2aaee8b7da124efebbdb959a104db34d3a2cb0f3793dbae422a8 \
+    --hash=sha256:23cff760a9049c502721bdb743a7cb3e03365fafcdfc2ef9784610714166e5a4 \
+    --hash=sha256:2465a69cf967b8b49ee1b96d76718cd98c4e925414ead59fdf75cf0fd07df673 \
+    --hash=sha256:2a3117c06b8fb646639dce83694f2f9eac405472713fcb1ae887469c0d4f6788 \
+    --hash=sha256:2aceea54f957dd4448264f9bf40875da0415c83eb85f55069d89c0ed436e3542 \
+    --hash=sha256:2d6fcc902a24ac74495df63faad1884282239265c6839a0a6416d33faedfae7e \
+    --hash=sha256:30807c931ff7c095620fe04448e2c2fc673fcbb1ffe2a7da3fb39613489b1ddd \
+    --hash=sha256:30b7c02f3899d10f13d7a48163c8969e4e653f8b43416d23d13d1bbfdc93b9f8 \
+    --hash=sha256:3828ee7586cd0b2091b6209e5ad53e20d0649bbe87164a459d0676e035e8f523 \
+    --hash=sha256:3cee80663f29e3843b68199b9d6f4f54bd1d4a6b59bdd91bceefc51238bcb967 \
+    --hash=sha256:3e184b2f26ff146363dd07bde8b711833d7b0202e27d13540bfe2e35a323a809 \
+    --hash=sha256:41342b64afeba938edb034d122b2dda5db2139b9a4af999729ba8818e0056477 \
+    --hash=sha256:41742638139424703b4d01665b807c6468e23e699e8e90cffefe291c5832b027 \
+    --hash=sha256:4445fa62e15936a028672fd48c4c11a66d641d2c05726c7ec1f8ba6a572036ae \
+    --hash=sha256:45dfc51ac5975b938e9809451c51734124e73b04d0f0ac621649821a63852e7b \
+    --hash=sha256:465b9e8844e3c3519a983d58b80be3f668e2a7a5db97f2784e7079fbc9f9822c \
+    --hash=sha256:48d254f8a4c776de343051023eb61ffe818299eeac478da55227d96e241de53f \
+    --hash=sha256:4c834a3921375c48ee6b9624061076bc0a32a60b5532b322cc0ea64e639dd50e \
+    --hash=sha256:4c96f993ab8c98460cd0c001447bff6194403e8b1d7e149ade5f00594918128b \
+    --hash=sha256:504b6f59505f08ae014f724b6207ff6222662aab5cc9542577fb084ed0676ac7 \
+    --hash=sha256:527b37216b6ac3a12d7838dc3bd75208ec57c1c6d11ef01902266a5a0c14fc27 \
+    --hash=sha256:5418b53c0d59b3824d05e029669efa023bbef0f3e92e75ec8428f3799487f361 \
+    --hash=sha256:59a03cdf019efbfeeed910bf79c7c93255c3d54bc45898ac2a4140071b02b4ae \
+    --hash=sha256:5e05688ccef30ea69b9317a9ead994b93975104a677a36a8ed8106be9260aa6d \
+    --hash=sha256:6359a3bc43f57d5b375d1ad54a0074318a0844d11b76abccf478c37c986d3cfc \
+    --hash=sha256:643f189248837533073c405ec2f0bb250ba54598cf80e8c1e043381a60632f58 \
+    --hash=sha256:65dc69160114cdd0ca0f35cb434633c75e8e7fad4cf855177a05bf38678f73ad \
+    --hash=sha256:67172f2944ebba3d4a7b54f2e95c786a3a50c21b88456329314caaa28cda70f6 \
+    --hash=sha256:676b2815362456b5b3216b4fd5bd89d362100dc6f4945154ff172e206a22c024 \
+    --hash=sha256:6a418691000f2a418c9135a7cf0d797c1bb7d9a485e61fe8e7722845b95ef978 \
+    --hash=sha256:6abdbfd3aea42be05702a8dd98832329c167ee84400a1d1f61ab11437f1717eb \
+    --hash=sha256:6be31e3fc9a621e071bc17bb7de63b85cbe0bfae91bb0363c893cbe67247780d \
+    --hash=sha256:7107195ddc914f656c7fc8e4a5e1c25f32e9236ea3ea860f257b0436011fddd0 \
+    --hash=sha256:71f511f6b3b91dd543282477be45a033e4845a40278fa8dcdbfdb07109bf18f9 \
+    --hash=sha256:7859a4cc7c9295f5838015d8cc0a9c215b77e43d07a25e460f35cf516df8626f \
+    --hash=sha256:7966e38dcd0fa11ca390aed7c6f20454443581d758242023cf36fcb319b1a874 \
+    --hash=sha256:79ea0d14d3ebad43ec77ad5272e6ff9bba5b679ef73375ea760261207fa8e0aa \
+    --hash=sha256:7aee118e30a4cf54fdd873bd3a29de51e29105ab11f9aad8c32123f58c8f8081 \
+    --hash=sha256:7b161756381f0918e05e7cb8a371fff367e807770f8fe92ecb20d905d0e1c149 \
+    --hash=sha256:7c8ec7a017ad1bd562f93dbd8505763e688d388cde6e4a010ae1486916e713e6 \
+    --hash=sha256:7d1aa4de119a0ecac0a34a9c8bde33f34022e2e8f99104e47a3ca392fd60e37d \
+    --hash=sha256:7db51d222548ccfd274e4572fdbf3e810a5e66b00608862f947b163e613b67dd \
+    --hash=sha256:819931d25e57b513242859ce1876c58c59dc31587847bf74cfe06b2e0cb22d2f \
+    --hash=sha256:83e1b0161c9d148125083a35c1c5a89db5b7054834fd4387499e06552035236c \
+    --hash=sha256:857844335c95bea93fb39e0fa2726b4d9d758850b34075a7e3ff4f4fa3aa3b31 \
+    --hash=sha256:8797edc41f3e8536ae4b10897ee2f637235c94f27404cac7297f7b607dd0716e \
+    --hash=sha256:8924748b688aa210d79883357d102cd64690e56b923a186f35a82cbc10f997db \
+    --hash=sha256:89bd777bc6624fe4115e9fac3352c79ed60f3bb18651420635f26e643e3dd1f6 \
+    --hash=sha256:8dc70ca24c110503e16918a658b869019126ecfe03109b754c402daff12b3d9f \
+    --hash=sha256:91da1d88226663594e3f6b4b8c3c8d85bd504117d043740a8e0ec449087cc494 \
+    --hash=sha256:921bd305b10e82b4d1f5e802b6850677f965d8394203d182f078873851dada69 \
+    --hash=sha256:932c754c2d51ad2b2271fd01c3d121daaa35e27efae2a616f77bf164bc0b3e94 \
+    --hash=sha256:93efb0b4de7e340d99057415c749175e24c8864302369e05914682ba642e5d77 \
+    --hash=sha256:97afb3a00b65cc0804d1c7abddbf090a81eaac02768af58cbdcaaa0a931e0b6d \
+    --hash=sha256:97f07ed9f56a3b9b5f49d3661dc9607484e85c67e27f3e8be2c7d28ca032fec7 \
+    --hash=sha256:98a9afa7b9007c67ed84c57c9e0ad86a6000da96eaa638e4f8abe5b65ff83f0a \
+    --hash=sha256:9ab6ae226de48019caa8074894544af5b53a117ccb9d3b3dcb2871464c829438 \
+    --hash=sha256:9c412fddd1b77a75aa904615ebaa6001f169b26fd467b4be93aded278266b288 \
+    --hash=sha256:a1bc6ba083b145187f648b667e05a2534ecc4b9f2784c2cbe3089e44868f2b9b \
+    --hash=sha256:a418486160228f64dd9e9efcd132679b7a02a5f22c982c78b6fc7dab3fefb635 \
+    --hash=sha256:a4d336baed65d50d37b88ca5b60c0fa9d81e3a87d4a7930d3880d1624d5b31f3 \
+    --hash=sha256:a6444696fce635783440b7f7a9fc24b3ad10a9ea3f0ab66c5905be1c19ccf17d \
+    --hash=sha256:a7bc6e6fd0395bc052f16b1a8670859964dbd7003bd0af2ff08342eb6e442cfe \
+    --hash=sha256:b4b8f3efc8d530a1544e5962bd6b403d5f7fe8b9e08227c6b255f98ad82b4ba0 \
+    --hash=sha256:b5f56c3f344f2ccaf0dd875d3e180f631dc60a51b314295a3e681fe8cf851fbe \
+    --hash=sha256:be5463ac478b623b9dd3937afd7fb7ab3d79dd290a28e2b6df292dc75063eb8a \
+    --hash=sha256:c37d8ba9411d6003bba9e518db0db0c58a680ab9fe5179f040b0463644bc9805 \
+    --hash=sha256:c84d689db21a1c397d001aa08241044aa2069e7587b398c8cc63020390b1c1b8 \
+    --hash=sha256:c96d333dcf42d01f47b37e0979b6bd73ec91eae18614864622d9b87bbd5bbf36 \
+    --hash=sha256:cadc9e0ea0a2431124cde7e1697106471fc4c1da01530e679b2391c37d3fbb3a \
+    --hash=sha256:cc3e831b563b3114baac7ec2ee86819eb03caa1a2cef0b481a5675b59c4fe23b \
+    --hash=sha256:cd8ff254faf15591e724dc7c4ddb6bf4793efcbe13802a4ae3e863cd300b493e \
+    --hash=sha256:d000f46e2917c705e9fb93a3606ee4a819d1e3aa7a9b442f6444f07e77cf5e25 \
+    --hash=sha256:d9da3df5f9ea2a89b81bb6087177fb1f4d1c7146d583a3fe5c672c0d94e55e12 \
+    --hash=sha256:e5c5858ad8ec655450a7c7df532e9842cf8df7cc349df7225c60d5d348c8aada \
+    --hash=sha256:e67d793d180c9df62f1f40aee3accca4829d3794c95098887edc18af4b8b780c \
+    --hash=sha256:ea944117a7974ae78059fcc1800e5d3295172bb97035c0c1d9345fca1419da71 \
+    --hash=sha256:eb76541cba2f958032d79d143b98a3a6b3ea87f0959bbe256c0b5e416599fd5d \
+    --hash=sha256:ec1ee50470b0d050984394423d96325b744d55c701a439d2bd66089bff963d3c \
+    --hash=sha256:ee92f2fd10f4adc4b43d07ec5e779932b4eb3dbfbc34790ada5a6669bc095aa6 \
+    --hash=sha256:f0f5d8f4a08090c6d6d578351a2b91acf519a54986c055af27e7a93feae6d3f1 \
+    --hash=sha256:f1f182ebd2303acf8c380a54f615ec883322593320a9b00438eb842c1f37ae50 \
+    --hash=sha256:f8a5827f84d973d8636e9dc5764af4f0cf2318d26744b3d902931701b0d46653 \
+    --hash=sha256:f944255db153ebb2b19c51fe85dd99ef0ce494123f21b9db4877ffdfc5590c7c \
+    --hash=sha256:fdae223722da47b024b867c1ea0be64e0df702c5e0a60e27daad39bf960dd1e4 \
+    --hash=sha256:fe27fb049cdcca11f11a7bfda64043c37b30e6b91f10cb5bab275806c32f6ab3
+    # via
+    #   -r .github\scripts\requirements_dev.in
+    #   pdf2image
+    #   weasyprint
+platformdirs==4.3.8 \
+    --hash=sha256:3d512d96e16bcb959a814c9f348431070822a6496326a4be0911c40b5a74c2bc \
+    --hash=sha256:ff7059bb7eb1179e2685604f4aaf157cfd9535242bd23742eadc3c13542139b4
+    # via virtualenv
+pre-commit==4.3.0 \
+    --hash=sha256:2b0747ad7e6e967169136edffee14c16e148a778a54e4f967921aa1ebf2308d8 \
+    --hash=sha256:499fe450cc9d42e9d58e606262795ecb64dd05438943c62b66f6a8673da30b16
+    # via -r .github\scripts\requirements_dev.in
+pycparser==2.22 \
+    --hash=sha256:491c8be9c040f5390f5bf44a5b07752bd07f56edf992381b05c701439eec10f6 \
+    --hash=sha256:c3702b6d3dd8c7abc1afa565d7e63d53a1d0bd86cdc24edd75470f4de499cfcc
+    # via cffi
+pydyf==0.11.0 \
+    --hash=sha256:0aaf9e2ebbe786ec7a78ec3fbffa4cdcecde53fd6f563221d53c6bc1328848a3 \
+    --hash=sha256:394dddf619cca9d0c55715e3c55ea121a9bf9cbc780cdc1201a2427917b86b64
+    # via weasyprint
+pyphen==0.17.2 \
+    --hash=sha256:3a07fb017cb2341e1d9ff31b8634efb1ae4dc4b130468c7c39dd3d32e7c3affd \
+    --hash=sha256:f60647a9c9b30ec6c59910097af82bc5dd2d36576b918e44148d8b07ef3b4aa3
+    # via weasyprint
+pyyaml==6.0.2 \
+    --hash=sha256:01179a4a8559ab5de078078f37e5c1a30d76bb88519906844fd7bdea1b7729ff \
+    --hash=sha256:0833f8694549e586547b576dcfaba4a6b55b9e96098b36cdc7ebefe667dfed48 \
+    --hash=sha256:0a9a2848a5b7feac301353437eb7d5957887edbf81d56e903999a75a3d743086 \
+    --hash=sha256:0b69e4ce7a131fe56b7e4d770c67429700908fc0752af059838b1cfb41960e4e \
+    --hash=sha256:0ffe8360bab4910ef1b9e87fb812d8bc0a308b0d0eef8c8f44e0254ab3b07133 \
+    --hash=sha256:11d8f3dd2b9c1207dcaf2ee0bbbfd5991f571186ec9cc78427ba5bd32afae4b5 \
+    --hash=sha256:17e311b6c678207928d649faa7cb0d7b4c26a0ba73d41e99c4fff6b6c3276484 \
+    --hash=sha256:1e2120ef853f59c7419231f3bf4e7021f1b936f6ebd222406c3b60212205d2ee \
+    --hash=sha256:1f71ea527786de97d1a0cc0eacd1defc0985dcf6b3f17bb77dcfc8c34bec4dc5 \
+    --hash=sha256:23502f431948090f597378482b4812b0caae32c22213aecf3b55325e049a6c68 \
+    --hash=sha256:24471b829b3bf607e04e88d79542a9d48bb037c2267d7927a874e6c205ca7e9a \
+    --hash=sha256:29717114e51c84ddfba879543fb232a6ed60086602313ca38cce623c1d62cfbf \
+    --hash=sha256:2e99c6826ffa974fe6e27cdb5ed0021786b03fc98e5ee3c5bfe1fd5015f42b99 \
+    --hash=sha256:39693e1f8320ae4f43943590b49779ffb98acb81f788220ea932a6b6c51004d8 \
+    --hash=sha256:3ad2a3decf9aaba3d29c8f537ac4b243e36bef957511b4766cb0057d32b0be85 \
+    --hash=sha256:3b1fdb9dc17f5a7677423d508ab4f243a726dea51fa5e70992e59a7411c89d19 \
+    --hash=sha256:41e4e3953a79407c794916fa277a82531dd93aad34e29c2a514c2c0c5fe971cc \
+    --hash=sha256:43fa96a3ca0d6b1812e01ced1044a003533c47f6ee8aca31724f78e93ccc089a \
+    --hash=sha256:50187695423ffe49e2deacb8cd10510bc361faac997de9efef88badc3bb9e2d1 \
+    --hash=sha256:5ac9328ec4831237bec75defaf839f7d4564be1e6b25ac710bd1a96321cc8317 \
+    --hash=sha256:5d225db5a45f21e78dd9358e58a98702a0302f2659a3c6cd320564b75b86f47c \
+    --hash=sha256:6395c297d42274772abc367baaa79683958044e5d3835486c16da75d2a694631 \
+    --hash=sha256:688ba32a1cffef67fd2e9398a2efebaea461578b0923624778664cc1c914db5d \
+    --hash=sha256:68ccc6023a3400877818152ad9a1033e3db8625d899c72eacb5a668902e4d652 \
+    --hash=sha256:70b189594dbe54f75ab3a1acec5f1e3faa7e8cf2f1e08d9b561cb41b845f69d5 \
+    --hash=sha256:797b4f722ffa07cc8d62053e4cff1486fa6dc094105d13fea7b1de7d8bf71c9e \
+    --hash=sha256:7c36280e6fb8385e520936c3cb3b8042851904eba0e58d277dca80a5cfed590b \
+    --hash=sha256:7e7401d0de89a9a855c839bc697c079a4af81cf878373abd7dc625847d25cbd8 \
+    --hash=sha256:80bab7bfc629882493af4aa31a4cfa43a4c57c83813253626916b8c7ada83476 \
+    --hash=sha256:82d09873e40955485746739bcb8b4586983670466c23382c19cffecbf1fd8706 \
+    --hash=sha256:8388ee1976c416731879ac16da0aff3f63b286ffdd57cdeb95f3f2e085687563 \
+    --hash=sha256:8824b5a04a04a047e72eea5cec3bc266db09e35de6bdfe34c9436ac5ee27d237 \
+    --hash=sha256:8b9c7197f7cb2738065c481a0461e50ad02f18c78cd75775628afb4d7137fb3b \
+    --hash=sha256:9056c1ecd25795207ad294bcf39f2db3d845767be0ea6e6a34d856f006006083 \
+    --hash=sha256:936d68689298c36b53b29f23c6dbb74de12b4ac12ca6cfe0e047bedceea56180 \
+    --hash=sha256:9b22676e8097e9e22e36d6b7bda33190d0d400f345f23d4065d48f4ca7ae0425 \
+    --hash=sha256:a4d3091415f010369ae4ed1fc6b79def9416358877534caf6a0fdd2146c87a3e \
+    --hash=sha256:a8786accb172bd8afb8be14490a16625cbc387036876ab6ba70912730faf8e1f \
+    --hash=sha256:a9f8c2e67970f13b16084e04f134610fd1d374bf477b17ec1599185cf611d725 \
+    --hash=sha256:bc2fa7c6b47d6bc618dd7fb02ef6fdedb1090ec036abab80d4681424b84c1183 \
+    --hash=sha256:c70c95198c015b85feafc136515252a261a84561b7b1d51e3384e0655ddf25ab \
+    --hash=sha256:cc1c1159b3d456576af7a3e4d1ba7e6924cb39de8f67111c735f6fc832082774 \
+    --hash=sha256:ce826d6ef20b1bc864f0a68340c8b3287705cae2f8b4b1d932177dcc76721725 \
+    --hash=sha256:d584d9ec91ad65861cc08d42e834324ef890a082e591037abe114850ff7bbc3e \
+    --hash=sha256:d7fded462629cfa4b685c5416b949ebad6cec74af5e2d42905d41e257e0869f5 \
+    --hash=sha256:d84a1718ee396f54f3a086ea0a66d8e552b2ab2017ef8b420e92edbc841c352d \
+    --hash=sha256:d8e03406cac8513435335dbab54c0d385e4a49e4945d2909a581c83647ca0290 \
+    --hash=sha256:e10ce637b18caea04431ce14fabcf5c64a1c61ec9c56b071a4b7ca131ca52d44 \
+    --hash=sha256:ec031d5d2feb36d1d1a24380e4db6d43695f3748343d99434e6f5f9156aaa2ed \
+    --hash=sha256:ef6107725bd54b262d6dedcc2af448a266975032bc85ef0172c5f059da6325b4 \
+    --hash=sha256:efdca5630322a10774e8e98e1af481aad470dd62c3170801852d752aa7a783ba \
+    --hash=sha256:f753120cb8181e736c57ef7636e83f31b9c0d1722c516f7e86cf15b7aa57ff12 \
+    --hash=sha256:ff3824dc5261f50c9b0dfb3be22b4567a6f938ccce4587b38952d85fd9e9afe4
+    # via pre-commit
+tinycss2==1.4.0 \
+    --hash=sha256:10c0972f6fc0fbee87c3edb76549357415e94548c1ae10ebccdea16fb404a9b7 \
+    --hash=sha256:3a49cf47b7675da0b15d0c6e1df8df4ebd96e9394bb905a5775adb0d884c5289
+    # via
+    #   cssselect2
+    #   weasyprint
+tinyhtml5==2.0.0 \
+    --hash=sha256:086f998833da24c300c414d9fe81d9b368fd04cb9d2596a008421cbc705fcfcc \
+    --hash=sha256:13683277c5b176d070f82d099d977194b7a1e26815b016114f581a74bbfbf47e
+    # via weasyprint
+unoserver==3.3.2 \
+    --hash=sha256:1eeb7467cf6b56b8eff3b576e2d1b2b2ff4e0eb2052e995ac80a1456de300639 \
+    --hash=sha256:87e144f903ee21951b2e06a97549450c13ed7eca5bcebad942d3352d4e882616
+    # via -r .github\scripts\requirements_dev.in
+virtualenv==20.33.1 \
+    --hash=sha256:07c19bc66c11acab6a5958b815cbcee30891cd1c2ccf53785a28651a0d8d8a67 \
+    --hash=sha256:1b44478d9e261b3fb8baa5e74a0ca3bc0e05f21aa36167bf9cbf850e542765b8
+    # via pre-commit
+weasyprint==66.0 \
+    --hash=sha256:82b0783b726fcd318e2c977dcdddca76515b30044bc7a830cc4fbe717582a6d0 \
+    --hash=sha256:da71dc87dc129ac9cffdc65e5477e90365ab9dbae45c744014ec1d06303dde40
+    # via -r .github\scripts\requirements_dev.in
+webencodings==0.5.1 \
+    --hash=sha256:a0af1213f3c2226497a97e2b3aa01a7e4bee4f403f95be16fc9acd2947514a78 \
+    --hash=sha256:b36a1c245f2d304965eb4e0a82848379241dc04b865afcc4aab16748587e1923
+    # via
+    #   cssselect2
+    #   tinycss2
+    #   tinyhtml5
+zopfli==0.2.3.post1 \
+    --hash=sha256:0aa5f90d6298bda02a95bc8dc8c3c19004d5a4e44bda00b67ca7431d857b4b54 \
+    --hash=sha256:0cc20b02a9531559945324c38302fd4ba763311632d0ec8a1a0aa9c10ea363e6 \
+    --hash=sha256:1d8cc06605519e82b16df090e17cb3990d1158861b2872c3117f1168777b81e4 \
+    --hash=sha256:1f990634fd5c5c8ced8edddd8bd45fab565123b4194d6841e01811292650acae \
+    --hash=sha256:2345e713260a350bea0b01a816a469ea356bc2d63d009a0d777691ecbbcf7493 \
+    --hash=sha256:2768c877f76c8a0e7519b1c86c93757f3c01492ddde55751e9988afb7eff64e1 \
+    --hash=sha256:29ea74e72ffa6e291b8c6f2504ce6c146b4fe990c724c1450eb8e4c27fd31431 \
+    --hash=sha256:34a99592f3d9eb6f737616b5bd74b48a589fdb3cb59a01a50d636ea81d6af272 \
+    --hash=sha256:3654bfc927bc478b1c3f3ff5056ed7b20a1a37fa108ca503256d0a699c03bbb1 \
+    --hash=sha256:3657e416ffb8f31d9d3424af12122bb251befae109f2e271d87d825c92fc5b7b \
+    --hash=sha256:37d011e92f7b9622742c905fdbed9920a1d0361df84142807ea2a528419dea7f \
+    --hash=sha256:3827170de28faf144992d3d4dcf8f3998fe3c8a6a6f4a08f1d42c2ec6119d2bb \
+    --hash=sha256:39e576f93576c5c223b41d9c780bbb91fd6db4babf3223d2a4fe7bf568e2b5a8 \
+    --hash=sha256:3a89277ed5f8c0fb2d0b46d669aa0633123aa7381f1f6118c12f15e0fb48f8ca \
+    --hash=sha256:3c163911f8bad94b3e1db0a572e7c28ba681a0c91d0002ea1e4fa9264c21ef17 \
+    --hash=sha256:3f0197b6aa6eb3086ae9e66d6dd86c4d502b6c68b0ec490496348ae8c05ecaef \
+    --hash=sha256:48dba9251060289101343110ab47c0756f66f809bb4d1ddbb6d5c7e7752115c5 \
+    --hash=sha256:4915a41375bdee4db749ecd07d985a0486eb688a6619f713b7bf6fbfd145e960 \
+    --hash=sha256:4c1226a7e2c7105ac31503a9bb97454743f55d88164d6d46bc138051b77f609b \
+    --hash=sha256:4e50ffac74842c1c1018b9b73875a0d0a877c066ab06bf7cccbaa84af97e754f \
+    --hash=sha256:518f1f4ed35dd69ce06b552f84e6d081f07c552b4c661c5312d950a0b764a58a \
+    --hash=sha256:5aad740b4d4fcbaaae4887823925166ffd062db3b248b3f432198fc287381d1a \
+    --hash=sha256:5f272186e03ad55e7af09ab78055535c201b1a0bcc2944edb1768298d9c483a4 \
+    --hash=sha256:5fcfc0dc2761e4fcc15ad5d273b4d58c2e8e059d3214a7390d4d3c8e2aee644e \
+    --hash=sha256:60db20f06c3d4c5934b16cfa62a2cc5c3f0686bffe0071ed7804d3c31ab1a04e \
+    --hash=sha256:615a8ac9dda265e9cc38b2a76c3142e4a9f30fea4a79c85f670850783bc6feb4 \
+    --hash=sha256:6482db9876c68faac2d20a96b566ffbf65ddaadd97b222e4e73641f4f8722fc4 \
+    --hash=sha256:6617fb10f9e4393b331941861d73afb119cd847e88e4974bdbe8068ceef3f73f \
+    --hash=sha256:676919fba7311125244eb0c4393679ac5fe856e5864a15d122bd815205369fa0 \
+    --hash=sha256:6c2d2bc8129707e34c51f9352c4636ca313b52350bbb7e04637c46c1818a2a70 \
+    --hash=sha256:71390dbd3fbf6ebea9a5d85ffed8c26ee1453ee09248e9b88486e30e0397b775 \
+    --hash=sha256:716cdbfc57bfd3d3e31a58e6246e8190e6849b7dbb7c4ce39ef8bbf0edb8f6d5 \
+    --hash=sha256:75a26a2307b10745a83b660c404416e984ee6fca515ec7f0765f69af3ce08072 \
+    --hash=sha256:7be5cc6732eb7b4df17305d8a7b293223f934a31783a874a01164703bc1be6cd \
+    --hash=sha256:7cce242b5df12b2b172489daf19c32e5577dd2fac659eb4b17f6a6efb446fd5c \
+    --hash=sha256:81c341d9bb87a6dbbb0d45d6e272aca80c7c97b4b210f9b6e233bf8b87242f29 \
+    --hash=sha256:89899641d4de97dbad8e0cde690040d078b6aea04066dacaab98e0b5a23573f2 \
+    --hash=sha256:8d5ab297d660b75c159190ce6d73035502310e40fd35170aed7d1a1aea7ddd65 \
+    --hash=sha256:8fbe5bcf10d01aab3513550f284c09fef32f342b36f56bfae2120a9c4d12c130 \
+    --hash=sha256:91a2327a4d7e77471fa4fbb26991c6de4a738c6fc6a33e09bb25f56a870a4b7b \
+    --hash=sha256:95a260cafd56b8fffa679918937401c80bb38e1681c448b988022e4c3610965d \
+    --hash=sha256:96484dc0f48be1c5d7ae9f38ed1ce41e3675fd506b27c11a6607f14b49101e99 \
+    --hash=sha256:9a6aec38a989bad7ddd1ef53f1265699e49e294d08231b5313d61293f3cd6237 \
+    --hash=sha256:9ba214f4f45bec195ee8559651154d3ac2932470b9d91c5715fc29c013349f8c \
+    --hash=sha256:9f4a7ec2770e6af05f5a02733fd3900f30a9cd58e5d6d3727e14c5bcd6e7d587 \
+    --hash=sha256:a1cf720896d2ce998bc8e051d4b4ce0d8bec007aab6243102e8e1d22a0b2fb3f \
+    --hash=sha256:a241a68581d34d67b40c425cce3d1fd211c092f99d9250947824ccba9f491949 \
+    --hash=sha256:a53b18797cdef27e019db595d66c4b077325afe2fd62145953275f53d84ce40c \
+    --hash=sha256:a82fc2dbebe6eb908b9c665e71496f8525c1bc4d2e3a7a7722ef2b128b6227c8 \
+    --hash=sha256:a86eb88e06bd87e1fff31dac878965c26b0c26db59ddcf78bb0379a954b120de \
+    --hash=sha256:aa588b21044f8a74e423d8c8a4c7fc9988501878aacced793467010039c50734 \
+    --hash=sha256:b05296e8bc88c92e2b21e0a9bae4740c1551ee613c1d93a51fd28a7a0b2b6fbb \
+    --hash=sha256:b0ec13f352ea5ae0fc91f98a48540512eed0767d0ec4f7f3cb92d92797983d18 \
+    --hash=sha256:b3df42f52502438ee973042cc551877d24619fa1cd38ef7b7e9ac74200daca8b \
+    --hash=sha256:b78008a69300d929ca2efeffec951b64a312e9a811e265ea4a907ab546d79fa6 \
+    --hash=sha256:b9026a21b6d41eb0e2e63f5bc1242c3fcc43ecb770963cda99a4307863dac12e \
+    --hash=sha256:bbe429fc50686bb2a2608a30843e36fbaa123462a5284f136c7d9e0145220bfd \
+    --hash=sha256:bfa1eb759e07d8b7aa7a310a2bc535e127ee70addf90dc8d4b946b593c3e51a8 \
+    --hash=sha256:c1e0ed5d84ffa2d677cc9582fc01e61dab2e7ef8b8996e055f0a76167b1b94df \
+    --hash=sha256:c4278d1873ce6e803e5d4f8d702fd3026bd67fca744aa98881324d1157ddf748 \
+    --hash=sha256:cac2b37ab21c2b36a10b685b1893ebd6b0f83ae26004838ac817680881576567 \
+    --hash=sha256:cbe6df25807227519debd1a57ab236f5f6bad441500e85b13903e51f93a43214 \
+    --hash=sha256:cd2c002f160502608dcc822ed2441a0f4509c52e86fcfd1a09e937278ed1ca14 \
+    --hash=sha256:e0137dd64a493ba6a4be37405cfd6febe650a98cc1e9dca8f6b8c63b1db11b41 \
+    --hash=sha256:e63d558847166543c2c9789e6f985400a520b7eacc4b99181668b2c3aeadd352 \
+    --hash=sha256:eb45a34f23da4f8bc712b6376ca5396914b0b7c09adbb001dad964eb7f3132f8 \
+    --hash=sha256:ecb7572df5372abce8073df078207d9d1749f20b8b136089916a4a0868d56051 \
+    --hash=sha256:f12000a6accdd4bf0a3fa6eaa1b1c7a7bc80af0a2edf3f89d770d3dcce1d0e22 \
+    --hash=sha256:f7d69c1a7168ad0e9cb864e8663acb232986a0c9c9cb9801f56bf6214f53a54d \
+    --hash=sha256:f815fcc2b2a457977724bad97fb4854022980f51ce7b136925e336b530545ae1 \
+    --hash=sha256:fc39f5c27f962ec8660d8d20c24762431131b5d8c672b44b0a54cf2b5bcde9b9
+    # via fonttools
+
+# The following packages are considered to be unsafe in a requirements file:
+pip==25.2 \
+    --hash=sha256:578283f006390f85bb6282dffb876454593d637f5d1be494b5202ce4877e71f2 \
+    --hash=sha256:6d67a2b4e7f14d8b31b8b52648866fa717f45a1eb70e83002f4331d07e953717
+    # via -r .github\scripts\requirements_dev.in
+setuptools==80.9.0 \
+    --hash=sha256:062d34222ad13e0cc312a4c02d73f059e86a4acbfbdea8f8f76b28c99f306922 \
+    --hash=sha256:f36b47402ecde768dbfafc46e8e4207b4360c654f1f3bb84475f0a28628fb19c
+    # via -r .github\scripts\requirements_dev.in
--- a/.github/scripts/requirements_pre_commit.txt
+++ b/.github/scripts/requirements_pre_commit.txt
@ -8,17 +8,17 @@ cfgv==3.4.0 \
    --hash=sha256:b7265b1f29fd3316bfcd2b330d63d024f2bfd8bcb8b0272f8e19a504856c48f9 \
    --hash=sha256:e52591d4c5f5dead8e0f673fb16db7949d2cfb3f7da4582893288f0ded8fe560
    # via pre-commit
-distlib==0.3.9 \
-    --hash=sha256:47f8c22fd27c27e25a65601af709b38e4f0a45ea4fc2e710f65755fa8caaaf87 \
-    --hash=sha256:a60f20dea646b8a33f3e7772f74dc0b2d0772d2837ee1342a00645c81edf9403
+distlib==0.4.0 \
+    --hash=sha256:9659f7d87e46584a30b5780e43ac7a2143098441670ff0a49d5f9034c54a6c16 \
+    --hash=sha256:feec40075be03a04501a973d81f633735b4b69f98b05450592310c0f401a4e0d
    # via virtualenv
 filelock==3.18.0 \
    --hash=sha256:adbc88eabb99d2fec8c9c1b229b171f18afa655400173ddc653d5d01501fb9f2 \
    --hash=sha256:c401f4f8377c4464e6db25fff06205fd89bdd83b65eb0488ed1b160f780e21de
    # via virtualenv
-identify==2.6.12 \
-    --hash=sha256:ad9672d5a72e0d2ff7c5c8809b62dfa60458626352fb0eb7b55e69bdc45334a2 \
-    --hash=sha256:d8de45749f1efb108badef65ee8386f0f7bb19a7f26185f74de6367bffbaf0e6
+identify==2.6.13 \
+    --hash=sha256:60381139b3ae39447482ecc406944190f690d4a2997f2584062089848361b33b \
+    --hash=sha256:da8d6c828e773620e13bfa86ea601c5a5310ba4bcd65edf378198b56a1f9fb32
    # via pre-commit
 nodeenv==1.9.1 \
    --hash=sha256:6ec12890a2dab7946721edbfbcd91f3319c6ccc9aec47be7c7e6b7011ee6645f \
@ -28,9 +28,9 @@ platformdirs==4.3.8 \
    --hash=sha256:3d512d96e16bcb959a814c9f348431070822a6496326a4be0911c40b5a74c2bc \
    --hash=sha256:ff7059bb7eb1179e2685604f4aaf157cfd9535242bd23742eadc3c13542139b4
    # via virtualenv
-pre-commit==4.2.0 \
-    --hash=sha256:601283b9757afd87d40c4c4a9b2b5de9637a8ea02eaff7adc2d0fb4e04841146 \
-    --hash=sha256:a009ca7205f1eb497d10b845e52c838a98b6cdd2102a6c8e4540e94ee75c58bd
+pre-commit==4.3.0 \
+    --hash=sha256:2b0747ad7e6e967169136edffee14c16e148a778a54e4f967921aa1ebf2308d8 \
+    --hash=sha256:499fe450cc9d42e9d58e606262795ecb64dd05438943c62b66f6a8673da30b16
    # via -r .github\scripts\requirements_pre_commit.in
 pyyaml==6.0.2 \
    --hash=sha256:01179a4a8559ab5de078078f37e5c1a30d76bb88519906844fd7bdea1b7729ff \
@ -87,7 +87,11 @@ pyyaml==6.0.2 \
    --hash=sha256:f753120cb8181e736c57ef7636e83f31b9c0d1722c516f7e86cf15b7aa57ff12 \
    --hash=sha256:ff3824dc5261f50c9b0dfb3be22b4567a6f938ccce4587b38952d85fd9e9afe4
    # via pre-commit
-virtualenv==20.31.2 \
-    --hash=sha256:36efd0d9650ee985f0cad72065001e66d49a6f24eb44d98980f630686243cf11 \
-    --hash=sha256:e10c0a9d02835e592521be48b332b6caee6887f332c111aa79a09b9e79efc2af
+typing-extensions==4.14.1 \
+    --hash=sha256:38b39f4aeeab64884ce9f74c94263ef78f3c22467c8724005483154c26648d36 \
+    --hash=sha256:d1e1e3b58374dc93031d6eda2420a48ea44a36c2b4766a4fdeb3710755731d76
+    # via virtualenv
+virtualenv==20.34.0 \
+    --hash=sha256:341f5afa7eee943e4984a9207c025feedd768baff6753cd660c857ceb3e36026 \
+    --hash=sha256:44815b2c9dee7ed86e387b842a84f20b93f7f417f95886ca1996a72a4138eb1a
    # via pre-commit
--- a/.github/workflows/PR-Demo-Comment-with-react.yml
+++ b/.github/workflows/PR-Demo-Comment-with-react.yml
@ -6,20 +6,18 @@ on:

 permissions:
  contents: read
-  issues: write      # Required for adding reactions to comments
-  pull-requests: read # Required for reading PR information
+  pull-requests: read

 jobs:
  check-comment:
    runs-on: ubuntu-latest
    permissions:
      issues: write
-      pull-requests: read
    if: |
      github.event.issue.pull_request &&
      (
-      contains(github.event.comment.body, 'prdeploy') ||
-      contains(github.event.comment.body, 'deploypr')
+        contains(github.event.comment.body, 'prdeploy') ||
+        contains(github.event.comment.body, 'deploypr')
      )
      &&
      (
@ -30,26 +28,29 @@ jobs:
        github.event.comment.user.login == 'sbplat' ||
        github.event.comment.user.login == 'reecebrowne' ||
        github.event.comment.user.login == 'DarioGii' ||
+        github.event.comment.user.login == 'EthanHealy01' ||
        github.event.comment.user.login == 'ConnorYoh'
      )
    outputs:
      pr_number: ${{ steps.get-pr.outputs.pr_number }}
-      pr_repository: ${{ steps.get-pr-info.outputs.repository }}
-      pr_ref: ${{ steps.get-pr-info.outputs.ref }}
      comment_id: ${{ github.event.comment.id }}
      disable_security: ${{ steps.check-security-flag.outputs.disable_security }}
      enable_pro: ${{ steps.check-pro-flag.outputs.enable_pro }}
      enable_enterprise: ${{ steps.check-pro-flag.outputs.enable_enterprise }}
    steps:
      - name: Harden Runner
-        uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2
+        uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
        with:
          egress-policy: audit

-      # Generate GitHub App token
-      - name: Generate GitHub App Token
-        id: generate-token
-        uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e # v2.0.6
+      - name: Checkout PR
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+
+      - name: Setup GitHub App Bot
+        if: github.actor != 'dependabot[bot]'
+        id: setup-bot
+        uses: ./.github/actions/setup-bot
+        continue-on-error: true
        with:
          app-id: ${{ secrets.GH_APP_ID }}
          private-key: ${{ secrets.GH_APP_PRIVATE_KEY }}
@ -63,29 +64,6 @@ jobs:
            console.log(`PR Number: ${prNumber}`);
            core.setOutput('pr_number', prNumber);

-      - name: Get PR repository and ref
-        id: get-pr-info
-        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
-        with:
-          script: |
-            const { owner, repo } = context.repo;
-            const prNumber = context.payload.issue.number;
-
-            const { data: pr } = await github.rest.pulls.get({
-              owner,
-              repo,
-              pull_number: prNumber,
-            });
-
-            // For forks, use the full repository name, for internal PRs use the current repo
-            const repository = pr.head.repo.fork ? pr.head.repo.full_name : `${owner}/${repo}`;
-
-            console.log(`PR Repository: ${repository}`);
-            console.log(`PR Branch: ${pr.head.ref}`);
-
-            core.setOutput('repository', repository);
-            core.setOutput('ref', pr.head.ref);
-
      - name: Check for security/login flag
        id: check-security-flag
        env:
@ -122,7 +100,7 @@ jobs:
        id: add-eyes-reaction
        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
        with:
-          github-token: ${{ steps.generate-token.outputs.token }}
+          github-token: ${{ steps.setup-bot.outputs.token }}
          script: |
            console.log(`Adding eyes reaction to comment ID: ${context.payload.comment.id}`);
            try {
@ -144,28 +122,32 @@ jobs:
    needs: check-comment
    runs-on: ubuntu-latest
    permissions:
-      contents: read
      issues: write
+      pull-requests: write

    steps:
      - name: Harden Runner
-        uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2
+        uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
        with:
          egress-policy: audit

-      - name: Generate GitHub App Token
-        id: generate-token
-        uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e # v2.0.6
+      - name: Checkout PR
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+
+      - name: Setup GitHub App Bot
+        if: github.actor != 'dependabot[bot]'
+        id: setup-bot
+        uses: ./.github/actions/setup-bot
+        continue-on-error: true
        with:
          app-id: ${{ secrets.GH_APP_ID }}
          private-key: ${{ secrets.GH_APP_PRIVATE_KEY }}

      - name: Checkout PR
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
        with:
-          repository: ${{ needs.check-comment.outputs.pr_repository }}
-          ref: ${{ needs.check-comment.outputs.pr_ref }}
-          token: ${{ secrets.GITHUB_TOKEN }}
+          ref: refs/pull/${{ needs.check-comment.outputs.pr_number }}/merge
+          token: ${{ steps.setup-bot.outputs.token }}

      - name: Set up JDK
        uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
@ -187,14 +169,8 @@ jobs:
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1

-      - name: Get version number
-        id: versionNumber
-        run: |
-          VERSION=$(grep "^version =" build.gradle | awk -F'"' '{print $2}')
-          echo "versionNumber=$VERSION" >> $GITHUB_OUTPUT
-
      - name: Login to Docker Hub
-        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
+        uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0
        with:
          username: ${{ secrets.DOCKER_HUB_USERNAME }}
          password: ${{ secrets.DOCKER_HUB_API }}
@ -296,7 +272,7 @@ jobs:
        if: success()
        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
        with:
-          github-token: ${{ steps.generate-token.outputs.token }}
+          github-token: ${{ steps.setup-bot.outputs.token }}
          script: |
            console.log(`Adding rocket reaction to comment ID: ${{ needs.check-comment.outputs.comment_id }}`);
            try {
@ -312,11 +288,26 @@ jobs:
              console.error(error);
            }

+            // add label to PR
+            const prNumber = ${{ needs.check-comment.outputs.pr_number }};
+            try {
+              await github.rest.issues.addLabels({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                issue_number: prNumber,
+                labels: ['pr-deployed']
+              });
+              console.log(`Added 'pr-deployed' label to PR #${prNumber}`);
+            } catch (error) {
+              console.error(`Failed to add label to PR: ${error.message}`);
+              console.error(error);
+            }
+
      - name: Add failure reaction to comment
        if: failure()
        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
        with:
-          github-token: ${{ steps.generate-token.outputs.token }}
+          github-token: ${{ steps.setup-bot.outputs.token }}
          script: |
            console.log(`Adding -1 reaction to comment ID: ${{ needs.check-comment.outputs.comment_id }}`);
            try {
@ -336,7 +327,7 @@ jobs:
        if: success()
        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
        with:
-          github-token: ${{ steps.generate-token.outputs.token }}
+          github-token: ${{ steps.setup-bot.outputs.token }}
          script: |
            const { GITHUB_REPOSITORY } = process.env;
            const [repoOwner, repoName] = GITHUB_REPOSITORY.split('/');
@ -356,3 +347,11 @@ jobs:
              issue_number: prNumber,
              body: commentBody
            });
+
+      - name: Cleanup temporary files
+        if: always()
+        run: |
+          echo "Cleaning up temporary files..."
+          rm -f ../private.key docker-compose.yml
+          echo "Cleanup complete."
+        continue-on-error: true
--- a/.github/workflows/PR-Demo-cleanup.yml
+++ b/.github/workflows/PR-Demo-cleanup.yml
@ -1,7 +1,7 @@
 name: PR Deployment cleanup

 on:
-  pull_request:
+  pull_request_target:
    types: [opened, synchronize, reopened, closed]

 permissions:
@ -13,25 +13,99 @@ env:

 jobs:
  cleanup:
+    if: github.event.action == 'closed'
    runs-on: ubuntu-latest
    permissions:
-      contents: write
      pull-requests: write
-    if: github.event.action == 'closed'
+      issues: write

    steps:
      - name: Harden Runner
-        uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2
+        uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
        with:
          egress-policy: audit

+      - name: Checkout PR
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+
+      - name: Setup GitHub App Bot
+        if: github.actor != 'dependabot[bot]'
+        id: setup-bot
+        uses: ./.github/actions/setup-bot
+        continue-on-error: true
+        with:
+          app-id: ${{ secrets.GH_APP_ID }}
+          private-key: ${{ secrets.GH_APP_PRIVATE_KEY }}
+
+      - name: Remove 'pr-deployed' label if present
+        id: remove-label-comment
+        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
+        with:
+          github-token: ${{ steps.setup-bot.outputs.token }}
+          script: |
+            const prNumber = ${{ github.event.pull_request.number }};
+            const owner = context.repo.owner;
+            const repo = context.repo.repo;
+
+            // Get all labels on the PR
+            const { data: labels } = await github.rest.issues.listLabelsOnIssue({
+              owner,
+              repo,
+              issue_number: prNumber
+            });
+
+            const hasLabel = labels.some(label => label.name === 'pr-deployed');
+
+            if (hasLabel) {
+              console.log("Label 'pr-deployed' found. Removing...");
+              await github.rest.issues.removeLabel({
+                owner,
+                repo,
+                issue_number: prNumber,
+                name: 'pr-deployed'
+              });
+            } else {
+              console.log("Label 'pr-deployed' not found. Nothing to do.");
+            }
+
+            // Find existing bot comments about the deployment
+            const { data: comments } = await github.rest.issues.listComments({
+              owner,
+              repo,
+              issue_number: prNumber
+            });
+            const deploymentComments = comments.filter(c =>
+              c.body?.includes("## 🚀 PR Test Deployment") &&
+              c.user?.type === "Bot"
+            );
+
+            if (deploymentComments.length > 0) {
+              for (const comment of deploymentComments) {
+                await github.rest.issues.deleteComment({
+                  owner,
+                  repo,
+                  comment_id: comment.id
+                });
+                console.log(`Deleted deployment comment (ID: ${comment.id})`);
+              }
+            } else {
+              console.log("No matching deployment comments found.");
+            }
+
+            // Set flag if either label or comment was present
+            const hasDeploymentComment = deploymentComments.length > 0;
+            core.setOutput('present', (hasLabel || hasDeploymentComment) ? 'true' : 'false');
+
+
      - name: Set up SSH
+        if: steps.remove-label-comment.outputs.present == 'true'
        run: |
          mkdir -p ~/.ssh/
          echo "${{ secrets.VPS_SSH_KEY }}" > ../private.key
          sudo chmod 600 ../private.key

      - name: Cleanup PR deployment
+        if: steps.remove-label-comment.outputs.present == 'true'
        id: cleanup
        run: |
          ssh -i ../private.key -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -T ${{ secrets.VPS_USERNAME }}@${{ secrets.VPS_HOST }} << 'ENDSSH'
@ -57,3 +131,11 @@ jobs:
              echo "NO_CLEANUP_NEEDED"
            fi
          ENDSSH
+
+      - name: Cleanup temporary files
+        if: always()
+        run: |
+          echo "Cleaning up temporary files..."
+          rm -f ../private.key
+          echo "Cleanup complete."
+        continue-on-error: true
--- a/.github/workflows/ai_pr_title_review.yml
+++ b/.github/workflows/ai_pr_title_review.yml
@ -19,11 +19,11 @@ jobs:

    steps:
      - name: Harden Runner
-        uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2
+        uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
        with:
          egress-policy: audit

-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
        with:
          fetch-depth: 0

@ -87,7 +87,7 @@ jobs:
      - name: AI PR Title Analysis
        if: steps.actor.outputs.is_repo_dev == 'true'
        id: ai-title-analysis
-        uses: actions/ai-inference@d645f067d89ee1d5d736a5990e327e504d1c5a4a # v1.1.0
+        uses: actions/ai-inference@b81b2afb8390ee6839b494a404766bef6493c7d9 # v1.2.8
        with:
          model: openai/gpt-4o
          system-prompt-file: ".github/config/system-prompt.txt"
--- a/.github/workflows/auto-labeler.yml
+++ b/.github/workflows/auto-labeler.yml
@ -1,27 +0,0 @@
-name: "Pull Request Labeler"
-on:
-  pull_request_target:
-    types: [opened, synchronize]
-
-permissions:
-  contents: read
-
-jobs:
-  labeler:
-    runs-on: ubuntu-latest
-    permissions:
-      pull-requests: write
-    steps:
-      - name: Harden Runner
-        uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2
-        with:
-          egress-policy: audit
-
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-
-      - name: Apply Labels
-        uses: actions/labeler@8558fd74291d67161a8a78ce36a881fa63b766a9 # v5.0.0
-        with:
-          repo-token: ${{ secrets.GITHUB_TOKEN }}
-          configuration-path: .github/labeler-config.yml
-          sync-labels: true
--- a/.github/workflows/auto-labelerV2.yml
+++ b/.github/workflows/auto-labelerV2.yml
@ -13,11 +13,11 @@ jobs:
      pull-requests: write
    steps:
      - name: Harden Runner
-        uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2
+        uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
        with:
          egress-policy: audit

-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0

      - name: Setup GitHub App Bot
        id: setup-bot
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@ -1,15 +1,46 @@
-name: Build repo
+name: Build and Test Workflow

 on:
-  push:
-    branches: ["main"]
+  workflow_dispatch:
+  # push:
+  #   branches: ["main"]
  pull_request:
    branches: ["main"]

+# cancel in-progress jobs if a new job is triggered
+# This is useful to avoid running multiple builds for the same branch if a new commit is pushed
+# or a pull request is updated.
+# It helps to save resources and time by ensuring that only the latest commit is built and tested
+# This is particularly useful for long-running jobs that may take a while to complete.
+# The `group` is set to a combination of the workflow name, event name, and branch name.
+# This ensures that jobs are grouped by the workflow and branch, allowing for cancellation of
+# in-progress jobs when a new commit is pushed to the same branch or a new pull request is opened.
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.event.pull_request.number || github.ref_name || github.ref }}
+  cancel-in-progress: true
+
 permissions:
  contents: read

 jobs:
+  files-changed:
+    name: detect what files changed
+    runs-on: ubuntu-latest
+    timeout-minutes: 3
+    # Map a step output to a job output
+    outputs:
+      build: ${{ steps.changes.outputs.build }}
+      app: ${{ steps.changes.outputs.app }}
+      project: ${{ steps.changes.outputs.project }}
+      openapi: ${{ steps.changes.outputs.openapi }}
+    steps:
+      - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+
+      - name: Check for file changes
+        uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
+        id: changes
+        with:
+          filters: ".github/config/.files.yaml"
  build:
    runs-on: ubuntu-latest

@ -25,12 +56,12 @@ jobs:

    steps:
      - name: Harden Runner
-        uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2
+        uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
        with:
          egress-policy: audit

      - name: Checkout repository
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0

      - name: Set up JDK ${{ matrix.jdk-version }}
        uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
@ -38,6 +69,11 @@ jobs:
          java-version: ${{ matrix.jdk-version }}
          distribution: "temurin"

+      - name: Setup Gradle
+        uses: gradle/actions/setup-gradle@017a9effdb900e5b5b2fddfb590a105619dca3c3 # v4.4.2
+        with:
+          gradle-version: 8.14
+
      - name: Build with Gradle and spring security ${{ matrix.spring-security }}
        run: ./gradlew clean build
        env:
@ -48,12 +84,12 @@ jobs:
        if: always()
        run: |
          declare -a dirs=(
-            "stirling-pdf/build/reports/tests/"
-            "stirling-pdf/build/test-results/"
-            "common/build/reports/tests/"
-            "common/build/test-results/"
-            "proprietary/build/reports/tests/"
-            "proprietary/build/test-results/"
+            "app/core/build/reports/tests/"
+            "app/core/build/test-results/"
+            "app/common/build/reports/tests/"
+            "app/common/build/test-results/"
+            "app/proprietary/build/reports/tests/"
+            "app/proprietary/build/test-results/"
          )
          missing_reports=()
          for dir in "${dirs[@]}"; do
@ -74,40 +110,78 @@ jobs:
        with:
          name: test-reports-jdk-${{ matrix.jdk-version }}-spring-security-${{ matrix.spring-security }}
          path: |
-            stirling-pdf/build/reports/tests/
-            stirling-pdf/build/test-results/
-            stirling-pdf/build/reports/problems/
-            common/build/reports/tests/
-            common/build/test-results/
-            common/build/reports/problems/
-            proprietary/build/reports/tests/
-            proprietary/build/test-results/
-            proprietary/build/reports/problems/
+            app/core/build/reports/tests/
+            app/core/build/test-results/
+            app/core/build/reports/problems/
+            app/common/build/reports/tests/
+            app/common/build/test-results/
+            app/common/build/reports/problems/
+            app/proprietary/build/reports/tests/
+            app/proprietary/build/test-results/
+            app/proprietary/build/reports/problems/
            build/reports/problems/
          retention-days: 3
          if-no-files-found: warn

-  check-licence:
+  check-generateOpenApiDocs:
+    if: needs.files-changed.outputs.openapi == 'true'
+    needs: [files-changed, build]
    runs-on: ubuntu-latest
    steps:
      - name: Harden Runner
-        uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2
+        uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
        with:
          egress-policy: audit

      - name: Checkout repository
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0

      - name: Set up JDK 17
        uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
        with:
          java-version: "17"
-          distribution: "adopt"
+          distribution: "temurin"

-      - name: check the licenses for compatibility
+      - name: Setup Gradle
+        uses: gradle/actions/setup-gradle@017a9effdb900e5b5b2fddfb590a105619dca3c3 # v4.4.2
+
+      - name: Generate OpenAPI documentation
+        run: ./gradlew :stirling-pdf:generateOpenApiDocs
+        env:
+          DISABLE_ADDITIONAL_FEATURES: true
+      
+      - name: Upload OpenAPI Documentation
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        with:
+          name: openapi-docs
+          path: ./SwaggerDoc.json
+
+  check-licence:
+    if: needs.files-changed.outputs.build == 'true'
+    needs: [files-changed, build]
+    runs-on: ubuntu-latest
+    steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
+        with:
+          egress-policy: audit
+
+      - name: Checkout repository
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+
+      - name: Set up JDK 17
+        uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
+        with:
+          java-version: "17"
+          distribution: "temurin"
+
+      - name: Check licenses for compatibility
        run: ./gradlew clean checkLicense
+        env:
+          DISABLE_ADDITIONAL_FEATURES: false
+          STIRLING_PDF_DESKTOP_UI: true

-      - name: FAILED - check the licenses for compatibility
+      - name: FAILED - Check licenses for compatibility
        if: failure()
        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
        with:
@ -117,6 +191,8 @@ jobs:
          retention-days: 3

  docker-compose-tests:
+    if: needs.files-changed.outputs.project == 'true'
+    needs: files-changed
    # if: github.event_name == 'push' && github.ref == 'refs/heads/main' ||
    #     (github.event_name == 'pull_request' &&
    #     contains(github.event.pull_request.labels.*.name, 'licenses') == false &&
@ -135,18 +211,18 @@ jobs:

    steps:
      - name: Harden Runner
-        uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2
+        uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
        with:
          egress-policy: audit

      - name: Checkout Repository
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0

      - name: Set up Java 17
        uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
        with:
          java-version: "17"
-          distribution: "adopt"
+          distribution: "temurin"

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
@ -161,6 +237,7 @@ jobs:
        with:
          python-version: "3.12"
          cache: 'pip' # caching pip dependencies
+          cache-dependency-path: ./testing/cucumber/requirements.txt

      - name: Pip requirements
        run: |
@ -172,3 +249,69 @@ jobs:
          chmod +x ./testing/test.sh
          chmod +x ./testing/test_disabledEndpoints.sh
          ./testing/test.sh
+
+  test-build-docker-images:
+    if: github.event_name == 'pull_request' && needs.files-changed.outputs.project == 'true'
+    needs: [files-changed, build, check-generateOpenApiDocs, check-licence]
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        docker-rev: ["Dockerfile", "Dockerfile.ultra-lite", "Dockerfile.fat"]
+    steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
+        with:
+          egress-policy: audit
+
+      - name: Checkout Repository
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+
+      - name: Set up JDK 17
+        uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
+        with:
+          java-version: "17"
+          distribution: "temurin"
+
+      - name: Set up Gradle
+        uses: gradle/actions/setup-gradle@017a9effdb900e5b5b2fddfb590a105619dca3c3 # v4.4.2
+        with:
+          gradle-version: 8.14
+
+      - name: Build application
+        run: ./gradlew clean build
+        env:
+          DISABLE_ADDITIONAL_FEATURES: true
+          STIRLING_PDF_DESKTOP_UI: false
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0
+
+      - name: Set up Docker Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
+
+      - name: Build ${{ matrix.docker-rev }}
+        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
+        with:
+          builder: ${{ steps.buildx.outputs.name }}
+          context: .
+          file: ./${{ matrix.docker-rev }}
+          push: false
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+          platforms: linux/amd64,linux/arm64/v8
+          provenance: true
+          sbom: true
+
+      - name: Upload Reports
+        if: always()
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        with:
+          name: reports-docker-${{ matrix.docker-rev }}
+          path: |
+            build/reports/tests/
+            build/test-results/
+            build/reports/problems/
+          retention-days: 3
+          if-no-files-found: warn
--- a/.github/workflows/check_properties.yml
+++ b/.github/workflows/check_properties.yml
@ -4,7 +4,19 @@ on:
  pull_request_target:
    types: [opened, synchronize, reopened]
    paths:
-      - "stirling-pdf/src/main/resources/messages_*.properties"
+      - "app/core/src/main/resources/messages_*.properties"
+
+# cancel in-progress jobs if a new job is triggered
+# This is useful to avoid running multiple builds for the same branch if a new commit is pushed
+# or a pull request is updated.
+# It helps to save resources and time by ensuring that only the latest commit is built and tested
+# This is particularly useful for long-running jobs that may take a while to complete.
+# The `group` is set to a combination of the workflow name, event name, and branch name.
+# This ensures that jobs are grouped by the workflow and branch, allowing for cancellation of
+# in-progress jobs when a new commit is pushed to the same branch or a new pull request is opened.
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.event.pull_request.number || github.ref_name || github.ref }}
+  cancel-in-progress: true

 permissions:
  contents: read # Allow read access to repository content
@ -18,12 +30,12 @@ jobs:
      pull-requests: write # Allow writing to pull requests
    steps:
      - name: Harden Runner
-        uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2
+        uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
        with:
          egress-policy: audit

      - name: Checkout main branch first
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0

      - name: Setup GitHub App Bot
        id: setup-bot
@ -67,7 +79,7 @@ jobs:
              exit 1
            fi
            # Get changed files and filter for properties files, handle case where no matches are found
-            gh pr view ${{ steps.get-pr-data.outputs.pr_number }} --json files -q ".files[].path" | grep -E '^stirling-pdf/src/main/resources/messages_[a-zA-Z_]{2}_[a-zA-Z_]{2,7}\.properties$' > changed_files.txt || echo "No matching properties files found in PR"
+            gh pr view ${{ steps.get-pr-data.outputs.pr_number }} --json files -q ".files[].path" | grep -E '^app/core/src/main/resources/messages_[a-zA-Z_]{2}_[a-zA-Z_]{2,7}\.properties$' > changed_files.txt || echo "No matching properties files found in PR"
            # Check if any files were found
            if [ ! -s changed_files.txt ]; then
              echo "No properties files changed in this PR"
@ -115,9 +127,9 @@ jobs:

            // Filter for relevant files based on the PR changes
            const changedFiles = files
-              .filter(file => 
+              .filter(file =>
                file.status !== "removed" &&
-                /^stirling-pdf\/src\/main\/resources\/messages_[a-zA-Z_]{2}_[a-zA-Z_]{2,7}\.properties$/.test(file.filename)
+                /^app\/core\/src\/main\/resources\/messages_[a-zA-Z_]{2}_[a-zA-Z_]{2,7}\.properties$/.test(file.filename)
              )
              .map(file => file.filename);

@ -157,12 +169,12 @@ jobs:

            // Determine reference file
            let referenceFilePath;
-            if (changedFiles.includes("stirling-pdf/src/main/resources/messages_en_GB.properties")) {
+            if (changedFiles.includes("app/core/src/main/resources/messages_en_GB.properties")) {
              console.log("Using PR branch reference file.");
              const { data: fileContent } = await github.rest.repos.getContent({
                owner: prRepoOwner,
                repo: prRepoName,
-                path: "stirling-pdf/src/main/resources/messages_en_GB.properties",
+                path: "app/core/src/main/resources/messages_en_GB.properties",
                ref: branch,
              });

@ -174,7 +186,7 @@ jobs:
              const { data: fileContent } = await github.rest.repos.getContent({
                owner: repoOwner,
                repo: repoName,
-                path: "stirling-pdf/src/main/resources/messages_en_GB.properties",
+                path: "app/core/src/main/resources/messages_en_GB.properties",
                ref: "main",
              });

@ -277,4 +289,4 @@ jobs:
          rm -rf pr-branch
          rm -f pr-branch-messages_en_GB.properties main-branch-messages_en_GB.properties changed_files.txt result.txt
          echo "Cleanup complete."
-        continue-on-error: true # Ensure cleanup runs even if previous steps fail
+        continue-on-error: true # Ensure cleanup runs even if previous steps fail
--- a/.github/workflows/dependency-review.yml
+++ b/.github/workflows/dependency-review.yml
@ -17,11 +17,11 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Harden Runner
-        uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2
+        uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
        with:
          egress-policy: audit

      - name: "Checkout Repository"
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
      - name: "Dependency Review"
-        uses: actions/dependency-review-action@da24556b548a50705dd671f47852072ea4c105d9 # v4.7.1
+        uses: actions/dependency-review-action@bc41886e18ea39df68b1b1245f4184881938e050 # v4.7.2
--- a/.github/workflows/licenses-update.yml
+++ b/.github/workflows/licenses-update.yml
@ -7,6 +7,18 @@ on:
    paths:
      - "build.gradle"

+# cancel in-progress jobs if a new job is triggered
+# This is useful to avoid running multiple builds for the same branch if a new commit is pushed
+# or a pull request is updated.
+# It helps to save resources and time by ensuring that only the latest commit is built and tested
+# This is particularly useful for long-running jobs that may take a while to complete.
+# The `group` is set to a combination of the workflow name, event name, and branch name.
+# This ensures that jobs are grouped by the workflow and branch, allowing for cancellation of
+# in-progress jobs when a new commit is pushed to the same branch or a new pull request is opened.
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.ref_name || github.ref }}
+  cancel-in-progress: true
+
 permissions:
  contents: read

@ -19,12 +31,12 @@ jobs:
      repository-projects: write # Required for enabling automerge
    steps:
      - name: Harden Runner
-        uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2
+        uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
        with:
          egress-policy: audit

      - name: Check out code
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
        with:
          fetch-depth: 0

@ -39,13 +51,16 @@ jobs:
        uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
        with:
          java-version: "17"
-          distribution: "adopt"
+          distribution: "temurin"

      - name: Setup Gradle
-        uses: gradle/actions/setup-gradle@ac638b010cf58a27ee6c972d7336334ccaf61c96 # v4.4.1
+        uses: gradle/actions/setup-gradle@017a9effdb900e5b5b2fddfb590a105619dca3c3 # v4.4.2

      - name: Check licenses for compatibility
        run: ./gradlew clean checkLicense
+        env:
+          DISABLE_ADDITIONAL_FEATURES: false
+          STIRLING_PDF_DESKTOP_UI: true

      - name: Upload artifact on failure
        if: failure()
@ -57,11 +72,11 @@ jobs:

      - name: Move and rename license file
        run: |
-          mv build/reports/dependency-license/index.json stirling-pdf/src/main/resources/static/3rdPartyLicenses.json
+          mv build/reports/dependency-license/index.json app/core/src/main/resources/static/3rdPartyLicenses.json

      - name: Commit changes
        run: |
-          git add stirling-pdf/src/main/resources/static/3rdPartyLicenses.json
+          git add app/core/src/main/resources/static/3rdPartyLicenses.json
          git diff --staged --quiet || echo "CHANGES_DETECTED=true" >> $GITHUB_ENV

      - name: Create Pull Request
--- a/.github/workflows/manage-label.yml
+++ b/.github/workflows/manage-label.yml
@ -15,12 +15,12 @@ jobs:
      issues: write
    steps:
      - name: Harden Runner
-        uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2
+        uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
        with:
          egress-policy: audit

      - name: Check out the repository
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0

      - name: Run Labeler
        uses: crazy-max/ghaction-github-labeler@24d110aa46a59976b8a7f35518cb7f14f434c916 # v5.3.0
--- a/.github/workflows/multiOSReleases.yml
+++ b/.github/workflows/multiOSReleases.yml
@ -21,27 +21,31 @@ jobs:
      versionMac: ${{ steps.versionNumberMac.outputs.versionNumberMac }}
    steps:
      - name: Harden Runner
-        uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2
+        uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
        with:
          egress-policy: audit

-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0

-      # Get version number
+      - name: Set up JDK
+        uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
+        with:
+          distribution: 'temurin'
+          java-version: '21'
+
+      # ✅ Get version from Gradle
      - name: Get version number
        id: versionNumber
        run: |
-          VERSION=$(grep "^version =" build.gradle | awk -F'"' '{print $2}')
+          VERSION=$(./gradlew printVersion --quiet | tail -1)
          echo "versionNumber=$VERSION" >> $GITHUB_OUTPUT

+      # ✅ Get Mac-specific version from Gradle
      - name: Get version number mac
        id: versionNumberMac
        run: |
-          VERSION=$(grep "^version =" build.gradle | awk -F'"' '{print $2}')
-          CURRENT_YEAR=$(date +'%Y')
-          IFS='.' read -r -a VERSION_PARTS <<< "$VERSION"
-          MAC_VERSION="$CURRENT_YEAR.${VERSION_PARTS[1]:-0}.${VERSION_PARTS[2]:-0}"
-          echo "versionNumberMac=$MAC_VERSION" >> $GITHUB_OUTPUT
+          VERSION_MAC=$(./gradlew printMacVersion --quiet | tail -1)
+          echo "versionNumberMac=$VERSION_MAC" >> $GITHUB_OUTPUT

  build-portable:
    needs: read_versions
@ -56,11 +60,11 @@ jobs:
            file_suffix: ""
    steps:
      - name: Harden Runner
-        uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2
+        uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
        with:
          egress-policy: audit

-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0

      - name: Set up JDK 21
        uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
@ -68,7 +72,7 @@ jobs:
          java-version: "21"
          distribution: "temurin"

-      - uses: gradle/actions/setup-gradle@ac638b010cf58a27ee6c972d7336334ccaf61c96 # v4.4.1
+      - uses: gradle/actions/setup-gradle@017a9effdb900e5b5b2fddfb590a105619dca3c3 # v4.4.2
        with:
          gradle-version: 8.14

@ -82,7 +86,7 @@ jobs:
        run: |
          mkdir ./binaries
          mv ./build/launch4j/Stirling-PDF.exe ./binaries/win-Stirling-PDF-portable-Server${{ matrix.file_suffix }}.exe
-          mv ./build/libs/Stirling-PDF-${{ needs.read_versions.outputs.version }}.jar ./binaries/Stirling-PDF${{ matrix.file_suffix }}.jar
+          mv ./app/core/build/libs/stirling-pdf-${{ needs.read_versions.outputs.version }}.jar ./binaries/Stirling-PDF${{ matrix.file_suffix }}.jar

      - name: Upload build artifacts
        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
@ -106,12 +110,12 @@ jobs:
            file_suffix: ""
    steps:
      - name: Harden Runner
-        uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2
+        uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
        with:
          egress-policy: audit

      - name: Download build artifacts
-        uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
+        uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
        with:
          name: stirling-${{ matrix.file_suffix }}binaries

@ -144,11 +148,11 @@ jobs:
      contents: write
    steps:
      - name: Harden Runner
-        uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2
+        uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
        with:
          egress-policy: audit

-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0

      - name: Set up JDK 21
        uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
@ -156,7 +160,7 @@ jobs:
          java-version: "21"
          distribution: "temurin"

-      - uses: gradle/actions/setup-gradle@ac638b010cf58a27ee6c972d7336334ccaf61c96 # v4.4.1
+      - uses: gradle/actions/setup-gradle@017a9effdb900e5b5b2fddfb590a105619dca3c3 # v4.4.2
        with:
          gradle-version: 8.14

@ -234,12 +238,12 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Harden Runner
-        uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2
+        uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
        with:
          egress-policy: audit

      - name: Download build artifacts
-        uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
+        uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
        with:
          name: ${{ matrix.platform }}binaries

@ -248,7 +252,7 @@ jobs:

      - name: Install Cosign
        if: matrix.os == 'windows-latest'
-        uses: sigstore/cosign-installer@398d4b0eeef1380460a10c8013a76f728fb906ac # v3.9.1
+        uses: sigstore/cosign-installer@d58896d6a1865668819e1d91763c7751a165e159 # v3.9.2

      - name: Generate key pair
        if: matrix.os == 'windows-latest'
@ -297,12 +301,12 @@ jobs:
      contents: write
    steps:
      - name: Harden Runner
-        uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2
+        uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
        with:
          egress-policy: audit

      - name: Download signed artifacts
-        uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
+        uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
      - name: Display structure of downloaded files
        run: ls -R
      - name: Upload binaries, attestations and signatures to Release and create GitHub Release
--- a/.github/workflows/pre_commit.yml
+++ b/.github/workflows/pre_commit.yml
@ -2,8 +2,9 @@ name: Pre-commit

 on:
  workflow_dispatch:
-  schedule:
-    - cron: "0 0 * * 1"
+  push:
+    branches:
+      - main

 permissions:
  contents: read
@ -16,12 +17,12 @@ jobs:
      pull-requests: write
    steps:
      - name: Harden Runner
-        uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2
+        uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
        with:
          egress-policy: audit

      - name: Checkout repository
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
        with:
          fetch-depth: 0

@ -37,6 +38,7 @@ jobs:
        with:
          python-version: 3.12
          cache: 'pip' # caching pip dependencies
+          cache-dependency-path: ./.github/scripts/requirements_pre_commit.txt

      - name: Run Pre-Commit Hooks
        run: |
@ -45,6 +47,15 @@ jobs:
      - run: pre-commit run --all-files -c .pre-commit-config.yaml
        continue-on-error: true

+      - name: Set up JDK
+        uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
+        with:
+          java-version: 17
+          distribution: "temurin"
+
+      - name: Build with Gradle
+        run: ./gradlew clean build
+
      - name: git add
        run: |
          git add .
--- a/.github/workflows/push-docker.yml
+++ b/.github/workflows/push-docker.yml
@ -7,6 +7,18 @@ on:
      - master
      - main

+# cancel in-progress jobs if a new job is triggered
+# This is useful to avoid running multiple builds for the same branch if a new commit is pushed
+# or a pull request is updated.
+# It helps to save resources and time by ensuring that only the latest commit is built and tested
+# This is particularly useful for long-running jobs that may take a while to complete.
+# The `group` is set to a combination of the workflow name, event name, and branch name.
+# This ensures that jobs are grouped by the workflow and branch, allowing for cancellation of
+# in-progress jobs when a new commit is pushed to the same branch or a new pull request is opened.
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.ref_name || github.ref }}
+  cancel-in-progress: true
+
 permissions:
  contents: read

@ -18,11 +30,11 @@ jobs:
      id-token: write
    steps:
      - name: Harden Runner
-        uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2
+        uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
        with:
          egress-policy: audit

-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0

      - name: Set up JDK 17
        uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
@ -30,7 +42,7 @@ jobs:
          java-version: "17"
          distribution: "temurin"

-      - uses: gradle/actions/setup-gradle@ac638b010cf58a27ee6c972d7336334ccaf61c96 # v4.4.1
+      - uses: gradle/actions/setup-gradle@017a9effdb900e5b5b2fddfb590a105619dca3c3 # v4.4.2
        with:
          gradle-version: 8.14

@ -42,7 +54,7 @@ jobs:

      - name: Install cosign
        if: github.ref == 'refs/heads/master'
-        uses: sigstore/cosign-installer@398d4b0eeef1380460a10c8013a76f728fb906ac # v3.9.1
+        uses: sigstore/cosign-installer@d58896d6a1865668819e1d91763c7751a165e159 # v3.9.2
        with:
          cosign-release: "v2.4.1"

@ -55,13 +67,13 @@ jobs:
        run: echo "versionNumber=$(./gradlew printVersion --quiet | tail -1)" >> $GITHUB_OUTPUT

      - name: Login to Docker Hub
-        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
+        uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0
        with:
          username: ${{ secrets.DOCKER_HUB_USERNAME }}
          password: ${{ secrets.DOCKER_HUB_API }}

      - name: Login to GitHub Container Registry
-        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
+        uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
@ -76,7 +88,7 @@ jobs:

      - name: Generate tags
        id: meta
-        uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0
+        uses: docker/metadata-action@c1e51972afc2121e065aed6d45c65596fe445f3f # v5.8.0
        if: github.ref != 'refs/heads/main'
        with:
          images: |
@ -122,7 +134,7 @@ jobs:

      - name: Generate tags ultra-lite
        id: meta2
-        uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0
+        uses: docker/metadata-action@c1e51972afc2121e065aed6d45c65596fe445f3f # v5.8.0
        if: github.ref != 'refs/heads/main'
        with:
          images: |
@ -153,7 +165,7 @@ jobs:

      - name: Generate tags fat
        id: meta3
-        uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0
+        uses: docker/metadata-action@c1e51972afc2121e065aed6d45c65596fe445f3f # v5.8.0
        with:
          images: |
            ${{ secrets.DOCKER_HUB_USERNAME }}/s-pdf
--- a/.github/workflows/releaseArtifacts.yml
+++ b/.github/workflows/releaseArtifacts.yml
@ -23,11 +23,11 @@ jobs:
      version: ${{ steps.versionNumber.outputs.versionNumber }}
    steps:
      - name: Harden Runner
-        uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2
+        uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
        with:
          egress-policy: audit

-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0

      - name: Set up JDK 17
        uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
@ -35,7 +35,7 @@ jobs:
          java-version: "17"
          distribution: "temurin"

-      - uses: gradle/actions/setup-gradle@ac638b010cf58a27ee6c972d7336334ccaf61c96 # v4.4.1
+      - uses: gradle/actions/setup-gradle@017a9effdb900e5b5b2fddfb590a105619dca3c3 # v4.4.2
        with:
          gradle-version: 8.14

@ -83,19 +83,19 @@ jobs:
            file_suffix: ""
    steps:
      - name: Harden Runner
-        uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2
+        uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
        with:
          egress-policy: audit

      - name: Download build artifacts
-        uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
+        uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
        with:
          name: binaries${{ matrix.file_suffix }}
      - name: Display structure of downloaded files
        run: ls -R

      - name: Install Cosign
-        uses: sigstore/cosign-installer@398d4b0eeef1380460a10c8013a76f728fb906ac # v3.9.1
+        uses: sigstore/cosign-installer@d58896d6a1865668819e1d91763c7751a165e159 # v3.9.2

      - name: Generate key pair
        run: cosign generate-key-pair
@ -161,12 +161,12 @@ jobs:
            file_suffix: ""
    steps:
      - name: Harden Runner
-        uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2
+        uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
        with:
          egress-policy: audit

      - name: Download signed artifacts
-        uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
+        uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
        with:
          name: signed${{ matrix.file_suffix }}

--- a/.github/workflows/scorecards.yml
+++ b/.github/workflows/scorecards.yml
@ -34,12 +34,12 @@ jobs:

    steps:
      - name: Harden Runner
-        uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2
+        uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
        with:
          egress-policy: audit

      - name: "Checkout code"
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
        with:
          persist-credentials: false

@ -74,6 +74,6 @@ jobs:

      # Upload the results to GitHub's code scanning dashboard.
      - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@181d5eefc20863364f96762470ba6f862bdef56b # v3.29.2
+        uses: github/codeql-action/upload-sarif@3c3833e0f8c1c83d449a7478aa59c036a9165498 # v3.29.5
        with:
          sarif_file: results.sarif
--- a/.github/workflows/sonarqube.yml
+++ b/.github/workflows/sonarqube.yml
@ -9,6 +9,18 @@ on:
      - main
  workflow_dispatch:

+# cancel in-progress jobs if a new job is triggered
+# This is useful to avoid running multiple builds for the same branch if a new commit is pushed
+# or a pull request is updated.
+# It helps to save resources and time by ensuring that only the latest commit is built and tested
+# This is particularly useful for long-running jobs that may take a while to complete.
+# The `group` is set to a combination of the workflow name, event name, and branch name.
+# This ensures that jobs are grouped by the workflow and branch, allowing for cancellation of
+# in-progress jobs when a new commit is pushed to the same branch or a new pull request is opened.
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.event.pull_request.number || github.ref_name || github.ref }}
+  cancel-in-progress: true
+
 permissions:
  pull-requests: read
  actions: read
@ -18,16 +30,16 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Harden Runner
-        uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2
+        uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
        with:
          egress-policy: audit

-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
        with:
          fetch-depth: 0

      - name: Setup Gradle
-        uses: gradle/actions/setup-gradle@ac638b010cf58a27ee6c972d7336334ccaf61c96 # v4.4.1
+        uses: gradle/actions/setup-gradle@017a9effdb900e5b5b2fddfb590a105619dca3c3 # v4.4.2

      - name: Build and analyze with Gradle
        env:
--- a/.github/workflows/stale.yml
+++ b/.github/workflows/stale.yml
@ -16,7 +16,7 @@ jobs:
      pull-requests: write
    steps:
      - name: Harden Runner
-        uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2
+        uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
        with:
          egress-policy: audit

--- a/.github/workflows/swagger.yml
+++ b/.github/workflows/swagger.yml
@ -6,6 +6,18 @@ on:
    branches:
      - master

+# cancel in-progress jobs if a new job is triggered
+# This is useful to avoid running multiple builds for the same branch if a new commit is pushed
+# or a pull request is updated.
+# It helps to save resources and time by ensuring that only the latest commit is built and tested
+# This is particularly useful for long-running jobs that may take a while to complete.
+# The `group` is set to a combination of the workflow name, event name, and branch name.
+# This ensures that jobs are grouped by the workflow and branch, allowing for cancellation of
+# in-progress jobs when a new commit is pushed to the same branch or a new pull request is opened.
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.ref_name || github.ref }}
+  cancel-in-progress: true
+
 permissions:
  contents: read

@ -14,11 +26,11 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Harden Runner
-        uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2
+        uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
        with:
          egress-policy: audit

-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0

      - name: Set up JDK 17
        uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
@ -26,10 +38,10 @@ jobs:
          java-version: "17"
          distribution: "temurin"

-      - uses: gradle/actions/setup-gradle@ac638b010cf58a27ee6c972d7336334ccaf61c96 # v4.4.1
+      - uses: gradle/actions/setup-gradle@017a9effdb900e5b5b2fddfb590a105619dca3c3 # v4.4.2

      - name: Generate Swagger documentation
-        run: ./gradlew generateOpenApiDocs
+        run: ./gradlew :stirling-pdf:generateOpenApiDocs

      - name: Upload Swagger Documentation to SwaggerHub
        run: ./gradlew swaggerhubUpload
--- a/.github/workflows/sync_files.yml
+++ b/.github/workflows/sync_files.yml
@ -8,10 +8,22 @@ on:
    paths:
      - "build.gradle"
      - "README.md"
-      - "stirling-pdf/src/main/resources/messages_*.properties"
-      - "stirling-pdf/src/main/resources/static/3rdPartyLicenses.json"
+      - "app/core/src/main/resources/messages_*.properties"
+      - "app/core/src/main/resources/static/3rdPartyLicenses.json"
      - "scripts/ignore_translation.toml"

+# cancel in-progress jobs if a new job is triggered
+# This is useful to avoid running multiple builds for the same branch if a new commit is pushed
+# or a pull request is updated.
+# It helps to save resources and time by ensuring that only the latest commit is built and tested
+# This is particularly useful for long-running jobs that may take a while to complete.
+# The `group` is set to a combination of the workflow name, event name, and branch name.
+# This ensures that jobs are grouped by the workflow and branch, allowing for cancellation of
+# in-progress jobs when a new commit is pushed to the same branch or a new pull request is opened.
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.ref_name || github.ref }}
+  cancel-in-progress: true
+
 permissions:
  contents: read

@ -20,11 +32,11 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Harden Runner
-        uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2
+        uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
        with:
          egress-policy: audit

-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0

      - name: Setup GitHub App Bot
        id: setup-bot
@ -41,11 +53,11 @@ jobs:

      - name: Sync translation property files
        run: |
-          python .github/scripts/check_language_properties.py --reference-file "stirling-pdf/src/main/resources/messages_en_GB.properties" --branch main
+          python .github/scripts/check_language_properties.py --reference-file "app/core/src/main/resources/messages_en_GB.properties" --branch main

      - name: Commit translation files
        run: |
-          git add stirling-pdf/src/main/resources/messages_*.properties
+          git add app/core/src/main/resources/messages_*.properties
          git diff --staged --quiet || git commit -m ":memo: Sync translation files" || echo "No changes detected"

      - name: Install dependencies
@ -101,4 +113,4 @@ jobs:
          sign-commits: true
          add-paths: |
            README.md
-              stirling-pdf/src/main/resources/messages_*.properties
+            app/core/src/main/resources/messages_*.properties
--- a/.github/workflows/testdriver.yml
+++ b/.github/workflows/testdriver.yml
@ -4,6 +4,18 @@ on:
  push:
    branches: ["master", "UITest", "testdriver"]

+# cancel in-progress jobs if a new job is triggered
+# This is useful to avoid running multiple builds for the same branch if a new commit is pushed
+# or a pull request is updated.
+# It helps to save resources and time by ensuring that only the latest commit is built and tested
+# This is particularly useful for long-running jobs that may take a while to complete.
+# The `group` is set to a combination of the workflow name, event name, and branch name.
+# This ensures that jobs are grouped by the workflow and branch, allowing for cancellation of
+# in-progress jobs when a new commit is pushed to the same branch or a new pull request is opened.
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.ref_name || github.ref }}
+  cancel-in-progress: true
+
 permissions:
  contents: read

@ -12,12 +24,12 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Harden Runner
-        uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2
+        uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
        with:
          egress-policy: audit

      - name: Checkout repository
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0

      - name: Set up JDK
        uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
@ -25,6 +37,11 @@ jobs:
          java-version: '17'
          distribution: 'temurin'

+      - name: Setup Gradle
+        uses: gradle/actions/setup-gradle@017a9effdb900e5b5b2fddfb590a105619dca3c3 # v4.4.2
+        with:
+          gradle-version: 8.14
+
      - name: Build with Gradle
        run: ./gradlew clean build
        env:
@ -40,7 +57,7 @@ jobs:
          echo "versionNumber=$VERSION" >> $GITHUB_OUTPUT

      - name: Login to Docker Hub
-        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
+        uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0
        with:
          username: ${{ secrets.DOCKER_HUB_USERNAME }}
          password: ${{ secrets.DOCKER_HUB_API }}
@ -105,11 +122,16 @@ jobs:

    steps:
      - name: Harden Runner
-        uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2
+        uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
        with:
          egress-policy: audit

-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+
+      - name: Set up Node
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
+        with:
+          cache: 'npm'

      - name: Run TestDriver.ai
        uses: testdriverai/action@f0d0f45fdd684db628baa843fe9313f3ca3a8aa8 #1.1.3
@ -134,7 +156,7 @@ jobs:

    steps:
      - name: Harden Runner
-        uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2
+        uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
        with:
          egress-policy: audit

--- a/.gitignore
+++ b/.gitignore
@ -124,10 +124,13 @@ SwaggerDoc.json
 *.tar.gz
 *.rar
 *.db
-/build
-/stirling-pdf/build
-/common/build
-/proprietary/build
+build
+app/core/build
+app/common/build
+app/proprietary/build
+common/build
+proprietary/build
+stirling-pdf/build

 # Byte-compiled / optimized / DLL files
 __pycache__/
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@ -1,15 +1,15 @@
 repos:
  - repo: https://github.com/astral-sh/ruff-pre-commit
-    rev: v0.12.0
+    rev: v0.12.7
    hooks:
      - id: ruff
        args:
          - --fix
          - --line-length=127
-        files: ^((\.github/scripts|scripts)/.+)?[^/]+\.py$
+        files: ^((\.github/scripts|scripts|app/core/src/main/resources/static/python)/.+)?[^/]+\.py$
        exclude: (split_photos.py)
      - id: ruff-format
-        files: ^((\.github/scripts|scripts)/.+)?[^/]+\.py$
+        files: ^((\.github/scripts|scripts|app/core/src/main/resources/static/python)/.+)?[^/]+\.py$
        exclude: (split_photos.py)
  - repo: https://github.com/codespell-project/codespell
    rev: v2.4.1
@ -20,9 +20,9 @@ repos:
          - --skip="./.*,*.csv,*.json,*.ambr"
          - --quiet-level=2
        files: \.(html|css|js|py|md)$
-        exclude: (.vscode|.devcontainer|stirling-pdf/src/main/resources|Dockerfile|.*/pdfjs.*|.*/thirdParty.*|bootstrap.*|.*\.min\..*|.*diff\.js)
+        exclude: (.vscode|.devcontainer|app/core/src/main/resources|app/proprietary/src/main/resources|Dockerfile|.*/pdfjs.*|.*/thirdParty.*|bootstrap.*|.*\.min\..*|.*diff\.js)
  - repo: https://github.com/gitleaks/gitleaks
-    rev: v8.27.2
+    rev: v8.28.0
    hooks:
      - id: gitleaks
  - repo: https://github.com/pre-commit/pre-commit-hooks
@ -34,3 +34,13 @@ repos:
      - id: trailing-whitespace
        files: ^.*(\.js|\.java|\.py|\.yml)$
        exclude: ^(.*/pdfjs.*|.*/thirdParty.*|bootstrap.*|.*\.min\..*|.*diff\.js|\.github/workflows/.*$)
+  # - repo: https://github.com/thibaudcolas/pre-commit-stylelint
+  #   rev: v16.21.1
+  #   hooks:
+  #     - id: stylelint
+  #       additional_dependencies:
+  #         - stylelint@16.21.1
+  #         - stylelint-config-standard@38.0.0
+  #         - "@stylistic/stylelint-plugin@3.1.3"
+  #       files: \.(css)$
+  #       args: [--fix]
--- a/.vscode/extensions.json
+++ b/.vscode/extensions.json
@ -17,5 +17,7 @@
    "GitHub.vscode-pull-request-github", // GitHub Pull Requests extension for Visual Studio Code
    "charliermarsh.ruff", // Ruff code formatter for Python to follow the Ruff Style Guide
    "yzhang.markdown-all-in-one", // Markdown All-in-One extension for enhanced Markdown editing
+    "stylelint.vscode-stylelint", // Stylelint extension for CSS and SCSS linting
+    "redhat.vscode-yaml", // YAML extension for Visual Studio Code
  ]
 }
--- a/.vscode/settings.json
+++ b/.vscode/settings.json
@ -2,13 +2,20 @@
  "editor.wordSegmenterLocales": "",
  "editor.guides.bracketPairs": "active",
  "editor.guides.bracketPairsHorizontal": "active",
+  "editor.defaultFormatter": "EditorConfig.EditorConfig",
  "cSpell.enabled": false,
+  "[feature]": {
+    "editor.defaultFormatter": "alexkrechik.cucumberautocomplete"
+  },
  "[java]": {
    "editor.defaultFormatter": "josevseb.google-java-format-for-vs-code"
  },
  "[jsonc]": {
    "editor.defaultFormatter": "vscode.json-language-features"
  },
+  "[css]": {
+    "editor.defaultFormatter": "stylelint.vscode-stylelint"
+  },
  "[json]": {
    "editor.defaultFormatter": "vscode.json-language-features"
  },
@ -27,11 +34,14 @@
  "[gradle]": {
    "editor.defaultFormatter": "vscjava.vscode-gradle"
  },
+  "[yaml]": {
+    "editor.defaultFormatter": "redhat.vscode-yaml"
+  },
  "java.compile.nullAnalysis.mode": "automatic",
  "java.configuration.updateBuildConfiguration": "interactive",
  "java.format.enabled": true,
  "java.format.settings.profile": "GoogleStyle",
-  "java.format.settings.google.version": "1.27.0",
+  "java.format.settings.google.version": "1.28.0",
  "java.format.settings.google.extra": "--aosp --skip-sorting-imports --skip-javadoc-formatting",
  // (DE) Aktiviert Kommentare im Java-Format.
  // (EN) Enables comments in Java formatting.
@ -70,13 +80,17 @@
    ".venv*/",
    ".vscode/",
    "bin/",
-    "common/bin/",
-    "proprietary/bin/",
+    "app/core/bin/",
+    "app/common/bin/",
+    "app/proprietary/bin/",
    "build/",
-    "common/build/",
-    "proprietary/build/",
+    "app/core/build/",
+    "app/common/build/",
+    "app/proprietary/build/",
    "configs/",
+    "app/core/configs/",
    "customFiles/",
+    "app/core/customFiles/",
    "docs/",
    "exampleYmlFiles",
    "gradle/",
@ -88,8 +102,9 @@
    ".git-blame-ignore-revs",
    ".gitattributes",
    ".gitignore",
-    "common/.gitignore",
-    "proprietary/.gitignore",
+    "app/core/.gitignore",
+    "app/common/.gitignore",
+    "app/proprietary/.gitignore",
    ".pre-commit-config.yaml",
  ],
  // Enables signature help in Java.
@ -119,9 +134,10 @@
  "html.format.indentHandlebars": true,
  "html.format.preserveNewLines": true,
  "html.format.maxPreserveNewLines": 2,
+  "stylelint.configFile": "devTools/.stylelintrc.json",
  "java.project.sourcePaths": [
-    "stirling-pdf/src/main/java",
-    "common/src/main/java",
-    "proprietary/src/main/java"
+    "app/core/src/main/java",
+    "app/common/src/main/java",
+    "app/proprietary/src/main/java"
  ]
 }
--- a/10
+++ b/10
@ -1,11 +1,10 @@
 # Main stage
-FROM alpine:3.22.0@sha256:8a1f59ffb675680d47db6337b49d22281a139e9d709335b492be023728e11715
+FROM alpine:3.22.1@sha256:4bcff63911fcb4448bd4fdacec207030997caf25e9bea4045fa6c8c44de311d1

 # Copy necessary files
 COPY scripts /scripts
-COPY pipeline /pipeline
-COPY stirling-pdf/src/main/resources/static/fonts/*.ttf /usr/share/fonts/opentype/noto/
-COPY stirling-pdf/build/libs/*.jar app.jar
+COPY app/core/src/main/resources/static/fonts/*.ttf /usr/share/fonts/opentype/noto/
+COPY app/core/build/libs/*.jar app.jar

 ARG VERSION_TAG

@ -79,7 +78,7 @@ RUN echo "@main https://dl-cdn.alpinelinux.org/alpine/edge/main" | tee -a /etc/a
    # URW Base 35 fonts for better PDF rendering
    font-urw-base35 && \
    python3 -m venv /opt/venv && \
-    /opt/venv/bin/pip install --upgrade pip setuptools && \
+    /opt/venv/bin/pip install --no-cache-dir --upgrade pip setuptools && \
    /opt/venv/bin/pip install --no-cache-dir --upgrade unoserver weasyprint && \
    ln -s /usr/lib/libreoffice/program/uno.py /opt/venv/lib/python3.12/site-packages/ && \
    ln -s /usr/lib/libreoffice/program/unohelper.py /opt/venv/lib/python3.12/site-packages/ && \
@ -90,7 +89,6 @@ RUN echo "@main https://dl-cdn.alpinelinux.org/alpine/edge/main" | tee -a /etc/a
    ln -s /usr/share/fontconfig/conf.avail/69-urw-*.conf /etc/fonts/conf.d/ && \
    fc-cache -f -v && \
    chmod +x /scripts/* && \
-    chmod +x /scripts/init.sh && \
    # User permissions
    addgroup -S stirlingpdfgroup && adduser -S stirlingpdfuser -G stirlingpdfgroup && \
    chown -R stirlingpdfuser:stirlingpdfgroup $HOME /scripts /usr/share/fonts/opentype/noto /configs /customFiles /pipeline /tmp/stirling-pdf && \
--- a/Dockerfile.dev
+++ b/Dockerfile.dev
@ -34,10 +34,10 @@ ENV SETUPTOOLS_USE_DISTUTILS=local \
    TMP=/tmp/stirling-pdf

 # Installation der benötigten Python-Pakete
+COPY .github/scripts/requirements_dev.txt /tmp/requirements_dev.txt
 RUN python3 -m venv --system-site-packages /opt/venv \
  && . /opt/venv/bin/activate \
-  && pip install --upgrade pip setuptools \
-  && pip install --no-cache-dir WeasyPrint pdf2image pillow unoserver opencv-python-headless pre-commit
+  && pip install --no-cache-dir --require-hashes -r /tmp/requirements_dev.txt

 # Füge den venv-Pfad zur globalen PATH-Variable hinzu, damit die Tools verfügbar sind
 ENV PATH="/opt/venv/bin:$PATH"
@ -54,8 +54,7 @@ RUN echo "devuser ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/devuser \
 # Setze das Arbeitsverzeichnis (wird später per Bind-Mount überschrieben)
 WORKDIR /workspace

-RUN chmod +x /workspace/.devcontainer/git-init.sh
-RUN sudo chmod +x /workspace/.devcontainer/init-setup.sh
+RUN chmod +x /workspace/.devcontainer/git-init.sh /workspace/.devcontainer/init-setup.sh

 # Wechsel zum Nicht‑Root Benutzer
 USER devuser
--- a/Dockerfile.fat
+++ b/Dockerfile.fat
@ -5,9 +5,9 @@ COPY build.gradle .
 COPY settings.gradle .
 COPY gradlew .
 COPY gradle gradle/
-COPY stirling-pdf/build.gradle stirling-pdf/.
-COPY common/build.gradle common/.
-COPY proprietary/build.gradle proprietary/.
+COPY app/core/build.gradle core/.
+COPY app/common/build.gradle common/.
+COPY app/proprietary/build.gradle proprietary/.
 RUN ./gradlew build -x spotlessApply -x spotlessCheck -x test -x sonarqube || return 0

 # Set the working directory
@ -22,13 +22,13 @@ RUN DISABLE_ADDITIONAL_FEATURES=false \
    ./gradlew clean build -x spotlessApply -x spotlessCheck -x test -x sonarqube

 # Main stage
-FROM alpine:3.22.0@sha256:8a1f59ffb675680d47db6337b49d22281a139e9d709335b492be023728e11715
+FROM alpine:3.22.1@sha256:4bcff63911fcb4448bd4fdacec207030997caf25e9bea4045fa6c8c44de311d1

 # Copy necessary files
 COPY scripts /scripts
-COPY pipeline /pipeline
-COPY stirling-pdf/src/main/resources/static/fonts/*.ttf /usr/share/fonts/opentype/noto/
-COPY --from=build /app/stirling-pdf/build/libs/*.jar app.jar
+COPY app/core/src/main/resources/static/fonts/*.ttf /usr/share/fonts/opentype/noto/
+# first /app directory is for the build stage, second is for the final image
+COPY --from=build /app/app/core/build/libs/*.jar app.jar

 ARG VERSION_TAG

@ -91,7 +91,7 @@ RUN echo "@main https://dl-cdn.alpinelinux.org/alpine/edge/main" | tee -a /etc/a
    py3-pillow@testing \
    py3-pdf2image@testing && \
    python3 -m venv /opt/venv && \
-    /opt/venv/bin/pip install --upgrade pip setuptools && \
+    /opt/venv/bin/pip install --no-cache-dir --upgrade pip setuptools && \
    /opt/venv/bin/pip install --no-cache-dir --upgrade unoserver weasyprint && \
    ln -s /usr/lib/libreoffice/program/uno.py /opt/venv/lib/python3.12/site-packages/ && \
    ln -s /usr/lib/libreoffice/program/unohelper.py /opt/venv/lib/python3.12/site-packages/ && \
@ -102,7 +102,6 @@ RUN echo "@main https://dl-cdn.alpinelinux.org/alpine/edge/main" | tee -a /etc/a
    ln -s /usr/share/fontconfig/conf.avail/69-urw-*.conf /etc/fonts/conf.d/ && \
    fc-cache -f -v && \
    chmod +x /scripts/* && \
-    chmod +x /scripts/init.sh && \
    # User permissions
    addgroup -S stirlingpdfgroup && adduser -S stirlingpdfuser -G stirlingpdfgroup && \
    chown -R stirlingpdfuser:stirlingpdfgroup $HOME /scripts /usr/share/fonts/opentype/noto /configs /customFiles /pipeline /tmp/stirling-pdf && \
--- a/Dockerfile.ultra-lite
+++ b/Dockerfile.ultra-lite
@ -1,5 +1,5 @@
 # use alpine
-FROM alpine:3.22.0@sha256:8a1f59ffb675680d47db6337b49d22281a139e9d709335b492be023728e11715
+FROM alpine:3.22.1@sha256:4bcff63911fcb4448bd4fdacec207030997caf25e9bea4045fa6c8c44de311d1

 ARG VERSION_TAG

@ -21,8 +21,7 @@ ENV DISABLE_ADDITIONAL_FEATURES=true \
 COPY scripts/download-security-jar.sh /scripts/download-security-jar.sh
 COPY scripts/init-without-ocr.sh /scripts/init-without-ocr.sh
 COPY scripts/installFonts.sh /scripts/installFonts.sh
-COPY pipeline /pipeline
-COPY stirling-pdf/build/libs/*.jar app.jar
+COPY app/core/build/libs/*.jar app.jar

 # Set up necessary directories and permissions
 RUN echo "@testing https://dl-cdn.alpinelinux.org/alpine/edge/main" | tee -a /etc/apk/repositories && \
@ -39,10 +38,10 @@ RUN echo "@testing https://dl-cdn.alpinelinux.org/alpine/edge/main" | tee -a /et
        su-exec \
        openjdk21-jre && \
    # User permissions
-    mkdir -p /configs /logs /customFiles /usr/share/fonts/opentype/noto /tmp/stirling-pdf && \
+    mkdir -p /configs /logs /customFiles /usr/share/fonts/opentype/noto /tmp/stirling-pdf /pipeline/watchedFolders /pipeline/finishedFolders && \
    chmod +x /scripts/*.sh && \
    addgroup -S stirlingpdfgroup && adduser -S stirlingpdfuser -G stirlingpdfgroup && \
-    chown -R stirlingpdfuser:stirlingpdfgroup $HOME /scripts  /configs /customFiles /pipeline /tmp/stirling-pdf && \
+    chown -R stirlingpdfuser:stirlingpdfgroup $HOME /scripts /pipeline /configs /customFiles /tmp/stirling-pdf && \
    chown stirlingpdfuser:stirlingpdfgroup /app.jar

 # Set environment variables
@ -52,4 +51,4 @@ EXPOSE 8080/tcp

 # Run the application
 ENTRYPOINT ["tini", "--", "/scripts/init-without-ocr.sh"]
-CMD ["java", "-Dfile.encoding=UTF-8", "-Djava.io.tmpdir=/tmp/stirling-pdf", "-jar", "/app.jar"]
+CMD ["java", "-Dfile.encoding=UTF-8", "-Djava.io.tmpdir=/tmp/stirling-pdf", "-jar", "/app.jar"]
--- a/4
+++ b/4
@ -4,8 +4,8 @@ Copyright (c) 2025 Stirling PDF Inc.

 Portions of this software are licensed as follows:

-* All content that resides under the "proprietary/" directory of this repository,
-if that directory exists, is licensed under the license defined in "proprietary/LICENSE".
+* All content that resides under the "app/proprietary/" directory of this repository,
+if that directory exists, is licensed under the license defined in "app/proprietary/LICENSE".
 * Content outside of the above mentioned directories or restrictions above is
 available under the MIT License as defined below.

--- a/README.md
+++ b/README.md
@ -116,47 +116,47 @@ Stirling-PDF currently supports 40 languages!

 | Language                                     | Progress                               |
 | -------------------------------------------- | -------------------------------------- |
-| Arabic (العربية) (ar_AR)                        | ![63%](https://geps.dev/progress/63)   |
-| Azerbaijani (Azərbaycan Dili) (az_AZ)        | ![63%](https://geps.dev/progress/63)   |
-| Basque (Euskara) (eu_ES)                     | ![37%](https://geps.dev/progress/37)   |
-| Bulgarian (Български) (bg_BG)                | ![70%](https://geps.dev/progress/70)   |
-| Catalan (Català) (ca_CA)                     | ![69%](https://geps.dev/progress/69)   |
-| Croatian (Hrvatski) (hr_HR)                  | ![62%](https://geps.dev/progress/62)   |
-| Czech (Česky) (cs_CZ)                        | ![71%](https://geps.dev/progress/71)   |
-| Danish (Dansk) (da_DK)                       | ![63%](https://geps.dev/progress/63)   |
-| Dutch (Nederlands) (nl_NL)                   | ![61%](https://geps.dev/progress/61)   |
+| Arabic (العربية) (ar_AR)                        | ![61%](https://geps.dev/progress/61)   |
+| Azerbaijani (Azərbaycan Dili) (az_AZ)        | ![62%](https://geps.dev/progress/62)   |
+| Basque (Euskara) (eu_ES)                     | ![36%](https://geps.dev/progress/36)   |
+| Bulgarian (Български) (bg_BG)                | ![68%](https://geps.dev/progress/68)   |
+| Catalan (Català) (ca_CA)                     | ![68%](https://geps.dev/progress/68)   |
+| Croatian (Hrvatski) (hr_HR)                  | ![60%](https://geps.dev/progress/60)   |
+| Czech (Česky) (cs_CZ)                        | ![70%](https://geps.dev/progress/70)   |
+| Danish (Dansk) (da_DK)                       | ![61%](https://geps.dev/progress/61)   |
+| Dutch (Nederlands) (nl_NL)                   | ![60%](https://geps.dev/progress/60)   |
 | English (English) (en_GB)                    | ![100%](https://geps.dev/progress/100) |
 | English (US) (en_US)                         | ![100%](https://geps.dev/progress/100) |
-| French (Français) (fr_FR)                    | ![91%](https://geps.dev/progress/91)   |
-| German (Deutsch) (de_DE)                     | ![99%](https://geps.dev/progress/99)   |
-| Greek (Ελληνικά) (el_GR)                     | ![69%](https://geps.dev/progress/69)   |
-| Hindi (हिंदी) (hi_IN)                          | ![68%](https://geps.dev/progress/68)   |
+| French (Français) (fr_FR)                    | ![89%](https://geps.dev/progress/89)   |
+| German (Deutsch) (de_DE)                     | ![98%](https://geps.dev/progress/98)   |
+| Greek (Ελληνικά) (el_GR)                     | ![67%](https://geps.dev/progress/67)   |
+| Hindi (हिंदी) (hi_IN)                          | ![67%](https://geps.dev/progress/67)   |
 | Hungarian (Magyar) (hu_HU)                   | ![99%](https://geps.dev/progress/99)   |
-| Indonesian (Bahasa Indonesia) (id_ID)        | ![63%](https://geps.dev/progress/63)   |
-| Irish (Gaeilge) (ga_IE)                      | ![70%](https://geps.dev/progress/70)   |
+| Indonesian (Bahasa Indonesia) (id_ID)        | ![62%](https://geps.dev/progress/62)   |
+| Irish (Gaeilge) (ga_IE)                      | ![68%](https://geps.dev/progress/68)   |
 | Italian (Italiano) (it_IT)                   | ![98%](https://geps.dev/progress/98)   |
-| Japanese (日本語) (ja_JP)                    | ![70%](https://geps.dev/progress/70)   |
-| Korean (한국어) (ko_KR)                      | ![69%](https://geps.dev/progress/69)   |
-| Norwegian (Norsk) (no_NB)                    | ![67%](https://geps.dev/progress/67)   |
-| Persian (فارسی) (fa_IR)                      | ![66%](https://geps.dev/progress/66)   |
-| Polish (Polski) (pl_PL)                      | ![73%](https://geps.dev/progress/73)   |
-| Portuguese (Português) (pt_PT)               | ![70%](https://geps.dev/progress/70)   |
-| Portuguese Brazilian (Português) (pt_BR)     | ![77%](https://geps.dev/progress/77)   |
-| Romanian (Română) (ro_RO)                    | ![59%](https://geps.dev/progress/59)   |
-| Russian (Русский) (ru_RU)                    | ![70%](https://geps.dev/progress/70)   |
-| Serbian Latin alphabet (Srpski) (sr_LATN_RS) | ![97%](https://geps.dev/progress/97)   |
-| Simplified Chinese (简体中文) (zh_CN)         | ![90%](https://geps.dev/progress/90)   |
-| Slovakian (Slovensky) (sk_SK)                | ![53%](https://geps.dev/progress/53)   |
-| Slovenian (Slovenščina) (sl_SI)              | ![73%](https://geps.dev/progress/73)   |
-| Spanish (Español) (es_ES)                    | ![75%](https://geps.dev/progress/75)   |
-| Swedish (Svenska) (sv_SE)                    | ![67%](https://geps.dev/progress/67)   |
-| Thai (ไทย) (th_TH)                           | ![60%](https://geps.dev/progress/60)   |
-| Tibetan (བོད་ཡིག་) (bo_CN)                     | ![66%](https://geps.dev/progress/66) |
-| Traditional Chinese (繁體中文) (zh_TW)        | ![77%](https://geps.dev/progress/77)   |
-| Turkish (Türkçe) (tr_TR)                     | ![82%](https://geps.dev/progress/82)   |
-| Ukrainian (Українська) (uk_UA)               | ![72%](https://geps.dev/progress/72)   |
-| Vietnamese (Tiếng Việt) (vi_VN)              | ![58%](https://geps.dev/progress/58)   |
-| Malayalam (മലയാളം) (ml_IN)              | ![75%](https://geps.dev/progress/75)   |
+| Japanese (日本語) (ja_JP)                    | ![93%](https://geps.dev/progress/93)   |
+| Korean (한국어) (ko_KR)                      | ![67%](https://geps.dev/progress/67)   |
+| Norwegian (Norsk) (no_NB)                    | ![66%](https://geps.dev/progress/66)   |
+| Persian (فارسی) (fa_IR)                      | ![64%](https://geps.dev/progress/64)   |
+| Polish (Polski) (pl_PL)                      | ![72%](https://geps.dev/progress/72)   |
+| Portuguese (Português) (pt_PT)               | ![69%](https://geps.dev/progress/69)   |
+| Portuguese Brazilian (Português) (pt_BR)     | ![76%](https://geps.dev/progress/76)   |
+| Romanian (Română) (ro_RO)                    | ![57%](https://geps.dev/progress/57)   |
+| Russian (Русский) (ru_RU)                    | ![88%](https://geps.dev/progress/88)   |
+| Serbian Latin alphabet (Srpski) (sr_LATN_RS) | ![95%](https://geps.dev/progress/95)   |
+| Simplified Chinese (简体中文) (zh_CN)         | ![93%](https://geps.dev/progress/93)   |
+| Slovakian (Slovensky) (sk_SK)                | ![51%](https://geps.dev/progress/51)   |
+| Slovenian (Slovenščina) (sl_SI)              | ![71%](https://geps.dev/progress/71)   |
+| Spanish (Español) (es_ES)                    | ![74%](https://geps.dev/progress/74)   |
+| Swedish (Svenska) (sv_SE)                    | ![65%](https://geps.dev/progress/65)   |
+| Thai (ไทย) (th_TH)                           | ![59%](https://geps.dev/progress/59)   |
+| Tibetan (བོད་ཡིག་) (bo_CN)                     | ![65%](https://geps.dev/progress/65) |
+| Traditional Chinese (繁體中文) (zh_TW)        | ![97%](https://geps.dev/progress/97)   |
+| Turkish (Türkçe) (tr_TR)                     | ![80%](https://geps.dev/progress/80)   |
+| Ukrainian (Українська) (uk_UA)               | ![71%](https://geps.dev/progress/71)   |
+| Vietnamese (Tiếng Việt) (vi_VN)              | ![57%](https://geps.dev/progress/57)   |
+| Malayalam (മലയാളം) (ml_IN)              | ![73%](https://geps.dev/progress/73)   |

 ## Stirling PDF Enterprise

--- a/app/allowed-licenses.json
+++ b/app/allowed-licenses.json
--- a/app/common/.gitignore
+++ b/app/common/.gitignore
@ -124,7 +124,7 @@ SwaggerDoc.json
 *.rar
 *.db
 /build
-/common/build/
+/app/common/build/

 # Byte-compiled / optimized / DLL files
 __pycache__/
--- a/app/common/build.gradle
+++ b/app/common/build.gradle
@ -4,7 +4,7 @@ bootRun {
 }
 spotless {
    java {
-        target sourceSets.main.allJava
+        target 'src/**/java/**/*.java'
        googleJavaFormat(googleJavaFormatVersion).aosp().reorderImports(false)

        importOrder("java", "javax", "org", "com", "net", "io", "jakarta", "lombok", "me", "stirling")
@ -13,6 +13,18 @@ spotless {
        leadingTabsToSpaces()
        endWithNewline()
    }
+    yaml {
+        target '**/*.yml', '**/*.yaml'
+        trimTrailingWhitespace()
+        leadingTabsToSpaces()
+        endWithNewline()
+    }
+    format 'gradle', {
+        target '**/gradle/*.gradle', '**/*.gradle'
+        trimTrailingWhitespace()
+        leadingTabsToSpaces()
+        endWithNewline()
+    }
 }
 dependencies {
    api 'org.springframework.boot:spring-boot-starter-web'
@ -21,13 +33,13 @@ dependencies {
    api 'com.googlecode.owasp-java-html-sanitizer:owasp-java-html-sanitizer:20240325.1'
    api 'com.fathzer:javaluator:3.0.6'
    api 'com.posthog.java:posthog:1.2.0'
-    api 'org.apache.commons:commons-lang3:3.17.0'
+    api 'org.apache.commons:commons-lang3:3.18.0'
    api 'com.drewnoakes:metadata-extractor:2.19.0' // Image metadata extractor
    api 'com.vladsch.flexmark:flexmark-html2md-converter:0.64.8'
    api "org.apache.pdfbox:pdfbox:$pdfboxVersion"
    api 'jakarta.servlet:jakarta.servlet-api:6.1.0'
-    api 'org.snakeyaml:snakeyaml-engine:2.9'
-    api "org.springdoc:springdoc-openapi-starter-webmvc-ui:2.8.9"
+    api 'org.snakeyaml:snakeyaml-engine:2.10'
+    api "org.springdoc:springdoc-openapi-starter-webmvc-ui:2.8.11"
    api 'jakarta.mail:jakarta.mail-api:2.1.3'
-    runtimeOnly 'org.eclipse.angus:angus-mail:2.0.3'
+    runtimeOnly 'org.eclipse.angus:angus-mail:2.0.4'
 }
--- a/app/common/src/main/java/org/apache/pdfbox/examples/util/DeletingRandomAccessFile.java
+++ b/app/common/src/main/java/org/apache/pdfbox/examples/util/DeletingRandomAccessFile.java
--- a/app/common/src/main/java/stirling/software/common/annotations/AutoJobPostMapping.java
+++ b/app/common/src/main/java/stirling/software/common/annotations/AutoJobPostMapping.java
--- a/app/common/src/main/java/stirling/software/common/aop/AutoJobAspect.java
+++ b/app/common/src/main/java/stirling/software/common/aop/AutoJobAspect.java
@ -19,7 +19,6 @@ import lombok.extern.slf4j.Slf4j;

 import stirling.software.common.annotations.AutoJobPostMapping;
 import stirling.software.common.model.api.PDFFile;
-import stirling.software.common.service.FileOrUploadService;
 import stirling.software.common.service.FileStorage;
 import stirling.software.common.service.JobExecutorService;

@ -34,7 +33,6 @@ public class AutoJobAspect {

    private final JobExecutorService jobExecutorService;
    private final HttpServletRequest request;
-    private final FileOrUploadService fileOrUploadService;
    private final FileStorage fileStorage;

    @Around("@annotation(autoJobPostMapping)")
@ -43,30 +41,25 @@ public class AutoJobAspect {
        // This aspect will run before any audit aspects due to @Order(0)
        // Extract parameters from the request and annotation
        boolean async = Boolean.parseBoolean(request.getParameter("async"));
+        log.debug(
+                "AutoJobAspect: Processing {} {} with async={}",
+                request.getMethod(),
+                request.getRequestURI(),
+                async);
        long timeout = autoJobPostMapping.timeout();
        int retryCount = autoJobPostMapping.retryCount();
        boolean trackProgress = autoJobPostMapping.trackProgress();

        log.debug(
-                "AutoJobPostMapping execution with async={}, timeout={}, retryCount={}, trackProgress={}",
+                "AutoJobPostMapping execution with async={}, timeout={}, retryCount={},"
+                        + " trackProgress={}",
                async,
                timeout > 0 ? timeout : "default",
                retryCount,
                trackProgress);

-        // Copy and process arguments
-        // In a test environment, we might need to update the original objects for verification
-        boolean isTestEnvironment = false;
-        try {
-            isTestEnvironment = Class.forName("org.junit.jupiter.api.Test") != null;
-        } catch (ClassNotFoundException e) {
-            // Not in a test environment
-        }
-
-        Object[] args =
-                isTestEnvironment
-                        ? processArgsInPlace(joinPoint.getArgs(), async)
-                        : copyAndProcessArgs(joinPoint.getArgs(), async);
+        // Process arguments in-place to avoid type mismatch issues
+        Object[] args = processArgsInPlace(joinPoint.getArgs(), async);

        // Extract queueable and resourceWeight parameters and validate
        boolean queueable = autoJobPostMapping.queueable();
@ -154,7 +147,8 @@ public class AutoJobAspect {
                        } catch (Throwable ex) {
                            lastException = ex;
                            log.error(
-                                    "AutoJobAspect caught exception during job execution (attempt {}/{}): {}",
+                                    "AutoJobAspect caught exception during job execution (attempt"
+                                            + " {}/{}): {}",
                                    currentAttempt,
                                    maxRetries,
                                    ex.getMessage(),
@ -230,78 +224,8 @@ public class AutoJobAspect {
    }

    /**
-     * Creates deep copies of arguments when needed to avoid mutating the original objects
-     * Particularly important for PDFFile objects that might be reused by Spring
-     *
-     * @param originalArgs The original arguments
-     * @param async Whether this is an async operation
-     * @return A new array with safely processed arguments
-     */
-    private Object[] copyAndProcessArgs(Object[] originalArgs, boolean async) {
-        if (originalArgs == null || originalArgs.length == 0) {
-            return originalArgs;
-        }
-
-        Object[] processedArgs = new Object[originalArgs.length];
-
-        // Copy all arguments
-        for (int i = 0; i < originalArgs.length; i++) {
-            Object arg = originalArgs[i];
-
-            if (arg instanceof PDFFile pdfFile) {
-                // Create a copy of PDFFile to avoid mutating the original
-                // Using direct property access instead of reflection for better performance
-                PDFFile pdfFileCopy = new PDFFile();
-                pdfFileCopy.setFileId(pdfFile.getFileId());
-                pdfFileCopy.setFileInput(pdfFile.getFileInput());
-
-                // Case 1: fileId is provided but no fileInput
-                if (pdfFileCopy.getFileInput() == null && pdfFileCopy.getFileId() != null) {
-                    try {
-                        log.debug("Using fileId {} to get file content", pdfFileCopy.getFileId());
-                        MultipartFile file = fileStorage.retrieveFile(pdfFileCopy.getFileId());
-                        pdfFileCopy.setFileInput(file);
-                    } catch (Exception e) {
-                        throw new RuntimeException(
-                                "Failed to resolve file by ID: " + pdfFileCopy.getFileId(), e);
-                    }
-                }
-                // Case 2: For async requests, we need to make a copy of the MultipartFile
-                else if (async && pdfFileCopy.getFileInput() != null) {
-                    try {
-                        log.debug("Making persistent copy of uploaded file for async processing");
-                        MultipartFile originalFile = pdfFileCopy.getFileInput();
-                        String fileId = fileStorage.storeFile(originalFile);
-
-                        // Store the fileId for later reference
-                        pdfFileCopy.setFileId(fileId);
-
-                        // Replace the original MultipartFile with our persistent copy
-                        MultipartFile persistentFile = fileStorage.retrieveFile(fileId);
-                        pdfFileCopy.setFileInput(persistentFile);
-
-                        log.debug("Created persistent file copy with fileId: {}", fileId);
-                    } catch (IOException e) {
-                        throw new RuntimeException(
-                                "Failed to create persistent copy of uploaded file", e);
-                    }
-                }
-
-                processedArgs[i] = pdfFileCopy;
-            } else {
-                // For non-PDFFile objects, just pass the original reference
-                // If other classes need copy-on-write, add them here
-                processedArgs[i] = arg;
-            }
-        }
-
-        return processedArgs;
-    }
-
-    /**
-     * Processes arguments in-place for testing purposes This is similar to our original
-     * implementation before introducing copy-on-write It's only used in test environments to
-     * maintain test compatibility
+     * Processes arguments in-place to handle file resolution and async file persistence. This
+     * approach avoids type mismatch issues by modifying the original objects directly.
     *
     * @param originalArgs The original arguments
     * @param async Whether this is an async operation
--- a/app/common/src/main/java/stirling/software/common/config/TempFileConfiguration.java
+++ b/app/common/src/main/java/stirling/software/common/config/TempFileConfiguration.java
--- a/app/common/src/main/java/stirling/software/common/config/TempFileShutdownHook.java
+++ b/app/common/src/main/java/stirling/software/common/config/TempFileShutdownHook.java
@ -6,7 +6,6 @@ import java.nio.file.Path;
 import java.util.Set;

 import org.springframework.beans.factory.DisposableBean;
-import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;

 import lombok.extern.slf4j.Slf4j;
@ -24,7 +23,6 @@ public class TempFileShutdownHook implements DisposableBean {

    private final TempFileRegistry registry;

-    @Autowired
    public TempFileShutdownHook(TempFileRegistry registry) {
        this.registry = registry;

--- a/app/common/src/main/java/stirling/software/common/configuration/AppConfig.java
+++ b/app/common/src/main/java/stirling/software/common/configuration/AppConfig.java
@ -8,9 +8,9 @@ import java.util.List;
 import java.util.Locale;
 import java.util.Properties;
 import java.util.function.Predicate;
+import java.util.stream.Stream;

 import org.springframework.beans.factory.annotation.Value;
-import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingClass;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
@ -21,6 +21,7 @@ import org.springframework.core.env.Environment;
 import org.springframework.core.io.ClassPathResource;
 import org.springframework.core.io.Resource;
 import org.springframework.core.io.ResourceLoader;
+import org.springframework.util.ClassUtils;
 import org.thymeleaf.spring6.SpringTemplateEngine;

 import lombok.Getter;
@ -51,6 +52,14 @@ public class AppConfig {
    @Value("${server.port:8080}")
    private String serverPort;

+    @Value("${v2}")
+    public boolean v2Enabled;
+
+    @Bean
+    public boolean v2Enabled() {
+        return v2Enabled;
+    }
+
    @Bean
    @ConditionalOnProperty(name = "system.customHTMLFiles", havingValue = "true")
    public SpringTemplateEngine templateEngine(ResourceLoader resourceLoader) {
@ -120,7 +129,7 @@ public class AppConfig {
    public boolean rateLimit() {
        String rateLimit = System.getProperty("rateLimit");
        if (rateLimit == null) rateLimit = System.getenv("rateLimit");
-        return (rateLimit != null) ? Boolean.valueOf(rateLimit) : false;
+        return Boolean.parseBoolean(rateLimit);
    }

    @Bean(name = "RunningInDocker")
@ -140,31 +149,18 @@ public class AppConfig {
        if (!Files.exists(mountInfo)) {
            return true;
        }
-        try {
-            return Files.lines(mountInfo).anyMatch(line -> line.contains(" /configs "));
+        try (Stream<String> lines = Files.lines(mountInfo)) {
+            return lines.anyMatch(line -> line.contains(" /configs "));
        } catch (IOException e) {
            return false;
        }
    }

    @Bean(name = "activeSecurity")
-    public boolean activeSecurity() {
-        String disableAdditionalFeatures = env.getProperty("DISABLE_ADDITIONAL_FEATURES");
-
-        if (disableAdditionalFeatures != null) {
-            // DISABLE_ADDITIONAL_FEATURES=true means security OFF, so return false
-            // DISABLE_ADDITIONAL_FEATURES=false means security ON, so return true
-            return !Boolean.parseBoolean(disableAdditionalFeatures);
-        }
-
-        return env.getProperty("DOCKER_ENABLE_SECURITY", Boolean.class, true);
-    }
-
-    @Bean(name = "missingActiveSecurity")
-    @ConditionalOnMissingClass(
-            "stirling.software.proprietary.security.configuration.SecurityConfiguration")
    public boolean missingActiveSecurity() {
-        return true;
+        return ClassUtils.isPresent(
+                "stirling.software.proprietary.security.configuration.SecurityConfiguration",
+                this.getClass().getClassLoader());
    }

    @Bean(name = "directoryFilter")
--- a/app/common/src/main/java/stirling/software/common/configuration/ConfigInitializer.java
+++ b/app/common/src/main/java/stirling/software/common/configuration/ConfigInitializer.java
@ -23,10 +23,30 @@ import stirling.software.common.util.YamlHelper;
@Slf4j
 public class ConfigInitializer {

+    private static final int MIN_SETTINGS_FILE_LINES = 31;
+
    public void ensureConfigExists() throws IOException, URISyntaxException {
        // 1) If settings file doesn't exist, create from template
        Path destPath = Paths.get(InstallationPathConfig.getSettingsPath());
-        if (Files.notExists(destPath)) {
+
+        boolean settingsFileExists = Files.exists(destPath);
+
+        long lineCount = settingsFileExists ? Files.readAllLines(destPath).size() : 0;
+
+        log.info("Current settings file line count: {}", lineCount);
+
+        if (!settingsFileExists || lineCount < MIN_SETTINGS_FILE_LINES) {
+            if (settingsFileExists) {
+                // move settings.yml to settings.yml.{timestamp}.bak
+                Path backupPath =
+                        Paths.get(
+                                InstallationPathConfig.getSettingsPath()
+                                        + "."
+                                        + System.currentTimeMillis()
+                                        + ".bak");
+                Files.move(destPath, backupPath, StandardCopyOption.REPLACE_EXISTING);
+                log.info("Moved existing settings file to backup: {}", backupPath);
+            }
            Files.createDirectories(destPath.getParent());
            try (InputStream in =
                    getClass().getClassLoader().getResourceAsStream("settings.yml.template")) {
--- a/app/common/src/main/java/stirling/software/common/configuration/FileFallbackTemplateResolver.java
+++ b/app/common/src/main/java/stirling/software/common/configuration/FileFallbackTemplateResolver.java
--- a/app/common/src/main/java/stirling/software/common/configuration/InstallationPathConfig.java
+++ b/app/common/src/main/java/stirling/software/common/configuration/InstallationPathConfig.java
@ -14,10 +14,17 @@ public class InstallationPathConfig {
    private static final String CONFIG_PATH;
    private static final String CUSTOM_FILES_PATH;
    private static final String CLIENT_WEBUI_PATH;
+    private static final String PIPELINE_PATH;

    // Config paths
    private static final String SETTINGS_PATH;
    private static final String CUSTOM_SETTINGS_PATH;
+    private static final String SCRIPTS_PATH;
+    private static final String BACKUP_PATH;
+
+    // Backup paths
+    private static final String BACKUP_DB_PATH;
+    private static final String BACKUP_PRIVATE_KEY_PATH;

    // Custom file paths
    private static final String STATIC_PATH;
@ -32,10 +39,17 @@ public class InstallationPathConfig {
        CONFIG_PATH = BASE_PATH + "configs" + File.separator;
        CUSTOM_FILES_PATH = BASE_PATH + "customFiles" + File.separator;
        CLIENT_WEBUI_PATH = BASE_PATH + "clientWebUI" + File.separator;
+        PIPELINE_PATH = BASE_PATH + "pipeline" + File.separator;

        // Initialize config paths
        SETTINGS_PATH = CONFIG_PATH + "settings.yml";
        CUSTOM_SETTINGS_PATH = CONFIG_PATH + "custom_settings.yml";
+        SCRIPTS_PATH = CONFIG_PATH + "scripts" + File.separator;
+        BACKUP_PATH = CONFIG_PATH + "backup" + File.separator;
+
+        // Initialize backup paths
+        BACKUP_DB_PATH = BACKUP_PATH + "db" + File.separator;
+        BACKUP_PRIVATE_KEY_PATH = BACKUP_PATH + "keys" + File.separator;

        // Initialize custom file paths
        STATIC_PATH = CUSTOM_FILES_PATH + "static" + File.separator;
@ -89,6 +103,14 @@ public class InstallationPathConfig {
        return CLIENT_WEBUI_PATH;
    }

+    public static String getScriptsPath() {
+        return SCRIPTS_PATH;
+    }
+
+    public static String getPipelinePath() {
+        return PIPELINE_PATH;
+    }
+
    public static String getSettingsPath() {
        return SETTINGS_PATH;
    }
@ -108,4 +130,12 @@ public class InstallationPathConfig {
    public static String getSignaturesPath() {
        return SIGNATURES_PATH;
    }
+
+    public static String getPrivateKeyPath() {
+        return BACKUP_PRIVATE_KEY_PATH;
+    }
+
+    public static String getBackupPath() {
+        return BACKUP_DB_PATH;
+    }
 }
--- a/app/common/src/main/java/stirling/software/common/configuration/PostHogConfig.java
+++ b/app/common/src/main/java/stirling/software/common/configuration/PostHogConfig.java
--- a/app/common/src/main/java/stirling/software/common/configuration/PostHogLoggerImpl.java
+++ b/app/common/src/main/java/stirling/software/common/configuration/PostHogLoggerImpl.java
--- a/app/common/src/main/java/stirling/software/common/configuration/RuntimePathConfig.java
+++ b/app/common/src/main/java/stirling/software/common/configuration/RuntimePathConfig.java
--- a/app/common/src/main/java/stirling/software/common/configuration/YamlPropertySourceFactory.java
+++ b/app/common/src/main/java/stirling/software/common/configuration/YamlPropertySourceFactory.java
--- a/app/common/src/main/java/stirling/software/common/configuration/interfaces/ShowAdminInterface.java
+++ b/app/common/src/main/java/stirling/software/common/configuration/interfaces/ShowAdminInterface.java
--- a/app/common/src/main/java/stirling/software/common/model/ApplicationProperties.java
+++ b/app/common/src/main/java/stirling/software/common/model/ApplicationProperties.java
@ -25,6 +25,9 @@ import org.springframework.core.io.Resource;
 import org.springframework.core.io.support.EncodedResource;
 import org.springframework.stereotype.Component;

+import com.fasterxml.jackson.annotation.JsonIgnore;
+import com.fasterxml.jackson.annotation.JsonProperty;
+
 import lombok.Data;
 import lombok.Getter;
 import lombok.Setter;
@ -58,7 +61,10 @@ public class ApplicationProperties {
    private Mail mail = new Mail();

    private Premium premium = new Premium();
+
+    @JsonIgnore // Deprecated - completely hidden from JSON serialization
    private EnterpriseEdition enterpriseEdition = new EnterpriseEdition();
+
    private AutoPipeline autoPipeline = new AutoPipeline();
    private ProcessExecutor processExecutor = new ProcessExecutor();

@ -113,6 +119,7 @@ public class ApplicationProperties {
        private long loginResetTimeMinutes;
        private String loginMethod = "all";
        private String customGlobalAPIKey;
+        private Jwt jwt = new Jwt();

        public Boolean isAltLogin() {
            return saml2.getEnabled() || oauth2.getEnabled();
@ -168,17 +175,30 @@ public class ApplicationProperties {
            private Boolean autoCreateUser = false;
            private Boolean blockRegistration = false;
            private String registrationId = "stirling";
-            @ToString.Exclude private String idpMetadataUri;
+
+            @ToString.Exclude
+            @JsonProperty("idpMetadataUri")
+            private String idpMetadataUri;
+
            private String idpSingleLogoutUrl;
            private String idpSingleLoginUrl;
            private String idpIssuer;
-            private String idpCert;
-            @ToString.Exclude private String privateKey;
-            @ToString.Exclude private String spCert;

+            @JsonProperty("idpCert")
+            private String idpCert;
+
+            @ToString.Exclude
+            @JsonProperty("privateKey")
+            private String privateKey;
+
+            @ToString.Exclude
+            @JsonProperty("spCert")
+            private String spCert;
+
+            @JsonIgnore
            public InputStream getIdpMetadataUri() throws IOException {
                if (idpMetadataUri.startsWith("classpath:")) {
-                    return new ClassPathResource(idpMetadataUri.substring("classpath".length()))
+                    return new ClassPathResource(idpMetadataUri.substring("classpath:".length()))
                            .getInputStream();
                }
                try {
@ -192,6 +212,7 @@ public class ApplicationProperties {
                }
            }

+            @JsonIgnore
            public Resource getSpCert() {
                if (spCert == null) return null;
                if (spCert.startsWith("classpath:")) {
@ -201,6 +222,7 @@ public class ApplicationProperties {
                }
            }

+            @JsonIgnore
            public Resource getIdpCert() {
                if (idpCert == null) return null;
                if (idpCert.startsWith("classpath:")) {
@ -210,7 +232,9 @@ public class ApplicationProperties {
                }
            }

+            @JsonIgnore
            public Resource getPrivateKey() {
+                if (privateKey == null) return null;
                if (privateKey.startsWith("classpath:")) {
                    return new ClassPathResource(privateKey.substring("classpath:".length()));
                } else {
@ -275,6 +299,15 @@ public class ApplicationProperties {
                }
            }
        }
+
+        @Data
+        public static class Jwt {
+            private boolean enableKeystore = true;
+            private boolean enableKeyRotation = false;
+            private boolean enableKeyCleanup = true;
+            private int keyRetentionDays = 7;
+            private boolean secureCookie;
+        }
    }

    @Data
@ -289,7 +322,9 @@ public class ApplicationProperties {
        private Boolean enableAnalytics;
        private Datasource datasource;
        private Boolean disableSanitize;
+        private int maxDPI;
        private Boolean enableUrlToPDF;
+        private Html html = new Html();
        private CustomPaths customPaths = new CustomPaths();
        private String fileUploadLimit;
        private TempFileManagement tempFileManagement = new TempFileManagement();
@ -320,8 +355,12 @@ public class ApplicationProperties {

    @Data
    public static class TempFileManagement {
+        @JsonProperty("baseTmpDir")
        private String baseTmpDir = "";
+
+        @JsonProperty("libreofficeDir")
        private String libreofficeDir = "";
+
        private String systemTempDir = "";
        private String prefix = "stirling-pdf-";
        private long maxAgeHours = 24;
@ -329,12 +368,14 @@ public class ApplicationProperties {
        private boolean startupCleanup = true;
        private boolean cleanupSystemTemp = false;

+        @JsonIgnore
        public String getBaseTmpDir() {
            return baseTmpDir != null && !baseTmpDir.isEmpty()
                    ? baseTmpDir
                    : java.lang.System.getProperty("java.io.tmpdir") + "/stirling-pdf";
        }

+        @JsonIgnore
        public String getLibreofficeDir() {
            return libreofficeDir != null && !libreofficeDir.isEmpty()
                    ? libreofficeDir
@ -342,6 +383,25 @@ public class ApplicationProperties {
        }
    }

+    @Data
+    public static class Html {
+        private UrlSecurity urlSecurity = new UrlSecurity();
+
+        @Data
+        public static class UrlSecurity {
+            private boolean enabled = true;
+            private String level = "MEDIUM"; // MAX, MEDIUM, OFF
+            private List<String> allowedDomains = new ArrayList<>();
+            private List<String> blockedDomains = new ArrayList<>();
+            private List<String> internalTlds =
+                    Arrays.asList(".local", ".internal", ".corp", ".home");
+            private boolean blockPrivateNetworks = true;
+            private boolean blockLocalhost = true;
+            private boolean blockLinkLocal = true;
+            private boolean blockCloudMetadata = true;
+        }
+    }
+
    @Data
    public static class Datasource {
        private boolean enableCustomDatabase;
@ -591,12 +651,24 @@ public class ApplicationProperties {

        @Data
        public static class TimeoutMinutes {
+            @JsonProperty("libreOfficetimeoutMinutes")
            private long libreOfficeTimeoutMinutes;
+
+            @JsonProperty("pdfToHtmltimeoutMinutes")
            private long pdfToHtmlTimeoutMinutes;
+
+            @JsonProperty("pythonOpenCvtimeoutMinutes")
            private long pythonOpenCvTimeoutMinutes;
+
+            @JsonProperty("weasyPrinttimeoutMinutes")
            private long weasyPrintTimeoutMinutes;
+
+            @JsonProperty("installApptimeoutMinutes")
            private long installAppTimeoutMinutes;
+
+            @JsonProperty("calibretimeoutMinutes")
            private long calibreTimeoutMinutes;
+
            private long tesseractTimeoutMinutes;
            private long qpdfTimeoutMinutes;
            private long ghostscriptTimeoutMinutes;
--- a/app/common/src/main/java/stirling/software/common/model/FileInfo.java
+++ b/app/common/src/main/java/stirling/software/common/model/FileInfo.java
@ -8,9 +8,11 @@ import java.util.Locale;

 import lombok.AllArgsConstructor;
 import lombok.Data;
+import lombok.NoArgsConstructor;

-@AllArgsConstructor
@Data
+@NoArgsConstructor
+@AllArgsConstructor
 public class FileInfo {
    private static final DateTimeFormatter DATE_FORMATTER =
            DateTimeFormatter.ofPattern("yyyy-MM-dd HH:mm:ss");
--- a/app/common/src/main/java/stirling/software/common/model/InputStreamTemplateResource.java
+++ b/app/common/src/main/java/stirling/software/common/model/InputStreamTemplateResource.java
--- a/app/common/src/main/java/stirling/software/common/model/PdfMetadata.java
+++ b/app/common/src/main/java/stirling/software/common/model/PdfMetadata.java
@ -2,11 +2,15 @@ package stirling.software.common.model;

 import java.util.Calendar;

+import lombok.AllArgsConstructor;
 import lombok.Builder;
 import lombok.Data;
+import lombok.NoArgsConstructor;

@Data
@Builder
+@NoArgsConstructor
+@AllArgsConstructor
 public class PdfMetadata {
    private String author;
    private String producer;
--- a/app/common/src/main/java/stirling/software/common/model/api/GeneralFile.java
+++ b/app/common/src/main/java/stirling/software/common/model/api/GeneralFile.java
--- a/app/common/src/main/java/stirling/software/common/model/api/PDFFile.java
+++ b/app/common/src/main/java/stirling/software/common/model/api/PDFFile.java
--- a/app/common/src/main/java/stirling/software/common/model/api/converters/EmlToPdfRequest.java
+++ b/app/common/src/main/java/stirling/software/common/model/api/converters/EmlToPdfRequest.java
--- a/app/common/src/main/java/stirling/software/common/model/api/converters/HTMLToPdfRequest.java
+++ b/app/common/src/main/java/stirling/software/common/model/api/converters/HTMLToPdfRequest.java
--- a/app/common/src/main/java/stirling/software/common/model/api/misc/HighContrastColorCombination.java
+++ b/app/common/src/main/java/stirling/software/common/model/api/misc/HighContrastColorCombination.java
--- a/app/common/src/main/java/stirling/software/common/model/api/misc/ReplaceAndInvert.java
+++ b/app/common/src/main/java/stirling/software/common/model/api/misc/ReplaceAndInvert.java
--- a/app/common/src/main/java/stirling/software/common/model/api/security/RedactionArea.java
+++ b/app/common/src/main/java/stirling/software/common/model/api/security/RedactionArea.java
--- a/app/common/src/main/java/stirling/software/common/model/enumeration/Role.java
+++ b/app/common/src/main/java/stirling/software/common/model/enumeration/Role.java
--- a/app/common/src/main/java/stirling/software/common/model/enumeration/UsernameAttribute.java
+++ b/app/common/src/main/java/stirling/software/common/model/enumeration/UsernameAttribute.java
--- a/app/common/src/main/java/stirling/software/common/model/exception/UnsupportedClaimException.java
+++ b/app/common/src/main/java/stirling/software/common/model/exception/UnsupportedClaimException.java
--- a/app/common/src/main/java/stirling/software/common/model/exception/UnsupportedProviderException.java
+++ b/app/common/src/main/java/stirling/software/common/model/exception/UnsupportedProviderException.java
--- a/app/common/src/main/java/stirling/software/common/model/job/JobProgress.java
+++ b/app/common/src/main/java/stirling/software/common/model/job/JobProgress.java
--- a/app/common/src/main/java/stirling/software/common/model/job/JobResponse.java
+++ b/app/common/src/main/java/stirling/software/common/model/job/JobResponse.java
--- a/app/common/src/main/java/stirling/software/common/model/job/JobResult.java
+++ b/app/common/src/main/java/stirling/software/common/model/job/JobResult.java
@ -1,10 +1,13 @@
 package stirling.software.common.model.job;

 import java.time.LocalDateTime;
+import java.util.ArrayList;
 import java.util.Collections;
 import java.util.List;
 import java.util.concurrent.CopyOnWriteArrayList;

+import com.fasterxml.jackson.annotation.JsonIgnore;
+
 import lombok.AllArgsConstructor;
 import lombok.Builder;
 import lombok.Data;
@ -26,14 +29,8 @@ public class JobResult {
    /** Error message if the job failed */
    private String error;

-    /** The file ID of the result file, if applicable */
-    private String fileId;
-
-    /** Original file name, if applicable */
-    private String originalFileName;
-
-    /** MIME type of the result, if applicable */
-    private String contentType;
+    /** List of result files for jobs that produce files */
+    @JsonIgnore private List<ResultFile> resultFiles;

    /** Time when the job was created */
    private LocalDateTime createdAt;
@ -64,21 +61,6 @@ public class JobResult {
                .build();
    }

-    /**
-     * Mark this job as complete with a file result
-     *
-     * @param fileId The file ID of the result
-     * @param originalFileName The original file name
-     * @param contentType The content type of the file
-     */
-    public void completeWithFile(String fileId, String originalFileName, String contentType) {
-        this.complete = true;
-        this.fileId = fileId;
-        this.originalFileName = originalFileName;
-        this.contentType = contentType;
-        this.completedAt = LocalDateTime.now();
-    }
-
    /**
     * Mark this job as complete with a general result
     *
@ -101,6 +83,67 @@ public class JobResult {
        this.completedAt = LocalDateTime.now();
    }

+    /**
+     * Mark this job as complete with multiple file results
+     *
+     * @param resultFiles The list of result files
+     */
+    public void completeWithFiles(List<ResultFile> resultFiles) {
+        this.complete = true;
+        this.resultFiles = new ArrayList<>(resultFiles);
+        this.completedAt = LocalDateTime.now();
+    }
+
+    /**
+     * Mark this job as complete with a single file result (convenience method)
+     *
+     * @param fileId The file ID of the result
+     * @param fileName The file name
+     * @param contentType The content type of the file
+     * @param fileSize The size of the file in bytes
+     */
+    public void completeWithSingleFile(
+            String fileId, String fileName, String contentType, long fileSize) {
+        ResultFile resultFile =
+                ResultFile.builder()
+                        .fileId(fileId)
+                        .fileName(fileName)
+                        .contentType(contentType)
+                        .fileSize(fileSize)
+                        .build();
+        completeWithFiles(List.of(resultFile));
+    }
+
+    /**
+     * Check if this job has file results
+     *
+     * @return true if this job has file results, false otherwise
+     */
+    public boolean hasFiles() {
+        return resultFiles != null && !resultFiles.isEmpty();
+    }
+
+    /**
+     * Check if this job has multiple file results
+     *
+     * @return true if this job has multiple file results, false otherwise
+     */
+    public boolean hasMultipleFiles() {
+        return resultFiles != null && resultFiles.size() > 1;
+    }
+
+    /**
+     * Get all result files
+     *
+     * @return List of result files
+     */
+    public List<ResultFile> getAllResultFiles() {
+        if (resultFiles != null && !resultFiles.isEmpty()) {
+            return Collections.unmodifiableList(resultFiles);
+        }
+        return Collections.emptyList();
+    }
+
    /**
     * Add a note to this job
     *
--- a/app/common/src/main/java/stirling/software/common/model/job/JobStats.java
+++ b/app/common/src/main/java/stirling/software/common/model/job/JobStats.java
--- a/app/common/src/main/java/stirling/software/common/model/job/ResultFile.java
+++ b/app/common/src/main/java/stirling/software/common/model/job/ResultFile.java
@ -0,0 +1,26 @@
+package stirling.software.common.model.job;
+
+import lombok.AllArgsConstructor;
+import lombok.Builder;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+
+/** Represents a single file result from a job execution */
+@Data
+@Builder
+@NoArgsConstructor
+@AllArgsConstructor
+public class ResultFile {
+
+    /** The file ID for accessing the file */
+    private String fileId;
+
+    /** The original file name */
+    private String fileName;
+
+    /** MIME type of the file */
+    private String contentType;
+
+    /** Size of the file in bytes */
+    private long fileSize;
+}
--- a/app/common/src/main/java/stirling/software/common/model/oauth2/GitHubProvider.java
+++ b/app/common/src/main/java/stirling/software/common/model/oauth2/GitHubProvider.java
--- a/app/common/src/main/java/stirling/software/common/model/oauth2/GoogleProvider.java
+++ b/app/common/src/main/java/stirling/software/common/model/oauth2/GoogleProvider.java
--- a/app/common/src/main/java/stirling/software/common/model/oauth2/KeycloakProvider.java
+++ b/app/common/src/main/java/stirling/software/common/model/oauth2/KeycloakProvider.java
--- a/app/common/src/main/java/stirling/software/common/model/oauth2/Provider.java
+++ b/app/common/src/main/java/stirling/software/common/model/oauth2/Provider.java
--- a/app/common/src/main/java/stirling/software/common/service/CustomPDFDocumentFactory.java
+++ b/app/common/src/main/java/stirling/software/common/service/CustomPDFDocumentFactory.java
--- a/app/common/src/main/java/stirling/software/common/service/FileOrUploadService.java
+++ b/app/common/src/main/java/stirling/software/common/service/FileOrUploadService.java
--- a/app/common/src/main/java/stirling/software/common/service/FileStorage.java
+++ b/app/common/src/main/java/stirling/software/common/service/FileStorage.java
@ -131,14 +131,46 @@ public class FileStorage {
        return Files.exists(filePath);
    }

+    /**
+     * Get the size of a file by its ID without loading the content into memory
+     *
+     * @param fileId The ID of the file
+     * @return The size of the file in bytes
+     * @throws IOException If the file doesn't exist or can't be read
+     */
+    public long getFileSize(String fileId) throws IOException {
+        Path filePath = getFilePath(fileId);
+
+        if (!Files.exists(filePath)) {
+            throw new IOException("File not found with ID: " + fileId);
+        }
+
+        return Files.size(filePath);
+    }
+
    /**
     * Get the path for a file ID
     *
     * @param fileId The ID of the file
     * @return The path to the file
+     * @throws IllegalArgumentException if fileId contains path traversal characters or resolves
+     *     outside base directory
     */
    private Path getFilePath(String fileId) {
-        return Path.of(tempDirPath).resolve(fileId);
+        // Validate fileId to prevent path traversal
+        if (fileId.contains("..") || fileId.contains("/") || fileId.contains("\\")) {
+            throw new IllegalArgumentException("Invalid file ID");
+        }
+
+        Path basePath = Path.of(tempDirPath).normalize().toAbsolutePath();
+        Path resolvedPath = basePath.resolve(fileId).normalize();
+
+        // Ensure resolved path is within the base directory
+        if (!resolvedPath.startsWith(basePath)) {
+            throw new IllegalArgumentException("File ID resolves to an invalid path");
+        }
+
+        return resolvedPath;
    }

    /**
--- a/app/common/src/main/java/stirling/software/common/service/JobExecutorService.java
+++ b/app/common/src/main/java/stirling/software/common/service/JobExecutorService.java
@ -252,8 +252,10 @@ public class JobExecutorService {
                        }
                    }

-                    if (response.getHeaders().getContentType() != null) {
-                        contentType = response.getHeaders().getContentType().toString();
+                    MediaType mediaType = response.getHeaders().getContentType();
+
+                    if (mediaType != null) {
+                        contentType = mediaType.toString();
                    }

                    // Store byte array directly to disk
--- a/app/common/src/main/java/stirling/software/common/service/JobQueue.java
+++ b/app/common/src/main/java/stirling/software/common/service/JobQueue.java
--- a/app/common/src/main/java/stirling/software/common/service/PdfMetadataService.java
+++ b/app/common/src/main/java/stirling/software/common/service/PdfMetadataService.java
--- a/app/common/src/main/java/stirling/software/common/service/PostHogService.java
+++ b/app/common/src/main/java/stirling/software/common/service/PostHogService.java
--- a/app/common/src/main/java/stirling/software/common/service/ResourceMonitor.java
+++ b/app/common/src/main/java/stirling/software/common/service/ResourceMonitor.java
--- a/app/common/src/main/java/stirling/software/common/service/SsrfProtectionService.java
+++ b/app/common/src/main/java/stirling/software/common/service/SsrfProtectionService.java
@ -0,0 +1,266 @@
+package stirling.software.common.service;
+
+import java.net.Inet4Address;
+import java.net.Inet6Address;
+import java.net.InetAddress;
+import java.net.URI;
+import java.net.UnknownHostException;
+import java.util.regex.Pattern;
+
+import org.springframework.stereotype.Service;
+
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+
+import stirling.software.common.model.ApplicationProperties;
+
+@Service
+@RequiredArgsConstructor
+@Slf4j
+public class SsrfProtectionService {
+
+    private final ApplicationProperties applicationProperties;
+
+    private static final Pattern DATA_URL_PATTERN =
+            Pattern.compile("^data:.*", Pattern.CASE_INSENSITIVE);
+    private static final Pattern FRAGMENT_PATTERN = Pattern.compile("^#.*");
+
+    public enum SsrfProtectionLevel {
+        OFF, // No SSRF protection - allows all URLs
+        MEDIUM, // Block internal networks but allow external URLs
+        MAX // Block all external URLs - only data: and fragments
+    }
+
+    public boolean isUrlAllowed(String url) {
+        ApplicationProperties.Html.UrlSecurity config =
+                applicationProperties.getSystem().getHtml().getUrlSecurity();
+
+        if (!config.isEnabled()) {
+            return true;
+        }
+
+        if (url == null || url.trim().isEmpty()) {
+            return false;
+        }
+
+        String trimmedUrl = url.trim();
+
+        // Always allow data URLs and fragments
+        if (DATA_URL_PATTERN.matcher(trimmedUrl).matches()
+                || FRAGMENT_PATTERN.matcher(trimmedUrl).matches()) {
+            return true;
+        }
+
+        SsrfProtectionLevel level = parseProtectionLevel(config.getLevel());
+
+        return switch (level) {
+            case OFF -> true;
+            case MAX -> isMaxSecurityAllowed(trimmedUrl, config);
+            case MEDIUM -> isMediumSecurityAllowed(trimmedUrl, config);
+            default -> false;
+        };
+    }
+
+    private SsrfProtectionLevel parseProtectionLevel(String level) {
+        try {
+            return SsrfProtectionLevel.valueOf(level.toUpperCase());
+        } catch (IllegalArgumentException e) {
+            log.warn("Invalid SSRF protection level '{}', defaulting to MEDIUM", level);
+            return SsrfProtectionLevel.MEDIUM;
+        }
+    }
+
+    private boolean isMaxSecurityAllowed(
+            String url, ApplicationProperties.Html.UrlSecurity config) {
+        // MAX security: only allow explicitly whitelisted domains
+        try {
+            URI uri = new URI(url);
+            String host = uri.getHost();
+
+            if (host == null) {
+                return false;
+            }
+
+            return config.getAllowedDomains().contains(host.toLowerCase());
+
+        } catch (Exception e) {
+            log.debug("Failed to parse URL for MAX security check: {}", url, e);
+            return false;
+        }
+    }
+
+    private boolean isMediumSecurityAllowed(
+            String url, ApplicationProperties.Html.UrlSecurity config) {
+        try {
+            URI uri = new URI(url);
+            String host = uri.getHost();
+
+            if (host == null) {
+                return false;
+            }
+
+            String hostLower = host.toLowerCase();
+
+            // Check explicit blocked domains
+            if (config.getBlockedDomains().contains(hostLower)) {
+                log.debug("URL blocked by explicit domain blocklist: {}", url);
+                return false;
+            }
+
+            // Check internal TLD patterns
+            for (String tld : config.getInternalTlds()) {
+                if (hostLower.endsWith(tld.toLowerCase())) {
+                    log.debug("URL blocked by internal TLD pattern '{}': {}", tld, url);
+                    return false;
+                }
+            }
+
+            // If allowedDomains is specified, only allow those
+            if (!config.getAllowedDomains().isEmpty()) {
+                boolean isAllowed =
+                        config.getAllowedDomains().stream()
+                                .anyMatch(
+                                        domain ->
+                                                hostLower.equals(domain.toLowerCase())
+                                                        || hostLower.endsWith(
+                                                                "." + domain.toLowerCase()));
+
+                if (!isAllowed) {
+                    log.debug("URL not in allowed domains list: {}", url);
+                    return false;
+                }
+            }
+
+            // Resolve hostname to IP address for network-based checks
+            try {
+                InetAddress address = InetAddress.getByName(host);
+
+                if (config.isBlockPrivateNetworks() && isPrivateAddress(address)) {
+                    log.debug("URL blocked - private network address: {}", url);
+                    return false;
+                }
+
+                if (config.isBlockLocalhost() && address.isLoopbackAddress()) {
+                    log.debug("URL blocked - localhost address: {}", url);
+                    return false;
+                }
+
+                if (config.isBlockLinkLocal() && address.isLinkLocalAddress()) {
+                    log.debug("URL blocked - link-local address: {}", url);
+                    return false;
+                }
+
+                if (config.isBlockCloudMetadata()
+                        && isCloudMetadataAddress(address.getHostAddress())) {
+                    log.debug("URL blocked - cloud metadata endpoint: {}", url);
+                    return false;
+                }
+
+            } catch (UnknownHostException e) {
+                log.debug("Failed to resolve hostname for SSRF check: {}", host, e);
+                return false;
+            }
+
+            return true;
+
+        } catch (Exception e) {
+            log.debug("Failed to parse URL for MEDIUM security check: {}", url, e);
+            return false;
+        }
+    }
+
+    private boolean isPrivateAddress(InetAddress address) {
+        if (address.isAnyLocalAddress() || address.isLoopbackAddress()) {
+            return true;
+        }
+
+        if (address instanceof Inet4Address) {
+            return isPrivateIPv4Range(address.getHostAddress());
+        }
+
+        if (address instanceof Inet6Address addr6) {
+            if (addr6.isLinkLocalAddress() || addr6.isSiteLocalAddress()) {
+                return true;
+            }
+
+            byte[] bytes = addr6.getAddress();
+            if (isIpv4MappedAddress(bytes)) {
+                String ipv4 =
+                        (bytes[12] & 0xff)
+                                + "."
+                                + (bytes[13] & 0xff)
+                                + "."
+                                + (bytes[14] & 0xff)
+                                + "."
+                                + (bytes[15] & 0xff);
+                return isPrivateIPv4Range(ipv4);
+            }
+
+            int firstByte = bytes[0] & 0xff;
+            // Check for IPv6 unique local addresses (fc00::/7)
+            if ((firstByte & 0xfe) == 0xfc) {
+                return true;
+            }
+        }
+
+        return false;
+    }
+
+    private boolean isIpv4MappedAddress(byte[] addr) {
+        if (addr.length != 16) {
+            return false;
+        }
+        for (int i = 0; i < 10; i++) {
+            if (addr[i] != 0) {
+                return false;
+            }
+        }
+        // For IPv4-mapped IPv6 addresses, bytes 10 and 11 must be 0xff (i.e., address is ::ffff:w.x.y.z)
+        return addr[10] == (byte) 0xff && addr[11] == (byte) 0xff;
+    }
+
+    private boolean isPrivateIPv4Range(String ip) {
+        // Includes RFC1918, loopback, link-local, and unspecified addresses
+        return ip.startsWith("10.")
+                || ip.startsWith("192.168.")
+                || (ip.startsWith("172.") && isInRange172(ip))
+                || ip.startsWith("169.254.")
+                || ip.startsWith("127.")
+                || "0.0.0.0".equals(ip);
+    }
+
+    private boolean isInRange172(String ip) {
+        String[] parts = ip.split("\\.");
+        if (parts.length >= 2) {
+            try {
+                int secondOctet = Integer.parseInt(parts[1]);
+                return secondOctet >= 16 && secondOctet <= 31;
+            } catch (NumberFormatException e) {
+            }
+        }
+        return false;
+    }
+
+    private boolean isCloudMetadataAddress(String ip) {
+        String normalizedIp = normalizeIpv4MappedAddress(ip);
+        // Cloud metadata endpoints for AWS, GCP, Azure, Oracle Cloud, and IBM Cloud
+        return normalizedIp.startsWith("169.254.169.254") // AWS/GCP/Azure
+                || normalizedIp.startsWith("fd00:ec2::254") // AWS IPv6
+                || normalizedIp.startsWith("169.254.169.253") // Oracle Cloud
+                || normalizedIp.startsWith("169.254.169.250"); // IBM Cloud
+    }
+
+    private String normalizeIpv4MappedAddress(String ip) {
+        if (ip == null) {
+            return "";
+        }
+        if (ip.startsWith("::ffff:")) {
+            return ip.substring(7);
+        }
+        int lastColon = ip.lastIndexOf(':');
+        if (lastColon >= 0 && ip.indexOf('.') > lastColon) {
+            return ip.substring(lastColon + 1);
+        }
+        return ip;
+    }
+}
--- a/app/common/src/main/java/stirling/software/common/service/TaskManager.java
+++ b/app/common/src/main/java/stirling/software/common/service/TaskManager.java
@ -1,15 +1,26 @@
 package stirling.software.common.service;

+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
 import java.time.LocalDateTime;
 import java.time.temporal.ChronoUnit;
+import java.util.ArrayList;
+import java.util.List;
 import java.util.Map;
 import java.util.concurrent.ConcurrentHashMap;
 import java.util.concurrent.Executors;
 import java.util.concurrent.ScheduledExecutorService;
 import java.util.concurrent.TimeUnit;
+import java.util.zip.ZipEntry;
+import java.util.zip.ZipInputStream;

 import org.springframework.beans.factory.annotation.Value;
+import org.springframework.http.MediaType;
 import org.springframework.stereotype.Service;
+import org.springframework.web.multipart.MultipartFile;
+
+import io.github.pixee.security.ZipSecurity;

 import jakarta.annotation.PreDestroy;

@ -17,6 +28,7 @@ import lombok.extern.slf4j.Slf4j;

 import stirling.software.common.model.job.JobResult;
 import stirling.software.common.model.job.JobStats;
+import stirling.software.common.model.job.ResultFile;

 /** Manages async tasks and their results */
@Service
@ -80,8 +92,53 @@ public class TaskManager {
    public void setFileResult(
            String jobId, String fileId, String originalFileName, String contentType) {
        JobResult jobResult = getOrCreateJobResult(jobId);
-        jobResult.completeWithFile(fileId, originalFileName, contentType);
-        log.debug("Set file result for job ID: {} with file ID: {}", jobId, fileId);
+
+        // Check if this is a ZIP file that should be extracted
+        if (isZipFile(contentType, originalFileName)) {
+            try {
+                List<ResultFile> extractedFiles =
+                        extractZipToIndividualFiles(fileId, originalFileName);
+                if (!extractedFiles.isEmpty()) {
+                    jobResult.completeWithFiles(extractedFiles);
+                    log.debug(
+                            "Set multiple file results for job ID: {} with {} files extracted from ZIP",
+                            jobId,
+                            extractedFiles.size());
+                    return;
+                }
+            } catch (Exception e) {
+                log.warn(
+                        "Failed to extract ZIP file for job {}: {}. Falling back to single file result.",
+                        jobId,
+                        e.getMessage());
+            }
+        }
+
+        // Handle as single file using new ResultFile approach
+        try {
+            long fileSize = fileStorage.getFileSize(fileId);
+            jobResult.completeWithSingleFile(fileId, originalFileName, contentType, fileSize);
+            log.debug("Set single file result for job ID: {} with file ID: {}", jobId, fileId);
+        } catch (Exception e) {
+            log.warn(
+                    "Failed to get file size for job {}: {}. Using size 0.", jobId, e.getMessage());
+            jobResult.completeWithSingleFile(fileId, originalFileName, contentType, 0);
+        }
+    }
+
+    /**
+     * Set the result of a task as multiple files
+     *
+     * @param jobId The job ID
+     * @param resultFiles The list of result files
+     */
+    public void setMultipleFileResults(String jobId, List<ResultFile> resultFiles) {
+        JobResult jobResult = getOrCreateJobResult(jobId);
+        jobResult.completeWithFiles(resultFiles);
+        log.debug(
+                "Set multiple file results for job ID: {} with {} files",
+                jobId,
+                resultFiles.size());
    }

    /**
@ -104,7 +161,7 @@ public class TaskManager {
    public void setComplete(String jobId) {
        JobResult jobResult = getOrCreateJobResult(jobId);
        if (jobResult.getResult() == null
-                && jobResult.getFileId() == null
+                && !jobResult.hasFiles()
                && jobResult.getError() == null) {
            // If no result or error has been set, mark it as complete with an empty result
            jobResult.completeWithResult("Task completed successfully");
@ -186,7 +243,7 @@ public class TaskManager {
                    failedJobs++;
                } else {
                    successfulJobs++;
-                    if (result.getFileId() != null) {
+                    if (result.hasFiles()) {
                        fileResultJobs++;
                    }
                }
@ -250,17 +307,8 @@ public class TaskManager {
                        && result.getCompletedAt() != null
                        && result.getCompletedAt().isBefore(expiryThreshold)) {

-                    // If the job has a file result, delete the file
-                    if (result.getFileId() != null) {
-                        try {
-                            fileStorage.deleteFile(result.getFileId());
-                        } catch (Exception e) {
-                            log.warn(
-                                    "Failed to delete file for job {}: {}",
-                                    entry.getKey(),
-                                    e.getMessage());
-                        }
-                    }
+                    // Clean up file results
+                    cleanupJobFiles(result, entry.getKey());

                    // Remove the job result
                    jobResults.remove(entry.getKey());
@ -290,4 +338,129 @@ public class TaskManager {
            cleanupExecutor.shutdownNow();
        }
    }
+
+    /** Check if a file is a ZIP file based on content type and filename */
+    private boolean isZipFile(String contentType, String fileName) {
+        if (contentType != null
+                && (contentType.equals("application/zip")
+                        || contentType.equals("application/x-zip-compressed"))) {
+            return true;
+        }
+
+        if (fileName != null && fileName.toLowerCase().endsWith(".zip")) {
+            return true;
+        }
+
+        return false;
+    }
+
+    /** Extract a ZIP file into individual files and store them */
+    private List<ResultFile> extractZipToIndividualFiles(
+            String zipFileId, String originalZipFileName) throws IOException {
+        List<ResultFile> extractedFiles = new ArrayList<>();
+
+        MultipartFile zipFile = fileStorage.retrieveFile(zipFileId);
+
+        try (ZipInputStream zipIn =
+                ZipSecurity.createHardenedInputStream(
+                        new ByteArrayInputStream(zipFile.getBytes()))) {
+            ZipEntry entry;
+            while ((entry = zipIn.getNextEntry()) != null) {
+                if (!entry.isDirectory()) {
+                    // Use buffered reading for memory safety
+                    ByteArrayOutputStream out = new ByteArrayOutputStream();
+                    byte[] buffer = new byte[4096];
+                    int bytesRead;
+                    while ((bytesRead = zipIn.read(buffer)) != -1) {
+                        out.write(buffer, 0, bytesRead);
+                    }
+                    byte[] fileContent = out.toByteArray();
+
+                    String contentType = determineContentType(entry.getName());
+                    String individualFileId = fileStorage.storeBytes(fileContent, entry.getName());
+
+                    ResultFile resultFile =
+                            ResultFile.builder()
+                                    .fileId(individualFileId)
+                                    .fileName(entry.getName())
+                                    .contentType(contentType)
+                                    .fileSize(fileContent.length)
+                                    .build();
+
+                    extractedFiles.add(resultFile);
+                    log.debug(
+                            "Extracted file: {} (size: {} bytes)",
+                            entry.getName(),
+                            fileContent.length);
+                }
+                zipIn.closeEntry();
+            }
+        }
+
+        // Clean up the original ZIP file after extraction
+        try {
+            fileStorage.deleteFile(zipFileId);
+            log.debug("Cleaned up original ZIP file: {}", zipFileId);
+        } catch (Exception e) {
+            log.warn("Failed to clean up original ZIP file {}: {}", zipFileId, e.getMessage());
+        }
+
+        return extractedFiles;
+    }
+
+    /** Determine content type based on file extension */
+    private String determineContentType(String fileName) {
+        if (fileName == null) {
+            return MediaType.APPLICATION_OCTET_STREAM_VALUE;
+        }
+
+        String lowerName = fileName.toLowerCase();
+        if (lowerName.endsWith(".pdf")) {
+            return MediaType.APPLICATION_PDF_VALUE;
+        } else if (lowerName.endsWith(".txt")) {
+            return MediaType.TEXT_PLAIN_VALUE;
+        } else if (lowerName.endsWith(".json")) {
+            return MediaType.APPLICATION_JSON_VALUE;
+        } else if (lowerName.endsWith(".xml")) {
+            return MediaType.APPLICATION_XML_VALUE;
+        } else if (lowerName.endsWith(".jpg") || lowerName.endsWith(".jpeg")) {
+            return MediaType.IMAGE_JPEG_VALUE;
+        } else if (lowerName.endsWith(".png")) {
+            return MediaType.IMAGE_PNG_VALUE;
+        } else {
+            return MediaType.APPLICATION_OCTET_STREAM_VALUE;
+        }
+    }
+
+    /** Clean up files associated with a job result */
+    private void cleanupJobFiles(JobResult result, String jobId) {
+        // Clean up all result files
+        if (result.hasFiles()) {
+            for (ResultFile resultFile : result.getAllResultFiles()) {
+                try {
+                    fileStorage.deleteFile(resultFile.getFileId());
+                } catch (Exception e) {
+                    log.warn(
+                            "Failed to delete file {} for job {}: {}",
+                            resultFile.getFileId(),
+                            jobId,
+                            e.getMessage());
+                }
+            }
+        }
+    }
+
+    /** Find the ResultFile metadata for a given file ID by searching through all job results */
+    public ResultFile findResultFileByFileId(String fileId) {
+        for (JobResult jobResult : jobResults.values()) {
+            if (jobResult.hasFiles()) {
+                for (ResultFile resultFile : jobResult.getAllResultFiles()) {
+                    if (fileId.equals(resultFile.getFileId())) {
+                        return resultFile;
+                    }
+                }
+            }
+        }
+        return null;
+    }
 }
--- a/app/common/src/main/java/stirling/software/common/service/TempFileCleanupService.java
+++ b/app/common/src/main/java/stirling/software/common/service/TempFileCleanupService.java
--- a/app/common/src/main/java/stirling/software/common/service/UserServiceInterface.java
+++ b/app/common/src/main/java/stirling/software/common/service/UserServiceInterface.java
--- a/app/common/src/main/java/stirling/software/common/util/ApplicationContextProvider.java
+++ b/app/common/src/main/java/stirling/software/common/util/ApplicationContextProvider.java
--- a/app/common/src/main/java/stirling/software/common/util/AttachmentUtils.java
+++ b/app/common/src/main/java/stirling/software/common/util/AttachmentUtils.java
--- a/Show More
+++ b/Show More