fix regex

override
fix excalidraw package
2026-05-08 23:33:09 +08:00 · 2026-03-25 09:47:49 +00:00 · 2026-03-24 22:16:01 +00:00 · 2026-03-24 21:50:13 +00:00 · 2026-03-24 21:46:34 +00:00 · 2026-03-24 11:50:07 +00:00
78 changed files with 212 additions and 1739 deletions
@@ -442,9 +442,6 @@
  "Prevent members from sharing pages publicly.": "Prevent members from sharing pages publicly.",
  "Toggle public sharing": "Toggle public sharing",
  "Toggle space public sharing": "Toggle space public sharing",
-  "Allow viewers to comment": "Allow viewers to comment",
-  "Allow viewers to add comments on pages in this space.": "Allow viewers to add comments on pages in this space.",
-  "Toggle viewer comments": "Toggle viewer comments",
  "Public sharing is disabled at the workspace level": "Public sharing is disabled at the workspace level",
  "Prevent pages in this space from being shared publicly.": "Prevent pages in this space from being shared publicly.",
  "Page permissions": "Page permissions",
@@ -711,20 +708,5 @@
  "Resend verification email": "Resend verification email",
  "Verification email sent. Please check your inbox.": "Verification email sent. Please check your inbox.",
  "Failed to resend verification email. Please try again.": "Failed to resend verification email. Please try again.",
-  "We've sent you an email with your associated workspaces.": "We've sent you an email with your associated workspaces.",
-  "Load more": "Load more",
-  "Log out of all devices": "Log out of all devices",
-  "Log out of all sessions except this device": "Log out of all sessions except this device",
-  "This Device": "This Device",
-  "Unknown device": "Unknown device",
-  "No active sessions": "No active sessions",
-  "Session revoked": "Session revoked",
-  "All other sessions revoked": "All other sessions revoked",
-  "Last used": "Last used",
-  "Created": "Created",
-  "Rename": "Rename",
-  "Publish": "Publish",
-  "Security": "Security",
-  "Enforce SSO": "Enforce SSO",
-  "Once enforced, members will not be able to login with email and password.": "Once enforced, members will not be able to login with email and password."
+  "We've sent you an email with your associated workspaces.": "We've sent you an email with your associated workspaces."
 }
@@ -21,7 +21,6 @@ import { useTranslation } from "react-i18next";
 import JoinedWorkspaces from "@/ee/components/joined-workspaces.tsx";
 import { useJoinedWorkspacesQuery } from "@/ee/cloud/query/cloud-query.ts";
 import { findWorkspacesByEmail } from "@/ee/cloud/service/cloud-service.ts";
-import { AuthLayout } from "@/features/auth/components/auth-layout.tsx";

 const formSchema = z.object({
  hostname: z.string().min(1, { message: "subdomain is required" }),
@@ -83,7 +82,7 @@ export function CloudLoginForm() {
  }

  return (
-    <AuthLayout>
+    <div>
      <Container size={420} className={classes.container}>
        <Box p="xl" className={classes.containerBox}>
          <Title order={2} ta="center" fw={500} mb="md">
@@ -146,12 +145,12 @@ export function CloudLoginForm() {
        </Box>
      </Container>

-      <Text ta="center" mb="xl">
+      <Text ta="center">
        {t("Don't have a workspace?")}{" "}
        <Anchor component={Link} to={APP_ROUTE.AUTH.CREATE_WORKSPACE} fw={500}>
          {t("Create new workspace")}
        </Anchor>
      </Text>
-    </AuthLayout>
+    </div>
  );
 }
@@ -16,5 +16,4 @@ export const Feature = {
  AUDIT_LOGS: 'audit:logs',
  RETENTION: 'retention',
  SHARING_CONTROLS: 'sharing:controls',
-  VIEWER_COMMENTS: 'comment:viewer',
 } as const;
@@ -1,6 +1,6 @@
 import { z } from "zod/v4";
-import React, { useRef } from "react";
-import { Button, Divider, Group, Modal, Stack, Textarea } from "@mantine/core";
+import React from "react";
+import { Button, Group, Modal, Textarea } from "@mantine/core";
 import { useForm } from "@mantine/form";
 import { zod4Resolver } from "mantine-form-zod-resolver";
 import { useTranslation } from "react-i18next";
@@ -49,7 +49,6 @@ interface ActivateLicenseFormProps {
 export function ActivateLicenseForm({ onClose }: ActivateLicenseFormProps) {
  const { t } = useTranslation();
  const activateLicenseMutation = useActivateMutation();
-  const fileInputRef = useRef<HTMLInputElement>(null);

  const form = useForm<FormValues>({
    validate: zod4Resolver(formSchema),
@@ -64,68 +63,29 @@ export function ActivateLicenseForm({ onClose }: ActivateLicenseFormProps) {
    onClose?.();
  }

-  function handleFileUpload(event: React.ChangeEvent<HTMLInputElement>) {
-    const file = event.target.files?.[0];
-    if (!file) return;
-
-    const reader = new FileReader();
-    reader.onload = (e) => {
-      const content = (e.target?.result as string)?.trim();
-      if (content) {
-        form.setFieldValue("licenseKey", content);
-        handleSubmit({ licenseKey: content });
-      }
-    };
-    reader.readAsText(file);
-
-    if (fileInputRef.current) {
-      fileInputRef.current.value = "";
-    }
-  }
-
  return (
    <form onSubmit={form.onSubmit(handleSubmit)}>
-      <input
-        type="file"
-        accept=".txt"
-        ref={fileInputRef}
-        onChange={handleFileUpload}
-        hidden
+      <Textarea
+        label={t("License key")}
+        description="Enter a valid enterprise license key. Contact sales@docmost.com to purchase one."
+        placeholder={t("e.g eyJhb.....")}
+        variant="filled"
+        autosize
+        minRows={3}
+        maxRows={5}
+        data-autofocus
+        {...form.getInputProps("licenseKey")}
      />

-      <Stack gap="xs">
-        <Textarea
-          label={t("License key")}
-          placeholder={t("e.g eyJhb.....")}
-          variant="filled"
-          autosize
-          minRows={3}
-          maxRows={5}
-          data-autofocus
-          {...form.getInputProps("licenseKey")}
-        />
-
-        <Group justify="flex-end">
-          <Button
-            type="submit"
-            disabled={activateLicenseMutation.isPending}
-            loading={activateLicenseMutation.isPending}
-          >
-            {t("Save")}
-          </Button>
-        </Group>
-
-        <Divider label={t("Or")} labelPosition="center" />
-
-        <Group justify="center">
-          <Button
-            variant="light"
-            onClick={() => fileInputRef.current?.click()}
-          >
-            {t("Upload license file")}
-          </Button>
-        </Group>
-      </Stack>
+      <Group justify="flex-end" mt="md">
+        <Button
+          type="submit"
+          disabled={activateLicenseMutation.isPending}
+          loading={activateLicenseMutation.isPending}
+        >
+          {t("Save")}
+        </Button>
+      </Group>
    </form>
  );
 }
@@ -68,11 +68,7 @@ export default function OssDetails() {
        </List>

        <Text size="sm" c="dimmed">
-          Get an enterprise trial key at <a href="https://customers.docmost.com/" target="_blank" rel="noopener noreferrer">customers.docmost.com</a>.
-        </Text>
-
-        <Text size="sm" c="dimmed">
-          Visit <a href="https://docmost.com/pricing" target="_blank" rel="noopener noreferrer">docmost.com/pricing</a> to purchase an enterprise license.
+          Contact <a href="mailto:sales@docmost.com?subject=Enterprise%20License%20Inquiry">sales@docmost.com </a> to purchase an enterprise license.
        </Text>
      </Stack>
    </Stack>
@@ -22,7 +22,6 @@ import APP_ROUTE, { getPostLoginRedirect } from "@/lib/app-route";
 import { useTranslation } from "react-i18next";
 import { z } from "zod/v4";
 import { MfaBackupCodeInput } from "./mfa-backup-code-input";
-import { AuthLayout } from "@/features/auth/components/auth-layout.tsx";

 const formSchema = z.object({
  code: z
@@ -67,7 +66,6 @@ export function MfaChallenge() {
  };

  return (
-    <AuthLayout>
    <Container size={420} className={classes.container}>
      <Paper radius="lg" p={40} className={classes.paper}>
        <Stack align="center" gap="xl">
@@ -159,6 +157,5 @@ export function MfaChallenge() {
        </Stack>
      </Paper>
    </Container>
-    </AuthLayout>
  );
 }
@@ -5,7 +5,6 @@ import { useTranslation } from "react-i18next";
 import { MfaSetupModal } from "@/ee/mfa";
 import APP_ROUTE, { getPostLoginRedirect } from "@/lib/app-route.ts";
 import { useNavigate } from "react-router-dom";
-import { AuthLayout } from "@/features/auth/components/auth-layout.tsx";

 export default function MfaSetupRequired() {
  const { t } = useTranslation();
@@ -16,7 +15,6 @@ export default function MfaSetupRequired() {
  };

  return (
-    <AuthLayout>
    <Container size="sm" py="xl">
      <Paper shadow="sm" p="xl" radius="md" withBorder>
        <Stack>
@@ -46,6 +44,5 @@ export default function MfaSetupRequired() {
        </Stack>
      </Paper>
    </Container>
-    </AuthLayout>
  );
 }
@@ -9,7 +9,6 @@ import {
 import { notifications } from "@mantine/notifications";
 import APP_ROUTE from "@/lib/app-route.ts";
 import { useTranslation } from "react-i18next";
-import { AuthLayout } from "@/features/auth/components/auth-layout.tsx";

 export default function VerifyEmail() {
  const { t } = useTranslation();
@@ -60,23 +59,20 @@ export default function VerifyEmail() {

  if (token) {
    return (
-      <AuthLayout>
-        <Container size={420} className={classes.container}>
-          <Box p="xl" className={classes.containerBox}>
-            <Title order={2} ta="center" fw={500} mb="md">
-              {t("Verifying your email")}
-            </Title>
-            <Text ta="center" c="dimmed">
-              {t("Please wait...")}
-            </Text>
-          </Box>
-        </Container>
-      </AuthLayout>
+      <Container size={420} className={classes.container}>
+        <Box p="xl" className={classes.containerBox}>
+          <Title order={2} ta="center" fw={500} mb="md">
+            {t("Verifying your email")}
+          </Title>
+          <Text ta="center" c="dimmed">
+            {t("Please wait...")}
+          </Text>
+        </Box>
+      </Container>
    );
  }

  return (
-    <AuthLayout>
    <Container size={420} className={classes.container}>
      <Box p="xl" className={classes.containerBox}>
        <Title order={2} ta="center" fw={500} mb="md">
@@ -107,6 +103,5 @@ export default function VerifyEmail() {
        )}
      </Box>
    </Container>
-    </AuthLayout>
  );
 }
@@ -1,61 +0,0 @@
-import { Group, Text, Switch, Tooltip } from "@mantine/core";
-import React, { useState } from "react";
-import { useTranslation } from "react-i18next";
-import { ISpace } from "@/features/space/types/space.types.ts";
-import { useUpdateSpaceMutation } from "@/features/space/queries/space-query.ts";
-import { useHasFeature } from "@/ee/hooks/use-feature.ts";
-import { Feature } from "@/ee/features.ts";
-import { useUpgradeLabel } from "@/ee/hooks/use-upgrade-label.ts";
-
-type SpaceViewerCommentsToggleProps = {
-  space: ISpace;
-};
-
-export default function SpaceViewerCommentsToggle({
-  space,
-}: SpaceViewerCommentsToggleProps) {
-  const { t } = useTranslation();
-  const hasViewerComments = useHasFeature(Feature.VIEWER_COMMENTS);
-  const upgradeLabel = useUpgradeLabel();
-  const isDisabled = !hasViewerComments;
-  const [checked, setChecked] = useState(
-    space.settings?.comments?.allowViewerComments === true,
-  );
-  const updateSpaceMutation = useUpdateSpaceMutation();
-
-  const handleChange = async (event: React.ChangeEvent<HTMLInputElement>) => {
-    const value = event.currentTarget.checked;
-    try {
-      await updateSpaceMutation.mutateAsync({
-        spaceId: space.id,
-        allowViewerComments: value,
-      });
-      setChecked(value);
-    } catch {
-      // error handled by mutation
-    }
-  };
-
-  return (
-    <Group justify="space-between" wrap="nowrap" gap="xl">
-      <div>
-        <Text size="md">{t("Allow viewers to comment")}</Text>
-        <Text size="sm" c="dimmed">
-          {t("Allow viewers to add comments on pages in this space.")}
-        </Text>
-      </div>
-      <Tooltip
-        label={upgradeLabel}
-        disabled={!isDisabled}
-        refProp="rootRef"
-      >
-        <Switch
-          checked={checked}
-          onChange={handleChange}
-          disabled={isDisabled}
-          aria-label={t("Toggle viewer comments")}
-        />
-      </Tooltip>
-    </Group>
-  );
-}
@@ -1,26 +0,0 @@
-import React from "react";
-import { Group, Text } from "@mantine/core";
-import classes from "./auth.module.css";
-
-type AuthLayoutProps = {
-  children: React.ReactNode;
-};
-
-export function AuthLayout({ children }: AuthLayoutProps) {
-  return (
-    <>
-      <Group justify="center" gap={8} className={classes.logo}>
-        <img
-          src="/icons/favicon-32x32.png"
-          alt="Docmost"
-          width={22}
-          height={22}
-        />
-        <Text size="28px" fw={700} style={{ userSelect: "none" }}>
-          Docmost
-        </Text>
-      </Group>
-      {children}
-    </>
-  );
-}
@@ -1,20 +1,12 @@
-.logo {
-    margin-top: 80px;
-
-    @media (max-width: $mantine-breakpoint-sm) {
-        margin-top: 30px;
-    }
-}
-
 .container {
    box-shadow: rgba(0, 0, 0, 0.07) 0px 2px 45px 4px;
    border-radius: 4px;
    background: light-dark(var(--mantine-color-body), rgba(0, 0, 0, 0.1));
-    margin-top: 40px;
+    margin-top: 150px;
    margin-bottom: 20px;

    @media (max-width: $mantine-breakpoint-sm) {
-        margin-top: 20px;
+        margin-top: 50px;
        margin-bottom: 20px;
    }
 }
@@ -7,7 +7,6 @@ import { Box, Button, Container, Text, TextInput, Title } from "@mantine/core";
 import classes from "./auth.module.css";
 import { useRedirectIfAuthenticated } from "@/features/auth/hooks/use-redirect-if-authenticated.ts";
 import { useTranslation } from "react-i18next";
-import { AuthLayout } from "./auth-layout.tsx";

 const formSchema = z.object({
  email: z
@@ -36,7 +35,6 @@ export function ForgotPasswordForm() {
  }

  return (
-    <AuthLayout>
    <Container size={420} className={classes.container}>
      <Box p="xl" className={classes.containerBox}>
        <Title order={2} ta="center" fw={500} mb="md">
@@ -71,6 +69,5 @@ export function ForgotPasswordForm() {
        </form>
      </Box>
    </Container>
-    </AuthLayout>
  );
 }
@@ -19,7 +19,6 @@ import { useGetInvitationQuery } from "@/features/workspace/queries/workspace-qu
 import { useRedirectIfAuthenticated } from "@/features/auth/hooks/use-redirect-if-authenticated.ts";
 import { useTranslation } from "react-i18next";
 import SsoLogin from "@/ee/components/sso-login.tsx";
-import { AuthLayout } from "./auth-layout.tsx";

 const formSchema = z.object({
  name: z.string().trim().min(1),
@@ -67,7 +66,6 @@ export function InviteSignUpForm() {
  }

  return (
-    <AuthLayout>
    <Container size={420} className={classes.container}>
      <Box p="xl" className={classes.containerBox}>
        <Title order={2} ta="center" fw={500} mb="md">
@@ -113,6 +111,5 @@ export function InviteSignUpForm() {
        )}
      </Box>
    </Container>
-    </AuthLayout>
  );
 }
@@ -21,7 +21,6 @@ import SsoLogin from "@/ee/components/sso-login.tsx";
 import { useWorkspacePublicDataQuery } from "@/features/workspace/queries/workspace-query.ts";
 import { Error404 } from "@/components/ui/error-404.tsx";
 import React from "react";
-import { AuthLayout } from "./auth-layout.tsx";

 const formSchema = z.object({
  email: z
@@ -63,54 +62,52 @@ export function LoginForm() {
  }

  return (
-    <AuthLayout>
-      <Container size={420} className={classes.container}>
-        <Box p="xl" className={classes.containerBox}>
-          <Title order={2} ta="center" fw={500} mb="md">
-            {t("Login")}
-          </Title>
+    <Container size={420} className={classes.container}>
+      <Box p="xl" className={classes.containerBox}>
+        <Title order={2} ta="center" fw={500} mb="md">
+          {t("Login")}
+        </Title>

-          <SsoLogin />
+        <SsoLogin />

-          {!data?.enforceSso && (
-            <>
-              <form onSubmit={form.onSubmit(onSubmit)}>
-                <TextInput
-                  id="email"
-                  type="email"
-                  label={t("Email")}
-                  placeholder="email@example.com"
-                  variant="filled"
-                  {...form.getInputProps("email")}
-                />
+        {!data?.enforceSso && (
+          <>
+            <form onSubmit={form.onSubmit(onSubmit)}>
+              <TextInput
+                id="email"
+                type="email"
+                label={t("Email")}
+                placeholder="email@example.com"
+                variant="filled"
+                {...form.getInputProps("email")}
+              />

-                <PasswordInput
-                  label={t("Password")}
-                  placeholder={t("Your password")}
-                  variant="filled"
-                  mt="md"
-                  {...form.getInputProps("password")}
-                />
+              <PasswordInput
+                label={t("Password")}
+                placeholder={t("Your password")}
+                variant="filled"
+                mt="md"
+                {...form.getInputProps("password")}
+              />

-                <Group justify="flex-end" mt="sm">
-                  <Anchor
-                    to={APP_ROUTE.AUTH.FORGOT_PASSWORD}
-                    component={Link}
-                    underline="never"
-                    size="sm"
-                  >
-                    {t("Forgot your password?")}
-                  </Anchor>
-                </Group>
+              <Group justify="flex-end" mt="sm">
+                <Anchor
+                  to={APP_ROUTE.AUTH.FORGOT_PASSWORD}
+                  component={Link}
+                  underline="never"
+                  size="sm"
+                >
+                  {t("Forgot your password?")}
+                </Anchor>
+              </Group>

-                <Button type="submit" fullWidth mt="md" loading={isLoading}>
-                  {t("Sign In")}
-                </Button>
-              </form>
-            </>
-          )}
-        </Box>
-      </Container>
-    </AuthLayout>
+              <Button type="submit" fullWidth mt="md" loading={isLoading}>
+                {t("Sign In")}
+              </Button>
+            </form>
+          </>
+        )}
+      </Box>
+    </Container>
  );
 }
@@ -6,7 +6,6 @@ import { Box, Button, Container, PasswordInput, Title } from "@mantine/core";
 import classes from "./auth.module.css";
 import { useRedirectIfAuthenticated } from "@/features/auth/hooks/use-redirect-if-authenticated.ts";
 import { useTranslation } from "react-i18next";
-import { AuthLayout } from "./auth-layout.tsx";

 const formSchema = z.object({
  newPassword: z
@@ -39,7 +38,6 @@ export function PasswordResetForm({ resetToken }: PasswordResetFormProps) {
  }

  return (
-    <AuthLayout>
    <Container size={420} className={classes.container}>
      <Box p="xl" className={classes.containerBox}>
        <Title order={2} ta="center" fw={500} mb="md">
@@ -61,6 +59,5 @@ export function PasswordResetForm({ resetToken }: PasswordResetFormProps) {
        </form>
      </Box>
    </Container>
-    </AuthLayout>
  );
 }
@@ -19,7 +19,6 @@ import SsoCloudSignup from "@/ee/components/sso-cloud-signup.tsx";
 import { isCloud } from "@/lib/config.ts";
 import { Link } from "react-router-dom";
 import APP_ROUTE from "@/lib/app-route.ts";
-import { AuthLayout } from "./auth-layout.tsx";

 const formSchema = z.object({
  workspaceName: z.string().trim().max(50).optional(),
@@ -51,7 +50,7 @@ export function SetupWorkspaceForm() {
  }

  return (
-    <AuthLayout>
+    <div>
      <Container size={420} className={classes.container}>
        <Box p="xl" className={classes.containerBox}>
          <Title order={2} ta="center" fw={500} mb="md">
@@ -118,6 +117,6 @@ export function SetupWorkspaceForm() {
          </Anchor>
        </Text>
      )}
-    </AuthLayout>
+    </div>
  );
 }
@@ -3,15 +3,3 @@ import { atom } from 'jotai';
 export const showCommentPopupAtom = atom<boolean>(false);
 export const activeCommentIdAtom = atom<string>('');
 export const draftCommentIdAtom = atom<string>('');
-
-// Read-only comment state
-export const showReadOnlyCommentPopupAtom = atom<boolean>(false);
-export type YjsSelection = {
-  anchor: any;
-  head: any;
-};
-export type ReadOnlyCommentData = {
-  yjsSelection: YjsSelection;
-  selectedText: string;
-};
-export const readOnlyCommentDataAtom = atom<ReadOnlyCommentData | null>(null);
@@ -6,8 +6,6 @@ import {
  activeCommentIdAtom,
  draftCommentIdAtom,
  showCommentPopupAtom,
-  showReadOnlyCommentPopupAtom,
-  readOnlyCommentDataAtom,
 } from "@/features/comment/atoms/comment-atom";
 import CommentEditor from "@/features/comment/components/comment-editor";
 import CommentActions from "@/features/comment/components/comment-actions";
@@ -21,15 +19,12 @@ import { useTranslation } from "react-i18next";
 interface CommentDialogProps {
  editor: ReturnType<typeof useEditor>;
  pageId: string;
-  readOnly?: boolean;
 }

-function CommentDialog({ editor, pageId, readOnly }: CommentDialogProps) {
+function CommentDialog({ editor, pageId }: CommentDialogProps) {
  const { t } = useTranslation();
  const [comment, setComment] = useState("");
  const [, setShowCommentPopup] = useAtom(showCommentPopupAtom);
-  const [, setShowReadOnlyCommentPopup] = useAtom(showReadOnlyCommentPopupAtom);
-  const [readOnlyCommentData, setReadOnlyCommentData] = useAtom(readOnlyCommentDataAtom);
  const [, setActiveCommentId] = useAtom(activeCommentIdAtom);
  const [draftCommentId, setDraftCommentId] = useAtom(draftCommentIdAtom);
  const [currentUser] = useAtom(currentUserAtom);
@@ -39,17 +34,11 @@ function CommentDialog({ editor, pageId, readOnly }: CommentDialogProps) {
    handleDialogClose();
  });
  const createCommentMutation = useCreateCommentMutation();
-  const isPending = createCommentMutation.isPending;
+  const { isPending } = createCommentMutation;

  const handleDialogClose = () => {
-    if (readOnly) {
-      setShowReadOnlyCommentPopup(false);
-      // @ts-ignore
-      setReadOnlyCommentData(null);
-    } else {
-      setShowCommentPopup(false);
-      editor.chain().focus().unsetCommentDecoration().run();
-    }
+    setShowCommentPopup(false);
+    editor.chain().focus().unsetCommentDecoration().run();
  };

  const getSelectedText = () => {
@@ -58,11 +47,6 @@ function CommentDialog({ editor, pageId, readOnly }: CommentDialogProps) {
  };

  const handleAddComment = async () => {
-    if (readOnly) {
-      await handleAddReadOnlyComment();
-      return;
-    }
-
    try {
      const selectedText = getSelectedText();
      const commentData = {
@@ -81,6 +65,7 @@ function CommentDialog({ editor, pageId, readOnly }: CommentDialogProps) {
        .run();
      setActiveCommentId(createdComment.id);

+      //unselect text to close bubble menu
      editor.commands.setTextSelection({ from: editor.view.state.selection.from, to: editor.view.state.selection.from });

      setAsideState({ tab: "comments", isAsideOpen: true });
@@ -100,33 +85,6 @@ function CommentDialog({ editor, pageId, readOnly }: CommentDialogProps) {
    }
  };

-  const handleAddReadOnlyComment = async () => {
-    if (!readOnlyCommentData) return;
-
-    try {
-      const createdComment = await createCommentMutation.mutateAsync({
-        pageId,
-        content: JSON.stringify(comment),
-        selection: readOnlyCommentData.selectedText,
-        type: "inline",
-        yjsSelection: readOnlyCommentData.yjsSelection,
-      });
-
-      setActiveCommentId(createdComment.id);
-      setAsideState({ tab: "comments", isAsideOpen: true });
-
-      setTimeout(() => {
-        const selector = `div[data-comment-id="${createdComment.id}"]`;
-        const commentElement = document.querySelector(selector);
-        commentElement?.scrollIntoView({ behavior: "smooth", block: "center" });
-      }, 400);
-    } finally {
-      setShowReadOnlyCommentPopup(false);
-      // @ts-ignore
-      setReadOnlyCommentData(null);
-    }
-  };
-
  const handleCommentEditorChange = (newContent: any) => {
    setComment(newContent);
  };
@@ -44,9 +44,7 @@ function CommentListWithTabs() {
  const [isLoading, setIsLoading] = useState(false);
  const { data: space } = useGetSpaceBySlugQuery(page?.space?.slug);

-  const canComment =
-    (page?.permissions?.canEdit ?? false) ||
-    (space?.settings?.comments?.allowViewerComments === true);
+  const canComment = page?.permissions?.canEdit ?? false;

  // Separate active and resolved comments
  const { activeComments, resolvedComments } = useMemo(() => {
@@ -155,7 +153,7 @@ function CommentListWithTabs() {
        )}
      </Paper>
    ),
-    [comments, handleAddReply, isLoading, space?.membership?.role, canComment],
+    [comments, handleAddReply, isLoading, space?.membership?.role],
  );

  if (isCommentsLoading) {
@@ -75,7 +75,7 @@ function CommentMenu({
              {isResolved ? t("Re-open comment") : t("Resolve comment")}
            </Menu.Item>
          ) : (
-            <Tooltip label={upgradeLabel} position="left" withPortal={false}>
+            <Tooltip label={upgradeLabel} position="left">
              <Menu.Item disabled leftSection={<IconCircleCheck size={14} />}>
                {t("Resolve comment")}
              </Menu.Item>
@@ -17,10 +17,6 @@ export interface IComment {
  deletedAt?: Date;
  creator: IUser;
  resolvedBy?: IUser;
-  yjsSelection?: {
-    anchor: any;
-    head: any;
-  };
 }

 export interface ICommentData {
@@ -1,159 +0,0 @@
-import type { Editor } from "@tiptap/react";
-import { TextSelection } from "@tiptap/pm/state";
-import { FC, useCallback, useEffect, useRef, useState } from "react";
-import { IconMessage } from "@tabler/icons-react";
-import classes from "./bubble-menu.module.css";
-import { ActionIcon, Tooltip } from "@mantine/core";
-import { useAtom } from "jotai";
-import {
-  showReadOnlyCommentPopupAtom,
-  readOnlyCommentDataAtom,
-} from "@/features/comment/atoms/comment-atom";
-import { useTranslation } from "react-i18next";
-import { getRelativeSelection, ySyncPluginKey } from "@tiptap/y-tiptap";
-
-type ReadonlyBubbleMenuProps = {
-  editor: Editor;
-};
-
-export const ReadonlyBubbleMenu: FC<ReadonlyBubbleMenuProps> = ({ editor }) => {
-  const { t } = useTranslation();
-  const [showReadOnlyCommentPopup, setShowReadOnlyCommentPopup] = useAtom(
-    showReadOnlyCommentPopupAtom,
-  );
-  const [, setReadOnlyCommentData] = useAtom(readOnlyCommentDataAtom);
-  const menuRef = useRef<HTMLDivElement>(null);
-  const [visible, setVisible] = useState(false);
-  const [position, setPosition] = useState({ top: 0, left: 0 });
-  const isInteractingRef = useRef(false);
-
-  const updateMenuPosition = useCallback(() => {
-    if (isInteractingRef.current) return;
-
-    const pmSelection = editor.state.selection;
-    if (!(pmSelection instanceof TextSelection) || pmSelection.empty) {
-      setVisible(false);
-      return;
-    }
-
-    const selection = window.getSelection();
-    if (
-      !selection ||
-      selection.isCollapsed ||
-      selection.rangeCount === 0 ||
-      showReadOnlyCommentPopup
-    ) {
-      setVisible(false);
-      return;
-    }
-
-    const editorDom = editor.view.dom;
-    if (
-      !editorDom.contains(selection.anchorNode) ||
-      !editorDom.contains(selection.focusNode)
-    ) {
-      setVisible(false);
-      return;
-    }
-
-    const range = selection.getRangeAt(0);
-    const rect = range.getBoundingClientRect();
-
-    if (rect.width === 0) {
-      setVisible(false);
-      return;
-    }
-
-    const editorRect = editorDom
-      .closest(".editor-container")
-      ?.getBoundingClientRect();
-    if (!editorRect) {
-      setVisible(false);
-      return;
-    }
-
-    setPosition({
-      top: rect.top - editorRect.top - 44,
-      left: rect.left - editorRect.left + rect.width / 2,
-    });
-    setVisible(true);
-  }, [editor, showReadOnlyCommentPopup]);
-
-  useEffect(() => {
-    const handleSelectionChange = () => {
-      updateMenuPosition();
-    };
-
-    document.addEventListener("selectionchange", handleSelectionChange);
-    return () => {
-      document.removeEventListener("selectionchange", handleSelectionChange);
-    };
-  }, [updateMenuPosition]);
-
-  useEffect(() => {
-    if (showReadOnlyCommentPopup) {
-      setVisible(false);
-    }
-  }, [showReadOnlyCommentPopup]);
-
-  const handleCommentClick = () => {
-    if (!editor) return;
-
-    const view = editor.view;
-    const ystate = ySyncPluginKey.getState(view.state);
-
-    if (ystate?.binding) {
-      const selection = getRelativeSelection(ystate.binding, view.state);
-      const { from, to } = editor.state.selection;
-      const selectedText = editor.state.doc.textBetween(from, to);
-
-      // @ts-ignore
-      setReadOnlyCommentData({
-        yjsSelection: {
-          anchor: selection.anchor,
-          head: selection.head,
-        },
-        selectedText,
-      });
-
-      setShowReadOnlyCommentPopup(true);
-      setVisible(false);
-    }
-  };
-
-  if (!visible) return null;
-
-  return (
-    <div
-      ref={menuRef}
-      style={{
-        position: "absolute",
-        top: position.top,
-        left: position.left,
-        transform: "translateX(-50%)",
-        zIndex: 199,
-      }}
-    >
-      <div className={classes.bubbleMenu}>
-        <Tooltip label={t("Comment")} withArrow withinPortal={false}>
-          <ActionIcon
-            variant="default"
-            size="lg"
-            radius="6px"
-            aria-label={t("Comment")}
-            style={{ border: "none" }}
-            onMouseDown={(e) => {
-              e.preventDefault();
-              e.stopPropagation();
-              isInteractingRef.current = true;
-              handleCommentClick();
-              isInteractingRef.current = false;
-            }}
-          >
-            <IconMessage size={16} stroke={2} />
-          </ActionIcon>
-        </Tooltip>
-      </div>
-    </div>
-  );
-};
@@ -16,7 +16,6 @@ export interface FullEditorProps {
  content: string;
  spaceSlug: string;
  editable: boolean;
-  canComment?: boolean;
 }

 export function FullEditor({
@@ -26,7 +25,6 @@ export function FullEditor({
  content,
  spaceSlug,
  editable,
-  canComment,
 }: FullEditorProps) {
  const [user] = useAtom(userAtom);
  const fullPageWidth = user.settings?.preferences?.fullPageWidth;
@@ -48,7 +46,6 @@ export function FullEditor({
        pageId={pageId}
        editable={editable}
        content={content}
-        canComment={canComment}
      />
    </Container>
  );
@@ -37,11 +37,9 @@ import { asideStateAtom } from "@/components/layouts/global/hooks/atoms/sidebar-
 import {
  activeCommentIdAtom,
  showCommentPopupAtom,
-  showReadOnlyCommentPopupAtom,
 } from "@/features/comment/atoms/comment-atom";
 import CommentDialog from "@/features/comment/components/comment-dialog";
 import { EditorBubbleMenu } from "@/features/editor/components/bubble-menu/bubble-menu";
-import { ReadonlyBubbleMenu } from "@/features/editor/components/bubble-menu/readonly-bubble-menu";
 import TableCellMenu from "@/features/editor/components/table/table-cell-menu.tsx";
 import TableMenu from "@/features/editor/components/table/table-menu.tsx";
 import ImageMenu from "@/features/editor/components/image/image-menu.tsx";
@@ -75,14 +73,12 @@ interface PageEditorProps {
  pageId: string;
  editable: boolean;
  content: any;
-  canComment?: boolean;
 }

 export default function PageEditor({
  pageId,
  editable,
  content,
-  canComment,
 }: PageEditorProps) {
  const collaborationURL = useCollaborationUrl();
  const isComponentMounted = useRef(false);
@@ -97,7 +93,6 @@ export default function PageEditor({
  const [, setAsideState] = useAtom(asideStateAtom);
  const [, setActiveCommentId] = useAtom(activeCommentIdAtom);
  const [showCommentPopup, setShowCommentPopup] = useAtom(showCommentPopupAtom);
-  const [showReadOnlyCommentPopup] = useAtom(showReadOnlyCommentPopupAtom);
  const [isLocalSynced, setIsLocalSynced] = useState(false);
  const [isRemoteSynced, setIsRemoteSynced] = useState(false);
  const [yjsConnectionStatus, setYjsConnectionStatus] = useAtom(
@@ -426,13 +421,7 @@ export default function PageEditor({
            <ColumnsMenu editor={editor} />
          </div>
        )}
-        {editor && !editorIsEditable && (editable || canComment) && providersRef.current && (
-          <ReadonlyBubbleMenu editor={editor} />
-        )}
        {showCommentPopup && <CommentDialog editor={editor} pageId={pageId} />}
-        {showReadOnlyCommentPopup && (
-          <CommentDialog editor={editor} pageId={pageId} readOnly />
-        )}
      </div>
      <div
        onClick={() => editor.commands.focus("end")}
@@ -1,165 +0,0 @@
-import { useState } from "react";
-import {
-  Button,
-  Divider,
-  Group,
-  Skeleton,
-  Stack,
-  Table,
-  Text,
-} from "@mantine/core";
-import { IconDevices } from "@tabler/icons-react";
-import { useTranslation } from "react-i18next";
-import {
-  useGetSessionsQuery,
-  useRevokeSessionMutation,
-  useRevokeAllSessionsMutation,
-} from "@/features/session/queries/session-query";
-import { formattedDate } from "@/lib/time";
-
-const PAGE_SIZE = 5;
-
-export default function SessionList() {
-  const { t } = useTranslation();
-  const { data: sessions, isLoading } = useGetSessionsQuery();
-  const revokeSessionMutation = useRevokeSessionMutation();
-  const revokeAllSessionsMutation = useRevokeAllSessionsMutation();
-  const [visibleCount, setVisibleCount] = useState(PAGE_SIZE);
-
-  const otherSessions = sessions?.filter((s) => !s?.isCurrentDevice) ?? [];
-  const visibleSessions = sessions?.slice(0, visibleCount) ?? [];
-  const hasMore = sessions && visibleCount < sessions.length;
-
-  if (isLoading) {
-    return (
-      <Table verticalSpacing="md">
-        <Table.Thead>
-          <Table.Tr>
-            <Table.Th>{t("Device Name")}</Table.Th>
-            <Table.Th>{t("Last Active")}</Table.Th>
-            <Table.Th />
-          </Table.Tr>
-        </Table.Thead>
-        <Table.Tbody>
-          {[1, 2, 3].map((i) => (
-            <Table.Tr key={i}>
-              <Table.Td>
-                <Group gap="xs">
-                  <Skeleton height={18} width={18} radius="sm" />
-                  <Skeleton height={14} width={140} radius="xs" />
-                </Group>
-              </Table.Td>
-              <Table.Td>
-                <Skeleton height={14} width={120} radius="xs" />
-              </Table.Td>
-              <Table.Td>
-                <Skeleton height={30} width={70} radius="sm" />
-              </Table.Td>
-            </Table.Tr>
-          ))}
-        </Table.Tbody>
-      </Table>
-    );
-  }
-
-  return (
-    <Stack>
-      {otherSessions.length > 0 && (
-        <>
-          <div>
-            <Text fw={500}>{t("Log out of all devices")}</Text>
-            <Group justify="space-between" align="center" mt={4}>
-              <Text size="sm" c="dimmed">
-                {t(
-                  "Log out of all sessions except this device",
-                )}
-              </Text>
-              <Button
-                variant="outline"
-                color="red"
-                size="xs"
-                loading={revokeAllSessionsMutation.isPending}
-                onClick={() => revokeAllSessionsMutation.mutate()}
-              >
-                {t("Log out of all devices")}
-              </Button>
-            </Group>
-          </div>
-          <Divider />
-        </>
-      )}
-
-      <Table verticalSpacing="md">
-        <Table.Thead>
-          <Table.Tr>
-            <Table.Th>{t("Device Name")}</Table.Th>
-            <Table.Th>{t("Last Active")}</Table.Th>
-            {otherSessions.length > 0 && <Table.Th />}
-          </Table.Tr>
-        </Table.Thead>
-        <Table.Tbody>
-          {visibleSessions.map((session) => (
-            <Table.Tr key={session.id}>
-              <Table.Td>
-                <Group gap="xs">
-                  <IconDevices size={18} stroke={1.5} />
-                  <div>
-                    <Text size="sm">
-                      {session.deviceName || t("Unknown device")}
-                    </Text>
-                    {session?.isCurrentDevice && (
-                      <Text size="xs" c="blue">
-                        {t("This Device")}
-                      </Text>
-                    )}
-                  </div>
-                </Group>
-              </Table.Td>
-              <Table.Td>
-                <Text size="sm">
-                  {session?.isCurrentDevice
-                    ? t("Now")
-                    : formattedDate(new Date(session.lastActiveAt))}
-                </Text>
-              </Table.Td>
-              {otherSessions.length > 0 && (
-                <Table.Td>
-                  {!session?.isCurrentDevice && (
-                    <Button
-                      variant="outline"
-                      size="xs"
-                      loading={revokeSessionMutation.isPending}
-                      onClick={() =>
-                        revokeSessionMutation.mutate({
-                          sessionId: session.id,
-                        })
-                      }
-                    >
-                      {t("Log out")}
-                    </Button>
-                  )}
-                </Table.Td>
-              )}
-            </Table.Tr>
-          ))}
-        </Table.Tbody>
-      </Table>
-
-      {hasMore && (
-        <Button
-          variant="subtle"
-          size="xs"
-          onClick={() => setVisibleCount((c) => c + PAGE_SIZE)}
-        >
-          {t("Load more")}
-        </Button>
-      )}
-
-      {(!sessions || sessions.length === 0) && (
-        <Text size="sm" c="dimmed" ta="center">
-          {t("No active sessions")}
-        </Text>
-      )}
-    </Stack>
-  );
-}
@@ -1,55 +0,0 @@
-import {
-  useMutation,
-  useQuery,
-  useQueryClient,
-  UseQueryResult,
-} from "@tanstack/react-query";
-import {
-  getSessions,
-  revokeSession,
-  revokeAllSessions,
-} from "@/features/session/services/session-service";
-import { ISession } from "@/features/session/types/session.types";
-import { notifications } from "@mantine/notifications";
-import { useTranslation } from "react-i18next";
-
-export function useGetSessionsQuery(): UseQueryResult<ISession[], Error> {
-  return useQuery({
-    queryKey: ["session-list"],
-    queryFn: () => getSessions(),
-  });
-}
-
-export function useRevokeSessionMutation() {
-  const queryClient = useQueryClient();
-  const { t } = useTranslation();
-
-  return useMutation<void, Error, { sessionId: string }>({
-    mutationFn: (data) => revokeSession(data),
-    onSuccess: () => {
-      notifications.show({ message: t("Session revoked") });
-      queryClient.invalidateQueries({ queryKey: ["session-list"] });
-    },
-    onError: (error) => {
-      const errorMessage = error["response"]?.data?.message;
-      notifications.show({ message: errorMessage, color: "red" });
-    },
-  });
-}
-
-export function useRevokeAllSessionsMutation() {
-  const queryClient = useQueryClient();
-  const { t } = useTranslation();
-
-  return useMutation<void, Error, void>({
-    mutationFn: () => revokeAllSessions(),
-    onSuccess: () => {
-      notifications.show({ message: t("All other sessions revoked") });
-      queryClient.invalidateQueries({ queryKey: ["session-list"] });
-    },
-    onError: (error) => {
-      const errorMessage = error["response"]?.data?.message;
-      notifications.show({ message: errorMessage, color: "red" });
-    },
-  });
-}
@@ -1,17 +0,0 @@
-import api from "@/lib/api-client";
-import { ISession } from "@/features/session/types/session.types";
-
-export async function getSessions(): Promise<ISession[]> {
-  const req = await api.post<{ sessions: ISession[] }>("/sessions");
-  return req.data.sessions;
-}
-
-export async function revokeSession(data: {
-  sessionId: string;
-}): Promise<void> {
-  await api.post("/sessions/revoke", data);
-}
-
-export async function revokeAllSessions(): Promise<void> {
-  await api.post("/sessions/revoke-all");
-}
@@ -1,8 +0,0 @@
-export type ISession = {
-  id: string;
-  deviceName: string | null;
-  geoLocation: string | null;
-  lastActiveAt: string;
-  createdAt: string;
-  isCurrentDevice?: boolean;
-};
@@ -3,7 +3,6 @@ import SpaceMembersList from "@/features/space/components/space-members.tsx";
 import AddSpaceMembersModal from "@/features/space/components/add-space-members-modal.tsx";
 import React from "react";
 import SpaceDetails from "@/features/space/components/space-details.tsx";
-import SpaceSecuritySettings from "@/features/space/components/space-security-settings.tsx";
 import { useSpaceQuery } from "@/features/space/queries/space-query.ts";
 import { useSpaceAbility } from "@/features/space/permissions/use-space-ability.ts";
 import {
@@ -60,14 +59,6 @@ export default function SpaceSettingsModal({
                  <Tabs.Tab fw={500} value="members">
                    {t("Members")}
                  </Tabs.Tab>
-                  {spaceAbility.can(
-                    SpaceCaslAction.Manage,
-                    SpaceCaslSubject.Settings,
-                  ) && (
-                    <Tabs.Tab fw={500} value="security">
-                      {t("Security")}
-                    </Tabs.Tab>
-                  )}
                </Tabs.List>

                <Tabs.Panel value="general">
@@ -100,20 +91,6 @@ export default function SpaceSettingsModal({
                    )}
                  />
                </Tabs.Panel>
-
-                <Tabs.Panel value="security">
-                  <ScrollArea h={580} scrollbarSize={5} pr={8}>
-                    <div style={{ paddingBottom: "100px" }}>
-                      <SpaceSecuritySettings
-                        space={space}
-                        readOnly={spaceAbility.cannot(
-                          SpaceCaslAction.Manage,
-                          SpaceCaslSubject.Settings,
-                        )}
-                      />
-                    </div>
-                  </ScrollArea>
-                </Tabs.Panel>
              </Tabs>
            </div>
          </Modal.Body>
@@ -18,7 +18,7 @@ import {
  ResponsiveSettingsControl,
  ResponsiveSettingsRow,
 } from "@/components/ui/responsive-settings-row.tsx";
-
+import SpacePublicSharingToggle from "@/ee/security/components/space-public-sharing-toggle.tsx";

 interface SpaceDetailsProps {
  spaceId: string;
@@ -27,6 +27,7 @@ interface SpaceDetailsProps {
 export default function SpaceDetails({ spaceId, readOnly }: SpaceDetailsProps) {
  const { t } = useTranslation();
  const { data: space, isLoading, refetch } = useSpaceQuery(spaceId);
+  const showSharingToggle = !readOnly;
  const [exportOpened, { open: openExportModal, close: closeExportModal }] =
    useDisclosure(false);
  const [isIconUploading, setIsIconUploading] = useState(false);
@@ -88,6 +89,13 @@ export default function SpaceDetails({ spaceId, readOnly }: SpaceDetailsProps) {

          <EditSpaceForm space={space} readOnly={readOnly} />

+          {showSharingToggle && (
+            <>
+              <Divider my="lg" />
+              <SpacePublicSharingToggle space={space} />
+            </>
+          )}
+
          {!readOnly && (
            <>
              <Divider my="lg" />
@@ -1,34 +0,0 @@
-import { Text, Divider } from "@mantine/core";
-import React from "react";
-import { useTranslation } from "react-i18next";
-import { ISpace } from "@/features/space/types/space.types.ts";
-import SpacePublicSharingToggle from "@/ee/security/components/space-public-sharing-toggle.tsx";
-import SpaceViewerCommentsToggle from "@/ee/security/components/space-viewer-comments-toggle.tsx";
-
-type SpaceSecuritySettingsProps = {
-  space: ISpace;
-  readOnly?: boolean;
-};
-
-export default function SpaceSecuritySettings({
-  space,
-  readOnly,
-}: SpaceSecuritySettingsProps) {
-  const { t } = useTranslation();
-
-  if (readOnly) return null;
-
-  return (
-    <div>
-      <Text my="md" fw={600}>
-        {t("Security")}
-      </Text>
-
-      <SpacePublicSharingToggle space={space} />
-
-      <Divider my="lg" />
-
-      <SpaceViewerCommentsToggle space={space} />
-    </div>
-  );
-}
@@ -9,13 +9,8 @@ export interface ISpaceSharingSettings {
  disabled?: boolean;
 }

-export interface ISpaceCommentsSettings {
-  allowViewerComments?: boolean;
-}
-
 export interface ISpaceSettings {
  sharing?: ISpaceSharingSettings;
-  comments?: ISpaceCommentsSettings;
 }

 export interface ISpace {
@@ -34,7 +29,6 @@ export interface ISpace {
  settings?: ISpaceSettings;
  // for updates
  disablePublicSharing?: boolean;
-  allowViewerComments?: boolean;
 }

 interface IMembership {
@@ -1,8 +1,9 @@
 import { useAtom } from "jotai";
+import { focusAtom } from "jotai-optics";
 import { z } from "zod/v4";
 import { useForm } from "@mantine/form";
 import { zod4Resolver } from "mantine-form-zod-resolver";
-import { userAtom } from "@/features/user/atoms/current-user-atom.ts";
+import { currentUserAtom } from "@/features/user/atoms/current-user-atom.ts";
 import { updateUser } from "@/features/user/services/user-service.ts";
 import { IUser } from "@/features/user/types/user.types.ts";
 import { useState } from "react";
@@ -16,15 +17,18 @@ const formSchema = z.object({

 type FormValues = z.infer<typeof formSchema>;

+const userAtom = focusAtom(currentUserAtom, (optic) => optic.prop("user"));
+
 export default function AccountNameForm() {
  const { t } = useTranslation();
  const [isLoading, setIsLoading] = useState(false);
-  const [user, setUser] = useAtom(userAtom);
+  const [currentUser] = useAtom(currentUserAtom);
+  const [, setUser] = useAtom(userAtom);

  const form = useForm<FormValues>({
    validate: zod4Resolver(formSchema),
    initialValues: {
-      name: user?.name,
+      name: currentUser?.user.name,
    },
  });

@@ -74,12 +74,8 @@ function redirectToLogin() {
  ];
  if (!exemptPaths.some((path) => window.location.pathname.startsWith(path))) {
    const redirectTo = window.location.pathname;
-    if (redirectTo === APP_ROUTE.HOME) {
-      window.location.href = APP_ROUTE.AUTH.LOGIN;
-    } else {
-      const params = new URLSearchParams({ redirect: redirectTo });
-      window.location.href = `${APP_ROUTE.AUTH.LOGIN}?${params.toString()}`;
-    }
+    const params = new URLSearchParams({ redirect: redirectTo });
+    window.location.href = `${APP_ROUTE.AUTH.LOGIN}?${params.toString()}`;
  }
 }

@@ -1,7 +1,6 @@
 import bytes from "bytes";
 import { castToBoolean } from "@/lib/utils.tsx";
 import { AvatarIconType } from "@/features/attachments/types/attachment.types.ts";
-import { sanitizeUrl } from "@docmost/editor-ext";

 declare global {
  interface Window {
@@ -67,7 +66,7 @@ export function getFileUrl(src: string) {
  if (src.startsWith("/files/")) {
    return getBackendUrl() + src;
  }
-  return sanitizeUrl(src);
+  return src;
 }

 export function getFileUploadSizeLimit() {
@@ -53,9 +53,6 @@ function PageContent({ pageSlug }: { pageSlug: string | undefined }) {
  const { data: space } = useGetSpaceBySlugQuery(page?.space?.slug);

  const canEdit = page?.permissions?.canEdit ?? false;
-  const canComment =
-    canEdit ||
-    (space?.settings?.comments?.allowViewerComments === true);

  if (isLoading) {
    return <></>;
@@ -107,7 +104,6 @@ function PageContent({ pageSlug }: { pageSlug: string | undefined }) {
          slugId={page.slugId}
          spaceSlug={page?.space?.slug}
          editable={canEdit}
-          canComment={canComment}
        />
        <MemoizedHistoryModal pageId={page.id} />
      </div>
@@ -8,7 +8,6 @@ import { getAppName } from "@/lib/config.ts";
 import { Helmet } from "react-helmet-async";
 import { useTranslation } from "react-i18next";
 import { AccountMfaSection } from "@/features/user/components/account-mfa-section";
-import SessionList from "@/features/session/components/session-list";

 export default function AccountSettings() {
  const { t } = useTranslation();
@@ -37,10 +36,6 @@ export default function AccountSettings() {
      <Divider my="lg" />

      <AccountMfaSection />
-
-      <Divider my="lg" />
-
-      <SessionList />
    </>
  );
 }
@@ -66,7 +66,6 @@
    "ai": "^6.0.134",
    "ai-sdk-ollama": "^3.8.1",
    "bcrypt": "^6.0.0",
-    "bowser": "^2.14.1",
    "bullmq": "^5.71.0",
    "cache-manager": "^7.2.8",
    "cheerio": "^1.2.0",
@@ -5,7 +5,6 @@ import {
  prosemirrorNodeToYElement,
  tiptapExtensions,
 } from './collaboration.util';
-import { setYjsMark, updateYjsMarkAttribute, YjsSelection } from './yjs.util';
 import * as Y from 'yjs';
 import { User } from '@docmost/db/types/entity.types';

@@ -28,53 +27,6 @@ export class CollaborationHandler {
        //   const fragment = doc.getXmlFragment('default');
        //});
      },
-      setCommentMark: async (
-        documentName: string,
-        payload: {
-          yjsSelection: YjsSelection;
-          commentId: string;
-          resolved: boolean;
-          user: User;
-        },
-      ) => {
-        const { yjsSelection, commentId, resolved, user } = payload;
-        await this.withYdocConnection(
-          hocuspocus,
-          documentName,
-          { user },
-          (doc) => {
-            const fragment = doc.getXmlFragment('default');
-            setYjsMark(doc, fragment, yjsSelection, 'comment', {
-              commentId,
-              resolved,
-            });
-          },
-        );
-      },
-      resolveCommentMark: async (
-        documentName: string,
-        payload: {
-          commentId: string;
-          resolved: boolean;
-          user: User;
-        },
-      ) => {
-        const { commentId, resolved, user } = payload;
-        await this.withYdocConnection(
-          hocuspocus,
-          documentName,
-          { user },
-          (doc) => {
-            const fragment = doc.getXmlFragment('default');
-            updateYjsMarkAttribute(
-              fragment,
-              'comment',
-              { name: 'commentId', value: commentId },
-              { resolved },
-            );
-          },
-        );
-      },
      updatePageContent: async (
        documentName: string,
        payload: {
@@ -106,7 +58,8 @@ export class CollaborationHandler {
            } else {
              const newContent = prosemirrorJson.content || [];
              const yElements = newContent.map(prosemirrorNodeToYElement);
-              const position = operation === 'prepend' ? 0 : fragment.length;
+              const position =
+                operation === 'prepend' ? 0 : fragment.length;
              fragment.insert(position, yElements);
            }
          },
@@ -1,7 +1,7 @@
 import {
  initProseMirrorDoc,
  relativePositionToAbsolutePosition,
-} from '@tiptap/y-tiptap';
+} from 'y-prosemirror';
 import * as Y from 'yjs';
 import { Document } from '@hocuspocus/server';
 import { getSchema } from '@tiptap/core';
@@ -1,22 +0,0 @@
-export const Feature = {
-  SSO_CUSTOM: 'sso:custom',
-  SSO_GOOGLE: 'sso:google',
-  MFA: 'mfa',
-  API_KEYS: 'api:keys',
-  COMMENT_RESOLUTION: 'comment:resolution',
-  PAGE_PERMISSIONS: 'page:permissions',
-  AI: 'ai',
-  CONFLUENCE_IMPORT: 'import:confluence',
-  DOCX_IMPORT: 'import:docx',
-  ATTACHMENT_INDEXING: 'attachment:indexing',
-  SECURITY_SETTINGS: 'security:settings',
-  MCP: 'mcp',
-  SCIM: 'scim',
-  PAGE_VERIFICATION: 'page:verification',
-  AUDIT_LOGS: 'audit:logs',
-  RETENTION: 'retention',
-  SHARING_CONTROLS: 'sharing:controls',
-  VIEWER_COMMENTS: 'comment:viewer',
-} as const;
-
-export type FeatureKey = (typeof Feature)[keyof typeof Feature];
@@ -7,7 +7,6 @@ export interface AuditContext {
  actorId: string | null;
  actorType: 'user' | 'system' | 'api_key';
  ipAddress: string | null;
-  userAgent: string | null;
 }

 export const AUDIT_CONTEXT_KEY = 'auditContext';
@@ -20,15 +19,11 @@ export class AuditContextMiddleware implements NestMiddleware {
    const workspaceId = (req as any).workspaceId ?? null;
    const ipAddress = this.extractIpAddress(req);

-    const userAgent =
-      (req.headers['user-agent'] as string) ?? null;
-
    const auditContext: AuditContext = {
      workspaceId,
      actorId: null,
      actorType: 'user',
      ipAddress,
-      userAgent,
    };

    this.cls.set(AUDIT_CONTEXT_KEY, auditContext);
@@ -70,8 +70,8 @@ export class AttachmentService {
      }

      if (
-        existingAttachment.pageId !== pageId ||
-        existingAttachment.fileExt !== preparedFile.fileExtension ||
+        existingAttachment.pageId !== pageId &&
+        existingAttachment.fileExt !== preparedFile.fileExtension &&
        existingAttachment.workspaceId !== workspaceId
      ) {
        throw new BadRequestException('File attachment does not match');
@@ -5,14 +5,12 @@ import {
  HttpStatus,
  Inject,
  Post,
-  Req,
  Res,
  UseGuards,
  Logger,
 } from '@nestjs/common';
 import { LoginDto } from './dto/login.dto';
 import { AuthService } from './services/auth.service';
-import { SessionService } from '../session/session.service';
 import { SetupGuard } from './guards/setup.guard';
 import { EnvironmentService } from '../../integrations/environment/environment.service';
 import { CreateAdminUserDto } from './dto/create-admin-user.dto';
@@ -24,7 +22,7 @@ import { JwtAuthGuard } from '../../common/guards/jwt-auth.guard';
 import { ForgotPasswordDto } from './dto/forgot-password.dto';
 import { PasswordResetDto } from './dto/password-reset.dto';
 import { VerifyUserTokenDto } from './dto/verify-user-token.dto';
-import { FastifyReply, FastifyRequest } from 'fastify';
+import { FastifyReply } from 'fastify';
 import { validateSsoEnforcement } from './auth.util';
 import { ModuleRef } from '@nestjs/core';
 import { AuditEvent, AuditResource } from '../../common/events/audit-events';
@@ -39,7 +37,6 @@ export class AuthController {

  constructor(
    private authService: AuthService,
-    private sessionService: SessionService,
    private environmentService: EnvironmentService,
    private moduleRef: ModuleRef,
    @Inject(AUDIT_SERVICE) private readonly auditService: IAuditService,
@@ -118,15 +115,8 @@ export class AuthController {
    @Body() dto: ChangePasswordDto,
    @AuthUser() user: User,
    @AuthWorkspace() workspace: Workspace,
-    @Req() req: FastifyRequest,
  ) {
-    const currentSessionId = (req.raw as any).sessionId;
-    return this.authService.changePassword(
-      dto,
-      user.id,
-      workspace.id,
-      currentSessionId,
-    );
+    return this.authService.changePassword(dto, user.id, workspace.id);
  }

  @HttpCode(HttpStatus.OK)
@@ -188,18 +178,8 @@ export class AuthController {
  @Post('logout')
  async logout(
    @AuthUser() user: User,
-    @Req() req: FastifyRequest,
    @Res({ passthrough: true }) res: FastifyReply,
  ) {
-    const sessionId = (req.raw as any).sessionId;
-    if (sessionId) {
-      await this.sessionService.revokeSession(
-        sessionId,
-        user.id,
-        user.workspaceId,
-      );
-    }
-
    res.clearCookie('authToken');

    this.auditService.log({
@@ -212,7 +192,6 @@ export class AuthController {
  setAuthCookie(res: FastifyReply, token: string) {
    res.setCookie('authToken', token, {
      httpOnly: true,
-      sameSite: 'lax',
      path: '/',
      expires: this.environmentService.getCookieExpiresIn(),
      secure: this.environmentService.isHttps(),
@@ -11,7 +11,6 @@ export type JwtPayload = {
  email: string;
  workspaceId: string;
  type: 'access';
-  sessionId?: string;
 };

 export type JwtCollabPayload = {
@@ -8,8 +8,6 @@ import {
 import { LoginDto } from '../dto/login.dto';
 import { CreateUserDto } from '../dto/create-user.dto';
 import { TokenService } from './token.service';
-import { SessionService } from '../../session/session.service';
-import { UserSessionRepo } from '@docmost/db/repos/session/user-session.repo';
 import { SignupService } from './signup.service';
 import { CreateAdminUserDto } from '../dto/create-admin-user.dto';
 import { UserRepo } from '@docmost/db/repos/user/user.repo';
@@ -46,8 +44,6 @@ export class AuthService {
  constructor(
    private signupService: SignupService,
    private tokenService: TokenService,
-    private sessionService: SessionService,
-    private userSessionRepo: UserSessionRepo,
    private userRepo: UserRepo,
    private userTokenRepo: UserTokenRepo,
    private mailService: MailService,
@@ -94,19 +90,19 @@ export class AuthService {
      metadata: { source: 'password' },
    });

-    return this.sessionService.createSessionAndToken(user);
+    return this.tokenService.generateAccessToken(user);
  }

  async register(createUserDto: CreateUserDto, workspaceId: string) {
    const user = await this.signupService.signup(createUserDto, workspaceId);
-    return this.sessionService.createSessionAndToken(user);
+    return this.tokenService.generateAccessToken(user);
  }

  async setup(createAdminUserDto: CreateAdminUserDto) {
    const { workspace, user } =
      await this.signupService.initialSetup(createAdminUserDto);

-    const authToken = await this.sessionService.createSessionAndToken(user);
+    const authToken = await this.tokenService.generateAccessToken(user);
    return { workspace, authToken };
  }

@@ -114,7 +110,6 @@ export class AuthService {
    dto: ChangePasswordDto,
    userId: string,
    workspaceId: string,
-    currentSessionId?: string,
  ): Promise<void> {
    const user = await this.userRepo.findById(userId, workspaceId, {
      includePassword: true,
@@ -143,16 +138,6 @@ export class AuthService {
      workspaceId,
    );

-    if (currentSessionId) {
-      await this.userSessionRepo.deleteAllExceptCurrent(
-        currentSessionId,
-        userId,
-        workspaceId,
-      );
-    } else {
-      await this.userSessionRepo.deleteByUserId(userId, workspaceId);
-    }
-
    this.auditService.log({
      event: AuditEvent.USER_PASSWORD_CHANGED,
      resourceType: AuditResource.USER,
@@ -259,8 +244,6 @@ export class AuthService {
        .execute();
    });

-    await this.userSessionRepo.deleteByUserId(user.id, workspace.id);
-
    this.auditService.setActorId(user.id);
    this.auditService.log({
      event: AuditEvent.USER_PASSWORD_RESET,
@@ -293,7 +276,7 @@ export class AuthService {
      };
    }

-    const authToken = await this.sessionService.createSessionAndToken(user);
+    const authToken = await this.tokenService.generateAccessToken(user);
    return { authToken };
  }

@@ -25,7 +25,7 @@ export class TokenService {
    private environmentService: EnvironmentService,
  ) {}

-  async generateAccessToken(user: User, sessionId: string): Promise<string> {
+  async generateAccessToken(user: User): Promise<string> {
    if (isUserDisabled(user)) {
      throw new ForbiddenException();
    }
@@ -35,7 +35,6 @@ export class TokenService {
      email: user.email,
      workspaceId: user.workspaceId,
      type: JwtType.ACCESS,
-      sessionId,
    };
    return this.jwtService.sign(payload);
  }
@@ -5,8 +5,6 @@ import { EnvironmentService } from '../../../integrations/environment/environmen
 import { JwtApiKeyPayload, JwtPayload, JwtType } from '../dto/jwt-payload';
 import { WorkspaceRepo } from '@docmost/db/repos/workspace/workspace.repo';
 import { UserRepo } from '@docmost/db/repos/user/user.repo';
-import { UserSessionRepo } from '@docmost/db/repos/session/user-session.repo';
-import { SessionActivityService } from '../../session/session-activity.service';
 import { FastifyRequest } from 'fastify';
 import { extractBearerTokenFromHeader, isUserDisabled } from '../../../common/helpers';
 import { ModuleRef } from '@nestjs/core';
@@ -18,8 +16,6 @@ export class JwtStrategy extends PassportStrategy(Strategy, 'jwt') {
  constructor(
    private userRepo: UserRepo,
    private workspaceRepo: WorkspaceRepo,
-    private userSessionRepo: UserSessionRepo,
-    private sessionActivityService: SessionActivityService,
    private readonly environmentService: EnvironmentService,
    private moduleRef: ModuleRef,
  ) {
@@ -61,16 +57,6 @@ export class JwtStrategy extends PassportStrategy(Strategy, 'jwt') {
      throw new UnauthorizedException();
    }

-    if ((payload as JwtPayload).sessionId) {
-      const sessionId = (payload as JwtPayload).sessionId;
-      const session = await this.userSessionRepo.findActiveById(sessionId);
-      if (!session || session.userId !== payload.sub || session.workspaceId !== payload.workspaceId) {
-        throw new UnauthorizedException();
-      }
-      req.raw.sessionId = sessionId;
-      this.sessionActivityService.trackActivity(sessionId, payload.sub, payload.workspaceId);
-    }
-
    return { user, workspace };
  }

@@ -58,13 +58,13 @@ export class CommentController {
      throw new NotFoundException('Page not found');
    }

-    await this.pageAccessService.validateCanComment(page, user, workspace.id);
+    await this.pageAccessService.validateCanEdit(page, user);

    const comment = await this.commentService.create(
      {
+        userId: user.id,
        page,
        workspaceId: workspace.id,
-        user,
      },
      createCommentDto,
    );
@@ -120,7 +120,7 @@ export class CommentController {

  @HttpCode(HttpStatus.OK)
  @Post('update')
-  async update(@Body() dto: UpdateCommentDto, @AuthUser() user: User, @AuthWorkspace() workspace: Workspace) {
+  async update(@Body() dto: UpdateCommentDto, @AuthUser() user: User) {
    const comment = await this.commentRepo.findById(dto.commentId, {
      includeCreator: true,
      includeResolvedBy: true,
@@ -134,14 +134,14 @@ export class CommentController {
      throw new NotFoundException('Page not found');
    }

-    await this.pageAccessService.validateCanComment(page, user, workspace.id);
+    await this.pageAccessService.validateCanEdit(page, user);

    return this.commentService.update(comment, dto, user);
  }

  @HttpCode(HttpStatus.OK)
  @Post('delete')
-  async delete(@Body() input: CommentIdDto, @AuthUser() user: User, @AuthWorkspace() workspace: Workspace) {
+  async delete(@Body() input: CommentIdDto, @AuthUser() user: User) {
    const comment = await this.commentRepo.findById(input.commentId);
    if (!comment) {
      throw new NotFoundException('Comment not found');
@@ -152,7 +152,8 @@ export class CommentController {
      throw new NotFoundException('Page not found');
    }

-    await this.pageAccessService.validateCanComment(page, user, workspace.id);
+    // Check page-level edit permission first
+    await this.pageAccessService.validateCanEdit(page, user);

    // Check if user is the comment owner
    const isOwner = comment.creatorId === user.id;
@@ -168,7 +169,7 @@ export class CommentController {
      // Space admin can delete any comment
      if (ability.cannot(SpaceCaslAction.Manage, SpaceCaslSubject.Settings)) {
        throw new ForbiddenException(
-          'You can only delete your own comments',
+          'You can only delete your own comments or must be a space admin',
        );
      }
      await this.commentRepo.deleteComment(comment.id);
@@ -1,10 +1,8 @@
 import { Module } from '@nestjs/common';
 import { CommentService } from './comment.service';
 import { CommentController } from './comment.controller';
-import { CollaborationModule } from '../../collaboration/collaboration.module';

@Module({
-  imports: [CollaborationModule],
  controllers: [CommentController],
  providers: [CommentService],
  exports: [CommentService],
@@ -7,8 +7,7 @@ import {
 } from '@nestjs/common';
 import { InjectQueue } from '@nestjs/bullmq';
 import { Queue } from 'bullmq';
-import { CreateCommentDto, yjsSelectionSchema } from './dto/create-comment.dto';
-import { CollaborationGateway } from '../../collaboration/collaboration.gateway';
+import { CreateCommentDto } from './dto/create-comment.dto';
 import { UpdateCommentDto } from './dto/update-comment.dto';
 import { CommentRepo } from '@docmost/db/repos/comment/comment.repo';
 import { Comment, Page, User } from '@docmost/db/types/entity.types';
@@ -28,7 +27,6 @@ export class CommentService {
    private commentRepo: CommentRepo,
    private pageRepo: PageRepo,
    private wsService: WsService,
-    private collaborationGateway: CollaborationGateway,
    @InjectQueue(QueueName.GENERAL_QUEUE)
    private generalQueue: Queue,
    @InjectQueue(QueueName.NOTIFICATION_QUEUE)
@@ -47,10 +45,10 @@ export class CommentService {
  }

  async create(
-    opts: { page: Page; workspaceId: string; user: User },
+    opts: { userId: string; page: Page; workspaceId: string },
    createCommentDto: CreateCommentDto,
  ) {
-    const { page, workspaceId, user } = opts;
+    const { userId, page, workspaceId } = opts;
    const commentContent = JSON.parse(createCommentDto.content);

    if (createCommentDto.parentCommentId) {
@@ -73,39 +71,11 @@ export class CommentService {
      selection: createCommentDto?.selection?.substring(0, 250) ?? null,
      type: createCommentDto.type ?? 'page',
      parentCommentId: createCommentDto?.parentCommentId,
-      creatorId: user.id,
+      creatorId: userId,
      workspaceId: workspaceId,
      spaceId: page.spaceId,
    });

-    if (createCommentDto.yjsSelection) {
-      const parsed = yjsSelectionSchema.safeParse(createCommentDto.yjsSelection);
-      if (!parsed.success) {
-        this.logger.warn(
-          `Invalid yjsSelection for comment ${inserted.id}: ${parsed.error.message}`,
-        );
-      } else {
-        const documentName = `page.${page.id}`;
-        try {
-          await this.collaborationGateway.handleYjsEvent(
-            'setCommentMark',
-            documentName,
-            {
-              yjsSelection: parsed.data,
-              commentId: inserted.id,
-              resolved: false,
-              user,
-            },
-          );
-        } catch (error) {
-          this.logger.warn(
-            `Failed to apply comment mark for comment ${inserted.id}, comment saved without inline highlight`,
-            error,
-          );
-        }
-      }
-    }
-
    const comment = await this.commentRepo.findById(inserted.id, {
      includeCreator: true,
      includeResolvedBy: true,
@@ -113,7 +83,7 @@ export class CommentService {

    this.generalQueue
      .add(QueueJob.ADD_PAGE_WATCHERS, {
-        userIds: [user.id],
+        userIds: [userId],
        pageId: page.id,
        spaceId: page.spaceId,
        workspaceId,
@@ -131,7 +101,7 @@ export class CommentService {
      page.id,
      page.spaceId,
      workspaceId,
-      user.id,
+      userId,
      !isReply,
      createCommentDto.parentCommentId,
    );
@@ -1,22 +1,4 @@
-import { IsIn, IsJSON, IsObject, IsOptional, IsString, IsUUID } from 'class-validator';
-import { z } from 'zod';
-
-const yjsIdSchema = z.object({
-  client: z.number().int().nonnegative(),
-  clock: z.number().int().nonnegative(),
-});
-
-const yjsRelativePositionSchema = z.object({
-  type: yjsIdSchema,
-  tname: z.string().nullable(),
-  item: yjsIdSchema.nullable(),
-  assoc: z.number().int(),
-});
-
-export const yjsSelectionSchema = z.object({
-  anchor: yjsRelativePositionSchema,
-  head: yjsRelativePositionSchema,
-});
+import { IsIn, IsJSON, IsOptional, IsString, IsUUID } from 'class-validator';

 export class CreateCommentDto {
  @IsString()
@@ -36,11 +18,4 @@ export class CreateCommentDto {
  @IsOptional()
  @IsUUID()
  parentCommentId: string;
-
-  @IsOptional()
-  @IsObject()
-  yjsSelection?: {
-    anchor: any;
-    head: any;
-  };
 }
@@ -20,7 +20,6 @@ import { AuditContextMiddleware } from '../common/middlewares/audit-context.midd
 import { ShareModule } from './share/share.module';
 import { NotificationModule } from './notification/notification.module';
 import { WatcherModule } from './watcher/watcher.module';
-import { SessionModule } from './session/session.module';
 import { ClsMiddleware } from 'nestjs-cls';

@Module({
@@ -39,7 +38,6 @@ import { ClsMiddleware } from 'nestjs-cls';
    ShareModule,
    NotificationModule,
    WatcherModule,
-    SessionModule,
  ],
 })
 export class CoreModule implements NestModule {
@@ -6,14 +6,12 @@ import {
  SpaceCaslAction,
  SpaceCaslSubject,
 } from '../../casl/interfaces/space-ability.type';
-import { SpaceRepo } from '@docmost/db/repos/space/space.repo';

@Injectable()
 export class PageAccessService {
  constructor(
    private readonly pagePermissionRepo: PagePermissionRepo,
    private readonly spaceAbility: SpaceAbilityFactory,
-    private readonly spaceRepo: SpaceRepo,
  ) {}

  /**
@@ -101,25 +99,4 @@ export class PageAccessService {

    return { hasRestriction: hasAnyRestriction };
  }
-
-  async validateCanComment(
-    page: Page,
-    user: User,
-    workspaceId: string,
-  ): Promise<void> {
-    try {
-      await this.validateCanEdit(page, user);
-      return;
-    } catch {
-      // User cannot edit — check if reader commenting is enabled
-    }
-
-    await this.validateCanView(page, user);
-
-    const space = await this.spaceRepo.findById(page.spaceId, workspaceId);
-    const settings = space?.settings as Record<string, any> | null;
-    if (!settings?.comments?.allowViewerComments) {
-      throw new ForbiddenException();
-    }
-  }
 }
@@ -1,7 +0,0 @@
-import { IsNotEmpty, IsUUID } from 'class-validator';
-
-export class RevokeSessionDto {
-  @IsUUID()
-  @IsNotEmpty()
-  sessionId: string;
-}
@@ -1,36 +0,0 @@
-import { Injectable } from '@nestjs/common';
-import { RedisService } from '@nestjs-labs/nestjs-ioredis';
-import type { Redis } from 'ioredis';
-import { UserSessionRepo } from '@docmost/db/repos/session/user-session.repo';
-import { UserRepo } from '@docmost/db/repos/user/user.repo';
-
-const THROTTLE_SECONDS = 15 * 60; // 15 minutes
-
-@Injectable()
-export class SessionActivityService {
-  private readonly redis: Redis;
-
-  constructor(
-    private readonly redisService: RedisService,
-    private readonly userSessionRepo: UserSessionRepo,
-    private readonly userRepo: UserRepo,
-  ) {
-    this.redis = this.redisService.getOrThrow();
-  }
-
-  trackActivity(sessionId: string, userId: string, workspaceId: string): void {
-    const key = `session:activity:${sessionId}`;
-
-    this.redis
-      .set(key, '1', 'EX', THROTTLE_SECONDS, 'NX')
-      .then((result) => {
-        if (result === null) return; // key already exists, throttled
-
-        this.userSessionRepo.updateLastActiveAt(sessionId).catch(() => {});
-        this.userRepo
-          .updateUser({ lastActiveAt: new Date() }, userId, workspaceId)
-          .catch(() => {});
-      })
-      .catch(() => {});
-  }
-}
@@ -1,80 +0,0 @@
-import {
-  BadRequestException,
-  Body,
-  Controller,
-  HttpCode,
-  HttpStatus,
-  Post,
-  Req,
-  UseGuards,
-} from '@nestjs/common';
-import { SessionService } from './session.service';
-import { JwtAuthGuard } from '../../common/guards/jwt-auth.guard';
-import { AuthUser } from '../../common/decorators/auth-user.decorator';
-import { AuthWorkspace } from '../../common/decorators/auth-workspace.decorator';
-import { User, Workspace } from '@docmost/db/types/entity.types';
-import { RevokeSessionDto } from './dto/revoke-session.dto';
-import { FastifyRequest } from 'fastify';
-
-@UseGuards(JwtAuthGuard)
-@Controller('sessions')
-export class SessionController {
-  constructor(private readonly sessionService: SessionService) {}
-
-  @HttpCode(HttpStatus.OK)
-  @Post()
-  async listSessions(
-    @AuthUser() user: User,
-    @AuthWorkspace() workspace: Workspace,
-    @Req() req: FastifyRequest,
-  ) {
-    const currentSessionId = (req.raw as any).sessionId ?? null;
-    const sessions = await this.sessionService.getActiveSessions(
-      user.id,
-      workspace.id,
-      currentSessionId,
-    );
-    return { sessions };
-  }
-
-  @HttpCode(HttpStatus.OK)
-  @Post('revoke')
-  async revokeSession(
-    @Body() dto: RevokeSessionDto,
-    @AuthUser() user: User,
-    @AuthWorkspace() workspace: Workspace,
-    @Req() req: FastifyRequest,
-  ) {
-    const currentSessionId = (req.raw as any).sessionId;
-    if (dto.sessionId === currentSessionId) {
-      throw new BadRequestException(
-        'Cannot revoke current session. Use logout instead.',
-      );
-    }
-    await this.sessionService.revokeSession(
-      dto.sessionId,
-      user.id,
-      workspace.id,
-    );
-  }
-
-  @HttpCode(HttpStatus.OK)
-  @Post('revoke-all')
-  async revokeAllSessions(
-    @AuthUser() user: User,
-    @AuthWorkspace() workspace: Workspace,
-    @Req() req: FastifyRequest,
-  ) {
-    const currentSessionId = (req.raw as any).sessionId;
-    if (!currentSessionId) {
-      throw new BadRequestException(
-        'Current session not found. Please log in again.',
-      );
-    }
-    await this.sessionService.revokeAllOtherSessions(
-      currentSessionId,
-      user.id,
-      workspace.id,
-    );
-  }
-}
@@ -1,14 +0,0 @@
-import { Global, Module } from '@nestjs/common';
-import { SessionService } from './session.service';
-import { SessionActivityService } from './session-activity.service';
-import { SessionController } from './session.controller';
-import { TokenModule } from '../auth/token.module';
-
-@Global()
-@Module({
-  imports: [TokenModule],
-  controllers: [SessionController],
-  providers: [SessionService, SessionActivityService],
-  exports: [SessionService, SessionActivityService],
-})
-export class SessionModule {}
@@ -1,127 +0,0 @@
-import { Injectable, Logger } from '@nestjs/common';
-import { Interval } from '@nestjs/schedule';
-import { TokenService } from '../auth/services/token.service';
-import { UserSessionRepo } from '@docmost/db/repos/session/user-session.repo';
-import { EnvironmentService } from '../../integrations/environment/environment.service';
-import { User } from '@docmost/db/types/entity.types';
-import { ClsService } from 'nestjs-cls';
-import {
-  AuditContext,
-  AUDIT_CONTEXT_KEY,
-} from '../../common/middlewares/audit-context.middleware';
-import * as Bowser from 'bowser';
-
-const MAX_SESSIONS_PER_USER = 25;
-const RETENTION_DAYS = 7;
-
-@Injectable()
-export class SessionService {
-  private readonly logger = new Logger(SessionService.name);
-
-  constructor(
-    private readonly tokenService: TokenService,
-    private readonly userSessionRepo: UserSessionRepo,
-    private readonly environmentService: EnvironmentService,
-    private readonly cls: ClsService,
-  ) {}
-
-  @Interval('session-cleanup', 24 * 60 * 60 * 1000)
-  async cleanupSessions() {
-    try {
-      await this.userSessionRepo.deleteStale(RETENTION_DAYS);
-      await this.userSessionRepo.trimExcessSessions(MAX_SESSIONS_PER_USER);
-      this.logger.debug('Session cleanup completed');
-    } catch (err) {
-      this.logger.error('Session cleanup failed', err);
-    }
-  }
-
-  async createSessionAndToken(user: User): Promise<string> {
-    const auditContext = this.cls.get<AuditContext>(AUDIT_CONTEXT_KEY);
-    const ipAddress = auditContext?.ipAddress ?? null;
-    const userAgent = auditContext?.userAgent ?? null;
-
-    const deviceName = this.parseDeviceName(userAgent);
-    const expiresAt = this.environmentService.getCookieExpiresIn();
-
-    const session = await this.userSessionRepo.insertSession({
-      userId: user.id,
-      workspaceId: user.workspaceId,
-      deviceName,
-      ipAddress,
-      expiresAt,
-    });
-
-    return this.tokenService.generateAccessToken(user, session.id);
-  }
-
-  async getActiveSessions(
-    userId: string,
-    workspaceId: string,
-    currentSessionId: string | null,
-  ) {
-    const sessions = await this.userSessionRepo.findActiveByUser(
-      userId,
-      workspaceId,
-    );
-
-    const mapped = sessions.map((s) => ({
-      id: s.id,
-      deviceName: s.deviceName,
-      geoLocation: s.geoLocation,
-      lastActiveAt: s.lastActiveAt,
-      createdAt: s.createdAt,
-      isCurrentDevice: s.id === currentSessionId,
-    }));
-
-    return mapped.sort((a, b) => {
-      if (a.isCurrentDevice) return -1;
-      if (b.isCurrentDevice) return 1;
-      return 0;
-    });
-  }
-
-  async revokeSession(
-    sessionId: string,
-    userId: string,
-    workspaceId: string,
-  ): Promise<void> {
-    await this.userSessionRepo.revokeById(sessionId, userId, workspaceId);
-  }
-
-  async revokeAllOtherSessions(
-    currentSessionId: string,
-    userId: string,
-    workspaceId: string,
-  ): Promise<void> {
-    await this.userSessionRepo.revokeAllExceptCurrent(
-      currentSessionId,
-      userId,
-      workspaceId,
-    );
-  }
-
-  private parseDeviceName(userAgent: string | null): string | null {
-    if (!userAgent) return null;
-
-    try {
-      const parsed = Bowser.parse(userAgent);
-
-      const os = parsed.os?.name;
-      const browser = parsed.browser?.name;
-      const platformType = parsed.platform?.type;
-
-      if (platformType === 'mobile' || platformType === 'tablet') {
-        return parsed.platform?.model || os || 'Mobile Device';
-      }
-
-      if (os) {
-        return browser ? `${browser} on ${os}` : os;
-      }
-
-      return browser || null;
-    } catch {
-      return null;
-    }
-  }
-}
@@ -11,8 +11,4 @@ export class UpdateSpaceDto extends PartialType(CreateSpaceDto) {
  @IsOptional()
  @IsBoolean()
  disablePublicSharing: boolean;
-
-  @IsOptional()
-  @IsBoolean()
-  allowViewerComments: boolean;
 }
@@ -13,7 +13,6 @@ import { Space, User } from '@docmost/db/types/entity.types';
 import { UpdateSpaceDto } from '../dto/update-space.dto';
 import { executeTx } from '@docmost/db/utils';
 import { InjectKysely } from 'nestjs-kysely';
-import { Feature } from '../../../common/features';
 import { SpaceMemberService } from './space-member.service';
 import { SpaceRole } from '../../../common/helpers/types/permission';
 import { QueueJob, QueueName } from 'src/integrations/queue/constants';
@@ -134,34 +133,17 @@ export class SpaceService {
      }
    }

-    if (
-      typeof updateSpaceDto.disablePublicSharing !== 'undefined' ||
-      typeof updateSpaceDto.allowViewerComments !== 'undefined'
-    ) {
+    if (typeof updateSpaceDto.disablePublicSharing !== 'undefined') {
      const workspace = await this.workspaceRepo.findById(workspaceId, {
        withLicenseKey: true,
      });

      if (
-        typeof updateSpaceDto.disablePublicSharing !== 'undefined' &&
-        !this.licenseCheckService.hasFeature(
-          workspace.licenseKey,
-          Feature.SECURITY_SETTINGS,
-          workspace.plan,
-        )
+        !this.licenseCheckService.hasFeature(workspace.licenseKey, 'security:settings', workspace.plan)
      ) {
-        throw new ForbiddenException('This feature requires a valid license');
-      }
-
-      if (
-        typeof updateSpaceDto.allowViewerComments !== 'undefined' &&
-        !this.licenseCheckService.hasFeature(
-          workspace.licenseKey,
-          Feature.VIEWER_COMMENTS,
-          workspace.plan,
-        )
-      ) {
-        throw new ForbiddenException('This feature requires a valid license');
+        throw new ForbiddenException(
+          'This feature requires a valid license',
+        );
      }
    }

@@ -197,22 +179,6 @@ export class SpaceService {
        }
      }

-      if (typeof updateSpaceDto.allowViewerComments !== 'undefined') {
-        const prev = settingsBefore?.comments?.allowViewerComments ?? false;
-        if (prev !== updateSpaceDto.allowViewerComments) {
-          before.allowViewerComments = prev;
-          after.allowViewerComments = updateSpaceDto.allowViewerComments;
-        }
-
-        await this.spaceRepo.updateCommentSettings(
-          updateSpaceDto.spaceId,
-          workspaceId,
-          'allowViewerComments',
-          updateSpaceDto.allowViewerComments,
-          trx,
-        );
-      }
-
      updatedSpace = await this.spaceRepo.updateSpace(
        {
          name: updateSpaceDto.name,
@@ -1,5 +1,4 @@
-import { IsEnum, IsNotEmpty, IsUUID } from 'class-validator';
-import { UserRole } from '../../../common/helpers/types/permission';
+import { IsNotEmpty, IsString, IsUUID } from 'class-validator';

 export class UpdateWorkspaceUserRoleDto {
  @IsNotEmpty()
@@ -7,6 +6,6 @@ export class UpdateWorkspaceUserRoleDto {
  userId: string;

  @IsNotEmpty()
-  @IsEnum(UserRole)
+  @IsString()
  role: string;
 }
@@ -22,7 +22,6 @@ import InvitationEmail from '@docmost/transactional/emails/invitation-email';
 import { GroupUserRepo } from '@docmost/db/repos/group/group-user.repo';
 import InvitationAcceptedEmail from '@docmost/transactional/emails/invitation-accepted-email';
 import { TokenService } from '../../auth/services/token.service';
-import { SessionService } from '../../session/session.service';
 import { nanoIdGen } from '../../../common/helpers';
 import { PaginationOptions } from '@docmost/db/pagination/pagination-options';
 import { executeWithCursorPagination } from '@docmost/db/pagination/cursor-pagination';
@@ -50,7 +49,6 @@ export class WorkspaceInvitationService {
    private mailService: MailService,
    private domainService: DomainService,
    private tokenService: TokenService,
-    private sessionService: SessionService,
    @InjectKysely() private readonly db: KyselyDB,
    @InjectQueue(QueueName.BILLING_QUEUE) private billingQueue: Queue,
    private readonly environmentService: EnvironmentService,
@@ -352,7 +350,7 @@ export class WorkspaceInvitationService {
      };
    }

-    const authToken = await this.sessionService.createSessionAndToken(newUser);
+    const authToken = await this.tokenService.generateAccessToken(newUser);
    return { authToken };
  }

@@ -7,7 +7,6 @@ import {
  NotFoundException,
 } from '@nestjs/common';
 import { LicenseCheckService } from '../../../integrations/environment/license-check.service';
-import { UserSessionRepo } from '@docmost/db/repos/session/user-session.repo';
 import { CreateWorkspaceDto } from '../dto/create-workspace.dto';
 import { UpdateWorkspaceDto } from '../dto/update-workspace.dto';
 import { SpaceService } from '../../space/services/space.service';
@@ -18,7 +17,6 @@ import { WorkspaceRepo } from '@docmost/db/repos/workspace/workspace.repo';
 import { KyselyDB, KyselyTransaction } from '@docmost/db/types/kysely.types';
 import { executeTx } from '@docmost/db/utils';
 import { InjectKysely } from 'nestjs-kysely';
-import { Feature } from '../../../common/features';
 import { User } from '@docmost/db/types/entity.types';
 import { GroupUserRepo } from '@docmost/db/repos/group/group-user.repo';
 import { GroupRepo } from '@docmost/db/repos/group/group.repo';
@@ -69,7 +67,6 @@ export class WorkspaceService {
    @InjectQueue(QueueName.BILLING_QUEUE) private billingQueue: Queue,
    @InjectQueue(QueueName.AI_QUEUE) private aiQueue: Queue,
    @Inject(AUDIT_SERVICE) private readonly auditService: IAuditService,
-    private userSessionRepo: UserSessionRepo,
  ) {}

  async findById(workspaceId: string) {
@@ -353,7 +350,7 @@ export class WorkspaceService {
        typeof updateWorkspaceDto.trashRetentionDays !== 'undefined' ||
        typeof updateWorkspaceDto.restrictApiToAdmins !== 'undefined'
      ) {
-        if (!this.licenseCheckService.hasFeature(ws.licenseKey, Feature.SECURITY_SETTINGS, ws.plan)) {
+        if (!this.licenseCheckService.hasFeature(ws.licenseKey, 'security:settings', ws.plan)) {
          throw new ForbiddenException(
            'This feature requires a valid license',
          );
@@ -670,15 +667,11 @@ export class WorkspaceService {
      }
    }

-    await executeTx(this.db, async (trx) => {
-      await this.userRepo.updateUser(
-        { deactivatedAt: new Date() },
-        userId,
-        workspaceId,
-        trx,
-      );
-      await this.userSessionRepo.revokeByUserId(userId, workspaceId, trx);
-    });
+    await this.userRepo.updateUser(
+      { deactivatedAt: new Date() },
+      userId,
+      workspaceId,
+    );

    this.auditService.log({
      event: AuditEvent.USER_DEACTIVATED,
@@ -792,8 +785,6 @@ export class WorkspaceService {
      await this.watcherRepo.deleteByUserAndWorkspace(userId, workspaceId, {
        trx,
      });
-
-      await this.userSessionRepo.revokeByUserId(userId, workspaceId, trx);
    });

    this.auditService.log({
@@ -17,7 +17,6 @@ import { KyselyDB } from '@docmost/db/types/kysely.types';
 import * as process from 'node:process';
 import { MigrationService } from '@docmost/db/services/migration.service';
 import { UserTokenRepo } from './repos/user-token/user-token.repo';
-import { UserSessionRepo } from '@docmost/db/repos/session/user-session.repo';
 import { BacklinkRepo } from '@docmost/db/repos/backlink/backlink.repo';
 import { ShareRepo } from '@docmost/db/repos/share/share.repo';
 import { NotificationRepo } from '@docmost/db/repos/notification/notification.repo';
@@ -77,7 +76,6 @@ import { normalizePostgresUrl } from '../common/helpers';
    CommentRepo,
    AttachmentRepo,
    UserTokenRepo,
-    UserSessionRepo,
    BacklinkRepo,
    ShareRepo,
    NotificationRepo,
@@ -97,7 +95,6 @@ import { normalizePostgresUrl } from '../common/helpers';
    CommentRepo,
    AttachmentRepo,
    UserTokenRepo,
-    UserSessionRepo,
    BacklinkRepo,
    ShareRepo,
    NotificationRepo,
@@ -1,45 +0,0 @@
-import { Kysely, sql } from 'kysely';
-
-export async function up(db: Kysely<any>): Promise<void> {
-  await db.schema
-    .createTable('user_sessions')
-    .addColumn('id', 'uuid', (col) =>
-      col.primaryKey().defaultTo(sql`gen_uuid_v7()`),
-    )
-    .addColumn('user_id', 'uuid', (col) =>
-      col.notNull().references('users.id').onDelete('cascade'),
-    )
-    .addColumn('workspace_id', 'uuid', (col) =>
-      col.notNull().references('workspaces.id').onDelete('cascade'),
-    )
-    .addColumn('device_name', 'varchar')
-    .addColumn('user_agent', 'text')
-    .addColumn('ip_address', sql`inet`)
-    .addColumn('geo_location', 'varchar')
-    .addColumn('last_active_at', 'timestamptz', (col) =>
-      col.notNull().defaultTo(sql`now()`),
-    )
-    .addColumn('expires_at', 'timestamptz', (col) => col.notNull())
-    .addColumn('metadata', 'jsonb')
-    .addColumn('revoked_at', 'timestamptz')
-    .addColumn('created_at', 'timestamptz', (col) =>
-      col.notNull().defaultTo(sql`now()`),
-    )
-    .execute();
-
-  await sql`
-    CREATE INDEX idx_user_sessions_active
-    ON user_sessions (user_id, workspace_id, last_active_at DESC)
-    WHERE revoked_at IS NULL
-  `.execute(db);
-
-  await sql`
-    CREATE INDEX idx_user_sessions_revoked
-    ON user_sessions (expires_at)
-    WHERE revoked_at IS NOT NULL
-  `.execute(db);
-}
-
-export async function down(db: Kysely<any>): Promise<void> {
-  await db.schema.dropTable('user_sessions').execute();
-}
@@ -1,162 +0,0 @@
-import {
-  InsertableUserSession,
-  UserSession,
-} from '@docmost/db/types/entity.types';
-import { KyselyDB, KyselyTransaction } from '@docmost/db/types/kysely.types';
-import { dbOrTx } from '@docmost/db/utils';
-import { Injectable } from '@nestjs/common';
-import { InjectKysely } from 'nestjs-kysely';
-import { sql } from 'kysely';
-
-@Injectable()
-export class UserSessionRepo {
-  constructor(@InjectKysely() private readonly db: KyselyDB) {}
-
-  async insertSession(
-    session: InsertableUserSession,
-    trx?: KyselyTransaction,
-  ): Promise<UserSession> {
-    const db = dbOrTx(this.db, trx);
-    return db
-      .insertInto('userSessions')
-      .values(session)
-      .returningAll()
-      .executeTakeFirstOrThrow();
-  }
-
-  async findActiveById(id: string): Promise<UserSession | undefined> {
-    return this.db
-      .selectFrom('userSessions')
-      .selectAll()
-      .where('id', '=', id)
-      .where('expiresAt', '>', new Date())
-      .where('revokedAt', 'is', null)
-      .executeTakeFirst();
-  }
-
-  async findActiveByUser(
-    userId: string,
-    workspaceId: string,
-  ): Promise<UserSession[]> {
-    return this.db
-      .selectFrom('userSessions')
-      .selectAll()
-      .where('userId', '=', userId)
-      .where('workspaceId', '=', workspaceId)
-      .where('expiresAt', '>', new Date())
-      .where('revokedAt', 'is', null)
-      .orderBy('lastActiveAt', 'desc')
-      .execute();
-  }
-
-  async updateLastActiveAt(id: string): Promise<void> {
-    await this.db
-      .updateTable('userSessions')
-      .set({ lastActiveAt: new Date() })
-      .where('id', '=', id)
-      .execute();
-  }
-
-  async revokeById(
-    id: string,
-    userId: string,
-    workspaceId: string,
-  ): Promise<void> {
-    await this.db
-      .updateTable('userSessions')
-      .set({ revokedAt: new Date() })
-      .where('id', '=', id)
-      .where('userId', '=', userId)
-      .where('workspaceId', '=', workspaceId)
-      .where('revokedAt', 'is', null)
-      .execute();
-  }
-
-  async revokeAllExceptCurrent(
-    currentSessionId: string,
-    userId: string,
-    workspaceId: string,
-  ): Promise<void> {
-    await this.db
-      .updateTable('userSessions')
-      .set({ revokedAt: new Date() })
-      .where('userId', '=', userId)
-      .where('workspaceId', '=', workspaceId)
-      .where('id', '!=', currentSessionId)
-      .where('revokedAt', 'is', null)
-      .execute();
-  }
-
-  async revokeByUserId(
-    userId: string,
-    workspaceId: string,
-    trx?: KyselyTransaction,
-  ): Promise<void> {
-    const db = dbOrTx(this.db, trx);
-    await db
-      .updateTable('userSessions')
-      .set({ revokedAt: new Date() })
-      .where('userId', '=', userId)
-      .where('workspaceId', '=', workspaceId)
-      .where('revokedAt', 'is', null)
-      .execute();
-  }
-
-  async deleteByUserId(
-    userId: string,
-    workspaceId: string,
-  ): Promise<void> {
-    await this.db
-      .deleteFrom('userSessions')
-      .where('userId', '=', userId)
-      .where('workspaceId', '=', workspaceId)
-      .execute();
-  }
-
-  async deleteAllExceptCurrent(
-    currentSessionId: string,
-    userId: string,
-    workspaceId: string,
-  ): Promise<void> {
-    await this.db
-      .deleteFrom('userSessions')
-      .where('userId', '=', userId)
-      .where('workspaceId', '=', workspaceId)
-      .where('id', '!=', currentSessionId)
-      .execute();
-  }
-
-  async deleteStale(retentionDays: number): Promise<void> {
-    const cutoff = new Date(Date.now() - retentionDays * 24 * 60 * 60 * 1000);
-    await this.db
-      .deleteFrom('userSessions')
-      .where((eb) =>
-        eb.or([
-          eb('revokedAt', '<', cutoff),
-          eb('expiresAt', '<', cutoff),
-        ]),
-      )
-      .execute();
-  }
-
-  async trimExcessSessions(maxPerUser: number): Promise<void> {
-    const overflowed = await this.db
-      .selectFrom('userSessions')
-      .select(['userId', 'workspaceId'])
-      .groupBy(['userId', 'workspaceId'])
-      .having(sql`COUNT(*)`, '>', maxPerUser)
-      .execute();
-
-    for (const { userId, workspaceId } of overflowed) {
-      await sql`
-        DELETE FROM user_sessions
-        WHERE id IN (
-          SELECT id FROM user_sessions
-          WHERE user_id = ${userId} AND workspace_id = ${workspaceId}
-          ORDER BY last_active_at DESC
-          OFFSET ${maxPerUser}
-        )
-      `.execute(this.db);
-    }
-  }
-}
@@ -111,28 +111,6 @@ export class SpaceRepo {
      .executeTakeFirst();
  }

-  async updateCommentSettings(
-    spaceId: string,
-    workspaceId: string,
-    prefKey: string,
-    prefValue: string | boolean,
-    trx?: KyselyTransaction,
-  ) {
-    const db = dbOrTx(this.db, trx);
-    return db
-      .updateTable('spaces')
-      .set({
-        settings: sql`COALESCE(settings, '{}'::jsonb)
-          || jsonb_build_object('comments', COALESCE(settings->'comments', '{}'::jsonb)
-          || jsonb_build_object('${sql.raw(prefKey)}', ${sql.lit(prefValue)}))`,
-        updatedAt: new Date(),
-      })
-      .where('id', '=', spaceId)
-      .where('workspaceId', '=', workspaceId)
-      .returningAll()
-      .executeTakeFirst();
-  }
-
  async insertSpace(
    insertableSpace: InsertableSpace,
    trx?: KyselyTransaction,
@@ -429,21 +429,6 @@ export interface PagePermissions {
  updatedAt: Generated<Timestamp>;
 }

-export interface UserSessions {
-  id: Generated<string>;
-  userId: string;
-  workspaceId: string;
-  deviceName: string | null;
-  userAgent: string | null;
-  ipAddress: string | null;
-  geoLocation: string | null;
-  metadata: Json | null;
-  lastActiveAt: Generated<Timestamp>;
-  expiresAt: Timestamp;
-  revokedAt: Timestamp | null;
-  createdAt: Generated<Timestamp>;
-}
-
 export interface DB {
  apiKeys: ApiKeys;
  attachments: Attachments;
@@ -466,7 +451,6 @@ export interface DB {
  spaces: Spaces;
  userMfa: UserMfa;
  users: Users;
-  userSessions: UserSessions;
  userTokens: UserTokens;
  watchers: Watchers;
  workspaceInvitations: WorkspaceInvitations;
@@ -22,7 +22,6 @@ import {
  Shares,
  FileTasks,
  UserMfa as _UserMFA,
-  UserSessions,
  ApiKeys,
  Watchers,
  Audit as _Audit,
@@ -158,11 +157,6 @@ export type PagePermission = Selectable<_PagePermissions>;
 export type InsertablePagePermission = Insertable<_PagePermissions>;
 export type UpdatablePagePermission = Updateable<Omit<_PagePermissions, 'id'>>;

-// User Session
-export type UserSession = Selectable<UserSessions>;
-export type InsertableUserSession = Insertable<UserSessions>;
-export type UpdatableUserSession = Updateable<Omit<UserSessions, 'id'>>;
-
 // Audit
 export type Audit = Selectable<_Audit>;
 export type InsertableAudit = Insertable<_Audit>;
@@ -71,10 +71,7 @@ export class StaticModule implements OnModuleInit {

      app.get(RENDER_PATH, (req: any, res: any) => {
        const stream = fs.createReadStream(indexFilePath);
-        res
-          .header('Cache-Control', 'no-cache, no-store, must-revalidate')
-          .type('text/html')
-          .send(stream);
+        res.type('text/html').send(stream);
      });
    }
  }
@@ -65,10 +65,12 @@ export class WsGateway
  async handleMessage(client: Socket, data: any): Promise<void> {
    if (this.wsService.isTreeEvent(data)) {
      await this.wsService.handleTreeEvent(client, data);
+      return;
    }
+
+    client.broadcast.emit('message', data);
  }

-  /*
  @SubscribeMessage('join-room')
  handleJoinRoom(client: Socket, @MessageBody() roomName: string): void {
    // if room is a space, check if user has permissions
@@ -79,7 +81,6 @@ export class WsGateway
  handleLeaveRoom(client: Socket, @MessageBody() roomName: string): void {
    client.leave(roomName);
  }
- */

  onModuleDestroy() {
    if (this.server) {
@@ -27,15 +27,6 @@ export class WsService {
  async handleTreeEvent(client: Socket, data: any): Promise<void> {
    const room = getSpaceRoomName(data.spaceId);

-    if (!client.rooms.has(room)) {
-      return;
-    }
-
-    if (data.operation === 'refetchRootTreeNodeEvent') {
-      client.broadcast.to(room).emit('message', data);
-      return;
-    }
-
    const hasRestrictions = await this.spaceHasRestrictions(data.spaceId);
    if (!hasRestrictions) {
      client.broadcast.to(room).emit('message', data);
@@ -14,5 +14,4 @@ export const TREE_EVENTS = new Set([
  'addTreeNode',
  'moveTreeNode',
  'deleteTreeNode',
-  'refetchRootTreeNodeEvent',
 ]);
@@ -119,12 +119,7 @@
      "express-rate-limit": "8.2.2",
      "minimatch@^3": "3.1.5",
      "minimatch@^5": "5.1.8",
-      "flatted": "3.4.2",
-      "picomatch@<2.3.2": "2.3.2",
-      "picomatch@>=4.0.0 <4.0.4": "4.0.4",
-      "fastify": "5.8.3",
-      "yaml@>=1.0.0 <1.10.3": "1.10.3",
-      "yaml@>=2.0.0 <2.8.3": "2.8.3"
+      "flatted": "3.4.2"
    },
    "neverBuiltDependencies": []
  }
@@ -1,6 +1,5 @@
 import { Node, mergeAttributes } from "@tiptap/core";
 import { ReactNodeViewRenderer } from "@tiptap/react";
-import { sanitizeUrl } from "../utils";

 export interface AttachmentOptions {
  HTMLAttributes: Record<string, any>;
@@ -43,12 +42,9 @@ export const Attachment = Node.create<AttachmentOptions>({
    return {
      url: {
        default: "",
-        parseHTML: (element) => {
-          const url = element.getAttribute("data-attachment-url");
-          return sanitizeUrl(url);
-        },
+        parseHTML: (element) => element.getAttribute("data-attachment-url"),
        renderHTML: (attributes) => ({
-          "data-attachment-url": sanitizeUrl(attributes.url),
+          "data-attachment-url": attributes.url,
        }),
      },
      name: {
@@ -105,7 +101,7 @@ export const Attachment = Node.create<AttachmentOptions>({
      [
        "a",
        {
-          href: sanitizeUrl(HTMLAttributes["data-attachment-url"]),
+          href: HTMLAttributes["data-attachment-url"],
          class: "attachment",
          target: "blank",
        },
@@ -27,11 +27,6 @@ overrides:
  minimatch@^3: 3.1.5
  minimatch@^5: 5.1.8
  flatted: 3.4.2
-  picomatch@<2.3.2: 2.3.2
-  picomatch@>=4.0.0 <4.0.4: 4.0.4
-  fastify: 5.8.3
-  yaml@>=1.0.0 <1.10.3: 1.10.3
-  yaml@>=2.0.0 <2.8.3: 2.8.3

 patchedDependencies:
  '@tiptap/core':
@@ -406,7 +401,7 @@ importers:
        version: 18.3.1
      '@vitejs/plugin-react':
        specifier: ^6.0.0
-        version: 6.0.1(vite@8.0.1(@types/node@22.19.1)(esbuild@0.27.4)(jiti@2.4.2)(less@4.2.0)(sugarss@5.0.1(postcss@8.5.8))(terser@5.39.0)(tsx@4.21.0)(yaml@2.8.3))
+        version: 6.0.1(vite@8.0.1(@types/node@22.19.1)(esbuild@0.27.4)(jiti@2.4.2)(less@4.2.0)(sugarss@5.0.1(postcss@8.5.8))(terser@5.39.0)(tsx@4.21.0)(yaml@2.7.0))
      eslint:
        specifier: ^9.28.0
        version: 9.39.4(jiti@2.4.2)
@@ -445,7 +440,7 @@ importers:
        version: 8.57.1(eslint@9.39.4(jiti@2.4.2))(typescript@5.9.3)
      vite:
        specifier: ^8.0.1
-        version: 8.0.1(@types/node@22.19.1)(esbuild@0.27.4)(jiti@2.4.2)(less@4.2.0)(sugarss@5.0.1(postcss@8.5.8))(terser@5.39.0)(tsx@4.21.0)(yaml@2.8.3)
+        version: 8.0.1(@types/node@22.19.1)(esbuild@0.27.4)(jiti@2.4.2)(less@4.2.0)(sugarss@5.0.1(postcss@8.5.8))(terser@5.39.0)(tsx@4.21.0)(yaml@2.7.0)

  apps/server:
    dependencies:
@@ -557,9 +552,6 @@ importers:
      bcrypt:
        specifier: ^6.0.0
        version: 6.0.0
-      bowser:
-        specifier: ^2.14.1
-        version: 2.14.1
      bullmq:
        specifier: ^5.71.0
        version: 5.71.0
@@ -5848,8 +5840,8 @@ packages:
  boolbase@1.0.0:
    resolution: {integrity: sha512-JZOSA7Mo9sNGB8+UjSgzdLtokWAky1zbztM3WRLCbZ70/3cTANmQmOdR7y2g+J0e2WXywy1yS468tY+IruqEww==}

-  bowser@2.14.1:
-    resolution: {integrity: sha512-tzPjzCxygAKWFOJP011oxFHs57HzIhOEracIgAePE4pqB3LikALKnSzUyU4MGs9/iCEUuHlAJTjTc5M+u7YEGg==}
+  bowser@2.11.0:
+    resolution: {integrity: sha512-AlcaJBi/pqqJBIQ8U9Mcpc9i8Aqxn88Skv5d+xBX006BY5u8N3mGLHa5Lgppa7L/HfwgwLgZ6NYs+Ag6uUmJRA==}

  boxen@5.1.2:
    resolution: {integrity: sha512-9gYgQKXx+1nP8mP7CzFyaUARhg7D3n1dF/FnErWmu9l6JvGpNUN278h0aSb+QjoiKSWG+iZ3uHrcqk0qrY9RQQ==}
@@ -7011,8 +7003,8 @@ packages:
  fastify-plugin@5.1.0:
    resolution: {integrity: sha512-FAIDA8eovSt5qcDgcBvDuX/v0Cjz0ohGhENZ/wpc3y+oZCY2afZ9Baqql3g/lC+OHRnciQol4ww7tuthOb9idw==}

-  fastify@5.8.3:
-    resolution: {integrity: sha512-XJXpRQ41+rsJ/GLeP9vyDC+fBXilcTlEXokMSexkdEkla4uf7ZQNaI5xl3el+kW5TZQulqYxLr659ey/KX7XmQ==}
+  fastify@5.8.2:
+    resolution: {integrity: sha512-lZmt3navvZG915IE+f7/TIVamxIwmBd+OMB+O9WBzcpIwOo6F0LTh0sluoMFk5VkrKTvvrwIaoJPkir4Z+jtAg==}

  fastq@1.17.1:
    resolution: {integrity: sha512-sRVD3lWVIXWg6By68ZN7vho9a1pQcN/WBFaAAsDDFzlJjvoGx0P8z7V1t72grFJfJhu3YPZBuu25f7Kaw2jN1w==}
@@ -7024,7 +7016,7 @@ packages:
    resolution: {integrity: sha512-tIbYtZbucOs0BRGqPJkshJUYdL+SDH7dVM8gjy+ERp3WAUjLEFJE+02kanyHtwjWOnwrKYBiwAmM0p4kLJAnXg==}
    engines: {node: '>=12.0.0'}
    peerDependencies:
-      picomatch: 4.0.4
+      picomatch: ^3 || ^4
    peerDependenciesMeta:
      picomatch:
        optional: true
@@ -8983,12 +8975,16 @@ packages:
  picocolors@1.1.1:
    resolution: {integrity: sha512-xceH2snhtb5M9liqDsmEw56le376mTZkEX/jEb/RxNFyegNul7eNslCXP9FDj/Lcu0X8KEyMceP2ntpaHrDEVA==}

-  picomatch@2.3.2:
-    resolution: {integrity: sha512-V7+vQEJ06Z+c5tSye8S+nHUfI51xoXIXjHQ99cQtKUkQqqO1kO/KCJUfZXuB47h/YBlDhah2H3hdUGXn8ie0oA==}
+  picomatch@2.3.1:
+    resolution: {integrity: sha512-JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA==}
    engines: {node: '>=8.6'}

-  picomatch@4.0.4:
-    resolution: {integrity: sha512-QP88BAKvMam/3NxH6vj2o21R6MjxZUAd6nlwAS/pnGvN9IVLocLHxGYIzFhg6fUQ+5th6P4dv4eW9jX3DSIj7A==}
+  picomatch@4.0.2:
+    resolution: {integrity: sha512-M7BAV6Rlcy5u+m6oPhAPFgJTzAioX/6B0DxyvDlo9l8+T3nLKbrczg2WLUyzd45L8RqfUMyGPzekbMvX2Ldkwg==}
+    engines: {node: '>=12'}
+
+  picomatch@4.0.3:
+    resolution: {integrity: sha512-5gTmgEY/sqK6gFXLIsQNH19lWb4ebPDLA4SdLP7dsWkIXHWlG66oPuVvXSGFPppYZz8ZDZq0dYYrbHfBCVUb1Q==}
    engines: {node: '>=12'}

  pify@4.0.1:
@@ -10457,7 +10453,7 @@ packages:
      sugarss: ^5.0.0
      terser: ^5.16.0
      tsx: ^4.8.1
-      yaml: 2.8.3
+      yaml: ^2.4.2
    peerDependenciesMeta:
      '@types/node':
        optional: true
@@ -10737,13 +10733,13 @@ packages:
  yallist@3.1.1:
    resolution: {integrity: sha512-a4UGQaWPH59mOXUYnAG2ewncQS4i4F43Tv3JoAM+s2VDAmS9NsK8GpDMLrCHPksFT7h3K6TOoUNn2pb7RoXx4g==}

-  yaml@1.10.3:
-    resolution: {integrity: sha512-vIYeF1u3CjlhAFekPPAk2h/Kv4T3mAkMox5OymRiJQB0spDP10LHvt+K7G9Ny6NuuMAb25/6n1qyUjAcGNf/AA==}
+  yaml@1.10.2:
+    resolution: {integrity: sha512-r3vXyErRCYJ7wg28yvBY5VSoAF8ZvlcW9/BwUzEtUsjvX/DKs24dIkuwjtuprwJJHsbyUbLApepYTR1BN4uHrg==}
    engines: {node: '>= 6'}

-  yaml@2.8.3:
-    resolution: {integrity: sha512-AvbaCLOO2Otw/lW5bmh9d/WEdcDFdQp2Z2ZUH3pX9U2ihyUY0nvLv7J6TrWowklRGPYbB/IuIMfYgxaCPg5Bpg==}
-    engines: {node: '>= 14.6'}
+  yaml@2.7.0:
+    resolution: {integrity: sha512-+hSoy/QHluxmC9kCIJyL/uyFmLmc+e5CFR5Wa+bpIhIj85LVb9ZH2nVnqrHoSvKogwODv0ClqZkmiSSaIH5LTA==}
+    engines: {node: '>= 14'}
    hasBin: true

  yargs-parser@18.1.3:
@@ -10870,7 +10866,7 @@ snapshots:
      ajv: 8.18.0
      ajv-formats: 3.0.1(ajv@8.18.0)
      jsonc-parser: 3.3.1
-      picomatch: 4.0.4
+      picomatch: 4.0.2
      rxjs: 7.8.1
      source-map: 0.7.4
    optionalDependencies:
@@ -10881,7 +10877,7 @@ snapshots:
      ajv: 8.18.0
      ajv-formats: 3.0.1(ajv@8.18.0)
      jsonc-parser: 3.3.1
-      picomatch: 4.0.4
+      picomatch: 4.0.2
      rxjs: 7.8.1
      source-map: 0.7.4
    optionalDependencies:
@@ -11385,7 +11381,7 @@ snapshots:
    dependencies:
      '@aws-sdk/types': 3.973.6
      '@smithy/types': 4.13.1
-      bowser: 2.14.1
+      bowser: 2.11.0
      tslib: 2.8.1

  '@aws-sdk/util-user-agent-node@3.973.10':
@@ -13578,7 +13574,7 @@ snapshots:
      '@nestjs/common': 11.1.17(class-transformer@0.5.1)(class-validator@0.15.1)(reflect-metadata@0.2.2)(rxjs@7.8.2)
      '@nestjs/core': 11.1.17(@nestjs/common@11.1.17(class-transformer@0.5.1)(class-validator@0.15.1)(reflect-metadata@0.2.2)(rxjs@7.8.2))(@nestjs/websockets@11.1.17)(reflect-metadata@0.2.2)(rxjs@7.8.2)
      fast-querystring: 1.1.2
-      fastify: 5.8.3
+      fastify: 5.8.2
      fastify-plugin: 5.1.0
      find-my-way: 9.5.0
      light-my-request: 6.6.0
@@ -13714,7 +13710,7 @@ snapshots:
      jsonc-parser: 3.2.0
      npm-run-path: 4.0.1
      picocolors: 1.1.1
-      picomatch: 4.0.4
+      picomatch: 4.0.2
      semver: 7.7.4
      source-map-support: 0.5.19
      tinyglobby: 0.2.15
@@ -13764,7 +13760,7 @@ snapshots:
      chalk: 4.1.2
      enquirer: 2.3.6
      nx: 22.6.1
-      picomatch: 4.0.4
+      picomatch: 4.0.2
      semver: 7.7.4
      tslib: 2.8.1
      yargs-parser: 21.1.1
@@ -16151,10 +16147,10 @@ snapshots:

  '@vercel/oidc@3.1.0': {}

-  '@vitejs/plugin-react@6.0.1(vite@8.0.1(@types/node@22.19.1)(esbuild@0.27.4)(jiti@2.4.2)(less@4.2.0)(sugarss@5.0.1(postcss@8.5.8))(terser@5.39.0)(tsx@4.21.0)(yaml@2.8.3))':
+  '@vitejs/plugin-react@6.0.1(vite@8.0.1(@types/node@22.19.1)(esbuild@0.27.4)(jiti@2.4.2)(less@4.2.0)(sugarss@5.0.1(postcss@8.5.8))(terser@5.39.0)(tsx@4.21.0)(yaml@2.7.0))':
    dependencies:
      '@rolldown/pluginutils': 1.0.0-rc.7
-      vite: 8.0.1(@types/node@22.19.1)(esbuild@0.27.4)(jiti@2.4.2)(less@4.2.0)(sugarss@5.0.1(postcss@8.5.8))(terser@5.39.0)(tsx@4.21.0)(yaml@2.8.3)
+      vite: 8.0.1(@types/node@22.19.1)(esbuild@0.27.4)(jiti@2.4.2)(less@4.2.0)(sugarss@5.0.1(postcss@8.5.8))(terser@5.39.0)(tsx@4.21.0)(yaml@2.7.0)

  '@webassemblyjs/ast@1.14.1':
    dependencies:
@@ -16363,7 +16359,7 @@ snapshots:
  anymatch@3.1.3:
    dependencies:
      normalize-path: 3.0.0
-      picomatch: 2.3.2
+      picomatch: 2.3.1

  arg@4.1.3: {}

@@ -16629,7 +16625,7 @@ snapshots:

  boolbase@1.0.0: {}

-  bowser@2.14.1: {}
+  bowser@2.11.0: {}

  boxen@5.1.2:
    dependencies:
@@ -17011,7 +17007,7 @@ snapshots:
      import-fresh: 3.3.0
      parse-json: 5.2.0
      path-type: 4.0.0
-      yaml: 1.10.3
+      yaml: 1.10.2

  cosmiconfig@8.3.6(typescript@5.9.3):
    dependencies:
@@ -18061,7 +18057,7 @@ snapshots:

  fastify-plugin@5.1.0: {}

-  fastify@5.8.3:
+  fastify@5.8.2:
    dependencies:
      '@fastify/ajv-compiler': 4.0.5
      '@fastify/error': 4.0.0
@@ -18087,9 +18083,9 @@ snapshots:
    dependencies:
      bser: 2.1.1

-  fdir@6.5.0(picomatch@4.0.4):
+  fdir@6.5.0(picomatch@4.0.3):
    optionalDependencies:
-      picomatch: 4.0.4
+      picomatch: 4.0.3

  fflate@0.4.8: {}

@@ -18953,7 +18949,7 @@ snapshots:
      jest-regex-util: 30.0.1
      jest-util: 30.3.0
      jest-worker: 30.3.0
-      picomatch: 4.0.4
+      picomatch: 4.0.3
      walker: 1.0.8
    optionalDependencies:
      fsevents: 2.3.3
@@ -18996,7 +18992,7 @@ snapshots:
      '@types/stack-utils': 2.0.3
      chalk: 4.1.2
      graceful-fs: 4.2.11
-      picomatch: 4.0.4
+      picomatch: 4.0.3
      pretty-format: 30.3.0
      slash: 3.0.0
      stack-utils: 2.0.6
@@ -19124,7 +19120,7 @@ snapshots:
      chalk: 4.1.2
      ci-info: 4.4.0
      graceful-fs: 4.2.11
-      picomatch: 4.0.4
+      picomatch: 4.0.3

  jest-util@30.3.0:
    dependencies:
@@ -19133,7 +19129,7 @@ snapshots:
      chalk: 4.1.2
      ci-info: 4.4.0
      graceful-fs: 4.2.11
-      picomatch: 4.0.4
+      picomatch: 4.0.3

  jest-validate@30.3.0:
    dependencies:
@@ -19701,7 +19697,7 @@ snapshots:
  micromatch@4.0.8:
    dependencies:
      braces: 3.0.3
-      picomatch: 2.3.2
+      picomatch: 2.3.1

  mime-db@1.52.0: {}

@@ -19904,7 +19900,7 @@ snapshots:
      tree-kill: 1.2.2
      tsconfig-paths: 4.2.0
      tslib: 2.8.1
-      yaml: 2.8.3
+      yaml: 2.7.0
      yargs: 17.7.2
      yargs-parser: 21.1.1
    optionalDependencies:
@@ -20269,9 +20265,11 @@ snapshots:

  picocolors@1.1.1: {}

-  picomatch@2.3.2: {}
+  picomatch@2.3.1: {}

-  picomatch@4.0.4: {}
+  picomatch@4.0.2: {}
+
+  picomatch@4.0.3: {}

  pify@4.0.1:
    optional: true
@@ -20902,7 +20900,7 @@ snapshots:

  readdirp@3.6.0:
    dependencies:
-      picomatch: 2.3.2
+      picomatch: 2.3.1

  readdirp@4.0.2: {}

@@ -21604,8 +21602,8 @@ snapshots:

  tinyglobby@0.2.15:
    dependencies:
-      fdir: 6.5.0(picomatch@4.0.4)
-      picomatch: 4.0.4
+      fdir: 6.5.0(picomatch@4.0.3)
+      picomatch: 4.0.3

  tiptap-extension-global-drag-handle@0.1.18: {}

@@ -21996,10 +21994,10 @@ snapshots:

  vary@1.1.2: {}

-  vite@8.0.1(@types/node@22.19.1)(esbuild@0.27.4)(jiti@2.4.2)(less@4.2.0)(sugarss@5.0.1(postcss@8.5.8))(terser@5.39.0)(tsx@4.21.0)(yaml@2.8.3):
+  vite@8.0.1(@types/node@22.19.1)(esbuild@0.27.4)(jiti@2.4.2)(less@4.2.0)(sugarss@5.0.1(postcss@8.5.8))(terser@5.39.0)(tsx@4.21.0)(yaml@2.7.0):
    dependencies:
      lightningcss: 1.32.0
-      picomatch: 4.0.4
+      picomatch: 4.0.3
      postcss: 8.5.8
      rolldown: 1.0.0-rc.10
      tinyglobby: 0.2.15
@@ -22012,7 +22010,7 @@ snapshots:
      sugarss: 5.0.1(postcss@8.5.8)
      terser: 5.39.0
      tsx: 4.21.0
-      yaml: 2.8.3
+      yaml: 2.7.0

  void-elements@3.1.0: {}

@@ -22289,9 +22287,9 @@ snapshots:

  yallist@3.1.1: {}

-  yaml@1.10.3: {}
+  yaml@1.10.2: {}

-  yaml@2.8.3: {}
+  yaml@2.7.0: {}

  yargs-parser@18.1.3:
    dependencies:
Author	SHA1	Message	Date
Philipinho	e9aea1a9e0	fix regex	2026-03-25 09:47:49 +00:00
Philipinho	536dbf5e49	override	2026-03-24 22:16:01 +00:00
Philipinho	3881d62b6b	fix excalidraw package	2026-03-24 21:50:13 +00:00
Philipinho	6bdb0516b2	loader	2026-03-24 21:46:34 +00:00
Philipinho	4730dc2fb9	cleanup	2026-03-24 11:50:07 +00:00
Philipinho	f7a9e82037	fix	2026-03-24 11:43:45 +00:00
Philipinho	aca63b7185	fix page update mutation	2026-03-24 11:30:17 +00:00
Philipinho	5557759f0b	override	2026-03-21 16:45:28 +00:00
Philipinho	08986e701f	overrides	2026-03-21 16:35:58 +00:00
Philipinho	9abbf12864	update	2026-03-21 15:16:56 +00:00