fix(typst-preview): use persistent session to avoid Rc ownership panics

Every call to renderToSvg({ artifactContent }) internally routes through runWithSession, which calls session.free() after fn resolves. Because the JS GC may still hold a reference to the first RenderSession wrapper, the next render's Rc::try_unwrap() panics with 'attempted to take ownership of Rust value while it was borrowed'. Fix: use renderer.createModule(data) once to create a persistent RenderSession that is never freed during the component's lifetime. Subsequent renders call session.manipulateData({ action: 'reset', data }) (synchronous, no ownership transfer) + session.renderToSvg({ container }) which routes through withinOptionSession's renderSession fast-path — bypassing runWithSession and its session.free() entirely. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
fix(typst-preview): use RenderByContentOptions to avoid Rust aliasing
2026-06-19 15:49:50 +00:00 · 2026-06-19 15:22:56 +00:00 · 2026-06-19 14:52:49 +00:00 · 2026-06-19 14:35:26 +00:00 · 2026-06-19 14:05:41 +00:00 · 2026-06-19 13:42:39 +00:00
1163 changed files with 89601 additions and 80000 deletions
@@ -0,0 +1,385 @@
+name: Build and Deploy Verso (prod)
+
+# Production deploy. Triggered only by pushes to the `prod` branch — keep `main`
+# for day-to-day work and fast-forward `prod` when a build is stable.
+#
+# Differences from the test deploy (deploy-verso.yml):
+#   - Runs in the `verso` namespace (test runs in `test`).
+#   - Mongo / Redis / app data live on PersistentVolumeClaims and are applied
+#     idempotently: this workflow NEVER deletes them, so data survives deploys.
+#   - The replica set is initialised only once.
+#   - Builds/pushes a distinct image tag (verso:stable) so prod and test never
+#     clobber each other's image.
+#   - SMTP comes from the `verso-smtp` Secret (create it with kubectl); email is
+#     optional so the app still boots before the secret exists.
+#   - Public self-registration stays off (CE default): friends-only, admin
+#     creates accounts / sends invites.
+#
+# Out of band (do once): create the PVCs (server-ce/k8s/verso-prod-pvcs.yaml,
+# with your storageClass), the `verso-smtp` Secret, and a verso.alocoq.fr
+# Ingress (see server-ce/k8s/verso-prod-ingress.example.yaml) + DNS.
+
+on:
+  push:
+    branches:
+      - prod
+  workflow_dispatch:
+
+env:
+  SITE_URL: https://verso.alocoq.fr
+
+jobs:
+  deploy:
+    runs-on: native
+    timeout-minutes: 240
+
+    steps:
+      - name: Build and push Verso prod image with BuildKit
+        run: |
+          kubectl -n ci delete job verso-buildkit-prod --ignore-not-found=true --wait=true
+
+          cat <<'EOF' | kubectl apply -f -
+          apiVersion: batch/v1
+          kind: Job
+          metadata:
+            name: verso-buildkit-prod
+            namespace: ci
+          spec:
+            backoffLimit: 0
+            template:
+              spec:
+                restartPolicy: Never
+                initContainers:
+                  - name: prepare
+                    image: alpine/git:latest
+                    command: ["sh", "-c"]
+                    args:
+                      - |
+                        set -eux
+                        REG=registry.git.svc.cluster.local:5000
+                        git clone --depth 1 --branch prod https://git.alocoq.fr/alois/verso.git /workspace/repo
+
+                        # Build the base image only when Dockerfile-base changes
+                        # (content-hash tag); otherwise reuse the cached base.
+                        BTAG=$(sha256sum /workspace/repo/server-ce/Dockerfile-base | cut -c1-16)
+                        printf '%s' "$BTAG" > /workspace/base_tag
+                        if wget -qO- "http://$REG/v2/verso-base/tags/list" 2>/dev/null | grep -q "\"base-$BTAG\""; then
+                          echo "Base image base-$BTAG already present - skipping base build"
+                        else
+                          touch /workspace/build-base
+                          echo "Base image base-$BTAG not found - base will be built"
+                        fi
+                    volumeMounts:
+                      - name: workspace
+                        mountPath: /workspace
+
+                containers:
+                  - name: buildkit
+                    image: moby/buildkit:latest
+                    securityContext:
+                      privileged: true
+                    command: ["sh", "-c"]
+                    args:
+                      - |
+                        set -eux
+
+                        REG=registry.git.svc.cluster.local:5000
+
+                        mkdir -p /etc/buildkit
+                        printf '[registry."%s"]\n  http = true\n  insecure = true\n' "$REG" > /etc/buildkit/buildkitd.toml
+
+                        BTAG=$(cat /workspace/base_tag)
+                        BASE_REF="$REG/verso-base:base-$BTAG"
+
+                        if [ -f /workspace/build-base ]; then
+                          buildctl-daemonless.sh build \
+                            --frontend=dockerfile.v0 \
+                            --local context=/workspace/repo \
+                            --local dockerfile=/workspace/repo/server-ce \
+                            --opt filename=Dockerfile-base \
+                            --import-cache type=registry,ref=$REG/verso-cache:base \
+                            --export-cache type=registry,ref=$REG/verso-cache:base,mode=max \
+                            --output type=image,name=$BASE_REF,push=true,registry.insecure=true
+                        else
+                          echo "Reusing existing base image $BASE_REF"
+                        fi
+
+                        # App image → verso:stable (prod tag).
+                        buildctl-daemonless.sh build \
+                          --frontend=dockerfile.v0 \
+                          --local context=/workspace/repo \
+                          --local dockerfile=/workspace/repo/server-ce \
+                          --opt filename=Dockerfile \
+                          --opt build-arg:OVERLEAF_BASE_TAG=$BASE_REF \
+                          --import-cache type=registry,ref=$REG/verso-cache:app \
+                          --export-cache type=registry,ref=$REG/verso-cache:app,mode=max \
+                          --output type=image,name=$REG/verso:stable,push=true,registry.insecure=true
+                    volumeMounts:
+                      - name: workspace
+                        mountPath: /workspace
+
+                volumes:
+                  - name: workspace
+                    emptyDir: {}
+          EOF
+
+      - name: Wait for build
+        run: |
+          kubectl -n ci wait --for=condition=complete job/verso-buildkit-prod --timeout=14400s
+
+      - name: Show build logs
+        if: always()
+        run: |
+          kubectl -n ci logs job/verso-buildkit-prod -c prepare || true
+          kubectl -n ci logs job/verso-buildkit-prod -c buildkit || true
+
+      - name: Ensure data services (Mongo + Redis, never deleted)
+        run: |
+          # Mongo/Redis. Applied idempotently — this step must never delete
+          # these, so project data survives every deploy. The namespace and the
+          # PVCs (server-ce/k8s/verso-prod-pvcs.yaml) are provisioned out of
+          # band, so the runner only needs namespaced rights in `verso` (like
+          # `test`). This step assumes the namespace and the
+          # mongo-data / redis-data / verso-data PVCs already exist.
+          cat <<'EOF' | kubectl apply -f -
+          apiVersion: apps/v1
+          kind: Deployment
+          metadata:
+            name: mongo
+            namespace: verso
+          spec:
+            replicas: 1
+            strategy:
+              type: Recreate
+            selector:
+              matchLabels:
+                app: mongo
+            template:
+              metadata:
+                labels:
+                  app: mongo
+              spec:
+                containers:
+                  - name: mongo
+                    image: mongo:8
+                    command: ["mongod", "--replSet", "rs0", "--bind_ip_all"]
+                    ports:
+                      - containerPort: 27017
+                    volumeMounts:
+                      - name: mongo-data
+                        mountPath: /data/db
+                volumes:
+                  - name: mongo-data
+                    persistentVolumeClaim:
+                      claimName: mongo-data
+          ---
+          apiVersion: v1
+          kind: Service
+          metadata:
+            name: mongo
+            namespace: verso
+          spec:
+            selector:
+              app: mongo
+            ports:
+              - name: mongo
+                port: 27017
+                targetPort: 27017
+          ---
+          apiVersion: apps/v1
+          kind: Deployment
+          metadata:
+            name: redis
+            namespace: verso
+          spec:
+            replicas: 1
+            strategy:
+              type: Recreate
+            selector:
+              matchLabels:
+                app: redis
+            template:
+              metadata:
+                labels:
+                  app: redis
+              spec:
+                containers:
+                  - name: redis
+                    image: redis:7
+                    # AOF persistence so a restart doesn't drop in-flight edits
+                    # before they're flushed to Mongo.
+                    command: ["redis-server", "--appendonly", "yes"]
+                    ports:
+                      - containerPort: 6379
+                    volumeMounts:
+                      - name: redis-data
+                        mountPath: /data
+                volumes:
+                  - name: redis-data
+                    persistentVolumeClaim:
+                      claimName: redis-data
+          ---
+          apiVersion: v1
+          kind: Service
+          metadata:
+            name: redis
+            namespace: verso
+          spec:
+            selector:
+              app: redis
+            ports:
+              - name: redis
+                port: 6379
+                targetPort: 6379
+          EOF
+
+          kubectl -n verso rollout status deployment/mongo --timeout=300s
+          kubectl -n verso rollout status deployment/redis --timeout=300s
+
+      - name: Initialise Mongo replica set (only if not already initialised)
+        run: |
+          kubectl -n verso exec deploy/mongo -- mongosh --quiet --eval '
+          try {
+            rs.status()
+            print("replica set already initialised")
+          } catch (e) {
+            if (e.codeName === "NotYetInitialized" || /no replset config/i.test(e.message)) {
+              rs.initiate({ _id: "rs0", members: [{ _id: 0, host: "mongo:27017" }] })
+              print("replica set initiated")
+            } else {
+              throw e
+            }
+          }
+          '
+          kubectl -n verso exec deploy/mongo -- mongosh --quiet --eval '
+          while (rs.status().myState !== 1) { sleep(1000) }
+          print("Mongo replica set is PRIMARY")
+          '
+
+      - name: Ensure Verso deployment + service
+        run: |
+          # Stamp the instance name with this build number, e.g. "Verso V0.12 Alpha".
+          NAV_TITLE="Verso V0.${GITHUB_RUN_NUMBER:-${GITEA_RUN_NUMBER:-0}} Alpha"
+          cat <<'EOF' | sed "s|__NAV_TITLE__|${NAV_TITLE}|g" | kubectl apply -f -
+          apiVersion: apps/v1
+          kind: Deployment
+          metadata:
+            name: verso
+            namespace: verso
+          spec:
+            replicas: 1
+            # RWO data volume → can't run two pods at once; recreate on update.
+            strategy:
+              type: Recreate
+            selector:
+              matchLabels:
+                app: verso
+            template:
+              metadata:
+                labels:
+                  app: verso
+              spec:
+                securityContext:
+                  # App runs as www-data (uid/gid 33); make the data volume
+                  # group-writable by it.
+                  fsGroup: 33
+                initContainers:
+                  - name: init-data-perms
+                    image: busybox:latest
+                    command: ["sh", "-c"]
+                    args:
+                      - |
+                        set -eux
+                        mkdir -p /data/template_files /data/user_files \
+                          /data/compiles /data/cache /data/output /data/published
+                        chown -R 33:33 /data
+                    volumeMounts:
+                      - name: verso-data
+                        mountPath: /data
+                containers:
+                  - name: verso
+                    image: registry.alocoq.fr/verso:stable
+                    # :stable is a fixed tag, so force a pull on every rollout to
+                    # pick up the freshly built image.
+                    imagePullPolicy: Always
+                    ports:
+                      - containerPort: 80
+                    env:
+                      - name: OVERLEAF_MONGO_URL
+                        value: mongodb://mongo:27017/sharelatex?replicaSet=rs0
+                      - name: OVERLEAF_REDIS_HOST
+                        value: redis
+                      - name: REDIS_HOST
+                        value: redis
+                      - name: OVERLEAF_APP_NAME
+                        value: Verso
+                      - name: OVERLEAF_NAV_TITLE
+                        value: "__NAV_TITLE__"
+                      - name: OVERLEAF_SITE_URL
+                        value: https://verso.alocoq.fr
+                      - name: OVERLEAF_SITE_LANGUAGE
+                        value: fr
+                      # Allow anonymous visitors so public published-presentation
+                      # links and read-only share links work without login.
+                      - name: OVERLEAF_ALLOW_PUBLIC_ACCESS
+                        value: "true"
+                      # NB: anonymous read-AND-write sharing is intentionally NOT
+                      # enabled (compiles are unsandboxed → only trusted accounts
+                      # may trigger them). Public self-registration is also off
+                      # (CE default): admin creates accounts / sends invites.
+                      - name: OVERLEAF_ENABLE_PROJECT_PYTHON_VENV
+                        value: "true"
+                      - name: OVERLEAF_LATEX_SHELL_ESCAPE
+                        value: "true"
+                      # (SMTP email vars are loaded below via envFrom.)
+                    # SMTP for password-reset / invite emails. All
+                    # OVERLEAF_EMAIL_* vars come from the optional 'verso-smtp'
+                    # Secret (its keys must be named exactly like those env
+                    # vars). Optional, so the app boots before the secret exists.
+                    envFrom:
+                      - secretRef:
+                          name: verso-smtp
+                          optional: true
+                    volumeMounts:
+                      - name: verso-data
+                        mountPath: /var/lib/overleaf/data
+                volumes:
+                  - name: verso-data
+                    persistentVolumeClaim:
+                      claimName: verso-data
+          ---
+          apiVersion: v1
+          kind: Service
+          metadata:
+            name: verso
+            namespace: verso
+          spec:
+            selector:
+              app: verso
+            ports:
+              - name: http
+                port: 80
+                targetPort: 80
+          EOF
+
+      - name: Deploy Verso image
+        run: |
+          kubectl -n verso set image deployment/verso \
+            verso=registry.alocoq.fr/verso:stable
+          kubectl -n verso rollout restart deployment/verso
+          kubectl -n verso rollout status deployment/verso --timeout=600s
+
+      - name: Create initial admin (only if no users exist)
+        run: |
+          COUNT=$(kubectl -n verso exec deploy/mongo -- mongosh sharelatex --quiet --eval 'db.users.countDocuments()' | tr -d '[:space:]')
+          if [ "$COUNT" = "0" ]; then
+            echo "No users yet — creating the initial admin account"
+            kubectl -n verso exec deploy/verso -- bash -lc '
+              cd /overleaf/services/web
+              node modules/server-ce-scripts/scripts/create-user \
+                --admin \
+                --email=alois.coquillard@gmail.com
+            '
+          else
+            echo "Users already exist ($COUNT) — skipping admin creation"
+          fi
@@ -0,0 +1,341 @@
+name: Build and Deploy Verso
+
+on:
+  push:
+    branches:
+      - main
+  workflow_dispatch:
+
+env:
+  SITE_URL: https://test.alocoq.fr
+
+jobs:
+  deploy:
+    runs-on: native
+    timeout-minutes: 240
+
+    steps:
+      - name: Build and push Verso images with BuildKit
+        run: |
+          kubectl -n ci delete job verso-buildkit --ignore-not-found=true --wait=true
+
+          cat <<'EOF' | kubectl apply -f -
+          apiVersion: batch/v1
+          kind: Job
+          metadata:
+            name: verso-buildkit
+            namespace: ci
+          spec:
+            backoffLimit: 0
+            template:
+              spec:
+                restartPolicy: Never
+                initContainers:
+                  - name: prepare
+                    image: alpine/git:latest
+                    command: ["sh", "-c"]
+                    args:
+                      - |
+                        set -eux
+                        REG=registry.git.svc.cluster.local:5000
+                        git clone --depth 1 https://git.alocoq.fr/alois/verso.git /workspace/repo
+
+                        # (#1) Build the base image only when it actually changes.
+                        # The base layers' only repo input is Dockerfile-base, so
+                        # we key on a content hash of that file: the base is tagged
+                        # verso-base:base-<hash> and the app builds FROM that exact
+                        # tag. If a base with this hash is already in the registry,
+                        # the heavy base build (apt, TeX Live, Quarto) is skipped.
+                        BTAG=$(sha256sum /workspace/repo/server-ce/Dockerfile-base | cut -c1-16)
+                        printf '%s' "$BTAG" > /workspace/base_tag
+                        if wget -qO- "http://$REG/v2/verso-base/tags/list" 2>/dev/null | grep -q "\"base-$BTAG\""; then
+                          echo "Base image base-$BTAG already present - skipping base build"
+                        else
+                          touch /workspace/build-base
+                          echo "Base image base-$BTAG not found - base will be built"
+                        fi
+                    volumeMounts:
+                      - name: workspace
+                        mountPath: /workspace
+
+                containers:
+                  - name: buildkit
+                    image: moby/buildkit:latest
+                    securityContext:
+                      privileged: true
+                    command: ["sh", "-c"]
+                    args:
+                      - |
+                        set -eux
+
+                        # Push to the in-cluster registry (plain HTTP) to bypass
+                        # the Traefik ingress, whose read timeout was killing the
+                        # multi-GB TeX Live layer upload mid-stream. Mark the
+                        # registry http+insecure so both push and the base pull
+                        # for the app build treat it as plain HTTP. Written inside
+                        # the container so no extra k8s resources are needed.
+                        REG=registry.git.svc.cluster.local:5000
+
+                        mkdir -p /etc/buildkit
+                        printf '[registry."%s"]\n  http = true\n  insecure = true\n' "$REG" > /etc/buildkit/buildkitd.toml
+
+                        BTAG=$(cat /workspace/base_tag)
+                        BASE_REF="$REG/verso-base:base-$BTAG"
+
+                        # (#1) Base build, only when prepare flagged it changed.
+                        # (#2) Import/export a registry layer cache so that, when
+                        # the base does change, unchanged layers (e.g. apt) are
+                        # still reused instead of rebuilt from scratch.
+                        if [ -f /workspace/build-base ]; then
+                          buildctl-daemonless.sh build \
+                            --frontend=dockerfile.v0 \
+                            --local context=/workspace/repo \
+                            --local dockerfile=/workspace/repo/server-ce \
+                            --opt filename=Dockerfile-base \
+                            --import-cache type=registry,ref=$REG/verso-cache:base \
+                            --export-cache type=registry,ref=$REG/verso-cache:base,mode=max \
+                            --output type=image,name=$BASE_REF,push=true,registry.insecure=true
+                        else
+                          echo "Reusing existing base image $BASE_REF"
+                        fi
+
+                        # App image, built FROM the content-pinned base tag.
+                        # (#2) The registry cache lets yarn install be skipped when
+                        # package.json is unchanged; the web build only re-runs
+                        # when the frontend source actually changes.
+                        buildctl-daemonless.sh build \
+                          --frontend=dockerfile.v0 \
+                          --local context=/workspace/repo \
+                          --local dockerfile=/workspace/repo/server-ce \
+                          --opt filename=Dockerfile \
+                          --opt build-arg:OVERLEAF_BASE_TAG=$BASE_REF \
+                          --import-cache type=registry,ref=$REG/verso-cache:app \
+                          --export-cache type=registry,ref=$REG/verso-cache:app,mode=max \
+                          --output type=image,name=$REG/verso:latest,push=true,registry.insecure=true
+                    volumeMounts:
+                      - name: workspace
+                        mountPath: /workspace
+
+                volumes:
+                  - name: workspace
+                    emptyDir: {}
+          EOF
+
+      - name: Wait for build
+        run: |
+          kubectl -n ci wait --for=condition=complete job/verso-buildkit --timeout=14400s
+
+      - name: Show build logs
+        if: always()
+        run: |
+          kubectl -n ci logs job/verso-buildkit -c prepare || true
+          kubectl -n ci logs job/verso-buildkit -c buildkit || true
+
+      - name: Recreate test dependencies
+        run: |
+          kubectl -n test delete deployment mongo redis --ignore-not-found=true --wait=true
+          kubectl -n test delete service mongo redis --ignore-not-found=true --wait=true
+
+          cat <<'EOF' | kubectl apply -f -
+          apiVersion: apps/v1
+          kind: Deployment
+          metadata:
+            name: mongo
+            namespace: test
+          spec:
+            replicas: 1
+            selector:
+              matchLabels:
+                app: mongo
+            template:
+              metadata:
+                labels:
+                  app: mongo
+              spec:
+                containers:
+                  - name: mongo
+                    image: mongo:8
+                    command: ["mongod", "--replSet", "rs0", "--bind_ip_all"]
+                    ports:
+                      - containerPort: 27017
+                    volumeMounts:
+                      - name: mongo-data
+                        mountPath: /data/db
+                volumes:
+                  - name: mongo-data
+                    emptyDir: {}
+          ---
+          apiVersion: v1
+          kind: Service
+          metadata:
+            name: mongo
+            namespace: test
+          spec:
+            selector:
+              app: mongo
+            ports:
+              - name: mongo
+                port: 27017
+                targetPort: 27017
+          ---
+          apiVersion: apps/v1
+          kind: Deployment
+          metadata:
+            name: redis
+            namespace: test
+          spec:
+            replicas: 1
+            selector:
+              matchLabels:
+                app: redis
+            template:
+              metadata:
+                labels:
+                  app: redis
+              spec:
+                containers:
+                  - name: redis
+                    image: redis:7
+                    ports:
+                      - containerPort: 6379
+                    volumeMounts:
+                      - name: redis-data
+                        mountPath: /data
+                volumes:
+                  - name: redis-data
+                    emptyDir: {}
+          ---
+          apiVersion: v1
+          kind: Service
+          metadata:
+            name: redis
+            namespace: test
+          spec:
+            selector:
+              app: redis
+            ports:
+              - name: redis
+                port: 6379
+                targetPort: 6379
+          EOF
+
+          kubectl -n test rollout status deployment/mongo --timeout=180s
+          kubectl -n test rollout status deployment/redis --timeout=180s
+
+          sleep 5
+
+          kubectl -n test exec deploy/mongo -- mongosh --eval '
+          rs.initiate({
+            _id: "rs0",
+            members: [{ _id: 0, host: "mongo:27017" }]
+          })
+          '
+
+          kubectl -n test exec deploy/mongo -- mongosh --eval '
+          while (rs.status().myState !== 1) {
+            sleep(1000)
+          }
+          print("Mongo replica set is PRIMARY")
+          '
+
+      - name: Ensure Verso deployment exists
+        run: |
+          # Stamp the instance name with this build number, e.g. "Verso V0.83 Alpha".
+          NAV_TITLE="Verso V0.${GITHUB_RUN_NUMBER:-${GITEA_RUN_NUMBER:-0}} Alpha"
+          cat <<'EOF' | sed "s|__NAV_TITLE__|${NAV_TITLE}|g" | kubectl apply -f -
+          apiVersion: apps/v1
+          kind: Deployment
+          metadata:
+            name: verso
+            namespace: test
+          spec:
+            replicas: 1
+            selector:
+              matchLabels:
+                app: verso
+            template:
+              metadata:
+                labels:
+                  app: verso
+              spec:
+                containers:
+                  - name: verso
+                    # Pull via the public address: the cluster nodes' containerd
+                    # is configured for registry.alocoq.fr, not the in-cluster
+                    # service name. Both front the same registry storage, so the
+                    # image pushed via the in-cluster address resolves here too.
+                    image: registry.alocoq.fr/verso:latest
+                    ports:
+                      - containerPort: 80
+                    env:
+                      - name: OVERLEAF_MONGO_URL
+                        value: mongodb://mongo:27017/sharelatex?replicaSet=rs0
+                      - name: OVERLEAF_REDIS_HOST
+                        value: redis
+                      - name: REDIS_HOST
+                        value: redis
+                      - name: OVERLEAF_APP_NAME
+                        value: Verso
+                      - name: OVERLEAF_NAV_TITLE
+                        value: "__NAV_TITLE__"
+                      - name: OVERLEAF_SITE_URL
+                        value: https://test.alocoq.fr
+                      # Default UI language for the instance.
+                      - name: OVERLEAF_SITE_LANGUAGE
+                        value: fr
+                      # Allow anonymous visitors to reach the site so link
+                      # sharing and public presentation links work without a
+                      # login. Per-project and per-route access checks still
+                      # apply; private presentation links still require login.
+                      - name: OVERLEAF_ALLOW_PUBLIC_ACCESS
+                        value: "true"
+                      # Also let anonymous visitors use read-AND-write share
+                      # links (edit without an account). Read-only links only
+                      # need OVERLEAF_ALLOW_PUBLIC_ACCESS above.
+                      - name: OVERLEAF_ALLOW_ANONYMOUS_READ_AND_WRITE_SHARING
+                        value: "true"
+                      # Let Quarto Python cells use a project's requirements.txt:
+                      # the compiler installs it into a cached venv. Gated to the
+                      # project owner + invited collaborators (never anonymous /
+                      # link-sharing users).
+                      - name: OVERLEAF_ENABLE_PROJECT_PYTHON_VENV
+                        value: "true"
+                      - name: OVERLEAF_LATEX_SHELL_ESCAPE
+                        value: "true"
+          ---
+          apiVersion: v1
+          kind: Service
+          metadata:
+            name: verso
+            namespace: test
+          spec:
+            selector:
+              app: verso
+            ports:
+              - name: http
+                port: 80
+                targetPort: 80
+          EOF
+
+      - name: Deploy Verso image
+        run: |
+          kubectl -n test set image deployment/verso \
+            verso=registry.alocoq.fr/verso:latest
+
+          kubectl -n test rollout restart deployment/verso
+          kubectl -n test rollout status deployment/verso --timeout=300s
+
+      - name: Create admin user
+        run: |
+          sleep 20
+          kubectl -n test exec deploy/verso -- bash -lc '
+            cd /overleaf/services/web
+            node modules/server-ce-scripts/scripts/create-user \
+              --admin \
+              --email=test@example.com || true
+          '
+
+      - name: Cleanup
+        if: always()
+        run: |
+          kubectl -n ci delete job verso-buildkit --ignore-not-found=true --wait=true
@@ -0,0 +1,16 @@
+diff --git a/dist/index.mjs b/dist/index.mjs
+index b781835b37a1262510bdd66d8d3b399a076e9d68..312c314186d85bb3bc2ab2620e99bca259ef7167 100644
+--- a/dist/index.mjs
+++ b/dist/index.mjs
+@@ -44,10 +44,9 @@ import { z as z2 } from "zod/v4";
+ 
+ // src/tool/types.ts
+ import { z } from "zod/v4";
+-var LATEST_PROTOCOL_VERSION = "2025-11-25";
+var LATEST_PROTOCOL_VERSION = "2025-06-18";
+ var SUPPORTED_PROTOCOL_VERSIONS = [
+   LATEST_PROTOCOL_VERSION,
+-  "2025-06-18",
+   "2025-03-26",
+   "2024-11-05"
+ ];
@@ -0,0 +1,831 @@
+diff --git a/dist/index.cjs b/dist/index.cjs
+index 39215ae..b44cb76 100644
+--- a/dist/index.cjs
+++ b/dist/index.cjs
+@@ -187,16 +187,23 @@ Helper function that returns a transaction spec which inserts a
+ completion's text in the main selection range, and any other
+ selection range that has the same text in front of it.
+ */
+-function insertCompletionText(state$1, text, from, to) {
+function insertCompletionText(state$1, text, from, to, extend) {
+     let { main } = state$1.selection, fromOff = from - main.from, toOff = to - main.from;
+     return Object.assign(Object.assign({}, state$1.changeByRange(range => {
+         if (range != main && from != to &&
+             state$1.sliceDoc(range.from + fromOff, range.from + toOff) != state$1.sliceDoc(from, to))
+             return { range };
+-        let lines = state$1.toText(text);
+        let change = {
+            from: range.from + fromOff,
+            to: to == main.from ? range.to : range.from + toOff,
+            insert: text instanceof state.Text ? text : state$1.toText(text),
+        };
+        if (extend) {
+            extend(state$1, change);
+        }
+         return {
+-            changes: { from: range.from + fromOff, to: to == main.from ? range.to : range.from + toOff, insert: lines },
+-            range: state.EditorSelection.cursor(range.from + fromOff + lines.length)
+            changes: change,
+            range: state.EditorSelection.cursor(change.from + change.insert.length)
+         };
+     })), { scrollIntoView: true, userEvent: "input.complete" });
+ }
+@@ -389,7 +396,9 @@ const completionConfig = state.Facet.define({
+             filterStrict: false,
+             compareCompletions: (a, b) => a.label.localeCompare(b.label),
+             interactionDelay: 75,
+-            updateSyncTime: 100
+            updateSyncTime: 100,
+            // overleaf: default to at top which is default CM6 behaviour
+            unfilteredResultsAtEnd: false
+         }, {
+             defaultKeymap: (a, b) => a && b,
+             closeOnBlur: (a, b) => a && b,
+@@ -744,6 +753,7 @@ function score(option) {
+         (option.type ? 1 : 0);
+ }
+ function sortOptions(active, state) {
+    var _a;
+     let options = [];
+     let sections = null;
+     let addOption = (option) => {
+@@ -763,7 +773,8 @@ function sortOptions(active, state) {
+             let getMatch = a.result.getMatch;
+             if (a.result.filter === false) {
+                 for (let option of a.result.options) {
+-                    addOption(new Option(option, a.source, getMatch ? getMatch(option) : [], 1e9 - options.length));
+                    let defaultScore = conf.unfilteredResultsAtEnd ? -1e9 : 1e9;
+                    addOption(new Option(option, a.source, getMatch ? getMatch(option) : [], defaultScore - options.length));
+                 }
+             }
+             else {
+@@ -790,15 +801,42 @@ function sortOptions(active, state) {
+         }
+     }
+     let result = [], prev = null;
+    const priorityIndices = new Map();
+     let compare = conf.compareCompletions;
+     for (let opt of options.sort((a, b) => (b.score - a.score) || compare(a.completion, b.completion))) {
+        // overleaf: Deduplicate results with dedup options
+        //           The goal is to keep only the highest priority option, in the
+        //           highest scoring position.
+        const key = (_a = opt.completion.deduplicate) === null || _a === void 0 ? void 0 : _a.key;
+        if (key) {
+            // Handle merging specifically for deduplicated items item
+            const currentOptionIndex = priorityIndices.get(key);
+            if (currentOptionIndex === undefined) {
+                priorityIndices.set(key, result.length);
+                result.push(opt);
+                prev = opt.completion;
+            }
+            else {
+                if (result[currentOptionIndex].completion.deduplicate.priority < opt.completion.deduplicate.priority) {
+                    result[currentOptionIndex] = opt;
+                    if (currentOptionIndex === result.length - 1) {
+                        prev = opt.completion;
+                    }
+                }
+            }
+            continue;
+        }
+        // overleaf: end
+         let cur = opt.completion;
+-        if (!prev || prev.label != cur.label || prev.detail != cur.detail ||
+-            (prev.type != null && cur.type != null && prev.type != cur.type) ||
+-            prev.apply != cur.apply || prev.boost != cur.boost)
+        if (!prev || prev.label != cur.label)
+            result.push(opt);
+        // overleaf: we're already handling deduplication, so skip extra merges
+        else if (prev.deduplicate)
+             result.push(opt);
+         else if (score(opt.completion) > score(prev))
+             result[result.length - 1] = opt;
+        else if (opt.completion.info)
+            result[result.length - 1] = opt;
+         prev = opt.completion;
+     }
+     return result;
+@@ -817,8 +855,9 @@ class CompletionDialog {
+             : new CompletionDialog(this.options, makeAttrs(id, selected), this.tooltip, this.timestamp, selected, this.disabled);
+     }
+     static build(active, state, id, prev, conf, didSetActive) {
+-        if (prev && !didSetActive && active.some(s => s.isPending))
+-            return prev.setDisabled();
+        // Overleaf: avoid setting the previous completion state to disabled while completion sources are pending
+        // if (prev && !didSetActive && active.some(s => s.isPending))
+        //   return prev.setDisabled()
+         let options = sortOptions(active, state);
+         if (!options.length)
+             return prev && active.some(a => a.isPending) ? prev.setDisabled() : null;
+@@ -1017,13 +1056,14 @@ const completionState = state.StateField.define({
+         view.EditorView.contentAttributes.from(f, state => state.attrs)
+     ]
+ });
+const getCompletionTooltip = (state) => { var _a; return (_a = state.field(completionState, false)) === null || _a === void 0 ? void 0 : _a.tooltip; };
+ function applyCompletion(view, option) {
+     const apply = option.completion.apply || option.completion.label;
+     let result = view.state.field(completionState).active.find(a => a.source == option.source);
+     if (!(result instanceof ActiveResult))
+         return false;
+     if (typeof apply == "string")
+-        view.dispatch(Object.assign(Object.assign({}, insertCompletionText(view.state, apply, result.from, result.to)), { annotations: pickedCompletion.of(option.completion) }));
+        view.dispatch(Object.assign(Object.assign({}, insertCompletionText(view.state, apply, result.from, result.to, option.completion.extend)), { annotations: pickedCompletion.of(option.completion) }));
+     else
+         apply(view, option.completion, result.from, result.to);
+     return true;
+@@ -1559,20 +1599,42 @@ interpreted as indicating a placeholder.
+ function snippet(template) {
+     let snippet = Snippet.parse(template);
+     return (editor, completion, from, to) => {
+-        let { text, ranges } = snippet.instantiate(editor.state, from);
+-        let { main } = editor.state.selection;
+-        let spec = {
+-            changes: { from, to: to == main.from ? main.to : to, insert: state.Text.of(text) },
+-            scrollIntoView: true,
+-            annotations: completion ? [pickedCompletion.of(completion), state.Transaction.userEvent.of("input.complete")] : undefined
+-        };
+        let { main } = editor.state.selection, fromOff = from - main.from, toOff = to - main.from;
+        let ranges = [];
+        let totalOffset = 0;
+        let spec = Object.assign(Object.assign({}, editor.state.changeByRange(range => {
+            if (range != main && from != to &&
+                editor.state.sliceDoc(range.from + fromOff, range.from + toOff) != editor.state.sliceDoc(from, to))
+                return { range };
+            let { text, ranges: fieldRanges } = snippet.instantiate(editor.state, range.from + fromOff);
+            let change = {
+                from: range.from + fromOff,
+                to: range.from + toOff,
+                insert: state.Text.of(text)
+            };
+            let originalTo = change.to;
+            let offset = change.insert.length + fromOff;
+            if (completion.extend) {
+                completion.extend(editor.state, change);
+                offset += originalTo - change.to;
+            }
+            for (const fieldRange of fieldRanges) {
+                ranges.push(new FieldRange(fieldRange.field, fieldRange.from + totalOffset, fieldRange.to + totalOffset));
+            }
+            totalOffset += offset;
+            return {
+                changes: change,
+                range: state.EditorSelection.cursor(change.from + change.insert.length)
+            };
+        })), { scrollIntoView: true, annotations: completion ? [pickedCompletion.of(completion), state.Transaction.userEvent.of("input.complete")] : undefined, effects: [] });
+         if (ranges.length)
+             spec.selection = fieldSelection(ranges, 0);
+         if (ranges.some(r => r.field > 0)) {
+             let active = new ActiveSnippet(ranges, 0);
+-            let effects = spec.effects = [setActive.of(active)];
+-            if (editor.state.field(snippetState, false) === undefined)
+-                effects.push(state.StateEffect.appendConfig.of([snippetState, addSnippetKeymap, snippetPointerHandler, baseTheme]));
+            spec.effects.push(setActive.of(active));
+            if (editor.state.field(snippetState, false) === undefined) {
+                spec.effects.push(state.StateEffect.appendConfig.of([snippetState, addSnippetKeymap, snippetPointerHandler, baseTheme]));
+            }
+         }
+         editor.dispatch(editor.state.update(spec));
+     };
+@@ -1746,7 +1808,8 @@ const completeAnyWord = context => {
+ const defaults = {
+     brackets: ["(", "[", "{", "'", '"'],
+     before: ")]}:;>",
+-    stringPrefixes: []
+    stringPrefixes: [],
+    buildInsert: (state, range, open, close) => open + close,
+ };
+ const closeBracketEffect = state.StateEffect.define({
+     map(value, mapping) {
+@@ -1854,8 +1917,8 @@ function insertBracket(state$1, bracket) {
+     for (let tok of tokens) {
+         let closed = closing(state.codePointAt(tok, 0));
+         if (bracket == tok)
+-            return closed == tok ? handleSame(state$1, tok, tokens.indexOf(tok + tok + tok) > -1, conf)
+-                : handleOpen(state$1, tok, closed, conf.before || defaults.before);
+            return closed == tok ? handleSame(state$1, tok, tokens.indexOf(tok + tok) > -1, tokens.indexOf(tok + tok + tok) > -1, conf)
+                : handleOpen(state$1, tok, closed, conf.before || defaults.before, conf);
+         if (bracket == closed && closedBracketAt(state$1, state$1.selection.main.from))
+             return handleClose(state$1, tok, closed);
+     }
+@@ -1877,17 +1940,21 @@ function prevChar(doc, pos) {
+     let prev = doc.sliceString(pos - 2, pos);
+     return state.codePointSize(state.codePointAt(prev, 0)) == prev.length ? prev : prev.slice(1);
+ }
+-function handleOpen(state$1, open, close, closeBefore) {
+function handleOpen(state$1, open, close, closeBefore, config) {
+    let buildInsert = config.buildInsert || defaults.buildInsert;
+     let dont = null, changes = state$1.changeByRange(range => {
+        var _a;
+         if (!range.empty)
+             return { changes: [{ insert: open, from: range.from }, { insert: close, from: range.to }],
+                 effects: closeBracketEffect.of(range.to + open.length),
+                 range: state.EditorSelection.range(range.anchor + open.length, range.head + open.length) };
+         let next = nextChar(state$1.doc, range.head);
+-        if (!next || /\s/.test(next) || closeBefore.indexOf(next) > -1)
+-            return { changes: { insert: open + close, from: range.head },
+-                effects: closeBracketEffect.of(range.head + open.length),
+        if (!next || /\s/.test(next) || closeBefore.indexOf(next) > -1) {
+            const insert = (_a = buildInsert(state$1, range, open, close)) !== null && _a !== void 0 ? _a : open + close;
+            return { changes: { insert, from: range.head },
+                effects: insert === open ? [] : closeBracketEffect.of(range.head + open.length),
+                 range: state.EditorSelection.cursor(range.head + open.length) };
+        }
+         return { range: dont = range };
+     });
+     return dont ? null : state$1.update(changes, {
+@@ -1909,18 +1976,36 @@ function handleClose(state$1, _open, close) {
+ }
+ // Handles cases where the open and close token are the same, and
+ // possibly triple quotes (as in `"""abc"""`-style quoting).
+-function handleSame(state$1, token, allowTriple, config) {
+function handleSame(state$1, token, allowDouble, allowTriple, config) {
+     let stringPrefixes = config.stringPrefixes || defaults.stringPrefixes;
+    let buildInsert = config.buildInsert || defaults.buildInsert;
+     let dont = null, changes = state$1.changeByRange(range => {
+        var _a, _b, _c;
+         if (!range.empty)
+             return { changes: [{ insert: token, from: range.from }, { insert: token, from: range.to }],
+                 effects: closeBracketEffect.of(range.to + token.length),
+                 range: state.EditorSelection.range(range.anchor + token.length, range.head + token.length) };
+         let pos = range.head, next = nextChar(state$1.doc, pos), start;
+-        if (next == token) {
+        if (allowTriple && state$1.sliceDoc(pos - 2 * token.length, pos) == token + token &&
+            (start = canStartStringAt(state$1, pos - 2 * token.length, stringPrefixes)) > -1 &&
+            nodeStart(state$1, start)) {
+            return { changes: { insert: token + token + token + token, from: pos },
+                effects: closeBracketEffect.of(pos + token.length),
+                range: state.EditorSelection.cursor(pos + token.length) };
+        }
+        else if (allowDouble && state$1.sliceDoc(pos - token.length, pos) == token &&
+            (start = canStartStringAt(state$1, pos - token.length, stringPrefixes)) > -1 &&
+            nodeStart(state$1, start)) {
+            let insert = (_a = buildInsert(state$1, range, token, token)) !== null && _a !== void 0 ? _a : token + token;
+            return { changes: { insert, from: pos },
+                effects: insert === token ? [] : closeBracketEffect.of(pos + token.length),
+                range: state.EditorSelection.cursor(pos + token.length) };
+        }
+        else if (next == token) {
+             if (nodeStart(state$1, pos)) {
+-                return { changes: { insert: token + token, from: pos },
+-                    effects: closeBracketEffect.of(pos + token.length),
+                let insert = (_b = buildInsert(state$1, range, token, token)) !== null && _b !== void 0 ? _b : token + token;
+                return { changes: { insert, from: pos },
+                    effects: insert === token ? [] : closeBracketEffect.of(pos + token.length),
+                     range: state.EditorSelection.cursor(pos + token.length) };
+             }
+             else if (closedBracketAt(state$1, pos)) {
+@@ -1930,18 +2015,13 @@ function handleSame(state$1, token, allowTriple, config) {
+                     range: state.EditorSelection.cursor(pos + content.length) };
+             }
+         }
+-        else if (allowTriple && state$1.sliceDoc(pos - 2 * token.length, pos) == token + token &&
+-            (start = canStartStringAt(state$1, pos - 2 * token.length, stringPrefixes)) > -1 &&
+-            nodeStart(state$1, start)) {
+-            return { changes: { insert: token + token + token + token, from: pos },
+-                effects: closeBracketEffect.of(pos + token.length),
+-                range: state.EditorSelection.cursor(pos + token.length) };
+-        }
+         else if (state$1.charCategorizer(pos)(next) != state.CharCategory.Word) {
+-            if (canStartStringAt(state$1, pos, stringPrefixes) > -1 && !probablyInString(state$1, pos, token, stringPrefixes))
+-                return { changes: { insert: token + token, from: pos },
+-                    effects: closeBracketEffect.of(pos + token.length),
+            if (canStartStringAt(state$1, pos, stringPrefixes) > -1 && !probablyInString(state$1, pos, token, stringPrefixes)) {
+                const insert = (_c = buildInsert(state$1, range, token, token)) !== null && _c !== void 0 ? _c : token + token;
+                return { changes: { insert, from: pos },
+                    effects: insert === token ? [] : closeBracketEffect.of(pos + token.length),
+                     range: state.EditorSelection.cursor(pos + token.length) };
+            }
+         }
+         return { range: dont = range };
+     });
+@@ -2086,6 +2166,7 @@ exports.completionKeymap = completionKeymap;
+ exports.completionStatus = completionStatus;
+ exports.currentCompletions = currentCompletions;
+ exports.deleteBracketPair = deleteBracketPair;
+exports.getCompletionTooltip = getCompletionTooltip;
+ exports.hasNextSnippetField = hasNextSnippetField;
+ exports.hasPrevSnippetField = hasPrevSnippetField;
+ exports.ifIn = ifIn;
+@@ -2093,8 +2174,10 @@ exports.ifNotIn = ifNotIn;
+ exports.insertBracket = insertBracket;
+ exports.insertCompletionText = insertCompletionText;
+ exports.moveCompletionSelection = moveCompletionSelection;
+exports.nextChar = nextChar;
+ exports.nextSnippetField = nextSnippetField;
+ exports.pickedCompletion = pickedCompletion;
+exports.prevChar = prevChar;
+ exports.prevSnippetField = prevSnippetField;
+ exports.selectedCompletion = selectedCompletion;
+ exports.selectedCompletionIndex = selectedCompletionIndex;
+diff --git a/dist/index.d.cts b/dist/index.d.cts
+index b57b8f6..fce47ab 100644
+--- a/dist/index.d.cts
+++ b/dist/index.d.cts
+@@ -1,6 +1,6 @@
+ import * as _codemirror_state from '@codemirror/state';
+-import { EditorState, ChangeDesc, TransactionSpec, Transaction, StateCommand, Facet, Extension, StateEffect } from '@codemirror/state';
+-import { EditorView, Rect, KeyBinding, Command } from '@codemirror/view';
+import { EditorState, Text, ChangeDesc, TransactionSpec, StateCommand, Transaction, Facet, SelectionRange, Extension, StateEffect } from '@codemirror/state';
+import { EditorView, Rect, KeyBinding, Tooltip, Command } from '@codemirror/view';
+ import * as _lezer_common from '@lezer/common';
+ 
+ /**
+@@ -73,6 +73,19 @@ interface Completion {
+     a `{name}` object.
+     */
+     section?: string | CompletionSection;
+    /**
+    Can be used to alter the change created when the completion is applied
+    */
+    extend?: ExtendCompletion;
+    /**
+    If multiple sources return the same result, use this field to specifiy a
+    deduplication key as well as a priority. For each unique key, only the
+    completion with the highest priority will be shown.
+    */
+    deduplicate?: {
+        key: string;
+        priority: number;
+    };
+ }
+ /**
+ The type returned from
+@@ -306,12 +319,17 @@ This annotation is added to transactions that are produced by
+ picking a completion.
+ */
+ declare const pickedCompletion: _codemirror_state.AnnotationType<Completion>;
+type ExtendCompletion = (state: EditorState, change: {
+    from: number;
+    to: number;
+    insert: string | Text;
+}) => void;
+ /**
+ Helper function that returns a transaction spec which inserts a
+ completion's text in the main selection range, and any other
+ selection range that has the same text in front of it.
+ */
+-declare function insertCompletionText(state: EditorState, text: string, from: number, to: number): TransactionSpec;
+declare function insertCompletionText(state: EditorState, text: string | Text, from: number, to: number, extend?: ExtendCompletion): TransactionSpec;
+ 
+ interface CompletionConfig {
+     /**
+@@ -441,6 +459,10 @@ interface CompletionConfig {
+     milliseconds.
+     */
+     updateSyncTime?: number;
+    /**
+    overleaf: Move unfiltered results after the filtered ones
+    */
+    unfilteredResultsAtEnd?: boolean;
+ }
+ 
+ /**
+@@ -514,6 +536,8 @@ applies the snippet.
+ */
+ declare function snippetCompletion(template: string, completion: Completion): Completion;
+ 
+declare const getCompletionTooltip: (state: EditorState) => Tooltip | undefined | null;
+
+ /**
+ Returns a command that moves the completion selection forward or
+ backward by the given amount.
+@@ -562,6 +586,11 @@ interface CloseBracketConfig {
+     these prefixes before the opening quote.
+     */
+     stringPrefixes?: string[];
+    /**
+    An optional callback for overriding the content that's inserted
+    based on surrounding characters
+    */
+    buildInsert?: (state: EditorState, range: SelectionRange, open: string, close: string) => string;
+ }
+ /**
+ Extension to enable bracket-closing behavior. When a closeable
+@@ -593,6 +622,8 @@ to programmatically insert brackets—the
+ take care of running this for user input.)
+ */
+ declare function insertBracket(state: EditorState, bracket: string): Transaction | null;
+declare function nextChar(doc: Text, pos: number): string;
+declare function prevChar(doc: Text, pos: number): string;
+ 
+ /**
+ Returns an extension that enables autocompletion.
+@@ -636,4 +667,5 @@ the currently selected completion.
+ */
+ declare function setSelectedCompletion(index: number): StateEffect<unknown>;
+ 
+-export { type CloseBracketConfig, type Completion, CompletionContext, type CompletionInfo, type CompletionResult, type CompletionSection, type CompletionSource, acceptCompletion, autocompletion, clearSnippet, closeBrackets, closeBracketsKeymap, closeCompletion, completeAnyWord, completeFromList, completionKeymap, completionStatus, currentCompletions, deleteBracketPair, hasNextSnippetField, hasPrevSnippetField, ifIn, ifNotIn, insertBracket, insertCompletionText, moveCompletionSelection, nextSnippetField, pickedCompletion, prevSnippetField, selectedCompletion, selectedCompletionIndex, setSelectedCompletion, snippet, snippetCompletion, snippetKeymap, startCompletion };
+export { CompletionContext, acceptCompletion, autocompletion, clearSnippet, closeBrackets, closeBracketsKeymap, closeCompletion, completeAnyWord, completeFromList, completionKeymap, completionStatus, currentCompletions, deleteBracketPair, getCompletionTooltip, hasNextSnippetField, hasPrevSnippetField, ifIn, ifNotIn, insertBracket, insertCompletionText, moveCompletionSelection, nextChar, nextSnippetField, pickedCompletion, prevChar, prevSnippetField, selectedCompletion, selectedCompletionIndex, setSelectedCompletion, snippet, snippetCompletion, snippetKeymap, startCompletion };
+export type { CloseBracketConfig, Completion, CompletionInfo, CompletionResult, CompletionSection, CompletionSource };
+diff --git a/dist/index.d.ts b/dist/index.d.ts
+index b57b8f6..fce47ab 100644
+--- a/dist/index.d.ts
+++ b/dist/index.d.ts
+@@ -1,6 +1,6 @@
+ import * as _codemirror_state from '@codemirror/state';
+-import { EditorState, ChangeDesc, TransactionSpec, Transaction, StateCommand, Facet, Extension, StateEffect } from '@codemirror/state';
+-import { EditorView, Rect, KeyBinding, Command } from '@codemirror/view';
+import { EditorState, Text, ChangeDesc, TransactionSpec, StateCommand, Transaction, Facet, SelectionRange, Extension, StateEffect } from '@codemirror/state';
+import { EditorView, Rect, KeyBinding, Tooltip, Command } from '@codemirror/view';
+ import * as _lezer_common from '@lezer/common';
+ 
+ /**
+@@ -73,6 +73,19 @@ interface Completion {
+     a `{name}` object.
+     */
+     section?: string | CompletionSection;
+    /**
+    Can be used to alter the change created when the completion is applied
+    */
+    extend?: ExtendCompletion;
+    /**
+    If multiple sources return the same result, use this field to specifiy a
+    deduplication key as well as a priority. For each unique key, only the
+    completion with the highest priority will be shown.
+    */
+    deduplicate?: {
+        key: string;
+        priority: number;
+    };
+ }
+ /**
+ The type returned from
+@@ -306,12 +319,17 @@ This annotation is added to transactions that are produced by
+ picking a completion.
+ */
+ declare const pickedCompletion: _codemirror_state.AnnotationType<Completion>;
+type ExtendCompletion = (state: EditorState, change: {
+    from: number;
+    to: number;
+    insert: string | Text;
+}) => void;
+ /**
+ Helper function that returns a transaction spec which inserts a
+ completion's text in the main selection range, and any other
+ selection range that has the same text in front of it.
+ */
+-declare function insertCompletionText(state: EditorState, text: string, from: number, to: number): TransactionSpec;
+declare function insertCompletionText(state: EditorState, text: string | Text, from: number, to: number, extend?: ExtendCompletion): TransactionSpec;
+ 
+ interface CompletionConfig {
+     /**
+@@ -441,6 +459,10 @@ interface CompletionConfig {
+     milliseconds.
+     */
+     updateSyncTime?: number;
+    /**
+    overleaf: Move unfiltered results after the filtered ones
+    */
+    unfilteredResultsAtEnd?: boolean;
+ }
+ 
+ /**
+@@ -514,6 +536,8 @@ applies the snippet.
+ */
+ declare function snippetCompletion(template: string, completion: Completion): Completion;
+ 
+declare const getCompletionTooltip: (state: EditorState) => Tooltip | undefined | null;
+
+ /**
+ Returns a command that moves the completion selection forward or
+ backward by the given amount.
+@@ -562,6 +586,11 @@ interface CloseBracketConfig {
+     these prefixes before the opening quote.
+     */
+     stringPrefixes?: string[];
+    /**
+    An optional callback for overriding the content that's inserted
+    based on surrounding characters
+    */
+    buildInsert?: (state: EditorState, range: SelectionRange, open: string, close: string) => string;
+ }
+ /**
+ Extension to enable bracket-closing behavior. When a closeable
+@@ -593,6 +622,8 @@ to programmatically insert brackets—the
+ take care of running this for user input.)
+ */
+ declare function insertBracket(state: EditorState, bracket: string): Transaction | null;
+declare function nextChar(doc: Text, pos: number): string;
+declare function prevChar(doc: Text, pos: number): string;
+ 
+ /**
+ Returns an extension that enables autocompletion.
+@@ -636,4 +667,5 @@ the currently selected completion.
+ */
+ declare function setSelectedCompletion(index: number): StateEffect<unknown>;
+ 
+-export { type CloseBracketConfig, type Completion, CompletionContext, type CompletionInfo, type CompletionResult, type CompletionSection, type CompletionSource, acceptCompletion, autocompletion, clearSnippet, closeBrackets, closeBracketsKeymap, closeCompletion, completeAnyWord, completeFromList, completionKeymap, completionStatus, currentCompletions, deleteBracketPair, hasNextSnippetField, hasPrevSnippetField, ifIn, ifNotIn, insertBracket, insertCompletionText, moveCompletionSelection, nextSnippetField, pickedCompletion, prevSnippetField, selectedCompletion, selectedCompletionIndex, setSelectedCompletion, snippet, snippetCompletion, snippetKeymap, startCompletion };
+export { CompletionContext, acceptCompletion, autocompletion, clearSnippet, closeBrackets, closeBracketsKeymap, closeCompletion, completeAnyWord, completeFromList, completionKeymap, completionStatus, currentCompletions, deleteBracketPair, getCompletionTooltip, hasNextSnippetField, hasPrevSnippetField, ifIn, ifNotIn, insertBracket, insertCompletionText, moveCompletionSelection, nextChar, nextSnippetField, pickedCompletion, prevChar, prevSnippetField, selectedCompletion, selectedCompletionIndex, setSelectedCompletion, snippet, snippetCompletion, snippetKeymap, startCompletion };
+export type { CloseBracketConfig, Completion, CompletionInfo, CompletionResult, CompletionSection, CompletionSource };
+diff --git a/dist/index.js b/dist/index.js
+index 4729223..9361a53 100644
+--- a/dist/index.js
+++ b/dist/index.js
+@@ -1,4 +1,4 @@
+-import { Annotation, StateEffect, EditorSelection, codePointAt, codePointSize, fromCodePoint, Facet, combineConfig, StateField, Prec, Text, Transaction, MapMode, RangeValue, RangeSet, CharCategory } from '@codemirror/state';
+import { Annotation, StateEffect, Text, EditorSelection, codePointAt, codePointSize, fromCodePoint, Facet, combineConfig, StateField, Prec, Transaction, MapMode, RangeValue, RangeSet, CharCategory } from '@codemirror/state';
+ import { Direction, logException, showTooltip, EditorView, ViewPlugin, getTooltip, Decoration, WidgetType, keymap } from '@codemirror/view';
+ import { syntaxTree, indentUnit } from '@codemirror/language';
+ 
+@@ -185,16 +185,23 @@ Helper function that returns a transaction spec which inserts a
+ completion's text in the main selection range, and any other
+ selection range that has the same text in front of it.
+ */
+-function insertCompletionText(state, text, from, to) {
+function insertCompletionText(state, text, from, to, extend) {
+     let { main } = state.selection, fromOff = from - main.from, toOff = to - main.from;
+     return Object.assign(Object.assign({}, state.changeByRange(range => {
+         if (range != main && from != to &&
+             state.sliceDoc(range.from + fromOff, range.from + toOff) != state.sliceDoc(from, to))
+             return { range };
+-        let lines = state.toText(text);
+        let change = {
+            from: range.from + fromOff,
+            to: to == main.from ? range.to : range.from + toOff,
+            insert: text instanceof Text ? text : state.toText(text),
+        };
+        if (extend) {
+            extend(state, change);
+        }
+         return {
+-            changes: { from: range.from + fromOff, to: to == main.from ? range.to : range.from + toOff, insert: lines },
+-            range: EditorSelection.cursor(range.from + fromOff + lines.length)
+            changes: change,
+            range: EditorSelection.cursor(change.from + change.insert.length)
+         };
+     })), { scrollIntoView: true, userEvent: "input.complete" });
+ }
+@@ -387,7 +394,9 @@ const completionConfig = /*@__PURE__*/Facet.define({
+             filterStrict: false,
+             compareCompletions: (a, b) => a.label.localeCompare(b.label),
+             interactionDelay: 75,
+-            updateSyncTime: 100
+            updateSyncTime: 100,
+            // overleaf: default to at top which is default CM6 behaviour
+            unfilteredResultsAtEnd: false
+         }, {
+             defaultKeymap: (a, b) => a && b,
+             closeOnBlur: (a, b) => a && b,
+@@ -742,6 +751,7 @@ function score(option) {
+         (option.type ? 1 : 0);
+ }
+ function sortOptions(active, state) {
+    var _a;
+     let options = [];
+     let sections = null;
+     let addOption = (option) => {
+@@ -761,7 +771,8 @@ function sortOptions(active, state) {
+             let getMatch = a.result.getMatch;
+             if (a.result.filter === false) {
+                 for (let option of a.result.options) {
+-                    addOption(new Option(option, a.source, getMatch ? getMatch(option) : [], 1e9 - options.length));
+                    let defaultScore = conf.unfilteredResultsAtEnd ? -1e9 : 1e9;
+                    addOption(new Option(option, a.source, getMatch ? getMatch(option) : [], defaultScore - options.length));
+                 }
+             }
+             else {
+@@ -788,15 +799,42 @@ function sortOptions(active, state) {
+         }
+     }
+     let result = [], prev = null;
+    const priorityIndices = new Map();
+     let compare = conf.compareCompletions;
+     for (let opt of options.sort((a, b) => (b.score - a.score) || compare(a.completion, b.completion))) {
+        // overleaf: Deduplicate results with dedup options
+        //           The goal is to keep only the highest priority option, in the
+        //           highest scoring position.
+        const key = (_a = opt.completion.deduplicate) === null || _a === void 0 ? void 0 : _a.key;
+        if (key) {
+            // Handle merging specifically for deduplicated items item
+            const currentOptionIndex = priorityIndices.get(key);
+            if (currentOptionIndex === undefined) {
+                priorityIndices.set(key, result.length);
+                result.push(opt);
+                prev = opt.completion;
+            }
+            else {
+                if (result[currentOptionIndex].completion.deduplicate.priority < opt.completion.deduplicate.priority) {
+                    result[currentOptionIndex] = opt;
+                    if (currentOptionIndex === result.length - 1) {
+                        prev = opt.completion;
+                    }
+                }
+            }
+            continue;
+        }
+        // overleaf: end
+         let cur = opt.completion;
+-        if (!prev || prev.label != cur.label || prev.detail != cur.detail ||
+-            (prev.type != null && cur.type != null && prev.type != cur.type) ||
+-            prev.apply != cur.apply || prev.boost != cur.boost)
+        if (!prev || prev.label != cur.label)
+            result.push(opt);
+        // overleaf: we're already handling deduplication, so skip extra merges
+        else if (prev.deduplicate)
+             result.push(opt);
+         else if (score(opt.completion) > score(prev))
+             result[result.length - 1] = opt;
+        else if (opt.completion.info)
+            result[result.length - 1] = opt;
+         prev = opt.completion;
+     }
+     return result;
+@@ -815,8 +853,9 @@ class CompletionDialog {
+             : new CompletionDialog(this.options, makeAttrs(id, selected), this.tooltip, this.timestamp, selected, this.disabled);
+     }
+     static build(active, state, id, prev, conf, didSetActive) {
+-        if (prev && !didSetActive && active.some(s => s.isPending))
+-            return prev.setDisabled();
+        // Overleaf: avoid setting the previous completion state to disabled while completion sources are pending
+        // if (prev && !didSetActive && active.some(s => s.isPending))
+        //   return prev.setDisabled()
+         let options = sortOptions(active, state);
+         if (!options.length)
+             return prev && active.some(a => a.isPending) ? prev.setDisabled() : null;
+@@ -1015,13 +1054,14 @@ const completionState = /*@__PURE__*/StateField.define({
+         EditorView.contentAttributes.from(f, state => state.attrs)
+     ]
+ });
+const getCompletionTooltip = (state) => { var _a; return (_a = state.field(completionState, false)) === null || _a === void 0 ? void 0 : _a.tooltip; };
+ function applyCompletion(view, option) {
+     const apply = option.completion.apply || option.completion.label;
+     let result = view.state.field(completionState).active.find(a => a.source == option.source);
+     if (!(result instanceof ActiveResult))
+         return false;
+     if (typeof apply == "string")
+-        view.dispatch(Object.assign(Object.assign({}, insertCompletionText(view.state, apply, result.from, result.to)), { annotations: pickedCompletion.of(option.completion) }));
+        view.dispatch(Object.assign(Object.assign({}, insertCompletionText(view.state, apply, result.from, result.to, option.completion.extend)), { annotations: pickedCompletion.of(option.completion) }));
+     else
+         apply(view, option.completion, result.from, result.to);
+     return true;
+@@ -1557,20 +1597,42 @@ interpreted as indicating a placeholder.
+ function snippet(template) {
+     let snippet = Snippet.parse(template);
+     return (editor, completion, from, to) => {
+-        let { text, ranges } = snippet.instantiate(editor.state, from);
+-        let { main } = editor.state.selection;
+-        let spec = {
+-            changes: { from, to: to == main.from ? main.to : to, insert: Text.of(text) },
+-            scrollIntoView: true,
+-            annotations: completion ? [pickedCompletion.of(completion), Transaction.userEvent.of("input.complete")] : undefined
+-        };
+        let { main } = editor.state.selection, fromOff = from - main.from, toOff = to - main.from;
+        let ranges = [];
+        let totalOffset = 0;
+        let spec = Object.assign(Object.assign({}, editor.state.changeByRange(range => {
+            if (range != main && from != to &&
+                editor.state.sliceDoc(range.from + fromOff, range.from + toOff) != editor.state.sliceDoc(from, to))
+                return { range };
+            let { text, ranges: fieldRanges } = snippet.instantiate(editor.state, range.from + fromOff);
+            let change = {
+                from: range.from + fromOff,
+                to: range.from + toOff,
+                insert: Text.of(text)
+            };
+            let originalTo = change.to;
+            let offset = change.insert.length + fromOff;
+            if (completion.extend) {
+                completion.extend(editor.state, change);
+                offset += originalTo - change.to;
+            }
+            for (const fieldRange of fieldRanges) {
+                ranges.push(new FieldRange(fieldRange.field, fieldRange.from + totalOffset, fieldRange.to + totalOffset));
+            }
+            totalOffset += offset;
+            return {
+                changes: change,
+                range: EditorSelection.cursor(change.from + change.insert.length)
+            };
+        })), { scrollIntoView: true, annotations: completion ? [pickedCompletion.of(completion), Transaction.userEvent.of("input.complete")] : undefined, effects: [] });
+         if (ranges.length)
+             spec.selection = fieldSelection(ranges, 0);
+         if (ranges.some(r => r.field > 0)) {
+             let active = new ActiveSnippet(ranges, 0);
+-            let effects = spec.effects = [setActive.of(active)];
+-            if (editor.state.field(snippetState, false) === undefined)
+-                effects.push(StateEffect.appendConfig.of([snippetState, addSnippetKeymap, snippetPointerHandler, baseTheme]));
+            spec.effects.push(setActive.of(active));
+            if (editor.state.field(snippetState, false) === undefined) {
+                spec.effects.push(StateEffect.appendConfig.of([snippetState, addSnippetKeymap, snippetPointerHandler, baseTheme]));
+            }
+         }
+         editor.dispatch(editor.state.update(spec));
+     };
+@@ -1744,7 +1806,8 @@ const completeAnyWord = context => {
+ const defaults = {
+     brackets: ["(", "[", "{", "'", '"'],
+     before: ")]}:;>",
+-    stringPrefixes: []
+    stringPrefixes: [],
+    buildInsert: (state, range, open, close) => open + close,
+ };
+ const closeBracketEffect = /*@__PURE__*/StateEffect.define({
+     map(value, mapping) {
+@@ -1852,8 +1915,8 @@ function insertBracket(state, bracket) {
+     for (let tok of tokens) {
+         let closed = closing(codePointAt(tok, 0));
+         if (bracket == tok)
+-            return closed == tok ? handleSame(state, tok, tokens.indexOf(tok + tok + tok) > -1, conf)
+-                : handleOpen(state, tok, closed, conf.before || defaults.before);
+            return closed == tok ? handleSame(state, tok, tokens.indexOf(tok + tok) > -1, tokens.indexOf(tok + tok + tok) > -1, conf)
+                : handleOpen(state, tok, closed, conf.before || defaults.before, conf);
+         if (bracket == closed && closedBracketAt(state, state.selection.main.from))
+             return handleClose(state, tok, closed);
+     }
+@@ -1875,17 +1938,21 @@ function prevChar(doc, pos) {
+     let prev = doc.sliceString(pos - 2, pos);
+     return codePointSize(codePointAt(prev, 0)) == prev.length ? prev : prev.slice(1);
+ }
+-function handleOpen(state, open, close, closeBefore) {
+function handleOpen(state, open, close, closeBefore, config) {
+    let buildInsert = config.buildInsert || defaults.buildInsert;
+     let dont = null, changes = state.changeByRange(range => {
+        var _a;
+         if (!range.empty)
+             return { changes: [{ insert: open, from: range.from }, { insert: close, from: range.to }],
+                 effects: closeBracketEffect.of(range.to + open.length),
+                 range: EditorSelection.range(range.anchor + open.length, range.head + open.length) };
+         let next = nextChar(state.doc, range.head);
+-        if (!next || /\s/.test(next) || closeBefore.indexOf(next) > -1)
+-            return { changes: { insert: open + close, from: range.head },
+-                effects: closeBracketEffect.of(range.head + open.length),
+        if (!next || /\s/.test(next) || closeBefore.indexOf(next) > -1) {
+            const insert = (_a = buildInsert(state, range, open, close)) !== null && _a !== void 0 ? _a : open + close;
+            return { changes: { insert, from: range.head },
+                effects: insert === open ? [] : closeBracketEffect.of(range.head + open.length),
+                 range: EditorSelection.cursor(range.head + open.length) };
+        }
+         return { range: dont = range };
+     });
+     return dont ? null : state.update(changes, {
+@@ -1907,18 +1974,36 @@ function handleClose(state, _open, close) {
+ }
+ // Handles cases where the open and close token are the same, and
+ // possibly triple quotes (as in `"""abc"""`-style quoting).
+-function handleSame(state, token, allowTriple, config) {
+function handleSame(state, token, allowDouble, allowTriple, config) {
+     let stringPrefixes = config.stringPrefixes || defaults.stringPrefixes;
+    let buildInsert = config.buildInsert || defaults.buildInsert;
+     let dont = null, changes = state.changeByRange(range => {
+        var _a, _b, _c;
+         if (!range.empty)
+             return { changes: [{ insert: token, from: range.from }, { insert: token, from: range.to }],
+                 effects: closeBracketEffect.of(range.to + token.length),
+                 range: EditorSelection.range(range.anchor + token.length, range.head + token.length) };
+         let pos = range.head, next = nextChar(state.doc, pos), start;
+-        if (next == token) {
+        if (allowTriple && state.sliceDoc(pos - 2 * token.length, pos) == token + token &&
+            (start = canStartStringAt(state, pos - 2 * token.length, stringPrefixes)) > -1 &&
+            nodeStart(state, start)) {
+            return { changes: { insert: token + token + token + token, from: pos },
+                effects: closeBracketEffect.of(pos + token.length),
+                range: EditorSelection.cursor(pos + token.length) };
+        }
+        else if (allowDouble && state.sliceDoc(pos - token.length, pos) == token &&
+            (start = canStartStringAt(state, pos - token.length, stringPrefixes)) > -1 &&
+            nodeStart(state, start)) {
+            let insert = (_a = buildInsert(state, range, token, token)) !== null && _a !== void 0 ? _a : token + token;
+            return { changes: { insert, from: pos },
+                effects: insert === token ? [] : closeBracketEffect.of(pos + token.length),
+                range: EditorSelection.cursor(pos + token.length) };
+        }
+        else if (next == token) {
+             if (nodeStart(state, pos)) {
+-                return { changes: { insert: token + token, from: pos },
+-                    effects: closeBracketEffect.of(pos + token.length),
+                let insert = (_b = buildInsert(state, range, token, token)) !== null && _b !== void 0 ? _b : token + token;
+                return { changes: { insert, from: pos },
+                    effects: insert === token ? [] : closeBracketEffect.of(pos + token.length),
+                     range: EditorSelection.cursor(pos + token.length) };
+             }
+             else if (closedBracketAt(state, pos)) {
+@@ -1928,18 +2013,13 @@ function handleSame(state, token, allowTriple, config) {
+                     range: EditorSelection.cursor(pos + content.length) };
+             }
+         }
+-        else if (allowTriple && state.sliceDoc(pos - 2 * token.length, pos) == token + token &&
+-            (start = canStartStringAt(state, pos - 2 * token.length, stringPrefixes)) > -1 &&
+-            nodeStart(state, start)) {
+-            return { changes: { insert: token + token + token + token, from: pos },
+-                effects: closeBracketEffect.of(pos + token.length),
+-                range: EditorSelection.cursor(pos + token.length) };
+-        }
+         else if (state.charCategorizer(pos)(next) != CharCategory.Word) {
+-            if (canStartStringAt(state, pos, stringPrefixes) > -1 && !probablyInString(state, pos, token, stringPrefixes))
+-                return { changes: { insert: token + token, from: pos },
+-                    effects: closeBracketEffect.of(pos + token.length),
+            if (canStartStringAt(state, pos, stringPrefixes) > -1 && !probablyInString(state, pos, token, stringPrefixes)) {
+                const insert = (_c = buildInsert(state, range, token, token)) !== null && _c !== void 0 ? _c : token + token;
+                return { changes: { insert, from: pos },
+                    effects: insert === token ? [] : closeBracketEffect.of(pos + token.length),
+                     range: EditorSelection.cursor(pos + token.length) };
+            }
+         }
+         return { range: dont = range };
+     });
+@@ -2071,4 +2151,4 @@ function setSelectedCompletion(index) {
+     return setSelectedEffect.of(index);
+ }
+ 
+-export { CompletionContext, acceptCompletion, autocompletion, clearSnippet, closeBrackets, closeBracketsKeymap, closeCompletion, completeAnyWord, completeFromList, completionKeymap, completionStatus, currentCompletions, deleteBracketPair, hasNextSnippetField, hasPrevSnippetField, ifIn, ifNotIn, insertBracket, insertCompletionText, moveCompletionSelection, nextSnippetField, pickedCompletion, prevSnippetField, selectedCompletion, selectedCompletionIndex, setSelectedCompletion, snippet, snippetCompletion, snippetKeymap, startCompletion };
+export { CompletionContext, acceptCompletion, autocompletion, clearSnippet, closeBrackets, closeBracketsKeymap, closeCompletion, completeAnyWord, completeFromList, completionKeymap, completionStatus, currentCompletions, deleteBracketPair, getCompletionTooltip, hasNextSnippetField, hasPrevSnippetField, ifIn, ifNotIn, insertBracket, insertCompletionText, moveCompletionSelection, nextChar, nextSnippetField, pickedCompletion, prevChar, prevSnippetField, selectedCompletion, selectedCompletionIndex, setSelectedCompletion, snippet, snippetCompletion, snippetKeymap, startCompletion };
@@ -0,0 +1,381 @@
+diff --git a/dist/index.cjs b/dist/index.cjs
+index 46231ae..fb0f9aa 100644
+--- a/dist/index.cjs
+++ b/dist/index.cjs
+@@ -592,6 +592,7 @@ class SearchQuery {
+         this.valid = !!this.search && (!this.regexp || validRegExp(this.search));
+         this.unquoted = this.unquote(this.search);
+         this.wholeWord = !!config.wholeWord;
+        this.scope = config.scope;
+     }
+     /**
+     @internal
+@@ -606,7 +607,7 @@ class SearchQuery {
+     eq(other) {
+         return this.search == other.search && this.replace == other.replace &&
+             this.caseSensitive == other.caseSensitive && this.regexp == other.regexp &&
+-            this.wholeWord == other.wholeWord;
+            this.wholeWord == other.wholeWord && this.scope == other.scope;
+     }
+     /**
+     @internal
+@@ -631,7 +632,12 @@ class QueryType {
+     }
+ }
+ function stringCursor(spec, state, from, to) {
+-    return new SearchCursor(state.doc, spec.unquoted, from, to, spec.caseSensitive ? undefined : x => x.toLowerCase(), spec.wholeWord ? stringWordTest(state.doc, state.charCategorizer(state.selection.main.head)) : undefined);
+    const test = spec.wholeWord ? stringWordTest(state.doc, state.charCategorizer(state.selection.main.head)) : undefined;
+    const testWithinScope = (from, to, buffer, bufferPos) => {
+        return (!test || test(from, to, buffer, bufferPos))
+            && (!spec.scope || spec.scope.some(range => from >= range.from && from <= range.to && to >= range.from && to <= range.to));
+    };
+    return new SearchCursor(state.doc, spec.unquoted, from, to, spec.caseSensitive ? undefined : x => x.toLowerCase(), testWithinScope);
+ }
+ function stringWordTest(doc, categorizer) {
+     return (from, to, buf, bufPos) => {
+@@ -695,9 +701,14 @@ class StringQuery extends QueryType {
+     }
+ }
+ function regexpCursor(spec, state, from, to) {
+    const test = spec.wholeWord ? regexpWordTest(state.charCategorizer(state.selection.main.head)) : undefined;
+    const testWithinScope = (from, to, match) => {
+        return (!test || test(from, to, match))
+            && (!spec.scope || spec.scope.some(range => from >= range.from && from <= range.to && to >= range.from && to <= range.to));
+    };
+     return new RegExpCursor(state.doc, spec.search, {
+         ignoreCase: !spec.caseSensitive,
+-        test: spec.wholeWord ? regexpWordTest(state.charCategorizer(state.selection.main.head)) : undefined
+        test: testWithinScope,
+     }, from, to);
+ }
+ function charBefore(str, index) {
+@@ -737,10 +748,18 @@ class RegExpQuery extends QueryType {
+             this.prevMatchInRange(state, curTo, state.doc.length);
+     }
+     getReplacement(result) {
+-        return this.spec.unquote(this.spec.replace).replace(/\$([$&\d+])/g, (m, i) => i == "$" ? "$"
+-            : i == "&" ? result.match[0]
+-                : i != "0" && +i < result.match.length ? result.match[i]
+-                    : m);
+        return this.spec.unquote(this.spec.replace).replace(/\$([$&]|\d+)/g, (m, i) => {
+            if (i == "&")
+                return result.match[0];
+            if (i == "$")
+                return "$";
+            for (let l = i.length; l > 0; l--) {
+                let n = +i.slice(0, l);
+                if (n > 0 && n < result.match.length)
+                    return result.match[n] + i.slice(l);
+            }
+            return m;
+        });
+     }
+     matchAll(state, limit) {
+         let cursor = regexpCursor(this.spec, state, 0, state.doc.length), ranges = [];
+@@ -1227,7 +1246,9 @@ const searchExtensions = [
+ exports.RegExpCursor = RegExpCursor;
+ exports.SearchCursor = SearchCursor;
+ exports.SearchQuery = SearchQuery;
+exports.StringQuery = StringQuery;
+ exports.closeSearchPanel = closeSearchPanel;
+exports.createSearchPanel = createSearchPanel;
+ exports.findNext = findNext;
+ exports.findPrevious = findPrevious;
+ exports.getSearchQuery = getSearchQuery;
+@@ -1242,4 +1263,6 @@ exports.searchPanelOpen = searchPanelOpen;
+ exports.selectMatches = selectMatches;
+ exports.selectNextOccurrence = selectNextOccurrence;
+ exports.selectSelectionMatches = selectSelectionMatches;
+exports.selectWord = selectWord;
+ exports.setSearchQuery = setSearchQuery;
+exports.togglePanel = togglePanel;
+diff --git a/dist/index.d.cts b/dist/index.d.cts
+index 08f5696..663d192 100644
+--- a/dist/index.d.cts
+++ b/dist/index.d.cts
+@@ -1,6 +1,6 @@
+ import * as _codemirror_state from '@codemirror/state';
+ import { Text, Extension, StateCommand, EditorState, SelectionRange, StateEffect } from '@codemirror/state';
+-import { Command, KeyBinding, EditorView, Panel } from '@codemirror/view';
+import { Command, EditorView, Panel, KeyBinding } from '@codemirror/view';
+ 
+ /**
+ A search cursor provides an iterator over text matches in a
+@@ -161,6 +161,7 @@ the `"cm-selectionMatch"` class for the highlighting. When
+ itself will be highlighted with `"cm-selectionMatch-main"`.
+ */
+ declare function highlightSelectionMatches(options?: HighlightOptions): Extension;
+declare const selectWord: StateCommand;
+ /**
+ Select next occurrence of the current selection. Expand selection
+ to the surrounding word when the selection is empty.
+@@ -264,6 +265,13 @@ declare class SearchQuery {
+     */
+     readonly wholeWord: boolean;
+     /**
+    When set, only include search matches within these ranges
+    */
+    readonly scope?: Readonly<{
+        from: number;
+        to: number;
+    }[]>;
+    /**
+     Create a query object.
+     */
+     constructor(config: {
+@@ -293,6 +301,13 @@ declare class SearchQuery {
+         Enable whole-word matching.
+         */
+         wholeWord?: boolean;
+        /**
+        The ranges to match within
+        */
+        scope?: Readonly<{
+            from: number;
+            to: number;
+        }[]>;
+     });
+     /**
+     Compare this query to another query.
+@@ -307,6 +322,34 @@ declare class SearchQuery {
+         to: number;
+     }>;
+ }
+type SearchResult = typeof SearchCursor.prototype.value;
+declare abstract class QueryType<Result extends SearchResult = SearchResult> {
+    readonly spec: SearchQuery;
+    constructor(spec: SearchQuery);
+    abstract nextMatch(state: EditorState, curFrom: number, curTo: number): Result | null;
+    abstract prevMatch(state: EditorState, curFrom: number, curTo: number): Result | null;
+    abstract getReplacement(result: Result): string;
+    abstract matchAll(state: EditorState, limit: number): readonly Result[] | null;
+    abstract highlight(state: EditorState, from: number, to: number, add: (from: number, to: number) => void): void;
+}
+declare class StringQuery extends QueryType<SearchResult> {
+    constructor(spec: SearchQuery);
+    nextMatch(state: EditorState, curFrom: number, curTo: number): {
+        from: number;
+        to: number;
+    } | null;
+    private prevMatchInRange;
+    prevMatch(state: EditorState, curFrom: number, curTo: number): {
+        from: number;
+        to: number;
+    } | null;
+    getReplacement(_result: SearchResult): string;
+    matchAll(state: EditorState, limit: number): {
+        from: number;
+        to: number;
+    }[] | null;
+    highlight(state: EditorState, from: number, to: number, add: (from: number, to: number) => void): void;
+}
+ /**
+ A state effect that updates the current search query. Note that
+ this only has an effect if the search state has been initialized
+@@ -315,6 +358,7 @@ by running [`openSearchPanel`](https://codemirror.net/6/docs/ref/#search.openSea
+ once).
+ */
+ declare const setSearchQuery: _codemirror_state.StateEffectType<SearchQuery>;
+declare const togglePanel: _codemirror_state.StateEffectType<boolean>;
+ /**
+ Get the current search query from an editor state.
+ */
+@@ -353,6 +397,7 @@ Replace all instances of the search query with the given
+ replacement.
+ */
+ declare const replaceAll: Command;
+declare function createSearchPanel(view: EditorView): Panel;
+ /**
+ Make sure the search panel is open and focused.
+ */
+@@ -372,4 +417,4 @@ Default search-related key bindings.
+ */
+ declare const searchKeymap: readonly KeyBinding[];
+ 
+-export { RegExpCursor, SearchCursor, SearchQuery, closeSearchPanel, findNext, findPrevious, getSearchQuery, gotoLine, highlightSelectionMatches, openSearchPanel, replaceAll, replaceNext, search, searchKeymap, searchPanelOpen, selectMatches, selectNextOccurrence, selectSelectionMatches, setSearchQuery };
+export { RegExpCursor, SearchCursor, SearchQuery, StringQuery, closeSearchPanel, createSearchPanel, findNext, findPrevious, getSearchQuery, gotoLine, highlightSelectionMatches, openSearchPanel, replaceAll, replaceNext, search, searchKeymap, searchPanelOpen, selectMatches, selectNextOccurrence, selectSelectionMatches, selectWord, setSearchQuery, togglePanel };
+diff --git a/dist/index.d.ts b/dist/index.d.ts
+index 08f5696..663d192 100644
+--- a/dist/index.d.ts
+++ b/dist/index.d.ts
+@@ -1,6 +1,6 @@
+ import * as _codemirror_state from '@codemirror/state';
+ import { Text, Extension, StateCommand, EditorState, SelectionRange, StateEffect } from '@codemirror/state';
+-import { Command, KeyBinding, EditorView, Panel } from '@codemirror/view';
+import { Command, EditorView, Panel, KeyBinding } from '@codemirror/view';
+ 
+ /**
+ A search cursor provides an iterator over text matches in a
+@@ -161,6 +161,7 @@ the `"cm-selectionMatch"` class for the highlighting. When
+ itself will be highlighted with `"cm-selectionMatch-main"`.
+ */
+ declare function highlightSelectionMatches(options?: HighlightOptions): Extension;
+declare const selectWord: StateCommand;
+ /**
+ Select next occurrence of the current selection. Expand selection
+ to the surrounding word when the selection is empty.
+@@ -264,6 +265,13 @@ declare class SearchQuery {
+     */
+     readonly wholeWord: boolean;
+     /**
+    When set, only include search matches within these ranges
+    */
+    readonly scope?: Readonly<{
+        from: number;
+        to: number;
+    }[]>;
+    /**
+     Create a query object.
+     */
+     constructor(config: {
+@@ -293,6 +301,13 @@ declare class SearchQuery {
+         Enable whole-word matching.
+         */
+         wholeWord?: boolean;
+        /**
+        The ranges to match within
+        */
+        scope?: Readonly<{
+            from: number;
+            to: number;
+        }[]>;
+     });
+     /**
+     Compare this query to another query.
+@@ -307,6 +322,34 @@ declare class SearchQuery {
+         to: number;
+     }>;
+ }
+type SearchResult = typeof SearchCursor.prototype.value;
+declare abstract class QueryType<Result extends SearchResult = SearchResult> {
+    readonly spec: SearchQuery;
+    constructor(spec: SearchQuery);
+    abstract nextMatch(state: EditorState, curFrom: number, curTo: number): Result | null;
+    abstract prevMatch(state: EditorState, curFrom: number, curTo: number): Result | null;
+    abstract getReplacement(result: Result): string;
+    abstract matchAll(state: EditorState, limit: number): readonly Result[] | null;
+    abstract highlight(state: EditorState, from: number, to: number, add: (from: number, to: number) => void): void;
+}
+declare class StringQuery extends QueryType<SearchResult> {
+    constructor(spec: SearchQuery);
+    nextMatch(state: EditorState, curFrom: number, curTo: number): {
+        from: number;
+        to: number;
+    } | null;
+    private prevMatchInRange;
+    prevMatch(state: EditorState, curFrom: number, curTo: number): {
+        from: number;
+        to: number;
+    } | null;
+    getReplacement(_result: SearchResult): string;
+    matchAll(state: EditorState, limit: number): {
+        from: number;
+        to: number;
+    }[] | null;
+    highlight(state: EditorState, from: number, to: number, add: (from: number, to: number) => void): void;
+}
+ /**
+ A state effect that updates the current search query. Note that
+ this only has an effect if the search state has been initialized
+@@ -315,6 +358,7 @@ by running [`openSearchPanel`](https://codemirror.net/6/docs/ref/#search.openSea
+ once).
+ */
+ declare const setSearchQuery: _codemirror_state.StateEffectType<SearchQuery>;
+declare const togglePanel: _codemirror_state.StateEffectType<boolean>;
+ /**
+ Get the current search query from an editor state.
+ */
+@@ -353,6 +397,7 @@ Replace all instances of the search query with the given
+ replacement.
+ */
+ declare const replaceAll: Command;
+declare function createSearchPanel(view: EditorView): Panel;
+ /**
+ Make sure the search panel is open and focused.
+ */
+@@ -372,4 +417,4 @@ Default search-related key bindings.
+ */
+ declare const searchKeymap: readonly KeyBinding[];
+ 
+-export { RegExpCursor, SearchCursor, SearchQuery, closeSearchPanel, findNext, findPrevious, getSearchQuery, gotoLine, highlightSelectionMatches, openSearchPanel, replaceAll, replaceNext, search, searchKeymap, searchPanelOpen, selectMatches, selectNextOccurrence, selectSelectionMatches, setSearchQuery };
+export { RegExpCursor, SearchCursor, SearchQuery, StringQuery, closeSearchPanel, createSearchPanel, findNext, findPrevious, getSearchQuery, gotoLine, highlightSelectionMatches, openSearchPanel, replaceAll, replaceNext, search, searchKeymap, searchPanelOpen, selectMatches, selectNextOccurrence, selectSelectionMatches, selectWord, setSearchQuery, togglePanel };
+diff --git a/dist/index.js b/dist/index.js
+index 22172ef..08a9974 100644
+--- a/dist/index.js
+++ b/dist/index.js
+@@ -590,6 +590,7 @@ class SearchQuery {
+         this.valid = !!this.search && (!this.regexp || validRegExp(this.search));
+         this.unquoted = this.unquote(this.search);
+         this.wholeWord = !!config.wholeWord;
+        this.scope = config.scope;
+     }
+     /**
+     @internal
+@@ -604,7 +605,7 @@ class SearchQuery {
+     eq(other) {
+         return this.search == other.search && this.replace == other.replace &&
+             this.caseSensitive == other.caseSensitive && this.regexp == other.regexp &&
+-            this.wholeWord == other.wholeWord;
+            this.wholeWord == other.wholeWord && this.scope == other.scope;
+     }
+     /**
+     @internal
+@@ -629,7 +630,12 @@ class QueryType {
+     }
+ }
+ function stringCursor(spec, state, from, to) {
+-    return new SearchCursor(state.doc, spec.unquoted, from, to, spec.caseSensitive ? undefined : x => x.toLowerCase(), spec.wholeWord ? stringWordTest(state.doc, state.charCategorizer(state.selection.main.head)) : undefined);
+    const test = spec.wholeWord ? stringWordTest(state.doc, state.charCategorizer(state.selection.main.head)) : undefined;
+    const testWithinScope = (from, to, buffer, bufferPos) => {
+        return (!test || test(from, to, buffer, bufferPos))
+            && (!spec.scope || spec.scope.some(range => from >= range.from && from <= range.to && to >= range.from && to <= range.to));
+    };
+    return new SearchCursor(state.doc, spec.unquoted, from, to, spec.caseSensitive ? undefined : x => x.toLowerCase(), testWithinScope);
+ }
+ function stringWordTest(doc, categorizer) {
+     return (from, to, buf, bufPos) => {
+@@ -693,9 +699,14 @@ class StringQuery extends QueryType {
+     }
+ }
+ function regexpCursor(spec, state, from, to) {
+    const test = spec.wholeWord ? regexpWordTest(state.charCategorizer(state.selection.main.head)) : undefined;
+    const testWithinScope = (from, to, match) => {
+        return (!test || test(from, to, match))
+            && (!spec.scope || spec.scope.some(range => from >= range.from && from <= range.to && to >= range.from && to <= range.to));
+    };
+     return new RegExpCursor(state.doc, spec.search, {
+         ignoreCase: !spec.caseSensitive,
+-        test: spec.wholeWord ? regexpWordTest(state.charCategorizer(state.selection.main.head)) : undefined
+        test: testWithinScope,
+     }, from, to);
+ }
+ function charBefore(str, index) {
+@@ -735,10 +746,18 @@ class RegExpQuery extends QueryType {
+             this.prevMatchInRange(state, curTo, state.doc.length);
+     }
+     getReplacement(result) {
+-        return this.spec.unquote(this.spec.replace).replace(/\$([$&\d+])/g, (m, i) => i == "$" ? "$"
+-            : i == "&" ? result.match[0]
+-                : i != "0" && +i < result.match.length ? result.match[i]
+-                    : m);
+        return this.spec.unquote(this.spec.replace).replace(/\$([$&]|\d+)/g, (m, i) => {
+            if (i == "&")
+                return result.match[0];
+            if (i == "$")
+                return "$";
+            for (let l = i.length; l > 0; l--) {
+                let n = +i.slice(0, l);
+                if (n > 0 && n < result.match.length)
+                    return result.match[n] + i.slice(l);
+            }
+            return m;
+        });
+     }
+     matchAll(state, limit) {
+         let cursor = regexpCursor(this.spec, state, 0, state.doc.length), ranges = [];
+@@ -1222,4 +1241,4 @@ const searchExtensions = [
+     baseTheme
+ ];
+ 
+-export { RegExpCursor, SearchCursor, SearchQuery, closeSearchPanel, findNext, findPrevious, getSearchQuery, gotoLine, highlightSelectionMatches, openSearchPanel, replaceAll, replaceNext, search, searchKeymap, searchPanelOpen, selectMatches, selectNextOccurrence, selectSelectionMatches, setSearchQuery };
+export { RegExpCursor, SearchCursor, SearchQuery, StringQuery, closeSearchPanel, createSearchPanel, findNext, findPrevious, getSearchQuery, gotoLine, highlightSelectionMatches, openSearchPanel, replaceAll, replaceNext, search, searchKeymap, searchPanelOpen, selectMatches, selectNextOccurrence, selectSelectionMatches, selectWord, setSearchQuery, togglePanel };
@@ -1,7 +1,7 @@
-diff --git a/node_modules/body-parser/lib/read.js b/node_modules/body-parser/lib/read.js
+diff --git a/lib/read.js b/lib/read.js
 index fce6283..6131c31 100644
--- a/node_modules/body-parser/lib/read.js
-+++ b/node_modules/body-parser/lib/read.js
+--- a/lib/read.js
+++ b/lib/read.js
@@ -18,7 +18,7 @@ var iconv = require('iconv-lite')
 var onFinished = require('on-finished')
 var unpipe = require('unpipe')
@@ -1,7 +1,7 @@
-diff --git a/node_modules/cypress-multi-reporters/lib/MultiReporters.js b/node_modules/cypress-multi-reporters/lib/MultiReporters.js
+diff --git a/lib/MultiReporters.js b/lib/MultiReporters.js
 index 98dc4ef..b2a97bf 100644
--- a/node_modules/cypress-multi-reporters/lib/MultiReporters.js
-+++ b/node_modules/cypress-multi-reporters/lib/MultiReporters.js
+--- a/lib/MultiReporters.js
+++ b/lib/MultiReporters.js
@@ -160,7 +160,7 @@ MultiReporters.prototype.getCustomOptions = function (options) {
         debug('options file (custom)', customOptionsFile);
 
@@ -1,7 +1,7 @@
-diff --git a/node_modules/forwarded/index.js b/node_modules/forwarded/index.js
+diff --git a/index.js b/index.js
 index b2b6bdd..75e6254 100644
--- a/node_modules/forwarded/index.js
-+++ b/node_modules/forwarded/index.js
+--- a/index.js
+++ b/index.js
@@ -46,7 +46,7 @@ function forwarded (req) {
 function getSocketAddr (req) {
   return req.socket
@@ -1,7 +1,7 @@
-diff --git a/node_modules/mocha-multi-reporters/lib/MultiReporters.js b/node_modules/mocha-multi-reporters/lib/MultiReporters.js
-index d61e019..e7a9515 100644
--- a/node_modules/mocha-multi-reporters/lib/MultiReporters.js
-+++ b/node_modules/mocha-multi-reporters/lib/MultiReporters.js
+diff --git a/lib/MultiReporters.js b/lib/MultiReporters.js
+index d61e019711d5ac7f82c0fb90548bb0eb41ebbb85..e7a9515e05287621301b831191884a84d72ad0a1 100644
+--- a/lib/MultiReporters.js
+++ b/lib/MultiReporters.js
@@ -153,7 +153,7 @@ MultiReporters.prototype.getCustomOptions = function (options) {
         debug('options file (custom)', customOptionsFile);
 
@@ -1,7 +1,7 @@
-diff --git a/node_modules/multer/lib/make-middleware.js b/node_modules/multer/lib/make-middleware.js
+diff --git a/lib/make-middleware.js b/lib/make-middleware.js
 index ee50988..de77364 100644
--- a/node_modules/multer/lib/make-middleware.js
-+++ b/node_modules/multer/lib/make-middleware.js
+--- a/lib/make-middleware.js
+++ b/lib/make-middleware.js
@@ -164,7 +164,7 @@ function makeMiddleware (setup) {
       if (fieldname == null) return abortWithCode('MISSING_FIELD_NAME')
 
@@ -1,7 +1,7 @@
-diff --git a/node_modules/node-fetch/lib/index.js b/node_modules/node-fetch/lib/index.js
+diff --git a/lib/index.js b/lib/index.js
 index 567ff5d..8eb45f7 100644
--- a/node_modules/node-fetch/lib/index.js
-+++ b/node_modules/node-fetch/lib/index.js
+--- a/lib/index.js
+++ b/lib/index.js
@@ -545,8 +545,8 @@ function clone(instance) {
 		// tee instance body
 		p1 = new PassThrough();
@@ -1,7 +1,7 @@
-diff --git a/node_modules/passport-oauth2/lib/utils.js b/node_modules/passport-oauth2/lib/utils.js
+diff --git a/lib/utils.js b/lib/utils.js
 index 486f9e1..4584507 100644
--- a/node_modules/passport-oauth2/lib/utils.js
-+++ b/node_modules/passport-oauth2/lib/utils.js
+--- a/lib/utils.js
+++ b/lib/utils.js
@@ -24,7 +24,7 @@ exports.originalURL = function(req, options) {
   var trustProxy = options.proxy;
   
@@ -1,7 +1,7 @@
-diff --git a/node_modules/pdfjs-dist/build/pdf.worker.mjs b/node_modules/pdfjs-dist/build/pdf.worker.mjs
+diff --git a/build/pdf.worker.mjs b/build/pdf.worker.mjs
 index 6c5c6f1..bb6b7d1 100644
--- a/node_modules/pdfjs-dist/build/pdf.worker.mjs
-+++ b/node_modules/pdfjs-dist/build/pdf.worker.mjs
+--- a/build/pdf.worker.mjs
+++ b/build/pdf.worker.mjs
@@ -1830,7 +1830,7 @@ async function __wbg_init(module_or_path) {
     }
   }
@@ -1,12 +1,12 @@
-diff --git a/node_modules/google-gax/node_modules/retry-request/index.js b/node_modules/google-gax/node_modules/retry-request/index.js
-index 2fae107..5721c54 100644
--- a/node_modules/google-gax/node_modules/retry-request/index.js
-+++ b/node_modules/google-gax/node_modules/retry-request/index.js
+diff --git a/index.js b/index.js
+index 2fae107d03b30aff9320d135ec79c049c51f298a..32ec707ddbf8937e3e130c3deac1060c308bf439 100644
+--- a/index.js
+++ b/index.js
@@ -1,6 +1,6 @@
 'use strict';
 
 -const {PassThrough} = require('stream');
-+const { PassThrough, pipeline } = require('stream');
+const {PassThrough, pipeline} = require('stream');
 const extend = require('extend');
 
 let debug = () => {};
@@ -1,12 +1,12 @@
-diff --git a/node_modules/@google-cloud/logging/node_modules/retry-request/index.js b/node_modules/@google-cloud/logging/node_modules/retry-request/index.js
-index 2fae107..5721c54 100644
--- a/node_modules/@google-cloud/logging/node_modules/retry-request/index.js
-+++ b/node_modules/@google-cloud/logging/node_modules/retry-request/index.js
+diff --git a/index.js b/index.js
+index 298a351097d70a7fb005b6961f4d58247e391d8f..6a809ace0349d40cb2b6732ad66fd8ad208698ca 100644
+--- a/index.js
+++ b/index.js
@@ -1,6 +1,6 @@
 'use strict';
 
 -const {PassThrough} = require('stream');
-+const { PassThrough, pipeline } = require('stream');
+const {PassThrough, pipeline} = require('stream');
 const extend = require('extend');
 
 let debug = () => {};
@@ -0,0 +1,57 @@
+diff --git a/lib/sandboxed_module.js b/lib/sandboxed_module.js
+index 1cd6743..4718b97 100644
+--- a/lib/sandboxed_module.js
+++ b/lib/sandboxed_module.js
+@@ -4,7 +4,7 @@ var Module = require('module');
+ var fs = require('fs');
+ var vm = require('vm');
+ var path = require('path');
+-var builtinModules = require('./builtin_modules.json');
+var builtinModules = Module.builtinModules || require('./builtin_modules.json');
+ var parent = module.parent;
+ var globalOptions = {};
+ var registeredBuiltInSourceTransformers = ['coffee'];
+@@ -157,12 +157,20 @@ SandboxedModule.prototype._createRecursiveRequireProxy = function() {
+   var cache = Object.create(null);
+   var required = this._getRequires();
+   for (var key in required) {
+-    var injectedFilename = requireLike(this.filename).resolve(key);
+-    cache[injectedFilename] = required[key];
+    // Under Yarn PnP, resolution from a transitive dependency's context may fail
+    // for packages not declared in that dependency's package.json. Silently skip
+    // cache pre-population on failure; the mock will still be injected via the
+    // inject map in requireInterceptor or resolved via RecursiveRequireProxy fallback.
+    try {
+      var injectedFilename = requireLike(this.filename).resolve(key);
+      cache[injectedFilename] = required[key];
+    } catch (e) {}
+   }
+   cache[this.filename] = this.exports;
+   var globals = this.globals;
+ 
+  // Store the top-level module's filename for PnP fallback resolution
+  var topLevelFilename = this.filename;
+   var options;
+   if(!this._options.sourceTransformersSingleOnly && this._options.sourceTransformers){
+     options = {
+@@ -208,8 +216,18 @@ SandboxedModule.prototype._createRecursiveRequireProxy = function() {
+       if (request in cache) return cache[request];
+       return require(request);
+     }
+-    // cached modules
+-    var requestedFilename = requireLike(this.filename).resolve(request);
+    // Resolve the requested module filename.
+    // Under Yarn PnP, packages can only resolve their declared dependencies.
+    // When sandboxed-module loads a transitive dependency, the resolution context
+    // may not have access to all needed packages. Fall back to resolving from
+    // the top-level module's context (the module under test).
+    var requestedFilename;
+    try {
+      requestedFilename = requireLike(this.filename).resolve(request);
+    } catch (e) {
+      if (this.filename === topLevelFilename) throw e;
+      requestedFilename = requireLike(topLevelFilename).resolve(request);
+    }
+     if (requestedFilename in cache) return cache[requestedFilename];
+     var sandboxedModule = createInnerSandboxedModule(requestedFilename)
+     return sandboxedModule.exports;
@@ -1,7 +1,7 @@
-diff --git a/node_modules/send/index.js b/node_modules/send/index.js
+diff --git a/index.js b/index.js
 index 768f8ca..a882f4d 100644
--- a/node_modules/send/index.js
-+++ b/node_modules/send/index.js
+--- a/index.js
+++ b/index.js
@@ -788,29 +788,29 @@ SendStream.prototype.stream = function stream (path, options) {
   // pipe
   var stream = fs.createReadStream(path, options)
@@ -1,7 +1,7 @@
-diff --git a/node_modules/teeny-request/build/src/index.js b/node_modules/teeny-request/build/src/index.js
+diff --git a/build/src/index.js b/build/src/index.js
 index a101736..a87f6b9 100644
--- a/node_modules/teeny-request/build/src/index.js
-+++ b/node_modules/teeny-request/build/src/index.js
+--- a/build/src/index.js
+++ b/build/src/index.js
@@ -130,6 +130,9 @@ function createMultipartStream(boundary, multipart) {
         }
         else {
@@ -1,7 +1,7 @@
-diff --git a/node_modules/google-gax/node_modules/teeny-request/build/src/index.js b/node_modules/google-gax/node_modules/teeny-request/build/src/index.js
-index af5d15e..2b63d0c 100644
--- a/node_modules/google-gax/node_modules/teeny-request/build/src/index.js
-+++ b/node_modules/google-gax/node_modules/teeny-request/build/src/index.js
+diff --git a/build/src/index.js b/build/src/index.js
+index af5d15e260e2a47588c7c536447fe84bd3f86136..2b63d0c0b1eb6595c7a0bb314c1df792454c1a72 100644
+--- a/build/src/index.js
+++ b/build/src/index.js
@@ -115,6 +115,9 @@ function createMultipartStream(boundary, multipart) {
         }
         else {
@@ -1,7 +1,7 @@
-diff --git a/node_modules/thread-loader/dist/WorkerPool.js b/node_modules/thread-loader/dist/WorkerPool.js
-index 4145779..f0ff068 100644
--- a/node_modules/thread-loader/dist/WorkerPool.js
-+++ b/node_modules/thread-loader/dist/WorkerPool.js
+diff --git a/dist/WorkerPool.js b/dist/WorkerPool.js
+index 4145779f08eefafd0c18394806b6409c595ac5bb..aa16dd6a0f463804455164493a1e75e80cdf656a 100644
+--- a/dist/WorkerPool.js
+++ b/dist/WorkerPool.js
@@ -258,6 +258,19 @@ class PoolWorker {
           finalCallback();
           break;
@@ -22,10 +22,10 @@ index 4145779..f0ff068 100644
       case 'emitWarning':
         {
           const {
-diff --git a/node_modules/thread-loader/dist/index.js b/node_modules/thread-loader/dist/index.js
-index 75cd30f..d834af6 100644
--- a/node_modules/thread-loader/dist/index.js
-+++ b/node_modules/thread-loader/dist/index.js
+diff --git a/dist/index.js b/dist/index.js
+index 75cd30fb63dc864057c1afc866f43fc7cc0a8020..d834af6ce1e2cd4473c4ae1b325d63eb1190c17e 100644
+--- a/dist/index.js
+++ b/dist/index.js
@@ -43,6 +43,7 @@ function pitch() {
     sourceMap: this.sourceMap,
     emitError: this.emitError,
@@ -34,10 +34,10 @@ index 75cd30f..d834af6 100644
     loadModule: this.loadModule,
     resolve: this.resolve,
     getResolve: this.getResolve,
-diff --git a/node_modules/thread-loader/dist/worker.js b/node_modules/thread-loader/dist/worker.js
-index 8e67959..aca94f1 100644
--- a/node_modules/thread-loader/dist/worker.js
-+++ b/node_modules/thread-loader/dist/worker.js
+diff --git a/dist/worker.js b/dist/worker.js
+index 8e67959e4b7c9fd0db116509b1459636ba13a097..aca94f1442906baf179ada8e6a56501bbf71c480 100644
+--- a/dist/worker.js
+++ b/dist/worker.js
@@ -90,6 +90,22 @@ function writeJson(data) {
   writePipeWrite(lengthBuffer);
   writePipeWrite(messageBuffer);
@@ -0,0 +1,25 @@
+approvedGitRepositories:
+  - "**"
+
+enableGlobalCache: false
+
+enableScripts: true
+
+enableTelemetry: false
+
+nodeLinker: node-modules
+
+npmMinimalAgeGate: 3d
+
+supportedArchitectures:
+  cpu:
+    - current
+    - arm64
+    - x64
+  libc:
+    - current
+    - glibc
+  os:
+    - current
+    - darwin
+    - linux
@@ -1,80 +1,296 @@
-<h1 align="center">
-  <br>
-  <a href="https://www.overleaf.com"><img src="doc/logo.png" alt="Overleaf" width="300"></a>
-</h1>
-
-<h4 align="center">An open-source online real-time collaborative LaTeX editor.</h4>
-
 <p align="center">
-  <a href="https://github.com/overleaf/overleaf/wiki">Wiki</a> •
-  <a href="https://www.overleaf.com/for/enterprises">Server Pro</a> •
-  <a href="#contributing">Contributing</a> •
-  <a href="https://mailchi.mp/overleaf.com/community-edition-and-server-pro">Mailing List</a> •
-  <a href="#authors">Authors</a> •
-  <a href="#license">License</a>
+  <img src="services/web/public/img/ol-brand/verso-logo.svg" alt="Verso" width="440">
 </p>

-<img src="doc/screenshot.png" alt="A screenshot of a project being edited in Overleaf Community Edition">
-<p align="center">
-  Figure 1: A screenshot of a project being edited in Overleaf Community Edition.
-</p>
+**A collaborative, real-time editor for LaTeX, Quarto and Typst — self-hosted.**

-## Community Edition
+---

-[Overleaf](https://www.overleaf.com) is an open-source online real-time collaborative LaTeX editor. We run a hosted version at [www.overleaf.com](https://www.overleaf.com), but you can also run your own local version, and contribute to the development of Overleaf.
+## What is Verso?
+
+Verso is a fork of [Overleaf](https://github.com/overleaf/overleaf) that extends its
+collaborative editing infrastructure to support [Quarto](https://quarto.org) and
+[Typst](https://typst.app) projects alongside LaTeX. Think of it as Overleaf, but
+not limited to LaTeX.
+
+### Verso vs Overleaf
+
+[Overleaf](https://www.overleaf.com) is the gold standard for collaborative LaTeX
+editing. Verso keeps everything that makes Overleaf great — real-time co-editing,
+operational-transformation history, auth, project management, file storage — and
+adds:
+
+- **Quarto and Typst compilers** running alongside TeX Live, dispatched
+  automatically from the root file's extension (`.qmd` → Quarto, `.typ` → Typst,
+  `.tex` → `latexmk`).
+- **Language-aware editor** for Quarto and Typst (syntax highlighting, completions,
+  document outline) — not just LaTeX.
+- **Publish & share compiled output** (`/p/:token` with tiered access links) — a
+  feature absent from Overleaf Community Edition.
+- **Lumière theme** — a redesigned project dashboard and editor chrome with a
+  card-based grid, thumbnails, and a teal gradient identity.
+- **Full i18n** — French, German, Italian, and Spanish UI translations on top of
+  Overleaf's English base.
+- Completely **free and self-hosted**; no Overleaf subscription required.
+
+### Verso vs Quarto
+
+[Quarto](https://quarto.org) is a command-line tool: you install it locally, write
+`.qmd` files in any text editor, and run `quarto render` in a terminal. It is
+excellent for solo authors with full control over their environment.
+
+Verso wraps Quarto in a collaborative web editor:
+
+- **No local install** — Quarto, Typst, TeX Live and Python run on the server.
+- **Real-time collaboration** — multiple people edit the same `.qmd` simultaneously
+  with live cursors and conflict-free merging.
+- **Not just Quarto** — LaTeX and Typst projects live in the same workspace, under
+  the same auth and history system.
+- **Publish in one click** — RevealJS decks and PDFs are served at a stable link
+  without leaving the browser.
+
+Verso is not a replacement for Quarto's CLI — it is a platform that makes Quarto
+accessible as a shared, always-on service.
+
+### Verso vs Typst.app
+
+[Typst.app](https://typst.app) is a cloud-hosted web editor for Typst. It is
+polished and fast, but it is a proprietary SaaS product and only supports Typst.
+
+Verso differs in that:
+
+- It is **self-hosted** and open-source (AGPL v3) — you control your data.
+- It supports **three languages** (Typst, LaTeX, Quarto) in one instance.
+- Real-time collaboration is powered by **operational transformation** (the same
+  engine as Overleaf), not CRDTs, which means it handles concurrent edits
+  gracefully for long documents.
+- It ships with a full **project history** and version-restore workflow.
+
+If you only need Typst and want a lighter, Typst-focused alternative, have a look
+at **[Collabst](https://github.com/herluf-ba/collabst)** — an open-source,
+self-hosted collaborative Typst editor that is independent of the Overleaf
+codebase and shows a lot of promise.
+
+---
+
+## Features
+
+- **Real-time collaboration** — multiple editors, live cursors, full project history and version restore.
+- **Three compilers, auto-dispatched** by root file extension:
+  | Root file | Compiler | Typical output |
+  |-----------|----------|----------------|
+  | `.qmd` | Quarto | PDF (via Typst or LaTeX), HTML, or RevealJS |
+  | `.tex` | `latexmk` / TeX Live | PDF |
+  | `.typ` | Typst | PDF |
+- **Language-aware editor for all three** — syntax highlighting, completions, and a document outline panel for LaTeX, Quarto and Typst.
+- **Format badge** on the project dashboard; compiler dropdown greys out inapplicable engines.
+- **Publish & share** — compile and snapshot to `/p/:token` with three independent access tiers (project members / any logged-in user / public). HTML/RevealJS decks are served live; PDFs are embedded inline. A **Present** toolbar button links directly to the published deck.
+- **RevealJS thumbnails** — the first slide of a presentation is rendered as a preview card in the project list.
+- **Quarto Python cells** — optional per-project virtual environment built from `requirements.txt`, so Python code chunks execute during render.
+- **Visual formatting toolbar** — bold, italic, headings and inline code shortcuts for Quarto (`.qmd`) and Typst (`.typ`) files, in addition to Overleaf's existing LaTeX toolbar.
+- **Lumière theme** — card-based project dashboard with PDF/slide thumbnails, a teal gradient identity, dark editor chrome, and an XS compact list view.
+- **i18n** — French, German, Italian and Spanish UI translations.
+- **Auto-compile** — preview refreshes automatically after you stop typing.
+
+---
+
+## Releases
+
+### Alpha 1
+
+The initial public release. Established Verso as an Overleaf fork with first-class
+multi-language support:
+
+- Quarto (`.qmd`) and Typst (`.typ`) compilers running alongside TeX Live,
+  dispatched automatically by root file extension — no per-project configuration.
+- Language-aware editor for Quarto: Markdown highlighting, code-chunk completions
+  (`{python}`, `{r}`, `{julia}`, `{ojs}`…), callout and fenced-div completions,
+  cross-reference completions (`@fig-`, `@tbl-`, `@sec-`…).
+- Language-aware editor for Typst: syntax highlighting and completions for
+  functions, imports, math and markup.
+- Document outline panel for all three languages (LaTeX `\section`, Quarto `#`,
+  Typst `=`).
+- Format badge on the project dashboard; compiler selector greys out inapplicable
+  engines for the current root file.
+- Publish & share compiled output — HTML/RevealJS decks and PDFs hosted at
+  `/p/:token` with tiered access links (project / logged-in / public), each
+  independently resettable.
+- Quarto Python code-cell execution via an optional per-project `requirements.txt`
+  virtual environment.
+- Verso branding: name, logo and Kubernetes production deploy workflow.
+
+### Alpha 2
+
+Refinements to the Typst editor and the format badge system:
+
+- **Quarto format sub-types** — the project badge now distinguishes *Quarto PDF*
+  from *Quarto Slides*, reading the frontmatter `format:` to pick the right label.
+- **Python packages for collaborators** — Quarto Python package installation
+  extended to all users who have write access to the project, not only the owner.
+- **Typst syntax highlighting overhaul** — complete grammar rewrite covering:
+  function calls and named argument keys, multi-line display math, `#{…}` code
+  blocks, content blocks, `show`-rule bodies, `let`-value bindings, and keyword
+  vs identifier disambiguation.
+- **Typst visual formatting** — bold and italic toolbar buttons and keyboard
+  shortcuts (`Ctrl+B`, `Ctrl+I`), plus underline, small-caps and hyperlink
+  buttons, matching the Quarto and LaTeX toolbar experience.
+
+### Alpha 3
+
+- **Lumière theme** — redesigned project dashboard with a card grid, PDF/slide
+  thumbnails, parallax hover effects, a teal gradient identity and a dark editor
+  chrome. Includes an XS compact list view and a tile zoom slider.
+- **Full i18n** — French, German, Italian and Spanish translations covering the
+  complete UI (login, dashboard, editor, settings, emails).
+- **Visual editors for Quarto and Typst** — bold, italic, headings and inline code
+  shortcuts in the toolbar for `.qmd` and `.typ` files.
+- **Top/bottom split view** — new editor layout that stacks the source editor
+  above the PDF preview vertically, in addition to the existing side-by-side mode.
+- **Bidirectional format export** — LaTeX projects can be converted to Typst and
+  Typst projects to LaTeX via pandoc. Available from the File menu in the editor.
+- **Mobile layout** — project dashboard, search bar, footer and editor all
+  adapted for phone screen sizes.
+
+---
+
+## Known issues
+
+- **Large file upload timeouts** — uploads of large files on slow connections
+  can time out at the proxy layer. A streaming response fix is pending.
+
+---
+
+## Security model — trusted environments only

 > [!CAUTION]
-> Overleaf Community Edition is intended for use in environments where **all** users are trusted. Community Edition is **not** appropriate for scenarios where isolation of users is required due to Sandbox Compiles not being available. When not using Sandboxed Compiles, users have full read and write access to the `sharelatex` container resources (filesystem, network, environment variables) when running LaTeX compiles.
+> Verso is designed for **closed groups of trusted users** (a lab, a class, a
+> small team). All three compilers can execute arbitrary code on the server:
+>
+> - LaTeX with shell-escape enabled can run system commands.
+> - Quarto Python cells execute Python code directly.
+> - Typst's scripting layer is sandboxed by design, but runs server-side.
+>
+> There is **no per-project sandbox or resource isolation** beyond what the
+> operating system provides. Exposing Verso to the public internet with open
+> registration is not recommended. If you need to host a collaborative
+> LaTeX editor for untrusted users or at scale, look at
+> [Overleaf's non-Community offerings](https://www.overleaf.com/for/enterprises),
+> which include proper sandboxing and enterprise access controls.

-For more information on Sandbox Compiles check out our [documentation](https://docs.overleaf.com/on-premises/configuration/overleaf-toolkit/server-pro-only-configuration/sandboxed-compiles).
+---

-## Enterprise
+## Quick start

-If you want help installing and maintaining Overleaf in your lab or workplace, we offer an officially supported version called [Overleaf Server Pro](https://www.overleaf.com/for/enterprises). It also includes more features for security (SSO with LDAP or SAML), administration and collaboration (e.g. tracked changes). [Find out more!](https://www.overleaf.com/for/enterprises)
+### With Docker

-## Keeping up to date
+```bash
+docker run -d \
+  -p 80:80 \
+  -v ~/verso_data:/var/lib/overleaf \
+  --name verso \
+  registry.alocoq.fr/verso:latest
+```

-Sign up to the [mailing list](https://mailchi.mp/overleaf.com/community-edition-and-server-pro) to get updates on Overleaf releases and development.
+Open `http://localhost`, then visit `/launchpad` on first run to create the admin
+account.

-## Installation
+### Build from source

-We have detailed installation instructions in the [Overleaf Toolkit](https://github.com/overleaf/toolkit/).
+```bash
+cd server-ce
+make build-base        # base OS image: system deps, Quarto, Typst, TeX Live
+make build-community   # application image: Node services + compiled frontend
+```

-## Upgrading
+| File | Purpose |
+|------|---------|
+| `server-ce/Dockerfile-base` | Base image — system deps, Quarto (with Typst) and TeX Live |
+| `server-ce/Dockerfile` | App image — Node services and the compiled React frontend |

-If you are upgrading from a previous version of Overleaf, please see the [Release Notes section on the Wiki](https://github.com/overleaf/overleaf/wiki#release-notes) for all of the versions between your current version and the version you are upgrading to.
+---

-## Overleaf Docker Image
+## Architecture

-This repo contains two dockerfiles, [`Dockerfile-base`](server-ce/Dockerfile-base), which builds the
-`sharelatex/sharelatex-base` image, and [`Dockerfile`](server-ce/Dockerfile) which builds the
-`sharelatex/sharelatex` (or "community") image.
+Verso is a microservices monorepo (Yarn workspaces). All services run inside a
+single container managed by `runit`, with `nginx` as the front router.

-The Base image generally contains the basic dependencies like `wget`, plus `texlive`.
-We split this out because it's a pretty heavy set of
-dependencies, and it's nice to not have to rebuild all of that every time.
+```
+browser ──→ nginx:80
+              ├── / ──────────────────→ web:4000         (main app, React UI)
+              ├── /socket.io ──────────→ real-time:3026   (WebSocket, OT engine)
+              ├── /p/:token ───────────→ web              (published output)
+              └── /project/*/output/* → clsi-nginx:8080   (compiled output files)

-The `sharelatex/sharelatex` image extends the base image and adds the actual Overleaf code
-and services.
+web → document-updater → Redis pub/sub → real-time → browser
+web → CLSI (quarto render / latexmk / typst) → output files → nginx → browser
+```

-Use `make build-base` and `make build-community` from `server-ce/` to build these images.
+| Service | Role |
+|---------|------|
+| `web` | HTTP API, React frontend, auth, project & sharing management |
+| `real-time` | WebSocket layer, live cursors and edit sync |
+| `document-updater` | Operational transformation, Redis pub/sub |
+| `clsi` | Compiler — runs `quarto render`, `latexmk` or `typst` and serves output |
+| `docstore` | Document text storage (MongoDB) |
+| `filestore` | Binary file storage (S3 or local) |
+| `project-history` | Change history and version tracking |

-We use the [Phusion base-image](https://github.com/phusion/baseimage-docker)
-(which is extended by our `base` image) to provide us with a VM-like container
-in which to run the Overleaf services. Baseimage uses the `runit` service
-manager to manage services, and we add our init-scripts from the `server-ce/runit`
-folder.
+---

-## Contributing
+## Environment variables

-Please see the [CONTRIBUTING](CONTRIBUTING.md) file for information on contributing to the development of Overleaf.
+Verso inherits all of Overleaf's environment variables (prefixed `OVERLEAF_`).
+The most commonly needed:

-## Authors
+| Variable | Default | Description |
+|----------|---------|-------------|
+| `OVERLEAF_APP_NAME` | `Verso` | Name shown in the UI |
+| `OVERLEAF_NAV_TITLE` | — | Instance name/version shown in the top bar |
+| `OVERLEAF_MONGO_URL` | `mongodb://mongo/sharelatex` | MongoDB connection string |
+| `OVERLEAF_REDIS_HOST` | `localhost` | Redis host |
+| `OVERLEAF_SITE_URL` | — | Public URL (used in emails and published links) |
+| `OVERLEAF_SITE_LANGUAGE` | `en` | Default UI language (e.g. `fr`) |
+| `OVERLEAF_ENABLE_PROJECT_PYTHON_VENV` | `false` | Allow Quarto Python cells to use a project `requirements.txt` |
+| `OVERLEAF_ADMIN_EMAIL` | — | Email shown on the launchpad for the first admin account |

-[The Overleaf Team](https://www.overleaf.com/about)
+See the [Overleaf Server documentation](https://github.com/overleaf/overleaf/wiki)
+for the full list.
+
+---
+
+## Relation to Overleaf
+
+Verso is a fork of [Overleaf Community Edition](https://github.com/overleaf/overleaf).
+Everything that Overleaf CE provides — real-time collaboration, operational-transformation
+history, auth, project management, binary file storage — is inherited unchanged. The
+Verso-specific additions are listed in the Features section and tracked across releases above.
+
+Verso is not affiliated with Overleaf Ltd.
+
+---
+
+## Supporting the ecosystem
+
+Verso is not accepting contributions or donations at this time. If you find it
+useful and want to support the broader ecosystem it builds on:
+
+- **Support Overleaf** — Verso is built on Overleaf's infrastructure. The best
+  way to support their work is to use or subscribe to
+  [Overleaf](https://www.overleaf.com) and encourage your institution to do the
+  same.
+- **Support Typst** — [Typst GmbH](https://typst.app) is the company behind the
+  Typst compiler. Using Typst.app or sponsoring the
+  [Typst project on GitHub](https://github.com/typst/typst) helps sustain the
+  language itself.
+- **Support RevealJS** — Verso uses [Reveal.js](https://revealjs.com) for
+  HTML presentations. Consider sponsoring the
+  [RevealJS project on GitHub](https://github.com/hakimel/reveal.js).
+
+---

 ## License

-The code in this repository is released under the GNU AFFERO GENERAL PUBLIC LICENSE, version 3. A copy can be found in the [`LICENSE`](LICENSE) file.
+GNU Affero General Public License v3 — see [LICENSE](LICENSE).

-Copyright (c) Overleaf, 2014-2025.
+Copyright © Overleaf, 2014–2026 (original code).  
+Verso modifications © Aloïs Coquillard, 2026.
@@ -0,0 +1,50 @@
+# Verso — Next Alpha Roadmap
+
+Ideas and features deferred from the current alpha.
+
+---
+
+## Next alpha (post-current)
+
+### Typst editing experience (inspired by Collabst)
+
+- **typst.ts WASM preview** — Run the Typst compiler in the browser via
+  WebAssembly (typst.ts). This would give instant, sub-second preview
+  without a server round-trip, and would eliminate the entire class of
+  race conditions in the CLSI watcher (files written → typst compiles →
+  resolver missed). Could coexist with the CLSI watcher for PDF export
+  while using the WASM path for live preview.
+
+- **Tinymist LSP integration** — Wire up
+  [Tinymist](https://github.com/Myriad-Dreamin/tinymist) (the Typst
+  language server) behind a WebSocket proxy. Would give Typst files
+  first-class autocomplete, hover docs, go-to-definition, and inline
+  error diagnostics — the main editing comfort gap vs. a native editor.
+
+### Editor UX for non-LaTeX formats (.typ, .qmd, .md)
+
+- **Visual/rich-text editing mode** — A toggle between raw source and a
+  rendered-in-place view for `.typ`, `.qmd`, and `.md` files (similar to
+  Overleaf's rich-text mode for LaTeX). Users who don't know Typst or
+  Markdown syntax should be able to edit content without seeing markup.
+  CodeMirror 6 already supports this pattern via a custom `NodeView` layer
+  or a separate Prosemirror bridge.
+
+- **Toolbar / insertion shortcuts** — A formatting toolbar and keyboard
+  shortcuts for common operations, adapted per file type:
+  - **All formats**: bold, italic, underline, headings, bullet/numbered
+    lists, inline code, links.
+  - **Quarto / Markdown**: insert image, insert table, insert code block
+    with language tag.
+  - **Quarto RevealJS**: insert slide divider (`---`), insert speaker
+    notes (`::: notes`), insert columns layout, insert video embed
+    (using Quarto's `{{< video >}}` shortcode).
+
+### AI writing assistant
+
+- **In-editor AI assistant** — Inline writing help similar to what Overleaf
+  and CoCalc offer: suggest completions, rephrase selections, explain LaTeX
+  errors, and generate boilerplate (figures, tables, equations). Should work
+  across all three formats (`.tex`, `.typ`, `.qmd`). Backend would proxy
+  requests to a configurable model API (Claude, OpenAI-compatible) so
+  self-hosters can bring their own key.
@@ -59,7 +59,6 @@ each service:
 | `web`              | 9229 |
 | `clsi`             | 9230 |
 | `chat`             | 9231 |
-| `contacts`         | 9232 |
 | `docstore`         | 9233 |
 | `document-updater` | 9234 |
 | `filestore`        | 9235 |
@@ -1,7 +1,6 @@
 CHAT_HOST=chat
 CLSI_HOST=clsi
 DOWNLOAD_HOST=clsi-nginx
-CONTACTS_HOST=contacts
 DOCSTORE_HOST=docstore
 DOCUMENT_UPDATER_HOST=document-updater
 FILESTORE_HOST=filestore
@@ -21,17 +21,6 @@ services:
      - ../services/chat/app.js:/overleaf/services/chat/app.js
      - ../services/chat/config:/overleaf/services/chat/config

-  contacts:
-    command: ["node", "--watch", "app.js"]
-    environment:
-      - NODE_OPTIONS=--inspect=0.0.0.0:9229
-    ports:
-      - "127.0.0.1:9232:9229"
-    volumes:
-      - ../services/contacts/app:/overleaf/services/contacts/app
-      - ../services/contacts/app.js:/overleaf/services/contacts/app.js
-      - ../services/contacts/config:/overleaf/services/contacts/config
-
  docstore:
    command: ["node", "--watch", "app.js"]
    environment:
@@ -45,13 +45,6 @@ services:
      - ${PWD}/output:/output:ro
      - ../services/clsi/nginx.conf:/etc/nginx/conf.d/nginx.conf:ro

-  contacts:
-    build:
-      context: ..
-      dockerfile: services/contacts/Dockerfile
-    env_file:
-      - dev.env
-
  docstore:
    build:
      context: ..
@@ -161,7 +154,6 @@ services:
      - redis
      - chat
      - clsi
-      - contacts
      - docstore
      - document-updater
      - filestore
@@ -103,7 +103,7 @@ services:

  mongo:
    restart: always
-    image: mongo:6.0
+    image: mongo:8.0
    container_name: mongo
    command: "--replSet overleaf"
    volumes:
@@ -1,7 +1,13 @@
-FROM cypress/included:13.13.2
+FROM cypress/included:15.12.0
 ARG USER_UID=1000
 ARG USER_GID=1000

+# Corepack setup, shared between all the images.
+ENV PATH="/overleaf/node_modules/.bin:$PATH"
+ENV COREPACK_HOME=/opt/corepack
+RUN corepack enable && corepack install -g yarn@4.14.1
+ENV COREPACK_ENABLE_NETWORK=0
+
 WORKDIR /overleaf

 RUN sed -i s/node:x:1000:/node:x:${USER_GID}:/ /etc/group \
@@ -0,0 +1,100 @@
+# Design: per-project Python dependencies (cached virtualenv)
+
+Status: **Phase 1 implemented** (gated behind `OVERLEAF_ENABLE_PROJECT_PYTHON_VENV`,
+on in the deployment). Network egress policy and venv eviction (Phases 2–3)
+remain. Captures the plan for letting Quarto `{python}` cells use libraries
+beyond the curated base set.
+
+## What ships in Phase 1
+
+- A project root `requirements.vrf` is installed into a venv cached by its
+  sha256, created with `python3 -m venv --system-site-packages`; `QuartoRunner`
+  points Quarto at it via `QUARTO_PYTHON`. A per-hash `flock` serialises
+  concurrent builds; pip output is merged into `output.log`; on failure the
+  render falls back to the base interpreter (and the missing-package message
+  surfaces). Venvs live under `PYTHON_VENVS_DIR`
+  (default `/var/lib/overleaf/data/python-venvs`).
+- Gated by `userCanInstallPython` (`PythonVenvGate.mjs`) to the project owner +
+  invited collaborators (any role) — never anonymous / link-sharing users —
+  threaded to CLSI as `allowPythonInstall` on the editor compile, presentation
+  export, and publish paths.
+
+### Known Phase-1 limitations
+
+- The first build of a heavy `requirements.vrf` runs within the compile
+  timeout; a very large install can be killed and retried next compile (the
+  venv is only marked complete on success).
+- No egress restriction yet (Phase 2) — installs reach PyPI directly.
+- No eviction yet (Phase 3) — venvs accumulate under `PYTHON_VENVS_DIR`.
+
+## Background
+
+Quarto executes `` ```{python} `` cells through a Jupyter kernel. The base image
+([`server-ce/Dockerfile-base`](../server-ce/Dockerfile-base)) bundles a curated
+scientific stack (numpy, pandas, scipy, matplotlib, seaborn, scikit-learn,
+sympy, plotly, tabulate). Anything outside that set currently fails the render
+with `ModuleNotFoundError`.
+
+As a first step that already shipped, the Quarto log parser
+([`quarto-log-parser.ts`](../services/web/frontend/js/ide/log-parser/quarto-log-parser.ts))
+turns a missing-package traceback into an actionable message. This document is
+the *next* step: letting a project declare and install its own dependencies.
+
+**Key constraint:** the instance runs with anonymous read+write enabled
+(`OVERLEAF_ALLOW_ANONYMOUS_READ_AND_WRITE_SHARING=true`), so compiles can be
+triggered by untrusted users. Installing arbitrary packages is therefore a
+security decision, not just a convenience.
+
+## Mechanism
+
+1. **Declaration.** A standard `requirements.vrf` at the project root opts the
+   project in (familiar, Quarto-agnostic, supports version pinning).
+2. **Keying.** CLSI hashes `sha256(requirements.vrf + python version)`. The hash
+   names a venv directory on a **persistent volume**, e.g.
+   `…/data/python-venvs/<hash>/`. Identical dependency sets share one venv across
+   projects and compiles.
+3. **Build-if-missing.** `python3 -m venv --system-site-packages <dir>` (so the
+   bundled stack stays visible and only the *extra* deps are installed — smaller
+   and faster), then `<dir>/bin/pip install -r requirements.vrf`. Guard with a
+   per-hash `flock` so concurrent compiles don't build the same venv twice.
+4. **Point Quarto at it.** Set `QUARTO_PYTHON=<dir>/bin/python3` in the render
+   environment (threaded web → CLSI exactly like `exportMode`). With
+   `--system-site-packages`, `ipykernel` from the base is importable, so the
+   kernel runs in that interpreter with base + project packages.
+
+## Guard rails
+
+- **Auth gating.** Only run the install path for **logged-in owner/collaborator**
+  compiles. Anonymous-link compiles use the plain base interpreter and never
+  trigger installs. Web decides and passes a boolean to CLSI; default-deny.
+- **Network egress.** The compile environment must reach PyPI to install.
+  Restrict egress to PyPI / an internal mirror only (k8s NetworkPolicy + pip
+  `--index-url`), not arbitrary hosts.
+- **Resource caps.** Install timeout, venv size cap, max package count; surface
+  overruns as a clear log error.
+- **Trust boundary.** Even gated, a trusted user installing packages is
+  arbitrary code execution in the sandbox. Containment stays the CLSI container
+  + resource limits + egress policy. This is owner-trust-level by design.
+
+## Lifecycle
+
+- **Eviction.** `touch` the venv on use; an LRU cleanup job prunes the oldest
+  venvs when the volume exceeds a size budget.
+- **Failure UX.** pip errors flow into the log panel (reusing the friendly-error
+  pattern) showing pip's output.
+
+## Rollout
+
+- **Phase 1.** Detection + `flock` venv build + `QUARTO_PYTHON`, behind a
+  settings flag (default **off**), gated to logged-in owner, dev volume.
+- **Phase 2.** Egress NetworkPolicy + index pinning + eviction job.
+- **Phase 3.** Nicer pip-error surfacing + a small project-settings UI
+  affordance.
+
+## Open decisions
+
+- `requirements.vrf` vs a frontmatter field vs both?
+- Shared global venv volume vs per-user namespacing (sharing is cheaper;
+  per-user is stricter isolation)?
+- Allow native/compiled wheels (broader support) vs wheels-only/no-build
+  (tighter security)?
@@ -1,7 +1,7 @@
 let reporterOptions = {}
 if (process.env.CI) {
  reporterOptions = {
-    reporter: '/overleaf/node_modules/mocha-multi-reporters',
+    reporter: require.resolve('mocha-multi-reporters'),
    'reporter-options': ['configFile=./test/mocha-multi-reporters.cjs'],
  }
 }
@@ -5,5 +5,6 @@ access-token-encryptor
 --esmock-loader=False
 --is-library=True
 --node-version=24.14.1
+--package-name=@overleaf/access-token-encryptor
 --pipeline-owner=32
 --public-repo=False
@@ -4,17 +4,17 @@
  "description": "",
  "main": "index.js",
  "scripts": {
-    "test": "npm run lint && npm run types:check && npm run test:unit",
+    "test": "yarn run lint && yarn run types:check && yarn run test:unit",
    "lint": "eslint --cache --cache-location ../../node_modules/.cache/eslint/ --ext .cjs,.js,.jsx,.mjs,.ts --max-warnings 0 --format unix .",
    "lint:fix": "eslint --cache --cache-location ../../node_modules/.cache/eslint/ --fix --ext .cjs,.js,.jsx,.mjs,.ts .",
-    "test:ci": "npm run test:unit",
+    "test:ci": "yarn run test:unit",
    "test:unit": "mocha --exit test/**/*.{js,cjs}",
    "types:check": "tsc --noEmit"
  },
  "author": "",
  "license": "AGPL-3.0-only",
  "dependencies": {
-    "lodash": "^4.17.21"
+    "lodash": "^4.18.1"
  },
  "devDependencies": {
    "chai": "^4.3.6",
@@ -1,4 +1,10 @@
+const pkg = require('./package.json')
+
 module.exports = {
+  meta: {
+    name: pkg.name,
+    version: pkg.version,
+  },
  rules: {
    'no-unnecessary-trans': require('./no-unnecessary-trans'),
    'prefer-kebab-url': require('./prefer-kebab-url'),
@@ -8,5 +14,6 @@ module.exports = {
    'require-vi-doMock-valid-path': require('./require-vi-doMock-valid-path'),
    'require-loading-label': require('./require-loading-label'),
    'require-cio-snake-case-properties': require('./require-cio-snake-case-properties'),
+    'no-throw-in-callback': require('./no-throw-in-callback'),
  },
 }
@@ -0,0 +1,52 @@
+const CALLBACK_PARAM_NAMES = new Set(['cb', 'callback', 'done', 'next'])
+
+function isCallbackParam(param) {
+  return (
+    param && param.type === 'Identifier' && CALLBACK_PARAM_NAMES.has(param.name)
+  )
+}
+
+module.exports = {
+  meta: {
+    type: 'error',
+    docs: {
+      description: 'Disallow throw statements inside callback-based functions',
+    },
+    messages: {
+      noThrowInCallback:
+        'Pass the error to the callback instead of throwing in callback-based code.',
+    },
+  },
+  create(context) {
+    // Stack tracks whether each enclosing function is a callback-style function.
+    // A callback-style function is non-async and has a last param named cb/callback/done/next.
+    const stack = []
+
+    function enterFunction(node) {
+      const params = node.params
+      const isCallback =
+        !node.async &&
+        params.length > 0 &&
+        isCallbackParam(params[params.length - 1])
+      stack.push(isCallback)
+    }
+
+    function exitFunction() {
+      stack.pop()
+    }
+
+    return {
+      FunctionDeclaration: enterFunction,
+      'FunctionDeclaration:exit': exitFunction,
+      FunctionExpression: enterFunction,
+      'FunctionExpression:exit': exitFunction,
+      ArrowFunctionExpression: enterFunction,
+      'ArrowFunctionExpression:exit': exitFunction,
+      ThrowStatement(node) {
+        if (stack[stack.length - 1]) {
+          context.report({ node, messageId: 'noThrowInCallback' })
+        }
+      },
+    }
+  },
+}
@@ -5,11 +5,13 @@
  "license": "AGPL-3.0-only",
  "main": "index.js",
  "dependencies": {
-    "eslint": "^8.51.0",
-    "lodash": "^4.17.21"
+    "lodash": "^4.18.1"
  },
  "devDependencies": {
-    "@typescript-eslint/parser": "^8.50.0"
+    "@typescript-eslint/parser": "^8.59.4"
+  },
+  "peerDependencies": {
+    "eslint": "^10.4.0"
  },
  "scripts": {
    "test": "node rules.test.js"
@@ -22,7 +22,7 @@ module.exports = {
    },
  },
  create(context) {
-    const currentFilePath = context.getFilename()
+    const currentFilePath = context.filename
    // ESLint can sometimes pass <text> or <input> for snippets not in a file
    if (currentFilePath === '<text>' || currentFilePath === '<input>') {
      return {}
@@ -81,9 +81,10 @@ module.exports = {
            typeof firstArg.value !== 'string'
          ) {
            if (firstArg.type === 'Identifier') {
-              const variable = context
-                .getScope()
-                .variables.find(v => v.name === firstArg.name)
+              const scope = context.sourceCode.getScope(node)
+              const variable = scope.variables.find(
+                v => v.name === firstArg.name
+              )
              if (
                variable &&
                variable.defs.length > 0 &&
@@ -1,4 +1,6 @@
 const { RuleTester } = require('eslint')
+const tsParser = require('@typescript-eslint/parser')
+const noThrowInCallback = require('./no-throw-in-callback')
 const preferKebabUrl = require('./prefer-kebab-url')
 const noUnnecessaryTrans = require('./no-unnecessary-trans')
 const shouldUnescapeTrans = require('./should-unescape-trans')
@@ -7,10 +9,10 @@ const viDoMockValidPath = require('./require-vi-doMock-valid-path')
 const requireCioSnakeCaseProperties = require('./require-cio-snake-case-properties')

 const ruleTester = new RuleTester({
-  parser: require.resolve('@typescript-eslint/parser'),
-  parserOptions: {
+  languageOptions: {
+    parser: tsParser,
    ecmaVersion: 'latest',
-    ecmaFeatures: { jsx: true },
+    parserOptions: { ecmaFeatures: { jsx: true } },
  },
 })

@@ -32,19 +34,27 @@ ruleTester.run('prefer-kebab-url', preferKebabUrl, {
  invalid: [
    {
      code: `app.get('/fooBar')`,
-      errors: [{ message: 'Route path should be in kebab-case.' }],
+      errors: [
+        { message: 'Route path should be in kebab-case.', suggestions: 1 },
+      ],
    },
    {
      code: `app.get('/fooBar/:id')`,
-      errors: [{ message: 'Route path should be in kebab-case.' }],
+      errors: [
+        { message: 'Route path should be in kebab-case.', suggestions: 1 },
+      ],
    },
    {
      code: `webRouter.get('/foo_bar/:id/FooBar/:name/fooBar')`,
-      errors: [{ message: 'Route path should be in kebab-case.' }],
+      errors: [
+        { message: 'Route path should be in kebab-case.', suggestions: 1 },
+      ],
    },
    {
      code: `router.get(/^\\/downLoad\\/pro-ject\\/([^/]*)\\/OutPut\\/out-put\\.pdf$/)`,
-      errors: [{ message: 'Route path should be in kebab-case.' }],
+      errors: [
+        { message: 'Route path should be in kebab-case.', suggestions: 1 },
+      ],
    },
  ],
 })
@@ -152,6 +162,7 @@ ruleTester.run('domock-require-valid-path', viDoMockValidPath, {
        {
          message:
            'The path "./require-vi-doMock-valid-path2" in vi.doMock() cannot be resolved relative to the current file.',
+          suggestions: [],
        },
      ],
    },
@@ -162,6 +173,7 @@ ruleTester.run('domock-require-valid-path', viDoMockValidPath, {
        {
          message:
            'The first argument of vi.doMock() must be (or resolve to) a string literal representing a path.',
+          suggestions: [],
        },
      ],
    },
@@ -267,3 +279,53 @@ ruleTester.run(
    ],
  }
 )
+
+const noThrowInCallbackMessage =
+  'Pass the error to the callback instead of throwing in callback-based code.'
+ruleTester.run('no-throw-in-callback', noThrowInCallback, {
+  valid: [
+    // Calling the callback with an error is fine
+    { code: `function foo(cb) { cb(new Error()) }` },
+    // async functions may throw (they return a rejected promise)
+    { code: `async function foo(cb) { throw new Error() }` },
+    // Last param not a callback name — not a callback-style function
+    { code: `function foo(data) { throw new Error() }` },
+    // No params at all
+    { code: `function foo() { throw new Error() }` },
+    // throw inside a nested non-callback function is fine
+    { code: `function foo(cb) { [1].map(function() { throw new Error() }) }` },
+    // throw inside a nested async arrow is fine
+    { code: `function foo(cb) { [1].map(async () => { throw new Error() }) }` },
+  ],
+  invalid: [
+    {
+      code: `function foo(cb) { throw new Error() }`,
+      errors: [{ message: noThrowInCallbackMessage }],
+    },
+    {
+      code: `function foo(callback) { throw new Error() }`,
+      errors: [{ message: noThrowInCallbackMessage }],
+    },
+    {
+      code: `function foo(done) { throw new Error() }`,
+      errors: [{ message: noThrowInCallbackMessage }],
+    },
+    {
+      code: `function foo(next) { throw new Error() }`,
+      errors: [{ message: noThrowInCallbackMessage }],
+    },
+    {
+      code: `function foo(data, cb) { throw new Error() }`,
+      errors: [{ message: noThrowInCallbackMessage }],
+    },
+    {
+      code: `const foo = (cb) => { throw new Error() }`,
+      errors: [{ message: noThrowInCallbackMessage }],
+    },
+    // throw in a nested callback-style function inside another callback function
+    {
+      code: `function foo(cb) { bar(function(done) { throw new Error() }) }`,
+      errors: [{ message: noThrowInCallbackMessage }],
+    },
+  ],
+})
@@ -1,7 +1,7 @@
 let reporterOptions = {}
 if (process.env.CI) {
  reporterOptions = {
-    reporter: '/overleaf/node_modules/mocha-multi-reporters',
+    reporter: require.resolve('mocha-multi-reporters'),
    'reporter-options': ['configFile=./test/mocha-multi-reporters.cjs'],
  }
 }
@@ -5,5 +5,6 @@ fetch-utils
 --esmock-loader=False
 --is-library=True
 --node-version=24.14.1
+--package-name=@overleaf/fetch-utils
 --pipeline-owner=32
 --public-repo=False
@@ -4,10 +4,10 @@
  "description": "utilities for node-fetch",
  "main": "index.js",
  "scripts": {
-    "test": "npm run lint && npm run types:check && npm run test:unit",
+    "test": "yarn run lint && yarn run types:check && yarn run test:unit",
    "lint": "eslint --cache --cache-location ../../node_modules/.cache/eslint/ --ext .cjs,.js,.jsx,.mjs,.ts --max-warnings 0 --format unix .",
    "lint:fix": "eslint --cache --cache-location ../../node_modules/.cache/eslint/ --fix --ext .cjs,.js,.jsx,.mjs,.ts .",
-    "test:ci": "npm run test:unit",
+    "test:ci": "yarn run test:unit",
    "test:unit": "mocha --exit test/**/*.{js,cjs}",
    "types:check": "tsc --noEmit"
  },
@@ -26,8 +26,8 @@
    "typescript": "^5.0.4"
  },
  "dependencies": {
-    "@overleaf/o-error": "*",
-    "lodash": "^4.17.21",
+    "@overleaf/o-error": "workspace:*",
+    "lodash": "^4.18.1",
    "node-fetch": "^2.7.0"
  }
 }
@@ -1,7 +1,7 @@
 let reporterOptions = {}
 if (process.env.CI) {
  reporterOptions = {
-    reporter: '/overleaf/node_modules/mocha-multi-reporters',
+    reporter: require.resolve('mocha-multi-reporters'),
    'reporter-options': ['configFile=./test/mocha-multi-reporters.cjs'],
  }
 }
@@ -5,5 +5,6 @@ logger
 --esmock-loader=False
 --is-library=True
 --node-version=24.14.1
+--package-name=@overleaf/logger
 --pipeline-owner=32
 --public-repo=False
@@ -10,17 +10,17 @@
  "license": "AGPL-3.0-only",
  "version": "3.1.1",
  "scripts": {
-    "test": "npm run lint && npm run types:check && npm run test:unit",
+    "test": "yarn run lint && yarn run types:check && yarn run test:unit",
    "lint": "eslint --cache --cache-location ../../node_modules/.cache/eslint/ --ext .cjs,.js,.jsx,.mjs,.ts --max-warnings 0 --format unix .",
    "lint:fix": "eslint --cache --cache-location ../../node_modules/.cache/eslint/ --fix --ext .cjs,.js,.jsx,.mjs,.ts .",
-    "test:ci": "npm run test:unit",
+    "test:ci": "yarn run test:unit",
    "test:unit": "mocha --exit test/**/*.{js,cjs}",
    "types:check": "tsc --noEmit"
  },
  "dependencies": {
    "@google-cloud/logging-bunyan": "^5.1.0",
-    "@overleaf/fetch-utils": "*",
-    "@overleaf/o-error": "*",
+    "@overleaf/fetch-utils": "workspace:*",
+    "@overleaf/o-error": "workspace:*",
    "bunyan": "^1.8.14"
  },
  "devDependencies": {
@@ -34,6 +34,6 @@
    "typescript": "^5.0.4"
  },
  "peerDependencies": {
-    "@overleaf/metrics": "*"
+    "@overleaf/metrics": "workspace:*"
  }
 }
@@ -1,7 +1,7 @@
 let reporterOptions = {}
 if (process.env.CI) {
  reporterOptions = {
-    reporter: '/overleaf/node_modules/mocha-multi-reporters',
+    reporter: require.resolve('mocha-multi-reporters'),
    'reporter-options': ['configFile=./test/mocha-multi-reporters.cjs'],
  }
 }
@@ -5,5 +5,6 @@ metrics
 --esmock-loader=False
 --is-library=True
 --node-version=24.14.1
+--package-name=@overleaf/metrics
 --pipeline-owner=32
 --public-repo=False
@@ -8,14 +8,14 @@
  },
  "main": "index.js",
  "dependencies": {
-    "@google-cloud/opentelemetry-cloud-trace-exporter": "^2.4.1",
-    "@google-cloud/profiler": "^6.0.3",
-    "@opentelemetry/api": "1.9.0",
-    "@opentelemetry/auto-instrumentations-node": "^0.70.0",
-    "@opentelemetry/exporter-trace-otlp-http": "^0.212.0",
-    "@opentelemetry/resources": "^1.30.1",
-    "@opentelemetry/sdk-node": "^0.212.0",
-    "@opentelemetry/semantic-conventions": "^1.39.0",
+    "@google-cloud/opentelemetry-cloud-trace-exporter": "^3.0.0",
+    "@google-cloud/profiler": "^6.0.4",
+    "@opentelemetry/api": "^1.9.1",
+    "@opentelemetry/auto-instrumentations-node": "^0.76.0",
+    "@opentelemetry/exporter-trace-otlp-http": "^0.218.0",
+    "@opentelemetry/resources": "^2.7.1",
+    "@opentelemetry/sdk-node": "^0.218.0",
+    "@opentelemetry/semantic-conventions": "^1.41.1",
    "compression": "^1.7.4",
    "prom-client": "^14.1.1",
    "yn": "^3.1.1"
@@ -34,12 +34,12 @@
    "lint": "eslint --cache --cache-location ../../node_modules/.cache/eslint/ --ext .cjs,.js,.jsx,.mjs,.ts --max-warnings 0 --format unix .",
    "lint:fix": "eslint --cache --cache-location ../../node_modules/.cache/eslint/ --fix --ext .cjs,.js,.jsx,.mjs,.ts .",
    "test:unit": "mocha --exit test/**/*.{js,cjs}",
-    "test:acceptance": "mocha --recursive --exit --grep=$MOCHA_GREP test/acceptance",
-    "test": "npm run lint && npm run types:check && npm run test:unit",
-    "test:ci": "npm run test:unit",
+    "test:acceptance": "mocha --recursive --exit --grep=${MOCHA_GREP:-} test/acceptance",
+    "test": "yarn run lint && yarn run types:check && yarn run test:unit",
+    "test:ci": "yarn run test:unit",
    "types:check": "tsc --noEmit"
  },
  "peerDependencies": {
-    "@overleaf/logger": "*"
+    "@overleaf/logger": "workspace:*"
  }
 }
@@ -5,6 +5,7 @@ mongo-utils
 --esmock-loader=False
 --is-library=True
 --node-version=24.14.1
+--package-name=@overleaf/mongo-utils
 --pipeline-owner=32
 --public-repo=False
 --tsconfig-no-implicit-any=True
@@ -4,11 +4,11 @@
  "description": "utilities to help working with mongo",
  "main": "index.js",
  "scripts": {
-    "test": "npm run lint && npm run types:check && npm run test:unit",
+    "test": "yarn run lint && yarn run types:check && yarn run test:unit",
    "test:unit": "mocha --exit test/**/*.{js,cjs}",
    "lint": "eslint --cache --cache-location ../../node_modules/.cache/eslint/ --ext .cjs,.js,.jsx,.mjs,.ts --max-warnings 0 --format unix .",
    "lint:fix": "eslint --cache --cache-location ../../node_modules/.cache/eslint/ --fix --ext .cjs,.js,.jsx,.mjs,.ts .",
-    "test:ci": "npm run test:unit",
+    "test:ci": "yarn run test:unit",
    "types:check": "tsc --noEmit"
  },
  "author": "Overleaf (https://www.overleaf.com)",
@@ -1,7 +1,7 @@
 let reporterOptions = {}
 if (process.env.CI) {
  reporterOptions = {
-    reporter: '/overleaf/node_modules/mocha-multi-reporters',
+    reporter: require.resolve('mocha-multi-reporters'),
    'reporter-options': ['configFile=./test/mocha-multi-reporters.cjs'],
  }
 }
@@ -5,5 +5,6 @@ o-error
 --esmock-loader=False
 --is-library=True
 --node-version=24.14.1
+--package-name=@overleaf/o-error
 --pipeline-owner=32
 --public-repo=False
@@ -17,11 +17,11 @@
    "index.cjs"
  ],
  "scripts": {
-    "build": "npm run --silent test",
+    "build": "yarn run --silent test",
    "lint": "eslint --cache --cache-location ../../node_modules/.cache/eslint/ --ext .cjs,.js,.jsx,.mjs,.ts --max-warnings 0 --format unix .",
    "lint:fix": "eslint --cache --cache-location ../../node_modules/.cache/eslint/ --fix --ext .cjs,.js,.jsx,.mjs,.ts .",
-    "test": "npm run lint && npm run types:check && npm run test:unit",
-    "test:ci": "npm run test:unit",
+    "test": "yarn run lint && yarn run types:check && yarn run test:unit",
+    "test:ci": "yarn run test:unit",
    "test:unit": "mocha --exit test/**/*.{js,cjs}",
    "types:check": "tsc --noEmit"
  },
@@ -1,7 +1,7 @@
 let reporterOptions = {}
 if (process.env.CI) {
  reporterOptions = {
-    reporter: '/overleaf/node_modules/mocha-multi-reporters',
+    reporter: require.resolve('mocha-multi-reporters'),
    'reporter-options': ['configFile=./test/mocha-multi-reporters.cjs'],
  }
 }
@@ -304,7 +304,7 @@ In order to prevent accidental deletion from outside this mechanism, an event-ba
 Contributions should pass lint, formatting and unit test checks. To run these, use

 ```
-npm run test
+yarn run test
 ```

 There are no acceptance tests in this module, but https://github.com/overleaf/filestore/ contains a comprehensive set of acceptance tests that use this module. These should also pass, with the changes.
@@ -5,6 +5,7 @@ object-persistor
 --esmock-loader=False
 --is-library=True
 --node-version=24.14.1
+--package-name=@overleaf/object-persistor
 --pipeline-owner=32
 --public-repo=False
 --tsconfig-no-implicit-any=True
@@ -4,11 +4,11 @@
  "description": "Module for storing objects in multiple backends, with fallback on 404 to assist migration between them",
  "main": "index.js",
  "scripts": {
-    "test": "npm run lint && npm run types:check && npm run test:unit",
+    "test": "yarn run lint && yarn run types:check && yarn run test:unit",
    "test:unit": "mocha --exit test/**/*.{js,cjs}",
    "lint": "eslint --cache --cache-location ../../node_modules/.cache/eslint/ --ext .cjs,.js,.jsx,.mjs,.ts --max-warnings 0 --format unix .",
    "lint:fix": "eslint --cache --cache-location ../../node_modules/.cache/eslint/ --fix --ext .cjs,.js,.jsx,.mjs,.ts .",
-    "test:ci": "npm run test:unit",
+    "test:ci": "yarn run test:unit",
    "types:check": "tsc --noEmit"
  },
  "repository": {
@@ -23,10 +23,10 @@
    "@aws-sdk/node-http-handler": "^3.374.0",
    "@aws-sdk/s3-request-presigner": "^3.994.0",
    "@google-cloud/storage": "^7.19.0",
-    "@overleaf/logger": "*",
-    "@overleaf/metrics": "*",
-    "@overleaf/o-error": "*",
-    "@overleaf/stream-utils": "*",
+    "@overleaf/logger": "workspace:*",
+    "@overleaf/metrics": "workspace:*",
+    "@overleaf/o-error": "workspace:*",
+    "@overleaf/stream-utils": "workspace:*",
    "fast-crc32c": "overleaf/node-fast-crc32c#aae6b2a4c7a7a159395df9cc6c38dfde702d6f51",
    "glob": "^12.0.0",
    "range-parser": "^1.2.1",
@@ -38,7 +38,6 @@
    "mocha": "^11.1.0",
    "mocha-junit-reporter": "^2.2.1",
    "mocha-multi-reporters": "^1.5.1",
-    "mock-fs": "^5.2.0",
    "mongodb": "6.12.0",
    "sandboxed-module": "^2.0.4",
    "sinon": "^9.2.4",
@@ -3,9 +3,12 @@ const fs = require('node:fs')
 const fsPromises = require('node:fs/promises')
 const { glob } = require('glob')
 const Path = require('node:path')
+const { promisify } = require('node:util')
 const { PassThrough } = require('node:stream')
 const { pipeline } = require('node:stream/promises')

+const openCb = promisify(fs.open)
+
 const AbstractPersistor = require('./AbstractPersistor')
 const { ReadError, WriteError, NotImplementedError } = require('./Errors')
 const PersistorHelper = require('./PersistorHelper')
@@ -85,8 +88,9 @@ module.exports = class FSPersistor extends AbstractPersistor {
    })
    const fsPath = this._getFsPath(location, name, opts.useSubdirectories)

+    let fd
    try {
-      opts.fd = await fsPromises.open(fsPath, 'r')
+      fd = await openCb(fsPath, 'r')
    } catch (err) {
      throw PersistorHelper.wrapError(
        err,
@@ -96,7 +100,7 @@ module.exports = class FSPersistor extends AbstractPersistor {
      )
    }

-    const stream = fs.createReadStream(null, opts)
+    const stream = fs.createReadStream(null, { ...opts, fd })
    // Return a PassThrough stream with a minimal interface. It will buffer until the caller starts reading. It will emit errors from the source stream (Stream.pipeline passes errors along).
    const pass = new PassThrough()
    pipeline(stream, observer, pass).catch(() => {})
@@ -1,6 +1,6 @@
 const crypto = require('node:crypto')
+const os = require('node:os')
 const { expect } = require('chai')
-const mockFs = require('mock-fs')
 const fs = require('node:fs')
 const fsPromises = require('node:fs/promises')
 const Path = require('node:path')
@@ -10,22 +10,59 @@ const Errors = require('../../src/Errors')

 const MODULE_PATH = '../../src/FSPersistor.js'

+function createTree(base, tree) {
+  fs.mkdirSync(base, { recursive: true })
+  for (const [name, content] of Object.entries(tree)) {
+    const fullPath = Path.join(base, name)
+    if (Buffer.isBuffer(content) || typeof content === 'string') {
+      fs.writeFileSync(fullPath, content)
+    } else if (content && typeof content.symlink === 'string') {
+      fs.symlinkSync(content.symlink, fullPath)
+    } else {
+      createTree(fullPath, content)
+    }
+  }
+}
+
 describe('FSPersistorTests', function () {
-  const localFiles = {
-    '/uploads/info.txt': Buffer.from('This information is critical', {
+  const fileContents = {
+    'info.txt': Buffer.from('This information is critical', {
      encoding: 'utf-8',
    }),
-    '/uploads/other.txt': Buffer.from('Some other content', {
+    'other.txt': Buffer.from('Some other content', {
      encoding: 'utf-8',
    }),
  }
-  const location = '/bucket'
+  let tmpDir
+  let location
+  let notADirPath
  const files = {
    wombat: 'animals/wombat.tex',
    giraffe: 'animals/giraffe.tex',
    potato: 'vegetables/potato.tex',
  }

+  beforeEach(function () {
+    tmpDir = fs.mkdtempSync(Path.join(os.tmpdir(), 'fs-persistor-test-'))
+    createTree(tmpDir, {
+      uploads: {
+        'info.txt': fileContents['info.txt'],
+        'other.txt': fileContents['other.txt'],
+      },
+      'not-a-dir':
+        'This regular file is meant to prevent using this path as a directory',
+      directory: {
+        subdirectory: {},
+      },
+    })
+    notADirPath = Path.join(tmpDir, 'not-a-dir')
+    location = Path.join(tmpDir, 'bucket')
+  })
+
+  afterEach(function () {
+    fs.rmSync(tmpDir, { recursive: true })
+  })
+
  const scenarios = [
    {
      description: 'default settings',
@@ -54,31 +91,26 @@ describe('FSPersistorTests', function () {
        persistor = new FSPersistor(scenario.settings)
      })

-      beforeEach(function () {
-        mockFs({
-          ...localFiles,
-          '/not-a-dir':
-            'This regular file is meant to prevent using this path as a directory',
-          '/directory/subdirectory': {},
-        })
-      })
-
-      afterEach(function () {
-        mockFs.restore()
-      })
-
      describe('sendFile', function () {
        it('should copy the file', async function () {
-          await persistor.sendFile(location, files.wombat, '/uploads/info.txt')
+          await persistor.sendFile(
+            location,
+            files.wombat,
+            Path.join(tmpDir, 'uploads', 'info.txt')
+          )
          const contents = await fsPromises.readFile(
            scenario.fsPath(files.wombat)
          )
-          expect(contents.equals(localFiles['/uploads/info.txt'])).to.be.true
+          expect(contents.equals(fileContents['info.txt'])).to.be.true
        })

        it('should return an error if the file cannot be stored', async function () {
          await expect(
-            persistor.sendFile('/not-a-dir', files.wombat, '/uploads/info.txt')
+            persistor.sendFile(
+              notADirPath,
+              files.wombat,
+              Path.join(tmpDir, 'uploads', 'info.txt')
+            )
          ).to.be.rejectedWith(Errors.WriteError)
        })
      })
@@ -88,7 +120,9 @@ describe('FSPersistorTests', function () {

        describe("when the file doesn't exist", function () {
          beforeEach(function () {
-            stream = fs.createReadStream('/uploads/info.txt')
+            stream = fs.createReadStream(
+              Path.join(tmpDir, 'uploads', 'info.txt')
+            )
          })

          it('should write the stream to disk', async function () {
@@ -96,7 +130,7 @@ describe('FSPersistorTests', function () {
            const contents = await fsPromises.readFile(
              scenario.fsPath(files.wombat)
            )
-            expect(contents.equals(localFiles['/uploads/info.txt'])).to.be.true
+            expect(contents.equals(fileContents['info.txt'])).to.be.true
          })

          it('should delete the temporary file', async function () {
@@ -109,7 +143,7 @@ describe('FSPersistorTests', function () {
          describe('on error', function () {
            beforeEach(async function () {
              await expect(
-                persistor.sendStream('/not-a-dir', files.wombat, stream)
+                persistor.sendStream(notADirPath, files.wombat, stream)
              ).to.be.rejectedWith(Errors.WriteError)
            })

@@ -129,13 +163,12 @@ describe('FSPersistorTests', function () {
          describe('when the md5 hash matches', function () {
            it('should write the stream to disk', async function () {
              await persistor.sendStream(location, files.wombat, stream, {
-                sourceMd5: md5(localFiles['/uploads/info.txt']),
+                sourceMd5: md5(fileContents['info.txt']),
              })
              const contents = await fsPromises.readFile(
                scenario.fsPath(files.wombat)
              )
-              expect(contents.equals(localFiles['/uploads/info.txt'])).to.be
-                .true
+              expect(contents.equals(fileContents['info.txt'])).to.be.true
            })
          })

@@ -169,9 +202,11 @@ describe('FSPersistorTests', function () {
            await persistor.sendFile(
              location,
              files.wombat,
-              '/uploads/info.txt'
+              Path.join(tmpDir, 'uploads', 'info.txt')
+            )
+            stream = fs.createReadStream(
+              Path.join(tmpDir, 'uploads', 'other.txt')
            )
-            stream = fs.createReadStream('/uploads/other.txt')
          })

          it('should write the stream to disk', async function () {
@@ -179,7 +214,7 @@ describe('FSPersistorTests', function () {
            const contents = await fsPromises.readFile(
              scenario.fsPath(files.wombat)
            )
-            expect(contents.equals(localFiles['/uploads/other.txt'])).to.be.true
+            expect(contents.equals(fileContents['other.txt'])).to.be.true
          })

          it('should delete the temporary file', async function () {
@@ -192,7 +227,7 @@ describe('FSPersistorTests', function () {
          describe('on error', function () {
            beforeEach(async function () {
              await expect(
-                persistor.sendStream('/not-a-dir', files.wombat, stream)
+                persistor.sendStream(notADirPath, files.wombat, stream)
              ).to.be.rejectedWith(Errors.WriteError)
            })

@@ -200,8 +235,7 @@ describe('FSPersistorTests', function () {
              const contents = await fsPromises.readFile(
                scenario.fsPath(files.wombat)
              )
-              expect(contents.equals(localFiles['/uploads/info.txt'])).to.be
-                .true
+              expect(contents.equals(fileContents['info.txt'])).to.be.true
            })

            it('should delete the temporary file', async function () {
@@ -215,13 +249,12 @@ describe('FSPersistorTests', function () {
          describe('when the md5 hash matches', function () {
            it('should write the stream to disk', async function () {
              await persistor.sendStream(location, files.wombat, stream, {
-                sourceMd5: md5(localFiles['/uploads/other.txt']),
+                sourceMd5: md5(fileContents['other.txt']),
              })
              const contents = await fsPromises.readFile(
                scenario.fsPath(files.wombat)
              )
-              expect(contents.equals(localFiles['/uploads/other.txt'])).to.be
-                .true
+              expect(contents.equals(fileContents['other.txt'])).to.be.true
            })
          })

@@ -238,8 +271,7 @@ describe('FSPersistorTests', function () {
              const contents = await fsPromises.readFile(
                scenario.fsPath(files.wombat)
              )
-              expect(contents.equals(localFiles['/uploads/info.txt'])).to.be
-                .true
+              expect(contents.equals(fileContents['info.txt'])).to.be.true
            })

            it('should delete the temporary file', async function () {
@@ -254,13 +286,17 @@ describe('FSPersistorTests', function () {

      describe('getObjectStream', function () {
        beforeEach(async function () {
-          await persistor.sendFile(location, files.wombat, '/uploads/info.txt')
+          await persistor.sendFile(
+            location,
+            files.wombat,
+            Path.join(tmpDir, 'uploads', 'info.txt')
+          )
        })

        it('should return a string with the object contents', async function () {
          const stream = await persistor.getObjectStream(location, files.wombat)
          const contents = await streamToBuffer(stream)
-          expect(contents.equals(localFiles['/uploads/info.txt'])).to.be.true
+          expect(contents.equals(fileContents['info.txt'])).to.be.true
        })

        it('should support ranges', async function () {
@@ -274,8 +310,8 @@ describe('FSPersistorTests', function () {
          )
          const contents = await streamToBuffer(stream)
          // end is inclusive in ranges, but exclusive in slice()
-          expect(contents.equals(localFiles['/uploads/info.txt'].slice(5, 17)))
-            .to.be.true
+          expect(contents.equals(fileContents['info.txt'].slice(5, 17))).to.be
+            .true
        })

        it('should give a NotFoundError if the file does not exist', async function () {
@@ -287,13 +323,17 @@ describe('FSPersistorTests', function () {

      describe('getObjectSize', function () {
        beforeEach(async function () {
-          await persistor.sendFile(location, files.wombat, '/uploads/info.txt')
+          await persistor.sendFile(
+            location,
+            files.wombat,
+            Path.join(tmpDir, 'uploads', 'info.txt')
+          )
        })

        it('should return the file size', async function () {
          expect(
            await persistor.getObjectSize(location, files.wombat)
-          ).to.equal(localFiles['/uploads/info.txt'].length)
+          ).to.equal(fileContents['info.txt'].length)
        })

        it('should throw a NotFoundError if the file does not exist', async function () {
@@ -305,7 +345,11 @@ describe('FSPersistorTests', function () {

      describe('copyObject', function () {
        beforeEach(async function () {
-          await persistor.sendFile(location, files.wombat, '/uploads/info.txt')
+          await persistor.sendFile(
+            location,
+            files.wombat,
+            Path.join(tmpDir, 'uploads', 'info.txt')
+          )
        })

        it('Should copy the file to the new location', async function () {
@@ -313,13 +357,17 @@ describe('FSPersistorTests', function () {
          const contents = await fsPromises.readFile(
            scenario.fsPath(files.potato)
          )
-          expect(contents.equals(localFiles['/uploads/info.txt'])).to.be.true
+          expect(contents.equals(fileContents['info.txt'])).to.be.true
        })
      })

      describe('deleteObject', function () {
        beforeEach(async function () {
-          await persistor.sendFile(location, files.wombat, '/uploads/info.txt')
+          await persistor.sendFile(
+            location,
+            files.wombat,
+            Path.join(tmpDir, 'uploads', 'info.txt')
+          )
          await fsPromises.access(scenario.fsPath(files.wombat))
        })

@@ -337,7 +385,11 @@ describe('FSPersistorTests', function () {
      describe('deleteDirectory', function () {
        beforeEach(async function () {
          for (const file of Object.values(files)) {
-            await persistor.sendFile(location, file, '/uploads/info.txt')
+            await persistor.sendFile(
+              location,
+              file,
+              Path.join(tmpDir, 'uploads', 'info.txt')
+            )
            await fsPromises.access(scenario.fsPath(file))
          }
        })
@@ -365,7 +417,11 @@ describe('FSPersistorTests', function () {

      describe('checkIfObjectExists', function () {
        beforeEach(async function () {
-          await persistor.sendFile(location, files.wombat, '/uploads/info.txt')
+          await persistor.sendFile(
+            location,
+            files.wombat,
+            Path.join(tmpDir, 'uploads', 'info.txt')
+          )
        })

        it('should return true for existing files', async function () {
@@ -384,13 +440,17 @@ describe('FSPersistorTests', function () {
      describe('directorySize', function () {
        beforeEach(async function () {
          for (const file of Object.values(files)) {
-            await persistor.sendFile(location, file, '/uploads/info.txt')
+            await persistor.sendFile(
+              location,
+              file,
+              Path.join(tmpDir, 'uploads', 'info.txt')
+            )
          }
        })

        it('should sum directory files size', async function () {
          expect(await persistor.directorySize(location, 'animals')).to.equal(
-            2 * localFiles['/uploads/info.txt'].length
+            2 * fileContents['info.txt'].length
          )
        })

@@ -404,7 +464,11 @@ describe('FSPersistorTests', function () {
      describe('listDirectoryKeys', function () {
        beforeEach(async function () {
          for (const file of Object.values(files)) {
-            await persistor.sendFile(location, file, '/uploads/info.txt')
+            await persistor.sendFile(
+              location,
+              file,
+              Path.join(tmpDir, 'uploads', 'info.txt')
+            )
          }
        })

@@ -427,7 +491,11 @@ describe('FSPersistorTests', function () {
      describe('listDirectoryStats', function () {
        beforeEach(async function () {
          for (const file of Object.values(files)) {
-            await persistor.sendFile(location, file, '/uploads/info.txt')
+            await persistor.sendFile(
+              location,
+              file,
+              Path.join(tmpDir, 'uploads', 'info.txt')
+            )
          }
        })

@@ -438,7 +506,7 @@ describe('FSPersistorTests', function () {
          expect(keys).to.include(scenario.fsPath(files.wombat))
          expect(keys).to.include(scenario.fsPath(files.giraffe))
          for (const stat of stats) {
-            expect(stat.size).to.equal(localFiles['/uploads/info.txt'].length)
+            expect(stat.size).to.equal(fileContents['info.txt'].length)
          }
        })

@@ -1,7 +1,7 @@
 let reporterOptions = {}
 if (process.env.CI) {
  reporterOptions = {
-    reporter: '/overleaf/node_modules/mocha-multi-reporters',
+    reporter: require.resolve('mocha-multi-reporters'),
    'reporter-options': ['configFile=./test/mocha-multi-reporters.cjs'],
  }
 }
@@ -5,5 +5,6 @@ overleaf-editor-core
 --esmock-loader=False
 --is-library=True
 --node-version=24.14.1
+--package-name=overleaf-editor-core
 --pipeline-owner=44
 --public-repo=False
@@ -4,11 +4,13 @@
 const _ = require('lodash')
 const assert = require('check-types').assert

+const OError = require('@overleaf/o-error')
 const Blob = require('../blob')
 const FileData = require('./')
 const EagerStringFileData = require('./string_file_data')
 const EditOperation = require('../operation/edit_operation')
 const EditOperationBuilder = require('../operation/edit_operation_builder')
+const TextOperation = require('../operation/text_operation')

 /**
 *  @import { BlobStore, ReadonlyBlobStore, RangesBlob, RawHashFileData, RawLazyStringFileData } from '../types'
@@ -152,7 +154,25 @@ class LazyStringFileData extends FileData {
      ranges?.comments,
      ranges?.trackedChanges
    )
-    applyOperations(this.operations, file)
+    try {
+      applyOperations(this.operations, file)
+    } catch (err) {
+      const firstOp = this.operations[0]
+      const firstOpBaseLength =
+        firstOp instanceof TextOperation ? firstOp.baseLength : undefined
+      throw OError.tag(err, 'failed to apply operations in toEager', {
+        blobHash: this.hash,
+        blobContentLength: content.length,
+        metadataStringLength: this.stringLength,
+        totalOperations: this.operations.length,
+        firstOpBaseLength,
+        contentMatchesMetadata: content.length === this.stringLength,
+        contentMatchesFirstOp:
+          typeof firstOpBaseLength === 'number'
+            ? content.length === firstOpBaseLength
+            : undefined,
+      })
+    }
    return file
  }

@@ -172,7 +192,18 @@ class LazyStringFileData extends FileData {
   * @param {EditOperation} operation
   */
  edit(operation) {
-    this.stringLength = operation.applyToLength(this.stringLength)
+    try {
+      this.stringLength = operation.applyToLength(this.stringLength)
+    } catch (err) {
+      const baseLength =
+        operation instanceof TextOperation ? operation.baseLength : undefined
+      throw OError.tag(err, 'failed to apply operation length in edit', {
+        blobHash: this.hash,
+        metadataStringLength: this.stringLength,
+        operationBaseLength: baseLength,
+        totalExistingOperations: this.operations.length,
+      })
+    }
    this.operations.push(operation)
  }

@@ -205,7 +236,17 @@ class LazyStringFileData extends FileData {
 * @returns {void}
 */
 function applyOperations(operations, file) {
-  _.each(operations, operation => operation.apply(file))
+  for (let i = 0; i < operations.length; i++) {
+    try {
+      operations[i].apply(file)
+    } catch (err) {
+      throw OError.tag(err, 'operation failed during applyOperations', {
+        operationIndex: i,
+        totalOperations: operations.length,
+        currentContentLength: file.getStringLength(),
+      })
+    }
+  }
 }

 module.exports = LazyStringFileData
@@ -4,10 +4,10 @@
  "description": "Library shared between the editor server and clients.",
  "main": "index.js",
  "scripts": {
-    "test": "npm run lint && npm run types:check && npm run test:unit",
+    "test": "yarn run lint && yarn run types:check && yarn run test:unit",
    "lint": "eslint --cache --cache-location ../../node_modules/.cache/eslint/ --ext .cjs,.js,.jsx,.mjs,.ts --max-warnings 0 --format unix .",
    "lint:fix": "eslint --cache --cache-location ../../node_modules/.cache/eslint/ --fix --ext .cjs,.js,.jsx,.mjs,.ts .",
-    "test:ci": "npm run test:unit",
+    "test:ci": "yarn run test:unit",
    "test:unit": "mocha --exit test/**/*.{js,cjs}",
    "types:check": "tsc --noEmit"
  },
@@ -25,9 +25,9 @@
    "typescript": "^5.0.4"
  },
  "dependencies": {
-    "@overleaf/o-error": "*",
+    "@overleaf/o-error": "workspace:*",
    "check-types": "^5.1.0",
-    "lodash": "^4.17.19",
+    "lodash": "^4.18.1",
    "p-map": "^4.0.0",
    "path-browserify": "^1.0.1"
  }
@@ -4,6 +4,7 @@
 const _ = require('lodash')
 const { expect } = require('chai')
 const sinon = require('sinon')
+const OError = require('@overleaf/o-error')

 const ot = require('../..')
 const File = ot.File
@@ -202,4 +203,85 @@ describe('LazyStringFileData', function () {
    expect(fileData.hash).to.equal(stored.hash)
    expect(fileData.operations).to.deep.equal([])
  })
+
+  describe('error annotation', function () {
+    it('annotates errors in toEager with blob and operation metadata', async function () {
+      const testHash = this.fileHash
+      // Create a file with content length 19 ('the quick brown fox')
+      // then queue an operation that expects a different base length
+      const fileData = new LazyStringFileData(testHash, undefined, 19)
+      // This operation expects base length 999, which won't match the blob
+      const badOp = new TextOperation()
+      badOp.retain(999)
+      fileData.operations.push(badOp)
+      // Manually set stringLength to match the op's baseLength: pushing directly
+      // to operations bypasses edit(), which is what normally updates stringLength
+      fileData.stringLength = 999
+
+      try {
+        await fileData.toEager(this.blobStore)
+        expect.fail('should have thrown')
+      } catch (err) {
+        const info = OError.getFullInfo(err)
+        expect(info).to.have.property('blobHash', testHash)
+        expect(info).to.have.property('blobContentLength', 19)
+        expect(info).to.have.property('metadataStringLength', 999)
+        expect(info).to.have.property('totalOperations', 1)
+        expect(info).to.have.property('operationIndex', 0)
+        expect(info).to.have.property('currentContentLength', 19)
+        expect(info).to.have.property('firstOpBaseLength', 999)
+        expect(info).to.have.property('contentMatchesMetadata', false)
+        expect(info).to.have.property('contentMatchesFirstOp', false)
+      }
+    })
+
+    it('annotates errors in edit with operation and metadata context', function () {
+      const testHash = this.fileHash
+      const fileData = new LazyStringFileData(testHash, undefined, 19)
+      // Queue one valid operation first so totalExistingOperations > 0
+      fileData.edit(new TextOperation().retain(19).insert('!'))
+      // This operation expects base length 999, mismatching stringLength of 20
+      const badOp = new TextOperation()
+      badOp.retain(999)
+      try {
+        fileData.edit(badOp)
+        expect.fail('should have thrown')
+      } catch (err) {
+        const info = OError.getFullInfo(err)
+        expect(info).to.have.property('blobHash', testHash)
+        expect(info).to.have.property('metadataStringLength', 20)
+        expect(info).to.have.property('operationBaseLength', 999)
+        expect(info).to.have.property('totalExistingOperations', 1)
+      }
+    })
+
+    it('annotates errors in applyOperations with the failing operation index', async function () {
+      const testHash = this.fileHash
+      // Content is 'the quick brown fox' (length 19)
+      const fileData = new LazyStringFileData(testHash, undefined, 19)
+      // First op is valid: insert at end
+      const goodOp = new TextOperation().retain(19).insert('!')
+      // Second op expects length 999 — will fail
+      const badOp = new TextOperation()
+      badOp.retain(999)
+      fileData.operations.push(goodOp)
+      fileData.operations.push(badOp)
+      fileData.stringLength = 999
+
+      try {
+        await fileData.toEager(this.blobStore)
+        expect.fail('should have thrown')
+      } catch (err) {
+        const info = OError.getFullInfo(err)
+        // The second operation (index 1) should be the one that fails
+        expect(info).to.have.property('operationIndex', 1)
+        expect(info).to.have.property('totalOperations', 2)
+        expect(info).to.have.property('currentContentLength', 20)
+        // toEager also tags with blob metadata
+        expect(info).to.have.property('blobHash', testHash)
+        expect(info).to.have.property('blobContentLength', 19)
+        expect(info).to.have.property('metadataStringLength', 999)
+      }
+    })
+  })
 })
@@ -17,6 +17,10 @@ const { RetainOp, InsertOp, RemoveOp } = require('../../lib/operation/scan_op')
 const TrackingProps = require('../../lib/file_data/tracking_props')
 const ClearTrackingProps = require('../../lib/file_data/clear_tracking_props')

+function fuzzingErrorMessage(obj) {
+  return `Failed randomized test with input: ${JSON.stringify(obj)}`
+}
+
 describe('TextOperation', function () {
  const numTrials = 500

@@ -145,18 +149,12 @@ describe('TextOperation', function () {
      const str = random.string(50)
      const comments = random.comments(6)
      const o = randomOperation(str, comments.ids)
-      try {
-        expect(str.length).to.equal(o.baseLength)
-        const file = new StringFileData(str, comments.comments)
-        o.apply(file)
-        const result = file.getContent()
-        expect(result.length).to.equal(o.targetLength)
-      } catch (err) {
-        if (err instanceof Error) {
-          err.message = `Failing inputs:\n  str: ${JSON.stringify(str)}\n  comments: ${JSON.stringify(comments)}\n  o: ${JSON.stringify(o.toJSON())}\n\n${err.message}`
-        }
-        throw err
-      }
+      const fuzzingError = fuzzingErrorMessage({ str, comments, o: o.toJSON() })
+      expect(str.length).to.equal(o.baseLength, fuzzingError)
+      const file = new StringFileData(str, comments.comments)
+      o.apply(file)
+      const result = file.getContent()
+      expect(result.length).to.equal(o.targetLength, fuzzingError)
    })
  )

@@ -166,15 +164,11 @@ describe('TextOperation', function () {
      const doc = random.string(50)
      const comments = random.comments(2)
      const operation = randomOperation(doc, comments.ids)
-      try {
-        const roundTripOperation = TextOperation.fromJSON(operation.toJSON())
-        expect(operation.equals(roundTripOperation)).to.be.true
-      } catch (err) {
-        if (err instanceof Error) {
-          err.message = `Failing inputs:\n  doc: ${JSON.stringify(doc)}\n  comments: ${JSON.stringify(comments)}\n  operation: ${JSON.stringify(operation.toJSON())}\n\n${err.message}`
-        }
-        throw err
-      }
+      const roundTripOperation = TextOperation.fromJSON(operation.toJSON())
+      expect(operation.equals(roundTripOperation)).to.equal(
+        true,
+        fuzzingErrorMessage({ operation })
+      )
    })
  )

@@ -227,22 +221,20 @@ describe('TextOperation', function () {
        const str = random.string(50)
        const comments = random.comments(6)
        const o = randomOperation(str, comments.ids)
-        try {
-          const originalFile = new StringFileData(str, comments.comments)
-          const p = o.invert(originalFile)
-          expect(o.baseLength).to.equal(p.targetLength)
-          expect(o.targetLength).to.equal(p.baseLength)
-          const file = new StringFileData(str, comments.comments)
-          o.apply(file)
-          p.apply(file)
-          const result = file.toRaw()
-          expect(result).to.deep.equal(originalFile.toRaw())
-        } catch (err) {
-          if (err instanceof Error) {
-            err.message = `Failing inputs:\n  str: ${JSON.stringify(str)}\n  comments: ${JSON.stringify(comments)}\n  o: ${JSON.stringify(o.toJSON())}\n\n${err.message}`
-          }
-          throw err
-        }
+        const originalFile = new StringFileData(str, comments.comments)
+        const p = o.invert(originalFile)
+        const fuzzingError = fuzzingErrorMessage({
+          str,
+          comments,
+          o: o.toJSON(),
+        })
+        expect(o.baseLength).to.equal(p.targetLength, fuzzingError)
+        expect(o.targetLength).to.equal(p.baseLength, fuzzingError)
+        const file = new StringFileData(str, comments.comments)
+        o.apply(file)
+        p.apply(file)
+        const result = file.toRaw()
+        expect(result).to.deep.equal(originalFile.toRaw(), fuzzingError)
      })
    )

@@ -394,26 +386,33 @@ describe('TextOperation', function () {
        const str = random.string(20)
        const comments = random.comments(6)
        const a = randomOperation(str, comments.ids)
+        const fuzzingError = fuzzingErrorMessage({
+          str,
+          comments,
+          a: a.toJSON(),
+        })
        const file = new StringFileData(str, comments.comments)
        a.apply(file)
        const afterA = file.toRaw()
+        expect(afterA.content.length).to.equal(a.targetLength, fuzzingError)
        const b = randomOperation(afterA.content, comments.ids)
-        try {
-          expect(afterA.content.length).to.equal(a.targetLength)
-          b.apply(file)
-          const afterB = file.toRaw()
-          expect(afterB.content.length).to.equal(b.targetLength)
-          const ab = a.compose(b)
-          expect(ab.targetLength).to.equal(b.targetLength)
-          ab.apply(new StringFileData(str, comments.comments))
-          const afterAB = file.toRaw()
-          expect(afterAB).to.deep.equal(afterB)
-        } catch (err) {
-          if (err instanceof Error) {
-            err.message = `Failing inputs:\n  str: ${JSON.stringify(str)}\n  comments: ${JSON.stringify(comments)}\n  a: ${JSON.stringify(a.toJSON())}\n  b: ${JSON.stringify(b.toJSON())}\n\n${err.message}`
-          }
-          throw err
-        }
+        const fuzzingErrorWithB = fuzzingErrorMessage({
+          str,
+          comments,
+          a: a.toJSON(),
+          b: b.toJSON(),
+        })
+        b.apply(file)
+        const afterB = file.toRaw()
+        expect(afterB.content.length).to.equal(
+          b.targetLength,
+          fuzzingErrorWithB
+        )
+        const ab = a.compose(b)
+        expect(ab.targetLength).to.equal(b.targetLength, fuzzingErrorWithB)
+        ab.apply(new StringFileData(str, comments.comments))
+        const afterAB = file.toRaw()
+        expect(afterAB).to.deep.equal(afterB, fuzzingErrorWithB)
      })
    )

@@ -622,24 +621,23 @@ describe('TextOperation', function () {
        const comments = random.comments(6)
        const a = randomOperation(str, comments.ids)
        const b = randomOperation(str, comments.ids)
-        try {
-          const primes = TextOperation.transform(a, b)
-          const aPrime = primes[0]
-          const bPrime = primes[1]
-          const abPrime = a.compose(bPrime)
-          const baPrime = b.compose(aPrime)
-          const abFile = new StringFileData(str, comments.comments)
-          const baFile = new StringFileData(str, comments.comments)
-          abPrime.apply(abFile)
-          baPrime.apply(baFile)
-          expect(abPrime.equals(baPrime)).to.be.true
-          expect(abFile.toRaw()).to.deep.equal(baFile.toRaw())
-        } catch (err) {
-          if (err instanceof Error) {
-            err.message = `Failing inputs:\n  str: ${JSON.stringify(str)}\n  comments: ${JSON.stringify(comments)}\n  a: ${JSON.stringify(a.toJSON())}\n  b: ${JSON.stringify(b.toJSON())}\n\n${err.message}`
-          }
-          throw err
-        }
+        const primes = TextOperation.transform(a, b)
+        const aPrime = primes[0]
+        const bPrime = primes[1]
+        const abPrime = a.compose(bPrime)
+        const baPrime = b.compose(aPrime)
+        const abFile = new StringFileData(str, comments.comments)
+        const baFile = new StringFileData(str, comments.comments)
+        abPrime.apply(abFile)
+        baPrime.apply(baFile)
+        const fuzzingError = fuzzingErrorMessage({
+          str,
+          comments,
+          a: a.toJSON(),
+          b: b.toJSON(),
+        })
+        expect(abPrime.equals(baPrime)).to.be.equal(true, fuzzingError)
+        expect(abFile.toRaw()).to.deep.equal(baFile.toRaw(), fuzzingError)
      })
    )

@@ -1,7 +1,7 @@
 let reporterOptions = {}
 if (process.env.CI) {
  reporterOptions = {
-    reporter: '/overleaf/node_modules/mocha-multi-reporters',
+    reporter: require.resolve('mocha-multi-reporters'),
    'reporter-options': ['configFile=./test/mocha-multi-reporters.cjs'],
  }
 }
@@ -5,5 +5,6 @@ promise-utils
 --esmock-loader=False
 --is-library=True
 --node-version=24.14.1
+--package-name=@overleaf/promise-utils
 --pipeline-owner=32
 --public-repo=False
@@ -4,11 +4,11 @@
  "description": "utilities to help working with promises",
  "main": "index.js",
  "scripts": {
-    "test": "npm run lint && npm run types:check && npm run test:unit",
+    "test": "yarn run lint && yarn run types:check && yarn run test:unit",
    "test:unit": "mocha --exit test/**/*.{js,cjs}",
    "lint": "eslint --cache --cache-location ../../node_modules/.cache/eslint/ --ext .cjs,.js,.jsx,.mjs,.ts --max-warnings 0 --format unix .",
    "lint:fix": "eslint --cache --cache-location ../../node_modules/.cache/eslint/ --fix --ext .cjs,.js,.jsx,.mjs,.ts .",
-    "test:ci": "npm run test:unit",
+    "test:ci": "yarn run test:unit",
    "types:check": "tsc --noEmit"
  },
  "author": "Overleaf (https://www.overleaf.com)",
@@ -1,7 +1,7 @@
 let reporterOptions = {}
 if (process.env.CI) {
  reporterOptions = {
-    reporter: '/overleaf/node_modules/mocha-multi-reporters',
+    reporter: require.resolve('mocha-multi-reporters'),
    'reporter-options': ['configFile=./test/mocha-multi-reporters.cjs'],
  }
 }
@@ -5,5 +5,6 @@ ranges-tracker
 --esmock-loader=False
 --is-library=True
 --node-version=24.14.1
+--package-name=@overleaf/ranges-tracker
 --pipeline-owner=44
 --public-repo=False
@@ -11,8 +11,8 @@
  "scripts": {
    "lint": "eslint --cache --cache-location ../../node_modules/.cache/eslint/ --ext .cjs,.js,.jsx,.mjs,.ts --max-warnings 0 --format unix .",
    "lint:fix": "eslint --cache --cache-location ../../node_modules/.cache/eslint/ --fix --ext .cjs,.js,.jsx,.mjs,.ts .",
-    "test": "npm run lint && npm run types:check && npm run test:unit",
-    "test:ci": "npm run test:unit",
+    "test": "yarn run lint && yarn run types:check && yarn run test:unit",
+    "test:ci": "yarn run test:unit",
    "test:unit": "mocha --exit test/**/*.{js,cjs}",
    "types:check": "tsc --noEmit"
  },
@@ -1,7 +1,7 @@
 let reporterOptions = {}
 if (process.env.CI) {
  reporterOptions = {
-    reporter: '/overleaf/node_modules/mocha-multi-reporters',
+    reporter: require.resolve('mocha-multi-reporters'),
    'reporter-options': ['configFile=./test/mocha-multi-reporters.cjs'],
  }
 }
@@ -5,5 +5,6 @@ redis-wrapper
 --esmock-loader=False
 --is-library=True
 --node-version=24.14.1
+--package-name=@overleaf/redis-wrapper
 --pipeline-owner=32
 --public-repo=False
@@ -15,23 +15,23 @@
  "scripts": {
    "lint": "eslint --cache --cache-location ../../node_modules/.cache/eslint/ --ext .cjs,.js,.jsx,.mjs,.ts --max-warnings 0 --format unix .",
    "lint:fix": "eslint --cache --cache-location ../../node_modules/.cache/eslint/ --fix --ext .cjs,.js,.jsx,.mjs,.ts .",
-    "test": "npm run lint && npm run types:check && npm run test:unit",
-    "test:ci": "npm run test:unit",
+    "test": "yarn run lint && yarn run types:check && yarn run test:unit",
+    "test:ci": "yarn run test:unit",
    "test:unit": "mocha --exit test/**/*.{js,cjs}",
    "types:check": "tsc --noEmit"
  },
  "peerDependencies": {
-    "@overleaf/logger": "*",
-    "@overleaf/metrics": "*",
-    "@overleaf/o-error": "*"
+    "@overleaf/logger": "workspace:*",
+    "@overleaf/metrics": "workspace:*",
+    "@overleaf/o-error": "workspace:*"
  },
  "dependencies": {
    "async": "^3.2.5",
    "ioredis": "~4.27.1"
  },
  "devDependencies": {
-    "@overleaf/logger": "*",
-    "@overleaf/o-error": "*",
+    "@overleaf/logger": "workspace:*",
+    "@overleaf/o-error": "workspace:*",
    "chai": "^4.3.6",
    "mocha": "^11.1.0",
    "mocha-junit-reporter": "^2.2.1",
@@ -5,5 +5,6 @@ settings
 --esmock-loader=False
 --is-library=True
 --node-version=24.14.1
+--package-name=@overleaf/settings
 --pipeline-owner=32
 --public-repo=False
@@ -7,8 +7,8 @@
  "scripts": {
    "lint": "eslint --cache --cache-location ../../node_modules/.cache/eslint/ --ext .cjs,.js,.jsx,.mjs,.ts --max-warnings 0 --format unix .",
    "lint:fix": "eslint --cache --cache-location ../../node_modules/.cache/eslint/ --fix --ext .cjs,.js,.jsx,.mjs,.ts .",
-    "test": "npm run lint && npm run types:check && npm run test:unit",
-    "test:ci": "npm run test:unit",
+    "test": "yarn run lint && yarn run types:check && yarn run test:unit",
+    "test:ci": "yarn run test:unit",
    "test:unit": "mocha --exit test/**/*.{js,cjs}",
    "types:check": "tsc --noEmit"
  },
@@ -1,7 +1,7 @@
 let reporterOptions = {}
 if (process.env.CI) {
  reporterOptions = {
-    reporter: '/overleaf/node_modules/mocha-multi-reporters',
+    reporter: require.resolve('mocha-multi-reporters'),
    'reporter-options': ['configFile=./test/mocha-multi-reporters.cjs'],
  }
 }
@@ -5,5 +5,6 @@ stream-utils
 --esmock-loader=False
 --is-library=True
 --node-version=24.14.1
+--package-name=@overleaf/stream-utils
 --pipeline-owner=32
 --public-repo=False
@@ -4,11 +4,11 @@
  "description": "stream handling utilities",
  "main": "index.js",
  "scripts": {
-    "test": "npm run lint && npm run types:check && npm run test:unit",
+    "test": "yarn run lint && yarn run types:check && yarn run test:unit",
    "test:unit": "mocha --exit test/**/*.{js,cjs}",
    "lint": "eslint --cache --cache-location ../../node_modules/.cache/eslint/ --ext .cjs,.js,.jsx,.mjs,.ts --max-warnings 0 --format unix .",
    "lint:fix": "eslint --cache --cache-location ../../node_modules/.cache/eslint/ --fix --ext .cjs,.js,.jsx,.mjs,.ts .",
-    "test:ci": "npm run test:unit",
+    "test:ci": "yarn run test:unit",
    "types:check": "tsc --noEmit"
  },
  "author": "Overleaf (https://www.overleaf.com)",
@@ -1,5 +1,29 @@
+// @ts-check
+
 const OError = require('@overleaf/o-error')

-class ParamsError extends OError {}
+/**
+ * @typedef {import('zod').ZodError} ZodError
+ */

-module.exports = { ParamsError }
+class InvalidRequestError extends OError {
+  /**
+   * @param {ZodError} zodError
+   */
+  constructor(zodError) {
+    super('Invalid request', {}, zodError)
+    this.zodError = zodError
+  }
+}
+
+class InvalidParamsError extends OError {
+  /**
+   * @param {ZodError} zodError
+   */
+  constructor(zodError) {
+    super('Invalid request parameters', {}, zodError)
+    this.zodError = zodError
+  }
+}
+
+module.exports = { InvalidParamsError, InvalidRequestError }
@@ -5,6 +5,7 @@ validation-tools
 --esmock-loader=False
 --is-library=True
 --node-version=24.14.1
+--package-name=@overleaf/validation-tools
 --public-repo=False
 --test-acceptance-vitest=True
 --test-unit-vitest=True
@@ -1,15 +1,20 @@
-const { isZodErrorLike, fromError } = require('zod-validation-error')
+const { fromError } = require('zod-validation-error')
+const { InvalidParamsError, InvalidRequestError } = require('./Errors')

 function createHandleValidationError(statusCode = 400) {
-  return [
-    (err, req, res, next) => {
-      if (!isZodErrorLike(err)) {
-        return next(err)
-      }
-
-      res.status(statusCode).json({ ...fromError(err), statusCode })
-    },
-  ]
+  return (err, req, res, next) => {
+    if (err instanceof InvalidParamsError) {
+      res
+        .status(404)
+        .json({ error: fromError(err.zodError).toString(), statusCode: 404 })
+    } else if (err instanceof InvalidRequestError) {
+      res
+        .status(statusCode)
+        .json({ error: fromError(err.zodError).toString(), statusCode })
+    } else {
+      next(err)
+    }
+  }
 }

 const handleValidationError = createHandleValidationError(400)
@@ -1,4 +1,4 @@
-const { ParamsError } = require('./Errors')
+const { InvalidParamsError, InvalidRequestError } = require('./Errors')
 const { z } = require('zod')
 const { zz } = require('./zodHelpers')
 const { parseReq } = require('./parseReq')
@@ -15,5 +15,6 @@ module.exports = {
  parseReq,
  handleValidationError,
  createHandleValidationError,
-  ParamsError,
+  InvalidRequestError,
+  InvalidParamsError,
 }
@@ -10,21 +10,21 @@
  "license": "AGPL-3.0-only",
  "version": "1.0.0",
  "scripts": {
-    "test": "npm run lint && npm run types:check && npm run test:unit",
+    "test": "yarn run lint && yarn run types:check && yarn run test:unit",
    "lint": "eslint --cache --cache-location ../../node_modules/.cache/eslint/ --ext .cjs,.js,.jsx,.mjs,.ts --max-warnings 0 --format unix .",
    "lint:fix": "eslint --cache --cache-location ../../node_modules/.cache/eslint/ --fix --ext .cjs,.js,.jsx,.mjs,.ts .",
-    "test:ci": "npm run test:unit",
+    "test:ci": "yarn run test:unit",
    "test:unit": "vitest --config vitest.config.ts",
    "types:check": "tsc --noEmit"
  },
  "dependencies": {
-    "@overleaf/o-error": "*",
+    "@overleaf/o-error": "workspace:*",
    "mongodb": "^6.12.0",
    "zod": "^4.1.8",
    "zod-validation-error": "^4.0.1"
  },
  "devDependencies": {
    "typescript": "^5.0.4",
-    "vitest": "^4.0.0"
+    "vitest": "4.1.5"
  }
 }
@@ -1,5 +1,5 @@
 // @ts-check
-const { ParamsError } = require('./Errors')
+const { InvalidRequestError, InvalidParamsError } = require('./Errors')

 /**
 * @typedef {import('zod').ZodType} ZodType
@@ -25,9 +25,9 @@ function parseReq(req, schema) {
    return parsed.data
  } else if (parsed.error.issues.some(issue => issue.path[0] === 'params')) {
    // Parts of the URL path failed to validate; throw a specific error
-    throw new ParamsError('Invalid params').withCause(parsed.error)
+    throw new InvalidParamsError(parsed.error)
  } else {
-    throw parsed.error
+    throw new InvalidRequestError(parsed.error)
  }
 }

@@ -54,7 +54,7 @@ describe('parseReq', () => {
            }),
          })
        )
-      ).toThrowError(expect.objectContaining({ name: 'ParamsError' }))
+      ).toThrowError(expect.objectContaining({ name: 'InvalidParamsError' }))
    })

    it('should throw an error containing issues if the schema is invalid', () => {
@@ -75,9 +75,11 @@ describe('parseReq', () => {
        )
      ).toThrowError(
        expect.objectContaining({
-          issues: expect.arrayContaining([
-            expect.objectContaining({ path: ['body', 'name'] }),
-          ]),
+          zodError: expect.objectContaining({
+            issues: expect.arrayContaining([
+              expect.objectContaining({ path: ['body', 'name'] }),
+            ]),
+          }),
        })
      )
    })
@@ -217,4 +217,121 @@ describe('zodHelpers', () => {
      ])
    })
  })
+  describe('buildId', () => {
+    it('fails to parse when provided with an invalid buildId', () => {
+      const parsed = zz.buildId().safeParse('aa')
+      expect(parsed.success).toBe(false)
+      expect(parsed.error?.issues).toHaveLength(1)
+      expect(parsed.error?.issues).toMatchObject([
+        expect.objectContaining({
+          message: 'invalid buildId',
+        }),
+      ])
+    })
+
+    it('parses successfully when provided with a valid buildId', () => {
+      const parsed = zz.buildId().safeParse('19d6c341530-878fff6cdab7fb0c')
+      expect(parsed.success).toBe(true)
+      expect(parsed.data).toBe('19d6c341530-878fff6cdab7fb0c')
+    })
+
+    it('fails to parse when provided with an editorBuildId', () => {
+      const parsed = zz
+        .buildId()
+        .safeParse(
+          '03b1d773-6203-4669-b365-6a0aa5625878-19d6c341530-878fff6cdab7fb0c'
+        )
+      expect(parsed.success).toBe(false)
+      expect(parsed.error?.issues).toHaveLength(1)
+      expect(parsed.error?.issues).toMatchObject([
+        expect.objectContaining({
+          message: 'invalid buildId',
+        }),
+      ])
+    })
+  })
+
+  describe('editorBuildId', () => {
+    it('fails to parse when provided with an invalid buildId', () => {
+      const parsed = zz.editorBuildId().safeParse('aa')
+      expect(parsed.success).toBe(false)
+      expect(parsed.error?.issues).toHaveLength(1)
+      expect(parsed.error?.issues).toMatchObject([
+        expect.objectContaining({
+          message: 'invalid editorId-buildId',
+        }),
+      ])
+    })
+
+    it('fails to parse when provided with a buildId', () => {
+      const parsed = zz
+        .editorBuildId()
+        .safeParse('19d6c341530-878fff6cdab7fb0c')
+      expect(parsed.success).toBe(false)
+      expect(parsed.error?.issues).toHaveLength(1)
+      expect(parsed.error?.issues).toMatchObject([
+        expect.objectContaining({
+          message: 'invalid editorId-buildId',
+        }),
+      ])
+    })
+
+    it('parses successfully when provided with a valid editorId-buildId', () => {
+      const parsed = zz
+        .editorBuildId()
+        .safeParse(
+          '03b1d773-6203-4669-b365-6a0aa5625878-19d6c341530-878fff6cdab7fb0c'
+        )
+      expect(parsed.success).toBe(true)
+      expect(parsed.data).toBe(
+        '03b1d773-6203-4669-b365-6a0aa5625878-19d6c341530-878fff6cdab7fb0c'
+      )
+    })
+  })
+  describe('filepath', () => {
+    it('fails to parse with empty input', () => {
+      const parsed = zz.filepath().safeParse('')
+      expect(parsed.success).toBe(false)
+      expect(parsed.error?.issues).toHaveLength(1)
+      expect(parsed.error?.issues).toMatchObject([
+        expect.objectContaining({
+          message: 'path is empty',
+        }),
+      ])
+    })
+
+    it('fails to parse with absolute path', () => {
+      const parsed = zz.filepath().safeParse('/output.pdf')
+      expect(parsed.success).toBe(false)
+      expect(parsed.error?.issues).toHaveLength(1)
+      expect(parsed.error?.issues).toMatchObject([
+        expect.objectContaining({
+          message: 'path is absolute',
+        }),
+      ])
+    })
+
+    it('fails to parse when provided with path traversal', () => {
+      const parsed = zz.filepath().safeParse('../output.pdf')
+      expect(parsed.success).toBe(false)
+      expect(parsed.error?.issues).toHaveLength(1)
+      expect(parsed.error?.issues).toMatchObject([
+        expect.objectContaining({
+          message: 'path traversal detected',
+        }),
+      ])
+    })
+
+    it('parses successfully when provided a valid path', () => {
+      const parsed = zz.filepath().safeParse('output.pdf')
+      expect(parsed.success).toBe(true)
+      expect(parsed.data).toBe('output.pdf')
+    })
+
+    it('parses successfully when provided a valid nested path', () => {
+      const parsed = zz.filepath().safeParse('foo/output.pdf')
+      expect(parsed.success).toBe(true)
+      expect(parsed.data).toBe('foo/output.pdf')
+    })
+  })
 })
@@ -0,0 +1,8 @@
+function asZodError(...def) {
+  return {
+    name: 'ZodError',
+    _zod: { def },
+  }
+}
+
+module.exports = { asZodError }
@@ -33,6 +33,31 @@ const zz = {
  datetimeNullable: options => datetimeSchema({ ...options, allowNull: true }),
  datetimeNullish: options =>
    datetimeSchema({ ...options, allowNull: true, allowUndefined: true }),
+  buildId: () =>
+    z.string().regex(/^[0-9a-f]+-[0-9a-f]+$/, { message: 'invalid buildId' }),
+  editorBuildId: () =>
+    z.string().regex(/^[a-f0-9-]{36}-[0-9a-f]+-[0-9a-f]+$/, {
+      message: 'invalid editorId-buildId',
+    }),
+  clsiServerId: () =>
+    z.string().regex(/^[a-z0-9-]+$/, { message: 'invalid clsiServerId' }),
+  compileBackendClass: () =>
+    z
+      .string()
+      .regex(/^[a-z0-9-]+$/, { message: 'invalid compileBackendClass' }),
+  compileGroup: () =>
+    z.enum(['alpha', 'gvisor', 'standard', 'priority'], {
+      message: 'invalid compileGroup',
+    }),
+  submissionId: () => z.string().regex(/^[a-zA-Z0-9_-]+$/),
+  filepath: () =>
+    z
+      .string()
+      .nonempty({ message: 'path is empty' })
+      .refine(s => !s.startsWith('/'), { message: 'path is absolute' })
+      .refine(s => !s.split('/').includes('..'), {
+        message: 'path traversal detected',
+      }),
 }

 module.exports = { zz }
@@ -1,52 +1,209 @@
 {
  "name": "overleaf",
  "private": true,
-  "dependencies": {
-    "patch-package": "^8.0.0"
-  },
+  "packageManager": "yarn@4.14.1",
  "devDependencies": {
+    "@eslint/compat": "^2.1.0",
+    "@eslint/js": "^10.0.1",
+    "@overleaf/eslint-plugin": "workspace:*",
    "@prettier/plugin-pug": "^3.4.0",
    "@types/chai": "^4.3.0",
    "@types/chai-as-promised": "^7.1.8",
    "@types/mocha": "^10.0.6",
    "@types/multer": "^2.1.0",
-    "@typescript-eslint/eslint-plugin": "8.50.0",
-    "@typescript-eslint/parser": "^8.50.0",
+    "@typescript-eslint/eslint-plugin": "^8.59.4",
+    "@typescript-eslint/parser": "^8.59.4",
    "@vitest/eslint-plugin": "^1.5.0",
-    "eslint": "^8.15.0",
-    "eslint-config-prettier": "^8.5.0",
-    "eslint-config-standard": "^17.0.0",
-    "eslint-plugin-chai-expect": "^3.0.0",
-    "eslint-plugin-chai-friendly": "^0.7.2",
-    "eslint-plugin-cypress": "^2.15.1",
-    "eslint-plugin-import": "^2.26.0",
-    "eslint-plugin-mocha": "^10.1.0",
-    "eslint-plugin-n": "^15.7.0",
-    "eslint-plugin-prettier": "^4.0.0",
-    "eslint-plugin-promise": "^6.0.0",
+    "eslint": "^10.4.0",
+    "eslint-config-prettier": "^10.0.1",
+    "eslint-formatter-unix": "^8.40.0",
+    "eslint-plugin-chai-expect": "^4.0.0",
+    "eslint-plugin-chai-friendly": "^1.1.0",
+    "eslint-plugin-cypress": "^4.1.0",
+    "eslint-plugin-import": "^2.32.0",
+    "eslint-plugin-mocha": "^11.0.0",
+    "eslint-plugin-n": "^18.0.0",
+    "eslint-plugin-promise": "^7.2.1",
    "eslint-plugin-unicorn": "^56.0.0",
+    "globals": "^17.6.0",
    "prettier": "3.7.4",
    "prettier-plugin-groovy": "0.2.1",
    "typescript": "^5.9.3"
  },
  "engines": {
-    "npm": "11.11.0"
+    "node": ">=20.19.0"
  },
-  "overrides": {
-    "request@2.88.2": {
-      "tough-cookie": "5.1.2",
-      "form-data": "2.5.5",
-      "qs": "6.14.1"
-    },
-    "cypress@13.13.2": {
-      "@cypress/request@3.0.9": {
-        "qs": "6.14.1"
-      }
-    },
+  "resolutions": {
+    "@xmldom/xmldom": "0.8.13",
+    "argparse/underscore": "1.13.8",
+    "east/underscore": "1.13.8",
+    "referer-parser/js-yaml": "^4.1.1",
+    "sandboxed-module": "patch:sandboxed-module@npm%3A2.0.4#~/.yarn/patches/sandboxed-module-npm-2.0.4-f8b45aacc9.patch",
+    "request/tough-cookie": "5.1.2",
+    "request/form-data": "2.5.5",
+    "request/qs": "6.14.1",
+    "@cypress/request/qs": "6.14.1",
    "@opentelemetry/api": "1.9.0",
-    "mocha@^11.1.0": {
-      "serialize-javascript": "7.0.5"
-    }
+    "mocha/serialize-javascript": "7.0.5",
+    "pprof/protobufjs": "7.5.5",
+    "@google-cloud/profiler/protobufjs": "7.5.5",
+    "mocha-multi-reporters": "patch:mocha-multi-reporters@npm%3A1.5.1#~/.yarn/patches/mocha-multi-reporters-npm-1.5.1-0a1088aed5.patch",
+    "pdfjs-dist": "patch:pdfjs-dist@npm%3A5.1.91#~/.yarn/patches/pdfjs-dist-npm-5.1.91.patch",
+    "referer-parser": "patch:referer-parser@npm%3A0.0.3#~/.yarn/patches/referer-parser-npm-0.0.3.patch",
+    "sass": "1.77.1",
+    "@codemirror/autocomplete": "patch:@codemirror/autocomplete@npm%3A6.18.4#~/.yarn/patches/@codemirror-autocomplete-npm-6.18.4.patch",
+    "@codemirror/commands": "6.10.1",
+    "@codemirror/language": "6.12.1",
+    "@codemirror/lint": "6.9.2",
+    "@codemirror/search": "patch:@codemirror/search@npm%3A6.5.8#~/.yarn/patches/@codemirror-search-npm-6.5.8.patch",
+    "@codemirror/state": "6.5.4",
+    "@codemirror/view": "6.38.6",
+    "@lezer/common": "1.5.0",
+    "@lezer/highlight": "1.2.3",
+    "@lezer/lr": "1.4.7",
+    "@types/react": "18.3.28",
+    "@types/react-dom": "18.3.7",
+    "@vitest/expect": "4.1.5",
+    "@vitest/mocker": "4.1.5",
+    "@vitest/pretty-format": "4.1.5",
+    "@vitest/spy": "4.1.5",
+    "@vitest/utils": "4.1.5",
+    "cheerio": "1.0.0-rc.10",
+    "react": "18.3.1",
+    "react-dom": "18.3.1",
+    "sinon-chai": "3.7.0",
+    "i18next-scanner/i18next": "23.16.8",
+    "downshift": "9.0.9",
+    "body-parser@npm:1.20.4": "patch:body-parser@npm%3A1.20.4#~/.yarn/patches/body-parser-npm-1.20.4.patch",
+    "cypress-multi-reporters": "patch:cypress-multi-reporters@npm%3A2.0.5#~/.yarn/patches/cypress-multi-reporters-npm-2.0.5.patch",
+    "forwarded@npm:0.2.0": "patch:forwarded@npm%3A0.2.0#~/.yarn/patches/forwarded-npm-0.2.0.patch",
+    "multer@npm:2.1.1": "patch:multer@npm%3A2.1.1#~/.yarn/patches/multer-npm-2.1.1.patch",
+    "node-fetch": "patch:node-fetch@npm%3A2.7.0#~/.yarn/patches/node-fetch-npm-2.7.0.patch",
+    "passport-oauth2": "patch:passport-oauth2@npm%3A1.6.1#~/.yarn/patches/passport-oauth2-npm-1.6.1.patch",
+    "send": "patch:send@npm%3A0.19.0#~/.yarn/patches/send-npm-0.19.0.patch",
+    "serve-static": "1.16.2",
+    "@uppy/xhr-upload": "3.6.0",
+    "recurly": "4.12.0",
+    "mongoose": "8.22.1",
+    "pg": "8.7.1",
+    "pg-query-stream": "4.7.1",
+    "@aws-sdk/client-s3": "3.994.0",
+    "@aws-sdk/client-ses": "3.994.0",
+    "@aws-sdk/s3-request-presigner": "3.994.0",
+    "contentful": "10.8.5",
+    "@contentful/rich-text-html-renderer": "16.0.2",
+    "@contentful/rich-text-types": "16.0.2",
+    "i18next": "23.10.0",
+    "sanitize-html": "2.17.4",
+    "lodash": "4.18.1",
+    "express-session": "1.17.2",
+    "ioredis": "4.27.11",
+    "knip": "5.64.1",
+    "eslint-plugin-testing-library": "7.5.3",
+    "chart.js": "4.0.1",
+    "@customerio/cdp-analytics-node": "0.3.9",
+    "@google-cloud/bigquery": "8.1.1",
+    "moment": "2.29.4",
+    "sequelize-cli": "6.6.0",
+    "async": "3.2.5",
+    "dockerode": "4.0.9",
+    "tar-fs": "3.1.1",
+    "cluster-key-slot": "1.1.0",
+    "@octokit/request": "9.2.2",
+    "randomstring": "1.2.2",
+    "vite": "7.3.1",
+    "isomorphic-git": "1.33.1",
+    "http-status": "1.5.0",
+    "knex": "2.4.0",
+    "utf-8-validate": "5.0.8",
+    "samlp": "7.0.2",
+    "compression": "1.7.4",
+    "cookie-parser": "1.4.6",
+    "react-cookie": "7.2.0",
+    "react-dropzone": "14.2.3",
+    "@babel/core": "7.28.5",
+    "@babel/preset-env": "7.28.5",
+    "@babel/register": "7.28.3",
+    "@vitejs/plugin-react": "4.4.1",
+    "cssnano": "7.1.4",
+    "mini-css-extract-plugin": "2.7.6",
+    "nodemon": "3.0.1",
+    "postcss": "8.5.8",
+    "postcss-reporter": "7.0.5",
+    "zod": "4.1.11",
+    "zod-validation-error": "4.0.1",
+    "simple-oauth2": "5.0.0",
+    "@types/simple-oauth2": "5.0.7",
+    "@node-oauth/oauth2-server": "5.3.0",
+    "@phosphor-icons/react": "2.1.7",
+    "@slack/webhook": "7.0.2",
+    "@stripe/react-stripe-js": "3.9.0",
+    "@stripe/stripe-js": "7.7.0",
+    "cache-flow": "1.9.0",
+    "focus-trap-react": "11.0.4",
+    "i18next-http-middleware": "3.5.0",
+    "jose": "4.15.5",
+    "nodemailer": "8.0.5",
+    "on-headers": "1.0.2",
+    "pug": "3.0.3",
+    "rate-limiter-flexible": "2.4.1",
+    "react-hook-form": "7.71.1",
+    "stripe": "18.4.0",
+    "@babel/plugin-proposal-decorators": "7.28.0",
+    "@floating-ui/react": "0.27.16",
+    "@juggle/resize-observer": "3.3.1",
+    "@storybook/addon-a11y": "10.3.5",
+    "@storybook/addon-essentials": "10.3.5",
+    "@storybook/addon-interactions": "10.3.5",
+    "@storybook/addon-links": "10.3.5",
+    "@storybook/cli": "10.3.5",
+    "@storybook/react": "10.3.5",
+    "@storybook/react-webpack5": "10.3.5",
+    "@storybook/theming": "10.3.5",
+    "@streamdown/cjk": "1.0.2",
+    "@testing-library/dom": "10.4.0",
+    "@testing-library/user-event": "14.5.2",
+    "@types/express": "4.17.23",
+    "@types/recurly__recurly-js": "4.38.0",
+    "@types/sanitize-html": "2.16.0",
+    "@uppy/dashboard": "3.7.1",
+    "@uppy/drag-drop": "3.0.3",
+    "@uppy/file-input": "3.0.4",
+    "@uppy/progress-bar": "3.0.4",
+    "@uppy/react": "3.2.1",
+    "autoprefixer": "10.4.16",
+    "babel-plugin-module-resolver": "5.0.2",
+    "backbone": "1.6.0",
+    "dompurify": "3.4.0",
+    "eventsource-client": "1.1.4",
+    "fake-indexeddb": "6.0.0",
+    "formik": "2.2.9",
+    "katex": "0.16.28",
+    "match-sorter": "6.3.1",
+    "micromark": "4.0.0",
+    "pirates": "4.0.6",
+    "qrcode": "1.5.0",
+    "react-chartjs-2": "5.0.1",
+    "react-i18next": "13.3.1",
+    "react-resizable-panels": "2.1.1",
+    "rehype-harden": "1.1.7",
+    "scroll-into-view-if-needed": "2.2.28",
+    "storybook": "10.3.5",
+    "streamdown": "2.2.0",
+    "tailwindcss": "3.4.17",
+    "thread-loader": "patch:thread-loader@npm%3A4.0.2#~/.yarn/patches/thread-loader-npm-4.0.2-dab5735f54.patch",
+    "unist-util-visit": "5.0.0",
+    "use-stick-to-bottom": "1.1.1",
+    "zustand": "5.0.8",
+    "retry-request@npm:^8.0.0": "patch:retry-request@npm%3A8.0.2#~/.yarn/patches/retry-request-npm-8.0.2-448ad084c8.patch",
+    "retry-request@npm:^7.0.0": "patch:retry-request@npm%3A7.0.2#~/.yarn/patches/retry-request-npm-7.0.2-a41087680c.patch",
+    "teeny-request@npm:^10.0.0": "patch:teeny-request@npm%3A10.1.0#~/.yarn/patches/teeny-request-npm-10.1.0.patch",
+    "teeny-request@npm:^9.0.0": "patch:teeny-request@npm%3A9.0.0#~/.yarn/patches/teeny-request-npm-9.0.0-4d571e3c55.patch",
+    "@babel/plugin-transform-modules-systemjs": "7.29.4",
+    "fast-xml-builder": "1.1.7",
+    "ip-address": "10.1.1",
+    "systeminformation": "5.31.6",
+    "fast-uri": "3.1.2"
  },
  "scripts": {
    "format": "prettier --cache --cache-location ./node_modules/.cache/prettier/.prettier-cache --check",
@@ -57,11 +214,10 @@
    "format:pug:fix": "prettier --cache --cache-location ./node_modules/.cache/prettier/.prettier-cache --write --check '**/*.pug'",
    "format:jenkins": "prettier --cache --cache-location ./node_modules/.cache/prettier/.prettier-cache --check '**/Jenkinsfile'",
    "format:jenkins:fix": "prettier --cache --cache-location ./node_modules/.cache/prettier/.prettier-cache --write --check '**/Jenkinsfile'",
-    "format:monorepo-check": "prettier --cache --cache-location ./node_modules/.cache/prettier/.prettier-cache --check '**/Jenkinsfile' '**/*.md' '**/docker-compose.yml' '**/docker-compose.*.yml'",
-    "format:monorepo-check:fix": "prettier --cache --cache-location ./node_modules/.cache/prettier/.prettier-cache --write --check '**/Jenkinsfile' '**/*.md' '**/docker-compose.yml' '**/docker-compose.*.yml'",
+    "format:monorepo-check": "prettier --cache --cache-location ./node_modules/.cache/prettier/.prettier-cache --check '**/Jenkinsfile' '**/*.md' '**/docker-compose.yml' '**/docker-compose.*.yml' '.agents/**/*.js' '.agents/**/*.md'",
+    "format:monorepo-check:fix": "prettier --cache --cache-location ./node_modules/.cache/prettier/.prettier-cache --write --check '**/Jenkinsfile' '**/*.md' '**/docker-compose.yml' '**/docker-compose.*.yml' '.agents/**/*.js' '.agents/**/*.md'",
    "lint": "eslint --cache --cache-location ./node_modules/.cache/eslint/ --max-warnings 0 --format unix .",
-    "lint:fix": "eslint --cache --cache-location ./node_modules/.cache/eslint/ --fix .",
-    "postinstall": "patch-package"
+    "lint:fix": "eslint --cache --cache-location ./node_modules/.cache/eslint/ --fix ."
  },
  "workspaces": [
    "jobs/mirror-documentation",
@@ -72,7 +228,6 @@
    "services/clsi",
    "services/clsi-cache",
    "services/clsi-perf",
-    "services/contacts",
    "services/docstore",
    "services/document-updater",
    "services/filestore",
@@ -87,7 +242,6 @@
    "services/templates",
    "services/third-party-datastore",
    "services/third-party-references",
-    "services/tpdsworker",
    "services/web",
    "tools/dependency-management",
    "tools/npm-overrides-helper",
@@ -1,58 +0,0 @@
-diff --git a/node_modules/@google-cloud/logging/node_modules/teeny-request/build/src/index.js b/node_modules/@google-cloud/logging/node_modules/teeny-request/build/src/index.js
-index af5d15e..2b63d0c 100644
--- a/node_modules/@google-cloud/logging/node_modules/teeny-request/build/src/index.js
-+++ b/node_modules/@google-cloud/logging/node_modules/teeny-request/build/src/index.js
-@@ -115,6 +115,9 @@ function createMultipartStream(boundary, multipart) {
-         }
-         else {
-             part.body.pipe(stream, { end: false });
-+            part.body.on('error', (err) => {
-+                stream.destroy(err);
-+            });
-             part.body.on('end', () => {
-                 stream.write('\r\n');
-                 stream.write(finale);
-@@ -168,25 +171,27 @@ function teenyRequest(reqOpts, callback) {
-         // Stream mode
-         const requestStream = streamEvents(new stream_1.PassThrough());
-         // eslint-disable-next-line @typescript-eslint/no-explicit-any
-        let responseStream;
-        requestStream.once('reading', () => {
-            if (responseStream) {
-                (0, stream_1.pipeline)(responseStream, requestStream, () => { });
-            }
-            else {
-                requestStream.once('response', () => {
-                    (0, stream_1.pipeline)(responseStream, requestStream, () => { });
-                });
-            }
-        });
-+        // let responseStream;
-+        // requestStream.once('reading', () => {
-+        //    if (responseStream) {
-+        //        (0, stream_1.pipeline)(responseStream, requestStream, () => { });
-+        //    }
-+        //    else {
-+        //        requestStream.once('response', () => {
-+        //            (0, stream_1.pipeline)(responseStream, requestStream, () => { });
-+        //        });
-+        //    }
-+        // });
-+
-+
-         options.compress = false;
-         teenyRequest.stats.requestStarting();
-         (0, node_fetch_1.default)(uri, options).then(res => {
-            teenyRequest.stats.requestFinished();
-            responseStream = res.body;
-            responseStream.on('error', (err) => {
-                requestStream.emit('error', err);
-            });
-+            teenyRequest.stats.requestFinished(); stream_1.pipeline(res.body, requestStream, () => {});
-+        //    responseStream = res.body;
-+        //    responseStream.on('error', (err) => {
-+        //        requestStream.emit('error', err);
-+        //    });
-             const response = fetchToRequestResponse(options, res);
-             requestStream.emit('response', response);
-         }, err => {
@@ -1,30 +0,0 @@
-diff --git a/node_modules/@google-cloud/logging-min/node_modules/retry-request/index.js b/node_modules/@google-cloud/logging-min/node_modules/retry-request/index.js
-index 2fae107..5721c54 100644
--- a/node_modules/@google-cloud/logging-min/node_modules/retry-request/index.js
-+++ b/node_modules/@google-cloud/logging-min/node_modules/retry-request/index.js
-@@ -1,6 +1,6 @@
- 'use strict';
- 
-const {PassThrough} = require('stream');
-+const { PassThrough, pipeline } = require('stream');
- const extend = require('extend');
- 
- let debug = () => {};
-@@ -185,7 +185,7 @@ function retryRequest(requestOpts, opts, callback) {
-         .on('complete', (...params) => handleFinish(params))
-         .on('finish', (...params) => handleFinish(params));
- 
-      requestStream.pipe(delayStream);
-+      pipeline(requestStream, delayStream, () => {});
-     } else {
-       activeRequest = opts.request(requestOpts, onResponse);
-     }
-@@ -251,7 +251,7 @@ function retryRequest(requestOpts, opts, callback) {
-     // No more attempts need to be made, just continue on.
-     if (streamMode) {
-       retryStream.emit('response', response);
-      delayStream.pipe(retryStream);
-+      pipeline(delayStream, retryStream, () => {});
-       requestStream.on('error', err => {
-         retryStream.destroy(err);
-       });
@@ -1,58 +0,0 @@
-diff --git a/node_modules/@google-cloud/logging-min/node_modules/teeny-request/build/src/index.js b/node_modules/@google-cloud/logging-min/node_modules/teeny-request/build/src/index.js
-index af5d15e..2b63d0c 100644
--- a/node_modules/@google-cloud/logging-min/node_modules/teeny-request/build/src/index.js
-+++ b/node_modules/@google-cloud/logging-min/node_modules/teeny-request/build/src/index.js
-@@ -115,6 +115,9 @@ function createMultipartStream(boundary, multipart) {
-         }
-         else {
-             part.body.pipe(stream, { end: false });
-+            part.body.on('error', (err) => {
-+                stream.destroy(err);
-+            });
-             part.body.on('end', () => {
-                 stream.write('\r\n');
-                 stream.write(finale);
-@@ -168,25 +171,27 @@ function teenyRequest(reqOpts, callback) {
-         // Stream mode
-         const requestStream = streamEvents(new stream_1.PassThrough());
-         // eslint-disable-next-line @typescript-eslint/no-explicit-any
-        let responseStream;
-        requestStream.once('reading', () => {
-            if (responseStream) {
-                (0, stream_1.pipeline)(responseStream, requestStream, () => { });
-            }
-            else {
-                requestStream.once('response', () => {
-                    (0, stream_1.pipeline)(responseStream, requestStream, () => { });
-                });
-            }
-        });
-+        // let responseStream;
-+        // requestStream.once('reading', () => {
-+        //    if (responseStream) {
-+        //        (0, stream_1.pipeline)(responseStream, requestStream, () => { });
-+        //    }
-+        //    else {
-+        //        requestStream.once('response', () => {
-+        //            (0, stream_1.pipeline)(responseStream, requestStream, () => { });
-+        //        });
-+        //    }
-+        // });
-+
-+
-         options.compress = false;
-         teenyRequest.stats.requestStarting();
-         (0, node_fetch_1.default)(uri, options).then(res => {
-            teenyRequest.stats.requestFinished();
-            responseStream = res.body;
-            responseStream.on('error', (err) => {
-                requestStream.emit('error', err);
-            });
-+            teenyRequest.stats.requestFinished(); stream_1.pipeline(res.body, requestStream, () => {});
-+        //    responseStream = res.body;
-+        //    responseStream.on('error', (err) => {
-+        //        requestStream.emit('error', err);
-+        //    });
-             const response = fetchToRequestResponse(options, res);
-             requestStream.emit('response', response);
-         }, err => {
@@ -1,30 +0,0 @@
-diff --git a/node_modules/@google-cloud/profiler/node_modules/retry-request/index.js b/node_modules/@google-cloud/profiler/node_modules/retry-request/index.js
-index 2fae107..5721c54 100644
--- a/node_modules/@google-cloud/profiler/node_modules/retry-request/index.js
-+++ b/node_modules/@google-cloud/profiler/node_modules/retry-request/index.js
-@@ -1,6 +1,6 @@
- 'use strict';
- 
-const {PassThrough} = require('stream');
-+const { PassThrough, pipeline } = require('stream');
- const extend = require('extend');
- 
- let debug = () => {};
-@@ -185,7 +185,7 @@ function retryRequest(requestOpts, opts, callback) {
-         .on('complete', (...params) => handleFinish(params))
-         .on('finish', (...params) => handleFinish(params));
- 
-      requestStream.pipe(delayStream);
-+      pipeline(requestStream, delayStream, () => {});
-     } else {
-       activeRequest = opts.request(requestOpts, onResponse);
-     }
-@@ -251,7 +251,7 @@ function retryRequest(requestOpts, opts, callback) {
-     // No more attempts need to be made, just continue on.
-     if (streamMode) {
-       retryStream.emit('response', response);
-      delayStream.pipe(retryStream);
-+      pipeline(delayStream, retryStream, () => {});
-       requestStream.on('error', err => {
-         retryStream.destroy(err);
-       });
@@ -1,58 +0,0 @@
-diff --git a/node_modules/@google-cloud/profiler/node_modules/teeny-request/build/src/index.js b/node_modules/@google-cloud/profiler/node_modules/teeny-request/build/src/index.js
-index af5d15e..2b63d0c 100644
--- a/node_modules/@google-cloud/profiler/node_modules/teeny-request/build/src/index.js
-+++ b/node_modules/@google-cloud/profiler/node_modules/teeny-request/build/src/index.js
-@@ -115,6 +115,9 @@ function createMultipartStream(boundary, multipart) {
-         }
-         else {
-             part.body.pipe(stream, { end: false });
-+            part.body.on('error', (err) => {
-+                stream.destroy(err);
-+            });
-             part.body.on('end', () => {
-                 stream.write('\r\n');
-                 stream.write(finale);
-@@ -168,25 +171,27 @@ function teenyRequest(reqOpts, callback) {
-         // Stream mode
-         const requestStream = streamEvents(new stream_1.PassThrough());
-         // eslint-disable-next-line @typescript-eslint/no-explicit-any
-        let responseStream;
-        requestStream.once('reading', () => {
-            if (responseStream) {
-                (0, stream_1.pipeline)(responseStream, requestStream, () => { });
-            }
-            else {
-                requestStream.once('response', () => {
-                    (0, stream_1.pipeline)(responseStream, requestStream, () => { });
-                });
-            }
-        });
-+        // let responseStream;
-+        // requestStream.once('reading', () => {
-+        //    if (responseStream) {
-+        //        (0, stream_1.pipeline)(responseStream, requestStream, () => { });
-+        //    }
-+        //    else {
-+        //        requestStream.once('response', () => {
-+        //            (0, stream_1.pipeline)(responseStream, requestStream, () => { });
-+        //        });
-+        //    }
-+        // });
-+
-+
-         options.compress = false;
-         teenyRequest.stats.requestStarting();
-         (0, node_fetch_1.default)(uri, options).then(res => {
-            teenyRequest.stats.requestFinished();
-            responseStream = res.body;
-            responseStream.on('error', (err) => {
-                requestStream.emit('error', err);
-            });
-+            teenyRequest.stats.requestFinished(); stream_1.pipeline(res.body, requestStream, () => {});
-+        //    responseStream = res.body;
-+        //    responseStream.on('error', (err) => {
-+        //        requestStream.emit('error', err);
-+        //    });
-             const response = fetchToRequestResponse(options, res);
-             requestStream.emit('response', response);
-         }, err => {
@@ -1,30 +0,0 @@
-diff --git a/node_modules/@google-cloud/storage/node_modules/retry-request/index.js b/node_modules/@google-cloud/storage/node_modules/retry-request/index.js
-index 2fae107..5721c54 100644
--- a/node_modules/@google-cloud/storage/node_modules/retry-request/index.js
-+++ b/node_modules/@google-cloud/storage/node_modules/retry-request/index.js
-@@ -1,6 +1,6 @@
- 'use strict';
- 
-const {PassThrough} = require('stream');
-+const { PassThrough, pipeline } = require('stream');
- const extend = require('extend');
- 
- let debug = () => {};
-@@ -185,7 +185,7 @@ function retryRequest(requestOpts, opts, callback) {
-         .on('complete', (...params) => handleFinish(params))
-         .on('finish', (...params) => handleFinish(params));
- 
-      requestStream.pipe(delayStream);
-+      pipeline(requestStream, delayStream, () => {});
-     } else {
-       activeRequest = opts.request(requestOpts, onResponse);
-     }
-@@ -251,7 +251,7 @@ function retryRequest(requestOpts, opts, callback) {
-     // No more attempts need to be made, just continue on.
-     if (streamMode) {
-       retryStream.emit('response', response);
-      delayStream.pipe(retryStream);
-+      pipeline(delayStream, retryStream, () => {});
-       requestStream.on('error', err => {
-         retryStream.destroy(err);
-       });
@@ -1,58 +0,0 @@
-diff --git a/node_modules/@google-cloud/storage/node_modules/teeny-request/build/src/index.js b/node_modules/@google-cloud/storage/node_modules/teeny-request/build/src/index.js
-index af5d15e..2b63d0c 100644
--- a/node_modules/@google-cloud/storage/node_modules/teeny-request/build/src/index.js
-+++ b/node_modules/@google-cloud/storage/node_modules/teeny-request/build/src/index.js
-@@ -115,6 +115,9 @@ function createMultipartStream(boundary, multipart) {
-         }
-         else {
-             part.body.pipe(stream, { end: false });
-+            part.body.on('error', (err) => {
-+                stream.destroy(err);
-+            });
-             part.body.on('end', () => {
-                 stream.write('\r\n');
-                 stream.write(finale);
-@@ -168,25 +171,27 @@ function teenyRequest(reqOpts, callback) {
-         // Stream mode
-         const requestStream = streamEvents(new stream_1.PassThrough());
-         // eslint-disable-next-line @typescript-eslint/no-explicit-any
-        let responseStream;
-        requestStream.once('reading', () => {
-            if (responseStream) {
-                (0, stream_1.pipeline)(responseStream, requestStream, () => { });
-            }
-            else {
-                requestStream.once('response', () => {
-                    (0, stream_1.pipeline)(responseStream, requestStream, () => { });
-                });
-            }
-        });
-+        // let responseStream;
-+        // requestStream.once('reading', () => {
-+        //    if (responseStream) {
-+        //        (0, stream_1.pipeline)(responseStream, requestStream, () => { });
-+        //    }
-+        //    else {
-+        //        requestStream.once('response', () => {
-+        //            (0, stream_1.pipeline)(responseStream, requestStream, () => { });
-+        //        });
-+        //    }
-+        // });
-+
-+
-         options.compress = false;
-         teenyRequest.stats.requestStarting();
-         (0, node_fetch_1.default)(uri, options).then(res => {
-            teenyRequest.stats.requestFinished();
-            responseStream = res.body;
-            responseStream.on('error', (err) => {
-                requestStream.emit('error', err);
-            });
-+            teenyRequest.stats.requestFinished(); stream_1.pipeline(res.body, requestStream, () => {});
-+        //    responseStream = res.body;
-+        //    responseStream.on('error', (err) => {
-+        //        requestStream.emit('error', err);
-+        //    });
-             const response = fetchToRequestResponse(options, res);
-             requestStream.emit('response', response);
-         }, err => {
@@ -1 +0,0 @@
-The patches in this folder are applied by `patch-package` to dependencies, particularly those which need changes that are difficult to apply upstream.
@@ -1,22 +0,0 @@
-diff --git a/node_modules/retry-request/index.js b/node_modules/retry-request/index.js
-index 298a351..7ec1ef8 100644
--- a/node_modules/retry-request/index.js
-+++ b/node_modules/retry-request/index.js
-@@ -185,7 +185,7 @@ function retryRequest(requestOpts, opts, callback) {
-         .on('complete', (...params) => handleFinish(params))
-         .on('finish', (...params) => handleFinish(params));
- 
-      requestStream.pipe(delayStream);
-+      pipeline(requestStream, delayStream, () => {});
-     } else {
-       activeRequest = opts.request(requestOpts, onResponse);
-     }
-@@ -251,7 +251,7 @@ function retryRequest(requestOpts, opts, callback) {
-     // No more attempts need to be made, just continue on.
-     if (streamMode) {
-       retryStream.emit('response', response);
-      delayStream.pipe(retryStream);
-+      pipeline(delayStream, retryStream, () => {});
-       requestStream.on('error', err => {
-         retryStream.destroy(err);
-       });
--- a/Show More
+++ b/Show More
				`@@ -1 +0,0 @@`
				The patches in this folder are applied by `patch-package` to dependencies, particularly those which need changes that are difficult to apply upstream.