diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
index 2cfff78853..e4964e8909 100644
--- a/.devcontainer/devcontainer.json
+++ b/.devcontainer/devcontainer.json
@@ -32,7 +32,6 @@
                 "mutantdino.resourcemonitor",
                 "oderwat.indent-rainbow",
                 "redhat.vscode-yaml",
-                "spmeesseman.vscode-taskexplorer",
                 "ms-python.pylint",
                 "charliermarsh.ruff"
             ],
diff --git a/.devcontainer/docker-compose.extend.yml b/.devcontainer/docker-compose.extend.yml
index a92f42bc6d..ce1ce259fd 100644
--- a/.devcontainer/docker-compose.extend.yml
+++ b/.devcontainer/docker-compose.extend.yml
@@ -14,8 +14,8 @@ services:
         network_mode: service:db
     blobstore:
         ports:
-            - '9000'
-            - '9001'
+            - '9000:9000'
+            - '9001:9001'
 
 volumes:
     datatracker-vscode-ext:
diff --git a/.github/workflows/build-base-app.yml b/.github/workflows/build-base-app.yml
index 4a4394fca0..a2abe089ce 100644
--- a/.github/workflows/build-base-app.yml
+++ b/.github/workflows/build-base-app.yml
@@ -18,7 +18,7 @@ jobs:
       packages: write
 
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v7
       with:
         token: ${{ secrets.GH_COMMON_TOKEN }}
 
@@ -28,20 +28,20 @@ jobs:
         echo "IMGVERSION=$CURDATE" >> $GITHUB_ENV
 
     - name: Set up QEMU
-      uses: docker/setup-qemu-action@v3
+      uses: docker/setup-qemu-action@v4
     
     - name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@v3
+      uses: docker/setup-buildx-action@v4
 
     - name: Login to GitHub Container Registry
-      uses: docker/login-action@v3
+      uses: docker/login-action@v4
       with:
         registry: ghcr.io
         username: ${{ github.actor }}
         password: ${{ secrets.GITHUB_TOKEN }}
 
     - name: Docker Build & Push
-      uses: docker/build-push-action@v6
+      uses: docker/build-push-action@v7
       env:
         DOCKER_BUILD_SUMMARY: false
       with:
@@ -60,7 +60,7 @@ jobs:
         echo "${{ env.IMGVERSION }}" > dev/build/TARGET_BASE
 
     - name: Commit CHANGELOG.md
-      uses: stefanzweifel/git-auto-commit-action@v6
+      uses: stefanzweifel/git-auto-commit-action@v7
       with:
         branch: ${{ github.ref_name }}
         commit_message: 'ci: update base image target version to ${{ env.IMGVERSION }}'
diff --git a/.github/workflows/build-devblobstore.yml b/.github/workflows/build-devblobstore.yml
index f49a11af19..429aa08b00 100644
--- a/.github/workflows/build-devblobstore.yml
+++ b/.github/workflows/build-devblobstore.yml
@@ -20,20 +20,20 @@ jobs:
       packages: write
 
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v7
     
     - name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@v3
+      uses: docker/setup-buildx-action@v4
 
     - name: Login to GitHub Container Registry
-      uses: docker/login-action@v3
+      uses: docker/login-action@v4
       with:
         registry: ghcr.io
         username: ${{ github.actor }}
         password: ${{ secrets.GITHUB_TOKEN }}
 
     - name: Docker Build & Push
-      uses: docker/build-push-action@v6
+      uses: docker/build-push-action@v7
       env:
         DOCKER_BUILD_SUMMARY: false
       with:
diff --git a/.github/workflows/build-mq-broker.yml b/.github/workflows/build-mq-broker.yml
index 4de861dbcd..7832e65a3a 100644
--- a/.github/workflows/build-mq-broker.yml
+++ b/.github/workflows/build-mq-broker.yml
@@ -24,23 +24,32 @@ jobs:
       packages: write
 
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v7
 
     - name: Set up QEMU
-      uses: docker/setup-qemu-action@v3
+      uses: docker/setup-qemu-action@v4
     
     - name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@v3
+      uses: docker/setup-buildx-action@v4
 
     - name: Login to GitHub Container Registry
-      uses: docker/login-action@v3
+      uses: docker/login-action@v4
       with:
         registry: ghcr.io
         username: ${{ github.actor }}
         password: ${{ secrets.GITHUB_TOKEN }}
 
+    - name: Set rabbitmq version
+      id: rabbitmq-version
+      run: |
+        if [[ "${{ inputs.rabbitmq_version }}" == "" ]]; then
+          echo "RABBITMQ_VERSION=3.13-alpine" >> $GITHUB_OUTPUT
+        else
+          echo "RABBITMQ_VERSION=${{ inputs.rabbitmq_version }}" >> $GITHUB_OUTPUT
+        fi
+
     - name: Docker Build & Push
-      uses: docker/build-push-action@v6
+      uses: docker/build-push-action@v7
       env:
         DOCKER_BUILD_SUMMARY: false
       with:
@@ -48,7 +57,7 @@ jobs:
         file: dev/mq/Dockerfile
         platforms: linux/amd64,linux/arm64
         push: true
-        build-args: RABBITMQ_VERSION=${{ inputs.rabbitmq_version }}
+        build-args: RABBITMQ_VERSION=${{ steps.rabbitmq-version.outputs.RABBITMQ_VERSION }}
         tags: |
-          ghcr.io/ietf-tools/datatracker-mq:${{ inputs.rabbitmq_version }}
+          ghcr.io/ietf-tools/datatracker-mq:${{ steps.rabbitmq-version.outputs.RABBITMQ_VERSION }}
           ghcr.io/ietf-tools/datatracker-mq:latest
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index d97889fbb8..5088d763e9 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -1,10 +1,7 @@
-name: Build and Release
-run-name: ${{ github.ref_name == 'release' && '[Prod]' || '[Dev]' }} Build ${{ github.run_number }} of branch ${{ github.ref_name }} by @${{ github.actor }}
+name: Build Dev and Deploy
+run-name: Dev Build ${{ github.run_number }} of branch ${{ github.ref_name }} by @${{ github.actor }}
 
 on:
-  push:
-    branches: [release]
-    
   workflow_dispatch:
     inputs:
       deploy:
@@ -14,24 +11,28 @@ on:
         type: choice
         options:
           - Skip
-          - Staging Only
-          - Staging + Prod
-      dev:
-        description: 'Deploy to Dev'
-        default: true
+          - Dev
+          - Staging
+      deployStrategy:
+        description: 'Deploy Strategy (Staging Only)'
+        default: 'Recreate'
         required: true
-        type: boolean
+        type: choice
+        options:
+          - Recreate
+          - RollingUpdate
+          - Current
       devNoDbRefresh:
-        description: 'Dev Disable Daily DB Refresh'
+        description: 'Disable Daily DB Refresh (Dev Only)'
         default: false
         required: true
         type: boolean
-      skiptests:
+      skipTests:
         description: 'Skip Tests'
         default: false
         required: true
         type: boolean
-      skiparm:
+      skipArmBuild:
         description: 'Skip ARM64 Build'
         default: false
         required: true
@@ -56,34 +57,21 @@ jobs:
   # PREPARE
   # -----------------------------------------------------------------
   prepare:
-    name: Prepare Release
+    name: Prepare
     runs-on: ubuntu-latest
     outputs:
-      should_deploy: ${{ steps.buildvars.outputs.should_deploy }}
-      pkg_version: ${{ steps.buildvars.outputs.pkg_version }}
-      from_tag: ${{ steps.semver.outputs.nextStrict }}
-      to_tag: ${{ steps.semver.outputs.current }}
-      base_image_version: ${{ steps.baseimgversion.outputs.base_image_version }}
+      buildVersion: ${{ steps.buildvars.outputs.buildVersion }}
+      previousVersion: ${{ steps.semver.outputs.current }}
+      baseImageVersion: ${{ steps.baseimgversion.outputs.baseImageVersion }}
 
     steps:   
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v7
       with:
         fetch-depth: 1
         fetch-tags: false
 
-    - name: Get Next Version (Prod)
-      if: ${{ github.ref_name == 'release' }}
-      id: semver
-      uses: ietf-tools/semver-action@v1
-      with:
-        token: ${{ github.token }}
-        branch: release
-        skipInvalidTags: true
-        patchList: fix, bugfix, perf, refactor, test, tests, chore
-
     - name: Get Dev Version
-      if: ${{ github.ref_name != 'release' }}
-      id: semverdev
+      id: semver
       uses: ietf-tools/semver-action@v1
       with:
         token: ${{ github.token }}
@@ -91,260 +79,54 @@ jobs:
         skipInvalidTags: true
         noVersionBumpBehavior: 'current'
         noNewCommitBehavior: 'current'
-      
-    - name: Set Release Flag
-      if: ${{ github.ref_name == 'release' }}
-      run: |
-        echo "IS_RELEASE=true" >> $GITHUB_ENV
-        
-    - name: Create Draft Release
-      uses: ncipollo/release-action@v1.18.0
-      if: ${{ github.ref_name == 'release' }}
-      with:
-        prerelease: true
-        draft: false
-        commit: ${{ github.sha }}
-        tag: ${{ steps.semver.outputs.nextStrict }}
-        name: ${{ steps.semver.outputs.nextStrict }}
-        body: '*pending*'
-        token: ${{ secrets.GITHUB_TOKEN }}
     
     - name: Set Build Variables
       id: buildvars
       run: |
-        if [[ $IS_RELEASE ]]; then
-          echo "Using AUTO SEMVER mode: ${{ steps.semver.outputs.nextStrict }}"
-          echo "should_deploy=true" >> $GITHUB_OUTPUT
-          echo "pkg_version=${{ steps.semver.outputs.nextStrict }}" >> $GITHUB_OUTPUT
-          echo "::notice::Release ${{ steps.semver.outputs.nextStrict }} created using branch $GITHUB_REF_NAME"
-        else
-          echo "Using TEST mode: ${{ steps.semverdev.outputs.nextMajorStrict }}.0.0-dev.$GITHUB_RUN_NUMBER"
-          echo "should_deploy=false" >> $GITHUB_OUTPUT
-          echo "pkg_version=${{ steps.semverdev.outputs.nextMajorStrict }}.0.0-dev.$GITHUB_RUN_NUMBER" >> $GITHUB_OUTPUT
-          echo "::notice::Non-production build ${{ steps.semverdev.outputs.nextMajorStrict }}.0.0-dev.$GITHUB_RUN_NUMBER created using branch $GITHUB_REF_NAME"
-        fi
+        SHORT_SHA="${GITHUB_SHA:0:7}"
+        echo "Will set build version to: ${{ steps.semver.outputs.nextMajorStrict }}.0.0-dev.$SHORT_SHA"
+        echo "buildVersion=${{ steps.semver.outputs.nextMajorStrict }}.0.0-dev.$SHORT_SHA" >> $GITHUB_OUTPUT
+        echo "::notice::Non-production build ${{ steps.semver.outputs.nextMajorStrict }}.0.0-dev.$SHORT_SHA created using branch $GITHUB_REF_NAME"
 
     - name: Get Base Image Target Version
       id: baseimgversion
       run: |
-        echo "base_image_version=$(sed -n '1p' dev/build/TARGET_BASE)" >> $GITHUB_OUTPUT
+        echo "baseImageVersion=$(sed -n '1p' dev/build/TARGET_BASE)" >> $GITHUB_OUTPUT
 
   # -----------------------------------------------------------------
   # TESTS
   # -----------------------------------------------------------------
-  
   tests:
     name: Run Tests
-    uses: ./.github/workflows/tests.yml
-    if: ${{ github.event.inputs.skiptests == 'false' || github.ref_name == 'release' }}
+    uses: ./.github/workflows/reusable-tests.yml
+    if: ${{ inputs.skipTests == 'false' }}
     needs: [prepare]
     secrets: inherit
     with:
-      ignoreLowerCoverage: ${{ github.event.inputs.ignoreLowerCoverage == 'true' }}
+      ignoreLowerCoverage: ${{ inputs.ignoreLowerCoverage == 'true' }}
       skipSelenium: true
-      targetBaseVersion: ${{ needs.prepare.outputs.base_image_version }}
+      targetBaseVersion: ${{ needs.prepare.outputs.baseImageVersion }}
 
   # -----------------------------------------------------------------
-  # RELEASE
+  # BUILD IMAGE
   # -----------------------------------------------------------------
-  release:
-    name: Make Release
+  build:
+    name: Build Image
+    uses: ./.github/workflows/reusable-build.yml
     if: ${{ !failure() && !cancelled() }}
     needs: [tests, prepare]
-    runs-on:
-      group: hperf-8c32r
     permissions:
       contents: write
       packages: write
-    env:
-      SHOULD_DEPLOY: ${{needs.prepare.outputs.should_deploy}}
-      PKG_VERSION: ${{needs.prepare.outputs.pkg_version}}
-      FROM_TAG: ${{needs.prepare.outputs.from_tag}}
-      TO_TAG: ${{needs.prepare.outputs.to_tag}}
-      TARGET_BASE: ${{needs.prepare.outputs.base_image_version}}
-
-    steps:
-    - uses: actions/checkout@v4
-      with:
-        fetch-depth: 1
-        fetch-tags: false
-
-    - name: Setup Node.js environment
-      uses: actions/setup-node@v6
-      with:
-        node-version: 18.x
-
-    - name: Setup Python
-      uses: actions/setup-python@v5
-      with:
-        python-version: "3.x"
-
-    - name: Setup AWS CLI
-      uses: unfor19/install-aws-cli-action@v1
-      with:
-        version: 2.22.35
-
-    - name: Download a Coverage Results
-      if: ${{ github.event.inputs.skiptests == 'false' || github.ref_name == 'release' }}
-      uses: actions/download-artifact@v4.3.0
-      with:
-        name: coverage
-
-    - name: Make Release Build
-      env:
-        DEBIAN_FRONTEND: noninteractive
-        BROWSERSLIST_IGNORE_OLD_DATA: 1
-      run: |
-        echo "PKG_VERSION: $PKG_VERSION"
-        echo "GITHUB_SHA: $GITHUB_SHA"
-        echo "GITHUB_REF_NAME: $GITHUB_REF_NAME"
-        echo "Running frontend build script..."
-        echo "Compiling native node packages..."
-        yarn rebuild
-        echo "Packaging static assets..."
-        yarn build --base=https://static.ietf.org/dt/$PKG_VERSION/
-        yarn legacy:build
-        echo "Setting version $PKG_VERSION..."
-        sed -i -r -e "s|^__version__ += '.*'$|__version__ = '$PKG_VERSION'|" ietf/__init__.py
-        sed -i -r -e "s|^__release_hash__ += '.*'$|__release_hash__ = '$GITHUB_SHA'|" ietf/__init__.py
-        sed -i -r -e "s|^__release_branch__ += '.*'$|__release_branch__ = '$GITHUB_REF_NAME'|" ietf/__init__.py
-
-    - name: Set Production Flags
-      if: ${{ env.SHOULD_DEPLOY == 'true' }}
-      run: |
-        echo "Setting production flags in settings.py..."
-        sed -i -r -e 's/^DEBUG *= *.*$/DEBUG = False/' -e "s/^SERVER_MODE *= *.*\$/SERVER_MODE = 'production'/" ietf/settings.py
-        
-    - name: Make Release Tarball
-      env:
-        DEBIAN_FRONTEND: noninteractive
-      run: |
-        echo "Build release tarball..."
-        mkdir -p /home/runner/work/release
-        tar -czf /home/runner/work/release/release.tar.gz -X dev/build/exclude-patterns.txt .
-
-    - name: Collect + Push Statics
-      env:
-        DEBIAN_FRONTEND: noninteractive
-        AWS_ACCESS_KEY_ID: ${{ secrets.CF_R2_STATIC_KEY_ID }}
-        AWS_SECRET_ACCESS_KEY: ${{ secrets.CF_R2_STATIC_KEY_SECRET }}
-        AWS_DEFAULT_REGION: auto
-        AWS_ENDPOINT_URL: ${{ secrets.CF_R2_ENDPOINT }}
-      run: |
-        echo "Collecting statics..."
-        echo "Using ghcr.io/ietf-tools/datatracker-app-base:${{ env.TARGET_BASE }}"
-        docker run --rm --name collectstatics -v $(pwd):/workspace ghcr.io/ietf-tools/datatracker-app-base:${{ env.TARGET_BASE }} sh dev/build/collectstatics.sh
-        echo "Pushing statics..."
-        cd static
-        aws s3 sync . s3://static/dt/$PKG_VERSION --only-show-errors
-
-    - name: Augment dockerignore for docker image build
-      env:
-        DEBIAN_FRONTEND: noninteractive
-      run: |
-        cat >> .dockerignore <<EOL
-        .devcontainer
-        .github
-        .vscode
-        k8s
-        playwright
-        svn-history
-        docker-compose.yml
-        EOL
-
-    - name: Setup Docker Buildx
-      uses: docker/setup-buildx-action@v3
-
-    - name: Login to GitHub Container Registry
-      uses: docker/login-action@v3
-      with:
-        registry: ghcr.io
-        username: ${{ github.actor }}
-        password: ${{ secrets.GITHUB_TOKEN }}
-
-    - name: Add feature-latest tag
-      if: ${{ startsWith(github.ref_name, 'feat/') }}
-      run: echo "FEATURE_LATEST_TAG=$(echo $GITHUB_REF_NAME | tr / -)" >> $GITHUB_ENV
-
-    - name: Build Images
-      uses: docker/build-push-action@v6
-      env:
-        DOCKER_BUILD_SUMMARY: false
-      with:
-        context: .
-        file: dev/build/Dockerfile
-        platforms: ${{ github.event.inputs.skiparm == 'true' && 'linux/amd64' || 'linux/amd64,linux/arm64' }}
-        push: true
-        tags: |
-          ghcr.io/ietf-tools/datatracker:${{ env.PKG_VERSION }}
-          ${{ env.FEATURE_LATEST_TAG && format('ghcr.io/ietf-tools/datatracker:{0}-latest', env.FEATURE_LATEST_TAG) || null }}
-
-    - name: Update CHANGELOG
-      id: changelog
-      uses: Requarks/changelog-action@v1
-      if: ${{ env.SHOULD_DEPLOY == 'true' }}
-      with:
-        token: ${{ github.token }}
-        fromTag: ${{ env.FROM_TAG }}
-        toTag: ${{ env.TO_TAG }}
-        writeToFile: false
-
-    - name: Download Coverage Results
-      if: ${{ github.event.inputs.skiptests == 'false' || github.ref_name == 'release' }}
-      uses: actions/download-artifact@v4.3.0
-      with:
-        name: coverage
-
-    - name: Prepare Coverage Action
-      if: ${{ github.event.inputs.skiptests == 'false' || github.ref_name == 'release' }}
-      working-directory: ./dev/coverage-action
-      run: npm install
-        
-    - name: Process Coverage Stats + Chart
-      id: covprocess
-      uses: ./dev/coverage-action/
-      if: ${{ github.event.inputs.skiptests == 'false' || github.ref_name == 'release' }}
-      with:
-        token: ${{ github.token }}
-        tokenCommon: ${{ secrets.GH_COMMON_TOKEN }}
-        repoCommon: common
-        version: ${{needs.prepare.outputs.pkg_version}}
-        changelog: ${{ steps.changelog.outputs.changes }}
-        summary: ''
-        coverageResultsPath: coverage.json
-        histCoveragePath: historical-coverage.json
-        
-    - name: Create Release
-      uses: ncipollo/release-action@v1.18.0
-      if: ${{ env.SHOULD_DEPLOY == 'true' }}
-      with:
-        allowUpdates: true
-        makeLatest: true
-        draft: false
-        tag: ${{ env.PKG_VERSION }}
-        name: ${{ env.PKG_VERSION }}
-        body: ${{ steps.covprocess.outputs.changelog }}
-        artifacts: "/home/runner/work/release/release.tar.gz,coverage.json,historical-coverage.json"
-        token: ${{ secrets.GITHUB_TOKEN }}
-
-    - name: Update Baseline Coverage
-      uses: ncipollo/release-action@v1.18.0
-      if: ${{ github.event.inputs.updateCoverage == 'true' || github.ref_name == 'release' }}
-      with:
-        allowUpdates: true
-        tag: baseline
-        omitBodyDuringUpdate: true
-        omitNameDuringUpdate: true
-        omitPrereleaseDuringUpdate: true
-        replacesArtifacts: true
-        artifacts: "coverage.json"
-        token: ${{ secrets.GITHUB_TOKEN }}
-        
-    - name: Upload Build Artifacts
-      uses: actions/upload-artifact@v4
-      with:
-        name: release-${{ env.PKG_VERSION }}
-        path: /home/runner/work/release/release.tar.gz
+    secrets: inherit
+    with:
+      buildVersion: ${{ needs.prepare.outputs.buildVersion }}
+      isReleaseBuild: false
+      previousVersion: ${{ needs.prepare.outputs.previousVersion }}
+      handleCoverageResults: ${{ inputs.skipTests == 'false' }}
+      updateCoverageBaseline: ${{ inputs.updateCoverage }}
+      baseImageVersion: ${{ needs.prepare.outputs.baseImageVersion }}
+      skipArmBuild: ${{ inputs.skipArmBuild }}
         
   # -----------------------------------------------------------------
   # NOTIFY
@@ -352,21 +134,21 @@ jobs:
   notify:
     name: Notify
     if: ${{ always() }}
-    needs: [prepare, tests, release]
+    needs: [prepare, tests, build]
     runs-on: ubuntu-latest
     env:
-      PKG_VERSION: ${{needs.prepare.outputs.pkg_version}}
+      BUILD_VERSION: ${{ needs.prepare.outputs.buildVersion }}
         
     steps:      
     - name: Notify on Slack (Success)
       if: ${{ !contains(join(needs.*.result, ','), 'failure') }}
-      uses: slackapi/slack-github-action@v2
+      uses: slackapi/slack-github-action@v3
       with:
         token: ${{ secrets.SLACK_GH_BOT }}
         method: chat.postMessage
         payload: |
           channel: ${{ secrets.SLACK_GH_BUILDS_CHANNEL_ID }}
-          text: "Datatracker Build <https://github.com/ietf-tools/datatracker/actions/runs/${{ github.run_id }}|${{ env.PKG_VERSION }}> by ${{ github.triggering_actor }}"
+          text: "Datatracker Dev Build <https://github.com/ietf-tools/datatracker/actions/runs/${{ github.run_id }}|${{ env.BUILD_VERSION }}> by ${{ github.triggering_actor }}"
           attachments:
             - color: "28a745"
               fields:
@@ -375,35 +157,35 @@ jobs:
                   value: "Completed"
     - name: Notify on Slack (Failure)
       if: ${{ contains(join(needs.*.result, ','), 'failure') }}
-      uses: slackapi/slack-github-action@v2
+      uses: slackapi/slack-github-action@v3
       with:
         token: ${{ secrets.SLACK_GH_BOT }}
         method: chat.postMessage
         payload: |
           channel: ${{ secrets.SLACK_GH_BUILDS_CHANNEL_ID }}
-          text: "Datatracker Build <https://github.com/ietf-tools/datatracker/actions/runs/${{ github.run_id }}|${{ env.PKG_VERSION }}> by ${{ github.triggering_actor }}"
+          text: "Datatracker Dev Build <https://github.com/ietf-tools/datatracker/actions/runs/${{ github.run_id }}|${{ env.BUILD_VERSION }}> by ${{ github.triggering_actor }}"
           attachments:
             - color: "a82929"
               fields:
                 - title: "Status"
                   short: true
-                  value: "Failed"
+                  value: "Failed 😱"
         
   # -----------------------------------------------------------------
   # DEV
   # -----------------------------------------------------------------
   dev:
     name: Deploy to Dev
-    if: ${{ !failure() && !cancelled() && github.event.inputs.dev == 'true' }}
-    needs: [prepare, release]
+    if: ${{ !failure() && !cancelled() && inputs.deploy == 'Dev' }}
+    needs: [prepare, build]
     runs-on: ubuntu-latest
     environment:
       name: dev
     env:
-      PKG_VERSION: ${{needs.prepare.outputs.pkg_version}}
+      BUILD_VERSION: ${{ needs.prepare.outputs.buildVersion }}
       
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v7
         with:
           ref: main
           
@@ -418,81 +200,45 @@ jobs:
           echo "DEPLOY_NAMESPACE=$(node cli.js --branch ${{ github.ref_name }})" >> "$GITHUB_ENV"
 
       - name: Deploy to dev
-        uses: the-actions-org/workflow-dispatch@v4
+        uses: ietf-tools/workflow-dispatch-action@v1
         with:
           workflow: deploy-dev.yml
           repo: ietf-tools/infra-k8s
           ref: main
           token: ${{ secrets.GH_INFRA_K8S_TOKEN }}
-          inputs: '{ "app":"datatracker", "appVersion":"${{ env.PKG_VERSION }}", "remoteRef":"${{ github.sha }}", "namespace":"${{ env.DEPLOY_NAMESPACE }}", "disableDailyDbRefresh":${{ inputs.devNoDbRefresh }} }'
-          wait-for-completion: true
-          wait-for-completion-timeout: 60m
-          wait-for-completion-interval: 30s
-          display-workflow-run-url: false
+          inputs: '{ "app":"datatracker", "appVersion":"${{ env.BUILD_VERSION }}", "remoteRef":"${{ github.sha }}", "namespace":"${{ env.DEPLOY_NAMESPACE }}", "disableDailyDbRefresh":${{ inputs.devNoDbRefresh }} }'
+          waitForCompletionTimeout: 60m
 
   # -----------------------------------------------------------------
   # STAGING
   # -----------------------------------------------------------------
   staging:
     name: Deploy to Staging
-    if: ${{ !failure() && !cancelled() && (github.event.inputs.deploy == 'Staging Only' || github.event.inputs.deploy == 'Staging + Prod' || github.ref_name == 'release') }}
-    needs: [prepare, release]
+    if: ${{ !failure() && !cancelled() && inputs.deploy == 'Staging' }}
+    needs: [prepare, build]
     runs-on: ubuntu-latest
     environment:
       name: staging
     env:
-      PKG_VERSION: ${{needs.prepare.outputs.pkg_version}}
+      BUILD_VERSION: ${{ needs.prepare.outputs.buildVersion }}
       
     steps:
       - name: Refresh Staging DB
-        uses: the-actions-org/workflow-dispatch@v4
+        uses: ietf-tools/workflow-dispatch-action@v1
         with:
           workflow: deploy-db.yml
           repo: ietf-tools/infra-k8s
           ref: main
           token: ${{ secrets.GH_INFRA_K8S_TOKEN }}
           inputs: '{ "environment":"${{ secrets.GHA_K8S_CLUSTER }}", "app":"datatracker", "manifest":"postgres", "forceRecreate":true, "restoreToLastFullSnapshot":true, "waitClusterReady":true }'
-          wait-for-completion: true
-          wait-for-completion-timeout: 120m
-          wait-for-completion-interval: 20s
-          display-workflow-run-url: false
+          waitForCompletionTimeout: 120m
 
       - name: Deploy to staging
-        uses: the-actions-org/workflow-dispatch@v4
-        with:
-          workflow: deploy.yml
-          repo: ietf-tools/infra-k8s
-          ref: main
-          token: ${{ secrets.GH_INFRA_K8S_TOKEN }}
-          inputs: '{ "environment":"${{ secrets.GHA_K8S_CLUSTER }}", "app":"datatracker", "appVersion":"${{ env.PKG_VERSION }}", "remoteRef":"${{ github.sha }}" }'
-          wait-for-completion: true
-          wait-for-completion-timeout: 10m
-          wait-for-completion-interval: 30s
-          display-workflow-run-url: false
-
-  # -----------------------------------------------------------------
-  # PROD
-  # -----------------------------------------------------------------
-  prod:
-    name: Deploy to Production
-    if: ${{ !failure() && !cancelled() && (github.event.inputs.deploy == 'Staging + Prod' || github.ref_name == 'release') }}
-    needs: [prepare, staging]
-    runs-on: ubuntu-latest
-    environment:
-      name: production
-    env:
-      PKG_VERSION: ${{needs.prepare.outputs.pkg_version}}
-
-    steps:
-      - name: Deploy to production
-        uses: the-actions-org/workflow-dispatch@v4
+        uses: ietf-tools/workflow-dispatch-action@v1
         with:
           workflow: deploy.yml
           repo: ietf-tools/infra-k8s
           ref: main
           token: ${{ secrets.GH_INFRA_K8S_TOKEN }}
-          inputs: '{ "environment":"${{ secrets.GHA_K8S_CLUSTER }}", "app":"datatracker", "appVersion":"${{ env.PKG_VERSION }}", "remoteRef":"${{ github.sha }}" }'
-          wait-for-completion: true
-          wait-for-completion-timeout: 10m
-          wait-for-completion-interval: 30s
-          display-workflow-run-url: false
+          inputs: '{ "environment":"${{ secrets.GHA_K8S_CLUSTER }}", "app":"datatracker", "appVersion":"${{ env.BUILD_VERSION }}", "remoteRef":"${{ github.sha }}", "deployStrategy":"${{ inputs.deployStrategy }}" }'
+          waitForCompletionTimeout: 30m
diff --git a/.github/workflows/ci-run-tests.yml b/.github/workflows/ci-run-tests.yml
index 278bd8af2f..50ec4c1943 100644
--- a/.github/workflows/ci-run-tests.yml
+++ b/.github/workflows/ci-run-tests.yml
@@ -23,7 +23,7 @@ jobs:
       base_image_version: ${{ steps.baseimgversion.outputs.base_image_version }}
 
     steps:   
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v7
       with:
         fetch-depth: 1
         fetch-tags: false
@@ -38,7 +38,7 @@ jobs:
   # -----------------------------------------------------------------
   tests:
     name: Run Tests
-    uses: ./.github/workflows/tests.yml
+    uses: ./.github/workflows/reusable-tests.yml
     needs: [prepare]
     with:
       ignoreLowerCoverage: false
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index 3444c03b5e..15b2231ce3 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -26,12 +26,12 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v4
+      uses: actions/checkout@v7
 
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v3
+      uses: github/codeql-action/init@v4
       with:
         languages: ${{ matrix.language }}
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v3
+      uses: github/codeql-action/analyze@v4
diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml
index 6d0683c471..7393e83b82 100644
--- a/.github/workflows/dependency-review.yml
+++ b/.github/workflows/dependency-review.yml
@@ -15,7 +15,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: 'Checkout Repository'
-        uses: actions/checkout@v4
+        uses: actions/checkout@v7
       - name: 'Dependency Review'
         uses: actions/dependency-review-action@v4
         with:
diff --git a/.github/workflows/dev-assets-sync-nightly.yml b/.github/workflows/dev-assets-sync-nightly.yml
index 4cfbf6365b..83121354e6 100644
--- a/.github/workflows/dev-assets-sync-nightly.yml
+++ b/.github/workflows/dev-assets-sync-nightly.yml
@@ -29,17 +29,17 @@ jobs:
       contents: read
       packages: write
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v7
 
       - name: Login to GitHub Container Registry
-        uses: docker/login-action@v3
+        uses: docker/login-action@v4
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Docker Build & Push
-        uses: docker/build-push-action@v6
+        uses: docker/build-push-action@v7
         env:
           DOCKER_BUILD_SUMMARY: false
         with:
diff --git a/.github/workflows/lock-threads.yml b/.github/workflows/lock-threads.yml
index 22652dab88..b90300c09b 100644
--- a/.github/workflows/lock-threads.yml
+++ b/.github/workflows/lock-threads.yml
@@ -16,9 +16,10 @@ jobs:
   action:
     runs-on: ubuntu-latest
     steps:
-      - uses: ietf-tools/lock-threads@v3.1.1
+      - uses: dessant/lock-threads@v6
         with:
           github-token: ${{ github.token }}
+          process-only: 'issues, prs'
           issue-inactive-days: 7
           pr-inactive-days: 3
           log-output: true
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
new file mode 100644
index 0000000000..2de02eb285
--- /dev/null
+++ b/.github/workflows/release.yml
@@ -0,0 +1,209 @@
+name: Make Release and Deploy
+run-name: RELEASE ${{ github.run_number }} by @${{ github.actor }}
+
+on:
+  workflow_dispatch:
+    inputs:
+      deployStrategy:
+        description: 'Deploy Strategy'
+        default: 'Recreate'
+        required: true
+        type: choice
+        options:
+          - Recreate
+          - RollingUpdate
+          - Current
+
+concurrency:
+  group: ${{ github.workflow }}
+  cancel-in-progress: true
+
+jobs:
+  # -----------------------------------------------------------------
+  # PREPARE
+  # -----------------------------------------------------------------
+  prepare:
+    name: Prepare Release
+    runs-on: ubuntu-latest
+    outputs:
+      buildVersion: ${{ steps.buildvars.outputs.buildVersion }}
+      previousVersion: ${{ steps.semver.outputs.current }}
+      baseImageVersion: ${{ steps.baseimgversion.outputs.baseImageVersion }}
+
+    steps:
+      - name: Ensure release branch
+        if: github.ref != 'refs/heads/release'
+        run: |
+          echo "This workflow can only run on the 'release' branch (current: ${{ github.ref_name }})"
+          exit 1
+
+      - uses: actions/checkout@v7
+        with:
+          fetch-depth: 1
+          fetch-tags: false
+
+      - name: Get Next Version
+        id: semver
+        uses: ietf-tools/semver-action@v1
+        with:
+          token: ${{ github.token }}
+          branch: release
+          skipInvalidTags: true
+          patchList: fix, bugfix, perf, refactor, test, tests, chore
+          
+      - name: Create Draft Release
+        uses: ncipollo/release-action@v1.21.0
+        with:
+          prerelease: true
+          draft: false
+          commit: ${{ github.sha }}
+          tag: ${{ steps.semver.outputs.nextStrict }}
+          name: ${{ steps.semver.outputs.nextStrict }}
+          body: '*pending*'
+          token: ${{ secrets.GITHUB_TOKEN }}
+      
+      - name: Set Build Variables
+        id: buildvars
+        run: |
+          echo "Will set build version to: ${{ steps.semver.outputs.nextStrict }}"
+          echo "buildVersion=${{ steps.semver.outputs.nextStrict }}" >> $GITHUB_OUTPUT
+          echo "::notice::Release ${{ steps.semver.outputs.nextStrict }} created using branch $GITHUB_REF_NAME"
+
+      - name: Get Base Image Target Version
+        id: baseimgversion
+        run: |
+          echo "baseImageVersion=$(sed -n '1p' dev/build/TARGET_BASE)" >> $GITHUB_OUTPUT
+
+  # -----------------------------------------------------------------
+  # TESTS
+  # -----------------------------------------------------------------
+  tests:
+    name: Run Tests
+    uses: ./.github/workflows/reusable-tests.yml
+    needs: [prepare]
+    secrets: inherit
+    with:
+      ignoreLowerCoverage: false
+      skipSelenium: true
+      targetBaseVersion: ${{ needs.prepare.outputs.baseImageVersion }}
+
+  # -----------------------------------------------------------------
+  # BUILD RELEASE
+  # -----------------------------------------------------------------
+  build:
+    name: Build Release Image
+    uses: ./.github/workflows/reusable-build.yml
+    if: ${{ !failure() && !cancelled() }}
+    needs: [tests, prepare]
+    permissions:
+      contents: write
+      packages: write
+    secrets: inherit
+    with:
+      buildVersion: ${{needs.prepare.outputs.buildVersion}}
+      isReleaseBuild: true
+      previousVersion: ${{needs.prepare.outputs.previousVersion}}
+      handleCoverageResults: true
+      updateCoverageBaseline: true
+      baseImageVersion: ${{ needs.prepare.outputs.baseImageVersion }}
+
+  # -----------------------------------------------------------------
+  # NOTIFY
+  # -----------------------------------------------------------------
+  notify:
+    name: Notify
+    if: ${{ always() }}
+    needs: [prepare, tests, build]
+    runs-on: ubuntu-latest
+    env:
+      BUILD_VERSION: ${{needs.prepare.outputs.buildVersion}}
+        
+    steps:      
+    - name: Notify on Slack (Success)
+      if: ${{ !contains(join(needs.*.result, ','), 'failure') }}
+      uses: slackapi/slack-github-action@v3
+      with:
+        token: ${{ secrets.SLACK_GH_BOT }}
+        method: chat.postMessage
+        payload: |
+          channel: ${{ secrets.SLACK_GH_BUILDS_CHANNEL_ID }}
+          text: "Datatracker Release Build <https://github.com/ietf-tools/datatracker/actions/runs/${{ github.run_id }}|${{ env.BUILD_VERSION }}> by ${{ github.triggering_actor }}"
+          attachments:
+            - color: "28a745"
+              fields:
+                - title: "Status"
+                  short: true
+                  value: "Completed"
+    - name: Notify on Slack (Failure)
+      if: ${{ contains(join(needs.*.result, ','), 'failure') }}
+      uses: slackapi/slack-github-action@v3
+      with:
+        token: ${{ secrets.SLACK_GH_BOT }}
+        method: chat.postMessage
+        payload: |
+          channel: ${{ secrets.SLACK_GH_BUILDS_CHANNEL_ID }}
+          text: "Datatracker Release Build <https://github.com/ietf-tools/datatracker/actions/runs/${{ github.run_id }}|${{ env.BUILD_VERSION }}> by ${{ github.triggering_actor }}"
+          attachments:
+            - color: "a82929"
+              fields:
+                - title: "Status"
+                  short: true
+                  value: "Failed 😱"
+
+  # -----------------------------------------------------------------
+  # STAGING
+  # -----------------------------------------------------------------
+  staging:
+    name: Deploy to Staging
+    if: ${{ !failure() && !cancelled() }}
+    needs: [prepare, build]
+    runs-on: ubuntu-latest
+    environment:
+      name: staging
+    env:
+      BUILD_VERSION: ${{needs.prepare.outputs.buildVersion}}
+      
+    steps:
+      - name: Refresh Staging DB
+        uses: ietf-tools/workflow-dispatch-action@v1
+        with:
+          workflow: deploy-db.yml
+          repo: ietf-tools/infra-k8s
+          ref: main
+          token: ${{ secrets.GH_INFRA_K8S_TOKEN }}
+          inputs: '{ "environment":"${{ secrets.GHA_K8S_CLUSTER }}", "app":"datatracker", "manifest":"postgres", "forceRecreate":true, "restoreToLastFullSnapshot":true, "waitClusterReady":true }'
+          waitForCompletionTimeout: 120m
+
+      - name: Deploy to staging
+        uses: ietf-tools/workflow-dispatch-action@v1
+        with:
+          workflow: deploy.yml
+          repo: ietf-tools/infra-k8s
+          ref: main
+          token: ${{ secrets.GH_INFRA_K8S_TOKEN }}
+          inputs: '{ "environment":"${{ secrets.GHA_K8S_CLUSTER }}", "app":"datatracker", "appVersion":"${{ env.BUILD_VERSION }}", "remoteRef":"${{ github.sha }}", "deployStrategy":"${{ inputs.deployStrategy }}" }'
+          waitForCompletionTimeout: 30m
+
+  # -----------------------------------------------------------------
+  # PROD
+  # -----------------------------------------------------------------
+  prod:
+    name: Deploy to Production
+    if: ${{ !failure() && !cancelled() }}
+    needs: [prepare, staging]
+    runs-on: ubuntu-latest
+    environment:
+      name: production
+    env:
+      BUILD_VERSION: ${{needs.prepare.outputs.buildVersion}}
+
+    steps:
+      - name: Deploy to production
+        uses: ietf-tools/workflow-dispatch-action@v1
+        with:
+          workflow: deploy.yml
+          repo: ietf-tools/infra-k8s
+          ref: main
+          token: ${{ secrets.GH_INFRA_K8S_TOKEN }}
+          inputs: '{ "environment":"${{ secrets.GHA_K8S_CLUSTER }}", "app":"datatracker", "appVersion":"${{ env.BUILD_VERSION }}", "remoteRef":"${{ github.sha }}", "deployStrategy":"${{ inputs.deployStrategy }}" }'
+          waitForCompletionTimeout: 30m
diff --git a/.github/workflows/reusable-build.yml b/.github/workflows/reusable-build.yml
new file mode 100644
index 0000000000..4d9a3b4bf1
--- /dev/null
+++ b/.github/workflows/reusable-build.yml
@@ -0,0 +1,226 @@
+name: Reusable Build Workflow
+
+on:
+  workflow_call:
+    inputs:
+      buildVersion:
+        required: true
+        type: string
+      isReleaseBuild:
+        default: false
+        required: false
+        type: boolean
+      previousVersion:
+        required: false
+        type: string
+      handleCoverageResults:
+        default: true
+        required: false
+        type: boolean
+      updateCoverageBaseline:
+        default: false
+        required: false
+        type: boolean
+      baseImageVersion:
+        default: latest
+        required: false
+        type: string
+      skipArmBuild:
+        default: false
+        required: false
+        type: boolean
+
+jobs:
+  # -----------------------------------------------------------------
+  # BUILD IMAGE
+  # -----------------------------------------------------------------
+  build:
+    name: Build Image
+    runs-on:
+      group: hperf-8c32r
+    permissions:
+      contents: write
+      packages: write
+
+    steps:
+    - uses: actions/checkout@v7
+      with:
+        fetch-depth: 1
+        fetch-tags: false
+
+    - name: Setup Node.js environment
+      uses: actions/setup-node@v6
+      with:
+        node-version: 18.x
+
+    - name: Setup Python
+      uses: actions/setup-python@v6
+      with:
+        python-version: "3.x"
+
+    - name: Setup AWS CLI
+      uses: unfor19/install-aws-cli-action@v1
+      with:
+        version: 2.22.35
+
+    - name: Download a Coverage Results
+      if: ${{ inputs.handleCoverageResults }}
+      uses: actions/download-artifact@v8.0.1
+      with:
+        name: coverage
+
+    - name: Make Build
+      env:
+        DEBIAN_FRONTEND: noninteractive
+        BROWSERSLIST_IGNORE_OLD_DATA: 1
+      run: |
+        echo "BUILD_VERSION: ${{ inputs.buildVersion }}"
+        echo "GITHUB_SHA: $GITHUB_SHA"
+        echo "GITHUB_REF_NAME: $GITHUB_REF_NAME"
+        echo "Running frontend build script..."
+        echo "Compiling native node packages..."
+        yarn rebuild
+        echo "Packaging static assets..."
+        yarn build --base=https://static.ietf.org/dt/${{ inputs.buildVersion }}/
+        yarn legacy:build
+        echo "Setting version ${{ inputs.buildVersion }}..."
+        sed -i -r -e "s|^__version__ += '.*'$|__version__ = '${{ inputs.buildVersion }}'|" ietf/__init__.py
+        sed -i -r -e "s|^__release_hash__ += '.*'$|__release_hash__ = '$GITHUB_SHA'|" ietf/__init__.py
+        sed -i -r -e "s|^__release_branch__ += '.*'$|__release_branch__ = '$GITHUB_REF_NAME'|" ietf/__init__.py
+
+    - name: Set Production Flags
+      if: ${{ inputs.isReleaseBuild }}
+      run: |
+        echo "Setting production flags in settings.py..."
+        sed -i -r -e 's/^DEBUG *= *.*$/DEBUG = False/' -e "s/^SERVER_MODE *= *.*\$/SERVER_MODE = 'production'/" ietf/settings.py
+        
+    - name: Make Tarball
+      env:
+        DEBIAN_FRONTEND: noninteractive
+      run: |
+        echo "Build release tarball..."
+        mkdir -p /home/runner/work/release
+        tar -czf /home/runner/work/release/release.tar.gz -X dev/build/exclude-patterns.txt .
+
+    - name: Collect + Push Statics
+      env:
+        DEBIAN_FRONTEND: noninteractive
+        AWS_ACCESS_KEY_ID: ${{ secrets.CF_R2_STATIC_KEY_ID }}
+        AWS_SECRET_ACCESS_KEY: ${{ secrets.CF_R2_STATIC_KEY_SECRET }}
+        AWS_DEFAULT_REGION: auto
+        AWS_ENDPOINT_URL: ${{ secrets.CF_R2_ENDPOINT }}
+      run: |
+        echo "Collecting statics..."
+        echo "Using ghcr.io/ietf-tools/datatracker-app-base:${{ inputs.baseImageVersion }}"
+        docker run --rm --name collectstatics -v $(pwd):/workspace ghcr.io/ietf-tools/datatracker-app-base:${{ inputs.baseImageVersion }} sh dev/build/collectstatics.sh
+        echo "Pushing statics..."
+        cd static
+        aws s3 sync . s3://static/dt/${{ inputs.buildVersion }} --only-show-errors
+
+    - name: Augment dockerignore for docker image build
+      env:
+        DEBIAN_FRONTEND: noninteractive
+      run: |
+        cat >> .dockerignore <<EOL
+        .devcontainer
+        .github
+        .vscode
+        k8s
+        playwright
+        svn-history
+        docker-compose.yml
+        EOL
+
+    - name: Setup Docker Buildx
+      uses: docker/setup-buildx-action@v4
+
+    - name: Login to GitHub Container Registry
+      uses: docker/login-action@v4
+      with:
+        registry: ghcr.io
+        username: ${{ github.actor }}
+        password: ${{ secrets.GITHUB_TOKEN }}
+
+    - name: Add feature-latest tag
+      if: ${{ startsWith(github.ref_name, 'feat/') }}
+      run: echo "FEATURE_LATEST_TAG=$(echo $GITHUB_REF_NAME | tr / -)" >> $GITHUB_ENV
+
+    - name: Build Images
+      uses: docker/build-push-action@v7
+      env:
+        DOCKER_BUILD_SUMMARY: false
+      with:
+        context: .
+        file: dev/build/Dockerfile
+        platforms: ${{ inputs.skipArmBuild && 'linux/amd64' || 'linux/amd64,linux/arm64' }}
+        push: true
+        tags: |
+          ghcr.io/ietf-tools/datatracker:${{ inputs.buildVersion }}
+          ${{ env.FEATURE_LATEST_TAG && format('ghcr.io/ietf-tools/datatracker:{0}-latest', env.FEATURE_LATEST_TAG) || null }}
+
+    - name: Update CHANGELOG
+      id: changelog
+      uses: Requarks/changelog-action@v1
+      if: ${{ inputs.isReleaseBuild }}
+      with:
+        token: ${{ github.token }}
+        fromTag: ${{ inputs.buildVersion }}
+        toTag: ${{ inputs.previousVersion }}
+        writeToFile: false
+
+    - name: Download Coverage Results
+      if: ${{ inputs.handleCoverageResults }}
+      uses: actions/download-artifact@v8.0.1
+      with:
+        name: coverage
+
+    - name: Prepare Coverage Action
+      if: ${{ inputs.handleCoverageResults }}
+      working-directory: ./dev/coverage-action
+      run: npm install
+        
+    - name: Process Coverage Stats + Chart
+      id: covprocess
+      uses: ./dev/coverage-action/
+      if: ${{ inputs.handleCoverageResults }}
+      with:
+        token: ${{ github.token }}
+        tokenCommon: ${{ secrets.GH_COMMON_TOKEN }}
+        repoCommon: common
+        version: ${{ inputs.buildVersion }}
+        changelog: ${{ steps.changelog.outputs.changes }}
+        summary: ''
+        coverageResultsPath: coverage.json
+        histCoveragePath: historical-coverage.json
+        
+    - name: Create Release
+      uses: ncipollo/release-action@v1.21.0
+      if: ${{ inputs.isReleaseBuild }}
+      with:
+        allowUpdates: true
+        makeLatest: true
+        draft: false
+        tag: ${{ inputs.buildVersion }}
+        name: ${{ inputs.buildVersion }}
+        body: ${{ steps.covprocess.outputs.changelog }}
+        artifacts: "/home/runner/work/release/release.tar.gz,coverage.json,historical-coverage.json"
+        token: ${{ secrets.GITHUB_TOKEN }}
+
+    - name: Update Baseline Coverage
+      uses: ncipollo/release-action@v1.21.0
+      if: ${{ inputs.updateCoverageBaseline }}
+      with:
+        allowUpdates: true
+        tag: baseline
+        omitBodyDuringUpdate: true
+        omitNameDuringUpdate: true
+        omitPrereleaseDuringUpdate: true
+        replacesArtifacts: true
+        artifacts: "coverage.json"
+        token: ${{ secrets.GITHUB_TOKEN }}
+        
+    - name: Upload Build Artifacts
+      uses: actions/upload-artifact@v7
+      with:
+        name: release-${{ inputs.buildVersion }}
+        path: /home/runner/work/release/release.tar.gz
diff --git a/.github/workflows/tests.yml b/.github/workflows/reusable-tests.yml
similarity index 93%
rename from .github/workflows/tests.yml
rename to .github/workflows/reusable-tests.yml
index 836314bac0..10d04c8265 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/reusable-tests.yml
@@ -32,7 +32,7 @@ jobs:
         image: ghcr.io/ietf-tools/datatracker-devblobstore:latest
     
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v7
     
     - name: Prepare for tests
       run: |
@@ -68,14 +68,14 @@ jobs:
         coverage xml
 
     - name: Upload geckodriver.log
-      uses: actions/upload-artifact@v4
+      uses: actions/upload-artifact@v7
       if: ${{ failure() }}
       with:
         name: geckodriverlog
         path: geckodriver.log
 
     - name: Upload Coverage Results to Codecov
-      uses: codecov/codecov-action@v5
+      uses: codecov/codecov-action@v6
       with:
         disable_search: true
         files: coverage.xml
@@ -87,7 +87,7 @@ jobs:
         mv latest-coverage.json coverage.json
         
     - name: Upload Coverage Results as Build Artifact
-      uses: actions/upload-artifact@v4
+      uses: actions/upload-artifact@v7
       if: ${{ always() }}
       with:
         name: coverage
@@ -102,7 +102,7 @@ jobs:
         project: [chromium, firefox]
     
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v7
 
     - uses: actions/setup-node@v6
       with:
@@ -121,7 +121,7 @@ jobs:
         npx playwright test --project=${{ matrix.project }}
         
     - name: Upload Report
-      uses: actions/upload-artifact@v4
+      uses: actions/upload-artifact@v7
       if: ${{ always() }}
       continue-on-error: true
       with:
@@ -130,6 +130,7 @@ jobs:
         if-no-files-found: ignore
 
   tests-playwright-legacy:
+    if: ${{ false }}  # disable until we sort out suspected test runner issue
     name: Playwright Legacy Tests
     runs-on: ubuntu-latest
     container: ghcr.io/ietf-tools/datatracker-app-base:${{ inputs.targetBaseVersion }}
@@ -143,7 +144,7 @@ jobs:
         image: ghcr.io/ietf-tools/datatracker-db:latest
     
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v7
     
     - name: Prepare for tests
       run: |
@@ -180,7 +181,7 @@ jobs:
         npx playwright test --project=${{ matrix.project }} -c playwright-legacy.config.js
         
     - name: Upload Report
-      uses: actions/upload-artifact@v4
+      uses: actions/upload-artifact@v7
       if: ${{ always() }}
       continue-on-error: true
       with:
diff --git a/.github/workflows/tests-az.yml b/.github/workflows/tests-az.yml
deleted file mode 100644
index 8553563a19..0000000000
--- a/.github/workflows/tests-az.yml
+++ /dev/null
@@ -1,109 +0,0 @@
-name: Tests (Azure Test)
-
-on:
-  workflow_dispatch:
-
-jobs:
-  main:
-    name: Run Tests on Azure temp VM
-    runs-on: ubuntu-latest
-    
-    permissions:
-      contents: read
-      
-    steps:
-    - name: Launch VM on Azure
-      id: azlaunch
-      run: |
-        echo "Authenticating to Azure..."
-        az login --service-principal -u ${{ secrets.AZ_TESTS_APP_ID }} -p ${{ secrets.AZ_TESTS_PWD }} --tenant ${{ secrets.AZ_TESTS_TENANT_ID }}
-        echo "Creating VM..."
-        vminfo=$(az vm create \
-          --resource-group ghaDatatrackerTests \
-          --name tmpGhaVM2 \
-          --image Ubuntu2204 \
-          --admin-username azureuser \
-          --generate-ssh-keys \
-          --priority Spot \
-          --size Standard_D4as_v5 \
-          --max-price -1 \
-          --os-disk-size-gb 30 \
-          --eviction-policy Delete \
-          --nic-delete-option Delete \
-          --output tsv \
-          --query "publicIpAddress")
-        echo "ipaddr=$vminfo" >> "$GITHUB_OUTPUT"
-        echo "VM Public IP: $vminfo"
-        cat ~/.ssh/id_rsa > ${{ github.workspace }}/prvkey.key
-        ssh-keyscan -t rsa $vminfo >> ~/.ssh/known_hosts
-
-    - name: Remote SSH into VM
-      uses: appleboy/ssh-action@2ead5e36573f08b82fbfce1504f1a4b05a647c6f
-      env:
-        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      with:
-        host: ${{ steps.azlaunch.outputs.ipaddr }}
-        port: 22
-        username: azureuser
-        command_timeout: 60m
-        key_path: ${{ github.workspace }}/prvkey.key
-        envs: GITHUB_TOKEN
-        script_stop: true
-        script: |
-          export DEBIAN_FRONTEND=noninteractive
-          lsb_release -a
-          sudo apt-get update
-          sudo apt-get upgrade -y
-          
-          echo "Installing Docker..."
-          curl -fsSL https://get.docker.com -o get-docker.sh
-          sudo sh get-docker.sh
-          
-          echo "Starting Containers..."
-          sudo docker network create dtnet
-          sudo docker run -d --name db --network=dtnet ghcr.io/ietf-tools/datatracker-db:latest &
-          sudo docker run -d --name app --network=dtnet ghcr.io/ietf-tools/datatracker-app-base:latest sleep infinity &
-          wait
-
-          echo "Cloning datatracker repo..."
-          sudo docker exec app git clone --depth=1 https://github.com/ietf-tools/datatracker.git .
-          echo "Prepare tests..."
-          sudo docker exec app chmod +x ./dev/tests/prepare.sh
-          sudo docker exec app sh ./dev/tests/prepare.sh
-          echo "Running checks..."
-          sudo docker exec app ietf/manage.py check
-          sudo docker exec app ietf/manage.py migrate --fake-initial
-          echo "Running tests..."
-          sudo docker exec app ietf/manage.py test -v2 --validate-html-harder --settings=settings_test
-
-    - name: Destroy VM + resources
-      if: always()
-      shell: pwsh
-      run: |
-        echo "Destroying VM..."        
-        az vm delete -g ghaDatatrackerTests -n tmpGhaVM2 --yes --force-deletion true
-
-        $resourceOrderRemovalOrder = [ordered]@{
-            "Microsoft.Compute/virtualMachines" = 0
-            "Microsoft.Compute/disks" = 1
-            "Microsoft.Network/networkInterfaces" = 2
-            "Microsoft.Network/publicIpAddresses" = 3
-            "Microsoft.Network/networkSecurityGroups" = 4
-            "Microsoft.Network/virtualNetworks" = 5
-        }
-        echo "Fetching remaining resources..."
-        $resources = az resource list --resource-group ghaDatatrackerTests | ConvertFrom-Json
-
-        $orderedResources = $resources 
-            | Sort-Object @{
-                Expression = {$resourceOrderRemovalOrder[$_.type]}
-                Descending = $False
-            }
-
-        echo "Deleting remaining resources..."
-        $orderedResources | ForEach-Object {
-            az resource delete --resource-group ghaDatatrackerTests --ids $_.id --verbose
-        }
-
-        echo "Logout from Azure..."
-        az logout
diff --git a/.gitignore b/.gitignore
index 84bc800e3b..ccc7a46b08 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,6 +1,7 @@
 .DS_store
 datatracker.sublime-project
 datatracker.sublime-workspace
+/.claude
 /.coverage
 /.factoryboy_random_state
 /.mypy_cache
diff --git a/.pnp.cjs b/.pnp.cjs
index 5fcce34d2f..6c76263c7e 100644
--- a/.pnp.cjs
+++ b/.pnp.cjs
@@ -42,6 +42,7 @@ function $$SETUP_STATE(hydrateRuntimeState, basePath) {
             ["@fullcalendar/luxon3", "virtual:dc3fc578bfa5e06182a4d2be39ede0bc5b74940b1ffe0d70c26892ab140a4699787750fba175dc306292e80b4aa2c8c5f68c2a821e69b2c37e360c0dff36ff66#npm:6.1.11"],\
             ["@fullcalendar/timegrid", "virtual:dc3fc578bfa5e06182a4d2be39ede0bc5b74940b1ffe0d70c26892ab140a4699787750fba175dc306292e80b4aa2c8c5f68c2a821e69b2c37e360c0dff36ff66#npm:6.1.11"],\
             ["@fullcalendar/vue3", "virtual:dc3fc578bfa5e06182a4d2be39ede0bc5b74940b1ffe0d70c26892ab140a4699787750fba175dc306292e80b4aa2c8c5f68c2a821e69b2c37e360c0dff36ff66#npm:6.1.11"],\
+            ["@kurkle/color", "npm:0.3.1"],\
             ["@parcel/optimizer-data-url", "npm:2.12.0"],\
             ["@parcel/transformer-inline-string", "npm:2.12.0"],\
             ["@parcel/transformer-sass", "npm:2.12.0"],\
@@ -56,6 +57,9 @@ function $$SETUP_STATE(hydrateRuntimeState, basePath) {
             ["browserlist", "npm:1.0.1"],\
             ["c8", "npm:9.1.0"],\
             ["caniuse-lite", "npm:1.0.30001603"],\
+            ["chart.js", "npm:4.5.1"],\
+            ["chartjs-plugin-autocolors", "virtual:dc3fc578bfa5e06182a4d2be39ede0bc5b74940b1ffe0d70c26892ab140a4699787750fba175dc306292e80b4aa2c8c5f68c2a821e69b2c37e360c0dff36ff66#npm:0.3.1"],\
+            ["chartjs-plugin-zoom", "virtual:dc3fc578bfa5e06182a4d2be39ede0bc5b74940b1ffe0d70c26892ab140a4699787750fba175dc306292e80b4aa2c8c5f68c2a821e69b2c37e360c0dff36ff66#npm:2.2.0"],\
             ["d3", "npm:7.9.0"],\
             ["eslint", "npm:8.57.0"],\
             ["eslint-config-standard", "virtual:dc3fc578bfa5e06182a4d2be39ede0bc5b74940b1ffe0d70c26892ab140a4699787750fba175dc306292e80b4aa2c8c5f68c2a821e69b2c37e360c0dff36ff66#npm:17.1.0"],\
@@ -883,6 +887,22 @@ function $$SETUP_STATE(hydrateRuntimeState, basePath) {
           "linkType": "HARD"\
         }]\
       ]],\
+      ["@kurkle/color", [\
+        ["npm:0.3.1", {\
+          "packageLocation": "./.yarn/cache/@kurkle-color-npm-0.3.1-174f3d038c-e6be5c081b.zip/node_modules/@kurkle/color/",\
+          "packageDependencies": [\
+            ["@kurkle/color", "npm:0.3.1"]\
+          ],\
+          "linkType": "HARD"\
+        }],\
+        ["npm:0.3.4", {\
+          "packageLocation": "./.yarn/cache/@kurkle-color-npm-0.3.4-fbd637031f-b95c6abe02.zip/node_modules/@kurkle/color/",\
+          "packageDependencies": [\
+            ["@kurkle/color", "npm:0.3.4"]\
+          ],\
+          "linkType": "HARD"\
+        }]\
+      ]],\
       ["@lezer/common", [\
         ["npm:0.15.12", {\
           "packageLocation": "./.yarn/cache/@lezer-common-npm-0.15.12-62017272b0-dae6581618.zip/node_modules/@lezer/common/",\
@@ -2616,6 +2636,15 @@ function $$SETUP_STATE(hydrateRuntimeState, basePath) {
           "linkType": "HARD"\
         }]\
       ]],\
+      ["@types/hammerjs", [\
+        ["npm:2.0.46", {\
+          "packageLocation": "./.yarn/cache/@types-hammerjs-npm-2.0.46-de99d4d9d1-caba6ec788.zip/node_modules/@types/hammerjs/",\
+          "packageDependencies": [\
+            ["@types/hammerjs", "npm:2.0.46"]\
+          ],\
+          "linkType": "HARD"\
+        }]\
+      ]],\
       ["@types/istanbul-lib-coverage", [\
         ["npm:2.0.4", {\
           "packageLocation": "./.yarn/cache/@types-istanbul-lib-coverage-npm-2.0.4-734954bb56-a25d7589ee.zip/node_modules/@types/istanbul-lib-coverage/",\
@@ -3545,6 +3574,66 @@ function $$SETUP_STATE(hydrateRuntimeState, basePath) {
           "linkType": "HARD"\
         }]\
       ]],\
+      ["chart.js", [\
+        ["npm:4.5.1", {\
+          "packageLocation": "./.yarn/cache/chart.js-npm-4.5.1-97698d58cc-34b35b3736.zip/node_modules/chart.js/",\
+          "packageDependencies": [\
+            ["chart.js", "npm:4.5.1"],\
+            ["@kurkle/color", "npm:0.3.4"]\
+          ],\
+          "linkType": "HARD"\
+        }]\
+      ]],\
+      ["chartjs-plugin-autocolors", [\
+        ["npm:0.3.1", {\
+          "packageLocation": "./.yarn/cache/chartjs-plugin-autocolors-npm-0.3.1-7e93d38139-de4f87b5bb.zip/node_modules/chartjs-plugin-autocolors/",\
+          "packageDependencies": [\
+            ["chartjs-plugin-autocolors", "npm:0.3.1"]\
+          ],\
+          "linkType": "SOFT"\
+        }],\
+        ["virtual:dc3fc578bfa5e06182a4d2be39ede0bc5b74940b1ffe0d70c26892ab140a4699787750fba175dc306292e80b4aa2c8c5f68c2a821e69b2c37e360c0dff36ff66#npm:0.3.1", {\
+          "packageLocation": "./.yarn/__virtual__/chartjs-plugin-autocolors-virtual-6e228c1a1e/0/cache/chartjs-plugin-autocolors-npm-0.3.1-7e93d38139-de4f87b5bb.zip/node_modules/chartjs-plugin-autocolors/",\
+          "packageDependencies": [\
+            ["chartjs-plugin-autocolors", "virtual:dc3fc578bfa5e06182a4d2be39ede0bc5b74940b1ffe0d70c26892ab140a4699787750fba175dc306292e80b4aa2c8c5f68c2a821e69b2c37e360c0dff36ff66#npm:0.3.1"],\
+            ["@kurkle/color", "npm:0.3.1"],\
+            ["@types/chart.js", null],\
+            ["@types/kurkle__color", null],\
+            ["chart.js", "npm:4.5.1"]\
+          ],\
+          "packagePeers": [\
+            "@kurkle/color",\
+            "@types/chart.js",\
+            "@types/kurkle__color",\
+            "chart.js"\
+          ],\
+          "linkType": "HARD"\
+        }]\
+      ]],\
+      ["chartjs-plugin-zoom", [\
+        ["npm:2.2.0", {\
+          "packageLocation": "./.yarn/cache/chartjs-plugin-zoom-npm-2.2.0-85aea0b81e-a540e38340.zip/node_modules/chartjs-plugin-zoom/",\
+          "packageDependencies": [\
+            ["chartjs-plugin-zoom", "npm:2.2.0"]\
+          ],\
+          "linkType": "SOFT"\
+        }],\
+        ["virtual:dc3fc578bfa5e06182a4d2be39ede0bc5b74940b1ffe0d70c26892ab140a4699787750fba175dc306292e80b4aa2c8c5f68c2a821e69b2c37e360c0dff36ff66#npm:2.2.0", {\
+          "packageLocation": "./.yarn/__virtual__/chartjs-plugin-zoom-virtual-45332d2c47/0/cache/chartjs-plugin-zoom-npm-2.2.0-85aea0b81e-a540e38340.zip/node_modules/chartjs-plugin-zoom/",\
+          "packageDependencies": [\
+            ["chartjs-plugin-zoom", "virtual:dc3fc578bfa5e06182a4d2be39ede0bc5b74940b1ffe0d70c26892ab140a4699787750fba175dc306292e80b4aa2c8c5f68c2a821e69b2c37e360c0dff36ff66#npm:2.2.0"],\
+            ["@types/chart.js", null],\
+            ["@types/hammerjs", "npm:2.0.46"],\
+            ["chart.js", "npm:4.5.1"],\
+            ["hammerjs", "npm:2.0.8"]\
+          ],\
+          "packagePeers": [\
+            "@types/chart.js",\
+            "chart.js"\
+          ],\
+          "linkType": "HARD"\
+        }]\
+      ]],\
       ["chokidar", [\
         ["npm:3.5.3", {\
           "packageLocation": "./.yarn/cache/chokidar-npm-3.5.3-c5f9b0a56a-b49fcde401.zip/node_modules/chokidar/",\
@@ -5709,6 +5798,15 @@ function $$SETUP_STATE(hydrateRuntimeState, basePath) {
           "linkType": "HARD"\
         }]\
       ]],\
+      ["hammerjs", [\
+        ["npm:2.0.8", {\
+          "packageLocation": "./.yarn/cache/hammerjs-npm-2.0.8-f656ba2573-b092da7d15.zip/node_modules/hammerjs/",\
+          "packageDependencies": [\
+            ["hammerjs", "npm:2.0.8"]\
+          ],\
+          "linkType": "HARD"\
+        }]\
+      ]],\
       ["has", [\
         ["npm:1.0.3", {\
           "packageLocation": "./.yarn/cache/has-npm-1.0.3-b7f00631c1-b9ad53d53b.zip/node_modules/has/",\
@@ -8326,6 +8424,7 @@ function $$SETUP_STATE(hydrateRuntimeState, basePath) {
             ["@fullcalendar/luxon3", "virtual:dc3fc578bfa5e06182a4d2be39ede0bc5b74940b1ffe0d70c26892ab140a4699787750fba175dc306292e80b4aa2c8c5f68c2a821e69b2c37e360c0dff36ff66#npm:6.1.11"],\
             ["@fullcalendar/timegrid", "virtual:dc3fc578bfa5e06182a4d2be39ede0bc5b74940b1ffe0d70c26892ab140a4699787750fba175dc306292e80b4aa2c8c5f68c2a821e69b2c37e360c0dff36ff66#npm:6.1.11"],\
             ["@fullcalendar/vue3", "virtual:dc3fc578bfa5e06182a4d2be39ede0bc5b74940b1ffe0d70c26892ab140a4699787750fba175dc306292e80b4aa2c8c5f68c2a821e69b2c37e360c0dff36ff66#npm:6.1.11"],\
+            ["@kurkle/color", "npm:0.3.1"],\
             ["@parcel/optimizer-data-url", "npm:2.12.0"],\
             ["@parcel/transformer-inline-string", "npm:2.12.0"],\
             ["@parcel/transformer-sass", "npm:2.12.0"],\
@@ -8340,6 +8439,9 @@ function $$SETUP_STATE(hydrateRuntimeState, basePath) {
             ["browserlist", "npm:1.0.1"],\
             ["c8", "npm:9.1.0"],\
             ["caniuse-lite", "npm:1.0.30001603"],\
+            ["chart.js", "npm:4.5.1"],\
+            ["chartjs-plugin-autocolors", "virtual:dc3fc578bfa5e06182a4d2be39ede0bc5b74940b1ffe0d70c26892ab140a4699787750fba175dc306292e80b4aa2c8c5f68c2a821e69b2c37e360c0dff36ff66#npm:0.3.1"],\
+            ["chartjs-plugin-zoom", "virtual:dc3fc578bfa5e06182a4d2be39ede0bc5b74940b1ffe0d70c26892ab140a4699787750fba175dc306292e80b4aa2c8c5f68c2a821e69b2c37e360c0dff36ff66#npm:2.2.0"],\
             ["d3", "npm:7.9.0"],\
             ["eslint", "npm:8.57.0"],\
             ["eslint-config-standard", "virtual:dc3fc578bfa5e06182a4d2be39ede0bc5b74940b1ffe0d70c26892ab140a4699787750fba175dc306292e80b4aa2c8c5f68c2a821e69b2c37e360c0dff36ff66#npm:17.1.0"],\
diff --git a/.vscode/settings.json b/.vscode/settings.json
index b323cd02f7..ad6b0adc84 100644
--- a/.vscode/settings.json
+++ b/.vscode/settings.json
@@ -57,5 +57,8 @@
     "python.testing.pytestEnabled": false,
     "python.testing.unittestEnabled": false,
     "python.linting.enabled": true,
-    "python.terminal.shellIntegration.enabled": false
+    "python.terminal.shellIntegration.enabled": false,
+    "vs-kubernetes": {
+        "disable-linters": ["resource-limits"]
+    }
 }
diff --git a/.yarn/cache/@kurkle-color-npm-0.3.1-174f3d038c-e6be5c081b.zip b/.yarn/cache/@kurkle-color-npm-0.3.1-174f3d038c-e6be5c081b.zip
new file mode 100644
index 0000000000..65b1d3941c
Binary files /dev/null and b/.yarn/cache/@kurkle-color-npm-0.3.1-174f3d038c-e6be5c081b.zip differ
diff --git a/.yarn/cache/@kurkle-color-npm-0.3.4-fbd637031f-b95c6abe02.zip b/.yarn/cache/@kurkle-color-npm-0.3.4-fbd637031f-b95c6abe02.zip
new file mode 100644
index 0000000000..e4d1e3fd1d
Binary files /dev/null and b/.yarn/cache/@kurkle-color-npm-0.3.4-fbd637031f-b95c6abe02.zip differ
diff --git a/.yarn/cache/@types-hammerjs-npm-2.0.46-de99d4d9d1-caba6ec788.zip b/.yarn/cache/@types-hammerjs-npm-2.0.46-de99d4d9d1-caba6ec788.zip
new file mode 100644
index 0000000000..1babeca0a9
Binary files /dev/null and b/.yarn/cache/@types-hammerjs-npm-2.0.46-de99d4d9d1-caba6ec788.zip differ
diff --git a/.yarn/cache/chart.js-npm-4.5.1-97698d58cc-34b35b3736.zip b/.yarn/cache/chart.js-npm-4.5.1-97698d58cc-34b35b3736.zip
new file mode 100644
index 0000000000..2dba0d6d9f
Binary files /dev/null and b/.yarn/cache/chart.js-npm-4.5.1-97698d58cc-34b35b3736.zip differ
diff --git a/.yarn/cache/chartjs-plugin-autocolors-npm-0.3.1-7e93d38139-de4f87b5bb.zip b/.yarn/cache/chartjs-plugin-autocolors-npm-0.3.1-7e93d38139-de4f87b5bb.zip
new file mode 100644
index 0000000000..16cdf88399
Binary files /dev/null and b/.yarn/cache/chartjs-plugin-autocolors-npm-0.3.1-7e93d38139-de4f87b5bb.zip differ
diff --git a/.yarn/cache/chartjs-plugin-zoom-npm-2.2.0-85aea0b81e-a540e38340.zip b/.yarn/cache/chartjs-plugin-zoom-npm-2.2.0-85aea0b81e-a540e38340.zip
new file mode 100644
index 0000000000..edf50232bc
Binary files /dev/null and b/.yarn/cache/chartjs-plugin-zoom-npm-2.2.0-85aea0b81e-a540e38340.zip differ
diff --git a/.yarn/cache/hammerjs-npm-2.0.8-f656ba2573-b092da7d15.zip b/.yarn/cache/hammerjs-npm-2.0.8-f656ba2573-b092da7d15.zip
new file mode 100644
index 0000000000..36d13b6aaf
Binary files /dev/null and b/.yarn/cache/hammerjs-npm-2.0.8-f656ba2573-b092da7d15.zip differ
diff --git a/dev/build/Dockerfile b/dev/build/Dockerfile
index 71370fabee..72bdb7a7ae 100644
--- a/dev/build/Dockerfile
+++ b/dev/build/Dockerfile
@@ -1,4 +1,4 @@
-FROM ghcr.io/ietf-tools/datatracker-app-base:20260211T1901
+FROM ghcr.io/ietf-tools/datatracker-app-base:20260605T2314
 LABEL maintainer="IETF Tools Team <tools-discuss@ietf.org>"
 
 ENV DEBIAN_FRONTEND=noninteractive
diff --git a/dev/build/TARGET_BASE b/dev/build/TARGET_BASE
index 947f3790e4..7ca47fd197 100644
--- a/dev/build/TARGET_BASE
+++ b/dev/build/TARGET_BASE
@@ -1 +1 @@
-20260211T1901
+20260605T2314
diff --git a/dev/build/datatracker-start.sh b/dev/build/datatracker-start.sh
index a676415a26..012a563412 100644
--- a/dev/build/datatracker-start.sh
+++ b/dev/build/datatracker-start.sh
@@ -45,16 +45,6 @@ cleanup () {
 trap 'trap "" TERM; cleanup' TERM
 
 # start gunicorn in the background so we can trap the TERM signal
-gunicorn \
-          -c /workspace/gunicorn.conf.py \
-          --workers "${DATATRACKER_GUNICORN_WORKERS:-9}" \
-          --max-requests "${DATATRACKER_GUNICORN_MAX_REQUESTS:-32768}" \
-          --timeout "${DATATRACKER_GUNICORN_TIMEOUT:-180}" \
-          --bind :8000 \
-          --log-level "${DATATRACKER_GUNICORN_LOG_LEVEL:-info}" \
-          --capture-output \
-          --access-logfile -\
-          ${DATATRACKER_GUNICORN_EXTRA_ARGS} \
-          ietf.wsgi:application &
+gunicorn -c /workspace/gunicorn.conf.py ${DATATRACKER_GUNICORN_EXTRA_ARGS} ietf.wsgi:application &
 gunicorn_pid=$!
 wait "${gunicorn_pid}"
diff --git a/dev/build/gunicorn.conf.py b/dev/build/gunicorn.conf.py
index 9af4478685..03e81eac5e 100644
--- a/dev/build/gunicorn.conf.py
+++ b/dev/build/gunicorn.conf.py
@@ -1,4 +1,4 @@
-# Copyright The IETF Trust 2024-2025, All Rights Reserved
+# Copyright The IETF Trust 2024-2026, All Rights Reserved
 
 import os
 import ietf
@@ -12,6 +12,23 @@
 from opentelemetry.instrumentation.pymemcache import PymemcacheInstrumentor
 from opentelemetry.instrumentation.requests import RequestsInstrumentor
 
+# Bind all ipv4 interfaces (nginx uses loopback, but k8s health checks don't)
+_BIND_PORT = os.environ.get("DATATRACKER_GUNICORN_BIND_PORT", "8000")
+bind = [f"0.0.0.0:{_BIND_PORT}"]
+
+# Disable control socket
+control_socket_disable = True
+
+# Settings configurable via environment
+workers = int(os.environ.get("DATATRACKER_GUNICORN_WORKERS", "9"))
+max_requests = int(os.environ.get("DATATRACKER_GUNICORN_MAX_REQUESTS", "32768"))
+timeout = int(os.environ.get("DATATRACKER_GUNICORN_TIMEOUT", "180"))
+loglevel = os.environ.get("DATATRACKER_GUNICORN_LOG_LEVEL", "info") 
+
+# Logging / stdout capture
+capture_output = True
+accesslog = "-"
+
 # Configure security scheme headers for forwarded requests. Cloudflare sets X-Forwarded-Proto 
 # for us. Don't trust any of the other similar headers. Only trust the header if it's coming
 # from localhost, as all legitimate traffic will reach gunicorn via co-located nginx.
diff --git a/dev/deploy-to-container/package-lock.json b/dev/deploy-to-container/package-lock.json
index 0954ec9af4..5d5bef5604 100644
--- a/dev/deploy-to-container/package-lock.json
+++ b/dev/deploy-to-container/package-lock.json
@@ -6,12 +6,12 @@
     "": {
       "name": "deploy-to-container",
       "dependencies": {
-        "dockerode": "^4.0.6",
-        "fs-extra": "^11.3.0",
-        "nanoid": "5.1.5",
+        "dockerode": "^4.0.10",
+        "fs-extra": "^11.3.4",
+        "nanoid": "5.1.7",
         "nanoid-dictionary": "5.0.0",
-        "slugify": "1.6.6",
-        "tar": "^7.4.3",
+        "slugify": "1.6.9",
+        "tar": "^7.5.13",
         "yargs": "^17.7.2"
       },
       "engines": {
@@ -52,95 +52,6 @@
         "node": ">=6"
       }
     },
-    "node_modules/@isaacs/cliui": {
-      "version": "8.0.2",
-      "resolved": "https://registry.npmjs.org/@isaacs/cliui/-/cliui-8.0.2.tgz",
-      "integrity": "sha512-O8jcjabXaleOG9DQ0+ARXWZBTfnP4WNAqzuiJK7ll44AmxGKv/J2M4TPjxjY3znBCfvBXFzucm1twdyFybFqEA==",
-      "dependencies": {
-        "string-width": "^5.1.2",
-        "string-width-cjs": "npm:string-width@^4.2.0",
-        "strip-ansi": "^7.0.1",
-        "strip-ansi-cjs": "npm:strip-ansi@^6.0.1",
-        "wrap-ansi": "^8.1.0",
-        "wrap-ansi-cjs": "npm:wrap-ansi@^7.0.0"
-      },
-      "engines": {
-        "node": ">=12"
-      }
-    },
-    "node_modules/@isaacs/cliui/node_modules/ansi-regex": {
-      "version": "6.0.1",
-      "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-6.0.1.tgz",
-      "integrity": "sha512-n5M855fKb2SsfMIiFFoVrABHJC8QtHwVx+mHWP3QcEqBHYienj5dHSgjbxtC0WEZXYt4wcD6zrQElDPhFuZgfA==",
-      "engines": {
-        "node": ">=12"
-      },
-      "funding": {
-        "url": "https://github.com/chalk/ansi-regex?sponsor=1"
-      }
-    },
-    "node_modules/@isaacs/cliui/node_modules/ansi-styles": {
-      "version": "6.2.1",
-      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-6.2.1.tgz",
-      "integrity": "sha512-bN798gFfQX+viw3R7yrGWRqnrN2oRkEkUjjl4JNn4E8GxxbjtG3FbrEIIY3l8/hrwUwIeCZvi4QuOTP4MErVug==",
-      "engines": {
-        "node": ">=12"
-      },
-      "funding": {
-        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
-      }
-    },
-    "node_modules/@isaacs/cliui/node_modules/emoji-regex": {
-      "version": "9.2.2",
-      "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-9.2.2.tgz",
-      "integrity": "sha512-L18DaJsXSUk2+42pv8mLs5jJT2hqFkFE4j21wOmgbUqsZ2hL72NsUU785g9RXgo3s0ZNgVl42TiHp3ZtOv/Vyg=="
-    },
-    "node_modules/@isaacs/cliui/node_modules/string-width": {
-      "version": "5.1.2",
-      "resolved": "https://registry.npmjs.org/string-width/-/string-width-5.1.2.tgz",
-      "integrity": "sha512-HnLOCR3vjcY8beoNLtcjZ5/nxn2afmME6lhrDrebokqMap+XbeW8n9TXpPDOqdGK5qcI3oT0GKTW6wC7EMiVqA==",
-      "dependencies": {
-        "eastasianwidth": "^0.2.0",
-        "emoji-regex": "^9.2.2",
-        "strip-ansi": "^7.0.1"
-      },
-      "engines": {
-        "node": ">=12"
-      },
-      "funding": {
-        "url": "https://github.com/sponsors/sindresorhus"
-      }
-    },
-    "node_modules/@isaacs/cliui/node_modules/strip-ansi": {
-      "version": "7.1.0",
-      "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-7.1.0.tgz",
-      "integrity": "sha512-iq6eVVI64nQQTRYq2KtEg2d2uU7LElhTJwsH4YzIHZshxlgZms/wIc4VoDQTlG/IvVIrBKG06CrZnp0qv7hkcQ==",
-      "dependencies": {
-        "ansi-regex": "^6.0.1"
-      },
-      "engines": {
-        "node": ">=12"
-      },
-      "funding": {
-        "url": "https://github.com/chalk/strip-ansi?sponsor=1"
-      }
-    },
-    "node_modules/@isaacs/cliui/node_modules/wrap-ansi": {
-      "version": "8.1.0",
-      "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-8.1.0.tgz",
-      "integrity": "sha512-si7QWI6zUMq56bESFvagtmzMdGOtoxfR+Sez11Mobfc7tm+VkUckk9bW2UeffTGVUbOksxmSw0AA2gs8g71NCQ==",
-      "dependencies": {
-        "ansi-styles": "^6.1.0",
-        "string-width": "^5.0.1",
-        "strip-ansi": "^7.0.1"
-      },
-      "engines": {
-        "node": ">=12"
-      },
-      "funding": {
-        "url": "https://github.com/chalk/wrap-ansi?sponsor=1"
-      }
-    },
     "node_modules/@isaacs/fs-minipass": {
       "version": "4.0.1",
       "resolved": "https://registry.npmjs.org/@isaacs/fs-minipass/-/fs-minipass-4.0.1.tgz",
@@ -161,15 +72,6 @@
         "url": "https://opencollective.com/js-sdsl"
       }
     },
-    "node_modules/@pkgjs/parseargs": {
-      "version": "0.11.0",
-      "resolved": "https://registry.npmjs.org/@pkgjs/parseargs/-/parseargs-0.11.0.tgz",
-      "integrity": "sha512-+1VkjdD0QBLPodGrJUeqarH8VAIvQODIbwh9XpP5Syisf7YoQgsJKPNFoqqLQlu+VQ/tVSshMR6loPMn8U+dPg==",
-      "optional": true,
-      "engines": {
-        "node": ">=14"
-      }
-    },
     "node_modules/@protobufjs/aspromise": {
       "version": "1.1.2",
       "resolved": "https://registry.npmjs.org/@protobufjs/aspromise/-/aspromise-1.1.2.tgz",
@@ -258,16 +160,10 @@
       "version": "0.2.6",
       "resolved": "https://registry.npmjs.org/asn1/-/asn1-0.2.6.tgz",
       "integrity": "sha512-ix/FxPn0MDjeyJ7i/yoHGFt/EX6LyNbxSEhPPXODPL+KB0VPk86UYfL0lMdy+KCnv+fmvIzySwaK5COwqVbWTQ==",
-      "license": "MIT",
       "dependencies": {
         "safer-buffer": "~2.1.0"
       }
     },
-    "node_modules/balanced-match": {
-      "version": "1.0.2",
-      "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.2.tgz",
-      "integrity": "sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw=="
-    },
     "node_modules/base64-js": {
       "version": "1.5.1",
       "resolved": "https://registry.npmjs.org/base64-js/-/base64-js-1.5.1.tgz",
@@ -285,14 +181,12 @@
           "type": "consulting",
           "url": "https://feross.org/support"
         }
-      ],
-      "license": "MIT"
+      ]
     },
     "node_modules/bcrypt-pbkdf": {
       "version": "1.0.2",
       "resolved": "https://registry.npmjs.org/bcrypt-pbkdf/-/bcrypt-pbkdf-1.0.2.tgz",
       "integrity": "sha512-qeFIXtP4MSoi6NLqO12WfqARWWuCKi2Rn/9hJLEmtB5yTNr9DqFWkJRCf2qShWzPeAMRnOgCrq0sg/KLv5ES9w==",
-      "license": "BSD-3-Clause",
       "dependencies": {
         "tweetnacl": "^0.14.3"
       }
@@ -301,21 +195,12 @@
       "version": "4.1.0",
       "resolved": "https://registry.npmjs.org/bl/-/bl-4.1.0.tgz",
       "integrity": "sha512-1W07cM9gS6DcLperZfFSj+bWLtaPGSOHWhPiGzXmvVJbRLdG82sH/Kn8EtW1VqWVA54AKf2h5k5BbnIbwF3h6w==",
-      "license": "MIT",
       "dependencies": {
         "buffer": "^5.5.0",
         "inherits": "^2.0.4",
         "readable-stream": "^3.4.0"
       }
     },
-    "node_modules/brace-expansion": {
-      "version": "2.0.1",
-      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz",
-      "integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==",
-      "dependencies": {
-        "balanced-match": "^1.0.0"
-      }
-    },
     "node_modules/buffer": {
       "version": "5.7.1",
       "resolved": "https://registry.npmjs.org/buffer/-/buffer-5.7.1.tgz",
@@ -334,16 +219,15 @@
           "url": "https://feross.org/support"
         }
       ],
-      "license": "MIT",
       "dependencies": {
         "base64-js": "^1.3.1",
         "ieee754": "^1.1.13"
       }
     },
     "node_modules/buildcheck": {
-      "version": "0.0.6",
-      "resolved": "https://registry.npmjs.org/buildcheck/-/buildcheck-0.0.6.tgz",
-      "integrity": "sha512-8f9ZJCUXyT1M35Jx7MkBgmBMo3oHTTBIPLiY9xyL0pl3T5RwcPEY8cUHr5LBNfu/fk6c2T4DJZuVM/8ZZT2D2A==",
+      "version": "0.0.7",
+      "resolved": "https://registry.npmjs.org/buildcheck/-/buildcheck-0.0.7.tgz",
+      "integrity": "sha512-lHblz4ahamxpTmnsk+MNTRWsjYKv965MwOrSJyeD588rR3Jcu7swE+0wN5F+PbL5cjgu/9ObkhfzEPuofEMwLA==",
       "optional": true,
       "engines": {
         "node": ">=10.0.0"
@@ -352,8 +236,7 @@
     "node_modules/chownr": {
       "version": "1.1.4",
       "resolved": "https://registry.npmjs.org/chownr/-/chownr-1.1.4.tgz",
-      "integrity": "sha512-jJ0bqzaylmJtVnNgzTeSOs8DPavpbYgEr/b0YL8/2GO3xJEhInFmhKMUnEJQjZumK7KXGFhUy89PrsJWlakBVg==",
-      "license": "ISC"
+      "integrity": "sha512-jJ0bqzaylmJtVnNgzTeSOs8DPavpbYgEr/b0YL8/2GO3xJEhInFmhKMUnEJQjZumK7KXGFhUy89PrsJWlakBVg=="
     },
     "node_modules/cliui": {
       "version": "8.0.1",
@@ -398,24 +281,10 @@
         "node": ">=10.0.0"
       }
     },
-    "node_modules/cross-spawn": {
-      "version": "7.0.3",
-      "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.3.tgz",
-      "integrity": "sha512-iRDPJKUPVEND7dHPO8rkbOnPpyDygcDFtWjpeWNCgy8WP2rXcxXL8TskReQl6OrB2G7+UJrags1q15Fudc7G6w==",
-      "dependencies": {
-        "path-key": "^3.1.0",
-        "shebang-command": "^2.0.0",
-        "which": "^2.0.1"
-      },
-      "engines": {
-        "node": ">= 8"
-      }
-    },
     "node_modules/debug": {
-      "version": "4.4.0",
-      "resolved": "https://registry.npmjs.org/debug/-/debug-4.4.0.tgz",
-      "integrity": "sha512-6WTZ/IxCY/T6BALoZHaE4ctp9xm+Z5kY/pzYaCHRFeyVhojxlrm+46y68HA6hr0TcwEssoxNiDEUJQjfPZ/RYA==",
-      "license": "MIT",
+      "version": "4.4.3",
+      "resolved": "https://registry.npmjs.org/debug/-/debug-4.4.3.tgz",
+      "integrity": "sha512-RGwwWnwQvkVfavKVt22FGLw+xYSdzARwm0ru6DhTVA3umU5hZc28V3kO4stgYryrTlLpuvgI9GiijltAjNbcqA==",
       "dependencies": {
         "ms": "^2.1.3"
       },
@@ -429,10 +298,9 @@
       }
     },
     "node_modules/docker-modem": {
-      "version": "5.0.6",
-      "resolved": "https://registry.npmjs.org/docker-modem/-/docker-modem-5.0.6.tgz",
-      "integrity": "sha512-ens7BiayssQz/uAxGzH8zGXCtiV24rRWXdjNha5V4zSOcxmAZsfGVm/PPFbwQdqEkDnhG+SyR9E3zSHUbOKXBQ==",
-      "license": "Apache-2.0",
+      "version": "5.0.7",
+      "resolved": "https://registry.npmjs.org/docker-modem/-/docker-modem-5.0.7.tgz",
+      "integrity": "sha512-XJgGhoR/CLpqshm4d3L7rzH6t8NgDFUIIpztYlLHIApeJjMZKYJMz2zxPsYxnejq5h3ELYSw/RBsi3t5h7gNTA==",
       "dependencies": {
         "debug": "^4.1.1",
         "readable-stream": "^3.5.0",
@@ -444,38 +312,31 @@
       }
     },
     "node_modules/dockerode": {
-      "version": "4.0.6",
-      "resolved": "https://registry.npmjs.org/dockerode/-/dockerode-4.0.6.tgz",
-      "integrity": "sha512-FbVf3Z8fY/kALB9s+P9epCpWhfi/r0N2DgYYcYpsAUlaTxPjdsitsFobnltb+lyCgAIvf9C+4PSWlTnHlJMf1w==",
-      "license": "Apache-2.0",
+      "version": "4.0.10",
+      "resolved": "https://registry.npmjs.org/dockerode/-/dockerode-4.0.10.tgz",
+      "integrity": "sha512-8L/P9JynLBiG7/coiA4FlQXegHltRqS0a+KqI44P1zgQh8QLHTg7FKOwhkBgSJwZTeHsq30WRoVFLuwkfK0YFg==",
       "dependencies": {
         "@balena/dockerignore": "^1.0.2",
         "@grpc/grpc-js": "^1.11.1",
         "@grpc/proto-loader": "^0.7.13",
-        "docker-modem": "^5.0.6",
+        "docker-modem": "^5.0.7",
         "protobufjs": "^7.3.2",
-        "tar-fs": "~2.1.2",
+        "tar-fs": "^2.1.4",
         "uuid": "^10.0.0"
       },
       "engines": {
         "node": ">= 8.0"
       }
     },
-    "node_modules/eastasianwidth": {
-      "version": "0.2.0",
-      "resolved": "https://registry.npmjs.org/eastasianwidth/-/eastasianwidth-0.2.0.tgz",
-      "integrity": "sha512-I88TYZWc9XiYHRQ4/3c5rjjfgkjhLyW2luGIheGERbNQ6OY7yTybanSpDXZa8y7VUP9YmDcYa+eyq4ca7iLqWA=="
-    },
     "node_modules/emoji-regex": {
       "version": "8.0.0",
       "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz",
       "integrity": "sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A=="
     },
     "node_modules/end-of-stream": {
-      "version": "1.4.4",
-      "resolved": "https://registry.npmjs.org/end-of-stream/-/end-of-stream-1.4.4.tgz",
-      "integrity": "sha512-+uw1inIHVPQoaVuHzRyXd21icM+cnt4CzD5rW+NC1wjOUSTOs+Te7FOv7AhN7vS9x/oIyhLP5PR1H+phQAHu5Q==",
-      "license": "MIT",
+      "version": "1.4.5",
+      "resolved": "https://registry.npmjs.org/end-of-stream/-/end-of-stream-1.4.5.tgz",
+      "integrity": "sha512-ooEGc6HP26xXq/N+GCGOT0JKCLDGrq2bQUZrQ7gyrJiZANJ/8YDTxTpQBXGMn+WbIQXNVpyWymm7KYVICQnyOg==",
       "dependencies": {
         "once": "^1.4.0"
       }
@@ -488,32 +349,15 @@
         "node": ">=6"
       }
     },
-    "node_modules/foreground-child": {
-      "version": "3.1.1",
-      "resolved": "https://registry.npmjs.org/foreground-child/-/foreground-child-3.1.1.tgz",
-      "integrity": "sha512-TMKDUnIte6bfb5nWv7V/caI169OHgvwjb7V4WkeUvbQQdjr5rWKqHFiKWb/fcOwB+CzBT+qbWjvj+DVwRskpIg==",
-      "dependencies": {
-        "cross-spawn": "^7.0.0",
-        "signal-exit": "^4.0.1"
-      },
-      "engines": {
-        "node": ">=14"
-      },
-      "funding": {
-        "url": "https://github.com/sponsors/isaacs"
-      }
-    },
     "node_modules/fs-constants": {
       "version": "1.0.0",
       "resolved": "https://registry.npmjs.org/fs-constants/-/fs-constants-1.0.0.tgz",
-      "integrity": "sha512-y6OAwoSIf7FyjMIv94u+b5rdheZEjzR63GTyZJm5qh4Bi+2YgwLCcI/fPFZkL5PSixOt6ZNKm+w+Hfp/Bciwow==",
-      "license": "MIT"
+      "integrity": "sha512-y6OAwoSIf7FyjMIv94u+b5rdheZEjzR63GTyZJm5qh4Bi+2YgwLCcI/fPFZkL5PSixOt6ZNKm+w+Hfp/Bciwow=="
     },
     "node_modules/fs-extra": {
-      "version": "11.3.0",
-      "resolved": "https://registry.npmjs.org/fs-extra/-/fs-extra-11.3.0.tgz",
-      "integrity": "sha512-Z4XaCL6dUDHfP/jT25jJKMmtxvuwbkrD1vNSMFlo9lNLY2c5FHYSQgHPRZUjAB26TpDEoW9HCOgplrdbaPV/ew==",
-      "license": "MIT",
+      "version": "11.3.4",
+      "resolved": "https://registry.npmjs.org/fs-extra/-/fs-extra-11.3.4.tgz",
+      "integrity": "sha512-CTXd6rk/M3/ULNQj8FBqBWHYBVYybQ3VPBw0xGKFe3tuH7ytT6ACnvzpIQ3UZtB8yvUKC2cXn1a+x+5EVQLovA==",
       "dependencies": {
         "graceful-fs": "^4.2.0",
         "jsonfile": "^6.0.1",
@@ -531,27 +375,6 @@
         "node": "6.* || 8.* || >= 10.*"
       }
     },
-    "node_modules/glob": {
-      "version": "10.3.12",
-      "resolved": "https://registry.npmjs.org/glob/-/glob-10.3.12.tgz",
-      "integrity": "sha512-TCNv8vJ+xz4QiqTpfOJA7HvYv+tNIRHKfUWw/q+v2jdgN4ebz+KY9tGx5J4rHP0o84mNP+ApH66HRX8us3Khqg==",
-      "dependencies": {
-        "foreground-child": "^3.1.0",
-        "jackspeak": "^2.3.6",
-        "minimatch": "^9.0.1",
-        "minipass": "^7.0.4",
-        "path-scurry": "^1.10.2"
-      },
-      "bin": {
-        "glob": "dist/esm/bin.mjs"
-      },
-      "engines": {
-        "node": ">=16 || 14 >=14.17"
-      },
-      "funding": {
-        "url": "https://github.com/sponsors/isaacs"
-      }
-    },
     "node_modules/graceful-fs": {
       "version": "4.2.10",
       "resolved": "https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.2.10.tgz",
@@ -574,8 +397,7 @@
           "type": "consulting",
           "url": "https://feross.org/support"
         }
-      ],
-      "license": "BSD-3-Clause"
+      ]
     },
     "node_modules/inherits": {
       "version": "2.0.4",
@@ -590,28 +412,6 @@
         "node": ">=8"
       }
     },
-    "node_modules/isexe": {
-      "version": "2.0.0",
-      "resolved": "https://registry.npmjs.org/isexe/-/isexe-2.0.0.tgz",
-      "integrity": "sha512-RHxMLp9lnKHGHRng9QFhRCMbYAcVpn69smSGcq3f36xjgVVWThj4qqLbTLlq7Ssj8B+fIQ1EuCEGI2lKsyQeIw=="
-    },
-    "node_modules/jackspeak": {
-      "version": "2.3.6",
-      "resolved": "https://registry.npmjs.org/jackspeak/-/jackspeak-2.3.6.tgz",
-      "integrity": "sha512-N3yCS/NegsOBokc8GAdM8UcmfsKiSS8cipheD/nivzr700H+nsMOxJjQnvwOcRYVuFkdH0wGUvW2WbXGmrZGbQ==",
-      "dependencies": {
-        "@isaacs/cliui": "^8.0.2"
-      },
-      "engines": {
-        "node": ">=14"
-      },
-      "funding": {
-        "url": "https://github.com/sponsors/isaacs"
-      },
-      "optionalDependencies": {
-        "@pkgjs/parseargs": "^0.11.0"
-      }
-    },
     "node_modules/jsonfile": {
       "version": "6.1.0",
       "resolved": "https://registry.npmjs.org/jsonfile/-/jsonfile-6.1.0.tgz",
@@ -633,28 +433,6 @@
       "resolved": "https://registry.npmjs.org/long/-/long-5.2.4.tgz",
       "integrity": "sha512-qtzLbJE8hq7VabR3mISmVGtoXP8KGc2Z/AT8OuqlYD7JTR3oqrgwdjnk07wpj1twXxYmgDXgoKVWUG/fReSzHg=="
     },
-    "node_modules/lru-cache": {
-      "version": "10.2.2",
-      "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-10.2.2.tgz",
-      "integrity": "sha512-9hp3Vp2/hFQUiIwKo8XCeFVnrg8Pk3TYNPIR7tJADKi5YfcF7vEaK7avFHTlSy3kOKYaJQaalfEo6YuXdceBOQ==",
-      "engines": {
-        "node": "14 || >=16.14"
-      }
-    },
-    "node_modules/minimatch": {
-      "version": "9.0.4",
-      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.4.tgz",
-      "integrity": "sha512-KqWh+VchfxcMNRAJjj2tnsSJdNbHsVgnkBhTNrW7AjVo6OvLtxw8zfT9oLw1JSohlFzJ8jCoTgaoXvJ+kHt6fw==",
-      "dependencies": {
-        "brace-expansion": "^2.0.1"
-      },
-      "engines": {
-        "node": ">=16 || 14 >=14.17"
-      },
-      "funding": {
-        "url": "https://github.com/sponsors/isaacs"
-      }
-    },
     "node_modules/minipass": {
       "version": "7.1.2",
       "resolved": "https://registry.npmjs.org/minipass/-/minipass-7.1.2.tgz",
@@ -664,61 +442,42 @@
       }
     },
     "node_modules/minizlib": {
-      "version": "3.0.1",
-      "resolved": "https://registry.npmjs.org/minizlib/-/minizlib-3.0.1.tgz",
-      "integrity": "sha512-umcy022ILvb5/3Djuu8LWeqUa8D68JaBzlttKeMWen48SjabqS3iY5w/vzeMzMUNhLDifyhbOwKDSznB1vvrwg==",
+      "version": "3.1.0",
+      "resolved": "https://registry.npmjs.org/minizlib/-/minizlib-3.1.0.tgz",
+      "integrity": "sha512-KZxYo1BUkWD2TVFLr0MQoM8vUUigWD3LlD83a/75BqC+4qE0Hb1Vo5v1FgcfaNXvfXzr+5EhQ6ing/CaBijTlw==",
       "dependencies": {
-        "minipass": "^7.0.4",
-        "rimraf": "^5.0.5"
+        "minipass": "^7.1.2"
       },
       "engines": {
         "node": ">= 18"
       }
     },
-    "node_modules/mkdirp": {
-      "version": "3.0.1",
-      "resolved": "https://registry.npmjs.org/mkdirp/-/mkdirp-3.0.1.tgz",
-      "integrity": "sha512-+NsyUUAZDmo6YVHzL/stxSu3t9YS1iljliy3BSDrXJ/dkn1KYdmtZODGGjLcc9XLgVVpH4KshHB8XmZgMhaBXg==",
-      "bin": {
-        "mkdirp": "dist/cjs/src/bin.js"
-      },
-      "engines": {
-        "node": ">=10"
-      },
-      "funding": {
-        "url": "https://github.com/sponsors/isaacs"
-      }
-    },
     "node_modules/mkdirp-classic": {
       "version": "0.5.3",
       "resolved": "https://registry.npmjs.org/mkdirp-classic/-/mkdirp-classic-0.5.3.tgz",
-      "integrity": "sha512-gKLcREMhtuZRwRAfqP3RFW+TK4JqApVBtOIftVgjuABpAtpxhPGaDcfvbhNvD0B8iD1oUr/txX35NjcaY6Ns/A==",
-      "license": "MIT"
+      "integrity": "sha512-gKLcREMhtuZRwRAfqP3RFW+TK4JqApVBtOIftVgjuABpAtpxhPGaDcfvbhNvD0B8iD1oUr/txX35NjcaY6Ns/A=="
     },
     "node_modules/ms": {
       "version": "2.1.3",
       "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz",
-      "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==",
-      "license": "MIT"
+      "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA=="
     },
     "node_modules/nan": {
-      "version": "2.22.0",
-      "resolved": "https://registry.npmjs.org/nan/-/nan-2.22.0.tgz",
-      "integrity": "sha512-nbajikzWTMwsW+eSsNm3QwlOs7het9gGJU5dDZzRTQGk03vyBOauxgI4VakDzE0PtsGTmXPsXTbbjVhRwR5mpw==",
-      "license": "MIT",
+      "version": "2.26.2",
+      "resolved": "https://registry.npmjs.org/nan/-/nan-2.26.2.tgz",
+      "integrity": "sha512-0tTvBTYkt3tdGw22nrAy50x7gpbGCCFH3AFcyS5WiUu7Eu4vWlri1woE6qHBSfy11vksDqkiwjOnlR7WV8G1Hw==",
       "optional": true
     },
     "node_modules/nanoid": {
-      "version": "5.1.5",
-      "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-5.1.5.tgz",
-      "integrity": "sha512-Ir/+ZpE9fDsNH0hQ3C68uyThDXzYcim2EqcZ8zn8Chtt1iylPT9xXJB0kPCnqzgcEGikO9RxSrh63MsmVCU7Fw==",
+      "version": "5.1.7",
+      "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-5.1.7.tgz",
+      "integrity": "sha512-ua3NDgISf6jdwezAheMOk4mbE1LXjm1DfMUDMuJf4AqxLFK3ccGpgWizwa5YV7Yz9EpXwEaWoRXSb/BnV0t5dQ==",
       "funding": [
         {
           "type": "github",
           "url": "https://github.com/sponsors/ai"
         }
       ],
-      "license": "MIT",
       "bin": {
         "nanoid": "bin/nanoid.js"
       },
@@ -736,34 +495,10 @@
       "version": "1.4.0",
       "resolved": "https://registry.npmjs.org/once/-/once-1.4.0.tgz",
       "integrity": "sha512-lNaJgI+2Q5URQBkccEKHTQOPaXdUxnZZElQTZY0MFUAuaEqe1E+Nyvgdz/aIyNi6Z9MzO5dv1H8n58/GELp3+w==",
-      "license": "ISC",
       "dependencies": {
         "wrappy": "1"
       }
     },
-    "node_modules/path-key": {
-      "version": "3.1.1",
-      "resolved": "https://registry.npmjs.org/path-key/-/path-key-3.1.1.tgz",
-      "integrity": "sha512-ojmeN0qd+y0jszEtoY48r0Peq5dwMEkIlCOu6Q5f41lfkswXuKtYrhgoTpLnyIcHm24Uhqx+5Tqm2InSwLhE6Q==",
-      "engines": {
-        "node": ">=8"
-      }
-    },
-    "node_modules/path-scurry": {
-      "version": "1.10.2",
-      "resolved": "https://registry.npmjs.org/path-scurry/-/path-scurry-1.10.2.tgz",
-      "integrity": "sha512-7xTavNy5RQXnsjANvVvMkEjvloOinkAjv/Z6Ildz9v2RinZ4SBKTWFOVRbaF8p0vpHnyjV/UwNDdKuUv6M5qcA==",
-      "dependencies": {
-        "lru-cache": "^10.2.0",
-        "minipass": "^5.0.0 || ^6.0.2 || ^7.0.0"
-      },
-      "engines": {
-        "node": ">=16 || 14 >=14.17"
-      },
-      "funding": {
-        "url": "https://github.com/sponsors/isaacs"
-      }
-    },
     "node_modules/protobufjs": {
       "version": "7.4.0",
       "resolved": "https://registry.npmjs.org/protobufjs/-/protobufjs-7.4.0.tgz",
@@ -788,10 +523,9 @@
       }
     },
     "node_modules/pump": {
-      "version": "3.0.2",
-      "resolved": "https://registry.npmjs.org/pump/-/pump-3.0.2.tgz",
-      "integrity": "sha512-tUPXtzlGM8FE3P0ZL6DVs/3P58k9nk8/jZeQCurTJylQA8qFYzHFfhBJkuqyE0FifOsQ0uKWekiZ5g8wtr28cw==",
-      "license": "MIT",
+      "version": "3.0.4",
+      "resolved": "https://registry.npmjs.org/pump/-/pump-3.0.4.tgz",
+      "integrity": "sha512-VS7sjc6KR7e1ukRFhQSY5LM2uBWAUPiOPa/A3mkKmiMwSmRFUITt0xuj+/lesgnCv+dPIEYlkzrcyXgquIHMcA==",
       "dependencies": {
         "end-of-stream": "^1.1.0",
         "once": "^1.3.1"
@@ -818,23 +552,6 @@
         "node": ">=0.10.0"
       }
     },
-    "node_modules/rimraf": {
-      "version": "5.0.5",
-      "resolved": "https://registry.npmjs.org/rimraf/-/rimraf-5.0.5.tgz",
-      "integrity": "sha512-CqDakW+hMe/Bz202FPEymy68P+G50RfMQK+Qo5YUqc9SPipvbGjCGKd0RSKEelbsfQuw3g5NZDSrlZZAJurH1A==",
-      "dependencies": {
-        "glob": "^10.3.7"
-      },
-      "bin": {
-        "rimraf": "dist/esm/bin.mjs"
-      },
-      "engines": {
-        "node": ">=14"
-      },
-      "funding": {
-        "url": "https://github.com/sponsors/isaacs"
-      }
-    },
     "node_modules/safe-buffer": {
       "version": "5.2.1",
       "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz",
@@ -857,43 +574,12 @@
     "node_modules/safer-buffer": {
       "version": "2.1.2",
       "resolved": "https://registry.npmjs.org/safer-buffer/-/safer-buffer-2.1.2.tgz",
-      "integrity": "sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg==",
-      "license": "MIT"
-    },
-    "node_modules/shebang-command": {
-      "version": "2.0.0",
-      "resolved": "https://registry.npmjs.org/shebang-command/-/shebang-command-2.0.0.tgz",
-      "integrity": "sha512-kHxr2zZpYtdmrN1qDjrrX/Z1rR1kG8Dx+gkpK1G4eXmvXswmcE1hTWBWYUzlraYw1/yZp6YuDY77YtvbN0dmDA==",
-      "dependencies": {
-        "shebang-regex": "^3.0.0"
-      },
-      "engines": {
-        "node": ">=8"
-      }
-    },
-    "node_modules/shebang-regex": {
-      "version": "3.0.0",
-      "resolved": "https://registry.npmjs.org/shebang-regex/-/shebang-regex-3.0.0.tgz",
-      "integrity": "sha512-7++dFhtcx3353uBaq8DDR4NuxBetBzC7ZQOhmTQInHEd6bSrXdiEyzCvG07Z44UYdLShWUyXt5M/yhz8ekcb1A==",
-      "engines": {
-        "node": ">=8"
-      }
-    },
-    "node_modules/signal-exit": {
-      "version": "4.1.0",
-      "resolved": "https://registry.npmjs.org/signal-exit/-/signal-exit-4.1.0.tgz",
-      "integrity": "sha512-bzyZ1e88w9O1iNJbKnOlvYTrWPDl46O1bG0D3XInv+9tkPrxrN8jUUTiFlDkkmKWgn1M6CfIA13SuGqOa9Korw==",
-      "engines": {
-        "node": ">=14"
-      },
-      "funding": {
-        "url": "https://github.com/sponsors/isaacs"
-      }
+      "integrity": "sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg=="
     },
     "node_modules/slugify": {
-      "version": "1.6.6",
-      "resolved": "https://registry.npmjs.org/slugify/-/slugify-1.6.6.tgz",
-      "integrity": "sha512-h+z7HKHYXj6wJU+AnS/+IH8Uh9fdcX1Lrhg1/VMdf9PwoBQXFcXiAdsy2tSK0P6gKwJLXp02r90ahUCqHk9rrw==",
+      "version": "1.6.9",
+      "resolved": "https://registry.npmjs.org/slugify/-/slugify-1.6.9.tgz",
+      "integrity": "sha512-vZ7rfeehZui7wQs438JXBckYLkIIdfHOXsaVEUMyS5fHo1483l1bMdo0EDSWYclY0yZKFOipDy4KHuKs6ssvdg==",
       "engines": {
         "node": ">=8.0.0"
       }
@@ -901,13 +587,12 @@
     "node_modules/split-ca": {
       "version": "1.0.1",
       "resolved": "https://registry.npmjs.org/split-ca/-/split-ca-1.0.1.tgz",
-      "integrity": "sha512-Q5thBSxp5t8WPTTJQS59LrGqOZqOsrhDGDVm8azCqIBjSBd7nd9o2PM+mDulQQkh8h//4U6hFZnc/mul8t5pWQ==",
-      "license": "ISC"
+      "integrity": "sha512-Q5thBSxp5t8WPTTJQS59LrGqOZqOsrhDGDVm8azCqIBjSBd7nd9o2PM+mDulQQkh8h//4U6hFZnc/mul8t5pWQ=="
     },
     "node_modules/ssh2": {
-      "version": "1.16.0",
-      "resolved": "https://registry.npmjs.org/ssh2/-/ssh2-1.16.0.tgz",
-      "integrity": "sha512-r1X4KsBGedJqo7h8F5c4Ybpcr5RjyP+aWIG007uBPRjmdQWfEiVLzSK71Zji1B9sKxwaCvD8y8cwSkYrlLiRRg==",
+      "version": "1.17.0",
+      "resolved": "https://registry.npmjs.org/ssh2/-/ssh2-1.17.0.tgz",
+      "integrity": "sha512-wPldCk3asibAjQ/kziWQQt1Wh3PgDFpC0XpwclzKcdT1vql6KeYxf5LIt4nlFkUeR8WuphYMKqUA56X4rjbfgQ==",
       "hasInstallScript": true,
       "dependencies": {
         "asn1": "^0.2.6",
@@ -918,7 +603,7 @@
       },
       "optionalDependencies": {
         "cpu-features": "~0.0.10",
-        "nan": "^2.20.0"
+        "nan": "^2.23.0"
       }
     },
     "node_modules/string_decoder": {
@@ -942,20 +627,6 @@
         "node": ">=8"
       }
     },
-    "node_modules/string-width-cjs": {
-      "name": "string-width",
-      "version": "4.2.3",
-      "resolved": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz",
-      "integrity": "sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g==",
-      "dependencies": {
-        "emoji-regex": "^8.0.0",
-        "is-fullwidth-code-point": "^3.0.0",
-        "strip-ansi": "^6.0.1"
-      },
-      "engines": {
-        "node": ">=8"
-      }
-    },
     "node_modules/strip-ansi": {
       "version": "6.0.1",
       "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz",
@@ -967,28 +638,15 @@
         "node": ">=8"
       }
     },
-    "node_modules/strip-ansi-cjs": {
-      "name": "strip-ansi",
-      "version": "6.0.1",
-      "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz",
-      "integrity": "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==",
-      "dependencies": {
-        "ansi-regex": "^5.0.1"
-      },
-      "engines": {
-        "node": ">=8"
-      }
-    },
     "node_modules/tar": {
-      "version": "7.4.3",
-      "resolved": "https://registry.npmjs.org/tar/-/tar-7.4.3.tgz",
-      "integrity": "sha512-5S7Va8hKfV7W5U6g3aYxXmlPoZVAwUMy9AOKyF2fVuZa2UD3qZjg578OrLRt8PcNN1PleVaL/5/yYATNL0ICUw==",
+      "version": "7.5.13",
+      "resolved": "https://registry.npmjs.org/tar/-/tar-7.5.13.tgz",
+      "integrity": "sha512-tOG/7GyXpFevhXVh8jOPJrmtRpOTsYqUIkVdVooZYJS/z8WhfQUX8RJILmeuJNinGAMSu1veBr4asSHFt5/hng==",
       "dependencies": {
         "@isaacs/fs-minipass": "^4.0.0",
         "chownr": "^3.0.0",
         "minipass": "^7.1.2",
-        "minizlib": "^3.0.1",
-        "mkdirp": "^3.0.1",
+        "minizlib": "^3.1.0",
         "yallist": "^5.0.0"
       },
       "engines": {
@@ -996,10 +654,9 @@
       }
     },
     "node_modules/tar-fs": {
-      "version": "2.1.2",
-      "resolved": "https://registry.npmjs.org/tar-fs/-/tar-fs-2.1.2.tgz",
-      "integrity": "sha512-EsaAXwxmx8UB7FRKqeozqEPop69DXcmYwTQwXvyAPF352HJsPdkVhvTaDPYqfNgruveJIJy3TA2l+2zj8LJIJA==",
-      "license": "MIT",
+      "version": "2.1.4",
+      "resolved": "https://registry.npmjs.org/tar-fs/-/tar-fs-2.1.4.tgz",
+      "integrity": "sha512-mDAjwmZdh7LTT6pNleZ05Yt65HC3E+NiQzl672vQG38jIrehtJk/J3mNwIg+vShQPcLF/LV7CMnDW6vjj6sfYQ==",
       "dependencies": {
         "chownr": "^1.1.1",
         "mkdirp-classic": "^0.5.2",
@@ -1011,7 +668,6 @@
       "version": "2.2.0",
       "resolved": "https://registry.npmjs.org/tar-stream/-/tar-stream-2.2.0.tgz",
       "integrity": "sha512-ujeqbceABgwMZxEJnk2HDY2DlnUZ+9oEcb1KzTVfYHio0UE6dG71n60d8D2I4qNvleWrrXpmjpt7vZeF1LnMZQ==",
-      "license": "MIT",
       "dependencies": {
         "bl": "^4.0.3",
         "end-of-stream": "^1.4.1",
@@ -1034,8 +690,7 @@
     "node_modules/tweetnacl": {
       "version": "0.14.5",
       "resolved": "https://registry.npmjs.org/tweetnacl/-/tweetnacl-0.14.5.tgz",
-      "integrity": "sha512-KXXFFdAbFXY4geFIwoyNK+f5Z1b7swfXABfL7HXCmoIWMKU3dmS26672A4EeQtDzLKy7SXmfBu51JolvEKwtGA==",
-      "license": "Unlicense"
+      "integrity": "sha512-KXXFFdAbFXY4geFIwoyNK+f5Z1b7swfXABfL7HXCmoIWMKU3dmS26672A4EeQtDzLKy7SXmfBu51JolvEKwtGA=="
     },
     "node_modules/undici-types": {
       "version": "6.20.0",
@@ -1067,20 +722,6 @@
         "uuid": "dist/bin/uuid"
       }
     },
-    "node_modules/which": {
-      "version": "2.0.2",
-      "resolved": "https://registry.npmjs.org/which/-/which-2.0.2.tgz",
-      "integrity": "sha512-BLI3Tl1TW3Pvl70l3yq3Y64i+awpwXqsGBYWkkqMtnbXgrMD+yj7rhW0kuEDxzJaYXGjEW5ogapKNMEKNMjibA==",
-      "dependencies": {
-        "isexe": "^2.0.0"
-      },
-      "bin": {
-        "node-which": "bin/node-which"
-      },
-      "engines": {
-        "node": ">= 8"
-      }
-    },
     "node_modules/wrap-ansi": {
       "version": "7.0.0",
       "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-7.0.0.tgz",
@@ -1097,28 +738,10 @@
         "url": "https://github.com/chalk/wrap-ansi?sponsor=1"
       }
     },
-    "node_modules/wrap-ansi-cjs": {
-      "name": "wrap-ansi",
-      "version": "7.0.0",
-      "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-7.0.0.tgz",
-      "integrity": "sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q==",
-      "dependencies": {
-        "ansi-styles": "^4.0.0",
-        "string-width": "^4.1.0",
-        "strip-ansi": "^6.0.0"
-      },
-      "engines": {
-        "node": ">=10"
-      },
-      "funding": {
-        "url": "https://github.com/chalk/wrap-ansi?sponsor=1"
-      }
-    },
     "node_modules/wrappy": {
       "version": "1.0.2",
       "resolved": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz",
-      "integrity": "sha512-l4Sp/DRseor9wL6EvV2+TuQn63dMkPjZ/sp9XkghTEbV9KlPS1xUsZ3u7/IQO4wxtcFB4bgpQPRcR3QCvezPcQ==",
-      "license": "ISC"
+      "integrity": "sha512-l4Sp/DRseor9wL6EvV2+TuQn63dMkPjZ/sp9XkghTEbV9KlPS1xUsZ3u7/IQO4wxtcFB4bgpQPRcR3QCvezPcQ=="
     },
     "node_modules/y18n": {
       "version": "5.0.8",
@@ -1188,64 +811,6 @@
         "yargs": "^17.7.2"
       }
     },
-    "@isaacs/cliui": {
-      "version": "8.0.2",
-      "resolved": "https://registry.npmjs.org/@isaacs/cliui/-/cliui-8.0.2.tgz",
-      "integrity": "sha512-O8jcjabXaleOG9DQ0+ARXWZBTfnP4WNAqzuiJK7ll44AmxGKv/J2M4TPjxjY3znBCfvBXFzucm1twdyFybFqEA==",
-      "requires": {
-        "string-width": "^5.1.2",
-        "string-width-cjs": "npm:string-width@^4.2.0",
-        "strip-ansi": "^7.0.1",
-        "strip-ansi-cjs": "npm:strip-ansi@^6.0.1",
-        "wrap-ansi": "^8.1.0",
-        "wrap-ansi-cjs": "npm:wrap-ansi@^7.0.0"
-      },
-      "dependencies": {
-        "ansi-regex": {
-          "version": "6.0.1",
-          "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-6.0.1.tgz",
-          "integrity": "sha512-n5M855fKb2SsfMIiFFoVrABHJC8QtHwVx+mHWP3QcEqBHYienj5dHSgjbxtC0WEZXYt4wcD6zrQElDPhFuZgfA=="
-        },
-        "ansi-styles": {
-          "version": "6.2.1",
-          "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-6.2.1.tgz",
-          "integrity": "sha512-bN798gFfQX+viw3R7yrGWRqnrN2oRkEkUjjl4JNn4E8GxxbjtG3FbrEIIY3l8/hrwUwIeCZvi4QuOTP4MErVug=="
-        },
-        "emoji-regex": {
-          "version": "9.2.2",
-          "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-9.2.2.tgz",
-          "integrity": "sha512-L18DaJsXSUk2+42pv8mLs5jJT2hqFkFE4j21wOmgbUqsZ2hL72NsUU785g9RXgo3s0ZNgVl42TiHp3ZtOv/Vyg=="
-        },
-        "string-width": {
-          "version": "5.1.2",
-          "resolved": "https://registry.npmjs.org/string-width/-/string-width-5.1.2.tgz",
-          "integrity": "sha512-HnLOCR3vjcY8beoNLtcjZ5/nxn2afmME6lhrDrebokqMap+XbeW8n9TXpPDOqdGK5qcI3oT0GKTW6wC7EMiVqA==",
-          "requires": {
-            "eastasianwidth": "^0.2.0",
-            "emoji-regex": "^9.2.2",
-            "strip-ansi": "^7.0.1"
-          }
-        },
-        "strip-ansi": {
-          "version": "7.1.0",
-          "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-7.1.0.tgz",
-          "integrity": "sha512-iq6eVVI64nQQTRYq2KtEg2d2uU7LElhTJwsH4YzIHZshxlgZms/wIc4VoDQTlG/IvVIrBKG06CrZnp0qv7hkcQ==",
-          "requires": {
-            "ansi-regex": "^6.0.1"
-          }
-        },
-        "wrap-ansi": {
-          "version": "8.1.0",
-          "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-8.1.0.tgz",
-          "integrity": "sha512-si7QWI6zUMq56bESFvagtmzMdGOtoxfR+Sez11Mobfc7tm+VkUckk9bW2UeffTGVUbOksxmSw0AA2gs8g71NCQ==",
-          "requires": {
-            "ansi-styles": "^6.1.0",
-            "string-width": "^5.0.1",
-            "strip-ansi": "^7.0.1"
-          }
-        }
-      }
-    },
     "@isaacs/fs-minipass": {
       "version": "4.0.1",
       "resolved": "https://registry.npmjs.org/@isaacs/fs-minipass/-/fs-minipass-4.0.1.tgz",
@@ -1259,12 +824,6 @@
       "resolved": "https://registry.npmjs.org/@js-sdsl/ordered-map/-/ordered-map-4.4.2.tgz",
       "integrity": "sha512-iUKgm52T8HOE/makSxjqoWhe95ZJA1/G1sYsGev2JDKUSS14KAgg1LHb+Ba+IPow0xflbnSkOsZcO08C7w1gYw=="
     },
-    "@pkgjs/parseargs": {
-      "version": "0.11.0",
-      "resolved": "https://registry.npmjs.org/@pkgjs/parseargs/-/parseargs-0.11.0.tgz",
-      "integrity": "sha512-+1VkjdD0QBLPodGrJUeqarH8VAIvQODIbwh9XpP5Syisf7YoQgsJKPNFoqqLQlu+VQ/tVSshMR6loPMn8U+dPg==",
-      "optional": true
-    },
     "@protobufjs/aspromise": {
       "version": "1.1.2",
       "resolved": "https://registry.npmjs.org/@protobufjs/aspromise/-/aspromise-1.1.2.tgz",
@@ -1348,11 +907,6 @@
         "safer-buffer": "~2.1.0"
       }
     },
-    "balanced-match": {
-      "version": "1.0.2",
-      "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.2.tgz",
-      "integrity": "sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw=="
-    },
     "base64-js": {
       "version": "1.5.1",
       "resolved": "https://registry.npmjs.org/base64-js/-/base64-js-1.5.1.tgz",
@@ -1376,14 +930,6 @@
         "readable-stream": "^3.4.0"
       }
     },
-    "brace-expansion": {
-      "version": "2.0.1",
-      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz",
-      "integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==",
-      "requires": {
-        "balanced-match": "^1.0.0"
-      }
-    },
     "buffer": {
       "version": "5.7.1",
       "resolved": "https://registry.npmjs.org/buffer/-/buffer-5.7.1.tgz",
@@ -1394,9 +940,9 @@
       }
     },
     "buildcheck": {
-      "version": "0.0.6",
-      "resolved": "https://registry.npmjs.org/buildcheck/-/buildcheck-0.0.6.tgz",
-      "integrity": "sha512-8f9ZJCUXyT1M35Jx7MkBgmBMo3oHTTBIPLiY9xyL0pl3T5RwcPEY8cUHr5LBNfu/fk6c2T4DJZuVM/8ZZT2D2A==",
+      "version": "0.0.7",
+      "resolved": "https://registry.npmjs.org/buildcheck/-/buildcheck-0.0.7.tgz",
+      "integrity": "sha512-lHblz4ahamxpTmnsk+MNTRWsjYKv965MwOrSJyeD588rR3Jcu7swE+0wN5F+PbL5cjgu/9ObkhfzEPuofEMwLA==",
       "optional": true
     },
     "chownr": {
@@ -1437,28 +983,18 @@
         "nan": "^2.19.0"
       }
     },
-    "cross-spawn": {
-      "version": "7.0.3",
-      "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.3.tgz",
-      "integrity": "sha512-iRDPJKUPVEND7dHPO8rkbOnPpyDygcDFtWjpeWNCgy8WP2rXcxXL8TskReQl6OrB2G7+UJrags1q15Fudc7G6w==",
-      "requires": {
-        "path-key": "^3.1.0",
-        "shebang-command": "^2.0.0",
-        "which": "^2.0.1"
-      }
-    },
     "debug": {
-      "version": "4.4.0",
-      "resolved": "https://registry.npmjs.org/debug/-/debug-4.4.0.tgz",
-      "integrity": "sha512-6WTZ/IxCY/T6BALoZHaE4ctp9xm+Z5kY/pzYaCHRFeyVhojxlrm+46y68HA6hr0TcwEssoxNiDEUJQjfPZ/RYA==",
+      "version": "4.4.3",
+      "resolved": "https://registry.npmjs.org/debug/-/debug-4.4.3.tgz",
+      "integrity": "sha512-RGwwWnwQvkVfavKVt22FGLw+xYSdzARwm0ru6DhTVA3umU5hZc28V3kO4stgYryrTlLpuvgI9GiijltAjNbcqA==",
       "requires": {
         "ms": "^2.1.3"
       }
     },
     "docker-modem": {
-      "version": "5.0.6",
-      "resolved": "https://registry.npmjs.org/docker-modem/-/docker-modem-5.0.6.tgz",
-      "integrity": "sha512-ens7BiayssQz/uAxGzH8zGXCtiV24rRWXdjNha5V4zSOcxmAZsfGVm/PPFbwQdqEkDnhG+SyR9E3zSHUbOKXBQ==",
+      "version": "5.0.7",
+      "resolved": "https://registry.npmjs.org/docker-modem/-/docker-modem-5.0.7.tgz",
+      "integrity": "sha512-XJgGhoR/CLpqshm4d3L7rzH6t8NgDFUIIpztYlLHIApeJjMZKYJMz2zxPsYxnejq5h3ELYSw/RBsi3t5h7gNTA==",
       "requires": {
         "debug": "^4.1.1",
         "readable-stream": "^3.5.0",
@@ -1467,33 +1003,28 @@
       }
     },
     "dockerode": {
-      "version": "4.0.6",
-      "resolved": "https://registry.npmjs.org/dockerode/-/dockerode-4.0.6.tgz",
-      "integrity": "sha512-FbVf3Z8fY/kALB9s+P9epCpWhfi/r0N2DgYYcYpsAUlaTxPjdsitsFobnltb+lyCgAIvf9C+4PSWlTnHlJMf1w==",
+      "version": "4.0.10",
+      "resolved": "https://registry.npmjs.org/dockerode/-/dockerode-4.0.10.tgz",
+      "integrity": "sha512-8L/P9JynLBiG7/coiA4FlQXegHltRqS0a+KqI44P1zgQh8QLHTg7FKOwhkBgSJwZTeHsq30WRoVFLuwkfK0YFg==",
       "requires": {
         "@balena/dockerignore": "^1.0.2",
         "@grpc/grpc-js": "^1.11.1",
         "@grpc/proto-loader": "^0.7.13",
-        "docker-modem": "^5.0.6",
+        "docker-modem": "^5.0.7",
         "protobufjs": "^7.3.2",
-        "tar-fs": "~2.1.2",
+        "tar-fs": "^2.1.4",
         "uuid": "^10.0.0"
       }
     },
-    "eastasianwidth": {
-      "version": "0.2.0",
-      "resolved": "https://registry.npmjs.org/eastasianwidth/-/eastasianwidth-0.2.0.tgz",
-      "integrity": "sha512-I88TYZWc9XiYHRQ4/3c5rjjfgkjhLyW2luGIheGERbNQ6OY7yTybanSpDXZa8y7VUP9YmDcYa+eyq4ca7iLqWA=="
-    },
     "emoji-regex": {
       "version": "8.0.0",
       "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz",
       "integrity": "sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A=="
     },
     "end-of-stream": {
-      "version": "1.4.4",
-      "resolved": "https://registry.npmjs.org/end-of-stream/-/end-of-stream-1.4.4.tgz",
-      "integrity": "sha512-+uw1inIHVPQoaVuHzRyXd21icM+cnt4CzD5rW+NC1wjOUSTOs+Te7FOv7AhN7vS9x/oIyhLP5PR1H+phQAHu5Q==",
+      "version": "1.4.5",
+      "resolved": "https://registry.npmjs.org/end-of-stream/-/end-of-stream-1.4.5.tgz",
+      "integrity": "sha512-ooEGc6HP26xXq/N+GCGOT0JKCLDGrq2bQUZrQ7gyrJiZANJ/8YDTxTpQBXGMn+WbIQXNVpyWymm7KYVICQnyOg==",
       "requires": {
         "once": "^1.4.0"
       }
@@ -1503,24 +1034,15 @@
       "resolved": "https://registry.npmjs.org/escalade/-/escalade-3.1.1.tgz",
       "integrity": "sha512-k0er2gUkLf8O0zKJiAhmkTnJlTvINGv7ygDNPbeIsX/TJjGJZHuh9B2UxbsaEkmlEo9MfhrSzmhIlhRlI2GXnw=="
     },
-    "foreground-child": {
-      "version": "3.1.1",
-      "resolved": "https://registry.npmjs.org/foreground-child/-/foreground-child-3.1.1.tgz",
-      "integrity": "sha512-TMKDUnIte6bfb5nWv7V/caI169OHgvwjb7V4WkeUvbQQdjr5rWKqHFiKWb/fcOwB+CzBT+qbWjvj+DVwRskpIg==",
-      "requires": {
-        "cross-spawn": "^7.0.0",
-        "signal-exit": "^4.0.1"
-      }
-    },
     "fs-constants": {
       "version": "1.0.0",
       "resolved": "https://registry.npmjs.org/fs-constants/-/fs-constants-1.0.0.tgz",
       "integrity": "sha512-y6OAwoSIf7FyjMIv94u+b5rdheZEjzR63GTyZJm5qh4Bi+2YgwLCcI/fPFZkL5PSixOt6ZNKm+w+Hfp/Bciwow=="
     },
     "fs-extra": {
-      "version": "11.3.0",
-      "resolved": "https://registry.npmjs.org/fs-extra/-/fs-extra-11.3.0.tgz",
-      "integrity": "sha512-Z4XaCL6dUDHfP/jT25jJKMmtxvuwbkrD1vNSMFlo9lNLY2c5FHYSQgHPRZUjAB26TpDEoW9HCOgplrdbaPV/ew==",
+      "version": "11.3.4",
+      "resolved": "https://registry.npmjs.org/fs-extra/-/fs-extra-11.3.4.tgz",
+      "integrity": "sha512-CTXd6rk/M3/ULNQj8FBqBWHYBVYybQ3VPBw0xGKFe3tuH7ytT6ACnvzpIQ3UZtB8yvUKC2cXn1a+x+5EVQLovA==",
       "requires": {
         "graceful-fs": "^4.2.0",
         "jsonfile": "^6.0.1",
@@ -1532,18 +1054,6 @@
       "resolved": "https://registry.npmjs.org/get-caller-file/-/get-caller-file-2.0.5.tgz",
       "integrity": "sha512-DyFP3BM/3YHTQOCUL/w0OZHR0lpKeGrxotcHWcqNEdnltqFwXVfhEBQ94eIo34AfQpo0rGki4cyIiftY06h2Fg=="
     },
-    "glob": {
-      "version": "10.3.12",
-      "resolved": "https://registry.npmjs.org/glob/-/glob-10.3.12.tgz",
-      "integrity": "sha512-TCNv8vJ+xz4QiqTpfOJA7HvYv+tNIRHKfUWw/q+v2jdgN4ebz+KY9tGx5J4rHP0o84mNP+ApH66HRX8us3Khqg==",
-      "requires": {
-        "foreground-child": "^3.1.0",
-        "jackspeak": "^2.3.6",
-        "minimatch": "^9.0.1",
-        "minipass": "^7.0.4",
-        "path-scurry": "^1.10.2"
-      }
-    },
     "graceful-fs": {
       "version": "4.2.10",
       "resolved": "https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.2.10.tgz",
@@ -1564,20 +1074,6 @@
       "resolved": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-3.0.0.tgz",
       "integrity": "sha512-zymm5+u+sCsSWyD9qNaejV3DFvhCKclKdizYaJUuHA83RLjb7nSuGnddCHGv0hk+KY7BMAlsWeK4Ueg6EV6XQg=="
     },
-    "isexe": {
-      "version": "2.0.0",
-      "resolved": "https://registry.npmjs.org/isexe/-/isexe-2.0.0.tgz",
-      "integrity": "sha512-RHxMLp9lnKHGHRng9QFhRCMbYAcVpn69smSGcq3f36xjgVVWThj4qqLbTLlq7Ssj8B+fIQ1EuCEGI2lKsyQeIw=="
-    },
-    "jackspeak": {
-      "version": "2.3.6",
-      "resolved": "https://registry.npmjs.org/jackspeak/-/jackspeak-2.3.6.tgz",
-      "integrity": "sha512-N3yCS/NegsOBokc8GAdM8UcmfsKiSS8cipheD/nivzr700H+nsMOxJjQnvwOcRYVuFkdH0wGUvW2WbXGmrZGbQ==",
-      "requires": {
-        "@isaacs/cliui": "^8.0.2",
-        "@pkgjs/parseargs": "^0.11.0"
-      }
-    },
     "jsonfile": {
       "version": "6.1.0",
       "resolved": "https://registry.npmjs.org/jsonfile/-/jsonfile-6.1.0.tgz",
@@ -1597,38 +1093,19 @@
       "resolved": "https://registry.npmjs.org/long/-/long-5.2.4.tgz",
       "integrity": "sha512-qtzLbJE8hq7VabR3mISmVGtoXP8KGc2Z/AT8OuqlYD7JTR3oqrgwdjnk07wpj1twXxYmgDXgoKVWUG/fReSzHg=="
     },
-    "lru-cache": {
-      "version": "10.2.2",
-      "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-10.2.2.tgz",
-      "integrity": "sha512-9hp3Vp2/hFQUiIwKo8XCeFVnrg8Pk3TYNPIR7tJADKi5YfcF7vEaK7avFHTlSy3kOKYaJQaalfEo6YuXdceBOQ=="
-    },
-    "minimatch": {
-      "version": "9.0.4",
-      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.4.tgz",
-      "integrity": "sha512-KqWh+VchfxcMNRAJjj2tnsSJdNbHsVgnkBhTNrW7AjVo6OvLtxw8zfT9oLw1JSohlFzJ8jCoTgaoXvJ+kHt6fw==",
-      "requires": {
-        "brace-expansion": "^2.0.1"
-      }
-    },
     "minipass": {
       "version": "7.1.2",
       "resolved": "https://registry.npmjs.org/minipass/-/minipass-7.1.2.tgz",
       "integrity": "sha512-qOOzS1cBTWYF4BH8fVePDBOO9iptMnGUEZwNc/cMWnTV2nVLZ7VoNWEPHkYczZA0pdoA7dl6e7FL659nX9S2aw=="
     },
     "minizlib": {
-      "version": "3.0.1",
-      "resolved": "https://registry.npmjs.org/minizlib/-/minizlib-3.0.1.tgz",
-      "integrity": "sha512-umcy022ILvb5/3Djuu8LWeqUa8D68JaBzlttKeMWen48SjabqS3iY5w/vzeMzMUNhLDifyhbOwKDSznB1vvrwg==",
+      "version": "3.1.0",
+      "resolved": "https://registry.npmjs.org/minizlib/-/minizlib-3.1.0.tgz",
+      "integrity": "sha512-KZxYo1BUkWD2TVFLr0MQoM8vUUigWD3LlD83a/75BqC+4qE0Hb1Vo5v1FgcfaNXvfXzr+5EhQ6ing/CaBijTlw==",
       "requires": {
-        "minipass": "^7.0.4",
-        "rimraf": "^5.0.5"
+        "minipass": "^7.1.2"
       }
     },
-    "mkdirp": {
-      "version": "3.0.1",
-      "resolved": "https://registry.npmjs.org/mkdirp/-/mkdirp-3.0.1.tgz",
-      "integrity": "sha512-+NsyUUAZDmo6YVHzL/stxSu3t9YS1iljliy3BSDrXJ/dkn1KYdmtZODGGjLcc9XLgVVpH4KshHB8XmZgMhaBXg=="
-    },
     "mkdirp-classic": {
       "version": "0.5.3",
       "resolved": "https://registry.npmjs.org/mkdirp-classic/-/mkdirp-classic-0.5.3.tgz",
@@ -1640,15 +1117,15 @@
       "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA=="
     },
     "nan": {
-      "version": "2.22.0",
-      "resolved": "https://registry.npmjs.org/nan/-/nan-2.22.0.tgz",
-      "integrity": "sha512-nbajikzWTMwsW+eSsNm3QwlOs7het9gGJU5dDZzRTQGk03vyBOauxgI4VakDzE0PtsGTmXPsXTbbjVhRwR5mpw==",
+      "version": "2.26.2",
+      "resolved": "https://registry.npmjs.org/nan/-/nan-2.26.2.tgz",
+      "integrity": "sha512-0tTvBTYkt3tdGw22nrAy50x7gpbGCCFH3AFcyS5WiUu7Eu4vWlri1woE6qHBSfy11vksDqkiwjOnlR7WV8G1Hw==",
       "optional": true
     },
     "nanoid": {
-      "version": "5.1.5",
-      "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-5.1.5.tgz",
-      "integrity": "sha512-Ir/+ZpE9fDsNH0hQ3C68uyThDXzYcim2EqcZ8zn8Chtt1iylPT9xXJB0kPCnqzgcEGikO9RxSrh63MsmVCU7Fw=="
+      "version": "5.1.7",
+      "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-5.1.7.tgz",
+      "integrity": "sha512-ua3NDgISf6jdwezAheMOk4mbE1LXjm1DfMUDMuJf4AqxLFK3ccGpgWizwa5YV7Yz9EpXwEaWoRXSb/BnV0t5dQ=="
     },
     "nanoid-dictionary": {
       "version": "5.0.0",
@@ -1663,20 +1140,6 @@
         "wrappy": "1"
       }
     },
-    "path-key": {
-      "version": "3.1.1",
-      "resolved": "https://registry.npmjs.org/path-key/-/path-key-3.1.1.tgz",
-      "integrity": "sha512-ojmeN0qd+y0jszEtoY48r0Peq5dwMEkIlCOu6Q5f41lfkswXuKtYrhgoTpLnyIcHm24Uhqx+5Tqm2InSwLhE6Q=="
-    },
-    "path-scurry": {
-      "version": "1.10.2",
-      "resolved": "https://registry.npmjs.org/path-scurry/-/path-scurry-1.10.2.tgz",
-      "integrity": "sha512-7xTavNy5RQXnsjANvVvMkEjvloOinkAjv/Z6Ildz9v2RinZ4SBKTWFOVRbaF8p0vpHnyjV/UwNDdKuUv6M5qcA==",
-      "requires": {
-        "lru-cache": "^10.2.0",
-        "minipass": "^5.0.0 || ^6.0.2 || ^7.0.0"
-      }
-    },
     "protobufjs": {
       "version": "7.4.0",
       "resolved": "https://registry.npmjs.org/protobufjs/-/protobufjs-7.4.0.tgz",
@@ -1697,9 +1160,9 @@
       }
     },
     "pump": {
-      "version": "3.0.2",
-      "resolved": "https://registry.npmjs.org/pump/-/pump-3.0.2.tgz",
-      "integrity": "sha512-tUPXtzlGM8FE3P0ZL6DVs/3P58k9nk8/jZeQCurTJylQA8qFYzHFfhBJkuqyE0FifOsQ0uKWekiZ5g8wtr28cw==",
+      "version": "3.0.4",
+      "resolved": "https://registry.npmjs.org/pump/-/pump-3.0.4.tgz",
+      "integrity": "sha512-VS7sjc6KR7e1ukRFhQSY5LM2uBWAUPiOPa/A3mkKmiMwSmRFUITt0xuj+/lesgnCv+dPIEYlkzrcyXgquIHMcA==",
       "requires": {
         "end-of-stream": "^1.1.0",
         "once": "^1.3.1"
@@ -1720,14 +1183,6 @@
       "resolved": "https://registry.npmjs.org/require-directory/-/require-directory-2.1.1.tgz",
       "integrity": "sha512-fGxEI7+wsG9xrvdjsrlmL22OMTTiHRwAMroiEeMgq8gzoLC/PQr7RsRDSTLUg/bZAZtF+TVIkHc6/4RIKrui+Q=="
     },
-    "rimraf": {
-      "version": "5.0.5",
-      "resolved": "https://registry.npmjs.org/rimraf/-/rimraf-5.0.5.tgz",
-      "integrity": "sha512-CqDakW+hMe/Bz202FPEymy68P+G50RfMQK+Qo5YUqc9SPipvbGjCGKd0RSKEelbsfQuw3g5NZDSrlZZAJurH1A==",
-      "requires": {
-        "glob": "^10.3.7"
-      }
-    },
     "safe-buffer": {
       "version": "5.2.1",
       "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz",
@@ -1738,28 +1193,10 @@
       "resolved": "https://registry.npmjs.org/safer-buffer/-/safer-buffer-2.1.2.tgz",
       "integrity": "sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg=="
     },
-    "shebang-command": {
-      "version": "2.0.0",
-      "resolved": "https://registry.npmjs.org/shebang-command/-/shebang-command-2.0.0.tgz",
-      "integrity": "sha512-kHxr2zZpYtdmrN1qDjrrX/Z1rR1kG8Dx+gkpK1G4eXmvXswmcE1hTWBWYUzlraYw1/yZp6YuDY77YtvbN0dmDA==",
-      "requires": {
-        "shebang-regex": "^3.0.0"
-      }
-    },
-    "shebang-regex": {
-      "version": "3.0.0",
-      "resolved": "https://registry.npmjs.org/shebang-regex/-/shebang-regex-3.0.0.tgz",
-      "integrity": "sha512-7++dFhtcx3353uBaq8DDR4NuxBetBzC7ZQOhmTQInHEd6bSrXdiEyzCvG07Z44UYdLShWUyXt5M/yhz8ekcb1A=="
-    },
-    "signal-exit": {
-      "version": "4.1.0",
-      "resolved": "https://registry.npmjs.org/signal-exit/-/signal-exit-4.1.0.tgz",
-      "integrity": "sha512-bzyZ1e88w9O1iNJbKnOlvYTrWPDl46O1bG0D3XInv+9tkPrxrN8jUUTiFlDkkmKWgn1M6CfIA13SuGqOa9Korw=="
-    },
     "slugify": {
-      "version": "1.6.6",
-      "resolved": "https://registry.npmjs.org/slugify/-/slugify-1.6.6.tgz",
-      "integrity": "sha512-h+z7HKHYXj6wJU+AnS/+IH8Uh9fdcX1Lrhg1/VMdf9PwoBQXFcXiAdsy2tSK0P6gKwJLXp02r90ahUCqHk9rrw=="
+      "version": "1.6.9",
+      "resolved": "https://registry.npmjs.org/slugify/-/slugify-1.6.9.tgz",
+      "integrity": "sha512-vZ7rfeehZui7wQs438JXBckYLkIIdfHOXsaVEUMyS5fHo1483l1bMdo0EDSWYclY0yZKFOipDy4KHuKs6ssvdg=="
     },
     "split-ca": {
       "version": "1.0.1",
@@ -1767,14 +1204,14 @@
       "integrity": "sha512-Q5thBSxp5t8WPTTJQS59LrGqOZqOsrhDGDVm8azCqIBjSBd7nd9o2PM+mDulQQkh8h//4U6hFZnc/mul8t5pWQ=="
     },
     "ssh2": {
-      "version": "1.16.0",
-      "resolved": "https://registry.npmjs.org/ssh2/-/ssh2-1.16.0.tgz",
-      "integrity": "sha512-r1X4KsBGedJqo7h8F5c4Ybpcr5RjyP+aWIG007uBPRjmdQWfEiVLzSK71Zji1B9sKxwaCvD8y8cwSkYrlLiRRg==",
+      "version": "1.17.0",
+      "resolved": "https://registry.npmjs.org/ssh2/-/ssh2-1.17.0.tgz",
+      "integrity": "sha512-wPldCk3asibAjQ/kziWQQt1Wh3PgDFpC0XpwclzKcdT1vql6KeYxf5LIt4nlFkUeR8WuphYMKqUA56X4rjbfgQ==",
       "requires": {
         "asn1": "^0.2.6",
         "bcrypt-pbkdf": "^1.0.2",
         "cpu-features": "~0.0.10",
-        "nan": "^2.20.0"
+        "nan": "^2.23.0"
       }
     },
     "string_decoder": {
@@ -1795,16 +1232,6 @@
         "strip-ansi": "^6.0.1"
       }
     },
-    "string-width-cjs": {
-      "version": "npm:string-width@4.2.3",
-      "resolved": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz",
-      "integrity": "sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g==",
-      "requires": {
-        "emoji-regex": "^8.0.0",
-        "is-fullwidth-code-point": "^3.0.0",
-        "strip-ansi": "^6.0.1"
-      }
-    },
     "strip-ansi": {
       "version": "6.0.1",
       "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz",
@@ -1813,24 +1240,15 @@
         "ansi-regex": "^5.0.1"
       }
     },
-    "strip-ansi-cjs": {
-      "version": "npm:strip-ansi@6.0.1",
-      "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz",
-      "integrity": "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==",
-      "requires": {
-        "ansi-regex": "^5.0.1"
-      }
-    },
     "tar": {
-      "version": "7.4.3",
-      "resolved": "https://registry.npmjs.org/tar/-/tar-7.4.3.tgz",
-      "integrity": "sha512-5S7Va8hKfV7W5U6g3aYxXmlPoZVAwUMy9AOKyF2fVuZa2UD3qZjg578OrLRt8PcNN1PleVaL/5/yYATNL0ICUw==",
+      "version": "7.5.13",
+      "resolved": "https://registry.npmjs.org/tar/-/tar-7.5.13.tgz",
+      "integrity": "sha512-tOG/7GyXpFevhXVh8jOPJrmtRpOTsYqUIkVdVooZYJS/z8WhfQUX8RJILmeuJNinGAMSu1veBr4asSHFt5/hng==",
       "requires": {
         "@isaacs/fs-minipass": "^4.0.0",
         "chownr": "^3.0.0",
         "minipass": "^7.1.2",
-        "minizlib": "^3.0.1",
-        "mkdirp": "^3.0.1",
+        "minizlib": "^3.1.0",
         "yallist": "^5.0.0"
       },
       "dependencies": {
@@ -1842,9 +1260,9 @@
       }
     },
     "tar-fs": {
-      "version": "2.1.2",
-      "resolved": "https://registry.npmjs.org/tar-fs/-/tar-fs-2.1.2.tgz",
-      "integrity": "sha512-EsaAXwxmx8UB7FRKqeozqEPop69DXcmYwTQwXvyAPF352HJsPdkVhvTaDPYqfNgruveJIJy3TA2l+2zj8LJIJA==",
+      "version": "2.1.4",
+      "resolved": "https://registry.npmjs.org/tar-fs/-/tar-fs-2.1.4.tgz",
+      "integrity": "sha512-mDAjwmZdh7LTT6pNleZ05Yt65HC3E+NiQzl672vQG38jIrehtJk/J3mNwIg+vShQPcLF/LV7CMnDW6vjj6sfYQ==",
       "requires": {
         "chownr": "^1.1.1",
         "mkdirp-classic": "^0.5.2",
@@ -1889,14 +1307,6 @@
       "resolved": "https://registry.npmjs.org/uuid/-/uuid-10.0.0.tgz",
       "integrity": "sha512-8XkAphELsDnEGrDxUOHB3RGvXz6TeuYSGEZBOjtTtPm2lwhGBjLgOzLHB63IUWfBpNucQjND6d3AOudO+H3RWQ=="
     },
-    "which": {
-      "version": "2.0.2",
-      "resolved": "https://registry.npmjs.org/which/-/which-2.0.2.tgz",
-      "integrity": "sha512-BLI3Tl1TW3Pvl70l3yq3Y64i+awpwXqsGBYWkkqMtnbXgrMD+yj7rhW0kuEDxzJaYXGjEW5ogapKNMEKNMjibA==",
-      "requires": {
-        "isexe": "^2.0.0"
-      }
-    },
     "wrap-ansi": {
       "version": "7.0.0",
       "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-7.0.0.tgz",
@@ -1907,16 +1317,6 @@
         "strip-ansi": "^6.0.0"
       }
     },
-    "wrap-ansi-cjs": {
-      "version": "npm:wrap-ansi@7.0.0",
-      "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-7.0.0.tgz",
-      "integrity": "sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q==",
-      "requires": {
-        "ansi-styles": "^4.0.0",
-        "string-width": "^4.1.0",
-        "strip-ansi": "^6.0.0"
-      }
-    },
     "wrappy": {
       "version": "1.0.2",
       "resolved": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz",
diff --git a/dev/deploy-to-container/package.json b/dev/deploy-to-container/package.json
index 09716c3094..ccc78fc63b 100644
--- a/dev/deploy-to-container/package.json
+++ b/dev/deploy-to-container/package.json
@@ -2,12 +2,12 @@
   "name": "deploy-to-container",
   "type": "module",
   "dependencies": {
-    "dockerode": "^4.0.6",
-    "fs-extra": "^11.3.0",
-    "nanoid": "5.1.5",
+    "dockerode": "^4.0.10",
+    "fs-extra": "^11.3.4",
+    "nanoid": "5.1.7",
     "nanoid-dictionary": "5.0.0",
-    "slugify": "1.6.6",
-    "tar": "^7.4.3",
+    "slugify": "1.6.9",
+    "tar": "^7.5.13",
     "yargs": "^17.7.2"
   },
   "engines": {
diff --git a/docker-compose.yml b/docker-compose.yml
index 4c3f2f6b8e..073d04b896 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -132,6 +132,18 @@ services:
         volumes:
             - blobdb-data:/var/lib/postgresql/data
 
+#    typesense:
+#        image: typesense/typesense:30.1
+#        restart: on-failure
+#        ports:
+#            - "8108:8108"
+#        volumes:
+#            - ./typesense-data:/data
+#        command:
+#            - '--data-dir=/data'
+#            - '--api-key=typesense-api-key'
+#            - '--enable-cors'
+
 #  Celery Beat is a periodic task runner. It is not normally needed for development,
 #  but can be enabled by uncommenting the following.
 #
diff --git a/docker/configs/nginx-proxy.conf b/docker/configs/nginx-proxy.conf
index 5a9ae31ad0..0a9dde04eb 100644
--- a/docker/configs/nginx-proxy.conf
+++ b/docker/configs/nginx-proxy.conf
@@ -1,3 +1,9 @@
+upstream datatracker_backend {
+    server 127.0.0.1:8001;
+# Uncomment when changing to nginx 1.29.7 or later. 
+#     keepalive 0; # default = 32 since nginx 1.29.7
+}
+
 server {
     listen 8000 default_server;
     listen [::]:8000 default_server;
@@ -24,7 +30,7 @@ server {
 
     location / {
         error_page 502 /502.html;
-        proxy_pass http://localhost:8001/;
+        proxy_pass http://datatracker_backend/;
         proxy_set_header Host localhost:8000;
     }
 
diff --git a/docker/configs/settings_local.py b/docker/configs/settings_local.py
index 1d4e6916b9..94adc516a4 100644
--- a/docker/configs/settings_local.py
+++ b/docker/configs/settings_local.py
@@ -101,6 +101,17 @@
         ),
     }
 
+# For dev on rfc-index generation, create a red_bucket/ directory in the project root
+# and uncomment these settings. Generated files will appear in this directory. To
+# generate an accurate index, put up-to-date copies of unusable-rfc-numbers.json,
+# april-first-rfc-numbers.json, and publication-std-levels.json in this directory
+# before generating the index.
+#
+# STORAGES["red_bucket"] = {
+#     "BACKEND": "django.core.files.storage.FileSystemStorage",
+#     "OPTIONS": {"location": "red_bucket"},
+# }
+
 APP_API_TOKENS = {
     "ietf.api.red_api" : ["devtoken", "redtoken"],  # Not a real secret
     "ietf.api.views_rpc" : ["devtoken"],  # Not a real secret
diff --git a/docker/docker-compose.extend.yml b/docker/docker-compose.extend.yml
index a69a453110..12ebe447d5 100644
--- a/docker/docker-compose.extend.yml
+++ b/docker/docker-compose.extend.yml
@@ -18,8 +18,8 @@ services:
             - '5433'
     blobstore:
         ports:
-            - '9000'
-            - '9001'
+            - '9000:9000'
+            - '9001:9001'
     celery:
         volumes:
             - .:/workspace
diff --git a/docker/scripts/app-configure-blobstore.py b/docker/scripts/app-configure-blobstore.py
index 3140e39306..9ae64e0041 100755
--- a/docker/scripts/app-configure-blobstore.py
+++ b/docker/scripts/app-configure-blobstore.py
@@ -24,10 +24,13 @@ def init_blobstore():
         ),
     )
     for bucketname in ARTIFACT_STORAGE_NAMES:
+        adjusted_bucket_name = (
+            os.environ.get("BLOB_STORE_BUCKET_PREFIX", "")
+            + bucketname
+            + os.environ.get("BLOB_STORE_BUCKET_SUFFIX", "")
+        ).strip()
         try:
-            blobstore.create_bucket(
-                Bucket=f"{os.environ.get('BLOB_STORE_BUCKET_PREFIX', '')}{bucketname}".strip()
-            )
+            blobstore.create_bucket(Bucket=adjusted_bucket_name)
         except botocore.exceptions.ClientError as err:
             if err.response["Error"]["Code"] == "BucketAlreadyExists":
                 print(f"Bucket {bucketname} already exists")
@@ -36,5 +39,6 @@ def init_blobstore():
         else:
             print(f"Bucket {bucketname} created")
 
+
 if __name__ == "__main__":
     sys.exit(init_blobstore())
diff --git a/ietf/api/__init__.py b/ietf/api/__init__.py
index d4562f97dd..00733717c4 100644
--- a/ietf/api/__init__.py
+++ b/ietf/api/__init__.py
@@ -177,8 +177,15 @@ def dehydrate(self, bundle, for_list=True):
         return dehydrated
 
 
+
+# XML 1.0 forbids all control characters except tab (#x9), LF (#xA), and CR (#xD).
+# Replace each with its Unicode control picture (U+2400 + codepoint) so the
+# substitution is lossless and the result is valid XML.
+_XML_INVALID_CTRL_RE = re.compile(r"[\x00-\x08\x0b\x0c\x0e-\x1f]")
+
+
 class Serializer(tastypie.serializers.Serializer):
-    OPTION_ESCAPE_NULLS = "datatracker-escape-nulls"
+    OPTION_ESCAPE_XML_INVALID = "datatracker-escape-xml-invalid"
 
     def format_datetime(self, data):
         return data.astimezone(datetime.UTC).replace(tzinfo=None).isoformat(timespec="seconds") + "Z"
@@ -186,18 +193,17 @@ def format_datetime(self, data):
     def to_simple(self, data, options):
         options = options or {}
         simple_data = super().to_simple(data, options)
-        if (
-            options.get(self.OPTION_ESCAPE_NULLS, False) 
-            and isinstance(simple_data, str)
-        ):
-            # replace nulls with unicode "symbol for null character", \u2400
-            simple_data = simple_data.replace("\x00", "\u2400")
+        if options.get(self.OPTION_ESCAPE_XML_INVALID, False) and isinstance(simple_data, str):
+            # Replace control chars invalid in XML 1.0 with their Unicode
+            # control pictures (U+2400-U+241F) so lxml won't reject the string.
+            simple_data = _XML_INVALID_CTRL_RE.sub(
+                lambda m: chr(ord(m.group()) + 0x2400), simple_data
+            )
         return simple_data
 
     def to_etree(self, data, options=None, name=None, depth=0):
-        # lxml does not escape nulls on its own, so ask to_simple() to do it.
-        # This is mostly (only?) an issue when generating errors responses for
-        # fuzzers.
+        # lxml rejects control characters that are invalid in XML 1.0.
+        # Ask to_simple() to escape them before they reach lxml.
         options = options or {}
-        options[self.OPTION_ESCAPE_NULLS] = True
+        options[self.OPTION_ESCAPE_XML_INVALID] = True
         return super().to_etree(data, options, name, depth)
diff --git a/ietf/api/serializers_rpc.py b/ietf/api/serializers_rpc.py
index d5f5363990..0e45ee3b39 100644
--- a/ietf/api/serializers_rpc.py
+++ b/ietf/api/serializers_rpc.py
@@ -1,4 +1,4 @@
-# Copyright The IETF Trust 2025, All Rights Reserved
+# Copyright The IETF Trust 2025-2026, All Rights Reserved
 import datetime
 from pathlib import Path
 from typing import Literal, Optional
@@ -8,7 +8,7 @@
 from django.utils import timezone
 from drf_spectacular.types import OpenApiTypes
 from drf_spectacular.utils import extend_schema_field
-from rest_framework import serializers
+from rest_framework import fields, serializers
 
 from ietf.doc.expire import move_draft_files_to_archive
 from ietf.doc.models import (
@@ -20,13 +20,15 @@
     RfcAuthor,
 )
 from ietf.doc.serializers import RfcAuthorSerializer
+from ietf.doc.tasks import trigger_red_precomputer_task, update_rfc_searchindex_task
 from ietf.doc.utils import (
     default_consensus,
     prettify_std_name,
     update_action_holders,
     update_rfcauthors,
 )
-from ietf.group.models import Group
+from ietf.group.models import Group, Role
+from ietf.group.serializers import AreaSerializer
 from ietf.name.models import StreamName, StdLevelName
 from ietf.person.models import Person
 from ietf.utils import log
@@ -95,6 +97,21 @@ class Meta:
         fields = ["draft_name", "authors"]
 
 
+class WgChairSerializer(serializers.Serializer):
+    """Serialize a WG chair's name and email from a Role"""
+
+    name = serializers.SerializerMethodField()
+    email = serializers.SerializerMethodField()
+
+    @extend_schema_field(serializers.CharField)
+    def get_name(self, role: Role) -> str:
+        return role.person.plain_name()
+
+    @extend_schema_field(serializers.EmailField)
+    def get_email(self, role: Role) -> str:
+        return role.email.email_address()
+
+
 class DocumentAuthorSerializer(serializers.ModelSerializer):
     """Serializer for a Person in a response"""
 
@@ -102,7 +119,7 @@ class DocumentAuthorSerializer(serializers.ModelSerializer):
 
     class Meta:
         model = DocumentAuthor
-        fields = ["person", "plain_name"]
+        fields = ["person", "plain_name", "affiliation"]
 
     def get_plain_name(self, document_author: DocumentAuthor) -> str:
         return document_author.person.plain_name()
@@ -115,6 +132,7 @@ class FullDraftSerializer(serializers.ModelSerializer):
     name = serializers.CharField(max_length=255)
     title = serializers.CharField(max_length=255)
     group = serializers.SlugRelatedField(slug_field="acronym", read_only=True)
+    area = AreaSerializer(read_only=True)
 
     # Other fields we need to add / adjust
     source_format = serializers.SerializerMethodField()
@@ -123,6 +141,7 @@ class FullDraftSerializer(serializers.ModelSerializer):
         source="shepherd.person", read_only=True
     )
     consensus = serializers.SerializerMethodField()
+    wg_chairs = serializers.SerializerMethodField()
 
     class Meta:
         model = Document
@@ -133,6 +152,7 @@ class Meta:
             "stream",
             "title",
             "group",
+            "area",
             "abstract",
             "pages",
             "source_format",
@@ -141,11 +161,21 @@ class Meta:
             "consensus",
             "shepherd",
             "ad",
+            "wg_chairs",
         ]
 
     def get_consensus(self, doc: Document) -> Optional[bool]:
         return default_consensus(doc)
 
+    @extend_schema_field(WgChairSerializer(many=True))
+    def get_wg_chairs(self, doc: Document):
+        if doc.group is None:
+            return []
+        chairs = doc.group.role_set.filter(name_id="chair").select_related(
+            "person", "email"
+        )
+        return WgChairSerializer(chairs, many=True).data
+
     def get_source_format(
         self, doc: Document
     ) -> Literal["unknown", "xml-v2", "xml-v3", "txt"]:
@@ -235,6 +265,23 @@ def __init__(self, **kwargs):
         super().__init__(regex, **kwargs)
 
 
+class RfcGroupRelatedField(serializers.SlugRelatedField):
+    """SlugRelatedField that translates None / "" to the acronym "none" """
+
+    def __init__(self, **kwargs):
+        super().__init__(
+            slug_field="acronym",
+            queryset=Group.objects.all(),
+            allow_null=True,
+            required=False,
+        )
+
+    def run_validation(self, data=fields.empty):
+        # Use the Group with acronym "none" when group is not specified 
+        if data is fields.empty or data is None or data == "":
+            data = "none"
+        return super().run_validation(data)
+
 
 class RfcPubSerializer(serializers.ModelSerializer):
     """Write-only serializer for RFC publication"""
@@ -249,9 +296,7 @@ class RfcPubSerializer(serializers.ModelSerializer):
 
     # fields on the RFC Document that need tweaking from ModelSerializer defaults
     rfc_number = serializers.IntegerField(min_value=1, required=True)
-    group = serializers.SlugRelatedField(
-        slug_field="acronym", queryset=Group.objects.all(), required=False
-    )
+    group = RfcGroupRelatedField()
     stream = serializers.PrimaryKeyRelatedField(
         queryset=StreamName.objects.filter(used=True)
     )
@@ -297,6 +342,7 @@ class Meta:
             "obsoletes",
             "updates",
             "subseries",
+            "keywords",
         ]
 
     def validate(self, data):
@@ -525,6 +571,18 @@ class EditableRfcSerializer(serializers.ModelSerializer):
         child=SubseriesNameField(required=False),
         write_only=True,
     )
+    updates = serializers.ListField(
+        child=serializers.IntegerField(),
+        required=False,
+        write_only=True,
+        help_text="List of RFC numbers this document updates."
+    )
+    obsoletes = serializers.ListField(
+        child=serializers.IntegerField(),
+        required=False,
+        write_only=True,
+        help_text="List of RFC numbers this document obsoletes."
+    )
 
     class Meta:
         model = Document
@@ -537,7 +595,28 @@ class Meta:
             "pages",
             "std_level",
             "subseries",
+            "keywords",
+            "updates",
+            "obsoletes",
+        ]
+
+    def _validate_rfc_number_list(self, field_name, rfc_numbers):
+        """Raise ValidationError if any RFC numbers in the list don't exist."""
+        unknown = [
+            n for n in rfc_numbers
+            if not Document.objects.filter(rfc_number=n, type_id="rfc").exists()
         ]
+        if unknown:
+            raise serializers.ValidationError(
+                {field_name: [f"Unknown RFC number: {n}" for n in unknown]}
+            )
+        return rfc_numbers
+
+    def validate_updates(self, value):
+        return self._validate_rfc_number_list("updates", value)
+
+    def validate_obsoletes(self, value):
+        return self._validate_rfc_number_list("obsoletes", value)
 
     def create(self, validated_data):
         raise RuntimeError("Cannot create with this serializer")
@@ -555,6 +634,8 @@ def update(self, instance, validated_data):
         published = validated_data.pop("published", omitted)
         subseries = validated_data.pop("subseries", omitted)
         authors_data = validated_data.pop("rfcauthor_set", omitted)
+        updates = validated_data.pop("updates", omitted)
+        obsoletes = validated_data.pop("obsoletes", omitted)
 
         # Transaction to clean up if something fails
         with transaction.atomic():
@@ -626,6 +707,24 @@ def update(self, instance, validated_data):
                                 )
                             )
                         )
+            if updates is not omitted:
+                RelatedDocument.objects.filter(
+                    source=rfc, relationship_id="updates"
+                ).exclude(target__rfc_number__in=updates).delete()
+                for rfc_num in updates:
+                    target = Document.objects.get(rfc_number=rfc_num, type_id="rfc")
+                    RelatedDocument.objects.get_or_create(
+                        source=rfc, relationship_id="updates", target=target
+                    )
+            if obsoletes is not omitted:
+                RelatedDocument.objects.filter(
+                    source=rfc, relationship_id="obs"
+                ).exclude(target__rfc_number__in=obsoletes).delete()
+                for rfc_num in obsoletes:
+                    target = Document.objects.get(rfc_number=rfc_num, type_id="rfc")
+                    RelatedDocument.objects.get_or_create(
+                        source=rfc, relationship_id="obs", target=target
+                    )
 
             # update subseries relations
             if subseries is not omitted:
@@ -677,6 +776,19 @@ def update(self, instance, validated_data):
                 stale_subseries_relations.delete()
             if len(rfc_events) > 0:
                 rfc.save_with_history(rfc_events)
+        # Gather obs and updates in both directions as a title/author change to
+        # this doc affects the info rendering of all of the other RFCs
+        needs_updating = sorted(
+            [
+                d.rfc_number
+                for d in [rfc]
+                + rfc.related_that_doc(("obs", "updates"))
+                + rfc.related_that(("obs", "updates"))
+            ]
+        )
+        trigger_red_precomputer_task.delay(rfc_number_list=needs_updating)
+        # Update the search index also
+        update_rfc_searchindex_task.delay(rfc.rfc_number)
         return rfc
 
 
diff --git a/ietf/api/tests.py b/ietf/api/tests.py
index 2a44791a5c..887969cec1 100644
--- a/ietf/api/tests.py
+++ b/ietf/api/tests.py
@@ -1542,20 +1542,27 @@ def test_all_model_resources_exist(self):
                     self.assertIn(model._meta.model_name, list(app_resources.keys()),
                         "There doesn't seem to be any API resource for model %s.models.%s"%(app.__name__,model.__name__,))
 
-    def test_serializer_to_etree_handles_nulls(self):
-        """Serializer to_etree() should handle a null character"""
+    def test_serializer_to_etree_handles_xml_invalid_control_chars(self):
+        """Serializer to_etree() must not raise ValueError for any XML-invalid control character."""
         serializer = Serializer()
+        # Ordinary strings and strings with valid whitespace must pass through unchanged.
         try:
-            serializer.to_etree("string with no nulls in it")
+            serializer.to_etree("string with no special chars")
+            serializer.to_etree("tab\there lf\nhere cr\rhere")
         except ValueError:
             self.fail("serializer.to_etree raised ValueError on an ordinary string")
-        try:
-            serializer.to_etree("string with a \x00 in it")
-        except ValueError:
-            self.fail(
-                "serializer.to_etree raised ValueError on a string "
-                "containing a null character"
-            )
+        # Every control character that XML 1.0 forbids must be escaped rather than
+        # causing a ValueError.  This is the class of characters that triggered the
+        # production exception (lxml.etree._utf8 rejects them all).
+        invalid_chars = [chr(c) for c in list(range(0x00, 0x09)) + [0x0b, 0x0c] + list(range(0x0e, 0x20))]
+        for ch in invalid_chars:
+            try:
+                serializer.to_etree(f"string with {ch!r} in it")
+            except ValueError:
+                self.fail(
+                    f"serializer.to_etree raised ValueError on a string "
+                    f"containing control character U+{ord(ch):04X}"
+                )
 
 
 class RfcdiffSupportTests(TestCase):
diff --git a/ietf/api/tests_serializers_rpc.py b/ietf/api/tests_serializers_rpc.py
index 1babb4c30f..5151f337d5 100644
--- a/ietf/api/tests_serializers_rpc.py
+++ b/ietf/api/tests_serializers_rpc.py
@@ -1,4 +1,7 @@
 # Copyright The IETF Trust 2026, All Rights Reserved
+
+from unittest import mock
+
 from django.utils import timezone
 
 from ietf.utils.test_utils import TestCase
@@ -32,8 +35,22 @@ def test_create(self):
         with self.assertRaises(RuntimeError, msg="serializer does not allow create()"):
             serializer.save()
 
-    def test_update(self):
+    @mock.patch("ietf.api.serializers_rpc.update_rfc_searchindex_task")
+    @mock.patch("ietf.api.serializers_rpc.trigger_red_precomputer_task")
+    def test_update(self, mock_trigger_red_task, mock_update_searchindex_task):
+        updates = WgRfcFactory.create_batch(2)
+        obsoletes = WgRfcFactory.create_batch(2)
         rfc = WgRfcFactory(pages=10)
+        updated_by = WgRfcFactory.create_batch(2)
+        obsoleted_by = WgRfcFactory.create_batch(2)
+        for d in updates:
+            rfc.relateddocument_set.create(relationship_id="updates",target=d)
+        for d in obsoletes:
+            rfc.relateddocument_set.create(relationship_id="updates",target=d)
+        for d in updated_by:
+            d.relateddocument_set.create(relationship_id="updates",target=rfc)
+        for d in obsoleted_by:
+            d.relateddocument_set.create(relationship_id="updates",target=rfc)        
         serializer = EditableRfcSerializer(
             instance=rfc,
             data={
@@ -83,11 +100,42 @@ def test_update(self):
             result.part_of(),
             [Document.objects.get(name="fyi999")],
         )
+        # Confirm that red precomputer was triggered correctly
+        self.assertTrue(mock_trigger_red_task.delay.called)
+        _, mock_kwargs = mock_trigger_red_task.delay.call_args
+        self.assertIn("rfc_number_list", mock_kwargs)
+        expected_numbers = sorted(
+            [
+                d.rfc_number
+                for d in [rfc] + updates + obsoletes + updated_by + obsoleted_by
+            ]
+        )
+        self.assertEqual(mock_kwargs["rfc_number_list"], expected_numbers)
+        # Confirm that the search index update task was triggered correctly
+        self.assertTrue(mock_update_searchindex_task.delay.called)
+        self.assertEqual(
+            mock_update_searchindex_task.delay.call_args,
+            mock.call(rfc.rfc_number),
+        )
 
-    def test_partial_update(self):
+    @mock.patch("ietf.api.serializers_rpc.update_rfc_searchindex_task")
+    @mock.patch("ietf.api.serializers_rpc.trigger_red_precomputer_task")
+    def test_partial_update(self, mock_trigger_red_task, mock_update_searchindex_task):
         # We could test other permutations of fields, but authors is a partial update
         # we know we are going to use, so verifying that one in particular.
+        updates = WgRfcFactory.create_batch(2)
+        obsoletes = WgRfcFactory.create_batch(2)
         rfc = WgRfcFactory(pages=10, abstract="do or do not", title="padawan")
+        updated_by = WgRfcFactory.create_batch(2)
+        obsoleted_by = WgRfcFactory.create_batch(2)
+        for d in updates:
+            rfc.relateddocument_set.create(relationship_id="updates",target=d)
+        for d in obsoletes:
+            rfc.relateddocument_set.create(relationship_id="updates",target=d)
+        for d in updated_by:
+            d.relateddocument_set.create(relationship_id="updates",target=rfc)
+        for d in obsoleted_by:
+            d.relateddocument_set.create(relationship_id="updates",target=rfc) 
         serializer = EditableRfcSerializer(
             partial=True,
             instance=rfc,
@@ -126,8 +174,27 @@ def test_partial_update(self):
         self.assertEqual(result.pages, 10)
         self.assertEqual(result.std_level_id, "ps")
         self.assertEqual(result.part_of(), [])
+        # Confirm that the red precomputer was triggered correctly
+        self.assertTrue(mock_trigger_red_task.delay.called)
+        _, mock_kwargs = mock_trigger_red_task.delay.call_args
+        self.assertIn("rfc_number_list", mock_kwargs)
+        expected_numbers = sorted(
+            [
+                d.rfc_number
+                for d in [rfc] + updates + obsoletes + updated_by + obsoleted_by
+            ]
+        )
+        self.assertEqual(mock_kwargs["rfc_number_list"], expected_numbers)
+        # Confirm that the search index update task was called correctly
+        self.assertTrue(mock_update_searchindex_task.delay.called)
+        self.assertEqual(
+            mock_update_searchindex_task.delay.call_args,
+            mock.call(rfc.rfc_number),
+        )
 
         # Test only a field on the Document itself to be sure that it works
+        mock_trigger_red_task.delay.reset_mock()
+        mock_update_searchindex_task.delay.reset_mock()
         serializer = EditableRfcSerializer(
             partial=True,
             instance=rfc,
@@ -137,3 +204,38 @@ def test_partial_update(self):
         result = serializer.save()
         result.refresh_from_db()
         self.assertEqual(rfc.title, "jedi master")
+        # Confirm that the red precomputer was triggered correctly
+        self.assertTrue(mock_trigger_red_task.delay.called)
+        _, mock_kwargs = mock_trigger_red_task.delay.call_args
+        self.assertIn("rfc_number_list", mock_kwargs)
+        self.assertEqual(mock_kwargs["rfc_number_list"], expected_numbers)
+        # Confirm that the search index update task was called correctly
+        self.assertTrue(mock_update_searchindex_task.delay.called)
+        self.assertEqual(
+            mock_update_searchindex_task.delay.call_args,
+            mock.call(rfc.rfc_number),
+        )
+
+    def test_unknown_rfc_number_rejected(self):
+        """Unknown RFC numbers in updates/obsoletes should cause validation failure."""
+        from django.db.models import Max
+
+        rfc = WgRfcFactory()
+        unknown_rfc_number = (
+            Document.objects.filter(rfc_number__isnull=False).aggregate(
+                m=Max("rfc_number") + 1
+            )["m"]
+            or 10000
+        )
+
+        for field in ("updates", "obsoletes"):
+            serializer = EditableRfcSerializer(
+                partial=True,
+                instance=rfc,
+                data={field: [unknown_rfc_number]},
+            )
+            self.assertFalse(
+                serializer.is_valid(),
+                msg=f"{field} with unknown RFC number should be invalid",
+            )
+            self.assertIn(field, serializer.errors)
diff --git a/ietf/api/tests_views_rpc.py b/ietf/api/tests_views_rpc.py
index 6a5a5c9b88..72e0d19785 100644
--- a/ietf/api/tests_views_rpc.py
+++ b/ietf/api/tests_views_rpc.py
@@ -1,7 +1,7 @@
 # Copyright The IETF Trust 2025, All Rights Reserved
+import datetime
 from io import StringIO
 from pathlib import Path
-from tempfile import TemporaryDirectory
 
 from django.conf import settings
 from django.core.files.base import ContentFile
@@ -10,12 +10,21 @@
 from django.test.utils import override_settings
 from django.urls import reverse as urlreverse
 import mock
+from django.utils import timezone
 
+from ietf.api.views_rpc import DestinationHelperMixin
 from ietf.blobdb.models import Blob
-from ietf.doc.factories import IndividualDraftFactory, RfcFactory, WgDraftFactory, WgRfcFactory
+from ietf.doc.factories import (
+    IndividualDraftFactory,
+    RfcFactory,
+    WgDraftFactory,
+    WgRfcFactory,
+)
 from ietf.doc.models import RelatedDocument, Document
 from ietf.group.factories import RoleFactory, GroupFactory
 from ietf.person.factories import PersonFactory
+from ietf.sync.rfcindex import rfcindex_is_dirty
+from ietf.utils.models import DirtyBits
 from ietf.utils.test_utils import APITestCase, reload_db_objects
 
 
@@ -131,6 +140,27 @@ def test_notify_rfc_published(self, mock_task_delay):
         r = self.client.post(url, data=post_data, format="json")
         self.assertEqual(r.status_code, 403)
 
+        # Put a file in the way. Post should fail because files exists
+        rfc_path = Path(settings.RFC_PATH)
+        (rfc_path / "prerelease").mkdir()
+        file_in_the_way = rfc_path / f"rfc{unused_rfc_number}.txt"
+        file_in_the_way.touch()
+        r = self.client.post(
+            url, data=post_data, format="json", headers={"X-Api-Key": "valid-token"}
+        )
+        self.assertEqual(r.status_code, 409)  # conflict
+        file_in_the_way.unlink()
+
+        # Put a blob in the way. Post should fail because replace = False
+        blob_in_the_way = Blob.objects.create(
+            bucket="rfc", name=f"txt/rfc{unused_rfc_number}.txt", content=b""
+        )
+        r = self.client.post(
+            url, data=post_data, format="json", headers={"X-Api-Key": "valid-token"}
+        )
+        self.assertEqual(r.status_code, 409)  # conflict
+        blob_in_the_way.delete()
+
         r = self.client.post(
             url, data=post_data, format="json", headers={"X-Api-Key": "valid-token"}
         )
@@ -189,14 +219,20 @@ def test_notify_rfc_published(self, mock_task_delay):
         mock_args, mock_kwargs = mock_task_delay.call_args
         self.assertIn("rfc_number_list", mock_kwargs)
         expected_rfc_number_list = [rfc.rfc_number]
-        expected_rfc_number_list.extend(
-            [d.rfc_number for d in updates + obsoletes]
-        )
+        expected_rfc_number_list.extend([d.rfc_number for d in updates + obsoletes])
         expected_rfc_number_list = sorted(set(expected_rfc_number_list))
         self.assertEqual(mock_kwargs["rfc_number_list"], expected_rfc_number_list)
 
     @override_settings(APP_API_TOKENS={"ietf.api.views_rpc": ["valid-token"]})
-    def test_upload_rfc_files(self):
+    @mock.patch("ietf.api.views_rpc.rebuild_reference_relations_task")
+    @mock.patch("ietf.api.views_rpc.update_rfc_searchindex_task")
+    @mock.patch("ietf.api.views_rpc.trigger_red_precomputer_task")
+    def test_upload_rfc_files(
+        self,
+        mock_trigger_red_task,
+        mock_update_searchindex_task,
+        mock_rebuild_relations,
+    ):
         def _valid_post_data():
             """Generate a valid post data dict
 
@@ -217,149 +253,389 @@ def _valid_post_data():
             }
 
         url = urlreverse("ietf.api.purple_api.upload_rfc_files")
-        unused_rfc_number = (
-            Document.objects.filter(rfc_number__isnull=False).aggregate(
-                unused_rfc_number=Max("rfc_number") + 1
-            )["unused_rfc_number"]
-            or 10000
-        )
+        updates = RfcFactory.create_batch(2)
+        obsoletes = RfcFactory.create_batch(2)
 
-        rfc = WgRfcFactory(rfc_number=unused_rfc_number)
+        rfc = WgRfcFactory()
+        for r in obsoletes:
+            rfc.relateddocument_set.create(relationship_id="obs", target=r)
+        for r in updates:
+            rfc.relateddocument_set.create(relationship_id="updates", target=r)
         assert isinstance(rfc, Document), "WgRfcFactory should generate a Document"
-        with TemporaryDirectory() as rfc_dir:
-            settings.RFC_PATH = rfc_dir  # affects overridden settings
-            rfc_path = Path(rfc_dir)
-            (rfc_path / "prerelease").mkdir()
-            content = StringIO("XML content\n")
-            content.name = "myrfc.xml"
-
-            # no api key
-            r = self.client.post(url, _valid_post_data(), format="multipart")
-            self.assertEqual(r.status_code, 403)
-
-            # invalid RFC
-            r = self.client.post(
-                url,
-                _valid_post_data() | {"rfc": unused_rfc_number + 1},
-                format="multipart",
-                headers={"X-Api-Key": "valid-token"},
-            )
-            self.assertEqual(r.status_code, 400)
+        rfc_path = Path(settings.RFC_PATH)
+        (rfc_path / "prerelease").mkdir()
+        content = StringIO("XML content\n")
+        content.name = "myrfc.xml"
 
-            # empty files
-            r = self.client.post(
-                url,
-                _valid_post_data() | {
-                    "contents": [
-                        ContentFile(b"", "myfile.xml"),
-                        ContentFile(b"", "myfile.txt"),
-                        ContentFile(b"", "myfile.html"),
-                        ContentFile(b"", "myfile.pdf"),
-                        ContentFile(b"", "myfile.json"),
-                        ContentFile(b"", "myfile.notprepped.xml"),
-                    ]
-                },
-                format="multipart",
-                headers={"X-Api-Key": "valid-token"},
-            )
-            self.assertEqual(r.status_code, 400)
+        # no api key
+        r = self.client.post(url, _valid_post_data(), format="multipart")
+        self.assertEqual(r.status_code, 403)
+        self.assertFalse(mock_update_searchindex_task.delay.called)
 
-            # bad file type
-            r = self.client.post(
-                url,
-                _valid_post_data() | {
-                    "contents": [
-                        ContentFile(b"Some content", "myfile.jpg"),
-                    ]
-                },
-                format="multipart",
-                headers={"X-Api-Key": "valid-token"},
-            )
-            self.assertEqual(r.status_code, 400)
+        # invalid RFC
+        r = self.client.post(
+            url,
+            _valid_post_data() | {"rfc": rfc.rfc_number + 10},
+            format="multipart",
+            headers={"X-Api-Key": "valid-token"},
+        )
+        self.assertEqual(r.status_code, 400)
+        self.assertFalse(mock_update_searchindex_task.delay.called)
 
-            # Put a file in the way. Post should fail because replace = False
-            file_in_the_way = (rfc_path / f"rfc{unused_rfc_number}.txt")
-            file_in_the_way.touch()
-            r = self.client.post(
-                url,
-                _valid_post_data(),
-                format="multipart",
-                headers={"X-Api-Key": "valid-token"},
-            )
-            self.assertEqual(r.status_code, 409)  # conflict
-            file_in_the_way.unlink()
-            
-            # Put a blob in the way. Post should fail because replace = False
-            blob_in_the_way = Blob.objects.create(
-                bucket="rfc", name=f"txt/rfc{unused_rfc_number}.txt", content=b""
-            )
-            r = self.client.post(
-                url,
-                _valid_post_data(),
-                format="multipart",
-                headers={"X-Api-Key": "valid-token"},
-            )
-            self.assertEqual(r.status_code, 409)  # conflict
-            blob_in_the_way.delete()
+        # empty files
+        r = self.client.post(
+            url,
+            _valid_post_data()
+            | {
+                "contents": [
+                    ContentFile(b"", "myfile.xml"),
+                    ContentFile(b"", "myfile.txt"),
+                    ContentFile(b"", "myfile.html"),
+                    ContentFile(b"", "myfile.pdf"),
+                    ContentFile(b"", "myfile.json"),
+                    ContentFile(b"", "myfile.notprepped.xml"),
+                ]
+            },
+            format="multipart",
+            headers={"X-Api-Key": "valid-token"},
+        )
+        self.assertEqual(r.status_code, 400)
+        self.assertFalse(mock_update_searchindex_task.delay.called)
 
-            # valid post
-            r = self.client.post(
-                url,
-                _valid_post_data(),
-                format="multipart",
-                headers={"X-Api-Key": "valid-token"},
-            )
-            self.assertEqual(r.status_code, 200)
-            for extension in ["xml", "txt", "html", "pdf", "json"]:
-                filename = f"rfc{unused_rfc_number}.{extension}"
-                self.assertEqual(
-                    (rfc_path / filename)
-                    .read_text(),
-                    f"This is .{extension}",
-                    f"{extension} file should contain the expected content",
-                )
-                self.assertEqual(
-                    bytes(
-                        Blob.objects.get(
-                            bucket="rfc", name=f"{extension}/{filename}"
-                        ).content
-                    ),
-                    f"This is .{extension}".encode("utf-8"),
-                    f"{extension} blob should contain the expected content",
-                )
-            # special case for notprepped
-            notprepped_fn = f"rfc{unused_rfc_number}.notprepped.xml"
+        # bad file type
+        r = self.client.post(
+            url,
+            _valid_post_data()
+            | {
+                "contents": [
+                    ContentFile(b"Some content", "myfile.jpg"),
+                ]
+            },
+            format="multipart",
+            headers={"X-Api-Key": "valid-token"},
+        )
+        self.assertEqual(r.status_code, 400)
+        self.assertFalse(mock_update_searchindex_task.delay.called)
+
+        # Put a file in the way. Post should fail because replace = False
+        file_in_the_way = rfc_path / f"{rfc.name}.txt"
+        file_in_the_way.touch()
+        r = self.client.post(
+            url,
+            _valid_post_data(),
+            format="multipart",
+            headers={"X-Api-Key": "valid-token"},
+        )
+        self.assertEqual(r.status_code, 409)  # conflict
+        self.assertFalse(mock_update_searchindex_task.delay.called)
+        file_in_the_way.unlink()
+
+        # Put a blob in the way. Post should fail because replace = False
+        blob_in_the_way = Blob.objects.create(
+            bucket="rfc", name=f"txt/{rfc.name}.txt", content=b""
+        )
+        r = self.client.post(
+            url,
+            _valid_post_data(),
+            format="multipart",
+            headers={"X-Api-Key": "valid-token"},
+        )
+        self.assertEqual(r.status_code, 409)  # conflict
+        self.assertFalse(mock_update_searchindex_task.delay.called)
+        blob_in_the_way.delete()
+
+        # valid post
+        mock_trigger_red_task.delay.reset_mock()
+        r = self.client.post(
+            url,
+            _valid_post_data(),
+            format="multipart",
+            headers={"X-Api-Key": "valid-token"},
+        )
+        self.assertEqual(r.status_code, 200)
+        self.assertEqual(
+            mock_update_searchindex_task.delay.call_args,
+            mock.call(rfc.rfc_number),
+        )
+        for extension in ["xml", "txt", "html", "pdf", "json"]:
+            filename = f"{rfc.name}.{extension}"
             self.assertEqual(
-                (
-                    rfc_path / "prerelease" / notprepped_fn
-                ).read_text(),
-                "This is .notprepped.xml",
-                ".notprepped.xml file should contain the expected content",
+                (rfc_path / filename).read_text(),
+                f"This is .{extension}",
+                f"{extension} file should contain the expected content",
             )
             self.assertEqual(
                 bytes(
                     Blob.objects.get(
-                        bucket="rfc", name=f"notprepped/{notprepped_fn}"
+                        bucket="rfc", name=f"{extension}/{filename}"
                     ).content
                 ),
-                b"This is .notprepped.xml",
-                ".notprepped.xml blob should contain the expected content",
+                f"This is .{extension}".encode("utf-8"),
+                f"{extension} blob should contain the expected content",
+            )
+        # special case for notprepped
+        notprepped_fn = f"{rfc.name}.notprepped.xml"
+        self.assertEqual(
+            (rfc_path / "prerelease" / notprepped_fn).read_text(),
+            "This is .notprepped.xml",
+            ".notprepped.xml file should contain the expected content",
+        )
+        self.assertEqual(
+            bytes(
+                Blob.objects.get(
+                    bucket="rfc", name=f"notprepped/{notprepped_fn}"
+                ).content
+            ),
+            b"This is .notprepped.xml",
+            ".notprepped.xml blob should contain the expected content",
+        )
+        # Confirm that the red precomputer was triggered correctly
+        self.assertTrue(mock_trigger_red_task.delay.called)
+        _, mock_kwargs = mock_trigger_red_task.delay.call_args
+        self.assertIn("rfc_number_list", mock_kwargs)
+        expected_rfc_number_list = [rfc.rfc_number]
+        expected_rfc_number_list.extend([d.rfc_number for d in updates + obsoletes])
+        expected_rfc_number_list = sorted(set(expected_rfc_number_list))
+        self.assertEqual(mock_kwargs["rfc_number_list"], expected_rfc_number_list)
+        # Confirm that the search index update task was called correctly
+        self.assertTrue(mock_update_searchindex_task.delay.called)
+        # Confirm reference relations rebuild task was called correctly
+        self.assertTrue(mock_rebuild_relations.delay.called)
+        _, mock_kwargs = mock_rebuild_relations.delay.call_args
+        self.assertIn("doc_names", mock_kwargs)
+        self.assertEqual(mock_kwargs["doc_names"], [rfc.name])
+
+        # re-post with replace = False should now fail
+        mock_update_searchindex_task.reset_mock()
+        r = self.client.post(
+            url,
+            _valid_post_data(),
+            format="multipart",
+            headers={"X-Api-Key": "valid-token"},
+        )
+        self.assertEqual(r.status_code, 409)  # conflict
+        self.assertFalse(mock_update_searchindex_task.delay.called)
+
+        # re-post with replace = True should succeed
+        r = self.client.post(
+            url,
+            _valid_post_data() | {"replace": True},
+            format="multipart",
+            headers={"X-Api-Key": "valid-token"},
+        )
+        self.assertEqual(r.status_code, 200)
+        self.assertTrue(mock_update_searchindex_task.delay.called)
+        self.assertEqual(
+            mock_update_searchindex_task.delay.call_args,
+            mock.call(rfc.rfc_number),
+        )
+
+    @override_settings(APP_API_TOKENS={"ietf.api.views_rpc": ["valid-token"]})
+    def test_refresh_rfc_index(self):
+        DirtyBits.objects.create(
+            slug=DirtyBits.Slugs.RFCINDEX,
+            dirty_time=timezone.now() - datetime.timedelta(days=1),
+            processed_time=timezone.now() - datetime.timedelta(hours=12),
+        )
+        self.assertFalse(rfcindex_is_dirty())
+        url = urlreverse("ietf.api.purple_api.refresh_rfc_index")
+        response = self.client.get(url)
+        self.assertEqual(response.status_code, 403)
+        response = self.client.get(url, headers={"X-Api-Key": "invalid-token"})
+        self.assertEqual(response.status_code, 403)
+        response = self.client.get(url, headers={"X-Api-Key": "valid-token"})
+        self.assertEqual(response.status_code, 405)
+        self.assertFalse(rfcindex_is_dirty())
+        response = self.client.post(url, headers={"X-Api-Key": "valid-token"})
+        self.assertEqual(response.status_code, 202)
+        self.assertTrue(rfcindex_is_dirty())
+
+    def test_destination_helper_mixin_fs_destination(self):
+        file_list = [f"rfc31337.{ext}" for ext in ["txt", "xml", "pdf", "html"]]
+        for filename in file_list:
+            self.assertEqual(
+                DestinationHelperMixin().fs_destination(filename),
+                Path(f"{settings.RFC_PATH}") / filename,
             )
+        # noteprepped xml
+        filename = "rfc31337.notprepped.xml"
+        self.assertEqual(
+            DestinationHelperMixin().fs_destination(filename),
+            Path(f"{settings.RFC_PATH}/prerelease") / filename,
+        )
 
-            # re-post with replace = False should now fail
-            r = self.client.post(
+    def test_destination_helper_mixin_blob_destination(self):
+        file_list = {ext: f"rfc31337.{ext}" for ext in ["txt", "xml", "pdf", "html"]}
+        for file_type, filename in file_list.items():
+            self.assertEqual(
+                DestinationHelperMixin().blob_destination(filename),
+                f"{file_type}/{filename}",
+            )
+        # noteprepped xml
+        filename = "rfc31337.notprepped.xml"
+        self.assertEqual(
+            DestinationHelperMixin().blob_destination(filename),
+            f"notprepped/{filename}",
+        )
+
+    @override_settings(APP_API_TOKENS={"ietf.api.views_rpc": ["valid-token"]})
+    @mock.patch("ietf.api.views_rpc.process_rpc_queue_task.delay")
+    def test_process_rpc_queue(self, mock_task_delay):
+        url = urlreverse("ietf.api.purple_api.process_rpc_queue")
+        queue_entries = [
+            {
+                "id": 9850,
+                "name": "draft-ietf-netmod-system-config",
+                "title": "System-defined Configuration",
+                "draft_url": "http://localhost:8000/doc/draft-ietf-netmod-system-config-20",
+                "disposition": "in_progress",
+                "external_deadline": None,
+                "labels": [],
+                "cluster": None,
+                "assignment_set": [
+                    {
+                        "id": 434,
+                        "rfc_to_be": 9850,
+                        "role": "first_editor",
+                        "state": "in_progress",
+                    }
+                ],
+                "actionholder_set": [],
+                "pending_activities": [],
+                "rfc_number": None,
+                "pages": 33,
+                "enqueued_at": "2026-01-26T12:00:00Z",
+                "final_approval": [],
+                "iana_status": {
+                    "slug": "completed",
+                    "name": "completed",
+                    "desc": "IANA has completed actions in draft",
+                },
+                "blocking_reasons": [],
+                "authors": [{"titlepage_name": "Q. Ma", "is_editor": True}],
+                "approval_log_message": [],
+                "stream": "ietf",
+                "group": "netmod",
+                "group_name": "Network Modeling",
+                "std_level": "ps",
+                "references": [],
+                "rev": "20",
+            }
+        ]
+        queue_data = {"data": queue_entries}
+
+        # no credentials
+        response = self.client.post(
+            url, data=queue_data, content_type="application/json"
+        )
+        self.assertEqual(response.status_code, 403)
+        mock_task_delay.assert_not_called()
+
+        # invalid token
+        response = self.client.post(
+            url,
+            data=queue_data,
+            content_type="application/json",
+            headers={"X-Api-Key": "invalid-token"},
+        )
+        self.assertEqual(response.status_code, 403)
+        mock_task_delay.assert_not_called()
+
+        # valid token, wrong method
+        response = self.client.get(url, headers={"X-Api-Key": "valid-token"})
+        self.assertEqual(response.status_code, 405)
+        mock_task_delay.assert_not_called()
+
+        # valid token, missing "data" field
+        response = self.client.post(
+            url,
+            data={},
+            content_type="application/json",
+            headers={"X-Api-Key": "valid-token"},
+        )
+        self.assertEqual(response.status_code, 400)
+        mock_task_delay.assert_not_called()
+
+        # valid token, POST with data
+        response = self.client.post(
+            url,
+            data=queue_data,
+            content_type="application/json",
+            headers={"X-Api-Key": "valid-token"},
+        )
+        self.assertEqual(response.status_code, 202)
+        mock_task_delay.assert_called_once_with(queue_entries)
+
+    @override_settings(APP_API_TOKENS={"ietf.api.views_rpc": ["valid-token"]})
+    @mock.patch("ietf.api.serializers_rpc.update_rfc_searchindex_task.delay")
+    @mock.patch("ietf.api.serializers_rpc.trigger_red_precomputer_task.delay")
+    @mock.patch("ietf.api.views_rpc.update_rfc_json_task.delay")
+    def test_rfc_patch_triggers_json_update(
+        self, mock_delay, mock_precompute_delay, mock_searchindex_delay
+    ):
+        """PATCHing RFC metadata dispatches update_rfc_json_task for that RFC."""
+        rfc = WgRfcFactory()
+        url = urlreverse(
+            "ietf.api.purple_api.rfc-detail", kwargs={"rfc_number": rfc.rfc_number}
+        )
+        patch_data = {"title": "Updated Title"}
+        with self.captureOnCommitCallbacks(execute=True):
+            r = self.client.patch(
                 url,
-                _valid_post_data(),
-                format="multipart",
+                data=patch_data,
+                format="json",
                 headers={"X-Api-Key": "valid-token"},
             )
-            self.assertEqual(r.status_code, 409)  # conflict
-            
-            # re-post with replace = True should succeed
+        self.assertEqual(r.status_code, 200)
+        mock_delay.assert_called_once_with([rfc.rfc_number])
+
+    @override_settings(APP_API_TOKENS={"ietf.api.views_rpc": ["valid-token"]})
+    @mock.patch("ietf.doc.tasks.signal_update_rfc_metadata_task.delay")
+    @mock.patch("ietf.api.views_rpc.update_rfc_json_task.delay")
+    def test_rfc_publish_triggers_related_json_update(
+        self, mock_json_delay, mock_signal_delay
+    ):
+        """Publishing an RFC that obsoletes/updates existing RFCs triggers JSON update for related RFCs only."""
+        url = urlreverse("ietf.api.purple_api.notify_rfc_published")
+        area = GroupFactory(type_id="area")
+        rfc_group = GroupFactory(type_id="wg")
+        draft = WgDraftFactory(group__parent=area, stream_id="ietf")
+        obsoletes = RfcFactory.create_batch(2)
+        updates = RfcFactory.create_batch(1)
+        unused_rfc_number = (
+            Document.objects.filter(rfc_number__isnull=False).aggregate(
+                unused_rfc_number=Max("rfc_number") + 1
+            )["unused_rfc_number"]
+            or 20000
+        )
+        post_data = {
+            "published": "2025-06-01T00:00:00Z",
+            "draft_name": draft.name,
+            "draft_rev": draft.rev,
+            "rfc_number": unused_rfc_number,
+            "title": "New RFC",
+            "authors": [],
+            "group": rfc_group.acronym,
+            "stream": "ietf",
+            "abstract": "Abstract.",
+            "pages": 10,
+            "std_level": "ps",
+            "obsoletes": [o.rfc_number for o in obsoletes],
+            "updates": [u.rfc_number for u in updates],
+            "subseries": [],
+        }
+        with self.captureOnCommitCallbacks(execute=True):
             r = self.client.post(
                 url,
-                _valid_post_data() | {"replace": True},
-                format="multipart",
+                data=post_data,
+                format="json",
                 headers={"X-Api-Key": "valid-token"},
             )
-            self.assertEqual(r.status_code, 200)  # conflict
+        self.assertEqual(r.status_code, 200)
+
+        # JSON update fired only for related RFCs, not for the new RFC itself
+        expected_related = sorted(
+            {o.rfc_number for o in obsoletes} | {u.rfc_number for u in updates}
+        )
+        mock_json_delay.assert_called_once_with(expected_related)
+        self.assertNotIn(unused_rfc_number, mock_json_delay.call_args[0][0])
diff --git a/ietf/api/urls_rpc.py b/ietf/api/urls_rpc.py
index 9d41ac137f..07f2cf8751 100644
--- a/ietf/api/urls_rpc.py
+++ b/ietf/api/urls_rpc.py
@@ -30,7 +30,17 @@
         views_rpc.RfcPubFilesView.as_view(),
         name="ietf.api.purple_api.upload_rfc_files",
     ),
+    path(
+        r"rfc_index/refresh/",
+        views_rpc.RfcIndexView.as_view(),
+        name="ietf.api.purple_api.refresh_rfc_index",
+    ),
     path(r"subject/<str:subject_id>/person/", views_rpc.SubjectPersonView.as_view()),
+    path(
+        r"queue/process/",
+        views_rpc.ProcessRpcQueueView.as_view(),
+        name="ietf.api.purple_api.process_rpc_queue",
+    ),
 ]
 
 # add routers at the end so individual routes can steal parts of their address
diff --git a/ietf/api/views_rpc.py b/ietf/api/views_rpc.py
index 8862bbf866..0c9e98e2dc 100644
--- a/ietf/api/views_rpc.py
+++ b/ietf/api/views_rpc.py
@@ -5,7 +5,7 @@
 from tempfile import TemporaryDirectory
 
 from django.conf import settings
-from django.db import IntegrityError
+from django.db import IntegrityError, transaction
 from drf_spectacular.utils import OpenApiParameter
 from rest_framework import mixins, parsers, serializers, viewsets, status
 from rest_framework.decorators import action
@@ -32,14 +32,23 @@
     EmailPersonSerializer,
     RfcWithAuthorsSerializer,
     DraftWithAuthorsSerializer,
-    NotificationAckSerializer, RfcPubSerializer, RfcFileSerializer,
+    NotificationAckSerializer,
+    RfcPubSerializer,
+    RfcFileSerializer,
     EditableRfcSerializer,
 )
 from ietf.doc.models import Document, DocHistory, RfcAuthor, DocEvent
 from ietf.doc.serializers import RfcAuthorSerializer
 from ietf.doc.storage_utils import remove_from_storage, store_file, exists_in_storage
-from ietf.doc.tasks import signal_update_rfc_metadata_task
+from ietf.doc.tasks import (
+    signal_update_rfc_metadata_task,
+    rebuild_reference_relations_task,
+    trigger_red_precomputer_task,
+    update_rfc_searchindex_task,
+)
 from ietf.person.models import Email, Person
+from ietf.sync.rfcindex import mark_rfcindex_as_dirty
+from ietf.sync.tasks import process_rpc_queue_task, update_rfc_json_task
 
 
 class Conflict(APIException):
@@ -204,19 +213,19 @@ def submitted_to_rpc(self, request):
         Those queries overreturn - there may be things, particularly not from the IETF stream that are already in the queue.
         """
         ietf_docs = Q(states__type_id="draft-iesg", states__slug__in=["ann"])
-        irtf_iab_ise_docs = Q(
+        irtf_iab_ise_editorial_docs = Q(
             states__type_id__in=[
                 "draft-stream-iab",
                 "draft-stream-irtf",
                 "draft-stream-ise",
+                "draft-stream-editorial",
             ],
             states__slug__in=["rfc-edit"],
         )
-        # TODO: Need a way to talk about editorial stream docs
         docs = (
             self.get_queryset()
             .filter(type_id="draft")
-            .filter(ietf_docs | irtf_iab_ise_docs)
+            .filter(ietf_docs | irtf_iab_ise_editorial_docs)
         )
         serializer = self.get_serializer(docs, many=True)
         return Response(serializer.data)
@@ -288,6 +297,8 @@ def perform_update(self, serializer):
             desc="Metadata update from RFC Editor",
         )
         super().perform_update(serializer)
+        rfc_number = serializer.instance.rfc_number
+        transaction.on_commit(lambda: update_rfc_json_task.delay([rfc_number]))
 
     @action(detail=False, serializer_class=OriginalStreamSerializer)
     def rfc_original_stream(self, request):
@@ -338,9 +349,10 @@ def post(self, request):
 
 class RfcAuthorViewSet(viewsets.ReadOnlyModelViewSet):
     """ViewSet for RfcAuthor model
-    
+
     Router needs to provide rfc_number as a kwarg
     """
+
     api_key_endpoint = "ietf.api.views_rpc"
 
     queryset = RfcAuthor.objects.all()
@@ -359,7 +371,38 @@ def get_queryset(self):
         )
 
 
-class RfcPubNotificationView(APIView):
+class DestinationHelperMixin:
+    def fs_destination(self, filename: str | Path) -> Path:
+        """Destination for an uploaded RFC file in the filesystem
+
+        Strips any path components in filename and returns an absolute Path.
+        """
+        rfc_path = Path(settings.RFC_PATH)
+        filename = Path(filename)  # could potentially have directory components
+        extension = "".join(filename.suffixes)
+        if extension == ".notprepped.xml":
+            return rfc_path / "prerelease" / filename.name
+        return rfc_path / filename.name
+
+    def blob_destination(self, filename: str | Path) -> str:
+        """Destination name for an uploaded RFC file in the blob store
+
+        Strips any path components in filename and returns an absolute Path.
+        """
+        filename = Path(filename)  # could potentially have directory components
+        extension = "".join(filename.suffixes)
+        if extension == ".notprepped.xml":
+            file_type = "notprepped"
+        elif extension[0] == ".":
+            file_type = extension[1:]
+        else:
+            raise serializers.ValidationError(
+                f"Extension does not begin with '.'!? ({filename})",
+            )
+        return f"{file_type}/{filename.name}"
+
+
+class RfcPubNotificationView(DestinationHelperMixin, APIView):
     api_key_endpoint = "ietf.api.views_rpc"
 
     @extend_schema(
@@ -371,6 +414,30 @@ class RfcPubNotificationView(APIView):
     def post(self, request):
         serializer = RfcPubSerializer(data=request.data)
         serializer.is_valid(raise_exception=True)
+        # Check blobstore & filesystem for conflicts
+        rfc_number = serializer.validated_data["rfc_number"]
+        dest_stem = f"rfc{rfc_number}"
+        blob_kind = "rfc"
+        possible_rfc_files = [
+            self.fs_destination(dest_stem + ext)
+            for ext in RfcFileSerializer.allowed_extensions
+        ]
+        possible_rfc_blobs = [
+            self.blob_destination(dest_stem + ext)
+            for ext in RfcFileSerializer.allowed_extensions
+        ]
+        for possible_existing_file in possible_rfc_files:
+            if possible_existing_file.exists():
+                raise Conflict(
+                    "File(s) already exist for this RFC",
+                    code="files-exist",
+                )
+        for possible_existing_blob in possible_rfc_blobs:
+            if exists_in_storage(kind=blob_kind, name=possible_existing_blob):
+                raise Conflict(
+                    "Blob(s) already exist for this RFC",
+                    code="blobs-exist",
+                )
         # Create RFC
         try:
             rfc = serializer.save()
@@ -392,42 +459,18 @@ def post(self, request):
         )
         rfc_number_list = sorted(set(rfc_number_list))
         signal_update_rfc_metadata_task.delay(rfc_number_list=rfc_number_list)
+        related_numbers = sorted(
+            {d.rfc_number for d in rfc.related_that_doc(("updates", "obs"))}
+        )
+        if related_numbers:
+            transaction.on_commit(lambda: update_rfc_json_task.delay(related_numbers))
         return Response(NotificationAckSerializer().data)
 
 
-class RfcPubFilesView(APIView):
+class RfcPubFilesView(DestinationHelperMixin, APIView):
     api_key_endpoint = "ietf.api.views_rpc"
     parser_classes = [parsers.MultiPartParser]
 
-    def _fs_destination(self, filename: str | Path) -> Path:
-        """Destination for an uploaded RFC file in the filesystem
-        
-        Strips any path components in filename and returns an absolute Path.
-        """
-        rfc_path = Path(settings.RFC_PATH)
-        filename = Path(filename)  # could potentially have directory components
-        extension = "".join(filename.suffixes)
-        if extension == ".notprepped.xml":
-            return rfc_path / "prerelease" / filename.name
-        return rfc_path / filename.name
-
-    def _blob_destination(self, filename: str | Path) -> str:
-        """Destination name for an uploaded RFC file in the blob store
-        
-        Strips any path components in filename and returns an absolute Path.
-        """
-        filename = Path(filename)  # could potentially have directory components
-        extension = "".join(filename.suffixes)
-        if extension == ".notprepped.xml":
-            file_type = "notprepped"
-        elif extension[0] == ".":
-            file_type = extension[1:]
-        else:
-            raise serializers.ValidationError(
-                f"Extension does not begin with '.'!? ({filename})",
-            )
-        return f"{file_type}/{filename.name}"
-
     @extend_schema(
         operation_id="upload_rfc_files",
         summary="Upload files for a published RFC",
@@ -450,11 +493,11 @@ def post(self, request):
 
         # List of files that might exist for an RFC
         possible_rfc_files = [
-            self._fs_destination(dest_stem + ext)
+            self.fs_destination(dest_stem + ext)
             for ext in serializer.allowed_extensions
         ]
         possible_rfc_blobs = [
-            self._blob_destination(dest_stem + ext)
+            self.blob_destination(dest_stem + ext)
             for ext in serializer.allowed_extensions
         ]
         if not replace:
@@ -466,9 +509,7 @@ def post(self, request):
                         code="files-exist",
                     )
             for possible_existing_blob in possible_rfc_blobs:
-                if exists_in_storage(
-                    kind=blob_kind, name=possible_existing_blob
-                ):
+                if exists_in_storage(kind=blob_kind, name=possible_existing_blob):
                     raise Conflict(
                         "Blob(s) already exist for this RFC",
                         code="blobs-exist",
@@ -501,13 +542,13 @@ def post(self, request):
                 with ftm.open("rb") as f:
                     store_file(
                         kind=blob_kind,
-                        name=self._blob_destination(ftm),
+                        name=self.blob_destination(ftm),
                         file=f,
                         doc_name=rfc.name,
                         doc_rev=rfc.rev,  # expect blank, but match whatever it is
                         mtime=mtime,
                     )
-                destination = self._fs_destination(ftm)
+                destination = self.fs_destination(ftm)
                 if (
                     settings.SERVER_MODE != "production"
                     and not destination.parent.exists()
@@ -515,4 +556,52 @@ def post(self, request):
                     destination.parent.mkdir()
                 shutil.move(ftm, destination)
 
+        # Trigger red precomputer
+        needs_updating = [rfc.rfc_number]
+        for rel in rfc.relateddocument_set.filter(
+            relationship_id__in=["obs", "updates"]
+        ):
+            needs_updating.append(rel.target.rfc_number)
+        trigger_red_precomputer_task.delay(rfc_number_list=sorted(needs_updating))
+        # Trigger search index update
+        update_rfc_searchindex_task.delay(rfc.rfc_number)
+        # Trigger reference relation srebuild
+        rebuild_reference_relations_task.delay(doc_names=[rfc.name])
+
         return Response(NotificationAckSerializer().data)
+
+
+class RfcIndexView(APIView):
+    api_key_endpoint = "ietf.api.views_rpc"
+
+    @extend_schema(
+        operation_id="refresh_rfc_index",
+        summary="Refresh rfc-index files",
+        description="Requests creation of various index files.",
+        responses={202: None},
+        request=None,
+    )
+    def post(self, request):
+        mark_rfcindex_as_dirty()
+        return Response(status=202)
+
+
+class RpcQueueDataSerializer(serializers.Serializer):
+    data = serializers.JSONField()
+
+
+class ProcessRpcQueueView(APIView):
+    api_key_endpoint = "ietf.api.views_rpc"
+
+    @extend_schema(
+        operation_id="process_rpc_queue",
+        summary="Process the provided RPC queue",
+        description="Schedules parsing the provided queue to update documents with change dqueue data",
+        responses={202: None},
+        request=RpcQueueDataSerializer,
+    )
+    def post(self, request):
+        serializer = RpcQueueDataSerializer(data=request.data)
+        serializer.is_valid(raise_exception=True)
+        process_rpc_queue_task.delay(serializer.validated_data["data"])
+        return Response(status=202)
diff --git a/ietf/blobdb/admin.py b/ietf/blobdb/admin.py
index 3e1a2a311f..44a30d1d7f 100644
--- a/ietf/blobdb/admin.py
+++ b/ietf/blobdb/admin.py
@@ -1,9 +1,12 @@
-# Copyright The IETF Trust 2025, All Rights Reserved
+# Copyright The IETF Trust 2025-2026, All Rights Reserved
 from django.contrib import admin
+from django.db.models import QuerySet
 from django.db.models.functions import Length
 from rangefilter.filters import DateRangeQuickSelectListFilterBuilder
 
+from .apps import get_blobdb
 from .models import Blob, ResolvedMaterial
+from .utils import queue_for_replication
 
 
 @admin.register(Blob)
@@ -17,6 +20,7 @@ class BlobAdmin(admin.ModelAdmin):
     ]
     search_fields = ["name"]
     list_display_links = ["name"]
+    actions = ["replicate_blob"]
 
     def get_queryset(self, request):
         return (
@@ -30,6 +34,20 @@ def object_size(self, instance):
         """Get the size of the object"""
         return instance.object_size  # annotation added in get_queryset()
 
+    @admin.action(description="Replicate blobs")
+    def replicate_blob(self, request, queryset: QuerySet[Blob]):
+        blob_count = 0
+        for blob in queryset.all():
+            if isinstance(blob, Blob):
+                queue_for_replication(
+                    bucket=blob.bucket, name=blob.name, using=get_blobdb()
+                )
+                blob_count += 1
+        self.message_user(
+            request,
+            f"Queued replication of a total of {blob_count} Blob(s)",
+        )
+
 
 @admin.register(ResolvedMaterial)
 class ResolvedMaterialAdmin(admin.ModelAdmin):
diff --git a/ietf/blobdb/models.py b/ietf/blobdb/models.py
index 27325ada5d..6dbb615fa0 100644
--- a/ietf/blobdb/models.py
+++ b/ietf/blobdb/models.py
@@ -1,14 +1,11 @@
-# Copyright The IETF Trust 2025, All Rights Reserved
-import json
-from functools import partial
+# Copyright The IETF Trust 2025-2026, All Rights Reserved
 from hashlib import sha384
 
 from django.db import models, transaction
 from django.utils import timezone
 
 from .apps import get_blobdb
-from .replication import replication_enabled
-from .tasks import pybob_the_blob_replicator_task
+from .utils import queue_for_replication
 
 
 class BlobQuerySet(models.QuerySet):
@@ -81,24 +78,8 @@ def delete(self, **kwargs):
             self._emit_blob_change_event(using=db)
         return retval
 
-    def _emit_blob_change_event(self, using=None):
-        if not replication_enabled(self.bucket):
-            return
-
-        # For now, fire a celery task we've arranged to guarantee in-order processing.
-        # Later becomes pushing an event onto a queue to a dedicated worker.
-        transaction.on_commit(
-            partial(
-                pybob_the_blob_replicator_task.delay,
-                json.dumps(
-                    {
-                        "name": self.name,
-                        "bucket": self.bucket,
-                    }
-                )
-            ),
-            using=using,
-        )
+    def _emit_blob_change_event(self, using: str | None=None):
+        queue_for_replication(self.bucket, self.name, using=using)
 
 
 class ResolvedMaterial(models.Model):
diff --git a/ietf/blobdb/storage.py b/ietf/blobdb/storage.py
index 4213ec801d..e304dabc5d 100644
--- a/ietf/blobdb/storage.py
+++ b/ietf/blobdb/storage.py
@@ -1,4 +1,4 @@
-# Copyright The IETF Trust 2025, All Rights Reserved
+# Copyright The IETF Trust 2025-2026, All Rights Reserved
 from typing import Optional
 
 from django.core.exceptions import SuspiciousFileOperation
@@ -10,6 +10,7 @@
 
 from ietf.utils.storage import MetadataFile
 from .models import Blob
+from .utils import queue_for_replication
 
 
 class BlobFile(MetadataFile):
@@ -94,3 +95,12 @@ def get_available_name(self, name, max_length=None):
                 f"asked to store the name '{name[:5]}...{name[-5:]} of length {len(name)}"
             )
         return name  # overwrite is permitted
+
+    def force_replication(self, name: str):
+        """Force replication of a blob by name
+
+        Be careful with this - replication includes replicating deletion of blobs, so
+        if you call it with a name that does not exist in blobdb, it will be removed
+        from R2 if it exists there!
+        """
+        queue_for_replication(bucket=self.bucket_name, name=name)
diff --git a/ietf/blobdb/utils.py b/ietf/blobdb/utils.py
new file mode 100644
index 0000000000..93f8f2f521
--- /dev/null
+++ b/ietf/blobdb/utils.py
@@ -0,0 +1,32 @@
+# Copyright The IETF Trust 2026, All Rights Reserved
+import json
+from functools import partial
+
+from django.db import transaction
+
+from ietf.blobdb.replication import replication_enabled
+from ietf.blobdb.tasks import pybob_the_blob_replicator_task
+
+
+def queue_for_replication(bucket: str, name: str, using: str | None=None):
+    """Queue a blob for replication
+    
+    This is private to the blobdb app. Do not call it directly from other apps.
+    """
+    if not replication_enabled(bucket):
+        return
+
+    # For now, fire a celery task we've arranged to guarantee in-order processing.
+    # Later becomes pushing an event onto a queue to a dedicated worker.
+    transaction.on_commit(
+        partial(
+            pybob_the_blob_replicator_task.delay,
+            json.dumps(
+                {
+                    "name": name,
+                    "bucket": bucket,
+                }
+            )
+        ),
+        using=using,
+    )
diff --git a/ietf/doc/admin.py b/ietf/doc/admin.py
index b604d4f096..86f5ac5fda 100644
--- a/ietf/doc/admin.py
+++ b/ietf/doc/admin.py
@@ -5,6 +5,7 @@
 from django.contrib import admin
 from django.db import models
 from django import forms
+from django.db.models import QuerySet
 from rangefilter.filters import DateRangeQuickSelectListFilterBuilder
 
 from .models import (StateType, State, RelatedDocument, DocumentAuthor, Document, RelatedDocHistory,
@@ -14,10 +15,13 @@
     AddedMessageEvent, SubmissionDocEvent, DeletedEvent, EditedAuthorsDocEvent, DocumentURL,
     ReviewAssignmentDocEvent, IanaExpertDocEvent, IRSGBallotDocEvent, DocExtResource, DocumentActionHolder,
     BofreqEditorDocEvent, BofreqResponsibleDocEvent, StoredObject, RfcAuthor,
-    EditedRfcAuthorsDocEvent)
+    EditedRfcAuthorsDocEvent, RpcAssignmentDocEvent)
 
 from ietf.utils.admin import SaferTabularInline
 from ietf.utils.validators import validate_external_resource_value
+from .storage_utils import force_replication
+from .utils import replicate_stored_objects_for_document
+
 
 class StateTypeAdmin(admin.ModelAdmin):
     list_display = ["slug", "label"]
@@ -73,7 +77,9 @@ class DocumentAuthorAdmin(admin.ModelAdmin):
     search_fields = ['document__name', 'person__name', 'email__address', 'affiliation', 'country']
     raw_id_fields = ["document", "person", "email"]
 admin.site.register(DocumentAuthor, DocumentAuthorAdmin)
-    
+
+
+
 class DocumentAdmin(admin.ModelAdmin):
     list_display = ['name', 'rev', 'group', 'pages', 'intended_std_level', 'author_list', 'time']
     search_fields = ['name']
@@ -81,6 +87,7 @@ class DocumentAdmin(admin.ModelAdmin):
     raw_id_fields = ['group', 'shepherd', 'ad']
     inlines = [DocAuthorInline, DocActionHolderInline, RelatedDocumentInline, AdditionalUrlInLine]
     form = DocumentForm
+    actions = ["replicate_stored_objects"]
 
     def save_model(self, request, obj, form, change):
         e = DocEvent.objects.create(
@@ -95,6 +102,22 @@ def save_model(self, request, obj, form, change):
     def state(self, instance):
         return self.get_state()
 
+    @admin.action(description="Replicate related blobs")
+    def replicate_stored_objects(self, request, queryset: QuerySet[Document]):
+        doc_count = 0
+        stored_obj_count = 0
+        for doc in queryset.all():
+            doc_count += 1
+            if isinstance(doc, Document):
+                stored_obj_count += replicate_stored_objects_for_document(doc)
+        self.message_user(
+            request,
+            (
+                f"Queued replication of a total of {stored_obj_count} StoredObject(s) "
+                f"for {doc_count} Document(s)"
+            )
+        )
+
 admin.site.register(Document, DocumentAdmin)
 
 class DocHistoryAdmin(admin.ModelAdmin):
@@ -206,6 +229,10 @@ class SubmissionDocEventAdmin(DocEventAdmin):
     raw_id_fields = DocEventAdmin.raw_id_fields + ["submission"]
 admin.site.register(SubmissionDocEvent, SubmissionDocEventAdmin)
 
+class RpcAssignmentDocEventAdmin(DocEventAdmin):
+    search_fields = DocEventAdmin.search_fields + ["assignments"]
+admin.site.register(RpcAssignmentDocEvent, RpcAssignmentDocEventAdmin)
+
 class DocumentUrlAdmin(admin.ModelAdmin):
     list_display = ['id', 'doc', 'tag', 'url', 'desc', ]
     search_fields = ['doc__name', 'url', ]
@@ -232,16 +259,31 @@ class StoredObjectAdmin(admin.ModelAdmin):
     ]
     search_fields = ['name', 'doc_name', 'doc_rev']
     list_display_links = ['name']
+    actions = ["replicate_stored_object"]
 
     @admin.display(boolean=True, description="Deleted?", ordering="deleted")
     def is_deleted(self, instance):
         return instance.deleted is not None
-    
+
+    @admin.action(description="Replicate related blobs")
+    def replicate_stored_object(self, request, queryset: QuerySet[StoredObject]):
+        stored_obj_count = 0
+        for stored_object in queryset.all():
+            if isinstance(stored_object, StoredObject):
+                force_replication(kind=stored_object.store, name=stored_object.name)
+                stored_obj_count += 1
+        self.message_user(
+            request,
+            f"Queued replication of a total of {stored_obj_count} StoredObject(s)",
+        )
+
 
 admin.site.register(StoredObject, StoredObjectAdmin)
 
 class RfcAuthorAdmin(admin.ModelAdmin):
+    # the email field in the list_display/readonly_fields works through a @property
     list_display = ['id', 'document', 'titlepage_name', 'person', 'email', 'affiliation', 'country', 'order']
-    search_fields = ['document__name', 'titlepage_name', 'person__name', 'email', 'affiliation', 'country']
+    search_fields = ['document__name', 'titlepage_name', 'person__name', 'person__email__address', 'affiliation', 'country']
     raw_id_fields = ["document", "person"]
+    readonly_fields = ["email"]
 admin.site.register(RfcAuthor, RfcAuthorAdmin)
diff --git a/ietf/doc/api.py b/ietf/doc/api.py
index 75993f463e..73fff6b27f 100644
--- a/ietf/doc/api.py
+++ b/ietf/doc/api.py
@@ -4,13 +4,11 @@
 from django.db.models import (
     BooleanField,
     Count,
-    JSONField,
     OuterRef,
     Prefetch,
     Q,
     QuerySet,
     Subquery,
-    Value,
 )
 from django.db.models.functions import TruncDate
 from django_filters import rest_framework as filters
@@ -160,10 +158,6 @@ def augment_rfc_queryset(queryset: QuerySet[Document]):
                 output_field=BooleanField(),
             )
         )
-        .annotate(
-            # TODO implement this fake field for real
-            keywords=Value(["keyword"], output_field=JSONField()),
-        )
     )
 
 
diff --git a/ietf/doc/factories.py b/ietf/doc/factories.py
index bc38765446..1a178c6f31 100644
--- a/ietf/doc/factories.py
+++ b/ietf/doc/factories.py
@@ -311,6 +311,12 @@ class Meta:
     def desc(self):
          return 'New version available %s-%s'%(self.doc.name,self.rev)
 
+class PublishedRfcDocEventFactory(DocEventFactory):
+    class Meta:
+        model = DocEvent
+    type = "published_rfc"
+    doc = factory.SubFactory(WgRfcFactory)
+
 class StateDocEventFactory(DocEventFactory):
     class Meta:
         model = StateDocEvent
diff --git a/ietf/doc/feeds.py b/ietf/doc/feeds.py
index 500ed3cb18..7472b14c18 100644
--- a/ietf/doc/feeds.py
+++ b/ietf/doc/feeds.py
@@ -1,11 +1,11 @@
-# Copyright The IETF Trust 2007-2020, All Rights Reserved
-# -*- coding: utf-8 -*-
+# Copyright The IETF Trust 2007-2026, All Rights Reserved
 
 import debug  # pyflakes:ignore
 
 import datetime
 import unicodedata
 
+from django.conf import settings
 from django.contrib.syndication.views import Feed, FeedDoesNotExist
 from django.utils.feedgenerator import Atom1Feed, Rss201rev2Feed
 from django.urls import reverse as urlreverse
@@ -224,7 +224,7 @@ def item_extra_kwargs(self, item):
         extra.update({"dcterms_accessRights": "gratis"})
         extra.update({"dcterms_format": "text/html"})
         media_contents = []
-        if item.rfc_number < 8650:
+        if item.rfc_number < settings.FIRST_V3_RFC:
             if item.rfc_number not in [8, 9, 51, 418, 500, 530, 589]:
                 for fmt, media_type in [("txt", "text/plain"), ("html", "text/html")]:
                     media_contents.append(
@@ -234,14 +234,6 @@ def item_extra_kwargs(self, item):
                             "is_format_of": self.item_link(item),
                         }
                     )
-            if item.rfc_number not in [571, 587]:
-                media_contents.append(
-                    {
-                        "url": f"https://www.rfc-editor.org/rfc/pdfrfc/{item.name}.txt.pdf",
-                        "media_type": "application/pdf",
-                        "is_format_of": self.item_link(item),
-                    }
-                )
         else:
             media_contents.append(
                 {
@@ -263,9 +255,11 @@ def item_extra_kwargs(self, item):
                 )
         extra.update({"media_contents": media_contents})
 
-        extra.update({"doi": "10.17487/%s" % item.name.upper()})
         extra.update(
-            {"doiuri": "http://dx.doi.org/10.17487/%s" % item.name.upper()}
+            {
+                "doi": item.doi,
+                "doiuri": f"https://doi.org/{item.doi}",
+            }
         )
 
         # R104 Publisher (Mandatory - but we need a string from them first)
diff --git a/ietf/doc/migrations/0033_dochistory_keywords_document_keywords.py b/ietf/doc/migrations/0033_dochistory_keywords_document_keywords.py
new file mode 100644
index 0000000000..5e2513e15a
--- /dev/null
+++ b/ietf/doc/migrations/0033_dochistory_keywords_document_keywords.py
@@ -0,0 +1,31 @@
+# Copyright The IETF Trust 2026, All Rights Reserved
+
+from django.db import migrations, models
+import ietf.doc.models
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ("doc", "0032_remove_rfcauthor_email"),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name="dochistory",
+            name="keywords",
+            field=models.JSONField(
+                default=list,
+                max_length=1000,
+                validators=[ietf.doc.models.validate_doc_keywords],
+            ),
+        ),
+        migrations.AddField(
+            model_name="document",
+            name="keywords",
+            field=models.JSONField(
+                default=list,
+                max_length=1000,
+                validators=[ietf.doc.models.validate_doc_keywords],
+            ),
+        ),
+    ]
diff --git a/ietf/doc/migrations/0034_alter_dochistory_keywords_alter_document_keywords.py b/ietf/doc/migrations/0034_alter_dochistory_keywords_alter_document_keywords.py
new file mode 100644
index 0000000000..2b89b67e88
--- /dev/null
+++ b/ietf/doc/migrations/0034_alter_dochistory_keywords_alter_document_keywords.py
@@ -0,0 +1,33 @@
+# Copyright The IETF Trust 2026, All Rights Reserved
+
+from django.db import migrations, models
+import ietf.doc.models
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ("doc", "0033_dochistory_keywords_document_keywords"),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name="dochistory",
+            name="keywords",
+            field=models.JSONField(
+                blank=True,
+                default=list,
+                max_length=1000,
+                validators=[ietf.doc.models.validate_doc_keywords],
+            ),
+        ),
+        migrations.AlterField(
+            model_name="document",
+            name="keywords",
+            field=models.JSONField(
+                blank=True,
+                default=list,
+                max_length=1000,
+                validators=[ietf.doc.models.validate_doc_keywords],
+            ),
+        ),
+    ]
diff --git a/ietf/doc/migrations/0035_add_rpc_queue_draft_rfceditor_states.py b/ietf/doc/migrations/0035_add_rpc_queue_draft_rfceditor_states.py
new file mode 100644
index 0000000000..9805970ef0
--- /dev/null
+++ b/ietf/doc/migrations/0035_add_rpc_queue_draft_rfceditor_states.py
@@ -0,0 +1,31 @@
+# Copyright The IETF Trust 2026, All Rights Reserved
+
+from django.db import migrations
+
+
+def forward(apps, schema_editor):
+    State = apps.get_model("doc", "State")
+    for slug, name in [("in_progress", "In Progress"), ("blocked", "Blocked")]:
+        State.objects.get_or_create(
+            type_id="draft-rfceditor",
+            slug=slug,
+            defaults={"name": name, "used": True, "desc": "", "order": 0},
+        )
+
+
+def reverse(apps, schema_editor):
+    State = apps.get_model("doc", "State")
+    Document = apps.get_model("doc", "Document")
+    for slug in ("in_progress", "blocked"):
+        assert not Document.objects.filter(
+            states__type="draft-rfceditor", states__slug=slug
+        ).exists()
+        State.objects.filter(type_id="draft-rfceditor", slug=slug).delete()
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ("doc", "0034_alter_dochistory_keywords_alter_document_keywords"),
+    ]
+
+    operations = [migrations.RunPython(forward, reverse)]
diff --git a/ietf/doc/migrations/0036_alter_docevent_type.py b/ietf/doc/migrations/0036_alter_docevent_type.py
new file mode 100644
index 0000000000..1cc11d4ee9
--- /dev/null
+++ b/ietf/doc/migrations/0036_alter_docevent_type.py
@@ -0,0 +1,92 @@
+# Copyright The IETF Trust 2026, All Rights Reserved
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ("doc", "0035_add_rpc_queue_draft_rfceditor_states"),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name="docevent",
+            name="type",
+            field=models.CharField(
+                choices=[
+                    ("new_revision", "Added new revision"),
+                    ("new_submission", "Uploaded new revision"),
+                    ("changed_document", "Changed document metadata"),
+                    ("added_comment", "Added comment"),
+                    ("added_message", "Added message"),
+                    ("edited_authors", "Edited the documents author list"),
+                    ("deleted", "Deleted document"),
+                    ("changed_state", "Changed state"),
+                    ("changed_stream", "Changed document stream"),
+                    ("expired_document", "Expired document"),
+                    ("extended_expiry", "Extended expiry of document"),
+                    ("requested_resurrect", "Requested resurrect"),
+                    ("completed_resurrect", "Completed resurrect"),
+                    ("changed_consensus", "Changed consensus"),
+                    ("published_rfc", "Published RFC"),
+                    (
+                        "added_suggested_replaces",
+                        "Added suggested replacement relationships",
+                    ),
+                    (
+                        "reviewed_suggested_replaces",
+                        "Reviewed suggested replacement relationships",
+                    ),
+                    ("changed_action_holders", "Changed action holders for document"),
+                    ("changed_group", "Changed group"),
+                    ("changed_protocol_writeup", "Changed protocol writeup"),
+                    ("changed_charter_milestone", "Changed charter milestone"),
+                    ("initial_review", "Set initial review time"),
+                    ("changed_review_announcement", "Changed WG Review text"),
+                    ("changed_action_announcement", "Changed WG Action text"),
+                    ("started_iesg_process", "Started IESG process on document"),
+                    ("created_ballot", "Created ballot"),
+                    ("closed_ballot", "Closed ballot"),
+                    ("sent_ballot_announcement", "Sent ballot announcement"),
+                    ("changed_ballot_position", "Changed ballot position"),
+                    ("changed_ballot_approval_text", "Changed ballot approval text"),
+                    ("changed_ballot_writeup_text", "Changed ballot writeup text"),
+                    ("changed_rfc_editor_note_text", "Changed RFC Editor Note text"),
+                    ("changed_last_call_text", "Changed last call text"),
+                    ("requested_last_call", "Requested last call"),
+                    ("sent_last_call", "Sent last call"),
+                    ("scheduled_for_telechat", "Scheduled for telechat"),
+                    ("iesg_approved", "IESG approved document (no problem)"),
+                    ("iesg_disapproved", "IESG disapproved document (do not publish)"),
+                    ("approved_in_minute", "Approved in minute"),
+                    ("iana_review", "IANA review comment"),
+                    ("rfc_in_iana_registry", "RFC is in IANA registry"),
+                    (
+                        "rfc_editor_received_announcement",
+                        "Announcement was received by RFC Editor",
+                    ),
+                    ("requested_publication", "Publication at RFC Editor requested"),
+                    (
+                        "sync_from_rfc_editor",
+                        "Received updated information from RFC Editor",
+                    ),
+                    ("changed_rpc_assignments", "Changed RPC queue assignments"),
+                    ("requested_review", "Requested review"),
+                    ("assigned_review_request", "Assigned review request"),
+                    ("closed_review_request", "Closed review request"),
+                    ("closed_review_assignment", "Closed review assignment"),
+                    ("downref_approved", "Downref approved"),
+                    ("posted_related_ipr", "Posted related IPR"),
+                    ("removed_related_ipr", "Removed related IPR"),
+                    (
+                        "removed_objfalse_related_ipr",
+                        "Removed Objectively False related IPR",
+                    ),
+                    ("changed_editors", "Changed BOF Request editors"),
+                    ("published_statement", "Published statement"),
+                    ("approved_slides", "Slides approved"),
+                ],
+                max_length=50,
+            ),
+        ),
+    ]
diff --git a/ietf/doc/migrations/0037_rpcassignmentdocevent.py b/ietf/doc/migrations/0037_rpcassignmentdocevent.py
new file mode 100644
index 0000000000..648376e118
--- /dev/null
+++ b/ietf/doc/migrations/0037_rpcassignmentdocevent.py
@@ -0,0 +1,31 @@
+# Copyright The IETF Trust 2026, All Rights Reserved
+
+from django.db import migrations, models
+import django.db.models.deletion
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ("doc", "0036_alter_docevent_type"),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name="RpcAssignmentDocEvent",
+            fields=[
+                (
+                    "docevent_ptr",
+                    models.OneToOneField(
+                        auto_created=True,
+                        on_delete=django.db.models.deletion.CASCADE,
+                        parent_link=True,
+                        primary_key=True,
+                        serialize=False,
+                        to="doc.docevent",
+                    ),
+                ),
+                ("assignments", models.TextField(blank=True)),
+            ],
+            bases=("doc.docevent",),
+        ),
+    ]
diff --git a/ietf/doc/models.py b/ietf/doc/models.py
index cc28951be0..3685ab6551 100644
--- a/ietf/doc/models.py
+++ b/ietf/doc/models.py
@@ -13,6 +13,7 @@
 from io import BufferedReader
 from pathlib import Path
 
+from django.core.exceptions import ValidationError
 from django.db.models import Q
 from lxml import etree
 from typing import Optional, Protocol, TYPE_CHECKING, Union
@@ -51,6 +52,7 @@
 from ietf.person.utils import get_active_balloters
 from ietf.utils import log
 from ietf.utils.decorators import memoize
+from ietf.utils.text import decode_document_content
 from ietf.utils.validators import validate_no_control_chars
 from ietf.utils.mail import formataddr
 from ietf.utils.models import ForeignKey
@@ -109,6 +111,15 @@ class Meta:
 IESG_STATCHG_CONFLREV_ACTIVE_STATES = ("iesgeval", "defer")
 IESG_SUBSTATE_TAGS = ('ad-f-up', 'need-rev', 'extpty')
 
+
+def validate_doc_keywords(value):
+    if (
+        not isinstance(value, list | tuple | set) 
+        or not all(isinstance(elt, str) for elt in value)
+    ):
+        raise ValidationError("Value must be an array of strings")
+
+
 class DocumentInfo(models.Model):
     """Any kind of document.  Draft, RFC, Charter, IPR Statement, Liaison Statement"""
     time = models.DateTimeField(default=timezone.now) # should probably have auto_now=True
@@ -142,6 +153,18 @@ class DocumentInfo(models.Model):
     uploaded_filename = models.TextField(blank=True)
     note = models.TextField(blank=True)
     rfc_number = models.PositiveIntegerField(blank=True, null=True)  # only valid for type="rfc"
+    keywords = models.JSONField(
+        default=list,
+        max_length=1000,
+        validators=[validate_doc_keywords],
+        blank=True,
+    )
+
+    @property
+    def doi(self) -> str | None:
+        if self.type_id == "rfc" and self.rfc_number is not None:
+            return f"{settings.IETF_DOI_PREFIX}/RFC{self.rfc_number}"
+        return None
 
     def file_extension(self):
         if not hasattr(self, '_cached_extension'):
@@ -466,11 +489,12 @@ def author_persons(self):
 
     def author_list(self):
         """List of author emails"""
-        author_qs = (
-            self.rfcauthor_set
-            if self.type_id == "rfc" and self.rfcauthor_set.exists()
-            else self.documentauthor_set
-        ).select_related("email").order_by("order")
+        if self.type_id == "rfc" and self.rfcauthor_set.exists():
+            author_qs = self.rfcauthor_set.select_related("person").order_by("order")
+        else:
+            author_qs = self.documentauthor_set.select_related("email").order_by(
+                "order"
+            )
         best_addresses = []
         for author in author_qs:
             if author.email:
@@ -618,19 +642,7 @@ def text(self, size = -1):
         except IOError as e:
             log.log(f"Error reading text for {path}: {e}")
             return None
-        text = None
-        try:
-            text = raw.decode('utf-8')
-        except UnicodeDecodeError:
-            for back in range(1,4):
-                try:
-                    text = raw[:-back].decode('utf-8')
-                    break
-                except UnicodeDecodeError:
-                    pass
-            if text is None:
-                text = raw.decode('latin-1')
-        return text
+        return decode_document_content(raw)
 
     def text_or_error(self):
         return self.text() or "Error; cannot read '%s'"%self.get_base_name()
@@ -953,6 +965,11 @@ class Meta:
     @property
     def email(self) -> Email | None:
         return self.person.email() if self.person else None
+    
+    def format_for_titlepage(self):
+        if self.is_editor:
+            return f"{self.titlepage_name}, Ed."
+        return self.titlepage_name
 
 
 class DocumentAuthorInfo(models.Model):
@@ -1147,6 +1164,22 @@ def request_closed_time(self, review_req):
         e = self.latest_event(ReviewRequestDocEvent, type="closed_review_request", review_request=review_req)
         return e.time if e and e.time else None
 
+    @property
+    def area(self) -> Group | None:
+        """Get area for document, if one exists
+        
+        None for non-IETF-stream documents. N.b., this is stricter than Group.area() and
+        uses different logic from Document.area_acronym().
+        """
+        if self.stream_id != "ietf":
+            return None
+        if self.group is None:
+            return None
+        parent = self.group.parent
+        if parent.type_id == "area":
+            return parent
+        return None
+
     def area_acronym(self):
         g = self.group
         if g:
@@ -1242,11 +1275,8 @@ def submission(self):
         s = s.first()
         return s
 
-    def pub_date(self):
-        """Get the publication date for this document
-
-        This is the rfc publication date for RFCs, and the new-revision date for other documents.
-        """
+    def pub_datetime(self):
+        """Get the publication datetime of this document"""
         if self.type_id == "rfc":
             # As of Sept 2022, in ietf.sync.rfceditor.update_docs_from_rfc_index() `published_rfc` events are
             # created with a timestamp whose date *in the PST8PDT timezone* is the official publication date
@@ -1254,7 +1284,15 @@ def pub_date(self):
             event = self.latest_event(type='published_rfc')
         else:
             event = self.latest_event(type='new_revision')
-        return event.time.astimezone(RPC_TZINFO).date() if event else None
+        return event.time.astimezone(RPC_TZINFO) if event else None
+
+    def pub_date(self):
+        """Get the publication date for this document
+
+        This is the rfc publication date for RFCs, and the new-revision date for other documents.
+        """
+        pub_datetime = self.pub_datetime()
+        return None if pub_datetime is None else pub_datetime.date()
 
     def is_dochistory(self):
         return False
@@ -1508,6 +1546,7 @@ class DocReminder(models.Model):
     ("rfc_editor_received_announcement", "Announcement was received by RFC Editor"),
     ("requested_publication", "Publication at RFC Editor requested"),
     ("sync_from_rfc_editor", "Received updated information from RFC Editor"),
+    ("changed_rpc_assignments", "Changed RPC queue assignments"),
 
     # review
     ("requested_review", "Requested review"),
@@ -1573,6 +1612,9 @@ class StateDocEvent(DocEvent):
 class ConsensusDocEvent(DocEvent):
     consensus = models.BooleanField(null=True, default=None)
 
+class RpcAssignmentDocEvent(DocEvent):
+    assignments = models.TextField(blank=True)
+
 # IESG events
 class BallotType(models.Model):
     doc_type = ForeignKey(DocTypeName, blank=True, null=True)
diff --git a/ietf/doc/resources.py b/ietf/doc/resources.py
index 556465a522..9da7cb57d8 100644
--- a/ietf/doc/resources.py
+++ b/ietf/doc/resources.py
@@ -19,7 +19,7 @@
     ReviewRequestDocEvent, ReviewAssignmentDocEvent, EditedAuthorsDocEvent, DocumentURL,
     IanaExpertDocEvent, IRSGBallotDocEvent, DocExtResource, DocumentActionHolder,
     BofreqEditorDocEvent, BofreqResponsibleDocEvent, StoredObject, RfcAuthor,
-    EditedRfcAuthorsDocEvent)
+    EditedRfcAuthorsDocEvent, RpcAssignmentDocEvent)
 
 from ietf.name.resources import BallotPositionNameResource, DocTypeNameResource
 class BallotTypeResource(ModelResource):
@@ -897,7 +897,7 @@ class Meta:
 class RfcAuthorResource(ModelResource):
     document         = ToOneField(DocumentResource, 'document')
     person           = ToOneField(PersonResource, 'person', null=True)
-    email            = ToOneField(EmailResource, 'email', null=True)
+    email            = ToOneField(EmailResource, 'email', null=True, readonly=True)
     class Meta:
         queryset = RfcAuthor.objects.all()
         serializer = api.Serializer()
@@ -916,3 +916,28 @@ class Meta:
             "email": ALL_WITH_RELATIONS,
         }
 api.doc.register(RfcAuthorResource())
+
+
+from ietf.person.resources import PersonResource
+class RpcAssignmentDocEventResource(ModelResource):
+    by               = ToOneField(PersonResource, 'by')
+    doc              = ToOneField(DocumentResource, 'doc')
+    docevent_ptr     = ToOneField(DocEventResource, 'docevent_ptr')
+    class Meta:
+        queryset = RpcAssignmentDocEvent.objects.all()
+        serializer = api.Serializer()
+        cache = SimpleCache()
+        #resource_name = 'rpcassignmentdocevent'
+        ordering = ['docevent_ptr', ]
+        filtering = { 
+            "id": ALL,
+            "time": ALL,
+            "type": ALL,
+            "rev": ALL,
+            "desc": ALL,
+            "assignments": ALL,
+            "by": ALL_WITH_RELATIONS,
+            "doc": ALL_WITH_RELATIONS,
+            "docevent_ptr": ALL_WITH_RELATIONS,
+        }
+api.doc.register(RpcAssignmentDocEventResource())
diff --git a/ietf/doc/serializers.py b/ietf/doc/serializers.py
index a7ea640be8..3651670962 100644
--- a/ietf/doc/serializers.py
+++ b/ietf/doc/serializers.py
@@ -230,7 +230,7 @@ class RfcMetadataSerializer(serializers.ModelSerializer):
     status = RfcStatusSerializer(source="*")
     authors = serializers.SerializerMethodField()
     group = GroupSerializer()
-    area = serializers.SerializerMethodField()
+    area = AreaSerializer(read_only=True)
     stream = StreamNameSerializer()
     ad = AreaDirectorSerializer(read_only=True, allow_null=True)
     group_list_email = serializers.EmailField(source="group.list_email", read_only=True)
@@ -288,29 +288,12 @@ def get_authors(self, doc: Document):
             many=True,
         ).data
 
-    @extend_schema_field(AreaSerializer(required=False))
-    def get_area(self, doc: Document):
-        """Get area for the RFC
-        
-        This logic might be better moved to Document or a combination of Document
-        and Group. The current (2026-02-24) Group.area() method is not strict enough:
-        it does not limit to WG groups or IETF-stream documents.
-        """
-        if doc.stream_id != "ietf":
-            return None
-        if doc.group is None:
-            return None
-        parent = doc.group.parent
-        if parent.type_id == "area":
-            return AreaSerializer(parent).data
-        return None
-
     @extend_schema_field(DocIdentifierSerializer(many=True))
     def get_identifiers(self, doc: Document):
         identifiers = []
-        if doc.rfc_number:
+        if doc.doi:
             identifiers.append(
-                DocIdentifier(type="doi", value=f"10.17487/RFC{doc.rfc_number:04d}")
+                DocIdentifier(type="doi", value=doc.doi)
             )
         return DocIdentifierSerializer(instance=identifiers, many=True).data
 
diff --git a/ietf/doc/storage.py b/ietf/doc/storage.py
index 375620ccaf..ee1e76c4fa 100644
--- a/ietf/doc/storage.py
+++ b/ietf/doc/storage.py
@@ -114,7 +114,6 @@ def _get_write_parameters(self, name, content=None):
 
 
 class StoredObjectBlobdbStorage(BlobdbStorage):
-    ietf_log_blob_timing = True
     warn_if_missing = True  # TODO-BLOBSTORE make this configurable (or remove it)
 
     def _save_stored_object(self, name, content) -> StoredObject:
diff --git a/ietf/doc/storage_utils.py b/ietf/doc/storage_utils.py
index 81588c83ec..c7cc6989cd 100644
--- a/ietf/doc/storage_utils.py
+++ b/ietf/doc/storage_utils.py
@@ -10,6 +10,7 @@
 from django.core.files.storage import storages, Storage
 
 from ietf.utils.log import log
+from ietf.utils.text import decode_document_content
 
 
 class StorageUtilsError(Exception):
@@ -164,34 +165,39 @@ def store_str(
 
 def retrieve_bytes(kind: str, name: str) -> bytes:
     from ietf.doc.storage import maybe_log_timing
-    content = b""
-    if settings.ENABLE_BLOBSTORAGE:
-        try:
-            store = _get_storage(kind)
-            with store.open(name) as f:
-                with maybe_log_timing(
-                    hasattr(store, "ietf_log_blob_timing") and store.ietf_log_blob_timing,
-                    "read",
-                    bucket_name=store.bucket_name if hasattr(store, "bucket_name") else "",
-                    name=name,
-                ):
-                    content = f.read()
-        except Exception as err:
-            log(f"Blobstore Error: Failed to read bytes from {kind}:{name}: {repr(err)}")
-            if settings.SERVER_MODE == "development":
-                raise
+    if not settings.ENABLE_BLOBSTORAGE:
+        return b""
+    try:
+        store = _get_storage(kind)
+        with store.open(name) as f:
+            with maybe_log_timing(
+                hasattr(store, "ietf_log_blob_timing") and store.ietf_log_blob_timing,
+                "read",
+                bucket_name=store.bucket_name if hasattr(store, "bucket_name") else "",
+                name=name,
+            ):
+                content = f.read()
+    except Exception as err:
+        log(f"Blobstore Error: Failed to read bytes from {kind}:{name}: {repr(err)}")
+        raise
     return content
 
 
 def retrieve_str(kind: str, name: str) -> str:
-    content = ""
-    if settings.ENABLE_BLOBSTORAGE:
-        try:
-            content_bytes = retrieve_bytes(kind, name)
-            # TODO-BLOBSTORE: try to decode all the different ways doc.text() does
-            content = content_bytes.decode("utf-8")
-        except Exception as err:
-            log(f"Blobstore Error: Failed to read string from {kind}:{name}: {repr(err)}")
-            if settings.SERVER_MODE == "development":
-                raise
+    if not settings.ENABLE_BLOBSTORAGE:
+        return ""
+    try:
+        content = decode_document_content(retrieve_bytes(kind, name))
+    except Exception as err:
+        log(f"Blobstore Error: Failed to read string from {kind}:{name}: {repr(err)}")
+        raise
     return content
+
+
+def force_replication(kind: str, name: str):
+    if not settings.ENABLE_BLOBSTORAGE:
+        return
+    storage = _get_storage(kind)
+    from ietf.blobdb.storage import BlobdbStorage
+    if isinstance(storage, BlobdbStorage):
+        storage.force_replication(name)
diff --git a/ietf/doc/tasks.py b/ietf/doc/tasks.py
index 90f4c80af5..37c235b911 100644
--- a/ietf/doc/tasks.py
+++ b/ietf/doc/tasks.py
@@ -3,15 +3,19 @@
 # Celery task definitions
 #
 import datetime
+
 import debug  # pyflakes:ignore
 
 from celery import shared_task
+from celery.exceptions import MaxRetriesExceededError
 from pathlib import Path
 
 from django.conf import settings
 from django.utils import timezone
 
-from ietf.utils import log
+from ietf.doc.utils_r2 import rfcs_are_in_r2
+from ietf.doc.utils_red import trigger_red_precomputer
+from ietf.utils import log, searchindex
 from ietf.utils.timezone import datetime_today
 
 from .expire import (
@@ -77,17 +81,19 @@ def expire_last_calls_task():
         try:
             expire_last_call(doc)
         except Exception:
-            log.log(f"ERROR: Failed to expire last call for {doc.file_tag()} (id={doc.pk})")
+            log.log(
+                f"ERROR: Failed to expire last call for {doc.file_tag()} (id={doc.pk})"
+            )
         else:
             log.log(f"Expired last call for {doc.file_tag()} (id={doc.pk})")
 
 
-@shared_task            
+@shared_task
 def generate_idnits2_rfc_status_task():
     outpath = Path(settings.DERIVED_DIR) / "idnits2-rfc-status"
     blob = generate_idnits2_rfc_status()
     try:
-        outpath.write_text(blob, encoding="utf8") # TODO-BLOBSTORE
+        outpath.write_text(blob, encoding="utf8")  # TODO-BLOBSTORE
     except Exception as e:
         log.log(f"failed to write idnits2-rfc-status: {e}")
 
@@ -97,7 +103,7 @@ def generate_idnits2_rfcs_obsoleted_task():
     outpath = Path(settings.DERIVED_DIR) / "idnits2-rfcs-obsoleted"
     blob = generate_idnits2_rfcs_obsoleted()
     try:
-        outpath.write_text(blob, encoding="utf8") # TODO-BLOBSTORE
+        outpath.write_text(blob, encoding="utf8")  # TODO-BLOBSTORE
     except Exception as e:
         log.log(f"failed to write idnits2-rfcs-obsoleted: {e}")
 
@@ -105,7 +111,7 @@ def generate_idnits2_rfcs_obsoleted_task():
 @shared_task
 def generate_draft_bibxml_files_task(days=7, process_all=False):
     """Generate bibxml files for recently updated docs
-    
+
     If process_all is False (the default), processes only docs with new revisions
     in the last specified number of days.
     """
@@ -117,7 +123,9 @@ def generate_draft_bibxml_files_task(days=7, process_all=False):
         doc__type_id="draft",
     ).order_by("time")
     if not process_all:
-        doc_events = doc_events.filter(time__gte=timezone.now() - datetime.timedelta(days=days))
+        doc_events = doc_events.filter(
+            time__gte=timezone.now() - datetime.timedelta(days=days)
+        )
     for event in doc_events:
         try:
             update_or_create_draft_bibxml_file(event.doc, event.rev)
@@ -132,6 +140,7 @@ def investigate_fragment_task(name_fragment: str):
         "results": investigate_fragment(name_fragment),
     }
 
+
 @shared_task
 def rebuild_reference_relations_task(doc_names: list[str]):
     log.log(f"Task: Rebuilding reference relations for {doc_names}")
@@ -157,6 +166,61 @@ def rebuild_reference_relations_task(doc_names: list[str]):
 def fixup_bofreq_timestamps_task():  # pragma: nocover
     fixup_bofreq_timestamps()
 
+
 @shared_task
 def signal_update_rfc_metadata_task(rfc_number_list=()):
     signal_update_rfc_metadata(rfc_number_list)
+
+
+@shared_task(bind=True)
+def trigger_red_precomputer_task(self, rfc_number_list=()):
+    if not rfcs_are_in_r2(rfc_number_list):
+        log.log(f"Objects are not yet in R2 for RFCs {rfc_number_list}")
+        try:
+            countdown = getattr(settings, "RED_PRECOMPUTER_TRIGGER_RETRY_DELAY", 10)
+            max_retries = getattr(settings, "RED_PRECOMPUTER_TRIGGER_MAX_RETRIES", 12)
+            self.retry(countdown=countdown, max_retries=max_retries)
+        except MaxRetriesExceededError:
+            log.log(f"Gave up waiting for objects in R2 for RFCs {rfc_number_list}")
+    else:
+        trigger_red_precomputer(rfc_number_list)
+
+
+@shared_task(bind=True)
+def update_rfc_searchindex_task(self, rfc_number: int):
+    """Update the search index for one RFC"""
+    if not searchindex.enabled():
+        log.log("Search indexing is not enabled, skipping")
+        return
+
+    rfc = Document.objects.filter(type_id="rfc", rfc_number=rfc_number).first()
+    if rfc is None:
+        log.log(
+            f"ERROR: Document for rfc{rfc_number} not found, not updating search index"
+        )
+        return
+    try:
+        searchindex.update_or_create_rfc_entry(rfc)
+    except Exception as err:
+        log.log(f"Search index update for {rfc.name} failed ({err})")
+        if isinstance(err, searchindex.RETRYABLE_ERROR_CLASSES):
+            searchindex_settings = searchindex.get_settings()
+            self.retry(
+                countdown=searchindex_settings["TASK_RETRY_DELAY"],
+                max_retries=searchindex_settings["TASK_MAX_RETRIES"],
+            )
+
+
+@shared_task
+def rebuild_searchindex_task(
+    *, batchsize=40, drop_collection=False, upsert_presets=True
+):
+    if drop_collection:
+        searchindex.delete_collection()
+        searchindex.create_collection()
+    if upsert_presets:
+        searchindex.upsert_presets()  # ok if they already exist
+    searchindex.update_or_create_rfc_entries(
+        Document.objects.filter(type_id="rfc").order_by("-rfc_number"),
+        batchsize=batchsize,
+    )
diff --git a/ietf/doc/tests.py b/ietf/doc/tests.py
index f92c9648e6..ff4461d466 100644
--- a/ietf/doc/tests.py
+++ b/ietf/doc/tests.py
@@ -1023,6 +1023,34 @@ def test_edit_authors_permissions(self):
         draft = Document.objects.get(pk=draft.pk)
         self.assertEqual(draft.author_persons(), orig_authors + [new_auth_person])
 
+    def test_edit_authors_blocked_when_rfcauthors_exist(self):
+        """edit_authors returns 403 for all users when RfcAuthors exist"""
+        rfc = WgRfcFactory()
+        RfcAuthorFactory(document=rfc)
+        url = urlreverse('ietf.doc.views_doc.edit_authors', kwargs=dict(name=rfc.name))
+
+        self.client.login(username='secretary', password='secretary+password')
+        r = self.client.get(url)
+        self.assertEqual(r.status_code, 403)
+        r = self.client.post(url, {})
+        self.assertEqual(r.status_code, 403)
+
+    def test_document_main_hides_edit_authors_when_rfcauthors_exist(self):
+        """document_main does not offer edit link for authors when RfcAuthors exist"""
+        rfc = WgRfcFactory()
+        edit_authors_url = urlreverse('ietf.doc.views_doc.edit_authors', kwargs=dict(name=rfc.name))
+
+        self.client.login(username='secretary', password='secretary+password')
+
+        r = self.client.get(urlreverse('ietf.doc.views_doc.document_main', kwargs=dict(name=rfc.name)))
+        self.assertEqual(r.status_code, 200)
+        self.assertContains(r, edit_authors_url)
+
+        RfcAuthorFactory(document=rfc)
+        r = self.client.get(urlreverse('ietf.doc.views_doc.document_main', kwargs=dict(name=rfc.name)))
+        self.assertEqual(r.status_code, 200)
+        self.assertNotContains(r, edit_authors_url)
+
     def make_edit_authors_post_data(self, basis, authors):
         """Helper to generate edit_authors POST data for a set of authors"""
         def _add_prefix(s):
@@ -2065,9 +2093,9 @@ def test_rfc_feed(self):
         self.assertEqual(len(q("item")), 3)
         item = q("item")[0]
         media_content = item.findall("{http://search.yahoo.com/mrss/}content")
-        self.assertEqual(len(media_content), 3)
+        self.assertEqual(len(media_content), 2)
         types = set([m.attrib["type"] for m in media_content])
-        self.assertEqual(types, set(["text/plain", "text/html", "application/pdf"]))
+        self.assertEqual(types, set(["text/plain", "text/html"]))
 
     def test_state_help(self):
         url = urlreverse('ietf.doc.views_help.state_help', kwargs=dict(type="draft-iesg"))
diff --git a/ietf/doc/tests_ballot.py b/ietf/doc/tests_ballot.py
index 8420e411e2..517a2ce056 100644
--- a/ietf/doc/tests_ballot.py
+++ b/ietf/doc/tests_ballot.py
@@ -3,7 +3,6 @@
 
 
 import datetime
-from unittest import mock
 
 from pyquery import PyQuery
 
@@ -716,11 +715,8 @@ def verify_can_see(username, url):
             verify_can_see(username, url)
 
 class ApproveBallotTests(TestCase):
-    @mock.patch('ietf.sync.rfceditor.requests.post', autospec=True)
-    def test_approve_ballot(self, mock_urlopen):
-        mock_urlopen.return_value.text = b'OK'
-        mock_urlopen.return_value.status_code = 200
-        #
+    def test_approve_ballot(self):
+
         ad = Person.objects.get(name="Areað Irector")
         draft = IndividualDraftFactory(ad=ad, intended_std_level_id='ps')
         draft.set_state(State.objects.get(used=True, type="draft-iesg", slug="iesg-eva")) # make sure it's approvable
diff --git a/ietf/doc/tests_draft.py b/ietf/doc/tests_draft.py
index 21a873c5c0..db9dbc2baf 100644
--- a/ietf/doc/tests_draft.py
+++ b/ietf/doc/tests_draft.py
@@ -6,7 +6,6 @@
 import os
 import datetime
 import io
-from unittest import mock
 
 from collections import Counter
 from pathlib import Path
@@ -1549,11 +1548,8 @@ def test_confirm_submission_no_doc_ad(self):
 
 
 class RequestPublicationTests(TestCase):
-    @mock.patch('ietf.sync.rfceditor.requests.post', autospec=True)
-    def test_request_publication(self, mockobj):
-        mockobj.return_value.text = b'OK'
-        mockobj.return_value.status_code = 200
-        #
+    def test_request_publication(self):
+
         draft = IndividualDraftFactory(stream_id='iab',group__acronym='iab',intended_std_level_id='inf',states=[('draft-stream-iab','approved')])
 
         url = urlreverse('ietf.doc.views_draft.request_publication', kwargs=dict(name=draft.name))
diff --git a/ietf/doc/tests_notprepped.py b/ietf/doc/tests_notprepped.py
new file mode 100644
index 0000000000..f417aa7931
--- /dev/null
+++ b/ietf/doc/tests_notprepped.py
@@ -0,0 +1,122 @@
+# Copyright The IETF Trust 2026, All Rights Reserved
+
+from django.conf import settings
+from django.utils import timezone
+from django.urls import reverse as urlreverse
+
+from pyquery import PyQuery
+
+from ietf.doc.factories import WgRfcFactory
+from ietf.doc.models import StoredObject
+from ietf.doc.storage_utils import store_bytes
+from ietf.utils.test_utils import TestCase
+
+
+class NotpreppedRfcXmlTests(TestCase):
+    def test_editor_source_button_visibility(self):
+        pre_v3 = WgRfcFactory(rfc_number=settings.FIRST_V3_RFC - 1)
+        first_v3 = WgRfcFactory(rfc_number=settings.FIRST_V3_RFC)
+        post_v3 = WgRfcFactory(rfc_number=settings.FIRST_V3_RFC + 1)
+
+        for rfc, expect_button in [(pre_v3, False), (first_v3, True), (post_v3, True)]:
+            r = self.client.get(
+                urlreverse(
+                    "ietf.doc.views_doc.document_main", kwargs=dict(name=rfc.name)
+                )
+            )
+            self.assertEqual(r.status_code, 200)
+            buttons = PyQuery(r.content)('a.btn:contains("Get editor source")')
+            if expect_button:
+                self.assertEqual(len(buttons), 1, msg=f"rfc_number={rfc.rfc_number}")
+                expected_href = urlreverse(
+                    "ietf.doc.views_doc.rfcxml_notprepped_wrapper",
+                    kwargs=dict(number=rfc.rfc_number),
+                )
+                self.assertEqual(
+                    buttons.attr("href"),
+                    expected_href,
+                    msg=f"rfc_number={rfc.rfc_number}",
+                )
+            else:
+                self.assertEqual(len(buttons), 0, msg=f"rfc_number={rfc.rfc_number}")
+
+    def test_rfcxml_notprepped(self):
+        number = settings.FIRST_V3_RFC
+        stored_name = f"notprepped/rfc{number}.notprepped.xml"
+        url = f"/doc/rfc{number}/notprepped/"
+
+        # 404 for pre-v3 RFC numbers (no document needed)
+        r = self.client.get(f"/doc/rfc{number - 1}/notprepped/")
+        self.assertEqual(r.status_code, 404)
+
+        # 404 when no RFC document exists in the database
+        r = self.client.get(url)
+        self.assertEqual(r.status_code, 404)
+
+        # 404 when RFC document exists but has no StoredObject
+        WgRfcFactory(rfc_number=number)
+        r = self.client.get(url)
+        self.assertEqual(r.status_code, 404)
+
+        # 404 when StoredObject exists but backing storage is missing (FileNotFoundError)
+        now = timezone.now()
+        StoredObject.objects.create(
+            store="rfc",
+            name=stored_name,
+            sha384="a" * 96,
+            len=0,
+            store_created=now,
+            created=now,
+            modified=now,
+        )
+        r = self.client.get(url)
+        self.assertEqual(r.status_code, 404)
+
+        # 200 with correct content-type, attachment disposition, and body when object is fully stored
+        xml_content = b"<rfc>test</rfc>"
+        store_bytes("rfc", stored_name, xml_content, allow_overwrite=True)
+        r = self.client.get(url)
+        self.assertEqual(r.status_code, 200)
+        self.assertEqual(r["Content-Type"], "application/xml")
+        self.assertEqual(
+            r["Content-Disposition"],
+            f'attachment; filename="rfc{number}.notprepped.xml"',
+        )
+        self.assertEqual(b"".join(r.streaming_content), xml_content)
+
+    def test_rfcxml_notprepped_wrapper(self):
+        number = settings.FIRST_V3_RFC
+
+        # 404 for pre-v3 RFC numbers (no document needed)
+        r = self.client.get(
+            urlreverse(
+                "ietf.doc.views_doc.rfcxml_notprepped_wrapper",
+                kwargs=dict(number=number - 1),
+            )
+        )
+        self.assertEqual(r.status_code, 404)
+
+        # 404 when no RFC document exists in the database
+        r = self.client.get(
+            urlreverse(
+                "ietf.doc.views_doc.rfcxml_notprepped_wrapper",
+                kwargs=dict(number=number),
+            )
+        )
+        self.assertEqual(r.status_code, 404)
+
+        # 200 with rendered template when RFC document exists
+        rfc = WgRfcFactory(rfc_number=number)
+        r = self.client.get(
+            urlreverse(
+                "ietf.doc.views_doc.rfcxml_notprepped_wrapper",
+                kwargs=dict(number=number),
+            )
+        )
+        self.assertEqual(r.status_code, 200)
+        q = PyQuery(r.content)
+        self.assertIn(str(rfc.rfc_number), q("h1").text())
+        download_url = urlreverse(
+            "ietf.doc.views_doc.rfcxml_notprepped", kwargs=dict(number=number)
+        )
+        self.assertEqual(len(q(f'a.btn[href="{download_url}"]')), 1)
diff --git a/ietf/doc/tests_tasks.py b/ietf/doc/tests_tasks.py
index 29689cd596..48db95d047 100644
--- a/ietf/doc/tests_tasks.py
+++ b/ietf/doc/tests_tasks.py
@@ -1,18 +1,20 @@
-# Copyright The IETF Trust 2024, All Rights Reserved
+# Copyright The IETF Trust 2024-2026, All Rights Reserved
 
-import debug    # pyflakes:ignore
 import datetime
 from unittest import mock
 
 from pathlib import Path
 
+from celery.exceptions import Retry
 from django.conf import settings
+from django.test.utils import override_settings
 from django.utils import timezone
+from typesense import exceptions as typesense_exceptions
 
 from ietf.utils.test_utils import TestCase
 from ietf.utils.timezone import datetime_today
 
-from .factories import DocumentFactory, NewRevisionDocEventFactory
+from .factories import DocumentFactory, NewRevisionDocEventFactory, WgRfcFactory
 from .models import Document, NewRevisionDocEvent
 from .tasks import (
     expire_ids_task,
@@ -22,8 +24,11 @@
     generate_idnits2_rfc_status_task,
     investigate_fragment_task,
     notify_expirations_task,
+    rebuild_searchindex_task,
+    update_rfc_searchindex_task,
 )
 
+
 class TaskTests(TestCase):
     @mock.patch("ietf.doc.tasks.in_draft_expire_freeze")
     @mock.patch("ietf.doc.tasks.get_expired_drafts")
@@ -87,7 +92,7 @@ def test_expire_last_calls_task(self, mock_get_expired, mock_expire):
         self.assertEqual(mock_expire.call_args_list[0], mock.call(docs[0]))
         self.assertEqual(mock_expire.call_args_list[1], mock.call(docs[1]))
         self.assertEqual(mock_expire.call_args_list[2], mock.call(docs[2]))
-    
+
         # Check that it runs even if exceptions occur
         mock_get_expired.reset_mock()
         mock_expire.reset_mock()
@@ -111,9 +116,92 @@ def test_investigate_fragment_task(self):
             retval, {"name_fragment": "some fragment", "results": investigation_results}
         )
 
+    @mock.patch("ietf.doc.tasks.searchindex.update_or_create_rfc_entry")
+    @mock.patch("ietf.doc.tasks.searchindex.enabled")
+    def test_update_rfc_searchindex_task(
+        self, mock_searchindex_enabled, mock_create_entry
+    ):
+        mock_searchindex_enabled.return_value = False
+
+        self.assertFalse(Document.objects.filter(rfc_number=5073).exists())
+        rfc = WgRfcFactory()
+        update_rfc_searchindex_task(rfc_number=5073)
+        self.assertFalse(mock_create_entry.called)
+        update_rfc_searchindex_task(rfc_number=rfc.rfc_number)
+        self.assertFalse(mock_create_entry.called)
+
+        mock_searchindex_enabled.return_value = True
+        update_rfc_searchindex_task(rfc_number=5073)
+        self.assertFalse(mock_create_entry.called)
+        update_rfc_searchindex_task(rfc_number=rfc.rfc_number)
+        self.assertTrue(mock_create_entry.called)
+
+        with override_settings(SEARCHINDEX_CONFIG={"TASK_MAX_RETRIES": 0}):
+            # Try a non-retryable error (there are others)
+            mock_create_entry.side_effect = typesense_exceptions.RequestMalformed
+            update_rfc_searchindex_task(rfc_number=rfc.rfc_number)  # no retry
+            # Now what should be a retryable error
+            mock_create_entry.side_effect = typesense_exceptions.Timeout
+            with self.assertRaises(Retry):
+                update_rfc_searchindex_task(rfc_number=rfc.rfc_number)
+
+    @mock.patch("ietf.doc.tasks.searchindex.update_or_create_rfc_entries")
+    @mock.patch("ietf.doc.tasks.searchindex.upsert_presets")
+    @mock.patch("ietf.doc.tasks.searchindex.create_collection")
+    @mock.patch("ietf.doc.tasks.searchindex.delete_collection")
+    def test_rebuild_searchindex_task(
+        self, mock_delete, mock_create, mock_presets, mock_update
+    ):
+        rfcs = WgRfcFactory.create_batch(10)
+        rebuild_searchindex_task()
+        self.assertFalse(mock_delete.called)
+        self.assertFalse(mock_create.called)
+        self.assertTrue(mock_presets.called)
+        self.assertTrue(mock_update.called)
+        self.assertQuerysetEqual(
+            mock_update.call_args.args[0],
+            sorted(rfcs, key=lambda doc: -doc.rfc_number),
+            ordered=True,
+        )
+
+        mock_delete.reset_mock()
+        mock_create.reset_mock()
+        mock_presets.reset_mock()
+        mock_update.reset_mock()
+        rebuild_searchindex_task(drop_collection=True)
+        self.assertTrue(mock_delete.called)
+        self.assertTrue(mock_create.called)
+        self.assertTrue(mock_presets.called)
+        self.assertTrue(mock_update.called)
+        self.assertQuerysetEqual(
+            mock_update.call_args.args[0],
+            sorted(rfcs, key=lambda doc: -doc.rfc_number),
+            ordered=True,
+        )
+
+        mock_delete.reset_mock()
+        mock_create.reset_mock()
+        mock_presets.reset_mock()
+        mock_update.reset_mock()
+        rebuild_searchindex_task(
+            drop_collection=True, batchsize=3, upsert_presets=False
+        )
+        self.assertTrue(mock_delete.called)
+        self.assertTrue(mock_create.called)
+        self.assertFalse(mock_presets.called)
+        self.assertTrue(mock_update.called)
+        self.assertQuerysetEqual(
+            mock_update.call_args.args[0],
+            sorted(rfcs, key=lambda doc: -doc.rfc_number),
+            ordered=True,
+        )
+        self.assertEqual(mock_update.call_args.kwargs["batchsize"], 3)
+
 
 class Idnits2SupportTests(TestCase):
-    settings_temp_path_overrides = TestCase.settings_temp_path_overrides + ['DERIVED_DIR']
+    settings_temp_path_overrides = TestCase.settings_temp_path_overrides + [
+        "DERIVED_DIR"
+    ]
 
     @mock.patch("ietf.doc.tasks.generate_idnits2_rfcs_obsoleted")
     def test_generate_idnits2_rfcs_obsoleted_task(self, mock_generate):
@@ -151,7 +239,9 @@ def setUp(self):
         )
         # a couple that should always be ignored
         NewRevisionDocEventFactory(
-            time=now - datetime.timedelta(days=6), rev="09", doc__type_id="rfc"  # not a draft
+            time=now - datetime.timedelta(days=6),
+            rev="09",
+            doc__type_id="rfc",  # not a draft
         )
         NewRevisionDocEventFactory(
             type="changed_document",  # not a "new_revision" type
@@ -164,7 +254,9 @@ def setUp(self):
 
     @mock.patch("ietf.doc.tasks.ensure_draft_bibxml_path_exists")
     @mock.patch("ietf.doc.tasks.update_or_create_draft_bibxml_file")
-    def test_generate_bibxml_files_for_all_drafts_task(self, mock_create, mock_ensure_path):
+    def test_generate_bibxml_files_for_all_drafts_task(
+        self, mock_create, mock_ensure_path
+    ):
         generate_draft_bibxml_files_task(process_all=True)
         self.assertTrue(mock_ensure_path.called)
         self.assertCountEqual(
@@ -193,12 +285,15 @@ def test_generate_bibxml_files_for_all_drafts_task(self, mock_create, mock_ensur
 
     @mock.patch("ietf.doc.tasks.ensure_draft_bibxml_path_exists")
     @mock.patch("ietf.doc.tasks.update_or_create_draft_bibxml_file")
-    def test_generate_bibxml_files_for_recent_drafts_task(self, mock_create, mock_ensure_path):
+    def test_generate_bibxml_files_for_recent_drafts_task(
+        self, mock_create, mock_ensure_path
+    ):
         # default args - look back 7 days
         generate_draft_bibxml_files_task()
         self.assertTrue(mock_ensure_path.called)
         self.assertCountEqual(
-            mock_create.call_args_list, [mock.call(self.young_event.doc, self.young_event.rev)]
+            mock_create.call_args_list,
+            [mock.call(self.young_event.doc, self.young_event.rev)],
         )
         mock_create.reset_mock()
         mock_ensure_path.reset_mock()
@@ -223,7 +318,9 @@ def test_generate_bibxml_files_for_recent_drafts_task(self, mock_create, mock_en
 
     @mock.patch("ietf.doc.tasks.ensure_draft_bibxml_path_exists")
     @mock.patch("ietf.doc.tasks.update_or_create_draft_bibxml_file")
-    def test_generate_bibxml_files_for_recent_drafts_task_with_bad_value(self, mock_create, mock_ensure_path):
+    def test_generate_bibxml_files_for_recent_drafts_task_with_bad_value(
+        self, mock_create, mock_ensure_path
+    ):
         with self.assertRaises(ValueError):
             generate_draft_bibxml_files_task(days=0)
         self.assertFalse(mock_create.called)
diff --git a/ietf/doc/tests_utils.py b/ietf/doc/tests_utils.py
index a2784bc85e..ba672cd847 100644
--- a/ietf/doc/tests_utils.py
+++ b/ietf/doc/tests_utils.py
@@ -1,15 +1,23 @@
 # Copyright The IETF Trust 2020, All Rights Reserved
 import datetime
+from io import BytesIO
+
+import mock
 import debug  # pyflakes:ignore
+import requests
 
 from pathlib import Path
 from unittest.mock import call, patch
 
 from django.conf import settings
+from django.core.files.storage import storages
 from django.db import IntegrityError
 from django.test.utils import override_settings
 from django.utils import timezone
 
+
+from ietf.doc.utils_r2 import rfcs_are_in_r2
+from ietf.doc.utils_red import trigger_red_precomputer
 from ietf.group.factories import GroupFactory, RoleFactory
 from ietf.name.models import DocTagName
 from ietf.person.factories import PersonFactory
@@ -17,11 +25,12 @@
 from ietf.utils.test_utils import TestCase, name_of_file_containing, reload_db_objects
 from ietf.person.models import Person
 from ietf.doc.factories import DocumentFactory, WgRfcFactory, WgDraftFactory
-from ietf.doc.models import State, DocumentActionHolder, DocumentAuthor
+from ietf.doc.models import State, DocumentActionHolder, DocumentAuthor, StoredObject
 from ietf.doc.utils import (update_action_holders, add_state_change_event, update_documentauthors,
                             fuzzy_find_documents, rebuild_reference_relations, build_file_urls,
                             ensure_draft_bibxml_path_exists, update_or_create_draft_bibxml_file,
                             last_ballot_doc_revision)
+from ietf.doc.storage_utils import store_str
 from ietf.utils.draft import Draft, PlaintextDraft
 from ietf.utils.xmldraft import XMLDraft
 
@@ -559,3 +568,132 @@ def test_last_ballot_doc_revision(self):
         nobody = PersonFactory()
         self.assertIsNone(last_ballot_doc_revision(doc, nobody))
         self.assertEqual(rev, last_ballot_doc_revision(doc, ad))
+
+
+class UtilsRedTests(TestCase):
+    @mock.patch("ietf.doc.utils_red.log")
+    @mock.patch("ietf.doc.utils_red.requests.post")
+    def test_trigger_red_precomputer_not_configured(self, mock_post, mock_log):
+        with override_settings():
+            try:
+                del settings.CUSTOM_SETTING_NAME
+            except AttributeError:
+                pass
+            trigger_red_precomputer(rfc_number_list=[1, 2, 3])
+            self.assertEqual(mock_log.call_count, 1)
+            mock_args, _ = mock_log.call_args
+            self.assertEqual(
+                mock_args,
+                ("No URL configured for triggering red precompute multiple, skipping",),
+            )
+
+        mock_log.reset_mock()
+        with override_settings(TRIGGER_RED_PRECOMPUTE_MULTIPLE_URL=None):
+            trigger_red_precomputer(rfc_number_list=[1, 2, 3])
+            self.assertFalse(mock_post.called)
+            self.assertEqual(mock_log.call_count, 1)
+            mock_args, _ = mock_log.call_args
+            self.assertEqual(
+                mock_args,
+                ("No URL configured for triggering red precompute multiple, skipping",),
+            )
+
+    @override_settings(
+        TRIGGER_RED_PRECOMPUTE_MULTIPLE_URL="urlbits",
+    )
+    @mock.patch("ietf.doc.utils_red.log")
+    @mock.patch("ietf.doc.utils_red.requests.post", side_effect=requests.Timeout())
+    def test_trigger_red_precomputer_swallows_timeout_exception(
+        self, mock_post, mock_log
+    ):
+        exception_raised = False
+        try:
+            trigger_red_precomputer(rfc_number_list=[1, 2, 3])
+        except Exception:
+            exception_raised = True
+        self.assertFalse(exception_raised)
+        self.assertEqual(mock_log.call_count, 2)
+        # only checking the last log call
+        mock_args, _ = mock_log.call_args
+        self.assertEqual(len(mock_args), 1)
+        self.assertIn("POST request timed out", mock_args[0])
+
+    @override_settings(
+        TRIGGER_RED_PRECOMPUTE_MULTIPLE_URL="urlbits",
+    )
+    @mock.patch("ietf.doc.utils_red.requests.post", side_effect=Exception())
+    def test_trigger_red_precomputer_does_not_swallow_too_much(self, mock_post):
+        exception_raised = False
+        try:
+            trigger_red_precomputer(rfc_number_list=[1, 2, 3])
+        except Exception:
+            exception_raised = True
+        self.assertTrue(exception_raised)
+
+    @override_settings(
+        TRIGGER_RED_PRECOMPUTE_MULTIPLE_URL="urlbits",
+        DEFAULT_REQUESTS_TIMEOUT=314159265,
+    )
+    @mock.patch("ietf.doc.utils_red.log")
+    @mock.patch("ietf.doc.utils_red.requests.post")
+    def test_trigger_red_precomputer(self, mock_post, mock_log):
+        mock_post.return_value = mock.Mock(status_code=200)
+        trigger_red_precomputer(rfc_number_list=[1, 2, 3])
+        self.assertTrue(mock_post.called)
+        _, mock_kwargs = mock_post.call_args
+        self.assertIn("url", mock_kwargs)
+        self.assertEqual(mock_kwargs["url"], "urlbits")
+        self.assertIn("json", mock_kwargs)
+        self.assertEqual(mock_kwargs["json"], {"rfcs": "1,2,3"})
+        self.assertIn("timeout", mock_kwargs)
+        self.assertEqual(mock_kwargs["timeout"], 314159265)
+        self.assertEqual(mock_log.call_count, 1)  # Not testing the first info log value
+        mock_log.reset_mock()
+        mock_post.reset_mock()
+        mock_post.return_value = mock.Mock(
+            status_code=500,
+        )
+        trigger_red_precomputer(rfc_number_list=[1, 2, 3])
+        self.assertEqual(mock_log.call_count, 2)
+        mock_args, _ = mock_log.call_args
+        self.assertEqual(len(mock_args), 1)
+        expected = f"POST request failed for {settings.TRIGGER_RED_PRECOMPUTE_MULTIPLE_URL} : status_code=500"
+        self.assertEqual(mock_args[0], expected)
+
+
+class UtilsR2TestCase(TestCase):
+    def test_rfcs_are_in_r2(self):
+        rfcs = WgRfcFactory.create_batch(2)
+        rfc_name_list = [rfc.name for rfc in rfcs]
+        rfc_number_list = [rfc.rfc_number for rfc in rfcs]
+        r2_rfc_bucket = storages["r2-rfc"]
+        # Right now the various doc Factories do not populate any content
+        self.assertEqual(
+            StoredObject.objects.filter(
+                store="rfc", doc_name__in=rfc_name_list
+            ).count(),
+            0,
+        )
+        self.assertTrue(rfcs_are_in_r2(rfc_number_list=rfc_number_list))
+        for rfc in rfcs:
+            store_str(
+                kind="rfc",
+                name=f"testartifact/{rfc.name}.testartifact",
+                content="",
+                doc_name=rfc.name,
+                doc_rev=None,
+            )
+        self.assertEqual(
+            StoredObject.objects.filter(
+                store="rfc", doc_name__in=rfc_name_list
+            ).count(),
+            2,
+        )
+        self.assertFalse(rfcs_are_in_r2(rfc_number_list=rfc_number_list))
+        r2_rfc_bucket.save(f"testartifact/{rfcs[0].name}.testartifact", BytesIO(b""))
+        self.assertFalse(rfcs_are_in_r2(rfc_number_list=rfc_number_list))
+        r2_rfc_bucket.save(f"testartifact/{rfcs[1].name}.testartifact", BytesIO(b""))
+        self.assertTrue(rfcs_are_in_r2(rfc_number_list=rfc_number_list))
+
+
+
diff --git a/ietf/doc/tests_utils_rfc_json.py b/ietf/doc/tests_utils_rfc_json.py
new file mode 100644
index 0000000000..ec3cd85893
--- /dev/null
+++ b/ietf/doc/tests_utils_rfc_json.py
@@ -0,0 +1,500 @@
+# Copyright The IETF Trust 2026, All Rights Reserved
+
+import datetime
+import json
+from unittest import mock
+
+from django.core.files.base import ContentFile
+from django.core.files.storage import storages
+from django.test.utils import override_settings
+from django.utils import timezone
+
+from ietf.doc.factories import (
+    PublishedRfcDocEventFactory,
+    RfcAuthorFactory,
+    RfcFactory,
+    RgRfcFactory,
+    WgDraftFactory,
+    WgRfcFactory,
+)
+from ietf.doc.models import RelatedDocument
+from ietf.doc.utils_rfc_json import generate_rfc_json
+from ietf.group.factories import GroupFactory
+from ietf.name.models import StdLevelName
+from ietf.utils.test_utils import TestCase
+
+
+def _put_pub_levels(rfc_number, slug, path="input/"):
+    """Write a minimal publication-std-levels.json to the red bucket."""
+    red_bucket = storages["red_bucket"]
+    red_bucket.save(
+        f"{path}publication-std-levels.json",
+        ContentFile(
+            json.dumps([{"number": rfc_number, "publication_std_level": slug}])
+        ),
+    )
+
+
+def _put_errata(rfc_number, path="other/errata.json"):
+    """Write an errata.json with one entry for the given RFC."""
+    red_bucket = storages["red_bucket"]
+    red_bucket.save(
+        path,
+        ContentFile(
+            json.dumps(
+                [{"doc-id": f"RFC{rfc_number}", "errata_status_code": "Reported"}]
+            )
+        ),
+    )
+
+
+def _put_empty_errata(path="other/errata.json"):
+    red_bucket = storages["red_bucket"]
+    red_bucket.save(path, ContentFile(json.dumps([])))
+
+
+def _put_april_first(rfc_number, path="input/"):
+    red_bucket = storages["red_bucket"]
+    red_bucket.save(
+        f"{path}april-first-rfc-numbers.json",
+        ContentFile(json.dumps([rfc_number])),
+    )
+
+
+def _read_json(rfc_number):
+    from ietf.blobdb.models import Blob
+
+    blob = Blob.objects.get(bucket="rfc", name=f"json/rfc{rfc_number}.json")
+    return json.loads(bytes(blob.content))
+
+
+@override_settings(
+    RFCINDEX_INPUT_PATH="input/",
+    ERRATA_JSON_BLOB_NAME="other/errata.json",
+    RFC_EDITOR_ERRATA_BASE_URL="https://www.rfc-editor.org/errata/",
+)
+class GenerateRfcJsonTests(TestCase):
+    def setUp(self):
+        super().setUp()
+        # Minimal red_bucket blobs required by all tests
+        red_bucket = storages["red_bucket"]
+        red_bucket.save(
+            "input/april-first-rfc-numbers.json", ContentFile(json.dumps([]))
+        )
+
+    def tearDown(self):
+        red_bucket = storages["red_bucket"]
+        for name in [
+            "input/publication-std-levels.json",
+            "input/april-first-rfc-numbers.json",
+            "other/errata.json",
+        ]:
+            try:
+                red_bucket.delete(name)
+            except Exception:
+                pass
+        super().tearDown()
+
+    def test_missing_rfc_logs_and_returns(self):
+        """Calling for a nonexistent RFC number logs and returns without raising."""
+        # Should not raise; no blob should be written
+        generate_rfc_json(999999, pub_levels={})
+        from ietf.blobdb.models import Blob
+
+        self.assertFalse(
+            Blob.objects.filter(bucket="rfc", name="json/rfc999999.json").exists()
+        )
+
+    def test_all_fields(self):
+        """All 17 JSON fields are populated correctly from a fully-populated RFC."""
+        area = GroupFactory(type_id="area")
+        wg = GroupFactory(type_id="wg", parent=area)
+        rfc = PublishedRfcDocEventFactory(
+            time="2021-05-01T00:00:00Z",
+            doc=WgRfcFactory(
+                group=wg,
+                stream_id="ietf",
+                std_level_id="ps",
+                pages=42,
+                abstract="Test abstract.",
+                keywords=["foo", "bar"],
+            ),
+        ).doc
+        author = RfcAuthorFactory(document=rfc, is_editor=False)
+        editor = RfcAuthorFactory(document=rfc, is_editor=True)
+
+        obsoletes_rfc = RfcFactory()
+        updated_rfc = RfcFactory()
+        RelatedDocument.objects.create(
+            source=rfc, target=obsoletes_rfc, relationship_id="obs"
+        )
+        RelatedDocument.objects.create(
+            source=rfc, target=updated_rfc, relationship_id="updates"
+        )
+        obsoleted_by_rfc = RfcFactory()
+        updated_by_rfc = RfcFactory()
+        RelatedDocument.objects.create(
+            source=obsoleted_by_rfc, target=rfc, relationship_id="obs"
+        )
+        RelatedDocument.objects.create(
+            source=updated_by_rfc, target=rfc, relationship_id="updates"
+        )
+
+        _put_pub_levels(rfc.rfc_number, "ps")
+        _put_empty_errata()
+
+        generate_rfc_json(rfc.rfc_number)
+        data = _read_json(rfc.rfc_number)
+
+        self.assertEqual(data["doc_id"], f"RFC{rfc.rfc_number}")
+        self.assertEqual(data["title"], rfc.title)
+        self.assertEqual(data["abstract"], "Test abstract.")
+        self.assertEqual(data["page_count"], "42")
+        self.assertEqual(data["pub_status"], "PROPOSED STANDARD")
+        self.assertEqual(data["status"], "PROPOSED STANDARD")
+        self.assertEqual(data["pub_date"], "May 2021")
+        self.assertEqual(data["keywords"], ["foo", "bar"])
+        self.assertEqual(data["see_also"], [])
+        self.assertEqual(data["doi"], f"10.17487/RFC{rfc.rfc_number}")
+        self.assertIsNone(data["errata_url"])
+        self.assertIsNone(data["draft"])
+
+        # authors — non-editor first (lower order), then editor
+        self.assertEqual(
+            data["authors"],
+            [author.titlepage_name, f"{editor.titlepage_name}, Ed."],
+        )
+
+        # relationships
+        self.assertIn(f"RFC{obsoletes_rfc.rfc_number}", data["obsoletes"])
+        self.assertIn(f"RFC{updated_rfc.rfc_number}", data["updates"])
+        self.assertIn(f"RFC{obsoleted_by_rfc.rfc_number}", data["obsoleted_by"])
+        self.assertIn(f"RFC{updated_by_rfc.rfc_number}", data["updated_by"])
+
+    def test_pub_status_differs_from_status(self):
+        """pub_status reflects publication-std-levels.json; status reflects current std_level."""
+        rfc = PublishedRfcDocEventFactory(
+            doc=WgRfcFactory(std_level_id="hist"),
+        ).doc
+        # Record was published as "ps" but is now "hist"
+        _put_pub_levels(rfc.rfc_number, "ps")
+        _put_empty_errata()
+
+        generate_rfc_json(rfc.rfc_number)
+        data = _read_json(rfc.rfc_number)
+
+        self.assertEqual(data["pub_status"], "PROPOSED STANDARD")
+        self.assertEqual(data["status"], "HISTORIC")
+
+    def test_errata_url_set_when_errata_exist(self):
+        """errata_url is populated when errata.json has any entry for the RFC."""
+        rfc = PublishedRfcDocEventFactory(doc=WgRfcFactory()).doc
+        _put_pub_levels(rfc.rfc_number, "ps")
+        _put_errata(rfc.rfc_number)
+
+        generate_rfc_json(rfc.rfc_number)
+        data = _read_json(rfc.rfc_number)
+
+        self.assertEqual(
+            data["errata_url"],
+            f"https://www.rfc-editor.org/errata/rfc{rfc.rfc_number}",
+        )
+
+    def test_draft_field_includes_revision(self):
+        """draft field is '<name>-<rev>' when the RFC originated from a draft."""
+        draft = WgDraftFactory(rev="07")
+        rfc = PublishedRfcDocEventFactory(doc=WgRfcFactory()).doc
+        draft.relateddocument_set.create(relationship_id="became_rfc", target=rfc)
+        _put_pub_levels(rfc.rfc_number, "ps")
+        _put_empty_errata()
+
+        generate_rfc_json(rfc.rfc_number)
+        data = _read_json(rfc.rfc_number)
+
+        self.assertEqual(data["draft"], f"{draft.name}-07")
+
+    def test_errata_url_none_when_no_errata(self):
+        """errata_url is None when errata.json has no entries for the RFC."""
+        rfc = PublishedRfcDocEventFactory(doc=WgRfcFactory()).doc
+        _put_pub_levels(rfc.rfc_number, "ps")
+        _put_empty_errata()
+
+        generate_rfc_json(rfc.rfc_number)
+        data = _read_json(rfc.rfc_number)
+
+        self.assertIsNone(data["errata_url"])
+
+    def test_errata_failure_yields_null_url(self):
+        """If reading errata.json fails, errata_url is null and no exception is raised."""
+        rfc = PublishedRfcDocEventFactory(doc=WgRfcFactory()).doc
+        _put_pub_levels(rfc.rfc_number, "ps")
+        # Deliberately do not put errata blob — FileNotFoundError expected
+
+        generate_rfc_json(rfc.rfc_number)  # must not raise
+        data = _read_json(rfc.rfc_number)
+        self.assertIsNone(data["errata_url"])
+
+    def test_second_call_overwrites(self):
+        """Calling generate_rfc_json twice does not raise AlreadyExistsError."""
+        rfc = PublishedRfcDocEventFactory(doc=WgRfcFactory()).doc
+        _put_pub_levels(rfc.rfc_number, "ps")
+        _put_empty_errata()
+
+        generate_rfc_json(rfc.rfc_number)
+        generate_rfc_json(rfc.rfc_number)  # must not raise
+
+    def test_april_first_date_format(self):
+        """April Fools RFCs get '1 April YYYY' date format."""
+        rfc = PublishedRfcDocEventFactory(
+            time="2020-04-01T12:00:00Z",
+            doc=WgRfcFactory(),
+        ).doc
+        red_bucket = storages["red_bucket"]
+        red_bucket.delete("input/april-first-rfc-numbers.json")
+        _put_april_first(rfc.rfc_number)
+        _put_pub_levels(rfc.rfc_number, "inf")
+        _put_empty_errata()
+
+        generate_rfc_json(rfc.rfc_number)
+        data = _read_json(rfc.rfc_number)
+
+        self.assertEqual(data["pub_date"], "1 April 2020")
+
+    def test_empty_keywords_filtered(self):
+        """Empty-string keywords are stripped from the keywords list."""
+        rfc = PublishedRfcDocEventFactory(
+            doc=WgRfcFactory(keywords=["foo", "", "bar"]),
+        ).doc
+        _put_pub_levels(rfc.rfc_number, "ps")
+        _put_empty_errata()
+
+        generate_rfc_json(rfc.rfc_number)
+        data = _read_json(rfc.rfc_number)
+
+        self.assertEqual(data["keywords"], ["foo", "bar"])
+
+    def test_non_april_first_april_date(self):
+        """An April publication that is NOT in the April Fools list gets 'April YYYY'."""
+        rfc = PublishedRfcDocEventFactory(
+            time="2020-04-15T12:00:00Z",
+            doc=WgRfcFactory(),
+        ).doc
+        _put_pub_levels(rfc.rfc_number, "inf")
+        _put_empty_errata()
+
+        generate_rfc_json(rfc.rfc_number)
+        data = _read_json(rfc.rfc_number)
+
+        self.assertEqual(data["pub_date"], "April 2020")
+
+    def test_source_ietf_wg(self):
+        """IETF-stream WG RFC: source is the group's full name."""
+        area = GroupFactory(type_id="area")
+        wg = GroupFactory(type_id="wg", parent=area)
+        rfc = PublishedRfcDocEventFactory(
+            doc=WgRfcFactory(group=wg, stream_id="ietf"),
+        ).doc
+        _put_pub_levels(rfc.rfc_number, "ps")
+        _put_empty_errata()
+
+        generate_rfc_json(rfc.rfc_number)
+        data = _read_json(rfc.rfc_number)
+
+        self.assertEqual(data["source"], wg.name)
+
+    def test_source_ietf_no_wg(self):
+        """IETF-stream individual RFC (group acronym 'none'): source is 'IETF - NON WORKING GROUP'."""
+        area = GroupFactory(type_id="area")
+        rfc = PublishedRfcDocEventFactory(
+            doc=RfcFactory(
+                group=GroupFactory(acronym="none"),
+                stream_id="ietf",
+            ),
+        ).doc
+        rfc.group.parent = area
+        rfc.group.save()
+        _put_pub_levels(rfc.rfc_number, "inf")
+        _put_empty_errata()
+
+        generate_rfc_json(rfc.rfc_number)
+        data = _read_json(rfc.rfc_number)
+
+        self.assertEqual(data["source"], "IETF - NON WORKING GROUP")
+
+    def test_source_ietf_area(self):
+        """IETF-stream RFC with area-type group: source is 'IETF - NON WORKING GROUP'."""
+        area = GroupFactory(type_id="area")
+        area.parent = GroupFactory()
+        area.save()
+        rfc = PublishedRfcDocEventFactory(
+            doc=RfcFactory(group=area, stream_id="ietf"),
+        ).doc
+        _put_pub_levels(rfc.rfc_number, "inf")
+        _put_empty_errata()
+
+        generate_rfc_json(rfc.rfc_number)
+        data = _read_json(rfc.rfc_number)
+
+        self.assertEqual(data["source"], "IETF - NON WORKING GROUP")
+
+    def test_source_iab(self):
+        """IAB-stream RFC: source is 'IAB'."""
+        rfc = PublishedRfcDocEventFactory(
+            doc=RfcFactory(stream_id="iab", group=GroupFactory(acronym="iab")),
+        ).doc
+        _put_pub_levels(rfc.rfc_number, "inf")
+        _put_empty_errata()
+
+        generate_rfc_json(rfc.rfc_number)
+        data = _read_json(rfc.rfc_number)
+
+        self.assertEqual(data["source"], "IAB")
+
+    def test_source_ise(self):
+        """ISE-stream RFC: source is 'INDEPENDENT'."""
+        rfc = PublishedRfcDocEventFactory(
+            doc=RfcFactory(stream_id="ise", group=GroupFactory(acronym="none")),
+        ).doc
+        _put_pub_levels(rfc.rfc_number, "inf")
+        _put_empty_errata()
+
+        generate_rfc_json(rfc.rfc_number)
+        data = _read_json(rfc.rfc_number)
+
+        self.assertEqual(data["source"], "INDEPENDENT")
+
+    def test_source_irtf_rg(self):
+        """IRTF-stream RG RFC: source is the group's full name."""
+        rfc = PublishedRfcDocEventFactory(doc=RgRfcFactory()).doc
+        _put_pub_levels(rfc.rfc_number, "inf")
+        _put_empty_errata()
+
+        generate_rfc_json(rfc.rfc_number)
+        data = _read_json(rfc.rfc_number)
+
+        self.assertEqual(data["source"], rfc.group.name)
+
+    def test_source_irtf_no_rg(self):
+        """IRTF-stream RFC with no specific RG (group acronym 'none'): source is 'IRTF'."""
+        rfc = PublishedRfcDocEventFactory(
+            doc=RfcFactory(stream_id="irtf", group=GroupFactory(acronym="none")),
+        ).doc
+        _put_pub_levels(rfc.rfc_number, "inf")
+        _put_empty_errata()
+
+        generate_rfc_json(rfc.rfc_number)
+        data = _read_json(rfc.rfc_number)
+
+        self.assertEqual(data["source"], "IRTF")
+
+    def test_pub_levels_passed_in(self):
+        """When pub_levels is passed in, get_publication_std_levels() is not called."""
+        rfc = PublishedRfcDocEventFactory(doc=WgRfcFactory()).doc
+        _put_empty_errata()
+
+        ps_level = StdLevelName.objects.get(slug="ps")
+        pub_levels = {rfc.rfc_number: ps_level}
+
+        with mock.patch(
+            "ietf.doc.utils_rfc_json.get_publication_std_levels"
+        ) as mock_get:
+            generate_rfc_json(rfc.rfc_number, pub_levels=pub_levels)
+            mock_get.assert_not_called()
+
+        data = _read_json(rfc.rfc_number)
+        self.assertEqual(data["pub_status"], "PROPOSED STANDARD")
+
+    def test_pub_levels_fetch_failure_returns_without_writing(self):
+        """If get_publication_std_levels() raises, function logs and returns without writing a blob."""
+        rfc = PublishedRfcDocEventFactory(doc=WgRfcFactory()).doc
+        _put_empty_errata()
+
+        with mock.patch(
+            "ietf.doc.utils_rfc_json.get_publication_std_levels",
+            side_effect=FileNotFoundError("not found"),
+        ):
+            generate_rfc_json(rfc.rfc_number)  # must not raise
+
+        from ietf.blobdb.models import Blob
+
+        self.assertFalse(
+            Blob.objects.filter(
+                bucket="rfc", name=f"json/rfc{rfc.rfc_number}.json"
+            ).exists()
+        )
+
+    def test_pub_status_fallback_to_status_for_recent_rfc(self):
+        """RFC missing from pub_levels but published within 2 days: pub_status falls back to current std_level."""
+        now = timezone.now()
+        rfc = PublishedRfcDocEventFactory(
+            time=now - datetime.timedelta(hours=1),
+            doc=WgRfcFactory(std_level_id="ps"),
+        ).doc
+        _put_empty_errata()
+
+        with mock.patch("ietf.doc.utils_rfc_json.timezone") as mock_tz:
+            mock_tz.now.return_value = now
+            generate_rfc_json(rfc.rfc_number, pub_levels={})
+
+        data = _read_json(rfc.rfc_number)
+        self.assertEqual(data["pub_status"], "PROPOSED STANDARD")
+
+    def test_pub_status_unknown_for_old_rfc_missing_from_levels(self):
+        """RFC missing from pub_levels and published more than 2 days ago: pub_status is UNKNOWN."""
+        rfc = PublishedRfcDocEventFactory(
+            time="2020-01-01T00:00:00Z",
+            doc=WgRfcFactory(std_level_id="ps"),
+        ).doc
+        _put_empty_errata()
+
+        generate_rfc_json(rfc.rfc_number, pub_levels={})
+
+        data = _read_json(rfc.rfc_number)
+        self.assertEqual(data["pub_status"], "UNKNOWN")
+
+    def _assert_no_blob_written(self, rfc):
+        from ietf.blobdb.models import Blob
+
+        self.assertFalse(
+            Blob.objects.filter(
+                bucket="rfc", name=f"json/rfc{rfc.rfc_number}.json"
+            ).exists()
+        )
+
+    def test_source_malformed_no_stream(self):
+        """RFC with stream=None triggers assertion (logged to admins in production) and no blob is written."""
+        rfc = PublishedRfcDocEventFactory(doc=WgRfcFactory()).doc
+        rfc.stream = None
+        rfc.save()
+        ps_level = StdLevelName.objects.get(slug="ps")
+
+        with self.assertRaises(AssertionError):
+            generate_rfc_json(rfc.rfc_number, pub_levels={rfc.rfc_number: ps_level})
+
+        self._assert_no_blob_written(rfc)
+
+    def test_source_malformed_no_group(self):
+        """RFC with group=None triggers assertion (logged to admins in production) and no blob is written."""
+        rfc = PublishedRfcDocEventFactory(doc=WgRfcFactory()).doc
+        rfc.group = None
+        rfc.save()
+        ps_level = StdLevelName.objects.get(slug="ps")
+
+        with self.assertRaises(AssertionError):
+            generate_rfc_json(rfc.rfc_number, pub_levels={rfc.rfc_number: ps_level})
+
+        self._assert_no_blob_written(rfc)
+
+    def test_source_ietf_malformed_no_area(self):
+        """IETF-stream RFC whose group has no parent triggers assertion (logged to admins in production) and no blob is written."""
+        rfc = PublishedRfcDocEventFactory(
+            doc=RfcFactory(stream_id="ietf", group=GroupFactory()),
+        ).doc
+        rfc.group.parent = None
+        rfc.group.save()
+        ps_level = StdLevelName.objects.get(slug="ps")
+
+        with self.assertRaises(AssertionError):
+            generate_rfc_json(rfc.rfc_number, pub_levels={rfc.rfc_number: ps_level})
+
+        self._assert_no_blob_written(rfc)
diff --git a/ietf/doc/urls.py b/ietf/doc/urls.py
index 61e94b2231..0c13503b78 100644
--- a/ietf/doc/urls.py
+++ b/ietf/doc/urls.py
@@ -99,6 +99,8 @@
 
     url(r'^%(name)s(?:/%(rev)s)?/$' % settings.URL_REGEXPS, views_doc.document_main),
     url(r'^%(name)s(?:/%(rev)s)?/bibtex/$' % settings.URL_REGEXPS, views_doc.document_bibtex),
+    url(r'^rfc(?P<number>[0-9]+)/notprepped/$' , views_doc.rfcxml_notprepped),
+    url(r'^rfc(?P<number>[0-9]+)/notprepped-wrapper/$', views_doc.rfcxml_notprepped_wrapper),
     url(r'^%(name)s(?:/%(rev)s)?/idnits2-state/$' % settings.URL_REGEXPS, views_doc.idnits2_state),
     url(r'^bibxml3/reference.I-D.%(name)s(?:-%(rev)s)?.xml$' % settings.URL_REGEXPS, views_doc.document_bibxml_ref),
     url(r'^bibxml3/%(name)s(?:-%(rev)s)?.xml$' % settings.URL_REGEXPS, views_doc.document_bibxml),
diff --git a/ietf/doc/utils.py b/ietf/doc/utils.py
index 396b3fcfa4..5f8f587c59 100644
--- a/ietf/doc/utils.py
+++ b/ietf/doc/utils.py
@@ -4,6 +4,7 @@
 
 import datetime
 import io
+import json
 import math
 import os
 import re
@@ -38,12 +39,15 @@
     DocHistoryAuthor,
     Document,
     DocumentAuthor,
+    EditedRfcAuthorsDocEvent,
     RfcAuthor,
-    State, EditedRfcAuthorsDocEvent,
+    State,
+    StoredObject,
 )
 from ietf.doc.models import RelatedDocument, RelatedDocHistory, BallotType, DocReminder
 from ietf.doc.models import DocEvent, ConsensusDocEvent, BallotDocEvent, IRSGBallotDocEvent, NewRevisionDocEvent, StateDocEvent
 from ietf.doc.models import TelechatDocEvent, DocumentActionHolder, EditedAuthorsDocEvent, BallotPositionDocEvent
+from ietf.doc.storage_utils import force_replication
 from ietf.name.models import DocReminderTypeName, DocRelationshipName
 from ietf.group.models import Role, Group, GroupFeatures
 from ietf.ietfauth.utils import has_role, is_authorized_in_doc_stream, is_individual_draft_author, is_bofreq_editor
@@ -954,58 +958,78 @@ def rebuild_reference_relations(doc, filenames):
     filenames should be a dict mapping file ext (i.e., type) to the full path of each file.
     """
     if doc.type.slug not in ["draft", "rfc"]:
+        log.log(f"rebuild_reference_relations called for non draft/rfc doc {doc.name}")
         return None
-    
-    log.log(f"Rebuilding reference relations for {doc.name}")
 
-    # try XML first
-    if "xml" in filenames:
-        refs = XMLDraft(filenames["xml"]).get_refs()
-    elif "txt" in filenames:
-        filename = filenames["txt"]
-        try:
-            refs = draft.PlaintextDraft.from_file(filename).get_refs()
-        except IOError as e:
-            return {"errors": [f"{e.strerror}: {filename}"]}
-    else:
+
+    if "xml" not in filenames and "txt" not in filenames:
+        log.log(f"rebuild_reference_relations error: no file available for {doc.name}")
         return {
             "errors": [
                 "No file available for rebuilding reference relations. Need XML or plaintext."
             ]
         }
-
-    doc.relateddocument_set.filter(
+    else:
+        try:
+            # try XML first
+            if "xml" in filenames:
+                refs = XMLDraft(filenames["xml"]).get_refs()
+            elif "txt" in filenames:
+                filename = filenames["txt"]
+                refs = draft.PlaintextDraft.from_file(filename).get_refs()
+        except (IOError, UnicodeDecodeError) as e:
+                log.log(f"rebuild_reference_relations error: On {doc.name}: {e}")
+                return {"errors": [f"{e}: {filename}"]}
+
+    before = set(doc.relateddocument_set.filter(
         relationship__slug__in=["refnorm", "refinfo", "refold", "refunk"]
-    ).delete()
+    ).values_list("relationship__slug","target__name"))
 
     warnings = []
     errors = []
     unfound = set()
+    intended = set()
+    names = [ref for ref in refs]
+    names.extend([ref[:-3] for ref in refs if re.match(r"^draft-.*-\d{2}$", ref)])
+    queryset = Document.objects.filter(name__in=names)
     for ref, refType in refs.items():
-        refdoc = Document.objects.filter(name=ref)
-        if not refdoc and re.match(r"^draft-.*-\d{2}$", ref):
-            refdoc = Document.objects.filter(name=ref[:-3])
+        refdoc = queryset.filter(name=ref)
+        if not refdoc.exists() and re.match(r"^draft-.*-\d{2}$", ref):
+            refdoc = queryset.filter(name=ref[:-3])
         count = refdoc.count()
         if count == 0:
             unfound.add("%s" % ref)
             continue
         elif count > 1:
+            log.unreachable("2026-3-16") # This branch is holdover from DocAlias
             errors.append("Too many Document objects found for %s" % ref)
         else:
             # Don't add references to ourself
             if doc != refdoc[0]:
-                RelatedDocument.objects.get_or_create(
-                    source=doc,
-                    target=refdoc[0],
-                    relationship=DocRelationshipName.objects.get(
-                        slug="ref%s" % refType
-                    ),
-                )
+                intended.add((f"ref{refType}", refdoc[0].name))
+
     if unfound:
         warnings.append(
             "There were %d references with no matching Document" % len(unfound)
         )
 
+    if intended != before:
+        for slug, name in before-intended:
+            doc.relateddocument_set.filter(target__name=name, relationship_id=slug).delete()
+        for slug, name in intended-before:
+            doc.relateddocument_set.create(
+                target=queryset.get(name=name),
+                relationship_id=slug
+            )
+        after = set(doc.relateddocument_set.filter(
+            relationship__slug__in=["refnorm", "refinfo", "refold", "refunk"]
+        ).values_list("relationship__slug","target__name"))
+        if after != intended:
+            errors.append("Attempted changed didn't achieve intended results")
+        changed_references = True
+    else:
+        changed_references = False
+
     ret = {}
     if errors:
         ret["errors"] = errors
@@ -1014,6 +1038,13 @@ def rebuild_reference_relations(doc, filenames):
     if unfound:
         ret["unfound"] = list(unfound)
 
+    logmsg = f"rebuild_reference_relations for {doc.name}: "
+    logmsg += "changed references" if changed_references else "references unchanged"
+    if ret:
+        logmsg += f" {json.dumps(ret)}"
+
+    log.log(logmsg)
+
     return ret
 
 def set_replaces_for_document(request, doc, new_replaces, by, email_subject, comment=""):
@@ -1243,9 +1274,6 @@ def build_file_urls(doc: Union[Document, DocHistory]):
             label = "plain text" if t == "txt" else t
             file_urls.append((label, base + doc.name + "." + t))
 
-        if "pdf" not in found_types and "txt" in found_types:
-            file_urls.append(("pdf", base + "pdfrfc/" + doc.name + ".txt.pdf"))
-
         if "txt" in found_types:
             file_urls.append(("htmlized", urlreverse('ietf.doc.views_doc.document_html', kwargs=dict(name=doc.name))))
             if doc.tags.filter(slug="verified-errata").exists():
@@ -1685,3 +1713,23 @@ def update_or_create_draft_bibxml_file(doc, rev):
 
 def ensure_draft_bibxml_path_exists():
     (Path(settings.BIBXML_BASE_PATH) / "bibxml-ids").mkdir(exist_ok=True)
+
+
+def replicate_stored_objects_for_document(doc: Document) -> int:
+    """Sync all StoredObjects associated with doc to the replica blob store
+    
+    Returns count of StoredObjects queued for replication (which may or may not
+    be replicated, depending on whether replication is enabled / the storages are
+    actually BlobdbStorage instances, etc).
+    """
+    # n.b., StoredObjects have a nullable doc_rev field, but Documents do not.
+    # Until / unless we straighten that out, treat "" and None equivalently when
+    # matching rev.
+    qs_matching_rev = StoredObject.objects.filter(doc_rev=doc.rev)
+    if doc.rev == "":
+        qs_matching_rev |= StoredObject.objects.filter(doc_rev__isnull=True)
+    count = 0
+    for stored_object in qs_matching_rev.filter(doc_name=doc.name):
+        force_replication(kind=stored_object.store, name=stored_object.name)
+        count += 1
+    return count
diff --git a/ietf/doc/utils_r2.py b/ietf/doc/utils_r2.py
new file mode 100644
index 0000000000..53fb978303
--- /dev/null
+++ b/ietf/doc/utils_r2.py
@@ -0,0 +1,17 @@
+# Copyright The IETF Trust 2026, All Rights Reserved
+
+from django.core.files.storage import storages
+
+from ietf.doc.models import StoredObject
+
+
+def rfcs_are_in_r2(rfc_number_list=()):
+    r2_rfc_bucket = storages["r2-rfc"]
+    for rfc_number in rfc_number_list:
+        stored_objects = StoredObject.objects.filter(
+            store="rfc", doc_name=f"rfc{rfc_number}"
+        )
+        for stored_object in stored_objects:
+            if not r2_rfc_bucket.exists(stored_object.name):
+                return False
+    return True
diff --git a/ietf/doc/utils_red.py b/ietf/doc/utils_red.py
new file mode 100644
index 0000000000..5c5879d688
--- /dev/null
+++ b/ietf/doc/utils_red.py
@@ -0,0 +1,31 @@
+# Copyright The IETF Trust 2026, All Rights Reserved
+
+import requests
+
+from django.conf import settings
+
+from ietf.utils.log import log
+
+
+def trigger_red_precomputer(rfc_number_list=()):
+    url = getattr(settings, "TRIGGER_RED_PRECOMPUTE_MULTIPLE_URL", None)
+    if url is not None:
+        payload = {
+            "rfcs": ",".join([str(n) for n in rfc_number_list]),
+        }
+        try:
+            log(f"Triggering red precompute multiple for RFCs {rfc_number_list}")
+            response = requests.post(
+                url=url,
+                json=payload,
+                timeout=settings.DEFAULT_REQUESTS_TIMEOUT,
+            )
+        except requests.Timeout as e:
+            log(f"POST request timed out for {url} : {e}")
+            return
+        if response.status_code // 100 != 2:  # 2xx status codes are ok
+            log(
+                f"POST request failed for {url} : status_code={response.status_code}"
+            )
+    else:
+        log("No URL configured for triggering red precompute multiple, skipping")
diff --git a/ietf/doc/utils_rfc_json.py b/ietf/doc/utils_rfc_json.py
new file mode 100644
index 0000000000..1f13455686
--- /dev/null
+++ b/ietf/doc/utils_rfc_json.py
@@ -0,0 +1,231 @@
+# Copyright The IETF Trust 2026, All Rights Reserved
+
+import datetime
+import json
+from pathlib import Path
+
+from django.conf import settings
+from django.utils import timezone
+
+from ietf.doc.models import Document, RelatedDocument
+from ietf.name.models import StdLevelName
+from ietf.doc.storage_utils import exists_in_storage, store_bytes
+from ietf.sync.errata import errata_map_from_json, get_errata_data
+from ietf.sync.rfcindex import get_april1_rfc_numbers, get_publication_std_levels
+from ietf.utils.log import assertion, log
+
+
+_FORMAT_CHECKS = [
+    ("xml", "XML"),
+    ("txt", "TEXT"),
+    ("html", "HTML"),
+    ("pdf", "PDF"),
+]
+
+
+def generate_rfc_json(rfc_number: int, *, pub_levels=None) -> None:
+    """Generate and store the JSON metadata file for a published RFC.
+
+    Reads RFC metadata from the DB and errata data from the red bucket, combines
+    them, and writes json/rfc{N}.json to the "rfc" blob bucket (overwriting any
+    existing file).
+
+    pub_levels, if provided, should be the defaultdict returned by
+    get_publication_std_levels(). Pass it when generating JSON for multiple RFCs
+    to avoid a redundant blob read per call.
+    """
+    try:
+        rfc = (
+            Document.objects.select_related("std_level", "stream", "group__parent")
+            .prefetch_related("rfcauthor_set")
+            .get(type_id="rfc", rfc_number=rfc_number)
+        )
+    except Document.DoesNotExist:
+        log(f"generate_rfc_json: no RFC found for rfc_number={rfc_number}")
+        return
+
+    if pub_levels is None:
+        try:
+            pub_levels = get_publication_std_levels()
+        except Exception as e:
+            log(f"generate_rfc_json: failed to get publication std levels: {e}")
+            return
+
+    doc_id = f"RFC{rfc_number}"
+
+    # draft name
+    draft_doc = rfc.came_from_draft()
+    draft = f"{draft_doc.name}-{draft_doc.rev}" if draft_doc else None
+
+    # authors: ordered list of display strings
+    authors = []
+    for author in rfc.rfcauthor_set.order_by("order"):
+        name = author.titlepage_name
+        if author.is_editor:
+            name = f"{name}, Ed."
+        authors.append(name)
+
+    # format: check which file blobs are present
+    formats = [
+        label
+        for ext, label in _FORMAT_CHECKS
+        if exists_in_storage(kind="rfc", name=f"{ext}/rfc{rfc_number}.{ext}")
+    ]
+
+    # page_count
+    page_count = str(rfc.pages) if rfc.pages is not None else ""
+
+    # status: current std_level
+    status = rfc.std_level.name.upper() if rfc.std_level else ""
+
+    # pub_status from publication-std-levels.json in the red bucket
+    # but guard against recent publication not having updated the bucket yet
+    pub_event = rfc.latest_event(type="published_rfc")
+    if rfc_number in pub_levels:
+        pub_status = pub_levels[rfc_number].name.upper()
+    else:
+        if (
+            pub_event is not None
+            and timezone.now() - pub_event.time < datetime.timedelta(days=2)
+        ):
+            pub_status = status
+        else:
+            log(f"Assuming an unknown publication status for rfc{rfc_number}")
+            pub_status = StdLevelName.objects.get(slug="unkn").name.upper()
+
+    # source: adapted from errata system's display_source() logic
+    if rfc.stream is None or rfc.group is None:
+        # Basic expectations (should be constraints) on RFC Document objects
+        # have been violated.
+        assertion("rfc.stream is not None and rfc.group is not None")
+        log(
+            f"Malformed document object encountered for rfc{rfc_number}. Aborting update of rfc{rfc_number}.json"
+        )
+        return
+    stream_slug = rfc.stream.slug
+    group_acronym = rfc.group.acronym
+
+    if stream_slug == "ietf":
+        if rfc.group.parent is None:
+            assertion("rfc.group.parent is not None")
+            log(
+                f"Malformed document object encountered for rfc{rfc_number}. Aborting update of rfc{rfc_number}.json"
+            )
+            return
+
+    if stream_slug == "ise":
+        source = "INDEPENDENT"
+    elif stream_slug == "iab":
+        source = "IAB"
+    elif stream_slug == "ietf" and (
+        group_acronym == "none" or rfc.group.type_id == "area"
+    ):
+        source = "IETF - NON WORKING GROUP"
+    elif stream_slug == "irtf":
+        if group_acronym == "none":
+            source = "IRTF"
+        else:
+            source = rfc.group.name
+    elif group_acronym not in ("none", "") and stream_slug in ["ietf", "editorial"]:
+        source = rfc.group.name
+    elif stream_slug:
+        source = "Legacy" if stream_slug == "legacy" else stream_slug.upper()
+    else:
+        source = ""
+
+    # pub_date: month/year of publication, with April 1st special-casing
+    pub_date = None
+    if pub_event:
+        dt = pub_event.time
+        try:
+            april_first_numbers = get_april1_rfc_numbers()
+        except Exception:
+            april_first_numbers = []
+        if dt.month == 4 and rfc_number in april_first_numbers:
+            pub_date = dt.strftime("1 %B %Y")
+        else:
+            pub_date = dt.strftime("%B %Y")
+
+    # relationship lists — sorted by RFC number
+    def _rfc_list(qs, attr):
+        numbers = [
+            getattr(rd, attr).rfc_number
+            for rd in qs
+            if getattr(rd, attr).rfc_number is not None
+        ]
+        return [f"RFC{n}" for n in sorted(numbers)]
+
+    obsoletes = _rfc_list(
+        RelatedDocument.objects.filter(
+            source=rfc, relationship_id="obs"
+        ).select_related("target"),
+        "target",
+    )
+    obsoleted_by = _rfc_list(
+        RelatedDocument.objects.filter(
+            target=rfc, relationship_id="obs"
+        ).select_related("source"),
+        "source",
+    )
+    updates = _rfc_list(
+        RelatedDocument.objects.filter(
+            source=rfc, relationship_id="updates"
+        ).select_related("target"),
+        "target",
+    )
+    updated_by = _rfc_list(
+        RelatedDocument.objects.filter(
+            target=rfc, relationship_id="updates"
+        ).select_related("source"),
+        "source",
+    )
+
+    # errata_url: non-None if any errata entry exists for this RFC (any status)
+    try:
+        errata_data = get_errata_data()
+        errata_map = errata_map_from_json(errata_data)
+        errata_url = (
+            settings.RFC_EDITOR_ERRATA_BASE_URL + f"rfc{rfc_number}"
+            if rfc_number in errata_map
+            else None
+        )
+    except Exception:
+        log(f"generate_rfc_json: could not load errata data for RFC {rfc_number}")
+        errata_url = None
+
+    data = {
+        "draft": draft,
+        "doc_id": doc_id,
+        "title": rfc.title,
+        "authors": authors,
+        "format": formats,
+        "page_count": page_count,
+        "pub_status": pub_status,
+        "status": status,
+        "source": source,
+        "abstract": rfc.abstract,
+        "pub_date": pub_date,
+        "keywords": [kw for kw in rfc.keywords if kw],
+        "obsoletes": obsoletes,
+        "obsoleted_by": obsoleted_by,
+        "updates": updates,
+        "updated_by": updated_by,
+        "see_also": [],
+        "doi": f"10.17487/{doc_id}",
+        "errata_url": errata_url,
+    }
+
+    content = json.dumps(data, indent=2).encode("utf-8")
+    store_bytes(
+        kind="rfc",
+        name=f"json/rfc{rfc_number}.json",
+        content=content,
+        allow_overwrite=True,
+        doc_name=f"rfc{rfc_number}",
+        doc_rev=None,
+        mtime=timezone.now(),
+    )
+    fs_path = Path(settings.RFC_PATH) / f"rfc{rfc_number}.json"
+    if settings.SERVER_MODE != "production" and not fs_path.parent.exists():
+        fs_path.parent.mkdir()
+    fs_path.write_bytes(content)
diff --git a/ietf/doc/views_ballot.py b/ietf/doc/views_ballot.py
index 03cf01a4a1..29aadfdb9b 100644
--- a/ietf/doc/views_ballot.py
+++ b/ietf/doc/views_ballot.py
@@ -939,16 +939,6 @@ def approve_ballot(request, name):
         if ballot_writeup_event.pk == None:
             ballot_writeup_event.save()
 
-        if new_state.slug == "ann" and new_state.slug != prev_state.slug:
-            # start by notifying the RFC Editor
-            import ietf.sync.rfceditor
-            response, error = ietf.sync.rfceditor.post_approved_draft(settings.RFC_EDITOR_SYNC_NOTIFICATION_URL, doc.name)
-            if error:
-                return render(request, 'doc/draft/rfceditor_post_approved_draft_failed.html',
-                              dict(name=doc.name,
-                                   response=response,
-                                   error=error))
-
         doc.set_state(new_state)
         doc.tags.remove(*prev_tags)
         
diff --git a/ietf/doc/views_doc.py b/ietf/doc/views_doc.py
index 0ae7520681..af056f6a96 100644
--- a/ietf/doc/views_doc.py
+++ b/ietf/doc/views_doc.py
@@ -1,4 +1,4 @@
-# Copyright The IETF Trust 2009-2024, All Rights Reserved
+# Copyright The IETF Trust 2009-2026, All Rights Reserved
 # -*- coding: utf-8 -*-
 #
 # Parts Copyright (C) 2009-2010 Nokia Corporation and/or its subsidiary(-ies).
@@ -43,9 +43,10 @@
 
 from celery.result import AsyncResult
 from django.core.cache import caches
+from django.core.files.base import ContentFile
 from django.core.exceptions import PermissionDenied
 from django.db.models import Max
-from django.http import HttpResponse, Http404, HttpResponseBadRequest, JsonResponse
+from django.http import FileResponse, HttpResponse, Http404, HttpResponseBadRequest, HttpResponseForbidden, JsonResponse
 from django.shortcuts import render, get_object_or_404, redirect
 from django.template.loader import render_to_string
 from django.urls import reverse as urlreverse
@@ -57,7 +58,7 @@
 import debug                            # pyflakes:ignore
 
 from ietf.doc.models import ( Document, DocHistory, DocEvent, BallotDocEvent, BallotType,
-    ConsensusDocEvent, NewRevisionDocEvent, TelechatDocEvent, WriteupDocEvent, IanaExpertDocEvent,
+    ConsensusDocEvent, NewRevisionDocEvent, StoredObject, TelechatDocEvent, WriteupDocEvent, IanaExpertDocEvent,
     IESG_BALLOT_ACTIVE_STATES, STATUSCHANGE_RELATIONS, DocumentActionHolder, DocumentAuthor,
     RelatedDocument, RelatedDocHistory)
 from ietf.doc.tasks import investigate_fragment_task
@@ -86,6 +87,7 @@
 from ietf.review.models import ReviewAssignment
 from ietf.review.utils import can_request_review_of_doc, review_assignments_to_list_for_docs, review_requests_to_list_for_docs
 from ietf.review.utils import no_review_from_teams_on_doc
+from ietf.doc.storage_utils import retrieve_bytes
 from ietf.utils import markup_txt, log, markdown
 from ietf.utils.draft import get_status_from_draft_text
 from ietf.utils.meetecho import MeetechoAPIError, SlidesManager
@@ -256,7 +258,7 @@ def document_main(request, name, rev=None, document_html=False):
         interesting_relations_that, interesting_relations_that_doc = interesting_doc_relations(doc)
 
         can_edit = has_role(request.user, ("Area Director", "Secretariat"))
-        can_edit_authors = has_role(request.user, ("Secretariat"))
+        can_edit_authors = has_role(request.user, ("Secretariat")) and not doc.rfcauthor_set.exists()
 
         stream_slugs = StreamName.objects.values_list("slug", flat=True)
         # For some reason, AnonymousUser has __iter__, but is not iterable,
@@ -1285,9 +1287,7 @@ def document_bibtex(request, name, rev=None):
                     break
 
     elif doc.type_id == "rfc":
-        # This needs to be replaced with a lookup, as the mapping may change
-        # over time.
-        doi = f"10.17487/RFC{doc.rfc_number:04d}"
+        doi = doc.doi
 
     if doc.is_dochistory():
         latest_event = doc.latest_event(type='new_revision', rev=rev)
@@ -1842,12 +1842,15 @@ def add_fields(self, form, index):
                 if fh in form.fields:
                     form.fields[fh].widget = forms.HiddenInput()
 
+    doc = get_object_or_404(Document, name=name)
+    if doc.rfcauthor_set.exists():
+        return HttpResponseForbidden("Contact the RFC Editor to change RFC Author information")
+
     AuthorFormSet = forms.formset_factory(DocAuthorForm,
                                           formset=_AuthorsBaseFormSet,
                                           can_delete=True,
                                           can_order=True,
                                           extra=0)
-    doc = get_object_or_404(Document, name=name)
     
     if request.method == 'POST':
         change_basis_form = DocAuthorChangeBasisForm(request.POST)
@@ -2358,3 +2361,29 @@ def investigate(request):
             "results": results,
         },
     )
+
+def rfcxml_notprepped(request, number):
+    number = int(number)
+    if number < settings.FIRST_V3_RFC:
+        raise Http404
+    rfc = Document.objects.filter(type="rfc", rfc_number=number).first()
+    if rfc is None:
+        raise Http404
+    name = f"notprepped/rfc{number}.notprepped.xml"
+    if not StoredObject.objects.filter(name=name).exists():
+        raise Http404
+    try:
+        bytes = retrieve_bytes("rfc", name)
+    except FileNotFoundError:
+        raise Http404
+    return FileResponse(ContentFile(bytes, name=f"rfc{number}.notprepped.xml"), as_attachment=True)
+
+
+def rfcxml_notprepped_wrapper(request, number):
+    number = int(number)
+    if number < settings.FIRST_V3_RFC:
+        raise Http404
+    rfc = Document.objects.filter(type="rfc", rfc_number=number).first()
+    if rfc is None:
+        raise Http404
+    return render(request, "doc/notprepped_wrapper.html", context={"rfc": rfc})
diff --git a/ietf/doc/views_draft.py b/ietf/doc/views_draft.py
index c5faf1140b..0f5ea49f5d 100644
--- a/ietf/doc/views_draft.py
+++ b/ietf/doc/views_draft.py
@@ -1276,15 +1276,6 @@ class PublicationForm(forms.Form):
         if form.is_valid():
             events = []
 
-            # start by notifying the RFC Editor
-            import ietf.sync.rfceditor
-            response, error = ietf.sync.rfceditor.post_approved_draft(settings.RFC_EDITOR_SYNC_NOTIFICATION_URL, doc.name)
-            if error:
-                return render(request, 'doc/draft/rfceditor_post_approved_draft_failed.html',
-                                  dict(name=doc.name,
-                                       response=response,
-                                       error=error))
-
             m.subject = form.cleaned_data["subject"]
             m.body = form.cleaned_data["body"]
             m.save()
diff --git a/ietf/group/serializers.py b/ietf/group/serializers.py
index db3b37af48..e789ba46bf 100644
--- a/ietf/group/serializers.py
+++ b/ietf/group/serializers.py
@@ -20,8 +20,14 @@ class AreaDirectorSerializer(serializers.Serializer):
     Works with Email or Role
     """
 
+    name = serializers.SerializerMethodField()
     email = serializers.SerializerMethodField()
 
+    @extend_schema_field(serializers.CharField)
+    def get_name(self, instance: Email | Role):
+        person = getattr(instance, 'person', None)
+        return person.plain_name() if person else None
+
     @extend_schema_field(serializers.EmailField)
     def get_email(self, instance: Email | Role):
         if isinstance(instance, Role):
diff --git a/ietf/group/tests_info.py b/ietf/group/tests_info.py
index 34f8500854..97ec7ebdb1 100644
--- a/ietf/group/tests_info.py
+++ b/ietf/group/tests_info.py
@@ -27,7 +27,7 @@
 
 from ietf.community.models import CommunityList
 from ietf.community.utils import reset_name_contains_index_for_rule
-from ietf.doc.factories import WgDraftFactory, RgDraftFactory, IndividualDraftFactory, CharterFactory, BallotDocEventFactory
+from ietf.doc.factories import WgDraftFactory, WgRfcFactory, RgDraftFactory, IndividualDraftFactory, CharterFactory, BallotDocEventFactory
 from ietf.doc.models import Document, DocEvent, State
 from ietf.doc.storage_utils import retrieve_str
 from ietf.doc.utils_charter import charter_name_for_group
@@ -396,6 +396,7 @@ def test_group_documents(self):
         draft7 = WgDraftFactory(group=group)
         draft7.set_state(State.objects.get(type='draft', slug='expired'))
         draft7.set_state(State.objects.get(type='draft-stream-%s' % draft7.stream_id, slug='dead')) # Expired WG draft, marked as dead
+        rfc = WgRfcFactory(group=group)
 
         clist = CommunityList.objects.get(group=group)
         related_docs_rule = clist.searchrule_set.get(rule_type='name_contains')
@@ -426,6 +427,12 @@ def test_group_documents(self):
         q = PyQuery(r.content)
         self.assertTrue(any([draft2.name in x.attrib['href'] for x in q('table td a.track-untrack-doc')]))
 
+        # RFC rows must use the RFC number as the sort key so that numeric sort
+        # is not disrupted by the page-count text that precedes the name in the cell.
+        # Draft rows must use the document name.
+        self.assertTrue(q(f'td.doc[data-sort-number="{rfc.rfc_number}"]'))
+        self.assertTrue(q(f'td.doc[data-sort-number="{draft.name}"]'))
+
         # Let's also check the IRTF stream
         rg = GroupFactory(type_id='rg')
         setup_default_community_list_for_group(rg)
@@ -543,6 +550,25 @@ def verify_can_edit_group(url, group, username):
                 for username in list(set(interesting_users)-set(can_edit[group.type_id])):
                     verify_cannot_edit_group(url, group, username)
 
+    def test_group_about_team_parent(self):
+        """Team about page should show parent when parent is not an area"""
+        GroupFactory(type_id='team', parent=GroupFactory(type_id='area', acronym='gen'))
+        GroupFactory(type_id='team', parent=GroupFactory(type_id='ietf', acronym='iab'))
+        GroupFactory(type_id='team', parent=None)
+
+        for team in Group.objects.filter(type='team').select_related('parent'):
+            url = urlreverse('ietf.group.views.group_about', kwargs=dict(acronym=team.acronym))
+            r = self.client.get(url)
+            self.assertEqual(r.status_code, 200)
+            if team.parent and team.parent.type_id != 'area':
+                self.assertContains(r, 'Parent')
+                self.assertContains(r, team.parent.acronym)
+            elif team.parent and team.parent.type_id == 'area':
+                self.assertContains(r, team.parent.name)
+                self.assertNotContains(r, '>Parent<')
+            else:
+                self.assertNotContains(r, '>Parent<')
+
     def test_group_about_personnel(self):
         """Correct personnel should appear on the group About page"""
         group = GroupFactory()
diff --git a/ietf/group/tests_review.py b/ietf/group/tests_review.py
index 89c755bb26..bb9b79a416 100644
--- a/ietf/group/tests_review.py
+++ b/ietf/group/tests_review.py
@@ -888,10 +888,10 @@ def test_requests_history_filter_page(self):
         self.assertEqual(r.status_code, 200)
         self.assertContains(r, review_req.doc.name)
         self.assertContains(r, review_req2.doc.name)
-        self.assertContains(r, 'Assigned')
-        self.assertContains(r, 'Accepted')
-        self.assertContains(r, 'Completed')
-        self.assertContains(r, 'Ready')
+        self.assertContains(r, 'data-text="Assigned"')
+        self.assertContains(r, 'data-text="Accepted"')
+        self.assertContains(r, 'data-text="Completed"')
+        self.assertContains(r, 'data-text="Ready"')
         self.assertContains(r, escape(assignment.reviewer.person.name))
         self.assertContains(r, escape(assignment2.reviewer.person.name))
 
@@ -907,10 +907,10 @@ def test_requests_history_filter_page(self):
             self.assertEqual(r.status_code, 200)
             self.assertContains(r, review_req.doc.name)
             self.assertNotContains(r, review_req2.doc.name)
-            self.assertContains(r, 'Assigned')
-            self.assertNotContains(r, 'Accepted')
-            self.assertNotContains(r, 'Completed')
-            self.assertNotContains(r, 'Ready')
+            self.assertContains(r, 'data-text="Assigned"')
+            self.assertNotContains(r, 'data-text="Accepted"')
+            self.assertNotContains(r, 'data-text="Completed"')
+            self.assertNotContains(r, 'data-text="Ready"')
             self.assertContains(r, escape(assignment.reviewer.person.name))
             self.assertNotContains(r, escape(assignment2.reviewer.person.name))
 
@@ -926,10 +926,10 @@ def test_requests_history_filter_page(self):
             self.assertEqual(r.status_code, 200)
             self.assertNotContains(r, review_req.doc.name)
             self.assertContains(r, review_req2.doc.name)
-            self.assertNotContains(r, 'Assigned')
-            self.assertContains(r, 'Accepted')
-            self.assertContains(r, 'Completed')
-            self.assertContains(r, 'Ready')
+            self.assertNotContains(r, 'data-text="Assigned"')
+            self.assertContains(r, 'data-text="Accepted"')
+            self.assertContains(r, 'data-text="Completed"')
+            self.assertContains(r, 'data-text="Ready"')
             self.assertNotContains(r, escape(assignment.reviewer.person.name))
             self.assertContains(r, escape(assignment2.reviewer.person.name))
 
@@ -940,9 +940,9 @@ def test_requests_history_filter_page(self):
         r = self.client.get(url)
         self.assertEqual(r.status_code, 200)
         self.assertNotContains(r, review_req.doc.name)
-        self.assertNotContains(r, 'Assigned')
-        self.assertNotContains(r, 'Accepted')
-        self.assertNotContains(r, 'Completed')
+        self.assertNotContains(r, 'data-text="Assigned"')
+        self.assertNotContains(r, 'data-text="Accepted"')
+        self.assertNotContains(r, 'data-text="Completed"')
 
     def test_requests_history_invalid_filter_parameters(self):
         # First assignment as assigned
diff --git a/ietf/group/tests_serializers.py b/ietf/group/tests_serializers.py
index bf29e6c8fd..b584a17ae2 100644
--- a/ietf/group/tests_serializers.py
+++ b/ietf/group/tests_serializers.py
@@ -31,7 +31,7 @@ def test_serializes_role(self):
         serialized = AreaDirectorSerializer(role).data
         self.assertEqual(
             serialized,
-            {"email": role.email.email_address()},
+            {"email": role.email.email_address(), "name": role.person.plain_name()},
         )
 
     def test_serializes_email(self):
@@ -40,7 +40,10 @@ def test_serializes_email(self):
         serialized = AreaDirectorSerializer(email).data
         self.assertEqual(
             serialized,
-            {"email": email.email_address()},
+            {
+                "email": email.email_address(),
+                "name": email.person.plain_name() if email.person else None,
+            },
         )
 
 
@@ -63,7 +66,10 @@ def test_serializes_active_area(self):
         self.assertEqual(serialized["name"], area.name)
         self.assertCountEqual(
             serialized["ads"],
-            [{"email": ad.email.email_address()} for ad in ad_roles],
+            [
+                {"email": ad.email.email_address(), "name": ad.person.plain_name()}
+                for ad in ad_roles
+            ],
         )
 
     def test_serializes_inactive_area(self):
diff --git a/ietf/group/views.py b/ietf/group/views.py
index efe3eca15d..8561a5059f 100644
--- a/ietf/group/views.py
+++ b/ietf/group/views.py
@@ -245,10 +245,19 @@ def active_review_dirs(request):
     return render(request, 'group/active_review_dirs.html', {'dirs' : dirs })
 
 def active_teams(request):
-    teams = Group.objects.filter(type="team", state="active").order_by("name")
+    parent_type_order = {"area": 1, "adm": 3, None: 4}
+
+    def team_sort_key(group):
+        type_id = group.parent.type_id if group.parent else None
+        return (parent_type_order.get(type_id, 2), group.parent.name if group.parent else "", group.name)
+
+    teams = sorted(
+        Group.objects.filter(type="team", state="active").select_related("parent"),
+        key=team_sort_key,
+    )
     for group in teams:
         group.chairs = sorted(roles(group, "chair"), key=extract_last_name)
-    return render(request, 'group/active_teams.html', {'teams' : teams })
+    return render(request, 'group/active_teams.html', {'teams': teams})
 
 def active_iab(request):
     iabgroups = Group.objects.filter(type__in=("program","iabasg","iabworkshop"), state="active").order_by("-type_id","name")
diff --git a/ietf/ietfauth/utils.py b/ietf/ietfauth/utils.py
index 0df667fbd2..30d51cddd0 100644
--- a/ietf/ietfauth/utils.py
+++ b/ietf/ietfauth/utils.py
@@ -1,4 +1,4 @@
-# Copyright The IETF Trust 2013-2022, All Rights Reserved
+# Copyright The IETF Trust 2013-2026, All Rights Reserved
 # -*- coding: utf-8 -*-
 
 
@@ -163,6 +163,7 @@ def has_role(user, role_names, *args, **kwargs):
                 | Q(name="atlarge", group__acronym="irsg")
             ),
             "RSAB Member": Q(name="member", group__acronym="rsab"),
+            "LLC Staff": Q(name="member", group__acronym="llc-staff"),
             "Robot": Q(name="robot", group__acronym="secretariat"),
         }
 
diff --git a/ietf/meeting/tests_session_requests.py b/ietf/meeting/tests_session_requests.py
index 0cb092d2f8..42dbee5f23 100644
--- a/ietf/meeting/tests_session_requests.py
+++ b/ietf/meeting/tests_session_requests.py
@@ -236,7 +236,7 @@ def test_edit(self):
         self.assertRedirects(r, redirect_url)
 
         # Check whether updates were stored in the database
-        sessions = Session.objects.filter(meeting=meeting, group=mars)
+        sessions = Session.objects.filter(meeting=meeting, group=mars).order_by("id")
         self.assertEqual(len(sessions), 2)
         session = sessions[0]
         self.assertFalse(session.constraints().filter(name='time_relation'))
diff --git a/ietf/meeting/tests_views.py b/ietf/meeting/tests_views.py
index 168999d0aa..17988e50be 100644
--- a/ietf/meeting/tests_views.py
+++ b/ietf/meeting/tests_views.py
@@ -33,6 +33,7 @@
 from django.http import QueryDict, FileResponse
 from django.template import Context, Template
 from django.utils import timezone
+from django.utils.html import escape
 from django.utils.safestring import mark_safe
 from django.utils.text import slugify
 
@@ -9007,6 +9008,8 @@ def test_proceedings_attendees(self):
            - assert onsite checkedin=True appears, not onsite checkedin=False
            - assert remote attended appears, not remote not attended
            - prefer onsite checkedin=True to remote attended when same person has both
+           - summary stats row shows correct counts
+           - chart data JSON is embedded with correct values
         """
 
         m = MeetingFactory(type_id='ietf', date=datetime.date(2023, 11, 4), number="118")
@@ -9028,6 +9031,17 @@ def test_proceedings_attendees(self):
         text = q('#id_attendees tbody tr').text().replace('\n', ' ')
         self.assertEqual(text, f"A Person {areg.affiliation} {areg.country_code} onsite C Person {creg.affiliation} {creg.country_code} remote")
 
+        # Summary stats row: Onsite / Remote / Total (matches registration.ietf.org)
+        self.assertContains(response, 'Onsite:')
+        self.assertContains(response, 'Remote:')
+        self.assertContains(response, 'Total:')
+        self.assertContains(response, '<strong>1</strong>')   # onsite and remote
+        self.assertContains(response, '<strong>2</strong>')   # total
+
+        # Chart data embedded in page
+        chart_json = json.loads(q('#attendees-chart-data').text())
+        self.assertEqual(chart_json['type'], [['Onsite', 1], ['Remote', 1]])
+
     def test_proceedings_overview(self):
         '''Test proceedings IETF Overview page.
         Note: old meetings aren't supported so need to add a new meeting then test.
@@ -9478,7 +9492,7 @@ def test_session_attendance(self):
         self.assertEqual(r.status_code, 200)  
         self.assertContains(r, '3 attendees')
         for person in persons:
-            self.assertContains(r, person.plain_name())
+            self.assertContains(r, escape(person.plain_name()))
 
         # Test for the "I was there" button.
         def _test_button(person, expected):
@@ -9498,14 +9512,14 @@ def _test_button(person, expected):
         # attempt to POST anyway is ignored
         r = self.client.post(attendance_url)
         self.assertEqual(r.status_code, 200)
-        self.assertNotContains(r, persons[3].plain_name())
+        self.assertNotContains(r, escape(persons[3].plain_name()))
         self.assertEqual(session.attended_set.count(), 3)
         # button is shown, and POST is accepted
         meeting.importantdate_set.update(name_id='revsub',date=date_today() + datetime.timedelta(days=20))
         _test_button(persons[3], True)
         r = self.client.post(attendance_url)
         self.assertEqual(r.status_code, 200)
-        self.assertContains(r, persons[3].plain_name())
+        self.assertContains(r, escape(persons[3].plain_name()))
         self.assertEqual(session.attended_set.count(), 4)
 
         # When the meeting is finalized, a bluesheet file is generated,
diff --git a/ietf/meeting/utils.py b/ietf/meeting/utils.py
index bdf3d3d3d3..10ae0d3667 100644
--- a/ietf/meeting/utils.py
+++ b/ietf/meeting/utils.py
@@ -1025,9 +1025,18 @@ def resolve_materials_for_one_meeting(meeting: Meeting):
         )
 
 def resolve_uploaded_material(meeting: Meeting, doc: Document):
-    resolved = []
+    resolved: list[ResolvedMaterial] = []
+    remove = ResolvedMaterial.objects.none()
     blob = resolve_one_material(doc, rev=None, ext=None)
-    if blob is not None:
+    if blob is None:
+        # Versionless file does not exist. Remove the versionless ResolvedMaterial
+        # if it existed. This is to avoid leaving behind a stale link to a replaced
+        # version. This comes up e.g. if a ProceedingsMaterial is changed from having
+        # an uploaded file to being an external URL.
+        remove = ResolvedMaterial.objects.filter(
+            name=doc.name, meeting_number=meeting.number
+        )
+    else:
         resolved.append(
             ResolvedMaterial(
                 name=doc.name,
@@ -1047,12 +1056,15 @@ def resolve_uploaded_material(meeting: Meeting, doc: Document):
                 blob=blob.name,
             )
         )
+    # Create the new record(s) 
     ResolvedMaterial.objects.bulk_create(
         resolved,
         update_conflicts=True,
         unique_fields=["name", "meeting_number"],
         update_fields=["bucket", "blob"],
     )
+    # and remove one if necessary (will be a none() queryset if not)
+    remove.delete()
 
 
 def store_blob_for_one_material_file(doc: Document, rev: str, filepath: Path):
diff --git a/ietf/meeting/views.py b/ietf/meeting/views.py
index 731dfad88f..67a81305b4 100644
--- a/ietf/meeting/views.py
+++ b/ietf/meeting/views.py
@@ -109,7 +109,7 @@
 from ietf.meeting.utils import get_activity_stats, post_process, create_recording, delete_recording
 from ietf.meeting.utils import participants_for_meeting, generate_bluesheet, bluesheet_data, save_bluesheet
 from ietf.message.utils import infer_message
-from ietf.name.models import SlideSubmissionStatusName, ProceedingsMaterialTypeName, SessionPurposeName
+from ietf.name.models import SlideSubmissionStatusName, ProceedingsMaterialTypeName, SessionPurposeName, CountryName
 from ietf.utils import markdown
 from ietf.utils.decorators import require_api_key
 from ietf.utils.hedgedoc import Note, NoteError
@@ -4812,15 +4812,36 @@ def proceedings_attendees(request, num=None):
     template = None
     registrations = None
 
+    stats = None
+    chart_data = None
+
     if int(meeting.number) >= 118:
         checked_in, attended = participants_for_meeting(meeting)
         regs = list(Registration.objects.onsite().filter(meeting__number=num, checkedin=True))
-
-        for reg in Registration.objects.remote().filter(meeting__number=num).select_related('person'):
-            if reg.person.pk in attended and reg.person.pk not in checked_in:
-                regs.append(reg)
+        onsite_count = len(regs)
+        regs += [
+            reg
+            for reg in Registration.objects.remote().filter(meeting__number=num).select_related('person')
+            if reg.person.pk in attended and reg.person.pk not in checked_in
+        ]
+        remote_count = len(regs) - onsite_count
 
         registrations = sorted(regs, key=lambda x: (x.last_name, x.first_name))
+
+        country_codes = [r.country_code for r in registrations if r.country_code]
+        stats = {
+            'total': onsite_count + remote_count,
+            'onsite': onsite_count,
+            'remote': remote_count,
+        }
+
+        code_to_name = dict(CountryName.objects.values_list('slug', 'name'))
+        country_counts = Counter(code_to_name.get(c, c) for c in country_codes).most_common()
+
+        chart_data = {
+            'type': [['Onsite', onsite_count], ['Remote', remote_count]],
+            'countries': country_counts,
+        }
     else:
         overview_template = "/meeting/proceedings/%s/attendees.html" % meeting.number
         try:
@@ -4832,6 +4853,8 @@ def proceedings_attendees(request, num=None):
         'meeting': meeting,
         'registrations': registrations,
         'template': template,
+        'stats': stats,
+        'chart_data': chart_data,
     })
 
 def proceedings_overview(request, num=None):
diff --git a/ietf/meeting/views_proceedings.py b/ietf/meeting/views_proceedings.py
index d1169bff2d..639efa1da4 100644
--- a/ietf/meeting/views_proceedings.py
+++ b/ietf/meeting/views_proceedings.py
@@ -14,7 +14,7 @@
 from ietf.meeting.models import Meeting, MeetingHost
 from ietf.meeting.helpers import get_meeting
 from ietf.name.models import ProceedingsMaterialTypeName
-from ietf.meeting.utils import handle_upload_file
+from ietf.meeting.utils import handle_upload_file, resolve_uploaded_material
 from ietf.utils.text import xslugify
 
 class UploadProceedingsMaterialForm(FileUploadForm):
@@ -150,7 +150,7 @@ def save_proceedings_material_doc(meeting, material_type, title, request, file=N
 
     if events:
         doc.save_with_history(events)
-
+    resolve_uploaded_material(meeting, doc)
     return doc
 
 
diff --git a/ietf/name/fixtures/names.json b/ietf/name/fixtures/names.json
index 64e26e503a..798fa9178e 100644
--- a/ietf/name/fixtures/names.json
+++ b/ietf/name/fixtures/names.json
@@ -666,7 +666,7 @@
   },
   {
     "fields": {
-      "desc": "The individual submission document has been adopted by the Working Group (WG), but a WG document replacing this document with the typical naming convention of 'draft- ietf-wgname-topic-nn' has not yet been submitted.",
+      "desc": "The individual submission document has been adopted by the Working Group (WG), but some administrative matter still needs to be completed (e.g., a WG document replacing this document with the typical naming convention of 'draft-ietf-wgname-topic-nn' has not yet been submitted).",
       "name": "Adopted by a WG",
       "next_states": [
         38
@@ -694,7 +694,7 @@
   },
   {
     "fields": {
-      "desc": "The document has been adopted by the Working Group (WG) and is under development.  A document can only be adopted by one WG at a time.  However, a document may be transferred between WGs.",
+      "desc": "The document has been identified as a Working Group (WG) document and is under development per Section 7.2 of RFC2418.",
       "name": "WG Document",
       "next_states": [
         39,
@@ -759,7 +759,7 @@
   },
   {
     "fields": {
-      "desc": "The Working Group (WG) document has completed Working Group Last Call (WGLC), but the WG chair(s) are not yet ready to call consensus on the document. The reasons for this may include comments from the WGLC need to be responded to, or a revision to the document is needed",
+      "desc": "The Working Group (WG) document has completed Working Group Last Call (WGLC), but the WG chairs are not yet ready to call consensus on the document. The reasons for this may include comments from the WGLC need to be responded to, or a revision to the document is needed.",
       "name": "Waiting for WG Chair Go-Ahead",
       "next_states": [
         41,
@@ -790,7 +790,7 @@
   },
   {
     "fields": {
-      "desc": "The Working Group (WG) document has left the WG and been submitted to the Internet Engineering Steering Group (IESG) for evaluation and publication.  See the “IESG State” or “RFC Editor State” for further details on the state of the document.",
+      "desc": "The Working Group (WG) document has been submitted to the Internet Engineering Steering Group (IESG) for evaluation and publication per Section 7.4 of RFC2418.  See the “IESG State” or “RFC Editor State” for further details on the state of the document.",
       "name": "Submitted to IESG for Publication",
       "next_states": [
         38
@@ -2656,6 +2656,32 @@
     "model": "doc.state",
     "pk": 183
   },
+  {
+    "fields": {
+      "desc": "",
+      "name": "In Progress",
+      "next_states": [],
+      "order": 0,
+      "slug": "in_progress",
+      "type": "draft-rfceditor",
+      "used": true
+    },
+    "model": "doc.state",
+    "pk": 216
+  },
+  {
+    "fields": {
+      "desc": "",
+      "name": "Blocked",
+      "next_states": [],
+      "order": 0,
+      "slug": "blocked",
+      "type": "draft-rfceditor",
+      "used": true
+    },
+    "model": "doc.state",
+    "pk": 217
+  },
   {
     "fields": {
       "label": "State"
@@ -5816,6 +5842,20 @@
     "model": "mailtrigger.mailtrigger",
     "pk": "review_completed_artart_telechat"
   },
+  {
+    "fields": {
+      "cc": [
+        "review_doc_all_parties",
+        "review_doc_group_mail_list"
+      ],
+      "desc": "Recipients when a bgpdir Early review is completed",
+      "to": [
+        "review_team_mail_list"
+      ]
+    },
+    "model": "mailtrigger.mailtrigger",
+    "pk": "review_completed_bgpdir_early"
+  },
   {
     "fields": {
       "cc": [
@@ -6124,6 +6164,20 @@
     "model": "mailtrigger.mailtrigger",
     "pk": "review_completed_opsdir_telechat"
   },
+  {
+    "fields": {
+      "cc": [
+        "review_doc_all_parties",
+        "review_doc_group_mail_list"
+      ],
+      "desc": "Recipients when a perfmetrdir Early review is completed",
+      "to": [
+        "review_team_mail_list"
+      ]
+    },
+    "model": "mailtrigger.mailtrigger",
+    "pk": "review_completed_perfmetrdir_early"
+  },
   {
     "fields": {
       "cc": [
@@ -14038,6 +14092,16 @@
     "model": "name.reviewresultname",
     "pk": "almost-ready"
   },
+  {
+    "fields": {
+      "desc": "",
+      "name": "Clarification Needed",
+      "order": 10,
+      "used": true
+    },
+    "model": "name.reviewresultname",
+    "pk": "clarification-needed"
+  },
   {
     "fields": {
       "desc": "",
@@ -17757,5 +17821,13 @@
     },
     "model": "stats.countryalias",
     "pk": 303
+  },
+  {
+    "fields": {
+      "alias": "czechia",
+      "country": "CZ"
+    },
+    "model": "stats.countryalias",
+    "pk": 304
   }
 ]
diff --git a/ietf/nomcom/tests.py b/ietf/nomcom/tests.py
index 210788ce07..28152ef79b 100644
--- a/ietf/nomcom/tests.py
+++ b/ietf/nomcom/tests.py
@@ -1640,6 +1640,20 @@ def test_feedback_topic_badges(self):
         q = PyQuery(response.content)
         self.assertEqual( len(q('.text-bg-success')), 0 )
 
+    def test_feedback_index_sort_keys(self):
+        url = reverse('ietf.nomcom.views.view_feedback', kwargs={'year': self.nc.year()})
+        login_testing_unauthorized(self, self.member.user.username, url)
+        provide_private_key_to_test_client(self)
+        response = self.client.get(url)
+        self.assertEqual(response.status_code, 200)
+        q = PyQuery(response.content)
+        # Feedback count cells must carry a numeric data-sort-number so that
+        # a "New" badge appearing before the count doesn't corrupt the sort key.
+        sort_cells = q('td[data-sort-number]')
+        self.assertTrue(len(sort_cells) > 0)
+        for cell in sort_cells.items():
+            self.assertRegex(cell.attr('data-sort-number'), r'^\d+$')
+
 class NewActiveNomComTests(TestCase):
 
     def setUp(self):
diff --git a/ietf/person/templatetags/person_filters.py b/ietf/person/templatetags/person_filters.py
index 017b29c63a..a7a6e8193a 100644
--- a/ietf/person/templatetags/person_filters.py
+++ b/ietf/person/templatetags/person_filters.py
@@ -50,6 +50,7 @@ def person_link(person, **kwargs):
     title = kwargs.get("title", "")
     cls = kwargs.get("class", "")
     with_email = kwargs.get("with_email", True)
+    titlepage_name = kwargs.get("titlepage_name", None)
     if person is not None:
         plain_name = person.plain_name()
         name = (
@@ -61,6 +62,7 @@ def person_link(person, **kwargs):
         return {
             "name": name,
             "plain_name": plain_name,
+            "titlepage_name": titlepage_name,
             "email": email,
             "title": title,
             "class": cls,
diff --git a/ietf/person/templatetags/tests.py b/ietf/person/templatetags/tests.py
index 327cfad6ce..7c35fd6b69 100644
--- a/ietf/person/templatetags/tests.py
+++ b/ietf/person/templatetags/tests.py
@@ -1,4 +1,6 @@
 # Copyright The IETF Trust 2022, All Rights Reserved
+from django.template.loader import render_to_string
+
 from ietf.person.factories import PersonFactory
 from ietf.utils.test_utils import TestCase
 
@@ -8,7 +10,6 @@
 class PersonLinkTests(TestCase):
     # Tests of the person_link template tag. These assume it is implemented as an
     # inclusion tag.
-    # TODO test that the template actually renders the data in the dict
     def test_person_link(self):
         person = PersonFactory()
         self.assertEqual(
@@ -16,6 +17,7 @@ def test_person_link(self):
             {
                 'name': person.name,
                 'plain_name': person.plain_name(),
+                'titlepage_name': None,
                 'email': person.email_address(),
                 'title': '',
                 'class': '',
@@ -27,6 +29,7 @@ def test_person_link(self):
             {
                 'name': person.name,
                 'plain_name': person.plain_name(),
+                'titlepage_name': None,
                 'email': person.email_address(),
                 'title': '',
                 'class': '',
@@ -38,6 +41,7 @@ def test_person_link(self):
             {
                 'name': person.name,
                 'plain_name': person.plain_name(),
+                'titlepage_name': None,
                 'email': person.email_address(),
                 'title': 'Random Title',
                 'class': '',
@@ -50,12 +54,71 @@ def test_person_link(self):
             {
                 'name': person.name,
                 'plain_name': person.plain_name(),
+                'titlepage_name': None,
                 'email': person.email_address(),
                 'title': '',
                 'class': 'some-class',
                 'with_email': True,
             }
         )
+        self.assertEqual(
+            person_link(person, titlepage_name='G. Surname'),
+            {
+                'name': person.name,
+                'plain_name': person.plain_name(),
+                'titlepage_name': 'G. Surname',
+                'email': person.email_address(),
+                'title': '',
+                'class': '',
+                'with_email': True,
+            }
+        )
+
+    def test_person_link_renders(self):
+        """Verifies person/person_link.html renders context dict values correctly."""
+        person = PersonFactory()
+        name = person.name
+        email = person.email_address()
+        base_context = {
+            'name': name,
+            'plain_name': person.plain_name(),
+            'titlepage_name': None,
+            'email': email,
+            'title': '',
+            'class': '',
+            'with_email': True,
+        }
+
+        # Default: name is used as link text with default title attribute
+        html = render_to_string('person/person_link.html', base_context)
+        self.assertIn(f'>{name}</a>', html)
+        self.assertIn(f'Datatracker profile of {name}', html)
+        self.assertIn('bi-envelope', html)
+
+        # titlepage_name overrides name as link text
+        html = render_to_string('person/person_link.html', {**base_context, 'titlepage_name': 'G. Surname'})
+        self.assertIn('>G. Surname</a>', html)
+        self.assertNotIn(f'>{name}</a>', html)
+
+        # with_email=False suppresses the envelope link
+        html = render_to_string('person/person_link.html', {**base_context, 'with_email': False})
+        self.assertNotIn('bi-envelope', html)
+
+        # Custom title appears in the anchor title attribute
+        html = render_to_string('person/person_link.html', {**base_context, 'title': 'Special Title'})
+        self.assertIn('title="Special Title"', html)
+
+        # Empty context (None person) renders (None)
+        self.assertInHTML(
+            '<span class="text-body-secondary">(None)</span>',
+            render_to_string('person/person_link.html', {}),
+        )
+
+        # System email renders (System)
+        self.assertInHTML(
+            '<span class="text-body-secondary">(System)</span>',
+            render_to_string('person/person_link.html', {'email': 'system@datatracker.ietf.org', 'name': ''}),
+        )
 
     def test_invalid_person(self):
         """Generates correct context dict when input is invalid/missing"""
diff --git a/ietf/settings.py b/ietf/settings.py
index 71b110d762..d509a877c6 100644
--- a/ietf/settings.py
+++ b/ietf/settings.py
@@ -1,4 +1,4 @@
-# Copyright The IETF Trust 2007-2025, All Rights Reserved
+# Copyright The IETF Trust 2007-2026, All Rights Reserved
 # -*- coding: utf-8 -*-
 
 
@@ -13,6 +13,7 @@
 import warnings
 from hashlib import sha384
 from typing import Any, Dict, List, Tuple # pyflakes:ignore
+from django.http import UnreadablePostError
 
 # DeprecationWarnings are suppressed by default, enable them
 warnings.simplefilter("always", DeprecationWarning)
@@ -230,159 +231,122 @@
 AGENDA_CACHE_TIMEOUT_DEFAULT = 8 * 24 * 60 * 60  # 8 days
 AGENDA_CACHE_TIMEOUT_CURRENT_MEETING = 6 * 60  # 6 minutes
 
+
 WSGI_APPLICATION = "ietf.wsgi.application"
 
 AUTHENTICATION_BACKENDS = ( 'ietf.ietfauth.backends.CaseInsensitiveModelBackend', )
 
-FILE_UPLOAD_PERMISSIONS = 0o644          
+FILE_UPLOAD_PERMISSIONS = 0o644
 
-# ------------------------------------------------------------------------
-# Django/Python Logging Framework Modifications
+FIRST_V3_RFC = 8650
 
-# Filter out "Invalid HTTP_HOST" emails
-# Based on http://www.tiwoc.de/blog/2013/03/django-prevent-email-notification-on-suspiciousoperation/
-from django.core.exceptions import SuspiciousOperation
-def skip_suspicious_operations(record):
-    if record.exc_info:
-        exc_value = record.exc_info[1]
-        if isinstance(exc_value, SuspiciousOperation):
-            return False
-    return True
 
-# Filter out UreadablePostError:
-from django.http import UnreadablePostError
+#
+# Logging config
+#
+
+# Callback to filter out UnreadablePostError:
 def skip_unreadable_post(record):
     if record.exc_info:
-        exc_type, exc_value = record.exc_info[:2] # pylint: disable=unused-variable
+        exc_type, exc_value = record.exc_info[:2]  # pylint: disable=unused-variable
         if isinstance(exc_value, UnreadablePostError):
             return False
     return True
 
-# Copied from DEFAULT_LOGGING as of Django 1.10.5 on 22 Feb 2017, and modified
-# to incorporate html logging, invalid http_host filtering, and more.
-# Changes from the default has comments.
-
-# The Python logging flow is as follows:
-# (see https://docs.python.org/2.7/howto/logging.html#logging-flow)
-#
-#   Init: get a Logger: logger = logging.getLogger(name)
-#
-#   Logging call, e.g. logger.error(level, msg, *args, exc_info=(...), extra={...})
-#   --> Logger (discard if level too low for this logger)
-#       (create log record from level, msg, args, exc_info, extra)
-#       --> Filters (discard if any filter attach to logger rejects record)
-#           --> Handlers (discard if level too low for handler)
-#               --> Filters (discard if any filter attached to handler rejects record)
-#                   --> Formatter (format log record and emit)
-#
-
 LOGGING = {
-    'version': 1,
-    'disable_existing_loggers': False,
-    #
-    'loggers': {
-        'django': {
-            'handlers': ['console', 'mail_admins'],
-            'level': 'INFO',
+    "version": 1,
+    "disable_existing_loggers": False,
+    "loggers": {
+        "celery": {
+            "handlers": ["console"],
+            "level": "INFO",
         },
-        'django.request': {
-            'handlers': ['console'],
-            'level': 'ERROR',
+        "datatracker": {
+            "handlers": ["console"],
+            "level": "INFO",
         },
-        'django.server': {
-            'handlers': ['django.server'],
-            'level': 'INFO',
+        "django": {
+            "handlers": ["console", "mail_admins"],
+            "level": "INFO",
         },
-        'django.security': {
-            'handlers': ['console', ],
-            'level': 'INFO',
+        "django.request": {"level": "ERROR"},  # only log 5xx, ignore 4xx
+        "django.security": {
+            # SuspiciousOperation errors - log to console only
+            "handlers": ["console"],
+            "propagate": False,  # no further handling please
         },
-        'oidc_provider': {
-            'handlers': ['console', ],
-            'level': 'DEBUG',
+        "django.server": {
+            # Only used by Django's runserver development server
+            "handlers": ["django.server"],
+            "level": "INFO",
         },
-        'datatracker': {
-            'handlers': ['console'],
-            'level': 'INFO',
-        },
-        'celery': {
-            'handlers': ['console'],
-            'level': 'INFO',
+        "oidc_provider": {
+            "handlers": ["console"],
+            "level": "DEBUG",
         },
     },
-    #
-    # No logger filters
-    #
-    'handlers': {
-        'console': {
-            'level': 'DEBUG',
-            'class': 'logging.StreamHandler',
-            'formatter': 'plain',
+    "handlers": {
+        "console": {
+            "level": "DEBUG",
+            "class": "logging.StreamHandler",
+            "formatter": "plain",
         },
-        'debug_console': {
-            # Active only when DEBUG=True
-            'level': 'DEBUG',
-            'filters': ['require_debug_true'],
-            'class': 'logging.StreamHandler',
-            'formatter': 'plain',
+        "debug_console": {
+            "level": "DEBUG",
+            "filters": ["require_debug_true"],
+            "class": "logging.StreamHandler",
+            "formatter": "plain",
         },
-        'django.server': {
-            'level': 'INFO',
-            'class': 'logging.StreamHandler',
-            'formatter': 'django.server',
+        "django.server": {
+            "level": "INFO",
+            "class": "logging.StreamHandler",
+            "formatter": "django.server",
         },
-        'mail_admins': {
-            'level': 'ERROR',
-            'filters': [
-                'require_debug_false',
-                'skip_suspicious_operations', # custom
-                'skip_unreadable_posts', # custom
+        "mail_admins": {
+            "level": "ERROR",
+            "filters": [
+                "require_debug_false",
+                "skip_unreadable_posts",
             ],
-            'class': 'django.utils.log.AdminEmailHandler',
-            'include_html': True,       # non-default
-        }
+            "class": "django.utils.log.AdminEmailHandler",
+            "include_html": True,
+        },
     },
-    #
     # All these are used by handlers
-    'filters': {
-        'require_debug_false': {
-            '()': 'django.utils.log.RequireDebugFalse',
+    "filters": {
+        "require_debug_false": {
+            "()": "django.utils.log.RequireDebugFalse",
         },
-        'require_debug_true': {
-            '()': 'django.utils.log.RequireDebugTrue',
+        "require_debug_true": {
+            "()": "django.utils.log.RequireDebugTrue",
         },
         # custom filter, function defined above:
-        'skip_suspicious_operations': {
-            '()': 'django.utils.log.CallbackFilter',
-            'callback': skip_suspicious_operations,
-        },
-        # custom filter, function defined above:
-        'skip_unreadable_posts': {
-            '()': 'django.utils.log.CallbackFilter',
-            'callback': skip_unreadable_post,
+        "skip_unreadable_posts": {
+            "()": "django.utils.log.CallbackFilter",
+            "callback": skip_unreadable_post,
         },
     },
-    # And finally the formatters
-    'formatters': {
-        'django.server': {
-            '()': 'django.utils.log.ServerFormatter',
-            'format': '[%(server_time)s] %(message)s',
+    "formatters": {
+        "django.server": {
+            "()": "django.utils.log.ServerFormatter",
+            "format": "[{server_time}] {message}",
+            "style": "{",
         },
-        'plain': {
-            'style': '{',
-            'format': '{levelname}: {name}:{lineno}: {message}',
+        "plain": {
+            "style": "{",
+            "format": "{levelname}: {name}:{lineno}: {message}",
         },
-        'json' : {
+        "json": {
             "class": "ietf.utils.jsonlogger.DatatrackerJsonFormatter",
             "style": "{",
-            "format": "{asctime}{levelname}{message}{name}{pathname}{lineno}{funcName}{process}",
-        }
+            "format": (
+                "{asctime}{levelname}{message}{name}{pathname}{lineno}{funcName}"
+                "{process}{status_code}"
+            ),
+        },
     },
 }
 
-# End logging
-# ------------------------------------------------------------------------
-
 
 X_FRAME_OPTIONS = 'SAMEORIGIN'
 CSRF_TRUSTED_ORIGINS = [
@@ -838,6 +802,11 @@ def skip_unreadable_post(record):
     "slides",
 ]
 
+# Other storages
+STORAGES["red_bucket"] = {
+    "BACKEND": "django.core.files.storage.InMemoryStorage",
+    "OPTIONS": {"location": "red_bucket"},
+}
 
 # Override this in settings_local.py if needed
 # *_PATH variables ends with a slash/ .
@@ -925,16 +894,15 @@ def skip_unreadable_post(record):
 IANA_SYNC_CHANGES_URL = "https://datatracker.iana.org:4443/data-tracker/changes"
 IANA_SYNC_PROTOCOLS_URL = "https://www.iana.org/protocols/"
 
-RFC_EDITOR_SYNC_PASSWORD="secret"
-RFC_EDITOR_SYNC_NOTIFICATION_URL = "https://www.rfc-editor.org/parser/parser.php"
 RFC_EDITOR_GROUP_NOTIFICATION_EMAIL = "webmaster@rfc-editor.org"
-#RFC_EDITOR_GROUP_NOTIFICATION_URL = "https://www.rfc-editor.org/notification/group.php"
 RFC_EDITOR_QUEUE_URL = "https://www.rfc-editor.org/queue2.xml"
 RFC_EDITOR_INDEX_URL = "https://www.rfc-editor.org/rfc/rfc-index.xml"
 RFC_EDITOR_ERRATA_JSON_URL = "https://www.rfc-editor.org/errata.json"
-RFC_EDITOR_ERRATA_URL = "https://www.rfc-editor.org/errata_search.php?rfc={rfc_number}"
 RFC_EDITOR_INLINE_ERRATA_URL = "https://www.rfc-editor.org/rfc/inline-errata/rfc{rfc_number}.html"
+RFC_EDITOR_ERRATA_BASE_URL = "https://www.rfc-editor.org/errata/"
 RFC_EDITOR_INFO_BASE_URL = "https://www.rfc-editor.org/info/"
+RFC_EDITOR_QUEUE_SITE_BASE_URL = "https://queue.rfc-editor.org"
+
 
 # NomCom Tool settings
 ROLODEX_URL = ""
@@ -1009,6 +977,10 @@ def skip_unreadable_post(record):
 )
 RFC_FILE_TYPES = IDSUBMIT_FILE_TYPES
 
+# Paths in the red bucket
+RFCINDEX_INPUT_PATH = "other/"
+RFCINDEX_OUTPUT_PATH = "other/"
+
 IDSUBMIT_MAX_DRAFT_SIZE =  {
     'txt':  2*1024*1024,  # Max size of txt draft file in bytes
     'xml':  3*1024*1024,  # Max size of xml draft file in bytes
@@ -1292,7 +1264,10 @@ def skip_unreadable_post(record):
     'patch/change-oidc-provider-field-sizes-228.patch',
     'patch/fix-oidc-access-token-post.patch',
     'patch/fix-jwkest-jwt-logging.patch',
-    'patch/django-cookie-delete-with-all-settings.patch',
+    # Patch includes old cookie-delete-with-all-settings and a backport of the fix
+    # to CVE-2026-35192 from Django 5.2. The patches conflict, so cannot be applied
+    # separately.
+    'patch/django-cookie-delete-settings-and-CVE-2026-35192.patch',
     'patch/tastypie-django22-fielderror-response.patch',
 ]
 if DEBUG:
@@ -1302,7 +1277,7 @@ def skip_unreadable_post(record):
     except ImportError:
         pass
 
-STATS_NAMES_LIMIT = 25
+STATS_TIMELINE_CACHE_TIMEOUT = 86400
 
 UTILS_MEETING_CONFERENCE_DOMAINS = ['webex.com', 'zoom.us', 'jitsi.org', 'meetecho.com', 'gather.town', ]
 UTILS_TEST_RANDOM_STATE_FILE = '.factoryboy_random_state'
@@ -1570,3 +1545,5 @@ def skip_unreadable_post(record):
 
 
 YOUTUBE_DOMAINS = ['www.youtube.com', 'youtube.com', 'youtu.be', 'm.youtube.com', 'youtube-nocookie.com', 'www.youtube-nocookie.com']
+
+IETF_DOI_PREFIX = "10.17487"
diff --git a/ietf/settings_test.py b/ietf/settings_test.py
index 6479069db0..e7ebc13eb2 100755
--- a/ietf/settings_test.py
+++ b/ietf/settings_test.py
@@ -14,7 +14,7 @@
 import shutil
 import tempfile
 from ietf.settings import *                                          # pyflakes:ignore
-from ietf.settings import ORIG_AUTH_PASSWORD_VALIDATORS
+from ietf.settings import ORIG_AUTH_PASSWORD_VALIDATORS, STORAGES
 import debug                            # pyflakes:ignore
 debug.debug = True
 
@@ -114,3 +114,13 @@ def tempdir_with_cleanup(**kwargs):
     AUTH_PASSWORD_VALIDATORS = ORIG_AUTH_PASSWORD_VALIDATORS
 except NameError:
     pass
+
+# Use InMemoryStorage for red bucket and r2-rfc storages
+STORAGES["red_bucket"] = {
+    "BACKEND": "django.core.files.storage.InMemoryStorage",
+    "OPTIONS": {"location": "red_bucket"},
+}
+STORAGES["r2-rfc"] = {
+    "BACKEND": "django.core.files.storage.InMemoryStorage",
+    "OPTIONS": {"location": "r2-rfc"},
+}
diff --git a/ietf/static/css/ietf.scss b/ietf/static/css/ietf.scss
index df973863d5..b8c701eae1 100644
--- a/ietf/static/css/ietf.scss
+++ b/ietf/static/css/ietf.scss
@@ -46,6 +46,11 @@ $bootstrap-icons-font-src: url("npm:bootstrap-icons/font/fonts/bootstrap-icons.w
 url("npm:bootstrap-icons/font/fonts/bootstrap-icons.woff") format("woff");
 @import "bootstrap-icons/font/bootstrap-icons";
 
+// Disable contextual alternates (calt)
+body {
+  font-feature-settings: "calt" off;
+}
+
 // Leave room for fixed-top navbar...
 body.navbar-offset {
     padding-top: 60px;
@@ -1216,3 +1221,20 @@ iframe.status {
 .overflow-shadows--bottom-only {
     box-shadow: inset 0px -21px 18px -20px var(--bs-body-color);
 }
+
+#navbar-doc-search-wrapper {
+    position: relative;
+}
+
+#navbar-doc-search-results {
+    max-height: 400px;
+    overflow-y: auto;
+    min-width: auto;
+    left: 0;
+    right: 0;
+
+    .dropdown-item {
+        white-space: normal;
+        overflow-wrap: break-word;
+    }
+}
diff --git a/ietf/static/js/attendees-chart.js b/ietf/static/js/attendees-chart.js
new file mode 100644
index 0000000000..fed3b1289c
--- /dev/null
+++ b/ietf/static/js/attendees-chart.js
@@ -0,0 +1,58 @@
+(function () {
+    var raw = document.getElementById('attendees-chart-data');
+    if (!raw) return;
+    var chartData = JSON.parse(raw.textContent);
+    var chart = null;
+    var currentBreakdown = 'type';
+
+    // Override the global transparent background set by highcharts.js so the
+    // export menu and fullscreen view use the page background color.
+    var container = document.getElementById('attendees-pie-chart');
+    var bodyBg = getComputedStyle(document.body).backgroundColor;
+    container.style.setProperty('--highcharts-background-color', bodyBg);
+
+    function renderChart(breakdown) {
+        var seriesData = chartData[breakdown].map(function (item) {
+            return { name: item[0], y: item[1] };
+        });
+        if (chart) chart.destroy();
+        chart = Highcharts.chart(container, {
+            chart: { type: 'pie', height: 400 },
+            title: { text: null },
+            tooltip: { pointFormat: '{point.name}: <b>{point.y}</b> ({point.percentage:.1f}%)' },
+            plotOptions: {
+                pie: {
+                    dataLabels: {
+                        enabled: true,
+                        format: '<b>{point.name}</b><br>{point.y} ({point.percentage:.1f}%)',
+                    },
+                    showInLegend: false,
+                }
+            },
+            series: [{ name: 'Attendees', data: seriesData }],
+        });
+    }
+
+    var modal = document.getElementById('attendees-chart-modal');
+
+    // Render (or re-render) the chart each time the modal becomes fully visible,
+    // so Highcharts can measure the container dimensions correctly.
+    modal.addEventListener('shown.bs.modal', function () {
+        renderChart(currentBreakdown);
+    });
+
+    // Release the chart when the modal closes to avoid stale renders.
+    modal.addEventListener('hidden.bs.modal', function () {
+        if (chart) {
+            chart.destroy();
+            chart = null;
+        }
+    });
+
+    document.querySelectorAll('[name="attendees-breakdown"]').forEach(function (radio) {
+        radio.addEventListener('change', function () {
+            currentBreakdown = this.value;
+            renderChart(currentBreakdown);
+        });
+    });
+})();
diff --git a/ietf/static/js/document_html.js b/ietf/static/js/document_html.js
index 6e8861739a..3e609f3965 100644
--- a/ietf/static/js/document_html.js
+++ b/ietf/static/js/document_html.js
@@ -117,4 +117,83 @@ document.addEventListener("DOMContentLoaded", function (event) {
                 }
             });
     }
+
+    // Rewrite these CSS properties so that the values are available for restyling.
+    document.querySelectorAll("svg [style]").forEach(el => {
+        // Push these CSS properties into their own attributes
+        const SVG_PRESENTATION_ATTRS = new Set([
+            'alignment-baseline', 'baseline-shift', 'clip', 'clip-path', 'clip-rule',
+            'color', 'color-interpolation', 'color-interpolation-filters',
+            'color-rendering', 'cursor', 'direction', 'display', 'dominant-baseline',
+            'fill', 'fill-opacity', 'fill-rule', 'filter', 'flood-color',
+            'flood-opacity', 'font-family', 'font-size', 'font-size-adjust',
+            'font-stretch', 'font-style', 'font-variant', 'font-weight',
+            'image-rendering', 'letter-spacing', 'lighting-color', 'marker-end',
+            'marker-mid', 'marker-start', 'mask', 'opacity', 'overflow', 'paint-order',
+            'pointer-events', 'shape-rendering', 'stop-color', 'stop-opacity',
+            'stroke', 'stroke-dasharray', 'stroke-dashoffset', 'stroke-linecap',
+            'stroke-linejoin', 'stroke-miterlimit', 'stroke-opacity', 'stroke-width',
+            'text-anchor', 'text-decoration', 'text-rendering', 'unicode-bidi',
+            'vector-effect', 'visibility', 'word-spacing', 'writing-mode',
+        ]);
+
+        // Simple CSS splitter: respects quoted strings and parens so semicolons
+        // inside url(...) or "..." don't get treated as declaration boundaries.
+        function parseDeclarations(styleText) {
+            const decls = [];
+            let buf = '';
+            let inStr = false;
+            let strChar = '';
+            let escaped = false;
+            let depth = 0;
+
+            for (const ch of styleText) {
+                if (inStr) {
+                    if (escaped) {
+                        escaped = false;
+                    } else if (ch === '\\') {
+                        escaped = true;
+                    } else if (ch === strChar) {
+                        inStr = false;
+                    }
+                } else if (ch === '"' || ch === "'") {
+                    inStr = true;
+                    strChar = ch;
+                } else if (ch === '(') {
+                    depth++;
+                } else if (ch === ')') {
+                    depth--;
+                } else if (ch === ';' && depth === 0) {
+                    const trimmed = buf.trim();
+                    if (trimmed) {
+                        decls.push(trimmed);
+                    }
+                    buf = '';
+                    continue;
+                }
+                buf += ch;
+            }
+            const trimmed = buf.trim();
+            if (trimmed) {
+                decls.push(trimmed);
+            }
+            return decls;
+        }
+
+        const remainder = [];
+        for (const decl of parseDeclarations(el.getAttribute('style'))) {
+            const [prop, val] = decl.split(":", 2).map(v => v.trim());
+            if (val && !/!important$/.test(val) && SVG_PRESENTATION_ATTRS.has(prop)) {
+                el.setAttribute(prop, val);
+            } else {
+                remainder.push(decl);
+            }
+        }
+
+        if (remainder.length > 0) {
+            el.setAttribute('style', remainder.join('; '));
+        } else {
+            el.removeAttribute('style');
+        }
+    });
 });
diff --git a/ietf/static/js/meeting_stats.js b/ietf/static/js/meeting_stats.js
new file mode 100644
index 0000000000..cf43d08eb8
--- /dev/null
+++ b/ietf/static/js/meeting_stats.js
@@ -0,0 +1,58 @@
+// Copyright The IETF Trust 2026, All Rights Reserved
+import Chart from 'chart.js/auto'
+import autocolors from 'chartjs-plugin-autocolors'
+
+document.addEventListener('DOMContentLoaded', () => {
+    Chart.register(autocolors)
+    // ── Safely parse JSON data injected from Django view ──
+    const totalChartData = JSON.parse(document.getElementById('total-chart-data').textContent)
+    const inPersonChartData = JSON.parse(document.getElementById('in-person-chart-data').textContent)
+
+    function displayChart (id, data) {
+        const ctx = document.getElementById(id).getContext('2d')
+        new Chart(ctx, {
+            type: 'pie',   // Change to 'doughnut' for a donut chart
+            data: data,
+            options: {
+                responsive: true,
+                plugins: {
+                    autocolors: {
+                        mode: 'data' // Required for Pie charts to color individual slices
+                    },
+                    legend: {
+                        position: 'bottom',
+                        labels: {
+                            padding: 20,
+                            font: { size: 13 },
+                            color: '#475569',
+                            generateLabels: function (chart) {
+                                const dataset = chart.data.datasets[0]
+                                return chart.data.labels.map((label, i) => ({
+                                    text: `${label}: ${dataset.data[i]}`,
+                                    fillStyle: dataset.backgroundColor[i],
+                                    hidden: false,
+                                    index: i,
+                                }))
+                            }
+                        }
+                    },
+                    tooltip: {
+                        callbacks: {
+                            label: function (context) {
+                                const label = context.label || ''
+                                const value = context.raw
+                                const total = context.dataset.data.reduce((a, b) => a + b, 0)
+                                const percentage = ((value / total) * 100).toFixed(1)
+
+                                return `${label}: ${value} (${percentage}%)`
+                            }
+                        }
+                    }
+                }
+            }
+        })
+    }
+
+    displayChart('totalRegistrationChart', totalChartData)
+    displayChart('inPersonRegistrationChart', inPersonChartData)
+})
diff --git a/ietf/static/js/meeting_timeline.js b/ietf/static/js/meeting_timeline.js
new file mode 100644
index 0000000000..713fb3ae70
--- /dev/null
+++ b/ietf/static/js/meeting_timeline.js
@@ -0,0 +1,92 @@
+// Copyright The IETF Trust 2026, All Rights Reserved
+import Chart from 'chart.js/auto'
+import zoomPlugin from 'chartjs-plugin-zoom'
+
+document.addEventListener('DOMContentLoaded', () => {
+    Chart.register(zoomPlugin) // enable the zoom plugin
+
+    // ── Safely parse JSON data injected from Django view ──
+    const totalChartData = JSON.parse(document.getElementById('total-chart-data').textContent)
+    const inPersonChartData = JSON.parse(document.getElementById('in-person-chart-data').textContent)
+    const statsType = JSON.parse(document.getElementById('stats-type-data').textContent)
+    const stackedLines = statsType === 'total'
+
+    function displayChart (id, data) {
+        const ctx = document.getElementById(id).getContext('2d')
+        return new Chart(ctx, {
+            type: 'line',   // Change to 'doughnut' for a donut chart
+            data: data,
+            options: {
+                responsive: true,
+                scales: {
+                    y: {
+                        stacked: stackedLines,
+                    },
+                    x: {
+                        title: {
+                            display: true,
+                            text: 'IETF Meeting Number',
+                        },
+                    },
+                },
+                plugins: {
+                    legend: {
+                        position: 'bottom',
+                        labels: {
+                            usePointStyle: true,
+                            padding: 15,
+                            font: { size: 12 },
+                        },
+                    },
+                    tooltip: {
+                        backgroundColor: 'rgba(0,0,0,0.8)',
+                        titleFont: { size: 14 },
+                        bodyFont: { size: 13 },
+                        callbacks: {
+                            title: function (items) {
+                                return `IETF Meeting ${items[0].label}`
+                            },
+                            label: function (context) {
+                                return ` ${context.dataset.label}: ${context.parsed.y} participants`
+                            }
+                        }
+                    },
+                    zoom: {
+                        zoom: {
+                            wheel: { enabled: true },      // scroll to zoom
+                            pinch: { enabled: true },      // pinch on mobile
+                            drag: {                        // drag to select range 
+                                enabled: true,
+                                modifierKey: 'alt'
+                            },
+                            mode: 'xy',                     // zoom X-axis and Y-axis
+                        },
+                        pan: {
+                            enabled: true,
+                            mode: 'xy',                     // pan X-axis and Y-axis
+                        },
+                    },
+                }
+            }
+        })
+    }
+
+    const totalChart = displayChart('totalRegistrationChart', totalChartData)
+    if (inPersonChartData !== null) {
+        inPersonChart = displayChart('inPersonRegistrationChart', inPersonChartData)
+    }
+    document.addEventListener('keydown', (event) => {
+        if (event.key === 'Escape') {
+            totalChart.resetZoom()
+            if (inPersonChart !== null) {
+                inPersonChart.resetZoom()
+            }
+        }
+    })
+    document.getElementById('resetButton').addEventListener('click', () => {
+        totalChart.resetZoom()
+        if (inPersonChart !== null) {
+            inPersonChart.resetZoom()
+        }
+    })
+})
diff --git a/ietf/static/js/navbar-doc-search.js b/ietf/static/js/navbar-doc-search.js
new file mode 100644
index 0000000000..c36c032310
--- /dev/null
+++ b/ietf/static/js/navbar-doc-search.js
@@ -0,0 +1,113 @@
+$(function () {
+    var $input = $('#navbar-doc-search');
+    var $results = $('#navbar-doc-search-results');
+    var ajaxUrl = $input.data('ajax-url');
+    var debounceTimer = null;
+    var highlightedIndex = -1;
+    var keyboardHighlight = false;
+    var currentItems = [];
+
+    function showDropdown() {
+        $results.addClass('show');
+    }
+
+    function hideDropdown() {
+        $results.removeClass('show');
+        highlightedIndex = -1;
+        keyboardHighlight = false;
+        updateHighlight();
+    }
+
+    function updateHighlight() {
+        $results.find('.dropdown-item').removeClass('active');
+        if (highlightedIndex >= 0 && highlightedIndex < currentItems.length) {
+            $results.find('.dropdown-item').eq(highlightedIndex).addClass('active');
+        }
+    }
+
+    function doSearch(query) {
+        if (query.length < 2) {
+            hideDropdown();
+            return;
+        }
+        $.ajax({
+            url: ajaxUrl,
+            dataType: 'json',
+            data: { q: query },
+            success: function (data) {
+                currentItems = data;
+                highlightedIndex = -1;
+                $results.empty();
+                if (data.length === 0) {
+                    $results.append('<li><span class="dropdown-item text-muted">No results found</span></li>');
+                } else {
+                    data.forEach(function (item) {
+                        var $li = $('<li>');
+                        var $a = $('<a class="dropdown-item" href="' + item.url + '">' + item.text + '</a>');
+                        $li.append($a);
+                        $results.append($li);
+                    });
+                }
+                showDropdown();
+            }
+        });
+    }
+
+    $input.on('input', function () {
+        clearTimeout(debounceTimer);
+        var query = $(this).val().trim();
+        debounceTimer = setTimeout(function () {
+            doSearch(query);
+        }, 250);
+    });
+
+    $input.on('keydown', function (e) {
+        if (e.key === 'ArrowDown') {
+            e.preventDefault();
+            if (highlightedIndex < currentItems.length - 1) {
+                highlightedIndex++;
+                keyboardHighlight = true;
+                updateHighlight();
+            }
+        } else if (e.key === 'ArrowUp') {
+            e.preventDefault();
+            if (highlightedIndex > 0) {
+                highlightedIndex--;
+                keyboardHighlight = true;
+                updateHighlight();
+            }
+        } else if (e.key === 'Enter') {
+            e.preventDefault();
+            if (keyboardHighlight && highlightedIndex >= 0 && highlightedIndex < currentItems.length) {
+                window.location.href = currentItems[highlightedIndex].url;
+            } else {
+                var query = $(this).val().trim();
+                if (query) {
+                    window.location.href = '/doc/search/?name=' + encodeURIComponent(query) + '&rfcs=on&activedrafts=on&olddrafts=on';
+                }
+            }
+        } else if (e.key === 'Escape') {
+            hideDropdown();
+            $input.blur();
+        }
+    });
+
+    // Hover highlights (visual only — Enter still submits the text)
+    $results.on('mouseenter', '.dropdown-item', function () {
+        highlightedIndex = $results.find('.dropdown-item').index(this);
+        keyboardHighlight = false;
+        updateHighlight();
+    });
+
+    $results.on('mouseleave', '.dropdown-item', function () {
+        highlightedIndex = -1;
+        updateHighlight();
+    });
+
+    // Click outside closes dropdown
+    $(document).on('click', function (e) {
+        if (!$(e.target).closest('#navbar-doc-search-wrapper').length) {
+            hideDropdown();
+        }
+    });
+});
diff --git a/ietf/stats/tests.py b/ietf/stats/tests.py
index 48552c8fba..d8e8741702 100644
--- a/ietf/stats/tests.py
+++ b/ietf/stats/tests.py
@@ -1,42 +1,120 @@
-# Copyright The IETF Trust 2016-2020, All Rights Reserved
-# -*- coding: utf-8 -*-
-
+# Copyright The IETF Trust 2016-2026, All Rights Reserved
 
 import calendar
+import csv
+import datetime
+import io
 import json
 
+from django.http import Http404
 from pyquery import PyQuery
 
 import debug    # pyflakes:ignore
 
+from django.test import RequestFactory
 from django.urls import reverse as urlreverse
+from django.utils import timezone
 
+from ietf.meeting.models import Meeting
 from ietf.utils.test_utils import login_testing_unauthorized, TestCase
 import ietf.stats.views
 
 
-from ietf.group.factories import RoleFactory
-from ietf.person.factories import PersonFactory
+from ietf.doc.factories import NewRevisionDocEventFactory
+from ietf.group.factories import GroupFactory, RoleFactory
+from ietf.person.factories import EmailFactory, PersonFactory
 from ietf.review.factories import ReviewRequestFactory, ReviewerSettingsFactory, ReviewAssignmentFactory
+from ietf.meeting.tests_models import MeetingFactory, RegistrationFactory
+from ietf.submit.factories import SubmissionFactory
 from ietf.utils.timezone import date_today
 
 
 class StatisticsTests(TestCase):
     def test_stats_index(self):
+        # Create a meeting as the index page needs to know the current meeting
+        MeetingFactory(type_id='ietf', number='124', date=timezone.now())
         url = urlreverse(ietf.stats.views.stats_index)
         r = self.client.get(url)
         self.assertEqual(r.status_code, 200)
 
     def test_document_stats(self):
-        r = self.client.get(urlreverse("ietf.stats.views.document_stats"))
-        self.assertRedirects(r, urlreverse("ietf.stats.views.stats_index"))
-
+        # Create a meeting as the index page needs to know the current meeting
+        MeetingFactory(type_id='ietf', number='124', date=timezone.now())
+        r = self.client.get(urlreverse(ietf.stats.views.document_stats))
+        self.assertRedirects(r, urlreverse(ietf.stats.views.stats_index))
 
     def test_meeting_stats(self):
-        r = self.client.get(urlreverse("ietf.stats.views.meeting_stats"))
-        self.assertRedirects(r, urlreverse("ietf.stats.views.stats_index"))
+        meeting124 = MeetingFactory(type_id='ietf', number='124', date=timezone.now())
+        meeting125 = MeetingFactory(type_id='ietf', number='125', date=timezone.now() + datetime.timedelta(days=120))
+        RegistrationFactory.create_batch(15, meeting=meeting124, with_ticket={'attendance_type_id': 'onsite'}, attended=True)
+        RegistrationFactory(meeting=meeting124, with_ticket={'attendance_type_id': 'onsite'}, attended=False)
+        RegistrationFactory.create_batch(14, meeting=meeting124, with_ticket={'attendance_type_id': 'remote'}, attended=True)
+        RegistrationFactory(meeting=meeting124, with_ticket={'attendance_type_id': 'remote'}, attended=False)
+        RegistrationFactory.create_batch(15, meeting=meeting125, affiliation='Test LLC', with_ticket={'attendance_type_id': 'remote'}, attended=False)
+        RegistrationFactory.create_batch(25, meeting=meeting125, affiliation='Example, Ltd', with_ticket={'attendance_type_id': 'onsite'}, attended=False)
+        # Test the meeting specific statitistics per affiliation and per country
+        r = self.client.get(urlreverse(ietf.stats.views.meeting_stats, kwargs={"meeting_number": "124", "stats_type": "affiliation"}))
+        self.assertEqual(r.status_code, 200)
+        self.assertContains(r, "Total Registrations by Affiliation (31 in total)")
+        self.assertContains(r, "In Person Registrations by Affiliation (16 in total)")
+        self.assertContains(r, "/stats/meeting/124/affiliation")
+        self.assertContains(r, "/stats/meeting/125/affiliation")
+        r = self.client.get(urlreverse(ietf.stats.views.meeting_stats, kwargs={"meeting_number": "124", "stats_type": "country"}))
+        self.assertEqual(r.status_code, 200)
+        self.assertContains(r, "Total Registrations by Country (31 in total)")
+        self.assertContains(r, "In Person Registrations by Country (16 in total)")
+        self.assertContains(r, "/stats/meeting/124/country")
+        self.assertContains(r, "/stats/meeting/125/country")
+        # Test the meetings timeline per country
+        r = self.client.get(urlreverse(ietf.stats.views.meetings_timeline, kwargs={"stats_type": "country"}))
+        self.assertEqual(r.status_code, 200)
+        self.assertContains(r, "/stats/meeting/124/country")
+        self.assertContains(r, "/stats/meeting/125/country")
+        self.assertContains(r, "This page provides a timeline of meeting registrations by country")
+        # Test the meetings timeline per affiliation
+        r = self.client.get(urlreverse(ietf.stats.views.meetings_timeline, kwargs={"stats_type": "affiliation"}))
+        self.assertEqual(r.status_code, 200)
+        self.assertContains(r, "/stats/meeting/124/affiliation")
+        self.assertContains(r, "/stats/meeting/125/affiliation")
+        self.assertContains(r, "This page provides a timeline of meeting registrations by affiliation")
+        # Extract the JSON embedded in the response
+        pq = PyQuery(r.content)
+        in_person_data = json.loads(pq.find("script#in-person-chart-data").text())
+        self.assertTrue(
+            any(
+                ds["label"] == "Example" and ds["data"] == [0, 25]
+                for ds in in_person_data["datasets"]
+            )
+        )
+        # Test the global meetings timeline
+        r = self.client.get(urlreverse(ietf.stats.views.meetings_timeline, kwargs={"stats_type": "total"}))
+        self.assertEqual(r.status_code, 200)
+        self.assertContains(r, "/stats/meeting/124/country")
+        self.assertContains(r, "/stats/meeting/125/country")
+        self.assertContains(r, "This page provides a timeline of meeting registrations.")
+
+    def test_meeting_stats_for_bad_meeting(self):
+        self.assertFalse(Meeting.objects.filter(number=676767).exists())
+        for stats_type in ["affiliation", "country"]:
+            r = self.client.get(
+                urlreverse(
+                    "ietf.stats.views.meeting_stats",
+                    kwargs={"meeting_number": 676767, "stats_type": stats_type},
+                )
+            )
+            self.assertEqual(r.status_code, 404)
+
+            # We don't have a URL for an interim, but make sure the view will 404 if
+            # somehow a non-interim gets selected...
+            interim_num = MeetingFactory(type_id="interim").number
+            request_factory = RequestFactory()
+            with self.assertRaises(Http404):
+                ietf.stats.views.meeting_stats(
+                    request_factory.get(f"/stats/meeting/{interim_num}/{stats_type}"),
+                    meeting_number=interim_num,
+                    stats_type=stats_type,
+                )
 
-                
     def test_known_country_list(self):
         # check redirect
         url = urlreverse(ietf.stats.views.known_countries_list)
@@ -109,3 +187,139 @@ def test_review_stats(self):
         self.assertEqual(r.status_code, 200)
         q = PyQuery(r.content)
         self.assertTrue(q('.review-stats td:contains("1")'))
+
+
+class AnnualReportInputsTests(TestCase):
+    def setUp(self):
+        super().setUp()
+        llc_staff = GroupFactory(acronym="llc-staff", type_id="team")
+        self.member = PersonFactory()
+        RoleFactory(group=llc_staff, name_id="member", person=self.member)
+        self.non_member = PersonFactory()
+
+    def _member_login(self):
+        self.client.login(
+            username=self.member.user.username,
+            password=f"{self.member.user.username}+password",
+        )
+
+    def test_access_unauthenticated(self):
+        url = urlreverse(ietf.stats.views.annual_report_inputs, kwargs={"year": "2024"})
+        r = self.client.get(url)
+        self.assertEqual(r.status_code, 302)
+        self.assertIn("/accounts/login", r["Location"])
+
+    def test_access_non_member_forbidden(self):
+        url = urlreverse(ietf.stats.views.annual_report_inputs, kwargs={"year": "2024"})
+        self.client.login(
+            username=self.non_member.user.username,
+            password=f"{self.non_member.user.username}+password",
+        )
+        r = self.client.get(url)
+        self.assertEqual(r.status_code, 403)
+
+    def test_access_member_allowed(self):
+        self._member_login()
+        url = urlreverse(ietf.stats.views.annual_report_inputs, kwargs={"year": "2024"})
+        r = self.client.get(url)
+        self.assertEqual(r.status_code, 200)
+
+    def test_default_year(self):
+        self._member_login()
+        url = urlreverse(ietf.stats.views.annual_report_inputs)
+        r = self.client.get(url)
+        self.assertEqual(r.status_code, 200)
+        self.assertEqual(r.context["year"], datetime.date.today().year - 1)
+
+    def test_year_param_redirects_to_year_url(self):
+        self._member_login()
+        url = urlreverse(ietf.stats.views.annual_report_inputs)
+        r = self.client.get(url, {"year": "2022"})
+        self.assertRedirects(
+            r,
+            urlreverse(ietf.stats.views.annual_report_inputs, kwargs={"year": "2022"}),
+        )
+
+    def test_summary_counts(self):
+        self._member_login()
+        year = 2021
+        # author1 has a matching Person record; author2 does not
+        EmailFactory(address="author1@example.com")
+        sub = SubmissionFactory(
+            state_id="posted",
+            submission_date=datetime.date(year, 6, 1),
+            submitter_email="submitter@example.com",
+        )
+        sub.authors = [
+            {"name": "Author One", "email": "author1@example.com", "affiliation": "", "country": "", "errors": []},
+            {"name": "Author Two", "email": "author2@example.com", "affiliation": "", "country": "", "errors": []},
+        ]
+        sub.save()
+        NewRevisionDocEventFactory(
+            time=datetime.datetime(year, 6, 1, tzinfo=datetime.timezone.utc),
+            doc__type_id="draft",
+        )
+        NewRevisionDocEventFactory(
+            time=datetime.datetime(year, 6, 1, tzinfo=datetime.timezone.utc),
+            doc__type_id="draft",
+        )
+        # Same draft, second revision — should count once
+        extra = NewRevisionDocEventFactory(
+            time=datetime.datetime(year, 9, 1, tzinfo=datetime.timezone.utc),
+            doc__type_id="draft",
+        )
+        NewRevisionDocEventFactory(
+            time=datetime.datetime(year, 9, 15, tzinfo=datetime.timezone.utc),
+            doc=extra.doc,
+        )
+
+        url = urlreverse(ietf.stats.views.annual_report_inputs, kwargs={"year": str(year)})
+        r = self.client.get(url)
+        self.assertEqual(r.status_code, 200)
+        self.assertEqual(r.context["year"], year)
+        self.assertEqual(r.context["author_count"], 2)
+        self.assertEqual(r.context["author_person_count"], 1)
+        self.assertEqual(r.context["author_noperson_count"], 1)
+        self.assertEqual(r.context["submitter_count"], 1)
+        self.assertEqual(r.context["submitter_person_count"], 0)
+        self.assertEqual(r.context["submitter_noperson_count"], 1)
+        self.assertEqual(r.context["draft_count"], 3)
+
+    def test_download_authors_csv(self):
+        self._member_login()
+        year = 2020
+        sub = SubmissionFactory(
+            state_id="posted",
+            submission_date=datetime.date(year, 4, 1),
+        )
+        sub.authors = [
+            {"name": "Author", "email": "csvauthor@example.com", "affiliation": "", "country": "", "errors": []},
+        ]
+        sub.save()
+
+        url = urlreverse(ietf.stats.views.annual_report_inputs, kwargs={"year": str(year)})
+        r = self.client.get(url, {"download": "authors"})
+        self.assertEqual(r.status_code, 200)
+        self.assertEqual(r["Content-Type"], "text/csv")
+        self.assertIn(f"authors-{year}.csv", r["Content-Disposition"])
+        rows = list(csv.reader(io.StringIO(r.content.decode())))
+        self.assertEqual(len(rows), 1)
+        self.assertIn("csvauthor@example.com", rows[0])
+
+    def test_download_submitters_csv(self):
+        self._member_login()
+        year = 2020
+        SubmissionFactory(
+            state_id="posted",
+            submission_date=datetime.date(year, 4, 1),
+            submitter_email="csvsubmitter@example.com",
+        )
+
+        url = urlreverse(ietf.stats.views.annual_report_inputs, kwargs={"year": str(year)})
+        r = self.client.get(url, {"download": "submitters"})
+        self.assertEqual(r.status_code, 200)
+        self.assertEqual(r["Content-Type"], "text/csv")
+        self.assertIn(f"submitters-{year}.csv", r["Content-Disposition"])
+        rows = list(csv.reader(io.StringIO(r.content.decode())))
+        self.assertEqual(len(rows), 1)
+        self.assertIn("csvsubmitter@example.com", rows[0])
diff --git a/ietf/stats/urls.py b/ietf/stats/urls.py
index d2993759d2..3bb107813a 100644
--- a/ietf/stats/urls.py
+++ b/ietf/stats/urls.py
@@ -1,4 +1,4 @@
-# Copyright The IETF Trust 2016-2020, All Rights Reserved
+# Copyright The IETF Trust 2016-2026, All Rights Reserved
 # -*- coding: utf-8 -*-
 
 
@@ -11,7 +11,9 @@
     url(r"^$", views.stats_index),
     url(r"^document/(?:(?P<stats_type>authors|pages|words|format|formlang|author/(?:documents|affiliation|country|continent|citations|hindex)|yearly/(?:affiliation|country|continent))/)?$", views.document_stats),
     url(r"^knowncountries/$", views.known_countries_list),
-    url(r"^meeting/(?P<num>\d+)/(?P<stats_type>country|continent)/$", views.meeting_stats),
-    url(r"^meeting/(?:(?P<stats_type>overview|country|continent)/)?$", views.meeting_stats),
+    url(r"^meeting/$", views.meetings_timeline),
+    url(r"^meeting/(?P<meeting_number>\d+)/(?P<stats_type>affiliation|country)/$", views.meeting_stats),
+    url(r"^meeting/(?:(?P<stats_type>affiliation|country|total)/)?$", views.meetings_timeline),
     url(r"^review/(?:(?P<stats_type>completion|results|states|time)/)?(?:%(acronym)s/)?$" % settings.URL_REGEXPS, views.review_stats),
+    url(r"^annual_report_inputs/(?:(?P<year>\d{4})/)?$", views.annual_report_inputs),
 ]
diff --git a/ietf/stats/views.py b/ietf/stats/views.py
index 504d84e86d..fe2fa82f55 100644
--- a/ietf/stats/views.py
+++ b/ietf/stats/views.py
@@ -1,19 +1,22 @@
-# Copyright The IETF Trust 2016-2020, All Rights Reserved
+# Copyright The IETF Trust 2016-2026, All Rights Reserved
 # -*- coding: utf-8 -*-
 
 
 import calendar
+import csv
 import datetime
 import itertools
 import json
 import dateutil.relativedelta
 from collections import defaultdict
 
+from django.conf import settings
 from django.contrib.auth.decorators import login_required
-from django.http import HttpResponseRedirect
-from django.shortcuts import render
+from django.core.cache import cache
+from django.http import HttpResponse, HttpResponseRedirect
+from django.shortcuts import render, get_object_or_404
 from django.urls import reverse as urlreverse
-
+from django.db.models import Count
 
 import debug                            # pyflakes:ignore
 
@@ -25,15 +28,32 @@
 from ietf.group.models import Role, Group
 from ietf.person.models import Person
 from ietf.name.models import ReviewResultName, CountryName, ReviewAssignmentStateName
-from ietf.ietfauth.utils import has_role
+from ietf.meeting.models import Registration, Meeting
+from ietf.ietfauth.utils import has_role, role_required
 from ietf.utils.response import permission_denied
 from ietf.utils.timezone import date_today, DEADLINE_TZINFO
+from ietf.meeting.helpers import get_current_ietf_meeting_num
 
+# Color palette for lines
+colors = [
+    '#FF6384', '#36A2EB', '#FFCE56', '#4BC0C0', '#9966FF',
+    '#FF9F40', '#C9CBCF', '#7BC043', '#F37735', '#00ABA9',
+    '#2B5797', '#E81123', '#00A4EF', '#7FBA00', '#FFB900',
+    '#D83B01', '#B4009E', '#5C2D91', '#008575', '#E3008C',
+]
 
 def stats_index(request):
-    return render(request, "stats/index.html")
+    """Render the statistics index page with the current meeting number as it is required by the meeting menu item."""
+    current_meeting = get_current_ietf_meeting_num()
+    return render(request, "stats/index.html", {
+        "current_meeting": current_meeting
+    })
 
 def generate_query_string(query_dict, overrides):
+    """
+    Returns:
+        A query string starting with '?' if there are parameters, empty string otherwise.
+    """
     query_part = ""
 
     if query_dict or overrides:
@@ -58,9 +78,20 @@ def generate_query_string(query_dict, overrides):
     return query_part
 
 def get_choice(request, get_parameter, possible_choices, multiple=False):
-    # the statistics are built with links to make navigation faster,
-    # so we don't really have a form in most cases, so just use this
-    # helper instead to select between the choices
+    """Extract a choice from the request GET parameters.
+
+    Since statistics pages use links for navigation instead of forms,
+    this helper selects between possible choices from the URL parameters.
+
+    Args:
+        request: The HTTP request object.
+        get_parameter: The name of the GET parameter.
+        possible_choices: List of tuples (value, label).
+        multiple: If True, return a list of found values; otherwise return the first found or None.
+
+    Returns:
+        The selected value(s) or None.
+    """
     values = request.GET.getlist(get_parameter)
     found = [t[0] for t in possible_choices if t[0] in values]
 
@@ -73,75 +104,553 @@ def get_choice(request, get_parameter, possible_choices, multiple=False):
             return None
 
 def add_url_to_choices(choices, url_builder):
+    """Add URLs to a list of choices.
+
+    Args:
+        choices: List of tuples (slug, label).
+        url_builder: Function that takes a slug and returns a URL.
+
+    Returns:
+        List of tuples (slug, label, url).
+    """
     return [ (slug, label, url_builder(slug)) for slug, label in choices]
 
-def put_into_bin(value, bin_size):
-    if value is None:
-        return (0, '')
+def document_stats(request, stats_type=None):
+    # timeline per year, or per specific year: streams, affiliation, rfc vs I-D
+    # could also be time between individual/WG I-D to rfc publication/IESG ballot
+    # DISCUSS resolution time
+    # Humm also split by authors (affiliation) / documents (the rest) probably
+    """Redirect to the stats index page. Deprecated view."""
+    return HttpResponseRedirect(urlreverse("ietf.stats.views.stats_index"))
 
-    v = (value // bin_size) * bin_size
-    return (v, "{} - {}".format(v, v + bin_size - 1))
+def known_countries_list(request, stats_type=None, acronym=None):
+    """Render a list of known countries with their aliases."""
+    countries = CountryName.objects.prefetch_related("countryalias_set")
+    for c in countries:
+        # the sorting is a bit of a hack - it puts the ISO code first
+        # since it was added in a migration
+        c.aliases = sorted(c.countryalias_set.all(), key=lambda a: a.pk)
 
-def prune_unknown_bin_with_known(bins):
-    # remove from the unknown bin all authors within the
-    # named/known bins
-    all_known = { n for b, names in bins.items() if b for n in names }
-    bins[""] = [name for name in bins[""] if name not in all_known]
-    if not bins[""]:
-        del bins[""]
+    return render(request, "stats/known_countries_list.html", {
+        "countries": countries,
+    })
 
-def count_bins(bins):
-    return len({ n for b, names in bins.items() if b for n in names })
+def canonicalize_affiliation(affiliation):
+    """Canonicalize an affiliation string by removing common suffixes and standardizing prefixes.
+
+    Args:
+        affiliation: The affiliation string to canonicalize.
+
+    Returns:
+        The canonicalized affiliation string, or None if input is None.
+    """
+    if not affiliation or affiliation.lower() in ('n/a', 'none', 'unspecified'):
+        return None
+    for suffix in ('ab', 'ag', 'corp', 'corp.', 'corporation', 'gmbh', 'inc.', 'inc', 'international pte ltd', 'llc', 'ltd', 'ltd.', 'private limited', 'pty ltd', 'pvt ltd'):
+        if affiliation.lower().endswith(', ' + suffix):
+            affiliation = affiliation[:-(len(suffix)+2)]
+        elif affiliation.lower().endswith(' ' + suffix):
+            affiliation = affiliation[:-(len(suffix)+1)]
+        elif affiliation.lower().endswith(',' + suffix):
+            affiliation = affiliation[:-(len(suffix)+1)]
+    for prefix in ('akamai','apple', 'cisco', 'futurewei', 'google', 'hitachi', 'hpe', 'huawei', 'juniper', 'meta', 'nokia', 'ntt', 'siemens'):
+        if affiliation.lower().startswith(prefix + ' '):
+            affiliation = prefix
+    return affiliation.title()
+
+def get_affiliation_data_for_meetings(attendance_type=None):
+    """Get affiliation participation data for meetings timeline chart.
+
+    Args:
+        attendance_type: Optional filter for attendance type (e.g., 'onsite').
+
+    Returns:
+        Tuple of (sorted_meetings, datasets) for Chart.js.
+    """
+    cache_key = f'stats:get_affiliation_data_for_meetings:{attendance_type}'
+    sorted_meetings, datasets = cache.get(cache_key, (None, None))
+    if (sorted_meetings, datasets) == (None, None):
+        top_n = 20  # could be a parameter, but would need to adjust cache handling
+
+        # Get registration status details
+        if attendance_type:
+            registrations = Registration.objects.filter(tickets__attendance_type=attendance_type)
+        else:
+            registrations = Registration.objects.all()
+        registrations = registrations.values('affiliation', 'meeting__number')
+    
+        # Count per canonicalized affiliation
+        organization = dict()
+        meetings_set = set()
+        org_totals = defaultdict(int)
+        data_map = defaultdict(dict)  # {org: {meeting: count}}
+    
+        for reg in registrations:
+            meeting = reg['meeting__number']
+            meetings_set.add(meeting)
+            affiliation = canonicalize_affiliation(reg['affiliation']) or "Unspecified"
+            organization[affiliation] = organization.get(affiliation, 0) + 1
+            org_totals[affiliation] = org_totals.get(affiliation, 0) + 1
+            data_map[affiliation][meeting] = data_map[affiliation].get(meeting, 0) + 1
+    
+        # ── Step 2: Sort meetings numerically rather than alphabetically  ──
+        sorted_meetings = sorted(meetings_set, key=lambda x: int(x) if x.isdigit() else x)
+    
+        # ── Step 3: Get top N countries ──
+        top_orgs = sorted(
+            org_totals.keys(),
+            key=lambda c: org_totals[c],
+            reverse=True
+        )[:top_n]
+        non_top_orgs = org_totals.keys() - top_orgs
+        other_totals = defaultdict(int)
+        for m in sorted_meetings:
+            other_totals[m] = 0
+            for c in non_top_orgs:
+                other_totals[m] += int(data_map[c].get(m, 0))
+    
+        # ── Step 4: Build Chart.js datasets ──
+    
+        datasets = []
+        for idx, org in enumerate(top_orgs):
+            color = colors[idx % len(colors)]
+            datasets.append({
+                'label': org,
+                'data': [data_map[org].get(m, 0) for m in sorted_meetings],
+                'borderColor': color,
+                'fill': False,
+                'tension': 0.3,
+                'pointColor': color,
+                'pointBackgroundColor': color,
+                'pointRadius': 4,
+                'pointHoverRadius': 6,
+                'borderWidth': 2,
+            })
+    
+        # -- Step 4.bis handle the other --
+        datasets.append({
+            'label': 'Other',
+            'data': [other_totals.get(m, 0) for m in sorted_meetings],
+            'borderColor': 'black',
+            'fill': False,
+            'tension': 0.3,
+            'pointColor': 'black',
+            'pointBackgroundColor': 'black',
+            'pointRadius': 4,
+            'pointHoverRadius': 6,
+            'borderWidth': 2,
+        })
+        cache.set(
+            cache_key,
+            (sorted_meetings, datasets),
+            settings.STATS_TIMELINE_CACHE_TIMEOUT,
+        )
 
-def add_labeled_top_series_from_bins(chart_data, bins, limit):
-    """Take bins on the form (x, label): [name1, name2, ...], figure out
-    how many there are per label, take the overall top ones and put
-    them into sorted series like [(x1, len(names1)), (x2, len(names2)), ...]."""
-    aggregated_bins = defaultdict(set)
-    xs = set()
-    for (x, label), names in bins.items():
-        xs.add(x)
-        aggregated_bins[label].update(names)
+    return sorted_meetings, datasets
 
-    xs = list(sorted(xs))
+def get_country_data_for_meetings(attendance_type=None):
+    """Get country participation data for meetings timeline chart.
 
-    sorted_bins = sorted(aggregated_bins.items(), key=lambda t: len(t[1]), reverse=True)
-    top = [ label for label, names in list(sorted_bins)[:limit]]
+    Args:
+        attendance_type: Optional filter for attendance type (e.g., 'onsite').
 
-    for label in top:
-        series_data = []
+    Returns:
+        Tuple of (sorted_meetings, datasets) for Chart.js.
+    """
+    cache_key = f'stats:get_country_data_for_meetings:{attendance_type}'
+    sorted_meetings, datasets = cache.get(cache_key, (None, None))
+    if (sorted_meetings, datasets) == (None, None):
+        top_n = 10  # could be a parameter, but would need to adjust cache handling
+        # Get registration status counts, aggregated by country_code
+        if attendance_type:
+            registrations = Registration.objects.filter(tickets__attendance_type=attendance_type)
+        else:
+            registrations = Registration.objects.all()
+        queryset = (
+            registrations
+            .values(
+                'meeting__number',      # e.g. "118", "119", "120"
+                'country_code'          # country code of the participant
+            )
+            .annotate(participant_count=Count('id'))
+            .order_by('meeting__number')  # chronological order
+        )
+    
+        # ── Step 1: Collect all meetings and country totals ──
+        meetings_set = set()
+        country_totals = defaultdict(int)
+        data_map = defaultdict(dict)  # {country: {meeting: count}}
+    
+        for row in queryset:
+            meeting = row['meeting__number']
+            country = row['country_code']
+            count = row['participant_count']
+    
+            meetings_set.add(meeting)
+            country_totals[country] += count
+            data_map[country][meeting] = count
+    
+        # ── Step 2: Sort meetings numerically rather than alphabetically  ──
+        sorted_meetings = sorted(meetings_set, key=lambda x: int(x) if x.isdigit() else x)
+    
+        # ── Step 3: Get top N countries ──
+        top_countries = sorted(
+            country_totals.keys(),
+            key=lambda c: country_totals[c],
+            reverse=True
+        )[:top_n]
+    
+        # -- Step 3.bis do the 'other' category --
+        non_top_countries = country_totals.keys() - top_countries
+        other_totals = defaultdict(int)
+        for m in sorted_meetings:
+            other_totals[m] = 0
+            for c in non_top_countries:
+                other_totals[m] += int(data_map[c].get(m, 0))
+    
+        # ── Step 4: Build Chart.js datasets ──
+    
+        datasets = []
+        for idx, country in enumerate(top_countries):
+            color = colors[idx % len(colors)]
+            datasets.append({
+                'label': country,
+                'data': [data_map[country].get(m, 0) for m in sorted_meetings],
+                'borderColor': color,
+                'fill': False,
+                'tension': 0.3,
+                'pointColor': color,
+                'pointBackgroundColor': color,
+                'pointRadius': 4,
+                'pointHoverRadius': 6,
+                'borderWidth': 2,
+            })
+    
+        # -- Step 4.bis handle the other --
+        datasets.append({
+            'label': 'Other',
+            'data': [other_totals.get(m, 0) for m in sorted_meetings],
+            'borderColor': 'black',
+            'fill': False,
+            'tension': 0.3,
+            'pointColor': 'black',
+            'pointBackgroundColor': 'black',
+            'pointRadius': 4,
+            'pointHoverRadius': 6,
+            'borderWidth': 2,
+        })
+        cache.set(
+            cache_key,
+            (sorted_meetings, datasets),
+            settings.STATS_TIMELINE_CACHE_TIMEOUT,
+        )
 
-        for x in xs:
-            names = bins.get((x, label), set())
+    return sorted_meetings, datasets
+
+def get_data_for_meetings():
+    """Get total participation data by attendance type for meetings timeline chart.
+
+    Returns:
+        Tuple of (sorted_meetings, datasets) for Chart.js.
+    """
+    cache_key = "stats:get_data_for_meetings"
+    sorted_meetings, datasets = cache.get(cache_key, (None, None))
+    if (sorted_meetings, datasets) == (None, None):
+        # Get registration status counts, aggregated by ticket types
+        registrations = Registration.objects.filter(tickets__attendance_type__in=['onsite', 'remote'])
+        queryset = (
+            registrations
+            .values(
+                'meeting__number',      # e.g. "118", "119", "120"
+                'tickets__attendance_type'
+            )
+            .annotate(participant_count=Count('id'))
+            .order_by('meeting__number')  # chronological order
+        )
+    
+        # ── Step 1: Collect all meetings and tickets totals ──
+        meetings_set = set()
+        tickets_totals = defaultdict(int)
+        data_map = defaultdict(dict)  # {ticket: {meeting: count}}
+    
+        for row in queryset:
+            meeting = row['meeting__number']
+            ticket = row['tickets__attendance_type']
+            count = row['participant_count']
+    
+            meetings_set.add(meeting)
+            tickets_totals[ticket] += count
+            data_map[ticket][meeting] = count
+    
+        # ── Step 2: Sort meetings numerically rather than alphabetically  ──
+        sorted_meetings = sorted(meetings_set, key=lambda x: int(x) if x.isdigit() else x)
+        ticket_types = tickets_totals.keys()
+        
+        # ── Step 4: Build Chart.js datasets ──
+        # Color palette for lines
+        colors = [ '#FF6384', '#36A2EB']
+    
+        datasets = []
+        for idx, ticket_type in enumerate(ticket_types):
+            color = colors[idx % len(colors)]
+            datasets.append({
+                'label': ticket_type,
+                'data': [data_map[ticket_type].get(m, 0) for m in sorted_meetings],
+                'borderColor': color,
+                'backgroundColor': color + '99', # 60% opacity fill
+                'fill': True,
+                'tension': 0.0,
+                'pointColor': color,
+                'pointBackgroundColor': color,
+                'pointRadius': 4,
+                'pointHoverRadius': 6,
+                'borderWidth': 2,
+            })
+        cache.set(
+            cache_key,
+            (sorted_meetings, datasets),
+            settings.STATS_TIMELINE_CACHE_TIMEOUT,
+        )
+    return sorted_meetings, datasets
+
+def meetings_timeline(request, stats_type='country'):
+    """Render the meetings timeline page with participation statistics over time.
+
+    Args:
+        request: The HTTP request object.
+        stats_type: Type of statistics ('country' or 'total').
+        top_n: Number of top items to show (for country stats).
+
+    Returns:
+        Rendered response for the meetings timeline template.
+    """
+    if stats_type == 'total':
+        total_labels, total_data_sets = get_data_for_meetings()
+        in_person_labels = ([], [])
+        in_person_data_sets = ([], [])
+        top_n = len(total_data_sets) - 1  # subtract one because we don't count "other"
+    elif stats_type == 'affiliation':
+        total_labels, total_data_sets = get_affiliation_data_for_meetings()
+        in_person_labels, in_person_data_sets = get_affiliation_data_for_meetings(attendance_type='onsite')
+        top_n = len(total_data_sets) - 1  # subtract one because we don't count "other"
+    elif stats_type == 'country':
+        total_labels, total_data_sets = get_country_data_for_meetings()
+        in_person_labels, in_person_data_sets = get_country_data_for_meetings(attendance_type='onsite')
+        top_n = len(total_data_sets) - 1  # subtract one because we don't count "other"
+    else:
+        return HttpResponseRedirect(urlreverse("ietf.stats.views.stats_index"))
 
-            series_data.append((x, len(names)))
+    total_chart_data = {
+        'labels': total_labels,
+        'datasets': total_data_sets,
+    }
 
-        chart_data.append({
-            "data": series_data,
-            "name": label
-        })
+    # On per country/affiliation have a separate graph for inperson
+    if stats_type == 'total':
+        in_person_chart_data = None
+    else:
+        in_person_chart_data = {
+            'labels': in_person_labels,
+            'datasets': in_person_data_sets,
+        }
 
-def document_stats(request, stats_type=None):
-    return HttpResponseRedirect(urlreverse("ietf.stats.views.stats_index"))
+    # Prepare the list of choice buttons for the template
+    possible_stats_types = [
+        ("affiliation", "Per affiliation", urlreverse(meetings_timeline, kwargs={'stats_type': 'affiliation'})),
+        ("country", "Per country", urlreverse(meetings_timeline, kwargs={'stats_type': 'country'})),
+        ("total", "Total", urlreverse(meetings_timeline, kwargs={'stats_type': 'total'})),
+    ]
 
+    current_meeting = get_current_ietf_meeting_num()
+    if stats_type == 'total':
+        possible_stats_type = 'country'
+    else:
+        possible_stats_type = stats_type
 
-def known_countries_list(request, stats_type=None, acronym=None):
-    countries = CountryName.objects.prefetch_related("countryalias_set")
-    for c in countries:
-        # the sorting is a bit of a hack - it puts the ISO code first
-        # since it was added in a migration
-        c.aliases = sorted(c.countryalias_set.all(), key=lambda a: a.pk)
+    possible_meeting_numbers = [(int(current_meeting)-1, urlreverse(meeting_stats, kwargs={'meeting_number': int(current_meeting)-1, 'stats_type': possible_stats_type})),
+        (int(current_meeting), urlreverse(meeting_stats, kwargs={'meeting_number': int(current_meeting), 'stats_type': possible_stats_type})),
+        (int(current_meeting)+1, urlreverse(meeting_stats, kwargs={'meeting_number': int(current_meeting)+1, 'stats_type': possible_stats_type}))]
 
-    return render(request, "stats/known_countries_list.html", {
-        "countries": countries,
+    return render(request, "stats/meetings_timeline.html", {
+        "top_n": top_n,
+        "possible_stats_types": possible_stats_types,
+        "possible_meeting_numbers": possible_meeting_numbers,
+        "stats_type": stats_type,
+        "total_chart_data": total_chart_data,
+        "in_person_chart_data": in_person_chart_data,
     })
 
-def meeting_stats(request, num=None, stats_type=None):
-    return HttpResponseRedirect(urlreverse("ietf.stats.views.stats_index"))
+def get_affiliation_data_for_meeting(meeting_number, minimum_required, attendance_type=None):
+    """Get affiliation participation data for a specific meeting.
+
+    Args:
+        meeting_number: The meeting number.
+        minimum_required: Minimum count to include in main data (others go to 'Other').
+        attendance_type: Optional filter for attendance type.
+
+    Returns:
+        Tuple of (labels, data, total) for chart display.
+    """
+    # Get registration status details
+    registrations = Registration.objects.filter(meeting__number=meeting_number)
+    if attendance_type:
+        registrations = registrations.filter(tickets__attendance_type=attendance_type)
+    registrations = registrations.values('affiliation')
+
+    # Count per canonicalized affiliation
+    organization = dict()
+    for reg in registrations:
+        affiliation = canonicalize_affiliation(reg['affiliation']) or "Unspecified"
+        organization[affiliation] = organization.get(affiliation, 0) + 1
+
+    # Sort to have the largest count first (nicer in pie chart)
+    sorted_orgs = sorted(organization.items(), key=lambda t: t[1], reverse=True)
+    labels = []
+    data = []
+    others_count = 0
+    total = 0
+    for org, count in sorted_orgs:
+        total += count
+        if count > minimum_required:
+            labels.append(org)
+            data.append(count)
+        else:
+            others_count += count
+
+    if others_count > 0:
+        labels.append('Other')
+        data.append(others_count)
+
+    return labels, data, total
+
+def get_data_for_meeting(meeting_number, minimum_required, attendance_type=None):
+    """Get country participation data for a specific meeting.
+
+    Args:
+        meeting_number: The meeting number.
+        minimum_required: Minimum count to include in main data (others go to 'Other').
+        attendance_type: Optional filter for attendance type.
+
+    Returns:
+        Tuple of (labels, data, total) for chart display.
+    """
+    # Get registration status counts, aggregated by country_code
+    registration_counts = Registration.objects.filter(meeting__number=meeting_number)
+    if attendance_type:
+        registration_counts = registration_counts.filter(tickets__attendance_type=attendance_type)
+    registration_counts = registration_counts.values('country_code').annotate(count=Count('country_code')).order_by('-count')
+
+    labels = []
+    data = []
+    others_count = 0
+    total = 0
+    for item in registration_counts:
+        total += item['count']
+        if item['count'] > minimum_required:
+            labels.append(item['country_code'])
+            data.append(item['count'])
+        else:
+            others_count += item['count']
+
+    if others_count > 0:
+        labels.append('Other')
+        data.append(others_count)
+
+    return labels, data, total
+
+def meeting_stats(request, meeting_number=None, stats_type='country'):
+    """Render statistics for a specific meeting.
+
+    Args:
+        request: The HTTP request object.
+        meeting_number: The meeting number (defaults to current).
+        stats_type: Type of statistics ('country' or 'affiliation').
+
+    Returns:
+        Rendered response for the meeting stats template.
+    """
+    current_meeting_number = get_current_ietf_meeting_num()
+    if meeting_number is None:
+        meeting_number = current_meeting_number
+    this_meeting = get_object_or_404(
+        Meeting.objects.filter(type_id="ietf"), number=meeting_number
+    )
+
+    if stats_type == 'affiliation':
+        minimum_required = 4
+        total_labels, total_data, total_total = get_affiliation_data_for_meeting(meeting_number, minimum_required)
+        in_person_labels, in_person_data, in_person_total = get_affiliation_data_for_meeting(meeting_number, minimum_required, attendance_type='onsite')
+    elif stats_type == 'country':
+        minimum_required = 10
+        total_labels, total_data, total_total = get_data_for_meeting(meeting_number, minimum_required)
+        in_person_labels, in_person_data, in_person_total = get_data_for_meeting(meeting_number, minimum_required, attendance_type='onsite')
+    else:
+        return HttpResponseRedirect(urlreverse("ietf.stats.views.stats_index"))
+
+    total_chart_data = {
+        'labels': total_labels,
+        'datasets': [{
+            'label': 'Total Registrations by ' + stats_type,
+            'data': total_data,
+            'borderColor': '#ffffff',
+            'borderWidth': 2,
+        }]
+    }
+    in_person_chart_data = {
+        'labels': in_person_labels,
+        'datasets': [{
+            'label': 'In Person Registrations by ' + stats_type,
+            'data': in_person_data,
+            'borderColor': '#ffffff',
+            'borderWidth': 2,
+        }]
+    }
+
+    # Prepare the list of choice buttons for the template
+    possible_stats_types = [
+        ("affiliation", "Per affiliation", urlreverse(meeting_stats, kwargs={'meeting_number': meeting_number, 'stats_type': 'affiliation'})),
+        ("country", "Per country", urlreverse(meeting_stats, kwargs={'meeting_number': meeting_number, 'stats_type': 'country'})),
+    ]
+
+    # Prepare the list of meeting number buttons for the template
+    possible_meeting_numbers = [('All', urlreverse(meetings_timeline, kwargs={'stats_type': stats_type}))]
+    if int(meeting_number) > 72:  # No registration data before IETF-72
+        possible_meeting_numbers.append((int(meeting_number)-1, urlreverse(meeting_stats, kwargs={'meeting_number': int(meeting_number)-1, 'stats_type': stats_type})))
+    possible_meeting_numbers.append((meeting_number, urlreverse(meeting_stats, kwargs={'meeting_number': meeting_number, 'stats_type': stats_type})))
+    if int(meeting_number) <= int(current_meeting_number): # Allow current meeting +1
+        possible_meeting_numbers.append((int(meeting_number)+1, urlreverse(meeting_stats, kwargs={'meeting_number': int(meeting_number)+1, 'stats_type': stats_type})))
+
+    return render(request, "stats/meeting_stats.html", {
+        "meeting_number": meeting_number,
+        "meeting_date": this_meeting.date,
+        "meeting_country": this_meeting.country,
+        "meeting_city": this_meeting.city,
+        "possible_stats_types": possible_stats_types,
+        "possible_meeting_numbers": possible_meeting_numbers,
+        "stats_type": stats_type,
+        "minimum_required": minimum_required,
+        "total_chart_data": total_chart_data,
+        "total_total": total_total,
+        "in_person_chart_data": in_person_chart_data,
+        "in_person_total": in_person_total
+    })
 
 
 @login_required
 def review_stats(request, stats_type=None, acronym=None):
+    """Render review statistics page with tables and charts for review assignments.
+
+    Shows completion status, results, assignment states, and time series data.
+    Supports both team-level and reviewer-level views with filtering options.
+
+    Args:
+        request: The HTTP request object.
+        stats_type: Type of statistics ('completion', 'results', 'states', 'time').
+        acronym: Team acronym for reviewer-level view (None for team view).
+
+    Returns:
+        Rendered response for the review stats template.
+    """
     # This view is a bit complex because we want to show a bunch of
     # tables with various filtering options, and both a team overview
     # and a reviewers-within-team overview - and a time series chart.
@@ -449,3 +958,46 @@ def time_key_fn(t):
         "possible_states": possible_states,
         "selected_state": selected_state,
     })
+
+
+@role_required("LLC Staff")
+def annual_report_inputs(request, year=None):
+    if year is None and "year" in request.GET:
+        return HttpResponseRedirect(
+            urlreverse("ietf.stats.views.annual_report_inputs", kwargs={"year": request.GET["year"]})
+        )
+    year = int(year) if year else datetime.date.today().year - 1
+
+    from ietf.doc.models import NewRevisionDocEvent
+    from ietf.utils.reports import authors_by_year, submitters_by_year, unique_people
+
+    download = request.GET.get("download")
+    if download in ("authors", "submitters"):
+        addresses = authors_by_year(year) if download == "authors" else submitters_by_year(year)
+        response = HttpResponse(content_type="text/csv")
+        response["Content-Disposition"] = f'attachment; filename="{download}-{year}.csv"'
+        writer = csv.writer(response)
+        writer.writerow(sorted(addresses))
+        return response
+
+    authors = authors_by_year(year)
+    submitters = submitters_by_year(year)
+    author_persons, author_nopersons = unique_people(authors)
+    submitter_persons, submitter_nopersons = unique_people(submitters)
+
+    draft_count = len(set(
+        NewRevisionDocEvent.objects.filter(
+            doc__type_id="draft", time__year=year
+        ).values_list("doc__name", flat=True)
+    ))
+
+    return render(request, "stats/annual_report_inputs.html", {
+        "year": year,
+        "author_count": len(authors),
+        "submitter_count": len(submitters),
+        "author_person_count": author_persons.count(),
+        "author_noperson_count": len(author_nopersons),
+        "submitter_person_count": submitter_persons.count(),
+        "submitter_noperson_count": len(submitter_nopersons),
+        "draft_count": draft_count,
+    })
diff --git a/ietf/submit/factories.py b/ietf/submit/factories.py
index 1076434b82..69888a055d 100644
--- a/ietf/submit/factories.py
+++ b/ietf/submit/factories.py
@@ -21,6 +21,9 @@ class Meta:
 
 class SubmissionFactory(factory.django.DjangoModelFactory):
     state_id = 'uploaded'
+    submitter_name = factory.Faker("name")
+    submitter_email = factory.Faker("email") 
+    submitter = factory.LazyAttribute(lambda o: f"{o.submitter_name} <{o.submitter_email}>")
 
     @factory.lazy_attribute_sequence
     def name(self, n):
@@ -32,3 +35,4 @@ def auth_key(self):
 
     class Meta:
         model = Submission
+        exclude = ("submitter_name", "submitter_email")
diff --git a/ietf/submit/tests.py b/ietf/submit/tests.py
index 400d0d8c7d..ad361d31b2 100644
--- a/ietf/submit/tests.py
+++ b/ietf/submit/tests.py
@@ -1,4 +1,4 @@
-# Copyright The IETF Trust 2011-2023, All Rights Reserved
+# Copyright The IETF Trust 2011-2026, All Rights Reserved
 # -*- coding: utf-8 -*-
 
 
@@ -207,20 +207,24 @@ def test_manualpost_view(self):
         r = self.client.get(url)
         self.assertEqual(r.status_code, 200)
         q = PyQuery(r.content)
-        self.assertIn(
-            urlreverse(
-                "ietf.submit.views.submission_status", 
-                kwargs=dict(submission_id=submission.pk)
-            ),
-            q("#manual.submissions td a").attr("href")
-        )
-        self.assertIn(
-            submission.name,
-            q("#manual.submissions td a").text()
+        # Validate that the basic submission status URL is on the manual post page
+        # _without_ an access token, even if logged in as various users.
+        expected_url = urlreverse(
+            "ietf.submit.views.submission_status", 
+            kwargs=dict(submission_id=submission.pk)
         )
+        selected_elts = q("#manual.submissions td a")
+        self.assertEqual(expected_url, selected_elts.attr("href"))
+        self.assertIn(submission.name, selected_elts.text())
+        for username in ["plain", "secretary"]:
+            self.client.login(username=username, password=username + "+password")
+            r = self.client.get(url)
+            self.assertEqual(r.status_code, 200)
+            q = PyQuery(r.content)
+            selected_elts = q("#manual.submissions td a")
+            self.assertEqual(expected_url, selected_elts.attr("href"))
+            self.assertIn(submission.name, selected_elts.text())
 
-    def test_manualpost_cancel(self):
-        pass
 
 class SubmitTests(BaseSubmitTestCase):
     def setUp(self):
diff --git a/ietf/submit/utils.py b/ietf/submit/utils.py
index 9a7c358a6d..457462e4f2 100644
--- a/ietf/submit/utils.py
+++ b/ietf/submit/utils.py
@@ -395,10 +395,7 @@ def post_submission(request, submission, approved_doc_desc, approved_subm_desc):
 
     log.log(f"{submission.name}: updated state and info")
 
-    trouble = rebuild_reference_relations(draft, find_submission_filenames(draft))
-    if trouble:
-        log.log('Rebuild_reference_relations trouble: %s'%trouble)
-    log.log(f"{submission.name}: rebuilt reference relations")
+    rebuild_reference_relations(draft, find_submission_filenames(draft))
     
     if draft.stream_id == "ietf" and draft.group.type_id == "wg" and draft.rev == "00":
         # automatically set state "WG Document"
@@ -1615,6 +1612,4 @@ def active(dirent):
             log.log(f"Error processing {item.name}: {e}")
 
     ftp_moddir = Path(settings.FTP_DIR) / "yang" / "draftmod/"
-    if not moddir.endswith("/"):
-        moddir += "/"
-    subprocess.call(("/usr/bin/rsync", "-aq", "--delete", moddir, ftp_moddir))
+    subprocess.call(("/usr/bin/rsync", "-aq", "--delete", f"{moddir}/", str(ftp_moddir)))
diff --git a/ietf/sync/errata.py b/ietf/sync/errata.py
new file mode 100644
index 0000000000..bc1a1cbd28
--- /dev/null
+++ b/ietf/sync/errata.py
@@ -0,0 +1,187 @@
+# Copyright The IETF Trust 2026, All Rights Reserved
+import datetime
+import json
+from collections import defaultdict
+from typing import DefaultDict
+
+from django.conf import settings
+from django.core.files.storage import storages
+from django.db import transaction
+from django.db.models import Q
+
+from ietf.doc.models import Document, DocEvent
+from ietf.name.models import DocTagName
+from ietf.person.models import Person
+from ietf.utils.log import log
+from ietf.utils.models import DirtyBits
+
+
+DEFAULT_ERRATA_JSON_BLOB_NAME = "other/errata.json"
+
+type ErrataJsonEntry = dict[str, str]
+
+
+def get_errata_last_updated() -> datetime.datetime:
+    """Get timestamp of the last errata.json update
+
+    May raise FileNotFoundError or other storage/S3 exceptions. Be prepared.
+    """
+    red_bucket = storages["red_bucket"]
+    return red_bucket.get_modified_time(
+        getattr(settings, "ERRATA_JSON_BLOB_NAME", DEFAULT_ERRATA_JSON_BLOB_NAME)
+    )
+
+
+def get_errata_data() -> list[ErrataJsonEntry]:
+    red_bucket = storages["red_bucket"]
+    with red_bucket.open(
+        getattr(settings, "ERRATA_JSON_BLOB_NAME", DEFAULT_ERRATA_JSON_BLOB_NAME), "r"
+    ) as f:
+        errata_data = json.load(f)
+    return errata_data
+
+
+def errata_map_from_json(errata_data: list[ErrataJsonEntry]):
+    """Create a dict mapping RFC number to a list of applicable errata records"""
+    errata = defaultdict(list)
+    for item in errata_data:
+        doc_id = item["doc-id"]
+        if doc_id.upper().startswith("RFC"):
+            rfc_number = int(doc_id[3:])
+            errata[rfc_number].append(item)
+    return dict(errata)
+
+
+def update_errata_tags(errata_data: list[ErrataJsonEntry]):
+    tag_has_errata = DocTagName.objects.get(slug="errata")
+    tag_has_verified_errata = DocTagName.objects.get(slug="verified-errata")
+    system = Person.objects.get(name="(System)")
+
+    errata_map = errata_map_from_json(errata_data)
+    nums_with_errata = [
+        num
+        for num, errata in errata_map.items()
+        if any(er["errata_status_code"] != "Rejected" for er in errata)
+    ]
+    nums_with_verified_errata = [
+        num
+        for num, errata in errata_map.items()
+        if any(er["errata_status_code"] == "Verified" for er in errata)
+    ]
+
+    rfcs_gaining_errata_tag = Document.objects.filter(
+        type_id="rfc", rfc_number__in=nums_with_errata
+    ).exclude(tags=tag_has_errata)
+
+    rfcs_gaining_verified_errata_tag = Document.objects.filter(
+        type_id="rfc", rfc_number__in=nums_with_verified_errata
+    ).exclude(tags=tag_has_verified_errata)
+
+    rfcs_losing_errata_tag = Document.objects.filter(
+        type_id="rfc", tags=tag_has_errata
+    ).exclude(rfc_number__in=nums_with_errata)
+
+    rfcs_losing_verified_errata_tag = Document.objects.filter(
+        type_id="rfc", tags=tag_has_verified_errata
+    ).exclude(rfc_number__in=nums_with_verified_errata)
+
+    # map rfc_number to add/remove lists
+    changes: DefaultDict[Document, dict[str, list[DocTagName]]] = defaultdict(
+        lambda: {"add": [], "remove": []}
+    )
+    for rfc in rfcs_gaining_errata_tag:
+        changes[rfc]["add"].append(tag_has_errata)
+    for rfc in rfcs_gaining_verified_errata_tag:
+        changes[rfc]["add"].append(tag_has_verified_errata)
+    for rfc in rfcs_losing_errata_tag:
+        changes[rfc]["remove"].append(tag_has_errata)
+    for rfc in rfcs_losing_verified_errata_tag:
+        changes[rfc]["remove"].append(tag_has_verified_errata)
+
+    for rfc, changeset in changes.items():
+        # Update in a transaction per RFC to keep tags and DocEvents consistent.
+        # With this in place, an interrupted task will be cleanly completed on the
+        # next run.
+        with transaction.atomic():
+            change_descs = []
+            for tag in changeset["add"]:
+                rfc.tags.add(tag)
+                change_descs.append(f"added {tag.slug} tag")
+            for tag in changeset["remove"]:
+                rfc.tags.remove(tag)
+                change_descs.append(f"removed {tag.slug} tag")
+            summary = "Update from RFC Editor: " + ", ".join(change_descs)
+            if rfc.rfc_number in errata_map and all(
+                er["errata_status_code"] == "Rejected"
+                for er in errata_map[rfc.rfc_number]
+            ):
+                summary += " (all errata rejected)"
+            DocEvent.objects.create(
+                doc=rfc,
+                rev=rfc.rev,  # expect no rev
+                by=system,
+                type="sync_from_rfc_editor",
+                desc=summary,
+            )
+
+    return {rfc.rfc_number for rfc in changes}
+
+
+def update_errata_from_rfceditor() -> set[int]:
+    errata_data = get_errata_data()
+    return update_errata_tags(errata_data)
+
+
+## DirtyBits management for the errata tags
+
+ERRATA_SLUG = DirtyBits.Slugs.ERRATA
+
+
+def update_errata_dirty_time() -> DirtyBits | None:
+    try:
+        last_update = get_errata_last_updated()
+    except Exception as err:
+        log(f"Error in get_errata_last_updated: {err}")
+        return None
+    else:
+        dirty_work, created = DirtyBits.objects.update_or_create(
+            slug=ERRATA_SLUG, defaults={"dirty_time": last_update}
+        )
+        if created:
+            log(f"Created DirtyBits(slug='{ERRATA_SLUG}')")
+        return dirty_work
+
+
+def mark_errata_as_processed(when: datetime.datetime):
+    n_updated = DirtyBits.objects.filter(
+        Q(processed_time__isnull=True) | Q(processed_time__lt=when),
+        slug=ERRATA_SLUG,
+    ).update(processed_time=when)
+    if n_updated > 0:
+        log(f"processed_time is now {when.isoformat()}")
+    else:
+        log("processed_time not updated, no matching record found")
+
+
+def errata_are_dirty():
+    """Does the rfc index need to be updated?"""
+    dirty_work = update_errata_dirty_time()  # creates DirtyBits if needed
+    if dirty_work is None:
+        # A None indicates we could not check the timestamp of errata.json. In that
+        # case, we are not likely to be able to read the blob either, so don't try
+        # to process it. An error was already logged.
+        return False
+    display_processed_time = (
+        dirty_work.processed_time.isoformat()
+        if dirty_work.processed_time is not None
+        else "never"
+    )
+    log(
+        f"DirtyBits(slug='{ERRATA_SLUG}'): "
+        f"dirty_time={dirty_work.dirty_time.isoformat()} "
+        f"processed_time={display_processed_time}"
+    )
+    return (
+        dirty_work.processed_time is None
+        or dirty_work.dirty_time >= dirty_work.processed_time
+    )
diff --git a/ietf/sync/rfceditor.py b/ietf/sync/rfceditor.py
index cdcdeb5989..347b58efbb 100644
--- a/ietf/sync/rfceditor.py
+++ b/ietf/sync/rfceditor.py
@@ -2,20 +2,15 @@
 # -*- coding: utf-8 -*-
 
 
-import base64
 import datetime
 import re
-import requests
 
 from typing import Iterator, Optional, Union
-from urllib.parse import urlencode
 from xml.dom import pulldom, Node
 
-from django.conf import settings
 from django.db import transaction
 from django.db.models import Subquery, OuterRef, F, Q
 from django.utils import timezone
-from django.utils.encoding import smart_bytes, force_str
 
 import debug                            # pyflakes:ignore
 
@@ -636,43 +631,70 @@ def update_docs_from_rfc_index(
             )
             rfc_published = True
 
-        def parse_relation_list(l):
-            res = []
-            for x in l:
-                for a in Document.objects.filter(name=x.lower(), type_id="rfc"):
-                    if a not in res:
-                        res.append(a)
-            return res
+        def parse_relation_list(rel_list: list[str]) -> list[Document]:
+            return list(
+                Document.objects.filter(
+                    name__in=[name.strip().lower() for name in rel_list],
+                    type_id="rfc"
+                )
+            )
 
-        for x in parse_relation_list(obsoletes):
-            if not RelatedDocument.objects.filter(
-                source=doc, target=x, relationship=relationship_obsoletes
+        # Create missing obsoletes relations
+        docs_this_obsoletes = parse_relation_list(obsoletes)
+        for obs_doc in docs_this_obsoletes:
+            if not doc.relateddocument_set.filter(
+                target=obs_doc, relationship=relationship_obsoletes
             ):
-                r = RelatedDocument.objects.create(
-                    source=doc, target=x, relationship=relationship_obsoletes
+                r = doc.relateddocument_set.create(
+                    target=obs_doc, relationship=relationship_obsoletes
                 )
                 rfc_changes.append(
-                    "created {rel_name} relation between {src_name} and {tgt_name}".format(
+                    "created {rel_name} relation between {src} and {tgt}".format(
                         rel_name=r.relationship.name.lower(),
-                        src_name=prettify_std_name(r.source.name),
-                        tgt_name=prettify_std_name(r.target.name),
+                        src=prettify_std_name(r.source.name),
+                        tgt=prettify_std_name(r.target.name),
                     )
                 )
+        # Remove stale obsoletes relations
+        for r in doc.relateddocument_set.filter(
+            relationship=relationship_obsoletes
+        ).exclude(target_id__in=[d.pk for d in docs_this_obsoletes]):
+            r.delete()
+            rfc_changes.append(
+                "removed {rel_name} relation between {src} and {tgt}".format(
+                    rel_name=r.relationship.name.lower(),
+                    src=prettify_std_name(r.source.name),
+                    tgt=prettify_std_name(r.target.name),
+                )
+            )
 
-        for x in parse_relation_list(updates):
+        docs_this_updates = parse_relation_list(updates)
+        for upd_doc in docs_this_updates:
             if not RelatedDocument.objects.filter(
-                source=doc, target=x, relationship=relationship_updates
+                source=doc, target=upd_doc, relationship=relationship_updates
             ):
-                r = RelatedDocument.objects.create(
-                    source=doc, target=x, relationship=relationship_updates
+                r = doc.relateddocument_set.create(
+                    target=upd_doc, relationship=relationship_updates
                 )
                 rfc_changes.append(
-                    "created {rel_name} relation between {src_name} and {tgt_name}".format(
+                    "created {rel_name} relation between {src} and {tgt}".format(
                         rel_name=r.relationship.name.lower(),
-                        src_name=prettify_std_name(r.source.name),
-                        tgt_name=prettify_std_name(r.target.name),
+                        src=prettify_std_name(r.source.name),
+                        tgt=prettify_std_name(r.target.name),
                     )
                 )
+        # Remove stale updates relations
+        for r in doc.relateddocument_set.filter(
+            relationship=relationship_updates
+        ).exclude(target_id__in=[d.pk for d in docs_this_updates]):
+            r.delete()
+            rfc_changes.append(
+                "removed {rel_name} relation between {src} and {tgt}".format(
+                    rel_name=r.relationship.name.lower(),
+                    src=prettify_std_name(r.source.name),
+                    tgt=prettify_std_name(r.target.name),
+                )
+            )
 
         if also:
             # recondition also to have proper subseries document names:
@@ -820,50 +842,4 @@ def parse_relation_list(l):
         ).update(document=F("subseries_target"))
 
 
-def post_approved_draft(url, name):
-    """Post an approved draft to the RFC Editor so they can retrieve
-    the data from the Datatracker and start processing it. Returns
-    response and error (empty string if no error)."""
-
-    if settings.SERVER_MODE != "production":
-        log(f"In production, would have posted RFC-Editor notification of approved I-D '{name}' to '{url}'")
-        return "", ""
-
-    # HTTP basic auth
-    username = "dtracksync"
-    password = settings.RFC_EDITOR_SYNC_PASSWORD
-    headers = {
-            "Content-type": "application/x-www-form-urlencoded",
-            "Accept": "text/plain",
-            "Authorization": "Basic %s" % force_str(base64.encodebytes(smart_bytes("%s:%s" % (username, password)))).replace("\n", ""),
-        }
-
-    log("Posting RFC-Editor notification of approved Internet-Draft '%s' to '%s'" % (name, url))
-    text = error = ""
-
-    try:
-        r = requests.post(
-            url,
-            headers=headers,
-            data=smart_bytes(urlencode({ 'draft': name })),
-            timeout=settings.DEFAULT_REQUESTS_TIMEOUT,
-        )
-
-        log("RFC-Editor notification result for Internet-Draft '%s': %s:'%s'" % (name, r.status_code, r.text))
-
-        if r.status_code != 200:
-            raise RuntimeError("Status code is not 200 OK (it's %s)." % r.status_code)
-
-        if force_str(r.text) != "OK":
-            raise RuntimeError('Response is not "OK" (it\'s "%s").' % r.text)
-
-    except Exception as e:
-        # catch everything so we don't leak exceptions, convert them
-        # into string instead
-        msg = "Exception on RFC-Editor notification for Internet-Draft '%s': %s: %s" % (name, type(e), str(e))
-        log(msg)
-        if settings.SERVER_MODE == 'test':
-            debug.say(msg)
-        error = str(e)
 
-    return text, error
diff --git a/ietf/sync/rfcindex.py b/ietf/sync/rfcindex.py
new file mode 100644
index 0000000000..f47974f900
--- /dev/null
+++ b/ietf/sync/rfcindex.py
@@ -0,0 +1,826 @@
+# Copyright The IETF Trust 2026, All Rights Reserved
+import datetime
+import json
+import shutil
+from collections import defaultdict
+from collections.abc import Container, Iterable
+from dataclasses import dataclass
+from itertools import chain
+from operator import attrgetter, itemgetter
+from pathlib import Path
+from textwrap import fill
+from urllib.parse import urljoin
+
+from django.conf import settings
+from django.core.files.base import ContentFile
+from django.db.models import Q
+from lxml import etree
+
+from django.core.files.storage import storages
+from django.db import models
+from django.db.models.functions import Substr, Cast
+from django.template.loader import render_to_string
+from django.utils import timezone
+
+from ietf.doc.models import Document
+from ietf.name.models import StdLevelName
+from ietf.utils.log import log
+from ietf.utils.models import DirtyBits
+
+FORMATS_FOR_INDEX = ["txt", "html", "pdf", "xml", "ps"]
+SS_TXT_MARGIN = 3
+SS_TXT_CUE_COL_WIDTH = 14
+
+
+def format_rfc_number(n):
+    """Format an RFC number (or subseries doc number)
+
+    Set settings.RFCINDEX_MATCH_LEGACY_XML=True for the legacy (leading-zero) format.
+    That is for debugging only - tests will fail.
+    """
+    if getattr(settings, "RFCINDEX_MATCH_LEGACY_XML", False):
+        return format(n, "04")
+    else:
+        return format(n)
+
+
+def errata_url(rfc: Document):
+    return urljoin(settings.RFC_EDITOR_ERRATA_BASE_URL + "/", f"rfc{rfc.rfc_number}")
+
+
+def red_bucket_input_path(filename: str) -> str:
+    return str(Path(settings.RFCINDEX_INPUT_PATH) / filename)
+
+
+def red_bucket_output_path(filename: str) -> str:
+    return str(Path(settings.RFCINDEX_OUTPUT_PATH) / filename)
+
+
+def save_to_red_bucket(filename: str, content: str | bytes):
+    red_bucket = storages["red_bucket"]
+    bucket_path = red_bucket_output_path(filename)
+    if getattr(settings, "RFCINDEX_DELETE_THEN_WRITE", True):
+        # Django 4.2's FileSystemStorage does not support allow_overwrite.
+        red_bucket.delete(bucket_path)
+    red_bucket.save(
+        bucket_path,
+        ContentFile(content if isinstance(content, bytes) else content.encode("utf-8")),
+    )
+    log(f"Saved {bucket_path} in red_bucket storage")
+
+
+def save_to_filesystem(
+    filename: str, content: str | bytes, subdirs: Iterable[str] = ()
+):
+    """Save contents to the RFC_PATH in the filesystem
+
+    Always saves directly to settings.RFC_PATH/filename. Additionally saves a copy
+    to settings.RFC_PATH/subdir/filename for each entry in subdirs. Uses shutil.copy2
+    to create the copies, which will preserve mtime and other metadata between copies.
+    """
+    rfc_path = Path(settings.RFC_PATH)
+    dest_path = rfc_path / filename
+    dest_path.write_bytes(
+        content if isinstance(content, bytes) else content.encode("utf-8")
+    )
+    for subdir in subdirs:
+        (rfc_path / subdir).mkdir(parents=False, exist_ok=True)
+        shutil.copy2(dest_path, rfc_path / subdir / filename)
+
+
+@dataclass
+class UnusableRfcNumber:
+    rfc_number: int
+    comment: str
+
+
+def get_unusable_rfc_numbers() -> list[UnusableRfcNumber]:
+    bucket_path = red_bucket_input_path("unusable-rfc-numbers.json") 
+    try:
+        with storages["red_bucket"].open(bucket_path) as urn_file:
+            records = json.load(urn_file)
+    except FileNotFoundError:
+        if settings.SERVER_MODE == "development":
+            log(
+                f"Unable to open {bucket_path} in red_bucket storage. This is okay in dev "
+                "but generated rfc-index will not agree with RFC Editor values."
+            )  # pragma: no cover
+            return []  # pragma: no cover
+        log(f"Error: unable to open {bucket_path} in red_bucket storage")
+        raise
+    except json.JSONDecodeError:
+        log(f"Error: unable to parse {bucket_path} in red_bucket storage")
+        if settings.SERVER_MODE == "development":
+            return []  # pragma: no cover
+        raise
+    assert all(isinstance(record["number"], int) for record in records)
+    assert all(isinstance(record["comment"], str) for record in records)
+    return [
+        UnusableRfcNumber(rfc_number=record["number"], comment=record["comment"])
+        for record in sorted(records, key=itemgetter("number"))
+    ]
+
+
+def get_april1_rfc_numbers() -> Container[int]:
+    bucket_path = red_bucket_input_path("april-first-rfc-numbers.json")
+    try:
+        with storages["red_bucket"].open(bucket_path) as urn_file:
+            records = json.load(urn_file)
+    except FileNotFoundError:
+        if settings.SERVER_MODE == "development":
+            log(
+                f"Unable to open {bucket_path} in red_bucket storage. This is okay in dev "
+                "but generated rfc-index will not agree with RFC Editor values."
+            )  # pragma: no cover
+            return []  # pragma: no cover
+        log(f"Error: unable to open {bucket_path} in red_bucket storage")
+        raise
+    except json.JSONDecodeError:
+        log(f"Error: unable to parse {bucket_path} in red_bucket storage")
+        if settings.SERVER_MODE == "development":
+            return []  # pragma: no cover
+        raise
+    assert all(isinstance(record, int) for record in records)
+    return records
+
+
+def get_publication_std_levels() -> dict[int, StdLevelName]:
+    bucket_path = red_bucket_input_path("publication-std-levels.json")
+    values: dict[int, StdLevelName] = {}
+    try:
+        with storages["red_bucket"].open(bucket_path) as urn_file:
+            records = json.load(urn_file)
+    except FileNotFoundError:
+        if settings.SERVER_MODE == "development":
+            log(
+                f"Unable to open {bucket_path} in red_bucket storage. This is okay in dev "
+                "but generated rfc-index will not agree with RFC Editor values."
+            )  # pragma: no cover
+            # intentionally fall through instead of return here
+        else:
+            log(f"Error: unable to open {bucket_path} in red_bucket storage")
+            raise
+    except json.JSONDecodeError:
+        log(f"Error: unable to parse {bucket_path} in red_bucket storage")
+        if settings.SERVER_MODE != "development":
+            raise
+    else:
+        assert all(isinstance(record["number"], int) for record in records)
+        values = {
+            record["number"]: StdLevelName.objects.get(
+                slug=record["publication_std_level"]
+            )
+            for record in records
+        }
+    # defaultdict to return "unknown" for any missing values
+    unknown_std_level = StdLevelName.objects.get(slug="unkn")
+    return defaultdict(lambda: unknown_std_level, values)
+
+
+def format_ordering(rfc_number):
+    if rfc_number < settings.FIRST_V3_RFC:
+        ordering = ["txt", "ps", "pdf", "html", "xml"]
+    else:
+        ordering = ["html", "txt", "ps", "pdf", "xml"]
+    return ordering.index  # return the method
+
+
+def get_rfc_text_index_entries():
+    """Returns RFC entries for rfc-index.txt"""
+    entries = []
+    april1_rfc_numbers = get_april1_rfc_numbers()
+    published_rfcs = Document.objects.filter(type_id="rfc").order_by("rfc_number")
+    rfcs = sorted(
+        chain(published_rfcs, get_unusable_rfc_numbers()), key=attrgetter("rfc_number")
+    )
+    for rfc in rfcs:
+        if isinstance(rfc, UnusableRfcNumber):
+            entries.append(f"{format_rfc_number(rfc.rfc_number)} Not Issued.")
+        else:
+            assert isinstance(rfc, Document)
+            authors = ", ".join(
+                author.format_for_titlepage() for author in rfc.rfcauthor_set.all()
+            )
+            published_at = rfc.pub_date()
+            date = (
+                published_at.strftime("1 %B %Y")
+                if rfc.rfc_number in april1_rfc_numbers
+                else published_at.strftime("%B %Y")
+            )
+
+            # formats
+            formats = ", ".join(
+                sorted(
+                    [
+                        format["fmt"]
+                        for format in rfc.formats()
+                        if format["fmt"] in FORMATS_FOR_INDEX
+                    ],
+                    key=format_ordering(rfc.rfc_number),
+                )
+            ).upper()
+
+            # obsoletes
+            obsoletes = ""
+            obsoletes_documents = sorted(
+                rfc.related_that_doc("obs"),
+                key=attrgetter("rfc_number"),
+            )
+            if len(obsoletes_documents) > 0:
+                obsoletes_names = ", ".join(
+                    f"RFC{format_rfc_number(doc.rfc_number)}"
+                    for doc in obsoletes_documents
+                )
+                obsoletes = f" (Obsoletes {obsoletes_names})"
+
+            # obsoleted by
+            obsoleted_by = ""
+            obsoleted_by_documents = sorted(
+                rfc.related_that("obs"),
+                key=attrgetter("rfc_number"),
+            )
+            if len(obsoleted_by_documents) > 0:
+                obsoleted_by_names = ", ".join(
+                    f"RFC{format_rfc_number(doc.rfc_number)}"
+                    for doc in obsoleted_by_documents
+                )
+                obsoleted_by = f" (Obsoleted by {obsoleted_by_names})"
+
+            # updates
+            updates = ""
+            updates_documents = sorted(
+                rfc.related_that_doc("updates"),
+                key=attrgetter("rfc_number"),
+            )
+            if len(updates_documents) > 0:
+                updates_names = ", ".join(
+                    f"RFC{format_rfc_number(doc.rfc_number)}"
+                    for doc in updates_documents
+                )
+                updates = f" (Updates {updates_names})"
+
+            # updated by
+            updated_by = ""
+            updated_by_documents = sorted(
+                rfc.related_that("updates"),
+                key=attrgetter("rfc_number"),
+            )
+            if len(updated_by_documents) > 0:
+                updated_by_names = ", ".join(
+                    f"RFC{format_rfc_number(doc.rfc_number)}"
+                    for doc in updated_by_documents
+                )
+                updated_by = f" (Updated by {updated_by_names})"
+
+            doc_relations = f"{obsoletes}{obsoleted_by}{updates}{updated_by} "
+
+            # subseries
+            subseries = ",".join(
+                f"{container.type.slug}{format_rfc_number(int(container.name[3:]))}"
+                for container in rfc.part_of()
+            ).upper()
+            if subseries:
+                subseries = f"(Also {subseries}) "
+
+            entry = fill(
+                (
+                    f"{format_rfc_number(rfc.rfc_number)} {rfc.title}. {authors}. {date}. "
+                    f"(Format: {formats}){doc_relations}{subseries}"
+                    f"(Status: {str(rfc.std_level).upper()}) "
+                    f"(DOI: {rfc.doi})"
+                ),
+                width=73,
+                subsequent_indent=" " * 5,
+            )
+            entries.append(entry)
+
+    return entries
+
+
+def subseries_text_line(line, first=False):
+    """Return subseries text entry line"""
+    indent = " " * SS_TXT_CUE_COL_WIDTH
+    if first:
+        initial_indent = " " * SS_TXT_MARGIN
+    else:
+        initial_indent = indent
+    return fill(
+        line,
+        initial_indent=initial_indent,
+        subsequent_indent=indent,
+        width=80,
+        break_on_hyphens=False,
+    )
+
+
+def get_bcp_text_index_entries():
+    """Returns BCP entries for bcp-index.txt"""
+    entries = []
+
+    highest_bcp_number = (
+        Document.objects.filter(type_id="bcp")
+        .annotate(
+            number=Cast(
+                Substr("name", 4, None),
+                output_field=models.IntegerField(),
+            )
+        )
+        .order_by("-number")
+        .first()
+        .number
+    )
+
+    for bcp_number in range(1, highest_bcp_number + 1):
+        bcp_name = f"BCP{bcp_number}"
+        bcp = Document.objects.filter(type_id="bcp", name=f"{bcp_name.lower()}").first()
+
+        if bcp:
+            entry = subseries_text_line(
+                (
+                    f"[{bcp_name}]"
+                    f"{' ' * (SS_TXT_CUE_COL_WIDTH - len(bcp_name) - 2 - SS_TXT_MARGIN)}"
+                    f"Best Current Practice {bcp_number},"
+                ),
+                first=True,
+            )
+            entry += "\n"
+            entry += subseries_text_line(
+                f"<{settings.RFC_EDITOR_INFO_BASE_URL}{bcp_name.lower()}>."
+            )
+            entry += "\n"
+            entry += subseries_text_line(
+                "At the time of writing, this BCP comprises the following:"
+            )
+            entry += "\n\n"
+            rfcs = sorted(bcp.contains(), key=lambda x: x.rfc_number)
+            for rfc in rfcs:
+                authors = ", ".join(
+                    author.format_for_titlepage() for author in rfc.rfcauthor_set.all()
+                )
+                entry += subseries_text_line(
+                    (
+                        f'{authors}, "{rfc.title}", BCP¶{bcp_number}, RFC¶{rfc.rfc_number}, '
+                        f"DOI¶{rfc.doi}, {rfc.pub_date().strftime('%B %Y')}, "
+                        f"<{settings.RFC_EDITOR_INFO_BASE_URL}rfc{rfc.rfc_number}>."
+                    )
+                ).replace("¶", " ")
+                entry += "\n\n"
+        else:
+            entry = subseries_text_line(
+                (
+                    f"[{bcp_name}]"
+                    f"{' ' * (SS_TXT_CUE_COL_WIDTH - len(bcp_name) - 2 - SS_TXT_MARGIN)}"
+                    f"Best Current Practice {bcp_number} currently contains no RFCs"
+                ),
+                first=True,
+            )
+        entries.append(entry)
+    return entries
+
+
+def get_std_text_index_entries():
+    """Returns STD entries for std-index.txt"""
+    entries = []
+
+    highest_std_number = (
+        Document.objects.filter(type_id="std")
+        .annotate(
+            number=Cast(
+                Substr("name", 4, None),
+                output_field=models.IntegerField(),
+            )
+        )
+        .order_by("-number")
+        .first()
+        .number
+    )
+
+    for std_number in range(1, highest_std_number + 1):
+        std_name = f"STD{std_number}"
+        std = Document.objects.filter(type_id="std", name=f"{std_name.lower()}").first()
+
+        if std and std.contains():
+            entry = subseries_text_line(
+                (
+                    f"[{std_name}]"
+                    f"{' ' * (SS_TXT_CUE_COL_WIDTH - len(std_name) - 2 - SS_TXT_MARGIN)}"
+                    f"Internet Standard {std_number},"
+                ),
+                first=True,
+            )
+            entry += "\n"
+            entry += subseries_text_line(
+                f"<{settings.RFC_EDITOR_INFO_BASE_URL}{std_name.lower()}>."
+            )
+            entry += "\n"
+            entry += subseries_text_line(
+                "At the time of writing, this STD comprises the following:"
+            )
+            entry += "\n\n"
+            rfcs = sorted(std.contains(), key=lambda x: x.rfc_number)
+            for rfc in rfcs:
+                authors = ", ".join(
+                    author.format_for_titlepage() for author in rfc.rfcauthor_set.all()
+                )
+                entry += subseries_text_line(
+                    (
+                        f'{authors}, "{rfc.title}", STD¶{std_number}, RFC¶{rfc.rfc_number}, '
+                        f"DOI¶{rfc.doi}, {rfc.pub_date().strftime('%B %Y')}, "
+                        f"<{settings.RFC_EDITOR_INFO_BASE_URL}rfc{rfc.rfc_number}>."
+                    )
+                ).replace("¶", " ")
+                entry += "\n\n"
+        else:
+            entry = subseries_text_line(
+                (
+                    f"[{std_name}]"
+                    f"{' ' * (SS_TXT_CUE_COL_WIDTH - len(std_name) - 2 - SS_TXT_MARGIN)}"
+                    f"Internet Standard {std_number} currently contains no RFCs"
+                ),
+                first=True,
+            )
+        entries.append(entry)
+    return entries
+
+
+def get_fyi_text_index_entries():
+    """Returns FYI entries for fyi-index.txt"""
+    entries = []
+
+    highest_fyi_number = (
+        Document.objects.filter(type_id="fyi")
+        .annotate(
+            number=Cast(
+                Substr("name", 4, None),
+                output_field=models.IntegerField(),
+            )
+        )
+        .order_by("-number")
+        .first()
+        .number
+    )
+
+    for fyi_number in range(1, highest_fyi_number + 1):
+        fyi_name = f"FYI{fyi_number}"
+        fyi = Document.objects.filter(type_id="fyi", name=f"{fyi_name.lower()}").first()
+
+        if fyi and fyi.contains():
+            entry = subseries_text_line(
+                (
+                    f"[{fyi_name}]"
+                    f"{' ' * (SS_TXT_CUE_COL_WIDTH - len(fyi_name) - 2 - SS_TXT_MARGIN)}"
+                    f"For Your Information {fyi_number},"
+                ),
+                first=True,
+            )
+            entry += "\n"
+            entry += subseries_text_line(
+                f"<{settings.RFC_EDITOR_INFO_BASE_URL}{fyi_name.lower()}>."
+            )
+            entry += "\n"
+            entry += subseries_text_line(
+                "At the time of writing, this FYI comprises the following:"
+            )
+            entry += "\n\n"
+            rfcs = sorted(fyi.contains(), key=lambda x: x.rfc_number)
+            for rfc in rfcs:
+                authors = ", ".join(
+                    author.format_for_titlepage() for author in rfc.rfcauthor_set.all()
+                )
+                entry += subseries_text_line(
+                    (
+                        f'{authors}, "{rfc.title}", FYI¶{fyi_number}, RFC¶{rfc.rfc_number}, '
+                        f"DOI¶{rfc.doi}, {rfc.pub_date().strftime('%B %Y')}, "
+                        f"<{settings.RFC_EDITOR_INFO_BASE_URL}rfc{rfc.rfc_number}>."
+                    )
+                ).replace("¶", " ")
+                entry += "\n\n"
+        else:
+            entry = subseries_text_line(
+                (
+                    f"[{fyi_name}]"
+                    f"{' ' * (SS_TXT_CUE_COL_WIDTH - len(fyi_name) - 2 - SS_TXT_MARGIN)}"
+                    f"For Your Information {fyi_number} currently contains no RFCs"
+                ),
+                first=True,
+            )
+        entries.append(entry)
+    return entries
+
+
+def add_subseries_xml_index_entries(rfc_index, ss_type, include_all=False):
+    """Add subseries entries for rfc-index.xml"""
+    # subseries docs annotated with numeric number
+    ss_docs = list(
+        Document.objects.filter(type_id=ss_type)
+        .annotate(
+            number=Cast(
+                Substr("name", 4, None),
+                output_field=models.IntegerField(),
+            )
+        )
+        .order_by("-number")
+    )
+    if len(ss_docs) == 0:
+        return  # very much not expected
+    highest_number = ss_docs[0].number
+    for ss_number in range(1, highest_number + 1):
+        if ss_docs[-1].number == ss_number:
+            this_ss_doc = ss_docs.pop()
+            contained_rfcs = this_ss_doc.contains()
+        else:
+            contained_rfcs = []
+        if len(contained_rfcs) == 0 and not include_all:
+            continue
+        entry = etree.SubElement(rfc_index, f"{ss_type}-entry")
+        etree.SubElement(
+            entry, "doc-id"
+        ).text = f"{ss_type.upper()}{format_rfc_number(ss_number)}"
+        if len(contained_rfcs) > 0:
+            is_also = etree.SubElement(entry, "is-also")
+            for rfc in sorted(contained_rfcs, key=attrgetter("rfc_number")):
+                etree.SubElement(
+                    is_also, "doc-id"
+                ).text = f"RFC{format_rfc_number(rfc.rfc_number)}"
+
+
+def add_related_xml_index_entries(root: etree.Element, rfc: Document, tag: str):
+    relation_getter = {
+        "obsoletes": lambda doc: doc.related_that_doc("obs"),
+        "obsoleted-by": lambda doc: doc.related_that("obs"),
+        "updates": lambda doc: doc.related_that_doc("updates"),
+        "updated-by": lambda doc: doc.related_that("updates"),
+    }
+    related_docs = sorted(
+        relation_getter[tag](rfc),
+        key=attrgetter("rfc_number"),
+    )
+    if len(related_docs) > 0:
+        element = etree.SubElement(root, tag)
+        for doc in related_docs:
+            etree.SubElement(
+                element, "doc-id"
+            ).text = f"RFC{format_rfc_number(doc.rfc_number)}"
+
+
+def add_rfc_xml_index_entries(rfc_index):
+    """Add RFC entries for rfc-index.xml"""
+    entries = []
+    april1_rfc_numbers = get_april1_rfc_numbers()
+    publication_statuses = get_publication_std_levels()
+
+    published_rfcs = Document.objects.filter(type_id="rfc").order_by("rfc_number")
+
+    # Iterators for unpublished and published, both sorted by number
+    unpublished_iter = iter(get_unusable_rfc_numbers())
+    published_iter = iter(published_rfcs)
+
+    # Prime the next_* values
+    next_unpublished = next(unpublished_iter, None)
+    next_published = next(published_iter, None)
+
+    while next_published is not None or next_unpublished is not None:
+        if next_unpublished is not None and (
+            next_published is None
+            or next_unpublished.rfc_number < next_published.rfc_number
+        ):
+            entry = etree.SubElement(rfc_index, "rfc-not-issued-entry")
+            etree.SubElement(
+                entry, "doc-id"
+            ).text = f"RFC{format_rfc_number(next_unpublished.rfc_number)}"
+            entries.append(entry)
+            next_unpublished = next(unpublished_iter, None)
+            continue
+
+        rfc = next_published  # hang on to this
+        next_published = next(published_iter, None)  # prep for next iteration
+        entry = etree.SubElement(rfc_index, "rfc-entry")
+
+        etree.SubElement(
+            entry, "doc-id"
+        ).text = f"RFC{format_rfc_number(rfc.rfc_number)}"
+        etree.SubElement(entry, "title").text = rfc.title
+
+        for author in rfc.rfcauthor_set.all():
+            author_element = etree.SubElement(entry, "author")
+            etree.SubElement(author_element, "name").text = author.titlepage_name
+            if author.is_editor:
+                etree.SubElement(author_element, "title").text = "Editor"
+
+        date = etree.SubElement(entry, "date")
+        published_at = rfc.pub_date()
+        etree.SubElement(date, "month").text = published_at.strftime("%B")
+        if rfc.rfc_number in april1_rfc_numbers:
+            etree.SubElement(date, "day").text = str(published_at.day)
+        etree.SubElement(date, "year").text = str(published_at.year)
+
+        format_ = etree.SubElement(entry, "format")
+        fmts = [ff["fmt"] for ff in rfc.formats() if ff["fmt"] in FORMATS_FOR_INDEX]
+        for fmt in sorted(fmts, key=format_ordering(rfc.rfc_number)):
+            match_legacy = getattr(settings, "RFCINDEX_MATCH_LEGACY_XML", False)
+            etree.SubElement(format_, "file-format").text = (
+                "ASCII" if match_legacy and fmt == "txt" else fmt.upper()
+            )
+
+        etree.SubElement(entry, "page-count").text = str(rfc.pages)
+
+        if len(rfc.keywords) > 0:
+            keywords = etree.SubElement(entry, "keywords")
+            for keyword in rfc.keywords:
+                etree.SubElement(keywords, "kw").text = keyword.strip()
+
+        if rfc.abstract:
+            abstract = etree.SubElement(entry, "abstract")
+            for paragraph in rfc.abstract.split("\n\n"):
+                etree.SubElement(abstract, "p").text = paragraph.strip()
+
+        draft = rfc.came_from_draft()
+        if draft is not None:
+            etree.SubElement(entry, "draft").text = f"{draft.name}-{draft.rev}"
+
+        part_of_documents = rfc.part_of()
+        if len(part_of_documents) > 0:
+            is_also = etree.SubElement(entry, "is-also")
+            for doc in part_of_documents:
+                etree.SubElement(is_also, "doc-id").text = doc.name.upper()
+
+        add_related_xml_index_entries(entry, rfc, "obsoletes")
+        add_related_xml_index_entries(entry, rfc, "obsoleted-by")
+        add_related_xml_index_entries(entry, rfc, "updates")
+        add_related_xml_index_entries(entry, rfc, "updated-by")
+
+        etree.SubElement(entry, "current-status").text = rfc.std_level.name.upper()
+        etree.SubElement(entry, "publication-status").text = publication_statuses[
+            rfc.rfc_number
+        ].name.upper()
+        etree.SubElement(entry, "stream").text = (
+            "INDEPENDENT" if rfc.stream_id == "ise" else rfc.stream.name
+        )
+
+        # Add area / wg_acronym
+        if rfc.stream_id == "ietf":
+            if rfc.group.type_id in ["individ", "area"]:
+                etree.SubElement(entry, "wg_acronym").text = "NON WORKING GROUP"
+            else:
+                if rfc.area is not None:
+                    etree.SubElement(entry, "area").text = rfc.area.acronym
+                if rfc.group:
+                    etree.SubElement(entry, "wg_acronym").text = rfc.group.acronym
+
+        if rfc.tags.filter(slug="errata").exists():
+            etree.SubElement(entry, "errata-url").text = errata_url(rfc)
+        etree.SubElement(entry, "doi").text = rfc.doi
+        entries.append(entry)
+
+
+def create_rfc_txt_index():
+    """Create text index of published documents"""
+    DATE_FMT = "%m/%d/%Y"
+    created_on = timezone.now().strftime(DATE_FMT)
+    log("Creating rfc-index.txt")
+    index = render_to_string(
+        "sync/rfc-index.txt",
+        {
+            "created_on": created_on,
+            "rfcs": get_rfc_text_index_entries(),
+        },
+    )
+    filename = "rfc-index.txt"
+    save_to_red_bucket(filename, index)
+    save_to_filesystem(filename, index)
+
+
+def create_rfc_xml_index():
+    """Create XML index of published documents"""
+    XSI_NAMESPACE = "http://www.w3.org/2001/XMLSchema-instance"
+    XSI = "{" + XSI_NAMESPACE + "}"
+
+    log("Creating rfc-index.xml")
+    rfc_index = etree.Element(
+        "rfc-index",
+        nsmap={
+            None: "https://www.rfc-editor.org/rfc-index",
+            "xsi": XSI_NAMESPACE,
+        },
+        attrib={
+            XSI + "schemaLocation": (
+                "https://www.rfc-editor.org/rfc-index "
+                "https://www.rfc-editor.org/rfc-index.xsd"
+            ),
+        },
+    )
+
+    # add data
+    add_subseries_xml_index_entries(rfc_index, "bcp", include_all=True)
+    add_subseries_xml_index_entries(rfc_index, "fyi")
+    add_rfc_xml_index_entries(rfc_index)
+    add_subseries_xml_index_entries(rfc_index, "std")
+
+    # make it pretty
+    pretty_index = etree.tostring(
+        rfc_index,
+        encoding="utf-8",
+        xml_declaration=True,
+        pretty_print=4,
+    )
+    filename = "rfc-index.xml"
+    save_to_red_bucket(filename, pretty_index)
+    save_to_filesystem(filename, pretty_index)
+
+
+def create_bcp_txt_index():
+    """Create text index of BCPs"""
+    DATE_FMT = "%m/%d/%Y"
+    created_on = timezone.now().strftime(DATE_FMT)
+    log("Creating bcp-index.txt")
+    index = render_to_string(
+        "sync/bcp-index.txt",
+        {
+            "created_on": created_on,
+            "bcps": get_bcp_text_index_entries(),
+        },
+    )
+    filename = "bcp-index.txt"
+    save_to_red_bucket(filename, index)
+    save_to_filesystem(filename, index, ["bcp"])
+
+
+def create_std_txt_index():
+    """Create text index of STDs"""
+    DATE_FMT = "%m/%d/%Y"
+    created_on = timezone.now().strftime(DATE_FMT)
+    log("Creating std-index.txt")
+    index = render_to_string(
+        "sync/std-index.txt",
+        {
+            "created_on": created_on,
+            "stds": get_std_text_index_entries(),
+        },
+    )
+    filename = "std-index.txt"
+    save_to_red_bucket(filename, index)
+    save_to_filesystem(filename, index, ["std"])
+
+
+def create_fyi_txt_index():
+    """Create text index of FYIs"""
+    DATE_FMT = "%m/%d/%Y"
+    created_on = timezone.now().strftime(DATE_FMT)
+    log("Creating fyi-index.txt")
+    index = render_to_string(
+        "sync/fyi-index.txt",
+        {
+            "created_on": created_on,
+            "fyis": get_fyi_text_index_entries(),
+        },
+    )
+    filename = "fyi-index.txt"
+    save_to_red_bucket(filename, index)
+    save_to_filesystem(filename, index, ["fyi"])
+
+
+## DirtyBits management for the RFC index
+
+RFCINDEX_SLUG = DirtyBits.Slugs.RFCINDEX
+
+
+def mark_rfcindex_as_dirty():
+    _, created = DirtyBits.objects.update_or_create(
+        slug=RFCINDEX_SLUG, defaults={"dirty_time": timezone.now()}
+    )
+    if created:
+        log(f"Created DirtyBits(slug='{RFCINDEX_SLUG}')")
+
+
+def mark_rfcindex_as_processed(when: datetime.datetime):
+    n_updated = DirtyBits.objects.filter(
+        Q(processed_time__isnull=True) | Q(processed_time__lt=when),
+        slug=RFCINDEX_SLUG,
+    ).update(processed_time=when)
+    if n_updated > 0:
+        log(f"processed_time is now {when.isoformat()}")
+    else:
+        log("processed_time not updated, no matching record found")
+
+
+def rfcindex_is_dirty():
+    """Does the rfc index need to be updated?"""
+    dirty_work, created = DirtyBits.objects.get_or_create(
+        slug=RFCINDEX_SLUG, defaults={"dirty_time": timezone.now()}
+    )
+    if created:
+        log(f"Created DirtyBits(slug='{RFCINDEX_SLUG}')")
+    display_processed_time = (
+        dirty_work.processed_time.isoformat()
+        if dirty_work.processed_time is not None
+        else "never"
+    )
+    log(
+        f"DirtyBits(slug='{RFCINDEX_SLUG}'): "
+        f"dirty_time={dirty_work.dirty_time.isoformat()} "
+        f"processed_time={display_processed_time}"
+    )
+    return (
+        dirty_work.processed_time is None
+        or dirty_work.dirty_time >= dirty_work.processed_time
+    )
diff --git a/ietf/sync/tasks.py b/ietf/sync/tasks.py
index fc75a056ed..4ccd5db4bb 100644
--- a/ietf/sync/tasks.py
+++ b/ietf/sync/tasks.py
@@ -1,4 +1,4 @@
-# Copyright The IETF Trust 2024, All Rights Reserved
+# Copyright The IETF Trust 2024-2026, All Rights Reserved
 #
 # Celery task definitions
 #
@@ -13,11 +13,27 @@
 from django.conf import settings
 from django.utils import timezone
 
-from ietf.doc.models import DocEvent, RelatedDocument
+from ietf.doc.models import DocEvent, DocTagName, Document, RelatedDocument, RpcAssignmentDocEvent, State
 from ietf.doc.tasks import rebuild_reference_relations_task
+from ietf.doc.utils import add_state_change_event, new_state_change_event, update_action_holders
+from ietf.person.models import Person
+from ietf.utils.mail import send_mail_text
 from ietf.sync import iana
 from ietf.sync import rfceditor
+from ietf.sync.errata import (
+    errata_are_dirty,
+    mark_errata_as_processed,
+    update_errata_from_rfceditor,
+)
 from ietf.sync.rfceditor import MIN_QUEUE_RESULTS, parse_queue, update_drafts_from_queue
+from ietf.sync.rfcindex import (
+    create_bcp_txt_index,
+    create_fyi_txt_index,
+    create_rfc_txt_index,
+    create_rfc_xml_index,
+    create_std_txt_index,
+    rfcindex_is_dirty, mark_rfcindex_as_processed, mark_rfcindex_as_dirty,
+)
 from ietf.sync.utils import build_from_file_content, load_rfcs_into_blobdb, rsync_helper
 from ietf.utils import log
 from ietf.utils.timezone import date_today
@@ -26,13 +42,13 @@
 @shared_task
 def rfc_editor_index_update_task(full_index=False):
     """Update metadata from the RFC index
-    
+
     Default is to examine only changes in the past 365 days. Call with full_index=True to update
     the full RFC index.
-    
+
     According to comments on the original script, a year's worth took about 20s on production as of
     August 2022
-    
+
     The original rfc-editor-index-update script had a long-disabled provision for running the
     rebuild_reference_relations scripts after the update. That has not been brought over
     at all because it should be implemented as its own task if it is needed.
@@ -50,7 +66,7 @@ def rfc_editor_index_update_task(full_index=False):
             timeout=30,  # seconds
         )
     except requests.Timeout as exc:
-        log.log(f'GET request timed out retrieving RFC editor index: {exc}')
+        log.log(f"GET request timed out retrieving RFC editor index: {exc}")
         return  # failed
     rfc_index_xml = response.text
     index_data = rfceditor.parse_index(io.StringIO(rfc_index_xml))
@@ -60,9 +76,9 @@ def rfc_editor_index_update_task(full_index=False):
             timeout=30,  # seconds
         )
     except requests.Timeout as exc:
-        log.log(f'GET request timed out retrieving RFC editor errata: {exc}')
+        log.log(f"GET request timed out retrieving RFC editor errata: {exc}")
         return  # failed
-    errata_data = response.json()   
+    errata_data = response.json()
     if len(index_data) < rfceditor.MIN_INDEX_RESULTS:
         log.log("Not enough index entries, only %s" % len(index_data))
         return  # failed
@@ -95,15 +111,15 @@ def rfc_editor_queue_updates_task():
     drafts, warnings = parse_queue(io.StringIO(response.text))
     for w in warnings:
         log.log(f"Warning: {w}")
-    
+
     if len(drafts) < MIN_QUEUE_RESULTS:
         log.log("Not enough results, only %s" % len(drafts))
         return  # failed
-    
+
     changed, warnings = update_drafts_from_queue(drafts)
     for w in warnings:
         log.log(f"Warning: {w}")
-    
+
     for c in changed:
         log.log(f"Updated {c}")
 
@@ -119,9 +135,11 @@ def iana_changes_update_task():
     MAX_INTERVAL_ACCEPTED_BY_IANA = datetime.timedelta(hours=23)
 
     start = (
-        timezone.now() 
-        - datetime.timedelta(hours=23) 
-        + datetime.timedelta(seconds=CLOCK_SKEW_COMPENSATION,)
+        timezone.now()
+        - datetime.timedelta(hours=23)
+        + datetime.timedelta(
+            seconds=CLOCK_SKEW_COMPENSATION,
+        )
     )
     end = start + datetime.timedelta(hours=23)
 
@@ -132,7 +150,9 @@ def iana_changes_update_task():
         # requests if necessary
 
         text = iana.fetch_changes_json(
-            settings.IANA_SYNC_CHANGES_URL, t, min(end, t + MAX_INTERVAL_ACCEPTED_BY_IANA)
+            settings.IANA_SYNC_CHANGES_URL,
+            t,
+            min(end, t + MAX_INTERVAL_ACCEPTED_BY_IANA),
         )
         log.log(f"Retrieved the JSON: {text}")
 
@@ -158,9 +178,9 @@ def iana_protocols_update_task():
     # "this needs to be the date where this tool is first deployed" in the original
     # iana-protocols-updates script)"
     rfc_must_published_later_than = datetime.datetime(
-        2012, 
-        11, 
-        26, 
+        2012,
+        11,
+        26,
         tzinfo=datetime.UTC,
     )
 
@@ -170,17 +190,17 @@ def iana_protocols_update_task():
             timeout=30,
         )
     except requests.Timeout as exc:
-        log.log(f'GET request timed out retrieving IANA protocols page: {exc}')
+        log.log(f"GET request timed out retrieving IANA protocols page: {exc}")
         return
 
     rfc_numbers = iana.parse_protocol_page(response.text)
 
     def batched(l, n):
         """Split list l up in batches of max size n.
-        
+
         For Python 3.12 or later, replace this with itertools.batched()
         """
-        return (l[i:i + n] for i in range(0, len(l), n))
+        return (l[i : i + n] for i in range(0, len(l), n))
 
     for batch in batched(rfc_numbers, 100):
         updated = iana.update_rfc_log_from_protocol_page(
@@ -191,6 +211,7 @@ def batched(l, n):
         for d in updated:
             log.log("Added history entry for %s" % d.display_name())
 
+
 @shared_task
 def fix_subseries_docevents_task():
     """Repairs DocEvents related to bugs around removing docs from subseries
@@ -232,6 +253,7 @@ def fix_subseries_docevents_task():
             time=obsoleting_time
         )
 
+
 @shared_task
 def rsync_rfcs_from_rfceditor_task(rfc_numbers: list[int]):
     log.log(f"Rsyncing rfcs from rfc-editor: {rfc_numbers}")
@@ -272,3 +294,197 @@ def load_rfcs_into_blobdb_task(start: int, end: int):
     if end > 11000:  # Arbitrarily chosen
         end = 11000
     load_rfcs_into_blobdb(list(range(start, end + 1)))
+
+
+@shared_task
+def update_errata_from_rfceditor_task():
+    if errata_are_dirty():
+        # new_processed_time is the *start* of processing so that any changes after
+        # this point will trigger another refresh
+        new_processed_time = timezone.now()
+        changed_numbers = update_errata_from_rfceditor()
+        mark_errata_as_processed(new_processed_time)
+        mark_rfcindex_as_dirty()  # ensure any changes are reflected in the indexes
+        if changed_numbers:
+            update_rfc_json_task.delay(list(changed_numbers))
+
+
+@shared_task
+def update_rfc_json_task(rfc_numbers: list[int]) -> None:
+    from ietf.doc.utils_rfc_json import generate_rfc_json
+    from ietf.sync.rfcindex import get_publication_std_levels
+
+    try:
+        pub_levels = get_publication_std_levels()
+    except Exception as e:
+        log.log(f"update_rfc_json_task: failed to get publication std levels: {e}")
+        return
+    for rfc_number in rfc_numbers:
+        try:
+            generate_rfc_json(rfc_number, pub_levels=pub_levels)
+        except Exception as e:
+            log.log(f"update_rfc_json_task: failed for RFC {rfc_number}: {e}")
+
+
+@shared_task
+def refresh_rfc_index_task():
+    if rfcindex_is_dirty():
+        # new_processed_time is the *start* of processing so that any changes after
+        # this point will trigger another refresh
+        new_processed_time = timezone.now()
+
+        try:
+            create_rfc_txt_index()
+        except Exception as e:
+            log.log(f"Error: failure in creating rfc-index.txt. {e}")
+            pass
+
+        try:
+            create_rfc_xml_index()
+        except Exception as e:
+            log.log(f"Error: failure in creating rfc-index.xml. {e}")
+            pass
+
+        try:
+            create_bcp_txt_index()
+        except Exception as e:
+            log.log(f"Error: failure in creating bcp-index.txt. {e}")
+            pass
+
+        try:
+            create_std_txt_index()
+        except Exception as e:
+            log.log(f"Error: failure in creating std-index.txt. {e}")
+            pass
+
+        try:
+            create_fyi_txt_index()
+        except Exception as e:
+            log.log(f"Error: failure in creating fyi-index.txt. {e}")
+            pass
+
+        mark_rfcindex_as_processed(new_processed_time)
+
+
+@shared_task
+def process_rpc_queue_task(data: list):
+    in_progress_state = State.objects.get(
+        used=True, type="draft-rfceditor", slug="in_progress"
+    )
+    blocked_state = State.objects.get(used=True, type="draft-rfceditor", slug="blocked")
+    system = Person.objects.get(name="(System)")
+    iana_ref_tags = list(DocTagName.objects.filter(slug__in=["iana", "ref"]))
+
+    names = [obj["name"] for obj in data]
+    docs_in_db = {
+        d.name: d for d in Document.objects.filter(type="draft", name__in=names)
+    }
+
+    for obj in data:
+        name = obj["name"]
+        if name not in docs_in_db:
+            log.log(f"process_rpc_queue_task: unknown document {name}")
+            continue
+
+        d = docs_in_db[name]
+        events = []
+        prev_state = d.get_state("draft-rfceditor")
+
+        # Same check as ietf.sync.rfceditor.update_drafts_from_queue:
+        # if this document just arrived at the RFC Editor for the first time, record it.
+        if (
+            d.get_state_slug("draft-iesg") == "ann"
+            and not prev_state
+            and not d.latest_event(DocEvent, type="rfc_editor_received_announcement")
+        ):
+            e = DocEvent(
+                doc=d, rev=d.rev, by=system, type="rfc_editor_received_announcement"
+            )
+            e.desc = "Announcement was received by RFC Editor"
+            e.save()
+            send_mail_text(
+                None,
+                "iesg-secretary@ietf.org",
+                None,
+                "%s in RFC Editor queue" % d.name,
+                "The announcement for %s has been received by the RFC Editor." % d.name,
+            )
+            prev_iesg_state = State.objects.get(
+                used=True, type="draft-iesg", slug="ann"
+            )
+            next_iesg_state = State.objects.get(
+                used=True, type="draft-iesg", slug="rfcqueue"
+            )
+            d.set_state(next_iesg_state)
+            e = add_state_change_event(d, system, prev_iesg_state, next_iesg_state)
+            if e:
+                events.append(e)
+            e = update_action_holders(d, prev_iesg_state, next_iesg_state)
+            if e:
+                events.append(e)
+
+        is_blocked = any(a["role"] == "blocked" for a in obj.get("assignment_set", []))
+        next_state = blocked_state if is_blocked else in_progress_state
+
+        if prev_state != next_state:
+            d.set_state(next_state)
+            e = new_state_change_event(d, system, prev_state, next_state)
+            if e:
+                e.save()
+                events.append(e)
+
+        roles = sorted(a["role"] for a in obj.get("assignment_set", []))
+        next_assignments = ", ".join(roles)
+        blocking_names = sorted(
+            br["reason"]["name"] for br in obj.get("blocking_reasons", [])
+        )
+        if blocking_names:
+            next_assignments += ": " + ", ".join(blocking_names)
+
+        if next_assignments == "":
+            next_assignments = "Awaiting Editor Assignment"
+
+        prev_assignments_event = d.latest_event(
+            RpcAssignmentDocEvent, type="changed_rpc_assignments"
+        )
+        prev_assignments = (
+            prev_assignments_event.assignments if prev_assignments_event else None
+        )
+
+        if next_assignments != prev_assignments:
+            e = RpcAssignmentDocEvent(
+                doc=d,
+                rev=d.rev,
+                by=system,
+                type="changed_rpc_assignments",
+                assignments=next_assignments,
+            )
+            e.desc = f"RPC status changed to {next_assignments}"
+            if prev_assignments is not None and prev_assignments != "":
+                e.desc += f" from {prev_assignments}"
+            e.save()
+            events.append(e)
+
+        rfc_number = obj.get("rfc_number")
+        if obj.get("final_approval") and rfc_number:
+            d.documenturl_set.update_or_create(
+                tag_id="auth48",
+                defaults=dict(
+                    url=f"{settings.RFC_EDITOR_QUEUE_SITE_BASE_URL}/final-review/rfc{rfc_number}/"
+                ),
+            )
+        else:
+            d.documenturl_set.filter(tag_id="auth48").delete()
+
+        d.tags.remove(*iana_ref_tags)
+
+        if events:
+            d.save_with_history(events)
+
+    for d in (
+        Document.objects.exclude(name__in=names)
+        .filter(states__type="draft-rfceditor")
+        .distinct()
+    ):
+        d.tags.remove(*iana_ref_tags)
+        d.unset_state("draft-rfceditor")
diff --git a/ietf/sync/tests.py b/ietf/sync/tests.py
index 21d6cb5cd5..99ca7b0008 100644
--- a/ietf/sync/tests.py
+++ b/ietf/sync/tests.py
@@ -1,5 +1,4 @@
-# Copyright The IETF Trust 2012-2020, All Rights Reserved
-# -*- coding: utf-8 -*-
+# Copyright The IETF Trust 2012-2026, All Rights Reserved
 
 
 import os
@@ -13,6 +12,8 @@
 from dataclasses import dataclass
 
 from django.conf import settings
+from django.core.files.base import ContentFile
+from django.core.files.storage import storages
 from django.urls import reverse as urlreverse
 from django.utils import timezone
 from django.test.utils import override_settings
@@ -25,15 +26,34 @@
     RfcFactory,
     DocumentAuthorFactory,
     DocEventFactory,
-    BcpFactory,
+    BcpFactory, WgRfcFactory,
+)
+from ietf.doc.models import (
+    Document,
+    DocEvent,
+    DeletedEvent,
+    DocTagName,
+    RelatedDocument,
+    State,
+    StateDocEvent,
 )
-from ietf.doc.models import Document, DocEvent, DeletedEvent, DocTagName, RelatedDocument, State, StateDocEvent
 from ietf.doc.utils import add_state_change_event
 from ietf.group.factories import GroupFactory
 from ietf.person.factories import PersonFactory
 from ietf.person.models import Person
 from ietf.sync import iana, rfceditor, tasks
+from ietf.sync.errata import (
+    update_errata_from_rfceditor,
+    get_errata_last_updated,
+    get_errata_data,
+    errata_map_from_json,
+    update_errata_dirty_time,
+    mark_errata_as_processed,
+    update_errata_tags,
+)
+from ietf.sync.tasks import update_errata_from_rfceditor_task
 from ietf.utils.mail import outbox, empty_outbox
+from ietf.utils.models import DirtyBits
 from ietf.utils.test_utils import login_testing_unauthorized
 from ietf.utils.test_utils import TestCase
 from ietf.utils.timezone import date_today, RPC_TZINFO
@@ -775,30 +795,6 @@ def test_update_draft_auth48_url(self):
         auth48_docurl = draft.documenturl_set.filter(tag_id='auth48').first()
         self.assertIsNone(auth48_docurl)
 
-    def test_post_approved_draft_in_production_only(self):
-        self.requests_mock.post("https://rfceditor.example.com/", status_code=200, text="OK")
-
-        # be careful playing with SERVER_MODE!
-        with override_settings(SERVER_MODE="test"):
-            self.assertEqual(
-                rfceditor.post_approved_draft("https://rfceditor.example.com/", "some-draft"),
-                ("", "")
-            )
-            self.assertFalse(self.requests_mock.called)
-        with override_settings(SERVER_MODE="development"):
-            self.assertEqual(
-                rfceditor.post_approved_draft("https://rfceditor.example.com/", "some-draft"),
-                ("", "")
-            )
-            self.assertFalse(self.requests_mock.called)
-        with override_settings(SERVER_MODE="production"):
-            self.assertEqual(
-                rfceditor.post_approved_draft("https://rfceditor.example.com/", "some-draft"),
-                ("", "")
-            )
-            self.assertTrue(self.requests_mock.called)
-
-
 class DiscrepanciesTests(TestCase):
     def test_discrepancies(self):
 
@@ -882,6 +878,202 @@ def test_rfceditor_undo(self):
         self.assertTrue(StateDocEvent.objects.filter(desc="First", doc=draft))
 
 
+class ErrataTests(TestCase):
+    @override_settings(ERRATA_JSON_BLOB_NAME="myblob.json")
+    def test_get_errata_last_update(self):
+        red_bucket = storages["red_bucket"]  # InMemoryStorage in test
+        red_bucket.save("myblob.json", ContentFile("file"))
+        self.assertEqual(
+            get_errata_last_updated(), red_bucket.get_modified_time("myblob.json")
+        )
+    
+    @override_settings(ERRATA_JSON_BLOB_NAME="myblob.json")
+    def test_get_errata_data(self):
+        red_bucket = storages["red_bucket"]  # InMemoryStorage in test
+        red_bucket.save("myblob.json", ContentFile('[{"value": 3}]'))
+        self.assertEqual(
+            get_errata_data(),
+            [{"value": 3}],
+        )
+
+    def test_errata_map_from_json(self):
+        input_data = [
+            {
+                "doc-id": "not-an-rfc",
+                "errata_status_code": "Verified",
+            },
+            {
+                "doc-id": "rfc01234",
+                "errata_status_code": "Reported",
+            },
+            {
+                "doc-id": "RFC1001",
+                "errata_status_code": "Verified"
+            },
+            {
+                "doc-id": "RfC1234",
+                "errata_status_code": "Verified",
+            },
+        ]
+        expected_output = {1001: [input_data[2]], 1234: [input_data[1], input_data[3]]}
+        self.assertDictEqual(errata_map_from_json(input_data), expected_output)
+
+    @mock.patch("ietf.sync.errata.update_errata_tags")
+    @mock.patch("ietf.sync.errata.get_errata_data")
+    def test_update_errata_from_rfceditor(self, mock_get_data, mock_update):
+        fake_data = object()
+        fake_changed = {1234, 5678}
+        mock_get_data.return_value = fake_data
+        mock_update.return_value = fake_changed
+        result = update_errata_from_rfceditor()
+        self.assertTrue(mock_get_data.called)
+        self.assertTrue(mock_update.called)
+        self.assertEqual(mock_update.call_args, mock.call(fake_data))
+        self.assertEqual(result, fake_changed)
+
+    def test_update_errata_tags(self):
+        tag_has_errata = DocTagName.objects.get(slug="errata")
+        tag_has_verified_errata = DocTagName.objects.get(slug="verified-errata")
+
+        rfcs = WgRfcFactory.create_batch(10)
+        rfcs[0].tags.set([tag_has_errata])
+        rfcs[1].tags.set([tag_has_errata, tag_has_verified_errata])
+        rfcs[2].tags.set([tag_has_errata])
+        rfcs[3].tags.set([tag_has_errata, tag_has_verified_errata])
+        rfcs[4].tags.set([tag_has_errata])
+        rfcs[5].tags.set([tag_has_errata, tag_has_verified_errata])
+
+        # Only contains the fields we care about, not the full JSON
+        errata_data = [
+            # rfcs[0] had errata and should keep it
+            {"doc-id": rfcs[0].name, "errata_status_code": "Held for Document Update"},
+            {"doc-id": rfcs[0].name, "errata_status_code": "Rejected"},
+            # rfcs[1] had errata+verified-errata and should keep both
+            {"doc-id": rfcs[1].name, "errata_status_code": "Verified"},
+            # rfcs[2] had errata and should gain verified-errata
+            {"doc-id": rfcs[2].name, "errata_status_code": "Verified"},
+            # rfcs[3] had errata+verified errata and should lose both
+            {"doc-id": rfcs[3].name, "errata_status_code": "Rejected"},
+            # rfcs[4] had errata and should gain verified-errata
+            {"doc-id": rfcs[4].name, "errata_status_code": "Verified"},
+            {"doc-id": rfcs[4].name, "errata_status_code": "Reported"},
+            # rfcs[5] had errata+verified-errata and should lose verified-errata
+            {"doc-id": rfcs[5].name, "errata_status_code": "Reported"},
+            # rfcs[6] had none and should gain errata
+            {"doc-id": rfcs[6].name, "errata_status_code": "Reported"},
+            # rfcs[7] had none and should gain errata+verified-errata
+            {"doc-id": rfcs[7].name, "errata_status_code": "Verified"},
+            # rfcs[8] had none and it should stay that way
+            {"doc-id": rfcs[8].name, "errata_status_code": "Rejected"},
+            # rfcs[9] had none and it should stay that way (no entry at all)
+        ]
+        changed = update_errata_tags(errata_data)
+
+        self.assertCountEqual(rfcs[0].tags.all(), [tag_has_errata])
+        self.assertIsNone(rfcs[0].docevent_set.first())  # no change
+
+        self.assertCountEqual(
+            rfcs[1].tags.all(), [tag_has_errata, tag_has_verified_errata]
+        )
+        self.assertIsNone(rfcs[1].docevent_set.first())  # no change
+
+        self.assertCountEqual(
+            rfcs[2].tags.all(), [tag_has_errata, tag_has_verified_errata]
+        )
+        self.assertEqual(rfcs[2].docevent_set.count(), 1)
+        self.assertIn(": added verified-errata tag", rfcs[2].docevent_set.first().desc)
+
+        self.assertCountEqual(rfcs[3].tags.all(), [])
+        self.assertEqual(rfcs[3].docevent_set.count(), 1)
+        self.assertIn(
+            ": removed errata tag, removed verified-errata tag (all errata rejected)",
+            rfcs[3].docevent_set.first().desc,
+        )
+
+        self.assertCountEqual(
+            rfcs[4].tags.all(), [tag_has_errata, tag_has_verified_errata]
+        )
+        self.assertEqual(rfcs[4].docevent_set.count(), 1)
+        self.assertIn(": added verified-errata tag", rfcs[4].docevent_set.first().desc)
+
+        self.assertCountEqual(rfcs[5].tags.all(), [tag_has_errata])
+        self.assertEqual(rfcs[5].docevent_set.count(), 1)
+        self.assertIn(
+            ": removed verified-errata tag", rfcs[5].docevent_set.first().desc
+        )
+
+        self.assertCountEqual(rfcs[6].tags.all(), [tag_has_errata])
+        self.assertEqual(rfcs[6].docevent_set.count(), 1)
+        self.assertIn(": added errata tag", rfcs[6].docevent_set.first().desc)
+
+        self.assertCountEqual(
+            rfcs[7].tags.all(), [tag_has_errata, tag_has_verified_errata]
+        )
+        self.assertEqual(rfcs[7].docevent_set.count(), 1)
+        self.assertIn(
+            ": added errata tag, added verified-errata tag",
+            rfcs[7].docevent_set.first().desc,
+        )
+
+        self.assertCountEqual(rfcs[8].tags.all(), [])
+        self.assertIsNone(rfcs[8].docevent_set.first())  # no change
+
+        self.assertCountEqual(rfcs[9].tags.all(), [])
+        self.assertIsNone(rfcs[9].docevent_set.first())  # no change
+
+        # return value: only RFCs whose tags actually changed
+        # rfcs[0], rfcs[1], rfcs[8], rfcs[9] had no tag changes
+        for unchanged_rfc in (rfcs[0], rfcs[1], rfcs[8], rfcs[9]):
+            self.assertNotIn(unchanged_rfc.rfc_number, changed)
+        # rfcs[2..7] had tag changes
+        for changed_rfc in rfcs[2:8]:
+            self.assertIn(changed_rfc.rfc_number, changed)
+
+    @override_settings(ERRATA_JSON_BLOB_NAME="myblob.json")
+    @mock.patch("ietf.sync.errata.get_errata_last_updated")
+    def test_update_errata_dirty_time(self, mock_last_updated):
+        ERRATA_SLUG = DirtyBits.Slugs.ERRATA
+        
+        # No time available
+        mock_last_updated.side_effect = FileNotFoundError
+        self.assertIsNone(DirtyBits.objects.filter(slug=ERRATA_SLUG).first())
+        self.assertIsNone(update_errata_dirty_time())  # no blob yet
+        self.assertIsNone(DirtyBits.objects.filter(slug=ERRATA_SLUG).first())
+
+        # Now set a time
+        first_timestamp = timezone.now() - datetime.timedelta(hours=3)
+        mock_last_updated.return_value = first_timestamp
+        mock_last_updated.side_effect = None
+        result = update_errata_dirty_time()
+        self.assertTrue(isinstance(result, DirtyBits))
+        result.refresh_from_db()
+        self.assertEqual(result.slug, ERRATA_SLUG)
+        self.assertEqual(result.processed_time, None)
+        self.assertEqual(result.dirty_time, first_timestamp)
+        
+        # Update the time
+        second_timestamp = timezone.now()
+        mock_last_updated.return_value = second_timestamp
+        second_result = update_errata_dirty_time()
+        self.assertEqual(result.pk, second_result.pk)  # should be the same record
+        result.refresh_from_db()
+        self.assertEqual(result.slug, ERRATA_SLUG)
+        self.assertEqual(result.processed_time, None)
+        self.assertEqual(result.dirty_time, second_timestamp)
+
+    def test_mark_errata_as_processed(self):
+        ERRATA_SLUG = DirtyBits.Slugs.ERRATA
+        first_timestamp = timezone.now()
+        mark_errata_as_processed(first_timestamp)  # no DirtyBits is not an error
+        self.assertIsNone(DirtyBits.objects.filter(slug=ERRATA_SLUG).first())
+        dbits = DirtyBits.objects.create(slug=ERRATA_SLUG, dirty_time=first_timestamp)
+        second_timestamp = timezone.now()
+        mark_errata_as_processed(second_timestamp)
+        dbits.refresh_from_db()
+        self.assertEqual(dbits.dirty_time, first_timestamp)
+        self.assertEqual(dbits.processed_time, second_timestamp)
+        
+
 class TaskTests(TestCase):
     @override_settings(
         RFC_EDITOR_INDEX_URL="https://rfc-editor.example.com/index/",
@@ -1214,4 +1406,30 @@ def test_load_rfcs_into_blobdb_task(
         self.assertEqual(mock_args, ([3261, 3262, 3263],))
         self.assertEqual(mock_kwargs, {})
 
+    @mock.patch("ietf.sync.tasks.update_rfc_json_task.delay")
+    @mock.patch("ietf.sync.tasks.update_errata_from_rfceditor")
+    @mock.patch("ietf.sync.tasks.mark_rfcindex_as_dirty")
+    @mock.patch("ietf.sync.tasks.mark_errata_as_processed")
+    @mock.patch("ietf.sync.tasks.errata_are_dirty")
+    def test_update_errata_from_rfceditor_task(
+        self,
+        mock_errata_are_dirty,
+        mock_mark_errata_processed,
+        mock_mark_rfcindex_dirty,
+        mock_update,
+        mock_rfc_json_delay,
+    ):
+        mock_errata_are_dirty.return_value = False
+        update_errata_from_rfceditor_task()
+        self.assertTrue(mock_errata_are_dirty.called)
+        self.assertFalse(mock_mark_errata_processed.called)
+        self.assertFalse(mock_mark_rfcindex_dirty.called)
+        self.assertFalse(mock_update.called)
 
+        mock_errata_are_dirty.reset_mock()
+        mock_errata_are_dirty.return_value = True
+        update_errata_from_rfceditor_task()
+        self.assertTrue(mock_errata_are_dirty.called)
+        self.assertTrue(mock_mark_errata_processed.called)
+        self.assertTrue(mock_mark_rfcindex_dirty.called)
+        self.assertTrue(mock_update.called)
diff --git a/ietf/sync/tests_rfcindex.py b/ietf/sync/tests_rfcindex.py
new file mode 100644
index 0000000000..226b41af94
--- /dev/null
+++ b/ietf/sync/tests_rfcindex.py
@@ -0,0 +1,506 @@
+# Copyright The IETF Trust 2026, All Rights Reserved
+import json
+import re
+from pathlib import Path
+from unittest import mock
+
+from django.conf import settings
+from django.core.files.base import ContentFile
+from django.core.files.storage import storages
+from django.test.utils import override_settings
+from lxml import etree
+
+from ietf.doc.factories import (
+    BcpFactory,
+    FyiFactory,
+    StdFactory,
+    IndividualRfcFactory,
+    PublishedRfcDocEventFactory,
+)
+from ietf.name.models import DocTagName
+from ietf.sync.rfcindex import (
+    create_bcp_txt_index,
+    create_fyi_txt_index,
+    create_rfc_txt_index,
+    create_rfc_xml_index,
+    create_std_txt_index,
+    format_rfc_number,
+    get_april1_rfc_numbers,
+    get_publication_std_levels,
+    get_unusable_rfc_numbers,
+    red_bucket_input_path,
+    red_bucket_output_path,
+    save_to_filesystem,
+    save_to_red_bucket,
+    subseries_text_line,
+)
+from ietf.utils.test_utils import TestCase
+
+
+class RfcIndexTests(TestCase):
+    """Tests of rfc-index generation
+
+    Tests are limited and should cover more cases. Needs:
+      * test of subseries docs
+      * test of related docs (obsoletes/updates + reverse directions)
+      * more thorough validation of index contents
+
+    Be careful when calling create_rfc_txt_index() or create_rfc_xml_index(). These
+    will save to a storage by default, which can introduce cross-talk between tests.
+    Best to patch that method with a mock.
+    """
+
+    def setUp(self):
+        super().setUp()
+        red_bucket = storages["red_bucket"]
+
+        # Create an unused RFC number
+        red_bucket.save(
+            "input/unusable-rfc-numbers.json",
+            ContentFile(json.dumps([{"number": 123, "comment": ""}])),
+        )
+
+        # actual April 1 RFC
+        self.april_fools_rfc = PublishedRfcDocEventFactory(
+            time="2020-04-01T12:00:00Z",
+            doc=IndividualRfcFactory(
+                name="rfc4560",
+                rfc_number=4560,
+                stream_id="ise",
+                std_level_id="inf",
+            ),
+        ).doc
+        # Set up a JSON file to flag the April 1 RFC
+        red_bucket.save(
+            "input/april-first-rfc-numbers.json",
+            ContentFile(json.dumps([self.april_fools_rfc.rfc_number])),
+        )
+
+        # non-April Fools RFC that happens to have been published on April 1
+        self.rfc = PublishedRfcDocEventFactory(
+            time="2021-04-01T12:00:00Z",
+            doc__name="rfc10000",
+            doc__rfc_number=10000,
+            doc__std_level_id="std",
+        ).doc
+        self.rfc.tags.add(DocTagName.objects.get(slug="errata"))
+
+        # Create a BCP with non-April Fools RFC
+        self.bcp = BcpFactory(contains=[self.rfc], name="bcp11")
+
+        # Create a STD with non-April Fools RFC
+        self.std = StdFactory(contains=[self.rfc], name="std11")
+
+        # Create a FYI with non-April Fools RFC
+        self.fyi = FyiFactory(contains=[self.rfc], name="fyi11")
+
+        # Set up a publication-std-levels.json file to indicate the publication
+        # standard of self.rfc as different from its current value
+        red_bucket.save(
+            "input/publication-std-levels.json",
+            ContentFile(
+                json.dumps(
+                    [{"number": self.rfc.rfc_number, "publication_std_level": "ps"}]
+                )
+            ),
+        )
+
+    def tearDown(self):
+        red_bucket = storages["red_bucket"]
+        red_bucket.delete("input/unusable-rfc-numbers.json")
+        red_bucket.delete("input/april-first-rfc-numbers.json")
+        red_bucket.delete("input/publication-std-levels.json")
+        super().tearDown()
+
+    @override_settings(RFCINDEX_INPUT_PATH="input/")
+    @mock.patch("ietf.sync.rfcindex.save_to_filesystem")
+    @mock.patch("ietf.sync.rfcindex.save_to_red_bucket")
+    def test_create_rfc_txt_index(self, mock_save_blob, mock_save_file):
+        create_rfc_txt_index()
+        self.assertEqual(mock_save_blob.call_count, 1)
+        self.assertEqual(mock_save_blob.call_args[0][0], "rfc-index.txt")
+        contents = mock_save_blob.call_args[0][1]
+
+        self.assertEqual(mock_save_file.call_count, 1)
+        self.assertEqual(mock_save_file.call_args, mock.call("rfc-index.txt", contents))
+
+        self.assertTrue(isinstance(contents, str))
+        self.assertIn(
+            "123 Not Issued.",
+            contents,
+        )
+        # No zero prefix!
+        self.assertNotIn(
+            "0123 Not Issued.",
+            contents,
+        )
+
+        # strip whitespace so line breaks don't interfere with the next few tests
+        stripped_contents = re.sub(r"\s+", " ", mock_save_blob.call_args[0][1])
+        self.assertIn(
+            f"{self.april_fools_rfc.rfc_number} {self.april_fools_rfc.title}",
+            stripped_contents,
+        )
+        # "1 April 2020" may be split across a line wrap (e.g. "1 April\n     2020")
+        # when the randomly-generated title is long enough to push the date off the line.
+        # assertRegex handles both wrapped and non-wrapped cases explicitly.
+        self.assertRegex(contents, r"1\s+April\s+2020")  # from the April 1 RFC
+        self.assertIn(
+            f"{self.rfc.rfc_number} {self.rfc.title}",
+            stripped_contents,
+        )
+        self.assertIn("April 2021", stripped_contents)  # from the non-April 1 RFC
+        self.assertNotIn("1 April 2021", stripped_contents)
+
+    @override_settings(RFCINDEX_INPUT_PATH="input/")
+    @mock.patch("ietf.sync.rfcindex.save_to_filesystem")
+    @mock.patch("ietf.sync.rfcindex.save_to_red_bucket")
+    def test_create_rfc_xml_index(self, mock_save_blob, mock_save_file):
+        create_rfc_xml_index()
+        self.assertEqual(mock_save_blob.call_count, 1)
+        self.assertEqual(mock_save_blob.call_args[0][0], "rfc-index.xml")
+        contents = mock_save_blob.call_args[0][1]
+
+        self.assertEqual(mock_save_file.call_count, 1)
+        self.assertEqual(mock_save_file.call_args, mock.call("rfc-index.xml", contents))
+
+        self.assertTrue(isinstance(contents, bytes))
+        ns = "{https://www.rfc-editor.org/rfc-index}"  # NOT an f-string
+        index = etree.fromstring(contents)
+
+        # We can aspire to validating the schema - currently does not conform because
+        # XSD expects 4-digit RFC numbers (etc).
+        #
+        # xmlschema = etree.XMLSchema(etree.fromstring(
+        #     Path(__file__).with_name("rfc-index.xsd").read_bytes())
+        # )
+        # xmlschema.assertValid(index)
+
+        children = list(index)  # elements as list
+        # Should be one rfc-not-issued-entry
+        self.assertEqual(len(children), 16)
+        self.assertEqual(
+            [
+                c.find(f"{ns}doc-id").text
+                for c in children
+                if c.tag == f"{ns}rfc-not-issued-entry"
+            ],
+            ["RFC123"],
+        )
+        # Should be two rfc-entries
+        rfc_entries = {
+            c.find(f"{ns}doc-id").text: c for c in children if c.tag == f"{ns}rfc-entry"
+        }
+
+        # Check the April Fool's entry
+        april_fools_entry = rfc_entries[self.april_fools_rfc.name.upper()]
+        self.assertEqual(
+            april_fools_entry.find(f"{ns}title").text,
+            self.april_fools_rfc.title,
+        )
+        self.assertEqual(
+            [(c.tag, c.text) for c in april_fools_entry.find(f"{ns}date")],
+            [(f"{ns}month", "April"), (f"{ns}day", "1"), (f"{ns}year", "2020")],
+        )
+        self.assertEqual(
+            april_fools_entry.find(f"{ns}current-status").text,
+            "INFORMATIONAL",
+        )
+        self.assertEqual(
+            april_fools_entry.find(f"{ns}publication-status").text,
+            "UNKNOWN",
+        )
+
+        # Check the Regular entry
+        rfc_entry = rfc_entries[self.rfc.name.upper()]
+        self.assertEqual(rfc_entry.find(f"{ns}title").text, self.rfc.title)
+        self.assertEqual(
+            rfc_entry.find(f"{ns}current-status").text, "INTERNET STANDARD"
+        )
+        self.assertEqual(
+            rfc_entry.find(f"{ns}publication-status").text, "PROPOSED STANDARD"
+        )
+        self.assertEqual(
+            [(c.tag, c.text) for c in rfc_entry.find(f"{ns}date")],
+            [(f"{ns}month", "April"), (f"{ns}year", "2021")],
+        )
+
+    @override_settings(RFCINDEX_INPUT_PATH="input/")
+    @mock.patch("ietf.sync.rfcindex.save_to_filesystem")
+    @mock.patch("ietf.sync.rfcindex.save_to_red_bucket")
+    def test_create_bcp_txt_index(self, mock_save_blob, mock_save_file):
+        create_bcp_txt_index()
+        self.assertEqual(mock_save_blob.call_count, 1)
+        self.assertEqual(mock_save_blob.call_args[0][0], "bcp-index.txt")
+        contents = mock_save_blob.call_args[0][1]
+
+        self.assertEqual(mock_save_file.call_count, 1)
+        self.assertEqual(
+            mock_save_file.call_args,
+            mock.call("bcp-index.txt", contents, ["bcp"]),
+        )
+
+        self.assertTrue(isinstance(contents, str))
+        # starts from 1
+        self.assertIn(
+            "[BCP1]",
+            contents,
+        )
+        # fill up to 11
+        self.assertIn(
+            "[BCP10]",
+            contents,
+        )
+        # but not to 12
+        self.assertNotIn(
+            "[BCP12]",
+            contents,
+        )
+        # Test empty BCPs
+        self.assertIn(
+            "Best Current Practice 9 currently contains no RFCs",
+            contents,
+        )
+        # No zero prefix!
+        self.assertNotIn(
+            "[BCP0001]",
+            contents,
+        )
+        # Has BCP11 with a RFC
+        self.assertIn(
+            "Best Current Practice 11,",
+            contents,
+        )
+        self.assertIn(
+            f'"{self.rfc.title}"',
+            contents,
+        )
+        self.assertIn(
+            "BCP 11,",
+            contents,
+        )
+        self.assertIn(
+            f"RFC {self.rfc.rfc_number},",
+            contents,
+        )
+
+    @override_settings(RFCINDEX_INPUT_PATH="input/")
+    @mock.patch("ietf.sync.rfcindex.save_to_filesystem")
+    @mock.patch("ietf.sync.rfcindex.save_to_red_bucket")
+    def test_create_std_txt_index(self, mock_save_blob, mock_save_file):
+        create_std_txt_index()
+        self.assertEqual(mock_save_blob.call_count, 1)
+        self.assertEqual(mock_save_blob.call_args[0][0], "std-index.txt")
+        contents = mock_save_blob.call_args[0][1]
+
+        self.assertEqual(mock_save_file.call_count, 1)
+        self.assertEqual(
+            mock_save_file.call_args,
+            mock.call("std-index.txt", contents, ["std"]),
+        )
+
+        self.assertTrue(isinstance(contents, str))
+        # starts from 1
+        self.assertIn(
+            "[STD1]",
+            contents,
+        )
+        # fill up to 11
+        self.assertIn(
+            "[STD10]",
+            contents,
+        )
+        # but not to 12
+        self.assertNotIn(
+            "[STD12]",
+            contents,
+        )
+        # Test empty STDs
+        self.assertIn(
+            "Internet Standard 9 currently contains no RFCs",
+            contents,
+        )
+        # No zero prefix!
+        self.assertNotIn(
+            "[STD0001]",
+            contents,
+        )
+        # Has STD11 with a RFC
+        self.assertIn(
+            "Internet Standard 11,",
+            contents,
+        )
+        self.assertIn(
+            f'"{self.rfc.title}"',
+            contents,
+        )
+        self.assertIn(
+            "STD 11,",
+            contents,
+        )
+        self.assertIn(
+            f"RFC {self.rfc.rfc_number},",
+            contents,
+        )
+
+    @override_settings(RFCINDEX_INPUT_PATH="input/")
+    @mock.patch("ietf.sync.rfcindex.save_to_filesystem")
+    @mock.patch("ietf.sync.rfcindex.save_to_red_bucket")
+    def test_create_fyi_txt_index(self, mock_save_blob, mock_save_file):
+        create_fyi_txt_index()
+        self.assertEqual(mock_save_blob.call_count, 1)
+        self.assertEqual(mock_save_blob.call_args[0][0], "fyi-index.txt")
+        contents = mock_save_blob.call_args[0][1]
+
+        self.assertEqual(mock_save_file.call_count, 1)
+        self.assertEqual(
+            mock_save_file.call_args,
+            mock.call("fyi-index.txt", contents, ["fyi"]),
+        )
+
+        self.assertTrue(isinstance(contents, str))
+        # starts from 1
+        self.assertIn(
+            "[FYI1]",
+            contents,
+        )
+        # fill up to 11
+        self.assertIn(
+            "[FYI10]",
+            contents,
+        )
+        # but not to 12
+        self.assertNotIn(
+            "[FYI12]",
+            contents,
+        )
+        # Test empty FYIs
+        self.assertIn(
+            "For Your Information 9 currently contains no RFCs",
+            contents,
+        )
+        # No zero prefix!
+        self.assertNotIn(
+            "[FYI0001]",
+            contents,
+        )
+        # Has FYI11 with a RFC
+        self.assertIn(
+            "For Your Information 11,",
+            contents,
+        )
+        self.assertIn(
+            f'"{self.rfc.title}"',
+            contents,
+        )
+        self.assertIn(
+            "FYI 11,",
+            contents,
+        )
+        self.assertIn(
+            f"RFC {self.rfc.rfc_number},",
+            contents,
+        )
+
+
+@override_settings(RFCINDEX_INPUT_PATH="input/", RFCINDEX_OUTPUT_PATH="output/")
+class HelperTests(TestCase):
+    INPUT_PATH = "input"
+    OUTPUT_PATH = "output"
+
+    def test_format_rfc_number(self):
+        self.assertEqual(format_rfc_number(10), "10")
+        with override_settings(RFCINDEX_MATCH_LEGACY_XML=True):
+            self.assertEqual(format_rfc_number(10), "0010")
+
+    def test_red_bucket_input_path(self):
+        with override_settings(RFCINDEX_INPUT_PATH="bar"):
+            self.assertEqual(red_bucket_input_path("foo"), "bar/foo")
+        with override_settings(RFCINDEX_INPUT_PATH="bar/"):
+            self.assertEqual(red_bucket_input_path("foo"), "bar/foo")
+
+    def test_red_bucket_output_path(self):
+        self.assertEqual(red_bucket_input_path("foo"), f"{self.INPUT_PATH}/foo")
+        with override_settings(RFCINDEX_OUTPUT_PATH="bar"):
+            self.assertEqual(red_bucket_output_path("foo"), "bar/foo")
+        with override_settings(RFCINDEX_OUTPUT_PATH="bar/"):
+            self.assertEqual(red_bucket_output_path("foo"), "bar/foo")
+
+    def test_save_to_red_bucket(self):
+        red_bucket = storages["red_bucket"]
+        with override_settings(RFCINDEX_DELETE_THEN_WRITE=False):
+            save_to_red_bucket("test", "contents \U0001f600")
+        # Read as binary and explicitly decode to confirm encoding
+        with red_bucket.open(f"{self.OUTPUT_PATH}/test", "rb") as f:
+            self.assertEqual(f.read().decode("utf-8"), "contents \U0001f600")
+        with override_settings(RFCINDEX_DELETE_THEN_WRITE=True):
+            save_to_red_bucket("test", "new contents \U0001fae0".encode("utf-8"))
+        # Read as binary and explicitly decode to confirm encoding
+        with red_bucket.open(f"{self.OUTPUT_PATH}/test", "rb") as f:
+            self.assertEqual(f.read().decode("utf-8"), "new contents \U0001fae0")
+        red_bucket.delete(f"{self.OUTPUT_PATH}/test")  # clean up like a good child
+        # check that we can override the path
+        with override_settings(RFCINDEX_OUTPUT_PATH="fruit"):
+            save_to_red_bucket("test", "content")
+        self.assertTrue(red_bucket.exists("fruit/test"))
+        red_bucket.delete("fruit/test")  # clean up like a good child
+
+    def test_save_to_filesystem(self):
+        rfc_path = Path(settings.RFC_PATH)
+        self.assertFalse((rfc_path / "test").exists())
+        save_to_filesystem("test", "contents \U0001f600")
+        self.assertEqual((rfc_path / "test").read_text("utf-8"), "contents \U0001f600")
+        self.assertFalse((rfc_path / "subdir" / "test").exists())
+
+        self.assertFalse((rfc_path / "test2").exists())
+        self.assertFalse((rfc_path / "subdir" / "test2").exists())
+        save_to_filesystem("test", "contents \U0001f600".encode("utf-8"), ["subdir"])
+        self.assertEqual((rfc_path / "test").read_text("utf-8"), "contents \U0001f600")
+        self.assertEqual(
+            (rfc_path / "subdir" / "test").read_text("utf-8"), "contents \U0001f600"
+        )
+        self.assertEqual(
+            (rfc_path / "test").stat().st_mtime,
+            (rfc_path / "subdir" / "test").stat().st_mtime,
+        )
+
+    def test_get_unusable_rfc_numbers_raises(self):
+        """get_unusable_rfc_numbers should bail on errors"""
+        with self.assertRaises(FileNotFoundError):
+            get_unusable_rfc_numbers()
+        red_bucket = storages["red_bucket"]
+        red_bucket.save(
+            f"{self.INPUT_PATH}/unusable-rfc-numbers.json", ContentFile("not json")
+        )
+        with self.assertRaises(json.JSONDecodeError):
+            get_unusable_rfc_numbers()
+        red_bucket.delete(f"{self.INPUT_PATH}/unusable-rfc-numbers.json")
+
+    def test_get_april1_rfc_numbers_raises(self):
+        """get_april1_rfc_numbers should bail on errors"""
+        with self.assertRaises(FileNotFoundError):
+            get_april1_rfc_numbers()
+        red_bucket = storages["red_bucket"]
+        red_bucket.save(
+            f"{self.INPUT_PATH}/april-first-rfc-numbers.json", ContentFile("not json")
+        )
+        with self.assertRaises(json.JSONDecodeError):
+            get_april1_rfc_numbers()
+        red_bucket.delete(f"{self.INPUT_PATH}/april-first-rfc-numbers.json")
+
+    def test_get_publication_std_levels_raises(self):
+        """get_publication_std_levels should bail on errors"""
+        with self.assertRaises(FileNotFoundError):
+            get_publication_std_levels()
+        red_bucket = storages["red_bucket"]
+        red_bucket.save(
+            f"{self.INPUT_PATH}/publication-std-levels.json", ContentFile("not json")
+        )
+        with self.assertRaises(json.JSONDecodeError):
+            get_publication_std_levels()
+        red_bucket.delete(f"{self.INPUT_PATH}/publication-std-levels.json")
+
+    def test_subseries_text_line(self):
+        text = "foobar"
+        self.assertEqual(subseries_text_line(line=text, first=True), f"   {text}")
+        self.assertEqual(subseries_text_line(line=text), f"              {text}")
diff --git a/ietf/sync/tests_tasks.py b/ietf/sync/tests_tasks.py
new file mode 100644
index 0000000000..edfd080079
--- /dev/null
+++ b/ietf/sync/tests_tasks.py
@@ -0,0 +1,538 @@
+# Copyright The IETF Trust 2026, All Rights Reserved
+
+import mock
+from django.test.utils import override_settings
+
+from ietf.doc.factories import WgDraftFactory
+from ietf.doc.models import (
+    DocEvent,
+    DocTagName,
+    Document,
+    DocumentURL,
+    RpcAssignmentDocEvent,
+    State,
+)
+from ietf.person.models import Person
+from ietf.sync import tasks
+from ietf.utils.mail import outbox
+from ietf.utils.test_utils import TestCase
+
+
+def _make_entry(
+    doc_name, roles=None, blocking_reasons=None, rfc_number=None, final_approval=None
+):
+    return {
+        "name": doc_name,
+        "assignment_set": [{"role": r, "state": "in_progress"} for r in (roles or [])],
+        "blocking_reasons": blocking_reasons or [],
+        "rfc_number": rfc_number,
+        "final_approval": final_approval or [],
+    }
+
+
+class ProcessRpcQueueTaskTests(TestCase):
+    def setUp(self):
+        super().setUp()
+        self.system = Person.objects.get(name="(System)")
+
+    # --- Unknown document --------------------------------------------------------
+
+    def test_unknown_document_is_skipped(self):
+        """Entries with unknown doc names are logged and skipped without raising."""
+        tasks.process_rpc_queue_task([_make_entry("draft-does-not-exist")])
+        self.assertFalse(Document.objects.filter(name="draft-does-not-exist").exists())
+
+    # --- First-arrival announcement ----------------------------------------------
+
+    def test_first_arrival_fires_announcement(self):
+        """Fires rfc_editor_received_announcement and email on first arrival."""
+        draft = WgDraftFactory(states=[("draft-iesg", "ann")])
+        mailbox_before = len(outbox)
+
+        tasks.process_rpc_queue_task([_make_entry(draft.name, roles=["first_editor"])])
+
+        draft = Document.objects.get(pk=draft.pk)
+        self.assertEqual(draft.get_state_slug("draft-iesg"), "rfcqueue")
+        self.assertTrue(
+            draft.docevent_set.filter(type="rfc_editor_received_announcement").exists()
+        )
+        self.assertEqual(len(outbox), mailbox_before + 1)
+        self.assertIn("RFC Editor queue", outbox[-1]["Subject"])
+        self.assertIn("iesg-secretary@ietf.org", outbox[-1]["To"])
+
+    def test_first_arrival_skipped_if_rfceditor_state_exists(self):
+        """No announcement when doc already has a draft-rfceditor state."""
+        draft = WgDraftFactory(states=[("draft-iesg", "ann")])
+        draft.set_state(
+            State.objects.get(used=True, type="draft-rfceditor", slug="in_progress")
+        )
+        mailbox_before = len(outbox)
+
+        tasks.process_rpc_queue_task([_make_entry(draft.name, roles=["first_editor"])])
+
+        self.assertFalse(
+            draft.docevent_set.filter(type="rfc_editor_received_announcement").exists()
+        )
+        self.assertEqual(len(outbox), mailbox_before)
+
+    def test_first_arrival_skipped_if_announcement_event_exists(self):
+        """No duplicate announcement when rfc_editor_received_announcement already exists."""
+        draft = WgDraftFactory(states=[("draft-iesg", "ann")])
+        DocEvent.objects.create(
+            doc=draft,
+            rev=draft.rev,
+            by=self.system,
+            type="rfc_editor_received_announcement",
+            desc="Announcement was received by RFC Editor",
+        )
+        mailbox_before = len(outbox)
+
+        tasks.process_rpc_queue_task([_make_entry(draft.name)])
+
+        self.assertEqual(
+            draft.docevent_set.filter(type="rfc_editor_received_announcement").count(),
+            1,
+        )
+        self.assertEqual(len(outbox), mailbox_before)
+
+    def test_first_arrival_skipped_if_not_ann_iesg_state(self):
+        """No announcement when IESG state is not 'ann'."""
+        draft = WgDraftFactory(states=[("draft-iesg", "rfcqueue")])
+        mailbox_before = len(outbox)
+
+        tasks.process_rpc_queue_task([_make_entry(draft.name, roles=["first_editor"])])
+
+        self.assertFalse(
+            draft.docevent_set.filter(type="rfc_editor_received_announcement").exists()
+        )
+        self.assertEqual(len(outbox), mailbox_before)
+
+    # --- draft-rfceditor state transitions ---------------------------------------
+
+    def test_sets_in_progress_state(self):
+        """Non-blocked assignment results in in_progress draft-rfceditor state."""
+        draft = WgDraftFactory()
+
+        tasks.process_rpc_queue_task([_make_entry(draft.name, roles=["first_editor"])])
+
+        draft = Document.objects.get(pk=draft.pk)
+        self.assertEqual(draft.get_state_slug("draft-rfceditor"), "in_progress")
+
+    def test_sets_blocked_state(self):
+        """Assignment with role='blocked' results in blocked draft-rfceditor state."""
+        draft = WgDraftFactory()
+
+        tasks.process_rpc_queue_task(
+            [
+                {
+                    "name": draft.name,
+                    "assignment_set": [{"role": "blocked", "state": "in_progress"}],
+                    "blocking_reasons": [],
+                    "rfc_number": None,
+                    "final_approval": [],
+                }
+            ]
+        )
+
+        draft = Document.objects.get(pk=draft.pk)
+        self.assertEqual(draft.get_state_slug("draft-rfceditor"), "blocked")
+
+    def test_no_state_change_event_when_state_unchanged(self):
+        """No state-change DocEvent created when draft-rfceditor state is already correct."""
+        draft = WgDraftFactory(states=[("draft-rfceditor", "in_progress")])
+        events_before = draft.docevent_set.filter(type="changed_state").count()
+
+        tasks.process_rpc_queue_task([_make_entry(draft.name, roles=["first_editor"])])
+
+        self.assertEqual(
+            draft.docevent_set.filter(type="changed_state").count(), events_before
+        )
+
+    def test_state_change_event_created_on_transition(self):
+        """State-change DocEvent is created when draft-rfceditor state changes."""
+        draft = WgDraftFactory(states=[("draft-rfceditor", "in_progress")])
+
+        tasks.process_rpc_queue_task(
+            [
+                {
+                    "name": draft.name,
+                    "assignment_set": [{"role": "blocked", "state": "in_progress"}],
+                    "blocking_reasons": [],
+                    "rfc_number": None,
+                    "final_approval": [],
+                }
+            ]
+        )
+
+        self.assertTrue(draft.docevent_set.filter(type="changed_state").exists())
+        draft = Document.objects.get(pk=draft.pk)
+        self.assertEqual(draft.get_state_slug("draft-rfceditor"), "blocked")
+
+    # --- RpcAssignmentDocEvent ---------------------------------------------------
+
+    def test_creates_assignment_event_on_first_update(self):
+        """Creates RpcAssignmentDocEvent when no prior event exists."""
+        draft = WgDraftFactory()
+
+        tasks.process_rpc_queue_task(
+            [_make_entry(draft.name, roles=["first_editor", "second_editor"])]
+        )
+
+        event = draft.latest_event(
+            RpcAssignmentDocEvent, type="changed_rpc_assignments"
+        )
+        self.assertIsNotNone(event)
+        self.assertEqual(event.assignments, "first_editor, second_editor")
+
+    def test_no_assignment_event_when_unchanged(self):
+        """No new RpcAssignmentDocEvent when assignments match the last recorded ones."""
+        draft = WgDraftFactory()
+        RpcAssignmentDocEvent.objects.create(
+            doc=draft,
+            rev=draft.rev,
+            by=self.system,
+            type="changed_rpc_assignments",
+            assignments="first_editor",
+            desc="RPC status changed to first_editor",
+        )
+        events_before = RpcAssignmentDocEvent.objects.filter(doc=draft).count()
+
+        tasks.process_rpc_queue_task([_make_entry(draft.name, roles=["first_editor"])])
+
+        self.assertEqual(
+            RpcAssignmentDocEvent.objects.filter(doc=draft).count(), events_before
+        )
+
+    def test_assignment_desc_includes_previous_assignments(self):
+        """Assignment event desc includes previous assignments when they exist."""
+        draft = WgDraftFactory()
+        RpcAssignmentDocEvent.objects.create(
+            doc=draft,
+            rev=draft.rev,
+            by=self.system,
+            type="changed_rpc_assignments",
+            assignments="first_editor",
+            desc="RPC status changed to first_editor",
+        )
+
+        tasks.process_rpc_queue_task([_make_entry(draft.name, roles=["second_editor"])])
+
+        event = draft.latest_event(
+            RpcAssignmentDocEvent, type="changed_rpc_assignments"
+        )
+        self.assertIn("from first_editor", event.desc)
+
+    def test_blocking_reasons_appended_to_assignments(self):
+        """Blocking reason names are appended after ':' in the assignment string, sorted."""
+        draft = WgDraftFactory()
+
+        tasks.process_rpc_queue_task(
+            [
+                {
+                    "name": draft.name,
+                    "assignment_set": [{"role": "blocked", "state": "in_progress"}],
+                    "blocking_reasons": [
+                        {"reason": {"name": "missing reference"}},
+                    ],
+                    "rfc_number": None,
+                    "final_approval": [],
+                }
+            ]
+        )
+
+        event = draft.latest_event(
+            RpcAssignmentDocEvent, type="changed_rpc_assignments"
+        )
+        self.assertIsNotNone(event)
+        self.assertEqual(event.assignments, "blocked: missing reference")
+
+    def test_roles_sorted_in_assignment_string(self):
+        """Roles are sorted alphabetically in the assignment string."""
+        draft = WgDraftFactory()
+
+        tasks.process_rpc_queue_task(
+            [_make_entry(draft.name, roles=["second_editor", "first_editor"])]
+        )
+
+        event = draft.latest_event(
+            RpcAssignmentDocEvent, type="changed_rpc_assignments"
+        )
+        self.assertEqual(event.assignments, "first_editor, second_editor")
+
+    def test_empty_roles_uses_awaiting_editor_assignment(self):
+        """Empty assignment_set records 'Awaiting Editor Assignment' rather than an empty string."""
+        draft = WgDraftFactory()
+
+        tasks.process_rpc_queue_task([_make_entry(draft.name)])
+
+        event = draft.latest_event(
+            RpcAssignmentDocEvent, type="changed_rpc_assignments"
+        )
+        self.assertIsNotNone(event)
+        self.assertEqual(event.assignments, "Awaiting Editor Assignment")
+
+    # --- DocumentURL (auth48) handling -------------------------------------------
+
+    @override_settings(RFC_EDITOR_QUEUE_SITE_BASE_URL="https://queue.example.com")
+    def test_auth48_url_created_on_final_approval(self):
+        """auth48 DocumentURL is created when final_approval is truthy and rfc_number is set."""
+        draft = WgDraftFactory()
+
+        tasks.process_rpc_queue_task(
+            [
+                {
+                    "name": draft.name,
+                    "assignment_set": [
+                        {"role": "first_editor", "state": "in_progress"}
+                    ],
+                    "blocking_reasons": [],
+                    "rfc_number": 9999,
+                    "final_approval": [{"approved": True}],
+                }
+            ]
+        )
+
+        url_obj = draft.documenturl_set.filter(tag_id="auth48").first()
+        self.assertIsNotNone(url_obj)
+        self.assertEqual(url_obj.url, "https://queue.example.com/final-review/rfc9999/")
+
+    @override_settings(RFC_EDITOR_QUEUE_SITE_BASE_URL="https://queue.example.com")
+    def test_auth48_url_not_created_without_rfc_number(self):
+        """No auth48 URL created when rfc_number is None even if final_approval is set."""
+        draft = WgDraftFactory()
+
+        tasks.process_rpc_queue_task(
+            [
+                {
+                    "name": draft.name,
+                    "assignment_set": [
+                        {"role": "first_editor", "state": "in_progress"}
+                    ],
+                    "blocking_reasons": [],
+                    "rfc_number": None,
+                    "final_approval": [{"approved": True}],
+                }
+            ]
+        )
+
+        self.assertFalse(draft.documenturl_set.filter(tag_id="auth48").exists())
+
+    @override_settings(RFC_EDITOR_QUEUE_SITE_BASE_URL="https://queue.example.com")
+    def test_auth48_url_deleted_when_final_approval_cleared(self):
+        """Existing auth48 URL is deleted whenever final_approval is empty, regardless of whether assignments changed."""
+        draft = WgDraftFactory()
+        DocumentURL.objects.create(
+            doc=draft,
+            tag_id="auth48",
+            url="https://queue.example.com/final-review/rfc9999/",
+        )
+        RpcAssignmentDocEvent.objects.create(
+            doc=draft,
+            rev=draft.rev,
+            by=self.system,
+            type="changed_rpc_assignments",
+            assignments="old_editor",
+            desc="RPC status changed to old_editor",
+        )
+
+        tasks.process_rpc_queue_task([_make_entry(draft.name, roles=["first_editor"])])
+
+        self.assertFalse(draft.documenturl_set.filter(tag_id="auth48").exists())
+
+    @override_settings(RFC_EDITOR_QUEUE_SITE_BASE_URL="https://queue.example.com")
+    def test_auth48_url_updated_when_rfc_number_changes(self):
+        """auth48 URL is updated whenever final_approval and rfc_number are set, regardless of whether assignments changed."""
+        draft = WgDraftFactory()
+        DocumentURL.objects.create(
+            doc=draft,
+            tag_id="auth48",
+            url="https://queue.example.com/final-review/rfc8888/",
+        )
+        RpcAssignmentDocEvent.objects.create(
+            doc=draft,
+            rev=draft.rev,
+            by=self.system,
+            type="changed_rpc_assignments",
+            assignments="old_editor",
+            desc="RPC status changed to old_editor",
+        )
+
+        tasks.process_rpc_queue_task(
+            [
+                {
+                    "name": draft.name,
+                    "assignment_set": [
+                        {"role": "first_editor", "state": "in_progress"}
+                    ],
+                    "blocking_reasons": [],
+                    "rfc_number": 9999,
+                    "final_approval": [{"approved": True}],
+                }
+            ]
+        )
+
+        url_obj = draft.documenturl_set.filter(tag_id="auth48").first()
+        self.assertIsNotNone(url_obj)
+        self.assertEqual(url_obj.url, "https://queue.example.com/final-review/rfc9999/")
+
+    @override_settings(RFC_EDITOR_QUEUE_SITE_BASE_URL="https://queue.example.com")
+    def test_auth48_url_created_when_assignments_unchanged(self):
+        """auth48 URL is created even when assignments have not changed."""
+        draft = WgDraftFactory()
+        RpcAssignmentDocEvent.objects.create(
+            doc=draft,
+            rev=draft.rev,
+            by=self.system,
+            type="changed_rpc_assignments",
+            assignments="first_editor",
+            desc="RPC status changed to first_editor",
+        )
+
+        tasks.process_rpc_queue_task(
+            [
+                {
+                    "name": draft.name,
+                    "assignment_set": [
+                        {"role": "first_editor", "state": "in_progress"}
+                    ],
+                    "blocking_reasons": [],
+                    "rfc_number": 9999,
+                    "final_approval": [{"approved": True}],
+                }
+            ]
+        )
+
+        url_obj = draft.documenturl_set.filter(tag_id="auth48").first()
+        self.assertIsNotNone(url_obj)
+        self.assertEqual(url_obj.url, "https://queue.example.com/final-review/rfc9999/")
+
+    @override_settings(RFC_EDITOR_QUEUE_SITE_BASE_URL="https://queue.example.com")
+    def test_auth48_url_deleted_when_assignments_unchanged(self):
+        """Existing auth48 URL is deleted even when assignments have not changed."""
+        draft = WgDraftFactory()
+        DocumentURL.objects.create(
+            doc=draft,
+            tag_id="auth48",
+            url="https://queue.example.com/final-review/rfc9999/",
+        )
+        RpcAssignmentDocEvent.objects.create(
+            doc=draft,
+            rev=draft.rev,
+            by=self.system,
+            type="changed_rpc_assignments",
+            assignments="first_editor",
+            desc="RPC status changed to first_editor",
+        )
+
+        tasks.process_rpc_queue_task([_make_entry(draft.name, roles=["first_editor"])])
+
+        self.assertFalse(draft.documenturl_set.filter(tag_id="auth48").exists())
+
+    # --- Tag handling ------------------------------------------------------------
+
+    def test_removes_iana_and_ref_tags_from_queued_docs(self):
+        """iana and ref tags are removed from documents in the queue."""
+        iana_tag = DocTagName.objects.get(slug="iana")
+        ref_tag = DocTagName.objects.get(slug="ref")
+        draft = WgDraftFactory()
+        draft.tags.add(iana_tag, ref_tag)
+
+        tasks.process_rpc_queue_task([_make_entry(draft.name)])
+
+        draft = Document.objects.get(pk=draft.pk)
+        self.assertNotIn(iana_tag, draft.tags.all())
+        self.assertNotIn(ref_tag, draft.tags.all())
+
+    # --- Cleanup of docs no longer in queue --------------------------------------
+
+    def test_unsets_rfceditor_state_for_docs_not_in_queue(self):
+        """Documents with draft-rfceditor state but absent from the queue have that state cleared."""
+        draft = WgDraftFactory(states=[("draft-rfceditor", "in_progress")])
+
+        tasks.process_rpc_queue_task([])
+
+        draft = Document.objects.get(pk=draft.pk)
+        self.assertIsNone(draft.get_state("draft-rfceditor"))
+
+    def test_removes_tags_from_docs_not_in_queue(self):
+        """iana and ref tags are removed from docs with rfceditor state not in the queue."""
+        iana_tag = DocTagName.objects.get(slug="iana")
+        ref_tag = DocTagName.objects.get(slug="ref")
+        draft = WgDraftFactory(states=[("draft-rfceditor", "in_progress")])
+        draft.tags.add(iana_tag, ref_tag)
+
+        tasks.process_rpc_queue_task([])
+
+        draft = Document.objects.get(pk=draft.pk)
+        self.assertNotIn(iana_tag, draft.tags.all())
+        self.assertNotIn(ref_tag, draft.tags.all())
+
+    def test_docs_in_queue_retain_rfceditor_state(self):
+        """Documents present in the queue keep their draft-rfceditor state."""
+        draft = WgDraftFactory(states=[("draft-rfceditor", "in_progress")])
+
+        tasks.process_rpc_queue_task([_make_entry(draft.name, roles=["first_editor"])])
+
+        draft = Document.objects.get(pk=draft.pk)
+        self.assertIsNotNone(draft.get_state("draft-rfceditor"))
+
+
+class UpdateErrataFromRfcEditorTaskTests(TestCase):
+    @mock.patch("ietf.sync.tasks.update_rfc_json_task.delay")
+    @mock.patch("ietf.sync.tasks.update_errata_from_rfceditor")
+    @mock.patch("ietf.sync.tasks.mark_rfcindex_as_dirty")
+    @mock.patch("ietf.sync.tasks.mark_errata_as_processed")
+    @mock.patch("ietf.sync.tasks.errata_are_dirty")
+    def test_no_update_when_not_dirty(
+        self,
+        mock_dirty,
+        mock_mark_processed,
+        mock_mark_index,
+        mock_update,
+        mock_json_delay,
+    ):
+        """When errata are not dirty nothing runs."""
+        mock_dirty.return_value = False
+        tasks.update_errata_from_rfceditor_task()
+        mock_update.assert_not_called()
+        mock_json_delay.assert_not_called()
+
+    @mock.patch("ietf.sync.tasks.update_rfc_json_task.delay")
+    @mock.patch("ietf.sync.tasks.update_errata_from_rfceditor")
+    @mock.patch("ietf.sync.tasks.mark_rfcindex_as_dirty")
+    @mock.patch("ietf.sync.tasks.mark_errata_as_processed")
+    @mock.patch("ietf.sync.tasks.errata_are_dirty")
+    def test_json_task_called_for_changed_rfcs(
+        self,
+        mock_dirty,
+        mock_mark_processed,
+        mock_mark_index,
+        mock_update,
+        mock_json_delay,
+    ):
+        """update_rfc_json_task is dispatched with the changed RFC numbers."""
+        mock_dirty.return_value = True
+        mock_update.return_value = {3261, 9000}
+        tasks.update_errata_from_rfceditor_task()
+        mock_json_delay.assert_called_once()
+        called_numbers = mock_json_delay.call_args[0][0]
+        self.assertCountEqual(called_numbers, [3261, 9000])
+
+    @mock.patch("ietf.sync.tasks.update_rfc_json_task.delay")
+    @mock.patch("ietf.sync.tasks.update_errata_from_rfceditor")
+    @mock.patch("ietf.sync.tasks.mark_rfcindex_as_dirty")
+    @mock.patch("ietf.sync.tasks.mark_errata_as_processed")
+    @mock.patch("ietf.sync.tasks.errata_are_dirty")
+    def test_json_task_not_called_when_no_changes(
+        self,
+        mock_dirty,
+        mock_mark_processed,
+        mock_mark_index,
+        mock_update,
+        mock_json_delay,
+    ):
+        """update_rfc_json_task is not dispatched when no errata tags changed."""
+        mock_dirty.return_value = True
+        mock_update.return_value = set()
+        tasks.update_errata_from_rfceditor_task()
+        mock_json_delay.assert_not_called()
diff --git a/ietf/templates/base.html b/ietf/templates/base.html
index 25ce50c467..b0df04f30a 100644
--- a/ietf/templates/base.html
+++ b/ietf/templates/base.html
@@ -67,13 +67,17 @@
                         </a>
                     {% endif %}
 
-                    <label class="d-none d-md-block" aria-label="Document search">
-                    <input class="form-control select2-field search-select"
-                           id="navbar-doc-search"
-                           data-select2-ajax-url="{% url 'ietf.doc.views_search.ajax_select2_search_docs' model_name='document' doc_type='all' %}"
-                           type="text"
-                           data-placeholder="Document search">
-                   </label>
+                    <div class="d-none d-md-block dropdown" id="navbar-doc-search-wrapper">
+                        <input class="form-control"
+                               id="navbar-doc-search"
+                               type="text"
+                               placeholder="Document search"
+                               autocomplete="off"
+                               data-ajax-url="{% url 'ietf.doc.views_search.ajax_select2_search_docs' model_name='document' doc_type='all' %}"
+                               aria-label="Document search">
+                        <ul class="dropdown-menu" id="navbar-doc-search-results">
+                        </ul>
+                    </div>
                 </div>
                 <button class="navbar-toggler"
                         type="button"
@@ -164,11 +168,7 @@
         {% block js %}
         {% endblock %}
         <script src="{% static 'ietf/js/select2.js' %}"></script>
-        <script>
-            $('#navbar-doc-search').on('select2:select', function (e) {
-                window.location.href = e.params.data.url;
-            });
-        </script>
+        <script src="{% static 'ietf/js/navbar-doc-search.js' %}"></script>
       {% analytical_body_bottom %}
     </body>
 </html>
diff --git a/ietf/templates/base/menu.html b/ietf/templates/base/menu.html
index 8ff6e952da..b6b744ec21 100644
--- a/ietf/templates/base/menu.html
+++ b/ietf/templates/base/menu.html
@@ -1,4 +1,4 @@
-{# Copyright The IETF Trust 2015-2025, All Rights Reserved #}
+{# Copyright The IETF Trust 2015-2026, All Rights Reserved #}
 {% load origin %}
 {% origin %}
 {% load ietf_filters managed_groups wg_menu active_groups_menu group_filters cache meetings_filters %}
@@ -428,12 +428,11 @@
             Downref registry
         </a>
     </li>
-    <li>
-        <a class="dropdown-item{% if flavor != 'top' %} text-wrap{% endif %}"
-           href="{% url "ietf.stats.views.stats_index" %}">
+    <li class="dropend">
+        <a class="dropdown-item dropdown-toggle" href="#">
             Statistics
         </a>
-        <ul class="dropdown-menu {% if flavor == 'top' %}mt-n1{% else %}ms-n1{% endif %}">
+        <ul class="dropdown-menu">
             <li>
                 <a class="dropdown-item{% if flavor != 'top' %} text-wrap{% endif %}"
                    href="{% url 'ietf.stats.views.document_stats' %}">
@@ -442,18 +441,26 @@
             </li>
             <li>
                 <a class="dropdown-item{% if flavor != 'top' %} text-wrap{% endif %}"
-                   href="{% url 'ietf.stats.views.meeting_stats' %}">
+                   href="{% url 'ietf.stats.views.meetings_timeline' %}">
                     Meetings
                 </a>
             </li>
             {% if user and user.is_authenticated %}
                 <li>
                     <a class="dropdown-item{% if flavor != 'top' %} text-wrap{% endif %}"
-                       href="{% url 'ietf.stats.views.review_stats' %}">
+                       href="{% url "ietf.stats.views.review_stats" %}">
                         Reviews
                     </a>
                 </li>
             {% endif %}
+            {% if user|has_role:"LLC Staff" %}
+                <li>
+                    <a class="dropdown-item{% if flavor != 'top' %} text-wrap{% endif %}"
+                       href="{% url "ietf.stats.views.annual_report_inputs" %}">
+                        Annual report inputs
+                    </a>
+                </li>
+            {% endif %}
         </ul>
     </li>
     <li>
diff --git a/ietf/templates/doc/document_info.html b/ietf/templates/doc/document_info.html
index d6d8d43071..1666c42ae5 100644
--- a/ietf/templates/doc/document_info.html
+++ b/ietf/templates/doc/document_info.html
@@ -97,7 +97,7 @@
         <td>
             {# Implementation that uses the current primary email for each author #}
             {% if doc.pk %}{% for author in doc.author_persons_or_names %}
-                {% if author.person %}{% person_link author.person %}{% else %}{{ author.titlepage_name }}{% endif %}{% if not forloop.last %},{% endif %}
+                {% if author.person %}{% person_link author.person titlepage_name=author.titlepage_name %}{% else %}{{ author.titlepage_name }}{% endif %}{% if not forloop.last %},{% endif %}
             {% endfor %}{% endif %}
             {% if document_html and not snapshot or document_html and doc.rev == latest_rev%}
                 <br>
diff --git a/ietf/templates/doc/document_rfc.html b/ietf/templates/doc/document_rfc.html
index 7612ef8910..d4b309a964 100644
--- a/ietf/templates/doc/document_rfc.html
+++ b/ietf/templates/doc/document_rfc.html
@@ -124,6 +124,15 @@
                 </i>
                 Referenced by
             </a>
+            {% if doc.rfc_number >= settings.FIRST_V3_RFC %}
+            <a class="btn btn-primary btn-sm"
+              href="{% url 'ietf.doc.views_doc.rfcxml_notprepped_wrapper' number=doc.rfc_number %}"
+              rel="nofollow">
+              <i class="bi bi-vector-pen">
+              </i>
+              Get editor source
+            </a>
+            {% endif %}
             <a class="btn btn-primary btn-sm"
                 href="https://mailarchive.ietf.org/arch/search?q=%22{{ doc.name }}%22"
                 rel="nofollow"
diff --git a/ietf/templates/doc/draft/id_expired_email.txt b/ietf/templates/doc/draft/id_expired_email.txt
index afbf253ee2..161146a301 100644
--- a/ietf/templates/doc/draft/id_expired_email.txt
+++ b/ietf/templates/doc/draft/id_expired_email.txt
@@ -1,4 +1,4 @@
-{% autoescape off %}{{ doc.file_tag|safe }} was just expired.
+{% autoescape off %}{{ doc.file_tag|safe }} just expired.
 This Internet-Draft is in the state "{{ state }}" in the Datatracker.
 
 
diff --git a/ietf/templates/doc/draft/rfceditor_post_approved_draft_failed.html b/ietf/templates/doc/draft/rfceditor_post_approved_draft_failed.html
deleted file mode 100644
index f976ead926..0000000000
--- a/ietf/templates/doc/draft/rfceditor_post_approved_draft_failed.html
+++ /dev/null
@@ -1,26 +0,0 @@
-{% extends "base.html" %}
-{# Copyright The IETF Trust 2015, All Rights Reserved #}
-{% load origin %}
-{% block title %}Posting approved I-D to RFC Editor failed{% endblock %}
-{% block content %}
-    {% origin %}
-    <h1>Posting approved I-D to RFC Editor failed</h1>
-    <p>
-        Sorry, when trying to notify the RFC Editor through HTTP, we hit an
-        error.
-    </p>
-    <p>
-        We have not changed the Internet-Draft state or sent the announcement
-        yet so if this is an intermittent error, you can go back and try
-        again.
-    </p>
-    <p>
-        The error was: <code>{{ error }}</code>
-    </p>
-    {% if response %}
-        <p>
-            The response from the RFC Editor was:
-            <code>{{ response|linebreaksbr }}</code>
-        </p>
-    {% endif %}
-{% endblock %}
\ No newline at end of file
diff --git a/ietf/templates/doc/notprepped_wrapper.html b/ietf/templates/doc/notprepped_wrapper.html
new file mode 100644
index 0000000000..078db7bc51
--- /dev/null
+++ b/ietf/templates/doc/notprepped_wrapper.html
@@ -0,0 +1,26 @@
+{% extends "base.html" %}
+{# Copyright The IETF Trust 2026, All Rights Reserved #}
+{% load origin %}
+{% block title %}RFC {{ rfc.rfc_number }} — Not-prepped XML{% endblock %}
+{% block content %}
+    {% origin %}
+    <h1>RFC {{ rfc.rfc_number }} — Not-prepped XML</h1>
+    <p>
+        The <em>not-prepped</em> XML 
+        is the RFC XML v3 source for an RFC at the moment in the publication process
+        just before the prep tool was used to expand default
+        values, generate section numbers, resolve cross-references, and embed
+        boilerplate.  
+    </p><p>   
+        It is useful for authors who want to begin a new draft based on
+        the RFC's text, such as when creating a bis-draft, and for tools that process 
+        author-facing RFC XML.
+    </p>
+    <p>
+        <a class="btn btn-primary"
+           href="{% url 'ietf.doc.views_doc.rfcxml_notprepped' number=rfc.rfc_number %}">
+            <i class="bi bi-download"></i>
+            Download not-prepped XML for RFC {{ rfc.rfc_number }}
+        </a>
+    </p>
+{% endblock %}
diff --git a/ietf/templates/doc/search/search_result_row.html b/ietf/templates/doc/search/search_result_row.html
index 476c81f598..cb50a1b214 100644
--- a/ietf/templates/doc/search/search_result_row.html
+++ b/ietf/templates/doc/search/search_result_row.html
@@ -45,7 +45,7 @@
             </a>
         {% endfor %}
     </td>
-    <td class="doc bg-transparent">
+    <td class="doc bg-transparent" data-sort-number="{% if doc.type_id == "rfc" %}{{ doc.rfc_number }}{% else %}{{ doc.name }}{% endif %}">
         {% if doc.pages %}<small class="float-end text-body-secondary d-none d-sm-block">{{ doc.pages }} page{{ doc.pages|pluralize }}</small>{% endif %}
         <div>
             <a href="{{ doc.get_absolute_url }}">
diff --git a/ietf/templates/group/active_teams.html b/ietf/templates/group/active_teams.html
index 502d971a20..771dfda290 100644
--- a/ietf/templates/group/active_teams.html
+++ b/ietf/templates/group/active_teams.html
@@ -16,21 +16,29 @@ <h1>Active teams</h1>
                 <th scope="col" data-sort="chairs">Chairs</th>
             </tr>
         </thead>
-        <tbody>
-            {% for group in teams %}
-                <tr>
-                    <td>
-                        <a href="{% url "ietf.group.views.group_home" acronym=group.acronym %}">{{ group.acronym }}</a>
-                    </td>
-                    <td>{{ group.name }}</td>
-                    <td>
-                        {% for chair in group.chairs %}
-                            {% person_link chair.person %}{% if not forloop.last %},{% endif %}
-                        {% endfor %}
-                    </td>
-                </tr>
-            {% endfor %}
-        </tbody>
+        {% regroup teams by parent as grouped_teams %}
+        {% for group_entry in grouped_teams %}
+            <tbody>
+                <tr class="table-info"><th scope="col" colspan="3">
+                    {% if group_entry.grouper %}{{ group_entry.grouper.name }}{% else %}Other{% endif %}
+                </th></tr>
+            </tbody>
+            <tbody>
+                {% for group in group_entry.list %}
+                    <tr>
+                        <td>
+                            <a href="{% url "ietf.group.views.group_home" acronym=group.acronym %}">{{ group.acronym }}</a>
+                        </td>
+                        <td>{{ group.name }}</td>
+                        <td>
+                            {% for chair in group.chairs %}
+                                {% person_link chair.person %}{% if not forloop.last %},{% endif %}
+                            {% endfor %}
+                        </td>
+                    </tr>
+                {% endfor %}
+            </tbody>
+        {% endfor %}
     </table>
 {% endblock %}
 {% block js %}
diff --git a/ietf/templates/group/group_about.html b/ietf/templates/group/group_about.html
index cbc2e11536..0a8b9194f2 100644
--- a/ietf/templates/group/group_about.html
+++ b/ietf/templates/group/group_about.html
@@ -51,6 +51,13 @@
                         {{ group.parent.name }}
                         <a href="{% url "ietf.group.views.group_home" acronym=group.parent.acronym %}">({{ group.parent.acronym }})</a>
                     </td>
+                {% elif group.parent and group.type_id == "team" %}
+                    <th scope="row">Parent</th>
+                    <td class="edit"></td>
+                    <td>
+                        {{ group.parent.name }}
+                        <a href="{% url "ietf.group.views.group_home" acronym=group.parent.acronym %}">({{ group.parent.acronym }})</a>
+                    </td>
                 {% else %}
                     <td></td>
                     <td class="edit"></td>
@@ -444,4 +451,4 @@ <h2 class="mt-4">
             group_stats("{% url 'ietf.group.views.group_stats_data' %}", ".chart");
         });
     </script>
-{% endblock %}
\ No newline at end of file
+{% endblock %}
diff --git a/ietf/templates/meeting/proceedings_attendees.html b/ietf/templates/meeting/proceedings_attendees.html
index 390ce00cad..0c59d4ab15 100644
--- a/ietf/templates/meeting/proceedings_attendees.html
+++ b/ietf/templates/meeting/proceedings_attendees.html
@@ -3,6 +3,7 @@
 {% load origin markup_tags static %}
 {% block pagehead %}
     <link rel="stylesheet" href="{% static "ietf/css/list.css" %}">
+    {% if chart_data %}<link rel="stylesheet" href="{% static "ietf/css/highcharts.css" %}">{% endif %}
 {% endblock %}
 {% block title %}IETF {{ meeting.number }} proceedings{% endblock %}
 {% block content %}
@@ -14,8 +15,52 @@ <h1>
         </a>
     </h1>
     <h2>Attendee list of IETF {{ meeting.number }} meeting</h2>
-    
+
+    {% if chart_data %}
+    <div class="d-flex align-items-center gap-4 mb-3 flex-wrap">
+        <div class="d-flex gap-4">
+            <div>Onsite: <strong>{{ stats.onsite }}</strong></div>
+            <div>Remote: <strong>{{ stats.remote }}</strong></div>
+            <div>Total: <strong>{{ stats.total }}</strong></div>
+        </div>
+        <button type="button" class="btn btn-primary btn-sm"
+                data-bs-toggle="modal" data-bs-target="#attendees-chart-modal">
+            <i class="bi bi-pie-chart-fill"></i> View chart
+        </button>
+    </div>
+
+    <div class="modal fade" id="attendees-chart-modal" tabindex="-1"
+         aria-labelledby="attendees-chart-modal-label" aria-hidden="true">
+        <div class="modal-dialog modal-lg">
+            <div class="modal-content">
+                <div class="modal-header">
+                    <h2 class="modal-title fs-5" id="attendees-chart-modal-label">
+                        IETF {{ meeting.number }} attendees
+                    </h2>
+                    <button type="button" class="btn-close" data-bs-dismiss="modal" aria-label="Close"></button>
+                </div>
+                <div class="modal-body">
+                    <div class="btn-group mb-3" role="group" aria-label="Chart breakdown">
+                        <input type="radio" class="btn-check" name="attendees-breakdown"
+                               id="breakdown-type" value="type" checked>
+                        <label class="btn btn-outline-secondary btn-sm" for="breakdown-type">Onsite/Remote</label>
+                        <input type="radio" class="btn-check" name="attendees-breakdown"
+                               id="breakdown-countries" value="countries">
+                        <label class="btn btn-outline-secondary btn-sm" for="breakdown-countries">Countries</label>
+                    </div>
+                    <div id="attendees-pie-chart" class="bg-body"></div>
+                </div>
+            </div>
+        </div>
+    </div>
+
+    {{ chart_data|json_script:"attendees-chart-data" }}
+    {% endif %}{# chart_data #}
+
     {% if template %}
+    <div class="alert alert-info" role="alert">
+        Attendee statistics are not available for this meeting.
+    </div>
       {{template|safe}}
     {% else %}
         <table id="id_attendees" class="table table-sm table-striped tablesorter">
@@ -44,4 +89,8 @@ <h2>Attendee list of IETF {{ meeting.number }} meeting</h2>
 {% endblock %}
 {% block js %}
     <script src="{% static "ietf/js/list.js" %}"></script>
-{% endblock %}
\ No newline at end of file
+    {% if chart_data %}
+    <script src="{% static "ietf/js/highcharts.js" %}"></script>
+    <script src="{% static "ietf/js/attendees-chart.js" %}"></script>
+    {% endif %}
+{% endblock %}
diff --git a/ietf/templates/nomcom/view_feedback.html b/ietf/templates/nomcom/view_feedback.html
index 93d61b7f42..0758329d60 100644
--- a/ietf/templates/nomcom/view_feedback.html
+++ b/ietf/templates/nomcom/view_feedback.html
@@ -43,7 +43,7 @@ <h3 class="mt-5" id="declined">Declined each nominated position</h3>
                             </a>
                         </td>
                         {% for fbtype_name, fbtype_count, fbtype_newflag in fb_dict.feedback %}
-                            <td>
+                            <td data-sort-number="{{ fbtype_count }}">
                                 {% if fbtype_newflag %}<span class="badge rounded-pill text-bg-success">New</span>{% endif %}
                                 {{ fbtype_count }}
                             </td>
@@ -82,7 +82,7 @@ <h2 class="mt-5" id="topics">Feedback related to topics</h2>
                         </a>
                     </td>
                     {% for fbtype_name, fbtype_count, fbtype_newflag in fb_dict.feedback %}
-                        <td>
+                        <td data-sort-number="{{ fbtype_count }}">
                             {% if fbtype_newflag %}<span class="badge rounded-pill text-bg-success">New</span>{% endif %}
                             {{ fbtype_count }}
                         </td>
diff --git a/ietf/templates/person/person_link.html b/ietf/templates/person/person_link.html
index f3f7e1a5b7..b77fe8d6df 100644
--- a/ietf/templates/person/person_link.html
+++ b/ietf/templates/person/person_link.html
@@ -1,7 +1,7 @@
 {% if email and email == "system@datatracker.ietf.org" or name and name == "(System)" %}<span class="text-body-secondary">(System)</span>{% else %}<span {% if class %}class="{{ class }}"
       {% endif %}>{% if email or name %}<a {% if class %}class="text-reset"{% endif %}
            title="{% if title %}{{ title }}{% else %}Datatracker profile of {{ name }}{% endif %}"
-           {% if email %} href="{% url 'ietf.person.views.profile' email_or_name=email %}" {% else %} href="{% url 'ietf.person.views.profile' email_or_name=name %}" {% endif %}>{{ name }}</a>{% if email and with_email %} <a {% if class %}class="text-reset"{% endif %}
+           {% if email %} href="{% url 'ietf.person.views.profile' email_or_name=email %}" {% else %} href="{% url 'ietf.person.views.profile' email_or_name=name %}" {% endif %}>{% if titlepage_name %}{{ titlepage_name }}{% else %}{{ name }}{% endif %}</a>{% if email and with_email %} <a {% if class %}class="text-reset"{% endif %}
                href="mailto:{{ email|urlencode }}"
                aria-label="Compose email to {{ email }}"
                title="Compose email to {{ email }}">
diff --git a/ietf/templates/stats/annual_report_inputs.html b/ietf/templates/stats/annual_report_inputs.html
new file mode 100644
index 0000000000..15add7ece3
--- /dev/null
+++ b/ietf/templates/stats/annual_report_inputs.html
@@ -0,0 +1,55 @@
+{# Copyright The IETF Trust 2026, All Rights Reserved #}
+{% extends "base.html" %}
+{% load origin %}
+{% load ietf_filters static %}
+{% block content %}
+    {% origin %}
+    <h1>{% block title %}Annual Report Inputs for {{ year }}{% endblock %}</h1>
+    <form method="get" action="{% url "ietf.stats.views.annual_report_inputs" %}" class="mb-3">
+        <div class="input-group w-auto d-inline-flex">
+            <label class="input-group-text" for="year-select">Year</label>
+            <input id="year-select" class="form-control" type="number" name="year" value="{{ year }}" min="1990">
+            <button class="btn btn-primary" type="submit">Go</button>
+        </div>
+    </form>
+    <h2>Summary</h2>
+    <table class="table table-sm table-bordered w-auto">
+        <thead>
+            <tr>
+                <th scope="col" class="px-3"></th>
+                <th scope="col" class="text-end px-3">Email addresses</th>
+                <th scope="col" class="text-end px-3">Unique persons found</th>
+                <th scope="col" class="text-end px-3">Addresses with no person record</th>
+                <th scope="col" class="text-end px-3">Approximate unique people</th>
+            </tr>
+        </thead>
+        <tbody>
+            <tr>
+                <th scope="row" class="px-3">Authors</th>
+                <td class="text-end px-3">{{ author_count }}</td>
+                <td class="text-end px-3">{{ author_person_count }}</td>
+                <td class="text-end px-3">{{ author_noperson_count }}</td>
+                <td class="text-end px-3">{{ author_person_count|add:author_noperson_count }}</td>
+            </tr>
+            <tr>
+                <th scope="row" class="px-3">Submitters</th>
+                <td class="text-end px-3">{{ submitter_count }}</td>
+                <td class="text-end px-3">{{ submitter_person_count }}</td>
+                <td class="text-end px-3">{{ submitter_noperson_count }}</td>
+                <td class="text-end px-3">{{ submitter_person_count|add:submitter_noperson_count }}</td>
+            </tr>
+        </tbody>
+    </table>
+    <p>Drafts submitted in {{ year }}: {{ draft_count }}</p>
+    <h2>Downloads</h2>
+    <ul>
+        <li>
+            <a href="{% url "ietf.stats.views.annual_report_inputs" year %}?download=authors">authors-{{ year }}.csv</a>
+            &mdash; email addresses for I-D authors with submissions posted in {{ year }}
+        </li>
+        <li>
+            <a href="{% url "ietf.stats.views.annual_report_inputs" year %}?download=submitters">submitters-{{ year }}.csv</a>
+            &mdash; email addresses for I-D submitters with submissions posted in {{ year }}
+        </li>
+    </ul>
+{% endblock %}
diff --git a/ietf/templates/stats/index.html b/ietf/templates/stats/index.html
index 2000168525..38c8069507 100644
--- a/ietf/templates/stats/index.html
+++ b/ietf/templates/stats/index.html
@@ -14,8 +14,14 @@ <h1>
             <a rel="nofollow" href="{% url "ietf.stats.views.review_stats" %}">Reviews of Internet-Drafts in review teams</a>
             (requires login)
         </li>
+        <li>
+            <a rel="nofollow" href="{% url "ietf.stats.views.meeting_stats" meeting_number=current_meeting stats_type='country' %}">Per country/affiliation registration for a specific meeting, by default IETF-{{ current_meeting }}.</a>
+        </li>
+        <li>
+            <a rel="nofollow" href="{% url "ietf.stats.views.meetings_timeline" %}">Per country registration timeline for last meetings</a>
+        </li>
     </ul>
     <p>
-        Statistics on meetings and authorship are not currently available.
+        Statistics on authorship are not currently available.
     </p>
 {% endblock %}
\ No newline at end of file
diff --git a/ietf/templates/stats/meeting_stats.html b/ietf/templates/stats/meeting_stats.html
new file mode 100644
index 0000000000..fc41949a2e
--- /dev/null
+++ b/ietf/templates/stats/meeting_stats.html
@@ -0,0 +1,58 @@
+{% extends "base.html" %}
+{% load origin %}
+{% origin %}
+{% load ietf_filters static django_bootstrap5 %}
+{% block js %}
+    {{ total_chart_data|json_script:"total-chart-data" }}
+    {{ in_person_chart_data|json_script:"in-person-chart-data" }}
+    <script src="{% static 'ietf/js/meeting_stats.js' %}"></script>
+{% endblock %}
+{% block content %}
+    {% origin %}
+    <h1>
+        {% block title %}
+            Statistics for IETF-{{ meeting_number }} ({{ meeting_date }}, {{ meeting_city }}, {{ meeting_country }}) Registrations
+        {% endblock %}
+    </h1>
+    <div class="row my-3">
+        <label class="fw-bold col-sm-1 col-form-label">Show:</label>
+        <div class="btn-group col-sm-4">
+            {% for slug, label, url in possible_stats_types %}
+                <a class="btn btn-outline-primary
+                            {% if slug == stats_type %}
+                                active
+                            {% endif %}"
+                    href="{{ url }}">{{ label }}</a>
+            {% endfor %}
+        </div>
+        <label class="fw-bold col-sm-1 col-form-label">Meeting:</label>
+        <div class="btn-group col-sm-2">
+            {% for num, url in possible_meeting_numbers %}
+                <a class="btn btn-outline-primary
+                            {% if num == meeting_number %}
+                                active
+                            {% endif %}"
+                    href="{{ url }}">{{ num }}</a>
+            {% endfor %}
+        </div>
+    </div>
+    <p>
+        This page provides a visual representation of the total registrations for IETF-{{ meeting_number }} by {{ stats_type }}. 
+        Only categories having more than {{ minimum_required }} registrations are displayed separately,
+        else they are grouped under "Other".
+    </p>
+    <div class="row">
+        <div class="col-md-6 col-sm-12">
+        <h2>Total Registrations by {{ stats_type|title }} ({{ total_total}} in total)</h2>
+        <div class="chart-wrapper col-10">
+            <canvas id="totalRegistrationChart" aria-label="Total Registration Pie Chart" role="img"></canvas>
+        </div>
+        </div><!-- col -->
+        <div class="col-md-6 col-sm-12">
+        <h2>In Person Registrations by {{ stats_type|title }} ({{ in_person_total}} in total)</h2>
+        <div class="chart-wrapper col-10">
+            <canvas id="inPersonRegistrationChart" aria-label="In Person Registration Pie Chart" role="img"></canvas>
+        </div>
+        </div><!-- col -->
+    </div><!-- row -->
+{% endblock %}
\ No newline at end of file
diff --git a/ietf/templates/stats/meetings_timeline.html b/ietf/templates/stats/meetings_timeline.html
new file mode 100644
index 0000000000..40f46880cc
--- /dev/null
+++ b/ietf/templates/stats/meetings_timeline.html
@@ -0,0 +1,74 @@
+{% extends "base.html" %}
+{% load origin %}
+{% origin %}
+{% load ietf_filters static django_bootstrap5 %}
+{% block js %}
+    {{ total_chart_data|json_script:"total-chart-data" }}
+    {{ in_person_chart_data|json_script:"in-person-chart-data" }}
+    {{ stats_type|json_script:"stats-type-data" }}
+    <script src="{% static 'ietf/js/meeting_timeline.js' %}"></script>
+{% endblock %}
+{% block content %}
+    {% origin %}
+    <h1>
+        {% block title %}
+            Statistics for IETF Meeting Registrations
+        {% endblock %}
+    </h1>
+    
+    <div class="row my-3">
+        <label class="fw-bold col-sm-1 col-form-label">Show:</label>
+        <div class="btn-group col-sm-4">
+            {% for slug, label, url in possible_stats_types %}
+                <a class="btn btn-outline-primary
+                            {% if slug == stats_type %}
+                                active
+                            {% endif %}"
+                    href="{{ url }}">{{ label }}</a>
+            {% endfor %}
+        </div>
+        <label class="fw-bold col-sm-1 col-form-label">Meeting:</label>
+        <div class="btn-group col-sm-2">
+            {% for num, url in possible_meeting_numbers %}
+                <a class="btn btn-outline-primary
+                            {% if num == meeting_number %}
+                                active
+                            {% endif %}"
+                    href="{{ url }}">{{ num }}</a>
+            {% endfor %}
+        </div>
+    </div>
+    <p>
+    {% if stats_type == 'total' %}
+        This page provides a timeline of meeting registrations.
+    {% else %}
+        This page provides a timeline of meeting registrations by {{ stats_type }} with a limit of {{ top_n }} categories.
+    {% endif %}
+        Panning can be done via the mouse or with a finger. Zooming is done via the mouse wheel or via a pinch gesture. Press <kbd>ESC</kbd> 
+            or click <button type="button" class="btn btn-primary" id="resetButton">Reset</button> to reset panning/zooming.
+    </p>
+    <div class="row">
+        <div class="col-md-12">
+        {% if stats_type == 'total' %}
+            <h2>Total Registrations</h2>
+        {% else %}
+            <h2>Total Registrations by {{ stats_type|title }}</h2>
+        {% endif %}
+        <div class="chart-wrapper col-10">
+            <canvas id="totalRegistrationChart" aria-label="Total Registration Timeline" role="img"></canvas>
+        </div>
+        </div><!-- col -->
+        {% if stats_type != 'total' %}
+        <div class="col-md-12">
+        {% if stats_type == 'total' %}
+            <h2>Total In Person Registrations</h2>
+        {% else %}
+            <h2>In Person Registrations by {{ stats_type|title }}</h2>
+        {% endif %}
+        <div class="chart-wrapper col-10">
+            <canvas id="inPersonRegistrationChart" aria-label="In Person Registration Timeline" role="img"></canvas>
+        </div>
+        </div><!-- col -->
+        {% endif %}
+    </div><!-- row -->
+{% endblock %}
\ No newline at end of file
diff --git a/ietf/templates/submit/manual_post.html b/ietf/templates/submit/manual_post.html
index 6e4a2ba42a..0da83e750f 100644
--- a/ietf/templates/submit/manual_post.html
+++ b/ietf/templates/submit/manual_post.html
@@ -1,5 +1,5 @@
 {% extends "submit/submit_base.html" %}
-{# Copyright The IETF Trust 2015, All Rights Reserved #}
+{# Copyright The IETF Trust 2015-2026, All Rights Reserved #}
 {% load origin static %}
 {% block pagehead %}
     <link rel="stylesheet" href="{% static "ietf/css/list.css" %}">
@@ -27,17 +27,9 @@ <h2 class="mt-3" id="man_post">Submissions needing manual posting</h2>
             <tbody>
                 {% for s in manual %}
                     <tr>
-                        {% if user.is_authenticated %}
-                            <td>
-                                <a href="{% url "ietf.submit.views.submission_status" submission_id=s.pk access_token=s.access_token %}">
-                                    {{ s.name }}-{{ s.rev }}
-                                </a>
-                            </td>
-                        {% else %}
-                            <td>
-                                <a href="{% url "ietf.submit.views.submission_status" submission_id=s.pk %}">{{ s.name }}-{{ s.rev }}</a>
-                            </td>
-                        {% endif %}
+                        <td>
+                            <a href="{% url "ietf.submit.views.submission_status" submission_id=s.pk %}">{{ s.name }}-{{ s.rev }}</a>
+                        </td>
                         <td>{{ s.submission_date }}</td>
                         <td>
                             {% if s.passes_checks %}
diff --git a/ietf/templates/sync/bcp-index.txt b/ietf/templates/sync/bcp-index.txt
new file mode 100644
index 0000000000..dd19920eba
--- /dev/null
+++ b/ietf/templates/sync/bcp-index.txt
@@ -0,0 +1,52 @@
+
+
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+                             BCP INDEX
+                           -------------
+
+(CREATED ON: {{created_on}}.)
+
+This file contains citations for all BCPs in numeric order.  The BCPs
+form a sub-series of the RFC document series, specifically those RFCs
+with the status BEST CURRENT PRACTICE.
+
+BCP citations appear in this format:
+
+   [BCP#]     Best Current Practice #,
+              <BCP URL>.
+              At the time of writing, this BCP comprises the following:
+
+              Author 1, Author 2, "Title of the RFC", BCP #, RFC №,
+              DOI DOI string, Issue date,
+              <RFC URL>.
+
+For example:
+
+   [BCP3]     Best Current Practice 3,
+              <https://www.rfc-editor.org/info/bcp3>.
+              At the time of writing, this BCP comprises the following:
+
+              F. Kastenholz, "Variance for The PPP Compression Control Protocol
+              and The PPP Encryption Control Protocol", BCP 3, RFC 1915,
+              DOI 10.17487/RFC1915, February 1996,
+              <https://www.rfc-editor.org/info/rfc1915>.
+
+Key to fields:
+
+# is the BCP number.
+
+№ is the RFC number.
+
+BCPs and other RFCs may be obtained from https://www.rfc-editor.org.
+
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+                                BCP INDEX
+                                ---------
+   
+
+
+{% for bcp in bcps %}{{bcp|safe}}
+
+{% endfor %}
diff --git a/ietf/templates/sync/fyi-index.txt b/ietf/templates/sync/fyi-index.txt
new file mode 100644
index 0000000000..cf9d57d570
--- /dev/null
+++ b/ietf/templates/sync/fyi-index.txt
@@ -0,0 +1,52 @@
+
+
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+                             FYI INDEX
+                           -------------
+
+(CREATED ON: {{created_on}}.)
+
+This file contains citations for all FYIs in numeric order.  The FYIs
+(For Your Information) documents form a sub-series of the RFC series,
+specifically those documents that may be of particular interest
+to Internet users.  The corresponding RFCs have status INFORMATIONAL.
+
+FYI citations appear in this format:
+
+   [FYI#]     For Your Information #,
+              <FYI URL>.
+              At the time of writing, this FYI comprises the following:
+
+              Author 1, Author 2, "Title of the RFC", FYI #, RFC №,
+              DOI DOI string, Issue date,
+              <RFC URL>.
+
+For example:
+
+   [FYI8]     For Your Information 8,
+              <https://www.rfc-editor.org/info/fyi8>.
+              At the time of writing, this FYI comprises the following:
+
+              B. Fraser, "Site Security Handbook", FYI 8, RFC 2196,
+              DOI 10.17487/RFC2196, September 1997,
+              <https://www.rfc-editor.org/info/rfc2196>.
+
+Key to fields:
+
+# is the FYI number.
+
+№ is the RFC number.
+
+FYIs and other RFCs may be obtained from https://www.rfc-editor.org.
+
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+                                FYI INDEX
+                                ---------
+   
+
+
+{% for fyi in fyis %}{{fyi|safe}}
+
+{% endfor %}
diff --git a/ietf/templates/sync/rfc-index.txt b/ietf/templates/sync/rfc-index.txt
new file mode 100644
index 0000000000..0f01ddfa90
--- /dev/null
+++ b/ietf/templates/sync/rfc-index.txt
@@ -0,0 +1,69 @@
+
+
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+                             RFC INDEX
+                           -------------
+
+(CREATED ON: {{created_on}}.)
+
+This file contains citations for all RFCs in numeric order.
+
+RFC citations appear in this format:
+
+  ####  Title of RFC.  Author 1, Author 2, Author 3.  Issue date.
+        (Format: ASCII) (Obsoletes xxx) (Obsoleted by xxx) (Updates xxx)
+        (Updated by xxx) (Also FYI ####) (Status: ssssss) (DOI: ddd)
+
+or
+
+  ####  Not Issued.
+
+For example:
+
+  1129 Internet Time Synchronization: The Network Time Protocol. D.L.
+       Mills. October 1989. (Format: TXT, PS, PDF, HTML) (Also RFC1119)
+       (Status: INFORMATIONAL) (DOI: 10.17487/RFC1129)
+
+Key to citations:
+
+#### is the RFC number.
+
+Following the RFC number are the title, the author(s), and the
+publication date of the RFC.  Each of these is terminated by a period.
+
+Following the number are the title (terminated with a period), the
+author, or list of authors (terminated with a period), and the date
+(terminated with a period).
+
+The format follows in parentheses. One or more of the following formats
+are listed:  text (TXT), PostScript (PS), Portable Document Format
+(PDF), HTML, XML.
+
+Obsoletes xxxx refers to other RFCs that this one replaces;
+Obsoleted by xxxx refers to RFCs that have replaced this one.
+Updates xxxx refers to other RFCs that this one merely updates (but
+does not replace); Updated by xxxx refers to RFCs that have updated
+(but not replaced) this one.  Generally, only immediately succeeding
+and/or preceding RFCs are indicated, not the entire history of each
+related earlier or later RFC in a related series.
+
+The (Also FYI ##) or (Also STD ##) or (Also BCP ##) phrase gives the
+equivalent FYI, STD, or BCP number if the RFC is also in those
+document sub-series.  The Status field gives the document's
+current status (see RFC 2026).  The (DOI ddd) field gives the
+Digital Object Identifier.
+
+RFCs may be obtained in a number of ways, using HTTP, FTP, or email.
+See the RFC Editor Web page http://www.rfc-editor.org
+
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+                                RFC INDEX
+                                ---------
+
+
+
+{% for rfc in rfcs %}{{rfc|safe}}
+
+{% endfor %}
diff --git a/ietf/templates/sync/std-index.txt b/ietf/templates/sync/std-index.txt
new file mode 100644
index 0000000000..a4a5fba946
--- /dev/null
+++ b/ietf/templates/sync/std-index.txt
@@ -0,0 +1,51 @@
+
+
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+                             STD INDEX
+                           -------------
+
+(CREATED ON: {{created_on}}.)
+
+This file contains citations for all STDs in numeric order.  Each
+STD represents a single Internet Standard technical specification,
+composed of one or more RFCs with Internet Standard status.
+
+STD citations appear in this format:
+
+   [STD#]     Internet Standard #,
+              <STD URL>.
+              At the time of writing, this STD comprises the following:
+
+              Author 1, Author 2, "Title of the RFC", STD #, RFC №,
+              DOI DOI string, Issue date,
+              <RFC URL>.
+
+For example:
+
+   [STD6]     Internet Standard 6,
+              <https://www.rfc-editor.org/info/std6>.
+              At the time of writing, this STD comprises the following:
+
+              J. Postel, "User Datagram Protocol", STD 6, RFC 768,
+              DOI 10.17487/RFC0768, August 1980,
+              <https://www.rfc-editor.org/info/rfc768>.
+
+Key to fields:
+
+# is the STD number.
+
+№ is the RFC number.
+
+STDs and other RFCs may be obtained from https://www.rfc-editor.org.
+
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+                                STD INDEX
+                                ---------
+   
+
+
+{% for std in stds %}{{std|safe}}
+
+{% endfor %}
diff --git a/ietf/utils/admin.py b/ietf/utils/admin.py
index e6324ad7cd..cb8841cdc6 100644
--- a/ietf/utils/admin.py
+++ b/ietf/utils/admin.py
@@ -1,71 +1,30 @@
-# Copyright The IETF Trust 2011-2020, All Rights Reserved
-# -*- coding: utf-8 -*-
+# Copyright The IETF Trust 2011-2026, All Rights Reserved
 
 
 from django.contrib import admin
-from django.utils.encoding import force_str
-
-def name(obj):
-    if hasattr(obj, 'abbrev'):
-        return obj.abbrev()
-    elif hasattr(obj, 'name'):
-        if callable(obj.name):
-            name = obj.name()
-        else:
-            name = force_str(obj.name)
-        if name:
-            return name
-    return str(obj)
-    
-def admin_link(field, label=None, ordering="", display=name, suffix=""):
-    if not label:
-        label = field.capitalize().replace("_", " ").strip()
-    if ordering == "":
-        ordering = field
-    def _link(self):
-        obj = self
-        for attr in field.split("__"):
-            obj = getattr(obj, attr)
-            if callable(obj):
-                obj = obj()
-        if hasattr(obj, "all"):
-            objects = obj.all()
-        elif callable(obj):
-            objects = obj()
-            if not hasattr(objects, "__iter__"):
-                objects = [ objects ]
-        elif hasattr(obj, "__iter__"):
-            objects = obj
-        else:
-            objects = [ obj ]
-        chunks = []
-        for obj in objects:
-            app = obj._meta.app_label
-            model = obj.__class__.__name__.lower()
-            id = obj.pk
-            chunks += [ '<a href="/admin/%(app)s/%(model)s/%(id)s/%(suffix)s">%(display)s</a>' %
-                {'app':app, "model": model, "id":id, "display": display(obj), "suffix":suffix, } ]
-        return ", ".join(chunks)
-    _link.allow_tags = True
-    _link.short_description = label
-    _link.admin_order_field = ordering
-    return _link
+from .models import DumpInfo, DirtyBits
 
 
 class SaferStackedInline(admin.StackedInline):
     """StackedInline without delete by default"""
+
     can_delete = False  # no delete button
     show_change_link = True  # show a link to the resource (where it can be deleted)
 
 
 class SaferTabularInline(admin.TabularInline):
     """TabularInline without delete by default"""
+
     can_delete = False  # no delete button
     show_change_link = True  # show a link to the resource (where it can be deleted)
 
 
-from .models import DumpInfo
+@admin.register(DumpInfo)
 class DumpInfoAdmin(admin.ModelAdmin):
-    list_display = ['date', 'host', 'tz']
-    list_filter = ['date']
-admin.site.register(DumpInfo, DumpInfoAdmin)
+    list_display = ["date", "host", "tz"]
+    list_filter = ["date"]
+
+
+@admin.register(DirtyBits)
+class DirtyBitsAdmin(admin.ModelAdmin):
+    list_display = ["slug", "dirty_time", "processed_time"]
diff --git a/ietf/utils/migrations/0003_dirtybits.py b/ietf/utils/migrations/0003_dirtybits.py
new file mode 100644
index 0000000000..11f6ed09f6
--- /dev/null
+++ b/ietf/utils/migrations/0003_dirtybits.py
@@ -0,0 +1,37 @@
+# Copyright The IETF Trust 2026, All Rights Reserved
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ("utils", "0002_delete_versioninfo"),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name="DirtyBits",
+            fields=[
+                (
+                    "id",
+                    models.AutoField(
+                        auto_created=True,
+                        primary_key=True,
+                        serialize=False,
+                        verbose_name="ID",
+                    ),
+                ),
+                (
+                    "slug",
+                    models.CharField(
+                        choices=[("rfcindex", "RFC Index")], max_length=40, unique=True
+                    ),
+                ),
+                ("dirty_time", models.DateTimeField(blank=True, null=True)),
+                ("processed_time", models.DateTimeField(blank=True, null=True)),
+            ],
+            options={
+                "verbose_name_plural": "dirty bits",
+            },
+        ),
+    ]
diff --git a/ietf/utils/migrations/0004_alter_dirtybits_slug.py b/ietf/utils/migrations/0004_alter_dirtybits_slug.py
new file mode 100644
index 0000000000..e17ea6cadd
--- /dev/null
+++ b/ietf/utils/migrations/0004_alter_dirtybits_slug.py
@@ -0,0 +1,21 @@
+# Copyright The IETF Trust 2026, All Rights Reserved
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ("utils", "0003_dirtybits"),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name="dirtybits",
+            name="slug",
+            field=models.CharField(
+                choices=[("rfcindex", "RFC Index"), ("errata", "Errata Tags")],
+                max_length=40,
+                unique=True,
+            ),
+        ),
+    ]
diff --git a/ietf/utils/models.py b/ietf/utils/models.py
index 21af5766e9..64f7f253f2 100644
--- a/ietf/utils/models.py
+++ b/ietf/utils/models.py
@@ -1,14 +1,36 @@
-# Copyright The IETF Trust 2015-2020, All Rights Reserved
+# Copyright The IETF Trust 2015-2026, All Rights Reserved
 
 import itertools
 
 from django.db import models
 
+
+class DirtyBits(models.Model):
+    """A weak semaphore mechanism for coordination with celery beat tasks
+
+    Web workers will set the "dirty_time" value for a given dirtybit slug.
+    Celery workers will do work if "processed_time" < "dirty_time" and update
+    "processed_time".
+    """
+
+    class Slugs(models.TextChoices):
+        RFCINDEX = "rfcindex", "RFC Index"
+        ERRATA = "errata", "Errata Tags"
+
+    # next line can become `...choices=Slugs)` when we get to Django 5.x
+    slug = models.CharField(max_length=40, blank=False, choices=Slugs.choices, unique=True)
+    dirty_time = models.DateTimeField(null=True, blank=True)
+    processed_time = models.DateTimeField(null=True, blank=True)
+
+    class Meta:
+        verbose_name_plural = "dirty bits"
+
+    
 class DumpInfo(models.Model):
     date = models.DateTimeField()
     host = models.CharField(max_length=128)
     tz   = models.CharField(max_length=32, default='UTC')
-    
+
 class ForeignKey(models.ForeignKey):
     "A local ForeignKey proxy which provides the on_delete value required under Django 2.0."
     def __init__(self, to, on_delete=models.CASCADE, **kwargs):
diff --git a/ietf/utils/reports.py b/ietf/utils/reports.py
new file mode 100755
index 0000000000..9a969a5217
--- /dev/null
+++ b/ietf/utils/reports.py
@@ -0,0 +1,49 @@
+# Copyright The IETF Trust 2023-2026, All Rights Reserved
+
+from typing import List, Set, Tuple
+from django.db.models import QuerySet
+
+from email.utils import parseaddr
+
+from ietf.person.models import Person
+from ietf.submit.models import Submission
+
+
+def authors_by_year(year: int) -> Set[str]:
+    """Email addresses provided by I-D authors for drafts that were submitted in the given year."""
+    addresses = set()
+    for submission in Submission.objects.filter(
+        submission_date__year=year, state="posted"
+    ):
+        addresses.update([a["email"] for a in submission.authors])
+    return addresses
+
+
+def submitters_by_year(year: int) -> Set[str]:
+    """Email addresses provided by I-D submitters for drafts that were submitted in the given year."""
+    return set(
+        [
+            parseaddr(a)[1]
+            for a in Submission.objects.filter(
+                submitter__contains="@", submission_date__year=year, state="posted"
+            ).values_list("submitter", flat=True)
+        ]
+    )
+
+
+def unique_people(addresses: List[str]) -> Tuple["QuerySet[Person]", Set]:
+    """Identify Person records matching email addresses and email addresses with no Person record.
+
+    Given a list of email addresses, return
+    (
+        a list of unique Person records with a matching email address,
+        a list of unique email addresses with no matching Person record
+    )
+    The sum of the lengths of these lists is a best-approximation for how
+    many unique people the list of addresses belong to.
+    """
+    persons = Person.objects.filter(email__address__in=addresses).distinct()
+    known_email = set(persons.values_list("email__address", flat=True))
+    return (persons, set(addresses) - set(known_email))
+
+
diff --git a/ietf/utils/resources.py b/ietf/utils/resources.py
index 1252cfef14..63206eb33a 100644
--- a/ietf/utils/resources.py
+++ b/ietf/utils/resources.py
@@ -1,6 +1,4 @@
-# Copyright The IETF Trust 2014-2019, All Rights Reserved
-# -*- coding: utf-8 -*-
-# Autogenerated by the mkresources management command 2014-11-13 05:39
+# Copyright The IETF Trust 2014-2026, All Rights Reserved
 
 
 from ietf.api import ModelResource
@@ -12,7 +10,7 @@
 from django.contrib.contenttypes.models import ContentType
 
 from ietf import api
-from ietf.utils.models import DumpInfo
+from ietf.utils.models import DirtyBits, DumpInfo
 
 
 class UserResource(ModelResource):
@@ -43,3 +41,9 @@ class Meta:
             "host": ALL,
         }
 api.utils.register(DumpInfoResource())
+
+
+class DirtyBitsResource(ModelResource):
+    class Meta:
+        queryset = DirtyBits.objects.none()
+api.utils.register(DirtyBitsResource())
diff --git a/ietf/utils/searchindex.py b/ietf/utils/searchindex.py
new file mode 100644
index 0000000000..4e1ee27895
--- /dev/null
+++ b/ietf/utils/searchindex.py
@@ -0,0 +1,425 @@
+# Copyright The IETF Trust 2026, All Rights Reserved
+"""Search indexing utilities"""
+
+import re
+from itertools import batched
+from math import floor
+from typing import Iterable
+from urllib.parse import urljoin
+
+import httpx  # just for exceptions
+import requests
+import typesense
+import typesense.exceptions
+from django.conf import settings
+from typesense.types.document import DocumentSchema
+
+from ietf.doc.models import Document, StoredObject
+from ietf.doc.storage_utils import retrieve_str
+from ietf.utils.log import log
+
+# Error classes that might succeed just by retrying a failed attempt.
+# Must be a tuple for use with isinstance()
+RETRYABLE_ERROR_CLASSES = (
+    httpx.ConnectError,
+    httpx.ConnectTimeout,
+    typesense.exceptions.Timeout,
+    typesense.exceptions.ServerError,
+    typesense.exceptions.ServiceUnavailable,
+)
+
+DEFAULT_SETTINGS = {
+    "TYPESENSE_API_URL": "",
+    "TYPESENSE_API_KEY": "",
+    "TYPESENSE_COLLECTION_NAME": "docs",
+    "TASK_RETRY_DELAY": 10,
+    "TASK_MAX_RETRIES": 12,
+}
+
+
+def get_settings():
+    return DEFAULT_SETTINGS | getattr(settings, "SEARCHINDEX_CONFIG", {})
+
+
+def enabled():
+    _settings = get_settings()
+    return _settings["TYPESENSE_API_URL"] != ""
+
+
+def get_typesense_client() -> typesense.Client:
+    _settings = get_settings()
+    client = typesense.Client(
+        {
+            "api_key": _settings["TYPESENSE_API_KEY"],
+            "nodes": [_settings["TYPESENSE_API_URL"]],
+        }
+    )
+    return client
+
+
+def get_collection_name() -> str:
+    _settings = get_settings()
+    collection_name = _settings["TYPESENSE_COLLECTION_NAME"]
+    assert isinstance(collection_name, str)
+    return collection_name
+
+
+def _sanitize_text(content: str):
+    """Sanitize content text for search
+    
+    Aggressively simplifies whitespace, removes most punctuation
+    """
+    # REs (with approximate names)
+    RE_DOT_OR_BANG_SPACE = r"\. |! "  # -> " " (space)
+    RE_COMMENT_OR_TOC_CRUD = r"<--|-->|--+|\+|\.\.+"  # -> ""
+    RE_BRACKETED_REF = r"\[[a-zA-Z0-9 -]+\]"  # -> ""
+    RE_DOTTED_NUMBERS = r"[0-9]+\.[0-9]+(\.[0-9]+)?"  # -> ""
+    RE_MULTIPLE_WHITESPACE = r"\s+"  # -> " " (space)
+    # Replacement values (for clarity of intent)
+    SPACE = " "
+    EMPTY = ""
+    # Sanitizing begins here, order is significant!
+    content = re.sub(RE_DOT_OR_BANG_SPACE, SPACE, content.strip())
+    content = re.sub(RE_COMMENT_OR_TOC_CRUD, EMPTY, content)
+    content = re.sub(RE_BRACKETED_REF, EMPTY, content)
+    content = re.sub(RE_DOTTED_NUMBERS, EMPTY, content)
+    content = re.sub(RE_MULTIPLE_WHITESPACE, SPACE, content)
+    return content.strip()
+
+
+def _sanitize_abstract(abstract: str):
+    """Sanitize abstract text for search
+    
+    Simplifies whitespace but mostly leaves text intact. Abstract text will be
+    displayed in search results, so a light touch is needed.
+    """
+    abstract = abstract.strip()
+    abstract = re.sub("\r\n|\n\r|\r", "\n", abstract)  # normalize on \n
+    abstract = "\n".join(line.strip() for line in abstract.split("\n"))  # strip by line
+    return abstract
+
+
+def typesense_doc_from_rfc(rfc: Document) -> DocumentSchema:
+    assert rfc.type_id == "rfc"
+    assert rfc.rfc_number is not None
+    assert rfc.pages is not None
+
+    keywords: list[str] = rfc.keywords  # help type checking
+
+    subseries = rfc.part_of()
+    if len(subseries) > 1:
+        log(
+            f"RFC {rfc.rfc_number} is in multiple subseries. "
+            f"Indexing as {subseries[0].name}"
+        )
+    subseries = subseries[0] if len(subseries) > 0 else None
+    obsoleted_by = rfc.related_that("obs")
+    is_obsoleted = len(obsoleted_by) > 0
+    updated_by = rfc.related_that("updates")
+    is_updated = len(updated_by) > 0
+    is_historic = rfc.std_level.slug == "hist"
+
+    stored_txt = (
+        StoredObject.objects.exclude_deleted()
+        .filter(store="rfc", doc_name=rfc.name, name__startswith="txt/")
+        .first()
+    )
+    content = ""
+    if stored_txt is not None:
+        # Should be available in the blobdb, but be cautious...
+        try:
+            content = retrieve_str(kind=stored_txt.store, name=stored_txt.name)
+        except Exception as err:
+            log(f"Unable to retrieve {stored_txt} from storage: {err}")
+
+    ts_document = {
+        "id": f"doc-{rfc.pk}",
+        "rfcNumber": rfc.rfc_number,
+        "rfc": str(rfc.rfc_number),
+        "filename": rfc.name,
+        "title": rfc.title,
+        "abstract": _sanitize_abstract(rfc.abstract),
+        "pages": rfc.pages,
+        "keywords": keywords,
+        "type": "rfc",
+        "state": [state.name for state in rfc.states.all()],
+        "status": {"slug": rfc.std_level.slug, "name": rfc.std_level.name},
+        "date": floor(rfc.time.timestamp()),
+        "publicationDate": floor(rfc.pub_datetime().timestamp()),
+        "stream": {"slug": rfc.stream.slug, "name": rfc.stream.name},
+        "authors": [
+            {"name": rfc_author.titlepage_name, "affiliation": rfc_author.affiliation}
+            for rfc_author in rfc.rfcauthor_set.all()
+        ],
+        "flags": {
+            "hiddenDefault": is_obsoleted or is_historic,
+            "obsoleted": is_obsoleted,
+            "updated": is_updated,
+        },
+        "obsoletedBy": [str(doc.rfc_number) for doc in obsoleted_by],
+        "updatedBy": [str(doc.rfc_number) for doc in updated_by],
+        "ranking": rfc.rfc_number,
+    }
+    if subseries is not None:
+        ts_document["subseries"] = {
+            "acronym": subseries.type.slug,
+            "number": int(subseries.name[len(subseries.type.slug):]),
+            "total": len(subseries.contains()),
+        }
+    if rfc.group is not None:
+        ts_document["group"] = {
+            "acronym": rfc.group.acronym,
+            "name": rfc.group.name,
+            "full": f"{rfc.group.acronym} - {rfc.group.name}",
+            "type": rfc.group.type.slug,
+        }
+    if (
+        rfc.group.parent is not None
+        and rfc.stream_id not in ["ise", "irtf", "iab"]  # exclude editorial?
+    ):
+        ts_document["area"] = {
+            "acronym": rfc.group.parent.acronym,
+            "name": rfc.group.parent.name,
+            "full": f"{rfc.group.parent.acronym} - {rfc.group.parent.name}",
+        }
+    if rfc.ad is not None:
+        ts_document["adName"] = rfc.ad.name
+    if content != "":
+        ts_document["content"] = _sanitize_text(content)
+    return ts_document
+
+
+def update_or_create_rfc_entry(rfc: Document):
+    """Update/create index entries for one RFC"""
+    ts_document = typesense_doc_from_rfc(rfc)
+    client = get_typesense_client()
+    client.collections[get_collection_name()].documents.upsert(ts_document)
+
+
+def update_or_create_rfc_entries(
+    rfcs: Iterable[Document], batchsize: int | None = None
+):
+    """Update/create index entries for RFCs in bulk
+
+    If batchsize is set, computes index data in batches of batchsize and adds to the
+    index. Will make a total of (len(rfcs) // batchsize) + 1 API calls.
+
+    N.b. that typesense has a server-side batch size that defaults to 40, which should
+    "almost never be changed from the default." This does not change that. Further,
+    the python client library's import_ method has a batch_size parameter that does
+    client-side batching. We don't use that, either.
+    """
+    success_count = 0
+    fail_count = 0
+    client = get_typesense_client()
+    batches = [rfcs] if batchsize is None else batched(rfcs, batchsize)
+    for batch in batches:
+        tdoc_batch = [typesense_doc_from_rfc(rfc) for rfc in batch]
+        results = client.collections[get_collection_name()].documents.import_(
+            tdoc_batch, {"action": "upsert"}
+        )
+        for tdoc, result in zip(tdoc_batch, results):
+            if result["success"]:
+                success_count += 1
+            else:
+                fail_count += 1
+                log(f"Failed to index RFC {tdoc['rfcNumber']}: {result['error']}")
+    log(f"Added {success_count} RFCs to the index, failed to add {fail_count}")
+
+
+DOCS_SCHEMA = {
+    "enable_nested_fields": True,
+    "default_sorting_field": "ranking",
+    "fields": [
+        # RFC number in integer form, for sorting asc/desc in search results
+        # Omit field for drafts
+        {
+            "name": "rfcNumber",
+            "type": "int32",
+            "facet": False,
+            "optional": True,
+            "sort": True,
+        },
+        # RFC number in string form, for direct matching with ranking
+        # Omit field for drafts
+        {"name": "rfc", "type": "string", "facet": False, "optional": True},
+        # For drafts that correspond to an RFC, insert the RFC number
+        # Omit field for rfcs or if not relevant
+        {"name": "ref", "type": "string", "facet": False, "optional": True},
+        # Filename of the document (without the extension, e.g. "rfc1234"
+        # or "draft-ietf-abc-def-02")
+        {"name": "filename", "type": "string", "facet": False, "infix": True},
+        # Title of the draft / rfc
+        {"name": "title", "type": "string", "facet": False},
+        # Abstract of the draft / rfc
+        {"name": "abstract", "type": "string", "facet": False},
+        # Number of pages
+        {"name": "pages", "type": "int32", "facet": False},
+        # A list of search keywords if relevant, set to empty array otherwise
+        {"name": "keywords", "type": "string[]", "facet": True},
+        # Type of the document
+        # Accepted values: "draft" or "rfc"
+        {"name": "type", "type": "string", "facet": True},
+        # State(s) of the document (e.g. "Published", "Adopted by a WG", etc.)
+        # Use the full name, not the slug
+        {"name": "state", "type": "string[]", "facet": True, "optional": True},
+        # Status (Standard Level Name)
+        # Object with properties "slug" and "name"
+        # e.g.: { slug: "std", "name": "Internet Standard" }
+        {"name": "status", "type": "object", "facet": True, "optional": True},
+        # The subseries it is part of. (e.g. "BCP")
+        # Omit otherwise.
+        {
+            "name": "subseries.acronym",
+            "type": "string",
+            "facet": True,
+            "optional": True,
+        },
+        # The subseries number it is part of. (e.g. 123)
+        # Omit otherwise.
+        {
+            "name": "subseries.number",
+            "type": "int32",
+            "facet": True,
+            "sort": True,
+            "optional": True,
+        },
+        # The total of RFCs in the subseries
+        # Omit if not part of a subseries
+        {
+            "name": "subseries.total",
+            "type": "int32",
+            "facet": False,
+            "sort": False,
+            "optional": True,
+        },
+        # Date of the document, in unix epoch seconds (can be negative for < 1970)
+        {"name": "date", "type": "int64", "facet": False},
+        # Expiration date of the document, in unix epoch seconds (can be negative
+        # for < 1970). Omit field for RFCs
+        {"name": "expires", "type": "int64", "facet": False, "optional": True},
+        # Publication date of the RFC, in unix epoch seconds (can be negative
+        # for < 1970). Omit field for drafts
+        {
+            "name": "publicationDate",
+            "type": "int64",
+            "facet": True,
+            "optional": True,
+        },
+        # Working Group
+        # Object with properties "acronym", "name" and "full"
+        # e.g.:
+        # {
+        #     "acronym": "ntp",
+        #     "name": "Network Time Protocols",
+        #     "full": "ntp - Network Time Protocols",
+        # }
+        {"name": "group", "type": "object", "facet": True, "optional": True},
+        # Area
+        # Object with properties "acronym", "name" and "full"
+        # e.g.:
+        # {
+        #     "acronym": "mpls",
+        #     "name": "Multiprotocol Label Switching",
+        #     "full": "mpls - Multiprotocol Label Switching",
+        # }
+        {"name": "area", "type": "object", "facet": True, "optional": True},
+        # Stream
+        # Object with properties "slug" and "name"
+        # e.g.: { slug: "ietf", "name": "IETF" }
+        {"name": "stream", "type": "object", "facet": True, "optional": True},
+        # List of authors
+        # Array of objects with properties "name" and "affiliation"
+        # e.g.:
+        # [
+        #     {"name": "John Doe", "affiliation": "ACME Inc."},
+        #     {"name": "Ada Lovelace", "affiliation": "Babbage Corps."},
+        # ]
+        {"name": "authors", "type": "object[]", "facet": True, "optional": True},
+        # Area Director Name (e.g. "Leonardo DaVinci")
+        {"name": "adName", "type": "string", "facet": True, "optional": True},
+        # Whether the document should be hidden by default in search results or not.
+        {"name": "flags.hiddenDefault", "type": "bool", "facet": True},
+        # Whether the document is obsoleted by another document or not.
+        {"name": "flags.obsoleted", "type": "bool", "facet": True},
+        # Whether the document is updated by another document or not.
+        {"name": "flags.updated", "type": "bool", "facet": True},
+        # List of documents that obsolete this document.
+        # Array of strings. Use RFC number for RFCs. (e.g. ["123", "456"])
+        # Omit if none. Must be provided if "flags.obsoleted" is set to True.
+        {
+            "name": "obsoletedBy",
+            "type": "string[]",
+            "facet": False,
+            "optional": True,
+        },
+        # List of documents that update this document.
+        # Array of strings. Use RFC number for RFCs. (e.g. ["123", "456"])
+        # Omit if none. Must be provided if "flags.updated" is set to True.
+        {"name": "updatedBy", "type": "string[]", "facet": False, "optional": True},
+        # Sanitized content of the document.
+        # Make sure to remove newlines, double whitespaces, symbols and tags.
+        {
+            "name": "content",
+            "type": "string",
+            "facet": False,
+            "optional": True,
+            "store": False,
+        },
+        # Ranking value to use when no explicit sorting is used during search
+        # Set to the RFC number for RFCs and the revision number for drafts
+        # This ensures newer RFCs get listed first in the default search results
+        # (without a query)
+        {"name": "ranking", "type": "int32", "facet": False},
+    ],
+}
+
+SEARCH_PRESETS = {
+    "red": {
+        "collection": "docs",
+        "infix": "off,always,off,off,off,off,off,off",
+        "query_by": "rfc,filename,title,abstract,keywords,authors,group,area",
+        "query_by_weights": "127,50,50,20,20,5,2,1"
+    },
+    "red-content": {
+        "collection": "docs",
+        "infix": "off,always,off,off",
+        "query_by": "rfc,filename,authors,content",
+        "query_by_weights": "127,50,5,1"
+    },
+}
+
+
+def create_collection():
+    collection_name = get_collection_name()
+    log(f"Creating '{collection_name}' collection")
+    client = get_typesense_client()
+    client.collections.create({"name": get_collection_name()} | DOCS_SCHEMA)
+
+
+def delete_collection():
+    collection_name = get_collection_name()
+    log(f"Deleting '{collection_name}' collection")
+    client = get_typesense_client()
+    try:
+        client.collections[collection_name].delete()
+    except typesense.exceptions.ObjectNotFound:
+        pass
+
+
+def upsert_presets():
+    # typesense-python does not support presets, so use requests
+    _settings = get_settings()
+    api_base = _settings["TYPESENSE_API_URL"]
+    api_key = _settings["TYPESENSE_API_KEY"]
+    for preset_name, payload in SEARCH_PRESETS.items():
+        log(f"Upserting '{preset_name}' preset")
+        response = requests.put(
+            urljoin(api_base, f"/presets/{preset_name}"),
+            json={"value": payload},
+            headers={
+                "X-TYPESENSE-API-KEY": api_key,
+            },
+            timeout=3,
+        )
+        response.raise_for_status()
diff --git a/ietf/utils/tests.py b/ietf/utils/tests.py
index 3288309095..99c33f34b3 100644
--- a/ietf/utils/tests.py
+++ b/ietf/utils/tests.py
@@ -60,7 +60,6 @@
     set_url_coverage,
 )
 from ietf.utils.test_utils import TestCase, unicontent
-from ietf.utils.text import parse_unicode
 from ietf.utils.timezone import timezone_not_near_midnight
 from ietf.utils.xmldraft import XMLDraft, InvalidMetadataError, capture_xml2rfc_output
 
@@ -864,24 +863,6 @@ def test_assertion(self):
         assertion('False')
         settings.SERVER_MODE = 'test'
 
-class TestRFC2047Strings(TestCase):
-    def test_parse_unicode(self):
-        names = (
-            ('=?utf-8?b?4Yuz4YuK4Ym1IOGJoOGJgOGIiA==?=', 'ዳዊት በቀለ'),
-            ('=?utf-8?b?5Li9IOmDnA==?=', '丽 郜'),
-            ('=?utf-8?b?4KSV4KSu4KWN4KSs4KWL4KScIOCkoeCkvuCksA==?=', 'कम्बोज डार'),
-            ('=?utf-8?b?zpfPgc6szrrOu861zrnOsSDOm865z4zOvc+Ezrc=?=', 'Ηράκλεια Λιόντη'),
-            ('=?utf-8?b?15nXqdeo15DXnCDXqNeV15bXoNek15zXkw==?=', 'ישראל רוזנפלד'),
-            ('=?utf-8?b?5Li95Y2OIOeahw==?=', '丽华 皇'),
-            ('=?utf-8?b?77ul77qu766V77qzIO+tlu+7ru+vvu+6ju+7pw==?=', 'ﻥﺮﮕﺳ ﭖﻮﯾﺎﻧ'),
-            ('=?utf-8?b?77uh77uu77qz77uu76++IO+6su+7tO+7p++6jSDvurDvu6Pvuo7vu6jvr74=?=', 'ﻡﻮﺳﻮﯾ ﺲﻴﻧﺍ ﺰﻣﺎﻨﯾ'),
-            ('=?utf-8?b?ScOxaWdvIFNhbsOnIEliw6HDsWV6IGRlIGxhIFBlw7Fh?=', 'Iñigo Sanç Ibáñez de la Peña'),
-            ('Mart van Oostendorp', 'Mart van Oostendorp'),
-            ('', ''),
-            )
-        for encoded_str, unicode in names: 
-            self.assertEqual(unicode, parse_unicode(encoded_str))
-
 class TestAndroidSiteManifest(TestCase):
     def test_manifest(self):
         r = self.client.get(urlreverse('site.webmanifest'))
diff --git a/ietf/utils/tests_reports.py b/ietf/utils/tests_reports.py
new file mode 100755
index 0000000000..83daa15cc1
--- /dev/null
+++ b/ietf/utils/tests_reports.py
@@ -0,0 +1,189 @@
+# Copyright The IETF Trust 2026, All Rights Reserved
+
+import datetime
+
+import debug  # pyflakes:ignore
+
+from ietf.doc.factories import IndividualDraftFactory
+from ietf.person.factories import EmailFactory
+from ietf.person.models import Person, Email
+from ietf.submit.factories import SubmissionFactory
+from ietf.utils.reports import authors_by_year, submitters_by_year, unique_people
+from ietf.utils.test_utils import TestCase
+
+
+class ReportTests(TestCase):
+    def setUp(self):
+        super().setUp()
+
+        # Build 5 drafts submitted across two years, with 6 unique authors,
+        # one of which has more than one email address (author0@example.com and
+        # author0@example.net). The drafts are submitted by two of the six authors,
+        # again using multiple addresses for author0, and two identities that are not authors.
+        # Then build a draft where the submission's submitter info doesn't contain an email
+        # address (we have those in the production database) to make sure that submitter isn't
+        # counted.
+
+        self.make_draft_submission(
+            year=2020,
+            month=1,
+            day=1,
+            submitter_name="Author 0",
+            submitter_email="author0@example.net",
+            author_nameaddrs=[
+                ("Author 0", "author0@example.net"),
+                ("Author 1", "author1@example.net"),
+            ],
+        )
+
+        self.make_draft_submission(
+            year=2020,
+            month=3,
+            day=3,
+            submitter_name="NotanAuthor 0",
+            submitter_email="notanauthor0@example.net",
+            author_nameaddrs=[
+                ("Author 0", "author0@example.com"),  # Note alternate email
+                ("Author 3", "author3@example.net"),
+            ],
+        )
+
+        self.make_draft_submission(
+            year=2020,
+            month=12,
+            day=31,
+            submitter_name="Author 3",
+            submitter_email="author3@example.net",
+            author_nameaddrs=[("Author 3", "author3@example.net")],
+        )
+
+        self.make_draft_submission(
+            year=2021,
+            month=1,
+            day=1,
+            submitter_name="Author 0",
+            submitter_email="author0@example.com",  # Note alternate email
+            author_nameaddrs=[
+                ("Author 0", "author0@example.com"),  # Again, alternate email
+                ("Author 4", "author4@example.net"),
+            ],
+        )
+
+        self.make_draft_submission(
+            year=2021,
+            month=12,
+            day=31,
+            submitter_name="NoatanAuthor 2",
+            submitter_email="notanauthor2@example.net",
+            author_nameaddrs=[
+                ("Author 0", "author0@example.net"),
+                ("Author 3", "author3@example.net"),
+                ("Author 5", "author5@example.net"),
+            ],
+        )
+
+        self.make_draft_submission(
+            year=2021,
+            month=12,
+            day=31,
+            submitter_name="Trouble Maker",
+            submitter_email="",
+            author_nameaddrs=[
+                ("Author 0", "author0@example.net"),
+                ("Author 2", "author2@example.net"),
+            ],
+        )
+
+    def make_draft_submission(
+        self, year, month, day, submitter_name, submitter_email, author_nameaddrs
+    ):
+
+        authors = []
+        for name, addr in author_nameaddrs:
+            person = Person.objects.filter(name=name).first()
+            if not person:
+                person = EmailFactory(person__name=name, address=addr).person
+            elif not Email.objects.filter(address=addr).exists():
+                EmailFactory(person=person, address=addr)
+            authors.append(person)
+
+        submission = SubmissionFactory(
+            submission_date=datetime.date(year, month, day),
+            submitter_name=submitter_name,
+            submitter_email=submitter_email,
+            state_id="posted",
+        )
+        submission.authors = [
+            {
+                "name": f"{name}",
+                "email": f"{addr}",
+                "affiliation": "",
+                "country": "",
+                "errors": [],
+            }
+            for name, addr in author_nameaddrs
+        ]
+
+        submission.save()
+        IndividualDraftFactory(submission=submission, authors=authors)
+
+    def test_authors_by_year(self):
+        authors2020 = authors_by_year(2020)
+        self.assertEqual(
+            authors2020,
+            set(
+                [
+                    "author0@example.net",
+                    "author0@example.com",
+                    "author1@example.net",
+                    "author3@example.net",
+                ]
+            ),
+        )
+        authors2021 = authors_by_year(2021)
+        self.assertEqual(
+            authors2021,
+            set(
+                [
+                    "author0@example.net",
+                    "author0@example.com",
+                    "author2@example.net",
+                    "author3@example.net",
+                    "author4@example.net",
+                    "author5@example.net",
+                ]
+            ),
+        )
+
+    def test_submitters_by_year(self):
+        sub2020 = submitters_by_year(2020)
+        self.assertEqual(
+            sub2020,
+            set(
+                [
+                    "author0@example.net",
+                    "author3@example.net",
+                    "notanauthor0@example.net",
+                ]
+            ),
+        )
+        sub2021 = submitters_by_year(2021)
+        self.assertEqual(
+            sub2021, set(["author0@example.com", "notanauthor2@example.net"])
+        )
+
+    def test_unique_people(self):
+        persons, addrs = unique_people(
+            [
+                "notanauthor0@example.com",
+                "author0@example.net",
+                "author0@example.com",
+                "author1@example.net",
+                "notanauthor0@example.com",
+            ]
+        )
+        self.assertEqual(addrs, set(["notanauthor0@example.com"]))
+        self.assertEqual(
+            set(persons), set(Person.objects.filter(name__in=("Author 0", "Author 1")))
+        )
+        self.assertEqual(len(persons) + len(addrs), 3)
diff --git a/ietf/utils/tests_searchindex.py b/ietf/utils/tests_searchindex.py
new file mode 100644
index 0000000000..b97bc2e266
--- /dev/null
+++ b/ietf/utils/tests_searchindex.py
@@ -0,0 +1,325 @@
+# Copyright The IETF Trust 2026, All Rights Reserved
+from unittest import mock
+
+import requests.exceptions
+import typesense.exceptions
+from django.conf import settings
+from django.test.utils import override_settings
+
+from . import searchindex
+from .test_utils import TestCase
+from ..blobdb.models import Blob
+from ..doc.factories import (
+    WgDraftFactory,
+    WgRfcFactory,
+    PublishedRfcDocEventFactory,
+    BcpFactory,
+    StdFactory,
+)
+from ..doc.models import Document, RelatedDocument
+from ..doc.storage_utils import store_str
+from ..person.factories import PersonFactory
+
+
+class SearchindexTests(TestCase):
+    def test_enabled(self):
+        with override_settings():
+            try:
+                del settings.SEARCHINDEX_CONFIG
+            except AttributeError:
+                pass
+            self.assertFalse(searchindex.enabled())
+        with override_settings(
+            SEARCHINDEX_CONFIG={"TYPESENSE_API_KEY": "this-is-not-a-key"}
+        ):
+            self.assertFalse(searchindex.enabled())
+        with override_settings(
+            SEARCHINDEX_CONFIG={"TYPESENSE_API_URL": "http://example.com"}
+        ):
+            self.assertTrue(searchindex.enabled())
+
+    def test_sanitize_text(self):
+        dirty_text = """
+        
+        This is text.  It + is <---- full    of \tprobl.....ems! Fix it. 
+        """
+        sanitized = "This is text It is full of problems Fix it."
+        self.assertEqual(searchindex._sanitize_text(dirty_text), sanitized)
+
+    def test_sanitize_abstract(self):
+        dirty_abstract = (
+            "Mixed\n"
+            "Newlines\r"
+            "And\r\n"
+            "Things\n\r"
+            " Sometimes\n"
+            "\n"
+            "With\r\n"
+            "\r\n"
+            "Double  \n\r"
+            "\n\r"
+            "   Newlines\r"
+            "\r"
+            "Whee!"
+        )
+        sanitized = (
+            "Mixed\n"
+            "Newlines\n"
+            "And\n"
+            "Things\n"
+            "Sometimes\n"
+            "\n"
+            "With\n"
+            "\n"
+            "Double\n"
+            "\n"
+            "Newlines\n"
+            "\n"
+            "Whee!"
+        )
+        self.assertEqual(searchindex._sanitize_abstract(dirty_abstract), sanitized)
+
+    def test_typesense_doc_from_rfc(self):
+        not_rfc = WgDraftFactory()
+        assert isinstance(not_rfc, Document)
+        with self.assertRaises(AssertionError):
+            searchindex.typesense_doc_from_rfc(not_rfc)
+
+        invalid_rfc = WgRfcFactory(name="rfc1000000", rfc_number=None)
+        assert isinstance(invalid_rfc, Document)
+        with self.assertRaises(AssertionError):
+            searchindex.typesense_doc_from_rfc(invalid_rfc)
+
+        rfc = PublishedRfcDocEventFactory().doc
+        assert isinstance(rfc, Document)
+        result = searchindex.typesense_doc_from_rfc(rfc)
+        # Check a few values, not exhaustive
+        self.assertEqual(result["id"], f"doc-{rfc.pk}")
+        self.assertEqual(result["rfcNumber"], rfc.rfc_number)
+        self.assertEqual(result["abstract"], searchindex._sanitize_abstract(rfc.abstract))
+        self.assertEqual(result["pages"], rfc.pages)
+        self.assertNotIn("adName", result)
+        self.assertNotIn("content", result)  # no blob
+        self.assertNotIn("subseries", result)
+
+        # repeat, this time with contents, an AD, and subseries docs
+        store_str(
+            kind="rfc",
+            name=f"txt/{rfc.name}.txt",
+            content="The contents of this RFC",
+            doc_name=rfc.name,
+            doc_rev=rfc.rev,  # expected to be None
+        )
+        rfc.ad = PersonFactory(name="Alfred D. Rector")
+        # Put it in two Subseries docs to be sure this does not break things
+        # (the typesense schema does not support this for real at the moment)
+        BcpFactory(contains=[rfc], name="bcp1234")
+        StdFactory(contains=[rfc], name="std1234")
+        result = searchindex.typesense_doc_from_rfc(rfc)
+        # Check a few values, not exhaustive
+        self.assertEqual(
+            result["content"],
+            searchindex._sanitize_text("The contents of this RFC"),
+        )
+        self.assertEqual(result["adName"], "Alfred D. Rector")
+        self.assertIn("subseries", result)
+        ss_dict = result["subseries"]
+        # We should get one of the two subseries docs, but neither is more correct
+        # than the other...
+        self.assertTrue(
+            any(
+                ss_dict == {"acronym": ss_type, "number": 1234, "total": 1}
+                for ss_type in ["bcp", "std"]
+            )
+        )
+
+        # Finally, delete the contents blob and make sure things don't blow up
+        Blob.objects.get(bucket="rfc", name=f"txt/{rfc.name}.txt").delete()
+        result = searchindex.typesense_doc_from_rfc(rfc)
+        self.assertNotIn("content", result)
+
+    def test_typesense_doc_from_rfc_flags_obsoleted(self):
+        """typesense docs should set correct flags for obsoleted RFC"""
+        rfc = PublishedRfcDocEventFactory().doc
+        assert isinstance(rfc, Document)
+        self.assertEqual(len(rfc.related_that("obs")), 0)
+        self.assertEqual(len(rfc.related_that("updates")), 0)
+        self.assertNotEqual(rfc.std_level.slug, "hist")
+        result = searchindex.typesense_doc_from_rfc(rfc)
+        self.assertFalse(result["flags"]["hiddenDefault"])
+        self.assertFalse(result["flags"]["obsoleted"])
+        self.assertFalse(result["flags"]["updated"])
+
+        RelatedDocument.objects.create(
+            source=(PublishedRfcDocEventFactory().doc),
+            target=rfc,
+            relationship_id="obs",
+        )
+        result = searchindex.typesense_doc_from_rfc(rfc)
+        self.assertTrue(result["flags"]["hiddenDefault"])
+        self.assertTrue(result["flags"]["obsoleted"])
+        self.assertFalse(result["flags"]["updated"])
+
+    def test_typesense_doc_from_rfc_flags_updated(self):
+        """typesense docs should set flags correctly for updated RFC"""
+        rfc = PublishedRfcDocEventFactory().doc
+        assert isinstance(rfc, Document)
+        self.assertEqual(len(rfc.related_that("obs")), 0)
+        self.assertEqual(len(rfc.related_that("updates")), 0)
+        self.assertNotEqual(rfc.std_level.slug, "hist")
+        result = searchindex.typesense_doc_from_rfc(rfc)
+        self.assertFalse(result["flags"]["hiddenDefault"])
+        self.assertFalse(result["flags"]["obsoleted"])
+        self.assertFalse(result["flags"]["updated"])
+
+        RelatedDocument.objects.create(
+            source=(PublishedRfcDocEventFactory().doc),
+            target=rfc,
+            relationship_id="updates",
+        )
+        result = searchindex.typesense_doc_from_rfc(rfc)
+        self.assertFalse(result["flags"]["hiddenDefault"])
+        self.assertFalse(result["flags"]["obsoleted"])
+        self.assertTrue(result["flags"]["updated"])
+
+    def test_typesense_doc_from_rfc_flags_historic(self):
+        """typesense docs should set flags correctly for historic RFC"""
+        rfc = PublishedRfcDocEventFactory(doc__std_level_id="hist").doc
+        assert isinstance(rfc, Document)
+        result = searchindex.typesense_doc_from_rfc(rfc)
+        self.assertTrue(result["flags"]["hiddenDefault"])
+        self.assertFalse(result["flags"]["obsoleted"])
+        self.assertFalse(result["flags"]["updated"])
+
+
+    @override_settings(
+        SEARCHINDEX_CONFIG={
+            "TYPESENSE_API_URL": "http://ts.example.com",
+            "TYPESENSE_API_KEY": "test-api-key",
+            "TYPESENSE_COLLECTION_NAME": "frogs",
+        }
+    )
+    @mock.patch("ietf.utils.searchindex.typesense_doc_from_rfc")
+    @mock.patch("ietf.utils.searchindex.typesense.Client")
+    def test_update_or_create_rfc_entry(
+        self, mock_ts_client_constructor, mock_tdoc_from_rfc
+    ):
+        fake_tdoc = object()
+        mock_tdoc_from_rfc.return_value = fake_tdoc
+        rfc = WgRfcFactory()
+        assert isinstance(rfc, Document)
+        searchindex.update_or_create_rfc_entry(rfc)
+        self.assertTrue(mock_ts_client_constructor.called)
+        # walk the tree down to the method we expected to be called...
+        mock_upsert = mock_ts_client_constructor.return_value.collections[
+            "frogs"  # matches value in override_settings above
+        ].documents.upsert
+        self.assertTrue(mock_upsert.called)
+        self.assertEqual(mock_upsert.call_args, mock.call(fake_tdoc))
+
+    @override_settings(
+        SEARCHINDEX_CONFIG={
+            "TYPESENSE_API_URL": "http://ts.example.com",
+            "TYPESENSE_API_KEY": "test-api-key",
+            "TYPESENSE_COLLECTION_NAME": "frogs",
+        }
+    )
+    @mock.patch("ietf.utils.searchindex.typesense_doc_from_rfc")
+    @mock.patch("ietf.utils.searchindex.typesense.Client")
+    def test_update_or_create_rfc_entries(
+        self, mock_ts_client_constructor, mock_tdoc_from_rfc
+    ):
+        fake_tdoc = object()
+        mock_tdoc_from_rfc.return_value = fake_tdoc
+        rfc = WgRfcFactory()
+        assert isinstance(rfc, Document)
+        searchindex.update_or_create_rfc_entries([rfc] * 50)  # list of docs...
+        self.assertEqual(mock_ts_client_constructor.call_count, 1)
+        # walk the tree down to the method we expected to be called...
+        mock_import_ = mock_ts_client_constructor.return_value.collections[
+            "frogs"  # matches value in override_settings above
+        ].documents.import_
+        self.assertEqual(mock_import_.call_count, 1)
+        self.assertEqual(
+            mock_import_.call_args, mock.call([fake_tdoc] * 50, {"action": "upsert"})
+        )
+
+        mock_import_.reset_mock()
+        searchindex.update_or_create_rfc_entries([rfc] * 50, batchsize=20)
+        self.assertEqual(mock_ts_client_constructor.call_count, 2)  # one more
+        # walk the tree down to the method we expected to be called...
+        mock_import_ = mock_ts_client_constructor.return_value.collections[
+            "frogs"  # matches value in override_settings above
+        ].documents.import_
+        self.assertEqual(mock_import_.call_count, 3)
+        self.assertEqual(
+            mock_import_.call_args_list,
+            [
+                mock.call([fake_tdoc] * 20, {"action": "upsert"}),
+                mock.call([fake_tdoc] * 20, {"action": "upsert"}),
+                mock.call([fake_tdoc] * 10, {"action": "upsert"}),
+            ],
+        )
+
+    @override_settings(
+        SEARCHINDEX_CONFIG={
+            "TYPESENSE_API_URL": "http://ts.example.com",
+            "TYPESENSE_API_KEY": "test-api-key",
+            "TYPESENSE_COLLECTION_NAME": "frogs",
+        }
+    )
+    @mock.patch("ietf.utils.searchindex.typesense.Client")
+    def test_create_collection(self, mock_ts_client_constructor):
+        searchindex.create_collection()
+        self.assertEqual(mock_ts_client_constructor.call_count, 1)
+        mock_collections = mock_ts_client_constructor.return_value.collections
+        self.assertTrue(mock_collections.create.called)
+        self.assertEqual(mock_collections.create.call_args[0][0]["name"], "frogs")
+
+    @override_settings(
+        SEARCHINDEX_CONFIG={
+            "TYPESENSE_API_URL": "http://ts.example.com",
+            "TYPESENSE_API_KEY": "test-api-key",
+            "TYPESENSE_COLLECTION_NAME": "frogs",
+        }
+    )
+    @mock.patch("ietf.utils.searchindex.typesense.Client")
+    def test_delete_collection(self, mock_ts_client_constructor):
+        searchindex.delete_collection()
+        self.assertEqual(mock_ts_client_constructor.call_count, 1)
+        mock_collections = mock_ts_client_constructor.return_value.collections
+        self.assertTrue(mock_collections["frogs"].delete.called)
+
+        mock_collections["frogs"].side_effect = typesense.exceptions.ObjectNotFound
+        searchindex.delete_collection()  # should ignore the exception
+
+    @override_settings(
+        SEARCHINDEX_CONFIG={
+            "TYPESENSE_API_URL": "http://ts.example.com",
+            "TYPESENSE_API_KEY": "test-api-key",
+            "TYPESENSE_COLLECTION_NAME": "frogs",
+        }
+    )
+    def test_upsert_presets(self):
+        self.requests_mock.put(
+            "http://ts.example.com/presets/red", text="ok", status_code=201
+        )
+        self.requests_mock.put(
+            "http://ts.example.com/presets/red-content", text="ok", status_code=202
+        )
+        searchindex.upsert_presets()
+
+        self.requests_mock.put(
+            "http://ts.example.com/presets/red", text="not ok", status_code=400
+        )
+        with self.assertRaises(requests.exceptions.HTTPError):
+            searchindex.upsert_presets()
+
+        self.requests_mock.put(
+            "http://ts.example.com/presets/red", text="ok", status_code=200
+        )
+        self.requests_mock.put(
+            "http://ts.example.com/presets/red-content", text="not ok", status_code=400
+        )
+        with self.assertRaises(requests.exceptions.HTTPError):
+            searchindex.upsert_presets()
diff --git a/ietf/utils/tests_text.py b/ietf/utils/tests_text.py
new file mode 100644
index 0000000000..51aa2eff13
--- /dev/null
+++ b/ietf/utils/tests_text.py
@@ -0,0 +1,71 @@
+# Copyright The IETF Trust 2021-2026, All Rights Reserved
+from ietf.utils.test_utils import TestCase
+from ietf.utils.text import parse_unicode, decode_document_content
+
+
+class TestDecoders(TestCase):
+    def test_parse_unicode(self):
+        names = (
+            ("=?utf-8?b?4Yuz4YuK4Ym1IOGJoOGJgOGIiA==?=", "ዳዊት በቀለ"),
+            ("=?utf-8?b?5Li9IOmDnA==?=", "丽 郜"),
+            ("=?utf-8?b?4KSV4KSu4KWN4KSs4KWL4KScIOCkoeCkvuCksA==?=", "कम्बोज डार"),
+            ("=?utf-8?b?zpfPgc6szrrOu861zrnOsSDOm865z4zOvc+Ezrc=?=", "Ηράκλεια Λιόντη"),
+            ("=?utf-8?b?15nXqdeo15DXnCDXqNeV15bXoNek15zXkw==?=", "ישראל רוזנפלד"),
+            ("=?utf-8?b?5Li95Y2OIOeahw==?=", "丽华 皇"),
+            ("=?utf-8?b?77ul77qu766V77qzIO+tlu+7ru+vvu+6ju+7pw==?=", "ﻥﺮﮕﺳ ﭖﻮﯾﺎﻧ"),
+            (
+                "=?utf-8?b?77uh77uu77qz77uu76++IO+6su+7tO+7p++6jSDvurDvu6Pvuo7vu6jvr74=?=",
+                "ﻡﻮﺳﻮﯾ ﺲﻴﻧﺍ ﺰﻣﺎﻨﯾ",
+            ),
+            (
+                "=?utf-8?b?ScOxaWdvIFNhbsOnIEliw6HDsWV6IGRlIGxhIFBlw7Fh?=",
+                "Iñigo Sanç Ibáñez de la Peña",
+            ),
+            ("Mart van Oostendorp", "Mart van Oostendorp"),
+            ("", ""),
+        )
+        for encoded_str, unicode in names:
+            self.assertEqual(unicode, parse_unicode(encoded_str))
+
+    def test_decode_document_content(self):
+        utf8_bytes = "𒀭𒊩𒌆𒄈𒋢".encode("utf-8")  # ends with 4-byte character
+        latin1_bytes = "àéîøü".encode("latin-1")
+        other_bytes = "àéîøü".encode("macintosh")  # different from its latin-1 encoding
+        assert other_bytes.decode("macintosh") != other_bytes.decode("latin-1"),\
+            "test broken: other_bytes must decode differently as latin-1"
+
+        # simplest case
+        self.assertEqual(
+            decode_document_content(utf8_bytes),
+            utf8_bytes.decode(),
+        )
+        # losing 1-4 bytes from the end leave the last character incomplete; the
+        # decoder should decode all but that last character
+        self.assertEqual(
+            decode_document_content(utf8_bytes[:-1]),
+            utf8_bytes.decode()[:-1],
+        )
+        self.assertEqual(
+            decode_document_content(utf8_bytes[:-2]),
+            utf8_bytes.decode()[:-1],
+        )
+        self.assertEqual(
+            decode_document_content(utf8_bytes[:-3]),
+            utf8_bytes.decode()[:-1],
+        )
+        self.assertEqual(
+            decode_document_content(utf8_bytes[:-4]),
+            utf8_bytes.decode()[:-1],
+        )
+
+        # latin-1 is also simple
+        self.assertEqual(
+            decode_document_content(latin1_bytes),
+            latin1_bytes.decode("latin-1"),
+        )
+
+        # other character sets are just treated as latin1 (bug? feature? you decide)
+        self.assertEqual(
+            decode_document_content(other_bytes),
+            other_bytes.decode("latin-1"),
+        )
diff --git a/ietf/utils/text.py b/ietf/utils/text.py
index 590ec3fd30..2763056e1a 100644
--- a/ietf/utils/text.py
+++ b/ietf/utils/text.py
@@ -263,3 +263,21 @@ def parse_unicode(text):
     else:
         text = decoded_string
     return text
+
+
+def decode_document_content(content: bytes) -> str:
+    """Decode document contents as utf-8 or latin1
+    
+    Method was developed in DocumentInfo.text() where it gave acceptable results
+    for existing documents / RFCs.
+    """
+    try:
+        return content.decode("utf-8")
+    except UnicodeDecodeError:
+        pass
+    for back in range(1, 4):
+        try:
+            return content[:-back].decode("utf-8")
+        except UnicodeDecodeError:
+            pass
+    return content.decode("latin-1")  # everything is legal in latin-1
diff --git a/ietf/utils/xmldraft.py b/ietf/utils/xmldraft.py
index f555a0a16a..325b8499a9 100644
--- a/ietf/utils/xmldraft.py
+++ b/ietf/utils/xmldraft.py
@@ -102,6 +102,17 @@ def _document_name(self, ref):
             number = int(maybe_number)
             return f"{label}{number}"
 
+        target = ref.get("target")
+        if isinstance(target, str):
+            target = target.lower()
+            if target.startswith("https://datatracker.ietf.org/doc/"):
+                # len("https://datatracker.ietf.org/doc/")==33
+                m = re.match(r"^(draft-[a-z0-9-]*[a-z0-9])([/-]\d{2})?/?$",target[33:])
+                if m:
+                    name = m.group(1)
+                    return name
+
+
         # if we couldn't find a match so far, try the seriesInfo
         series_query = " or ".join(f"@name='{x.upper()}'" for x in series)
         for info in ref.xpath(
diff --git a/k8s/auth.yaml b/k8s/auth.yaml
index 392e306b54..ef8c259933 100644
--- a/k8s/auth.yaml
+++ b/k8s/auth.yaml
@@ -8,23 +8,11 @@ spec:
   selector:
     matchLabels:
       app: auth
-  strategy:
-    type: Recreate
   template:
     metadata:
       labels:
         app: auth
     spec:
-      affinity:
-        podAffinity:
-          requiredDuringSchedulingIgnoredDuringExecution:
-            - labelSelector:
-                matchExpressions:
-                  - key: app
-                    operator: In
-                    values:
-                      - datatracker
-              topologyKey: "kubernetes.io/hostname"
       securityContext:
         runAsNonRoot: true
       containers:
@@ -71,11 +59,15 @@ spec:
             readOnlyRootFilesystem: true
             runAsUser: 1000
             runAsGroup: 1000
+          resources:
+            requests:
+              cpu: 250m
+              memory: 4Gi
         # -----------------------------------------------------
         # Nginx Container
         # -----------------------------------------------------
         - name: nginx
-          image: "ghcr.io/nginxinc/nginx-unprivileged:1.27"
+          image: "ghcr.io/nginx/nginx-unprivileged:1.30"
           imagePullPolicy: IfNotPresent
           ports:
             - containerPort: 8080
@@ -96,6 +88,10 @@ spec:
             - name: dt-cfg
               mountPath: /etc/nginx/conf.d/default.conf
               subPath: nginx-auth.conf
+          resources:
+            requests:
+              cpu: 10m
+              memory: 10Mi
         # -----------------------------------------------------
         # ScoutAPM Container
         # -----------------------------------------------------
@@ -121,6 +117,10 @@ spec:
             readOnlyRootFilesystem: true
             runAsUser: 65534 # "nobody" user by default
             runAsGroup: 65534  # "nogroup" group by default
+          resources:
+            requests:
+              cpu: 10m
+              memory: 50Mi
       volumes:
         # To be overriden with the actual shared volume
         - name: dt-vol
@@ -139,8 +139,6 @@ spec:
         - name: nginx-tmp
           emptyDir:
             sizeLimit: "500Mi"
-      dnsPolicy: ClusterFirst
-      restartPolicy: Always
       terminationGracePeriodSeconds: 60
 ---
 apiVersion: v1
diff --git a/k8s/beat.yaml b/k8s/beat.yaml
index cc98beecf6..cc171fb7d1 100644
--- a/k8s/beat.yaml
+++ b/k8s/beat.yaml
@@ -17,16 +17,6 @@ spec:
       labels:
         app: beat
     spec:
-      affinity:
-        podAffinity:
-          requiredDuringSchedulingIgnoredDuringExecution:
-            - labelSelector:
-                matchExpressions:
-                  - key: app
-                    operator: In
-                    values:
-                      - datatracker
-              topologyKey: "kubernetes.io/hostname"
       securityContext:
         runAsNonRoot: true
       containers:
@@ -58,6 +48,10 @@ spec:
             readOnlyRootFilesystem: true
             runAsUser: 1000
             runAsGroup: 1000
+          resources:
+            requests:
+              cpu: 100m
+              memory: 250Mi
       volumes:
         # To be overridden with the actual shared volume
         - name: dt-vol
@@ -69,4 +63,4 @@ spec:
             name: files-cfgmap
       dnsPolicy: ClusterFirst
       restartPolicy: Always
-      terminationGracePeriodSeconds: 600
+      terminationGracePeriodSeconds: 10
diff --git a/k8s/celery.yaml b/k8s/celery.yaml
index a2799f2a6d..f6cea2acc7 100644
--- a/k8s/celery.yaml
+++ b/k8s/celery.yaml
@@ -17,16 +17,6 @@ spec:
       labels:
         app: celery
     spec:
-      affinity:
-        podAffinity:
-          requiredDuringSchedulingIgnoredDuringExecution:
-            - labelSelector:
-                matchExpressions:
-                  - key: app
-                    operator: In
-                    values:
-                      - datatracker
-              topologyKey: "kubernetes.io/hostname"
       securityContext:
         runAsNonRoot: true
       containers:
@@ -62,6 +52,10 @@ spec:
             readOnlyRootFilesystem: true
             runAsUser: 1000
             runAsGroup: 1000
+          resources:
+            requests:
+              cpu: 100m
+              memory: 1Gi
         # -----------------------------------------------------
         # ScoutAPM Container
         # -----------------------------------------------------
@@ -87,6 +81,10 @@ spec:
             readOnlyRootFilesystem: true
             runAsUser: 65534 # "nobody" user by default
             runAsGroup: 65534  # "nogroup" group by default
+          resources:
+            requests:
+              cpu: 10m
+              memory: 50Mi
       volumes:
         # To be overridden with the actual shared volume
         - name: dt-vol
diff --git a/k8s/datatracker.yaml b/k8s/datatracker.yaml
index 50a2c69687..5183893bc8 100644
--- a/k8s/datatracker.yaml
+++ b/k8s/datatracker.yaml
@@ -8,8 +8,6 @@ spec:
   selector:
     matchLabels:
       app: datatracker
-  strategy:
-    type: Recreate
   template:
     metadata:
       labels:
@@ -61,11 +59,15 @@ spec:
             readOnlyRootFilesystem: true
             runAsUser: 1000
             runAsGroup: 1000
+          resources:
+            requests:
+              cpu: 250m
+              memory: 4Gi
         # -----------------------------------------------------
         # Nginx Container
         # -----------------------------------------------------
         - name: nginx
-          image: "ghcr.io/nginxinc/nginx-unprivileged:1.27"
+          image: "ghcr.io/nginx/nginx-unprivileged:1.30"
           imagePullPolicy: IfNotPresent
           ports:
             - containerPort: 8080
@@ -87,6 +89,10 @@ spec:
               # Replaces the original default.conf
               mountPath: /etc/nginx/conf.d/default.conf
               subPath: nginx-datatracker.conf
+          resources:
+            requests:
+              cpu: 10m
+              memory: 10Mi
         # -----------------------------------------------------
         # ScoutAPM Container
         # -----------------------------------------------------
@@ -112,6 +118,10 @@ spec:
             readOnlyRootFilesystem: true
             runAsUser: 65534 # "nobody" user by default
             runAsGroup: 65534  # "nogroup" group by default
+          resources:
+            requests:
+              cpu: 10m
+              memory: 50Mi
       initContainers:
         - name: migration
           image: "ghcr.io/ietf-tools/datatracker:$APP_IMAGE_TAG"
@@ -160,8 +170,6 @@ spec:
         - name: nginx-tmp
           emptyDir:
             sizeLimit: "500Mi"
-      dnsPolicy: ClusterFirst
-      restartPolicy: Always
       terminationGracePeriodSeconds: 60
 ---
 apiVersion: v1
diff --git a/k8s/memcached.yaml b/k8s/memcached.yaml
index 8f73f3d0d5..68b732d745 100644
--- a/k8s/memcached.yaml
+++ b/k8s/memcached.yaml
@@ -13,16 +13,6 @@ spec:
       labels:
         app: memcached
     spec:
-      affinity:
-        podAffinity:
-          requiredDuringSchedulingIgnoredDuringExecution:
-            - labelSelector:
-                matchExpressions:
-                  - key: app
-                    operator: In
-                    values:
-                      - datatracker
-              topologyKey: "kubernetes.io/hostname"
       securityContext:
         runAsNonRoot: true
       containers:
@@ -46,6 +36,10 @@ spec:
             # memcached image sets up uid/gid 11211
             runAsUser: 11211
             runAsGroup: 11211
+          resources:
+            requests:
+              cpu: 100m
+              memory: 100Mi
         # -----------------------------------------------------
         # Memcached Exporter for Prometheus
         # -----------------------------------------------------
@@ -64,6 +58,10 @@ spec:
             readOnlyRootFilesystem: true
             runAsUser: 65534  # nobody
             runAsGroup: 65534  # nobody
+          resources:
+            requests:
+              cpu: 10m
+              memory: 20Mi
       dnsPolicy: ClusterFirst
       restartPolicy: Always
       terminationGracePeriodSeconds: 30
diff --git a/k8s/nginx-auth.conf b/k8s/nginx-auth.conf
index 95aa838064..cdb5c665e2 100644
--- a/k8s/nginx-auth.conf
+++ b/k8s/nginx-auth.conf
@@ -1,3 +1,8 @@
+upstream datatracker_backend {
+    server 127.0.0.1:8000;
+    keepalive 0; # default = 32 since nginx 1.29.7
+}
+
 server {
     listen 8080 default_server;
     server_name _;
@@ -33,7 +38,7 @@ server {
         proxy_set_header X-Request-Start "t=$${keepempty}msec";
         proxy_set_header X-Forwarded-For $${keepempty}proxy_add_x_forwarded_for;
         proxy_hide_header X-Datatracker-Is-Authenticated; # hide this from the outside world
-        proxy_pass http://localhost:8000;
+        proxy_pass http://datatracker_backend;
         # Set timeouts longer than Cloudflare proxy limits
         proxy_connect_timeout 60;  # nginx default (Cf = 15)
         proxy_read_timeout 120;  # nginx default = 60 (Cf = 100) 
diff --git a/k8s/nginx-datatracker.conf b/k8s/nginx-datatracker.conf
index 882d7563c2..77ce902b17 100644
--- a/k8s/nginx-datatracker.conf
+++ b/k8s/nginx-datatracker.conf
@@ -1,3 +1,8 @@
+upstream datatracker_backend {
+    server 127.0.0.1:8000;
+    keepalive 0; # default = 32 since nginx 1.29.7
+}
+
 server {
     listen 8080 default_server;
     server_name _;
@@ -22,7 +27,7 @@ server {
         proxy_set_header X-Request-Start "t=$${keepempty}msec";
         proxy_set_header X-Forwarded-For $${keepempty}proxy_add_x_forwarded_for;
         proxy_hide_header X-Datatracker-Is-Authenticated; # hide this from the outside world
-        proxy_pass http://localhost:8000;
+        proxy_pass http://datatracker_backend;
         # Set timeouts longer than Cloudflare proxy limits
         proxy_connect_timeout 60;  # nginx default (Cf = 15)
         proxy_read_timeout 120;  # nginx default = 60 (Cf = 100) 
diff --git a/k8s/rabbitmq.yaml b/k8s/rabbitmq.yaml
index 780a399239..e69aa7a1aa 100644
--- a/k8s/rabbitmq.yaml
+++ b/k8s/rabbitmq.yaml
@@ -13,16 +13,6 @@ spec:
       labels:
         app: rabbitmq
     spec:
-      affinity:
-        podAffinity:
-          requiredDuringSchedulingIgnoredDuringExecution:
-            - labelSelector:
-                matchExpressions:
-                  - key: app
-                    operator: In
-                    values:
-                      - datatracker
-              topologyKey: "kubernetes.io/hostname"
       securityContext:
         runAsNonRoot: true
       containers:
@@ -72,6 +62,10 @@ spec:
             # rabbitmq image sets up uid/gid 100/101
             runAsUser: 100
             runAsGroup: 101
+          resources:
+            requests:
+              cpu: 100m
+              memory: 150Mi
       initContainers:
         # -----------------------------------------------------
         # Init RabbitMQ data
diff --git a/k8s/replicator.yaml b/k8s/replicator.yaml
index 9c462bd96b..0b06fe4fdc 100644
--- a/k8s/replicator.yaml
+++ b/k8s/replicator.yaml
@@ -17,16 +17,6 @@ spec:
       labels:
         app: replicator
     spec:
-      affinity:
-        podAffinity:
-          requiredDuringSchedulingIgnoredDuringExecution:
-            - labelSelector:
-                matchExpressions:
-                  - key: app
-                    operator: In
-                    values:
-                      - datatracker
-              topologyKey: "kubernetes.io/hostname"
       securityContext:
         runAsNonRoot: true
       containers:
@@ -62,6 +52,10 @@ spec:
             readOnlyRootFilesystem: true
             runAsUser: 1000
             runAsGroup: 1000
+          resources:
+            requests:
+              cpu: 100m
+              memory: 500Mi
       volumes:
         # To be overridden with the actual shared volume
         - name: dt-vol
diff --git a/k8s/secrets.yaml b/k8s/secrets.yaml
index ba90af9c2a..4d32652146 100644
--- a/k8s/secrets.yaml
+++ b/k8s/secrets.yaml
@@ -39,7 +39,6 @@ stringData:
   DATATRACKER_NOMCOM_APP_SECRET_B64: "m9pzMezVoFNJfsvU9XSZxGnXnwup6P5ZgCQeEnROOoQ="  # secret
 
   DATATRACKER_IANA_SYNC_PASSWORD: "this-is-the-iana-sync-password"  # secret
-  DATATRACKER_RFC_EDITOR_SYNC_PASSWORD: "this-is-the-rfc-editor-sync-password"  # secret
   DATATRACKER_YOUTUBE_API_KEY: "this-is-the-youtube-api-key"  # secret
   DATATRACKER_GITHUB_BACKUP_API_KEY: "this-is-the-github-backup-api-key"  # secret
 
@@ -80,4 +79,4 @@ stringData:
 
   # Scout configuration
   DATATRACKER_SCOUT_KEY: "this-is-the-scout-key"
-  DATATRACKER_SCOUT_NAME: "StagingDatatracker"
\ No newline at end of file
+  DATATRACKER_SCOUT_NAME: "StagingDatatracker"
diff --git a/k8s/settings_local.py b/k8s/settings_local.py
index 0386dbbdf9..5dc31bac0e 100644
--- a/k8s/settings_local.py
+++ b/k8s/settings_local.py
@@ -1,4 +1,4 @@
-# Copyright The IETF Trust 2007-2024, All Rights Reserved
+# Copyright The IETF Trust 2007-2026, All Rights Reserved
 # -*- coding: utf-8 -*-
 
 from base64 import b64decode
@@ -18,7 +18,7 @@
 
 
 def _multiline_to_list(s):
-    """Helper to split at newlines and conver to list"""
+    """Helper to split at newlines and convert to list"""
     return [item.strip() for item in s.split("\n")]
 
 
@@ -44,12 +44,6 @@ def _multiline_to_list(s):
 else:
     raise RuntimeError("DATATRACKER_IANA_SYNC_PASSWORD must be set")
 
-_RFC_EDITOR_SYNC_PASSWORD = os.environ.get("DATATRACKER_RFC_EDITOR_SYNC_PASSWORD", None)
-if _RFC_EDITOR_SYNC_PASSWORD is not None:
-    RFC_EDITOR_SYNC_PASSWORD = os.environ.get("DATATRACKER_RFC_EDITOR_SYNC_PASSWORD")
-else:
-    raise RuntimeError("DATATRACKER_RFC_EDITOR_SYNC_PASSWORD must be set")
-
 _YOUTUBE_API_KEY = os.environ.get("DATATRACKER_YOUTUBE_API_KEY", None)
 if _YOUTUBE_API_KEY is not None:
     YOUTUBE_API_KEY = _YOUTUBE_API_KEY
@@ -80,6 +74,22 @@ def _multiline_to_list(s):
 else:
     raise RuntimeError("DATATRACKER_API_PRIVATE_KEY_PEM_B64 must be set")
 
+_RED_PRECOMPUTER_TRIGGER_RETRY_DELAY = os.environ.get(
+    "DATATRACKER_RED_PRECOMPUTER_TRIGGER_RETRY_DELAY", None
+)
+if _RED_PRECOMPUTER_TRIGGER_RETRY_DELAY is not None:
+    RED_PRECOMPUTER_TRIGGER_RETRY_DELAY = _RED_PRECOMPUTER_TRIGGER_RETRY_DELAY
+_RED_PRECOMPUTER_TRIGGER_MAX_RETRIES = os.environ.get(
+    "DATATRACKER_RED_PRECOMPUTER_TRIGGER_MAX_RETRIES", None
+)
+if _RED_PRECOMPUTER_TRIGGER_MAX_RETRIES is not None:
+    RED_PRECOMPUTER_TRIGGER_MAX_RETRIES = _RED_PRECOMPUTER_TRIGGER_MAX_RETRIES
+_TRIGGER_RED_PRECOMPUTE_MULTIPLE_URL = os.environ.get(
+    "DATATRACKER_TRIGGER_RED_PRECOMPUTE_MULTIPLE_URL", None
+)
+if _TRIGGER_RED_PRECOMPUTE_MULTIPLE_URL is not None:
+    TRIGGER_RED_PRECOMPUTE_MULTIPLE_URL = _TRIGGER_RED_PRECOMPUTE_MULTIPLE_URL
+
 # Set DEBUG if DATATRACKER_DEBUG env var is the word "true"
 DEBUG = os.environ.get("DATATRACKER_DEBUG", "false").lower() == "true"
 
@@ -139,14 +149,18 @@ def _multiline_to_list(s):
 EMAIL_HOST = os.environ.get("DATATRACKER_EMAIL_HOST", "localhost")
 EMAIL_PORT = int(os.environ.get("DATATRACKER_EMAIL_PORT", "2025"))
 
+_broker_url = os.environ.get("DATATRACKER_BROKER_URL", None)
 _celery_password = os.environ.get("CELERY_PASSWORD", None)
-if _celery_password is None:
-    raise RuntimeError("CELERY_PASSWORD must be set")
-CELERY_BROKER_URL = "amqp://datatracker:{password}@{host}/{queue}".format(
-    host=os.environ.get("RABBITMQ_HOSTNAME", "dt-rabbitmq"),
-    password=_celery_password,
-    queue=os.environ.get("RABBITMQ_QUEUE", "dt"),
-)
+if _broker_url is not None:
+    CELERY_BROKER_URL = _broker_url
+elif _celery_password is not None:
+    CELERY_BROKER_URL = "amqp://datatracker:{password}@{host}/{queue}".format(
+        host=os.environ.get("RABBITMQ_HOSTNAME", "dt-rabbitmq"),
+        password=_celery_password,
+        queue=os.environ.get("RABBITMQ_QUEUE", "dt"),
+    )
+else:
+    raise RuntimeError("DATATRACKER_BROKER_URL or CELERY_PASSWORD must be set")
 
 # mailarchive API key
 _mailing_list_archive_api_key = os.environ.get(
@@ -234,8 +248,19 @@ def _multiline_to_list(s):
 
 EMAIL_COPY_TO = ""
 
-# Until we teach the datatracker to look beyond cloudflare for this check
-IDSUBMIT_MAX_DAILY_SAME_SUBMITTER = 5000
+# I-D Submission settings
+
+# Until we teach the datatracker to look beyond cloudflare for this check, it needs
+# to be very large. 5000 has been working without complaint.
+IDSUBMIT_MAX_DAILY_SAME_SUBMITTER = int(
+    os.environ.get("DATATRACKER_IDSUBMIT_MAX_DAILY_SAME_SUBMITTER", "5000")
+)
+
+# Default is 20 minutes. Allow override via environment.
+if "DATATRACKER_IDSUBMIT_MAX_VALIDATION_TIME" in os.environ:
+    IDSUBMIT_MAX_VALIDATION_TIME = datetime.timedelta(
+        minutes=int(os.environ.get("DATATRACKER_IDSUBMIT_MAX_VALIDATION_TIME"))
+    )
 
 # Leave DATATRACKER_MATOMO_SITE_ID unset to disable Matomo reporting
 if "DATATRACKER_MATOMO_SITE_ID" in os.environ:
@@ -377,6 +402,7 @@ def _multiline_to_list(s):
         "and DATATRACKER_BLOB_STORE_SECRET_KEY must be set"
     )
 _blob_store_bucket_prefix = os.environ.get("DATATRACKER_BLOB_STORE_BUCKET_PREFIX", "")
+_blob_store_bucket_suffix = os.environ.get("DATATRACKER_BLOB_STORE_BUCKET_SUFFIX", "")
 _blob_store_enable_profiling = (
     os.environ.get("DATATRACKER_BLOB_STORE_ENABLE_PROFILING", "false").lower() == "true"
 )
@@ -396,6 +422,9 @@ def _multiline_to_list(s):
     if storagename in ["staging"]:
         continue
     replica_storagename = f"r2-{storagename}"
+    adjusted_bucket_name = (
+        _blob_store_bucket_prefix + storagename + _blob_store_bucket_suffix
+    ).strip()
     STORAGES[replica_storagename] = {
         "BACKEND": "ietf.doc.storage.MetadataS3Storage",
         "OPTIONS": dict(
@@ -412,11 +441,42 @@ def _multiline_to_list(s):
                 retries={"total_max_attempts": _blob_store_max_attempts},
             ),
             verify=False,
-            bucket_name=f"{_blob_store_bucket_prefix}{storagename}".strip(),
+            bucket_name=adjusted_bucket_name,
             ietf_log_blob_timing=_blob_store_enable_profiling,
         ),
     }
 
+# Configure storage for the red bucket - assume it uses the same credentials as
+# other blobs
+_red_bucket_name = os.environ.get("DATATRACKER_BLOB_STORE_RED_BUCKET_NAME", "").strip()
+if _red_bucket_name == "":
+    raise RuntimeError("DATATRACKER_BLOB_STORE_RED_BUCKET_NAME must be set")
+
+STORAGES["red_bucket"] = {
+    "BACKEND": "storages.backends.s3.S3Storage",
+    "OPTIONS": dict(
+        endpoint_url=_blob_store_endpoint_url,
+        access_key=_blob_store_access_key,
+        secret_key=_blob_store_secret_key,
+        security_token=None,
+        client_config=botocore.config.Config(
+            request_checksum_calculation="when_required",
+            response_checksum_validation="when_required",
+            signature_version="s3v4",
+            connect_timeout=_blob_store_connect_timeout,
+            read_timeout=_blob_store_read_timeout,
+            retries={"total_max_attempts": _blob_store_max_attempts},
+        ),
+        verify=False,
+        bucket_name=_red_bucket_name,
+    ),
+}
+RFCINDEX_DELETE_THEN_WRITE = False  # S3Storage allows file_overwrite by default
+if "DATATRACKER_RFCINDEX_OUTPUT_PATH" in os.environ:
+    RFCINDEX_OUTPUT_PATH = os.environ.get("DATATRACKER_RFCINDEX_OUTPUT_PATH")
+if "DATATRACKER_RFCINDEX_INPUT_PATH" in os.environ:
+    RFCINDEX_INPUT_PATH = os.environ.get("DATATRACKER_RFCINDEX_INPUT_PATH")
+
 # Configure the blobdb app for artifact storage
 _blobdb_replication_enabled = (
     os.environ.get("DATATRACKER_BLOBDB_REPLICATION_ENABLED", "true").lower() == "true"
@@ -438,3 +498,34 @@ def _multiline_to_list(s):
 PASSWORD_POLICY_ENFORCE_AT_LOGIN = (
     os.environ.get("DATATRACKER_ENFORCE_PW_POLICY", "true").lower() != "false"
 )
+
+# Typesense search indexing
+SEARCHINDEX_CONFIG = {
+    "TYPESENSE_API_URL": os.environ.get("DATATRACKER_TYPESENSE_API_URL", ""),
+    "TYPESENSE_API_KEY": os.environ.get("DATATRACKER_TYPESENSE_API_KEY", ""),
+    "TASK_RETRY_DELAY": int(
+        os.environ.get("DATATRACKER_SEARCHINDEX_TASK_RETRY_DELAY", "10")
+    ),
+    "TASK_MAX_RETRIES": int(
+        os.environ.get("DATATRACKER_SEARCHINDEX_TASK_MAX_RETRIES", "12")
+    ),
+}
+
+# Errata system api configuration
+ERRATA_METADATA_NOTIFICATION_API_KEY = os.environ.get(
+    "DATATRACKER_ERRATA_METADATA_NOTIFICATION_API_KEY", None
+)
+if ERRATA_METADATA_NOTIFICATION_API_KEY is not None:
+    ERRATA_METADATA_NOTIFICATION_URL = os.environ.get(
+        "DATATRACKER_ERRATA_METADATA_NOTIFICATION_URL", None
+    )
+    if ERRATA_METADATA_NOTIFICATION_URL is None:
+        raise RuntimeError(
+            "DATATRACKER_ERRATA_METADATA_NOTIFICATION_URL must be set if "
+            "DATATRACKER_ERRATA_METADATA_NOTIFICATION_API_KEY is provided"
+        )
+
+# name (with path) of errata.json in the red bucket
+ERRATA_JSON_BLOB_NAME = os.environ.get(
+    "DATATRACKER_ERRATA_JSON_BLOB_NAME", "other/errata.json"
+)
diff --git a/package.json b/package.json
index fec29275b4..29ead19d23 100644
--- a/package.json
+++ b/package.json
@@ -16,12 +16,16 @@
     "@fullcalendar/luxon3": "6.1.11",
     "@fullcalendar/timegrid": "6.1.11",
     "@fullcalendar/vue3": "6.1.11",
+    "@kurkle/color": "0.3.1",
     "@popperjs/core": "2.11.8",
     "@twuni/emojify": "1.0.2",
     "bootstrap": "5.3.3",
     "bootstrap-icons": "1.11.3",
     "browser-fs-access": "0.35.0",
     "caniuse-lite": "1.0.30001603",
+    "chart.js": "^4.5.1",
+    "chartjs-plugin-autocolors": "0.3.1",
+    "chartjs-plugin-zoom": "2.2.0",
     "d3": "7.9.0",
     "file-saver": "2.0.5",
     "highcharts": "11.4.0",
@@ -112,6 +116,7 @@
         "ietf/static/images/irtf-logo-white.svg",
         "ietf/static/images/irtf-logo.svg",
         "ietf/static/js/add_session_recordings.js",
+        "ietf/static/js/attendees-chart.js",
         "ietf/static/js/agenda_filter.js",
         "ietf/static/js/agenda_materials.js",
         "ietf/static/js/announcement.js",
@@ -145,7 +150,10 @@
         "ietf/static/js/manage-community-list.js",
         "ietf/static/js/manage-review-requests.js",
         "ietf/static/js/meeting-interim-request.js",
+        "ietf/static/js/meeting_stats.js",
+        "ietf/static/js/meeting_timeline.js",
         "ietf/static/js/moment.js",
+        "ietf/static/js/navbar-doc-search.js",
         "ietf/static/js/password_strength.js",
         "ietf/static/js/select2.js",
         "ietf/static/js/session_details.js",
diff --git a/patch/django-cookie-delete-with-all-settings.patch b/patch/django-cookie-delete-settings-and-CVE-2026-35192.patch
similarity index 68%
rename from patch/django-cookie-delete-with-all-settings.patch
rename to patch/django-cookie-delete-settings-and-CVE-2026-35192.patch
index 4ceaf8fceb..3f625c33bb 100644
--- a/patch/django-cookie-delete-with-all-settings.patch
+++ b/patch/django-cookie-delete-settings-and-CVE-2026-35192.patch
@@ -44,9 +44,9 @@
              expires="Thu, 01 Jan 1970 00:00:00 GMT",
              samesite=samesite,
          )
---- django/contrib/sessions/middleware.py.orig	2020-08-13 12:12:12.401898114 +0200
-+++ django/contrib/sessions/middleware.py	2020-08-13 12:14:52.690520659 +0200
-@@ -38,6 +38,8 @@
+--- django/contrib/sessions/middleware.py.old	2026-05-12 15:18:07.673997003 +0000
++++ django/contrib/sessions/middleware.py	2026-05-12 15:18:15.770997007 +0000
+@@ -38,12 +38,15 @@
                  settings.SESSION_COOKIE_NAME,
                  path=settings.SESSION_COOKIE_PATH,
                  domain=settings.SESSION_COOKIE_DOMAIN,
@@ -54,4 +54,23 @@
 +                httponly=settings.SESSION_COOKIE_HTTPONLY or None,
                  samesite=settings.SESSION_COOKIE_SAMESITE,
              )
-             patch_vary_headers(response, ("Cookie",))
+-            patch_vary_headers(response, ("Cookie",))
++            need_vary_cookie = True
+         else:
+-            if accessed:
+-                patch_vary_headers(response, ("Cookie",))
++            # If the session was accessed, it must be varied on, regardless of
++            # whether it was modified or will be saved.
++            need_vary_cookie = accessed
+             if (modified or settings.SESSION_SAVE_EVERY_REQUEST) and not empty:
+                 if request.session.get_expire_at_browser_close():
+                     max_age = None
+@@ -74,4 +77,8 @@
+                         httponly=settings.SESSION_COOKIE_HTTPONLY or None,
+                         samesite=settings.SESSION_COOKIE_SAMESITE,
+                     )
++                    # With a session cookie set, it must be varied on.
++                    need_vary_cookie = True
++        if need_vary_cookie:
++            patch_vary_headers(response, ("Cookie",))
+         return response
diff --git a/requirements.txt b/requirements.txt
index cb583d5dc9..31e8ea69d1 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -13,11 +13,11 @@ botocore>=1.39.15
 celery>=5.5.3
 coverage>=7.9.2
 defusedxml>=0.7.1    # for TastyPie when using xml; not a declared dependency
-Django>4.2,<5
+Django>=4.2.30,<5
 django-admin-rangefilter>=0.13.3
 django-analytical>=3.2.0
 django-bootstrap5>=25.1
-django-celery-beat>=2.7.0,<2.8.0  # pin until https://github.com/celery/django-celery-beat/issues/875 is resolved, then revisit
+django-celery-beat>=2.9.0
 django-celery-results>=2.6.0
 django-csp>=3.7
 django-cors-headers>=4.7.0
@@ -41,6 +41,7 @@ gunicorn>=23.0.0
 hashids>=1.3.1
 html2text>=2025.4.15  # Used only to clean comment field of secr/sreq
 html5lib>=1.1    # Only used in tests
+httpx>=0.28.1  # Indirect req of typesense, but we import and refer to exceptions
 icalendar>=5.0.0 
 inflect>= 7.5.0
 jsonfield>=3.2.0  # deprecated - need to replace with Django's JSONField
@@ -74,7 +75,8 @@ python-magic==0.4.18    # Versions beyond the yanked .19 and .20 introduce form
 pymemcache>=4.0.0  # for django.core.cache.backends.memcached.PyMemcacheCache
 python-mimeparse>=2.0.0  # from TastyPie
 pytz==2025.2  # Pinned as changes need to be vetted for their effect on Meeting fields
-types-pytz==2025.2.0.20250809  # match pytz version
+types-pytz==2025.2.0.20251108  # match pytz version
+typesense>=2.0.0
 requests>=2.32.4
 types-requests>=2.32.4
 requests-mock>=1.12.1
@@ -88,6 +90,6 @@ unidecode>=1.4.0
 urllib3>=2.5.0
 weasyprint>=66.0
 xml2rfc>=3.30.0
-xym>=0.6,<1.0
+xym>=0.6,<0.10.0
 zxcvbn>=4.5.0
 types-zxcvbn~=4.5.0.20250223  # match zxcvbn version
diff --git a/yarn.lock b/yarn.lock
index 54768ac391..47d675d6b9 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -532,6 +532,20 @@ __metadata:
   languageName: node
   linkType: hard
 
+"@kurkle/color@npm:0.3.1":
+  version: 0.3.1
+  resolution: "@kurkle/color@npm:0.3.1"
+  checksum: e6be5c081bf5acfd4a1803dcd5a0733caf450e73148d5f02dc536b1ff0c60c959c23472a26c9c3c6c78ada04fb6a53c9202db9b2de8ea56f6eeec381f9cc3a1a
+  languageName: node
+  linkType: hard
+
+"@kurkle/color@npm:^0.3.0":
+  version: 0.3.4
+  resolution: "@kurkle/color@npm:0.3.4"
+  checksum: b95c6abe0241ba1745b3c84de3b464296b95ce577110b54f46e6c6dcc9a0966491533df43812bd6c66f92cf818e385d1390b280cd5851d4afb52fc37f8a6c0b9
+  languageName: node
+  linkType: hard
+
 "@lezer/common@npm:^0.15.0, @lezer/common@npm:^0.15.7":
   version: 0.15.12
   resolution: "@lezer/common@npm:0.15.12"
@@ -1944,6 +1958,13 @@ __metadata:
   languageName: node
   linkType: hard
 
+"@types/hammerjs@npm:^2.0.45":
+  version: 2.0.46
+  resolution: "@types/hammerjs@npm:2.0.46"
+  checksum: caba6ec788d19905c71092670b58514b3d1f5eee5382bf9205e8df688d51e7857b7994e2dd7aed57fac8977bdf0e456d67fbaf23440a4385b8ce25fe2af1ec39
+  languageName: node
+  linkType: hard
+
 "@types/istanbul-lib-coverage@npm:^2.0.1":
   version: 2.0.4
   resolution: "@types/istanbul-lib-coverage@npm:2.0.4"
@@ -2728,6 +2749,37 @@ browserlist@latest:
   languageName: node
   linkType: hard
 
+"chart.js@npm:^4.5.1":
+  version: 4.5.1
+  resolution: "chart.js@npm:4.5.1"
+  dependencies:
+    "@kurkle/color": ^0.3.0
+  checksum: 34b35b373642994b2adac197e91363625930530e29fc1baa6dbb411b5e1295f9f6572922003a0224a21a3019aec916567c1ed00c33b1373081f189fc188e5a7b
+  languageName: node
+  linkType: hard
+
+"chartjs-plugin-autocolors@npm:0.3.1":
+  version: 0.3.1
+  resolution: "chartjs-plugin-autocolors@npm:0.3.1"
+  peerDependencies:
+    "@kurkle/color": ^0.3.1
+    chart.js: ">=2"
+  checksum: de4f87b5bb3e042aa1d3de3886425bbd2340a55ca455b645569d0def602079833182ef214e205ff4466fb5ab1e708761cf37eb51ab3cd622284242c05ed94128
+  languageName: node
+  linkType: hard
+
+"chartjs-plugin-zoom@npm:2.2.0":
+  version: 2.2.0
+  resolution: "chartjs-plugin-zoom@npm:2.2.0"
+  dependencies:
+    "@types/hammerjs": ^2.0.45
+    hammerjs: ^2.0.8
+  peerDependencies:
+    chart.js: ">=3.2.0"
+  checksum: a540e3834082eeb4dedb5ec6ca381f94d7e101075c19a7b65f2a4cd2d12685b3a416e718c9cf7145799802874fb397f69b71a955dfc56b035946cde4d1eb6c8e
+  languageName: node
+  linkType: hard
+
 "chokidar@npm:>=3.0.0 <4.0.0":
   version: 3.5.3
   resolution: "chokidar@npm:3.5.3"
@@ -4616,6 +4668,13 @@ browserlist@latest:
   languageName: node
   linkType: hard
 
+"hammerjs@npm:^2.0.8":
+  version: 2.0.8
+  resolution: "hammerjs@npm:2.0.8"
+  checksum: b092da7d1565a165d7edb53ef0ce212837a8b11f897aa3cf81a7818b66686b0ab3f4747fbce8fc8a41d1376594639ce3a054b0fd4889ca8b5b136a29ca500e27
+  languageName: node
+  linkType: hard
+
 "has-bigints@npm:^1.0.1, has-bigints@npm:^1.0.2":
   version: 1.0.2
   resolution: "has-bigints@npm:1.0.2"
@@ -7030,6 +7089,7 @@ browserlist@latest:
     "@fullcalendar/luxon3": 6.1.11
     "@fullcalendar/timegrid": 6.1.11
     "@fullcalendar/vue3": 6.1.11
+    "@kurkle/color": 0.3.1
     "@parcel/optimizer-data-url": 2.12.0
     "@parcel/transformer-inline-string": 2.12.0
     "@parcel/transformer-sass": 2.12.0
@@ -7044,6 +7104,9 @@ browserlist@latest:
     browserlist: latest
     c8: 9.1.0
     caniuse-lite: 1.0.30001603
+    chart.js: ^4.5.1
+    chartjs-plugin-autocolors: 0.3.1
+    chartjs-plugin-zoom: 2.2.0
     d3: 7.9.0
     eslint: 8.57.0
     eslint-config-standard: 17.1.0