fixed doc env vars + mongo v2 migration

2026-01-31 00:26:42 +01:00
parent cbb7bd8ba6
commit 1aa7e287fb
356 changed files with 1705 additions and 1729 deletions
--- a/api/pkg/api/routers/gsresponse/response_test.go
+++ b/api/pkg/api/routers/gsresponse/response_test.go
@@ -9,7 +9,7 @@ import (
 	"github.com/stretchr/testify/require"
 	"github.com/tech/sendico/pkg/merrors"
 	"github.com/tech/sendico/pkg/mservice"
-	"go.mongodb.org/mongo-driver/bson/primitive"
+	"go.mongodb.org/mongo-driver/v2/bson"
 	"go.uber.org/zap"
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/status"
@@ -49,7 +49,7 @@ func TestAutoMappings(t *testing.T) {
 		code codes.Code
 	}{
 		{"invalid_argument", merrors.InvalidArgument("bad"), codes.InvalidArgument},
-		{"access_denied", merrors.AccessDenied("object", "action", primitive.NilObjectID), codes.PermissionDenied},
+		{"access_denied", merrors.AccessDenied("object", "action", bson.NilObjectID), codes.PermissionDenied},
 		{"not_found", merrors.NoData("missing"), codes.NotFound},
 		{"unauthorized", fmt.Errorf("%w: %s", merrors.ErrUnauthorized, "bad"), codes.Unauthenticated},
 		{"conflict", merrors.DataConflict("conflict"), codes.Aborted},
--- a/api/pkg/auth/USAGE.md
+++ b/api/pkg/auth/USAGE.md
@@ -162,7 +162,7 @@ if err != nil {
 mockEnforcer := &MockEnforcer{}

 // Grant all permissions
-permissions := map[primitive.ObjectID]bool{
+permissions := map[bson.ObjectID]bool{
    objectID1: true,
    objectID2: true,
 }
--- a/api/pkg/auth/archivable.go
+++ b/api/pkg/auth/archivable.go
@@ -6,21 +6,21 @@ import (
 	"github.com/tech/sendico/pkg/db/template"
 	"github.com/tech/sendico/pkg/mlogger"
 	"github.com/tech/sendico/pkg/model"
-	"go.mongodb.org/mongo-driver/bson/primitive"
+	"go.mongodb.org/mongo-driver/v2/bson"
 )

 // ArchivableDB implements archive operations with permission checking
 type ArchivableDB[T model.PermissionBoundStorable] interface {
 	// SetArchived sets the archived status of an entity with permission checking
-	SetArchived(ctx context.Context, accountRef, objectRef primitive.ObjectID, archived bool) error
+	SetArchived(ctx context.Context, accountRef, objectRef bson.ObjectID, archived bool) error
 	// IsArchived checks if an entity is archived with permission checking
-	IsArchived(ctx context.Context, accountRef, objectRef primitive.ObjectID) (bool, error)
+	IsArchived(ctx context.Context, accountRef, objectRef bson.ObjectID) (bool, error)

 	// Archive archives an entity with permission checking (sets archived to true)
-	Archive(ctx context.Context, accountRef, objectRef primitive.ObjectID) error
+	Archive(ctx context.Context, accountRef, objectRef bson.ObjectID) error

 	// Unarchive unarchives an entity with permission checking (sets archived to false)
-	Unarchive(ctx context.Context, accountRef, objectRef primitive.ObjectID) error
+	Unarchive(ctx context.Context, accountRef, objectRef bson.ObjectID) error
 }

 // NewArchivableDB creates a new auth.ArchivableDB instance
--- a/api/pkg/auth/archivableimp.go
+++ b/api/pkg/auth/archivableimp.go
@@ -9,7 +9,7 @@ import (
 	"github.com/tech/sendico/pkg/mlogger"
 	"github.com/tech/sendico/pkg/model"
 	"github.com/tech/sendico/pkg/mutil/mzap"
-	"go.mongodb.org/mongo-driver/bson/primitive"
+	"go.mongodb.org/mongo-driver/v2/bson"
 	"go.uber.org/zap"
 )

@@ -40,7 +40,7 @@ func newArchivableDBImp[T model.PermissionBoundStorable](
 }

 // SetArchived sets the archived status of an entity with permission checking
-func (db *ArchivableDBImp[T]) SetArchived(ctx context.Context, accountRef, objectRef primitive.ObjectID, archived bool) error {
+func (db *ArchivableDBImp[T]) SetArchived(ctx context.Context, accountRef, objectRef bson.ObjectID, archived bool) error {
 	// Check permissions using enforceObject helper
 	if err := enforceObjectByRef(ctx, db.dbImp, db.enforcer, model.ActionUpdate, accountRef, objectRef); err != nil {
 		db.logger.Warn("Failed to enforce object permission", zap.Error(err),
@@ -79,7 +79,7 @@ func (db *ArchivableDBImp[T]) SetArchived(ctx context.Context, accountRef, objec
 }

 // IsArchived checks if an entity is archived with permission checking
-func (db *ArchivableDBImp[T]) IsArchived(ctx context.Context, accountRef, objectRef primitive.ObjectID) (bool, error) {
+func (db *ArchivableDBImp[T]) IsArchived(ctx context.Context, accountRef, objectRef bson.ObjectID) (bool, error) {
 	// // Check permissions using single Enforce
 	if err := enforceObjectByRef(ctx, db.dbImp, db.enforcer, model.ActionRead, accountRef, objectRef); err != nil {
 		db.logger.Debug("Permission denied for checking archived status", mzap.ObjRef("account_ref", accountRef),
@@ -97,11 +97,11 @@ func (db *ArchivableDBImp[T]) IsArchived(ctx context.Context, accountRef, object
 }

 // Archive archives an entity with permission checking (sets archived to true)
-func (db *ArchivableDBImp[T]) Archive(ctx context.Context, accountRef, objectRef primitive.ObjectID) error {
+func (db *ArchivableDBImp[T]) Archive(ctx context.Context, accountRef, objectRef bson.ObjectID) error {
 	return db.SetArchived(ctx, accountRef, objectRef, true)
 }

 // Unarchive unarchives an entity with permission checking (sets archived to false)
-func (db *ArchivableDBImp[T]) Unarchive(ctx context.Context, accountRef, objectRef primitive.ObjectID) error {
+func (db *ArchivableDBImp[T]) Unarchive(ctx context.Context, accountRef, objectRef bson.ObjectID) error {
 	return db.SetArchived(ctx, accountRef, objectRef, false)
 }
--- a/api/pkg/auth/db.go
+++ b/api/pkg/auth/db.go
@@ -9,21 +9,21 @@ import (
 	"github.com/tech/sendico/pkg/mlogger"
 	"github.com/tech/sendico/pkg/model"
 	"github.com/tech/sendico/pkg/mservice"
-	"go.mongodb.org/mongo-driver/bson/primitive"
-	"go.mongodb.org/mongo-driver/mongo"
+	"go.mongodb.org/mongo-driver/v2/bson"
+	"go.mongodb.org/mongo-driver/v2/mongo"
 )

 type ProtectedDB[T model.PermissionBoundStorable] interface {
-	Create(ctx context.Context, accountRef, organizationRef primitive.ObjectID, object T) error
-	InsertMany(ctx context.Context, accountRef, organizationRef primitive.ObjectID, objects []T) error
-	Get(ctx context.Context, accountRef, objectRef primitive.ObjectID, result T) error
-	Update(ctx context.Context, accountRef primitive.ObjectID, object T) error
-	Delete(ctx context.Context, accountRef, objectRef primitive.ObjectID) error
-	DeleteCascadeAuth(ctx context.Context, accountRef, objectRef primitive.ObjectID) error
-	Patch(ctx context.Context, accountRef, objectRef primitive.ObjectID, patch builder.Patch) error
-	PatchMany(ctx context.Context, accountRef primitive.ObjectID, query builder.Query, patch builder.Patch) (int, error)
+	Create(ctx context.Context, accountRef, organizationRef bson.ObjectID, object T) error
+	InsertMany(ctx context.Context, accountRef, organizationRef bson.ObjectID, objects []T) error
+	Get(ctx context.Context, accountRef, objectRef bson.ObjectID, result T) error
+	Update(ctx context.Context, accountRef bson.ObjectID, object T) error
+	Delete(ctx context.Context, accountRef, objectRef bson.ObjectID) error
+	DeleteCascadeAuth(ctx context.Context, accountRef, objectRef bson.ObjectID) error
+	Patch(ctx context.Context, accountRef, objectRef bson.ObjectID, patch builder.Patch) error
+	PatchMany(ctx context.Context, accountRef bson.ObjectID, query builder.Query, patch builder.Patch) (int, error)
 	Unprotected() template.DB[T]
-	ListIDs(ctx context.Context, action model.Action, accountRef primitive.ObjectID, query builder.Query) ([]primitive.ObjectID, error)
+	ListIDs(ctx context.Context, action model.Action, accountRef bson.ObjectID, query builder.Query) ([]bson.ObjectID, error)
 }

 func CreateDB[T model.PermissionBoundStorable](
--- a/api/pkg/auth/dbab.go
+++ b/api/pkg/auth/dbab.go
@@ -9,21 +9,21 @@ import (
 	"github.com/tech/sendico/pkg/mlogger"
 	"github.com/tech/sendico/pkg/model"
 	"github.com/tech/sendico/pkg/mservice"
-	"go.mongodb.org/mongo-driver/bson/primitive"
-	"go.mongodb.org/mongo-driver/mongo"
+	"go.mongodb.org/mongo-driver/v2/bson"
+	"go.mongodb.org/mongo-driver/v2/mongo"
 	"go.uber.org/zap"
 )

 type AccountBoundDB[T model.AccountBoundStorable] interface {
-	Create(ctx context.Context, accountRef primitive.ObjectID, object T) error
-	Get(ctx context.Context, accountRef, objectRef primitive.ObjectID, result T) error
-	Update(ctx context.Context, accountRef primitive.ObjectID, object T) error
-	Patch(ctx context.Context, accountRef, objectRef primitive.ObjectID, patch builder.Patch) error
-	Delete(ctx context.Context, accountRef, objectRef primitive.ObjectID) error
-	DeleteMany(ctx context.Context, accountRef primitive.ObjectID, query builder.Query) error
-	FindOne(ctx context.Context, accountRef primitive.ObjectID, query builder.Query, result T) error
-	ListIDs(ctx context.Context, accountRef primitive.ObjectID, query builder.Query) ([]primitive.ObjectID, error)
-	ListAccountBound(ctx context.Context, accountRef, organizationRef primitive.ObjectID, query builder.Query) ([]model.AccountBoundStorable, error)
+	Create(ctx context.Context, accountRef bson.ObjectID, object T) error
+	Get(ctx context.Context, accountRef, objectRef bson.ObjectID, result T) error
+	Update(ctx context.Context, accountRef bson.ObjectID, object T) error
+	Patch(ctx context.Context, accountRef, objectRef bson.ObjectID, patch builder.Patch) error
+	Delete(ctx context.Context, accountRef, objectRef bson.ObjectID) error
+	DeleteMany(ctx context.Context, accountRef bson.ObjectID, query builder.Query) error
+	FindOne(ctx context.Context, accountRef bson.ObjectID, query builder.Query, result T) error
+	ListIDs(ctx context.Context, accountRef bson.ObjectID, query builder.Query) ([]bson.ObjectID, error)
+	ListAccountBound(ctx context.Context, accountRef, organizationRef bson.ObjectID, query builder.Query) ([]model.AccountBoundStorable, error)
 }

 func CreateAccountBound[T model.AccountBoundStorable](
--- a/api/pkg/auth/dbimp.go
+++ b/api/pkg/auth/dbimp.go
@@ -16,19 +16,19 @@ import (
 	"github.com/tech/sendico/pkg/model"
 	"github.com/tech/sendico/pkg/mservice"
 	"github.com/tech/sendico/pkg/mutil/mzap"
-	"go.mongodb.org/mongo-driver/bson/primitive"
-	"go.mongodb.org/mongo-driver/mongo"
+	"go.mongodb.org/mongo-driver/v2/bson"
+	"go.mongodb.org/mongo-driver/v2/mongo"
 	"go.uber.org/zap"
 )

 type ProtectedDBImp[T model.PermissionBoundStorable] struct {
 	DBImp         *template.DBImp[T]
 	Enforcer      Enforcer
-	PermissionRef primitive.ObjectID
+	PermissionRef bson.ObjectID
 	Collection    mservice.Type
 }

-func (db *ProtectedDBImp[T]) enforce(ctx context.Context, action model.Action, object model.PermissionBoundStorable, accountRef, objectRef primitive.ObjectID) error {
+func (db *ProtectedDBImp[T]) enforce(ctx context.Context, action model.Action, object model.PermissionBoundStorable, accountRef, objectRef bson.ObjectID) error {
 	res, err := db.Enforcer.Enforce(ctx, object.GetPermissionRef(), accountRef, object.GetOrganizationRef(), objectRef, action)
 	if err != nil {
 		db.DBImp.Logger.Warn("Failed to enforce permission",
@@ -46,16 +46,16 @@ func (db *ProtectedDBImp[T]) enforce(ctx context.Context, action model.Action, o
 	return nil
 }

-func (db *ProtectedDBImp[T]) Create(ctx context.Context, accountRef, organizationRef primitive.ObjectID, object T) error {
+func (db *ProtectedDBImp[T]) Create(ctx context.Context, accountRef, organizationRef bson.ObjectID, object T) error {
 	db.DBImp.Logger.Debug("Attempting to create object", mzap.ObjRef("account_ref", accountRef),
 		mzap.ObjRef("organization_ref", organizationRef), zap.String("collection", string(db.Collection)))

-	if object.GetPermissionRef() == primitive.NilObjectID {
+	if object.GetPermissionRef() == bson.NilObjectID {
 		object.SetPermissionRef(db.PermissionRef)
 	}
 	object.SetOrganizationRef(organizationRef)

-	if err := db.enforce(ctx, model.ActionCreate, object, accountRef, primitive.NilObjectID); err != nil {
+	if err := db.enforce(ctx, model.ActionCreate, object, accountRef, bson.NilObjectID); err != nil {
 		return err
 	}

@@ -70,7 +70,7 @@ func (db *ProtectedDBImp[T]) Create(ctx context.Context, accountRef, organizatio
 	return nil
 }

-func (db *ProtectedDBImp[T]) InsertMany(ctx context.Context, accountRef, organizationRef primitive.ObjectID, objects []T) error {
+func (db *ProtectedDBImp[T]) InsertMany(ctx context.Context, accountRef, organizationRef bson.ObjectID, objects []T) error {
 	if len(objects) == 0 {
 		return nil
 	}
@@ -81,12 +81,12 @@ func (db *ProtectedDBImp[T]) InsertMany(ctx context.Context, accountRef, organiz

 	// Set permission and organization refs for all objects and enforce permissions
 	for _, object := range objects {
-		if object.GetPermissionRef() == primitive.NilObjectID {
+		if object.GetPermissionRef() == bson.NilObjectID {
 			object.SetPermissionRef(db.PermissionRef)
 		}
 		object.SetOrganizationRef(organizationRef)

-		if err := db.enforce(ctx, model.ActionCreate, object, accountRef, primitive.NilObjectID); err != nil {
+		if err := db.enforce(ctx, model.ActionCreate, object, accountRef, bson.NilObjectID); err != nil {
 			return err
 		}
 	}
@@ -104,7 +104,7 @@ func (db *ProtectedDBImp[T]) InsertMany(ctx context.Context, accountRef, organiz
 	return nil
 }

-func (db *ProtectedDBImp[T]) enforceObject(ctx context.Context, action model.Action, accountRef, objectRef primitive.ObjectID) error {
+func (db *ProtectedDBImp[T]) enforceObject(ctx context.Context, action model.Action, accountRef, objectRef bson.ObjectID) error {
 	l, err := db.ListIDs(ctx, action, accountRef, repository.IDFilter(objectRef))
 	if err != nil {
 		db.DBImp.Logger.Warn("Error occured while checking access rights", zap.Error(err),
@@ -118,7 +118,7 @@ func (db *ProtectedDBImp[T]) enforceObject(ctx context.Context, action model.Act
 	return nil
 }

-func (db *ProtectedDBImp[T]) Get(ctx context.Context, accountRef, objectRef primitive.ObjectID, result T) error {
+func (db *ProtectedDBImp[T]) Get(ctx context.Context, accountRef, objectRef bson.ObjectID, result T) error {
 	db.DBImp.Logger.Debug("Attempting to get object", mzap.ObjRef("account_ref", accountRef), mzap.ObjRef("object_ref", objectRef))

 	if err := db.enforceObject(ctx, model.ActionRead, accountRef, objectRef); err != nil {
@@ -137,7 +137,7 @@ func (db *ProtectedDBImp[T]) Get(ctx context.Context, accountRef, objectRef prim
 	return nil
 }

-func (db *ProtectedDBImp[T]) Update(ctx context.Context, accountRef primitive.ObjectID, object T) error {
+func (db *ProtectedDBImp[T]) Update(ctx context.Context, accountRef bson.ObjectID, object T) error {
 	db.DBImp.Logger.Debug("Attempting to update object", mzap.ObjRef("account_ref", accountRef), mzap.StorableRef(object))

 	if err := db.enforceObject(ctx, model.ActionUpdate, accountRef, *object.GetID()); err != nil {
@@ -156,7 +156,7 @@ func (db *ProtectedDBImp[T]) Update(ctx context.Context, accountRef primitive.Ob
 	return nil
 }

-func (db *ProtectedDBImp[T]) Delete(ctx context.Context, accountRef, objectRef primitive.ObjectID) error {
+func (db *ProtectedDBImp[T]) Delete(ctx context.Context, accountRef, objectRef bson.ObjectID) error {
 	db.DBImp.Logger.Debug("Attempting to delete object",
 		mzap.ObjRef("account_ref", accountRef), mzap.ObjRef("object_ref", objectRef))

@@ -178,9 +178,9 @@ func (db *ProtectedDBImp[T]) Delete(ctx context.Context, accountRef, objectRef p
 func (db *ProtectedDBImp[T]) ListIDs(
 	ctx context.Context,
 	action model.Action,
-	accountRef primitive.ObjectID,
+	accountRef bson.ObjectID,
 	query builder.Query,
-) ([]primitive.ObjectID, error) {
+) ([]bson.ObjectID, error) {
 	db.DBImp.Logger.Debug("Attempting to list object IDs",
 		mzap.ObjRef("account_ref", accountRef), zap.String("collection", string(db.Collection)), zap.Any("filter", query.BuildQuery()))

@@ -194,11 +194,11 @@ func (db *ProtectedDBImp[T]) ListIDs(
 	if len(allIDs) == 0 {
 		db.DBImp.Logger.Debug("No objects found matching filter", mzap.ObjRef("account_ref", accountRef),
 			zap.String("collection", string(db.Collection)), zap.Any("filter", query.BuildQuery()))
-		return []primitive.ObjectID{}, merrors.NoData(fmt.Sprintf("no %s found", db.Collection))
+		return []bson.ObjectID{}, merrors.NoData(fmt.Sprintf("no %s found", db.Collection))
 	}

 	// 2. Check read permission for each ID
-	var allowedIDs []primitive.ObjectID
+	var allowedIDs []bson.ObjectID
 	for _, desc := range allIDs {
 		enforceErr := db.enforce(ctx, action, desc, accountRef, *desc.GetID())
 		if enforceErr == nil {
@@ -227,7 +227,7 @@ func (db *ProtectedDBImp[T]) Unprotected() template.DB[T] {
 	return db.DBImp
 }

-func (db *ProtectedDBImp[T]) DeleteCascadeAuth(ctx context.Context, accountRef, objectRef primitive.ObjectID) error {
+func (db *ProtectedDBImp[T]) DeleteCascadeAuth(ctx context.Context, accountRef, objectRef bson.ObjectID) error {
 	if err := db.enforceObject(ctx, model.ActionDelete, accountRef, objectRef); err != nil {
 		return err
 	}
@@ -268,7 +268,7 @@ func CreateDBImp[T model.PermissionBoundStorable](
 	return p, nil
 }

-func (db *ProtectedDBImp[T]) Patch(ctx context.Context, accountRef, objectRef primitive.ObjectID, patch builder.Patch) error {
+func (db *ProtectedDBImp[T]) Patch(ctx context.Context, accountRef, objectRef bson.ObjectID, patch builder.Patch) error {
 	db.DBImp.Logger.Debug("Attempting to patch object",
 		mzap.ObjRef("account_ref", accountRef), mzap.ObjRef("object_ref", objectRef))

@@ -287,7 +287,7 @@ func (db *ProtectedDBImp[T]) Patch(ctx context.Context, accountRef, objectRef pr
 	return nil
 }

-func (db *ProtectedDBImp[T]) PatchMany(ctx context.Context, accountRef primitive.ObjectID, query builder.Query, patch builder.Patch) (int, error) {
+func (db *ProtectedDBImp[T]) PatchMany(ctx context.Context, accountRef bson.ObjectID, query builder.Query, patch builder.Patch) (int, error) {
 	db.DBImp.Logger.Debug("Attempting to patch many objects",
 		mzap.ObjRef("account_ref", accountRef), zap.Any("filter", query.BuildQuery()))

--- a/api/pkg/auth/dbimpab.go
+++ b/api/pkg/auth/dbimpab.go
@@ -13,8 +13,8 @@ import (
 	"github.com/tech/sendico/pkg/model"
 	"github.com/tech/sendico/pkg/mservice"
 	"github.com/tech/sendico/pkg/mutil/mzap"
-	"go.mongodb.org/mongo-driver/bson/primitive"
-	"go.mongodb.org/mongo-driver/mongo"
+	"go.mongodb.org/mongo-driver/v2/bson"
+	"go.mongodb.org/mongo-driver/v2/mongo"
 	"go.uber.org/zap"
 )

@@ -22,11 +22,11 @@ type AccountBoundDBImp[T model.AccountBoundStorable] struct {
 	Logger        mlogger.Logger
 	DBImp         *template.DBImp[T]
 	Enforcer      Enforcer
-	PermissionRef primitive.ObjectID
+	PermissionRef bson.ObjectID
 	Collection    mservice.Type
 }

-func (db *AccountBoundDBImp[T]) enforce(ctx context.Context, action model.Action, object model.AccountBoundStorable, accountRef primitive.ObjectID) error {
+func (db *AccountBoundDBImp[T]) enforce(ctx context.Context, action model.Action, object model.AccountBoundStorable, accountRef bson.ObjectID) error {
 	// FIRST: Check if the object's AccountRef equals the calling accountRef - if so, ALLOW
 	objectAccountRef := object.GetAccountRef()
 	if objectAccountRef != nil && *objectAccountRef == accountRef {
@@ -51,12 +51,12 @@ func (db *AccountBoundDBImp[T]) enforce(ctx context.Context, action model.Action
 		db.Logger.Debug("Access denied", mzap.ObjRef("permission_ref", db.PermissionRef),
 			mzap.ObjRef("account_ref", accountRef), mzap.ObjRef("organization_ref", organizationRef),
 			zap.String("action", string(action)))
-		return merrors.AccessDenied(db.Collection, string(action), primitive.NilObjectID)
+		return merrors.AccessDenied(db.Collection, string(action), bson.NilObjectID)
 	}
 	return nil
 }

-func (db *AccountBoundDBImp[T]) enforceInterface(ctx context.Context, action model.Action, object model.AccountBoundStorable, accountRef primitive.ObjectID) error {
+func (db *AccountBoundDBImp[T]) enforceInterface(ctx context.Context, action model.Action, object model.AccountBoundStorable, accountRef bson.ObjectID) error {
 	// FIRST: Check if the object's AccountRef equals the calling accountRef - if so, ALLOW
 	objectAccountRef := object.GetAccountRef()
 	if objectAccountRef != nil && *objectAccountRef == accountRef {
@@ -81,12 +81,12 @@ func (db *AccountBoundDBImp[T]) enforceInterface(ctx context.Context, action mod
 		db.Logger.Debug("Access denied", mzap.ObjRef("permission_ref", db.PermissionRef),
 			mzap.ObjRef("account_ref", accountRef), mzap.ObjRef("organization_ref", organizationRef),
 			zap.String("action", string(action)))
-		return merrors.AccessDenied(db.Collection, string(action), primitive.NilObjectID)
+		return merrors.AccessDenied(db.Collection, string(action), bson.NilObjectID)
 	}
 	return nil
 }

-func (db *AccountBoundDBImp[T]) Create(ctx context.Context, accountRef primitive.ObjectID, object T) error {
+func (db *AccountBoundDBImp[T]) Create(ctx context.Context, accountRef bson.ObjectID, object T) error {
 	orgRef := object.GetOrganizationRef()
 	db.Logger.Debug("Attempting to create object", mzap.ObjRef("account_ref", accountRef),
 		mzap.ObjRef("organization_ref", orgRef), zap.String("collection", string(db.Collection)))
@@ -107,7 +107,7 @@ func (db *AccountBoundDBImp[T]) Create(ctx context.Context, accountRef primitive
 	return nil
 }

-func (db *AccountBoundDBImp[T]) Get(ctx context.Context, accountRef, objectRef primitive.ObjectID, result T) error {
+func (db *AccountBoundDBImp[T]) Get(ctx context.Context, accountRef, objectRef bson.ObjectID, result T) error {
 	db.Logger.Debug("Attempting to get object", mzap.ObjRef("account_ref", accountRef), mzap.ObjRef("object_ref", objectRef))

 	// First get the object to check its organization
@@ -127,7 +127,7 @@ func (db *AccountBoundDBImp[T]) Get(ctx context.Context, accountRef, objectRef p
 	return nil
 }

-func (db *AccountBoundDBImp[T]) Update(ctx context.Context, accountRef primitive.ObjectID, object T) error {
+func (db *AccountBoundDBImp[T]) Update(ctx context.Context, accountRef bson.ObjectID, object T) error {
 	db.Logger.Debug("Attempting to update object", mzap.ObjRef("account_ref", accountRef), mzap.StorableRef(object))

 	// Check organization update permission
@@ -146,7 +146,7 @@ func (db *AccountBoundDBImp[T]) Update(ctx context.Context, accountRef primitive
 	return nil
 }

-func (db *AccountBoundDBImp[T]) Patch(ctx context.Context, accountRef, objectRef primitive.ObjectID, patch builder.Patch) error {
+func (db *AccountBoundDBImp[T]) Patch(ctx context.Context, accountRef, objectRef bson.ObjectID, patch builder.Patch) error {
 	db.Logger.Debug("Attempting to patch object", mzap.ObjRef("account_ref", accountRef), mzap.ObjRef("object_ref", objectRef))

 	// First get the object to check its organization
@@ -175,7 +175,7 @@ func (db *AccountBoundDBImp[T]) Patch(ctx context.Context, accountRef, objectRef
 	return nil
 }

-func (db *AccountBoundDBImp[T]) Delete(ctx context.Context, accountRef, objectRef primitive.ObjectID) error {
+func (db *AccountBoundDBImp[T]) Delete(ctx context.Context, accountRef, objectRef bson.ObjectID) error {
 	db.Logger.Debug("Attempting to delete object", mzap.ObjRef("account_ref", accountRef), mzap.ObjRef("object_ref", objectRef))

 	// First get the object to check its organization
@@ -203,7 +203,7 @@ func (db *AccountBoundDBImp[T]) Delete(ctx context.Context, accountRef, objectRe
 	return nil
 }

-func (db *AccountBoundDBImp[T]) DeleteMany(ctx context.Context, accountRef primitive.ObjectID, query builder.Query) error {
+func (db *AccountBoundDBImp[T]) DeleteMany(ctx context.Context, accountRef bson.ObjectID, query builder.Query) error {
 	db.Logger.Debug("Attempting to delete many objects", mzap.ObjRef("account_ref", accountRef), zap.String("collection", string(db.Collection)))

 	// Get all candidate objects for batch permission checking
@@ -221,7 +221,7 @@ func (db *AccountBoundDBImp[T]) DeleteMany(ctx context.Context, accountRef primi
 	}

 	// Build query for objects that passed permission check
-	var allowedIDs []primitive.ObjectID
+	var allowedIDs []bson.ObjectID
 	for _, obj := range allObjects {
 		if allowedResults[*obj.GetID()] {
 			allowedIDs = append(allowedIDs, *obj.GetID())
@@ -244,7 +244,7 @@ func (db *AccountBoundDBImp[T]) DeleteMany(ctx context.Context, accountRef primi
 	return nil
 }

-func (db *AccountBoundDBImp[T]) FindOne(ctx context.Context, accountRef primitive.ObjectID, query builder.Query, result T) error {
+func (db *AccountBoundDBImp[T]) FindOne(ctx context.Context, accountRef bson.ObjectID, query builder.Query, result T) error {
 	db.Logger.Debug("Attempting to find one object", mzap.ObjRef("account_ref", accountRef), zap.String("collection", string(db.Collection)))

 	// For FindOne, we need to check read permission after finding the object
@@ -263,7 +263,7 @@ func (db *AccountBoundDBImp[T]) FindOne(ctx context.Context, accountRef primitiv
 	return nil
 }

-func (db *AccountBoundDBImp[T]) ListIDs(ctx context.Context, accountRef primitive.ObjectID, query builder.Query) ([]primitive.ObjectID, error) {
+func (db *AccountBoundDBImp[T]) ListIDs(ctx context.Context, accountRef bson.ObjectID, query builder.Query) ([]bson.ObjectID, error) {
 	db.Logger.Debug("Attempting to list object IDs", mzap.ObjRef("account_ref", accountRef), zap.String("collection", string(db.Collection)))

 	// Get all candidate objects for batch permission checking
@@ -281,7 +281,7 @@ func (db *AccountBoundDBImp[T]) ListIDs(ctx context.Context, accountRef primitiv
 	}

 	// Filter to only allowed object IDs
-	var allowedIDs []primitive.ObjectID
+	var allowedIDs []bson.ObjectID
 	for _, obj := range allObjects {
 		if allowedResults[*obj.GetID()] {
 			allowedIDs = append(allowedIDs, *obj.GetID())
@@ -293,7 +293,7 @@ func (db *AccountBoundDBImp[T]) ListIDs(ctx context.Context, accountRef primitiv
 	return allowedIDs, nil
 }

-func (db *AccountBoundDBImp[T]) ListAccountBound(ctx context.Context, accountRef, organizationRef primitive.ObjectID, query builder.Query) ([]model.AccountBoundStorable, error) {
+func (db *AccountBoundDBImp[T]) ListAccountBound(ctx context.Context, accountRef, organizationRef bson.ObjectID, query builder.Query) ([]model.AccountBoundStorable, error) {
 	db.Logger.Debug("Attempting to list account bound objects", mzap.ObjRef("account_ref", accountRef), zap.String("collection", string(db.Collection)))

 	// Build query to find objects where accountRef matches OR is null/absent
@@ -327,7 +327,7 @@ func (db *AccountBoundDBImp[T]) ListAccountBound(ctx context.Context, accountRef
 	return allowedObjects, nil
 }

-func (db *AccountBoundDBImp[T]) GetByAccountRef(ctx context.Context, accountRef primitive.ObjectID, result T) error {
+func (db *AccountBoundDBImp[T]) GetByAccountRef(ctx context.Context, accountRef bson.ObjectID, result T) error {
 	db.Logger.Debug("Attempting to get object by account ref", mzap.ObjRef("account_ref", accountRef))

 	// Build query to find objects where accountRef matches OR is null/absent
@@ -348,7 +348,7 @@ func (db *AccountBoundDBImp[T]) GetByAccountRef(ctx context.Context, accountRef
 	return nil
 }

-func (db *AccountBoundDBImp[T]) DeleteByAccountRef(ctx context.Context, accountRef primitive.ObjectID) error {
+func (db *AccountBoundDBImp[T]) DeleteByAccountRef(ctx context.Context, accountRef bson.ObjectID) error {
 	db.Logger.Debug("Attempting to delete objects by account ref", mzap.ObjRef("account_ref", accountRef))

 	// Build query to find objects where accountRef matches OR is null/absent
@@ -362,7 +362,7 @@ func (db *AccountBoundDBImp[T]) DeleteByAccountRef(ctx context.Context, accountR
 	}

 	// Check permissions for each object individually (AccountBoundStorable doesn't have permission info)
-	var allowedIDs []primitive.ObjectID
+	var allowedIDs []bson.ObjectID
 	for _, obj := range allObjects {
 		if err := db.enforceInterface(ctx, model.ActionUpdate, obj, accountRef); err == nil {
 			allowedIDs = append(allowedIDs, *obj.GetID())
@@ -390,7 +390,7 @@ func (db *AccountBoundDBImp[T]) DeleteByAccountRef(ctx context.Context, accountR
 	return nil
 }

-func (db *AccountBoundDBImp[T]) DeleteCascade(ctx context.Context, objectRef primitive.ObjectID) error {
+func (db *AccountBoundDBImp[T]) DeleteCascade(ctx context.Context, objectRef bson.ObjectID) error {
 	return db.DBImp.DeleteCascade(ctx, objectRef)
 }

--- a/api/pkg/auth/dbimpab_test.go
+++ b/api/pkg/auth/dbimpab_test.go
@@ -4,11 +4,11 @@ import (
 	"errors"
 	"testing"

+	"github.com/stretchr/testify/assert"
 	"github.com/tech/sendico/pkg/merrors"
 	"github.com/tech/sendico/pkg/mlogger"
 	"github.com/tech/sendico/pkg/model"
-	"github.com/stretchr/testify/assert"
-	"go.mongodb.org/mongo-driver/bson/primitive"
+	"go.mongodb.org/mongo-driver/v2/bson"
 	"go.uber.org/zap"
 )

@@ -17,7 +17,7 @@ func TestAccountBoundDBImp_Enforce(t *testing.T) {
 	logger := mlogger.Logger(zap.NewNop())
 	db := &AccountBoundDBImp[model.AccountBoundStorable]{
 		Logger:        logger,
-		PermissionRef: primitive.NewObjectID(),
+		PermissionRef: bson.NewObjectID(),
 		Collection:    "test_collection",
 	}

@@ -29,7 +29,7 @@ func TestAccountBoundDBImp_Enforce(t *testing.T) {

 	t.Run("PermissionRefSet", func(t *testing.T) {
 		// Test that PermissionRef is properly set
-		assert.NotEqual(t, primitive.NilObjectID, db.PermissionRef)
+		assert.NotEqual(t, bson.NilObjectID, db.PermissionRef)
 	})

 	t.Run("CollectionSet", func(t *testing.T) {
@@ -43,7 +43,7 @@ func TestAccountBoundDBImp_InterfaceCompliance(t *testing.T) {
 	logger := mlogger.Logger(zap.NewNop())
 	db := &AccountBoundDBImp[model.AccountBoundStorable]{
 		Logger:        logger,
-		PermissionRef: primitive.NewObjectID(),
+		PermissionRef: bson.NewObjectID(),
 		Collection:    "test_collection",
 	}

@@ -51,7 +51,7 @@ func TestAccountBoundDBImp_InterfaceCompliance(t *testing.T) {
 		// Test that the struct can be initialized
 		assert.NotNil(t, db)
 		assert.NotNil(t, db.Logger)
-		assert.NotEqual(t, primitive.NilObjectID, db.PermissionRef)
+		assert.NotEqual(t, bson.NilObjectID, db.PermissionRef)
 		assert.NotEmpty(t, db.Collection)
 	})

@@ -65,14 +65,14 @@ func TestAccountBoundDBImp_InterfaceCompliance(t *testing.T) {
 func TestAccountBoundDBImp_ErrorHandling(t *testing.T) {
 	t.Run("AccessDeniedError", func(t *testing.T) {
 		// Test that AccessDenied error is properly created
-		err := merrors.AccessDenied("test_collection", "read", primitive.NilObjectID)
+		err := merrors.AccessDenied("test_collection", "read", bson.NilObjectID)
 		assert.Error(t, err)
 		assert.True(t, errors.Is(err, merrors.ErrAccessDenied))
 	})

 	t.Run("ErrorTypeChecking", func(t *testing.T) {
 		// Test error type checking
-		accessDeniedErr := merrors.AccessDenied("test", "read", primitive.NilObjectID)
+		accessDeniedErr := merrors.AccessDenied("test", "read", bson.NilObjectID)
 		otherErr := errors.New("other error")

 		assert.True(t, errors.Is(accessDeniedErr, merrors.ErrAccessDenied))
--- a/api/pkg/auth/enforcer.go
+++ b/api/pkg/auth/enforcer.go
@@ -4,14 +4,14 @@ import (
 	"context"

 	"github.com/tech/sendico/pkg/model"
-	"go.mongodb.org/mongo-driver/bson/primitive"
+	"go.mongodb.org/mongo-driver/v2/bson"
 )

 type Enforcer interface {
 	// Enforce checks if accountRef can do `action` on objectRef in an org (domainRef).
 	Enforce(
 		ctx context.Context,
-		permissionRef, accountRef, orgRef, objectRef primitive.ObjectID,
+		permissionRef, accountRef, orgRef, objectRef bson.ObjectID,
 		action model.Action,
 	) (bool, error)

@@ -19,14 +19,14 @@ type Enforcer interface {
 	EnforceBatch(
 		ctx context.Context,
 		objectRefs []model.PermissionBoundStorable,
-		accountRef primitive.ObjectID,
+		accountRef bson.ObjectID,
 		action model.Action,
-	) (map[primitive.ObjectID]bool, error)
+	) (map[bson.ObjectID]bool, error)

 	// GetRoles returns the user's roles in a given org domain, plus any partial scopes if relevant.
-	GetRoles(ctx context.Context, accountRef, orgRef primitive.ObjectID) ([]model.Role, error)
+	GetRoles(ctx context.Context, accountRef, orgRef bson.ObjectID) ([]model.Role, error)

 	// GetPermissions returns all effective permissions (with effect, object scoping) for a user in org domain.
 	// Merges from all roles the user holds, plus any denies/exceptions.
-	GetPermissions(ctx context.Context, accountRef, orgRef primitive.ObjectID) ([]model.Role, []model.Permission, error)
+	GetPermissions(ctx context.Context, accountRef, orgRef bson.ObjectID) ([]model.Role, []model.Permission, error)
 }
--- a/api/pkg/auth/factory.go
+++ b/api/pkg/auth/factory.go
@@ -7,7 +7,7 @@ import (
 	"github.com/tech/sendico/pkg/db/role"
 	"github.com/tech/sendico/pkg/merrors"
 	"github.com/tech/sendico/pkg/mlogger"
-	"go.mongodb.org/mongo-driver/mongo"
+	"go.mongodb.org/mongo-driver/v2/mongo"
 	"go.uber.org/zap"
 )

--- a/api/pkg/auth/helper.go
+++ b/api/pkg/auth/helper.go
@@ -10,11 +10,11 @@ import (
 	"github.com/tech/sendico/pkg/merrors"
 	"github.com/tech/sendico/pkg/model"
 	"github.com/tech/sendico/pkg/mutil/mzap"
-	"go.mongodb.org/mongo-driver/bson/primitive"
+	"go.mongodb.org/mongo-driver/v2/bson"
 	"go.uber.org/zap"
 )

-func enforceObject[T model.PermissionBoundStorable](ctx context.Context, db *template.DBImp[T], enforcer Enforcer, action model.Action, accountRef primitive.ObjectID, query builder.Query) error {
+func enforceObject[T model.PermissionBoundStorable](ctx context.Context, db *template.DBImp[T], enforcer Enforcer, action model.Action, accountRef bson.ObjectID, query builder.Query) error {
 	l, err := db.ListPermissionBound(ctx, query)
 	if err != nil {
 		db.Logger.Warn("Error occured while checking access rights", zap.Error(err),
@@ -23,7 +23,7 @@ func enforceObject[T model.PermissionBoundStorable](ctx context.Context, db *tem
 	}
 	if len(l) == 0 {
 		db.Logger.Debug("Access denied", mzap.ObjRef("account_ref", accountRef), zap.String("action", string(action)))
-		return merrors.AccessDenied(db.Repository.Collection(), string(action), primitive.NilObjectID)
+		return merrors.AccessDenied(db.Repository.Collection(), string(action), bson.NilObjectID)
 	}
 	for _, item := range l {
 		db.Logger.Debug("Object found", mzap.ObjRef("object_ref", *item.GetID()),
@@ -46,7 +46,7 @@ func enforceObject[T model.PermissionBoundStorable](ctx context.Context, db *tem
 	return nil
 }

-func enforceObjectByRef[T model.PermissionBoundStorable](ctx context.Context, db *template.DBImp[T], enforcer Enforcer, action model.Action, accountRef, objectRef primitive.ObjectID) error {
+func enforceObjectByRef[T model.PermissionBoundStorable](ctx context.Context, db *template.DBImp[T], enforcer Enforcer, action model.Action, accountRef, objectRef bson.ObjectID) error {
 	err := enforceObject(ctx, db, enforcer, action, accountRef, repository.IDFilter(objectRef))
 	if err != nil {
 		if errors.Is(err, merrors.ErrAccessDenied) {
--- a/api/pkg/auth/indexable.go
+++ b/api/pkg/auth/indexable.go
@@ -8,13 +8,13 @@ import (
 	"github.com/tech/sendico/pkg/db/storable"
 	"github.com/tech/sendico/pkg/mlogger"
 	"github.com/tech/sendico/pkg/model"
-	"go.mongodb.org/mongo-driver/bson/primitive"
+	"go.mongodb.org/mongo-driver/v2/bson"
 )

 // IndexableDB implements reordering with permission checking
 type IndexableDB[T storable.Storable] interface {
 	// Reorder implements reordering with permission checking using EnforceBatch
-	Reorder(ctx context.Context, accountRef, objectRef primitive.ObjectID, newIndex int, filter builder.Query) error
+	Reorder(ctx context.Context, accountRef, objectRef bson.ObjectID, newIndex int, filter builder.Query) error
 }

 // NewIndexableDB creates a new auth.IndexableDB instance
--- a/api/pkg/auth/indexableimp.go
+++ b/api/pkg/auth/indexableimp.go
@@ -10,7 +10,7 @@ import (
 	"github.com/tech/sendico/pkg/mlogger"
 	"github.com/tech/sendico/pkg/model"
 	"github.com/tech/sendico/pkg/mutil/mzap"
-	"go.mongodb.org/mongo-driver/bson/primitive"
+	"go.mongodb.org/mongo-driver/v2/bson"
 	"go.uber.org/zap"
 )

@@ -41,7 +41,7 @@ func newIndexableDBImp[T storable.Storable](
 }

 // Reorder implements reordering with permission checking using EnforceBatch
-func (db *indexableDBImp[T]) Reorder(ctx context.Context, accountRef, objectRef primitive.ObjectID, newIndex int, filter builder.Query) error {
+func (db *indexableDBImp[T]) Reorder(ctx context.Context, accountRef, objectRef bson.ObjectID, newIndex int, filter builder.Query) error {
 	// Get current object to find its index
 	obj := db.createEmpty()
 	if err := db.repo.Get(ctx, objectRef, obj); err != nil {
--- a/api/pkg/auth/internal/casbin/config/config.go
+++ b/api/pkg/auth/internal/casbin/config/config.go
@@ -4,7 +4,7 @@ import (
 	"os"
 	"time"

-	mongodbadapter "github.com/casbin/mongodb-adapter/v3"
+	mongodbadapter "github.com/casbin/mongodb-adapter/v4"
 	"github.com/tech/sendico/pkg/merrors"
 	"github.com/tech/sendico/pkg/mlogger"
 	"go.uber.org/zap"
--- a/api/pkg/auth/internal/casbin/enforcer.go
+++ b/api/pkg/auth/internal/casbin/enforcer.go
@@ -5,6 +5,7 @@ import (
 	"context"

 	"github.com/casbin/casbin/v2"
+	"github.com/mitchellh/mapstructure"
 	"github.com/tech/sendico/pkg/auth/anyobject"
 	cc "github.com/tech/sendico/pkg/auth/internal/casbin/config"
 	"github.com/tech/sendico/pkg/auth/internal/casbin/serialization"
@@ -12,9 +13,8 @@ import (
 	"github.com/tech/sendico/pkg/mlogger"
 	"github.com/tech/sendico/pkg/model"
 	"github.com/tech/sendico/pkg/mutil/mzap"
-	"github.com/mitchellh/mapstructure"
-	"go.mongodb.org/mongo-driver/bson/primitive"
-	"go.mongodb.org/mongo-driver/mongo"
+	"go.mongodb.org/mongo-driver/v2/bson"
+	"go.mongodb.org/mongo-driver/v2/mongo"
 	"go.uber.org/zap"
 )

@@ -59,7 +59,7 @@ func NewEnforcer(
 // Enforce checks if a user has the specified action permission on an object within a domain.
 func (c *CasbinEnforcer) Enforce(
 	_ context.Context,
-	permissionRef, accountRef, organizationRef, objectRef primitive.ObjectID,
+	permissionRef, accountRef, organizationRef, objectRef bson.ObjectID,
 	action model.Action,
 ) (bool, error) {
 	// Convert ObjectIDs to strings for Casbin
@@ -67,7 +67,7 @@ func (c *CasbinEnforcer) Enforce(
 	organization := organizationRef.Hex()
 	permission := permissionRef.Hex()
 	object := anyobject.ID
-	if objectRef != primitive.NilObjectID {
+	if objectRef != bson.NilObjectID {
 		object = objectRef.Hex()
 	}
 	act := string(action)
@@ -96,10 +96,10 @@ func (c *CasbinEnforcer) Enforce(
 func (c *CasbinEnforcer) EnforceBatch(
 	ctx context.Context,
 	objectRefs []model.PermissionBoundStorable,
-	accountRef primitive.ObjectID,
+	accountRef bson.ObjectID,
 	action model.Action,
-) (map[primitive.ObjectID]bool, error) {
-	results := make(map[primitive.ObjectID]bool, len(objectRefs))
+) (map[bson.ObjectID]bool, error) {
+	results := make(map[bson.ObjectID]bool, len(objectRefs))
 	for _, desc := range objectRefs {
 		ok, err := c.Enforce(ctx, desc.GetPermissionRef(), accountRef, desc.GetOrganizationRef(), *desc.GetID(), action)
 		if err != nil {
@@ -115,7 +115,7 @@ func (c *CasbinEnforcer) EnforceBatch(
 }

 // GetRoles retrieves all roles assigned to the user within the domain.
-func (c *CasbinEnforcer) GetRoles(ctx context.Context, accountRef, orgRef primitive.ObjectID) ([]model.Role, error) {
+func (c *CasbinEnforcer) GetRoles(ctx context.Context, accountRef, orgRef bson.ObjectID) ([]model.Role, error) {
 	sub := accountRef.Hex()
 	dom := orgRef.Hex()

@@ -145,7 +145,7 @@ func (c *CasbinEnforcer) GetRoles(ctx context.Context, accountRef, orgRef primit
 }

 // GetPermissions retrieves all effective policies for the user within the domain.
-func (c *CasbinEnforcer) GetPermissions(ctx context.Context, accountRef, orgRef primitive.ObjectID) ([]model.Role, []model.Permission, error) {
+func (c *CasbinEnforcer) GetPermissions(ctx context.Context, accountRef, orgRef bson.ObjectID) ([]model.Role, []model.Permission, error) {
 	c.logger.Debug("Fetching policies for user", mzap.ObjRef("account_ref", accountRef), mzap.ObjRef("organization_ref", orgRef))

 	// Step 1: Retrieve all roles assigned to the user within the domain
--- a/api/pkg/auth/internal/casbin/factory.go
+++ b/api/pkg/auth/internal/casbin/factory.go
@@ -2,10 +2,10 @@ package casbin

 import (
 	"github.com/casbin/casbin/v2"
-	mongodbadapter "github.com/casbin/mongodb-adapter/v3"
+	mongodbadapter "github.com/casbin/mongodb-adapter/v4"
 	cc "github.com/tech/sendico/pkg/auth/internal/casbin/config"
 	"github.com/tech/sendico/pkg/mlogger"
-	"go.mongodb.org/mongo-driver/mongo"
+	"go.mongodb.org/mongo-driver/v2/mongo"
 	"go.uber.org/zap"
 )

--- a/api/pkg/auth/internal/casbin/permissions.go
+++ b/api/pkg/auth/internal/casbin/permissions.go
@@ -9,7 +9,7 @@ import (
 	"github.com/tech/sendico/pkg/mlogger"
 	"github.com/tech/sendico/pkg/model"
 	"github.com/tech/sendico/pkg/mutil/mzap"
-	"go.mongodb.org/mongo-driver/bson/primitive"
+	"go.mongodb.org/mongo-driver/v2/bson"
 	"go.uber.org/zap"
 )

@@ -23,7 +23,7 @@ type CasbinPermissionManager struct {
 // GrantToRole adds a permission to a role in Casbin.
 func (m *CasbinPermissionManager) GrantToRole(ctx context.Context, policy *model.RolePolicy) error {
 	objRef := anyobject.ID
-	if (policy.ObjectRef != nil) && (*policy.ObjectRef != primitive.NilObjectID) {
+	if (policy.ObjectRef != nil) && (*policy.ObjectRef != bson.NilObjectID) {
 		objRef = policy.ObjectRef.Hex()
 	}

@@ -118,7 +118,7 @@ func (m *CasbinPermissionManager) RevokeFromRole(ctx context.Context, policy *mo
 // GetPolicies retrieves all policies for a specific role.
 func (m *CasbinPermissionManager) GetPolicies(
 	ctx context.Context,
-	roleRef primitive.ObjectID,
+	roleRef bson.ObjectID,
 ) ([]model.RolePolicy, error) {
 	m.logger.Debug("Fetching policies for role", mzap.ObjRef("role_ref", roleRef))

--- a/api/pkg/auth/internal/casbin/role.go
+++ b/api/pkg/auth/internal/casbin/role.go
@@ -9,7 +9,7 @@ import (
 	"github.com/tech/sendico/pkg/mlogger"
 	"github.com/tech/sendico/pkg/model"
 	"github.com/tech/sendico/pkg/mutil/mzap"
-	"go.mongodb.org/mongo-driver/bson/primitive"
+	"go.mongodb.org/mongo-driver/v2/bson"
 	"go.uber.org/zap"
 )

@@ -18,11 +18,11 @@ type RoleManager struct {
 	logger            mlogger.Logger
 	enforcer          *CasbinEnforcer
 	rdb               role.DB
-	rolePermissionRef primitive.ObjectID
+	rolePermissionRef bson.ObjectID
 }

 // NewRoleManager creates a new RoleManager.
-func NewRoleManager(logger mlogger.Logger, enforcer *CasbinEnforcer, rolePermissionRef primitive.ObjectID, rdb role.DB) *RoleManager {
+func NewRoleManager(logger mlogger.Logger, enforcer *CasbinEnforcer, rolePermissionRef bson.ObjectID, rdb role.DB) *RoleManager {
 	return &RoleManager{
 		logger:            logger.Named("role"),
 		enforcer:          enforcer,
@@ -32,7 +32,7 @@ func NewRoleManager(logger mlogger.Logger, enforcer *CasbinEnforcer, rolePermiss
 }

 // validateObjectIDs ensures that all provided ObjectIDs are non-zero.
-func (rm *RoleManager) validateObjectIDs(ids ...primitive.ObjectID) error {
+func (rm *RoleManager) validateObjectIDs(ids ...bson.ObjectID) error {
 	for _, id := range ids {
 		if id.IsZero() {
 			return merrors.InvalidArgument("Object references cannot be zero", "objectRef")
@@ -42,7 +42,7 @@ func (rm *RoleManager) validateObjectIDs(ids ...primitive.ObjectID) error {
 }

 // removePolicies removes policies based on the provided filter and logs the results.
-func (rm *RoleManager) removePolicies(policyType, role string, roleRef primitive.ObjectID) error {
+func (rm *RoleManager) removePolicies(policyType, role string, roleRef bson.ObjectID) error {
 	filterIndex := 1
 	if policyType == "permission" {
 		filterIndex = 0
@@ -78,14 +78,14 @@ func (rm *RoleManager) removePolicies(policyType, role string, roleRef primitive
 }

 // fetchRolesFromPolicies retrieves and converts policies to roles.
-func (rm *RoleManager) fetchRolesFromPolicies(policies [][]string, orgRef primitive.ObjectID) []model.RoleDescription {
+func (rm *RoleManager) fetchRolesFromPolicies(policies [][]string, orgRef bson.ObjectID) []model.RoleDescription {
 	roles := make([]model.RoleDescription, 0, len(policies))
 	for _, policy := range policies {
 		if len(policy) < 2 {
 			continue
 		}

-		roleID, err := primitive.ObjectIDFromHex(policy[1])
+		roleID, err := bson.ObjectIDFromHex(policy[1])
 		if err != nil {
 			rm.logger.Warn("Invalid role ID", zap.String("roleID", policy[1]))
 			continue
@@ -96,7 +96,7 @@ func (rm *RoleManager) fetchRolesFromPolicies(policies [][]string, orgRef primit
 }

 // Create creates a new role in an organization.
-func (rm *RoleManager) Create(ctx context.Context, orgRef primitive.ObjectID, description *model.Describable) (*model.RoleDescription, error) {
+func (rm *RoleManager) Create(ctx context.Context, orgRef bson.ObjectID, description *model.Describable) (*model.RoleDescription, error) {
 	if err := rm.validateObjectIDs(orgRef); err != nil {
 		return nil, err
 	}
@@ -129,7 +129,7 @@ func (rm *RoleManager) Assign(ctx context.Context, role *model.Role) error {
 }

 // Delete removes a role entirely and cleans up associated Casbin policies.
-func (rm *RoleManager) Delete(ctx context.Context, roleRef primitive.ObjectID) error {
+func (rm *RoleManager) Delete(ctx context.Context, roleRef bson.ObjectID) error {
 	if err := rm.validateObjectIDs(roleRef); err != nil {
 		rm.logger.Warn("Failed to delete role", mzap.ObjRef("role_ref", roleRef))
 		return err
@@ -166,7 +166,7 @@ func (rm *RoleManager) Delete(ctx context.Context, roleRef primitive.ObjectID) e
 }

 // Revoke removes a role from a user.
-func (rm *RoleManager) Revoke(ctx context.Context, roleRef, accountRef, orgRef primitive.ObjectID) error {
+func (rm *RoleManager) Revoke(ctx context.Context, roleRef, accountRef, orgRef bson.ObjectID) error {
 	if err := rm.validateObjectIDs(roleRef, accountRef, orgRef); err != nil {
 		return err
 	}
@@ -180,7 +180,7 @@ func (rm *RoleManager) Revoke(ctx context.Context, roleRef, accountRef, orgRef p
 }

 // logPolicyResult logs results for Assign and Revoke.
-func (rm *RoleManager) logPolicyResult(action string, result bool, err error, roleRef, accountRef, orgRef primitive.ObjectID) error {
+func (rm *RoleManager) logPolicyResult(action string, result bool, err error, roleRef, accountRef, orgRef bson.ObjectID) error {
 	if err != nil {
 		rm.logger.Warn("Failed to "+action+" role", zap.Error(err), mzap.ObjRef("role_ref", roleRef), mzap.ObjRef("account_ref", accountRef), mzap.ObjRef("organization_ref", orgRef))
 		return err
@@ -194,7 +194,7 @@ func (rm *RoleManager) logPolicyResult(action string, result bool, err error, ro
 }

 // List retrieves all roles in an organization or all roles if orgRef is zero.
-func (rm *RoleManager) List(ctx context.Context, orgRef primitive.ObjectID) ([]model.RoleDescription, error) {
+func (rm *RoleManager) List(ctx context.Context, orgRef bson.ObjectID) ([]model.RoleDescription, error) {
 	domain := orgRef.Hex()
 	groupingPolicies, err := rm.enforcer.enforcer.GetFilteredGroupingPolicy(2, domain)
 	if err != nil {
--- a/api/pkg/auth/internal/casbin/serialization/internal/policy.go
+++ b/api/pkg/auth/internal/casbin/serialization/internal/policy.go
@@ -4,7 +4,7 @@ import (
 	"github.com/tech/sendico/pkg/auth/anyobject"
 	"github.com/tech/sendico/pkg/merrors"
 	"github.com/tech/sendico/pkg/model"
-	"go.mongodb.org/mongo-driver/bson/primitive"
+	"go.mongodb.org/mongo-driver/v2/bson"
 )

 // PolicySerializer implements CasbinSerializer for Permission.
@@ -41,25 +41,25 @@ func (s *PolicySerializer) Deserialize(policy []string) (*model.RolePolicy, erro
 		return nil, merrors.Internal("invalid policy format")
 	}

-	roleRef, err := primitive.ObjectIDFromHex(policy[0])
+	roleRef, err := bson.ObjectIDFromHex(policy[0])
 	if err != nil {
 		return nil, merrors.InvalidArgument("invalid roleRef in policy")
 	}

-	organizationRef, err := primitive.ObjectIDFromHex(policy[1])
+	organizationRef, err := bson.ObjectIDFromHex(policy[1])
 	if err != nil {
 		return nil, merrors.InvalidArgument("invalid organizationRef in policy")
 	}

-	permissionRef, err := primitive.ObjectIDFromHex(policy[2])
+	permissionRef, err := bson.ObjectIDFromHex(policy[2])
 	if err != nil {
 		return nil, merrors.InvalidArgument("invalid permissionRef in policy")
 	}

 	// Handle wildcard for ObjectRef
-	var objectRef *primitive.ObjectID
+	var objectRef *bson.ObjectID
 	if policy[3] != anyobject.ID {
-		ref, err := primitive.ObjectIDFromHex(policy[3])
+		ref, err := bson.ObjectIDFromHex(policy[3])
 		if err != nil {
 			return nil, merrors.InvalidArgument("invalid objectRef in policy")
 		}
--- a/api/pkg/auth/internal/casbin/serialization/internal/role.go
+++ b/api/pkg/auth/internal/casbin/serialization/internal/role.go
@@ -3,7 +3,7 @@ package serializationimp
 import (
 	"github.com/tech/sendico/pkg/merrors"
 	"github.com/tech/sendico/pkg/model"
-	"go.mongodb.org/mongo-driver/bson/primitive"
+	"go.mongodb.org/mongo-driver/v2/bson"
 )

 // RoleSerializer implements CasbinSerializer for Role.
@@ -31,19 +31,19 @@ func (s *RoleSerializer) Deserialize(policy []string) (*model.Role, error) {
 	}

 	// Parse accountRef
-	accountRef, err := primitive.ObjectIDFromHex(policy[0])
+	accountRef, err := bson.ObjectIDFromHex(policy[0])
 	if err != nil {
 		return nil, merrors.InvalidArgument("invalid accountRef in grouping policy")
 	}

 	// Parse roleDescriptionRef (roleRef)
-	roleDescriptionRef, err := primitive.ObjectIDFromHex(policy[1])
+	roleDescriptionRef, err := bson.ObjectIDFromHex(policy[1])
 	if err != nil {
 		return nil, merrors.InvalidArgument("invalid roleRef in grouping policy")
 	}

 	// Parse organizationRef
-	organizationRef, err := primitive.ObjectIDFromHex(policy[2])
+	organizationRef, err := bson.ObjectIDFromHex(policy[2])
 	if err != nil {
 		return nil, merrors.InvalidArgument("invalid organizationRef in grouping policy")
 	}
--- a/api/pkg/auth/internal/native/db/policies.go
+++ b/api/pkg/auth/internal/native/db/policies.go
@@ -11,8 +11,8 @@ import (
 	"github.com/tech/sendico/pkg/model"
 	"github.com/tech/sendico/pkg/mservice"
 	mutil "github.com/tech/sendico/pkg/mutil/db"
-	"go.mongodb.org/mongo-driver/bson/primitive"
-	"go.mongodb.org/mongo-driver/mongo"
+	"go.mongodb.org/mongo-driver/v2/bson"
+	"go.mongodb.org/mongo-driver/v2/mongo"
 	"go.uber.org/zap"
 )

@@ -38,7 +38,7 @@ func (db *PermissionsDBImp) Policies(ctx context.Context, object model.Permissio
 	)
 }

-func (db *PermissionsDBImp) PoliciesForPermissionAction(ctx context.Context, roleRef, permissionRef primitive.ObjectID, action model.Action) ([]nstructures.PolicyAssignment, error) {
+func (db *PermissionsDBImp) PoliciesForPermissionAction(ctx context.Context, roleRef, permissionRef bson.ObjectID, action model.Action) ([]nstructures.PolicyAssignment, error) {
 	return mutil.GetObjects[nstructures.PolicyAssignment](
 		ctx,
 		db.Logger,
@@ -55,7 +55,7 @@ func (db *PermissionsDBImp) PoliciesForPermissionAction(ctx context.Context, rol
 func (db *PermissionsDBImp) Remove(ctx context.Context, policy *model.RolePolicy) error {
 	objRefFilter := repository.Query().Or(
 		repository.Filter("policy.objectRef", nil),
-		repository.Filter("policy.objectRef", primitive.NilObjectID),
+		repository.Filter("policy.objectRef", bson.NilObjectID),
 	)
 	if policy.ObjectRef != nil {
 		objRefFilter = repository.Filter("policy.objectRef", *policy.ObjectRef)
@@ -73,7 +73,7 @@ func (db *PermissionsDBImp) Remove(ctx context.Context, policy *model.RolePolicy
 	)
 }

-func (db *PermissionsDBImp) PoliciesForRole(ctx context.Context, roleRef primitive.ObjectID) ([]nstructures.PolicyAssignment, error) {
+func (db *PermissionsDBImp) PoliciesForRole(ctx context.Context, roleRef bson.ObjectID) ([]nstructures.PolicyAssignment, error) {
 	return mutil.GetObjects[nstructures.PolicyAssignment](
 		ctx,
 		db.Logger,
@@ -83,7 +83,7 @@ func (db *PermissionsDBImp) PoliciesForRole(ctx context.Context, roleRef primiti
 	)
 }

-func (db *PermissionsDBImp) PoliciesForRoles(ctx context.Context, roleRefs []primitive.ObjectID, action model.Action) ([]nstructures.PolicyAssignment, error) {
+func (db *PermissionsDBImp) PoliciesForRoles(ctx context.Context, roleRefs []bson.ObjectID, action model.Action) ([]nstructures.PolicyAssignment, error) {
 	if len(roleRefs) == 0 {
 		db.Logger.Debug("Empty role references list provided, returning empty resposnse")
 		return []nstructures.PolicyAssignment{}, nil
--- a/api/pkg/auth/internal/native/db/roles.go
+++ b/api/pkg/auth/internal/native/db/roles.go
@@ -9,8 +9,8 @@ import (
 	"github.com/tech/sendico/pkg/db/template"
 	"github.com/tech/sendico/pkg/mlogger"
 	mutil "github.com/tech/sendico/pkg/mutil/db"
-	"go.mongodb.org/mongo-driver/bson/primitive"
-	"go.mongodb.org/mongo-driver/mongo"
+	"go.mongodb.org/mongo-driver/v2/bson"
+	"go.mongodb.org/mongo-driver/v2/mongo"
 	"go.uber.org/zap"
 )

@@ -18,7 +18,7 @@ type RolesDBImp struct {
 	template.DBImp[*nstructures.RoleAssignment]
 }

-func (db *RolesDBImp) Roles(ctx context.Context, accountRef, organizationRef primitive.ObjectID) ([]nstructures.RoleAssignment, error) {
+func (db *RolesDBImp) Roles(ctx context.Context, accountRef, organizationRef bson.ObjectID) ([]nstructures.RoleAssignment, error) {
 	return mutil.GetObjects[nstructures.RoleAssignment](
 		ctx,
 		db.Logger,
@@ -31,7 +31,7 @@ func (db *RolesDBImp) Roles(ctx context.Context, accountRef, organizationRef pri
 	)
 }

-func (db *RolesDBImp) RolesForVenue(ctx context.Context, organizationRef primitive.ObjectID) ([]nstructures.RoleAssignment, error) {
+func (db *RolesDBImp) RolesForVenue(ctx context.Context, organizationRef bson.ObjectID) ([]nstructures.RoleAssignment, error) {
 	return mutil.GetObjects[nstructures.RoleAssignment](
 		ctx,
 		db.Logger,
@@ -43,7 +43,7 @@ func (db *RolesDBImp) RolesForVenue(ctx context.Context, organizationRef primiti
 	)
 }

-func (db *RolesDBImp) DeleteRole(ctx context.Context, roleRef primitive.ObjectID) error {
+func (db *RolesDBImp) DeleteRole(ctx context.Context, roleRef bson.ObjectID) error {
 	return db.DeleteMany(
 		ctx,
 		repository.Query().And(
@@ -52,7 +52,7 @@ func (db *RolesDBImp) DeleteRole(ctx context.Context, roleRef primitive.ObjectID
 	)
 }

-func (db *RolesDBImp) RemoveRole(ctx context.Context, roleRef, organizationRef, accountRef primitive.ObjectID) error {
+func (db *RolesDBImp) RemoveRole(ctx context.Context, roleRef, organizationRef, accountRef bson.ObjectID) error {
 	return db.DeleteMany(
 		ctx,
 		repository.Query().And(
--- a/api/pkg/auth/internal/native/dbpolicies.go
+++ b/api/pkg/auth/internal/native/dbpolicies.go
@@ -8,17 +8,17 @@ import (
 	"github.com/tech/sendico/pkg/db/template"
 	"github.com/tech/sendico/pkg/mlogger"
 	"github.com/tech/sendico/pkg/model"
-	"go.mongodb.org/mongo-driver/bson/primitive"
-	"go.mongodb.org/mongo-driver/mongo"
+	"go.mongodb.org/mongo-driver/v2/bson"
+	"go.mongodb.org/mongo-driver/v2/mongo"
 )

 type PoliciesDB interface {
 	template.DB[*nstructures.PolicyAssignment]
 	// plenty of interfaces for performance reasons
 	Policies(ctx context.Context, object model.PermissionBoundStorable, action model.Action) ([]nstructures.PolicyAssignment, error)
-	PoliciesForPermissionAction(ctx context.Context, roleRef, permissionRef primitive.ObjectID, action model.Action) ([]nstructures.PolicyAssignment, error)
-	PoliciesForRole(ctx context.Context, roleRef primitive.ObjectID) ([]nstructures.PolicyAssignment, error)
-	PoliciesForRoles(ctx context.Context, roleRefs []primitive.ObjectID, action model.Action) ([]nstructures.PolicyAssignment, error)
+	PoliciesForPermissionAction(ctx context.Context, roleRef, permissionRef bson.ObjectID, action model.Action) ([]nstructures.PolicyAssignment, error)
+	PoliciesForRole(ctx context.Context, roleRef bson.ObjectID) ([]nstructures.PolicyAssignment, error)
+	PoliciesForRoles(ctx context.Context, roleRefs []bson.ObjectID, action model.Action) ([]nstructures.PolicyAssignment, error)
 	Remove(ctx context.Context, policy *model.RolePolicy) error
 }

--- a/api/pkg/auth/internal/native/dbroles.go
+++ b/api/pkg/auth/internal/native/dbroles.go
@@ -7,16 +7,16 @@ import (
 	"github.com/tech/sendico/pkg/auth/internal/native/nstructures"
 	"github.com/tech/sendico/pkg/db/template"
 	"github.com/tech/sendico/pkg/mlogger"
-	"go.mongodb.org/mongo-driver/bson/primitive"
-	"go.mongodb.org/mongo-driver/mongo"
+	"go.mongodb.org/mongo-driver/v2/bson"
+	"go.mongodb.org/mongo-driver/v2/mongo"
 )

 type RolesDB interface {
 	template.DB[*nstructures.RoleAssignment]
-	Roles(ctx context.Context, accountRef, organizationRef primitive.ObjectID) ([]nstructures.RoleAssignment, error)
-	RolesForVenue(ctx context.Context, organizationRef primitive.ObjectID) ([]nstructures.RoleAssignment, error)
-	RemoveRole(ctx context.Context, roleRef, organizationRef, accountRef primitive.ObjectID) error
-	DeleteRole(ctx context.Context, roleRef primitive.ObjectID) error
+	Roles(ctx context.Context, accountRef, organizationRef bson.ObjectID) ([]nstructures.RoleAssignment, error)
+	RolesForVenue(ctx context.Context, organizationRef bson.ObjectID) ([]nstructures.RoleAssignment, error)
+	RemoveRole(ctx context.Context, roleRef, organizationRef, accountRef bson.ObjectID) error
+	DeleteRole(ctx context.Context, roleRef bson.ObjectID) error
 }

 func NewRolesDB(logger mlogger.Logger, conn *mongo.Database) (RolesDB, error) {
--- a/api/pkg/auth/internal/native/enforcer.go
+++ b/api/pkg/auth/internal/native/enforcer.go
@@ -9,8 +9,8 @@ import (
 	"github.com/tech/sendico/pkg/mlogger"
 	"github.com/tech/sendico/pkg/model"
 	"github.com/tech/sendico/pkg/mutil/mzap"
-	"go.mongodb.org/mongo-driver/bson/primitive"
-	"go.mongodb.org/mongo-driver/mongo"
+	"go.mongodb.org/mongo-driver/v2/bson"
+	"go.mongodb.org/mongo-driver/v2/mongo"
 	"go.uber.org/zap"
 )

@@ -44,7 +44,7 @@ func NewEnforcer(
 // Enforce checks if a user has the specified action permission on an object within a domain.
 func (n *Enforcer) Enforce(
 	ctx context.Context,
-	permissionRef, accountRef, organizationRef, objectRef primitive.ObjectID,
+	permissionRef, accountRef, organizationRef, objectRef bson.ObjectID,
 	action model.Action,
 ) (bool, error) {
 	if organizationRef.IsZero() {
@@ -118,13 +118,13 @@ func (n *Enforcer) Enforce(
 func (n *Enforcer) EnforceBatch(
 	ctx context.Context,
 	objectRefs []model.PermissionBoundStorable,
-	accountRef primitive.ObjectID,
+	accountRef bson.ObjectID,
 	action model.Action,
-) (map[primitive.ObjectID]bool, error) {
-	results := make(map[primitive.ObjectID]bool, len(objectRefs))
+) (map[bson.ObjectID]bool, error) {
+	results := make(map[bson.ObjectID]bool, len(objectRefs))

 	// Group objectRefs by organizationRef.
-	objectsByVenue := make(map[primitive.ObjectID][]model.PermissionBoundStorable)
+	objectsByVenue := make(map[bson.ObjectID][]model.PermissionBoundStorable)
 	for _, obj := range objectRefs {
 		organizationRef := obj.GetOrganizationRef()
 		objectsByVenue[organizationRef] = append(objectsByVenue[organizationRef], obj)
@@ -151,7 +151,7 @@ func (n *Enforcer) EnforceBatch(
 		}

 		// 2. Extract role description references
-		var roleRefs []primitive.ObjectID
+		var roleRefs []bson.ObjectID
 		for _, role := range roles {
 			roleRefs = append(roleRefs, role.DescriptionRef)
 		}
@@ -164,7 +164,7 @@ func (n *Enforcer) EnforceBatch(
 		}

 		// 4. Build a lookup map keyed by PermissionRef.
-		policyMap := make(map[primitive.ObjectID][]nstructures.PolicyAssignment)
+		policyMap := make(map[bson.ObjectID][]nstructures.PolicyAssignment)
 		for _, policy := range allPolicies {
 			policyMap[policy.DescriptionRef] = append(policyMap[policy.DescriptionRef], policy)
 		}
@@ -197,7 +197,7 @@ func (n *Enforcer) EnforceBatch(
 }

 // GetRoles retrieves all roles assigned to the user within the domain.
-func (n *Enforcer) GetRoles(ctx context.Context, accountRef, organizationRef primitive.ObjectID) ([]model.Role, error) {
+func (n *Enforcer) GetRoles(ctx context.Context, accountRef, organizationRef bson.ObjectID) ([]model.Role, error) {
 	n.logger.Debug("Fetching roles for user", mzap.ObjRef("account_ref", accountRef), mzap.ObjRef("organization_ref", organizationRef))
 	ra, err := n.rdb.Roles(ctx, accountRef, organizationRef)
 	if errors.Is(err, merrors.ErrNoData) {
@@ -224,7 +224,7 @@ func (n *Enforcer) Reload() error {
 }

 // GetPermissions retrieves all effective policies for the user within the domain.
-func (n *Enforcer) GetPermissions(ctx context.Context, accountRef, organizationRef primitive.ObjectID) ([]model.Role, []model.Permission, error) {
+func (n *Enforcer) GetPermissions(ctx context.Context, accountRef, organizationRef bson.ObjectID) ([]model.Role, []model.Permission, error) {
 	n.logger.Debug("Fetching policies for user", mzap.ObjRef("account_ref", accountRef), mzap.ObjRef("organization_ref", organizationRef))

 	roles, err := n.GetRoles(ctx, accountRef, organizationRef)
@@ -233,7 +233,7 @@ func (n *Enforcer) GetPermissions(ctx context.Context, accountRef, organizationR
 		return nil, nil, err
 	}

-	uniquePermissions := make(map[primitive.ObjectID]model.Permission)
+	uniquePermissions := make(map[bson.ObjectID]model.Permission)
 	for _, role := range roles {
 		perms, err := n.pdb.PoliciesForRole(ctx, role.DescriptionRef)
 		if err != nil {
--- a/api/pkg/auth/internal/native/enforcer_test.go
+++ b/api/pkg/auth/internal/native/enforcer_test.go
@@ -5,15 +5,15 @@ import (
 	"errors"
 	"testing"

+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/mock"
+	"github.com/stretchr/testify/require"
 	"github.com/tech/sendico/pkg/auth/internal/native/nstructures"
 	"github.com/tech/sendico/pkg/db/repository/builder"
 	"github.com/tech/sendico/pkg/merrors"
 	factory "github.com/tech/sendico/pkg/mlogger/factory"
 	"github.com/tech/sendico/pkg/model"
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/mock"
-	"github.com/stretchr/testify/require"
-	"go.mongodb.org/mongo-driver/bson/primitive"
+	"go.mongodb.org/mongo-driver/v2/bson"
 )

 // Mock implementations for testing
@@ -21,17 +21,17 @@ type MockPoliciesDB struct {
 	mock.Mock
 }

-func (m *MockPoliciesDB) PoliciesForPermissionAction(ctx context.Context, roleRef, permissionRef primitive.ObjectID, action model.Action) ([]nstructures.PolicyAssignment, error) {
+func (m *MockPoliciesDB) PoliciesForPermissionAction(ctx context.Context, roleRef, permissionRef bson.ObjectID, action model.Action) ([]nstructures.PolicyAssignment, error) {
 	args := m.Called(ctx, roleRef, permissionRef, action)
 	return args.Get(0).([]nstructures.PolicyAssignment), args.Error(1)
 }

-func (m *MockPoliciesDB) PoliciesForRole(ctx context.Context, roleRef primitive.ObjectID) ([]nstructures.PolicyAssignment, error) {
+func (m *MockPoliciesDB) PoliciesForRole(ctx context.Context, roleRef bson.ObjectID) ([]nstructures.PolicyAssignment, error) {
 	args := m.Called(ctx, roleRef)
 	return args.Get(0).([]nstructures.PolicyAssignment), args.Error(1)
 }

-func (m *MockPoliciesDB) PoliciesForRoles(ctx context.Context, roleRefs []primitive.ObjectID, action model.Action) ([]nstructures.PolicyAssignment, error) {
+func (m *MockPoliciesDB) PoliciesForRoles(ctx context.Context, roleRefs []bson.ObjectID, action model.Action) ([]nstructures.PolicyAssignment, error) {
 	args := m.Called(ctx, roleRefs, action)
 	return args.Get(0).([]nstructures.PolicyAssignment), args.Error(1)
 }
@@ -52,7 +52,7 @@ func (m *MockPoliciesDB) Create(ctx context.Context, assignment *nstructures.Pol
 	return args.Error(0)
 }

-func (m *MockPoliciesDB) Get(ctx context.Context, id primitive.ObjectID, assignment *nstructures.PolicyAssignment) error {
+func (m *MockPoliciesDB) Get(ctx context.Context, id bson.ObjectID, assignment *nstructures.PolicyAssignment) error {
 	args := m.Called(ctx, id, assignment)
 	return args.Error(0)
 }
@@ -62,12 +62,12 @@ func (m *MockPoliciesDB) Update(ctx context.Context, assignment *nstructures.Pol
 	return args.Error(0)
 }

-func (m *MockPoliciesDB) Patch(ctx context.Context, objectRef primitive.ObjectID, patch builder.Patch) error {
+func (m *MockPoliciesDB) Patch(ctx context.Context, objectRef bson.ObjectID, patch builder.Patch) error {
 	args := m.Called(ctx, objectRef, patch)
 	return args.Error(0)
 }

-func (m *MockPoliciesDB) Delete(ctx context.Context, id primitive.ObjectID) error {
+func (m *MockPoliciesDB) Delete(ctx context.Context, id bson.ObjectID) error {
 	args := m.Called(ctx, id)
 	return args.Error(0)
 }
@@ -77,14 +77,14 @@ func (m *MockPoliciesDB) DeleteMany(ctx context.Context, query builder.Query) er
 	return args.Error(0)
 }

-func (m *MockPoliciesDB) ListPermissionBound(ctx context.Context, accountRef, organizationRef primitive.ObjectID) ([]nstructures.PolicyAssignment, error) {
+func (m *MockPoliciesDB) ListPermissionBound(ctx context.Context, accountRef, organizationRef bson.ObjectID) ([]nstructures.PolicyAssignment, error) {
 	args := m.Called(ctx, accountRef, organizationRef)
 	return args.Get(0).([]nstructures.PolicyAssignment), args.Error(1)
 }

-func (m *MockPoliciesDB) ListIDs(ctx context.Context, query interface{}) ([]primitive.ObjectID, error) {
+func (m *MockPoliciesDB) ListIDs(ctx context.Context, query interface{}) ([]bson.ObjectID, error) {
 	args := m.Called(ctx, query)
-	return args.Get(0).([]primitive.ObjectID), args.Error(1)
+	return args.Get(0).([]bson.ObjectID), args.Error(1)
 }

 func (m *MockPoliciesDB) FindOne(ctx context.Context, query builder.Query, assignment *nstructures.PolicyAssignment) error {
@@ -101,7 +101,7 @@ func (m *MockPoliciesDB) Name() string {
 	return "mock_policies"
 }

-func (m *MockPoliciesDB) DeleteCascade(ctx context.Context, id primitive.ObjectID) error {
+func (m *MockPoliciesDB) DeleteCascade(ctx context.Context, id bson.ObjectID) error {
 	args := m.Called(ctx, id)
 	return args.Error(0)
 }
@@ -115,22 +115,22 @@ type MockRolesDB struct {
 	mock.Mock
 }

-func (m *MockRolesDB) Roles(ctx context.Context, accountRef, organizationRef primitive.ObjectID) ([]nstructures.RoleAssignment, error) {
+func (m *MockRolesDB) Roles(ctx context.Context, accountRef, organizationRef bson.ObjectID) ([]nstructures.RoleAssignment, error) {
 	args := m.Called(ctx, accountRef, organizationRef)
 	return args.Get(0).([]nstructures.RoleAssignment), args.Error(1)
 }

-func (m *MockRolesDB) RolesForVenue(ctx context.Context, organizationRef primitive.ObjectID) ([]nstructures.RoleAssignment, error) {
+func (m *MockRolesDB) RolesForVenue(ctx context.Context, organizationRef bson.ObjectID) ([]nstructures.RoleAssignment, error) {
 	args := m.Called(ctx, organizationRef)
 	return args.Get(0).([]nstructures.RoleAssignment), args.Error(1)
 }

-func (m *MockRolesDB) RemoveRole(ctx context.Context, roleRef, organizationRef, accountRef primitive.ObjectID) error {
+func (m *MockRolesDB) RemoveRole(ctx context.Context, roleRef, organizationRef, accountRef bson.ObjectID) error {
 	args := m.Called(ctx, roleRef, organizationRef, accountRef)
 	return args.Error(0)
 }

-func (m *MockRolesDB) DeleteRole(ctx context.Context, roleRef primitive.ObjectID) error {
+func (m *MockRolesDB) DeleteRole(ctx context.Context, roleRef bson.ObjectID) error {
 	args := m.Called(ctx, roleRef)
 	return args.Error(0)
 }
@@ -141,7 +141,7 @@ func (m *MockRolesDB) Create(ctx context.Context, assignment *nstructures.RoleAs
 	return args.Error(0)
 }

-func (m *MockRolesDB) Get(ctx context.Context, id primitive.ObjectID, assignment *nstructures.RoleAssignment) error {
+func (m *MockRolesDB) Get(ctx context.Context, id bson.ObjectID, assignment *nstructures.RoleAssignment) error {
 	args := m.Called(ctx, id, assignment)
 	return args.Error(0)
 }
@@ -151,12 +151,12 @@ func (m *MockRolesDB) Update(ctx context.Context, assignment *nstructures.RoleAs
 	return args.Error(0)
 }

-func (m *MockRolesDB) Patch(ctx context.Context, objectRef primitive.ObjectID, patch builder.Patch) error {
+func (m *MockRolesDB) Patch(ctx context.Context, objectRef bson.ObjectID, patch builder.Patch) error {
 	args := m.Called(ctx, objectRef, patch)
 	return args.Error(0)
 }

-func (m *MockRolesDB) Delete(ctx context.Context, id primitive.ObjectID) error {
+func (m *MockRolesDB) Delete(ctx context.Context, id bson.ObjectID) error {
 	args := m.Called(ctx, id)
 	return args.Error(0)
 }
@@ -166,14 +166,14 @@ func (m *MockRolesDB) DeleteMany(ctx context.Context, query builder.Query) error
 	return args.Error(0)
 }

-func (m *MockRolesDB) ListPermissionBound(ctx context.Context, accountRef, organizationRef primitive.ObjectID) ([]nstructures.RoleAssignment, error) {
+func (m *MockRolesDB) ListPermissionBound(ctx context.Context, accountRef, organizationRef bson.ObjectID) ([]nstructures.RoleAssignment, error) {
 	args := m.Called(ctx, accountRef, organizationRef)
 	return args.Get(0).([]nstructures.RoleAssignment), args.Error(1)
 }

-func (m *MockRolesDB) ListIDs(ctx context.Context, query interface{}) ([]primitive.ObjectID, error) {
+func (m *MockRolesDB) ListIDs(ctx context.Context, query interface{}) ([]bson.ObjectID, error) {
 	args := m.Called(ctx, query)
-	return args.Get(0).([]primitive.ObjectID), args.Error(1)
+	return args.Get(0).([]bson.ObjectID), args.Error(1)
 }

 func (m *MockRolesDB) FindOne(ctx context.Context, query builder.Query, assignment *nstructures.RoleAssignment) error {
@@ -190,7 +190,7 @@ func (m *MockRolesDB) Name() string {
 	return "mock_roles"
 }

-func (m *MockRolesDB) DeleteCascade(ctx context.Context, id primitive.ObjectID) error {
+func (m *MockRolesDB) DeleteCascade(ctx context.Context, id bson.ObjectID) error {
 	args := m.Called(ctx, id)
 	return args.Error(0)
 }
@@ -201,11 +201,11 @@ func (m *MockRolesDB) InsertMany(ctx context.Context, objects []*nstructures.Rol
 }

 // Test helper functions
-func createTestObjectID() primitive.ObjectID {
-	return primitive.NewObjectID()
+func createTestObjectID() bson.ObjectID {
+	return bson.NewObjectID()
 }

-func createTestRoleAssignment(roleRef, accountRef, organizationRef primitive.ObjectID) nstructures.RoleAssignment {
+func createTestRoleAssignment(roleRef, accountRef, organizationRef bson.ObjectID) nstructures.RoleAssignment {
 	return nstructures.RoleAssignment{
 		Role: model.Role{
 			AccountRef:      accountRef,
@@ -215,7 +215,7 @@ func createTestRoleAssignment(roleRef, accountRef, organizationRef primitive.Obj
 	}
 }

-func createTestPolicyAssignment(roleRef primitive.ObjectID, action model.Action, effect model.Effect, organizationRef, descriptionRef primitive.ObjectID, objectRef *primitive.ObjectID) nstructures.PolicyAssignment {
+func createTestPolicyAssignment(roleRef bson.ObjectID, action model.Action, effect model.Effect, organizationRef, descriptionRef bson.ObjectID, objectRef *bson.ObjectID) nstructures.PolicyAssignment {
 	return nstructures.PolicyAssignment{
 		Policy: model.Policy{
 			OrganizationRef: organizationRef,
@@ -464,20 +464,20 @@ func TestEnforcer_Enforce(t *testing.T) {

 // Mock implementation for PermissionBoundStorable
 type MockPermissionBoundStorable struct {
-	id              primitive.ObjectID
-	permissionRef   primitive.ObjectID
-	organizationRef primitive.ObjectID
+	id              bson.ObjectID
+	permissionRef   bson.ObjectID
+	organizationRef bson.ObjectID
 }

-func (m *MockPermissionBoundStorable) GetID() *primitive.ObjectID {
+func (m *MockPermissionBoundStorable) GetID() *bson.ObjectID {
 	return &m.id
 }

-func (m *MockPermissionBoundStorable) GetPermissionRef() primitive.ObjectID {
+func (m *MockPermissionBoundStorable) GetPermissionRef() bson.ObjectID {
 	return m.permissionRef
 }

-func (m *MockPermissionBoundStorable) GetOrganizationRef() primitive.ObjectID {
+func (m *MockPermissionBoundStorable) GetOrganizationRef() bson.ObjectID {
 	return m.organizationRef
 }

@@ -485,7 +485,7 @@ func (m *MockPermissionBoundStorable) Collection() string {
 	return "test_objects"
 }

-func (m *MockPermissionBoundStorable) SetID(objID primitive.ObjectID) {
+func (m *MockPermissionBoundStorable) SetID(objID bson.ObjectID) {
 	m.id = objID
 }

@@ -493,11 +493,11 @@ func (m *MockPermissionBoundStorable) Update() {
 	// Do nothing for mock
 }

-func (m *MockPermissionBoundStorable) SetPermissionRef(permissionRef primitive.ObjectID) {
+func (m *MockPermissionBoundStorable) SetPermissionRef(permissionRef bson.ObjectID) {
 	m.permissionRef = permissionRef
 }

-func (m *MockPermissionBoundStorable) SetOrganizationRef(organizationRef primitive.ObjectID) {
+func (m *MockPermissionBoundStorable) SetOrganizationRef(organizationRef bson.ObjectID) {
 	m.organizationRef = organizationRef
 }

@@ -540,7 +540,7 @@ func TestEnforcer_EnforceBatch(t *testing.T) {

 		// Mock policy assignment with ALLOW effect
 		policyAssignment := createTestPolicyAssignment(roleRef, model.ActionRead, model.EffectAllow, organizationRef, permissionRef, nil)
-		mockPDB.On("PoliciesForRoles", ctx, []primitive.ObjectID{roleRef}, model.ActionRead).Return([]nstructures.PolicyAssignment{policyAssignment}, nil)
+		mockPDB.On("PoliciesForRoles", ctx, []bson.ObjectID{roleRef}, model.ActionRead).Return([]nstructures.PolicyAssignment{policyAssignment}, nil)

 		enforcer := createTestEnforcer(mockPDB, mockRDB)

--- a/api/pkg/auth/internal/native/nstructures/policies.go
+++ b/api/pkg/auth/internal/native/nstructures/policies.go
@@ -3,13 +3,13 @@ package nstructures
 import (
 	"github.com/tech/sendico/pkg/db/storable"
 	"github.com/tech/sendico/pkg/model"
-	"go.mongodb.org/mongo-driver/bson/primitive"
+	"go.mongodb.org/mongo-driver/v2/bson"
 )

 type PolicyAssignment struct {
 	storable.Base `bson:",inline" json:",inline"`
 	model.Policy  `bson:"policy" json:"policy"`
-	RoleRef       primitive.ObjectID `bson:"roleRef" json:"roleRef"`
+	RoleRef       bson.ObjectID `bson:"roleRef" json:"roleRef"`
 }

 func (*PolicyAssignment) Collection() string {
--- a/api/pkg/auth/internal/native/permission.go
+++ b/api/pkg/auth/internal/native/permission.go
@@ -9,7 +9,7 @@ import (
 	"github.com/tech/sendico/pkg/mlogger"
 	"github.com/tech/sendico/pkg/model"
 	"github.com/tech/sendico/pkg/mutil/mzap"
-	"go.mongodb.org/mongo-driver/bson/primitive"
+	"go.mongodb.org/mongo-driver/v2/bson"
 	"go.uber.org/zap"
 )

@@ -22,7 +22,7 @@ type PermissionManager struct {
 // GrantToRole adds a permission to a role in Casbin.
 func (m *PermissionManager) GrantToRole(ctx context.Context, policy *model.RolePolicy) error {
 	objRef := "any"
-	if (policy.ObjectRef != nil) && (*policy.ObjectRef != primitive.NilObjectID) {
+	if (policy.ObjectRef != nil) && (*policy.ObjectRef != bson.NilObjectID) {
 		objRef = policy.ObjectRef.Hex()
 	}

@@ -67,7 +67,7 @@ func (m *PermissionManager) RevokeFromRole(ctx context.Context, policy *model.Ro
 // GetPolicies retrieves all policies for a specific role.
 func (m *PermissionManager) GetPolicies(
 	ctx context.Context,
-	roleRef primitive.ObjectID,
+	roleRef bson.ObjectID,
 ) ([]model.RolePolicy, error) {
 	m.logger.Debug("Fetching policies for role", mzap.ObjRef("role_ref", roleRef))

--- a/api/pkg/auth/internal/native/role.go
+++ b/api/pkg/auth/internal/native/role.go
@@ -10,7 +10,7 @@ import (
 	"github.com/tech/sendico/pkg/mlogger"
 	"github.com/tech/sendico/pkg/model"
 	"github.com/tech/sendico/pkg/mutil/mzap"
-	"go.mongodb.org/mongo-driver/bson/primitive"
+	"go.mongodb.org/mongo-driver/v2/bson"
 	"go.uber.org/zap"
 )

@@ -19,11 +19,11 @@ type RoleManager struct {
 	logger            mlogger.Logger
 	enforcer          *Enforcer
 	rdb               role.DB
-	rolePermissionRef primitive.ObjectID
+	rolePermissionRef bson.ObjectID
 }

 // NewRoleManager creates a new RoleManager.
-func NewRoleManager(logger mlogger.Logger, enforcer *Enforcer, rolePermissionRef primitive.ObjectID, rdb role.DB) *RoleManager {
+func NewRoleManager(logger mlogger.Logger, enforcer *Enforcer, rolePermissionRef bson.ObjectID, rdb role.DB) *RoleManager {
 	return &RoleManager{
 		logger:            logger.Named("role"),
 		enforcer:          enforcer,
@@ -33,7 +33,7 @@ func NewRoleManager(logger mlogger.Logger, enforcer *Enforcer, rolePermissionRef
 }

 // validateObjectIDs ensures that all provided ObjectIDs are non-zero.
-func (rm *RoleManager) validateObjectIDs(ids ...primitive.ObjectID) error {
+func (rm *RoleManager) validateObjectIDs(ids ...bson.ObjectID) error {
 	for _, id := range ids {
 		if id.IsZero() {
 			return merrors.InvalidArgument("Object references cannot be zero", "objectRef")
@@ -43,7 +43,7 @@ func (rm *RoleManager) validateObjectIDs(ids ...primitive.ObjectID) error {
 }

 // fetchRolesFromPolicies retrieves and converts policies to roles.
-func (rm *RoleManager) fetchRolesFromPolicies(roles []nstructures.RoleAssignment, organizationRef primitive.ObjectID) []model.RoleDescription {
+func (rm *RoleManager) fetchRolesFromPolicies(roles []nstructures.RoleAssignment, organizationRef bson.ObjectID) []model.RoleDescription {
 	result := make([]model.RoleDescription, len(roles))
 	for i, role := range roles {
 		result[i] = model.RoleDescription{
@@ -55,7 +55,7 @@ func (rm *RoleManager) fetchRolesFromPolicies(roles []nstructures.RoleAssignment
 }

 // Create creates a new role in an organization.
-func (rm *RoleManager) Create(ctx context.Context, organizationRef primitive.ObjectID, description *model.Describable) (*model.RoleDescription, error) {
+func (rm *RoleManager) Create(ctx context.Context, organizationRef bson.ObjectID, description *model.Describable) (*model.RoleDescription, error) {
 	if err := rm.validateObjectIDs(organizationRef); err != nil {
 		return nil, err
 	}
@@ -84,7 +84,7 @@ func (rm *RoleManager) Assign(ctx context.Context, role *model.Role) error {
 }

 // Delete removes a role entirely and cleans up associated Casbin policies.
-func (rm *RoleManager) Delete(ctx context.Context, roleRef primitive.ObjectID) error {
+func (rm *RoleManager) Delete(ctx context.Context, roleRef bson.ObjectID) error {
 	if err := rm.validateObjectIDs(roleRef); err != nil {
 		rm.logger.Warn("Failed to delete role", mzap.ObjRef("role_ref", roleRef))
 		return err
@@ -105,7 +105,7 @@ func (rm *RoleManager) Delete(ctx context.Context, roleRef primitive.ObjectID) e
 }

 // Revoke removes a role from a user.
-func (rm *RoleManager) Revoke(ctx context.Context, roleRef, accountRef, organizationRef primitive.ObjectID) error {
+func (rm *RoleManager) Revoke(ctx context.Context, roleRef, accountRef, organizationRef bson.ObjectID) error {
 	if err := rm.validateObjectIDs(roleRef, accountRef, organizationRef); err != nil {
 		return err
 	}
@@ -115,7 +115,7 @@ func (rm *RoleManager) Revoke(ctx context.Context, roleRef, accountRef, organiza
 }

 // logPolicyResult logs results for Assign and Revoke.
-func (rm *RoleManager) logPolicyResult(action string, result bool, err error, roleRef, accountRef, organizationRef primitive.ObjectID) error {
+func (rm *RoleManager) logPolicyResult(action string, result bool, err error, roleRef, accountRef, organizationRef bson.ObjectID) error {
 	if err != nil {
 		rm.logger.Warn("Failed to "+action+" role", zap.Error(err), mzap.ObjRef("role_ref", roleRef), mzap.ObjRef("account_ref", accountRef), mzap.ObjRef("organization_ref", organizationRef))
 		return err
@@ -129,7 +129,7 @@ func (rm *RoleManager) logPolicyResult(action string, result bool, err error, ro
 }

 // List retrieves all roles in an organization or all roles if organizationRef is zero.
-func (rm *RoleManager) List(ctx context.Context, organizationRef primitive.ObjectID) ([]model.RoleDescription, error) {
+func (rm *RoleManager) List(ctx context.Context, organizationRef bson.ObjectID) ([]model.RoleDescription, error) {
 	roles4Venues, err := rm.enforcer.rdb.RolesForVenue(ctx, organizationRef)
 	if err != nil {
 		rm.logger.Warn("Failed to fetch grouping policies", zap.Error(err), mzap.ObjRef("organization_ref", organizationRef))
--- a/api/pkg/auth/management/permission.go
+++ b/api/pkg/auth/management/permission.go
@@ -4,22 +4,22 @@ import (
 	"context"

 	"github.com/tech/sendico/pkg/model"
-	"go.mongodb.org/mongo-driver/bson/primitive"
+	"go.mongodb.org/mongo-driver/v2/bson"
 )

 type Permission interface {
 	// Grant a permission to a role with an optional object scope and specified effect.
-	// Use primitive.NilObjectID for 'any' objectRef.
+	// Use bson.NilObjectID for 'any' objectRef.
 	GrantToRole(ctx context.Context, policy *model.RolePolicy) error

 	// Revoke a permission from a role with an optional object scope and specified effect.
-	// Use primitive.NilObjectID for 'any' objectRef.
+	// Use bson.NilObjectID for 'any' objectRef.
 	RevokeFromRole(ctx context.Context, policy *model.RolePolicy) error

 	// Retrieve all policies assigned to a specific role, including scope and effects.
 	GetPolicies(
 		ctx context.Context,
-		roleRef primitive.ObjectID,
+		roleRef bson.ObjectID,
 	) ([]model.RolePolicy, error)

 	// Persist any changes made to permissions.
--- a/api/pkg/auth/management/role.go
+++ b/api/pkg/auth/management/role.go
@@ -4,21 +4,21 @@ import (
 	"context"

 	"github.com/tech/sendico/pkg/model"
-	"go.mongodb.org/mongo-driver/bson/primitive"
+	"go.mongodb.org/mongo-driver/v2/bson"
 )

 type Role interface {
 	// Create a new role in an organization (returns the created Role with its ID).
 	Create(
 		ctx context.Context,
-		orgRef primitive.ObjectID,
+		orgRef bson.ObjectID,
 		description *model.Describable,
 	) (*model.RoleDescription, error)

 	// Delete a role entirely. This will cascade and remove all associated
 	Delete(
 		ctx context.Context,
-		roleRef primitive.ObjectID,
+		roleRef bson.ObjectID,
 	) error

 	// Assign a role to a user in a specific organization.
@@ -30,12 +30,12 @@ type Role interface {
 	// Revoke a role from a user in a specific organization.
 	Revoke(
 		ctx context.Context,
-		roleRef, accountRef, orgRef primitive.ObjectID,
+		roleRef, accountRef, orgRef bson.ObjectID,
 	) error

-	// List all roles in an organization or globally if orgRef is primitive.NilObjectID.
+	// List all roles in an organization or globally if orgRef is bson.NilObjectID.
 	List(
 		ctx context.Context,
-		orgRef primitive.ObjectID,
+		orgRef bson.ObjectID,
 	) ([]model.RoleDescription, error)
 }
--- a/api/pkg/db/account/account.go
+++ b/api/pkg/db/account/account.go
@@ -5,7 +5,7 @@ import (

 	"github.com/tech/sendico/pkg/db/template"
 	"github.com/tech/sendico/pkg/model"
-	"go.mongodb.org/mongo-driver/bson/primitive"
+	"go.mongodb.org/mongo-driver/v2/bson"
 )

 // DB is the interface which must be implemented by all db drivers
@@ -13,5 +13,5 @@ type DB interface {
 	template.DB[*model.Account]
 	GetByEmail(ctx context.Context, email string) (*model.Account, error)
 	GetByToken(ctx context.Context, email string) (*model.Account, error)
-	GetAccountsByRefs(ctx context.Context, orgRef primitive.ObjectID, refs []primitive.ObjectID) ([]model.Account, error)
+	GetAccountsByRefs(ctx context.Context, orgRef bson.ObjectID, refs []bson.ObjectID) ([]model.Account, error)
 }
--- a/api/pkg/db/confirmation/confirmation.go
+++ b/api/pkg/db/confirmation/confirmation.go
@@ -5,12 +5,12 @@ import (

 	"github.com/tech/sendico/pkg/db/template"
 	"github.com/tech/sendico/pkg/model"
-	"go.mongodb.org/mongo-driver/bson/primitive"
+	"go.mongodb.org/mongo-driver/v2/bson"
 )

 type DB interface {
 	template.DB[*model.ConfirmationCode]

-	FindActive(ctx context.Context, accountRef primitive.ObjectID, destination string, target model.ConfirmationTarget, now int64) (*model.ConfirmationCode, error)
-	DeleteTuple(ctx context.Context, accountRef primitive.ObjectID, destination string, target model.ConfirmationTarget) error
+	FindActive(ctx context.Context, accountRef bson.ObjectID, destination string, target model.ConfirmationTarget, now int64) (*model.ConfirmationCode, error)
+	DeleteTuple(ctx context.Context, accountRef bson.ObjectID, destination string, target model.ConfirmationTarget) error
 }
--- a/api/pkg/db/connection.go
+++ b/api/pkg/db/connection.go
@@ -6,8 +6,8 @@ import (
 	mongoimpl "github.com/tech/sendico/pkg/db/internal/mongo"
 	"github.com/tech/sendico/pkg/merrors"
 	"github.com/tech/sendico/pkg/mlogger"
-	mongoDriver "go.mongodb.org/mongo-driver/mongo"
-	"go.mongodb.org/mongo-driver/mongo/readpref"
+	"go.mongodb.org/mongo-driver/v2/mongo"
+	"go.mongodb.org/mongo-driver/v2/mongo/readpref"
 )

 // Connection represents a low-level database connection lifecycle.
@@ -18,15 +18,15 @@ type Connection interface {

 // MongoConnection provides direct access to the underlying mongo client.
 type MongoConnection struct {
-	client   *mongoDriver.Client
+	client   *mongo.Client
 	database string
 }

-func (c *MongoConnection) Client() *mongoDriver.Client {
+func (c *MongoConnection) Client() *mongo.Client {
 	return c.client
 }

-func (c *MongoConnection) Database() *mongoDriver.Database {
+func (c *MongoConnection) Database() *mongo.Database {
 	return c.client.Database(c.database)
 }

--- a/api/pkg/db/indexable/indexable.go
+++ b/api/pkg/db/indexable/indexable.go
@@ -4,9 +4,9 @@ import (
 	"context"

 	"github.com/tech/sendico/pkg/db/repository/builder"
-	"go.mongodb.org/mongo-driver/bson/primitive"
+	"go.mongodb.org/mongo-driver/v2/bson"
 )

 type DB interface {
-	Reorder(ctx context.Context, objectRef primitive.ObjectID, newIndex int, filter builder.Query) error
+	Reorder(ctx context.Context, objectRef bson.ObjectID, newIndex int, filter builder.Query) error
 }
--- a/api/pkg/db/internal/mongo/accountdb/db.go
+++ b/api/pkg/db/internal/mongo/accountdb/db.go
@@ -6,7 +6,7 @@ import (
 	"github.com/tech/sendico/pkg/mlogger"
 	"github.com/tech/sendico/pkg/model"
 	"github.com/tech/sendico/pkg/mservice"
-	"go.mongodb.org/mongo-driver/mongo"
+	"go.mongodb.org/mongo-driver/v2/mongo"
 	"go.uber.org/zap"
 )

--- a/api/pkg/db/internal/mongo/accountdb/user.go
+++ b/api/pkg/db/internal/mongo/accountdb/user.go
@@ -7,10 +7,10 @@ import (
 	"github.com/tech/sendico/pkg/db/repository/builder"
 	"github.com/tech/sendico/pkg/model"
 	mutil "github.com/tech/sendico/pkg/mutil/db"
-	"go.mongodb.org/mongo-driver/bson/primitive"
+	"go.mongodb.org/mongo-driver/v2/bson"
 )

-func (db *AccountDB) GetAccountsByRefs(ctx context.Context, orgRef primitive.ObjectID, refs []primitive.ObjectID) ([]model.Account, error) {
+func (db *AccountDB) GetAccountsByRefs(ctx context.Context, orgRef bson.ObjectID, refs []bson.ObjectID) ([]model.Account, error) {
 	filter := repository.Query().Comparison(repository.IDField(), builder.In, refs)
 	return mutil.GetObjects[model.Account](ctx, db.Logger, filter, nil, db.Repository)
 }
--- a/api/pkg/db/internal/mongo/archivable/archivable.go
+++ b/api/pkg/db/internal/mongo/archivable/archivable.go
@@ -8,7 +8,7 @@ import (
 	"github.com/tech/sendico/pkg/mlogger"
 	"github.com/tech/sendico/pkg/model"
 	"github.com/tech/sendico/pkg/mutil/mzap"
-	"go.mongodb.org/mongo-driver/bson/primitive"
+	"go.mongodb.org/mongo-driver/v2/bson"
 	"go.uber.org/zap"
 )

@@ -36,7 +36,7 @@ func NewArchivableDB[T storable.Storable](
 }

 // SetArchived sets the archived status of an entity
-func (db *ArchivableDB[T]) SetArchived(ctx context.Context, objectRef primitive.ObjectID, archived bool) error {
+func (db *ArchivableDB[T]) SetArchived(ctx context.Context, objectRef bson.ObjectID, archived bool) error {
 	// Get current object to check current archived status
 	obj := db.createEmpty()
 	if err := db.repo.Get(ctx, objectRef, obj); err != nil {
@@ -74,7 +74,7 @@ func (db *ArchivableDB[T]) SetArchived(ctx context.Context, objectRef primitive.
 }

 // IsArchived checks if an entity is archived
-func (db *ArchivableDB[T]) IsArchived(ctx context.Context, objectRef primitive.ObjectID) (bool, error) {
+func (db *ArchivableDB[T]) IsArchived(ctx context.Context, objectRef bson.ObjectID) (bool, error) {
 	obj := db.createEmpty()

 	if err := db.repo.Get(ctx, objectRef, obj); err != nil {
@@ -89,11 +89,11 @@ func (db *ArchivableDB[T]) IsArchived(ctx context.Context, objectRef primitive.O
 }

 // Archive archives an entity (sets archived to true)
-func (db *ArchivableDB[T]) Archive(ctx context.Context, objectRef primitive.ObjectID) error {
+func (db *ArchivableDB[T]) Archive(ctx context.Context, objectRef bson.ObjectID) error {
 	return db.SetArchived(ctx, objectRef, true)
 }

 // Unarchive unarchives an entity (sets archived to false)
-func (db *ArchivableDB[T]) Unarchive(ctx context.Context, objectRef primitive.ObjectID) error {
+func (db *ArchivableDB[T]) Unarchive(ctx context.Context, objectRef bson.ObjectID) error {
 	return db.SetArchived(ctx, objectRef, false)
 }
--- a/api/pkg/db/internal/mongo/archivable/archivable_test.go
+++ b/api/pkg/db/internal/mongo/archivable/archivable_test.go
@@ -8,16 +8,16 @@ import (
 	"testing"
 	"time"

+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 	"github.com/tech/sendico/pkg/db/internal/mongo/repositoryimp"
 	"github.com/tech/sendico/pkg/db/storable"
 	"github.com/tech/sendico/pkg/model"
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
 	"github.com/testcontainers/testcontainers-go"
 	"github.com/testcontainers/testcontainers-go/modules/mongodb"
 	"github.com/testcontainers/testcontainers-go/wait"
-	"go.mongodb.org/mongo-driver/mongo"
-	"go.mongodb.org/mongo-driver/mongo/options"
+	"go.mongodb.org/mongo-driver/v2/mongo"
+	"go.mongodb.org/mongo-driver/v2/mongo/options"
 	"go.uber.org/zap"
 )

--- a/api/pkg/db/internal/mongo/chainassetsdb/db.go
+++ b/api/pkg/db/internal/mongo/chainassetsdb/db.go
@@ -6,7 +6,7 @@ import (
 	"github.com/tech/sendico/pkg/mlogger"
 	"github.com/tech/sendico/pkg/model"
 	"github.com/tech/sendico/pkg/mservice"
-	"go.mongodb.org/mongo-driver/mongo"
+	"go.mongodb.org/mongo-driver/v2/mongo"
 	"go.uber.org/zap"
 )

--- a/api/pkg/db/internal/mongo/confirmationdb/db.go
+++ b/api/pkg/db/internal/mongo/confirmationdb/db.go
@@ -7,7 +7,7 @@ import (
 	"github.com/tech/sendico/pkg/mlogger"
 	"github.com/tech/sendico/pkg/model"
 	"github.com/tech/sendico/pkg/mservice"
-	"go.mongodb.org/mongo-driver/mongo"
+	"go.mongodb.org/mongo-driver/v2/mongo"
 	"go.uber.org/zap"
 )

--- a/api/pkg/db/internal/mongo/confirmationdb/delete.go
+++ b/api/pkg/db/internal/mongo/confirmationdb/delete.go
@@ -5,10 +5,10 @@ import (

 	"github.com/tech/sendico/pkg/db/repository"
 	"github.com/tech/sendico/pkg/model"
-	"go.mongodb.org/mongo-driver/bson/primitive"
+	"go.mongodb.org/mongo-driver/v2/bson"
 )

-func (db *ConfirmationDB) DeleteTuple(ctx context.Context, accountRef primitive.ObjectID, destination string, target model.ConfirmationTarget) error {
+func (db *ConfirmationDB) DeleteTuple(ctx context.Context, accountRef bson.ObjectID, destination string, target model.ConfirmationTarget) error {
 	query := repository.Query().
 		Filter(repository.Field(fieldAccountRef), accountRef).
 		Filter(repository.Field(fieldDestination), destination).
--- a/api/pkg/db/internal/mongo/confirmationdb/find.go
+++ b/api/pkg/db/internal/mongo/confirmationdb/find.go
@@ -7,10 +7,10 @@ import (
 	"github.com/tech/sendico/pkg/db/repository"
 	"github.com/tech/sendico/pkg/db/repository/builder"
 	"github.com/tech/sendico/pkg/model"
-	"go.mongodb.org/mongo-driver/bson/primitive"
+	"go.mongodb.org/mongo-driver/v2/bson"
 )

-func (db *ConfirmationDB) FindActive(ctx context.Context, accountRef primitive.ObjectID, destination string, target model.ConfirmationTarget, now int64) (*model.ConfirmationCode, error) {
+func (db *ConfirmationDB) FindActive(ctx context.Context, accountRef bson.ObjectID, destination string, target model.ConfirmationTarget, now int64) (*model.ConfirmationCode, error) {
 	var res model.ConfirmationCode
 	query := repository.Query().
 		Filter(repository.Field(fieldAccountRef), accountRef).
--- a/api/pkg/db/internal/mongo/db.go
+++ b/api/pkg/db/internal/mongo/db.go
@@ -36,8 +36,8 @@ import (
 	"github.com/tech/sendico/pkg/model"
 	"github.com/tech/sendico/pkg/mservice"
 	mutil "github.com/tech/sendico/pkg/mutil/config"
-	"go.mongodb.org/mongo-driver/mongo"
-	"go.mongodb.org/mongo-driver/mongo/readpref"
+	"go.mongodb.org/mongo-driver/v2/mongo"
+	"go.mongodb.org/mongo-driver/v2/mongo/readpref"
 	"go.uber.org/zap"
 )

@@ -133,7 +133,7 @@ func decodeConfig(logger mlogger.Logger, settings model.SettingsT) (*Config, *DB
 func dialMongo(logger mlogger.Logger, dbSettings *DBSettings) (*mongo.Client, error) {
 	opts := buildOptions(dbSettings)

-	client, err := mongo.Connect(context.Background(), opts)
+	client, err := mongo.Connect(opts)
 	if err != nil {
 		logger.Error("Unable to connect to database", zap.Error(err))
 		return nil, err
--- a/api/pkg/db/internal/mongo/indexable/USAGE.md
+++ b/api/pkg/db/internal/mongo/indexable/USAGE.md
@@ -160,7 +160,7 @@ type IndexableDB[T storable.Storable] struct {
 }

 // Single filter parameter - clean and simple
-func (db *IndexableDB[T]) Reorder(ctx context.Context, objectRef primitive.ObjectID, newIndex int, filter builder.Query) error
+func (db *IndexableDB[T]) Reorder(ctx context.Context, objectRef bson.ObjectID, newIndex int, filter builder.Query) error
 ```

 ## Benefits
--- a/api/pkg/db/internal/mongo/indexable/indexable.go
+++ b/api/pkg/db/internal/mongo/indexable/indexable.go
@@ -8,7 +8,7 @@ import (
 	"github.com/tech/sendico/pkg/db/storable"
 	"github.com/tech/sendico/pkg/mlogger"
 	"github.com/tech/sendico/pkg/model"
-	"go.mongodb.org/mongo-driver/bson/primitive"
+	"go.mongodb.org/mongo-driver/v2/bson"
 	"go.uber.org/zap"
 )

@@ -36,7 +36,7 @@ func NewIndexableDB[T storable.Storable](
 }

 // Reorder implements the db.IndexableDB interface with single filter parameter
-func (db *IndexableDB[T]) Reorder(ctx context.Context, objectRef primitive.ObjectID, newIndex int, filter builder.Query) error {
+func (db *IndexableDB[T]) Reorder(ctx context.Context, objectRef bson.ObjectID, newIndex int, filter builder.Query) error {
 	// Get current object to find its index
 	obj := db.createEmpty()
 	err := db.repo.Get(ctx, objectRef, obj)
--- a/api/pkg/db/internal/mongo/invitationdb/accept.go
+++ b/api/pkg/db/internal/mongo/invitationdb/accept.go
@@ -4,9 +4,9 @@ import (
 	"context"

 	"github.com/tech/sendico/pkg/model"
-	"go.mongodb.org/mongo-driver/bson/primitive"
+	"go.mongodb.org/mongo-driver/v2/bson"
 )

-func (db *InvitationDB) Accept(ctx context.Context, invitationRef primitive.ObjectID) error {
+func (db *InvitationDB) Accept(ctx context.Context, invitationRef bson.ObjectID) error {
 	return db.updateStatus(ctx, invitationRef, model.InvitationAccepted)
 }
--- a/api/pkg/db/internal/mongo/invitationdb/archived.go
+++ b/api/pkg/db/internal/mongo/invitationdb/archived.go
@@ -6,13 +6,13 @@ import (
 	"github.com/tech/sendico/pkg/merrors"
 	"github.com/tech/sendico/pkg/model"
 	"github.com/tech/sendico/pkg/mutil/mzap"
-	"go.mongodb.org/mongo-driver/bson/primitive"
+	"go.mongodb.org/mongo-driver/v2/bson"
 	"go.uber.org/zap"
 )

 // SetArchived sets the archived status of an invitation
 // Invitation supports archiving through PermissionBound embedding ArchivableBase
-func (db *InvitationDB) SetArchived(ctx context.Context, accountRef, organizationRef, invitationRef primitive.ObjectID, archived, cascade bool) error {
+func (db *InvitationDB) SetArchived(ctx context.Context, accountRef, organizationRef, invitationRef bson.ObjectID, archived, cascade bool) error {
 	db.DBImp.Logger.Debug("Setting invitation archived status", mzap.ObjRef("invitation_ref", invitationRef), zap.Bool("archived", archived), zap.Bool("cascade", cascade))
 	res, err := db.Enforcer.Enforce(ctx, db.PermissionRef, accountRef, organizationRef, invitationRef, model.ActionUpdate)
 	if err != nil {
--- a/api/pkg/db/internal/mongo/invitationdb/cascade.go
+++ b/api/pkg/db/internal/mongo/invitationdb/cascade.go
@@ -4,13 +4,13 @@ import (
 	"context"

 	"github.com/tech/sendico/pkg/mutil/mzap"
-	"go.mongodb.org/mongo-driver/bson/primitive"
+	"go.mongodb.org/mongo-driver/v2/bson"
 	"go.uber.org/zap"
 )

 // DeleteCascade deletes an invitation
 // Invitations don't have cascade dependencies, so this is a simple deletion
-func (db *InvitationDB) DeleteCascade(ctx context.Context, accountRef, invitationRef primitive.ObjectID) error {
+func (db *InvitationDB) DeleteCascade(ctx context.Context, accountRef, invitationRef bson.ObjectID) error {
 	db.DBImp.Logger.Debug("Starting invitation cascade deletion", mzap.ObjRef("invitation_ref", invitationRef))

 	// Delete the invitation itself (no dependencies to cascade delete)
--- a/api/pkg/db/internal/mongo/invitationdb/db.go
+++ b/api/pkg/db/internal/mongo/invitationdb/db.go
@@ -10,7 +10,7 @@ import (
 	"github.com/tech/sendico/pkg/mlogger"
 	"github.com/tech/sendico/pkg/model"
 	"github.com/tech/sendico/pkg/mservice"
-	"go.mongodb.org/mongo-driver/mongo"
+	"go.mongodb.org/mongo-driver/v2/mongo"
 	"go.uber.org/zap"
 )

--- a/api/pkg/db/internal/mongo/invitationdb/decline.go
+++ b/api/pkg/db/internal/mongo/invitationdb/decline.go
@@ -4,9 +4,9 @@ import (
 	"context"

 	"github.com/tech/sendico/pkg/model"
-	"go.mongodb.org/mongo-driver/bson/primitive"
+	"go.mongodb.org/mongo-driver/v2/bson"
 )

-func (db *InvitationDB) Decline(ctx context.Context, invitationRef primitive.ObjectID) error {
+func (db *InvitationDB) Decline(ctx context.Context, invitationRef bson.ObjectID) error {
 	return db.updateStatus(ctx, invitationRef, model.InvitationDeclined)
 }
--- a/api/pkg/db/internal/mongo/invitationdb/getpublic.go
+++ b/api/pkg/db/internal/mongo/invitationdb/getpublic.go
@@ -9,12 +9,12 @@ import (
 	"github.com/tech/sendico/pkg/model"
 	"github.com/tech/sendico/pkg/mservice"
 	"github.com/tech/sendico/pkg/mutil/mzap"
-	"go.mongodb.org/mongo-driver/bson/primitive"
-	"go.mongodb.org/mongo-driver/mongo"
+	"go.mongodb.org/mongo-driver/v2/bson"
+	"go.mongodb.org/mongo-driver/v2/mongo"
 	"go.uber.org/zap"
 )

-func (db *InvitationDB) GetPublic(ctx context.Context, invitationRef primitive.ObjectID) (*model.PublicInvitation, error) {
+func (db *InvitationDB) GetPublic(ctx context.Context, invitationRef bson.ObjectID) (*model.PublicInvitation, error) {
 	roleField := repository.Field("role")
 	orgField := repository.Field("organization")
 	accField := repository.Field("account")
--- a/api/pkg/db/internal/mongo/invitationdb/list.go
+++ b/api/pkg/db/internal/mongo/invitationdb/list.go
@@ -8,10 +8,10 @@ import (
 	"github.com/tech/sendico/pkg/merrors"
 	"github.com/tech/sendico/pkg/model"
 	mauth "github.com/tech/sendico/pkg/mutil/db/auth"
-	"go.mongodb.org/mongo-driver/bson/primitive"
+	"go.mongodb.org/mongo-driver/v2/bson"
 )

-func (db *InvitationDB) List(ctx context.Context, accountRef, organizationRef, _ primitive.ObjectID, cursor *model.ViewCursor) ([]model.Invitation, error) {
+func (db *InvitationDB) List(ctx context.Context, accountRef, organizationRef, _ bson.ObjectID, cursor *model.ViewCursor) ([]model.Invitation, error) {
 	res, err := mauth.GetProtectedObjects[model.Invitation](
 		ctx,
 		db.DBImp.Logger,
--- a/api/pkg/db/internal/mongo/invitationdb/updatestatus.go
+++ b/api/pkg/db/internal/mongo/invitationdb/updatestatus.go
@@ -6,11 +6,11 @@ import (
 	"github.com/tech/sendico/pkg/db/repository"
 	"github.com/tech/sendico/pkg/model"
 	"github.com/tech/sendico/pkg/mutil/mzap"
-	"go.mongodb.org/mongo-driver/bson/primitive"
+	"go.mongodb.org/mongo-driver/v2/bson"
 	"go.uber.org/zap"
 )

-func (db *InvitationDB) updateStatus(ctx context.Context, invitationRef primitive.ObjectID, newStatus model.InvitationStatus) error {
+func (db *InvitationDB) updateStatus(ctx context.Context, invitationRef bson.ObjectID, newStatus model.InvitationStatus) error {
 	// db.DBImp.Up
 	var inv model.Invitation
 	if err := db.DBImp.FindOne(ctx, repository.IDFilter(invitationRef), &inv); err != nil {
--- a/api/pkg/db/internal/mongo/mongo.go
+++ b/api/pkg/db/internal/mongo/mongo.go
@@ -4,7 +4,7 @@ import (
 	"net"
 	"strings"

-	"go.mongodb.org/mongo-driver/mongo/options"
+	"go.mongodb.org/mongo-driver/v2/mongo/options"
 )

 func buildOptions(s *DBSettings) *options.ClientOptions {
--- a/api/pkg/db/internal/mongo/organizationdb/archived.go
+++ b/api/pkg/db/internal/mongo/organizationdb/archived.go
@@ -5,12 +5,12 @@ import (

 	"github.com/tech/sendico/pkg/model"
 	"github.com/tech/sendico/pkg/mutil/mzap"
-	"go.mongodb.org/mongo-driver/bson/primitive"
+	"go.mongodb.org/mongo-driver/v2/bson"
 	"go.uber.org/zap"
 )

 // SetArchived sets the archived status of an organization and optionally cascades to projects, tasks, comments, and reactions
-func (db *OrganizationDB) SetArchived(ctx context.Context, accountRef, organizationRef primitive.ObjectID, archived, cascade bool) error {
+func (db *OrganizationDB) SetArchived(ctx context.Context, accountRef, organizationRef bson.ObjectID, archived, cascade bool) error {
 	db.DBImp.Logger.Debug("Setting organization archived status", mzap.ObjRef("organization_ref", organizationRef), zap.Bool("archived", archived), zap.Bool("cascade", cascade))

 	// Get the organization first
--- a/api/pkg/db/internal/mongo/organizationdb/cascade.go
+++ b/api/pkg/db/internal/mongo/organizationdb/cascade.go
@@ -4,12 +4,12 @@ import (
 	"context"

 	"github.com/tech/sendico/pkg/mutil/mzap"
-	"go.mongodb.org/mongo-driver/bson/primitive"
+	"go.mongodb.org/mongo-driver/v2/bson"
 	"go.uber.org/zap"
 )

 // DeleteCascade deletes an organization and all its related data (projects, tasks, comments, reactions, statuses)
-func (db *OrganizationDB) DeleteCascade(ctx context.Context, organizationRef primitive.ObjectID) error {
+func (db *OrganizationDB) DeleteCascade(ctx context.Context, organizationRef bson.ObjectID) error {
 	db.DBImp.Logger.Debug("Starting organization deletion with projects", mzap.ObjRef("organization_ref", organizationRef))

 	// Delete the organization itself
--- a/api/pkg/db/internal/mongo/organizationdb/create.go
+++ b/api/pkg/db/internal/mongo/organizationdb/create.go
@@ -5,14 +5,14 @@ import (

 	"github.com/tech/sendico/pkg/merrors"
 	"github.com/tech/sendico/pkg/model"
-	"go.mongodb.org/mongo-driver/bson/primitive"
+	"go.mongodb.org/mongo-driver/v2/bson"
 )

-func (db *OrganizationDB) Create(ctx context.Context, _, _ primitive.ObjectID, org *model.Organization) error {
+func (db *OrganizationDB) Create(ctx context.Context, _, _ bson.ObjectID, org *model.Organization) error {
 	if org == nil {
 		return merrors.InvalidArgument("Organization object is nil", "organization")
 	}
-	org.SetID(primitive.NewObjectID())
+	org.SetID(bson.NewObjectID())
 	// Organizaiton reference must be set to the same value as own organization reference
 	org.SetOrganizationRef(*org.GetID())
 	return db.DBImp.Create(ctx, org)
--- a/api/pkg/db/internal/mongo/organizationdb/db.go
+++ b/api/pkg/db/internal/mongo/organizationdb/db.go
@@ -8,7 +8,7 @@ import (
 	"github.com/tech/sendico/pkg/mlogger"
 	"github.com/tech/sendico/pkg/model"
 	"github.com/tech/sendico/pkg/mservice"
-	"go.mongodb.org/mongo-driver/mongo"
+	"go.mongodb.org/mongo-driver/v2/mongo"
 )

 type OrganizationDB struct {
--- a/api/pkg/db/internal/mongo/organizationdb/get.go
+++ b/api/pkg/db/internal/mongo/organizationdb/get.go
@@ -4,9 +4,9 @@ import (
 	"context"

 	"github.com/tech/sendico/pkg/model"
-	"go.mongodb.org/mongo-driver/bson/primitive"
+	"go.mongodb.org/mongo-driver/v2/bson"
 )

-func (db *OrganizationDB) GetByRef(ctx context.Context, organizationRef primitive.ObjectID, org *model.Organization) error {
+func (db *OrganizationDB) GetByRef(ctx context.Context, organizationRef bson.ObjectID, org *model.Organization) error {
 	return db.Unprotected().Get(ctx, organizationRef, org)
 }
--- a/api/pkg/db/internal/mongo/organizationdb/list.go
+++ b/api/pkg/db/internal/mongo/organizationdb/list.go
@@ -7,10 +7,10 @@ import (
 	"github.com/tech/sendico/pkg/db/repository/builder"
 	"github.com/tech/sendico/pkg/model"
 	mutil "github.com/tech/sendico/pkg/mutil/db"
-	"go.mongodb.org/mongo-driver/bson/primitive"
+	"go.mongodb.org/mongo-driver/v2/bson"
 )

-func (db *OrganizationDB) List(ctx context.Context, accountRef primitive.ObjectID, cursor *model.ViewCursor) ([]model.Organization, error) {
+func (db *OrganizationDB) List(ctx context.Context, accountRef bson.ObjectID, cursor *model.ViewCursor) ([]model.Organization, error) {
 	filter := repository.Query().Comparison(repository.Field("members"), builder.Eq, accountRef)
 	return mutil.GetObjects[model.Organization](ctx, db.DBImp.Logger, filter, cursor, db.DBImp.Repository)
 }
--- a/api/pkg/db/internal/mongo/organizationdb/owned.go
+++ b/api/pkg/db/internal/mongo/organizationdb/owned.go
@@ -6,9 +6,9 @@ import (
 	"github.com/tech/sendico/pkg/db/repository"
 	"github.com/tech/sendico/pkg/model"
 	mutil "github.com/tech/sendico/pkg/mutil/db"
-	"go.mongodb.org/mongo-driver/bson/primitive"
+	"go.mongodb.org/mongo-driver/v2/bson"
 )

-func (db *OrganizationDB) ListOwned(ctx context.Context, accountRef primitive.ObjectID) ([]model.Organization, error) {
+func (db *OrganizationDB) ListOwned(ctx context.Context, accountRef bson.ObjectID) ([]model.Organization, error) {
 	return mutil.GetObjects[model.Organization](ctx, db.DBImp.Logger, repository.Filter("ownerRef", accountRef), nil, db.DBImp.Repository)
 }
--- a/api/pkg/db/internal/mongo/organizationdb/setarchived_test.go
+++ b/api/pkg/db/internal/mongo/organizationdb/setarchived_test.go
@@ -17,13 +17,13 @@ import (
 	"github.com/tech/sendico/pkg/merrors"
 	"github.com/tech/sendico/pkg/model"
 	"github.com/tech/sendico/pkg/mservice"
-	"go.mongodb.org/mongo-driver/bson/primitive"
+	"go.mongodb.org/mongo-driver/v2/bson"
 	"go.uber.org/zap"
 )

 func TestOrganizationDB_SetArchived_TogglesState(t *testing.T) {
 	ctx := context.Background()
-	accountRef := primitive.NewObjectID()
+	accountRef := bson.NewObjectID()
 	orgDB := newTestOrganizationDB(t)

 	org := &model.Organization{
@@ -32,7 +32,7 @@ func TestOrganizationDB_SetArchived_TogglesState(t *testing.T) {
 			TimeZone:    "UTC",
 		},
 	}
-	org.SetID(primitive.NewObjectID())
+	org.SetID(bson.NewObjectID())

 	require.NoError(t, orgDB.Create(ctx, accountRef, *org.GetID(), org))

@@ -51,10 +51,10 @@ func TestOrganizationDB_SetArchived_TogglesState(t *testing.T) {

 func TestOrganizationDB_SetArchived_UnknownOrganization(t *testing.T) {
 	ctx := context.Background()
-	accountRef := primitive.NewObjectID()
+	accountRef := bson.NewObjectID()
 	orgDB := newTestOrganizationDB(t)

-	err := orgDB.SetArchived(ctx, accountRef, primitive.NewObjectID(), true, false)
+	err := orgDB.SetArchived(ctx, accountRef, bson.NewObjectID(), true, false)
 	require.Error(t, err)
 	assert.True(t, errors.Is(err, merrors.ErrNoData))
 }
@@ -71,7 +71,7 @@ func newTestOrganizationDB(t *testing.T) *OrganizationDB {
 		Logger:     logger,
 		Repository: repo,
 	}
-	dbImp.SetDeleter(func(ctx context.Context, objectRef primitive.ObjectID) error {
+	dbImp.SetDeleter(func(ctx context.Context, objectRef bson.ObjectID) error {
 		return repo.Delete(ctx, objectRef)
 	})

@@ -79,7 +79,7 @@ func newTestOrganizationDB(t *testing.T) *OrganizationDB {
 		ProtectedDBImp: auth.ProtectedDBImp[*model.Organization]{
 			DBImp:         dbImp,
 			Enforcer:      allowAllEnforcer{},
-			PermissionRef: primitive.NewObjectID(),
+			PermissionRef: bson.NewObjectID(),
 			Collection:    mservice.Organizations,
 		},
 	}
@@ -87,35 +87,35 @@ func newTestOrganizationDB(t *testing.T) *OrganizationDB {

 type allowAllEnforcer struct{}

-func (allowAllEnforcer) Enforce(context.Context, primitive.ObjectID, primitive.ObjectID, primitive.ObjectID, primitive.ObjectID, model.Action) (bool, error) {
+func (allowAllEnforcer) Enforce(context.Context, bson.ObjectID, bson.ObjectID, bson.ObjectID, bson.ObjectID, model.Action) (bool, error) {
 	return true, nil
 }

-func (allowAllEnforcer) EnforceBatch(_ context.Context, objects []model.PermissionBoundStorable, _ primitive.ObjectID, _ model.Action) (map[primitive.ObjectID]bool, error) {
-	result := make(map[primitive.ObjectID]bool, len(objects))
+func (allowAllEnforcer) EnforceBatch(_ context.Context, objects []model.PermissionBoundStorable, _ bson.ObjectID, _ model.Action) (map[bson.ObjectID]bool, error) {
+	result := make(map[bson.ObjectID]bool, len(objects))
 	for _, obj := range objects {
 		result[*obj.GetID()] = true
 	}
 	return result, nil
 }

-func (allowAllEnforcer) GetRoles(context.Context, primitive.ObjectID, primitive.ObjectID) ([]model.Role, error) {
+func (allowAllEnforcer) GetRoles(context.Context, bson.ObjectID, bson.ObjectID) ([]model.Role, error) {
 	return nil, nil
 }

-func (allowAllEnforcer) GetPermissions(context.Context, primitive.ObjectID, primitive.ObjectID) ([]model.Role, []model.Permission, error) {
+func (allowAllEnforcer) GetPermissions(context.Context, bson.ObjectID, bson.ObjectID) ([]model.Role, []model.Permission, error) {
 	return nil, nil, nil
 }

 type memoryOrganizationRepository struct {
 	mu    sync.RWMutex
-	data  map[primitive.ObjectID]*model.Organization
-	order []primitive.ObjectID
+	data  map[bson.ObjectID]*model.Organization
+	order []bson.ObjectID
 }

 func newMemoryOrganizationRepository() *memoryOrganizationRepository {
 	return &memoryOrganizationRepository{
-		data: make(map[primitive.ObjectID]*model.Organization),
+		data: make(map[bson.ObjectID]*model.Organization),
 	}
 }

@@ -132,7 +132,7 @@ func (m *memoryOrganizationRepository) Insert(_ context.Context, obj storable.St
 		return merrors.InvalidDataType("expected organization")
 	}
 	id := org.GetID()
-	if id == nil || *id == primitive.NilObjectID {
+	if id == nil || *id == bson.NilObjectID {
 		return merrors.InvalidArgument("organization ID must be set")
 	}
 	if _, exists := m.data[*id]; exists {
@@ -152,7 +152,7 @@ func (m *memoryOrganizationRepository) InsertMany(ctx context.Context, objects [
 	return nil
 }

-func (m *memoryOrganizationRepository) Get(_ context.Context, id primitive.ObjectID, result storable.Storable) error {
+func (m *memoryOrganizationRepository) Get(_ context.Context, id bson.ObjectID, result storable.Storable) error {
 	m.mu.RLock()
 	defer m.mu.RUnlock()

@@ -207,7 +207,7 @@ func (m *memoryOrganizationRepository) Update(_ context.Context, obj storable.St
 	return nil
 }

-func (m *memoryOrganizationRepository) Patch(context.Context, primitive.ObjectID, builder.Patch) error {
+func (m *memoryOrganizationRepository) Patch(context.Context, bson.ObjectID, builder.Patch) error {
 	return merrors.NotImplemented("Patch is not supported in memory repository")
 }

@@ -215,7 +215,7 @@ func (m *memoryOrganizationRepository) PatchMany(context.Context, builder.Query,
 	return 0, merrors.NotImplemented("PatchMany is not supported in memory repository")
 }

-func (m *memoryOrganizationRepository) Delete(_ context.Context, id primitive.ObjectID) error {
+func (m *memoryOrganizationRepository) Delete(_ context.Context, id bson.ObjectID) error {
 	m.mu.Lock()
 	defer m.mu.Unlock()
 	if _, exists := m.data[id]; !exists {
@@ -233,11 +233,11 @@ func (m *memoryOrganizationRepository) CreateIndex(*ri.Definition) error {
 	return nil
 }

-func (m *memoryOrganizationRepository) ListIDs(_ context.Context, query builder.Query) ([]primitive.ObjectID, error) {
+func (m *memoryOrganizationRepository) ListIDs(_ context.Context, query builder.Query) ([]bson.ObjectID, error) {
 	m.mu.RLock()
 	defer m.mu.RUnlock()

-	var ids []primitive.ObjectID
+	var ids []bson.ObjectID
 	for _, id := range m.order {
 		if org, ok := m.data[id]; ok && m.matchesQuery(query, org) {
 			ids = append(ids, id)
@@ -277,7 +277,7 @@ func (m *memoryOrganizationRepository) matchesQuery(query builder.Query, org *mo
 	for _, elem := range query.BuildQuery() {
 		switch elem.Key {
 		case storable.IDField:
-			id, ok := elem.Value.(primitive.ObjectID)
+			id, ok := elem.Value.(bson.ObjectID)
 			if !ok || *org.GetID() != id {
 				return false
 			}
@@ -294,7 +294,7 @@ func (m *memoryOrganizationRepository) matchesQuery(query builder.Query, org *mo
 func cloneOrganization(src *model.Organization) *model.Organization {
 	dst := *src
 	if len(src.Members) > 0 {
-		dst.Members = append([]primitive.ObjectID{}, src.Members...)
+		dst.Members = append([]bson.ObjectID{}, src.Members...)
 	}
 	return &dst
 }
--- a/api/pkg/db/internal/mongo/paymethoddb/archived.go
+++ b/api/pkg/db/internal/mongo/paymethoddb/archived.go
@@ -4,11 +4,11 @@ import (
 	"context"

 	"github.com/tech/sendico/pkg/mutil/mzap"
-	"go.mongodb.org/mongo-driver/bson/primitive"
+	"go.mongodb.org/mongo-driver/v2/bson"
 	"go.uber.org/zap"
 )

-func (db *PaymentMethodsDB) SetArchived(ctx context.Context, accountRef, organizationRef, objectRef primitive.ObjectID, isArchived, cascade bool) error {
+func (db *PaymentMethodsDB) SetArchived(ctx context.Context, accountRef, organizationRef, objectRef bson.ObjectID, isArchived, cascade bool) error {
 	// Use the ArchivableDB for the main archiving logic
 	if err := db.ArchivableDB.SetArchived(ctx, accountRef, objectRef, isArchived); err != nil {
 		db.DBImp.Logger.Warn("Failed to chnage object archive status", zap.Error(err),
--- a/api/pkg/db/internal/mongo/paymethoddb/db.go
+++ b/api/pkg/db/internal/mongo/paymethoddb/db.go
@@ -9,7 +9,7 @@ import (
 	"github.com/tech/sendico/pkg/mlogger"
 	"github.com/tech/sendico/pkg/model"
 	"github.com/tech/sendico/pkg/mservice"
-	"go.mongodb.org/mongo-driver/mongo"
+	"go.mongodb.org/mongo-driver/v2/mongo"
 	"go.uber.org/zap"
 )

--- a/api/pkg/db/internal/mongo/paymethoddb/list.go
+++ b/api/pkg/db/internal/mongo/paymethoddb/list.go
@@ -8,10 +8,10 @@ import (
 	"github.com/tech/sendico/pkg/merrors"
 	"github.com/tech/sendico/pkg/model"
 	mauth "github.com/tech/sendico/pkg/mutil/db/auth"
-	"go.mongodb.org/mongo-driver/bson/primitive"
+	"go.mongodb.org/mongo-driver/v2/bson"
 )

-func (db *PaymentMethodsDB) List(ctx context.Context, accountRef, organizationRef, recipientRef primitive.ObjectID, cursor *model.ViewCursor) ([]model.PaymentMethod, error) {
+func (db *PaymentMethodsDB) List(ctx context.Context, accountRef, organizationRef, recipientRef bson.ObjectID, cursor *model.ViewCursor) ([]model.PaymentMethod, error) {
 	res, err := mauth.GetProtectedObjects[model.PaymentMethod](
 		ctx,
 		db.DBImp.Logger,
--- a/api/pkg/db/internal/mongo/policiesdb/all.go
+++ b/api/pkg/db/internal/mongo/policiesdb/all.go
@@ -7,10 +7,10 @@ import (
 	"github.com/tech/sendico/pkg/db/storable"
 	"github.com/tech/sendico/pkg/model"
 	mutil "github.com/tech/sendico/pkg/mutil/db"
-	"go.mongodb.org/mongo-driver/bson/primitive"
+	"go.mongodb.org/mongo-driver/v2/bson"
 )

-func (db *PoliciesDB) All(ctx context.Context, organizationRef primitive.ObjectID) ([]model.PolicyDescription, error) {
+func (db *PoliciesDB) All(ctx context.Context, organizationRef bson.ObjectID) ([]model.PolicyDescription, error) {
 	// all documents
 	filter := repository.Query().Or(
 		repository.Filter(storable.OrganizationRefField, nil),
--- a/api/pkg/db/internal/mongo/policiesdb/db.go
+++ b/api/pkg/db/internal/mongo/policiesdb/db.go
@@ -5,7 +5,7 @@ import (
 	"github.com/tech/sendico/pkg/mlogger"
 	"github.com/tech/sendico/pkg/model"
 	"github.com/tech/sendico/pkg/mservice"
-	"go.mongodb.org/mongo-driver/mongo"
+	"go.mongodb.org/mongo-driver/v2/mongo"
 )

 type PoliciesDB struct {
--- a/api/pkg/db/internal/mongo/policiesdb/db_test.go
+++ b/api/pkg/db/internal/mongo/policiesdb/db_test.go
@@ -14,17 +14,19 @@ import (
 	"github.com/tech/sendico/pkg/db/repository"
 	"github.com/tech/sendico/pkg/db/repository/builder"
 	"github.com/tech/sendico/pkg/merrors"
+
 	// Model package (contains PolicyDescription + Describable)
-	"github.com/tech/sendico/pkg/model"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
+	"github.com/tech/sendico/pkg/model"
+
 	// Testcontainers
 	"github.com/testcontainers/testcontainers-go"
 	"github.com/testcontainers/testcontainers-go/modules/mongodb"
 	"github.com/testcontainers/testcontainers-go/wait"
-	"go.mongodb.org/mongo-driver/bson/primitive"
-	"go.mongodb.org/mongo-driver/mongo"
-	"go.mongodb.org/mongo-driver/mongo/options"
+	"go.mongodb.org/mongo-driver/v2/bson"
+	"go.mongodb.org/mongo-driver/v2/mongo"
+	"go.mongodb.org/mongo-driver/v2/mongo/options"
 	"go.uber.org/zap"
 )

@@ -114,7 +116,7 @@ func TestPoliciesDB(t *testing.T) {
 		cleanupCollection(t, ctx, db)

 		// Attempt to get a non-existent ID
-		nonExistentID := primitive.NewObjectID()
+		nonExistentID := bson.NewObjectID()
 		result := &model.PolicyDescription{}
 		err := pdb.Get(ctx, nonExistentID, result)
 		assert.Error(t, err)
@@ -234,8 +236,8 @@ func TestPoliciesDB(t *testing.T) {
 		cleanupCollection(t, ctx, db)

 		// Insert some policies (orgA, orgB, nil org)
-		orgA := primitive.NewObjectID()
-		orgB := primitive.NewObjectID()
+		orgA := bson.NewObjectID()
+		orgB := bson.NewObjectID()

 		descA := "Org A policy"
 		policyA := &model.PolicyDescription{
@@ -272,7 +274,7 @@ func TestPoliciesDB(t *testing.T) {
 		require.NoError(t, err)
 		require.Len(t, resultsA, 2) // orgA + built-in

-		var idsA []primitive.ObjectID
+		var idsA []bson.ObjectID
 		for _, r := range resultsA {
 			idsA = append(idsA, r.ID)
 		}
@@ -284,7 +286,7 @@ func TestPoliciesDB(t *testing.T) {
 		require.NoError(t, err)
 		require.Len(t, resultsB, 2) // orgB + built-in

-		var idsB []primitive.ObjectID
+		var idsB []bson.ObjectID
 		for _, r := range resultsB {
 			idsB = append(idsB, r.ID)
 		}
@@ -322,11 +324,11 @@ func TestPoliciesDB(t *testing.T) {
 		require.NoError(t, pdb.Create(ctx, pol3))

 		// 1) Request pol1, pol2
-		results12, err := pdb.Policies(ctx, []primitive.ObjectID{pol1.ID, pol2.ID})
+		results12, err := pdb.Policies(ctx, []bson.ObjectID{pol1.ID, pol2.ID})
 		require.NoError(t, err)
 		require.Len(t, results12, 2)
 		// IDs might be out of order, so we do a set-like check
-		var set12 []primitive.ObjectID
+		var set12 []bson.ObjectID
 		for _, r := range results12 {
 			set12 = append(set12, r.ID)
 		}
@@ -334,11 +336,11 @@ func TestPoliciesDB(t *testing.T) {
 		assert.Contains(t, set12, pol2.ID)

 		// 2) Request pol1, pol3, plus a random ID
-		fakeID := primitive.NewObjectID()
-		results13Fake, err := pdb.Policies(ctx, []primitive.ObjectID{pol1.ID, pol3.ID, fakeID})
+		fakeID := bson.NewObjectID()
+		results13Fake, err := pdb.Policies(ctx, []bson.ObjectID{pol1.ID, pol3.ID, fakeID})
 		require.NoError(t, err)
 		require.Len(t, results13Fake, 2) // pol1 + pol3 only
-		var set13Fake []primitive.ObjectID
+		var set13Fake []bson.ObjectID
 		for _, r := range results13Fake {
 			set13Fake = append(set13Fake, r.ID)
 		}
@@ -346,7 +348,7 @@ func TestPoliciesDB(t *testing.T) {
 		assert.Contains(t, set13Fake, pol3.ID)

 		// 3) Request with empty slice => expect no results
-		resultsEmpty, err := pdb.Policies(ctx, []primitive.ObjectID{})
+		resultsEmpty, err := pdb.Policies(ctx, []bson.ObjectID{})
 		require.NoError(t, err)
 		assert.Len(t, resultsEmpty, 0)
 	})
--- a/api/pkg/db/internal/mongo/policiesdb/policies.go
+++ b/api/pkg/db/internal/mongo/policiesdb/policies.go
@@ -6,10 +6,10 @@ import (
 	"github.com/tech/sendico/pkg/db/repository"
 	"github.com/tech/sendico/pkg/model"
 	mutil "github.com/tech/sendico/pkg/mutil/db"
-	"go.mongodb.org/mongo-driver/bson/primitive"
+	"go.mongodb.org/mongo-driver/v2/bson"
 )

-func (db *PoliciesDB) Policies(ctx context.Context, refs []primitive.ObjectID) ([]model.PolicyDescription, error) {
+func (db *PoliciesDB) Policies(ctx context.Context, refs []bson.ObjectID) ([]model.PolicyDescription, error) {
 	if len(refs) == 0 {
 		return []model.PolicyDescription{}, nil
 	}
--- a/api/pkg/db/internal/mongo/recipientdb/archived.go
+++ b/api/pkg/db/internal/mongo/recipientdb/archived.go
@@ -6,11 +6,11 @@ import (

 	"github.com/tech/sendico/pkg/merrors"
 	"github.com/tech/sendico/pkg/mutil/mzap"
-	"go.mongodb.org/mongo-driver/bson/primitive"
+	"go.mongodb.org/mongo-driver/v2/bson"
 	"go.uber.org/zap"
 )

-func (db *RecipientDB) SetArchived(ctx context.Context, accountRef, organizationRef, objectRef primitive.ObjectID, isArchived, cascade bool) error {
+func (db *RecipientDB) SetArchived(ctx context.Context, accountRef, organizationRef, objectRef bson.ObjectID, isArchived, cascade bool) error {
 	// Use the ArchivableDB for the main archiving logic
 	if err := db.ArchivableDB.SetArchived(ctx, accountRef, objectRef, isArchived); err != nil {
 		db.DBImp.Logger.Warn("Failed to change recipient archive status", zap.Error(err),
@@ -32,7 +32,7 @@ func (db *RecipientDB) SetArchived(ctx context.Context, accountRef, organization
 	return nil
 }

-func (db *RecipientDB) setArchivedPaymentMethods(ctx context.Context, accountRef, organizationRef, recipientRef primitive.ObjectID, archived bool) error {
+func (db *RecipientDB) setArchivedPaymentMethods(ctx context.Context, accountRef, organizationRef, recipientRef bson.ObjectID, archived bool) error {
 	db.DBImp.Logger.Debug("Setting archived status for recipient payment methods", mzap.ObjRef("recipient_ref", recipientRef), zap.Bool("archived", archived))

 	db.DBImp.Logger.Debug("Applying archived status to payment methods for recipient", mzap.ObjRef("recipient_ref", recipientRef))
--- a/api/pkg/db/internal/mongo/recipientdb/db.go
+++ b/api/pkg/db/internal/mongo/recipientdb/db.go
@@ -9,7 +9,7 @@ import (
 	"github.com/tech/sendico/pkg/mlogger"
 	"github.com/tech/sendico/pkg/model"
 	"github.com/tech/sendico/pkg/mservice"
-	"go.mongodb.org/mongo-driver/mongo"
+	"go.mongodb.org/mongo-driver/v2/mongo"
 )

 type RecipientDB struct {
--- a/api/pkg/db/internal/mongo/recipientdb/list.go
+++ b/api/pkg/db/internal/mongo/recipientdb/list.go
@@ -8,10 +8,10 @@ import (
 	"github.com/tech/sendico/pkg/merrors"
 	"github.com/tech/sendico/pkg/model"
 	mauth "github.com/tech/sendico/pkg/mutil/db/auth"
-	"go.mongodb.org/mongo-driver/bson/primitive"
+	"go.mongodb.org/mongo-driver/v2/bson"
 )

-func (db *RecipientDB) List(ctx context.Context, accountRef, organizationRef, _ primitive.ObjectID, cursor *model.ViewCursor) ([]model.Recipient, error) {
+func (db *RecipientDB) List(ctx context.Context, accountRef, organizationRef, _ bson.ObjectID, cursor *model.ViewCursor) ([]model.Recipient, error) {
 	res, err := mauth.GetProtectedObjects[model.Recipient](
 		ctx,
 		db.DBImp.Logger,
--- a/api/pkg/db/internal/mongo/refreshtokensdb/crud.go
+++ b/api/pkg/db/internal/mongo/refreshtokensdb/crud.go
@@ -10,7 +10,7 @@ import (
 	"github.com/tech/sendico/pkg/model"
 	"github.com/tech/sendico/pkg/mservice"
 	"github.com/tech/sendico/pkg/mutil/mzap"
-	"go.mongodb.org/mongo-driver/bson/primitive"
+	"go.mongodb.org/mongo-driver/v2/bson"
 	"go.uber.org/zap"
 )

@@ -67,12 +67,12 @@ func (db *RefreshTokenDB) Update(ctx context.Context, rt *model.RefreshToken) er
 	return db.Patch(ctx, *rt.GetID(), patch)
 }

-func (db *RefreshTokenDB) Delete(ctx context.Context, tokenRef primitive.ObjectID) error {
+func (db *RefreshTokenDB) Delete(ctx context.Context, tokenRef bson.ObjectID) error {
 	db.Logger.Info("Deleting refresh token", mzap.ObjRef("refresh_token_ref", tokenRef))
 	return db.DBImp.Delete(ctx, tokenRef)
 }

-func (db *RefreshTokenDB) Revoke(ctx context.Context, accountRef primitive.ObjectID, session *model.SessionIdentifier) error {
+func (db *RefreshTokenDB) Revoke(ctx context.Context, accountRef bson.ObjectID, session *model.SessionIdentifier) error {
 	var rt model.RefreshToken
 	f := filterByAccount(accountRef, session)
 	if err := db.Repository.FindOneByFilter(ctx, f, &rt); err != nil {
--- a/api/pkg/db/internal/mongo/refreshtokensdb/db.go
+++ b/api/pkg/db/internal/mongo/refreshtokensdb/db.go
@@ -7,7 +7,7 @@ import (
 	"github.com/tech/sendico/pkg/mlogger"
 	"github.com/tech/sendico/pkg/model"
 	"github.com/tech/sendico/pkg/mservice"
-	"go.mongodb.org/mongo-driver/mongo"
+	"go.mongodb.org/mongo-driver/v2/mongo"
 	"go.uber.org/zap"
 )

--- a/api/pkg/db/internal/mongo/refreshtokensdb/filters.go
+++ b/api/pkg/db/internal/mongo/refreshtokensdb/filters.go
@@ -4,7 +4,7 @@ import (
 	"github.com/tech/sendico/pkg/db/repository"
 	"github.com/tech/sendico/pkg/db/repository/builder"
 	"github.com/tech/sendico/pkg/model"
-	"go.mongodb.org/mongo-driver/bson/primitive"
+	"go.mongodb.org/mongo-driver/v2/bson"
 )

 func filterByClientId(clientID string) builder.Query {
@@ -20,6 +20,6 @@ func filter(session *model.SessionIdentifier) builder.Query {
 	return filter
 }

-func filterByAccount(accountRef primitive.ObjectID, session *model.SessionIdentifier) builder.Query {
+func filterByAccount(accountRef bson.ObjectID, session *model.SessionIdentifier) builder.Query {
 	return filter(session).And(repository.Query().Comparison(repository.AccountField(), builder.Eq, accountRef))
 }
--- a/api/pkg/db/internal/mongo/refreshtokensdb/refreshtokensdb_test.go
+++ b/api/pkg/db/internal/mongo/refreshtokensdb/refreshtokensdb_test.go
@@ -21,10 +21,9 @@ import (
 	"github.com/testcontainers/testcontainers-go"
 	"github.com/testcontainers/testcontainers-go/modules/mongodb"
 	"github.com/testcontainers/testcontainers-go/wait"
-	"go.mongodb.org/mongo-driver/bson"
-	"go.mongodb.org/mongo-driver/bson/primitive"
-	"go.mongodb.org/mongo-driver/mongo"
-	"go.mongodb.org/mongo-driver/mongo/options"
+	"go.mongodb.org/mongo-driver/v2/bson"
+	"go.mongodb.org/mongo-driver/v2/mongo"
+	"go.mongodb.org/mongo-driver/v2/mongo/options"
 )

 func setupTestDB(t *testing.T) (*refreshtokensdb.RefreshTokenDB, func()) {
@@ -71,7 +70,7 @@ func setupTestDBWithMongo(t *testing.T) (*refreshtokensdb.RefreshTokenDB, *mongo
 	return db, database, cleanup
 }

-func createTestRefreshToken(accountRef primitive.ObjectID, clientID, deviceID, token string) *model.RefreshToken {
+func createTestRefreshToken(accountRef bson.ObjectID, clientID, deviceID, token string) *model.RefreshToken {
 	return &model.RefreshToken{
 		ClientRefreshToken: model.ClientRefreshToken{
 			SessionIdentifier: model.SessionIdentifier{
@@ -99,7 +98,7 @@ func TestRefreshTokenDB_AuthenticationFlow(t *testing.T) {

 	t.Run("Complete_User_Authentication_Flow", func(t *testing.T) {
 		// Setup: Create user and client
-		userID := primitive.NewObjectID()
+		userID := bson.NewObjectID()
 		clientID := "web-app"
 		deviceID := "user-desktop-chrome"
 		token := "refresh_token_12345"
@@ -141,7 +140,7 @@ func TestRefreshTokenDB_AuthenticationFlow(t *testing.T) {

 	t.Run("Manual_Token_Revocation_Workaround", func(t *testing.T) {
 		// Test manual revocation by directly updating the token
-		userID := primitive.NewObjectID()
+		userID := bson.NewObjectID()
 		clientID := "web-app"
 		deviceID := "user-desktop-chrome"
 		token := "manual_revoke_token_123"
@@ -178,7 +177,7 @@ func TestRefreshTokenDB_MultiDeviceManagement(t *testing.T) {
 	ctx := context.Background()

 	t.Run("User_With_Multiple_Devices", func(t *testing.T) {
-		userID := primitive.NewObjectID()
+		userID := bson.NewObjectID()
 		clientID := "mobile-app"

 		// User logs in from phone
@@ -241,7 +240,7 @@ func TestRefreshTokenDB_TokenRotation(t *testing.T) {
 	ctx := context.Background()

 	t.Run("Token_Rotation_On_Use", func(t *testing.T) {
-		userID := primitive.NewObjectID()
+		userID := bson.NewObjectID()
 		clientID := "web-app"
 		deviceID := "user-browser"
 		initialToken := "initial_token_123"
@@ -298,7 +297,7 @@ func TestRefreshTokenDB_SessionReplacement(t *testing.T) {
 	ctx := context.Background()

 	t.Run("User_Login_From_Same_Device_Twice", func(t *testing.T) {
-		userID := primitive.NewObjectID()
+		userID := bson.NewObjectID()
 		clientID := "web-app"
 		deviceID := "user-laptop"

@@ -340,7 +339,7 @@ func TestRefreshTokenDB_SessionReplacement(t *testing.T) {
 	})

 	t.Run("Create_After_GlobalRevocation_AllowsNewActive", func(t *testing.T) {
-		userID := primitive.NewObjectID()
+		userID := bson.NewObjectID()
 		clientID := "web-app"
 		deviceID := "user-laptop"

@@ -407,7 +406,7 @@ func TestRefreshTokenDB_ClientManagement(t *testing.T) {
 		// Note: Client management is handled by a separate client database
 		// This test verifies that refresh tokens work with different client IDs

-		userID := primitive.NewObjectID()
+		userID := bson.NewObjectID()

 		// Create refresh tokens for different clients
 		webToken := createTestRefreshToken(userID, "web-app", "device1", "token1")
@@ -454,7 +453,7 @@ func TestRefreshTokenDB_SecurityScenarios(t *testing.T) {
 	ctx := context.Background()

 	t.Run("Token_Hijacking_Prevention", func(t *testing.T) {
-		userID := primitive.NewObjectID()
+		userID := bson.NewObjectID()
 		clientID := "web-app"
 		deviceID := "user-browser"
 		token := "hijacked_token_123"
@@ -509,7 +508,7 @@ func TestRefreshTokenDB_ExpiredTokenHandling(t *testing.T) {
 	ctx := context.Background()

 	t.Run("Expired_Token_Cleanup", func(t *testing.T) {
-		userID := primitive.NewObjectID()
+		userID := bson.NewObjectID()
 		clientID := "web-app"
 		deviceID := "user-device"
 		token := "expired_token_123"
@@ -548,7 +547,7 @@ func TestRefreshTokenDB_ConcurrentAccess(t *testing.T) {
 	ctx := context.Background()

 	t.Run("Concurrent_Token_Usage", func(t *testing.T) {
-		userID := primitive.NewObjectID()
+		userID := bson.NewObjectID()
 		clientID := "web-app"
 		deviceID := "user-device"
 		token := "concurrent_token_123"
@@ -594,7 +593,7 @@ func TestRefreshTokenDB_EdgeCases(t *testing.T) {
 	ctx := context.Background()

 	t.Run("Delete_Token_By_ID", func(t *testing.T) {
-		userID := primitive.NewObjectID()
+		userID := bson.NewObjectID()
 		refreshToken := createTestRefreshToken(userID, "web-app", "device-1", "token_123")
 		err := db.Create(ctx, refreshToken)
 		require.NoError(t, err)
@@ -613,7 +612,7 @@ func TestRefreshTokenDB_EdgeCases(t *testing.T) {
 	})

 	t.Run("Revoke_Non_Existent_Token", func(t *testing.T) {
-		userID := primitive.NewObjectID()
+		userID := bson.NewObjectID()
 		session := &model.SessionIdentifier{
 			ClientID: "non-existent-client",
 			DeviceID: "non-existent-device",
@@ -625,7 +624,7 @@ func TestRefreshTokenDB_EdgeCases(t *testing.T) {
 	})

 	t.Run("RevokeAll_No_Other_Devices", func(t *testing.T) {
-		userID := primitive.NewObjectID()
+		userID := bson.NewObjectID()
 		clientID := "web-app"
 		deviceID := "only-device"

@@ -659,8 +658,8 @@ func TestRefreshTokenDB_DatabaseIndexes(t *testing.T) {
 	ctx := context.Background()

 	t.Run("Unique_Token_Constraint", func(t *testing.T) {
-		userID1 := primitive.NewObjectID()
-		userID2 := primitive.NewObjectID()
+		userID1 := bson.NewObjectID()
+		userID2 := bson.NewObjectID()
 		token := "duplicate_token_123"

 		// Create first token
@@ -676,7 +675,7 @@ func TestRefreshTokenDB_DatabaseIndexes(t *testing.T) {
 	})

 	t.Run("Query_Performance_By_Revocation_Status", func(t *testing.T) {
-		userID := primitive.NewObjectID()
+		userID := bson.NewObjectID()
 		clientID := "web-app"

 		// Create multiple tokens
--- a/api/pkg/db/internal/mongo/refreshtokensdb/revoke.go
+++ b/api/pkg/db/internal/mongo/refreshtokensdb/revoke.go
@@ -6,10 +6,10 @@ import (

 	"github.com/tech/sendico/pkg/db/repository"
 	"github.com/tech/sendico/pkg/db/repository/builder"
-	"go.mongodb.org/mongo-driver/bson/primitive"
+	"go.mongodb.org/mongo-driver/v2/bson"
 )

-func (db *RefreshTokenDB) RevokeAll(ctx context.Context, accountRef primitive.ObjectID, deviceID string) error {
+func (db *RefreshTokenDB) RevokeAll(ctx context.Context, accountRef bson.ObjectID, deviceID string) error {
 	query := repository.Query().
 		Filter(repository.AccountField(), accountRef).
 		And(repository.Query().Comparison(repository.Field("deviceId"), builder.Ne, deviceID)).
--- a/api/pkg/db/internal/mongo/repositoryimp/builderimp/accumulator.go
+++ b/api/pkg/db/internal/mongo/repositoryimp/builderimp/accumulator.go
@@ -2,7 +2,7 @@ package builderimp

 import (
 	"github.com/tech/sendico/pkg/db/repository/builder"
-	"go.mongodb.org/mongo-driver/bson"
+	"go.mongodb.org/mongo-driver/v2/bson"
 )

 type literalAccumulatorImp struct {
--- a/api/pkg/db/internal/mongo/repositoryimp/builderimp/alias.go
+++ b/api/pkg/db/internal/mongo/repositoryimp/builderimp/alias.go
@@ -2,7 +2,7 @@ package builderimp

 import (
 	"github.com/tech/sendico/pkg/db/repository/builder"
-	"go.mongodb.org/mongo-driver/bson"
+	"go.mongodb.org/mongo-driver/v2/bson"
 )

 type aliasImp struct {
--- a/api/pkg/db/internal/mongo/repositoryimp/builderimp/array.go
+++ b/api/pkg/db/internal/mongo/repositoryimp/builderimp/array.go
@@ -2,7 +2,7 @@ package builderimp

 import (
 	"github.com/tech/sendico/pkg/db/repository/builder"
-	"go.mongodb.org/mongo-driver/bson"
+	"go.mongodb.org/mongo-driver/v2/bson"
 )

 type arrayImp struct {
--- a/api/pkg/db/internal/mongo/repositoryimp/builderimp/expression.go
+++ b/api/pkg/db/internal/mongo/repositoryimp/builderimp/expression.go
@@ -4,7 +4,7 @@ import (
 	"reflect"

 	"github.com/tech/sendico/pkg/db/repository/builder"
-	"go.mongodb.org/mongo-driver/bson"
+	"go.mongodb.org/mongo-driver/v2/bson"
 )

 type literalExpression struct {
--- a/api/pkg/db/internal/mongo/repositoryimp/builderimp/func.go
+++ b/api/pkg/db/internal/mongo/repositoryimp/builderimp/func.go
@@ -2,7 +2,7 @@ package builderimp

 import (
 	"github.com/tech/sendico/pkg/db/repository/builder"
-	"go.mongodb.org/mongo-driver/bson"
+	"go.mongodb.org/mongo-driver/v2/bson"
 )

 type condImp struct {
--- a/api/pkg/db/internal/mongo/repositoryimp/builderimp/gaccumulator.go
+++ b/api/pkg/db/internal/mongo/repositoryimp/builderimp/gaccumulator.go
@@ -2,7 +2,7 @@ package builderimp

 import (
 	"github.com/tech/sendico/pkg/db/repository/builder"
-	"go.mongodb.org/mongo-driver/bson"
+	"go.mongodb.org/mongo-driver/v2/bson"
 )

 type groupAccumulatorImp struct {
--- a/api/pkg/db/internal/mongo/repositoryimp/builderimp/patch.go
+++ b/api/pkg/db/internal/mongo/repositoryimp/builderimp/patch.go
@@ -5,7 +5,7 @@ import (

 	"github.com/tech/sendico/pkg/db/repository/builder"
 	"github.com/tech/sendico/pkg/db/storable"
-	"go.mongodb.org/mongo-driver/bson"
+	"go.mongodb.org/mongo-driver/v2/bson"
 )

 type patchBuilder struct {
--- a/api/pkg/db/internal/mongo/repositoryimp/builderimp/pipeline.go
+++ b/api/pkg/db/internal/mongo/repositoryimp/builderimp/pipeline.go
@@ -3,8 +3,8 @@ package builderimp
 import (
 	"github.com/tech/sendico/pkg/db/repository/builder"
 	"github.com/tech/sendico/pkg/mservice"
-	"go.mongodb.org/mongo-driver/bson"
-	"go.mongodb.org/mongo-driver/mongo"
+	"go.mongodb.org/mongo-driver/v2/bson"
+	"go.mongodb.org/mongo-driver/v2/mongo"
 )

 type unwindOpts = builder.UnwindOpts
--- a/api/pkg/db/internal/mongo/repositoryimp/builderimp/pipeline_test.go
+++ b/api/pkg/db/internal/mongo/repositoryimp/builderimp/pipeline_test.go
@@ -6,9 +6,9 @@ import (
 	"github.com/stretchr/testify/assert"
 	"github.com/tech/sendico/pkg/db/repository/builder"
 	"github.com/tech/sendico/pkg/mservice"
-	"go.mongodb.org/mongo-driver/bson"
-	"go.mongodb.org/mongo-driver/mongo"
-	"go.mongodb.org/mongo-driver/mongo/options"
+	"go.mongodb.org/mongo-driver/v2/bson"
+	"go.mongodb.org/mongo-driver/v2/mongo"
+	"go.mongodb.org/mongo-driver/v2/mongo/options"
 )

 func TestNewPipelineImp(t *testing.T) {
@@ -454,7 +454,7 @@ func (m *MockQuery) Offset(offset *int64) builder.Query
 func (m *MockQuery) Archived(isArchived *bool) builder.Query                          { return m }
 func (m *MockQuery) BuildPipeline() bson.D                                            { return m.buildPipeline }
 func (m *MockQuery) BuildQuery() bson.D                                               { return bson.D{} }
-func (m *MockQuery) BuildOptions() *options.FindOptions                               { return &options.FindOptions{} }
+func (m *MockQuery) BuildOptions() *options.FindOptionsBuilder                        { return &options.FindOptionsBuilder{} }

 type MockField struct {
 	build string
--- a/api/pkg/db/internal/mongo/repositoryimp/builderimp/projection.go
+++ b/api/pkg/db/internal/mongo/repositoryimp/builderimp/projection.go
@@ -2,7 +2,7 @@ package builderimp

 import (
 	"github.com/tech/sendico/pkg/db/repository/builder"
-	"go.mongodb.org/mongo-driver/bson"
+	"go.mongodb.org/mongo-driver/v2/bson"
 )

 // projectionExprImp is a concrete implementation of builder.Projection
--- a/api/pkg/db/internal/mongo/repositoryimp/builderimp/query.go
+++ b/api/pkg/db/internal/mongo/repositoryimp/builderimp/query.go
@@ -5,9 +5,8 @@ import (

 	"github.com/tech/sendico/pkg/db/repository/builder"
 	"github.com/tech/sendico/pkg/db/storable"
-	"go.mongodb.org/mongo-driver/bson"
-	"go.mongodb.org/mongo-driver/bson/primitive"
-	"go.mongodb.org/mongo-driver/mongo/options"
+	"go.mongodb.org/mongo-driver/v2/bson"
+	"go.mongodb.org/mongo-driver/v2/mongo/options"
 )

 type QueryImp struct {
@@ -51,7 +50,7 @@ func (b *QueryImp) Expression(value builder.Expression) builder.Query {
 }

 func (b *QueryImp) RegEx(field builder.Field, pattern, options string) builder.Query {
-	b.filter = append(b.filter, bson.E{Key: field.Build(), Value: primitive.Regex{Pattern: pattern, Options: options}})
+	b.filter = append(b.filter, bson.E{Key: field.Build(), Value: bson.Regex{Pattern: pattern, Options: options}})
 	return b
 }

@@ -134,7 +133,7 @@ func (b *QueryImp) Offset(offset *int64) builder.Query {
 	return b
 }

-func (b *QueryImp) BuildOptions() *options.FindOptions {
+func (b *QueryImp) BuildOptions() *options.FindOptionsBuilder {
 	opts := options.Find()
 	if b.limit != nil {
 		opts.SetLimit(*b.limit)
--- a/api/pkg/db/internal/mongo/repositoryimp/index.go
+++ b/api/pkg/db/internal/mongo/repositoryimp/index.go
@@ -5,9 +5,9 @@ import (

 	ri "github.com/tech/sendico/pkg/db/repository/index"
 	"github.com/tech/sendico/pkg/merrors"
-	"go.mongodb.org/mongo-driver/bson"
-	"go.mongodb.org/mongo-driver/mongo"
-	"go.mongodb.org/mongo-driver/mongo/options"
+	"go.mongodb.org/mongo-driver/v2/bson"
+	"go.mongodb.org/mongo-driver/v2/mongo"
+	"go.mongodb.org/mongo-driver/v2/mongo/options"
 )

 func (r *MongoRepository) CreateIndex(def *ri.Definition) error {
--- a/api/pkg/db/internal/mongo/repositoryimp/index_integration_test.go
+++ b/api/pkg/db/internal/mongo/repositoryimp/index_integration_test.go
@@ -15,9 +15,9 @@ import (
 	"github.com/testcontainers/testcontainers-go"
 	"github.com/testcontainers/testcontainers-go/modules/mongodb"
 	"github.com/testcontainers/testcontainers-go/wait"
-	"go.mongodb.org/mongo-driver/bson"
-	"go.mongodb.org/mongo-driver/mongo"
-	"go.mongodb.org/mongo-driver/mongo/options"
+	"go.mongodb.org/mongo-driver/v2/bson"
+	"go.mongodb.org/mongo-driver/v2/mongo"
+	"go.mongodb.org/mongo-driver/v2/mongo/options"
 )

 func TestCreateIndex_WithPartialFilter(t *testing.T) {
--- a/api/pkg/db/internal/mongo/repositoryimp/repository.go
+++ b/api/pkg/db/internal/mongo/repositoryimp/repository.go
@@ -10,10 +10,9 @@ import (
 	"github.com/tech/sendico/pkg/db/storable"
 	"github.com/tech/sendico/pkg/merrors"
 	"github.com/tech/sendico/pkg/model"
-	"go.mongodb.org/mongo-driver/bson"
-	"go.mongodb.org/mongo-driver/bson/primitive"
-	"go.mongodb.org/mongo-driver/mongo"
-	"go.mongodb.org/mongo-driver/mongo/options"
+	"go.mongodb.org/mongo-driver/v2/bson"
+	"go.mongodb.org/mongo-driver/v2/mongo"
+	"go.mongodb.org/mongo-driver/v2/mongo/options"
 )

 type MongoRepository struct {
@@ -21,7 +20,7 @@ type MongoRepository struct {
 	collection     *mongo.Collection
 }

-func idFilter(id primitive.ObjectID) bson.D {
+func idFilter(id bson.ObjectID) bson.D {
 	return bson.D{
 		{Key: storable.IDField, Value: id},
 	}
@@ -40,7 +39,7 @@ func (r *MongoRepository) Collection() string {

 func (r *MongoRepository) Insert(ctx context.Context, obj storable.Storable, getFilter builder.Query) error {
 	if (obj.GetID() == nil) || (obj.GetID().IsZero()) {
-		obj.SetID(primitive.NewObjectID())
+		obj.SetID(bson.NewObjectID())
 	}
 	obj.Update()
 	_, err := r.collection.InsertOne(ctx, obj)
@@ -63,7 +62,7 @@ func (r *MongoRepository) InsertMany(ctx context.Context, objects []storable.Sto
 	docs := make([]interface{}, len(objects))
 	for i, obj := range objects {
 		if (obj.GetID() == nil) || (obj.GetID().IsZero()) {
-			obj.SetID(primitive.NewObjectID())
+			obj.SetID(bson.NewObjectID())
 		}
 		obj.Update()
 		docs[i] = obj
@@ -81,7 +80,7 @@ func (r *MongoRepository) findOneByFilterImp(ctx context.Context, filter bson.D,
 	return err
 }

-func (r *MongoRepository) Get(ctx context.Context, id primitive.ObjectID, result storable.Storable) error {
+func (r *MongoRepository) Get(ctx context.Context, id bson.ObjectID, result storable.Storable) error {
 	if id.IsZero() {
 		return merrors.InvalidArgument("zero id provided while fetching "+result.Collection(), "id")
 	}
@@ -132,7 +131,7 @@ func (r *MongoRepository) Update(ctx context.Context, obj storable.Storable) err
 	return r.collection.FindOneAndReplace(ctx, idFilter(*obj.GetID()), obj).Err()
 }

-func (r *MongoRepository) Patch(ctx context.Context, id primitive.ObjectID, patch builder.Patch) error {
+func (r *MongoRepository) Patch(ctx context.Context, id bson.ObjectID, patch builder.Patch) error {
 	if id.IsZero() {
 		return merrors.InvalidArgument("zero id provided while patching", "id")
 	}
@@ -148,7 +147,7 @@ func (r *MongoRepository) PatchMany(ctx context.Context, query builder.Query, pa
 	return int(result.ModifiedCount), nil
 }

-func (r *MongoRepository) ListIDs(ctx context.Context, query builder.Query) ([]primitive.ObjectID, error) {
+func (r *MongoRepository) ListIDs(ctx context.Context, query builder.Query) ([]bson.ObjectID, error) {
 	filter := query.BuildQuery()
 	findOptions := options.Find().SetProjection(bson.M{storable.IDField: 1})

@@ -158,10 +157,10 @@ func (r *MongoRepository) ListIDs(ctx context.Context, query builder.Query) ([]p
 	}
 	defer cursor.Close(ctx)

-	var ids []primitive.ObjectID
+	var ids []bson.ObjectID
 	for cursor.Next(ctx) {
 		var doc struct {
-			ID primitive.ObjectID `bson:"_id"`
+			ID bson.ObjectID `bson:"_id"`
 		}
 		if err := cursor.Decode(&doc); err != nil {
 			return nil, err
@@ -235,7 +234,7 @@ func (r *MongoRepository) ListAccountBound(ctx context.Context, query builder.Qu
 	return result, nil
 }

-func (r *MongoRepository) Delete(ctx context.Context, id primitive.ObjectID) error {
+func (r *MongoRepository) Delete(ctx context.Context, id bson.ObjectID) error {
 	_, err := r.collection.DeleteOne(ctx, idFilter(id))
 	return err
 }
--- a/api/pkg/db/internal/mongo/repositoryimp/repository_comprehensive_test.go
+++ b/api/pkg/db/internal/mongo/repositoryimp/repository_comprehensive_test.go
@@ -9,19 +9,18 @@ import (
 	"testing"
 	"time"

+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 	"github.com/tech/sendico/pkg/db/internal/mongo/repositoryimp"
 	"github.com/tech/sendico/pkg/db/internal/mongo/repositoryimp/builderimp"
 	"github.com/tech/sendico/pkg/db/repository/builder"
 	"github.com/tech/sendico/pkg/merrors"
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
 	"github.com/testcontainers/testcontainers-go"
 	"github.com/testcontainers/testcontainers-go/modules/mongodb"
 	"github.com/testcontainers/testcontainers-go/wait"
-	"go.mongodb.org/mongo-driver/bson"
-	"go.mongodb.org/mongo-driver/bson/primitive"
-	"go.mongodb.org/mongo-driver/mongo"
-	"go.mongodb.org/mongo-driver/mongo/options"
+	"go.mongodb.org/mongo-driver/v2/bson"
+	"go.mongodb.org/mongo-driver/v2/mongo"
+	"go.mongodb.org/mongo-driver/v2/mongo/options"
 )

 func TestMongoRepository_Insert(t *testing.T) {
@@ -63,7 +62,7 @@ func TestMongoRepository_Insert(t *testing.T) {
 	})

 	t.Run("Insert_WithExistingID", func(t *testing.T) {
-		existingID := primitive.NewObjectID()
+		existingID := bson.NewObjectID()
 		testObj := &TestObject{Name: "testInsertWithID"}
 		testObj.SetID(existingID)

@@ -158,7 +157,7 @@ func TestMongoRepository_Update(t *testing.T) {
 	})

 	t.Run("Update_NonExistentObject", func(t *testing.T) {
-		nonExistentID := primitive.NewObjectID()
+		nonExistentID := bson.NewObjectID()
 		testObj := &TestObject{Name: "nonExistent"}
 		testObj.SetID(nonExistentID)

@@ -210,7 +209,7 @@ func TestMongoRepository_Delete(t *testing.T) {
 	})

 	t.Run("Delete_NonExistentObject", func(t *testing.T) {
-		nonExistentID := primitive.NewObjectID()
+		nonExistentID := bson.NewObjectID()

 		err := repository.Delete(ctx, nonExistentID)
 		// Delete should not return error even if object doesn't exist
@@ -473,19 +472,19 @@ func TestMongoRepository_ListPermissionBound(t *testing.T) {

 	t.Run("ListPermissionBound_WithData", func(t *testing.T) {
 		// Insert test objects with permission bound data
-		orgID := primitive.NewObjectID()
+		orgID := bson.NewObjectID()

 		// Insert documents directly with permission bound fields
 		_, err := db.Collection("testcollection").InsertMany(ctx, []interface{}{
 			bson.M{
-				"_id":             primitive.NewObjectID(),
+				"_id":             bson.NewObjectID(),
 				"organizationRef": orgID,
-				"permissionRef":   primitive.NewObjectID(),
+				"permissionRef":   bson.NewObjectID(),
 			},
 			bson.M{
-				"_id":             primitive.NewObjectID(),
+				"_id":             bson.NewObjectID(),
 				"organizationRef": orgID,
-				"permissionRef":   primitive.NewObjectID(),
+				"permissionRef":   bson.NewObjectID(),
 			},
 		})
 		require.NoError(t, err)
@@ -504,7 +503,7 @@ func TestMongoRepository_ListPermissionBound(t *testing.T) {
 	})

 	t.Run("ListPermissionBound_EmptyResult", func(t *testing.T) {
-		nonExistentOrgID := primitive.NewObjectID()
+		nonExistentOrgID := bson.NewObjectID()
 		query := builderimp.NewQueryImp().Comparison(builderimp.NewFieldImp("organizationRef"), builder.Eq, nonExistentOrgID)

 		results, err := repository.ListPermissionBound(ctx, query)
@@ -544,7 +543,7 @@ func TestMongoRepository_UpdateTimestamp(t *testing.T) {
 		}

 		// Set ID and initial timestamps
-		obj.SetID(primitive.NewObjectID())
+		obj.SetID(bson.NewObjectID())
 		originalCreatedAt := obj.CreatedAt
 		originalUpdatedAt := obj.UpdatedAt

--- a/api/pkg/db/internal/mongo/repositoryimp/repository_insertmany_test.go
+++ b/api/pkg/db/internal/mongo/repositoryimp/repository_insertmany_test.go
@@ -8,16 +8,15 @@ import (
 	"testing"
 	"time"

-	"github.com/tech/sendico/pkg/db/internal/mongo/repositoryimp"
-	"github.com/tech/sendico/pkg/db/storable"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
+	"github.com/tech/sendico/pkg/db/internal/mongo/repositoryimp"
+	"github.com/tech/sendico/pkg/db/storable"
 	"github.com/testcontainers/testcontainers-go"
 	"github.com/testcontainers/testcontainers-go/modules/mongodb"
 	"github.com/testcontainers/testcontainers-go/wait"
-	"go.mongodb.org/mongo-driver/bson/primitive"
-	"go.mongodb.org/mongo-driver/mongo"
-	"go.mongodb.org/mongo-driver/mongo/options"
+	"go.mongodb.org/mongo-driver/v2/mongo"
+	"go.mongodb.org/mongo-driver/v2/mongo/options"
 )

 func TestMongoRepository_InsertMany(t *testing.T) {
@@ -75,8 +74,8 @@ func TestMongoRepository_InsertMany(t *testing.T) {
 	})

 	t.Run("InsertMany_WithExistingIDs", func(t *testing.T) {
-		id1 := primitive.NewObjectID()
-		id2 := primitive.NewObjectID()
+		id1 := bson.NewObjectID()
+		id2 := bson.NewObjectID()

 		objects := []storable.Storable{
 			&TestObject{Base: storable.Base{ID: id1}, Name: "preassigned1"},
@@ -116,7 +115,7 @@ func TestMongoRepository_InsertMany(t *testing.T) {
 	})

 	t.Run("InsertMany_DuplicateKey", func(t *testing.T) {
-		id := primitive.NewObjectID()
+		id := bson.NewObjectID()

 		// Insert first object
 		obj1 := &TestObject{Base: storable.Base{ID: id}, Name: "original"}
--- a/api/pkg/db/internal/mongo/repositoryimp/repository_patch_test.go
+++ b/api/pkg/db/internal/mongo/repositoryimp/repository_patch_test.go
@@ -8,16 +8,16 @@ import (
 	"testing"
 	"time"

+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 	"github.com/tech/sendico/pkg/db/internal/mongo/repositoryimp"
 	"github.com/tech/sendico/pkg/db/repository"
 	"github.com/tech/sendico/pkg/db/repository/builder"
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
 	"github.com/testcontainers/testcontainers-go"
 	"github.com/testcontainers/testcontainers-go/modules/mongodb"
 	"github.com/testcontainers/testcontainers-go/wait"
-	"go.mongodb.org/mongo-driver/mongo"
-	"go.mongodb.org/mongo-driver/mongo/options"
+	"go.mongodb.org/mongo-driver/v2/mongo"
+	"go.mongodb.org/mongo-driver/v2/mongo/options"
 )

 func TestMongoRepository_PatchOperations(t *testing.T) {
--- a/api/pkg/db/internal/mongo/repositoryimp/repository_test.go
+++ b/api/pkg/db/internal/mongo/repositoryimp/repository_test.go
@@ -9,19 +9,19 @@ import (
 	"testing"
 	"time"

+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 	"github.com/tech/sendico/pkg/db/internal/mongo/repositoryimp"
 	"github.com/tech/sendico/pkg/db/internal/mongo/repositoryimp/builderimp"
 	"github.com/tech/sendico/pkg/db/repository/builder"
 	"github.com/tech/sendico/pkg/db/storable"
 	"github.com/tech/sendico/pkg/merrors"
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
 	"github.com/testcontainers/testcontainers-go"
 	"github.com/testcontainers/testcontainers-go/modules/mongodb"
 	"github.com/testcontainers/testcontainers-go/wait"
-	"go.mongodb.org/mongo-driver/bson/primitive"
-	"go.mongodb.org/mongo-driver/mongo"
-	"go.mongodb.org/mongo-driver/mongo/options"
+	"go.mongodb.org/mongo-driver/v2/bson"
+	"go.mongodb.org/mongo-driver/v2/mongo"
+	"go.mongodb.org/mongo-driver/v2/mongo/options"
 )

 type TestObject struct {
@@ -92,7 +92,7 @@ func TestMongoRepository_Get(t *testing.T) {
 	})

 	t.Run("Get_NotFound", func(t *testing.T) {
-		nonExistentID := primitive.NewObjectID()
+		nonExistentID := bson.NewObjectID()
 		result := &TestObject{}

 		err := repository.Get(ctx, nonExistentID, result)
@@ -101,7 +101,7 @@ func TestMongoRepository_Get(t *testing.T) {
 	})

 	t.Run("Get_InvalidID", func(t *testing.T) {
-		invalidID := primitive.ObjectID{} // zero value
+		invalidID := bson.ObjectID{} // zero value
 		result := &TestObject{}

 		err := repository.Get(ctx, invalidID, result)
--- a/api/pkg/db/internal/mongo/rolesdb/db.go
+++ b/api/pkg/db/internal/mongo/rolesdb/db.go
@@ -5,7 +5,7 @@ import (
 	"github.com/tech/sendico/pkg/mlogger"
 	"github.com/tech/sendico/pkg/model"
 	"github.com/tech/sendico/pkg/mservice"
-	"go.mongodb.org/mongo-driver/mongo"
+	"go.mongodb.org/mongo-driver/v2/mongo"
 )

 type RolesDB struct {
--- a/api/pkg/db/internal/mongo/rolesdb/list.go
+++ b/api/pkg/db/internal/mongo/rolesdb/list.go
@@ -6,10 +6,10 @@ import (
 	"github.com/tech/sendico/pkg/db/repository"
 	"github.com/tech/sendico/pkg/model"
 	mutil "github.com/tech/sendico/pkg/mutil/db"
-	"go.mongodb.org/mongo-driver/bson/primitive"
+	"go.mongodb.org/mongo-driver/v2/bson"
 )

-func (db *RolesDB) List(ctx context.Context, organizationRef primitive.ObjectID, cursor *model.ViewCursor) ([]model.RoleDescription, error) {
+func (db *RolesDB) List(ctx context.Context, organizationRef bson.ObjectID, cursor *model.ViewCursor) ([]model.RoleDescription, error) {
 	filter := repository.OrgFilter(organizationRef)
 	return mutil.GetObjects[model.RoleDescription](ctx, db.Logger, filter, cursor, db.Repository)
 }
--- a/api/pkg/db/internal/mongo/rolesdb/roles.go
+++ b/api/pkg/db/internal/mongo/rolesdb/roles.go
@@ -6,10 +6,10 @@ import (
 	"github.com/tech/sendico/pkg/db/repository"
 	"github.com/tech/sendico/pkg/model"
 	mutil "github.com/tech/sendico/pkg/mutil/db"
-	"go.mongodb.org/mongo-driver/bson/primitive"
+	"go.mongodb.org/mongo-driver/v2/bson"
 )

-func (db *RolesDB) Roles(ctx context.Context, refs []primitive.ObjectID) ([]model.RoleDescription, error) {
+func (db *RolesDB) Roles(ctx context.Context, refs []bson.ObjectID) ([]model.RoleDescription, error) {
 	filter := repository.Query().In(repository.IDField(), refs)
 	return mutil.GetObjects[model.RoleDescription](ctx, db.Logger, filter, nil, db.Repository)
 }
--- a/Show More
+++ b/Show More