fix: document SvelteKit redirect URL and password reset email customization limit (gap report)

src/content/docs/design/content-customization/email-content.mdx

@@ -29,15 +29,15 @@ keywords:
   - passwordless auth
   - SMTP
   - business name
-updated: 2026-03-03
+updated: 2026-04-07
 featured: false
 deprecated: false
 ai_summary: Guide for customizing email content including sender details, logo configuration, OTP email customization, and multi-language support for authentication emails.
 ---
 
 If emails are part of your authentication processes for users - for example, users receive sign-in codes via email in a passwordless process - you can customize email details, with some limitations. Core auth emails (verification, OTP, password reset) cannot be fully disabled; you can only customize who they are sent from and their content.
 
-## **Change the email sender** **name**
+## Change the email sender name
 
 You can add your business or brand name so it appears as the sender of emails.
 
@@ -49,13 +49,15 @@ You can add your business or brand name so it appears as the sender of emails.
 
 If you want to change the email sender address, you add your own email provider’s SMTP details. See [Customize email sender](/get-started/connect/customize-email-sender/).
 
-## **Change email logo**
+## Change email logo
 
 Emails inherit the logo you set as part of your [global brand](/design/brand/global-brand-defaults/). But you can also set a unique logo [for each organization](/design/brand/apply-branding-for-an-organization/) in your business.
 
 ## Change who verification emails are sent from
 
-_Only applies if you choose not to send emails from your own provider_
+<Aside>
+Only applies if you choose not to send emails from your own provider.
+</Aside>
 
 When Kinde sends an email on your behalf, it is sent from the ‘Business name’ listed in your Kinde business by default.
 
@@ -90,3 +92,7 @@ You can include the sign-in code in the subject line of OTP emails to make it vi
 2. Select the language you want to edit. Only [languages you have selected](/design/content-customization/set-language-for-pages/) in your business are available.
 3. In the subject line field, include the `${code}` placeholder. This is where the code will appear. E.g. Enter `${code}` for access.
 4. Select **Save**.
+
+## Can password reset emails use fully custom HTML?
+
+No. Password reset is a core authentication email. You can customize subject, body text, disclaimers, and placeholders where the template editor exposes them—the same pattern as other auth emails—but you cannot supply a **fully custom HTML** email as a free-form document.

src/content/docs/developer-tools/sdks/backend/sveltekit-sdk.mdx

@@ -4,6 +4,8 @@ title: SvelteKit SDK
 description: "Complete guide for SvelteKit SDK including OAuth 2.0 flows, session management, authentication integration, and user profile access for SvelteKit applications."
 sidebar:
   order: 12
+tableOfContents:
+  maxHeadingLevel: 3
 head:
   - tag: meta
     attrs:
@@ -31,7 +33,7 @@ keywords:
   - Client Credentials
   - session hooks
   - authentication
-updated: 2024-01-15
+updated: 2026-04-08
 featured: false
 deprecated: false
 ai_summary: Complete guide for SvelteKit SDK including OAuth 2.0 flows, session management, authentication integration, and user profile access for SvelteKit applications.
@@ -81,6 +83,15 @@ If you haven’t already got a Kinde account, [register for free here](https://
 
 Kinde comes with a production environment, but you can set up other environments if you want to. Each environment has a unique subdomain so be sure to use the correct one in the **Configure your app section** which follows.
 
+### Using dynamic callback URLs
+
+The SDK reads a single static `redirect_uri` from `KINDE_REDIRECT_URL`. It does not build different values per request, so multi-tenant subdomains, per-org paths, and `{organization.handle}`-style URLs are not supported out of the box.
+
+If you need dynamic callbacks:
+
+- Register wildcard or subdomain patterns in **Allowed callback URLs** — see [Wildcards in callback URLs](/get-started/connect/callback-urls/#wildcards-in-callback-urls).
+- Implement the auth code flow yourself using [Kinde without an SDK](/developer-tools/about/using-kinde-without-an-sdk/) so your server selects the correct `redirect_uri` per request.
+
 ## Configure your app
 
 **Environment variables**