diff --git a/AUTH.md b/AUTH.md
index 7dacfe8..7929e39 100644
--- a/AUTH.md
+++ b/AUTH.md
@@ -1,6 +1,6 @@
 [← README](README.md) · [HOWTO_ADD_BOT](HOWTO_ADD_BOT.md) · **Authentification**
 
-> **Détails de design** : [factory ADR 20260509 — telegram-gateway auth](https://gitea.arcodange.lab/arcodange-org/factory/src/branch/main/docs/adr/20260509-telegram-gateway-auth.md)
+> **Détails de design** : [factory ADR 20260509 — telegram-gateway auth](https://gitea.arcodange.lab/arcodange-org/factory/src/branch/main/doc/adr/20260509-telegram-gateway-auth.md)
 
 # Authentification
 
diff --git a/HOWTO_ADD_BOT.md b/HOWTO_ADD_BOT.md
index 5f913b1..f3eebcc 100644
--- a/HOWTO_ADD_BOT.md
+++ b/HOWTO_ADD_BOT.md
@@ -35,7 +35,7 @@ la session n'a rien à recevoir en retour.
 
 Utile pour valider la chaîne, créer un canal de log conversationnel, etc.
 
-> **Auth (Phase 1.5, ADR [20260509](https://gitea.arcodange.lab/arcodange-org/factory/src/branch/main/docs/adr/20260509-telegram-gateway-auth.md))** : par défaut, **`requireAuth: true`** s'applique → tout user qui DM ce bot doit d'abord ouvrir une session via `/auth <code>` chez `@arcodange_factory_bot`. Voir [`AUTH.md`](AUTH.md). Pour rendre un bot public, ajouter explicitement `requireAuth: false`.
+> **Auth (Phase 1.5, ADR [20260509](https://gitea.arcodange.lab/arcodange-org/factory/src/branch/main/doc/adr/20260509-telegram-gateway-auth.md))** : par défaut, **`requireAuth: true`** s'applique → tout user qui DM ce bot doit d'abord ouvrir une session via `/auth <code>` chez `@arcodange_factory_bot`. Voir [`AUTH.md`](AUTH.md). Pour rendre un bot public, ajouter explicitement `requireAuth: false`.
 
 Steps (humain ou session Claude avec accès au cluster + au repo) :
 
diff --git a/allowlist.go b/allowlist.go
index f053630..67ee930 100644
--- a/allowlist.go
+++ b/allowlist.go
@@ -1,4 +1,4 @@
-// Voir factory/docs/adr/20260509-telegram-gateway-auth.md
+// Voir factory/doc/adr/20260509-telegram-gateway-auth.md
 package main
 
 import (
diff --git a/auth.go b/auth.go
index 536c212..428618a 100644
--- a/auth.go
+++ b/auth.go
@@ -1,4 +1,4 @@
-// Voir factory/docs/adr/20260509-telegram-gateway-auth.md
+// Voir factory/doc/adr/20260509-telegram-gateway-auth.md
 package main
 
 import (
diff --git a/chart/templates/deployment.yaml b/chart/templates/deployment.yaml
index 2f29cbe..40ec395 100644
--- a/chart/templates/deployment.yaml
+++ b/chart/templates/deployment.yaml
@@ -45,7 +45,7 @@ spec:
               value: ":{{ .Values.service.port }}"
             - name: CONFIG_PATH
               value: /etc/telegram-gateway/bots.yaml
-            # Auth layer — voir factory/docs/adr/20260509-telegram-gateway-auth.md.
+            # Auth layer — voir factory/doc/adr/20260509-telegram-gateway-auth.md.
             # AUTH_SECRET et ALLOWED_USERS arrivent via envFrom secretRef.
             - name: REDIS_URL
               value: {{ .Values.auth.redisURL | quote }}
diff --git a/chart/values.yaml b/chart/values.yaml
index fde9de3..1bbc2ef 100644
--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -82,7 +82,7 @@ autoscaling:
 # Bot routing config — non-secret, becomes the bots.yaml ConfigMap entry.
 # Tokens & secret_token values live in a k8s Secret named `secret.name`.
 #
-# Auth gate (Phase 1.5, ADR factory/docs/adr/20260509-telegram-gateway-auth.md):
+# Auth gate (Phase 1.5, ADR factory/doc/adr/20260509-telegram-gateway-auth.md):
 #   - `requireAuth` defaults to **true** (secure by default). Add
 #     `requireAuth: false` only for bots you want to expose publicly.
 #   - For `handler: auth`, requireAuth is auto-forced to false (the auth bot
diff --git a/handler_auth.go b/handler_auth.go
index ebc0d62..5a58dfd 100644
--- a/handler_auth.go
+++ b/handler_auth.go
@@ -1,4 +1,4 @@
-// Voir factory/docs/adr/20260509-telegram-gateway-auth.md
+// Voir factory/doc/adr/20260509-telegram-gateway-auth.md
 package main
 
 import (
diff --git a/main.go b/main.go
index c876c9f..7d2a32f 100644
--- a/main.go
+++ b/main.go
@@ -47,7 +47,7 @@ func runServer() {
 	tg := NewTelegramClient()
 
 	// Phase 1.5 — auth layer (Redis-backed sessions). See
-	// factory/docs/adr/20260509-telegram-gateway-auth.md.
+	// factory/doc/adr/20260509-telegram-gateway-auth.md.
 	authSecret := os.Getenv("AUTH_SECRET")
 	redisURL := envOr("REDIS_URL", "redis://redis.tools.svc.cluster.local:6379/0")
 	ttl := 24 * time.Hour
diff --git a/telegram.go b/telegram.go
index 4962a03..41e089d 100644
--- a/telegram.go
+++ b/telegram.go
@@ -169,7 +169,7 @@ type DeleteMessageParams struct {
 
 // DeleteMessage removes a message from a chat. Used as best-effort replay
 // defense after a successful /auth (we delete the message that contained
-// the secret). See factory/docs/adr/20260509-telegram-gateway-auth.md.
+// the secret). See factory/doc/adr/20260509-telegram-gateway-auth.md.
 func (c *TelegramClient) DeleteMessage(ctx context.Context, token string, chatID, messageID int64) error {
 	body, err := json.Marshal(DeleteMessageParams{ChatID: chatID, MessageID: messageID})
 	if err != nil {
diff --git a/telegram_types.go b/telegram_types.go
index 65d11fd..02eb67e 100644
--- a/telegram_types.go
+++ b/telegram_types.go
@@ -48,7 +48,7 @@ func (u Update) ChatID() (int64, bool) {
 
 // UserID extracts the Telegram user ID (`from.id`) from whichever sub-payload
 // is set. Used by the auth layer (factory bot session, requireAuth gate, allowlist).
-// See factory/docs/adr/20260509-telegram-gateway-auth.md.
+// See factory/doc/adr/20260509-telegram-gateway-auth.md.
 func (u Update) UserID() (int64, bool) {
 	switch {
 	case u.Message != nil && u.Message.From != nil: