Commit Graph

1373 Commits

Author SHA1 Message Date
DarkSky 7123595831 chore: bump deps (#15059)
#### PR Dependency Tree


* **PR #15059** 👈

This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* Configurable minimum account age before new accounts can invite
members or create share links (default: 24 hours).
* Sign-in now returns and caches user info for improved session
handling.

* **Bug Fixes**
  * Queue handling accepts and resolves job IDs with special characters.
* Improved clipboard/rich-text caret handling and nested-list paste
reliability.
  * Calendar tests use dynamic current-month dates.
  * AI search returns explicit "No matching documents" when none found.
  * Auth session responses are explicitly non-cacheable.

* **Chores**
* Dependency and toolchain bumps; admin UI config/schema exposes the new
account-age setting.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-06-01 20:13:59 +08:00
Marsssssssssssdsss 78cf402141 fix: handle empty results in MCP keyword_search tool (#15058)
## Description

Fixes: #15038 — MCP keyword_search tool errors with "Unexpected response
type" when no results are found.

### Problem

When the MCP `keyword_search` tool returns no matching documents, the
access control `.docs()` method may return `undefined`/`null` for an
empty input array. Calling `.map()` on this value throws an error, and
the MCP framework wraps it as "Unexpected response type".

### Solution

Added a guard check after the permission filtering step. If the result
is empty or null, the tool now returns a proper informational response
instead of throwing.

### Changes

- `packages/backend/server/src/plugins/copilot/mcp/provider.ts`: Added
null/empty check before `docs.map()` in the keyword_search tool execute
function.

### Testing

- **Before**: `keyword_search` with a non-existent keyword throws
"Unexpected response type"
- **After**: `keyword_search` with a non-existent keyword returns `{
content: [{ type: 'text', text: 'No matching documents found.' }] }`


<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **Bug Fixes**
* Prevented errors when document data is missing, improving search
stability.
* Improved search feedback by displaying a clear "No matching documents
found." message instead of empty results.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-06-01 17:56:42 +08:00
DarkSky ebd3e62ed9 fix(server): canary may missing changelog (#15061)
fix #15027 


#### PR Dependency Tree


* **PR #15061** 👈

This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **Bug Fixes**
* Improved handling of missing release notes during upgrade checks. The
changelog field now defaults to an empty value when release information
is unavailable.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-06-01 17:11:35 +08:00
DarkSky ce9841df9d feat(server): passkey pre-refactor (#15060)
#### PR Dependency Tree


* **PR #15060** 👈

This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* OpenApp native sign-in and native session exchange (JWT) for mobile &
desktop.
  * Centralized short-lived auth challenge store for one-time tokens.
* Encrypted per-endpoint token storage and native token handlers
(Android, iOS, Electron).

* **Improvements**
* Richer auth-method reporting (password, magic link, OAuth, passkey)
and improved sign-in flows.
* Hardened magic-link, OAuth, and session issuance; JWT-backed sessions
and websocket JWT support.
* UX tweaks: form-based password submit, OTP autocomplete, adjusted
captcha flow.

* **Bug Fixes**
  * Expanded tests and auth-state resets to avoid cross-test leakage.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-06-01 17:11:15 +08:00
DarkSky b05c387f96 fix(server): mail test & retry (#15044)
#### PR Dependency Tree


* **PR #15044** 👈

This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **Bug Fixes**
* Stop sending notifications to disabled users; skip member invites when
workspace names contain URLs/domains
* Improve mail retry handling (per-recipient exhaustion, expiry, and
cache cleanup)
  * Make many email headers/lead lines more generic and consistent
  * Fail-safe workspace content parsing to avoid crashes

* **New Features**
* 24-hour signup protection for sharing, invites, and invite-link
creation
  * Job-queue: remove jobs by payload predicate

* **Tests**
* Expanded tests for mail jobs, SMTP hostname handling, payment
checkout, job-queue removal, and abuse-detection utilities
  * Updated test fixtures to set createdAt timestamps for new users

* **Chores**
  * Added required name input for test-email mutation
  * Database flush retry with deadlock detection/backoff

<!-- review_stack_entry_start -->

[![Review Change
Stack](https://storage.googleapis.com/coderabbit_public_assets/review-stack-in-coderabbit-ui.svg)](https://app.coderabbit.ai/change-stack/toeverything/AFFiNE/pull/15044?utm_source=github_walkthrough&utm_medium=github&utm_campaign=change_stack)

<!-- review_stack_entry_end -->
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-05-31 00:06:29 +08:00
renovate[bot] 2bd920fea6 chore: bump up @inquirer/prompts version to v8 (#15025)
This PR contains the following updates:

| Package | Change |
[Age](https://docs.renovatebot.com/merge-confidence/) |
[Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
|
[@inquirer/prompts](https://redirect.github.com/SBoudrias/Inquirer.js/blob/main/packages/prompts/README.md)
([source](https://redirect.github.com/SBoudrias/Inquirer.js)) |
[`^7.10.1` →
`^8.0.0`](https://renovatebot.com/diffs/npm/@inquirer%2fprompts/7.10.1/8.5.0)
|
![age](https://developer.mend.io/api/mc/badges/age/npm/@inquirer%2fprompts/8.5.0?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@inquirer%2fprompts/7.10.1/8.5.0?slim=true)
|

---

### Release Notes

<details>
<summary>SBoudrias/Inquirer.js (@&#8203;inquirer/prompts)</summary>

###
[`v8.5.0`](https://redirect.github.com/SBoudrias/Inquirer.js/compare/@inquirer/prompts@8.4.3...5ca6d1101d5d3f8fb066cd5b389bccfdafbbe0c0)

[Compare
Source](https://redirect.github.com/SBoudrias/Inquirer.js/compare/@inquirer/prompts@8.4.3...@inquirer/prompts@8.5.0)

###
[`v8.4.3`](https://redirect.github.com/SBoudrias/Inquirer.js/releases/tag/%40inquirer/prompts%408.4.3)

[Compare
Source](https://redirect.github.com/SBoudrias/Inquirer.js/compare/@inquirer/prompts@8.4.2...@inquirer/prompts@8.4.3)

- Fix: Windows rendering bug
- Fix: Preserve exact literal types in `choices` array (Typescript only)
- Fix: Allow input `default` value to be of type `undefined` (Typescript
only)
- Bump dependencies

###
[`v8.4.2`](https://redirect.github.com/SBoudrias/Inquirer.js/releases/tag/%40inquirer/prompts%408.4.2)

[Compare
Source](https://redirect.github.com/SBoudrias/Inquirer.js/compare/@inquirer/prompts@8.4.1...@inquirer/prompts@8.4.2)

- Fix: some Windows terminals would freeze and not react to keypresses.

###
[`v8.4.1`](https://redirect.github.com/SBoudrias/Inquirer.js/releases/tag/%40inquirer/prompts%408.4.1)

[Compare
Source](https://redirect.github.com/SBoudrias/Inquirer.js/compare/@inquirer/prompts@8.4.0...@inquirer/prompts@8.4.1)

- Improve `expand` prompt type inferrence.

###
[`v8.4.0`](https://redirect.github.com/SBoudrias/Inquirer.js/releases/tag/%40inquirer/prompts%408.4.0)

[Compare
Source](https://redirect.github.com/SBoudrias/Inquirer.js/compare/@inquirer/prompts@8.3.2...@inquirer/prompts@8.4.0)

- Feat: Added a loading message while validating editor prompt input.
- Type improvement: Better type inference with checkbox, search and
expand prompts.
- Fix: `editor` prompt not always properly handling editor path on
windows.

###
[`v8.3.2`](https://redirect.github.com/SBoudrias/Inquirer.js/releases/tag/%40inquirer/prompts%408.3.2)

[Compare
Source](https://redirect.github.com/SBoudrias/Inquirer.js/compare/@inquirer/prompts@8.3.1...@inquirer/prompts@8.3.2)

- Fix broken 8.3.1 release process.

###
[`v8.3.1`](https://redirect.github.com/SBoudrias/Inquirer.js/releases/tag/%40inquirer/prompts%408.3.1)

[Compare
Source](https://redirect.github.com/SBoudrias/Inquirer.js/compare/@inquirer/prompts@8.3.0...@inquirer/prompts@8.3.1)

- Bump dependencies

###
[`v8.3.0`](https://redirect.github.com/SBoudrias/Inquirer.js/releases/tag/%40inquirer/prompts%408.3.0)

[Compare
Source](https://redirect.github.com/SBoudrias/Inquirer.js/compare/@inquirer/prompts@8.2.1...@inquirer/prompts@8.3.0)

- Fix: Keypresses happening before a prompt is rendered are now ignored.
- Fix (checkbox): Element who're both checked and disabled are now
always included in the returned array.
- Feat (select/checkbox): Cursor will now hover disabled options of the
list; but they still cannot be interacted with. This prevents the cursor
jumping ahead in ways that can be confusing.
- Feat: various new theme options to make all prompts content
localizable.

Finally, see our new [`@inquirer/i18n`
package](https://redirect.github.com/SBoudrias/Inquirer.js/tree/main/packages/i18n)!

###
[`v8.2.1`](https://redirect.github.com/SBoudrias/Inquirer.js/releases/tag/%40inquirer/prompts%408.2.1)

[Compare
Source](https://redirect.github.com/SBoudrias/Inquirer.js/compare/@inquirer/prompts@8.2.0...@inquirer/prompts@8.2.1)

- chore: Switch `wrap-ansi` with `fast-wrap-ansi`

###
[`v8.2.0`](https://redirect.github.com/SBoudrias/Inquirer.js/releases/tag/%40inquirer/prompts%408.2.0)

[Compare
Source](https://redirect.github.com/SBoudrias/Inquirer.js/compare/@inquirer/prompts@8.1.0...@inquirer/prompts@8.2.0)

- feat(`search`): Add support for `default`.
- feat(`rawlist`): Add support for `description` of choices. That
information is displayed under the list when the choice is highlighted.
- Bump dependencies

###
[`v8.1.0`](https://redirect.github.com/SBoudrias/Inquirer.js/releases/tag/%40inquirer/prompts%408.1.0)

[Compare
Source](https://redirect.github.com/SBoudrias/Inquirer.js/compare/@inquirer/prompts@8.0.2...@inquirer/prompts@8.1.0)

- Feat: `rawlist` now supports `default` option.
- Fix: `select` now infer return type properly when passing a `choices`
array of string literals.

###
[`v8.0.2`](https://redirect.github.com/SBoudrias/Inquirer.js/releases/tag/%40inquirer/prompts%408.0.2)

[Compare
Source](https://redirect.github.com/SBoudrias/Inquirer.js/compare/@inquirer/prompts@8.0.1...@inquirer/prompts@8.0.2)

- Fix Typescript not discovering types when `moduleResolution` is set to
`commonjs` (you probably want to fix that in your project if it's still
in your tsconfig)

###
[`v8.0.1`](https://redirect.github.com/SBoudrias/Inquirer.js/compare/@inquirer/prompts@8.0.0...@inquirer/prompts@8.0.1)

[Compare
Source](https://redirect.github.com/SBoudrias/Inquirer.js/compare/@inquirer/prompts@8.0.0...@inquirer/prompts@8.0.1)

###
[`v8.0.0`](https://redirect.github.com/SBoudrias/Inquirer.js/releases/tag/%40inquirer/prompts%408.0.0)

[Compare
Source](https://redirect.github.com/SBoudrias/Inquirer.js/compare/@inquirer/prompts@7.10.1...@inquirer/prompts@8.0.0)

### Release Notes

#### 🚨 Breaking Changes

This is a major release that modernizes the codebase for Node.js ≥ 20.

##### ESM Only - No More CommonJS Support

**Impact:** All packages are now ESM-only. CommonJS imports are no
longer supported.

If you're on modern Node versions (≥ 20), this should be transparent and
have no impact.

##### Node.js Version Requirement

**Minimum Node.js version is now 20.x**

Node.js versions below 20 are no longer supported. Please upgrade to
Node.js 20 or later.

Node min versions: `>=23.5.0 || ^22.13.0 || ^21.7.0 || ^20.12.0`

##### Deprecated APIs Removed

The following deprecated APIs have been removed after being deprecated
in previous releases:

##### `list` prompt alias removed (affects `inquirer` package only)

The `list` alias has been removed from the `inquirer` package. This only
impacts users of the legacy `inquirer` package, not users of
`@inquirer/prompts` or individual prompt packages.

```js
//  No longer available (inquirer package only)
import inquirer from 'inquirer';
const answer = await inquirer.prompt([
  { type: 'list', name: 'choice', message: 'Pick one:', choices: ['a', 'b'] }
]);

//  Use 'select' instead
import inquirer from 'inquirer';
const answer = await inquirer.prompt([
  { type: 'select', name: 'choice', message: 'Pick one:', choices: ['a', 'b'] }
]);
```

##### `helpMode` theme property removed

```js
//  No longer available
const answer = await select({
  theme: { helpMode: 'never' }
});

//  Use theme.style.keysHelpTip instead
const answer = await select({
  theme: {
    style: {
      keysHelpTip: () => undefined // or your custom styling function
    }
  }
});
```

This affects the following prompts:

- `@inquirer/checkbox`
- `@inquirer/search`
- `@inquirer/select`

##### `instructions` config property removed

```js
//  No longer available
const answer = await checkbox({
  instructions: 'Custom instructions'
});

//  Use theme.style.keysHelpTip instead
const answer = await checkbox({
  theme: {
    style: {
      keysHelpTip: (text) => 'Custom instructions'
    }
  }
});
```

This affects the following prompts:

- `@inquirer/checkbox`
- `@inquirer/search`
- `@inquirer/select`

##### `cancel()` method removed

The `cancel()` method on prompt return custom `Promise` has been
removed.

```js
//  No longer available
const answerPromise = input({ message: 'Name?' });
answerPromise.cancel();
const answer = await answerPromise;

//  Use AbortSignal instead
const controller = new AbortController();
const answer = await input(
  { message: 'Name?' },
  { signal: controller.signal }
);
controller.abort();
```

##### Color Library Change: yoctocolors → Node.js `styleText`

**Internal change:** The project now uses Node.js built-in
`util.styleText()` instead of the `yoctocolors` package for terminal
colors. This makes Inquirer smaller and reduces risks of vulnerabilities
coming from transitive dependencies.

</details>

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - At any time (no schedule defined)
- Automerge
  - At any time (no schedule defined)

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/toeverything/AFFiNE).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xOTQuMCIsInVwZGF0ZWRJblZlciI6IjQzLjE5NC4wIiwidGFyZ2V0QnJhbmNoIjoiY2FuYXJ5IiwibGFiZWxzIjpbImRlcGVuZGVuY2llcyJdfQ==-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-05-28 15:21:54 +08:00
renovate[bot] b3b9c54a89 chore: bump up @types/nodemailer version to v8 (#15026)
This PR contains the following updates:

| Package | Change |
[Age](https://docs.renovatebot.com/merge-confidence/) |
[Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
|
[@types/nodemailer](https://redirect.github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/nodemailer)
([source](https://redirect.github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/nodemailer))
| [`^7.0.0` →
`^8.0.0`](https://renovatebot.com/diffs/npm/@types%2fnodemailer/7.0.9/8.0.0)
|
![age](https://developer.mend.io/api/mc/badges/age/npm/@types%2fnodemailer/8.0.0?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@types%2fnodemailer/7.0.9/8.0.0?slim=true)
|

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - At any time (no schedule defined)
- Automerge
  - At any time (no schedule defined)

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/toeverything/AFFiNE).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xOTQuMCIsInVwZGF0ZWRJblZlciI6IjQzLjE5NC4wIiwidGFyZ2V0QnJhbmNoIjoiY2FuYXJ5IiwibGFiZWxzIjpbImRlcGVuZGVuY2llcyJdfQ==-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-05-28 15:21:06 +08:00
DarkSky 1d08e1d8c0 fix(server): dirty data handle (#15034)
#### PR Dependency Tree


* **PR #15034** 👈

This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **Refactor**
* Consolidated subscription visibility and “active” selection logic so
all subscription queries use a shared, consistent filter across the
platform.

* **Tests**
* Added a test to ensure expired subscriptions are excluded from active
subscription results.
* Updated test fixtures to differentiate expired, unexpired, and onetime
subscriptions for more accurate coverage.

<!-- review_stack_entry_start -->

[![Review Change
Stack](https://storage.googleapis.com/coderabbit_public_assets/review-stack-in-coderabbit-ui.svg)](https://app.coderabbit.ai/change-stack/toeverything/AFFiNE/pull/15034?utm_source=github_walkthrough&utm_medium=github&utm_campaign=change_stack)

<!-- review_stack_entry_end -->
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-05-28 15:20:17 +08:00
DarkSky 6d1172ba44 chore: bump deps 2026-05-24 07:13:16 +08:00
DarkSky 2aa56cbccd chore: bump toolchain & fix lint 2026-05-24 06:47:17 +08:00
DarkSky dd1cd77ca0 chore(server): improve migration compatibility (#15014)
#### PR Dependency Tree


* **PR #15014** 👈

This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **Bug Fixes**
* Remove orphaned legacy subscription and entitlement records during
backfill.
* Repair workspaces missing active owners by promoting eligible members
and cleaning up empty workspaces.
* Skip cloud subscription backfill when target user/workspace no longer
exists to avoid dangling data.

* **Tests**
  * Added tests verifying legacy data cleanup during backfill.
* Added tests verifying workspace ownership repair and migration
behavior.

<!-- review_stack_entry_start -->

[![Review Change
Stack](https://storage.googleapis.com/coderabbit_public_assets/review-stack-in-coderabbit-ui.svg)](https://app.coderabbit.ai/change-stack/toeverything/AFFiNE/pull/15014?utm_source=github_walkthrough&utm_medium=github&utm_campaign=change_stack)

<!-- review_stack_entry_end -->
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-05-21 15:28:51 +08:00
DarkSky 1f2119e273 fix: migration timeout 2026-05-20 18:39:08 +08:00
DarkSky 9f33d37add feat(core): integrate realtime features (#15003) 2026-05-20 05:48:03 +08:00
DarkSky c53457691d feat(server): entitlement based model (#14996)
#### PR Dependency Tree


* **PR #14996** 👈

This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
  * Admin mutations to grant/revoke commercial entitlements.
  * New Doc comment-update permission.
  * Realtime user/workspace quota-state endpoints and live-update rooms.

* **Bug Fixes**
  * More accurate readable-doc filtering and permission evaluation.

* **Refactor**
* Workspace feature management moved to entitlement-based model;
permission and quota pipelines redesigned.
  * Admin workspace UI now edits flags only (feature toggles removed).

* **Tests**
* Extensive new and updated tests for permissions, entitlements, quota,
projection, and backfills.

<!-- review_stack_entry_start -->

[![Review Change
Stack](https://storage.googleapis.com/coderabbit_public_assets/review-stack-in-coderabbit-ui.svg)](https://app.coderabbit.ai/change-stack/toeverything/AFFiNE/pull/14996?utm_source=github_walkthrough&utm_medium=github&utm_campaign=change_stack)

<!-- review_stack_entry_end -->
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-05-19 22:48:05 +08:00
DarkSky c8cdc488db feat(server): entitlement primitive (#14964)
#### PR Dependency Tree


* **PR #14964** 👈

This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* Added entitlement resolution to validate licenses and derive plan,
quotas, expiry and flags.
* Introduced persistent quota/entitlement state for users and workspaces
with legacy sync behavior.
* Real-time quota-state operations and change events for monitoring
usage.

* **Chores**
  * Updated workspace dependencies to add cryptography/hash crates.

* **Tests**
* Added native entitlement tests covering validation, quantity handling,
and signature/expiry cases.

<!-- review_stack_entry_start -->

[![Review Change
Stack](https://storage.googleapis.com/coderabbit_public_assets/review-stack-in-coderabbit-ui.svg)](https://app.coderabbit.ai/change-stack/toeverything/AFFiNE/pull/14964)

<!-- review_stack_entry_end -->
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-05-14 18:25:03 +08:00
DarkSky f626dbd590 fix(server): realtime loading (#14959)
#### PR Dependency Tree


* **PR #14959** 👈

This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **Refactor**
* Rewired realtime and copilot services to require their runtime
dependencies, improving reliability and removing nullable/optional
runtime paths.

* **Tests**
* Centralized service creation in tests with helper factories and added
checks ensuring realtime dependency injection is configured as expected.

<!-- review_stack_entry_start -->

[![Review Change
Stack](https://storage.googleapis.com/coderabbit_public_assets/review-stack-in-coderabbit-ui.svg)](https://app.coderabbit.ai/change-stack/toeverything/AFFiNE/pull/14959)

<!-- review_stack_entry_end -->
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-05-14 11:54:45 +08:00
DarkSky 4b4def3a11 feat(server): gemini embedding 2 support (#14956)
#### PR Dependency Tree


* **PR #14956** 👈

This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

## Release Notes

* **Bug Fixes**
* Improved Gemini Vertex provider configuration validation logic for
enhanced reliability.
  * Refined Google Vertex publisher base URL construction handling.

* **Tests**
  * Added test coverage for Gemini Embedding 2 model resolution.
* Added test coverage for Gemini Vertex provider Google Cloud
integration.

<!-- review_stack_entry_start -->

[![Review Change
Stack](https://storage.googleapis.com/coderabbit_public_assets/review-stack-in-coderabbit-ui.svg)](https://app.coderabbit.ai/change-stack/toeverything/AFFiNE/pull/14956)

<!-- review_stack_entry_end -->

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-05-14 04:12:49 +08:00
DarkSky 659072183c chore: bump deps 2026-05-13 22:26:02 +08:00
DarkSky 322f2ba986 fix(server): migrate old tables (#14954) 2026-05-13 21:57:28 +08:00
renovate[bot] f19a922793 chore: bump up @opentelemetry/sdk-node version to ^0.217.0 [SECURITY] (#14945)
This PR contains the following updates:

| Package | Change |
[Age](https://docs.renovatebot.com/merge-confidence/) |
[Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
|
[@opentelemetry/sdk-node](https://redirect.github.com/open-telemetry/opentelemetry-js/tree/main/experimental/packages/opentelemetry-sdk-node)
([source](https://redirect.github.com/open-telemetry/opentelemetry-js))
| [`^0.215.0` →
`^0.217.0`](https://renovatebot.com/diffs/npm/@opentelemetry%2fsdk-node/0.215.0/0.217.0)
|
![age](https://developer.mend.io/api/mc/badges/age/npm/@opentelemetry%2fsdk-node/0.217.0?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@opentelemetry%2fsdk-node/0.215.0/0.217.0?slim=true)
|

---

### Prometheus exporter process crash via malformed HTTP request
[CVE-2026-44902](https://nvd.nist.gov/vuln/detail/CVE-2026-44902) /
[GHSA-q7rr-3cgh-j5r3](https://redirect.github.com/advisories/GHSA-q7rr-3cgh-j5r3)

<details>
<summary>More information</summary>

#### Details
##### Summary

A single malformed HTTP request crashes any Node.js process running the
OpenTelemetry JS Prometheus exporter. The metrics endpoint (default
`0.0.0.0:9464`) has no error handling around URL parsing, so a request
with an invalid URI causes an uncaught `TypeError` that terminates the
process.

**You are affected by this vulnerability if either of the following
apply to your application:**

* you directly use `@opentelemetry/exporter-prometheus` in your code
through its built-in server.
* your `OTEL_METRICS_EXPORTER` environment variable includes
`prometheus` **AND**
  * you use `@opentelemetry/sdk-node`
* you use `@opentelemetry/auto-instrumentations-node` via `--require
@&#8203;opentelemetry/auto-instrumentations-node/register`/`--import
@&#8203;opentelemetry/auto-instrumentations-node/register`

##### Impact

**Denial of service.** Any application using the OpenTelemetry
Prometheus exporter’s built-in server can be crashed by a single
unauthenticated network packet sent to the metrics port. No
authentication, special privileges, or prior access is required.

##### Remediation

##### Update to the fixed version

Update `@opentelemetry/exporter-prometheus` and
`@opentelemetry/sdk-node` to version **0.217.0** or later.
Update `@opentelemetry/auto-instrumentations-node` to version **0.75.0**
or later.

This release adds proper error handling around the URL constructor,
returning an HTTP `400` response on parse failure rather than allowing
the exception to propagate and crash the process.

```
npm install @&#8203;opentelemetry/exporter-prometheus@latest
```

##### Do Not Expose the Endpoint to Untrusted Users

> [!IMPORTANT] 
> The following mitigations reduce exposure but do not fully remediate
the vulnerability. Any client that *can* reach the metrics endpoint -
including your own Prometheus scraper host if compromised - could still
trigger the crash. Updating to **0.217.0** is the recommended
resolution.

If updating is not immediately feasible, restrict access to the metrics
endpoint so that it is not reachable by untrusted or unauthenticated
network clients. For example:

* **Bind to localhost only** by setting the `host` option to `127.0.0.1`
when configuring the `PrometheusExporter`, so the port is not exposed on
public or shared network interfaces

* **Use a firewall or network policy** to restrict access to port `9464`
(or whichever port you have configured) to only trusted Prometheus
scrape hosts

* **Place the endpoint behind a reverse proxy** that filters or
validates incoming requests before they reach the exporter

##### Details

In `PrometheusExporter.ts`, the `_requestHandler` calls `new
URL(request.url, this._baseUrl)` without any error handling. Node's HTTP
parser accepts absolute-form URIs (e.g. `http://`) for proxy
compatibility, including malformed ones. When `request.url` is
`"http://"`, the `URL` constructor throws `TypeError: Invalid URL`.
Since there is no try-catch in the handler, the exception propagates as
an uncaught exception and crashes the process.

The Prometheus metrics endpoint is unauthenticated by design (Prometheus
scrapes it) and binds to `0.0.0.0` by default, meaning it is reachable
by any network client that can connect to the metrics port.

##### Proof of Concept

Start any Node.js application with the Prometheus exporter running on
the default port `9464`, then send a single raw TCP packet:

```
echo -ne 'GET http:// HTTP/1.1\r\nHost: localhost\r\n\r\n' | nc localhost 9464
```

The process crashes immediately with:

```
TypeError: Invalid URL
    at new URL (...)
    at PrometheusExporter._requestHandler (...)
```

#### Severity
- CVSS Score: 7.5 / 10 (High)
- Vector String: `CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H`

#### References
-
[https://github.com/open-telemetry/opentelemetry-js/security/advisories/GHSA-q7rr-3cgh-j5r3](https://redirect.github.com/open-telemetry/opentelemetry-js/security/advisories/GHSA-q7rr-3cgh-j5r3)
-
[https://github.com/advisories/GHSA-q7rr-3cgh-j5r3](https://redirect.github.com/advisories/GHSA-q7rr-3cgh-j5r3)

This data is provided by the [GitHub Advisory
Database](https://redirect.github.com/advisories/GHSA-q7rr-3cgh-j5r3)
([CC-BY
4.0](https://redirect.github.com/github/advisory-database/blob/main/LICENSE.md)).
</details>

---

### Release Notes

<details>
<summary>open-telemetry/opentelemetry-js
(@&#8203;opentelemetry/sdk-node)</summary>

###
[`v0.217.0`](https://redirect.github.com/open-telemetry/opentelemetry-js/compare/2400d8389a4469f7a81ccd3be2f0b2c2dd6faaf7...74cde1b674508ccc0ed2601ac43a80ff2d35114c)

[Compare
Source](https://redirect.github.com/open-telemetry/opentelemetry-js/compare/2400d8389a4469f7a81ccd3be2f0b2c2dd6faaf7...74cde1b674508ccc0ed2601ac43a80ff2d35114c)

###
[`v0.216.0`](https://redirect.github.com/open-telemetry/opentelemetry-js/compare/a0476eef3cb973bfcc0c2e41f868dd7b484c2ed8...2400d8389a4469f7a81ccd3be2f0b2c2dd6faaf7)

[Compare
Source](https://redirect.github.com/open-telemetry/opentelemetry-js/compare/a0476eef3cb973bfcc0c2e41f868dd7b484c2ed8...2400d8389a4469f7a81ccd3be2f0b2c2dd6faaf7)

</details>

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - ""
- Automerge
  - At any time (no schedule defined)

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/toeverything/AFFiNE).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xNTkuMiIsInVwZGF0ZWRJblZlciI6IjQzLjE1OS4yIiwidGFyZ2V0QnJhbmNoIjoiY2FuYXJ5IiwibGFiZWxzIjpbImRlcGVuZGVuY2llcyJdfQ==-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-05-12 18:55:30 +08:00
DarkSky a1d150a748 fix(server): realtime module not loaded (#14952)
#### PR Dependency Tree


* **PR #14952** 👈

This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **Refactor**
* Optimized workspace invite link fetching by separating it from general
workspace configuration queries for improved performance.
* Reorganized transcription-related backend modules to better separate
concerns and enable real-time functionality.

* **Chores**
* Updated generated GraphQL types and iOS query definitions to reflect
API changes.

[![Review Change
Stack](https://storage.googleapis.com/coderabbit_public_assets/review-stack-in-coderabbit-ui.svg)](https://app.coderabbit.ai/change-stack/toeverything/AFFiNE/pull/14952)

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-05-12 18:54:42 +08:00
renovate[bot] ac6d0d35af chore: bump up @opentelemetry/exporter-prometheus version to ^0.217.0 [SECURITY] (#14944)
This PR contains the following updates:

| Package | Change |
[Age](https://docs.renovatebot.com/merge-confidence/) |
[Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
|
[@opentelemetry/exporter-prometheus](https://redirect.github.com/open-telemetry/opentelemetry-js/tree/main/experimental/packages/opentelemetry-exporter-prometheus)
([source](https://redirect.github.com/open-telemetry/opentelemetry-js))
| [`^0.215.0` →
`^0.217.0`](https://renovatebot.com/diffs/npm/@opentelemetry%2fexporter-prometheus/0.215.0/0.217.0)
|
![age](https://developer.mend.io/api/mc/badges/age/npm/@opentelemetry%2fexporter-prometheus/0.217.0?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@opentelemetry%2fexporter-prometheus/0.215.0/0.217.0?slim=true)
|

---

### Prometheus exporter process crash via malformed HTTP request
[CVE-2026-44902](https://nvd.nist.gov/vuln/detail/CVE-2026-44902) /
[GHSA-q7rr-3cgh-j5r3](https://redirect.github.com/advisories/GHSA-q7rr-3cgh-j5r3)

<details>
<summary>More information</summary>

#### Details
##### Summary

A single malformed HTTP request crashes any Node.js process running the
OpenTelemetry JS Prometheus exporter. The metrics endpoint (default
`0.0.0.0:9464`) has no error handling around URL parsing, so a request
with an invalid URI causes an uncaught `TypeError` that terminates the
process.

**You are affected by this vulnerability if either of the following
apply to your application:**

* you directly use `@opentelemetry/exporter-prometheus` in your code
through its built-in server.
* your `OTEL_METRICS_EXPORTER` environment variable includes
`prometheus` **AND**
  * you use `@opentelemetry/sdk-node`
* you use `@opentelemetry/auto-instrumentations-node` via `--require
@&#8203;opentelemetry/auto-instrumentations-node/register`/`--import
@&#8203;opentelemetry/auto-instrumentations-node/register`

##### Impact

**Denial of service.** Any application using the OpenTelemetry
Prometheus exporter’s built-in server can be crashed by a single
unauthenticated network packet sent to the metrics port. No
authentication, special privileges, or prior access is required.

##### Remediation

##### Update to the fixed version

Update `@opentelemetry/exporter-prometheus` and
`@opentelemetry/sdk-node` to version **0.217.0** or later.
Update `@opentelemetry/auto-instrumentations-node` to version **0.75.0**
or later.

This release adds proper error handling around the URL constructor,
returning an HTTP `400` response on parse failure rather than allowing
the exception to propagate and crash the process.

```
npm install @&#8203;opentelemetry/exporter-prometheus@latest
```

##### Do Not Expose the Endpoint to Untrusted Users

> [!IMPORTANT] 
> The following mitigations reduce exposure but do not fully remediate
the vulnerability. Any client that *can* reach the metrics endpoint -
including your own Prometheus scraper host if compromised - could still
trigger the crash. Updating to **0.217.0** is the recommended
resolution.

If updating is not immediately feasible, restrict access to the metrics
endpoint so that it is not reachable by untrusted or unauthenticated
network clients. For example:

* **Bind to localhost only** by setting the `host` option to `127.0.0.1`
when configuring the `PrometheusExporter`, so the port is not exposed on
public or shared network interfaces

* **Use a firewall or network policy** to restrict access to port `9464`
(or whichever port you have configured) to only trusted Prometheus
scrape hosts

* **Place the endpoint behind a reverse proxy** that filters or
validates incoming requests before they reach the exporter

##### Details

In `PrometheusExporter.ts`, the `_requestHandler` calls `new
URL(request.url, this._baseUrl)` without any error handling. Node's HTTP
parser accepts absolute-form URIs (e.g. `http://`) for proxy
compatibility, including malformed ones. When `request.url` is
`"http://"`, the `URL` constructor throws `TypeError: Invalid URL`.
Since there is no try-catch in the handler, the exception propagates as
an uncaught exception and crashes the process.

The Prometheus metrics endpoint is unauthenticated by design (Prometheus
scrapes it) and binds to `0.0.0.0` by default, meaning it is reachable
by any network client that can connect to the metrics port.

##### Proof of Concept

Start any Node.js application with the Prometheus exporter running on
the default port `9464`, then send a single raw TCP packet:

```
echo -ne 'GET http:// HTTP/1.1\r\nHost: localhost\r\n\r\n' | nc localhost 9464
```

The process crashes immediately with:

```
TypeError: Invalid URL
    at new URL (...)
    at PrometheusExporter._requestHandler (...)
```

#### Severity
- CVSS Score: 7.5 / 10 (High)
- Vector String: `CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H`

#### References
-
[https://github.com/open-telemetry/opentelemetry-js/security/advisories/GHSA-q7rr-3cgh-j5r3](https://redirect.github.com/open-telemetry/opentelemetry-js/security/advisories/GHSA-q7rr-3cgh-j5r3)
-
[https://github.com/advisories/GHSA-q7rr-3cgh-j5r3](https://redirect.github.com/advisories/GHSA-q7rr-3cgh-j5r3)

This data is provided by the [GitHub Advisory
Database](https://redirect.github.com/advisories/GHSA-q7rr-3cgh-j5r3)
([CC-BY
4.0](https://redirect.github.com/github/advisory-database/blob/main/LICENSE.md)).
</details>

---

### Release Notes

<details>
<summary>open-telemetry/opentelemetry-js
(@&#8203;opentelemetry/exporter-prometheus)</summary>

###
[`v0.217.0`](https://redirect.github.com/open-telemetry/opentelemetry-js/compare/2400d8389a4469f7a81ccd3be2f0b2c2dd6faaf7...74cde1b674508ccc0ed2601ac43a80ff2d35114c)

[Compare
Source](https://redirect.github.com/open-telemetry/opentelemetry-js/compare/2400d8389a4469f7a81ccd3be2f0b2c2dd6faaf7...74cde1b674508ccc0ed2601ac43a80ff2d35114c)

###
[`v0.216.0`](https://redirect.github.com/open-telemetry/opentelemetry-js/compare/a0476eef3cb973bfcc0c2e41f868dd7b484c2ed8...2400d8389a4469f7a81ccd3be2f0b2c2dd6faaf7)

[Compare
Source](https://redirect.github.com/open-telemetry/opentelemetry-js/compare/a0476eef3cb973bfcc0c2e41f868dd7b484c2ed8...2400d8389a4469f7a81ccd3be2f0b2c2dd6faaf7)

</details>

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - ""
- Automerge
  - At any time (no schedule defined)

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/toeverything/AFFiNE).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xNTkuMiIsInVwZGF0ZWRJblZlciI6IjQzLjE1OS4yIiwidGFyZ2V0QnJhbmNoIjoiY2FuYXJ5IiwibGFiZWxzIjpbImRlcGVuZGVuY2llcyJdfQ==-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-05-12 16:21:10 +08:00
DarkSky db0ff0a9df feat(core): migrate more pull to realtime (#14936)
#### PR Dependency Tree


* **PR #14936** 👈

This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **Refactor**
* Consolidated realtime subscription patterns for consistent, more
reliable live updates across comments, notifications, transcription
tasks, and embedding progress.
* Standardized realtime room naming and subscription keys for
deterministic delivery.

* **New Features**
* Introduced a reusable live-query mechanism powering realtime snapshot
+ event workflows used by comments, notifications, transcript tasks, and
embedding progress.

* **Tests**
* Added tests covering live-query behavior and deterministic
subscription key generation.

[![Review Change
Stack](https://storage.googleapis.com/coderabbit_public_assets/review-stack-in-coderabbit-ui.svg)](https://app.coderabbit.ai/change-stack/toeverything/AFFiNE/pull/14936)
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-05-11 00:33:25 +08:00
DarkSky 8cf00738c2 feat(server): realtime notification & task status (#14934)
#### PR Dependency Tree


* **PR #14934** 👈

This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* Full realtime platform added: live notifications, comments, embedding
progress, and transcription task updates via realtime subscriptions.

* **Chores**
* Frontend switched from polling/GraphQL queries to realtime channels;
legacy query fields marked deprecated and client libs updated to use
realtime APIs.

[![Review Change
Stack](https://storage.googleapis.com/coderabbit_public_assets/review-stack-in-coderabbit-ui.svg)](https://app.coderabbit.ai/change-stack/toeverything/AFFiNE/pull/14934)
<!-- end of auto-generated comment: release notes by coderabbit.ai -->


#### PR Dependency Tree


* **PR #14934** 👈
  * **PR #14936**

This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)
2026-05-10 23:21:50 +08:00
DarkSky 417d31cabe fix(core): ui state (#14933)
#### PR Dependency Tree


* **PR #14933** 👈

This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **New Features**
  * Added draft tab option to AI chat interface
* Introduced "Current document" session history view in chat history
popover
  * Added control to show/hide "New Chat" button

* **Improvements**
  * Enhanced chat history preservation when switching between sessions
  * Prevented duplicate session creation requests
  * Improved message handling during session transitions and generation

[![Review Change
Stack](https://storage.googleapis.com/coderabbit_public_assets/review-stack-in-coderabbit-ui.svg)](https://app.coderabbit.ai/change-stack/toeverything/AFFiNE/pull/14933)

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-05-09 23:33:37 +08:00
DarkSky fcc45a3f44 fix(server): caldav compatibility (#14930)
fix #14411
fix #14909 

Some CalDAV servers do not implement standard responses; add
compatibility for these servers.


#### PR Dependency Tree


* **PR #14930** 👈

This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **Bug Fixes**
* Improved CalDAV discovery error handling to gracefully fall back when
the server returns certain error statuses.

* **New Features**
* CalDAV account linking now returns the number of discovered calendars
associated with the account.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-05-09 02:40:47 +08:00
DarkSky bcbde16c04 feat(server): native safe fetch (#14931) 2026-05-09 02:40:25 +08:00
DarkSky 32a94d68dc chore: add utils 2026-05-09 02:32:10 +08:00
DarkSky eb9cc22502 feat(server): refactor for byok (#14911) 2026-05-07 04:03:14 +08:00
DarkSky 1ad088398f fix(server): test & schema 2026-05-04 03:56:14 +08:00
DarkSky fa66139230 feat(server): add flag for calendar enable (#14896)
#### PR Dependency Tree


* **PR #14896** 👈

This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **New Features**
* Added configuration option to manage Google Calendar account linking
access. Administrators can now disable new account connections to
control calendar service integrations. When disabled, the Google
provider is hidden from available options and new linking attempts are
blocked, while existing accounts remain fully functional.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-05-04 03:45:49 +08:00
DarkSky 027d163921 fix(server): add embedding table repair (#14895)
fix #14894


#### PR Dependency Tree


* **PR #14895** 👈

This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **Chores**
* Improved database initialization for self-hosted deployments with
automatic creation and repair of embedding tables and indexes, applied
only when related base tables and extensions are present.
* Updated pre-deploy process to run Prisma migrations, perform
embedding-table maintenance, and execute additional data migrations as
part of setup.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-05-04 03:45:37 +08:00
DarkSky e90e3e537c fix(server): lint 2026-05-04 00:48:23 +08:00
DarkSky d64f368623 feat(server): refactor copilot (#14892)
#### PR Dependency Tree


* **PR #14892** 👈

This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)
2026-05-04 00:36:47 +08:00
Remi Huigen fa8f1a096c fix(server): allow custom R2 jurisdictional endpoint (#14848)
## Summary
This PR fixes `cloudflare-r2` storage configuration so jurisdictional R2
endpoints (for example EU buckets) work correctly.

Closes #14847

## Problem
`cloudflare-r2` currently ignores `config.endpoint` and always uses:

`https://<accountId>.r2.cloudflarestorage.com`

That breaks uploads for jurisdictional buckets that require endpoints
like:

`https://<accountId>.eu.r2.cloudflarestorage.com`

## Changes
- Updated `R2StorageProvider` endpoint resolution:
  - use `config.endpoint` when provided
- otherwise fall back to `https://${accountId}.r2.cloudflarestorage.com`
- Kept `forcePathStyle: true` behavior unchanged
- Updated validation to require `accountId` **or** `endpoint`
- Improved storage schema descriptions to mention jurisdiction endpoints
- Added focused unit tests for:
  - default account endpoint behavior
  - custom jurisdiction endpoint behavior

## Backward Compatibility
- Existing R2 configs that only provide `accountId` continue to work
exactly as before.
- New behavior only applies when a custom `config.endpoint` is
explicitly set.

## Tests
- Added: `packages/backend/server/src/base/storage/__tests__/r2.spec.ts`
- Verifies both default and custom endpoint selection paths.

_Disclaimer: parts of this PR were implemented with AI assistance._

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* Cloudflare R2 config adds an optional "jurisdiction" (EU) option and
consistent endpoint derivation for S3-compatible providers.

* **Documentation**
* Storage configuration schemas clarified: S3 endpoint is
optional/derived from region; R2 endpoint removed from schema and
jurisdiction documented.

* **Tests**
* Added tests validating R2 endpoint selection for default,
EU-jurisdiction, undefined-jurisdiction, and missing-account scenarios.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->

---------

Co-authored-by: DarkSky <25152247+darkskygit@users.noreply.github.com>
2026-05-04 00:22:51 +08:00
DarkSky 0ccfacbc29 feat(docs): migrate bs docs 2026-04-29 17:23:23 +08:00
renovate[bot] cc79fa3c6d chore: bump up opentelemetry (#14844)
This PR contains the following updates:

| Package | Change |
[Age](https://docs.renovatebot.com/merge-confidence/) |
[Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
|
[@opentelemetry/api](https://redirect.github.com/open-telemetry/opentelemetry-js/tree/main/api)
([source](https://redirect.github.com/open-telemetry/opentelemetry-js))
| [`1.9.0` →
`1.9.1`](https://renovatebot.com/diffs/npm/@opentelemetry%2fapi/1.9.0/1.9.1)
|
![age](https://developer.mend.io/api/mc/badges/age/npm/@opentelemetry%2fapi/1.9.1?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@opentelemetry%2fapi/1.9.0/1.9.1?slim=true)
|
|
[@opentelemetry/core](https://redirect.github.com/open-telemetry/opentelemetry-js/tree/main/packages/opentelemetry-core)
([source](https://redirect.github.com/open-telemetry/opentelemetry-js))
| [`2.6.0` →
`2.7.0`](https://renovatebot.com/diffs/npm/@opentelemetry%2fcore/2.6.0/2.7.0)
|
![age](https://developer.mend.io/api/mc/badges/age/npm/@opentelemetry%2fcore/2.7.0?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@opentelemetry%2fcore/2.6.0/2.7.0?slim=true)
|
|
[@opentelemetry/exporter-prometheus](https://redirect.github.com/open-telemetry/opentelemetry-js/tree/main/experimental/packages/opentelemetry-exporter-prometheus)
([source](https://redirect.github.com/open-telemetry/opentelemetry-js))
| [`^0.213.0` →
`^0.215.0`](https://renovatebot.com/diffs/npm/@opentelemetry%2fexporter-prometheus/0.213.0/0.215.0)
|
![age](https://developer.mend.io/api/mc/badges/age/npm/@opentelemetry%2fexporter-prometheus/0.215.0?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@opentelemetry%2fexporter-prometheus/0.213.0/0.215.0?slim=true)
|
|
[@opentelemetry/exporter-zipkin](https://redirect.github.com/open-telemetry/opentelemetry-js/tree/main/packages/opentelemetry-exporter-zipkin)
([source](https://redirect.github.com/open-telemetry/opentelemetry-js))
| [`2.6.0` →
`2.7.0`](https://renovatebot.com/diffs/npm/@opentelemetry%2fexporter-zipkin/2.6.0/2.7.0)
|
![age](https://developer.mend.io/api/mc/badges/age/npm/@opentelemetry%2fexporter-zipkin/2.7.0?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@opentelemetry%2fexporter-zipkin/2.6.0/2.7.0?slim=true)
|
|
[@opentelemetry/instrumentation](https://redirect.github.com/open-telemetry/opentelemetry-js/tree/main/experimental/packages/opentelemetry-instrumentation)
([source](https://redirect.github.com/open-telemetry/opentelemetry-js))
| [`^0.213.0` →
`^0.215.0`](https://renovatebot.com/diffs/npm/@opentelemetry%2finstrumentation/0.213.0/0.215.0)
|
![age](https://developer.mend.io/api/mc/badges/age/npm/@opentelemetry%2finstrumentation/0.215.0?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@opentelemetry%2finstrumentation/0.213.0/0.215.0?slim=true)
|
|
[@opentelemetry/instrumentation-graphql](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/tree/main/packages/instrumentation-graphql#readme)
([source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/tree/HEAD/packages/instrumentation-graphql))
| [`^0.61.0` →
`^0.63.0`](https://renovatebot.com/diffs/npm/@opentelemetry%2finstrumentation-graphql/0.61.0/0.63.0)
|
![age](https://developer.mend.io/api/mc/badges/age/npm/@opentelemetry%2finstrumentation-graphql/0.63.0?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@opentelemetry%2finstrumentation-graphql/0.61.0/0.63.0?slim=true)
|
|
[@opentelemetry/instrumentation-http](https://redirect.github.com/open-telemetry/opentelemetry-js/tree/main/experimental/packages/opentelemetry-instrumentation-http)
([source](https://redirect.github.com/open-telemetry/opentelemetry-js))
| [`^0.213.0` →
`^0.215.0`](https://renovatebot.com/diffs/npm/@opentelemetry%2finstrumentation-http/0.213.0/0.215.0)
|
![age](https://developer.mend.io/api/mc/badges/age/npm/@opentelemetry%2finstrumentation-http/0.215.0?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@opentelemetry%2finstrumentation-http/0.213.0/0.215.0?slim=true)
|
|
[@opentelemetry/instrumentation-ioredis](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/tree/main/packages/instrumentation-ioredis#readme)
([source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/tree/HEAD/packages/instrumentation-ioredis))
| [`^0.61.0` →
`^0.63.0`](https://renovatebot.com/diffs/npm/@opentelemetry%2finstrumentation-ioredis/0.61.0/0.63.0)
|
![age](https://developer.mend.io/api/mc/badges/age/npm/@opentelemetry%2finstrumentation-ioredis/0.63.0?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@opentelemetry%2finstrumentation-ioredis/0.61.0/0.63.0?slim=true)
|
|
[@opentelemetry/instrumentation-nestjs-core](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/tree/main/packages/instrumentation-nestjs-core#readme)
([source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/tree/HEAD/packages/instrumentation-nestjs-core))
| [`^0.59.0` →
`^0.61.0`](https://renovatebot.com/diffs/npm/@opentelemetry%2finstrumentation-nestjs-core/0.59.0/0.61.0)
|
![age](https://developer.mend.io/api/mc/badges/age/npm/@opentelemetry%2finstrumentation-nestjs-core/0.61.0?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@opentelemetry%2finstrumentation-nestjs-core/0.59.0/0.61.0?slim=true)
|
|
[@opentelemetry/instrumentation-socket.io](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/tree/main/packages/instrumentation-socket.io#readme)
([source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/tree/HEAD/packages/instrumentation-socket.io))
| [`^0.60.0` →
`^0.62.0`](https://renovatebot.com/diffs/npm/@opentelemetry%2finstrumentation-socket.io/0.60.0/0.62.0)
|
![age](https://developer.mend.io/api/mc/badges/age/npm/@opentelemetry%2finstrumentation-socket.io/0.62.0?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@opentelemetry%2finstrumentation-socket.io/0.60.0/0.62.0?slim=true)
|
|
[@opentelemetry/resources](https://redirect.github.com/open-telemetry/opentelemetry-js/tree/main/packages/opentelemetry-resources)
([source](https://redirect.github.com/open-telemetry/opentelemetry-js))
| [`2.6.0` →
`2.7.0`](https://renovatebot.com/diffs/npm/@opentelemetry%2fresources/2.6.0/2.7.0)
|
![age](https://developer.mend.io/api/mc/badges/age/npm/@opentelemetry%2fresources/2.7.0?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@opentelemetry%2fresources/2.6.0/2.7.0?slim=true)
|
|
[@opentelemetry/sdk-metrics](https://redirect.github.com/open-telemetry/opentelemetry-js/tree/main/packages/sdk-metrics)
([source](https://redirect.github.com/open-telemetry/opentelemetry-js))
| [`2.6.0` →
`2.7.0`](https://renovatebot.com/diffs/npm/@opentelemetry%2fsdk-metrics/2.6.0/2.7.0)
|
![age](https://developer.mend.io/api/mc/badges/age/npm/@opentelemetry%2fsdk-metrics/2.7.0?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@opentelemetry%2fsdk-metrics/2.6.0/2.7.0?slim=true)
|
|
[@opentelemetry/sdk-node](https://redirect.github.com/open-telemetry/opentelemetry-js/tree/main/experimental/packages/opentelemetry-sdk-node)
([source](https://redirect.github.com/open-telemetry/opentelemetry-js))
| [`^0.213.0` →
`^0.215.0`](https://renovatebot.com/diffs/npm/@opentelemetry%2fsdk-node/0.213.0/0.215.0)
|
![age](https://developer.mend.io/api/mc/badges/age/npm/@opentelemetry%2fsdk-node/0.215.0?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@opentelemetry%2fsdk-node/0.213.0/0.215.0?slim=true)
|
|
[@opentelemetry/sdk-trace-node](https://redirect.github.com/open-telemetry/opentelemetry-js/tree/main/packages/opentelemetry-sdk-trace-node)
([source](https://redirect.github.com/open-telemetry/opentelemetry-js))
| [`2.6.0` →
`2.7.0`](https://renovatebot.com/diffs/npm/@opentelemetry%2fsdk-trace-node/2.6.0/2.7.0)
|
![age](https://developer.mend.io/api/mc/badges/age/npm/@opentelemetry%2fsdk-trace-node/2.7.0?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@opentelemetry%2fsdk-trace-node/2.6.0/2.7.0?slim=true)
|

---

### Release Notes

<details>
<summary>open-telemetry/opentelemetry-js
(@&#8203;opentelemetry/api)</summary>

###
[`v1.9.1`](https://redirect.github.com/open-telemetry/opentelemetry-js/blob/HEAD/CHANGELOG.md#191)

[Compare
Source](https://redirect.github.com/open-telemetry/opentelemetry-js/compare/v1.9.0...v1.9.1)

##### 🐛 (Bug Fix)

- fix: avoid grpc types dependency
[#&#8203;3551](https://redirect.github.com/open-telemetry/opentelemetry-js/pull/3551)
[@&#8203;flarna](https://redirect.github.com/flarna)
- fix(otlp-proto-exporter-base): Match Accept header with Content-Type
in the proto exporter

[#&#8203;3562](https://redirect.github.com/open-telemetry/opentelemetry-js/pull/3562)
[@&#8203;scheler](https://redirect.github.com/scheler)
- fix: include tracestate in export
[#&#8203;3569](https://redirect.github.com/open-telemetry/opentelemetry-js/pull/3569)
[@&#8203;flarna](https://redirect.github.com/flarna)

##### 🏠 (Internal)

- chore: fix cross project links and missing implicitly exported types
[#&#8203;3533](https://redirect.github.com/open-telemetry/opentelemetry-js/pull/3533)
[@&#8203;legendecas](https://redirect.github.com/legendecas)
- feat(sdk-metrics): add exponential histogram mapping functions
[#&#8203;3504](https://redirect.github.com/open-telemetry/opentelemetry-js/pull/3504)
[@&#8203;mwear](https://redirect.github.com/mwear)

</details>

<details>
<summary>open-telemetry/opentelemetry-js-contrib
(@&#8203;opentelemetry/instrumentation-graphql)</summary>

###
[`v0.63.0`](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/blob/HEAD/packages/instrumentation-graphql/CHANGELOG.md#0630-2026-04-17)

[Compare
Source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/compare/ed97091c9890dd18e52759f2ea98e9d7593b3ae4...bd017c86bcdf369d7bc1b490e455f95b25385779)

##### Features

- **deps:** update deps matching '@&#8203;opentelemetry/\*'
([#&#8203;3479](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/3479))
([8891261](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/8891261cb590efcb661bd9f8afec4d1adf885ad8))

###
[`v0.62.0`](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/blob/HEAD/packages/instrumentation-graphql/CHANGELOG.md#0620-2026-03-25)

[Compare
Source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/compare/39f08c313dc4d929c110ab7c43771c3cdbf8aa4c...ed97091c9890dd18e52759f2ea98e9d7593b3ae4)

##### Features

- **deps:** update deps matching '@&#8203;opentelemetry/\*'
([#&#8203;3450](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/3450))
([c8df394](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/c8df394f02d68ae48a79a50258682c09dac13b8b))

</details>

<details>
<summary>open-telemetry/opentelemetry-js-contrib
(@&#8203;opentelemetry/instrumentation-ioredis)</summary>

###
[`v0.63.0`](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/blob/HEAD/packages/instrumentation-ioredis/CHANGELOG.md#0630-2026-04-17)

[Compare
Source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/compare/ed97091c9890dd18e52759f2ea98e9d7593b3ae4...bd017c86bcdf369d7bc1b490e455f95b25385779)

##### Features

- **deps:** update deps matching '@&#8203;opentelemetry/\*'
([#&#8203;3479](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/3479))
([8891261](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/8891261cb590efcb661bd9f8afec4d1adf885ad8))

##### Bug Fixes

- **redis-common:** expand redaction to include ACL, CONFIG, PSETEX,
GETSET
([#&#8203;3472](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/3472))
([39193ca](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/39193cac4124eedc9e8fa5ae16ba960b5ab7a36b))

##### Dependencies

- The following workspace dependencies were updated
  - dependencies
-
[@&#8203;opentelemetry/redis-common](https://redirect.github.com/opentelemetry/redis-common)
bumped from ^0.38.2 to ^0.38.3
  - devDependencies
-
[@&#8203;opentelemetry/contrib-test-utils](https://redirect.github.com/opentelemetry/contrib-test-utils)
bumped from ^0.61.0 to ^0.62.0

###
[`v0.62.0`](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/blob/HEAD/packages/instrumentation-ioredis/CHANGELOG.md#0620-2026-03-25)

[Compare
Source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/compare/39f08c313dc4d929c110ab7c43771c3cdbf8aa4c...ed97091c9890dd18e52759f2ea98e9d7593b3ae4)

##### Features

- **deps:** update deps matching '@&#8203;opentelemetry/\*'
([#&#8203;3450](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/3450))
([c8df394](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/c8df394f02d68ae48a79a50258682c09dac13b8b))

##### Dependencies

- The following workspace dependencies were updated
  - devDependencies
-
[@&#8203;opentelemetry/contrib-test-utils](https://redirect.github.com/opentelemetry/contrib-test-utils)
bumped from ^0.60.0 to ^0.61.0

</details>

<details>
<summary>open-telemetry/opentelemetry-js-contrib
(@&#8203;opentelemetry/instrumentation-nestjs-core)</summary>

###
[`v0.61.0`](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/blob/HEAD/packages/instrumentation-nestjs-core/CHANGELOG.md#0610-2026-04-17)

[Compare
Source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/compare/ed97091c9890dd18e52759f2ea98e9d7593b3ae4...bd017c86bcdf369d7bc1b490e455f95b25385779)

##### Features

- **deps:** update deps matching '@&#8203;opentelemetry/\*'
([#&#8203;3479](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/3479))
([8891261](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/8891261cb590efcb661bd9f8afec4d1adf885ad8))

###
[`v0.60.0`](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/blob/HEAD/packages/instrumentation-nestjs-core/CHANGELOG.md#0600-2026-03-25)

[Compare
Source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/compare/39f08c313dc4d929c110ab7c43771c3cdbf8aa4c...ed97091c9890dd18e52759f2ea98e9d7593b3ae4)

##### Features

- **deps:** update deps matching '@&#8203;opentelemetry/\*'
([#&#8203;3450](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/3450))
([c8df394](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/c8df394f02d68ae48a79a50258682c09dac13b8b))

</details>

<details>
<summary>open-telemetry/opentelemetry-js-contrib
(@&#8203;opentelemetry/instrumentation-socket.io)</summary>

###
[`v0.62.0`](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/blob/HEAD/packages/instrumentation-socket.io/CHANGELOG.md#0620-2026-04-17)

[Compare
Source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/compare/ed97091c9890dd18e52759f2ea98e9d7593b3ae4...bd017c86bcdf369d7bc1b490e455f95b25385779)

##### Features

- **deps:** update deps matching '@&#8203;opentelemetry/\*'
([#&#8203;3479](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/3479))
([8891261](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/8891261cb590efcb661bd9f8afec4d1adf885ad8))

##### Dependencies

- The following workspace dependencies were updated
  - devDependencies
-
[@&#8203;opentelemetry/contrib-test-utils](https://redirect.github.com/opentelemetry/contrib-test-utils)
bumped from ^0.61.0 to ^0.62.0

###
[`v0.61.0`](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/blob/HEAD/packages/instrumentation-socket.io/CHANGELOG.md#0610-2026-03-25)

[Compare
Source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/compare/39f08c313dc4d929c110ab7c43771c3cdbf8aa4c...ed97091c9890dd18e52759f2ea98e9d7593b3ae4)

##### Features

- **deps:** update deps matching '@&#8203;opentelemetry/\*'
([#&#8203;3450](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/3450))
([c8df394](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/c8df394f02d68ae48a79a50258682c09dac13b8b))

##### Dependencies

- The following workspace dependencies were updated
  - devDependencies
-
[@&#8203;opentelemetry/contrib-test-utils](https://redirect.github.com/opentelemetry/contrib-test-utils)
bumped from ^0.60.0 to ^0.61.0

</details>

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - At any time (no schedule defined)
- Automerge
  - At any time (no schedule defined)

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config
help](https://redirect.github.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/toeverything/AFFiNE).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMjMuOCIsInVwZGF0ZWRJblZlciI6IjQzLjEyMy44IiwidGFyZ2V0QnJhbmNoIjoiY2FuYXJ5IiwibGFiZWxzIjpbImRlcGVuZGVuY2llcyJdfQ==-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-04-19 16:20:32 +08:00
DarkSky a109f069b0 chore: bump deps 2026-04-10 11:46:14 +08:00
DarkSky c6a99eb9cb chore: bump deps (#14810)
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **Chores**
* Updated developer tooling dependencies used for local testing to newer
patch versions for improved stability.
* Bumped backend framework and related packages to newer patch releases
to address fixes and maintain compatibility.
* No functional or public API changes; updates are non-breaking
dependency version bumps.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-04-09 12:41:38 +08:00
DarkSky 5806ad8a3a fix(server): online and storage statistics (#14792)
#### PR Dependency Tree


* **PR #14792** 👈

This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* Admin dashboard returns more accurate sync and storage timelines with
carry‑forwarded minute buckets and corrected current totals.

* **Bug Fixes**
* Active-user flushes are debounced/scheduled to prevent overlapping
writes and reduce stale counts.
* Snapshot writes now retry and will skip gracefully when lock
contention prevents completion, avoiding partial snapshots.

* **Tests**
* New e2e tests cover carry‑forward behavior, no backfill outside
requested windows, and storage history accuracy.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-04-07 02:08:13 +08:00
DarkSky 193ec14ad3 feat(server): synthetic root doc (#14794) 2026-04-06 17:16:34 +08:00
DarkSky fc5329a1be fix(server): skip watch for external cal (#14788)
#### PR Dependency Tree


* **PR #14788** 👈

This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **Bug Fixes**
* Calendar subscriptions now gracefully fall back to polling when push
notifications aren’t supported, keeping syncs working.
* Affected subscriptions have webhook details cleared and are marked
with a long-lived expiration to avoid repeated webhook attempts.
* Prevents repeated retries for unsupported push channels, reducing
unnecessary errors and retries.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-04-05 16:47:25 +08:00
DarkSky ffc27af3ba fix(server): update version check (#14784)
fix #14780


#### PR Dependency Tree


* **PR #14784** 👈

This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

## Release Notes

* **Bug Fixes**
* Improved upgrade availability detection to properly compare semantic
versions, including support for prerelease and canary versions. The
system now accurately identifies when new versions are available,
ensuring users receive timely update notifications.

* **Tests**
* Added comprehensive unit tests for version comparison and upgrade
detection functionality.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-04-05 10:56:05 +08:00
DarkSky d975bf46fb feat(server): improve calendar sync queue (#14783)
#### PR Dependency Tree


* **PR #14783** 👈

This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
  * Configurable request timeout for calendar integrations.
* Calendar polling now enqueues per-subscription sync jobs (larger
batch) for improved throughput.

* **Bug Fixes / Improvements**
* Persisted next-sync timestamps and retry counts for more reliable
scheduling and retry behavior.
* Exponential backoff and webhook renewal now update scheduling
consistently.

* **Refactor**
* Calendar sync flow moved to a job-queue-driven design for better
concurrency and observability.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-04-05 10:52:18 +08:00
DarkSky 5a6c65085a feat(mobile): adapt new endpoint (#14778)
#### PR Dependency Tree


* **PR #14778** 👈

This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)
2026-04-04 20:39:42 +08:00
DarkSky 4be0cba9b5 chore(server): db health check (#14779)
#### PR Dependency Tree


* **PR #14779** 👈

This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **Chores**
* Added conditional init checks to service deployments and jobs to wait
for the database proxy before starting
* Exposed a new health port (9801) for the database proxy to enable
readiness probing

* **Tests**
  * Minor test reordering and formatting changes (no behavioral changes)
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-04-04 00:09:37 +08:00
DarkSky d3ec008b0c chore: bump deps (#14777)
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **New Features**
* Migration and config commands now feature interactive prompts for
required inputs.

* **Bug Fixes**
  * Enhanced error handling in CLI operations.

* **Chores**
  * Updated GraphQL Code Generator toolchain to v6.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-04-03 19:36:18 +08:00
DarkSky 0da32d61ae fix(server): race condition for sync (#14770)
#### PR Dependency Tree


* **PR #14770** 👈

This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

## Release Notes

* **New Features**
* Implemented batch processing for calendar synchronization to improve
performance and resource utilization.
* Added distributed locking to prevent concurrent operations in
multi-instance environments.

* **Bug Fixes**
* Improved reliability by preventing duplicate synchronization attempts.

* **Tests**
  * Enhanced test coverage for batch processing and locking mechanisms.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-04-03 03:37:09 +08:00
DarkSky 233004f867 chore: bump oxlint & enable more supported rules (#14769) 2026-04-03 03:36:52 +08:00
DarkSky 64f385817d feat(server): add perf metrics for apply update (#14736)
#### PR Dependency Tree


* **PR #14736** 👈

This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **Chores**
* Enhanced Kubernetes deployment health check configurations with
explicit timeout, period, failure threshold, and success threshold
settings for improved reliability.
* Improved document synchronization infrastructure with enhanced codec
comparison and merge update capabilities for better data consistency
handling.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-03-27 19:50:53 +08:00