fix: use absolute path in gql client (#5454 ) (#5462 )

fix(core): enable page history for beta/stable (#5415 )
fix(component): fix font display on safari (#5393 )
2026-02-04 16:44:56 +00:00 · 2023-12-29 16:02:29 +08:00 · 2023-12-27 14:39:59 +08:00 · 2023-12-27 14:39:50 +08:00 · 2023-12-26 20:43:08 +08:00 · 2023-12-26 20:42:54 +08:00
8861 changed files with 134870 additions and 820360 deletions
--- a/.cargo/config.toml
+++ b/.cargo/config.toml
@@ -1,14 +1,2 @@
 [target.x86_64-pc-windows-msvc]
 rustflags = ["-C", "target-feature=+crt-static"]
-[target.aarch64-pc-windows-msvc]
-rustflags = ["-C", "target-feature=+crt-static"]
-[target.'cfg(target_os = "linux")']
-rustflags = ["-C", "link-args=-Wl,--warn-unresolved-symbols"]
-[target.'cfg(target_os = "macos")']
-rustflags = ["-C", "link-args=-Wl,-undefined,dynamic_lookup,-no_fixup_chains", "-C", "link-args=-all_load", "-C", "link-args=-weak_framework ScreenCaptureKit"]
-# https://sourceware.org/bugzilla/show_bug.cgi?id=21032
-# https://sourceware.org/bugzilla/show_bug.cgi?id=21031
-# https://github.com/rust-lang/rust/issues/134820
-# pthread_key_create() destructors and segfault after a DSO unloading
-[target.'cfg(all(target_env = "gnu", not(target_os = "windows")))']
-rustflags = ["-C", "link-args=-Wl,-z,nodelete"]
--- a/.devcontainer/Dockerfile
+++ b/.devcontainer/Dockerfile
@@ -0,0 +1,9 @@
+FROM mcr.microsoft.com/devcontainers/base:bookworm
+
+# Install Homebrew For Linux
+RUN /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)" && \
+    eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)" && \
+    echo "eval \"\$($(brew --prefix)/bin/brew shellenv)\"" >> /home/vscode/.zshrc && \
+    echo "eval \"\$($(brew --prefix)/bin/brew shellenv)\"" >> /home/vscode/.bashrc && \
+    # Install Graphite
+    brew install withgraphite/tap/graphite && gt --version
--- a/.devcontainer/build.sh
+++ b/.devcontainer/build.sh
@@ -1,11 +1,12 @@
 #!/bin/bash
 # This is a script used by the devcontainer to build the project

+#Enable yarn
+corepack enable
+corepack prepare yarn@stable --activate
+
 # install dependencies
 yarn install

-# Build Server Dependencies
-yarn affine @affine/server-native build
-
 # Create database
-yarn affine @affine/server prisma migrate reset -f
+yarn workspace @affine/server prisma db push
--- a/.devcontainer/devcontainer.json
+++ b/.devcontainer/devcontainer.json
@@ -1,16 +1,12 @@
 // For format details, see https://aka.ms/devcontainer.json.
 {
-  "name": "AFFiNE Dev Container",
+  "name": "Debian",
  "dockerComposeFile": "docker-compose.yml",
  "service": "app",
  "workspaceFolder": "/workspaces/${localWorkspaceFolderBasename}",
-  "containerEnv": {
-    "COREPACK_ENABLE_DOWNLOAD_PROMPT": "0"
-  },
  "features": {
    "ghcr.io/devcontainers/features/node:1": {
-      "version": "lts",
-      "installYarnUsingApt": false
+      "version": "18"
    },
    "ghcr.io/devcontainers/features/rust:1": {}
  },
@@ -20,7 +16,7 @@
      "extensions": [
        "ms-playwright.playwright",
        "esbenp.prettier-vscode",
-        "dbaeumer.vscode-eslint"
+        "streetsidesoftware.code-spell-checker"
      ]
    }
  },
--- a/.devcontainer/docker-compose.yml
+++ b/.devcontainer/docker-compose.yml
@@ -2,17 +2,18 @@ version: '3.8'

 services:
  app:
-    image: mcr.microsoft.com/devcontainers/base:bookworm
+    build:
+      context: .
+      dockerfile: Dockerfile
    volumes:
      - ../..:/workspaces:cached
    command: sleep infinity
    network_mode: service:db
    environment:
      DATABASE_URL: postgresql://affine:affine@db:5432/affine
-      REDIS_SERVER_HOST: redis

  db:
-    image: pgvector/pgvector:pg16
+    image: postgres:latest
    restart: unless-stopped
    volumes:
      - postgres-data:/var/lib/postgresql/data
@@ -20,8 +21,6 @@ services:
      POSTGRES_PASSWORD: affine
      POSTGRES_USER: affine
      POSTGRES_DB: affine
-  redis:
-    image: redis

 volumes:
  postgres-data:
--- a/.devcontainer/setup-user.sh
+++ b/.devcontainer/setup-user.sh
@@ -1,9 +1,7 @@
-set -e
-
-npm install -g @withgraphite/graphite-cli@stable
-
 if [ -v GRAPHITE_TOKEN ];then
    gt auth --token $GRAPHITE_TOKEN
 fi

+git fetch
+git branch canary -t origin/canary
 gt init --trunk canary
--- a/.docker/dev/.env.example
+++ b/.docker/dev/.env.example
@@ -1,6 +0,0 @@
-# postgres major version
-DB_VERSION=16
-# database credentials
-DB_PASSWORD=affine
-DB_USERNAME=affine
-DB_DATABASE_NAME=affine
--- a/.docker/dev/.gitignore
+++ b/.docker/dev/.gitignore
@@ -1,3 +0,0 @@
-postgres
-.env
-compose.yml
--- a/.docker/dev/compose.yml.example
+++ b/.docker/dev/compose.yml.example
@@ -1,31 +0,0 @@
-name: affine_dev_services
-services:
-  postgres:
-    env_file:
-      - .env
-    image: pgvector/pgvector:pg${DB_VERSION:-16}
-    ports:
-      - 5432:5432
-    environment:
-      POSTGRES_PASSWORD: ${DB_PASSWORD}
-      POSTGRES_USER: ${DB_USERNAME}
-      POSTGRES_DB: ${DB_DATABASE_NAME}
-    volumes:
-      - postgres_data:/var/lib/postgresql/data
-
-  redis:
-    image: redis:latest
-    ports:
-      - 6379:6379
-
-  mailhog:
-    image: mailhog/mailhog:latest
-    ports:
-      - 1025:1025
-      - 8025:8025
-
-networks:
-  dev:
-
-volumes:
-  postgres_data:
--- a/.docker/selfhost/.env.example
+++ b/.docker/selfhost/.env.example
@@ -1,23 +0,0 @@
-# select a revision to deploy, available values: stable, beta, canary
-AFFINE_REVISION=stable
-
-# set the port for the server container it will expose the server on
-PORT=3010
-
-# set the host for the server for outgoing links
-# AFFINE_SERVER_HTTPS=true
-# AFFINE_SERVER_HOST=affine.yourdomain.com
-# or 
-# AFFINE_SERVER_EXTERNAL_URL=https://affine.yourdomain.com
-
-# position of the database data to persist
-DB_DATA_LOCATION=~/.affine/self-host/postgres/pgdata
-# position of the upload data(images, files, etc.) to persist
-UPLOAD_LOCATION=~/.affine/self-host/storage
-# position of the configuration files to persist
-CONFIG_LOCATION=~/.affine/self-host/config
-
-# database credentials
-DB_USERNAME=affine
-DB_PASSWORD=
-DB_DATABASE=affine
--- a/.docker/selfhost/compose.yml
+++ b/.docker/selfhost/compose.yml
@@ -1,74 +0,0 @@
-name: affine
-services:
-  affine:
-    image: ghcr.io/toeverything/affine-graphql:${AFFINE_REVISION:-stable}
-    container_name: affine_server
-    ports:
-      - '${PORT:-3010}:3010'
-    depends_on:
-      redis:
-        condition: service_healthy
-      postgres:
-        condition: service_healthy
-      affine_migration:
-        condition: service_completed_successfully
-    volumes:
-      # custom configurations
-      - ${UPLOAD_LOCATION}:/root/.affine/storage
-      - ${CONFIG_LOCATION}:/root/.affine/config
-    env_file:
-      - .env
-    environment:
-      - REDIS_SERVER_HOST=redis
-      - DATABASE_URL=postgresql://${DB_USERNAME}:${DB_PASSWORD}@postgres:5432/${DB_DATABASE:-affine}
-    restart: unless-stopped
-
-  affine_migration:
-    image: ghcr.io/toeverything/affine-graphql:${AFFINE_REVISION:-stable}
-    container_name: affine_migration_job
-    volumes:
-      # custom configurations
-      - ${UPLOAD_LOCATION}:/root/.affine/storage
-      - ${CONFIG_LOCATION}:/root/.affine/config
-    command: ['sh', '-c', 'node ./scripts/self-host-predeploy.js']
-    env_file:
-      - .env
-    environment:
-      - REDIS_SERVER_HOST=redis
-      - DATABASE_URL=postgresql://${DB_USERNAME}:${DB_PASSWORD}@postgres:5432/${DB_DATABASE:-affine}
-    depends_on:
-      postgres:
-        condition: service_healthy
-      redis:
-        condition: service_healthy
-
-  redis:
-    image: redis
-    container_name: affine_redis
-    healthcheck:
-      test: ['CMD', 'redis-cli', '--raw', 'incr', 'ping']
-      interval: 10s
-      timeout: 5s
-      retries: 5
-    restart: unless-stopped
-
-  postgres:
-    image: postgres:16
-    container_name: affine_postgres
-    volumes:
-      - ${DB_DATA_LOCATION}:/var/lib/postgresql/data
-    environment:
-      POSTGRES_USER: ${DB_USERNAME}
-      POSTGRES_PASSWORD: ${DB_PASSWORD}
-      POSTGRES_DB: ${DB_DATABASE:-affine}
-      POSTGRES_INITDB_ARGS: '--data-checksums'
-      # you better set a password for you database
-      # or you may add 'POSTGRES_HOST_AUTH_METHOD=trust' to ignore postgres security policy
-      POSTGRES_HOST_AUTH_METHOD: trust
-    healthcheck:
-      test:
-        ['CMD', 'pg_isready', '-U', "${DB_USERNAME}", '-d', "${DB_DATABASE:-affine}"]
-      interval: 10s
-      timeout: 5s
-      retries: 5
-    restart: unless-stopped
--- a/.docker/selfhost/config.example.json
+++ b/.docker/selfhost/config.example.json
@@ -1,6 +0,0 @@
-{
-  "$schema": "https://github.com/toeverything/affine/releases/latest/download/config.schema.json",
-  "server": {
-    "name": "AFFiNE Self Hosted Server"
-  }
-}
--- a/.docker/selfhost/schema.json
+++ b/.docker/selfhost/schema.json
@@ -1,883 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "title": "AFFiNE Application Configuration",
-  "type": "object",
-  "properties": {
-    "metrics": {
-      "type": "object",
-      "description": "Configuration for metrics module",
-      "properties": {
-        "enabled": {
-          "type": "boolean",
-          "description": "Enable metric and tracing collection\n@default false",
-          "default": false
-        }
-      }
-    },
-    "crypto": {
-      "type": "object",
-      "description": "Configuration for crypto module",
-      "properties": {
-        "privateKey": {
-          "type": "string",
-          "description": "The private key for used by the crypto module to create signed tokens or encrypt data.\n@default \"\"\n@environment `AFFINE_PRIVATE_KEY`",
-          "default": ""
-        }
-      }
-    },
-    "job": {
-      "type": "object",
-      "description": "Configuration for job module",
-      "properties": {
-        "queue": {
-          "type": "object",
-          "description": "The config for job queues\n@default {\"attempts\":5,\"removeOnComplete\":true,\"removeOnFail\":{\"age\":86400,\"count\":500}}\n@link https://api.docs.bullmq.io/interfaces/v5.QueueOptions.html",
-          "default": {
-            "attempts": 5,
-            "removeOnComplete": true,
-            "removeOnFail": {
-              "age": 86400,
-              "count": 500
-            }
-          }
-        },
-        "worker": {
-          "type": "object",
-          "description": "The config for job workers\n@default {}\n@link https://api.docs.bullmq.io/interfaces/v5.WorkerOptions.html",
-          "default": {}
-        },
-        "queues.copilot": {
-          "type": "object",
-          "description": "The config for copilot job queue\n@default {\"concurrency\":1}",
-          "properties": {
-            "concurrency": {
-              "type": "number"
-            }
-          },
-          "default": {
-            "concurrency": 1
-          }
-        },
-        "queues.doc": {
-          "type": "object",
-          "description": "The config for doc job queue\n@default {\"concurrency\":1}",
-          "properties": {
-            "concurrency": {
-              "type": "number"
-            }
-          },
-          "default": {
-            "concurrency": 1
-          }
-        },
-        "queues.notification": {
-          "type": "object",
-          "description": "The config for notification job queue\n@default {\"concurrency\":10}",
-          "properties": {
-            "concurrency": {
-              "type": "number"
-            }
-          },
-          "default": {
-            "concurrency": 10
-          }
-        },
-        "queues.nightly": {
-          "type": "object",
-          "description": "The config for nightly job queue\n@default {\"concurrency\":1}",
-          "properties": {
-            "concurrency": {
-              "type": "number"
-            }
-          },
-          "default": {
-            "concurrency": 1
-          }
-        }
-      }
-    },
-    "throttle": {
-      "type": "object",
-      "description": "Configuration for throttle module",
-      "properties": {
-        "enabled": {
-          "type": "boolean",
-          "description": "Whether the throttler is enabled.\n@default true",
-          "default": true
-        },
-        "throttlers.default": {
-          "type": "object",
-          "description": "The config for the default throttler.\n@default {\"ttl\":60,\"limit\":120}",
-          "default": {
-            "ttl": 60,
-            "limit": 120
-          }
-        },
-        "throttlers.strict": {
-          "type": "object",
-          "description": "The config for the strict throttler.\n@default {\"ttl\":60,\"limit\":20}",
-          "default": {
-            "ttl": 60,
-            "limit": 20
-          }
-        }
-      }
-    },
-    "websocket": {
-      "type": "object",
-      "description": "Configuration for websocket module",
-      "properties": {
-        "transports": {
-          "type": "array",
-          "description": "The enabled transports for accepting websocket traffics.\n@default [\"websocket\",\"polling\"]\n@link https://docs.nestjs.com/websockets/gateways#transports",
-          "items": {
-            "type": "string",
-            "enum": [
-              "websocket",
-              "polling"
-            ]
-          },
-          "default": [
-            "websocket",
-            "polling"
-          ]
-        },
-        "maxHttpBufferSize": {
-          "type": "number",
-          "description": "How many bytes or characters a message can be, before closing the session (to avoid DoS).\n@default 100000000",
-          "default": 100000000
-        }
-      }
-    },
-    "auth": {
-      "type": "object",
-      "description": "Configuration for auth module",
-      "properties": {
-        "allowSignup": {
-          "type": "boolean",
-          "description": "Whether allow new registrations.\n@default true",
-          "default": true
-        },
-        "requireEmailDomainVerification": {
-          "type": "boolean",
-          "description": "Whether require email domain record verification before accessing restricted resources.\n@default false",
-          "default": false
-        },
-        "requireEmailVerification": {
-          "type": "boolean",
-          "description": "Whether require email verification before accessing restricted resources(not implemented).\n@default true",
-          "default": true
-        },
-        "passwordRequirements": {
-          "type": "object",
-          "description": "The password strength requirements when set new password.\n@default {\"min\":8,\"max\":32}",
-          "properties": {
-            "min": {
-              "type": "number"
-            },
-            "max": {
-              "type": "number"
-            }
-          },
-          "default": {
-            "min": 8,
-            "max": 32
-          }
-        },
-        "session.ttl": {
-          "type": "number",
-          "description": "Application auth expiration time in seconds.\n@default 1296000",
-          "default": 1296000
-        },
-        "session.ttr": {
-          "type": "number",
-          "description": "Application auth time to refresh in seconds.\n@default 604800",
-          "default": 604800
-        }
-      }
-    },
-    "mailer": {
-      "type": "object",
-      "description": "Configuration for mailer module",
-      "properties": {
-        "SMTP.host": {
-          "type": "string",
-          "description": "Host of the email server (e.g. smtp.gmail.com)\n@default \"\"\n@environment `MAILER_HOST`",
-          "default": ""
-        },
-        "SMTP.port": {
-          "type": "number",
-          "description": "Port of the email server (they commonly are 25, 465 or 587)\n@default 465\n@environment `MAILER_PORT`",
-          "default": 465
-        },
-        "SMTP.username": {
-          "type": "string",
-          "description": "Username used to authenticate the email server\n@default \"\"\n@environment `MAILER_USER`",
-          "default": ""
-        },
-        "SMTP.password": {
-          "type": "string",
-          "description": "Password used to authenticate the email server\n@default \"\"\n@environment `MAILER_PASSWORD`",
-          "default": ""
-        },
-        "SMTP.sender": {
-          "type": "string",
-          "description": "Sender of all the emails (e.g. \"AFFiNE Team <noreply@affine.pro>\")\n@default \"\"\n@environment `MAILER_SENDER`",
-          "default": ""
-        },
-        "SMTP.ignoreTLS": {
-          "type": "boolean",
-          "description": "Whether ignore email server's TSL certification verification. Enable it for self-signed certificates.\n@default false\n@environment `MAILER_IGNORE_TLS`",
-          "default": false
-        }
-      }
-    },
-    "doc": {
-      "type": "object",
-      "description": "Configuration for doc module",
-      "properties": {
-        "experimental.yocto": {
-          "type": "boolean",
-          "description": "Use `y-octo` to merge updates at the same time when merging using Yjs.\n@default false",
-          "default": false
-        },
-        "history.interval": {
-          "type": "number",
-          "description": "The minimum time interval in milliseconds of creating a new history snapshot when doc get updated.\n@default 600000",
-          "default": 600000
-        }
-      }
-    },
-    "storages": {
-      "type": "object",
-      "description": "Configuration for storages module",
-      "properties": {
-        "avatar.publicPath": {
-          "type": "string",
-          "description": "The public accessible path prefix for user avatars.\n@default \"/api/avatars/\"",
-          "default": "/api/avatars/"
-        },
-        "avatar.storage": {
-          "type": "object",
-          "description": "The config of storage for user avatars.\n@default {\"provider\":\"fs\",\"bucket\":\"avatars\",\"config\":{\"path\":\"~/.affine/storage\"}}",
-          "oneOf": [
-            {
-              "type": "object",
-              "properties": {
-                "provider": {
-                  "type": "string",
-                  "enum": [
-                    "fs"
-                  ]
-                },
-                "bucket": {
-                  "type": "string"
-                },
-                "config": {
-                  "type": "object",
-                  "properties": {
-                    "path": {
-                      "type": "string"
-                    }
-                  }
-                }
-              }
-            },
-            {
-              "type": "object",
-              "properties": {
-                "provider": {
-                  "type": "string",
-                  "enum": [
-                    "aws-s3"
-                  ]
-                },
-                "bucket": {
-                  "type": "string"
-                },
-                "config": {
-                  "type": "object",
-                  "description": "The config for the s3 compatible storage provider. directly passed to aws-sdk client.\n@link https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/S3.html",
-                  "properties": {
-                    "credentials": {
-                      "type": "object",
-                      "description": "The credentials for the s3 compatible storage provider.",
-                      "properties": {
-                        "accessKeyId": {
-                          "type": "string"
-                        },
-                        "secretAccessKey": {
-                          "type": "string"
-                        }
-                      }
-                    }
-                  }
-                }
-              }
-            },
-            {
-              "type": "object",
-              "properties": {
-                "provider": {
-                  "type": "string",
-                  "enum": [
-                    "cloudflare-r2"
-                  ]
-                },
-                "bucket": {
-                  "type": "string"
-                },
-                "config": {
-                  "type": "object",
-                  "description": "The config for the s3 compatible storage provider. directly passed to aws-sdk client.\n@link https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/S3.html",
-                  "properties": {
-                    "credentials": {
-                      "type": "object",
-                      "description": "The credentials for the s3 compatible storage provider.",
-                      "properties": {
-                        "accessKeyId": {
-                          "type": "string"
-                        },
-                        "secretAccessKey": {
-                          "type": "string"
-                        }
-                      }
-                    },
-                    "accountId": {
-                      "type": "string",
-                      "description": "The account id for the cloudflare r2 storage provider."
-                    },
-                    "usePresignedURL": {
-                      "type": "object",
-                      "description": "The presigned url config for the cloudflare r2 storage provider.",
-                      "properties": {
-                        "enabled": {
-                          "type": "boolean",
-                          "description": "Whether to use presigned url for the cloudflare r2 storage provider."
-                        },
-                        "urlPrefix": {
-                          "type": "string",
-                          "description": "The presigned url prefix for the cloudflare r2 storage provider.\nsee https://developers.cloudflare.com/waf/custom-rules/use-cases/configure-token-authentication/ to configure it.\nExample value: \"https://storage.example.com\"\nExample rule: is_timed_hmac_valid_v0(\"your_secret\", http.request.uri, 10800, http.request.timestamp.sec, 6)"
-                        },
-                        "signKey": {
-                          "type": "string",
-                          "description": "The presigned key for the cloudflare r2 storage provider."
-                        }
-                      }
-                    }
-                  }
-                }
-              }
-            }
-          ],
-          "default": {
-            "provider": "fs",
-            "bucket": "avatars",
-            "config": {
-              "path": "~/.affine/storage"
-            }
-          }
-        },
-        "blob.storage": {
-          "type": "object",
-          "description": "The config of storage for all uploaded blobs(images, videos, etc.).\n@default {\"provider\":\"fs\",\"bucket\":\"blobs\",\"config\":{\"path\":\"~/.affine/storage\"}}",
-          "oneOf": [
-            {
-              "type": "object",
-              "properties": {
-                "provider": {
-                  "type": "string",
-                  "enum": [
-                    "fs"
-                  ]
-                },
-                "bucket": {
-                  "type": "string"
-                },
-                "config": {
-                  "type": "object",
-                  "properties": {
-                    "path": {
-                      "type": "string"
-                    }
-                  }
-                }
-              }
-            },
-            {
-              "type": "object",
-              "properties": {
-                "provider": {
-                  "type": "string",
-                  "enum": [
-                    "aws-s3"
-                  ]
-                },
-                "bucket": {
-                  "type": "string"
-                },
-                "config": {
-                  "type": "object",
-                  "description": "The config for the s3 compatible storage provider. directly passed to aws-sdk client.\n@link https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/S3.html",
-                  "properties": {
-                    "credentials": {
-                      "type": "object",
-                      "description": "The credentials for the s3 compatible storage provider.",
-                      "properties": {
-                        "accessKeyId": {
-                          "type": "string"
-                        },
-                        "secretAccessKey": {
-                          "type": "string"
-                        }
-                      }
-                    }
-                  }
-                }
-              }
-            },
-            {
-              "type": "object",
-              "properties": {
-                "provider": {
-                  "type": "string",
-                  "enum": [
-                    "cloudflare-r2"
-                  ]
-                },
-                "bucket": {
-                  "type": "string"
-                },
-                "config": {
-                  "type": "object",
-                  "description": "The config for the s3 compatible storage provider. directly passed to aws-sdk client.\n@link https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/S3.html",
-                  "properties": {
-                    "credentials": {
-                      "type": "object",
-                      "description": "The credentials for the s3 compatible storage provider.",
-                      "properties": {
-                        "accessKeyId": {
-                          "type": "string"
-                        },
-                        "secretAccessKey": {
-                          "type": "string"
-                        }
-                      }
-                    },
-                    "accountId": {
-                      "type": "string",
-                      "description": "The account id for the cloudflare r2 storage provider."
-                    },
-                    "usePresignedURL": {
-                      "type": "object",
-                      "description": "The presigned url config for the cloudflare r2 storage provider.",
-                      "properties": {
-                        "enabled": {
-                          "type": "boolean",
-                          "description": "Whether to use presigned url for the cloudflare r2 storage provider."
-                        },
-                        "urlPrefix": {
-                          "type": "string",
-                          "description": "The presigned url prefix for the cloudflare r2 storage provider.\nsee https://developers.cloudflare.com/waf/custom-rules/use-cases/configure-token-authentication/ to configure it.\nExample value: \"https://storage.example.com\"\nExample rule: is_timed_hmac_valid_v0(\"your_secret\", http.request.uri, 10800, http.request.timestamp.sec, 6)"
-                        },
-                        "signKey": {
-                          "type": "string",
-                          "description": "The presigned key for the cloudflare r2 storage provider."
-                        }
-                      }
-                    }
-                  }
-                }
-              }
-            }
-          ],
-          "default": {
-            "provider": "fs",
-            "bucket": "blobs",
-            "config": {
-              "path": "~/.affine/storage"
-            }
-          }
-        }
-      }
-    },
-    "server": {
-      "type": "object",
-      "description": "Configuration for server module",
-      "properties": {
-        "name": {
-          "type": "string",
-          "description": "A recognizable name for the server. Will be shown when connected with AFFiNE Desktop.\n@default undefined"
-        },
-        "externalUrl": {
-          "type": "string",
-          "description": "Base url of AFFiNE server, used for generating external urls.\nDefault to be `[server.protocol]://[server.host][:server.port]` if not specified.\n    \n@default \"\"\n@environment `AFFINE_SERVER_EXTERNAL_URL`",
-          "default": ""
-        },
-        "https": {
-          "type": "boolean",
-          "description": "Whether the server is hosted on a ssl enabled domain (https://).\n@default false\n@environment `AFFINE_SERVER_HTTPS`",
-          "default": false
-        },
-        "host": {
-          "type": "string",
-          "description": "Where the server get deployed(FQDN).\n@default \"localhost\"\n@environment `AFFINE_SERVER_HOST`",
-          "default": "localhost"
-        },
-        "port": {
-          "type": "number",
-          "description": "Which port the server will listen on.\n@default 3010\n@environment `AFFINE_SERVER_PORT`",
-          "default": 3010
-        },
-        "path": {
-          "type": "string",
-          "description": "Subpath where the server get deployed if there is one.(e.g. /affine)\n@default \"\"\n@environment `AFFINE_SERVER_SUB_PATH`",
-          "default": ""
-        }
-      }
-    },
-    "flags": {
-      "type": "object",
-      "description": "Configuration for flags module",
-      "properties": {
-        "earlyAccessControl": {
-          "type": "boolean",
-          "description": "Only allow users with early access features to access the app\n@default false",
-          "default": false
-        }
-      }
-    },
-    "docService": {
-      "type": "object",
-      "description": "Configuration for docService module",
-      "properties": {
-        "endpoint": {
-          "type": "string",
-          "description": "The endpoint of the doc service.\n@default \"\"\n@environment `DOC_SERVICE_ENDPOINT`",
-          "default": ""
-        }
-      }
-    },
-    "client": {
-      "type": "object",
-      "description": "Configuration for client module",
-      "properties": {
-        "versionControl.enabled": {
-          "type": "boolean",
-          "description": "Whether check version of client before accessing the server.\n@default false",
-          "default": false
-        },
-        "versionControl.requiredVersion": {
-          "type": "string",
-          "description": "Allowed version range of the app that allowed to access the server. Requires 'client/versionControl.enabled' to be true to take effect.\n@default \">=0.20.0\"",
-          "default": ">=0.20.0"
-        }
-      }
-    },
-    "captcha": {
-      "type": "object",
-      "description": "Configuration for captcha module",
-      "properties": {
-        "enabled": {
-          "type": "boolean",
-          "description": "Check captcha challenge when user authenticating the app.\n@default false",
-          "default": false
-        },
-        "config": {
-          "type": "object",
-          "description": "The config for the captcha plugin.\n@default {\"turnstile\":{\"secret\":\"\"},\"challenge\":{\"bits\":20}}",
-          "default": {
-            "turnstile": {
-              "secret": ""
-            },
-            "challenge": {
-              "bits": 20
-            }
-          }
-        }
-      }
-    },
-    "copilot": {
-      "type": "object",
-      "description": "Configuration for copilot module",
-      "properties": {
-        "enabled": {
-          "type": "boolean",
-          "description": "Whether to enable the copilot plugin.\n@default false",
-          "default": false
-        },
-        "providers.openai": {
-          "type": "object",
-          "description": "The config for the openai provider.\n@default {\"apiKey\":\"\"}\n@link https://github.com/openai/openai-node",
-          "default": {
-            "apiKey": ""
-          }
-        },
-        "providers.fal": {
-          "type": "object",
-          "description": "The config for the fal provider.\n@default {\"apiKey\":\"\"}",
-          "default": {
-            "apiKey": ""
-          }
-        },
-        "providers.gemini": {
-          "type": "object",
-          "description": "The config for the gemini provider.\n@default {\"apiKey\":\"\"}",
-          "default": {
-            "apiKey": ""
-          }
-        },
-        "providers.perplexity": {
-          "type": "object",
-          "description": "The config for the perplexity provider.\n@default {\"apiKey\":\"\"}",
-          "default": {
-            "apiKey": ""
-          }
-        },
-        "unsplash": {
-          "type": "object",
-          "description": "The config for the unsplash key.\n@default {\"key\":\"\"}",
-          "default": {
-            "key": ""
-          }
-        },
-        "storage": {
-          "type": "object",
-          "description": "The config for the storage provider.\n@default {\"provider\":\"fs\",\"bucket\":\"copilot\",\"config\":{\"path\":\"~/.affine/storage\"}}",
-          "oneOf": [
-            {
-              "type": "object",
-              "properties": {
-                "provider": {
-                  "type": "string",
-                  "enum": [
-                    "fs"
-                  ]
-                },
-                "bucket": {
-                  "type": "string"
-                },
-                "config": {
-                  "type": "object",
-                  "properties": {
-                    "path": {
-                      "type": "string"
-                    }
-                  }
-                }
-              }
-            },
-            {
-              "type": "object",
-              "properties": {
-                "provider": {
-                  "type": "string",
-                  "enum": [
-                    "aws-s3"
-                  ]
-                },
-                "bucket": {
-                  "type": "string"
-                },
-                "config": {
-                  "type": "object",
-                  "description": "The config for the s3 compatible storage provider. directly passed to aws-sdk client.\n@link https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/S3.html",
-                  "properties": {
-                    "credentials": {
-                      "type": "object",
-                      "description": "The credentials for the s3 compatible storage provider.",
-                      "properties": {
-                        "accessKeyId": {
-                          "type": "string"
-                        },
-                        "secretAccessKey": {
-                          "type": "string"
-                        }
-                      }
-                    }
-                  }
-                }
-              }
-            },
-            {
-              "type": "object",
-              "properties": {
-                "provider": {
-                  "type": "string",
-                  "enum": [
-                    "cloudflare-r2"
-                  ]
-                },
-                "bucket": {
-                  "type": "string"
-                },
-                "config": {
-                  "type": "object",
-                  "description": "The config for the s3 compatible storage provider. directly passed to aws-sdk client.\n@link https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/S3.html",
-                  "properties": {
-                    "credentials": {
-                      "type": "object",
-                      "description": "The credentials for the s3 compatible storage provider.",
-                      "properties": {
-                        "accessKeyId": {
-                          "type": "string"
-                        },
-                        "secretAccessKey": {
-                          "type": "string"
-                        }
-                      }
-                    },
-                    "accountId": {
-                      "type": "string",
-                      "description": "The account id for the cloudflare r2 storage provider."
-                    },
-                    "usePresignedURL": {
-                      "type": "object",
-                      "description": "The presigned url config for the cloudflare r2 storage provider.",
-                      "properties": {
-                        "enabled": {
-                          "type": "boolean",
-                          "description": "Whether to use presigned url for the cloudflare r2 storage provider."
-                        },
-                        "urlPrefix": {
-                          "type": "string",
-                          "description": "The presigned url prefix for the cloudflare r2 storage provider.\nsee https://developers.cloudflare.com/waf/custom-rules/use-cases/configure-token-authentication/ to configure it.\nExample value: \"https://storage.example.com\"\nExample rule: is_timed_hmac_valid_v0(\"your_secret\", http.request.uri, 10800, http.request.timestamp.sec, 6)"
-                        },
-                        "signKey": {
-                          "type": "string",
-                          "description": "The presigned key for the cloudflare r2 storage provider."
-                        }
-                      }
-                    }
-                  }
-                }
-              }
-            }
-          ],
-          "default": {
-            "provider": "fs",
-            "bucket": "copilot",
-            "config": {
-              "path": "~/.affine/storage"
-            }
-          }
-        }
-      }
-    },
-    "customerIo": {
-      "type": "object",
-      "description": "Configuration for customerIo module",
-      "properties": {
-        "enabled": {
-          "type": "boolean",
-          "description": "Enable customer.io integration\n@default false",
-          "default": false
-        },
-        "token": {
-          "type": "string",
-          "description": "Customer.io token\n@default \"\"",
-          "default": ""
-        }
-      }
-    },
-    "oauth": {
-      "type": "object",
-      "description": "Configuration for oauth module",
-      "properties": {
-        "providers.google": {
-          "type": "object",
-          "description": "Google OAuth provider config\n@default {\"clientId\":\"\",\"clientSecret\":\"\"}\n@link https://developers.google.com/identity/protocols/oauth2/web-server",
-          "properties": {
-            "clientId": {
-              "type": "string"
-            },
-            "clientSecret": {
-              "type": "string"
-            },
-            "args": {
-              "type": "object"
-            }
-          },
-          "default": {
-            "clientId": "",
-            "clientSecret": ""
-          }
-        },
-        "providers.github": {
-          "type": "object",
-          "description": "GitHub OAuth provider config\n@default {\"clientId\":\"\",\"clientSecret\":\"\"}\n@link https://docs.github.com/en/apps/oauth-apps",
-          "properties": {
-            "clientId": {
-              "type": "string"
-            },
-            "clientSecret": {
-              "type": "string"
-            },
-            "args": {
-              "type": "object"
-            }
-          },
-          "default": {
-            "clientId": "",
-            "clientSecret": ""
-          }
-        },
-        "providers.oidc": {
-          "type": "object",
-          "description": "OIDC OAuth provider config\n@default {\"clientId\":\"\",\"clientSecret\":\"\",\"issuer\":\"\",\"args\":{}}",
-          "default": {
-            "clientId": "",
-            "clientSecret": "",
-            "issuer": "",
-            "args": {}
-          }
-        }
-      }
-    },
-    "payment": {
-      "type": "object",
-      "description": "Configuration for payment module",
-      "properties": {
-        "enabled": {
-          "type": "boolean",
-          "description": "Whether enable payment plugin\n@default false",
-          "default": false
-        },
-        "showLifetimePrice": {
-          "type": "boolean",
-          "description": "Whether enable lifetime price and allow user to pay for it.\n@default true",
-          "default": true
-        },
-        "apiKey": {
-          "type": "string",
-          "description": "Stripe API key to enable payment service.\n@default \"\"\n@environment `STRIPE_API_KEY`",
-          "default": ""
-        },
-        "webhookKey": {
-          "type": "string",
-          "description": "Stripe webhook key to enable payment service.\n@default \"\"\n@environment `STRIPE_WEBHOOK_KEY`",
-          "default": ""
-        },
-        "stripe": {
-          "type": "object",
-          "description": "Stripe sdk options\n@default {}\n@link https://docs.stripe.com/api",
-          "default": {}
-        }
-      }
-    },
-    "worker": {
-      "type": "object",
-      "description": "Configuration for worker module",
-      "properties": {
-        "allowedOrigin": {
-          "type": "array",
-          "description": "Allowed origin\n@default [\"localhost\",\"127.0.0.1\"]",
-          "default": [
-            "localhost",
-            "127.0.0.1"
-          ]
-        }
-      }
-    }
-  }
-}
--- a/.env.template
+++ b/.env.template
@@ -0,0 +1,14 @@
+ENABLE_PLUGIN=
+ENABLE_TEST_PROPERTIES=
+ENABLE_BC_PROVIDER=
+CHANGELOG_URL=
+ENABLE_PRELOADING=
+ENABLE_NEW_SETTING_MODAL=
+ENABLE_SQLITE_PROVIDER=
+ENABLE_NEW_SETTING_UNSTABLE_API=
+ENABLE_NOTIFICATION_CENTER=
+ENABLE_CLOUD=
+ENABLE_MOVE_DATABASE=
+SHOULD_REPORT_TRACE=
+TRACE_REPORT_ENDPOINT=
+CAPTCHA_SITE_KEY=
--- a/.eslintignore
+++ b/.eslintignore
@@ -0,0 +1,16 @@
+node_modules
+dist
+.next
+out
+storybook-static
+affine-out
+_next
+lib
+.eslintrc.js
+e2e-dist-*
+static
+web-static
+public
+packages/common/sdk/src/*.d.ts
+packages/common/sdk/src/*.js
+packages/frontend/i18n/src/i18n-generated.ts
--- a/.eslintrc.js
+++ b/.eslintrc.js
@@ -0,0 +1,313 @@
+const { resolve } = require('node:path');
+
+const createPattern = packageName => [
+  {
+    group: ['**/dist', '**/dist/**'],
+    message: 'Do not import from dist',
+    allowTypeImports: false,
+  },
+  {
+    group: ['**/src', '**/src/**'],
+    message: 'Do not import from src',
+    allowTypeImports: false,
+  },
+  {
+    group: [`@affine/${packageName}`],
+    message: 'Do not import package itself',
+    allowTypeImports: false,
+  },
+  {
+    group: [`@toeverything/${packageName}`],
+    message: 'Do not import package itself',
+    allowTypeImports: false,
+  },
+  {
+    group: ['@blocksuite/store'],
+    message: "Import from '@blocksuite/global/utils'",
+    importNames: ['assertExists', 'assertEquals'],
+  },
+  {
+    group: ['react-router-dom'],
+    message: 'Use `useNavigateHelper` instead',
+    importNames: ['useNavigate'],
+  },
+  {
+    group: ['next-auth/react'],
+    message: "Import hooks from 'use-current-user.tsx'",
+    // useSession is type unsafe
+    importNames: ['useSession'],
+  },
+  {
+    group: ['next-auth/react'],
+    message: "Import hooks from 'cloud-utils.ts'",
+    importNames: ['signIn', 'signOut'],
+  },
+  {
+    group: ['yjs'],
+    message: 'Do not use this API because it has a bug',
+    importNames: ['mergeUpdates'],
+  },
+  {
+    group: ['@affine/env/constant'],
+    message:
+      'Do not import from @affine/env/constant. Use `environment.isDesktop` instead',
+    importNames: ['isDesktop'],
+  },
+];
+
+const allPackages = [
+  'packages/backend/server',
+  'packages/frontend/component',
+  'packages/frontend/core',
+  'packages/frontend/electron',
+  'packages/frontend/graphql',
+  'packages/frontend/hooks',
+  'packages/frontend/i18n',
+  'packages/frontend/native',
+  'packages/frontend/templates',
+  'packages/frontend/workspace',
+  'packages/common/debug',
+  'packages/common/env',
+  'packages/common/infra',
+  'packages/common/sdk',
+  'packages/common/theme',
+  'packages/common/y-indexeddb',
+  'packages/plugins/copilot',
+  'tools/cli',
+  'tests/storybook',
+];
+
+/**
+ * @type {import('eslint').Linter.Config}
+ */
+const config = {
+  root: true,
+  settings: {
+    react: {
+      version: 'detect',
+    },
+    next: {
+      rootDir: 'packages/frontend/core',
+    },
+  },
+  extends: [
+    'eslint:recommended',
+    'plugin:react-hooks/recommended',
+    'plugin:react/recommended',
+    'plugin:react/jsx-runtime',
+    'plugin:@typescript-eslint/recommended',
+    'prettier',
+  ],
+  parser: '@typescript-eslint/parser',
+  parserOptions: {
+    ecmaFeatures: {
+      globalReturn: false,
+      impliedStrict: true,
+      jsx: true,
+    },
+    ecmaVersion: 'latest',
+    sourceType: 'module',
+    project: resolve(__dirname, './tsconfig.eslint.json'),
+  },
+  plugins: [
+    'react',
+    '@typescript-eslint',
+    'simple-import-sort',
+    'sonarjs',
+    'i',
+    'unused-imports',
+    'unicorn',
+  ],
+  rules: {
+    'array-callback-return': 'error',
+    'no-undef': 'off',
+    'no-empty': 'off',
+    'no-func-assign': 'off',
+    'no-cond-assign': 'off',
+    'no-constant-binary-expression': 'error',
+    'no-constructor-return': 'error',
+    'no-self-compare': 'error',
+    eqeqeq: ['error', 'always', { null: 'ignore' }],
+    'react/prop-types': 'off',
+    'react/jsx-no-useless-fragment': 'error',
+    '@typescript-eslint/consistent-type-imports': 'error',
+    '@typescript-eslint/no-non-null-assertion': 'error',
+    '@typescript-eslint/no-explicit-any': 'off',
+    '@typescript-eslint/no-empty-function': 'off',
+    '@typescript-eslint/await-thenable': 'error',
+    '@typescript-eslint/require-array-sort-compare': 'error',
+    '@typescript-eslint/unified-signatures': 'error',
+    '@typescript-eslint/prefer-for-of': 'error',
+    '@typescript-eslint/no-unused-vars': [
+      'error',
+      {
+        varsIgnorePattern: '^_',
+        argsIgnorePattern: '^_',
+        caughtErrorsIgnorePattern: '^_',
+      },
+    ],
+    'unused-imports/no-unused-imports': 'error',
+    'simple-import-sort/imports': 'error',
+    'simple-import-sort/exports': 'error',
+    '@typescript-eslint/ban-ts-comment': [
+      'error',
+      {
+        'ts-expect-error': 'allow-with-description',
+        'ts-ignore': true,
+        'ts-nocheck': true,
+        'ts-check': false,
+      },
+    ],
+    '@typescript-eslint/no-restricted-imports': [
+      'error',
+      {
+        patterns: [
+          {
+            group: ['**/dist'],
+            message: "Don't import from dist",
+            allowTypeImports: false,
+          },
+          {
+            group: ['**/src'],
+            message: "Don't import from src",
+            allowTypeImports: false,
+          },
+          {
+            group: ['@blocksuite/store'],
+            message: "Import from '@blocksuite/global/utils'",
+            importNames: ['assertExists', 'assertEquals'],
+          },
+          {
+            group: ['react-router-dom'],
+            message: 'Use `useNavigateHelper` instead',
+            importNames: ['useNavigate'],
+          },
+          {
+            group: ['next-auth/react'],
+            message: "Import hooks from 'use-current-user.tsx'",
+            // useSession is type unsafe
+            importNames: ['useSession'],
+          },
+          {
+            group: ['next-auth/react'],
+            message: "Import hooks from 'cloud-utils.ts'",
+            importNames: ['signIn', 'signOut'],
+          },
+          {
+            group: ['yjs'],
+            message: 'Do not use this API because it has a bug',
+            importNames: ['mergeUpdates'],
+          },
+        ],
+      },
+    ],
+    'unicorn/filename-case': [
+      'error',
+      {
+        case: 'kebabCase',
+        ignore: ['^\\[[a-zA-Z0-9-_]+\\]\\.tsx$'],
+      },
+    ],
+    'unicorn/no-unnecessary-await': 'error',
+    'unicorn/no-useless-fallback-in-spread': 'error',
+    'unicorn/prefer-dom-node-dataset': 'error',
+    'unicorn/prefer-dom-node-append': 'error',
+    'unicorn/prefer-dom-node-remove': 'error',
+    'unicorn/prefer-array-some': 'error',
+    'unicorn/prefer-date-now': 'error',
+    'unicorn/prefer-blob-reading-methods': 'error',
+    'unicorn/no-typeof-undefined': 'error',
+    'unicorn/no-useless-promise-resolve-reject': 'error',
+    'unicorn/no-new-array': 'error',
+    'unicorn/new-for-builtins': 'error',
+    'sonarjs/no-all-duplicated-branches': 'error',
+    'sonarjs/no-element-overwrite': 'error',
+    'sonarjs/no-empty-collection': 'error',
+    'sonarjs/no-extra-arguments': 'error',
+    'sonarjs/no-identical-conditions': 'error',
+    'sonarjs/no-identical-expressions': 'error',
+    'sonarjs/no-ignored-return': 'error',
+    'sonarjs/no-one-iteration-loop': 'error',
+    'sonarjs/no-use-of-empty-return-value': 'error',
+    'sonarjs/non-existent-operator': 'error',
+    'sonarjs/no-collapsible-if': 'error',
+    'sonarjs/no-same-line-conditional': 'error',
+    'sonarjs/no-duplicated-branches': 'error',
+    'sonarjs/no-collection-size-mischeck': 'error',
+    'sonarjs/no-useless-catch': 'error',
+    'sonarjs/no-identical-functions': 'error',
+  },
+  overrides: [
+    {
+      files: 'packages/backend/server/**/*.ts',
+      rules: {
+        '@typescript-eslint/consistent-type-imports': 0,
+      },
+    },
+    {
+      files: '*.cjs',
+      rules: {
+        '@typescript-eslint/no-var-requires': 0,
+      },
+    },
+    ...allPackages.map(pkg => ({
+      files: [`${pkg}/src/**/*.ts`, `${pkg}/src/**/*.tsx`],
+      parserOptions: {
+        project: resolve(__dirname, './tsconfig.eslint.json'),
+      },
+      rules: {
+        '@typescript-eslint/no-restricted-imports': [
+          'error',
+          {
+            patterns: createPattern(pkg),
+          },
+        ],
+        '@typescript-eslint/no-floating-promises': [
+          'error',
+          {
+            ignoreVoid: false,
+            ignoreIIFE: false,
+          },
+        ],
+        '@typescript-eslint/no-misused-promises': ['error'],
+        '@typescript-eslint/prefer-readonly': 'error',
+        'i/no-extraneous-dependencies': ['error'],
+        'react-hooks/exhaustive-deps': [
+          'warn',
+          {
+            additionalHooks: 'useAsyncCallback',
+          },
+        ],
+      },
+    })),
+    {
+      files: [
+        '**/__tests__/**/*',
+        '**/*.stories.tsx',
+        '**/*.spec.ts',
+        '**/tests/**/*',
+        'scripts/**/*',
+        '**/benchmark/**/*',
+        '**/__debug__/**/*',
+        '**/e2e/**/*',
+      ],
+      rules: {
+        '@typescript-eslint/no-non-null-assertion': 0,
+        '@typescript-eslint/ban-ts-comment': [
+          'error',
+          {
+            'ts-expect-error': false,
+            'ts-ignore': true,
+            'ts-nocheck': true,
+            'ts-check': false,
+          },
+        ],
+        '@typescript-eslint/no-floating-promises': 0,
+        '@typescript-eslint/no-misused-promises': 0,
+        '@typescript-eslint/no-restricted-imports': 0,
+      },
+    },
+  ],
+};
+
+module.exports = config;
--- a/.github/CLA.md
+++ b/.github/CLA.md
@@ -33,6 +33,32 @@ You accept and agree to the following terms and conditions for your past, presen

 9. This Agreement will be governed by the laws of Republic of Singapore without reference to conflict of laws principles.

-## How To Sign
+## List of Contributors

-Visit https://cla-assistant.io/toeverything/AFFiNE and sign it.
+The below-signed are contributors to a code repository that is part of the project named "AFFiNE". Each below-signed contributor has read, understand and agrees to the terms above in the section within this document entitled "AFFiNE Contributor License Agreement" as of the date beside their real name (or entity name) and GitHub account name.
+
+---
+
+<!--
+Example:
+
+- Dark Sky, @darkskygit, 2022/07/22
+-->
+
+- Dark Sky, @darkskygit, 2022/07/22
+- Lin Onetwo, @linonetwo, 2022/02/14
+- zqran, @zqran, 2023/02/17
+- Alessio Gravili, @AlessioGr, 2023/03/04
+- Victor Nanka, @victornanka, 2023/03/09
+- Aditya Sharma, @adityash1, 2023/03/21
+- Fangdun Tsai, @fundon, 2023/03/21
+- Zhilin Liu, @lzlme, 2023/04/09
+- Skye Sun, @skyesun, 2023/04/14
+- Jordy Delgado, @Jdelgad8, 2023/04/17
+- Howard Do, @howarddo2208, 2023/04/20
+- 三咲智子 Kevin Deng, @sxzz, 2023/04/21
+- Moeyua, @moeyua, 2023/04/22
+- Shishu, @shishudesu, 2023/05/19
+- Kushagra Singh, @kush002, 2023/06/28
+- Sarvesh Kumar, @sarvesh521 2023/08/25
+- 微扰理论 Qinghao Huang, @wfnuser 2023/09/29
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@@ -1,2 +0,0 @@
-/blocksuite/ @toeverything/blocksuite-core
-/packages/frontend/core/src/blocksuite @toeverything/blocksuite-core
--- a/.github/ISSUE_TEMPLATE/BUG-REPORT.yml
+++ b/.github/ISSUE_TEMPLATE/BUG-REPORT.yml
@@ -1,14 +1,12 @@
 name: Bug Report
 description: File a bug report
-title: '[Bug]: '
+title: "\u200b"
 labels: ['bug']
 body:
  - type: markdown
    attributes:
      value: |
        Thanks for taking the time to fill out this bug report!
-        Check out this [link](https://github.com/toeverything/AFFiNE/blob/canary/docs/issue-triaging.md)
-        to learn how we manage issues and when your issue will be processed.
  - type: textarea
    id: what-happened
    attributes:
@@ -18,26 +16,20 @@ body:
    validations:
      required: true
  - type: dropdown
-    id: distribution
+    id: version
    attributes:
      label: Distribution version
-      description: What distribution of AFFiNE are you using?
+      description: What version of AFFiNE are you using?
      options:
        - macOS x64 (Intel)
        - macOS ARM 64 (Apple Silicon)
        - Windows x64
        - Linux
-        - Web (https://app.affine.pro)
-        - Beta Web (https://insider.affine.pro)
-        - Canary Web (https://affine.fail)
+        - Web (app.affine.pro)
+        - Web (affine.fail)
+        - Web (insider.affine.pro)
    validations:
      required: true
-  - type: input
-    id: version
-    attributes:
-      label: App Version
-      description: What version of AFFiNE are you using?
-      placeholder: (You can find AFFiNE version in [About AFFiNE] setting panel)
  - type: dropdown
    id: browsers
    attributes:
@@ -49,19 +41,6 @@ body:
        - Firefox
        - Safari
        - Other
-  - type: checkboxes
-    id: selfhost
-    attributes:
-      label: Are you self-hosting?
-      description: >
-        If you are self-hosting, please check the box and provide information about your setup.
-      options:
-        - label: 'Yes'
-  - type: input
-    id: selfhost-version
-    attributes:
-      label: Self-hosting Version
-      description: What version of AFFiNE are you selfhosting?
  - type: textarea
    id: logs
    attributes:
@@ -74,3 +53,11 @@ body:
      description: |
        Links? References? Anything that will give us more context about the issue you are encountering!
        Tip: You can attach images here
+  - type: checkboxes
+    attributes:
+      label: Are you willing to submit a PR?
+      description: >
+        (Optional) We encourage you to submit a [Pull Request](https://github.com/toeverything/affine/pulls) (PR) to help improve AFFiNE for everyone, especially if you have a good understanding of how to implement a fix or feature.
+        See the AFFiNE [Contributing Guide](https://github.com/toeverything/affine/blob/canary/CONTRIBUTING.md) to get started.
+      options:
+        - label: Yes I'd like to help by submitting a PR!
--- a/.github/ISSUE_TEMPLATE/FEATURE-REQUEST.yml
+++ b/.github/ISSUE_TEMPLATE/FEATURE-REQUEST.yml
@@ -1,8 +1,7 @@
 name: Feature Request
 description: Suggest a feature or improvement
-title: '[Feature Request]: '
+title: "\u200b"
 labels: ['feat', 'story']
-assignees: ['hwangdev97']
 body:
  - type: markdown
    attributes:
--- a/.github/actions/build-rust/action.yml
+++ b/.github/actions/build-rust/action.yml
@@ -7,10 +7,9 @@ inputs:
  package:
    description: 'Package to build'
    required: true
-  no-build:
-    description: 'Whether to skip building'
+  nx_token:
+    description: 'Nx Cloud access token'
    required: false
-    default: 'false'

 runs:
  using: 'composite'
@@ -18,74 +17,39 @@ runs:
    - name: Print rustup toolchain version
      shell: bash
      id: rustup-version
-      working-directory: ${{ env.DEV_DRIVE_WORKSPACE || github.workspace }}
      run: |
        export RUST_TOOLCHAIN_VERSION="$(grep 'channel' rust-toolchain.toml | head -1 | awk -F '"' '{print $2}')"
        echo "Rust toolchain version: $RUST_TOOLCHAIN_VERSION"
        echo "RUST_TOOLCHAIN_VERSION=$RUST_TOOLCHAIN_VERSION" >> "$GITHUB_OUTPUT"
    - name: Setup Rust
      uses: dtolnay/rust-toolchain@stable
-      if: ${{ runner.os != 'Windows' }}
      with:
        toolchain: '${{ steps.rustup-version.outputs.RUST_TOOLCHAIN_VERSION }}'
        targets: ${{ inputs.target }}
      env:
        CARGO_INCREMENTAL: '1'

-    - name: Setup Rust
-      uses: dtolnay/rust-toolchain@stable
-      if: ${{ runner.os == 'Windows' }}
-      with:
-        toolchain: '${{ steps.rustup-version.outputs.RUST_TOOLCHAIN_VERSION }}'
-        targets: ${{ inputs.target }}
-      env:
-        CARGO_INCREMENTAL: '1'
-        CARGO_HOME: ${{ env.DEV_DRIVE }}/.cargo
-        RUSTUP_HOME: ${{ env.DEV_DRIVE }}/.rustup
-
    - name: Set CC
-      if: ${{ contains(inputs.target, 'linux') && inputs.no-build != 'true' }}
-      working-directory: ${{ env.DEV_DRIVE_WORKSPACE || github.workspace }}
+      if: ${{ contains(inputs.target, 'linux') && inputs.package != '@affine/native' }}
      shell: bash
-      # https://github.com/tree-sitter/tree-sitter/issues/4186
-      # pass -D_BSD_SOURCE to clang to fix the tree-sitter build issue
      run: |
-        echo "CC=clang -D_BSD_SOURCE" >> "$GITHUB_ENV"
-        echo "TARGET_CC=clang -D_BSD_SOURCE" >> "$GITHUB_ENV"
+        echo "CC=clang" >> "$GITHUB_ENV"
+        echo "TARGET_CC=clang" >> "$GITHUB_ENV"

    - name: Cache cargo
-      uses: Swatinem/rust-cache@v2
-      if: ${{ runner.os == 'Windows' }}
+      uses: actions/cache@v3
      with:
-        workspaces: ${{ env.DEV_DRIVE_WORKSPACE }}
-        save-if: ${{ github.ref_name == 'canary' }}
-        shared-key: ${{ inputs.target }}-${{ inputs.package }}
-      env:
-        CARGO_HOME: ${{ env.DEV_DRIVE }}/.cargo
-        RUSTUP_HOME: ${{ env.DEV_DRIVE }}/.rustup
-
-    - name: Cache cargo
-      uses: Swatinem/rust-cache@v2
-      if: ${{ runner.os != 'Windows' }}
-      with:
-        save-if: ${{ github.ref_name == 'canary' }}
-        shared-key: ${{ inputs.target }}-${{ inputs.package }}
-
+        path: |
+          ~/.cargo/registry/index/
+          ~/.cargo/registry/cache/
+          ~/.cargo/git/db/
+          ~/.napi-rs
+          target/${{ inputs.target }}
+        key: stable-${{ inputs.target }}-cargo-cache
    - name: Build
      shell: bash
-      if: ${{ runner.os != 'Windows' && inputs.no-build != 'true' }}
      run: |
-        yarn workspace ${{ inputs.package }} build --target ${{ inputs.target }} --use-napi-cross
+        yarn workspace ${{ inputs.package }} nx build ${{ inputs.package }} --target ${{ inputs.target }} --use-napi-cross
      env:
+        NX_CLOUD_ACCESS_TOKEN: ${{ inputs.nx_token }}
        DEBUG: 'napi:*'
-
-    - name: Build
-      working-directory: ${{ env.DEV_DRIVE_WORKSPACE || github.workspace }}
-      shell: bash
-      if: ${{ runner.os == 'Windows' && inputs.no-build != 'true' }}
-      run: |
-        yarn workspace ${{ inputs.package }} build --target ${{ inputs.target }}
-      env:
-        DEBUG: 'napi:*'
-        CARGO_HOME: ${{ env.DEV_DRIVE }}/.cargo
-        RUSTUP_HOME: ${{ env.DEV_DRIVE }}/.rustup
--- a/.github/actions/cluster-auth/action.yml
+++ b/.github/actions/cluster-auth/action.yml
@@ -1,36 +0,0 @@
-name: 'Auth to Cluster'
-description: 'Auth to the GCP Cluster'
-inputs:
-  gcp-project-number:
-    description: 'GCP project number'
-    required: true
-  gcp-project-id:
-    description: 'GCP project id'
-    required: true
-  service-account:
-    description: 'Service account'
-  cluster-name:
-    description: 'Cluster name'
-  cluster-location:
-    description: 'Cluster location'
-
-runs:
-  using: 'composite'
-  steps:
-    - id: auth
-      uses: google-github-actions/auth@v2
-      with:
-        workload_identity_provider: 'projects/${{ inputs.gcp-project-number }}/locations/global/workloadIdentityPools/github-actions/providers/github-actions-helm-deploy'
-        service_account: '${{ inputs.service-account }}'
-        token_format: 'access_token'
-        project_id: '${{ inputs.gcp-project-id }}'
-
-    - name: 'Setup gcloud cli'
-      uses: 'google-github-actions/setup-gcloud@v2'
-      with:
-        install_components: 'gke-gcloud-auth-plugin'
-
-    - id: get-gke-credentials
-      shell: bash
-      run: |
-        gcloud container clusters get-credentials ${{ inputs.cluster-name }} --region ${{ inputs.cluster-location }} --project ${{ inputs.gcp-project-id }}
--- a/.github/actions/copilot-test/action.yml
+++ b/.github/actions/copilot-test/action.yml
@@ -1,25 +0,0 @@
-name: 'Run Copilot E2E Test'
-description: 'Run Copilot E2E Test'
-inputs:
-  script:
-    description: 'Script to run'
-    default: 'yarn affine @affine-test/affine-cloud-copilot e2e --forbid-only'
-    required: false
-
-runs:
-  using: 'composite'
-  steps:
-    - name: Server Copilot E2E Test
-      shell: bash
-      run: ${{ inputs.script }}
-      env:
-        COPILOT: true
-        DEV_SERVER_URL: http://localhost:8080
-
-    - name: Upload test results
-      if: ${{ failure() }}
-      uses: actions/upload-artifact@v4
-      with:
-        name: test-results-e2e-server-copilot
-        path: ./test-results
-        if-no-files-found: ignore
--- a/.github/actions/deploy/action.yml
+++ b/.github/actions/deploy/action.yml
@@ -24,14 +24,24 @@ runs:
      shell: bash
      run: |
        echo "GIT_SHORT_HASH=$(git rev-parse --short HEAD)" >> "$GITHUB_ENV"
-    - name: 'Auth to cluster'
-      uses: './.github/actions/cluster-auth'
+    - uses: azure/setup-helm@v3
+    - id: auth
+      uses: google-github-actions/auth@v2
      with:
-        gcp-project-number: '${{ inputs.gcp-project-number }}'
-        gcp-project-id: '${{ inputs.gcp-project-id }}'
-        service-account: '${{ inputs.service-account }}'
-        cluster-name: '${{ inputs.cluster-name }}'
-        cluster-location: '${{ inputs.cluster-location }}'
+        workload_identity_provider: 'projects/${{ inputs.gcp-project-number }}/locations/global/workloadIdentityPools/github-actions/providers/github-actions-helm-deploy'
+        service_account: '${{ inputs.service-account }}'
+        token_format: 'access_token'
+        project_id: '${{ inputs.gcp-project-id }}'
+
+    - name: 'Setup gcloud cli'
+      uses: 'google-github-actions/setup-gcloud@v2'
+      with:
+        install_components: 'gke-gcloud-auth-plugin'
+
+    - id: get-gke-credentials
+      shell: bash
+      run: |
+        gcloud container clusters get-credentials ${{ inputs.cluster-name }} --region ${{ inputs.cluster-location }} --project ${{ inputs.gcp-project-id }}

    - name: Deploy
      shell: bash
--- a/.github/actions/deploy/deploy.mjs
+++ b/.github/actions/deploy/deploy.mjs
@@ -10,106 +10,64 @@ const {
  DATABASE_USERNAME,
  DATABASE_PASSWORD,
  DATABASE_NAME,
-  GCLOUD_CONNECTION_NAME,
+  R2_ACCOUNT_ID,
+  R2_ACCESS_KEY_ID,
+  R2_SECRET_ACCESS_KEY,
+  R2_BUCKET,
+  ENABLE_CAPTCHA,
+  CAPTCHA_TURNSTILE_SECRET,
+  OAUTH_EMAIL_SENDER,
+  OAUTH_EMAIL_LOGIN,
+  OAUTH_EMAIL_PASSWORD,
+  AFFINE_GOOGLE_CLIENT_ID,
+  AFFINE_GOOGLE_CLIENT_SECRET,
  CLOUD_SQL_IAM_ACCOUNT,
-  APP_IAM_ACCOUNT,
-  REDIS_SERVER_HOST,
-  REDIS_SERVER_PASSWORD,
+  GCLOUD_CONNECTION_NAME,
+  GCLOUD_CLOUD_SQL_INTERNAL_ENDPOINT,
+  REDIS_HOST,
+  REDIS_PASSWORD,
+  STRIPE_API_KEY,
+  STRIPE_WEBHOOK_KEY,
  STATIC_IP_NAME,
 } = process.env;

+// eslint-disable-next-line @typescript-eslint/no-non-null-assertion
 const buildType = BUILD_TYPE || 'canary';

 const isProduction = buildType === 'stable';
 const isBeta = buildType === 'beta';
 const isInternal = buildType === 'internal';

-const replicaConfig = {
-  stable: {
-    web: 3,
-    graphql: Number(process.env.PRODUCTION_GRAPHQL_REPLICA) || 3,
-    sync: Number(process.env.PRODUCTION_SYNC_REPLICA) || 3,
-    renderer: Number(process.env.PRODUCTION_RENDERER_REPLICA) || 3,
-    doc: Number(process.env.PRODUCTION_DOC_REPLICA) || 3,
-  },
-  beta: {
-    web: 2,
-    graphql: Number(process.env.BETA_GRAPHQL_REPLICA) || 2,
-    sync: Number(process.env.BETA_SYNC_REPLICA) || 2,
-    renderer: Number(process.env.BETA_RENDERER_REPLICA) || 2,
-    doc: Number(process.env.BETA_DOC_REPLICA) || 2,
-  },
-  canary: {
-    web: 2,
-    graphql: 2,
-    sync: 2,
-    renderer: 2,
-    doc: 2,
-  },
-};
-
-const cpuConfig = {
-  beta: {
-    web: '300m',
-    graphql: '1',
-    sync: '1',
-    doc: '1',
-    renderer: '300m',
-  },
-  canary: {
-    web: '300m',
-    graphql: '1',
-    sync: '1',
-    doc: '1',
-    renderer: '300m',
-  },
-};
-
 const createHelmCommand = ({ isDryRun }) => {
  const flag = isDryRun ? '--dry-run' : '--atomic';
  const imageTag = `${buildType}-${GIT_SHORT_HASH}`;
  const redisAndPostgres =
    isProduction || isBeta || isInternal
      ? [
-          `--set        cloud-sql-proxy.enabled=true`,
-          `--set-string cloud-sql-proxy.database.connectionName="${GCLOUD_CONNECTION_NAME}"`,
-          `--set-string global.database.host=${DATABASE_URL}`,
+          `--set-string global.database.url=${DATABASE_URL}`,
          `--set-string global.database.user=${DATABASE_USERNAME}`,
          `--set-string global.database.password=${DATABASE_PASSWORD}`,
          `--set-string global.database.name=${DATABASE_NAME}`,
-          `--set-string global.redis.host="${REDIS_SERVER_HOST}"`,
-          `--set-string global.redis.password="${REDIS_SERVER_PASSWORD}"`,
+          `--set        global.database.gcloud.enabled=true`,
+          `--set-string global.database.gcloud.connectionName="${GCLOUD_CONNECTION_NAME}"`,
+          `--set-string global.database.gcloud.cloudSqlInternal="${GCLOUD_CLOUD_SQL_INTERNAL_ENDPOINT}"`,
+          `--set-string global.redis.host="${REDIS_HOST}"`,
+          `--set-string global.redis.password="${REDIS_PASSWORD}"`,
        ]
      : [];
-  const serviceAnnotations = [
-    `--set-json   web.serviceAccount.annotations="{ \\"iam.gke.io/gcp-service-account\\": \\"${APP_IAM_ACCOUNT}\\" }"`,
-    `--set-json   graphql.serviceAccount.annotations="{ \\"iam.gke.io/gcp-service-account\\": \\"${APP_IAM_ACCOUNT}\\" }"`,
-    `--set-json   sync.serviceAccount.annotations="{ \\"iam.gke.io/gcp-service-account\\": \\"${APP_IAM_ACCOUNT}\\" }"`,
-    `--set-json   doc.serviceAccount.annotations="{ \\"iam.gke.io/gcp-service-account\\": \\"${APP_IAM_ACCOUNT}\\" }"`,
-  ].concat(
+  const serviceAnnotations =
    isProduction || isBeta || isInternal
      ? [
-          `--set-json   web.service.annotations="{ \\"cloud.google.com/neg\\": \\"{\\\\\\"ingress\\\\\\": true}\\" }"`,
-          `--set-json   graphql.service.annotations="{ \\"cloud.google.com/neg\\": \\"{\\\\\\"ingress\\\\\\": true}\\" }"`,
-          `--set-json   sync.service.annotations="{ \\"cloud.google.com/neg\\": \\"{\\\\\\"ingress\\\\\\": true}\\" }"`,
-          `--set-json   cloud-sql-proxy.serviceAccount.annotations="{ \\"iam.gke.io/gcp-service-account\\": \\"${CLOUD_SQL_IAM_ACCOUNT}\\" }"`,
-          `--set-json   cloud-sql-proxy.nodeSelector="{ \\"iam.gke.io/gke-metadata-server-enabled\\": \\"true\\" }"`,
+          `--set-json   web.service.annotations=\"{ \\"cloud.google.com/neg\\": \\"{\\\\\\"ingress\\\\\\": true}\\" }\"`,
+          `--set-json   graphql.service.annotations=\"{ \\"cloud.google.com/neg\\": \\"{\\\\\\"ingress\\\\\\": true}\\" }\"`,
+          `--set-json   sync.service.annotations=\"{ \\"cloud.google.com/neg\\": \\"{\\\\\\"ingress\\\\\\": true}\\" }\"`,
+          `--set-json   cloud-sql-proxy.serviceAccount.annotations=\"{ \\"iam.gke.io/gcp-service-account\\": \\"${CLOUD_SQL_IAM_ACCOUNT}\\" }\"`,
+          `--set-json   cloud-sql-proxy.nodeSelector=\"{ \\"iam.gke.io/gke-metadata-server-enabled\\": \\"true\\" }\"`,
        ]
-      : []
-  );
-
-  const cpu = cpuConfig[buildType];
-  const resources = cpu
-    ? [
-        `--set        web.resources.requests.cpu="${cpu.web}"`,
-        `--set        graphql.resources.requests.cpu="${cpu.graphql}"`,
-        `--set        sync.resources.requests.cpu="${cpu.sync}"`,
-        `--set        doc.resources.requests.cpu="${cpu.doc}"`,
-      ]
-    : [];
-
-  const replica = replicaConfig[buildType] || replicaConfig.canary;
-
+      : [];
+  const webReplicaCount = isProduction ? 3 : isBeta ? 2 : 2;
+  const graphqlReplicaCount = isProduction ? 10 : isBeta ? 5 : 2;
+  const syncReplicaCount = isProduction ? 10 : isBeta ? 5 : 2;
  const namespace = isProduction
    ? 'production'
    : isBeta
@@ -117,34 +75,41 @@ const createHelmCommand = ({ isDryRun }) => {
      : isInternal
        ? 'internal'
        : 'dev';
-
+  // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
  const host = DEPLOY_HOST || CANARY_DEPLOY_HOST;
  const deployCommand = [
    `helm upgrade --install affine .github/helm/affine`,
    `--namespace  ${namespace}`,
-    `--set-string global.deployment.type="affine"`,
-    `--set-string global.deployment.platform="gcp"`,
-    `--set-string global.app.buildType="${buildType}"`,
    `--set        global.ingress.enabled=true`,
-    `--set-json   global.ingress.annotations="{ \\"kubernetes.io/ingress.class\\": \\"gce\\", \\"kubernetes.io/ingress.allow-http\\": \\"true\\", \\"kubernetes.io/ingress.global-static-ip-name\\": \\"${STATIC_IP_NAME}\\" }"`,
+    `--set-json   global.ingress.annotations=\"{ \\"kubernetes.io/ingress.class\\": \\"gce\\", \\"kubernetes.io/ingress.allow-http\\": \\"true\\", \\"kubernetes.io/ingress.global-static-ip-name\\": \\"${STATIC_IP_NAME}\\" }\"`,
    `--set-string global.ingress.host="${host}"`,
    `--set-string global.version="${APP_VERSION}"`,
    ...redisAndPostgres,
-    `--set        web.replicaCount=${replica.web}`,
+    `--set        web.replicaCount=${webReplicaCount}`,
    `--set-string web.image.tag="${imageTag}"`,
-    `--set        graphql.replicaCount=${replica.graphql}`,
+    `--set        graphql.replicaCount=${graphqlReplicaCount}`,
    `--set-string graphql.image.tag="${imageTag}"`,
    `--set        graphql.app.host=${host}`,
-    `--set        sync.replicaCount=${replica.sync}`,
+    `--set        graphql.app.captcha.enabled=${ENABLE_CAPTCHA}`,
+    `--set-string graphql.app.captcha.turnstile.secret="${CAPTCHA_TURNSTILE_SECRET}"`,
+    `--set        graphql.app.objectStorage.r2.enabled=true`,
+    `--set-string graphql.app.objectStorage.r2.accountId="${R2_ACCOUNT_ID}"`,
+    `--set-string graphql.app.objectStorage.r2.accessKeyId="${R2_ACCESS_KEY_ID}"`,
+    `--set-string graphql.app.objectStorage.r2.secretAccessKey="${R2_SECRET_ACCESS_KEY}"`,
+    `--set-string graphql.app.objectStorage.r2.bucket="${R2_BUCKET}"`,
+    `--set-string graphql.app.oauth.email.sender="${OAUTH_EMAIL_SENDER}"`,
+    `--set-string graphql.app.oauth.email.login="${OAUTH_EMAIL_LOGIN}"`,
+    `--set-string graphql.app.oauth.email.password="${OAUTH_EMAIL_PASSWORD}"`,
+    `--set-string graphql.app.oauth.google.enabled=true`,
+    `--set-string graphql.app.oauth.google.clientId="${AFFINE_GOOGLE_CLIENT_ID}"`,
+    `--set-string graphql.app.oauth.google.clientSecret="${AFFINE_GOOGLE_CLIENT_SECRET}"`,
+    `--set-string graphql.app.payment.stripe.apiKey="${STRIPE_API_KEY}"`,
+    `--set-string graphql.app.payment.stripe.webhookKey="${STRIPE_WEBHOOK_KEY}"`,
+    `--set        graphql.app.experimental.enableJwstCodec=true`,
+    `--set        graphql.app.features.earlyAccessPreview=false`,
+    `--set        sync.replicaCount=${syncReplicaCount}`,
    `--set-string sync.image.tag="${imageTag}"`,
-    `--set-string renderer.image.tag="${imageTag}"`,
-    `--set        renderer.app.host=${host}`,
-    `--set        renderer.replicaCount=${replica.renderer}`,
-    `--set-string doc.image.tag="${imageTag}"`,
-    `--set        doc.app.host=${host}`,
-    `--set        doc.replicaCount=${replica.doc}`,
    ...serviceAnnotations,
-    ...resources,
    `--timeout 10m`,
    flag,
  ].join(' ');
--- a/.github/actions/download-core/action.yml
+++ b/.github/actions/download-core/action.yml
@@ -0,0 +1,22 @@
+name: 'Download core artifacts'
+description: 'Download core artifacts and extract to dist'
+inputs:
+  path:
+    description: 'Path to extract'
+    required: true
+
+runs:
+  using: 'composite'
+  steps:
+    - name: Download tar.gz
+      uses: actions/download-artifact@v3
+      with:
+        name: core
+        path: .
+
+    - name: Extract core artifacts
+      shell: bash
+      run: |
+        mkdir -p ${{ inputs.path }}
+        tar -xvf dist.tar.gz --directory ${{ inputs.path }}
+        rm dist.tar.gz
--- a/.github/actions/download-web/action.yml
+++ b/.github/actions/download-web/action.yml
@@ -1,22 +0,0 @@
-name: 'Download core artifacts'
-description: 'Download core artifacts and extract to dist'
-inputs:
-  path:
-    description: 'Path to extract'
-    required: true
-
-runs:
-  using: 'composite'
-  steps:
-    - name: Download tar.gz
-      uses: actions/download-artifact@v4
-      with:
-        name: web
-        path: .
-
-    - name: Extract core artifacts
-      shell: bash
-      run: |
-        mkdir -p ${{ inputs.path }}
-        tar -xvf dist.tar.gz --directory ${{ inputs.path }}
-        rm dist.tar.gz
--- a/.github/actions/server-test-env/action.yml
+++ b/.github/actions/server-test-env/action.yml
@@ -1,31 +0,0 @@
-name: 'Prepare Server Test Environment'
-description: 'Prepare Server Test Environment'
-
-runs:
-  using: 'composite'
-  steps:
-    - name: Initialize database
-      shell: bash
-      run: |
-        psql -h localhost -U postgres -c "CREATE DATABASE affine;"
-        psql -h localhost -U postgres -c "CREATE USER affine WITH PASSWORD 'affine';"
-        psql -h localhost -U postgres -c "ALTER USER affine WITH SUPERUSER;"
-      env:
-        PGPASSWORD: affine
-
-    - name: Run init-db script
-      shell: bash
-      env:
-        NODE_ENV: test
-      run: |
-        yarn affine @affine/server prisma generate
-        yarn affine @affine/server prisma migrate deploy
-        yarn affine @affine/server data-migration run
-    - name: Import config
-      shell: bash
-      run: |
-        printf '{"copilot":{"enabled":true,"providers.fal":{"apiKey":"%s"},"providers.gemini":{"apiKey":"%s"},"providers.openai":{"apiKey":"%s"},"providers.perplexity":{"apiKey":"%s"}}}' \
-        "$COPILOT_FAL_API_KEY" \
-        "$COPILOT_GOOGLE_API_KEY" \
-        "$COPILOT_OPENAI_API_KEY" \
-        "$COPILOT_PERPLEXITY_API_KEY" > ./packages/backend/server/config.json
--- a/.github/actions/setup-node/action.yml
+++ b/.github/actions/setup-node/action.yml
@@ -13,22 +13,22 @@ inputs:
    description: 'Run the install step for Playwright.'
    required: false
    default: 'false'
-  playwright-platform:
-    description: 'The platform to install Playwright for.'
-    required: false
-    default: 'chromium,webkit'
  electron-install:
    description: 'Download the Electron binary'
    required: false
    default: 'true'
-  corepack-install:
-    description: 'Install CorePack'
-    required: false
-    default: 'false'
  hard-link-nm:
    description: 'set nmMode to hardlinks-local in .yarnrc.yml'
    required: false
    default: 'true'
+  build-infra:
+    description: 'Build infra'
+    required: false
+    default: 'true'
+  build-plugins:
+    description: 'Build plugins'
+    required: false
+    default: 'true'
  nmHoistingLimits:
    description: 'Set nmHoistingLimits in .yarnrc.yml'
    required: false
@@ -39,19 +39,10 @@ inputs:
  full-cache:
    description: 'Full installation cache'
    required: false
+
 runs:
  using: 'composite'
  steps:
-    - name: Output workspace path
-      id: workspace-path
-      shell: bash
-      run: |
-        if [ -n "${{ env.DEV_DRIVE_WORKSPACE }}" ]; then
-          echo "workspace_path=${{ env.DEV_DRIVE_WORKSPACE }}" >> $GITHUB_OUTPUT
-        else
-          echo "workspace_path=${{ github.workspace }}" >> $GITHUB_OUTPUT
-        fi
-
    - name: Setup Node.js
      uses: actions/setup-node@v4
      with:
@@ -59,80 +50,78 @@ runs:
        registry-url: https://npm.pkg.github.com
        scope: '@toeverything'

-    - uses: kenchan0130/actions-system-info@master
-      id: system-info
-
-    - name: Init CorePack
-      if: ${{ inputs.corepack-install == 'true' }}
-      shell: bash
-      working-directory: ${{ steps.workspace-path.outputs.workspace_path }}
-      run: corepack enable
-
    - name: Set nmMode
      if: ${{ inputs.hard-link-nm == 'false' }}
      shell: bash
-      working-directory: ${{ steps.workspace-path.outputs.workspace_path }}
      run: yarn config set nmMode classic

    - name: Set nmHoistingLimits
      if: ${{ inputs.nmHoistingLimits }}
      shell: bash
-      working-directory: ${{ steps.workspace-path.outputs.workspace_path }}
      run: yarn config set nmHoistingLimits ${{ inputs.nmHoistingLimits }}

    - name: Set enableScripts
      if: ${{ inputs.enableScripts == 'false' }}
      shell: bash
-      working-directory: ${{ steps.workspace-path.outputs.workspace_path }}
      run: yarn config set enableScripts false

    - name: Set yarn global cache path
      shell: bash
      id: yarn-cache
-      working-directory: ${{ steps.workspace-path.outputs.workspace_path }}
      run: node -e "const p = $(yarn config cacheFolder --json).effective; console.log('yarn_global_cache=' + p)" >> $GITHUB_OUTPUT

    - name: Cache non-full yarn cache on Linux
-      uses: actions/cache@v4
+      uses: actions/cache@v3
      if: ${{ inputs.full-cache != 'true' && runner.os == 'Linux' }}
      with:
        path: |
-          ${{ steps.workspace-path.outputs.workspace_path }}/node_modules
+          node_modules
          ${{ steps.yarn-cache.outputs.yarn_global_cache }}
-        key: node_modules-cache-${{ github.job }}-${{ runner.os }}-${{ runner.arch }}-${{ steps.system-info.outputs.name }}-${{ steps.system-info.outputs.release }}-${{ steps.system-info.outputs.version }}
+        key: node_modules-cache-${{ github.job }}-${{ runner.os }}

    # The network performance on macOS is very poor
    # and the decompression performance on Windows is very terrible
    # so we reduce the number of cached files on non-Linux systems by remove node_modules from cache path.
    - name: Cache non-full yarn cache on non-Linux
-      uses: actions/cache@v4
+      uses: actions/cache@v3
      if: ${{ inputs.full-cache != 'true' && runner.os != 'Linux' }}
      with:
        path: |
          ${{ steps.yarn-cache.outputs.yarn_global_cache }}
-        key: node_modules-cache-${{ github.job }}-${{ runner.os }}-${{ runner.arch }}-${{ steps.system-info.outputs.name }}-${{ steps.system-info.outputs.release }}-${{ steps.system-info.outputs.version }}
+        key: node_modules-cache-${{ github.job }}-${{ runner.os }}

    - name: Cache full yarn cache on Linux
-      uses: actions/cache@v4
+      uses: actions/cache@v3
      if: ${{ inputs.full-cache == 'true' && runner.os == 'Linux' }}
      with:
        path: |
          node_modules
          ${{ steps.yarn-cache.outputs.yarn_global_cache }}
-        key: node_modules-cache-full-${{ runner.os }}-${{ runner.arch }}-${{ steps.system-info.outputs.name }}-${{ steps.system-info.outputs.release }}-${{ steps.system-info.outputs.version }}
+        key: node_modules-cache-full-${{ runner.os }}

    - name: Cache full yarn cache on non-Linux
-      uses: actions/cache@v4
+      uses: actions/cache@v3
      if: ${{ inputs.full-cache == 'true' && runner.os != 'Linux' }}
      with:
        path: |
          ${{ steps.yarn-cache.outputs.yarn_global_cache }}
-        key: node_modules-cache-full-${{ runner.os }}-${{ runner.arch }}-${{ steps.system-info.outputs.name }}-${{ steps.system-info.outputs.release }}-${{ steps.system-info.outputs.version }}
+        key: node_modules-cache-full-${{ runner.os }}

    - name: yarn install
      if: ${{ inputs.package-install == 'true' }}
+      continue-on-error: true
+      shell: bash
+      run: yarn ${{ inputs.extra-flags }}
+      env:
+        HUSKY: '0'
+        PLAYWRIGHT_SKIP_BROWSER_DOWNLOAD: '1'
+        ELECTRON_SKIP_BINARY_DOWNLOAD: '1'
+        SENTRYCLI_SKIP_DOWNLOAD: '1'
+        DEBUG: '*'
+
+    - name: yarn install (try again)
+      if: ${{ steps.install.outcome == 'failure' }}
      shell: bash
-      working-directory: ${{ steps.workspace-path.outputs.workspace_path }}
      run: yarn ${{ inputs.extra-flags }}
      env:
        HUSKY: '0'
@@ -145,7 +134,6 @@ runs:
      id: playwright-version
      if: ${{ inputs.playwright-install == 'true' }}
      shell: bash
-      working-directory: ${{ steps.workspace-path.outputs.workspace_path }}
      run: echo "version=$(yarn why --json @playwright/test | grep -h 'workspace:.' | jq --raw-output '.children[].locator' | sed -e 's/@playwright\/test@.*://' | head -n 1)" >> $GITHUB_OUTPUT

      # Attempt to restore the correct Playwright browser binaries based on the
@@ -154,12 +142,12 @@ runs:
      # Note: Playwright's cache directory is hard coded because that's what it
      # says to do in the docs. There doesn't appear to be a command that prints
      # it out for us.
-    - uses: actions/cache@v4
+    - uses: actions/cache@v3
      id: playwright-cache
      if: ${{ inputs.playwright-install == 'true' }}
      with:
-        path: ${{ steps.workspace-path.outputs.workspace_path }}/node_modules/.cache/ms-playwright
-        key: '${{ runner.os }}-${{ runner.arch }}-${{ steps.system-info.outputs.name }}-${{ steps.system-info.outputs.release }}-${{ steps.system-info.outputs.version }}-playwright-${{ steps.playwright-version.outputs.version }}'
+        path: ${{ github.workspace }}/node_modules/.cache/ms-playwright
+        key: '${{ runner.os }}-playwright-${{ steps.playwright-version.outputs.version }}'
        # As a fallback, if the Playwright version has changed, try use the
        # most recently cached version. There's a good chance that at least one
        # of the browser binary versions haven't been updated, so Playwright can
@@ -169,44 +157,46 @@ runs:
        # date cache, but still let Playwright decide if it needs to download
        # new binaries or not.
        restore-keys: |
-          ${{ runner.os }}-${{ runner.arch }}-${{ steps.system-info.outputs.name }}-${{ steps.system-info.outputs.release }}-${{ steps.system-info.outputs.version }}-playwright-
+          ${{ runner.os }}-playwright-

    # If the Playwright browser binaries weren't able to be restored, we tell
    # playwright to install everything for us.
    - name: Install Playwright's dependencies
      shell: bash
      if: inputs.playwright-install == 'true'
-      run: yarn playwright install --with-deps $(echo "${{ inputs.playwright-platform }}" | tr ',' ' ')
-      working-directory: ${{ steps.workspace-path.outputs.workspace_path }}
+      run: yarn playwright install --with-deps chromium
      env:
-        PLAYWRIGHT_BROWSERS_PATH: ${{ steps.workspace-path.outputs.workspace_path }}/node_modules/.cache/ms-playwright
+        PLAYWRIGHT_BROWSERS_PATH: ${{ github.workspace }}/node_modules/.cache/ms-playwright

    - name: Get installed Electron version
      id: electron-version
      if: ${{ inputs.electron-install == 'true' }}
-      working-directory: ${{ steps.workspace-path.outputs.workspace_path }}
      shell: bash
      run: |
        echo "version=$(yarn why --json electron | grep -h 'workspace:.' | jq --raw-output '.children[].locator' | sed -e 's/@playwright\/test@.*://' | head -n 1)" >> $GITHUB_OUTPUT

-    - uses: actions/cache@v4
+    - uses: actions/cache@v3
      id: electron-cache
      if: ${{ inputs.electron-install == 'true' }}
      with:
-        path: ${{ steps.workspace-path.outputs.workspace_path }}/node_modules/.cache/electron
-        key: '${{ runner.os }}-${{ runner.arch }}-${{ steps.system-info.outputs.name }}-${{ steps.system-info.outputs.release }}-${{ steps.system-info.outputs.version }}-electron-${{ steps.electron-version.outputs.version }}'
+        path: 'node_modules/.cache/electron'
+        key: '${{ runner.os }}-electron-${{ steps.electron-version.outputs.version }}'
        restore-keys: |
-          ${{ runner.os }}-${{ runner.arch }}-${{ steps.system-info.outputs.name }}-${{ steps.system-info.outputs.release }}-${{ steps.system-info.outputs.version }}-electron-
+          ${{ runner.os }}-electron-

    - name: Install Electron binary
      shell: bash
      if: inputs.electron-install == 'true'
      run: node ./node_modules/electron/install.js
-      working-directory: ${{ steps.workspace-path.outputs.workspace_path }}
      env:
-        electron_config_cache: ${{ steps.workspace-path.outputs.workspace_path }}/node_modules/.cache/electron
+        electron_config_cache: ./node_modules/.cache/electron

-    - name: Write PLAYWRIGHT_BROWSERS_PATH env
+    - name: Build Infra
      shell: bash
-      run: |
-        echo "PLAYWRIGHT_BROWSERS_PATH=${{ steps.workspace-path.outputs.workspace_path }}/node_modules/.cache/ms-playwright" >> $GITHUB_ENV
+      if: inputs.build-infra == 'true'
+      run: yarn run build:infra
+
+    - name: Build Plugins
+      if: inputs.build-plugins == 'true'
+      shell: bash
+      run: yarn run build:plugins
--- a/.github/actions/setup-version/action.yml
+++ b/.github/actions/setup-version/action.yml
@@ -17,7 +17,7 @@ runs:
          PACKAGE_VERSION=$(node -p "require('./package.json').version")
          TIME_VERSION=$(date +%Y%m%d%H%M)
          GIT_SHORT_HASH=$(git rev-parse --short HEAD)
-          APP_VERSION=$PACKAGE_VERSION-nightly-$GIT_SHORT_HASH
+          APP_VERSION=$PACKAGE_VERSION-nightly-$TIME_VERSION-$GIT_SHORT_HASH
        fi
        echo $APP_VERSION
        echo "APP_VERSION=$APP_VERSION" >> "$GITHUB_OUTPUT"
--- a/.github/deployment/front/Dockerfile
+++ b/.github/deployment/front/Dockerfile
@@ -1,8 +1,6 @@
-FROM openresty/openresty:1.27.1.1-0-buster
+FROM openresty/openresty:1.21.4.1-0-buster
 WORKDIR /app
-COPY ./packages/frontend/apps/web/dist ./dist
-COPY ./packages/frontend/admin/dist ./admin
-COPY ./packages/frontend/apps/mobile/dist ./mobile
+COPY ./packages/frontend/core/dist ./dist
 COPY ./.github/deployment/front/nginx.conf /usr/local/openresty/nginx/conf/nginx.conf
 COPY ./.github/deployment/front/affine.nginx.conf /etc/nginx/conf.d/affine.nginx.conf

--- a/.github/deployment/front/affine.nginx.conf
+++ b/.github/deployment/front/affine.nginx.conf
@@ -1,42 +1,13 @@
 server {
-  listen 8080;
-  location /admin {
-    root /app/;
-    index index.html;
-    try_files $uri/index.html $uri/ $uri /admin/index.html;
-  }
+    listen 8080;
+    root /app/dist;

-  set $app_root_path /app/dist/;
-  set $mobile_root /app/dist/;
-  set_by_lua $affine_env 'return os.getenv("AFFINE_ENV")';
+    location / {
+        try_files $uri $uri/ /index.html;
+    }

-  if ($affine_env = "dev") {
-    set $mobile_root /app/mobile/;
-  }
-
-  # https://gist.github.com/mariusom/6683dc52b1cad1a1f372e908bdb209d0
-  if ($http_user_agent ~* "(android|bb\d+|meego).+mobile|avantgo|bada\/|blackberry|blazer|compal|elaine|fennec|hiptop|iemobile|ip(hone|od)|iris|kindle|lge |maemo|midp|mmp|mobile.+firefox|netfront|opera m(ob|in)i|palm( os)?|phone|p(ixi|re)\/|plucker|pocket|psp|series(4|6)0|symbian|treo|up\.(browser|link)|vodafone|wap|windows ce|xda|xiino") {
-    set $app_root_path $mobile_root;
-  }
-
-  if ($http_user_agent ~* "^(1207|6310|6590|3gso|4thp|50[1-6]i|770s|802s|a wa|abac|ac(er|oo|s\-)|ai(ko|rn)|al(av|ca|co)|amoi|an(ex|ny|yw)|aptu|ar(ch|go)|as(te|us)|attw|au(di|\-m|r |s )|avan|be(ck|ll|nq)|bi(lb|rd)|bl(ac|az)|br(e|v)w|bumb|bw\-(n|u)|c55\/|capi|ccwa|cdm\-|cell|chtm|cldc|cmd\-|co(mp|nd)|craw|da(it|ll|ng)|dbte|dc\-s|devi|dica|dmob|do(c|p)o|ds(12|\-d)|el(49|ai)|em(l2|ul)|er(ic|k0)|esl8|ez([4-7]0|os|wa|ze)|fetc|fly(\-|_)|g1 u|g560|gene|gf\-5|g\-mo|go(\.w|od)|gr(ad|un)|haie|hcit|hd\-(m|p|t)|hei\-|hi(pt|ta)|hp( i|ip)|hs\-c|ht(c(\-| |_|a|g|p|s|t)|tp)|hu(aw|tc)|i\-(20|go|ma)|i230|iac( |\-|\/)|ibro|idea|ig01|ikom|im1k|inno|ipaq|iris|ja(t|v)a|jbro|jemu|jigs|kddi|keji|kgt( |\/)|klon|kpt |kwc\-|kyo(c|k)|le(no|xi)|lg( g|\/(k|l|u)|50|54|\-[a-w])|libw|lynx|m1\-w|m3ga|m50\/|ma(te|ui|xo)|mc(01|21|ca)|m\-cr|me(rc|ri)|mi(o8|oa|ts)|mmef|mo(01|02|bi|de|do|t(\-| |o|v)|zz)|mt(50|p1|v )|mwbp|mywa|n10[0-2]|n20[2-3]|n30(0|2)|n50(0|2|5)|n7(0(0|1)|10)|ne((c|m)\-|on|tf|wf|wg|wt)|nok(6|i)|nzph|o2im|op(ti|wv)|oran|owg1|p800|pan(a|d|t)|pdxg|pg(13|\-([1-8]|c))|phil|pire|pl(ay|uc)|pn\-2|po(ck|rt|se)|prox|psio|pt\-g|qa\-a|qc(07|12|21|32|60|\-[2-7]|i\-)|qtek|r380|r600|raks|rim9|ro(ve|zo)|s55\/|sa(ge|ma|mm|ms|ny|va)|sc(01|h\-|oo|p\-)|sdk\/|se(c(\-|0|1)|47|mc|nd|ri)|sgh\-|shar|sie(\-|m)|sk\-0|sl(45|id)|sm(al|ar|b3|it|t5)|so(ft|ny)|sp(01|h\-|v\-|v )|sy(01|mb)|t2(18|50)|t6(00|10|18)|ta(gt|lk)|tcl\-|tdg\-|tel(i|m)|tim\-|t\-mo|to(pl|sh)|ts(70|m\-|m3|m5)|tx\-9|up(\.b|g1|si)|utst|v400|v750|veri|vi(rg|te)|vk(40|5[0-3]|\-v)|vm40|voda|vulc|vx(52|53|60|61|70|80|81|83|85|98)|w3c(\-| )|webc|whit|wi(g |nc|nw)|wmlb|wonu|x700|yas\-|your|zeto|zte\-)") {
-    set $app_root_path $mobile_root;
-  }
-
-  location ~ ^/(_plugin|assets|imgs|js|plugins|static)/ {
-    root $app_root_path;
-    try_files $uri $uri/ =404;
-  }
-
-  location / {
-    root $app_root_path;
-    index index.html;
-    try_files $uri $uri/ /index.html;
-    add_header Cache-Control "private, no-cache, no-store, max-age=0, must-revalidate";
-  }
-
-  error_page 404 /404.html;
-  location = /404.html {
-    internal;
-  }
+    error_page 404 /404.html;
+    location = /404.html {
+        internal;
+    }
 }
--- a/.github/deployment/front/nginx.conf
+++ b/.github/deployment/front/nginx.conf
@@ -1,15 +1,14 @@
-worker_processes 4;
+worker_processes  4;
 error_log /var/log/nginx/error.log warn;
 pcre_jit on;
-env AFFINE_ENV;
 events {
-  worker_connections 1024;
+    worker_connections 1024;
 }
 http {
-  include mime.types;
-  log_format main '$remote_addr [$time_local] "$request" '
-  '$status $body_bytes_sent "$http_referer" '
-  '"$http_user_agent" "$http_x_forwarded_for"';
-  access_log /var/log/nginx/access.log main;
-  include /etc/nginx/conf.d/*.conf;
+    include       mime.types;
+    log_format    main  '$remote_addr [$time_local] "$request" '
+                        '$status $body_bytes_sent "$http_referer" '
+                        '"$http_user_agent" "$http_x_forwarded_for"';
+    access_log    /var/log/nginx/access.log  main;
+    include /etc/nginx/conf.d/*.conf;
 }
--- a/.github/deployment/node/Dockerfile
+++ b/.github/deployment/node/Dockerfile
@@ -1,13 +1,10 @@
-FROM node:22-bookworm-slim
+FROM node:18-bookworm-slim

 COPY ./packages/backend/server /app
-COPY ./packages/frontend/apps/web/dist /app/static
-COPY ./packages/frontend/admin/dist /app/static/admin
-COPY ./packages/frontend/apps/mobile/dist /app/static/mobile
 WORKDIR /app

 RUN apt-get update && \
  apt-get install -y --no-install-recommends openssl && \
  rm -rf /var/lib/apt/lists/*

-CMD ["node", "--import", "./scripts/register.js", "./dist/index.js"]
+CMD ["node", "--es-module-specifier-resolution=node", "./dist/index.js"]
--- a/.github/deployment/self-host/compose.yaml
+++ b/.github/deployment/self-host/compose.yaml
@@ -1,60 +0,0 @@
-services:
-  affine:
-    image: ghcr.io/toeverything/affine-graphql:stable
-    container_name: affine_selfhosted
-    command:
-      ['sh', '-c', 'node ./scripts/self-host-predeploy && node ./dist/index.js']
-    ports:
-      - '3010:3010'
-      - '5555:5555'
-    depends_on:
-      redis:
-        condition: service_healthy
-      postgres:
-        condition: service_healthy
-    volumes:
-      # custom configurations
-      - ~/.affine/self-host/config:/root/.affine/config
-      # blob storage
-      - ~/.affine/self-host/storage:/root/.affine/storage
-    logging:
-      driver: 'json-file'
-      options:
-        max-size: '1000m'
-    restart: unless-stopped
-    environment:
-      - NODE_OPTIONS="--import=./scripts/register.js"
-      - AFFINE_CONFIG_PATH=/root/.affine/config
-      - REDIS_SERVER_HOST=redis
-      - DATABASE_URL=postgres://affine:affine@postgres:5432/affine
-      - NODE_ENV=production
-      # Telemetry allows us to collect data on how you use the affine. This data will helps us improve the app and provide better features.
-      # Uncomment next line if you wish to quit telemetry.
-      # - TELEMETRY_ENABLE=false
-  redis:
-    image: redis
-    container_name: affine_redis
-    restart: unless-stopped
-    volumes:
-      - ~/.affine/self-host/redis:/data
-    healthcheck:
-      test: ['CMD', 'redis-cli', '--raw', 'incr', 'ping']
-      interval: 10s
-      timeout: 5s
-      retries: 5
-  postgres:
-    image: postgres:16
-    container_name: affine_postgres
-    restart: unless-stopped
-    volumes:
-      - ~/.affine/self-host/postgres:/var/lib/postgresql/data
-    healthcheck:
-      test: ['CMD-SHELL', 'pg_isready -U affine']
-      interval: 10s
-      timeout: 5s
-      retries: 5
-    environment:
-      POSTGRES_USER: affine
-      POSTGRES_PASSWORD: affine
-      POSTGRES_DB: affine
-      PGDATA: /var/lib/postgresql/data/pgdata
--- a/.github/helm/affine-cloud/.gitignore
+++ b/.github/helm/affine-cloud/.gitignore
@@ -0,0 +1 @@
+charts/
--- a/.github/helm/affine-cloud/.helmignore
+++ b/.github/helm/affine-cloud/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
--- a/.github/helm/affine-cloud/Chart.lock
+++ b/.github/helm/affine-cloud/Chart.lock
@@ -0,0 +1,6 @@
+dependencies:
+- name: postgresql
+  repository: https://charts.bitnami.com/bitnami
+  version: 13.2.23
+digest: sha256:5b64538509bd067bb0f67bf082847a2c5d66dc37d0b9d7948a40405d9c446400
+generated: "2023-12-05T03:04:57.997927753Z"
--- a/.github/helm/affine-cloud/Chart.yaml
+++ b/.github/helm/affine-cloud/Chart.yaml
@@ -0,0 +1,12 @@
+apiVersion: v2
+name: affine-cloud
+description: A Helm chart for AFFiNE Cloud
+
+type: application
+version: 0.6.1
+appVersion: '0.6.1'
+
+dependencies:
+  - name: postgresql
+    version: 13.2.23
+    repository: https://charts.bitnami.com/bitnami
--- a/.github/helm/affine-cloud/readme.md
+++ b/.github/helm/affine-cloud/readme.md
@@ -0,0 +1,30 @@
+# Helm Chart Configuration
+
+The following table lists the configurable parameters of this Helm chart and their default values.
+
+## AFFiNE Cloud Server parameters
+
+| Parameter                      | Description                                        | Default            |
+| ------------------------------ | -------------------------------------------------- | ------------------ |
+| `affineCloud.tag`              | The Docker tag of the AffineCloud image to be used | `'nightly-latest'` |
+| `affineCloud.resources.cpu`    | The CPU resources allocated for AffineCloud        | `'250m'`           |
+| `affineCloud.resources.memory` | The memory resources allocated for AffineCloud     | `'0.5Gi'`          |
+| `affineCloud.signKey`          | The key used to sign the JWT tokens                | `'c2VjcmV0'`       |
+| `affineCloud.service.type`     | The type of the Kubernetes service                 | `'ClusterIP'`      |
+| `affineCloud.service.port`     | The port of the Kubernetes service                 | `'http'`           |
+| `affineCloud.mail.account`     | The email account used to send emails              | `''`               |
+| `affineCloud.mail.password`    | The password of the email account                  | `''`               |
+
+## PostgreSQL parameters
+
+| Parameter                                    | Description                                                                           | Default      |
+| -------------------------------------------- | ------------------------------------------------------------------------------------- | ------------ |
+| `postgresql.auth.username`                   | Username for the PostgreSQL database                                                  | `'affine'`   |
+| `postgresql.auth.password`                   | Password for the PostgreSQL database. Please change this for production environments. | `'password'` |
+| `postgresql.auth.database`                   | The name of the default database that will be created on image startup                | `'affine'`   |
+| `postgresql.primary.resources.limits.cpu`    | The CPU resources allocated for the PostgreSQL primary node                           | `'500m'`     |
+| `postgresql.primary.resources.limits.memory` | The memory resources allocated for the PostgreSQL primary node                        | `'0.5Gi'`    |
+
+For more postgres parameters, please refer to: https://artifacthub.io/packages/helm/bitnami/postgresql
+
+Please note that for the `postgresql.auth.password`, you should provide your own password for production environments. The default value is provided only for demonstration purposes.
--- a/.github/helm/affine-cloud/templates/_helper.tpl
+++ b/.github/helm/affine-cloud/templates/_helper.tpl
@@ -0,0 +1,51 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "affine-cloud.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "affine-cloud.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "affine-cloud.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "affine-cloud.labels" -}}
+helm.sh/chart: {{ include "affine-cloud.chart" . }}
+{{ include "affine-cloud.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "affine-cloud.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "affine-cloud.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
--- a/.github/helm/affine-cloud/templates/deployment.yaml
+++ b/.github/helm/affine-cloud/templates/deployment.yaml
@@ -0,0 +1,51 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: "{{ include "affine-cloud.fullname" . }}"
+  labels:
+    {{- include "affine-cloud.labels" . | nindent 4 }}
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      {{- include "affine-cloud.selectorLabels" . | nindent 6 }}
+  strategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxUnavailable: 2
+  template:
+    metadata:
+      labels:
+        {{- include "affine-cloud.selectorLabels" . | nindent 8 }}
+    spec:
+      restartPolicy: Always
+      containers:
+      - name: affine-cloud
+        image: "ghcr.io/toeverything/cloud-self-hosted:{{ .Values.affineCloud.tag | default .Chart.AppVersion }}"
+        env:
+        - name: PG_USER
+          value: "{{ .Values.postgresql.auth.username }}"
+        - name: PG_PASS
+          value: "{{ .Values.postgresql.auth.password }}"
+        - name: PG_DATABASE
+          value: "{{ .Values.postgresql.auth.database }}"
+        - name: PG_HOST
+          value: "{{ .Values.postgresql.fullnameOverride | default (printf "%s-postgresql" .Release.Name) }}"
+        - name: DATABASE_URL
+          value: "{{ .Values.affineCloud.databaseUrl | default "postgresql://$(PG_USER):$(PG_PASS)@$(PG_HOST)/$(PG_DATABASE)" }}"
+        envFrom:
+        - secretRef:
+            name: affine-cloud-secret
+        ports:
+        - containerPort: 3000
+        livenessProbe:
+          httpGet:
+            path: /api/healthz
+            port: 3000
+          failureThreshold: 1
+          initialDelaySeconds: 10
+          periodSeconds: 10
+        resources:
+          limits:
+            cpu: "{{ .Values.affineCloud.resources.cpu }}"
+            memory: "{{ .Values.affineCloud.resources.memory }}"
--- a/.github/helm/affine-cloud/templates/secret.yaml
+++ b/.github/helm/affine-cloud/templates/secret.yaml
@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: affine-cloud-secret
+type: Opaque
+data:
+  SIGN_KEY: "{{ .Values.affineCloud.signKey }}"
+  MAIL_ACCOUNT: "{{ .Values.affineCloud.mail.account }}"
+  MAIL_PASSWORD: "{{ .Values.affineCloud.mail.password }}"
--- a/.github/helm/affine-cloud/templates/services.yaml
+++ b/.github/helm/affine-cloud/templates/services.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: "{{ include "affine-cloud.fullname" . }}"
+  labels:
+    {{- include "affine-cloud.labels" . | nindent 4 }}
+spec:
+  type: "{{ .Values.affineCloud.service.type }}"
+  ports:
+    - name: http
+      protocol: TCP
+      port: {{ .Values.affineCloud.service.port }}
+      targetPort: 3000
+  selector:
+    {{- include "affine-cloud.selectorLabels" . | nindent 4 }}
--- a/.github/helm/affine-cloud/values.yaml
+++ b/.github/helm/affine-cloud/values.yaml
@@ -0,0 +1,30 @@
+affineCloud:
+  tag: 'canary-5e0d5e0cc65ea46f326fdde12658bfac59b38c9f-0949'
+  # databaseUrl: 'postgresql://affine:password@affine-cloud-postgresql:5432/affine'
+  signKey: TUFtdFdzQTJhdGJuem01TA==
+  mail:
+    account: ''
+    password: ''
+  service:
+    type: ClusterIP
+    port: 80
+  resources:
+    cpu: '250m'
+    memory: 0.5Gi
+postgresql:
+  fullnameOverride: tcp-postgresql
+  auth:
+    # only for demo, please modify it at prod env
+    username: affine
+    password: password
+    database: affine
+  primary:
+    initdb:
+      scripts:
+        01-init.sql: |
+          CREATE DATABASE affine_binary;
+          GRANT ALL PRIVILEGES ON DATABASE affine_binary TO affine;
+    resources:
+      limits:
+        cpu: '500m'
+        memory: 0.5Gi
--- a/.github/helm/affine/Chart.yaml
+++ b/.github/helm/affine/Chart.yaml
@@ -3,4 +3,4 @@ name: affine
 description: AFFiNE cloud chart
 type: application
 version: 0.0.0
-appVersion: "0.21.0"
+appVersion: "0.11.0"
--- a/.github/helm/affine/charts/doc/Chart.yaml
+++ b/.github/helm/affine/charts/doc/Chart.yaml
@@ -1,11 +0,0 @@
-apiVersion: v2
-name: doc
-description: AFFiNE doc server
-type: application
-version: 0.0.0
-appVersion: "0.20.0"
-dependencies:
-  - name: gcloud-sql-proxy
-    version: 0.0.0
-    repository: "file://../gcloud-sql-proxy"
-    condition: .global.database.gcloud.enabled
--- a/.github/helm/affine/charts/doc/templates/NOTES.txt
+++ b/.github/helm/affine/charts/doc/templates/NOTES.txt
@@ -1,16 +0,0 @@
-1. Get the application URL by running these commands:
-{{- if contains "NodePort" .Values.service.type }}
-  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "doc.fullname" . }})
-  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
-  echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
-     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
-           You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "doc.fullname" . }}'
-  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "doc.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
-  echo http://$SERVICE_IP:{{ .Values.service.port }}
-{{- else if contains "ClusterIP" .Values.service.type }}
-  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "doc.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
-  export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
-  echo "Visit http://127.0.0.1:8080 to use your application"
-  kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT
-{{- end }}
--- a/.github/helm/affine/charts/doc/templates/_helpers.tpl
+++ b/.github/helm/affine/charts/doc/templates/_helpers.tpl
@@ -1,63 +0,0 @@
-{{/*
-Expand the name of the chart.
-*/}}
-{{- define "doc.name" -}}
-{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
-{{- end }}
-
-{{/*
-Create a default fully qualified app name.
-We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
-If release name contains chart name it will be used as a full name.
-*/}}
-{{- define "doc.fullname" -}}
-{{- if .Values.fullnameOverride }}
-{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
-{{- else }}
-{{- $name := default .Chart.Name .Values.nameOverride }}
-{{- if contains $name .Release.Name }}
-{{- .Release.Name | trunc 63 | trimSuffix "-" }}
-{{- else }}
-{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
-{{- end }}
-{{- end }}
-{{- end }}
-
-{{/*
-Create chart name and version as used by the chart label.
-*/}}
-{{- define "doc.chart" -}}
-{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
-{{- end }}
-
-{{/*
-Common labels
-*/}}
-{{- define "doc.labels" -}}
-helm.sh/chart: {{ include "doc.chart" . }}
-{{ include "doc.selectorLabels" . }}
-{{- if .Chart.AppVersion }}
-app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
-{{- end }}
-app.kubernetes.io/managed-by: {{ .Release.Service }}
-monitoring: enabled
-{{- end }}
-
-{{/*
-Selector labels
-*/}}
-{{- define "doc.selectorLabels" -}}
-app.kubernetes.io/name: {{ include "doc.name" . }}
-app.kubernetes.io/instance: {{ .Release.Name }}
-{{- end }}
-
-{{/*
-Create the name of the service account to use
-*/}}
-{{- define "doc.serviceAccountName" -}}
-{{- if .Values.serviceAccount.create }}
-{{- default (include "doc.fullname" .) .Values.global.docService.name }}
-{{- else }}
-{{- default "default" .Values.global.docService.name }}
-{{- end }}
-{{- end }}
--- a/.github/helm/affine/charts/doc/templates/deployment.yaml
+++ b/.github/helm/affine/charts/doc/templates/deployment.yaml
@@ -1,107 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: {{ include "doc.fullname" . }}
-  labels:
-    {{- include "doc.labels" . | nindent 4 }}
-spec:
-  replicas: {{ .Values.replicaCount }}
-  selector:
-    matchLabels:
-      {{- include "doc.selectorLabels" . | nindent 6 }}
-  template:
-    metadata:
-      {{- with .Values.podAnnotations }}
-      annotations:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      labels:
-        {{- include "doc.selectorLabels" . | nindent 8 }}
-    spec:
-      {{- with .Values.imagePullSecrets }}
-      imagePullSecrets:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      serviceAccountName: {{ include "doc.serviceAccountName" . }}
-      containers:
-        - name: {{ .Chart.Name }}
-          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
-          imagePullPolicy: {{ .Values.image.pullPolicy }}
-          env:
-          - name: AFFINE_PRIVATE_KEY
-            valueFrom:
-              secretKeyRef:
-                name: "{{ .Values.global.secret.secretName }}"
-                key: key
-          - name: NODE_ENV
-            value: "{{ .Values.env }}"
-          - name: NODE_OPTIONS
-            value: "--max-old-space-size=4096"
-          - name: NO_COLOR
-            value: "1"
-          - name: DEPLOYMENT_TYPE
-            value: "{{ .Values.global.deployment.type }}"
-          - name: DEPLOYMENT_PLATFORM
-            value: "{{ .Values.global.deployment.platform }}"
-          - name: SERVER_FLAVOR
-            value: "doc"
-          - name: AFFINE_ENV
-            value: "{{ .Release.Namespace }}"
-          - name: DATABASE_PASSWORD
-            valueFrom:
-              secretKeyRef:
-                name: pg-postgresql
-                key: postgres-password
-          - name: DATABASE_URL
-            value: postgres://{{ .Values.global.database.user }}:$(DATABASE_PASSWORD)@{{ .Values.global.database.host }}:{{ .Values.global.database.port }}/{{ .Values.global.database.name }}
-          - name: REDIS_SERVER_ENABLED
-            value: "true"
-          - name: REDIS_SERVER_HOST
-            value: "{{ .Values.global.redis.host }}"
-          - name: REDIS_SERVER_PORT
-            value: "{{ .Values.global.redis.port }}"
-          - name: REDIS_SERVER_USER
-            value: "{{ .Values.global.redis.username }}"
-          - name: REDIS_SERVER_PASSWORD
-            valueFrom:
-              secretKeyRef:
-                name: redis
-                key: redis-password
-          - name: REDIS_SERVER_DATABASE
-            value: "{{ .Values.global.redis.database }}"
-          - name: AFFINE_SERVER_PORT
-            value: "{{ .Values.global.docService.port }}"
-          - name: AFFINE_SERVER_SUB_PATH
-            value: "{{ .Values.app.path }}"
-          - name: AFFINE_SERVER_HOST
-            value: "{{ .Values.app.host }}"
-          - name: AFFINE_SERVER_HTTPS
-            value: "{{ .Values.app.https }}"
-          ports:
-            - name: http
-              containerPort: {{ .Values.global.docService.port }}
-              protocol: TCP
-          livenessProbe:
-            httpGet:
-              path: /info
-              port: http
-            initialDelaySeconds: {{ .Values.probe.initialDelaySeconds }}
-          readinessProbe:
-            httpGet:
-              path: /info
-              port: http
-            initialDelaySeconds: {{ .Values.probe.initialDelaySeconds }}
-          resources:
-            {{- toYaml .Values.resources | nindent 12 }}
-      {{- with .Values.nodeSelector }}
-      nodeSelector:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.affinity }}
-      affinity:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.tolerations }}
-      tolerations:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
--- a/.github/helm/affine/charts/doc/templates/service.yaml
+++ b/.github/helm/affine/charts/doc/templates/service.yaml
@@ -1,19 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ include "doc.fullname" . }}
-  labels:
-    {{- include "doc.labels" . | nindent 4 }}
-  {{- with .Values.service.annotations }}
-  annotations:
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
-spec:
-  type: {{ .Values.service.type }}
-  ports:
-    - port: {{ .Values.global.docService.port }}
-      targetPort: http
-      protocol: TCP
-      name: http
-  selector:
-    {{- include "doc.selectorLabels" . | nindent 4 }}
--- a/.github/helm/affine/charts/doc/templates/serviceaccount.yaml
+++ b/.github/helm/affine/charts/doc/templates/serviceaccount.yaml
@@ -1,12 +0,0 @@
-{{- if .Values.serviceAccount.create -}}
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: {{ include "doc.serviceAccountName" . }}
-  labels:
-    {{- include "doc.labels" . | nindent 4 }}
-  {{- with .Values.serviceAccount.annotations }}
-  annotations:
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
-{{- end }}
--- a/.github/helm/affine/charts/doc/templates/tests/test-connection.yaml
+++ b/.github/helm/affine/charts/doc/templates/tests/test-connection.yaml
@@ -1,15 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: "{{ include "doc.fullname" . }}-test-connection"
-  labels:
-    {{- include "doc.labels" . | nindent 4 }}
-  annotations:
-    "helm.sh/hook": test
-spec:
-  containers:
-    - name: wget
-      image: busybox
-      command: ['wget']
-      args: ['{{ include "doc.fullname" . }}:{{ .Values.global.docService.port }}']
-  restartPolicy: Never
--- a/.github/helm/affine/charts/doc/values.yaml
+++ b/.github/helm/affine/charts/doc/values.yaml
@@ -1,42 +0,0 @@
-replicaCount: 1
-image:
-  repository: ghcr.io/toeverything/affine-graphql
-  pullPolicy: IfNotPresent
-  tag: ''
-
-imagePullSecrets: []
-nameOverride: ''
-fullnameOverride: ''
-# map to NODE_ENV environment variable
-env: 'production'
-app:
-  # AFFINE_SERVER_SUB_PATH
-  path: ''
-  # AFFINE_SERVER_HOST
-  host: '0.0.0.0'
-  https: true
-  copilot:
-    enabled: false
-    secretName: copilot
-    openai:
-      key: ''
-serviceAccount:
-  create: true
-  annotations: {}
-
-podAnnotations: {}
-
-podSecurityContext:
-  fsGroup: 2000
-
-resources:
-  requests:
-    cpu: '1'
-    memory: 4Gi
-
-probe:
-  initialDelaySeconds: 20
-
-nodeSelector: {}
-tolerations: []
-affinity: {}
--- a/.github/helm/affine/charts/gcloud-sql-proxy/templates/NOTES.txt
+++ b/.github/helm/affine/charts/gcloud-sql-proxy/templates/NOTES.txt
@@ -1,4 +1,4 @@
-{{- if .Values.enabled -}}
+{{- if .Values.global.database.gcloud.enabled -}}
 1. Get the application URL by running these commands:
 {{- if contains "NodePort" .Values.service.type }}
  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "gcloud-sql-proxy.fullname" . }})
--- a/.github/helm/affine/charts/gcloud-sql-proxy/templates/deployment.yaml
+++ b/.github/helm/affine/charts/gcloud-sql-proxy/templates/deployment.yaml
@@ -1,4 +1,4 @@
-{{- if .Values.enabled -}}
+{{- if .Values.global.database.gcloud.enabled -}}
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -42,7 +42,7 @@ spec:
            - "0.0.0.0"
            - "--structured-logs"
            - "--auto-iam-authn"
-            - "{{ .Values.database.connectionName }}"
+            - "{{ .Values.global.database.gcloud.connectionName }}"
          env:
            # Enable HTTP healthchecks on port 9801. This enables /liveness,
            # /readiness and /startup health check endpoints. Allow connections
@@ -56,7 +56,7 @@ spec:
              value: 0.0.0.0
          ports:
            - name: cloud-sql-proxy
-              containerPort: {{ .Values.service.port }}
+              containerPort: {{ .Values.global.database.gcloud.proxyPort }}
              protocol: TCP
            - containerPort: 9801
              protocol: TCP
--- a/.github/helm/affine/charts/gcloud-sql-proxy/templates/service.yaml
+++ b/.github/helm/affine/charts/gcloud-sql-proxy/templates/service.yaml
@@ -1,4 +1,4 @@
-{{- if .Values.enabled -}}
+{{- if .Values.global.database.gcloud.enabled -}}
 apiVersion: v1
 kind: Service
 metadata:
--- a/.github/helm/affine/charts/gcloud-sql-proxy/templates/serviceaccount.yaml
+++ b/.github/helm/affine/charts/gcloud-sql-proxy/templates/serviceaccount.yaml
@@ -1,4 +1,4 @@
-{{- if .Values.enabled -}}
+{{- if .Values.global.database.gcloud.enabled -}}
 {{- if .Values.serviceAccount.create -}}
 apiVersion: v1
 kind: ServiceAccount
--- a/.github/helm/affine/charts/gcloud-sql-proxy/templates/tests/test-connection.yaml
+++ b/.github/helm/affine/charts/gcloud-sql-proxy/templates/tests/test-connection.yaml
@@ -1,4 +1,4 @@
-{{- if .Values.enabled -}}
+{{- if .Values.global.database.gcloud.enabled -}}
 apiVersion: v1
 kind: Pod
 metadata:
--- a/.github/helm/affine/charts/gcloud-sql-proxy/values.yaml
+++ b/.github/helm/affine/charts/gcloud-sql-proxy/values.yaml
@@ -1,7 +1,4 @@
 replicaCount: 3
-enabled: false
-database: 
-  connectionName: ""

 image:
  # the tag is defined as chart appVersion.
--- a/.github/helm/affine/charts/graphql/Chart.yaml
+++ b/.github/helm/affine/charts/graphql/Chart.yaml
@@ -3,7 +3,7 @@ name: graphql
 description: AFFiNE GraphQL server
 type: application
 version: 0.0.0
-appVersion: "0.21.0"
+appVersion: "0.11.0"
 dependencies:
  - name: gcloud-sql-proxy
    version: 0.0.0
--- a/.github/helm/affine/charts/graphql/templates/_helpers.tpl
+++ b/.github/helm/affine/charts/graphql/templates/_helpers.tpl
@@ -61,3 +61,18 @@ Create the name of the service account to use
 {{- default "default" .Values.serviceAccount.name }}
 {{- end }}
 {{- end }}
+
+{{- define "jwt.key" -}}
+{{- $secret := lookup "v1" "Secret" .Release.Namespace .Values.app.jwt.secretName -}}
+{{- if and $secret $secret.data.private -}}
+{{/*
+   Reusing existing secret data
+*/}}
+key: {{ $secret.data.private }}
+{{- else -}}
+{{/*
+    Generate new data
+*/}}
+key: {{ genPrivateKey "ecdsa" | b64enc }}
+{{- end -}}
+{{- end -}}
--- a/.github/helm/affine/charts/graphql/templates/captcha-secret.yaml
+++ b/.github/helm/affine/charts/graphql/templates/captcha-secret.yaml
@@ -0,0 +1,9 @@
+{{- if .Values.app.captcha.enabled -}}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: "{{ .Values.app.captcha.secretName }}"
+type: Opaque
+data:
+  turnstileSecret: {{ .Values.app.captcha.turnstile.secret | b64enc }}
+{{- end }}
--- a/.github/helm/affine/charts/graphql/templates/deployment.yaml
+++ b/.github/helm/affine/charts/graphql/templates/deployment.yaml
@@ -28,32 +28,32 @@ spec:
          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
          imagePullPolicy: {{ .Values.image.pullPolicy }}
          env:
-          - name: AFFINE_PRIVATE_KEY
+          - name: AUTH_PRIVATE_KEY
            valueFrom:
              secretKeyRef:
-                name: "{{ .Values.global.secret.secretName }}"
+                name: "{{ .Values.app.jwt.secretName }}"
                key: key
          - name: NODE_ENV
            value: "{{ .Values.env }}"
          - name: NODE_OPTIONS
-            value: "--max-old-space-size=2048"
+            value: "--max-old-space-size=4096"
          - name: NO_COLOR
            value: "1"
-          - name: DEPLOYMENT_TYPE
-            value: "{{ .Values.global.deployment.type }}"
-          - name: DEPLOYMENT_PLATFORM
-            value: "{{ .Values.global.deployment.platform }}"
          - name: SERVER_FLAVOR
            value: "graphql"
          - name: AFFINE_ENV
            value: "{{ .Release.Namespace }}"
+          - name: NEXTAUTH_URL
+            value: "{{ .Values.global.ingress.host }}"
          - name: DATABASE_PASSWORD
            valueFrom:
              secretKeyRef:
                name: pg-postgresql
                key: postgres-password
          - name: DATABASE_URL
-            value: postgres://{{ .Values.global.database.user }}:$(DATABASE_PASSWORD)@{{ .Values.global.database.host }}:{{ .Values.global.database.port }}/{{ .Values.global.database.name }}
+            value: postgres://{{ .Values.global.database.user }}:$(DATABASE_PASSWORD)@{{ .Values.global.database.url }}:{{ .Values.global.database.port }}/{{ .Values.global.database.name }}
+          - name: REDIS_SERVER_ENABLED
+            value: "true"
          - name: REDIS_SERVER_HOST
            value: "{{ .Values.global.redis.host }}"
          - name: REDIS_SERVER_PORT
@@ -73,22 +73,118 @@ spec:
            value: "{{ .Values.app.path }}"
          - name: AFFINE_SERVER_HOST
            value: "{{ .Values.app.host }}"
-          - name: AFFINE_SERVER_HTTPS
-            value: "{{ .Values.app.https }}"
-          - name: DOC_SERVICE_ENDPOINT
-            value: "http://{{ .Values.global.docService.name }}:{{ .Values.global.docService.port }}"
+          - name: ENABLE_R2_OBJECT_STORAGE
+            value: "{{ .Values.app.objectStorage.r2.enabled }}"
+          - name: ENABLE_CAPTCHA
+            value: "{{ .Values.app.captcha.enabled }}"
+          - name: FEATURES_EARLY_ACCESS_PREVIEW
+            value: "{{ .Values.app.features.earlyAccessPreview }}"
+          - name: OAUTH_EMAIL_SENDER
+            valueFrom:
+              secretKeyRef:
+                name: "{{ .Values.app.oauth.email.secretName }}"
+                key: sender
+          - name: OAUTH_EMAIL_LOGIN
+            valueFrom:
+              secretKeyRef:
+                name: "{{ .Values.app.oauth.email.secretName }}"
+                key: login
+          - name: OAUTH_EMAIL_SERVER
+            valueFrom:
+              secretKeyRef:
+                name: "{{ .Values.app.oauth.email.secretName }}"
+                key: server
+          - name: OAUTH_EMAIL_PORT
+            valueFrom:
+              secretKeyRef:
+                name: "{{ .Values.app.oauth.email.secretName }}"
+                key: port
+          - name: OAUTH_EMAIL_PASSWORD
+            valueFrom:
+              secretKeyRef:
+                name: "{{ .Values.app.oauth.email.secretName }}"
+                key: password
+          - name: STRIPE_API_KEY
+            valueFrom:
+              secretKeyRef:
+                name: "{{ .Values.app.payment.stripe.secretName }}"
+                key: stripeAPIKey
+          - name: STRIPE_WEBHOOK_KEY
+            valueFrom:
+              secretKeyRef:
+                name: "{{ .Values.app.payment.stripe.secretName }}"
+                key: stripeWebhookKey
+          - name: DOC_MERGE_INTERVAL
+            value: "{{ .Values.app.doc.mergeInterval }}"
+          {{ if .Values.app.experimental.enableJwstCodec }}
+          - name: DOC_MERGE_USE_JWST_CODEC
+            value: "true"
+          {{ end }}
+          {{ if .Values.app.objectStorage.r2.enabled }}
+          - name: R2_OBJECT_STORAGE_ACCOUNT_ID
+            valueFrom:
+              secretKeyRef:
+                name: "{{ .Values.app.objectStorage.r2.secretName }}"
+                key: accountId
+          - name: R2_OBJECT_STORAGE_ACCESS_KEY_ID
+            valueFrom:
+              secretKeyRef:
+                name: "{{ .Values.app.objectStorage.r2.secretName }}"
+                key: accessKeyId
+          - name: R2_OBJECT_STORAGE_SECRET_ACCESS_KEY
+            valueFrom:
+              secretKeyRef:
+                name: "{{ .Values.app.objectStorage.r2.secretName }}"
+                key: secretAccessKey
+          - name: R2_OBJECT_STORAGE_BUCKET
+            valueFrom:
+              secretKeyRef:
+                name: "{{ .Values.app.objectStorage.r2.secretName }}"
+                key: bucket
+          {{ end }}
+          {{ if .Values.app.captcha.enabled }}
+          - name: CAPTCHA_TURNSTILE_SECRET
+            valueFrom:
+              secretKeyRef:
+                name: "{{ .Values.app.captcha.secretName }}"
+                key: turnstileSecret
+          {{ end }}
+          {{ if .Values.app.oauth.google.enabled }}
+          - name: OAUTH_GOOGLE_CLIENT_ID
+            valueFrom:
+              secretKeyRef:
+                name: "{{ .Values.app.oauth.google.secretName }}"
+                key: clientId
+          - name: OAUTH_GOOGLE_CLIENT_SECRET
+            valueFrom:
+              secretKeyRef:
+                name: "{{ .Values.app.oauth.google.secretName }}"
+                key: clientSecret
+          {{ end }}
+          {{ if .Values.app.oauth.github.enabled }}
+          - name: OAUTH_GITHUB_CLIENT_ID
+            valueFrom:
+              secretKeyRef:
+                name: "{{ .Values.app.oauth.github.secretName }}"
+                key: clientId
+          - name: OAUTH_GITHUB_CLIENT_SECRET
+            valueFrom:
+              secretKeyRef:
+                name: "{{ .Values.app.oauth.github.secretName }}"
+                key: clientSecret
+          {{ end }}
          ports:
            - name: http
              containerPort: {{ .Values.service.port }}
              protocol: TCP
          livenessProbe:
            httpGet:
-              path: /info
+              path: /
              port: http
            initialDelaySeconds: {{ .Values.probe.initialDelaySeconds }}
          readinessProbe:
            httpGet:
-              path: /info
+              path: /
              port: http
            initialDelaySeconds: {{ .Values.probe.initialDelaySeconds }}
          resources:
--- a/.github/helm/affine/charts/graphql/templates/jwt-secret.yaml
+++ b/.github/helm/affine/charts/graphql/templates/jwt-secret.yaml
@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: "{{ .Values.app.jwt.secretName }}"
+type: Opaque
+data:
+{{- ( include "jwt.key" . ) | indent 2 -}}
--- a/.github/helm/affine/charts/graphql/templates/migration.yaml
+++ b/.github/helm/affine/charts/graphql/templates/migration.yaml
@@ -22,28 +22,19 @@ spec:
            value: "{{ .Values.env }}"
          - name: AFFINE_ENV
            value: "{{ .Release.Namespace }}"
-          - name: DEPLOYMENT_TYPE
-            value: "{{ .Values.global.deployment.type }}"
-          - name: DEPLOYMENT_PLATFORM
-            value: "{{ .Values.global.deployment.platform }}"
          - name: DATABASE_PASSWORD
            valueFrom:
              secretKeyRef:
                name: pg-postgresql
                key: postgres-password
+          {{ if not .Values.global.database.gcloud.enabled }}
          - name: DATABASE_URL
-            value: postgres://{{ .Values.global.database.user }}:$(DATABASE_PASSWORD)@{{ .Values.global.database.host }}:{{ .Values.global.database.port }}/{{ .Values.global.database.name }}
-          - name: REDIS_SERVER_HOST
-            value: "{{ .Values.global.redis.host }}"
-          - name: REDIS_SERVER_PORT
-            value: "{{ .Values.global.redis.port }}"
-          - name: REDIS_SERVER_USER
-            value: "{{ .Values.global.redis.username }}"
-          - name: REDIS_SERVER_PASSWORD
-            valueFrom:
-              secretKeyRef:
-                name: redis
-                key: redis-password
+            value: postgres://{{ .Values.global.database.user }}:$(DATABASE_PASSWORD)@{{ .Values.global.database.url }}:{{ .Values.global.database.port }}/{{ .Values.global.database.name }}
+          {{ end }}
+          {{ if .Values.global.database.gcloud.enabled }}
+          - name: DATABASE_URL
+            value: postgres://{{ .Values.global.database.user }}:$(DATABASE_PASSWORD)@{{ .Values.global.database.gcloud.cloudSqlInternal }}:{{ .Values.global.database.port }}/{{ .Values.global.database.name }}
+          {{ end }}
        resources:
          requests:
            cpu: '100m'
--- a/.github/helm/affine/charts/graphql/templates/oauth.yaml
+++ b/.github/helm/affine/charts/graphql/templates/oauth.yaml
@@ -0,0 +1,33 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: "{{ .Values.app.oauth.email.secretName }}"
+type: Opaque
+data:
+  sender: "{{ .Values.app.oauth.email.sender | b64enc }}"
+  login: "{{ .Values.app.oauth.email.login | b64enc }}"
+  password: "{{ .Values.app.oauth.email.password | b64enc }}"
+  server: "{{ .Values.app.oauth.email.server | b64enc }}"
+  port: "{{ .Values.app.oauth.email.port | b64enc }}"
+---
+{{- if .Values.app.oauth.google.enabled -}}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: "{{ .Values.app.oauth.google.secretName }}"
+type: Opaque
+data:
+  clientId: "{{ .Values.app.oauth.google.clientId | b64enc }}"
+  clientSecret: "{{ .Values.app.oauth.google.clientSecret | b64enc }}"
+{{- end }}
+---
+{{- if .Values.app.oauth.github.enabled -}}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: "{{ .Values.app.oauth.github.secretName }}"
+type: Opaque
+data:
+  clientId: "{{ .Values.app.oauth.github.clientId | b64enc }}"
+  clientSecret: "{{ .Values.app.oauth.github.clientSecret | b64enc }}"
+{{- end }}
--- a/.github/helm/affine/charts/graphql/templates/payment.yml
+++ b/.github/helm/affine/charts/graphql/templates/payment.yml
@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: "{{ .Values.app.payment.stripe.secretName }}"
+type: Opaque
+data:
+  stripeAPIKey: "{{ .Values.app.payment.stripe.apiKey | b64enc }}"
+  stripeWebhookKey: "{{ .Values.app.payment.stripe.webhookKey | b64enc }}"
--- a/.github/helm/affine/charts/graphql/templates/pg-secret.yaml
+++ b/.github/helm/affine/charts/graphql/templates/pg-secret.yaml
--- a/.github/helm/affine/charts/graphql/templates/r2-secret.yaml
+++ b/.github/helm/affine/charts/graphql/templates/r2-secret.yaml
@@ -0,0 +1,12 @@
+{{- if .Values.app.objectStorage.r2.enabled -}}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: "{{ .Values.app.objectStorage.r2.secretName }}"
+type: Opaque
+data:
+  accountId: {{ .Values.app.objectStorage.r2.accountId | b64enc }}
+  accessKeyId: {{ .Values.app.objectStorage.r2.accessKeyId | b64enc }}
+  secretAccessKey: {{ .Values.app.objectStorage.r2.secretAccessKey | b64enc }}
+  bucket: {{ .Values.app.objectStorage.r2.bucket | b64enc }}
+{{- end }}
--- a/.github/helm/affine/charts/graphql/templates/redis-secret.yaml
+++ b/.github/helm/affine/charts/graphql/templates/redis-secret.yaml
--- a/.github/helm/affine/charts/graphql/templates/secret.yaml
+++ b/.github/helm/affine/charts/graphql/templates/secret.yaml
@@ -1,18 +0,0 @@
-{{- $privateKey := default (genPrivateKey "ecdsa") .Values.global.secret.privateKey | b64enc | quote }}
-
-{{- if not .Values.global.secret.privateKey }}
-{{- $existingKey := (lookup "v1" "Secret" .Release.Namespace .Values.global.secret.secretName) }}
-{{- if $existingKey }}
-{{- $privateKey = index $existingKey.data "key" }}
-{{- end -}}
-{{- end -}}
-
-apiVersion: v1
-kind: Secret
-metadata:
-  name: {{ .Values.global.secret.secretName }}
-  annotations:
-    "helm.sh/resource-policy": "keep"
-type: Opaque
-data:
-  key: {{ $privateKey }}
--- a/.github/helm/affine/charts/graphql/templates/service.yaml
+++ b/.github/helm/affine/charts/graphql/templates/service.yaml
@@ -4,10 +4,6 @@ metadata:
  name: {{ include "graphql.fullname" . }}
  labels:
    {{- include "graphql.labels" . | nindent 4 }}
-  {{- with .Values.service.annotations }}
-  annotations:
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
 spec:
  type: {{ .Values.service.type }}
  ports:
--- a/.github/helm/affine/charts/graphql/values.yaml
+++ b/.github/helm/affine/charts/graphql/values.yaml
@@ -10,12 +10,57 @@ fullnameOverride: ''
 # map to NODE_ENV environment variable
 env: 'production'
 app:
+  experimental:
+    enableJwstCodec: true
  # AFFINE_SERVER_SUB_PATH
  path: ''
  # AFFINE_SERVER_HOST
  host: '0.0.0.0'
-  https: true
-  
+  doc:
+    mergeInterval: "3000"
+  jwt:
+    secretName: jwt-private-key
+    # base64 encoded ecdsa private key
+    privateKey: ''
+  captcha:
+    enable: false
+    secretName: captcha
+    turnstile:
+      secret: ''
+  objectStorage:
+    r2:
+      enabled: false
+      secretName: r2
+      accountId: ''
+      accessKeyId: ''
+      secretAccessKey: ''
+      bucket: ''
+  oauth:
+    email:
+      secretName: 'oauth-email'
+      sender: 'noreply@toeverything.info'
+      login: ''
+      password: ''
+      server: 'smtp.gmail.com'
+      port: '465'
+    google:
+      enabled: false
+      secretName: oauth-google
+      clientId: ''
+      clientSecret: ''
+    github:
+      enabled: false
+      secretName: oauth-github
+      clientId: ''
+      clientSecret: ''
+  payment:
+    stripe:
+      secretName: 'stripe'
+      apiKey: ''
+      webhookKey: ''
+  features:
+    earlyAccessPreview: false
+
 serviceAccount:
  create: true
  annotations: {}
@@ -28,8 +73,8 @@ podSecurityContext:

 resources:
  requests:
-    cpu: '2'
-    memory: 2Gi
+    cpu: '4'
+    memory: 4Gi

 probe:
  initialDelaySeconds: 20
--- a/.github/helm/affine/charts/renderer/Chart.yaml
+++ b/.github/helm/affine/charts/renderer/Chart.yaml
@@ -1,11 +0,0 @@
-apiVersion: v2
-name: renderer
-description: AFFiNE renderer server
-type: application
-version: 0.0.0
-appVersion: "0.16.0"
-dependencies:
-  - name: gcloud-sql-proxy
-    version: 0.0.0
-    repository: "file://../gcloud-sql-proxy"
-    condition: .global.database.gcloud.enabled
--- a/.github/helm/affine/charts/renderer/templates/NOTES.txt
+++ b/.github/helm/affine/charts/renderer/templates/NOTES.txt
@@ -1,16 +0,0 @@
-1. Get the application URL by running these commands:
-{{- if contains "NodePort" .Values.service.type }}
-  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "renderer.fullname" . }})
-  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
-  echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
-     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
-           You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "renderer.fullname" . }}'
-  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "renderer.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
-  echo http://$SERVICE_IP:{{ .Values.service.port }}
-{{- else if contains "ClusterIP" .Values.service.type }}
-  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "renderer.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
-  export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
-  echo "Visit http://127.0.0.1:8080 to use your application"
-  kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT
-{{- end }}
--- a/.github/helm/affine/charts/renderer/templates/_helpers.tpl
+++ b/.github/helm/affine/charts/renderer/templates/_helpers.tpl
@@ -1,63 +0,0 @@
-{{/*
-Expand the name of the chart.
-*/}}
-{{- define "renderer.name" -}}
-{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
-{{- end }}
-
-{{/*
-Create a default fully qualified app name.
-We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
-If release name contains chart name it will be used as a full name.
-*/}}
-{{- define "renderer.fullname" -}}
-{{- if .Values.fullnameOverride }}
-{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
-{{- else }}
-{{- $name := default .Chart.Name .Values.nameOverride }}
-{{- if contains $name .Release.Name }}
-{{- .Release.Name | trunc 63 | trimSuffix "-" }}
-{{- else }}
-{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
-{{- end }}
-{{- end }}
-{{- end }}
-
-{{/*
-Create chart name and version as used by the chart label.
-*/}}
-{{- define "renderer.chart" -}}
-{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
-{{- end }}
-
-{{/*
-Common labels
-*/}}
-{{- define "renderer.labels" -}}
-helm.sh/chart: {{ include "renderer.chart" . }}
-{{ include "renderer.selectorLabels" . }}
-{{- if .Chart.AppVersion }}
-app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
-{{- end }}
-app.kubernetes.io/managed-by: {{ .Release.Service }}
-monitoring: enabled
-{{- end }}
-
-{{/*
-Selector labels
-*/}}
-{{- define "renderer.selectorLabels" -}}
-app.kubernetes.io/name: {{ include "renderer.name" . }}
-app.kubernetes.io/instance: {{ .Release.Name }}
-{{- end }}
-
-{{/*
-Create the name of the service account to use
-*/}}
-{{- define "renderer.serviceAccountName" -}}
-{{- if .Values.serviceAccount.create }}
-{{- default (include "renderer.fullname" .) .Values.serviceAccount.name }}
-{{- else }}
-{{- default "default" .Values.serviceAccount.name }}
-{{- end }}
-{{- end }}
--- a/.github/helm/affine/charts/renderer/templates/deployment.yaml
+++ b/.github/helm/affine/charts/renderer/templates/deployment.yaml
@@ -1,109 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: {{ include "renderer.fullname" . }}
-  labels:
-    {{- include "renderer.labels" . | nindent 4 }}
-spec:
-  replicas: {{ .Values.replicaCount }}
-  selector:
-    matchLabels:
-      {{- include "renderer.selectorLabels" . | nindent 6 }}
-  template:
-    metadata:
-      {{- with .Values.podAnnotations }}
-      annotations:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      labels:
-        {{- include "renderer.selectorLabels" . | nindent 8 }}
-    spec:
-      {{- with .Values.imagePullSecrets }}
-      imagePullSecrets:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      serviceAccountName: {{ include "renderer.serviceAccountName" . }}
-      containers:
-        - name: {{ .Chart.Name }}
-          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
-          imagePullPolicy: {{ .Values.image.pullPolicy }}
-          env:
-          - name: AFFINE_PRIVATE_KEY
-            valueFrom:
-              secretKeyRef:
-                name: "{{ .Values.global.secret.secretName }}"
-                key: key
-          - name: NODE_ENV
-            value: "{{ .Values.env }}"
-          - name: NODE_OPTIONS
-            value: "--max-old-space-size=2048"
-          - name: NO_COLOR
-            value: "1"
-          - name: DEPLOYMENT_TYPE
-            value: "{{ .Values.global.deployment.type }}"
-          - name: DEPLOYMENT_PLATFORM
-            value: "{{ .Values.global.deployment.platform }}"
-          - name: SERVER_FLAVOR
-            value: "renderer"
-          - name: AFFINE_ENV
-            value: "{{ .Release.Namespace }}"
-          - name: DATABASE_PASSWORD
-            valueFrom:
-              secretKeyRef:
-                name: pg-postgresql
-                key: postgres-password
-          - name: DATABASE_URL
-            value: postgres://{{ .Values.global.database.user }}:$(DATABASE_PASSWORD)@{{ .Values.global.database.host }}:{{ .Values.global.database.port }}/{{ .Values.global.database.name }}
-          - name: REDIS_SERVER_ENABLED
-            value: "true"
-          - name: REDIS_SERVER_HOST
-            value: "{{ .Values.global.redis.host }}"
-          - name: REDIS_SERVER_PORT
-            value: "{{ .Values.global.redis.port }}"
-          - name: REDIS_SERVER_USER
-            value: "{{ .Values.global.redis.username }}"
-          - name: REDIS_SERVER_PASSWORD
-            valueFrom:
-              secretKeyRef:
-                name: redis
-                key: redis-password
-          - name: REDIS_SERVER_DATABASE
-            value: "{{ .Values.global.redis.database }}"
-          - name: AFFINE_SERVER_PORT
-            value: "{{ .Values.service.port }}"
-          - name: AFFINE_SERVER_SUB_PATH
-            value: "{{ .Values.app.path }}"
-          - name: AFFINE_SERVER_HOST
-            value: "{{ .Values.app.host }}"
-          - name: AFFINE_SERVER_HTTPS
-            value: "{{ .Values.app.https }}"
-          - name: DOC_SERVICE_ENDPOINT
-            value: "http://{{ .Values.global.docService.name }}:{{ .Values.global.docService.port }}"
-          ports:
-            - name: http
-              containerPort: {{ .Values.service.port }}
-              protocol: TCP
-          livenessProbe:
-            httpGet:
-              path: /info
-              port: http
-            initialDelaySeconds: {{ .Values.probe.initialDelaySeconds }}
-          readinessProbe:
-            httpGet:
-              path: /info
-              port: http
-            initialDelaySeconds: {{ .Values.probe.initialDelaySeconds }}
-          resources:
-            {{- toYaml .Values.resources | nindent 12 }}
-      {{- with .Values.nodeSelector }}
-      nodeSelector:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.affinity }}
-      affinity:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.tolerations }}
-      tolerations:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
--- a/.github/helm/affine/charts/renderer/templates/service.yaml
+++ b/.github/helm/affine/charts/renderer/templates/service.yaml
@@ -1,19 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ include "graphql.fullname" . }}
-  labels:
-    {{- include "graphql.labels" . | nindent 4 }}
-  {{- with .Values.service.annotations }}
-  annotations:
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
-spec:
-  type: {{ .Values.service.type }}
-  ports:
-    - port: {{ .Values.service.port }}
-      targetPort: http
-      protocol: TCP
-      name: http
-  selector:
-    {{- include "graphql.selectorLabels" . | nindent 4 }}
--- a/.github/helm/affine/charts/renderer/templates/serviceaccount.yaml
+++ b/.github/helm/affine/charts/renderer/templates/serviceaccount.yaml
@@ -1,12 +0,0 @@
-{{- if .Values.serviceAccount.create -}}
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: {{ include "graphql.serviceAccountName" . }}
-  labels:
-    {{- include "graphql.labels" . | nindent 4 }}
-  {{- with .Values.serviceAccount.annotations }}
-  annotations:
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
-{{- end }}
--- a/.github/helm/affine/charts/renderer/templates/tests/test-connection.yaml
+++ b/.github/helm/affine/charts/renderer/templates/tests/test-connection.yaml
@@ -1,15 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: "{{ include "renderer.fullname" . }}-test-connection"
-  labels:
-    {{- include "renderer.labels" . | nindent 4 }}
-  annotations:
-    "helm.sh/hook": test
-spec:
-  containers:
-    - name: wget
-      image: busybox
-      command: ['wget']
-      args: ['{{ include "renderer.fullname" . }}:{{ .Values.service.port }}']
-  restartPolicy: Never
--- a/.github/helm/affine/charts/renderer/values.yaml
+++ b/.github/helm/affine/charts/renderer/values.yaml
@@ -1,38 +0,0 @@
-replicaCount: 1
-image:
-  repository: ghcr.io/toeverything/affine-graphql
-  pullPolicy: IfNotPresent
-  tag: ''
-
-imagePullSecrets: []
-nameOverride: ''
-fullnameOverride: ''
-# map to NODE_ENV environment variable
-env: 'production'
-app:
-  # AFFINE_SERVER_SUB_PATH
-  path: ''
-  # AFFINE_SERVER_HOST
-  host: '0.0.0.0'
-  https: true
-serviceAccount:
-  create: true
-  annotations: {}
-  name: 'affine-renderer'
-
-podAnnotations: {}
-
-podSecurityContext:
-  fsGroup: 2000
-
-resources:
-  requests:
-    cpu: '1'
-    memory: 2Gi
-
-probe:
-  initialDelaySeconds: 20
-
-nodeSelector: {}
-tolerations: []
-affinity: {}
--- a/.github/helm/affine/charts/sync/Chart.yaml
+++ b/.github/helm/affine/charts/sync/Chart.yaml
@@ -3,7 +3,7 @@ name: sync
 description: AFFiNE Sync Server
 type: application
 version: 0.0.0
-appVersion: "0.21.0"
+appVersion: "0.11.0"
 dependencies:
  - name: gcloud-sql-proxy
    version: 0.0.0
--- a/.github/helm/affine/charts/sync/templates/deployment.yaml
+++ b/.github/helm/affine/charts/sync/templates/deployment.yaml
@@ -32,21 +32,14 @@ spec:
          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
          imagePullPolicy: {{ .Values.image.pullPolicy }}
          env:
-          - name: AFFINE_PRIVATE_KEY
-            valueFrom:
-              secretKeyRef:
-                name: "{{ .Values.global.secret.secretName }}"
-                key: key
          - name: NODE_ENV
            value: "{{ .Values.env }}"
          - name: NO_COLOR
            value: "1"
-          - name: DEPLOYMENT_TYPE
-            value: "{{ .Values.global.deployment.type }}"
-          - name: DEPLOYMENT_PLATFORM
-            value: "{{ .Values.global.deployment.platform }}"
          - name: SERVER_FLAVOR
            value: "sync"
+          - name: NEXTAUTH_URL
+            value: "{{ .Values.global.ingress.host }}"
          - name: AFFINE_ENV
            value: "{{ .Release.Namespace }}"
          - name: DATABASE_PASSWORD
@@ -55,7 +48,9 @@ spec:
                name: pg-postgresql
                key: postgres-password
          - name: DATABASE_URL
-            value: postgres://{{ .Values.global.database.user }}:$(DATABASE_PASSWORD)@{{ .Values.global.database.host }}:{{ .Values.global.database.port }}/{{ .Values.global.database.name }}
+            value: postgres://{{ .Values.global.database.user }}:$(DATABASE_PASSWORD)@{{ .Values.global.database.url }}:{{ .Values.global.database.port }}/{{ .Values.global.database.name }}
+          - name: REDIS_SERVER_ENABLED
+            value: "true"
          - name: REDIS_SERVER_HOST
            value: "{{ .Values.global.redis.host }}"
          - name: REDIS_SERVER_PORT
@@ -73,8 +68,6 @@ spec:
            value: "{{ .Values.service.port }}"
          - name: AFFINE_SERVER_HOST
            value: "{{ .Values.app.host }}"
-          - name: DOC_SERVICE_ENDPOINT
-            value: "http://{{ .Values.global.docService.name }}:{{ .Values.global.docService.port }}"
          ports:
            - name: http
              containerPort: {{ .Values.service.port }}
--- a/.github/helm/affine/charts/sync/values.yaml
+++ b/.github/helm/affine/charts/sync/values.yaml
@@ -12,6 +12,7 @@ env: 'production'
 app:
  # AFFINE_SERVER_HOST
  host: '0.0.0.0'
+
 serviceAccount:
  create: true
  annotations: {}
@@ -24,11 +25,11 @@ podSecurityContext:

 resources:
  limits:
+    cpu: '4'
+    memory: 8Gi
+  requests:
    cpu: '2'
    memory: 4Gi
-  requests:
-    cpu: '1'
-    memory: 2Gi

 probe:
  initialDelaySeconds: 20
--- a/.github/helm/affine/charts/web/templates/deployment.yaml
+++ b/.github/helm/affine/charts/web/templates/deployment.yaml
@@ -27,9 +27,6 @@ spec:
        - name: {{ .Chart.Name }}
          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
          imagePullPolicy: {{ .Values.image.pullPolicy }}
-          env:
-          - name: AFFINE_ENV
-            value: "{{ .Release.Namespace }}"
          ports:
            - name: http
              containerPort: {{ .Values.service.port }}
--- a/.github/helm/affine/templates/configmap.yaml
+++ b/.github/helm/affine/templates/configmap.yaml
@@ -1,9 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: {{ .Release.Name }}-runtime-config
-data:
-  web-assets-manifest: |-
-    {{ .Files.Get "web-assets-manifest.json" | nindent 4 }}
-  mobile-assets-manifest: |-
-    {{ .Files.Get "mobile-assets-manifest.json" | nindent 4 }}
--- a/.github/helm/affine/templates/ingress.yaml
+++ b/.github/helm/affine/templates/ingress.yaml
@@ -60,13 +60,6 @@ spec:
                name: affine-graphql
                port:
                  number: {{ .Values.graphql.service.port }}
-          - path: /workspace
-            pathType: Prefix
-            backend:
-              service:
-                name: affine-renderer
-                port:
-                  number: {{ .Values.renderer.service.port }}
          - path: /
            pathType: Prefix
            backend:
--- a/.github/helm/affine/values.yaml
+++ b/.github/helm/affine/values.yaml
@@ -1,60 +1,44 @@
 global:
-  app:
-    buildType: 'stable'
  ingress:
    enabled: false
    className: ''
    host: affine.pro
    tls: []
-  secret:
-    secretName: 'server-private-key'
-    privateKey: ''
  database:
    user: 'postgres'
-    host: 'pg-postgresql'
+    url: 'pg-postgresql'
    port: '5432'
    name: 'affine'
    password: ''
+    gcloud:
+      enabled: false
+      # use for migration
+      cloudSqlInternal: ''
+      connectionName: ''
+      serviceAccount: ''
+      cloudProxyReplicas: 3
+      proxyPort: '5432'
  redis:
+    enabled: true
    host: 'redis-master'
    port: '6379'
    username: ''
    password: ''
    database: 0
-  docService:
-    name: 'affine-doc'
-    port: 3020
-  deployment:
-    # change to 'selfhosted' and 'unknown' if this chart is ready to be used for selfhosted deployment
-    type: 'affine'
-    platform: 'gcp'
+  gke:
+    enabled: true

 graphql:
  service:
    type: ClusterIP
    port: 3000
-    annotations:
-      cloud.google.com/backend-config: '{"default": "affine-api-backendconfig"}'

 sync:
  service:
    type: ClusterIP
    port: 3010
    annotations:
-      cloud.google.com/backend-config: '{"default": "affine-api-backendconfig"}'
-
-renderer:
-  service:
-    type: ClusterIP
-    port: 3000
-    annotations:
-      cloud.google.com/backend-config: '{"default": "affine-api-backendconfig"}'
-
-doc:
-  service:
-    type: ClusterIP
-    annotations:
-      cloud.google.com/backend-config: '{"default": "affine-api-backendconfig"}'
+      cloud.google.com/backend-config: '{"default": "affine-backendconfig"}'

 web:
  service:
--- a/.github/helm/deployment_guide.md
+++ b/.github/helm/deployment_guide.md
@@ -0,0 +1,60 @@
+# Cluster Deployment Guide
+
+This document provides a step-by-step guide for developers on how to deploy services in a Kubernetes cluster. The following content assumes that the reader already has a basic understanding of Kubernetes concepts and operations.
+
+### 1. Configure Service Mesh (Optional)
+
+In the Kubernetes cluster, we optionally use Service Mesh (like Istio and Anthos Service Mesh) to manage the network interactions of microservices. If Service Mesh is already deployed on your cluster or do not need to use the service network, you can skip this step. In this step, we assume that you are using Google Kubernetes Engine (GKE) and have already installed Anthos Service Mesh on your cluster, if you wish to use another Ingress Controller, please refer to the relevant documentation.
+
+To configure your kubectl context to interact with your Kubernetes cluster using the gcloud tool, you need to execute the following commands:
+
+```sh
+export CLUSTER_NAME=your_cluster_name
+export REGION=your_cluster_region
+export PROJECT=your_project_id
+gcloud container clusters get-credentials $CLUSTER_NAME --region $REGION --project $PROJECT
+```
+
+In this command, you should replace `CLUSTER_NAME`, `REGION` and `PROJECT` with the actual name, region and project id of your Kubernetes cluster. This command retrieves the access credentials for your Kubernetes cluster and automatically configures kubectl to use these credentials.
+
+Now, to inject Service Mesh for a specific Namespace, first, set the environment variable `NAMESPACE` that should correspond to your target Kubernetes Namespace. In this example, we use `prod` as the target Namespace:
+
+```sh
+export NAMESPACE=prod
+```
+
+Then, we label the Namespace which will enable Istio to automatically inject the sidecar container for all new Pods under this Namespace:
+
+```sh
+kubectl label namespace $NAMESPACE istio-injection- istio.io/rev=asm-managed --overwrite
+```
+
+Finally, we trigger the Kubernetes Deployment restart mechanism to allow existing Pods to also obtain sidecar container injection:
+
+```sh
+kubectl rollout restart deployment -n $NAMESPACE
+```
+
+### 2. Deploying the Application
+
+Next, we will deploy our application in the Kubernetes cluster through Helm. First, set relevant environment variables:
+
+```sh
+export NAMESPACE=prod
+export RELEASE=affine-cloud-prod
+export PATH=.github/helm/affine-cloud
+```
+
+- `NAMESPACE` should be consistent with the first step, indicating your target Kubernetes Namespace.
+- `RELEASE` is the name of your Helm release.
+- `PATH` is the location of your Helm chart in your file system.
+
+Finally, use the `helm upgrade --install` command to deploy or upgrade your application:
+
+```sh
+helm upgrade --namespace $NAMESPACE --create-namespace --install $RELEASE $PATH
+```
+
+This command creates (if it doesn't already exist) and deploys your Helm chart in the specified Namespace. If the release already exists, it will be upgraded.
+
+The above are the complete steps for deploying an application in a Kubernetes cluster. Make sure all prerequisites are met before deploying, and also ensure that you have the correct permissions for operations in Kubernetes.
--- a/.github/helm/separate-config/Dockerfile_pgvector
+++ b/.github/helm/separate-config/Dockerfile_pgvector
@@ -1,6 +0,0 @@
-FROM pgvector/pgvector:pg15 AS builder
-
-FROM bitnami/postgresql:15
-
-COPY --from=builder /usr/lib/postgresql/15/lib/vector.so /opt/bitnami/postgresql/lib/
-COPY --from=builder /usr/share/postgresql/15/extension/vector* /opt/bitnami/postgresql/share/extension/
--- a/.github/helm/separate-config/backend-config.yaml
+++ b/.github/helm/separate-config/backend-config.yaml
@@ -1,10 +0,0 @@
-apiVersion: cloud.google.com/v1
-kind: BackendConfig
-metadata:
-  name: "affine-api-backendconfig"
-spec:
-  healthCheck:
-    timeoutSec: 1
-    type: HTTP
-    requestPath: /info
-
--- a/.github/labeler.yml
+++ b/.github/labeler.yml
@@ -19,16 +19,36 @@ mod:dev:
          - 'tools/cli/**/*'
          - 'packages/common/debug/**/*'

+mod:plugin:
+  - changed-files:
+      - any-glob-to-any-file:
+          - 'packages/plugins/**/*'
+
+plugin:copilot:
+  - changed-files:
+      - any-glob-to-any-file:
+          - 'packages/plugins/copilot/**/*'
+
 mod:infra:
  - changed-files:
      - any-glob-to-any-file:
          - 'packages/common/infra/**/*'

+mod:sdk:
+  - changed-files:
+      - any-glob-to-any-file:
+          - 'packages/common/sdk/**/*'
+
 mod:plugin-cli:
  - changed-files:
      - any-glob-to-any-file:
          - 'tools/plugin-cli/**/*'

+mod:workspace:
+  - changed-files:
+      - any-glob-to-any-file:
+          - 'packages/frontend/workspace/**/*'
+
 mod:i18n:
  - changed-files:
      - any-glob-to-any-file:
@@ -39,15 +59,20 @@ mod:env:
      - any-glob-to-any-file:
          - 'packages/common/env/**/*'

+mod:hooks:
+  - changed-files:
+      - any-glob-to-any-file:
+          - 'packages/frontend/hooks/**/*'
+
 mod:component:
  - changed-files:
      - any-glob-to-any-file:
          - 'packages/frontend/component/**/*'

-mod:server-native:
+mod:storage:
  - changed-files:
      - any-glob-to-any-file:
-          - 'packages/backend/native/**/*'
+          - 'packages/backend/storage/**/*'

 mod:native:
  - changed-files:
@@ -69,6 +94,11 @@ rust:
          - '**/rust-toolchain.toml'
          - '**/rustfmt.toml'

+package:y-indexeddb:
+  - changed-files:
+      - any-glob-to-any-file:
+          - 'packages/common/y-indexeddb/**/*'
+
 app:core:
  - changed-files:
      - any-glob-to-any-file:
@@ -77,7 +107,7 @@ app:core:
 app:electron:
  - changed-files:
      - any-glob-to-any-file:
-          - 'packages/frontend/apps/electron/**/*'
+          - 'packages/frontend/electron/**/*'

 app:server:
  - changed-files:
--- a/.github/renovate.json
+++ b/.github/renovate.json
@@ -1,73 +1,53 @@
 {
  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
-  "extends": ["config:recommended", ":disablePeerDependencies"],
-  "labels": ["dependencies"],
-  "ignorePaths": [
-    "**/node_modules/**",
-    "**/bower_components/**",
-    "**/vendor/**",
-    "**/examples/**",
-    "**/__tests__/**"
+  "extends": [
+    "config:base",
+    "group:allNonMajor",
+    ":preserveSemverRanges",
+    ":disablePeerDependencies"
  ],
+  "labels": ["dependencies"],
  "packageRules": [
    {
-      "rangeStrategy": "replace",
-      "groupName": "linter",
-      "matchPackageNames": ["/^eslint/", "/^@typescript-eslint/"]
+      "matchPackageNames": ["napi", "napi-build", "napi-derive"],
+      "groupName": "napi-rs"
    },
    {
-      "matchDepNames": ["oxlint"],
-      "rangeStrategy": "replace",
-      "groupName": "oxlint"
+      "matchPackagePatterns": ["^eslint", "^@typescript-eslint"],
+      "groupName": "linter"
    },
    {
-      "groupName": "blocksuite",
-      "rangeStrategy": "replace",
-      "changelogUrl": "https://github.com/toeverything/blocksuite/blob/master/packages/blocks/CHANGELOG.md",
-      "matchPackageNames": ["/^@blocksuite/", "!@blocksuite/icons"]
+      "matchPackagePatterns": ["^@nestjs"],
+      "groupName": "nestjs"
    },
    {
-      "groupName": "all non-major dependencies",
-      "groupSlug": "all-minor-patch",
-      "matchUpdateTypes": ["minor", "patch"],
-      "matchPackageNames": ["*", "!/^@blocksuite//", "!/oxlint/"]
+      "matchPackagePatterns": ["^@opentelemetry"],
+      "groupName": "opentelemetry"
    },
    {
-      "groupName": "rust toolchain",
-      "matchManagers": ["custom.regex"],
-      "matchDepNames": ["rustc"]
-    },
-    {
-      "groupName": "nestjs",
-      "matchPackageNames": ["/^@nestjs/"]
-    },
-    {
-      "groupName": "opentelemetry",
      "matchPackageNames": [
-        "/^@opentelemetry/",
-        "/^@google-cloud\/opentelemetry-/"
-      ]
+        "@prisma/client",
+        "@prisma/instrumentation",
+        "prisma"
+      ],
+      "groupName": "prisma"
+    },
+    {
+      "matchPackagePatterns": ["^@electron-forge"],
+      "groupName": "electron-forge"
+    },
+    {
+      "matchPackagePatterns": ["^@blocksuite"],
+      "excludePackageNames": ["@blocksuite/icons"],
+      "followTag": "nightly"
    }
  ],
  "commitMessagePrefix": "chore: ",
  "commitMessageAction": "bump up",
  "commitMessageTopic": "{{depName}} version",
  "ignoreDeps": [],
-  "postUpdateOptions": ["yarnDedupeHighest"],
  "lockFileMaintenance": {
    "enabled": true,
    "extends": ["schedule:weekly"]
-  },
-  "customManagers": [
-    {
-      "customType": "regex",
-      "fileMatch": ["^rust-toolchain\\.toml?$"],
-      "matchStrings": [
-        "channel\\s*=\\s*\"(?<currentValue>\\d+\\.\\d+(\\.\\d+)?)\""
-      ],
-      "depNameTemplate": "rustc",
-      "packageNameTemplate": "rust-lang/rust",
-      "datasourceTemplate": "github-releases"
-    }
-  ]
+  }
 }
--- a/.github/workflows/build-images.yml
+++ b/.github/workflows/build-images.yml
@@ -1,290 +0,0 @@
-name: Build Images
-
-on:
-  workflow_call:
-    inputs:
-      flavor:
-        type: string
-        required: true
-
-permissions:
-  contents: 'write'
-  id-token: 'write'
-  packages: 'write'
-
-jobs:
-  build-server:
-    name: Build Server
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-      - name: Setup Version
-        id: version
-        uses: ./.github/actions/setup-version
-      - name: Setup Node.js
-        uses: ./.github/actions/setup-node
-        with:
-          electron-install: false
-          extra-flags: workspaces focus @affine/server @types/affine__env
-      - name: Build Server
-        run: |
-          find packages/backend/server/src -type d -name "__tests__" -exec rm -rf {} +
-          rm -rf packages/backend/server/src/seed
-          yarn workspace @affine/server build
-      - name: Upload server dist
-        uses: actions/upload-artifact@v4
-        with:
-          name: server-dist
-          path: ./packages/backend/server/dist
-          if-no-files-found: error
-
-  build-web:
-    name: Build @affine/web
-    runs-on: ubuntu-latest
-    environment: ${{ github.event.inputs.flavor }}
-    steps:
-      - uses: actions/checkout@v4
-      - name: Setup Version
-        id: version
-        uses: ./.github/actions/setup-version
-      - name: Setup Node.js
-        uses: ./.github/actions/setup-node
-      - name: Build Core
-        run: yarn affine @affine/web build
-        env:
-          R2_ACCOUNT_ID: ${{ secrets.R2_ACCOUNT_ID }}
-          R2_ACCESS_KEY_ID: ${{ secrets.R2_ACCESS_KEY_ID }}
-          R2_SECRET_ACCESS_KEY: ${{ secrets.R2_SECRET_ACCESS_KEY }}
-          BUILD_TYPE: ${{ github.event.inputs.flavor }}
-          CAPTCHA_SITE_KEY: ${{ secrets.CAPTCHA_SITE_KEY }}
-          SENTRY_ORG: ${{ secrets.SENTRY_ORG }}
-          SENTRY_PROJECT: 'affine-web'
-          SENTRY_RELEASE: ${{ steps.version.outputs.APP_VERSION }}
-          SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
-          SENTRY_DSN: ${{ secrets.SENTRY_DSN }}
-          PERFSEE_TOKEN: ${{ secrets.PERFSEE_TOKEN }}
-          MIXPANEL_TOKEN: ${{ secrets.MIXPANEL_TOKEN }}
-      - name: Upload web artifact
-        uses: actions/upload-artifact@v4
-        with:
-          name: web
-          path: ./packages/frontend/apps/web/dist
-          if-no-files-found: error
-
-  build-admin:
-    name: Build @affine/admin
-    runs-on: ubuntu-latest
-    environment: ${{ github.event.inputs.flavor }}
-    steps:
-      - uses: actions/checkout@v4
-      - name: Setup Version
-        id: version
-        uses: ./.github/actions/setup-version
-      - name: Setup Node.js
-        uses: ./.github/actions/setup-node
-      - name: Build Admin
-        run: yarn affine @affine/admin build
-        env:
-          R2_ACCOUNT_ID: ${{ secrets.R2_ACCOUNT_ID }}
-          R2_ACCESS_KEY_ID: ${{ secrets.R2_ACCESS_KEY_ID }}
-          R2_SECRET_ACCESS_KEY: ${{ secrets.R2_SECRET_ACCESS_KEY }}
-          BUILD_TYPE: ${{ github.event.inputs.flavor }}
-          CAPTCHA_SITE_KEY: ${{ secrets.CAPTCHA_SITE_KEY }}
-          SENTRY_ORG: ${{ secrets.SENTRY_ORG }}
-          SENTRY_PROJECT: 'affine-admin'
-          SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
-          SENTRY_DSN: ${{ secrets.SENTRY_DSN }}
-          PERFSEE_TOKEN: ${{ secrets.PERFSEE_TOKEN }}
-          MIXPANEL_TOKEN: ${{ secrets.MIXPANEL_TOKEN }}
-      - name: Upload admin artifact
-        uses: actions/upload-artifact@v4
-        with:
-          name: admin
-          path: ./packages/frontend/admin/dist
-          if-no-files-found: error
-
-  build-mobile:
-    name: Build @affine/mobile
-    runs-on: ubuntu-latest
-    environment: ${{ github.event.inputs.flavor }}
-    steps:
-      - uses: actions/checkout@v4
-      - name: Setup Version
-        id: version
-        uses: ./.github/actions/setup-version
-      - name: Setup Node.js
-        uses: ./.github/actions/setup-node
-      - name: Build Mobile
-        run: yarn affine @affine/mobile build
-        env:
-          R2_ACCOUNT_ID: ${{ secrets.R2_ACCOUNT_ID }}
-          R2_ACCESS_KEY_ID: ${{ secrets.R2_ACCESS_KEY_ID }}
-          R2_SECRET_ACCESS_KEY: ${{ secrets.R2_SECRET_ACCESS_KEY }}
-          BUILD_TYPE: ${{ github.event.inputs.flavor }}
-          CAPTCHA_SITE_KEY: ${{ secrets.CAPTCHA_SITE_KEY }}
-          SENTRY_ORG: ${{ secrets.SENTRY_ORG }}
-          SENTRY_PROJECT: 'affine-mobile'
-          SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
-          SENTRY_DSN: ${{ secrets.SENTRY_DSN }}
-          PERFSEE_TOKEN: ${{ secrets.PERFSEE_TOKEN }}
-          MIXPANEL_TOKEN: ${{ secrets.MIXPANEL_TOKEN }}
-      - name: Upload mobile artifact
-        uses: actions/upload-artifact@v4
-        with:
-          name: mobile
-          path: ./packages/frontend/apps/mobile/dist
-          if-no-files-found: error
-
-  build-server-native:
-    name: Build Server native - ${{ matrix.targets.name }}
-    runs-on: ubuntu-latest
-    strategy:
-      fail-fast: false
-      matrix:
-        targets:
-          - name: x86_64-unknown-linux-gnu
-            file: server-native.node
-          - name: aarch64-unknown-linux-gnu
-            file: server-native.arm64.node
-          - name: armv7-unknown-linux-gnueabihf
-            file: server-native.armv7.node
-
-    steps:
-      - uses: actions/checkout@v4
-      - name: Setup Version
-        id: version
-        uses: ./.github/actions/setup-version
-      - name: Setup Node.js
-        uses: ./.github/actions/setup-node
-        with:
-          electron-install: false
-          extra-flags: workspaces focus @affine/server-native
-      - name: Build Rust
-        uses: ./.github/actions/build-rust
-        with:
-          target: ${{ matrix.targets.name }}
-          package: '@affine/server-native'
-      - name: Upload ${{ matrix.targets.file }}
-        uses: actions/upload-artifact@v4
-        with:
-          name: ${{ matrix.targets.file }}
-          path: ./packages/backend/native/server-native.node
-          if-no-files-found: error
-
-  build-images:
-    name: Build Images
-    runs-on: ubuntu-latest
-    needs:
-      - build-server
-      - build-web
-      - build-mobile
-      - build-admin
-      - build-server-native
-    steps:
-      - uses: actions/checkout@v4
-      - name: Download server dist
-        uses: actions/download-artifact@v4
-        with:
-          name: server-dist
-          path: ./packages/backend/server/dist
-      - name: Download server-native.node
-        uses: actions/download-artifact@v4
-        with:
-          name: server-native.node
-          path: ./packages/backend/server
-      - name: Download server-native.node arm64
-        uses: actions/download-artifact@v4
-        with:
-          name: server-native.arm64.node
-          path: ./packages/backend/native
-      - name: Download server-native.node arm64
-        uses: actions/download-artifact@v4
-        with:
-          name: server-native.armv7.node
-          path: .
-      - name: move server-native files
-        run: |
-          mv ./packages/backend/native/server-native.node ./packages/backend/server/server-native.arm64.node
-          mv server-native.node ./packages/backend/server/server-native.armv7.node
-      - name: Setup env
-        run: |
-          echo "GIT_SHORT_HASH=$(git rev-parse --short HEAD)" >> "$GITHUB_ENV"
-          if [ -z "${{ inputs.flavor }}" ]
-          then
-            echo "RELEASE_FLAVOR=canary" >> "$GITHUB_ENV"
-          else
-            echo "RELEASE_FLAVOR=${{ inputs.flavor }}" >> "$GITHUB_ENV"
-          fi
-
-      - name: Login to GitHub Container Registry
-        uses: docker/login-action@v3
-        with:
-          registry: ghcr.io
-          logout: false
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v3
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
-      # setup node without cache configuration
-      # Prisma cache is not compatible with docker build cache
-      - name: Setup Node.js
-        uses: actions/setup-node@v4
-        with:
-          node-version-file: '.nvmrc'
-          registry-url: https://npm.pkg.github.com
-          scope: '@toeverything'
-
-      - name: Download web artifact
-        uses: actions/download-artifact@v4
-        with:
-          name: web
-          path: ./packages/frontend/apps/web/dist
-
-      - name: Download mobile artifact
-        uses: actions/download-artifact@v4
-        with:
-          name: mobile
-          path: ./packages/frontend/apps/mobile/dist
-
-      - name: Download admin artifact
-        uses: actions/download-artifact@v4
-        with:
-          name: admin
-          path: ./packages/frontend/admin/dist
-
-      - name: Install Node.js dependencies
-        run: |
-          yarn config set --json supportedArchitectures.cpu '["x64", "arm64", "arm"]'
-          yarn config set --json supportedArchitectures.libc '["glibc"]'
-          yarn workspaces focus @affine/server --production
-
-      - name: Generate Prisma client
-        run: yarn workspace @affine/server prisma generate
-
-      - name: Setup Version
-        id: version
-        uses: ./.github/actions/setup-version
-
-      - name: Build front Dockerfile
-        uses: docker/build-push-action@v6
-        with:
-          context: .
-          push: true
-          pull: true
-          platforms: linux/amd64,linux/arm64
-          provenance: true
-          file: .github/deployment/front/Dockerfile
-          tags: ghcr.io/toeverything/affine-front:${{env.RELEASE_FLAVOR}}-${{ env.GIT_SHORT_HASH }},ghcr.io/toeverything/affine-front:${{env.RELEASE_FLAVOR}}
-
-      - name: Build graphql Dockerfile
-        uses: docker/build-push-action@v6
-        with:
-          context: .
-          push: true
-          pull: true
-          platforms: linux/amd64,linux/arm64,linux/arm/v7
-          provenance: true
-          file: .github/deployment/node/Dockerfile
-          tags: ghcr.io/toeverything/affine-graphql:${{env.RELEASE_FLAVOR}}-${{ env.GIT_SHORT_HASH }},ghcr.io/toeverything/affine-graphql:${{env.RELEASE_FLAVOR}}
--- a/.github/workflows/build-selfhost-image.yml
+++ b/.github/workflows/build-selfhost-image.yml
@@ -1,25 +0,0 @@
-name: Build Selfhost Image
-
-on:
-  workflow_dispatch:
-    inputs:
-      flavor:
-        description: 'Select distribution to build'
-        type: choice
-        default: canary
-        options:
-          - canary
-          - beta
-          - stable
-
-permissions:
-  contents: 'write'
-  id-token: 'write'
-  packages: 'write'
-
-jobs:
-  build-image:
-    name: Build Image
-    uses: ./.github/workflows/build-images.yml
-    with:
-      flavor: ${{ github.event.inputs.flavor }}
--- a/.github/workflows/build-test.yml
+++ b/.github/workflows/build-test.yml
--- a/.github/workflows/copilot-test-automatically.yml
+++ b/.github/workflows/copilot-test-automatically.yml
@@ -1,29 +0,0 @@
-name: Copilot Test Automatically
-
-on:
-  push:
-    tags:
-      - 'v[0-9]+.[0-9]+.[0-9]+-canary.[0-9]+'
-  schedule:
-    - cron: '0 8 * * *'
-  workflow_dispatch:
-
-permissions:
-  actions: write
-
-jobs:
-  dispatch-test:
-    runs-on: ubuntu-latest
-    name: Setup Test
-    steps:
-      - name: dispatch test by tag
-        if: ${{ github.event_name == 'push' || github.event_name == 'workflow_dispatch' }}
-        uses: benc-uk/workflow-dispatch@v1
-        with:
-          workflow: copilot-test.yml
-      - name: dispatch test by schedule
-        if: ${{ github.event_name == 'schedule' }}
-        uses: benc-uk/workflow-dispatch@v1
-        with:
-          workflow: copilot-test.yml
-          ref: canary
--- a/.github/workflows/copilot-test.yml
+++ b/.github/workflows/copilot-test.yml
@@ -1,204 +0,0 @@
-name: Copilot Cron Test
-
-on:
-  workflow_dispatch:
-
-jobs:
-  build-server-native:
-    name: Build Server native
-    runs-on: ubuntu-latest
-    env:
-      CARGO_PROFILE_RELEASE_DEBUG: '1'
-    steps:
-      - uses: actions/checkout@v4
-      - name: Setup Node.js
-        uses: ./.github/actions/setup-node
-        with:
-          extra-flags: workspaces focus @affine/server-native
-          electron-install: false
-      - name: Build Rust
-        uses: ./.github/actions/build-rust
-        with:
-          target: 'x86_64-unknown-linux-gnu'
-          package: '@affine/server-native'
-      - name: Upload server-native.node
-        uses: actions/upload-artifact@v4
-        with:
-          name: server-native.node
-          path: ./packages/backend/native/server-native.node
-          if-no-files-found: error
-
-  copilot-api-test:
-    name: Server Copilot Api Test
-    runs-on: ubuntu-latest
-    needs:
-      - build-server-native
-    env:
-      NODE_ENV: test
-      DISTRIBUTION: web
-      DATABASE_URL: postgresql://affine:affine@localhost:5432/affine
-      REDIS_SERVER_HOST: localhost
-    services:
-      postgres:
-        image: pgvector/pgvector:pg16
-        env:
-          POSTGRES_PASSWORD: affine
-        options: >-
-          --health-cmd pg_isready
-          --health-interval 10s
-          --health-timeout 5s
-          --health-retries 5
-        ports:
-          - 5432:5432
-      redis:
-        image: redis
-        ports:
-          - 6379:6379
-      mailer:
-        image: mailhog/mailhog
-        ports:
-          - 1025:1025
-          - 8025:8025
-    steps:
-      - uses: actions/checkout@v4
-
-      - name: Setup Node.js
-        uses: ./.github/actions/setup-node
-        with:
-          playwright-install: true
-          electron-install: false
-          full-cache: true
-
-      - name: Download server-native.node
-        uses: actions/download-artifact@v4
-        with:
-          name: server-native.node
-          path: ./packages/backend/server
-
-      - name: Prepare Server Test Environment
-        env:
-          COPILOT_OPENAI_API_KEY: ${{ secrets.COPILOT_OPENAI_API_KEY }}
-          COPILOT_FAL_API_KEY: ${{ secrets.COPILOT_FAL_API_KEY }}
-          COPILOT_GOOGLE_API_KEY: ${{ secrets.COPILOT_GOOGLE_API_KEY }}
-          COPILOT_PERPLEXITY_API_KEY: ${{ secrets.COPILOT_PERPLEXITY_API_KEY }}
-        uses: ./.github/actions/server-test-env
-
-      - name: Run server tests
-        run: yarn affine @affine/server test:copilot:coverage --forbid-only
-        env:
-          CARGO_TARGET_DIR: '${{ github.workspace }}/target'
-
-      - name: Upload server test coverage results
-        uses: codecov/codecov-action@v5
-        with:
-          token: ${{ secrets.CODECOV_TOKEN }}
-          files: ./packages/backend/server/.coverage/lcov.info
-          flags: server-test
-          name: affine
-          fail_ci_if_error: false
-
-  copilot-e2e-test:
-    name: Frontend Copilot E2E Test
-    runs-on: ubuntu-latest
-    env:
-      DISTRIBUTION: web
-      DATABASE_URL: postgresql://affine:affine@localhost:5432/affine
-      REDIS_SERVER_HOST: localhost
-      IN_CI_TEST: true
-    strategy:
-      fail-fast: false
-      matrix:
-        shardIndex: [1, 2, 3, 4, 5, 6, 7, 8]
-        shardTotal: [8]
-    needs:
-      - build-server-native
-    services:
-      postgres:
-        image: pgvector/pgvector:pg16
-        env:
-          POSTGRES_PASSWORD: affine
-        options: >-
-          --health-cmd pg_isready
-          --health-interval 10s
-          --health-timeout 5s
-          --health-retries 5
-        ports:
-          - 5432:5432
-      redis:
-        image: redis
-        ports:
-          - 6379:6379
-    steps:
-      - uses: actions/checkout@v4
-
-      - name: Setup Node.js
-        uses: ./.github/actions/setup-node
-        with:
-          playwright-install: true
-          electron-install: false
-          hard-link-nm: false
-
-      - name: Download server-native.node
-        uses: actions/download-artifact@v4
-        with:
-          name: server-native.node
-          path: ./packages/backend/server
-
-      - name: Prepare Server Test Environment
-        env:
-          COPILOT_OPENAI_API_KEY: ${{ secrets.COPILOT_OPENAI_API_KEY }}
-          COPILOT_FAL_API_KEY: ${{ secrets.COPILOT_FAL_API_KEY }}
-          COPILOT_GOOGLE_API_KEY: ${{ secrets.COPILOT_GOOGLE_API_KEY }}
-          COPILOT_PERPLEXITY_API_KEY: ${{ secrets.COPILOT_PERPLEXITY_API_KEY }}
-        uses: ./.github/actions/server-test-env
-
-      - name: Run Copilot E2E Test ${{ matrix.shardIndex }}/${{ matrix.shardTotal }}
-        uses: ./.github/actions/copilot-test
-        with:
-          script: yarn affine @affine-test/affine-cloud-copilot e2e --forbid-only --shard=${{ matrix.shardIndex }}/${{ matrix.shardTotal }}
-
-  test-done:
-    needs:
-      - copilot-api-test
-      - copilot-e2e-test
-    if: always()
-    runs-on: ubuntu-latest
-    name: Post test result message
-    steps:
-      - uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-      - name: Setup Node.js
-        uses: ./.github/actions/setup-node
-        with:
-          extra-flags: 'workspaces focus @affine/copilot-result'
-          electron-install: false
-      - name: Post Success event to a Slack channel
-        if: ${{ always() && !contains(needs.*.result, 'failure') && !contains(needs.*.result, 'cancelled') }}
-        run: node ./tools/copilot-result/index.js
-        env:
-          CHANNEL_ID: ${{ secrets.RELEASE_SLACK_CHNNEL_ID }}
-          SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}
-          BRANCH_SHA: ${{ github.sha }}
-          BRANCH_NAME: ${{ github.ref }}
-          COPILOT_RESULT: success
-      - name: Post Failed event to a Slack channel
-        id: failed-slack
-        if: ${{ always() && contains(needs.*.result, 'failure') }}
-        run: node ./tools/copilot-result/index.js
-        env:
-          CHANNEL_ID: ${{ secrets.RELEASE_SLACK_CHNNEL_ID }}
-          SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}
-          BRANCH_SHA: ${{ github.sha }}
-          BRANCH_NAME: ${{ github.ref }}
-          COPILOT_RESULT: failed
-      - name: Post Cancel event to a Slack channel
-        id: cancel-slack
-        if: ${{ always() && contains(needs.*.result, 'cancelled') && !contains(needs.*.result, 'failure') }}
-        run: node ./tools/copilot-result/index.js
-        env:
-          CHANNEL_ID: ${{ secrets.RELEASE_SLACK_CHNNEL_ID }}
-          SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}
-          BRANCH_SHA: ${{ github.sha }}
-          BRANCH_NAME: ${{ github.ref }}
-          COPILOT_RESULT: canceled
--- a/.github/workflows/deploy-automatically.yml
+++ b/.github/workflows/deploy-automatically.yml
@@ -7,11 +7,6 @@ on:
  schedule:
    - cron: '0 9 * * *'

-permissions:
-  contents: write
-  pull-requests: write
-  actions: write
-
 jobs:
  dispatch-deploy:
    runs-on: ubuntu-latest
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
DarkSky	9e94e7195b	fix: use absolute path in gql client (#5454 ) (#5462 )	2023-12-29 16:02:29 +08:00
Peng Xiao	de951c8779	fix(core): enable page history for beta/stable (#5415 )	2023-12-27 14:39:59 +08:00
EYHN	fd37026ca5	fix(component): fix font display on safari (#5393 ) before ![CleanShot 2023-12-25 at 13.09.26.png](https://graphite-user-uploaded-assets-prod.s3.amazonaws.com/g3jz87HxbjOJpXV3FPT7/4fe08951-67bb-4050-ba14-94391db1cac1.png) after ![CleanShot 2023-12-25 at 13.09.13.png](https://graphite-user-uploaded-assets-prod.s3.amazonaws.com/g3jz87HxbjOJpXV3FPT7/fbfb17ec-b871-4746-9d3c-d24f850ecca1.png)	2023-12-27 14:39:50 +08:00
JimmFly	4fd5812a89	fix(core): avatars are not aligned (#5404 )	2023-12-26 20:43:08 +08:00
Peng Xiao	d01e987ecc	fix(core): trash page footer display issue (#5402 ) Before ![image.png](https://graphite-user-uploaded-assets-prod.s3.amazonaws.com/T2klNLEk0wxLh4NRDzhk/eb5e5b18-c4a2-469b-8763-be34c39ba736.png) After ![image.png](https://graphite-user-uploaded-assets-prod.s3.amazonaws.com/T2klNLEk0wxLh4NRDzhk/7b3ef339-0cb5-44fe-9e75-cec0e97d28b7.png)	2023-12-26 20:42:54 +08:00
Joooye_34	d87c218c0b	fix(electron): set stable base url to app.affine.pro (#5401 ) close TOV-282	2023-12-26 20:42:41 +08:00
Peng Xiao	a5bf5cc244	fix(core): about setting blink issue (#5399 )	2023-12-26 20:42:33 +08:00
Peng Xiao	16bcd6e76b	fix(core): workpace list blink issue on open (#5400 )	2023-12-26 20:42:19 +08:00
JimmFly	2e2ace8472	chore(core): add background color to questionnaire (#5396 )	2023-12-26 20:42:06 +08:00
Cats Juice	37cff8fe8d	fix(core): correct title of onboarding article-2 (#5387 )	2023-12-26 20:41:58 +08:00
DarkSky	70ab3b4916	fix: use prefix in electron to prevent formdata bug (#5395 )	2023-12-26 20:41:47 +08:00
EYHN	f42ba54578	fix(core): fix flickering workspace list (#5391 )	2023-12-26 20:41:36 +08:00
EYHN	a67c8181fc	fix(workspace): fix svg file with xml header (#5388 )	2023-12-26 20:41:28 +08:00
regischen	613efbded9	feat: bump blocksuite (#5386 )	2023-12-26 20:41:18 +08:00
李华桥	549419d102	Merge branch 'canary' into stable	2023-12-22 16:29:51 +08:00
李华桥	21c42f8771	Merge branch 'canary' into stable	2023-12-22 01:29:30 +08:00
李华桥	9012adda7a	Merge branch 'canary' into stable	2023-12-21 18:42:56 +08:00
李华桥	fb442e9055	Merge branch 'canary' into stable	2023-12-21 16:22:57 +08:00
李华桥	a231474dd2	Merge branch 'canary' into stable	2023-12-21 14:26:01 +08:00
李华桥	833b42000b	Merge branch 'canary' into stable	2023-12-20 16:36:44 +08:00
李华桥	7690c48710	Merge branch 'canary' into stable	2023-12-20 16:32:36 +08:00
DarkSky	579828a700	fix: use secure websocket (#5297 )	2023-12-13 22:28:04 +08:00
DarkSky	746db2ccfc	feat: only follow `serverUrlPrefix` at redirect to client (#5295 )	2023-12-13 20:37:20 +08:00
李华桥	eff344a9c1	Merge branch 'canary' into stable	2023-12-12 16:45:47 +08:00
李华桥	c89ebab596	Merge branch 'canary' into stable	2023-12-12 11:04:33 +08:00
liuyi	62f4421b7c	fix(server): avoid updates persist forever (#5258 )	2023-12-11 17:42:25 +08:00
李华桥	42383dbd29	Merge branch 'canary' into stable	2023-12-10 21:04:15 +08:00
李华桥	120e7397ba	Merge branch 'canary' into stable	2023-12-01 16:12:17 +08:00
李华桥	24123ad01c	Revert "Revert "Merge remote-tracking branch 'origin/canary' into stable"" This reverts commit `89197bacef`.	2023-12-01 13:29:43 +08:00
李华桥	ad50320391	v0.10.3	2023-12-01 12:52:15 +08:00
李华桥	eb21a60dda	v0.10.3-beta.7	2023-12-01 12:12:20 +08:00
Joooye_34	c0e3be2d40	fix(core): rerender error boundary when route change and improve sentry report (#5147 )	2023-12-01 04:04:44 +00:00
李华桥	09d3b72358	v0.10.3-beta.6	2023-11-30 23:02:26 +08:00
Joooye_34	246e16c6c0	fix(infra): compatibility logic follow blocksuite (#5143 )	2023-11-30 23:01:38 +08:00
李华桥	dc279d062b	v0.10.3-beta.5	2023-11-30 16:49:55 +08:00
Joooye_34	47d5f9e1c2	fix(infra): use blocksuite api to check compatibility (#5137 )	2023-11-30 08:48:13 +00:00
Joooye_34	a226eb8d5f	fix(core): expose catched editor load error (#5133 )	2023-11-29 20:31:35 +08:00
Joooye_34	908c4e1a6f	ci: add sentry env when frontend assets build (#5131 )	2023-11-29 10:03:49 +00:00
李华桥	1d0bcc80a0	v0.10.3-beta.4	2023-11-29 16:14:06 +08:00
Joooye_34	50010bd824	fix(core): implement editor timeout and report error from boundary (#5105 )	2023-11-29 08:10:38 +00:00
liuyi	c0ede1326d	fix(server): wrong OTEL config (#5084 )	2023-11-29 11:19:13 +08:00
李华桥	89197bacef	Revert "Merge remote-tracking branch 'origin/canary' into stable" This reverts commit `992ed89a89`, reversing changes made to `d272d7922d`.	2023-11-29 11:18:45 +08:00
李华桥	f97d323ab5	Revert "Revert "refactor(server): standarderlize metrics and trace with OTEL (#5054 )"" This reverts commit `c1cd1713b9`.	2023-11-29 11:07:28 +08:00
EYHN	2acb219dcc	fix(workspace): filter awareness from other workspace (#5093 )	2023-11-28 16:47:45 +08:00
LongYinan	992ed89a89	Merge remote-tracking branch 'origin/canary' into stable	2023-11-28 15:12:52 +08:00
李华桥	d272d7922d	v0.10.3-beta.2	2023-11-25 23:50:40 +08:00
李华桥	c1cd1713b9	Revert "refactor(server): standarderlize metrics and trace with OTEL (#5054 )" This reverts commit `91efca107a`.	2023-11-25 23:50:39 +08:00
李华桥	b20e91bee0	v0.10.3-beta.1	2023-11-25 14:14:40 +08:00
李华桥	9a4e5ec8c3	Merge branch 'canary' into stable	2023-11-25 14:14:14 +08:00
李华桥	2019838ae7	v0.10.3-beta.0	2023-11-24 11:39:23 +08:00
李华桥	30ff25f400	Merge branch 'canary' into stable	2023-11-23 23:40:32 +08:00
李华桥	e766208c18	chore: reset merge wrong codes	2023-11-23 22:53:06 +08:00
李华桥	8742f28148	Merge branch 'canary' into stable	2023-11-23 21:31:42 +08:00
LongYinan	cd291bb60e	build: remove useless source-map-loader to speedup webpack (#4910 )	2023-11-20 10:52:28 +08:00
LongYinan	62c0efcfd1	fix(core): handle the getSession network error properly (#4909 ) If network offline or API error happens, the `session` returned by the `useSession` hook will be null, so we can't assume it is not null. There should be following changes: 1. create a page in ErrorBoundary to let the user refetch the session. 2. The `SessionProvider` stop to pull the new session once the session is null, we need to figure out a way to pull the new session when the network is back or the user click the refetch button.	2023-11-17 16:50:48 +08:00
liuyi	87248b3337	fix(server): all viewers can share public link (#4968 )	2023-11-17 12:34:15 +08:00
Joooye_34	00c940f7df	chore: bump affine version to 0.10.2 (#4959 )	2023-11-16 15:48:37 +08:00
Flrande	931b459fbd	chore: bump blocksuite (#4958 )	2023-11-16 14:27:39 +08:00
LongYinan	51e71f4a0a	ci: prevent error if rust build is cached by nx (#4951 ) If Rust build was cached by nx, only the output file will be presented. The chmod command will be failed in this case like: https://github.com/toeverything/AFFiNE/actions/runs/6874496337/job/18697360212	2023-11-16 10:31:51 +08:00
Peng Xiao	9b631f2328	fix(infra): page id compat fix for page ids in workspace.meta (#4950 ) since we strip `page:` in keys of workspacedoc.spaces, we should also strip the prefix in meta.pages as well.	2023-11-15 17:36:08 +08:00
LongYinan	01f481a9b6	ci: only disable postinstall on macOS in nightly desktop build (#4938 )	2023-11-14 23:00:30 +08:00
Joooye_34	0177ab5c87	fix(infra): workspace migration without blockVersions (#4936 )	2023-11-14 14:38:11 +01:00
Peng Xiao	4db35d341c	perf(component): use png instead of svg for rendering noise svg (#4935 )	2023-11-14 11:52:51 +00:00
DarkSky	3c4a803c97	fix: change password token check (#4934 ) (#4932 )	2023-11-14 11:15:54 +00:00
LongYinan	05154dc7ca	ci: disable postinstall in nightly desktop build (#4930 ) Should be part of https://github.com/toeverything/AFFiNE/pull/4885	2023-11-14 14:13:55 +08:00
Peng Xiao	c90b477f60	fix(core): change server url of stable to insider (#4902 ) (#4926 )	2023-11-14 12:05:52 +08:00
李华桥	6f18ddbe85	v0.10.1	2023-11-13 19:49:26 +08:00
LongYinan	dde779a71d	test(e2e): add subdoc migration test (#4921 ) test(e2e): add subdoc migration test fix: remove .only	2023-11-13 18:00:40 +08:00
Peng Xiao	bd9f66fbc7	fix(infra): compatibility fix for space prefix (#4912 ) It seems there are some cases that [this upstream PR](https://github.com/toeverything/blocksuite/pull/4747) will cause data loss. Because of some historical reasons, the page id could be different with its doc id. It might be caused by subdoc migration in the following (not 100% sure if all white screen issue is caused by it) `0714c12703/packages/common/infra/src/blocksuite/index.ts (L538-L540)` In version 0.10, page id in spaces no longer has prefix "space:" The data flow for fetching a doc's updates is: - page id in `meta.pages` -> find `${page-id}` in `doc.spaces` -> `doc` -> `doc.guid` if `doc` is not found in `doc.spaces`, a new doc will be created and its `doc.guid` is the same with its pageId - because of guid logic change, the doc that previously prefixed with `space:` will not be found in `doc.spaces` - when fetching the rows of this doc using the doc id === page id, it will return EMPTY since there is no updates associated with the page id The provided fix in the PR will patch the `spaces` field of the root doc so that after 0.10 the page doc can still be found in the `spaces` map. It shall apply to both of the idb & sqlite datasources. Special thanks to @lawvs 's db file for investigation!	2023-11-13 17:57:56 +08:00
liuyi	92f1f40bfa	fix(server): wrap updates applying in a transaction (#4922 )	2023-11-13 08:49:30 +00:00
LongYinan	48dc1049b3	Merge pull request #4913 from toeverything/darksky/cleanup-depolyment chore: cleanup deployment	2023-11-12 11:20:02 +08:00
DarkSky	9add530370	chore: cleanup deployment	2023-11-12 11:03:25 +08:00
LongYinan	b77460d871	Merge pull request #4908 from toeverything/61/hotfix-websocket-payload fix(server): increase server acceptable websocket payload size	2023-11-10 22:01:48 +08:00
forehalo	42db41776b	fix(server): increase server acceptable websocket payload size	2023-11-10 21:31:45 +08:00
李华桥	075439c74f	fix(core): change server url of stable to insider	2023-11-10 18:32:53 +08:00
Yifeng Wang	fc6c553ece	chore: bump theme (#4904 ) Co-authored-by: 李华桥 <joooye1991@gmail.com>	2023-11-10 15:40:38 +08:00
Joooye_34	59cb3d5df1	fix(core): change server url of stable to insider (#4902 )	2023-11-10 14:50:57 +08:00