chore: v0.10.4-canary.1

.eslintignore

@@ -11,4 +11,6 @@ e2e-dist-*
 static
 web-static
 public
+packages/common/sdk/src/*.d.ts
+packages/common/sdk/src/*.js
 packages/frontend/i18n/src/i18n-generated.ts

.eslintrc.js

@@ -61,6 +61,7 @@ const allPackages = [
   'packages/frontend/core',
   'packages/frontend/electron',
   'packages/frontend/graphql',
+  'packages/frontend/hooks',
   'packages/frontend/i18n',
   'packages/frontend/native',
   'packages/frontend/templates',
@@ -68,8 +69,10 @@ const allPackages = [
   'packages/common/debug',
   'packages/common/env',
   'packages/common/infra',
+  'packages/common/sdk',
   'packages/common/theme',
   'packages/common/y-indexeddb',
+  'packages/plugins/copilot',
   'tools/cli',
   'tests/storybook',
 ];
@@ -217,7 +220,6 @@ const config = {
     'unicorn/no-useless-promise-resolve-reject': 'error',
     'unicorn/no-new-array': 'error',
     'unicorn/new-for-builtins': 'error',
-    'unicorn/prefer-node-protocol': 'error',
     'sonarjs/no-all-duplicated-branches': 'error',
     'sonarjs/no-element-overwrite': 'error',
     'sonarjs/no-empty-collection': 'error',

.github/CLA.md

@@ -33,6 +33,32 @@ You accept and agree to the following terms and conditions for your past, presen
 
 9. This Agreement will be governed by the laws of Republic of Singapore without reference to conflict of laws principles.
 
-## How To Sign
+## List of Contributors
 
-Visit https://cla-assistant.io/toeverything/AFFiNE and sign it.
+The below-signed are contributors to a code repository that is part of the project named "AFFiNE". Each below-signed contributor has read, understand and agrees to the terms above in the section within this document entitled "AFFiNE Contributor License Agreement" as of the date beside their real name (or entity name) and GitHub account name.
+
+---
+
+<!--
+Example:
+
+- Dark Sky, @darkskygit, 2022/07/22
+-->
+
+- Dark Sky, @darkskygit, 2022/07/22
+- Lin Onetwo, @linonetwo, 2022/02/14
+- zqran, @zqran, 2023/02/17
+- Alessio Gravili, @AlessioGr, 2023/03/04
+- Victor Nanka, @victornanka, 2023/03/09
+- Aditya Sharma, @adityash1, 2023/03/21
+- Fangdun Tsai, @fundon, 2023/03/21
+- Zhilin Liu, @lzlme, 2023/04/09
+- Skye Sun, @skyesun, 2023/04/14
+- Jordy Delgado, @Jdelgad8, 2023/04/17
+- Howard Do, @howarddo2208, 2023/04/20
+- 三咲智子 Kevin Deng, @sxzz, 2023/04/21
+- Moeyua, @moeyua, 2023/04/22
+- Shishu, @shishudesu, 2023/05/19
+- Kushagra Singh, @kush002, 2023/06/28
+- Sarvesh Kumar, @sarvesh521 2023/08/25
+- 微扰理论 Qinghao Huang, @wfnuser 2023/09/29

.github/actions/build-rust/action.yml

@@ -32,12 +32,10 @@ runs:
     - name: Set CC
       if: ${{ contains(inputs.target, 'linux') && inputs.package != '@affine/native' }}
       shell: bash
-      run: |
-        echo "CC=clang" >> "$GITHUB_ENV"
-        echo "TARGET_CC=clang" >> "$GITHUB_ENV"
+      run: echo "CC=clang" >> "$GITHUB_ENV"
 
     - name: Cache cargo
-      uses: actions/cache@v4
+      uses: actions/cache@v3
       with:
         path: |
           ~/.cargo/registry/index/
@@ -52,4 +50,3 @@ runs:
         yarn workspace ${{ inputs.package }} nx build ${{ inputs.package }} --target ${{ inputs.target }} --use-napi-cross
       env:
         NX_CLOUD_ACCESS_TOKEN: ${{ inputs.nx_token }}
-        DEBUG: 'napi:*'

.github/actions/deploy/action.yml

@@ -34,7 +34,7 @@ runs:
         project_id: '${{ inputs.gcp-project-id }}'
 
     - name: 'Setup gcloud cli'
-      uses: 'google-github-actions/setup-gcloud@v2'
+      uses: 'google-github-actions/setup-gcloud@v1'
       with:
         install_components: 'gke-gcloud-auth-plugin'
 

.github/actions/deploy/deploy.mjs

@@ -1,7 +1,6 @@
 import { execSync } from 'node:child_process';
 
 const {
-  APP_VERSION,
   BUILD_TYPE,
   DEPLOY_HOST,
   CANARY_DEPLOY_HOST,
@@ -13,6 +12,7 @@ const {
   R2_ACCOUNT_ID,
   R2_ACCESS_KEY_ID,
   R2_SECRET_ACCESS_KEY,
+  R2_BUCKET,
   ENABLE_CAPTCHA,
   CAPTCHA_TURNSTILE_SECRET,
   OAUTH_EMAIL_SENDER,
@@ -27,7 +27,6 @@ const {
   REDIS_PASSWORD,
   STRIPE_API_KEY,
   STRIPE_WEBHOOK_KEY,
-  STATIC_IP_NAME,
 } = process.env;
 
 // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
@@ -35,13 +34,17 @@ const buildType = BUILD_TYPE || 'canary';
 
 const isProduction = buildType === 'stable';
 const isBeta = buildType === 'beta';
-const isInternal = buildType === 'internal';
 
 const createHelmCommand = ({ isDryRun }) => {
   const flag = isDryRun ? '--dry-run' : '--atomic';
   const imageTag = `${buildType}-${GIT_SHORT_HASH}`;
+  const staticIpName = isProduction
+    ? 'affine-cluster-production'
+    : isBeta
+      ? 'affine-cluster-beta'
+      : 'affine-cluster-dev';
   const redisAndPostgres =
-    isProduction || isBeta || isInternal
+    isProduction || isBeta
       ? [
           `--set-string global.database.url=${DATABASE_URL}`,
           `--set-string global.database.user=${DATABASE_USERNAME}`,
@@ -55,42 +58,27 @@ const createHelmCommand = ({ isDryRun }) => {
         ]
       : [];
   const serviceAnnotations =
-    isProduction || isBeta || isInternal
+    isProduction || isBeta
       ? [
           `--set-json   web.service.annotations=\"{ \\"cloud.google.com/neg\\": \\"{\\\\\\"ingress\\\\\\": true}\\" }\"`,
+          `--set-json   graphql.serviceAccount.annotations=\"{ \\"iam.gke.io/gcp-service-account\\": \\"${CLOUD_SQL_IAM_ACCOUNT}\\" }\"`,
           `--set-json   graphql.service.annotations=\"{ \\"cloud.google.com/neg\\": \\"{\\\\\\"ingress\\\\\\": true}\\" }\"`,
+          `--set-json   sync.serviceAccount.annotations=\"{ \\"iam.gke.io/gcp-service-account\\": \\"${CLOUD_SQL_IAM_ACCOUNT}\\" }\"`,
           `--set-json   sync.service.annotations=\"{ \\"cloud.google.com/neg\\": \\"{\\\\\\"ingress\\\\\\": true}\\" }\"`,
-          `--set-json   cloud-sql-proxy.serviceAccount.annotations=\"{ \\"iam.gke.io/gcp-service-account\\": \\"${CLOUD_SQL_IAM_ACCOUNT}\\" }\"`,
-          `--set-json   cloud-sql-proxy.nodeSelector=\"{ \\"iam.gke.io/gke-metadata-server-enabled\\": \\"true\\" }\"`,
         ]
       : [];
   const webReplicaCount = isProduction ? 3 : isBeta ? 2 : 2;
-  const graphqlReplicaCount = isProduction
-    ? Number(process.env.PRODUCTION_GRAPHQL_REPLICA) || 3
-    : isBeta
-      ? Number(process.env.isBeta_GRAPHQL_REPLICA) || 2
-      : 2;
-  const syncReplicaCount = isProduction
-    ? Number(process.env.PRODUCTION_SYNC_REPLICA) || 3
-    : isBeta
-      ? Number(process.env.BETA_SYNC_REPLICA) || 2
-      : 2;
-  const namespace = isProduction
-    ? 'production'
-    : isBeta
-      ? 'beta'
-      : isInternal
-        ? 'internal'
-        : 'dev';
+  const graphqlReplicaCount = isProduction ? 10 : isBeta ? 5 : 2;
+  const syncReplicaCount = isProduction ? 10 : isBeta ? 5 : 2;
+  const namespace = isProduction ? 'production' : isBeta ? 'beta' : 'dev';
   // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
   const host = DEPLOY_HOST || CANARY_DEPLOY_HOST;
   const deployCommand = [
     `helm upgrade --install affine .github/helm/affine`,
     `--namespace  ${namespace}`,
     `--set        global.ingress.enabled=true`,
-    `--set-json   global.ingress.annotations=\"{ \\"kubernetes.io/ingress.class\\": \\"gce\\", \\"kubernetes.io/ingress.allow-http\\": \\"true\\", \\"kubernetes.io/ingress.global-static-ip-name\\": \\"${STATIC_IP_NAME}\\" }\"`,
+    `--set-json   global.ingress.annotations=\"{ \\"kubernetes.io/ingress.class\\": \\"gce\\", \\"kubernetes.io/ingress.allow-http\\": \\"true\\", \\"kubernetes.io/ingress.global-static-ip-name\\": \\"${staticIpName}\\" }\"`,
     `--set-string global.ingress.host="${host}"`,
-    `--set-string global.version="${APP_VERSION}"`,
     ...redisAndPostgres,
     `--set        web.replicaCount=${webReplicaCount}`,
     `--set-string web.image.tag="${imageTag}"`,
@@ -103,6 +91,7 @@ const createHelmCommand = ({ isDryRun }) => {
     `--set-string graphql.app.objectStorage.r2.accountId="${R2_ACCOUNT_ID}"`,
     `--set-string graphql.app.objectStorage.r2.accessKeyId="${R2_ACCESS_KEY_ID}"`,
     `--set-string graphql.app.objectStorage.r2.secretAccessKey="${R2_SECRET_ACCESS_KEY}"`,
+    `--set-string graphql.app.objectStorage.r2.bucket="${R2_BUCKET}"`,
     `--set-string graphql.app.oauth.email.sender="${OAUTH_EMAIL_SENDER}"`,
     `--set-string graphql.app.oauth.email.login="${OAUTH_EMAIL_LOGIN}"`,
     `--set-string graphql.app.oauth.email.password="${OAUTH_EMAIL_PASSWORD}"`,
@@ -116,7 +105,7 @@ const createHelmCommand = ({ isDryRun }) => {
     `--set        sync.replicaCount=${syncReplicaCount}`,
     `--set-string sync.image.tag="${imageTag}"`,
     ...serviceAnnotations,
-    `--timeout 10m`,
+    `--version "0.0.0-${buildType}.${GIT_SHORT_HASH}" --timeout 10m`,
     flag,
   ].join(' ');
   return deployCommand;

.github/actions/download-core/action.yml

@@ -9,7 +9,7 @@ runs:
   using: 'composite'
   steps:
     - name: Download tar.gz
-      uses: actions/download-artifact@v4
+      uses: actions/download-artifact@v3
       with:
         name: core
         path: .

.github/actions/setup-node/action.yml

@@ -21,6 +21,14 @@ inputs:
     description: 'set nmMode to hardlinks-local in .yarnrc.yml'
     required: false
     default: 'true'
+  build-infra:
+    description: 'Build infra'
+    required: false
+    default: 'true'
+  build-plugins:
+    description: 'Build plugins'
+    required: false
+    default: 'true'
   nmHoistingLimits:
     description: 'Set nmHoistingLimits in .yarnrc.yml'
     required: false
@@ -63,7 +71,7 @@ runs:
       run: node -e "const p = $(yarn config cacheFolder --json).effective; console.log('yarn_global_cache=' + p)" >> $GITHUB_OUTPUT
 
     - name: Cache non-full yarn cache on Linux
-      uses: actions/cache@v4
+      uses: actions/cache@v3
       if: ${{ inputs.full-cache != 'true' && runner.os == 'Linux' }}
       with:
         path: |
@@ -75,7 +83,7 @@ runs:
     # and the decompression performance on Windows is very terrible
     # so we reduce the number of cached files on non-Linux systems by remove node_modules from cache path.
     - name: Cache non-full yarn cache on non-Linux
-      uses: actions/cache@v4
+      uses: actions/cache@v3
       if: ${{ inputs.full-cache != 'true' && runner.os != 'Linux' }}
       with:
         path: |
@@ -83,7 +91,7 @@ runs:
         key: node_modules-cache-${{ github.job }}-${{ runner.os }}
 
     - name: Cache full yarn cache on Linux
-      uses: actions/cache@v4
+      uses: actions/cache@v3
       if: ${{ inputs.full-cache == 'true' && runner.os == 'Linux' }}
       with:
         path: |
@@ -92,7 +100,7 @@ runs:
         key: node_modules-cache-full-${{ runner.os }}
 
     - name: Cache full yarn cache on non-Linux
-      uses: actions/cache@v4
+      uses: actions/cache@v3
       if: ${{ inputs.full-cache == 'true' && runner.os != 'Linux' }}
       with:
         path: |
@@ -134,7 +142,7 @@ runs:
       # Note: Playwright's cache directory is hard coded because that's what it
       # says to do in the docs. There doesn't appear to be a command that prints
       # it out for us.
-    - uses: actions/cache@v4
+    - uses: actions/cache@v3
       id: playwright-cache
       if: ${{ inputs.playwright-install == 'true' }}
       with:
@@ -167,7 +175,7 @@ runs:
       run: |
         echo "version=$(yarn why --json electron | grep -h 'workspace:.' | jq --raw-output '.children[].locator' | sed -e 's/@playwright\/test@.*://' | head -n 1)" >> $GITHUB_OUTPUT
 
-    - uses: actions/cache@v4
+    - uses: actions/cache@v3
       id: electron-cache
       if: ${{ inputs.electron-install == 'true' }}
       with:
@@ -182,3 +190,13 @@ runs:
       run: node ./node_modules/electron/install.js
       env:
         electron_config_cache: ./node_modules/.cache/electron
+
+    - name: Build Infra
+      shell: bash
+      if: inputs.build-infra == 'true'
+      run: yarn run build:infra
+
+    - name: Build Plugins
+      if: inputs.build-plugins == 'true'
+      shell: bash
+      run: yarn run build:plugins

.github/actions/setup-version/action.yml

@@ -1,24 +0,0 @@
-name: Setup Version
-description: 'Setup Version'
-outputs:
-  APP_VERSION:
-    description: 'App Version'
-    value: ${{ steps.version.outputs.APP_VERSION }}
-runs:
-  using: 'composite'
-  steps:
-    - name: 'Write Version'
-      id: version
-      shell: bash
-      run: |
-        if [ "${{ github.ref_type }}" == "tag" ]; then
-          APP_VERSION=$(echo "${{ github.ref_name }}" | sed 's/^v//')
-        else
-          PACKAGE_VERSION=$(node -p "require('./package.json').version")
-          TIME_VERSION=$(date +%Y%m%d%H%M)
-          GIT_SHORT_HASH=$(git rev-parse --short HEAD)
-          APP_VERSION=$PACKAGE_VERSION-nightly-$TIME_VERSION-$GIT_SHORT_HASH
-        fi
-        echo $APP_VERSION
-        echo "APP_VERSION=$APP_VERSION" >> "$GITHUB_OUTPUT"
-        ./scripts/set-version.sh $APP_VERSION

.github/deployment/front/Dockerfile

@@ -1,6 +1,6 @@
-FROM openresty/openresty:1.21.4.3-0-buster
+FROM openresty/openresty:1.21.4.1-0-buster
 WORKDIR /app
-COPY ./packages/frontend/core/dist/index.html ./dist/index.html
+COPY ./packages/frontend/core/dist ./dist
 COPY ./.github/deployment/front/nginx.conf /usr/local/openresty/nginx/conf/nginx.conf
 COPY ./.github/deployment/front/affine.nginx.conf /etc/nginx/conf.d/affine.nginx.conf
 

.github/deployment/node/Dockerfile

@@ -1,7 +1,6 @@
 FROM node:18-bookworm-slim
 
 COPY ./packages/backend/server /app
-COPY ./packages/frontend/core/dist /app/static
 WORKDIR /app
 
 RUN apt-get update && \

.github/deployment/self-host/compose.yaml

@@ -1,61 +0,0 @@
-services:
-  affine:
-    image: ghcr.io/toeverything/affine-graphql:beta
-    container_name: affine_selfhosted
-    command:
-      ['sh', '-c', 'node ./scripts/self-host-predeploy && node ./dist/index.js']
-    ports:
-      - '3010:3010'
-      - '5555:5555'
-    depends_on:
-      redis:
-        condition: service_healthy
-      postgres:
-        condition: service_healthy
-    volumes:
-      # custom configurations
-      - ~/.affine/self-host/config:/root/.affine/config
-      # blob storage
-      - ~/.affine/self-host/storage:/root/.affine/storage
-    logging:
-      driver: 'json-file'
-      options:
-        max-size: '1000m'
-    restart: unless-stopped
-    environment:
-      - NODE_OPTIONS=--es-module-specifier-resolution node
-      - AFFINE_CONFIG_PATH=/root/.affine/config
-      - REDIS_SERVER_HOST=redis
-      - DATABASE_URL=postgres://affine:affine@postgres:5432/affine
-      - DISABLE_TELEMETRY=true
-      - NODE_ENV=production
-      - SERVER_FLAVOR=selfhosted
-      - AFFINE_ADMIN_EMAIL=${AFFINE_ADMIN_EMAIL}
-      - AFFINE_ADMIN_PASSWORD=${AFFINE_ADMIN_PASSWORD}
-  redis:
-    image: redis
-    container_name: affine_redis
-    restart: unless-stopped
-    volumes:
-      - ~/.affine/self-host/redis:/data
-    healthcheck:
-      test: ['CMD', 'redis-cli', '--raw', 'incr', 'ping']
-      interval: 10s
-      timeout: 5s
-      retries: 5
-  postgres:
-    image: postgres
-    container_name: affine_postgres
-    restart: unless-stopped
-    volumes:
-      - ~/.affine/self-host/postgres:/var/lib/postgresql/data
-    healthcheck:
-      test: ['CMD-SHELL', 'pg_isready -U affine']
-      interval: 10s
-      timeout: 5s
-      retries: 5
-    environment:
-      POSTGRES_USER: affine
-      POSTGRES_PASSWORD: affine
-      POSTGRES_DB: affine
-      PGDATA: /var/lib/postgresql/data/pgdata

.github/helm/affine-cloud/.gitignore

@@ -0,0 +1 @@
+charts/

.github/helm/affine-cloud/.helmignore

@@ -20,4 +20,4 @@
 .project
 .idea/
 *.tmproj
-.vscode/
+.vscode/

.github/helm/affine-cloud/Chart.lock

@@ -0,0 +1,6 @@
+dependencies:
+- name: postgresql
+  repository: https://charts.bitnami.com/bitnami
+  version: 13.2.23
+digest: sha256:5b64538509bd067bb0f67bf082847a2c5d66dc37d0b9d7948a40405d9c446400
+generated: "2023-12-05T03:04:57.997927753Z"

.github/helm/affine-cloud/Chart.yaml

@@ -0,0 +1,12 @@
+apiVersion: v2
+name: affine-cloud
+description: A Helm chart for AFFiNE Cloud
+
+type: application
+version: 0.6.1
+appVersion: '0.6.1'
+
+dependencies:
+  - name: postgresql
+    version: 13.2.23
+    repository: https://charts.bitnami.com/bitnami

.github/helm/affine-cloud/readme.md

@@ -0,0 +1,30 @@
+# Helm Chart Configuration
+
+The following table lists the configurable parameters of this Helm chart and their default values.
+
+## AFFiNE Cloud Server parameters
+
+| Parameter                      | Description                                        | Default            |
+| ------------------------------ | -------------------------------------------------- | ------------------ |
+| `affineCloud.tag`              | The Docker tag of the AffineCloud image to be used | `'nightly-latest'` |
+| `affineCloud.resources.cpu`    | The CPU resources allocated for AffineCloud        | `'250m'`           |
+| `affineCloud.resources.memory` | The memory resources allocated for AffineCloud     | `'0.5Gi'`          |
+| `affineCloud.signKey`          | The key used to sign the JWT tokens                | `'c2VjcmV0'`       |
+| `affineCloud.service.type`     | The type of the Kubernetes service                 | `'ClusterIP'`      |
+| `affineCloud.service.port`     | The port of the Kubernetes service                 | `'http'`           |
+| `affineCloud.mail.account`     | The email account used to send emails              | `''`               |
+| `affineCloud.mail.password`    | The password of the email account                  | `''`               |
+
+## PostgreSQL parameters
+
+| Parameter                                    | Description                                                                           | Default      |
+| -------------------------------------------- | ------------------------------------------------------------------------------------- | ------------ |
+| `postgresql.auth.username`                   | Username for the PostgreSQL database                                                  | `'affine'`   |
+| `postgresql.auth.password`                   | Password for the PostgreSQL database. Please change this for production environments. | `'password'` |
+| `postgresql.auth.database`                   | The name of the default database that will be created on image startup                | `'affine'`   |
+| `postgresql.primary.resources.limits.cpu`    | The CPU resources allocated for the PostgreSQL primary node                           | `'500m'`     |
+| `postgresql.primary.resources.limits.memory` | The memory resources allocated for the PostgreSQL primary node                        | `'0.5Gi'`    |
+
+For more postgres parameters, please refer to: https://artifacthub.io/packages/helm/bitnami/postgresql
+
+Please note that for the `postgresql.auth.password`, you should provide your own password for production environments. The default value is provided only for demonstration purposes.

.github/helm/affine-cloud/templates/_helper.tpl

@@ -1,7 +1,7 @@
 {{/*
 Expand the name of the chart.
 */}}
-{{- define "gcloud-sql-proxy.name" -}}
+{{- define "affine-cloud.name" -}}
 {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
 {{- end }}
 
@@ -10,7 +10,7 @@ Create a default fully qualified app name.
 We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
 If release name contains chart name it will be used as a full name.
 */}}
-{{- define "gcloud-sql-proxy.fullname" -}}
+{{- define "affine-cloud.fullname" -}}
 {{- if .Values.fullnameOverride }}
 {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
 {{- else }}
@@ -26,16 +26,16 @@ If release name contains chart name it will be used as a full name.
 {{/*
 Create chart name and version as used by the chart label.
 */}}
-{{- define "gcloud-sql-proxy.chart" -}}
+{{- define "affine-cloud.chart" -}}
 {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
 {{- end }}
 
 {{/*
 Common labels
 */}}
-{{- define "gcloud-sql-proxy.labels" -}}
-helm.sh/chart: {{ include "gcloud-sql-proxy.chart" . }}
-{{ include "gcloud-sql-proxy.selectorLabels" . }}
+{{- define "affine-cloud.labels" -}}
+helm.sh/chart: {{ include "affine-cloud.chart" . }}
+{{ include "affine-cloud.selectorLabels" . }}
 {{- if .Chart.AppVersion }}
 app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
 {{- end }}
@@ -45,18 +45,7 @@ app.kubernetes.io/managed-by: {{ .Release.Service }}
 {{/*
 Selector labels
 */}}
-{{- define "gcloud-sql-proxy.selectorLabels" -}}
-app.kubernetes.io/name: {{ include "gcloud-sql-proxy.name" . }}
+{{- define "affine-cloud.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "affine-cloud.name" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end }}
-
-{{/*
-Create the name of the service account to use
-*/}}
-{{- define "gcloud-sql-proxy.serviceAccountName" -}}
-{{- if .Values.serviceAccount.create }}
-{{- default (include "gcloud-sql-proxy.fullname" .) .Values.serviceAccount.name }}
-{{- else }}
-{{- default "default" .Values.serviceAccount.name }}
-{{- end }}
-{{- end }}

.github/helm/affine-cloud/templates/deployment.yaml

@@ -0,0 +1,51 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: "{{ include "affine-cloud.fullname" . }}"
+  labels:
+    {{- include "affine-cloud.labels" . | nindent 4 }}
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      {{- include "affine-cloud.selectorLabels" . | nindent 6 }}
+  strategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxUnavailable: 2
+  template:
+    metadata:
+      labels:
+        {{- include "affine-cloud.selectorLabels" . | nindent 8 }}
+    spec:
+      restartPolicy: Always
+      containers:
+      - name: affine-cloud
+        image: "ghcr.io/toeverything/cloud-self-hosted:{{ .Values.affineCloud.tag | default .Chart.AppVersion }}"
+        env:
+        - name: PG_USER
+          value: "{{ .Values.postgresql.auth.username }}"
+        - name: PG_PASS
+          value: "{{ .Values.postgresql.auth.password }}"
+        - name: PG_DATABASE
+          value: "{{ .Values.postgresql.auth.database }}"
+        - name: PG_HOST
+          value: "{{ .Values.postgresql.fullnameOverride | default (printf "%s-postgresql" .Release.Name) }}"
+        - name: DATABASE_URL
+          value: "{{ .Values.affineCloud.databaseUrl | default "postgresql://$(PG_USER):$(PG_PASS)@$(PG_HOST)/$(PG_DATABASE)" }}"
+        envFrom:
+        - secretRef:
+            name: affine-cloud-secret
+        ports:
+        - containerPort: 3000
+        livenessProbe:
+          httpGet:
+            path: /api/healthz
+            port: 3000
+          failureThreshold: 1
+          initialDelaySeconds: 10
+          periodSeconds: 10
+        resources:
+          limits:
+            cpu: "{{ .Values.affineCloud.resources.cpu }}"
+            memory: "{{ .Values.affineCloud.resources.memory }}"

.github/helm/affine-cloud/templates/secret.yaml

@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: affine-cloud-secret
+type: Opaque
+data:
+  SIGN_KEY: "{{ .Values.affineCloud.signKey }}"
+  MAIL_ACCOUNT: "{{ .Values.affineCloud.mail.account }}"
+  MAIL_PASSWORD: "{{ .Values.affineCloud.mail.password }}"

.github/helm/affine-cloud/templates/services.yaml

@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: "{{ include "affine-cloud.fullname" . }}"
+  labels:
+    {{- include "affine-cloud.labels" . | nindent 4 }}
+spec:
+  type: "{{ .Values.affineCloud.service.type }}"
+  ports:
+    - name: http
+      protocol: TCP
+      port: {{ .Values.affineCloud.service.port }}
+      targetPort: 3000
+  selector:
+    {{- include "affine-cloud.selectorLabels" . | nindent 4 }}

.github/helm/affine-cloud/values.yaml

@@ -0,0 +1,30 @@
+affineCloud:
+  tag: 'canary-5e0d5e0cc65ea46f326fdde12658bfac59b38c9f-0949'
+  # databaseUrl: 'postgresql://affine:password@affine-cloud-postgresql:5432/affine'
+  signKey: TUFtdFdzQTJhdGJuem01TA==
+  mail:
+    account: ''
+    password: ''
+  service:
+    type: ClusterIP
+    port: 80
+  resources:
+    cpu: '250m'
+    memory: 0.5Gi
+postgresql:
+  fullnameOverride: tcp-postgresql
+  auth:
+    # only for demo, please modify it at prod env
+    username: affine
+    password: password
+    database: affine
+  primary:
+    initdb:
+      scripts:
+        01-init.sql: |
+          CREATE DATABASE affine_binary;
+          GRANT ALL PRIVILEGES ON DATABASE affine_binary TO affine;
+    resources:
+      limits:
+        cpu: '500m'
+        memory: 0.5Gi

.github/helm/affine/Chart.yaml

@@ -3,4 +3,4 @@ name: affine
 description: AFFiNE cloud chart
 type: application
 version: 0.0.0
-appVersion: "0.12.0"
+appVersion: '0.7.0-canary.18'

.github/helm/affine/charts/gcloud-sql-proxy/Chart.yaml

@@ -1,6 +0,0 @@
-apiVersion: v2
-name: cloud-sql-proxy
-description: Google Cloud SQL Proxy
-type: application
-version: 0.0.0
-appVersion: "2.8.1"

.github/helm/affine/charts/gcloud-sql-proxy/templates/NOTES.txt

@@ -1,18 +0,0 @@
-{{- if .Values.global.database.gcloud.enabled -}}
-1. Get the application URL by running these commands:
-{{- if contains "NodePort" .Values.service.type }}
-  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "gcloud-sql-proxy.fullname" . }})
-  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
-  echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
-     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
-           You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "gcloud-sql-proxy.fullname" . }}'
-  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "gcloud-sql-proxy.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
-  echo http://$SERVICE_IP:{{ .Values.service.port }}
-{{- else if contains "ClusterIP" .Values.service.type }}
-  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "gcloud-sql-proxy.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
-  export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
-  echo "Visit http://127.0.0.1:8080 to use your application"
-  kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT
-{{- end }}
-{{- end }}

.github/helm/affine/charts/gcloud-sql-proxy/templates/deployment.yaml

@@ -1,132 +0,0 @@
-{{- if .Values.global.database.gcloud.enabled -}}
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: {{ include "gcloud-sql-proxy.fullname" . }}
-  labels:
-    {{- include "gcloud-sql-proxy.labels" . | nindent 4 }}
-spec:
-  replicas: {{ .Values.replicaCount }}
-  selector:
-    matchLabels:
-      {{- include "gcloud-sql-proxy.selectorLabels" . | nindent 6 }}
-  template:
-    metadata:
-      {{- with .Values.podAnnotations }}
-      annotations:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      labels:
-        {{- include "gcloud-sql-proxy.labels" . | nindent 8 }}
-	{{- with .Values.podLabels }}
-        {{- toYaml . | nindent 8 }}
-        {{- end }}
-    spec:
-      {{- with .Values.imagePullSecrets }}
-      imagePullSecrets:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      serviceAccountName: {{ include "gcloud-sql-proxy.serviceAccountName" . }}
-      securityContext:
-        {{- toYaml .Values.podSecurityContext | nindent 8 }}
-      containers:
-        - name: {{ .Chart.Name }}
-          securityContext:
-            {{- toYaml .Values.securityContext | nindent 12 }}
-          terminationMessagePath: /dev/termination-log
-          terminationMessagePolicy: File
-          image: "{{ .Values.image.repository }}:{{ .Chart.AppVersion }}"
-          imagePullPolicy: {{ .Values.image.pullPolicy }}
-          args:
-            - "--address"
-            - "0.0.0.0"
-            - "--structured-logs"
-            - "--auto-iam-authn"
-            - "{{ .Values.global.database.gcloud.connectionName }}"
-          env:
-            # Enable HTTP healthchecks on port 9801. This enables /liveness,
-            # /readiness and /startup health check endpoints. Allow connections
-            # listen for connections on any interface (0.0.0.0) so that the
-            # k8s management components can reach these endpoints.
-            - name: CSQL_PROXY_HEALTH_CHECK
-              value: "true"
-            - name: CSQL_PROXY_HTTP_PORT
-              value: "9801"
-            - name: CSQL_PROXY_HTTP_ADDRESS
-              value: 0.0.0.0
-          ports:
-            - name: cloud-sql-proxy
-              containerPort: {{ .Values.global.database.gcloud.proxyPort }}
-              protocol: TCP
-            - containerPort: 9801
-              protocol: TCP
-          # The /startup probe returns OK when the proxy is ready to receive
-          # connections from the application. In this example, k8s will check
-          # once a second for 60 seconds.
-          startupProbe:
-            failureThreshold: 60
-            httpGet:
-              path: /startup
-              port: 9801
-              scheme: HTTP
-            periodSeconds: 1
-            successThreshold: 1
-            timeoutSeconds: 10
-          # The /liveness probe returns OK as soon as the proxy application has
-          # begun its startup process and continues to return OK until the
-          # process stops.
-          livenessProbe:
-            failureThreshold: 3
-            httpGet:
-              path: /liveness
-              port: 9801
-              scheme: HTTP
-            # The probe will be checked every 10 seconds.
-            periodSeconds: 10
-            # Number of times the probe is allowed to fail before the transition
-            # from healthy to failure state.
-            #
-            # If periodSeconds = 60, 5 tries will result in five minutes of
-            # checks. The proxy starts to refresh a certificate five minutes
-            # before its expiration. If those five minutes lapse without a
-            # successful refresh, the liveness probe will fail and the pod will be
-            # restarted.
-            successThreshold: 1
-            # The probe will fail if it does not respond in 10 seconds
-            timeoutSeconds: 10
-          readinessProbe:
-            # The /readiness probe returns OK when the proxy can establish
-            # a new connections to its databases.
-            httpGet:
-              path: /readiness
-              port: 9801
-            initialDelaySeconds: 10
-            periodSeconds: 10
-            timeoutSeconds: 10
-            # Number of times the probe must report success to transition from failure to healthy state.
-            # Defaults to 1 for readiness probe.
-            successThreshold: 1
-            failureThreshold: 6
-          resources:
-            {{- toYaml .Values.resources | nindent 12 }}
-          {{- with .Values.volumeMounts }}
-          volumeMounts:
-            {{- toYaml . | nindent 12 }}
-          {{- end }}
-      {{- with .Values.volumes }}
-      volumes:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.nodeSelector }}
-      nodeSelector:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.affinity }}
-      affinity:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.tolerations }}
-      tolerations:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-{{- end }}

.github/helm/affine/charts/gcloud-sql-proxy/templates/service.yaml

@@ -1,17 +0,0 @@
-{{- if .Values.global.database.gcloud.enabled -}}
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ include "gcloud-sql-proxy.fullname" . }}
-  labels:
-    {{- include "gcloud-sql-proxy.labels" . | nindent 4 }}
-spec:
-  type: {{ .Values.service.type }}
-  ports:
-    - port: {{ .Values.global.database.port }}
-      targetPort: cloud-sql-proxy
-      protocol: TCP
-      name: cloud-sql-proxy
-  selector:
-    {{- include "gcloud-sql-proxy.selectorLabels" . | nindent 4 }}
-{{- end }}

.github/helm/affine/charts/gcloud-sql-proxy/templates/serviceaccount.yaml

@@ -1,15 +0,0 @@
-{{- if .Values.global.database.gcloud.enabled -}}
-{{- if .Values.serviceAccount.create -}}
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: {{ include "gcloud-sql-proxy.serviceAccountName" . }}
-  labels:
-    {{- include "gcloud-sql-proxy.labels" . | nindent 4 }}
-  {{- with .Values.serviceAccount.annotations }}
-  annotations:
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
-automountServiceAccountToken: {{ .Values.serviceAccount.automount }}
-{{- end }}
-{{- end }}

.github/helm/affine/charts/gcloud-sql-proxy/templates/tests/test-connection.yaml

@@ -1,17 +0,0 @@
-{{- if .Values.global.database.gcloud.enabled -}}
-apiVersion: v1
-kind: Pod
-metadata:
-  name: "{{ include "gcloud-sql-proxy.fullname" . }}-test-connection"
-  labels:
-    {{- include "gcloud-sql-proxy.labels" . | nindent 4 }}
-  annotations:
-    "helm.sh/hook": test
-spec:
-  containers:
-    - name: wget
-      image: busybox
-      command: ['wget']
-      args: ['{{ include "gcloud-sql-proxy.fullname" . }}:{{ .Values.service.port }}']
-  restartPolicy: Never
-{{- end }}

.github/helm/affine/charts/gcloud-sql-proxy/values.yaml

@@ -1,40 +0,0 @@
-replicaCount: 3
-
-image:
-  # the tag is defined as chart appVersion.
-  repository: gcr.io/cloud-sql-connectors/cloud-sql-proxy
-  pullPolicy: IfNotPresent
-
-imagePullSecrets: []
-nameOverride: ""
-fullnameOverride: ""
-
-serviceAccount:
-  create: true
-  automount: true
-  annotations: {}
-  name: ""
-
-podAnnotations: {}
-podLabels: {}
-
-podSecurityContext:
-  fsGroup: 2000
-
-securityContext:
-  runAsNonRoot: true
-
-service:
-  type: ClusterIP
-  port: 5432
-
-resources:
-  limits:
-    memory: "4Gi"
-    cpu: "2"
-
-volumes: []
-volumeMounts: []
-nodeSelector: {}
-tolerations: []
-affinity: {}

.github/helm/affine/charts/graphql/Chart.yaml

@@ -3,9 +3,4 @@ name: graphql
 description: AFFiNE GraphQL server
 type: application
 version: 0.0.0
-appVersion: "0.12.0"
-dependencies:
-  - name: gcloud-sql-proxy
-    version: 0.0.0
-    repository: "file://../gcloud-sql-proxy"
-    condition: .global.database.gcloud.enabled
+appVersion: '0.7.0-canary.18'

.github/helm/affine/charts/graphql/templates/deployment.yaml

@@ -73,8 +73,6 @@ spec:
             value: "{{ .Values.app.path }}"
           - name: AFFINE_SERVER_HOST
             value: "{{ .Values.app.host }}"
-          - name: AFFINE_SERVER_HTTPS
-            value: "{{ .Values.app.https }}"
           - name: ENABLE_R2_OBJECT_STORAGE
             value: "{{ .Values.app.objectStorage.r2.enabled }}"
           - name: ENABLE_CAPTCHA
@@ -138,6 +136,11 @@ spec:
               secretKeyRef:
                 name: "{{ .Values.app.objectStorage.r2.secretName }}"
                 key: secretAccessKey
+          - name: R2_OBJECT_STORAGE_BUCKET
+            valueFrom:
+              secretKeyRef:
+                name: "{{ .Values.app.objectStorage.r2.secretName }}"
+                key: bucket
           {{ end }}
           {{ if .Values.app.captcha.enabled }}
           - name: CAPTCHA_TURNSTILE_SECRET
@@ -147,8 +150,6 @@ spec:
                 key: turnstileSecret
           {{ end }}
           {{ if .Values.app.oauth.google.enabled }}
-          - name: OAUTH_GOOGLE_ENABLED
-            value: "true"
           - name: OAUTH_GOOGLE_CLIENT_ID
             valueFrom:
               secretKeyRef:
@@ -188,6 +189,20 @@ spec:
             initialDelaySeconds: {{ .Values.probe.initialDelaySeconds }}
           resources:
             {{- toYaml .Values.resources | nindent 12 }}
+        {{ if .Values.global.database.gcloud.enabled }}
+        - name: cloud-sql-proxy
+          image: gcr.io/cloud-sql-connectors/cloud-sql-proxy:2.6.0
+          args:
+            - "--structured-logs"
+            - "--auto-iam-authn"
+            - "{{ .Values.global.database.gcloud.connectionName }}"
+          securityContext:
+            runAsNonRoot: true
+          resources:
+            requests:
+              memory: "2Gi"
+              cpu: "1"
+        {{ end }}
       {{- with .Values.nodeSelector }}
       nodeSelector:
         {{- toYaml . | nindent 8 }}

.github/helm/affine/charts/graphql/templates/migration.yaml

@@ -35,23 +35,6 @@ spec:
           - name: DATABASE_URL
             value: postgres://{{ .Values.global.database.user }}:$(DATABASE_PASSWORD)@{{ .Values.global.database.gcloud.cloudSqlInternal }}:{{ .Values.global.database.port }}/{{ .Values.global.database.name }}
           {{ end }}
-          {{ if .Values.app.objectStorage.r2.enabled }}
-          - name: R2_OBJECT_STORAGE_ACCOUNT_ID
-            valueFrom:
-              secretKeyRef:
-                name: "{{ .Values.app.objectStorage.r2.secretName }}"
-                key: accountId
-          - name: R2_OBJECT_STORAGE_ACCESS_KEY_ID
-            valueFrom:
-              secretKeyRef:
-                name: "{{ .Values.app.objectStorage.r2.secretName }}"
-                key: accessKeyId
-          - name: R2_OBJECT_STORAGE_SECRET_ACCESS_KEY
-            valueFrom:
-              secretKeyRef:
-                name: "{{ .Values.app.objectStorage.r2.secretName }}"
-                key: secretAccessKey
-          {{ end }}
         resources:
           requests:
             cpu: '100m'

.github/helm/affine/charts/graphql/templates/r2-secret.yaml

@@ -8,4 +8,5 @@ data:
   accountId: {{ .Values.app.objectStorage.r2.accountId | b64enc }}
   accessKeyId: {{ .Values.app.objectStorage.r2.accessKeyId | b64enc }}
   secretAccessKey: {{ .Values.app.objectStorage.r2.secretAccessKey | b64enc }}
+  bucket: {{ .Values.app.objectStorage.r2.bucket | b64enc }}
 {{- end }}

.github/helm/affine/charts/graphql/values.yaml

@@ -16,7 +16,6 @@ app:
   path: ''
   # AFFINE_SERVER_HOST
   host: '0.0.0.0'
-  https: true
   doc:
     mergeInterval: "3000"
   jwt:
@@ -35,6 +34,7 @@ app:
       accountId: ''
       accessKeyId: ''
       secretAccessKey: ''
+      bucket: ''
   oauth:
     email:
       secretName: 'oauth-email'

.github/helm/affine/charts/sync/Chart.yaml

@@ -1,11 +1,6 @@
 apiVersion: v2
 name: sync
-description: AFFiNE Sync Server
+description: A Helm chart for Kubernetes
 type: application
 version: 0.0.0
-appVersion: "0.12.0"
-dependencies:
-  - name: gcloud-sql-proxy
-    version: 0.0.0
-    repository: "file://../gcloud-sql-proxy"
-    condition: .global.database.gcloud.enabled
+appVersion: "0.7.0-canary.18"

.github/helm/affine/charts/sync/templates/deployment.yaml

@@ -82,6 +82,20 @@ spec:
             initialDelaySeconds: {{ .Values.probe.initialDelaySeconds }}
           resources:
             {{- toYaml .Values.resources | nindent 12 }}
+        {{ if .Values.global.database.gcloud.enabled }}
+        - name: cloud-sql-proxy
+          image: gcr.io/cloud-sql-connectors/cloud-sql-proxy:2.6.0
+          args:
+            - "--structured-logs"
+            - "--auto-iam-authn"
+            - "{{ .Values.global.database.gcloud.connectionName }}"
+          securityContext:
+            runAsNonRoot: true
+          resources:
+            requests:
+              memory: "2Gi"
+              cpu:    "1"
+        {{ end }}
       {{- with .Values.nodeSelector }}
       nodeSelector:
         {{- toYaml . | nindent 8 }}

.github/helm/affine/values.yaml

@@ -16,8 +16,6 @@ global:
       cloudSqlInternal: ''
       connectionName: ''
       serviceAccount: ''
-      cloudProxyReplicas: 3
-      proxyPort: '5432'
   redis:
     enabled: true
     host: 'redis-master'

.github/helm/deployment_guide.md

@@ -0,0 +1,60 @@
+# Cluster Deployment Guide
+
+This document provides a step-by-step guide for developers on how to deploy services in a Kubernetes cluster. The following content assumes that the reader already has a basic understanding of Kubernetes concepts and operations.
+
+### 1. Configure Service Mesh (Optional)
+
+In the Kubernetes cluster, we optionally use Service Mesh (like Istio and Anthos Service Mesh) to manage the network interactions of microservices. If Service Mesh is already deployed on your cluster or do not need to use the service network, you can skip this step. In this step, we assume that you are using Google Kubernetes Engine (GKE) and have already installed Anthos Service Mesh on your cluster, if you wish to use another Ingress Controller, please refer to the relevant documentation.
+
+To configure your kubectl context to interact with your Kubernetes cluster using the gcloud tool, you need to execute the following commands:
+
+```sh
+export CLUSTER_NAME=your_cluster_name
+export REGION=your_cluster_region
+export PROJECT=your_project_id
+gcloud container clusters get-credentials $CLUSTER_NAME --region $REGION --project $PROJECT
+```
+
+In this command, you should replace `CLUSTER_NAME`, `REGION` and `PROJECT` with the actual name, region and project id of your Kubernetes cluster. This command retrieves the access credentials for your Kubernetes cluster and automatically configures kubectl to use these credentials.
+
+Now, to inject Service Mesh for a specific Namespace, first, set the environment variable `NAMESPACE` that should correspond to your target Kubernetes Namespace. In this example, we use `prod` as the target Namespace:
+
+```sh
+export NAMESPACE=prod
+```
+
+Then, we label the Namespace which will enable Istio to automatically inject the sidecar container for all new Pods under this Namespace:
+
+```sh
+kubectl label namespace $NAMESPACE istio-injection- istio.io/rev=asm-managed --overwrite
+```
+
+Finally, we trigger the Kubernetes Deployment restart mechanism to allow existing Pods to also obtain sidecar container injection:
+
+```sh
+kubectl rollout restart deployment -n $NAMESPACE
+```
+
+### 2. Deploying the Application
+
+Next, we will deploy our application in the Kubernetes cluster through Helm. First, set relevant environment variables:
+
+```sh
+export NAMESPACE=prod
+export RELEASE=affine-cloud-prod
+export PATH=.github/helm/affine-cloud
+```
+
+- `NAMESPACE` should be consistent with the first step, indicating your target Kubernetes Namespace.
+- `RELEASE` is the name of your Helm release.
+- `PATH` is the location of your Helm chart in your file system.
+
+Finally, use the `helm upgrade --install` command to deploy or upgrade your application:
+
+```sh
+helm upgrade --namespace $NAMESPACE --create-namespace --install $RELEASE $PATH
+```
+
+This command creates (if it doesn't already exist) and deploys your Helm chart in the specified Namespace. If the release already exists, it will be upgraded.
+
+The above are the complete steps for deploying an application in a Kubernetes cluster. Make sure all prerequisites are met before deploying, and also ensure that you have the correct permissions for operations in Kubernetes.

.github/labeler.yml

@@ -19,11 +19,26 @@ mod:dev:
           - 'tools/cli/**/*'
           - 'packages/common/debug/**/*'
 
+mod:plugin:
+  - changed-files:
+      - any-glob-to-any-file:
+          - 'packages/plugins/**/*'
+
+plugin:copilot:
+  - changed-files:
+      - any-glob-to-any-file:
+          - 'packages/plugins/copilot/**/*'
+
 mod:infra:
   - changed-files:
       - any-glob-to-any-file:
           - 'packages/common/infra/**/*'
 
+mod:sdk:
+  - changed-files:
+      - any-glob-to-any-file:
+          - 'packages/common/sdk/**/*'
+
 mod:plugin-cli:
   - changed-files:
       - any-glob-to-any-file:
@@ -32,12 +47,7 @@ mod:plugin-cli:
 mod:workspace:
   - changed-files:
       - any-glob-to-any-file:
-          - 'packages/common/workspace/**/*'
-
-mod:workspace-impl:
-  - changed-files:
-      - any-glob-to-any-file:
-          - 'packages/frontend/workspace-impl/**/*'
+          - 'packages/frontend/workspace/**/*'
 
 mod:i18n:
   - changed-files:
@@ -49,6 +59,11 @@ mod:env:
       - any-glob-to-any-file:
           - 'packages/common/env/**/*'
 
+mod:hooks:
+  - changed-files:
+      - any-glob-to-any-file:
+          - 'packages/frontend/hooks/**/*'
+
 mod:component:
   - changed-files:
       - any-glob-to-any-file:

.github/renovate.json

@@ -1,35 +1,27 @@
 {
   "$schema": "https://docs.renovatebot.com/renovate-schema.json",
-  "extends": ["config:recommended", ":disablePeerDependencies"],
-  "labels": ["dependencies"],
-  "ignorePaths": [
-    "**/node_modules/**",
-    "**/bower_components/**",
-    "**/vendor/**",
-    "**/examples/**",
-    "**/__tests__/**",
-    "**/test/**",
-    "**/__fixtures__/**"
+  "extends": [
+    "config:base",
+    "group:allNonMajor",
+    ":preserveSemverRanges",
+    ":disablePeerDependencies"
   ],
+  "labels": ["dependencies"],
   "packageRules": [
     {
       "matchPackageNames": ["napi", "napi-build", "napi-derive"],
-      "rangeStrategy": "replace",
       "groupName": "napi-rs"
     },
     {
       "matchPackagePatterns": ["^eslint", "^@typescript-eslint"],
-      "rangeStrategy": "replace",
       "groupName": "linter"
     },
     {
       "matchPackagePatterns": ["^@nestjs"],
-      "rangeStrategy": "replace",
       "groupName": "nestjs"
     },
     {
       "matchPackagePatterns": ["^@opentelemetry"],
-      "rangeStrategy": "replace",
       "groupName": "opentelemetry"
     },
     {
@@ -38,32 +30,16 @@
         "@prisma/instrumentation",
         "prisma"
       ],
-      "rangeStrategy": "replace",
       "groupName": "prisma"
     },
     {
       "matchPackagePatterns": ["^@electron-forge"],
-      "rangeStrategy": "replace",
       "groupName": "electron-forge"
     },
     {
-      "groupName": "blocksuite-nightly",
       "matchPackagePatterns": ["^@blocksuite"],
       "excludePackageNames": ["@blocksuite/icons"],
-      "rangeStrategy": "replace",
       "followTag": "nightly"
-    },
-    {
-      "groupName": "all non-major dependencies",
-      "groupSlug": "all-minor-patch",
-      "matchPackagePatterns": ["*"],
-      "excludePackagePatterns": ["^@blocksuite/"],
-      "matchUpdateTypes": ["minor", "patch"]
-    },
-    {
-      "matchPackagePatterns": ["*"],
-      "rangeStrategy": "replace",
-      "excludePackagePatterns": ["^@blocksuite/"]
     }
   ],
   "commitMessagePrefix": "chore: ",

.github/workflows/build-test.yml

@@ -19,7 +19,6 @@ env:
   MACOSX_DEPLOYMENT_TARGET: '10.13'
   NX_CLOUD_ACCESS_TOKEN: ${{ secrets.NX_CLOUD_ACCESS_TOKEN }}
   PLAYWRIGHT_BROWSERS_PATH: ${{ github.workspace }}/node_modules/.cache/ms-playwright
-  DISABLE_TELEMETRY: true
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
@@ -46,7 +45,7 @@ jobs:
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@v3
+        uses: github/codeql-action/init@v2
         with:
           languages: ${{ matrix.language }}
           # If you wish to specify custom queries, you can do so here or in a config file.
@@ -59,7 +58,7 @@ jobs:
       # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@v3
+        uses: github/codeql-action/autobuild@v2
 
       # ℹ️ Command-line programs to run using the OS shell.
       # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
@@ -72,7 +71,7 @@ jobs:
       #   ./location_of_script_within_repo/buildscript.sh
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v3
+        uses: github/codeql-action/analyze@v2
   lint:
     name: Lint
     runs-on: ubuntu-latest
@@ -81,7 +80,7 @@ jobs:
       - uses: actions/checkout@v4
       - name: Run oxlint
         # oxlint is fast, so wrong code will fail quickly
-        run: yarn dlx $(node -e "console.log(require('./package.json').scripts['lint:ox'].replace('oxlint', 'oxlint@' + require('./package.json').devDependencies.oxlint))")
+        run: yarn dlx $(node -e "console.log(require('./package.json').scripts['lint:ox'])")
       - name: Setup Node.js
         uses: ./.github/actions/setup-node
         with:
@@ -96,8 +95,6 @@ jobs:
         run: |
           git checkout .yarnrc.yml
           yarn lint:prettier
-      - name: Yarn Dedupe
-        run: yarn dedupe --check
       - name: Run Type Check
         run: yarn typecheck
 
@@ -111,6 +108,44 @@ jobs:
           yarn set version $(node -e "console.log(require('./package.json').packageManager.split('@')[1])")
           git diff --exit-code
 
+  e2e-plugin-test:
+    name: E2E Plugin Test
+    runs-on: ubuntu-latest
+    env:
+      DISTRIBUTION: browser
+    steps:
+      - uses: actions/checkout@v4
+      - name: Setup Node.js
+        uses: ./.github/actions/setup-node
+        with:
+          playwright-install: true
+          electron-install: false
+          full-cache: true
+      - name: Run playwright tests
+        run: yarn e2e --forbid-only
+        working-directory: tests/affine-plugin
+        env:
+          COVERAGE: true
+      - name: Collect code coverage report
+        run: yarn exec nyc report -t .nyc_output --report-dir .coverage --reporter=lcov
+
+      - name: Upload e2e test coverage results
+        uses: codecov/codecov-action@v3
+        with:
+          token: ${{ secrets.CODECOV_TOKEN }}
+          files: ./.coverage/lcov.info
+          flags: e2e-plugin-test
+          name: affine
+          fail_ci_if_error: false
+
+      - name: Upload test results
+        if: ${{ failure() }}
+        uses: actions/upload-artifact@v3
+        with:
+          name: test-results-e2e-plugin
+          path: ./test-results
+          if-no-files-found: ignore
+
   e2e-test:
     name: E2E Test
     runs-on: ubuntu-latest
@@ -134,7 +169,7 @@ jobs:
 
       - name: Upload test results
         if: ${{ failure() }}
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v3
         with:
           name: test-results-e2e-${{ matrix.shard }}
           path: ./test-results
@@ -159,7 +194,7 @@ jobs:
 
       - name: Upload test results
         if: ${{ failure() }}
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v3
         with:
           name: test-results-e2e-migration
           path: ./tests/affine-migration/test-results
@@ -181,7 +216,7 @@ jobs:
           full-cache: true
 
       - name: Download affine.linux-x64-gnu.node
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v3
         with:
           name: affine.linux-x64-gnu.node
           path: ./packages/frontend/native
@@ -219,6 +254,8 @@ jobs:
         with:
           extra-flags: workspaces focus @affine/native
           electron-install: false
+          build-infra: false
+          build-plugins: false
       - name: Setup filename
         id: filename
         shell: bash
@@ -232,7 +269,7 @@ jobs:
           package: '@affine/native'
           nx_token: ${{ secrets.NX_CLOUD_ACCESS_TOKEN }}
       - name: Upload ${{ steps.filename.outputs.filename }}
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v3
         with:
           name: ${{ steps.filename.outputs.filename }}
           path: ./packages/frontend/native/${{ steps.filename.outputs.filename }}
@@ -250,6 +287,8 @@ jobs:
         with:
           extra-flags: workspaces focus @affine/storage
           electron-install: false
+          build-infra: false
+          build-plugins: false
       - name: Build Rust
         uses: ./.github/actions/build-rust
         with:
@@ -257,7 +296,7 @@ jobs:
           package: '@affine/storage'
           nx_token: ${{ secrets.NX_CLOUD_ACCESS_TOKEN }}
       - name: Upload storage.node
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v3
         with:
           name: storage.node
           path: ./packages/backend/storage/storage.node
@@ -273,6 +312,7 @@ jobs:
         uses: ./.github/actions/setup-node
         with:
           electron-install: false
+          build-plugins: false
           full-cache: true
       - name: Build Core
         # always skip cache because its fast, and cache configuration is always changing
@@ -280,7 +320,7 @@ jobs:
       - name: zip core
         run: tar -czf dist.tar.gz --directory=packages/frontend/core/dist .
       - name: Upload core artifact
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v3
         with:
           name: core
           path: dist.tar.gz
@@ -318,12 +358,6 @@ jobs:
           electron-install: false
           full-cache: true
 
-      - name: Download storage.node
-        uses: actions/download-artifact@v4
-        with:
-          name: storage.node
-          path: ./packages/backend/server
-
       - name: Initialize database
         run: |
           psql -h localhost -U postgres -c "CREATE DATABASE affine;"
@@ -340,12 +374,16 @@ jobs:
           DATABASE_URL: postgresql://affine:affine@localhost:5432/affine
 
       - name: Run init-db script
-        run: |
-          yarn workspace @affine/server data-migration run
-          yarn workspace @affine/server exec node --loader ts-node/esm/transpile-only ./scripts/init-db.ts
+        run: yarn workspace @affine/server exec node --loader ts-node/esm/transpile-only ./scripts/init-db.ts
         env:
           DATABASE_URL: postgresql://affine:affine@localhost:5432/affine
 
+      - name: Download storage.node
+        uses: actions/download-artifact@v3
+        with:
+          name: storage.node
+          path: ./packages/backend/server
+
       - name: Run server tests
         run: yarn workspace @affine/server test:coverage
         env:
@@ -410,18 +448,6 @@ jobs:
           playwright-install: true
           hard-link-nm: false
 
-      - name: Download storage.node
-        uses: actions/download-artifact@v4
-        with:
-          name: storage.node
-          path: ./packages/backend/server
-
-      - name: Download affine.linux-x64-gnu.node
-        uses: actions/download-artifact@v4
-        with:
-          name: affine.linux-x64-gnu.node
-          path: ./packages/frontend/native
-
       - name: Initialize database
         run: |
           psql -h localhost -U postgres -c "CREATE DATABASE affine;"
@@ -438,9 +464,18 @@ jobs:
           DATABASE_URL: postgresql://affine:affine@localhost:5432/affine
 
       - name: Run init-db script
-        run: |
-          yarn workspace @affine/server data-migration run
-          yarn workspace @affine/server exec node --loader ts-node/esm/transpile-only ./scripts/init-db.ts
+        run: yarn workspace @affine/server exec node --loader ts-node/esm/transpile-only ./scripts/init-db.ts
+      - name: Download storage.node
+        uses: actions/download-artifact@v3
+        with:
+          name: storage.node
+          path: ./packages/backend/server
+
+      - name: Download affine.linux-x64-gnu.node
+        uses: actions/download-artifact@v3
+        with:
+          name: affine.linux-x64-gnu.node
+          path: ./packages/frontend/native
 
       - name: ${{ matrix.tests.name }}
         run: |
@@ -451,7 +486,7 @@ jobs:
 
       - name: Upload test results
         if: ${{ failure() }}
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v3
         with:
           name: test-results-e2e-server
           path: ./tests/affine-cloud/test-results
@@ -515,7 +550,7 @@ jobs:
           echo "filename=affine.$PLATFORM_ARCH_ABI.node" >> "$GITHUB_OUTPUT"
 
       - name: Download ${{ steps.filename.outputs.filename }}
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v3
         with:
           name: ${{ steps.filename.outputs.filename }}
           path: ./packages/frontend/native
@@ -523,7 +558,8 @@ jobs:
       - name: Run unit tests
         if: ${{ matrix.spec.test }}
         shell: bash
-        run: yarn workspace @affine/electron vitest
+        run: yarn vitest
+        working-directory: packages/frontend/electron
 
       - name: Download core artifact
         uses: ./.github/actions/download-core
@@ -556,7 +592,7 @@ jobs:
 
       - name: Upload test results
         if: ${{ failure() }}
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v3
         with:
           name: test-results-e2e-${{ matrix.spec.os }}-${{ matrix.spec.arch }}
           path: ./test-results

.github/workflows/deploy-automatically.yml

@@ -1,27 +0,0 @@
-name: Deploy Automatically
-
-on:
-  push:
-    tags:
-      - 'v[0-9]+.[0-9]+.[0-9]+-canary.[0-9]+'
-  schedule:
-    - cron: '0 9 * * *'
-
-jobs:
-  dispatch-deploy:
-    runs-on: ubuntu-latest
-    name: Setup Deploy
-    steps:
-      - name: dispatch deploy by tag
-        if: ${{ github.event_name == 'push' }}
-        uses: benc-uk/workflow-dispatch@v1
-        with:
-          workflow: deploy.yml
-          inputs: '{ "flavor": "canary" }'
-      - name: dispatch deploy by schedule
-        if: ${{ github.event_name == 'schedule' }}
-        uses: benc-uk/workflow-dispatch@v1
-        with:
-          workflow: deploy.yml
-          inputs: '{ "flavor": "canary" }'
-          ref: canary

.github/workflows/deploy.yml

@@ -4,14 +4,10 @@ on:
   workflow_dispatch:
     inputs:
       flavor:
-        description: 'Select what enverionment to deploy to'
-        type: choice
+        description: 'Build type (canary, beta, or stable)'
+        type: string
         default: canary
-        options:
-          - canary
-          - beta
-          - stable
-          - internal
+
 env:
   APP_NAME: affine
   NX_CLOUD_ACCESS_TOKEN: ${{ secrets.NX_CLOUD_ACCESS_TOKEN }}
@@ -22,18 +18,14 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
-      - name: Setup Version
-        id: version
-        uses: ./.github/actions/setup-version
       - name: Setup Node.js
         uses: ./.github/actions/setup-node
         with:
           electron-install: false
-          extra-flags: workspaces focus @affine/server
       - name: Build Server
         run: yarn workspace @affine/server build
       - name: Upload server dist
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v3
         with:
           name: server-dist
           path: ./packages/backend/server/dist
@@ -44,11 +36,10 @@ jobs:
     environment: ${{ github.event.inputs.flavor }}
     steps:
       - uses: actions/checkout@v4
-      - name: Setup Version
-        id: version
-        uses: ./.github/actions/setup-version
       - name: Setup Node.js
         uses: ./.github/actions/setup-node
+      - name: Build Plugins
+        run: yarn run build:plugins
       - name: Build Core
         run: yarn nx build @affine/core --skip-nx-cache
         env:
@@ -63,73 +54,52 @@ jobs:
           SENTRY_PROJECT: ${{ secrets.SENTRY_PROJECT }}
           SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
           SENTRY_DSN: ${{ secrets.SENTRY_DSN }}
-          PERFSEE_TOKEN: ${{ secrets.PERFSEE_TOKEN }}
       - name: Upload core artifact
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v3
         with:
           name: core
           path: ./packages/frontend/core/dist
           if-no-files-found: error
 
-  build-core-selfhost:
-    name: Build @affine/core
-    runs-on: ubuntu-latest
-    environment: ${{ github.event.inputs.flavor }}
-    steps:
-      - uses: actions/checkout@v4
-      - name: Setup Version
-        id: version
-        uses: ./.github/actions/setup-version
-      - name: Setup Node.js
-        uses: ./.github/actions/setup-node
-      - name: Build Core
-        run: yarn nx build @affine/core --skip-nx-cache
-        env:
-          BUILD_TYPE: ${{ github.event.inputs.flavor }}
-          SHOULD_REPORT_TRACE: false
-          PUBLIC_PATH: '/'
-      - name: Download selfhost fonts
-        run: node ./scripts/download-blocksuite-fonts.mjs
-      - name: Upload core artifact
-        uses: actions/upload-artifact@v4
-        with:
-          name: selfhost-core
-          path: ./packages/frontend/core/dist
-          if-no-files-found: error
-
   build-storage:
-    name: Build Storage - ${{ matrix.targets.name }}
+    name: Build Storage
     runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        targets:
-          - name: x86_64-unknown-linux-gnu
-            file: storage.node
-          - name: aarch64-unknown-linux-gnu
-            file: storage.arm64.node
-          - name: armv7-unknown-linux-gnueabihf
-            file: storage.armv7.node
 
     steps:
       - uses: actions/checkout@v4
-      - name: Setup Version
-        id: version
-        uses: ./.github/actions/setup-version
       - name: Setup Node.js
         uses: ./.github/actions/setup-node
-        with:
-          electron-install: false
-          extra-flags: workspaces focus @affine/storage
-      - name: Build Rust
+      - name: Setup Rust
         uses: ./.github/actions/build-rust
         with:
-          target: ${{ matrix.targets.name }}
+          target: 'x86_64-unknown-linux-gnu'
           package: '@affine/storage'
           nx_token: ${{ secrets.NX_CLOUD_ACCESS_TOKEN }}
-      - name: Upload ${{ matrix.targets.file }}
-        uses: actions/upload-artifact@v4
+      - name: Upload storage.node
+        uses: actions/upload-artifact@v3
         with:
-          name: ${{ matrix.targets.file }}
+          name: storage.node
+          path: ./packages/backend/storage/storage.node
+          if-no-files-found: error
+
+  build-storage-arm64:
+    name: Build Storage arm64
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+      - name: Setup Node.js
+        uses: ./.github/actions/setup-node
+      - name: Setup Rust
+        uses: ./.github/actions/build-rust
+        with:
+          target: 'aarch64-unknown-linux-gnu'
+          package: '@affine/storage'
+          nx_token: ${{ secrets.NX_CLOUD_ACCESS_TOKEN }}
+      - name: Upload storage.node
+        uses: actions/upload-artifact@v3
+        with:
+          name: storage.arm64.node
           path: ./packages/backend/storage/storage.node
           if-no-files-found: error
 
@@ -139,39 +109,32 @@ jobs:
     needs:
       - build-server
       - build-core
-      - build-core-selfhost
       - build-storage
+      - build-storage-arm64
     steps:
       - uses: actions/checkout@v4
       - name: Download core artifact
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v3
         with:
           name: core
           path: ./packages/frontend/core/dist
       - name: Download server dist
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v3
         with:
           name: server-dist
           path: ./packages/backend/server/dist
       - name: Download storage.node
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v3
         with:
           name: storage.node
           path: ./packages/backend/server
       - name: Download storage.node arm64
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v3
         with:
           name: storage.arm64.node
           path: ./packages/backend/storage
-      - name: Download storage.node arm64
-        uses: actions/download-artifact@v4
-        with:
-          name: storage.armv7.node
-          path: .
-      - name: move storage files
-        run: |
-          mv ./packages/backend/storage/storage.node ./packages/backend/server/storage.arm64.node
-          mv storage.node ./packages/backend/server/storage.armv7.node
+      - name: move storage.arm64.node
+        run: mv ./packages/backend/storage/storage.node ./packages/backend/server/storage.arm64.node
       - name: Setup env
         run: |
           echo "GIT_SHORT_HASH=$(git rev-parse --short HEAD)" >> "$GITHUB_ENV"
@@ -213,19 +176,9 @@ jobs:
           registry-url: https://npm.pkg.github.com
           scope: '@toeverything'
 
-      - name: Remove core dist
-        run: rm -rf ./packages/frontend/core/dist
-
-      - name: Download selfhost core artifact
-        uses: actions/download-artifact@v4
-        with:
-          name: selfhost-core
-          path: ./packages/frontend/core/dist
-
       - name: Install Node.js dependencies
         run: |
-          yarn config set --json supportedArchitectures.cpu '["x64", "arm64", "arm"]'
-          yarn config set --json supportedArchitectures.libc '["glibc"]'
+          yarn config set --json supportedArchitectures.cpu '["x64", "arm64"]'
           yarn workspaces focus @affine/server --production
 
       - name: Generate Prisma client
@@ -237,7 +190,7 @@ jobs:
           context: .
           push: true
           pull: true
-          platforms: linux/amd64,linux/arm64,linux/arm/v7
+          platforms: linux/amd64,linux/arm64
           provenance: true
           file: .github/deployment/node/Dockerfile
           tags: ghcr.io/toeverything/affine-graphql:${{env.RELEASE_FLAVOR}}-${{ env.GIT_SHORT_HASH }},ghcr.io/toeverything/affine-graphql:${{env.RELEASE_FLAVOR}}
@@ -254,9 +207,6 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
-      - name: Setup Version
-        id: version
-        uses: ./.github/actions/setup-version
       - name: Deploy to ${{ github.event.inputs.flavor }}
         uses: ./.github/actions/deploy
         with:
@@ -267,12 +217,12 @@ jobs:
           cluster-name: ${{ secrets.GCP_CLUSTER_NAME }}
           cluster-location: ${{ secrets.GCP_CLUSTER_LOCATION }}
         env:
-          APP_VERSION: ${{ steps.version.outputs.APP_VERSION }}
           DEPLOY_HOST: ${{ secrets.DEPLOY_HOST }}
           CANARY_DEPLOY_HOST: ${{ secrets.CANARY_DEPLOY_HOST }}
           R2_ACCOUNT_ID: ${{ secrets.R2_ACCOUNT_ID }}
           R2_ACCESS_KEY_ID: ${{ secrets.R2_ACCESS_KEY_ID }}
           R2_SECRET_ACCESS_KEY: ${{ secrets.R2_SECRET_ACCESS_KEY }}
+          R2_BUCKET: ${{ secrets.R2_BUCKET }}
           ENABLE_CAPTCHA: true
           CAPTCHA_TURNSTILE_SECRET: ${{ secrets.CAPTCHA_TURNSTILE_SECRET }}
           OAUTH_EMAIL_SENDER: ${{ secrets.OAUTH_EMAIL_SENDER }}
@@ -292,4 +242,3 @@ jobs:
           CLOUD_SQL_IAM_ACCOUNT: ${{ secrets.CLOUD_SQL_IAM_ACCOUNT }}
           STRIPE_API_KEY: ${{ secrets.STRIPE_API_KEY }}
           STRIPE_WEBHOOK_KEY: ${{ secrets.STRIPE_WEBHOOK_KEY }}
-          STATIC_IP_NAME: ${{ secrets.STATIC_IP_NAME }}

.github/workflows/dispatch-deploy.yml

@@ -0,0 +1,30 @@
+name: Dispatch Deploy by tag
+
+on:
+  push:
+    tags:
+      - 'v[0-9]+.[0-9]+.[0-9]+-canary.[0-9]+'
+
+jobs:
+  dispatch-deploy-by-tag:
+    runs-on: ubuntu-latest
+    name: Setup deploy environment
+    steps:
+      - uses: actions/checkout@v4
+      - name: Setup Node.js
+        uses: ./.github/actions/setup-node
+        with:
+          extra-flags: 'workspaces focus @affine/monorepo'
+          hard-link-nm: false
+          electron-install: false
+          build-infra: false
+          build-plugins: false
+      - name: Setup output value
+        id: flavor
+        run: |
+          node -e "const env = require('semver').parse('${{ github.ref_name }}').prerelease[0] ?? 'stable'; console.log(`flavor=${env}`)" >> "$GITHUB_OUTPUT"
+      - name: dispatch deploy
+        uses: benc-uk/workflow-dispatch@v1
+        with:
+          workflow: deploy.yml
+          inputs: '{ "flavor": "${{ steps.flavor.outputs.flavor }}" }'

.github/workflows/nightly-build.yml

@@ -0,0 +1,252 @@
+name: Build Canary Desktop App on Staging Branch
+
+on:
+  workflow_dispatch:
+    inputs:
+      channel_override:
+        description: 'channel type (canary, beta, or stable)'
+        type: choice
+        default: beta
+        options:
+          - canary
+          - beta
+          - stable
+  push:
+    branches:
+      # 0.6.x-staging
+      - v[0-9]+.[0-9]+.x-staging
+      # 0.6.1-staging
+      - v[0-9]+.[0-9]+.[0-9]+-staging
+    paths-ignore:
+      - README.md
+      - .github/**
+      - '!.github/workflows/nightly-build.yml'
+      - '!.github/actions/build-rust/action.yml'
+      - '!.github/actions/setup-node/action.yml'
+
+permissions:
+  actions: write
+  contents: write
+  security-events: write
+
+concurrency:
+  # The concurrency group contains the workflow name and the branch name for
+  # pull requests or the commit hash for any other events.
+  group: ${{ github.workflow }}-${{ github.event_name == 'pull_request' && github.head_ref || github.sha }}
+  cancel-in-progress: true
+
+env:
+  # BUILD_TYPE => app icon, app name, etc
+  BUILD_TYPE: internal
+  # BUILD_TYPE_OVERRIDE => channel type (canary, beta, or stable) - get the channel type (the api configs)
+  BUILD_TYPE_OVERRIDE: ${{ github.event.inputs.channel_override || 'beta' }}
+
+jobs:
+  set-build-version:
+    runs-on: ubuntu-latest
+    outputs:
+      version: 0.0.0-internal.${{ steps.version.outputs.version }}
+    steps:
+      - uses: actions/checkout@v4
+      - uses: toeverything/set-build-version@latest
+      - id: version
+        run: echo ::set-output name=version::${{ env.BUILD_VERSION }}
+
+  before-make:
+    runs-on: ubuntu-latest
+    needs:
+      - set-build-version
+    steps:
+      - uses: actions/checkout@v4
+      - name: Setup Node.js
+        uses: ./.github/actions/setup-node
+      - name: Setup @sentry/cli
+        uses: ./.github/actions/setup-sentry
+      - name: Replace Version
+        run: ./scripts/set-version.sh ${{ needs.set-build-version.outputs.version }}
+      - name: generate-assets
+        run: yarn workspace @affine/electron generate-assets
+        env:
+          SENTRY_ORG: ${{ secrets.SENTRY_ORG }}
+          SENTRY_PROJECT: ${{ secrets.SENTRY_PROJECT }}
+          SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
+          SENTRY_DSN: ${{ secrets.SENTRY_DSN }}
+          RELEASE_VERSION: ${{ needs.set-build-version.outputs.version }}
+          SKIP_PLUGIN_BUILD: 'true'
+          SKIP_NX_CACHE: 'true'
+
+      - name: Upload core artifact
+        uses: actions/upload-artifact@v3
+        with:
+          name: core
+          path: packages/frontend/electron/resources/web-static
+
+  make-distribution:
+    strategy:
+      # all combinations: macos-latest x64, macos-latest arm64, ubuntu-latest x64
+      # For windows, we need a separate approach
+      matrix:
+        spec:
+          - runner: macos-latest
+            platform: darwin
+            arch: x64
+            target: x86_64-apple-darwin
+          - runner: macos-latest
+            platform: darwin
+            arch: arm64
+            target: aarch64-apple-darwin
+          - runner: ubuntu-latest
+            platform: linux
+            arch: x64
+            target: x86_64-unknown-linux-gnu
+          - runner: windows-latest
+            platform: win32
+            arch: x64
+            target: x86_64-pc-windows-msvc
+    runs-on: ${{ matrix.spec.runner }}
+    needs:
+      - before-make
+      - set-build-version
+    env:
+      APPLE_ID: ${{ secrets.APPLE_ID }}
+      APPLE_PASSWORD: ${{ secrets.APPLE_PASSWORD }}
+      APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
+      SKIP_GENERATE_ASSETS: 1
+    steps:
+      - uses: actions/checkout@v4
+      - name: Setup Node.js
+        timeout-minutes: 10
+        if: ${{ matrix.spec.platform == 'darwin' }}
+        uses: ./.github/actions/setup-node
+        with:
+          extra-flags: workspaces focus @affine/electron @affine/monorepo
+          hard-link-nm: false
+          build-plugins: false
+          nmHoistingLimits: workspaces
+          enableScripts: false
+      - name: Setup Node.js
+        timeout-minutes: 10
+        if: ${{ matrix.spec.platform != 'darwin' }}
+        uses: ./.github/actions/setup-node
+        with:
+          extra-flags: workspaces focus @affine/electron @affine/monorepo
+          hard-link-nm: false
+          build-plugins: false
+          nmHoistingLimits: workspaces
+      - name: Build AFFiNE native
+        uses: ./.github/actions/build-rust
+        with:
+          target: ${{ matrix.spec.target }}
+          package: '@affine/native'
+          nx_token: ${{ secrets.NX_CLOUD_ACCESS_TOKEN }}
+      - name: Replace Version
+        run: ./scripts/set-version.sh ${{ needs.set-build-version.outputs.version }}
+      - uses: actions/download-artifact@v3
+        with:
+          name: core
+          path: packages/frontend/electron/resources/web-static
+
+      - name: Build Plugins
+        run: yarn run build:plugins
+
+      - name: Build Desktop Layers
+        run: yarn workspace @affine/electron build
+
+      - name: Signing By Apple Developer ID
+        if: ${{ matrix.spec.platform == 'darwin' }}
+        uses: apple-actions/import-codesign-certs@v2
+        with:
+          p12-file-base64: ${{ secrets.CERTIFICATES_P12 }}
+          p12-password: ${{ secrets.CERTIFICATES_P12_PASSWORD }}
+
+      - name: make
+        run: yarn workspace @affine/electron make --platform=${{ matrix.spec.platform }} --arch=${{ matrix.spec.arch }}
+        env:
+          SKIP_PLUGIN_BUILD: 1
+          SKIP_WEB_BUILD: 1
+          HOIST_NODE_MODULES: 1
+
+      - name: Save artifacts (mac)
+        if: ${{ matrix.spec.platform == 'darwin' }}
+        run: |
+          mkdir -p builds
+          mv packages/frontend/electron/out/*/make/*.dmg ./builds/affine-${{ env.BUILD_TYPE }}-macos-${{ matrix.spec.arch }}.dmg
+          mv packages/frontend/electron/out/*/make/zip/darwin/${{ matrix.spec.arch }}/*.zip ./builds/affine-${{ env.BUILD_TYPE }}-macos-${{ matrix.spec.arch }}.zip
+      - name: Save artifacts (windows)
+        if: ${{ matrix.spec.platform == 'win32' }}
+        run: |
+          mkdir -p builds
+          mv packages/frontend/electron/out/*/make/zip/win32/x64/AFFiNE*-win32-x64-*.zip ./builds/affine-${{ env.BUILD_TYPE }}-windows-x64.zip
+          mv packages/frontend/electron/out/*/make/squirrel.windows/x64/*.exe ./builds/affine-${{ env.BUILD_TYPE }}-windows-x64.exe
+          mv packages/frontend/electron/out/*/make/squirrel.windows/x64/*.msi ./builds/affine-${{ env.BUILD_TYPE }}-windows-x64.msi
+          mv packages/frontend/electron/out/*/make/squirrel.windows/x64/*.nupkg ./builds/affine-${{ env.BUILD_TYPE }}-windows-x64.nupkg
+
+      - name: Save artifacts (linux)
+        if: ${{ matrix.spec.platform == 'linux' }}
+        run: |
+          mkdir -p builds
+          mv packages/frontend/electron/out/*/make/zip/linux/x64/*.zip ./builds/affine-${{ env.BUILD_TYPE }}-linux-x64.zip
+          mv packages/frontend/electron/out/*/make/AppImage/x64/*.AppImage ./builds/affine-${{ env.BUILD_TYPE }}-linux-x64.AppImage
+
+      - name: Upload Artifact
+        uses: actions/upload-artifact@v3
+        with:
+          name: affine-${{ matrix.spec.platform }}-${{ matrix.spec.arch }}-builds
+          path: builds
+
+  release:
+    needs:
+      - make-distribution
+      - set-build-version
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+      - name: Download Artifacts (macos-x64)
+        uses: actions/download-artifact@v3
+        with:
+          name: affine-darwin-x64-builds
+          path: ./
+      - name: Download Artifacts (macos-arm64)
+        uses: actions/download-artifact@v3
+        with:
+          name: affine-darwin-arm64-builds
+          path: ./
+      - name: Download Artifacts (windows-x64)
+        uses: actions/download-artifact@v3
+        with:
+          name: affine-win32-x64-builds
+          path: ./
+      - name: Download Artifacts (linux-x64)
+        uses: actions/download-artifact@v3
+        with:
+          name: affine-linux-x64-builds
+          path: ./
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: 18
+      - name: Generate Release yml
+        run: |
+          node ./packages/frontend/electron/scripts/generate-yml.js
+        env:
+          RELEASE_VERSION: ${{ needs.set-build-version.outputs.version }}
+      - name: Create Release Draft
+        uses: softprops/action-gh-release@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.RELEASE_TOKEN }}
+        with:
+          repository: 'toeverything/AFFiNE-Releases'
+          name: ${{ needs.set-build-version.outputs.version }}
+          tag_name: ${{ needs.set-build-version.outputs.version }}
+          prerelease: true
+          files: |
+            ./VERSION
+            ./*.zip
+            ./*.dmg
+            ./*.exe
+            ./*.nupkg
+            ./RELEASES
+            ./*.AppImage
+            ./*.apk
+            ./*.yml

.github/workflows/publish-storybook.yml

@@ -32,6 +32,8 @@ jobs:
         uses: ./.github/actions/setup-node
         with:
           electron-install: false
+      - name: Build Plugins
+        run: yarn run build:plugins
       - uses: chromaui/action-next@v1
         with:
           workingDir: tests/storybook
@@ -42,7 +44,7 @@ jobs:
         env:
           CHROMATIC_PROJECT_TOKEN: ${{ secrets.CHROMATIC_PROJECT_TOKEN }}
           NODE_OPTIONS: ${{ env.NODE_OPTIONS }}
-      - uses: actions/upload-artifact@v4
+      - uses: actions/upload-artifact@v3
         if: always()
         with:
           name: chromatic-build-artifacts-${{ github.run_id }}

.github/workflows/publish-ui-storybook.yml

@@ -1,51 +0,0 @@
-name: Publish UI Storybook
-
-env:
-  NODE_OPTIONS: --max-old-space-size=4096
-
-on:
-  workflow_dispatch:
-  push:
-    branches:
-      - canary
-  pull_request:
-    branches:
-      - canary
-    paths-ignore:
-      - README.md
-      - .github/**
-      - packages/backend/server
-      - packages/frontend/electron
-      - '!.github/workflows/publish-storybook.yml'
-
-jobs:
-  publish-ui-storybook:
-    name: Publish UI Storybook
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-        with:
-          ref: ${{ github.event.pull_request.merge_commit_sha }}
-          # This is required to fetch all commits for chromatic
-          fetch-depth: 0
-      - name: Setup Node.js
-        uses: ./.github/actions/setup-node
-        with:
-          electron-install: false
-      - uses: chromaui/action-next@v1
-        with:
-          workingDir: packages/frontend/component
-          buildScriptName: build:storybook
-          exitOnceUploaded: true
-          onlyChanged: false
-          diagnostics: true
-        env:
-          CHROMATIC_PROJECT_TOKEN: ${{ secrets.CHROMATIC_UI_PROJECT_TOKEN }}
-          NODE_OPTIONS: ${{ env.NODE_OPTIONS }}
-      - uses: actions/upload-artifact@v4
-        if: always()
-        with:
-          name: chromatic-build-artifacts-${{ github.run_id }}
-          path: |
-            chromatic-diagnostics.json
-            **/build-storybook.log

.github/workflows/release-desktop-app.yml

@@ -1,17 +1,15 @@
 name: Release Desktop App
 
 on:
+  push:
+    tags:
+      - 'v[0-9]+.[0-9]+.[0-9]+-canary.[0-9]+'
   workflow_dispatch:
     inputs:
-      build-type:
-        description: 'Build Type'
-        type: choice
+      version:
+        description: App Version
         required: true
-        default: canary
-        options:
-          - canary
-          - beta
-          - stable
+        default: 0.0.0
       is-draft:
         description: 'Draft Release?'
         type: boolean
@@ -22,6 +20,11 @@ on:
         type: boolean
         required: true
         default: true
+      build-type:
+        description: 'Build Type (canary, beta or stable)'
+        type: string
+        required: true
+        default: canary
 
 permissions:
   actions: write
@@ -29,7 +32,7 @@ permissions:
   security-events: write
 
 env:
-  BUILD_TYPE: ${{ github.event.inputs.build-type }}
+  BUILD_TYPE: ${{ github.event.inputs.build-type || (github.ref_type == 'tag' && contains(github.ref, 'canary') && 'canary') }}
   DEBUG: napi:*
   APP_NAME: affine
   MACOSX_DEPLOYMENT_TARGET: '10.13'
@@ -37,18 +40,26 @@ env:
 jobs:
   before-make:
     runs-on: ubuntu-latest
-    environment: ${{ github.event.inputs.build-type }}
+    environment: ${{ github.event.inputs.build-type || (github.ref_type == 'tag' && contains(github.ref, 'canary') && 'canary') }}
     outputs:
-      RELEASE_VERSION: ${{ steps.version.outputs.APP_VERSION }}
+      RELEASE_VERSION: ${{ steps.get-canary-version.outputs.RELEASE_VERSION }}
     steps:
       - uses: actions/checkout@v4
-      - name: Setup Version
-        id: version
-        uses: ./.github/actions/setup-version
       - name: Setup Node.js
         uses: ./.github/actions/setup-node
       - name: Setup @sentry/cli
         uses: ./.github/actions/setup-sentry
+      - name: Get canary version
+        id: get-canary-version
+        if: ${{ github.ref_type == 'tag' }}
+        run: |
+          TAG_VERSION=${GITHUB_REF#refs/tags/v}
+          PACKAGE_VERSION=$(node -p "require('./packages/frontend/electron/package.json').version")
+          if [ "$TAG_VERSION" != "$PACKAGE_VERSION" ]; then
+            echo "Tag version ($TAG_VERSION) does not match package.json version ($PACKAGE_VERSION)"
+            exit 1
+          fi
+          echo "RELEASE_VERSION=$(node -p "require('./packages/frontend/electron/package.json').version")" >> $GITHUB_OUTPUT
       - name: generate-assets
         run: yarn workspace @affine/electron generate-assets
         env:
@@ -56,12 +67,12 @@ jobs:
           SENTRY_PROJECT: ${{ secrets.SENTRY_PROJECT }}
           SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
           SENTRY_DSN: ${{ secrets.SENTRY_DSN }}
-          RELEASE_VERSION: ${{ steps.version.outputs.APP_VERSION }}
+          RELEASE_VERSION: ${{ github.event.inputs.version || steps.get-canary-version.outputs.RELEASE_VERSION }}
           SKIP_PLUGIN_BUILD: 'true'
           SKIP_NX_CACHE: 'true'
 
       - name: Upload core artifact
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v3
         with:
           name: core
           path: packages/frontend/electron/resources/web-static
@@ -93,15 +104,13 @@ jobs:
       SKIP_GENERATE_ASSETS: 1
     steps:
       - uses: actions/checkout@v4
-      - name: Setup Version
-        id: version
-        uses: ./.github/actions/setup-version
       - name: Setup Node.js
         timeout-minutes: 10
         uses: ./.github/actions/setup-node
         with:
           extra-flags: workspaces focus @affine/electron @affine/monorepo
           hard-link-nm: false
+          build-plugins: false
           nmHoistingLimits: workspaces
           enableScripts: false
       - name: Build AFFiNE native
@@ -110,7 +119,7 @@ jobs:
           target: ${{ matrix.spec.target }}
           package: '@affine/native'
           nx_token: ${{ secrets.NX_CLOUD_ACCESS_TOKEN }}
-      - uses: actions/download-artifact@v4
+      - uses: actions/download-artifact@v3
         with:
           name: core
           path: packages/frontend/electron/resources/web-static
@@ -146,7 +155,7 @@ jobs:
           mv packages/frontend/electron/out/*/make/AppImage/x64/*.AppImage ./builds/affine-${{ env.BUILD_TYPE }}-linux-x64.AppImage
 
       - name: Upload Artifact
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v3
         with:
           name: affine-${{ matrix.spec.platform }}-${{ matrix.spec.arch }}-builds
           path: builds
@@ -169,15 +178,13 @@ jobs:
       SKIP_GENERATE_ASSETS: 1
     steps:
       - uses: actions/checkout@v4
-      - name: Setup Version
-        id: version
-        uses: ./.github/actions/setup-version
       - name: Setup Node.js
         timeout-minutes: 10
         uses: ./.github/actions/setup-node
         with:
           extra-flags: workspaces focus @affine/electron @affine/monorepo
           hard-link-nm: false
+          build-plugins: false
           nmHoistingLimits: workspaces
       - name: Build AFFiNE native
         uses: ./.github/actions/build-rust
@@ -185,11 +192,14 @@ jobs:
           target: ${{ matrix.spec.target }}
           package: '@affine/native'
           nx_token: ${{ secrets.NX_CLOUD_ACCESS_TOKEN }}
-      - uses: actions/download-artifact@v4
+      - uses: actions/download-artifact@v3
         with:
           name: core
           path: packages/frontend/electron/resources/web-static
 
+      - name: Build Plugins
+        run: yarn run build:plugins
+
       - name: Build Desktop Layers
         run: yarn workspace @affine/electron build
 
@@ -211,7 +221,7 @@ jobs:
         run: Compress-Archive -CompressionLevel Fastest -Path packages/frontend/electron/out/* -DestinationPath archive.zip
 
       - name: Save packaged artifacts for signing
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v3
         with:
           name: packaged-${{ matrix.spec.platform }}-${{ matrix.spec.arch }}
           path: |
@@ -245,7 +255,7 @@ jobs:
         timeout-minutes: 10
         uses: ./.github/actions/setup-node
       - name: Download and overwrite packaged artifacts
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v3
         with:
           name: signed-packaged-${{ matrix.spec.platform }}-${{ matrix.spec.arch }}
           path: .
@@ -266,7 +276,7 @@ jobs:
           echo $FILES_TO_BE_SIGNED
 
       - name: Save installer for signing
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v3
         with:
           name: installer-${{ matrix.spec.platform }}-${{ matrix.spec.arch }}
           path: archive.zip
@@ -292,7 +302,7 @@ jobs:
     runs-on: ${{ matrix.spec.runner }}
     steps:
       - name: Download and overwrite installer artifacts
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v3
         with:
           name: signed-installer-${{ matrix.spec.platform }}-${{ matrix.spec.arch }}
           path: .
@@ -307,7 +317,7 @@ jobs:
           mv packages/frontend/electron/out/*/make/squirrel.windows/x64/*.msi ./builds/affine-${{ env.BUILD_TYPE }}-windows-x64.msi
 
       - name: Upload Artifact
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v3
         with:
           name: affine-${{ matrix.spec.platform }}-${{ matrix.spec.arch }}-builds
           path: builds
@@ -318,29 +328,29 @@ jobs:
 
     steps:
       - uses: actions/checkout@v4
-      - uses: actions/download-artifact@v4
+      - uses: actions/download-artifact@v3
         with:
           name: core
           path: web-static
       - name: Zip web-static
         run: zip -r web-static.zip web-static
       - name: Download Artifacts (macos-x64)
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v3
         with:
           name: affine-darwin-x64-builds
           path: ./
       - name: Download Artifacts (macos-arm64)
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v3
         with:
           name: affine-darwin-arm64-builds
           path: ./
       - name: Download Artifacts (windows-x64)
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v3
         with:
           name: affine-win32-x64-builds
           path: ./
       - name: Download Artifacts (linux-x64)
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v3
         with:
           name: affine-linux-x64-builds
           path: ./
@@ -351,37 +361,14 @@ jobs:
         run: |
           node ./packages/frontend/electron/scripts/generate-yml.js
         env:
-          RELEASE_VERSION: ${{ needs.before-make.outputs.RELEASE_VERSION }}
+          RELEASE_VERSION: ${{ github.event.inputs.version || needs.before-make.outputs.RELEASE_VERSION }}
       - name: Create Release Draft
-        if: ${{ github.ref_type == 'tag' }}
         uses: softprops/action-gh-release@v1
         with:
-          name: ${{ needs.before-make.outputs.RELEASE_VERSION }}
+          name: ${{ github.event.inputs.version || needs.before-make.outputs.RELEASE_VERSION }}
           body: ''
-          draft: ${{ github.event.inputs.is-draft }}
-          prerelease: ${{ github.event.inputs.is-pre-release }}
-          files: |
-            ./VERSION
-            ./*.zip
-            ./*.dmg
-            ./*.exe
-            ./*.AppImage
-            ./*.apk
-            ./*.yml
-      - name: Create Nightly Release Draft
-        if: ${{ github.ref_type == 'branch' }}
-        uses: softprops/action-gh-release@v1
-        env:
-          GITHUB_TOKEN: ${{ secrets.RELEASE_TOKEN }}
-        with:
-          # Temporarily, treat release from branch as nightly release, artifact saved to AFFiNE-Releases.
-          # Need to improve internal build and nightly release logic.
-          repository: 'toeverything/AFFiNE-Releases'
-          name: ${{ needs.before-make.outputs.RELEASE_VERSION }}
-          tag_name: ${{ needs.before-make.outputs.RELEASE_VERSION }}
-          body: ''
-          draft: false
-          prerelease: true
+          draft: ${{ github.event.inputs.is-draft || true }}
+          prerelease: ${{ github.event.inputs.is-pre-release || needs.before-make.outputs.version }}
           files: |
             ./VERSION
             ./*.zip

.github/workflows/release-desktop-automatically.yml

@@ -1,27 +0,0 @@
-name: Release Desktop Automatically
-
-on:
-  push:
-    tags:
-      - 'v[0-9]+.[0-9]+.[0-9]+-canary.[0-9]+'
-  schedule:
-    - cron: '0 9 * * *'
-
-jobs:
-  dispatch-release-desktop:
-    runs-on: ubuntu-latest
-    name: Setup Release Desktop
-    steps:
-      - name: dispatch desktop release by tag
-        if: ${{ github.event_name == 'push' }}
-        uses: benc-uk/workflow-dispatch@v1
-        with:
-          workflow: release-desktop.yml
-          inputs: '{ "build-type": "canary", "is-draft": false, "is-pre-release": true }'
-      - name: dispatch desktop release by schedule
-        if: ${{ github.event_name == 'schedule' }}
-        uses: benc-uk/workflow-dispatch@v1
-        with:
-          workflow: release-desktop.yml
-          inputs: '{ "build-type": "canary", "is-draft": false, "is-pre-release": true }'
-          ref: canary

.github/workflows/windows-signer.yml

@@ -14,7 +14,7 @@ jobs:
     env:
       ARCHIVE_DIR: ${{ github.run_id }}-${{ github.run_attempt }}-${{ inputs.artifact-name }}
     steps:
-      - uses: actions/download-artifact@v4
+      - uses: actions/download-artifact@v3
         with:
           name: ${{ inputs.artifact-name }}
           path: ${{ env.ARCHIVE_DIR }}
@@ -36,7 +36,7 @@ jobs:
           cd ${{ env.ARCHIVE_DIR }}
           7za a signed.zip .\out\*
       - name: upload
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v3
         with:
           name: signed-${{ inputs.artifact-name }}
           path: ${{ env.ARCHIVE_DIR }}/signed.zip

.github/workflows/workers.yml

@@ -11,11 +11,11 @@ jobs:
   deploy:
     runs-on: ubuntu-latest
     name: Deploy
-    environment: stable
+    environment: production
     steps:
       - uses: actions/checkout@v4
       - name: Publish
-        uses: cloudflare/wrangler-action@v3.4.0
+        uses: cloudflare/wrangler-action@v3.3.2
         with:
           apiToken: ${{ secrets.CF_API_TOKEN }}
           accountId: ${{ secrets.CF_ACCOUNT_ID }}

.prettierignore

@@ -15,9 +15,6 @@ packages/backend/server/src/schema.gql
 packages/frontend/i18n/src/i18n-generated.ts
 packages/frontend/graphql/src/graphql/index.ts
 tests/affine-legacy/**/static
-.yarnrc.yml
-packages/frontend/templates/templates.gen.ts
-packages/frontend/templates/onboarding
 
 # auto-generated by NAPI-RS
 # fixme(@joooye34): need script to check and generate ignore list here

.yarnrc.yml

@@ -6,10 +6,10 @@ nmMode: hardlinks-local
 
 nodeLinker: node-modules
 
-npmAuthToken: "${NPM_TOKEN:-NONE}"
+npmAuthToken: '${NPM_TOKEN:-NONE}'
 
 npmPublishAccess: public
 
-npmPublishRegistry: "https://registry.npmjs.org"
+npmPublishRegistry: 'https://registry.npmjs.org'
 
-yarnPath: .yarn/releases/yarn-4.0.2.cjs
+yarnPath: .yarn/releases/yarn-4.0.1.cjs

Cargo.lock

@@ -2024,14 +2024,16 @@ dependencies = [
 
 [[package]]
 name = "rsa"
-version = "0.9.6"
+version = "0.9.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5d0e5124fcb30e76a7e79bfee683a2746db83784b86289f6251b54b7950a0dfc"
+checksum = "6ab43bb47d23c1a631b4b680199a45255dce26fa9ab2fa902581f624ff13e6a8"
 dependencies = [
+ "byteorder",
  "const-oid",
  "digest",
  "num-bigint-dig",
  "num-integer",
+ "num-iter",
  "num-traits",
  "pkcs1",
  "pkcs8",
@@ -2460,9 +2462,9 @@ dependencies = [
 
 [[package]]
 name = "spki"
-version = "0.7.3"
+version = "0.7.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d91ed6c858b01f942cd56b37a94b3e0a1798290327d1236e4d9cf4eaca44d29d"
+checksum = "9d1e996ef02c474957d681f1b05213dfb0abab947b446a62d37770b23500184a"
 dependencies = [
  "base64ct",
  "der",
@@ -3316,18 +3318,18 @@ dependencies = [
 
 [[package]]
 name = "zerocopy"
-version = "0.7.31"
+version = "0.7.26"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1c4061bedbb353041c12f413700357bec76df2c7e2ca8e4df8bac24c6bf68e3d"
+checksum = "e97e415490559a91254a2979b4829267a57d2fcd741a98eee8b722fb57289aa0"
 dependencies = [
  "zerocopy-derive",
 ]
 
 [[package]]
 name = "zerocopy-derive"
-version = "0.7.31"
+version = "0.7.26"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b3c129550b3e6de3fd0ba67ba5c81818f9805e58b8d7fee80a3a59d2c9fc601a"
+checksum = "dd7e48ccf166952882ca8bd778a43502c64f33bf94c12ebe2a7f08e5a0f6689f"
 dependencies = [
  "proc-macro2",
  "quote",

README.md

@@ -113,6 +113,21 @@ If you have questions, you are welcome to contact us. One of the best places to
 | [@toeverything/y-indexeddb](packages/common/y-indexeddb) | IndexedDB database adapter for Yjs | [![](https://img.shields.io/npm/dm/@toeverything/y-indexeddb?style=flat-square&color=eee)](https://www.npmjs.com/package/@toeverything/y-indexeddb) |
 | [@toeverything/theme](packages/common/theme)             | AFFiNE theme                       | [![](https://img.shields.io/npm/dm/@toeverything/theme?style=flat-square&color=eee)](https://www.npmjs.com/package/@toeverything/theme)             |
 
+## Plugins
+
+> Plugins are a way to extend the functionality of AFFiNE. You can use plugins to add new blocks, new features, and even new ways to edit content.
+>
+> (Currently, the plugin system is under heavy development. You will see the plugin system in the canary release.)
+
+- [@affine/sdk](./packages/common/sdk) - SDK for developing plugins
+- [@affine/plugin-cli](./tools/plugin-cli) - CLI for developing plugins
+
+| Official Plugin                                                  | Description                               | Status |
+| ---------------------------------------------------------------- | ----------------------------------------- | ------ |
+| [@affine/copilot-plugin](./packages/plugins/copilot)             | AI Copilot that help you document writing | 🚧     |
+| [@affine/image-preview-plugin](./packages/plugins/image-preview) | Component for previewing an image         | ✅     |
+| [@affine/outline](./packages/plugins/outline)                    | Outline for your document                 | ✅     |
+
 ## Upstreams
 
 We would also like to give thanks to open-source projects that make AFFiNE possible:
@@ -138,6 +153,24 @@ We would like to express our gratitude to all the individuals who have already c
   <img alt="contributors" src="https://opencollective.com/affine/contributors.svg?width=890&button=false" />
 </a>
 
+## Data Compatibility
+
+Data compatibility is a very important issue for us. We will try our best to ensure that the data is compatible with the previous version.
+
+If you encounter any problems when upgrading the version, please feel free to [contact us](mailto:developer@toeverything.info).
+
+| AFFiNE Version  | Export/Import workspace | Data auto migration |
+| --------------- | ----------------------- | ------------------- |
+| <= 0.5.4        | ❌️                     | ❌                  |
+| 0.6.x           | ✅️                     | ✅                  |
+| 0.7.x           | ✅️                     | ✅                  |
+| 0.8.x (current) | ✅                      | ✅                  |
+| 0.9.x (next)    | 🚧                      | 🚧                  |
+
+- ❌️: Not compatible
+- ✅: Compatible
+- 🚧: Work in progress
+
 ## Self-Host
 
 > We know that the self-host version has been out of date for a long time.
@@ -194,7 +227,7 @@ See [LICENSE] for details.
 [jobs available]: ./docs/jobs.md
 [latest packages]: https://github.com/toeverything/AFFiNE/pkgs/container/affine-self-hosted
 [contributor license agreement]: https://github.com/toeverything/affine/edit/canary/.github/CLA.md
-[rust-version-icon]: https://img.shields.io/badge/Rust-1.75.0-dea584
+[rust-version-icon]: https://img.shields.io/badge/Rust-1.74.0-dea584
 [stars-icon]: https://img.shields.io/github/stars/toeverything/AFFiNE.svg?style=flat&logo=github&colorB=red&label=stars
 [codecov]: https://codecov.io/gh/toeverything/affine/branch/canary/graphs/badge.svg?branch=canary
 [node-version-icon]: https://img.shields.io/badge/node-%3E=18.16.1-success

docs/BUILDING.md

@@ -57,29 +57,6 @@ corepack prepare yarn@stable --activate
 yarn install
 ```
 
-### Clone repository
-
-#### Linux & MacOS
-
-```sh
-git clone https://github.com/toeverything/AFFiNE
-```
-
-#### Windows
-
-In our codebase, we use symbolic links. Due to the security design of Windows, the creation of symbolic links requires administrator privileges. This is part of the security policy settings of Windows, and more information can be found at [Security Policy Settings for Creating Symbolic Links](https://learn.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/create-symbolic-links).
-
-For detailed guidance on enabling this feature, please refer to the official documentation: [Enable Developer Mode on Windows](https://learn.microsoft.com/en-us/windows/apps/get-started/enable-your-device-for-development).
-
-Once Developer Mode is enabled, execute the following command with administrator privileges:
-
-```sh
-# Enable symbolic links
-git config --global core.symlinks true
-# Clone the repository, also need to be run with administrator privileges
-git clone https://github.com/toeverything/AFFiNE
-```
-
 ### Build Native Dependencies
 
 Run the following script. It will build the native module at [`/packages/frontend/native`](/packages/frontend/native) and build Node.js binding using [NAPI.rs](https://napi.rs/).
@@ -90,6 +67,18 @@ Note: use `strip` from system instead of `binutils` if you are running MacOS. [s
 yarn workspace @affine/native build
 ```
 
+### Build Infra
+
+```sh
+yarn run build:infra
+```
+
+### Build Plugins
+
+```sh
+yarn run build:plugins
+```
+
 ### Build Server Dependencies
 
 ```sh
@@ -113,7 +102,7 @@ yarn test
 ### E2E Test
 
 ```shell
-# there are `affine-local`, `affine-migration`, `affine-local`, `affine-prototype` e2e tests,
+# there are `affine-local`, `affine-migration`, `affine-local`, `affine-plugin`, `affine-prototype` e2e tests,
 #   which are run under different situations.
 cd tests/affine-local
 yarn e2e

docs/contributing/tutorial.md

@@ -17,6 +17,7 @@ The codebase is organized as follows:
 - `packages/` contains all code running in production.
   - `backend/` contains backend code, more information from <https://github.com/toeverything/OctoBase>.
   - `frontend/` contains frontend code, including the web app, the electron app and business libraries.
+  - `plugins/` contains all build-in plugins.
   - `common` contains the isomorphic code or basic libraries without business.
 - `tools/` contains tools to help developing or CI, not used in production.
 - `tests/` contains testings across different libraries, including e2e testings and integration testings.

docs/reference/package.json

@@ -1,23 +0,0 @@
-{
-  "name": "@affine/docs",
-  "type": "module",
-  "private": true,
-  "scripts": {
-    "build": "typedoc --options ../../typedoc.json",
-    "dev": "nodemon --exec 'typedoc --options ../../typedoc.json' & serve dist/"
-  },
-  "devDependencies": {
-    "nodemon": "^3.0.1",
-    "serve": "^14.2.1",
-    "typedoc": "^0.25.4"
-  },
-  "nodemonConfig": {
-    "watch": [
-      "./readme.md",
-      "../../packages/*/*/src/*.ts",
-      "../../**/typedoc{.base,}.json"
-    ],
-    "ext": "ts,md,json"
-  },
-  "version": "0.12.0"
-}

docs/reference/readme.md

@@ -1,7 +0,0 @@
-Welcome to AFFiNE development reference.
-
-This document is intended for developers who want to contribute to AFFiNE. It contains information about the architecture of AFFiNE, how to build it, and how to contribute to it.
-
-### The Infrastructure of AFFiNE
-
-see {@link @toeverything/infra!}

nx.json

@@ -1,13 +1,12 @@
 {
   "$schema": "./node_modules/nx/schemas/nx-schema.json",
   "npmScope": "toeverything",
-  "nxCloudAccessToken": "MzUwNTU4YWItZGFhYi00YjE2LWIxODAtODk4NmIwYjMwYzZkfHJlYWQ=",
   "tasksRunnerOptions": {
     "default": {
       "runner": "nx-cloud",
       "options": {
         "cacheableOperations": ["build", "test", "e2e", "lint"],
-        "runtimeCacheInputs": ["node -v"]
+        "accessToken": "YmQ2NTg1ODktZTk5Mi00YzhiLTk2ZmUtNWQzMDg0NDBkOWM3fHJlYWQtb25seQ=="
       }
     }
   },

package.json

@@ -1,6 +1,6 @@
 {
   "name": "@affine/monorepo",
-  "version": "0.12.0",
+  "version": "0.10.4-canary.1",
   "private": true,
   "author": "toeverything",
   "license": "MIT",
@@ -8,9 +8,10 @@
     ".",
     "packages/*/*",
     "tools/*",
-    "docs/reference",
+    "!tools/@types",
     "tools/@types/*",
     "tests/*",
+    "!tests/affine-legacy",
     "tests/affine-legacy/*"
   ],
   "engines": {
@@ -22,6 +23,8 @@
     "build": "yarn nx build @affine/core",
     "build:electron": "yarn nx build @affine/electron",
     "build:storage": "yarn nx run-many -t build -p @affine/storage",
+    "build:infra": "yarn nx run-many -t build --projects=tag:infra",
+    "build:plugins": "yarn nx run-many -t build --projects=tag:plugin",
     "build:storybook": "yarn nx build @affine/storybook",
     "start:web-static": "yarn workspace @affine/core static-server",
     "start:storybook": "yarn exec serve tests/storybook/storybook-static -l 6006",
@@ -30,7 +33,7 @@
     "lint:eslint:fix": "yarn lint:eslint --fix",
     "lint:prettier": "prettier --ignore-unknown --cache --check .",
     "lint:prettier:fix": "prettier --ignore-unknown --cache --write .",
-    "lint:ox": "oxlint --import-plugin --deny-warnings -D correctness -D nursery -D prefer-array-some -D no-useless-promise-resolve-reject -D perf -A no-undef -A consistent-type-exports -A default -A named -A ban-ts-comment -A export",
+    "lint:ox": "oxlint --deny-warnings --import-plugin -D correctness -D nursery -D prefer-array-some -D no-useless-promise-resolve-reject -A no-undef -A consistent-type-exports -A default -A named -A ban-ts-comment",
     "lint": "yarn lint:eslint && yarn lint:prettier",
     "lint:fix": "yarn lint:eslint:fix && yarn lint:prettier:fix",
     "test": "vitest --run",
@@ -55,13 +58,15 @@
   "devDependencies": {
     "@affine-test/kit": "workspace:*",
     "@affine/cli": "workspace:*",
+    "@affine/plugin-cli": "workspace:*",
     "@commitlint/cli": "^18.4.3",
     "@commitlint/config-conventional": "^18.4.3",
     "@faker-js/faker": "^8.3.1",
     "@istanbuljs/schema": "^0.1.3",
     "@magic-works/i18n-codegen": "^0.5.0",
-    "@nx/vite": "17.2.8",
-    "@playwright/test": "^1.41.0",
+    "@nx/vite": "17.1.3",
+    "@perfsee/sdk": "^1.9.0",
+    "@playwright/test": "^1.40.0",
     "@taplo/cli": "^0.5.2",
     "@testing-library/react": "^14.1.2",
     "@toeverything/infra": "workspace:*",
@@ -73,9 +78,9 @@
     "@vanilla-extract/vite-plugin": "^3.9.2",
     "@vanilla-extract/webpack-plugin": "^2.3.1",
     "@vitejs/plugin-react-swc": "^3.5.0",
-    "@vitest/coverage-istanbul": "1.1.3",
-    "@vitest/ui": "1.1.3",
-    "electron": "^28.1.4",
+    "@vitest/coverage-istanbul": "0.34.6",
+    "@vitest/ui": "0.34.6",
+    "electron": "^27.1.0",
     "eslint": "^8.54.0",
     "eslint-config-prettier": "^9.0.0",
     "eslint-plugin-i": "^2.29.0",
@@ -83,35 +88,36 @@
     "eslint-plugin-react-hooks": "^4.6.0",
     "eslint-plugin-simple-import-sort": "^10.0.0",
     "eslint-plugin-sonarjs": "^0.23.0",
-    "eslint-plugin-unicorn": "^50.0.0",
+    "eslint-plugin-unicorn": "^49.0.0",
     "eslint-plugin-unused-imports": "^3.0.0",
     "eslint-plugin-vue": "^9.18.1",
-    "fake-indexeddb": "5.0.2",
-    "happy-dom": "^13.0.0",
+    "fake-indexeddb": "5.0.1",
+    "happy-dom": "^12.10.3",
     "husky": "^8.0.3",
     "lint-staged": "^15.1.0",
     "msw": "^2.0.8",
     "nanoid": "^5.0.3",
-    "nx": "^17.2.8",
+    "nx": "^17.1.3",
+    "nx-cloud": "^16.5.2",
     "nyc": "^15.1.0",
-    "oxlint": "0.0.22",
+    "oxlint": "^0.0.18",
     "prettier": "^3.1.0",
     "semver": "^7.5.4",
     "serve": "^14.2.1",
     "string-width": "^7.0.0",
     "ts-node": "^10.9.1",
     "typescript": "^5.3.2",
-    "vite": "^5.0.6",
+    "vite": "^5.0.1",
     "vite-plugin-istanbul": "^5.0.0",
-    "vite-plugin-static-copy": "^1.0.0",
+    "vite-plugin-static-copy": "^0.17.1",
     "vite-tsconfig-paths": "^4.2.1",
-    "vitest": "1.1.3",
+    "vitest": "0.34.6",
     "vitest-fetch-mock": "^0.2.2",
     "vitest-mock-extended": "^1.3.1"
   },
-  "packageManager": "yarn@4.0.2",
+  "packageManager": "yarn@4.0.1",
   "resolutions": {
-    "vite": "^5.0.6",
+    "vite": "^4.4.11",
     "array-buffer-byte-length": "npm:@nolyfill/array-buffer-byte-length@latest",
     "array-includes": "npm:@nolyfill/array-includes@latest",
     "array.prototype.flat": "npm:@nolyfill/array.prototype.flat@latest",
@@ -168,9 +174,8 @@
     "which-boxed-primitive": "npm:@nolyfill/which-boxed-primitive@latest",
     "which-typed-array": "npm:@nolyfill/which-typed-array@latest",
     "next-auth@^4.24.5": "patch:next-auth@npm%3A4.24.5#~/.yarn/patches/next-auth-npm-4.24.5-8428e11927.patch",
-    "@reforged/maker-appimage/@electron-forge/maker-base": "7.2.0",
+    "@reforged/maker-appimage/@electron-forge/maker-base": "7.1.0",
     "macos-alias": "npm:macos-alias-building@latest",
-    "fs-xattr": "npm:@napi-rs/xattr@latest",
-    "@radix-ui/react-dialog": "npm:@radix-ui/react-dialog@latest"
+    "fs-xattr": "npm:@napi-rs/xattr@latest"
   }
 }

packages/backend/server/.env.example

@@ -1,4 +1,8 @@
-# AFFINE_SERVER_PORT=3010
-# AFFINE_SERVER_HOST=app.affine.pro
-# AFFINE_SERVER_HTTPS=true
-# DATABASE_URL="postgres://affine@localhost:5432/affine"
+DATABASE_URL="postgresql://affine@localhost:5432/affine"
+NEXTAUTH_URL="http://localhost:8080"
+OAUTH_EMAIL_SENDER="noreply@toeverything.info"
+OAUTH_EMAIL_LOGIN=""
+OAUTH_EMAIL_PASSWORD=""
+ENABLE_LOCAL_EMAIL="true"
+STRIPE_API_KEY=
+STRIPE_WEBHOOK_KEY=

packages/backend/server/migrations/20231030104009_user_features/migration.sql

@@ -1,45 +0,0 @@
-/*
-  Warnings:
-
-  - You are about to drop the `user_feature_gates` table. If the table is not empty, all the data it contains will be lost.
-
-*/
--- DropForeignKey
-ALTER TABLE "user_feature_gates" DROP CONSTRAINT "user_feature_gates_user_id_fkey";
-
--- DropTable
-DROP TABLE "user_feature_gates";
-
--- CreateTable
-CREATE TABLE "user_features" (
-    "id" SERIAL NOT NULL,
-    "user_id" VARCHAR(36) NOT NULL,
-    "feature_id" INTEGER NOT NULL,
-    "reason" VARCHAR NOT NULL,
-    "created_at" TIMESTAMPTZ(6) NOT NULL DEFAULT CURRENT_TIMESTAMP,
-    "expired_at" TIMESTAMPTZ(6),
-    "activated" BOOLEAN NOT NULL DEFAULT false,
-
-    CONSTRAINT "user_features_pkey" PRIMARY KEY ("id")
-);
-
--- CreateTable
-CREATE TABLE "features" (
-    "id" SERIAL NOT NULL,
-    "feature" VARCHAR NOT NULL,
-    "version" INTEGER NOT NULL DEFAULT 0,
-    "type" INTEGER NOT NULL,
-    "configs" JSON NOT NULL,
-    "created_at" TIMESTAMPTZ(6) NOT NULL DEFAULT CURRENT_TIMESTAMP,
-
-    CONSTRAINT "features_pkey" PRIMARY KEY ("id")
-);
-
--- CreateIndex
-CREATE UNIQUE INDEX "features_feature_version_key" ON "features"("feature", "version");
-
--- AddForeignKey
-ALTER TABLE "user_features" ADD CONSTRAINT "user_features_user_id_fkey" FOREIGN KEY ("user_id") REFERENCES "users"("id") ON DELETE CASCADE ON UPDATE CASCADE;
-
--- AddForeignKey
-ALTER TABLE "user_features" ADD CONSTRAINT "user_features_feature_id_fkey" FOREIGN KEY ("feature_id") REFERENCES "features"("id") ON DELETE CASCADE ON UPDATE CASCADE;

packages/backend/server/migrations/20240103092238_add_workspace_features/migration.sql

@@ -1,18 +0,0 @@
--- CreateTable
-CREATE TABLE "workspace_features" (
-    "id" SERIAL NOT NULL,
-    "workspace_id" VARCHAR(36) NOT NULL,
-    "feature_id" INTEGER NOT NULL,
-    "reason" VARCHAR NOT NULL,
-    "created_at" TIMESTAMPTZ(6) NOT NULL DEFAULT CURRENT_TIMESTAMP,
-    "expired_at" TIMESTAMPTZ(6),
-    "activated" BOOLEAN NOT NULL DEFAULT false,
-
-    CONSTRAINT "workspace_features_pkey" PRIMARY KEY ("id")
-);
-
--- AddForeignKey
-ALTER TABLE "workspace_features" ADD CONSTRAINT "workspace_features_feature_id_fkey" FOREIGN KEY ("feature_id") REFERENCES "features"("id") ON DELETE CASCADE ON UPDATE CASCADE;
-
--- AddForeignKey
-ALTER TABLE "workspace_features" ADD CONSTRAINT "workspace_features_workspace_id_fkey" FOREIGN KEY ("workspace_id") REFERENCES "workspaces"("id") ON DELETE CASCADE ON UPDATE CASCADE;

packages/backend/server/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@affine/server",
   "private": true,
-  "version": "0.12.0",
+  "version": "0.10.4-canary.1",
   "description": "Affine Node.js server",
   "type": "module",
   "bin": {
@@ -9,13 +9,13 @@
   },
   "scripts": {
     "build": "tsc",
-    "start": "node --loader ts-node/esm/transpile-only.mjs --es-module-specifier-resolution node ./src/index.ts",
+    "start": "node --loader ts-node/esm.mjs --es-module-specifier-resolution node ./src/index.ts",
     "dev": "nodemon ./src/index.ts",
     "test": "ava --concurrency 1 --serial",
     "test:coverage": "c8 ava --concurrency 1 --serial",
     "postinstall": "prisma generate",
-    "data-migration": "node --loader ts-node/esm/transpile-only.mjs --es-module-specifier-resolution node ./src/data/index.ts",
-    "predeploy": "yarn prisma migrate deploy && node --es-module-specifier-resolution node ./dist/data/index.js run"
+    "data-migration": "node --loader ts-node/esm.mjs --es-module-specifier-resolution node ./src/data/app.ts",
+    "predeploy": "yarn prisma migrate deploy && node --es-module-specifier-resolution node ./dist/data/app.js run"
   },
   "dependencies": {
     "@apollo/server": "^4.9.5",
@@ -23,7 +23,6 @@
     "@aws-sdk/client-s3": "^3.454.0",
     "@google-cloud/opentelemetry-cloud-monitoring-exporter": "^0.17.0",
     "@google-cloud/opentelemetry-cloud-trace-exporter": "^2.1.0",
-    "@google-cloud/opentelemetry-resource-util": "^2.1.0",
     "@keyv/redis": "^2.8.0",
     "@nestjs/apollo": "^12.0.11",
     "@nestjs/common": "^10.2.10",
@@ -33,39 +32,35 @@
     "@nestjs/platform-express": "^10.2.10",
     "@nestjs/platform-socket.io": "^10.2.10",
     "@nestjs/schedule": "^4.0.0",
-    "@nestjs/serve-static": "^4.0.0",
     "@nestjs/throttler": "^5.0.1",
     "@nestjs/websockets": "^10.2.10",
     "@node-rs/argon2": "^1.5.2",
     "@node-rs/crc32": "^1.7.2",
-    "@node-rs/jsonwebtoken": "^0.3.0",
+    "@node-rs/jsonwebtoken": "^0.2.3",
     "@opentelemetry/api": "^1.7.0",
-    "@opentelemetry/core": "^1.20.0",
-    "@opentelemetry/exporter-prometheus": "^0.47.0",
-    "@opentelemetry/exporter-zipkin": "^1.20.0",
-    "@opentelemetry/host-metrics": "^0.34.0",
-    "@opentelemetry/instrumentation": "^0.47.0",
+    "@opentelemetry/core": "^1.18.1",
+    "@opentelemetry/exporter-prometheus": "^0.45.1",
+    "@opentelemetry/exporter-zipkin": "^1.18.1",
+    "@opentelemetry/host-metrics": "^0.33.2",
+    "@opentelemetry/instrumentation": "^0.45.1",
     "@opentelemetry/instrumentation-graphql": "^0.36.0",
-    "@opentelemetry/instrumentation-http": "^0.47.0",
+    "@opentelemetry/instrumentation-http": "^0.45.1",
     "@opentelemetry/instrumentation-ioredis": "^0.36.0",
     "@opentelemetry/instrumentation-nestjs-core": "^0.33.3",
-    "@opentelemetry/instrumentation-socket.io": "^0.35.0",
-    "@opentelemetry/resources": "^1.20.0",
-    "@opentelemetry/sdk-metrics": "^1.20.0",
-    "@opentelemetry/sdk-node": "^0.47.0",
-    "@opentelemetry/sdk-trace-node": "^1.20.0",
-    "@opentelemetry/semantic-conventions": "^1.20.0",
-    "@prisma/client": "^5.7.1",
-    "@prisma/instrumentation": "^5.7.1",
+    "@opentelemetry/instrumentation-socket.io": "^0.34.3",
+    "@opentelemetry/resources": "^1.18.1",
+    "@opentelemetry/sdk-metrics": "^1.18.1",
+    "@opentelemetry/sdk-node": "^0.45.1",
+    "@opentelemetry/sdk-trace-node": "^1.18.1",
+    "@prisma/client": "^5.6.0",
+    "@prisma/instrumentation": "^5.6.0",
     "@socket.io/redis-adapter": "^8.2.1",
     "cookie-parser": "^1.4.6",
     "dotenv": "^16.3.1",
-    "dotenv-cli": "^7.3.0",
     "express": "^4.18.2",
-    "file-type": "^19.0.0",
+    "file-type": "^18.7.0",
     "get-stream": "^8.0.1",
     "graphql": "^16.8.1",
-    "graphql-scalars": "^1.22.4",
     "graphql-type-json": "^0.3.2",
     "graphql-upload": "^16.0.2",
     "ioredis": "^5.3.2",
@@ -79,16 +74,15 @@
     "on-headers": "^1.0.2",
     "parse-duration": "^1.1.0",
     "pretty-time": "^1.1.0",
-    "prisma": "^5.7.1",
+    "prisma": "^5.6.0",
     "prom-client": "^15.0.0",
-    "reflect-metadata": "^0.2.0",
+    "reflect-metadata": "^0.1.13",
     "rxjs": "^7.8.1",
     "semver": "^7.5.4",
     "socket.io": "^4.7.2",
     "stripe": "^14.5.0",
     "ws": "^8.14.2",
-    "yjs": "^13.6.10",
-    "zod": "^3.22.4"
+    "yjs": "^13.6.10"
   },
   "devDependencies": {
     "@affine-test/kit": "workspace:*",
@@ -106,10 +100,10 @@
     "@types/on-headers": "^1.0.3",
     "@types/pretty-time": "^1.1.5",
     "@types/sinon": "^17.0.2",
-    "@types/supertest": "^6.0.0",
+    "@types/supertest": "^2.0.16",
     "@types/ws": "^8.5.10",
     "ava": "^6.0.0",
-    "c8": "^9.0.0",
+    "c8": "^8.0.1",
     "nodemon": "^3.0.1",
     "sinon": "^17.0.1",
     "supertest": "^6.3.3",
@@ -117,7 +111,6 @@
     "typescript": "^5.3.2"
   },
   "ava": {
-    "timeout": "1m",
     "extensions": {
       "ts": "module"
     },
@@ -142,8 +135,7 @@
       "ENABLE_LOCAL_EMAIL": "true",
       "OAUTH_EMAIL_LOGIN": "noreply@toeverything.info",
       "OAUTH_EMAIL_PASSWORD": "affine",
-      "OAUTH_EMAIL_SENDER": "noreply@toeverything.info",
-      "FEATURES_EARLY_ACCESS_PREVIEW": "false"
+      "OAUTH_EMAIL_SENDER": "noreply@toeverything.info"
     }
   },
   "nodemonConfig": {

packages/backend/server/schema.prisma

@@ -1,7 +1,7 @@
 generator client {
   provider        = "prisma-client-js"
   binaryTargets   = ["native", "debian-openssl-3.0.x", "linux-arm64-openssl-3.0.x"]
-  previewFeatures = ["metrics", "tracing", "relationJoins", "nativeDistinct"]
+  previewFeatures = ["metrics", "tracing"]
 }
 
 datasource db {
@@ -22,7 +22,7 @@ model User {
 
   accounts             Account[]
   sessions             Session[]
-  features             UserFeatures[]
+  features             UserFeatureGates[]
   customer             UserStripeCustomer?
   subscription         UserSubscription?
   invoices             UserInvoice[]
@@ -40,7 +40,6 @@ model Workspace {
   pages           WorkspacePage[]
   permissions     WorkspaceUserPermission[]
   pagePermissions WorkspacePageUserPermission[]
-  features        WorkspaceFeatures[]
 
   @@map("workspaces")
 }
@@ -114,76 +113,15 @@ model WorkspacePageUserPermission {
   @@map("workspace_page_user_permissions")
 }
 
-// feature gates is a way to enable/disable features for a user
-// for example:
-// - early access is a feature that allow some users to access the insider version
-// - pro plan is a quota that allow some users access to more resources after they pay
-model UserFeatures {
-  id        Int    @id @default(autoincrement())
-  userId    String @map("user_id") @db.VarChar(36)
-  featureId Int    @map("feature_id") @db.Integer
-
-  // we will record the reason why the feature is enabled/disabled
-  // for example:
-  // - pro_plan_v1: "user buy the pro plan"
-  reason    String    @db.VarChar
-  // record the quota enabled time
-  createdAt DateTime  @default(now()) @map("created_at") @db.Timestamptz(6)
-  // record the quota expired time, pay plan is a subscription, so it will expired
-  expiredAt DateTime? @map("expired_at") @db.Timestamptz(6)
-  // whether the feature is activated
-  // for example:
-  // - if we switch the user to another plan, we will set the old plan to deactivated, but dont delete it
-  activated Boolean   @default(false)
-
-  feature Features @relation(fields: [featureId], references: [id], onDelete: Cascade)
-  user    User     @relation(fields: [userId], references: [id], onDelete: Cascade)
-
-  @@map("user_features")
-}
-
-// feature gates is a way to enable/disable features for a workspace
-// for example:
-// - copilet is a feature that allow some users in a workspace to access the copilet feature
-model WorkspaceFeatures {
-  id          Int    @id @default(autoincrement())
-  workspaceId String @map("workspace_id") @db.VarChar(36)
-  featureId   Int    @map("feature_id") @db.Integer
-
-  // we will record the reason why the feature is enabled/disabled
-  // for example:
-  // - copilet_v1: "owner buy the copilet feature package"
-  reason    String    @db.VarChar
-  // record the feature enabled time
-  createdAt DateTime  @default(now()) @map("created_at") @db.Timestamptz(6)
-  // record the quota expired time, pay plan is a subscription, so it will expired
-  expiredAt DateTime? @map("expired_at") @db.Timestamptz(6)
-  // whether the feature is activated
-  // for example:
-  // - if owner unsubscribe a feature package, we will set the feature to deactivated, but dont delete it
-  activated Boolean   @default(false)
-
-  feature   Features  @relation(fields: [featureId], references: [id], onDelete: Cascade)
-  workspace Workspace @relation(fields: [workspaceId], references: [id], onDelete: Cascade)
-
-  @@map("workspace_features")
-}
-
-model Features {
-  id        Int      @id @default(autoincrement())
+model UserFeatureGates {
+  id        String   @id @default(uuid()) @db.VarChar
+  userId    String   @map("user_id") @db.VarChar
   feature   String   @db.VarChar
-  version   Int      @default(0) @db.Integer
-  // 0: feature, 1: quota
-  type      Int      @db.Integer
-  // configs, define by feature conntroller
-  configs   Json     @db.Json
+  reason    String   @db.VarChar
   createdAt DateTime @default(now()) @map("created_at") @db.Timestamptz(6)
+  user      User     @relation(fields: [userId], references: [id], onDelete: Cascade)
 
-  UserFeatureGates  UserFeatures[]
-  WorkspaceFeatures WorkspaceFeatures[]
-
-  @@unique([feature, version])
-  @@map("features")
+  @@map("user_feature_gates")
 }
 
 model Account {
@@ -225,7 +163,6 @@ model VerificationToken {
   @@map("verificationtokens")
 }
 
-// deprecated, use [ObjectStorage]
 model Blob {
   id          Int       @id @default(autoincrement()) @db.Integer
   hash        String    @db.VarChar
@@ -240,7 +177,6 @@ model Blob {
   @@map("blobs")
 }
 
-// deprecated, use [ObjectStorage]
 model OptimizedBlob {
   id          Int       @id @default(autoincrement()) @db.Integer
   hash        String    @db.VarChar

packages/backend/server/scripts/init-db.ts

@@ -8,20 +8,6 @@ async function main() {
     data: {
       ...userA,
       password: await hash(userA.password),
-      features: {
-        create: {
-          reason: 'created by api sign up',
-          activated: true,
-          feature: {
-            connect: {
-              feature_version: {
-                feature: 'free_plan_v1',
-                version: 1,
-              },
-            },
-          },
-        },
-      },
     },
   });
 }

packages/backend/server/scripts/self-host-predeploy.js

@@ -1,51 +0,0 @@
-import { execSync } from 'node:child_process';
-import fs from 'node:fs';
-import path from 'node:path';
-
-const SELF_HOST_CONFIG_DIR = '/root/.affine/config';
-/**
- * @type {Array<{ from: string; to?: string, modifier?: (content: string): string }>}
- */
-const configFiles = [
-  { from: './.env.example', to: '.env' },
-  { from: './dist/config/affine.js', modifier: configCleaner },
-  { from: './dist/config/affine.env.js', modifier: configCleaner },
-];
-
-function configCleaner(content) {
-  return content.replace(/(\/\/#.*$)|(\/\/\s+TODO.*$)/gm, '');
-}
-
-function prepare() {
-  fs.mkdirSync(SELF_HOST_CONFIG_DIR, { recursive: true });
-
-  for (const { from, to, modifier } of configFiles) {
-    const targetFileName = to ?? path.parse(from).base;
-    const targetFilePath = path.join(SELF_HOST_CONFIG_DIR, targetFileName);
-    if (!fs.existsSync(targetFilePath)) {
-      console.log(`creating config file [${targetFilePath}].`);
-      if (modifier) {
-        const content = fs.readFileSync(from, 'utf-8');
-        fs.writeFileSync(targetFilePath, modifier(content), 'utf-8');
-      } else {
-        fs.cpSync(from, targetFilePath, {
-          force: false,
-        });
-      }
-    }
-  }
-}
-
-function runPredeployScript() {
-  console.log('running predeploy script.');
-  execSync('yarn predeploy', {
-    env: {
-      ...process.env,
-      NODE_OPTIONS:
-        (process.env.NODE_OPTIONS ?? '') + ' --import ./dist/prelude.js',
-    },
-  });
-}
-
-prepare();
-runPredeployScript();

packages/backend/server/src/app.controller.ts

@@ -1,17 +1,13 @@
 import { Controller, Get } from '@nestjs/common';
 
-import { Config } from './fundamentals/config';
-
 @Controller('/')
 export class AppController {
-  constructor(private readonly config: Config) {}
-
   @Get()
   info() {
+    const version = AFFiNE.version;
     return {
-      compatibility: this.config.version,
-      message: `AFFiNE ${this.config.version} Server`,
-      flavor: this.config.flavor,
+      compatibility: version,
+      message: `AFFiNE ${version} Server`,
     };
   }
 }

packages/backend/server/src/app.module.ts

@@ -1,169 +0,0 @@
-import { join } from 'node:path';
-
-import { Logger, Module } from '@nestjs/common';
-import { APP_INTERCEPTOR } from '@nestjs/core';
-import { ScheduleModule } from '@nestjs/schedule';
-import { ServeStaticModule } from '@nestjs/serve-static';
-import { get } from 'lodash-es';
-
-import { AppController } from './app.controller';
-import { AuthModule } from './core/auth';
-import { ADD_ENABLED_FEATURES, ServerConfigModule } from './core/config';
-import { DocModule } from './core/doc';
-import { FeatureModule } from './core/features';
-import { QuotaModule } from './core/quota';
-import { StorageModule } from './core/storage';
-import { SyncModule } from './core/sync';
-import { UsersModule } from './core/users';
-import { WorkspaceModule } from './core/workspaces';
-import { getOptionalModuleMetadata } from './fundamentals';
-import { CacheInterceptor, CacheModule } from './fundamentals/cache';
-import {
-  type AvailablePlugins,
-  Config,
-  ConfigModule,
-} from './fundamentals/config';
-import { EventModule } from './fundamentals/event';
-import { GqlModule } from './fundamentals/graphql';
-import { MailModule } from './fundamentals/mailer';
-import { MetricsModule } from './fundamentals/metrics';
-import { PrismaModule } from './fundamentals/prisma';
-import { SessionModule } from './fundamentals/session';
-import { RateLimiterModule } from './fundamentals/throttler';
-import { WebSocketModule } from './fundamentals/websocket';
-import { pluginsMap } from './plugins';
-
-export const FunctionalityModules = [
-  ConfigModule.forRoot(),
-  ScheduleModule.forRoot(),
-  EventModule,
-  CacheModule,
-  PrismaModule,
-  MetricsModule,
-  RateLimiterModule,
-  SessionModule,
-  MailModule,
-];
-
-export class AppModuleBuilder {
-  private readonly modules: AFFiNEModule[] = [];
-  constructor(private readonly config: Config) {}
-
-  use(...modules: AFFiNEModule[]): this {
-    modules.forEach(m => {
-      const requirements = getOptionalModuleMetadata(m, 'requires');
-      // if condition not set or condition met, include the module
-      if (requirements?.length) {
-        const nonMetRequirements = requirements.filter(c => {
-          const value = get(this.config, c);
-          return (
-            value === undefined ||
-            value === null ||
-            (typeof value === 'string' && value.trim().length === 0)
-          );
-        });
-
-        if (nonMetRequirements.length) {
-          const name = 'module' in m ? m.module.name : m.name;
-          new Logger(name).warn(
-            `${name} is not enabled because of the required configuration is not satisfied.`,
-            'Unsatisfied configuration:',
-            ...nonMetRequirements.map(config => `  AFFiNE.${config}`)
-          );
-          return;
-        }
-      }
-
-      const predicator = getOptionalModuleMetadata(m, 'if');
-      if (predicator && !predicator(this.config)) {
-        return;
-      }
-
-      const contribution = getOptionalModuleMetadata(m, 'contributesTo');
-      if (contribution) {
-        ADD_ENABLED_FEATURES(contribution);
-      }
-      this.modules.push(m);
-    });
-
-    return this;
-  }
-
-  useIf(
-    predicator: (config: Config) => boolean,
-    ...modules: AFFiNEModule[]
-  ): this {
-    if (predicator(this.config)) {
-      this.use(...modules);
-    }
-
-    return this;
-  }
-
-  compile() {
-    @Module({
-      providers: [
-        {
-          provide: APP_INTERCEPTOR,
-          useClass: CacheInterceptor,
-        },
-      ],
-      imports: this.modules,
-      controllers: this.config.flavor.selfhosted ? [] : [AppController],
-    })
-    class AppModule {}
-
-    return AppModule;
-  }
-}
-
-function buildAppModule() {
-  const factor = new AppModuleBuilder(AFFiNE);
-
-  factor
-    // common fundamental modules
-    .use(...FunctionalityModules)
-    // auth
-    .use(AuthModule)
-
-    // business modules
-    .use(DocModule)
-
-    // sync server only
-    .useIf(config => config.flavor.sync, SyncModule)
-
-    // main server only
-    .useIf(
-      config => config.flavor.main,
-      ServerConfigModule,
-      WebSocketModule,
-      GqlModule,
-      StorageModule,
-      UsersModule,
-      WorkspaceModule,
-      FeatureModule,
-      QuotaModule
-    )
-
-    // self hosted server only
-    .useIf(
-      config => config.flavor.selfhosted,
-      ServeStaticModule.forRoot({
-        rootPath: join('/app', 'static'),
-      })
-    );
-
-  // plugin modules
-  AFFiNE.plugins.enabled.forEach(name => {
-    const plugin = pluginsMap.get(name as AvailablePlugins);
-    if (!plugin) {
-      throw new Error(`Unknown plugin ${name}`);
-    }
-
-    factor.use(plugin);
-  });
-
-  return factor.compile();
-}
-
-export const AppModule = buildAppModule();

packages/backend/server/src/app.ts

@@ -1,48 +1,29 @@
-import { Type } from '@nestjs/common';
-import { NestFactory } from '@nestjs/core';
-import type { NestExpressApplication } from '@nestjs/platform-express';
-import cookieParser from 'cookie-parser';
-import graphqlUploadExpress from 'graphql-upload/graphqlUploadExpress.mjs';
+import { Module } from '@nestjs/common';
 
-import { SocketIoAdapter } from './fundamentals';
-import { SocketIoAdapterImpl } from './fundamentals/websocket';
-import { ExceptionLogger } from './middleware/exception-logger';
-import { serverTimingAndCache } from './middleware/timing';
+import { AppController } from './app.controller';
+import { CacheModule } from './cache';
+import { ConfigModule } from './config';
+import { EventModule } from './event';
+import { BusinessModules } from './modules';
+import { AuthModule } from './modules/auth';
+import { PrismaModule } from './prisma';
+import { SessionModule } from './session';
+import { StorageModule } from './storage';
+import { RateLimiterModule } from './throttler';
 
-export async function createApp() {
-  const { AppModule } = await import('./app.module');
+const BasicModules = [
+  PrismaModule,
+  ConfigModule.forRoot(),
+  CacheModule,
+  EventModule,
+  StorageModule.forRoot(),
+  SessionModule,
+  RateLimiterModule,
+  AuthModule,
+];
 
-  const app = await NestFactory.create<NestExpressApplication>(AppModule, {
-    cors: true,
-    rawBody: true,
-    bodyParser: true,
-    logger: AFFiNE.affine.stable ? ['log'] : ['verbose'],
-  });
-
-  app.use(serverTimingAndCache);
-
-  app.use(
-    graphqlUploadExpress({
-      // TODO: dynamic limit by quota
-      maxFileSize: 100 * 1024 * 1024,
-      maxFiles: 5,
-    })
-  );
-
-  app.useGlobalFilters(new ExceptionLogger());
-  app.use(cookieParser());
-
-  if (AFFiNE.flavor.sync) {
-    const SocketIoAdapter = app.get<Type<SocketIoAdapter>>(
-      SocketIoAdapterImpl,
-      {
-        strict: false,
-      }
-    );
-
-    const adapter = new SocketIoAdapter(app);
-    app.useWebSocketAdapter(adapter);
-  }
-
-  return app;
-}
+@Module({
+  imports: [...BasicModules, ...BusinessModules],
+  controllers: [AppController],
+})
+export class AppModule {}

packages/backend/server/src/cache/cache.ts

@@ -1,12 +1,60 @@
 import Keyv from 'keyv';
 
-import type { Cache, CacheSetOptions } from './def';
+export interface CacheSetOptions {
+  // in milliseconds
+  ttl?: number;
+}
+
+// extends if needed
+export interface Cache {
+  // standard operation
+  get<T = unknown>(key: string): Promise<T | undefined>;
+  set<T = unknown>(
+    key: string,
+    value: T,
+    opts?: CacheSetOptions
+  ): Promise<boolean>;
+  setnx<T = unknown>(
+    key: string,
+    value: T,
+    opts?: CacheSetOptions
+  ): Promise<boolean>;
+  increase(key: string, count?: number): Promise<number>;
+  decrease(key: string, count?: number): Promise<number>;
+  delete(key: string): Promise<boolean>;
+  has(key: string): Promise<boolean>;
+  ttl(key: string): Promise<number>;
+  expire(key: string, ttl: number): Promise<boolean>;
+
+  // list operations
+  pushBack<T = unknown>(key: string, ...values: T[]): Promise<number>;
+  pushFront<T = unknown>(key: string, ...values: T[]): Promise<number>;
+  len(key: string): Promise<number>;
+  list<T = unknown>(key: string, start: number, end: number): Promise<T[]>;
+  popFront<T = unknown>(key: string, count?: number): Promise<T[]>;
+  popBack<T = unknown>(key: string, count?: number): Promise<T[]>;
+
+  // map operations
+  mapSet<T = unknown>(
+    map: string,
+    key: string,
+    value: T,
+    opts: CacheSetOptions
+  ): Promise<boolean>;
+  mapIncrease(map: string, key: string, count?: number): Promise<number>;
+  mapDecrease(map: string, key: string, count?: number): Promise<number>;
+  mapGet<T = unknown>(map: string, key: string): Promise<T | undefined>;
+  mapDelete(map: string, key: string): Promise<boolean>;
+  mapKeys(map: string): Promise<string[]>;
+  mapRandomKey(map: string): Promise<string | undefined>;
+  mapLen(map: string): Promise<number>;
+}
 
 export class LocalCache implements Cache {
   private readonly kv: Keyv;
 
-  constructor(opts: Keyv.Options<any> = {}) {
-    this.kv = new Keyv(opts);
+  constructor() {
+    this.kv = new Keyv();
   }
 
   // standard operation

packages/backend/server/src/cache/index.ts

@@ -0,0 +1,24 @@
+import { FactoryProvider, Global, Module } from '@nestjs/common';
+import { Redis } from 'ioredis';
+
+import { Config } from '../config';
+import { LocalCache } from './cache';
+import { RedisCache } from './redis';
+
+const CacheProvider: FactoryProvider = {
+  provide: LocalCache,
+  useFactory: (config: Config) => {
+    return config.redis.enabled
+      ? new RedisCache(new Redis(config.redis))
+      : new LocalCache();
+  },
+  inject: [Config],
+};
+
+@Global()
+@Module({
+  providers: [CacheProvider],
+  exports: [CacheProvider],
+})
+export class CacheModule {}
+export { LocalCache as Cache };

packages/backend/server/src/cache/redis.ts

@@ -1,6 +1,6 @@
 import { Redis } from 'ioredis';
 
-import type { Cache, CacheSetOptions } from '../../fundamentals/cache/def';
+import { Cache, CacheSetOptions } from './cache';
 
 export class RedisCache implements Cache {
   constructor(private readonly redis: Redis) {}

packages/backend/server/src/config/affine.env.ts

@@ -1,40 +0,0 @@
-// Convenient way to map environment variables to config values.
-AFFiNE.ENV_MAP = {
-  AFFINE_SERVER_PORT: ['port', 'int'],
-  AFFINE_SERVER_HOST: 'host',
-  AFFINE_SERVER_SUB_PATH: 'path',
-  AFFIHE_SERVER_HTTPS: ['https', 'boolean'],
-  AFFINE_ENV: 'affineEnv',
-  DATABASE_URL: 'db.url',
-  ENABLE_CAPTCHA: ['auth.captcha.enable', 'boolean'],
-  CAPTCHA_TURNSTILE_SECRET: ['auth.captcha.turnstile.secret', 'string'],
-  OAUTH_GOOGLE_ENABLED: ['auth.oauthProviders.google.enabled', 'boolean'],
-  OAUTH_GOOGLE_CLIENT_ID: 'auth.oauthProviders.google.clientId',
-  OAUTH_GOOGLE_CLIENT_SECRET: 'auth.oauthProviders.google.clientSecret',
-  OAUTH_GITHUB_ENABLED: ['auth.oauthProviders.github.enabled', 'boolean'],
-  OAUTH_GITHUB_CLIENT_ID: 'auth.oauthProviders.github.clientId',
-  OAUTH_GITHUB_CLIENT_SECRET: 'auth.oauthProviders.github.clientSecret',
-  OAUTH_EMAIL_LOGIN: 'auth.email.login',
-  OAUTH_EMAIL_SENDER: 'auth.email.sender',
-  OAUTH_EMAIL_SERVER: 'auth.email.server',
-  OAUTH_EMAIL_PORT: ['auth.email.port', 'int'],
-  OAUTH_EMAIL_PASSWORD: 'auth.email.password',
-  THROTTLE_TTL: ['rateLimiter.ttl', 'int'],
-  THROTTLE_LIMIT: ['rateLimiter.limit', 'int'],
-  REDIS_SERVER_HOST: 'plugins.redis.host',
-  REDIS_SERVER_PORT: ['plugins.redis.port', 'int'],
-  REDIS_SERVER_USER: 'plugins.redis.username',
-  REDIS_SERVER_PASSWORD: 'plugins.redis.password',
-  REDIS_SERVER_DATABASE: ['plugins.redis.db', 'int'],
-  DOC_MERGE_INTERVAL: ['doc.manager.updatePollInterval', 'int'],
-  DOC_MERGE_USE_JWST_CODEC: [
-    'doc.manager.experimentalMergeWithJwstCodec',
-    'boolean',
-  ],
-  ENABLE_LOCAL_EMAIL: ['auth.localEmail', 'boolean'],
-  STRIPE_API_KEY: 'plugins.payment.stripe.keys.APIKey',
-  STRIPE_WEBHOOK_KEY: 'plugins.payment.stripe.keys.webhookKey',
-  FEATURES_EARLY_ACCESS_PREVIEW: ['featureFlags.earlyAccessPreview', 'boolean'],
-};
-
-export default AFFiNE;

packages/backend/server/src/config/affine.ts

@@ -1,39 +0,0 @@
-/* eslint-disable @typescript-eslint/no-non-null-assertion */
-// Custom configurations
-const env = process.env;
-
-// TODO(@forehalo): detail explained
-// Storage
-if (env.R2_OBJECT_STORAGE_ACCOUNT_ID) {
-  AFFiNE.storage.providers.r2 = {
-    accountId: env.R2_OBJECT_STORAGE_ACCOUNT_ID,
-    credentials: {
-      accessKeyId: env.R2_OBJECT_STORAGE_ACCESS_KEY_ID!,
-      secretAccessKey: env.R2_OBJECT_STORAGE_SECRET_ACCESS_KEY!,
-    },
-  };
-  AFFiNE.storage.storages.avatar.provider = 'r2';
-  AFFiNE.storage.storages.avatar.bucket = 'account-avatar';
-  AFFiNE.storage.storages.avatar.publicLinkFactory = key =>
-    `https://avatar.affineassets.com/${key}`;
-
-  AFFiNE.storage.storages.blob.provider = 'r2';
-  AFFiNE.storage.storages.blob.bucket = `workspace-blobs-${
-    AFFiNE.affine.canary ? 'canary' : 'prod'
-  }`;
-}
-
-// Metrics
-AFFiNE.metrics.enabled = true;
-
-// Plugins Section Start
-AFFiNE.plugins.use('payment', {
-  stripe: {
-    keys: {},
-    apiVersion: '2023-10-16',
-  },
-});
-AFFiNE.plugins.use('redis');
-// Plugins Section end
-
-export default AFFiNE;

packages/backend/server/src/config/def.ts

@@ -1,8 +1,6 @@
 import type { ApolloDriverConfig } from '@nestjs/apollo';
 
 import type { LeafPaths } from '../utils/types';
-import { EnvConfigType } from './env';
-import type { AFFiNEStorageConfig } from './storage';
 
 declare global {
   // eslint-disable-next-line @typescript-eslint/no-namespace
@@ -18,29 +16,52 @@ export enum ExternalAccount {
   firebase = 'firebase',
 }
 
-export type ServerFlavor =
-  | 'allinone'
-  | 'main'
-  // @deprecated
-  | 'graphql'
-  | 'sync'
-  | 'selfhosted';
-export type ConfigPaths = LeafPaths<
+type EnvConfigType = 'string' | 'int' | 'float' | 'boolean';
+type ConfigPaths = LeafPaths<
   Omit<
     AFFiNEConfig,
     | 'ENV_MAP'
     | 'version'
-    | 'flavor'
-    | 'env'
-    | 'affine'
-    | 'deploy'
-    | 'node'
     | 'baseUrl'
     | 'origin'
+    | 'prod'
+    | 'dev'
+    | 'test'
+    | 'deploy'
   >,
   '',
-  '.....'
+  '....'
 >;
+/**
+ * parse number value from environment variables
+ */
+function int(value: string) {
+  const n = parseInt(value);
+  return Number.isNaN(n) ? undefined : n;
+}
+
+function float(value: string) {
+  const n = parseFloat(value);
+  return Number.isNaN(n) ? undefined : n;
+}
+
+function boolean(value: string) {
+  return value === '1' || value.toLowerCase() === 'true';
+}
+
+export function parseEnvValue(value: string | undefined, type?: EnvConfigType) {
+  if (value === undefined) {
+    return;
+  }
+
+  return type === 'int'
+    ? int(value)
+    : type === 'float'
+      ? float(value)
+      : type === 'boolean'
+        ? boolean(value)
+        : value;
+}
 
 /**
  * All Configurations that would control AFFiNE server behaviors
@@ -51,28 +72,11 @@ export interface AFFiNEConfig {
   /**
    * Server Identity
    */
-  serverId: string;
-
-  /**
-   * Name may show on the UI
-   */
-  serverName: string;
-
+  readonly serverId: string;
   /**
    * System version
    */
   readonly version: string;
-
-  /**
-   * Server flavor
-   */
-  get flavor(): {
-    type: string;
-    main: boolean;
-    sync: boolean;
-    selfhosted: boolean;
-  };
-
   /**
    * Deployment environment
    */
@@ -84,7 +88,6 @@ export interface AFFiNEConfig {
    * @env NODE_ENV
    */
   readonly env: string;
-
   /**
    * fast AFFiNE environment judge
    */
@@ -160,11 +163,35 @@ export interface AFFiNEConfig {
   featureFlags: {
     earlyAccessPreview: boolean;
   };
-
   /**
-   * Configuration for Object Storage, which defines how blobs and avatar assets are stored.
+   * object storage Config
+   *
+   * all artifacts and logs will be stored on instance disk,
+   * and can not shared between instances if not configured
    */
-  storage: AFFiNEStorageConfig;
+  objectStorage: {
+    /**
+     * whether use remote object storage
+     */
+    r2: {
+      enabled: boolean;
+      accountId: string;
+      bucket: string;
+      accessKeyId: string;
+      secretAccessKey: string;
+    };
+    /**
+     * Only used when `enable` is `false`
+     */
+    fs: {
+      path: string;
+    };
+    /**
+     * default storage quota
+     * @default 10 * 1024 * 1024 * 1024 (10GB)
+     */
+    quota: number;
+  };
 
   /**
    * Rate limiter config
@@ -184,6 +211,38 @@ export interface AFFiNEConfig {
     limit: number;
   };
 
+  /**
+   * Redis Config
+   *
+   * whether to use redis as Socket.IO adapter
+   */
+  redis: {
+    /**
+     * if not enabled, use in-memory adapter by default
+     */
+    enabled: boolean;
+    /**
+     * url of redis host
+     */
+    host: string;
+    /**
+     * port of redis
+     */
+    port: number;
+    username: string;
+    password: string;
+    /**
+     * redis database index
+     *
+     * Rate Limiter scope: database + 1
+     *
+     * Session scope: database + 2
+     *
+     * @default 0
+     */
+    database: number;
+  };
+
   /**
    * authentication config
    */
@@ -286,11 +345,6 @@ export interface AFFiNEConfig {
 
   doc: {
     manager: {
-      /**
-       * Whether auto merge updates into doc snapshot.
-       */
-      enableUpdateAutoMerging: boolean;
-
       /**
        * How often the [DocManager] will start a new turn of merging pending updates into doc snapshot.
        *
@@ -318,9 +372,12 @@ export interface AFFiNEConfig {
     };
   };
 
-  metrics: {
-    enabled: boolean;
+  payment: {
+    stripe: {
+      keys: {
+        APIKey: string;
+        webhookKey: string;
+      };
+    } & import('stripe').Stripe.StripeConfig;
   };
 }
-
-export * from './storage';

packages/backend/server/src/config/default.ts

@@ -1,16 +1,17 @@
-/// <reference types="../../global.d.ts" />
+/// <reference types="../global.d.ts" />
 
 import { createPrivateKey, createPublicKey } from 'node:crypto';
+import { homedir } from 'node:os';
+import { join } from 'node:path';
 
-import { merge } from 'lodash-es';
 import parse from 'parse-duration';
 
-import pkg from '../../../package.json' assert { type: 'json' };
-import type { AFFiNEConfig, ServerFlavor } from './def';
-import { getDefaultAFFiNEStorageConfig } from './storage';
+import pkg from '../../package.json' assert { type: 'json' };
+import type { AFFiNEConfig } from './def';
+import { applyEnvToConfig } from './env';
 
 // Don't use this in production
-const examplePrivateKey = `-----BEGIN EC PRIVATE KEY-----
+export const examplePrivateKey = `-----BEGIN EC PRIVATE KEY-----
 MHcCAQEEIEtyAJLIULkphVhqXqxk4Nr8Ggty3XLwUJWBxzAWCWTMoAoGCCqGSM49
 AwEHoUQDQgAEF3U/0wIeJ3jRKXeFKqQyBKlr9F7xaAUScRrAuSP33rajm3cdfihI
 3JvMxVNsS2lE8PSGQrvDrJZaDo0L+Lq9Gg==
@@ -46,24 +47,55 @@ const jwtKeyPair = (function () {
 })();
 
 export const getDefaultAFFiNEConfig: () => AFFiNEConfig = () => {
-  let isHttps: boolean | null = null;
-  let flavor = (process.env.SERVER_FLAVOR ?? 'allinone') as ServerFlavor;
   const defaultConfig = {
     serverId: 'affine-nestjs-server',
-    serverName: flavor === 'selfhosted' ? 'Self-Host Cloud' : 'AFFiNE Cloud',
     version: pkg.version,
-    get flavor() {
-      if (flavor === 'graphql') {
-        flavor = 'main';
-      }
-      return {
-        type: flavor,
-        main: flavor === 'main' || flavor === 'allinone',
-        sync: flavor === 'sync' || flavor === 'allinone',
-        selfhosted: flavor === 'selfhosted',
-      };
-    },
-    ENV_MAP: {},
+    ENV_MAP: {
+      AFFINE_SERVER_PORT: ['port', 'int'],
+      AFFINE_SERVER_HOST: 'host',
+      AFFINE_SERVER_SUB_PATH: 'path',
+      AFFINE_ENV: 'affineEnv',
+      AFFINE_FREE_USER_QUOTA: 'objectStorage.quota',
+      DATABASE_URL: 'db.url',
+      ENABLE_R2_OBJECT_STORAGE: ['objectStorage.r2.enabled', 'boolean'],
+      R2_OBJECT_STORAGE_ACCOUNT_ID: 'objectStorage.r2.accountId',
+      R2_OBJECT_STORAGE_ACCESS_KEY_ID: 'objectStorage.r2.accessKeyId',
+      R2_OBJECT_STORAGE_SECRET_ACCESS_KEY: 'objectStorage.r2.secretAccessKey',
+      R2_OBJECT_STORAGE_BUCKET: 'objectStorage.r2.bucket',
+      ENABLE_CAPTCHA: ['auth.captcha.enable', 'boolean'],
+      CAPTCHA_TURNSTILE_SECRET: ['auth.captcha.turnstile.secret', 'string'],
+      OAUTH_GOOGLE_ENABLED: ['auth.oauthProviders.google.enabled', 'boolean'],
+      OAUTH_GOOGLE_CLIENT_ID: 'auth.oauthProviders.google.clientId',
+      OAUTH_GOOGLE_CLIENT_SECRET: 'auth.oauthProviders.google.clientSecret',
+      OAUTH_GITHUB_ENABLED: ['auth.oauthProviders.github.enabled', 'boolean'],
+      OAUTH_GITHUB_CLIENT_ID: 'auth.oauthProviders.github.clientId',
+      OAUTH_GITHUB_CLIENT_SECRET: 'auth.oauthProviders.github.clientSecret',
+      OAUTH_EMAIL_LOGIN: 'auth.email.login',
+      OAUTH_EMAIL_SENDER: 'auth.email.sender',
+      OAUTH_EMAIL_SERVER: 'auth.email.server',
+      OAUTH_EMAIL_PORT: ['auth.email.port', 'int'],
+      OAUTH_EMAIL_PASSWORD: 'auth.email.password',
+      THROTTLE_TTL: ['rateLimiter.ttl', 'int'],
+      THROTTLE_LIMIT: ['rateLimiter.limit', 'int'],
+      REDIS_SERVER_ENABLED: ['redis.enabled', 'boolean'],
+      REDIS_SERVER_HOST: 'redis.host',
+      REDIS_SERVER_PORT: ['redis.port', 'int'],
+      REDIS_SERVER_USER: 'redis.username',
+      REDIS_SERVER_PASSWORD: 'redis.password',
+      REDIS_SERVER_DATABASE: ['redis.database', 'int'],
+      DOC_MERGE_INTERVAL: ['doc.manager.updatePollInterval', 'int'],
+      DOC_MERGE_USE_JWST_CODEC: [
+        'doc.manager.experimentalMergeWithJwstCodec',
+        'boolean',
+      ],
+      ENABLE_LOCAL_EMAIL: ['auth.localEmail', 'boolean'],
+      STRIPE_API_KEY: 'payment.stripe.keys.APIKey',
+      STRIPE_WEBHOOK_KEY: 'payment.stripe.keys.webhookKey',
+      FEATURES_EARLY_ACCESS_PREVIEW: [
+        'featureFlags.earlyAccessPreview',
+        'boolean',
+      ],
+    } satisfies AFFiNEConfig['ENV_MAP'],
     affineEnv: 'dev',
     get affine() {
       const env = this.affineEnv;
@@ -89,10 +121,7 @@ export const getDefaultAFFiNEConfig: () => AFFiNEConfig = () => {
       earlyAccessPreview: false,
     },
     get https() {
-      return isHttps ?? !this.node.dev;
-    },
-    set https(value: boolean) {
-      isHttps = value;
+      return !this.node.dev;
     },
     host: 'localhost',
     port: 3010,
@@ -104,9 +133,7 @@ export const getDefaultAFFiNEConfig: () => AFFiNEConfig = () => {
       return this.node.dev
         ? 'http://localhost:8080'
         : `${this.https ? 'https' : 'http'}://${this.host}${
-            this.host === 'localhost' || this.host === '0.0.0.0'
-              ? `:${this.port}`
-              : ''
+            this.host === 'localhost' ? `:${this.port}` : ''
           }`;
     },
     get baseUrl() {
@@ -151,14 +178,34 @@ export const getDefaultAFFiNEConfig: () => AFFiNEConfig = () => {
         password: '',
       },
     },
-    storage: getDefaultAFFiNEStorageConfig(),
+    objectStorage: {
+      r2: {
+        enabled: false,
+        bucket: '',
+        accountId: '',
+        accessKeyId: '',
+        secretAccessKey: '',
+      },
+      fs: {
+        path: join(homedir(), '.affine-storage'),
+      },
+      // 10GB
+      quota: 10 * 1024 * 1024 * 1024,
+    },
     rateLimiter: {
       ttl: 60,
-      limit: 120,
+      limit: 60,
+    },
+    redis: {
+      enabled: false,
+      host: '127.0.0.1',
+      port: 6379,
+      username: '',
+      password: '',
+      database: 0,
     },
     doc: {
       manager: {
-        enableUpdateAutoMerging: flavor !== 'sync',
         updatePollInterval: 3000,
         experimentalMergeWithJwstCodec: false,
       },
@@ -166,17 +213,18 @@ export const getDefaultAFFiNEConfig: () => AFFiNEConfig = () => {
         interval: 1000 * 60 * 10 /* 10 mins */,
       },
     },
-    metrics: {
-      enabled: false,
-    },
-    plugins: {
-      enabled: [],
-      use(plugin, config) {
-        this[plugin] = merge(this[plugin], config || {});
-        this.enabled.push(plugin);
+    payment: {
+      stripe: {
+        keys: {
+          APIKey: '',
+          webhookKey: '',
+        },
+        apiVersion: '2023-10-16',
       },
     },
   } satisfies AFFiNEConfig;
 
+  applyEnvToConfig(defaultConfig);
+
   return defaultConfig;
 };

packages/backend/server/src/config/env.ts

@@ -0,0 +1,17 @@
+import { set } from 'lodash-es';
+
+import { type AFFiNEConfig, parseEnvValue } from './def';
+
+export function applyEnvToConfig(rawConfig: AFFiNEConfig) {
+  for (const env in rawConfig.ENV_MAP) {
+    const config = rawConfig.ENV_MAP[env];
+    const [path, value] =
+      typeof config === 'string'
+        ? [config, process.env[env]]
+        : [config[0], parseEnvValue(process.env[env], config[1])];
+
+    if (value !== undefined) {
+      set(rawConfig, path, value);
+    }
+  }
+}

packages/backend/server/src/config/index.ts

@@ -1,12 +1,26 @@
-import { DynamicModule, FactoryProvider } from '@nestjs/common';
+// eslint-disable-next-line simple-import-sort/imports
+import type { DynamicModule, FactoryProvider } from '@nestjs/common';
 import { merge } from 'lodash-es';
 
-import { ApplyType } from '../utils/types';
-import { AFFiNEConfig } from './def';
+import type { DeepPartial } from '../utils/types';
+import type { AFFiNEConfig } from './def';
+
+import '../prelude';
+
+type ConstructorOf<T> = {
+  new (): T;
+};
+
+function ApplyType<T>(): ConstructorOf<T> {
+  // @ts-expect-error used to fake the type of config
+  return class Inner implements T {
+    constructor() {}
+  };
+}
 
 /**
- * @example
- *
+ * usage:
+ * ```
  * import { Config } from '@affine/server'
  *
  * class TestConfig {
@@ -15,6 +29,7 @@ import { AFFiNEConfig } from './def';
  *     return this.config.env
  *   }
  * }
+ * ```
  */
 export class Config extends ApplyType<AFFiNEConfig>() {}
 
@@ -56,3 +71,5 @@ export class ConfigModule {
     };
   };
 }
+
+export type { AFFiNEConfig } from './def';

packages/backend/server/src/constants.ts

@@ -0,0 +1,3 @@
+export const OPERATION_NAME = 'x-operation-name';
+
+export const REQUEST_ID = 'x-request-id';

packages/backend/server/src/core/config.ts

@@ -1,58 +0,0 @@
-import { Module } from '@nestjs/common';
-import { Field, ObjectType, Query, registerEnumType } from '@nestjs/graphql';
-
-export enum ServerFeature {
-  Payment = 'payment',
-}
-
-registerEnumType(ServerFeature, {
-  name: 'ServerFeature',
-});
-
-const ENABLED_FEATURES: ServerFeature[] = [];
-export function ADD_ENABLED_FEATURES(feature: ServerFeature) {
-  ENABLED_FEATURES.push(feature);
-}
-
-@ObjectType()
-export class ServerConfigType {
-  @Field({
-    description:
-      'server identical name could be shown as badge on user interface',
-  })
-  name!: string;
-
-  @Field({ description: 'server version' })
-  version!: string;
-
-  @Field({ description: 'server base url' })
-  baseUrl!: string;
-
-  /**
-   * @deprecated
-   */
-  @Field({ description: 'server flavor', deprecationReason: 'use `features`' })
-  flavor!: string;
-
-  @Field(() => [ServerFeature], { description: 'enabled server features' })
-  features!: ServerFeature[];
-}
-export class ServerConfigResolver {
-  @Query(() => ServerConfigType, {
-    description: 'server config',
-  })
-  serverConfig(): ServerConfigType {
-    return {
-      name: AFFiNE.serverName,
-      version: AFFiNE.version,
-      baseUrl: AFFiNE.baseUrl,
-      flavor: AFFiNE.flavor.type,
-      features: ENABLED_FEATURES,
-    };
-  }
-}
-
-@Module({
-  providers: [ServerConfigResolver],
-})
-export class ServerConfigModule {}

packages/backend/server/src/core/doc/index.ts

@@ -1,14 +0,0 @@
-import { Module } from '@nestjs/common';
-
-import { QuotaModule } from '../quota';
-import { DocHistoryManager } from './history';
-import { DocManager } from './manager';
-
-@Module({
-  imports: [QuotaModule],
-  providers: [DocManager, DocHistoryManager],
-  exports: [DocManager, DocHistoryManager],
-})
-export class DocModule {}
-
-export { DocHistoryManager, DocManager };

packages/backend/server/src/core/features/feature.ts

@@ -1,98 +0,0 @@
-import { PrismaClient } from '@prisma/client';
-
-import { Feature, FeatureSchema, FeatureType } from './types';
-
-class FeatureConfig {
-  readonly config: Feature;
-
-  constructor(data: any) {
-    const config = FeatureSchema.safeParse(data);
-    if (config.success) {
-      this.config = config.data;
-    } else {
-      throw new Error(`Invalid quota config: ${config.error.message}`);
-    }
-  }
-
-  /// feature name of quota
-  get name() {
-    return this.config.feature;
-  }
-}
-
-export class CopilotFeatureConfig extends FeatureConfig {
-  override config!: Feature & { feature: FeatureType.Copilot };
-  constructor(data: any) {
-    super(data);
-
-    if (this.config.feature !== FeatureType.Copilot) {
-      throw new Error('Invalid feature config: type is not Copilot');
-    }
-  }
-}
-
-export class EarlyAccessFeatureConfig extends FeatureConfig {
-  override config!: Feature & { feature: FeatureType.EarlyAccess };
-
-  constructor(data: any) {
-    super(data);
-
-    if (this.config.feature !== FeatureType.EarlyAccess) {
-      throw new Error('Invalid feature config: type is not EarlyAccess');
-    }
-  }
-}
-
-export class UnlimitedWorkspaceFeatureConfig extends FeatureConfig {
-  override config!: Feature & { feature: FeatureType.UnlimitedWorkspace };
-
-  constructor(data: any) {
-    super(data);
-
-    if (this.config.feature !== FeatureType.UnlimitedWorkspace) {
-      throw new Error('Invalid feature config: type is not EarlyAccess');
-    }
-  }
-}
-
-const FeatureConfigMap = {
-  [FeatureType.Copilot]: CopilotFeatureConfig,
-  [FeatureType.EarlyAccess]: EarlyAccessFeatureConfig,
-  [FeatureType.UnlimitedWorkspace]: UnlimitedWorkspaceFeatureConfig,
-};
-
-export type FeatureConfigType<F extends FeatureType> = InstanceType<
-  (typeof FeatureConfigMap)[F]
->;
-
-const FeatureCache = new Map<number, FeatureConfigType<FeatureType>>();
-
-export async function getFeature(prisma: PrismaClient, featureId: number) {
-  const cachedQuota = FeatureCache.get(featureId);
-
-  if (cachedQuota) {
-    return cachedQuota;
-  }
-
-  const feature = await prisma.features.findFirst({
-    where: {
-      id: featureId,
-    },
-  });
-  if (!feature) {
-    // this should unreachable
-    throw new Error(`Quota config ${featureId} not found`);
-  }
-  const ConfigClass = FeatureConfigMap[feature.feature as FeatureType];
-
-  if (!ConfigClass) {
-    throw new Error(`Feature config ${featureId} not found`);
-  }
-
-  const config = new ConfigClass(feature);
-  // we always edit quota config as a new quota config
-  // so we can cache it by featureId
-  FeatureCache.set(featureId, config);
-
-  return config;
-}

packages/backend/server/src/core/features/index.ts

@@ -1,20 +0,0 @@
-import { Module } from '@nestjs/common';
-
-import { FeatureManagementService } from './management';
-import { FeatureService } from './service';
-
-/**
- * Feature module provider pre-user feature flag management.
- * includes:
- * - feature query/update/permit
- * - feature statistics
- */
-@Module({
-  providers: [FeatureService, FeatureManagementService],
-  exports: [FeatureService, FeatureManagementService],
-})
-export class FeatureModule {}
-
-export { type CommonFeature, commonFeatureSchema } from './types';
-export { FeatureKind, Features, FeatureType } from './types';
-export { FeatureManagementService, FeatureService };

packages/backend/server/src/core/features/management.ts

@@ -1,114 +0,0 @@
-import { Injectable, Logger } from '@nestjs/common';
-
-import { Config, PrismaService } from '../../fundamentals';
-import { FeatureService } from './service';
-import { FeatureType } from './types';
-
-const STAFF = ['@toeverything.info'];
-
-@Injectable()
-export class FeatureManagementService {
-  protected logger = new Logger(FeatureManagementService.name);
-
-  constructor(
-    private readonly feature: FeatureService,
-    private readonly prisma: PrismaService,
-    private readonly config: Config
-  ) {}
-
-  // ======== Admin ========
-
-  // todo(@darkskygit): replace this with abac
-  isStaff(email: string) {
-    for (const domain of STAFF) {
-      if (email.endsWith(domain)) {
-        return true;
-      }
-    }
-    return false;
-  }
-
-  // ======== Early Access ========
-
-  async addEarlyAccess(userId: string) {
-    return this.feature.addUserFeature(
-      userId,
-      FeatureType.EarlyAccess,
-      2,
-      'Early access user'
-    );
-  }
-
-  async removeEarlyAccess(userId: string) {
-    return this.feature.removeUserFeature(userId, FeatureType.EarlyAccess);
-  }
-
-  async listEarlyAccess() {
-    return this.feature.listFeatureUsers(FeatureType.EarlyAccess);
-  }
-
-  async isEarlyAccessUser(email: string) {
-    const user = await this.prisma.user.findFirst({
-      where: {
-        email,
-      },
-    });
-    if (user) {
-      const canEarlyAccess = await this.feature
-        .hasUserFeature(user.id, FeatureType.EarlyAccess)
-        .catch(() => false);
-
-      return canEarlyAccess;
-    }
-    return false;
-  }
-
-  /// check early access by email
-  async canEarlyAccess(email: string) {
-    if (this.config.featureFlags.earlyAccessPreview && !this.isStaff(email)) {
-      return this.isEarlyAccessUser(email);
-    } else {
-      return true;
-    }
-  }
-
-  // ======== Workspace Feature ========
-  async addWorkspaceFeatures(
-    workspaceId: string,
-    feature: FeatureType,
-    version?: number,
-    reason?: string
-  ) {
-    const latestVersions = await this.feature.getFeaturesVersion();
-    // use latest version if not specified
-    const latestVersion = version || latestVersions[feature];
-    if (!Number.isInteger(latestVersion)) {
-      throw new Error(`Version of feature ${feature} not found`);
-    }
-    return this.feature.addWorkspaceFeature(
-      workspaceId,
-      feature,
-      latestVersion,
-      reason || 'add feature by api'
-    );
-  }
-
-  async getWorkspaceFeatures(workspaceId: string) {
-    const features = await this.feature.getWorkspaceFeatures(workspaceId);
-    return features.filter(f => f.activated).map(f => f.feature.name);
-  }
-
-  async hasWorkspaceFeature(workspaceId: string, feature: FeatureType) {
-    return this.feature.hasWorkspaceFeature(workspaceId, feature);
-  }
-
-  async removeWorkspaceFeature(workspaceId: string, feature: FeatureType) {
-    return this.feature
-      .removeWorkspaceFeature(workspaceId, feature)
-      .then(c => c > 0);
-  }
-
-  async listFeatureWorkspaces(feature: FeatureType) {
-    return this.feature.listFeatureWorkspaces(feature);
-  }
-}

packages/backend/server/src/core/features/service.ts

@@ -1,342 +0,0 @@
-import { Injectable } from '@nestjs/common';
-
-import { PrismaService } from '../../fundamentals';
-import { UserType } from '../users/types';
-import { WorkspaceType } from '../workspaces/types';
-import { FeatureConfigType, getFeature } from './feature';
-import { FeatureKind, FeatureType } from './types';
-
-@Injectable()
-export class FeatureService {
-  constructor(private readonly prisma: PrismaService) {}
-
-  async getFeaturesVersion() {
-    const features = await this.prisma.features.findMany({
-      where: {
-        type: FeatureKind.Feature,
-      },
-      select: {
-        feature: true,
-        version: true,
-      },
-    });
-    return features.reduce(
-      (acc, feature) => {
-        // only keep the latest version
-        if (acc[feature.feature]) {
-          if (acc[feature.feature] < feature.version) {
-            acc[feature.feature] = feature.version;
-          }
-        } else {
-          acc[feature.feature] = feature.version;
-        }
-        return acc;
-      },
-      {} as Record<string, number>
-    );
-  }
-
-  async getFeature<F extends FeatureType>(
-    feature: F
-  ): Promise<FeatureConfigType<F> | undefined> {
-    const data = await this.prisma.features.findFirst({
-      where: {
-        feature,
-        type: FeatureKind.Feature,
-      },
-      select: { id: true },
-      orderBy: {
-        version: 'desc',
-      },
-    });
-    if (data) {
-      return getFeature(this.prisma, data.id) as FeatureConfigType<F>;
-    }
-    return undefined;
-  }
-
-  // ======== User Features ========
-
-  async addUserFeature(
-    userId: string,
-    feature: FeatureType,
-    version: number,
-    reason: string,
-    expiredAt?: Date | string
-  ) {
-    return this.prisma.$transaction(async tx => {
-      const latestFlag = await tx.userFeatures.findFirst({
-        where: {
-          userId,
-          feature: {
-            feature,
-            type: FeatureKind.Feature,
-          },
-          activated: true,
-        },
-        orderBy: {
-          createdAt: 'desc',
-        },
-      });
-      if (latestFlag) {
-        return latestFlag.id;
-      } else {
-        return tx.userFeatures
-          .create({
-            data: {
-              reason,
-              expiredAt,
-              activated: true,
-              user: {
-                connect: {
-                  id: userId,
-                },
-              },
-              feature: {
-                connect: {
-                  feature_version: {
-                    feature,
-                    version,
-                  },
-                  type: FeatureKind.Feature,
-                },
-              },
-            },
-          })
-          .then(r => r.id);
-      }
-    });
-  }
-
-  async removeUserFeature(userId: string, feature: FeatureType) {
-    return this.prisma.userFeatures
-      .updateMany({
-        where: {
-          userId,
-          feature: {
-            feature,
-            type: FeatureKind.Feature,
-          },
-          activated: true,
-        },
-        data: {
-          activated: false,
-        },
-      })
-      .then(r => r.count);
-  }
-
-  /**
-   * get user's features, will included inactivated features
-   * @param userId user id
-   * @returns list of features
-   */
-  async getUserFeatures(userId: string) {
-    const features = await this.prisma.userFeatures.findMany({
-      where: {
-        user: { id: userId },
-        feature: {
-          type: FeatureKind.Feature,
-        },
-      },
-      select: {
-        activated: true,
-        reason: true,
-        createdAt: true,
-        expiredAt: true,
-        featureId: true,
-      },
-    });
-
-    const configs = await Promise.all(
-      features.map(async feature => ({
-        ...feature,
-        feature: await getFeature(this.prisma, feature.featureId),
-      }))
-    );
-
-    return configs.filter(feature => !!feature.feature);
-  }
-
-  async listFeatureUsers(feature: FeatureType): Promise<UserType[]> {
-    return this.prisma.userFeatures
-      .findMany({
-        where: {
-          activated: true,
-          feature: {
-            feature: feature,
-            type: FeatureKind.Feature,
-          },
-        },
-        select: {
-          user: {
-            select: {
-              id: true,
-              name: true,
-              avatarUrl: true,
-              email: true,
-              emailVerified: true,
-              createdAt: true,
-            },
-          },
-        },
-      })
-      .then(users => users.map(user => user.user));
-  }
-
-  async hasUserFeature(userId: string, feature: FeatureType) {
-    return this.prisma.userFeatures
-      .count({
-        where: {
-          userId,
-          activated: true,
-          feature: {
-            feature,
-            type: FeatureKind.Feature,
-          },
-        },
-      })
-      .then(count => count > 0);
-  }
-
-  // ======== Workspace Features ========
-
-  async addWorkspaceFeature(
-    workspaceId: string,
-    feature: FeatureType,
-    version: number,
-    reason: string,
-    expiredAt?: Date | string
-  ) {
-    return this.prisma.$transaction(async tx => {
-      const latestFlag = await tx.workspaceFeatures.findFirst({
-        where: {
-          workspaceId,
-          feature: {
-            feature,
-            type: FeatureKind.Feature,
-          },
-          activated: true,
-        },
-        orderBy: {
-          createdAt: 'desc',
-        },
-      });
-      if (latestFlag) {
-        return latestFlag.id;
-      } else {
-        return tx.workspaceFeatures
-          .create({
-            data: {
-              reason,
-              expiredAt,
-              activated: true,
-              workspace: {
-                connect: {
-                  id: workspaceId,
-                },
-              },
-              feature: {
-                connect: {
-                  feature_version: {
-                    feature,
-                    version,
-                  },
-                  type: FeatureKind.Feature,
-                },
-              },
-            },
-          })
-          .then(r => r.id);
-      }
-    });
-  }
-
-  async removeWorkspaceFeature(workspaceId: string, feature: FeatureType) {
-    return this.prisma.workspaceFeatures
-      .updateMany({
-        where: {
-          workspaceId,
-          feature: {
-            feature,
-            type: FeatureKind.Feature,
-          },
-          activated: true,
-        },
-        data: {
-          activated: false,
-        },
-      })
-      .then(r => r.count);
-  }
-
-  /**
-   * get workspace's features, will included inactivated features
-   * @param workspaceId workspace id
-   * @returns list of features
-   */
-  async getWorkspaceFeatures(workspaceId: string) {
-    const features = await this.prisma.workspaceFeatures.findMany({
-      where: {
-        workspace: { id: workspaceId },
-        feature: {
-          type: FeatureKind.Feature,
-        },
-      },
-      select: {
-        activated: true,
-        reason: true,
-        createdAt: true,
-        expiredAt: true,
-        featureId: true,
-      },
-    });
-
-    const configs = await Promise.all(
-      features.map(async feature => ({
-        ...feature,
-        feature: await getFeature(this.prisma, feature.featureId),
-      }))
-    );
-
-    return configs.filter(feature => !!feature.feature);
-  }
-
-  async listFeatureWorkspaces(feature: FeatureType): Promise<WorkspaceType[]> {
-    return this.prisma.workspaceFeatures
-      .findMany({
-        where: {
-          activated: true,
-          feature: {
-            feature: feature,
-            type: FeatureKind.Feature,
-          },
-        },
-        select: {
-          workspace: {
-            select: {
-              id: true,
-              public: true,
-              createdAt: true,
-            },
-          },
-        },
-      })
-      .then(wss => wss.map(ws => ws.workspace as WorkspaceType));
-  }
-
-  async hasWorkspaceFeature(workspaceId: string, feature: FeatureType) {
-    return this.prisma.workspaceFeatures
-      .count({
-        where: {
-          workspaceId,
-          activated: true,
-          feature: {
-            feature,
-            type: FeatureKind.Feature,
-          },
-        },
-      })
-      .then(count => count > 0);
-  }
-}

packages/backend/server/src/core/features/types/common.ts

@@ -1,12 +0,0 @@
-import { registerEnumType } from '@nestjs/graphql';
-
-export enum FeatureType {
-  Copilot = 'copilot',
-  EarlyAccess = 'early_access',
-  UnlimitedWorkspace = 'unlimited_workspace',
-}
-
-registerEnumType(FeatureType, {
-  name: 'FeatureType',
-  description: 'The type of workspace feature',
-});

packages/backend/server/src/core/features/types/copilot.ts

@@ -1,8 +0,0 @@
-import { z } from 'zod';
-
-import { FeatureType } from './common';
-
-export const featureCopilot = z.object({
-  feature: z.literal(FeatureType.Copilot),
-  configs: z.object({}),
-});

packages/backend/server/src/core/features/types/early-access.ts

@@ -1,11 +0,0 @@
-import { z } from 'zod';
-
-import { FeatureType } from './common';
-
-export const featureEarlyAccess = z.object({
-  feature: z.literal(FeatureType.EarlyAccess),
-  configs: z.object({
-    // field polyfill, make it optional in the future
-    whitelist: z.string().array(),
-  }),
-});

packages/backend/server/src/core/features/types/index.ts

@@ -1,73 +0,0 @@
-import { z } from 'zod';
-
-import { FeatureType } from './common';
-import { featureCopilot } from './copilot';
-import { featureEarlyAccess } from './early-access';
-import { featureUnlimitedWorkspace } from './unlimited-workspace';
-
-/// ======== common schema ========
-
-export enum FeatureKind {
-  Feature,
-  Quota,
-}
-
-export const commonFeatureSchema = z.object({
-  feature: z.string(),
-  type: z.nativeEnum(FeatureKind),
-  version: z.number(),
-  configs: z.unknown(),
-});
-
-export type CommonFeature = z.infer<typeof commonFeatureSchema>;
-
-/// ======== feature define ========
-
-export const Features: Feature[] = [
-  {
-    feature: FeatureType.Copilot,
-    type: FeatureKind.Feature,
-    version: 1,
-    configs: {},
-  },
-  {
-    feature: FeatureType.EarlyAccess,
-    type: FeatureKind.Feature,
-    version: 1,
-    configs: {
-      whitelist: ['@toeverything.info'],
-    },
-  },
-  {
-    feature: FeatureType.EarlyAccess,
-    type: FeatureKind.Feature,
-    version: 2,
-    configs: {
-      whitelist: [],
-    },
-  },
-  {
-    feature: FeatureType.UnlimitedWorkspace,
-    type: FeatureKind.Feature,
-    version: 1,
-    configs: {},
-  },
-];
-
-/// ======== schema infer ========
-
-export const FeatureSchema = commonFeatureSchema
-  .extend({
-    type: z.literal(FeatureKind.Feature),
-  })
-  .and(
-    z.discriminatedUnion('feature', [
-      featureCopilot,
-      featureEarlyAccess,
-      featureUnlimitedWorkspace,
-    ])
-  );
-
-export type Feature = z.infer<typeof FeatureSchema>;
-
-export { FeatureType };

packages/backend/server/src/core/features/types/unlimited-workspace.ts

@@ -1,8 +0,0 @@
-import { z } from 'zod';
-
-import { FeatureType } from './common';
-
-export const featureUnlimitedWorkspace = z.object({
-  feature: z.literal(FeatureType.UnlimitedWorkspace),
-  configs: z.object({}),
-});

packages/backend/server/src/core/quota/constant.ts

@@ -1,5 +0,0 @@
-export const OneKB = 1024;
-export const OneMB = OneKB * OneKB;
-export const OneGB = OneKB * OneMB;
-export const OneDay = 1000 * 60 * 60 * 24;
-export const ByteUnit = ['B', 'KB', 'MB', 'GB', 'TB', 'PB', 'EB', 'ZB', 'YB'];

packages/backend/server/src/core/quota/index.ts

@@ -1,24 +0,0 @@
-import { Module } from '@nestjs/common';
-
-import { StorageModule } from '../storage';
-import { PermissionService } from '../workspaces/permission';
-import { QuotaService } from './service';
-import { QuotaManagementService } from './storage';
-
-/**
- * Quota module provider pre-user quota management.
- * includes:
- * - quota query/update/permit
- * - quota statistics
- */
-@Module({
-  // FIXME: Quota really need to know `Storage`?
-  imports: [StorageModule],
-  providers: [PermissionService, QuotaService, QuotaManagementService],
-  exports: [QuotaService, QuotaManagementService],
-})
-export class QuotaModule {}
-
-export { QuotaManagementService, QuotaService };
-export { Quota_FreePlanV1_1, Quota_ProPlanV1, Quotas } from './schema';
-export { QuotaQueryType, QuotaType } from './types';

packages/backend/server/src/core/quota/quota.ts

@@ -1,85 +0,0 @@
-import { PrismaService } from '../../fundamentals';
-import { formatDate, formatSize, Quota, QuotaSchema } from './types';
-
-const QuotaCache = new Map<number, QuotaConfig>();
-
-export class QuotaConfig {
-  readonly config: Quota;
-
-  static async get(prisma: PrismaService, featureId: number) {
-    const cachedQuota = QuotaCache.get(featureId);
-
-    if (cachedQuota) {
-      return cachedQuota;
-    }
-
-    const quota = await prisma.features.findFirst({
-      where: {
-        id: featureId,
-      },
-    });
-
-    if (!quota) {
-      throw new Error(`Quota config ${featureId} not found`);
-    }
-
-    const config = new QuotaConfig(quota);
-    // we always edit quota config as a new quota config
-    // so we can cache it by featureId
-    QuotaCache.set(featureId, config);
-
-    return config;
-  }
-
-  private constructor(data: any) {
-    const config = QuotaSchema.safeParse(data);
-    if (config.success) {
-      this.config = config.data;
-    } else {
-      throw new Error(
-        `Invalid quota config: ${config.error.message}, ${JSON.stringify(
-          data
-        )})}`
-      );
-    }
-  }
-
-  get version() {
-    return this.config.version;
-  }
-
-  /// feature name of quota
-  get name() {
-    return this.config.feature;
-  }
-
-  get blobLimit() {
-    return this.config.configs.blobLimit;
-  }
-
-  get storageQuota() {
-    return this.config.configs.storageQuota;
-  }
-
-  get historyPeriod() {
-    return this.config.configs.historyPeriod;
-  }
-
-  get historyPeriodFromNow() {
-    return new Date(Date.now() + this.historyPeriod);
-  }
-
-  get memberLimit() {
-    return this.config.configs.memberLimit;
-  }
-
-  get humanReadable() {
-    return {
-      name: this.config.configs.name,
-      blobLimit: formatSize(this.blobLimit),
-      storageQuota: formatSize(this.storageQuota),
-      historyPeriod: formatDate(this.historyPeriod),
-      memberLimit: this.memberLimit.toString(),
-    };
-  }
-}

packages/backend/server/src/core/quota/schema.ts

@@ -1,84 +0,0 @@
-import { FeatureKind } from '../features';
-import { OneDay, OneGB, OneMB } from './constant';
-import { Quota, QuotaType } from './types';
-
-export const Quotas: Quota[] = [
-  {
-    feature: QuotaType.FreePlanV1,
-    type: FeatureKind.Quota,
-    version: 1,
-    configs: {
-      // quota name
-      name: 'Free',
-      // single blob limit 10MB
-      blobLimit: 10 * OneMB,
-      // total blob limit 10GB
-      storageQuota: 10 * OneGB,
-      // history period of validity 7 days
-      historyPeriod: 7 * OneDay,
-      // member limit 3
-      memberLimit: 3,
-    },
-  },
-  {
-    feature: QuotaType.ProPlanV1,
-    type: FeatureKind.Quota,
-    version: 1,
-    configs: {
-      // quota name
-      name: 'Pro',
-      // single blob limit 100MB
-      blobLimit: 100 * OneMB,
-      // total blob limit 100GB
-      storageQuota: 100 * OneGB,
-      // history period of validity 30 days
-      historyPeriod: 30 * OneDay,
-      // member limit 10
-      memberLimit: 10,
-    },
-  },
-  {
-    feature: QuotaType.RestrictedPlanV1,
-    type: FeatureKind.Quota,
-    version: 1,
-    configs: {
-      // quota name
-      name: 'Restricted',
-      // single blob limit 10MB
-      blobLimit: OneMB,
-      // total blob limit 1GB
-      storageQuota: 10 * OneMB,
-      // history period of validity 30 days
-      historyPeriod: 30 * OneDay,
-      // member limit 10
-      memberLimit: 10,
-    },
-  },
-  {
-    feature: QuotaType.FreePlanV1,
-    type: FeatureKind.Quota,
-    version: 2,
-    configs: {
-      // quota name
-      name: 'Free',
-      // single blob limit 10MB
-      blobLimit: 100 * OneMB,
-      // total blob limit 10GB
-      storageQuota: 10 * OneGB,
-      // history period of validity 7 days
-      historyPeriod: 7 * OneDay,
-      // member limit 3
-      memberLimit: 3,
-    },
-  },
-];
-
-export const Quota_FreePlanV1_1 = {
-  feature: Quotas[3].feature,
-  version: Quotas[3].version,
-};
-
-export const Quota_ProPlanV1 = {
-  feature: Quotas[1].feature,
-  version: Quotas[1].version,
-};

packages/backend/server/src/core/quota/service.ts

@@ -1,180 +0,0 @@
-import { Injectable } from '@nestjs/common';
-
-import { type EventPayload, OnEvent, PrismaService } from '../../fundamentals';
-import { FeatureKind } from '../features';
-import { QuotaConfig } from './quota';
-import { QuotaType } from './types';
-
-type Transaction = Parameters<Parameters<PrismaService['$transaction']>[0]>[0];
-
-@Injectable()
-export class QuotaService {
-  constructor(private readonly prisma: PrismaService) {}
-
-  // get activated user quota
-  async getUserQuota(userId: string) {
-    const quota = await this.prisma.userFeatures.findFirst({
-      where: {
-        user: {
-          id: userId,
-        },
-        feature: {
-          type: FeatureKind.Quota,
-        },
-        activated: true,
-      },
-      select: {
-        reason: true,
-        createdAt: true,
-        expiredAt: true,
-        featureId: true,
-      },
-    });
-
-    if (!quota) {
-      // this should unreachable
-      throw new Error(`User ${userId} has no quota`);
-    }
-
-    const feature = await QuotaConfig.get(this.prisma, quota.featureId);
-    return { ...quota, feature };
-  }
-
-  // get user all quota records
-  async getUserQuotas(userId: string) {
-    const quotas = await this.prisma.userFeatures.findMany({
-      where: {
-        user: {
-          id: userId,
-        },
-        feature: {
-          type: FeatureKind.Quota,
-        },
-      },
-      select: {
-        activated: true,
-        reason: true,
-        createdAt: true,
-        expiredAt: true,
-        featureId: true,
-      },
-    });
-    const configs = await Promise.all(
-      quotas.map(async quota => {
-        try {
-          return {
-            ...quota,
-            feature: await QuotaConfig.get(this.prisma, quota.featureId),
-          };
-        } catch (_) {}
-        return null as unknown as typeof quota & {
-          feature: QuotaConfig;
-        };
-      })
-    );
-
-    return configs.filter(quota => !!quota);
-  }
-
-  // switch user to a new quota
-  // currently each user can only have one quota
-  async switchUserQuota(
-    userId: string,
-    quota: QuotaType,
-    reason?: string,
-    expiredAt?: Date
-  ) {
-    await this.prisma.$transaction(async tx => {
-      const hasSameActivatedQuota = await this.hasQuota(userId, quota, tx);
-
-      if (hasSameActivatedQuota) {
-        // don't need to switch
-        return;
-      }
-
-      const latestPlanVersion = await tx.features.aggregate({
-        where: {
-          feature: quota,
-        },
-        _max: {
-          version: true,
-        },
-      });
-
-      // we will deactivate all exists quota for this user
-      await tx.userFeatures.updateMany({
-        where: {
-          id: undefined,
-          userId,
-          feature: {
-            type: FeatureKind.Quota,
-          },
-        },
-        data: {
-          activated: false,
-        },
-      });
-
-      await tx.userFeatures.create({
-        data: {
-          user: {
-            connect: {
-              id: userId,
-            },
-          },
-          feature: {
-            connect: {
-              feature_version: {
-                feature: quota,
-                version: latestPlanVersion._max.version || 1,
-              },
-              type: FeatureKind.Quota,
-            },
-          },
-          reason: reason ?? 'switch quota',
-          activated: true,
-          expiredAt,
-        },
-      });
-    });
-  }
-
-  async hasQuota(userId: string, quota: QuotaType, transaction?: Transaction) {
-    const executor = transaction ?? this.prisma;
-
-    return executor.userFeatures
-      .count({
-        where: {
-          userId,
-          feature: {
-            feature: quota,
-            type: FeatureKind.Quota,
-          },
-          activated: true,
-        },
-      })
-      .then(count => count > 0);
-  }
-
-  @OnEvent('user.subscription.activated')
-  async onSubscriptionUpdated({
-    userId,
-  }: EventPayload<'user.subscription.activated'>) {
-    await this.switchUserQuota(
-      userId,
-      QuotaType.ProPlanV1,
-      'subscription activated'
-    );
-  }
-
-  @OnEvent('user.subscription.canceled')
-  async onSubscriptionCanceled(
-    userId: EventPayload<'user.subscription.canceled'>
-  ) {
-    await this.switchUserQuota(
-      userId,
-      QuotaType.FreePlanV1,
-      'subscription canceled'
-    );
-  }
-}