fix(mobile): modal styles on mobile (#8023 )

<div class='graphite__hidden'> <div>🎥 Video uploaded on Graphite:</div> <a href="https://app.graphite.dev/media/video/T2klNLEk0wxLh4NRDzhk/92c0cc55-1f75-42b7-a83f-4ffa6cf205ad.mp4"> <img src="https://app.graphite.dev/api/v1/graphite/video/thumbnail/T2klNLEk0wxLh4NRDzhk/92c0cc55-1f75-42b7-a83f-4ffa6cf205ad.mp4"> </a> </div> <video src="https://graphite-user-uploaded-assets-prod.s3.amazonaws.com/T2klNLEk0wxLh4NRDzhk/92c0cc55-1f75-42b7-a83f-4ffa6cf205ad.mp4">20240829-1420-07.7370936.mp4</video>
fix(mobile): adjust peek view style for mobile (#8003 )
2026-02-07 18:13:43 +00:00 · 2024-08-29 16:45:23 +00:00 · 2024-08-29 16:45:22 +00:00 · 2024-08-29 16:45:22 +00:00 · 2024-08-29 16:45:21 +00:00 · 2024-08-29 09:05:23 +00:00
748 changed files with 28517 additions and 16683 deletions
--- a/.github/actions/cluster-auth/action.yml
+++ b/.github/actions/cluster-auth/action.yml
@@ -0,0 +1,36 @@
+name: 'Auth to Cluster'
+description: 'Auth to the GCP Cluster'
+inputs:
+  gcp-project-number:
+    description: 'GCP project number'
+    required: true
+  gcp-project-id:
+    description: 'GCP project id'
+    required: true
+  service-account:
+    description: 'Service account'
+  cluster-name:
+    description: 'Cluster name'
+  cluster-location:
+    description: 'Cluster location'
+
+runs:
+  using: 'composite'
+  steps:
+    - id: auth
+      uses: google-github-actions/auth@v2
+      with:
+        workload_identity_provider: 'projects/${{ inputs.gcp-project-number }}/locations/global/workloadIdentityPools/github-actions/providers/github-actions-helm-deploy'
+        service_account: '${{ inputs.service-account }}'
+        token_format: 'access_token'
+        project_id: '${{ inputs.gcp-project-id }}'
+
+    - name: 'Setup gcloud cli'
+      uses: 'google-github-actions/setup-gcloud@v2'
+      with:
+        install_components: 'gke-gcloud-auth-plugin'
+
+    - id: get-gke-credentials
+      shell: bash
+      run: |
+        gcloud container clusters get-credentials ${{ inputs.cluster-name }} --region ${{ inputs.cluster-location }} --project ${{ inputs.gcp-project-id }}
--- a/.github/actions/deploy/action.yml
+++ b/.github/actions/deploy/action.yml
@@ -24,24 +24,14 @@ runs:
      shell: bash
      run: |
        echo "GIT_SHORT_HASH=$(git rev-parse --short HEAD)" >> "$GITHUB_ENV"
-    - uses: azure/setup-helm@v4
-    - id: auth
-      uses: google-github-actions/auth@v2
+    - name: 'Auth to cluster'
+      uses: './.github/actions/cluster-auth'
      with:
-        workload_identity_provider: 'projects/${{ inputs.gcp-project-number }}/locations/global/workloadIdentityPools/github-actions/providers/github-actions-helm-deploy'
-        service_account: '${{ inputs.service-account }}'
-        token_format: 'access_token'
-        project_id: '${{ inputs.gcp-project-id }}'
-
-    - name: 'Setup gcloud cli'
-      uses: 'google-github-actions/setup-gcloud@v2'
-      with:
-        install_components: 'gke-gcloud-auth-plugin'
-
-    - id: get-gke-credentials
-      shell: bash
-      run: |
-        gcloud container clusters get-credentials ${{ inputs.cluster-name }} --region ${{ inputs.cluster-location }} --project ${{ inputs.gcp-project-id }}
+        gcp-project-number: '${{ inputs.gcp-project-number }}'
+        gcp-project-id: '${{ inputs.gcp-project-id }}'
+        service-account: '${{ inputs.service-account }}'
+        cluster-name: '${{ inputs.cluster-name }}'
+        cluster-location: '${{ inputs.cluster-location }}'

    - name: Deploy
      shell: bash
--- a/.github/deployment/front/Dockerfile
+++ b/.github/deployment/front/Dockerfile
@@ -1,4 +1,4 @@
-FROM openresty/openresty:1.25.3.1-0-buster
+FROM openresty/openresty:1.25.3.2-0-buster
 WORKDIR /app
 COPY ./packages/frontend/web/dist ./dist
 COPY ./packages/frontend/admin/dist ./admin
--- a/.github/helm/affine/charts/graphql/templates/deployment.yaml
+++ b/.github/helm/affine/charts/graphql/templates/deployment.yaml
@@ -204,12 +204,12 @@ spec:
              protocol: TCP
          livenessProbe:
            httpGet:
-              path: /
+              path: /info
              port: http
            initialDelaySeconds: {{ .Values.probe.initialDelaySeconds }}
          readinessProbe:
            httpGet:
-              path: /
+              path: /info
              port: http
            initialDelaySeconds: {{ .Values.probe.initialDelaySeconds }}
          resources:
--- a/.github/helm/affine/charts/graphql/templates/service.yaml
+++ b/.github/helm/affine/charts/graphql/templates/service.yaml
@@ -4,6 +4,10 @@ metadata:
  name: {{ include "graphql.fullname" . }}
  labels:
    {{- include "graphql.labels" . | nindent 4 }}
+  {{- with .Values.service.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
 spec:
  type: {{ .Values.service.type }}
  ports:
--- a/.github/helm/affine/values.yaml
+++ b/.github/helm/affine/values.yaml
@@ -36,14 +36,14 @@ graphql:
    type: ClusterIP
    port: 3000
    annotations:
-      cloud.google.com/backend-config: '{"default": "affine-backendconfig"}'
+      cloud.google.com/backend-config: '{"default": "affine-api-backendconfig"}'

 sync:
  service:
    type: ClusterIP
    port: 3010
    annotations:
-      cloud.google.com/backend-config: '{"default": "affine-backendconfig"}'
+      cloud.google.com/backend-config: '{"default": "affine-api-backendconfig"}'

 web:
  service:
--- a/.github/helm/separate-config/backend-config.yaml
+++ b/.github/helm/separate-config/backend-config.yaml
@@ -0,0 +1,10 @@
+apiVersion: cloud.google.com/v1
+kind: BackendConfig
+metadata:
+  name: "affine-api-backendconfig"
+spec:
+  healthCheck:
+    timeoutSec: 1
+    type: HTTP
+    requestPath: /info
+
--- a/.github/workflows/build-test.yml
+++ b/.github/workflows/build-test.yml
@@ -180,7 +180,7 @@ jobs:
      - name: Setup Node.js
        uses: ./.github/actions/setup-node
        with:
-          electron-install: false
+          electron-install: true
          full-cache: true

      - name: Download affine.linux-x64-gnu.node
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@@ -21,6 +21,47 @@ permissions:
  packages: 'write'

 jobs:
+  output-prev-version:
+    name: Output previous version
+    runs-on: ubuntu-latest
+    environment: ${{ github.event.inputs.flavor }}
+    outputs:
+      prev: ${{ steps.print.outputs.version }}
+      namespace: ${{ steps.print.outputs.namespace }}
+    steps:
+      - uses: actions/checkout@v4
+      - name: Auth to Cluster
+        uses: './.github/actions/cluster-auth'
+        with:
+          gcp-project-number: ${{ secrets.GCP_PROJECT_NUMBER }}
+          gcp-project-id: ${{ secrets.GCP_PROJECT_ID }}
+          service-account: ${{ secrets.GCP_HELM_DEPLOY_SERVICE_ACCOUNT }}
+          cluster-name: ${{ secrets.GCP_CLUSTER_NAME }}
+          cluster-location: ${{ secrets.GCP_CLUSTER_LOCATION }}
+      - name: Output previous version
+        id: print
+        run: |
+          namespace=""
+          if [ "${{ github.event.inputs.flavor }}" = "canary" ]; then
+            namespace="dev"
+          elif [ "${{ github.event.inputs.flavor }}" = "beta" ]; then
+            namespace="beta"
+          elif [ "${{ github.event.inputs.flavor }}" = "stable" ]; then
+            namespace="production"
+          else
+            echo "Invalid flavor: ${{ github.event.inputs.flavor }}"
+            exit 1
+          fi
+
+          echo "Namespace set to: $namespace"
+
+          # Get the previous version from the deployment
+          prev_version=$(kubectl get deployment -n $namespace affine-graphql -o=jsonpath='{.spec.template.spec.containers[0].image}' | awk -F '-' '{print $3}')
+
+          echo "Previous version: $prev_version"
+          echo "version=$prev_version" >> $GITHUB_OUTPUT
+          echo "namesapce=$namespace" >> $GITHUB_OUTPUT
+
  build-server-image:
    name: Build Server Image
    uses: ./.github/workflows/build-server-image.yml
@@ -193,3 +234,95 @@ jobs:
          STRIPE_API_KEY: ${{ secrets.STRIPE_API_KEY }}
          STRIPE_WEBHOOK_KEY: ${{ secrets.STRIPE_WEBHOOK_KEY }}
          STATIC_IP_NAME: ${{ secrets.STATIC_IP_NAME }}
+
+  deploy-done:
+    needs:
+      - output-prev-version
+      - build-frontend-image
+      - build-server-image
+      - deploy
+    if: always()
+    runs-on: ubuntu-latest
+    name: Post deploy message
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - uses: actions/checkout@v4
+        with:
+          repository: toeverything/blocksuite
+          path: blocksuite
+          fetch-depth: 0
+          fetch-tags: true
+      - name: Setup Node.js
+        uses: ./.github/actions/setup-node
+        with:
+          extra-flags: 'workspaces focus @affine/changelog'
+          electron-install: false
+      - name: Output deployed info
+        if: ${{ always() && !contains(needs.*.result, 'failure') && !contains(needs.*.result, 'cancelled') }}
+        id: set_info
+        run: |
+          if [ "${{ github.event.inputs.flavor }}" = "canary" ]; then
+            echo "deployed_url=https://affine.fail" >> $GITHUB_OUTPUT
+          elif [ "${{ github.event.inputs.flavor }}" = "beta" ]; then
+            echo "deployed_url=https://insider.affine.pro" >> $GITHUB_OUTPUT
+          elif [ "${{ github.event.inputs.flavor }}" = "stable" ]; then
+            echo "deployed_url=https://app.affine.pro" >> $GITHUB_OUTPUT
+          else
+            exit 1
+          fi
+        env:
+          GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
+      - name: Post Success event to a Slack channel
+        if: ${{ always() && !contains(needs.*.result, 'failure') && !contains(needs.*.result, 'cancelled') }}
+        run: node ./tools/changelog/index.js
+        env:
+          CHANNEL_ID: ${{ secrets.RELEASE_SLACK_CHNNEL_ID }}
+          SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}
+          DEPLOYED_URL: ${{ steps.set_info.outputs.deployed_url }}
+          PREV_VERSION: ${{ needs.output-prev-version.outputs.prev }}
+          NAMESPACE: ${{ needs.output-prev-version.outputs.namespace }}
+          DEPLOYMENT: 'SERVER'
+          FLAVOR: ${{ github.event.inputs.flavor }}
+          BLOCKSUITE_REPO_PATH: ${{ github.workspace }}/blocksuite
+      - name: Post Failed event to a Slack channel
+        id: failed-slack
+        uses: slackapi/slack-github-action@v1.26.0
+        if: ${{ always() && contains(needs.*.result, 'failure') }}
+        with:
+          channel-id: ${{ secrets.RELEASE_SLACK_CHNNEL_ID }}
+          payload: |
+            {
+              "blocks": [
+                {
+                  "type": "section",
+                  "text": {
+                    "text": "<${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|Backend deploy failed `${{ github.event.inputs.flavor }}`>",
+                    "type": "mrkdwn"
+                  }
+                }
+              ]
+            }
+        env:
+          SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}
+      - name: Post Cancel event to a Slack channel
+        id: cancel-slack
+        uses: slackapi/slack-github-action@v1.26.0
+        if: ${{ always() && contains(needs.*.result, 'cancelled') && !contains(needs.*.result, 'failure') }}
+        with:
+          channel-id: ${{ secrets.RELEASE_SLACK_CHNNEL_ID }}
+          payload: |
+            {
+              "blocks": [
+                {
+                  "type": "section",
+                  "text": {
+                    "text": "<${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|Backend deploy cancelled `${{ github.event.inputs.flavor }}`>",
+                    "type": "mrkdwn"
+                  }
+                }
+              ]
+            }
+        env:
+          SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}
--- a/.nvmrc
+++ b/.nvmrc
@@ -1 +1 @@
-20.15.1
+20.17.0
--- a/.yarn/releases/yarn-4.3.1.cjs
+++ b/.yarn/releases/yarn-4.3.1.cjs
--- a/.yarn/releases/yarn-4.4.0.cjs
+++ b/.yarn/releases/yarn-4.4.0.cjs
--- a/.yarnrc.yml
+++ b/.yarnrc.yml
@@ -12,4 +12,4 @@ npmPublishAccess: public

 npmPublishRegistry: "https://registry.npmjs.org"

-yarnPath: .yarn/releases/yarn-4.3.1.cjs
+yarnPath: .yarn/releases/yarn-4.4.0.cjs
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -155,6 +155,12 @@ version = "0.21.7"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "9d297deb1925b89f2ccc13d7635fa0714f12c87adce1c75356b39ca9b7178567"

+[[package]]
+name = "base64"
+version = "0.22.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "72b3254f16251a8381aa12e40e3c4d2f0199f8c6508fbecb9d91f575e0fbb8c6"
+
 [[package]]
 name = "base64ct"
 version = "1.6.0"
@@ -243,9 +249,12 @@ checksum = "514de17de45fdb8dc022b1a7975556c53c86f9f0aa5f534b98977b171857c2c9"

 [[package]]
 name = "cc"
-version = "1.0.100"
+version = "1.1.14"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c891175c3fb232128f48de6590095e59198bbeb8620c310be349bfc3afd12c7b"
+checksum = "50d2eb3cd3d1bf4529e31c215ee6f93ec5a3d536d9f578f93d9d33ee19562932"
+dependencies = [
+ "shlex",
+]

 [[package]]
 name = "cfg-if"
@@ -267,6 +276,15 @@ dependencies = [
 "windows-targets 0.52.5",
 ]

+[[package]]
+name = "concurrent-queue"
+version = "2.5.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "4ca0197aee26d1ae37445ee532fefce43251d24cc7c166799f4d46817f1d3973"
+dependencies = [
+ "crossbeam-utils",
+]
+
 [[package]]
 name = "const-oid"
 version = "0.9.6"
@@ -353,7 +371,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "edb49164822f3ee45b17acd4a208cfc1251410cf0cad9a833234c9890774dd9f"
 dependencies = [
 "quote",
- "syn 2.0.68",
+ "syn",
 ]

 [[package]]
@@ -388,7 +406,7 @@ checksum = "67e77553c4162a157adbf834ebae5b415acbecbeafc7a74b0e886657506a7611"
 dependencies = [
 "proc-macro2",
 "quote",
- "syn 2.0.68",
+ "syn",
 ]

 [[package]]
@@ -453,9 +471,14 @@ dependencies = [

 [[package]]
 name = "event-listener"
-version = "2.5.3"
+version = "5.3.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0206175f82b8d6bf6652ff7d71a1e27fd2e4efde587fd368662814d6ec1d9ce0"
+checksum = "6032be9bd27023a771701cc49f9f053c751055f71efb2e0ae5c15809093675ba"
+dependencies = [
+ "concurrent-queue",
+ "parking",
+ "pin-project-lite",
+]

 [[package]]
 name = "fancy-regex"
@@ -660,21 +683,18 @@ dependencies = [

 [[package]]
 name = "hashlink"
-version = "0.8.4"
+version = "0.9.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e8094feaf31ff591f651a2664fb9cfd92bba7a60ce3197265e9482ebe753c8f7"
+checksum = "6ba4ff7128dee98c7dc9794b6a411377e1404dba1c97deb8d1a55297bd25d8af"
 dependencies = [
 "hashbrown 0.14.5",
 ]

 [[package]]
 name = "heck"
-version = "0.4.1"
+version = "0.5.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "95505c38b4572b2d910cecb0281560f54b440a19336cbbcb27bf6ce6adc6f5a8"
-dependencies = [
- "unicode-segmentation",
-]
+checksum = "2304e00983f87ffb38b55b444b5e3b60a884b5d30c0fca7d82fe33449bbe55ea"

 [[package]]
 name = "hermit-abi"
@@ -875,9 +895,9 @@ dependencies = [

 [[package]]
 name = "libsqlite3-sys"
-version = "0.27.0"
+version = "0.30.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "cf4e226dcd58b4be396f7bd3c20da8fdee2911400705297ba7d2d7cc2c30f716"
+checksum = "2e99fb7a497b1e3339bc746195567ed8d3e24945ecd636e3619d20b9de9e9149"
 dependencies = [
 "cc",
 "pkg-config",
@@ -982,6 +1002,18 @@ dependencies = [
 "windows-sys 0.48.0",
 ]

+[[package]]
+name = "mio"
+version = "1.0.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "80e04d1dcff3aae0704555fe5fee3bcfaf3d1fdf8a7e521d5b9d2b42acb52cec"
+dependencies = [
+ "hermit-abi",
+ "libc",
+ "wasi",
+ "windows-sys 0.52.0",
+]
+
 [[package]]
 name = "nanoid"
 version = "0.4.0"
@@ -993,9 +1025,9 @@ dependencies = [

 [[package]]
 name = "napi"
-version = "3.0.0-alpha.7"
+version = "3.0.0-alpha.8"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4ec04344cc540f5897e97c9821ab99e7eb276b4dca6f3e6e441dfa72e5bcde70"
+checksum = "743b5a7769f54c95e20a26d9e66d1b43d5622b7dc8ec8f97b51ed8c58633841f"
 dependencies = [
 "anyhow",
 "bitflags 2.5.0",
@@ -1016,23 +1048,23 @@ checksum = "e1c0f5d67ee408a4685b61f5ab7e58605c8ae3f2b4189f0127d804ff13d5560a"

 [[package]]
 name = "napi-derive"
-version = "3.0.0-alpha.6"
+version = "3.0.0-alpha.7"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1c6240c4ddca592cde608bbfa26e2af397c3596e413a0c65c9bbcb65c2f1e485"
+checksum = "c7619cfcc3985e1ed73d147d6950caabaedabcf5c98133502f9d18c3d0061320"
 dependencies = [
 "cfg-if",
 "convert_case",
 "napi-derive-backend",
 "proc-macro2",
 "quote",
- "syn 2.0.68",
+ "syn",
 ]

 [[package]]
 name = "napi-derive-backend"
-version = "2.0.0-alpha.6"
+version = "2.0.0-alpha.7"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b32dcc50065508fe2f387076c17adbdf10e038d1c080d48b10196813d94ac6a8"
+checksum = "584f6a91c05e8c6bf80622fcc2675c7d27934754d4f1141cfd422d531a3f51fb"
 dependencies = [
 "convert_case",
 "once_cell",
@@ -1040,7 +1072,7 @@ dependencies = [
 "quote",
 "regex",
 "semver",
- "syn 2.0.68",
+ "syn",
 ]

 [[package]]
@@ -1076,7 +1108,7 @@ dependencies = [
 "kqueue",
 "libc",
 "log",
- "mio",
+ "mio 0.8.11",
 "serde",
 "walkdir",
 "windows-sys 0.48.0",
@@ -1139,16 +1171,6 @@ dependencies = [
 "libm",
 ]

-[[package]]
-name = "num_cpus"
-version = "1.16.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4161fcb6d602d4d2081af7c3a45852d875a03dd337a6bfdd6e06407b61342a43"
-dependencies = [
- "hermit-abi",
- "libc",
-]
-
 [[package]]
 name = "object"
 version = "0.36.0"
@@ -1180,6 +1202,12 @@ version = "0.1.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "b15813163c1d831bf4a13c3610c05c0d03b39feb07f7e09fa234dac9b15aaf39"

+[[package]]
+name = "parking"
+version = "2.2.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "bb813b8af86854136c6922af0598d719255ecb2179515e6e7730d468f05c9cae"
+
 [[package]]
 name = "parking_lot"
 version = "0.12.3"
@@ -1457,31 +1485,42 @@ dependencies = [

 [[package]]
 name = "rustls"
-version = "0.21.12"
+version = "0.23.12"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3f56a14d1f48b391359b22f731fd4bd7e43c97f3c50eee276f3aa09c94784d3e"
+checksum = "c58f8c84392efc0a126acce10fa59ff7b3d2ac06ab451a33f2741989b806b044"
 dependencies = [
+ "once_cell",
 "ring",
+ "rustls-pki-types",
 "rustls-webpki",
- "sct",
+ "subtle",
+ "zeroize",
 ]

 [[package]]
 name = "rustls-pemfile"
-version = "1.0.4"
+version = "2.1.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1c74cae0a4cf6ccbbf5f359f08efdf8ee7e1dc532573bf0db71968cb56b1448c"
+checksum = "196fe16b00e106300d3e45ecfcb764fa292a535d7326a29a5875c579c7417425"
 dependencies = [
- "base64",
+ "base64 0.22.1",
+ "rustls-pki-types",
 ]

 [[package]]
-name = "rustls-webpki"
-version = "0.101.7"
+name = "rustls-pki-types"
+version = "1.8.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8b6275d1ee7a1cd780b64aca7726599a1dbc893b1e64144529e55c3c2f745765"
+checksum = "fc0a2ce646f8655401bb81e7927b812614bd5d91dbc968696be50603510fcaf0"
+
+[[package]]
+name = "rustls-webpki"
+version = "0.102.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8e6b52d4fda176fd835fdc55a835d4a89b8499cad995885a21149d5ad62f852e"
 dependencies = [
 "ring",
+ "rustls-pki-types",
 "untrusted",
 ]

@@ -1518,16 +1557,6 @@ version = "1.2.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "94143f37725109f92c262ed2cf5e59bce7498c01bcc1502d7b9afe439a4e9f49"

-[[package]]
-name = "sct"
-version = "0.7.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "da046153aa2352493d6cb7da4b6e5c0c057d8a1d0a9aa8560baffdd945acd414"
-dependencies = [
- "ring",
- "untrusted",
-]
-
 [[package]]
 name = "semver"
 version = "1.0.23"
@@ -1536,30 +1565,43 @@ checksum = "61697e0a1c7e512e84a621326239844a24d8207b4669b41bc18b32ea5cbf988b"

 [[package]]
 name = "serde"
-version = "1.0.204"
+version = "1.0.208"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "bc76f558e0cbb2a839d37354c575f1dc3fdc6546b5be373ba43d95f231bf7c12"
+checksum = "cff085d2cb684faa248efb494c39b68e522822ac0de72ccf08109abde717cfb2"
 dependencies = [
 "serde_derive",
 ]

 [[package]]
 name = "serde_derive"
-version = "1.0.204"
+version = "1.0.208"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e0cd7e117be63d3c3678776753929474f3b04a43a080c744d6b0ae2a8c28e222"
+checksum = "24008e81ff7613ed8e5ba0cfaf24e2c2f1e5b8a0495711e44fcd4882fca62bcf"
 dependencies = [
 "proc-macro2",
 "quote",
- "syn 2.0.68",
+ "syn",
 ]

 [[package]]
 name = "serde_json"
-version = "1.0.120"
+version = "1.0.125"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4e0d21c9a8cae1235ad58a00c11cb40d4b1e5c784f1ef2c537876ed6ffd8b7c5"
+checksum = "83c8e735a073ccf5be70aa8066aa984eaf2fa000db6c8d0100ae605b366d31ed"
 dependencies = [
+ "itoa",
+ "memchr",
+ "ryu",
+ "serde",
+]
+
+[[package]]
+name = "serde_urlencoded"
+version = "0.7.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d3491c14715ca2294c4d6a88f15e84739788c1d030eed8c110436aafdaa2f3fd"
+dependencies = [
+ "form_urlencoded",
 "itoa",
 "ryu",
 "serde",
@@ -1606,6 +1648,12 @@ dependencies = [
 "lazy_static",
 ]

+[[package]]
+name = "shlex"
+version = "1.3.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0fda2ff0d084019ba4d7c6f371c95d8fd75ce3524c3cb8fb653a3023f6323e64"
+
 [[package]]
 name = "signal-hook-registry"
 version = "1.4.2"
@@ -1639,6 +1687,9 @@ name = "smallvec"
 version = "1.13.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "3c5e1a9a646d36c3599cd173a41282daf47c44583ad367b8e6837255952e5c67"
+dependencies = [
+ "serde",
+]

 [[package]]
 name = "smol_str"
@@ -1690,9 +1741,9 @@ dependencies = [

 [[package]]
 name = "sqlx"
-version = "0.7.4"
+version = "0.8.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c9a2ccff1a000a5a59cd33da541d9f2fdcd9e6e8229cc200565942bff36d0aaa"
+checksum = "fcfa89bea9500db4a0d038513d7a060566bfc51d46d1c014847049a45cce85e8"
 dependencies = [
 "sqlx-core",
 "sqlx-macros",
@@ -1703,11 +1754,10 @@ dependencies = [

 [[package]]
 name = "sqlx-core"
-version = "0.7.4"
+version = "0.8.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "24ba59a9342a3d9bab6c56c118be528b27c9b60e490080e9711a04dccac83ef6"
+checksum = "d06e2f2bd861719b1f3f0c7dbe1d80c30bf59e76cf019f07d9014ed7eefb8e08"
 dependencies = [
- "ahash",
 "atoi",
 "byteorder",
 "bytes",
@@ -1721,6 +1771,7 @@ dependencies = [
 "futures-intrusive",
 "futures-io",
 "futures-util",
+ "hashbrown 0.14.5",
 "hashlink",
 "hex",
 "indexmap",
@@ -1746,22 +1797,22 @@ dependencies = [

 [[package]]
 name = "sqlx-macros"
-version = "0.7.4"
+version = "0.8.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4ea40e2345eb2faa9e1e5e326db8c34711317d2b5e08d0d5741619048a803127"
+checksum = "2f998a9defdbd48ed005a89362bd40dd2117502f15294f61c8d47034107dbbdc"
 dependencies = [
 "proc-macro2",
 "quote",
 "sqlx-core",
 "sqlx-macros-core",
- "syn 1.0.109",
+ "syn",
 ]

 [[package]]
 name = "sqlx-macros-core"
-version = "0.7.4"
+version = "0.8.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5833ef53aaa16d860e92123292f1f6a3d53c34ba8b1969f152ef1a7bb803f3c8"
+checksum = "3d100558134176a2629d46cec0c8891ba0be8910f7896abfdb75ef4ab6f4e7ce"
 dependencies = [
 "dotenvy",
 "either",
@@ -1777,7 +1828,7 @@ dependencies = [
 "sqlx-mysql",
 "sqlx-postgres",
 "sqlx-sqlite",
- "syn 1.0.109",
+ "syn",
 "tempfile",
 "tokio",
 "url",
@@ -1785,12 +1836,12 @@ dependencies = [

 [[package]]
 name = "sqlx-mysql"
-version = "0.7.4"
+version = "0.8.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1ed31390216d20e538e447a7a9b959e06ed9fc51c37b514b46eb758016ecd418"
+checksum = "936cac0ab331b14cb3921c62156d913e4c15b74fb6ec0f3146bd4ef6e4fb3c12"
 dependencies = [
 "atoi",
- "base64",
+ "base64 0.22.1",
 "bitflags 2.5.0",
 "byteorder",
 "bytes",
@@ -1828,12 +1879,12 @@ dependencies = [

 [[package]]
 name = "sqlx-postgres"
-version = "0.7.4"
+version = "0.8.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7c824eb80b894f926f89a0b9da0c7f435d27cdd35b8c655b114e58223918577e"
+checksum = "9734dbce698c67ecf67c442f768a5e90a49b2a4d61a9f1d59f73874bd4cf0710"
 dependencies = [
 "atoi",
- "base64",
+ "base64 0.22.1",
 "bitflags 2.5.0",
 "byteorder",
 "chrono",
@@ -1867,9 +1918,9 @@ dependencies = [

 [[package]]
 name = "sqlx-sqlite"
-version = "0.7.4"
+version = "0.8.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b244ef0a8414da0bed4bb1910426e890b19e5e9bccc27ada6b797d05c55ae0aa"
+checksum = "a75b419c3c1b1697833dd927bdc4c6545a620bc1bbafabd44e1efbe9afcd337e"
 dependencies = [
 "atoi",
 "chrono",
@@ -1883,10 +1934,10 @@ dependencies = [
 "log",
 "percent-encoding",
 "serde",
+ "serde_urlencoded",
 "sqlx-core",
 "tracing",
 "url",
- "urlencoding",
 ]

 [[package]]
@@ -1906,17 +1957,6 @@ version = "2.6.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "0d0208408ba0c3df17ed26eb06992cb1a1268d41b2c0e12e65203fbe3972cee5"

-[[package]]
-name = "syn"
-version = "1.0.109"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "72b64191b275b66ffe2469e8af2c1cfe3bafa67b529ead792a6d0160888b4237"
-dependencies = [
- "proc-macro2",
- "quote",
- "unicode-ident",
-]
-
 [[package]]
 name = "syn"
 version = "2.0.68"
@@ -1963,7 +2003,7 @@ checksum = "46c3384250002a6d5af4d114f2845d37b57521033f30d5c3f46c4d70e1197533"
 dependencies = [
 "proc-macro2",
 "quote",
- "syn 2.0.68",
+ "syn",
 ]

 [[package]]
@@ -1983,7 +2023,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "c314e7ce51440f9e8f5a497394682a57b7c323d0f4d0a6b1b13c429056e0e234"
 dependencies = [
 "anyhow",
- "base64",
+ "base64 0.21.7",
 "bstr",
 "fancy-regex",
 "lazy_static",
@@ -2008,32 +2048,31 @@ checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20"

 [[package]]
 name = "tokio"
-version = "1.38.0"
+version = "1.39.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ba4f4a02a7a80d6f274636f0aa95c7e383b912d41fe721a31f29e29698585a4a"
+checksum = "9babc99b9923bfa4804bd74722ff02c0381021eafa4db9949217e3be8e84fff5"
 dependencies = [
 "backtrace",
 "bytes",
 "libc",
- "mio",
- "num_cpus",
+ "mio 1.0.2",
 "parking_lot",
 "pin-project-lite",
 "signal-hook-registry",
 "socket2",
 "tokio-macros",
- "windows-sys 0.48.0",
+ "windows-sys 0.52.0",
 ]

 [[package]]
 name = "tokio-macros"
-version = "2.3.0"
+version = "2.4.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5f5ae998a069d4b5aba8ee9dad856af7d520c3699e6159b185c2acd48155d39a"
+checksum = "693d596312e88961bc67d7f1f97af8a70227d9f90c31bba5806eec004978d752"
 dependencies = [
 "proc-macro2",
 "quote",
- "syn 2.0.68",
+ "syn",
 ]

 [[package]]
@@ -2067,7 +2106,7 @@ checksum = "34704c8d6ebcbc939824180af020566b01a7c01f80641264eba0999f6c2b6be7"
 dependencies = [
 "proc-macro2",
 "quote",
- "syn 2.0.68",
+ "syn",
 ]

 [[package]]
@@ -2171,12 +2210,6 @@ dependencies = [
 "percent-encoding",
 ]

-[[package]]
-name = "urlencoding"
-version = "2.1.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "daf8dba3b7eb870caf1ddeed7bc9d2a049f3cfdfae7cb521b087cc33ae4c49da"
-
 [[package]]
 name = "uuid"
 version = "1.10.0"
@@ -2249,7 +2282,7 @@ dependencies = [
 "once_cell",
 "proc-macro2",
 "quote",
- "syn 2.0.68",
+ "syn",
 "wasm-bindgen-shared",
 ]

@@ -2271,7 +2304,7 @@ checksum = "e94f17b526d0a461a191c78ea52bbce64071ed5c04c9ffe424dcb38f74171bb7"
 dependencies = [
 "proc-macro2",
 "quote",
- "syn 2.0.68",
+ "syn",
 "wasm-bindgen-backend",
 "wasm-bindgen-shared",
 ]
@@ -2284,9 +2317,12 @@ checksum = "af190c94f2773fdb3729c55b007a722abb5384da03bc0986df4c289bf5567e96"

 [[package]]
 name = "webpki-roots"
-version = "0.25.4"
+version = "0.26.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5f20c57d8d7db6d3b86154206ae5d8fba62dd39573114de97c2cb0578251f8e1"
+checksum = "bd7c23921eeb1713a4e851530e9b9756e4fb0e89978582942612524cf09f01cd"
+dependencies = [
+ "rustls-pki-types",
+]

 [[package]]
 name = "whoami"
@@ -2556,7 +2592,7 @@ checksum = "15e934569e47891f7d9411f1a451d947a60e000ab3bd24fbb970f000387d1b3b"
 dependencies = [
 "proc-macro2",
 "quote",
- "syn 2.0.68",
+ "syn",
 ]

 [[package]]
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -18,7 +18,7 @@ rand        = "0.8"
 serde       = "1"
 serde_json  = "1"
 sha3        = "0.10"
-sqlx        = { version = "0.7", default-features = false, features = ["chrono", "macros", "migrate", "runtime-tokio", "sqlite", "tls-rustls"] }
+sqlx        = { version = "0.8", default-features = false, features = ["chrono", "macros", "migrate", "runtime-tokio", "sqlite", "tls-rustls"] }
 tiktoken-rs = "0.5"
 tokio       = "1.37"
 uuid        = "1.8"
--- a/README.md
+++ b/README.md
@@ -23,7 +23,7 @@

 <div align="center">
    <a href="https://affine.pro">Home Page</a> |
-    <a href="https://discord.com/invite/yz6tGVsf5p">Discord</a> |
+    <a href="https://discord.gg/whd5mjYqVw">Discord</a> |
    <a href="https://app.affine.pro">Live Demo</a> |
    <a href="https://affine.pro/blog/">Blog</a> |
    <a href="https://docs.affine.pro/docs/">Documentation</a>
@@ -176,6 +176,12 @@ Thanks to [Chromatic](https://www.chromatic.com/) for providing the visual testi

 ## License

+### Editions
+
+- AFFiNE Community Edition (CE) is the current available version, it's free for self-host under the MIT license.
+
+- AFFiNE Enterprise Edition (EE) is yet to be published, it will have more advanced features and enterprise-oriented offerings, including but not exclusive to rebranding and SSO, advanced admin and audit, etc., you may refer to https://affine.pro/pricing for more information
+
 See [LICENSE] for details.

 [all-contributors-badge]: https://img.shields.io/github/contributors/toeverything/AFFiNE
--- a/package.json
+++ b/package.json
@@ -60,7 +60,7 @@
    "@istanbuljs/schema": "^0.1.3",
    "@magic-works/i18n-codegen": "^0.6.0",
    "@nx/vite": "^19.5.3",
-    "@playwright/test": "=1.44.1",
+    "@playwright/test": "=1.46.1",
    "@taplo/cli": "^0.7.0",
    "@testing-library/react": "^16.0.0",
    "@toeverything/infra": "workspace:*",
@@ -75,7 +75,7 @@
    "@vitest/coverage-istanbul": "1.6.0",
    "@vitest/ui": "1.6.0",
    "cross-env": "^7.0.3",
-    "electron": "~30.2.0",
+    "electron": "^32.0.0",
    "eslint": "^8.57.0",
    "eslint-config-prettier": "^9.1.0",
    "eslint-plugin-import-x": "^0.5.0",
@@ -88,15 +88,15 @@
    "eslint-plugin-unused-imports": "^3.1.0",
    "eslint-plugin-vue": "^9.24.1",
    "fake-indexeddb": "6.0.0",
-    "happy-dom": "^14.7.1",
+    "happy-dom": "^15.0.0",
    "husky": "^9.0.11",
    "lint-staged": "^15.2.2",
    "msw": "^2.3.0",
    "nanoid": "^5.0.7",
    "nx": "^19.0.0",
    "nyc": "^17.0.0",
-    "oxlint": "0.7.0",
-    "prettier": "^3.2.5",
+    "oxlint": "0.8.0",
+    "prettier": "^3.3.3",
    "semver": "^7.6.0",
    "serve": "^14.2.1",
    "string-width": "^7.1.0",
@@ -108,9 +108,9 @@
    "vite-plugin-static-copy": "^1.0.2",
    "vitest": "1.6.0",
    "vitest-fetch-mock": "^0.3.0",
-    "vitest-mock-extended": "^1.3.1"
+    "vitest-mock-extended": "^2.0.0"
  },
-  "packageManager": "yarn@4.3.1",
+  "packageManager": "yarn@4.4.0",
  "resolutions": {
    "array-buffer-byte-length": "npm:@nolyfill/array-buffer-byte-length@latest",
    "array-includes": "npm:@nolyfill/array-includes@latest",
--- a/packages/backend/native/package.json
+++ b/packages/backend/native/package.json
@@ -33,7 +33,7 @@
    "build:debug": "napi build"
  },
  "devDependencies": {
-    "@napi-rs/cli": "3.0.0-alpha.60",
+    "@napi-rs/cli": "3.0.0-alpha.62",
    "lib0": "^0.2.93",
    "nx": "^19.0.0",
    "nx-cloud": "^19.0.0",
--- a/packages/backend/server/.gitignore
+++ b/packages/backend/server/.gitignore
@@ -1 +1,2 @@
 .env
+static/
--- a/packages/backend/server/migrations/20240813053919_use_timestamp_with_timezone/migration.sql
+++ b/packages/backend/server/migrations/20240813053919_use_timestamp_with_timezone/migration.sql
@@ -0,0 +1,95 @@
+/*
+  Warnings:
+
+  - The primary key for the `snapshot_histories` table will be changed. If it partially fails, the table could be left without primary key constraint.
+
+*/
+-- AlterTable
+ALTER TABLE "_data_migrations" ALTER COLUMN "started_at" SET DATA TYPE TIMESTAMPTZ(3),
+ALTER COLUMN "finished_at" SET DATA TYPE TIMESTAMPTZ(3);
+
+-- AlterTable
+ALTER TABLE "ai_prompts_messages" ALTER COLUMN "created_at" SET DATA TYPE TIMESTAMPTZ(3);
+
+-- AlterTable
+ALTER TABLE "ai_prompts_metadata" ALTER COLUMN "created_at" SET DATA TYPE TIMESTAMPTZ(3);
+
+-- AlterTable
+ALTER TABLE "ai_sessions_messages" ALTER COLUMN "created_at" SET DATA TYPE TIMESTAMPTZ(3),
+ALTER COLUMN "updated_at" SET DATA TYPE TIMESTAMPTZ(3);
+
+-- AlterTable
+ALTER TABLE "ai_sessions_metadata" ALTER COLUMN "created_at" SET DATA TYPE TIMESTAMPTZ(3),
+ALTER COLUMN "deleted_at" SET DATA TYPE TIMESTAMPTZ(3);
+
+-- AlterTable
+ALTER TABLE "app_runtime_settings" ALTER COLUMN "updated_at" SET DATA TYPE TIMESTAMPTZ(3),
+ALTER COLUMN "deleted_at" SET DATA TYPE TIMESTAMPTZ(3);
+
+-- AlterTable
+ALTER TABLE "features" ALTER COLUMN "created_at" SET DATA TYPE TIMESTAMPTZ(3);
+
+-- AlterTable
+ALTER TABLE "multiple_users_sessions" ALTER COLUMN "expires_at" SET DATA TYPE TIMESTAMPTZ(3),
+ALTER COLUMN "created_at" SET DATA TYPE TIMESTAMPTZ(3);
+
+-- AlterTable
+ALTER TABLE "snapshot_histories" ALTER COLUMN "timestamp" SET DATA TYPE TIMESTAMPTZ(3),
+ALTER COLUMN "expired_at" SET DATA TYPE TIMESTAMPTZ(3);
+
+-- AlterTable
+ALTER TABLE "snapshots" ALTER COLUMN "created_at" SET DATA TYPE TIMESTAMPTZ(3),
+ALTER COLUMN "updated_at" SET DATA TYPE TIMESTAMPTZ(3);
+
+-- AlterTable
+ALTER TABLE "updates" ALTER COLUMN "created_at" SET DATA TYPE TIMESTAMPTZ(3);
+
+-- AlterTable
+ALTER TABLE "user_connected_accounts" ALTER COLUMN "expires_at" SET DATA TYPE TIMESTAMPTZ(3),
+ALTER COLUMN "created_at" SET DATA TYPE TIMESTAMPTZ(3),
+ALTER COLUMN "updated_at" SET DATA TYPE TIMESTAMPTZ(3);
+
+-- AlterTable
+ALTER TABLE "user_features" ALTER COLUMN "created_at" SET DATA TYPE TIMESTAMPTZ(3),
+ALTER COLUMN "expired_at" SET DATA TYPE TIMESTAMPTZ(3);
+
+-- AlterTable
+ALTER TABLE "user_invoices" ALTER COLUMN "created_at" SET DATA TYPE TIMESTAMPTZ(3),
+ALTER COLUMN "updated_at" SET DATA TYPE TIMESTAMPTZ(3);
+
+-- AlterTable
+ALTER TABLE "user_sessions" ALTER COLUMN "expires_at" SET DATA TYPE TIMESTAMPTZ(3),
+ALTER COLUMN "created_at" SET DATA TYPE TIMESTAMPTZ(3);
+
+-- AlterTable
+ALTER TABLE "user_stripe_customers" ALTER COLUMN "created_at" SET DATA TYPE TIMESTAMPTZ(3);
+
+-- AlterTable
+ALTER TABLE "user_subscriptions" ALTER COLUMN "start" SET DATA TYPE TIMESTAMPTZ(3),
+ALTER COLUMN "end" SET DATA TYPE TIMESTAMPTZ(3),
+ALTER COLUMN "next_bill_at" SET DATA TYPE TIMESTAMPTZ(3),
+ALTER COLUMN "canceled_at" SET DATA TYPE TIMESTAMPTZ(3),
+ALTER COLUMN "trial_start" SET DATA TYPE TIMESTAMPTZ(3),
+ALTER COLUMN "trial_end" SET DATA TYPE TIMESTAMPTZ(3),
+ALTER COLUMN "created_at" SET DATA TYPE TIMESTAMPTZ(3),
+ALTER COLUMN "updated_at" SET DATA TYPE TIMESTAMPTZ(3);
+
+-- AlterTable
+ALTER TABLE "users" ALTER COLUMN "created_at" SET DATA TYPE TIMESTAMPTZ(3),
+ALTER COLUMN "email_verified" SET DATA TYPE TIMESTAMPTZ(3);
+
+-- AlterTable
+ALTER TABLE "verification_tokens" ALTER COLUMN "expiresAt" SET DATA TYPE TIMESTAMPTZ(3);
+
+-- AlterTable
+ALTER TABLE "workspace_features" ALTER COLUMN "created_at" SET DATA TYPE TIMESTAMPTZ(3),
+ALTER COLUMN "expired_at" SET DATA TYPE TIMESTAMPTZ(3);
+
+-- AlterTable
+ALTER TABLE "workspace_page_user_permissions" ALTER COLUMN "created_at" SET DATA TYPE TIMESTAMPTZ(3);
+
+-- AlterTable
+ALTER TABLE "workspace_user_permissions" ALTER COLUMN "created_at" SET DATA TYPE TIMESTAMPTZ(3);
+
+-- AlterTable
+ALTER TABLE "workspaces" ALTER COLUMN "created_at" SET DATA TYPE TIMESTAMPTZ(3);
--- a/packages/backend/server/migrations/20240813095727_prompt_updated_field/migration.sql
+++ b/packages/backend/server/migrations/20240813095727_prompt_updated_field/migration.sql
@@ -0,0 +1,3 @@
+-- AlterTable
+ALTER TABLE "ai_prompts_metadata" ADD COLUMN     "modified" BOOLEAN NOT NULL DEFAULT false,
+ADD COLUMN     "updated_at" TIMESTAMPTZ(3) NOT NULL DEFAULT CURRENT_TIMESTAMP;
--- a/packages/backend/server/migrations/20240815064332_userspace/migration.sql
+++ b/packages/backend/server/migrations/20240815064332_userspace/migration.sql
@@ -0,0 +1,13 @@
+-- CreateTable
+CREATE TABLE "user_snapshots" (
+    "user_id" VARCHAR NOT NULL,
+    "id" VARCHAR NOT NULL,
+    "blob" BYTEA NOT NULL,
+    "created_at" TIMESTAMPTZ(3) NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    "updated_at" TIMESTAMPTZ(3) NOT NULL,
+
+    CONSTRAINT "user_snapshots_pkey" PRIMARY KEY ("user_id","id")
+);
+
+-- AddForeignKey
+ALTER TABLE "user_snapshots" ADD CONSTRAINT "user_snapshots_user_id_fkey" FOREIGN KEY ("user_id") REFERENCES "users"("id") ON DELETE CASCADE ON UPDATE CASCADE;
--- a/packages/backend/server/migrations/20240815084618_update_doc_tables/migration.sql
+++ b/packages/backend/server/migrations/20240815084618_update_doc_tables/migration.sql
@@ -0,0 +1,14 @@
+/*
+  Warnings:
+
+  - The primary key for the `updates` table will be changed. If it partially fails, the table could be left without primary key constraint.
+
+*/
+-- AlterTable
+ALTER TABLE "snapshots" ALTER COLUMN "seq" DROP NOT NULL;
+
+-- AlterTable
+ALTER TABLE "updates" DROP CONSTRAINT "updates_pkey",
+ALTER COLUMN "created_at" DROP DEFAULT,
+ALTER COLUMN "seq" DROP NOT NULL,
+ADD CONSTRAINT "updates_pkey" PRIMARY KEY ("workspace_id", "guid", "created_at");
--- a/packages/backend/server/package.json
+++ b/packages/backend/server/package.json
@@ -21,11 +21,11 @@
  "dependencies": {
    "@apollo/server": "^4.10.2",
    "@aws-sdk/client-s3": "^3.620.0",
-    "@fal-ai/serverless-client": "^0.13.0",
+    "@fal-ai/serverless-client": "^0.14.0",
    "@google-cloud/opentelemetry-cloud-monitoring-exporter": "^0.19.0",
    "@google-cloud/opentelemetry-cloud-trace-exporter": "^2.2.0",
    "@google-cloud/opentelemetry-resource-util": "^2.2.0",
-    "@keyv/redis": "^2.8.4",
+    "@keyv/redis": "^3.0.0",
    "@nestjs/apollo": "^12.1.0",
    "@nestjs/common": "^10.3.7",
    "@nestjs/core": "^10.3.7",
@@ -34,8 +34,7 @@
    "@nestjs/platform-express": "^10.3.7",
    "@nestjs/platform-socket.io": "^10.3.7",
    "@nestjs/schedule": "^4.0.1",
-    "@nestjs/serve-static": "^4.0.2",
-    "@nestjs/throttler": "5.2.0",
+    "@nestjs/throttler": "6.2.1",
    "@nestjs/websockets": "^10.3.7",
    "@node-rs/argon2": "^1.8.0",
    "@node-rs/crc32": "^1.10.0",
@@ -77,7 +76,7 @@
    "mustache": "^4.2.0",
    "nanoid": "^5.0.7",
    "nest-commander": "^3.12.5",
-    "nestjs-throttler-storage-redis": "^0.4.1",
+    "nestjs-throttler-storage-redis": "^0.5.0",
    "nodemailer": "^6.9.13",
    "on-headers": "^1.0.2",
    "openai": "^4.33.0",
@@ -138,6 +137,7 @@
    ],
    "watchMode": {
      "ignoreChanges": [
+        "static/**",
        "**/*.gen.*"
      ]
    },
--- a/packages/backend/server/schema.prisma
+++ b/packages/backend/server/schema.prisma
@@ -13,9 +13,9 @@ model User {
  id              String    @id @default(uuid()) @db.VarChar
  name            String    @db.VarChar
  email           String    @unique @db.VarChar
-  emailVerifiedAt DateTime? @map("email_verified") @db.Timestamp(3)
+  emailVerifiedAt DateTime? @map("email_verified") @db.Timestamptz(3)
  avatarUrl       String?   @map("avatar_url") @db.VarChar
-  createdAt       DateTime  @default(now()) @map("created_at") @db.Timestamp(3)
+  createdAt       DateTime  @default(now()) @map("created_at") @db.Timestamptz(3)
  /// Not available if user signed up through OAuth providers
  password        String?   @db.VarChar
  /// Indicate whether the user finished the signup progress.
@@ -32,6 +32,7 @@ model User {
  sessions              UserSession[]
  aiSessions            AiSession[]
  updatedRuntimeConfigs RuntimeConfig[]
+  userSnapshots         UserSnapshot[]

  @@index([email])
  @@map("users")
@@ -45,9 +46,9 @@ model ConnectedAccount {
  scope             String?   @db.Text
  accessToken       String?   @map("access_token") @db.Text
  refreshToken      String?   @map("refresh_token") @db.Text
-  expiresAt         DateTime? @map("expires_at") @db.Timestamp(3)
-  createdAt         DateTime  @default(now()) @map("created_at") @db.Timestamp(3)
-  updatedAt         DateTime  @updatedAt @map("updated_at") @db.Timestamp(3)
+  expiresAt         DateTime? @map("expires_at") @db.Timestamptz(3)
+  createdAt         DateTime  @default(now()) @map("created_at") @db.Timestamptz(3)
+  updatedAt         DateTime  @updatedAt @map("updated_at") @db.Timestamptz(3)

  user User @relation(fields: [userId], references: [id], onDelete: Cascade)

@@ -58,8 +59,8 @@ model ConnectedAccount {

 model Session {
  id        String    @id @default(uuid()) @db.VarChar
-  expiresAt DateTime? @map("expires_at") @db.Timestamp(3)
-  createdAt DateTime  @default(now()) @map("created_at") @db.Timestamp(3)
+  expiresAt DateTime? @map("expires_at") @db.Timestamptz(3)
+  createdAt DateTime  @default(now()) @map("created_at") @db.Timestamptz(3)

  userSessions UserSession[]

@@ -70,8 +71,8 @@ model UserSession {
  id        String    @id @default(uuid()) @db.VarChar
  sessionId String    @map("session_id") @db.VarChar
  userId    String    @map("user_id") @db.VarChar
-  expiresAt DateTime? @map("expires_at") @db.Timestamp(3)
-  createdAt DateTime  @default(now()) @map("created_at") @db.Timestamp(3)
+  expiresAt DateTime? @map("expires_at") @db.Timestamptz(3)
+  createdAt DateTime  @default(now()) @map("created_at") @db.Timestamptz(3)

  session Session @relation(fields: [sessionId], references: [id], onDelete: Cascade)
  user    User    @relation(fields: [userId], references: [id], onDelete: Cascade)
@@ -84,7 +85,7 @@ model VerificationToken {
  token      String   @db.VarChar
  type       Int      @db.SmallInt
  credential String?  @db.Text
-  expiresAt  DateTime @db.Timestamp(3)
+  expiresAt  DateTime @db.Timestamptz(3)

  @@unique([type, token])
  @@map("verification_tokens")
@@ -93,7 +94,7 @@ model VerificationToken {
 model Workspace {
  id        String   @id @default(uuid()) @db.VarChar
  public    Boolean
-  createdAt DateTime @default(now()) @map("created_at") @db.Timestamp(3)
+  createdAt DateTime @default(now()) @map("created_at") @db.Timestamptz(3)

  pages           WorkspacePage[]
  permissions     WorkspaceUserPermission[]
@@ -129,7 +130,7 @@ model WorkspaceUserPermission {
  type        Int      @db.SmallInt
  /// Whether the permission invitation is accepted by the user
  accepted    Boolean  @default(false)
-  createdAt   DateTime @default(now()) @map("created_at") @db.Timestamp(3)
+  createdAt   DateTime @default(now()) @map("created_at") @db.Timestamptz(3)

  user      User      @relation(fields: [userId], references: [id], onDelete: Cascade)
  workspace Workspace @relation(fields: [workspaceId], references: [id], onDelete: Cascade)
@@ -147,7 +148,7 @@ model WorkspacePageUserPermission {
  type        Int      @db.SmallInt
  /// Whether the permission invitation is accepted by the user
  accepted    Boolean  @default(false)
-  createdAt   DateTime @default(now()) @map("created_at") @db.Timestamp(3)
+  createdAt   DateTime @default(now()) @map("created_at") @db.Timestamptz(3)

  user      User      @relation(fields: [userId], references: [id], onDelete: Cascade)
  workspace Workspace @relation(fields: [workspaceId], references: [id], onDelete: Cascade)
@@ -170,9 +171,9 @@ model UserFeature {
  // - pro_plan_v1: "user buy the pro plan"
  reason    String    @db.VarChar
  // record the quota enabled time
-  createdAt DateTime  @default(now()) @map("created_at") @db.Timestamp(3)
+  createdAt DateTime  @default(now()) @map("created_at") @db.Timestamptz(3)
  // record the quota expired time, pay plan is a subscription, so it will expired
-  expiredAt DateTime? @map("expired_at") @db.Timestamp(3)
+  expiredAt DateTime? @map("expired_at") @db.Timestamptz(3)
  // whether the feature is activated
  // for example:
  // - if we switch the user to another plan, we will set the old plan to deactivated, but dont delete it
@@ -198,9 +199,9 @@ model WorkspaceFeature {
  // - copilet_v1: "owner buy the copilet feature package"
  reason    String    @db.VarChar
  // record the feature enabled time
-  createdAt DateTime  @default(now()) @map("created_at") @db.Timestamp(3)
+  createdAt DateTime  @default(now()) @map("created_at") @db.Timestamptz(3)
  // record the quota expired time, pay plan is a subscription, so it will expired
-  expiredAt DateTime? @map("expired_at") @db.Timestamp(3)
+  expiredAt DateTime? @map("expired_at") @db.Timestamptz(3)
  // whether the feature is activated
  // for example:
  // - if owner unsubscribe a feature package, we will set the feature to deactivated, but dont delete it
@@ -220,7 +221,7 @@ model Feature {
  type      Int      @db.Integer
  // configs, define by feature conntroller
  configs   Json     @db.Json
-  createdAt DateTime @default(now()) @map("created_at") @db.Timestamp(3)
+  createdAt DateTime @default(now()) @map("created_at") @db.Timestamptz(3)

  UserFeatureGates  UserFeature[]
  WorkspaceFeatures WorkspaceFeature[]
@@ -235,35 +236,59 @@ model Snapshot {
  workspaceId String   @map("workspace_id") @db.VarChar
  id          String   @default(uuid()) @map("guid") @db.VarChar
  blob        Bytes    @db.ByteA
-  seq         Int      @default(0) @db.Integer
  state       Bytes?   @db.ByteA
-  createdAt   DateTime @default(now()) @map("created_at") @db.Timestamp(3)
+  createdAt   DateTime @default(now()) @map("created_at") @db.Timestamptz(3)
  // the `updated_at` field will not record the time of record changed,
  // but the created time of last seen update that has been merged into snapshot.
-  updatedAt   DateTime @map("updated_at") @db.Timestamp(3)
+  updatedAt   DateTime @map("updated_at") @db.Timestamptz(3)
+
+  // @deprecated use updatedAt only
+  seq         Int?      @default(0) @db.Integer
+
+  // we need to clear all hanging updates and snapshots before enable the foreign key on workspaceId
+  // workspace Workspace @relation(fields: [workspaceId], references: [id], onDelete: Cascade)

  @@id([id, workspaceId])
  @@map("snapshots")
 }

+// user snapshots are special snapshots for user storage like personal app settings, distinguished from workspace snapshots
+// basically they share the same structure with workspace snapshots
+// but for convenience, we don't fork the updates queue and hisotry for user snapshots, until we have to
+// which means all operation on user snapshot will happen in-pace
+model UserSnapshot {
+  userId    String   @map("user_id") @db.VarChar
+  id        String   @map("id") @db.VarChar
+  blob      Bytes    @db.ByteA
+  createdAt DateTime @default(now()) @map("created_at") @db.Timestamptz(3)
+  updatedAt DateTime @updatedAt @map("updated_at") @db.Timestamptz(3)
+
+  user User @relation(fields: [userId], references: [id], onDelete: Cascade)
+
+  @@id([userId, id])
+  @@map("user_snapshots")
+}
+
 model Update {
  workspaceId String   @map("workspace_id") @db.VarChar
  id          String   @map("guid") @db.VarChar
-  seq         Int      @db.Integer
  blob        Bytes    @db.ByteA
-  createdAt   DateTime @default(now()) @map("created_at") @db.Timestamp(3)
+  createdAt   DateTime @map("created_at") @db.Timestamptz(3)

-  @@id([workspaceId, id, seq])
+  // @deprecated use createdAt only
+  seq         Int?      @db.Integer
+
+  @@id([workspaceId, id, createdAt])
  @@map("updates")
 }

 model SnapshotHistory {
  workspaceId String   @map("workspace_id") @db.VarChar
  id          String   @map("guid") @db.VarChar
-  timestamp   DateTime @db.Timestamp(3)
+  timestamp   DateTime @db.Timestamptz(3)
  blob        Bytes    @db.ByteA
  state       Bytes?   @db.ByteA
-  expiredAt   DateTime @map("expired_at") @db.Timestamp(3)
+  expiredAt   DateTime @map("expired_at") @db.Timestamptz(3)

  @@id([workspaceId, id, timestamp])
  @@map("snapshot_histories")
@@ -272,7 +297,7 @@ model SnapshotHistory {
 model UserStripeCustomer {
  userId           String   @id @map("user_id") @db.VarChar
  stripeCustomerId String   @unique @map("stripe_customer_id") @db.VarChar
-  createdAt        DateTime @default(now()) @map("created_at") @db.Timestamp(3)
+  createdAt        DateTime @default(now()) @map("created_at") @db.Timestamptz(3)

  user User @relation(fields: [userId], references: [id], onDelete: Cascade)

@@ -290,21 +315,21 @@ model UserSubscription {
  // subscription.status, active/past_due/canceled/unpaid...
  status               String    @db.VarChar(20)
  // subscription.current_period_start
-  start                DateTime  @map("start") @db.Timestamp(3)
+  start                DateTime  @map("start") @db.Timestamptz(3)
  // subscription.current_period_end, null for lifetime payment
-  end                  DateTime? @map("end") @db.Timestamp(3)
+  end                  DateTime? @map("end") @db.Timestamptz(3)
  // subscription.billing_cycle_anchor
-  nextBillAt           DateTime? @map("next_bill_at") @db.Timestamp(3)
+  nextBillAt           DateTime? @map("next_bill_at") @db.Timestamptz(3)
  // subscription.canceled_at
-  canceledAt           DateTime? @map("canceled_at") @db.Timestamp(3)
+  canceledAt           DateTime? @map("canceled_at") @db.Timestamptz(3)
  // subscription.trial_start
-  trialStart           DateTime? @map("trial_start") @db.Timestamp(3)
+  trialStart           DateTime? @map("trial_start") @db.Timestamptz(3)
  // subscription.trial_end
-  trialEnd             DateTime? @map("trial_end") @db.Timestamp(3)
+  trialEnd             DateTime? @map("trial_end") @db.Timestamptz(3)
  stripeScheduleId     String?   @map("stripe_schedule_id") @db.VarChar

-  createdAt DateTime @default(now()) @map("created_at") @db.Timestamp(3)
-  updatedAt DateTime @updatedAt @map("updated_at") @db.Timestamp(3)
+  createdAt DateTime @default(now()) @map("created_at") @db.Timestamptz(3)
+  updatedAt DateTime @updatedAt @map("updated_at") @db.Timestamptz(3)
  user      User     @relation(fields: [userId], references: [id], onDelete: Cascade)

  @@unique([userId, plan])
@@ -321,8 +346,8 @@ model UserInvoice {
  status           String   @db.VarChar(20)
  plan             String   @db.VarChar(20)
  recurring        String   @db.VarChar(20)
-  createdAt        DateTime @default(now()) @map("created_at") @db.Timestamp(3)
-  updatedAt        DateTime @updatedAt @map("updated_at") @db.Timestamp(3)
+  createdAt        DateTime @default(now()) @map("created_at") @db.Timestamptz(3)
+  updatedAt        DateTime @updatedAt @map("updated_at") @db.Timestamptz(3)
  // billing reason
  reason           String   @db.VarChar
  lastPaymentError String?  @map("last_payment_error") @db.Text
@@ -350,7 +375,7 @@ model AiPromptMessage {
  content     String       @db.Text
  attachments Json?        @db.Json
  params      Json?        @db.Json
-  createdAt   DateTime     @default(now()) @map("created_at") @db.Timestamp(3)
+  createdAt   DateTime     @default(now()) @map("created_at") @db.Timestamptz(3)

  prompt AiPrompt @relation(fields: [promptId], references: [id], onDelete: Cascade)

@@ -366,7 +391,10 @@ model AiPrompt {
  action    String?  @db.VarChar
  model     String   @db.VarChar
  config    Json?    @db.Json
-  createdAt DateTime @default(now()) @map("created_at") @db.Timestamp(3)
+  createdAt DateTime @default(now()) @map("created_at") @db.Timestamptz(3)
+  updatedAt DateTime @default(now()) @map("updated_at") @db.Timestamptz(3)
+  // whether the prompt is modified by the admin panel
+  modified  Boolean  @default(false)

  messages AiPromptMessage[]
  sessions AiSession[]
@@ -381,8 +409,8 @@ model AiSessionMessage {
  content     String       @db.Text
  attachments Json?        @db.Json
  params      Json?        @db.Json
-  createdAt   DateTime     @default(now()) @map("created_at") @db.Timestamp(3)
-  updatedAt   DateTime     @updatedAt @map("updated_at") @db.Timestamp(3)
+  createdAt   DateTime     @default(now()) @map("created_at") @db.Timestamptz(3)
+  updatedAt   DateTime     @updatedAt @map("updated_at") @db.Timestamptz(3)

  session AiSession @relation(fields: [sessionId], references: [id], onDelete: Cascade)

@@ -399,8 +427,8 @@ model AiSession {
  parentSessionId String?   @map("parent_session_id") @db.VarChar
  messageCost     Int       @default(0)
  tokenCost       Int       @default(0)
-  createdAt       DateTime  @default(now()) @map("created_at") @db.Timestamp(3)
-  deletedAt       DateTime? @map("deleted_at") @db.Timestamp(3)
+  createdAt       DateTime  @default(now()) @map("created_at") @db.Timestamptz(3)
+  deletedAt       DateTime? @map("deleted_at") @db.Timestamptz(3)

  user     User               @relation(fields: [userId], references: [id], onDelete: Cascade)
  prompt   AiPrompt           @relation(fields: [promptName], references: [name], onDelete: Cascade)
@@ -412,8 +440,8 @@ model AiSession {
 model DataMigration {
  id         String    @id @default(uuid()) @db.VarChar
  name       String    @db.VarChar
-  startedAt  DateTime  @default(now()) @map("started_at") @db.Timestamp(3)
-  finishedAt DateTime? @map("finished_at") @db.Timestamp(3)
+  startedAt  DateTime  @default(now()) @map("started_at") @db.Timestamptz(3)
+  finishedAt DateTime? @map("finished_at") @db.Timestamptz(3)

  @@map("_data_migrations")
 }
@@ -433,8 +461,8 @@ model RuntimeConfig {
  key           String            @db.VarChar
  value         Json              @db.Json
  description   String            @db.Text
-  updatedAt     DateTime          @updatedAt @map("updated_at") @db.Timestamp(3)
-  deletedAt     DateTime?         @map("deleted_at") @db.Timestamp(3)
+  updatedAt     DateTime          @updatedAt @map("updated_at") @db.Timestamptz(3)
+  deletedAt     DateTime?         @map("deleted_at") @db.Timestamptz(3)
  lastUpdatedBy String?           @map("last_updated_by") @db.VarChar

  lastUpdatedByUser User? @relation(fields: [lastUpdatedBy], references: [id])
--- a/packages/backend/server/src/app.controller.ts
+++ b/packages/backend/server/src/app.controller.ts
@@ -3,7 +3,7 @@ import { Controller, Get } from '@nestjs/common';
 import { Public } from './core/auth';
 import { Config, SkipThrottle } from './fundamentals';

-@Controller('/')
+@Controller('/info')
 export class AppController {
  constructor(private readonly config: Config) {}

@@ -15,7 +15,7 @@ export class AppController {
      compatibility: this.config.version,
      message: `AFFiNE ${this.config.version} Server`,
      type: this.config.type,
-      flavor: this.config.flavor,
+      flavor: this.config.flavor.type,
    };
  }
 }
--- a/packages/backend/server/src/app.module.ts
+++ b/packages/backend/server/src/app.module.ts
@@ -1,5 +1,3 @@
-import { join } from 'node:path';
-
 import {
  DynamicModule,
  ForwardReference,
@@ -7,16 +5,16 @@ import {
  Module,
 } from '@nestjs/common';
 import { ScheduleModule } from '@nestjs/schedule';
-import { ServeStaticModule } from '@nestjs/serve-static';
 import { get } from 'lodash-es';

 import { AppController } from './app.controller';
 import { AuthModule } from './core/auth';
 import { ADD_ENABLED_FEATURES, ServerConfigModule } from './core/config';
-import { DocModule } from './core/doc';
+import { DocStorageModule } from './core/doc';
 import { FeatureModule } from './core/features';
+import { PermissionModule } from './core/permission';
 import { QuotaModule } from './core/quota';
-import { CustomSetupModule } from './core/setup';
+import { SelfhostModule } from './core/selfhost';
 import { StorageModule } from './core/storage';
 import { SyncModule } from './core/sync';
 import { UserModule } from './core/user';
@@ -137,7 +135,7 @@ export class AppModuleBuilder {
  compile() {
    @Module({
      imports: this.modules,
-      controllers: this.config.isSelfhosted ? [] : [AppController],
+      controllers: [AppController],
    })
    class AppModule {}

@@ -145,20 +143,20 @@ export class AppModuleBuilder {
  }
 }

-function buildAppModule() {
+export function buildAppModule() {
  AFFiNE = mergeConfigOverride(AFFiNE);
  const factor = new AppModuleBuilder(AFFiNE);

  factor
-    // common fundamental modules
+    // basic
    .use(...FunctionalityModules)
    .useIf(config => config.flavor.sync, WebSocketModule)

    // auth
-    .use(AuthModule)
+    .use(UserModule, AuthModule, PermissionModule)

    // business modules
-    .use(DocModule)
+    .use(DocStorageModule)

    // sync server only
    .useIf(config => config.flavor.sync, SyncModule)
@@ -166,28 +164,16 @@ function buildAppModule() {
    // graphql server only
    .useIf(
      config => config.flavor.graphql,
-      ServerConfigModule,
      GqlModule,
      StorageModule,
-      UserModule,
+      ServerConfigModule,
      WorkspaceModule,
      FeatureModule,
      QuotaModule
    )

    // self hosted server only
-    .useIf(
-      config => config.isSelfhosted,
-      CustomSetupModule,
-      ServeStaticModule.forRoot({
-        rootPath: join('/app', 'static'),
-        exclude: ['/admin*'],
-      }),
-      ServeStaticModule.forRoot({
-        rootPath: join('/app', 'static', 'admin'),
-        serveRoot: '/admin',
-      })
-    );
+    .useIf(config => config.isSelfhosted, SelfhostModule);

  // plugin modules
  ENABLED_PLUGINS.forEach(name => {
--- a/packages/backend/server/src/core/auth/resolver.ts
+++ b/packages/backend/server/src/core/auth/resolver.ts
@@ -16,11 +16,13 @@ import {
  EmailTokenNotFound,
  EmailVerificationRequired,
  InvalidEmailToken,
+  LinkExpired,
  SameEmailProvided,
  SkipThrottle,
  Throttle,
  URLHelper,
 } from '../../fundamentals';
+import { Admin } from '../common';
 import { UserService } from '../user';
 import { UserType } from '../user/types';
 import { validators } from '../utils/validators';
@@ -88,12 +90,17 @@ export class AuthResolver {
    };
  }

-  @Mutation(() => UserType)
+  @Public()
+  @Mutation(() => Boolean)
  async changePassword(
-    @CurrentUser() user: CurrentUser,
    @Args('token') token: string,
-    @Args('newPassword') newPassword: string
+    @Args('newPassword') newPassword: string,
+    @Args('userId', { type: () => String, nullable: true }) userId?: string
  ) {
+    if (!userId) {
+      throw new LinkExpired();
+    }
+
    const config = await this.config.runtime.fetchAll({
      'auth/password.max': true,
      'auth/password.min': true,
@@ -107,7 +114,7 @@ export class AuthResolver {
      TokenType.ChangePassword,
      token,
      {
-        credential: user.id,
+        credential: userId,
      }
    );

@@ -115,10 +122,10 @@ export class AuthResolver {
      throw new InvalidEmailToken();
    }

-    await this.auth.changePassword(user.id, newPassword);
-    await this.auth.revokeUserSessions(user.id);
+    await this.auth.changePassword(userId, newPassword);
+    await this.auth.revokeUserSessions(userId);

-    return user;
+    return true;
  }

  @Mutation(() => UserType)
@@ -162,7 +169,7 @@ export class AuthResolver {
      user.id
    );

-    const url = this.url.link(callbackUrl, { token });
+    const url = this.url.link(callbackUrl, { userId: user.id, token });

    const res = await this.auth.sendChangePasswordEmail(user.email, url);

@@ -175,19 +182,7 @@ export class AuthResolver {
    @Args('callbackUrl') callbackUrl: string,
    @Args('email', { nullable: true }) _email?: string
  ) {
-    if (!user.emailVerified) {
-      throw new EmailVerificationRequired();
-    }
-
-    const token = await this.token.createToken(
-      TokenType.ChangePassword,
-      user.id
-    );
-
-    const url = this.url.link(callbackUrl, { token });
-
-    const res = await this.auth.sendSetPasswordEmail(user.email, url);
-    return !res.rejected.length;
+    return this.sendChangePasswordEmail(user, callbackUrl);
  }

  // The change email step is:
@@ -291,4 +286,20 @@ export class AuthResolver {

    return emailVerifiedAt !== null;
  }
+
+  @Admin()
+  @Mutation(() => String, {
+    description: 'Create change password url',
+  })
+  async createChangePasswordUrl(
+    @Args('userId') userId: string,
+    @Args('callbackUrl') callbackUrl: string
+  ): Promise<string> {
+    const token = await this.token.createToken(
+      TokenType.ChangePassword,
+      userId
+    );
+
+    return this.url.link(callbackUrl, { userId, token });
+  }
 }
--- a/packages/backend/server/src/core/auth/service.ts
+++ b/packages/backend/server/src/core/auth/service.ts
@@ -3,7 +3,7 @@ import { Cron, CronExpression } from '@nestjs/schedule';
 import type { User, UserSession } from '@prisma/client';
 import { PrismaClient } from '@prisma/client';
 import type { CookieOptions, Request, Response } from 'express';
-import { assign, omit } from 'lodash-es';
+import { assign, pick } from 'lodash-es';

 import { Config, EmailAlreadyUsed, MailService } from '../../fundamentals';
 import { FeatureManagementService } from '../features/management';
@@ -41,13 +41,11 @@ export function sessionUser(
    'id' | 'email' | 'avatarUrl' | 'name' | 'emailVerifiedAt'
  > & { password?: string | null }
 ): CurrentUser {
-  return assign(
-    omit(user, 'password', 'registered', 'emailVerifiedAt', 'createdAt'),
-    {
-      hasPassword: user.password !== null,
-      emailVerified: user.emailVerifiedAt !== null,
-    }
-  );
+  // use pick to avoid unexpected fields
+  return assign(pick(user, 'id', 'email', 'avatarUrl', 'name'), {
+    hasPassword: user.password !== null,
+    emailVerified: user.emailVerifiedAt !== null,
+  });
 }

@Injectable()
@@ -85,7 +83,7 @@ export class AuthService implements OnApplicationBootstrap {
        await this.quota.switchUserQuota(devUser.id, QuotaType.ProPlanV1);
        await this.feature.addAdmin(devUser.id);
        await this.feature.addCopilot(devUser.id);
-      } catch (e) {
+      } catch {
        // ignore
      }
    }
--- a/packages/backend/server/src/core/config/index.ts
+++ b/packages/backend/server/src/core/config/index.ts
@@ -4,17 +4,23 @@ import { Module } from '@nestjs/common';

 import {
  ServerConfigResolver,
+  ServerFeatureConfigResolver,
  ServerRuntimeConfigResolver,
  ServerServiceConfigResolver,
 } from './resolver';
+import { ServerService } from './service';

@Module({
  providers: [
+    ServerService,
    ServerConfigResolver,
+    ServerFeatureConfigResolver,
    ServerRuntimeConfigResolver,
    ServerServiceConfigResolver,
  ],
+  exports: [ServerService],
 })
 export class ServerConfigModule {}
-export { ADD_ENABLED_FEATURES, ServerConfigType } from './resolver';
+export { ServerService };
+export { ADD_ENABLED_FEATURES } from './server-feature';
 export { ServerFeature } from './types';
--- a/packages/backend/server/src/core/config/resolver.ts
+++ b/packages/backend/server/src/core/config/resolver.ts
@@ -9,27 +9,18 @@ import {
  ResolveField,
  Resolver,
 } from '@nestjs/graphql';
-import { PrismaClient, RuntimeConfig, RuntimeConfigType } from '@prisma/client';
+import { RuntimeConfig, RuntimeConfigType } from '@prisma/client';
 import { GraphQLJSON, GraphQLJSONObject } from 'graphql-scalars';

-import { Config, DeploymentType, URLHelper } from '../../fundamentals';
+import { Config, URLHelper } from '../../fundamentals';
 import { Public } from '../auth';
 import { Admin } from '../common';
+import { FeatureType } from '../features';
+import { AvailableUserFeatureConfig } from '../features/resolver';
 import { ServerFlags } from './config';
-import { ServerFeature } from './types';
-
-const ENABLED_FEATURES: Set<ServerFeature> = new Set();
-export function ADD_ENABLED_FEATURES(feature: ServerFeature) {
-  ENABLED_FEATURES.add(feature);
-}
-
-registerEnumType(ServerFeature, {
-  name: 'ServerFeature',
-});
-
-registerEnumType(DeploymentType, {
-  name: 'ServerDeploymentType',
-});
+import { ENABLED_FEATURES } from './server-feature';
+import { ServerService } from './service';
+import { ServerConfigType } from './types';

@ObjectType()
 export class PasswordLimitsType {
@@ -45,36 +36,6 @@ export class CredentialsRequirementType {
  password!: PasswordLimitsType;
 }

-@ObjectType()
-export class ServerConfigType {
-  @Field({
-    description:
-      'server identical name could be shown as badge on user interface',
-  })
-  name!: string;
-
-  @Field({ description: 'server version' })
-  version!: string;
-
-  @Field({ description: 'server base url' })
-  baseUrl!: string;
-
-  @Field(() => DeploymentType, { description: 'server type' })
-  type!: DeploymentType;
-
-  /**
-   * @deprecated
-   */
-  @Field({ description: 'server flavor', deprecationReason: 'use `features`' })
-  flavor!: string;
-
-  @Field(() => [ServerFeature], { description: 'enabled server features' })
-  features!: ServerFeature[];
-
-  @Field({ description: 'enable telemetry' })
-  enableTelemetry!: boolean;
-}
-
 registerEnumType(RuntimeConfigType, {
  name: 'RuntimeConfigType',
 });
@@ -116,7 +77,7 @@ export class ServerConfigResolver {
  constructor(
    private readonly config: Config,
    private readonly url: URLHelper,
-    private readonly db: PrismaClient
+    private readonly server: ServerService
  ) {}

  @Public()
@@ -171,7 +132,21 @@ export class ServerConfigResolver {
    description: 'whether server has been initialized',
  })
  async initialized() {
-    return (await this.db.user.count()) > 0;
+    return this.server.initialized();
+  }
+}
+
+@Resolver(() => ServerConfigType)
+export class ServerFeatureConfigResolver extends AvailableUserFeatureConfig {
+  constructor(config: Config) {
+    super(config);
+  }
+
+  @ResolveField(() => [FeatureType], {
+    description: 'Features for user that can be configured',
+  })
+  override availableUserFeatures() {
+    return super.availableUserFeatures();
  }
 }

--- a/packages/backend/server/src/core/config/server-feature.ts
+++ b/packages/backend/server/src/core/config/server-feature.ts
@@ -0,0 +1,7 @@
+import { ServerFeature } from './types';
+
+export const ENABLED_FEATURES: Set<ServerFeature> = new Set();
+export function ADD_ENABLED_FEATURES(feature: ServerFeature) {
+  ENABLED_FEATURES.add(feature);
+}
+export { ServerFeature };
--- a/packages/backend/server/src/core/config/service.ts
+++ b/packages/backend/server/src/core/config/service.ts
@@ -0,0 +1,17 @@
+import { Injectable } from '@nestjs/common';
+import { PrismaClient } from '@prisma/client';
+
+@Injectable()
+export class ServerService {
+  private _initialized: boolean | null = null;
+  constructor(private readonly db: PrismaClient) {}
+
+  async initialized() {
+    if (!this._initialized) {
+      const userCount = await this.db.user.count();
+      this._initialized = userCount > 0;
+    }
+
+    return this._initialized;
+  }
+}
--- a/packages/backend/server/src/core/config/types.ts
+++ b/packages/backend/server/src/core/config/types.ts
@@ -1,5 +1,47 @@
+import { Field, ObjectType, registerEnumType } from '@nestjs/graphql';
+
+import { DeploymentType } from '../../fundamentals';
+
 export enum ServerFeature {
  Copilot = 'copilot',
  Payment = 'payment',
  OAuth = 'oauth',
 }
+
+registerEnumType(ServerFeature, {
+  name: 'ServerFeature',
+});
+
+registerEnumType(DeploymentType, {
+  name: 'ServerDeploymentType',
+});
+
+@ObjectType()
+export class ServerConfigType {
+  @Field({
+    description:
+      'server identical name could be shown as badge on user interface',
+  })
+  name!: string;
+
+  @Field({ description: 'server version' })
+  version!: string;
+
+  @Field({ description: 'server base url' })
+  baseUrl!: string;
+
+  @Field(() => DeploymentType, { description: 'server type' })
+  type!: DeploymentType;
+
+  /**
+   * @deprecated
+   */
+  @Field({ description: 'server flavor', deprecationReason: 'use `features`' })
+  flavor!: string;
+
+  @Field(() => [ServerFeature], { description: 'enabled server features' })
+  features!: ServerFeature[];
+
+  @Field({ description: 'enable telemetry' })
+  enableTelemetry!: boolean;
+}
--- a/packages/backend/server/src/core/doc/adapters/userspace.ts
+++ b/packages/backend/server/src/core/doc/adapters/userspace.ts
@@ -0,0 +1,179 @@
+import { Injectable } from '@nestjs/common';
+import { PrismaClient } from '@prisma/client';
+
+import { Mutex } from '../../../fundamentals';
+import { DocStorageOptions } from '../options';
+import { DocRecord, DocStorageAdapter } from '../storage';
+
+@Injectable()
+export class PgUserspaceDocStorageAdapter extends DocStorageAdapter {
+  constructor(
+    private readonly db: PrismaClient,
+    private readonly mutex: Mutex,
+    options: DocStorageOptions
+  ) {
+    super(options);
+  }
+
+  // no updates queue for userspace, directly merge them inplace
+  // no history record for userspace
+  protected async getDocUpdates() {
+    return [];
+  }
+
+  protected async markUpdatesMerged() {
+    return 0;
+  }
+
+  async listDocHistories() {
+    return [];
+  }
+
+  async getDocHistory() {
+    return null;
+  }
+
+  protected async createDocHistory() {
+    return false;
+  }
+
+  override async rollbackDoc() {
+    return;
+  }
+
+  override async getDoc(spaceId: string, docId: string) {
+    return this.getDocSnapshot(spaceId, docId);
+  }
+
+  async pushDocUpdates(userId: string, docId: string, updates: Uint8Array[]) {
+    if (!updates.length) {
+      return 0;
+    }
+
+    await using _lock = await this.lockDocForUpdate(userId, docId);
+    const snapshot = await this.getDocSnapshot(userId, docId);
+    const now = Date.now();
+    const pendings = updates.map((update, i) => ({
+      bin: update,
+      timestamp: now + i,
+    }));
+
+    const { timestamp, bin } = await this.squash(
+      snapshot ? [snapshot, ...pendings] : pendings
+    );
+
+    await this.setDocSnapshot({
+      spaceId: userId,
+      docId,
+      bin,
+      timestamp,
+    });
+
+    return timestamp;
+  }
+
+  async deleteDoc(userId: string, docId: string) {
+    await this.db.userSnapshot.deleteMany({
+      where: {
+        userId,
+        id: docId,
+      },
+    });
+  }
+
+  async deleteSpace(userId: string) {
+    await this.db.userSnapshot.deleteMany({
+      where: {
+        userId,
+      },
+    });
+  }
+
+  async getSpaceDocTimestamps(userId: string, after?: number) {
+    const snapshots = await this.db.userSnapshot.findMany({
+      select: {
+        id: true,
+        updatedAt: true,
+      },
+      where: {
+        userId,
+        ...(after
+          ? {
+              updatedAt: {
+                gt: new Date(after),
+              },
+            }
+          : {}),
+      },
+    });
+
+    const result: Record<string, number> = {};
+
+    snapshots.forEach(s => {
+      result[s.id] = s.updatedAt.getTime();
+    });
+
+    return result;
+  }
+
+  protected async getDocSnapshot(userId: string, docId: string) {
+    const snapshot = await this.db.userSnapshot.findUnique({
+      where: {
+        userId_id: {
+          userId,
+          id: docId,
+        },
+      },
+    });
+
+    if (!snapshot) {
+      return null;
+    }
+
+    return {
+      spaceId: userId,
+      docId,
+      bin: snapshot.blob,
+      timestamp: snapshot.updatedAt.getTime(),
+    };
+  }
+
+  protected async setDocSnapshot(snapshot: DocRecord) {
+    // we always get lock before writing to user snapshot table,
+    // so a simple upsert without testing on updatedAt is safe
+    await this.db.userSnapshot.upsert({
+      where: {
+        userId_id: {
+          userId: snapshot.spaceId,
+          id: snapshot.docId,
+        },
+      },
+      update: {
+        blob: Buffer.from(snapshot.bin),
+        updatedAt: new Date(snapshot.timestamp),
+      },
+      create: {
+        userId: snapshot.spaceId,
+        id: snapshot.docId,
+        blob: Buffer.from(snapshot.bin),
+        createdAt: new Date(snapshot.timestamp),
+        updatedAt: new Date(snapshot.timestamp),
+      },
+    });
+
+    return true;
+  }
+
+  protected override async lockDocForUpdate(
+    workspaceId: string,
+    docId: string
+  ) {
+    const lock = await this.mutex.lock(`userspace:${workspaceId}:${docId}`);
+
+    if (!lock) {
+      throw new Error('Too many concurrent writings');
+    }
+
+    return lock;
+  }
+}
--- a/packages/backend/server/src/core/doc/adapters/workspace.ts
+++ b/packages/backend/server/src/core/doc/adapters/workspace.ts
@@ -0,0 +1,594 @@
+import { Injectable, Logger } from '@nestjs/common';
+import { PrismaClient } from '@prisma/client';
+import { chunk } from 'lodash-es';
+
+import {
+  Cache,
+  DocHistoryNotFound,
+  DocNotFound,
+  FailedToSaveUpdates,
+  FailedToUpsertSnapshot,
+  metrics,
+  Mutex,
+} from '../../../fundamentals';
+import { retryable } from '../../../fundamentals/utils/promise';
+import { DocStorageOptions } from '../options';
+import {
+  DocRecord,
+  DocStorageAdapter,
+  DocUpdate,
+  HistoryFilter,
+} from '../storage';
+
+const UPDATES_QUEUE_CACHE_KEY = 'doc:manager:updates';
+
+@Injectable()
+export class PgWorkspaceDocStorageAdapter extends DocStorageAdapter {
+  private readonly logger = new Logger(PgWorkspaceDocStorageAdapter.name);
+
+  constructor(
+    private readonly db: PrismaClient,
+    private readonly mutex: Mutex,
+    private readonly cache: Cache,
+    protected override readonly options: DocStorageOptions
+  ) {
+    super(options);
+  }
+
+  async pushDocUpdates(
+    workspaceId: string,
+    docId: string,
+    updates: Uint8Array[]
+  ) {
+    if (!updates.length) {
+      return 0;
+    }
+
+    let pendings = updates;
+    let done = 0;
+    let timestamp = Date.now();
+    try {
+      await retryable(async () => {
+        if (done !== 0) {
+          pendings = pendings.slice(done);
+        }
+
+        // TODO(@forehalo): remove in next release
+        const lastSeq = await this.getUpdateSeq(
+          workspaceId,
+          docId,
+          updates.length
+        );
+
+        let turn = 0;
+        const batchCount = 10;
+        for (const batch of chunk(pendings, batchCount)) {
+          const now = Date.now();
+          await this.db.update.createMany({
+            data: batch.map((update, i) => {
+              const subSeq = turn * batchCount + i + 1;
+              // `seq` is the last seq num of the batch
+              // example for 11 batched updates, start from seq num 20
+              // seq for first update in the batch should be:
+              // 31             - 11                + subSeq(0        * 10          + 0 + 1) = 21
+              // ^ last seq num   ^ updates.length           ^ turn     ^ batchCount  ^i
+              const seq = lastSeq - updates.length + subSeq;
+              const createdAt = now + subSeq;
+              timestamp = Math.max(timestamp, createdAt);
+
+              return {
+                workspaceId,
+                id: docId,
+                blob: Buffer.from(update),
+                seq,
+                createdAt: new Date(createdAt),
+              };
+            }),
+          });
+          turn++;
+          done += batch.length;
+          await this.updateCachedUpdatesCount(workspaceId, docId, batch.length);
+        }
+      });
+    } catch (e) {
+      this.logger.error('Failed to insert doc updates', e);
+      metrics.doc.counter('doc_update_insert_failed').add(1);
+      throw new FailedToSaveUpdates();
+    }
+
+    return timestamp;
+  }
+
+  protected async getDocUpdates(workspaceId: string, docId: string) {
+    const rows = await this.db.update.findMany({
+      where: {
+        workspaceId,
+        id: docId,
+      },
+      orderBy: {
+        createdAt: 'asc',
+      },
+    });
+
+    return rows.map(row => ({
+      bin: row.blob,
+      timestamp: row.createdAt.getTime(),
+    }));
+  }
+
+  async deleteDoc(workspaceId: string, docId: string) {
+    const ident = { where: { workspaceId, id: docId } };
+    await this.db.$transaction([
+      this.db.snapshot.deleteMany(ident),
+      this.db.update.deleteMany(ident),
+      this.db.snapshotHistory.deleteMany(ident),
+    ]);
+  }
+
+  async deleteSpace(workspaceId: string) {
+    const ident = { where: { workspaceId } };
+    await this.db.$transaction([
+      this.db.workspace.deleteMany({
+        where: {
+          id: workspaceId,
+        },
+      }),
+      this.db.snapshot.deleteMany(ident),
+      this.db.update.deleteMany(ident),
+      this.db.snapshotHistory.deleteMany(ident),
+    ]);
+  }
+
+  async getSpaceDocTimestamps(workspaceId: string, after?: number) {
+    const snapshots = await this.db.snapshot.findMany({
+      select: {
+        id: true,
+        updatedAt: true,
+      },
+      where: {
+        workspaceId,
+        ...(after
+          ? {
+              updatedAt: {
+                gt: new Date(after),
+              },
+            }
+          : {}),
+      },
+    });
+
+    const updates = await this.db.update.groupBy({
+      where: {
+        workspaceId,
+        ...(after
+          ? {
+              createdAt: {
+                gt: new Date(after),
+              },
+            }
+          : {}),
+      },
+      by: ['id'],
+      _max: {
+        createdAt: true,
+      },
+    });
+
+    const result: Record<string, number> = {};
+
+    snapshots.forEach(s => {
+      result[s.id] = s.updatedAt.getTime();
+    });
+
+    updates.forEach(u => {
+      if (u._max.createdAt) {
+        result[u.id] = u._max.createdAt.getTime();
+      }
+    });
+
+    return result;
+  }
+
+  protected async markUpdatesMerged(
+    workspaceId: string,
+    docId: string,
+    updates: DocUpdate[]
+  ) {
+    const result = await this.db.update.deleteMany({
+      where: {
+        workspaceId,
+        id: docId,
+        createdAt: {
+          in: updates.map(u => new Date(u.timestamp)),
+        },
+      },
+    });
+
+    await this.updateCachedUpdatesCount(workspaceId, docId, -result.count);
+    return result.count;
+  }
+
+  async listDocHistories(
+    workspaceId: string,
+    docId: string,
+    query: HistoryFilter
+  ) {
+    const histories = await this.db.snapshotHistory.findMany({
+      select: {
+        timestamp: true,
+      },
+      where: {
+        workspaceId,
+        id: docId,
+        timestamp: {
+          lt: query.before ? new Date(query.before) : new Date(),
+        },
+      },
+      orderBy: {
+        timestamp: 'desc',
+      },
+      take: query.limit,
+    });
+
+    return histories.map(h => h.timestamp.getTime());
+  }
+
+  async getDocHistory(workspaceId: string, docId: string, timestamp: number) {
+    const history = await this.db.snapshotHistory.findUnique({
+      where: {
+        workspaceId_id_timestamp: {
+          workspaceId,
+          id: docId,
+          timestamp: new Date(timestamp),
+        },
+      },
+    });
+
+    if (!history) {
+      return null;
+    }
+
+    return {
+      spaceId: workspaceId,
+      docId,
+      bin: history.blob,
+      timestamp,
+    };
+  }
+
+  override async rollbackDoc(
+    spaceId: string,
+    docId: string,
+    timestamp: number
+  ): Promise<void> {
+    await using _lock = await this.lockDocForUpdate(spaceId, docId);
+    const toSnapshot = await this.getDocHistory(spaceId, docId, timestamp);
+    if (!toSnapshot) {
+      throw new DocHistoryNotFound({ spaceId, docId, timestamp });
+    }
+
+    const fromSnapshot = await this.getDocSnapshot(spaceId, docId);
+
+    if (!fromSnapshot) {
+      throw new DocNotFound({ spaceId, docId });
+    }
+
+    // force create a new history record after rollback
+    await this.createDocHistory(fromSnapshot, true);
+    // WARN:
+    //  we should never do the snapshot updating in recovering,
+    //  which is not the solution in CRDT.
+    //  let user revert in client and update the data in sync system
+    //    const change = this.generateChangeUpdate(fromSnapshot.bin, toSnapshot.bin);
+    //    await this.pushDocUpdates(spaceId, docId, [change]);
+
+    metrics.doc
+      .counter('history_recovered_counter', {
+        description: 'How many times history recovered request happened',
+      })
+      .add(1);
+  }
+
+  protected async createDocHistory(snapshot: DocRecord, force = false) {
+    const last = await this.lastDocHistory(snapshot.spaceId, snapshot.docId);
+
+    let shouldCreateHistory = false;
+
+    if (!last) {
+      // never created
+      shouldCreateHistory = true;
+    } else {
+      const lastHistoryTimestamp = last.timestamp.getTime();
+      if (lastHistoryTimestamp === snapshot.timestamp) {
+        // no change
+        shouldCreateHistory = false;
+      } else if (
+        // force
+        force ||
+        // last history created before interval in configs
+        lastHistoryTimestamp <
+          snapshot.timestamp - this.options.historyMinInterval(snapshot.spaceId)
+      ) {
+        shouldCreateHistory = true;
+      }
+    }
+
+    if (shouldCreateHistory) {
+      if (this.isEmptyBin(snapshot.bin)) {
+        this.logger.debug(
+          `Doc is empty, skip creating history record for ${snapshot.docId} in workspace ${snapshot.spaceId}`
+        );
+        return false;
+      }
+
+      await this.db.snapshotHistory
+        .create({
+          select: {
+            timestamp: true,
+          },
+          data: {
+            workspaceId: snapshot.spaceId,
+            id: snapshot.docId,
+            timestamp: new Date(snapshot.timestamp),
+            blob: Buffer.from(snapshot.bin),
+            expiredAt: new Date(
+              Date.now() + (await this.options.historyMaxAge(snapshot.spaceId))
+            ),
+          },
+        })
+        .catch(() => {
+          // safe to ignore
+          // only happens when duplicated history record created in multi processes
+        });
+
+      metrics.doc
+        .counter('history_created_counter', {
+          description: 'How many times the snapshot history created',
+        })
+        .add(1);
+      this.logger.debug(
+        `History created for ${snapshot.docId} in workspace ${snapshot.spaceId}.`
+      );
+      return true;
+    }
+
+    return false;
+  }
+
+  protected async getDocSnapshot(workspaceId: string, docId: string) {
+    const snapshot = await this.db.snapshot.findUnique({
+      where: {
+        id_workspaceId: {
+          workspaceId,
+          id: docId,
+        },
+      },
+    });
+
+    if (!snapshot) {
+      return null;
+    }
+
+    return {
+      spaceId: workspaceId,
+      docId,
+      bin: snapshot.blob,
+      timestamp: snapshot.updatedAt.getTime(),
+    };
+  }
+
+  protected async setDocSnapshot(snapshot: DocRecord) {
+    const { spaceId, docId, bin, timestamp } = snapshot;
+
+    if (this.isEmptyBin(bin)) {
+      return false;
+    }
+
+    const updatedAt = new Date(timestamp);
+
+    // CONCERNS:
+    //   i. Because we save the real user's last seen action time as `updatedAt`,
+    //      it's possible to simply compare the `updatedAt` to determine if the snapshot is older than the one we are going to save.
+    //
+    //  ii. Prisma doesn't support `upsert` with additional `where` condition along side unique constraint.
+    //      In our case, we need to manually check the `updatedAt` to avoid overriding the newer snapshot.
+    //      where: { id_workspaceId: {}, updatedAt: { lt: updatedAt } }
+    //                                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+    try {
+      const result: { updatedAt: Date }[] = await this.db.$queryRaw`
+        INSERT INTO "snapshots" ("workspace_id", "guid", "blob", "created_at", "updated_at")
+        VALUES (${spaceId}, ${docId}, ${bin}, DEFAULT, ${updatedAt})
+        ON CONFLICT ("workspace_id", "guid")
+        DO UPDATE SET "blob" = ${bin}, "updated_at" = ${updatedAt}
+        WHERE "snapshots"."workspace_id" = ${spaceId} AND "snapshots"."guid" = ${docId} AND "snapshots"."updated_at" <= ${updatedAt}
+        RETURNING "snapshots"."workspace_id" as "workspaceId", "snapshots"."guid" as "id", "snapshots"."updated_at" as "updatedAt"
+      `;
+
+      // const result = await this.db.snapshot.upsert({
+      //   select: {
+      //     updatedAt: true,
+      //     seq: true,
+      //   },
+      //   where: {
+      //     id_workspaceId: {
+      //       workspaceId,
+      //       id: guid,
+      //     },
+      //     ⬇️ NOT SUPPORTED BY PRISMA YET
+      //     updatedAt: {
+      //       lt: updatedAt,
+      //     },
+      //   },
+      //   update: {
+      //     blob,
+      //     state,
+      //     updatedAt,
+      //   },
+      //   create: {
+      //     workspaceId,
+      //     id: guid,
+      //     blob,
+      //     state,
+      //     updatedAt,
+      //     seq,
+      //   },
+      // });
+
+      // if the condition `snapshot.updatedAt > updatedAt` is true, by which means the snapshot has already been updated by other process,
+      // the updates has been applied to current `doc` must have been seen by the other process as well.
+      // The `updatedSnapshot` will be `undefined` in this case.
+      const updatedSnapshot = result.at(0);
+      return !!updatedSnapshot;
+    } catch (e) {
+      metrics.doc.counter('snapshot_upsert_failed').add(1);
+      this.logger.error('Failed to upsert snapshot', e);
+      throw new FailedToUpsertSnapshot();
+    }
+  }
+
+  protected override async lockDocForUpdate(
+    workspaceId: string,
+    docId: string
+  ) {
+    const lock = await this.mutex.lock(`doc:update:${workspaceId}:${docId}`);
+
+    if (!lock) {
+      throw new Error('Too many concurrent writings');
+    }
+
+    return lock;
+  }
+
+  protected async lastDocHistory(workspaceId: string, id: string) {
+    return this.db.snapshotHistory.findFirst({
+      where: {
+        workspaceId,
+        id,
+      },
+      select: {
+        timestamp: true,
+        state: true,
+      },
+      orderBy: {
+        timestamp: 'desc',
+      },
+    });
+  }
+
+  // for auto merging
+  async randomDoc() {
+    const key = await this.cache.mapRandomKey(UPDATES_QUEUE_CACHE_KEY);
+
+    if (key) {
+      const cachedCount = await this.cache.mapIncrease(
+        UPDATES_QUEUE_CACHE_KEY,
+        key,
+        0
+      );
+
+      if (cachedCount > 0) {
+        const [workspaceId, id] = key.split('::');
+        const count = await this.db.update.count({
+          where: {
+            workspaceId,
+            id,
+          },
+        });
+
+        // FIXME(@forehalo): somehow the update count in cache is not accurate
+        if (count === 0) {
+          metrics.doc
+            .counter('doc_update_count_inconsistent_with_cache')
+            .add(1);
+          await this.cache.mapDelete(UPDATES_QUEUE_CACHE_KEY, key);
+          return null;
+        }
+
+        return { workspaceId, docId: id };
+      }
+    }
+
+    return null;
+  }
+
+  private async updateCachedUpdatesCount(
+    workspaceId: string,
+    guid: string,
+    count: number
+  ) {
+    const result = await this.cache.mapIncrease(
+      UPDATES_QUEUE_CACHE_KEY,
+      `${workspaceId}::${guid}`,
+      count
+    );
+
+    if (result <= 0) {
+      await this.cache.mapDelete(
+        UPDATES_QUEUE_CACHE_KEY,
+        `${workspaceId}::${guid}`
+      );
+    }
+  }
+
+  /**
+   * @deprecated
+   */
+  private readonly seqMap = new Map<string, number>();
+  /**
+   *
+   * @deprecated updates do not rely on seq number anymore
+   *
+   * keep in next release to avoid downtime when upgrading instances
+   */
+  private async getUpdateSeq(workspaceId: string, guid: string, batch = 1) {
+    const MAX_SEQ_NUM = 0x3fffffff; // u31
+
+    try {
+      const { seq } = await this.db.snapshot.update({
+        select: {
+          seq: true,
+        },
+        where: {
+          id_workspaceId: {
+            workspaceId,
+            id: guid,
+          },
+        },
+        data: {
+          seq: {
+            increment: batch,
+          },
+        },
+      });
+
+      if (!seq) {
+        return batch;
+      }
+
+      // reset
+      if (seq >= MAX_SEQ_NUM) {
+        await this.db.snapshot.update({
+          select: {
+            seq: true,
+          },
+          where: {
+            id_workspaceId: {
+              workspaceId,
+              id: guid,
+            },
+          },
+          data: {
+            seq: 0,
+          },
+        });
+      }
+
+      return seq;
+    } catch {
+      // not existing snapshot just count it from 1
+      const last = this.seqMap.get(workspaceId + guid) ?? 0;
+      this.seqMap.set(workspaceId + guid, last + batch);
+      return last + batch;
+    }
+  }
+}
--- a/packages/backend/server/src/core/doc/history.ts
+++ b/packages/backend/server/src/core/doc/history.ts
@@ -1,266 +0,0 @@
-import { isDeepStrictEqual } from 'node:util';
-
-import { Injectable, Logger } from '@nestjs/common';
-import { Cron, CronExpression } from '@nestjs/schedule';
-import { PrismaClient } from '@prisma/client';
-
-import type { EventPayload } from '../../fundamentals';
-import {
-  Config,
-  DocHistoryNotFound,
-  DocNotFound,
-  metrics,
-  OnEvent,
-  WorkspaceNotFound,
-} from '../../fundamentals';
-import { QuotaService } from '../quota';
-import { Permission } from '../workspaces/types';
-import { isEmptyBuffer } from './manager';
-
-@Injectable()
-export class DocHistoryManager {
-  private readonly logger = new Logger(DocHistoryManager.name);
-  constructor(
-    private readonly config: Config,
-    private readonly db: PrismaClient,
-    private readonly quota: QuotaService
-  ) {}
-
-  @OnEvent('workspace.deleted')
-  onWorkspaceDeleted(workspaceId: EventPayload<'workspace.deleted'>) {
-    return this.db.snapshotHistory.deleteMany({
-      where: {
-        workspaceId,
-      },
-    });
-  }
-
-  @OnEvent('snapshot.deleted')
-  onSnapshotDeleted({ workspaceId, id }: EventPayload<'snapshot.deleted'>) {
-    return this.db.snapshotHistory.deleteMany({
-      where: {
-        workspaceId,
-        id,
-      },
-    });
-  }
-
-  @OnEvent('snapshot.updated')
-  async onDocUpdated(
-    { workspaceId, id, previous }: EventPayload<'snapshot.updated'>,
-    forceCreate = false
-  ) {
-    const last = await this.last(workspaceId, id);
-
-    let shouldCreateHistory = false;
-
-    if (!last) {
-      // never created
-      shouldCreateHistory = true;
-    } else if (last.timestamp === previous.updatedAt) {
-      // no change
-      shouldCreateHistory = false;
-    } else if (
-      // force
-      forceCreate ||
-      // last history created before interval in configs
-      last.timestamp.getTime() <
-        previous.updatedAt.getTime() - this.config.doc.history.interval
-    ) {
-      shouldCreateHistory = true;
-    }
-
-    if (shouldCreateHistory) {
-      // skip the history recording when no actual update on snapshot happended
-      if (last && isDeepStrictEqual(last.state, previous.state)) {
-        this.logger.debug(
-          `State matches, skip creating history record for ${id} in workspace ${workspaceId}`
-        );
-        return;
-      }
-
-      if (isEmptyBuffer(previous.blob)) {
-        this.logger.debug(
-          `Doc is empty, skip creating history record for ${id} in workspace ${workspaceId}`
-        );
-        return;
-      }
-
-      await this.db.snapshotHistory
-        .create({
-          select: {
-            timestamp: true,
-          },
-          data: {
-            workspaceId,
-            id,
-            timestamp: previous.updatedAt,
-            blob: previous.blob,
-            state: previous.state,
-            expiredAt: await this.getExpiredDateFromNow(workspaceId),
-          },
-        })
-        .catch(() => {
-          // safe to ignore
-          // only happens when duplicated history record created in multi processes
-        });
-      metrics.doc
-        .counter('history_created_counter', {
-          description: 'How many times the snapshot history created',
-        })
-        .add(1);
-      this.logger.debug(
-        `History created for ${id} in workspace ${workspaceId}.`
-      );
-    }
-  }
-
-  async list(
-    workspaceId: string,
-    id: string,
-    before: Date = new Date(),
-    take: number = 10
-  ) {
-    return this.db.snapshotHistory.findMany({
-      select: {
-        timestamp: true,
-      },
-      where: {
-        workspaceId,
-        id,
-        timestamp: {
-          lt: before,
-        },
-        // only include the ones has not expired
-        expiredAt: {
-          gt: new Date(),
-        },
-      },
-      orderBy: {
-        timestamp: 'desc',
-      },
-      take,
-    });
-  }
-
-  async count(workspaceId: string, id: string) {
-    return this.db.snapshotHistory.count({
-      where: {
-        workspaceId,
-        id,
-        expiredAt: {
-          gt: new Date(),
-        },
-      },
-    });
-  }
-
-  async get(workspaceId: string, id: string, timestamp: Date) {
-    return this.db.snapshotHistory.findUnique({
-      where: {
-        workspaceId_id_timestamp: {
-          workspaceId,
-          id,
-          timestamp,
-        },
-        expiredAt: {
-          gt: new Date(),
-        },
-      },
-    });
-  }
-
-  async last(workspaceId: string, id: string) {
-    return this.db.snapshotHistory.findFirst({
-      where: {
-        workspaceId,
-        id,
-      },
-      select: {
-        timestamp: true,
-        state: true,
-      },
-      orderBy: {
-        timestamp: 'desc',
-      },
-    });
-  }
-
-  async recover(workspaceId: string, id: string, timestamp: Date) {
-    const history = await this.db.snapshotHistory.findUnique({
-      where: {
-        workspaceId_id_timestamp: {
-          workspaceId,
-          id,
-          timestamp,
-        },
-      },
-    });
-
-    if (!history) {
-      throw new DocHistoryNotFound({
-        workspaceId,
-        docId: id,
-        timestamp: timestamp.getTime(),
-      });
-    }
-
-    const oldSnapshot = await this.db.snapshot.findUnique({
-      where: {
-        id_workspaceId: {
-          id,
-          workspaceId,
-        },
-      },
-    });
-
-    if (!oldSnapshot) {
-      throw new DocNotFound({ workspaceId, docId: id });
-    }
-
-    // save old snapshot as one history record
-    await this.onDocUpdated({ workspaceId, id, previous: oldSnapshot }, true);
-    // WARN:
-    //  we should never do the snapshot updating in recovering,
-    //  which is not the solution in CRDT.
-    //  let user revert in client and update the data in sync system
-    //    `await this.db.snapshot.update();`
-    metrics.doc
-      .counter('history_recovered_counter', {
-        description: 'How many times history recovered request happened',
-      })
-      .add(1);
-
-    return history.timestamp;
-  }
-
-  async getExpiredDateFromNow(workspaceId: string) {
-    const permission = await this.db.workspaceUserPermission.findFirst({
-      select: {
-        userId: true,
-      },
-      where: {
-        workspaceId,
-        type: Permission.Owner,
-      },
-    });
-
-    if (!permission) {
-      throw new WorkspaceNotFound({ workspaceId });
-    }
-
-    const quota = await this.quota.getUserQuota(permission.userId);
-    return quota.feature.historyPeriodFromNow;
-  }
-
-  @Cron(CronExpression.EVERY_DAY_AT_MIDNIGHT /* everyday at 12am */)
-  async cleanupExpiredHistory() {
-    await this.db.snapshotHistory.deleteMany({
-      where: {
-        expiredAt: {
-          lte: new Date(),
-        },
-      },
-    });
-  }
-}
--- a/packages/backend/server/src/core/doc/index.ts
+++ b/packages/backend/server/src/core/doc/index.ts
@@ -2,15 +2,24 @@ import './config';

 import { Module } from '@nestjs/common';

+import { PermissionModule } from '../permission';
 import { QuotaModule } from '../quota';
-import { DocHistoryManager } from './history';
-import { DocManager } from './manager';
+import { PgUserspaceDocStorageAdapter } from './adapters/userspace';
+import { PgWorkspaceDocStorageAdapter } from './adapters/workspace';
+import { DocStorageCronJob } from './job';
+import { DocStorageOptions } from './options';

@Module({
-  imports: [QuotaModule],
-  providers: [DocManager, DocHistoryManager],
-  exports: [DocManager, DocHistoryManager],
+  imports: [QuotaModule, PermissionModule],
+  providers: [
+    DocStorageOptions,
+    PgWorkspaceDocStorageAdapter,
+    PgUserspaceDocStorageAdapter,
+    DocStorageCronJob,
+  ],
+  exports: [PgWorkspaceDocStorageAdapter, PgUserspaceDocStorageAdapter],
 })
-export class DocModule {}
+export class DocStorageModule {}
+export { PgUserspaceDocStorageAdapter, PgWorkspaceDocStorageAdapter };

-export { DocHistoryManager, DocManager };
+export { DocStorageAdapter } from './storage';
--- a/packages/backend/server/src/core/doc/job.ts
+++ b/packages/backend/server/src/core/doc/job.ts
@@ -0,0 +1,76 @@
+import { Injectable, Logger, OnModuleInit } from '@nestjs/common';
+import { Cron, CronExpression, SchedulerRegistry } from '@nestjs/schedule';
+import { PrismaClient } from '@prisma/client';
+
+import { CallTimer, Config, metrics } from '../../fundamentals';
+import { PgWorkspaceDocStorageAdapter } from './adapters/workspace';
+
+@Injectable()
+export class DocStorageCronJob implements OnModuleInit {
+  private readonly logger = new Logger(DocStorageCronJob.name);
+  private busy = false;
+
+  constructor(
+    private readonly registry: SchedulerRegistry,
+    private readonly config: Config,
+    private readonly db: PrismaClient,
+    private readonly workspace: PgWorkspaceDocStorageAdapter
+  ) {}
+
+  onModuleInit() {
+    if (this.config.doc.manager.enableUpdateAutoMerging) {
+      this.registry.addInterval(
+        this.autoMergePendingDocUpdates.name,
+        // scheduler registry will clean up the interval when the app is stopped
+        setInterval(() => {
+          if (this.busy) {
+            return;
+          }
+          this.busy = true;
+          this.autoMergePendingDocUpdates()
+            .catch(() => {
+              /* never fail */
+            })
+            .finally(() => {
+              this.busy = false;
+            });
+        }, this.config.doc.manager.updatePollInterval)
+      );
+
+      this.logger.log('Updates pending queue auto merging cron started');
+    }
+  }
+
+  @CallTimer('doc', 'auto_merge_pending_doc_updates')
+  async autoMergePendingDocUpdates() {
+    try {
+      const randomDoc = await this.workspace.randomDoc();
+      if (!randomDoc) {
+        return;
+      }
+
+      await this.workspace.getDoc(randomDoc.workspaceId, randomDoc.docId);
+    } catch (e) {
+      metrics.doc.counter('auto_merge_pending_doc_updates_error').add(1);
+      this.logger.error('Failed to auto merge pending doc updates', e);
+    }
+  }
+
+  @Cron(CronExpression.EVERY_DAY_AT_MIDNIGHT /* everyday at 12am */)
+  async cleanupExpiredHistory() {
+    await this.db.snapshotHistory.deleteMany({
+      where: {
+        expiredAt: {
+          lte: new Date(),
+        },
+      },
+    });
+  }
+
+  @Cron(CronExpression.EVERY_MINUTE)
+  async reportUpdatesQueueCount() {
+    metrics.doc
+      .gauge('updates_queue_count')
+      .record(await this.db.update.count());
+  }
+}
--- a/packages/backend/server/src/core/doc/manager.ts
+++ b/packages/backend/server/src/core/doc/manager.ts
@@ -1,853 +0,0 @@
-import {
-  Injectable,
-  Logger,
-  OnModuleDestroy,
-  OnModuleInit,
-} from '@nestjs/common';
-import { Cron, CronExpression } from '@nestjs/schedule';
-import { PrismaClient, Snapshot, Update } from '@prisma/client';
-import { chunk } from 'lodash-es';
-import { defer, retry } from 'rxjs';
-import {
-  applyUpdate,
-  Doc,
-  encodeStateAsUpdate,
-  encodeStateVector,
-  transact,
-} from 'yjs';
-
-import type { EventPayload } from '../../fundamentals';
-import {
-  Cache,
-  CallTimer,
-  Config,
-  EventEmitter,
-  mergeUpdatesInApplyWay as jwstMergeUpdates,
-  metrics,
-  OnEvent,
-} from '../../fundamentals';
-
-function compare(yBinary: Buffer, jwstBinary: Buffer, strict = false): boolean {
-  if (yBinary.equals(jwstBinary)) {
-    return true;
-  }
-
-  if (strict) {
-    return false;
-  }
-
-  const doc = new Doc();
-  applyUpdate(doc, jwstBinary);
-
-  const yBinary2 = Buffer.from(encodeStateAsUpdate(doc));
-
-  return compare(yBinary, yBinary2, true);
-}
-
-export function isEmptyBuffer(buf: Buffer): boolean {
-  return (
-    buf.length === 0 ||
-    // 0x0000
-    (buf.length === 2 && buf[0] === 0 && buf[1] === 0)
-  );
-}
-
-const MAX_SEQ_NUM = 0x3fffffff; // u31
-const UPDATES_QUEUE_CACHE_KEY = 'doc:manager:updates';
-
-interface DocResponse {
-  doc: Doc;
-  timestamp: number;
-}
-
-interface BinaryResponse {
-  binary: Buffer;
-  timestamp: number;
-}
-
-/**
- * Since we can't directly save all client updates into database, in which way the database will overload,
- * we need to buffer the updates and merge them to reduce db write.
- *
- * And also, if a new client join, it would be nice to see the latest doc asap,
- * so we need to at least store a snapshot of the doc and return quickly,
- * along side all the updates that have not been applies to that snapshot(timestamp).
- */
-@Injectable()
-export class DocManager implements OnModuleInit, OnModuleDestroy {
-  private readonly logger = new Logger(DocManager.name);
-  private job: NodeJS.Timeout | null = null;
-  private readonly seqMap = new Map<string, number>();
-  private busy = false;
-
-  constructor(
-    private readonly db: PrismaClient,
-    private readonly config: Config,
-    private readonly cache: Cache,
-    private readonly event: EventEmitter
-  ) {}
-
-  onModuleInit() {
-    if (this.config.doc.manager.enableUpdateAutoMerging) {
-      this.logger.log('Use Database');
-      this.setup();
-    }
-  }
-
-  onModuleDestroy() {
-    this.destroy();
-  }
-
-  @CallTimer('doc', 'yjs_recover_updates_to_doc')
-  private recoverDoc(...updates: Buffer[]): Promise<Doc> {
-    const doc = new Doc();
-    const chunks = chunk(updates, 10);
-
-    return new Promise(resolve => {
-      const next = () => {
-        const updates = chunks.shift();
-        if (updates?.length) {
-          transact(doc, () => {
-            updates.forEach(u => {
-              try {
-                applyUpdate(doc, u);
-              } catch (e) {
-                this.logger.error('Failed to apply update', e);
-              }
-            });
-          });
-
-          // avoid applying too many updates in single round which will take the whole cpu time like dead lock
-          setImmediate(() => {
-            next();
-          });
-        } else {
-          resolve(doc);
-        }
-      };
-
-      next();
-    });
-  }
-
-  private async applyUpdates(guid: string, ...updates: Buffer[]): Promise<Doc> {
-    const doc = await this.recoverDoc(...updates);
-
-    const useYocto = await this.config.runtime.fetch(
-      'doc/experimentalMergeWithYOcto'
-    );
-    // test jwst codec
-    if (useYocto) {
-      metrics.jwst.counter('codec_merge_counter').add(1);
-      const yjsResult = Buffer.from(encodeStateAsUpdate(doc));
-      let log = false;
-      try {
-        const jwstResult = jwstMergeUpdates(updates);
-        if (!compare(yjsResult, jwstResult)) {
-          metrics.jwst.counter('codec_not_match').add(1);
-          this.logger.warn(
-            `jwst codec result doesn't match yjs codec result for: ${guid}`
-          );
-          log = true;
-          if (this.config.node.dev) {
-            this.logger.warn(`Expected:\n  ${yjsResult.toString('hex')}`);
-            this.logger.warn(`Result:\n  ${jwstResult.toString('hex')}`);
-          }
-        }
-      } catch (e) {
-        metrics.jwst.counter('codec_fails_counter').add(1);
-        this.logger.warn(`jwst apply update failed for ${guid}: ${e}`);
-        log = true;
-      } finally {
-        if (log && this.config.node.dev) {
-          this.logger.warn(
-            `Updates: ${updates.map(u => u.toString('hex')).join('\n')}`
-          );
-        }
-      }
-    }
-
-    return doc;
-  }
-
-  /**
-   * setup pending update processing loop
-   */
-  setup() {
-    this.job = setInterval(() => {
-      if (!this.busy) {
-        this.busy = true;
-        this.autoSquash()
-          .catch(() => {
-            /* we handle all errors in work itself */
-          })
-          .finally(() => {
-            this.busy = false;
-          });
-      }
-    }, this.config.doc.manager.updatePollInterval);
-
-    this.logger.log('Automation started');
-  }
-
-  /**
-   * stop pending update processing loop
-   */
-  destroy() {
-    if (this.job) {
-      clearInterval(this.job);
-      this.job = null;
-      this.logger.log('Automation stopped');
-    }
-  }
-
-  @OnEvent('workspace.deleted')
-  async onWorkspaceDeleted(workspaceId: string) {
-    await this.db.snapshot.deleteMany({
-      where: {
-        workspaceId,
-      },
-    });
-    await this.db.update.deleteMany({
-      where: {
-        workspaceId,
-      },
-    });
-  }
-
-  @OnEvent('snapshot.deleted')
-  async onSnapshotDeleted({
-    id,
-    workspaceId,
-  }: EventPayload<'snapshot.deleted'>) {
-    await this.db.update.deleteMany({
-      where: {
-        id,
-        workspaceId,
-      },
-    });
-  }
-
-  /**
-   * add update to manager for later processing.
-   */
-  async push(
-    workspaceId: string,
-    guid: string,
-    update: Buffer,
-    retryTimes = 10
-  ) {
-    const timestamp = await new Promise<number>((resolve, reject) => {
-      defer(async () => {
-        const seq = await this.getUpdateSeq(workspaceId, guid);
-        const { createdAt } = await this.db.update.create({
-          select: {
-            createdAt: true,
-          },
-          data: {
-            workspaceId,
-            id: guid,
-            seq,
-            blob: update,
-          },
-        });
-
-        return createdAt.getTime();
-      })
-        .pipe(retry(retryTimes)) // retry until seq num not conflict
-        .subscribe({
-          next: timestamp => {
-            this.logger.debug(
-              `pushed 1 update for ${guid} in workspace ${workspaceId}`
-            );
-            resolve(timestamp);
-          },
-          error: e => {
-            this.logger.error('Failed to push updates', e);
-            reject(new Error('Failed to push update'));
-          },
-        });
-    });
-
-    await this.updateCachedUpdatesCount(workspaceId, guid, 1);
-
-    return timestamp;
-  }
-
-  async batchPush(
-    workspaceId: string,
-    guid: string,
-    updates: Buffer[],
-    retryTimes = 10
-  ) {
-    const timestamp = await new Promise<number>((resolve, reject) => {
-      defer(async () => {
-        const lastSeq = await this.getUpdateSeq(
-          workspaceId,
-          guid,
-          updates.length
-        );
-        const now = Date.now();
-        let timestamp = now;
-        let turn = 0;
-        const batchCount = 10;
-        for (const batch of chunk(updates, batchCount)) {
-          await this.db.update.createMany({
-            data: batch.map((update, i) => {
-              const subSeq = turn * batchCount + i + 1;
-              // `seq` is the last seq num of the batch
-              // example for 11 batched updates, start from seq num 20
-              // seq for first update in the batch should be:
-              // 31             - 11                + subSeq(0        * 10          + 0 + 1) = 21
-              // ^ last seq num   ^ updates.length           ^ turn     ^ batchCount  ^i
-              const seq = lastSeq - updates.length + subSeq;
-              const createdAt = now + subSeq;
-              timestamp = Math.max(timestamp, createdAt);
-
-              return {
-                workspaceId,
-                id: guid,
-                blob: update,
-                seq,
-                createdAt: new Date(createdAt), // make sure the updates can be ordered by create time
-              };
-            }),
-          });
-          turn++;
-        }
-
-        return timestamp;
-      })
-        .pipe(retry(retryTimes)) // retry until seq num not conflict
-        .subscribe({
-          next: timestamp => {
-            this.logger.debug(
-              `pushed ${updates.length} updates for ${guid} in workspace ${workspaceId}`
-            );
-            resolve(timestamp);
-          },
-          error: e => {
-            this.logger.error('Failed to push updates', e);
-            reject(new Error('Failed to push update'));
-          },
-        });
-    });
-    await this.updateCachedUpdatesCount(workspaceId, guid, updates.length);
-
-    return timestamp;
-  }
-
-  /**
-   * Get latest timestamp of all docs in the workspace.
-   */
-  @CallTimer('doc', 'get_doc_timestamps')
-  async getDocTimestamps(workspaceId: string, after: number | undefined = 0) {
-    const snapshots = await this.db.snapshot.findMany({
-      where: {
-        workspaceId,
-        updatedAt: {
-          gt: new Date(after),
-        },
-      },
-      select: {
-        id: true,
-        updatedAt: true,
-      },
-    });
-
-    const updates = await this.db.update.groupBy({
-      where: {
-        workspaceId,
-        createdAt: {
-          gt: new Date(after),
-        },
-      },
-      by: ['id'],
-      _max: {
-        createdAt: true,
-      },
-    });
-
-    const result: Record<string, number> = {};
-
-    snapshots.forEach(s => {
-      result[s.id] = s.updatedAt.getTime();
-    });
-
-    updates.forEach(u => {
-      if (u._max.createdAt) {
-        result[u.id] = u._max.createdAt.getTime();
-      }
-    });
-
-    return result;
-  }
-
-  /**
-   * get the latest doc with all update applied.
-   */
-  async get(workspaceId: string, guid: string): Promise<DocResponse | null> {
-    const result = await this._get(workspaceId, guid);
-    if (result) {
-      if ('doc' in result) {
-        return result;
-      } else {
-        const doc = await this.recoverDoc(result.binary);
-
-        return {
-          doc,
-          timestamp: result.timestamp,
-        };
-      }
-    }
-
-    return null;
-  }
-
-  /**
-   * get the latest doc binary with all update applied.
-   */
-  async getBinary(
-    workspaceId: string,
-    guid: string
-  ): Promise<BinaryResponse | null> {
-    const result = await this._get(workspaceId, guid);
-    if (result) {
-      if ('doc' in result) {
-        return {
-          binary: Buffer.from(encodeStateAsUpdate(result.doc)),
-          timestamp: result.timestamp,
-        };
-      } else {
-        return result;
-      }
-    }
-
-    return null;
-  }
-
-  /**
-   * get the latest doc state vector with all update applied.
-   */
-  async getDocState(
-    workspaceId: string,
-    guid: string
-  ): Promise<BinaryResponse | null> {
-    const snapshot = await this.getSnapshot(workspaceId, guid);
-    const updates = await this.getUpdates(workspaceId, guid);
-
-    if (updates.length) {
-      const { doc, timestamp } = await this.squash(snapshot, updates);
-      return {
-        binary: Buffer.from(encodeStateVector(doc)),
-        timestamp,
-      };
-    }
-
-    return snapshot?.state
-      ? {
-          binary: snapshot.state,
-          timestamp: snapshot.updatedAt.getTime(),
-        }
-      : null;
-  }
-
-  /**
-   * get the snapshot of the doc we've seen.
-   */
-  async getSnapshot(workspaceId: string, guid: string) {
-    return this.db.snapshot.findUnique({
-      where: {
-        id_workspaceId: {
-          workspaceId,
-          id: guid,
-        },
-      },
-    });
-  }
-
-  /**
-   * get pending updates
-   */
-  async getUpdates(workspaceId: string, guid: string) {
-    const updates = await this.db.update.findMany({
-      where: {
-        workspaceId,
-        id: guid,
-      },
-      // take it ease, we don't want to overload db and or cpu
-      // if we limit the taken number here,
-      // user will never see the latest doc if there are too many updates pending to be merged.
-      take: this.config.doc.manager.maxUpdatesPullCount,
-    });
-
-    // perf(memory): avoid sorting in db
-    return updates.sort((a, b) => (a.createdAt < b.createdAt ? -1 : 1));
-  }
-
-  /**
-   * apply pending updates to snapshot
-   */
-  private async autoSquash() {
-    // find the first update and batch process updates with same id
-    const candidate = await this.getAutoSquashCandidate();
-
-    // no pending updates
-    if (!candidate) {
-      return;
-    }
-
-    const { id, workspaceId } = candidate;
-
-    await this.lockUpdatesForAutoSquash(workspaceId, id, async () => {
-      try {
-        await this._get(workspaceId, id);
-      } catch (e) {
-        this.logger.error(
-          `Failed to apply updates for workspace: ${workspaceId}, guid: ${id}`
-        );
-        this.logger.error(e);
-      }
-    });
-  }
-
-  private async getAutoSquashCandidate() {
-    const cache = await this.getAutoSquashCandidateFromCache();
-
-    if (cache) {
-      return cache;
-    }
-
-    return this.db.update.findFirst({
-      select: {
-        id: true,
-        workspaceId: true,
-      },
-    });
-  }
-
-  /**
-   * @returns whether the snapshot is updated to the latest, `undefined` means the doc to be upserted is outdated.
-   */
-  @CallTimer('doc', 'upsert')
-  private async upsert(
-    workspaceId: string,
-    guid: string,
-    doc: Doc,
-    // we always delay the snapshot update to avoid db overload,
-    // so the value of auto updated `updatedAt` by db will never be accurate to user's real action time
-    updatedAt: Date,
-    seq: number
-  ) {
-    const blob = Buffer.from(encodeStateAsUpdate(doc));
-
-    if (isEmptyBuffer(blob)) {
-      return undefined;
-    }
-
-    const state = Buffer.from(encodeStateVector(doc));
-
-    // CONCERNS:
-    //   i. Because we save the real user's last seen action time as `updatedAt`,
-    //      it's possible to simply compare the `updatedAt` to determine if the snapshot is older than the one we are going to save.
-    //
-    //  ii. Prisma doesn't support `upsert` with additional `where` condition along side unique constraint.
-    //      In our case, we need to manually check the `updatedAt` to avoid overriding the newer snapshot.
-    //      where: { id_workspaceId: {}, updatedAt: { lt: updatedAt } }
-    //                                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-    //
-    // iii. Only set the seq number when creating the snapshot.
-    //      For updating scenario, the seq number will be updated when updates pushed to db.
-    try {
-      const result: { updatedAt: Date }[] = await this.db.$queryRaw`
-        INSERT INTO "snapshots" ("workspace_id", "guid", "blob", "state", "seq", "created_at", "updated_at")
-        VALUES (${workspaceId}, ${guid}, ${blob}, ${state}, ${seq}, DEFAULT, ${updatedAt})
-        ON CONFLICT ("workspace_id", "guid")
-        DO UPDATE SET "blob" = ${blob}, "state" = ${state}, "updated_at" = ${updatedAt}, "seq" = ${seq}
-        WHERE "snapshots"."workspace_id" = ${workspaceId} AND "snapshots"."guid" = ${guid} AND "snapshots"."updated_at" <= ${updatedAt}
-        RETURNING "snapshots"."workspace_id" as "workspaceId", "snapshots"."guid" as "id", "snapshots"."updated_at" as "updatedAt"
-      `;
-
-      // const result = await this.db.snapshot.upsert({
-      //   select: {
-      //     updatedAt: true,
-      //     seq: true,
-      //   },
-      //   where: {
-      //     id_workspaceId: {
-      //       workspaceId,
-      //       id: guid,
-      //     },
-      //     ⬇️ NOT SUPPORTED BY PRISMA YET
-      //     updatedAt: {
-      //       lt: updatedAt,
-      //     },
-      //   },
-      //   update: {
-      //     blob,
-      //     state,
-      //     updatedAt,
-      //   },
-      //   create: {
-      //     workspaceId,
-      //     id: guid,
-      //     blob,
-      //     state,
-      //     updatedAt,
-      //     seq,
-      //   },
-      // });
-
-      // if the condition `snapshot.updatedAt > updatedAt` is true, by which means the snapshot has already been updated by other process,
-      // the updates has been applied to current `doc` must have been seen by the other process as well.
-      // The `updatedSnapshot` will be `undefined` in this case.
-      const updatedSnapshot = result.at(0);
-
-      if (!updatedSnapshot) {
-        return undefined;
-      }
-
-      return true;
-    } catch (e) {
-      this.logger.error('Failed to upsert snapshot', e);
-      return false;
-    }
-  }
-
-  private async _get(
-    workspaceId: string,
-    guid: string
-  ): Promise<DocResponse | BinaryResponse | null> {
-    const snapshot = await this.getSnapshot(workspaceId, guid);
-    const updates = await this.getUpdates(workspaceId, guid);
-
-    if (updates.length) {
-      return this.squash(snapshot, updates);
-    }
-
-    return snapshot
-      ? { binary: snapshot.blob, timestamp: snapshot.updatedAt.getTime() }
-      : null;
-  }
-
-  /**
-   * Squash updates into a single update and save it as snapshot,
-   * and delete the updates records at the same time.
-   */
-  @CallTimer('doc', 'squash')
-  private async squash(
-    snapshot: Snapshot | null,
-    updates: Update[]
-  ): Promise<DocResponse> {
-    if (!updates.length) {
-      throw new Error('No updates to squash');
-    }
-
-    const last = updates[updates.length - 1];
-    const { id, workspaceId } = last;
-
-    const doc = await this.applyUpdates(
-      id,
-      snapshot ? snapshot.blob : Buffer.from([0, 0]),
-      ...updates.map(u => u.blob)
-    );
-
-    const done = await this.upsert(
-      workspaceId,
-      id,
-      doc,
-      last.createdAt,
-      last.seq
-    );
-
-    if (done) {
-      if (snapshot) {
-        this.event.emit('snapshot.updated', {
-          id,
-          workspaceId,
-          previous: {
-            blob: snapshot.blob,
-            state: snapshot.state,
-            updatedAt: snapshot.updatedAt,
-          },
-        });
-      }
-
-      this.logger.debug(
-        `Squashed ${updates.length} updates for ${id} in workspace ${workspaceId}`
-      );
-    }
-
-    // we will keep the updates only if the upsert failed on unknown reason
-    // `done === undefined` means the updates is outdated(have already been merged by other process), safe to be deleted
-    // `done === true` means the upsert is successful, safe to be deleted
-    if (done !== false) {
-      // always delete updates
-      // the upsert will return false if the state is not newer, so we don't need to worry about it
-      const { count } = await this.db.update.deleteMany({
-        where: {
-          id,
-          workspaceId,
-          seq: {
-            in: updates.map(u => u.seq),
-          },
-        },
-      });
-
-      await this.updateCachedUpdatesCount(workspaceId, id, -count);
-    }
-
-    return { doc, timestamp: last.createdAt.getTime() };
-  }
-
-  private async getUpdateSeq(workspaceId: string, guid: string, batch = 1) {
-    try {
-      const { seq } = await this.db.snapshot.update({
-        select: {
-          seq: true,
-        },
-        where: {
-          id_workspaceId: {
-            workspaceId,
-            id: guid,
-          },
-        },
-        data: {
-          seq: {
-            increment: batch,
-          },
-        },
-      });
-
-      // reset
-      if (seq >= MAX_SEQ_NUM) {
-        await this.db.snapshot.update({
-          select: {
-            seq: true,
-          },
-          where: {
-            id_workspaceId: {
-              workspaceId,
-              id: guid,
-            },
-          },
-          data: {
-            seq: 0,
-          },
-        });
-      }
-
-      return seq;
-    } catch {
-      // not existing snapshot just count it from 1
-      const last = this.seqMap.get(workspaceId + guid) ?? 0;
-      this.seqMap.set(workspaceId + guid, last + batch);
-      return last + batch;
-    }
-  }
-
-  private async updateCachedUpdatesCount(
-    workspaceId: string,
-    guid: string,
-    count: number
-  ) {
-    const result = await this.cache.mapIncrease(
-      UPDATES_QUEUE_CACHE_KEY,
-      `${workspaceId}::${guid}`,
-      count
-    );
-
-    if (result <= 0) {
-      await this.cache.mapDelete(
-        UPDATES_QUEUE_CACHE_KEY,
-        `${workspaceId}::${guid}`
-      );
-    }
-  }
-
-  private async getAutoSquashCandidateFromCache() {
-    const key = await this.cache.mapRandomKey(UPDATES_QUEUE_CACHE_KEY);
-
-    if (key) {
-      const cachedCount = await this.cache.mapIncrease(
-        UPDATES_QUEUE_CACHE_KEY,
-        key,
-        0
-      );
-
-      if (cachedCount > 0) {
-        const [workspaceId, id] = key.split('::');
-        const count = await this.db.update.count({
-          where: {
-            workspaceId,
-            id,
-          },
-        });
-
-        // FIXME(@forehalo): somehow the update count in cache is not accurate
-        if (count === 0) {
-          await this.cache.mapDelete(UPDATES_QUEUE_CACHE_KEY, key);
-
-          return null;
-        }
-        return { id, workspaceId };
-      }
-    }
-
-    return null;
-  }
-
-  private async doWithLock<T>(
-    lockScope: string,
-    lockResource: string,
-    job: () => Promise<T>
-  ) {
-    const lock = `lock:${lockScope}:${lockResource}`;
-    const acquired = await this.cache.setnx(lock, 1, {
-      ttl: 60 * 1000,
-    });
-    metrics.doc.counter('lock').add(1, { scope: lockScope });
-
-    if (!acquired) {
-      metrics.doc.counter('lock_failed').add(1, { scope: lockScope });
-      return;
-    }
-    metrics.doc.counter('lock_required').add(1, { scope: lockScope });
-
-    try {
-      return await job();
-    } finally {
-      await this.cache
-        .delete(lock)
-        .then(() => {
-          metrics.doc.counter('lock_released').add(1, { scope: lockScope });
-        })
-        .catch(e => {
-          metrics.doc
-            .counter('lock_release_failed')
-            .add(1, { scope: lockScope });
-          // safe, the lock will be expired when ttl ends
-          this.logger.error(`Failed to release lock ${lock}`, e);
-        });
-    }
-  }
-
-  private async lockUpdatesForAutoSquash<T>(
-    workspaceId: string,
-    guid: string,
-    job: () => Promise<T>
-  ) {
-    return this.doWithLock(
-      'doc:manager:updates',
-      `${workspaceId}::${guid}`,
-      job
-    );
-  }
-
-  @Cron(CronExpression.EVERY_MINUTE)
-  async reportUpdatesQueueCount() {
-    metrics.doc
-      .gauge('updates_queue_count')
-      .record(await this.db.update.count());
-  }
-}
--- a/packages/backend/server/src/core/doc/options.ts
+++ b/packages/backend/server/src/core/doc/options.ts
@@ -0,0 +1,130 @@
+import { Injectable, Logger } from '@nestjs/common';
+import { chunk } from 'lodash-es';
+import * as Y from 'yjs';
+
+import {
+  CallTimer,
+  Config,
+  mergeUpdatesInApplyWay as yotcoMergeUpdates,
+  metrics,
+} from '../../fundamentals';
+import { PermissionService } from '../permission';
+import { QuotaService } from '../quota';
+import { DocStorageOptions as IDocStorageOptions } from './storage';
+
+function compare(yBinary: Buffer, jwstBinary: Buffer, strict = false): boolean {
+  if (yBinary.equals(jwstBinary)) {
+    return true;
+  }
+
+  if (strict) {
+    return false;
+  }
+
+  const doc = new Y.Doc();
+  Y.applyUpdate(doc, jwstBinary);
+
+  const yBinary2 = Buffer.from(Y.encodeStateAsUpdate(doc));
+
+  return compare(yBinary, yBinary2, true);
+}
+
+@Injectable()
+export class DocStorageOptions implements IDocStorageOptions {
+  private readonly logger = new Logger('DocStorageOptions');
+
+  constructor(
+    private readonly config: Config,
+    private readonly permission: PermissionService,
+    private readonly quota: QuotaService
+  ) {}
+
+  mergeUpdates = async (updates: Uint8Array[]) => {
+    const useYocto = await this.config.runtime.fetch(
+      'doc/experimentalMergeWithYOcto'
+    );
+
+    if (useYocto) {
+      const doc = await this.recoverDoc(updates);
+
+      metrics.jwst.counter('codec_merge_counter').add(1);
+      const yjsResult = Buffer.from(Y.encodeStateAsUpdate(doc));
+      let log = false;
+      try {
+        const yocto = yotcoMergeUpdates(updates.map(Buffer.from));
+        if (!compare(yjsResult, yocto)) {
+          metrics.jwst.counter('codec_not_match').add(1);
+          this.logger.warn(`yocto codec result doesn't match yjs codec result`);
+          log = true;
+          if (this.config.node.dev) {
+            this.logger.warn(`Expected:\n  ${yjsResult.toString('hex')}`);
+            this.logger.warn(`Result:\n  ${yocto.toString('hex')}`);
+          }
+        }
+      } catch (e) {
+        metrics.jwst.counter('codec_fails_counter').add(1);
+        this.logger.warn(`jwst apply update failed: ${e}`);
+        log = true;
+      }
+
+      if (log && this.config.node.dev) {
+        this.logger.warn(
+          `Updates: ${updates.map(u => Buffer.from(u).toString('hex')).join('\n')}`
+        );
+      }
+
+      return yjsResult;
+    } else {
+      return this.simpleMergeUpdates(updates);
+    }
+  };
+
+  historyMaxAge = async (spaceId: string) => {
+    const owner = await this.permission.getWorkspaceOwner(spaceId);
+    const quota = await this.quota.getUserQuota(owner.id);
+    return quota.feature.historyPeriod;
+  };
+
+  historyMinInterval = (_spaceId: string) => {
+    return this.config.doc.history.interval;
+  };
+
+  @CallTimer('doc', 'yjs_merge_updates')
+  private simpleMergeUpdates(updates: Uint8Array[]) {
+    return Y.mergeUpdates(updates);
+  }
+
+  @CallTimer('doc', 'yjs_recover_updates_to_doc')
+  private recoverDoc(updates: Uint8Array[]): Promise<Y.Doc> {
+    const doc = new Y.Doc();
+    const chunks = chunk(updates, 10);
+    let i = 0;
+
+    return new Promise(resolve => {
+      Y.transact(doc, () => {
+        const next = () => {
+          const updates = chunks.at(i++);
+
+          if (updates?.length) {
+            updates.forEach(u => {
+              try {
+                Y.applyUpdate(doc, u);
+              } catch (e) {
+                this.logger.error('Failed to apply update', e);
+              }
+            });
+
+            // avoid applying too many updates in single round which will take the whole cpu time like dead lock
+            setImmediate(() => {
+              next();
+            });
+          } else {
+            resolve(doc);
+          }
+        };
+
+        next();
+      });
+    });
+  }
+}
--- a/packages/backend/server/src/core/doc/storage/blob.ts
+++ b/packages/backend/server/src/core/doc/storage/blob.ts
@@ -0,0 +1,16 @@
+import { Connection } from './connection';
+
+export interface BlobStorageOptions {}
+
+export interface Blob {
+  key: string;
+  bin: Uint8Array;
+  mimeType: string;
+}
+
+export abstract class BlobStorageAdapter extends Connection {
+  abstract getBlob(spaceId: string, key: string): Promise<Blob | null>;
+  abstract setBlob(spaceId: string, blob: Blob): Promise<string>;
+  abstract deleteBlob(spaceId: string, key: string): Promise<boolean>;
+  abstract listBlobs(spaceId: string): Promise<Blob>;
+}
--- a/packages/backend/server/src/core/doc/storage/connection.ts
+++ b/packages/backend/server/src/core/doc/storage/connection.ts
@@ -0,0 +1,11 @@
+export class Connection {
+  protected connected: boolean = false;
+  connect(): Promise<void> {
+    this.connected = true;
+    return Promise.resolve();
+  }
+  disconnect(): Promise<void> {
+    this.connected = false;
+    return Promise.resolve();
+  }
+}
--- a/packages/backend/server/src/core/doc/storage/doc.ts
+++ b/packages/backend/server/src/core/doc/storage/doc.ts
@@ -0,0 +1,205 @@
+import {
+  applyUpdate,
+  Doc,
+  encodeStateAsUpdate,
+  encodeStateVector,
+  mergeUpdates,
+  UndoManager,
+} from 'yjs';
+
+import { CallTimer } from '../../../fundamentals';
+import { Connection } from './connection';
+import { SingletonLocker } from './lock';
+
+export interface DocRecord {
+  spaceId: string;
+  docId: string;
+  bin: Uint8Array;
+  timestamp: number;
+}
+
+export interface DocUpdate {
+  bin: Uint8Array;
+  timestamp: number;
+}
+
+export interface HistoryFilter {
+  before?: number;
+  limit?: number;
+}
+
+export interface DocStorageOptions {
+  mergeUpdates?: (updates: Uint8Array[]) => Promise<Uint8Array> | Uint8Array;
+}
+
+export abstract class DocStorageAdapter extends Connection {
+  private readonly locker = new SingletonLocker();
+
+  constructor(
+    protected readonly options: DocStorageOptions = {
+      mergeUpdates,
+    }
+  ) {
+    super();
+  }
+
+  // open apis
+  isEmptyBin(bin: Uint8Array): boolean {
+    return (
+      bin.length === 0 ||
+      // 0x0 for state vector
+      (bin.length === 1 && bin[0] === 0) ||
+      // 0x00 for update
+      (bin.length === 2 && bin[0] === 0 && bin[1] === 0)
+    );
+  }
+
+  async getDoc(spaceId: string, docId: string): Promise<DocRecord | null> {
+    await using _lock = await this.lockDocForUpdate(spaceId, docId);
+
+    const snapshot = await this.getDocSnapshot(spaceId, docId);
+    const updates = await this.getDocUpdates(spaceId, docId);
+
+    if (updates.length) {
+      const { timestamp, bin } = await this.squash(
+        snapshot ? [snapshot, ...updates] : updates
+      );
+
+      const newSnapshot = {
+        spaceId: spaceId,
+        docId,
+        bin,
+        timestamp,
+      };
+
+      const success = await this.setDocSnapshot(newSnapshot);
+
+      // if there is old snapshot, create a new history record
+      if (success && snapshot) {
+        await this.createDocHistory(snapshot);
+      }
+
+      // always mark updates as merged unless throws
+      await this.markUpdatesMerged(spaceId, docId, updates);
+
+      return newSnapshot;
+    }
+
+    return snapshot;
+  }
+
+  abstract pushDocUpdates(
+    spaceId: string,
+    docId: string,
+    updates: Uint8Array[]
+  ): Promise<number>;
+
+  abstract deleteDoc(spaceId: string, docId: string): Promise<void>;
+  abstract deleteSpace(spaceId: string): Promise<void>;
+  async rollbackDoc(
+    spaceId: string,
+    docId: string,
+    timestamp: number
+  ): Promise<void> {
+    await using _lock = await this.lockDocForUpdate(spaceId, docId);
+    const toSnapshot = await this.getDocHistory(spaceId, docId, timestamp);
+    if (!toSnapshot) {
+      throw new Error('Can not find the version to rollback to.');
+    }
+
+    const fromSnapshot = await this.getDocSnapshot(spaceId, docId);
+
+    if (!fromSnapshot) {
+      throw new Error('Can not find the current version of the doc.');
+    }
+
+    const change = this.generateChangeUpdate(fromSnapshot.bin, toSnapshot.bin);
+    await this.pushDocUpdates(spaceId, docId, [change]);
+    // force create a new history record after rollback
+    await this.createDocHistory(fromSnapshot, true);
+  }
+
+  abstract getSpaceDocTimestamps(
+    spaceId: string,
+    after?: number
+  ): Promise<Record<string, number> | null>;
+  abstract listDocHistories(
+    spaceId: string,
+    docId: string,
+    query: { skip?: number; limit?: number }
+  ): Promise<number[]>;
+  abstract getDocHistory(
+    spaceId: string,
+    docId: string,
+    timestamp: number
+  ): Promise<DocRecord | null>;
+
+  // api for internal usage
+  protected abstract getDocSnapshot(
+    spaceId: string,
+    docId: string
+  ): Promise<DocRecord | null>;
+  protected abstract setDocSnapshot(snapshot: DocRecord): Promise<boolean>;
+  protected abstract getDocUpdates(
+    spaceId: string,
+    docId: string
+  ): Promise<DocUpdate[]>;
+  protected abstract markUpdatesMerged(
+    spaceId: string,
+    docId: string,
+    updates: DocUpdate[]
+  ): Promise<number>;
+
+  protected abstract createDocHistory(
+    snapshot: DocRecord,
+    force?: boolean
+  ): Promise<boolean>;
+
+  @CallTimer('doc', 'squash')
+  protected async squash(updates: DocUpdate[]): Promise<DocUpdate> {
+    const merge = this.options?.mergeUpdates ?? mergeUpdates;
+    const lastUpdate = updates.at(-1);
+    if (!lastUpdate) {
+      throw new Error('No updates to be squashed.');
+    }
+
+    // fast return
+    if (updates.length === 1) {
+      return lastUpdate;
+    }
+
+    const finalUpdate = await merge(updates.map(u => u.bin));
+
+    return {
+      bin: finalUpdate,
+      timestamp: lastUpdate.timestamp,
+    };
+  }
+
+  protected async lockDocForUpdate(
+    spaceId: string,
+    docId: string
+  ): Promise<AsyncDisposable> {
+    return this.locker.lock(`workspace:${spaceId}:update`, docId);
+  }
+
+  protected generateChangeUpdate(newerBin: Uint8Array, olderBin: Uint8Array) {
+    const newerDoc = new Doc();
+    applyUpdate(newerDoc, newerBin);
+    const olderDoc = new Doc();
+    applyUpdate(olderDoc, olderBin);
+
+    const newerState = encodeStateVector(newerDoc);
+    const olderState = encodeStateVector(olderDoc);
+
+    const diff = encodeStateAsUpdate(newerDoc, olderState);
+
+    const undoManager = new UndoManager(Array.from(newerDoc.share.values()));
+
+    applyUpdate(olderDoc, diff);
+
+    undoManager.undo();
+
+    return encodeStateAsUpdate(olderDoc, newerState);
+  }
+}
--- a/packages/backend/server/src/core/doc/storage/index.ts
+++ b/packages/backend/server/src/core/doc/storage/index.ts
@@ -0,0 +1,32 @@
+// TODO(@forehalo): share with frontend
+import type { BlobStorageAdapter } from './blob';
+import { Connection } from './connection';
+import type { DocStorageAdapter } from './doc';
+
+export class SpaceStorage extends Connection {
+  constructor(
+    public readonly doc: DocStorageAdapter,
+    public readonly blob: BlobStorageAdapter
+  ) {
+    super();
+  }
+
+  override async connect() {
+    await this.doc.connect();
+    await this.blob.connect();
+  }
+
+  override async disconnect() {
+    await this.doc.disconnect();
+    await this.blob.disconnect();
+  }
+}
+
+export { BlobStorageAdapter, type BlobStorageOptions } from './blob';
+export {
+  type DocRecord,
+  DocStorageAdapter,
+  type DocStorageOptions,
+  type DocUpdate,
+  type HistoryFilter,
+} from './doc';
--- a/packages/backend/server/src/core/doc/storage/lock.ts
+++ b/packages/backend/server/src/core/doc/storage/lock.ts
@@ -0,0 +1,42 @@
+export interface Locker {
+  lock(domain: string, resource: string): Promise<Lock>;
+}
+
+export class SingletonLocker implements Locker {
+  lockedResource = new Map<string, Lock>();
+  constructor() {}
+
+  async lock(domain: string, resource: string) {
+    let lock = this.lockedResource.get(`${domain}:${resource}`);
+
+    if (!lock) {
+      lock = new Lock();
+    }
+
+    await lock.acquire();
+
+    return lock;
+  }
+}
+
+export class Lock {
+  private inner: Promise<void> = Promise.resolve();
+  private release: () => void = () => {};
+
+  async acquire() {
+    // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
+    let release: () => void = null!;
+    const nextLock = new Promise<void>(resolve => {
+      release = resolve;
+    });
+
+    await this.inner;
+    this.inner = nextLock;
+    this.release = release;
+  }
+
+  [Symbol.asyncDispose]() {
+    this.release();
+    return Promise.resolve();
+  }
+}
--- a/packages/backend/server/src/core/features/index.ts
+++ b/packages/backend/server/src/core/features/index.ts
@@ -2,7 +2,10 @@ import { Module } from '@nestjs/common';

 import { UserModule } from '../user';
 import { EarlyAccessType, FeatureManagementService } from './management';
-import { FeatureManagementResolver } from './resolver';
+import {
+  AdminFeatureManagementResolver,
+  FeatureManagementResolver,
+} from './resolver';
 import { FeatureService } from './service';

 /**
@@ -17,6 +20,7 @@ import { FeatureService } from './service';
    FeatureService,
    FeatureManagementService,
    FeatureManagementResolver,
+    AdminFeatureManagementResolver,
  ],
  exports: [FeatureService, FeatureManagementService],
 })
--- a/packages/backend/server/src/core/features/resolver.ts
+++ b/packages/backend/server/src/core/features/resolver.ts
@@ -1,21 +1,18 @@
 import {
  Args,
-  Context,
-  Int,
  Mutation,
  Parent,
-  Query,
  registerEnumType,
  ResolveField,
  Resolver,
 } from '@nestjs/graphql';
+import { difference } from 'lodash-es';

-import { UserNotFound } from '../../fundamentals';
-import { sessionUser } from '../auth/service';
+import { Config } from '../../fundamentals';
 import { Admin } from '../common';
-import { UserService } from '../user/service';
 import { UserType } from '../user/types';
 import { EarlyAccessType, FeatureManagementService } from './management';
+import { FeatureService } from './service';
 import { FeatureType } from './types';

 registerEnumType(EarlyAccessType, {
@@ -24,10 +21,7 @@ registerEnumType(EarlyAccessType, {

@Resolver(() => UserType)
 export class FeatureManagementResolver {
-  constructor(
-    private readonly users: UserService,
-    private readonly feature: FeatureManagementService
-  ) {}
+  constructor(private readonly feature: FeatureManagementService) {}

  @ResolveField(() => [FeatureType], {
    name: 'features',
@@ -36,58 +30,48 @@ export class FeatureManagementResolver {
  async userFeatures(@Parent() user: UserType) {
    return this.feature.getActivatedUserFeatures(user.id);
  }
+}

-  @Admin()
-  @Mutation(() => Int)
-  async addToEarlyAccess(
-    @Args('email') email: string,
-    @Args({ name: 'type', type: () => EarlyAccessType }) type: EarlyAccessType
-  ): Promise<number> {
-    const user = await this.users.findUserByEmail(email);
-    if (user) {
-      return this.feature.addEarlyAccess(user.id, type);
-    } else {
-      const user = await this.users.createUser({
-        email,
-        registered: false,
-      });
-      return this.feature.addEarlyAccess(user.id, type);
-    }
-  }
+export class AvailableUserFeatureConfig {
+  constructor(private readonly config: Config) {}

-  @Admin()
-  @Mutation(() => Int)
-  async removeEarlyAccess(@Args('email') email: string): Promise<number> {
-    const user = await this.users.findUserByEmail(email);
-    if (!user) {
-      throw new UserNotFound();
-    }
-    return this.feature.removeEarlyAccess(user.id);
-  }
-
-  @Admin()
-  @Query(() => [UserType])
-  async earlyAccessUsers(
-    @Context() ctx: { isAdminQuery: boolean }
-  ): Promise<UserType[]> {
-    // allow query other user's subscription
-    ctx.isAdminQuery = true;
-    return this.feature.listEarlyAccess().then(users => {
-      return users.map(sessionUser);
-    });
-  }
-
-  @Admin()
-  @Mutation(() => Boolean)
-  async addAdminister(@Args('email') email: string): Promise<boolean> {
-    const user = await this.users.findUserByEmail(email);
-
-    if (!user) {
-      throw new UserNotFound();
-    }
-
-    await this.feature.addAdmin(user.id);
-
-    return true;
+  async availableUserFeatures() {
+    return this.config.isSelfhosted
+      ? [FeatureType.Admin]
+      : [FeatureType.EarlyAccess, FeatureType.AIEarlyAccess, FeatureType.Admin];
+  }
+}
+
+@Admin()
+@Resolver(() => Boolean)
+export class AdminFeatureManagementResolver extends AvailableUserFeatureConfig {
+  constructor(
+    config: Config,
+    private readonly feature: FeatureService
+  ) {
+    super(config);
+  }
+
+  @Mutation(() => [FeatureType], {
+    description: 'update user enabled feature',
+  })
+  async updateUserFeatures(
+    @Args('id') id: string,
+    @Args({ name: 'features', type: () => [FeatureType] })
+    features: FeatureType[]
+  ) {
+    const configurableFeatures = await this.availableUserFeatures();
+
+    const removed = difference(configurableFeatures, features);
+    await Promise.all(
+      features.map(feature =>
+        this.feature.addUserFeature(id, feature, 'admin panel')
+      )
+    );
+    await Promise.all(
+      removed.map(feature => this.feature.removeUserFeature(id, feature))
+    );
+
+    return features;
  }
 }
--- a/packages/backend/server/src/core/features/service.ts
+++ b/packages/backend/server/src/core/features/service.ts
@@ -1,6 +1,7 @@
 import { Injectable } from '@nestjs/common';
 import { PrismaClient } from '@prisma/client';

+import { CannotDeleteAllAdminAccount } from '../../fundamentals';
 import { WorkspaceType } from '../workspaces/types';
 import { FeatureConfigType, getFeature } from './feature';
 import { FeatureKind, FeatureType } from './types';
@@ -81,6 +82,9 @@ export class FeatureService {
  }

  async removeUserFeature(userId: string, feature: FeatureType) {
+    if (feature === FeatureType.Admin) {
+      await this.ensureNotLastAdmin(userId);
+    }
    return this.prisma.userFeature
      .updateMany({
        where: {
@@ -98,6 +102,20 @@ export class FeatureService {
      .then(r => r.count);
  }

+  async ensureNotLastAdmin(userId: string) {
+    const count = await this.prisma.userFeature.count({
+      where: {
+        userId: { not: userId },
+        feature: { feature: FeatureType.Admin, type: FeatureKind.Feature },
+        activated: true,
+      },
+    });
+
+    if (count === 0) {
+      throw new CannotDeleteAllAdminAccount();
+    }
+  }
+
  /**
   * get user's features, will included inactivated features
   * @param userId user id
--- a/packages/backend/server/src/core/permission/index.ts
+++ b/packages/backend/server/src/core/permission/index.ts
@@ -0,0 +1,12 @@
+import { Module } from '@nestjs/common';
+
+import { PermissionService } from './service';
+
+@Module({
+  providers: [PermissionService],
+  exports: [PermissionService],
+})
+export class PermissionModule {}
+
+export { PermissionService } from './service';
+export { Permission, PublicPageMode } from './types';
--- a/packages/backend/server/src/core/workspaces/permission.ts
+++ b/packages/backend/server/src/core/workspaces/permission.ts
@@ -2,13 +2,12 @@ import { Injectable } from '@nestjs/common';
 import type { Prisma } from '@prisma/client';
 import { PrismaClient } from '@prisma/client';

-import { DocAccessDenied, WorkspaceAccessDenied } from '../../fundamentals';
-import { Permission } from './types';
-
-export enum PublicPageMode {
-  Page,
-  Edgeless,
-}
+import {
+  DocAccessDenied,
+  SpaceAccessDenied,
+  SpaceOwnerNotFound,
+} from '../../fundamentals';
+import { Permission, PublicPageMode } from './types';

@Injectable()
 export class PermissionService {
@@ -59,7 +58,7 @@ export class PermissionService {
  }

  async getWorkspaceOwner(workspaceId: string) {
-    return this.prisma.workspaceUserPermission.findFirstOrThrow({
+    const owner = await this.prisma.workspaceUserPermission.findFirst({
      where: {
        workspaceId,
        type: Permission.Owner,
@@ -68,6 +67,12 @@ export class PermissionService {
        user: true,
      },
    });
+
+    if (!owner) {
+      throw new SpaceOwnerNotFound({ spaceId: workspaceId });
+    }
+
+    return owner.user;
  }

  async tryGetWorkspaceOwner(workspaceId: string) {
@@ -152,7 +157,7 @@ export class PermissionService {
    permission: Permission = Permission.Read
  ) {
    if (!(await this.tryCheckWorkspace(ws, user, permission))) {
-      throw new WorkspaceAccessDenied({ workspaceId: ws });
+      throw new SpaceAccessDenied({ spaceId: ws });
    }
  }

@@ -195,6 +200,17 @@ export class PermissionService {
    return false;
  }

+  async allowUrlPreview(ws: string) {
+    const count = await this.prisma.workspace.count({
+      where: {
+        id: ws,
+        public: true,
+      },
+    });
+
+    return count > 0;
+  }
+
  async grant(
    ws: string,
    user: string,
@@ -324,7 +340,7 @@ export class PermissionService {
    permission = Permission.Read
  ) {
    if (!(await this.tryCheckPage(ws, page, user, permission))) {
-      throw new DocAccessDenied({ workspaceId: ws, docId: page });
+      throw new DocAccessDenied({ spaceId: ws, docId: page });
    }
  }

--- a/packages/backend/server/src/core/permission/types.ts
+++ b/packages/backend/server/src/core/permission/types.ts
@@ -0,0 +1,11 @@
+export enum Permission {
+  Read = 0,
+  Write = 1,
+  Admin = 10,
+  Owner = 99,
+}
+
+export enum PublicPageMode {
+  Page,
+  Edgeless,
+}
--- a/packages/backend/server/src/core/quota/index.ts
+++ b/packages/backend/server/src/core/quota/index.ts
@@ -1,8 +1,8 @@
 import { Module } from '@nestjs/common';

 import { FeatureModule } from '../features';
+import { PermissionModule } from '../permission';
 import { StorageModule } from '../storage';
-import { PermissionService } from '../workspaces/permission';
 import { QuotaManagementResolver } from './resolver';
 import { QuotaService } from './service';
 import { QuotaManagementService } from './storage';
@@ -14,13 +14,8 @@ import { QuotaManagementService } from './storage';
 * - quota statistics
 */
@Module({
-  imports: [FeatureModule, StorageModule],
-  providers: [
-    PermissionService,
-    QuotaService,
-    QuotaManagementResolver,
-    QuotaManagementService,
-  ],
+  imports: [FeatureModule, StorageModule, PermissionModule],
+  providers: [QuotaService, QuotaManagementResolver, QuotaManagementService],
  exports: [QuotaService, QuotaManagementService],
 })
 export class QuotaModule {}
--- a/packages/backend/server/src/core/quota/quota.ts
+++ b/packages/backend/server/src/core/quota/quota.ts
@@ -71,10 +71,6 @@ export class QuotaConfig {
    return this.config.configs.historyPeriod;
  }

-  get historyPeriodFromNow() {
-    return new Date(Date.now() + this.historyPeriod);
-  }
-
  get memberLimit() {
    return this.config.configs.memberLimit;
  }
--- a/packages/backend/server/src/core/quota/service.ts
+++ b/packages/backend/server/src/core/quota/service.ts
@@ -69,7 +69,7 @@ export class QuotaService {
            ...quota,
            feature: await QuotaConfig.get(this.prisma, quota.featureId),
          };
-        } catch (_) {}
+        } catch {}
        return null as unknown as typeof quota & {
          feature: QuotaConfig;
        };
--- a/packages/backend/server/src/core/quota/storage.ts
+++ b/packages/backend/server/src/core/quota/storage.ts
@@ -1,9 +1,8 @@
 import { Injectable, Logger } from '@nestjs/common';

-import { WorkspaceOwnerNotFound } from '../../fundamentals';
 import { FeatureService, FeatureType } from '../features';
+import { PermissionService } from '../permission';
 import { WorkspaceBlobStorage } from '../storage';
-import { PermissionService } from '../workspaces/permission';
 import { OneGB } from './constant';
 import { QuotaService } from './service';
 import { formatSize, QuotaQueryType } from './types';
@@ -113,9 +112,7 @@ export class QuotaManagementService {
  // get workspace's owner quota and total size of used
  // quota was apply to owner's account
  async getWorkspaceUsage(workspaceId: string): Promise<QuotaBusinessType> {
-    const { user: owner } =
-      await this.permissions.getWorkspaceOwner(workspaceId);
-    if (!owner) throw new WorkspaceOwnerNotFound({ workspaceId });
+    const owner = await this.permissions.getWorkspaceOwner(workspaceId);
    const {
      feature: {
        name,
--- a/packages/backend/server/src/core/selfhost/controller.ts
+++ b/packages/backend/server/src/core/selfhost/controller.ts
@@ -1,15 +1,15 @@
 import { Body, Controller, Post, Req, Res } from '@nestjs/common';
-import { PrismaClient } from '@prisma/client';
 import type { Request, Response } from 'express';

 import {
  ActionForbidden,
  EventEmitter,
  InternalServerError,
-  MutexService,
+  Mutex,
  PasswordRequired,
 } from '../../fundamentals';
 import { AuthService, Public } from '../auth';
+import { ServerService } from '../config';
 import { UserService } from '../user/service';

 interface CreateUserInput {
@@ -20,11 +20,11 @@ interface CreateUserInput {
@Controller('/api/setup')
 export class CustomSetupController {
  constructor(
-    private readonly db: PrismaClient,
    private readonly user: UserService,
    private readonly auth: AuthService,
    private readonly event: EventEmitter,
-    private readonly mutex: MutexService
+    private readonly mutex: Mutex,
+    private readonly server: ServerService
  ) {}

  @Public()
@@ -44,7 +44,7 @@ export class CustomSetupController {
      throw new InternalServerError();
    }

-    if ((await this.db.user.count()) > 0) {
+    if (await this.server.initialized()) {
      throw new ActionForbidden('First user already created');
    }

--- a/packages/backend/server/src/core/selfhost/index.ts
+++ b/packages/backend/server/src/core/selfhost/index.ts
@@ -0,0 +1,104 @@
+import { join } from 'node:path';
+
+import {
+  Injectable,
+  Module,
+  NestMiddleware,
+  OnModuleInit,
+} from '@nestjs/common';
+import { HttpAdapterHost } from '@nestjs/core';
+import type { Application, Request, Response } from 'express';
+import { static as serveStatic } from 'express';
+
+import { Config } from '../../fundamentals';
+import { AuthModule } from '../auth';
+import { ServerConfigModule, ServerService } from '../config';
+import { UserModule } from '../user';
+import { CustomSetupController } from './controller';
+
+@Injectable()
+export class SetupMiddleware implements NestMiddleware {
+  constructor(private readonly server: ServerService) {}
+
+  use = (req: Request, res: Response, next: (error?: Error | any) => void) => {
+    // never throw
+    // eslint-disable-next-line @typescript-eslint/no-floating-promises
+    this.server
+      .initialized()
+      .then(initialized => {
+        // Redirect to setup page if not initialized
+        if (!initialized && req.path !== '/admin/setup') {
+          res.redirect('/admin/setup');
+          return;
+        }
+
+        // redirect to admin page if initialized
+        if (initialized && req.path === '/admin/setup') {
+          res.redirect('/admin');
+          return;
+        }
+
+        next();
+      })
+      .catch(() => {
+        next();
+      });
+  };
+}
+
+@Module({
+  imports: [AuthModule, UserModule, ServerConfigModule],
+  providers: [SetupMiddleware],
+  controllers: [CustomSetupController],
+})
+export class SelfhostModule implements OnModuleInit {
+  constructor(
+    private readonly config: Config,
+    private readonly adapterHost: HttpAdapterHost,
+    private readonly check: SetupMiddleware
+  ) {}
+
+  onModuleInit() {
+    const staticPath = join(this.config.projectRoot, 'static');
+    // in command line mode
+    if (!this.adapterHost.httpAdapter) {
+      return;
+    }
+
+    const app = this.adapterHost.httpAdapter.getInstance<Application>();
+    const basePath = this.config.server.path;
+
+    app.get(basePath + '/admin/index.html', (_req, res) => {
+      res.redirect(basePath + '/admin');
+    });
+    app.use(
+      basePath + '/admin',
+      serveStatic(join(staticPath, 'admin'), {
+        redirect: false,
+        index: false,
+      })
+    );
+
+    app.get(
+      [basePath + '/admin', basePath + '/admin/*'],
+      this.check.use,
+      (_req, res) => {
+        res.sendFile(join(staticPath, 'admin', 'index.html'));
+      }
+    );
+
+    app.get(basePath + '/index.html', (_req, res) => {
+      res.redirect(basePath);
+    });
+    app.use(
+      basePath,
+      serveStatic(staticPath, {
+        redirect: false,
+        index: false,
+      })
+    );
+    app.get('*', this.check.use, (_req, res) => {
+      res.sendFile(join(staticPath, 'index.html'));
+    });
+  }
+}
--- a/packages/backend/server/src/core/setup/index.ts
+++ b/packages/backend/server/src/core/setup/index.ts
@@ -1,11 +0,0 @@
-import { Module } from '@nestjs/common';
-
-import { AuthModule } from '../auth';
-import { UserModule } from '../user';
-import { CustomSetupController } from './controller';
-
-@Module({
-  imports: [AuthModule, UserModule],
-  controllers: [CustomSetupController],
-})
-export class CustomSetupModule {}
--- a/packages/backend/server/src/core/sync/events/events.gateway.ts
+++ b/packages/backend/server/src/core/sync/events/events.gateway.ts
@@ -1,328 +0,0 @@
-import { applyDecorators, Logger } from '@nestjs/common';
-import {
-  ConnectedSocket,
-  MessageBody,
-  OnGatewayConnection,
-  OnGatewayDisconnect,
-  SubscribeMessage as RawSubscribeMessage,
-  WebSocketGateway,
-  WebSocketServer,
-} from '@nestjs/websockets';
-import { Server, Socket } from 'socket.io';
-import { encodeStateAsUpdate, encodeStateVector } from 'yjs';
-
-import {
-  CallTimer,
-  Config,
-  DocNotFound,
-  GatewayErrorWrapper,
-  metrics,
-  NotInWorkspace,
-  VersionRejected,
-  WorkspaceAccessDenied,
-} from '../../../fundamentals';
-import { Auth, CurrentUser } from '../../auth';
-import { DocManager } from '../../doc';
-import { DocID } from '../../utils/doc';
-import { PermissionService } from '../../workspaces/permission';
-import { Permission } from '../../workspaces/types';
-
-const SubscribeMessage = (event: string) =>
-  applyDecorators(
-    GatewayErrorWrapper(event),
-    CallTimer('socketio', 'event_duration', { event }),
-    RawSubscribeMessage(event)
-  );
-
-type EventResponse<Data = any> = Data extends never
-  ? {
-      data?: never;
-    }
-  : {
-      data: Data;
-    };
-
-function Sync(workspaceId: string): `${string}:sync` {
-  return `${workspaceId}:sync`;
-}
-
-function Awareness(workspaceId: string): `${string}:awareness` {
-  return `${workspaceId}:awareness`;
-}
-
-@WebSocketGateway()
-export class EventsGateway implements OnGatewayConnection, OnGatewayDisconnect {
-  protected logger = new Logger(EventsGateway.name);
-  private connectionCount = 0;
-
-  constructor(
-    private readonly config: Config,
-    private readonly docManager: DocManager,
-    private readonly permissions: PermissionService
-  ) {}
-
-  @WebSocketServer()
-  server!: Server;
-
-  handleConnection() {
-    this.connectionCount++;
-    metrics.socketio.gauge('realtime_connections').record(this.connectionCount);
-  }
-
-  handleDisconnect() {
-    this.connectionCount--;
-    metrics.socketio.gauge('realtime_connections').record(this.connectionCount);
-  }
-
-  async assertVersion(client: Socket, version?: string) {
-    const shouldCheckClientVersion = await this.config.runtime.fetch(
-      'flags/syncClientVersionCheck'
-    );
-    if (
-      // @todo(@darkskygit): remove this flag after 0.12 goes stable
-      shouldCheckClientVersion &&
-      version !== AFFiNE.version
-    ) {
-      client.emit('server-version-rejected', {
-        currentVersion: version,
-        requiredVersion: AFFiNE.version,
-        reason: `Client version${
-          version ? ` ${version}` : ''
-        } is outdated, please update to ${AFFiNE.version}`,
-      });
-
-      throw new VersionRejected({
-        version: version || 'unknown',
-        serverVersion: AFFiNE.version,
-      });
-    }
-  }
-
-  async joinWorkspace(
-    client: Socket,
-    room: `${string}:${'sync' | 'awareness'}`
-  ) {
-    await client.join(room);
-  }
-
-  async leaveWorkspace(
-    client: Socket,
-    room: `${string}:${'sync' | 'awareness'}`
-  ) {
-    await client.leave(room);
-  }
-
-  assertInWorkspace(client: Socket, room: `${string}:${'sync' | 'awareness'}`) {
-    if (!client.rooms.has(room)) {
-      throw new NotInWorkspace({ workspaceId: room.split(':')[0] });
-    }
-  }
-
-  async assertWorkspaceAccessible(
-    workspaceId: string,
-    userId: string,
-    permission: Permission = Permission.Read
-  ) {
-    if (
-      !(await this.permissions.isWorkspaceMember(
-        workspaceId,
-        userId,
-        permission
-      ))
-    ) {
-      throw new WorkspaceAccessDenied({ workspaceId });
-    }
-  }
-
-  @Auth()
-  @SubscribeMessage('client-handshake-sync')
-  async handleClientHandshakeSync(
-    @CurrentUser() user: CurrentUser,
-    @MessageBody('workspaceId') workspaceId: string,
-    @MessageBody('version') version: string | undefined,
-    @ConnectedSocket() client: Socket
-  ): Promise<EventResponse<{ clientId: string }>> {
-    await this.assertVersion(client, version);
-    await this.assertWorkspaceAccessible(
-      workspaceId,
-      user.id,
-      Permission.Write
-    );
-
-    await this.joinWorkspace(client, Sync(workspaceId));
-    return {
-      data: {
-        clientId: client.id,
-      },
-    };
-  }
-
-  @Auth()
-  @SubscribeMessage('client-handshake-awareness')
-  async handleClientHandshakeAwareness(
-    @CurrentUser() user: CurrentUser,
-    @MessageBody('workspaceId') workspaceId: string,
-    @MessageBody('version') version: string | undefined,
-    @ConnectedSocket() client: Socket
-  ): Promise<EventResponse<{ clientId: string }>> {
-    await this.assertVersion(client, version);
-    await this.assertWorkspaceAccessible(
-      workspaceId,
-      user.id,
-      Permission.Write
-    );
-
-    await this.joinWorkspace(client, Awareness(workspaceId));
-    return {
-      data: {
-        clientId: client.id,
-      },
-    };
-  }
-
-  @SubscribeMessage('client-leave-sync')
-  async handleLeaveSync(
-    @MessageBody() workspaceId: string,
-    @ConnectedSocket() client: Socket
-  ): Promise<EventResponse> {
-    this.assertInWorkspace(client, Sync(workspaceId));
-    await this.leaveWorkspace(client, Sync(workspaceId));
-    return {};
-  }
-
-  @SubscribeMessage('client-leave-awareness')
-  async handleLeaveAwareness(
-    @MessageBody() workspaceId: string,
-    @ConnectedSocket() client: Socket
-  ): Promise<EventResponse> {
-    this.assertInWorkspace(client, Awareness(workspaceId));
-    await this.leaveWorkspace(client, Awareness(workspaceId));
-    return {};
-  }
-
-  @SubscribeMessage('client-pre-sync')
-  async loadDocStats(
-    @ConnectedSocket() client: Socket,
-    @MessageBody()
-    { workspaceId, timestamp }: { workspaceId: string; timestamp?: number }
-  ): Promise<EventResponse<Record<string, number>>> {
-    this.assertInWorkspace(client, Sync(workspaceId));
-
-    const stats = await this.docManager.getDocTimestamps(
-      workspaceId,
-      timestamp
-    );
-
-    return {
-      data: stats,
-    };
-  }
-
-  @SubscribeMessage('client-update-v2')
-  async handleClientUpdateV2(
-    @MessageBody()
-    {
-      workspaceId,
-      guid,
-      updates,
-    }: {
-      workspaceId: string;
-      guid: string;
-      updates: string[];
-    },
-    @ConnectedSocket() client: Socket
-  ): Promise<EventResponse<{ accepted: true; timestamp?: number }>> {
-    this.assertInWorkspace(client, Sync(workspaceId));
-
-    const docId = new DocID(guid, workspaceId);
-    const buffers = updates.map(update => Buffer.from(update, 'base64'));
-    const timestamp = await this.docManager.batchPush(
-      docId.workspace,
-      docId.guid,
-      buffers
-    );
-
-    client
-      .to(Sync(workspaceId))
-      .emit('server-updates', { workspaceId, guid, updates, timestamp });
-
-    return {
-      data: {
-        accepted: true,
-        timestamp,
-      },
-    };
-  }
-
-  @SubscribeMessage('doc-load-v2')
-  async loadDocV2(
-    @ConnectedSocket() client: Socket,
-    @MessageBody()
-    {
-      workspaceId,
-      guid,
-      stateVector,
-    }: {
-      workspaceId: string;
-      guid: string;
-      stateVector?: string;
-    }
-  ): Promise<
-    EventResponse<{ missing: string; state?: string; timestamp: number }>
-  > {
-    this.assertInWorkspace(client, Sync(workspaceId));
-
-    const docId = new DocID(guid, workspaceId);
-    const res = await this.docManager.get(docId.workspace, docId.guid);
-
-    if (!res) {
-      throw new DocNotFound({ workspaceId, docId: docId.guid });
-    }
-
-    const missing = Buffer.from(
-      encodeStateAsUpdate(
-        res.doc,
-        stateVector ? Buffer.from(stateVector, 'base64') : undefined
-      )
-    ).toString('base64');
-    const state = Buffer.from(encodeStateVector(res.doc)).toString('base64');
-
-    return {
-      data: {
-        missing,
-        state,
-        timestamp: res.timestamp,
-      },
-    };
-  }
-
-  @SubscribeMessage('awareness-init')
-  async handleInitAwareness(
-    @MessageBody() workspaceId: string,
-    @ConnectedSocket() client: Socket
-  ): Promise<EventResponse<{ clientId: string }>> {
-    this.assertInWorkspace(client, Awareness(workspaceId));
-    client.to(Awareness(workspaceId)).emit('new-client-awareness-init');
-    return {
-      data: {
-        clientId: client.id,
-      },
-    };
-  }
-
-  @SubscribeMessage('awareness-update')
-  async handleHelpGatheringAwareness(
-    @MessageBody()
-    {
-      workspaceId,
-      awarenessUpdate,
-    }: { workspaceId: string; awarenessUpdate: string },
-    @ConnectedSocket() client: Socket
-  ): Promise<EventResponse> {
-    this.assertInWorkspace(client, Awareness(workspaceId));
-    client
-      .to(Awareness(workspaceId))
-      .emit('server-awareness-broadcast', { workspaceId, awarenessUpdate });
-    return {};
-  }
-}
--- a/packages/backend/server/src/core/sync/events/events.module.ts
+++ b/packages/backend/server/src/core/sync/events/events.module.ts
@@ -1,11 +0,0 @@
-import { Module } from '@nestjs/common';
-
-import { DocModule } from '../../doc';
-import { PermissionService } from '../../workspaces/permission';
-import { EventsGateway } from './events.gateway';
-
-@Module({
-  imports: [DocModule],
-  providers: [EventsGateway, PermissionService],
-})
-export class EventsModule {}
--- a/packages/backend/server/src/core/sync/gateway.ts
+++ b/packages/backend/server/src/core/sync/gateway.ts
@@ -0,0 +1,661 @@
+import { applyDecorators, Logger } from '@nestjs/common';
+import {
+  ConnectedSocket,
+  MessageBody,
+  OnGatewayConnection,
+  OnGatewayDisconnect,
+  SubscribeMessage as RawSubscribeMessage,
+  WebSocketGateway,
+} from '@nestjs/websockets';
+import { Socket } from 'socket.io';
+import { diffUpdate, encodeStateVectorFromUpdate } from 'yjs';
+
+import {
+  AlreadyInSpace,
+  CallTimer,
+  Config,
+  DocNotFound,
+  GatewayErrorWrapper,
+  metrics,
+  NotInSpace,
+  SpaceAccessDenied,
+  VersionRejected,
+} from '../../fundamentals';
+import { Auth, CurrentUser } from '../auth';
+import {
+  DocStorageAdapter,
+  PgUserspaceDocStorageAdapter,
+  PgWorkspaceDocStorageAdapter,
+} from '../doc';
+import { Permission, PermissionService } from '../permission';
+import { DocID } from '../utils/doc';
+
+const SubscribeMessage = (event: string) =>
+  applyDecorators(
+    GatewayErrorWrapper(event),
+    CallTimer('socketio', 'event_duration', { event }),
+    RawSubscribeMessage(event)
+  );
+
+type EventResponse<Data = any> = Data extends never
+  ? {
+      data?: never;
+    }
+  : {
+      data: Data;
+    };
+
+type RoomType = 'sync' | `${string}:awareness`;
+
+function Room(
+  spaceId: string,
+  type: RoomType = 'sync'
+): `${string}:${RoomType}` {
+  return `${spaceId}:${type}`;
+}
+
+enum SpaceType {
+  Workspace = 'workspace',
+  Userspace = 'userspace',
+}
+
+interface JoinSpaceMessage {
+  spaceType: SpaceType;
+  spaceId: string;
+  clientVersion: string;
+}
+
+interface JoinSpaceAwarenessMessage {
+  spaceType: SpaceType;
+  spaceId: string;
+  docId: string;
+  clientVersion: string;
+}
+
+interface LeaveSpaceMessage {
+  spaceType: SpaceType;
+  spaceId: string;
+}
+
+interface LeaveSpaceAwarenessMessage {
+  spaceType: SpaceType;
+  spaceId: string;
+  docId: string;
+}
+
+interface PushDocUpdatesMessage {
+  spaceType: SpaceType;
+  spaceId: string;
+  docId: string;
+  updates: string[];
+}
+
+interface LoadDocMessage {
+  spaceType: SpaceType;
+  spaceId: string;
+  docId: string;
+  stateVector?: string;
+}
+
+interface LoadDocTimestampsMessage {
+  spaceType: SpaceType;
+  spaceId: string;
+  timestamp?: number;
+}
+
+interface LoadSpaceAwarenessesMessage {
+  spaceType: SpaceType;
+  spaceId: string;
+  docId: string;
+}
+interface UpdateAwarenessMessage {
+  spaceType: SpaceType;
+  spaceId: string;
+  docId: string;
+  awarenessUpdate: string;
+}
+@WebSocketGateway()
+export class SpaceSyncGateway
+  implements OnGatewayConnection, OnGatewayDisconnect
+{
+  protected logger = new Logger(SpaceSyncGateway.name);
+
+  private connectionCount = 0;
+
+  constructor(
+    private readonly config: Config,
+    private readonly permissions: PermissionService,
+    private readonly workspace: PgWorkspaceDocStorageAdapter,
+    private readonly userspace: PgUserspaceDocStorageAdapter
+  ) {}
+
+  handleConnection() {
+    this.connectionCount++;
+    metrics.socketio.gauge('realtime_connections').record(this.connectionCount);
+  }
+
+  handleDisconnect() {
+    this.connectionCount--;
+    metrics.socketio.gauge('realtime_connections').record(this.connectionCount);
+  }
+
+  selectAdapter(client: Socket, spaceType: SpaceType): SyncSocketAdapter {
+    let adapters: Record<SpaceType, SyncSocketAdapter> = (client as any)
+      .affineSyncAdapters;
+
+    if (!adapters) {
+      const workspace = new WorkspaceSyncAdapter(
+        client,
+        this.workspace,
+        this.permissions
+      );
+      const userspace = new UserspaceSyncAdapter(client, this.userspace);
+
+      adapters = { workspace, userspace };
+      (client as any).affineSyncAdapters = adapters;
+    }
+
+    return adapters[spaceType];
+  }
+
+  async assertVersion(client: Socket, version?: string) {
+    const shouldCheckClientVersion = await this.config.runtime.fetch(
+      'flags/syncClientVersionCheck'
+    );
+    if (
+      // @todo(@darkskygit): remove this flag after 0.12 goes stable
+      shouldCheckClientVersion &&
+      version !== AFFiNE.version
+    ) {
+      client.emit('server-version-rejected', {
+        currentVersion: version,
+        requiredVersion: AFFiNE.version,
+        reason: `Client version${
+          version ? ` ${version}` : ''
+        } is outdated, please update to ${AFFiNE.version}`,
+      });
+
+      throw new VersionRejected({
+        version: version || 'unknown',
+        serverVersion: AFFiNE.version,
+      });
+    }
+  }
+
+  async joinWorkspace(
+    client: Socket,
+    room: `${string}:${'sync' | 'awareness'}`
+  ) {
+    await client.join(room);
+  }
+
+  async leaveWorkspace(
+    client: Socket,
+    room: `${string}:${'sync' | 'awareness'}`
+  ) {
+    await client.leave(room);
+  }
+
+  assertInWorkspace(client: Socket, room: `${string}:${'sync' | 'awareness'}`) {
+    if (!client.rooms.has(room)) {
+      throw new NotInSpace({ spaceId: room.split(':')[0] });
+    }
+  }
+
+  // v3
+  @Auth()
+  @SubscribeMessage('space:join')
+  async onJoinSpace(
+    @CurrentUser() user: CurrentUser,
+    @ConnectedSocket() client: Socket,
+    @MessageBody()
+    { spaceType, spaceId, clientVersion }: JoinSpaceMessage
+  ): Promise<EventResponse<{ clientId: string; success: true }>> {
+    await this.assertVersion(client, clientVersion);
+
+    await this.selectAdapter(client, spaceType).join(user.id, spaceId);
+
+    return { data: { clientId: client.id, success: true } };
+  }
+
+  @SubscribeMessage('space:leave')
+  async onLeaveSpace(
+    @ConnectedSocket() client: Socket,
+    @MessageBody() { spaceType, spaceId }: LeaveSpaceMessage
+  ): Promise<EventResponse<{ clientId: string; success: true }>> {
+    await this.selectAdapter(client, spaceType).leave(spaceId);
+
+    return { data: { clientId: client.id, success: true } };
+  }
+
+  @SubscribeMessage('space:load-doc')
+  async onLoadSpaceDoc(
+    @ConnectedSocket() client: Socket,
+    @MessageBody()
+    { spaceType, spaceId, docId, stateVector }: LoadDocMessage
+  ): Promise<
+    EventResponse<{ missing: string; state?: string; timestamp: number }>
+  > {
+    const adapter = this.selectAdapter(client, spaceType);
+    adapter.assertIn(spaceId);
+
+    const doc = await adapter.get(spaceId, docId);
+
+    if (!doc) {
+      throw new DocNotFound({ spaceId, docId });
+    }
+
+    const missing = Buffer.from(
+      stateVector
+        ? diffUpdate(doc.bin, Buffer.from(stateVector, 'base64'))
+        : doc.bin
+    ).toString('base64');
+
+    const state = Buffer.from(encodeStateVectorFromUpdate(doc.bin)).toString(
+      'base64'
+    );
+
+    return {
+      data: {
+        missing,
+        state,
+        timestamp: doc.timestamp,
+      },
+    };
+  }
+
+  @SubscribeMessage('space:push-doc-updates')
+  async onReceiveDocUpdates(
+    @ConnectedSocket() client: Socket,
+    @MessageBody()
+    message: PushDocUpdatesMessage
+  ): Promise<EventResponse<{ accepted: true; timestamp?: number }>> {
+    const { spaceType, spaceId, docId, updates } = message;
+    const adapter = this.selectAdapter(client, spaceType);
+
+    // TODO(@forehalo): we might need to check write permission before push updates
+    const timestamp = await adapter.push(
+      spaceId,
+      docId,
+      updates.map(update => Buffer.from(update, 'base64'))
+    );
+
+    // could be put in [adapter.push]
+    // but the event should be kept away from adapter
+    // so
+    client
+      .to(adapter.room(spaceId))
+      .emit('space:broadcast-doc-updates', { ...message, timestamp });
+
+    // TODO(@forehalo): remove backward compatibility
+    if (spaceType === SpaceType.Workspace) {
+      const id = new DocID(docId, spaceId);
+      client.to(adapter.room(spaceId)).emit('server-updates', {
+        workspaceId: spaceId,
+        guid: id.guid,
+        updates,
+        timestamp,
+      });
+    }
+
+    return {
+      data: {
+        accepted: true,
+        timestamp,
+      },
+    };
+  }
+
+  @SubscribeMessage('space:load-doc-timestamps')
+  async onLoadDocTimestamps(
+    @ConnectedSocket() client: Socket,
+    @MessageBody()
+    { spaceType, spaceId, timestamp }: LoadDocTimestampsMessage
+  ): Promise<EventResponse<Record<string, number>>> {
+    const adapter = this.selectAdapter(client, spaceType);
+
+    const stats = await adapter.getTimestamps(spaceId, timestamp);
+
+    return {
+      data: stats ?? {},
+    };
+  }
+
+  @Auth()
+  @SubscribeMessage('space:join-awareness')
+  async onJoinAwareness(
+    @ConnectedSocket() client: Socket,
+    @CurrentUser() user: CurrentUser,
+    @MessageBody()
+    { spaceType, spaceId, docId, clientVersion }: JoinSpaceAwarenessMessage
+  ) {
+    await this.assertVersion(client, clientVersion);
+
+    await this.selectAdapter(client, spaceType).join(
+      user.id,
+      spaceId,
+      `${docId}:awareness`
+    );
+
+    return { data: { clientId: client.id, success: true } };
+  }
+
+  @SubscribeMessage('space:leave-awareness')
+  async onLeaveAwareness(
+    @ConnectedSocket() client: Socket,
+    @MessageBody()
+    { spaceType, spaceId, docId }: LeaveSpaceAwarenessMessage
+  ) {
+    await this.selectAdapter(client, spaceType).leave(
+      spaceId,
+      `${docId}:awareness`
+    );
+
+    return { data: { clientId: client.id, success: true } };
+  }
+
+  @SubscribeMessage('space:load-awarenesses')
+  async onLoadAwareness(
+    @ConnectedSocket() client: Socket,
+    @MessageBody()
+    { spaceType, spaceId, docId }: LoadSpaceAwarenessesMessage
+  ) {
+    const adapter = this.selectAdapter(client, spaceType);
+
+    const roomType = `${docId}:awareness` as const;
+    adapter.assertIn(spaceId, roomType);
+    client
+      .to(adapter.room(spaceId, roomType))
+      .emit('space:collect-awareness', { spaceType, spaceId, docId });
+
+    // TODO(@forehalo): remove backward compatibility
+    if (spaceType === SpaceType.Workspace) {
+      client
+        .to(adapter.room(spaceId, roomType))
+        .emit('new-client-awareness-init');
+    }
+
+    return { data: { clientId: client.id } };
+  }
+
+  @SubscribeMessage('space:update-awareness')
+  async onUpdateAwareness(
+    @ConnectedSocket() client: Socket,
+    @MessageBody() message: UpdateAwarenessMessage
+  ) {
+    const { spaceType, spaceId, docId } = message;
+    const adapter = this.selectAdapter(client, spaceType);
+
+    const roomType = `${docId}:awareness` as const;
+    adapter.assertIn(spaceId, roomType);
+    client
+      .to(adapter.room(spaceId, roomType))
+      .emit('space:broadcast-awareness-update', message);
+
+    // TODO(@forehalo): remove backward compatibility
+    if (spaceType === SpaceType.Workspace) {
+      client
+        .to(adapter.room(spaceId, roomType))
+        .emit('server-awareness-broadcast', {
+          workspaceId: spaceId,
+          awarenessUpdate: message.awarenessUpdate,
+        });
+    }
+
+    return {};
+  }
+
+  // TODO(@forehalo): remove
+  // deprecated section
+  @Auth()
+  @SubscribeMessage('client-handshake-sync')
+  async handleClientHandshakeSync(
+    @CurrentUser() user: CurrentUser,
+    @MessageBody('workspaceId') workspaceId: string,
+    @MessageBody('version') version: string,
+    @ConnectedSocket() client: Socket
+  ): Promise<EventResponse<{ clientId: string }>> {
+    await this.assertVersion(client, version);
+
+    return this.onJoinSpace(user, client, {
+      spaceType: SpaceType.Workspace,
+      spaceId: workspaceId,
+      clientVersion: version,
+    });
+  }
+
+  @SubscribeMessage('client-leave-sync')
+  async handleLeaveSync(
+    @MessageBody() workspaceId: string,
+    @ConnectedSocket() client: Socket
+  ): Promise<EventResponse> {
+    return this.onLeaveSpace(client, {
+      spaceType: SpaceType.Workspace,
+      spaceId: workspaceId,
+    });
+  }
+
+  @SubscribeMessage('client-pre-sync')
+  async loadDocStats(
+    @ConnectedSocket() client: Socket,
+    @MessageBody()
+    { workspaceId, timestamp }: { workspaceId: string; timestamp?: number }
+  ): Promise<EventResponse<Record<string, number>>> {
+    return this.onLoadDocTimestamps(client, {
+      spaceType: SpaceType.Workspace,
+      spaceId: workspaceId,
+      timestamp,
+    });
+  }
+
+  @SubscribeMessage('client-update-v2')
+  async handleClientUpdateV2(
+    @MessageBody()
+    {
+      workspaceId,
+      guid,
+      updates,
+    }: {
+      workspaceId: string;
+      guid: string;
+      updates: string[];
+    },
+    @ConnectedSocket() client: Socket
+  ): Promise<EventResponse<{ accepted: true; timestamp?: number }>> {
+    return this.onReceiveDocUpdates(client, {
+      spaceType: SpaceType.Workspace,
+      spaceId: workspaceId,
+      docId: guid,
+      updates,
+    });
+  }
+
+  @SubscribeMessage('doc-load-v2')
+  async loadDocV2(
+    @ConnectedSocket() client: Socket,
+    @MessageBody()
+    {
+      workspaceId,
+      guid,
+      stateVector,
+    }: {
+      workspaceId: string;
+      guid: string;
+      stateVector?: string;
+    }
+  ): Promise<
+    EventResponse<{ missing: string; state?: string; timestamp: number }>
+  > {
+    return this.onLoadSpaceDoc(client, {
+      spaceType: SpaceType.Workspace,
+      spaceId: workspaceId,
+      docId: guid,
+      stateVector,
+    });
+  }
+
+  @Auth()
+  @SubscribeMessage('client-handshake-awareness')
+  async handleClientHandshakeAwareness(
+    @ConnectedSocket() client: Socket,
+    @CurrentUser() user: CurrentUser,
+    @MessageBody('workspaceId') workspaceId: string,
+    @MessageBody('version') version: string
+  ): Promise<EventResponse<{ clientId: string }>> {
+    return this.onJoinAwareness(client, user, {
+      spaceType: SpaceType.Workspace,
+      spaceId: workspaceId,
+      docId: workspaceId,
+      clientVersion: version,
+    });
+  }
+
+  @SubscribeMessage('client-leave-awareness')
+  async handleLeaveAwareness(
+    @MessageBody() workspaceId: string,
+    @ConnectedSocket() client: Socket
+  ): Promise<EventResponse> {
+    return this.onLeaveAwareness(client, {
+      spaceType: SpaceType.Workspace,
+      spaceId: workspaceId,
+      docId: workspaceId,
+    });
+  }
+
+  @SubscribeMessage('awareness-init')
+  async handleInitAwareness(
+    @MessageBody() workspaceId: string,
+    @ConnectedSocket() client: Socket
+  ): Promise<EventResponse<{ clientId: string }>> {
+    return this.onLoadAwareness(client, {
+      spaceType: SpaceType.Workspace,
+      spaceId: workspaceId,
+      docId: workspaceId,
+    });
+  }
+
+  @SubscribeMessage('awareness-update')
+  async handleHelpGatheringAwareness(
+    @MessageBody()
+    {
+      workspaceId,
+      awarenessUpdate,
+    }: { workspaceId: string; awarenessUpdate: string },
+    @ConnectedSocket() client: Socket
+  ): Promise<EventResponse> {
+    return this.onUpdateAwareness(client, {
+      spaceType: SpaceType.Workspace,
+      spaceId: workspaceId,
+      docId: workspaceId,
+      awarenessUpdate,
+    });
+  }
+}
+
+abstract class SyncSocketAdapter {
+  constructor(
+    private readonly spaceType: SpaceType,
+    public readonly client: Socket,
+    public readonly storage: DocStorageAdapter
+  ) {}
+
+  room(spaceId: string, roomType: RoomType = 'sync') {
+    return `${this.spaceType}:${Room(spaceId, roomType)}`;
+  }
+
+  async join(userId: string, spaceId: string, roomType: RoomType = 'sync') {
+    this.assertNotIn(spaceId, roomType);
+    await this.assertAccessible(spaceId, userId, Permission.Read);
+    return this.client.join(this.room(spaceId, roomType));
+  }
+
+  async leave(spaceId: string, roomType: RoomType = 'sync') {
+    this.assertIn(spaceId, roomType);
+    return this.client.leave(this.room(spaceId, roomType));
+  }
+
+  in(spaceId: string, roomType: RoomType = 'sync') {
+    return this.client.rooms.has(this.room(spaceId, roomType));
+  }
+
+  assertNotIn(spaceId: string, roomType: RoomType = 'sync') {
+    if (this.client.rooms.has(this.room(spaceId, roomType))) {
+      throw new AlreadyInSpace({ spaceId });
+    }
+  }
+
+  assertIn(spaceId: string, roomType: RoomType = 'sync') {
+    if (!this.client.rooms.has(this.room(spaceId, roomType))) {
+      throw new NotInSpace({ spaceId });
+    }
+  }
+
+  abstract assertAccessible(
+    spaceId: string,
+    userId: string,
+    permission?: Permission
+  ): Promise<void>;
+
+  push(spaceId: string, docId: string, updates: Buffer[]) {
+    this.assertIn(spaceId);
+    return this.storage.pushDocUpdates(spaceId, docId, updates);
+  }
+
+  get(spaceId: string, docId: string) {
+    this.assertIn(spaceId);
+    return this.storage.getDoc(spaceId, docId);
+  }
+
+  getTimestamps(spaceId: string, timestamp?: number) {
+    this.assertIn(spaceId);
+    return this.storage.getSpaceDocTimestamps(spaceId, timestamp);
+  }
+}
+
+class WorkspaceSyncAdapter extends SyncSocketAdapter {
+  constructor(
+    client: Socket,
+    storage: DocStorageAdapter,
+    private readonly permission: PermissionService
+  ) {
+    super(SpaceType.Workspace, client, storage);
+  }
+
+  override push(spaceId: string, docId: string, updates: Buffer[]) {
+    const id = new DocID(docId, spaceId);
+    return super.push(spaceId, id.guid, updates);
+  }
+
+  override get(spaceId: string, docId: string) {
+    const id = new DocID(docId, spaceId);
+    return this.storage.getDoc(spaceId, id.guid);
+  }
+
+  async assertAccessible(
+    spaceId: string,
+    userId: string,
+    permission: Permission = Permission.Read
+  ) {
+    if (
+      !(await this.permission.isWorkspaceMember(spaceId, userId, permission))
+    ) {
+      throw new SpaceAccessDenied({ spaceId });
+    }
+  }
+}
+
+class UserspaceSyncAdapter extends SyncSocketAdapter {
+  constructor(client: Socket, storage: DocStorageAdapter) {
+    super(SpaceType.Userspace, client, storage);
+  }
+
+  async assertAccessible(
+    spaceId: string,
+    userId: string,
+    _permission: Permission = Permission.Read
+  ) {
+    if (spaceId !== userId) {
+      throw new SpaceAccessDenied({ spaceId });
+    }
+  }
+}
--- a/packages/backend/server/src/core/sync/index.ts
+++ b/packages/backend/server/src/core/sync/index.ts
@@ -1,8 +1,11 @@
 import { Module } from '@nestjs/common';

-import { EventsModule } from './events/events.module';
+import { DocStorageModule } from '../doc';
+import { PermissionModule } from '../permission';
+import { SpaceSyncGateway } from './gateway';

@Module({
-  imports: [EventsModule],
+  imports: [DocStorageModule, PermissionModule],
+  providers: [SpaceSyncGateway],
 })
 export class SyncModule {}
--- a/packages/backend/server/src/core/user/resolver.ts
+++ b/packages/backend/server/src/core/user/resolver.ts
@@ -12,7 +12,12 @@ import { PrismaClient } from '@prisma/client';
 import GraphQLUpload from 'graphql-upload/GraphQLUpload.mjs';
 import { isNil, omitBy } from 'lodash-es';

-import { type FileUpload, Throttle, UserNotFound } from '../../fundamentals';
+import {
+  CannotDeleteOwnAccount,
+  type FileUpload,
+  Throttle,
+  UserNotFound,
+} from '../../fundamentals';
 import { CurrentUser } from '../auth/current-user';
 import { Public } from '../auth/guard';
 import { sessionUser } from '../auth/service';
@@ -22,6 +27,7 @@ import { validators } from '../utils/validators';
 import { UserService } from './service';
 import {
  DeleteAccount,
+  ManageUserInput,
  RemoveAvatar,
  UpdateUserInput,
  UserOrLimitedUser,
@@ -161,9 +167,6 @@ class CreateUserInput {

  @Field(() => String, { nullable: true })
  name!: string | null;
-
-  @Field(() => String, { nullable: true })
-  password!: string | null;
 }

@Admin()
@@ -174,6 +177,13 @@ export class UserManagementResolver {
    private readonly user: UserService
  ) {}

+  @Query(() => Int, {
+    description: 'Get users count',
+  })
+  async usersCount(): Promise<number> {
+    return this.db.user.count();
+  }
+
  @Query(() => [UserType], {
    description: 'List registered users',
  })
@@ -208,6 +218,26 @@ export class UserManagementResolver {
    return sessionUser(user);
  }

+  @Query(() => UserType, {
+    name: 'userByEmail',
+    description: 'Get user by email for admin',
+    nullable: true,
+  })
+  async getUserByEmail(@Args('email') email: string) {
+    const user = await this.db.user.findUnique({
+      select: { ...this.user.defaultUserSelect, password: true },
+      where: {
+        email,
+      },
+    });
+
+    if (!user) {
+      return null;
+    }
+
+    return sessionUser(user);
+  }
+
  @Mutation(() => UserType, {
    description: 'Create a new user',
  })
@@ -216,7 +246,6 @@ export class UserManagementResolver {
  ) {
    const { id } = await this.user.createUser({
      email: input.email,
-      password: input.password,
      registered: true,
    });

@@ -227,8 +256,42 @@ export class UserManagementResolver {
  @Mutation(() => DeleteAccount, {
    description: 'Delete a user account',
  })
-  async deleteUser(@Args('id') id: string): Promise<DeleteAccount> {
+  async deleteUser(
+    @CurrentUser() user: CurrentUser,
+    @Args('id') id: string
+  ): Promise<DeleteAccount> {
+    if (user.id === id) {
+      throw new CannotDeleteOwnAccount();
+    }
    await this.user.deleteUser(id);
    return { success: true };
  }
+
+  @Mutation(() => UserType, {
+    description: 'Update a user',
+  })
+  async updateUser(
+    @Args('id') id: string,
+    @Args('input') input: ManageUserInput
+  ): Promise<UserType> {
+    const user = await this.db.user.findUnique({
+      where: { id },
+    });
+
+    if (!user) {
+      throw new UserNotFound();
+    }
+
+    input = omitBy(input, isNil);
+    if (Object.keys(input).length === 0) {
+      return sessionUser(user);
+    }
+
+    return sessionUser(
+      await this.user.updateUser(user.id, {
+        email: input.email,
+        name: input.name,
+      })
+    );
+  }
 }
--- a/packages/backend/server/src/core/user/service.ts
+++ b/packages/backend/server/src/core/user/service.ts
@@ -194,9 +194,7 @@ export class UserService {

  async updateUser(
    id: string,
-    data: Omit<Prisma.UserUpdateInput, 'password'> & {
-      password?: string | null;
-    },
+    data: Omit<Partial<Prisma.UserCreateInput>, 'id'>,
    select: Prisma.UserSelect = this.defaultUserSelect
  ) {
    if (data.password) {
@@ -211,6 +209,23 @@ export class UserService {

      data.password = await this.crypto.encryptPassword(data.password);
    }
+
+    if (data.email) {
+      validators.assertValidEmail(data.email);
+      const emailTaken = await this.prisma.user.count({
+        where: {
+          email: data.email,
+          id: {
+            not: id,
+          },
+        },
+      });
+
+      if (emailTaken) {
+        throw new EmailAlreadyUsed();
+      }
+    }
+
    const user = await this.prisma.user.update({ where: { id }, data, select });

    this.emitter.emit('user.updated', user);
--- a/packages/backend/server/src/core/user/types.ts
+++ b/packages/backend/server/src/core/user/types.ts
@@ -83,6 +83,15 @@ export class UpdateUserInput implements Partial<User> {
  name?: string;
 }

+@InputType()
+export class ManageUserInput {
+  @Field({ description: 'User email', nullable: true })
+  email?: string;
+
+  @Field({ description: 'User name', nullable: true })
+  name?: string;
+}
+
 declare module '../../fundamentals/event/def' {
  interface UserEvents {
    admin: {
--- a/packages/backend/server/src/core/utils/doc.ts
+++ b/packages/backend/server/src/core/utils/doc.ts
@@ -21,7 +21,7 @@ export class DocID {
  static parse(raw: string): DocID | null {
    try {
      return new DocID(raw);
-    } catch (e) {
+    } catch {
      return null;
    }
  }
--- a/packages/backend/server/src/core/workspaces/controller.ts
+++ b/packages/backend/server/src/core/workspaces/controller.ts
@@ -12,11 +12,10 @@ import {
  InvalidHistoryTimestamp,
 } from '../../fundamentals';
 import { CurrentUser, Public } from '../auth';
-import { DocHistoryManager, DocManager } from '../doc';
+import { PgWorkspaceDocStorageAdapter } from '../doc';
+import { Permission, PermissionService, PublicPageMode } from '../permission';
 import { WorkspaceBlobStorage } from '../storage';
 import { DocID } from '../utils/doc';
-import { PermissionService, PublicPageMode } from './permission';
-import { Permission } from './types';

@Controller('/api/workspaces')
 export class WorkspacesController {
@@ -24,8 +23,7 @@ export class WorkspacesController {
  constructor(
    private readonly storage: WorkspaceBlobStorage,
    private readonly permission: PermissionService,
-    private readonly docManager: DocManager,
-    private readonly historyManager: DocHistoryManager,
+    private readonly workspace: PgWorkspaceDocStorageAdapter,
    private readonly prisma: PrismaClient
  ) {}

@@ -57,7 +55,7 @@ export class WorkspacesController {

    if (!body) {
      throw new BlobNotFound({
-        workspaceId,
+        spaceId: workspaceId,
        blobId: name,
      });
    }
@@ -97,14 +95,14 @@ export class WorkspacesController {
      throw new AccessDenied();
    }

-    const binResponse = await this.docManager.getBinary(
+    const binResponse = await this.workspace.getDoc(
      docId.workspace,
      docId.guid
    );

    if (!binResponse) {
      throw new DocNotFound({
-        workspaceId: docId.workspace,
+        spaceId: docId.workspace,
        docId: docId.guid,
      });
    }
@@ -126,7 +124,7 @@ export class WorkspacesController {
    }

    res.setHeader('content-type', 'application/octet-stream');
-    res.send(binResponse.binary);
+    res.send(binResponse.bin);
  }

  @Get('/:id/docs/:guid/histories/:timestamp')
@@ -142,7 +140,7 @@ export class WorkspacesController {
    let ts;
    try {
      ts = new Date(timestamp);
-    } catch (e) {
+    } catch {
      throw new InvalidHistoryTimestamp({ timestamp });
    }

@@ -153,19 +151,19 @@ export class WorkspacesController {
      Permission.Write
    );

-    const history = await this.historyManager.get(
+    const history = await this.workspace.getDocHistory(
      docId.workspace,
      docId.guid,
-      ts
+      ts.getTime()
    );

    if (history) {
      res.setHeader('content-type', 'application/octet-stream');
      res.setHeader('cache-control', 'private, max-age=2592000, immutable');
-      res.send(history.blob);
+      res.send(history.bin);
    } else {
      throw new DocHistoryNotFound({
-        workspaceId: docId.workspace,
+        spaceId: docId.workspace,
        docId: guid,
        timestamp: ts.getTime(),
      });
--- a/packages/backend/server/src/core/workspaces/index.ts
+++ b/packages/backend/server/src/core/workspaces/index.ts
@@ -1,13 +1,13 @@
 import { Module } from '@nestjs/common';

-import { DocModule } from '../doc';
+import { DocStorageModule } from '../doc';
 import { FeatureModule } from '../features';
+import { PermissionModule } from '../permission';
 import { QuotaModule } from '../quota';
 import { StorageModule } from '../storage';
 import { UserModule } from '../user';
 import { WorkspacesController } from './controller';
 import { WorkspaceManagementResolver } from './management';
-import { PermissionService } from './permission';
 import {
  DocHistoryResolver,
  PagePermissionResolver,
@@ -16,17 +16,22 @@ import {
 } from './resolvers';

@Module({
-  imports: [DocModule, FeatureModule, QuotaModule, StorageModule, UserModule],
+  imports: [
+    DocStorageModule,
+    FeatureModule,
+    QuotaModule,
+    StorageModule,
+    UserModule,
+    PermissionModule,
+  ],
  controllers: [WorkspacesController],
  providers: [
    WorkspaceResolver,
    WorkspaceManagementResolver,
-    PermissionService,
    PagePermissionResolver,
    DocHistoryResolver,
    WorkspaceBlobResolver,
  ],
-  exports: [PermissionService],
 })
 export class WorkspaceModule {}

--- a/packages/backend/server/src/core/workspaces/management.ts
+++ b/packages/backend/server/src/core/workspaces/management.ts
@@ -12,7 +12,7 @@ import { ActionForbidden } from '../../fundamentals';
 import { CurrentUser } from '../auth';
 import { Admin } from '../common';
 import { FeatureManagementService, FeatureType } from '../features';
-import { PermissionService } from './permission';
+import { PermissionService } from '../permission';
 import { WorkspaceType } from './types';

@Resolver(() => WorkspaceType)
@@ -61,7 +61,7 @@ export class WorkspaceManagementResolver {

    const owner = await this.permission.getWorkspaceOwner(workspaceId);
    const availableFeatures = await this.availableFeatures(user);
-    if (owner.user.id !== user.id || !availableFeatures.includes(feature)) {
+    if (owner.id !== user.id || !availableFeatures.includes(feature)) {
      throw new ActionForbidden();
    }

--- a/packages/backend/server/src/core/workspaces/resolvers/blob.ts
+++ b/packages/backend/server/src/core/workspaces/resolvers/blob.ts
@@ -19,10 +19,10 @@ import {
  PreventCache,
 } from '../../../fundamentals';
 import { CurrentUser } from '../../auth';
+import { Permission, PermissionService } from '../../permission';
 import { QuotaManagementService } from '../../quota';
 import { WorkspaceBlobStorage } from '../../storage';
-import { PermissionService } from '../permission';
-import { Permission, WorkspaceBlobSizes, WorkspaceType } from '../types';
+import { WorkspaceBlobSizes, WorkspaceType } from '../types';

@UseGuards(CloudThrottlerGuard)
@Resolver(() => WorkspaceType)
--- a/packages/backend/server/src/core/workspaces/resolvers/history.ts
+++ b/packages/backend/server/src/core/workspaces/resolvers/history.ts
@@ -12,10 +12,10 @@ import {
 import type { SnapshotHistory } from '@prisma/client';

 import { CurrentUser } from '../../auth';
-import { DocHistoryManager } from '../../doc';
+import { PgWorkspaceDocStorageAdapter } from '../../doc';
+import { Permission, PermissionService } from '../../permission';
 import { DocID } from '../../utils/doc';
-import { PermissionService } from '../permission';
-import { Permission, WorkspaceType } from '../types';
+import { WorkspaceType } from '../types';

@ObjectType()
 class DocHistoryType implements Partial<SnapshotHistory> {
@@ -32,7 +32,7 @@ class DocHistoryType implements Partial<SnapshotHistory> {
@Resolver(() => WorkspaceType)
 export class DocHistoryResolver {
  constructor(
-    private readonly historyManager: DocHistoryManager,
+    private readonly workspace: PgWorkspaceDocStorageAdapter,
    private readonly permission: PermissionService
  ) {}

@@ -47,17 +47,19 @@ export class DocHistoryResolver {
  ): Promise<DocHistoryType[]> {
    const docId = new DocID(guid, workspace.id);

-    return this.historyManager
-      .list(workspace.id, docId.guid, timestamp, take)
-      .then(rows =>
-        rows.map(({ timestamp }) => {
-          return {
-            workspaceId: workspace.id,
-            id: docId.guid,
-            timestamp,
-          };
-        })
-      );
+    const timestamps = await this.workspace.listDocHistories(
+      workspace.id,
+      docId.guid,
+      { before: timestamp.getTime(), limit: take }
+    );
+
+    return timestamps.map(timestamp => {
+      return {
+        workspaceId: workspace.id,
+        id: docId.guid,
+        timestamp: new Date(timestamp),
+      };
+    });
  }

  @Mutation(() => Date)
@@ -76,6 +78,12 @@ export class DocHistoryResolver {
      Permission.Write
    );

-    return this.historyManager.recover(docId.workspace, docId.guid, timestamp);
+    await this.workspace.rollbackDoc(
+      docId.workspace,
+      docId.guid,
+      timestamp.getTime()
+    );
+
+    return timestamp;
  }
 }
--- a/packages/backend/server/src/core/workspaces/resolvers/page.ts
+++ b/packages/backend/server/src/core/workspaces/resolvers/page.ts
@@ -17,9 +17,13 @@ import {
  PageIsNotPublic,
 } from '../../../fundamentals';
 import { CurrentUser } from '../../auth';
+import {
+  Permission,
+  PermissionService,
+  PublicPageMode,
+} from '../../permission';
 import { DocID } from '../../utils/doc';
-import { PermissionService, PublicPageMode } from '../permission';
-import { Permission, WorkspaceType } from '../types';
+import { WorkspaceType } from '../types';

 registerEnumType(PublicPageMode, {
  name: 'PublicPageMode',
--- a/packages/backend/server/src/core/workspaces/resolvers/workspace.ts
+++ b/packages/backend/server/src/core/workspaces/resolvers/workspace.ts
@@ -15,28 +15,26 @@ import { applyUpdate, Doc } from 'yjs';

 import type { FileUpload } from '../../../fundamentals';
 import {
-  CantChangeWorkspaceOwner,
+  CantChangeSpaceOwner,
  EventEmitter,
  InternalServerError,
  MailService,
  MemberQuotaExceeded,
-  MutexService,
+  RequestMutex,
+  SpaceAccessDenied,
+  SpaceNotFound,
  Throttle,
  TooManyRequest,
  UserNotFound,
-  WorkspaceAccessDenied,
-  WorkspaceNotFound,
-  WorkspaceOwnerNotFound,
 } from '../../../fundamentals';
 import { CurrentUser, Public } from '../../auth';
+import { Permission, PermissionService } from '../../permission';
 import { QuotaManagementService, QuotaQueryType } from '../../quota';
 import { WorkspaceBlobStorage } from '../../storage';
 import { UserService, UserType } from '../../user';
-import { PermissionService } from '../permission';
 import {
  InvitationType,
  InviteUserType,
-  Permission,
  UpdateWorkspaceInput,
  WorkspaceType,
 } from '../types';
@@ -59,7 +57,7 @@ export class WorkspaceResolver {
    private readonly users: UserService,
    private readonly event: EventEmitter,
    private readonly blobStorage: WorkspaceBlobStorage,
-    private readonly mutex: MutexService
+    private readonly mutex: RequestMutex
  ) {}

  @ResolveField(() => Permission, {
@@ -78,7 +76,7 @@ export class WorkspaceResolver {
    const permission = await this.permissions.get(workspace.id, user.id);

    if (!permission) {
-      throw new WorkspaceAccessDenied({ workspaceId: workspace.id });
+      throw new SpaceAccessDenied({ spaceId: workspace.id });
    }

    return permission;
@@ -96,14 +94,27 @@ export class WorkspaceResolver {
    });
  }

+  @ResolveField(() => Boolean, {
+    description: 'is current workspace initialized',
+    complexity: 2,
+  })
+  async initialized(@Parent() workspace: WorkspaceType) {
+    return this.prisma.snapshot
+      .count({
+        where: {
+          id: workspace.id,
+          workspaceId: workspace.id,
+        },
+      })
+      .then(count => count > 0);
+  }
+
  @ResolveField(() => UserType, {
    description: 'Owner of workspace',
    complexity: 2,
  })
  async owner(@Parent() workspace: WorkspaceType) {
-    const data = await this.permissions.getWorkspaceOwner(workspace.id);
-
-    return data.user;
+    return this.permissions.getWorkspaceOwner(workspace.id);
  }

  @ResolveField(() => [InviteUserType], {
@@ -197,7 +208,7 @@ export class WorkspaceResolver {
    const workspace = await this.prisma.workspace.findUnique({ where: { id } });

    if (!workspace) {
-      throw new WorkspaceNotFound({ workspaceId: id });
+      throw new SpaceNotFound({ spaceId: id });
    }

    return workspace;
@@ -308,7 +319,7 @@ export class WorkspaceResolver {
    );

    if (permission === Permission.Owner) {
-      throw new CantChangeWorkspaceOwner();
+      throw new CantChangeSpaceOwner();
    }

    try {
@@ -449,7 +460,7 @@ export class WorkspaceResolver {
        avatar: avatar || defaultWorkspaceAvatar,
        id: workspaceId,
      },
-      user: owner.user,
+      user: owner,
      invitee: invitee.user,
    };
  }
@@ -507,12 +518,8 @@ export class WorkspaceResolver {

    const owner = await this.permissions.getWorkspaceOwner(workspaceId);

-    if (!owner.user) {
-      throw new WorkspaceOwnerNotFound({ workspaceId: workspaceId });
-    }
-
    if (sendLeaveMail) {
-      await this.mailer.sendLeaveWorkspaceEmail(owner.user.email, {
+      await this.mailer.sendLeaveWorkspaceEmail(owner.email, {
        workspaceName,
        inviteeName: user.name,
      });
--- a/packages/backend/server/src/core/workspaces/types.ts
+++ b/packages/backend/server/src/core/workspaces/types.ts
@@ -11,15 +11,9 @@ import {
 import type { Workspace } from '@prisma/client';
 import { SafeIntResolver } from 'graphql-scalars';

+import { Permission } from '../permission';
 import { UserType } from '../user/types';

-export enum Permission {
-  Read = 0,
-  Write = 1,
-  Admin = 10,
-  Owner = 99,
-}
-
 registerEnumType(Permission, {
  name: 'Permission',
  description: 'User permission in workspace',
--- a/packages/backend/server/src/fundamentals/config/def.ts
+++ b/packages/backend/server/src/fundamentals/config/def.ts
@@ -17,6 +17,7 @@ export interface PreDefinedAFFiNEConfig {
  ENV_MAP: Record<string, ConfigPaths | [ConfigPaths, EnvConfigType?]>;
  serverId: string;
  serverName: string;
+  readonly projectRoot: string;
  readonly AFFINE_ENV: AFFINE_ENV;
  readonly NODE_ENV: NODE_ENV;
  readonly version: string;
--- a/packages/backend/server/src/fundamentals/config/default.ts
+++ b/packages/backend/server/src/fundamentals/config/default.ts
@@ -1,3 +1,6 @@
+import { resolve } from 'node:path';
+import { fileURLToPath } from 'node:url';
+
 import pkg from '../../../package.json' assert { type: 'json' };
 import {
  AFFINE_ENV,
@@ -62,6 +65,7 @@ function getPredefinedAFFiNEConfig(): PreDefinedAFFiNEConfig {
    affine,
    node,
    deploy: !node.dev && !node.test,
+    projectRoot: resolve(fileURLToPath(import.meta.url), '../../../../'),
  };
 }

--- a/packages/backend/server/src/fundamentals/error/def.ts
+++ b/packages/backend/server/src/fundamentals/error/def.ts
@@ -198,6 +198,10 @@ export const USER_FRIENDLY_ERRORS = {
    type: 'too_many_requests',
    message: 'Too many requests.',
  },
+  not_found: {
+    type: 'resource_not_found',
+    message: 'Resource not found.',
+  },

  // User Errors
  user_not_found: {
@@ -279,6 +283,10 @@ export const USER_FRIENDLY_ERRORS = {
    type: 'invalid_input',
    message: 'An invalid email token provided.',
  },
+  link_expired: {
+    type: 'bad_request',
+    message: 'The link has expired.',
+  },

  // Authentication & Permission Errors
  authentication_required: {
@@ -298,45 +306,49 @@ export const USER_FRIENDLY_ERRORS = {
    message: 'You must verify your email before accessing this resource.',
  },

-  // Workspace & Doc & Sync errors
-  workspace_not_found: {
+  // Workspace & Userspace & Doc & Sync errors
+  space_not_found: {
    type: 'resource_not_found',
-    args: { workspaceId: 'string' },
-    message: ({ workspaceId }) => `Workspace ${workspaceId} not found.`,
+    args: { spaceId: 'string' },
+    message: ({ spaceId }) => `Space ${spaceId} not found.`,
  },
-  not_in_workspace: {
+  not_in_space: {
    type: 'action_forbidden',
-    args: { workspaceId: 'string' },
-    message: ({ workspaceId }) =>
-      `You should join in workspace ${workspaceId} before broadcasting messages.`,
+    args: { spaceId: 'string' },
+    message: ({ spaceId }) =>
+      `You should join in Space ${spaceId} before broadcasting messages.`,
  },
-  workspace_access_denied: {
+  already_in_space: {
+    type: 'action_forbidden',
+    args: { spaceId: 'string' },
+    message: ({ spaceId }) => `You have already joined in Space ${spaceId}.`,
+  },
+  space_access_denied: {
    type: 'no_permission',
-    args: { workspaceId: 'string' },
-    message: ({ workspaceId }) =>
-      `You do not have permission to access workspace ${workspaceId}.`,
+    args: { spaceId: 'string' },
+    message: ({ spaceId }) =>
+      `You do not have permission to access Space ${spaceId}.`,
  },
-  workspace_owner_not_found: {
+  space_owner_not_found: {
    type: 'internal_server_error',
-    args: { workspaceId: 'string' },
-    message: ({ workspaceId }) =>
-      `Owner of workspace ${workspaceId} not found.`,
+    args: { spaceId: 'string' },
+    message: ({ spaceId }) => `Owner of Space ${spaceId} not found.`,
  },
-  cant_change_workspace_owner: {
+  cant_change_space_owner: {
    type: 'action_forbidden',
-    message: 'You are not allowed to change the owner of a workspace.',
+    message: 'You are not allowed to change the owner of a Space.',
  },
  doc_not_found: {
    type: 'resource_not_found',
-    args: { workspaceId: 'string', docId: 'string' },
-    message: ({ workspaceId, docId }) =>
-      `Doc ${docId} under workspace ${workspaceId} not found.`,
+    args: { spaceId: 'string', docId: 'string' },
+    message: ({ spaceId, docId }) =>
+      `Doc ${docId} under Space ${spaceId} not found.`,
  },
  doc_access_denied: {
    type: 'no_permission',
-    args: { workspaceId: 'string', docId: 'string' },
-    message: ({ workspaceId, docId }) =>
-      `You do not have permission to access doc ${docId} under workspace ${workspaceId}.`,
+    args: { spaceId: 'string', docId: 'string' },
+    message: ({ spaceId, docId }) =>
+      `You do not have permission to access doc ${docId} under Space ${spaceId}.`,
  },
  version_rejected: {
    type: 'action_forbidden',
@@ -351,28 +363,36 @@ export const USER_FRIENDLY_ERRORS = {
  },
  doc_history_not_found: {
    type: 'resource_not_found',
-    args: { workspaceId: 'string', docId: 'string', timestamp: 'number' },
-    message: ({ workspaceId, docId, timestamp }) =>
-      `History of ${docId} at ${timestamp} under workspace ${workspaceId}.`,
+    args: { spaceId: 'string', docId: 'string', timestamp: 'number' },
+    message: ({ spaceId, docId, timestamp }) =>
+      `History of ${docId} at ${timestamp} under Space ${spaceId}.`,
  },
  blob_not_found: {
    type: 'resource_not_found',
-    args: { workspaceId: 'string', blobId: 'string' },
-    message: ({ workspaceId, blobId }) =>
-      `Blob ${blobId} not found in workspace ${workspaceId}.`,
+    args: { spaceId: 'string', blobId: 'string' },
+    message: ({ spaceId, blobId }) =>
+      `Blob ${blobId} not found in Space ${spaceId}.`,
  },
  expect_to_publish_page: {
    type: 'invalid_input',
-    message: 'Expected to publish a page, not a workspace.',
+    message: 'Expected to publish a page, not a Space.',
  },
  expect_to_revoke_public_page: {
    type: 'invalid_input',
-    message: 'Expected to revoke a public page, not a workspace.',
+    message: 'Expected to revoke a public page, not a Space.',
  },
  page_is_not_public: {
    type: 'bad_request',
    message: 'Page is not public.',
  },
+  failed_to_save_updates: {
+    type: 'internal_server_error',
+    message: 'Failed to store doc updates.',
+  },
+  failed_to_upsert_snapshot: {
+    type: 'internal_server_error',
+    message: 'Failed to store doc snapshot.',
+  },

  // Subscription Errors
  failed_to_checkout: {
@@ -498,4 +518,12 @@ export const USER_FRIENDLY_ERRORS = {
    type: 'internal_server_error',
    message: 'Mailer service is not configured.',
  },
+  cannot_delete_all_admin_account: {
+    type: 'action_forbidden',
+    message: 'Cannot delete all admin accounts.',
+  },
+  cannot_delete_own_account: {
+    type: 'action_forbidden',
+    message: 'Cannot delete own account.',
+  },
 } satisfies Record<string, UserFriendlyErrorOptions>;
--- a/packages/backend/server/src/fundamentals/error/errors.gen.ts
+++ b/packages/backend/server/src/fundamentals/error/errors.gen.ts
@@ -16,6 +16,12 @@ export class TooManyRequest extends UserFriendlyError {
  }
 }

+export class NotFound extends UserFriendlyError {
+  constructor(message?: string) {
+    super('resource_not_found', 'not_found', message);
+  }
+}
+
 export class UserNotFound extends UserFriendlyError {
  constructor(message?: string) {
    super('resource_not_found', 'user_not_found', message);
@@ -137,6 +143,12 @@ export class InvalidEmailToken extends UserFriendlyError {
  }
 }

+export class LinkExpired extends UserFriendlyError {
+  constructor(message?: string) {
+    super('bad_request', 'link_expired', message);
+  }
+}
+
 export class AuthenticationRequired extends UserFriendlyError {
  constructor(message?: string) {
    super('authentication_required', 'authentication_required', message);
@@ -161,54 +173,64 @@ export class EmailVerificationRequired extends UserFriendlyError {
  }
 }
@ObjectType()
-class WorkspaceNotFoundDataType {
-  @Field() workspaceId!: string
+class SpaceNotFoundDataType {
+  @Field() spaceId!: string
 }

-export class WorkspaceNotFound extends UserFriendlyError {
-  constructor(args: WorkspaceNotFoundDataType, message?: string | ((args: WorkspaceNotFoundDataType) => string)) {
-    super('resource_not_found', 'workspace_not_found', message, args);
+export class SpaceNotFound extends UserFriendlyError {
+  constructor(args: SpaceNotFoundDataType, message?: string | ((args: SpaceNotFoundDataType) => string)) {
+    super('resource_not_found', 'space_not_found', message, args);
  }
 }
@ObjectType()
-class NotInWorkspaceDataType {
-  @Field() workspaceId!: string
+class NotInSpaceDataType {
+  @Field() spaceId!: string
 }

-export class NotInWorkspace extends UserFriendlyError {
-  constructor(args: NotInWorkspaceDataType, message?: string | ((args: NotInWorkspaceDataType) => string)) {
-    super('action_forbidden', 'not_in_workspace', message, args);
+export class NotInSpace extends UserFriendlyError {
+  constructor(args: NotInSpaceDataType, message?: string | ((args: NotInSpaceDataType) => string)) {
+    super('action_forbidden', 'not_in_space', message, args);
  }
 }
@ObjectType()
-class WorkspaceAccessDeniedDataType {
-  @Field() workspaceId!: string
+class AlreadyInSpaceDataType {
+  @Field() spaceId!: string
 }

-export class WorkspaceAccessDenied extends UserFriendlyError {
-  constructor(args: WorkspaceAccessDeniedDataType, message?: string | ((args: WorkspaceAccessDeniedDataType) => string)) {
-    super('no_permission', 'workspace_access_denied', message, args);
+export class AlreadyInSpace extends UserFriendlyError {
+  constructor(args: AlreadyInSpaceDataType, message?: string | ((args: AlreadyInSpaceDataType) => string)) {
+    super('action_forbidden', 'already_in_space', message, args);
  }
 }
@ObjectType()
-class WorkspaceOwnerNotFoundDataType {
-  @Field() workspaceId!: string
+class SpaceAccessDeniedDataType {
+  @Field() spaceId!: string
 }

-export class WorkspaceOwnerNotFound extends UserFriendlyError {
-  constructor(args: WorkspaceOwnerNotFoundDataType, message?: string | ((args: WorkspaceOwnerNotFoundDataType) => string)) {
-    super('internal_server_error', 'workspace_owner_not_found', message, args);
+export class SpaceAccessDenied extends UserFriendlyError {
+  constructor(args: SpaceAccessDeniedDataType, message?: string | ((args: SpaceAccessDeniedDataType) => string)) {
+    super('no_permission', 'space_access_denied', message, args);
+  }
+}
+@ObjectType()
+class SpaceOwnerNotFoundDataType {
+  @Field() spaceId!: string
+}
+
+export class SpaceOwnerNotFound extends UserFriendlyError {
+  constructor(args: SpaceOwnerNotFoundDataType, message?: string | ((args: SpaceOwnerNotFoundDataType) => string)) {
+    super('internal_server_error', 'space_owner_not_found', message, args);
  }
 }

-export class CantChangeWorkspaceOwner extends UserFriendlyError {
+export class CantChangeSpaceOwner extends UserFriendlyError {
  constructor(message?: string) {
-    super('action_forbidden', 'cant_change_workspace_owner', message);
+    super('action_forbidden', 'cant_change_space_owner', message);
  }
 }
@ObjectType()
 class DocNotFoundDataType {
-  @Field() workspaceId!: string
+  @Field() spaceId!: string
  @Field() docId!: string
 }

@@ -219,7 +241,7 @@ export class DocNotFound extends UserFriendlyError {
 }
@ObjectType()
 class DocAccessDeniedDataType {
-  @Field() workspaceId!: string
+  @Field() spaceId!: string
  @Field() docId!: string
 }

@@ -251,7 +273,7 @@ export class InvalidHistoryTimestamp extends UserFriendlyError {
 }
@ObjectType()
 class DocHistoryNotFoundDataType {
-  @Field() workspaceId!: string
+  @Field() spaceId!: string
  @Field() docId!: string
  @Field() timestamp!: number
 }
@@ -263,7 +285,7 @@ export class DocHistoryNotFound extends UserFriendlyError {
 }
@ObjectType()
 class BlobNotFoundDataType {
-  @Field() workspaceId!: string
+  @Field() spaceId!: string
  @Field() blobId!: string
 }

@@ -291,6 +313,18 @@ export class PageIsNotPublic extends UserFriendlyError {
  }
 }

+export class FailedToSaveUpdates extends UserFriendlyError {
+  constructor(message?: string) {
+    super('internal_server_error', 'failed_to_save_updates', message);
+  }
+}
+
+export class FailedToUpsertSnapshot extends UserFriendlyError {
+  constructor(message?: string) {
+    super('internal_server_error', 'failed_to_upsert_snapshot', message);
+  }
+}
+
 export class FailedToCheckout extends UserFriendlyError {
  constructor(message?: string) {
    super('internal_server_error', 'failed_to_checkout', message);
@@ -487,9 +521,22 @@ export class MailerServiceIsNotConfigured extends UserFriendlyError {
    super('internal_server_error', 'mailer_service_is_not_configured', message);
  }
 }
+
+export class CannotDeleteAllAdminAccount extends UserFriendlyError {
+  constructor(message?: string) {
+    super('action_forbidden', 'cannot_delete_all_admin_account', message);
+  }
+}
+
+export class CannotDeleteOwnAccount extends UserFriendlyError {
+  constructor(message?: string) {
+    super('action_forbidden', 'cannot_delete_own_account', message);
+  }
+}
 export enum ErrorNames {
  INTERNAL_SERVER_ERROR,
  TOO_MANY_REQUEST,
+  NOT_FOUND,
  USER_NOT_FOUND,
  USER_AVATAR_NOT_FOUND,
  EMAIL_ALREADY_USED,
@@ -508,15 +555,17 @@ export enum ErrorNames {
  SIGN_UP_FORBIDDEN,
  EMAIL_TOKEN_NOT_FOUND,
  INVALID_EMAIL_TOKEN,
+  LINK_EXPIRED,
  AUTHENTICATION_REQUIRED,
  ACTION_FORBIDDEN,
  ACCESS_DENIED,
  EMAIL_VERIFICATION_REQUIRED,
-  WORKSPACE_NOT_FOUND,
-  NOT_IN_WORKSPACE,
-  WORKSPACE_ACCESS_DENIED,
-  WORKSPACE_OWNER_NOT_FOUND,
-  CANT_CHANGE_WORKSPACE_OWNER,
+  SPACE_NOT_FOUND,
+  NOT_IN_SPACE,
+  ALREADY_IN_SPACE,
+  SPACE_ACCESS_DENIED,
+  SPACE_OWNER_NOT_FOUND,
+  CANT_CHANGE_SPACE_OWNER,
  DOC_NOT_FOUND,
  DOC_ACCESS_DENIED,
  VERSION_REJECTED,
@@ -526,6 +575,8 @@ export enum ErrorNames {
  EXPECT_TO_PUBLISH_PAGE,
  EXPECT_TO_REVOKE_PUBLIC_PAGE,
  PAGE_IS_NOT_PUBLIC,
+  FAILED_TO_SAVE_UPDATES,
+  FAILED_TO_UPSERT_SNAPSHOT,
  FAILED_TO_CHECKOUT,
  SUBSCRIPTION_ALREADY_EXISTS,
  SUBSCRIPTION_NOT_EXISTS,
@@ -551,7 +602,9 @@ export enum ErrorNames {
  COPILOT_QUOTA_EXCEEDED,
  RUNTIME_CONFIG_NOT_FOUND,
  INVALID_RUNTIME_CONFIG_TYPE,
-  MAILER_SERVICE_IS_NOT_CONFIGURED
+  MAILER_SERVICE_IS_NOT_CONFIGURED,
+  CANNOT_DELETE_ALL_ADMIN_ACCOUNT,
+  CANNOT_DELETE_OWN_ACCOUNT
 }
 registerEnumType(ErrorNames, {
  name: 'ErrorNames'
@@ -560,5 +613,5 @@ registerEnumType(ErrorNames, {
 export const ErrorDataUnionType = createUnionType({
  name: 'ErrorDataUnion',
  types: () =>
-    [UnknownOauthProviderDataType, MissingOauthQueryParameterDataType, InvalidPasswordLengthDataType, WorkspaceNotFoundDataType, NotInWorkspaceDataType, WorkspaceAccessDeniedDataType, WorkspaceOwnerNotFoundDataType, DocNotFoundDataType, DocAccessDeniedDataType, VersionRejectedDataType, InvalidHistoryTimestampDataType, DocHistoryNotFoundDataType, BlobNotFoundDataType, SubscriptionAlreadyExistsDataType, SubscriptionNotExistsDataType, SameSubscriptionRecurringDataType, SubscriptionPlanNotFoundDataType, CopilotMessageNotFoundDataType, CopilotPromptNotFoundDataType, CopilotProviderSideErrorDataType, RuntimeConfigNotFoundDataType, InvalidRuntimeConfigTypeDataType] as const,
+    [UnknownOauthProviderDataType, MissingOauthQueryParameterDataType, InvalidPasswordLengthDataType, SpaceNotFoundDataType, NotInSpaceDataType, AlreadyInSpaceDataType, SpaceAccessDeniedDataType, SpaceOwnerNotFoundDataType, DocNotFoundDataType, DocAccessDeniedDataType, VersionRejectedDataType, InvalidHistoryTimestampDataType, DocHistoryNotFoundDataType, BlobNotFoundDataType, SubscriptionAlreadyExistsDataType, SubscriptionNotExistsDataType, SameSubscriptionRecurringDataType, SubscriptionPlanNotFoundDataType, CopilotMessageNotFoundDataType, CopilotPromptNotFoundDataType, CopilotProviderSideErrorDataType, RuntimeConfigNotFoundDataType, InvalidRuntimeConfigTypeDataType] as const,
 });
--- a/packages/backend/server/src/fundamentals/error/index.ts
+++ b/packages/backend/server/src/fundamentals/error/index.ts
@@ -40,5 +40,3 @@ export class ErrorModule implements OnModuleInit {

 export { UserFriendlyError } from './def';
 export * from './errors.gen';
-export * from './payment-required';
-export * from './too-many-requests';
--- a/packages/backend/server/src/fundamentals/error/payment-required.ts
+++ b/packages/backend/server/src/fundamentals/error/payment-required.ts
@@ -1,10 +0,0 @@
-import { HttpException, HttpStatus } from '@nestjs/common';
-
-export class PaymentRequiredException extends HttpException {
-  constructor(desc?: string, code: string = 'Payment Required') {
-    super(
-      HttpException.createBody(desc ?? code, code, HttpStatus.PAYMENT_REQUIRED),
-      HttpStatus.PAYMENT_REQUIRED
-    );
-  }
-}
--- a/packages/backend/server/src/fundamentals/error/too-many-requests.ts
+++ b/packages/backend/server/src/fundamentals/error/too-many-requests.ts
@@ -1,14 +0,0 @@
-import { HttpException, HttpStatus } from '@nestjs/common';
-
-export class TooManyRequestsException extends HttpException {
-  constructor(desc?: string, code: string = 'Too Many Requests') {
-    super(
-      HttpException.createBody(
-        desc ?? code,
-        code,
-        HttpStatus.TOO_MANY_REQUESTS
-      ),
-      HttpStatus.TOO_MANY_REQUESTS
-    );
-  }
-}
--- a/packages/backend/server/src/fundamentals/helpers/url.ts
+++ b/packages/backend/server/src/fundamentals/helpers/url.ts
@@ -89,7 +89,7 @@ export class URLHelper {
      if (!['http:', 'https:'].includes(url.protocol)) return false;
      if (!url.hostname) return false;
      return true;
-    } catch (_) {
+    } catch {
      return false;
    }
  }
--- a/packages/backend/server/src/fundamentals/index.ts
+++ b/packages/backend/server/src/fundamentals/index.ts
@@ -19,7 +19,7 @@ export type { GraphqlContext } from './graphql';
 export { CryptoHelper, URLHelper } from './helpers';
 export { MailService } from './mailer';
 export { CallCounter, CallTimer, metrics } from './metrics';
-export { type ILocker, Lock, Locker, MutexService } from './mutex';
+export { type ILocker, Lock, Locker, Mutex, RequestMutex } from './mutex';
 export {
  GatewayErrorWrapper,
  getOptionalModuleMetadata,
--- a/packages/backend/server/src/fundamentals/mailer/template.ts
+++ b/packages/backend/server/src/fundamentals/mailer/template.ts
@@ -148,7 +148,7 @@ export const emailTemplate = ({
                  </a>
                </td>
                <td style="padding: 0 10px">
-                  <a href="https://discord.gg/Arn7TqJBvG" target="_blank"
+                  <a href="https://discord.gg/whd5mjYqVw" target="_blank"
                    ><img
                      src="https://cdn.affine.pro/mail/2023-8-9/Discord.png"
                      alt="AFFiNE discord link"
--- a/packages/backend/server/src/fundamentals/mutex/index.ts
+++ b/packages/backend/server/src/fundamentals/mutex/index.ts
@@ -1,14 +1,14 @@
 import { Global, Module } from '@nestjs/common';

 import { Locker } from './local-lock';
-import { MutexService } from './mutex';
+import { Mutex, RequestMutex } from './mutex';

@Global()
@Module({
-  providers: [MutexService, Locker],
-  exports: [MutexService],
+  providers: [Mutex, RequestMutex, Locker],
+  exports: [Mutex, RequestMutex],
 })
 export class MutexModule {}

-export { Locker, MutexService };
+export { Locker, Mutex, RequestMutex };
 export { type Locker as ILocker, Lock } from './lock';
--- a/packages/backend/server/src/fundamentals/mutex/mutex.ts
+++ b/packages/backend/server/src/fundamentals/mutex/mutex.ts
@@ -11,36 +11,11 @@ import { Locker } from './local-lock';
 export const MUTEX_RETRY = 5;
 export const MUTEX_WAIT = 100;

-@Injectable({ scope: Scope.REQUEST })
-export class MutexService {
-  protected logger = new Logger(MutexService.name);
-  private readonly locker: Locker;
+@Injectable()
+export class Mutex {
+  protected logger = new Logger(Mutex.name);

-  constructor(
-    @Inject(REQUEST) private readonly request: Request | GraphqlContext,
-    private readonly ref: ModuleRef
-  ) {
-    // nestjs will always find and injecting the locker from local module
-    // so the RedisLocker implemented by the plugin mechanism will not be able to overwrite the internal locker
-    // we need to use find and get the locker from the `ModuleRef` manually
-    //
-    // NOTE: when a `constructor` execute in normal service, the Locker module we expect may not have been initialized
-    //       but in the Service with `Scope.REQUEST`, we will create a separate Service instance for each request
-    //       at this time, all modules have been initialized, so we able to get the correct Locker instance in `constructor`
-    this.locker = this.ref.get(Locker, { strict: false });
-  }
-
-  protected getId() {
-    const req = 'req' in this.request ? this.request.req : this.request;
-    let id = req.headers['x-transaction-id'] as string;
-
-    if (!id) {
-      id = randomUUID();
-      req.headers['x-transaction-id'] = id;
-    }
-
-    return id;
-  }
+  constructor(protected readonly locker: Locker) {}

  /**
   * lock an resource and return a lock guard, which will release the lock when disposed
@@ -63,10 +38,10 @@ export class MutexService {
   * @param key resource key
   * @returns LockGuard
   */
-  async lock(key: string) {
+  async lock(key: string, owner: string = 'global') {
    try {
      return await retryable(
-        () => this.locker.lock(this.getId(), key),
+        () => this.locker.lock(owner, key),
        MUTEX_RETRY,
        MUTEX_WAIT
      );
@@ -79,3 +54,36 @@ export class MutexService {
    }
  }
 }
+
+@Injectable({ scope: Scope.REQUEST })
+export class RequestMutex extends Mutex {
+  constructor(
+    @Inject(REQUEST) private readonly request: Request | GraphqlContext,
+    ref: ModuleRef
+  ) {
+    // nestjs will always find and injecting the locker from local module
+    // so the RedisLocker implemented by the plugin mechanism will not be able to overwrite the internal locker
+    // we need to use find and get the locker from the `ModuleRef` manually
+    //
+    // NOTE: when a `constructor` execute in normal service, the Locker module we expect may not have been initialized
+    //       but in the Service with `Scope.REQUEST`, we will create a separate Service instance for each request
+    //       at this time, all modules have been initialized, so we able to get the correct Locker instance in `constructor`
+    super(ref.get(Locker));
+  }
+
+  protected getId() {
+    const req = 'req' in this.request ? this.request.req : this.request;
+    let id = req.headers['x-transaction-id'] as string;
+
+    if (!id) {
+      id = randomUUID();
+      req.headers['x-transaction-id'] = id;
+    }
+
+    return id;
+  }
+
+  override lock(key: string) {
+    return super.lock(key, this.getId());
+  }
+}
--- a/packages/backend/server/src/fundamentals/nestjs/exception.ts
+++ b/packages/backend/server/src/fundamentals/nestjs/exception.ts
@@ -1,4 +1,9 @@
-import { ArgumentsHost, Catch, Logger } from '@nestjs/common';
+import {
+  ArgumentsHost,
+  Catch,
+  Logger,
+  NotFoundException,
+} from '@nestjs/common';
 import { BaseExceptionFilter } from '@nestjs/core';
 import { GqlContextType } from '@nestjs/graphql';
 import { ThrottlerException } from '@nestjs/throttler';
@@ -9,6 +14,7 @@ import { Socket } from 'socket.io';

 import {
  InternalServerError,
+  NotFound,
  TooManyRequest,
  UserFriendlyError,
 } from '../error';
@@ -19,6 +25,8 @@ export function mapAnyError(error: any): UserFriendlyError {
    return error;
  } else if (error instanceof ThrottlerException) {
    return new TooManyRequest();
+  } else if (error instanceof NotFoundException) {
+    return new NotFound();
  } else {
    const e = new InternalServerError();
    e.cause = error;
--- a/packages/backend/server/src/fundamentals/storage/providers/fs.ts
+++ b/packages/backend/server/src/fundamentals/storage/providers/fs.ts
@@ -123,7 +123,7 @@ export class FsStorageProvider implements StorageProvider {
            });
          }
        }
-      } catch (e) {
+      } catch {
        // failed to read dir, stop recursion
      }
    }
--- a/packages/backend/server/src/fundamentals/storage/providers/utils.ts
+++ b/packages/backend/server/src/fundamentals/storage/providers/utils.ts
@@ -42,7 +42,7 @@ export async function autoMetadata(
    }

    return metadata;
-  } catch (e) {
+  } catch {
    return metadata;
  }
 }
--- a/packages/backend/server/src/fundamentals/throttler/index.ts
+++ b/packages/backend/server/src/fundamentals/throttler/index.ts
@@ -8,8 +8,8 @@ import {
  ThrottlerGuard,
  ThrottlerModule,
  type ThrottlerModuleOptions,
-  ThrottlerOptions,
  ThrottlerOptionsFactory,
+  ThrottlerRequest,
  ThrottlerStorageService,
 } from '@nestjs/throttler';
 import type { Request } from 'express';
@@ -74,12 +74,15 @@ export class CloudThrottlerGuard extends ThrottlerGuard {
    return `${tracker};${throttler}`;
  }

-  override async handleRequest(
-    context: ExecutionContext,
-    limit: number,
-    ttl: number,
-    throttlerOptions: ThrottlerOptions
-  ) {
+  override async handleRequest(request: ThrottlerRequest) {
+    const {
+      context,
+      throttler: throttlerOptions,
+      ttl,
+      blockDuration,
+    } = request;
+    let limit = request.limit;
+
    // give it 'default' if no throttler is specified,
    // so the unauthenticated users visits will always hit default throttler
    // authenticated users will directly bypass unprotected APIs in [CloudThrottlerGuard.canActivate]
@@ -118,13 +121,11 @@ export class CloudThrottlerGuard extends ThrottlerGuard {
      tracker,
      throttlerOptions.name ?? 'default'
    );
-    const { timeToExpire, totalHits } = await this.storageService.increment(
-      key,
-      ttl
-    );
+    const { timeToExpire, totalHits, isBlocked, timeToBlockExpire } =
+      await this.storageService.increment(key, ttl, limit, blockDuration, key);

-    if (totalHits > limit) {
-      res.header('Retry-After', timeToExpire.toString());
+    if (isBlocked) {
+      res.header('Retry-After', timeToBlockExpire.toString());
      await this.throwThrottlingException(context, {
        limit,
        ttl,
@@ -132,6 +133,8 @@ export class CloudThrottlerGuard extends ThrottlerGuard {
        tracker,
        totalHits,
        timeToExpire,
+        isBlocked,
+        timeToBlockExpire,
      });
    }

--- a/packages/backend/server/src/plugins/copilot/controller.ts
+++ b/packages/backend/server/src/plugins/copilot/controller.ts
@@ -472,7 +472,7 @@ export class CopilotController {

    if (!body) {
      throw new BlobNotFound({
-        workspaceId,
+        spaceId: workspaceId,
        blobId: key,
      });
    }
--- a/packages/backend/server/src/plugins/copilot/index.ts
+++ b/packages/backend/server/src/plugins/copilot/index.ts
@@ -2,8 +2,8 @@ import './config';

 import { ServerFeature } from '../../core/config';
 import { FeatureModule } from '../../core/features';
+import { PermissionModule } from '../../core/permission';
 import { QuotaModule } from '../../core/quota';
-import { PermissionService } from '../../core/workspaces/permission';
 import { Plugin } from '../registry';
 import { CopilotController } from './controller';
 import { ChatMessageCache } from './message';
@@ -29,9 +29,8 @@ registerCopilotProvider(OpenAIProvider);

@Plugin({
  name: 'copilot',
-  imports: [FeatureModule, QuotaModule],
+  imports: [FeatureModule, QuotaModule, PermissionModule],
  providers: [
-    PermissionService,
    ChatSessionService,
    CopilotResolver,
    ChatMessageCache,
--- a/packages/backend/server/src/plugins/copilot/prompt/chat-prompt.ts
+++ b/packages/backend/server/src/plugins/copilot/prompt/chat-prompt.ts
@@ -33,7 +33,10 @@ export class ChatPrompt {
  private readonly templateParams: PromptParams = {};

  static createFromPrompt(
-    options: Omit<AiPrompt, 'id' | 'createdAt' | 'config'> & {
+    options: Omit<
+      AiPrompt,
+      'id' | 'createdAt' | 'updatedAt' | 'modified' | 'config'
+    > & {
      messages: PromptMessage[];
      config: PromptConfig | undefined;
    }
--- a/packages/backend/server/src/plugins/copilot/prompt/prompts.ts
+++ b/packages/backend/server/src/plugins/copilot/prompt/prompts.ts
@@ -1,8 +1,12 @@
+import { Logger } from '@nestjs/common';
 import { AiPrompt, PrismaClient } from '@prisma/client';

 import { PromptConfig, PromptMessage } from '../types';

-type Prompt = Omit<AiPrompt, 'id' | 'createdAt' | 'action' | 'config'> & {
+type Prompt = Omit<
+  AiPrompt,
+  'id' | 'createdAt' | 'updatedAt' | 'modified' | 'action' | 'config'
+> & {
  action?: string;
  messages: PromptMessage[];
  config?: PromptConfig;
@@ -830,7 +834,7 @@ const chat: Prompt[] = [
    ],
  },
  {
-    name: 'chat:gpt4',
+    name: 'Chat With AFFiNE AI',
    model: 'gpt-4o',
    messages: [
      {
@@ -845,7 +849,20 @@ const chat: Prompt[] = [
 export const prompts: Prompt[] = [...actions, ...chat, ...workflows];

 export async function refreshPrompts(db: PrismaClient) {
+  const needToSkip = await db.aiPrompt
+    .findMany({
+      where: { modified: true },
+      select: { name: true },
+    })
+    .then(p => p.map(p => p.name));
+
  for (const prompt of prompts) {
+    // skip prompt update if already modified by admin panel
+    if (needToSkip.includes(prompt.name)) {
+      new Logger('CopilotPrompt').warn(`Skip modified prompt: ${prompt.name}`);
+      return;
+    }
+
    await db.aiPrompt.upsert({
      create: {
        name: prompt.name,
@@ -865,6 +882,7 @@ export async function refreshPrompts(db: PrismaClient) {
      update: {
        action: prompt.action,
        model: prompt.model,
+        updatedAt: new Date(),
        messages: {
          deleteMany: {},
          create: prompt.messages.map((message, idx) => ({
--- a/packages/backend/server/src/plugins/copilot/prompt/service.ts
+++ b/packages/backend/server/src/plugins/copilot/prompt/service.ts
@@ -38,16 +38,11 @@ export class PromptService implements OnModuleInit {
        model: true,
        config: true,
        messages: {
-          select: {
-            role: true,
-            content: true,
-            params: true,
-          },
-          orderBy: {
-            idx: 'asc',
-          },
+          select: { role: true, content: true, params: true },
+          orderBy: { idx: 'asc' },
        },
      },
+      orderBy: { action: { sort: 'asc', nulls: 'first' } },
    });
  }

@@ -121,11 +116,18 @@ export class PromptService implements OnModuleInit {
      .then(ret => ret.id);
  }

-  async update(name: string, messages: PromptMessage[], config?: PromptConfig) {
+  async update(
+    name: string,
+    messages: PromptMessage[],
+    modifyByApi: boolean = false,
+    config?: PromptConfig
+  ) {
    const { id } = await this.db.aiPrompt.update({
      where: { name },
      data: {
        config: config || undefined,
+        updatedAt: new Date(),
+        modified: modifyByApi,
        messages: {
          // cleanup old messages
          deleteMany: {},
--- a/packages/backend/server/src/plugins/copilot/resolver.ts
+++ b/packages/backend/server/src/plugins/copilot/resolver.ts
@@ -4,6 +4,7 @@ import { BadRequestException, NotFoundException } from '@nestjs/common';
 import {
  Args,
  Field,
+  Float,
  ID,
  InputType,
  Mutation,
@@ -20,12 +21,12 @@ import GraphQLUpload from 'graphql-upload/GraphQLUpload.mjs';

 import { CurrentUser } from '../../core/auth';
 import { Admin } from '../../core/common';
+import { PermissionService } from '../../core/permission';
 import { UserType } from '../../core/user';
-import { PermissionService } from '../../core/workspaces/permission';
 import {
  CopilotFailedToCreateMessage,
  FileUpload,
-  MutexService,
+  RequestMutex,
  Throttle,
  TooManyRequest,
 } from '../../fundamentals';
@@ -205,16 +206,16 @@ class CopilotPromptConfigType {
  @Field(() => Boolean, { nullable: true })
  jsonMode!: boolean | null;

-  @Field(() => Number, { nullable: true })
+  @Field(() => Float, { nullable: true })
  frequencyPenalty!: number | null;

-  @Field(() => Number, { nullable: true })
+  @Field(() => Float, { nullable: true })
  presencePenalty!: number | null;

-  @Field(() => Number, { nullable: true })
+  @Field(() => Float, { nullable: true })
  temperature!: number | null;

-  @Field(() => Number, { nullable: true })
+  @Field(() => Float, { nullable: true })
  topP!: number | null;
 }

@@ -238,8 +239,8 @@ class CopilotPromptType {
  @Field(() => String)
  name!: string;

-  @Field(() => AvailableModels)
-  model!: AvailableModels;
+  @Field(() => String)
+  model!: string;

  @Field(() => String, { nullable: true })
  action!: string | null;
@@ -264,7 +265,7 @@ export class CopilotType {
 export class CopilotResolver {
  constructor(
    private readonly permissions: PermissionService,
-    private readonly mutex: MutexService,
+    private readonly mutex: RequestMutex,
    private readonly chatSession: ChatSessionService,
    private readonly storage: CopilotStorage
  ) {}
@@ -516,7 +517,16 @@ export class PromptsManagementResolver {
    description: 'List all copilot prompts',
  })
  async listCopilotPrompts() {
-    return this.promptService.list();
+    const prompts = await this.promptService.list();
+    return prompts.filter(
+      p =>
+        p.messages.length > 0 &&
+        // ignore internal prompts
+        !p.name.startsWith('workflow:') &&
+        !p.name.startsWith('debug:') &&
+        !p.name.startsWith('chat:') &&
+        !p.name.startsWith('action:')
+    );
  }

  @Mutation(() => CopilotPromptType, {
@@ -543,7 +553,7 @@ export class PromptsManagementResolver {
    @Args('messages', { type: () => [CopilotPromptMessageType] })
    messages: CopilotPromptMessageType[]
  ) {
-    await this.promptService.update(name, messages);
+    await this.promptService.update(name, messages, true);
    return this.promptService.get(name);
  }
 }
--- a/packages/backend/server/src/plugins/copilot/workflow/executor/check-html.ts
+++ b/packages/backend/server/src/plugins/copilot/workflow/executor/check-html.ts
@@ -43,7 +43,7 @@ export class CopilotCheckHtmlExecutor extends AutoRegisteredWorkflowExecutor {
        }
      }
      return false;
-    } catch (e) {
+    } catch {
      return false;
    }
  }
--- a/packages/backend/server/src/plugins/copilot/workflow/executor/check-json.ts
+++ b/packages/backend/server/src/plugins/copilot/workflow/executor/check-json.ts
@@ -34,7 +34,7 @@ export class CopilotCheckJsonExecutor extends AutoRegisteredWorkflowExecutor {
        return true;
      }
      return false;
-    } catch (e) {
+    } catch {
      return false;
    }
  }
--- a/packages/backend/server/src/plugins/oauth/index.ts
+++ b/packages/backend/server/src/plugins/oauth/index.ts
@@ -21,6 +21,6 @@ import { OAuthService } from './service';
  ],
  controllers: [OAuthController],
  contributesTo: ServerFeature.OAuth,
-  if: config => !!config.plugins.oauth,
+  if: config => config.flavor.graphql && !!config.plugins.oauth,
 })
 export class OAuthModule {}
--- a/Show More
+++ b/Show More
@@ -1 +1 @@
 .15.1
 .17.0